From 92efe4214d405d18749f5434931f15199ea5049c Mon Sep 17 00:00:00 2001 From: Clint Baxley Date: Thu, 8 Aug 2024 09:43:02 -0400 Subject: [PATCH 01/19] #390 Install v2 pipeline (#392) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit merge all lme 2.0 changes into release-2.0.0 ## ๐Ÿ—ฃ Description ## Add dashboard-descriptions.md in /docs/markdown/reference. Add a link to this file within the main README.md's table of contents. ### ๐Ÿ’ญ Motivation and context The LME repository does not have a location for dashboard descriptions. ## ๐Ÿงช Testing N/A ## โœ… Pre-approval checklist ## - [x] Changes are limited to a single goal **AND** the title reflects this in a clear human readable format - [x] I have read and agree to LME's [CONTRIBUTING.md](https://github.com/cisagov/LME/CONTRIBUTING.md) document. - [x] The PR adheres to LME's requirements in [RELEASES.md](https://github.com/cisagov/LME/RELEASES.md#steps-to-submit-a-PR) - [x] These code changes follow [cisagov code standards](https://github.com/cisagov/development-guide). - [x] All relevant repo and/or project documentation has been updated to reflect the changes in this PR. ## โœ… Post-merge Checklist - [x] Squash all commits into one PR level commit - [x] Delete the branch to keep down number of branches * Update README.md to include dashboard-descriptions.md * Update wording for computer software overview dashboard * Fix some grammatical changes in dashboard-descriptions.md * Release 1.3.1 merge into main (#154) * Update retention function to fix retention policy bug (#143) * Updated troubleshooting guide to account for index management (#134) * Update upgrading.md to account for 1.3.1 (#151) * Update upgrading.md * Update upgrading.md --------- Co-authored-by: Andrew Arz <149685528+aarz-snl@users.noreply.github.com> * Fixes dashboard update not importing on fresh install (#167) (#169) * Fixes dashboard update not importing on fresh install #165 * Update upgrading.md to include status on v1.3.2, along with revisions to the document overall * remove step 4 from upgrading.md; add additional instructions for v1.3.2 --------- Co-authored-by: Clint Baxley Co-authored-by: Clint Baxley * Add proof of concept selenium tests * Correct the script name in the doc string * User Security Selenium Tests for No Results Panels * First full selenium test. Currently just User Security * WIP User HR * Completed all dashboards. Requires testing now * Cut dev comments Co-authored-by: Alden Hilton <106177711+adhilto@users.noreply.github.com> * Debugging a couple unit tests that error out. Two left * Install LME in the testbed from a single script (#150) * Adding the configure scripts * Add scripts to zip and copy to a container for downloading in the server * Grab the expiry time properly in copy file * Overwrite the blob if it exists * Add the script to download file into DC * Script that unzips the files in a container * Adds username argument to download files * Add script to run scripts in container * Adds username argument to gpo script * Modifies the url name in the client GPO * Adds the functionality for chapter 1 and first half of chapter 2 * Imports the sysmon GPO * Update the variables for sysmon gpo * Name the scripts so they are grouped together in a listing * Echos the file download url * Expands the domain name correctly in create ou * Write the url output of copy file to container to a different output stream * Create a new LME folder for our scripts and files * Set path for extract to lme * Update paths for scripts to /lme * Fix the wec server name setting * Adds the scripts to install chapter 1 and 2 * Allows azure to download in linux and windows * Adds linux install scripts. * Adds winlogbeat installer * emove garbage in update server name * Tweak several scripts to get the scp of files_for_windows * Adds installer script to run all the scripts * Fixes the formatting method for az output * Clean up the scripts and add documentation * Fixes outputting format errors * Fixes hanging on adding ls1 to domain * Fix formatting errors on responses * Update linux expect script for different prompts. * Handle the reboot message for linux expect script * Echos the file download url * Create a new LME folder for our scripts and files * Set path for extract to lme * Update paths for scripts to /lme * Update paths for scripts to /lme * Fix the wec server name setting * Adds the scripts to install chapter 1 and 2 * Allows azure to download in linux and windows * Adds linux install scripts. * Adds winlogbeat installer * emove garbage in update server name * Tweak several scripts to get the scp of files_for_windows * Adds installer script to run all of the scripts * Fixes the formatting method for az output * Clean up the scripts and add documentation * Fixes outputting format errors * Fixes hanging on adding ls1 to domain * Fix formatting errors on responses * Update linux expect script for different prompts. * Handle the reboot message for linux expect script * Adds InstallTestbed instructions to Readme.md * Modifies parameters to be pascal case * ls1 not being set on DC1 * Adds Linux Only install to SetupTestbed * Remove separate linux only script * Update testing/Readme.md Co-authored-by: Alden Hilton <106177711+adhilto@users.noreply.github.com> * Make number of clients consisten between scripts * Add ports for elk stack for testing * Update readmes to change ResourceGroupName to ResourceGroup * Adds a switch to install linux only * Adds simple tests to check install * Removes the error if the old configure zip is not found. * Adds variables to linux tests run command * Move credential extraction to lib for use by other scripts. * Adds npm for other testing * Adds latest version of nodejs for testing * Make output.log readable for tests * Add the -m parameter in the testing readme * Download the latest version or a specified version * Reboot for 1.3.0 * Notes that we could have different expect scripts * Put back in the restart after all of the domain updates * Scp uses ls1 instead of ls1.lme.local * Up the timeout of the adding ls1.lme.local * Up the timeout of the adding ls1.lme.local * Fixes chmod of the output.log for tests * Adds venv to the gitignore * Adds the ability to pass a branch to the installer * Remove node installer * Change timeout in expect script for slow connections * Make shell files executable --------- Co-authored-by: Clint Baxley Co-authored-by: Alden Hilton <106177711+adhilto@users.noreply.github.com> * Fix deploy.sh data retention failure error (#190) * Fix deploysh data retention failure (#179) * Update deploy.sh * Update deploy.sh * Update deploy.sh * Update deploy.sh * Remove free (#188) * changed the word free to no-cost or no-cost to users * rephrased wording to 'which comes at no cost to users' --------- Co-authored-by: Linda Lovero-Waterhouse * Update upgrading.md with data retention failure resolution (#189) --------- Co-authored-by: Andrew Arz <149685528+aarz-snl@users.noreply.github.com> Co-authored-by: Linda Waterhouse <82845774+llwaterhouse@users.noreply.github.com> Co-authored-by: Linda Lovero-Waterhouse * Automatically Add Tags to Azure Resources (#186) * Add tags to all Azure resource creations calls --------- Co-authored-by: Clint Baxley * Switched script to headless mode * added switch for headless, detached, and debug mode. Bug where driver.quit does not close window. * Refactored long line and added switch for debug mode * Removed unnecessary comments * Update pull_request_template.md (#198) * Update pull_request_template.md Moved Squash commits from post-merge to pre-merge. * overriding default PR template for preferred LME template * overriding default PR template for preferred LME template * updating issue template to shorten the template --------- Co-authored-by: mreeve-snl * Python testbed setup (#183) * Add simple tests for http requests * Add an env file to gitignore * Remove unneeded pip install * Hide pytest_cache * Add pycache to gitignore * Adds dev containers for vscode * Adds testing information for vscode * Uses .env file for tests if present * Adds env example file * Modify development container name * Adds readme for the testing environment * Add simple tests for http requests * Add an env file to gitignore * Remove unneeded pip install * Adds dev containers for vscode * Adds testing information for vscode * Uses .env file for tests if present * Adds env example file * Modify development container name * Adds readme for the testing environment * Create helpers and conftest for python tests * Setup for using test explorer in the dev environment * Adding azure shell requirements to docker image * Adding Python API tests * Merges additional tests * Made changes to fix tests that were failing * Separate linux only tests from others * Create a workflow for building test environments * Make the docker user be the same as the vbox user id * Set up to run the installer in docker * Pick up different fs types in data_retention * Change the build path for building lme container * Install lme after build * Make lme installer executable * Set up the build for tests * Add the cluster workflow for github actions --------- Co-authored-by: Clint Baxley Co-authored-by: Rishi * Update PULL_REQUEST_TEMPLATE.md (#206) Added instruction to select Issue in Development area so that the corresponding Issue is automatically closed when the PR is merged. * Made changes to facilitate HTML Reports on test execution (#211) * Made changes to requirements.txt, ReadMe and gitignore to facilitate HTML reporting * Fixed Typos on Readme * Fixed Typos on Readme * removed tags flag from nsg because it was preventing some rules from being created (#214) Co-authored-by: Linda Lovero-Waterhouse * Update PULL_REQUEST_TEMPLATE.md (#217) Using keywords like "fixes" or "closes" only auto-closes the corresponding issue if the PR is going to be merged into main. For PR's merged into release branches, we need to add the issue to the development box in the right sidebar in order to auto-close the issue. Added some documentation to clarify this. * Create new workflow for automating the release process (#199) * Github workflows for building environments (#195) * Run the correct installer file * Run the installer from the root directory * Try a self hosted github runner * Reduce logging for docker pull. * Adds quiet flag to docker pull command * Pull the images before expect to reduce run time * Install docker early in order to speed up install * Builds the right docker-compose file * Increase timeout for linux install expect script * Change timeout on expect script * Change the way expect watches the script * Expand the timeout when waiting for Elasticsearch * Search for more output in the expect script * Change the match for the dots in expect * Change the regex for matching dots * Change the output for catching dots * Add chrome to Dockerfile for selenium * Import selenium tests and run python tests * Activate venv when running tests * Correct path for venv in the container * Correct path for venv in the container * Running only linux tests * Adjust scripts to run as a non super user * Change the permissions on the output log to source for environment variables later * Check for output log * Make output log available to test instantiation * Change pytest cache dir to home for user * Change pytest cache dir to home for user * Change pytest cache dir permissions * Hide get-docker.sh from installs * Cleanup test files in workflow * Add the cluster workflow for github actions * Adds a cluster build * Run the test cluster in pwsh * Fail pipeline when commands fail * Catch the error from powershell * Remove duplicate run command * Set env vars explicitly * Modify the escape char for env vars * Try a different method of catching errors in pwsh script * Check failure of pwsh script * Test successful run of build_cluster * Test failure of script * Capture the output from the az commands * Continue on error condition * Simplify run command * Try catching failures in a new way. * Test failure capture * Setting error action to continue * Remove ErrorAction * Use docker-compose run instead * Capture exit code to fail step * Try propigating errors from pwsh * Capture external command exit code * Send lastexitcode * Don't exit right away * Disable immediate stop on exit * Run simple test for exit code * Cd to docker compose file * Catch exec exit code * Remove unneded flags from the command * Adds back in the build script * Adds an explicit exit for powershell script * Remove spaces after escape character * Escape the exitcode variable in the shell command * Remove extra exit from build_cluster.ps1 * Add a passing command for build_cluster.ps1 * Move to the install directory * Run setup testbed to get an error * Try to build a cluster with the build_cluster.ps1 script. * Check resource group variable * Set the resource group name differently * Build a cluster using the generated resource group * Make the paths relative in the build_cluster script * Move to the right directory to do an install * Destroy cluster on pipeline finish * Change the owner of the files to match the host in the development container * Su user to remove testing files * Run the docker-compose as root to clean up * Run as root to clean up containers * Build the cluster in azure * List the files in the current directory on exec * Run the files from the new path * Investigate more about the file environment * Update the envornment for building the cluster * Update the environment users before docker up * Try to start hung job * List all the files with their owners in the container * Escape the powershell commands * Check the paths and files with bash * Find the path we are on * Check powershell environment * Cd to home directory in powershell * Cd to home directory in powershell * Rebuild docker compose as the right user * Change directory to source directory for powershell * Change to proper directory for powershell * Build a full cluster in pipeline * Run the linux tests and check permissions of files * Change permissions on output file with sudo * Turn off cluster creation for speed * Comment out building cluster in steps * Only delete the resource group if it exists * Adds ability to get the public ip for fw rules * Put the tags in quotes when creating nsg rules * Output the command being run for nsg rules * Remove tags for nsg port definitions * Install lme on the cluster * Builds the full cluster install * Cleans up the useage of the environment variables in pipeline * Extract environment variables from the build script and use them in the GitHub workflow. * Do a minimal linux install * Fix the path for retrieving env vars * Check setting of github env * Source the env file and push it to github env * Print some debug information to the console * Check setting of each key in functions * Parse the output for the passwords better * Uses a unique id instead of run_id to make sure it is unique * Double quote the file name for sed in output.log * Changes the way we get passwords from output.log * Make sure key doesn't have newline * Escape dollar sign * Properly escape double quotes inside of docker-compose command * Escape all of the dollar signs in the compose command * Write the environment variables to the githut environment * Clean up debugging output * Remove more debugging output * Remove set e * Adds function to write passwords to a file for actions * List files in directory after writing passwords * Export the env vars in the github file * Fail the workflow if the environment is not set correctly * Clean up the environment vars for the container * Set the variables on run of the pwsh command * Run commands on the domain controller * Get the envrionment checker to pass * Update passing variables to remote script * Escape the powershell environment variables * Change the case of the resource group env var * Don't destroy cluster so we can manually test * Build the entire cluster to run commands against * Run a command on the linux machine * Run remote tests * Run minimal installs to debug tests * Fix escaping for test commands * Move to the correct directory for tests * Add continuation characters to the lines in the script * Remove nested double quotes * Uses the ip of LS1 to run the tests on * Put the cluster build command on one line * Destroy clusters at the end * Quote output log correctly on build * Run all api tests on cluster * Build full cluster and add verbose logging to pytest * Stop deleting the cluster in the destroy_cluster.ps1 script * Modify installer to use the new winlogbeat index pattern * Try to get the dns to resolve ls1 * Add ls1 to the hosts file so it resolves always * Modify tests to pass on a working cluster * Skip the fragile test for mapping * Set up to run selenium tests on the cluster * Testing * Rerun build after rebasing to the right branch * Pass the minimal install flag to install lme * Build complete cluster and run all tests * Pull the images quietly if running without a terminal. * Run the simple tests on PR checkin and the longer ones when triggered * Build the linux docker container upon check in of a pr * Build lme container fresh before install * Runs an end to end build in docker and cluster * Print out the download feedback when pulling images * Build 1.4.0 branch * Build the cluster using the main branch of the repository * Allow passing branch to installers from the pipeline * Run tests from a different base branch * Remove the ampersand typo * Allow passing arguments to the installer scripts * Rearrange install arguments * Test passing arguments in install lme * Build lme without arguments * Install lme with no arguments * Run command as string in install_lme.ps1 * Build by passing arguments * Run a complete build using arguments * Update the sources to allow for updating in the pipeline * Build the cluster using the latest branch * Set up the latest branch var * Runs an upgrade in the pipeline * Run the upgrade in the remote linux machine * Run upgrade on minimal install * Checks out the current branch to run an upgrade on linux * Capture the exit code of the upgrade script * Check the directories we are working in * Clone the git repository to run the upgrade * Checkout the proper branch from origin * Get the remote username and home dir for the remote server * Set the home directory for the az user * Use origin when checking out in the upgrade script * Revert the changes to deploy.sh * Set a dumb terminal to avoid terminal errors * Export the terminal variable correctly * Capture the output of the upgrade script to fail pipeline if it fails * Revert previous changes as they seemed to break upgrade * Use a different format for executing the pwsh script * Destroy the cluster when done * Output the upgrade information to the terminal * Try capturing the docker-compose output * Directly capture the output of the compose command * Fixes unbalanced quote * Build and run full cluster with an upgrade * Builds the current brand for the cluster * Add a unique id for the docker-compose so you can run multiple instances of the same docker-compose file * Adds upgrade.yml to gh workflows * Runs both a build and an upgrade * Adds upgrade to the gh workflows * Get gh to notice new workflow * Match build names to parent branch * Trigger gh to see the workflow * Get gh actions to trigger workflow * Update code to get gh to see the actions * Update code to use the new workflow module. * Trigger gh actions to run * Get gh to run workflows * Try to get gh to run workflows * Change upgrade branch pulling * Checking out branch for upgrade in a new way * Rename workflow for upgrade * Convert to docker compose * Run all three builds using docker compose and -p * Clean up docker containers * Build the docker containers fresh for the linux_only workflow * Adds readme and checks an upgrade where the upgrade version is the same as the current version * Fixes typo in the workflow file * Runs docker as sudo * Remove the privileged flag from the lme container * Try leaving the swarm on the host if running in non privileged environment * Leave the swarm on the host * Reset to run docker as privileged * Installs the current branch in linux only * Stop pruning system to see if elastc starts faster * Don't take down the docker containers to see why they aren't working * Removes the gh actions shell escape vulnerability * Remove the docker containers at end of run * changing .github/README.md name to prevent it apperaing on main web page (#260) * Append the flags to the end of the password file (#263) * Append the flags to the end of the password file * Prints the contents of password.txt to the console * Extract the credentials in a new way to compensate for the flags being in the file * Tests a build that runs locally on github * Keep container running for debugging purposes * Fix the credentials parsing function * Create a workflow for a burndown chart (#302) * Display the chart in the burndown summary * Get workflow dispatch to show * Adds defaults for the burndown chart workflow * Clean up debugging information from the workflow (#310) * Clean up debugging information from the workflow * Increase column count to match the number of columns in the board. * Break up selenium tests (#281) * Adding selenium directory and readme * Separate out the selenium tests so they can be run separately * Run selenium tests in pipeline * Puts the variables for env one to a line * Issue # 289 selenium test for Computer Software Overview dashboard (#290) * Updated Selenium tests for Computer Overview Dashboard * Updated Selenium tests for Computer Overview Dashboard * Updated Selenium test scripts for Health Check Dashboard (#292) * Set up selenium tests to run on cluster test * Point tests to the proper test folder * Update Selenium tests for Process Explorer Dashboard (#295) * Rewrite completed for Selenium test scripts for Security Dashboard - Security Log (#300) * Rewrote Selenium Tests for Sysmon Summary Dashboard (#301) * Rewrite Selenium Tests for User HR Dashboard * Rewrite of Selenium Tests for User Security Dashboard (#304) --------- Co-authored-by: rishagg01 <149525835+rishagg01@users.noreply.github.com> Co-authored-by: Rishi * API calls code for Data Insertion (#343) * modified: testing/tests/api_tests/helpers.py new file: testing/tests/api_tests/selenium_tests/__init__.py new file: testing/tests/api_tests/selenium_tests/conftest.py new file: testing/tests/api_tests/selenium_tests/fixtures/hosts.json new file: testing/tests/api_tests/selenium_tests/fixtures/logonevents.json new file: testing/tests/api_tests/selenium_tests/queries/filter_hosts.json new file: testing/tests/api_tests/selenium_tests/queries/filter_logonevents.json new file: testing/tests/api_tests/selenium_tests/test_server.py * commit renamed: testing/tests/api_tests/selenium_tests/__init__.py -> testing/tests/api_tests/data_insertion_tests/__init__.py commit renamed: testing/tests/api_tests/selenium_tests/conftest.py -> testing/tests/api_tests/data_insertion_tests/conftest.py commit renamed: testing/tests/api_tests/selenium_tests/fixtures/hosts.json -> testing/tests/api_tests/data_insertion_tests/fixtures/hosts.json commit renamed: testing/tests/api_tests/selenium_tests/fixtures/logonevents.json -> testing/tests/api_tests/data_insertion_tests/fixtures/logonevents.json commit renamed: testing/tests/api_tests/selenium_tests/queries/filter_hosts.json -> testing/tests/api_tests/data_insertion_tests/queries/filter_hosts.json commit renamed: testing/tests/api_tests/selenium_tests/queries/filter_logonevents.json -> testing/tests/api_tests/data_insertion_tests/queries/filter_logonevents.json commit renamed: testing/tests/api_tests/selenium_tests/test_server.py -> testing/tests/api_tests/data_insertion_tests/test_server.py commit modified: testing/tests/api_tests/helpers.py * Updated selenium tests for USER HR dashboard panels post data insertion (#358) * adding ignore for vim files * moving old readme to old_chapters directory * moving chapters to old_chapters folder * Committing Readme changes and updates and removing old backups directory * Adding Configuration files for lme 2.0 * Adding Ansible Playbook Yaml for installing lme 2.0 * Committing Quadlet files for LME 2.0 arch * Adding Scripts: - download.sh/upload.sh: upload/download logs in mass from elasticsearch (will be integrated into future merging from 1 -> 2) - link_latest_podman_quadlet.sh: links from the nix store the latest podman version into its expected directories - set-fleet.sh: sets up the required fleet settings on kibana - set_sysctl_limits.sh: sets the sysctl_limits as required by the architecture and containers - install_lme_local.yml: sets up the ansible playbook for lme 2.0 installation. * move lme playbook to scripts directory * pushing some more documentation to Readme * initial diagram * pushing updates to Readme to document ports/services/etc... * Updated User HR Dashboard Selenium Test for User HR Logon Title panel (#385) * Updated selenium tests for USER HR dashboard panels post data insertion * Updated User HR Dashboard Selenium Test for User HR Logon Title panel * Merge in the pipeline files * Adds in the tesing installers * Updates the paths to the LME install scripts * Make the user create the environment file before doing install * Make the lme-environment file so the install succeeds * Adding pre-reqs to main testing/v2 readme * Add some extra to the readme. * Associate the nsg with the public ip * Associate the nic instead of ip to the nsg * Change default ports for nsg * Update Caddyfile to include access log * Adds back in some files from Chapter 3 --------- Co-authored-by: mitchelbaker-cisa <149098823+mitchelbaker-cisa@users.noreply.github.com> Co-authored-by: Andrew Arz <149685528+aarz-snl@users.noreply.github.com> Co-authored-by: Clint Baxley Co-authored-by: Alden Hilton Co-authored-by: unknown Co-authored-by: Grant (SNL) <108766839+rgbrow1949@users.noreply.github.com> Co-authored-by: Alden Hilton <106177711+adhilto@users.noreply.github.com> Co-authored-by: Linda Waterhouse <82845774+llwaterhouse@users.noreply.github.com> Co-authored-by: Linda Lovero-Waterhouse Co-authored-by: Brown Co-authored-by: mreeve-snl Co-authored-by: Rishi Co-authored-by: rishagg01 <149525835+rishagg01@users.noreply.github.com> Co-authored-by: Connor <107427279+causand22@users.noreply.github.com> --- .../python_development/devcontainer.json | 19 + .devcontainer/python_tests/devcontainer.json | 18 + .github/ISSUE_TEMPLATE/bug-or-error-report.md | 19 +- ...t_template.md => PULL_REQUEST_TEMPLATE.md} | 6 +- .github/README-github.md | 1 + .github/changelog-configuration.json | 22 + .github/workflows/build_release.yaml | 49 + .github/workflows/burndown_chart.yml | 100 + .github/workflows/cluster.yml | 278 + .github/workflows/linux_only.yml | 123 + .github/workflows/main.yml | 27 +- .github/workflows/upgrade.yml | 300 + .gitignore | 19 +- .../Group Policy Objects/manifest.xml | 0 .../Backup.xml | 0 .../Machine/Preferences/Services/Services.xml | 0 .../DomainSysvol/GPO/Machine/comment.cmtx | 0 .../microsoft/windows nt/SecEdit/GptTmpl.inf | Bin .../DomainSysvol/GPO/Machine/registry.pol | Bin .../bkupInfo.xml | 0 .../gpreport.xml | Bin .../Backup.xml | 0 .../GPO/Machine/Preferences/Groups/Groups.xml | 0 .../Machine/Preferences/Services/Services.xml | 0 .../DomainSysvol/GPO/Machine/comment.cmtx | 0 .../microsoft/windows nt/SecEdit/GptTmpl.inf | Bin .../DomainSysvol/GPO/Machine/registry.pol | Bin .../bkupInfo.xml | 0 .../gpreport.xml | Bin .../Chapter 1 Files}/lme_gpo_for_windows.zip | Bin .../Chapter 1 Files}/lme_wec_config.xml | 0 .../Group Policy Objects/manifest.xml | 0 .../Backup.xml | 0 .../DomainSysvol/GPO/GPO.cmt | Bin .../ScheduledTasks/ScheduledTasks.xml | 0 .../bkupInfo.xml | 0 .../gpreport.xml | Bin .../GPO Deployment/sysmon_gpo.zip | Bin .../Group Policy Objects/manifest.xml | 0 .../Backup.xml | 0 .../DomainSysvol/GPO/GPO.cmt | Bin .../ScheduledTasks/ScheduledTasks.xml | 0 .../bkupInfo.xml | 0 .../gpreport.xml | Bin .../GPO Deployment/update.bat | 0 .../SCCM Deployment/Install_Sysmon64.ps1 | 0 .../SCCM Deployment/Uninstall_Sysmon64.ps1 | 0 .../Chapter 3 Files}/.gitignore | 0 .../Chapter 3 Files}/dashboard_update.sh | 2 +- .../Chapter 3 Files}/deploy.sh | 63 +- .../Chapter 3 Files}/docker-compose-stack.yml | 0 .../Chapter 3 Files}/lme_update.sh | 0 .../Chapter 3 Files}/logstash.conf | 0 .../winlog-index-mapping.json | 0 .../Chapter 3 Files}/winlogbeat.yml | 0 .../Healthcheckoverview_dashboard.ndjson | 0 .../Chapter 4 Files}/dashboards/Readme.md | 0 .../dashboards/alerting_dashboard.ndjson | 0 .../computer_software_overview.ndjson | 0 .../dashboards/process_explorer.ndjson | 0 .../security_dashboard_security_log.ndjson | 0 .../dashboards/sysmon_summary.ndjson | 0 .../dashboards/user_hr.ndjson | 0 .../dashboards/user_security.ndjson | 0 .../Chapter 4 Files}/export_dashboards.py | 0 .../Chapter 4 Files}/requirements.txt | 0 OLD_CHAPTERS/README.md | 76 + README.md | 390 +- config/caddy/Caddyfile | 22 + config/containers.txt | 5 + config/example.env | 95 + config/kibana.yml | 17 + config/setup/acct-init.sh | 17 + config/setup/init-setup.sh | 29 + config/setup/instances.yml | 51 + config/wazuh_cluster/wazuh_manager.conf | 385 + docs/markdown/chapter3/chapter3.md | 2 +- docs/markdown/maintenance/upgrading.md | 57 +- docs/markdown/prerequisites.md | 2 +- .../reference/dashboard-descriptions.md | 40 + docs/markdown/reference/troubleshooting.md | 59 + quadlet/lme-caddy.container | 22 + quadlet/lme-elasticsearch.container | 28 + quadlet/lme-fleet-server.container | 25 + quadlet/lme-kibana.container | 29 + quadlet/lme-setup-accts.container | 24 + quadlet/lme-setup-certs.container | 24 + quadlet/lme-wazuh-manager.container | 47 + quadlet/lme.network | 7 + quadlet/lme.service | 16 + scripts/download.sh | 36 + scripts/gen_cert.sh | 29 + scripts/install_lme_local.yml | 216 + scripts/link_latest_podman_quadlet.sh | 29 + scripts/set-fleet.sh | 22 + scripts/set_sysctl_limits.sh | 63 + scripts/upload.sh | 33 + testing/InstallTestbed.ps1 | 402 + testing/Readme.md | 67 +- testing/SetupTestbed.ps1 | 508 +- .../azure_scripts/copy_file_to_container.ps1 | 81 + .../azure_scripts/create_blob_container.ps1 | 101 + .../azure_scripts/download_in_container.ps1 | 106 + .../azure_scripts/extract_archive.ps1 | 90 + .../azure_scripts/lib/utilityFunctions.ps1 | 143 + .../azure_scripts/run_script_in_container.ps1 | 59 + .../azure_scripts/zip_my_parents_parent.ps1 | 34 + testing/configure/chown_dc1_private_key.ps1 | 21 + testing/configure/create_lme_directory.ps1 | 27 + testing/configure/create_ou.ps1 | 23 + testing/configure/download_files.ps1 | 23 + testing/configure/install_chapter_1.ps1 | 65 + testing/configure/install_chapter_2.ps1 | 28 + testing/configure/lib/functions.sh | 47 + .../configure/linux_authorize_private_key.sh | 4 + testing/configure/linux_install_lme.exp | 81 + testing/configure/linux_install_lme.sh | 111 + testing/configure/linux_make_private_key.exp | 16 + testing/configure/linux_test_install.sh | 119 + testing/configure/linux_update_system.sh | 3 + .../list_computers_forwarding_events.ps1 | 27 + testing/configure/move_computers_to_ou.ps1 | 38 + testing/configure/sysmon_gpo_update_vars.ps1 | 43 + testing/configure/sysmon_import_gpo.ps1 | 34 + .../configure/sysmon_install_in_sysvol.ps1 | 69 + testing/configure/sysmon_link_gpo.ps1 | 18 + testing/configure/trust_ls1_ssh_key.ps1 | 66 + testing/configure/wec_firewall.ps1 | 18 + .../configure/wec_gpo_update_server_name.ps1 | 42 + testing/configure/wec_import_gpo.ps1 | 34 + testing/configure/wec_link_gpo.ps1 | 27 + testing/configure/wec_service_provisioner.ps1 | 24 + testing/configure/wec_start_service.ps1 | 19 + testing/configure/winlogbeat_install.ps1 | 84 + testing/development/Dockerfile | 62 + testing/development/README.md | 162 + testing/development/build_cluster.ps1 | 18 + .../development/build_docker_lme_install.sh | 46 + testing/development/destroy_cluster.ps1 | 18 + testing/development/docker-compose.yml | 56 + testing/development/install_lme.ps1 | 40 + testing/development/upgrade_lme.sh | 30 + testing/merging_version.sh | 2 + testing/project_management/Dockerfile | 20 + testing/project_management/docker-compose.yml | 10 + testing/project_management/setup_config.sh | 71 + testing/tests/.env_example | 19 + testing/tests/.vscode/launch.json | 16 + testing/tests/.vscode/settings.json | 7 + testing/tests/Dockerfile | 22 + testing/tests/README.md | 265 + .../tests/api_tests/__init__.py | 0 .../data_insertion_tests/__init__.py | 0 .../data_insertion_tests/conftest.py | 37 + .../data_insertion_tests/fixtures/hosts.json | 29 + .../fixtures/logonevents.json | 38 + .../queries/filter_hosts.json | 287 + .../queries/filter_logonevents.json | 127 + .../data_insertion_tests/test_server.py | 55 + testing/tests/api_tests/helpers.py | 103 + .../tests/api_tests/linux_only/__init__.py | 0 .../tests/api_tests/linux_only/conftest.py | 37 + .../api_tests/linux_only/schemas/es_root.json | 68 + .../linux_only/test_data/response.json | 17 + .../tests/api_tests/linux_only/test_server.py | 101 + .../tests/api_tests/winlogbeat/__init__.py | 0 .../tests/api_tests/winlogbeat/conftest.py | 37 + .../winlogbeat/schemas/winlogbeat_search.json | 959 +++ .../test_data/mapping_datafields.txt | 492 ++ .../test_data/mapping_response.json | 7379 +++++++++++++++++ .../test_data/mapping_response_actual.json | 7376 ++++++++++++++++ .../test_data/winlog_search_data.json | 86 + .../tests/api_tests/winlogbeat/test_server.py | 111 + testing/tests/docker-compose.yml | 9 + testing/tests/requirements.txt | 21 + testing/tests/selenium_tests.py | 636 ++ .../tests/selenium_tests/Old/dashboards.py | 334 + .../selenium_tests/Old/dashboards_cluster.py | 784 ++ .../tests/selenium_tests/cluster/__init__.py | 0 .../tests/selenium_tests/cluster/conftest.py | 92 + testing/tests/selenium_tests/cluster/lib.py | 41 + ...st_computer_software_overview_dashboard.py | 38 + .../cluster/test_health_check_dashboard.py | 42 + .../test_process_explorer_dashboard.py | 53 + .../test_security_dashboard_security_log.py | 98 + .../cluster/test_sysmon_summary_dashboard.py | 48 + .../cluster/test_user_h_r_dashboard.py | 65 + .../cluster/test_user_security_dashboard.py | 180 + .../selenium_tests/linux_only/conftest.py | 93 + .../selenium_tests/linux_only/move_tests.sh | 48 + .../linux_only/test_basic_loading.py | 40 + ...computer_software_overview_dashboard_lo.py | 39 + .../test_health_check_dashboard_lo.py | 24 + ...test_security_dashboard_security_log_lo.py | 65 + .../test_sysmon_summary_dashboard_lo.py | 39 + .../linux_only/test_user_h_r_dashboard_lo.py | 78 + .../test_user_security_dashboard_lo.py | 91 + testing/v2/development/Dockerfile | 64 + testing/v2/development/docker-compose.yml | 26 + testing/v2/installers/README.md | 15 + .../azure/build_azure_linux_network.md | 136 + .../azure/build_azure_linux_network.py | 624 ++ ...build_azure_linux_network_requirements.txt | 6 + testing/v2/installers/install_v2/install.sh | 42 + .../install_v2/install_in_minimega.sh | 69 + testing/v2/installers/lib/copy_ssh_key.sh | 31 + testing/v2/installers/minimega/README.md | 67 + .../v2/installers/minimega/check_dpkg_lock.sh | 31 + .../v2/installers/minimega/copy_ssh_key.sh | 31 + .../v2/installers/minimega/create_bridge.sh | 4 + testing/v2/installers/minimega/fix_dnsmasq.sh | 3 + testing/v2/installers/minimega/install.sh | 77 + .../v2/installers/minimega/install_local.sh | 29 + .../v2/installers/minimega/minimega.service | 11 + .../v2/installers/minimega/miniweb.service | 11 + testing/v2/installers/minimega/set_gopath.sh | 11 + .../v2/installers/minimega/update_packages.sh | 48 + .../v2/installers/ubuntu_qcow_maker/README.md | 94 + .../ubuntu_qcow_maker/clear_cloud_config.sh | 77 + .../ubuntu_qcow_maker/create_tap.sh | 26 + .../ubuntu_qcow_maker/create_ubuntu_qcow.sh | 152 + .../ubuntu_qcow_maker/create_vm_from_qcow.sh | 101 + .../ubuntu_qcow_maker/get_ip_of_machine.sh | 25 + .../installers/ubuntu_qcow_maker/install.sh | 62 + .../installers/ubuntu_qcow_maker/iptables.sh | 47 + .../ubuntu_qcow_maker/launch_multiple_vms.sh | 23 + .../ubuntu_qcow_maker/remove_test_files.sh | 6 + .../installers/ubuntu_qcow_maker/resize_fs.sh | 7 + .../ubuntu_qcow_maker/resize_qcow.sh | 70 + .../ubuntu_qcow_maker/setup_dnsmasq.sh | 48 + .../ubuntu_qcow_maker/ubuntu-runner.mm | 9 + .../ubuntu_qcow_maker/wait_for_login.sh | 60 + 232 files changed, 28587 insertions(+), 362 deletions(-) create mode 100644 .devcontainer/python_development/devcontainer.json create mode 100644 .devcontainer/python_tests/devcontainer.json rename .github/{PULL_REQUEST_TEMPLATE/pull_request_template.md => PULL_REQUEST_TEMPLATE.md} (81%) create mode 100644 .github/README-github.md create mode 100644 .github/changelog-configuration.json create mode 100644 .github/workflows/build_release.yaml create mode 100644 .github/workflows/burndown_chart.yml create mode 100644 .github/workflows/cluster.yml create mode 100644 .github/workflows/linux_only.yml create mode 100644 .github/workflows/upgrade.yml rename {Chapter 1 Files => OLD_CHAPTERS/Chapter 1 Files}/Group Policy Objects/manifest.xml (100%) rename {Chapter 1 Files => OLD_CHAPTERS/Chapter 1 Files}/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/Backup.xml (100%) rename {Chapter 1 Files => OLD_CHAPTERS/Chapter 1 Files}/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/DomainSysvol/GPO/Machine/Preferences/Services/Services.xml (100%) rename {Chapter 1 Files => OLD_CHAPTERS/Chapter 1 Files}/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/DomainSysvol/GPO/Machine/comment.cmtx (100%) rename {Chapter 1 Files => OLD_CHAPTERS/Chapter 1 Files}/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf (100%) rename {Chapter 1 Files => OLD_CHAPTERS/Chapter 1 Files}/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/DomainSysvol/GPO/Machine/registry.pol (100%) rename {Chapter 1 Files => OLD_CHAPTERS/Chapter 1 Files}/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/bkupInfo.xml (100%) rename {Chapter 1 Files => OLD_CHAPTERS/Chapter 1 Files}/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/gpreport.xml (100%) rename {Chapter 1 Files => OLD_CHAPTERS/Chapter 1 Files}/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/Backup.xml (100%) rename {Chapter 1 Files => OLD_CHAPTERS/Chapter 1 Files}/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/Preferences/Groups/Groups.xml (100%) rename {Chapter 1 Files => OLD_CHAPTERS/Chapter 1 Files}/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/Preferences/Services/Services.xml (100%) rename {Chapter 1 Files => OLD_CHAPTERS/Chapter 1 Files}/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/comment.cmtx (100%) rename {Chapter 1 Files => OLD_CHAPTERS/Chapter 1 Files}/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf (100%) rename {Chapter 1 Files => OLD_CHAPTERS/Chapter 1 Files}/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/registry.pol (100%) rename {Chapter 1 Files => OLD_CHAPTERS/Chapter 1 Files}/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/bkupInfo.xml (100%) rename {Chapter 1 Files => OLD_CHAPTERS/Chapter 1 Files}/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/gpreport.xml (100%) rename {Chapter 1 Files => OLD_CHAPTERS/Chapter 1 Files}/lme_gpo_for_windows.zip (100%) rename {Chapter 1 Files => OLD_CHAPTERS/Chapter 1 Files}/lme_wec_config.xml (100%) rename {Chapter 2 Files => OLD_CHAPTERS/Chapter 2 Files}/GPO Deployment/Group Policy Objects/manifest.xml (100%) rename {Chapter 2 Files => OLD_CHAPTERS/Chapter 2 Files}/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/Backup.xml (100%) rename {Chapter 2 Files => OLD_CHAPTERS/Chapter 2 Files}/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/DomainSysvol/GPO/GPO.cmt (100%) rename {Chapter 2 Files => OLD_CHAPTERS/Chapter 2 Files}/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/DomainSysvol/GPO/Machine/Preferences/ScheduledTasks/ScheduledTasks.xml (100%) rename {Chapter 2 Files => OLD_CHAPTERS/Chapter 2 Files}/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/bkupInfo.xml (100%) rename {Chapter 2 Files => OLD_CHAPTERS/Chapter 2 Files}/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/gpreport.xml (100%) rename {Chapter 2 Files => OLD_CHAPTERS/Chapter 2 Files}/GPO Deployment/sysmon_gpo.zip (100%) rename {Chapter 2 Files => OLD_CHAPTERS/Chapter 2 Files}/GPO Deployment/sysmon_gpo/Group Policy Objects/manifest.xml (100%) rename {Chapter 2 Files => OLD_CHAPTERS/Chapter 2 Files}/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/Backup.xml (100%) rename {Chapter 2 Files => OLD_CHAPTERS/Chapter 2 Files}/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/DomainSysvol/GPO/GPO.cmt (100%) rename {Chapter 2 Files => OLD_CHAPTERS/Chapter 2 Files}/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/DomainSysvol/GPO/Machine/Preferences/ScheduledTasks/ScheduledTasks.xml (100%) rename {Chapter 2 Files => OLD_CHAPTERS/Chapter 2 Files}/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/bkupInfo.xml (100%) rename {Chapter 2 Files => OLD_CHAPTERS/Chapter 2 Files}/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/gpreport.xml (100%) rename {Chapter 2 Files => OLD_CHAPTERS/Chapter 2 Files}/GPO Deployment/update.bat (100%) rename {Chapter 2 Files => OLD_CHAPTERS/Chapter 2 Files}/SCCM Deployment/Install_Sysmon64.ps1 (100%) rename {Chapter 2 Files => OLD_CHAPTERS/Chapter 2 Files}/SCCM Deployment/Uninstall_Sysmon64.ps1 (100%) rename {Chapter 3 Files => OLD_CHAPTERS/Chapter 3 Files}/.gitignore (100%) rename {Chapter 3 Files => OLD_CHAPTERS/Chapter 3 Files}/dashboard_update.sh (93%) rename {Chapter 3 Files => OLD_CHAPTERS/Chapter 3 Files}/deploy.sh (96%) rename {Chapter 3 Files => OLD_CHAPTERS/Chapter 3 Files}/docker-compose-stack.yml (100%) rename {Chapter 3 Files => OLD_CHAPTERS/Chapter 3 Files}/lme_update.sh (100%) rename {Chapter 3 Files => OLD_CHAPTERS/Chapter 3 Files}/logstash.conf (100%) rename {Chapter 3 Files => OLD_CHAPTERS/Chapter 3 Files}/winlog-index-mapping.json (100%) rename {Chapter 3 Files => OLD_CHAPTERS/Chapter 3 Files}/winlogbeat.yml (100%) rename {Chapter 4 Files => OLD_CHAPTERS/Chapter 4 Files}/dashboards/Healthcheckoverview_dashboard.ndjson (100%) rename {Chapter 4 Files => OLD_CHAPTERS/Chapter 4 Files}/dashboards/Readme.md (100%) rename {Chapter 4 Files => OLD_CHAPTERS/Chapter 4 Files}/dashboards/alerting_dashboard.ndjson (100%) rename {Chapter 4 Files => OLD_CHAPTERS/Chapter 4 Files}/dashboards/computer_software_overview.ndjson (100%) rename {Chapter 4 Files => OLD_CHAPTERS/Chapter 4 Files}/dashboards/process_explorer.ndjson (100%) rename {Chapter 4 Files => OLD_CHAPTERS/Chapter 4 Files}/dashboards/security_dashboard_security_log.ndjson (100%) rename {Chapter 4 Files => OLD_CHAPTERS/Chapter 4 Files}/dashboards/sysmon_summary.ndjson (100%) rename {Chapter 4 Files => OLD_CHAPTERS/Chapter 4 Files}/dashboards/user_hr.ndjson (100%) rename {Chapter 4 Files => OLD_CHAPTERS/Chapter 4 Files}/dashboards/user_security.ndjson (100%) rename {Chapter 4 Files => OLD_CHAPTERS/Chapter 4 Files}/export_dashboards.py (100%) rename {Chapter 4 Files => OLD_CHAPTERS/Chapter 4 Files}/requirements.txt (100%) create mode 100644 OLD_CHAPTERS/README.md create mode 100644 config/caddy/Caddyfile create mode 100644 config/containers.txt create mode 100644 config/example.env create mode 100644 config/kibana.yml create mode 100644 config/setup/acct-init.sh create mode 100644 config/setup/init-setup.sh create mode 100644 config/setup/instances.yml create mode 100644 config/wazuh_cluster/wazuh_manager.conf create mode 100644 docs/markdown/reference/dashboard-descriptions.md create mode 100644 quadlet/lme-caddy.container create mode 100644 quadlet/lme-elasticsearch.container create mode 100644 quadlet/lme-fleet-server.container create mode 100644 quadlet/lme-kibana.container create mode 100644 quadlet/lme-setup-accts.container create mode 100644 quadlet/lme-setup-certs.container create mode 100644 quadlet/lme-wazuh-manager.container create mode 100644 quadlet/lme.network create mode 100644 quadlet/lme.service create mode 100755 scripts/download.sh create mode 100755 scripts/gen_cert.sh create mode 100644 scripts/install_lme_local.yml create mode 100755 scripts/link_latest_podman_quadlet.sh create mode 100755 scripts/set-fleet.sh create mode 100755 scripts/set_sysctl_limits.sh create mode 100755 scripts/upload.sh create mode 100644 testing/InstallTestbed.ps1 create mode 100644 testing/configure/azure_scripts/copy_file_to_container.ps1 create mode 100644 testing/configure/azure_scripts/create_blob_container.ps1 create mode 100644 testing/configure/azure_scripts/download_in_container.ps1 create mode 100644 testing/configure/azure_scripts/extract_archive.ps1 create mode 100644 testing/configure/azure_scripts/lib/utilityFunctions.ps1 create mode 100644 testing/configure/azure_scripts/run_script_in_container.ps1 create mode 100644 testing/configure/azure_scripts/zip_my_parents_parent.ps1 create mode 100644 testing/configure/chown_dc1_private_key.ps1 create mode 100644 testing/configure/create_lme_directory.ps1 create mode 100644 testing/configure/create_ou.ps1 create mode 100644 testing/configure/download_files.ps1 create mode 100644 testing/configure/install_chapter_1.ps1 create mode 100644 testing/configure/install_chapter_2.ps1 create mode 100644 testing/configure/lib/functions.sh create mode 100755 testing/configure/linux_authorize_private_key.sh create mode 100755 testing/configure/linux_install_lme.exp create mode 100755 testing/configure/linux_install_lme.sh create mode 100755 testing/configure/linux_make_private_key.exp create mode 100755 testing/configure/linux_test_install.sh create mode 100755 testing/configure/linux_update_system.sh create mode 100644 testing/configure/list_computers_forwarding_events.ps1 create mode 100644 testing/configure/move_computers_to_ou.ps1 create mode 100644 testing/configure/sysmon_gpo_update_vars.ps1 create mode 100644 testing/configure/sysmon_import_gpo.ps1 create mode 100644 testing/configure/sysmon_install_in_sysvol.ps1 create mode 100644 testing/configure/sysmon_link_gpo.ps1 create mode 100644 testing/configure/trust_ls1_ssh_key.ps1 create mode 100644 testing/configure/wec_firewall.ps1 create mode 100644 testing/configure/wec_gpo_update_server_name.ps1 create mode 100644 testing/configure/wec_import_gpo.ps1 create mode 100644 testing/configure/wec_link_gpo.ps1 create mode 100644 testing/configure/wec_service_provisioner.ps1 create mode 100644 testing/configure/wec_start_service.ps1 create mode 100644 testing/configure/winlogbeat_install.ps1 create mode 100644 testing/development/Dockerfile create mode 100644 testing/development/README.md create mode 100644 testing/development/build_cluster.ps1 create mode 100755 testing/development/build_docker_lme_install.sh create mode 100644 testing/development/destroy_cluster.ps1 create mode 100644 testing/development/docker-compose.yml create mode 100644 testing/development/install_lme.ps1 create mode 100755 testing/development/upgrade_lme.sh create mode 100644 testing/merging_version.sh create mode 100644 testing/project_management/Dockerfile create mode 100644 testing/project_management/docker-compose.yml create mode 100755 testing/project_management/setup_config.sh create mode 100644 testing/tests/.env_example create mode 100644 testing/tests/.vscode/launch.json create mode 100644 testing/tests/.vscode/settings.json create mode 100644 testing/tests/Dockerfile create mode 100644 testing/tests/README.md rename backups/.gitkeep => testing/tests/api_tests/__init__.py (100%) create mode 100644 testing/tests/api_tests/data_insertion_tests/__init__.py create mode 100644 testing/tests/api_tests/data_insertion_tests/conftest.py create mode 100644 testing/tests/api_tests/data_insertion_tests/fixtures/hosts.json create mode 100644 testing/tests/api_tests/data_insertion_tests/fixtures/logonevents.json create mode 100644 testing/tests/api_tests/data_insertion_tests/queries/filter_hosts.json create mode 100644 testing/tests/api_tests/data_insertion_tests/queries/filter_logonevents.json create mode 100644 testing/tests/api_tests/data_insertion_tests/test_server.py create mode 100644 testing/tests/api_tests/helpers.py create mode 100644 testing/tests/api_tests/linux_only/__init__.py create mode 100644 testing/tests/api_tests/linux_only/conftest.py create mode 100644 testing/tests/api_tests/linux_only/schemas/es_root.json create mode 100644 testing/tests/api_tests/linux_only/test_data/response.json create mode 100644 testing/tests/api_tests/linux_only/test_server.py create mode 100644 testing/tests/api_tests/winlogbeat/__init__.py create mode 100644 testing/tests/api_tests/winlogbeat/conftest.py create mode 100644 testing/tests/api_tests/winlogbeat/schemas/winlogbeat_search.json create mode 100644 testing/tests/api_tests/winlogbeat/test_data/mapping_datafields.txt create mode 100644 testing/tests/api_tests/winlogbeat/test_data/mapping_response.json create mode 100644 testing/tests/api_tests/winlogbeat/test_data/mapping_response_actual.json create mode 100644 testing/tests/api_tests/winlogbeat/test_data/winlog_search_data.json create mode 100644 testing/tests/api_tests/winlogbeat/test_server.py create mode 100644 testing/tests/docker-compose.yml create mode 100644 testing/tests/requirements.txt create mode 100644 testing/tests/selenium_tests.py create mode 100644 testing/tests/selenium_tests/Old/dashboards.py create mode 100644 testing/tests/selenium_tests/Old/dashboards_cluster.py create mode 100644 testing/tests/selenium_tests/cluster/__init__.py create mode 100644 testing/tests/selenium_tests/cluster/conftest.py create mode 100644 testing/tests/selenium_tests/cluster/lib.py create mode 100644 testing/tests/selenium_tests/cluster/test_computer_software_overview_dashboard.py create mode 100644 testing/tests/selenium_tests/cluster/test_health_check_dashboard.py create mode 100644 testing/tests/selenium_tests/cluster/test_process_explorer_dashboard.py create mode 100644 testing/tests/selenium_tests/cluster/test_security_dashboard_security_log.py create mode 100644 testing/tests/selenium_tests/cluster/test_sysmon_summary_dashboard.py create mode 100644 testing/tests/selenium_tests/cluster/test_user_h_r_dashboard.py create mode 100644 testing/tests/selenium_tests/cluster/test_user_security_dashboard.py create mode 100644 testing/tests/selenium_tests/linux_only/conftest.py create mode 100755 testing/tests/selenium_tests/linux_only/move_tests.sh create mode 100644 testing/tests/selenium_tests/linux_only/test_basic_loading.py create mode 100644 testing/tests/selenium_tests/linux_only/test_computer_software_overview_dashboard_lo.py create mode 100644 testing/tests/selenium_tests/linux_only/test_health_check_dashboard_lo.py create mode 100644 testing/tests/selenium_tests/linux_only/test_security_dashboard_security_log_lo.py create mode 100644 testing/tests/selenium_tests/linux_only/test_sysmon_summary_dashboard_lo.py create mode 100644 testing/tests/selenium_tests/linux_only/test_user_h_r_dashboard_lo.py create mode 100644 testing/tests/selenium_tests/linux_only/test_user_security_dashboard_lo.py create mode 100644 testing/v2/development/Dockerfile create mode 100644 testing/v2/development/docker-compose.yml create mode 100644 testing/v2/installers/README.md create mode 100644 testing/v2/installers/azure/build_azure_linux_network.md create mode 100755 testing/v2/installers/azure/build_azure_linux_network.py create mode 100644 testing/v2/installers/azure/build_azure_linux_network_requirements.txt create mode 100755 testing/v2/installers/install_v2/install.sh create mode 100755 testing/v2/installers/install_v2/install_in_minimega.sh create mode 100755 testing/v2/installers/lib/copy_ssh_key.sh create mode 100644 testing/v2/installers/minimega/README.md create mode 100755 testing/v2/installers/minimega/check_dpkg_lock.sh create mode 100755 testing/v2/installers/minimega/copy_ssh_key.sh create mode 100755 testing/v2/installers/minimega/create_bridge.sh create mode 100755 testing/v2/installers/minimega/fix_dnsmasq.sh create mode 100755 testing/v2/installers/minimega/install.sh create mode 100755 testing/v2/installers/minimega/install_local.sh create mode 100644 testing/v2/installers/minimega/minimega.service create mode 100644 testing/v2/installers/minimega/miniweb.service create mode 100755 testing/v2/installers/minimega/set_gopath.sh create mode 100755 testing/v2/installers/minimega/update_packages.sh create mode 100644 testing/v2/installers/ubuntu_qcow_maker/README.md create mode 100755 testing/v2/installers/ubuntu_qcow_maker/clear_cloud_config.sh create mode 100755 testing/v2/installers/ubuntu_qcow_maker/create_tap.sh create mode 100755 testing/v2/installers/ubuntu_qcow_maker/create_ubuntu_qcow.sh create mode 100755 testing/v2/installers/ubuntu_qcow_maker/create_vm_from_qcow.sh create mode 100755 testing/v2/installers/ubuntu_qcow_maker/get_ip_of_machine.sh create mode 100755 testing/v2/installers/ubuntu_qcow_maker/install.sh create mode 100755 testing/v2/installers/ubuntu_qcow_maker/iptables.sh create mode 100755 testing/v2/installers/ubuntu_qcow_maker/launch_multiple_vms.sh create mode 100755 testing/v2/installers/ubuntu_qcow_maker/remove_test_files.sh create mode 100755 testing/v2/installers/ubuntu_qcow_maker/resize_fs.sh create mode 100755 testing/v2/installers/ubuntu_qcow_maker/resize_qcow.sh create mode 100755 testing/v2/installers/ubuntu_qcow_maker/setup_dnsmasq.sh create mode 100644 testing/v2/installers/ubuntu_qcow_maker/ubuntu-runner.mm create mode 100755 testing/v2/installers/ubuntu_qcow_maker/wait_for_login.sh diff --git a/.devcontainer/python_development/devcontainer.json b/.devcontainer/python_development/devcontainer.json new file mode 100644 index 00000000..8e6dda12 --- /dev/null +++ b/.devcontainer/python_development/devcontainer.json @@ -0,0 +1,19 @@ +{ + "name": "Python Development", + "dockerComposeFile": [ + "../../testing/development/docker-compose.yml" + ], + "service": "ubuntu", + "shutdownAction": "none", + "workspaceFolder": "/lme", + "customizations": { + "vscode": { + "extensions": [ + "ms-python.python", + "littlefoxteam.vscode-python-test-adapter", + "ms-python.black-formatter" + ] + } + }, + "remoteUser": "admin.ackbar" +} \ No newline at end of file diff --git a/.devcontainer/python_tests/devcontainer.json b/.devcontainer/python_tests/devcontainer.json new file mode 100644 index 00000000..187df1c5 --- /dev/null +++ b/.devcontainer/python_tests/devcontainer.json @@ -0,0 +1,18 @@ +{ + "name": "Python Tests", + "dockerComposeFile": [ + "../../testing/tests/docker-compose.yml" + ], + "service": "ubuntu", + "shutdownAction": "none", + "workspaceFolder": "/app", + "customizations": { + "vscode": { + "extensions": [ + "ms-python.python", + "littlefoxteam.vscode-python-test-adapter", + "ms-python.black-formatter" + ] + } + } +} \ No newline at end of file diff --git a/.github/ISSUE_TEMPLATE/bug-or-error-report.md b/.github/ISSUE_TEMPLATE/bug-or-error-report.md index 210ff5ee..bda324c4 100644 --- a/.github/ISSUE_TEMPLATE/bug-or-error-report.md +++ b/.github/ISSUE_TEMPLATE/bug-or-error-report.md @@ -15,26 +15,25 @@ assignees: '' If the above did not answer your question, proceed with creating an issue below: ## Describe the bug -A clear and concise description of what the bug is. + ## To Reproduce -Steps to reproduce the behavior. These should be clear enough that our team can understand your running environment, software/operating system versions, and anything else we might need to debug the issue. - -An example of a usable reproducible list are shown in these issues: [Issue 1](https://github.com/cisagov/LME/issues/15) [Issue 2](https://github.com/cisagov/LME/issues/19). - -To increase the speed and relevance of the reply we suggest you list down debugging steps you have tried, as well as the following information: + + ### Please complete the following information -**Desktop:** +#### **Desktop:** - OS: [e.g. Windows 10] - Browser: [e.g. Firefox Version 104.0.1] - Software version: [e.g. Sysmon v15.0, Winlogbeat 8.11.1] - -**Server:** + +#### **Server:** - OS: [e.g. Ubuntu 22.04] - Software Versions: - ELK: [e.g. 8.7.1] - Docker: [e.g. 20.10.23, build 7155243] + +**OPTIONAL**: - The output of these commands: ``` free -h @@ -52,7 +51,7 @@ Increase the number of lines if your issue is not present, or include a relevant ## Expected behavior A clear and concise description of what you expected to happen. -## Screenshots +## Screenshots **OPTIONAL** If applicable, add screenshots to help explain your problem. ## Additional context diff --git a/.github/PULL_REQUEST_TEMPLATE/pull_request_template.md b/.github/PULL_REQUEST_TEMPLATE.md similarity index 81% rename from .github/PULL_REQUEST_TEMPLATE/pull_request_template.md rename to .github/PULL_REQUEST_TEMPLATE.md index 12d7fd5a..d2b83f2d 100644 --- a/.github/PULL_REQUEST_TEMPLATE/pull_request_template.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -9,6 +9,9 @@ + + + ### ๐Ÿ“ท Screenshots (DELETE IF UNAPPLICABLE) @@ -22,6 +25,7 @@ - [ ] Changes are limited to a single goal **AND** the title reflects this in a clear human readable format +- [ ] Issue that this PR solves has been selected in the Development section - [ ] I have read and agree to LME's [CONTRIBUTING.md](https://github.com/cisagov/LME/CONTRIBUTING.md) document. - [ ] The PR adheres to LME's requirements in [RELEASES.md](https://github.com/cisagov/LME/RELEASES.md#steps-to-submit-a-PR) - [ ] These code changes follow [cisagov code standards](https://github.com/cisagov/development-guide). @@ -31,9 +35,9 @@ - [ ] All tests pass - [ ] PR has been tested and the documentation for testing is above +- [ ] Squash and merge all commits into one PR level commit ## โœ… Post-merge Checklist -- [ ] Squash all commits into one PR level commit - [ ] Delete the branch to keep down number of branches diff --git a/.github/README-github.md b/.github/README-github.md new file mode 100644 index 00000000..3f313815 --- /dev/null +++ b/.github/README-github.md @@ -0,0 +1 @@ +See the readme in `testing/development` for more information about these workflows and how to develop for them. \ No newline at end of file diff --git a/.github/changelog-configuration.json b/.github/changelog-configuration.json new file mode 100644 index 00000000..4cd4a598 --- /dev/null +++ b/.github/changelog-configuration.json @@ -0,0 +1,22 @@ +{ + "categories": [ + { + "title": "## What's Added", + "labels": ["feat"], + }, + { + "title": "## What's Fixed", + "labels": ["fix"], + }, + { + "title": "## What's Updated", + "labels": ["update"], + }, + { + "title": "## Uncategorized", + "labels": [], + }, + ], + "template": "#{{CHANGELOG}}", + "pr_template": "* #{{TITLE}} by @#{{AUTHOR}} in ##{{NUMBER}}" +} diff --git a/.github/workflows/build_release.yaml b/.github/workflows/build_release.yaml new file mode 100644 index 00000000..22cb10cf --- /dev/null +++ b/.github/workflows/build_release.yaml @@ -0,0 +1,49 @@ +on: + workflow_dispatch: + inputs: + version: + description: "Release version (e.g., 1.1.0)" + required: true + type: string + +name: Build Release + +jobs: + build-release: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Get current date + id: date + run: | + echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_ENV + + - name: Build Assets + run: git ls-files | zip LME-${{ inputs.version }}.zip -@ + + - name: Build Changelog + id: release + uses: mikepenz/release-changelog-builder-action@v4.1.1 + with: + toTag: "release-${{ inputs.version }}" + configuration: ".github/changelog-configuration.json" + failOnError: true + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Create Draft Release + uses: softprops/action-gh-release@v0.1.15 + with: + name: LME v${{ inputs.version }} + tag_name: v${{ inputs.version }} + body: | + ## [${{ inputs.version }}] - Timberrrrr! - ${{ env.date }} + ${{ steps.release.outputs.changelog }} + files: LME-${{ inputs.version }}.zip + draft: true + prerelease: false + discussion_category_name: "Announcements" + generate_release_notes: false + fail_on_unmatched_files: true diff --git a/.github/workflows/burndown_chart.yml b/.github/workflows/burndown_chart.yml new file mode 100644 index 00000000..8eee3839 --- /dev/null +++ b/.github/workflows/burndown_chart.yml @@ -0,0 +1,100 @@ +name: Burndown Chart + +on: + workflow_dispatch: + inputs: + start_date: + description: 'Sprint start date (YYYY-MM-DD)' + required: true + default: '2024-05-09' + type: string + end_date: + description: 'Sprint end date (YYYY-MM-DD)' + required: true + default: '2024-05-25' + type: string + view: + description: 'View number' + required: true + default: '1' + type: string + pull_request: + branches: + - '*' + +jobs: + create_chart: + runs-on: ubuntu-latest + env: + UNIQUE_ID: + start_date: + end_date: + view: + + steps: + - name: Checkout repository + uses: actions/checkout@v4.1.1 + + - name: Setup environment variables + run: | + echo "UNIQUE_ID=$(openssl rand -hex 3 | head -c 6)" >> $GITHUB_ENV + + - name: Set default dates + if: github.event_name == 'pull_request' + run: | + echo "start_date=2024-05-09" >> $GITHUB_ENV + echo "end_date=2024-05-25" >> $GITHUB_ENV + echo "view=1" >> $GITHUB_ENV + + - name: Use dispatch inputs + if: github.event_name == 'workflow_dispatch' + run: | + echo "start_date=${{ github.event.inputs.start_date }}" >> $GITHUB_ENV + echo "end_date=${{ github.event.inputs.end_date }}" >> $GITHUB_ENV + echo "view=${{ github.event.inputs.view }}" >> $GITHUB_ENV + + - name: Run Docker Build + run: docker compose -p ${{ env.UNIQUE_ID }} -f testing/project_management/docker-compose.yml build burndown --no-cache + + - name: Run Docker Compose + env: + BURNDOWN_TOKEN: ${{ secrets.BURNDOWN_TOKEN }} + run: docker compose -p ${{ env.UNIQUE_ID }} -f testing/project_management/docker-compose.yml up -d + + - name: List docker containers to wait for them to start + run: | + docker ps + + - name: Set up the burndown chart config + env: + BURNDOWN_TOKEN: ${{ secrets.BURNDOWN_TOKEN }} + UNIQUE_ID: ${{ env.UNIQUE_ID }} + START_DATE: ${{ env.start_date }} + END_DATE: ${{ env.end_date }} + VIEW: ${{ env.view }} + run: | + cd testing/project_management + docker compose -p ${{ env.UNIQUE_ID }} exec -T burndown bash -c ' + /lme/testing/project_management/setup_config.sh -s ${{ env.START_DATE }} -e ${{ env.END_DATE }} -v ${{ env.VIEW }} -f /github-projects-burndown-chart/src/github_projects_burndown_chart/config/config.json + sed -i "s/\"github_token\": \"\"/\"github_token\": \"$BURNDOWN_TOKEN\"/g" /github-projects-burndown-chart/src/github_projects_burndown_chart/config/secrets.json + cat /github-projects-burndown-chart/src/github_projects_burndown_chart/config/config.json + ' + + - name: Run the burndown chart script + run: | + cd testing/project_management + docker compose -p ${{ env.UNIQUE_ID }} exec -T burndown bash -c ' + python3 /github-projects-burndown-chart/src/github_projects_burndown_chart/main.py organization LME --filepath /lme/burndown.png + ' + - name: Upload chart artifact + uses: actions/upload-artifact@v4 + with: + name: burndown + path: burndown.png + + - name: Cleanup Docker Compose + if: always() + run: | + cd testing/project_management + docker compose -p ${{ env.UNIQUE_ID }} down + # docker system prune -a --force \ No newline at end of file diff --git a/.github/workflows/cluster.yml b/.github/workflows/cluster.yml new file mode 100644 index 00000000..c958f680 --- /dev/null +++ b/.github/workflows/cluster.yml @@ -0,0 +1,278 @@ +name: Cluster Run + +on: + workflow_dispatch: + # pull_request: + # branches: + # - '*' + +jobs: + build-and-test-cluster: + runs-on: self-hosted + env: + UNIQUE_ID: + IP_ADDRESS: + LS1_IP: + BRANCH_NAME: + elastic: + + steps: + - name: Checkout repository + uses: actions/checkout@v4.1.1 + + - name: Setup environment variables + run: | + PUBLIC_IP=$(curl -s https://api.ipify.org) + echo "IP_ADDRESS=$PUBLIC_IP" >> $GITHUB_ENV + echo "UNIQUE_ID=$(openssl rand -hex 3 | head -c 6)" >> $GITHUB_ENV + + - name: Get branch name + shell: bash + run: | + if [ "${{ github.event_name }}" == "pull_request" ]; then + echo "BRANCH_NAME=${{ github.head_ref }}" >> $GITHUB_ENV + else + echo "BRANCH_NAME=${GITHUB_REF##*/}" >> $GITHUB_ENV + fi + + - name: Set up Docker Compose + run: | + sudo curl -L "https://github.com/docker/compose/releases/download/v2.3.3/docker-compose-$(uname -s)-$(uname -m)" \ + -o /usr/local/bin/docker-compose + sudo chmod +x /usr/local/bin/docker-compose + + - name: Set the environment for docker-compose + run: | + cd testing/development + # Get the UID and GID of the current user + echo "HOST_UID=$(id -u)" > .env + echo "HOST_GID=$(id -g)" >> .env + + # - name: Run Docker Compose Build to fix a user id issue in a prebuilt container + # run: | + # cd testing/development + # docker compose -p ${{ env.UNIQUE_ID }} build --no-cache + + - name: Run Docker Compose + run: docker compose -p ${{ env.UNIQUE_ID }} -f testing/development/docker-compose.yml up -d + + - name: List docker containers to wait for them to start + run: | + docker ps + + - name: List files in home directory + run: | + cd testing/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T lme bash -c "pwd && ls -la" + + - name: Check powershell environment + run: | + set +e + cd testing/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T lme pwsh -Command "& { + cd /home/admin.ackbar/LME; \ + ls -la; \ + exit \$LASTEXITCODE; + }" + EXIT_CODE=$? + echo "Exit code: $EXIT_CODE" + set -e + if [ "$EXIT_CODE" -ne 0 ]; then + exit $EXIT_CODE + fi + + - name: Build the cluster + run: | + set +e + cd testing/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T lme pwsh -Command "& { + cd /home/admin.ackbar/LME/testing; \ + \$env:AZURE_CLIENT_ID='${{ secrets.AZURE_CLIENT_ID }}'; \ + \$env:AZURE_SECRET='${{ secrets.AZURE_SECRET }}'; \ + \$env:AZURE_CLIENT_SECRET='${{ secrets.AZURE_SECRET }}'; \ + \$env:AZURE_TENANT='${{ secrets.AZURE_TENANT }}'; \ + \$env:UNIQUE_ID='${{ env.UNIQUE_ID }}'; \ + \$env:RESOURCE_GROUP='LME-pipe-${{ env.UNIQUE_ID }}'; \ + \$env:IP_ADDRESS='${{ env.IP_ADDRESS }}'; \ + ./development/build_cluster.ps1 -IPAddress \$env:IP_ADDRESS; \ + exit \$LASTEXITCODE; + }" + EXIT_CODE=$? + echo "Exit code: $EXIT_CODE" + set -e + if [ "$EXIT_CODE" -ne 0 ]; then + exit $EXIT_CODE + fi + cd .. + . configure/lib/functions.sh + extract_ls1_ip 'LME-pipe-${{ env.UNIQUE_ID }}.cluster.output.log' + echo "LS1_IP=$LS1_IP" >> $GITHUB_ENV + + - name: Install lme on cluster + run: | + set +e + cd testing/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T lme pwsh -Command "& { + cd /home/admin.ackbar/LME/testing; \ + \$env:AZURE_CLIENT_ID='${{ secrets.AZURE_CLIENT_ID }}'; \ + \$env:AZURE_SECRET='${{ secrets.AZURE_SECRET }}'; \ + \$env:AZURE_CLIENT_SECRET='${{ secrets.AZURE_SECRET }}'; \ + \$env:AZURE_TENANT='${{ secrets.AZURE_TENANT }}'; \ + \$env:UNIQUE_ID='${{ env.UNIQUE_ID }}'; \ + \$env:RESOURCE_GROUP='LME-pipe-${{ env.UNIQUE_ID }}'; \ + ./development/install_lme.ps1 -b '${{ env.BRANCH_NAME }}'; \ + exit \$LASTEXITCODE; + }" + EXIT_CODE=$? + echo "Exit code: $EXIT_CODE" + set -e + if [ "$EXIT_CODE" -ne 0 ]; then + exit $EXIT_CODE + fi + + - name: Set the environment passwords for other steps + run: | + cd testing/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T lme bash -c " + cd /home/admin.ackbar/LME/testing \ + && . configure/lib/functions.sh \ + && extract_credentials 'LME-pipe-${{ env.UNIQUE_ID }}.password.txt' \ + && write_credentials_to_file '${{ env.UNIQUE_ID }}.github_env.sh' \ + " + . ../${{ env.UNIQUE_ID }}.github_env.sh + rm ../${{ env.UNIQUE_ID }}.github_env.sh + echo "elastic=$elastic" >> $GITHUB_ENV + echo "kibana=$kibana" >> $GITHUB_ENV + echo "logstash_system=$logstash_system" >> $GITHUB_ENV + echo "logstash_writer=$logstash_writer" >> $GITHUB_ENV + echo "dashboard_update=$dashboard_update" >> $GITHUB_ENV + + - name: Check that the environment variables are set + run: | + cd testing/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T lme bash -c " + if [ -z \"${{ env.elastic }}\" ]; then + echo 'Error: env.elastic variable is not set' >&2 + exit 1 + else + echo 'Elastic password is set' + fi + " + + # - name: Run a command on the domain controller + # run: | + # set +e + # cd testing/development + # docker compose -p ${{ env.UNIQUE_ID }} exec -T lme pwsh -Command "& { + # cd /home/admin.ackbar/LME/testing; \ + # \$env:AZURE_CLIENT_ID='${{ secrets.AZURE_CLIENT_ID }}'; \ + # \$env:AZURE_SECRET='${{ secrets.AZURE_SECRET }}'; \ + # \$env:AZURE_CLIENT_SECRET='${{ secrets.AZURE_SECRET }}'; \ + # \$env:AZURE_TENANT='${{ secrets.AZURE_TENANT }}'; \ + # \$env:UNIQUE_ID='${{ env.UNIQUE_ID }}'; \ + # \$env:RESOURCE_GROUP='LME-pipe-${{ env.UNIQUE_ID }}'; \ + # az login --service-principal -u \$env:AZURE_CLIENT_ID -p \$env:AZURE_SECRET --tenant \$env:AZURE_TENANT; \ + # az vm run-command invoke \ + # --command-id RunPowerShellScript \ + # --name DC1 \ + # --resource-group \$env:RESOURCE_GROUP \ + # --scripts 'ls C:\'; \ + # exit \$LASTEXITCODE; + # }" + # EXIT_CODE=$? + # echo "Exit code: $EXIT_CODE" + # set -e + # if [ "$EXIT_CODE" -ne 0 ]; then + # exit $EXIT_CODE + # fi + + - name: Run a command on the linux machine + run: | + set +e + cd testing/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T lme pwsh -Command "& { + cd /home/admin.ackbar/LME/testing; \ + \$env:AZURE_CLIENT_ID='${{ secrets.AZURE_CLIENT_ID }}'; \ + \$env:AZURE_SECRET='${{ secrets.AZURE_SECRET }}'; \ + \$env:AZURE_CLIENT_SECRET='${{ secrets.AZURE_SECRET }}'; \ + \$env:AZURE_TENANT='${{ secrets.AZURE_TENANT }}'; \ + \$env:UNIQUE_ID='${{ env.UNIQUE_ID }}'; \ + \$env:RESOURCE_GROUP='LME-pipe-${{ env.UNIQUE_ID }}'; \ + az login --service-principal -u \$env:AZURE_CLIENT_ID -p \$env:AZURE_SECRET --tenant \$env:AZURE_TENANT; \ + az vm run-command invoke \ + --command-id RunShellScript \ + --name LS1 \ + --resource-group \$env:RESOURCE_GROUP \ + --scripts 'ls -lan'; \ + exit \$LASTEXITCODE; + }" + EXIT_CODE=$? + echo "Exit code: $EXIT_CODE" + set -e + if [ "$EXIT_CODE" -ne 0 ]; then + exit $EXIT_CODE + fi + + # This only passes when you do a full install + - name: Run api tests in container + run: | + set +e + cd testing/development + docker-compose -p ${{ env.UNIQUE_ID }} exec -T -u admin.ackbar lme bash -c " cd testing/tests \ + && echo export elastic=${{ env.elastic }} > .env \ + && echo export ES_HOST=${{ env.LS1_IP }} >> .env \ + && python3 -m venv /home/admin.ackbar/venv_test \ + && . /home/admin.ackbar/venv_test/bin/activate \ + && pip install -r requirements.txt \ + && sudo chmod ugo+w /home/admin.ackbar/LME/ -R \ + && pytest -v api_tests/" + + - name: Run selenium tests in container + run: | + set +e + cd testing/development + docker-compose -p ${{ env.UNIQUE_ID }} exec -T -u admin.ackbar lme bash -c " cd testing/tests \ + && echo export elastic=${{ env.elastic }} > .env \ + && echo export ES_HOST=${{ env.LS1_IP }} >> .env \ + && echo export KIBANA_HOST= ${{ env.LS1_IP }} >> .env \ + && echo export KIBANA_PORT=443 >> .env \ + && echo export KIBANA_USER=elastic >> .env \ + && echo export SELENIUM_TIMEOUT=60 >> .env \ + && echo export SELENIUM_MODE=headless >> .env \ + && cat .env \ + && python3 -m venv /home/admin.ackbar/venv_test \ + && . /home/admin.ackbar/venv_test/bin/activate \ + && pip install -r requirements.txt \ + && sudo chmod ugo+w /home/admin.ackbar/LME/ -R \ + && pytest -v selenium_tests/" + + # - name: Run selenium tests in container + # run: | + # set +e + # cd testing/development + # docker compose -p ${{ env.UNIQUE_ID }} exec -T -u admin.ackbar lme bash -c " cd testing/tests \ + # && echo export ELASTIC_PASSWORD=${{ env.elastic }} > .env \ + # && . .env \ + # && python3 -m venv /home/admin.ackbar/venv_test \ + # && . /home/admin.ackbar/venv_test/bin/activate \ + # && pip install -r requirements.txt \ + # && sudo chmod ugo+w /home/admin.ackbar/LME/ -R \ + # && python selenium_tests.py --domain ${{ env.LS1_IP }} -v" + + - name: Cleanup environment + if: always() + run: | + cd testing/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T lme pwsh -Command "& { + cd /home/admin.ackbar/LME/testing; \ + \$env:AZURE_CLIENT_ID='${{ secrets.AZURE_CLIENT_ID }}'; \ + \$env:AZURE_SECRET='${{ secrets.AZURE_SECRET }}'; \ + \$env:AZURE_CLIENT_SECRET='${{ secrets.AZURE_SECRET }}'; \ + \$env:AZURE_TENANT='${{ secrets.AZURE_TENANT }}'; \ + \$env:UNIQUE_ID='${{ env.UNIQUE_ID }}'; \ + \$env:RESOURCE_GROUP='LME-pipe-${{ env.UNIQUE_ID }}'; \ + ./development/destroy_cluster.ps1; \ + exit \$LASTEXITCODE; + }" + docker compose -p ${{ env.UNIQUE_ID }} down + docker system prune --force diff --git a/.github/workflows/linux_only.yml b/.github/workflows/linux_only.yml new file mode 100644 index 00000000..c5dd7332 --- /dev/null +++ b/.github/workflows/linux_only.yml @@ -0,0 +1,123 @@ +name: Linux Only + +on: + workflow_dispatch: + pull_request: + branches: + - '*' + +jobs: + build-and-test-linux-only: + # runs-on: ubuntu-latest + runs-on: self-hosted + + env: + UNIQUE_ID: + BRANCH_NAME: + + steps: + - name: Checkout repository + uses: actions/checkout@v4.1.1 + + - name: Setup environment variables + run: | + echo "UNIQUE_ID=$(openssl rand -hex 3 | head -c 6)" >> $GITHUB_ENV + + - name: Setup environment variables + run: | + echo "AZURE_CLIENT_ID=${{ secrets.AZURE_CLIENT_ID }}" >> $GITHUB_ENV + echo "AZURE_SECRET=${{ secrets.AZURE_SECRET }}" >> $GITHUB_ENV + echo "AZURE_CLIENT_SECRET=${{ secrets.AZURE_SECRET }}" >> $GITHUB_ENV + echo "AZURE_TENANT=${{ secrets.AZURE_TENANT }}" >> $GITHUB_ENV + echo "AZURE_SUBSCRIPTION_ID=${{ secrets.AZURE_SUBSCRIPTION_ID }}" >> $GITHUB_ENV + + - name: Set Branch Name + shell: bash + env: + EVENT_NAME: ${{ github.event_name }} + HEAD_REF: ${{ github.head_ref }} + GITHUB_REF: ${{ github.ref }} + run: | + if [ "$EVENT_NAME" == "pull_request" ]; then + echo "BRANCH_NAME=$HEAD_REF" >> $GITHUB_ENV + else + BRANCH_REF="${GITHUB_REF##*/}" + echo "BRANCH_NAME=$BRANCH_REF" >> $GITHUB_ENV + fi + + - name: Set up Docker Compose + run: | + sudo curl -L "https://github.com/docker/compose/releases/download/v2.3.3/docker-compose-$(uname -s)-$(uname -m)" \ + -o /usr/local/bin/docker-compose + sudo chmod +x /usr/local/bin/docker-compose + + - name: Set the environment for docker-compose + run: | + cd testing/development + # Get the UID and GID of the current user + echo "HOST_UID=$(id -u)" > .env + echo "HOST_GID=$(id -g)" >> .env + + - name: Run Docker Build + run: docker compose -p ${{ env.UNIQUE_ID }} -f testing/development/docker-compose.yml build lme --no-cache + + - name: Run Docker Compose + run: docker compose -p ${{ env.UNIQUE_ID }} -f testing/development/docker-compose.yml up lme -d + + - name: List docker containers to wait for them to start + run: | + docker ps + + # We are not using the ubuntu container so no use waiting for it to start + # - name: Execute commands inside ubuntu container + # run: | + # cd testing/development + # docker compose -p ${{ env.UNIQUE_ID }} exec -T ubuntu bash -c "echo 'Ubuntu container built'" + + - name: Install LME in container + run: | + set -x + cd testing/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T lme bash -c "./testing/development/build_docker_lme_install.sh -b ${{ env.BRANCH_NAME }} \ + && sudo chmod go+r /opt/lme/Chapter\ 3\ Files/output.log" + + - name: Run api tests in container + run: | + cd testing/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T -u admin.ackbar lme bash -c ". testing/configure/lib/functions.sh \ + && sudo cp /opt/lme/Chapter\ 3\ Files/output.log . \ + && extract_credentials output.log \ + && sudo rm output.log \ + && sudo docker ps \ + && . /home/admin.ackbar/venv_test/bin/activate \ + && sudo chmod ugo+w /home/admin.ackbar/LME/ \ + && pytest testing/tests/api_tests/linux_only/ " + + - name: Run selenium tests in container + run: | + cd testing/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T -u admin.ackbar lme bash -c " + . testing/configure/lib/functions.sh \ + && echo export ELASTIC_PASSWORD=${{ env.elastic }} > testing/tests/.env \ + && echo export KIBANA_HOST=localhost >> testing/tests/.env \ + && echo export KIBANA_PORT=443 >> testing/tests/.env \ + && echo export KIBANA_USER=elastic >> testing/tests/.env \ + && echo export SELENIUM_TIMEOUT=60 >> testing/tests/.env \ + && echo export SELENIUM_MODE=headless >> testing/tests/.env \ + && . testing/tests/.env \ + && sudo cp /opt/lme/Chapter\\ 3\\ Files/output.log . \ + && extract_credentials output.log \ + && sudo rm output.log \ + && sudo docker ps \ + && . /home/admin.ackbar/venv_test/bin/activate \ + && sudo chmod ugo+w /home/admin.ackbar/LME/ \ + && pytest testing/tests/selenium_tests/linux_only/ \ + " + + - name: Cleanup Docker Compose + if: always() + run: | + cd testing/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T -u root lme bash -c "rm -rf /home/admin.ackbar/LME/.pytest_cache" + docker compose -p ${{ env.UNIQUE_ID }} down + docker system prune -a --force \ No newline at end of file diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index baea7ae2..f408faa2 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -5,8 +5,8 @@ on: - main tags: - 'v[0-9]+.[0-9]+.[0-9]+*' # match basic semver tags - pull_request: - branches: + pull_request: + branches: - main - 'release-*' @@ -62,25 +62,4 @@ jobs: run: | semgrep --config "p/r2c" . - release: - runs-on: ubuntu-latest - if: startsWith(github.ref, 'refs/tags/v') - needs: [lint, semgrep-scan] - steps: - - name: Checkout - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 - - - name: Set up tag name - id: tag - run: echo "::set-output name=tag::${GITHUB_REF##*/}" - - - name: Build - run: git ls-files | zip release-${{ steps.tag.outputs.tag }}.zip -@ - - - name: Release - uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15 - with: - files: release-${{ steps.tag.outputs.tag }}.zip - draft: true - generate_release_notes: true - fail_on_unmatched_files: true + diff --git a/.github/workflows/upgrade.yml b/.github/workflows/upgrade.yml new file mode 100644 index 00000000..28592706 --- /dev/null +++ b/.github/workflows/upgrade.yml @@ -0,0 +1,300 @@ +name: Build an upgrade + +on: + workflow_dispatch: + # pull_request: + # branches: + # - '*' + +jobs: + + build-and-test-upgrade: + runs-on: self-hosted + env: + UNIQUE_ID: + IP_ADDRESS: + LS1_IP: + LATEST_BRANCH: + BRANCH_NAME: + elastic: + steps: + - name: Checkout repository + uses: actions/checkout@v4.1.1 + + - name: Setup environment variables + run: | + PUBLIC_IP=$(curl -s https://api.ipify.org) + echo "IP_ADDRESS=$PUBLIC_IP" >> $GITHUB_ENV + echo "UNIQUE_ID=$(openssl rand -hex 3 | head -c 6)" >> $GITHUB_ENV + LATEST_BRANCH_VAR=$(curl -s https://api.github.com/repos/cisagov/LME/tags | jq -r '.[].name | sub("^v"; "") | "release-" + .' | head -n 1) + echo "LATEST_BRANCH=$LATEST_BRANCH_VAR" + echo "LATEST_BRANCH=$LATEST_BRANCH_VAR" >> $GITHUB_ENV + + - name: Get branch name + shell: bash + run: | + if [ "${{ github.event_name }}" == "pull_request" ]; then + echo "BRANCH_NAME=${{ github.head_ref }}" >> $GITHUB_ENV + else + echo "BRANCH_NAME=${GITHUB_REF##*/}" >> $GITHUB_ENV + fi + + + - name: Set up Docker Compose + run: | + sudo curl -L "https://github.com/docker/compose/releases/download/v2.3.3/docker-compose-$(uname -s)-$(uname -m)" \ + -o /usr/local/bin/docker-compose + sudo chmod +x /usr/local/bin/docker-compose + + - name: Set the environment for docker-compose + run: | + cd testing/development + # Get the UID and GID of the current user + echo "HOST_UID=$(id -u)" > .env + echo "HOST_GID=$(id -g)" >> .env + + # - name: Run Docker Compose Build to fix a user id issue in a prebuilt container + # run: | + # cd testing/development + # docker-compose -p ${{ env.UNIQUE_ID }} build --no-cache + + - name: Run Docker Compose + run: docker compose -p ${{ env.UNIQUE_ID }} -f testing/development/docker-compose.yml up -d + + - name: List docker containers to wait for them to start + run: | + docker ps + + - name: List files in home directory + run: | + cd testing/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T lme bash -c "pwd && ls -la" + + - name: Check powershell environment + run: | + set +e + cd testing/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T lme pwsh -Command "& { + cd /home/admin.ackbar/LME; \ + ls -la; \ + exit \$LASTEXITCODE; + }" + EXIT_CODE=$? + echo "Exit code: $EXIT_CODE" + set -e + if [ "$EXIT_CODE" -ne 0 ]; then + exit $EXIT_CODE + fi + + - name: Build the cluster + run: | + set +e + cd testing/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T lme pwsh -Command "& { + cd /home/admin.ackbar/LME/testing; \ + \$env:AZURE_CLIENT_ID='${{ secrets.AZURE_CLIENT_ID }}'; \ + \$env:AZURE_SECRET='${{ secrets.AZURE_SECRET }}'; \ + \$env:AZURE_CLIENT_SECRET='${{ secrets.AZURE_SECRET }}'; \ + \$env:AZURE_TENANT='${{ secrets.AZURE_TENANT }}'; \ + \$env:UNIQUE_ID='${{ env.UNIQUE_ID }}'; \ + \$env:RESOURCE_GROUP='LME-pipe-${{ env.UNIQUE_ID }}'; \ + \$env:IP_ADDRESS='${{ env.IP_ADDRESS }}'; \ + ./development/build_cluster.ps1 -IPAddress \$env:IP_ADDRESS; \ + exit \$LASTEXITCODE; + }" + EXIT_CODE=$? + echo "Exit code: $EXIT_CODE" + set -e + if [ "$EXIT_CODE" -ne 0 ]; then + exit $EXIT_CODE + fi + cd .. + . configure/lib/functions.sh + extract_ls1_ip 'LME-pipe-${{ env.UNIQUE_ID }}.cluster.output.log' + echo "LS1_IP=$LS1_IP" >> $GITHUB_ENV + + - name: Install lme on cluster + run: | + set +e + cd testing/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T lme pwsh -Command "& { + cd /home/admin.ackbar/LME/testing; \ + \$env:AZURE_CLIENT_ID='${{ secrets.AZURE_CLIENT_ID }}'; \ + \$env:AZURE_SECRET='${{ secrets.AZURE_SECRET }}'; \ + \$env:AZURE_CLIENT_SECRET='${{ secrets.AZURE_SECRET }}'; \ + \$env:AZURE_TENANT='${{ secrets.AZURE_TENANT }}'; \ + \$env:UNIQUE_ID='${{ env.UNIQUE_ID }}'; \ + \$env:RESOURCE_GROUP='LME-pipe-${{ env.UNIQUE_ID }}'; \ + ./development/install_lme.ps1 -b '${{ env.LATEST_BRANCH }}'; \ + exit \$LASTEXITCODE; + }" + EXIT_CODE=$? + echo "Exit code: $EXIT_CODE" + set -e + if [ "$EXIT_CODE" -ne 0 ]; then + exit $EXIT_CODE + fi + + - name: Set the environment passwords for other steps + run: | + cd testing/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T lme bash -c " + cd /home/admin.ackbar/LME/testing \ + && . configure/lib/functions.sh \ + && extract_credentials 'LME-pipe-${{ env.UNIQUE_ID }}.password.txt' \ + && write_credentials_to_file '${{ env.UNIQUE_ID }}.github_env.sh' \ + " + . ../${{ env.UNIQUE_ID }}.github_env.sh + rm ../${{ env.UNIQUE_ID }}.github_env.sh + echo "elastic=$elastic" >> $GITHUB_ENV + echo "kibana=$kibana" >> $GITHUB_ENV + echo "logstash_system=$logstash_system" >> $GITHUB_ENV + echo "logstash_writer=$logstash_writer" >> $GITHUB_ENV + echo "dashboard_update=$dashboard_update" >> $GITHUB_ENV + + - name: Check that the environment variables are set + run: | + cd testing/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T lme bash -c " + if [ -z \"${{ env.elastic }}\" ]; then + echo 'Error: env.elastic variable is not set' >&2 + exit 1 + else + echo 'Elastic password is set' + fi + " + + - name: Upgrade to the version being built + # This will check out the code in the /root directory so that it can use the latest version of the code. + # But it will also check out the branch in the /opt/lme directory so that upgrade_lme.sh script can use the branch. + run: | + set +e + cd testing/development + output=$(docker compose -p ${{ env.UNIQUE_ID }} exec -T lme pwsh -Command "\ + cd /home/admin.ackbar/LME/testing; \ + \$env:AZURE_CLIENT_ID='${{ secrets.AZURE_CLIENT_ID }}'; \ + \$env:AZURE_SECRET='${{ secrets.AZURE_SECRET }}'; \ + \$env:AZURE_CLIENT_SECRET='${{ secrets.AZURE_SECRET }}'; \ + \$env:AZURE_TENANT='${{ secrets.AZURE_TENANT }}'; \ + \$env:UNIQUE_ID='${{ env.UNIQUE_ID }}'; \ + \$env:RESOURCE_GROUP='LME-pipe-${{ env.UNIQUE_ID }}'; \ + az login --service-principal -u \$env:AZURE_CLIENT_ID -p \$env:AZURE_SECRET --tenant \$env:AZURE_TENANT; \ + az vm run-command invoke \ + --command-id RunShellScript \ + --name LS1 \ + --resource-group \$env:RESOURCE_GROUP \ + --scripts 'export HOME=/root; pwd && whoami && cd ~ \ + && git clone https://github.com/cisagov/LME.git \ + && cd LME \ + && echo "Checking out current branch: ${{ env.BRANCH_NAME }}" \ + && git checkout ${{ env.BRANCH_NAME }} \ + && cd testing \ + && ./development/upgrade_lme.sh; exit \$?'") + echo "Output: $output" + if echo "$output" | grep -q "UPGRADE_SUCCESSFUL"; then + echo "Upgrade successful" + exit 0 + else + echo "Upgrade failed" + exit 1 + fi + + # - name: Run a command on the domain controller + # run: | + # set +e + # cd testing/development + # docker compose -p ${{ env.UNIQUE_ID }} exec -T lme pwsh -Command "& { + # cd /home/admin.ackbar/LME/testing; \ + # \$env:AZURE_CLIENT_ID='${{ secrets.AZURE_CLIENT_ID }}'; \ + # \$env:AZURE_SECRET='${{ secrets.AZURE_SECRET }}'; \ + # \$env:AZURE_CLIENT_SECRET='${{ secrets.AZURE_SECRET }}'; \ + # \$env:AZURE_TENANT='${{ secrets.AZURE_TENANT }}'; \ + # \$env:UNIQUE_ID='${{ env.UNIQUE_ID }}'; \ + # \$env:RESOURCE_GROUP='LME-pipe-${{ env.UNIQUE_ID }}'; \ + # az login --service-principal -u \$env:AZURE_CLIENT_ID -p \$env:AZURE_SECRET --tenant \$env:AZURE_TENANT; \ + # az vm run-command invoke \ + # --command-id RunPowerShellScript \ + # --name DC1 \ + # --resource-group \$env:RESOURCE_GROUP \ + # --scripts 'ls C:\'; \ + # exit \$LASTEXITCODE; + # }" + # EXIT_CODE=$? + # echo "Exit code: $EXIT_CODE" + # set -e + # if [ "$EXIT_CODE" -ne 0 ]; then + # exit $EXIT_CODE + # fi + + - name: Run a command on the linux machine + run: | + set +e + cd testing/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T lme pwsh -Command "& { + cd /home/admin.ackbar/LME/testing; \ + \$env:AZURE_CLIENT_ID='${{ secrets.AZURE_CLIENT_ID }}'; \ + \$env:AZURE_SECRET='${{ secrets.AZURE_SECRET }}'; \ + \$env:AZURE_CLIENT_SECRET='${{ secrets.AZURE_SECRET }}'; \ + \$env:AZURE_TENANT='${{ secrets.AZURE_TENANT }}'; \ + \$env:UNIQUE_ID='${{ env.UNIQUE_ID }}'; \ + \$env:RESOURCE_GROUP='LME-pipe-${{ env.UNIQUE_ID }}'; \ + az login --service-principal -u \$env:AZURE_CLIENT_ID -p \$env:AZURE_SECRET --tenant \$env:AZURE_TENANT; \ + az vm run-command invoke \ + --command-id RunShellScript \ + --name LS1 \ + --resource-group \$env:RESOURCE_GROUP \ + --scripts 'ls -lan'; \ + exit \$LASTEXITCODE; + }" + EXIT_CODE=$? + echo "Exit code: $EXIT_CODE" + set -e + if [ "$EXIT_CODE" -ne 0 ]; then + exit $EXIT_CODE + fi + + # This only passes when you do a full install + - name: Run api tests in container + run: | + set +e + cd testing/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T -u admin.ackbar lme bash -c " cd testing/tests \ + && echo export elastic=${{ env.elastic }} > .env \ + && echo export ES_HOST=${{ env.LS1_IP }} >> .env \ + && cat .env \ + && python3 -m venv /home/admin.ackbar/venv_test \ + && . /home/admin.ackbar/venv_test/bin/activate \ + && pip install -r requirements.txt \ + && sudo chmod ugo+w /home/admin.ackbar/LME/ -R \ + && pytest -v api_tests/" + + - name: Run selenium tests in container + run: | + set +e + cd testing/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T -u admin.ackbar lme bash -c " cd testing/tests \ + && echo export ELASTIC_PASSWORD=${{ env.elastic }} > .env \ + && . .env \ + && python3 -m venv /home/admin.ackbar/venv_test \ + && . /home/admin.ackbar/venv_test/bin/activate \ + && pip install -r requirements.txt \ + && sudo chmod ugo+w /home/admin.ackbar/LME/ -R \ + && python selenium_tests.py --domain ${{ env.LS1_IP }} -v" + + - name: Cleanup environment + if: always() + run: | + cd testing/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T lme pwsh -Command "& { + cd /home/admin.ackbar/LME/testing; \ + \$env:AZURE_CLIENT_ID='${{ secrets.AZURE_CLIENT_ID }}'; \ + \$env:AZURE_SECRET='${{ secrets.AZURE_SECRET }}'; \ + \$env:AZURE_CLIENT_SECRET='${{ secrets.AZURE_SECRET }}'; \ + \$env:AZURE_TENANT='${{ secrets.AZURE_TENANT }}'; \ + \$env:UNIQUE_ID='${{ env.UNIQUE_ID }}'; \ + \$env:RESOURCE_GROUP='LME-pipe-${{ env.UNIQUE_ID }}'; \ + ./development/destroy_cluster.ps1; \ + exit \$LASTEXITCODE; + }" + docker compose -p ${{ env.UNIQUE_ID }} down + docker system prune --force \ No newline at end of file diff --git a/.gitignore b/.gitignore index 5b650322..0f3bfc43 100644 --- a/.gitignore +++ b/.gitignore @@ -2,6 +2,7 @@ .DS_Store /.idea/ /.vscode/ +**/.env /Chapter 4 Files/*.dumped.ndjson /Chapter 4 Files/exported/ @@ -11,7 +12,21 @@ Chapter 3 Files/docker-compose-stack-live.yml Chapter 3 Files/logstash.edited.conf Chapter 3 Files/logstash_custom.conf LME/ -dashboard_update.sh files_for_windows.zip lme.conf -lme_update.sh +**/venv/ +/testing/tests/.env +**/.pytest_cache/ +**/__pycache__/ +/testing/*.password.txt +/testing/configure/azure_scripts/config.ps1 +/testing/configure.zip +/testing/*.output.log +/testing/tests/report.html +testing/tests/assets/style.css +.history/ +**/get-docker.sh +*.vim +**.password.txt +**.ip.txt +**.swp \ No newline at end of file diff --git a/Chapter 1 Files/Group Policy Objects/manifest.xml b/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/manifest.xml similarity index 100% rename from Chapter 1 Files/Group Policy Objects/manifest.xml rename to OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/manifest.xml diff --git a/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/Backup.xml b/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/Backup.xml similarity index 100% rename from Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/Backup.xml rename to OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/Backup.xml diff --git a/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/DomainSysvol/GPO/Machine/Preferences/Services/Services.xml b/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/DomainSysvol/GPO/Machine/Preferences/Services/Services.xml similarity index 100% rename from Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/DomainSysvol/GPO/Machine/Preferences/Services/Services.xml rename to OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/DomainSysvol/GPO/Machine/Preferences/Services/Services.xml diff --git a/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/DomainSysvol/GPO/Machine/comment.cmtx b/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/DomainSysvol/GPO/Machine/comment.cmtx similarity index 100% rename from Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/DomainSysvol/GPO/Machine/comment.cmtx rename to OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/DomainSysvol/GPO/Machine/comment.cmtx diff --git a/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf b/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf similarity index 100% rename from Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf rename to OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf diff --git a/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/DomainSysvol/GPO/Machine/registry.pol b/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/DomainSysvol/GPO/Machine/registry.pol similarity index 100% rename from Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/DomainSysvol/GPO/Machine/registry.pol rename to OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/DomainSysvol/GPO/Machine/registry.pol diff --git a/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/bkupInfo.xml b/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/bkupInfo.xml similarity index 100% rename from Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/bkupInfo.xml rename to OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/bkupInfo.xml diff --git a/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/gpreport.xml b/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/gpreport.xml similarity index 100% rename from Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/gpreport.xml rename to OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/gpreport.xml diff --git a/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/Backup.xml b/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/Backup.xml similarity index 100% rename from Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/Backup.xml rename to OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/Backup.xml diff --git a/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/Preferences/Groups/Groups.xml b/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/Preferences/Groups/Groups.xml similarity index 100% rename from Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/Preferences/Groups/Groups.xml rename to OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/Preferences/Groups/Groups.xml diff --git a/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/Preferences/Services/Services.xml b/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/Preferences/Services/Services.xml similarity index 100% rename from Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/Preferences/Services/Services.xml rename to OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/Preferences/Services/Services.xml diff --git a/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/comment.cmtx b/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/comment.cmtx similarity index 100% rename from Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/comment.cmtx rename to OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/comment.cmtx diff --git a/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf b/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf similarity index 100% rename from Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf rename to OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf diff --git a/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/registry.pol b/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/registry.pol similarity index 100% rename from Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/registry.pol rename to OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/registry.pol diff --git a/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/bkupInfo.xml b/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/bkupInfo.xml similarity index 100% rename from Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/bkupInfo.xml rename to OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/bkupInfo.xml diff --git a/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/gpreport.xml b/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/gpreport.xml similarity index 100% rename from Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/gpreport.xml rename to OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/gpreport.xml diff --git a/Chapter 1 Files/lme_gpo_for_windows.zip b/OLD_CHAPTERS/Chapter 1 Files/lme_gpo_for_windows.zip similarity index 100% rename from Chapter 1 Files/lme_gpo_for_windows.zip rename to OLD_CHAPTERS/Chapter 1 Files/lme_gpo_for_windows.zip diff --git a/Chapter 1 Files/lme_wec_config.xml b/OLD_CHAPTERS/Chapter 1 Files/lme_wec_config.xml similarity index 100% rename from Chapter 1 Files/lme_wec_config.xml rename to OLD_CHAPTERS/Chapter 1 Files/lme_wec_config.xml diff --git a/Chapter 2 Files/GPO Deployment/Group Policy Objects/manifest.xml b/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/Group Policy Objects/manifest.xml similarity index 100% rename from Chapter 2 Files/GPO Deployment/Group Policy Objects/manifest.xml rename to OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/Group Policy Objects/manifest.xml diff --git a/Chapter 2 Files/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/Backup.xml b/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/Backup.xml similarity index 100% rename from Chapter 2 Files/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/Backup.xml rename to OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/Backup.xml diff --git a/Chapter 2 Files/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/DomainSysvol/GPO/GPO.cmt b/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/DomainSysvol/GPO/GPO.cmt similarity index 100% rename from Chapter 2 Files/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/DomainSysvol/GPO/GPO.cmt rename to OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/DomainSysvol/GPO/GPO.cmt diff --git a/Chapter 2 Files/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/DomainSysvol/GPO/Machine/Preferences/ScheduledTasks/ScheduledTasks.xml b/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/DomainSysvol/GPO/Machine/Preferences/ScheduledTasks/ScheduledTasks.xml similarity index 100% rename from Chapter 2 Files/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/DomainSysvol/GPO/Machine/Preferences/ScheduledTasks/ScheduledTasks.xml rename to OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/DomainSysvol/GPO/Machine/Preferences/ScheduledTasks/ScheduledTasks.xml diff --git a/Chapter 2 Files/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/bkupInfo.xml b/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/bkupInfo.xml similarity index 100% rename from Chapter 2 Files/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/bkupInfo.xml rename to OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/bkupInfo.xml diff --git a/Chapter 2 Files/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/gpreport.xml b/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/gpreport.xml similarity index 100% rename from Chapter 2 Files/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/gpreport.xml rename to OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/gpreport.xml diff --git a/Chapter 2 Files/GPO Deployment/sysmon_gpo.zip b/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/sysmon_gpo.zip similarity index 100% rename from Chapter 2 Files/GPO Deployment/sysmon_gpo.zip rename to OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/sysmon_gpo.zip diff --git a/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/manifest.xml b/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/manifest.xml similarity index 100% rename from Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/manifest.xml rename to OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/manifest.xml diff --git a/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/Backup.xml b/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/Backup.xml similarity index 100% rename from Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/Backup.xml rename to OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/Backup.xml diff --git a/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/DomainSysvol/GPO/GPO.cmt b/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/DomainSysvol/GPO/GPO.cmt similarity index 100% rename from Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/DomainSysvol/GPO/GPO.cmt rename to OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/DomainSysvol/GPO/GPO.cmt diff --git a/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/DomainSysvol/GPO/Machine/Preferences/ScheduledTasks/ScheduledTasks.xml b/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/DomainSysvol/GPO/Machine/Preferences/ScheduledTasks/ScheduledTasks.xml similarity index 100% rename from Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/DomainSysvol/GPO/Machine/Preferences/ScheduledTasks/ScheduledTasks.xml rename to OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/DomainSysvol/GPO/Machine/Preferences/ScheduledTasks/ScheduledTasks.xml diff --git a/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/bkupInfo.xml b/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/bkupInfo.xml similarity index 100% rename from Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/bkupInfo.xml rename to OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/bkupInfo.xml diff --git a/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/gpreport.xml b/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/gpreport.xml similarity index 100% rename from Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/gpreport.xml rename to OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/gpreport.xml diff --git a/Chapter 2 Files/GPO Deployment/update.bat b/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/update.bat similarity index 100% rename from Chapter 2 Files/GPO Deployment/update.bat rename to OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/update.bat diff --git a/Chapter 2 Files/SCCM Deployment/Install_Sysmon64.ps1 b/OLD_CHAPTERS/Chapter 2 Files/SCCM Deployment/Install_Sysmon64.ps1 similarity index 100% rename from Chapter 2 Files/SCCM Deployment/Install_Sysmon64.ps1 rename to OLD_CHAPTERS/Chapter 2 Files/SCCM Deployment/Install_Sysmon64.ps1 diff --git a/Chapter 2 Files/SCCM Deployment/Uninstall_Sysmon64.ps1 b/OLD_CHAPTERS/Chapter 2 Files/SCCM Deployment/Uninstall_Sysmon64.ps1 similarity index 100% rename from Chapter 2 Files/SCCM Deployment/Uninstall_Sysmon64.ps1 rename to OLD_CHAPTERS/Chapter 2 Files/SCCM Deployment/Uninstall_Sysmon64.ps1 diff --git a/Chapter 3 Files/.gitignore b/OLD_CHAPTERS/Chapter 3 Files/.gitignore similarity index 100% rename from Chapter 3 Files/.gitignore rename to OLD_CHAPTERS/Chapter 3 Files/.gitignore diff --git a/Chapter 3 Files/dashboard_update.sh b/OLD_CHAPTERS/Chapter 3 Files/dashboard_update.sh similarity index 93% rename from Chapter 3 Files/dashboard_update.sh rename to OLD_CHAPTERS/Chapter 3 Files/dashboard_update.sh index 95462440..25b4322a 100644 --- a/Chapter 3 Files/dashboard_update.sh +++ b/OLD_CHAPTERS/Chapter 3 Files/dashboard_update.sh @@ -9,7 +9,7 @@ if [ -r /opt/lme/lme.conf ]; then #reference this file as a source . /opt/lme/lme.conf #check if the version number is equal to the one we want - if [ "$version" == "1.3.0" ]; then + if [ "$version" == "1.3.0" ] || [ "$FRESH_INSTALL" = "true" ]; then echo -e "\e[32m[X]\e[0m Updating from git repo" git -C /opt/lme/ pull #make sure the hostname variable is present diff --git a/Chapter 3 Files/deploy.sh b/OLD_CHAPTERS/Chapter 3 Files/deploy.sh similarity index 96% rename from Chapter 3 Files/deploy.sh rename to OLD_CHAPTERS/Chapter 3 Files/deploy.sh index a1d0ef9f..1cd1980c 100755 --- a/Chapter 3 Files/deploy.sh +++ b/OLD_CHAPTERS/Chapter 3 Files/deploy.sh @@ -152,7 +152,7 @@ function setpasswords() { temp="temp" echo -e "\e[32m[X]\e[0m Waiting for Elasticsearch to be ready" - max_attempts=25 + max_attempts=30 attempt=0 while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' --cacert certs/root-ca.crt --user elastic:${temp} https://127.0.0.1:9200)" != "200" ]]; do printf '.' @@ -442,6 +442,9 @@ function installdocker() { echo -e "\e[32m[X]\e[0m Installing Docker" curl -fsSL https://get.docker.com -o get-docker.sh >/dev/null sh get-docker.sh >/dev/null + echo "Starting docker" + service docker start + sleep 5 } function initdockerswarm() { @@ -454,8 +457,8 @@ function initdockerswarm() { } function pulllme() { - info " Pulling ELK images" - docker compose -f /opt/lme/Chapter\ 3\ Files/docker-compose-stack-live.yml pull + echo "Pulling ELK images" + docker compose -f /opt/lme/Chapter\ 3\ Files/docker-compose-stack-live.yml pull --quiet } function deploylme() { @@ -534,35 +537,39 @@ function pipelineupdate() { } function data_retention() { - #show ext4 disk - DF_OUTPUT="$(df -h -l -t ext4 --output=source,size /var/lib/docker)" + # Show ext4 disk + DF_OUTPUT="$(df -BG -l --output=source,size /var/lib/docker)" - #pull dev name - DISK_DEV="$(echo "$DF_OUTPUT" | grep -Po '[0-9]+G')" + # Pull device name + DISK_DEV="$(echo "$DF_OUTPUT" | awk 'NR==2 {print $1}')" - #pull dev size - DISK_SIZE_ROUND="${DISK_DEV/G/}" + # Pull device size + DISK_SIZE="$(echo "$DF_OUTPUT" | awk 'NR==2 {print $2}' | sed 's/G//')" - #lets do math to get 75% (%80 is low watermark for ES but as curator uses this we want to delete data *before* the disk gets full) - DISK_80=$((DISK_SIZE_ROUND * 80 / 100)) + # Check if DISK_SIZE is empty or not a number + if ! [[ "$DISK_SIZE" =~ ^[0-9]+$ ]]; then + echo -e "\e[31m[!]\e[0m DISK_SIZE not an integer or is empty - exiting." + exit 1 + fi - echo -e "\e[32m[X]\e[0m We think your main disk is $DISK_DEV" + echo -e "\e[32m[X]\e[0m We think your main disk is $DISK_DEV and its size is $DISK_SIZE gigabytes" - if [ "$DISK_80" -lt 30 ]; then - echo -e "\e[31m[!]\e[0m LME Requires 128GB of space usable for log retention - exiting" - exit 1 - elif [ "$DISK_80" -ge 90 ] && [ "$DISK_80" -le 179 ]; then + if [ "$DISK_SIZE" -lt 128 ]; then + echo -e "\e[33m[!]\e[0m Warning: Disk size less than 128GB, recommend a larger disk for production environments. Install continuing..." + sleep 3 RETENTION="30" - elif [ "$DISK_80" -ge 180 ] && [ "$DISK_80" -le 359 ]; then + elif [ "$DISK_SIZE" -ge 128 ] && [ "$DISK_SIZE" -le 179 ]; then + RETENTION="45" + elif [ "$DISK_SIZE" -ge 180 ] && [ "$DISK_SIZE" -le 359 ]; then RETENTION="90" - elif [ "$DISK_80" -ge 360 ] && [ "$DISK_80" -le 539 ]; then + elif [ "$DISK_SIZE" -ge 360 ] && [ "$DISK_SIZE" -le 539 ]; then RETENTION="180" - elif [ "$DISK_80" -ge 540 ] && [ "$DISK_80" -le 719 ]; then + elif [ "$DISK_SIZE" -ge 540 ] && [ "$DISK_SIZE" -le 719 ]; then RETENTION="270" - elif [ "$DISK_80" -ge 720 ]; then + elif [ "$DISK_SIZE" -ge 720 ]; then RETENTION="365" else - echo -e "\e[31m[!]\e[0m Unable to determine retention policy - exiting" + echo -e "\e[31m[!]\e[0m Unable to determine disk size - exiting." exit 1 fi @@ -736,6 +743,7 @@ function fixreadability() { function install() { + export FRESH_INSTALL="true" echo -e "Will execute the following intrusive actions:\n\t- apt update & upgrade\n\t- install docker (please uninstall before proceeding, or indicate skipping the install)\n\t- initialize docker swarm (execute \`sudo docker swarm leave --force\` before proceeding if you are part of a swarm\n\t- automatic os updates via unattened-upgrades\n\t- checkout lme directory to latest version, and throw away local changes)" prompt "Proceed?" @@ -748,10 +756,11 @@ function install() { fi echo -e "\e[32m[X]\e[0m Updating OS software" - apt update && apt upgrade -y + apt-get update + DEBIAN_FRONTEND=noninteractive NEEDRESTART_MODE=a apt-get upgrade -yq echo -e "\e[32m[X]\e[0m Installing prerequisites" - apt install ${REQUIRED_PACKS[*]} -y -q + DEBIAN_FRONTEND=noninteractive NEEDRESTART_MODE=a apt-get install ${REQUIRED_PACKS[*]} -yq if [ -f /var/run/reboot-required ]; then echo -e "\e[31m[!]\e[0m A reboot is required in order to proceed with the install." @@ -880,7 +889,8 @@ function install() { displaycredentials echo -e "If you prefer to set your own elastic user password, then refer to our troubleshooting documentation:" - echo -e "https://github.com/cisagov/LME/blob/main/docs/markdown/reference/troubleshooting.md#changing-elastic-username-password\n\n" + echo -e "https://github.com/cisagov/LME/blob/main/docs/markdown/reference/troubleshooting.md#changing-elastic-username-password\n\n" + return 0 } function displaycredentials() { @@ -1070,6 +1080,8 @@ function upgrade() { elif [ "$version" == $latest ]; then info "You're on the latest version!" + elif [ "$version" > "1.3.0" ]; then + info "There are no upgrades in this version. $latest" else error "Updating directly to LME 1.0 from versions prior to 0.5.1 is not supported. Update to 0.5.1 first." fi @@ -1169,7 +1181,7 @@ then ready "Will install the following packages: ${missing_pkgs[*]}. These are required for LME." sudo apt-get update #confirm install - sudo apt-get --yes install ${missing_pkgs[*]} + sudo DEBIAN_FRONTEND=noninteractive NEEDRESTART_MODE=a apt-get -yq install ${missing_pkgs[*]} fi #Change current working directory so relative filepaths work @@ -1183,6 +1195,7 @@ if [ "$1" == "" ]; then usage elif [ "$1" == "install" ]; then install + exit $? # Exit with the status of the install function elif [ "$1" == "uninstall" ]; then uninstall elif [ "$1" == "upgrade" ]; then diff --git a/Chapter 3 Files/docker-compose-stack.yml b/OLD_CHAPTERS/Chapter 3 Files/docker-compose-stack.yml similarity index 100% rename from Chapter 3 Files/docker-compose-stack.yml rename to OLD_CHAPTERS/Chapter 3 Files/docker-compose-stack.yml diff --git a/Chapter 3 Files/lme_update.sh b/OLD_CHAPTERS/Chapter 3 Files/lme_update.sh similarity index 100% rename from Chapter 3 Files/lme_update.sh rename to OLD_CHAPTERS/Chapter 3 Files/lme_update.sh diff --git a/Chapter 3 Files/logstash.conf b/OLD_CHAPTERS/Chapter 3 Files/logstash.conf similarity index 100% rename from Chapter 3 Files/logstash.conf rename to OLD_CHAPTERS/Chapter 3 Files/logstash.conf diff --git a/Chapter 3 Files/winlog-index-mapping.json b/OLD_CHAPTERS/Chapter 3 Files/winlog-index-mapping.json similarity index 100% rename from Chapter 3 Files/winlog-index-mapping.json rename to OLD_CHAPTERS/Chapter 3 Files/winlog-index-mapping.json diff --git a/Chapter 3 Files/winlogbeat.yml b/OLD_CHAPTERS/Chapter 3 Files/winlogbeat.yml similarity index 100% rename from Chapter 3 Files/winlogbeat.yml rename to OLD_CHAPTERS/Chapter 3 Files/winlogbeat.yml diff --git a/Chapter 4 Files/dashboards/Healthcheckoverview_dashboard.ndjson b/OLD_CHAPTERS/Chapter 4 Files/dashboards/Healthcheckoverview_dashboard.ndjson similarity index 100% rename from Chapter 4 Files/dashboards/Healthcheckoverview_dashboard.ndjson rename to OLD_CHAPTERS/Chapter 4 Files/dashboards/Healthcheckoverview_dashboard.ndjson diff --git a/Chapter 4 Files/dashboards/Readme.md b/OLD_CHAPTERS/Chapter 4 Files/dashboards/Readme.md similarity index 100% rename from Chapter 4 Files/dashboards/Readme.md rename to OLD_CHAPTERS/Chapter 4 Files/dashboards/Readme.md diff --git a/Chapter 4 Files/dashboards/alerting_dashboard.ndjson b/OLD_CHAPTERS/Chapter 4 Files/dashboards/alerting_dashboard.ndjson similarity index 100% rename from Chapter 4 Files/dashboards/alerting_dashboard.ndjson rename to OLD_CHAPTERS/Chapter 4 Files/dashboards/alerting_dashboard.ndjson diff --git a/Chapter 4 Files/dashboards/computer_software_overview.ndjson b/OLD_CHAPTERS/Chapter 4 Files/dashboards/computer_software_overview.ndjson similarity index 100% rename from Chapter 4 Files/dashboards/computer_software_overview.ndjson rename to OLD_CHAPTERS/Chapter 4 Files/dashboards/computer_software_overview.ndjson diff --git a/Chapter 4 Files/dashboards/process_explorer.ndjson b/OLD_CHAPTERS/Chapter 4 Files/dashboards/process_explorer.ndjson similarity index 100% rename from Chapter 4 Files/dashboards/process_explorer.ndjson rename to OLD_CHAPTERS/Chapter 4 Files/dashboards/process_explorer.ndjson diff --git a/Chapter 4 Files/dashboards/security_dashboard_security_log.ndjson b/OLD_CHAPTERS/Chapter 4 Files/dashboards/security_dashboard_security_log.ndjson similarity index 100% rename from Chapter 4 Files/dashboards/security_dashboard_security_log.ndjson rename to OLD_CHAPTERS/Chapter 4 Files/dashboards/security_dashboard_security_log.ndjson diff --git a/Chapter 4 Files/dashboards/sysmon_summary.ndjson b/OLD_CHAPTERS/Chapter 4 Files/dashboards/sysmon_summary.ndjson similarity index 100% rename from Chapter 4 Files/dashboards/sysmon_summary.ndjson rename to OLD_CHAPTERS/Chapter 4 Files/dashboards/sysmon_summary.ndjson diff --git a/Chapter 4 Files/dashboards/user_hr.ndjson b/OLD_CHAPTERS/Chapter 4 Files/dashboards/user_hr.ndjson similarity index 100% rename from Chapter 4 Files/dashboards/user_hr.ndjson rename to OLD_CHAPTERS/Chapter 4 Files/dashboards/user_hr.ndjson diff --git a/Chapter 4 Files/dashboards/user_security.ndjson b/OLD_CHAPTERS/Chapter 4 Files/dashboards/user_security.ndjson similarity index 100% rename from Chapter 4 Files/dashboards/user_security.ndjson rename to OLD_CHAPTERS/Chapter 4 Files/dashboards/user_security.ndjson diff --git a/Chapter 4 Files/export_dashboards.py b/OLD_CHAPTERS/Chapter 4 Files/export_dashboards.py similarity index 100% rename from Chapter 4 Files/export_dashboards.py rename to OLD_CHAPTERS/Chapter 4 Files/export_dashboards.py diff --git a/Chapter 4 Files/requirements.txt b/OLD_CHAPTERS/Chapter 4 Files/requirements.txt similarity index 100% rename from Chapter 4 Files/requirements.txt rename to OLD_CHAPTERS/Chapter 4 Files/requirements.txt diff --git a/OLD_CHAPTERS/README.md b/OLD_CHAPTERS/README.md new file mode 100644 index 00000000..cdcc4d95 --- /dev/null +++ b/OLD_CHAPTERS/README.md @@ -0,0 +1,76 @@ +![N|Solid](/docs/imgs/cisa.png) + +[![Downloads](https://img.shields.io/github/downloads/cisagov/lme/total.svg)]() + +# Logging Made Easy +Initially created by NCSC and now maintained by CISA, Logging Made Easy is a self-install tutorial for small organizations to gain a basic level of centralized security logging for Windows clients and provide functionality to detect attacks. It's the coming together of multiple open software platforms which come at no cost to users, where LME helps the reader integrate them together to produce an end-to-end logging capability. We also provide some pre-made configuration files and scripts, although there is the option to do it on your own. + +Logging Made Easy can: +- Show where administrative commands are being run on enrolled devices +- See who is using which machine +- In conjunction with threat reports, it is possible to query for the presence of an attacker in the form of Tactics, Techniques and Procedures (TTPs) + +## Disclaimer + +**LME is currently still early in development.** + +***If you have an existing install of the LME Alpha (v0.5 or older) some manual intervention will be required in order to upgrade to the latest version, please see [Upgrading](/docs/markdown/maintenance/upgrading.md) for further information.*** + +**This is not a professional tool, and should not be used as a [SIEM](https://en.wikipedia.org/wiki/Security_information_and_event_management).** + +**LME is a 'homebrew' way of gathering logs and querying for attacks.** + +We have done the hard work to make things simple. We will tell you what to download, which configurations to use and have created convenient scripts to auto-configure wherever possible. + +The current architecture is based upon Windows Clients, Microsoft Sysmon, Windows Event Forwarding and the ELK stack. + +We are **not** able to comment on or troubleshoot individual installations. If you believe you have have found an issue with the LME code or documentation please submit a [GitHub issue](https://github.com/cisagov/lme/issues). If you have a question about your installation, please visit [GitHub Discussions](https://github.com/cisagov/lme/discussions) to see if your issue has been addressed before. + +## Who is Logging Made Easy for? + +From single IT administrators with a handful of devices in their network to larger organizations. + +LME is for you if: + +* You donโ€™t have a [SOC](https://en.wikipedia.org/wiki/Information_security_operations_center), SIEM or any monitoring in place at the moment. +* You lack the budget, time or understanding to set up your own logging system. +* You recognize the need to begin gathering logs and monitoring your IT. +* You understand that LME has limitations and is better than nothing - but no match for a professional tool. + +If any, or all, of these criteria fit, then LME is a step in the right direction for you. + +LME could also be useful for: + +* Small isolated networks where corporate monitoring doesnโ€™t reach. + +## Overview +The LME architecture consists of 3 groups of computers, as summarized in the following diagram: +![High level overview](/docs/imgs/OverviewDiagram.png) + +

+Figure 1: The 3 primary groups of computers in the LME architecture, their descriptions and the operating systems / software run by each. +

+ +## Table of contents + +### Installation: + - [Prerequisites - Start deployment here](/docs/markdown/prerequisites.md) + - [Chapter 1 - Set up Windows Event Forwarding](/docs/markdown/chapter1/chapter1.md) + - [Chapter 2 โ€“ Sysmon Install](/docs/markdown/chapter2.md) + - [Chapter 3 โ€“ Database Install](/docs/markdown/chapter3/chapter3.md) + - [Chapter 4 - Post Install Actions ](/docs/markdown/chapter4.md) + +### Logging Guidance + - [Log Retention](/docs/markdown/logging-guidance/retention.md) + - [Additional Log Types](/docs/markdown/logging-guidance/other-logging.md) + +### Reference: + - [FAQ](/docs/markdown/reference/faq.md) + - [Troubleshooting](/docs/markdown/reference/troubleshooting.md) + - [Dashboard Descriptions](/docs/markdown/reference/dashboard-descriptions.md) + - [Guide to Organizational Units](/docs/markdown/chapter1/guide_to_ous.md) + +### Maintenance: + - [Backups](/docs/markdown/maintenance/backups.md) + - [Upgrading](/docs/markdown/maintenance/upgrading.md) + - [Certificates](/docs/markdown/maintenance/certificates.md) diff --git a/README.md b/README.md index 9c89258b..24ed0cfc 100644 --- a/README.md +++ b/README.md @@ -1,75 +1,369 @@ + ![N|Solid](/docs/imgs/cisa.png) [![Downloads](https://img.shields.io/github/downloads/cisagov/lme/total.svg)]() -# Logging Made Easy -Initially created by NCSC and now maintained by CISA, Logging Made Easy is a self-install tutorial for small organizations to gain a basic level of centralized security logging for Windows clients and provide functionality to detect attacks. It's the coming together of multiple free and open software platforms, where LME helps the reader integrate them together to produce an end-to-end logging capability. We also provide some pre-made configuration files and scripts, although there is the option to do it on your own. +# Logging Made Easy: Podmanized + +This will eventually be merged with the Readme file at [LME-README](https://github.com/cisagov/LME). + +## TLDR: +LME will now execute its server stack via systemd through quadlet's. +All the original compose functionality has been implemented and working. + +## Architecture: +Ubuntu 22.04 server running podman containers setup as podman quadlets controlled via systemd. + +### Required Ports: +Ports required are as follows: + - Elasticsearch: *9200* + - Caddy: *443* + - Wazuh: *1514,1515,55000,514* + - Agent: *8220* + + +### Diagram: +A real diagram is coming, for now this poor man's flow chart is all that is available: (Created with [asciiflow](https://asciiflow.com/#/)) + +``` +# +---------------------------------------------------------------------+ +# # | | +# # | LME SERVER | +# # | | +# # | Podman Containers | +# # | | +# # | +-----------+ +-----------+ | +# # ------+------------------->| | | | | +# # +-----------------------------------+ ^ | | Wazuh +-------------+ | Kibana | | +# # | | | | +---------+ | Manager | | | | | +# # | CLIENT MACHINE | | | | | | | | +----+---^--+ | +# # | | | | | Caddy | +-----------+ | | | | +# # | | | | | | +----v-----+ | | | +# # | WINDOWS | | | | | | | | | | +# # | | | | +-----+--^+ +----------+ | Elastic <----+ | | +# # | +-----------------+ | | | | | | | | search | | | +# # | | | | | | | | | Fleet | | +--------+ | +# # | | Elastic Agent +--------+------------+-----+--------+--+---------> | +------^---+ | +# # | +-----------------+ | | | | | | Server | | | +# # | | | | +-v--+-------+ | +---------------+ | +# # | +-----------------+ | | | | LME | +----------+ | +# # | | | | | | | | | +# # | | Wazuh Agent +--------+------------+ | | FrontEnd | | +# # | | | | | | | | +# # | +-----------------+ | | +------------+ | +# # | | | | +# # +``` + +### why podman?: +Podman is more secure (by default) against container escape attacks than Docker. It also is far more debug and programmer friendly for making containers secure. + +### Containers: + - caddy: acts as a reverse proxy for the container architecture: + - routes traffic to the backend services + - hosts lme-front end + - helps access all services behind one pane of glass + - setup: runs `/config/setup/init-setup.sh` based on the configuration of dns defined in `/config/setup/instances.yml`. The script will create a CA, underlying certs for each service, and intialize the admin accounts for elasticsearch(user:`elastic`) and kibana(user:`kibana_system`). + - elasticsearch: runs the database for LME and indexes all logs + - kibana: the front end for querying logs, investigating via dashboards, and managing fleet agents... + - fleet-server: executes a [elastic agent ](https://github.com/elastic/elastic-agent) in fleet-server mode. It coordinates elastic agents to gather logs and status from clients. Configuration is inspired by the [elastic-container](https://github.com/peasead/elastic-container) project. + - Elastic agents provide integrations, have more features than winlogbeat. + - wazuh-manager: runs the wazuh manager so we can deploy and manage wazuh agents. + - Wazuh (open source) gives EDR (Endpoint Detection Response) with security dashboards to cover the security of all of the machines. + - lme-frontend: will host an api and gui that unifies the architecture behind one interface + +### Agents: +Wazuh agents will enable EDR capabilities, while Elastic agents will enable logging capabilities. + + - https://github.com/wazuh/wazuh-agent + - https://github.com/elastic/elastic-agent + +## Installation: + +### **Ubuntu 22.04**: +Important: Change appropriate variables in `$CLONE_DIRECTORY/example.env` Each variable is documented inside `example.env`. You'll want to change the default passwords! + +After changing those variables, you can run the automated install, or do a manual install. + +#### **Automated Install** +You can run this installer to run the total install in ansible. +```bash +sudo apt update && sudo apt install -y ansible +# cd ~/LME-PRIV/lme-2-arch # Or path to your clone of this repo +ansible-playbook install_lme_local.yml +``` +This assumes that you have the repo in `~/LME-PRIV/`. + +If you don't, you can pass the `CLONE_DIRECTORY` variable to the playbook. + +``` +ansible-playbook install_lme_local.yml -e "clone_dir=/path/to/clone/directory" +``` + +This also assumes your user can sudo without a password. If you need to input a password when you sudo, you can run it with the `-K` flag and it will prompt you for a password. + +**NOTE** [this script](/scripts/set_sysctl_limits.sh) is executed via ansible AND will change unprivileged ports to start at 80, to allow caddy to listen on 443 from a user run container. If this is not desired, we will be publishing steps to setup firewall rules using ufw//iptables to manage the firewall on this host at a later time. + +#### **-- End Automated Install** + +#### **Manual Install**( optional if not running ansible install): +``` +export CLONE_DIRECTORY=~/LME-PRIV/lme-2-arch +#systemd will setup nix: +#Old way to setup nix if desired: sh <(curl -L https://nixos.org/nix/install) --daemon +sudo apt install jq uidmap nix-bin nix-setup-systemd + +sudo nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs +sudo nix-channel --update + +# Add user to nix group in /etc/group +sudo usermod -aG nix-users $USER + +#install podman and podman-compose +sudo nix-env -iA nixpkgs.podman + +# Set the path for root and lme-user +#echo 'export PATH=$PATH:$HOME/.nix-profile/bin' >> ~/.bashrc +echo 'export PATH=$PATH:/nix/var/nix/profiles/default/bin' >> ~/.bashrc +sudo sh -c 'echo "export PATH=$PATH:/nix/var/nix/profiles/default/bin" >> /root/.bashrc' + +#to allow 443/80 bind and setup memory/limits +sudo NON_ROOT_USER=$USER $CLONE_DIRECTORY/set_sysctl_limits.sh + +#TODO are these needed? we'll have to see, don't set them for now +#export XDG_CONFIG_HOME="$HOME/.config" +#export XDG_RUNTIME_DIR=/run/user/$(id -u) + +#setup user-generator on systemd: +sudo $CLONE_DIRECTORY/link_latest_podman_quadlet.sh + +#setup loginctl +sudo loginctl enable-linger $USER +``` + +### Configuration + +Configuration is `/config/` + in `setup` find the configuration for certificate generation and password setting. `instances.yml` defines the certificates that will get created. The shellscripts initialize accounts and create certificates, and will run from their respective quadlet definitions `lme-setup-accts` and `lme-setup-certs` respectively. + in `caddy` is the Caddyfile for the reverse proxy. Find more notes on its syntax and configuraiton here: [CADDY DOCS](https://caddyserver.com/docs/caddyfile) + +Quadlet configuration for containers is in: `/quadlet/` + +1. setup `/opt/lme` thats the running directory for lme: +```bash +sudo mkdir -p /opt/lme +sudo chown -R $USER:$USER /opt/lme +cp -r $CLONE_DIRECTORY/config/ /opt/lme/ +cp -r $CLONE_DIRECTORY/quadlet/ /opt/lme/ + +#setup quadlets +mkdir -p ~/.config/containers/ +ln -s /opt/lme/quadlet ~/.config/containers/systemd + +#setup service file +mkdir -p ~/.config/systemd/user +ln -s /opt/lme/quadlet/lme.service ~/.config/systemd/user/ +``` + +#### **--- End Manual Install** + +### After install: + +Confirm setup: +``` +systemctl --user daemon-reload +systemctl --user list-unit-files lme\* +``` + +1. Copy the file `example.env` to the running environment file: +```bash +cp $CLONE_DIRECTORY/example.env /opt/lme/lme-environment.env +``` + +3. Change appropriate variables in `/opt/lme/lme-environment.env` Each variable is documented inside `example.env`. You'll want to change the default passwords! + +## Run: + +### pull and tag all containers: +This will let us maintain the lme container versions using the `LME_LATEST` tag. Whenever we update, we change the local image to point to the newest update, and run `podman auto-update` to update the containers. + +**NOTE TO FUTURE SELVES: NEEDS TO BE `LOCALHOST` TO AVOID REMOTE TAGGING ATTACK** + +```bash +sudo mkdir -p /etc/containers +sudo tee /etc/containers/policy.json < quadlet +1. start the containers with compose +2. podlet generate from the containers created -If any, or all, of these criteria fit, then LME is a step in the right direction for you. +### compose: +running: +```shell +podman-compose up -d +``` -LME could also be useful for: +stopping: +```shell +podman-compose down --remove-orphans -* Small isolated networks where corporate monitoring doesnโ€™t reach. +#only run if you want to remove all volumes: +podman-compose down -v --remove-orphans +``` -## Overview -The LME architecture consists of 3 groups of computers, as summarized in the following diagram: -![High level overview](/docs/imgs/OverviewDiagram.png) +### install/get podlet: +``` +#https://github.com/containers/podlet/releases +wget https://github.com/containers/podlet/releases/download/v0.3.0/podlet-x86_64-unknown-linux-gnu.tar.xz +#add it to path: +cp ./podlet-x86_64-unknown-linux-gnu/podlet .local/bin/ +``` -

-Figure 1: The 3 primary groups of computers in the LME architecture, their descriptions and the operating systems / software run by each. -

+### generate the quadlet files: +[DOCS](https://docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html), [BLOG](https://mo8it.com/blog/quadlet/) -## Table of contents +``` +cd ~/LME-PRIV/quadlet -### Installation: - - [Prerequisites - Start deployment here](/docs/markdown/prerequisites.md) - - [Chapter 1 - Set up Windows Event Forwarding](/docs/markdown/chapter1/chapter1.md) - - [Chapter 2 โ€“ Sysmon Install](/docs/markdown/chapter2.md) - - [Chapter 3 โ€“ Database Install](/docs/markdown/chapter3/chapter3.md) - - [Chapter 4 - Post Install Actions ](/docs/markdown/chapter4.md) +for x in $(podman ps --filter label=io.podman.compose.project=lme-2-arch -a --format "{{.Names}}");do echo $x; podlet generate container $x > $x.container;done +``` -### Logging Guidance - - [Log Retention](/docs/markdown/logging-guidance/retention.md) - - [Additional Log Types](/docs/markdown/logging-guidance/other-logging.md) +### dealing with journalctl logs: +https://unix.stackexchange.com/questions/638432/clear-failed-states-or-all-old-logs-from-systemctl-status-service +``` +#delete all logs: +sudo rm /var/log/journal/$STRING_OF_HEX/user-1000* +``` -### Reference: - - [FAQ](/docs/markdown/reference/faq.md) - - [Troubleshooting](/docs/markdown/reference/troubleshooting.md) - - [Guide to Organizational Units](/docs/markdown/chapter1/guide_to_ous.md) +### debugging commands: +``` +systemctl --user stop lme.service +systemctl --user status lme* +systemctl --user restart lme.service +journalctl --user -u lme-fleet-server.service +systemctl --user status lme* +cp -r $CLONE_DIRECTORY/config/ /opt/lme && cp -r $CLONE_DIRECTORY/quadlet /opt/lme +systemctl --user daemon-reload && systemctl --user list-unit-files lme\* +systemctl --user reset-failed +podman volume rm -a -### Maintenance: - - [Backups](/docs/markdown/maintenance/backups.md) - - [Upgrading](/docs/markdown/maintenance/upgrading.md) - - [Certificates](/docs/markdown/maintenance/certificates.md) +###make sure all ports are free as well: +sudo ss -tulpn +``` diff --git a/config/caddy/Caddyfile b/config/caddy/Caddyfile new file mode 100644 index 00000000..dd3cacfa --- /dev/null +++ b/config/caddy/Caddyfile @@ -0,0 +1,22 @@ +{ + # Global options + admin off # Disable admin API for security + log { + output file /var/log/caddy/access.log + format json + } +} + +:80 { + redir https://{host}{uri} permanent +} + +:443 { + tls /etc/caddy/certs/caddy/caddy.crt /etc/caddy/certs/caddy/caddy.key + reverse_proxy https://lme-kibana:5601 { + transport http { + tls_trusted_ca_certs /etc/caddy/certs/ca/ca.crt + tls_insecure_skip_verify + } + } +} diff --git a/config/containers.txt b/config/containers.txt new file mode 100644 index 00000000..facf6b2e --- /dev/null +++ b/config/containers.txt @@ -0,0 +1,5 @@ +docker.io/caddy:2-alpine +docker.elastic.co/elasticsearch/elasticsearch:8.12.2 +docker.elastic.co/beats/elastic-agent:8.12.2 +docker.elastic.co/kibana/kibana:8.12.2 +docker.io/wazuh/wazuh-manager:4.7.5 diff --git a/config/example.env b/config/example.env new file mode 100644 index 00000000..4a022be9 --- /dev/null +++ b/config/example.env @@ -0,0 +1,95 @@ +# environment file for docker-compose + +#TODO: set this via a script: +#IP of your host machine +IPVAR=127.0.0.1 + +# ElasticSearch settings +######################## + +#TODO: this will be needed for scaling, not needed right now +# the names of the OS nodes +#ES_NODE1=es01 +# uncomment to create a cluster (more nodes can be added also) +# !!! do not forget to also adjust the docker-compose.yml file !!! +# ES_NODE2=es02 + +# Local Kibana URL +LOCAL_KBN_URL=https://127.0.0.1:5601 +# Local ES URL +LOCAL_ES_URL=https://127.0.0.1:9200 + +# Elastic settings +################# + +# Version of Elastic products +STACK_VERSION=8.12.2 +# Testing pre-releases? Use the SNAPSHOT option below: +# STACK_VERSION=8.11.0-SNAPSHOT +# +# Set the cluster name +CLUSTER_NAME=LME + +#User info: +#####TODO: make these podman secrets +ELASTIC_USERNAME=elastic +# Password for the 'elastic' user (at least 6 characters) +ELASTIC_PASSWORD=password1 +#Username used by kibana +ELASTICSEARCH_USERNAME=kibana_system +# Password for the 'kibana_system' user (at least 6 characters) +ELASTICSEARCH_PASSWORD=password1 + +#Fleet: +KIBANA_PASSWORD=password1 +KIBANA_FLEET_USERNAME=elastic +KIBANA_FLEET_PASSWORD=password1 + +#Wazuh: +WAZUH_PASSWORD=MyP@ssw0rd1# +INDEXER_USERNAME=elastic +INDEXER_PASSWORD=password1 +API_USERNAME=wazuh-wui +API_PASSWORD=MyP@ssw0rd1# + +# Set to "basic" or "trial" to automatically start the 30-day trial +LICENSE=basic + +#TODO: support these, right now they're static +# Port to expose Elasticsearch HTTP API to the host +ES_PORT=9200 +#ES_PORT=127.0.0.1:9200 +# Port to expose Kibana to the host +KIBANA_PORT=5601 +# Port to expose Fleet to the host +FLEET_PORT=8220 + +# Increase or decrease based on the available host memory (in bytes) +MEM_LIMIT=2073741824 + + +# Detection Settings: +################# +#TODO: integrate this into the ansible script +# Bulk Enable Detection Rules by OS - change to "1" if you want to enable + +LinuxDR=0 +WindowsDR=0 +MacOSDR=0 + +# Proxy Settings: +# LEAVE BLANK IF NO PROXY! +################# + +# Standard certificate location for ubuntu +#PROXY_CA_LOCATION=/etc/ssl/certs/ca-certificates.crt +# Proxy Server URL +#PROXY_URL= +# IPs and host names you want the proxy to ignore. Typically want all private IP's and Docker network hostnames / IP's ignored +# Example config: +# 127.0.0.1,localhost,10.,172.16.,172.17.,192.168.,*.local,.local,169.254/16,lme-elasticsearch,lme-kibana,lme-fleet-server,lme-wazuh-manager +#PROXY_IGNORE= +#set these as well: +#HTTP_PROXY= +#HTTPS_PROXY= +#NO_PROXY= diff --git a/config/kibana.yml b/config/kibana.yml new file mode 100644 index 00000000..ee77df11 --- /dev/null +++ b/config/kibana.yml @@ -0,0 +1,17 @@ +xpack.encryptedSavedObjects.encryptionKey: "thirty-two-or-more-random-characters" +server.host: "0.0.0.0" +telemetry.enabled: "true" +xpack.fleet.packages: + - name: fleet_server + version: latest + - name: system + version: latest +xpack.fleet.agentPolicies: + - name: Fleet-Server-Policy + id: fleet-server-policy + namespace: default + package_policies: + - name: fleet_server-1 + package: + name: fleet_server + diff --git a/config/setup/acct-init.sh b/config/setup/acct-init.sh new file mode 100644 index 00000000..03792cc7 --- /dev/null +++ b/config/setup/acct-init.sh @@ -0,0 +1,17 @@ +#!/bin/bash +set -euo pipefail + +CONFIG_DIR="/usr/share/elasticsearch/config" +CERTS_DIR="${CONFIG_DIR}/certs" +INSTANCES_PATH="${CONFIG_DIR}/setup/instances.yml" + +if [ ! -f "${CERTS_DIR}/ACCOUNTS_CREATED" ]; then + echo "Waiting for Elasticsearch availability"; + until curl -s --cacert config/certs/ca/ca.crt https://lme-elasticsearch:9200 | grep -q "missing authentication credentials"; do echo "WAITING"; sleep 30; done; + + echo "Setting kibana_system password"; + until curl -s -X POST --cacert config/certs/ca/ca.crt -u elastic:${ELASTIC_PASSWORD} -H "Content-Type: application/json" https://lme-elasticsearch:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 2; done; + + echo "All done!" | tee "${CERTS_DIR}/ACCOUNTS_CREATED" ; +fi +echo "Accounts kibana_system Created!" diff --git a/config/setup/init-setup.sh b/config/setup/init-setup.sh new file mode 100644 index 00000000..41a7b34a --- /dev/null +++ b/config/setup/init-setup.sh @@ -0,0 +1,29 @@ +#!/bin/bash +set -euo pipefail + +if [[ -z "${ELASTIC_PASSWORD:-}" || -z "${KIBANA_PASSWORD:-}" ]]; then + echo "ERROR: ELASTIC_PASSWORD and/or KIBANA_PASSWORD are missing." + exit 1 +fi + +CONFIG_DIR="/usr/share/elasticsearch/config" +CERTS_DIR="${CONFIG_DIR}/certs" +INSTANCES_PATH="${CONFIG_DIR}/setup/instances.yml" + +if [ ! -f "${CERTS_DIR}/ca.zip" ]; then + echo "Creating CA..." + elasticsearch-certutil ca --silent --pem --out "${CERTS_DIR}/ca.zip" + unzip -o "${CERTS_DIR}/ca.zip" -d "${CERTS_DIR}" +fi + +if [ ! -f "${CERTS_DIR}/certs.zip" ]; then + echo "Creating certificates..." + elasticsearch-certutil cert --silent --pem --in "${INSTANCES_PATH}" --out "${CERTS_DIR}/certs.zip" --ca-cert "${CERTS_DIR}/ca/ca.crt" --ca-key "${CERTS_DIR}/ca/ca.key" + unzip -o "${CERTS_DIR}/certs.zip" -d "${CERTS_DIR}" + cat "${CERTS_DIR}/elasticsearch/elasticsearch.crt" "${CERTS_DIR}/ca/ca.crt" > "${CERTS_DIR}/elasticsearch/elasticsearch.chain.pem" +fi + +echo "Setting file permissions..." +chown -R root:root "${CERTS_DIR}" +find "${CERTS_DIR}" -type d -exec chmod 750 {} \; +find "${CERTS_DIR}" -type f -exec chmod 640 {} \; diff --git a/config/setup/instances.yml b/config/setup/instances.yml new file mode 100644 index 00000000..fb45133c --- /dev/null +++ b/config/setup/instances.yml @@ -0,0 +1,51 @@ +# Add host IP address / domain names as needed. + +instances: + - name: "elasticsearch" + dns: + - "lme-elasticsearch" + - "localhost" + ip: + - "127.0.0.1" + + - name: "kibana" + dns: + - "lme-kibana" + - "localhost" + ip: + - "127.0.0.1" + + - name: "fleet-server" + dns: + - "lme-fleet-server" + - "localhost" + ip: + - "127.0.0.1" + + - name: "wazuh-manager" + dns: + - "lme-wazuh-manager" + - "localhost" + ip: + - "127.0.0.1" + + - name: "logstash" + dns: + - "logstash" + - "localhost" + ip: + - "127.0.0.1" + + - name: "curator" + dns: + - "curator" + - "localhost" + ip: + - "127.0.0.1" + + - name: "caddy" + dns: + - "lme-caddy" + - "localhost" + ip: + - "127.0.0.1" diff --git a/config/wazuh_cluster/wazuh_manager.conf b/config/wazuh_cluster/wazuh_manager.conf new file mode 100644 index 00000000..694213da --- /dev/null +++ b/config/wazuh_cluster/wazuh_manager.conf @@ -0,0 +1,385 @@ + + + + + yes + yes + no + no + no + smtp.example.wazuh.com + wazuh@example.wazuh.com + recipient@example.wazuh.com + 12 + alerts.log + 10m + 0 + + + + 3 + 12 + + + + + plain + + + + secure + 1514 + tcp + 131072 + + + + + no + yes + yes + yes + yes + yes + yes + yes + + + 43200 + + etc/rootcheck/rootkit_files.txt + etc/rootcheck/rootkit_trojans.txt + + yes + + + + yes + 1800 + 1d + yes + + wodles/java + wodles/ciscat + + + + + yes + yes + /var/log/osquery/osqueryd.results.log + /etc/osquery/osquery.conf + yes + + + + + no + 1h + yes + yes + yes + yes + yes + yes + yes + + + + 10 + + + + + yes + yes + 12h + yes + + + + yes + 5m + 6h + yes + + + + yes + trusty + xenial + bionic + focal + jammy + 1h + + + + + no + buster + bullseye + bookworm + 1h + + + + + no + 5 + 6 + 7 + 8 + 9 + 1h + + + + + no + amazon-linux + amazon-linux-2 + amazon-linux-2022 + 1h + + + + + no + 11-server + 11-desktop + 12-server + 12-desktop + 15-server + 15-desktop + 1h + + + + + no + 1h + + + + + no + 8 + 9 + 1h + + + + + yes + 1h + + + + + yes + 1h + + + + + + + no + + + 43200 + + yes + + + yes + + + no + + + /etc,/usr/bin,/usr/sbin + /bin,/sbin,/boot + + + /etc/mtab + /etc/hosts.deny + /etc/mail/statistics + /etc/random-seed + /etc/random.seed + /etc/adjtime + /etc/httpd/logs + /etc/utmpx + /etc/wtmpx + /etc/cups/certs + /etc/dumpdates + /etc/svc/volatile + + + .log$|.swp$ + + + /etc/ssl/private.key + + yes + yes + yes + yes + + + 10 + + + 50 + + + + yes + 5m + 10 + + + + + + 127.0.0.1 + ^localhost.localdomain$ + 172.31.0.2 + + + + disable-account + disable-account + yes + + + + restart-wazuh + restart-wazuh + + + + firewall-drop + firewall-drop + yes + + + + host-deny + host-deny + yes + + + + route-null + route-null + yes + + + + win_route-null + route-null.exe + yes + + + + netsh + netsh.exe + yes + + + + + + + command + df -P + 360 + + + + full_command + netstat -tulpn | sed 's/\([[:alnum:]]\+\)\ \+[[:digit:]]\+\ \+[[:digit:]]\+\ \+\(.*\):\([[:digit:]]*\)\ \+\([0-9\.\:\*]\+\).\+\ \([[:digit:]]*\/[[:alnum:]\-]*\).*/\1 \2 == \3 == \4 \5/' | sort -k 4 -g | sed 's/ == \(.*\) ==/:\1/' | sed 1,2d + netstat listening ports + 360 + + + + full_command + last -n 20 + 360 + + + + + ruleset/decoders + ruleset/rules + 0215-policy_rules.xml + etc/lists/audit-keys + etc/lists/amazon/aws-eventnames + etc/lists/security-eventchannel + + + etc/decoders + etc/rules + + + + yes + 1 + 64 + 15m + + + + + no + 1515 + no + yes + no + HIGH:!ADH:!EXP:!MD5:!RC4:!3DES:!CAMELLIA:@STRENGTH + + no + etc/sslmanager.cert + etc/sslmanager.key + no + + + + wazuh + node01 + master + + 1516 + 0.0.0.0 + + NODE_IP + + no + yes + + + + + + + syslog + /var/ossec/logs/active-responses.log + + + + syslog + /var/log/dpkg.log + + + diff --git a/docs/markdown/chapter3/chapter3.md b/docs/markdown/chapter3/chapter3.md index a62ddcc0..c963ca22 100644 --- a/docs/markdown/chapter3/chapter3.md +++ b/docs/markdown/chapter3/chapter3.md @@ -15,7 +15,7 @@ In this chapter you will: This section covers the installation and configuration of the Database and search functionality on a Linux server. We will install the โ€˜ELKโ€™ Stack from Elasticsearch for this portion. What is the ELK Stack? -"ELK" is the acronym for three free and open projects: Elasticsearch, Logstash, and Kibana. Elasticsearch is a search and analytics engine. Logstash is a serverโ€‘side data processing pipeline that ingests data from multiple sources simultaneously, transforms it, and then sends it to a "stash" like Elasticsearch. Kibana lets users visualize data with charts and graphs in Elasticsearch. +"ELK" is the acronym for three open projects which come at no cost to users: Elasticsearch, Logstash, and Kibana. Elasticsearch is a search and analytics engine. Logstash is a serverโ€‘side data processing pipeline that ingests data from multiple sources simultaneously, transforms it, and then sends it to a "stash" like Elasticsearch. Kibana lets users visualize data with charts and graphs in Elasticsearch. ![Elkstack components](/docs/imgs/elkstack.jpg)

diff --git a/docs/markdown/maintenance/upgrading.md b/docs/markdown/maintenance/upgrading.md index 78ac8242..5f48ea70 100644 --- a/docs/markdown/maintenance/upgrading.md +++ b/docs/markdown/maintenance/upgrading.md @@ -6,8 +6,6 @@ Below you can find the upgrade paths that are currently supported and what steps Applying these changes is automated for any new installations. But, if you have an existing installation, you need to conduct some extra steps. **Before performing any of these steps it is advised to take a backup of the current installation using the method described [here](/docs/markdown/maintenance/backups.md).** -To upgrade to the latest version from Release 1.2.0 to Release 1.3.0 [go here](#6-upgrade-from-120-to-130). - ## 1. Finding your LME version (and the components versions) When reporting an issue or suggesting improvements, it is important to include the versions of all the components, where possible. This ensures that the issue has not already been fixed! @@ -26,10 +24,10 @@ When reporting an issue or suggesting improvements, it is important to include t ## 2. Upgrade from versions prior to v0.5 -LME does not support upgrading directly from versions prior to 0.5 to 1.0. Prior to switching to CISA's repo, first upgrade to the latest version of LME published by the NCSC (v0.5.1). Then follow the instructions above to upgrade to v1.0. +LME does not support upgrading directly from versions prior to v0.5 to v1.0. Prior to switching to CISA's repo, first upgrade to the latest version of LME published by the NCSC (v0.5.1). Then follow the instructions above to upgrade to v1.0. -## 3. Upgrade from v0.5 to 1.0.0 +## 3. Upgrade from v0.5 to v1.0.0 Since LME's transition from the NCSC to CISA, the location of the LME repository has changed from `https://github.com/ukncsc/lme` to `https://github.com/cisagov/lme`. To obtain any further updates to LME on the ELK server, you will need to transition to the new git repository. Because vital configuration files are stored within the same folder as the git repo, it's simpler to copy the old LME folder to a different location, clone the new repo, copy the files and folders unique to your system, and then optionally delete the old folder. You can do this by running the following commands: @@ -111,55 +109,40 @@ LME v1.0 made a minor change to the file structure used in the SYSVOL folder, so 3. Is the LME folder inside SYSVOL properly structured? Refer to the checklist listed at the end of chapter 2. 4. Are the events from all clients visible inside elastic? Refer to [4.1.2 Check you are receiving logs](/docs/markdown/chapter4.md#412-check-you-are-receiving-logs). +## 4. Upgrade to v1.3.1 -## 4. Upgrade from 1.0.0 to 1.1.0 -To fetch the latest changes, on the Linux server, run the following commands as root: -``` -cd /opt/lme -git pull -``` +This is a hotfix to the install script and some additional troubleshooting steps added to documentation on space management. Unless you're encountering problems with your current installation, or if your logs are running out of space, there's no need to upgrade to v1.3.1, as it doesn't offer any additional functionality changes. -To manually update the dashboards, see [How to update dashboards](/Chapter%204%20Files/dashboards#how-to-update-dashboards). +## 5. Upgrade to v1.3.2 -Additionally, to fix a potential file permission issue present in v1.0.0, run the following command on the Linux server: -``` -sudo chown -R 1000:1000 /opt/lme/backups -``` +This is a hotfix to address dashboards which failed to load on a fresh install of v1.3.1. If you are currently running v1.3.0, you do not need to upgrade at this time. If you are running versions **before** 1.3.0 or are running v1.3.1, we recommend you upgrade to the latest version. -See [Directory permission issues](/docs/markdown/reference/troubleshooting.md#directory-permission-issues) for more details. +Please refer to the [Upgrading to latest version](/docs/markdown/maintenance/upgrading.md#upgrading-to-latest-version) to apply the hotfix. +## 6. v1.3.3 - Update on data retention failure during LME install -## 5. Upgrade from 1.1.0 to 1.2.0 -To fetch the latest changes, on the Linux server, run the following commands as root: +This is a hotfix to address an error with data retention failure in the deploy.sh script during a fresh LME install. We recommend you upgrade to the latest version if you require disk sizes of 1TB or greater. + +If you've tried to install LME before, then run the following commands as root: ``` +git pull +git checkout main cd /opt/lme/Chapter\ 3\ Files/ sudo ./deploy.sh uninstall -cd /opt/lme -git pull -cd Chapter\ 3\ Files/ -sudo ./deploy.sh install +sudo docker volume rm lme-esdata +sudo docker volume rm lme-logstashdata +sudo ./deploy.sh install ``` -The deploy.sh script should have now created new files on the Linux server at location /opt/lme/files_for_windows.zip . This file needs to be copied across and used on the Windows Event Collector server like it was explained in Chapter 3 sections [3.2.4 & 3.3 ](/docs/markdown/chapter3/chapter3.md#324-download-files-for-windows-event-collector). - -Then reboot your Client computers & Windows Event Collector. On Windows Event Collector open services.msc as an administrator and make sure the winlogbeat service is set to start automatically, and is running. - -## 6. Upgrade from 1.2.0 to 1.3.0 -To fetch the latest changes, run the following commands as root on the Linux server: +## 7. Upgrade to latest version +To fetch the latest changes, on the Linux server, run the following commands as root: ``` +git pull +git checkout main cd /opt/lme/Chapter\ 3\ Files/ sudo ./deploy.sh uninstall -cd /opt/lme -git pull -cd Chapter\ 3\ Files/ sudo ./deploy.sh install ``` The deploy.sh script should have now created new files on the Linux server at location /opt/lme/files_for_windows.zip . This file needs to be copied across and used on the Windows Event Collector server like it was explained in Chapter 3 sections [3.2.4 & 3.3 ](/docs/markdown/chapter3/chapter3.md#324-download-files-for-windows-event-collector). -Then reboot your Client computers & Windows Event Collector. On Windows Event Collector open services.msc as an administrator and make sure the winlogbeat service is set to start automatically, and is running. - - - - - diff --git a/docs/markdown/prerequisites.md b/docs/markdown/prerequisites.md index fc54e515..f34e9ed0 100644 --- a/docs/markdown/prerequisites.md +++ b/docs/markdown/prerequisites.md @@ -29,7 +29,7 @@ Figure 1: High level overview, linking to documentation chapters The portions of this package developed by the United States government are distributed under the Creative Commons 0 ("CC0") license. Portions created by government contractors at the behest of CISA are provided with the explicit grant of right to use, modify, and redistribute the code subject to this statement and the existing license structure. All other portions, including new submissions from all others, are subject to the Apache License, Version 2.0. This project (scripts, documentation, and so on) is licensed under the [Apache License 2.0 and Creative Commons 0](../../LICENSE). -The design uses free and open software, we will maintain a pledge to ensure that no paid software licenses are needed above standard infrastructure costs (With the exception of Windows Operating system Licensing). +The design uses open software which comes at no cost to the user, we will maintain a pledge to ensure that no paid software licenses are needed above standard infrastructure costs (With the exception of Windows Operating system Licensing). You will need to pay for hosting, bandwidth and time; for an estimate of server specs that might be needed see this [blogpost from elasticsearch](https://www.elastic.co/blog/benchmarking-and-sizing-your-elasticsearch-cluster-for-logs-and-metrics). Then use your estimated server specs to determine a price for an on prem or cloud deployment. diff --git a/docs/markdown/reference/dashboard-descriptions.md b/docs/markdown/reference/dashboard-descriptions.md new file mode 100644 index 00000000..0848b9a5 --- /dev/null +++ b/docs/markdown/reference/dashboard-descriptions.md @@ -0,0 +1,40 @@ +# Dashboard Descriptions + +## Purpose +Logging Made Easy (LME) releases new dashboards on GitHub periodically. Here are the dashboard descriptions. + +## User Human Resources + +The User Human Resources Dashboard provides a comprehensive overview of network activity and displays domains, users, workstations, activity times and days of the week. It includes details on general logon events, logoff events and distinguishes between in-person and remote logons. Analogous to a security guard monitoring a camera, the dashboard facilitates network monitoring by revealing overall network traffic, user locations, peak hours and the ratio of remote-to-in-person logons. Users can filter and analyze individual or specific computer activity logs. + +## Computer Software Overview + +The Computer Software Overview Dashboard displays application usage on host computers, logging events for application failures, hangs and external connection attempts. Monitoring application usage is crucial for assessing network health, as frequent crashes may indicate larger issues, and applications making frequent external requests could signal malicious activity. + +## Security Log + +The Security Log Dashboard actively presents forwarded security log events, tallies failed logon attempts, identifies computers with failed logon events, specifies reasons for failed logons and distinguishes types of logons and reports on credential status (clear text or cached). It also discloses whether the event log or Windows Security audit log is cleared, highlights user account changes and notes the assignment of special privileges to a logon session. Users can quickly detect unusual events, prompting further investigation and remediation actions. + +## Process Explorer + +The Process Explorer Dashboard thoroughly monitors networks, tracks processes, users, processes per user, files, filenames in the download directory, Sysmon process creation and registry events. It offers user-friendly filtering for process names and process identifiers or PIDโ€™s. The download directory is often targeted for initial malware installations due to lenient write privileges. This dashboard investigates unusual registry changes and closely examine spikes in processes created by specific users, as these could indicate potential malicious activity. + +## Sysmon Summary + +The Sysmon Summary Dashboard highlights Sysmon events and features event count, event types, the percentage breakdown by event code and top hosts generating Sysmon data. Vigilance towards any deviations or shifts in activity levels helps administrators to promptly identify both desired and undesired activities. + +## User Security + +The User Security Dashboard provides a comprehensive view of network activity and showcases logon attempts, user logon/logoff events, logged-on computers and detailed network connections by country and protocol. Additionally, it highlights critical information such as PowerShell events, references to temporary files and Windows Defender alerts for malware detection and actions taken. The dashboard supports effective monitoring by allowing users to filter events based on users, domains and hosts. Understanding the nature and origin of network connections is vital, and the dashboard facilitates the identification of suspicious activities, enabling operators to target their inquiries for enhanced network health assessment. + +## Alert + +The Alert Dashboard enables users to define rules that detect complex conditions within networks/environments. It also uses trigger actions in case of suspicious activities. These alerts contain pre-built rules that detects suspicious activities. There are options that schedule how these suspicious activities are detected and actions taken when these conditions are detected. + +## Healthcheck + +The HealthCheck Dashboard gives users the ability to view different processes such as unexpected shutdowns, events by each machine, total hosts and total number of logged in admins with data that is based on a selected date range. Users can verify the health of their system by observing events such as if there are more admin users than expected or if an unexpected shutdown occurs. + + + +For more information or to seek additional help, [Click Here](https://github.com/cisagov/LME) diff --git a/docs/markdown/reference/troubleshooting.md b/docs/markdown/reference/troubleshooting.md index 45c597ac..140d9d87 100644 --- a/docs/markdown/reference/troubleshooting.md +++ b/docs/markdown/reference/troubleshooting.md @@ -327,3 +327,62 @@ sudo curl -X POST "https://127.0.0.1:9200/_security/user/elastic/_password" -H " Replace 'currentpassword' with your current password and 'newpassword' with the password you would like to change it to. Utilize environment variables in place of currentpassword and newpassword to avoid saving your password to console history. If not we recommend you clear your history after changing the password with ```history -c``` + +## Index Management + +If you are having issues with your hard disk filling up too fast you can use these steps to delete logs earlier than your current settings. + +1. **Log in to Elastic** + - Access the Elastic platform and log in with your credentials. + +2. **Navigate to Management Section** + - In the main menu, scroll down to "Management." + +3. **Access Stack Management** + - Within the Management section, select "Stack Management." + +4. **Select Index Lifecycle Policies** + - In Stack Management, find and choose "Index Lifecycle Policies." + +5. **Choose the Relevant ILM Policy** + - From the list, select `lme_ilm_policy` for editing. + +6. **Adjust the Hot Phase Settings** + - Navigate to the 'Hot Phase' section. + - Expand 'Advanced settings'. + - Uncheck "Use recommended defaults." + - Change the "Maximum age" setting to match your desired delete phase duration. + + > **Note:** Aligning the maximum age in the hot phase with the delete phase ensures consistency in data retention. + +7. **Adjust the Delete Phase Settings** + - Scroll to the 'Delete Phase' section. + - Find and adjust the "Move data into phase when:" setting. + - Ensure the delete phase duration matches the maximum age set in the hot phase. + + > **Note:** This setting determines the deletion timing of your logs. Ensure to back up necessary data before changes. + +8. **Save Changes** + - Save the adjustments you've made. + +9. **Verify the Changes** + - Review and ensure that the changes are functioning as intended. Indices may not delete immediately - allow time for job to run. + +10. **Document the Changes** + - Record the modifications for future reference. + +You can also manually delete an index from the GUI under Management > Index Managment or by using the following command: + +``` +curl -X DELETE "https://127.0.0.1:9200/your_index_name" -H "Content-Type: application/json" --cacert /opt/lme/Chapter\ 3\ Files/certs/root-ca.crt -u elastic:yourpassword +``` +> **Note:** Ensure this is not your current winlogbeat index in use. You should only delete indices that have already rolled over. i.e. if you have index winlogbeat-00001 and winlogbeat-00002 do NOT delete winlogbeat-00002. + +If you only have one index you can manually force a rollover with the following command: + +``` +curl -X POST "https://127.0.0.1:9200/winlogbeat-alias/_rollover" -H "Content-Type: application/json" --cacert /opt/lme/Chapter\ 3\ Files/certs/root-ca.crt -u elastic:yourpassword +``` + +This will rollover winlogbeat-00001 and create winlogbeat-00002. You can now manually delete 00001. + diff --git a/quadlet/lme-caddy.container b/quadlet/lme-caddy.container new file mode 100644 index 00000000..822fb08a --- /dev/null +++ b/quadlet/lme-caddy.container @@ -0,0 +1,22 @@ +# lme-caddy.container +[Unit] +Description=Caddy Container +Requires=lme-setup-certs.service +After=lme-setup-certs.service +PartOf=lme.service + +[Install] +WantedBy=default.target lme.service + +[Service] +Restart=always + +[Container] +ContainerName=lme-caddy +Image=localhost/caddy:LME_LATEST +Network=lme +PodmanArgs=--network-alias lme-caddy +PublishPort=80:80 +PublishPort=443:443 +Volume=/opt/lme/config/caddy:/etc/caddy/ +Volume=lme_certs:/etc/caddy/certs diff --git a/quadlet/lme-elasticsearch.container b/quadlet/lme-elasticsearch.container new file mode 100644 index 00000000..31b66689 --- /dev/null +++ b/quadlet/lme-elasticsearch.container @@ -0,0 +1,28 @@ +# lme-elasticsearch.container +[Unit] +Description=Elasticsearch Container Service +Requires=lme-network.service lme-setup-certs.service +After=lme-network.service lme-setup-certs.service +PartOf=lme.service + +[Service] +Restart=always + +[Install] +WantedBy=default.target lme.service + +[Container] +ContainerName=lme-elasticsearch +#TODO: set discovery mode/cluster.name via environment +Environment=node.name=lme-elasticsearch cluster.name=LME bootstrap.memory_lock=true discovery.type=single-node xpack.security.enabled=true xpack.security.http.ssl.enabled=true xpack.security.http.ssl.key=certs/elasticsearch/elasticsearch.key xpack.security.http.ssl.certificate=certs/elasticsearch/elasticsearch.chain.pem xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt xpack.security.http.ssl.verification_mode=certificate xpack.security.http.ssl.client_authentication=optional xpack.security.transport.ssl.enabled=true xpack.security.transport.ssl.key=certs/elasticsearch/elasticsearch.key xpack.security.transport.ssl.certificate=certs/elasticsearch/elasticsearch.crt xpack.security.transport.ssl.certificate_authorities=certs/ca/ca.crt xpack.security.transport.ssl.verification_mode=certificate xpack.security.transport.ssl.client_authentication=optional xpack.license.self_generated.type=basic +#TODO: set password in here via script AND load via credential +EnvironmentFile=/opt/lme/lme-environment.env +Image=localhost/elasticsearch:LME_LATEST +Network=lme +PodmanArgs=--memory 8gb --network-alias lme-elasticsearch --health-interval=2s +PublishPort=9200:9200 +Ulimit=memlock=-1:-1 +Volume=lme_certs:/usr/share/elasticsearch/config/certs +Volume=lme_esdata01:/usr/share/elasticsearch/data +Notify=healthy +HealthCmd=CMD-SHELL curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials' diff --git a/quadlet/lme-fleet-server.container b/quadlet/lme-fleet-server.container new file mode 100644 index 00000000..b28761af --- /dev/null +++ b/quadlet/lme-fleet-server.container @@ -0,0 +1,25 @@ +# lme-fleet-server.container +[Unit] +Description=Fleet Container Service +Requires=lme-elasticsearch.service lme-kibana.service +After=lme-elasticsearch.service lme-kibana.service +PartOf=lme.service + +[Service] +Restart=always + +[Install] +WantedBy=default.target lme.service + +[Container] +ContainerName=lme-fleet-server +Environment=FLEET_ENROLL=1 FLEET_SERVER_POLICY_ID=fleet-server-policy FLEET_SERVER_ENABLE=1 KIBANA_FLEET_SETUP=1 KIBANA_HOST=https://lme-kibana:5601 FLEET_URL=https://lme-fleet-server:8220 FLEET_SERVER_ELASTICSEARCH_HOST=https://lme-elasticsearch:9200 FLEET_CA=/certs/ca/ca.crt FLEET_SERVER_CERT=/certs/fleet-server/fleet-server.crt FLEET_SERVER_CERT_KEY=/certs/fleet-server/fleet-server.key FLEET_SERVER_ELASTICSEARCH_CA=/certs/ca/ca.crt KIBANA_FLEET_CA=/certs/ca/ca.crt NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-certificates.crt +#TODO: set password in here via script AND load via credential +EnvironmentFile=/opt/lme/lme-environment.env +Image=localhost/elastic-agent:LME_LATEST +Network=lme +HostName=lme-fleet-server +PodmanArgs=--network-alias lme-fleet-server --requires 'lme-elasticsearch,lme-kibana' +PublishPort=8220:8220 +User=root +Volume=lme_certs:/certs:z diff --git a/quadlet/lme-kibana.container b/quadlet/lme-kibana.container new file mode 100644 index 00000000..2267c5d1 --- /dev/null +++ b/quadlet/lme-kibana.container @@ -0,0 +1,29 @@ +# lme-kibana.container +[Unit] +Description=Kibana Container Service +Requires=lme-setup-accts.service lme-elasticsearch.service +After=lme-setup-accts.service lme-elasticsearch.service +PartOf=lme.service + +[Install] +WantedBy=default.target lme.service + +[Service] +Restart=always +TimeoutStartSec=900 #5 minutes, kibana can be slow + +[Container] +ContainerName=lme-kibana +Environment=SERVER_NAME=lme-kibana ELASTICSEARCH_HOSTS=https://lme-elasticsearch:9200 ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt SERVER_SSL_ENABLED=true SERVER_SSL_CERTIFICATE=config/certs/kibana/kibana.crt SERVER_SSL_KEY=config/certs/kibana/kibana.key SERVER_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-certificates.crt NODE_OPTIONS=--max-old-space-size=4096 +#TODO: set password in here via script AND load via credential +EnvironmentFile=/opt/lme/lme-environment.env +Image=localhost/kibana:LME_LATEST +Network=lme +PodmanArgs=--memory 4gb --network-alias lme-kibana --requires lme-elasticsearch --health-interval=2s +#PublishPort=5601:5601 +Volume=lme_certs:/usr/share/kibana/config/certs:z +Volume=lme_kibanadata:/usr/share/kibana/data +Volume=/opt/lme/config/kibana.yml:/usr/share/kibana/config/kibana.yml:Z +Volume=/etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro +HealthCmd=CMD-SHELL curl -I -s --cacert config/certs/ca/ca.crt https://localhost:5601 | grep -q 'HTTP/1.1 302 Found' +Notify=healthy diff --git a/quadlet/lme-setup-accts.container b/quadlet/lme-setup-accts.container new file mode 100644 index 00000000..33f536b2 --- /dev/null +++ b/quadlet/lme-setup-accts.container @@ -0,0 +1,24 @@ +# lme-elasticsearch-security-setup.container +[Unit] +Requires=lme-network.service lme-setup-certs.service +After=lme-network.service lme-setup-certs.service +PartOf=lme.service + +[Service] +Type=oneshot +RemainAfterExit=yes + +[Install] +WantedBy=default.target + +[Container] +ContainerName=lme-setup-accts +EnvironmentFile=/opt/lme/lme-environment.env +Exec=/bin/bash /usr/share/elasticsearch/config/setup/acct-init.sh +Image=localhost/elasticsearch:LME_LATEST +Network=lme +PodmanArgs=--network-alias lme-setup --health-interval=2s +User=0 +Volume=lme_certs:/usr/share/elasticsearch/config/certs +Volume=/opt/lme/config/setup:/usr/share/elasticsearch/config/setup + diff --git a/quadlet/lme-setup-certs.container b/quadlet/lme-setup-certs.container new file mode 100644 index 00000000..3c03e726 --- /dev/null +++ b/quadlet/lme-setup-certs.container @@ -0,0 +1,24 @@ +# lme-elasticsearch-security-setup.container +[Unit] +Requires=lme-network.service +After=lme.service lme-network.service +PartOf=lme.service + +[Service] +Type=oneshot +RemainAfterExit=yes + +[Install] +WantedBy=default.target lme.service + +[Container] +ContainerName=lme-setup-certs +EnvironmentFile=/opt/lme/lme-environment.env +Exec=/bin/bash /usr/share/elasticsearch/config/setup/init-setup.sh +Image=localhost/elasticsearch:LME_LATEST +Network=lme +PodmanArgs=--network-alias lme-setup --health-interval=2s +User=0 +Volume=lme_certs:/usr/share/elasticsearch/config/certs +Volume=/opt/lme/config/setup:/usr/share/elasticsearch/config/setup + diff --git a/quadlet/lme-wazuh-manager.container b/quadlet/lme-wazuh-manager.container new file mode 100644 index 00000000..14263d5c --- /dev/null +++ b/quadlet/lme-wazuh-manager.container @@ -0,0 +1,47 @@ +# lme-wazuh-manager.container +[Unit] +Description=Wazuh Container Service +After=lme-elasticsearch.service lme-kibana.service +Requires=lme-elasticsearch.service +PartOf=lme.service + +[Service] +Restart=always +LimitNOFILE=655360 + + +[Install] +WantedBy=default.target lme.service + +[Container] +ContainerName=lme-wazuh-manager +Environment=INDEXER_URL=https://lme-elasticsearch:9200 FILEBEAT_SSL_VERIFICATION_MODE=full SSL_CERTIFICATE_AUTHORITIES=/etc/wazuh-manager/certs/ca/ca.crt SSL_CERTIFICATE=/etc/wazuh-manager/certs/wazuh-manager/wazuh-manager.crt SSL_KEY=/etc/wazuh-manager/certs/wazuh-manager/wazuh-manager.key +#TODO: set password in here via script AND load via credential +EnvironmentFile=/opt/lme/lme-environment.env +HostName=wazuh-manager +Image=localhost/wazuh-manager:LME_LATEST +Network=lme +PodmanArgs=--network-alias lme-wazuh-manager +PublishPort=1514:1514 +PublishPort=1515:1515 +PublishPort=514:514/udp +PublishPort=55000:55000 +Ulimit=memlock=-1:-1 +#Set above, leaving here for posterity, systemctl doesn't allow containers to set ulimits +#Ulimit=nofile=655360:655360 +Volume=lme_wazuh_api_configuration:/var/ossec/api/configuration +Volume=lme_wazuh_etc:/var/ossec/etc +Volume=lme_wazuh_logs:/var/ossec/logs +Volume=lme_wazuh_queue:/var/ossec/queue +Volume=lme_wazuh_logs:/var/ossec/logs +Volume=lme_wazuh_var_multigroups:/var/ossec/var/multigroups +Volume=lme_wazuh_integrations:/var/ossec/integrations +Volume=lme_wazuh_active_response:/var/ossec/active-response/bin +Volume=lme_wazuh_agentless:/var/ossec/agentless +Volume=lme_wazuh_wodles:/var/ossec/wodles +Volume=lme_filebeat_etc:/etc/filebeat +Volume=lme_filebeat_var:/var/lib/filebeat +Volume=/opt/lme/config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ossec.conf +Volume=lme_certs:/etc/wazuh-manager/certs:ro +Volume=/etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro + diff --git a/quadlet/lme.network b/quadlet/lme.network new file mode 100644 index 00000000..12780e02 --- /dev/null +++ b/quadlet/lme.network @@ -0,0 +1,7 @@ +# lme.network +[Network] +Driver=bridge +Gateway=10.89.4.1 +IPAMDriver=host-local +NetworkName=lme +Subnet=10.89.4.0/24 diff --git a/quadlet/lme.service b/quadlet/lme.service new file mode 100644 index 00000000..aa44c424 --- /dev/null +++ b/quadlet/lme.service @@ -0,0 +1,16 @@ +[Unit] +Description=LME service orchestrator runs all the service files + +[Install] +WantedBy=default.target + +[Service] +# Exits after it starts the service +Type=oneshot +# Execute dummy program +ExecStart=/bin/true +# This service shall be considered active after start +RemainAfterExit=yes + + + diff --git a/scripts/download.sh b/scripts/download.sh new file mode 100755 index 00000000..416cecb5 --- /dev/null +++ b/scripts/download.sh @@ -0,0 +1,36 @@ +#!/usr/bin/env bash +source .env +USER=elastic +PASSWORD=${ELASTIC_PASSWORD_ESCAPED} +PROTO=https +REMOTE=10.20.0.174:9200 + +#TODO: make this a cli flag +#------------ edit this----------- +#assumes files are INDEX_mapping.json + INDEX.json +# mapping + logs +DIR=/data/logs/ +INDICES=$(ls ${DIR} | cut -f -3 -d '.' | grep -v "_mapping"| grep -v "template"| sort | uniq) +#INDICES=$("elastalert_status" "elastalert_status_error" "elastalert_status_past" "elastalert_status_silence" "elastalert_status") + + +#------------ edit this ----------- + +echo -e "\n\ncheck \`podman logs -f CONTAINER_NAME\` for verbose output\n\n" +echo -e "\n--Uploading: --\n" +for x in ${INDICES}; +do + echo "podman runs for $x:" + podman run -it -d -v ${DIR}${x}_mapping.json:/tmp/data.json -e NODE_TLS_REJECT_UNAUTHORIZED=0 --userns="" --network=host elasticdump/elasticsearch-dump --output=/tmp/data.json --input=${PROTO}://${USER}:${PASSWORD}@localhost:9200/${x} --type=mapping + + podman run -v ${DIR}${x}:/tmp/ -e NODE_TLS_REJECT_UNAUTHORIZED=0 --userns="" --network=host --rm -ti elasticdump/elasticsearch-dump --input=http://${REMOTE}/${x} --output=/tmp/${x}.json --limit 5000 + echo "" +done + +## cleanup: +echo "--to cleanup when done:--" +echo "podman ps -a --format \"{{.Image}} {{.Names}}\" | grep -i "elasticdump" | awk \'{print $2}\' | xargs podman rm" + +tot=$(wc -l $(ls ${DIR} | grep -v "_mapping" | xargs -I{} echo ${DIR}{})) +echo -e "\n--Expected Log #:\n $tot--" + diff --git a/scripts/gen_cert.sh b/scripts/gen_cert.sh new file mode 100755 index 00000000..bec3fb8d --- /dev/null +++ b/scripts/gen_cert.sh @@ -0,0 +1,29 @@ +#!/usr/bin/env bash +source .env + +#set via cli arg +CERT_DIR=${1:-caddy/certs} + +## generate CA: +echo "creating CA CRT" +export CERT_STRING='/C=US/ST=DC/L=Washington/O=CISA' +openssl genrsa -out ${CERT_DIR}/root-ca.key 4096 +openssl req -new -key ${CERT_DIR}/root-ca.key -out ${CERT_DIR}/root-ca.csr -sha256 -subj "$CERT_STRING/CN=LME" +openssl x509 -req -days 3650 -in ${CERT_DIR}/root-ca.csr -signkey ${CERT_DIR}/root-ca.key -sha256 -out ${CERT_DIR}/root-ca.crt + +echo "creating caddy CRT" +openssl genrsa -out ${CERT_DIR}/caddy.key 4096 +openssl req -new -key ${CERT_DIR}/caddy.key -out ${CERT_DIR}/caddy.csr -sha256 -subj "$CERT_STRING/CN=caddy" + +#set openssl so that this cert can only perform server auth and cannot sign certs +{ + echo "[server]" + echo "authorityKeyIdentifier=keyid,issuer" + echo "basicConstraints = critical,CA:FALSE" + echo "extendedKeyUsage=serverAuth,clientAuth" + echo "keyUsage = critical, digitalSignature, keyEncipherment" + #echo "subjectAltName = DNS:elasticsearch, IP:127.0.0.1" + echo "subjectAltName = DNS:ls1, IP:127.0.0.1" + echo "subjectKeyIdentifier=hash" +} >${CERT_DIR}/caddy.cnf +openssl x509 -req -days 3650 -in ${CERT_DIR}/caddy.csr -sha256 -CA ${CERT_DIR}/root-ca.crt -CAkey ${CERT_DIR}/root-ca.key -CAcreateserial -out ${CERT_DIR}/caddy.crt -extfile ${CERT_DIR}/caddy.cnf -extensions server diff --git a/scripts/install_lme_local.yml b/scripts/install_lme_local.yml new file mode 100644 index 00000000..17f0461d --- /dev/null +++ b/scripts/install_lme_local.yml @@ -0,0 +1,216 @@ +--- +- name: Install LME on localhost + hosts: localhost + connection: local + become: no # Default to no privilege escalation + vars: + clone_directory: "{{ clone_dir | default('~/LME') }}" + install_user: "{{ ansible_user_id }}" + + tasks: + - name: Expand clone_directory path + set_fact: + clone_directory: "{{ clone_directory | expanduser }}" + + - name: Ensure /opt/lme directory exists + file: + path: /opt/lme + state: directory + owner: "{{ install_user }}" + group: "{{ install_user }}" + mode: '0700' + become: yes + + - name: Check if lme-environment.env exists + stat: + path: "{{ clone_directory }}/config/lme-environment.env" + register: env_file + + - name: Fail if lme-environment.env doesn't exist + fail: + msg: "lme-environment.env file not found in {{ clone_directory }}/config/. Please copy example.env to lme-environment.env in the config directory and edit it before running this playbook." + when: not env_file.stat.exists + + - name: Move lme-environment.env to /opt/lme + command: "mv {{ clone_directory }}/config/lme-environment.env /opt/lme/lme-environment.env" + become: yes + + - name: Set correct permissions for lme-environment.env + file: + path: /opt/lme/lme-environment.env + owner: "{{ install_user }}" + group: "{{ install_user }}" + mode: '0600' + become: yes + + - name: Check sudo setup + command: sudo -n true + register: sudo_check + ignore_errors: yes + changed_when: false + + - name: Display sudo information + debug: + msg: "{{ 'Passwordless sudo is available.' if sudo_check.rc == 0 else 'Sudo will require a password for privileged operations.' }}" + + - name: Ensure sudo access + command: sudo -n true + changed_when: false + + - name: Update apt cache + apt: + update_cache: yes + become: yes + + - name: Install required packages + apt: + name: + - jq + - uidmap + - nix-bin + - nix-setup-systemd + state: present + become: yes + + - name: Add Nix channel + command: nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs + become: yes + + - name: Update Nix channel + command: nix-channel --update + become: yes + + - name: Add user to nix-users group + user: + name: "{{ install_user }}" + groups: nix-users + append: yes + become: yes + + - name: Restart Nix daemon + command: systemctl restart nix-daemon + become: yes + + - name: Update PATH for Ansible execution + set_fact: + ansible_env: "{{ ansible_env | combine({'PATH': ansible_env.PATH ~ ':/nix/var/nix/profiles/default/bin'}) }}" + + - name: Install Podman using Nix + command: nix-env -iA nixpkgs.podman + become: yes + environment: + PATH: "{{ ansible_env.PATH }}" + + - name: Update PATH in user's bashrc + lineinfile: + path: "~/.bashrc" + line: 'export PATH=$PATH:/nix/var/nix/profiles/default/bin' + create: yes + + - name: Update PATH in root's bashrc + lineinfile: + path: "/root/.bashrc" + line: 'export PATH=$PATH:/nix/var/nix/profiles/default/bin' + create: yes + become: yes + + - name: Set sysctl limits + command: "{{ clone_directory }}/scripts/set_sysctl_limits.sh" + environment: + NON_ROOT_USER: "{{ install_user }}" + become: yes + + - name: Link latest podman quadlet + command: "{{ clone_directory }}/scripts/link_latest_podman_quadlet.sh" + become: yes + + - name: Enable linger for user + command: "loginctl enable-linger {{ install_user }}" + become: yes + + - name: Copy config files + copy: + src: "{{ clone_directory }}/config/" + dest: /opt/lme/config/ + owner: "{{ install_user }}" + group: "{{ install_user }}" + mode: '0644' + become: yes + + - name: Copy quadlet files + copy: + src: "{{ clone_directory }}/quadlet/" + dest: /opt/lme/quadlet/ + owner: "{{ install_user }}" + group: "{{ install_user }}" + mode: '0644' + become: yes + + - name: Create containers config directory + file: + path: "~/.config/containers" + state: directory + + - name: Link quadlet to systemd + file: + src: /opt/lme/quadlet + dest: "~/.config/containers/systemd" + state: link + + - name: Create systemd user directory + file: + path: "~/.config/systemd/user" + state: directory + + - name: Link lme.service + file: + src: /opt/lme/quadlet/lme.service + dest: "~/.config/systemd/user/lme.service" + state: link + + - name: Reload systemd daemon + systemd: + daemon_reload: yes + scope: user + + - name: Create containers directory + file: + path: /etc/containers + state: directory + become: yes + + - name: Create policy.json + copy: + content: | + { + "default": [ + { + "type": "insecureAcceptAnything" + } + ] + } + dest: /etc/containers/policy.json + become: yes + + - name: Pull containers + command: "podman pull {{ item }}" + loop: "{{ lookup('file', clone_directory + '/config/containers.txt').splitlines() }}" + environment: + PATH: "{{ ansible_env.PATH }}" + + - name: Tag containers + command: "podman image tag {{ item }} {{ item.split('/')[-1].split(':')[0] }}:LME_LATEST" + loop: "{{ lookup('file', clone_directory + '/config/containers.txt').splitlines() }}" + environment: + PATH: "{{ ansible_env.PATH }}" + + - name: Reload systemd daemon (user) + systemd: + daemon_reload: yes + scope: user + + - name: Start LME service + systemd: + name: lme.service + state: started + scope: user \ No newline at end of file diff --git a/scripts/link_latest_podman_quadlet.sh b/scripts/link_latest_podman_quadlet.sh new file mode 100755 index 00000000..e8050730 --- /dev/null +++ b/scripts/link_latest_podman_quadlet.sh @@ -0,0 +1,29 @@ +#!/bin/bash + +# Find the latest podman version in the Nix store +latest_podman=$(find /nix/store -maxdepth 1 -name '*-podman-*' | + sed -n 's/.*-podman-\([0-9.]*\)$/\1/p' | + sort -V | + tail -n1) + +if [ -n "$latest_podman" ]; then + # Find the full path of the latest version + podman_path=$(find /nix/store -maxdepth 1 -name "*-podman-${latest_podman}") + + # Assign the result to a variable + LATEST_PODMAN_PATH="$podman_path" + + echo "Latest Podman version found: $latest_podman" + echo "Path: $LATEST_PODMAN_PATH" +else + echo "No Podman installation found in the Nix store." +fi + + +sudo ln -sf "$LATEST_PODMAN_PATH/lib/systemd/system-generators/podman-system-generator" /usr/lib/systemd/system-generators/podman-system-generator +sudo ln -sf "$LATEST_PODMAN_PATH/lib/systemd/user-generators/podman-user-generator" /usr/lib/systemd/user-generators/ +sudo ln -sf -t /usr/lib/systemd/system/ /nix/store/$LATEST_PODMAN_PATH/lib/systemd/system/* +sudo ln -sf -t /usr/lib/systemd/user/ /nix/store/$LATEST_PODMAN_PATH/lib/systemd/user/* + +echo "Linked the files in systemd" + diff --git a/scripts/set-fleet.sh b/scripts/set-fleet.sh new file mode 100755 index 00000000..a32528a1 --- /dev/null +++ b/scripts/set-fleet.sh @@ -0,0 +1,22 @@ +#!/bin/env bash + +HEADERS=( + -H "kbn-version: 8.12.2" + -H "kbn-xsrf: kibana" + -H 'Content-Type: application/json' +) + +set_fleet_values() { + fingerprint=$(podman exec -w /usr/share/elasticsearch/config/certs/ca lme-elasticsearch cat ca.crt | openssl x509 -nout -fingerprint -sha256 | cut -d "=" -f 2| tr -d : | head -n1) + printf '{"fleet_server_hosts": ["%s"]}' "https://${IPVAR}:${FLEET_PORT}" | curl -k --silent --user "${ELASTIC_USERNAME}:${ELASTICSEARCH_PASSWORD}" -XPUT "${HEADERS[@]}" "${LOCAL_KBN_URL}/api/fleet/settings" -d @- | jq + printf '{"hosts": ["%s"]}' "https://${IPVAR}:9200" | curl -k --silent --user "${ELASTIC_USERNAME}:${ELASTICSEARCH_PASSWORD}" -XPUT "${HEADERS[@]}" "${LOCAL_KBN_URL}/api/fleet/outputs/fleet-default-output" -d @- | jq + printf '{"ca_trusted_fingerprint": "%s"}' "${fingerprint}" | curl -k --silent --user "${ELASTIC_USERNAME}:${ELASTICSEARCH_PASSWORD}" -XPUT "${HEADERS[@]}" "${LOCAL_KBN_URL}/api/fleet/outputs/fleet-default-output" -d @- | jq + printf '{"config_yaml": "%s"}' "ssl.verification_mode: certificate" | curl -k --silent --user "${ELASTIC_USERNAME}:${ELASTICSEARCH_PASSWORD}" -XPUT "${HEADERS[@]}" "${LOCAL_KBN_URL}/api/fleet/outputs/fleet-default-output" -d @- | jq + policy_id=$(printf '{"name": "%s", "description": "%s", "namespace": "%s", "monitoring_enabled": ["logs","metrics"], "inactivity_timeout": 1209600}' "Endpoint Policy" "" "default" | curl -k --silent --user "${ELASTIC_USERNAME}:${ELASTICSEARCH_PASSWORD}" -XPOST "${HEADERS[@]}" "${LOCAL_KBN_URL}/api/fleet/agent_policies?sys_monitoring=true" -d @- | jq -r '.item.id') + pkg_version=$(curl -k --user "${ELASTIC_USERNAME}:${ELASTICSEARCH_PASSWORD}" -XGET "${HEADERS[@]}" "${LOCAL_KBN_URL}/api/fleet/epm/packages/endpoint" -d : | jq -r '.item.version') + printf "{\"name\": \"%s\", \"description\": \"%s\", \"namespace\": \"%s\", \"policy_id\": \"%s\", \"enabled\": %s, \"inputs\": [{\"enabled\": true, \"streams\": [], \"type\": \"ENDPOINT_INTEGRATION_CONFIG\", \"config\": {\"_config\": {\"value\": {\"type\": \"endpoint\", \"endpointConfig\": {\"preset\": \"EDRComplete\"}}}}}], \"package\": {\"name\": \"endpoint\", \"title\": \"Elastic Defend\", \"version\": \"${pkg_version}\"}}" "Elastic Defend" "" "default" "${policy_id}" "true" | curl -k --silent --user "${ELASTIC_USERNAME}:${ELASTICSEARCH_PASSWORD}" -XPOST "${HEADERS[@]}" "${LOCAL_KBN_URL}/api/fleet/package_policies" -d @- | jq +} + +#main: +source /opt/lme/lme-environment.env +set_fleet_values diff --git a/scripts/set_sysctl_limits.sh b/scripts/set_sysctl_limits.sh new file mode 100755 index 00000000..cd0b87fe --- /dev/null +++ b/scripts/set_sysctl_limits.sh @@ -0,0 +1,63 @@ +#!/bin/bash + +# Check if the script is run as root +if [[ $EUID -ne 0 ]]; then + echo "This script must be run as root" + exit 1 +fi + +# Check if NON_ROOT_USER is set +if [ -z ${NON_ROOT_USER+x} ]; then + echo "var NON_ROOT_USER is unset" + exit 1 +else + echo "NON_ROOT_USER='$NON_ROOT_USER'" +fi + +# Function to update or add a sysctl setting +update_sysctl() { + local key=$1 + local value=$2 + local file="/etc/sysctl.conf" + + if grep -qE "^$key\s*=" "$file"; then + sed -i "s/^$key\s*=.*/$key = $value/" "$file" + echo "Updated $key in $file" + elif grep -qE "^#\s*$key\s*=" "$file"; then + sed -i "s/^#\s*$key\s*=.*/$key = $value/" "$file" + echo "Uncommented and updated $key in $file" + else + echo "$key = $value" >> "$file" + echo "Added $key to $file" + fi +} + +# Update sysctl settings +update_sysctl "net.ipv4.ip_unprivileged_port_start" "80" +update_sysctl "vm.max_map_count" "262144" +update_sysctl "net.core.rmem_max" "7500000" +update_sysctl "net.core.wmem_max" "7500000" + +# Apply sysctl changes +sysctl -p + +# Update limits.conf +limits_file="/etc/security/limits.conf" +limits_entry="$NON_ROOT_USER soft nofile 655360 +$NON_ROOT_USER hard nofile 655360" + +if grep -qE "^$NON_ROOT_USER\s+soft\s+nofile" "$limits_file"; then + echo "$limits_file already configured for $NON_ROOT_USER. No changes needed." +else + echo "$limits_entry" >> "$limits_file" + echo "Updated $limits_file for $NON_ROOT_USER" +fi + +# Display current values +echo "Current sysctl values:" +sysctl net.ipv4.ip_unprivileged_port_start +sysctl vm.max_map_count +sysctl net.core.rmem_max +sysctl net.core.wmem_max + +echo "Script execution completed." \ No newline at end of file diff --git a/scripts/upload.sh b/scripts/upload.sh new file mode 100755 index 00000000..895320db --- /dev/null +++ b/scripts/upload.sh @@ -0,0 +1,33 @@ +#!/usr/bin/env bash +source .env +USER=elastic +PASSWORD=${ELASTIC_PASSWORD_ESCAPED} +PROTO=https + +#TODO: make this a cli flag +#------------ edit this----------- +#assumes files are INDEX_mapping.json + INDEX.json +# mapping + logs +DIR=/data/alerts/ +INDICES=$(ls ${DIR} | cut -f -3 -d '.' | grep -v "_mapping"| grep -v "template"| sort | uniq) + +#------------ edit this ----------- + +echo -e "\n\ncheck \`podman logs -f CONTAINER_NAME\` for verbose output\n\n" +echo -e "\n--Uploading: --\n" +for x in ${INDICES}; +do + echo "podman runs for $x:" + podman run -it -d -v ${DIR}${x}_mapping.json:/tmp/data.json -e NODE_TLS_REJECT_UNAUTHORIZED=0 --userns="" --network=host elasticdump/elasticsearch-dump --input=/tmp/data.json --output=${PROTO}://${USER}:${PASSWORD}@localhost:9200/${x} --type=mapping + + podman run -it -d -v ${DIR}${x}.json:/tmp/data.json -e NODE_TLS_REJECT_UNAUTHORIZED=0 --userns="" --network=host elasticdump/elasticsearch-dump --input=/tmp/data.json --output=${PROTO}://${USER}:${PASSWORD}@localhost:9200/${x} --limit=5000 + echo "" +done + +## cleanup: +echo "--to cleanup when done:--" +echo "podman ps -a --format \"{{.Image}} {{.Names}}\" | grep -i "elasticdump" | awk \'{print $2}\' | xargs podman rm" + +tot=$(wc -l $(ls ${DIR} | grep -v "_mapping" | xargs -I{} echo ${DIR}{})) +echo -e "\n--Expected Log #:\n $tot--" + diff --git a/testing/InstallTestbed.ps1 b/testing/InstallTestbed.ps1 new file mode 100644 index 00000000..6e7b8be0 --- /dev/null +++ b/testing/InstallTestbed.ps1 @@ -0,0 +1,402 @@ +param ( + [Alias("g")] + [Parameter(Mandatory = $true)] + [string]$ResourceGroup, + + [Alias("w")] + [string]$DomainController = "DC1", + + [Alias("l")] + [string]$LinuxVM = "LS1", + + [Alias("n")] + [int]$NumClients = 2, + + [Alias("m")] + [Parameter( + HelpMessage = "(minimal) Only install the linux server. Useful for testing the linux server without the windows clients" + )] + [switch]$LinuxOnly, + + [Alias("v")] + [string]$Version = $false, + + [Alias("b")] + [string]$Branch = $false +) + +# If you were to need the password from the SetupTestbed.ps1 script, you could use this: +# $Password = Get-Content "${ResourceGroup}.password.txt" + + +$ProcessSeparator = "`n----------------------------------------`n" + +# Define our library path +$LibraryPath = Join-Path -Path $PSScriptRoot -ChildPath "configure\azure_scripts\lib\utilityFunctions.ps1" + +# Check if the library file exists +if (Test-Path -Path $LibraryPath) { + # Dot-source the library script + . $LibraryPath +} +else { + Write-Error "Library script not found at path: $LibraryPath" +} + +if ($Version -ne $false -and -not ($Version -match '^[0-9]+\.[0-9]+\.[0-9]+$')) { + Write-Host "Invalid version format: $Version. Expected format: X.Y.Z (e.g., 1.3.0)" + exit 1 +} + +# Create a container to keep files for the VM +Write-Output "Creating a container to keep files for the VM..." +$createBlobResponse = ./configure/azure_scripts/create_blob_container.ps1 ` + -ResourceGroup $ResourceGroup +Write-Output $createBlobResponse +Write-Output $ProcessSeparator + +# Source the variables from the file +Write-Output "`nSourcing the variables from the file..." +. ./configure/azure_scripts/config.ps1 + +# Remove old code if it exists +if (Test-Path ./configure.zip) { + Remove-Item ./configure.zip -Force -Confirm:$false -ErrorAction SilentlyContinue +} + +Write-Output $ProcessSeparator + +# Zip up the installer scripts for the VM +Write-Output "`nZipping up the installer scripts for the VMs..." +./configure/azure_scripts/zip_my_parents_parent.ps1 +Write-Output $ProcessSeparator + +# Upload the zip file to the container and get a key to download it +Write-Output "`nUploading the zip file to the container and getting a key to download it..." +$FileDownloadUrl = ./configure/azure_scripts/copy_file_to_container.ps1 ` + -LocalFilePath "configure.zip" ` + -ContainerName $ContainerName ` + -StorageAccountName $StorageAccountName ` + -StorageAccountKey $StorageAccountKey + +Write-Output "File download URL: $FileDownloadUrl" +Write-Output $ProcessSeparator + +Write-Output "`nChanging directory to the azure scripts..." +Set-Location configure/azure_scripts +Write-Output $ProcessSeparator + +if (-Not $LinuxOnly) { + Write-Output "`nInstalling on the windows clients..." + # Make our directory on the VM + Write-Output "`nMaking our directory on the VM..." + $createDirResponse = az vm run-command invoke ` + --command-id RunPowerShellScript ` + --name $DomainController ` + --resource-group $ResourceGroup ` + --scripts "if (-not (Test-Path -Path 'C:\lme')) { New-Item -Path 'C:\lme' -ItemType Directory }" + Show-FormattedOutput -FormattedOutput (Format-AzVmRunCommandOutput -JsonResponse "$createDirResponse") + Write-Output $ProcessSeparator + + # Download the zip file to the VM + Write-Output "`nDownloading the zip file to the VM..." + $downloadZipFileResponse = .\download_in_container.ps1 ` + -VMName $DomainController ` + -ResourceGroup $ResourceGroup ` + -FileDownloadUrl "$FileDownloadUrl" ` + -DestinationFilePath "configure.zip" + Show-FormattedOutput -FormattedOutput (Format-AzVmRunCommandOutput -JsonResponse "$downloadZipFileResponse") + Write-Output $ProcessSeparator + + # Extract the zip file + Write-Output "`nExtracting the zip file..." + $extractArchiveResponse = .\extract_archive.ps1 ` + -VMName $DomainController ` + -ResourceGroup $ResourceGroup ` + -FileName "configure.zip" + Show-FormattedOutput -FormattedOutput (Format-AzVmRunCommandOutput -JsonResponse "$extractArchiveResponse") + Write-Output $ProcessSeparator + + # Run the install script for chapter 1 + Write-Output "`nRunning the install script for chapter 1..." + $installChapter1Response = .\run_script_in_container.ps1 ` + -ResourceGroup $ResourceGroup ` + -VMName $DomainController ` + -ScriptPathOnVM "C:\lme\configure\install_chapter_1.ps1" + Show-FormattedOutput -FormattedOutput (Format-AzVmRunCommandOutput -JsonResponse "$installChapter1Response") + Write-Output $ProcessSeparator + + # Update the group policy on the remote machines + Write-Output "`nUpdating the group policy on the remote machines..." + Invoke-GPUpdateOnVMs -ResourceGroup $ResourceGroup -numberOfClients $NumClients + Write-Output $ProcessSeparator + + # Wait for the services to start + Write-Output "`nWaiting for the services to start..." + Start-Sleep 10 + + # See if we can see the forwarding computers in the DC + write-host "`nChecking if we can see the forwarding computers in the DC..." + $listForwardingComputersResponse = .\run_script_in_container.ps1 ` + -ResourceGroup $ResourceGroup ` + -VMName $DomainController ` + -ScriptPathOnVM "C:\lme\configure\list_computers_forwarding_events.ps1" + Show-FormattedOutput -FormattedOutput (Format-AzVmRunCommandOutput -JsonResponse "$listForwardingComputersResponse") + Write-Output $ProcessSeparator + + # Install the sysmon service on DC1 from chapter 2 + Write-Output "`nInstalling the sysmon service on DC1 from chapter 2..." + $installChapter2Response = .\run_script_in_container.ps1 ` + -ResourceGroup $ResourceGroup ` + -VMName $DomainController ` + -ScriptPathOnVM "C:\lme\configure\install_chapter_2.ps1" + Show-FormattedOutput -FormattedOutput (Format-AzVmRunCommandOutput -JsonResponse "$installChapter2Response") + Write-Output $ProcessSeparator + + # Update the group policy on the remote machines + Write-Output "`nUpdating the group policy on the remote machines..." + Invoke-GPUpdateOnVMs -ResourceGroup $ResourceGroup -numberOfClients $NumClients + Write-Output $ProcessSeparator + + # Wait for the services to start + Write-Output "`nWaiting for the services to start. Generally they don't show..." + Start-Sleep 10 + + # See if you can see sysmon running on the machine + Write-Output "`nSeeing if you can see sysmon running on a machine..." + $showSysmonResponse = az vm run-command invoke ` + --command-id RunPowerShellScript ` + --name "C1" ` + --resource-group $ResourceGroup ` + --scripts 'Get-Service | Where-Object { $_.DisplayName -like "*Sysmon*" }' + Show-FormattedOutput -FormattedOutput (Format-AzVmRunCommandOutput -JsonResponse "$showSysmonResponse") + Write-Output $ProcessSeparator +} + +Write-Output "`nInstalling on the linux server..." +# Download the installers on LS1 +Write-Output "`nDownloading the installers on LS1..." +$downloadLinuxZipFileResponse = .\download_in_container.ps1 ` + -VMName $LinuxVM ` + -ResourceGroup $ResourceGroup ` + -FileDownloadUrl "$FileDownloadUrl" ` + -DestinationFilePath "configure.zip" ` + -os "linux" +Show-FormattedOutput -FormattedOutput (Format-AzVmRunCommandOutput -JsonResponse "$downloadLinuxZipFileResponse") +Write-Output $ProcessSeparator + +# Install unzip on LS1 +Write-Output "`nInstalling unzip on LS1..." +$installUnzipResponse = az vm run-command invoke ` + --command-id RunShellScript ` + --name $LinuxVM ` + --resource-group $ResourceGroup ` + --scripts 'apt-get install unzip -y' +Show-FormattedOutput -FormattedOutput (Format-AzVmRunCommandOutput -JsonResponse "$installUnzipResponse") +Write-Output $ProcessSeparator + +# Unzip the file on LS1 +Write-Output "`nUnzipping the file on LS1..." +$extractLinuxArchiveResponse = .\extract_archive.ps1 ` + -VMName $LinuxVM ` + -ResourceGroup $ResourceGroup ` + -FileName "configure.zip" ` + -Os "Linux" +Show-FormattedOutput -FormattedOutput (Format-AzVmRunCommandOutput -JsonResponse "$extractLinuxArchiveResponse") +Write-Output $ProcessSeparator + +Write-Output "`nMaking the installer files executable and updating the system packages on LS1..." +$updateLinuxResponse = az vm run-command invoke ` + --command-id RunShellScript ` + --name $LinuxVM ` + --resource-group $ResourceGroup ` + --scripts 'chmod +x /home/admin.ackbar/lme/configure/* && /home/admin.ackbar/lme/configure/linux_update_system.sh' +Show-FormattedOutput -FormattedOutput (Format-AzVmRunCommandOutput -JsonResponse "$updateLinuxResponse") +Write-Output $ProcessSeparator + +$versionArgument = "" +if ($Branch -ne $false) { + $versionArgument = " -b '$($Branch)'" +} elseif ($Version -ne $false) { + $versionArgument = " -v $Version" +} +Write-Output "`nRunning the lme installer on LS1..." +$installLmeResponse = az vm run-command invoke ` + --command-id RunShellScript ` + --name $LinuxVM ` + --resource-group $ResourceGroup ` + --scripts "/home/admin.ackbar/lme/configure/linux_install_lme.sh $versionArgument" +Show-FormattedOutput -FormattedOutput (Format-AzVmRunCommandOutput -JsonResponse "$installLmeResponse") +Write-Output $ProcessSeparator + +# Check if the response contains the need to reboot +$rebootCheckstring = $installLmeResponse | Out-String +if ($rebootCheckstring -match "reboot is required in order to proceed with the install") { + # Have to check for the reboot thing here + Write-Output "`nRebooting ${LinuxVM}..." + az vm restart ` + --resource-group $ResourceGroup ` + --name $LinuxVM + Write-Output $ProcessSeparator + + Write-Output "`nRunning the lme installer on LS1..." + $installLmeResponse = az vm run-command invoke ` + --command-id RunShellScript ` + --name $LinuxVM ` + --resource-group $ResourceGroup ` + --scripts "/home/admin.ackbar/lme/configure/linux_install_lme.sh $versionArgument" + Show-FormattedOutput -FormattedOutput (Format-AzVmRunCommandOutput -JsonResponse "$installLmeResponse") + Write-Output $ProcessSeparator +} + +# Capture the output of the install script +Write-Output "`nCapturing the output of the install script for ES passwords..." +$getElasticsearchPasswordsResponse = az vm run-command invoke ` + --command-id RunShellScript ` + --name $LinuxVM ` + --resource-group $ResourceGroup ` + --scripts 'sed -n "/^## elastic/,/^####################/p" "/opt/lme/Chapter 3 Files/output.log"' + +Write-Output $ProcessSeparator + +if (-Not $LinuxOnly){ + # Generate key using expect on linux + Write-Output "`nGenerating key using expect on linux..." + $generateKeyResponse = az vm run-command invoke ` + --command-id RunShellScript ` + --name $LinuxVM ` + --resource-group $ResourceGroup ` + --scripts '/home/admin.ackbar/lme/configure/linux_make_private_key.exp' + Show-FormattedOutput -FormattedOutput (Format-AzVmRunCommandOutput -JsonResponse "$generateKeyResponse") + Write-Output $ProcessSeparator + + # Add the public key to the authorized_keys file on LS1 + Write-Output "`nAdding the public key to the authorized_keys file on LS1..." + $authorizePrivateKeyResponse = az vm run-command invoke ` + --command-id RunShellScript ` + --name $LinuxVM ` + --resource-group $ResourceGroup ` + --scripts '/home/admin.ackbar/lme/configure/linux_authorize_private_key.sh' + Show-FormattedOutput -FormattedOutput (Format-AzVmRunCommandOutput -JsonResponse "$authorizePrivateKeyResponse") + Write-Output $ProcessSeparator + + # Cat the private key and capture that to the azure shell + Write-Output "`nCat the private key and capture that to the azure shell..." + $jsonResponse = az vm run-command invoke ` + --command-id RunShellScript ` + --name $LinuxVM ` + --resource-group $ResourceGroup ` + --scripts 'cat /home/admin.ackbar/.ssh/id_rsa' + $privateKey = Get-PrivateKeyFromJson -jsonResponse "$jsonResponse" + + # Save the private key to a file + Write-Output "`nSaving the private key to a file..." + $privateKeyPath = ".\id_rsa" + Set-Content -Path $privateKeyPath -Value $privateKey + Write-Output $ProcessSeparator + + # Upload the private key to the container and get a key to download it + Write-Output "`nUploading the private key to the container and getting a key to download it..." + $KeyDownloadUrl = ./copy_file_to_container.ps1 ` + -LocalFilePath "id_rsa" ` + -ContainerName $ContainerName ` + -StorageAccountName $StorageAccountName ` + -StorageAccountKey $StorageAccountKey + + # Download the private key to DC1 + Write-Output "`nDownloading the private key to DC1..." + $downloadPrivateKeyResponse = .\download_in_container.ps1 ` + -VMName $DomainController ` + -ResourceGroup $ResourceGroup ` + -FileDownloadUrl "$KeyDownloadUrl" ` + -DestinationFilePath "id_rsa" + Show-FormattedOutput -FormattedOutput (Format-AzVmRunCommandOutput -JsonResponse "$downloadPrivateKeyResponse") + Write-Output $ProcessSeparator + + # Change the ownership of the private key file on DC1 + Write-Output "`nChanging the ownership of the private key file on DC1..." + $chownPrivateKeyResponse = .\run_script_in_container.ps1 ` + -ResourceGroup $ResourceGroup ` + -VMName $DomainController ` + -ScriptPathOnVM "C:\lme\configure\chown_dc1_private_key.ps1" + Show-FormattedOutput -FormattedOutput (Format-AzVmRunCommandOutput -JsonResponse "$chownPrivateKeyResponse") + Write-Output $ProcessSeparator + + # Remove the private key from the local machine + Remove-Item -Path $privateKeyPath + + # Use the azure shell to run scp on DC1 to copy the files from LS1 to DC1 + Write-Output "`nUsing the azure shell to run scp on DC1 to copy the files from LS1 to DC1..." + $scpResponse = az vm run-command invoke ` + --command-id RunPowerShellScript ` + --name $DomainController ` + --resource-group $ResourceGroup ` + --scripts 'scp -o StrictHostKeyChecking=no -i "C:\lme\id_rsa" admin.ackbar@ls1:/home/admin.ackbar/files_for_windows.zip "C:\lme\"' + Show-FormattedOutput -FormattedOutput (Format-AzVmRunCommandOutput -JsonResponse "$scpResponse") + Write-Output $ProcessSeparator + + # Extract the files on DC1 + Write-Output "`nExtracting the files on DC1..." + $extractFilesForWindowsResponse = .\extract_archive.ps1 ` + -VMName $DomainController ` + -ResourceGroup $ResourceGroup ` + -FileName "files_for_windows.zip" + Show-FormattedOutput -FormattedOutput (Format-AzVmRunCommandOutput -JsonResponse "$extractFilesForWindowsResponse") + Write-Output $ProcessSeparator + + # Install winlogbeat on DC1 + Write-Output "`nInstalling winlogbeat on DC1..." + $installWinlogbeatResponse = .\run_script_in_container.ps1 ` + -ResourceGroup $ResourceGroup ` + -VMName $DomainController ` + -ScriptPathOnVM "C:\lme\configure\winlogbeat_install.ps1" + + Show-FormattedOutput -FormattedOutput (Format-AzVmRunCommandOutput -JsonResponse "$installWinlogbeatResponse") + Write-Output $ProcessSeparator +} + + +Write-Output "`nRunning the tests for lme on LS1..." +$runTestResponse = az vm run-command invoke ` + --command-id RunShellScript ` + --name $LinuxVM ` + --resource-group $ResourceGroup ` + --scripts '/home/admin.ackbar/lme/configure/linux_test_install.sh' | ConvertFrom-Json + +$message = $runTestResponse.value[0].message +Write-Host "$message`n" +Write-Host "--------------------------------------------" + +# Check if there is stderr content in the message field +if ($message -match '\[stderr\]\n(.+)$') { + Write-Host "Tests failed" + exit 1 +} else { + Write-Host "Tests succeeded" +} + +Write-Output "`nInstall completed." + +$EsPasswords = (Format-AzVmRunCommandOutput -JsonResponse "$getElasticsearchPasswordsResponse")[0].StdOut +# Output the passwords +$EsPasswords + +# Write the passwords to a file +$PasswordPath = "..\..\${ResourceGroup}.password.txt" +$EsPasswords | Out-File -Append -FilePath $PasswordPath + +# Constructing a string that will hold all the command-line parameters to be written to the file +$paramsToWrite = @" +ResourceGroup: $ResourceGroup +DomainController: $DomainController +LinuxVM: $LinuxVM +NumClients: $NumClients +LinuxOnly: $($LinuxOnly.IsPresent) +Version: $Version +Branch: $Branch +"@ + +# Output the parameters to the end of the password file +$paramsToWrite | Out-File -Append -FilePath $PasswordPath + +Get-Content -Path $PasswordPath \ No newline at end of file diff --git a/testing/Readme.md b/testing/Readme.md index 45301981..8577bf09 100644 --- a/testing/Readme.md +++ b/testing/Readme.md @@ -13,14 +13,16 @@ Using the Azure CLI, it creates the following: This script does not install LME; it simply creates a fresh environment that's ready to have LME installed. ## Usage -| **Parameter** | **Alias** | **Description** | **Required** | -|------------------------|-----------|----------------------------------------------------------------------------------------|---------------------------------------| -| $ResourceGroup | -g | The name of the resource group that will be created for storing all testbed resources. | Yes | -| $NumClients | -n | The number of Windows clients to create; maximum 16; defaults to 1 | No | -| $AutoShutdownTime | | The auto-shutdown time in UTC (HHMM, e.g. 2230, 0000, 1900); auto-shutdown not configured if not provided | No | -| $AutoShutdownEmail | | An email to be notified if a VM is auto-shutdown. | No | -| $AllowedSources | -s | Comma-Separated list of CIDR prefixes or IP ranges, e.g. XX.XX.XX.XX/YY,XX.XX.XX.XX/YY,etc..., that are allowed to connect to the VMs via RDP and ssh. | Yes | -| $NoPrompt | -y | Switch, run the script with no prompt (useful for automated runs). By default, the script will prompt the user to review paramters and confirm before continuing. | No | +| **Parameter** | **Alias** | **Description** | **Required** | +|--------------------|-----------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------| +| $ResourceGroup | -g | The name of the resource group that will be created for storing all testbed resources. | Yes | +| $NumClients | -n | The number of Windows clients to create; maximum 16; defaults to 2 | No | +| $AutoShutdownTime | | The auto-shutdown time in UTC (HHMM, e.g. 2230, 0000, 1900); auto-shutdown not configured if not provided | No | +| $AutoShutdownEmail | | An email to be notified if a VM is auto-shutdown. | No | +| $AllowedSources | -s | Comma-Separated list of CIDR prefixes or IP ranges, e.g. XX.XX.XX.XX/YY,XX.XX.XX.XX/YY,etc..., that are allowed to connect to the VMs via RDP and ssh. | Yes | +| $Location | -l | The region you would like to build the assets in. Defaults to westus | No | +| $NoPrompt | -y | Switch, run the script with no prompt (useful for automated runs). By default, the script will prompt the user to review paramters and confirm before continuing. | No | +| $LinuxOnly | -m | Run a minimal install of only the linux server | No | Example: ``` @@ -28,14 +30,14 @@ Example: ``` ## Running Using Azure Shell -| **#** | **Step** | **Screenshot** | -|-------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------| -| 1 | Open a cloud shell by navigating to portal.azure.com and clicking the shell icon. | ![image](/docs/imgs/testing-screenshots/shell.png) | -| 2 | Select PowerShell. | ![image](/docs/imgs/testing-secreenshots/shell2.png) | -| 3 | Upload `SetupTestbed.ps1` by clicking the "Upload/Download files" icon | ![image](/docs/imgs/testing-screenshots/shell3.png) | -| 4 | Run the script, providing values for the parameters when promoted (see [Usage](#usage)). The script will take ~20 minutes to run to completion. | ![image](/docs/imgs/testing-screenshots/shell4.png) | -| 5 | Save the login credentials printed to the terminal at the end. At this point you can login to each VM using RDP (for the Windows servers) or SSH (for the Linux server). | ![image](/docs/imgs/testing-screenshots/shell5.png) | -| 6 | When you're done testing, simply delete the resource group to clean up all resources created. | ![image](/docs/imgs/testing-screenshots/delete.png) | +| **#** | **Step** | **Screenshot** | +|-------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------| +| 1 | Open a cloud shell by navigating to portal.azure.com and clicking the shell icon. | ![image](/docs/imgs/testing-screenshots/shell.png) | +| 2 | Select PowerShell. | ![image](/docs/imgs/testing-secreenshots/shell2.png) | +| 3 | Clone the repo `git clone https://github.com/cisagov/LME.git` and then `cd LME\testing` | | +| 4 | Run the script, providing values for the parameters when promoted (see [Usage](#usage)). The script will take ~20 minutes to run to completion. | ![image](/docs/imgs/testing-screenshots/shell4.png) | +| 5 | Save the login credentials printed to the terminal at the end (They will also be in a file called `<$ResourceGroup>.password.txt`). At this point you can login to each VM using RDP (for the Windows servers) or SSH (for the Linux server). | ![image](/docs/imgs/testing-screenshots/shell5.png) | +| 6 | When you're done testing, simply delete the resource group to clean up all resources created. | ![image](/docs/imgs/testing-screenshots/delete.png) | # Extra Functionality: @@ -55,3 +57,36 @@ Flags: - enable: deletes the DENYINTERNET/DENYLOADBALANCER rules - NSG: sets NSG to a custom NSG if desired [NSG1 default] +## Install LME on the cluster: +### InstallTestbed.ps1 +## Usage +| **Parameter** | **Alias** | **Description** | **Required** | +|-------------------|-----------|----------------------------------------------------------------------------------------|--------------| +| $ResourceGroup | -g | The name of the resource group that will be created for storing all testbed resources. | Yes | +| $NumClients | -n | The number of Windows clients you have created; defaults to 2 | No | +| $DomainController | -w | The name of the domain controller in the cluster; defaults to "DC1" | No | +| $LinuxVm | -l | The name of the linux server in the cluster; defaults to "LS1" | No | +| $LinuxOnly | -m | Run a minimal install of only the linux server | No | +| $Version | -v | Optionally provide a version to install if you want a specific one. `-v 1.3.2` | No | +| $Branch | -b | Optionally provide a branch to install if you want a specific one `-b your_branch` | No | + +Example: +``` +./InstallTestbed.ps1 -ResourceGroup YourResourceGroup +# Or if you want to save the output to a file +./InstallTestbed.ps1 -ResourceGroup YourResourceGroup | Tee-Object -FilePath "./YourResourceGroup.output.log" +``` +| **#** | **Step** | **Screenshot** | +|-------|-----------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------| +| 1 | Open a cloud shell by navigating to portal.azure.com and clicking the shell icon. | ![image](/docs/imgs/testing-screenshots/shell.png) | +| 2 | Select PowerShell. | ![image](/docs/imgs/testing-secreenshots/shell2.png) | +| 3.a | If you have already cloned the LME repo then make sure you are in the `LME\testing` directory and run git pull before changing to the testing directory. | | +| 3.b | If you haven't cloned it, clone the github repo in the home directory. `git clone https://github.com/cisagov/LME.git` and then `cd LME\testing`. | | +| 4 | Now you can run one of the commands from the Examples above. | | +| 5 | Save the login credentials printed to the terminal at the end. *See note* | | +| 6 | When you're done testing, simply delete the resource group to clean up all resources created. | | + +Note: When the script finishes you will be in the azure_scripts directory, and you should see the elasticsearch credentials printed to the terminal. +You will need to `cd ../../` to get back to the LME directory. All the passwords should also be in the `<$ResourceGroup>.password.txt` file. + + diff --git a/testing/SetupTestbed.ps1 b/testing/SetupTestbed.ps1 index 4c5a347b..59dc856b 100644 --- a/testing/SetupTestbed.ps1 +++ b/testing/SetupTestbed.ps1 @@ -4,7 +4,7 @@ Creates the following: - A resource group - A virtual network, subnet, and network security group - - 2 VMs: "DC1," a Windows server, and "LS1," a Linux server + - 2 VMs: "DC1," a Windows server, and "LS1," a Linux server. You can use -m for only the linux server - Client VMs: Windows clients "C1", "C2", etc. up to 16 based on user input - Promotes DC1 to a domain controller - Adds "C" clients to the managed domain @@ -18,45 +18,66 @@ #> param ( - [Parameter( - HelpMessage="Auto-Shutdown time in UTC (HHMM, e.g. 2230, 0000, 1900). Convert timezone as necesary: (e.g. 05:30 pm ET -> 9:30 pm UTC -> 21:30 -> 2130)" - )] - $AutoShutdownTime=$null, - - [Parameter( - HelpMessage="Auto-shutdown notification email" - )] - $AutoShutdownEmail=$null, - - [Alias("l")] - [Parameter( - HelpMessage="Location where the cluster will be built. Default westus" - )] - [string]$Location="westus", - - [Alias("g")] - [Parameter(Mandatory=$true)] - [string]$ResourceGroup, - - [Alias("n")] - [Parameter( - HelpMessage="Number of clients to create (Max: 16)" - )] - [int]$NumClients=1, - - [Alias("s")] - [Parameter(Mandatory=$true, - HelpMessage="XX.XX.XX.XX/YY,XX.XX.XX.XX/YY,etc... Comma-Separated list of CIDR prefixes or IP ranges" - )] - [string]$AllowedSources, - - [Alias("y")] - [Parameter( - HelpMessage="Run the script with no prompt (useful for automated runs)" - )] - [switch]$NoPrompt + [Parameter( + HelpMessage = "Auto-Shutdown time in UTC (HHMM, e.g. 2230, 0000, 1900). Convert timezone as necesary: (e.g. 05:30 pm ET -> 9:30 pm UTC -> 21:30 -> 2130)" + )] + $AutoShutdownTime = $null, + + [Parameter( + HelpMessage = "Auto-shutdown notification email" + )] + $AutoShutdownEmail = $null, + + [Alias("l")] + [Parameter( + HelpMessage = "Location where the cluster will be built. Default westus" + )] + [string]$Location = "westus", + + [Alias("g")] + [Parameter(Mandatory = $true)] + [string]$ResourceGroup, + + [Alias("n")] + [Parameter( + HelpMessage = "Number of clients to create (Max: 16)" + )] + [int]$NumClients = 2, + + [Alias("s")] + [Parameter(Mandatory = $true, + HelpMessage = "XX.XX.XX.XX/YY,XX.XX.XX.XX/YY,etc... Comma-Separated list of CIDR prefixes or IP ranges" + )] + [string]$AllowedSources, + + [Alias("y")] + [Parameter( + HelpMessage = "Run the script with no prompt (useful for automated runs)" + )] + [switch]$NoPrompt, + + [Alias("m")] + [Parameter( + HelpMessage = "(minimal) Only install the linux server. Useful for testing the linux server without the windows clients" + )] + [switch]$LinuxOnly ) +$ProcessSeparator = "`n----------------------------------------`n" + +# Define our library path +$libraryPath = Join-Path -Path $PSScriptRoot -ChildPath "configure\azure_scripts\lib\utilityFunctions.ps1" + +# Check if the library file exists +if (Test-Path -Path $libraryPath) { + # Dot-source the library script + . $libraryPath +} +else { + Write-Error "Library script not found at path: $libraryPathCreating Network Port 22 rule..." +} + + #DEFAULTS: #Desired Netowrk Mapping: $VNetPrefix = "10.1.0.0/16" @@ -72,10 +93,14 @@ $VMAdmin = "admin.ackbar" $DomainName = "lme.local" #Port options: https://learn.microsoft.com/en-us/cli/azure/network/nsg/rule?view=azure-cli-latest#az-network-nsg-rule-create -$Ports = 22,3389 -$Priorities = 1001,1002 -$Protocols = "Tcp","Tcp" +$Ports = 22, 3389, 443, 9200, 5044 +$Priorities = 1001, 1002, 1003, 1004, 1005 +$Protocols = "Tcp", "Tcp", "Tcp", "Tcp", "Tcp" +# Variables used for Azure tags +$CurrentUser = $(az account show | ConvertFrom-Json).user.name +$Today = $(Get-Date).ToString("yyyy-MM-dd") +$Project = "LME" function Get-RandomPassword { param ( @@ -105,53 +130,60 @@ function Set-AutoShutdown { Write-Output "`nCreating Auto-Shutdown Rule for $VMName at time $AutoShutdownTime..." if ($null -ne $AutoShutdownEmail) { - az vm auto-shutdown ` - -g $ResourceGroup ` - -n $VMName ` - --time $AutoShutdownTime ` - --email $AutoShutdownEmail + $autoShutdownResponse = az vm auto-shutdown ` + -g $ResourceGroup ` + -n $VMName ` + --time $AutoShutdownTime ` + --email $AutoShutdownEmail + Write-Output $autoShutdownResponse } else { - az vm auto-shutdown ` - -g $ResourceGroup ` - -n $VMName ` - --time $AutoShutdownTime + $autoShutdownResponse = az vm auto-shutdown ` + -g $ResourceGroup ` + -n $VMName ` + --time $AutoShutdownTime + Write-Output $autoShutdownResponse } } function Set-NetworkRules { - param ( - [Parameter(Mandatory)] - $AllowedSourcesList - ) - - if ($Ports.length -ne $Priorities.length){ - Write-Output "Priorities and Ports length should be equal!" - exit -1 - } - if ($Ports.length -ne $Protocols.length){ - Write-Output "Protocols and Ports length should be equal!" - exit -1 - } - - for ($i = 0; $i -le $Ports.length - 1 ; $i++) { - $port=$Ports[$i] - $priority=$Priorities[$i] - $protocol=$Protocols[$i] - Write-Output "`nCreating Network Port $port rule..." - - az network nsg rule create --name Network_Port_Rule_$port ` - --resource-group $ResourceGroup ` - --nsg-name NSG1 ` - --priority $priority ` - --direction Inbound ` - --access Allow ` - --protocol $protocol ` - --source-address-prefixes $AllowedSourcesList ` - --destination-address-prefixes '*' ` - --destination-port-ranges $port ` - --description "Allow inbound from $sources on $port via $protocol connections." - } + param ( + [Parameter(Mandatory)] + $AllowedSourcesList + ) + + if ($Ports.length -ne $Priorities.length) { + Write-Output "Priorities and Ports length should be equal!" + Exit 1 + } + if ($Ports.length -ne $Protocols.length) { + Write-Output "Protocols and Ports length should be equal!" + Exit 1 + } + + for ($i = 0; $i -le $Ports.length - 1; $i++) { + $port = $Ports[$i] + $priority = $Priorities[$i] + $protocol = $Protocols[$i] + Write-Output "`nCreating Network Port $port rule..." + $command = "az network nsg rule create --name Network_Port_Rule_$port " + + "--resource-group $ResourceGroup " + + "--nsg-name NSG1 " + + "--priority $priority " + + "--direction Inbound " + + "--access Allow " + + "--protocol $protocol " + + "--source-address-prefixes $AllowedSourcesList " + + "--destination-address-prefixes '*' " + + "--destination-port-ranges $port " + + "--description 'Allow inbound from $sources on $port via $protocol connections.' " + + Write-Output "Running command: $command" + + $networkRuleResponse = Invoke-Expression $command + Write-Output $networkRuleResponse + + } } @@ -159,23 +191,23 @@ function Set-NetworkRules { # Validation of Globals # ######################## $AllowedSourcesList = $AllowedSources -Split "," -if ($AllowedSourcesList.length -lt 1){ - Write-Output "**ERROR**: Variable AllowedSources must be set (set with -AllowedSources or -s)" - exit -1 +if ($AllowedSourcesList.length -lt 1) { + Write-Output "**ERROR**: Variable AllowedSources must be set (set with -AllowedSources or -s)" + Exit 1 } if ($null -ne $AutoShutdownTime) { - if ( -not ( $AutoShutdownTime -match '^([01][0-9]|2[0-3])[0-5][0-9]$' ) ){ + if (-not ( $AutoShutdownTime -match '^([01][0-9]|2[0-3])[0-5][0-9]$')) { Write-Output "**ERROR** Invalid time" Write-Output "Enter the Auto-Shutdown time in UTC (HHMM, e.g. 2230, 0000, 1900), `n`tConvert timezone as necesary: (e.g. 05:30 pm ET -> 9:30 pm UTC -> 21:30 -> 2130)" - exit -1 - } + Exit 1 + } } -if ($NumClients -lt 1 -or $NumClients -gt 16) { - Write-Output "The number of clients must be at least 1 and no more than 16." +if (($NumClients -lt 1 -or $NumClients -gt 16) -and -Not $LinuxOnly) { + Write-Output "The number of clients must be at least 1 and no more than 16." $NumClients = $NumClients -as [int] - exit -1 + Exit 1 } ################ @@ -189,39 +221,49 @@ Write-Output "Number of clients: $NumClients" Write-Output "Allowed sources (IP's): $AllowedSourcesList" Write-Output "Auto-shutdown time: $AutoShutdownTime" Write-Output "Auto-shutdown e-mail: $AutoShutdownEmail" +if ($LinuxOnly) { + Write-Output "Creating a linux server only" +} if (-Not $NoPrompt) { - do { - $Proceed = Read-Host "`nProceed? (Y/n)" - } until ($Proceed -eq "y" -or $Proceed -eq "Y" -or $Proceed -eq "n" -or $Proceed -eq "N") - - if ($Proceed -eq "n" -or $Proceed -eq "N") { - Write-Output "Setup canceled" - exit - } + do { + $Proceed = Read-Host "`nProceed? (Y/n)" + } until ($Proceed -eq "y" -or $Proceed -eq "Y" -or $Proceed -eq "n" -or $Proceed -eq "N") + + if ($Proceed -eq "n" -or $Proceed -eq "N") { + Write-Output "Setup canceled" + Exit + } } ######################## # Setup resource group # ######################## Write-Output "`nCreating resource group..." -az group create --name $ResourceGroup --location $Location +$createResourceGroupResponse = az group create --name $ResourceGroup ` + --location $Location ` + --tags project=$Project created=$Today createdBy=$CurrentUser +Write-Output $createResourceGroupResponse ################# # Setup network # ################# Write-Output "`nCreating virtual network..." -az network vnet create --resource-group $ResourceGroup ` +$createVirtualNetworkResponse = az network vnet create --resource-group $ResourceGroup ` --name VNet1 ` --address-prefix $VNetPrefix ` --subnet-name SNet1 ` - --subnet-prefix $SubnetPrefix + --subnet-prefix $SubnetPrefix ` + --tags project=$Project created=$Today createdBy=$CurrentUser +Write-Output $createVirtualNetworkResponse Write-Output "`nCreating nsg..." -az network nsg create --name NSG1 ` +$createNsgResponse = az network nsg create --name NSG1 ` --resource-group $ResourceGroup ` - --location $Location + --location $Location ` + --tags project=$Project created=$Today createdBy=$CurrentUser +Write-Output $createNsgResponse Set-NetworkRules -AllowedSourcesList $AllowedSourcesList @@ -229,24 +271,12 @@ Set-NetworkRules -AllowedSourcesList $AllowedSourcesList # Create the VMs # ################## $VMPassword = Get-RandomPassword 12 -Write-Output "`nWriting $VMAdmin password to password.txt" -echo $VMPassword > password.txt +Write-Output "`nWriting $VMAdmin password to ${ResourceGroup}.password.txt" +$VMPassword | Out-File -FilePath "${ResourceGroup}.password.txt" -Encoding UTF8 -Write-Output "`nCreating DC1..." -az vm create ` - --name DC1 ` - --resource-group $ResourceGroup ` - --nsg NSG1 ` - --image Win2019Datacenter ` - --admin-username $VMAdmin ` - --admin-password $VMPassword ` - --vnet-name VNet1 ` - --subnet SNet1 ` - --public-ip-sku Standard ` - --private-ip-address $DcIP Write-Output "`nCreating LS1..." -az vm create ` +$createLs1Response = az vm create ` --name LS1 ` --resource-group $ResourceGroup ` --nsg NSG1 ` @@ -258,12 +288,14 @@ az vm create ` --public-ip-sku Standard ` --size Standard_E2d_v4 ` --os-disk-size-gb 128 ` - --private-ip-address $LsIP - -for ($i = 1; $i -le $NumClients; $i++) { - Write-Output "`nCreating C$i..." - az vm create ` - --name C$i ` + --private-ip-address $LsIP ` + --tags project=$Project created=$Today createdBy=$CurrentUser +Write-Output $createLs1Response + +if (-Not $LinuxOnly){ + Write-Output "`nCreating DC1..." + $createDc1Response = az vm create ` + --name DC1 ` --resource-group $ResourceGroup ` --nsg NSG1 ` --image Win2019Datacenter ` @@ -271,7 +303,25 @@ for ($i = 1; $i -le $NumClients; $i++) { --admin-password $VMPassword ` --vnet-name VNet1 ` --subnet SNet1 ` - --public-ip-sku Standard + --public-ip-sku Standard ` + --private-ip-address $DcIP ` + --tags project=$Project created=$Today createdBy=$CurrentUser + Write-Output $createDc1Response + for ($i = 1; $i -le $NumClients; $i++) { + Write-Output "`nCreating C$i..." + $createClientResponse = az vm create ` + --name C$i ` + --resource-group $ResourceGroup ` + --nsg NSG1 ` + --image Win2019Datacenter ` + --admin-username $VMAdmin ` + --admin-password $VMPassword ` + --vnet-name VNet1 ` + --subnet SNet1 ` + --public-ip-sku Standard ` + --tags project=$Project created=$Today createdBy=$CurrentUser + Write-Output $createClientResponse + } } ########################### @@ -279,100 +329,166 @@ for ($i = 1; $i -le $NumClients; $i++) { ########################### if ($null -ne $AutoShutdownTime) { - Set-AutoShutdown "DC1" Set-AutoShutdown "LS1" - for ($i = 1; $i -le $NumClients; $i++) { - Set-AutoShutdown "C$i" + if (-Not $LinuxOnly){ + Set-AutoShutdown "DC1" + for ($i = 1; $i -le $NumClients; $i++) { + Set-AutoShutdown "C$i" + } } } #################### # Setup the domain # #################### -Write-Output "`nInstalling AD Domain services on DC1..." -az vm run-command invoke ` - --command-id RunPowerShellScript ` - --resource-group $ResourceGroup ` - --name DC1 ` - --scripts "Add-WindowsFeature AD-Domain-Services -IncludeManagementTools" - -Write-Output "`nRestarting DC1..." -az vm restart ` - --resource-group $ResourceGroup ` - --name DC1 ` - -Write-Output "`nCreating the ADDS forest..." -az vm run-command invoke ` - --command-id RunPowerShellScript ` - --resource-group $ResourceGroup ` - --name DC1 ` - --scripts "`$Password = ConvertTo-SecureString `"$VMPassword`" -AsPlainText -Force; ` -Install-ADDSForest -DomainName $DomainName -Force -SafeModeAdministratorPassword `$Password" - -Write-Output "`nRestarting DC1..." -az vm restart ` - --resource-group $ResourceGroup ` - --name DC1 ` - -for ($i = 1; $i -le $NumClients; $i++) { - Write-Output "`nAdding DC IP address to C$i host file..." - az vm run-command invoke ` +if (-Not $LinuxOnly){ + Write-Output "`nInstalling AD Domain services on DC1..." + $addDomainServicesResponse = az vm run-command invoke ` --command-id RunPowerShellScript ` --resource-group $ResourceGroup ` - --name C$i ` - --scripts "Add-Content -Path `$env:windir\System32\drivers\etc\hosts -Value `"`n$DcIP`t$DomainName`" -Force" + --name DC1 ` + --scripts "Add-WindowsFeature AD-Domain-Services -IncludeManagementTools" + Show-FormattedOutput -FormattedOutput (Format-AzVmRunCommandOutput -JsonResponse "$addDomainServicesResponse") - Write-Output "`nSetting C$i DNS server to DC1..." - az vm run-command invoke ` +# Write-Output "`nRestarting DC1..." +# az vm restart ` +# --resource-group $ResourceGroup ` +# --name DC1 ` + + Write-Output "`nCreating the ADDS forest..." + $installAddsForestResponse = az vm run-command invoke ` --command-id RunPowerShellScript ` --resource-group $ResourceGroup ` - --name C$i ` - --scripts "Get-Netadapter | Set-DnsClientServerAddress -ServerAddresses $DcIP" + --name DC1 ` + --scripts "`$Password = ConvertTo-SecureString `"$VMPassword`" -AsPlainText -Force; ` + Install-ADDSForest -DomainName $DomainName -Force -SafeModeAdministratorPassword `$Password" + Show-FormattedOutput -FormattedOutput (Format-AzVmRunCommandOutput -JsonResponse "$installAddsForestResponse") - Write-Output "`nRestarting C$i..." + Write-Output "`nRestarting DC1..." az vm restart ` --resource-group $ResourceGroup ` - --name C$i ` + --name DC1 ` - Write-Output "`nAdding C$i to the domain..." - az vm run-command invoke ` - --command-id RunPowerShellScript ` + for ($i = 1; $i -le $NumClients; $i++) { + Write-Output "`nAdding DC IP address to C$i host file..." + $addIpResponse = az vm run-command invoke ` + --command-id RunPowerShellScript ` + --resource-group $ResourceGroup ` + --name C$i ` + --scripts "Add-Content -Path `$env:windir\System32\drivers\etc\hosts -Value `"`n$DcIP`t$DomainName`" -Force" + Show-FormattedOutput -FormattedOutput (Format-AzVmRunCommandOutput -JsonResponse "$addIpResponse") + + Write-Output "`nSetting C$i DNS server to DC1..." + $setDnsResponse = az vm run-command invoke ` + --command-id RunPowerShellScript ` + --resource-group $ResourceGroup ` + --name C$i ` + --scripts "Get-Netadapter | Set-DnsClientServerAddress -ServerAddresses $DcIP" + Show-FormattedOutput -FormattedOutput (Format-AzVmRunCommandOutput -JsonResponse "$setDnsResponse") + + Write-Output "`nRestarting C$i..." + az vm restart ` --resource-group $ResourceGroup ` --name C$i ` - --scripts "`$Password = ConvertTo-SecureString `"$VMPassword`" -AsPlainText -Force; ` - `$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $DomainName\$VMAdmin, `$Password; ` - Add-Computer -DomainName $DomainName -Credential `$Credential -Restart" - # The following command fixes this issue: - # https://serverfault.com/questions/754012/windows-10-unable-to-access-sysvol-and-netlogon - Write-Output "`nModifying C$i register to allow access to sysvol..." - az vm run-command invoke ` - --command-id RunPowerShellScript ` - --resource-group $ResourceGroup ` - --name C$i ` - --scripts "cmd.exe /c `"%COMSPEC% /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths /v \\*\SYSVOL /d RequireMutualAuthentication=0 /t REG_SZ`"" + Write-Output "`nAdding C$i to the domain..." + $addToDomainResponse = az vm run-command invoke ` + --command-id RunPowerShellScript ` + --resource-group $ResourceGroup ` + --name C$i ` + --scripts "`$Password = ConvertTo-SecureString `"$VMPassword`" -AsPlainText -Force; ` + `$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $DomainName\$VMAdmin, `$Password; ` + Add-Computer -DomainName $DomainName -Credential `$Credential -Restart" + Show-FormattedOutput -FormattedOutput (Format-AzVmRunCommandOutput -JsonResponse "$addToDomainResponse") + + # The following command fixes this issue: + # https://serverfault.com/questions/754012/windows-10-unable-to-access-sysvol-and-netlogon + Write-Output "`nModifying C$i register to allow access to sysvol..." + $addToSysvolResponse = az vm run-command invoke ` + --command-id RunPowerShellScript ` + --resource-group $ResourceGroup ` + --name C$i ` + --scripts "cmd.exe /c `"%COMSPEC% /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths /v \\*\SYSVOL /d RequireMutualAuthentication=0 /t REG_SZ`"" + Show-FormattedOutput -FormattedOutput (Format-AzVmRunCommandOutput -JsonResponse "$addToSysvolResponse") + } } +Write-Output $ProcessSeparator Write-Output "`nVM login info:" -Write-Output "Username: $($VMAdmin)" -Write-Output "Password: $($VMPassword)" +Write-Output "ResourceGroup: $( $ResourceGroup )" +Write-Output "Username: $( $VMAdmin )" +Write-Output "Password: $( $VMPassword )" Write-Output "SAVE THE ABOVE INFO`n" +Write-Output $ProcessSeparator + +if (-Not $LinuxOnly){ + Write-Output "`nAdding DNS entry for Linux server..." + Write-Warning "NOTE: To verify, log on to DC1 and run 'Resolve-DnsName ls1' in PowerShell. + If it returns NXDOMAIN, you'll need to add it manually." + Write-Output "The time is $( Get-Date )." + # Define the PowerShell script with the DomainName variable interpolated + $scriptContent = @" +`$scriptBlock = { + Add-DnsServerResourceRecordA -Name LS1 -ZoneName $DomainName. -AllowUpdateAny -IPv4Address $LsIP -TimeToLive 01:00:00 -AsJob +} +`$job = Start-Job -ScriptBlock `$scriptBlock +`$timeout = 120 +if (Wait-Job -Job `$job -Timeout `$timeout) { + Receive-Job -Job `$job + Write-Host 'The script completed within the timeout period.' +} else { + Stop-Job -Job `$job + Remove-Job -Job `$job + Write-Host 'The script timed out after `$timeout seconds.' +} +"@ + + # Convert the script to a Base64-encoded string + $bytes = [System.Text.Encoding]::Unicode.GetBytes($scriptContent) + $encodedScript = [Convert]::ToBase64String($bytes) + + + # Run the encoded script on the Azure VM + Write-Output "`nAdding script to add DNS entry for Linux server. No output expected..." + $createDnsScriptResponse = az vm run-command invoke ` + --command-id RunPowerShellScript ` + --name DC1 ` + --resource-group $ResourceGroup ` + --scripts "Set-Content -Path 'C:\AddDnsRecord.ps1' -Value ([System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String('$encodedScript')))" + Show-FormattedOutput -FormattedOutput (Format-AzVmRunCommandOutput -JsonResponse "$createDnsScriptResponse") -Write-Output "`nAdding DNS entry for Linux server..." -Write-Warning "NOTE: Sometimes this final call hangs indefinitely. -Haven't figured out why. If it doesn't finish after a few minutes, -hit ctrl+c to kill the process. Even if it didn't exit normally, -it is likely that the DNS entry was still successfully added. To -verify, log on to DC1 and run 'Resolve-DnsName ls1' in PowerShell. -If it returns NXDOMAIN, you'll need to add it manually." -Write-Output "The time is $(Get-Date)." -az vm run-command create ` + Write-Output "`nRunning script to add DNS entry for Linux server. It could time out or not. Check output of the next command..." + $addDnsRecordResponse = az vm run-command invoke ` + --command-id RunPowerShellScript ` + --name DC1 ` + --resource-group $ResourceGroup ` + --scripts "C:\AddDnsRecord.ps1" + Show-FormattedOutput -FormattedOutput (Format-AzVmRunCommandOutput -JsonResponse "$addDnsRecordResponse") + + Write-Output "`nAdding ls1 to hosts file..." + $writeToHostsFileResponse = az vm run-command invoke ` + --command-id RunPowerShellScript ` + --name DC1 ` --resource-group $ResourceGroup ` - --location $Location ` - --run-as-user $DomainName\$VMAdmin ` - --run-as-password $VMPassword ` - --run-command-name "addDNSRecord" ` - --vm-name DC1 ` - --script "Add-DnsServerResourceRecordA -Name `"LS1`" -ZoneName $DomainName -AllowUpdateAny -IPv4Address $LsIP -TimeToLive 01:00:00" + --scripts "Add-Content -Path 'C:\windows\system32\drivers\etc\hosts' -Value '$LsIP ls1.$DomainName ls1'" + Show-FormattedOutput -FormattedOutput (Format-AzVmRunCommandOutput -JsonResponse "$writeToHostsFileResponse") + + Write-Host "Checking if ls1 resolves. This should resolve to ls1.lme.local->${LsIP}, not another domain..." + $resolveLs1Response = az vm run-command invoke ` + --command-id RunPowerShellScript ` + --resource-group $ResourceGroup ` + --name DC1 ` + --scripts "Resolve-DnsName ls1" + Show-FormattedOutput -FormattedOutput (Format-AzVmRunCommandOutput -JsonResponse "$resolveLs1Response") + + Write-Host "Removing the Dns script. No output expected..." + $removeDnsRecordScriptResponse = az vm run-command invoke ` + --command-id RunPowerShellScript ` + --name DC1 ` + --resource-group $ResourceGroup ` + --scripts "Remove-Item -Path 'C:\AddDnsRecord.ps1' -Force" + Show-FormattedOutput -FormattedOutput (Format-AzVmRunCommandOutput -JsonResponse "$removeDnsRecordScriptResponse") + +} Write-Output "Done." diff --git a/testing/configure/azure_scripts/copy_file_to_container.ps1 b/testing/configure/azure_scripts/copy_file_to_container.ps1 new file mode 100644 index 00000000..bac7ec33 --- /dev/null +++ b/testing/configure/azure_scripts/copy_file_to_container.ps1 @@ -0,0 +1,81 @@ +<# +.SYNOPSIS +Uploads a file to an Azure Blob Storage container and outputs the SAS URL. + +.DESCRIPTION +This script uploads a specified file to a given Azure Blob Storage container and generates a Shared Access Signature (SAS) URL for the uploaded item. +It requires the local file path, container name, storage account name, and storage account key as mandatory parameters. +This script is useful for automating the process of uploading files to Azure Blob Storage and obtaining a SAS URL for accessing the uploaded file. + +.PARAMETER LocalFilePath +The full local file path of the file to be uploaded. + +.PARAMETER ContainerName +The name of the Azure Blob Storage container where the file will be uploaded. + +.PARAMETER StorageAccountName +The name of the Azure Storage account. + +.PARAMETER StorageAccountKey +The key for the Azure Storage account. + +.OUTPUTS +Shared Access Signature (SAS) URL of the uploaded file. + +.EXAMPLE +.\copy_file_to_container.ps1 -LocalFilePath "C:\path\to\file.txt" -ContainerName "examplecontainer" -StorageAccountName "examplestorageaccount" -StorageAccountKey "examplekey" + +This example uploads 'file.txt' from the local path to 'examplecontainer' in the Azure Storage account named 'examplestorageaccount' and outputs the SAS URL for the uploaded file. + +.NOTES +- Ensure that the Azure CLI is installed and configured with the necessary permissions to access the specified Azure Storage account and container. +- The SAS URL provides access to the file with read permissions and is valid for 1 day. +#> + +param( + [Parameter(Mandatory = $true)] + [string]$LocalFilePath, + + [Parameter(Mandatory = $true)] + [string]$ContainerName, + + [Parameter(Mandatory = $true)] + [string]$StorageAccountName, + + [Parameter(Mandatory = $true)] + [string]$StorageAccountKey +) + +# Upload file to the blob container +$UploadResponse = az storage blob upload ` + --container-name $ContainerName ` + --file $LocalFilePath ` + --name (Split-Path $LocalFilePath -Leaf) ` + --account-name $StorageAccountName ` + --account-key $StorageAccountKey ` + --overwrite + +# Write the upload response to the standard output stream +Write-Host $UploadResponse + +$BlobName = (Split-Path $LocalFilePath -Leaf) +$ExpiryTime = (Get-Date).AddDays(1).ToString('yyyy-MM-ddTHH:mm:ssZ') + +# Generate SAS URL for the blob +$SasUrl = az storage blob generate-sas ` + --account-name $StorageAccountName ` + --account-key $StorageAccountKey ` + --container-name $ContainerName ` + --name $BlobName ` + --permissions r ` + --expiry $ExpiryTime ` + --output tsv + +# Write the SAS URL generation response to the standard output stream +Write-Host "SAS URL generated successfully." + +# Set the full url var for returning to the user for use in the next script +$FullUrl = "https://${StorageAccountName}.blob.core.windows.net/${ContainerName}/${BlobName}?${SasUrl}" + +# Output the FullUrl to the success output stream +Write-Output $FullUrl diff --git a/testing/configure/azure_scripts/create_blob_container.ps1 b/testing/configure/azure_scripts/create_blob_container.ps1 new file mode 100644 index 00000000..1590a702 --- /dev/null +++ b/testing/configure/azure_scripts/create_blob_container.ps1 @@ -0,0 +1,101 @@ +<# +.SYNOPSIS +This script creates a new Azure Storage Account and Blob Container within a specified Azure Resource Group. + +.DESCRIPTION +Automates the creation of a unique Azure Storage Account and Blob Container. +Requires the Azure Resource Group name as a mandatory argument. +Generates unique names for the storage account and container, creates the storage account, retrieves the storage account key, +creates a blob container, and saves the configuration to a 'config.ps1' file in the script's directory. + +.PARAMETER ResourceGroup +The name of the Azure Resource Group for the storage account and blob container. + +.EXAMPLE +.\create_blob_container.ps1 -ResourceGroup "YourResourceGroupName" + +Replace "YourResourceGroupName" with the name of your Azure Resource Group. + +.NOTES +- Requires Azure CLI and Azure account login. +- Ensure appropriate permissions in Azure. +- Handle the generated 'config.ps1' file securely. + +#> + + +param( + [Parameter(Mandatory=$true)] + [string]$ResourceGroup +) + +function New-AzureName { + param ( + [Parameter(Mandatory=$true)] + [string]$Prefix + ) + + # Ensuring the prefix is lowercase as Azure Storage Account names must be all lowercase + $Prefix = $Prefix.ToLower() + + # Generate a string of random lowercase letters and numbers + $randomCharacters = -join ((48..57) + (97..122) | Get-Random -Count (24 - $Prefix.Length) | ForEach-Object { [char]$_ }) + + return $Prefix + $randomCharacters +} + +# Get the location of the resource group +$Location = (az group show --name $ResourceGroup --query location --output tsv) + +# Generate a unique storage account name +$StorageAccountName = New-AzureName -Prefix "st" + +# Generate a container name +$ContainerName = New-AzureName -Prefix "container" + +# Variables used for Azure tags +$CurrentUser = $(az account show | ConvertFrom-Json).user.name +$Today = $(Get-Date).ToString("yyyy-MM-dd") +$Project = "LME" + +# Create a new storage account +az storage account create ` + --name $StorageAccountName ` + --resource-group $ResourceGroup ` + --location $Location ` + --sku Standard_LRS ` + --tags project=$Project created=$Today createdBy=$CurrentUser + +# Wait for a moment to ensure the storage account is available +Start-Sleep -Seconds 10 + +# Get the storage account key +$StorageAccountKey = (az storage account keys list ` + --resource-group $ResourceGroup ` + --account-name $StorageAccountName ` + --query '[0].value' ` + --output tsv) + +# Create a blob container +az storage container create ` + --name $ContainerName ` + --account-name $StorageAccountName ` + --account-key $StorageAccountKey + +# Output the created resources' details +Write-Output "Created Storage Account: $StorageAccountName" +Write-Output "StorageAccountKey: $StorageAccountKey" +Write-Output "Created Container: $ContainerName" + +# Define the file path in the same directory as the running script +$filePath = Join-Path -Path $PSScriptRoot -ChildPath "config.ps1" + +# Write the variables as PowerShell script to the file +@" +`$StorageAccountName = '$StorageAccountName' +`$StorageAccountKey = '$StorageAccountKey' +`$ContainerName = '$ContainerName' +"@ | Set-Content -Path $filePath + + + diff --git a/testing/configure/azure_scripts/download_in_container.ps1 b/testing/configure/azure_scripts/download_in_container.ps1 new file mode 100644 index 00000000..33926357 --- /dev/null +++ b/testing/configure/azure_scripts/download_in_container.ps1 @@ -0,0 +1,106 @@ +<# +.SYNOPSIS +This script automates the file download process on a specified VM based on its OS type. + +.DESCRIPTION +The script takes parameters for VM name, resource group, file URL, destination file path, username, and OS type. It processes these parameters to download a file to a VM, either running Windows or Linux. The script determines the appropriate command to create a directory (if necessary) and download the file to the specified VM, handling differences in command syntax and file path conventions based on the OS. + +.PARAMETER VMName +The name of the Virtual Machine where the file will be downloaded. + +.PARAMETER ResourceGroup +The name of the Azure resource group where the VM is located. + +.PARAMETER FileDownloadUrl +The URL of the file to be downloaded. + +.PARAMETER DestinationFilePath +The complete path where the file should be downloaded on the VM. This path is processed to extract just the filename. + +.PARAMETER UserName +The username for the VM, used in constructing the file path for Linux systems. Default is 'admin.ackbar'. + +.PARAMETER Os +The operating system type of the VM. Accepts 'Windows', 'Linux', or 'linux'. Default is 'Windows'. + +.EXAMPLE +.\download_in_container.ps1 ` + -VMName "MyVM" ` + -ResourceGroup "MyResourceGroup" ` + -FileDownloadUrl "http://example.com/file.zip" ` + -DestinationFilePath "C:\path\to\file.zip" ` + -UserName "admin.ackbar" ` + -Os "Windows" ` + +This example downloads a file from 'http://example.com/file.zip' to 'C:\path\to\file.zip' + on the VM named 'MyVM' in the 'MyResourceGroup'. + +.NOTES +- Ensure that the Azure CLI is installed and configured with the necessary permissions to access and run commands on the specified Azure VM. +- The specified script must exist on the VM and the VM should have the necessary permissions to execute it. +#> + +param( + [Parameter(Mandatory=$true)] + [string]$VMName, + + [Parameter(Mandatory=$true)] + [string]$ResourceGroup, + + [Parameter(Mandatory=$true)] + [string]$FileDownloadUrl, + + [Parameter(Mandatory=$true)] + [string]$DestinationFilePath, # This will be stripped to only the filename + + [Parameter()] + [string]$UserName = "admin.ackbar", + + [Parameter()] + [ValidateSet("Windows","Linux","linux")] + [string]$Os = "Windows" +) + +# Convert the OS parameter to lowercase for consistent comparison +$Os = $Os.ToLower() + +# Extract just the filename from the destination file path +$DestinationFileName = Split-Path -Leaf $DestinationFilePath + +# Set the destination path depending on the OS +if ($Os -eq "linux") { + $DestinationPath = "/home/$UserName/lme/$DestinationFileName" + # Create the lme directory if it doesn't exist + $DirectoryCreationScript = "mkdir -p '/home/$UserName/lme'" + # TODO: We don't want to output this until we fix it so we can put all of the output from thw whole script into one json object + # We are just ignoring the output for now + $CreateDirectoryResponse = az vm run-command invoke ` + --command-id RunShellScript ` + --resource-group $ResourceGroup ` + --name $VMName ` + --scripts $DirectoryCreationScript +} else { + $DestinationPath = "C:\lme\$DestinationFileName" +} + +# The download script +$DownloadScript = if ($Os -eq "linux") { + "curl -o '$DestinationPath' '$FileDownloadUrl'" +} else { + "Invoke-WebRequest -Uri '$FileDownloadUrl' -OutFile '$DestinationPath'" +} + +# Execute the download script with the appropriate command based on OS +if ($Os -eq "linux") { + az vm run-command invoke ` + --command-id RunShellScript ` + --resource-group $ResourceGroup ` + --name $VMName ` + --scripts $DownloadScript +} else { + az vm run-command invoke ` + --command-id RunPowerShellScript ` + --resource-group $ResourceGroup ` + --name $VMName ` + --scripts $DownloadScript +} diff --git a/testing/configure/azure_scripts/extract_archive.ps1 b/testing/configure/azure_scripts/extract_archive.ps1 new file mode 100644 index 00000000..4deabcb0 --- /dev/null +++ b/testing/configure/azure_scripts/extract_archive.ps1 @@ -0,0 +1,90 @@ +<# +.SYNOPSIS +Unzips a file on a specified Azure Virtual Machine. + +.DESCRIPTION +This script unzips a specified zip file on an Azure Virtual Machine (VM). It takes the VM's username and a filename (with optional path), +strips the path, constructs the full paths in the VM's 'Downloads' directory, strips the extension from the filename for the extraction path, +and unzips the file. The script requires the VM name, resource group name, username on the VM, and the filename of the zip file. + +.PARAMETER VMName +The name of the Azure Virtual Machine where the file will be unzipped. + +.PARAMETER ResourceGroup +The name of the Azure Resource Group that contains the VM. + +.PARAMETER Filename +The name (and optional path) of the zip file to be unzipped. + +.EXAMPLE +.\extract_archive.ps1 ` + -VMName "DC1" ` + -ResourceGroup "YourResourceGroupName" ` + -Filename "filename.zip" ` + -UserName "admin.ackbar" ` + -Os "Windows" + +This example unzips 'filename.zip' from the 'Downloads' directory of the user 'username' on the VM "DC1" in the resource group "YourResourceGroupName", and extracts it to a subdirectory named 'filename'. + +.NOTES +- Ensure that the Azure CLI is installed and configured with the necessary permissions to access and run commands on the specified Azure VM. +- The VM should have the necessary permissions to read the zip file and write to the extraction directory. +#> + +param( + [Parameter(Mandatory=$true)] + [string]$VMName, + + [Parameter(Mandatory=$true)] + [string]$ResourceGroup, + + [Parameter(Mandatory=$true)] + [string]$Filename, + + [Parameter()] + [string]$UserName = "admin.ackbar", + + [Parameter()] + [ValidateSet("Windows","Linux","linux")] + [string]$Os = "Windows" +) + +# Convert the OS parameter to lowercase for consistent comparison +$Os = $Os.ToLower() + +# Extract just the filename (ignoring any provided path) +$JustFilename = Split-Path -Leaf $Filename + +# Set paths depending on the OS +if ($Os -eq "linux") { + $ZipFilePath = "/home/$UserName/lme/$JustFilename" + $FileBaseName = [System.IO.Path]::GetFileNameWithoutExtension($JustFilename) + $ExtractToPath = "/home/$UserName/lme/$FileBaseName" # Extract to a subdirectory + + $UnzipScript = @" + unzip '$ZipFilePath' -d '$ExtractToPath' +"@ +} else { + $ZipFilePath = "C:\lme\$JustFilename" + $FileBaseName = [System.IO.Path]::GetFileNameWithoutExtension($JustFilename) + $ExtractToPath = "C:\lme\$FileBaseName" # Extract to a subdirectory + + $UnzipScript = @" + Expand-Archive -Path '$ZipFilePath' -DestinationPath '$ExtractToPath' +"@ +} + +# Execute the unzip script with the appropriate command based on OS +if ($Os -eq "linux") { + az vm run-command invoke ` + --command-id RunShellScript ` + --resource-group $ResourceGroup ` + --name $VMName ` + --scripts $UnzipScript +} else { + az vm run-command invoke ` + --command-id RunPowerShellScript ` + --resource-group $ResourceGroup ` + --name $VMName ` + --scripts $UnzipScript +} diff --git a/testing/configure/azure_scripts/lib/utilityFunctions.ps1 b/testing/configure/azure_scripts/lib/utilityFunctions.ps1 new file mode 100644 index 00000000..838d157c --- /dev/null +++ b/testing/configure/azure_scripts/lib/utilityFunctions.ps1 @@ -0,0 +1,143 @@ +function Format-AzVmRunCommandOutput { + param ( + [Parameter(Mandatory = $true)] + [string]$JsonResponse + ) + + $results = @() + + try { + $responseObj = $JsonResponse | ConvertFrom-Json +# Write-Output "Converted JSON object: $responseObj" + + if ($responseObj -and $responseObj.value) { + $stdout = "" + $stderr = "" + + foreach ($item in $responseObj.value) { +# Write-Output "Processing item: $($item.code)" + + # Check for StdOut and StdErr + if ($item.code -like "ComponentStatus/StdOut/*") { + $stdout += $item.message + "`n" + } elseif ($item.code -like "ComponentStatus/StdErr/*") { + $stderr += $item.message + "`n" + } + + # Additional case to handle other types of 'code' + # This ensures that all messages are captured + else { + $stdout += $item.message + "`n" + } + } + + if ($stdout -or $stderr) { + $results += New-Object PSObject -Property @{ + StdOut = $stdout + StdErr = $stderr + } + } + } + } catch { + $errorMessage = $_.Exception.Message + Write-Output "Error: $errorMessage" + $results += New-Object PSObject -Property @{ + StdOut = "Error: $errorMessage" + StdErr = "" + } + } + + if (-not $results) { + $results += New-Object PSObject -Property @{ + StdOut = "No data or invalid data received." + StdErr = "" + } + } + + return $results +} + +function Show-FormattedOutput { + param ( + [Parameter(Mandatory = $true)] + [Object[]]$FormattedOutput + ) + + foreach ($item in $FormattedOutput) { + if ($item -is [string]) { + # Handle string messages (like error or informational messages) + Write-Output $item + } + elseif ($item -is [PSCustomObject]) { + # Handle custom objects with StdOut and StdErr + if (![string]::IsNullOrWhiteSpace($item.StdOut)) { + Write-Output "Output (stdout):" + Write-Output $item.StdOut + } + if (![string]::IsNullOrWhiteSpace($item.StdErr)) { + Write-Output "Error (stderr):" + Write-Output $item.StdErr + } + } + } +} + +function Get-PrivateKeyFromJson { + param ( + [Parameter(Mandatory = $true)] + [string]$jsonResponse + ) + + try { + # Convert the JSON string to a PowerShell object + $responseObj = $jsonResponse | ConvertFrom-Json + + # Extract the 'message' field + $message = $responseObj.value[0].message + + # Define the start and end markers for the private key + $startMarker = "-----BEGIN OPENSSH PRIVATE KEY-----" + $endMarker = "-----END OPENSSH PRIVATE KEY-----" + + # Find the positions of the start and end markers + $startPosition = $message.IndexOf($startMarker) + $endPosition = $message.IndexOf($endMarker) + + if ($startPosition -lt 0 -or $endPosition -lt 0) { + Write-Error "Private key markers not found in the JSON response." + return $null + } + + # Extract the private key, including the markers + $privateKey = $message.Substring($startPosition, $endPosition - $startPosition + $endMarker.Length) + + # Return the private key + return $privateKey + } + catch { + Write-Error "An error occurred while extracting the private key: $_" + return $null + } +} + +function Invoke-GPUpdateOnVMs { + param( + [Parameter(Mandatory = $true)] + [string]$ResourceGroup, + [int]$numberOfClients = 2 + ) + + for ($i = 1; $i -le $numberOfClients; $i++) { + $vmName = "C$i" # Dynamically create VM name + + # Invoke the command on the VM + $gpupdateResponse = az vm run-command invoke ` + --command-id RunPowerShellScript ` + --name $vmName ` + --resource-group $ResourceGroup ` + --scripts "gpupdate /force" + + # Call the existing Show-FormattedOutput function + Show-FormattedOutput -FormattedOutput (Format-AzVmRunCommandOutput -JsonResponse "$gpupdateResponse") + } +} diff --git a/testing/configure/azure_scripts/run_script_in_container.ps1 b/testing/configure/azure_scripts/run_script_in_container.ps1 new file mode 100644 index 00000000..67d15c5f --- /dev/null +++ b/testing/configure/azure_scripts/run_script_in_container.ps1 @@ -0,0 +1,59 @@ +<# +.SYNOPSIS +Executes a specified PowerShell script with arguments on an Azure Virtual Machine. + +.DESCRIPTION +This script remotely executes a PowerShell script that is already present on an Azure Virtual Machine (VM), +passing specified arguments to it. It uses Azure's 'az vm run-command invoke' to run the specified script +located on the VM. The script requires the VM name, resource group name, the full path of the script on the VM, +and a string of arguments to pass to the script. + +.PARAMETER ResourceGroup +The name of the Azure Resource Group that contains the VM. + +.PARAMETER VMName +The name of the Azure Virtual Machine where the script will be executed. + +.PARAMETER ScriptPathOnVM +The full path of the PowerShell script on the Azure VM that needs to be executed. + +.PARAMETER ScriptArguments +A string of arguments that will be passed to the script. + +.EXAMPLE +.\run_script_in_container.ps1 ` + -ResourceGroup "YourResourceGroupName" ` + -VMName "VMName" ` + -ScriptPathOnVM "C:\path\to\your\script.ps1" ` + -ScriptArguments "-Arg1 value1 -Arg2 value2" + +This example executes a script located at 'C:\path\to\your\script.ps1' on the VM named "VMName" + in the resource group "YourResourceGroup", passing it the arguments "-Arg1 value1 -Arg2 value2". + +.NOTES +- Ensure that the Azure CLI is installed and configured with the necessary permissions to access and run commands on the specified Azure VM. +- The specified script must exist on the VM and the VM should have the necessary permissions to execute it. +#> + +param( + [Parameter(Mandatory=$true)] + [string]$ResourceGroup, + + [Parameter(Mandatory=$true)] + [string]$VMName, + + [Parameter(Mandatory=$true)] + [string]$ScriptPathOnVM, # The full path of the script on the VM + + [string]$ScriptArguments # Arguments to pass to the script +) + +$InvokeScriptCommand = @" +& '$ScriptPathOnVM' $ScriptArguments +"@ + +az vm run-command invoke ` + --command-id RunPowerShellScript ` + --resource-group $ResourceGroup ` + --name $VMName ` + --scripts $InvokeScriptCommand diff --git a/testing/configure/azure_scripts/zip_my_parents_parent.ps1 b/testing/configure/azure_scripts/zip_my_parents_parent.ps1 new file mode 100644 index 00000000..ef034496 --- /dev/null +++ b/testing/configure/azure_scripts/zip_my_parents_parent.ps1 @@ -0,0 +1,34 @@ +<# +.SYNOPSIS +Zips the parent of the parent directory of the script and outputs the path of the ZIP file. + +.DESCRIPTION +This script compresses the parent directory of the parent of its location into a ZIP file. +It then outputs the full path of the created ZIP file. This is useful for quickly archiving the contents of the parent directory. + +.EXAMPLE +This example demonstrates how to execute the script and capture the path of the created ZIP file. +# Define the path to this zip script +$zipScriptPath = "C:\path\to\zip_my_parents_parent.ps1" + +# Execute the zip script and capture the output (filename of the zip file) +$zipFilePath = & $zipScriptPath + +.NOTES +- Ensure that PowerShell 5.0 or later is installed, as this script uses the Compress-Archive cmdlet. +- The script assumes read and write permissions in the script's and its parent directory. +#> +# Get the full path of the script's parent directory +$scriptParentDir = Split-Path -Parent $PSScriptRoot + +# Get the name of the parent directory +$parentDirName = Split-Path -Leaf $scriptParentDir + +# Define the destination path for the zip file (adjacent to the parent directory) +$destinationZipPath = Join-Path -Path (Split-Path -Parent $scriptParentDir) -ChildPath ("$parentDirName.zip") + +# Create the zip file +Compress-Archive -Path "$scriptParentDir\*" -DestinationPath $destinationZipPath -Force + +# Output the path of the created zip file +$destinationZipPath diff --git a/testing/configure/chown_dc1_private_key.ps1 b/testing/configure/chown_dc1_private_key.ps1 new file mode 100644 index 00000000..77aa76f3 --- /dev/null +++ b/testing/configure/chown_dc1_private_key.ps1 @@ -0,0 +1,21 @@ +# Path to the private key +$PrivateKeyPath = "C:\lme\id_rsa" + +# Define the SYSTEM account +$SystemAccount = New-Object System.Security.Principal.NTAccount("NT AUTHORITY", "SYSTEM") + +# Get the current ACL of the file +$Acl = Get-Acl -Path $PrivateKeyPath + +# Clear any existing Access Rules +$Acl.SetAccessRuleProtection($true, $false) +$Acl.Access | ForEach-Object { $Acl.RemoveAccessRule($_) | Out-Null } + +# Create a new Access Rule granting FullControl to SYSTEM +$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($SystemAccount, "FullControl", "Allow") + +# Add the Access Rule to the ACL +$Acl.AddAccessRule($accessRule) + +# Set the updated ACL back to the file +Set-Acl -Path $PrivateKeyPath -AclObject $Acl diff --git a/testing/configure/create_lme_directory.ps1 b/testing/configure/create_lme_directory.ps1 new file mode 100644 index 00000000..3a4bf5ed --- /dev/null +++ b/testing/configure/create_lme_directory.ps1 @@ -0,0 +1,27 @@ +# Define the directory path +param( + [string]$DirectoryPath = "C:\lme" +) + +# Create the directory if it doesn't already exist +if (-not (Test-Path -Path $DirectoryPath)) { + New-Item -Path $DirectoryPath -ItemType Directory +} + +# Define the security principal for 'All Users' +$allUsers = New-Object System.Security.Principal.SecurityIdentifier("S-1-1-0") + +# Get the current ACL of the directory +$acl = Get-Acl -Path $DirectoryPath + +# Define the rights (read and execute) +$rights = [System.Security.AccessControl.FileSystemRights]::ReadAndExecute + +# Create the rule (allowing read and execute access) +$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($allUsers, $rights, 'ContainerInherit, ObjectInherit', 'None', 'Allow') + +# Add the rule to the ACL +$acl.AddAccessRule($accessRule) + +# Set the ACL back to the directory +Set-Acl -Path $DirectoryPath -AclObject $acl diff --git a/testing/configure/create_ou.ps1 b/testing/configure/create_ou.ps1 new file mode 100644 index 00000000..5b546f3c --- /dev/null +++ b/testing/configure/create_ou.ps1 @@ -0,0 +1,23 @@ +param( + [string]$Domain = "lme.local", + [string]$ClientOUCustomName = "LMEClients" +) + +Import-Module ActiveDirectory + +# Split the domain into parts and construct the ParentContainerDN +$DomainParts = $Domain -split "\." +$ParentContainerDN = ($DomainParts | ForEach-Object { "DC=$_" }) -join "," + + +# Define the distinguished name (DN) for the new OU +$NewOUDN = "OU=$ClientOUCustomName,$ParentContainerDN" + +# Check if the OU already exists +if (-not (Get-ADOrganizationalUnit -Filter "DistinguishedName -eq '$NewOUDN'" -ErrorAction SilentlyContinue)) { + # Create the new OU + New-ADOrganizationalUnit -Name $ClientOUCustomName -Path $ParentContainerDN + Write-Output "Organizational Unit '$ClientOUCustomName' created successfully under $ParentContainerDN." +} else { + Write-Output "Organizational Unit '$ClientOUCustomName' already exists under $ParentContainerDN." +} diff --git a/testing/configure/download_files.ps1 b/testing/configure/download_files.ps1 new file mode 100644 index 00000000..1bc6588e --- /dev/null +++ b/testing/configure/download_files.ps1 @@ -0,0 +1,23 @@ +param( + [string]$Directory = $env:USERPROFILE +) + +# Base directory path - use provided username or default to USERPROFILE +$BaseDirectoryPath = if ($Directory -and ($Directory -ne $env:USERPROFILE)) { + "C:\$Directory" +} else { + "$env:USERPROFILE\Downloads\" +} + +# Todo: Allow for downloading a version by adding a parameter for the version number +$ApiUrl = "https://api.github.com/repos/cisagov/LME/releases/latest" +$latestRelease = Invoke-RestMethod -Uri $ApiUrl +$zipFileUrl = $latestRelease.assets | Where-Object { $_.content_type -eq 'application/zip' } | Select-Object -ExpandProperty browser_download_url +$downloadPath = "$BaseDirectoryPath\" + $latestRelease.name + ".zip" +$extractPath = "$BaseDirectoryPath\LME" + +Invoke-WebRequest -Uri $zipFileUrl -OutFile $downloadPath +if (-not (Test-Path -Path $extractPath)) { + New-Item -ItemType Directory -Path $extractPath +} +Expand-Archive -LiteralPath $downloadPath -DestinationPath $extractPath diff --git a/testing/configure/install_chapter_1.ps1 b/testing/configure/install_chapter_1.ps1 new file mode 100644 index 00000000..ee16a0a4 --- /dev/null +++ b/testing/configure/install_chapter_1.ps1 @@ -0,0 +1,65 @@ +param ( + [Parameter( + HelpMessage="Path to the configuration directory. Default is 'C:\lme\configure'." + )] + [string]$ConfigurePath = "C:\lme\configure", + [Parameter( + HelpMessage="Path to the root install directory. Default is 'C:\lme'." + )] + [string]$RootInstallDir = "C:\lme" + +) + +# Exit the script on any error +$ErrorActionPreference = 'Stop' +$ProcessSeparator = "`n----------------------------------------`n" + +# Change directory to the configure directory +Set-Location -Path $ConfigurePath + +# Run the scripts and check for failure +Write-Output "Creating the configurePath directory..." +.\create_lme_directory.ps1 -DirectoryPath $RootInstallDir +Write-Output $ProcessSeparator + +Write-Output "Downloading the files..." +.\download_files.ps1 -Directory lme +Write-Output $ProcessSeparator + +Write-Output "Importing the GPOs..." +.\wec_import_gpo.ps1 -Directory lme +Write-Output $ProcessSeparator + +Start-Sleep 10 +Write-Output "Updating the GPO server name..." +.\wec_gpo_update_server_name.ps1 +Write-Output $ProcessSeparator + +Write-Output "Creating the OU..." +.\create_ou.ps1 +Write-Output $ProcessSeparator + +Write-Output "Linking the GPOs..." +.\wec_link_gpo.ps1 +Write-Output $ProcessSeparator + +Write-Output "Provisioning the WEC service..." +.\wec_service_provisioner.ps1 +Write-Output $ProcessSeparator + +# Run the wevtutil and wecutil commands +Write-Output "Running wevtutil and wecutil commands to start the wec service manually..." +wevtutil set-log ForwardedEvents /q:true /e:true +Write-Output $ProcessSeparator + +Write-Output "Running wecutil restart command..." +wecutil rs lme +Write-Output $ProcessSeparator + +Write-Output "Running wecutil gr command..." +wecutil gr lme +Write-Output $ProcessSeparator + +# Run the move_computers_to_ou script +Write-Output "Moving the computers to the OU..." +.\move_computers_to_ou.ps1 diff --git a/testing/configure/install_chapter_2.ps1 b/testing/configure/install_chapter_2.ps1 new file mode 100644 index 00000000..d85a9d6b --- /dev/null +++ b/testing/configure/install_chapter_2.ps1 @@ -0,0 +1,28 @@ +param ( + [Parameter( + HelpMessage="Path to the configuration directory. Default is 'C:\lme\configure'." + )] + [string]$ConfigurePath = "C:\lme\configure" +) + +# Exit the script on any error +$ErrorActionPreference = 'Stop' +$ProcessSeparator = "`n----------------------------------------`n" + +# Change directory to the configure directory +Set-Location -Path $ConfigurePath + +Write-Output "Installing Sysmon..." +.\sysmon_install_in_sysvol.ps1 +Write-Output $ProcessSeparator + +Write-Output "Importing the gpo..." +.\sysmon_import_gpo.ps1 -Directory lme +Write-Output $ProcessSeparator + +Write-Output "Updating the gpo variables.." +.\sysmon_gpo_update_vars.ps1 +Write-Output $ProcessSeparator + +Write-Output "Linking the gpo..." +.\sysmon_link_gpo.ps1 diff --git a/testing/configure/lib/functions.sh b/testing/configure/lib/functions.sh new file mode 100644 index 00000000..11d1e6b5 --- /dev/null +++ b/testing/configure/lib/functions.sh @@ -0,0 +1,47 @@ +extract_credentials() { + local file_path=${1:-'/opt/lme/Chapter 3 Files/output.log'} + + if [ ! -f "$file_path" ]; then + echo "File not found: $file_path" + return 1 + fi + + # Use sed to extract the lines containing the credentials + credentials=$(sed -n '/^## [a-zA-Z_]*:/p' "$file_path") + + # Loop through the extracted lines and assign the values to variables + while IFS=: read -r key value; do + key=$(echo "$key" | sed 's/^## //g' | tr -d '[:space:]') + value=$(echo "$value" | tr -d '\r\n') + export "$key"="$value" + done <<< "$credentials" + + export ELASTIC_PASSWORD=$elastic +} + +write_credentials_to_file() { + local file_path=$1 + # exit if file path is not provided + if [ -z "$file_path" ]; then + echo "File path is required" + return 1 + fi + # Write credentials to the file + echo "export elastic=$elastic" > "$file_path" + echo "export kibana=$kibana" >> "$file_path" + echo "export logstash_system=$logstash_system" >> "$file_path" + echo "export logstash_writer=$logstash_writer" >> "$file_path" + echo "export dashboard_update=$dashboard_update" >> "$file_path" +} + + +extract_ls1_ip() { + local file_path=$1 + # exit if file path is not provided + if [ -z "$file_path" ]; then + echo "File path is required" + return 1 + fi + publicIpAddress=$(sed -n '/Creating LS1.../,/}/p' $file_path | awk -F'"' '/publicIpAddress/{print $4}') + export LS1_IP=$publicIpAddress +} \ No newline at end of file diff --git a/testing/configure/linux_authorize_private_key.sh b/testing/configure/linux_authorize_private_key.sh new file mode 100755 index 00000000..c699d816 --- /dev/null +++ b/testing/configure/linux_authorize_private_key.sh @@ -0,0 +1,4 @@ +#!/usr/bin/env bash +cat /home/admin.ackbar/.ssh/id_rsa.pub >> /home/admin.ackbar/.ssh/authorized_keys +sudo chown admin.ackbar:admin.ackbar /home/admin.ackbar/.ssh/* +perl -p -i -e 's/root\@LS1/admin.ackbar\@DC1/' /home/admin.ackbar/.ssh/authorized_keys diff --git a/testing/configure/linux_install_lme.exp b/testing/configure/linux_install_lme.exp new file mode 100755 index 00000000..1ba53a1c --- /dev/null +++ b/testing/configure/linux_install_lme.exp @@ -0,0 +1,81 @@ +#!/usr/bin/expect + +# Change to the LME directory containing files for the Linux server +cd /opt/lme/Chapter\ 3\ Files/ + +# Adjust the timeout if necessary +set timeout 60 +set expect_out(buffer_size) 1000000 + +log_file -a output.log + +spawn ./deploy.sh install +sleep 1 +expect { + -re {.*OK.*} { + send "\r" + } + -re {.*Proceed.*} { + send "y\r" + } +} + + +expect { + -re {.*Please reboot and re-run this script to finish the install.*} { + send_user "Reboot required. Exiting...\n" + exit + } + -re "Enter the IP of this Linux server.*" { + sleep 1 + send "\r" + } +} + +sleep 1 +expect -re {Windows Event Collector} +sleep 1 +send "ls1.lme.local\r" + +sleep 1 + +expect -re {.*ntinue with self signed certificates.*: y} +sleep 1 +send "\r" +sleep 1 + +expect -re {.*ip Docker Install\? \(\[y\]es/\[n\]o\): n} +sleep 1 +send "\r" + + + +set timeout 310 +expect { + -re {Waiting for Elasticsearch to be ready} { + puts " Elasticsearch is being prepared" + exp_continue + } + -re {\.} { + puts " . " + exp_continue + } + -re {We think your main disk is} { + puts " Disk message received" + exp_continue + } + -re {Bootstrapping} { + puts " Bootstrapping in progress" + exp_continue + } + -re {Uploading Kibana dashboards} { + puts " Kibana dashboards are being uploaded" + exp_continue + } +} + +expect eof + +log_file + +exec cat output.log diff --git a/testing/configure/linux_install_lme.sh b/testing/configure/linux_install_lme.sh new file mode 100755 index 00000000..f0d215c6 --- /dev/null +++ b/testing/configure/linux_install_lme.sh @@ -0,0 +1,111 @@ +#!/bin/bash + +# Change to the directory where the script is located +script_dir=$(dirname "$0") +cd $script_dir || exit 1 +# We need to get the full path of the script dir for below +script_dir=$(pwd) + +# Default username +username="admin.ackbar" + +# Process command line arguments +while getopts "u:v:b:" opt; do + case $opt in + u) username=$OPTARG ;; + v) version=$OPTARG ;; + b) branch=$OPTARG ;; + \?) echo "Invalid option -$OPTARG" >&2; exit 1 ;; + esac +done + +# Check if version matches the pattern +if [[ -n "$version" && ! $version =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + echo "Invalid version format. Version should match \d+.\d+.\d+" + exit 1 +fi + +# Remove any existing LME directories +sudo rm -rf /opt/cisagov-LME-* /opt/lme + +# Get the tarball URL for the specified version +get_tarball_url() { + echo "https://api.github.com/repos/cisagov/LME/tarball/v$1" +} + +if [ -n "$branch" ]; then + # Clone from the specified branch + git clone --branch "$branch" https://github.com/cisagov/LME.git /opt/lme +else + echo "Getting the code from GitHub" + # Check if a version is provided + if [ -n "$version" ]; then + tarball_url=$(get_tarball_url "$version") + else + tarball_url=$(curl -s https://api.github.com/repos/cisagov/LME/releases/latest | jq -r '.tarball_url') + fi + + # Get the version from the tarball URL + v_version=$(basename "$tarball_url") + + echo "Downloading $tarball_url to file: $v_version" + curl -L "$tarball_url" -o "$v_version" + + # extracts it to a folder like cisagov-LME-3412897 + sudo tar -xzpf "$v_version" -C /opt + rm -rf "$v_version" + + extracted_filename=$(sudo ls -ltd /opt/cisagov-LME-* | grep "^d" | head -n 1 | awk '{print $NF}') + + echo "Extracted to $extracted_filename" + + echo "Renaming directory to /opt/lme" + sudo mv "$extracted_filename" /opt/lme +fi + +# Change the way we check disk usage in the old versions +perl -pi -e 's/DISK_SIZE="\$\(echo "\$DF_OUTPUT".+?\)"/DISK_SIZE=130/' /opt/lme/Chapter\ 3\ Files/deploy.sh +perl -pi -e 's/DISK_80=\$\(\(DISK_SIZE_ROUND \* 80 \/ 100\)\)/DISK_80=91/g' /opt/lme/Chapter\ 3\ Files/deploy.sh + + +echo 'export DEBIAN_FRONTEND=noninteractive' >> ~/.bashrc +echo 'export NEEDRESTART_MODE=a' >> ~/.bashrc +. ~/.bashrc + +# Set the noninteractive modes for root +echo 'export DEBIAN_FRONTEND=noninteractive' | sudo tee -a /root/.bashrc +echo 'export NEEDRESTART_MODE=a' | sudo tee -a /root/.bashrc + +#get interface name of default route +DEFAULT_IF="$(route | grep '^default' | grep -o '[^ ]*$')" + +#get ip of the interface +EXT_IP="$(/sbin/ifconfig "$DEFAULT_IF" | awk -F ' *|:' '/inet /{print $3}')" + +function installdocker() { + echo -e "\e[32m[X]\e[0m Installing Docker" + curl -fsSL https://get.docker.com -o get-docker.sh >/dev/null + sudo sh get-docker.sh >/dev/null + echo "Starting docker" + sudo service docker start + sleep 5 +} + +# Pull the images so you don't have to wait for them in expect +installdocker + +echo -e "\e[32m[X]\e[0m Pulling the images. This may take some time." +docker compose -f /opt/lme/Chapter\ 3\ Files/docker-compose-stack.yml pull --quiet + +# Execute script with root privileges +# Todo: We could put a switch here for different versions and just run different expect scripts +sudo -E bash -c ". /root/.bashrc && $script_dir/linux_install_lme.exp" + +sudo chmod ugo+w "/opt/lme/Chapter 3 Files/output.log" + +if [ -f "/opt/lme/files_for_windows.zip" ]; then + sudo cp /opt/lme/files_for_windows.zip /home/"$username"/ + sudo chown "$username":"$username" /home/"$username"/files_for_windows.zip +else + echo "files_for_windows.zip does not exist. Probably because a reboot is required in order to proceed with the install" +fi diff --git a/testing/configure/linux_make_private_key.exp b/testing/configure/linux_make_private_key.exp new file mode 100755 index 00000000..16fd6ec9 --- /dev/null +++ b/testing/configure/linux_make_private_key.exp @@ -0,0 +1,16 @@ +#!/usr/bin/expect + +spawn ssh-keygen -t rsa -b 4096 +sleep 1 +expect -re {Enter file in which to save the key} +send "/home/admin.ackbar/.ssh/id_rsa\r" +sleep 1 +expect -re {empty for no passphrase} +send "\r" +sleep 1 +expect -re {Enter same passphrase again} +send "\r" + +set timeout 60 + +expect eof diff --git a/testing/configure/linux_test_install.sh b/testing/configure/linux_test_install.sh new file mode 100755 index 00000000..3dda731d --- /dev/null +++ b/testing/configure/linux_test_install.sh @@ -0,0 +1,119 @@ +#!/usr/bin/env bash +set -e + +# Get the full path to the directory containing the current script +script_dir=$(dirname "$(realpath "${BASH_SOURCE[0]}")") + +source "${script_dir}/lib/functions.sh" +extract_credentials '/opt/lme/Chapter 3 Files/output.log' + +check_variable() { + local var_name="$1" + local var_value="$2" + + if [ -z "$var_value" ]; then + echo "Error: '$var_name' is not set or is empty" + return 1 # Return a non-zero status to indicate failure + fi +} + +# Perform the checks +check_variable "elastic" "$elastic" || exit 1 +check_variable "kibana" "$kibana" || exit 1 +check_variable "logstash_system" "$logstash_system" || exit 1 +check_variable "logstash_writer" "$logstash_writer" || exit 1 +check_variable "dashboard_update" "$dashboard_update" || exit 1 + +echo "All variables are set correctly." + +# Get the list of containers and their health status +container_statuses=$(docker ps --format "{{.Names}}: {{.Status}}" | grep -v "CONTAINER ID") + +# Check each container's status +unhealthy=false +while read -r line; do + container_name=$(echo "$line" | awk -F': ' '{print $1}') + health_status=$(echo "$line" | awk -F': ' '{print $2}') + + if [[ $health_status != *"(healthy)"* ]]; then + echo "Container $container_name is not healthy: $health_status" + unhealthy=true + exit 1 + fi +done <<< "$container_statuses" + +# Final check +if [ "$unhealthy" = false ]; then + echo "All containers are healthy." +fi + +ELASTICSEARCH_HOST="localhost" +ELASTICSEARCH_PORT="9200" + +# Get list of all indexes +indexes=$(curl -sk -u "elastic:$elastic" "https://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/_cat/indices?v" | awk '{print $3}') + +# Check if winlogbeat index exists +if echo "$indexes" | grep -q "winlogbeat"; then + echo "Index 'winlogbeat' exists." +else + echo "Index 'winlogbeat' does not exist." >&2 + exit 1 +fi + +# Check if we can query the winlogbeat index +response=$(curl -sk -u "elastic:$elastic" "https://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/winlogbeat-*/_search" -H "Content-Type: application/json" -d '{ + "size": 1, + "query": { + "match_all": {} + } +}') + +# Check if the curl command was successful +if [ $? -eq 0 ]; then + echo "Querying winlogbeat executed successfully." +else + echo "Error executing the query of winlogbeat." >&2 + exit 1 +fi + +# Check the kibana saved objects. +# response=$(curl -sk -u "elastic:$elastic" "https://${ELASTICSEARCH_HOST}:${ELASTICSEARCH_PORT}/.kibana/_search" -H "Content-Type: application/json" -d '{ +# "size": 1000, +# "query": { +# "term": { +# "type": "dashboard" +# } +# } +# }') +# echo $response + + +response=$(curl -sk -u "elastic:$elastic" "https://${ELASTICSEARCH_HOST}/api/kibana/management/saved_objects/_find?perPage=500&page=1&type=dashboard&sortField=updated_at&sortOrder=desc") + +#!/bin/bash + +# List of dashboard names to check +declare -a names_to_check=( + "User Security" + "User HR" + "Sysmon Summary" + "Security Dashboard - Security Log" + "Process Explorer" + "Computer Software Overview" + "Alerting Dashboard" + "HealthCheck Dashboard - Overview" +) + +# Extract dashboard names from the JSON response stored in the variable +dashboard_names=$(echo "$response" | jq -r '.saved_objects[] | select(.type == "dashboard") | .meta.title') + +# Check each name +for name in "${names_to_check[@]}"; do + if grep -qF "$name" <<< "$dashboard_names"; then + echo "Dashboard found: $name" + else + echo "Dashboard NOT found: $name" >&2 + exit 1 + fi +done diff --git a/testing/configure/linux_update_system.sh b/testing/configure/linux_update_system.sh new file mode 100755 index 00000000..602e185d --- /dev/null +++ b/testing/configure/linux_update_system.sh @@ -0,0 +1,3 @@ +# Install Git client to be able to clone the LME repository +sudo apt update +sudo DEBIAN_FRONTEND=noninteractive NEEDRESTART_MODE=a apt install git curl zip net-tools jq nodejs expect python3-venv -y \ No newline at end of file diff --git a/testing/configure/list_computers_forwarding_events.ps1 b/testing/configure/list_computers_forwarding_events.ps1 new file mode 100644 index 00000000..ecf8ff3a --- /dev/null +++ b/testing/configure/list_computers_forwarding_events.ps1 @@ -0,0 +1,27 @@ +๏ปฟ# Execute 'wecutil gr lme' command and capture the output +$wecutilOutput = wecutil gr lme + +# Split the output into individual lines +$lines = $wecutilOutput -split "`r`n" | Where-Object { $_ -match "\S" } # Exclude empty lines + +# Initialize a list to store active computer names +$activeComputers = @() + +# Process each line to extract computer names with active status +$isActive = $false +foreach ($line in $lines) { + if ($line -match "RunTimeStatus: Active") { + $isActive = $true + } elseif ($line -match "\.local") { + if ($isActive) { + if ($line -match "(\S+\.local)") { + $activeComputers += $matches[1] + } + } + $isActive = $false + } +} + +# Display the active computer names +Write-Output "Active Computers Forwarding Events:" +$activeComputers | ForEach-Object { Write-Output $_ } diff --git a/testing/configure/move_computers_to_ou.ps1 b/testing/configure/move_computers_to_ou.ps1 new file mode 100644 index 00000000..4ef36c49 --- /dev/null +++ b/testing/configure/move_computers_to_ou.ps1 @@ -0,0 +1,38 @@ +๏ปฟparam( + [string]$Domain = "lme.local", + [string]$ClientOUCustomName = "LMEClients", + [string]$CurrentCN = "Computers" +) + +# Import the Active Directory module +Import-Module ActiveDirectory + +# Split the domain into its parts +$domainParts = $Domain -split '\.' + +# Construct the domain DN, starting with 'DC=' +$domainDN = 'DC=' + ($domainParts -join ',DC=') + +# Define the DN of the existing Computers container +$computersContainerDN = "CN=$CurrentCN,$domainDN" + +# Define the DN of the target OU +$targetOUDN = "OU=$ClientOUCustomName,$domainDN" + +# Output the DNs for verification +Write-Output "Current Computers Container DN: $computersContainerDN" +Write-Output "Target OU DN: $targetOUDN" + +# Get the computer accounts in the Computers container +$computers = Get-ADComputer -Filter * -SearchBase $computersContainerDN + +# Move each computer to the target OU +foreach ($computer in $computers) { + try { + # Move the computer to the target OU + Move-ADObject -Identity $computer.DistinguishedName -TargetPath $targetOUDN + Write-Output "Moved $($computer.Name) to $targetOUDN" + } catch { + Write-Output "Failed to move $($computer.Name): $_" + } +} \ No newline at end of file diff --git a/testing/configure/sysmon_gpo_update_vars.ps1 b/testing/configure/sysmon_gpo_update_vars.ps1 new file mode 100644 index 00000000..9707039a --- /dev/null +++ b/testing/configure/sysmon_gpo_update_vars.ps1 @@ -0,0 +1,43 @@ +param( + [string]$GpoName = "LME-Sysmon-Task", + [string]$DomainName = "lme.local" +) + +# Get the FQDN of the current server +$fqdn = [System.Net.Dns]::GetHostByName($env:COMPUTERNAME).HostName + +# Get the GPO object +$gpo = Get-GPO -Name $GpoName + +# Check if GPO is found +if ($null -eq $gpo) { + Write-Output "GPO not found" + exit +} + +# Get the GUID of the GPO +$gpoGuid = $gpo.Id + +# Define the path to the XML file +$xmlFilePath = "C:\Windows\SYSVOL\sysvol\$DomainName\Policies\{$gpoGuid}\Machine\Preferences\ScheduledTasks\ScheduledTasks.xml" + +# Get current time and add 5 minutes +$newStartTime = (Get-Date).AddMinutes(5).ToString("yyyy-MM-ddTHH:mm:ss") + +# Load the XML file +$xml = [xml](Get-Content -Path $xmlFilePath) + +# Find the task with name "LME-Sysmon-Task" +$task = $xml.ScheduledTasks.TaskV2 | Where-Object { $_.Properties.name -eq "LME-Sysmon-Task" } + +# Update the start time in the XML +$task.Properties.Task.Triggers.CalendarTrigger.StartBoundary = $newStartTime + +# Update the command path +$task.Properties.Task.Actions.Exec.Command = "\\$fqdn\sysvol\$DomainName\LME\Sysmon\update.bat" + +# Save the modified XML back to the file +$xml.Save($xmlFilePath) + +# Output the new start time for verification +Write-Output "New start time set to: $newStartTime" \ No newline at end of file diff --git a/testing/configure/sysmon_import_gpo.ps1 b/testing/configure/sysmon_import_gpo.ps1 new file mode 100644 index 00000000..2f3eb109 --- /dev/null +++ b/testing/configure/sysmon_import_gpo.ps1 @@ -0,0 +1,34 @@ +param( + [string]$Directory = $env:USERPROFILE +) + +# Determine the base directory path based on the provided username +$baseDirectoryPath = if ($Directory -and ($Directory -ne $env:USERPROFILE)) { + "C:\$Directory" +} else { + "$env:USERPROFILE\Downloads" +} + +$GPOBackupPath = "$baseDirectoryPath\LME\Chapter 2 Files\GPO Deployment\Group Policy Objects" + +$gpoNames = @("LME-Sysmon-Task") + +foreach ($gpoName in $gpoNames) { + $gpo = Get-GPO -Name $gpoName -ErrorAction SilentlyContinue + if (-not $gpo) { + New-GPO -Name $gpoName | Out-Null + Write-Output "Created GPO: $gpoName" + } else { + Write-Output "GPO $gpoName already exists." + } + + try { + Import-GPO -BackupGpoName $gpoName -TargetName $gpoName -Path $GPOBackupPath -CreateIfNeeded -ErrorAction Stop + Write-Output "Imported settings into GPO: $gpoName" + } catch { + Throw "Failed to import GPO: $gpoName. The GPODisplayName in bkupinfo.xml may not match or other import error occurred." + } +} + +Write-Output "LME Sysmon GPOs have been created and imported successfully." + diff --git a/testing/configure/sysmon_install_in_sysvol.ps1 b/testing/configure/sysmon_install_in_sysvol.ps1 new file mode 100644 index 00000000..41b59777 --- /dev/null +++ b/testing/configure/sysmon_install_in_sysvol.ps1 @@ -0,0 +1,69 @@ +๏ปฟparam( + [string]$DomainName = "lme.local" # Default domain name +) + +# Define the SYSVOL path +$destinationPath = "C:\Windows\SYSVOL\SYSVOL\$DomainName\LME\Sysmon" +$tempPath = Join-Path $env:TEMP "SysmonTemp" + +# Create the LME and Sysmon directories +New-Item -ItemType Directory -Path $destinationPath -Force +New-Item -ItemType Directory -Path $tempPath -Force + +# Copy update.bat from the user's download directory +$updateBatSource = "C:\lme\LME\Chapter 2 Files\GPO Deployment\update.bat" +Copy-Item -Path $updateBatSource -Destination $destinationPath + +# Download URL for Sysmon +$url = "https://download.sysinternals.com/files/Sysmon.zip" + +# Download file path +$zipFilePath = Join-Path $tempPath "Sysmon.zip" + +# Download the file +Invoke-WebRequest -Uri $url -OutFile $zipFilePath + +# Unzip the file to temp directory +Expand-Archive -Path $zipFilePath -DestinationPath $tempPath + +# Copy only Sysmon64.exe to destination +Copy-Item -Path "$tempPath\Sysmon64.exe" -Destination $destinationPath + +# Clean up: remove temp directory and zip file +Remove-Item -Path $tempPath -Recurse -Force + +# Download URL for the Sysmon configuration file +$xmlUrl = "https://raw.githubusercontent.com/SwiftOnSecurity/sysmon-config/master/sysmonconfig-export.xml" + +# Destination file path for the Sysmon configuration file +$xmlFilePath = Join-Path $destinationPath "sysmon.xml" + +# Download and rename the file +Invoke-WebRequest -Uri $xmlUrl -OutFile $xmlFilePath + +# Define the destination path for Sigcheck +$sigcheckDestinationPath = "C:\Windows\SYSVOL\SYSVOL\$DomainName\LME" + +# Download URL for Sigcheck +$sigcheckUrl = "https://download.sysinternals.com/files/Sigcheck.zip" + +# Temporary path for Sigcheck zip file +$sigcheckTempPath = Join-Path $env:TEMP "SigcheckTemp" + +# Ensure the temporary directory exists +New-Item -ItemType Directory -Path $sigcheckTempPath -Force + +# Download file path for Sigcheck +$sigcheckZipFilePath = Join-Path $sigcheckTempPath "Sigcheck.zip" + +# Download the Sigcheck zip file +Invoke-WebRequest -Uri $sigcheckUrl -OutFile $sigcheckZipFilePath + +# Unzip the Sigcheck file to temporary directory +Expand-Archive -Path $sigcheckZipFilePath -DestinationPath $sigcheckTempPath + +# Copy only Sigcheck64.exe to the destination +Copy-Item -Path "$sigcheckTempPath\sigcheck64.exe" -Destination $sigcheckDestinationPath + +# Clean up: remove temporary directory and zip file +Remove-Item -Path $sigcheckTempPath -Recurse -Force diff --git a/testing/configure/sysmon_link_gpo.ps1 b/testing/configure/sysmon_link_gpo.ps1 new file mode 100644 index 00000000..a29aa9eb --- /dev/null +++ b/testing/configure/sysmon_link_gpo.ps1 @@ -0,0 +1,18 @@ +param( + [string]$Domain = "lme.local", + [string]$ClientOUCustomName = "LMEClients" +) + +Import-Module ActiveDirectory + +$domainDN = $Domain -replace '\.', ',DC=' -replace '^', 'DC=' +$OUDistinguishedName = "OU=$ClientOUCustomName,$domainDN" + +$GPOName = "LME-Sysmon-Task" + +try { + New-GPLink -Name $GPOName -Target $OUDistinguishedName + Write-Output "GPO '$GPOName' linked to OU '$ClientOUCustomName'." +} catch { + Write-Output "Error linking GPO '$GPOName' to OU '$ClientOUCustomName': $_" +} diff --git a/testing/configure/trust_ls1_ssh_key.ps1 b/testing/configure/trust_ls1_ssh_key.ps1 new file mode 100644 index 00000000..0f3d0a41 --- /dev/null +++ b/testing/configure/trust_ls1_ssh_key.ps1 @@ -0,0 +1,66 @@ +param ( + [string]$SshHost = "ls1" +) + +$SshDirectory = "C:\Windows\System32\config\systemprofile\.ssh" +$KnownHostsFile = Join-Path -Path $SshDirectory -ChildPath "known_hosts" + +# Ensure the .ssh directory exists +if (-not (Test-Path -Path $SshDirectory)) { + New-Item -ItemType Directory -Path $SshDirectory +} + +# Function to set ACL for the directory, granting FullControl to SYSTEM and applying inheritance +function Set-SystemOnlyAclForDirectory { + param ( + [string]$path + ) + + $systemAccount = New-Object System.Security.Principal.NTAccount("NT AUTHORITY", "SYSTEM") + $acl = Get-Acl -Path $path + $acl.SetAccessRuleProtection($true, $false) # Enable ACL protection, disable inheritance + $acl.Access | ForEach-Object { $acl.RemoveAccessRule($_) | Out-Null } # Clear existing rules + + # Create and add the Access Rule for SYSTEM with inheritance + $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($systemAccount, "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow") + $acl.AddAccessRule($accessRule) + + # Apply the updated ACL to the directory + Set-Acl -Path $path -AclObject $acl +} + +# Function to set ACL for a file, granting FullControl only to SYSTEM +function Set-SystemOnlyAclForFile { + param ( + [string]$path + ) + + $systemAccount = New-Object System.Security.Principal.NTAccount("NT AUTHORITY", "SYSTEM") + $acl = Get-Acl -Path $path + $acl.SetAccessRuleProtection($true, $false) # Enable ACL protection, disable inheritance + $acl.Access | ForEach-Object { $acl.RemoveAccessRule($_) | Out-Null } # Clear existing rules + + # Create and add the Access Rule for SYSTEM + $accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($systemAccount, "FullControl", "Allow") + $acl.AddAccessRule($accessRule) + + # Apply the updated ACL to the file + Set-Acl -Path $path -AclObject $acl +} + +# Set ACL for the .ssh directory with inheritance +Set-SystemOnlyAclForDirectory -path $SshDirectory + +# Ensure the known_hosts file exists +if (-not (Test-Path -Path $KnownHostsFile)) { + New-Item -ItemType File -Path $KnownHostsFile +} + +# Set ACL for the known_hosts file without inheritance +Set-SystemOnlyAclForFile -path $KnownHostsFile + +# Run ssh-keyscan and append output to known_hosts +ssh-keyscan $SshHost | Out-File -FilePath $KnownHostsFile -Append -Encoding UTF8 + +# Output the contents of the known_hosts file +Get-Content -Path $KnownHostsFile diff --git a/testing/configure/wec_firewall.ps1 b/testing/configure/wec_firewall.ps1 new file mode 100644 index 00000000..3e3bb129 --- /dev/null +++ b/testing/configure/wec_firewall.ps1 @@ -0,0 +1,18 @@ +# Asks user to provide subnet - then creates a inbound allow firewall rule for 5985. Run on WEC server. +param ( + [string]$InboundRuleName = "WinRM TCP In 5985", + [string]$ClientSubnet = "10.1.0.0/24", + [string]$LocalPort = "5985" +) + +if (-not (Get-NetFirewallRule -Name $InboundRuleName -ErrorAction SilentlyContinue)) { + New-NetFirewallRule -DisplayName $InboundRuleName ` + -Direction Inbound -Protocol TCP ` + -LocalPort $LocalPort -Action Allow ` + -RemoteAddress $ClientSubnet ` + -Description "Allow inbound TCP ${LocalPort} for WinRM from clients subnet" +} else { + Write-Output "Inbound rule '$InboundRuleName' already exists." +} + +Write-Output "Inbound WinRM rule has been configured." diff --git a/testing/configure/wec_gpo_update_server_name.ps1 b/testing/configure/wec_gpo_update_server_name.ps1 new file mode 100644 index 00000000..6557042b --- /dev/null +++ b/testing/configure/wec_gpo_update_server_name.ps1 @@ -0,0 +1,42 @@ +<# +.SYNOPSIS +This script sets and retrieves a Group Policy (GP) registry value for Windows Event Log Event Forwarding. + +.DESCRIPTION +The script is used to configure the Subscription Manager URL for Windows Event Log Event Forwarding in a Group Policy setting. It sets the registry value for the Subscription Manager URL using the specified domain, port, and protocol, and then retrieves the value to confirm the setting. This is useful in environments where centralized event log management is required. + +.PARAMETER domain +The domain for the Subscription Manager URL. Default is 'dc1.lme.local'. + +.PARAMETER port +The port number for the Subscription Manager URL. Default is 5985. + +.PARAMETER protocol +The protocol for the Subscription Manager URL. Default is 'http'. + +.EXAMPLE +.\wec_gpo_update_server_name.ps1 +Executes the script with default parameters. + +.EXAMPLE +.\wec_gpo_update_server_name.ps1 -Domain "customdomain.local" -Port 1234 -Protocol "https" +Executes the script with custom domain, port, and protocol. + +#> + +param( + [string]$Domain = "dc1.lme.local", + [int]$Port = 5985, + [string]$Protocol = "http" +) + +# Construct the Subscription Manager URL using the provided parameters +$subscriptionManagerUrl = "Server=${Protocol}://${Domain}:${Port}/wsman/SubscriptionManager/WEC,Refresh=60" +Set-GPRegistryValue -Name "LME-WEC-Client" -Key "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\EventForwarding\SubscriptionManager" -Value $subscriptionManagerUrl -Type String + +# To get the GP registry value to confirm it's set +$registryValue = Get-GPRegistryValue -Name "LME-WEC-Client" -Key "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EventLog\EventForwarding\SubscriptionManager" + +# Output the retrieved registry value +Write-Output "Set the subscription manager url value to: " +$registryValue diff --git a/testing/configure/wec_import_gpo.ps1 b/testing/configure/wec_import_gpo.ps1 new file mode 100644 index 00000000..8906ce2d --- /dev/null +++ b/testing/configure/wec_import_gpo.ps1 @@ -0,0 +1,34 @@ +param( + [string]$Directory = $env:USERPROFILE +) + +# Determine the base directory path based on the provided username +$BaseDirectoryPath = if ($Directory -and ($Directory -ne $env:USERPROFILE)) { + "C:\$Directory" +} else { + "$env:USERPROFILE\Downloads" +} + +$GPOBackupPath = "$BaseDirectoryPath\LME\Chapter 1 Files\Group Policy Objects" + +$GpoNames = @("LME-WEC-Client", "LME-WEC-Server") + +foreach ($gpoName in $GpoNames) { + $gpo = Get-GPO -Name $gpoName -ErrorAction SilentlyContinue + if (-not $gpo) { + New-GPO -Name $gpoName | Out-Null + Write-Output "Created GPO: $gpoName" + } else { + Write-Output "GPO $gpoName already exists." + } + + try { + Import-GPO -BackupGpoName $gpoName -TargetName $gpoName -Path $GPOBackupPath -CreateIfNeeded -ErrorAction Stop + Write-Output "Imported settings into GPO: $gpoName" + } catch { + Throw "Failed to import GPO: $gpoName. The GPODisplayName in bkupinfo.xml may not match or other import error occurred." + } +} + +Write-Output "LME GPOs have been created and imported successfully." + diff --git a/testing/configure/wec_link_gpo.ps1 b/testing/configure/wec_link_gpo.ps1 new file mode 100644 index 00000000..3c8c4921 --- /dev/null +++ b/testing/configure/wec_link_gpo.ps1 @@ -0,0 +1,27 @@ +param( + [string]$Domain = "lme.local", + [string]$ClientOUCustomName = "LMEClients" +) + +Import-Module ActiveDirectory + +$DomainDN = $Domain -replace '\.', ',DC=' -replace '^', 'DC=' +$ClientOUDistinguishedName = "OU=$ClientOUCustomName,$DomainDN" + +$GPONameClient = "LME-WEC-Client" +$GPONameServer = "LME-WEC-Server" +$ServerOUDistinguishedName = "OU=Domain Controllers,$DomainDN" + +try { + New-GPLink -Name $GPONameClient -Target $ClientOUDistinguishedName + Write-Output "GPO '$GPONameClient' linked to OU '$ClientOUCustomName'." +} catch { + Write-Output "Error linking GPO '$GPONameClient' to OU '$ClientOUCustomName': $_" +} + +try { + New-GPLink -Name $GPONameServer -Target $ServerOUDistinguishedName + Write-Output "GPO '$GPONameServer' linked to OU 'Domain Controllers'." +} catch { + Write-Output "Error linking GPO '$GPONameServer' to OU 'Domain Controllers': $_" +} diff --git a/testing/configure/wec_service_provisioner.ps1 b/testing/configure/wec_service_provisioner.ps1 new file mode 100644 index 00000000..4c0d1302 --- /dev/null +++ b/testing/configure/wec_service_provisioner.ps1 @@ -0,0 +1,24 @@ +# PowerShell script to configure Windows Event Collector + +param( + [string]$XmlFilePath = "C:\lme\LME\Chapter 1 Files\lme_wec_config.xml" +) + +# Check if Windows Event Collector Service is running and start it if not +$wecService = Get-Service -Name "Wecsvc" +if ($wecService.Status -ne 'Running') { + Start-Service -Name "Wecsvc" + Write-Output "Windows Event Collector Service started." +} else { + Write-Output "Windows Event Collector Service is already running." +} + +# Check if the XML configuration file exists +if (Test-Path -Path $XmlFilePath) { + # Run the wecutil command to configure the collector + wecutil cs $XmlFilePath + Write-Output "wecutil command executed successfully with config file: $XmlFilePath" +} else { + Write-Output "Configuration file not found at $XmlFilePath" +} + diff --git a/testing/configure/wec_start_service.ps1 b/testing/configure/wec_start_service.ps1 new file mode 100644 index 00000000..7677185c --- /dev/null +++ b/testing/configure/wec_start_service.ps1 @@ -0,0 +1,19 @@ +# Start WEC using custom wec xml file + +try { + Start-Service -Name "Wecsvc" + Write-Output "WEC service started successfully." +} catch { + Write-Output "Failed to start WEC service: $_" +} + +$ConfigFilePath = "$env:USERPROFILE\Downloads\LME\Chapter 1 Files\lme_wec_config.xml" + +try { + Start-Process -FilePath "wecutil.exe" -ArgumentList "cs `"$ConfigFilePath`"" -Verb RunAs + Write-Output "wecutil command executed successfully." +} catch { + Write-Output "Failed to execute wecutil command: $_" +} + + diff --git a/testing/configure/winlogbeat_install.ps1 b/testing/configure/winlogbeat_install.ps1 new file mode 100644 index 00000000..7e78566c --- /dev/null +++ b/testing/configure/winlogbeat_install.ps1 @@ -0,0 +1,84 @@ +param ( + [Parameter()] + [string]$BaseDirectory = "C:\lme", + + [Parameter()] + [string]$WinlogbeatVersion = "winlogbeat-8.5.0-windows-x86_64" +) + +# Source and destination directories +$SourceDir = "$BaseDirectory\files_for_windows\tmp" +$DestinationDir = "C:\Program Files" + +# Copying files from source to destination +Copy-Item -Path "$SourceDir\*" -Destination $DestinationDir -Recurse -Force + +# Winlogbeat url +$Url = "https://artifacts.elastic.co/downloads/beats/winlogbeat/$WinlogbeatVersion.zip" + +# Destination path where the file will be saved +$WinlogbeatDestination = "$BaseDirectory\$WinlogbeatVersion.zip" + +# Unzip destination +$UnzipDestination = "C:\Program Files\lme\$WinlogbeatVersion" + +# Define the path of the winlogbeat.yml file in C:\Program Files\lme +$WinlogbeatYmlSource = "C:\Program Files\lme\winlogbeat.yml" + +# Define the destination path of the winlogbeat.yml file +$WinlogbeatYmlDestination = Join-Path -Path $UnzipDestination -ChildPath "winlogbeat.yml" + +# Define the full path of the install script +$InstallScriptPath = Join-Path -Path $UnzipDestination -ChildPath "install-service-winlogbeat.ps1" + +# Create the base directory if it does not exist +if (-not (Test-Path $BaseDirectory)) { + New-Item -ItemType Directory -Path $BaseDirectory +} + +# Download the file +Invoke-WebRequest -Uri $Url -OutFile $WinlogbeatDestination + +# Unzip the file +Expand-Archive -LiteralPath $WinlogbeatDestination -DestinationPath $UnzipDestination + +# Define the nested directory path +$nestedDir = Join-Path -Path $UnzipDestination -ChildPath $WinlogbeatVersion + +# Move the contents of the nested directory up one level and remove the nested directory +if (Test-Path $nestedDir) { + Get-ChildItem -Path $nestedDir -Recurse | Move-Item -Destination $UnzipDestination + Remove-Item -Path $nestedDir -Force -Recurse +} + +# Move the winlogbeat.yml file to the destination directory, overwriting if it exists +Move-Item -Path $WinlogbeatYmlSource -Destination $WinlogbeatYmlDestination -Force + +# Set execution policy to Unrestricted for this process +Set-ExecutionPolicy Unrestricted -Scope Process + +# Check if the install script exists +if (Test-Path $InstallScriptPath) { + # Change directory to the unzip destination + Push-Location -Path $UnzipDestination + + # Run the install script + .\install-service-winlogbeat.ps1 + + # Return to the previous directory + Pop-Location +} +else { + Write-Output "The installation script was not found at $InstallScriptPath" +} + +Start-Sleep -Seconds 5 + +# Start the winlogbeat service +try { + Start-Service -Name "winlogbeat" + Write-Output "Winlogbeat service started successfully." +} +catch { + Write-Output "Failed to start Winlogbeat service: $_" +} diff --git a/testing/development/Dockerfile b/testing/development/Dockerfile new file mode 100644 index 00000000..5a3dd5c3 --- /dev/null +++ b/testing/development/Dockerfile @@ -0,0 +1,62 @@ +# Use Ubuntu 22.04 as base image +FROM ubuntu:22.04 +ARG USER_ID=1001 +ARG GROUP_ID=1001 + +# Set environment variable to avoid interactive dialogues during build +ENV DEBIAN_FRONTEND=noninteractive + +# Install necessary APT packages including Python and pip +RUN apt-get update && apt-get install -y \ + lsb-release \ + python3 \ + python3-venv \ + python3-pip \ + zip \ + git \ + curl \ + wget \ + sudo \ + cron \ + freerdp2-x11 \ + pkg-config \ + libcairo2-dev \ + libdbus-1-dev \ + distro-info \ + libgirepository1.0-dev \ + && wget -q "https://packages.microsoft.com/config/ubuntu/$(lsb_release -rs)/packages-microsoft-prod.deb" \ + && dpkg -i packages-microsoft-prod.deb \ + && apt-get update \ + && apt-get install -y powershell \ + && rm -rf /var/lib/apt/lists/* \ + && curl -sL https://aka.ms/InstallAzureCLIDeb | bash \ + && wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb \ + && apt install -y ./google-chrome-stable_current_amd64.deb \ + && rm -rf google-chrome-stable_current_amd64.deb \ + && sudo apt-get install -f \ + && apt-get clean + + + +# Create a user and group 'admin.ackbar' with GID 1001 +RUN groupadd -g $GROUP_ID admin.ackbar \ + && useradd -m -u $USER_ID -g admin.ackbar --badnames admin.ackbar \ + && usermod -aG sudo admin.ackbar + +# Allow 'admin.ackbar' user to run sudo commands without a password +RUN echo "admin.ackbar ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers + +# Define the base directory as an environment variable +ENV BASE_DIR=/home/admin.ackbar/LME + +# Set work directory +WORKDIR $BASE_DIR + +# Change to non-root privilege +# USER admin.ackbar + +# Set timezone (optional) +ENV TZ=America/New_York + +# Keep the container running (This can be replaced by your application's main process) +CMD ["tail", "-f", "/dev/null"] \ No newline at end of file diff --git a/testing/development/README.md b/testing/development/README.md new file mode 100644 index 00000000..567c1c62 --- /dev/null +++ b/testing/development/README.md @@ -0,0 +1,162 @@ +# Development and pipeline files +### Table of contents +- [Merging version](#merging-version) +- List of files + - [build_cluster.ps1](#build_clusterps1) + - [Dockerfile](#dockerfile) + - [destroy_cluster.ps1](#destroy_clusterps1) + - [build_docker_lme_install.sh](#build_docker_lme_installsh) + - [docker-compose.yml](#docker-composeyml) + - [install_lme.ps1](#install_lmeps1) + - [upgrade_lme.sh](#upgrade_lmesh) +- [Workflows](#workflows) + - [Workflow Environment Vars](#workflow-environment-vars) + - [Capturing the responses of workflow steps](#capturing-the-responses-of-workflow-steps) +- [Containers in VSCode](#containers-in-vscode) + - [.vscode directory](#vscode-directory) + +## Merging version +In order to have the pipeline run the upgrade on the proper version, +you will need to edit the `testing\merging_version.sh` file and put +the version you are going to merge into. In other words, the version +that your code will be released with. It is used in the script `upgrade_lme.sh` +in the `upgrade.yml` workflow file. + +## List of files +### build_cluster.ps1 +This is a powershell script that will login to an az shell (given that you have the right environment variables) and run the SetupTestbed.ps1 script. It will require that you have +account credentials from a managed identity to be able to run commands remotely. +### Dockerfile +This builds a container that is compatible with the version of Ubuntu we are using and includes the necessary apt packages and tools to run builds and tests. +### destroy_cluster.ps1 +This file is used by the pipeline to take down the servers and assets created in Azure. +### build_docker_lme_install.sh +This script is used by the pipeline to install lme inside of a container. +### docker-compose.yml +Creates two containers, one for development and running tests, another for installing lme onto. +This docker compose file is used in both the local development environment as well as in the pipeline. +You will want to create a .env file in the development directory that states the UID and GID of the user you want to run as in the container. +This is vital to make sure you can read and write to all the files. If your host machine is running linux you can just cd to your home directory +and run an `ls -ln` and it will show you the uid and gid that you are running as. This hasn't been tested in windows as a host containers, so you will +need either a virtual machine running wsl or virtual box running ubuntu, or a similar option. Since some of the later commands will be docker in docker, +you should start with a Ubuntu host with docker installed. +### install_lme.ps1 +This script is used by the pipeline to install LME on a remote cluster. +### upgrade_lme.sh +This script is used by the pipeline to checkout a branch and run an upgrade inside of a running lme instance. + + +## Workflows +The pipeline for building the LME workflows consist of three different workflows. +One is to build a fresh install (cluster.yml), the other is build Linux only (linux_only.yml) and the other one is to build an upgrade (upgrade.yml). +The linux only version is built on the workflow runner machine in docker. +The other workflows are built on a cluster in azure. + +All of the builds create a couple of docker containers on the runner machine and then run commands +in the containers. This allows you to run any of the commands from the pipeline on your local +dev environment by bringing up the docker containers locally. +In the pipeline it is necessary to run the commands with a -p so that the containers don't step on each other. + +For example: +``` bash +docker compose -p ${{ env.UNIQUE_ID }} -f testing/development/docker-compose.yml build lme --no-cache +``` +To run them locally just remove the -p and id: + +``` bash +docker compose -f testing/development/docker-compose.yml build lme --no-cache +``` +This allows you to run your commands and debug them locally so you don't have to wait for a complete build of the pipeline. + +#### Workflow Environment Vars +In the workflows there are many environment vars and they get written to a `$GITHUB_ENV` file to be accessible from +the various workflow steps. Some environment files will be written to a password file or a `.env` file so that +the various scripts or tests can access them. +* Be very careful about what you write to the files to make sure that we are not exposing actual secrets as this +is a public repo + +#### Capturing the responses of workflow steps +It is quite challenging to capture the responses of a command that was run using docker compose and then a script that +may run another script on the cluster. The important thing is to test that if your command fails, it will propagate the +errors up to the pipeline and stop the step. So when building a step, make sure to check it for failure or success. +In the different steps in the different files, there are various permeations of ways to do this. +Seemingly, the best one is to output a unique string at the end of your script and check for that upon completion +of the docker compose command. + + +## Containers in VSCode +In vscode you can actually run inside of the containers. There is some documentation about how to do this in the +`testing/tests/README.md` file. +We are providing a setup that you can put under your `.vscode` directory that will help expedite setting up the +containers from the root directory of the repo. The documentation in the `testing/tests/README.md` file are specifically +for running VSCode environments that mount those test directories. This setup will mount the root directory of the +repo, which is more useful during normal development. + +### .vscode directory +You can create these files in the .vscode directory in the root of your repo and put the contents in them. `.vscode` is in the gitignore file so you should be ok. Best not to check these ones in. +* launch.json +``` +{ + "version": "0.2.0", + "configurations": [ + { + "name": "Python Debugger: Run API Tests", + "type": "debugpy", + "request": "launch", + "module": "pytest", + "args": [ + "${workspaceFolder}/testing/tests/api_tests" + ], + "console": "integratedTerminal", + "justMyCode": false, + "cwd": "${workspaceFolder}/testing/tests", + "envFile": "${workspaceFolder}/testing/tests/.env" + }, + { + "name": "Python Debugger: Run Selenium linux only Tests", + "type": "debugpy", + "request": "launch", + "module": "pytest", + "args": [ + "${workspaceFolder}/testing/tests/selenium_tests/linux_only" + ], + "console": "integratedTerminal", + "justMyCode": false, + "cwd": "${workspaceFolder}/testing/tests", + "envFile": "${workspaceFolder}/testing/tests/.env" + }, + { + "name": "Python Debugger: Run Selenium Tests", + "type": "debugpy", + "request": "launch", + "program": "${workspaceFolder}/testing/tests/selenium_tests.py", + "args": [ + "--domain", "lme" + ], + "console": "integratedTerminal", + "justMyCode": false, + "cwd": "${workspaceFolder}/testing/tests", + "envFile": "${workspaceFolder}/testing/tests/.env", + } + ] + } +``` + +* settings.json + +```{ + "python.testing.cwd": "${workspaceFolder}/testing/tests", + "python.testing.unittestEnabled": false, + "python.testing.nosetestsEnabled": false, + "python.testing.pytestEnabled": true, + "yaml.schemas": { + "https://json.schemastore.org/github-workflow.json": ".github/workflows/*.yml" + }, + "workbench.colorCustomizations": { + "tab.activeBackground": "#49215a" + }, + "python.defaultInterpreterPath": "${workspaceFolder}/testing/tests/venv/bin/python", + "terminal.integrated.defaultProfile.linux": "bash" +} + +``` \ No newline at end of file diff --git a/testing/development/build_cluster.ps1 b/testing/development/build_cluster.ps1 new file mode 100644 index 00000000..1236d535 --- /dev/null +++ b/testing/development/build_cluster.ps1 @@ -0,0 +1,18 @@ +param ( + [Parameter(Mandatory=$true)] + [string]$IPAddress +) + +$ErrorActionPreference = 'Stop' + +# Log in using Azure CLI +az login --service-principal -u $env:AZURE_CLIENT_ID -p $env:AZURE_SECRET --tenant $env:AZURE_TENANT + +# Construct the path to the target directory relative to the script's location +$targetDirectory = Join-Path -Path $PSScriptRoot -ChildPath "..\\" + +# Change to the target directory +Set-Location -Path $targetDirectory + +# Execute the SetupTestbed.ps1 script with parameters +.\SetupTestbed.ps1 -AllowedSources "$IPAddress/32" -l centralus -ResourceGroup $env:RESOURCE_GROUP -y | Tee-Object -FilePath "./$env:RESOURCE_GROUP.cluster.output.log" \ No newline at end of file diff --git a/testing/development/build_docker_lme_install.sh b/testing/development/build_docker_lme_install.sh new file mode 100755 index 00000000..cafd1fc2 --- /dev/null +++ b/testing/development/build_docker_lme_install.sh @@ -0,0 +1,46 @@ +#!/usr/bin/env bash + +# Parse command line arguments +while getopts ":b:v:" opt; do + case $opt in + b) + if [ -n "$version" ]; then + echo "Cannot use both -b and -v options simultaneously" >&2 + exit 1 + fi + branch="$OPTARG" + ;; + v) + if [ -n "$branch" ]; then + echo "Cannot use both -b and -v options simultaneously" >&2 + exit 1 + fi + version="$OPTARG" + ;; + \?) echo "Invalid option -$OPTARG" >&2; exit 1;; + esac +done + +cd testing/configure || exit + +sudo ./linux_update_system.sh + +# Pass the branch or version argument to linux_install_lme.sh +if [ -n "$branch" ]; then + sudo ./linux_install_lme.sh -b "$branch" +elif [ -n "$version" ]; then + sudo ./linux_install_lme.sh -v "$version" +else + sudo ./linux_install_lme.sh +fi + +. lib/functions.sh +extract_credentials +echo $elastic + +cd ../tests/ || exit + +python3 -m venv /home/admin.ackbar/venv_test +. /home/admin.ackbar/venv_test/bin/activate +pip install -r requirements.txt +sudo chown admin.ackbar:admin.ackbar /home/admin.ackbar/venv_test -R \ No newline at end of file diff --git a/testing/development/destroy_cluster.ps1 b/testing/development/destroy_cluster.ps1 new file mode 100644 index 00000000..ee5896b9 --- /dev/null +++ b/testing/development/destroy_cluster.ps1 @@ -0,0 +1,18 @@ +$ErrorActionPreference = 'Stop' + +# Check if the RESOURCE_GROUP environment variable has a value +if ([string]::IsNullOrWhiteSpace($env:RESOURCE_GROUP)) { + Write-Error "RESOURCE_GROUP environment variable is not set." + exit 1 +} + +# Check if the resource group exists +$resourceGroupExists = az group exists --name "$env:RESOURCE_GROUP" + +if ($resourceGroupExists -eq 'true') { + # Delete the resource group if it exists + az group delete --name "$env:RESOURCE_GROUP" --yes --no-wait + Write-Host "Deletion of resource group $($env:RESOURCE_GROUP) initiated." +} else { + Write-Host "Resource group $($env:RESOURCE_GROUP) does not exist. No action taken." +} diff --git a/testing/development/docker-compose.yml b/testing/development/docker-compose.yml new file mode 100644 index 00000000..a4a462d1 --- /dev/null +++ b/testing/development/docker-compose.yml @@ -0,0 +1,56 @@ +# Docker Compose file for setting up development environment for LME project. +# +# This file defines two services: +# 1. ubuntu: +# - Builds an Ubuntu container with the specified USER_ID and GROUP_ID arguments. +# - Mounts the parent directory to /lme in the container, allowing access to the LME project. +# - Sets the container name to "lme_development". +# - Sets the user to the specified HOST_UID and HOST_GID. +# - Runs the command "sleep infinity" to keep the container running indefinitely. +# +# 2. lme: +# - Builds a container using the Dockerfile located in ../../ directory. +# - Uses the specified USER_ID and GROUP_ID arguments. +# - Sets the container name to "lme". +# - Sets the user to the specified HOST_UID and HOST_GID. +# - Mounts the parent directory to /home/admin.ackbar/LME in the container, allowing access to the LME project. +# - Runs the command "sleep infinity" to keep the container running indefinitely. +# - Exposes the following ports: 443, 9200, 9300, 5000, 9600, 5601. +# +version: '3.8' + +services: + ubuntu: + build: + context: . + args: + USER_ID: "${HOST_UID:-1001}" + GROUP_ID: "${HOST_GID:-1001}" + container_name: lme_development + user: "${HOST_UID:-1001}:${HOST_GID:-1001}" + volumes: + - ../../../LME/:/lme + command: sleep infinity + + lme: + build: + context: ../../ + dockerfile: testing/development/Dockerfile + args: + USER_ID: "${HOST_UID:-1001}" + GROUP_ID: "${HOST_GID:-1001}" + # semgrep: allowlist + # semgrep: yaml.docker-compose.security.privileged-service.privileged-service + privileged: true + container_name: lme + user: "${HOST_UID:-1001}:${HOST_GID:-1001}" + volumes: + - ../../:/home/admin.ackbar/LME + command: sleep infinity + ports: + - "443:443" + - "9200:9200" + - "9300:9300" + - "5000:5000" + - "9600:9600" + - "5601:5601" \ No newline at end of file diff --git a/testing/development/install_lme.ps1 b/testing/development/install_lme.ps1 new file mode 100644 index 00000000..fda6e280 --- /dev/null +++ b/testing/development/install_lme.ps1 @@ -0,0 +1,40 @@ +param( + [switch]$m, + [string]$v, + [string]$b +) + +$ErrorActionPreference = 'Stop' + +# Check if -v and -b are mutually exclusive +if ($v -and $b) { + Write-Error "Error: -v and -b are mutually exclusive. Please provide only one of them." + exit 1 +} + +# Log in using Azure CLI +az login --service-principal -u $env:AZURE_CLIENT_ID -p $env:AZURE_SECRET --tenant $env:AZURE_TENANT + +# Construct the path to the target directory relative to the script's location +$targetDirectory = Join-Path -Path $PSScriptRoot -ChildPath "..\\" + +# Change to the target directory +Set-Location -Path $targetDirectory + +# Prepare the parameters for InstallTestbed.ps1 +$installTestbedParams = "" +if ($v) { + $installTestbedParams += " -v $v " +} +if ($b) { + $installTestbedParams += " -b $b " +} +if ($m) { + $installTestbedParams += " -m " +} + +# Prepare the command string +$command = ".\InstallTestbed.ps1 -ResourceGroup $env:RESOURCE_GROUP $installTestbedParams | Tee-Object -FilePath ./$env:RESOURCE_GROUP.output.log" + +# Execute the command +Invoke-Expression $command diff --git a/testing/development/upgrade_lme.sh b/testing/development/upgrade_lme.sh new file mode 100755 index 00000000..80bbcd22 --- /dev/null +++ b/testing/development/upgrade_lme.sh @@ -0,0 +1,30 @@ +#!/usr/bin/env bash + +set -e + +# Find out where I am +script_path=$(readlink -f "$0") +script_dir=$(dirname "$script_path") +# Move up to the testing directory +echo "Changig directory to $script_dir/../" +cd "$script_dir/../" || exit 1 + +git config --global --add safe.directory /home/admin.ackbar/LME +git config --global --add safe.directory /opt/lme + +#Get the branch I am working on +echo "Checking current branch" +export current_branch=$(git rev-parse --abbrev-ref HEAD) + + +# Get the version that we are going to upgrade to +. ./merging_version.sh + +# Checkout the version we are on +sudo echo "Current branch: $current_branch" +sudo echo "Forcing version: $FORCE_LATEST_VERSION" +sudo sh -c "cd '/opt/lme/' && git checkout 'Chapter\ 3\ Files/deploy.sh' && git checkout -t origin/$current_branch && git pull" +echo "Running the upgrade" +sudo sh -c "export TERM=dumb; export FORCE_LATEST_VERSION=$FORCE_LATEST_VERSION; cd '/opt/lme/Chapter 3 Files' && ./deploy.sh upgrade" + +echo "UPGRADE_SUCCESSFUL" \ No newline at end of file diff --git a/testing/merging_version.sh b/testing/merging_version.sh new file mode 100644 index 00000000..c02ca4a4 --- /dev/null +++ b/testing/merging_version.sh @@ -0,0 +1,2 @@ +# TODO: Change this to the latest version you are going to merge into +export FORCE_LATEST_VERSION=1.3.3 \ No newline at end of file diff --git a/testing/project_management/Dockerfile b/testing/project_management/Dockerfile new file mode 100644 index 00000000..a595d49c --- /dev/null +++ b/testing/project_management/Dockerfile @@ -0,0 +1,20 @@ +FROM python:3.9-slim-buster + +#WORKDIR /lme + +# Install the necessary dependencies +RUN apt-get update && apt-get install -y \ + git \ + bash + +# This ends up just being at the root of the file system + +# Clone the github-projects-burndown-chart repository +RUN git clone https://github.com/cisagov/github-projects-burndown-chart && \ + cd github-projects-burndown-chart && \ + pip install --no-cache-dir -r requirements.txt && \ + cp src/github_projects_burndown_chart/config/secrets.json.dist src/github_projects_burndown_chart/config/secrets.json && \ + cp src/github_projects_burndown_chart/config/config.json.dist src/github_projects_burndown_chart/config/config.json + + +CMD ["sleep", "infinity"] \ No newline at end of file diff --git a/testing/project_management/docker-compose.yml b/testing/project_management/docker-compose.yml new file mode 100644 index 00000000..89c40439 --- /dev/null +++ b/testing/project_management/docker-compose.yml @@ -0,0 +1,10 @@ +version: '3' +services: + burndown: + build: + context: . + dockerfile: Dockerfile + environment: + - BURNDOWN_TOKEN=${BURNDOWN_TOKEN} + volumes: + - ../../../LME/:/lme \ No newline at end of file diff --git a/testing/project_management/setup_config.sh b/testing/project_management/setup_config.sh new file mode 100755 index 00000000..01da9d65 --- /dev/null +++ b/testing/project_management/setup_config.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash + +# Parse named arguments +while getopts ":s:e:f:v:" opt; do + case $opt in + s) start_date="$OPTARG";; + e) end_date="$OPTARG";; + f) file_path="$OPTARG";; + v) view="$OPTARG";; + \?) echo "Invalid option -$OPTARG" >&2; exit 1;; + esac +done + +# Validate start_date and end_date +if [ -z "$start_date" ]; then + echo "Start date is required. Use -s option to specify the start date." + exit 1 +fi + +if [ -z "$end_date" ]; then + echo "End date is required. Use -e option to specify the end date." + exit 1 +fi + +# Validate date format +date_regex="^[0-9]{4}-[0-9]{2}-[0-9]{2}$" + +if ! [[ $start_date =~ $date_regex ]]; then + echo "Invalid start date format. Please use the format YYYY-mm-dd." + exit 1 +fi + +if ! [[ $end_date =~ $date_regex ]]; then + echo "Invalid end date format. Please use the format YYYY-mm-dd." + exit 1 +fi + +# Set default file path if not provided +if [ -z "$file_path" ]; then + file_path="/github-projects-burndown-chart/src/github_projects_burndown_chart/config/config.json" +fi + +# Set default view if not provided +if [ -z "$view" ]; then + view=1 +fi + +# Create the directory if it doesn't exist +mkdir -p "$(dirname "$file_path")" + +# Generate the JSON content with the provided start_date, end_date, and view +echo '{ + "organization": { + "LME": { + "query_variables": { + "organization_name": "cisagov", + "project_number": 68, + "column_count": 7, + "max_cards_per_column_count": 100, + "labels_per_issue_count": 5, + "view_number": '"$view"' + }, + "settings": { + "sprint_start_date": "'"$start_date"'", + "sprint_end_date": "'"$end_date"'", + "points_label": "Points: ", + "version": 2 + } + } + } +}' > "$file_path" diff --git a/testing/tests/.env_example b/testing/tests/.env_example new file mode 100644 index 00000000..65efa408 --- /dev/null +++ b/testing/tests/.env_example @@ -0,0 +1,19 @@ +# Comes from an install using InstallTestbed.ps1 many tests use it +export elastic='yourelasticpassword' + +# For api tests that connect directly to elasticsearch +export ES_HOST="lme" # When running in docker and connecting from dev container +# export ES_HOST=xx.xx.xx.xxx # When you have a cluser installed in azure + +# Selenium tests folder. Connects to kibana +export KIBANA_HOST=lme # When running in docker and connecting from dev container +# export KIBANA_HOST=localhost # When running the tests inside of the lme container +# export KIBANA_HOST=xx.xx.xx.xxx # When you have a cluser installed in azure +export KIBANA_PORT=443 +export KIBANA_USER=elastic +export SELENIUM_TIMEOUT=60 +# debug, detached, headless +export SELENIUM_MODE=headless + +# selenium_tests.py +export ELASTIC_PASSWORD='yourelasticpassword' \ No newline at end of file diff --git a/testing/tests/.vscode/launch.json b/testing/tests/.vscode/launch.json new file mode 100644 index 00000000..9303ea46 --- /dev/null +++ b/testing/tests/.vscode/launch.json @@ -0,0 +1,16 @@ +{ + "version": "0.2.0", + "configurations": [ + { + "name": "Python Debugger: Run Tests", + "type": "debugpy", + "request": "launch", + "module": "pytest", + "args": [ + "${workspaceFolder}/api_tests" // Path to your tests + ], + "console": "integratedTerminal", + "justMyCode": false // Set this to false to allow debugging into external libraries + } + ] +} diff --git a/testing/tests/.vscode/settings.json b/testing/tests/.vscode/settings.json new file mode 100644 index 00000000..cb5d60c4 --- /dev/null +++ b/testing/tests/.vscode/settings.json @@ -0,0 +1,7 @@ +{ + "python.testing.pytestArgs": [ + "api_tests" + ], + "python.testing.unittestEnabled": false, + "python.testing.pytestEnabled": true +} \ No newline at end of file diff --git a/testing/tests/Dockerfile b/testing/tests/Dockerfile new file mode 100644 index 00000000..6f261c0c --- /dev/null +++ b/testing/tests/Dockerfile @@ -0,0 +1,22 @@ +# Use Ubuntu 22.04 as base image +FROM ubuntu:22.04 + +# Set environment variable to avoid interactive dialogues during build +ENV DEBIAN_FRONTEND=noninteractive + +# Install necessary APT packages including Python and pip +RUN apt-get update && apt-get install -y \ + python3 \ + python3-venv \ + python3-pip \ + zip \ + && rm -rf /var/lib/apt/lists/* + +# Set work directory +WORKDIR /app + +# Set timezone (optional) +ENV TZ=America/New_York + +# Keep the container running (This can be replaced by your application's main process) +CMD ["tail", "-f", "/dev/null"] diff --git a/testing/tests/README.md b/testing/tests/README.md new file mode 100644 index 00000000..7a60cc95 --- /dev/null +++ b/testing/tests/README.md @@ -0,0 +1,265 @@ +# Docker and VSCode Setup +### Table of Contents + +1. [Introduction](#introduction) +2. [Dev Containers](#dev-containers) +3. [Building Docker Containers](#building-the-docker-containers-to-use-your-local-username) + - [Options](#options) + - Python Development Option + - Python Tests Option + - [Running Tests in the Development Container](#running-tests-in-the-development-container-option) +4. [VSCode Extensions](#vscode-extensions) +5. [Environment Variables Setup](#environment-variables-setup) +6. [Python Virtual Environment Setup](#python-virtual-environment-setup) +7. [Running the Tests from the Command Line](#running-the-tests-from-the-command-line) +8. [Generating Test HTML Reports](#generating-test-html-reports) + + +## Introduction +This environment is set up to run on a computer with Docker installed and on Visual Studio Code (VSCode). + +## Dev Containers +On your host machine, you will want to install the Dev Containers extension in VSCode. With Docker installed on your host machine, you should be able to reopen this repository in a container and select different environment options. To open the repository in a container, press the blue connect button at the far bottom left of the VSCode window. This will prompt you with options to open in the different environments. + +## Building the docker containers to use your local username +The docker-compose file in the development contianer is set to use the `.env` file in the `/testing/development` folder. + +If you don't have a .env file, it will use the userid 1001 by default. +Check and see what your userid is in your host machine by running +```bash +ls -lna ~ +``` +This will tell you your user id and group id of the host machine. Look at what id the files are owned by. +```bash +drwxr-x--- 1 1000 1000 4096 Mar 1 13:04 . +drwxr-xr-x 1 0 0 4096 Mar 1 12:44 .. +-rw------- 1 1000 1000 21 Mar 1 13:04 .bash_history +-rw-r--r-- 1 1000 1000 220 Jan 6 2022 .bash_logout +-rw-r--r-- 1 1000 1000 3771 Jan 6 2022 .bashrc +drwxr-xr-x 3 1000 1000 4096 Mar 1 13:04 .dotnet +-rw-r--r-- 1 1000 1000 292 Mar 1 13:04 .gitconfig +drwx------ 2 1000 1000 4096 Mar 1 13:04 .gnupg +-rw-r--r-- 1 1000 1000 807 Jan 6 2022 .profile +drwxr-xr-x 2 1000 1000 4096 Mar 1 13:04 .ssh +drwxr-xr-x 6 1000 1000 4096 Mar 1 13:04 .vscode-server +drwxr-xr-x 2 0 0 4096 Mar 1 12:44 LME +``` +In this case you can see the files like `.bash_history` are owned by `1000 1000`. +The first number is your user id and the second is your group id. +So in the `testing/development` folder make a new file named `.env` and put this in it: +```bash +HOST_UID=1000 +HOST_GID=1000 +``` +Now you will need to build the containers for the first time. Subsequent builds, and up, will +use the prebuilt containers and keep the user id as the correct one in the container. +```bash +cd testing/development +docker compose build --no-cache +``` +You can follow the rest of the directions on this page and just make sure that when you get into the container, open a new bash shell and do a `ls -la` the files should be owned by `admin.ackbar` + + +### Options +- **Python Development Option**: This option is for development of the entire codebase and +is not set up for debugging and running tests easily. If you want to run tests and debug +in this environment, you can manually set it up by making a `launch.json` and a +`settings.json` in the root of the repo under `.vscode`. +You can copy the versions in the `testing/tests/.vscode` folder, as a starting point. +- **Python Tests Option**: This option is for opening only the test environment. You will want to open this one for running your tests as it already has quite a bit of setup for getting the tests to run easily. + +Using Docker helps to avoid polluting your host environment with multiple versions of Python. + +### Running tests in the Development Container Option +When you select the Python Tests option to run your container in, there are already +config files for running tests in VSCode so you won't have to set this part up. + +If you want to run tests within the +Python Development environment option, you will have to make a `.vscode/launch.json` in the root +of your environment. This folder isn't checked into the repo so it has to be manually +created. +The easy way to create this file is to click on the play button (triangle) with the little bug on it in your +VSCode activity bar. There will be a link there to "create a launch.json file". Click on that link and select +"Python Debugger"->"Python File". This will create a file and open it. Replace its contents with the below +code to run the `api_tests` in `testing/tests/api_tests`. +After that, the Run and Debug interface will change and have a green arrow in it for running and testing code. + +``` +{ + "version": "0.2.0", + "configurations": [ + { + "name": "Python Debugger: Run API Tests", + "type": "debugpy", + "request": "launch", + "module": "pytest", + "args": [ + "${workspaceFolder}/testing/tests/api_tests" + ], + "console": "integratedTerminal", + "justMyCode": false, + "cwd": "${workspaceFolder}/testing/tests", + "envFile": "${workspaceFolder}/testing/tests/.env" + }, + { + "name": "Python Debugger: Run Selenium linux only Tests", + "type": "debugpy", + "request": "launch", + "module": "pytest", + "args": [ + "${workspaceFolder}/testing/tests/selenium_tests/linux_only" + ], + "console": "integratedTerminal", + "justMyCode": false, + "cwd": "${workspaceFolder}/testing/tests", + "envFile": "${workspaceFolder}/testing/tests/.env" + }, + { + "name": "Python Debugger: Run Selenium Tests", + "type": "debugpy", + "request": "launch", + "program": "${workspaceFolder}/testing/tests/selenium_tests.py", + "args": [ + "--domain", "172.19.0.3" + ], + "console": "integratedTerminal", + "justMyCode": false, + "cwd": "${workspaceFolder}/testing/tests", + "envFile": "${workspaceFolder}/testing/tests/.env", + } + ] + } +``` +If you want to get the test explorer (beaker icon) to be able to find your tests, you can add +this to your `.vscode/settings.json`, so it knows to look in the `/testing/tests` folder. +``` +"python.testing.pytestArgs": [ + "testing/tests" +], +"python.testing.unittestEnabled": false, +"python.testing.nosetestsEnabled": false, +"python.testing.pytestEnabled": true +``` + +## VSCode Extensions +The necessary VSCode extensions have been installed, in the Python Tests container, for +running and debugging tests within VSCode. The first time you open the project in a +container, it may take a little time for VSCode to install the necessary extensions. + +## Environment Variables Setup +- There is an example `.env_example` file for setting environment variables for the tests. +- To use it, copy this file and rename it to `.env`. +- The testing environment will then pick up those variables and set them as environment +variables before running tests. + +## Python Virtual Environment Setup +In order for VSCode to use the python modules for the tests, you will want to install a +python virtual environment for it to use. You can make a python virtual environment +folder that is available for both of the development containers by making it in the +`testing/tests` folder. Then you can have only one copy of the environment for both +container options. +You can do this by opening a new terminal in VSCode, within the `testing/tests` +directory, and running: + + +`python3 -m venv venv` + +This will make a virtual environment for python to install its modules into. +Once you have made the virtual environment, you then run: + +`. venv/bin/activate` + +which will activate the virtual environment for you. +It will show this in the terminal prompt by prefacing your prompt with `(venv) restofprompt#`. + +Once you have activated the virtual environment, run the installer for the pip modules: + + `pip install -r requirements.txt` + +You can now select this environment in VSCode. To do this, open a python file from +within the project explorer. Once the file is open in the editor, VSCode will show +you which python version you are running in the bottom right of the screen. If you +click that version, you can select the venv version that you installed above. +The path should be `./testing/tests/venv/bin/python` + + +## Running the tests from the command line +Set up the virtual environment, activate it, and install the modules. Then you can run the tests with pytest + +``` +cd testing/tests +python3 -m venv venv +. venv/bin/activate +pip install -r requirements.txt +pytest +``` + +## Generating Test HTML Reports +After the tests have been executed, run the following command to generate HTML report to view Test Results. + +``` +pytest --html=report.html +``` + +Note: pytest-html has been added to requirements.txt. If for any reason pytest-html is not installed on your virtual environment; you may first need to install it with the following command. + +``` +pip install pytest-html +``` + +After html report is generated, run the following command outside virtual environment to attribute appropriate ownership on the html file so that you can open the file with the browser of choice. Google Chrome browser seems to provide a better display than Firefox. + +``` +chown 1000.1000 report.html +``` + +When a test fails, the test result details on the report provide appropriate information on the error message as you would expect to see on console. + + +## Development and Docker + +Using Visual Studio Code you can open this project in a container so you can develop in an environment that is just like the pipeline runs. +In order to do so, you will need to create a directory at the root of the repo and put some folders inside of it. +```bash +mkdir -p .devcontainer/python_development +touch .devcontainer/python_development/devcontainer.json +``` + +Once you have set up this configuration you can add this to `devcontainer.json`: +```json +{ + "name": "Python Development", + "dockerComposeFile": [ + "../../testing/development/docker-compose.yml" + ], + "service": "ubuntu", + "shutdownAction": "none", + "workspaceFolder": "/lme", + "customizations": { + "vscode": { + "extensions": [ + "ms-python.python", + "littlefoxteam.vscode-python-test-adapter", + "ms-python.black-formatter" + ] + } + }, + "remoteUser": "admin.ackbar" +} +``` + +Now you can press the blue button at the far bottom left of the VSCode editor and select "Reopen in container", choosing the "Python Development" option. + +In this container, you can reach an lme install (on the host's docker) by connecting to `lme` lme resolves to the other container where +you can run an lme install on. +You can see how to do an lme install on that container by looking at the `linux_only.yml` pipeline in the `.github/workflows` directory. + +At the time of this writing, you can run this on your host's system (not in the dev container): +```bash +cd LME/testing/development/ +docker compose exec -T lme bash -c "./testing/development/build_docker_lme_install.sh -b your-branch-name-with-no-quotes" +# Make sure your branch is pushed up to github before running this. +``` + +Once you do that, you can now reach that install from within your dev containers by using the hostname `lme`. + diff --git a/backups/.gitkeep b/testing/tests/api_tests/__init__.py similarity index 100% rename from backups/.gitkeep rename to testing/tests/api_tests/__init__.py diff --git a/testing/tests/api_tests/data_insertion_tests/__init__.py b/testing/tests/api_tests/data_insertion_tests/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/testing/tests/api_tests/data_insertion_tests/conftest.py b/testing/tests/api_tests/data_insertion_tests/conftest.py new file mode 100644 index 00000000..65998f93 --- /dev/null +++ b/testing/tests/api_tests/data_insertion_tests/conftest.py @@ -0,0 +1,37 @@ +# conftest.py + +import os +import warnings +import pytest +import urllib3 + +# Disable SSL warnings +urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) + + +@pytest.fixture(autouse=True) +def suppress_insecure_request_warning(): + warnings.simplefilter("ignore", urllib3.exceptions.InsecureRequestWarning) + + +@pytest.fixture +def es_host(): + return os.getenv("ES_HOST", os.getenv("ELASTIC_HOST", "localhost")) + + +@pytest.fixture +def es_port(): + return os.getenv("ES_PORT", os.getenv("ELASTIC_PORT", "9200")) + + +@pytest.fixture +def username(): + return os.getenv("ES_USERNAME", os.getenv("ELASTIC_USERNAME", "elastic")) + + +@pytest.fixture +def password(): + return os.getenv( + "elastic", + os.getenv("ES_PASSWORD", os.getenv("ELASTIC_PASSWORD", "default_password")), + ) diff --git a/testing/tests/api_tests/data_insertion_tests/fixtures/hosts.json b/testing/tests/api_tests/data_insertion_tests/fixtures/hosts.json new file mode 100644 index 00000000..e3a58c0d --- /dev/null +++ b/testing/tests/api_tests/data_insertion_tests/fixtures/hosts.json @@ -0,0 +1,29 @@ +{ + "winlog": { + "computer_name": "testing.lme.local", + "event_id": "4625", + "task": "Logon", + "keywords": [ + "Audit Failure" + ], + "provider_name": "Microsoft-Windows-Security-Auditing", + "event_data": { + "LogonType": "3", + "IpAddress": "194.165.16.73", + "TargetUserName": "Administrator", + "TargetDomainName": "testserver.LME.LOCAL", + "LogonProcessName": "NtLmSsp ", + "AuthenticationPackageName": "NTLM" + } + }, + "@timestamp": "2024-05-08T08:40:18.252Z", + "host": { + "name": "testing.lme.local" + }, + "event": { + "code": "4625", + "provider": "Microsoft-Windows-Security-Auditing", + "action": "Logon", + "outcome": "failure" + } + } \ No newline at end of file diff --git a/testing/tests/api_tests/data_insertion_tests/fixtures/logonevents.json b/testing/tests/api_tests/data_insertion_tests/fixtures/logonevents.json new file mode 100644 index 00000000..400a0439 --- /dev/null +++ b/testing/tests/api_tests/data_insertion_tests/fixtures/logonevents.json @@ -0,0 +1,38 @@ +{ + "winlog": { + "computer_name": "C2.lme.local", + "keywords": [ + "Audit Failure" + ], + "user": { + "name": "APItestuserid", + "domain": "" + }, + "event_data": { + "LogonType": "2", + "SubjectUserName": "-", + "FailureReason": "%%2313", + "SubjectDomainName": "-", + "IpAddress": "194.169.175.22", + "TargetUserName": "solidart", + "LogonProcessName": "NtLmSsp ", + "SubjectUserSid": "S-1-0-0", + "TargetUserSid": "S-1-0-0", + "AuthenticationPackageName": "NTLM" + }, + "@timestamp": "2024-06-12T09:50:18.252Z", + "host": { + "name": "C2.lme.local" + } + }, + "event": { + "code": "4624", + "provider": "Microsoft-Windows-Security-Auditing", + "action": "Logon", + "outcome": "failure" + }, + "user": { + "name": "APItestuserid", + "domain": "test" + } + } \ No newline at end of file diff --git a/testing/tests/api_tests/data_insertion_tests/queries/filter_hosts.json b/testing/tests/api_tests/data_insertion_tests/queries/filter_hosts.json new file mode 100644 index 00000000..ad00cb9c --- /dev/null +++ b/testing/tests/api_tests/data_insertion_tests/queries/filter_hosts.json @@ -0,0 +1,287 @@ +{ + "aggs": { + "2": { + "terms": { + "field": "host.name", + "order": { + "_count": "desc" + }, + "size": 25 + } + } + }, + "size": 0, + "fields": [ + { + "field": "@timestamp", + "format": "date_time" + }, + { + "field": "code_signature.timestamp", + "format": "date_time" + }, + { + "field": "dll.code_signature.timestamp", + "format": "date_time" + }, + { + "field": "elf.creation_date", + "format": "date_time" + }, + { + "field": "event.created", + "format": "date_time" + }, + { + "field": "event.end", + "format": "date_time" + }, + { + "field": "event.ingested", + "format": "date_time" + }, + { + "field": "event.start", + "format": "date_time" + }, + { + "field": "file.accessed", + "format": "date_time" + }, + { + "field": "file.code_signature.timestamp", + "format": "date_time" + }, + { + "field": "file.created", + "format": "date_time" + }, + { + "field": "file.ctime", + "format": "date_time" + }, + { + "field": "file.elf.creation_date", + "format": "date_time" + }, + { + "field": "file.mtime", + "format": "date_time" + }, + { + "field": "file.x509.not_after", + "format": "date_time" + }, + { + "field": "file.x509.not_before", + "format": "date_time" + }, + { + "field": "package.installed", + "format": "date_time" + }, + { + "field": "process.code_signature.timestamp", + "format": "date_time" + }, + { + "field": "process.elf.creation_date", + "format": "date_time" + }, + { + "field": "process.end", + "format": "date_time" + }, + { + "field": "process.parent.code_signature.timestamp", + "format": "date_time" + }, + { + "field": "process.parent.elf.creation_date", + "format": "date_time" + }, + { + "field": "process.parent.end", + "format": "date_time" + }, + { + "field": "process.parent.start", + "format": "date_time" + }, + { + "field": "process.start", + "format": "date_time" + }, + { + "field": "threat.enrichments.indicator.file.accessed", + "format": "date_time" + }, + { + "field": "threat.enrichments.indicator.file.code_signature.timestamp", + "format": "date_time" + }, + { + "field": "threat.enrichments.indicator.file.created", + "format": "date_time" + }, + { + "field": "threat.enrichments.indicator.file.ctime", + "format": "date_time" + }, + { + "field": "threat.enrichments.indicator.file.elf.creation_date", + "format": "date_time" + }, + { + "field": "threat.enrichments.indicator.file.mtime", + "format": "date_time" + }, + { + "field": "threat.enrichments.indicator.first_seen", + "format": "date_time" + }, + { + "field": "threat.enrichments.indicator.last_seen", + "format": "date_time" + }, + { + "field": "threat.enrichments.indicator.modified_at", + "format": "date_time" + }, + { + "field": "threat.enrichments.indicator.x509.not_after", + "format": "date_time" + }, + { + "field": "threat.enrichments.indicator.x509.not_before", + "format": "date_time" + }, + { + "field": "threat.indicator.file.accessed", + "format": "date_time" + }, + { + "field": "threat.indicator.file.code_signature.timestamp", + "format": "date_time" + }, + { + "field": "threat.indicator.file.created", + "format": "date_time" + }, + { + "field": "threat.indicator.file.ctime", + "format": "date_time" + }, + { + "field": "threat.indicator.file.elf.creation_date", + "format": "date_time" + }, + { + "field": "threat.indicator.file.mtime", + "format": "date_time" + }, + { + "field": "threat.indicator.first_seen", + "format": "date_time" + }, + { + "field": "threat.indicator.last_seen", + "format": "date_time" + }, + { + "field": "threat.indicator.modified_at", + "format": "date_time" + }, + { + "field": "threat.indicator.x509.not_after", + "format": "date_time" + }, + { + "field": "threat.indicator.x509.not_before", + "format": "date_time" + }, + { + "field": "tls.client.not_after", + "format": "date_time" + }, + { + "field": "tls.client.not_before", + "format": "date_time" + }, + { + "field": "tls.client.x509.not_after", + "format": "date_time" + }, + { + "field": "tls.client.x509.not_before", + "format": "date_time" + }, + { + "field": "tls.server.not_after", + "format": "date_time" + }, + { + "field": "tls.server.not_before", + "format": "date_time" + }, + { + "field": "tls.server.x509.not_after", + "format": "date_time" + }, + { + "field": "tls.server.x509.not_before", + "format": "date_time" + }, + { + "field": "winlog.time_created", + "format": "date_time" + }, + { + "field": "x509.not_after", + "format": "date_time" + }, + { + "field": "x509.not_before", + "format": "date_time" + } + ], + "script_fields": {}, + "stored_fields": [ + "*" + ], + "runtime_mappings": { + "day_of_week": { + "type": "long", + "script": { + "source": "emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())" + } + }, + "hour_of_day": { + "type": "long", + "script": { + "source": "emit (doc['@timestamp'].value.getHour())" + } + } + }, + "_source": { + "excludes": [] + }, + "query": { + "bool": { + "must": [], + "filter": [ + { + "range": { + "@timestamp": { + "format": "strict_date_optional_time", + "gte": "2024-05-29T13:29:01.758Z", + "lte": "2024-05-29T13:44:01.758Z" + } + } + } + ], + "should": [], + "must_not": [] + } + } + } \ No newline at end of file diff --git a/testing/tests/api_tests/data_insertion_tests/queries/filter_logonevents.json b/testing/tests/api_tests/data_insertion_tests/queries/filter_logonevents.json new file mode 100644 index 00000000..3e452ddc --- /dev/null +++ b/testing/tests/api_tests/data_insertion_tests/queries/filter_logonevents.json @@ -0,0 +1,127 @@ +{ + "aggs": { + "2": { + "terms": { + "field": "user.name", + "order": { + "_count": "desc" + }, + "size": 12000 + } + } + }, + "size": 100, + "script_fields": {}, + "stored_fields": [ + "*" + ], + "_source": { + "excludes": [] + }, + "query": { + "bool": { + "must": [], + "filter": [ + { + "bool": { + "filter": [ + { + "bool": { + "should": [ + { + "term": { + "event.code": { + "value": "4624" + } + } + } + ], + "minimum_should_match": 1 + } + }, + { + "bool": { + "must_not": { + "bool": { + "should": [ + { + "wildcard": { + "user.name": { + "value": "*$" + } + } + } + ], + "minimum_should_match": 1 + } + } + } + } + ] + } + }, + { + "bool": { + "should": [ + { + "match_phrase": { + "winlog.event_data.LogonType": "2" + } + }, + { + "match_phrase": { + "winlog.event_data.LogonType": "10" + } + }, + { + "match_phrase": { + "winlog.event_data.LogonType": "11" + } + }, + { + "match_phrase": { + "winlog.event_data.LogonType": "7" + } + } + ], + "minimum_should_match": 1 + } + }, + { + "range": { + "@timestamp": { + "format": "strict_date_optional_time", + "gte": "2024-06-05T18:00:00.000Z", + "lte": "2024-06-12T18:33:09.566Z" + } + } + } + ], + "should": [], + "must_not": [ + { + "bool": { + "should": [ + { + "match_phrase": { + "user.domain": "NT AUTHORITY" + } + }, + { + "match_phrase": { + "user.domain": "Window Manager" + } + }, + { + "match_phrase": { + "user.domain": "Font Driver Host" + } + } + ], + "minimum_should_match": 1 + } + } + ] + } + } + } \ No newline at end of file diff --git a/testing/tests/api_tests/data_insertion_tests/test_server.py b/testing/tests/api_tests/data_insertion_tests/test_server.py new file mode 100644 index 00000000..7228b664 --- /dev/null +++ b/testing/tests/api_tests/data_insertion_tests/test_server.py @@ -0,0 +1,55 @@ +from datetime import datetime, timedelta +import json +import time +import warnings + +import pytest +from jsonschema import validate +from jsonschema.exceptions import ValidationError +import requests +from requests.auth import HTTPBasicAuth +import urllib3 +import os + +from api_tests.helpers import make_request, load_json_schema, get_latest_winlogbeat_index, post_request, insert_winlog_data + +# Disable SSL warnings +urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) + +current_script_path = os.path.abspath(__file__) +current_script_dir = os.path.dirname(current_script_path) + + +def convertJsonFileToString(file_path): + with open(file_path, "r") as file: + return file.read() + + +@pytest.fixture(autouse=True) +def suppress_insecure_request_warning(): + warnings.simplefilter("ignore", urllib3.exceptions.InsecureRequestWarning) + + + +def test_filter_hosts_insert(es_host, es_port, username, password): + + second_response_loaded=insert_winlog_data(es_host, es_port, username, password, 'filter_hosts.json', 'hosts.json', 0) + + # Check to make sure the data was inserted + + for i in range(5): + #print(second_response_loaded['aggregations']['2']['buckets'][i]['key']) + if second_response_loaded['aggregations']['2']['buckets'][i]['key'] == 'testing.lme.local': + break + + assert(second_response_loaded['aggregations']['2']['buckets'][i]['key'] == 'testing.lme.local') + +def test_user_logon_events_insert(es_host, es_port, username, password): + + second_response_loaded=insert_winlog_data(es_host, es_port, username, password, 'filter_logonevents.json', 'logonevents.json', 2) + + # Check to make sure the data was inserted + assert(second_response_loaded['aggregations']['2']['buckets'][0]['key'] == 'APItestuserid') + + + diff --git a/testing/tests/api_tests/helpers.py b/testing/tests/api_tests/helpers.py new file mode 100644 index 00000000..5a1a33af --- /dev/null +++ b/testing/tests/api_tests/helpers.py @@ -0,0 +1,103 @@ +import json + +import requests +from requests.auth import HTTPBasicAuth +from datetime import datetime, timedelta +import os +import time +import urllib3 + + +def make_request(url, username, password, body=None): + auth = HTTPBasicAuth(username, password) + headers = {"Content-Type": "application/json"} + + if body: + response = requests.post( + url, auth=auth, verify=False, data=json.dumps(body), headers=headers + ) + else: + response = requests.get(url, auth=auth, verify=False) + + return response + + +def post_request(url, username, password, body): + auth = HTTPBasicAuth(username, password) + headers = {"Content-Type": "application/json"} + + response = requests.post( + url, + auth=auth, + verify=False, + data=json.dumps(body), + headers=headers + ) + + return response + + +def load_json_schema(file_path): + with open(file_path, "r") as file: + return json.load(file) + +def get_latest_winlogbeat_index(hostname, port, username, password): + url = f"https://{hostname}:{port}/_cat/indices/winlogbeat-*?h=index&s=index:desc&format=json" + response = make_request(url, username, password) + + if response.status_code == 200: + indices = json.loads(response.text) + if indices: + latest_index = indices[0]["index"] + return latest_index + else: + print("No winlogbeat indices found.") + else: + print(f"Error retrieving winlogbeat indices. Status code: {response.status_code}") + + return None + +def insert_winlog_data(es_host, es_port, username, password, filter_query_filename, fixture_filename, filter_num): + # Get the current date + today = datetime.now() + + # Generate timestamp one day before + one_day_before = (today - timedelta(days=1)).strftime("%Y-%m-%dT%H:%M:%S.%fZ") + + # Generate timestamp one day after + one_day_after = (today + timedelta(days=1)).strftime("%Y-%m-%dT%H:%M:%S.%fZ") + + # Computer software overview-> Filter Hosts + url = f"https://{es_host}:{es_port}" + + current_script_path = os.path.abspath(__file__) + current_script_dir = os.path.dirname(current_script_path) + + # This is the query from the dashboard in Kibana + filter_query = load_json_schema(f"{current_script_dir}/data_insertion_tests/queries/{filter_query_filename}") + filter_query['query']['bool']['filter'][filter_num]['range']['@timestamp']['gte'] = one_day_before + filter_query['query']['bool']['filter'][filter_num]['range']['@timestamp']['lte'] = one_day_after + + # You can use this to compare to the update later + first_response = make_request(f"{url}/winlogbeat-*/_search", username, password, filter_query) + first_response_loaded = first_response.json() + + # Get the latest winlogbeat index + latest_index = get_latest_winlogbeat_index(es_host, es_port, username, password) + + # This fixture is a pared down version of the data that will match the query + fixture = load_json_schema(f"{current_script_dir}/data_insertion_tests/fixtures/{fixture_filename}") + fixture['@timestamp'] = datetime.now().strftime("%Y-%m-%dT%H:%M:%S.%fZ") + + # Insert the fixture into the latest index + ans = post_request(f"{url}/{latest_index}/_doc", username, password, fixture) + + # Make sure to sleep for a few seconds to allow the data to be indexed + time.sleep(2) + + # Make the same query again + second_response = make_request(f"{url}/winlogbeat-*/_search", username, password, filter_query) + + second_response_loaded = second_response.json() + + return second_response_loaded \ No newline at end of file diff --git a/testing/tests/api_tests/linux_only/__init__.py b/testing/tests/api_tests/linux_only/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/testing/tests/api_tests/linux_only/conftest.py b/testing/tests/api_tests/linux_only/conftest.py new file mode 100644 index 00000000..65998f93 --- /dev/null +++ b/testing/tests/api_tests/linux_only/conftest.py @@ -0,0 +1,37 @@ +# conftest.py + +import os +import warnings +import pytest +import urllib3 + +# Disable SSL warnings +urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) + + +@pytest.fixture(autouse=True) +def suppress_insecure_request_warning(): + warnings.simplefilter("ignore", urllib3.exceptions.InsecureRequestWarning) + + +@pytest.fixture +def es_host(): + return os.getenv("ES_HOST", os.getenv("ELASTIC_HOST", "localhost")) + + +@pytest.fixture +def es_port(): + return os.getenv("ES_PORT", os.getenv("ELASTIC_PORT", "9200")) + + +@pytest.fixture +def username(): + return os.getenv("ES_USERNAME", os.getenv("ELASTIC_USERNAME", "elastic")) + + +@pytest.fixture +def password(): + return os.getenv( + "elastic", + os.getenv("ES_PASSWORD", os.getenv("ELASTIC_PASSWORD", "default_password")), + ) diff --git a/testing/tests/api_tests/linux_only/schemas/es_root.json b/testing/tests/api_tests/linux_only/schemas/es_root.json new file mode 100644 index 00000000..f529876c --- /dev/null +++ b/testing/tests/api_tests/linux_only/schemas/es_root.json @@ -0,0 +1,68 @@ +{ + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "cluster_name": { + "type": "string" + }, + "cluster_uuid": { + "type": "string" + }, + "version": { + "type": "object", + "properties": { + "number": { + "type": "string" + }, + "build_flavor": { + "type": "string" + }, + "build_type": { + "type": "string" + }, + "build_hash": { + "type": "string" + }, + "build_date": { + "type": "string", + "format": "date-time" + }, + "build_snapshot": { + "type": "boolean" + }, + "lucene_version": { + "type": "string" + }, + "minimum_wire_compatibility_version": { + "type": "string" + }, + "minimum_index_compatibility_version": { + "type": "string" + } + }, + "required": [ + "number", + "build_flavor", + "build_type", + "build_hash", + "build_date", + "build_snapshot", + "lucene_version", + "minimum_wire_compatibility_version", + "minimum_index_compatibility_version" + ] + }, + "tagline": { + "type": "string" + } + }, + "required": [ + "name", + "cluster_name", + "cluster_uuid", + "version", + "tagline" + ] +} \ No newline at end of file diff --git a/testing/tests/api_tests/linux_only/test_data/response.json b/testing/tests/api_tests/linux_only/test_data/response.json new file mode 100644 index 00000000..7a4f834d --- /dev/null +++ b/testing/tests/api_tests/linux_only/test_data/response.json @@ -0,0 +1,17 @@ +{ + "name" : "es01", + "cluster_name" : "loggingmadeeasy-es", + "cluster_uuid" : "1dhOid2uS5Ct41bytJ6P6Q", + "version" : { + "number" : "8.11.1", + "build_flavor" : "default", + "build_type" : "docker", + "build_hash" : "6f9ff581fbcde658e6f69d6ce03050f060d1fd0c", + "build_date" : "2023-11-11T10:05:59.421038163Z", + "build_snapshot" : false, + "lucene_version" : "9.8.0", + "minimum_wire_compatibility_version" : "7.17.0", + "minimum_index_compatibility_version" : "7.0.0" + }, + "tagline" : "You Know, for Search" + } diff --git a/testing/tests/api_tests/linux_only/test_server.py b/testing/tests/api_tests/linux_only/test_server.py new file mode 100644 index 00000000..9d80b91d --- /dev/null +++ b/testing/tests/api_tests/linux_only/test_server.py @@ -0,0 +1,101 @@ +import json +import warnings + +import pytest +from jsonschema import validate +from jsonschema.exceptions import ValidationError +import requests +from requests.auth import HTTPBasicAuth +import urllib3 +import os + +from api_tests.helpers import make_request, load_json_schema + +# Disable SSL warnings +urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) + +current_script_path = os.path.abspath(__file__) +current_script_dir = os.path.dirname(current_script_path) + + +def convertJsonFileToString(file_path): + with open(file_path, "r") as file: + return file.read() + + +@pytest.fixture(autouse=True) +def suppress_insecure_request_warning(): + warnings.simplefilter("ignore", urllib3.exceptions.InsecureRequestWarning) + + +def test_elastic_root(es_host, es_port, username, password): + url = f"https://{es_host}:{es_port}" + response = make_request(url, username, password) + assert response.status_code == 200, f"Expected 200, got {response.status_code}" + body = response.json() + + assert body["name"] == "es01", f"Expected 'es01', got {body['name']}" + assert ( + body["cluster_name"] == "loggingmadeeasy-es" + ), f"Expected 'loggingmadeeasy-es', got {body['cluster_name']}" + assert ( + body["version"]["number"] == "8.11.1" + ), f"Expected '8.11.1', got {body['version']['number']}" + assert ( + body["version"]["build_flavor"] == "default" + ), f"Expected 'default', got {body['version']['build_flavor']}" + assert ( + body["version"]["build_type"] == "docker" + ), f"Expected 'docker', got {body['version']['build_type']}" + assert ( + body["version"]["lucene_version"] == "9.8.0" + ), f"Expected '9.8.0', got {body['version']['lucene_version']}" + assert ( + body["version"]["minimum_wire_compatibility_version"] == "7.17.0" + ), f"Expected '7.17.0', got {body['version']['minimum_wire_compatibility_version']}" + assert ( + body["version"]["minimum_index_compatibility_version"] == "7.0.0" + ), f"Expected '7.0.0', got {body['version']['minimum_index_compatibility_version']}" + + # Validating JSON Response schema + schema = load_json_schema(f"{current_script_dir}/schemas/es_root.json") + validate(instance=response.json(), schema=schema) + + +def test_elastic_indices(es_host, es_port, username, password): + url = f"https://{es_host}:{es_port}/_cat/indices/" + response = make_request(url, username, password) + + assert response.status_code == 200, f"Expected 200, got {response.status_code}" + assert ( + "green open .internal.alerts-observability.logs.alerts-default" in response.text + ) + assert ( + "green open .internal.alerts-observability.uptime.alerts-default" + in response.text + ) + assert ( + "green open .internal.alerts-ml.anomaly-detection.alerts-default" + in response.text + ) + assert ( + "green open .internal.alerts-observability.slo.alerts-default" in response.text + ) + assert ( + "green open .internal.alerts-observability.apm.alerts-default" in response.text + ) + assert ( + "green open .internal.alerts-observability.metrics.alerts-default" + in response.text + ) + assert ( + "green open .kibana-observability-ai-assistant-conversations" in response.text + ) + assert "green open winlogbeat" in response.text + assert ( + "green open .internal.alerts-observability.threshold.alerts-default" + in response.text + ) + assert "green open .kibana-observability-ai-assistant-kb" in response.text + assert "green open .internal.alerts-security.alerts-default" in response.text + assert "green open .internal.alerts-stack.alerts-default" in response.text diff --git a/testing/tests/api_tests/winlogbeat/__init__.py b/testing/tests/api_tests/winlogbeat/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/testing/tests/api_tests/winlogbeat/conftest.py b/testing/tests/api_tests/winlogbeat/conftest.py new file mode 100644 index 00000000..65998f93 --- /dev/null +++ b/testing/tests/api_tests/winlogbeat/conftest.py @@ -0,0 +1,37 @@ +# conftest.py + +import os +import warnings +import pytest +import urllib3 + +# Disable SSL warnings +urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) + + +@pytest.fixture(autouse=True) +def suppress_insecure_request_warning(): + warnings.simplefilter("ignore", urllib3.exceptions.InsecureRequestWarning) + + +@pytest.fixture +def es_host(): + return os.getenv("ES_HOST", os.getenv("ELASTIC_HOST", "localhost")) + + +@pytest.fixture +def es_port(): + return os.getenv("ES_PORT", os.getenv("ELASTIC_PORT", "9200")) + + +@pytest.fixture +def username(): + return os.getenv("ES_USERNAME", os.getenv("ELASTIC_USERNAME", "elastic")) + + +@pytest.fixture +def password(): + return os.getenv( + "elastic", + os.getenv("ES_PASSWORD", os.getenv("ELASTIC_PASSWORD", "default_password")), + ) diff --git a/testing/tests/api_tests/winlogbeat/schemas/winlogbeat_search.json b/testing/tests/api_tests/winlogbeat/schemas/winlogbeat_search.json new file mode 100644 index 00000000..012907a8 --- /dev/null +++ b/testing/tests/api_tests/winlogbeat/schemas/winlogbeat_search.json @@ -0,0 +1,959 @@ +{ + "$schema": "http://json-schema.org/draft-07/schema#", + "title": "Generated schema for Root", + "type": "object", + "properties": { + "took": { + "type": "number" + }, + "timed_out": { + "type": "boolean" + }, + "_shards": { + "type": "object", + "properties": { + "total": { + "type": "number" + }, + "successful": { + "type": "number" + }, + "skipped": { + "type": "number" + }, + "failed": { + "type": "number" + } + }, + "required": [ + "total", + "successful", + "skipped", + "failed" + ] + }, + "hits": { + "type": "object", + "properties": { + "total": { + "type": "object", + "properties": { + "value": { + "type": "number" + }, + "relation": { + "type": "string" + } + }, + "required": [ + "value", + "relation" + ] + }, + "max_score": { + "type": "number" + }, + "hits": { + "type": "array", + "items": { + "type": "object", + "properties": { + "_index": { + "type": "string" + }, + "_id": { + "type": "string" + }, + "_score": { + "type": "number" + }, + "_ignored": { + "type": "array", + "items": { + "type": "string" + } + }, + "_source": { + "type": "object", + "properties": { + "agent": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "id": { + "type": "string" + }, + "ephemeral_id": { + "type": "string" + }, + "type": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "id", + "ephemeral_id", + "type", + "version" + ] + }, + "winlog": { + "type": "object", + "properties": { + "record_id": { + "type": "number" + }, + "computer_name": { + "type": "string" + }, + "event_id": { + "type": "string" + }, + "task": { + "type": "string" + }, + "keywords": { + "type": "array", + "items": { + "type": "string" + } + }, + "channel": { + "type": "string" + }, + "api": { + "type": "string" + }, + "event_data": { + "type": "object", + "properties": { + "RuleId": { + "type": "string" + }, + "RuleName": { + "type": "string" + }, + "RuleAttr": { + "type": "string" + }, + "ProfileUsed": { + "type": "string" + }, + "Binary": { + "type": "string" + }, + "param1": { + "type": "string" + }, + "param2": { + "type": "string" + }, + "MinimumPasswordLength": { + "type": "string" + }, + "MinimumPasswordLengthAudit": { + "type": "string" + }, + "IsTestConfig": { + "type": "string" + }, + "Config": { + "type": "string" + }, + "DriveName": { + "type": "string" + }, + "CorruptionActionState": { + "type": "string" + }, + "DeviceName": { + "type": "string" + }, + "DeviceVersionMinor": { + "type": "string" + }, + "DeviceTime": { + "type": "string" + }, + "DeviceVersionMajor": { + "type": "string" + }, + "DeviceNameLength": { + "type": "string" + }, + "FinalStatus": { + "type": "string" + }, + "MiniportName": { + "type": "string" + }, + "MiniportNameLen": { + "type": "string" + }, + "Status": { + "type": "string" + }, + "Version": { + "type": "string" + }, + "VersionLen": { + "type": "string" + }, + "Group": { + "type": "string" + }, + "Number": { + "type": "string" + }, + "MaximumPerformancePercent": { + "type": "string" + }, + "MinimumThrottlePercent": { + "type": "string" + }, + "MinimumPerformancePercent": { + "type": "string" + }, + "IdleImplementation": { + "type": "string" + }, + "PerformanceImplementation": { + "type": "string" + }, + "IdleStateCount": { + "type": "string" + }, + "NominalFrequency": { + "type": "string" + }, + "State": { + "type": "string" + }, + "Reason": { + "type": "string" + }, + "CountOld": { + "type": "string" + }, + "CountNew": { + "type": "string" + }, + "UpdateReason": { + "type": "string" + }, + "EnabledNew": { + "type": "string" + }, + "ExitBootServicesExit": { + "type": "string" + }, + "ResetEndStart": { + "type": "string" + }, + "LoadOSImageStart": { + "type": "string" + }, + "StartOSImageStart": { + "type": "string" + }, + "ExitBootServicesEntry": { + "type": "string" + }, + "BitlockerUserInputTime": { + "type": "string" + }, + "EntryCount": { + "type": "string" + }, + "LoadOptions": { + "type": "string" + }, + "BootType": { + "type": "string" + }, + "BootMenuPolicy": { + "type": "string" + }, + "LastBootGood": { + "type": "string" + }, + "LastBootId": { + "type": "string" + }, + "BootStatusPolicy": { + "type": "string" + }, + "LastShutdownGood": { + "type": "string" + }, + "EnableDisableReason": { + "type": "string" + }, + "VsmPolicy": { + "type": "string" + }, + "MajorVersion": { + "type": "string" + }, + "BootMode": { + "type": "string" + }, + "StartTime": { + "type": "string" + }, + "BuildVersion": { + "type": "string" + }, + "ServiceVersion": { + "type": "string" + }, + "MinorVersion": { + "type": "string" + }, + "QfeVersion": { + "type": "string" + }, + "StopTime": { + "type": "string" + }, + "ShutdownActionType": { + "type": "string" + }, + "ShutdownEventCode": { + "type": "string" + }, + "ShutdownReason": { + "type": "string" + }, + "param7": { + "type": "string" + }, + "param5": { + "type": "string" + }, + "param6": { + "type": "string" + }, + "param4": { + "type": "string" + }, + "VsmLaunchType": { + "type": "string" + }, + "RemoteEventLogging": { + "type": "string" + }, + "TestSigning": { + "type": "string" + }, + "HypervisorLoadOptions": { + "type": "string" + }, + "SubjectLogonId": { + "type": "string" + }, + "ConfigAccessPolicy": { + "type": "string" + }, + "FlightSigning": { + "type": "string" + }, + "AdvancedOptions": { + "type": "string" + }, + "SubjectUserName": { + "type": "string" + }, + "KernelDebug": { + "type": "string" + }, + "HypervisorLaunchType": { + "type": "string" + }, + "DisableIntegrityChecks": { + "type": "string" + }, + "SubjectDomainName": { + "type": "string" + }, + "HypervisorDebug": { + "type": "string" + }, + "SubjectUserSid": { + "type": "string" + }, + "TargetLogonId": { + "type": "string" + }, + "TargetProcessId": { + "type": "string" + }, + "TargetProcessName": { + "type": "string" + }, + "TargetUserName": { + "type": "string" + }, + "ProcessId": { + "type": "string" + }, + "TargetDomainName": { + "type": "string" + }, + "TargetUserSid": { + "type": "string" + }, + "MandatoryLabel": { + "type": "string" + }, + "ParentProcessName": { + "type": "string" + }, + "NewProcessId": { + "type": "string" + }, + "TokenElevationType": { + "type": "string" + }, + "NewProcessName": { + "type": "string" + }, + "CommandLine": { + "type": "string" + }, + "PrivilegeList": { + "type": "string" + }, + "ProcessName": { + "type": "string" + }, + "LogonGuid": { + "type": "string" + }, + "TargetOutboundDomainName": { + "type": "string" + }, + "VirtualAccount": { + "type": "string" + }, + "IpPort": { + "type": "string" + }, + "TransmittedServices": { + "type": "string" + }, + "LmPackageName": { + "type": "string" + }, + "RestrictedAdminMode": { + "type": "string" + }, + "ElevatedToken": { + "type": "string" + }, + "WorkstationName": { + "type": "string" + }, + "LogonProcessName": { + "type": "string" + }, + "LogonType": { + "type": "string" + }, + "KeyLength": { + "type": "string" + }, + "TargetOutboundUserName": { + "type": "string" + }, + "TargetLinkedLogonId": { + "type": "string" + }, + "IpAddress": { + "type": "string" + }, + "ImpersonationLevel": { + "type": "string" + }, + "AuthenticationPackageName": { + "type": "string" + }, + "CallerProcessId": { + "type": "string" + }, + "TargetSid": { + "type": "string" + }, + "CallerProcessName": { + "type": "string" + }, + "PreviousTime": { + "type": "string" + }, + "NewTime": { + "type": "string" + }, + "Win32Error": { + "type": "string" + }, + "Library": { + "type": "string" + }, + "TargetLogonGuid": { + "type": "string" + }, + "TargetInfo": { + "type": "string" + }, + "TargetServerName": { + "type": "string" + }, + "NotificationPackageName": { + "type": "string" + }, + "PuaCount": { + "type": "string" + }, + "PuaPolicyId": { + "type": "string" + }, + "SecurityPackageName": { + "type": "string" + }, + "Path": { + "type": "string" + }, + "ScriptBlockId": { + "type": "string" + }, + "MessageNumber": { + "type": "string" + }, + "ScriptBlockText": { + "type": "string" + }, + "MessageTotal": { + "type": "string" + }, + "Payload": { + "type": "string" + }, + "ContextInfo": { + "type": "string" + }, + "param3": { + "type": "string" + }, + "DnsHostName": { + "type": "string" + }, + "SidHistory": { + "type": "string" + }, + "LogonHours": { + "type": "string" + }, + "ScriptPath": { + "type": "string" + }, + "ServicePrincipalNames": { + "type": "string" + }, + "DisplayName": { + "type": "string" + }, + "HomePath": { + "type": "string" + }, + "AllowedToDelegateTo": { + "type": "string" + }, + "UserWorkstations": { + "type": "string" + }, + "SamAccountName": { + "type": "string" + }, + "OldUacValue": { + "type": "string" + }, + "UserParameters": { + "type": "string" + }, + "HomeDirectory": { + "type": "string" + }, + "NewUacValue": { + "type": "string" + }, + "PrimaryGroupId": { + "type": "string" + }, + "AccountExpires": { + "type": "string" + }, + "ProfilePath": { + "type": "string" + }, + "UserAccountControl": { + "type": "string" + }, + "PasswordLastSet": { + "type": "string" + }, + "ComputerAccountChange": { + "type": "string" + }, + "UserPrincipalName": { + "type": "string" + }, + "DwordVal": { + "type": "string" + }, + "OldTime": { + "type": "string" + }, + "ProcessID": { + "type": "string" + }, + "UserSid": { + "type": "string" + }, + "TSId": { + "type": "string" + }, + "MulticastFlowsEnabled": { + "type": "string" + }, + "LogSuccessfulConnectionsEnabled": { + "type": "string" + }, + "RemoteAdminEnabled": { + "type": "string" + }, + "LogDroppedPacketsEnabled": { + "type": "string" + }, + "OperationMode": { + "type": "string" + }, + "Profile": { + "type": "string" + }, + "GroupPolicyApplied": { + "type": "string" + }, + "ReasonForRejection": { + "type": "string" + }, + "param8": { + "type": "string" + }, + "param9": { + "type": "string" + }, + "param10": { + "type": "string" + }, + "param11": { + "type": "string" + }, + "param12": { + "type": "string" + }, + "AccessMask": { + "type": "string" + }, + "ResourceAttributes": { + "type": "string" + }, + "ObjectName": { + "type": "string" + }, + "ObjectType": { + "type": "string" + }, + "ObjectServer": { + "type": "string" + }, + "HandleId": { + "type": "string" + }, + "AccessList": { + "type": "string" + }, + "TransactionId": { + "type": "string" + }, + "AdditionalInfo": { + "type": "string" + }, + "Properties": { + "type": "string" + }, + "AdditionalInfo2": { + "type": "string" + }, + "OperationType": { + "type": "string" + }, + "TicketEncryptionType": { + "type": "string" + }, + "ServiceName": { + "type": "string" + }, + "TicketOptions": { + "type": "string" + }, + "ServiceSid": { + "type": "string" + }, + "ClientProcessId": { + "type": "string" + }, + "FQDN": { + "type": "string" + }, + "TaskName": { + "type": "string" + }, + "RpcCallClientLocality": { + "type": "string" + }, + "ParentProcessId": { + "type": "string" + }, + "ClientProcessStartKey": { + "type": "string" + }, + "TaskContentNew": { + "type": "string" + }, + "TaskContent": { + "type": "string" + }, + "PreAuthType": { + "type": "string" + }, + "Type": { + "type": "string" + }, + "ReadOperation": { + "type": "string" + }, + "ReturnCode": { + "type": "string" + }, + "CountOfCredentialsReturned": { + "type": "string" + }, + "ProcessCreationTime": { + "type": "string" + }, + "TargetName": { + "type": "string" + } + }, + "required": [] + }, + "opcode": { + "type": "string" + }, + "provider_name": { + "type": "string" + }, + "process": { + "type": "object", + "properties": { + "pid": { + "type": "number" + }, + "thread": { + "type": "object", + "properties": { + "id": { + "type": "number" + } + }, + "required": [ + "id" + ] + } + }, + "required": [ + "pid", + "thread" + ] + }, + "version": { + "type": "number" + }, + "provider_guid": { + "type": "string" + }, + "activity_id": { + "type": "string" + }, + "user": { + "type": "object", + "properties": { + "identifier": { + "type": "string" + }, + "domain": { + "type": "string" + }, + "name": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "required": [ + "identifier", + "domain", + "name", + "type" + ] + } + }, + "required": [ + "record_id", + "computer_name", + "event_id", + "task", + "channel", + "api", + "provider_name" + ] + }, + "@timestamp": { + "type": "string" + }, + "ecs": { + "type": "object", + "properties": { + "version": { + "type": "string" + } + }, + "required": [ + "version" + ] + }, + "log": { + "type": "object", + "properties": { + "level": { + "type": "string" + } + }, + "required": [ + "level" + ] + }, + "host": { + "type": "object", + "properties": { + "name": { + "type": "string" + } + }, + "required": [ + "name" + ] + }, + "@version": { + "type": "string" + }, + "message": { + "type": "string" + }, + "event": { + "type": "object", + "properties": { + "ingested": { + "type": "string" + }, + "code": { + "type": "string" + }, + "original": { + "type": "string" + }, + "provider": { + "type": "string" + }, + "created": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "action": { + "type": "string" + }, + "outcome": { + "type": "string" + } + }, + "required": [ + "ingested", + "code", + "provider", + "created", + "kind", + "action" + ] + }, + "tags": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "required": [ + "agent", + "winlog", + "@timestamp", + "ecs", + "log", + "host", + "@version", + "event", + "tags" + ] + } + }, + "required": [ + "_index", + "_id", + "_score", + "_source" + ] + } + } + }, + "required": [ + "total", + "max_score", + "hits" + ] + } + }, + "required": [ + "took", + "timed_out", + "_shards", + "hits" + ] + } \ No newline at end of file diff --git a/testing/tests/api_tests/winlogbeat/test_data/mapping_datafields.txt b/testing/tests/api_tests/winlogbeat/test_data/mapping_datafields.txt new file mode 100644 index 00000000..237898c0 --- /dev/null +++ b/testing/tests/api_tests/winlogbeat/test_data/mapping_datafields.txt @@ -0,0 +1,492 @@ +[ + "message", + "tags", + "agent.ephemeral_id", + "agent.id", + "agent.name", + "agent.type", + "agent.version", + "as.organization.name", + "client.address", + "client.as.organization.name", + "client.domain", + "client.geo.city_name", + "client.geo.continent_name", + "client.geo.country_iso_code", + "client.geo.country_name", + "client.geo.name", + "client.geo.region_iso_code", + "client.geo.region_name", + "client.mac", + "client.registered_domain", + "client.top_level_domain", + "client.user.domain", + "client.user.email", + "client.user.full_name", + "client.user.group.domain", + "client.user.group.id", + "client.user.group.name", + "client.user.hash", + "client.user.id", + "client.user.name", + "cloud.account.id", + "cloud.availability_zone", + "cloud.instance.id", + "cloud.instance.name", + "cloud.machine.type", + "cloud.provider", + "cloud.region", + "container.id", + "container.image.name", + "container.image.tag", + "container.name", + "container.runtime", + "destination.address", + "destination.as.organization.name", + "destination.domain", + "destination.geo.city_name", + "destination.geo.continent_name", + "destination.geo.country_iso_code", + "destination.geo.country_name", + "destination.geo.name", + "destination.geo.region_iso_code", + "destination.geo.region_name", + "destination.mac", + "destination.registered_domain", + "destination.top_level_domain", + "destination.user.domain", + "destination.user.email", + "destination.user.full_name", + "destination.user.group.domain", + "destination.user.group.id", + "destination.user.group.name", + "destination.user.hash", + "destination.user.id", + "destination.user.name", + "dns.answers.class", + "dns.answers.data", + "dns.answers.name", + "dns.answers.type", + "dns.header_flags", + "dns.id", + "dns.op_code", + "dns.question.class", + "dns.question.name", + "dns.question.registered_domain", + "dns.question.subdomain", + "dns.question.top_level_domain", + "dns.question.type", + "dns.response_code", + "dns.type", + "ecs.version", + "error.code", + "error.id", + "error.message", + "error.stack_trace", + "error.type", + "event.action", + "event.category", + "event.code", + "event.dataset", + "event.hash", + "event.id", + "event.kind", + "event.module", + "event.outcome", + "event.provider", + "event.timezone", + "event.type", + "file.device", + "file.directory", + "file.extension", + "file.gid", + "file.group", + "file.hash.md5", + "file.hash.sha1", + "file.hash.sha256", + "file.hash.sha512", + "file.inode", + "file.mode", + "file.name", + "file.owner", + "file.path", + "file.target_path", + "file.type", + "file.uid", + "geo.city_name", + "geo.continent_name", + "geo.country_iso_code", + "geo.country_name", + "geo.name", + "geo.region_iso_code", + "geo.region_name", + "group.domain", + "group.id", + "group.name", + "hash.md5", + "hash.sha1", + "hash.sha256", + "hash.sha512", + "host.architecture", + "host.geo.city_name", + "host.geo.continent_name", + "host.geo.country_iso_code", + "host.geo.country_name", + "host.geo.name", + "host.geo.region_iso_code", + "host.geo.region_name", + "host.hostname", + "host.id", + "host.mac", + "host.name", + "host.os.family", + "host.os.full", + "host.os.kernel", + "host.os.name", + "host.os.platform", + "host.os.version", + "host.type", + "host.user.domain", + "host.user.email", + "host.user.full_name", + "host.user.group.domain", + "host.user.group.id", + "host.user.group.name", + "host.user.hash", + "host.user.id", + "host.user.name", + "http.request.body.content", + "http.request.method", + "http.request.referrer", + "http.response.body.content", + "http.version", + "log.level", + "log.logger", + "log.origin.file.name", + "log.origin.function", + "log.syslog.facility.name", + "log.syslog.severity.name", + "network.application", + "network.community_id", + "network.direction", + "network.iana_number", + "network.name", + "network.protocol", + "network.transport", + "network.type", + "observer.geo.city_name", + "observer.geo.continent_name", + "observer.geo.country_iso_code", + "observer.geo.country_name", + "observer.geo.name", + "observer.geo.region_iso_code", + "observer.geo.region_name", + "observer.hostname", + "observer.mac", + "observer.name", + "observer.os.family", + "observer.os.full", + "observer.os.kernel", + "observer.os.name", + "observer.os.platform", + "observer.os.version", + "observer.product", + "observer.serial_number", + "observer.type", + "observer.vendor", + "observer.version", + "organization.id", + "organization.name", + "os.family", + "os.full", + "os.kernel", + "os.name", + "os.platform", + "os.version", + "package.architecture", + "package.checksum", + "package.description", + "package.install_scope", + "package.license", + "package.name", + "package.path", + "package.version", + "process.args", + "process.executable", + "process.hash.md5", + "process.hash.sha1", + "process.hash.sha256", + "process.hash.sha512", + "process.name", + "process.thread.name", + "process.title", + "process.working_directory", + "server.address", + "server.as.organization.name", + "server.domain", + "server.geo.city_name", + "server.geo.continent_name", + "server.geo.country_iso_code", + "server.geo.country_name", + "server.geo.name", + "server.geo.region_iso_code", + "server.geo.region_name", + "server.mac", + "server.registered_domain", + "server.top_level_domain", + "server.user.domain", + "server.user.email", + "server.user.full_name", + "server.user.group.domain", + "server.user.group.id", + "server.user.group.name", + "server.user.hash", + "server.user.id", + "server.user.name", + "service.ephemeral_id", + "service.id", + "service.name", + "service.node.name", + "service.state", + "service.type", + "service.version", + "source.address", + "source.as.organization.name", + "source.domain", + "source.geo.city_name", + "source.geo.continent_name", + "source.geo.country_iso_code", + "source.geo.country_name", + "source.geo.name", + "source.geo.region_iso_code", + "source.geo.region_name", + "source.mac", + "source.registered_domain", + "source.top_level_domain", + "source.user.domain", + "source.user.email", + "source.user.full_name", + "source.user.group.domain", + "source.user.group.id", + "source.user.group.name", + "source.user.hash", + "source.user.id", + "source.user.name", + "threat.framework", + "threat.tactic.id", + "threat.tactic.name", + "threat.tactic.reference", + "threat.technique.id", + "threat.technique.name", + "threat.technique.reference", + "trace.id", + "transaction.id", + "url.domain", + "url.extension", + "url.fragment", + "url.full", + "url.original", + "url.password", + "url.path", + "url.query", + "url.registered_domain", + "url.scheme", + "url.top_level_domain", + "url.username", + "user.domain", + "user.email", + "user.full_name", + "user.group.domain", + "user.group.id", + "user.group.name", + "user.hash", + "user.id", + "user.name", + "user_agent.device.name", + "user_agent.name", + "user_agent.original.text", + "user_agent.original", + "user_agent.os.family", + "user_agent.os.full", + "user_agent.os.kernel", + "user_agent.os.name", + "user_agent.os.platform", + "user_agent.os.version", + "user_agent.version", + "agent.hostname", + "timeseries.instance", + "cloud.image.id", + "host.os.build", + "host.os.codename", + "kubernetes.pod.name", + "kubernetes.pod.uid", + "kubernetes.namespace", + "kubernetes.node.name", + "kubernetes.node.hostname", + "kubernetes.replicaset.name", + "kubernetes.deployment.name", + "kubernetes.statefulset.name", + "kubernetes.container.name", + "jolokia.agent.version", + "jolokia.agent.id", + "jolokia.server.product", + "jolokia.server.version", + "jolokia.server.vendor", + "jolokia.url", + "event.original", + "winlog.api", + "winlog.activity_id", + "winlog.computer_name", + "winlog.event_data.AuthenticationPackageName", + "winlog.event_data.Binary", + "winlog.event_data.BitlockerUserInputTime", + "winlog.event_data.BootMode", + "winlog.event_data.BootType", + "winlog.event_data.BuildVersion", + "winlog.event_data.Company", + "winlog.event_data.CorruptionActionState", + "winlog.event_data.CreationUtcTime", + "winlog.event_data.Description", + "winlog.event_data.Detail", + "winlog.event_data.DeviceName", + "winlog.event_data.DeviceNameLength", + "winlog.event_data.DeviceTime", + "winlog.event_data.DeviceVersionMajor", + "winlog.event_data.DeviceVersionMinor", + "winlog.event_data.DriveName", + "winlog.event_data.DriverName", + "winlog.event_data.DriverNameLength", + "winlog.event_data.DwordVal", + "winlog.event_data.EntryCount", + "winlog.event_data.ExtraInfo", + "winlog.event_data.FailureName", + "winlog.event_data.FailureNameLength", + "winlog.event_data.FileVersion", + "winlog.event_data.FinalStatus", + "winlog.event_data.Group", + "winlog.event_data.IdleImplementation", + "winlog.event_data.IdleStateCount", + "winlog.event_data.ImpersonationLevel", + "winlog.event_data.IntegrityLevel", + "winlog.event_data.IpAddress", + "winlog.event_data.IpPort", + "winlog.event_data.KeyLength", + "winlog.event_data.LastBootGood", + "winlog.event_data.LastShutdownGood", + "winlog.event_data.LmPackageName", + "winlog.event_data.LogonGuid", + "winlog.event_data.LogonId", + "winlog.event_data.LogonProcessName", + "winlog.event_data.LogonType", + "winlog.event_data.MajorVersion", + "winlog.event_data.MaximumPerformancePercent", + "winlog.event_data.MemberName", + "winlog.event_data.MemberSid", + "winlog.event_data.MinimumPerformancePercent", + "winlog.event_data.MinimumThrottlePercent", + "winlog.event_data.MinorVersion", + "winlog.event_data.NewProcessId", + "winlog.event_data.NewProcessName", + "winlog.event_data.NewSchemeGuid", + "winlog.event_data.NewTime", + "winlog.event_data.NominalFrequency", + "winlog.event_data.Number", + "winlog.event_data.OldSchemeGuid", + "winlog.event_data.OldTime", + "winlog.event_data.OriginalFileName", + "winlog.event_data.Path", + "winlog.event_data.PerformanceImplementation", + "winlog.event_data.PreviousCreationUtcTime", + "winlog.event_data.PreviousTime", + "winlog.event_data.PrivilegeList", + "winlog.event_data.ProcessId", + "winlog.event_data.ProcessName", + "winlog.event_data.ProcessPath", + "winlog.event_data.ProcessPid", + "winlog.event_data.Product", + "winlog.event_data.PuaCount", + "winlog.event_data.PuaPolicyId", + "winlog.event_data.QfeVersion", + "winlog.event_data.Reason", + "winlog.event_data.SchemaVersion", + "winlog.event_data.ScriptBlockText", + "winlog.event_data.ServiceName", + "winlog.event_data.ServiceVersion", + "winlog.event_data.ShutdownActionType", + "winlog.event_data.ShutdownEventCode", + "winlog.event_data.ShutdownReason", + "winlog.event_data.Signature", + "winlog.event_data.SignatureStatus", + "winlog.event_data.Signed", + "winlog.event_data.StartTime", + "winlog.event_data.State", + "winlog.event_data.Status", + "winlog.event_data.StopTime", + "winlog.event_data.SubjectDomainName", + "winlog.event_data.SubjectLogonId", + "winlog.event_data.SubjectUserName", + "winlog.event_data.SubjectUserSid", + "winlog.event_data.TSId", + "winlog.event_data.TargetDomainName", + "winlog.event_data.TargetInfo", + "winlog.event_data.TargetLogonGuid", + "winlog.event_data.TargetLogonId", + "winlog.event_data.TargetServerName", + "winlog.event_data.TargetUserName", + "winlog.event_data.TargetUserSid", + "winlog.event_data.TerminalSessionId", + "winlog.event_data.TokenElevationType", + "winlog.event_data.TransmittedServices", + "winlog.event_data.UserSid", + "winlog.event_data.Version", + "winlog.event_data.Workstation", + "winlog.event_data.param1", + "winlog.event_data.param2", + "winlog.event_data.param3", + "winlog.event_data.param4", + "winlog.event_data.param5", + "winlog.event_data.param6", + "winlog.event_data.param7", + "winlog.event_data.param8", + "winlog.event_id", + "winlog.keywords", + "winlog.channel", + "winlog.record_id", + "winlog.related_activity_id", + "winlog.opcode", + "winlog.provider_guid", + "winlog.provider_name", + "winlog.task", + "winlog.user.identifier", + "winlog.user.name", + "winlog.user.domain", + "winlog.user.type", + "powershell.id", + "powershell.pipeline_id", + "powershell.runspace_id", + "powershell.command.path", + "powershell.command.name", + "powershell.command.type", + "powershell.command.value", + "powershell.command.invocation_details.type", + "powershell.command.invocation_details.related_command", + "powershell.command.invocation_details.name", + "powershell.command.invocation_details.value", + "powershell.connected_user.domain", + "powershell.connected_user.name", + "powershell.engine.version", + "powershell.engine.previous_state", + "powershell.engine.new_state", + "powershell.file.script_block_id", + "powershell.file.script_block_text", + "powershell.process.executable_version", + "powershell.provider.new_state", + "powershell.provider.name", + "winlog.logon.type", + "winlog.logon.id", + "winlog.logon.failure.reason", + "winlog.logon.failure.status", + "winlog.logon.failure.sub_status", + "sysmon.dns.status", + "fields.*", + ] \ No newline at end of file diff --git a/testing/tests/api_tests/winlogbeat/test_data/mapping_response.json b/testing/tests/api_tests/winlogbeat/test_data/mapping_response.json new file mode 100644 index 00000000..c66cd188 --- /dev/null +++ b/testing/tests/api_tests/winlogbeat/test_data/mapping_response.json @@ -0,0 +1,7379 @@ +{ + "winlogbeat-000001": { + "mappings": { + "_meta": { + "beat": "winlogbeat", + "version": "7.17.6" + }, + "dynamic_templates": [ + { + "labels": { + "path_match": "labels.*", + "match_mapping_type": "string", + "mapping": { + "type": "keyword" + } + } + }, + { + "container.labels": { + "path_match": "container.labels.*", + "match_mapping_type": "string", + "mapping": { + "type": "keyword" + } + } + }, + { + "fields": { + "path_match": "fields.*", + "match_mapping_type": "string", + "mapping": { + "type": "keyword" + } + } + }, + { + "docker.container.labels": { + "path_match": "docker.container.labels.*", + "match_mapping_type": "string", + "mapping": { + "type": "keyword" + } + } + }, + { + "kubernetes.labels.*": { + "path_match": "kubernetes.labels.*", + "mapping": { + "type": "keyword" + } + } + }, + { + "kubernetes.annotations.*": { + "path_match": "kubernetes.annotations.*", + "mapping": { + "type": "keyword" + } + } + }, + { + "kubernetes.selectors.*": { + "path_match": "kubernetes.selectors.*", + "mapping": { + "type": "keyword" + } + } + }, + { + "winlog.event_data": { + "path_match": "winlog.event_data.*", + "match_mapping_type": "string", + "mapping": { + "type": "keyword" + } + } + }, + { + "winlog.user_data": { + "path_match": "winlog.user_data.*", + "match_mapping_type": "string", + "mapping": { + "type": "keyword" + } + } + }, + { + "strings_as_keyword": { + "match_mapping_type": "string", + "mapping": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + ], + "date_detection": false, + "properties": { + "@timestamp": { + "type": "date" + }, + "@version": { + "type": "keyword", + "ignore_above": 1024 + }, + "agent": { + "properties": { + "build": { + "properties": { + "original": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "ephemeral_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "hostname": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "as": { + "properties": { + "number": { + "type": "long" + }, + "organization": { + "properties": { + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + } + } + } + } + }, + "client": { + "properties": { + "address": { + "type": "keyword", + "ignore_above": 1024 + }, + "as": { + "properties": { + "number": { + "type": "long" + }, + "organization": { + "properties": { + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + } + } + } + } + }, + "bytes": { + "type": "long" + }, + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "geo": { + "properties": { + "city_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "continent_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "continent_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country_iso_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "country_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "location": { + "type": "geo_point" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "postal_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "region_iso_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "region_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "timezone": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "ip": { + "type": "ip" + }, + "mac": { + "type": "keyword", + "ignore_above": 1024 + }, + "nat": { + "properties": { + "ip": { + "type": "ip" + }, + "port": { + "type": "long" + } + } + }, + "packets": { + "type": "long" + }, + "port": { + "type": "long" + }, + "registered_domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "subdomain": { + "type": "keyword", + "ignore_above": 1024 + }, + "top_level_domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "user": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "email": { + "type": "keyword", + "ignore_above": 1024 + }, + "full_name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "group": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "hash": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "roles": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + }, + "cloud": { + "properties": { + "account": { + "properties": { + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "availability_zone": { + "type": "keyword", + "ignore_above": 1024 + }, + "image": { + "properties": { + "id": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "instance": { + "properties": { + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "machine": { + "properties": { + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "project": { + "properties": { + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "provider": { + "type": "keyword", + "ignore_above": 1024 + }, + "region": { + "type": "keyword", + "ignore_above": 1024 + }, + "service": { + "properties": { + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + }, + "code_signature": { + "properties": { + "digest_algorithm": { + "type": "keyword", + "ignore_above": 1024 + }, + "exists": { + "type": "boolean" + }, + "signing_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "status": { + "type": "keyword", + "ignore_above": 1024 + }, + "subject_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "team_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "timestamp": { + "type": "date" + }, + "trusted": { + "type": "boolean" + }, + "valid": { + "type": "boolean" + } + } + }, + "container": { + "properties": { + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "image": { + "properties": { + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "tag": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "labels": { + "type": "object" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "runtime": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "data_stream": { + "properties": { + "dataset": { + "type": "constant_keyword" + }, + "namespace": { + "type": "constant_keyword" + }, + "type": { + "type": "constant_keyword" + } + } + }, + "destination": { + "properties": { + "address": { + "type": "keyword", + "ignore_above": 1024 + }, + "as": { + "properties": { + "number": { + "type": "long" + }, + "organization": { + "properties": { + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + } + } + } + } + }, + "bytes": { + "type": "long" + }, + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "geo": { + "properties": { + "city_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "continent_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "continent_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country_iso_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "country_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "location": { + "type": "geo_point" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "postal_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "region_iso_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "region_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "timezone": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "ip": { + "type": "ip" + }, + "mac": { + "type": "keyword", + "ignore_above": 1024 + }, + "nat": { + "properties": { + "ip": { + "type": "ip" + }, + "port": { + "type": "long" + } + } + }, + "packets": { + "type": "long" + }, + "port": { + "type": "long" + }, + "registered_domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "subdomain": { + "type": "keyword", + "ignore_above": 1024 + }, + "top_level_domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "user": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "email": { + "type": "keyword", + "ignore_above": 1024 + }, + "full_name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "group": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "hash": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "roles": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + }, + "dll": { + "properties": { + "code_signature": { + "properties": { + "digest_algorithm": { + "type": "keyword", + "ignore_above": 1024 + }, + "exists": { + "type": "boolean" + }, + "signing_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "status": { + "type": "keyword", + "ignore_above": 1024 + }, + "subject_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "team_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "timestamp": { + "type": "date" + }, + "trusted": { + "type": "boolean" + }, + "valid": { + "type": "boolean" + } + } + }, + "hash": { + "properties": { + "md5": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha1": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha256": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha512": { + "type": "keyword", + "ignore_above": 1024 + }, + "ssdeep": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "path": { + "type": "keyword", + "ignore_above": 1024 + }, + "pe": { + "properties": { + "architecture": { + "type": "keyword", + "ignore_above": 1024 + }, + "company": { + "type": "keyword", + "ignore_above": 1024 + }, + "description": { + "type": "keyword", + "ignore_above": 1024 + }, + "file_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "imphash": { + "type": "keyword", + "ignore_above": 1024 + }, + "original_file_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "product": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + }, + "dns": { + "properties": { + "answers": { + "properties": { + "class": { + "type": "keyword", + "ignore_above": 1024 + }, + "data": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "ttl": { + "type": "long" + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "header_flags": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "op_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "question": { + "properties": { + "class": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "registered_domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "subdomain": { + "type": "keyword", + "ignore_above": 1024 + }, + "top_level_domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "resolved_ip": { + "type": "ip" + }, + "response_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "docker": { + "properties": { + "container": { + "properties": { + "labels": { + "type": "object" + } + } + } + } + }, + "ecs": { + "properties": { + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "elf": { + "properties": { + "architecture": { + "type": "keyword", + "ignore_above": 1024 + }, + "byte_order": { + "type": "keyword", + "ignore_above": 1024 + }, + "cpu_type": { + "type": "keyword", + "ignore_above": 1024 + }, + "creation_date": { + "type": "date" + }, + "exports": { + "type": "flattened" + }, + "header": { + "properties": { + "abi_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "class": { + "type": "keyword", + "ignore_above": 1024 + }, + "data": { + "type": "keyword", + "ignore_above": 1024 + }, + "entrypoint": { + "type": "long" + }, + "object_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "os_abi": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "imports": { + "type": "flattened" + }, + "sections": { + "type": "nested", + "properties": { + "chi2": { + "type": "long" + }, + "entropy": { + "type": "long" + }, + "flags": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "physical_offset": { + "type": "keyword", + "ignore_above": 1024 + }, + "physical_size": { + "type": "long" + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "virtual_address": { + "type": "long" + }, + "virtual_size": { + "type": "long" + } + } + }, + "segments": { + "type": "nested", + "properties": { + "sections": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "shared_libraries": { + "type": "keyword", + "ignore_above": 1024 + }, + "telfhash": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "error": { + "properties": { + "code": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "message": { + "type": "match_only_text" + }, + "stack_trace": { + "type": "wildcard", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "event": { + "properties": { + "action": { + "type": "keyword", + "ignore_above": 1024 + }, + "agent_id_status": { + "type": "keyword", + "ignore_above": 1024 + }, + "category": { + "type": "keyword", + "ignore_above": 1024 + }, + "code": { + "type": "keyword", + "ignore_above": 1024 + }, + "created": { + "type": "date" + }, + "dataset": { + "type": "keyword", + "ignore_above": 1024 + }, + "duration": { + "type": "long" + }, + "end": { + "type": "date" + }, + "hash": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "ingested": { + "type": "date" + }, + "kind": { + "type": "keyword", + "ignore_above": 1024 + }, + "module": { + "type": "keyword", + "ignore_above": 1024 + }, + "original": { + "type": "keyword", + "ignore_above": 1024 + }, + "outcome": { + "type": "keyword", + "ignore_above": 1024 + }, + "provider": { + "type": "keyword", + "ignore_above": 1024 + }, + "reason": { + "type": "keyword", + "ignore_above": 1024 + }, + "reference": { + "type": "keyword", + "ignore_above": 1024 + }, + "risk_score": { + "type": "float" + }, + "risk_score_norm": { + "type": "float" + }, + "sequence": { + "type": "long" + }, + "severity": { + "type": "long" + }, + "start": { + "type": "date" + }, + "timezone": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "url": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "fields": { + "type": "object" + }, + "file": { + "properties": { + "accessed": { + "type": "date" + }, + "attributes": { + "type": "keyword", + "ignore_above": 1024 + }, + "code_signature": { + "properties": { + "digest_algorithm": { + "type": "keyword", + "ignore_above": 1024 + }, + "exists": { + "type": "boolean" + }, + "signing_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "status": { + "type": "keyword", + "ignore_above": 1024 + }, + "subject_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "team_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "timestamp": { + "type": "date" + }, + "trusted": { + "type": "boolean" + }, + "valid": { + "type": "boolean" + } + } + }, + "created": { + "type": "date" + }, + "ctime": { + "type": "date" + }, + "device": { + "type": "keyword", + "ignore_above": 1024 + }, + "directory": { + "type": "keyword", + "ignore_above": 1024 + }, + "drive_letter": { + "type": "keyword", + "ignore_above": 1 + }, + "elf": { + "properties": { + "architecture": { + "type": "keyword", + "ignore_above": 1024 + }, + "byte_order": { + "type": "keyword", + "ignore_above": 1024 + }, + "cpu_type": { + "type": "keyword", + "ignore_above": 1024 + }, + "creation_date": { + "type": "date" + }, + "exports": { + "type": "flattened" + }, + "header": { + "properties": { + "abi_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "class": { + "type": "keyword", + "ignore_above": 1024 + }, + "data": { + "type": "keyword", + "ignore_above": 1024 + }, + "entrypoint": { + "type": "long" + }, + "object_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "os_abi": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "imports": { + "type": "flattened" + }, + "sections": { + "type": "nested", + "properties": { + "chi2": { + "type": "long" + }, + "entropy": { + "type": "long" + }, + "flags": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "physical_offset": { + "type": "keyword", + "ignore_above": 1024 + }, + "physical_size": { + "type": "long" + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "virtual_address": { + "type": "long" + }, + "virtual_size": { + "type": "long" + } + } + }, + "segments": { + "type": "nested", + "properties": { + "sections": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "shared_libraries": { + "type": "keyword", + "ignore_above": 1024 + }, + "telfhash": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "extension": { + "type": "keyword", + "ignore_above": 1024 + }, + "fork_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "gid": { + "type": "keyword", + "ignore_above": 1024 + }, + "group": { + "type": "keyword", + "ignore_above": 1024 + }, + "hash": { + "properties": { + "md5": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha1": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha256": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha512": { + "type": "keyword", + "ignore_above": 1024 + }, + "ssdeep": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "inode": { + "type": "keyword", + "ignore_above": 1024 + }, + "mime_type": { + "type": "keyword", + "ignore_above": 1024 + }, + "mode": { + "type": "keyword", + "ignore_above": 1024 + }, + "mtime": { + "type": "date" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "owner": { + "type": "keyword", + "ignore_above": 1024 + }, + "path": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "pe": { + "properties": { + "architecture": { + "type": "keyword", + "ignore_above": 1024 + }, + "company": { + "type": "keyword", + "ignore_above": 1024 + }, + "description": { + "type": "keyword", + "ignore_above": 1024 + }, + "file_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "imphash": { + "type": "keyword", + "ignore_above": 1024 + }, + "original_file_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "product": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "size": { + "type": "long" + }, + "target_path": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "uid": { + "type": "keyword", + "ignore_above": 1024 + }, + "x509": { + "properties": { + "alternative_names": { + "type": "keyword", + "ignore_above": 1024 + }, + "issuer": { + "properties": { + "common_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country": { + "type": "keyword", + "ignore_above": 1024 + }, + "distinguished_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "locality": { + "type": "keyword", + "ignore_above": 1024 + }, + "organization": { + "type": "keyword", + "ignore_above": 1024 + }, + "organizational_unit": { + "type": "keyword", + "ignore_above": 1024 + }, + "state_or_province": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "not_after": { + "type": "date" + }, + "not_before": { + "type": "date" + }, + "public_key_algorithm": { + "type": "keyword", + "ignore_above": 1024 + }, + "public_key_curve": { + "type": "keyword", + "ignore_above": 1024 + }, + "public_key_exponent": { + "type": "long", + "index": false, + "doc_values": false + }, + "public_key_size": { + "type": "long" + }, + "serial_number": { + "type": "keyword", + "ignore_above": 1024 + }, + "signature_algorithm": { + "type": "keyword", + "ignore_above": 1024 + }, + "subject": { + "properties": { + "common_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country": { + "type": "keyword", + "ignore_above": 1024 + }, + "distinguished_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "locality": { + "type": "keyword", + "ignore_above": 1024 + }, + "organization": { + "type": "keyword", + "ignore_above": 1024 + }, + "organizational_unit": { + "type": "keyword", + "ignore_above": 1024 + }, + "state_or_province": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "version_number": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + }, + "geo": { + "properties": { + "city_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "continent_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "continent_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country_iso_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "country_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "location": { + "type": "geo_point" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "postal_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "region_iso_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "region_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "timezone": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "group": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "hash": { + "properties": { + "md5": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha1": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha256": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha512": { + "type": "keyword", + "ignore_above": 1024 + }, + "ssdeep": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "host": { + "properties": { + "architecture": { + "type": "keyword", + "ignore_above": 1024 + }, + "containerized": { + "type": "boolean" + }, + "cpu": { + "properties": { + "usage": { + "type": "scaled_float", + "scaling_factor": 1000.0 + } + } + }, + "disk": { + "properties": { + "read": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "write": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + }, + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "geo": { + "properties": { + "city_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "continent_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "continent_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country_iso_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "country_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "location": { + "type": "geo_point" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "postal_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "region_iso_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "region_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "timezone": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "hostname": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "ip": { + "type": "ip" + }, + "mac": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "network": { + "properties": { + "egress": { + "properties": { + "bytes": { + "type": "long" + }, + "packets": { + "type": "long" + } + } + }, + "ingress": { + "properties": { + "bytes": { + "type": "long" + }, + "packets": { + "type": "long" + } + } + } + } + }, + "os": { + "properties": { + "build": { + "type": "keyword", + "ignore_above": 1024 + }, + "codename": { + "type": "keyword", + "ignore_above": 1024 + }, + "family": { + "type": "keyword", + "ignore_above": 1024 + }, + "full": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "kernel": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "platform": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "uptime": { + "type": "long" + }, + "user": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "email": { + "type": "keyword", + "ignore_above": 1024 + }, + "full_name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "group": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "hash": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "roles": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + }, + "http": { + "properties": { + "request": { + "properties": { + "body": { + "properties": { + "bytes": { + "type": "long" + }, + "content": { + "type": "wildcard", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + } + } + }, + "bytes": { + "type": "long" + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "method": { + "type": "keyword", + "ignore_above": 1024 + }, + "mime_type": { + "type": "keyword", + "ignore_above": 1024 + }, + "referrer": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "response": { + "properties": { + "body": { + "properties": { + "bytes": { + "type": "long" + }, + "content": { + "type": "wildcard", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + } + } + }, + "bytes": { + "type": "long" + }, + "mime_type": { + "type": "keyword", + "ignore_above": 1024 + }, + "status_code": { + "type": "long" + } + } + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "interface": { + "properties": { + "alias": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "jolokia": { + "properties": { + "agent": { + "properties": { + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "secured": { + "type": "boolean" + }, + "server": { + "properties": { + "product": { + "type": "keyword", + "ignore_above": 1024 + }, + "vendor": { + "type": "keyword", + "ignore_above": 1024 + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "url": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "kubernetes": { + "properties": { + "annotations": { + "properties": { + "*": { + "type": "object" + } + } + }, + "container": { + "properties": { + "image": { + "type": "alias", + "path": "container.image.name" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "deployment": { + "properties": { + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "labels": { + "properties": { + "*": { + "type": "object" + } + } + }, + "namespace": { + "type": "keyword", + "ignore_above": 1024 + }, + "node": { + "properties": { + "hostname": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "pod": { + "properties": { + "ip": { + "type": "ip" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "uid": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "replicaset": { + "properties": { + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "selectors": { + "properties": { + "*": { + "type": "object" + } + } + }, + "statefulset": { + "properties": { + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + }, + "labels": { + "type": "object" + }, + "log": { + "properties": { + "file": { + "properties": { + "path": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "level": { + "type": "keyword", + "ignore_above": 1024 + }, + "logger": { + "type": "keyword", + "ignore_above": 1024 + }, + "origin": { + "properties": { + "file": { + "properties": { + "line": { + "type": "long" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "function": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "original": { + "type": "keyword", + "index": false, + "doc_values": false, + "ignore_above": 1024 + }, + "syslog": { + "properties": { + "facility": { + "properties": { + "code": { + "type": "long" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "priority": { + "type": "long" + }, + "severity": { + "properties": { + "code": { + "type": "long" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + } + } + }, + "message": { + "type": "match_only_text" + }, + "network": { + "properties": { + "application": { + "type": "keyword", + "ignore_above": 1024 + }, + "bytes": { + "type": "long" + }, + "community_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "direction": { + "type": "keyword", + "ignore_above": 1024 + }, + "forwarded_ip": { + "type": "ip" + }, + "iana_number": { + "type": "keyword", + "ignore_above": 1024 + }, + "inner": { + "properties": { + "vlan": { + "properties": { + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "packets": { + "type": "long" + }, + "protocol": { + "type": "keyword", + "ignore_above": 1024 + }, + "transport": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "vlan": { + "properties": { + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + }, + "observer": { + "properties": { + "egress": { + "properties": { + "interface": { + "properties": { + "alias": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "vlan": { + "properties": { + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "zone": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "geo": { + "properties": { + "city_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "continent_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "continent_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country_iso_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "country_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "location": { + "type": "geo_point" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "postal_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "region_iso_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "region_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "timezone": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "hostname": { + "type": "keyword", + "ignore_above": 1024 + }, + "ingress": { + "properties": { + "interface": { + "properties": { + "alias": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "vlan": { + "properties": { + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "zone": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "ip": { + "type": "ip" + }, + "mac": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "os": { + "properties": { + "family": { + "type": "keyword", + "ignore_above": 1024 + }, + "full": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "kernel": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "platform": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "product": { + "type": "keyword", + "ignore_above": 1024 + }, + "serial_number": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "vendor": { + "type": "keyword", + "ignore_above": 1024 + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "orchestrator": { + "properties": { + "api_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "cluster": { + "properties": { + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "url": { + "type": "keyword", + "ignore_above": 1024 + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "namespace": { + "type": "keyword", + "ignore_above": 1024 + }, + "organization": { + "type": "keyword", + "ignore_above": 1024 + }, + "resource": { + "properties": { + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "organization": { + "properties": { + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + } + } + }, + "os": { + "properties": { + "family": { + "type": "keyword", + "ignore_above": 1024 + }, + "full": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "kernel": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "platform": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "package": { + "properties": { + "architecture": { + "type": "keyword", + "ignore_above": 1024 + }, + "build_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "checksum": { + "type": "keyword", + "ignore_above": 1024 + }, + "description": { + "type": "keyword", + "ignore_above": 1024 + }, + "install_scope": { + "type": "keyword", + "ignore_above": 1024 + }, + "installed": { + "type": "date" + }, + "license": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "path": { + "type": "keyword", + "ignore_above": 1024 + }, + "reference": { + "type": "keyword", + "ignore_above": 1024 + }, + "size": { + "type": "long" + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "pe": { + "properties": { + "architecture": { + "type": "keyword", + "ignore_above": 1024 + }, + "company": { + "type": "keyword", + "ignore_above": 1024 + }, + "description": { + "type": "keyword", + "ignore_above": 1024 + }, + "file_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "imphash": { + "type": "keyword", + "ignore_above": 1024 + }, + "original_file_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "product": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "powershell": { + "properties": { + "command": { + "properties": { + "invocation_details": { + "properties": { + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "related_command": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "value": { + "type": "text", + "norms": false + } + } + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "path": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "value": { + "type": "text", + "norms": false + } + } + }, + "connected_user": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "engine": { + "properties": { + "new_state": { + "type": "keyword", + "ignore_above": 1024 + }, + "previous_state": { + "type": "keyword", + "ignore_above": 1024 + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "file": { + "properties": { + "script_block_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "script_block_text": { + "type": "text", + "norms": false + } + } + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "pipeline_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "process": { + "properties": { + "executable_version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "provider": { + "properties": { + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "new_state": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "runspace_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "sequence": { + "type": "long" + }, + "total": { + "type": "long" + } + } + }, + "process": { + "properties": { + "args": { + "type": "keyword", + "ignore_above": 1024 + }, + "args_count": { + "type": "long" + }, + "code_signature": { + "properties": { + "digest_algorithm": { + "type": "keyword", + "ignore_above": 1024 + }, + "exists": { + "type": "boolean" + }, + "signing_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "status": { + "type": "keyword", + "ignore_above": 1024 + }, + "subject_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "team_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "timestamp": { + "type": "date" + }, + "trusted": { + "type": "boolean" + }, + "valid": { + "type": "boolean" + } + } + }, + "command_line": { + "type": "wildcard", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "elf": { + "properties": { + "architecture": { + "type": "keyword", + "ignore_above": 1024 + }, + "byte_order": { + "type": "keyword", + "ignore_above": 1024 + }, + "cpu_type": { + "type": "keyword", + "ignore_above": 1024 + }, + "creation_date": { + "type": "date" + }, + "exports": { + "type": "flattened" + }, + "header": { + "properties": { + "abi_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "class": { + "type": "keyword", + "ignore_above": 1024 + }, + "data": { + "type": "keyword", + "ignore_above": 1024 + }, + "entrypoint": { + "type": "long" + }, + "object_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "os_abi": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "imports": { + "type": "flattened" + }, + "sections": { + "type": "nested", + "properties": { + "chi2": { + "type": "long" + }, + "entropy": { + "type": "long" + }, + "flags": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "physical_offset": { + "type": "keyword", + "ignore_above": 1024 + }, + "physical_size": { + "type": "long" + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "virtual_address": { + "type": "long" + }, + "virtual_size": { + "type": "long" + } + } + }, + "segments": { + "type": "nested", + "properties": { + "sections": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "shared_libraries": { + "type": "keyword", + "ignore_above": 1024 + }, + "telfhash": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "end": { + "type": "date" + }, + "entity_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "executable": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "exit_code": { + "type": "long" + }, + "hash": { + "properties": { + "md5": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha1": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha256": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha512": { + "type": "keyword", + "ignore_above": 1024 + }, + "ssdeep": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "parent": { + "properties": { + "args": { + "type": "keyword", + "ignore_above": 1024 + }, + "args_count": { + "type": "long" + }, + "code_signature": { + "properties": { + "digest_algorithm": { + "type": "keyword", + "ignore_above": 1024 + }, + "exists": { + "type": "boolean" + }, + "signing_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "status": { + "type": "keyword", + "ignore_above": 1024 + }, + "subject_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "team_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "timestamp": { + "type": "date" + }, + "trusted": { + "type": "boolean" + }, + "valid": { + "type": "boolean" + } + } + }, + "command_line": { + "type": "wildcard", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "elf": { + "properties": { + "architecture": { + "type": "keyword", + "ignore_above": 1024 + }, + "byte_order": { + "type": "keyword", + "ignore_above": 1024 + }, + "cpu_type": { + "type": "keyword", + "ignore_above": 1024 + }, + "creation_date": { + "type": "date" + }, + "exports": { + "type": "flattened" + }, + "header": { + "properties": { + "abi_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "class": { + "type": "keyword", + "ignore_above": 1024 + }, + "data": { + "type": "keyword", + "ignore_above": 1024 + }, + "entrypoint": { + "type": "long" + }, + "object_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "os_abi": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "imports": { + "type": "flattened" + }, + "sections": { + "type": "nested", + "properties": { + "chi2": { + "type": "long" + }, + "entropy": { + "type": "long" + }, + "flags": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "physical_offset": { + "type": "keyword", + "ignore_above": 1024 + }, + "physical_size": { + "type": "long" + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "virtual_address": { + "type": "long" + }, + "virtual_size": { + "type": "long" + } + } + }, + "segments": { + "type": "nested", + "properties": { + "sections": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "shared_libraries": { + "type": "keyword", + "ignore_above": 1024 + }, + "telfhash": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "end": { + "type": "date" + }, + "entity_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "executable": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "exit_code": { + "type": "long" + }, + "hash": { + "properties": { + "md5": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha1": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha256": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha512": { + "type": "keyword", + "ignore_above": 1024 + }, + "ssdeep": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "pe": { + "properties": { + "architecture": { + "type": "keyword", + "ignore_above": 1024 + }, + "company": { + "type": "keyword", + "ignore_above": 1024 + }, + "description": { + "type": "keyword", + "ignore_above": 1024 + }, + "file_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "imphash": { + "type": "keyword", + "ignore_above": 1024 + }, + "original_file_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "product": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "pgid": { + "type": "long" + }, + "pid": { + "type": "long" + }, + "ppid": { + "type": "long" + }, + "start": { + "type": "date" + }, + "thread": { + "properties": { + "id": { + "type": "long" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "title": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "uptime": { + "type": "long" + }, + "working_directory": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + } + } + }, + "pe": { + "properties": { + "architecture": { + "type": "keyword", + "ignore_above": 1024 + }, + "company": { + "type": "keyword", + "ignore_above": 1024 + }, + "description": { + "type": "keyword", + "ignore_above": 1024 + }, + "file_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "imphash": { + "type": "keyword", + "ignore_above": 1024 + }, + "original_file_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "product": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "pgid": { + "type": "long" + }, + "pid": { + "type": "long" + }, + "ppid": { + "type": "long" + }, + "start": { + "type": "date" + }, + "thread": { + "properties": { + "id": { + "type": "long" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "title": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "uptime": { + "type": "long" + }, + "working_directory": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + } + } + }, + "registry": { + "properties": { + "data": { + "properties": { + "bytes": { + "type": "keyword", + "ignore_above": 1024 + }, + "strings": { + "type": "wildcard", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "hive": { + "type": "keyword", + "ignore_above": 1024 + }, + "key": { + "type": "keyword", + "ignore_above": 1024 + }, + "path": { + "type": "keyword", + "ignore_above": 1024 + }, + "value": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "related": { + "properties": { + "hash": { + "type": "keyword", + "ignore_above": 1024 + }, + "hosts": { + "type": "keyword", + "ignore_above": 1024 + }, + "ip": { + "type": "ip" + }, + "user": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "rule": { + "properties": { + "author": { + "type": "keyword", + "ignore_above": 1024 + }, + "category": { + "type": "keyword", + "ignore_above": 1024 + }, + "description": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "license": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "reference": { + "type": "keyword", + "ignore_above": 1024 + }, + "ruleset": { + "type": "keyword", + "ignore_above": 1024 + }, + "uuid": { + "type": "keyword", + "ignore_above": 1024 + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "server": { + "properties": { + "address": { + "type": "keyword", + "ignore_above": 1024 + }, + "as": { + "properties": { + "number": { + "type": "long" + }, + "organization": { + "properties": { + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + } + } + } + } + }, + "bytes": { + "type": "long" + }, + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "geo": { + "properties": { + "city_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "continent_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "continent_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country_iso_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "country_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "location": { + "type": "geo_point" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "postal_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "region_iso_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "region_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "timezone": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "ip": { + "type": "ip" + }, + "mac": { + "type": "keyword", + "ignore_above": 1024 + }, + "nat": { + "properties": { + "ip": { + "type": "ip" + }, + "port": { + "type": "long" + } + } + }, + "packets": { + "type": "long" + }, + "port": { + "type": "long" + }, + "registered_domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "subdomain": { + "type": "keyword", + "ignore_above": 1024 + }, + "top_level_domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "user": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "email": { + "type": "keyword", + "ignore_above": 1024 + }, + "full_name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "group": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "hash": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "roles": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + }, + "service": { + "properties": { + "address": { + "type": "keyword", + "ignore_above": 1024 + }, + "environment": { + "type": "keyword", + "ignore_above": 1024 + }, + "ephemeral_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "node": { + "properties": { + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "state": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "source": { + "properties": { + "address": { + "type": "keyword", + "ignore_above": 1024 + }, + "as": { + "properties": { + "number": { + "type": "long" + }, + "organization": { + "properties": { + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + } + } + } + } + }, + "bytes": { + "type": "long" + }, + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "geo": { + "properties": { + "city_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "continent_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "continent_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country_iso_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "country_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "location": { + "type": "geo_point" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "postal_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "region_iso_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "region_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "timezone": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "ip": { + "type": "ip" + }, + "mac": { + "type": "keyword", + "ignore_above": 1024 + }, + "nat": { + "properties": { + "ip": { + "type": "ip" + }, + "port": { + "type": "long" + } + } + }, + "packets": { + "type": "long" + }, + "port": { + "type": "long" + }, + "registered_domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "subdomain": { + "type": "keyword", + "ignore_above": 1024 + }, + "top_level_domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "user": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "email": { + "type": "keyword", + "ignore_above": 1024 + }, + "full_name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "group": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "hash": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "roles": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + }, + "span": { + "properties": { + "id": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "sysmon": { + "properties": { + "dns": { + "properties": { + "status": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "file": { + "properties": { + "archived": { + "type": "boolean" + }, + "is_executable": { + "type": "boolean" + } + } + } + } + }, + "tags": { + "type": "keyword", + "ignore_above": 1024 + }, + "threat": { + "properties": { + "enrichments": { + "type": "nested", + "properties": { + "indicator": { + "properties": { + "as": { + "properties": { + "number": { + "type": "long" + }, + "organization": { + "properties": { + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + } + } + } + } + }, + "confidence": { + "type": "keyword", + "ignore_above": 1024 + }, + "description": { + "type": "keyword", + "ignore_above": 1024 + }, + "email": { + "properties": { + "address": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "file": { + "properties": { + "accessed": { + "type": "date" + }, + "attributes": { + "type": "keyword", + "ignore_above": 1024 + }, + "code_signature": { + "properties": { + "digest_algorithm": { + "type": "keyword", + "ignore_above": 1024 + }, + "exists": { + "type": "boolean" + }, + "signing_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "status": { + "type": "keyword", + "ignore_above": 1024 + }, + "subject_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "team_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "timestamp": { + "type": "date" + }, + "trusted": { + "type": "boolean" + }, + "valid": { + "type": "boolean" + } + } + }, + "created": { + "type": "date" + }, + "ctime": { + "type": "date" + }, + "device": { + "type": "keyword", + "ignore_above": 1024 + }, + "directory": { + "type": "keyword", + "ignore_above": 1024 + }, + "drive_letter": { + "type": "keyword", + "ignore_above": 1 + }, + "elf": { + "properties": { + "architecture": { + "type": "keyword", + "ignore_above": 1024 + }, + "byte_order": { + "type": "keyword", + "ignore_above": 1024 + }, + "cpu_type": { + "type": "keyword", + "ignore_above": 1024 + }, + "creation_date": { + "type": "date" + }, + "exports": { + "type": "flattened" + }, + "header": { + "properties": { + "abi_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "class": { + "type": "keyword", + "ignore_above": 1024 + }, + "data": { + "type": "keyword", + "ignore_above": 1024 + }, + "entrypoint": { + "type": "long" + }, + "object_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "os_abi": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "imports": { + "type": "flattened" + }, + "sections": { + "type": "nested", + "properties": { + "chi2": { + "type": "long" + }, + "entropy": { + "type": "long" + }, + "flags": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "physical_offset": { + "type": "keyword", + "ignore_above": 1024 + }, + "physical_size": { + "type": "long" + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "virtual_address": { + "type": "long" + }, + "virtual_size": { + "type": "long" + } + } + }, + "segments": { + "type": "nested", + "properties": { + "sections": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "shared_libraries": { + "type": "keyword", + "ignore_above": 1024 + }, + "telfhash": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "extension": { + "type": "keyword", + "ignore_above": 1024 + }, + "fork_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "gid": { + "type": "keyword", + "ignore_above": 1024 + }, + "group": { + "type": "keyword", + "ignore_above": 1024 + }, + "hash": { + "properties": { + "md5": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha1": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha256": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha512": { + "type": "keyword", + "ignore_above": 1024 + }, + "ssdeep": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "inode": { + "type": "keyword", + "ignore_above": 1024 + }, + "mime_type": { + "type": "keyword", + "ignore_above": 1024 + }, + "mode": { + "type": "keyword", + "ignore_above": 1024 + }, + "mtime": { + "type": "date" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "owner": { + "type": "keyword", + "ignore_above": 1024 + }, + "path": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "pe": { + "properties": { + "architecture": { + "type": "keyword", + "ignore_above": 1024 + }, + "company": { + "type": "keyword", + "ignore_above": 1024 + }, + "description": { + "type": "keyword", + "ignore_above": 1024 + }, + "file_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "imphash": { + "type": "keyword", + "ignore_above": 1024 + }, + "original_file_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "product": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "size": { + "type": "long" + }, + "target_path": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "uid": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "first_seen": { + "type": "date" + }, + "geo": { + "properties": { + "city_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "continent_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "continent_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country_iso_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "country_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "location": { + "type": "geo_point" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "postal_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "region_iso_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "region_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "timezone": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "ip": { + "type": "ip" + }, + "last_seen": { + "type": "date" + }, + "marking": { + "properties": { + "tlp": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "modified_at": { + "type": "date" + }, + "port": { + "type": "long" + }, + "provider": { + "type": "keyword", + "ignore_above": 1024 + }, + "reference": { + "type": "keyword", + "ignore_above": 1024 + }, + "registry": { + "properties": { + "data": { + "properties": { + "bytes": { + "type": "keyword", + "ignore_above": 1024 + }, + "strings": { + "type": "wildcard", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "hive": { + "type": "keyword", + "ignore_above": 1024 + }, + "key": { + "type": "keyword", + "ignore_above": 1024 + }, + "path": { + "type": "keyword", + "ignore_above": 1024 + }, + "value": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "scanner_stats": { + "type": "long" + }, + "sightings": { + "type": "long" + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "url": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "extension": { + "type": "keyword", + "ignore_above": 1024 + }, + "fragment": { + "type": "keyword", + "ignore_above": 1024 + }, + "full": { + "type": "wildcard", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "original": { + "type": "wildcard", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "password": { + "type": "keyword", + "ignore_above": 1024 + }, + "path": { + "type": "wildcard", + "ignore_above": 1024 + }, + "port": { + "type": "long" + }, + "query": { + "type": "keyword", + "ignore_above": 1024 + }, + "registered_domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "scheme": { + "type": "keyword", + "ignore_above": 1024 + }, + "subdomain": { + "type": "keyword", + "ignore_above": 1024 + }, + "top_level_domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "username": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "x509": { + "properties": { + "alternative_names": { + "type": "keyword", + "ignore_above": 1024 + }, + "issuer": { + "properties": { + "common_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country": { + "type": "keyword", + "ignore_above": 1024 + }, + "distinguished_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "locality": { + "type": "keyword", + "ignore_above": 1024 + }, + "organization": { + "type": "keyword", + "ignore_above": 1024 + }, + "organizational_unit": { + "type": "keyword", + "ignore_above": 1024 + }, + "state_or_province": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "not_after": { + "type": "date" + }, + "not_before": { + "type": "date" + }, + "public_key_algorithm": { + "type": "keyword", + "ignore_above": 1024 + }, + "public_key_curve": { + "type": "keyword", + "ignore_above": 1024 + }, + "public_key_exponent": { + "type": "long", + "index": false, + "doc_values": false + }, + "public_key_size": { + "type": "long" + }, + "serial_number": { + "type": "keyword", + "ignore_above": 1024 + }, + "signature_algorithm": { + "type": "keyword", + "ignore_above": 1024 + }, + "subject": { + "properties": { + "common_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country": { + "type": "keyword", + "ignore_above": 1024 + }, + "distinguished_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "locality": { + "type": "keyword", + "ignore_above": 1024 + }, + "organization": { + "type": "keyword", + "ignore_above": 1024 + }, + "organizational_unit": { + "type": "keyword", + "ignore_above": 1024 + }, + "state_or_province": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "version_number": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + }, + "matched": { + "properties": { + "atomic": { + "type": "keyword", + "ignore_above": 1024 + }, + "field": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "index": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + }, + "framework": { + "type": "keyword", + "ignore_above": 1024 + }, + "group": { + "properties": { + "alias": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "reference": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "indicator": { + "properties": { + "as": { + "properties": { + "number": { + "type": "long" + }, + "organization": { + "properties": { + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + } + } + } + } + }, + "confidence": { + "type": "keyword", + "ignore_above": 1024 + }, + "description": { + "type": "keyword", + "ignore_above": 1024 + }, + "email": { + "properties": { + "address": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "file": { + "properties": { + "accessed": { + "type": "date" + }, + "attributes": { + "type": "keyword", + "ignore_above": 1024 + }, + "code_signature": { + "properties": { + "digest_algorithm": { + "type": "keyword", + "ignore_above": 1024 + }, + "exists": { + "type": "boolean" + }, + "signing_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "status": { + "type": "keyword", + "ignore_above": 1024 + }, + "subject_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "team_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "timestamp": { + "type": "date" + }, + "trusted": { + "type": "boolean" + }, + "valid": { + "type": "boolean" + } + } + }, + "created": { + "type": "date" + }, + "ctime": { + "type": "date" + }, + "device": { + "type": "keyword", + "ignore_above": 1024 + }, + "directory": { + "type": "keyword", + "ignore_above": 1024 + }, + "drive_letter": { + "type": "keyword", + "ignore_above": 1 + }, + "elf": { + "properties": { + "architecture": { + "type": "keyword", + "ignore_above": 1024 + }, + "byte_order": { + "type": "keyword", + "ignore_above": 1024 + }, + "cpu_type": { + "type": "keyword", + "ignore_above": 1024 + }, + "creation_date": { + "type": "date" + }, + "exports": { + "type": "flattened" + }, + "header": { + "properties": { + "abi_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "class": { + "type": "keyword", + "ignore_above": 1024 + }, + "data": { + "type": "keyword", + "ignore_above": 1024 + }, + "entrypoint": { + "type": "long" + }, + "object_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "os_abi": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "imports": { + "type": "flattened" + }, + "sections": { + "type": "nested", + "properties": { + "chi2": { + "type": "long" + }, + "entropy": { + "type": "long" + }, + "flags": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "physical_offset": { + "type": "keyword", + "ignore_above": 1024 + }, + "physical_size": { + "type": "long" + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "virtual_address": { + "type": "long" + }, + "virtual_size": { + "type": "long" + } + } + }, + "segments": { + "type": "nested", + "properties": { + "sections": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "shared_libraries": { + "type": "keyword", + "ignore_above": 1024 + }, + "telfhash": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "extension": { + "type": "keyword", + "ignore_above": 1024 + }, + "fork_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "gid": { + "type": "keyword", + "ignore_above": 1024 + }, + "group": { + "type": "keyword", + "ignore_above": 1024 + }, + "hash": { + "properties": { + "md5": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha1": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha256": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha512": { + "type": "keyword", + "ignore_above": 1024 + }, + "ssdeep": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "inode": { + "type": "keyword", + "ignore_above": 1024 + }, + "mime_type": { + "type": "keyword", + "ignore_above": 1024 + }, + "mode": { + "type": "keyword", + "ignore_above": 1024 + }, + "mtime": { + "type": "date" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "owner": { + "type": "keyword", + "ignore_above": 1024 + }, + "path": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "pe": { + "properties": { + "architecture": { + "type": "keyword", + "ignore_above": 1024 + }, + "company": { + "type": "keyword", + "ignore_above": 1024 + }, + "description": { + "type": "keyword", + "ignore_above": 1024 + }, + "file_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "imphash": { + "type": "keyword", + "ignore_above": 1024 + }, + "original_file_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "product": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "size": { + "type": "long" + }, + "target_path": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "uid": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "first_seen": { + "type": "date" + }, + "geo": { + "properties": { + "city_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "continent_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "continent_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country_iso_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "country_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "location": { + "type": "geo_point" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "postal_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "region_iso_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "region_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "timezone": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "ip": { + "type": "ip" + }, + "last_seen": { + "type": "date" + }, + "marking": { + "properties": { + "tlp": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "modified_at": { + "type": "date" + }, + "port": { + "type": "long" + }, + "provider": { + "type": "keyword", + "ignore_above": 1024 + }, + "reference": { + "type": "keyword", + "ignore_above": 1024 + }, + "registry": { + "properties": { + "data": { + "properties": { + "bytes": { + "type": "keyword", + "ignore_above": 1024 + }, + "strings": { + "type": "wildcard", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "hive": { + "type": "keyword", + "ignore_above": 1024 + }, + "key": { + "type": "keyword", + "ignore_above": 1024 + }, + "path": { + "type": "keyword", + "ignore_above": 1024 + }, + "value": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "scanner_stats": { + "type": "long" + }, + "sightings": { + "type": "long" + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "url": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "extension": { + "type": "keyword", + "ignore_above": 1024 + }, + "fragment": { + "type": "keyword", + "ignore_above": 1024 + }, + "full": { + "type": "wildcard", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "original": { + "type": "wildcard", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "password": { + "type": "keyword", + "ignore_above": 1024 + }, + "path": { + "type": "wildcard", + "ignore_above": 1024 + }, + "port": { + "type": "long" + }, + "query": { + "type": "keyword", + "ignore_above": 1024 + }, + "registered_domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "scheme": { + "type": "keyword", + "ignore_above": 1024 + }, + "subdomain": { + "type": "keyword", + "ignore_above": 1024 + }, + "top_level_domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "username": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "x509": { + "properties": { + "alternative_names": { + "type": "keyword", + "ignore_above": 1024 + }, + "issuer": { + "properties": { + "common_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country": { + "type": "keyword", + "ignore_above": 1024 + }, + "distinguished_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "locality": { + "type": "keyword", + "ignore_above": 1024 + }, + "organization": { + "type": "keyword", + "ignore_above": 1024 + }, + "organizational_unit": { + "type": "keyword", + "ignore_above": 1024 + }, + "state_or_province": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "not_after": { + "type": "date" + }, + "not_before": { + "type": "date" + }, + "public_key_algorithm": { + "type": "keyword", + "ignore_above": 1024 + }, + "public_key_curve": { + "type": "keyword", + "ignore_above": 1024 + }, + "public_key_exponent": { + "type": "long", + "index": false, + "doc_values": false + }, + "public_key_size": { + "type": "long" + }, + "serial_number": { + "type": "keyword", + "ignore_above": 1024 + }, + "signature_algorithm": { + "type": "keyword", + "ignore_above": 1024 + }, + "subject": { + "properties": { + "common_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country": { + "type": "keyword", + "ignore_above": 1024 + }, + "distinguished_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "locality": { + "type": "keyword", + "ignore_above": 1024 + }, + "organization": { + "type": "keyword", + "ignore_above": 1024 + }, + "organizational_unit": { + "type": "keyword", + "ignore_above": 1024 + }, + "state_or_province": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "version_number": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + }, + "software": { + "properties": { + "alias": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "platforms": { + "type": "keyword", + "ignore_above": 1024 + }, + "reference": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "tactic": { + "properties": { + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "reference": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "technique": { + "properties": { + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "reference": { + "type": "keyword", + "ignore_above": 1024 + }, + "subtechnique": { + "properties": { + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "reference": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + } + } + }, + "timeseries": { + "properties": { + "instance": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "tls": { + "properties": { + "cipher": { + "type": "keyword", + "ignore_above": 1024 + }, + "client": { + "properties": { + "certificate": { + "type": "keyword", + "ignore_above": 1024 + }, + "certificate_chain": { + "type": "keyword", + "ignore_above": 1024 + }, + "hash": { + "properties": { + "md5": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha1": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha256": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "issuer": { + "type": "keyword", + "ignore_above": 1024 + }, + "ja3": { + "type": "keyword", + "ignore_above": 1024 + }, + "not_after": { + "type": "date" + }, + "not_before": { + "type": "date" + }, + "server_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "subject": { + "type": "keyword", + "ignore_above": 1024 + }, + "supported_ciphers": { + "type": "keyword", + "ignore_above": 1024 + }, + "x509": { + "properties": { + "alternative_names": { + "type": "keyword", + "ignore_above": 1024 + }, + "issuer": { + "properties": { + "common_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country": { + "type": "keyword", + "ignore_above": 1024 + }, + "distinguished_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "locality": { + "type": "keyword", + "ignore_above": 1024 + }, + "organization": { + "type": "keyword", + "ignore_above": 1024 + }, + "organizational_unit": { + "type": "keyword", + "ignore_above": 1024 + }, + "state_or_province": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "not_after": { + "type": "date" + }, + "not_before": { + "type": "date" + }, + "public_key_algorithm": { + "type": "keyword", + "ignore_above": 1024 + }, + "public_key_curve": { + "type": "keyword", + "ignore_above": 1024 + }, + "public_key_exponent": { + "type": "long", + "index": false, + "doc_values": false + }, + "public_key_size": { + "type": "long" + }, + "serial_number": { + "type": "keyword", + "ignore_above": 1024 + }, + "signature_algorithm": { + "type": "keyword", + "ignore_above": 1024 + }, + "subject": { + "properties": { + "common_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country": { + "type": "keyword", + "ignore_above": 1024 + }, + "distinguished_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "locality": { + "type": "keyword", + "ignore_above": 1024 + }, + "organization": { + "type": "keyword", + "ignore_above": 1024 + }, + "organizational_unit": { + "type": "keyword", + "ignore_above": 1024 + }, + "state_or_province": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "version_number": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + }, + "curve": { + "type": "keyword", + "ignore_above": 1024 + }, + "established": { + "type": "boolean" + }, + "next_protocol": { + "type": "keyword", + "ignore_above": 1024 + }, + "resumed": { + "type": "boolean" + }, + "server": { + "properties": { + "certificate": { + "type": "keyword", + "ignore_above": 1024 + }, + "certificate_chain": { + "type": "keyword", + "ignore_above": 1024 + }, + "hash": { + "properties": { + "md5": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha1": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha256": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "issuer": { + "type": "keyword", + "ignore_above": 1024 + }, + "ja3s": { + "type": "keyword", + "ignore_above": 1024 + }, + "not_after": { + "type": "date" + }, + "not_before": { + "type": "date" + }, + "subject": { + "type": "keyword", + "ignore_above": 1024 + }, + "x509": { + "properties": { + "alternative_names": { + "type": "keyword", + "ignore_above": 1024 + }, + "issuer": { + "properties": { + "common_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country": { + "type": "keyword", + "ignore_above": 1024 + }, + "distinguished_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "locality": { + "type": "keyword", + "ignore_above": 1024 + }, + "organization": { + "type": "keyword", + "ignore_above": 1024 + }, + "organizational_unit": { + "type": "keyword", + "ignore_above": 1024 + }, + "state_or_province": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "not_after": { + "type": "date" + }, + "not_before": { + "type": "date" + }, + "public_key_algorithm": { + "type": "keyword", + "ignore_above": 1024 + }, + "public_key_curve": { + "type": "keyword", + "ignore_above": 1024 + }, + "public_key_exponent": { + "type": "long", + "index": false, + "doc_values": false + }, + "public_key_size": { + "type": "long" + }, + "serial_number": { + "type": "keyword", + "ignore_above": 1024 + }, + "signature_algorithm": { + "type": "keyword", + "ignore_above": 1024 + }, + "subject": { + "properties": { + "common_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country": { + "type": "keyword", + "ignore_above": 1024 + }, + "distinguished_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "locality": { + "type": "keyword", + "ignore_above": 1024 + }, + "organization": { + "type": "keyword", + "ignore_above": 1024 + }, + "organizational_unit": { + "type": "keyword", + "ignore_above": 1024 + }, + "state_or_province": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "version_number": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + }, + "version_protocol": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "trace": { + "properties": { + "id": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "transaction": { + "properties": { + "id": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "url": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "extension": { + "type": "keyword", + "ignore_above": 1024 + }, + "fragment": { + "type": "keyword", + "ignore_above": 1024 + }, + "full": { + "type": "wildcard", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "original": { + "type": "wildcard", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "password": { + "type": "keyword", + "ignore_above": 1024 + }, + "path": { + "type": "wildcard", + "ignore_above": 1024 + }, + "port": { + "type": "long" + }, + "query": { + "type": "keyword", + "ignore_above": 1024 + }, + "registered_domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "scheme": { + "type": "keyword", + "ignore_above": 1024 + }, + "subdomain": { + "type": "keyword", + "ignore_above": 1024 + }, + "top_level_domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "username": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "user": { + "properties": { + "changes": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "email": { + "type": "keyword", + "ignore_above": 1024 + }, + "full_name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "group": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "hash": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "roles": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "effective": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "email": { + "type": "keyword", + "ignore_above": 1024 + }, + "full_name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "group": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "hash": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "roles": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "email": { + "type": "keyword", + "ignore_above": 1024 + }, + "full_name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "group": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "hash": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "roles": { + "type": "keyword", + "ignore_above": 1024 + }, + "target": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "email": { + "type": "keyword", + "ignore_above": 1024 + }, + "full_name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "group": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "hash": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "roles": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + }, + "user_agent": { + "properties": { + "device": { + "properties": { + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "original": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "os": { + "properties": { + "family": { + "type": "keyword", + "ignore_above": 1024 + }, + "full": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "kernel": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "platform": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "vlan": { + "properties": { + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "vulnerability": { + "properties": { + "category": { + "type": "keyword", + "ignore_above": 1024 + }, + "classification": { + "type": "keyword", + "ignore_above": 1024 + }, + "description": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "enumeration": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "reference": { + "type": "keyword", + "ignore_above": 1024 + }, + "report_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "scanner": { + "properties": { + "vendor": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "score": { + "properties": { + "base": { + "type": "float" + }, + "environmental": { + "type": "float" + }, + "temporal": { + "type": "float" + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "severity": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "winlog": { + "properties": { + "activity_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "api": { + "type": "keyword", + "ignore_above": 1024 + }, + "channel": { + "type": "keyword", + "ignore_above": 1024 + }, + "computer_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "event_data": { + "properties": { + "AccessGranted": { + "type": "keyword" + }, + "AccessList": { + "type": "keyword" + }, + "AccessMask": { + "type": "keyword" + }, + "AccessRemoved": { + "type": "keyword" + }, + "AccountExpires": { + "type": "keyword" + }, + "AccountName": { + "type": "keyword" + }, + "AdditionalInfo": { + "type": "keyword" + }, + "AdditionalInfo2": { + "type": "keyword" + }, + "Address": { + "type": "keyword" + }, + "AddressLength": { + "type": "keyword" + }, + "AdvancedOptions": { + "type": "keyword" + }, + "AlgorithmName": { + "type": "keyword" + }, + "AllowedToDelegateTo": { + "type": "keyword" + }, + "AuthenticationPackageName": { + "type": "keyword", + "ignore_above": 1024 + }, + "Binary": { + "type": "keyword", + "ignore_above": 1024 + }, + "BitlockerUserInputTime": { + "type": "keyword", + "ignore_above": 1024 + }, + "BootMenuPolicy": { + "type": "keyword" + }, + "BootMode": { + "type": "keyword", + "ignore_above": 1024 + }, + "BootStatusPolicy": { + "type": "keyword" + }, + "BootType": { + "type": "keyword", + "ignore_above": 1024 + }, + "BuildVersion": { + "type": "keyword", + "ignore_above": 1024 + }, + "CallerProcessId": { + "type": "keyword" + }, + "CallerProcessName": { + "type": "keyword" + }, + "ClientCreationTime": { + "type": "keyword" + }, + "ClientProcessId": { + "type": "keyword" + }, + "Company": { + "type": "keyword", + "ignore_above": 1024 + }, + "ComputerAccountChange": { + "type": "keyword" + }, + "Config": { + "type": "keyword" + }, + "ConfigAccessPolicy": { + "type": "keyword" + }, + "ContextInfo": { + "type": "keyword" + }, + "CorruptionActionState": { + "type": "keyword", + "ignore_above": 1024 + }, + "CountNew": { + "type": "keyword" + }, + "CountOfCredentialsReturned": { + "type": "keyword" + }, + "CountOld": { + "type": "keyword" + }, + "CreationUtcTime": { + "type": "keyword", + "ignore_above": 1024 + }, + "CurrentStratumNumber": { + "type": "keyword" + }, + "DCName": { + "type": "keyword" + }, + "Default SD String:": { + "type": "keyword" + }, + "Description": { + "type": "keyword", + "ignore_above": 1024 + }, + "Detail": { + "type": "keyword", + "ignore_above": 1024 + }, + "DeviceName": { + "type": "keyword", + "ignore_above": 1024 + }, + "DeviceNameLength": { + "type": "keyword", + "ignore_above": 1024 + }, + "DeviceTime": { + "type": "keyword", + "ignore_above": 1024 + }, + "DeviceVersionMajor": { + "type": "keyword", + "ignore_above": 1024 + }, + "DeviceVersionMinor": { + "type": "keyword", + "ignore_above": 1024 + }, + "DirtyPages": { + "type": "keyword" + }, + "DisableIntegrityChecks": { + "type": "keyword" + }, + "DisplayName": { + "type": "keyword" + }, + "DnsHostName": { + "type": "keyword" + }, + "DomainBehaviorVersion": { + "type": "keyword" + }, + "DomainName": { + "type": "keyword" + }, + "DomainPolicyChanged": { + "type": "keyword" + }, + "DomainSid": { + "type": "keyword" + }, + "DriveName": { + "type": "keyword", + "ignore_above": 1024 + }, + "DriverName": { + "type": "keyword", + "ignore_above": 1024 + }, + "DriverNameLength": { + "type": "keyword", + "ignore_above": 1024 + }, + "Dummy": { + "type": "keyword" + }, + "DwordVal": { + "type": "keyword", + "ignore_above": 1024 + }, + "ElevatedToken": { + "type": "keyword" + }, + "EnableDisableReason": { + "type": "keyword" + }, + "EnabledNew": { + "type": "keyword" + }, + "EntryCount": { + "type": "keyword", + "ignore_above": 1024 + }, + "ErrorMessage": { + "type": "keyword" + }, + "ErrorString": { + "type": "keyword" + }, + "ExitBootServicesEntry": { + "type": "keyword" + }, + "ExitBootServicesExit": { + "type": "keyword" + }, + "ExtraInfo": { + "type": "keyword", + "ignore_above": 1024 + }, + "FailureName": { + "type": "keyword", + "ignore_above": 1024 + }, + "FailureNameLength": { + "type": "keyword", + "ignore_above": 1024 + }, + "FileVersion": { + "type": "keyword", + "ignore_above": 1024 + }, + "FinalStatus": { + "type": "keyword", + "ignore_above": 1024 + }, + "FlightSigning": { + "type": "keyword" + }, + "ForceLogoff": { + "type": "keyword" + }, + "Group": { + "type": "keyword", + "ignore_above": 1024 + }, + "GroupName": { + "type": "keyword" + }, + "HandleId": { + "type": "keyword" + }, + "HiveName": { + "type": "keyword" + }, + "HiveNameLength": { + "type": "keyword" + }, + "HomeDirectory": { + "type": "keyword" + }, + "HomePath": { + "type": "keyword" + }, + "HypervisorDebug": { + "type": "keyword" + }, + "HypervisorLaunchType": { + "type": "keyword" + }, + "HypervisorLoadOptions": { + "type": "keyword" + }, + "IdleImplementation": { + "type": "keyword", + "ignore_above": 1024 + }, + "IdleStateCount": { + "type": "keyword", + "ignore_above": 1024 + }, + "ImagePath": { + "type": "keyword" + }, + "ImpersonationLevel": { + "type": "keyword", + "ignore_above": 1024 + }, + "IntegrityLevel": { + "type": "keyword", + "ignore_above": 1024 + }, + "IpAddress": { + "type": "keyword", + "ignore_above": 1024 + }, + "IpPort": { + "type": "keyword", + "ignore_above": 1024 + }, + "IsTestConfig": { + "type": "keyword" + }, + "KernelDebug": { + "type": "keyword" + }, + "KeyFilePath": { + "type": "keyword" + }, + "KeyLength": { + "type": "keyword", + "ignore_above": 1024 + }, + "KeyName": { + "type": "keyword" + }, + "KeyType": { + "type": "keyword" + }, + "KeysUpdated": { + "type": "keyword" + }, + "LastBootGood": { + "type": "keyword", + "ignore_above": 1024 + }, + "LastBootId": { + "type": "keyword" + }, + "LastShutdownGood": { + "type": "keyword", + "ignore_above": 1024 + }, + "Library": { + "type": "keyword" + }, + "LmPackageName": { + "type": "keyword", + "ignore_above": 1024 + }, + "LoadOSImageStart": { + "type": "keyword" + }, + "LoadOptions": { + "type": "keyword" + }, + "LockoutDuration": { + "type": "keyword" + }, + "LockoutObservationWindow": { + "type": "keyword" + }, + "LockoutThreshold": { + "type": "keyword" + }, + "LogonGuid": { + "type": "keyword", + "ignore_above": 1024 + }, + "LogonHours": { + "type": "keyword" + }, + "LogonId": { + "type": "keyword", + "ignore_above": 1024 + }, + "LogonProcessName": { + "type": "keyword", + "ignore_above": 1024 + }, + "LogonType": { + "type": "keyword", + "ignore_above": 1024 + }, + "MachineAccountQuota": { + "type": "keyword" + }, + "MajorVersion": { + "type": "keyword", + "ignore_above": 1024 + }, + "MandatoryLabel": { + "type": "keyword" + }, + "MaxPasswordAge": { + "type": "keyword" + }, + "MaximumPerformancePercent": { + "type": "keyword", + "ignore_above": 1024 + }, + "MemberName": { + "type": "keyword", + "ignore_above": 1024 + }, + "MemberSid": { + "type": "keyword", + "ignore_above": 1024 + }, + "MessageNumber": { + "type": "keyword" + }, + "MessageTotal": { + "type": "keyword" + }, + "MinPasswordAge": { + "type": "keyword" + }, + "MinPasswordLength": { + "type": "keyword" + }, + "MinimumPasswordLength": { + "type": "keyword" + }, + "MinimumPasswordLengthAudit": { + "type": "keyword" + }, + "MinimumPerformancePercent": { + "type": "keyword", + "ignore_above": 1024 + }, + "MinimumThrottlePercent": { + "type": "keyword", + "ignore_above": 1024 + }, + "MiniportName": { + "type": "keyword" + }, + "MiniportNameLen": { + "type": "keyword" + }, + "MinorVersion": { + "type": "keyword", + "ignore_above": 1024 + }, + "MixedDomainMode": { + "type": "keyword" + }, + "NewProcessId": { + "type": "keyword", + "ignore_above": 1024 + }, + "NewProcessName": { + "type": "keyword", + "ignore_above": 1024 + }, + "NewSchemeGuid": { + "type": "keyword", + "ignore_above": 1024 + }, + "NewSd": { + "type": "keyword" + }, + "NewSize": { + "type": "keyword" + }, + "NewTargetUserName": { + "type": "keyword" + }, + "NewTime": { + "type": "keyword", + "ignore_above": 1024 + }, + "NewUacValue": { + "type": "keyword" + }, + "NominalFrequency": { + "type": "keyword", + "ignore_above": 1024 + }, + "Number": { + "type": "keyword", + "ignore_above": 1024 + }, + "NumberOfGroupPolicyObjects": { + "type": "keyword" + }, + "OSEditionID": { + "type": "keyword" + }, + "OSName": { + "type": "keyword" + }, + "OSbuildversion": { + "type": "keyword" + }, + "OSmajorversion": { + "type": "keyword" + }, + "OSminorversion": { + "type": "keyword" + }, + "OSservicepackmajorversion": { + "type": "keyword" + }, + "OSservicepackminorversion": { + "type": "keyword" + }, + "ObjectName": { + "type": "keyword" + }, + "ObjectServer": { + "type": "keyword" + }, + "ObjectType": { + "type": "keyword" + }, + "OemInformation": { + "type": "keyword" + }, + "OldSchemeGuid": { + "type": "keyword", + "ignore_above": 1024 + }, + "OldSd": { + "type": "keyword" + }, + "OldTargetUserName": { + "type": "keyword" + }, + "OldTime": { + "type": "keyword", + "ignore_above": 1024 + }, + "OldUacValue": { + "type": "keyword" + }, + "Operation": { + "type": "keyword" + }, + "OperationType": { + "type": "keyword" + }, + "OriginalFileName": { + "type": "keyword", + "ignore_above": 1024 + }, + "OriginalSize": { + "type": "keyword" + }, + "ParentProcessName": { + "type": "keyword" + }, + "PasswordHistoryLength": { + "type": "keyword" + }, + "PasswordLastSet": { + "type": "keyword" + }, + "PasswordProperties": { + "type": "keyword" + }, + "Path": { + "type": "keyword", + "ignore_above": 1024 + }, + "Payload": { + "type": "keyword" + }, + "PerformanceImplementation": { + "type": "keyword", + "ignore_above": 1024 + }, + "PreAuthType": { + "type": "keyword" + }, + "PreviousCreationUtcTime": { + "type": "keyword", + "ignore_above": 1024 + }, + "PreviousTime": { + "type": "keyword", + "ignore_above": 1024 + }, + "PrimaryGroupId": { + "type": "keyword" + }, + "PrivilegeList": { + "type": "keyword", + "ignore_above": 1024 + }, + "ProcessCreationTime": { + "type": "keyword" + }, + "ProcessID": { + "type": "keyword" + }, + "ProcessId": { + "type": "keyword", + "ignore_above": 1024 + }, + "ProcessName": { + "type": "keyword", + "ignore_above": 1024 + }, + "ProcessPath": { + "type": "keyword", + "ignore_above": 1024 + }, + "ProcessPid": { + "type": "keyword", + "ignore_above": 1024 + }, + "ProcessingMode": { + "type": "keyword" + }, + "ProcessingTimeInMilliseconds": { + "type": "keyword" + }, + "Product": { + "type": "keyword", + "ignore_above": 1024 + }, + "ProfilePath": { + "type": "keyword" + }, + "Properties": { + "type": "keyword" + }, + "ProviderName": { + "type": "keyword" + }, + "PuaCount": { + "type": "keyword", + "ignore_above": 1024 + }, + "PuaPolicyId": { + "type": "keyword", + "ignore_above": 1024 + }, + "QfeVersion": { + "type": "keyword", + "ignore_above": 1024 + }, + "QueryName": { + "type": "keyword" + }, + "ReadOperation": { + "type": "keyword" + }, + "Reason": { + "type": "keyword", + "ignore_above": 1024 + }, + "RemoteEventLogging": { + "type": "keyword" + }, + "ResetEndStart": { + "type": "keyword" + }, + "RestrictedAdminMode": { + "type": "keyword" + }, + "ReturnCode": { + "type": "keyword" + }, + "SamAccountName": { + "type": "keyword" + }, + "SchemaVersion": { + "type": "keyword", + "ignore_above": 1024 + }, + "ScriptBlockId": { + "type": "keyword" + }, + "ScriptBlockText": { + "type": "keyword", + "ignore_above": 1024 + }, + "ScriptPath": { + "type": "keyword" + }, + "ServiceName": { + "type": "keyword", + "ignore_above": 1024 + }, + "ServicePrincipalNames": { + "type": "keyword" + }, + "ServiceSid": { + "type": "keyword" + }, + "ServiceType": { + "type": "keyword" + }, + "ServiceVersion": { + "type": "keyword", + "ignore_above": 1024 + }, + "ShutdownActionType": { + "type": "keyword", + "ignore_above": 1024 + }, + "ShutdownEventCode": { + "type": "keyword", + "ignore_above": 1024 + }, + "ShutdownReason": { + "type": "keyword", + "ignore_above": 1024 + }, + "SidHistory": { + "type": "keyword" + }, + "Signature": { + "type": "keyword", + "ignore_above": 1024 + }, + "SignatureStatus": { + "type": "keyword", + "ignore_above": 1024 + }, + "Signed": { + "type": "keyword", + "ignore_above": 1024 + }, + "StartOSImageStart": { + "type": "keyword" + }, + "StartTime": { + "type": "keyword", + "ignore_above": 1024 + }, + "StartType": { + "type": "keyword" + }, + "State": { + "type": "keyword", + "ignore_above": 1024 + }, + "Status": { + "type": "keyword", + "ignore_above": 1024 + }, + "StopTime": { + "type": "keyword", + "ignore_above": 1024 + }, + "SubjectDomainName": { + "type": "keyword", + "ignore_above": 1024 + }, + "SubjectLogonId": { + "type": "keyword", + "ignore_above": 1024 + }, + "SubjectUserName": { + "type": "keyword", + "ignore_above": 1024 + }, + "SubjectUserSid": { + "type": "keyword", + "ignore_above": 1024 + }, + "SupportInfo1": { + "type": "keyword" + }, + "SupportInfo2": { + "type": "keyword" + }, + "TSId": { + "type": "keyword", + "ignore_above": 1024 + }, + "TargetDomainName": { + "type": "keyword", + "ignore_above": 1024 + }, + "TargetInfo": { + "type": "keyword", + "ignore_above": 1024 + }, + "TargetLinkedLogonId": { + "type": "keyword" + }, + "TargetLogonGuid": { + "type": "keyword", + "ignore_above": 1024 + }, + "TargetLogonId": { + "type": "keyword", + "ignore_above": 1024 + }, + "TargetName": { + "type": "keyword" + }, + "TargetOutboundDomainName": { + "type": "keyword" + }, + "TargetOutboundUserName": { + "type": "keyword" + }, + "TargetProcessId": { + "type": "keyword" + }, + "TargetProcessName": { + "type": "keyword" + }, + "TargetServerName": { + "type": "keyword", + "ignore_above": 1024 + }, + "TargetSid": { + "type": "keyword" + }, + "TargetUserName": { + "type": "keyword", + "ignore_above": 1024 + }, + "TargetUserSid": { + "type": "keyword", + "ignore_above": 1024 + }, + "TaskName": { + "type": "keyword" + }, + "TerminalSessionId": { + "type": "keyword", + "ignore_above": 1024 + }, + "TestSigning": { + "type": "keyword" + }, + "TicketEncryptionType": { + "type": "keyword" + }, + "TicketOptions": { + "type": "keyword" + }, + "TimeSource": { + "type": "keyword" + }, + "TimeSourceRefId": { + "type": "keyword" + }, + "TokenElevationType": { + "type": "keyword", + "ignore_above": 1024 + }, + "TransmittedServices": { + "type": "keyword", + "ignore_above": 1024 + }, + "Type": { + "type": "keyword" + }, + "UpdateReason": { + "type": "keyword" + }, + "UserAccountControl": { + "type": "keyword" + }, + "UserContext": { + "type": "keyword" + }, + "UserName": { + "type": "keyword" + }, + "UserParameters": { + "type": "keyword" + }, + "UserPrincipalName": { + "type": "keyword" + }, + "UserSid": { + "type": "keyword", + "ignore_above": 1024 + }, + "UserWorkstations": { + "type": "keyword" + }, + "Version": { + "type": "keyword", + "ignore_above": 1024 + }, + "VersionLen": { + "type": "keyword" + }, + "VirtualAccount": { + "type": "keyword" + }, + "VsmLaunchType": { + "type": "keyword" + }, + "VsmPolicy": { + "type": "keyword" + }, + "Win32Error": { + "type": "keyword" + }, + "Workstation": { + "type": "keyword", + "ignore_above": 1024 + }, + "WorkstationName": { + "type": "keyword" + }, + "error": { + "type": "keyword" + }, + "evtHiveName": { + "type": "keyword" + }, + "evtHiveNameLength": { + "type": "keyword" + }, + "locationCode": { + "type": "keyword" + }, + "param1": { + "type": "keyword", + "ignore_above": 1024 + }, + "param10": { + "type": "keyword" + }, + "param11": { + "type": "keyword" + }, + "param12": { + "type": "keyword" + }, + "param2": { + "type": "keyword", + "ignore_above": 1024 + }, + "param3": { + "type": "keyword", + "ignore_above": 1024 + }, + "param4": { + "type": "keyword", + "ignore_above": 1024 + }, + "param5": { + "type": "keyword", + "ignore_above": 1024 + }, + "param6": { + "type": "keyword", + "ignore_above": 1024 + }, + "param7": { + "type": "keyword", + "ignore_above": 1024 + }, + "param8": { + "type": "keyword", + "ignore_above": 1024 + }, + "param9": { + "type": "keyword" + }, + "serviceGuid": { + "type": "keyword" + }, + "spn1": { + "type": "keyword" + }, + "spn2": { + "type": "keyword" + }, + "updateGuid": { + "type": "keyword" + }, + "updateRevisionNumber": { + "type": "keyword" + }, + "updateTitle": { + "type": "keyword" + } + } + }, + "event_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "keywords": { + "type": "keyword", + "ignore_above": 1024 + }, + "logon": { + "properties": { + "failure": { + "properties": { + "reason": { + "type": "keyword", + "ignore_above": 1024 + }, + "status": { + "type": "keyword", + "ignore_above": 1024 + }, + "sub_status": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "opcode": { + "type": "keyword", + "ignore_above": 1024 + }, + "process": { + "properties": { + "pid": { + "type": "long" + }, + "thread": { + "properties": { + "id": { + "type": "long" + } + } + } + } + }, + "provider_guid": { + "type": "keyword", + "ignore_above": 1024 + }, + "provider_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "record_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "related_activity_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "task": { + "type": "keyword", + "ignore_above": 1024 + }, + "time_created": { + "type": "date" + }, + "user": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "identifier": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "user_data": { + "properties": { + "Channel": { + "type": "keyword" + }, + "ClientProcessId": { + "type": "keyword" + }, + "ClientProcessStartKey": { + "type": "keyword" + }, + "SubjectDomainName": { + "type": "keyword" + }, + "SubjectLogonId": { + "type": "keyword" + }, + "SubjectUserName": { + "type": "keyword" + }, + "SubjectUserSid": { + "type": "keyword" + }, + "binaryData": { + "type": "keyword" + }, + "binaryDataSize": { + "type": "keyword" + }, + "param1": { + "type": "keyword" + }, + "param2": { + "type": "keyword" + }, + "xml_name": { + "type": "keyword" + } + } + }, + "version": { + "type": "long" + } + } + }, + "x509": { + "properties": { + "alternative_names": { + "type": "keyword", + "ignore_above": 1024 + }, + "issuer": { + "properties": { + "common_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country": { + "type": "keyword", + "ignore_above": 1024 + }, + "distinguished_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "locality": { + "type": "keyword", + "ignore_above": 1024 + }, + "organization": { + "type": "keyword", + "ignore_above": 1024 + }, + "organizational_unit": { + "type": "keyword", + "ignore_above": 1024 + }, + "state_or_province": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "not_after": { + "type": "date" + }, + "not_before": { + "type": "date" + }, + "public_key_algorithm": { + "type": "keyword", + "ignore_above": 1024 + }, + "public_key_curve": { + "type": "keyword", + "ignore_above": 1024 + }, + "public_key_exponent": { + "type": "long", + "index": false, + "doc_values": false + }, + "public_key_size": { + "type": "long" + }, + "serial_number": { + "type": "keyword", + "ignore_above": 1024 + }, + "signature_algorithm": { + "type": "keyword", + "ignore_above": 1024 + }, + "subject": { + "properties": { + "common_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country": { + "type": "keyword", + "ignore_above": 1024 + }, + "distinguished_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "locality": { + "type": "keyword", + "ignore_above": 1024 + }, + "organization": { + "type": "keyword", + "ignore_above": 1024 + }, + "organizational_unit": { + "type": "keyword", + "ignore_above": 1024 + }, + "state_or_province": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "version_number": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + } + } +} \ No newline at end of file diff --git a/testing/tests/api_tests/winlogbeat/test_data/mapping_response_actual.json b/testing/tests/api_tests/winlogbeat/test_data/mapping_response_actual.json new file mode 100644 index 00000000..3ce0b3a3 --- /dev/null +++ b/testing/tests/api_tests/winlogbeat/test_data/mapping_response_actual.json @@ -0,0 +1,7376 @@ +{ + "winlogbeat-000001": { + "mappings": { + "_meta": { + "beat": "winlogbeat", + "version": "7.17.6" + }, + "dynamic_templates": [ + { + "labels": { + "path_match": "labels.*", + "match_mapping_type": "string", + "mapping": { + "type": "keyword" + } + } + }, + { + "container.labels": { + "path_match": "container.labels.*", + "match_mapping_type": "string", + "mapping": { + "type": "keyword" + } + } + }, + { + "fields": { + "path_match": "fields.*", + "match_mapping_type": "string", + "mapping": { + "type": "keyword" + } + } + }, + { + "docker.container.labels": { + "path_match": "docker.container.labels.*", + "match_mapping_type": "string", + "mapping": { + "type": "keyword" + } + } + }, + { + "kubernetes.labels.*": { + "path_match": "kubernetes.labels.*", + "mapping": { + "type": "keyword" + } + } + }, + { + "kubernetes.annotations.*": { + "path_match": "kubernetes.annotations.*", + "mapping": { + "type": "keyword" + } + } + }, + { + "kubernetes.selectors.*": { + "path_match": "kubernetes.selectors.*", + "mapping": { + "type": "keyword" + } + } + }, + { + "winlog.event_data": { + "path_match": "winlog.event_data.*", + "match_mapping_type": "string", + "mapping": { + "type": "keyword" + } + } + }, + { + "winlog.user_data": { + "path_match": "winlog.user_data.*", + "match_mapping_type": "string", + "mapping": { + "type": "keyword" + } + } + }, + { + "strings_as_keyword": { + "match_mapping_type": "string", + "mapping": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + ], + "date_detection": false, + "properties": { + "@timestamp": { + "type": "date" + }, + "@version": { + "type": "keyword", + "ignore_above": 1024 + }, + "agent": { + "properties": { + "build": { + "properties": { + "original": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "ephemeral_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "hostname": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "as": { + "properties": { + "number": { + "type": "long" + }, + "organization": { + "properties": { + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + } + } + } + } + }, + "client": { + "properties": { + "address": { + "type": "keyword", + "ignore_above": 1024 + }, + "as": { + "properties": { + "number": { + "type": "long" + }, + "organization": { + "properties": { + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + } + } + } + } + }, + "bytes": { + "type": "long" + }, + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "geo": { + "properties": { + "city_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "continent_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "continent_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country_iso_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "country_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "location": { + "type": "geo_point" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "postal_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "region_iso_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "region_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "timezone": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "ip": { + "type": "ip" + }, + "mac": { + "type": "keyword", + "ignore_above": 1024 + }, + "nat": { + "properties": { + "ip": { + "type": "ip" + }, + "port": { + "type": "long" + } + } + }, + "packets": { + "type": "long" + }, + "port": { + "type": "long" + }, + "registered_domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "subdomain": { + "type": "keyword", + "ignore_above": 1024 + }, + "top_level_domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "user": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "email": { + "type": "keyword", + "ignore_above": 1024 + }, + "full_name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "group": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "hash": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "roles": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + }, + "cloud": { + "properties": { + "account": { + "properties": { + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "availability_zone": { + "type": "keyword", + "ignore_above": 1024 + }, + "image": { + "properties": { + "id": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "instance": { + "properties": { + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "machine": { + "properties": { + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "project": { + "properties": { + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "provider": { + "type": "keyword", + "ignore_above": 1024 + }, + "region": { + "type": "keyword", + "ignore_above": 1024 + }, + "service": { + "properties": { + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + }, + "code_signature": { + "properties": { + "digest_algorithm": { + "type": "keyword", + "ignore_above": 1024 + }, + "exists": { + "type": "boolean" + }, + "signing_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "status": { + "type": "keyword", + "ignore_above": 1024 + }, + "subject_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "team_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "timestamp": { + "type": "date" + }, + "trusted": { + "type": "boolean" + }, + "valid": { + "type": "boolean" + } + } + }, + "container": { + "properties": { + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "image": { + "properties": { + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "tag": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "labels": { + "type": "object" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "runtime": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "data_stream": { + "properties": { + "dataset": { + "type": "constant_keyword" + }, + "namespace": { + "type": "constant_keyword" + }, + "type": { + "type": "constant_keyword" + } + } + }, + "destination": { + "properties": { + "address": { + "type": "keyword", + "ignore_above": 1024 + }, + "as": { + "properties": { + "number": { + "type": "long" + }, + "organization": { + "properties": { + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + } + } + } + } + }, + "bytes": { + "type": "long" + }, + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "geo": { + "properties": { + "city_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "continent_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "continent_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country_iso_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "country_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "location": { + "type": "geo_point" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "postal_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "region_iso_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "region_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "timezone": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "ip": { + "type": "ip" + }, + "mac": { + "type": "keyword", + "ignore_above": 1024 + }, + "nat": { + "properties": { + "ip": { + "type": "ip" + }, + "port": { + "type": "long" + } + } + }, + "packets": { + "type": "long" + }, + "port": { + "type": "long" + }, + "registered_domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "subdomain": { + "type": "keyword", + "ignore_above": 1024 + }, + "top_level_domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "user": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "email": { + "type": "keyword", + "ignore_above": 1024 + }, + "full_name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "group": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "hash": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "roles": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + }, + "dll": { + "properties": { + "code_signature": { + "properties": { + "digest_algorithm": { + "type": "keyword", + "ignore_above": 1024 + }, + "exists": { + "type": "boolean" + }, + "signing_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "status": { + "type": "keyword", + "ignore_above": 1024 + }, + "subject_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "team_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "timestamp": { + "type": "date" + }, + "trusted": { + "type": "boolean" + }, + "valid": { + "type": "boolean" + } + } + }, + "hash": { + "properties": { + "md5": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha1": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha256": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha512": { + "type": "keyword", + "ignore_above": 1024 + }, + "ssdeep": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "path": { + "type": "keyword", + "ignore_above": 1024 + }, + "pe": { + "properties": { + "architecture": { + "type": "keyword", + "ignore_above": 1024 + }, + "company": { + "type": "keyword", + "ignore_above": 1024 + }, + "description": { + "type": "keyword", + "ignore_above": 1024 + }, + "file_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "imphash": { + "type": "keyword", + "ignore_above": 1024 + }, + "original_file_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "product": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + }, + "dns": { + "properties": { + "answers": { + "properties": { + "class": { + "type": "keyword", + "ignore_above": 1024 + }, + "data": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "ttl": { + "type": "long" + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "header_flags": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "op_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "question": { + "properties": { + "class": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "registered_domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "subdomain": { + "type": "keyword", + "ignore_above": 1024 + }, + "top_level_domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "resolved_ip": { + "type": "ip" + }, + "response_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "docker": { + "properties": { + "container": { + "properties": { + "labels": { + "type": "object" + } + } + } + } + }, + "ecs": { + "properties": { + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "elf": { + "properties": { + "architecture": { + "type": "keyword", + "ignore_above": 1024 + }, + "byte_order": { + "type": "keyword", + "ignore_above": 1024 + }, + "cpu_type": { + "type": "keyword", + "ignore_above": 1024 + }, + "creation_date": { + "type": "date" + }, + "exports": { + "type": "flattened" + }, + "header": { + "properties": { + "abi_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "class": { + "type": "keyword", + "ignore_above": 1024 + }, + "data": { + "type": "keyword", + "ignore_above": 1024 + }, + "entrypoint": { + "type": "long" + }, + "object_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "os_abi": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "imports": { + "type": "flattened" + }, + "sections": { + "type": "nested", + "properties": { + "chi2": { + "type": "long" + }, + "entropy": { + "type": "long" + }, + "flags": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "physical_offset": { + "type": "keyword", + "ignore_above": 1024 + }, + "physical_size": { + "type": "long" + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "virtual_address": { + "type": "long" + }, + "virtual_size": { + "type": "long" + } + } + }, + "segments": { + "type": "nested", + "properties": { + "sections": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "shared_libraries": { + "type": "keyword", + "ignore_above": 1024 + }, + "telfhash": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "error": { + "properties": { + "code": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "message": { + "type": "match_only_text" + }, + "stack_trace": { + "type": "wildcard", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "event": { + "properties": { + "action": { + "type": "keyword", + "ignore_above": 1024 + }, + "agent_id_status": { + "type": "keyword", + "ignore_above": 1024 + }, + "category": { + "type": "keyword", + "ignore_above": 1024 + }, + "code": { + "type": "keyword", + "ignore_above": 1024 + }, + "created": { + "type": "date" + }, + "dataset": { + "type": "keyword", + "ignore_above": 1024 + }, + "duration": { + "type": "long" + }, + "end": { + "type": "date" + }, + "hash": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "ingested": { + "type": "date" + }, + "kind": { + "type": "keyword", + "ignore_above": 1024 + }, + "module": { + "type": "keyword", + "ignore_above": 1024 + }, + "original": { + "type": "keyword", + "ignore_above": 1024 + }, + "outcome": { + "type": "keyword", + "ignore_above": 1024 + }, + "provider": { + "type": "keyword", + "ignore_above": 1024 + }, + "reason": { + "type": "keyword", + "ignore_above": 1024 + }, + "reference": { + "type": "keyword", + "ignore_above": 1024 + }, + "risk_score": { + "type": "float" + }, + "risk_score_norm": { + "type": "float" + }, + "sequence": { + "type": "long" + }, + "severity": { + "type": "long" + }, + "start": { + "type": "date" + }, + "timezone": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "url": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "fields": { + "type": "object" + }, + "file": { + "properties": { + "accessed": { + "type": "date" + }, + "attributes": { + "type": "keyword", + "ignore_above": 1024 + }, + "code_signature": { + "properties": { + "digest_algorithm": { + "type": "keyword", + "ignore_above": 1024 + }, + "exists": { + "type": "boolean" + }, + "signing_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "status": { + "type": "keyword", + "ignore_above": 1024 + }, + "subject_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "team_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "timestamp": { + "type": "date" + }, + "trusted": { + "type": "boolean" + }, + "valid": { + "type": "boolean" + } + } + }, + "created": { + "type": "date" + }, + "ctime": { + "type": "date" + }, + "device": { + "type": "keyword", + "ignore_above": 1024 + }, + "directory": { + "type": "keyword", + "ignore_above": 1024 + }, + "drive_letter": { + "type": "keyword", + "ignore_above": 1 + }, + "elf": { + "properties": { + "architecture": { + "type": "keyword", + "ignore_above": 1024 + }, + "byte_order": { + "type": "keyword", + "ignore_above": 1024 + }, + "cpu_type": { + "type": "keyword", + "ignore_above": 1024 + }, + "creation_date": { + "type": "date" + }, + "exports": { + "type": "flattened" + }, + "header": { + "properties": { + "abi_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "class": { + "type": "keyword", + "ignore_above": 1024 + }, + "data": { + "type": "keyword", + "ignore_above": 1024 + }, + "entrypoint": { + "type": "long" + }, + "object_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "os_abi": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "imports": { + "type": "flattened" + }, + "sections": { + "type": "nested", + "properties": { + "chi2": { + "type": "long" + }, + "entropy": { + "type": "long" + }, + "flags": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "physical_offset": { + "type": "keyword", + "ignore_above": 1024 + }, + "physical_size": { + "type": "long" + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "virtual_address": { + "type": "long" + }, + "virtual_size": { + "type": "long" + } + } + }, + "segments": { + "type": "nested", + "properties": { + "sections": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "shared_libraries": { + "type": "keyword", + "ignore_above": 1024 + }, + "telfhash": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "extension": { + "type": "keyword", + "ignore_above": 1024 + }, + "fork_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "gid": { + "type": "keyword", + "ignore_above": 1024 + }, + "group": { + "type": "keyword", + "ignore_above": 1024 + }, + "hash": { + "properties": { + "md5": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha1": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha256": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha512": { + "type": "keyword", + "ignore_above": 1024 + }, + "ssdeep": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "inode": { + "type": "keyword", + "ignore_above": 1024 + }, + "mime_type": { + "type": "keyword", + "ignore_above": 1024 + }, + "mode": { + "type": "keyword", + "ignore_above": 1024 + }, + "mtime": { + "type": "date" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "owner": { + "type": "keyword", + "ignore_above": 1024 + }, + "path": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "pe": { + "properties": { + "architecture": { + "type": "keyword", + "ignore_above": 1024 + }, + "company": { + "type": "keyword", + "ignore_above": 1024 + }, + "description": { + "type": "keyword", + "ignore_above": 1024 + }, + "file_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "imphash": { + "type": "keyword", + "ignore_above": 1024 + }, + "original_file_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "product": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "size": { + "type": "long" + }, + "target_path": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "uid": { + "type": "keyword", + "ignore_above": 1024 + }, + "x509": { + "properties": { + "alternative_names": { + "type": "keyword", + "ignore_above": 1024 + }, + "issuer": { + "properties": { + "common_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country": { + "type": "keyword", + "ignore_above": 1024 + }, + "distinguished_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "locality": { + "type": "keyword", + "ignore_above": 1024 + }, + "organization": { + "type": "keyword", + "ignore_above": 1024 + }, + "organizational_unit": { + "type": "keyword", + "ignore_above": 1024 + }, + "state_or_province": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "not_after": { + "type": "date" + }, + "not_before": { + "type": "date" + }, + "public_key_algorithm": { + "type": "keyword", + "ignore_above": 1024 + }, + "public_key_curve": { + "type": "keyword", + "ignore_above": 1024 + }, + "public_key_exponent": { + "type": "long", + "index": false, + "doc_values": false + }, + "public_key_size": { + "type": "long" + }, + "serial_number": { + "type": "keyword", + "ignore_above": 1024 + }, + "signature_algorithm": { + "type": "keyword", + "ignore_above": 1024 + }, + "subject": { + "properties": { + "common_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country": { + "type": "keyword", + "ignore_above": 1024 + }, + "distinguished_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "locality": { + "type": "keyword", + "ignore_above": 1024 + }, + "organization": { + "type": "keyword", + "ignore_above": 1024 + }, + "organizational_unit": { + "type": "keyword", + "ignore_above": 1024 + }, + "state_or_province": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "version_number": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + }, + "geo": { + "properties": { + "city_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "continent_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "continent_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country_iso_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "country_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "location": { + "type": "geo_point" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "postal_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "region_iso_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "region_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "timezone": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "group": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "hash": { + "properties": { + "md5": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha1": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha256": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha512": { + "type": "keyword", + "ignore_above": 1024 + }, + "ssdeep": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "host": { + "properties": { + "architecture": { + "type": "keyword", + "ignore_above": 1024 + }, + "containerized": { + "type": "boolean" + }, + "cpu": { + "properties": { + "usage": { + "type": "scaled_float", + "scaling_factor": 1000.0 + } + } + }, + "disk": { + "properties": { + "read": { + "properties": { + "bytes": { + "type": "long" + } + } + }, + "write": { + "properties": { + "bytes": { + "type": "long" + } + } + } + } + }, + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "geo": { + "properties": { + "city_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "continent_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "continent_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country_iso_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "country_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "location": { + "type": "geo_point" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "postal_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "region_iso_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "region_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "timezone": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "hostname": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "ip": { + "type": "ip" + }, + "mac": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "network": { + "properties": { + "egress": { + "properties": { + "bytes": { + "type": "long" + }, + "packets": { + "type": "long" + } + } + }, + "ingress": { + "properties": { + "bytes": { + "type": "long" + }, + "packets": { + "type": "long" + } + } + } + } + }, + "os": { + "properties": { + "build": { + "type": "keyword", + "ignore_above": 1024 + }, + "codename": { + "type": "keyword", + "ignore_above": 1024 + }, + "family": { + "type": "keyword", + "ignore_above": 1024 + }, + "full": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "kernel": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "platform": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "uptime": { + "type": "long" + }, + "user": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "email": { + "type": "keyword", + "ignore_above": 1024 + }, + "full_name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "group": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "hash": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "roles": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + }, + "http": { + "properties": { + "request": { + "properties": { + "body": { + "properties": { + "bytes": { + "type": "long" + }, + "content": { + "type": "wildcard", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + } + } + }, + "bytes": { + "type": "long" + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "method": { + "type": "keyword", + "ignore_above": 1024 + }, + "mime_type": { + "type": "keyword", + "ignore_above": 1024 + }, + "referrer": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "response": { + "properties": { + "body": { + "properties": { + "bytes": { + "type": "long" + }, + "content": { + "type": "wildcard", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + } + } + }, + "bytes": { + "type": "long" + }, + "mime_type": { + "type": "keyword", + "ignore_above": 1024 + }, + "status_code": { + "type": "long" + } + } + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "interface": { + "properties": { + "alias": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "jolokia": { + "properties": { + "agent": { + "properties": { + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "secured": { + "type": "boolean" + }, + "server": { + "properties": { + "product": { + "type": "keyword", + "ignore_above": 1024 + }, + "vendor": { + "type": "keyword", + "ignore_above": 1024 + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "url": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "kubernetes": { + "properties": { + "annotations": { + "properties": { + "*": { + "type": "object" + } + } + }, + "container": { + "properties": { + "image": { + "type": "alias", + "path": "container.image.name" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "deployment": { + "properties": { + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "labels": { + "properties": { + "*": { + "type": "object" + } + } + }, + "namespace": { + "type": "keyword", + "ignore_above": 1024 + }, + "node": { + "properties": { + "hostname": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "pod": { + "properties": { + "ip": { + "type": "ip" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "uid": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "replicaset": { + "properties": { + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "selectors": { + "properties": { + "*": { + "type": "object" + } + } + }, + "statefulset": { + "properties": { + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + }, + "labels": { + "type": "object" + }, + "log": { + "properties": { + "file": { + "properties": { + "path": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "level": { + "type": "keyword", + "ignore_above": 1024 + }, + "logger": { + "type": "keyword", + "ignore_above": 1024 + }, + "origin": { + "properties": { + "file": { + "properties": { + "line": { + "type": "long" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "function": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "original": { + "type": "keyword", + "index": false, + "doc_values": false, + "ignore_above": 1024 + }, + "syslog": { + "properties": { + "facility": { + "properties": { + "code": { + "type": "long" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "priority": { + "type": "long" + }, + "severity": { + "properties": { + "code": { + "type": "long" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + } + } + }, + "message": { + "type": "match_only_text" + }, + "network": { + "properties": { + "application": { + "type": "keyword", + "ignore_above": 1024 + }, + "bytes": { + "type": "long" + }, + "community_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "direction": { + "type": "keyword", + "ignore_above": 1024 + }, + "forwarded_ip": { + "type": "ip" + }, + "iana_number": { + "type": "keyword", + "ignore_above": 1024 + }, + "inner": { + "properties": { + "vlan": { + "properties": { + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "packets": { + "type": "long" + }, + "protocol": { + "type": "keyword", + "ignore_above": 1024 + }, + "transport": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "vlan": { + "properties": { + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + }, + "observer": { + "properties": { + "egress": { + "properties": { + "interface": { + "properties": { + "alias": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "vlan": { + "properties": { + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "zone": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "geo": { + "properties": { + "city_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "continent_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "continent_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country_iso_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "country_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "location": { + "type": "geo_point" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "postal_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "region_iso_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "region_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "timezone": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "hostname": { + "type": "keyword", + "ignore_above": 1024 + }, + "ingress": { + "properties": { + "interface": { + "properties": { + "alias": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "vlan": { + "properties": { + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "zone": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "ip": { + "type": "ip" + }, + "mac": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "os": { + "properties": { + "family": { + "type": "keyword", + "ignore_above": 1024 + }, + "full": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "kernel": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "platform": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "product": { + "type": "keyword", + "ignore_above": 1024 + }, + "serial_number": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "vendor": { + "type": "keyword", + "ignore_above": 1024 + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "orchestrator": { + "properties": { + "api_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "cluster": { + "properties": { + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "url": { + "type": "keyword", + "ignore_above": 1024 + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "namespace": { + "type": "keyword", + "ignore_above": 1024 + }, + "organization": { + "type": "keyword", + "ignore_above": 1024 + }, + "resource": { + "properties": { + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "organization": { + "properties": { + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + } + } + }, + "os": { + "properties": { + "family": { + "type": "keyword", + "ignore_above": 1024 + }, + "full": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "kernel": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "platform": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "package": { + "properties": { + "architecture": { + "type": "keyword", + "ignore_above": 1024 + }, + "build_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "checksum": { + "type": "keyword", + "ignore_above": 1024 + }, + "description": { + "type": "keyword", + "ignore_above": 1024 + }, + "install_scope": { + "type": "keyword", + "ignore_above": 1024 + }, + "installed": { + "type": "date" + }, + "license": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "path": { + "type": "keyword", + "ignore_above": 1024 + }, + "reference": { + "type": "keyword", + "ignore_above": 1024 + }, + "size": { + "type": "long" + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "pe": { + "properties": { + "architecture": { + "type": "keyword", + "ignore_above": 1024 + }, + "company": { + "type": "keyword", + "ignore_above": 1024 + }, + "description": { + "type": "keyword", + "ignore_above": 1024 + }, + "file_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "imphash": { + "type": "keyword", + "ignore_above": 1024 + }, + "original_file_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "product": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "powershell": { + "properties": { + "command": { + "properties": { + "invocation_details": { + "properties": { + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "related_command": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "value": { + "type": "text", + "norms": false + } + } + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "path": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "value": { + "type": "text", + "norms": false + } + } + }, + "connected_user": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "engine": { + "properties": { + "new_state": { + "type": "keyword", + "ignore_above": 1024 + }, + "previous_state": { + "type": "keyword", + "ignore_above": 1024 + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "file": { + "properties": { + "script_block_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "script_block_text": { + "type": "text", + "norms": false + } + } + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "pipeline_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "process": { + "properties": { + "executable_version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "provider": { + "properties": { + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "new_state": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "runspace_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "sequence": { + "type": "long" + }, + "total": { + "type": "long" + } + } + }, + "process": { + "properties": { + "args": { + "type": "keyword", + "ignore_above": 1024 + }, + "args_count": { + "type": "long" + }, + "code_signature": { + "properties": { + "digest_algorithm": { + "type": "keyword", + "ignore_above": 1024 + }, + "exists": { + "type": "boolean" + }, + "signing_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "status": { + "type": "keyword", + "ignore_above": 1024 + }, + "subject_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "team_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "timestamp": { + "type": "date" + }, + "trusted": { + "type": "boolean" + }, + "valid": { + "type": "boolean" + } + } + }, + "command_line": { + "type": "wildcard", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "elf": { + "properties": { + "architecture": { + "type": "keyword", + "ignore_above": 1024 + }, + "byte_order": { + "type": "keyword", + "ignore_above": 1024 + }, + "cpu_type": { + "type": "keyword", + "ignore_above": 1024 + }, + "creation_date": { + "type": "date" + }, + "exports": { + "type": "flattened" + }, + "header": { + "properties": { + "abi_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "class": { + "type": "keyword", + "ignore_above": 1024 + }, + "data": { + "type": "keyword", + "ignore_above": 1024 + }, + "entrypoint": { + "type": "long" + }, + "object_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "os_abi": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "imports": { + "type": "flattened" + }, + "sections": { + "type": "nested", + "properties": { + "chi2": { + "type": "long" + }, + "entropy": { + "type": "long" + }, + "flags": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "physical_offset": { + "type": "keyword", + "ignore_above": 1024 + }, + "physical_size": { + "type": "long" + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "virtual_address": { + "type": "long" + }, + "virtual_size": { + "type": "long" + } + } + }, + "segments": { + "type": "nested", + "properties": { + "sections": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "shared_libraries": { + "type": "keyword", + "ignore_above": 1024 + }, + "telfhash": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "end": { + "type": "date" + }, + "entity_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "executable": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "exit_code": { + "type": "long" + }, + "hash": { + "properties": { + "md5": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha1": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha256": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha512": { + "type": "keyword", + "ignore_above": 1024 + }, + "ssdeep": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "parent": { + "properties": { + "args": { + "type": "keyword", + "ignore_above": 1024 + }, + "args_count": { + "type": "long" + }, + "code_signature": { + "properties": { + "digest_algorithm": { + "type": "keyword", + "ignore_above": 1024 + }, + "exists": { + "type": "boolean" + }, + "signing_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "status": { + "type": "keyword", + "ignore_above": 1024 + }, + "subject_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "team_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "timestamp": { + "type": "date" + }, + "trusted": { + "type": "boolean" + }, + "valid": { + "type": "boolean" + } + } + }, + "command_line": { + "type": "wildcard", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "elf": { + "properties": { + "architecture": { + "type": "keyword", + "ignore_above": 1024 + }, + "byte_order": { + "type": "keyword", + "ignore_above": 1024 + }, + "cpu_type": { + "type": "keyword", + "ignore_above": 1024 + }, + "creation_date": { + "type": "date" + }, + "exports": { + "type": "flattened" + }, + "header": { + "properties": { + "abi_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "class": { + "type": "keyword", + "ignore_above": 1024 + }, + "data": { + "type": "keyword", + "ignore_above": 1024 + }, + "entrypoint": { + "type": "long" + }, + "object_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "os_abi": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "imports": { + "type": "flattened" + }, + "sections": { + "type": "nested", + "properties": { + "chi2": { + "type": "long" + }, + "entropy": { + "type": "long" + }, + "flags": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "physical_offset": { + "type": "keyword", + "ignore_above": 1024 + }, + "physical_size": { + "type": "long" + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "virtual_address": { + "type": "long" + }, + "virtual_size": { + "type": "long" + } + } + }, + "segments": { + "type": "nested", + "properties": { + "sections": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "shared_libraries": { + "type": "keyword", + "ignore_above": 1024 + }, + "telfhash": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "end": { + "type": "date" + }, + "entity_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "executable": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "exit_code": { + "type": "long" + }, + "hash": { + "properties": { + "md5": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha1": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha256": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha512": { + "type": "keyword", + "ignore_above": 1024 + }, + "ssdeep": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "pe": { + "properties": { + "architecture": { + "type": "keyword", + "ignore_above": 1024 + }, + "company": { + "type": "keyword", + "ignore_above": 1024 + }, + "description": { + "type": "keyword", + "ignore_above": 1024 + }, + "file_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "imphash": { + "type": "keyword", + "ignore_above": 1024 + }, + "original_file_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "product": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "pgid": { + "type": "long" + }, + "pid": { + "type": "long" + }, + "ppid": { + "type": "long" + }, + "start": { + "type": "date" + }, + "thread": { + "properties": { + "id": { + "type": "long" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "title": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "uptime": { + "type": "long" + }, + "working_directory": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + } + } + }, + "pe": { + "properties": { + "architecture": { + "type": "keyword", + "ignore_above": 1024 + }, + "company": { + "type": "keyword", + "ignore_above": 1024 + }, + "description": { + "type": "keyword", + "ignore_above": 1024 + }, + "file_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "imphash": { + "type": "keyword", + "ignore_above": 1024 + }, + "original_file_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "product": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "pgid": { + "type": "long" + }, + "pid": { + "type": "long" + }, + "ppid": { + "type": "long" + }, + "start": { + "type": "date" + }, + "thread": { + "properties": { + "id": { + "type": "long" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "title": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "uptime": { + "type": "long" + }, + "working_directory": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + } + } + }, + "registry": { + "properties": { + "data": { + "properties": { + "bytes": { + "type": "keyword", + "ignore_above": 1024 + }, + "strings": { + "type": "wildcard", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "hive": { + "type": "keyword", + "ignore_above": 1024 + }, + "key": { + "type": "keyword", + "ignore_above": 1024 + }, + "path": { + "type": "keyword", + "ignore_above": 1024 + }, + "value": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "related": { + "properties": { + "hash": { + "type": "keyword", + "ignore_above": 1024 + }, + "hosts": { + "type": "keyword", + "ignore_above": 1024 + }, + "ip": { + "type": "ip" + }, + "user": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "rule": { + "properties": { + "author": { + "type": "keyword", + "ignore_above": 1024 + }, + "category": { + "type": "keyword", + "ignore_above": 1024 + }, + "description": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "license": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "reference": { + "type": "keyword", + "ignore_above": 1024 + }, + "ruleset": { + "type": "keyword", + "ignore_above": 1024 + }, + "uuid": { + "type": "keyword", + "ignore_above": 1024 + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "server": { + "properties": { + "address": { + "type": "keyword", + "ignore_above": 1024 + }, + "as": { + "properties": { + "number": { + "type": "long" + }, + "organization": { + "properties": { + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + } + } + } + } + }, + "bytes": { + "type": "long" + }, + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "geo": { + "properties": { + "city_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "continent_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "continent_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country_iso_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "country_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "location": { + "type": "geo_point" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "postal_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "region_iso_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "region_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "timezone": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "ip": { + "type": "ip" + }, + "mac": { + "type": "keyword", + "ignore_above": 1024 + }, + "nat": { + "properties": { + "ip": { + "type": "ip" + }, + "port": { + "type": "long" + } + } + }, + "packets": { + "type": "long" + }, + "port": { + "type": "long" + }, + "registered_domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "subdomain": { + "type": "keyword", + "ignore_above": 1024 + }, + "top_level_domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "user": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "email": { + "type": "keyword", + "ignore_above": 1024 + }, + "full_name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "group": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "hash": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "roles": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + }, + "service": { + "properties": { + "address": { + "type": "keyword", + "ignore_above": 1024 + }, + "environment": { + "type": "keyword", + "ignore_above": 1024 + }, + "ephemeral_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "node": { + "properties": { + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "state": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "source": { + "properties": { + "address": { + "type": "keyword", + "ignore_above": 1024 + }, + "as": { + "properties": { + "number": { + "type": "long" + }, + "organization": { + "properties": { + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + } + } + } + } + }, + "bytes": { + "type": "long" + }, + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "geo": { + "properties": { + "city_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "continent_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "continent_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country_iso_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "country_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "location": { + "type": "geo_point" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "postal_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "region_iso_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "region_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "timezone": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "ip": { + "type": "ip" + }, + "mac": { + "type": "keyword", + "ignore_above": 1024 + }, + "nat": { + "properties": { + "ip": { + "type": "ip" + }, + "port": { + "type": "long" + } + } + }, + "packets": { + "type": "long" + }, + "port": { + "type": "long" + }, + "registered_domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "subdomain": { + "type": "keyword", + "ignore_above": 1024 + }, + "top_level_domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "user": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "email": { + "type": "keyword", + "ignore_above": 1024 + }, + "full_name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "group": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "hash": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "roles": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + }, + "span": { + "properties": { + "id": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "sysmon": { + "properties": { + "dns": { + "properties": { + "status": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "file": { + "properties": { + "archived": { + "type": "boolean" + }, + "is_executable": { + "type": "boolean" + } + } + } + } + }, + "tags": { + "type": "keyword", + "ignore_above": 1024 + }, + "threat": { + "properties": { + "enrichments": { + "type": "nested", + "properties": { + "indicator": { + "properties": { + "as": { + "properties": { + "number": { + "type": "long" + }, + "organization": { + "properties": { + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + } + } + } + } + }, + "confidence": { + "type": "keyword", + "ignore_above": 1024 + }, + "description": { + "type": "keyword", + "ignore_above": 1024 + }, + "email": { + "properties": { + "address": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "file": { + "properties": { + "accessed": { + "type": "date" + }, + "attributes": { + "type": "keyword", + "ignore_above": 1024 + }, + "code_signature": { + "properties": { + "digest_algorithm": { + "type": "keyword", + "ignore_above": 1024 + }, + "exists": { + "type": "boolean" + }, + "signing_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "status": { + "type": "keyword", + "ignore_above": 1024 + }, + "subject_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "team_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "timestamp": { + "type": "date" + }, + "trusted": { + "type": "boolean" + }, + "valid": { + "type": "boolean" + } + } + }, + "created": { + "type": "date" + }, + "ctime": { + "type": "date" + }, + "device": { + "type": "keyword", + "ignore_above": 1024 + }, + "directory": { + "type": "keyword", + "ignore_above": 1024 + }, + "drive_letter": { + "type": "keyword", + "ignore_above": 1 + }, + "elf": { + "properties": { + "architecture": { + "type": "keyword", + "ignore_above": 1024 + }, + "byte_order": { + "type": "keyword", + "ignore_above": 1024 + }, + "cpu_type": { + "type": "keyword", + "ignore_above": 1024 + }, + "creation_date": { + "type": "date" + }, + "exports": { + "type": "flattened" + }, + "header": { + "properties": { + "abi_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "class": { + "type": "keyword", + "ignore_above": 1024 + }, + "data": { + "type": "keyword", + "ignore_above": 1024 + }, + "entrypoint": { + "type": "long" + }, + "object_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "os_abi": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "imports": { + "type": "flattened" + }, + "sections": { + "type": "nested", + "properties": { + "chi2": { + "type": "long" + }, + "entropy": { + "type": "long" + }, + "flags": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "physical_offset": { + "type": "keyword", + "ignore_above": 1024 + }, + "physical_size": { + "type": "long" + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "virtual_address": { + "type": "long" + }, + "virtual_size": { + "type": "long" + } + } + }, + "segments": { + "type": "nested", + "properties": { + "sections": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "shared_libraries": { + "type": "keyword", + "ignore_above": 1024 + }, + "telfhash": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "extension": { + "type": "keyword", + "ignore_above": 1024 + }, + "fork_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "gid": { + "type": "keyword", + "ignore_above": 1024 + }, + "group": { + "type": "keyword", + "ignore_above": 1024 + }, + "hash": { + "properties": { + "md5": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha1": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha256": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha512": { + "type": "keyword", + "ignore_above": 1024 + }, + "ssdeep": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "inode": { + "type": "keyword", + "ignore_above": 1024 + }, + "mime_type": { + "type": "keyword", + "ignore_above": 1024 + }, + "mode": { + "type": "keyword", + "ignore_above": 1024 + }, + "mtime": { + "type": "date" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "owner": { + "type": "keyword", + "ignore_above": 1024 + }, + "path": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "pe": { + "properties": { + "architecture": { + "type": "keyword", + "ignore_above": 1024 + }, + "company": { + "type": "keyword", + "ignore_above": 1024 + }, + "description": { + "type": "keyword", + "ignore_above": 1024 + }, + "file_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "imphash": { + "type": "keyword", + "ignore_above": 1024 + }, + "original_file_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "product": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "size": { + "type": "long" + }, + "target_path": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "uid": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "first_seen": { + "type": "date" + }, + "geo": { + "properties": { + "city_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "continent_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "continent_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country_iso_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "country_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "location": { + "type": "geo_point" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "postal_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "region_iso_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "region_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "timezone": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "ip": { + "type": "ip" + }, + "last_seen": { + "type": "date" + }, + "marking": { + "properties": { + "tlp": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "modified_at": { + "type": "date" + }, + "port": { + "type": "long" + }, + "provider": { + "type": "keyword", + "ignore_above": 1024 + }, + "reference": { + "type": "keyword", + "ignore_above": 1024 + }, + "registry": { + "properties": { + "data": { + "properties": { + "bytes": { + "type": "keyword", + "ignore_above": 1024 + }, + "strings": { + "type": "wildcard", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "hive": { + "type": "keyword", + "ignore_above": 1024 + }, + "key": { + "type": "keyword", + "ignore_above": 1024 + }, + "path": { + "type": "keyword", + "ignore_above": 1024 + }, + "value": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "scanner_stats": { + "type": "long" + }, + "sightings": { + "type": "long" + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "url": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "extension": { + "type": "keyword", + "ignore_above": 1024 + }, + "fragment": { + "type": "keyword", + "ignore_above": 1024 + }, + "full": { + "type": "wildcard", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "original": { + "type": "wildcard", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "password": { + "type": "keyword", + "ignore_above": 1024 + }, + "path": { + "type": "wildcard", + "ignore_above": 1024 + }, + "port": { + "type": "long" + }, + "query": { + "type": "keyword", + "ignore_above": 1024 + }, + "registered_domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "scheme": { + "type": "keyword", + "ignore_above": 1024 + }, + "subdomain": { + "type": "keyword", + "ignore_above": 1024 + }, + "top_level_domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "username": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "x509": { + "properties": { + "alternative_names": { + "type": "keyword", + "ignore_above": 1024 + }, + "issuer": { + "properties": { + "common_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country": { + "type": "keyword", + "ignore_above": 1024 + }, + "distinguished_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "locality": { + "type": "keyword", + "ignore_above": 1024 + }, + "organization": { + "type": "keyword", + "ignore_above": 1024 + }, + "organizational_unit": { + "type": "keyword", + "ignore_above": 1024 + }, + "state_or_province": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "not_after": { + "type": "date" + }, + "not_before": { + "type": "date" + }, + "public_key_algorithm": { + "type": "keyword", + "ignore_above": 1024 + }, + "public_key_curve": { + "type": "keyword", + "ignore_above": 1024 + }, + "public_key_exponent": { + "type": "long", + "index": false, + "doc_values": false + }, + "public_key_size": { + "type": "long" + }, + "serial_number": { + "type": "keyword", + "ignore_above": 1024 + }, + "signature_algorithm": { + "type": "keyword", + "ignore_above": 1024 + }, + "subject": { + "properties": { + "common_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country": { + "type": "keyword", + "ignore_above": 1024 + }, + "distinguished_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "locality": { + "type": "keyword", + "ignore_above": 1024 + }, + "organization": { + "type": "keyword", + "ignore_above": 1024 + }, + "organizational_unit": { + "type": "keyword", + "ignore_above": 1024 + }, + "state_or_province": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "version_number": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + }, + "matched": { + "properties": { + "atomic": { + "type": "keyword", + "ignore_above": 1024 + }, + "field": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "index": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + }, + "framework": { + "type": "keyword", + "ignore_above": 1024 + }, + "group": { + "properties": { + "alias": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "reference": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "indicator": { + "properties": { + "as": { + "properties": { + "number": { + "type": "long" + }, + "organization": { + "properties": { + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + } + } + } + } + }, + "confidence": { + "type": "keyword", + "ignore_above": 1024 + }, + "description": { + "type": "keyword", + "ignore_above": 1024 + }, + "email": { + "properties": { + "address": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "file": { + "properties": { + "accessed": { + "type": "date" + }, + "attributes": { + "type": "keyword", + "ignore_above": 1024 + }, + "code_signature": { + "properties": { + "digest_algorithm": { + "type": "keyword", + "ignore_above": 1024 + }, + "exists": { + "type": "boolean" + }, + "signing_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "status": { + "type": "keyword", + "ignore_above": 1024 + }, + "subject_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "team_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "timestamp": { + "type": "date" + }, + "trusted": { + "type": "boolean" + }, + "valid": { + "type": "boolean" + } + } + }, + "created": { + "type": "date" + }, + "ctime": { + "type": "date" + }, + "device": { + "type": "keyword", + "ignore_above": 1024 + }, + "directory": { + "type": "keyword", + "ignore_above": 1024 + }, + "drive_letter": { + "type": "keyword", + "ignore_above": 1 + }, + "elf": { + "properties": { + "architecture": { + "type": "keyword", + "ignore_above": 1024 + }, + "byte_order": { + "type": "keyword", + "ignore_above": 1024 + }, + "cpu_type": { + "type": "keyword", + "ignore_above": 1024 + }, + "creation_date": { + "type": "date" + }, + "exports": { + "type": "flattened" + }, + "header": { + "properties": { + "abi_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "class": { + "type": "keyword", + "ignore_above": 1024 + }, + "data": { + "type": "keyword", + "ignore_above": 1024 + }, + "entrypoint": { + "type": "long" + }, + "object_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "os_abi": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "imports": { + "type": "flattened" + }, + "sections": { + "type": "nested", + "properties": { + "chi2": { + "type": "long" + }, + "entropy": { + "type": "long" + }, + "flags": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "physical_offset": { + "type": "keyword", + "ignore_above": 1024 + }, + "physical_size": { + "type": "long" + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "virtual_address": { + "type": "long" + }, + "virtual_size": { + "type": "long" + } + } + }, + "segments": { + "type": "nested", + "properties": { + "sections": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "shared_libraries": { + "type": "keyword", + "ignore_above": 1024 + }, + "telfhash": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "extension": { + "type": "keyword", + "ignore_above": 1024 + }, + "fork_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "gid": { + "type": "keyword", + "ignore_above": 1024 + }, + "group": { + "type": "keyword", + "ignore_above": 1024 + }, + "hash": { + "properties": { + "md5": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha1": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha256": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha512": { + "type": "keyword", + "ignore_above": 1024 + }, + "ssdeep": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "inode": { + "type": "keyword", + "ignore_above": 1024 + }, + "mime_type": { + "type": "keyword", + "ignore_above": 1024 + }, + "mode": { + "type": "keyword", + "ignore_above": 1024 + }, + "mtime": { + "type": "date" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "owner": { + "type": "keyword", + "ignore_above": 1024 + }, + "path": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "pe": { + "properties": { + "architecture": { + "type": "keyword", + "ignore_above": 1024 + }, + "company": { + "type": "keyword", + "ignore_above": 1024 + }, + "description": { + "type": "keyword", + "ignore_above": 1024 + }, + "file_version": { + "type": "keyword", + "ignore_above": 1024 + }, + "imphash": { + "type": "keyword", + "ignore_above": 1024 + }, + "original_file_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "product": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "size": { + "type": "long" + }, + "target_path": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "uid": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "first_seen": { + "type": "date" + }, + "geo": { + "properties": { + "city_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "continent_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "continent_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country_iso_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "country_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "location": { + "type": "geo_point" + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "postal_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "region_iso_code": { + "type": "keyword", + "ignore_above": 1024 + }, + "region_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "timezone": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "ip": { + "type": "ip" + }, + "last_seen": { + "type": "date" + }, + "marking": { + "properties": { + "tlp": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "modified_at": { + "type": "date" + }, + "port": { + "type": "long" + }, + "provider": { + "type": "keyword", + "ignore_above": 1024 + }, + "reference": { + "type": "keyword", + "ignore_above": 1024 + }, + "registry": { + "properties": { + "data": { + "properties": { + "bytes": { + "type": "keyword", + "ignore_above": 1024 + }, + "strings": { + "type": "wildcard", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "hive": { + "type": "keyword", + "ignore_above": 1024 + }, + "key": { + "type": "keyword", + "ignore_above": 1024 + }, + "path": { + "type": "keyword", + "ignore_above": 1024 + }, + "value": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "scanner_stats": { + "type": "long" + }, + "sightings": { + "type": "long" + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "url": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "extension": { + "type": "keyword", + "ignore_above": 1024 + }, + "fragment": { + "type": "keyword", + "ignore_above": 1024 + }, + "full": { + "type": "wildcard", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "original": { + "type": "wildcard", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "password": { + "type": "keyword", + "ignore_above": 1024 + }, + "path": { + "type": "wildcard", + "ignore_above": 1024 + }, + "port": { + "type": "long" + }, + "query": { + "type": "keyword", + "ignore_above": 1024 + }, + "registered_domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "scheme": { + "type": "keyword", + "ignore_above": 1024 + }, + "subdomain": { + "type": "keyword", + "ignore_above": 1024 + }, + "top_level_domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "username": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "x509": { + "properties": { + "alternative_names": { + "type": "keyword", + "ignore_above": 1024 + }, + "issuer": { + "properties": { + "common_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country": { + "type": "keyword", + "ignore_above": 1024 + }, + "distinguished_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "locality": { + "type": "keyword", + "ignore_above": 1024 + }, + "organization": { + "type": "keyword", + "ignore_above": 1024 + }, + "organizational_unit": { + "type": "keyword", + "ignore_above": 1024 + }, + "state_or_province": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "not_after": { + "type": "date" + }, + "not_before": { + "type": "date" + }, + "public_key_algorithm": { + "type": "keyword", + "ignore_above": 1024 + }, + "public_key_curve": { + "type": "keyword", + "ignore_above": 1024 + }, + "public_key_exponent": { + "type": "long", + "index": false, + "doc_values": false + }, + "public_key_size": { + "type": "long" + }, + "serial_number": { + "type": "keyword", + "ignore_above": 1024 + }, + "signature_algorithm": { + "type": "keyword", + "ignore_above": 1024 + }, + "subject": { + "properties": { + "common_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country": { + "type": "keyword", + "ignore_above": 1024 + }, + "distinguished_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "locality": { + "type": "keyword", + "ignore_above": 1024 + }, + "organization": { + "type": "keyword", + "ignore_above": 1024 + }, + "organizational_unit": { + "type": "keyword", + "ignore_above": 1024 + }, + "state_or_province": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "version_number": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + }, + "software": { + "properties": { + "alias": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "platforms": { + "type": "keyword", + "ignore_above": 1024 + }, + "reference": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "tactic": { + "properties": { + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "reference": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "technique": { + "properties": { + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "reference": { + "type": "keyword", + "ignore_above": 1024 + }, + "subtechnique": { + "properties": { + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "reference": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + } + } + }, + "timeseries": { + "properties": { + "instance": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "tls": { + "properties": { + "cipher": { + "type": "keyword", + "ignore_above": 1024 + }, + "client": { + "properties": { + "certificate": { + "type": "keyword", + "ignore_above": 1024 + }, + "certificate_chain": { + "type": "keyword", + "ignore_above": 1024 + }, + "hash": { + "properties": { + "md5": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha1": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha256": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "issuer": { + "type": "keyword", + "ignore_above": 1024 + }, + "ja3": { + "type": "keyword", + "ignore_above": 1024 + }, + "not_after": { + "type": "date" + }, + "not_before": { + "type": "date" + }, + "server_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "subject": { + "type": "keyword", + "ignore_above": 1024 + }, + "supported_ciphers": { + "type": "keyword", + "ignore_above": 1024 + }, + "x509": { + "properties": { + "alternative_names": { + "type": "keyword", + "ignore_above": 1024 + }, + "issuer": { + "properties": { + "common_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country": { + "type": "keyword", + "ignore_above": 1024 + }, + "distinguished_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "locality": { + "type": "keyword", + "ignore_above": 1024 + }, + "organization": { + "type": "keyword", + "ignore_above": 1024 + }, + "organizational_unit": { + "type": "keyword", + "ignore_above": 1024 + }, + "state_or_province": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "not_after": { + "type": "date" + }, + "not_before": { + "type": "date" + }, + "public_key_algorithm": { + "type": "keyword", + "ignore_above": 1024 + }, + "public_key_curve": { + "type": "keyword", + "ignore_above": 1024 + }, + "public_key_exponent": { + "type": "long", + "index": false, + "doc_values": false + }, + "public_key_size": { + "type": "long" + }, + "serial_number": { + "type": "keyword", + "ignore_above": 1024 + }, + "signature_algorithm": { + "type": "keyword", + "ignore_above": 1024 + }, + "subject": { + "properties": { + "common_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country": { + "type": "keyword", + "ignore_above": 1024 + }, + "distinguished_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "locality": { + "type": "keyword", + "ignore_above": 1024 + }, + "organization": { + "type": "keyword", + "ignore_above": 1024 + }, + "organizational_unit": { + "type": "keyword", + "ignore_above": 1024 + }, + "state_or_province": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "version_number": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + }, + "curve": { + "type": "keyword", + "ignore_above": 1024 + }, + "established": { + "type": "boolean" + }, + "next_protocol": { + "type": "keyword", + "ignore_above": 1024 + }, + "resumed": { + "type": "boolean" + }, + "server": { + "properties": { + "certificate": { + "type": "keyword", + "ignore_above": 1024 + }, + "certificate_chain": { + "type": "keyword", + "ignore_above": 1024 + }, + "hash": { + "properties": { + "md5": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha1": { + "type": "keyword", + "ignore_above": 1024 + }, + "sha256": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "issuer": { + "type": "keyword", + "ignore_above": 1024 + }, + "ja3s": { + "type": "keyword", + "ignore_above": 1024 + }, + "not_after": { + "type": "date" + }, + "not_before": { + "type": "date" + }, + "subject": { + "type": "keyword", + "ignore_above": 1024 + }, + "x509": { + "properties": { + "alternative_names": { + "type": "keyword", + "ignore_above": 1024 + }, + "issuer": { + "properties": { + "common_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country": { + "type": "keyword", + "ignore_above": 1024 + }, + "distinguished_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "locality": { + "type": "keyword", + "ignore_above": 1024 + }, + "organization": { + "type": "keyword", + "ignore_above": 1024 + }, + "organizational_unit": { + "type": "keyword", + "ignore_above": 1024 + }, + "state_or_province": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "not_after": { + "type": "date" + }, + "not_before": { + "type": "date" + }, + "public_key_algorithm": { + "type": "keyword", + "ignore_above": 1024 + }, + "public_key_curve": { + "type": "keyword", + "ignore_above": 1024 + }, + "public_key_exponent": { + "type": "long", + "index": false, + "doc_values": false + }, + "public_key_size": { + "type": "long" + }, + "serial_number": { + "type": "keyword", + "ignore_above": 1024 + }, + "signature_algorithm": { + "type": "keyword", + "ignore_above": 1024 + }, + "subject": { + "properties": { + "common_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country": { + "type": "keyword", + "ignore_above": 1024 + }, + "distinguished_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "locality": { + "type": "keyword", + "ignore_above": 1024 + }, + "organization": { + "type": "keyword", + "ignore_above": 1024 + }, + "organizational_unit": { + "type": "keyword", + "ignore_above": 1024 + }, + "state_or_province": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "version_number": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + }, + "version_protocol": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "trace": { + "properties": { + "id": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "transaction": { + "properties": { + "id": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "url": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "extension": { + "type": "keyword", + "ignore_above": 1024 + }, + "fragment": { + "type": "keyword", + "ignore_above": 1024 + }, + "full": { + "type": "wildcard", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "original": { + "type": "wildcard", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "password": { + "type": "keyword", + "ignore_above": 1024 + }, + "path": { + "type": "wildcard", + "ignore_above": 1024 + }, + "port": { + "type": "long" + }, + "query": { + "type": "keyword", + "ignore_above": 1024 + }, + "registered_domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "scheme": { + "type": "keyword", + "ignore_above": 1024 + }, + "subdomain": { + "type": "keyword", + "ignore_above": 1024 + }, + "top_level_domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "username": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "user": { + "properties": { + "changes": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "email": { + "type": "keyword", + "ignore_above": 1024 + }, + "full_name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "group": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "hash": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "roles": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "effective": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "email": { + "type": "keyword", + "ignore_above": 1024 + }, + "full_name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "group": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "hash": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "roles": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "email": { + "type": "keyword", + "ignore_above": 1024 + }, + "full_name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "group": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "hash": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "roles": { + "type": "keyword", + "ignore_above": 1024 + }, + "target": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "email": { + "type": "keyword", + "ignore_above": 1024 + }, + "full_name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "group": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "hash": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "roles": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + }, + "user_agent": { + "properties": { + "device": { + "properties": { + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "original": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "os": { + "properties": { + "family": { + "type": "keyword", + "ignore_above": 1024 + }, + "full": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "kernel": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "platform": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "vlan": { + "properties": { + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "vulnerability": { + "properties": { + "category": { + "type": "keyword", + "ignore_above": 1024 + }, + "classification": { + "type": "keyword", + "ignore_above": 1024 + }, + "description": { + "type": "keyword", + "ignore_above": 1024, + "fields": { + "text": { + "type": "match_only_text" + } + } + }, + "enumeration": { + "type": "keyword", + "ignore_above": 1024 + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "reference": { + "type": "keyword", + "ignore_above": 1024 + }, + "report_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "scanner": { + "properties": { + "vendor": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "score": { + "properties": { + "base": { + "type": "float" + }, + "environmental": { + "type": "float" + }, + "temporal": { + "type": "float" + }, + "version": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "severity": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "winlog": { + "properties": { + "activity_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "api": { + "type": "keyword", + "ignore_above": 1024 + }, + "channel": { + "type": "keyword", + "ignore_above": 1024 + }, + "computer_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "event_data": { + "properties": { + "AccessGranted": { + "type": "keyword" + }, + "AccessList": { + "type": "keyword" + }, + "AccessMask": { + "type": "keyword" + }, + "AccessRemoved": { + "type": "keyword" + }, + "AccountExpires": { + "type": "keyword" + }, + "AccountName": { + "type": "keyword" + }, + "AdditionalInfo": { + "type": "keyword" + }, + "AdditionalInfo2": { + "type": "keyword" + }, + "Address": { + "type": "keyword" + }, + "AddressLength": { + "type": "keyword" + }, + "AdvancedOptions": { + "type": "keyword" + }, + "AlgorithmName": { + "type": "keyword" + }, + "AllowedToDelegateTo": { + "type": "keyword" + }, + "AuthenticationPackageName": { + "type": "keyword", + "ignore_above": 1024 + }, + "Binary": { + "type": "keyword", + "ignore_above": 1024 + }, + "BitlockerUserInputTime": { + "type": "keyword", + "ignore_above": 1024 + }, + "BootMenuPolicy": { + "type": "keyword" + }, + "BootMode": { + "type": "keyword", + "ignore_above": 1024 + }, + "BootStatusPolicy": { + "type": "keyword" + }, + "BootType": { + "type": "keyword", + "ignore_above": 1024 + }, + "BuildVersion": { + "type": "keyword", + "ignore_above": 1024 + }, + "CallerProcessId": { + "type": "keyword" + }, + "CallerProcessName": { + "type": "keyword" + }, + "ClientCreationTime": { + "type": "keyword" + }, + "ClientProcessId": { + "type": "keyword" + }, + "Company": { + "type": "keyword", + "ignore_above": 1024 + }, + "ComputerAccountChange": { + "type": "keyword" + }, + "Config": { + "type": "keyword" + }, + "ConfigAccessPolicy": { + "type": "keyword" + }, + "ContextInfo": { + "type": "keyword" + }, + "CorruptionActionState": { + "type": "keyword", + "ignore_above": 1024 + }, + "CountNew": { + "type": "keyword" + }, + "CountOfCredentialsReturned": { + "type": "keyword" + }, + "CountOld": { + "type": "keyword" + }, + "CreationUtcTime": { + "type": "keyword", + "ignore_above": 1024 + }, + "CurrentStratumNumber": { + "type": "keyword" + }, + "DCName": { + "type": "keyword" + }, + "Default SD String:": { + "type": "keyword" + }, + "Description": { + "type": "keyword", + "ignore_above": 1024 + }, + "Detail": { + "type": "keyword", + "ignore_above": 1024 + }, + "DeviceName": { + "type": "keyword", + "ignore_above": 1024 + }, + "DeviceNameLength": { + "type": "keyword", + "ignore_above": 1024 + }, + "DeviceTime": { + "type": "keyword", + "ignore_above": 1024 + }, + "DeviceVersionMajor": { + "type": "keyword", + "ignore_above": 1024 + }, + "DeviceVersionMinor": { + "type": "keyword", + "ignore_above": 1024 + }, + "DirtyPages": { + "type": "keyword" + }, + "DisableIntegrityChecks": { + "type": "keyword" + }, + "DisplayName": { + "type": "keyword" + }, + "DnsHostName": { + "type": "keyword" + }, + "DomainBehaviorVersion": { + "type": "keyword" + }, + "DomainName": { + "type": "keyword" + }, + "DomainPolicyChanged": { + "type": "keyword" + }, + "DomainSid": { + "type": "keyword" + }, + "DriveName": { + "type": "keyword", + "ignore_above": 1024 + }, + "DriverName": { + "type": "keyword", + "ignore_above": 1024 + }, + "DriverNameLength": { + "type": "keyword", + "ignore_above": 1024 + }, + "Dummy": { + "type": "keyword" + }, + "DwordVal": { + "type": "keyword", + "ignore_above": 1024 + }, + "ElevatedToken": { + "type": "keyword" + }, + "EnableDisableReason": { + "type": "keyword" + }, + "EnabledNew": { + "type": "keyword" + }, + "EntryCount": { + "type": "keyword", + "ignore_above": 1024 + }, + "ErrorMessage": { + "type": "keyword" + }, + "ErrorString": { + "type": "keyword" + }, + "ExitBootServicesEntry": { + "type": "keyword" + }, + "ExitBootServicesExit": { + "type": "keyword" + }, + "ExtraInfo": { + "type": "keyword", + "ignore_above": 1024 + }, + "FailureName": { + "type": "keyword", + "ignore_above": 1024 + }, + "FailureNameLength": { + "type": "keyword", + "ignore_above": 1024 + }, + "FileVersion": { + "type": "keyword", + "ignore_above": 1024 + }, + "FinalStatus": { + "type": "keyword", + "ignore_above": 1024 + }, + "FlightSigning": { + "type": "keyword" + }, + "ForceLogoff": { + "type": "keyword" + }, + "Group": { + "type": "keyword", + "ignore_above": 1024 + }, + "GroupName": { + "type": "keyword" + }, + "HandleId": { + "type": "keyword" + }, + "HiveName": { + "type": "keyword" + }, + "HiveNameLength": { + "type": "keyword" + }, + "HomeDirectory": { + "type": "keyword" + }, + "HomePath": { + "type": "keyword" + }, + "HypervisorDebug": { + "type": "keyword" + }, + "HypervisorLaunchType": { + "type": "keyword" + }, + "HypervisorLoadOptions": { + "type": "keyword" + }, + "IdleImplementation": { + "type": "keyword", + "ignore_above": 1024 + }, + "IdleStateCount": { + "type": "keyword", + "ignore_above": 1024 + }, + "ImagePath": { + "type": "keyword" + }, + "ImpersonationLevel": { + "type": "keyword", + "ignore_above": 1024 + }, + "IntegrityLevel": { + "type": "keyword", + "ignore_above": 1024 + }, + "IpAddress": { + "type": "keyword", + "ignore_above": 1024 + }, + "IpPort": { + "type": "keyword", + "ignore_above": 1024 + }, + "IsTestConfig": { + "type": "keyword" + }, + "KernelDebug": { + "type": "keyword" + }, + "KeyFilePath": { + "type": "keyword" + }, + "KeyLength": { + "type": "keyword", + "ignore_above": 1024 + }, + "KeyName": { + "type": "keyword" + }, + "KeyType": { + "type": "keyword" + }, + "KeysUpdated": { + "type": "keyword" + }, + "LastBootGood": { + "type": "keyword", + "ignore_above": 1024 + }, + "LastBootId": { + "type": "keyword" + }, + "LastShutdownGood": { + "type": "keyword", + "ignore_above": 1024 + }, + "Library": { + "type": "keyword" + }, + "LmPackageName": { + "type": "keyword", + "ignore_above": 1024 + }, + "LoadOSImageStart": { + "type": "keyword" + }, + "LoadOptions": { + "type": "keyword" + }, + "LockoutDuration": { + "type": "keyword" + }, + "LockoutObservationWindow": { + "type": "keyword" + }, + "LockoutThreshold": { + "type": "keyword" + }, + "LogonGuid": { + "type": "keyword", + "ignore_above": 1024 + }, + "LogonHours": { + "type": "keyword" + }, + "LogonId": { + "type": "keyword", + "ignore_above": 1024 + }, + "LogonProcessName": { + "type": "keyword", + "ignore_above": 1024 + }, + "LogonType": { + "type": "keyword", + "ignore_above": 1024 + }, + "MachineAccountQuota": { + "type": "keyword" + }, + "MajorVersion": { + "type": "keyword", + "ignore_above": 1024 + }, + "MandatoryLabel": { + "type": "keyword" + }, + "MaxPasswordAge": { + "type": "keyword" + }, + "MaximumPerformancePercent": { + "type": "keyword", + "ignore_above": 1024 + }, + "MemberName": { + "type": "keyword", + "ignore_above": 1024 + }, + "MemberSid": { + "type": "keyword", + "ignore_above": 1024 + }, + "MessageNumber": { + "type": "keyword" + }, + "MessageTotal": { + "type": "keyword" + }, + "MinPasswordAge": { + "type": "keyword" + }, + "MinPasswordLength": { + "type": "keyword" + }, + "MinimumPasswordLength": { + "type": "keyword" + }, + "MinimumPasswordLengthAudit": { + "type": "keyword" + }, + "MinimumPerformancePercent": { + "type": "keyword", + "ignore_above": 1024 + }, + "MinimumThrottlePercent": { + "type": "keyword", + "ignore_above": 1024 + }, + "MiniportName": { + "type": "keyword" + }, + "MiniportNameLen": { + "type": "keyword" + }, + "MinorVersion": { + "type": "keyword", + "ignore_above": 1024 + }, + "MixedDomainMode": { + "type": "keyword" + }, + "NewProcessId": { + "type": "keyword", + "ignore_above": 1024 + }, + "NewProcessName": { + "type": "keyword", + "ignore_above": 1024 + }, + "NewSchemeGuid": { + "type": "keyword", + "ignore_above": 1024 + }, + "NewSd": { + "type": "keyword" + }, + "NewSize": { + "type": "keyword" + }, + "NewTargetUserName": { + "type": "keyword" + }, + "NewTime": { + "type": "keyword", + "ignore_above": 1024 + }, + "NewUacValue": { + "type": "keyword" + }, + "NominalFrequency": { + "type": "keyword", + "ignore_above": 1024 + }, + "Number": { + "type": "keyword", + "ignore_above": 1024 + }, + "NumberOfGroupPolicyObjects": { + "type": "keyword" + }, + "OSEditionID": { + "type": "keyword" + }, + "OSName": { + "type": "keyword" + }, + "OSbuildversion": { + "type": "keyword" + }, + "OSmajorversion": { + "type": "keyword" + }, + "OSminorversion": { + "type": "keyword" + }, + "OSservicepackmajorversion": { + "type": "keyword" + }, + "OSservicepackminorversion": { + "type": "keyword" + }, + "ObjectName": { + "type": "keyword" + }, + "ObjectServer": { + "type": "keyword" + }, + "ObjectType": { + "type": "keyword" + }, + "OemInformation": { + "type": "keyword" + }, + "OldSchemeGuid": { + "type": "keyword", + "ignore_above": 1024 + }, + "OldSd": { + "type": "keyword" + }, + "OldTargetUserName": { + "type": "keyword" + }, + "OldTime": { + "type": "keyword", + "ignore_above": 1024 + }, + "OldUacValue": { + "type": "keyword" + }, + "Operation": { + "type": "keyword" + }, + "OperationType": { + "type": "keyword" + }, + "OriginalFileName": { + "type": "keyword", + "ignore_above": 1024 + }, + "OriginalSize": { + "type": "keyword" + }, + "ParentProcessName": { + "type": "keyword" + }, + "PasswordHistoryLength": { + "type": "keyword" + }, + "PasswordLastSet": { + "type": "keyword" + }, + "PasswordProperties": { + "type": "keyword" + }, + "Path": { + "type": "keyword", + "ignore_above": 1024 + }, + "Payload": { + "type": "keyword" + }, + "PerformanceImplementation": { + "type": "keyword", + "ignore_above": 1024 + }, + "PreAuthType": { + "type": "keyword" + }, + "PreviousCreationUtcTime": { + "type": "keyword", + "ignore_above": 1024 + }, + "PreviousTime": { + "type": "keyword", + "ignore_above": 1024 + }, + "PrimaryGroupId": { + "type": "keyword" + }, + "PrivilegeList": { + "type": "keyword", + "ignore_above": 1024 + }, + "ProcessCreationTime": { + "type": "keyword" + }, + "ProcessID": { + "type": "keyword" + }, + "ProcessId": { + "type": "keyword", + "ignore_above": 1024 + }, + "ProcessName": { + "type": "keyword", + "ignore_above": 1024 + }, + "ProcessPath": { + "type": "keyword", + "ignore_above": 1024 + }, + "ProcessPid": { + "type": "keyword", + "ignore_above": 1024 + }, + "ProcessingMode": { + "type": "keyword" + }, + "ProcessingTimeInMilliseconds": { + "type": "keyword" + }, + "Product": { + "type": "keyword", + "ignore_above": 1024 + }, + "ProfilePath": { + "type": "keyword" + }, + "Properties": { + "type": "keyword" + }, + "ProviderName": { + "type": "keyword" + }, + "PuaCount": { + "type": "keyword", + "ignore_above": 1024 + }, + "PuaPolicyId": { + "type": "keyword", + "ignore_above": 1024 + }, + "QfeVersion": { + "type": "keyword", + "ignore_above": 1024 + }, + "QueryName": { + "type": "keyword" + }, + "ReadOperation": { + "type": "keyword" + }, + "Reason": { + "type": "keyword", + "ignore_above": 1024 + }, + "RemoteEventLogging": { + "type": "keyword" + }, + "ResetEndStart": { + "type": "keyword" + }, + "RestrictedAdminMode": { + "type": "keyword" + }, + "ReturnCode": { + "type": "keyword" + }, + "SamAccountName": { + "type": "keyword" + }, + "SchemaVersion": { + "type": "keyword", + "ignore_above": 1024 + }, + "ScriptBlockId": { + "type": "keyword" + }, + "ScriptBlockText": { + "type": "keyword", + "ignore_above": 1024 + }, + "ScriptPath": { + "type": "keyword" + }, + "ServiceName": { + "type": "keyword", + "ignore_above": 1024 + }, + "ServicePrincipalNames": { + "type": "keyword" + }, + "ServiceSid": { + "type": "keyword" + }, + "ServiceType": { + "type": "keyword" + }, + "ServiceVersion": { + "type": "keyword", + "ignore_above": 1024 + }, + "ShutdownActionType": { + "type": "keyword", + "ignore_above": 1024 + }, + "ShutdownEventCode": { + "type": "keyword", + "ignore_above": 1024 + }, + "ShutdownReason": { + "type": "keyword", + "ignore_above": 1024 + }, + "SidHistory": { + "type": "keyword" + }, + "Signature": { + "type": "keyword", + "ignore_above": 1024 + }, + "SignatureStatus": { + "type": "keyword", + "ignore_above": 1024 + }, + "Signed": { + "type": "keyword", + "ignore_above": 1024 + }, + "StartOSImageStart": { + "type": "keyword" + }, + "StartTime": { + "type": "keyword", + "ignore_above": 1024 + }, + "StartType": { + "type": "keyword" + }, + "State": { + "type": "keyword", + "ignore_above": 1024 + }, + "Status": { + "type": "keyword", + "ignore_above": 1024 + }, + "StopTime": { + "type": "keyword", + "ignore_above": 1024 + }, + "SubjectDomainName": { + "type": "keyword", + "ignore_above": 1024 + }, + "SubjectLogonId": { + "type": "keyword", + "ignore_above": 1024 + }, + "SubjectUserName": { + "type": "keyword", + "ignore_above": 1024 + }, + "SubjectUserSid": { + "type": "keyword", + "ignore_above": 1024 + }, + "SupportInfo1": { + "type": "keyword" + }, + "SupportInfo2": { + "type": "keyword" + }, + "TSId": { + "type": "keyword", + "ignore_above": 1024 + }, + "TargetDomainName": { + "type": "keyword", + "ignore_above": 1024 + }, + "TargetInfo": { + "type": "keyword", + "ignore_above": 1024 + }, + "TargetLinkedLogonId": { + "type": "keyword" + }, + "TargetLogonGuid": { + "type": "keyword", + "ignore_above": 1024 + }, + "TargetLogonId": { + "type": "keyword", + "ignore_above": 1024 + }, + "TargetName": { + "type": "keyword" + }, + "TargetOutboundDomainName": { + "type": "keyword" + }, + "TargetOutboundUserName": { + "type": "keyword" + }, + "TargetProcessId": { + "type": "keyword" + }, + "TargetProcessName": { + "type": "keyword" + }, + "TargetServerName": { + "type": "keyword", + "ignore_above": 1024 + }, + "TargetSid": { + "type": "keyword" + }, + "TargetUserName": { + "type": "keyword", + "ignore_above": 1024 + }, + "TargetUserSid": { + "type": "keyword", + "ignore_above": 1024 + }, + "TaskName": { + "type": "keyword" + }, + "TerminalSessionId": { + "type": "keyword", + "ignore_above": 1024 + }, + "TestSigning": { + "type": "keyword" + }, + "TicketEncryptionType": { + "type": "keyword" + }, + "TicketOptions": { + "type": "keyword" + }, + "TimeSource": { + "type": "keyword" + }, + "TimeSourceRefId": { + "type": "keyword" + }, + "TokenElevationType": { + "type": "keyword", + "ignore_above": 1024 + }, + "TransmittedServices": { + "type": "keyword", + "ignore_above": 1024 + }, + "Type": { + "type": "keyword" + }, + "UpdateReason": { + "type": "keyword" + }, + "UserAccountControl": { + "type": "keyword" + }, + "UserContext": { + "type": "keyword" + }, + "UserParameters": { + "type": "keyword" + }, + "UserPrincipalName": { + "type": "keyword" + }, + "UserSid": { + "type": "keyword", + "ignore_above": 1024 + }, + "UserWorkstations": { + "type": "keyword" + }, + "Version": { + "type": "keyword", + "ignore_above": 1024 + }, + "VersionLen": { + "type": "keyword" + }, + "VirtualAccount": { + "type": "keyword" + }, + "VsmLaunchType": { + "type": "keyword" + }, + "VsmPolicy": { + "type": "keyword" + }, + "Win32Error": { + "type": "keyword" + }, + "Workstation": { + "type": "keyword", + "ignore_above": 1024 + }, + "WorkstationName": { + "type": "keyword" + }, + "error": { + "type": "keyword" + }, + "evtHiveName": { + "type": "keyword" + }, + "evtHiveNameLength": { + "type": "keyword" + }, + "locationCode": { + "type": "keyword" + }, + "param1": { + "type": "keyword", + "ignore_above": 1024 + }, + "param10": { + "type": "keyword" + }, + "param11": { + "type": "keyword" + }, + "param12": { + "type": "keyword" + }, + "param2": { + "type": "keyword", + "ignore_above": 1024 + }, + "param3": { + "type": "keyword", + "ignore_above": 1024 + }, + "param4": { + "type": "keyword", + "ignore_above": 1024 + }, + "param5": { + "type": "keyword", + "ignore_above": 1024 + }, + "param6": { + "type": "keyword", + "ignore_above": 1024 + }, + "param7": { + "type": "keyword", + "ignore_above": 1024 + }, + "param8": { + "type": "keyword", + "ignore_above": 1024 + }, + "param9": { + "type": "keyword" + }, + "serviceGuid": { + "type": "keyword" + }, + "spn1": { + "type": "keyword" + }, + "spn2": { + "type": "keyword" + }, + "updateGuid": { + "type": "keyword" + }, + "updateRevisionNumber": { + "type": "keyword" + }, + "updateTitle": { + "type": "keyword" + } + } + }, + "event_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "keywords": { + "type": "keyword", + "ignore_above": 1024 + }, + "logon": { + "properties": { + "failure": { + "properties": { + "reason": { + "type": "keyword", + "ignore_above": 1024 + }, + "status": { + "type": "keyword", + "ignore_above": 1024 + }, + "sub_status": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "id": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "opcode": { + "type": "keyword", + "ignore_above": 1024 + }, + "process": { + "properties": { + "pid": { + "type": "long" + }, + "thread": { + "properties": { + "id": { + "type": "long" + } + } + } + } + }, + "provider_guid": { + "type": "keyword", + "ignore_above": 1024 + }, + "provider_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "record_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "related_activity_id": { + "type": "keyword", + "ignore_above": 1024 + }, + "task": { + "type": "keyword", + "ignore_above": 1024 + }, + "time_created": { + "type": "date" + }, + "user": { + "properties": { + "domain": { + "type": "keyword", + "ignore_above": 1024 + }, + "identifier": { + "type": "keyword", + "ignore_above": 1024 + }, + "name": { + "type": "keyword", + "ignore_above": 1024 + }, + "type": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "user_data": { + "properties": { + "Channel": { + "type": "keyword" + }, + "ClientProcessId": { + "type": "keyword" + }, + "ClientProcessStartKey": { + "type": "keyword" + }, + "SubjectDomainName": { + "type": "keyword" + }, + "SubjectLogonId": { + "type": "keyword" + }, + "SubjectUserName": { + "type": "keyword" + }, + "SubjectUserSid": { + "type": "keyword" + }, + "binaryData": { + "type": "keyword" + }, + "binaryDataSize": { + "type": "keyword" + }, + "param1": { + "type": "keyword" + }, + "param2": { + "type": "keyword" + }, + "xml_name": { + "type": "keyword" + } + } + }, + "version": { + "type": "long" + } + } + }, + "x509": { + "properties": { + "alternative_names": { + "type": "keyword", + "ignore_above": 1024 + }, + "issuer": { + "properties": { + "common_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country": { + "type": "keyword", + "ignore_above": 1024 + }, + "distinguished_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "locality": { + "type": "keyword", + "ignore_above": 1024 + }, + "organization": { + "type": "keyword", + "ignore_above": 1024 + }, + "organizational_unit": { + "type": "keyword", + "ignore_above": 1024 + }, + "state_or_province": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "not_after": { + "type": "date" + }, + "not_before": { + "type": "date" + }, + "public_key_algorithm": { + "type": "keyword", + "ignore_above": 1024 + }, + "public_key_curve": { + "type": "keyword", + "ignore_above": 1024 + }, + "public_key_exponent": { + "type": "long", + "index": false, + "doc_values": false + }, + "public_key_size": { + "type": "long" + }, + "serial_number": { + "type": "keyword", + "ignore_above": 1024 + }, + "signature_algorithm": { + "type": "keyword", + "ignore_above": 1024 + }, + "subject": { + "properties": { + "common_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "country": { + "type": "keyword", + "ignore_above": 1024 + }, + "distinguished_name": { + "type": "keyword", + "ignore_above": 1024 + }, + "locality": { + "type": "keyword", + "ignore_above": 1024 + }, + "organization": { + "type": "keyword", + "ignore_above": 1024 + }, + "organizational_unit": { + "type": "keyword", + "ignore_above": 1024 + }, + "state_or_province": { + "type": "keyword", + "ignore_above": 1024 + } + } + }, + "version_number": { + "type": "keyword", + "ignore_above": 1024 + } + } + } + } + } + } +} \ No newline at end of file diff --git a/testing/tests/api_tests/winlogbeat/test_data/winlog_search_data.json b/testing/tests/api_tests/winlogbeat/test_data/winlog_search_data.json new file mode 100644 index 00000000..ba8125be --- /dev/null +++ b/testing/tests/api_tests/winlogbeat/test_data/winlog_search_data.json @@ -0,0 +1,86 @@ +{ + "took": 3, + "timed_out": false, + "_shards": { + "total": 1, + "successful": 1, + "skipped": 0, + "failed": 0 + }, + "hits": { + "total": { + "value": 4283, + "relation": "eq" + }, + "max_score": 0.27635396, + "hits": [ + { + "_index": "winlogbeat-000001", + "_id": "Wqh8PI4BWrHmXCODvAOh", + "_score": 0.27635396, + "_source": { + "agent": { + "name": "DC1", + "id": "329b0988-40f1-4f26-9656-7f038ebc8d9c", + "ephemeral_id": "f189af81-3221-404f-a99c-350a087003fb", + "type": "winlogbeat", + "version": "8.5.0" + }, + "@timestamp": "2024-03-14T10:23:08.964Z", + "winlog": { + "record_id": 4714, + "computer_name": "DC1.lme.local", + "process": { + "pid": 648, + "thread": { + "id": 3684 + } + }, + "event_id": "4634", + "task": "Logoff", + "keywords": [ + "Audit Success" + ], + "provider_guid": "{54849625-5478-4994-a5ba-3e3b0328c30d}", + "channel": "Security", + "api": "wineventlog", + "event_data": { + "TargetLogonId": "0x5bec95", + "LogonType": "3", + "TargetUserName": "DC1$", + "TargetDomainName": "LME", + "TargetUserSid": "S-1-5-18" + }, + "opcode": "Info", + "provider_name": "Microsoft-Windows-Security-Auditing" + }, + "ecs": { + "version": "8.0.0" + }, + "log": { + "level": "information" + }, + "host": { + "name": "DC1.lme.local" + }, + "@version": "1", + "message": "An account was logged off.\n\nSubject:\n\tSecurity ID:\t\tS-1-5-18\n\tAccount Name:\t\tDC1$\n\tAccount Domain:\t\tLME\n\tLogon ID:\t\t0x5BEC95\n\nLogon Type:\t\t\t3\n\nThis event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.", + "event": { + "ingested": "2024-03-14T10:23:11.521737481Z", + "code": "4634", + "original": "An account was logged off.\n\nSubject:\n\tSecurity ID:\t\tS-1-5-18\n\tAccount Name:\t\tDC1$\n\tAccount Domain:\t\tLME\n\tLogon ID:\t\t0x5BEC95\n\nLogon Type:\t\t\t3\n\nThis event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.", + "provider": "Microsoft-Windows-Security-Auditing", + "kind": "event", + "created": "2024-03-14T10:23:10.459Z", + "action": "Logoff", + "outcome": "success" + }, + "tags": [ + "beats", + "beats_input_codec_plain_applied" + ] + } + } + ] + } +} \ No newline at end of file diff --git a/testing/tests/api_tests/winlogbeat/test_server.py b/testing/tests/api_tests/winlogbeat/test_server.py new file mode 100644 index 00000000..b84c0148 --- /dev/null +++ b/testing/tests/api_tests/winlogbeat/test_server.py @@ -0,0 +1,111 @@ +import json +import warnings + +import pytest +from jsonschema import validate +from jsonschema.exceptions import ValidationError +import requests +from requests.auth import HTTPBasicAuth +import urllib3 +import os + +from api_tests.helpers import make_request, load_json_schema + +# Disable SSL warnings +urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) + +current_script_path = os.path.abspath(__file__) +current_script_dir = os.path.dirname(current_script_path) + + +def convertJsonFileToString(file_path): + with open(file_path, "r") as file: + return file.read() + + +@pytest.fixture(autouse=True) +def suppress_insecure_request_warning(): + warnings.simplefilter("ignore", urllib3.exceptions.InsecureRequestWarning) + + +@pytest.mark.skip(reason="This test is too fragile and the data is not stable") +def test_elastic_mapping(es_host, es_port, username, password): + # This test currently works for full installation. For Partial installation (only Ls1), the static mappings file will need to be changed. + url = f"https://{es_host}:{es_port}/winlogbeat-000001/_mapping" + response = make_request(url, username, password) + assert response.status_code == 200, f"Expected 200, got {response.status_code}" + + response_data = response.json() + static_mapping = json.load( + open(f"{current_script_dir}/test_data/mapping_response.json") + ) + + # Dumping Actual Response Json into file for comparison if test fails. + json.dump( + response_data, + open(f"{current_script_dir}/test_data/mapping_response_actual.json", "w"), + indent=4, + ) + + assert static_mapping == response_data, "Mappings Json did not match Expected" + + +def test_winlogbeat_settings(es_host, es_port, username, password): + url = f"https://{es_host}:{es_port}/winlogbeat-*/_settings" + response = make_request(url, username, password) + assert response.status_code == 200, f"Expected 200, got {response.status_code}" + body = response.json() + + # Getting the value of Root Key + for key in body: + rootKey = key + + assert ( + body[rootKey]["settings"]["index"]["lifecycle"]["name"] == "lme_ilm_policy" + ), f'Expected "lme_ilm_policy", got {body[rootKey]["settings"]["index"]["lifecycle"]["name"]}' + assert ( + body[rootKey]["settings"]["index"]["lifecycle"]["rollover_alias"] + == "winlogbeat-alias" + ), f'Expected "winlogbeat-alias", got {body[rootKey]["settings"]["index"]["lifecycle"]["rollover_alias"]}' + + assert ( + "creation_date" in body[rootKey]["settings"]["index"] + ), "Expected creation_date property, not found" + assert ( + "number_of_replicas" in body[rootKey]["settings"]["index"] + ), "Expected number_of_replicas property, not found" + assert ( + "uuid" in body[rootKey]["settings"]["index"] + ), "Expected uuid property, not found" + assert ( + "created" in body[rootKey]["settings"]["index"]["version"] + ), "Expected created property, not found" + + with open(f"{current_script_dir}/test_data/mapping_datafields.txt") as f: + data_fields = f.read().splitlines() + + act_data_fields = body[rootKey]["settings"]["index"]["query"]["default_field"] + assert ( + act_data_fields.sort() == data_fields.sort() + ), "Winlogbeats data fields do not match" + + +def test_winlogbeat_search(es_host, es_port, username, password): + # This test requires DC1 instance in cluster set up otherwise it will fail + url = f"https://{es_host}:{es_port}/winlogbeat-*/_search" + body = {"size": 1, "query": {"term": {"host.name": "DC1.lme.local"}}} + response = make_request(url, username, password, body=body) + + assert response.status_code == 200, f"Expected 200, got {response.status_code}" + data = response.json() + # json.dump( + # data, + # open(f"{current_script_dir}/test_data/winlog_search_data.json", "w"), + # indent=4, + # ) + + assert data["hits"]["hits"][0]["_source"]["host"]["name"] == "DC1.lme.local" + + # Validating JSON Response schema + schema = load_json_schema(f"{current_script_dir}/schemas/winlogbeat_search.json") + validate(instance=response.json(), schema=schema) diff --git a/testing/tests/docker-compose.yml b/testing/tests/docker-compose.yml new file mode 100644 index 00000000..2e4d3eb4 --- /dev/null +++ b/testing/tests/docker-compose.yml @@ -0,0 +1,9 @@ +version: '3.8' + +services: + ubuntu: + build: . + container_name: lme_testing + volumes: + - .:/app # Mounts the current directory to /app in the container + command: sleep infinity \ No newline at end of file diff --git a/testing/tests/requirements.txt b/testing/tests/requirements.txt new file mode 100644 index 00000000..59af84e1 --- /dev/null +++ b/testing/tests/requirements.txt @@ -0,0 +1,21 @@ +attrs>=23.2.0 +certifi>=2023.11.17 +charset-normalizer>=3.3.2 +exceptiongroup>=1.2.0 +idna>=3.6 +iniconfig>=2.0.0 +jsonschema>=4.21.1 +jsonschema-specifications>=2023.12.1 +packaging>=23.2 +pluggy>=1.4.0 +pytest>=8.0.0 +pytest-dotenv>=0.5.2 +python-dotenv>=1.0.1 +referencing>=0.33.0 +requests>=2.31.0 +rpds-py>=0.17.1 +tomli>=2.0.1 +urllib3>=2.1.0 +selenium +webdriver-manager +pytest-html>=4.1.1 diff --git a/testing/tests/selenium_tests.py b/testing/tests/selenium_tests.py new file mode 100644 index 00000000..5e1d115b --- /dev/null +++ b/testing/tests/selenium_tests.py @@ -0,0 +1,636 @@ +"""Runs automated test cases against the kibana dashboards. + +For full usage, run: + python3 selenium_tests.py -h + py -u selenium_tests.py 2> log.txt #redirects everything to a text file. +NOTE: +- before running the Elastic interface password must be +saved as an environment variable, ELASTIC_PASSWORD. +- The script assumes access to the server without any +ssl errors. + +Basic usage: + python3 selenium_tests.py --mode MODE --timeout TIMEOUT +where MODE is either headless, detached, or debug. Defaults to headless +and where TIMEOUT is in seconds. Defaults to 30. + +Additionally, you can pass in arguments to the unittest +library, such as the -v flag.""" + +import unittest +import argparse +import sys +import os + +from webdriver_manager.chrome import ChromeDriverManager +from selenium.webdriver.support import expected_conditions as EC +from selenium.webdriver.support.ui import WebDriverWait +from selenium.webdriver.chrome.service import Service +from selenium.webdriver.common.by import By +from selenium import webdriver + +parser = argparse.ArgumentParser() +parser.add_argument('--timeout', help='Timeout, in seconds. Defaults to 30.', + default=30, + type=int) +parser.add_argument('--mode', help='Headless, no browser, detached, open browser, debug, open browser and leave it open. Default is no headless.', default='headless') +parser.add_argument('--domain', help='The ip or domain of the elasticsearch server', default='ls1') + +args, unittestArgs = parser.parse_known_args() + +def login(password : str) -> None: + """Login and load the home page""" + + url = f"https://{args.domain}" + driver.get(url) + + # Wait for the login page to load + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, 'input[name="username"]')) + WebDriverWait(driver, args.timeout).until(expected_cond) + + # Login + username_input = driver.find_element(By.CSS_SELECTOR, 'input[name="username"]') + username_input.send_keys("elastic") + password_input = driver.find_element(By.CSS_SELECTOR, 'input[name="password"]') + password_input.send_keys(password) + submit_button = driver.find_element(By.CSS_SELECTOR, 'button[data-test-subj="loginSubmit"]') + submit_button.click() + + # Wait for the home page to load + selector = 'div[data-test-subj="homeApp"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, args.timeout).until(expected_cond) + +def load_panel(panel_title : str): + """Waits for the given panel to load then returns it. Assumes that the appropriate dashboard + has already been loaded by the setUp functions.""" + + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.all_of( + EC.presence_of_element_located((By.CSS_SELECTOR, selector)), + EC.none_of(EC.text_to_be_present_in_element_attribute((By.CSS_SELECTOR, selector), + "innerHTML", "Loading")) + ) + WebDriverWait(driver, args.timeout).until(expected_cond) + return driver.find_element(By.CSS_SELECTOR, selector) + +class BasicLoading(unittest.TestCase): + "High-level tests, very basic functionality only." + + def test_title(self): + """If for some reason we weren't able to access the webpage at + all, this would be the first test to show it.""" + + driver.get(f"https://{args.domain}/app/dashboards") + selector = 'div[data-test-subj="dashboardLandingPage"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, args.timeout).until(expected_cond) + self.assertEqual(driver.title, "Dashboards - Elastic") + +class UserSecurityTests(unittest.TestCase): + """Test cases for the User Security Dashboard""" + + def setUp(self): + # The dashboard ID is hard-coded in the ndjson file + dashboard_id = "e5f203f0-6182-11ee-b035-d5f231e90733" + driver.get(f"https://{args.domain}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, args.timeout).until(expected_cond) + + def test_dashboard_menu(self): + """Is there any data?""" + panel = load_panel("Dashboard Menu") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_search_users(self): + """Is there any data?""" + panel = load_panel("Search users") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_search_hosts(self): + """Is there any data?""" + panel = load_panel("Search hosts") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_filter_hosts(self): + """Is there any data?""" + panel = load_panel("Filter hosts") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_filter_users(self): + """Is there any data?""" + panel = load_panel("Filter users") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_security_logon_attempts(self): + """Is there any data?""" + panel = load_panel("Security - Logon attempts") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_security_logon_hosts(self): + """Is there any data?""" + panel = load_panel("Security - Logon hosts") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_logon_attempts(self): + """Is there any data?""" + panel = load_panel("Logon attempts") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_logged_on_computers(self): + """Is there any data?""" + panel = load_panel("Logged on computers") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_user_logon_logoff_events(self): + """Is there any data?""" + panel = load_panel("User Logon & Logoff Events") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_all_network_connections(self): + """Is there any data for the "All network connections" panel?""" + panel = load_panel("All network connections") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_network_connections_from_nonbrowser_processes(self): + """Is there any data?""" + panel = load_panel("Network connections from non-browser processes") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_network_connections_by_protocol(self): + """Is there any data for the "Network connection by protocol" panel?""" + panel = load_panel("Network connection by protocol") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_unusual_network_connections_from_non_browser_processes(self): + """Is there any data?""" + panel = load_panel("Unusual network connections from non-browser processes") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_network_connection_events(self): + """Is there any data?""" + panel = load_panel("Network Connection Events (Sysmon ID 3)") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_spawned_processes(self): + """Is there any data?""" + panel = load_panel("Spawned Processes") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_powershell_events(self): + """Is there any data?""" + panel = load_panel("Powershell Events") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_powershell_events_over_time(self): + """Is there any data?""" + panel = load_panel("Powershell events over time") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_powershell_events_by_computer(self): + """Is there any data?""" + panel = load_panel("Powershell events by computer") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_potentially_suspicious_powershell(self): + """Is there any data?""" + panel = load_panel("Potentially suspicious powershell") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_powershell_network_connections(self): + """Is there any data?""" + panel = load_panel("Powershell network connections") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_references_to_temporary_files(self): + """Is there any data?""" + panel = load_panel("References to temporary files") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_raw_access_read(self): + """Is there any data?""" + panel = load_panel("RawAccessRead (Sysmon Event 9)") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_defender_event_count(self): + """Is there any data?""" + panel = load_panel("Defender event count") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_av_hits(self): + """Is there any data?""" + panel = load_panel("AV Hits (Count)") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_av_detections(self): + """Is there any data?""" + panel = load_panel("AV Detections (Event 1116)") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_raw_access_read(self): + """Is there any data?""" + panel = load_panel("RawAccessRead (Sysmon Event 9)") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + +class UserHRTests(unittest.TestCase): + """Test cases for the User HR Dashboard""" + + def setUp(self): + # The dashboard ID is hard-coded in the ndjson file + dashboard_id = "618bc5d0-84f8-11ee-9838-ff0db128d8b2" + driver.get(f"https://{args.domain}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, args.timeout).until(expected_cond) + + def test_dashboard_menu(self): + """Is there any data?""" + panel = load_panel("Dashboard Menu") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_domains_and_usernames(self): + """Is there any data?""" + panel = load_panel("Select domain(s) and username(s)") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_filter_users(self): + """Is there any data?""" + panel = load_panel("Filter Users") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_filter_computers(self): + """Is there any data?""" + panel = load_panel("Filter Computers") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_filter_users(self): + """Is there any data?""" + panel = load_panel("Filter Users") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_all_user_events(self): + """Is there any data?""" + panel = load_panel("All User Events by Day of Week, Hour of Day") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_timestamps_by_count(self): + """Is there any data?""" + panel = load_panel("Timestamps by Count") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_user_logon_events(self): + """Is there any data?""" + panel = load_panel("User logon events (filter by LogonId)") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_user_logoff_events(self): + """Is there any data?""" + panel = load_panel("User logoff events (correlate to logon events)") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_inperson_vs_remote_logons(self): + """Is there any data?""" + panel = load_panel("In person vs Remote logons") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + +class SecurityDashboardSecurityLogTests(unittest.TestCase): + """Test cases for the Security Dashboard - Security Log Dashboard""" + + def setUp(self): + # The dashboard ID is hard-coded in the ndjson file + dashboard_id = "51186cd0-e8e9-11e9-9070-f78ae052729a" + driver.get(f"https://{args.domain}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, args.timeout).until(expected_cond) + + def test_dashboard_menu(self): + """Is there any data?""" + panel = load_panel("Dashboard Menu") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_security_log_events(self): + """Is there any data?""" + panel = load_panel("Security logs events") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_computer_filter_results(self): + """Is there any data?""" + panel = load_panel("Select a computer to filter the below results. Leave blank for all") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_computer_filter(self): + """Is there any data?""" + panel = load_panel("Select a computername to filter") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_failed_logon_attempts(self): + """Is there any data?""" + panel = load_panel("Failed logon attempts") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_computers_showing_failed_login_attempts(self): + """Is there any data?""" + panel = load_panel("Computers showing failed login attempts - 10 maximum shown") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_failed_logons_type_codes(self): + """Is there any data?""" + panel = load_panel("Failed logon type codes") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_failed_logon_and_reason(self): + """Is there any data?""" + panel = load_panel("Failed logon and reason (status code)") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_failed_logons(self): + """Is there any data?""" + panel = load_panel("Failed Logons") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_failed_logon_status_codes(self): + """Is there any data?""" + panel = load_panel("Failed logon status codes") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_log_cleared_event_id_1102_or_104(self): + """Is there any data?""" + panel = load_panel("Log Cleared - event ID 1102 or 104") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_security_log_events_detail(self): + """Is there any data?""" + panel = load_panel("Security log events - Detail") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_security_log_process_creation_event_id_4688(self): + """Is there any data?""" + panel = load_panel("Security log - Process creation - event ID 4688") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_security_log_logon_created_logon_type_2(self): + """Is there any data?""" + panel = load_panel("Security log - Logon created - Logon type 2") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_security_log_network_logon_created_type_3(self): + """Is there any data?""" + panel = load_panel("Security log - network logon created - Logon type 3") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_security_log_logon_as_a_service_type_5(self): + """Is there any data?""" + panel = load_panel("Sercurity log - logon as a service - Logon type 5") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_credential_sent_as_clear_text_type_8(self): + """Is there any data?""" + panel = load_panel("Security log - Credential sent as clear text - Logon type 8") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_logons_with_special_privileges(self): + """Is there any data?""" + panel = load_panel("Security log - Logons with special privileges assigned - event ID 4672") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_process_started_with_different_creds(self): + """Is there any data?""" + panel = load_panel("Security log - Process started with different credentials- " \ + "event ID 4648 [could be RUNAS, scheduled tasks]") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + +class ComputerSoftwareOverviewTests(unittest.TestCase): + """Test cases for the Computer Software Overview Dashboard""" + + def setUp(self): + # The dashboard ID is hard-coded in the ndjson file + dashboard_id = "33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12" + driver.get(f"https://{args.domain}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, args.timeout).until(expected_cond) + + def test_dashboard_menu(self): + """Is there any data?""" + panel = load_panel("Dashboard Menu") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_host_count(self): + """Is there any data?""" + panel = load_panel("Host Count") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_filter_hosts(self): + """Is there any data?""" + panel = load_panel("Filter Hosts") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_processes(self): + """Is there any data?""" + panel = load_panel("Processes") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_application_crashing_and_hanging(self): + """Is there any data?""" + panel = load_panel("Application Crashing and Hanging") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_application_crashing_and_hanging_count(self): + """Is there any data?""" + panel = load_panel("Application Crashing and Hanging Count") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_create_remote_threat_events(self): + """Is there any data?""" + panel = load_panel("CreateRemoteThread events") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + +class SysmonSummaryTests(unittest.TestCase): + """Test cases for the Sysmon Summary Dashboard""" + + def setUp(self): + # The dashboard ID is hard-coded in the ndjson file + dashboard_id = "d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed" + driver.get(f"https://{args.domain}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, args.timeout).until(expected_cond) + + def test_total_number_of_sysmon_events_found(self): + """Is there any data?""" + panel = load_panel("Total number of Sysmon events found") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_percentage_of_sysmon_events_by_event_code(self): + """Is there any data?""" + panel = load_panel("Percentage of Sysmon events by event code") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_count_of_sysmon_events_by_event_code(self): + """Is there any data?""" + panel = load_panel("Count of Sysmon events by event code") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_top10_hosts_generating_most_sysmon_data(self): + """Is there any data?""" + panel = load_panel("Top 10 hosts generating the most Sysmon data") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_sysmon_event_code_reference(self): + """Is there any data?""" + panel = load_panel("Sysmon event code reference") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_sysmon_events(self): + """Is there any data?""" + panel = load_panel("Sysmon events") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + +class ProcessExplorerTests(unittest.TestCase): + """Test cases for the Process Explorer Dashboard""" + + def setUp(self): + # The dashboard ID is hard-coded in the ndjson file + dashboard_id = "f2cbc110-8400-11ee-a3de-f1bc0525ad6c" + driver.get(f"https://{args.domain}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, args.timeout).until(expected_cond) + + def test_process_spawns_over_time(self): + """Is there any data?""" + panel = load_panel("Process spawns over time") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_hosts(self): + """Is there any data?""" + panel = load_panel("Hosts") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_users(self): + """Is there any data?""" + panel = load_panel("Users") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_processes_created_by_users_over_time(self): + """Is there any data?""" + panel = load_panel("Processes created by users over time") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_process_spawn_event_logs_id1(self): + """Is there any data?""" + panel = load_panel("Process spawn event logs (Sysmon ID 1)") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_files_created_in_downloads(self): + """Is there any data?""" + panel = load_panel("Files created (in Downloads)") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_files_created_over_time_in_downloads(self): + """Is there any data?""" + panel = load_panel("Files created over time (in Downloads)") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_registry_events_sysmon_12_13_14(self): + """Is there any data?""" + panel = load_panel("Registry events (Sysmon 12, 13, 14)") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + +# class AlertingTests(unittest.TestCase): +# """Test cases for the Alerting Dashboard""" + +# def setUp(self): +# # The dashboard ID is hard-coded in the ndjson file +# dashboard_id = "ac1078e0-8a32-11ea-8939-89f508ff7909" +# driver.get(f"https://{args.domain}/app/dashboards#/view/{dashboard_id}") +# expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) +# WebDriverWait(driver, args.timeout).until(expected_cond) + +# def test_signals_overview(self): +# """Is there any data?""" +# panel = load_panel("Signals Overview") +# self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + +# def test_mitre_attack_technique(self): +# """Is there any data?""" +# panel = load_panel("MITRE ATT&CK Technique") +# self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + +# def test_signals_details(self): +# """Is there any data?""" +# panel = load_panel("Signals Details") +# self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + +# def test_full_event_logs(self): +# """Is there any data?""" +# panel = load_panel("Full Event Logs") +# self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + +class HealthCheckTests(unittest.TestCase): + """Test cases for the HealthCheck Dashboard""" + #2/6/2024, main branch on lme. The health check dashboard has an odd dashboard menu. This will likely need updating. + + def setUp(self): + # The dashboard ID is hard-coded in the ndjson file + dashboard_id = "51fe1470-fa59-11e9-bf25-8f92ffa3e3ec" + driver.get(f"https://{args.domain}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, args.timeout).until(expected_cond) + + def test_total_hosts(self): + """Is there any data?""" + panel = load_panel("Alpha - Health Check - Total Hosts - Metric") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_users_seen(self): + """Is there any data?""" + panel = load_panel("Users seen") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_number_of_admins(self): + """Is there any data?""" + panel = load_panel("Alpha - Health Check - Number of Admins - Metric (converted)") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_events_by_machine(self): + """Is there any data?""" + panel = load_panel("Events by machine") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + + def test_unexpected_shutdowns(self): + """Is there any data?""" + panel = load_panel("Unexpected shutdowns") + self.assertFalse("No results found" in panel.get_attribute("innerHTML")) + +options = webdriver.ChromeOptions() +if args.mode == "detached" or args.mode =="debug": #browser opens + print("# " + args.mode + " mode #") + options.add_experimental_option("detach", True) + +else: #Browser does not open. Default mode is headless + print("# headless mode #") + options.add_argument("--headless=new") + # options.add_argument("--proxy-server='direct://'") + # options.add_argument("--proxy-bypass-list=*") + options.add_argument("--disable-gpu") + options.add_argument("--window-size=1920,1080") + options.add_argument("--ignore-certificate-errors") + options.add_argument("--no-sandbox") + options.add_argument("--disable-dev-shm-usage") + +s = Service(ChromeDriverManager().install()) +driver = webdriver.Chrome(service=s, options=options) + +try: + login(os.environ['ELASTIC_PASSWORD']) +except KeyError: + MESSAGE = "Error: Elastic password not set. Should be saved as env variable, ELASTIC_PASSWORD." + print(MESSAGE, file=sys.stderr) + sys.exit(1) + +unit_argv = [sys.argv[0]] + unittestArgs +unittest.main(argv=unit_argv, exit=False) + +if args.mode == "debug": + print("# Debug Mode - Browser will remain open.") # Browser will stay open +else: + driver.stop_client() + driver.close() + driver.quit() diff --git a/testing/tests/selenium_tests/Old/dashboards.py b/testing/tests/selenium_tests/Old/dashboards.py new file mode 100644 index 00000000..890479a9 --- /dev/null +++ b/testing/tests/selenium_tests/Old/dashboards.py @@ -0,0 +1,334 @@ +import pytest +import os +from selenium.webdriver.support.ui import WebDriverWait +from selenium.webdriver.support import expected_conditions as EC +from selenium.webdriver.common.by import By + +class TestBasicLoading: + @pytest.fixture(scope="class") + def setup_login(self, driver, login): + login() + yield driver + + # @pytest.fixture(scope="class", autouse=True) + # def setup_teardown(self, driver): + # yield + # driver.quit() # Clean up the browser (driver) here + + + def test_title(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards") + selector = 'div[data-test-subj="dashboardLandingPage"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + assert driver.title == "Dashboards - Elastic" + + def test_dashboard_menu(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "e5f203f0-6182-11ee-b035-d5f231e90733" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Dashboard Menu" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + +class TestUserSecurityDashboard: + @pytest.fixture(scope="class") + def setup_login(self, driver, login): + login() + yield driver + + def test_search_users(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "e5f203f0-6182-11ee-b035-d5f231e90733" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Search users" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_search_hosts(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "e5f203f0-6182-11ee-b035-d5f231e90733" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Search hosts" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_security_logon_attempts(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "e5f203f0-6182-11ee-b035-d5f231e90733" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Security - Logon attempts" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_security_logon_hosts(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "e5f203f0-6182-11ee-b035-d5f231e90733" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Security - Logon hosts" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_av_hits(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "e5f203f0-6182-11ee-b035-d5f231e90733" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "AV Hits (Count)" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_defender_event_count(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "e5f203f0-6182-11ee-b035-d5f231e90733" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Defender event count" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + +class TestUserHRDashboard: + @pytest.fixture(scope="class") + def setup_login(self, driver, login): + login() + yield driver + def test_dashboard_menu(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "618bc5d0-84f8-11ee-9838-ff0db128d8b2" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Dashboard Menu" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_domains_and_usernames(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "618bc5d0-84f8-11ee-9838-ff0db128d8b2" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Select domain(s) and username(s)" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_all_user_events(self, driver, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "618bc5d0-84f8-11ee-9838-ff0db128d8b2" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "All User Events by Day of Week, Hour of Day" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_timestamps_by_count(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "618bc5d0-84f8-11ee-9838-ff0db128d8b2" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Timestamps by Count" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + + def test_dashboard_menu(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "51186cd0-e8e9-11e9-9070-f78ae052729a" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Dashboard Menu" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + +class TestSecurityDashboardSecurityLog: + @pytest.fixture(scope="class") + def setup_login(self, driver, login): + login() + yield driver + + def test_security_log_events(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "51186cd0-e8e9-11e9-9070-f78ae052729a" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Security logs events" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_failed_logon_attempts(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "51186cd0-e8e9-11e9-9070-f78ae052729a" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Failed logon attempts" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_failed_logons_type_codes(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "51186cd0-e8e9-11e9-9070-f78ae052729a" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Failed logon type codes" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_failed_logon_status_codes(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "51186cd0-e8e9-11e9-9070-f78ae052729a" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Failed logon status codes" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + +class TestComputerSoftwareOverviewDashboard: + @pytest.fixture(scope="class") + def setup_login(self, driver, login): + login() + yield driver + + def test_dashboard_menu(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Dashboard Menu" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_host_count(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Host Count" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + +class TestSysmonSummaryDashboard: + @pytest.fixture(scope="class") + def setup_login(self, driver, login): + login() + yield driver + + def test_total_number_of_sysmon_events_found(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Total number of Sysmon events found" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_sysmon_event_code_reference(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Sysmon event code reference" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + +class TestHealthCheckDashboard: + @pytest.fixture(scope="class") + def setup_login(self, driver, login): + login() + yield driver + + def test_users_seen(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "51fe1470-fa59-11e9-bf25-8f92ffa3e3ec" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Users seen" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") \ No newline at end of file diff --git a/testing/tests/selenium_tests/Old/dashboards_cluster.py b/testing/tests/selenium_tests/Old/dashboards_cluster.py new file mode 100644 index 00000000..adcacb2f --- /dev/null +++ b/testing/tests/selenium_tests/Old/dashboards_cluster.py @@ -0,0 +1,784 @@ +import pytest +import os +from selenium.webdriver.support.ui import WebDriverWait +from selenium.webdriver.support import expected_conditions as EC +from selenium.webdriver.common.by import By +from selenium.common.exceptions import NoSuchElementException + + +class TestHealthCheckDashboard: + dashboard_id = "51fe1470-fa59-11e9-bf25-8f92ffa3e3ec" + + @pytest.fixture(scope="class") + def setup_login(self, driver, login): + login() + yield driver + + def test_number_of_admins(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Number of Admins" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_total_hosts(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Total Hosts" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_events_by_machine(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Events by machine" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_unexpected_shutdowns(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Unexpected shutdowns" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + +class TestProcessExplorerDashboard: + dashboard_id = "f2cbc110-8400-11ee-a3de-f1bc0525ad6c" + + @pytest.fixture(scope="class") + def setup_login(self, driver, login): + login() + yield driver + + def test_files_created_over_time_in_downloads(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Files created (in Downloads)" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_files_created_in_downloads(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Files created (in Downloads)" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_hosts(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Hosts" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_process_spawn_event_logs_id1(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Process spawn event logs (Sysmon ID 1)" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_process_spawns_over_time(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Process spawns over time" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_processes_created_by_users_over_time(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Processes created by users over time" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_registry_events_sysmon_12_13_14(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Registry events (Sysmon 12, 13, 14)" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_users(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Users" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + +class TestSecurityDashboardSecurityLog: + dashboard_id = "51186cd0-e8e9-11e9-9070-f78ae052729a" + + @pytest.fixture(scope="class") + def setup_login(self, driver, login): + login() + yield driver + + def test_computer_filter_results(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Select a computer to filter the below results. Leave blank for all" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_logons_with_special_privileges(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Security log - Logons with special privileges assigned - event ID 4672" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_computer_filter(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Select a computername to filter" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_computers_showing_failed_login_attempts_none(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + + # Wait for the react-grid-layout element to be present + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + + panel_title = "Computers showing failed login attempts - 10 maximum shown" + selector = f'div[data-title="{panel_title}"]' + + # Wait for the specific panel to be present + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + + # Wait for either the panel content or the "No results found" message to be present + panel_content_selector = f"{selector} .echChart" + no_results_selector = f"{selector} .visError" + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, f"{panel_content_selector}, {no_results_selector}")) + WebDriverWait(driver, timeout).until(expected_cond) + + panel = driver.find_element(By.CSS_SELECTOR, selector) + + # Check if the panel content is present + try: + # Check if the "No results found" message is present + no_results_message = driver.find_element(By.CSS_SELECTOR, no_results_selector) + assert no_results_message.is_displayed() + except NoSuchElementException: + panel_content = driver.find_element(By.CSS_SELECTOR, panel_content_selector) + assert panel_content.is_displayed() + + def test_credential_sent_as_clear_text_type_8(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Security log - Credential sent as clear text - Logon type 8" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_failed_logon_and_reason(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Failed logon and reason (status code)" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_failed_logons(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Failed Logons" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_log_cleared_event_id_1102_or_104(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Log Cleared - event ID 1102 or 104" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_process_started_with_different_creds(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Security log - Process started with different credentials- event ID 4648 [could be RUNAS, scheduled tasks]" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_security_log_events_detail(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Security log events - Detail" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_security_log_logon_as_a_service_type_5(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Sercurity log - logon as a service - Logon type 5" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_security_log_logon_created_logon_type_2(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Security log - Logon created - Logon type 2" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_security_log_network_logon_created_type_3(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Security log - network logon created - Logon type 3" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_security_log_process_creation_event_id_4688(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Security log - Process creation - event ID 4688" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + + +class TestComputerSoftwareOverviewDashboard: + dashboard_id = "33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12" + + @pytest.fixture(scope="class") + def setup_login(self, driver, login): + login() + yield driver + + def test_application_crashing_and_hanging(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Application Crashing and Hanging" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_application_crashing_and_hanging_count(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Application Crashing and Hanging Count" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_create_remote_threat_events(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "CreateRemoteThread events" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_filter_hosts(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Filter Hosts" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_processes(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Processes" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + +class TestSysmonSummaryDashboard: + dashboard_id = "d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed" + + @pytest.fixture(scope="class") + def setup_login(self, driver, login): + login() + yield driver + + def test_count_of_sysmon_events_by_event_code(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Count of Sysmon events by event code" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_percentage_of_sysmon_events_by_event_code(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Percentage of Sysmon events by event code" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_sysmon_events(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Sysmon events" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_top10_hosts_generating_most_sysmon_data(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Top 10 hosts generating the most Sysmon data" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + +class TestUserHRDashboard: + dashboard_id = "618bc5d0-84f8-11ee-9838-ff0db128d8b2" + + @pytest.fixture(scope="class") + def setup_login(self, driver, login): + login() + yield driver + + def test_filter_computers(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Filter Computers" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_filter_users(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Filter Users" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_inperson_vs_remote_logons(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "In person vs Remote logons" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_user_logoff_events(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "User logoff events (correlate to logon events)" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_user_logon_events(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "User logon events (filter by LogonId)" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + +class TestUserSecurityDashboard: + dashboard_id = "e5f203f0-6182-11ee-b035-d5f231e90733" + + @pytest.fixture(scope="class") + def setup_login(self, driver, login): + login() + yield driver + + def test_all_network_connections(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "All network connections" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_av_detections(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "AV Detections (Event 1116)" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_filter_hosts(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Filter hosts" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_filter_users(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Filter users" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_logged_on_computers(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Logged on computers" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_logon_attempts(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Logon attempts" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_network_connection_events(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Network Connection Events (Sysmon ID 3)" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_network_connections_by_protocol(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Network connection by protocol" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_network_connections_from_nonbrowser_processes(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Network connections from non-browser processes" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_potentially_suspicious_powershell(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Potentially suspicious powershell" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_powershell_events_by_computer(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Powershell events by computer" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_powershell_events_over_time(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Powershell events over time" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_powershell_network_connections(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Powershell network connections" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_raw_access_read(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "RawAccessRead (Sysmon Event 9)" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_references_to_temporary_files(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "References to temporary files" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_spawned_processes(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Spawned Processes" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_unusual_network_connections_from_non_browser_processes(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Unusual network connections from non-browser processes" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_user_logon_logoff_events(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards#/view/{self.dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "User Logon & Logoff Events" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") \ No newline at end of file diff --git a/testing/tests/selenium_tests/cluster/__init__.py b/testing/tests/selenium_tests/cluster/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/testing/tests/selenium_tests/cluster/conftest.py b/testing/tests/selenium_tests/cluster/conftest.py new file mode 100644 index 00000000..8b031074 --- /dev/null +++ b/testing/tests/selenium_tests/cluster/conftest.py @@ -0,0 +1,92 @@ +import pytest +import os +from webdriver_manager.chrome import ChromeDriverManager +from selenium.common.exceptions import TimeoutException +from selenium import webdriver +from selenium.webdriver.chrome.service import Service +from selenium.webdriver.support.ui import WebDriverWait +from selenium.webdriver.support import expected_conditions as EC +from selenium.webdriver.common.by import By + + +@pytest.fixture(scope="session") +def kibana_host(): + return os.getenv("KIBANA_HOST", "localhost") + +@pytest.fixture(scope="session") +def kibana_port(): + return int(os.getenv("KIBANA_PORT", 443)) + +@pytest.fixture(scope="session") +def kibana_user(): + return os.getenv("KIBANA_USER", "elastic") + +@pytest.fixture(scope="session") +def kibana_password(): + return os.getenv("elastic",os.getenv("KIBANA_PASSWORD", "changeme")) + +@pytest.fixture(scope="session") +def kibana_url(kibana_host, kibana_port): + return f"https://{kibana_host}:{kibana_port}" + +@pytest.fixture(scope="session") +def timeout(): + return int(os.getenv("SELENIUM_TIMEOUT", 30)) + +@pytest.fixture(scope="session") +def mode(): + return os.getenv("SELENIUM_MODE", "headless") + +@pytest.fixture(scope="session") +def driver(timeout, mode): + options = webdriver.ChromeOptions() + if mode == "detached" or mode == "debug": + options.add_experimental_option("detach", True) + options.add_argument("--ignore-certificate-errors") + options.add_argument("--allow-running-insecure-content") + else: + options.add_argument("--headless=new") + options.add_argument("--disable-gpu") + options.add_argument("--window-size=1920,1080") + options.add_argument("--ignore-certificate-errors") + options.add_argument("--no-sandbox") + options.add_argument("--disable-dev-shm-usage") + + s = Service(ChromeDriverManager().install()) + driver = webdriver.Chrome(service=s, options=options) + + yield driver + + if mode != "debug": + driver.stop_client() + driver.close() + driver.quit() + +@pytest.fixture(scope="session") +def login(driver, kibana_url, kibana_user, kibana_password, timeout): + def _login(): + """Login and load the home page""" + + driver.get(kibana_url) + + # Wait for the login page to load + # Check if the current URL contains the login page identifier + login_url_identifier = "/login" + if login_url_identifier in driver.current_url: + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, 'input[name="username"]')) + WebDriverWait(driver, timeout).until(expected_cond) + + # Login + username_input = driver.find_element(By.CSS_SELECTOR, 'input[name="username"]') + username_input.send_keys("elastic") + password_input = driver.find_element(By.CSS_SELECTOR, 'input[name="password"]') + password_input.send_keys(kibana_password) + submit_button = driver.find_element(By.CSS_SELECTOR, 'button[data-test-subj="loginSubmit"]') + submit_button.click() + + # Wait for the home page to load + selector = 'div[data-test-subj="homeApp"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + + return _login \ No newline at end of file diff --git a/testing/tests/selenium_tests/cluster/lib.py b/testing/tests/selenium_tests/cluster/lib.py new file mode 100644 index 00000000..7f88e5d2 --- /dev/null +++ b/testing/tests/selenium_tests/cluster/lib.py @@ -0,0 +1,41 @@ +import pytest +from selenium.webdriver.support.ui import WebDriverWait +from selenium.webdriver.support import expected_conditions as EC +from selenium.webdriver.common.by import By +from selenium.common.exceptions import NoSuchElementException + + +def dashboard_test_function (driver, kibana_url, timeout, dashboard_id, panel_title, result_panel_class, noresult_panel_class): + + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + + # Wait for the react-grid-layout element to be present + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + + selector = f'div[data-title="{panel_title}"]' + + # Wait for the specific panel to be present + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + + # Wait for either the panel content or the "No results found" message to be present + + + panel_content_selector = f"{selector} {result_panel_class}" + no_results_selector = f"{selector} {noresult_panel_class}" + + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, f"{panel_content_selector}, {no_results_selector}")) + WebDriverWait(driver, timeout).until(expected_cond) + + + # Check if the panel content is present + try: + # Check if the "No results found" message is present + no_results_message = driver.find_element(By.CSS_SELECTOR, no_results_selector) + assert no_results_message.is_displayed() + except NoSuchElementException: + panel_content = driver.find_element(By.CSS_SELECTOR, panel_content_selector) + assert panel_content.is_displayed() + + \ No newline at end of file diff --git a/testing/tests/selenium_tests/cluster/test_computer_software_overview_dashboard.py b/testing/tests/selenium_tests/cluster/test_computer_software_overview_dashboard.py new file mode 100644 index 00000000..0202208a --- /dev/null +++ b/testing/tests/selenium_tests/cluster/test_computer_software_overview_dashboard.py @@ -0,0 +1,38 @@ +import pytest +from selenium.webdriver.support.ui import WebDriverWait +from selenium.webdriver.support import expected_conditions as EC +from selenium.webdriver.common.by import By +from selenium.common.exceptions import NoSuchElementException + +from .lib import dashboard_test_function + +class TestComputerSoftwareOverviewDashboard: + dashboard_id = "33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12" + + @pytest.fixture(scope="class") + def setup_login(self, driver, login): + login() + yield driver + + def test_application_crashing_and_hanging(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Application Crashing and Hanging", ".echChart",".xyChart__empty") + + def test_application_crashing_and_hanging_count(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Application Crashing and Hanging Count", ".tbvChart",".visError") + + @pytest.mark.skip(reason="Skipping this test") + def test_create_remote_threat_events(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "CreateRemoteThread events", ".tbvChart",".visError") + + def test_filter_hosts(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Filter Hosts", ".tbvChart",".visError") + + + def test_processes(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Processes", ".tbvChart",".visError") + diff --git a/testing/tests/selenium_tests/cluster/test_health_check_dashboard.py b/testing/tests/selenium_tests/cluster/test_health_check_dashboard.py new file mode 100644 index 00000000..950e2c2c --- /dev/null +++ b/testing/tests/selenium_tests/cluster/test_health_check_dashboard.py @@ -0,0 +1,42 @@ +import pytest +from selenium.webdriver.support.ui import WebDriverWait +from selenium.webdriver.support import expected_conditions as EC +from selenium.webdriver.common.by import By +from selenium.common.exceptions import NoSuchElementException + +from .lib import dashboard_test_function + +class TestHealthCheckDashboard: + dashboard_id = "51fe1470-fa59-11e9-bf25-8f92ffa3e3ec" + + @pytest.fixture(scope="class") + def setup_login(self, driver, login): + login() + yield driver + + def test_number_of_admins(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Number of Admins", ".expExpressionRenderer",".dummyval") + # The arguement ".dummyval" is being used though it is not a valid selector. + # This panel should always have a visualization so there should never be no data message displayed. + # If there is no visualization rendered or "No Results found" message is displayed for this panel on dashboard, this test should fail which is correct behavior + + + def test_total_hosts(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Total Hosts", ".visualization",".dummyval") + + def test_events_by_machine(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Events by machine", ".echChart",".euiText") + + @pytest.mark.skip(reason="Skipping this test") + def test_unexpected_shutdowns(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Unexpected shutdowns", ".echChart",".visError") + + def test_users_seen(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Users seen", ".visualization",".dummyval") + + diff --git a/testing/tests/selenium_tests/cluster/test_process_explorer_dashboard.py b/testing/tests/selenium_tests/cluster/test_process_explorer_dashboard.py new file mode 100644 index 00000000..b85ccb7a --- /dev/null +++ b/testing/tests/selenium_tests/cluster/test_process_explorer_dashboard.py @@ -0,0 +1,53 @@ +import pytest +import os +from selenium.webdriver.support.ui import WebDriverWait +from selenium.webdriver.support import expected_conditions as EC +from selenium.webdriver.common.by import By +from selenium.common.exceptions import NoSuchElementException +from .lib import dashboard_test_function + +class TestProcessExplorerDashboard: + dashboard_id = "f2cbc110-8400-11ee-a3de-f1bc0525ad6c" + + @pytest.fixture(scope="class") + def setup_login(self, driver, login): + login() + yield driver + + @pytest.mark.skip(reason="Skipping this test") + def test_files_created_over_time_in_downloads(self, setup_login, kibana_url, timeout): + #Did not find this dashboard panel on UI. This test should be removed. + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Files created (in Downloads)", ".needarealvaluehere",".euiFlexGroup") + + @pytest.mark.skip(reason="Skipping this test") + def test_files_created_in_downloads(self, setup_login, kibana_url, timeout): + #This dashboard panel is not working corectly. Shows no data even when there is data. Create issue LME#294 + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Files created (in Downloads)", ".euiFlexGroup", ".euiDataGrid__noResults",) + + def test_hosts(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Hosts", ".tbvChart",".visError") + + def test_process_spawn_event_logs_id1(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Process spawn event logs (Sysmon ID 1)", ".euiDataGrid",".euiDataGrid__noResults") + + def test_process_spawns_over_time(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Process spawns over time", ".echChart",".xyChart__empty") + + def test_processes_created_by_users_over_time(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Processes created by users over time", ".echChart",".xyChart__empty") + + def test_registry_events_sysmon_12_13_14(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Registry events (Sysmon 12, 13, 14)", ".euiDataGrid__focusWrap",".euiDataGrid__noResults") + + def test_users(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Users", ".euiDataGrid__focusWrap",".euiText") + + diff --git a/testing/tests/selenium_tests/cluster/test_security_dashboard_security_log.py b/testing/tests/selenium_tests/cluster/test_security_dashboard_security_log.py new file mode 100644 index 00000000..7fb229e0 --- /dev/null +++ b/testing/tests/selenium_tests/cluster/test_security_dashboard_security_log.py @@ -0,0 +1,98 @@ +import pytest +import os +from selenium.webdriver.support.ui import WebDriverWait +from selenium.webdriver.support import expected_conditions as EC +from selenium.webdriver.common.by import By +from selenium.common.exceptions import NoSuchElementException +from .lib import dashboard_test_function + +class TestSecurityDashboardSecurityLog: + dashboard_id = "51186cd0-e8e9-11e9-9070-f78ae052729a" + + @pytest.fixture(scope="class") + def setup_login(self, driver, login): + login() + yield driver + + def test_computer_filter_results(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Select a computer to filter the below results. Leave blank for all", ".euiFlexGroup",".dummyval") + # The arguement ".dummyval" is being used though it is not a valid selector. + # This panel should always have a visualization so there should never be no data message displayed. + # If there is no visualization rendered or "No Results found" message is displayed for this panel on dashboard, this test should fail which is correct behavior + + + @pytest.mark.skip(reason="Skipping this test") + def test_logons_with_special_privileges(self, setup_login, kibana_url, timeout): + #This dashboard panel needs test data. Currently the panel only gives No Result found + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Security log - Logons with special privileges assigned - event ID 4672", ".needarealvaluehere",".visError") + + def test_computer_filter(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Select a computername to filter", ".tbvChart",".visError") + + def test_computers_showing_failed_login_attempts_none(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Computers showing failed login attempts - 10 maximum shown", ".echChart",".visError") + + @pytest.mark.skip(reason="Skipping this test") + def test_credential_sent_as_clear_text_type_8(self, setup_login, kibana_url, timeout): + #This dashboard panel needs test data. Currently the panel only gives No Result found + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Security log - Credential sent as clear text - Logon type 8", ".needarealvaluehere",".visError") + + + def test_failed_logon_and_reason(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Failed logon and reason (status code)", ".echChart",".euiText") + + def test_failed_logons(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Failed Logons", ".unifiedDataTable",".euiDataGrid__noResults") + + @pytest.mark.skip(reason="Skipping this test") + def test_log_cleared_event_id_1102_or_104(self, setup_login, kibana_url, timeout): + #This dashboard panel needs test data. Currently the panel only gives No Result found + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Log Cleared - event ID 1102 or 104", ".needarealvaluehere",".euiDataGrid__noResults") + + + def test_process_started_with_different_creds(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Security log - Process started with different credentials- event ID 4648 [could be RUNAS, scheduled tasks]", ".euiDataGrid",".euiDataGrid__noResults") + + def test_security_log_events_detail(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Security log events - Detail", ".euiDataGrid",".euiDataGrid__noResults") + + def test_security_log_logon_as_a_service_type_5(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Sercurity log - logon as a service - Logon type 5",".euiDataGrid",".visError") + + def test_security_log_logon_created_logon_type_2(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Security log - Logon created - Logon type 2",".tbvChart",".visError") + + def test_security_log_network_logon_created_type_3(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Security log - network logon created - Logon type 3",".tbvChart",".visError") + + def test_security_log_process_creation_event_id_4688(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Security log - Process creation - event ID 4688",".euiDataGrid",".euiDataGrid__noResults") + + def test_security_log_events(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Security logs events",".visualization", ".dummyval") + # The arguement ".dummyval" is being used though it is not a valid selector. + # This panel should always have a visualization so there should never be no data message displayed. + # If there is no visualization rendered or "No Results found" message is displayed for this panel on dashboard, this test should fail which is correct behavior + + def test_failed_logon_type_codes(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Failed logon type codes",".visualization", ".dummyval") + + def test_failed_logon_status_codes(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Failed logon status codes",".visualization", ".dummyval") \ No newline at end of file diff --git a/testing/tests/selenium_tests/cluster/test_sysmon_summary_dashboard.py b/testing/tests/selenium_tests/cluster/test_sysmon_summary_dashboard.py new file mode 100644 index 00000000..a58d3fce --- /dev/null +++ b/testing/tests/selenium_tests/cluster/test_sysmon_summary_dashboard.py @@ -0,0 +1,48 @@ +import pytest +import os +from selenium.webdriver.support.ui import WebDriverWait +from selenium.webdriver.support import expected_conditions as EC +from selenium.webdriver.common.by import By +from selenium.common.exceptions import NoSuchElementException +from .lib import dashboard_test_function + +class TestSysmonSummaryDashboard: + dashboard_id = "d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed" + + @pytest.fixture(scope="class") + def setup_login(self, driver, login): + login() + yield driver + + def test_count_of_sysmon_events_by_event_code(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Count of Sysmon events by event code", ".tbvChart",".visError") + + + def test_total_number_of_sysmon_events_found(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Total number of Sysmon events found", ".visualization",".dummyval") + # The arguement ".dummyval" is being used though it is not a valid selector. + # This panel should always have a visualization so there should never be no data message displayed. + # If there is no visualization rendered or "No Results found" message is displayed for this panel on dashboard, this test should fail which is correct behavior + + + + def test_percentage_of_sysmon_events_by_event_code(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Percentage of Sysmon events by event code", ".echChart",".euiText") + + def test_sysmon_events(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Sysmon events", ".echChart",".visError") + + def test_top10_hosts_generating_most_sysmon_data(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Top 10 hosts generating the most Sysmon data", ".tbvChart",".visError") + + + def test_sysmon_events_code_reference(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Sysmon event code reference", ".visualization",".dummyval") + + diff --git a/testing/tests/selenium_tests/cluster/test_user_h_r_dashboard.py b/testing/tests/selenium_tests/cluster/test_user_h_r_dashboard.py new file mode 100644 index 00000000..3ecea47a --- /dev/null +++ b/testing/tests/selenium_tests/cluster/test_user_h_r_dashboard.py @@ -0,0 +1,65 @@ +import pytest +import os +from selenium.webdriver.support.ui import WebDriverWait +from selenium.webdriver.support import expected_conditions as EC +from selenium.webdriver.common.by import By +from selenium.common.exceptions import NoSuchElementException +from .lib import dashboard_test_function + +class TestUserHRDashboard: + dashboard_id = "618bc5d0-84f8-11ee-9838-ff0db128d8b2" + + @pytest.fixture(scope="class") + def setup_login(self, driver, login): + login() + yield driver + + def test_filter_computers(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Filter Computers", ".echChart",".xyChart__empty") + + + def test_filter_users(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Filter Users", ".echChart",".xyChart__empty") + + #@pytest.mark.skip(reason="Skipping this test") + def test_inperson_vs_remote_logons(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "In person vs Remote logons", ".echChart",".euiText") + + def test_user_logoff_events(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "User logoff events (correlate to logon events)", ".euiDataGrid",".euiDataGrid__noResults") + + #@pytest.mark.skip(reason="Skipping this test") + def test_user_logon_events(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "User logon events (filter by LogonId)", ".euiDataGrid",".euiDataGrid__noResults") + + def test_select_domain_and_username(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Select domain(s) and username(s)", ".icvContainer",".dummyval") + # The arguement ".dummyval" is being used though it is not a valid selector. + # This panel should always have a visualization so there should never be no data message displayed. + # If there is no visualization rendered or "No Results found" message is displayed for this panel on dashboard, this test should fail which is correct behavior + + #@pytest.mark.skip(reason="Skipping this test") + def test_hr_user_activity_title(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "HR - User activity title", ".visualization",".dummyval") + + + def test_all_user_events_dayofweek_hourofday(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "All User Events by Day of Week, Hour of Day", ".echChart",".dummyval") + + def test_timestamps_by_count(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Timestamps by Count", ".echChart",".dummyval") + + #@pytest.mark.skip(reason="Skipping this test") + def test_hr_logon_title(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "HR - Logon title", ".visualization",".dummyval") + \ No newline at end of file diff --git a/testing/tests/selenium_tests/cluster/test_user_security_dashboard.py b/testing/tests/selenium_tests/cluster/test_user_security_dashboard.py new file mode 100644 index 00000000..2c01faeb --- /dev/null +++ b/testing/tests/selenium_tests/cluster/test_user_security_dashboard.py @@ -0,0 +1,180 @@ +import pytest +import os +from selenium.webdriver.support.ui import WebDriverWait +from selenium.webdriver.support import expected_conditions as EC +from selenium.webdriver.common.by import By +from selenium.common.exceptions import NoSuchElementException +from .lib import dashboard_test_function + +class TestUserSecurityDashboard: + dashboard_id = "e5f203f0-6182-11ee-b035-d5f231e90733" + + @pytest.fixture(scope="class") + def setup_login(self, driver, login): + login() + yield driver + + def test_search_users(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Search users", ".visualization",".dummyval") + # The arguement ".dummyval" is being used though it is not a valid selector. + # This panel should always have a visualization so there should never be no data message displayed. + # If there is no visualization rendered or "No Results found" message is displayed for this panel on dashboard, this test should fail which is correct behavior + + def test_filter_hosts(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Filter hosts", ".tbvChart",".visError") + + def test_search_hosts(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Search hosts", ".visualization",".dummyval") + + def test_filter_users(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Filter users", ".euiDataGrid",".euiText") + + def test_security_logons_title(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Security - Logons Title", ".visualization",".dummyval") + + def test_security_logons_attempts(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Security - Logon attempts", ".visualization",".dummyval") + + def test_security_logons_hosts(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Security - Logon hosts", ".visualization",".dummyval") + + + def test_logon_attempts(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Logon attempts", ".echChart",".xyChart__empty") + + + def test_logged_on_computers(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Logged on computers", ".echChart",".euiText") + + def test_user_logon_logoff_events(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "User Logon & Logoff Events", ".euiDataGrid",".euiDataGrid__noResults") + + def test_security_network_title(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Security - Network Title", ".visualization",".dummyval") + + def test_all_network_connections(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "All network connections", ".echChart",".xyChart__empty") + + def test_network_connections_from_nonbrowser_processes(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Network connections from non-browser processes", ".tbvChart",".visError") + + def test_network_connections_by_protocol(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Network connection by protocol", ".echChart",".xyChart__empty") + + def test_unusual_network_connections_from_non_browser_processes(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Unusual network connections from non-browser processes", ".tbvChart",".visError") + + def test_network_connection_events(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Network Connection Events (Sysmon ID 3)", ".euiDataGrid",".euiDataGrid__noResults") + + def test_unusual_network_connections_events_sysmonid_3(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Network Connection Events (Sysmon ID 3)", ".euiDataGrid",".euiDataGrid__noResults") + + def test_security_processes_title(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Security - Processes Title", ".visualization",".dummyval") + + def test_spawned_processes(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Spawned Processes", ".euiDataGrid",".euiDataGrid__noResults") + + def test_powershell_events(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Powershell Events", ".visualization",".dummyval") + + def test_powershell_events_over_time(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Powershell events over time", ".echChart",".xyChart__empty") + + def test_powershell_events_by_computer(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Powershell events by computer", ".echChart",".euiText") + + @pytest.mark.skip(reason="Skipping this test") + def test_potentially_suspicious_powershell(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Potentially suspicious powershell", ".needarealvaluehere",".euiDataGrid__noResults") + #This dashboard panel needs test data. Currently the panel only gives No Result found + + @pytest.mark.skip(reason="Skipping this test") + def test_powershell_network_connections(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Powershell network connections", ".needarealvaluehere",".euiDataGrid__noResults") + + + def test_security_files_title(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Security - Files title", ".visualization",".dummyval") + + @pytest.mark.skip(reason="Skipping this test") + def test_references_to_temporary_files(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "References to temporary files", ".needarealvaluehere",".visError") + + @pytest.mark.skip(reason="Skipping this test") + def test_raw_access_read(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "RawAccessRead (Sysmon Event 9)", ".needarealvaluehere",".euiDataGrid__noResults") + + def test_windows_defender_title(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Security - Windows Defender Title", ".visualization",".dummyval") + + + @pytest.mark.skip(reason="Skipping this test") + def test_av_detections(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "AV Detections (Event 1116)", ".needarealvaluehere",".euiDataGrid__noResults") + + def test_defender_event_count(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Defender event count", ".visualization",".dummyval") + + def test_av_hits_count(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "AV Hits (Count)", ".visualization",".dummyval") + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/testing/tests/selenium_tests/linux_only/conftest.py b/testing/tests/selenium_tests/linux_only/conftest.py new file mode 100644 index 00000000..52bd88fc --- /dev/null +++ b/testing/tests/selenium_tests/linux_only/conftest.py @@ -0,0 +1,93 @@ +import pytest +import os +from webdriver_manager.chrome import ChromeDriverManager +from selenium.common.exceptions import TimeoutException +from selenium import webdriver +from selenium.webdriver.chrome.service import Service +from selenium.webdriver.support.ui import WebDriverWait +from selenium.webdriver.support import expected_conditions as EC +from selenium.webdriver.common.by import By + + +@pytest.fixture(scope="session") +def kibana_host(): + return os.getenv("KIBANA_HOST", "localhost") + +@pytest.fixture(scope="session") +def kibana_port(): + return int(os.getenv("KIBANA_PORT", 443)) + +@pytest.fixture(scope="session") +def kibana_user(): + return os.getenv("KIBANA_USER", "elastic") + +@pytest.fixture(scope="session") +def kibana_password(): + return os.getenv("elastic",os.getenv("KIBANA_PASSWORD", "changeme")) + +@pytest.fixture(scope="session") +def kibana_url(kibana_host, kibana_port): + return f"https://{kibana_host}:{kibana_port}" + +@pytest.fixture(scope="session") +def timeout(): + return int(os.getenv("SELENIUM_TIMEOUT", 30)) + +@pytest.fixture(scope="session") +def mode(): + return os.getenv("SELENIUM_MODE", "headless") + +@pytest.fixture(scope="session") +def driver(timeout, mode): + options = webdriver.ChromeOptions() + if mode == "detached" or mode == "debug": + options.add_experimental_option("detach", True) + options.add_argument("--ignore-certificate-errors") + options.add_argument("--allow-running-insecure-content") + options.add_argument('--force-device-scale-factor=1.5') + else: + options.add_argument("--headless=new") + options.add_argument("--disable-gpu") + options.add_argument("--window-size=1920,1080") + options.add_argument("--ignore-certificate-errors") + options.add_argument("--no-sandbox") + options.add_argument("--disable-dev-shm-usage") + + s = Service(ChromeDriverManager().install()) + driver = webdriver.Chrome(service=s, options=options) + + yield driver + + if mode != "debug": + driver.stop_client() + driver.close() + driver.quit() + +@pytest.fixture(scope="session") +def login(driver, kibana_url, kibana_user, kibana_password, timeout): + def _login(): + """Login and load the home page""" + + driver.get(kibana_url) + + # Wait for the login page to load + # Check if the current URL contains the login page identifier + login_url_identifier = "/login" + if login_url_identifier in driver.current_url: + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, 'input[name="username"]')) + WebDriverWait(driver, timeout).until(expected_cond) + + # Login + username_input = driver.find_element(By.CSS_SELECTOR, 'input[name="username"]') + username_input.send_keys("elastic") + password_input = driver.find_element(By.CSS_SELECTOR, 'input[name="password"]') + password_input.send_keys(kibana_password) + submit_button = driver.find_element(By.CSS_SELECTOR, 'button[data-test-subj="loginSubmit"]') + submit_button.click() + + # Wait for the home page to load + selector = 'div[data-test-subj="homeApp"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + + return _login \ No newline at end of file diff --git a/testing/tests/selenium_tests/linux_only/move_tests.sh b/testing/tests/selenium_tests/linux_only/move_tests.sh new file mode 100755 index 00000000..e3597de2 --- /dev/null +++ b/testing/tests/selenium_tests/linux_only/move_tests.sh @@ -0,0 +1,48 @@ +#!/bin/bash + +# Check if the Python file is provided as an argument +if [ $# -eq 0 ]; then + echo "Please provide the path to the Python file as an argument." + exit 1 +fi + +# Get the Python file path from the argument +python_file=$1 + +# Check if the Python file exists +if [ ! -f "$python_file" ]; then + echo "The specified Python file does not exist." + exit 1 +fi + +# Find all the class definitions in the Python file +class_names=$(grep -oP '(?<=class )\w+' "$python_file") + +# Iterate over each class name +for class_name in $class_names; do + # Convert the class name to snake case + snake_case_name=$(echo "$class_name" | sed 's/\([A-Z]\)/_\L\1/g;s/^_//') + + # Create a new file with the snake case class name + new_file="${snake_case_name}.py" + + # Add the import statements to the new file + echo "import pytest" > "$new_file" + echo "import os" >> "$new_file" + echo "from selenium.webdriver.support.ui import WebDriverWait" >> "$new_file" + echo "from selenium.webdriver.support import expected_conditions as EC" >> "$new_file" + echo "from selenium.webdriver.common.by import By" >> "$new_file" + echo "from selenium.common.exceptions import NoSuchElementException" >> "$new_file" + echo "" >> "$new_file" # Add an empty line for separation + + # Extract the class and its contents from the original file and append to the new file + sed -n "/class $class_name/,/class\s\+\w\+\s*:/p" "$python_file" | sed '$d' >> "$new_file" + + # Check if the new file is empty + if [ ! -s "$new_file" ]; then + echo "Class '$class_name' not found or empty. Skipping." + rm "$new_file" + else + echo "Extracted class '$class_name' to '$new_file'" + fi +done \ No newline at end of file diff --git a/testing/tests/selenium_tests/linux_only/test_basic_loading.py b/testing/tests/selenium_tests/linux_only/test_basic_loading.py new file mode 100644 index 00000000..bf301df5 --- /dev/null +++ b/testing/tests/selenium_tests/linux_only/test_basic_loading.py @@ -0,0 +1,40 @@ +import pytest +import os +from selenium.webdriver.support.ui import WebDriverWait +from selenium.webdriver.support import expected_conditions as EC +from selenium.webdriver.common.by import By +from selenium.common.exceptions import NoSuchElementException + +class TestBasicLoading: + @pytest.fixture(scope="class") + def setup_login(self, driver, login): + login() + yield driver + + # @pytest.fixture(scope="class", autouse=True) + # def setup_teardown(self, driver): + # yield + # driver.quit() # Clean up the browser (driver) here + + + def test_title(self, setup_login, kibana_url, timeout): + driver = setup_login + driver.get(f"{kibana_url}/app/dashboards") + selector = 'div[data-test-subj="dashboardLandingPage"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + assert driver.title == "Dashboards - Elastic" + + def test_dashboard_menu(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "e5f203f0-6182-11ee-b035-d5f231e90733" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Dashboard Menu" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + diff --git a/testing/tests/selenium_tests/linux_only/test_computer_software_overview_dashboard_lo.py b/testing/tests/selenium_tests/linux_only/test_computer_software_overview_dashboard_lo.py new file mode 100644 index 00000000..000f901f --- /dev/null +++ b/testing/tests/selenium_tests/linux_only/test_computer_software_overview_dashboard_lo.py @@ -0,0 +1,39 @@ +import pytest +import os +from selenium.webdriver.support.ui import WebDriverWait +from selenium.webdriver.support import expected_conditions as EC +from selenium.webdriver.common.by import By +from selenium.common.exceptions import NoSuchElementException + +class TestComputerSoftwareOverviewDashboard: + @pytest.fixture(scope="class") + def setup_login(self, driver, login): + login() + yield driver + + def test_dashboard_menu(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Dashboard Menu" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_host_count(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Host Count" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + diff --git a/testing/tests/selenium_tests/linux_only/test_health_check_dashboard_lo.py b/testing/tests/selenium_tests/linux_only/test_health_check_dashboard_lo.py new file mode 100644 index 00000000..cf630b83 --- /dev/null +++ b/testing/tests/selenium_tests/linux_only/test_health_check_dashboard_lo.py @@ -0,0 +1,24 @@ +import pytest +import os +from selenium.webdriver.support.ui import WebDriverWait +from selenium.webdriver.support import expected_conditions as EC +from selenium.webdriver.common.by import By +from selenium.common.exceptions import NoSuchElementException + +class TestHealthCheckDashboard: + @pytest.fixture(scope="class") + def setup_login(self, driver, login): + login() + yield driver + + def test_users_seen(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "51fe1470-fa59-11e9-bf25-8f92ffa3e3ec" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Users seen" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) diff --git a/testing/tests/selenium_tests/linux_only/test_security_dashboard_security_log_lo.py b/testing/tests/selenium_tests/linux_only/test_security_dashboard_security_log_lo.py new file mode 100644 index 00000000..4f56dca4 --- /dev/null +++ b/testing/tests/selenium_tests/linux_only/test_security_dashboard_security_log_lo.py @@ -0,0 +1,65 @@ +import pytest +import os +from selenium.webdriver.support.ui import WebDriverWait +from selenium.webdriver.support import expected_conditions as EC +from selenium.webdriver.common.by import By +from selenium.common.exceptions import NoSuchElementException + +class TestSecurityDashboardSecurityLog: + @pytest.fixture(scope="class") + def setup_login(self, driver, login): + login() + yield driver + + def test_security_log_events(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "51186cd0-e8e9-11e9-9070-f78ae052729a" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Security logs events" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_failed_logon_attempts(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "51186cd0-e8e9-11e9-9070-f78ae052729a" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Failed logon attempts" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_failed_logons_type_codes(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "51186cd0-e8e9-11e9-9070-f78ae052729a" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Failed logon type codes" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_failed_logon_status_codes(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "51186cd0-e8e9-11e9-9070-f78ae052729a" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Failed logon status codes" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + diff --git a/testing/tests/selenium_tests/linux_only/test_sysmon_summary_dashboard_lo.py b/testing/tests/selenium_tests/linux_only/test_sysmon_summary_dashboard_lo.py new file mode 100644 index 00000000..443d0bf1 --- /dev/null +++ b/testing/tests/selenium_tests/linux_only/test_sysmon_summary_dashboard_lo.py @@ -0,0 +1,39 @@ +import pytest +import os +from selenium.webdriver.support.ui import WebDriverWait +from selenium.webdriver.support import expected_conditions as EC +from selenium.webdriver.common.by import By +from selenium.common.exceptions import NoSuchElementException + +class TestSysmonSummaryDashboard: + @pytest.fixture(scope="class") + def setup_login(self, driver, login): + login() + yield driver + + def test_total_number_of_sysmon_events_found(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Total number of Sysmon events found" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_sysmon_event_code_reference(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Sysmon event code reference" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + diff --git a/testing/tests/selenium_tests/linux_only/test_user_h_r_dashboard_lo.py b/testing/tests/selenium_tests/linux_only/test_user_h_r_dashboard_lo.py new file mode 100644 index 00000000..778a21f7 --- /dev/null +++ b/testing/tests/selenium_tests/linux_only/test_user_h_r_dashboard_lo.py @@ -0,0 +1,78 @@ +import pytest +import os +from selenium.webdriver.support.ui import WebDriverWait +from selenium.webdriver.support import expected_conditions as EC +from selenium.webdriver.common.by import By +from selenium.common.exceptions import NoSuchElementException + +class TestUserHRDashboard: + @pytest.fixture(scope="class") + def setup_login(self, driver, login): + login() + yield driver + def test_dashboard_menu(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "618bc5d0-84f8-11ee-9838-ff0db128d8b2" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Dashboard Menu" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_domains_and_usernames(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "618bc5d0-84f8-11ee-9838-ff0db128d8b2" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Select domain(s) and username(s)" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_all_user_events(self, driver, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "618bc5d0-84f8-11ee-9838-ff0db128d8b2" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "All User Events by Day of Week, Hour of Day" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_timestamps_by_count(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "618bc5d0-84f8-11ee-9838-ff0db128d8b2" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Timestamps by Count" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + + def test_dashboard_menu(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "51186cd0-e8e9-11e9-9070-f78ae052729a" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Dashboard Menu" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + diff --git a/testing/tests/selenium_tests/linux_only/test_user_security_dashboard_lo.py b/testing/tests/selenium_tests/linux_only/test_user_security_dashboard_lo.py new file mode 100644 index 00000000..83d676fe --- /dev/null +++ b/testing/tests/selenium_tests/linux_only/test_user_security_dashboard_lo.py @@ -0,0 +1,91 @@ +import pytest +import os +from selenium.webdriver.support.ui import WebDriverWait +from selenium.webdriver.support import expected_conditions as EC +from selenium.webdriver.common.by import By +from selenium.common.exceptions import NoSuchElementException + +class TestUserSecurityDashboard: + @pytest.fixture(scope="class") + def setup_login(self, driver, login): + login() + yield driver + + def test_search_users(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "e5f203f0-6182-11ee-b035-d5f231e90733" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Search users" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_search_hosts(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "e5f203f0-6182-11ee-b035-d5f231e90733" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Search hosts" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_security_logon_attempts(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "e5f203f0-6182-11ee-b035-d5f231e90733" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Security - Logon attempts" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_security_logon_hosts(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "e5f203f0-6182-11ee-b035-d5f231e90733" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Security - Logon hosts" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_av_hits(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "e5f203f0-6182-11ee-b035-d5f231e90733" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "AV Hits (Count)" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + + def test_defender_event_count(self, setup_login, kibana_url, timeout): + driver = setup_login + dashboard_id = "e5f203f0-6182-11ee-b035-d5f231e90733" + driver.get(f"{kibana_url}/app/dashboards#/view/{dashboard_id}") + expected_cond = EC.presence_of_element_located((By.CLASS_NAME, "react-grid-layout")) + WebDriverWait(driver, timeout).until(expected_cond) + panel_title = "Defender event count" + selector = f'div[data-title="{panel_title}"]' + expected_cond = EC.presence_of_element_located((By.CSS_SELECTOR, selector)) + WebDriverWait(driver, timeout).until(expected_cond) + panel = driver.find_element(By.CSS_SELECTOR, selector) + assert "No results found" not in panel.get_attribute("innerHTML") + diff --git a/testing/v2/development/Dockerfile b/testing/v2/development/Dockerfile new file mode 100644 index 00000000..9402c73e --- /dev/null +++ b/testing/v2/development/Dockerfile @@ -0,0 +1,64 @@ +# Use Ubuntu 22.04 as base image +FROM ubuntu:22.04 +ARG USER_ID=1001 +ARG GROUP_ID=1001 + +# Set environment variable to avoid interactive dialogues during build +ENV DEBIAN_FRONTEND=noninteractive + +# Install necessary APT packages including Python and pip +RUN apt-get update && apt-get install -y \ + lsb-release \ + python3 \ + python3-venv \ + python3-pip \ + zip \ + git \ + curl \ + wget \ + sudo \ + cron \ + freerdp2-x11 \ + pkg-config \ + libcairo2-dev \ + libdbus-1-dev \ + distro-info \ + libgirepository1.0-dev \ + && wget -q "https://packages.microsoft.com/config/ubuntu/$(lsb_release -rs)/packages-microsoft-prod.deb" \ + && dpkg -i packages-microsoft-prod.deb \ + && apt-get update \ + && apt-get install -y powershell \ + && rm -rf /var/lib/apt/lists/* \ + && curl -sL https://aka.ms/InstallAzureCLIDeb | bash \ + && wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb \ + && apt install -y ./google-chrome-stable_current_amd64.deb \ + && rm -rf google-chrome-stable_current_amd64.deb \ + && sudo apt-get install -f \ + && apt-get clean + +# Install Ansible +RUN python3 -m pip install --upgrade pip \ + && python3 -m pip install ansible + +# Create a user and group 'admin.ackbar' with GID 1001 +RUN groupadd -g $GROUP_ID admin.ackbar \ + && useradd -m -u $USER_ID -g admin.ackbar --badnames admin.ackbar \ + && usermod -aG sudo admin.ackbar + +# Allow 'admin.ackbar' user to run sudo commands without a password +RUN echo "admin.ackbar ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers + +# Define the base directory as an environment variable +ENV BASE_DIR=/home/admin.ackbar/LME + +# Set work directory +WORKDIR $BASE_DIR + +# Change to non-root privilege +# USER admin.ackbar + +# Set timezone (optional) +ENV TZ=America/New_York + +# Keep the container running (This can be replaced by your application's main process) +CMD ["tail", "-f", "/dev/null"] \ No newline at end of file diff --git a/testing/v2/development/docker-compose.yml b/testing/v2/development/docker-compose.yml new file mode 100644 index 00000000..5daf5757 --- /dev/null +++ b/testing/v2/development/docker-compose.yml @@ -0,0 +1,26 @@ +# Docker Compose file for setting up development environment for LME project. +# +# This file defines two services: +# 1. ubuntu: +# - Builds an Ubuntu container with the specified USER_ID and GROUP_ID arguments. +# - Mounts the parent directory to /lme in the container, allowing access to the LME project. +# - Sets the container name to "v2_ubuntu". +# - Sets the user to the specified HOST_UID and HOST_GID. +# - Runs the command "sleep infinity" to keep the container running indefinitely. +# + +version: '3.8' + +services: + ubuntu: + build: + context: . + args: + USER_ID: "${HOST_UID:-1001}" + GROUP_ID: "${HOST_GID:-1001}" + container_name: v2_ubuntu + user: "${HOST_UID:-1001}:${HOST_GID:-1001}" + volumes: + - ../../../../LME/:/lme + command: sleep infinity + \ No newline at end of file diff --git a/testing/v2/installers/README.md b/testing/v2/installers/README.md new file mode 100644 index 00000000..2a13e8dd --- /dev/null +++ b/testing/v2/installers/README.md @@ -0,0 +1,15 @@ +There are readmes for each of the installer directories. + +You'll need to follow the steps in [Azure Authentication](/testing/v2/installers/azure/build_azure_linux_network.md#authentication) and +[Python Setup](/testing/v2/installers/azure/build_azure_linux_network.md#setup) prior to running the steps below. + +Quick Start + +```bash +./azure/build_azure_linux_network.py -g your-group-name -s 0.0.0.0 -vs Standard_D8_v4 -l westus -ast 00:00 +./minimega/install.sh lme-user $(cat your-group-name.ip.txt) your-group-name.password.txt +./ubuntu_qcow_maker/install.sh lme-user $(cat your-group-name.ip.txt) your-group-name.password.txt +./install_v2/install.sh lme-user $(cat your-group-name.ip.txt) your-group-name.password.txt branch +``` + +./azure/build_azure_linux_network.py -g lme-cbaxley-m1 -s 0.0.0.0 -vs Standard_D8_v4 -l westus -ast 00:00 -pub Canonical -io 0001-com-ubuntu-server-noble-daily -is 24_04-daily-lts-gen2 diff --git a/testing/v2/installers/azure/build_azure_linux_network.md b/testing/v2/installers/azure/build_azure_linux_network.md new file mode 100644 index 00000000..af8f84ab --- /dev/null +++ b/testing/v2/installers/azure/build_azure_linux_network.md @@ -0,0 +1,136 @@ +- [Authentication](#authentication) +- [Setup and Run the Script](#setup-and-run-the-script) + - [Prerequisites](#prerequisites) + - [Setup](#setup) + - [Running the Script](#running-the-script) + - [Allowed arguments](#allowed-arguments) + - [Cleanup](#cleanup) + +# Azure Authentication + +When running the script outside of an Azure environment, you may be prompted to log in interactively if you haven't authenticated previously. The script uses the `DefaultAzureCredential` or `ClientSecretCredential` from the `azure-identity` library, which follows a specific authentication flow: + +1. If the `AZURE_CLIENT_ID`, `AZURE_TENANT_ID`, and `AZURE_CLIENT_SECRET` environment variables are set, the script will use them to authenticate using the `ClientSecretCredential`. This is typically used for non-interactive authentication, such as in automated scripts or CI/CD pipelines. + +2. If the environment variables are not set, the script falls back to using the `DefaultAzureCredential`. The `DefaultAzureCredential` tries to authenticate using the following methods, in order: + - Environment variables: If the `AZURE_CLIENT_ID`, `AZURE_TENANT_ID`, and `AZURE_CLIENT_SECRET` environment variables are set, it will use them for authentication. + - Managed identity: If the script is running on an Azure VM or Azure Functions with a managed identity enabled, it will use the managed identity for authentication. + - Azure CLI: If you have authenticated previously using the Azure CLI (`az login`), it will use the cached credentials from the CLI. + - Interactive browser authentication: If none of the above methods succeed, it will open a browser window and prompt you to log in interactively. + +## Avoiding Interactive Login + +If you run the script outside of an Azure environment and you haven't authenticated previously using the Azure CLI or set the necessary environment variables, the script will prompt you to log in interactively through a browser window. + +To avoid interactive login, you can do one of the following: + +1. Set the `AZURE_CLIENT_ID`, `AZURE_TENANT_ID`, and `AZURE_CLIENT_SECRET` environment variables with the appropriate values for your Azure service principal. This allows the script to authenticate using the client secret. + +2. Authenticate using the Azure CLI by running `az login` before running the script. This will cache your credentials, and the script will use them for authentication. + +If you prefer not to be prompted for interactive login, make sure to set the necessary environment variables or authenticate using the Azure CLI beforehand. + +## Environment Variables + +The following environment variables can be set to provide authentication credentials: + +- `AZURE_CLIENT_ID`: The client ID of your Azure service principal. +- `AZURE_TENANT_ID`: The tenant ID of your Azure subscription. +- `AZURE_CLIENT_SECRET`: The client secret associated with your Azure service principal. +- `AZURE_SUBSCRIPTION_ID`: The subscription ID you want to use for creating the resources. + +If these environment variables are set, the script will use them for authentication. Otherwise, it will attempt to use the default Azure credential and retrieve the default subscription ID. + + +# Setup and Run the Script + +## Prerequisites + +- Python 3.x installed on your system + +## Setup + +1. Clone the repository or download the script files to your local machine. + +2. Open a terminal or command prompt and navigate to the directory where the script files are located. + +3. Create a new virtual environment by running the following command: + + ```bash + python -m venv venv + ``` + + This will create a new virtual environment named `venv` in the current directory. + +4. Activate the virtual environment: + + - For Windows: + ``` + venv\Scripts\activate + ``` + + - For macOS and Linux: + ``` + source venv/bin/activate + ``` + + You should see `(venv)` prefixed to your terminal prompt, indicating that the virtual environment is active. + +5. Install the required packages by running the following command: + + ``` + pip install -r build_azure_linux_network_requirements.txt + ``` + + This will install all the necessary packages listed in the `build_azure_linux_network_requirements.txt` file. + +## Running the Script + +To run the script, use the following command: + +```bash +python build_azure_linux_network.py -g -s 10.1.1.10/32 -ast 21:00 +``` + +Replace `` with the desired resource group name and `` with the comma-separated list of CIDR prefixes or IP ranges for allowed sources. + +Make sure you have the necessary authentication credentials set up before running the script. + +## Allowed arguments +| **Parameter** | **Alias** | **Description** | **Required** | **Default** | +|------------------------|-----------|--------------------------------------------------------------------------------------------------|--------------|---------------------------------| +| --resource-group | -g | Resource group name | Yes | | +| --allowed-sources | -s | Comma-separated list of CIDR prefixes or IP ranges (XX.XX.XX.XX/YY,XX.XX.XX.XX/YY,etc...) | Yes | | +| --location | -l | Location where the cluster will be built. | No | westus | +| --no-prompt | -y | Run the script with no prompt (useful for automated runs) | No | False | +| --subscription-id | -sid | Azure subscription ID. If not provided, the default subscription ID will be used. | No | | +| --vnet-name | -vn | Virtual network name | No | VNet1 | +| --vnet-prefix | -vp | Virtual network prefix | No | 10.1.0.0/16 | +| --subnet-name | -sn | Subnet name | No | SNet1 | +| --subnet-prefix | -sp | Subnet prefix | No | 10.1.0.0/24 | +| --ls-ip | -ip | IP address for the VM | No | 10.1.0.5 | +| --vm-admin | -u | Admin username for the VM | No | lme-user | +| --machine-name | -m | Name of the VM | No | ubuntu | +| --ports | -p | Ports to open | No | [22] | +| --priorities | -pr | Priorities for the ports | No | [1001] | +| --protocols | -pt | Protocols for the ports | No | ['Tcp'] | +| --vm-size | -vs | Size of the virtual machine | No | Standard_E2d_v4 | +| --image-publisher | -pub | Publisher of the VM image | No | Canonical | +| --image-offer | -io | Offer of the VM image | No | 0001-com-ubuntu-server-jammy | +| --image-sku | -is | SKU of the VM image | No | 22_04-lts-gen2 | +| --image-version | -iv | Version of the VM image | No | latest | +| --os-disk-size-gb | -os | Size of the OS disk in GB | No | 128 | +| --auto-shutdown-time | -ast | Auto-Shutdown time in UTC (HH:MM, e.g. 22:30, 00:00, 19:00). Convert timezone as necessary. | No | | +| --auto-shutdown-email | -ase | Auto-shutdown notification email | No | | + + + +## Cleanup + +When you're done using the script, you can deactivate the virtual environment by running the following command: + +``` +deactivate +``` + +This will deactivate the virtual environment and return you to your normal terminal prompt. diff --git a/testing/v2/installers/azure/build_azure_linux_network.py b/testing/v2/installers/azure/build_azure_linux_network.py new file mode 100755 index 00000000..559397ef --- /dev/null +++ b/testing/v2/installers/azure/build_azure_linux_network.py @@ -0,0 +1,624 @@ +#!/usr/bin/env python3 +import argparse +import os +import string +import random +from azure.identity import DefaultAzureCredential +from azure.mgmt.compute import ComputeManagementClient +from azure.mgmt.devtestlabs import DevTestLabsClient +from azure.mgmt.devtestlabs.models import Schedule +from azure.mgmt.resource import ResourceManagementClient +from azure.mgmt.network import NetworkManagementClient +from azure.mgmt.resource.subscriptions import SubscriptionClient +from datetime import datetime +from pathlib import Path + + +def generate_password(length=12): + uppercase_letters = string.ascii_uppercase + lowercase_letters = string.ascii_lowercase + digits = string.digits + special_chars = string.punctuation + + # Generate the password + password = [] + password.append(random.choice(uppercase_letters)) + password.append(random.choice(lowercase_letters)) + password.append(random.choice(digits)) + password.append(random.choice(special_chars)) + + # Generate the remaining characters + remaining_length = length - 4 + remaining_chars = uppercase_letters + lowercase_letters + digits \ + + special_chars + password.extend(random.choices(remaining_chars, k=remaining_length)) + + # Shuffle the password characters randomly + random.shuffle(password) + + return "".join(password) + + +def get_default_subscription_id(credential=None): + if credential is None: + credential = DefaultAzureCredential() + + """Get the default subscription ID from Azure environment""" + subscription_client = SubscriptionClient(credential) + subscription_list = list(subscription_client.subscriptions.list()) + if not subscription_list: + raise Exception("No Azure subscriptions found") + + # Use the first subscription in the list + return subscription_list[0].subscription_id + + +def create_clients(subscription_id): + credential = DefaultAzureCredential() + if subscription_id is None: + subscription_id = get_default_subscription_id(credential) + resource_client = ResourceManagementClient(credential, subscription_id) + network_client = NetworkManagementClient(credential, subscription_id) + compute_client = ComputeManagementClient(credential, subscription_id) + devtestlabs_client = DevTestLabsClient(credential, subscription_id) + return (resource_client, network_client, compute_client, + devtestlabs_client, subscription_id) + + +def check_ports_protocals_and_priorities(ports, priorities, protocols): + if len(ports) != len(priorities): + print("Priorities and Ports length should be equal!") + exit(1) + if len(ports) != len(protocols): + print("Protocols and Ports length should be equal!") + exit(1) + + +def set_network_rules( + network_client, + resource_group, + allowed_sources_list, + nsg_name, + ports, + priorities, + protocols, +): + check_ports_protocals_and_priorities(ports, priorities, protocols) + + for i in range(len(ports)): + port = ports[i] + priority = priorities[i] + protocol = protocols[i] + print(f"\nCreating Network Port {port} rule...") + + nsg_rule_params = { + "protocol": protocol, + "source_address_prefix": allowed_sources_list, + "destination_address_prefix": "*", + "access": "Allow", + "direction": "Inbound", + "source_port_range": "*", + "destination_port_range": str(port), + "priority": priority, + "name": f"Network_Port_Rule_{port}", + } + + nsg_rule_poller = network_client.security_rules.begin_create_or_update( + resource_group_name=resource_group, + network_security_group_name=nsg_name, + security_rule_name=nsg_rule_params["name"], + security_rule_parameters=nsg_rule_params, + ) + nsg_rule = nsg_rule_poller.result() + print(f"Network rule '{nsg_rule.name}' created successfully.") + + +def create_public_ip(network_client, resource_group, location, machine_name): + print(f"\nCreating public IP address for {machine_name}") + unique_dns_name = f"{machine_name}-{random.randint(1000, 9999)}" + public_ip_params = { + "location": location, + "public_ip_allocation_method": "Static", + "dns_settings": { + "domain_name_label": unique_dns_name + }, + } + public_ip_poller = ( + network_client.public_ip_addresses + .begin_create_or_update( + resource_group.name, + f"{machine_name}-public-ip", + public_ip_params + ) + ) + public_ip = public_ip_poller.result() + print( + f"Public IP address '{public_ip.name}' with " + f"ip {public_ip.ip_address} created successfully." + ) + return public_ip + + +def create_network_interface( + network_client, resource_group, location, machine_name, + subnet_id, private_ip_address, public_ip, nsg_id + ): + print(f"\nCreating network interface for {machine_name}...") + nic_params = { + "location": location, + "ip_configurations": [ + { + "name": f"{machine_name}-ipconfig", + "subnet": {"id": subnet_id}, + "private_ip_address": private_ip_address, + "private_ip_allocation_method": "Static", + "public_ip_address": { + "id": public_ip.id + } + } + ], + "network_security_group": { + "id": nsg_id + } + } + nic_poller = network_client.network_interfaces.begin_create_or_update( + resource_group.name, f"{machine_name}-nic", nic_params + ) + nic = nic_poller.result() + print(f"Network interface '{nic.name}' created successfully with associated NSG.") + return nic + + +def set_auto_shutdown( + devtestlabs_client, subscription_id, resource_group_name, location, + vm_name, auto_shutdown_time, auto_shutdown_email + ): + print( + f"\nCreating Auto-Shutdown Rule for {vm_name} " + f"at time {auto_shutdown_time}...") + schedule_name = f"shutdown-computevm-{vm_name}" + + schedule_params = Schedule( + status="Enabled", + task_type="ComputeVmShutdownTask", + daily_recurrence={"time": auto_shutdown_time}, + time_zone_id="UTC", + notification_settings={ + "status": "Enabled" if auto_shutdown_email else "Disabled", + "time_in_minutes": 30, + "webhook_url": None, + "email_recipient": auto_shutdown_email, + }, + target_resource_id=( + f"/subscriptions/{subscription_id}/resourceGroups/" + f"{resource_group_name}/providers/Microsoft.Compute/" + f"virtualMachines/{vm_name}" + ), + location=location, + ) + + devtestlabs_client.global_schedules.create_or_update( + resource_group_name, schedule_name, schedule_params + ) + print(f"Auto-Shutdown Rule for {vm_name} created successfully.") + + +def save_to_parent_directory(filename, content): + script_dir = Path(__file__).resolve().parent + parent_dir = script_dir.parent + file_path = parent_dir / filename + with open(file_path, "w") as file: + file.write(content) + print(f"File saved: {file_path}") + + +# All arguments are keyword arguments +def main( + *, + resource_group: str, + location: str, + allowed_sources: str, + no_prompt: bool, + subscription_id: str = None, + vnet_name: str, + vnet_prefix: str, + subnet_name: str, + subnet_prefix: str, + ls_ip: str, + vm_admin: str, + machine_name: str, + ports: list[int], + priorities: list[int], + protocols: list[str], + vm_size: str, + image_publisher: str, + image_offer: str, + image_sku: str, + image_version: str, + os_disk_size_gb: int, + auto_shutdown_time: str = None, + auto_shutdown_email: str = None, +): + ( + resource_client, + network_client, + compute_client, + devtestlabs_client, + subscription_id + ) = create_clients(subscription_id) + + # Variables used for Azure tags + current_user = os.getenv("USER", "unknown") + today = datetime.now().strftime("%Y-%m-%d") + project = "LME" + + # Validation of Globals + allowed_sources_list = allowed_sources.split(",") + if len(allowed_sources_list) < 1: + print( + "**ERROR**: Variable AllowedSources must " + "be set (set with -AllowedSources or -s)" + ) + exit(1) + + # Confirmation + print("Supplied configuration:\n") + + print(f"Location: {location}") + print(f"Resource group: {resource_group}") + print(f"Allowed sources (IP's): {allowed_sources_list}") + + if not no_prompt: + proceed = input("\nProceed? (Y/n) ") + while proceed.lower() not in ["y", "n"]: + proceed = input("\nProceed? (Y/n) ") + + if proceed.lower() == "n": + print("Setup canceled") + exit() + + # Setup resource group + print("\nCreating resource group...") + resource_group_params = { + "location": location, + "tags": { + "user": current_user, + "created_on": today, + "project": project, + }, + } + resource_group = resource_client.resource_groups.create_or_update( + resource_group, resource_group_params + ) + print(f"Resource group '{resource_group.name}' created successfully.") + + # Setup network + print("\nCreating virtual network...") + vnet_params = { + "location": location, + "address_space": {"address_prefixes": [vnet_prefix]}, + "subnets": [{"name": subnet_name, "address_prefix": subnet_prefix}], + "tags": { + "user": current_user, + "created_on": today, + "project": project, + }, + } + vnet_poller = network_client.virtual_networks.begin_create_or_update( + resource_group_name=resource_group.name, + virtual_network_name=vnet_name, + parameters=vnet_params, + ) + vnet = vnet_poller.result() + print(f"Virtual network '{vnet.name}' created successfully.") + + print("\nCreating network security group...") + nsg_params = { + "location": location, + "tags": { + "user": current_user, + "created_on": today, + "project": project, + }, + } + nsg_poller = network_client.network_security_groups.begin_create_or_update( + resource_group_name=resource_group.name, + network_security_group_name="NSG1", + parameters=nsg_params, + ) + nsg = nsg_poller.result() + print(f"Network security group '{nsg.name}' created successfully.") + + set_network_rules( + network_client, + resource_group.name, + allowed_sources, + nsg.name, + ports, + priorities, + protocols, + ) + + + # Create the VM + vm_password = generate_password() + + print( + f"\nWriting {vm_admin} password to {resource_group.name}.password.txt" + ) + save_to_parent_directory( + f"{resource_group.name}.password.txt", vm_password + ) + + subnet_id = ( + f"/subscriptions/{subscription_id}/" + f"resourceGroups/{resource_group.name}/" + f"providers/Microsoft.Network/" + f"virtualNetworks/{vnet_name}/" + f"subnets/{subnet_name}" + ) + + public_ip = create_public_ip( + network_client, resource_group, location, machine_name + ) + + print(f"\nWriting public_ip to {resource_group.name}.ip.txt") + save_to_parent_directory( + f"{resource_group.name}.ip.txt", + public_ip.ip_address + ) + + nic = create_network_interface( + network_client, + resource_group, + location, + machine_name, + subnet_id, + ls_ip, + public_ip, + nsg.id + ) + + print(f"\nCreating {machine_name}...") + ls1_params = { + "location": location, + "hardware_profile": {"vm_size": vm_size}, + "additional_capabilities": { + "nested_virtualization_enabled": True + }, + "storage_profile": { + "image_reference": { + "publisher": image_publisher, + "offer": image_offer, + "sku": image_sku, + "version": image_version, + }, + "os_disk": { + "create_option": "FromImage", + "disk_size_gb": os_disk_size_gb, + }, + }, + "os_profile": { + "computer_name": f"{machine_name}", + "admin_username": vm_admin, + "admin_password": vm_password, + }, + "network_profile": { + "network_interfaces": [ + { + "id": nic.id, + } + ], + }, + "tags": { + "user": current_user, + "created_on": today, + "project": project, + }, + } + ls1_poller = compute_client.virtual_machines.begin_create_or_update( + resource_group_name=resource_group.name, + vm_name=machine_name, + parameters=ls1_params, + ) + ls1 = ls1_poller.result() + print(f"Virtual machine '{ls1.name}' created successfully.") + + # Configure Auto-Shutdown + if auto_shutdown_time: + set_auto_shutdown( + devtestlabs_client, + subscription_id, + resource_group.name, + location, + machine_name, + auto_shutdown_time, + auto_shutdown_email + ) + + print("\nVM login info:") + print(f"ResourceGroup: {resource_group.name}") + print(f"PublicIP: {public_ip.ip_address}") + print(f"Username: {vm_admin}") + print(f"Password: {vm_password}") + print("SAVE THE ABOVE INFO\n") + + print("Done.") + + +if __name__ == "__main__": + parser = argparse.ArgumentParser(description="Setup Testbed for LME") + parser.add_argument( + "-l", + "--location", + default="westus", + help="Location where the cluster will be built. Default westus", + ) + parser.add_argument( + "-g", "--resource-group", required=True, help="Resource group name" + ) + parser.add_argument( + "-s", + "--allowed-sources", + required=True, + help="XX.XX.XX.XX/YY,XX.XX.XX.XX/YY,etc... Comma-separated " + "list of CIDR prefixes or IP ranges", + ) + parser.add_argument( + "-y", + "--no-prompt", + action="store_true", + help="Run the script with no prompt (useful for automated runs)", + ) + parser.add_argument( + "-sid", + "--subscription-id", + help="Azure subscription ID. If not provided, " + "the default subscription ID will be used.", + ) + parser.add_argument( + "-vn", + "--vnet-name", + default="VNet1", + help="Virtual network name. Default: VNet1", + ) + parser.add_argument( + "-vp", + "--vnet-prefix", + default="10.1.0.0/16", + help="Virtual network prefix. Default: 10.1.0.0/16", + ) + parser.add_argument( + "-sn", "--subnet-name", + default="SNet1", + help="Subnet name. Default: SNet1" + ) + parser.add_argument( + "-sp", + "--subnet-prefix", + default="10.1.0.0/24", + help="Subnet prefix. Default: 10.1.0.0/24", + ) + parser.add_argument( + "-ip", + "--ls-ip", + default="10.1.0.5", + help="IP address for the VM. Default: 10.1.0.5", + ) + parser.add_argument( + "-u", + "--vm-admin", + default="lme-user", + help="Admin username for the VM. Default: lme-user", + ) + parser.add_argument( + "-m", "--machine-name", + default="ubuntu", + help="Name of the VM. Default: ubuntu" + ) + parser.add_argument( + "-p", + "--ports", + type=int, + nargs="+", + default=[22, 443], + help="Ports to open. Default: [22, 443]", + ) + parser.add_argument( + "-pr", + "--priorities", + type=int, + nargs="+", + default=[1001, 1002], + help="Priorities for the ports. Default: [1001, 1002]", + ) + parser.add_argument( + "-pt", + "--protocols", + nargs="+", + default=["Tcp", "Tcp"], + help="Protocols for the ports. Default: ['Tcp']", + ) + parser.add_argument( + "-vs", + "--vm-size", + default="Standard_E2d_v4", + help="Size of the virtual machine. Default: Standard_E2d_v4", + # Standard_D8_v4 for testing minimega and a linux install of LME + # Standard_D16d_v4 is the smallest VM size that we can get away + # with for minimega to include all the machines + ) + parser.add_argument( + "-pub", + "--image-publisher", + default="Canonical", + help="Publisher of the VM image. Default: Canonical", + ) + parser.add_argument( + "-io", + "--image-offer", + default="0001-com-ubuntu-server-jammy", + help="Offer of the VM image. Default: 0001-com-ubuntu-server-jammy", + ) + parser.add_argument( + "-is", + "--image-sku", + default="22_04-lts-gen2", + help="SKU of the VM image. Default: 22_04-lts-gen2", + ) + # ubuntu-24_04-lts + parser.add_argument( + "-iv", + "--image-version", + default="latest", + help="Version of the VM image. Default: latest", + ) + parser.add_argument( + "-os", + "--os-disk-size-gb", + type=int, + default=128, + help="Size of the OS disk in GB. Default: 128", + ) + parser.add_argument( + "-ast", + "--auto-shutdown-time", + help="Auto-Shutdown time in UTC (HH:MM, e.g. 22:30, 00:00, 19:00). " + "Convert timezone as necessary.", + ) + parser.add_argument( + "-ase", + "--auto-shutdown-email", + help="Auto-shutdown notification email", + ) + + args = parser.parse_args() + check_ports_protocals_and_priorities( + args.ports, args.priorities, args.protocols + ) + + main( + resource_group=args.resource_group, + location=args.location, + allowed_sources=args.allowed_sources, + no_prompt=args.no_prompt, + subscription_id=args.subscription_id, + vnet_name=args.vnet_name, + vnet_prefix=args.vnet_prefix, + subnet_name=args.subnet_name, + subnet_prefix=args.subnet_prefix, + ls_ip=args.ls_ip, + vm_admin=args.vm_admin, + machine_name=args.machine_name, + ports=args.ports, + priorities=args.priorities, + protocols=args.protocols, + vm_size=args.vm_size, + image_publisher=args.image_publisher, + image_offer=args.image_offer, + image_sku=args.image_sku, + image_version=args.image_version, + os_disk_size_gb=args.os_disk_size_gb, + auto_shutdown_time=args.auto_shutdown_time, + auto_shutdown_email=args.auto_shutdown_email, + ) diff --git a/testing/v2/installers/azure/build_azure_linux_network_requirements.txt b/testing/v2/installers/azure/build_azure_linux_network_requirements.txt new file mode 100644 index 00000000..466ceba1 --- /dev/null +++ b/testing/v2/installers/azure/build_azure_linux_network_requirements.txt @@ -0,0 +1,6 @@ +azure-identity>=1.7.0 +azure-mgmt-resource>=21.0.0 +azure-mgmt-network>=20.0.0 +azure-mgmt-compute>=27.0.0 +azure-mgmt-subscription>=3.0.0 +azure-mgmt-devtestlabs==9.0.0 \ No newline at end of file diff --git a/testing/v2/installers/install_v2/install.sh b/testing/v2/installers/install_v2/install.sh new file mode 100755 index 00000000..5921e957 --- /dev/null +++ b/testing/v2/installers/install_v2/install.sh @@ -0,0 +1,42 @@ +#!/usr/bin/env bash + +set -e + +# Check if the required arguments are provided +if [ $# -lt 3 ]; then + echo "Usage: $0 " + exit 1 +fi + +# Set the remote server details from the command-line arguments +user=$1 +hostname=$2 +password_file=$3 +branch=$4 + +# Store the original working directory +ORIGINAL_DIR="$(pwd)" + +# Get the directory of the script +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + +# Change to the parent directory of the script +cd "$SCRIPT_DIR/.." + +# Copy the SSH key to the remote machine +./lib/copy_ssh_key.sh $user $hostname $password_file + +echo "Installing ansible" +ssh -o StrictHostKeyChecking=no $user@$hostname 'sudo apt-get update && sudo apt-get -y install ansible' + + +# Need to set up so we can checkout a particular branch or pull down a release +echo "Checking out code" +ssh -o StrictHostKeyChecking=no $user@$hostname "cd ~ && rm -rf LME && git clone https://github.com/cisagov/LME.git && cd LME && git checkout -t origin/${branch}" +echo "Code cloned to $HOME/LME" + +echo "Running ansible installer" +ssh -o StrictHostKeyChecking=no $user@$hostname "cd ~/LME && cp config/example.env config/lme-environment.env && ansible-playbook scripts/install_lme_local.yml" + +# Change back to the original directory +cd "$ORIGINAL_DIR" diff --git a/testing/v2/installers/install_v2/install_in_minimega.sh b/testing/v2/installers/install_v2/install_in_minimega.sh new file mode 100755 index 00000000..c46d5c37 --- /dev/null +++ b/testing/v2/installers/install_v2/install_in_minimega.sh @@ -0,0 +1,69 @@ +#!/bin/bash + +# Initialize variables +VM_NAME="" +VM_USER="" +MAX_ATTEMPTS=30 +SLEEP_INTERVAL=10 + +# Function to print usage +usage() { + echo "Usage: $0 -n -u " + echo " -n Specify the VM name" + echo " -u Specify the VM user" + exit 1 +} + +# Parse command-line arguments +while getopts "n:u:" opt; do + case $opt in + n) VM_NAME="$OPTARG" ;; + u) VM_USER="$OPTARG" ;; + *) usage ;; + esac +done + +# Check if required arguments are provided +if [[ -z "$VM_NAME" || -z "$VM_USER" ]]; then + echo "Error: Both VM name and VM user must be provided." + usage +fi + +get_ip() { + /opt/minimega/bin/minimega -e .json true .filter name="$VM_NAME" vm info | jq -r '.[].Data[].Networks[].IP4' +} + +echo "Waiting for IP assignment for VM: $VM_NAME (User: $VM_USER)" + +IP="" +for ((i=1; i<=MAX_ATTEMPTS; i++)); do + IP=$(get_ip) + + if [[ -z "$IP" || "$IP" == "null" ]]; then + echo "Attempt $i: No IP assigned yet. Waiting $SLEEP_INTERVAL seconds..." + + if [[ $i -eq $MAX_ATTEMPTS ]]; then + echo "Timeout: Failed to get IP for $VM_NAME after $MAX_ATTEMPTS attempts." + exit 1 + fi + + sleep $SLEEP_INTERVAL + else + echo "The IP of $VM_NAME is $IP" + break + fi +done + +echo "VM Name: $VM_NAME" +echo "VM User: $VM_USER" +echo "VM IP: $IP" + +ssh -o StrictHostKeyChecking=no $VM_USER@$IP 'sudo apt-get update && sudo apt-get -y install ansible' + +echo "Ansible installed successfully on $VM_NAME" + +ssh -o StrictHostKeyChecking=no $VM_USER@$IP 'cd ~ && git clone https://github.com/cisagov/LME.git' + +# Run the ansible installer here once it is merged to LME + + diff --git a/testing/v2/installers/lib/copy_ssh_key.sh b/testing/v2/installers/lib/copy_ssh_key.sh new file mode 100755 index 00000000..f1f7a36e --- /dev/null +++ b/testing/v2/installers/lib/copy_ssh_key.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env bash + +# Check if the required arguments are provided +if [ $# -lt 3 ]; then + echo "Usage: $0 " + exit 1 +fi + +# Check if sshpass is installed +if ! command -v sshpass &> /dev/null; then + echo "Error: sshpass is not installed. Please install sshpass and try again." + exit 1 +fi + +# Set the remote server details from the command-line arguments +user=$1 +hostname=$2 +password_file=$3 + +# Set the SSH key path +ssh_key_path="$HOME/.ssh/id_rsa" + +# Generate an SSH key non-interactively if it doesn't exist +if [ ! -f "$ssh_key_path" ]; then + ssh-keygen -t rsa -N "" -f "$ssh_key_path" <</dev/null 2>&1 +fi +echo password_file $password_file ssh_key_path $ssh_key_path +ls $password_file +ls $ssh_key_path +# Use sshpass with the password file to copy the SSH key to the remote server +sshpass -f "$password_file" ssh-copy-id -o StrictHostKeyChecking=no -i "$ssh_key_path.pub" $user@$hostname diff --git a/testing/v2/installers/minimega/README.md b/testing/v2/installers/minimega/README.md new file mode 100644 index 00000000..372abc55 --- /dev/null +++ b/testing/v2/installers/minimega/README.md @@ -0,0 +1,67 @@ +# MinimegaSetup Scripts + +This repository contains a collection of scripts to automate the setup and installation of Minimega, a powerful tool for orchestrating and managing large-scale virtual machine experiments. + +## Scripts Overview + +1. `copy_ssh_key.sh`: Copies an SSH key to a remote server. +1. `create_bridge.sh`: Creates a network bridge for Minimega. +1. `install.sh`: Main installation script for setting up Minimega on a remote server. +1. `install_local.sh`: Installs Minimega on the local machine. +1. `set_gopath.sh`: Sets up the GOPATH for Go programming. +1. `update_packages.sh`: Updates and installs necessary packages. +1. `fix_dnsmasq.sh`: Stops and disables the dnsmasq service. + +## Usage + +### Remote Installation + +To install Minimega on a remote server, use the `install.sh` script: + +```bash +./install.sh +``` + +This script will: +- Copy the SSH key to the remote server +- Copy the Minimega directory to the remote server +- Update packages and reboot the server +- Set up DNS, GOPATH, and install Minimega +- Configure and start Minimega and Miniweb services +- Create a network bridge + +### Local Installation +Note: I don't have a machine to test this on but it follows the same pattern as the remote script. + +To install Minimega on your local machine, use the `install_local.sh` script: + + +```bash +sudo ./install_local.sh +``` + +This script performs similar operations as the remote installation but on the local machine. + +## Individual Scripts + +- `copy_ssh_key.sh`: Copies an SSH key to a remote server. Usage: `./copy_ssh_key.sh ` +- `create_bridge.sh`: Creates a network bridge named `mega_bridge`. +- `set_gopath.sh`: Sets up the GOPATH for a specified user. Usage: `sudo ./set_gopath.sh ` +- `update_packages.sh`: Updates the system and installs necessary packages. Run with sudo. +- `fix_dnsmasq.sh`: Stops and disables the dnsmasq service. Run with sudo. + +## Requirements + +- These scripts are designed to run on a Debian-based Linux system. +- sudo privileges are required for many operations. +- For remote installation, SSH access to the target server is necessary. + +## Notes + +- The `install.sh` script will reboot the remote server during the installation process. +- Make sure to review and understand each script before running, especially when using sudo privileges. +- The `password_file` used in `copy_ssh_key.sh` and `install.sh` should contain the SSH password for the remote server. + +## Disclaimer + +These scripts make significant changes to system configurations. Always test in a safe environment before using in production. \ No newline at end of file diff --git a/testing/v2/installers/minimega/check_dpkg_lock.sh b/testing/v2/installers/minimega/check_dpkg_lock.sh new file mode 100755 index 00000000..af43a8af --- /dev/null +++ b/testing/v2/installers/minimega/check_dpkg_lock.sh @@ -0,0 +1,31 @@ +#!/bin/bash + +# Function to check if the lock file exists and is held by a process +check_lock() { + if [ -f /var/lib/dpkg/lock-frontend ]; then + pid=$(fuser /var/lib/dpkg/lock-frontend 2>/dev/null) + if [ ! -z "$pid" ]; then + echo "Lock is held by process $pid: $(ps -o comm= -p $pid)" + return 0 + fi + fi + return 1 +} + +echo "Waiting for dpkg lock to be released..." + +# Loop until the lock is released +while check_lock; do + echo "Still waiting... Will check again in 10 seconds." + sleep 10 +done + +echo "Lock has been released. You can now run your apt commands." + +# Run the command passed as arguments to this script +if [ $# -gt 0 ]; then + echo "Executing command: $@" + "$@" +else + echo "No command specified. Exiting." +fi \ No newline at end of file diff --git a/testing/v2/installers/minimega/copy_ssh_key.sh b/testing/v2/installers/minimega/copy_ssh_key.sh new file mode 100755 index 00000000..f1f7a36e --- /dev/null +++ b/testing/v2/installers/minimega/copy_ssh_key.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env bash + +# Check if the required arguments are provided +if [ $# -lt 3 ]; then + echo "Usage: $0 " + exit 1 +fi + +# Check if sshpass is installed +if ! command -v sshpass &> /dev/null; then + echo "Error: sshpass is not installed. Please install sshpass and try again." + exit 1 +fi + +# Set the remote server details from the command-line arguments +user=$1 +hostname=$2 +password_file=$3 + +# Set the SSH key path +ssh_key_path="$HOME/.ssh/id_rsa" + +# Generate an SSH key non-interactively if it doesn't exist +if [ ! -f "$ssh_key_path" ]; then + ssh-keygen -t rsa -N "" -f "$ssh_key_path" <</dev/null 2>&1 +fi +echo password_file $password_file ssh_key_path $ssh_key_path +ls $password_file +ls $ssh_key_path +# Use sshpass with the password file to copy the SSH key to the remote server +sshpass -f "$password_file" ssh-copy-id -o StrictHostKeyChecking=no -i "$ssh_key_path.pub" $user@$hostname diff --git a/testing/v2/installers/minimega/create_bridge.sh b/testing/v2/installers/minimega/create_bridge.sh new file mode 100755 index 00000000..b0a36331 --- /dev/null +++ b/testing/v2/installers/minimega/create_bridge.sh @@ -0,0 +1,4 @@ +#!/bin/sh +set -e +sudo ovs-vsctl add-br mega_bridge +sudo ovs-vsctl set bridge mega_bridge stp_enable=false \ No newline at end of file diff --git a/testing/v2/installers/minimega/fix_dnsmasq.sh b/testing/v2/installers/minimega/fix_dnsmasq.sh new file mode 100755 index 00000000..bcdd2485 --- /dev/null +++ b/testing/v2/installers/minimega/fix_dnsmasq.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash +systemctl stop dnsmasq +systemctl disable dnsmasq diff --git a/testing/v2/installers/minimega/install.sh b/testing/v2/installers/minimega/install.sh new file mode 100755 index 00000000..5ac33d63 --- /dev/null +++ b/testing/v2/installers/minimega/install.sh @@ -0,0 +1,77 @@ +#!/usr/bin/env bash + +set -e + +# Check if the required arguments are provided +if [ $# -lt 3 ]; then + echo "Usage: $0 " + exit 1 +fi + +# Set the remote server details from the command-line arguments +user=$1 +hostname=$2 +password_file=$3 + +# Store the original working directory +ORIGINAL_DIR="$(pwd)" + +# Get the directory of the script +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + +# Change to the parent directory of the script +cd "$SCRIPT_DIR/.." + +# Copy the SSH key to the remote machine +./minimega/copy_ssh_key.sh $user $hostname $password_file + +# Copy the minimega directory to the remote machine +scp -r ./minimega $user@$hostname:/home/$user + +# Run the update_packages.sh script on the remote machine this reboots the machine +ssh $user@$hostname "cd /home/$user/minimega && sudo ./update_packages.sh" + +# Reboot the server to apply the changes +ssh $user@$hostname "sudo shutdown -r now" || true + +echo "Server is rebooting..." + +# Loop until the server is reachable via SSH +echo "Waiting for the server to come back..." +while ! ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no $user@$hostname "exit" >/dev/null 2>&1; do + sleep 5 +done +echo "Server is back online." + +# Additional check: Verify that necessary services are running +echo "Verifying necessary services are running..." +while ! ssh -o ConnectTimeout=5 -o StrictHostKeyChecking=no $user@$hostname "ls" >/dev/null 2>&1; do + sleep 5 +done + +echo "Necessary services are running." + +# Fix the DNS settings +ssh $user@$hostname "cd /home/$user/minimega && sudo ./fix_dnsmasq.sh" + +# Set the GOPATH +ssh $user@$hostname "cd /home/$user/minimega && sudo ./set_gopath.sh '$user'" + +# Install minimega +ssh $user@$hostname "wget -q https://github.com/sandia-minimega/minimega/releases/download/2.9/minimega-2.9.deb && sudo apt install ./minimega-2.9.deb" + +# Set up the minimega service and start it +ssh $user@$hostname "cd /home/$user/minimega && sudo cp minimega.service /etc/systemd/system/ && sudo systemctl daemon-reload && sudo systemctl enable minimega && sudo systemctl start minimega" + +# Set up the miniweb service and start it +ssh $user@$hostname "cd /home/$user/minimega && sudo cp miniweb.service /etc/systemd/system/ && sudo systemctl daemon-reload && sudo systemctl enable miniweb && sudo systemctl start miniweb" + +# Set the path for minimega +ssh $user@$hostname "echo 'export PATH=\$PATH:/opt/minimega/bin/' | sudo tee -a /root/.bashrc" +ssh $user@$hostname "echo 'export PATH=\$PATH:/opt/minimega/bin/' >> /home/$user/.bashrc" + +# Create the bridge +ssh $user@$hostname "cd /home/$user/minimega && sudo ./create_bridge.sh" + +# Change back to the original directory +cd "$ORIGINAL_DIR" diff --git a/testing/v2/installers/minimega/install_local.sh b/testing/v2/installers/minimega/install_local.sh new file mode 100755 index 00000000..d4a57f58 --- /dev/null +++ b/testing/v2/installers/minimega/install_local.sh @@ -0,0 +1,29 @@ +#!/usr/bin/env bash +$user=$(whoami) +set -e + +sudo ./update_packages.sh + +# Fix the DNS settings +sudo ./fix_dnsmasq.sh + +# Set the GOPATH +sudo ./set_gopath.sh $user + +# Install minimega +wget -O /tmp/minimega-2.9.deb https://github.com/sandia-minimega/minimega/releases/download/2.9/minimega-2.9.deb + +sudo apt install /tmp/minimega-2.9.deb + +echo "export PATH=$PATH:/opt/minimega/bin/" >> /root/.bashrc + +# Set up the service and start minimega and miniweb services +sudo cp minimega.service miniweb.service /etc/systemd/system/ && sudo systemctl daemon-reload + +sudo systemctl enable minimega && sudo systemctl start minimega + +sudo systemctl enable miniweb && sudo systemctl start miniweb + +sudo ./create_bridge.sh + +sudo ./fix_dnsmasq.sh \ No newline at end of file diff --git a/testing/v2/installers/minimega/minimega.service b/testing/v2/installers/minimega/minimega.service new file mode 100644 index 00000000..5c7b27b6 --- /dev/null +++ b/testing/v2/installers/minimega/minimega.service @@ -0,0 +1,11 @@ +[Unit] +Description=minimega +After=network.target + +[Service] +ExecStart=/opt/minimega/bin/minimega -nostdin & +Restart=always +WorkingDirectory=/opt/minimega + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/testing/v2/installers/minimega/miniweb.service b/testing/v2/installers/minimega/miniweb.service new file mode 100644 index 00000000..621e90b8 --- /dev/null +++ b/testing/v2/installers/minimega/miniweb.service @@ -0,0 +1,11 @@ +[Unit] +Description=minimega +After=network.target + +[Service] +ExecStart=/opt/minimega/bin/miniweb -level debug -logfile /var/log/miniweb.log -root /opt/minimega/web/web/ +Restart=always +WorkingDirectory=/opt/minimega + +[Install] +WantedBy=multi-user.target diff --git a/testing/v2/installers/minimega/set_gopath.sh b/testing/v2/installers/minimega/set_gopath.sh new file mode 100755 index 00000000..0a843aa8 --- /dev/null +++ b/testing/v2/installers/minimega/set_gopath.sh @@ -0,0 +1,11 @@ +#!/usr/bin/env bash + +user=$1 + +echo "export GOPATH=/home/user/work" >> /home/$user/.bashrc +echo "export GOROOT=/usr/lib/go" >> /home/$user/.bashrc +echo "export PATH=$PATH:/usr/lib/go/bin" >> /home/$user/.bashrc + +echo "export GOPATH=$HOME/work" >> ~/.bashrc +echo "export GOROOT=/usr/lib/go" >> ~/.bashrc +echo "export PATH=$PATH:/usr/lib/go/bin" >> ~/.bashrc \ No newline at end of file diff --git a/testing/v2/installers/minimega/update_packages.sh b/testing/v2/installers/minimega/update_packages.sh new file mode 100755 index 00000000..7f8c9c4b --- /dev/null +++ b/testing/v2/installers/minimega/update_packages.sh @@ -0,0 +1,48 @@ +#!/usr/bin/env bash + +if [[ $EUID -ne 0 ]]; then + echo "This script must be run with sudo or as root." + exit 1 +fi + +export DEBIAN_FRONTEND=noninteractive +apt-get update + +# Get Ubuntu version +ubuntu_version=$(lsb_release -rs) +major_version=$(echo $ubuntu_version | cut -d. -f1) + +# Common packages for both versions +common_packages=( + libpcap-dev + libreadline-dev + qemu-kvm + openvswitch-switch + dnsmasq + bird + build-essential + tmux + curl + wget + nano + git + unzip + golang + jq + qemu-utils + libguestfs-tools +) + +# Check Ubuntu version and install appropriate packages +if [ "$major_version" -lt 24 ]; then + echo "Ubuntu version is below 24. Installing packages for Ubuntu $ubuntu_version" + ./check_dpkg_lock.sh apt-get install -y "${common_packages[@]}" qemu +else + echo "Ubuntu version is 24 or above. Installing packages for Ubuntu $ubuntu_version" + ./check_dpkg_lock.sh apt-get install -y "${common_packages[@]}" \ + qemu-system \ + qemu-user \ + qemu-user-static \ + qemu-utils \ + qemu-block-extra +fi \ No newline at end of file diff --git a/testing/v2/installers/ubuntu_qcow_maker/README.md b/testing/v2/installers/ubuntu_qcow_maker/README.md new file mode 100644 index 00000000..1a3e8806 --- /dev/null +++ b/testing/v2/installers/ubuntu_qcow_maker/README.md @@ -0,0 +1,94 @@ +# Ubuntu QCOW Maker + +This project contains a set of scripts to create and manage Ubuntu QCOW2 images and virtual machines using Minimega. The main purpose is to simplify the process of setting up and running Ubuntu VMs on a remote machine. + +## Quick Start + +To set up everything on a remote machine, use the `install.sh` script: + +```bash +./install.sh +``` + +Replace ``, ``, and `` with appropriate values for your remote machine. + +## Script Descriptions + +1. `install.sh`: Main installation script that sets up the environment on a remote machine. +2. `create_ubuntu_qcow.sh`: Creates an Ubuntu QCOW2 image with cloud-init configuration. +3. `create_vm_from_qcow.sh`: Creates a VM from the QCOW2 image with customizable options. +4. `create_tap.sh`: Creates a TAP interface for networking with customizable options. +5. `iptables.sh`: Sets up iptables rules for network connectivity with configurable interfaces. +6. `clear_cloud_config.sh`: Cleans up cloud-init artifacts from the image, with options for mount path and image location. +7. `get_ip_of_machine.sh`: Retrieves the IP address of a VM with a configurable number of attempts. +8. `wait_for_login.sh`: Waits for the VM to become accessible via SSH, with customizable timeout and interval. +9. `remove_test_files.sh`: Removes temporary files created during the process. +10. `setup_dnsmasq.sh`: Sets up dnsmasq for DHCP and DNS services with customizable IP ranges. + +## Prerequisites + +- Minimega installed on the remote machine +- SSH access to the remote machine +- Sufficient permissions to run scripts with sudo +- `cloud-image-utils` package (installed by the script if not present) +- `jq` command-line JSON processor (used in some scripts) + +## Usage + +1. Clone this repository to your local machine. +2. Ensure that the scripts have execute permissions: + ```bash + chmod +x *.sh + ``` +3. Run the `install.sh` script with appropriate parameters: + ```bash + ./install.sh + ``` + +This will set up the environment on the remote machine, create the QCOW2 image, and launch a VM. + +## Customization + +You can modify or use command-line options for the following scripts to customize the setup: + +- `create_ubuntu_qcow.sh`: Adjust VM specifications (memory, CPUs) or cloud-init configuration. +- `create_vm_from_qcow.sh`: Modify VM settings for the final VM. Use `-h` or `--help` to see available options. +- `create_tap.sh`: Customize TAP interface name and IP address using `-t` or `--tap` and `-i` or `--ip` options. +- `iptables.sh`: Customize network settings and firewall rules by specifying WAN and INTERNAL interfaces as arguments. +- `clear_cloud_config.sh`: Customize mount path and disk image location using `-m` or `--mount-path` and `-i` or `--image` options. +- `setup_dnsmasq.sh`: Customize IP ranges for DHCP using `-s` or `--start-ip`, `-r` or `--range-start`, and `-e` or `--range-end` options. + +## Troubleshooting + +- If you encounter network issues, check the output of `iptables.sh` for connectivity test results. +- Use `get_ip_of_machine.sh` to retrieve the IP address of a VM if needed. +- The `wait_for_login.sh` script can be used to verify when a VM is ready for SSH access. It includes a configurable number of attempts and sleep interval. +- If you're having issues with DNS or DHCP, check the configuration of `setup_dnsmasq.sh`. + +## Cleanup + +To remove temporary files created during the process, run: + +```bash +./remove_test_files.sh +``` + +## Note + +This project assumes you have Minimega installed and properly configured on the remote machine. Make sure you have the necessary permissions and that Minimega is running before using these scripts. + +## Security Considerations + +- The scripts use SSH key-based authentication for increased security. +- Ensure that the `password_file` used with `install.sh` is stored securely and deleted after use. +- Review and adjust the iptables rules in `iptables.sh` to match your security requirements. +- When using `setup_dnsmasq.sh`, ensure that the IP ranges are appropriate for your network and don't conflict with existing DHCP servers. + +## Troubleshooting + +If you encounter issues: +1. Check Minimega logs for any errors. +2. Ensure all prerequisites are installed and up-to-date. +3. Verify network settings and firewall rules. +4. Use the `--help` option with scripts that support it for usage information. +5. If you're having DHCP or DNS issues, check the dnsmasq configuration set by `setup_dnsmasq.sh`. diff --git a/testing/v2/installers/ubuntu_qcow_maker/clear_cloud_config.sh b/testing/v2/installers/ubuntu_qcow_maker/clear_cloud_config.sh new file mode 100755 index 00000000..1d6eea89 --- /dev/null +++ b/testing/v2/installers/ubuntu_qcow_maker/clear_cloud_config.sh @@ -0,0 +1,77 @@ +#!/bin/bash +set -e + +# Default values +MOUNT_PATH="/mnt/disk_image" +DISK_IMAGE="/home/lme-user/ubuntu_qcow_maker/jammy-server-cloudimg-amd64.img" + +# Function to print usage +print_usage() { + echo "Usage: $0 [OPTIONS]" + echo "Options:" + echo " -m, --mount-path PATH Specify the mount path (default: $MOUNT_PATH)" + echo " -i, --image PATH Specify the path to the disk image (default: $DISK_IMAGE)" + echo " -h, --help Show this help message" +} + +# Parse command-line options +while [[ $# -gt 0 ]]; do + case $1 in + -m|--mount-path) + MOUNT_PATH="$2" + shift 2 + ;; + -i|--image) + DISK_IMAGE="$2" + shift 2 + ;; + -h|--help) + print_usage + exit 0 + ;; + *) + echo "Unknown option: $1" + print_usage + exit 1 + ;; + esac +done + +echo "Using mount path: $MOUNT_PATH" +echo "Using disk image: $DISK_IMAGE" + +sudo mkdir -p $MOUNT_PATH + +# Mount the image +sudo guestmount -a "$DISK_IMAGE" -m /dev/sda1 $MOUNT_PATH + +# Remove cloud-init artifacts +sudo rm -rf $MOUNT_PATH/var/lib/cloud/* + +# Remove the file that indicates cloud-init has already run +sudo rm -f $MOUNT_PATH/etc/cloud/cloud-init.disabled + +# Set up a default name server +sudo sed -i 's/#DNS=/DNS=8.8.8.8/g' $MOUNT_PATH/etc/systemd/resolved.conf + +# Truncate the machine-id file +sudo truncate -s 0 $MOUNT_PATH/etc/machine-id + +# Remove the file that stores the instance ID +sudo rm -f $MOUNT_PATH/var/lib/dbus/machine-id + +# Modify the netplan configuration created by cloud-init +NETPLAN_FILE=$MOUNT_PATH/etc/netplan/50-cloud-init.yaml +NEW_CONTENT=$(cat << EOF +network: + ethernets: + ens1: + dhcp4: true + dhcp6: true + version: 2 +EOF +) +echo "$NEW_CONTENT" | sudo tee "$NETPLAN_FILE" > /dev/null + +# Unmount the image +sudo umount $MOUNT_PATH diff --git a/testing/v2/installers/ubuntu_qcow_maker/create_tap.sh b/testing/v2/installers/ubuntu_qcow_maker/create_tap.sh new file mode 100755 index 00000000..ce4e977c --- /dev/null +++ b/testing/v2/installers/ubuntu_qcow_maker/create_tap.sh @@ -0,0 +1,26 @@ +#!/usr/bin/env bash + +# Default values +TAP_NAME="100" +IP_ADDRESS="10.0.0.1/24" + +# Parse command line arguments +while [[ $# -gt 0 ]]; do + case $1 in + -t|--tap) + TAP_NAME="$2" + shift 2 + ;; + -i|--ip) + IP_ADDRESS="$2" + shift 2 + ;; + *) + echo "Unknown argument: $1" + exit 1 + ;; + esac +done + +# Execute the minimega command with the provided or default arguments +sudo /opt/minimega/bin/minimega -e tap create "$TAP_NAME" ip "$IP_ADDRESS" diff --git a/testing/v2/installers/ubuntu_qcow_maker/create_ubuntu_qcow.sh b/testing/v2/installers/ubuntu_qcow_maker/create_ubuntu_qcow.sh new file mode 100755 index 00000000..aed08bf1 --- /dev/null +++ b/testing/v2/installers/ubuntu_qcow_maker/create_ubuntu_qcow.sh @@ -0,0 +1,152 @@ +#!/bin/bash + +set -e + +# Check if the script is run as root +if [ "$(id -u)" -ne 0 ]; then + echo "This script must be run as root" + exit 1 +fi + +# Set variables +export VM_NAME="ubuntu-builder" +#export VM_NAME="ubuntu-runner" +export IMG_URL="https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img" +export IMG_NAME="jammy-server-cloudimg-amd64.img" +export MEMORY="2048" # Memory size in MB, adjust as needed +export CPUS="2" # Number of CPUs, adjust as needed +export QMP_TIMEOUT="30s" # QMP timeout in seconds, adjust as needed + +get_vm_ip() { + #minimega -e .json true .filter name="$VM_NAME" vm info | jq -r '.[].Data[].Networks[].IP4' + /opt/minimega/bin/minimega -e .json true vm info | jq -r ".[] | select(.Data[].Name == \"$VM_NAME\") | .Data[].Networks[].IP4" +} + +# Path for the SSH keys +SSH_KEY_PATH="$HOME/.ssh/id_rsa" +# Check if SSH key already exists +if [ ! -f "$SSH_KEY_PATH" ]; then + echo "SSH key not found, generating a new one..." + ssh-keygen -t rsa -b 2048 -f "$SSH_KEY_PATH" -N "" -C "ubuntu-vm" +fi + +# Download the image if it doesn't exist +if [ ! -f "$IMG_NAME" ]; then + echo "Downloading image, this may take a while..." + wget -q $IMG_URL -O $IMG_NAME + echo "Image downloaded" +fi + +# Resize the downloaded image +./resize_qcow.sh + +# Install cloud-init package if not already installed +if ! command -v cloud-localds &> /dev/null; then + echo "cloud-localds tool not found, installing cloud-image-utils..." + sudo apt-get update + sudo apt-get install -y cloud-image-utils +fi + +# Create user-data file for cloud-init +cat > user-data < /dev/null; then + # Start minimega in the background if not running + /opt/minimega/bin/minimega & + # Give minimega a moment to start up + sleep 2 +fi + +# Create the MM file with the VM configuration +MM_FILE_PATH="$(pwd)/$VM_NAME.mm" +cat > "$MM_FILE_PATH" <&2 + exit 1 +fi + +# Set default values +VM_NAME="ubuntu-runner" +IMG_NAME="jammy-server-cloudimg-amd64.img" +MEMORY="2048" +CPUS="2" +QMP_TIMEOUT="30s" + +# Parse command line arguments +while [[ $# -gt 0 ]]; do + case $1 in + -n|--name) + VM_NAME="$2" + shift 2 + ;; + -i|--image) + IMG_NAME="$2" + shift 2 + ;; + -m|--memory) + MEMORY="$2" + shift 2 + ;; + -c|--cpus) + CPUS="$2" + shift 2 + ;; + -t|--timeout) + QMP_TIMEOUT="$2" + shift 2 + ;; + -h|--help) + print_usage + exit 0 + ;; + *) + echo "Unknown option: $1" >&2 + print_usage + exit 1 + ;; + esac +done + +# Export variables +export VM_NAME +export IMG_NAME +export MEMORY +export CPUS +export QMP_TIMEOUT + +# Path for the SSH keys +SSH_KEY_PATH="$HOME/.ssh/id_rsa" +# Check if SSH key already exists +if [ ! -f "$SSH_KEY_PATH" ]; then + echo "SSH key not found, generating a new one..." + ssh-keygen -t rsa -b 2048 -f "$SSH_KEY_PATH" -N "" -C "ubuntu-vm" +fi + +# Create the MM file with the VM configuration +MM_FILE_PATH="$(pwd)/$VM_NAME.mm" +cat > "$MM_FILE_PATH" <&2 + exit 1 +fi + +# Create, configure, and launch the VM using the MM file +/opt/minimega/bin/minimega -e "read $MM_FILE_PATH" + +echo "VM $VM_NAME has been created and started." diff --git a/testing/v2/installers/ubuntu_qcow_maker/get_ip_of_machine.sh b/testing/v2/installers/ubuntu_qcow_maker/get_ip_of_machine.sh new file mode 100755 index 00000000..2716b38c --- /dev/null +++ b/testing/v2/installers/ubuntu_qcow_maker/get_ip_of_machine.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +VM_NAME="$1" +MAX_ATTEMPTS=30 +SLEEP_INTERVAL=10 + +get_ip() { + /opt/minimega/bin/minimega -e .json true .filter name="$VM_NAME" vm info | jq -r '.[].Data[].Networks[].IP4' +} + +echo "Waiting for IP assignment for VM: $VM_NAME" + +for ((i=1; i<=MAX_ATTEMPTS; i++)); do + IP=$(get_ip) + + if [[ -n "$IP" && "$IP" != "null" ]]; then + echo "The IP of $VM_NAME is $IP" + exit 0 + fi + + echo "Attempt $i: No IP assigned yet. Waiting $SLEEP_INTERVAL seconds..." + sleep $SLEEP_INTERVAL +done + +echo "Timeout: Failed to get IP for $VM_NAME after $MAX_ATTEMPTS attempts." diff --git a/testing/v2/installers/ubuntu_qcow_maker/install.sh b/testing/v2/installers/ubuntu_qcow_maker/install.sh new file mode 100755 index 00000000..3243949b --- /dev/null +++ b/testing/v2/installers/ubuntu_qcow_maker/install.sh @@ -0,0 +1,62 @@ +#!/usr/bin/env bash +set -e + +# Function to print usage +print_usage() { + echo "Usage: $0 [num_cpus] [memory_mb]" + echo "Required parameters:" + echo " : The username for the remote server" + echo " : The hostname or IP address of the remote server" + echo " : The file containing the password for the remote server" + echo "Optional parameters:" + echo " [num_cpus]: Number of CPUs for the VM (default: 2)" + echo " [memory_mb]: Amount of memory in MB for the VM (default: 2048)" +} + +# Check if all required arguments are provided +if [ $# -lt 3 ]; then + print_usage + exit 1 +fi + +# Set the remote server details from the command-line arguments +user=$1 +hostname=$2 +password_file=$3 + +# Set default values for CPU and memory +num_cpus=${4:-2} +memory_mb=${5:-2048} + +# Store the original working directory +ORIGINAL_DIR="$(pwd)" + +# Get the directory of the script +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" + +# Change to the parent directory of the script +cd "$SCRIPT_DIR/.." + +# Copy the SSH key to the remote machine +./lib/copy_ssh_key.sh $user $hostname $password_file + +# Copy the qcow maker directory to the remote machine +scp -r ./ubuntu_qcow_maker $user@$hostname:/home/$user + +# Run the update_packages.sh script on the remote machine this reboots the machine +ssh $user@$hostname "cd /home/$user/ubuntu_qcow_maker && sudo ./create_ubuntu_qcow.sh" + +# Create a tap interface on the remote machine +ssh $user@$hostname "cd /home/$user/ubuntu_qcow_maker && sudo ./create_tap.sh" + +# Setup dnsmasq on the remote machine +ssh $user@$hostname "cd /home/$user/ubuntu_qcow_maker && sudo ./setup_dnsmasq.sh" + +# Set up the iptables rules on the remote machine +ssh $user@$hostname "cd /home/$user/ubuntu_qcow_maker && sudo ./iptables.sh" + +# Create the VM on the remote machine with the specified CPU and memory +ssh $user@$hostname "cd /home/$user/ubuntu_qcow_maker && sudo ./create_vm_from_qcow.sh -c $num_cpus -m $memory_mb" + +# Change back to the original directory +cd "$ORIGINAL_DIR" diff --git a/testing/v2/installers/ubuntu_qcow_maker/iptables.sh b/testing/v2/installers/ubuntu_qcow_maker/iptables.sh new file mode 100755 index 00000000..23b01af6 --- /dev/null +++ b/testing/v2/installers/ubuntu_qcow_maker/iptables.sh @@ -0,0 +1,47 @@ +#!/bin/bash + +# Default values +WAN=${1:-eth0} +INTERNAL=${2:-mega_tap0} + +echo "Using WAN interface: $WAN" +echo "Using INTERNAL interface: $INTERNAL" + +# Enable IP forwarding +sysctl -w net.ipv4.ip_forward=1 + +# Flush existing rules +iptables -F +iptables -t nat -F + +# Set up NAT +iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE + +# Allow all forwarding from internal network to WAN (both TCP and UDP) +iptables -A FORWARD -i $INTERNAL -o $WAN -j ACCEPT + +# Allow established and related incoming connections +iptables -A FORWARD -i $WAN -o $INTERNAL -m state --state RELATED,ESTABLISHED -j ACCEPT + +echo "Firewall rules have been updated." + +# Check VM internet connectivity +VM_IP=$(ip addr show $INTERNAL | grep -oP '(?<=inet\s)\d+(\.\d+){3}') + +if [ -z "$VM_IP" ]; then + echo "Could not determine VM IP address. Please check manually." +else + echo "Checking internet connectivity from VM ($VM_IP)..." + if ping -c 3 -I $VM_IP 8.8.8.8 > /dev/null 2>&1; then + echo "Internet connectivity test successful." + else + echo "Internet connectivity test failed. Please check your configuration." + fi + + echo "Testing DNS resolution..." + if nslookup -timeout=5 google.com > /dev/null 2>&1; then + echo "DNS resolution test successful." + else + echo "DNS resolution test failed. Please check your DNS configuration." + fi +fi \ No newline at end of file diff --git a/testing/v2/installers/ubuntu_qcow_maker/launch_multiple_vms.sh b/testing/v2/installers/ubuntu_qcow_maker/launch_multiple_vms.sh new file mode 100755 index 00000000..58f77f55 --- /dev/null +++ b/testing/v2/installers/ubuntu_qcow_maker/launch_multiple_vms.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +# Check if an argument is provided, otherwise use default value of 1 +NUM_VMS=${1:-1} + +# Validate that NUM_VMS is a positive integer +if ! [[ "$NUM_VMS" =~ ^[1-9][0-9]*$ ]]; then + echo "Error: Please provide a positive integer for the number of VMs." + echo "Usage: $0 [number_of_vms]" + exit 1 +fi + +echo "Creating $NUM_VMS VM(s)..." + +for i in $(seq 1 $NUM_VMS) +do + VM_NAME="ubuntu-runner-$i" + echo "Creating VM: $VM_NAME" + sudo ./create_vm_from_qcow.sh -n $VM_NAME + sleep 10 # Wait a bit between VM creations +done + +echo "All $NUM_VMS VM(s) created. Use 'minimega vm info' to see their status and IP addresses." \ No newline at end of file diff --git a/testing/v2/installers/ubuntu_qcow_maker/remove_test_files.sh b/testing/v2/installers/ubuntu_qcow_maker/remove_test_files.sh new file mode 100755 index 00000000..caa1970b --- /dev/null +++ b/testing/v2/installers/ubuntu_qcow_maker/remove_test_files.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env bash +# Use this one for testing +#rm -rf jammy-server-cloudimg-amd64.img seed.qcow2 ubuntu-builder.mm user-data + +# We want to save the jammy image for future use +rm -rf seed.qcow2 ubuntu-builder.mm user-data diff --git a/testing/v2/installers/ubuntu_qcow_maker/resize_fs.sh b/testing/v2/installers/ubuntu_qcow_maker/resize_fs.sh new file mode 100755 index 00000000..4936523b --- /dev/null +++ b/testing/v2/installers/ubuntu_qcow_maker/resize_fs.sh @@ -0,0 +1,7 @@ +#!/bin/bash +sudo parted /dev/sda ---pretend-input-tty <&2; usage ;; + : ) echo "Invalid option: $OPTARG requires an argument" 1>&2; usage ;; + esac +done + +# Set variables to default values if not provided +IMAGE_PATH=${IMAGE_PATH:-$DEFAULT_IMAGE_PATH} +DESIRED_SIZE=${DESIRED_SIZE:-$DEFAULT_SIZE} + +# Check if the image file exists +if [ ! -f "$IMAGE_PATH" ]; then + echo "Error: Image file $IMAGE_PATH does not exist." + exit 1 +fi + +# Get the current size of the image in bytes +CURRENT_SIZE=$(qemu-img info "$IMAGE_PATH" --output=json | jq -r '.["virtual-size"]') +DESIRED_SIZE_BYTES=$(to_bytes $DESIRED_SIZE) + +if [ $CURRENT_SIZE -eq $DESIRED_SIZE_BYTES ]; then + echo "Disk image is already $DESIRED_SIZE. No resize needed." +elif [ $CURRENT_SIZE -gt $DESIRED_SIZE_BYTES ]; then + echo "Error: Current size ($CURRENT_SIZE bytes) is larger than desired size ($DESIRED_SIZE_BYTES bytes). Shrinking the image is not supported." + exit 1 +else + echo "Resizing disk image to $DESIRED_SIZE" + qemu-img resize "$IMAGE_PATH" "$DESIRED_SIZE" + if [ $? -eq 0 ]; then + echo "Disk image successfully resized to $DESIRED_SIZE" + else + echo "Error: Failed to resize disk image" + exit 1 + fi +fi + +echo "Current disk image size:" +qemu-img info "$IMAGE_PATH" | grep 'virtual size' \ No newline at end of file diff --git a/testing/v2/installers/ubuntu_qcow_maker/setup_dnsmasq.sh b/testing/v2/installers/ubuntu_qcow_maker/setup_dnsmasq.sh new file mode 100755 index 00000000..4688422d --- /dev/null +++ b/testing/v2/installers/ubuntu_qcow_maker/setup_dnsmasq.sh @@ -0,0 +1,48 @@ +#!/bin/bash + +# Default values +START_IP="10.0.0.1" +RANGE_START="10.0.0.2" +RANGE_END="10.0.0.254" + +# Function to print usage +print_usage() { + echo "Usage: $0 [OPTIONS]" + echo "Options:" + echo " -s, --start-ip IP Set the start IP (default: $START_IP)" + echo " -r, --range-start IP Set the range start IP (default: $RANGE_START)" + echo " -e, --range-end IP Set the range end IP (default: $RANGE_END)" + echo " -h, --help Display this help message" +} + +# Parse command line arguments +while [[ $# -gt 0 ]]; do + case $1 in + -s|--start-ip) + START_IP="$2" + shift 2 + ;; + -r|--range-start) + RANGE_START="$2" + shift 2 + ;; + -e|--range-end) + RANGE_END="$2" + shift 2 + ;; + -h|--help) + print_usage + exit 0 + ;; + *) + echo "Unknown option: $1" + print_usage + exit 1 + ;; + esac +done + +# Set up dnsmasq for all VMs +/opt/minimega/bin/minimega -e "dnsmasq start $START_IP $RANGE_START $RANGE_END" + +echo "dnsmasq has been set up for the IP range $RANGE_START to $RANGE_END" \ No newline at end of file diff --git a/testing/v2/installers/ubuntu_qcow_maker/ubuntu-runner.mm b/testing/v2/installers/ubuntu_qcow_maker/ubuntu-runner.mm new file mode 100644 index 00000000..869dd40a --- /dev/null +++ b/testing/v2/installers/ubuntu_qcow_maker/ubuntu-runner.mm @@ -0,0 +1,9 @@ +clear vm config +shell sleep 10 +vm config memory 2048 +vm config vcpus 2 +vm config disk /home/cbaxley/src/LME/testing/v2/installers/ubuntu_qcow_maker/jammy-server-cloudimg-amd64.img +vm config snapshot true +vm config net 100 +vm launch kvm ubuntu-runner +vm start ubuntu-runner diff --git a/testing/v2/installers/ubuntu_qcow_maker/wait_for_login.sh b/testing/v2/installers/ubuntu_qcow_maker/wait_for_login.sh new file mode 100755 index 00000000..c6d3867b --- /dev/null +++ b/testing/v2/installers/ubuntu_qcow_maker/wait_for_login.sh @@ -0,0 +1,60 @@ +#!/bin/bash + +# VM name +VM_NAME="ubuntu-builder" # Replace with your actual VM name + +# SSH user +SSH_USER="vmuser" # Replace with the appropriate username + +# Path to SSH key (if using key-based authentication) +SSH_KEY_PATH="$HOME/.ssh/id_rsa" # Adjust this path as needed + +# Maximum number of attempts to get IP and SSH +MAX_ATTEMPTS=30 +SLEEP_INTERVAL=10 + +get_vm_ip() { + #minimega -e .json true .filter name="$VM_NAME" vm info | jq -r '.[].Data[].Networks[].IP4' + /opt/minimega/bin/minimega -e .json true vm info | jq -r ".[] | select(.Data[].Name == \"$VM_NAME\") | .Data[].Networks[].IP4" +} + +wait_for_ssh() { + local ip=$1 + for i in $(seq 1 $MAX_ATTEMPTS); do + if ssh -o StrictHostKeyChecking=no -o ConnectTimeout=5 -i "$SSH_KEY_PATH" "${SSH_USER}@${ip}" exit 2>/dev/null; then + echo "SSH connection established." + return 0 + fi + echo "Attempt $i: Waiting for SSH to become available..." + sleep $SLEEP_INTERVAL + done + echo "Timed out waiting for SSH connection." + return 1 +} + +# Main loop +for attempt in $(seq 1 $MAX_ATTEMPTS); do + echo "Attempt $attempt: Getting VM IP..." + IP=$(get_vm_ip) + echo $IP + + if [[ -n "$IP" && "$IP" != "null" ]]; then + echo "Got IP: $IP. Waiting for SSH..." + if wait_for_ssh "$IP"; then + echo "Successfully connected to VM at $IP." + echo "Sleeping to wait for config to finish" + sleep 60 + ssh -o StrictHostKeyChecking=no -i "$SSH_KEY_PATH" "${SSH_USER}@${IP}" "echo 'Builder VM is ready'" + exit 0 + else + echo "Failed to establish SSH connection." + exit 1 + fi + fi + + echo "No IP found. Waiting before next attempt..." + sleep $SLEEP_INTERVAL +done + +echo "Failed to get VM IP after $MAX_ATTEMPTS attempts." +exit 1 From 626aa7544514ce4981aaa74d859ed06af9cb72b5 Mon Sep 17 00:00:00 2001 From: Clint Baxley Date: Mon, 16 Sep 2024 09:34:43 -0400 Subject: [PATCH 02/19] Upgrade 1x to 2.0 (#428) * Adds scripts to import and export 1.x data * Modifies the import script to use podman * Adds the dashboard importer for 1.x to 2.0 * Updates the import and export scripts to add mappings * Updates the field limit on winlogbeat index upon import * Moves the upgrade scripts to a folder and requires directory on import * Adds ability to remove the old docker volumes * Puts the volume remover in the upgrade directory * Makes the volume remover executable * 2x readme * Increase default maximum field limit * Alter title of imported dashboards to indicate 1x import * Clarify some points in the upgrade readme * Read the passwords and username from the config file if it exists --- .gitignore | 3 +- scripts/README.md | 88 ++++++++++++ scripts/check_password.sh | 42 ++++++ scripts/upgrade/export_1x.sh | 179 ++++++++++++++++++++++++ scripts/upgrade/export_dashboards.py | 171 ++++++++++++++++++++++ scripts/upgrade/fix_dashboard_titles.sh | 60 ++++++++ scripts/upgrade/import_1x.sh | 177 +++++++++++++++++++++++ scripts/upgrade/import_dashboards.sh | 121 ++++++++++++++++ scripts/upgrade/remove_volumes.sh | 64 +++++++++ scripts/upgrade/requirements.txt | 2 + scripts/upgrade/uninstall_docker.sh | 42 ++++++ 11 files changed, 948 insertions(+), 1 deletion(-) create mode 100644 scripts/README.md create mode 100755 scripts/check_password.sh create mode 100755 scripts/upgrade/export_1x.sh create mode 100755 scripts/upgrade/export_dashboards.py create mode 100755 scripts/upgrade/fix_dashboard_titles.sh create mode 100755 scripts/upgrade/import_1x.sh create mode 100755 scripts/upgrade/import_dashboards.sh create mode 100755 scripts/upgrade/remove_volumes.sh create mode 100644 scripts/upgrade/requirements.txt create mode 100755 scripts/upgrade/uninstall_docker.sh diff --git a/.gitignore b/.gitignore index 0f3bfc43..07a1f02b 100644 --- a/.gitignore +++ b/.gitignore @@ -29,4 +29,5 @@ testing/tests/assets/style.css *.vim **.password.txt **.ip.txt -**.swp \ No newline at end of file +**.swp +**/quadlet/output \ No newline at end of file diff --git a/scripts/README.md b/scripts/README.md new file mode 100644 index 00000000..469dffae --- /dev/null +++ b/scripts/README.md @@ -0,0 +1,88 @@ +# Upgrading from 1x to 2x +1. Checkout the latest version of the LME repository to your home directory + ```bash + cd ~ + git clone https://github.com/cisagov/LME.git + ``` +1. Export indices: + + Note: *This may take some time witout feedback. Make sure it finishes successfully* + + A successful completion looks like this: + ```bash + Data and mappings export completed. Backup stored in: /lme_backup + Files created: + - /lme_backup/winlogbeat_data.json.gz + - /lme_backup/winlogbeat_mappings.json.gz + ``` + Run this command to export the indices: + ```bash + cd ~/LME/scripts/upgrade + sudo ./export_1x.sh + ``` +1. Either export the dashboards or use the existing ones + - If you don't have custom dashboards, you can use the path to the existing ones in the following steps + ```bash + /opt/lme/Chapter 4 Files/dashboards/ + ``` + - If you have custom dashboards, you will need to export them and use that path: + ```bash + # Export all of the dashboards, it is the last option + cd ~/LME/scripts/upgrade/ + pip install -r requirements.txt + export_dashboards.py -u elastic -p yourpassword + ``` + - Your path to use for the importer will be: + ```bash + /yourhomedirectory/LME/scripts/upgrade/exported/ + ``` +1. Uninstall old LME version + ```bash + sudo su + cd "/opt/lme/Chapter 3 Files/" + ./deploy.sh uninstall + + # Go back to your user + exit + + # If you are using docker for more than lme (You want to keep docker) + sudo docker volume rm lme_esdata + sudo docker volume rm lme_logstashdata + + # If you are only using docker for lme + # Remove existing volumes + cd ~/LME/scripts/upgrade + sudo su # Become root in the right directory + ./remove_volumes.sh + # Uninstall Docker + ./uninstall_docker.sh + + # Rename the directory to make room for the new install + mv /opt/lme /opt/lme-old + exit # Go back to regular user + ``` +1. Install LME version 2x + ```bash + #***** Make sure you are running as normal user *****# + sudo apt-get update && sudo apt-get -y install ansible + + # Copy the environment file + cp ~/LME/config/example.env ~/LME/config/lme-environment.env + + # Edit the lme-environment.env and change all the passwords + # vim ~/LME/config/lme-environment.env + + # Change to the script directory + cd ~/LME/scripts/ + + ansible-playbook install_lme_local.yml + + # Load podman into your enviornment + . ~/.bashrc + + # Have the full paths of the winlogbeat files that you exported earlier ready + ./upgrade/import_1x.sh + + # Use the path from above dashboard update or original dashboards + sudo ./upgrade/import_dashboards.sh -d /opt/lme-old/Chapter\ 4\ Files/dashboards/ + ``` \ No newline at end of file diff --git a/scripts/check_password.sh b/scripts/check_password.sh new file mode 100755 index 00000000..e028ab3a --- /dev/null +++ b/scripts/check_password.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +check_password() { + local password="$1" + local min_length=12 + + # Check password length + if [ ${#password} -lt $min_length ]; then + echo "Input is too short. It should be at least $min_length characters long." + return 1 + fi + + # Generate SHA-1 hash of the password + hash=$(echo -n "$password" | openssl sha1 | awk '{print $2}') + prefix="${hash:0:5}" + suffix="${hash:5}" + + # Check against HIBP API + response=$(curl -s "https://api.pwnedpasswords.com/range/$prefix") + + if echo "$response" | grep -qi "$suffix"; then + echo "This input has been found in known data breaches. Please choose a different one." + return 1 + fi + + # If we've made it here, the input meets the requirements + echo "Input meets the complexity requirements and hasn't been found in known data breaches." + return 0 +} + +# Main script +if [ -n "$CHECKME" ]; then + # Use input from environment variable + check_password "$CHECKME" +elif [ $# -eq 1 ]; then + # Use input from command-line argument + check_password "$1" +else + echo "Usage: CHECKME=your_input $0" + echo " or: $0 your_input" + exit 1 +fi \ No newline at end of file diff --git a/scripts/upgrade/export_1x.sh b/scripts/upgrade/export_1x.sh new file mode 100755 index 00000000..0cd84011 --- /dev/null +++ b/scripts/upgrade/export_1x.sh @@ -0,0 +1,179 @@ +#!/bin/bash + +set -e + +LME_PATH="/opt/lme" +ES_PORT="9200" +ES_PROTOCOL="https" + +# Function to get the host IP address +get_host_ip() { + ip route get 1 | awk '{print $7;exit}' +} + +ES_HOST=$(get_host_ip) + +# Function to find the drive with the most free space +find_max_space_drive() { + df -h | awk ' + BEGIN { max=0; maxdir="/" } + { + if (NR>1 && $1 !~ /^tmpfs/ && $1 !~ /^efivarfs/ && $1 !~ /^\/dev\/loop/) { + gsub(/[A-Za-z]/, "", $4) + if ($4+0 > max+0) { + max = $4 + maxdir = $6 + } + } + } + END { print maxdir } + ' +} + +# Function to clean up path (remove double slashes) +clean_path() { + echo "$1" | sed 's#//*#/#g' +} + +# Function to check Elasticsearch connection and version +check_es_connection() { + local response + local http_code + response=$(curl -s -k -u "${ES_USER}:${ES_PASS}" -w "\n%{http_code}" "${ES_PROTOCOL}://${ES_HOST}:${ES_PORT}") + http_code=$(echo "$response" | tail -n1) + body=$(echo "$response" | sed '$d') + + if [ "$http_code" = "200" ]; then + es_version=$(echo "$body" | jq -r '.version.number') + if [[ "${es_version}" =~ ^8\. ]]; then + echo "Successfully connected to Elasticsearch version ${es_version}" + return 0 + else + echo "Unsupported Elasticsearch version: ${es_version}. This script supports Elasticsearch 8.x." + return 1 + fi + elif [ "$http_code" = "401" ]; then + echo "Authentication failed. Please check your username and password." + return 1 + else + echo "Failed to connect to Elasticsearch. HTTP status code: ${http_code}" + return 1 + fi +} + +# Function to export data and mappings using Docker and elasticdump +export_data_and_mappings() { + local output_dir="$1" + + echo "Exporting winlogbeat-* indices data..." + docker run --rm -v "${output_dir}:${output_dir}" \ + --network host \ + -e NODE_TLS_REJECT_UNAUTHORIZED=0 \ + elasticdump/elasticsearch-dump \ + --input=${ES_PROTOCOL}://${ES_USER}:${ES_PASS}@${ES_HOST}:${ES_PORT}/winlogbeat-* \ + --output=$ \ + --type=data \ + --headers='{"Content-Type": "application/json"}' \ + --sslVerification=false | gzip > "${output_dir}/winlogbeat_data.json.gz" + + echo "Exporting winlogbeat-* indices mappings..." + docker run --rm -v "${output_dir}:${output_dir}" \ + --network host \ + -e NODE_TLS_REJECT_UNAUTHORIZED=0 \ + elasticdump/elasticsearch-dump \ + --input=${ES_PROTOCOL}://${ES_USER}:${ES_PASS}@${ES_HOST}:${ES_PORT}/winlogbeat-* \ + --output=$ \ + --type=mapping \ + --headers='{"Content-Type": "application/json"}' \ + --sslVerification=false | gzip > "${output_dir}/winlogbeat_mappings.json.gz" +} + +# Function to prompt for password securely +prompt_password() { + local prompt="$1" + local password + while IFS= read -p "$prompt" -r -s -n 1 char + do + if [[ $char == $'\0' ]]; then + break + fi + prompt='*' + password+="$char" + done + echo "$password" +} + +# Main script +echo "LME Data Export Script for Elasticsearch 8.x" +echo "============================================" + +echo "Using host IP: ${ES_HOST}" + +# Check if Docker is installed and running +if ! command -v docker &> /dev/null; then + echo "Error: Docker is not installed. Please install Docker to proceed." + exit 1 +fi + +if ! docker info &> /dev/null; then + echo "Error: Docker daemon is not running. Please start Docker to proceed." + exit 1 +fi + +# Prompt for Elasticsearch credentials and verify connection +while true; do + read -p "Enter Elasticsearch username: " ES_USER + ES_PASS=$(prompt_password "Enter Elasticsearch password: ") + echo # Move to a new line after password input + + if check_es_connection; then + break + else + echo "Would you like to try again? (y/n)" + read -r retry + if [[ ! $retry =~ ^[Yy]$ ]]; then + echo "Exiting script." + exit 1 + fi + fi +done + +# Determine backup location +echo "Choose backup directory:" +echo "1. Specify a directory" +echo "2. Automatically find directory with most space" +read -p "Enter your choice (1 or 2): " dir_choice + +case $dir_choice in + 1) + read -p "Enter the backup directory path: " BACKUP_DIR + ;; + 2) + max_space_dir=$(find_max_space_drive) + BACKUP_DIR=$(clean_path "${max_space_dir}/lme_backup") + echo "Directory with most free space: $BACKUP_DIR" + read -p "Is this okay? (y/n): " confirm + if [[ $confirm != [Yy]* ]]; then + echo "Please run the script again and choose option 1 to specify a directory." + exit 1 + fi + ;; + *) + echo "Invalid choice. Exiting." + exit 1 + ;; +esac + +# Clean up the final BACKUP_DIR path +BACKUP_DIR=$(clean_path "$BACKUP_DIR") + +# Create backup directory if it doesn't exist +mkdir -p "${BACKUP_DIR}" + +# Export data and mappings +export_data_and_mappings "${BACKUP_DIR}" + +echo "Data and mappings export completed. Backup stored in: ${BACKUP_DIR}" +echo "Files created:" +echo " - ${BACKUP_DIR}/winlogbeat_data.json.gz" +echo " - ${BACKUP_DIR}/winlogbeat_mappings.json.gz" \ No newline at end of file diff --git a/scripts/upgrade/export_dashboards.py b/scripts/upgrade/export_dashboards.py new file mode 100755 index 00000000..0c98119f --- /dev/null +++ b/scripts/upgrade/export_dashboards.py @@ -0,0 +1,171 @@ +#!/usr/bin/env python3 +import argparse +import base64 +import json +import os +import re +import requests +from pathlib import Path +from urllib3.exceptions import InsecureRequestWarning + +# Suppress the InsecureRequestWarning (We are using a self-signed cert) +requests.packages.urllib3.disable_warnings(InsecureRequestWarning) + +ALL = 'all' + + +class Api: + def __init__(self, args): + self.ids = None + self.basic_auth = self.get_basic_auth(args.user, args.password) + self.root_url = f'https://{args.host}:{args.port}' + + def export_dashboards(self): + self.set_ids() + self.export_selected_dashboard(self.select_dashboard()) + + @staticmethod + def get_basic_auth(username, password): + return base64.b64encode(f"{username}:{password}".encode()).decode() + + def get_ids(self): + url = f'{self.root_url}/api/kibana/management/saved_objects/_find?perPage=500&page=1&type=dashboard&sortField=updated_at&sortOrder=desc' + + try: + response = requests.get(url, headers={'Authorization': f'Basic {self.basic_auth}'}, verify=False) + + if response.status_code == 200: + data = response.json() + #ids = {item['id']: item['meta']['title'] for item in data.get('saved_objects', [])} + #return ids + ids = { + item['id']: item['meta']['title'] + for item in data.get('saved_objects', []) + if '[' not in item['meta']['title'] and ']' not in item['meta']['title'] + } + return ids + else: + print(f"HTTP request failed with status code: {response.status_code}") + print(response.text) + return {} + except Exception as e: + print(f"An error occurred: {str(e)}") + return {} + + def set_ids(self, ids=None): + if ids is None: + ids = self.get_ids() + self.ids = ids + + def select_dashboard(self): + print("Please select a dashboard ID:") + item = 1 + choices = {} + + # Iterate through ids and display them with corresponding numbers + for this_id, title in self.ids.items(): + print(item, this_id, title) + choices[item] = this_id + item += 1 + + if item == 1: + print("I could not find any dashboards") + return + + choices[item] = ALL + print(item, "Select all dashboards") + + # Ask the user to select a number + while True: + try: + choice = int(input("Select a number: ")) + if choice in choices: + selected_id = choices[choice] + if selected_id == ALL: + return ALL # Return 'all' if the user selects all dashboards + else: + return selected_id # Return the selected dashboard ID + else: + print("Invalid choice. Please select a valid number.") + except ValueError: + print("Invalid input. Please enter a number.") + + def export_selected_dashboard(self, selected_dashboard): + if selected_dashboard == ALL: + print("You selected to export all dashboards") + self.dump_all_dashboards() + else: + print(f"You selected dashboard ID: {selected_dashboard}") + self.dump_dashboard(selected_dashboard) + + def dump_dashboard(self, selected_id): + print(f"Dumping dashboard: {selected_id}: {self.ids[selected_id]}...") + # Dumping dashboard: e5f203f0-6182-11ee-b035-d5f231e90733: User Security + + dashboard_json = self.get_dashboard_json(selected_id) + + if dashboard_json is not None: + script_dir = os.path.dirname(os.path.abspath(__file__)) + export_path = Path(script_dir) / 'exported' + os.makedirs(export_path, exist_ok=True) + + filename = re.sub(r"\W+", "_", self.ids[selected_id].lower()) + ".dumped.ndjson" + + print(f"Writing to file {filename}") + export_path = export_path / filename + + Api.write_to_file(export_path, dashboard_json) + return + + print("There was a problem dumping the dashboard") + + def dump_all_dashboards(self): + for this_id in self.ids: + self.dump_dashboard(this_id) + + def get_dashboard_json(self, selected_id): + url = f'{self.root_url}/api/saved_objects/_export' + data = { + "objects": [{"id": selected_id, "type": "dashboard"}], + "includeReferencesDeep": True + } + headers = { + "kbn-xsrf": "true", + 'Authorization': f'Basic {self.basic_auth}' + } + try: + response = requests.post(url, headers=headers, json=data, verify=False) + + if response.status_code == 200: + return response.text + else: + print(f"HTTP request failed with status code: {response.status_code}") + print(response.text) + return None + + except Exception as e: + print(f"An error occurred: {str(e)}") + return None + + @staticmethod + def write_to_file(filename, content): + with open(filename, 'wb') as file: + file.write(content.encode('utf-8')) + + +def main(): + # Define command-line arguments with defaults + parser = argparse.ArgumentParser(description='Retrieve IDs from Elasticsearch') + parser.add_argument('-u', '--user', required=True, help='Elasticsearch username') + parser.add_argument('-p', '--password', required=True, help='Elasticsearch password') + parser.add_argument('--host', default='localhost', help='Elasticsearch host (default: localhost)') + parser.add_argument('--port', default='443', help='Elasticsearch port (default: 443)') + args = parser.parse_args() + + api = Api(args) + + api.export_dashboards() + + +if __name__ == '__main__': + main() diff --git a/scripts/upgrade/fix_dashboard_titles.sh b/scripts/upgrade/fix_dashboard_titles.sh new file mode 100755 index 00000000..79d973f8 --- /dev/null +++ b/scripts/upgrade/fix_dashboard_titles.sh @@ -0,0 +1,60 @@ +#!/bin/bash + +# Function to fix dashboard title +fix_dashboard_title() { + local file="$1" + local temp_file="${file}.tmp" + + # Process the file line by line + while IFS= read -r line || [[ -n "$line" ]]; do + if echo "$line" | jq -e 'select(.type == "dashboard")' > /dev/null 2>&1; then + # It's a dashboard object, update the title + updated_line=$(echo "$line" | jq -c ' + if .attributes.title and (.attributes.title | startswith("1x-") | not) then + .attributes.title = "1x-" + .attributes.title + else + . + end + ') + echo "$updated_line" >> "$temp_file" + else + # Not a dashboard object, keep the line as is + echo "$line" >> "$temp_file" + fi + done < "$file" + + # Replace the original file with the updated one + mv "$temp_file" "$file" + echo "Updated $file" +} + +# Check if jq is installed +if ! command -v jq &> /dev/null; then + echo "Error: jq is not installed. Please install jq to run this script." + exit 1 +fi + +# Check if a directory was provided +if [ $# -eq 0 ]; then + echo "Error: No directory specified" + echo "Usage: $0 " + exit 1 +fi + +DASHBOARDS_DIR="$1" + +# Check if the provided directory exists +if [ ! -d "$DASHBOARDS_DIR" ]; then + echo "Error: Directory not found: $DASHBOARDS_DIR" + exit 1 +fi + +# Process all .ndjson files in the specified directory +echo "Processing .ndjson files in $DASHBOARDS_DIR" +for file in "$DASHBOARDS_DIR"/*.ndjson; do + if [[ -f "$file" ]]; then + fix_dashboard_title "$file" + fi +done + +echo "All .ndjson files have been processed." \ No newline at end of file diff --git a/scripts/upgrade/import_1x.sh b/scripts/upgrade/import_1x.sh new file mode 100755 index 00000000..1dc6721c --- /dev/null +++ b/scripts/upgrade/import_1x.sh @@ -0,0 +1,177 @@ +#!/bin/bash + +set -e + +ES_PORT="9200" +ES_PROTOCOL="https" +ENV_FILE="/opt/lme/lme-environment" + +# Function to get the host IP address +get_host_ip() { + hostname -I | awk '{print $1}' +} + +ES_HOST=$(get_host_ip) + +# Function to source environment file and set credentials +set_credentials_from_file() { + if [ -f "$ENV_FILE" ]; then + source "$ENV_FILE" + if [ -n "$ELASTIC_USERNAME" ] && [ -n "$ELASTIC_PASSWORD" ]; then + ES_USER="$ELASTIC_USERNAME" + ES_PASS="$ELASTIC_PASSWORD" + return 0 + fi + fi + return 1 +} + +# Function to check Elasticsearch connection and version +check_es_connection() { + local response + local http_code + response=$(curl -s -k -u "${ES_USER}:${ES_PASS}" -w "\n%{http_code}" "${ES_PROTOCOL}://${ES_HOST}:${ES_PORT}") + http_code=$(echo "$response" | tail -n1) + body=$(echo "$response" | sed '$d') + + if [ "$http_code" = "200" ]; then + es_version=$(echo "$body" | jq -r '.version.number') + if [[ "${es_version}" =~ ^8\. ]]; then + echo "Successfully connected to Elasticsearch version ${es_version}" + return 0 + else + echo "Unsupported Elasticsearch version: ${es_version}. This script supports Elasticsearch 8.x." + return 1 + fi + elif [ "$http_code" = "401" ]; then + echo "Authentication failed. Please check your username and password." + return 1 + else + echo "Failed to connect to Elasticsearch. HTTP status code: ${http_code}" + return 1 + fi +} + +# Function to increase field limit +increase_field_limit() { + local index_name="$1" + local new_limit="$2" + + echo "Increasing field limit for index ${index_name} to ${new_limit}..." + curl -X PUT -k -H 'Content-Type: application/json' \ + -u "${ES_USER}:${ES_PASS}" \ + "${ES_PROTOCOL}://${ES_HOST}:${ES_PORT}/${index_name}/_settings" \ + -d "{\"index.mapping.total_fields.limit\": ${new_limit}}" + echo +} + +# Function to import data and mappings using Podman and elasticdump +import_data_and_mappings() { + local data_file="$1" + local mappings_file="$2" + local import_index="$3" + local field_limit="$4" + + # Create the index with increased field limit + echo "Creating index ${import_index} with increased field limit..." + curl -X PUT -k -H 'Content-Type: application/json' \ + -u "${ES_USER}:${ES_PASS}" \ + "${ES_PROTOCOL}://${ES_HOST}:${ES_PORT}/${import_index}" \ + -d "{\"settings\": {\"index.mapping.total_fields.limit\": ${field_limit}}}" + echo + + echo "Importing mappings from ${mappings_file} into index ${import_index}..." + gzip -dc "${mappings_file}" | podman run --rm -i \ + --network host \ + -e NODE_TLS_REJECT_UNAUTHORIZED=0 \ + docker.io/elasticdump/elasticsearch-dump:latest \ + --input=$ \ + --output=${ES_PROTOCOL}://${ES_USER}:${ES_PASS}@${ES_HOST}:${ES_PORT}/${import_index} \ + --type=mapping \ + --headers='{"Content-Type": "application/json"}' \ + --sslVerification=false + + echo "Importing data from ${data_file} into index ${import_index}..." + gzip -dc "${data_file}" | podman run --rm -i \ + --network host \ + -e NODE_TLS_REJECT_UNAUTHORIZED=0 \ + docker.io/elasticdump/elasticsearch-dump:latest \ + --input=$ \ + --output=${ES_PROTOCOL}://${ES_USER}:${ES_PASS}@${ES_HOST}:${ES_PORT}/${import_index} \ + --type=data \ + --headers='{"Content-Type": "application/json"}' \ + --sslVerification=false +} + +# Function to prompt for password securely +prompt_password() { + local prompt="$1" + local password + while IFS= read -p "$prompt" -r -s -n 1 char + do + if [[ $char == $'\0' ]]; then + break + fi + prompt='*' + password+="$char" + done + echo "$password" +} + +# Main script +echo "LME Data Import Script for Elasticsearch 8.x (using Podman)" +echo "==========================================================" + +echo "Using host IP: ${ES_HOST}" + +# Check if Podman is installed +if ! command -v podman &> /dev/null; then + echo "Error: Podman is not installed. Please install Podman to proceed." + exit 1 +fi + +# Try to set credentials from file +if set_credentials_from_file; then + echo "Using credentials from $ENV_FILE" +else + echo "Credentials not found in $ENV_FILE. Please enter them manually." + # Prompt for Elasticsearch credentials and verify connection + while true; do + read -p "Enter Elasticsearch username: " ES_USER + ES_PASS=$(prompt_password "Enter Elasticsearch password: ") + echo # Move to a new line after password input + + if check_es_connection; then + break + else + echo "Would you like to try again? (y/n)" + read -r retry + if [[ ! $retry =~ ^[Yy]$ ]]; then + echo "Exiting script." + exit 1 + fi + fi + done +fi + +# Prompt for input files +read -p "Enter the path to the compressed data file (winlogbeat_data.json.gz): " DATA_FILE +read -p "Enter the path to the compressed mappings file (winlogbeat_mappings.json.gz): " MAPPINGS_FILE + +if [ ! -f "$DATA_FILE" ] || [ ! -f "$MAPPINGS_FILE" ]; then + echo "Error: One or both files not found." + exit 1 +fi + +# Prompt for import index name +read -p "Enter the name of the index to import into (default: winlogbeat-imported): " IMPORT_INDEX +IMPORT_INDEX=${IMPORT_INDEX:-winlogbeat-imported} + +# Prompt for field limit +read -p "Enter the new field limit (default: 3000): " FIELD_LIMIT +FIELD_LIMIT=${FIELD_LIMIT:-3000} + +# Import data and mappings with increased field limit +import_data_and_mappings "$DATA_FILE" "$MAPPINGS_FILE" "$IMPORT_INDEX" "$FIELD_LIMIT" + +echo "Data and mappings import completed into index: $IMPORT_INDEX" \ No newline at end of file diff --git a/scripts/upgrade/import_dashboards.sh b/scripts/upgrade/import_dashboards.sh new file mode 100755 index 00000000..4b7f7f51 --- /dev/null +++ b/scripts/upgrade/import_dashboards.sh @@ -0,0 +1,121 @@ +#!/bin/bash + +# Get the directory of the current script +SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +ENV_FILE="/opt/lme/lme-environment" + +# Function to display usage information +usage() { + echo "Usage: $0 -d DIRECTORY [OPTIONS]" + echo "Options:" + echo " -d, --directory PATH Path to the dashboards directory (required)" + echo " -h, --help Display this help message" + echo "Note: The script will use credentials from $ENV_FILE if available," + echo " or prompt for them if not set." + exit 1 +} + +# Function to read password securely +read_password() { + read -s -p "Enter Elasticsearch password: " PASSWORD + echo +} + +# Function to source environment file and set credentials +set_credentials_from_file() { + if [ -f "$ENV_FILE" ]; then + source "$ENV_FILE" + if [ -n "$ELASTIC_USERNAME" ] && [ -n "$ELASTIC_PASSWORD" ]; then + USER="$ELASTIC_USERNAME" + PASSWORD="$ELASTIC_PASSWORD" + return 0 + fi + fi + return 1 +} + +# Initialize variables +DASHBOARDS_DIR="" + +# Parse command line arguments +while [[ $# -gt 0 ]]; do + key="$1" + case $key in + -d|--directory) + DASHBOARDS_DIR="$2" + shift 2 + ;; + -h|--help) + usage + ;; + *) + echo "Unknown option: $1" + usage + ;; + esac +done + +# Check if dashboards directory is provided +if [ -z "$DASHBOARDS_DIR" ]; then + echo "Error: Dashboards directory (-d) is required." + usage +fi + +# Try to set credentials from file +if set_credentials_from_file; then + echo "Using credentials from $ENV_FILE" +else + echo "Credentials not found in $ENV_FILE. Please enter them manually." + read -p "Enter Elasticsearch username: " USER + read_password +fi + +# Check if the dashboards directory exists +if [ ! -d "$DASHBOARDS_DIR" ]; then + echo "Error: Dashboards directory not found: $DASHBOARDS_DIR" + exit 1 +fi + +# Convert DASHBOARDS_DIR to absolute path +DASHBOARDS_DIR=$(realpath "$DASHBOARDS_DIR") + +# Check if fix_dashboard_titles.sh exists in the same directory as this script +FIX_SCRIPT="${SCRIPT_DIR}/fix_dashboard_titles.sh" +if [ ! -f "$FIX_SCRIPT" ]; then + echo "Error: fix_dashboard_titles.sh not found in the script directory: $SCRIPT_DIR" + exit 1 +fi + +# Make fix_dashboard_titles.sh executable +chmod +x "$FIX_SCRIPT" + +# Run fix_dashboard_titles.sh with the DASHBOARDS_DIR +echo "Fixing dashboard titles in $DASHBOARDS_DIR..." +"$FIX_SCRIPT" "$DASHBOARDS_DIR" + +# Check the exit status of fix_dashboard_titles.sh +if [ $? -ne 0 ]; then + echo "Error: fix_dashboard_titles.sh failed. Exiting." + exit 1 +fi + +# Get list of dashboard files +IFS=$'\n' +DASHBOARDS=($(ls -1 "${DASHBOARDS_DIR}"/*.ndjson)) + +# Check if any dashboard files were found +if [ ${#DASHBOARDS[@]} -eq 0 ]; then + echo "Error: No dashboard files found in $DASHBOARDS_DIR" + exit 1 +fi + +echo "Found ${#DASHBOARDS[@]} dashboard files." + +# Upload dashboards +for db in "${DASHBOARDS[@]}"; do + echo "Uploading ${db##*/} dashboard" + curl -X POST -k --user "${USER}:${PASSWORD}" -H 'kbn-xsrf: true' --form file="@${db}" "https://127.0.0.1/api/saved_objects/_import?overwrite=true" + echo +done + +echo "Dashboard update completed." \ No newline at end of file diff --git a/scripts/upgrade/remove_volumes.sh b/scripts/upgrade/remove_volumes.sh new file mode 100755 index 00000000..4620f2a0 --- /dev/null +++ b/scripts/upgrade/remove_volumes.sh @@ -0,0 +1,64 @@ +#!/bin/bash + +# Script to remove Docker volumes + +# Function to check if Docker is installed +check_docker_installed() { + if ! command -v docker &> /dev/null; then + echo "Error: Docker is not installed on this system." + exit 1 + fi +} + +# Function to check if Docker daemon is running +check_docker_running() { + if ! docker info &> /dev/null; then + echo "Error: Docker daemon is not running." + exit 1 + fi +} + +# Function to remove all Docker volumes +remove_docker_volumes() { + echo "Removing all Docker volumes..." + + # List all volumes + volumes=$(docker volume ls -q) + + if [ -z "$volumes" ]; then + echo "No Docker volumes found." + else + # Remove each volume + for volume in $volumes; do + echo "Removing volume: $volume" + docker volume rm "$volume" + done + echo "All Docker volumes have been removed." + fi +} + +# Main execution +echo "Docker Volume Removal Script" +echo "============================" + +# Check if Docker is installed +check_docker_installed + +# Check if Docker daemon is running +check_docker_running + +# Check for -y flag +if [[ "$1" == "-y" ]]; then + remove_docker_volumes +else + # Prompt for confirmation + read -p "Are you sure you want to remove all Docker volumes? This action cannot be undone. (y/n): " confirm + + if [[ $confirm == [Yy]* ]]; then + remove_docker_volumes + else + echo "Operation cancelled. No volumes were removed." + fi +fi + +echo "Script completed." \ No newline at end of file diff --git a/scripts/upgrade/requirements.txt b/scripts/upgrade/requirements.txt new file mode 100644 index 00000000..345bc273 --- /dev/null +++ b/scripts/upgrade/requirements.txt @@ -0,0 +1,2 @@ +requests +urllib3 \ No newline at end of file diff --git a/scripts/upgrade/uninstall_docker.sh b/scripts/upgrade/uninstall_docker.sh new file mode 100755 index 00000000..441ada36 --- /dev/null +++ b/scripts/upgrade/uninstall_docker.sh @@ -0,0 +1,42 @@ +#!/usr/bin/env bash + +# Uninstall Docker script for Ubuntu 22.04 + +# Function to safely remove a file +safe_remove() { + if [ -e "$1" ]; then + sudo rm -f "$1" + echo "Removed: $1" + else + echo "File not found, skipping: $1" + fi +} + +# Stop the Docker daemon +sudo systemctl stop docker.service +sudo systemctl stop docker.socket + +# Uninstall Docker Engine, CLI, Containerd, and Docker Compose +sudo apt-get purge -y docker-ce docker-ce-cli containerd.io docker-compose-plugin docker-ce-rootless-extras docker-buildx-plugin + +# Remove Docker directories and files +sudo rm -rf /var/lib/docker +sudo rm -rf /var/lib/containerd +sudo rm -rf /etc/docker +sudo rm -rf ~/.docker + +# Remove the Docker repository +safe_remove /etc/apt/sources.list.d/docker.list + +# Remove the Docker GPG key +safe_remove /etc/apt/keyrings/docker.gpg +safe_remove /usr/share/keyrings/docker-archive-keyring.gpg # Check alternative location + +# Update the package cache +sudo apt-get update + +# Auto-remove any unused dependencies +sudo apt-get autoremove -y + +echo "Docker has been uninstalled from your Ubuntu 22.04 system." +echo "You may need to reboot your system for all changes to take effect." \ No newline at end of file From 52123537029509bc5dbd453d47cfd08eb169cb6c Mon Sep 17 00:00:00 2001 From: ddiabe Date: Tue, 24 Sep 2024 21:09:20 -0400 Subject: [PATCH 03/19] Added encrpyption at rest option for users --- .../Encryption at rest option for users.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 docs/markdown/maintenance/Encryption at rest option for users.md diff --git a/docs/markdown/maintenance/Encryption at rest option for users.md b/docs/markdown/maintenance/Encryption at rest option for users.md new file mode 100644 index 00000000..3e72f769 --- /dev/null +++ b/docs/markdown/maintenance/Encryption at rest option for users.md @@ -0,0 +1,13 @@ +# Encryption at rest option for users.md + +To ensure encryption at rest for all data managed by Elastic Cloud Enterprise, the hosts running Elastic Cloud Enterprise must be configured with disk-level encrytption, such as dm-crypt. Elastic Cloud Enterprise does not implement encryption at rest out of the box. + +Since Elastic doesn't support data encryption at rest, it provides a paid option outside of disk-level encryption available to users. This option is called X-pack. + +X-pack is a security feature that provides a secure and compliant way to protect data in Elasticsearch. + +X-pack has a 30-day trial and once trial is over, users might need to acquire a platium license if they want to keep us some of the X-pack features including the data encryption. + +https://www.elastic.co/guide/en/cloud-enterprise/current/ece-securing-considerations.html#:~:text=To%20ensure%20encryption%20at%20rest,encrypted%20at%20rest%20as%20well. + +https://opster.com/guides/elasticsearch/security/x-pack/#:~:text=X%2DPack%20is%20an%20Elastic,features%20you%20want%20to%20use. From 162bf115ae0b1a489bbfc35a4b2c6281a1517c9e Mon Sep 17 00:00:00 2001 From: Clint Baxley Date: Thu, 3 Oct 2024 06:55:22 -0400 Subject: [PATCH 04/19] Install pipeline and tests (#429) * Adds scripts to import and export 1.x data * Modifies the import script to use podman * Adds the dashboard importer for 1.x to 2.0 * Updates the import and export scripts to add mappings * Updates the field limit on winlogbeat index upon import * Moves the upgrade scripts to a folder and requires directory on import * Adds ability to remove the old docker volumes * Puts the volume remover in the upgrade directory * Makes the volume remover executable * 2x readme * Increase default maximum field limit * Alter title of imported dashboards to indicate 1x import * Clarify some points in the upgrade readme * Save this intermediary version of the docker files * Updates docker and linux only workflow for 2.0 * Updates the paths for the linux only containers * Fixes the clean up script for linux only build * Get the logs from broken container * Use root for the docker-compose.yml file * Use azure for our installs on pipeline * Installs python modules before azure install * Pass azure env vars to the docker azure install script * Updates the paths to the installer variable files * Changes the paths for the environment vars for installer * Change the password argument for the installer * Comment out group removal for debugging * Make sure the containers are using the same id * Add the resource group prefix to the environment variables files * Leave out special chars in password generation * Put in a pause to wait for the linux machine to be ready * Increase azure test machine size * Speeds up pipeline docker creation * Add sshpass to the apt packages in the Dockerfile * Sleep after making ssh key * Show output of generating key * Adds the openssh-client to the doccker build * Run the tests remotely * Quote ssh commands and escape environment vars $ * Install chromium for tests * Separate installing requirements from the test step * Change default variables for tests * Skip the tests that don't work with 2.0 * Clean up azure resources when pipeline is done * Update the cluster build to use the new installers * Update unique id and branch name * Check permissions on folder for config files * Rebuild container with correct uid * Check if directories are writable * Puts the env file in the proper directory * Skips data insertion example tests * Change the default password for selenium tests * Skip selenium tests that point to old dashboards * Skip failing tests * Install minimega * See if selenium tests pass without minimega * Skipped failing test. * Install linux in minimega * Quote minimega arguments correctly * Runs minimega as root * Provide full path to minimega * Runs minimega on the remote machine * Remove the local call to minimega * Get the azure and minimega ips in a variable for gh actions * Better method to get the minimega IP * Escape the arguments to getting the ip on minimega * Attempt escaping again * Get ip of the linux vm using lib function * Updates development files and workflows for the pipeline * Fail if the minimega ip isn't found * Increase the size of the cluster azure instance * Check if tests pass without minimega * Install minimega first because it restarts machine * Uses the machine name of a running vm * Output the reason for not getting the minimega ip * Escapes the azure ip $ sign * Checking the ssh command * Echo IP early * Gets the ip for minimega and doesn't check errors * Get the vm info for the vm in minimega * Filter the ip outside of the remote command * Filter the ip inside of the ssh command * Use single quotes to quote the jq query * Waits for an ip to be assigned to the minimega vm * Get the policy and token for elastic agent * Retrieve token after installing LME * Wait for the services to come up before running set-fleet * Put the check service command in the ssh command * Run set fleet as sudo because it has podman available * Source bashrc for podman path * Try getting path to podman * Echo path variable * Check for podman path * Put in absolute path to podman * Remove install fleet * Attempt running set fleet in the pipeline * Fix the typo in the pipeline docker build * Turn on debug for set fleet * Add a script to check the variables and results of set fleet * Run the check fleet script before installing * Update the fleet check script * Print debug info from kibana * Prints out the fleet api response. * Waits for fleet to be ready * Turn off debugging for the fleet installation scripts * Take out some debugging and sleeps * Run a command in a minimage virtual machine * Ssh to the virtual machine using non root * Use the env vars to connect to the ssh instances * Ignore strict host checking in ssh * Don't shut down instance so we can debug * Test running sudo in minimega virtual machine * Have pipeline ignore the certs when getting token and policy * Use unique container names * Try running in a different azure zone * Updates the ip in the config file * Fix the password for azure machine * Sleep a little after azure machine creation * Keeps azure resources in place after pipeline run * Fix yaml error in workflow file * Fix error in cluster.yml * Echo enrollment token for debugging * Repllace the vars in the config file for the local IP * Copy the install_agent_linux.sh script to Minimega * Test the install_agent_linux.sh script in Minimega * Try running the Elastic Agent installer in Minimega * Make the install_agent_linux.sh script executable and run it in Minimega * Run the chmod and install_agent_linux.sh script in separate steps * Run the agent installer with automatic "yes" response * Quiet the untarring command * Reduce logging for pulling the elastic agent * Pass the enrollment token to the agent installer * Try enrolling after installation * Allow insecure enrollment * Start the agent from /opt and restart the service after enrolling * Run enroller non interactively * Force enrollment * Build the entire run again to test manually * Checks if the elastic agent is reporting * Sleep a little while waiting for results from agent * Try to separate out installation, config, and enrollment of agent * No need to run config. Enroll will do it * Clean up the azure resources after the run --- .../python_development/devcontainer.json | 6 +- .devcontainer/python_tests/devcontainer.json | 18 - .github/workflows/cluster.yml | 452 +++++++++--------- .github/workflows/linux_only.yml | 173 ++++--- .gitignore | 3 +- quadlet/lme-kibana.container | 2 +- scripts/set-fleet.sh | 45 +- scripts/upgrade/import_1x.sh | 20 + scripts/upgrade/import_dashboards.sh | 42 +- testing/tests/README.md | 6 +- .../data_insertion_tests/conftest.py | 2 +- .../data_insertion_tests/test_server.py | 3 +- .../tests/api_tests/linux_only/conftest.py | 2 +- .../tests/api_tests/linux_only/test_server.py | 15 +- .../tests/api_tests/winlogbeat/conftest.py | 2 +- .../tests/api_tests/winlogbeat/test_server.py | 3 +- .../tests/selenium_tests/cluster/conftest.py | 2 +- ...st_computer_software_overview_dashboard.py | 4 + .../cluster/test_health_check_dashboard.py | 4 + .../test_process_explorer_dashboard.py | 6 + .../test_security_dashboard_security_log.py | 15 +- .../cluster/test_sysmon_summary_dashboard.py | 6 + .../cluster/test_user_h_r_dashboard.py | 18 +- .../cluster/test_user_security_dashboard.py | 26 + .../selenium_tests/linux_only/conftest.py | 2 +- .../linux_only/test_basic_loading.py | 2 + ...computer_software_overview_dashboard_lo.py | 2 + .../test_health_check_dashboard_lo.py | 1 + ...test_security_dashboard_security_log_lo.py | 4 + .../test_sysmon_summary_dashboard_lo.py | 2 + .../linux_only/test_user_h_r_dashboard_lo.py | 4 + .../test_user_security_dashboard_lo.py | 6 + testing/v2/development/Dockerfile | 93 ++-- testing/v2/development/docker-compose.yml | 52 +- ...build_azure_linux_network.md => README.md} | 13 +- .../azure/build_azure_linux_network.py | 9 +- ...work_requirements.txt => requirements.txt} | 0 testing/v2/installers/install_v2/install.sh | 57 ++- testing/v2/installers/lib/capture_ip.sh | 13 + .../installers/lib/check_agent_reporting.sh | 66 +++ testing/v2/installers/lib/check_fleet.sh | 42 ++ testing/v2/installers/lib/copy_ssh_key.sh | 4 +- .../v2/installers/lib/get_ip_of_machine.sh | 26 + .../v2/installers/lib/install_agent_linux.sh | 60 +++ .../installers/lib/replace_home_in_config.sh | 27 ++ 45 files changed, 911 insertions(+), 449 deletions(-) delete mode 100644 .devcontainer/python_tests/devcontainer.json rename testing/v2/installers/azure/{build_azure_linux_network.md => README.md} (98%) rename testing/v2/installers/azure/{build_azure_linux_network_requirements.txt => requirements.txt} (100%) create mode 100755 testing/v2/installers/lib/capture_ip.sh create mode 100755 testing/v2/installers/lib/check_agent_reporting.sh create mode 100755 testing/v2/installers/lib/check_fleet.sh create mode 100755 testing/v2/installers/lib/get_ip_of_machine.sh create mode 100755 testing/v2/installers/lib/install_agent_linux.sh create mode 100755 testing/v2/installers/lib/replace_home_in_config.sh diff --git a/.devcontainer/python_development/devcontainer.json b/.devcontainer/python_development/devcontainer.json index 8e6dda12..837aa748 100644 --- a/.devcontainer/python_development/devcontainer.json +++ b/.devcontainer/python_development/devcontainer.json @@ -1,11 +1,11 @@ { "name": "Python Development", "dockerComposeFile": [ - "../../testing/development/docker-compose.yml" + "../../testing/v2/development/docker-compose.yml" ], "service": "ubuntu", "shutdownAction": "none", - "workspaceFolder": "/lme", + "workspaceFolder": "/root/LME", "customizations": { "vscode": { "extensions": [ @@ -15,5 +15,5 @@ ] } }, - "remoteUser": "admin.ackbar" + "remoteUser": "root" } \ No newline at end of file diff --git a/.devcontainer/python_tests/devcontainer.json b/.devcontainer/python_tests/devcontainer.json deleted file mode 100644 index 187df1c5..00000000 --- a/.devcontainer/python_tests/devcontainer.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "name": "Python Tests", - "dockerComposeFile": [ - "../../testing/tests/docker-compose.yml" - ], - "service": "ubuntu", - "shutdownAction": "none", - "workspaceFolder": "/app", - "customizations": { - "vscode": { - "extensions": [ - "ms-python.python", - "littlefoxteam.vscode-python-test-adapter", - "ms-python.black-formatter" - ] - } - } -} \ No newline at end of file diff --git a/.github/workflows/cluster.yml b/.github/workflows/cluster.yml index c958f680..1cd42895 100644 --- a/.github/workflows/cluster.yml +++ b/.github/workflows/cluster.yml @@ -1,8 +1,8 @@ -name: Cluster Run +name: Cluster Run - Minimega on: workflow_dispatch: - # pull_request: + pull_request: # branches: # - '*' @@ -10,11 +10,14 @@ jobs: build-and-test-cluster: runs-on: self-hosted env: - UNIQUE_ID: - IP_ADDRESS: - LS1_IP: - BRANCH_NAME: - elastic: + UNIQUE_ID: ${{ github.run_id }}-${{ github.run_number }} + BRANCH_NAME: ${{ github.head_ref || github.ref_name }} + IP_ADDRESS: "" + LS1_IP: "" + elastic: "" + AZURE_IP: "" + MINIMEGA_IP: "" + ENROLLMENT_TOKEN: "" steps: - name: Checkout repository @@ -24,7 +27,6 @@ jobs: run: | PUBLIC_IP=$(curl -s https://api.ipify.org) echo "IP_ADDRESS=$PUBLIC_IP" >> $GITHUB_ENV - echo "UNIQUE_ID=$(openssl rand -hex 3 | head -c 6)" >> $GITHUB_ENV - name: Get branch name shell: bash @@ -35,244 +37,244 @@ jobs: echo "BRANCH_NAME=${GITHUB_REF##*/}" >> $GITHUB_ENV fi - - name: Set up Docker Compose - run: | - sudo curl -L "https://github.com/docker/compose/releases/download/v2.3.3/docker-compose-$(uname -s)-$(uname -m)" \ - -o /usr/local/bin/docker-compose - sudo chmod +x /usr/local/bin/docker-compose - - name: Set the environment for docker-compose run: | - cd testing/development + cd testing/v2/development # Get the UID and GID of the current user echo "HOST_UID=$(id -u)" > .env echo "HOST_GID=$(id -g)" >> .env - - # - name: Run Docker Compose Build to fix a user id issue in a prebuilt container - # run: | - # cd testing/development - # docker compose -p ${{ env.UNIQUE_ID }} build --no-cache - - - name: Run Docker Compose - run: docker compose -p ${{ env.UNIQUE_ID }} -f testing/development/docker-compose.yml up -d - - - name: List docker containers to wait for them to start + cat .env + + - name: Build pipeline container run: | - docker ps - - - name: List files in home directory + cd testing/v2/development + docker compose -p ${{ env.UNIQUE_ID }} build pipeline --no-cache + + - name: Start pipeline container run: | - cd testing/development - docker compose -p ${{ env.UNIQUE_ID }} exec -T lme bash -c "pwd && ls -la" - - - name: Check powershell environment + cd testing/v2/development + docker compose -p ${{ env.UNIQUE_ID }} up -d pipeline + + - name: Install Python requirements run: | - set +e - cd testing/development - docker compose -p ${{ env.UNIQUE_ID }} exec -T lme pwsh -Command "& { - cd /home/admin.ackbar/LME; \ - ls -la; \ - exit \$LASTEXITCODE; - }" - EXIT_CODE=$? - echo "Exit code: $EXIT_CODE" - set -e - if [ "$EXIT_CODE" -ne 0 ]; then - exit $EXIT_CODE - fi - - - name: Build the cluster + cd testing/v2/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T pipeline bash -c " + cd /home/lme-user/LME/testing/v2/installers/azure && \ + pip install -r requirements.txt + " + + - name: Build an Azure instance + env: + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + AZURE_CLIENT_SECRET: ${{ secrets.AZURE_SECRET }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} run: | - set +e - cd testing/development - docker compose -p ${{ env.UNIQUE_ID }} exec -T lme pwsh -Command "& { - cd /home/admin.ackbar/LME/testing; \ - \$env:AZURE_CLIENT_ID='${{ secrets.AZURE_CLIENT_ID }}'; \ - \$env:AZURE_SECRET='${{ secrets.AZURE_SECRET }}'; \ - \$env:AZURE_CLIENT_SECRET='${{ secrets.AZURE_SECRET }}'; \ - \$env:AZURE_TENANT='${{ secrets.AZURE_TENANT }}'; \ - \$env:UNIQUE_ID='${{ env.UNIQUE_ID }}'; \ - \$env:RESOURCE_GROUP='LME-pipe-${{ env.UNIQUE_ID }}'; \ - \$env:IP_ADDRESS='${{ env.IP_ADDRESS }}'; \ - ./development/build_cluster.ps1 -IPAddress \$env:IP_ADDRESS; \ - exit \$LASTEXITCODE; - }" - EXIT_CODE=$? - echo "Exit code: $EXIT_CODE" - set -e - if [ "$EXIT_CODE" -ne 0 ]; then - exit $EXIT_CODE - fi - cd .. - . configure/lib/functions.sh - extract_ls1_ip 'LME-pipe-${{ env.UNIQUE_ID }}.cluster.output.log' - echo "LS1_IP=$LS1_IP" >> $GITHUB_ENV + cd testing/v2/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T \ + -e AZURE_CLIENT_ID \ + -e AZURE_CLIENT_SECRET \ + -e AZURE_TENANT_ID \ + -e AZURE_SUBSCRIPTION_ID \ + pipeline bash -c " + cd /home/lme-user/LME/testing/v2/installers && \ + python3 ./azure/build_azure_linux_network.py \ + -g pipe-${{ env.UNIQUE_ID }} \ + -s 0.0.0.0/0 \ + -vs Standard_D8_v4 \ + -l centralus \ + -ast 23:00 \ + -y + " - - name: Install lme on cluster + - name: Install minimega on Azure instance run: | - set +e - cd testing/development - docker compose -p ${{ env.UNIQUE_ID }} exec -T lme pwsh -Command "& { - cd /home/admin.ackbar/LME/testing; \ - \$env:AZURE_CLIENT_ID='${{ secrets.AZURE_CLIENT_ID }}'; \ - \$env:AZURE_SECRET='${{ secrets.AZURE_SECRET }}'; \ - \$env:AZURE_CLIENT_SECRET='${{ secrets.AZURE_SECRET }}'; \ - \$env:AZURE_TENANT='${{ secrets.AZURE_TENANT }}'; \ - \$env:UNIQUE_ID='${{ env.UNIQUE_ID }}'; \ - \$env:RESOURCE_GROUP='LME-pipe-${{ env.UNIQUE_ID }}'; \ - ./development/install_lme.ps1 -b '${{ env.BRANCH_NAME }}'; \ - exit \$LASTEXITCODE; - }" - EXIT_CODE=$? - echo "Exit code: $EXIT_CODE" - set -e - if [ "$EXIT_CODE" -ne 0 ]; then - exit $EXIT_CODE - fi - - - name: Set the environment passwords for other steps + cd testing/v2/development + sleep 30 + docker compose -p ${{ env.UNIQUE_ID }} exec -T pipeline bash -c " + cd /home/lme-user/LME/testing/v2/installers && \ + IP_ADDRESS=\$(cat pipe-${{ env.UNIQUE_ID }}.ip.txt) && \ + ./minimega/install.sh lme-user \$IP_ADDRESS "pipe-${{ env.UNIQUE_ID }}.password.txt" + " + + - name: Install Linux in minimega run: | - cd testing/development - docker compose -p ${{ env.UNIQUE_ID }} exec -T lme bash -c " - cd /home/admin.ackbar/LME/testing \ - && . configure/lib/functions.sh \ - && extract_credentials 'LME-pipe-${{ env.UNIQUE_ID }}.password.txt' \ - && write_credentials_to_file '${{ env.UNIQUE_ID }}.github_env.sh' \ - " - . ../${{ env.UNIQUE_ID }}.github_env.sh - rm ../${{ env.UNIQUE_ID }}.github_env.sh - echo "elastic=$elastic" >> $GITHUB_ENV - echo "kibana=$kibana" >> $GITHUB_ENV - echo "logstash_system=$logstash_system" >> $GITHUB_ENV - echo "logstash_writer=$logstash_writer" >> $GITHUB_ENV - echo "dashboard_update=$dashboard_update" >> $GITHUB_ENV - - - name: Check that the environment variables are set + cd testing/v2/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T pipeline bash -c " + cd /home/lme-user/LME/testing/v2/installers && \ + IP_ADDRESS=\$(cat pipe-${{ env.UNIQUE_ID }}.ip.txt) && \ + ./ubuntu_qcow_maker/install.sh lme-user \$IP_ADDRESS "pipe-${{ env.UNIQUE_ID }}.password.txt" + " + + - name: Check if linux is running in minimega run: | - cd testing/development - docker compose -p ${{ env.UNIQUE_ID }} exec -T lme bash -c " - if [ -z \"${{ env.elastic }}\" ]; then - echo 'Error: env.elastic variable is not set' >&2 - exit 1 - else - echo 'Elastic password is set' - fi + cd testing/v2/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T pipeline bash -c " + sleep 120 && \ + cd /home/lme-user/LME/testing/v2/installers && \ + IP_ADDRESS=\$(cat pipe-${{ env.UNIQUE_ID }}.ip.txt) && \ + ssh lme-user@\$IP_ADDRESS 'sudo /opt/minimega/bin/minimega -e vm info' " - - # - name: Run a command on the domain controller - # run: | - # set +e - # cd testing/development - # docker compose -p ${{ env.UNIQUE_ID }} exec -T lme pwsh -Command "& { - # cd /home/admin.ackbar/LME/testing; \ - # \$env:AZURE_CLIENT_ID='${{ secrets.AZURE_CLIENT_ID }}'; \ - # \$env:AZURE_SECRET='${{ secrets.AZURE_SECRET }}'; \ - # \$env:AZURE_CLIENT_SECRET='${{ secrets.AZURE_SECRET }}'; \ - # \$env:AZURE_TENANT='${{ secrets.AZURE_TENANT }}'; \ - # \$env:UNIQUE_ID='${{ env.UNIQUE_ID }}'; \ - # \$env:RESOURCE_GROUP='LME-pipe-${{ env.UNIQUE_ID }}'; \ - # az login --service-principal -u \$env:AZURE_CLIENT_ID -p \$env:AZURE_SECRET --tenant \$env:AZURE_TENANT; \ - # az vm run-command invoke \ - # --command-id RunPowerShellScript \ - # --name DC1 \ - # --resource-group \$env:RESOURCE_GROUP \ - # --scripts 'ls C:\'; \ - # exit \$LASTEXITCODE; - # }" - # EXIT_CODE=$? - # echo "Exit code: $EXIT_CODE" - # set -e - # if [ "$EXIT_CODE" -ne 0 ]; then - # exit $EXIT_CODE - # fi - - - name: Run a command on the linux machine + + - name: Get Azure and Minimega IP addresses run: | - set +e - cd testing/development - docker compose -p ${{ env.UNIQUE_ID }} exec -T lme pwsh -Command "& { - cd /home/admin.ackbar/LME/testing; \ - \$env:AZURE_CLIENT_ID='${{ secrets.AZURE_CLIENT_ID }}'; \ - \$env:AZURE_SECRET='${{ secrets.AZURE_SECRET }}'; \ - \$env:AZURE_CLIENT_SECRET='${{ secrets.AZURE_SECRET }}'; \ - \$env:AZURE_TENANT='${{ secrets.AZURE_TENANT }}'; \ - \$env:UNIQUE_ID='${{ env.UNIQUE_ID }}'; \ - \$env:RESOURCE_GROUP='LME-pipe-${{ env.UNIQUE_ID }}'; \ - az login --service-principal -u \$env:AZURE_CLIENT_ID -p \$env:AZURE_SECRET --tenant \$env:AZURE_TENANT; \ - az vm run-command invoke \ - --command-id RunShellScript \ - --name LS1 \ - --resource-group \$env:RESOURCE_GROUP \ - --scripts 'ls -lan'; \ - exit \$LASTEXITCODE; - }" + cd testing/v2/development + AZURE_IP=$(docker compose -p ${{ env.UNIQUE_ID }} exec -T pipeline bash -c "cat /home/lme-user/LME/testing/v2/installers/pipe-${{ env.UNIQUE_ID }}.ip.txt") + echo "AZURE_IP=$AZURE_IP" >> $GITHUB_ENV + echo "Azure IP:$AZURE_IP" + MINIMEGA_IP=$(docker compose -p ${{ env.UNIQUE_ID }} exec -T pipeline bash -c " + ssh lme-user@$AZURE_IP 'sudo /opt/minimega/bin/minimega -e .json true .filter name=\"linux-runner\" vm info | jq -r \".[].Data[].Networks[].IP4\"' + " ) EXIT_CODE=$? - echo "Exit code: $EXIT_CODE" - set -e - if [ "$EXIT_CODE" -ne 0 ]; then - exit $EXIT_CODE + if [ $EXIT_CODE -ne 0 ]; then + echo "Failed to get Minimega IP. Exit code: $EXIT_CODE" >&2 + exit 1 fi - - # This only passes when you do a full install - - name: Run api tests in container + if [ -z "$MINIMEGA_IP" ]; then + echo "Minimega IP is empty" >&2 + exit 1 + fi + echo "MINIMEGA_IP=$MINIMEGA_IP" >> $GITHUB_ENV + echo "Azure IP:$AZURE_IP Minimega IP:$MINIMEGA_IP" + + - name: Run a command in Minimega run: | - set +e - cd testing/development - docker-compose -p ${{ env.UNIQUE_ID }} exec -T -u admin.ackbar lme bash -c " cd testing/tests \ - && echo export elastic=${{ env.elastic }} > .env \ - && echo export ES_HOST=${{ env.LS1_IP }} >> .env \ - && python3 -m venv /home/admin.ackbar/venv_test \ - && . /home/admin.ackbar/venv_test/bin/activate \ - && pip install -r requirements.txt \ - && sudo chmod ugo+w /home/admin.ackbar/LME/ -R \ - && pytest -v api_tests/" + cd testing/v2/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T pipeline bash -c " + ssh -o StrictHostKeyChecking=no lme-user@${{ env.AZURE_IP }} 'sudo ssh -o StrictHostKeyChecking=no vmuser@${{ env.MINIMEGA_IP }} ls -la' + " - - name: Run selenium tests in container + - name: Install LME on Azure instance run: | - set +e - cd testing/development - docker-compose -p ${{ env.UNIQUE_ID }} exec -T -u admin.ackbar lme bash -c " cd testing/tests \ - && echo export elastic=${{ env.elastic }} > .env \ - && echo export ES_HOST=${{ env.LS1_IP }} >> .env \ - && echo export KIBANA_HOST= ${{ env.LS1_IP }} >> .env \ - && echo export KIBANA_PORT=443 >> .env \ - && echo export KIBANA_USER=elastic >> .env \ - && echo export SELENIUM_TIMEOUT=60 >> .env \ - && echo export SELENIUM_MODE=headless >> .env \ - && cat .env \ - && python3 -m venv /home/admin.ackbar/venv_test \ - && . /home/admin.ackbar/venv_test/bin/activate \ - && pip install -r requirements.txt \ - && sudo chmod ugo+w /home/admin.ackbar/LME/ -R \ - && pytest -v selenium_tests/" - - # - name: Run selenium tests in container - # run: | - # set +e - # cd testing/development - # docker compose -p ${{ env.UNIQUE_ID }} exec -T -u admin.ackbar lme bash -c " cd testing/tests \ - # && echo export ELASTIC_PASSWORD=${{ env.elastic }} > .env \ - # && . .env \ - # && python3 -m venv /home/admin.ackbar/venv_test \ - # && . /home/admin.ackbar/venv_test/bin/activate \ - # && pip install -r requirements.txt \ - # && sudo chmod ugo+w /home/admin.ackbar/LME/ -R \ - # && python selenium_tests.py --domain ${{ env.LS1_IP }} -v" + cd testing/v2/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T pipeline bash -c " + cd /home/lme-user/LME/testing/v2/installers && \ + IP_ADDRESS=\$(cat pipe-${{ env.UNIQUE_ID }}.ip.txt) && \ + ./install_v2/install.sh lme-user \$IP_ADDRESS "pipe-${{ env.UNIQUE_ID }}.password.txt" ${{ env.BRANCH_NAME }} + " + + - name: Install test requirements on Azure instance + run: | + cd testing/v2/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T pipeline bash -c " + cd /home/lme-user/LME/testing/v2/installers && \ + IP_ADDRESS=\$(cat pipe-${{ env.UNIQUE_ID }}.ip.txt) && \ + ssh lme-user@\$IP_ADDRESS 'whoami && hostname && \ + wget -q https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb && \ + sudo apt install -y ./google-chrome-stable_current_amd64.deb && \ + cd /home/lme-user/LME/testing/tests && \ + python3 -m venv venv && \ + source venv/bin/activate && \ + pip install -r requirements.txt ' + " + + - name: Retrieve Elastic policy ID and enrollment token + env: + KIBANA_URL: "https://localhost" + ES_USERNAME: "elastic" + ES_PASSWORD: "password1" + run: | + cd testing/v2/development + + # Retrieve policy ID + POLICY_ID=$(docker compose -p ${{ env.UNIQUE_ID }} exec -T pipeline bash -c " + ssh lme-user@${{ env.AZURE_IP }} ' + curl -k -s -u \"$ES_USERNAME:$ES_PASSWORD\" -X GET \"$KIBANA_URL/api/fleet/agent_policies\" \ + -H \"kbn-xsrf: true\" \ + -H \"Content-Type: application/json\" | + jq -r '.items[0].id' + ' + ") + echo "Retrieved Policy ID: $POLICY_ID" + + # Retrieve enrollment token using the policy ID + ENROLLMENT_TOKEN=$(docker compose -p ${{ env.UNIQUE_ID }} exec -T pipeline bash -c " + ssh lme-user@${{ env.AZURE_IP }} ' + curl -k -s -u \"$ES_USERNAME:$ES_PASSWORD\" -X POST \"$KIBANA_URL/api/fleet/enrollment-api-keys\" \ + -H \"kbn-xsrf: true\" \ + -H \"Content-Type: application/json\" \ + -d \"{\\\"policy_id\\\":\\\"$POLICY_ID\\\"}\" | + jq -r .item.api_key + ' + ") + echo "Retrieved enrollment token: $ENROLLMENT_TOKEN" + + # Mask the enrollment token in logs and set it as an environment variable + echo "::add-mask::$ENROLLMENT_TOKEN" + echo "ENROLLMENT_TOKEN=$ENROLLMENT_TOKEN" >> $GITHUB_ENV + echo "Policy ID and Enrollment Token retrieved successfully" + + - name: Copy the Elastic Agent installer to Minimega + run: | + cd testing/v2/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T pipeline bash -c " + ssh -o StrictHostKeyChecking=no lme-user@${{ env.AZURE_IP }} \ + 'sudo scp -p -o StrictHostKeyChecking=no /home/lme-user/LME/testing/v2/installers/lib/install_agent_linux.sh vmuser@${{ env.MINIMEGA_IP }}:~' + " + + - name: Run a command in Minimega + run: | + cd testing/v2/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T pipeline bash -c " + ssh lme-user@${{ env.AZURE_IP }} 'sudo ssh -o StrictHostKeyChecking=no vmuser@${{ env.MINIMEGA_IP }} ls -la' + " + + - name: Install the Elastic Agent in Minimega + run: | + cd testing/v2/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T pipeline bash -c " + ssh lme-user@${{ env.AZURE_IP }} 'sudo ssh -o StrictHostKeyChecking=no vmuser@${{ env.MINIMEGA_IP }} chmod +x ./install_agent_linux.sh ' && \ + ssh lme-user@${{ env.AZURE_IP }} 'sudo ssh -o StrictHostKeyChecking=no vmuser@${{ env.MINIMEGA_IP }} ./install_agent_linux.sh --token ${{ env.ENROLLMENT_TOKEN }}' + " + + - name: Check if the Elastic agent is reporting + run: | + sleep 120 + cd testing/v2/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T pipeline bash -c " + ssh -o StrictHostKeyChecking=no lme-user@${{ env.AZURE_IP }} \ + '/home/lme-user/LME/testing/v2/installers/lib/check_agent_reporting.sh' + " + + - name: Run api tests on Azure instance + run: | + cd testing/v2/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T pipeline bash -c " + cd /home/lme-user/LME/testing/v2/installers && \ + IP_ADDRESS=\$(cat pipe-${{ env.UNIQUE_ID }}.ip.txt) && \ + ssh lme-user@\$IP_ADDRESS 'cd /home/lme-user/LME/testing/tests && \ + source venv/bin/activate && \ + pytest -v api_tests/' + " + + - name: Run selenium tests on Azure instance + run: | + cd testing/v2/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T pipeline bash -c " + cd /home/lme-user/LME/testing/v2/installers && \ + IP_ADDRESS=\$(cat pipe-${{ env.UNIQUE_ID }}.ip.txt) && \ + ssh lme-user@\$IP_ADDRESS 'cd /home/lme-user/LME/testing/tests && \ + source venv/bin/activate && \ + pytest -v selenium_tests/' + " - - name: Cleanup environment + - name: Cleanup Azure resources + if: always() + env: + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + AZURE_SECRET: ${{ secrets.AZURE_SECRET }} + AZURE_TENANT: ${{ secrets.AZURE_TENANT }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} + run: | + cd testing/v2/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T pipeline bash -c " + az login --service-principal -u $AZURE_CLIENT_ID -p $AZURE_SECRET --tenant $AZURE_TENANT + az group delete --name pipe-${{ env.UNIQUE_ID }} --yes --no-wait + " + + - name: Stop and remove containers if: always() run: | - cd testing/development - docker compose -p ${{ env.UNIQUE_ID }} exec -T lme pwsh -Command "& { - cd /home/admin.ackbar/LME/testing; \ - \$env:AZURE_CLIENT_ID='${{ secrets.AZURE_CLIENT_ID }}'; \ - \$env:AZURE_SECRET='${{ secrets.AZURE_SECRET }}'; \ - \$env:AZURE_CLIENT_SECRET='${{ secrets.AZURE_SECRET }}'; \ - \$env:AZURE_TENANT='${{ secrets.AZURE_TENANT }}'; \ - \$env:UNIQUE_ID='${{ env.UNIQUE_ID }}'; \ - \$env:RESOURCE_GROUP='LME-pipe-${{ env.UNIQUE_ID }}'; \ - ./development/destroy_cluster.ps1; \ - exit \$LASTEXITCODE; - }" + cd testing/v2/development docker compose -p ${{ env.UNIQUE_ID }} down - docker system prune --force + docker system prune -af \ No newline at end of file diff --git a/.github/workflows/linux_only.yml b/.github/workflows/linux_only.yml index c5dd7332..6349b8d0 100644 --- a/.github/workflows/linux_only.yml +++ b/.github/workflows/linux_only.yml @@ -8,116 +8,113 @@ on: jobs: build-and-test-linux-only: - # runs-on: ubuntu-latest runs-on: self-hosted env: - UNIQUE_ID: - BRANCH_NAME: + UNIQUE_ID: ${{ github.run_id }}-${{ github.run_number }} + BRANCH_NAME: ${{ github.head_ref || github.ref_name }} steps: - name: Checkout repository uses: actions/checkout@v4.1.1 - - name: Setup environment variables + - name: Set the environment for docker compose run: | - echo "UNIQUE_ID=$(openssl rand -hex 3 | head -c 6)" >> $GITHUB_ENV + cd testing/v2/development + echo "HOST_UID=$(id -u)" > .env + echo "HOST_GID=$(id -g)" >> .env - - name: Setup environment variables - run: | - echo "AZURE_CLIENT_ID=${{ secrets.AZURE_CLIENT_ID }}" >> $GITHUB_ENV - echo "AZURE_SECRET=${{ secrets.AZURE_SECRET }}" >> $GITHUB_ENV - echo "AZURE_CLIENT_SECRET=${{ secrets.AZURE_SECRET }}" >> $GITHUB_ENV - echo "AZURE_TENANT=${{ secrets.AZURE_TENANT }}" >> $GITHUB_ENV - echo "AZURE_SUBSCRIPTION_ID=${{ secrets.AZURE_SUBSCRIPTION_ID }}" >> $GITHUB_ENV - - - name: Set Branch Name - shell: bash - env: - EVENT_NAME: ${{ github.event_name }} - HEAD_REF: ${{ github.head_ref }} - GITHUB_REF: ${{ github.ref }} + - name: Start pipeline container run: | - if [ "$EVENT_NAME" == "pull_request" ]; then - echo "BRANCH_NAME=$HEAD_REF" >> $GITHUB_ENV - else - BRANCH_REF="${GITHUB_REF##*/}" - echo "BRANCH_NAME=$BRANCH_REF" >> $GITHUB_ENV - fi + cd testing/v2/development + docker compose -p ${{ env.UNIQUE_ID }} up -d pipeline - - name: Set up Docker Compose + - name: Install Python requirements run: | - sudo curl -L "https://github.com/docker/compose/releases/download/v2.3.3/docker-compose-$(uname -s)-$(uname -m)" \ - -o /usr/local/bin/docker-compose - sudo chmod +x /usr/local/bin/docker-compose + cd testing/v2/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T pipeline bash -c " + cd /home/lme-user/LME/testing/v2/installers/azure && \ + pip install -r requirements.txt + " - - name: Set the environment for docker-compose + - name: Build an Azure instance + env: + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + AZURE_CLIENT_SECRET: ${{ secrets.AZURE_SECRET }} + AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} run: | - cd testing/development - # Get the UID and GID of the current user - echo "HOST_UID=$(id -u)" > .env - echo "HOST_GID=$(id -g)" >> .env + cd testing/v2/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T \ + -e AZURE_CLIENT_ID \ + -e AZURE_CLIENT_SECRET \ + -e AZURE_TENANT_ID \ + -e AZURE_SUBSCRIPTION_ID \ + pipeline bash -c " + cd /home/lme-user/LME/testing/v2/installers && \ + python3 ./azure/build_azure_linux_network.py \ + -g pipe-${{ env.UNIQUE_ID }} \ + -s 0.0.0.0/0 \ + -vs Standard_E4d_v4 \ + -l westus \ + -ast 23:00 \ + -y + " - - name: Run Docker Build - run: docker compose -p ${{ env.UNIQUE_ID }} -f testing/development/docker-compose.yml build lme --no-cache - - - name: Run Docker Compose - run: docker compose -p ${{ env.UNIQUE_ID }} -f testing/development/docker-compose.yml up lme -d - - - name: List docker containers to wait for them to start + - name: Install LME on Azure instance run: | - docker ps - - # We are not using the ubuntu container so no use waiting for it to start - # - name: Execute commands inside ubuntu container - # run: | - # cd testing/development - # docker compose -p ${{ env.UNIQUE_ID }} exec -T ubuntu bash -c "echo 'Ubuntu container built'" + cd testing/v2/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T pipeline bash -c " + sleep 60 && + pwd && \ + ls -la && \ + cd /home/lme-user/LME/testing/v2/installers && \ + IP_ADDRESS=\$(cat pipe-${{ env.UNIQUE_ID }}.ip.txt) && \ + ./install_v2/install.sh lme-user \$IP_ADDRESS "pipe-${{ env.UNIQUE_ID }}.password.txt" ${{ env.BRANCH_NAME }} + " - - name: Install LME in container + - name: Install test requirements on Azure instance run: | - set -x - cd testing/development - docker compose -p ${{ env.UNIQUE_ID }} exec -T lme bash -c "./testing/development/build_docker_lme_install.sh -b ${{ env.BRANCH_NAME }} \ - && sudo chmod go+r /opt/lme/Chapter\ 3\ Files/output.log" - - - name: Run api tests in container + cd testing/v2/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T pipeline bash -c " + cd /home/lme-user/LME/testing/v2/installers && \ + IP_ADDRESS=\$(cat pipe-${{ env.UNIQUE_ID }}.ip.txt) && \ + ssh lme-user@\$IP_ADDRESS 'whoami && hostname && \ + wget -q https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb && \ + sudo apt install -y ./google-chrome-stable_current_amd64.deb && \ + cd /home/lme-user/LME/testing/tests && \ + python3 -m venv venv && \ + source venv/bin/activate && \ + pip install -r requirements.txt ' + " + - name: Run tests on Azure instance run: | - cd testing/development - docker compose -p ${{ env.UNIQUE_ID }} exec -T -u admin.ackbar lme bash -c ". testing/configure/lib/functions.sh \ - && sudo cp /opt/lme/Chapter\ 3\ Files/output.log . \ - && extract_credentials output.log \ - && sudo rm output.log \ - && sudo docker ps \ - && . /home/admin.ackbar/venv_test/bin/activate \ - && sudo chmod ugo+w /home/admin.ackbar/LME/ \ - && pytest testing/tests/api_tests/linux_only/ " - - - name: Run selenium tests in container + cd testing/v2/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T pipeline bash -c " + cd /home/lme-user/LME/testing/v2/installers && \ + IP_ADDRESS=\$(cat pipe-${{ env.UNIQUE_ID }}.ip.txt) && \ + ssh lme-user@\$IP_ADDRESS 'cd /home/lme-user/LME/testing/tests && \ + source venv/bin/activate && \ + pytest -v api_tests/linux_only/ selenium_tests/linux_only/' + " + + - name: Cleanup Azure resources + if: always() + env: + AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }} + AZURE_SECRET: ${{ secrets.AZURE_SECRET }} + AZURE_TENANT: ${{ secrets.AZURE_TENANT }} + AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }} run: | - cd testing/development - docker compose -p ${{ env.UNIQUE_ID }} exec -T -u admin.ackbar lme bash -c " - . testing/configure/lib/functions.sh \ - && echo export ELASTIC_PASSWORD=${{ env.elastic }} > testing/tests/.env \ - && echo export KIBANA_HOST=localhost >> testing/tests/.env \ - && echo export KIBANA_PORT=443 >> testing/tests/.env \ - && echo export KIBANA_USER=elastic >> testing/tests/.env \ - && echo export SELENIUM_TIMEOUT=60 >> testing/tests/.env \ - && echo export SELENIUM_MODE=headless >> testing/tests/.env \ - && . testing/tests/.env \ - && sudo cp /opt/lme/Chapter\\ 3\\ Files/output.log . \ - && extract_credentials output.log \ - && sudo rm output.log \ - && sudo docker ps \ - && . /home/admin.ackbar/venv_test/bin/activate \ - && sudo chmod ugo+w /home/admin.ackbar/LME/ \ - && pytest testing/tests/selenium_tests/linux_only/ \ + cd testing/v2/development + docker compose -p ${{ env.UNIQUE_ID }} exec -T pipeline bash -c " + az login --service-principal -u $AZURE_CLIENT_ID -p $AZURE_SECRET --tenant $AZURE_TENANT + az group delete --name pipe-${{ env.UNIQUE_ID }} --yes --no-wait " - - - name: Cleanup Docker Compose + + - name: Stop and remove containers if: always() run: | - cd testing/development - docker compose -p ${{ env.UNIQUE_ID }} exec -T -u root lme bash -c "rm -rf /home/admin.ackbar/LME/.pytest_cache" + cd testing/v2/development docker compose -p ${{ env.UNIQUE_ID }} down - docker system prune -a --force \ No newline at end of file + docker system prune -af \ No newline at end of file diff --git a/.gitignore b/.gitignore index 07a1f02b..aa8737ce 100644 --- a/.gitignore +++ b/.gitignore @@ -30,4 +30,5 @@ testing/tests/assets/style.css **.password.txt **.ip.txt **.swp -**/quadlet/output \ No newline at end of file +**/quadlet/output + diff --git a/quadlet/lme-kibana.container b/quadlet/lme-kibana.container index 2267c5d1..91d78c23 100644 --- a/quadlet/lme-kibana.container +++ b/quadlet/lme-kibana.container @@ -20,7 +20,7 @@ EnvironmentFile=/opt/lme/lme-environment.env Image=localhost/kibana:LME_LATEST Network=lme PodmanArgs=--memory 4gb --network-alias lme-kibana --requires lme-elasticsearch --health-interval=2s -#PublishPort=5601:5601 +PublishPort=5601:5601 Volume=lme_certs:/usr/share/kibana/config/certs:z Volume=lme_kibanadata:/usr/share/kibana/data Volume=/opt/lme/config/kibana.yml:/usr/share/kibana/config/kibana.yml:Z diff --git a/scripts/set-fleet.sh b/scripts/set-fleet.sh index a32528a1..c78a67fb 100755 --- a/scripts/set-fleet.sh +++ b/scripts/set-fleet.sh @@ -1,4 +1,5 @@ -#!/bin/env bash +#!/usr/bin/env bash +#set -x HEADERS=( -H "kbn-version: 8.12.2" @@ -6,9 +7,44 @@ HEADERS=( -H 'Content-Type: application/json' ) +# Function to check if Fleet API is ready +check_fleet_ready() { + local response + response=$(curl -k -s --user "${ELASTIC_USERNAME}:${ELASTICSEARCH_PASSWORD}" \ + "${HEADERS[@]}" \ + "${LOCAL_KBN_URL}/api/fleet/settings") + + if [[ "$response" == *"Kibana server is not ready yet"* ]]; then + return 1 + else + return 0 + fi +} + +# Wait for Fleet API to be ready +wait_for_fleet() { + echo "Waiting for Fleet API to be ready..." + max_attempts=60 + attempt=1 + while ! check_fleet_ready; do + if [ $attempt -ge $max_attempts ]; then + echo "Fleet API did not become ready after $max_attempts attempts. Exiting." + exit 1 + fi + echo "Attempt $attempt: Fleet API not ready. Waiting 10 seconds..." + sleep 10 + attempt=$((attempt + 1)) + done + echo "Fleet API is ready. Proceeding with configuration..." +} + set_fleet_values() { - fingerprint=$(podman exec -w /usr/share/elasticsearch/config/certs/ca lme-elasticsearch cat ca.crt | openssl x509 -nout -fingerprint -sha256 | cut -d "=" -f 2| tr -d : | head -n1) - printf '{"fleet_server_hosts": ["%s"]}' "https://${IPVAR}:${FLEET_PORT}" | curl -k --silent --user "${ELASTIC_USERNAME}:${ELASTICSEARCH_PASSWORD}" -XPUT "${HEADERS[@]}" "${LOCAL_KBN_URL}/api/fleet/settings" -d @- | jq + fingerprint=$(/nix/var/nix/profiles/default/bin/podman exec -w /usr/share/elasticsearch/config/certs/ca lme-elasticsearch cat ca.crt | openssl x509 -nout -fingerprint -sha256 | cut -d "=" -f 2| tr -d : | head -n1) + fleet_api_response=$(printf '{"fleet_server_hosts": ["%s"]}' "https://${IPVAR}:${FLEET_PORT}" | curl -k -v --user "${ELASTIC_USERNAME}:${ELASTICSEARCH_PASSWORD}" -XPUT "${HEADERS[@]}" "${LOCAL_KBN_URL}/api/fleet/settings" -d @-) + + echo "Fleet API Response:" + echo "$fleet_api_response" + printf '{"hosts": ["%s"]}' "https://${IPVAR}:9200" | curl -k --silent --user "${ELASTIC_USERNAME}:${ELASTICSEARCH_PASSWORD}" -XPUT "${HEADERS[@]}" "${LOCAL_KBN_URL}/api/fleet/outputs/fleet-default-output" -d @- | jq printf '{"ca_trusted_fingerprint": "%s"}' "${fingerprint}" | curl -k --silent --user "${ELASTIC_USERNAME}:${ELASTICSEARCH_PASSWORD}" -XPUT "${HEADERS[@]}" "${LOCAL_KBN_URL}/api/fleet/outputs/fleet-default-output" -d @- | jq printf '{"config_yaml": "%s"}' "ssl.verification_mode: certificate" | curl -k --silent --user "${ELASTIC_USERNAME}:${ELASTICSEARCH_PASSWORD}" -XPUT "${HEADERS[@]}" "${LOCAL_KBN_URL}/api/fleet/outputs/fleet-default-output" -d @- | jq @@ -19,4 +55,5 @@ set_fleet_values() { #main: source /opt/lme/lme-environment.env -set_fleet_values +wait_for_fleet +set_fleet_values \ No newline at end of file diff --git a/scripts/upgrade/import_1x.sh b/scripts/upgrade/import_1x.sh index 1dc6721c..f64ce44a 100755 --- a/scripts/upgrade/import_1x.sh +++ b/scripts/upgrade/import_1x.sh @@ -130,6 +130,25 @@ if ! command -v podman &> /dev/null; then exit 1 fi + +# Prompt for Elasticsearch credentials and verify connection +while true; do + read -p "Enter Elasticsearch username: " ES_USER + ES_PASS=$(prompt_password "Enter Elasticsearch password: ") + echo # Move to a new line after password input + + if check_es_connection; then + break + else + echo "Would you like to try again? (y/n)" + read -r retry + if [[ ! $retry =~ ^[Yy]$ ]]; then + echo "Exiting script." + exit 1 + fi + fi +done + # Try to set credentials from file if set_credentials_from_file; then echo "Using credentials from $ENV_FILE" @@ -154,6 +173,7 @@ else done fi + # Prompt for input files read -p "Enter the path to the compressed data file (winlogbeat_data.json.gz): " DATA_FILE read -p "Enter the path to the compressed mappings file (winlogbeat_mappings.json.gz): " MAPPINGS_FILE diff --git a/scripts/upgrade/import_dashboards.sh b/scripts/upgrade/import_dashboards.sh index 4b7f7f51..4e319e0a 100755 --- a/scripts/upgrade/import_dashboards.sh +++ b/scripts/upgrade/import_dashboards.sh @@ -2,6 +2,7 @@ # Get the directory of the current script SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + ENV_FILE="/opt/lme/lme-environment" # Function to display usage information @@ -9,38 +10,36 @@ usage() { echo "Usage: $0 -d DIRECTORY [OPTIONS]" echo "Options:" echo " -d, --directory PATH Path to the dashboards directory (required)" + echo " -u, --user USERNAME Elasticsearch username (default: elastic)" echo " -h, --help Display this help message" - echo "Note: The script will use credentials from $ENV_FILE if available," - echo " or prompt for them if not set." + echo "Note: The script will prompt for the password if ELASTIC_PASSWORD is not set." exit 1 } # Function to read password securely read_password() { - read -s -p "Enter Elasticsearch password: " PASSWORD - echo -} -# Function to source environment file and set credentials -set_credentials_from_file() { - if [ -f "$ENV_FILE" ]; then - source "$ENV_FILE" - if [ -n "$ELASTIC_USERNAME" ] && [ -n "$ELASTIC_PASSWORD" ]; then - USER="$ELASTIC_USERNAME" - PASSWORD="$ELASTIC_PASSWORD" - return 0 - fi + if [ -t 0 ]; then + read -s -p "Enter Elasticsearch password: " PASSWORD + echo + else + read PASSWORD fi - return 1 } # Initialize variables +USER="elastic" +PASSWORD="" DASHBOARDS_DIR="" # Parse command line arguments while [[ $# -gt 0 ]]; do key="$1" case $key in + -u|--user) + USER="$2" + shift 2 + ;; -d|--directory) DASHBOARDS_DIR="$2" shift 2 @@ -61,13 +60,14 @@ if [ -z "$DASHBOARDS_DIR" ]; then usage fi -# Try to set credentials from file -if set_credentials_from_file; then - echo "Using credentials from $ENV_FILE" -else - echo "Credentials not found in $ENV_FILE. Please enter them manually." - read -p "Enter Elasticsearch username: " USER + +# Check for password +if [ -z "$ELASTIC_PASSWORD" ]; then + echo "ELASTIC_PASSWORD is not set. Please enter the password." read_password +else + echo "Using password from ELASTIC_PASSWORD environment variable." + PASSWORD="$ELASTIC_PASSWORD" fi # Check if the dashboards directory exists diff --git a/testing/tests/README.md b/testing/tests/README.md index 7a60cc95..7f6075f0 100644 --- a/testing/tests/README.md +++ b/testing/tests/README.md @@ -230,11 +230,11 @@ Once you have set up this configuration you can add this to `devcontainer.json`: { "name": "Python Development", "dockerComposeFile": [ - "../../testing/development/docker-compose.yml" + "../../testing/v2/development/docker-compose.yml" ], "service": "ubuntu", "shutdownAction": "none", - "workspaceFolder": "/lme", + "workspaceFolder": "/root/lme", "customizations": { "vscode": { "extensions": [ @@ -244,7 +244,7 @@ Once you have set up this configuration you can add this to `devcontainer.json`: ] } }, - "remoteUser": "admin.ackbar" + "remoteUser": "root" } ``` diff --git a/testing/tests/api_tests/data_insertion_tests/conftest.py b/testing/tests/api_tests/data_insertion_tests/conftest.py index 65998f93..81f83395 100644 --- a/testing/tests/api_tests/data_insertion_tests/conftest.py +++ b/testing/tests/api_tests/data_insertion_tests/conftest.py @@ -33,5 +33,5 @@ def username(): def password(): return os.getenv( "elastic", - os.getenv("ES_PASSWORD", os.getenv("ELASTIC_PASSWORD", "default_password")), + os.getenv("ES_PASSWORD", os.getenv("ELASTIC_PASSWORD", "password1")), ) diff --git a/testing/tests/api_tests/data_insertion_tests/test_server.py b/testing/tests/api_tests/data_insertion_tests/test_server.py index 7228b664..43085738 100644 --- a/testing/tests/api_tests/data_insertion_tests/test_server.py +++ b/testing/tests/api_tests/data_insertion_tests/test_server.py @@ -30,7 +30,7 @@ def suppress_insecure_request_warning(): warnings.simplefilter("ignore", urllib3.exceptions.InsecureRequestWarning) - +@pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_filter_hosts_insert(es_host, es_port, username, password): second_response_loaded=insert_winlog_data(es_host, es_port, username, password, 'filter_hosts.json', 'hosts.json', 0) @@ -44,6 +44,7 @@ def test_filter_hosts_insert(es_host, es_port, username, password): assert(second_response_loaded['aggregations']['2']['buckets'][i]['key'] == 'testing.lme.local') +@pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_user_logon_events_insert(es_host, es_port, username, password): second_response_loaded=insert_winlog_data(es_host, es_port, username, password, 'filter_logonevents.json', 'logonevents.json', 2) diff --git a/testing/tests/api_tests/linux_only/conftest.py b/testing/tests/api_tests/linux_only/conftest.py index 65998f93..81f83395 100644 --- a/testing/tests/api_tests/linux_only/conftest.py +++ b/testing/tests/api_tests/linux_only/conftest.py @@ -33,5 +33,5 @@ def username(): def password(): return os.getenv( "elastic", - os.getenv("ES_PASSWORD", os.getenv("ELASTIC_PASSWORD", "default_password")), + os.getenv("ES_PASSWORD", os.getenv("ELASTIC_PASSWORD", "password1")), ) diff --git a/testing/tests/api_tests/linux_only/test_server.py b/testing/tests/api_tests/linux_only/test_server.py index 9d80b91d..3ef8791f 100644 --- a/testing/tests/api_tests/linux_only/test_server.py +++ b/testing/tests/api_tests/linux_only/test_server.py @@ -34,13 +34,13 @@ def test_elastic_root(es_host, es_port, username, password): assert response.status_code == 200, f"Expected 200, got {response.status_code}" body = response.json() - assert body["name"] == "es01", f"Expected 'es01', got {body['name']}" + assert body["name"] == "lme-elasticsearch", f"Expected 'lme-elasticsearch', got {body['name']}" assert ( - body["cluster_name"] == "loggingmadeeasy-es" - ), f"Expected 'loggingmadeeasy-es', got {body['cluster_name']}" + body["cluster_name"] == "LME" + ), f"Expected 'LME', got {body['cluster_name']}" assert ( - body["version"]["number"] == "8.11.1" - ), f"Expected '8.11.1', got {body['version']['number']}" + body["version"]["number"] == "8.12.2" + ), f"Expected '8.12.2', got {body['version']['number']}" assert ( body["version"]["build_flavor"] == "default" ), f"Expected 'default', got {body['version']['build_flavor']}" @@ -48,8 +48,8 @@ def test_elastic_root(es_host, es_port, username, password): body["version"]["build_type"] == "docker" ), f"Expected 'docker', got {body['version']['build_type']}" assert ( - body["version"]["lucene_version"] == "9.8.0" - ), f"Expected '9.8.0', got {body['version']['lucene_version']}" + body["version"]["lucene_version"] == "9.9.2" + ), f"Expected '9.9.2', got {body['version']['lucene_version']}" assert ( body["version"]["minimum_wire_compatibility_version"] == "7.17.0" ), f"Expected '7.17.0', got {body['version']['minimum_wire_compatibility_version']}" @@ -62,6 +62,7 @@ def test_elastic_root(es_host, es_port, username, password): validate(instance=response.json(), schema=schema) +@pytest.mark.skip(reason="We no longer use winlogbeat. Keeping the test for reference") def test_elastic_indices(es_host, es_port, username, password): url = f"https://{es_host}:{es_port}/_cat/indices/" response = make_request(url, username, password) diff --git a/testing/tests/api_tests/winlogbeat/conftest.py b/testing/tests/api_tests/winlogbeat/conftest.py index 65998f93..81f83395 100644 --- a/testing/tests/api_tests/winlogbeat/conftest.py +++ b/testing/tests/api_tests/winlogbeat/conftest.py @@ -33,5 +33,5 @@ def username(): def password(): return os.getenv( "elastic", - os.getenv("ES_PASSWORD", os.getenv("ELASTIC_PASSWORD", "default_password")), + os.getenv("ES_PASSWORD", os.getenv("ELASTIC_PASSWORD", "password1")), ) diff --git a/testing/tests/api_tests/winlogbeat/test_server.py b/testing/tests/api_tests/winlogbeat/test_server.py index b84c0148..781d3804 100644 --- a/testing/tests/api_tests/winlogbeat/test_server.py +++ b/testing/tests/api_tests/winlogbeat/test_server.py @@ -50,6 +50,7 @@ def test_elastic_mapping(es_host, es_port, username, password): assert static_mapping == response_data, "Mappings Json did not match Expected" +@pytest.mark.skip(reason="We no longer use winlogbeat. Keeping the test for reference") def test_winlogbeat_settings(es_host, es_port, username, password): url = f"https://{es_host}:{es_port}/winlogbeat-*/_settings" response = make_request(url, username, password) @@ -89,7 +90,7 @@ def test_winlogbeat_settings(es_host, es_port, username, password): act_data_fields.sort() == data_fields.sort() ), "Winlogbeats data fields do not match" - +@pytest.mark.skip(reason="We no longer use winlogbeat. Keeping the test for reference") def test_winlogbeat_search(es_host, es_port, username, password): # This test requires DC1 instance in cluster set up otherwise it will fail url = f"https://{es_host}:{es_port}/winlogbeat-*/_search" diff --git a/testing/tests/selenium_tests/cluster/conftest.py b/testing/tests/selenium_tests/cluster/conftest.py index 8b031074..aa8b515c 100644 --- a/testing/tests/selenium_tests/cluster/conftest.py +++ b/testing/tests/selenium_tests/cluster/conftest.py @@ -23,7 +23,7 @@ def kibana_user(): @pytest.fixture(scope="session") def kibana_password(): - return os.getenv("elastic",os.getenv("KIBANA_PASSWORD", "changeme")) + return os.getenv("elastic",os.getenv("KIBANA_PASSWORD", "password1")) @pytest.fixture(scope="session") def kibana_url(kibana_host, kibana_port): diff --git a/testing/tests/selenium_tests/cluster/test_computer_software_overview_dashboard.py b/testing/tests/selenium_tests/cluster/test_computer_software_overview_dashboard.py index 0202208a..507e07e7 100644 --- a/testing/tests/selenium_tests/cluster/test_computer_software_overview_dashboard.py +++ b/testing/tests/selenium_tests/cluster/test_computer_software_overview_dashboard.py @@ -14,10 +14,12 @@ def setup_login(self, driver, login): login() yield driver + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_application_crashing_and_hanging(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Application Crashing and Hanging", ".echChart",".xyChart__empty") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_application_crashing_and_hanging_count(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Application Crashing and Hanging Count", ".tbvChart",".visError") @@ -27,11 +29,13 @@ def test_create_remote_threat_events(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "CreateRemoteThread events", ".tbvChart",".visError") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_filter_hosts(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Filter Hosts", ".tbvChart",".visError") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_processes(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Processes", ".tbvChart",".visError") diff --git a/testing/tests/selenium_tests/cluster/test_health_check_dashboard.py b/testing/tests/selenium_tests/cluster/test_health_check_dashboard.py index 950e2c2c..34414e34 100644 --- a/testing/tests/selenium_tests/cluster/test_health_check_dashboard.py +++ b/testing/tests/selenium_tests/cluster/test_health_check_dashboard.py @@ -14,6 +14,7 @@ def setup_login(self, driver, login): login() yield driver + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_number_of_admins(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Number of Admins", ".expExpressionRenderer",".dummyval") @@ -22,10 +23,12 @@ def test_number_of_admins(self, setup_login, kibana_url, timeout): # If there is no visualization rendered or "No Results found" message is displayed for this panel on dashboard, this test should fail which is correct behavior + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_total_hosts(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Total Hosts", ".visualization",".dummyval") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_events_by_machine(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Events by machine", ".echChart",".euiText") @@ -35,6 +38,7 @@ def test_unexpected_shutdowns(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Unexpected shutdowns", ".echChart",".visError") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_users_seen(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Users seen", ".visualization",".dummyval") diff --git a/testing/tests/selenium_tests/cluster/test_process_explorer_dashboard.py b/testing/tests/selenium_tests/cluster/test_process_explorer_dashboard.py index b85ccb7a..a9dde1fc 100644 --- a/testing/tests/selenium_tests/cluster/test_process_explorer_dashboard.py +++ b/testing/tests/selenium_tests/cluster/test_process_explorer_dashboard.py @@ -26,26 +26,32 @@ def test_files_created_in_downloads(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Files created (in Downloads)", ".euiFlexGroup", ".euiDataGrid__noResults",) + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_hosts(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Hosts", ".tbvChart",".visError") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_process_spawn_event_logs_id1(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Process spawn event logs (Sysmon ID 1)", ".euiDataGrid",".euiDataGrid__noResults") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_process_spawns_over_time(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Process spawns over time", ".echChart",".xyChart__empty") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_processes_created_by_users_over_time(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Processes created by users over time", ".echChart",".xyChart__empty") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_registry_events_sysmon_12_13_14(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Registry events (Sysmon 12, 13, 14)", ".euiDataGrid__focusWrap",".euiDataGrid__noResults") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_users(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Users", ".euiDataGrid__focusWrap",".euiText") diff --git a/testing/tests/selenium_tests/cluster/test_security_dashboard_security_log.py b/testing/tests/selenium_tests/cluster/test_security_dashboard_security_log.py index 7fb229e0..94182b09 100644 --- a/testing/tests/selenium_tests/cluster/test_security_dashboard_security_log.py +++ b/testing/tests/selenium_tests/cluster/test_security_dashboard_security_log.py @@ -14,6 +14,7 @@ def setup_login(self, driver, login): login() yield driver + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_computer_filter_results(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Select a computer to filter the below results. Leave blank for all", ".euiFlexGroup",".dummyval") @@ -28,10 +29,12 @@ def test_logons_with_special_privileges(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Security log - Logons with special privileges assigned - event ID 4672", ".needarealvaluehere",".visError") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_computer_filter(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Select a computername to filter", ".tbvChart",".visError") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_computers_showing_failed_login_attempts_none(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Computers showing failed login attempts - 10 maximum shown", ".echChart",".visError") @@ -43,10 +46,12 @@ def test_credential_sent_as_clear_text_type_8(self, setup_login, kibana_url, tim dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Security log - Credential sent as clear text - Logon type 8", ".needarealvaluehere",".visError") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_failed_logon_and_reason(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Failed logon and reason (status code)", ".echChart",".euiText") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_failed_logons(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Failed Logons", ".unifiedDataTable",".euiDataGrid__noResults") @@ -57,31 +62,37 @@ def test_log_cleared_event_id_1102_or_104(self, setup_login, kibana_url, timeout driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Log Cleared - event ID 1102 or 104", ".needarealvaluehere",".euiDataGrid__noResults") - + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_process_started_with_different_creds(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Security log - Process started with different credentials- event ID 4648 [could be RUNAS, scheduled tasks]", ".euiDataGrid",".euiDataGrid__noResults") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_security_log_events_detail(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Security log events - Detail", ".euiDataGrid",".euiDataGrid__noResults") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_security_log_logon_as_a_service_type_5(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Sercurity log - logon as a service - Logon type 5",".euiDataGrid",".visError") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_security_log_logon_created_logon_type_2(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Security log - Logon created - Logon type 2",".tbvChart",".visError") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_security_log_network_logon_created_type_3(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Security log - network logon created - Logon type 3",".tbvChart",".visError") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_security_log_process_creation_event_id_4688(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Security log - Process creation - event ID 4688",".euiDataGrid",".euiDataGrid__noResults") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_security_log_events(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Security logs events",".visualization", ".dummyval") @@ -89,10 +100,12 @@ def test_security_log_events(self, setup_login, kibana_url, timeout): # This panel should always have a visualization so there should never be no data message displayed. # If there is no visualization rendered or "No Results found" message is displayed for this panel on dashboard, this test should fail which is correct behavior + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_failed_logon_type_codes(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Failed logon type codes",".visualization", ".dummyval") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_failed_logon_status_codes(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Failed logon status codes",".visualization", ".dummyval") \ No newline at end of file diff --git a/testing/tests/selenium_tests/cluster/test_sysmon_summary_dashboard.py b/testing/tests/selenium_tests/cluster/test_sysmon_summary_dashboard.py index a58d3fce..5156141a 100644 --- a/testing/tests/selenium_tests/cluster/test_sysmon_summary_dashboard.py +++ b/testing/tests/selenium_tests/cluster/test_sysmon_summary_dashboard.py @@ -14,11 +14,13 @@ def setup_login(self, driver, login): login() yield driver + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_count_of_sysmon_events_by_event_code(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Count of Sysmon events by event code", ".tbvChart",".visError") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_total_number_of_sysmon_events_found(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Total number of Sysmon events found", ".visualization",".dummyval") @@ -28,19 +30,23 @@ def test_total_number_of_sysmon_events_found(self, setup_login, kibana_url, time + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_percentage_of_sysmon_events_by_event_code(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Percentage of Sysmon events by event code", ".echChart",".euiText") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_sysmon_events(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Sysmon events", ".echChart",".visError") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_top10_hosts_generating_most_sysmon_data(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Top 10 hosts generating the most Sysmon data", ".tbvChart",".visError") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_sysmon_events_code_reference(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Sysmon event code reference", ".visualization",".dummyval") diff --git a/testing/tests/selenium_tests/cluster/test_user_h_r_dashboard.py b/testing/tests/selenium_tests/cluster/test_user_h_r_dashboard.py index 3ecea47a..417595dd 100644 --- a/testing/tests/selenium_tests/cluster/test_user_h_r_dashboard.py +++ b/testing/tests/selenium_tests/cluster/test_user_h_r_dashboard.py @@ -14,51 +14,55 @@ def setup_login(self, driver, login): login() yield driver + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_filter_computers(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Filter Computers", ".echChart",".xyChart__empty") - + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_filter_users(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Filter Users", ".echChart",".xyChart__empty") - #@pytest.mark.skip(reason="Skipping this test") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_inperson_vs_remote_logons(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "In person vs Remote logons", ".echChart",".euiText") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_user_logoff_events(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "User logoff events (correlate to logon events)", ".euiDataGrid",".euiDataGrid__noResults") - #@pytest.mark.skip(reason="Skipping this test") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_user_logon_events(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "User logon events (filter by LogonId)", ".euiDataGrid",".euiDataGrid__noResults") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_select_domain_and_username(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Select domain(s) and username(s)", ".icvContainer",".dummyval") # The arguement ".dummyval" is being used though it is not a valid selector. # This panel should always have a visualization so there should never be no data message displayed. # If there is no visualization rendered or "No Results found" message is displayed for this panel on dashboard, this test should fail which is correct behavior - - #@pytest.mark.skip(reason="Skipping this test") + + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_hr_user_activity_title(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "HR - User activity title", ".visualization",".dummyval") - + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_all_user_events_dayofweek_hourofday(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "All User Events by Day of Week, Hour of Day", ".echChart",".dummyval") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_timestamps_by_count(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Timestamps by Count", ".echChart",".dummyval") - #@pytest.mark.skip(reason="Skipping this test") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_hr_logon_title(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "HR - Logon title", ".visualization",".dummyval") diff --git a/testing/tests/selenium_tests/cluster/test_user_security_dashboard.py b/testing/tests/selenium_tests/cluster/test_user_security_dashboard.py index 2c01faeb..99e135aa 100644 --- a/testing/tests/selenium_tests/cluster/test_user_security_dashboard.py +++ b/testing/tests/selenium_tests/cluster/test_user_security_dashboard.py @@ -14,6 +14,7 @@ def setup_login(self, driver, login): login() yield driver + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_search_users(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Search users", ".visualization",".dummyval") @@ -21,88 +22,109 @@ def test_search_users(self, setup_login, kibana_url, timeout): # This panel should always have a visualization so there should never be no data message displayed. # If there is no visualization rendered or "No Results found" message is displayed for this panel on dashboard, this test should fail which is correct behavior + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_filter_hosts(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Filter hosts", ".tbvChart",".visError") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_search_hosts(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Search hosts", ".visualization",".dummyval") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_filter_users(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Filter users", ".euiDataGrid",".euiText") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_security_logons_title(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Security - Logons Title", ".visualization",".dummyval") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_security_logons_attempts(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Security - Logon attempts", ".visualization",".dummyval") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_security_logons_hosts(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Security - Logon hosts", ".visualization",".dummyval") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_logon_attempts(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Logon attempts", ".echChart",".xyChart__empty") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_logged_on_computers(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Logged on computers", ".echChart",".euiText") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_user_logon_logoff_events(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "User Logon & Logoff Events", ".euiDataGrid",".euiDataGrid__noResults") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_security_network_title(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Security - Network Title", ".visualization",".dummyval") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_all_network_connections(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "All network connections", ".echChart",".xyChart__empty") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_network_connections_from_nonbrowser_processes(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Network connections from non-browser processes", ".tbvChart",".visError") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_network_connections_by_protocol(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Network connection by protocol", ".echChart",".xyChart__empty") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_unusual_network_connections_from_non_browser_processes(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Unusual network connections from non-browser processes", ".tbvChart",".visError") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_network_connection_events(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Network Connection Events (Sysmon ID 3)", ".euiDataGrid",".euiDataGrid__noResults") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_unusual_network_connections_events_sysmonid_3(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Network Connection Events (Sysmon ID 3)", ".euiDataGrid",".euiDataGrid__noResults") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_security_processes_title(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Security - Processes Title", ".visualization",".dummyval") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_spawned_processes(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Spawned Processes", ".euiDataGrid",".euiDataGrid__noResults") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_powershell_events(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Powershell Events", ".visualization",".dummyval") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_powershell_events_over_time(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Powershell events over time", ".echChart",".xyChart__empty") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_powershell_events_by_computer(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Powershell events by computer", ".echChart",".euiText") @@ -119,6 +141,7 @@ def test_powershell_network_connections(self, setup_login, kibana_url, timeout): dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Powershell network connections", ".needarealvaluehere",".euiDataGrid__noResults") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_security_files_title(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Security - Files title", ".visualization",".dummyval") @@ -133,6 +156,7 @@ def test_raw_access_read(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "RawAccessRead (Sysmon Event 9)", ".needarealvaluehere",".euiDataGrid__noResults") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_windows_defender_title(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Security - Windows Defender Title", ".visualization",".dummyval") @@ -143,10 +167,12 @@ def test_av_detections(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "AV Detections (Event 1116)", ".needarealvaluehere",".euiDataGrid__noResults") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_defender_event_count(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "Defender event count", ".visualization",".dummyval") + @pytest.mark.skip(reason="This test is for reference to use in 2.0") def test_av_hits_count(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_test_function(driver, kibana_url, timeout, self.dashboard_id, "AV Hits (Count)", ".visualization",".dummyval") diff --git a/testing/tests/selenium_tests/linux_only/conftest.py b/testing/tests/selenium_tests/linux_only/conftest.py index 52bd88fc..792722c6 100644 --- a/testing/tests/selenium_tests/linux_only/conftest.py +++ b/testing/tests/selenium_tests/linux_only/conftest.py @@ -23,7 +23,7 @@ def kibana_user(): @pytest.fixture(scope="session") def kibana_password(): - return os.getenv("elastic",os.getenv("KIBANA_PASSWORD", "changeme")) + return os.getenv("elastic",os.getenv("KIBANA_PASSWORD", "password1")) @pytest.fixture(scope="session") def kibana_url(kibana_host, kibana_port): diff --git a/testing/tests/selenium_tests/linux_only/test_basic_loading.py b/testing/tests/selenium_tests/linux_only/test_basic_loading.py index bf301df5..b490a209 100644 --- a/testing/tests/selenium_tests/linux_only/test_basic_loading.py +++ b/testing/tests/selenium_tests/linux_only/test_basic_loading.py @@ -17,6 +17,7 @@ def setup_login(self, driver, login): # driver.quit() # Clean up the browser (driver) here + @pytest.mark.skip(reason="This test isn't working for 2.0 yet") def test_title(self, setup_login, kibana_url, timeout): driver = setup_login driver.get(f"{kibana_url}/app/dashboards") @@ -25,6 +26,7 @@ def test_title(self, setup_login, kibana_url, timeout): WebDriverWait(driver, timeout).until(expected_cond) assert driver.title == "Dashboards - Elastic" + @pytest.mark.skip(reason="This test isn't working for 2.0 yet") def test_dashboard_menu(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_id = "e5f203f0-6182-11ee-b035-d5f231e90733" diff --git a/testing/tests/selenium_tests/linux_only/test_computer_software_overview_dashboard_lo.py b/testing/tests/selenium_tests/linux_only/test_computer_software_overview_dashboard_lo.py index 000f901f..c69e98e9 100644 --- a/testing/tests/selenium_tests/linux_only/test_computer_software_overview_dashboard_lo.py +++ b/testing/tests/selenium_tests/linux_only/test_computer_software_overview_dashboard_lo.py @@ -11,6 +11,7 @@ def setup_login(self, driver, login): login() yield driver + @pytest.mark.skip(reason="This test isn't working for 2.0 yet") def test_dashboard_menu(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_id = "33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12" @@ -24,6 +25,7 @@ def test_dashboard_menu(self, setup_login, kibana_url, timeout): panel = driver.find_element(By.CSS_SELECTOR, selector) assert "No results found" not in panel.get_attribute("innerHTML") + @pytest.mark.skip(reason="This test isn't working for 2.0 yet") def test_host_count(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_id = "33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12" diff --git a/testing/tests/selenium_tests/linux_only/test_health_check_dashboard_lo.py b/testing/tests/selenium_tests/linux_only/test_health_check_dashboard_lo.py index cf630b83..f6dcde61 100644 --- a/testing/tests/selenium_tests/linux_only/test_health_check_dashboard_lo.py +++ b/testing/tests/selenium_tests/linux_only/test_health_check_dashboard_lo.py @@ -11,6 +11,7 @@ def setup_login(self, driver, login): login() yield driver + @pytest.mark.skip(reason="This test isn't working for 2.0 yet") def test_users_seen(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_id = "51fe1470-fa59-11e9-bf25-8f92ffa3e3ec" diff --git a/testing/tests/selenium_tests/linux_only/test_security_dashboard_security_log_lo.py b/testing/tests/selenium_tests/linux_only/test_security_dashboard_security_log_lo.py index 4f56dca4..8427c3a3 100644 --- a/testing/tests/selenium_tests/linux_only/test_security_dashboard_security_log_lo.py +++ b/testing/tests/selenium_tests/linux_only/test_security_dashboard_security_log_lo.py @@ -11,6 +11,7 @@ def setup_login(self, driver, login): login() yield driver + @pytest.mark.skip(reason="This test isn't working for 2.0 yet") def test_security_log_events(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_id = "51186cd0-e8e9-11e9-9070-f78ae052729a" @@ -24,6 +25,7 @@ def test_security_log_events(self, setup_login, kibana_url, timeout): panel = driver.find_element(By.CSS_SELECTOR, selector) assert "No results found" not in panel.get_attribute("innerHTML") + @pytest.mark.skip(reason="This test isn't working for 2.0 yet") def test_failed_logon_attempts(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_id = "51186cd0-e8e9-11e9-9070-f78ae052729a" @@ -37,6 +39,7 @@ def test_failed_logon_attempts(self, setup_login, kibana_url, timeout): panel = driver.find_element(By.CSS_SELECTOR, selector) assert "No results found" not in panel.get_attribute("innerHTML") + @pytest.mark.skip(reason="This test isn't working for 2.0 yet") def test_failed_logons_type_codes(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_id = "51186cd0-e8e9-11e9-9070-f78ae052729a" @@ -50,6 +53,7 @@ def test_failed_logons_type_codes(self, setup_login, kibana_url, timeout): panel = driver.find_element(By.CSS_SELECTOR, selector) assert "No results found" not in panel.get_attribute("innerHTML") + @pytest.mark.skip(reason="This test isn't working for 2.0 yet") def test_failed_logon_status_codes(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_id = "51186cd0-e8e9-11e9-9070-f78ae052729a" diff --git a/testing/tests/selenium_tests/linux_only/test_sysmon_summary_dashboard_lo.py b/testing/tests/selenium_tests/linux_only/test_sysmon_summary_dashboard_lo.py index 443d0bf1..61493723 100644 --- a/testing/tests/selenium_tests/linux_only/test_sysmon_summary_dashboard_lo.py +++ b/testing/tests/selenium_tests/linux_only/test_sysmon_summary_dashboard_lo.py @@ -11,6 +11,7 @@ def setup_login(self, driver, login): login() yield driver + @pytest.mark.skip(reason="This test isn't working for 2.0 yet") def test_total_number_of_sysmon_events_found(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_id = "d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed" @@ -24,6 +25,7 @@ def test_total_number_of_sysmon_events_found(self, setup_login, kibana_url, time panel = driver.find_element(By.CSS_SELECTOR, selector) assert "No results found" not in panel.get_attribute("innerHTML") + @pytest.mark.skip(reason="This test isn't working for 2.0 yet") def test_sysmon_event_code_reference(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_id = "d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed" diff --git a/testing/tests/selenium_tests/linux_only/test_user_h_r_dashboard_lo.py b/testing/tests/selenium_tests/linux_only/test_user_h_r_dashboard_lo.py index 778a21f7..d3ee7131 100644 --- a/testing/tests/selenium_tests/linux_only/test_user_h_r_dashboard_lo.py +++ b/testing/tests/selenium_tests/linux_only/test_user_h_r_dashboard_lo.py @@ -23,6 +23,7 @@ def test_dashboard_menu(self, setup_login, kibana_url, timeout): panel = driver.find_element(By.CSS_SELECTOR, selector) assert "No results found" not in panel.get_attribute("innerHTML") + @pytest.mark.skip(reason="This test isn't working for 2.0 yet") def test_domains_and_usernames(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_id = "618bc5d0-84f8-11ee-9838-ff0db128d8b2" @@ -36,6 +37,7 @@ def test_domains_and_usernames(self, setup_login, kibana_url, timeout): panel = driver.find_element(By.CSS_SELECTOR, selector) assert "No results found" not in panel.get_attribute("innerHTML") + @pytest.mark.skip(reason="This test isn't working for 2.0 yet") def test_all_user_events(self, driver, setup_login, kibana_url, timeout): driver = setup_login dashboard_id = "618bc5d0-84f8-11ee-9838-ff0db128d8b2" @@ -49,6 +51,7 @@ def test_all_user_events(self, driver, setup_login, kibana_url, timeout): panel = driver.find_element(By.CSS_SELECTOR, selector) assert "No results found" not in panel.get_attribute("innerHTML") + @pytest.mark.skip(reason="This test isn't working for 2.0 yet") def test_timestamps_by_count(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_id = "618bc5d0-84f8-11ee-9838-ff0db128d8b2" @@ -63,6 +66,7 @@ def test_timestamps_by_count(self, setup_login, kibana_url, timeout): assert "No results found" not in panel.get_attribute("innerHTML") + @pytest.mark.skip(reason="This test isn't working for 2.0 yet") def test_dashboard_menu(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_id = "51186cd0-e8e9-11e9-9070-f78ae052729a" diff --git a/testing/tests/selenium_tests/linux_only/test_user_security_dashboard_lo.py b/testing/tests/selenium_tests/linux_only/test_user_security_dashboard_lo.py index 83d676fe..0483fd7a 100644 --- a/testing/tests/selenium_tests/linux_only/test_user_security_dashboard_lo.py +++ b/testing/tests/selenium_tests/linux_only/test_user_security_dashboard_lo.py @@ -11,6 +11,7 @@ def setup_login(self, driver, login): login() yield driver + @pytest.mark.skip(reason="This test isn't working for 2.0 yet") def test_search_users(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_id = "e5f203f0-6182-11ee-b035-d5f231e90733" @@ -24,6 +25,7 @@ def test_search_users(self, setup_login, kibana_url, timeout): panel = driver.find_element(By.CSS_SELECTOR, selector) assert "No results found" not in panel.get_attribute("innerHTML") + @pytest.mark.skip(reason="This test isn't working for 2.0 yet") def test_search_hosts(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_id = "e5f203f0-6182-11ee-b035-d5f231e90733" @@ -37,6 +39,7 @@ def test_search_hosts(self, setup_login, kibana_url, timeout): panel = driver.find_element(By.CSS_SELECTOR, selector) assert "No results found" not in panel.get_attribute("innerHTML") + @pytest.mark.skip(reason="This test isn't working for 2.0 yet") def test_security_logon_attempts(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_id = "e5f203f0-6182-11ee-b035-d5f231e90733" @@ -50,6 +53,7 @@ def test_security_logon_attempts(self, setup_login, kibana_url, timeout): panel = driver.find_element(By.CSS_SELECTOR, selector) assert "No results found" not in panel.get_attribute("innerHTML") + @pytest.mark.skip(reason="This test isn't working for 2.0 yet") def test_security_logon_hosts(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_id = "e5f203f0-6182-11ee-b035-d5f231e90733" @@ -63,6 +67,7 @@ def test_security_logon_hosts(self, setup_login, kibana_url, timeout): panel = driver.find_element(By.CSS_SELECTOR, selector) assert "No results found" not in panel.get_attribute("innerHTML") + @pytest.mark.skip(reason="This test isn't working for 2.0 yet") def test_av_hits(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_id = "e5f203f0-6182-11ee-b035-d5f231e90733" @@ -76,6 +81,7 @@ def test_av_hits(self, setup_login, kibana_url, timeout): panel = driver.find_element(By.CSS_SELECTOR, selector) assert "No results found" not in panel.get_attribute("innerHTML") + @pytest.mark.skip(reason="This test isn't working for 2.0 yet") def test_defender_event_count(self, setup_login, kibana_url, timeout): driver = setup_login dashboard_id = "e5f203f0-6182-11ee-b035-d5f231e90733" diff --git a/testing/v2/development/Dockerfile b/testing/v2/development/Dockerfile index 9402c73e..7fd4c41f 100644 --- a/testing/v2/development/Dockerfile +++ b/testing/v2/development/Dockerfile @@ -1,13 +1,40 @@ -# Use Ubuntu 22.04 as base image -FROM ubuntu:22.04 +# Base stage with common dependencies +FROM ubuntu:22.04 AS base ARG USER_ID=1001 ARG GROUP_ID=1001 -# Set environment variable to avoid interactive dialogues during build ENV DEBIAN_FRONTEND=noninteractive -# Install necessary APT packages including Python and pip -RUN apt-get update && apt-get install -y \ +RUN apt-get update && apt-get install -y --no-install-recommends \ + locales \ + ca-certificates \ + sudo \ + sshpass \ + openssh-client \ + && locale-gen en_US.UTF-8 \ + && update-locale LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +ENV LANG=en_US.UTF-8 \ + LANGUAGE=en_US:en \ + LC_ALL=en_US.UTF-8 + +RUN groupadd -g $GROUP_ID lme-user \ + && useradd -m -u $USER_ID -g lme-user --badnames lme-user \ + && usermod -aG sudo lme-user + +RUN echo "lme-user ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers + +ENV BASE_DIR=/home/lme-user +WORKDIR $BASE_DIR + +# Ubuntu stage with full dependencies +FROM base AS ubuntu + +RUN apt-get update && apt-get install -y --no-install-recommends \ + systemd \ + systemd-sysv \ lsb-release \ python3 \ python3-venv \ @@ -16,7 +43,6 @@ RUN apt-get update && apt-get install -y \ git \ curl \ wget \ - sudo \ cron \ freerdp2-x11 \ pkg-config \ @@ -24,41 +50,46 @@ RUN apt-get update && apt-get install -y \ libdbus-1-dev \ distro-info \ libgirepository1.0-dev \ + ansible \ && wget -q "https://packages.microsoft.com/config/ubuntu/$(lsb_release -rs)/packages-microsoft-prod.deb" \ && dpkg -i packages-microsoft-prod.deb \ && apt-get update \ && apt-get install -y powershell \ - && rm -rf /var/lib/apt/lists/* \ && curl -sL https://aka.ms/InstallAzureCLIDeb | bash \ && wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb \ && apt install -y ./google-chrome-stable_current_amd64.deb \ && rm -rf google-chrome-stable_current_amd64.deb \ - && sudo apt-get install -f \ - && apt-get clean + && apt-get install -f \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* -# Install Ansible -RUN python3 -m pip install --upgrade pip \ - && python3 -m pip install ansible +# Configure systemd +RUN cd /lib/systemd/system/sysinit.target.wants/ && \ + ls | grep -v systemd-tmpfiles-setup | xargs rm -f $1 && \ + rm -f /lib/systemd/system/multi-user.target.wants/* && \ + rm -f /etc/systemd/system/*.wants/* && \ + rm -f /lib/systemd/system/local-fs.target.wants/* && \ + rm -f /lib/systemd/system/sockets.target.wants/*udev* && \ + rm -f /lib/systemd/system/sockets.target.wants/*initctl* && \ + rm -f /lib/systemd/system/basic.target.wants/* && \ + rm -f /lib/systemd/system/anaconda.target.wants/* && \ + mkdir -p /etc/systemd/system/systemd-logind.service.d && \ + echo -e "[Service]\nProtectHostname=no" > /etc/systemd/system/systemd-logind.service.d/override.conf -# Create a user and group 'admin.ackbar' with GID 1001 -RUN groupadd -g $GROUP_ID admin.ackbar \ - && useradd -m -u $USER_ID -g admin.ackbar --badnames admin.ackbar \ - && usermod -aG sudo admin.ackbar +CMD ["/lib/systemd/systemd"] -# Allow 'admin.ackbar' user to run sudo commands without a password -RUN echo "admin.ackbar ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers +# Pipeline stage with minimal dependencies +FROM base AS pipeline -# Define the base directory as an environment variable -ENV BASE_DIR=/home/admin.ackbar/LME - -# Set work directory -WORKDIR $BASE_DIR - -# Change to non-root privilege -# USER admin.ackbar - -# Set timezone (optional) -ENV TZ=America/New_York +RUN apt-get update && apt-get install -y --no-install-recommends \ + python3 \ + python3-pip \ + python3.10-venv \ + openssh-client \ + curl \ + && curl -sL https://aka.ms/InstallAzureCLIDeb | bash \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* -# Keep the container running (This can be replaced by your application's main process) -CMD ["tail", "-f", "/dev/null"] \ No newline at end of file +USER lme-user +CMD ["sleep", "infinity"] \ No newline at end of file diff --git a/testing/v2/development/docker-compose.yml b/testing/v2/development/docker-compose.yml index 5daf5757..e07b80e3 100644 --- a/testing/v2/development/docker-compose.yml +++ b/testing/v2/development/docker-compose.yml @@ -1,26 +1,50 @@ -# Docker Compose file for setting up development environment for LME project. -# -# This file defines two services: -# 1. ubuntu: -# - Builds an Ubuntu container with the specified USER_ID and GROUP_ID arguments. -# - Mounts the parent directory to /lme in the container, allowing access to the LME project. -# - Sets the container name to "v2_ubuntu". -# - Sets the user to the specified HOST_UID and HOST_GID. -# - Runs the command "sleep infinity" to keep the container running indefinitely. -# - version: '3.8' services: ubuntu: build: context: . + dockerfile: Dockerfile + target: ubuntu args: USER_ID: "${HOST_UID:-1001}" GROUP_ID: "${HOST_GID:-1001}" container_name: v2_ubuntu + working_dir: /root + volumes: + - ../../../../LME:/root/LME + - /sys/fs/cgroup:/sys/fs/cgroup:rw + cap_add: + - SYS_ADMIN + - NET_ADMIN + - SYS_PTRACE + security_opt: + - seccomp:unconfined + privileged: true + stop_signal: SIGRTMIN+3 + tmpfs: + - /tmp + - /run + - /run/lock + environment: + - PODMAN_IGNORE_CGROUPSV1_WARNING=1 + - LANG=en_US.UTF-8 + - LANGUAGE=en_US:en + - LC_ALL=en_US.UTF-8 + command: ["/lib/systemd/systemd"] + + pipeline: + build: + context: . + dockerfile: Dockerfile + target: pipeline + args: + USER_ID: "${HOST_UID:-1001}" + GROUP_ID: "${HOST_GID:-1001}" user: "${HOST_UID:-1001}:${HOST_GID:-1001}" + working_dir: /home/lme-user volumes: - - ../../../../LME/:/lme - command: sleep infinity - \ No newline at end of file + - ../../../../LME:/home/lme-user/LME + environment: + - HOME=/home/lme-user + command: sleep infinity \ No newline at end of file diff --git a/testing/v2/installers/azure/build_azure_linux_network.md b/testing/v2/installers/azure/README.md similarity index 98% rename from testing/v2/installers/azure/build_azure_linux_network.md rename to testing/v2/installers/azure/README.md index af8f84ab..12cef738 100644 --- a/testing/v2/installers/azure/build_azure_linux_network.md +++ b/testing/v2/installers/azure/README.md @@ -64,25 +64,26 @@ If these environment variables are set, the script will use them for authenticat 4. Activate the virtual environment: - - For Windows: + - For macOS and Linux: ``` - venv\Scripts\activate + source venv/bin/activate ``` - - For macOS and Linux: + - For Windows: ``` - source venv/bin/activate + venv\Scripts\activate ``` + You should see `(venv)` prefixed to your terminal prompt, indicating that the virtual environment is active. 5. Install the required packages by running the following command: ``` - pip install -r build_azure_linux_network_requirements.txt + pip install -r requirements.txt ``` - This will install all the necessary packages listed in the `build_azure_linux_network_requirements.txt` file. + This will install all the necessary packages listed in the `requirements.txt` file. ## Running the Script diff --git a/testing/v2/installers/azure/build_azure_linux_network.py b/testing/v2/installers/azure/build_azure_linux_network.py index 559397ef..cfd4556b 100755 --- a/testing/v2/installers/azure/build_azure_linux_network.py +++ b/testing/v2/installers/azure/build_azure_linux_network.py @@ -18,19 +18,18 @@ def generate_password(length=12): uppercase_letters = string.ascii_uppercase lowercase_letters = string.ascii_lowercase digits = string.digits - special_chars = string.punctuation + # special_chars = string.punctuation # Generate the password password = [] password.append(random.choice(uppercase_letters)) password.append(random.choice(lowercase_letters)) password.append(random.choice(digits)) - password.append(random.choice(special_chars)) + #password.append(random.choice(special_chars)) # Generate the remaining characters remaining_length = length - 4 - remaining_chars = uppercase_letters + lowercase_letters + digits \ - + special_chars + remaining_chars = uppercase_letters + lowercase_letters + digits password.extend(random.choices(remaining_chars, k=remaining_length)) # Shuffle the password characters randomly @@ -401,7 +400,7 @@ def main( "os_profile": { "computer_name": f"{machine_name}", "admin_username": vm_admin, - "admin_password": vm_password, + "admin_password": f"{vm_password}", }, "network_profile": { "network_interfaces": [ diff --git a/testing/v2/installers/azure/build_azure_linux_network_requirements.txt b/testing/v2/installers/azure/requirements.txt similarity index 100% rename from testing/v2/installers/azure/build_azure_linux_network_requirements.txt rename to testing/v2/installers/azure/requirements.txt diff --git a/testing/v2/installers/install_v2/install.sh b/testing/v2/installers/install_v2/install.sh index 5921e957..323b0c84 100755 --- a/testing/v2/installers/install_v2/install.sh +++ b/testing/v2/installers/install_v2/install.sh @@ -27,16 +27,61 @@ cd "$SCRIPT_DIR/.." ./lib/copy_ssh_key.sh $user $hostname $password_file echo "Installing ansible" -ssh -o StrictHostKeyChecking=no $user@$hostname 'sudo apt-get update && sudo apt-get -y install ansible' +ssh -o StrictHostKeyChecking=no $user@$hostname 'sudo apt-get update && sudo apt-get -y install ansible python3-pip python3.10-venv git' - -# Need to set up so we can checkout a particular branch or pull down a release echo "Checking out code" -ssh -o StrictHostKeyChecking=no $user@$hostname "cd ~ && rm -rf LME && git clone https://github.com/cisagov/LME.git && cd LME && git checkout -t origin/${branch}" +ssh -o StrictHostKeyChecking=no $user@$hostname "cd ~ && rm -rf LME && git clone https://github.com/cisagov/LME.git && cd LME && git checkout -t origin/${branch}" echo "Code cloned to $HOME/LME" +echo "Setting config file" +ssh -o StrictHostKeyChecking=no $user@$hostname << EOF + cd ~/LME + cp config/example.env config/lme-environment.env + . testing/v2/installers/lib/capture_ip.sh + ./testing/v2/installers/lib/replace_home_in_config.sh +EOF + echo "Running ansible installer" -ssh -o StrictHostKeyChecking=no $user@$hostname "cd ~/LME && cp config/example.env config/lme-environment.env && ansible-playbook scripts/install_lme_local.yml" +ssh -o StrictHostKeyChecking=no $user@$hostname "cd ~/LME && ansible-playbook scripts/install_lme_local.yml" + +echo "Waiting for Kibana and Elasticsearch to start..." + +# Wait for services to start +max_attempts=30 +attempt=0 +while [ $attempt -lt $max_attempts ]; do + if ssh -o StrictHostKeyChecking=no $user@$hostname bash << EOF + source /opt/lme/lme-environment.env + check_service() { + local url=\$1 + local auth=\$2 + curl -k -s -o /dev/null -w '%{http_code}' --insecure -u "\${auth}" "\${url}" | grep -q '200' + } + check_service "https://\${IPVAR}:9200" "\${ELASTIC_USERNAME}:\${ELASTICSEARCH_PASSWORD}" && \ + check_service "\${LOCAL_KBN_URL}" "\${ELASTIC_USERNAME}:\${ELASTICSEARCH_PASSWORD}" +EOF + then + echo "Both Elasticsearch and Kibana are up!" + break + fi + attempt=$((attempt+1)) + echo "Attempt $attempt/$max_attempts: Services not ready yet. Waiting 10 seconds..." + sleep 10 +done + +if [ $attempt -eq $max_attempts ]; then + echo "Timeout: Services did not start within the expected time." + exit 1 +fi + +echo "Running check-fleet script" +ssh -o StrictHostKeyChecking=no $user@$hostname ". ~/.bashrc && cd ~/LME && ./testing/v2/installers/lib/check_fleet.sh" + +echo "Running set-fleet script" +ssh -o StrictHostKeyChecking=no $user@$hostname ". ~/.bashrc && cd ~/LME && ./scripts/set-fleet.sh" + + +echo "Installation and configuration completed successfully." # Change back to the original directory -cd "$ORIGINAL_DIR" +cd "$ORIGINAL_DIR" \ No newline at end of file diff --git a/testing/v2/installers/lib/capture_ip.sh b/testing/v2/installers/lib/capture_ip.sh new file mode 100755 index 00000000..463c7980 --- /dev/null +++ b/testing/v2/installers/lib/capture_ip.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +# Capture the IP address of eth0 +IP0=$(ip -4 addr show eth0 | grep -oP '(?<=inet\s)\d+(\.\d+){3}') + +# Check if the IP was successfully captured +if [ -n "$IP0" ]; then + echo $IP0 + export IP0 +else + echo "Failed to capture eth0 IP address" + exit 1 +fi diff --git a/testing/v2/installers/lib/check_agent_reporting.sh b/testing/v2/installers/lib/check_agent_reporting.sh new file mode 100755 index 00000000..e19fd017 --- /dev/null +++ b/testing/v2/installers/lib/check_agent_reporting.sh @@ -0,0 +1,66 @@ +#!/usr/bin/env bash + +# Function to handle errors +handle_error() { + echo "Error: $1" >&2 + exit 1 +} + +# Run the curl command and capture the output +output=$(curl -k -s -X GET "https://localhost:9200/.ds-metrics-system.cpu-default-*/_search" \ + -H 'Content-Type: application/json' \ + -H "kbn-xsrf: true" \ + -u elastic:password1 \ + -d '{ + "query": { + "bool": { + "must": [ + { + "term": { + "host.name": "ubuntu-vm" + } + }, + { + "term": { + "event.module": "system" + } + }, + { + "term": { + "event.dataset": "system.cpu" + } + } + ] + } + }, + "sort": [ + { + "@timestamp": { + "order": "desc" + } + } + ], + "size": 1 +}') || handle_error "Failed to connect to Elasticsearch" + +# Check if the output is valid JSON +if ! echo "$output" | jq . >/dev/null 2>&1; then + handle_error "Invalid JSON response from Elasticsearch" +fi + +# Extract the hit count +hit_count=$(echo "$output" | jq '.hits.total.value') + +# Check if hit_count is a number +if ! [[ "$hit_count" =~ ^[0-9]+$ ]]; then + handle_error "Unexpected response format" +fi + +# Check the hit count and exit accordingly +if [ "$hit_count" -gt 0 ]; then + echo "ubuntu-vm is reporting" + exit 0 +else + echo "No recent data from ubuntu-vm" + exit 1 +fi diff --git a/testing/v2/installers/lib/check_fleet.sh b/testing/v2/installers/lib/check_fleet.sh new file mode 100755 index 00000000..953273d5 --- /dev/null +++ b/testing/v2/installers/lib/check_fleet.sh @@ -0,0 +1,42 @@ +#!/usr/bin/env bash + +set -e +#set -x + +echo "LME Diagnostic Script" +echo "=====================" + +# ... [previous parts of the script remain unchanged] ... + +# 8. Check Elasticsearch logs +echo "Checking Elasticsearch logs (last 20 lines)..." +if /nix/var/nix/profiles/default/bin/podman logs lme-elasticsearch 2>/dev/null | tail -n 20; then + echo "Elasticsearch logs retrieved successfully." +else + echo "Error retrieving Elasticsearch logs. Check if the container is running." +fi + +# 9. Check Kibana logs +echo "Checking Kibana logs (last 20 lines)..." +if /nix/var/nix/profiles/default/bin/podman logs lme-kibana 2>/dev/null | tail -n 20; then + echo "Kibana logs retrieved successfully." +else + echo "Error retrieving Kibana logs. Check if the container is running." +fi + +# 10. Check locale settings +echo "Checking locale settings..." +locale +echo "LANG=$LANG" +echo "LANGUAGE=$LANGUAGE" +echo "LC_ALL=$LC_ALL" + +# 11. Check if locale-gen is available and list available locales +echo "Checking available locales..." +if command -v locale-gen > /dev/null; then + locale -a +else + echo "locale-gen command not found. Unable to list available locales." +fi + +echo "Diagnostic script completed." \ No newline at end of file diff --git a/testing/v2/installers/lib/copy_ssh_key.sh b/testing/v2/installers/lib/copy_ssh_key.sh index f1f7a36e..8392de67 100755 --- a/testing/v2/installers/lib/copy_ssh_key.sh +++ b/testing/v2/installers/lib/copy_ssh_key.sh @@ -22,8 +22,10 @@ ssh_key_path="$HOME/.ssh/id_rsa" # Generate an SSH key non-interactively if it doesn't exist if [ ! -f "$ssh_key_path" ]; then - ssh-keygen -t rsa -N "" -f "$ssh_key_path" <</dev/null 2>&1 + echo "Generating SSH key..." + ssh-keygen -t rsa -N "" -f "$ssh_key_path" <<< y fi + echo password_file $password_file ssh_key_path $ssh_key_path ls $password_file ls $ssh_key_path diff --git a/testing/v2/installers/lib/get_ip_of_machine.sh b/testing/v2/installers/lib/get_ip_of_machine.sh new file mode 100755 index 00000000..350de841 --- /dev/null +++ b/testing/v2/installers/lib/get_ip_of_machine.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +VM_NAME="$1" +MAX_ATTEMPTS=30 +SLEEP_INTERVAL=10 + +get_ip() { + /opt/minimega/bin/minimega -e .json true .filter name="$VM_NAME" vm info | jq -r '.[].Data[].Networks[].IP4' +} + +echo "Waiting for IP assignment for VM: $VM_NAME" >&2 + +for ((i=1; i<=MAX_ATTEMPTS; i++)); do + IP=$(get_ip) + + if [[ -n "$IP" && "$IP" != "null" ]]; then + echo $IP + exit 0 + fi + + echo "Attempt $i: No IP assigned yet. Waiting $SLEEP_INTERVAL seconds..." >&2 + sleep $SLEEP_INTERVAL +done + +echo "Timeout: Failed to get IP for $VM_NAME after $MAX_ATTEMPTS attempts." >&2 +exit 1 \ No newline at end of file diff --git a/testing/v2/installers/lib/install_agent_linux.sh b/testing/v2/installers/lib/install_agent_linux.sh new file mode 100755 index 00000000..081abf10 --- /dev/null +++ b/testing/v2/installers/lib/install_agent_linux.sh @@ -0,0 +1,60 @@ +#!/usr/bin/env bash + +# Default values +VERSION="8.12.2" +ARCHITECTURE="linux-x86_64" +IP="10.1.0.5" +PORT="8220" +ENROLLMENT_TOKEN="" + +# Parse command line arguments +while [[ $# -gt 0 ]]; do + case $1 in + --version) + VERSION="$2" + shift 2 + ;; + --arch) + ARCHITECTURE="$2" + shift 2 + ;; + --ip) + IP="$2" + shift 2 + ;; + --port) + PORT="$2" + shift 2 + ;; + --token) + ENROLLMENT_TOKEN="$2" + shift 2 + ;; + *) + echo "Unknown option: $1" + exit 1 + ;; + esac +done + +# Download Elastic Agent +curl -L -s -O "https://artifacts.elastic.co/downloads/beats/elastic-agent/elastic-agent-${VERSION}-${ARCHITECTURE}.tar.gz" + +# Extract the archive +tar xzf "elastic-agent-${VERSION}-${ARCHITECTURE}.tar.gz" + +# Change to the extracted directory +cd "elastic-agent-${VERSION}-${ARCHITECTURE}" + +# Install Elastic Agent with automatic "yes" response +sudo ./elastic-agent install --non-interactive + +# Enroll the Elastic Agent. The previous install wasn't setting the variables right. +sudo /opt/Elastic/Agent/elastic-agent enroll -f --insecure --url=https://${IP}:$PORT --enrollment-token="${ENROLLMENT_TOKEN}" + +# Restart the agent service +sudo service elastic-agent restart + +# Remove the downloaded archive +cd .. +rm -f "elastic-agent-${VERSION}-${ARCHITECTURE}.tar.gz" diff --git a/testing/v2/installers/lib/replace_home_in_config.sh b/testing/v2/installers/lib/replace_home_in_config.sh new file mode 100755 index 00000000..d763e9f9 --- /dev/null +++ b/testing/v2/installers/lib/replace_home_in_config.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +# Check if IP0 is set +if [ -z "$IP0" ]; then + echo "Error: IP0 is not set. Please set it before running this script." + exit 1 +fi + +# Check if the file exists +ENV_FILE="config/lme-environment.env" +if [ ! -f "$ENV_FILE" ]; then + echo "Error: $ENV_FILE does not exist." + exit 1 +fi + +# Perform the substitutions +sed -i \ + -e "s/IPVAR=127.0.0.1/IPVAR=$IP0/" \ + -e "s|LOCAL_KBN_URL=https://127.0.0.1:5601|LOCAL_KBN_URL=https://$IP0:5601|" \ + -e "s|LOCAL_ES_URL=https://127.0.0.1:9200|LOCAL_ES_URL=https://$IP0:9200|" \ + "$ENV_FILE" + +echo "Substitutions completed in $ENV_FILE" + +# Optional: Display the changed lines +echo "Changed lines:" +grep -E "IPVAR=|LOCAL_KBN_URL=|LOCAL_ES_URL=" "$ENV_FILE" \ No newline at end of file From ead411dc5aec0fe207a20fffd226f23bb27ba13d Mon Sep 17 00:00:00 2001 From: rishagg01 <149525835+rishagg01@users.noreply.github.com> Date: Wed, 9 Oct 2024 12:16:55 -0400 Subject: [PATCH 05/19] Upgrade API tests for Release 2 (#465) * Upgraded API & Sel tests over Rel 2 pipeline * Updated API tests for Rel 2 --- testing/tests/api_tests/cluster/__init__.py | 0 testing/tests/api_tests/cluster/conftest.py | 37 +++++++++ .../api_tests/cluster/queries/hostsearch.json | 31 ++++++++ .../tests/api_tests/cluster/test_server.py | 58 ++++++++++++++ .../tests/api_tests/linux_only/test_server.py | 76 +++++++++++-------- .../tests/api_tests/winlogbeat/test_server.py | 60 ++++++++++----- 6 files changed, 208 insertions(+), 54 deletions(-) create mode 100644 testing/tests/api_tests/cluster/__init__.py create mode 100644 testing/tests/api_tests/cluster/conftest.py create mode 100644 testing/tests/api_tests/cluster/queries/hostsearch.json create mode 100644 testing/tests/api_tests/cluster/test_server.py diff --git a/testing/tests/api_tests/cluster/__init__.py b/testing/tests/api_tests/cluster/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/testing/tests/api_tests/cluster/conftest.py b/testing/tests/api_tests/cluster/conftest.py new file mode 100644 index 00000000..81f83395 --- /dev/null +++ b/testing/tests/api_tests/cluster/conftest.py @@ -0,0 +1,37 @@ +# conftest.py + +import os +import warnings +import pytest +import urllib3 + +# Disable SSL warnings +urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) + + +@pytest.fixture(autouse=True) +def suppress_insecure_request_warning(): + warnings.simplefilter("ignore", urllib3.exceptions.InsecureRequestWarning) + + +@pytest.fixture +def es_host(): + return os.getenv("ES_HOST", os.getenv("ELASTIC_HOST", "localhost")) + + +@pytest.fixture +def es_port(): + return os.getenv("ES_PORT", os.getenv("ELASTIC_PORT", "9200")) + + +@pytest.fixture +def username(): + return os.getenv("ES_USERNAME", os.getenv("ELASTIC_USERNAME", "elastic")) + + +@pytest.fixture +def password(): + return os.getenv( + "elastic", + os.getenv("ES_PASSWORD", os.getenv("ELASTIC_PASSWORD", "password1")), + ) diff --git a/testing/tests/api_tests/cluster/queries/hostsearch.json b/testing/tests/api_tests/cluster/queries/hostsearch.json new file mode 100644 index 00000000..d9a99d5d --- /dev/null +++ b/testing/tests/api_tests/cluster/queries/hostsearch.json @@ -0,0 +1,31 @@ +{ + "query": { + "bool": { + "must": [ + { + "term": { + "host.name": "ubuntu-vm" + } + }, + { + "term": { + "event.module": "system" + } + }, + { + "term": { + "event.dataset": "system.cpu" + } + } + ] + } + }, + "sort": [ + { + "@timestamp": { + "order": "desc" + } + } + ], + "size": 1 + } \ No newline at end of file diff --git a/testing/tests/api_tests/cluster/test_server.py b/testing/tests/api_tests/cluster/test_server.py new file mode 100644 index 00000000..42084c48 --- /dev/null +++ b/testing/tests/api_tests/cluster/test_server.py @@ -0,0 +1,58 @@ +import json +import warnings + +import pytest +from jsonschema import validate +from jsonschema.exceptions import ValidationError +import requests +from requests.auth import HTTPBasicAuth +import urllib3 +import os + +from api_tests.helpers import make_request, load_json_schema + +# Disable SSL warnings +urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) + +current_script_path = os.path.abspath(__file__) +current_script_dir = os.path.dirname(current_script_path) + + +def convertJsonFileToString(file_path): + with open(file_path, "r") as file: + return file.read() + + +@pytest.fixture(autouse=True) +def suppress_insecure_request_warning(): + warnings.simplefilter("ignore", urllib3.exceptions.InsecureRequestWarning) + + +def test_host_search(es_host, es_port, username, password): + + url = f"https://{es_host}:{es_port}/.ds-metrics-system.cpu-default-*/_search" + body = load_json_schema(f"{current_script_dir}/queries/hostsearch.json") + response = make_request(url, username, password, body=body) + + assert response.status_code == 200, f"Expected 200, got {response.status_code}" + data = json.loads(response.text) + + #assert "winlog" in data ["winlogbeat-imported"]["mappings"]["properties"] + + # Getting the value of Root Key + for key in data: + rootKey = key + + assert (data[rootKey]["total"]["value"] > 0) + assert ".ds-metrics-system.cpu-default" in data[rootKey]["hits"][0]["_index"] + assert (data[rootKey]["hits"][0]["_source"]["agent"]["name"] == "ubuntu-vm") + assert (data[rootKey]["hits"][0]["_source"]["agent"]["version"] == "8.12.2") + assert (data[rootKey]["hits"][0]["_source"]["cloud"]["instance"]["name"] == "ubuntu") + assert (data[rootKey]["hits"][0]["_source"]["data_stream"]["dataset"] == "system.cpu") + assert (data[rootKey]["hits"][0]["_source"]["ecs"]["version"] == "8.0.0") + assert (data[rootKey]["hits"][0]["_source"]["elastic_agent"]["version"] == "8.12.2") + assert (data[rootKey]["hits"][0]["_source"]["event"]["dataset"] == "system.cpu") + assert (data[rootKey]["hits"][0]["_source"]["host"]["hostname"] == "ubuntu-vm") + assert (data[rootKey]["hits"][0]["_source"]["metricset"]["name"] == "cpu") + assert (data[rootKey]["hits"][0]["_source"]["service"]["type"] == "system") + assert "system" in data[rootKey]["hits"][0]["_source"] \ No newline at end of file diff --git a/testing/tests/api_tests/linux_only/test_server.py b/testing/tests/api_tests/linux_only/test_server.py index 3ef8791f..cc945b8f 100644 --- a/testing/tests/api_tests/linux_only/test_server.py +++ b/testing/tests/api_tests/linux_only/test_server.py @@ -62,41 +62,51 @@ def test_elastic_root(es_host, es_port, username, password): validate(instance=response.json(), schema=schema) -@pytest.mark.skip(reason="We no longer use winlogbeat. Keeping the test for reference") def test_elastic_indices(es_host, es_port, username, password): url = f"https://{es_host}:{es_port}/_cat/indices/" response = make_request(url, username, password) assert response.status_code == 200, f"Expected 200, got {response.status_code}" - assert ( - "green open .internal.alerts-observability.logs.alerts-default" in response.text - ) - assert ( - "green open .internal.alerts-observability.uptime.alerts-default" - in response.text - ) - assert ( - "green open .internal.alerts-ml.anomaly-detection.alerts-default" - in response.text - ) - assert ( - "green open .internal.alerts-observability.slo.alerts-default" in response.text - ) - assert ( - "green open .internal.alerts-observability.apm.alerts-default" in response.text - ) - assert ( - "green open .internal.alerts-observability.metrics.alerts-default" - in response.text - ) - assert ( - "green open .kibana-observability-ai-assistant-conversations" in response.text - ) - assert "green open winlogbeat" in response.text - assert ( - "green open .internal.alerts-observability.threshold.alerts-default" - in response.text - ) - assert "green open .kibana-observability-ai-assistant-kb" in response.text - assert "green open .internal.alerts-security.alerts-default" in response.text - assert "green open .internal.alerts-stack.alerts-default" in response.text + assert ("yellow open .ds-metrics-fleet_server.agent_versions-default" in response.text) + assert ("yellow open .ds-logs-endpoint.events.process-default" in response.text) + assert ("yellow open .ds-metrics-system.network-default" in response.text) + assert ("green open .internal.alerts-ml.anomaly-detection.alerts-default" in response.text) + assert ("green open wazuh-alerts-4.x" in response.text) + assert ("green open .internal.alerts-observability.slo.alerts-default" in response.text) + assert ("yellow open .ds-logs-elastic_agent.endpoint_security-default" in response.text) + assert ("green open .internal.alerts-observability.apm.alerts-default" in response.text) + assert ("yellow open .ds-metrics-system.process.summary-default" in response.text) + assert ("yellow open .ds-logs-elastic_agent.filebeat-default" in response.text) + assert ("yellow open .ds-logs-endpoint.events.file-default" in response.text) + assert ("green open .internal.alerts-observability.metrics.alerts-default" in response.text) + assert ("yellow open .ds-metrics-endpoint.metadata-default" in response.text) + assert ("yellow open .ds-logs-system.syslog-default" in response.text) + assert ("yellow open .ds-logs-elastic_agent.fleet_server-default" in response.text) + assert ("green open .internal.alerts-security.alerts-default" in response.text) + assert ("yellow open .ds-metrics-system.uptime-default" in response.text) + assert ("green open .internal.alerts-stack.alerts-default" in response.text) + assert ("yellow open .ds-metrics-system.memory-default" in response.text) + assert ("green open .internal.alerts-observability.logs.alerts" in response.text) + assert ("yellow open .ds-metrics-endpoint.policy-default" in response.text) + assert ("yellow open .ds-metrics-system.cpu-default" in response.text) + assert ("green open .internal.alerts-observability.uptime.alerts-default" in response.text) + assert ("yellow open .ds-metrics-system.process-default" in response.text) + assert ("yellow open .ds-metrics-elastic_agent.elastic_agent-default" in response.text) + assert ("yellow open .ds-metrics-elastic_agent.fleet_server-default" in response.text) + assert ("yellow open .ds-metrics-elastic_agent.metricbeat-default" in response.text) + assert ("yellow open .ds-metrics-system.load-default" in response.text) + assert ("yellow open .ds-logs-endpoint.events.network-default" in response.text) + assert ("yellow open .ds-metrics-fleet_server.agent_status-default" in response.text) + assert ("green open metrics-endpoint.metadata_current_default" in response.text) + assert ("yellow open .ds-logs-elastic_agent.metricbeat-default" in response.text) + assert ("green open .kibana-observability-ai-assistant-conversations" in response.text) + assert ("yellow open .ds-logs-elastic_agent-default" in response.text) + assert ("yellow open .ds-metrics-system.fsstat-default" in response.text) + assert ("yellow open .ds-metrics-elastic_agent.filebeat-default" in response.text) + assert ("green open .internal.alerts-observability.threshold.alerts-default" in response.text) + assert ("yellow open .ds-logs-system.auth-default" in response.text) + assert ("yellow open .ds-metrics-system.diskio-default" in response.text) + assert ("yellow open .ds-metrics-system.filesystem-default" in response.text) + assert ("green open .kibana-observability-ai-assistant-kb" in response.text) + assert ("yellow open .ds-metrics-system.socket_summary-default" in response.text) + assert ("yellow open .ds-metrics-endpoint.metrics-default" in response.text) diff --git a/testing/tests/api_tests/winlogbeat/test_server.py b/testing/tests/api_tests/winlogbeat/test_server.py index 781d3804..1707a400 100644 --- a/testing/tests/api_tests/winlogbeat/test_server.py +++ b/testing/tests/api_tests/winlogbeat/test_server.py @@ -28,26 +28,36 @@ def suppress_insecure_request_warning(): warnings.simplefilter("ignore", urllib3.exceptions.InsecureRequestWarning) -@pytest.mark.skip(reason="This test is too fragile and the data is not stable") +@pytest.mark.skip(reason="We no longer use winlogbeat. Keeping the test for reference") def test_elastic_mapping(es_host, es_port, username, password): - # This test currently works for full installation. For Partial installation (only Ls1), the static mappings file will need to be changed. - url = f"https://{es_host}:{es_port}/winlogbeat-000001/_mapping" + + url = f"https://{es_host}:{es_port}/winlogbeat-*/_mapping" response = make_request(url, username, password) - assert response.status_code == 200, f"Expected 200, got {response.status_code}" - - response_data = response.json() - static_mapping = json.load( - open(f"{current_script_dir}/test_data/mapping_response.json") - ) - - # Dumping Actual Response Json into file for comparison if test fails. - json.dump( - response_data, - open(f"{current_script_dir}/test_data/mapping_response_actual.json", "w"), - indent=4, - ) - - assert static_mapping == response_data, "Mappings Json did not match Expected" + assert response.status_code == 200, f"Expected 200, got {response.status_code}" + data = json.loads(response.text) + + assert "winlog" in data ["winlogbeat-imported"]["mappings"]["properties"] + assert "@timestamp" in data ["winlogbeat-imported"]["mappings"]["properties"]["winlog"]["properties"] + assert "activity_id" in data ["winlogbeat-imported"]["mappings"]["properties"]["winlog"]["properties"] + assert "api" in data ["winlogbeat-imported"]["mappings"]["properties"]["winlog"]["properties"] + assert "channel" in data ["winlogbeat-imported"]["mappings"]["properties"]["winlog"]["properties"] + assert "computer_name" in data ["winlogbeat-imported"]["mappings"]["properties"]["winlog"]["properties"] + assert "event_data" in data ["winlogbeat-imported"]["mappings"]["properties"]["winlog"]["properties"] + assert "event_id" in data ["winlogbeat-imported"]["mappings"]["properties"]["winlog"]["properties"] + assert "host" in data ["winlogbeat-imported"]["mappings"]["properties"]["winlog"]["properties"] + assert "keywords" in data ["winlogbeat-imported"]["mappings"]["properties"]["winlog"]["properties"] + assert "logon" in data ["winlogbeat-imported"]["mappings"]["properties"]["winlog"]["properties"] + assert "opcode" in data ["winlogbeat-imported"]["mappings"]["properties"]["winlog"]["properties"] + assert "process" in data ["winlogbeat-imported"]["mappings"]["properties"]["winlog"]["properties"] + assert "provider_guid" in data ["winlogbeat-imported"]["mappings"]["properties"]["winlog"]["properties"] + assert "provider_name" in data ["winlogbeat-imported"]["mappings"]["properties"]["winlog"]["properties"] + assert "record_id" in data ["winlogbeat-imported"]["mappings"]["properties"]["winlog"]["properties"] + assert "related_activity_id" in data ["winlogbeat-imported"]["mappings"]["properties"]["winlog"]["properties"] + assert "task" in data ["winlogbeat-imported"]["mappings"]["properties"]["winlog"]["properties"] + assert "time_created" in data ["winlogbeat-imported"]["mappings"]["properties"]["winlog"]["properties"] + assert "user" in data ["winlogbeat-imported"]["mappings"]["properties"]["winlog"]["properties"] + assert "user_data" in data ["winlogbeat-imported"]["mappings"]["properties"]["winlog"]["properties"] + assert "version" in data ["winlogbeat-imported"]["mappings"]["properties"]["winlog"]["properties"] @pytest.mark.skip(reason="We no longer use winlogbeat. Keeping the test for reference") @@ -104,9 +114,17 @@ def test_winlogbeat_search(es_host, es_port, username, password): # open(f"{current_script_dir}/test_data/winlog_search_data.json", "w"), # indent=4, # ) - + + assert data["hits"]["hits"][0]["_index"] == "winlogbeat-imported" + assert data["hits"]["hits"][0]["_source"]["agent"]["name"] == "DC1" + assert data["hits"]["hits"][0]["_source"]["agent"]["type"] == "winlogbeat" + assert data["hits"]["hits"][0]["_source"]["winlog"]["computer_name"] == "DC1.lme.local" + assert data["hits"]["hits"][0]["_source"]["ecs"]["version"] == "8.0.0" + assert data["hits"]["hits"][0]["_source"]["log"]["level"] == "information" assert data["hits"]["hits"][0]["_source"]["host"]["name"] == "DC1.lme.local" + assert data["hits"]["hits"][0]["_source"]["event"]["provider"] == "PowerShell" + assert data["hits"]["hits"][0]["_source"]["tags"][0] == "beats" # Validating JSON Response schema - schema = load_json_schema(f"{current_script_dir}/schemas/winlogbeat_search.json") - validate(instance=response.json(), schema=schema) + #schema = load_json_schema(f"{current_script_dir}/schemas/winlogbeat_search.json") + #validate(instance=response.json(), schema=schema) From c6bedb254460f77582a5ea3b4212b28d00706507 Mon Sep 17 00:00:00 2001 From: Clint Baxley Date: Thu, 10 Oct 2024 04:12:46 -0400 Subject: [PATCH 06/19] Merge 2.0 into vault user password encryption (#458) * adding vim ignore to gitignore, so local files aren't included * adding first working PoC * NIST Guidelines (NIST Special Publication 800-63B): compliance * lme environment will only be copied if it doesn't already exist to save old lme.environment * Have all quadlets start as lmed user * remove caddy from the architecture * Make certs globally readable if volume is mounted * Removing lmed, adding usernamespace, fixing volume permissions * Commiting new quadlets: - run via administrator systemd - user UserNS to execute in new, unpriviliged userns - volumes so we don't run into permissions issues - add network/volumes to lme.service for restart * Fix Ansible into multiple plays, change installation * Finish up fixing ansible * Fix up v2 testing docs * Fix link latest podman bug * Fix issue where permissions happen for elasticsearch data * Fix some docs and push password manager * Docs for security model AND architecture diagram * Push up Table of Contents + Diagram into main readme * Updating scripts with some comments and reorg * Setting up ansible to create user passwords using ansible vault * Pushing changes to quadlets * Pushing changes to scripts * Adding in docs changes + ansible script * Updating ansible script to setup the passwords automatically * Fix so nix is setup before settting up user acct passwords * Pushing updated ansible script so that password can be set manually if desired * Updating docs * Don't delete the azure resource so it can be worked on * Use a script to extract the secrets * Don't need to remove the /tmp file, it has no secrets * Extract the secrets all the way. * Prints out debugging info for setting fleet * More debugging info for setting fleet * Don't comment the variables when setting fleet * Escape backslashes in env file * Set locale to en_US.UTF-8 * Run as root when setting fleet * Debugging set-fleet.sh * Delete Azure resources * Change set-fleet.sh to use the secrets in the vault * Show the secrets in the vault for debugging * Update set-fleet.sh to output the response from the Fleet API * Source the export instead of executing it * Keep azure running to set fleet manually * Replace more of the hardcoded secrets with env vars * Sets elastic password as an env var for the pipeline * Make the azure ip address available to the pipeline * Remove newlines from the retrieve password command * Get the azure ip address and make it available to the pipeline * Don't comment out the Azure IP address * Capture only the last line of the elastic password * Put the elastic password in the .env file * Hide the elastic password in the github actions logs * Hide the elastic password in the github actions logs * Hide the output of the .profile source * Allow the .profile source to fail * Add the kibana password to the github actions environment * Add some more environment variables to the .env file * Adds the elastic and kibana passwords to the .env file for cluster tests * Get the elastic password later in the pipeline * Run cluster on every run, don't clean up Azure resources * Change the Kibana URL to 5601 * Pass the Elastic password to the check_agent_reporting.sh script * Adding beginning docs for cloud * Moving dev notes to their own docs page * Deleting old docs from the current iteration * Delete old docs/chapters from docs/ directory * Adding updates to docs * Fix Readme links and references * Export the Elastic password to the check_agent_reporting.sh script * Adds ability to add an external windows server to the network * Update the workflows to run at the right times * Remask the secrets in the pipeline --------- Co-authored-by: Michael Reeves --- .github/workflows/cluster.yml | 42 +- .github/workflows/linux_only.yml | 31 +- .gitignore | 1 + .../Group Policy Objects/manifest.xml | 1 - .../Backup.xml | 20 - .../Machine/Preferences/Services/Services.xml | 3 - .../DomainSysvol/GPO/Machine/comment.cmtx | 12 - .../microsoft/windows nt/SecEdit/GptTmpl.inf | Bin 224 -> 0 bytes .../DomainSysvol/GPO/Machine/registry.pol | Bin 454 -> 0 bytes .../bkupInfo.xml | 1 - .../gpreport.xml | Bin 24448 -> 0 bytes .../Backup.xml | 20 - .../GPO/Machine/Preferences/Groups/Groups.xml | 3 - .../Machine/Preferences/Services/Services.xml | 3 - .../DomainSysvol/GPO/Machine/comment.cmtx | 12 - .../microsoft/windows nt/SecEdit/GptTmpl.inf | Bin 224 -> 0 bytes .../DomainSysvol/GPO/Machine/registry.pol | Bin 1010 -> 0 bytes .../bkupInfo.xml | 1 - .../gpreport.xml | Bin 29576 -> 0 bytes .../Chapter 1 Files/lme_gpo_for_windows.zip | Bin 22408 -> 0 bytes .../Chapter 1 Files/lme_wec_config.xml | 275 - .../Group Policy Objects/manifest.xml | 1 - .../Backup.xml | 18 - .../DomainSysvol/GPO/GPO.cmt | Bin 114 -> 0 bytes .../ScheduledTasks/ScheduledTasks.xml | 4 - .../bkupInfo.xml | 1 - .../gpreport.xml | Bin 20830 -> 0 bytes .../GPO Deployment/sysmon_gpo.zip | Bin 9023 -> 0 bytes .../Group Policy Objects/manifest.xml | 1 - .../Backup.xml | 18 - .../DomainSysvol/GPO/GPO.cmt | Bin 114 -> 0 bytes .../ScheduledTasks/ScheduledTasks.xml | 4 - .../bkupInfo.xml | 1 - .../gpreport.xml | Bin 20830 -> 0 bytes .../Chapter 2 Files/GPO Deployment/update.bat | 105 - .../SCCM Deployment/Install_Sysmon64.ps1 | 1 - .../SCCM Deployment/Uninstall_Sysmon64.ps1 | 5 - OLD_CHAPTERS/Chapter 3 Files/.gitignore | 1 - .../Chapter 3 Files/dashboard_update.sh | 32 - OLD_CHAPTERS/Chapter 3 Files/deploy.sh | 1209 --- .../Chapter 3 Files/docker-compose-stack.yml | 166 - OLD_CHAPTERS/Chapter 3 Files/lme_update.sh | 2 - OLD_CHAPTERS/Chapter 3 Files/logstash.conf | 74 - .../Chapter 3 Files/winlog-index-mapping.json | 7340 ----------------- OLD_CHAPTERS/Chapter 3 Files/winlogbeat.yml | 32 - .../Healthcheckoverview_dashboard.ndjson | 9 - .../Chapter 4 Files/dashboards/Readme.md | 64 - .../dashboards/alerting_dashboard.ndjson | 18 - .../computer_software_overview.ndjson | 12 - .../dashboards/process_explorer.ndjson | 10 - .../security_dashboard_security_log.ndjson | 27 - .../dashboards/sysmon_summary.ndjson | 11 - .../Chapter 4 Files/dashboards/user_hr.ndjson | 10 - .../dashboards/user_security.ndjson | 39 - .../Chapter 4 Files/export_dashboards.py | 165 - OLD_CHAPTERS/Chapter 4 Files/requirements.txt | 2 - OLD_CHAPTERS/README.md | 76 - README.md | 365 +- config/caddy/Caddyfile | 22 - config/containers.conf | 8 + config/example.env | 34 +- config/setup/acct-init.sh | 5 + config/setup/init-setup.sh | 14 +- config/vault-pass.sh | 2 + docs/imgs/lme-architecture-v2.jpg | Bin 0 -> 929763 bytes docs/imgs/lme-cloud.jpg | Bin 0 -> 78383 bytes docs/markdown/chapter1/chapter1.md | 129 - docs/markdown/chapter1/guide_to_ous.md | 37 - docs/markdown/chapter2.md | 130 - docs/markdown/chapter3/chapter3.md | 274 - docs/markdown/chapter3/resilience.md | 15 - docs/markdown/chapter4.md | 118 - docs/markdown/logging-guidance/cloud.md | 43 + docs/markdown/reference/dev-notes.md | 163 + docs/markdown/reference/security-model.md | 29 + quadlet/lme-caddy.container | 22 - quadlet/lme-elasticsearch.container | 8 +- quadlet/lme-esdata01.volume | 12 + quadlet/lme-fleet-server.container | 14 +- quadlet/lme-kibana.container | 12 +- quadlet/lme-kibanadata.volume | 11 + quadlet/lme-setup-accts.container | 11 +- quadlet/lme-setup-certs.container | 15 +- quadlet/lme-wazuh-manager.container | 11 +- quadlet/lme.network | 6 + scripts/extract_secrets.sh | 105 + scripts/install_lme_local.yml | 302 +- scripts/link_latest_podman_quadlet.sh | 4 +- scripts/password_management.sh | 227 + scripts/set-fleet.sh | 40 +- scripts/set_vault_key_env.sh | 6 + testing/v2/installers/README.md | 1 + .../azure/build_azure_linux_network.py | 128 +- testing/v2/installers/install_v2/install.sh | 33 +- .../installers/lib/check_agent_reporting.sh | 9 +- 95 files changed, 1360 insertions(+), 10888 deletions(-) delete mode 100644 OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/manifest.xml delete mode 100644 OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/Backup.xml delete mode 100644 OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/DomainSysvol/GPO/Machine/Preferences/Services/Services.xml delete mode 100644 OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/DomainSysvol/GPO/Machine/comment.cmtx delete mode 100644 OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf delete mode 100644 OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/DomainSysvol/GPO/Machine/registry.pol delete mode 100644 OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/bkupInfo.xml delete mode 100644 OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/gpreport.xml delete mode 100644 OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/Backup.xml delete mode 100644 OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/Preferences/Groups/Groups.xml delete mode 100644 OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/Preferences/Services/Services.xml delete mode 100644 OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/comment.cmtx delete mode 100644 OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf delete mode 100644 OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/registry.pol delete mode 100644 OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/bkupInfo.xml delete mode 100644 OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/gpreport.xml delete mode 100644 OLD_CHAPTERS/Chapter 1 Files/lme_gpo_for_windows.zip delete mode 100644 OLD_CHAPTERS/Chapter 1 Files/lme_wec_config.xml delete mode 100644 OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/Group Policy Objects/manifest.xml delete mode 100644 OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/Backup.xml delete mode 100644 OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/DomainSysvol/GPO/GPO.cmt delete mode 100644 OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/DomainSysvol/GPO/Machine/Preferences/ScheduledTasks/ScheduledTasks.xml delete mode 100644 OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/bkupInfo.xml delete mode 100644 OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/gpreport.xml delete mode 100644 OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/sysmon_gpo.zip delete mode 100644 OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/manifest.xml delete mode 100644 OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/Backup.xml delete mode 100644 OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/DomainSysvol/GPO/GPO.cmt delete mode 100644 OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/DomainSysvol/GPO/Machine/Preferences/ScheduledTasks/ScheduledTasks.xml delete mode 100644 OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/bkupInfo.xml delete mode 100644 OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/gpreport.xml delete mode 100644 OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/update.bat delete mode 100644 OLD_CHAPTERS/Chapter 2 Files/SCCM Deployment/Install_Sysmon64.ps1 delete mode 100644 OLD_CHAPTERS/Chapter 2 Files/SCCM Deployment/Uninstall_Sysmon64.ps1 delete mode 100644 OLD_CHAPTERS/Chapter 3 Files/.gitignore delete mode 100644 OLD_CHAPTERS/Chapter 3 Files/dashboard_update.sh delete mode 100755 OLD_CHAPTERS/Chapter 3 Files/deploy.sh delete mode 100644 OLD_CHAPTERS/Chapter 3 Files/docker-compose-stack.yml delete mode 100644 OLD_CHAPTERS/Chapter 3 Files/lme_update.sh delete mode 100644 OLD_CHAPTERS/Chapter 3 Files/logstash.conf delete mode 100644 OLD_CHAPTERS/Chapter 3 Files/winlog-index-mapping.json delete mode 100644 OLD_CHAPTERS/Chapter 3 Files/winlogbeat.yml delete mode 100644 OLD_CHAPTERS/Chapter 4 Files/dashboards/Healthcheckoverview_dashboard.ndjson delete mode 100644 OLD_CHAPTERS/Chapter 4 Files/dashboards/Readme.md delete mode 100644 OLD_CHAPTERS/Chapter 4 Files/dashboards/alerting_dashboard.ndjson delete mode 100644 OLD_CHAPTERS/Chapter 4 Files/dashboards/computer_software_overview.ndjson delete mode 100644 OLD_CHAPTERS/Chapter 4 Files/dashboards/process_explorer.ndjson delete mode 100644 OLD_CHAPTERS/Chapter 4 Files/dashboards/security_dashboard_security_log.ndjson delete mode 100644 OLD_CHAPTERS/Chapter 4 Files/dashboards/sysmon_summary.ndjson delete mode 100644 OLD_CHAPTERS/Chapter 4 Files/dashboards/user_hr.ndjson delete mode 100644 OLD_CHAPTERS/Chapter 4 Files/dashboards/user_security.ndjson delete mode 100644 OLD_CHAPTERS/Chapter 4 Files/export_dashboards.py delete mode 100644 OLD_CHAPTERS/Chapter 4 Files/requirements.txt delete mode 100644 OLD_CHAPTERS/README.md delete mode 100644 config/caddy/Caddyfile create mode 100644 config/containers.conf create mode 100755 config/vault-pass.sh create mode 100644 docs/imgs/lme-architecture-v2.jpg create mode 100644 docs/imgs/lme-cloud.jpg delete mode 100644 docs/markdown/chapter1/chapter1.md delete mode 100644 docs/markdown/chapter1/guide_to_ous.md delete mode 100644 docs/markdown/chapter2.md delete mode 100644 docs/markdown/chapter3/chapter3.md delete mode 100644 docs/markdown/chapter3/resilience.md delete mode 100644 docs/markdown/chapter4.md create mode 100644 docs/markdown/logging-guidance/cloud.md create mode 100644 docs/markdown/reference/dev-notes.md create mode 100644 docs/markdown/reference/security-model.md delete mode 100644 quadlet/lme-caddy.container create mode 100644 quadlet/lme-esdata01.volume create mode 100644 quadlet/lme-kibanadata.volume create mode 100755 scripts/extract_secrets.sh create mode 100755 scripts/password_management.sh create mode 100755 scripts/set_vault_key_env.sh diff --git a/.github/workflows/cluster.yml b/.github/workflows/cluster.yml index 1cd42895..2ea477c4 100644 --- a/.github/workflows/cluster.yml +++ b/.github/workflows/cluster.yml @@ -2,7 +2,7 @@ name: Cluster Run - Minimega on: workflow_dispatch: - pull_request: + # pull_request: # branches: # - '*' @@ -18,6 +18,8 @@ jobs: AZURE_IP: "" MINIMEGA_IP: "" ENROLLMENT_TOKEN: "" + ES_PASSWORD: "" + KIBANA_PASSWORD: "" steps: - name: Checkout repository @@ -137,6 +139,7 @@ jobs: echo "MINIMEGA_IP=$MINIMEGA_IP" >> $GITHUB_ENV echo "Azure IP:$AZURE_IP Minimega IP:$MINIMEGA_IP" + - name: Run a command in Minimega run: | cd testing/v2/development @@ -153,6 +156,23 @@ jobs: ./install_v2/install.sh lme-user \$IP_ADDRESS "pipe-${{ env.UNIQUE_ID }}.password.txt" ${{ env.BRANCH_NAME }} " + + - name: Retrieve Elastic password + env: + AZURE_IP: ${{ env.AZURE_IP }} + run: | + cd testing/v2/development + ES_PASSWORD=$(docker compose -p ${{ env.UNIQUE_ID }} exec -T pipeline bash -c "ssh lme-user@$AZURE_IP '. /home/lme-user/LME/scripts/extract_secrets.sh -q && echo \$elastic'" | tail -n 1 | tr -d '\n') + echo "::add-mask::$ES_PASSWORD" + echo "ES_PASSWORD=$ES_PASSWORD" >> $GITHUB_ENV + echo "Elastic password retrieved successfully: $ES_PASSWORD" + KIBANA_PASSWORD=$(docker compose -p ${{ env.UNIQUE_ID }} exec -T pipeline bash -c "ssh lme-user@$AZURE_IP '. /home/lme-user/LME/scripts/extract_secrets.sh -q && echo \$kibana_system'" | tail -n 1 | tr -d '\n') + echo "::add-mask::$KIBANA_PASSWORD" + echo "KIBANA_PASSWORD=$KIBANA_PASSWORD" >> $GITHUB_ENV + echo "Kibana password retrieved successfully: $KIBANA_PASSWORD" + + + - name: Install test requirements on Azure instance run: | cd testing/v2/development @@ -170,9 +190,9 @@ jobs: - name: Retrieve Elastic policy ID and enrollment token env: - KIBANA_URL: "https://localhost" + KIBANA_URL: "https://localhost:5601" ES_USERNAME: "elastic" - ES_PASSWORD: "password1" + ES_PASSWORD: ${{ env.ES_PASSWORD }} run: | cd testing/v2/development @@ -228,32 +248,46 @@ jobs: " - name: Check if the Elastic agent is reporting + env: + ES_PASSWORD: ${{ env.ES_PASSWORD }} run: | sleep 120 cd testing/v2/development docker compose -p ${{ env.UNIQUE_ID }} exec -T pipeline bash -c " ssh -o StrictHostKeyChecking=no lme-user@${{ env.AZURE_IP }} \ - '/home/lme-user/LME/testing/v2/installers/lib/check_agent_reporting.sh' + 'export ES_PASSWORD=\"$ES_PASSWORD\" && /home/lme-user/LME/testing/v2/installers/lib/check_agent_reporting.sh' " - name: Run api tests on Azure instance + env: + ES_PASSWORD: ${{ env.ES_PASSWORD }} + KIBANA_PASSWORD: ${{ env.KIBANA_PASSWORD }} run: | cd testing/v2/development docker compose -p ${{ env.UNIQUE_ID }} exec -T pipeline bash -c " cd /home/lme-user/LME/testing/v2/installers && \ IP_ADDRESS=\$(cat pipe-${{ env.UNIQUE_ID }}.ip.txt) && \ ssh lme-user@\$IP_ADDRESS 'cd /home/lme-user/LME/testing/tests && \ + echo ELASTIC_PASSWORD=\"$ES_PASSWORD\" >> .env && \ + echo KIBANA_PASSWORD=\"$KIBANA_PASSWORD\" >> .env && \ + echo elastic=\"$ES_PASSWORD\" >> .env && \ source venv/bin/activate && \ pytest -v api_tests/' " - name: Run selenium tests on Azure instance + env: + ES_PASSWORD: ${{ env.ES_PASSWORD }} + KIBANA_PASSWORD: ${{ env.KIBANA_PASSWORD }} run: | cd testing/v2/development docker compose -p ${{ env.UNIQUE_ID }} exec -T pipeline bash -c " cd /home/lme-user/LME/testing/v2/installers && \ IP_ADDRESS=\$(cat pipe-${{ env.UNIQUE_ID }}.ip.txt) && \ ssh lme-user@\$IP_ADDRESS 'cd /home/lme-user/LME/testing/tests && \ + echo ELASTIC_PASSWORD=\"$ES_PASSWORD\" >> .env && \ + echo KIBANA_PASSWORD=\"$KIBANA_PASSWORD\" >> .env && \ + echo elastic=\"$ES_PASSWORD\" >> .env && \ source venv/bin/activate && \ pytest -v selenium_tests/' " diff --git a/.github/workflows/linux_only.yml b/.github/workflows/linux_only.yml index 6349b8d0..54bab48d 100644 --- a/.github/workflows/linux_only.yml +++ b/.github/workflows/linux_only.yml @@ -13,7 +13,10 @@ jobs: env: UNIQUE_ID: ${{ github.run_id }}-${{ github.run_number }} BRANCH_NAME: ${{ github.head_ref || github.ref_name }} - + ES_PASSWORD: "" + KIBANA_PASSWORD: "" + AZURE_IP: "" + steps: - name: Checkout repository uses: actions/checkout@v4.1.1 @@ -72,6 +75,23 @@ jobs: IP_ADDRESS=\$(cat pipe-${{ env.UNIQUE_ID }}.ip.txt) && \ ./install_v2/install.sh lme-user \$IP_ADDRESS "pipe-${{ env.UNIQUE_ID }}.password.txt" ${{ env.BRANCH_NAME }} " + + - name: Retrieve Elastic password + run: | + cd testing/v2/development + AZURE_IP=$(docker compose -p ${{ env.UNIQUE_ID }} exec -T pipeline bash -c "cat /home/lme-user/LME/testing/v2/installers/pipe-${{ env.UNIQUE_ID }}.ip.txt") + echo "AZURE_IP=$AZURE_IP" >> $GITHUB_ENV + echo "Azure IP:$AZURE_IP" + echo "Azure IP retrieved successfully" + + ES_PASSWORD=$(docker compose -p ${{ env.UNIQUE_ID }} exec -T pipeline bash -c "ssh lme-user@$AZURE_IP '. /home/lme-user/LME/scripts/extract_secrets.sh -q && echo \$elastic'" | tail -n 1 | tr -d '\n') + echo "::add-mask::$ES_PASSWORD" + echo "ES_PASSWORD=$ES_PASSWORD" >> $GITHUB_ENV + KIBANA_PASSWORD=$(docker compose -p ${{ env.UNIQUE_ID }} exec -T pipeline bash -c "ssh lme-user@$AZURE_IP '. /home/lme-user/LME/scripts/extract_secrets.sh -q && echo \$kibana_system'" | tail -n 1 | tr -d '\n') + echo "::add-mask::$KIBANA_PASSWORD" + echo "KIBANA_PASSWORD=$KIBANA_PASSWORD" >> $GITHUB_ENV + echo "Kibana password retrieved successfully." + - name: Install test requirements on Azure instance run: | @@ -88,12 +108,21 @@ jobs: pip install -r requirements.txt ' " - name: Run tests on Azure instance + env: + ES_PASSWORD: ${{ env.ES_PASSWORD }} + elastic: ${{ env.ES_PASSWORD }} + KIBANA_PASSWORD: ${{ env.KIBANA_PASSWORD }} + AZURE_IP: ${{ env.AZURE_IP }} run: | cd testing/v2/development docker compose -p ${{ env.UNIQUE_ID }} exec -T pipeline bash -c " cd /home/lme-user/LME/testing/v2/installers && \ IP_ADDRESS=\$(cat pipe-${{ env.UNIQUE_ID }}.ip.txt) && \ ssh lme-user@\$IP_ADDRESS 'cd /home/lme-user/LME/testing/tests && \ + echo ELASTIC_PASSWORD=\"$ES_PASSWORD\" >> .env && \ + echo KIBANA_PASSWORD=\"$KIBANA_PASSWORD\" >> .env && \ + echo elastic=\"$ES_PASSWORD\" >> .env && \ + cat .env && \ source venv/bin/activate && \ pytest -v api_tests/linux_only/ selenium_tests/linux_only/' " diff --git a/.gitignore b/.gitignore index aa8737ce..4837f322 100644 --- a/.gitignore +++ b/.gitignore @@ -30,5 +30,6 @@ testing/tests/assets/style.css **.password.txt **.ip.txt **.swp +*.vim* **/quadlet/output diff --git a/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/manifest.xml b/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/manifest.xml deleted file mode 100644 index 2bd86697..00000000 --- a/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/manifest.xml +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file diff --git a/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/Backup.xml b/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/Backup.xml deleted file mode 100644 index ecb301ed..00000000 --- a/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/Backup.xml +++ /dev/null @@ -1,20 +0,0 @@ - - 01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 24 31 7e 4b 58 15 f6 4f ac a8 53 3e 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 24 31 7e 4b 58 15 f6 4f ac a8 53 3e 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 24 31 7e 4b 58 15 f6 4f ac a8 53 3e 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00 - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/DomainSysvol/GPO/Machine/Preferences/Services/Services.xml b/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/DomainSysvol/GPO/Machine/Preferences/Services/Services.xml deleted file mode 100644 index 2434ed29..00000000 --- a/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/DomainSysvol/GPO/Machine/Preferences/Services/Services.xml +++ /dev/null @@ -1,3 +0,0 @@ - - - diff --git a/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/DomainSysvol/GPO/Machine/comment.cmtx b/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/DomainSysvol/GPO/Machine/comment.cmtx deleted file mode 100644 index d962772c..00000000 --- a/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/DomainSysvol/GPO/Machine/comment.cmtx +++ /dev/null @@ -1,12 +0,0 @@ -๏ปฟ - - - - - - - - - - - \ No newline at end of file diff --git a/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf b/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf deleted file mode 100644 index 8022b8b94ad39c5af1e9f1e0d9ff1b0fc020143c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 224 zcmZ9Fu?oU47=*uB@EuBUbkRM7IH-dN72BaWlp0DvDrgn@@~xK;7YPaf{a@~G8Y?bz zcp4tua9o))``cLtkyj)Yh32P}m!nJngKDK}dfuWAi($c*JqNuTcATV5%*e$*a{MwZ otCW3?*?~2hGP#^mLto8ZI`Ce{Yul!7Lm73>QTa>Ox+XP!0kS(Jn*aa+ diff --git a/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/DomainSysvol/GPO/Machine/registry.pol b/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/DomainSysvol/GPO/Machine/registry.pol deleted file mode 100644 index 56fb8179887eebd44194ce8a0cf8ddf330176b0a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 454 zcmc(bu?oUK5JaEi*I0{9svrm!LWqThXCZoqz>z?r$?rS6v9Ph#Vh?7R+j)0I8LJs^ z;y}xt2O}3cB7s6qqUNfJ^m6vDI{E!O9XQHsxJi$mnRKaa(9Wn`gWrm3$;h=ac{b;% vww8^iQFBe@iN(ihWapo;?eyY-6 diff --git a/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/gpreport.xml b/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{36FE9489-FE2B-42DF-835C-DEA226B1AC72}/gpreport.xml deleted file mode 100644 index 42ffab1f099e1d19edfce21d337ee24ae9ea7c9c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 24448 zcmeI4YfoFr8OP^!rG5u1uac+)FaZLgtQ;V_NShF0vUIC`<8TWtmn=5fjjH|XZU4V{ zcy{I-kFgm{O|+wfQEjhChctg_ZDacoVkN$HqO=h|9X}sxM={ zSFc|9pnKE$`z8K8(dV3CoeTbv?luK=M&nM0zlB%f`_LBb_rl>cbRstOk&o|Wj-pG3ofCP1+J|5KqA=5+^MnbVzFU2mx8Qus~OPLD+IdgN#)a_qk7>_v)ulH`G8dLj(= zq#Y*_=Nz9To8i=~gx4B_5m%+#uf&I`u&d8CeWMi@SC+^~sU^1Ma>o`=!e!Kvwa67l zLtDBUv!@X*_1iGHzHJ(HO}!3;7ZmS@9dX$(#1>~Ir>Q7i``po;d0FsNNpV^7T#T>= zjgVlx60Ud<)96v5%nKS&mLinFVRBs1mo9F`&ux984;|5TsPAX`oYMbccqjhg`)74`R#)$&4P2ukGipDh9!s)zdMrih zJ=a*R@HRXW6kq^lO?a${7i-e|-LNezcJ;q5{rg^+z^QFL+tv53e$(f%tao}>nVQonSRk0uSv_r$hif5G8Q)HoH8om z5*&gvaK*TR7agTt&iT*bT08t$fwvjuayv<`sqZ66d07%Q-Fqvlz;07iwWF4x56B;C z55=_^>EoQVZBJaB5|7YDIF@T7JVZOuME(xNYwp0~J+*uuM}%uz(np85RfAfE_fBwc z5AU6Dz#0~18J(ypGqRO~E4{#OprIq0o?Sh~hOi>=Mnjg=x_L{?vDw>l>aH;-D!B)& zd&Vv0foG!g;w$<__wD#<_t$9SeRykp^Oy1_%^1ttQOB!%H!3~TxGy?)l<~CX=gEJ5 z5`W2-J-2Jg9>}Sw9m-jd;XEz-b&aXgL={3lPTqYV6qV!bM3+*f_9d&4yV0ejF?C&f z6MYgI+0~!b$6duGGUl%S$-KXwmgV{WD432$-Pfb1-)c6+Vd{U&vb*7BwCz(#pc7>P z|5p`ZsmzdvS3bl0^uyZGh?g3LI_N+UfLfP)m4g;1sM@Q2%dP%@VoKu6|6XiKxKEEH zRb+4TBiIc-Vp$qwckp~AJ@Ov;%#XwM@0DwNt|~)5(cihEAUb~?l(II`%kdc0qH29q zgV)=dwWwPb6s-u~5BjrNu#U3$<9H3H%FwOXjwqzkK9P-A=QpZPN-)z1UYp~usc7*U zTf*TV8hKCG%$-zy2&0eE>*jEowE@0mJouRU%*`O!<(|VZIF5c2DogZq#fLL-7b%oD zFnaG29_ZLj<-Q_$+dM3ix`;Yg8r!66GtMb~qk%2SbWf5cVsD7LOL_5CT`~XE3xAO| zQh%N3A5YKkQ^~|;r#|TyaU`ENfr`=LlyGH)(Wt^s685jefo}Mxu%C%mUVc`GXqJ7O zSXPf?C9i_E)*-s3wtfkc=_mOAR>nfW`98?Q|ond(2aqG2waYM3ytMBh*liRA+ zb~NAelk}En8*%=JyKP-JWXoHspO`y&tzXQh&}v)X-|LUo?Wi$MM_C&Enlh-JM~X>| zo5Z+eB{z#yd9`x0o+W={c535{9;N=+G0xX3CK0PzuMhTW;~%kDFSY!ExyUjl;})}6 zDPV?gLoo{6CsD}bXIXx%`sec;7GtWus??(77blgLS9s-mX%dA}{2r|)G4C>Z1vII& zhR+)Q@hdHM3Eka#_;^OZ>goe?4a_K9Xr7DtYUUBB=|)-6N;Wx}bu2}?Ni59gDob(S zy!6fLs!1$Nb~lNIK4&_ab$k-n{cgIi*K>T^C!6o)V29FpMzF#2jxEib_u|?sQH@>B zzC*O3SxRCXD;JaM4i32FC)Hhf70GtSUbp%-iD(dNzP4Q6 z{l21oJFNFxb+jHMNk?4ys4MQXAAt4P>I(m;eO!N5v<}8z!VfWW5uXyymL30a6}4<1 z*ScUM2iC^fts0Xd#tHKSt;OAZfQEv zk9DpG_{!$J_{!X44fd7ID_@yf-^5eWo2rmLX@sskGbay;EOwfgbD(RA>o0Udh4V}; z&GtSOUpec-)jOSL;Y?UddzW6sdoy~*nbD?tEy<&A=x$4&zg14ay65q4ymuL=evDcX z(#tD|i-Khpnk z!5PVpGC6zNjQ2RH%-%xo8jtJ*C8uFI7iK3Y8@gT)kLLx4&&AmHGUMxpuy`Tf!nGIT z7w2mi_1n(Za*CFj^_E7Y9Vf;(rwN}I)N)<)Ea=&@A$&E>Hr`sUUe%H&E^b!`&;Cq*ZOn zE;^w4S$9^dTZ-p9aa5ilbxx4m}SAACEAz4AW zM=6gf`^EmT>s~jv{c-iWb6?!+vZLlm8i8(7A)p843>9mxx2{@L^`yVc(=~_wc@5n! zA@6||(b_dW-wWOlmgKkR!k5)2*L*CEeXjT?^ILvyyrGuw^%Q+S(p5vguA1LgVGXix z$I9|sptI)|Xja?p$GJkoJa02>JYp~V#%;g!s;u;Vlt)8%(~N^rnyQP2+WY=^Z17X0 z4_eP_d}wF~J*P!%t`jcVmGfa=J${M)3F#)zGE3gi%ZC~F9%(G+zttIFg;&Y5e8ZF3 z6!ylWXI7In)aoq5hSQNfVM3+)Pu)L^S0?YDH7Y)oo$U2~--%;8(k$q@h&Xp6=kUC= zwRe9cs`2^cnwP?d7O6k{rq`3W{};J!s%7FWc)PT1Jm|SzPVBy}@|(KqkIpw%>2eKq zT`SXWI*VOXs~$&*mE~TSWmRY3^`0P~NovQkb>3ZokErrL={s?Z7QaZU*wXcq#EzKZ z!h;;hX2F&BAo!WNq_KE8)4qA-Vw`$z=sb2^?_AqbKi9-Z12vF2wr-|_z+tyP+&^z z^5}-*2bj8+ZpxQ^RF)2I#!b7kpgZ*OS;nsLYs6@Qj;CIE8!)cIbN@*n;}{+vKErJw zlHDgRr*ZqKK|+pW75h4_cZJ7-;MI8w7tBxBY2A-!UmUY~q{5qXat2MXl|QKV)*Z>9 zI(KV4hT=K~^@vp0uWq{HJ}u{<>m1|YJ^HmWN&IER)S?z|XCm9Qb76R)l;02sSqmSGllk?2JUCzH z7!C6nz((3=uhU-ka9|9!J&m5I*^XGcmvV{p+kQj3&1?=HEkWvPEIXa}tL_4qxdy(Q zQI4;oMG)1EOLgr?@QD8WGT(t8&*43gY^kLl#&~=xIy%vQu&jg)IRV^cKP7qbMMfue zL6Vl?YH=ag$*$_8pF|PZ^Oh(6p(y{&EDf60R8*a;x$e^)@|@;lUaHS> z{N{RDvpKvW=xMyij7>{d%nYJv|?UlZ>HisFzJdJt=o^syRCTZ5by8ey+ih9 z5Ua`Rb=I)DtSxzRq8BSiHmp^(bVVM42IC<;zeqXd50WHLI+bd$f23j1*E9l9k0N|l z?ktl@kk<4B>mc7HmQfo`_qE#Avzyg)K8EG$ZS_wxB{rKwz1)xAFp4%}#ONtwA$#Vn z27`L!GX}4t4Nz+*zmn_!a>nP>c9fCZQA+Um^Xm8<+aH82Z?9v_#~Eh%{Xw`T-j2>G zpOYB9M~-dcSK0rLD{n`caYRQ)=Zf?3wz|p6t4EcaaV<%GIPA~G(r26-icF7Vbh3DE zIT*7*%%G8TP-A+8&1*KxHPDuN#zB0sdZItRCmNH+4Yz_X&ky_v@t4@0G7X|L)oXv2 zV>NcU4j>2g%$ls2%rnnPJU_BGxYXx2$AKFrz2VhhUGnJ5lg!tRlZ;386klG~$~o0j zX-OW<$f?HFTJntYb27|vr7w@y6CLJ_Hgzvm*5OiJFs?HGoZ7nTR3y?mv12{)>qd{vV%($hTJmPha3D?>Z4xLDz$DoQx4 s{C;8}-Lp)4_)g35+mTt_iM1iF`>Gc;uyYTNyjAQ^oZyb_v{()Q1r8T&`~Uy| diff --git a/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/Backup.xml b/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/Backup.xml deleted file mode 100644 index d140cfeb..00000000 --- a/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/Backup.xml +++ /dev/null @@ -1,20 +0,0 @@ - - 01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 24 31 7e 4b 58 15 f6 4f ac a8 53 3e 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 24 31 7e 4b 58 15 f6 4f ac a8 53 3e 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 24 31 7e 4b 58 15 f6 4f ac a8 53 3e 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00 - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/Preferences/Groups/Groups.xml b/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/Preferences/Groups/Groups.xml deleted file mode 100644 index 5487da13..00000000 --- a/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/Preferences/Groups/Groups.xml +++ /dev/null @@ -1,3 +0,0 @@ - - - diff --git a/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/Preferences/Services/Services.xml b/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/Preferences/Services/Services.xml deleted file mode 100644 index 59729875..00000000 --- a/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/Preferences/Services/Services.xml +++ /dev/null @@ -1,3 +0,0 @@ - - - diff --git a/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/comment.cmtx b/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/comment.cmtx deleted file mode 100644 index e1491513..00000000 --- a/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/comment.cmtx +++ /dev/null @@ -1,12 +0,0 @@ -๏ปฟ - - - - - - - - - - - \ No newline at end of file diff --git a/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf b/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/microsoft/windows nt/SecEdit/GptTmpl.inf deleted file mode 100644 index 8022b8b94ad39c5af1e9f1e0d9ff1b0fc020143c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 224 zcmZ9Fu?oU47=*uB@EuBUbkRM7IH-dN72BaWlp0DvDrgn@@~xK;7YPaf{a@~G8Y?bz zcp4tua9o))``cLtkyj)Yh32P}m!nJngKDK}dfuWAi($c*JqNuTcATV5%*e$*a{MwZ otCW3?*?~2hGP#^mLto8ZI`Ce{Yul!7Lm73>QTa>Ox+XP!0kS(Jn*aa+ diff --git a/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/registry.pol b/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/DomainSysvol/GPO/Machine/registry.pol deleted file mode 100644 index 8c07e6087e0eb80bfb8bf5136a1233fad22063a1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1010 zcmdUu%}T>i5QUH8gSalzsA$m^7a}bP3ME;%XkEnoHIOEfq|N*Iq<(i&up7liK_p~y z=kLy$Gn2WWWJi(~3REdot4^V6C0c5ZrBJSjH&KJ-*|Zvavx{Ep1zV{Yy|b99wnUfQ z^n@)V>&r63Qtv9nmgoF|HhLpB!k6ov%$&HAY9TV@js%Z1(SRpLE2t478x76wI+*Ch zB`Ck+D3UX3uv?=Pi1JT=N~mMg@b8m9egMs~e diff --git a/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/gpreport.xml b/OLD_CHAPTERS/Chapter 1 Files/Group Policy Objects/{9C409013-05EC-4640-B27A-617EDE2FA837}/gpreport.xml deleted file mode 100644 index 22df5198a36631384f836deecc98b3a251b3f289..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 29576 zcmeI4Yg1E68pr$fR_%94&5J3uM3I|{3{wbUmRcPhK;7B$4I(h^04jk|Yihpw?*4!M z@X&qE=_DtJn4P6kNls4s^4xFTeg5MO}GjVvu6yds zn7^pkad@YDxApoEU$^u*t-0Q6{yp8D(yWsj_jdS4cpM&u4bAhyFl4w*~uKVfj`xITkKZ>p&R%5bvJ|IP1J(s{J*O=oJs%pZ_?b$coJ`hW3v!`)EJDoDA|52noNWj`drrca+DC`JR_x+=$7*xUEB{R zQAU;{RTvFv>1oVk$;yd-8zh6b+skYTekIfQ8M6XCleZT#W% zdqv+*^?NN`(|=3hf#h&4ey-~idDs$8yZXMT&k4PE!z)n=+kZ!Q(ezi61Fn&iNwuF; zkNeRw?CN`3?+1DFySr#12qQ$c8;ft^?C|>BjBKdnHNTAfZ{(GVC7y3<~ z2fAK58^huJn&WIlI!s7{CZg0pl__C9r#o}HMxy3oo9RfSS^axgckk&JZP6=Q-i?%- z(uLJ|ya95hK6(wa-y0UXB7w8Q*Yze1(r~jfuXc2HDA@|jK>YR|H zv*)GMMMI8Patm0uj87B?9tzK+uV@?HwqvW^UL%c{VXd*vU&@+HMPIfNWxPsv!_p&- z%ffS05zmI~Jn_#<(U)l1W4k5k12HwZLpcgEm~TseU1F*@k%bVC6L((*MrA*HB}*w& z`;ytn#mG{Un7S-IjW!91?CE9saZi4Uh`FaXk@we=vOL~z18F<#z8*eJtyvR=$^R|N z?kRgjw-3aDt;hrDzbFq&W(Gez^BLZ!IoGB}JkcoRK|7j(S?ipyQqcSaS$nl_xz+!V zPf2w7-}5aA_S>zv3h%8xg5F>w<|RRP2g_HIBkz${etcg4UKrSOQ4#XKUT@_Ek@-Qh zl%19>0Ek*Hf;x&{i&u+aog&~>tzI41=->Cjm znlp{yxjFWlj25f$L@@kIBX8@P+DX-hFnXI_qt8p#hWRbx!N$}pH~r==_Z$Ynn`kG& zvV>1hbT|}s;X;W5?R%HtK*mPp`-1pwbyzrc6lJb7wsF@g&dGlxflK1)wm6H&?h3mT zS@A_(QGYrPHzkeaU;BDv>G^#io>+D2lYZex^12CFw4bL0D&n(PRd0DIx#hoZtp9L#L)RVY@)PAx)J}fXFRCfDTG#g@y=c7=F?Br3 z+-OQlzjp2^u6*2;k4suIny1RMmC<^Z?2YNEjnm#s{keUduUA}otZKgA->Qwj$6`&& z;s9ynU-gG<$USN3nl;E zE+;YT(mn&a%Cv@84gdU^7P}}eZasWFJz#b9fm#C@*Ag61yqLp;=s_Izs zbXUGGuT_@(zFFzf@~SIenDp+-7kbU~s_J+vuKSI;uh(OI+b5gv=3s}?czUq@b;l*u z&5z^SD_)IV&b~vmqbeo7jg^b5><$Vz=dZH6@+y+;j2*Q4cIDB06|O`HWNcj4(Hss| z%F?=9M=Q|jj05nt&lme)+|DC^y%jUCY_mcJgzVU7_3@2zggx~dkNrc{sCqDz$+m$v zYx4OTsjn@UcfT)a-wx~jmL07`PqHPd{H81Jvmb!<*y;*@+deKo3t9(bZ_vBwx$sX3 zW{ZxWpL#9Z$F-ul;R9>q?AB)u-2C+Lc0Olm+zpM?6K?23dBkdq>R4ovP7n55FtER54B^TaX25eCBE56Q}G_B^w?L!U8AF&9^!P^q#)sQT79`YFQ_>~ z1l<^qIh^+Q1n;Wo2<<2J2~M07;e-Vkvy&d$uLv{#%Gx6SpDIr5iFCAR;qY!sv84~UIAq8(N!oxgk*DZ`HV4`-_< z@C|waS$@(e_40pxZ;R~_OVZB>cB(Vq0b{L_9QLAwSUc<^yJI*ZYP(O^S&iJ}t@a{L z?6}@I<7J-zz!7AZvoFAy+WX4T=gDN%&gWG3Yp4F>hz}<^Y~R%&jt%Nt)uxBah}NV> zn{hwJOL45LYtAjLhrbJ7_H3+&=lT~}g#vYcFG-?T;y=j}=95Ef`tN%<(6=|)Vl7$r@pucug8JNXlWPhds%?_M$}lfx>h$SX(aMx{fVrI zS`Ok^N3u&)Ca{N9TDmS6rL1@2?F;oflt$X>bp78F1o=3YmteiIcy=n4*wrc~cACX1 zCMLNCIdNFC&+xfMiL-O8{kpu5czn(q`~jeLwzG^%XPny}{Q-0K#CF_I?c@?RdkYynHwuiVmPqG|ne zIUw7az7$)TTde-Ja{AO(rq-iaN_tb*rB526l<7<<9^u&yWD?{V#MngM#Mopyv+{Jr z*pq6*JtFyO#VJ$j#Zw)+x=RH9hxDi^1<3+I-4aaA+>571%*9xqZ*ng?IlUSo+7U!# zJoir_uyek%5eM+#$rDS0d^$o@jnR_L|3*G))EtJh+MMyeuf9CHg6svHW<@#1%X64J zf_qLaS0Yt`{I0HfS_V{|(u-{7p89hV+_KAQQE@iDXh9aUJcOzy*G5^ZwN+)Ll*0h= zu(r8IItTq5Kg<}V2$6mBxsUUjI5yVyHQSD5V&vsWvtC6$-6qh!%ByNSvXDGeVxQTP zeEDV^lYhu@$x@D^MstQ54h@P$b6Sob!ctPf^+%RNdlOxY$j$F5u4T<^!#;?8_= zi%UggPZEJ-Qr|-k%F!trU2k30r@_%F{qqWVlS8=<(c0yGQQE+Xpk2YaC#fal?wo28 z)f6f;8@m5WSfr;w|%9CJu++YgBj+JUv~PwWSVaPtW~<(!8xoW|T#)b_J75Bydq7?TMO5 z&z5Aoqskl-2*fA)$J^MNc}J&sHuZWc{X+7o`60_te_vY1jMx{K-0#lvke>eK`Dov& z-Lanfk?3fW<>T8(RQi1V;#KyD4s>o2F%GO&S?n!D+o$r!+HNb)8C>BRx>wq_4D3 z!R=#NhaHw%n&(9;E;f0HZozkC1TY}ID$1iMwKh!yY- zZSoB`nfmvS8NnsTryF&dJO>*%ykFioRY}VJ$Gi`A&3)69^c|f+|Clp>8lwA}*$ehH zJjW~PRDyXBM+{5WKA`I;G)gnI;YMoRMsri^r_ygc*S4aFGSA#b4sV%rG{yQ$8sDA? zVR0`jcW};pvGbGj?nDHZHMkU+=ddRy?a3#)4Ng_^s@>_w3CH20?1qo$HsB)jikuD} z&zb+kE4wGHdkEs6MAL|)i8)-U7z4S{IDD%Un{@@@*IYaKF!ym-S|E{QGy1q zbS$rk|N2$;iBo~L8U;7|c|6KUN0I;db^79OZG|_-niXPfF_AkhQh)E2V&`g%1KjQ< z4DQh)7o#_F_h+XYyY-QUq_u-^w_F%LBSUXu&RgcYXTvVRRhc15w79%pbFhrMF7K#lO@=X4N+A}lHj{X>7<$0(Ukt3Hbu~@lk)J(2emphlX)XydH`WQsn zgZKpBiH)I3&0^XZ3muhNlKB7UETeND;2Iv`~o^y1RGXbf~ zG&OxyG{k@Q9)QuX78ewm*(>c5VaQQ}8? zmL66HtX=MnzK%teqHZmyXk%&68|;KjV7Zsgj{V{}`sh1V7M`VG%B|OOs61Q?ooXaFt)tBNL(DSr+-e8pf zW{(|`#tzv5+2Lj88q!;++J~ zdekA$mfPfX)X9-z%TqR@RQhhTl=F{X4eUmbajb}i=y_Om$Ft*914woym;d>!nv&Y~ z<85ADxTrinA2YAA+{hry@Arc((Y8IMoJ#F`Ac% zrhiX3CW#xa1;erYTzX(fcwQ#HJ4G6JXQ~&?D92W^%J>sIcw|jfe5l`fOak3(b~m5xowZ! SpvW^}27Y#zJGKjZG5i;d40K%p diff --git a/OLD_CHAPTERS/Chapter 1 Files/lme_gpo_for_windows.zip b/OLD_CHAPTERS/Chapter 1 Files/lme_gpo_for_windows.zip deleted file mode 100644 index 3682ec62220b352d06ba753c29df2e0f101caf6e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 22408 zcmd74b#zqO@&+0qMw~#1ySux)D{&|8?nV-##NFMExEl#^cXxLsE-x8=%m6cU-@H5A zwccj+=_Y^FSG(*~pRaaHi2^@+2><{94xr`xUV`3dEIAMa0Kgpu0D$`Oug{myySfR+%z-{Jk;F0j5My4JX+euwiXl)rY7@B#^$pOFYh=~ zA3SKKG)cJ<##HzdB?jrZ(7~cc-TXfAL~jcesE2Oh34}gyh?JQKpQB9AN@?@J2`OBt zCObQ{i?-??VzdFwMbMqD8cemhjsfGHtkhzoT5}`o}cY|{_lj2fwW1Ljr>{<&!cUabtm~zKwz9?JM1)X1S z0$-W-H=Gw*21x?jSFXN$r&@nTfl9|=Tg3$DE7cQ?uwi3pCg{9ULUBs4lIs2J83-V; zl!EOmqjXPv_09m@{K57v=0d!SjJ^q&SJV+Y>N|vV5`*xd;DC4l@}byNH`E8$JD;Q+O$jAYmTm)RPfYRL>BWWM{7p#H4nXtR?dZ1 z(Q;`5tA}R_3DI69MYRPb`)C(h)RPr8Nu@4#mN%snP5!i_gNmeT^phW8aUtERptjb6 zSjn3U>K2)Ze4nV`_P7)vExgxty^JF+oIGiBw>cVPP@6Aklzgp zC#u#UyK@X$-A7Q?uo!IKadM-9l19W6_s*w)lo}$3H$v3s7GBaFm%@WoYCVmaB}^`r zChLC}-Z~4X9pM$9ZbTOE@l0hBT4gmkWvVAzTV(@_5)1ixfF8G+>`Mb;v<+zC=#rpQ zgXe?^Z1U4oj$JhInsUQB@HIp_!7spM!GB-{b)Ee!WxEst6od8vA!*~<)RuTbV{XVbJ zcjg&s{6!Y?p6zJu9L0urlEPNWMVQMeZG3UQ>x>@REOE7=V+IM8V>QaTdinhPWSCyV zgAwcG%-Y?qVO{W$!)NiF6v~gO*TYMKj1k9|;k%QpBXlad7nW3} zQvrOg;o|j`P20-X?C&{B94e-$V$=qS1-0|`z@U}iqG5?=J)eCgws^L9`-YnY=8FxA zcNKAZJnv-v>wwZx{TYf5qj~lwB*vWZZ7>l6vf7c5$vX-$~qZaWQc z=E%|w!s1xzmL7?_Ilje=OKhM7hdsE_TAL|q20VDy0iUyDydLcsDPIWFcc8Op z;+*^E%ZYqD8VI+C1cn0S32XI$+a`4JL+Zo-JJl`_v5GkSU($|TF8d37K3 z>9u~CLNi_A7fkno2Oy~*N;^o#_MS8#0Due-008YjFYRw13%jtHp7~R8w+&Y_Zl!wZ za|m_=n{ZKT7(XFU$I~3yT2W@}fUW)+MM-fql3}3xsQDwwj08hhy9e8$^#FvWOT4Q| zZ%yuaTTIu7>%5ENH_T%d^JbH;*$Q;X8S_(w(}GBA$@OVAr`1sh!!vbW$*Ce%GNgel zmMDKw&8bB)znZbdc+I_)wXlM^ecu9(4FvxgP7}&>2_Xewu)?haw^pqU`hL7= zfYkGz5Aqo(jhc6=dUVY#uQ!wzY^qEcN{&!~5TwyHtEgLgaG+vIJ#)2YrZ;T&8o!u{hzj+AYx0~;yQ+{7`kDvbG&6m&IRLjsz*3sI|+=TM) zB{Kb&5(T9s|ASPne<4*|OWVNEO!s%`-~bm=YT|qfhF0W{aZ30Yr((ZAy0*Egsjis~ zg|?}UgLl{`i8d-IpF`&WqL}0f6ANzHS#++IRyY&{3+TLRC8NX_IlB%FFl;YAav}Cq z2n(U@-`?MIo=b749@|p8wQ5iwIE zCp5Ra6NC$Br9p#sHB7Cg{Jhg-B`k3*O8R083IwlCNudA_6lVP-V$C?{$@G21B zZib77$jX*LbG!^iFoS<^%N4E6zLUDAEg)k287Pcf8OfWs__SYQRJ44GU?%FSNJ~sJ zfIlyfl3+`WdxO~}gU>FhH-na&BbScBeLS&qJ2lSu_n{>6 z3*2IAsBL9#ZLVkYyZir~1aiL=$KKFP$K2i;%j`cvs{OAZWp%arbqxQ21_!Y5c`q?{ zMFpeF?e%k+dK*k>(lM%| zNEG&9X5*@t@uUoU?~~LNMg*DNkeNS3HdgNq*Rj*qHk@_Q&%Mv!*a9gv-LXrAQiz

=wsC$EPhEoMHP%wOHWApv@+qEC4Bl(s3^f0*^&OIms1W^T|zm^+xU8; zkr{8AxK4z$TR<$M$b(K=WovSZ=V#4wRX@5B)oIObYB=ljQeLeBuU`U13|i*6sx9n+} zNR-vKGPJPyPbnt-3sGbZY;7JZx!HfnXsKTbXQO3hV{7pr(AfV4nw+(+)$gLeK7@H6 z^<_N)3IO1p#{Z{IUEjh=*TUS&<|*^{RZY!NgkKa763)AGUA+`64f;e`+UCd)pikaj zsylUQHA5NuIzgqS5UjIQ;%3tPA}`;pZZpUu)9BWfjYUHA+uifqgTcjbqIl&#Qv;fK^0 zjajrT{HW`!&pLqyv!vO-@!d1t zqDsv+KvP5txd$$7`8z|jj0L^tO-*Y&$0oB=_}@PI5oRB#LngU+p@9F-`EAOn*<`FSL}P0 zfk0oUmwyadv{#yl++tUz?&Nh?g0N7`fxMNsD14obwEPeZYO7c4wNZ1Ey%6@fvn0#Tkb*$ScC~Esoz? znu17lG^L&qyCwZsn?<)@3Cl%3wtiJR@B9}J{3AN)QuF%tUU6oA;6OEdaxzG>G` zwqob$7Wc%Qn`zfAHT5WKgXaDzH#j*h2X zmHRY}vI9fVbkY0X_|-buDi4#KcN65;$x$axLlHi+zJ?1m<}qJKi2+*}rzHGu@P{jpuikI2VSRqM=>jtGy1aQ_+i)QL5la20R$jkY_s7ySxJU$QAyBz#Vl@) z_ot-Zn|8VmMVhk5V5tPn9Wm*G z?h;<=UoC2sAeI%$$%AGw;pTkYvfaci`!SjTWvwrG%;S&}*a#rC;)4tNNjImto!11%P@2PV zcAS}5RL;9}m~3AlK1j6fDl(nN#liXE!ttRO!X26#w{iLc%g3z7sDxQK z4uN>qwmc{XcVHvK#dm8VA`>x!;Tzi~b%rjxso<%E7ko6GRQ$28Lm-V+SUrU*C}vK| zr`XTv6vo2YI3&>B>UZo7niS1-QjQm$MNYcc<_7D~KIdlKj_3hq3EzOxHi3;qFIH{G zZBdak7#TD6*24L3>Y1}DC$tM@%#gbwW4q??Z(`f8XaH~1PV`zz8b^>DCriio5i_@v z>px52pCof`{-}svZGJl3w0s(?&u94TgFq4<3uAn`a`s2Y@LEE_miEq`R?kLkX8G&O z?9Lv~Z8br5$xJdKI^)l4>$&*%len%4F^j-OSc1)A_JGyPVYlb{;tNR2<)VcyS4kx_ zdT-4$$tcael7$BcerE3)bKSrl&c$`^zJ&@kN;NOs z^Mk%6&!~c`OE-v&P-UgcRrkZR8ZZ-9lUzBA$|Dy-ZkC*T`JPn(*Y)BkY8q_P9@e@H zY~T~nCy)Dft|@lB<3&BTSVz3%HIOLB1ZL#j1?>jmmf`_^EKHG8Y< z)gA2u>n|lSi6cciakJfMdJHp4Yf1i-A(&DW9UfRlxi~Z&W;BhY zpxC)qjiKK`Y<3!3Cp0R~C2VqJwe{)AU>0GQoFnh4v6vAH@oOJS9NpJi*THCE?F~#k zb-C{s?n8;M(Om@54{2s_P+cZ_ov`Smt818LJzhHGGf5hpAQ{mf(x{2I+n9W53e0k@ zqZ-6kF(%_{E1@SE05Qtp=W4Pm{>&GRs5ooCl3RF?3}zo9gZiuV9-&TKJ90V^DO zq+9q1-dzTZx2b-i%3J&guhyu(eAbuki&w0h)Y&zR@p?fu&N~p4=kEv8cl}I~q1o03 z35ZS}D39vf*v!%|nF~!>KWr)IgH^R7B*GfiS1mDSqAo}Kw5+&9SxPk&im4?8@mVF@ zVnAPL#+bEtPBW&5sanU(&N>+q6${x5-elG%n%KsyNQ;-2ppKX%mpY@=ewcCWu z+$6KM>BB)=K1_Eb%E3i0A#3EpBPUl!c#PUBBC72bB+hVs#uwdIyekZ&eXzRaa+Tqa z4>&U?L}wMBmwk(hM6tJ+D3?46*?qxMMjvbxJulw0bPDMjnDPq*7_zUx zS#EuZ)z_SEy8@{Ol*PFNY#oW?ucp_N&&<^7BxY_b*~cQ}G79}Zl_d~#>hlK$8}#nN z>GwP4R-1(2waXotC)6kL!)9IxaH7^WOty4-o~`b_1AP#$z>Oeey9CL-^!L|7IQn;}ph4az~b7wNnacTn(;WqH#OF zVk&+swujs`oZDS+Q<$}`6yTW%LY(TXKzoxOrr8&Uw;$g$AXHL5eAInNXiqBQ4A78H z?$L3(PSpLR62U*Iq_kUBSD3O-CVnUw)z7pSD$sSAc;bbO+COAOH9#!t)P6bsYMRwb zTKHT&RS&4Kx2g6W{k)#Rz#BqNAf|+sYh5Lsl$XX*g6HgI7xAsTCpr(DvBuDc*6L#{ z3!7ISOeymacaR|=8p*+<8*@VBh_hSZ8uBLk)0T;_uSjtdMsm(C5Y*)3VCe-D$ZtxO z>oy0IKd~~i8gg7rZi{tK*D-fH+{cS=q6nYTB*|J11aDsGw)5&gXL+!t4LVZ_9{3!- zzgg>*q*N`WKYX9~c_1YEb&!&RR=0KkdWF%1P+0$+r4!l!b%Kfn9_(v|HdXl>b+SCY z-h(#bUC(vClTeKEDuu-TLGVp)w`3kdQUNhjIE>*JeC~Pk50EYk$t#Ir#c76 z^;Kdq_h-6>Cmmdo&gT))y%&6Xm%@bxMIk~{Mij$2gfQFReb-TbB%CwE(2{Q-31?c2 z|0A54dFiN_si|vAsK|L}7`e$As2TbB_-O>VnP?e*CY)!4Uf!waJ!m23 zjZ}@i>%?fz=b9X(lYx-N-uIP~>wpTXcI(CnPbGSA?PLI*E%Dc~m#ZKW>03``-At~f zwf9MMbpUs<5DXvt(CP+eTML7ghT7kFB-mV@37Kod0X5*}1&1WvAku(Y{qpvp350i0 zJe^KiN>6fy$dU+h2!!j@HPkr^3!7N@psN8A3oS8;aG0hkz-3TvJNU*LIb>et1sv54 za`R%~p#G{pVqJi6bGcVsDAqZ;2+O-+n9+;A%Ej6&I=98$`Nc(huW-4^AWwCW1=ePi zptmwZVv|Q1sa}&G0i5Mdk^ArQD9{sw{OiTo>UuauCW$w<12c42%HHqcJs0c09Mc+D zNZfYPj-BDFN9KLT--YYvAp8O!4+{bZ5H~Ca1cdjqmUK9?#7e5)nE4{8ej^%(9ZTQyIqSG0bdk3N!tyPaIZ9D2A_?se=*xDYuap?0|5BgdDHitGG56tzBjS zB+FGwckY2R1&1Bs`@~cOd$m;+qgHirvd5!+#7zjo)0FU0945;(4geze7WBmKelaUo zZt$Ek0Z0aUn@k5DT1A(xLl|B$`#GT^xG~z;Gn7P=$^5eLxL6iI zYf!T9V-fgsXJdU4jT7TDvDB8@tLo(RYnfA&=EqD6AHV*nmrS(5Ks1&y?;EnEGL_R0 znkHyoc`Uc?+0SgNqDhyxM-~ORZPH#XXVED|>9_SOp4Tv;==D=~>Y$e`I<`qfF8anF zAJ?-tjSyfiibdGIH$%Hh>N#$A@=LOi*Z?tOxpT6F7$5YZYDf+gc1Cp~%()i)l zus@n`C(LH1cwS<1x^(|d=kDJs-><++@$o!Ist~0fZdCFIrYf|Dl z@&*Yw`AikAPH9LgBB zee)w(SGx0M2^}&;60pE>ZKFa#goU=kN2loQFDr)91D*)%WATwZVyO(u(dD7@;K#d0B|D{VpD5 zQzJY{0C~Ko0xtcGlWl(c(oR?j6;hJ;5H#-`$i$vb^qy@v^og2|3+-7_ z{r-k~g^gVWdgCvcRbI{CJ-aCxW|u5$pyg;jmOV zA-l-N`(F0>XwTLWw~HTrSxE)4>F4gF`mY3c8~%m;06XJnXoLIOg77kFNeyqJgqTmh zGUGy{=QnpHOOE8IwQ_B$h%=ed^+psRgRnC?$=R<8@>a@BDu~IiqUnv6YE8AvR#69C z)qTQJu6oS_g-o>GdRcPWyc5R+-%(KTD2*Lh3(VF~(Kwgh~OiSavnOC+kvU+!AX6%CX7a89_{~OOTkFi=A|yj!o4ojfXvG7C?gs_X&-5%- z6C7y%1dv-Et^Inc8hW>ENEopvT{COv?BggBnX(p6nn*%+Fe{qX?)E4y)LCVNZ#m=T!YsPuoiksqma@kc5h&ijJhdtF>U zNOmffMELcsDG^T=k4X@%A$hyq5ff)(5QyN)^BRJn7ZCpIfr~DOjvF_pr1NL_IOK|v z0{X)w5;#E0u{=Axi1fv(>ih{VVH4TmE2}d^AT!vnIK=w6$UP zaD?UeY;TUpf>W8$+fUq&WsGc8AyYr|kn$4k@Jf3w-|2#1&q6LCzY*4gjvr}nC9*RY zm*w`9sP3I@D-e_tr4KOHoG5Dp8e5+5M;Yq zRjEh7!1YV#d-o*$xU%KS4X!M_PexuQU8O~qQ=s!dL zMx*~PApcCGTl^J`{=bC&|2d8Rvnzh1HUFhOzGs^MU=n{ulKlnM?0Y0ZD|1_mpKDqI zy#%`DV@;!atZBa@%KifIEAA7G<}KZAHcJK9xJe40JkvJzlAoN83?x$Ml>mCq(TKWJ zn6CV*)b^njM55cnw9L=jMb&YPz0Rk4UoLY|lN_C1|)?THd|P>o~g z(bnv%=Hd(ITHza!^_&emGD8|S%mOYft~(gc?jDxN(Z_{zWrF6P=9PB;oSQo`M<*Rv zreT<5T%P=*7p&D|$}c=?oebS)m^z}s$Z zAMbsy>f=T<^k&!el7Nqk%ft`0;a&=ic5f-)vMoW|0^k0A!vqJ&P<9fh!1|bi_UMcg z;QyP@_?M;Z`w5Nl@P3gtDL8M*EZCJgp^S8XQng4KZYiSfR{m9-cuZhJl5Toe%#<-o zZ3s*38aRF)2^v~`y@9?)QqFGB@QLRYawIuPIC3H{jl6TDiU}9^=#yE?Np8O+qwip7 z*Nqo6tnN_ch9DTM(%(hrm z?Ok$zNomspqphQfW}bKOns!cAJqkXpxXo=_{auM`jTWP0Levz+#v8IgR>9g;b1f%X zCZ)sAzVnFglC#iqs7aQOnp@-Myc=Yf%* zQGOd3`9&yyF);Eo+;0OTzY6Y810z49{WdW2U!wgqF!Ch&NN8|@2Mz$h&-(ucM*f-T z9|uNuWl;rR91bejK6v$D%5;DT2(1|Mh(z=8pd)#%S=9EtP6H!=_bdV06Is`2u0PN? zG|)RwQ}YmesZxo*UyxIulaoSQf7ASMFk*ieR&2lpQkR4AI4=@oBhGsrtv-a(n2mD? z>7p-$-n6h@&s*0r&x#_QB9CO`HQ1EFeoc7iWw-6jlBR8z;ouu+=^FxUMq0#SQ2;-G zR4KQBQPQ}f5%=&h?jA&goO&E*RV~YX6dqkB!q8n4qc|7ZEIpP|-_sGq6%t7hwQ--{ zAZxT{B^o{3qF-u~ECOBw!BCC5@1n-7(^SHN6JU+7X+h`KQ*<4f$}CF5qgstc)6lMe489I>N1yS_s#kZ>Fq;wRo;N$ ztc$wtCHcYxk{$HT^Sf?#rT+0n7A6zkw}az@@WBFe>7AxvP}5p4pi9&1o#^$23wtB1 zX81@KiohX?1f(_{5A+L@E&f%n#1Kcup@#u-4FSaH_et}vlA@d|_YiqcCS1yppE=nRV_qT$ViV{;o_Kx%k! z+XyoV=GC$Ja&s51>V`Od`RC?`cW==Wvhd{Rw6+&c8sUv4(62{6T|sNqN(`+M@QypK zrSSSHXrl$lW6}n(sH|QrHx1k%EMN|aHYsE=vPFYka<03FStVGWIW~iYEN<>6;^Q~D z2Yn34N@>Hj!JfrwdtKYkz{Z<$p?lxBTqJU6=%4q-Qhv2)pqclcei~FF?gQ=pcrBQ3 zpTE#fgg=}0Sq+;;Syhs)DH9pK5QcCRnC`leb_<312!0ippfXxg#pEj zg^<#TtGXd3;B1zqn) zjz;SR&g2E=Lau??h9Y2jwv!H|h$R#2l&aQxelA20K{}m;G|`Z?22R1m!&bsPut28{ z?eoX+kzzK2X~sGF`4S|Vym^+(~lvs=HBh@hRs=BP$sVy zrnlOy6xv-;*ui(GM3I~!2&r~`vm2iEs?i<@8i5Qj?wV<-pn8d`e0y`txGcK%$_?Xj zp6TG@uB2*8X22By1qjK~&ZAi*9LUT&8+S5jAiLx_rcGBWltZ(}T-X=FbrH;C#u$)A zu$w_SHJxuRPQjut##J-wST|DP288yxQq}{`=!8SWKHw!)I}ldRtu8=OksgN{-61kG zx<_EUh=vVbFDVABp2}TQq88 zGGqA~Ht)1V?Q)kcNJcTqvZ{%juB0cDWr;zPl4@;NAuz+EHUpmAx}M@J8!Ra5l$3^6 zH06>Ei<8FCCp1PP9_{3d(PW#`=MuoXj*@n%XyJ>MFtVN6la4Y6d1+=5#L9{lMn#q=i09DfyOOIMkJ?PNd2zwWTa$+Fco*UkUXLYrHmLHI+{VdPu z+nLJMOZ^m;_QPie^goBw=QXSJg-3Z3q)!avJSR^d!g=m0Cv6~YsN0!B$!XSaRb{DO zz~Ek03Md+7+2A1nwxmP7i*&e%gGljq`RS5ocvWL3Y`RH{*fUCViu`HBxQ3)#b^%k< zF=HrrY!VTP1)Tj8PC7Zx3{JYMIDG#RHg&J-NY57<4Z%H;)7O?v$64`UejRE<4Q!li z#ydI`rYUv^CCEk5r`!XJgw#p+2_Gau_dyiZ*=iwC!`c zjSGt*iYbN-vckC}={qGDHF{qm;-U&n_^P2O-CTK`TA^(4V%;GktzhYpT=@Y4;=_Te zcev?N66Y5VoE*r7gmK)cHy-L%8izcnsvcu8?*tdT4Xq*D-?Y*@#uNuxZhOz|Iy0Ww zDN?)KWcOKE+4}a)GQO&4w03G}zdaZQ)zQcVy~ZbaICUFJ zOM`1UFcOOHqrT`?eks}}@4bBIXtwMasBt;Dv`RZB`|x&(Ai3+( z|1h99;92@Ax%u01OG2SYP2$KiBbel(CW%p%SrTF1@);vh#<#r&;wuxCBpJ}#wM%pu z?99y{I_vS6F7Cv5dyDKLGm#BHWyGq35Xwpf_m+n&Wes9{T2<0j#-lurB08gkSDO`G zp!1Yxq{g{eGA;9opRjvBz;#TgniRay-zt)>;c78193#t(X z#a2Heyg@u5{VMXDHz1)4T{p`C6YWb03fWb&RqA14aR%&7uI-vA!ik)xL%X(X(_CDY zj}osdex-uP+UzTt#z^62EG*M`6uqFU1+Jhn?>YfD4+(PIj*ZCB`T~~KRVO!|Jl*cpI zr!=ux05uD==XWLwJ?YnO)tpFc&ET5A;VV9|FPzNS&!fL-saANpV@aAazbf*@fjefX zZ`OZ0PtoS36H1DThn%7rfpc3xjQNh!dzbMwAWNCsbmb8crqJu-;6}@a4N6T3XC$Yx zS*d!LJtY?dJr9gpfq?}Pgns6aQ%~M8D?%w@+esMSyO40qQzSld`g*F z5)MLq&WgQ~E4dX+@@S*wJnpta_AnQ?8Eyi31r(TW!$M}4rd&D&7xXL_N9pPcMqbu| znW$XjMWL&(8dV%zqeE!fMTl;{WZPB$uW_GLyt9& z6Kj}KKz9_bGTzHho!ZOmY81CHBjo!b<$-GL;M-lx4D#s}X zwUagROgtOpjU(Q07zER4iqtKV9t=u~hnK9xh`vI(cp`gZks2-qd=C8p>aJd>Gy8!>=&J5zLVtb#crHzZHpfIh@y_@gL?7JYP028~ z8oSI|ZI79>_bW2HPS<;b-AKY>RbuV~9ewzM#xQvT9Lz;J5=+UrUP)j>q^O}OtiGgj z>ZB7r-u|Pss>=Jdt?J|hg)bC|>*x5KR|lxB<^&y+USXm_s5W%WyQQ0`1qBBu1x};m zBs}Ks*xnR>N+(@8y>P}(h;suFy-eMya<08(D`D(RnmJWdw*zL9S4o+*KAcNjy;Vis zt@V~D9%iEtV_70`&I#swMZRYI{Dw>gzYC-39l`lp-d@Z2h6vO4GqdQEbA3+rumSgY zj(mAl*5tOyYEjr~O6gVd&!SMguKO$~v2!AMqAAyz<*>j~x2EZC0SXGifs)qv2J4Js z!#J!fH)-C&V@A9(t-Ul%))~FPCE_T&=yyz*`Q1Iz(Vaunq0ThQwB5#MEk%8NvkQq% z8M*>^-5+}#1UDOR<0R5ZcZp8y6 zi0m!YxS7)fbDp*~T70Xp%B-8a4@$Pkt|%+^Gu8;ksCN zHr~I<-k7cO#VVVi7GsIH++!nX81YMqXFR<%d{J-27kB-9l!bP-0+xmL?SZler?Wj# zH{pKyDrv|Rh3O4PJ1v$xB$Vk;iV9W*(~KS)nevk9ij@_-Crsjv@z!R6u=cQ?lA#-7eJD_HkTH|$!-s8OYa&pFGO9w%1zxCrl` zD*AXwT%DZBaeEj`oyGOyG4&?AVLw0!@x+Zg)!93?Rr2`2!ML&DD#^VTuRiFu>U6)* zcb^*=QC1IZ1vam_>={}73?1a{KQ>j`1- zzeM=TW&b@2*Z*Mv06d}Kga3E?ctZJu+x~|3*Qd9i0KaldJXPeA`Ce?2j)U)R$< zQJ(+%eSXige%tY%z4$~@d|gktp1&0L2j2DXRe0jWzOE+~zWlFL_=AW2rpjL*X#T1S z*5jK6l(%6Gi%e~OJKKJ@E)GSIunb9Vo*Sp1O7Kjgpc78GP zH&W@5(E6srUmrVu+Wgm)RD=GtoBv&fZy%lruJ6@(`hAC=kKBIs1=i!+5zN0==X-kR z59B}l;)%rgx}Kt76ZYRD|3PVdGyk7apGb|b>j_o-@$zqD?;GlO6vyAgOMOHCt^7Cq zO8DO?kH1HMB0avYr_GbV|M#2!KMLd<)L);PeS-QL=HCAt>U&D$kMIHiZG7$LQT0Cn zEFXv0|KX6>UpF*QB+k#{i(kb*H8c%)|5*IrH8ejHP(L;_Y6Sln;D;jkhlT#k*Z^!V=tve{O?Wt*S*xwxIgw%-MJa zd~0C-Pz4;|ucq3*h91`ATlN21mA~nwe)iFiy;LXZzc`8&I37P)CQQ(hBwEtv_A2TJG;@8^ZTQB!RU-?&~Qh!(jkn(?| z!Z%%h?koRlQ0Pe=fZv`sgj4-{b^fle{5d0j>?@II{yp-y4(~rjz>j^U+b=}@%f9mG zO-p^X_2cy^8TWrB{9p8yKcoNHSE@Yzw&6eQ#eV2zo_c^k^_5RhKM&VD?e%NYSN(IS XANxuW&?h0pPyY}A0EGFT{`da?E^z6+ diff --git a/OLD_CHAPTERS/Chapter 1 Files/lme_wec_config.xml b/OLD_CHAPTERS/Chapter 1 Files/lme_wec_config.xml deleted file mode 100644 index c671fd5c..00000000 --- a/OLD_CHAPTERS/Chapter 1 Files/lme_wec_config.xml +++ /dev/null @@ -1,275 +0,0 @@ -๏ปฟ - - - - - - - - lme - SourceInitiated - Logging Made Easy - true - http://schemas.microsoft.com/wbem/wsman/1/windows/EventLog - Custom - - - 900000 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - *[EventData[Data[1]="S-1-5-18"]] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ]]> - - false - HTTP - RenderedText - - ForwardedEvents - Microsoft-Windows-EventCollector - - - - O:NSG:BAD:P(A;;GA;;;DC)(A;;GA;;;DD)S: - diff --git a/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/Group Policy Objects/manifest.xml b/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/Group Policy Objects/manifest.xml deleted file mode 100644 index af5ee2f4..00000000 --- a/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/Group Policy Objects/manifest.xml +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file diff --git a/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/Backup.xml b/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/Backup.xml deleted file mode 100644 index 254762fb..00000000 --- a/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/Backup.xml +++ /dev/null @@ -1,18 +0,0 @@ - - 01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 24 31 7e 4b 58 15 f6 4f ac a8 53 3e 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 24 31 7e 4b 58 15 f6 4f ac a8 53 3e 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 24 31 7e 4b 58 15 f6 4f ac a8 53 3e 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00 - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/DomainSysvol/GPO/GPO.cmt b/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/DomainSysvol/GPO/GPO.cmt deleted file mode 100644 index 5d603be5b941bf2ce43cb2b474d0ab9eb81c1145..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 114 zcmW-ZNeX~K3b^8tUMcv1A`*<}zxR8$0iZ;ga>Dx^CVJF~U0seziFi6|A)#VciY jNlW9r^#^ht2dkX!-Jed|%;2Th75;S6;FrkBqid8tSTqx+ diff --git a/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/DomainSysvol/GPO/Machine/Preferences/ScheduledTasks/ScheduledTasks.xml b/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/DomainSysvol/GPO/Machine/Preferences/ScheduledTasks/ScheduledTasks.xml deleted file mode 100644 index c6739010..00000000 --- a/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/DomainSysvol/GPO/Machine/Preferences/ScheduledTasks/ScheduledTasks.xml +++ /dev/null @@ -1,4 +0,0 @@ - -TESTME\administratorNT AUTHORITY\SystemS4UHighestAvailablePT5MPT1HfalsefalseStopExistingfalsefalsefalsefalsetruefalsePT0S72018-10-01T15:16:34true1PT30MPT30MPT30MP1Dtrue\\server2.testme.local\LME_Share\update.bat - - diff --git a/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/bkupInfo.xml b/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/bkupInfo.xml deleted file mode 100644 index d82cf367..00000000 --- a/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/bkupInfo.xml +++ /dev/null @@ -1 +0,0 @@ - diff --git a/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/gpreport.xml b/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/gpreport.xml deleted file mode 100644 index 0b0d6871ac6d4560c32b3d2b33a43e82016af982..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 20830 zcmeI4`%h!J703N^rT!05f9gtQCcK8nq^tsAW{_YQk<8LoNL6?)ZFrP~?T%Lauebev zeDM0-8z;Fp!vg9?QAl!apSRCBKDPPqe;V#v_oKUVJy&x-xHEU>`tH)*xNG-k_Xjuc zUb(tHYihZ6CwhLW)@yg+TkqY#ox3^pdZRwyx()Yx_dC~c@7*W2uQ3MqS`gRuy|1yr z{9dC5?pDuU>-BH{dZoXM!gVA37kauNtaZVC?f&BS+^%a2_xGaV%5^<8MaY+r0(s8! z))#eM&+Sx4U&O3$ZsuS@aU@)GTOi9Hpc1JCh5nmm(Ed!pb( z*3t7cXX%N$naoYYeH08JZpgOxymZ=hGN1=kD0g`guv~RPQ~B|;AgKej9qRK?zZvsZ-^IW#x-@FG_gP#)-Hy0wdn>^n&_CRs zOKNr5L zmwY*7cTLR)vT9Zj*h`=-Pd6>mVv21s^L`4B(s6cXOL49CYpzEg$CjeS6m98~_eoe} zUoTrB_Z64OnEQH@c|V_(W%KygIR)T;Pa6jL$lDvQ7L-;q=ryUmu4IAo>W(;Uy&H}WkhoDo7;o8zxp z(c(4sMZ-S?`9$BTo#cH8(94Xfj+d$p_$}kX#}q3!qj0B3PNLva7>vslKYhvJTGB-e zDG8JxouUI9tE%^g^lg<`Gzp=okbb2D5iP+oX?p|JeL*J-B4cwm; zuUUWf^v2WkoBEqor@rVHaU@$efs68ZQnUi099NAT^?Q;4^}r3S15K8Zv)ER|NYA|I zN_hvYZg}K$@BUQtwo+HCS=!DYhI3{)Ha?4%GOAyQ6tfsN zi*a$5REtytpG{egUTtL2PZcRBAEo}kV_ev;m_@AodVRE4d-)NIJt@l{s70nZd1*0= zodPO++lo=pK8r#jex~&|TWQ(e>A3aTq!=&^A-!IjMWGly%dJVwyOdu6%~o2ItABwfr`SN>Ri;TsUxtaE3=~&=j3cfHmf>v zj%XGOsmxBQS*EfAe8sHl$Z679)iL;0r15;QkP}KTGlGq-J2q7}ANajjqMGg6*a^{^ zs+7bwb}ry*wz`|G?q>UFzm%~zqyxi*a`F70Uvdp>- z3OTXQ?&GD_2p1alGR_a>tKs9RjH^tGWcfYPkf)_jzc+Mlhy8wA9ksNp$qsK*H;>o_ z@9FQc-;d4j@RuDE?5Cl9FwO?u`p89miZt75_`8RwW#_nB!X5U;Ijzqgxa|*4?iX;T z;M$#zAN+hsL(KQc!(tT~y zOF7Hqp4{UcNA~6u*{R*{I+e!QkLTWo?RazBD81JRUF%~<7V(TaWz+CHj)zqfg`6zA z6m3Z3C)pTxoEBx#c3W-EpXjg4a=8C=Ec!Xmy(ub}{VD&Z+UGTfdsEc%TWSNw&;CAD zR)aBDC0jKDAQ&z_W~EZ*g9Z(mqBYl0`T6@Y1VQr}TlVKdiY5JPU{>wr#Nq5fTy z^jS5>o1CA$Z1E`NHA`LcT9WU3OBlUEFfWD=x$;;zjdr2;wPtZV|JIgnpkllfvz!H+ zA9XVoTbm3m3z2=%3rVFf+1yDMK|)lT&P8!KXjzD1b!4}^@^!$jbZ%$Zvl!_~uLg<`Zdeb)rN94C>E$B|5+i@NlsB+dM{b8S^Q+md#O1a?mE&R5AJ#B$sf zrB#fY*@$Y|DE25zHJAeLmaQ@uH)T=GAUnTCR$*R{8?xN_;&#%!IJ29S+z?xr&$648 zM$b4{)6hn&w|p&Fen)!3BkcN5GSdzDzK-{uwr3k8Q)c8eG+}voFDMFBRnu=)`pjg@ zF3Bl-Be)svRfX~_zLqqc^(07dUU4YStl=Kh;=&s6^i6#hp<=nkEHT>9q)}BUikyAD z=E9sgkglMgtR0`mN`U#2vcyq+tML$Ilg~Rhg_TtaxU0a+TLk0#{>*gV60?!tu%vob z!5ei^%%G>?Btm-(?;D{_7Y%}KQH9QG5USD_ zwe&%9Bh&79$yx4&B>7JZc5U;Ylf|6a+&;NjM)@XKdT zbx9-gU2a@eYWVLk=w*7}n2%V)IZQ|E=4}2~%r~mV$6&XIvLN&mvQF~jka5oIynB?} zsGemdmE|v3Cmt(EF62uouQ0CvH2BGrZ1%7!$WoD>yW{$o#UCXZIG)Z{BAjW*TcolX zi1)y!5c{Ty_NtfsP-x+@Qs zubkjpshdPBsXo)-I`C`LUD+n}E>=p!j0?Zhi?t3{ zeRD%BtU1e$&FU+7_i~gMt<82RVg`DoTRwg1;_l%;u`TGo5s|x~4c6${|37u~P?`O^ z?1NhCo!XD2(OX%rWjwEZ4SJBVoFcyJI;+NS)KpbD$C051I9|fBKUP(&hE5u59xA)b zLf@(5nvc;<;! I^*7xA0Mw}Fn*aa+ diff --git a/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/sysmon_gpo.zip b/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/sysmon_gpo.zip deleted file mode 100644 index 5ac1cc963996220697e24c3c9646f3579f3778f1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9023 zcmc(k2UL^Wvd2U3f>J^eqzXvKgx(ER1BiqgK!}lEq#6(jNbgNRP(kTk0g(>Ud#_SO zFiHnSkor&$N4%c%-d)Rc-~Cu&@-0>}znS@%+55jWFXP}+0lr@C=pglPZ~pj2ePop# z?Ohz0HSKLI5h!L2Gb<#**-1e2kB<-n=6yBPNgqJ0;aC7b9yS2L@^>GxHMO(6iF9)2 zzin%i9@XXOBS__El8!t_$gX)klI|`eFrR-yoFChtd%#zaeOQ=rx|&NTk3R|K=+y1D zs_K&vdu~@p#`D&2>x0h)+KUX$Zyb72My?9MY9G>PnyV;xT{-lOJ~!Wa0WU3K%b^Ja z8LM8?)xKbRW4kJPAvuMz{xI#)*@cT;gHLFT@r^)Qey?VdRu_$ErR<|Y2FgjR6Mm@Z zak{$G5CDSQn=1k_lX4b$T1jn`^U~WP#yoYsMnqR9a^>?N5 z01FC2z#v5tJ`s?hI3EZi3g%N#kQd^E2nh;Zf(Qx;3yCOso+!F>fUkPeFk75EE&z~E z0RSld<~J*tBCK5;zCIa~dW&`gf>Z|)jgko}D(JcM-T6dTB$f}u)tvKH2xN79`x}v_ z<=nUEhDzL8ZdHg_R^}(lU4abUNWL>&J|^B`jF~JH!asvoQY0SDN33YTMCR@1$l`V|oA{3+tg6*+2~s#`x_HsWhI0 z9KC?fhFb&3m0~nLiXPE%z$NHF`>g8m_-LX5h99DNPuNFg*afOg+|Qz=oz`aCq{$Mk z4Yj`<%`Z>(z@+xG1Z!rcvCWse6<6M817q?fIG?chY&>JGBc2uH7DEE1jga7O{WEbL zGl~<|>REtH-_HREVCHk+d8p*ImPg@d!==&ns<#3ms`7~bV6Ev8F&6?i5%Fry=q(TD z@Ism;`*iqSv3VG7OXe=S8b*V6WGLkA2JgzsraWy_kg@>r^Y!fFSvj}@HxDN%sL{}R zg!Y3iBLc7elyHjGA`OUO)Vo#iiei0*@BIU^m+<}zn3bR<8iz&N^M1(zbkL8FebMY# zs(2Ya_~eI?21y%2*?~&X0xVVh4JDt2dz(FaXhne3xkx}K^)o#*0L!-yj>pA?^%(aK z<$HX+1UVr(w@dc)iL1o({X7|w8o-yXFL2;#U_D}NTkJvc-q4L91%idApL#E%GXQ=L zY48E&LxIxQlBL7BHaQHUE8Vqi_!0BnTV-Lit8ZD$x!1$rUD&i#mRf^4JLo;rsjwOj ziC`nB$YoWh6x$5Gd|(PjzYTSJ#dm2oA#6MJ#a<6gRMx23DcU}&B7@sDTn0doI#5iA zl*~#rr4Ozz5Ae3m{umOS7Msl5kn(Qs%Zrk`GgHaSPENLlp3or>omtECl$<0&`mAL+ zg50>^DDboKjjoZ8)*bbw_gtt;VUst-6usldN?C^W34}Oc=FmAk+r_NU`zGeaEIhf3 z@qLlhhQl;tdR4iDJ`1r$9$I5uZ}}VpE9+m>>ohs=GA#HDqX|vv4E!yhcaBC&yx&^( z=9tzFD01A59Z%u8!#dsI^DcJ*RN}dkc^`wOT<3dM+@QPI^D05mz4J(W1gjEaAJnQ59 z6mCE-V)sR8KlAdy+8efO@?Ty&S=i?n)ie_kyTw3%>f>aqQrx~N|0Hy=8p$`UW`(g`1Yj)v=RwH5Z{C8W$ zr`w2Xfkk(!vtx2#Zs(rny>1C`OJDFVuzzU?r9!b8mTMXC`^i|%Wjt;#YIWPONX!7+ zCtSEOw1Ci|=9$VNm|o;pN;3Q4u~i(1uP?Zp7C7pwMM*2L%^b8@v&<2gMs)D`3p}g$H62=ZDW=+X&+F)(F4yDLXskXDvu6 z$&PV2q;$Q1u1yVG#ETk0Oh*$rB(pi~C8k@NS=1VTj^F*%qt9|%LzvkStE3`^MXK&I zAO>efE2%d`fmR_nKLKDS57ZlMW+uhK0TG4wJqT96ci;i^Wz)STd| za59n&)XdX6?Y>(R8`;M8pe-dUrouT@J+;b}QImiJnf1h@D={IN_4Vv+s_T^kV8(^a z`ynm!ytZnbu7!8u4BCLdFAMCS4gzY5u&}g4{+YL5OJw>VbLoh@iF8ETA&@^-#J{?C z`2TQ!4Pk-2;bMclp>679{ey-Ou;cHmE&R>^UuQ?TON$lJNrK@f@wRc0A7KR!gl3&Z#+vQ@04qK}lR{QWwqn&80}+ zH(c%t<%=StzGGG47H&yl92~qcG-xx_PoH$I-p&51ae?ZPuoiXMmmyjXYYQ;=kiD(9 z@|;*Wc;jKv{9$7_b)~nxBAckHk=w&&)r}F-sLwkRVioCc*Kde@g7YwaVe2^eCJOvH z^~wD*`59EIhk$ys7xdoS#4B9^EuHOdP`dGr16(5sg(`UFEsylV$xRx_ zrU=&XSeIquMTvZPgIOB(d!O%l$II(*KG*VckPTw&3A*>n1Rx4I@58h4G~>M3WvviC z)S1vYNliciC$|XXf*L(eyw!9eCJEdgr`$ETr%l`EB(%GSG`?d3kc)Z^O3))RUJ{v! z-|Y!ld1z7(a5iZT7Ev>MWYHbZ3b~p)tl+O02aFiQ)&}J>4Sg-BktUO~+Z#;^+Mgez>fWiGekzXCbnDS}8l09!5A`)}w7w5x* zOB00mVou-KI?t7-G5JV?V;;gy3lZz$QBv1>?aE%C$$A^|`6^^u5Qdi@WI;VTL08lR zqRxjU1teQnN1hX>Q`6FQzL{7d#Q425T z(cP7&($bnU-&LE*(~SV(erl!Y_Z*;9nBwi#QB}ZQ7G$n~hDkq8es+x*CqXSw!(E79 zniViS(o>3U*O}5UEtfjVK~0dYs(vGdsIR6~uf(97#MC5|Z{+#emuSy7r=~q*8pQ)9 zW^YaSuJbpceUfi>KPfb%H35zRg&V6NUf!pIBsfTYGwYqMyZ2}pzDNx)GW?Wh7x;AY z{g$}L9f4$7K09}Jy^6LVZ2|KtbN6%tdd!2R+^N@@HOjkPqqG4qcQ`vExD0r8HS@-E z^duIKy+h{ASWX)wCC5#Y(Nx(DaNLbPy9)``mC1VY_4lrg;N51d_9ibPFPF;)a_upS zIv4Ir^se&nZp`E5c>UE>k4;VX57pED$}Xe8%$DC~FEWGPh|FjNa7f2)HE}y~!aX?nn>5p~V0GgpS82$baIT&aP*g7Q zX8Z8?-t4K3YcpqtId277hZecOr?(9n9<_YL-qX-bq@;uE&rJo#jRKAOaHasCNHy2A zWQ>UCK`(8I>G5B>&dgDF;!tFwlhGYiTND)56NYScRdX9WGtQBZh33fGD^th~ie$aF zR5neBbyY!%$vY1h1ImPiD`aTj3AB3zVrZq((qtizT0BYI7O-ZBpEMs9lwDZO9MVlsSNGv2*TVVua=ab82Nl zLDfoJqyS^0{(&do}^(@$<1YI)SW zi;o$wL6A*Ie{%B{w3vE(*FTpvyphr&d(DtcmvKvGrQkM>9ix;amn1|#$zuWFVjo%a zYWHG=irG`s_AfmjoU_k4*w1#~;twf7lSug8d2EYJbevF5%9>QD2^5Wu<`)yWKS4RTtXJW7<7$5DS*bu`Q=z@c z{T4tE!a_G(igeMeIXh?~0M!pcVLeshm}rr%lR^Y*z|W4W7pUJY!zWpj%+Rk}#V>&R zAVc7S+(J+s+Y33bN#z|A&B?~_o%u878VuRRd2=kWq~o5Gg}Bue-489a9Xw;{0j;h) z6I6Fts2_87v&tsq<$ZTpQIRWCy`#&z4a@$F!6YmN##YX>WrFv>nlE2yMS`zM%^>!D z|KtcqNPK3&CHiLVjNwzL;C>=iX59fE%iM@K@sZsp>|`SqUL#CN&h9OjcAbgvs*EzE zu#IrUi(!|hlAuTp-^TR~iMgqV8~itCrbX%PX$mM8m|lBV+K}70vJ7U$@e*lWIR66Y zHvf~joexod>lQlGU5&h{VDq!_+e*>+4c%7LaKe@=3a{OIzyc8Fd}6V%`7-Z%q5g~F zAHn|i)5ekMfTdo`)g`bKcUHA{m*?xgB0P&r{yjJDwJMd3Q`7TEm_W?9?i+Bk6?Vrd zHa=v-y3VO(ESq@So=uukbcHD}lraSn)xt;<{W`1c${MLnDxK4CsW*t?tOq-1k1zgv zxT$e$)Z)eI%(}(mDN+^07tb4tadvAWF7D^86mey+_9=>B90Wsg!31$gT;7!K#kOI@ zPSN2sf!(xL?I!W++>`Lgm0O=Of+i%lpW%;yxeDsjjpnXBJ(WPyqHg>q-(S>6Larhr zB&9Ma;_@B%?Aw+55!a@9&P0HLt1Gv8@5EF%$>fHZ$5-p{tSbZo)v9`{Hx$~`t!oay z9PSSbr-r?B8F?2fB4UxTAr^jXK;=|)7Gjo!(j;NKz7aTOZ4zkGF`-3HQx%ZAwpt~t zUu(XsU%Pq*%Uul-d%L7Dm4j*dF$%;%u**x9+^_R)YMcMMpYJ_B4h{RqJ7wV7bB-1Z zHr$Um8Cef@s@YvtO@>yox*scqV+z14#cat8>Z_@_O zFJDw$0bQ!=O3CeZh7YJDP~BshD6ud;QY0ij8ey2Gz3ych(Ju+r87$`VmEF3Y)MFgh zsk?In6)wcN8Q~ z?$Nu5P-M(!L5!l3IFb zO{Trp%7ApJNBX#;xl&mvR(Wm?S*0)&?%vr2hN66~Y!+QiztMHrkbO_?S;HM}?vA0H z`7MI9FO8~>8RcDkRZ3O^dXx$g{drN*2i@r&wi|~1XWAI$R7M5&B&0f;eP4m_^YZZx zxjmylay7TsPo?CsR`+!lN{P0cgcC;S_Hnv5kRJNbK@11}aj&RUb$~ z;h*loevCpz3*+XC6}=ki*i00!84hapRM$Xxj>vP{WbWN$Ai5ZSB@Km`NU`n@S7}qv zw``g!RJ}KmzaC(KHZg*aVMx|5p(f|jS>k#{EN~2Wh_!&Qe)vmu<+@R?GDP)nviUfr- zl-xaZ)xt&+k8y0^a|yJPb+eWnGbILR@66g59P6Q%DM>PG{gew*PB(6)eq>nV$EA2* zSDzx|%NcQ|AQeZYR0^1kw3^2S1!oIIL^ra;ePtWptT__1nt$=iDUTB6=tH45b`Ka> zqoE=nUbY6WJ!B{jg^nCPy~4PgS|namqQ)EsGUsWdj4{&=lFX9@-cEep%hzQz(j68l zP~+GhxME@``T?e%?0yStT+E)#DG+RFZJA3OGr$l&W|ZhDXKheCty!zQ=flFb85^VepVH}ot7pd%U%(Vq-=$)Q7CvbcBj4pK^~jIbX0?L9->?T2%c$l0EPnu^?yrQ<7F zO}o^B2mh46`T$D57+=vWa*%{AzNKcp{`%RFE^&4E9{RFXFId*e zjBo8QQzmPBQu%!gr_19nI4!StZ=}=hBsdn;f@<{^hd1?>@r*m~>Lf_ui;2=ytN_W# zUOd%KeY4#T8WJjr++g7sc*C~TXEP1lt5tNb?dses^eZ9{h;2ixc%Ae8Vuf2qH$AL& z0}FB2zJq_?!_XCPdR!A@Q+zNRwk4~184Ft$@OMX0?0>9fkIossU4OZnB?d5m`y&>B z7Vsvjs&#&45bM|$R#kqx|KaAZj;)T}upWKS#iQ3>x;c4>bi;*j_nV|zfzZu8NYUpi$|cp s)7VaGO()5gF`Rr~$s$(1PXX!i<7t3*q@V);r;dKIj{3bf{nxwy0bMyP+W-In diff --git a/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/manifest.xml b/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/manifest.xml deleted file mode 100644 index af5ee2f4..00000000 --- a/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/manifest.xml +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file diff --git a/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/Backup.xml b/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/Backup.xml deleted file mode 100644 index 254762fb..00000000 --- a/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/Backup.xml +++ /dev/null @@ -1,18 +0,0 @@ - - 01 00 04 9c 00 00 00 00 00 00 00 00 00 00 00 00 14 00 00 00 04 00 ec 00 08 00 00 00 05 02 28 00 00 01 00 00 01 00 00 00 8f fd ac ed b3 ff d1 11 b4 1d 00 a0 c9 68 f9 39 01 01 00 00 00 00 00 05 0b 00 00 00 00 00 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 24 31 7e 4b 58 15 f6 4f ac a8 53 3e 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 24 31 7e 4b 58 15 f6 4f ac a8 53 3e 00 02 00 00 00 02 24 00 ff 00 0f 00 01 05 00 00 00 00 00 05 15 00 00 00 24 31 7e 4b 58 15 f6 4f ac a8 53 3e 07 02 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 09 00 00 00 00 02 14 00 94 00 02 00 01 01 00 00 00 00 00 05 0b 00 00 00 00 02 14 00 ff 00 0f 00 01 01 00 00 00 00 00 05 12 00 00 00 00 0a 14 00 ff 00 0f 00 01 01 00 00 00 00 00 03 00 00 00 00 - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/DomainSysvol/GPO/GPO.cmt b/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/DomainSysvol/GPO/GPO.cmt deleted file mode 100644 index 5d603be5b941bf2ce43cb2b474d0ab9eb81c1145..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 114 zcmW-ZNeX~K3b^8tUMcv1A`*<}zxR8$0iZ;ga>Dx^CVJF~U0seziFi6|A)#VciY jNlW9r^#^ht2dkX!-Jed|%;2Th75;S6;FrkBqid8tSTqx+ diff --git a/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/DomainSysvol/GPO/Machine/Preferences/ScheduledTasks/ScheduledTasks.xml b/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/DomainSysvol/GPO/Machine/Preferences/ScheduledTasks/ScheduledTasks.xml deleted file mode 100644 index c6739010..00000000 --- a/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/DomainSysvol/GPO/Machine/Preferences/ScheduledTasks/ScheduledTasks.xml +++ /dev/null @@ -1,4 +0,0 @@ - -TESTME\administratorNT AUTHORITY\SystemS4UHighestAvailablePT5MPT1HfalsefalseStopExistingfalsefalsefalsefalsetruefalsePT0S72018-10-01T15:16:34true1PT30MPT30MPT30MP1Dtrue\\server2.testme.local\LME_Share\update.bat - - diff --git a/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/bkupInfo.xml b/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/bkupInfo.xml deleted file mode 100644 index d82cf367..00000000 --- a/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/bkupInfo.xml +++ /dev/null @@ -1 +0,0 @@ - diff --git a/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/gpreport.xml b/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/sysmon_gpo/Group Policy Objects/{500D54E6-6409-4D75-BBA1-D101CD01216F}/gpreport.xml deleted file mode 100644 index 0b0d6871ac6d4560c32b3d2b33a43e82016af982..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 20830 zcmeI4`%h!J703N^rT!05f9gtQCcK8nq^tsAW{_YQk<8LoNL6?)ZFrP~?T%Lauebev zeDM0-8z;Fp!vg9?QAl!apSRCBKDPPqe;V#v_oKUVJy&x-xHEU>`tH)*xNG-k_Xjuc zUb(tHYihZ6CwhLW)@yg+TkqY#ox3^pdZRwyx()Yx_dC~c@7*W2uQ3MqS`gRuy|1yr z{9dC5?pDuU>-BH{dZoXM!gVA37kauNtaZVC?f&BS+^%a2_xGaV%5^<8MaY+r0(s8! z))#eM&+Sx4U&O3$ZsuS@aU@)GTOi9Hpc1JCh5nmm(Ed!pb( z*3t7cXX%N$naoYYeH08JZpgOxymZ=hGN1=kD0g`guv~RPQ~B|;AgKej9qRK?zZvsZ-^IW#x-@FG_gP#)-Hy0wdn>^n&_CRs zOKNr5L zmwY*7cTLR)vT9Zj*h`=-Pd6>mVv21s^L`4B(s6cXOL49CYpzEg$CjeS6m98~_eoe} zUoTrB_Z64OnEQH@c|V_(W%KygIR)T;Pa6jL$lDvQ7L-;q=ryUmu4IAo>W(;Uy&H}WkhoDo7;o8zxp z(c(4sMZ-S?`9$BTo#cH8(94Xfj+d$p_$}kX#}q3!qj0B3PNLva7>vslKYhvJTGB-e zDG8JxouUI9tE%^g^lg<`Gzp=okbb2D5iP+oX?p|JeL*J-B4cwm; zuUUWf^v2WkoBEqor@rVHaU@$efs68ZQnUi099NAT^?Q;4^}r3S15K8Zv)ER|NYA|I zN_hvYZg}K$@BUQtwo+HCS=!DYhI3{)Ha?4%GOAyQ6tfsN zi*a$5REtytpG{egUTtL2PZcRBAEo}kV_ev;m_@AodVRE4d-)NIJt@l{s70nZd1*0= zodPO++lo=pK8r#jex~&|TWQ(e>A3aTq!=&^A-!IjMWGly%dJVwyOdu6%~o2ItABwfr`SN>Ri;TsUxtaE3=~&=j3cfHmf>v zj%XGOsmxBQS*EfAe8sHl$Z679)iL;0r15;QkP}KTGlGq-J2q7}ANajjqMGg6*a^{^ zs+7bwb}ry*wz`|G?q>UFzm%~zqyxi*a`F70Uvdp>- z3OTXQ?&GD_2p1alGR_a>tKs9RjH^tGWcfYPkf)_jzc+Mlhy8wA9ksNp$qsK*H;>o_ z@9FQc-;d4j@RuDE?5Cl9FwO?u`p89miZt75_`8RwW#_nB!X5U;Ijzqgxa|*4?iX;T z;M$#zAN+hsL(KQc!(tT~y zOF7Hqp4{UcNA~6u*{R*{I+e!QkLTWo?RazBD81JRUF%~<7V(TaWz+CHj)zqfg`6zA z6m3Z3C)pTxoEBx#c3W-EpXjg4a=8C=Ec!Xmy(ub}{VD&Z+UGTfdsEc%TWSNw&;CAD zR)aBDC0jKDAQ&z_W~EZ*g9Z(mqBYl0`T6@Y1VQr}TlVKdiY5JPU{>wr#Nq5fTy z^jS5>o1CA$Z1E`NHA`LcT9WU3OBlUEFfWD=x$;;zjdr2;wPtZV|JIgnpkllfvz!H+ zA9XVoTbm3m3z2=%3rVFf+1yDMK|)lT&P8!KXjzD1b!4}^@^!$jbZ%$Zvl!_~uLg<`Zdeb)rN94C>E$B|5+i@NlsB+dM{b8S^Q+md#O1a?mE&R5AJ#B$sf zrB#fY*@$Y|DE25zHJAeLmaQ@uH)T=GAUnTCR$*R{8?xN_;&#%!IJ29S+z?xr&$648 zM$b4{)6hn&w|p&Fen)!3BkcN5GSdzDzK-{uwr3k8Q)c8eG+}voFDMFBRnu=)`pjg@ zF3Bl-Be)svRfX~_zLqqc^(07dUU4YStl=Kh;=&s6^i6#hp<=nkEHT>9q)}BUikyAD z=E9sgkglMgtR0`mN`U#2vcyq+tML$Ilg~Rhg_TtaxU0a+TLk0#{>*gV60?!tu%vob z!5ei^%%G>?Btm-(?;D{_7Y%}KQH9QG5USD_ zwe&%9Bh&79$yx4&B>7JZc5U;Ylf|6a+&;NjM)@XKdT zbx9-gU2a@eYWVLk=w*7}n2%V)IZQ|E=4}2~%r~mV$6&XIvLN&mvQF~jka5oIynB?} zsGemdmE|v3Cmt(EF62uouQ0CvH2BGrZ1%7!$WoD>yW{$o#UCXZIG)Z{BAjW*TcolX zi1)y!5c{Ty_NtfsP-x+@Qs zubkjpshdPBsXo)-I`C`LUD+n}E>=p!j0?Zhi?t3{ zeRD%BtU1e$&FU+7_i~gMt<82RVg`DoTRwg1;_l%;u`TGo5s|x~4c6${|37u~P?`O^ z?1NhCo!XD2(OX%rWjwEZ4SJBVoFcyJI;+NS)KpbD$C051I9|fBKUP(&hE5u59xA)b zLf@(5nvc;<;! I^*7xA0Mw}Fn*aa+ diff --git a/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/update.bat b/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/update.bat deleted file mode 100644 index d1742034..00000000 --- a/OLD_CHAPTERS/Chapter 2 Files/GPO Deployment/update.bat +++ /dev/null @@ -1,105 +0,0 @@ -@echo off - -(wmic computersystem get domain | findstr /v Domain | findstr /r /v "^$") > fqdn.txt -set /p FQDN= %SYSMONDIR%\runningver.txt -(sigcheck64.exe -n -nobanner /accepteula %GLBSYSMONBIN%) > %SYSMONDIR%\latestver.txt -set /p runningver=<%SYSMONDIR%\runningver.txt -set /p latestver=<%SYSMONDIR%\latestver.txt -echo Currently running sysmon : %runningver% -echo Latest sysmon is %latestver% located at %GLBSYSMONBIN% -If "%runningver%" NEQ "%latestver%" ( -goto uninstallsysmon -) ELSE ( -goto updateconfig -) - -:updateconfig -chdir %SYSMONDIR% -IF EXIST runningconfver.txt DEL /F runningconfver.txt -IF EXIST latestconfver.txt DEL /F latestconfver.txt -if NOT EXIST %SIGCHECK% ( -copy %GLBSIGCHECK% %SYSMONDIR% /y) -::Added -c for the comparison, enables us to compare hashes -(sigcheck64.exe -h -c -nobanner /accepteula %SYSMONCONF%) > %SYSMONDIR%\runningconfver.txt -(sigcheck64.exe -h -c -nobanner /accepteula %GLBSYSMONCONFIG%) > %SYSMONDIR%\latestconfver.txt -::Looks for the 11th token in the csv of sigcheck. This is the MD5 hash. 12th token is SHA1, 15th is SHA2 -for /F "delims=, tokens=11" %%h in (runningconfver.txt) DO (set runningconfver=%%h) -for /F "delims=, tokens=11" %%h in (latestconfver.txt) DO (set latestconfver=%%h) -::The following commands are not usful because they are comparing only the first line, which includes the path of the checked file. And this is always not eqal. -::set /p runningconfver=<%SYSMONDIR%\runningconfver.txt -::set /p latestconfver=<%SYSMONDIR%\latestconfver.txt -If "%runningconfver%" NEQ "%latestconfver%" ( -copy %GLBSYSMONCONFIG% %SYSMONCONF% /y -chdir %SYSMONDIR% -(%SYSMONBIN% -c %SYSMONCONF%) -) - -sc stop Sysmon64 -sc start Sysmon64 -EXIT /B 0 - -:uninstallsysmon -chdir %SYSMONDIR% -%SYSMONBIN% -u -goto installsysmon diff --git a/OLD_CHAPTERS/Chapter 2 Files/SCCM Deployment/Install_Sysmon64.ps1 b/OLD_CHAPTERS/Chapter 2 Files/SCCM Deployment/Install_Sysmon64.ps1 deleted file mode 100644 index b7015782..00000000 --- a/OLD_CHAPTERS/Chapter 2 Files/SCCM Deployment/Install_Sysmon64.ps1 +++ /dev/null @@ -1 +0,0 @@ -๏ปฟC:\WINDOWS\Sysmon64.exe -i c:\WINDOWS\sysmonconf.xml -accepteula diff --git a/OLD_CHAPTERS/Chapter 2 Files/SCCM Deployment/Uninstall_Sysmon64.ps1 b/OLD_CHAPTERS/Chapter 2 Files/SCCM Deployment/Uninstall_Sysmon64.ps1 deleted file mode 100644 index b0ee57be..00000000 --- a/OLD_CHAPTERS/Chapter 2 Files/SCCM Deployment/Uninstall_Sysmon64.ps1 +++ /dev/null @@ -1,5 +0,0 @@ -๏ปฟ## Sysinternals Sysmon64.exe Uninstaller -# Perform automated uninstall -& C:\Windows\Sysmon64.exe -u -# House keep remaining file -Remove-Item C:\Windows\Sysmon64.exe \ No newline at end of file diff --git a/OLD_CHAPTERS/Chapter 3 Files/.gitignore b/OLD_CHAPTERS/Chapter 3 Files/.gitignore deleted file mode 100644 index 750e3bcb..00000000 --- a/OLD_CHAPTERS/Chapter 3 Files/.gitignore +++ /dev/null @@ -1 +0,0 @@ -*-live.* diff --git a/OLD_CHAPTERS/Chapter 3 Files/dashboard_update.sh b/OLD_CHAPTERS/Chapter 3 Files/dashboard_update.sh deleted file mode 100644 index 25b4322a..00000000 --- a/OLD_CHAPTERS/Chapter 3 Files/dashboard_update.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash -LME_DIR=/opt/lme/ -IFS=$'\n' -Dashboards="$(ls -1 ${LME_DIR}Chapter\ 4\ Files/dashboards/*.ndjson)" -echo $Dashboards - - -if [ -r /opt/lme/lme.conf ]; then - #reference this file as a source - . /opt/lme/lme.conf - #check if the version number is equal to the one we want - if [ "$version" == "1.3.0" ] || [ "$FRESH_INSTALL" = "true" ]; then - echo -e "\e[32m[X]\e[0m Updating from git repo" - git -C /opt/lme/ pull - #make sure the hostname variable is present - #echo -e "\e[32m[X]\e[0m Updating stored dashboard file" - if [ -n "$hostname" ]; then - - echo -e "\e[32m[X]\e[0m Uploading the new dashboards to Kibana" - for db in ${Dashboards}; - do - echo -e "\e[32m[X]\e[0m Uploading ${db%%*.} dashboard\n" - curl -X POST -k --user dashboard_update:dashboardupdatepassword -H 'kbn-xsrf: true' --form file="@${dashbaord_dir}/${db}" "https://127.0.0.1/api/saved_objects/_import?overwrite=true" - echo - done - - fi - else - echo "!!Upgrade to 1.3.0!!" - fi - -fi diff --git a/OLD_CHAPTERS/Chapter 3 Files/deploy.sh b/OLD_CHAPTERS/Chapter 3 Files/deploy.sh deleted file mode 100755 index 1cd1980c..00000000 --- a/OLD_CHAPTERS/Chapter 3 Files/deploy.sh +++ /dev/null @@ -1,1209 +0,0 @@ -#!/bin/bash -############################ -# LME Deploy Script # -############################ -# This script configures a host for LME including generating certificates and populating configuration files. - -REQUIRED_PACKS=(curl zip net-tools jq) - -DATE="$(date '+%Y-%m-%d-%H:%M:%S')" - -#TODO: convert all logging messages to the following formats: -ED=`tput setaf 1` -GREEN=`tput setaf 2` -YELLOW=`tput setaf 3` -MAGENTA=`tput setaf 5` -CYAN=`tput setaf 6` -BOLD=`tput bold` -RST=`tput sgr0` -function msg { echo -e "${CYAN} $@ ${RST}"; } -function info { echo -e "\e[32m[X]\e[0m $@"; } -function success { echo -e "${GREEN}[+] $@ ${RST}"; } -function warn { echo -e "${YELLOW}[!] $@ ${RST}"; } -function error { echo -e "${RED}[-] $@ ${RST}"; } - -#ready? -ready() { - if [ -z "$1" ]; then - str="Are you sure?" - else - str=$1 - fi - echo $str - - check="" - while ! ([ "${check}" = "n" ] || [ "${check}" = "y" ] ); - do - read -e -p " OK [y/n]?" -i "y" check - if [ "${check}" == "n" ]; then - echo -e "\e[33m[!]\e[0m Selected **NO** EXITING" - exit 1 - elif [ "${check}" == "y" ]; then - #ready check passed by user - return - else - echo -e "\e[33m[!]\e[0m ONLY PROVIDE y or n" - fi - done -} - -#prompt for y/n -prompt() { - if [ -z "$1" ]; then - str="Are you sure?" - else - str=$1 - fi - - while true; do - echo -n "$str" - read -r -p " [Y/n] " -i "y" input - - case $input in - [yY][eE][sS] | [yY]) - return 0 #true - break - ;; - [nN][oO] | [nN]) - return 1 #false - break - ;; - *) - echo "Invalid input..." - ;; - esac - done -} - -#pull latest version from github or -#SET: FORCE_LATEST_VERSION in environment to force a specific version in testing -function get_latest_version() { - if (: "${FORCE_LATEST_VERSION?}") 2>/dev/null; - then - echo -n "$FORCE_LATEST_VERSION" - else - curl -sL https://api.github.com/repos/cisagov/lme/releases/latest | jq -r ".tag_name" | sed 's/v//g' | tr -d "\n" - fi - return 0 -} - - -function customlogstashconf() { - #add option for custom logstash config - CUSTOM_LOGSTASH_CONF=/opt/lme/Chapter\ 3\ Files/logstash_custom.conf - if test -f "$CUSTOM_LOGSTASH_CONF"; then - echo -e "\e[32m[X]\e[0m Custom logstash config exists, Not creating" - else - echo -e "\e[32m[X]\e[0m Creating custom logstash conf" - echo "#custom logstash configuration file" >>/opt/lme/Chapter\ 3\ Files/logstash_custom.conf - fi -} - -function generatepasswords() { - - elastic_user_pass=$(LC_ALL=C tr -dc 'a-zA-Z0-9' max_attempts)); then - echo "Elasticsearch is not responding after $max_attempts attempts - exiting." - exit 1 - fi - done - echo -e "\n\e[32m[X]\e[0m Elasticsearch is up and running." - - echo -e "\e[32m[X]\e[0m Setting elastic user password" - curl --cacert certs/root-ca.crt --user elastic:${temp} -X POST "https://127.0.0.1:9200/_security/user/elastic/_password" -H 'Content-Type: application/json' -d' { "password" : "'"$elastic_user_pass"'"} ' - - echo -e "\n\e[32m[X]\e[0m Setting kibana system password" - curl --cacert certs/root-ca.crt --user "elastic:$elastic_user_pass" -X POST "https://127.0.0.1:9200/_security/user/kibana_system/_password" -H 'Content-Type: application/json' -d' { "password" : "'"$kibana_system_pass"'"} ' - - echo -e "\n\e[32m[X]\e[0m Setting logstash system password" - curl --cacert certs/root-ca.crt --user "elastic:$elastic_user_pass" -X POST "https://127.0.0.1:9200/_security/user/logstash_system/_password" -H 'Content-Type: application/json' -d' { "password" : "'"$logstash_system_pass"'"} ' - - setroles - - echo -e "\n\e[32m[X]\e[0m Creating logstash writer user" - curl --cacert certs/root-ca.crt --user "elastic:$elastic_user_pass" -X POST "https://127.0.0.1:9200/_security/user/logstash_writer" -H 'Content-Type: application/json' -d' -{ - "password" : "logstash_writer", - "roles" : [ "logstash_writer"], - "full_name" : "Internal Logstash User" - } -' - - echo -e "\n\e[32m[X]\e[0m Setting logstash writer password" - curl --cacert certs/root-ca.crt --user "elastic:$elastic_user_pass" -X POST "https://127.0.0.1:9200/_security/user/logstash_writer/_password" -H 'Content-Type: application/json' -d' { "password" : "'"$logstash_writer"'"} ' - - echo -e "\n\e[32m[X]\e[0m Creating dashboard update user" - curl --cacert certs/root-ca.crt --user "elastic:$elastic_user_pass" -X POST "https://127.0.0.1:9200/_security/user/dashboard_update" -H 'Content-Type: application/json' -d' -{ - "password" : "dashboard_update", - "roles" : [ "dashboard_update"], - "full_name" : "Internal dashboard update User" - } -' - - echo -e "\n\e[32m[X]\e[0m Setting dashboard update user password" - curl --cacert certs/root-ca.crt --user "elastic:$elastic_user_pass" -X POST "https://127.0.0.1:9200/_security/user/dashboard_update/_password" -H 'Content-Type: application/json' -d' { "password" : "'"$update_user_pass"'"} ' -} - -function zipfiles() { - #zip the files to allow the user to download them for the WLB install. - #copy them to home to start with - echo -e "\n\e[32m[X]\e[0m Generating files_for_windows zip" - - mkdir -p /tmp/lme - cp /opt/lme/Chapter\ 3\ Files/winlogbeat.yml /tmp/lme/ - if [ -r /opt/lme/Chapter\ 3\ Files/certs/wlbclient.crt ]; then - cp /opt/lme/Chapter\ 3\ Files/certs/wlbclient.crt /tmp/lme/ - fi - if [ -r /opt/lme/Chapter\ 3\ Files/certs/wlbclient.key ]; then - cp /opt/lme/Chapter\ 3\ Files/certs/wlbclient.key /tmp/lme/ - fi - cp /opt/lme/Chapter\ 3\ Files/certs/root-ca.crt /tmp/lme/ - sed -i "s/logstash_dns_name/$logstashcn/g" /tmp/lme/winlogbeat.yml - zip -rmT /opt/lme/files_for_windows.zip /tmp/lme - # Give global read permissions to new archive for later retrieval - chmod 664 /opt/lme/files_for_windows.zip - -} - -function generateCA() { - echo -e "\e[33m[!]\e[0m Note: Depending on your OpenSSL configuration you may see an error opening a .rnd file into RNG, this will not block the installation" - - #configure certificate authority - mkdir -p certs - - #make a new key for the root ca - echo -e "\e[32m[X]\e[0m Making root Certificate Authority" - openssl genrsa -out certs/root-ca.key 4096 - - #make a cert signing request for this key - openssl req -new -key certs/root-ca.key -out certs/root-ca.csr -sha256 -subj "$CERT_STRING/CN=Swarm" - - #Set openssl so that this root can only sign certs and not sign intermediates - { - echo "[root_ca]" - echo "basicConstraints = critical,CA:TRUE,pathlen:1" - echo "keyUsage = critical, nonRepudiation, cRLSign, keyCertSign" - echo "subjectKeyIdentifier=hash" - } >certs/root-ca.cnf - - #sign the root ca - echo -e "\e[32m[X]\e[0m Signing root CA" - openssl x509 -req -days 3650 -in certs/root-ca.csr -signkey certs/root-ca.key -sha256 -out certs/root-ca.crt -extfile certs/root-ca.cnf -extensions root_ca -} - -function generatelogstashcert() { - ##logstash server - #make a new key for logstash - echo -e "\e[32m[X]\e[0m Making Logstash certificate" - openssl genrsa -out certs/logstash.key 4096 - - #make a cert signing request for logstash - openssl req -new -key certs/logstash.key -out certs/logstash.csr -sha256 -subj "$CERT_STRING/CN=$logstashcn" - - #set openssl so that this cert can only perform server auth and cannot sign certs - { - echo "[server]" - echo "authorityKeyIdentifier=keyid,issuer" - echo "basicConstraints = critical,CA:FALSE" - echo "extendedKeyUsage=serverAuth" - echo "keyUsage = critical, digitalSignature, keyEncipherment" - echo "subjectAltName = DNS:$logstashcn, IP: $logstaship" - echo "subjectKeyIdentifier=hash" - } >certs/logstash.cnf - - #sign the logstash cert - echo -e "\e[32m[X]\e[0m Signing logstash cert" - openssl x509 -req -days 750 -in certs/logstash.csr -sha256 -CA certs/root-ca.crt -CAkey certs/root-ca.key -CAcreateserial -out certs/logstash.crt -extfile certs/logstash.cnf -extensions server - mv certs/logstash.key certs/logstash.key.pem && openssl pkcs8 -in certs/logstash.key.pem -topk8 -nocrypt -out certs/logstash.key -} - -function generateclientcert() { - ##winlogbeat client - #make a new key for winlogbeat client - echo -e "\e[32m[X]\e[0m Making Winlogbeat client certificate" - openssl genrsa -out certs/wlbclient.key 4096 - - #make a cert signing request for wlbclient - openssl req -new -key certs/wlbclient.key -out certs/wlbclient.csr -sha256 -subj "$CERT_STRING/CN=wlbclient" - - #set openssl so that this cert can only perform server auth and cannot sign certs - { - echo "[server]" - echo "authorityKeyIdentifier=keyid,issuer" - echo "basicConstraints = critical,CA:FALSE" - echo "extendedKeyUsage=clientAuth" - echo "keyUsage = critical, digitalSignature, keyEncipherment" - #echo "subjectAltName = DNS:localhost, IP:127.0.0.1" - echo "subjectKeyIdentifier=hash" - } >certs/wlbclient.cnf - - #sign the wlbclient cert - echo -e "\e[32m[X]\e[0m Signing wlbclient cert" - openssl x509 -req -days 750 -in certs/wlbclient.csr -sha256 -CA certs/root-ca.crt -CAkey certs/root-ca.key -CAcreateserial -out certs/wlbclient.crt -extfile certs/wlbclient.cnf -extensions server -} - -function generateelasticcert() { - ##elasticsearch server - #make a new key for elasticsearch - echo -e "\e[32m[X]\e[0m Making Elasticsearch certificate" - openssl genrsa -out certs/elasticsearch.key 4096 - - #make a cert signing request for elasticsearch - openssl req -new -key certs/elasticsearch.key -out certs/elasticsearch.csr -sha256 -subj "$CERT_STRING/CN=elasticsearch" - - #set openssl so that this cert can only perform server auth and cannot sign certs - { - echo "[server]" - echo "authorityKeyIdentifier=keyid,issuer" - echo "basicConstraints = critical,CA:FALSE" - echo "extendedKeyUsage=serverAuth,clientAuth" - echo "keyUsage = critical, digitalSignature, keyEncipherment" - #echo "subjectAltName = DNS:elasticsearch, IP:127.0.0.1" - echo "subjectAltName = DNS:elasticsearch, IP:127.0.0.1, DNS:$logstashcn, IP: $logstaship" - echo "subjectKeyIdentifier=hash" - } >certs/elasticsearch.cnf - - #sign the elasticsearchcert - echo -e "\e[32m[X]\e[0m Sign elasticsearch cert" - openssl x509 -req -days 750 -in certs/elasticsearch.csr -sha256 -CA certs/root-ca.crt -CAkey certs/root-ca.key -CAcreateserial -out certs/elasticsearch.crt -extfile certs/elasticsearch.cnf -extensions server - mv certs/elasticsearch.key certs/elasticsearch.key.pem && openssl pkcs8 -in certs/elasticsearch.key.pem -topk8 -nocrypt -out certs/elasticsearch.key -} - -function generatekibanacert() { - ##kibana server - #make a new key for kibana - echo -e "\e[32m[X]\e[0m Making Kibana certificate" - openssl genrsa -out certs/kibana.key 4096 - - #make a cert signing request for kibana - openssl req -new -key certs/kibana.key -out certs/kibana.csr -sha256 -subj "$CERT_STRING/CN=kibana" - - #set openssl so that this cert can only perform server auth and cannot sign certs - { - echo "[server]" - echo "authorityKeyIdentifier=keyid,issuer" - echo "basicConstraints = critical,CA:FALSE" - echo "extendedKeyUsage=serverAuth" - echo "keyUsage = critical, digitalSignature, keyEncipherment" - #echo "subjectAltName = DNS:$logstashcn, IP: $logstaship" - echo "subjectAltName = DNS:kibana, IP:127.0.0.1, DNS:$logstashcn, IP: $logstaship" - echo "subjectKeyIdentifier=hash" - } >certs/kibana.cnf - - #sign the kibanacert - echo -e "\e[32m[X]\e[0m Sign kibana cert" - openssl x509 -req -days 750 -in certs/kibana.csr -sha256 -CA certs/root-ca.crt -CAkey certs/root-ca.key -CAcreateserial -out certs/kibana.crt -extfile certs/kibana.cnf -extensions server - mv certs/kibana.key certs/kibana.key.pem && openssl pkcs8 -in certs/kibana.key.pem -topk8 -nocrypt -out certs/kibana.key -} - -function populatecerts() { - #add to docker secrets - echo -e "\e[32m[X]\e[0m Adding certificates and keys to Docker" - - #ca cert - docker secret create ca.crt certs/root-ca.crt - - #logstash - docker secret create logstash.key certs/logstash.key - docker secret create logstash.crt certs/logstash.crt - - #elasticsearch server - docker secret create elasticsearch.key certs/elasticsearch.key - docker secret create elasticsearch.crt certs/elasticsearch.crt - - #kibana server - docker secret create kibana.key certs/kibana.key - docker secret create kibana.crt certs/kibana.crt -} - -function removecerts() { - #add to docker secrets - echo -e "\e[32m[X]\e[0m Removing existing certificates and keys from Docker" - - #ca cert - docker secret rm ca.crt - - #logstash - docker secret rm logstash.key - docker secret rm logstash.crt - - #elasticsearch server - docker secret rm elasticsearch.key - docker secret rm elasticsearch.crt - - #kibana server - docker secret rm kibana.key - docker secret rm kibana.crt -} - -function populatelogstashconfig() { - #add logstash conf to config - docker config create logstash.conf logstash.edited.conf - - #add logstash_custom conf to config - customlogstashconf - docker config create logstash_custom.conf logstash_custom.conf -} - -function configuredocker() { - sysctl -w vm.max_map_count=262144 - SYSCTL_STATUS=$(grep vm.max_map_count /etc/sysctl.conf) - if [ "$SYSCTL_STATUS" == "vm.max_map_count=262144" ]; then - echo "SYSCTL already configured" - else - echo "vm.max_map_count=262144" >>/etc/sysctl.conf - fi - - RAM_COUNT="$(awk '( $1 == "MemAvailable:" ) { print $2/1048576 }' /proc/meminfo | xargs printf "%.*f\n" 0)" - #Table for ES ram - if [ "$RAM_COUNT" -lt 8 ]; then - echo -e "\e[31m[!]\e[0m LME Requires 8GB of RAM Available for use - exiting" - exit 1 - elif [ "$RAM_COUNT" -ge 8 ] && [ "$RAM_COUNT" -le 16 ]; then - ES_RAM=$((RAM_COUNT - 4)) - elif [ "$RAM_COUNT" -ge 17 ] && [ "$RAM_COUNT" -le 32 ]; then - ES_RAM=$((RAM_COUNT - 6)) - elif [ "$RAM_COUNT" -ge 33 ] && [ "$RAM_COUNT" -le 49 ]; then - ES_RAM=$((RAM_COUNT - 8)) - elif [ "$RAM_COUNT" -ge 50 ]; then - ES_RAM=31 - else - echo -e "\e[31m[!]\e[0m Unable to determine RAM - exiting" - exit 1 - fi - - sed -i "s/ram-count/$ES_RAM/g" /opt/lme/Chapter\ 3\ Files/docker-compose-stack-live.yml - - sed -i "s/insertkibanapasswordhere/$kibana_system_pass/g" /opt/lme/Chapter\ 3\ Files/docker-compose-stack-live.yml - - sed -i "s/kibanakey/$kibanakey/g" /opt/lme/Chapter\ 3\ Files/docker-compose-stack-live.yml - - sed -i "s/insertpublicurlhere/https:\/\/$logstashcn/g" /opt/lme/Chapter\ 3\ Files/docker-compose-stack-live.yml -} - -function installdocker() { - echo -e "\e[32m[X]\e[0m Installing Docker" - curl -fsSL https://get.docker.com -o get-docker.sh >/dev/null - sh get-docker.sh >/dev/null - echo "Starting docker" - service docker start - sleep 5 -} - -function initdockerswarm() { - echo -e "\e[32m[X]\e[0m Configuring Docker swarm" - docker swarm init --advertise-addr "$logstaship" - if [ "$?" == 1 ]; then - echo -e "\e[31m[!]\e[0m Failed to initialize docker swarm (Is $logstaship the correct IP address?) - exiting" - exit 1 - fi -} - -function pulllme() { - echo "Pulling ELK images" - docker compose -f /opt/lme/Chapter\ 3\ Files/docker-compose-stack-live.yml pull --quiet -} - -function deploylme() { - docker stack deploy lme --compose-file /opt/lme/Chapter\ 3\ Files/docker-compose-stack-live.yml -} - -get_distribution() { - lsb_dist="" - # Every system that we officially support has /etc/os-release - if [ -r /etc/os-release ]; then - lsb_dist="$(. /etc/os-release && echo "$ID")" - fi - # Returning an empty string here should be alright since the - # case statements don't act unless you provide an actual value - echo "$lsb_dist" -} - -function indexmappingupdate() { - echo -e "\n\e[32m[X]\e[0m Uploading the LME index template" - curl --cacert certs/root-ca.crt --user "elastic:$elastic_user_pass" -X PUT "https://127.0.0.1:9200/_index_template/lme_template" -H 'Content-Type: application/json' --data "@winlog-index-mapping.json" -} - -function pipelineupdate() { - echo -e "\n\e[32m[X]\e[0m Setting Elastic pipelines" - - #create beats pipeline - curl --cacert certs/root-ca.crt --user "elastic:$elastic_user_pass" -X PUT "https://127.0.0.1:9200/_ingest/pipeline/winlogbeat" -H 'Content-Type: application/json' -d' -{ - "description": "Add geoip info and ingest timestamp", - "processors": [ - { - "geoip": { - "field": "client.ip", - "target_field": "client.geo", - "ignore_missing": true - } - }, - { - "geoip": { - "field": "source.ip", - "target_field": "source.geo", - "ignore_missing": true - } - }, - { - "geoip": { - "field": "destination.ip", - "target_field": "destination.geo", - "ignore_missing": true - } - }, - { - "geoip": { - "field": "server.ip", - "target_field": "server.geo", - "ignore_missing": true - } - }, - { - "geoip": { - "field": "host.ip", - "target_field": "host.geo", - "ignore_missing": true - } - }, - { - "set": { - "field": "event.ingested", - "value": "{{_ingest.timestamp}}", - "ignore_failure": true - } - } - ] -} -' -} - -function data_retention() { - # Show ext4 disk - DF_OUTPUT="$(df -BG -l --output=source,size /var/lib/docker)" - - # Pull device name - DISK_DEV="$(echo "$DF_OUTPUT" | awk 'NR==2 {print $1}')" - - # Pull device size - DISK_SIZE="$(echo "$DF_OUTPUT" | awk 'NR==2 {print $2}' | sed 's/G//')" - - # Check if DISK_SIZE is empty or not a number - if ! [[ "$DISK_SIZE" =~ ^[0-9]+$ ]]; then - echo -e "\e[31m[!]\e[0m DISK_SIZE not an integer or is empty - exiting." - exit 1 - fi - - echo -e "\e[32m[X]\e[0m We think your main disk is $DISK_DEV and its size is $DISK_SIZE gigabytes" - - if [ "$DISK_SIZE" -lt 128 ]; then - echo -e "\e[33m[!]\e[0m Warning: Disk size less than 128GB, recommend a larger disk for production environments. Install continuing..." - sleep 3 - RETENTION="30" - elif [ "$DISK_SIZE" -ge 128 ] && [ "$DISK_SIZE" -le 179 ]; then - RETENTION="45" - elif [ "$DISK_SIZE" -ge 180 ] && [ "$DISK_SIZE" -le 359 ]; then - RETENTION="90" - elif [ "$DISK_SIZE" -ge 360 ] && [ "$DISK_SIZE" -le 539 ]; then - RETENTION="180" - elif [ "$DISK_SIZE" -ge 540 ] && [ "$DISK_SIZE" -le 719 ]; then - RETENTION="270" - elif [ "$DISK_SIZE" -ge 720 ]; then - RETENTION="365" - else - echo -e "\e[31m[!]\e[0m Unable to determine disk size - exiting." - exit 1 - fi - - echo -e "\e[32m[X]\e[0m We are assigning $RETENTION days as your retention period for log storage" - - curl --cacert certs/root-ca.crt --user "elastic:$elastic_user_pass" -X PUT "https://127.0.0.1:9200/_ilm/policy/lme_ilm_policy" -H 'Content-Type: application/json' -d' -{ - "policy": { - "phases": { - "hot": { - "min_age": "0ms", - "actions": { - "rollover": { - "max_age": "30d", - "max_primary_shard_size": "50gb" - } - } - }, - "warm": { - "min_age": "2d", - "actions": { - "shrink": { - "number_of_shards": 1 - } - } - }, - "delete": { - "min_age": "'$RETENTION'd", - "actions": { - "delete": { - "delete_searchable_snapshot": true - } - } - } - }, - "_meta": { - "description": "LME ILM policy using the hot and warm phases with a retention of '$RETENTION' days" - } - } -} -' -} - -function auto_os_updates() { - lin_ver=$(get_distribution) - echo "This OS was detected as: $lin_ver" - if [ "$lin_ver" == "ubuntu" ]; then - echo -e "\e[32m[X]\e[0m Configuring Auto Updates" - apt install unattended-upgrades -y -q - sed -i 's#//Unattended-Upgrade::Automatic-Reboot "false";#Unattended-Upgrade::Automatic-Reboot "true";#g' /etc/apt/apt.conf.d/50unattended-upgrades - sed -i 's#//Unattended-Upgrade::Automatic-Reboot-Time "02:00";#Unattended-Upgrade::Automatic-Reboot-Time "02:00";#g' /etc/apt/apt.conf.d/50unattended-upgrades - - auto_os_updatesfile='/etc/apt/apt.conf.d/20auto-upgrades' - apt_UPL_0='APT::Periodic::Update-Package-Lists "0";' - apt_UPL_1='APT::Periodic::Update-Package-Lists "1";' - - apt_UU_0='APT::Periodic::Unattended-Upgrade "0";' - apt_UU_1='APT::Periodic::Unattended-Upgrade "1";' - - apt_DUP_0='APT::Periodic::Download-Upgradeable-Packages "0";' - apt_DUP_1='APT::Periodic::Download-Upgradeable-Packages "1";' - - # check if package list is set to 1 or 0 and then make sure its 1 if its not set then set it - if grep -q -F -e "$apt_UPL_0" -e "$apt_UPL_1" "$auto_os_updatesfile"; then - sed -i "s#$apt_UPL_0#$apt_UPL_1#g" $auto_os_updatesfile - else - echo "$apt_UPL_1" >>$auto_os_updatesfile - fi - - # check unattended upgrade is set to 1 or 0 and then make sure its 1 if its not set then set it - if grep -q -F -e "$apt_UU_0" -e "$apt_UU_1" "$auto_os_updatesfile"; then - sed -i "s#$apt_UU_0#$apt_UU_1#g" $auto_os_updatesfile - else - echo "$apt_UU_1" >>$auto_os_updatesfile - fi - - # check download packages is set to 1 or 0 and then make sure its 1 if its not set then set it - if grep -q -F -e "$apt_DUP_0" -e "$apt_DUP_1" "$auto_os_updatesfile"; then - sed -i "s#$apt_DUP_0#$apt_DUP_1#g" $auto_os_updatesfile - else - echo "$apt_DUP_1" >>$auto_os_updatesfile - fi - else - echo -e "\e[33m[!]\e[0m Not configuring automatic updates as this OS is not supported" - fi -} - -function configelasticsearch() { - echo -e "\n\e[32m[X]\e[0m Configuring elasticsearch Replica settings" - - #set future index to always have no replicas - curl --cacert certs/root-ca.crt --user "elastic:$elastic_user_pass" -X PUT "https://127.0.0.1:9200/_template/number_of_replicas" -H 'Content-Type: application/json' -d' { "template": "*", "settings": { "number_of_replicas": 0 }}' - #set all current indices to have 0 replicas - curl --cacert certs/root-ca.crt --user "elastic:$elastic_user_pass" -X PUT "https://127.0.0.1:9200/_all/_settings" -H 'Content-Type: application/json' -d '{"index" : {"number_of_replicas" : 0}}' -} - -function writeconfig() { - echo -e "\n\e[32m[X]\e[0m Writing LME Config" - #write LME version - echo "version=$(get_latest_version)" >/opt/lme/lme.conf - if [ -z "$logstashcn" ]; then - # $logstashcn is not set - so this function is not called from an initial install - read -e -p "Enter the Fully Qualified Domain Name (FQDN) of this Linux server: " logstashcn - fi - #write elastic hostname - echo "hostname=$logstashcn" >>/opt/lme/lme.conf - - cp dashboard_update.sh /opt/lme/ - chmod 700 /opt/lme/dashboard_update.sh - - echo -e "\e[32m[X]\e[0m Updating dashboard update configuration with dashboard update user credentials" - sed -i "s/dashboardupdatepassword/$update_user_pass/g" /opt/lme/dashboard_update.sh - - cp lme_update.sh /opt/lme/ - chmod 700 /opt/lme/lme_update.sh -} - -function uploaddashboards() { - echo -e "\e[32m[X]\e[0m Uploading Kibana dashboards" - - sleep 30 #sleep to make sure port is responsive, it seems to not immediately be available sometimes - - /opt/lme/dashboard_update.sh - - echo "" -} - -function zipnewcerts() { - echo -e "\n\e[32m[X]\e[0m Generating new_client_certificates.zip" - mkdir -p /tmp/lme - cp /opt/lme/Chapter\ 3\ Files/certs/wlbclient.crt /tmp/lme/ - cp /opt/lme/Chapter\ 3\ Files/certs/wlbclient.key /tmp/lme/ - cp /opt/lme/Chapter\ 3\ Files/certs/root-ca.crt /tmp/lme/ - zip -rmT /opt/lme/new_client_certificates.zip /tmp/lme -} - -function bootstrapindex() { - if [[ "$(curl --cacert certs/root-ca.crt --user "elastic:$elastic_user_pass" -s -o /dev/null -w ''%{http_code}'' https://127.0.0.1:9200/winlogbeat-000001)" != "200" ]]; then - echo -e "\n\e[32m[X]\e[0m Bootstrapping index alias" - curl --cacert certs/root-ca.crt --user "elastic:$elastic_user_pass" -X PUT "https://127.0.0.1:9200/winlogbeat-000001" -H 'Content-Type: application/json' -d' -{ - "aliases": { - "winlogbeat-alias": { - "is_write_index": true - } - } -} -' - else - echo -e "\n\e[33m[!]\e[0m Initial index already exists, no need to bootstrap" - fi -} - -function fixreadability() { - cd /opt/lme/ - chmod -077 -R . - - #some permissions to help with seeing files - chown root:sudo /opt/lme/ - chmod 750 /opt/lme/ - chmod 644 files_for_windows.zip - - #fix backups - chown -R 1000:1000 /opt/lme/backups - chmod -R go-rwx /opt/lme/backups - - #fix chapter 3 files: group and owner should have rx permissions - chown 1000:1000 /opt/lme/Chapter\ 3\ Files/ - chmod ug+rx /opt/lme/Chapter\ 3\ Files -} - - -function install() { - export FRESH_INSTALL="true" - echo -e "Will execute the following intrusive actions:\n\t- apt update & upgrade\n\t- install docker (please uninstall before proceeding, or indicate skipping the install)\n\t- initialize docker swarm (execute \`sudo docker swarm leave --force\` before proceeding if you are part of a swarm\n\t- automatic os updates via unattened-upgrades\n\t- checkout lme directory to latest version, and throw away local changes)" - - prompt "Proceed?" - status=$? - #user entered no - if ! (exit $status); - then - error "Exiting" - return 1 - fi - - echo -e "\e[32m[X]\e[0m Updating OS software" - apt-get update - DEBIAN_FRONTEND=noninteractive NEEDRESTART_MODE=a apt-get upgrade -yq - - echo -e "\e[32m[X]\e[0m Installing prerequisites" - DEBIAN_FRONTEND=noninteractive NEEDRESTART_MODE=a apt-get install ${REQUIRED_PACKS[*]} -yq - - if [ -f /var/run/reboot-required ]; then - echo -e "\e[31m[!]\e[0m A reboot is required in order to proceed with the install." - echo -e "\e[31m[!]\e[0m Please reboot and re-run this script to finish the install." - exit 1 - fi - - - #enable auto updates if ubuntu - auto_os_updates - - #move configs - cp docker-compose-stack.yml docker-compose-stack-live.yml - - #find the IP winlogbeat will use to communicate with the logstash box (on elk) - - #get interface name of default route - DEFAULT_IF="$(route | grep '^default' | grep -o '[^ ]*$')" - - #get ip of the interface - EXT_IP="$(/sbin/ifconfig "$DEFAULT_IF" | awk -F ' *|:' '/inet /{print $3}')" - - read -e -p "Enter the IP of this Linux server: " -i "$EXT_IP" logstaship - - read -e -p "Enter the Fully Qualified Domain Name (FQDN) of this Linux server. This needs to be resolvable from the Windows Event Collector: " logstashcn - echo -e "\e[32m[X]\e[0m Configuring winlogbeat config and certificates to use $logstaship as the IP and $logstashcn as the DNS" - - read -e -p "This script will use self signed certificates for communication and encryption. Do you want to continue with self signed certificates? ([y]es/[n]o): " -i "y" selfsignedyn - read -e -p "Skip Docker Install? ([y]es/[n]o): " -i "n" skipdinstall - - if [ "$selfsignedyn" == "y" ]; then - #make certs - generateCA - generatelogstashcert - generateclientcert - generateelasticcert - generatekibanacert - elif [ "$selfsignedyn" == "n" ]; then - echo "Please make sure you have the following certificates named correctly" - echo "./certs/root-ca.crt" - echo "./certs/elasticsearch.key" - echo "./certs/elasticsearch.crt" - echo "./certs/logstash.crt" - echo "./certs/logstash.key" - echo "./certs/kibana.crt" - echo "./certs/kibana.key" - echo -e "\e[32m[X]\e[0m Checking for root-ca.crt" - if [ ! -f ./certs/root-ca.crt ]; then - echo -e "\e[31m[!]\e[0m File not found!" - exit 1 - fi - echo -e "\e[32m[X]\e[0m Checking for elasticsearch.key" - if [ ! -f ./certs/elasticsearch.key ]; then - echo -e "\e[31m[!]\e[0m File not found!" - exit 1 - fi - echo -e "\e[32m[X]\e[0m Checking for elasticsearch.crt" - if [ ! -f ./certs/elasticsearch.crt ]; then - echo -e "\e[31m[!]\e[0m File not found!" - exit 1 - fi - echo -e "\e[32m[X]\e[0m Checking for logstash.crt" - if [ ! -f ./certs/logstash.crt ]; then - echo -e "\e[31m[!]\e[0m File not found!" - exit 1 - fi - echo -e "\e[32m[X]\e[0m Checking for logstash.key" - if [ ! -f ./certs/logstash.key ]; then - echo -e "\e[31m[!]\e[0m File not found!" - exit 1 - fi - echo -e "\e[32m[X]\e[0m Checking for kibana.crt" - if [ ! -f ./certs/kibana.crt ]; then - echo -e "\e[31m[!]\e[0m File not found!" - exit 1 - fi - echo -e "\e[32m[X]\e[0m Checking for kibana.key" - if [ ! -f ./certs/kibana.key ]; then - echo -e "\e[31m[!]\e[0m File not found!" - exit 1 - fi - else - echo "Not a valid option" - fi - - if [ "$skipdinstall" == "n" ]; then - installdocker - fi - - initdockerswarm - populatecerts - generatepasswords - populatelogstashconfig - configuredocker - pulllme - deploylme - setpasswords - configelasticsearch - zipfiles - - #pipelines - pipelineupdate - - #ILM - data_retention - - #index mapping - indexmappingupdate - - #bootstrap - bootstrapindex - - #create config file - writeconfig - - #dashboard upload - uploaddashboards - - #prompt user to enable auto update - #Deprecated - #promptupdate - - #fix readability: - fixreadability - - displaycredentials - - echo -e "If you prefer to set your own elastic user password, then refer to our troubleshooting documentation:" - echo -e "https://github.com/cisagov/LME/blob/main/docs/markdown/reference/troubleshooting.md#changing-elastic-username-password\n\n" - return 0 -} - -function displaycredentials() { - echo "" - echo "##################################################################################" - echo "## Kibana/Elasticsearch Credentials are (these will not be accessible again!)" - echo "##" - echo "## Web Interface login:" - echo "## elastic:$elastic_user_pass" - echo "##" - echo "## System Credentials" - echo "## kibana:$kibana_system_pass" - echo "## logstash_system:$logstash_system_pass" - echo "## logstash_writer:$logstash_writer" - echo "## dashboard_update:$update_user_pass" - echo "##################################################################################" - echo "" -} - -function uninstall() { - echo -e "Performs the following:\n\t-kill all container processes\n\t-remove certs from docker" - read -e -p "Proceed ([y]es/[n]o):" -i "n" check - if [ "$check" == "n" ]; then - return - elif [ "$check" == "y" ]; then - echo -e "\e[32m[X]\e[0m Removing Docker stack and configuration" - docker stack rm lme - docker secret rm ca.crt logstash.crt logstash.key elasticsearch.key elasticsearch.crt - docker secret rm kibana.crt kibana.key - docker config rm logstash.conf logstash_custom.conf - echo -e "\e[32m[X]\e[0m Attempting to remove legacy LME files (this will cause expected errors if these no longer exist)" - docker secret rm winlogbeat.crt winlogbeat.key nginx.crt nginx.key - docker config rm osmap.csv - echo -e "\e[32m[X]\e[0m Leaving Docker swarm" - docker swarm leave --force - echo -e "\e[32m[X]\e[0m Removing LME config files and configured auto-updates" - rm -r certs - crontab -l | sed -E '/lme_update.sh|dashboard_update.sh/d' | crontab - - echo -e "\e[33m[!]\e[0m NOTICE!" - echo -e "\e[33m[!]\e[0m No data has been deleted:" - echo -e "\e[33m[!]\e[0m - Run 'sudo docker volume rm lme_esdata' to delete the elasticsearch database" - echo -e "\e[33m[!]\e[0m - Run 'sudo docker volume rm lme_logstashdata' to delete the logstash data directory" - return - else - echo -e "\e[33m[!]\e[0m ONLY PROVIDE y or n" - fi -} - -function upgrade() { - - #remove auto updates - crontab -l | sed -E '/lme_update.sh|dashboard_update.sh/d' | crontab - - - #grab latest version - latest=$(get_latest_version) - - #check if the config file we're now creating on new installs exists - if [ -r /opt/lme/lme.conf ]; then - #reference this file as a source - . /opt/lme/lme.conf - #check if the version number is equal to the one we want - #NCSC -> CISA - if [ "$version" == "0.5.1" ]; then - echo -e "\e[32m[X]\e[0m Updating from git repo" - git -C /opt/lme/ pull - - echo -e "\e[32m[X]\e[0m Removing existing Docker stack" - docker stack rm lme - docker config rm logstash.conf logstash_custom.conf - echo -e "\e[32m[X]\e[0m Attempting to remove legacy LME files (this will cause expected errors if these no longer exist)" - docker config rm osmap.csv - - echo -e "\e[32m[X]\e[0m Sleeping for one minute to allow Docker actions to complete..." - sleep 1m - - #Update Logstash Config - echo -e "\e[32m[X]\e[0m Updating current configuration files" - # mv old config to .old - mv /opt/lme/Chapter\ 3\ Files/logstash.edited.conf /opt/lme/Chapter\ 3\ Files/logstash.edited.conf.old - # copy new git version - cp /opt/lme/Chapter\ 3\ Files/logstash.conf /opt/lme/Chapter\ 3\ Files/logstash.edited.conf - # copy pass from old config into var - Logstash_Config_Pass="$(awk '{if(/password/) print $3}' 1.2.0 or 1.1.0 -> 1.2.0 - elif [ "$version" == "1.0" ]; then - echo -e "\e[32m[X]\e[0m Backing up config file to: /opt/lme/Chapter\ 3\ Files/backup_config " - sudo mkdir -p /opt/lme/Chapter\ 3\ Files/backup_config - sudo cp /opt/lme/Chapter\ 3\ Files/docker-compose-stack-live.yml /opt/lme/Chapter\ 3\ Files/backup_config/docker-compose-stack-live.yml - - echo -e "\e[32m[X]\e[0m Updating elastic to 8.11.1 " - sudo sed -i 's/8.7.1/8.11.1/g' /opt/lme/Chapter\ 3\ Files/docker-compose-stack-live.yml - sudo docker stack rm lme - - echo -e "\e[32m[X]\e[0m Sleeping for one minute to allow Docker actions to complete..." - sleep 1m - - pulllme - - echo -e "\e[32m[X]\e[0m Deploy LME" - deploylme - - echo -e "\e[32m[X]\e[0m Copying lme.conf -> lme.conf.bku" - sudo cp -rapf /opt/lme/lme.conf /opt/lme/lme.conf.bku - sudo sed -i "s/version=1.0/version=$latest/g" /opt/lme/lme.conf - - echo -e "\e[32m[X]\e[0m Copying dashboard_update.sh -> dashboard_update.sh.bku" - sudo cp -rapf /opt/lme/dashboard_update.sh /opt/lme/dashboard_update.sh.bku - sudo sed -i "s/\"\$version\" == \"1.0\"/\"\$version\" == \"$latest\"/g" /opt/lme/dashboard_update.sh - - #1.2.0 -> 1.3.0 - elif [ "$version" == "1.2.0" ]; then - - #update lme?? - sudo docker stack rm lme - - msg "Sleeping for one minute to allow Docker actions to complete..." - sleep 1m - - pulllme - - info "Deploy LME" - deploylme - - info "Copying lme.conf -> lme.conf.bku" - sudo cp -rapf /opt/lme/lme.conf /opt/lme/lme.conf.bku - sudo sed -i "s/version=1.0/version=$latest/g" /opt/lme/lme.conf - - info "Copying dashboard_update.sh -> dashboard_update.sh.bku" - sudo cp -rapf /opt/lme/dashboard_update.sh /opt/lme/dashboard_update.sh.bku - - info "Setting up new dashboard_update.sh" - sudo cp -rapf /opt/lme/Chapter\ 3\ Files/dashboard_update.sh /opt/lme/dashboard_update.sh - old_password=$(grep -P -o "(?<=dashboard_update:)[0-9a-zA-Z]+ " /opt/lme/dashboard_update.sh.bku) - sudo sed -i "s/dashboardupdatepassword/$old_password/g" /opt/lme/dashboard_update.sh - - #update VERSION NUMBER - info "Updating Version to $latest" - sudo cp -rapf /opt/lme/lme.conf /opt/lme/lme.conf.bku - sudo sed -i -E "s/version=[0-9]+\.[0-9]+\.[0-9]+/version=$latest/g" /opt/lme/lme.conf - chmod u+rwx /opt/lme/dashboard_update.sh - - info "Updating dashbaords" - sudo /opt/lme/dashboard_update.sh - - elif [ "$version" == $latest ]; then - info "You're on the latest version!" - elif [ "$version" > "1.3.0" ]; then - info "There are no upgrades in this version. $latest" - else - error "Updating directly to LME 1.0 from versions prior to 0.5.1 is not supported. Update to 0.5.1 first." - fi - fi -} - -function renew() { - #get interface name of default route - DEFAULT_IF="$(route | grep '^default' | grep -o '[^ ]*$')" - - #get ip of the interface - EXT_IP="$(/sbin/ifconfig "$DEFAULT_IF" | awk -F ' *|:' '/inet /{print $3}')" - read -e -p "Enter the IP of this Linux server: " -i "$EXT_IP" logstaship - - #get the FQDN - read -e -p "Enter the Fully Qualified Domain Name (FQDN) of this Linux server. This needs to be resolvable from the Windows Event Collector: " logstashcn - echo -e "\e[32m[X]\e[0m Configuring certificates to use $logstaship as the IP and $logstashcn as the DNS" - - echo -e "\e[32m[X]\e[0m Removing existing Docker stack" - docker stack rm lme - removecerts - - read -e -p "Do you want to regenerate the root Certificate Authority (warning - this will invalidate all current certificates in use) ([y]es/[n]o): " -i "n" regen_CA - if [ "$regen_CA" == "y" ]; then - generateCA - generatelogstashcert - generateelasticcert - generatekibanacert - generateclientcert - zipnewcerts - elif [ "$regen_CA" == "n" ]; then - read -e -p "Do you want to regenerate the Logstash certificate ([y]es/[n]o): " -i "n" regen_logstash - if [ "$regen_logstash" == "y" ]; then - generatelogstashcert - fi - read -e -p "Do you want to regenerate the Elasticsearch certificate ([y]es/[n]o): " -i "n" regen_elastic - if [ "$regen_elastic" == "y" ]; then - generateelasticcert - fi - read -e -p "Do you want to regenerate the Kibana certificate ([y]es/[n]o): " -i "n" regen_kibana - if [ "$regen_kibana" == "y" ]; then - generatekibanacert - fi - read -e -p "Do you want to regenerate the Winlogbeat client certificate (warning - you will need to re-install Winlogbeat with the new certificate on the WEC server if you do this) ([y]es/[n]o): " -i "n" regen_client_cert - if [ "$regen_client_cert" == "y" ]; then - generateclientcert - zipnewcerts - fi - else - echo "Not a valid option, re-adding existing certificates and exiting" - fi - - populatecerts - echo -e "\e[32m[X]\e[0m Recreating Docker stack" - pulllme - deploylme -} - -function usage() { - echo -e "\e[31m[!]\e[0m Invalid operation specified" - echo "Usage: ./deploy.sh (install/uninstall/renew/upgrade/update)" - echo "Example: ./deploy.sh install" - exit 1 -} - -############ -#START HERE# -############ -export CERT_STRING='/C=US/ST=DC/L=Washington/O=CISA' - -#Check the script has the correct permissions to run -if [ "$(id -u)" -ne 0 ]; then - echo -e "\e[31m[!]\e[0m This script must be run with root privileges" - exit 1 -fi - -#Check the install location -DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd)" -if [[ "$DIR" != "/opt/lme/Chapter 3 Files" ]]; then - echo -e "\e[31m[!]\e[0m The deploy script is not currently within the correct path, please ensure that LME is located in /opt/lme for installation" - exit 1 -fi - -#check all required binaries are installed -missing_pkgs=() -for pkg in ${REQUIRED_PACKS[*]}; -do - #https://stackoverflow.com/a/10439058 - PKG_OK=$(dpkg-query -W --showformat='${Status}\n' $pkg 2>/dev/null | grep "install ok installed") - if [ "" = "$PKG_OK" ]; then - missing_pkgs+=($pkg) - fi -done -#download missing packages -if [ ${#missing_pkgs[@]} -gt 0 ]; -then - ready "Will install the following packages: ${missing_pkgs[*]}. These are required for LME." - sudo apt-get update - #confirm install - sudo DEBIAN_FRONTEND=noninteractive NEEDRESTART_MODE=a apt-get -yq install ${missing_pkgs[*]} -fi - -#Change current working directory so relative filepaths work -cd "$DIR" || exit - -#TESTING Example BELOW: -#export FORCE_LATEST_VERSION=1.3.0 - -#What action is the user wanting to perform -if [ "$1" == "" ]; then - usage -elif [ "$1" == "install" ]; then - install - exit $? # Exit with the status of the install function -elif [ "$1" == "uninstall" ]; then - uninstall -elif [ "$1" == "upgrade" ]; then - upgrade -elif [ "$1" == "renew" ]; then - renew -elif [ "$1" == "update" ]; then - update -else - usage -fi diff --git a/OLD_CHAPTERS/Chapter 3 Files/docker-compose-stack.yml b/OLD_CHAPTERS/Chapter 3 Files/docker-compose-stack.yml deleted file mode 100644 index 25d893d7..00000000 --- a/OLD_CHAPTERS/Chapter 3 Files/docker-compose-stack.yml +++ /dev/null @@ -1,166 +0,0 @@ -version: '3.9' -########################### -# LME Stack deploy file # -########################### -services: - - elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch:8.11.1 - environment: - - node.name=es01 - # - discovery.seed_hosts=es01 - # - discovery.type=single-node - - cluster.initial_master_nodes=es01 - - ELASTIC_PASSWORD=temp - - xpack.security.enabled=true - - xpack.security.http.ssl.enabled=true - - xpack.security.http.ssl.key=/usr/share/elasticsearch/config/certificates/elasticsearch.key - - xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/certificates/ca.crt - - xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/certificates/elasticsearch.crt - - xpack.security.http.ssl.supported_protocols=TLSv1.3,TLSv1.2 - - xpack.security.transport.ssl.enabled=true - # - xpack.security.transport.ssl.verification_mode=certificate - - xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/certificates/ca.crt - - xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/certificates/elasticsearch.crt - - xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/certificates/elasticsearch.key - - xpack.security.transport.ssl.supported_protocols=TLSv1.3,TLSv1.2 - #- xpack.monitoring.enabled=false - - xpack.security.authc.api_key.enabled=true - - cluster.name=loggingmadeeasy-es - - path.repo=/usr/share/elasticsearch/data,/usr/share/elasticsearch/backups - - bootstrap.memory_lock=true - - "ES_JAVA_OPTS=-Xmsram-countg -Xmxram-countg -Des.enforce.bootstrap.checks=true" - command: /bin/bash -c "cp -r /run/secrets /usr/share/elasticsearch/config/certificates && /usr/local/bin/docker-entrypoint.sh eswrapper" - volumes: - - type: volume - source: esdata - target: /usr/share/elasticsearch/data - - type: bind - source: /opt/lme/backups - target: /usr/share/elasticsearch/backups - networks: - - esnet - ports: - - 9200:9200 - secrets: - - ca.crt - - elasticsearch.crt - - elasticsearch.key - ulimits: - memlock: - soft: -1 - hard: -1 - healthcheck: - test: - [ - "CMD-SHELL", - "curl -s --cacert /usr/share/elasticsearch/config/certificates/ca.crt https://127.0.0.1:9200 | grep -q 'missing authentication credentials'", - ] - interval: 10s - timeout: 10s - retries: 120 - - - kibana: - # depends_on: - # elasticsearch: - # condition: service_healthy - image: docker.elastic.co/kibana/kibana:8.11.1 - environment: - SERVER_NAME: kibana - ELASTICSEARCH_HOSTS: https://elasticsearch:9200 - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES: /usr/share/kibana/certificates/ca.crt - SERVER_SSL_ENABLED: "true" - SERVER_SSL_KEY: /usr/share/kibana/certificates/kibana.key - SERVER_SSL_CERTIFICATE: /usr/share/kibana/certificates/kibana.crt - SERVER_PUBLICBASEURL: insertpublicurlhere - SERVER_SSL_SUPPORTEDPROTOCOLS: '["TLSv1.3","TLSv1.2"]' - ELASTICSEARCH_USERNAME: kibana_system - ELASTICSEARCH_PASSWORD: insertkibanapasswordhere - # XPACK_SECURITY_ENABLED: "true" - XPACK_SECURITY_ENCRYPTIONKEY: kibanakey - XPACK_REPORTING_ENCRYPTIONKEY: kibanakey - XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY: kibanakey - command: /bin/bash -c "cp -r /run/secrets /usr/share/kibana/certificates && /usr/local/bin/kibana-docker" - secrets: - - ca.crt - - kibana.crt - - kibana.key - networks: - - esnet - ports: - - 443:5601 - healthcheck: - test: - [ - "CMD-SHELL", - "curl -k -s -I https://127.0.0.1:5601 | grep -q 'HTTP/1.1 302 Found'", - ] - interval: 10s - timeout: 10s - retries: 120 - - logstash: - image: docker.elastic.co/logstash/logstash:8.11.1 - environment: - XPACK_MONITORING_ENABLED: "false" - PIPELINE_ECS_COMPATIBILITY: v8 - QUEUE_TYPE: persisted - volumes: - - type: volume - source: logstashdata - target: /usr/share/logstash/data - ports: - - 5044:5044 - networks: - - esnet - configs: - - source: logstash.conf - target: /usr/share/logstash/pipeline/logstash.conf - mode: 0444 - - source: logstash_custom.conf - target: /usr/share/logstash/pipeline/logstash_custom.conf - mode: 0444 - secrets: - - ca.crt - - logstash.crt - - logstash.key - healthcheck: - test: - [ - "CMD-SHELL", - "curl -s http://localhost:9600 | grep -q '\"status\":\"green\"'", - ] - interval: 10s - timeout: 10s - retries: 120 - -secrets: - ca.crt: - external: true - logstash.crt: - external: true - logstash.key: - external: true - elasticsearch.crt: - external: true - elasticsearch.key: - external: true - kibana.crt: - external: true - kibana.key: - external: true -configs: - logstash.conf: - external: true - logstash_custom.conf: - external: true -volumes: - esdata: - driver: local - logstashdata: - driver: local - -networks: - esnet: - driver: overlay diff --git a/OLD_CHAPTERS/Chapter 3 Files/lme_update.sh b/OLD_CHAPTERS/Chapter 3 Files/lme_update.sh deleted file mode 100644 index 83d3b893..00000000 --- a/OLD_CHAPTERS/Chapter 3 Files/lme_update.sh +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/bash -/opt/lme/Chapter\ 3\ Files/deploy.sh update diff --git a/OLD_CHAPTERS/Chapter 3 Files/logstash.conf b/OLD_CHAPTERS/Chapter 3 Files/logstash.conf deleted file mode 100644 index 5f7e8084..00000000 --- a/OLD_CHAPTERS/Chapter 3 Files/logstash.conf +++ /dev/null @@ -1,74 +0,0 @@ -############################ -# LME Logstash Config # -############################ - -input { - beats { - port => 5044 - ssl => true - ssl_certificate => "/run/secrets/logstash.crt" - ssl_key => "/run/secrets/logstash.key" - ssl_certificate_authorities => ["/run/secrets/ca.crt"] - ssl_verify_mode => "force_peer" - tags => "beats" - } -} - -filter { - clone { - clones => ['cloned_logs'] - add_tag => ["cloned_logs"] - } - if "beats" in [tags] { - # If a windows update event that contains an updateTitle field (these sometimes contain KB numbers) then extract the KB - if [updateTitle][winlog][event_data] { - grok { - match => { - "[winlog][event_data][updateTitle]" => "(?KB[0-9]{5,})" - } - } - } - } -} - -output { - if "cloned_logs" not in [tags] { - if "beats" in [tags] { - if [@metadata][beat] == "winlogbeat" { - elasticsearch { - hosts => "https://elasticsearch:9200" - index => "%{[@metadata][beat]}-alias" - user => logstash_writer - password => "insertlogstashwriterpasswordhere" - ssl => true - cacert => '/run/secrets/ca.crt' - pipeline => "%{[@metadata][beat]}" - } - } - else { - if [@metadata][pipeline] { - elasticsearch { - hosts => "https://elasticsearch:9200" - index => "%{[@metadata][beat]}-%{[@metadata][version]}" - user => logstash_writer - password => "insertlogstashwriterpasswordhere" - ssl => true - cacert => '/run/secrets/ca.crt' - pipeline => "%{[@metadata][pipeline]}" - } - } - else { - elasticsearch { - hosts => "https://elasticsearch:9200" - index => "%{[@metadata][beat]}-%{[@metadata][version]}" - user => logstash_writer - password => "insertlogstashwriterpasswordhere" - ssl => true - cacert => '/run/secrets/ca.crt' - pipeline => "%{[@metadata][beat]}" - } - } - } - } - } -} diff --git a/OLD_CHAPTERS/Chapter 3 Files/winlog-index-mapping.json b/OLD_CHAPTERS/Chapter 3 Files/winlog-index-mapping.json deleted file mode 100644 index 5fb950a4..00000000 --- a/OLD_CHAPTERS/Chapter 3 Files/winlog-index-mapping.json +++ /dev/null @@ -1,7340 +0,0 @@ -{ - "index_patterns": [ - "winlogbeat-*" - ], - - "priority": 150, - "template": { - "mappings": { - "_meta": { - "beat": "winlogbeat", - "version": "7.17.6" - }, - "date_detection": false, - "dynamic_templates": [ - { - "labels": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "labels.*" - } - }, - { - "container.labels": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "container.labels.*" - } - }, - { - "fields": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "fields.*" - } - }, - { - "docker.container.labels": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "docker.container.labels.*" - } - }, - { - "kubernetes.labels.*": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "*", - "path_match": "kubernetes.labels.*" - } - }, - { - "kubernetes.annotations.*": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "*", - "path_match": "kubernetes.annotations.*" - } - }, - { - "kubernetes.selectors.*": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "*", - "path_match": "kubernetes.selectors.*" - } - }, - { - "winlog.event_data": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "winlog.event_data.*" - } - }, - { - "winlog.user_data": { - "mapping": { - "type": "keyword" - }, - "match_mapping_type": "string", - "path_match": "winlog.user_data.*" - } - }, - { - "strings_as_keyword": { - "mapping": { - "ignore_above": 1024, - "type": "keyword" - }, - "match_mapping_type": "string" - } - } - ], - "properties": { - "@timestamp": { - "type": "date" - }, - "agent": { - "properties": { - "build": { - "properties": { - "original": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ephemeral_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "client": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "cloud": { - "properties": { - "account": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "availability_zone": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "instance": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "machine": { - "properties": { - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "project": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "region": { - "ignore_above": 1024, - "type": "keyword" - }, - "service": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "code_signature": { - "properties": { - "digest_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "timestamp": { - "type": "date" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "container": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "image": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "tag": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "labels": { - "type": "object" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "runtime": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "data_stream": { - "properties": { - "dataset": { - "type": "constant_keyword" - }, - "namespace": { - "type": "constant_keyword" - }, - "type": { - "type": "constant_keyword" - } - } - }, - "destination": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "dll": { - "properties": { - "code_signature": { - "properties": { - "digest_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "timestamp": { - "type": "date" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "dns": { - "properties": { - "answers": { - "properties": { - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "data": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "ttl": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - }, - "type": "object" - }, - "header_flags": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "op_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "question": { - "properties": { - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "resolved_ip": { - "type": "ip" - }, - "response_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "docker": { - "properties": { - "container": { - "properties": { - "labels": { - "type": "object" - } - } - } - } - }, - "ecs": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "elf": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "byte_order": { - "ignore_above": 1024, - "type": "keyword" - }, - "cpu_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "creation_date": { - "type": "date" - }, - "exports": { - "type": "flattened" - }, - "header": { - "properties": { - "abi_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "data": { - "ignore_above": 1024, - "type": "keyword" - }, - "entrypoint": { - "type": "long" - }, - "object_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "os_abi": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "imports": { - "type": "flattened" - }, - "sections": { - "properties": { - "chi2": { - "type": "long" - }, - "entropy": { - "type": "long" - }, - "flags": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "physical_offset": { - "ignore_above": 1024, - "type": "keyword" - }, - "physical_size": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "virtual_address": { - "type": "long" - }, - "virtual_size": { - "type": "long" - } - }, - "type": "nested" - }, - "segments": { - "properties": { - "sections": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - }, - "type": "nested" - }, - "shared_libraries": { - "ignore_above": 1024, - "type": "keyword" - }, - "telfhash": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "error": { - "properties": { - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "message": { - "type": "match_only_text" - }, - "stack_trace": { - - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "wildcard" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "event": { - "properties": { - "action": { - "ignore_above": 1024, - "type": "keyword" - }, - "agent_id_status": { - "ignore_above": 1024, - "type": "keyword" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "code": { - "ignore_above": 1024, - "type": "keyword" - }, - "created": { - "type": "date" - }, - "dataset": { - "ignore_above": 1024, - "type": "keyword" - }, - "duration": { - "type": "long" - }, - "end": { - "type": "date" - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "ingested": { - "type": "date" - }, - "kind": { - "ignore_above": 1024, - "type": "keyword" - }, - "module": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "ignore_above": 1024, - "type": "keyword" - }, - "outcome": { - "ignore_above": 1024, - "type": "keyword" - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "reason": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "risk_score": { - "type": "float" - }, - "risk_score_norm": { - "type": "float" - }, - "sequence": { - "type": "long" - }, - "severity": { - "type": "long" - }, - "start": { - "type": "date" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "url": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "fields": { - "type": "object" - }, - "file": { - "properties": { - "accessed": { - "type": "date" - }, - "attributes": { - "ignore_above": 1024, - "type": "keyword" - }, - "code_signature": { - "properties": { - "digest_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "timestamp": { - "type": "date" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "created": { - "type": "date" - }, - "ctime": { - "type": "date" - }, - "device": { - "ignore_above": 1024, - "type": "keyword" - }, - "directory": { - "ignore_above": 1024, - "type": "keyword" - }, - "drive_letter": { - "ignore_above": 1, - "type": "keyword" - }, - "elf": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "byte_order": { - "ignore_above": 1024, - "type": "keyword" - }, - "cpu_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "creation_date": { - "type": "date" - }, - "exports": { - "type": "flattened" - }, - "header": { - "properties": { - "abi_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "data": { - "ignore_above": 1024, - "type": "keyword" - }, - "entrypoint": { - "type": "long" - }, - "object_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "os_abi": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "imports": { - "type": "flattened" - }, - "sections": { - "properties": { - "chi2": { - "type": "long" - }, - "entropy": { - "type": "long" - }, - "flags": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "physical_offset": { - "ignore_above": 1024, - "type": "keyword" - }, - "physical_size": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "virtual_address": { - "type": "long" - }, - "virtual_size": { - "type": "long" - } - }, - "type": "nested" - }, - "segments": { - "properties": { - "sections": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - }, - "type": "nested" - }, - "shared_libraries": { - "ignore_above": 1024, - "type": "keyword" - }, - "telfhash": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "fork_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "gid": { - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "inode": { - "ignore_above": 1024, - "type": "keyword" - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "mode": { - "ignore_above": 1024, - "type": "keyword" - }, - "mtime": { - "type": "date" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "owner": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "size": { - "type": "long" - }, - "target_path": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "uid": { - "ignore_above": 1024, - "type": "keyword" - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "doc_values": false, - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "host": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "containerized": { - "type": "boolean" - }, - "cpu": { - "properties": { - "usage": { - "scaling_factor": 1000, - "type": "scaled_float" - } - } - }, - "disk": { - "properties": { - "read": { - "properties": { - "bytes": { - "type": "long" - } - } - }, - "write": { - "properties": { - "bytes": { - "type": "long" - } - } - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "network": { - "properties": { - "egress": { - "properties": { - "bytes": { - "type": "long" - }, - "packets": { - "type": "long" - } - } - }, - "ingress": { - "properties": { - "bytes": { - "type": "long" - }, - "packets": { - "type": "long" - } - } - } - } - }, - "os": { - "properties": { - "build": { - "ignore_above": 1024, - "type": "keyword" - }, - "codename": { - "ignore_above": 1024, - "type": "keyword" - }, - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "uptime": { - "type": "long" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "http": { - "properties": { - "request": { - "properties": { - "body": { - "properties": { - "bytes": { - "type": "long" - }, - "content": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "wildcard" - } - } - }, - "bytes": { - "type": "long" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "method": { - "ignore_above": 1024, - "type": "keyword" - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "referrer": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "response": { - "properties": { - "body": { - "properties": { - "bytes": { - "type": "long" - }, - "content": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "wildcard" - } - } - }, - "bytes": { - "type": "long" - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "status_code": { - "type": "long" - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "interface": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "jolokia": { - "properties": { - "agent": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "secured": { - "type": "boolean" - }, - "server": { - "properties": { - "product": { - "ignore_above": 1024, - "type": "keyword" - }, - "vendor": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "url": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "kubernetes": { - "properties": { - "annotations": { - "properties": { - "*": { - "type": "object" - } - } - }, - "container": { - "properties": { - "image": { - "path": "container.image.name", - "type": "alias" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "deployment": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "labels": { - "properties": { - "*": { - "type": "object" - } - } - }, - "namespace": { - "ignore_above": 1024, - "type": "keyword" - }, - "node": { - "properties": { - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pod": { - "properties": { - "ip": { - "type": "ip" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "uid": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "replicaset": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "selectors": { - "properties": { - "*": { - "type": "object" - } - } - }, - "statefulset": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "labels": { - "type": "object" - }, - "log": { - "properties": { - "file": { - "properties": { - "path": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "level": { - "ignore_above": 1024, - "type": "keyword" - }, - "logger": { - "ignore_above": 1024, - "type": "keyword" - }, - "origin": { - "properties": { - "file": { - "properties": { - "line": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "function": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "original": { - "doc_values": false, - "ignore_above": 1024, - "index": false, - "type": "keyword" - }, - "syslog": { - "properties": { - "facility": { - "properties": { - "code": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "priority": { - "type": "long" - }, - "severity": { - "properties": { - "code": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - }, - "type": "object" - } - } - }, - "message": { - "type": "match_only_text" - }, - "network": { - "properties": { - "application": { - "ignore_above": 1024, - "type": "keyword" - }, - "bytes": { - "type": "long" - }, - "community_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "direction": { - "ignore_above": 1024, - "type": "keyword" - }, - "forwarded_ip": { - "type": "ip" - }, - "iana_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "inner": { - "properties": { - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - }, - "type": "object" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "packets": { - "type": "long" - }, - "protocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "transport": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "observer": { - "properties": { - "egress": { - "properties": { - "interface": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "zone": { - "ignore_above": 1024, - "type": "keyword" - } - }, - "type": "object" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hostname": { - "ignore_above": 1024, - "type": "keyword" - }, - "ingress": { - "properties": { - "interface": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "zone": { - "ignore_above": 1024, - "type": "keyword" - } - }, - "type": "object" - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "vendor": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "orchestrator": { - "properties": { - "api_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "cluster": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "url": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "namespace": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "resource": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "organization": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "package": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "build_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "checksum": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "install_scope": { - "ignore_above": 1024, - "type": "keyword" - }, - "installed": { - "type": "date" - }, - "license": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "size": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "powershell": { - "properties": { - "command": { - "properties": { - "invocation_details": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "related_command": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "value": { - "norms": false, - "type": "text" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "value": { - "norms": false, - "type": "text" - } - } - }, - "connected_user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "engine": { - "properties": { - "new_state": { - "ignore_above": 1024, - "type": "keyword" - }, - "previous_state": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "file": { - "properties": { - "script_block_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "script_block_text": { - "norms": false, - "type": "text" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "pipeline_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "process": { - "properties": { - "executable_version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "provider": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "new_state": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "runspace_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "sequence": { - "type": "long" - }, - "total": { - "type": "long" - } - } - }, - "process": { - "properties": { - "args": { - "ignore_above": 1024, - "type": "keyword" - }, - "args_count": { - "type": "long" - }, - "code_signature": { - "properties": { - "digest_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "timestamp": { - "type": "date" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "command_line": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "wildcard" - }, - "elf": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "byte_order": { - "ignore_above": 1024, - "type": "keyword" - }, - "cpu_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "creation_date": { - "type": "date" - }, - "exports": { - "type": "flattened" - }, - "header": { - "properties": { - "abi_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "data": { - "ignore_above": 1024, - "type": "keyword" - }, - "entrypoint": { - "type": "long" - }, - "object_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "os_abi": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "imports": { - "type": "flattened" - }, - "sections": { - "properties": { - "chi2": { - "type": "long" - }, - "entropy": { - "type": "long" - }, - "flags": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "physical_offset": { - "ignore_above": 1024, - "type": "keyword" - }, - "physical_size": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "virtual_address": { - "type": "long" - }, - "virtual_size": { - "type": "long" - } - }, - "type": "nested" - }, - "segments": { - "properties": { - "sections": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - }, - "type": "nested" - }, - "shared_libraries": { - "ignore_above": 1024, - "type": "keyword" - }, - "telfhash": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "end": { - "type": "date" - }, - "entity_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "executable": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "exit_code": { - "type": "long" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "parent": { - "properties": { - "args": { - "ignore_above": 1024, - "type": "keyword" - }, - "args_count": { - "type": "long" - }, - "code_signature": { - "properties": { - "digest_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "timestamp": { - "type": "date" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "command_line": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "wildcard" - }, - "elf": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "byte_order": { - "ignore_above": 1024, - "type": "keyword" - }, - "cpu_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "creation_date": { - "type": "date" - }, - "exports": { - "type": "flattened" - }, - "header": { - "properties": { - "abi_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "data": { - "ignore_above": 1024, - "type": "keyword" - }, - "entrypoint": { - "type": "long" - }, - "object_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "os_abi": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "imports": { - "type": "flattened" - }, - "sections": { - "properties": { - "chi2": { - "type": "long" - }, - "entropy": { - "type": "long" - }, - "flags": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "physical_offset": { - "ignore_above": 1024, - "type": "keyword" - }, - "physical_size": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "virtual_address": { - "type": "long" - }, - "virtual_size": { - "type": "long" - } - }, - "type": "nested" - }, - "segments": { - "properties": { - "sections": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - }, - "type": "nested" - }, - "shared_libraries": { - "ignore_above": 1024, - "type": "keyword" - }, - "telfhash": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "end": { - "type": "date" - }, - "entity_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "executable": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "exit_code": { - "type": "long" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pgid": { - "type": "long" - }, - "pid": { - "type": "long" - }, - "ppid": { - "type": "long" - }, - "start": { - "type": "date" - }, - "thread": { - "properties": { - "id": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "title": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "uptime": { - "type": "long" - }, - "working_directory": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "pgid": { - "type": "long" - }, - "pid": { - "type": "long" - }, - "ppid": { - "type": "long" - }, - "start": { - "type": "date" - }, - "thread": { - "properties": { - "id": { - "type": "long" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "title": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "uptime": { - "type": "long" - }, - "working_directory": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "registry": { - "properties": { - "data": { - "properties": { - "bytes": { - "ignore_above": 1024, - "type": "keyword" - }, - "strings": { - "ignore_above": 1024, - "type": "wildcard" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hive": { - "ignore_above": 1024, - "type": "keyword" - }, - "key": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "value": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "related": { - "properties": { - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "hosts": { - "ignore_above": 1024, - "type": "keyword" - }, - "ip": { - "type": "ip" - }, - "user": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "rule": { - "properties": { - "author": { - "ignore_above": 1024, - "type": "keyword" - }, - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "license": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "ruleset": { - "ignore_above": 1024, - "type": "keyword" - }, - "uuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "server": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "service": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "environment": { - "ignore_above": 1024, - "type": "keyword" - }, - "ephemeral_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "node": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "state": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "source": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - }, - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "bytes": { - "type": "long" - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "mac": { - "ignore_above": 1024, - "type": "keyword" - }, - "nat": { - "properties": { - "ip": { - "type": "ip" - }, - "port": { - "type": "long" - } - } - }, - "packets": { - "type": "long" - }, - "port": { - "type": "long" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "span": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "sysmon": { - "properties": { - "dns": { - "properties": { - "status": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "file": { - "properties": { - "archived": { - "type": "boolean" - }, - "is_executable": { - "type": "boolean" - } - } - } - } - }, - "tags": { - "ignore_above": 1024, - "type": "keyword" - }, - "threat": { - "properties": { - "enrichments": { - "properties": { - "indicator": { - "properties": { - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "confidence": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "file": { - "properties": { - "accessed": { - "type": "date" - }, - "attributes": { - "ignore_above": 1024, - "type": "keyword" - }, - "code_signature": { - "properties": { - "digest_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "timestamp": { - "type": "date" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "created": { - "type": "date" - }, - "ctime": { - "type": "date" - }, - "device": { - "ignore_above": 1024, - "type": "keyword" - }, - "directory": { - "ignore_above": 1024, - "type": "keyword" - }, - "drive_letter": { - "ignore_above": 1, - "type": "keyword" - }, - "elf": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "byte_order": { - "ignore_above": 1024, - "type": "keyword" - }, - "cpu_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "creation_date": { - "type": "date" - }, - "exports": { - "type": "flattened" - }, - "header": { - "properties": { - "abi_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "data": { - "ignore_above": 1024, - "type": "keyword" - }, - "entrypoint": { - "type": "long" - }, - "object_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "os_abi": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "imports": { - "type": "flattened" - }, - "sections": { - "properties": { - "chi2": { - "type": "long" - }, - "entropy": { - "type": "long" - }, - "flags": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "physical_offset": { - "ignore_above": 1024, - "type": "keyword" - }, - "physical_size": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "virtual_address": { - "type": "long" - }, - "virtual_size": { - "type": "long" - } - }, - "type": "nested" - }, - "segments": { - "properties": { - "sections": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - }, - "type": "nested" - }, - "shared_libraries": { - "ignore_above": 1024, - "type": "keyword" - }, - "telfhash": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "fork_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "gid": { - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "inode": { - "ignore_above": 1024, - "type": "keyword" - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "mode": { - "ignore_above": 1024, - "type": "keyword" - }, - "mtime": { - "type": "date" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "owner": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "size": { - "type": "long" - }, - "target_path": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "uid": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "first_seen": { - "type": "date" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "last_seen": { - "type": "date" - }, - "marking": { - "properties": { - "tlp": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "modified_at": { - "type": "date" - }, - - "port": { - "type": "long" - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "registry": { - "properties": { - "data": { - "properties": { - "bytes": { - "ignore_above": 1024, - "type": "keyword" - }, - "strings": { - "ignore_above": 1024, - "type": "wildcard" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hive": { - "ignore_above": 1024, - "type": "keyword" - }, - "key": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "value": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "scanner_stats": { - "type": "long" - }, - "sightings": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "url": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "fragment": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "wildcard" - }, - "original": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "wildcard" - }, - "password": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "wildcard" - }, - "port": { - "type": "long" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "scheme": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "username": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "doc_values": false, - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - }, - "type": "object" - }, - "matched": { - "properties": { - "atomic": { - "ignore_above": 1024, - "type": "keyword" - }, - "field": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "index": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - }, - "type": "nested" - }, - "framework": { - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "indicator": { - "properties": { - "as": { - "properties": { - "number": { - "type": "long" - }, - "organization": { - "properties": { - "name": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "confidence": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "properties": { - "address": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "file": { - "properties": { - "accessed": { - "type": "date" - }, - "attributes": { - "ignore_above": 1024, - "type": "keyword" - }, - "code_signature": { - "properties": { - "digest_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "exists": { - "type": "boolean" - }, - "signing_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "team_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "timestamp": { - "type": "date" - }, - "trusted": { - "type": "boolean" - }, - "valid": { - "type": "boolean" - } - } - }, - "created": { - "type": "date" - }, - "ctime": { - "type": "date" - }, - "device": { - "ignore_above": 1024, - "type": "keyword" - }, - "directory": { - "ignore_above": 1024, - "type": "keyword" - }, - "drive_letter": { - "ignore_above": 1, - "type": "keyword" - }, - "elf": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "byte_order": { - "ignore_above": 1024, - "type": "keyword" - }, - "cpu_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "creation_date": { - "type": "date" - }, - "exports": { - "type": "flattened" - }, - "header": { - "properties": { - "abi_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "class": { - "ignore_above": 1024, - "type": "keyword" - }, - "data": { - "ignore_above": 1024, - "type": "keyword" - }, - "entrypoint": { - "type": "long" - }, - "object_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "os_abi": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "imports": { - "type": "flattened" - }, - "sections": { - "properties": { - "chi2": { - "type": "long" - }, - "entropy": { - "type": "long" - }, - "flags": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "physical_offset": { - "ignore_above": 1024, - "type": "keyword" - }, - "physical_size": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "virtual_address": { - "type": "long" - }, - "virtual_size": { - "type": "long" - } - }, - "type": "nested" - }, - "segments": { - "properties": { - "sections": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - }, - "type": "nested" - }, - "shared_libraries": { - "ignore_above": 1024, - "type": "keyword" - }, - "telfhash": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "fork_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "gid": { - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha512": { - "ignore_above": 1024, - "type": "keyword" - }, - "ssdeep": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "inode": { - "ignore_above": 1024, - "type": "keyword" - }, - "mime_type": { - "ignore_above": 1024, - "type": "keyword" - }, - "mode": { - "ignore_above": 1024, - "type": "keyword" - }, - "mtime": { - "type": "date" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "owner": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "pe": { - "properties": { - "architecture": { - "ignore_above": 1024, - "type": "keyword" - }, - "company": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "ignore_above": 1024, - "type": "keyword" - }, - "file_version": { - "ignore_above": 1024, - "type": "keyword" - }, - "imphash": { - "ignore_above": 1024, - "type": "keyword" - }, - "original_file_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "product": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "size": { - "type": "long" - }, - "target_path": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "uid": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "first_seen": { - "type": "date" - }, - "geo": { - "properties": { - "city_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "continent_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "country_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "location": { - "type": "geo_point" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "postal_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_iso_code": { - "ignore_above": 1024, - "type": "keyword" - }, - "region_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "timezone": { - - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "ip": { - "type": "ip" - }, - "last_seen": { - "type": "date" - }, - "marking": { - "properties": { - "tlp": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "modified_at": { - "type": "date" - }, - - "port": { - "type": "long" - }, - "provider": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "registry": { - "properties": { - "data": { - "properties": { - "bytes": { - "ignore_above": 1024, - "type": "keyword" - }, - "strings": { - "ignore_above": 1024, - "type": "wildcard" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hive": { - "ignore_above": 1024, - "type": "keyword" - }, - "key": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "keyword" - }, - "value": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "scanner_stats": { - "type": "long" - }, - "sightings": { - "type": "long" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "url": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "fragment": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "wildcard" - }, - "original": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "wildcard" - }, - "password": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "wildcard" - }, - "port": { - "type": "long" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "scheme": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "username": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "doc_values": false, - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "software": { - "properties": { - "alias": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "platforms": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "tactic": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "technique": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "subtechnique": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "timeseries": { - "properties": { - "instance": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "tls": { - "properties": { - "cipher": { - "ignore_above": 1024, - "type": "keyword" - }, - "client": { - "properties": { - "certificate": { - "ignore_above": 1024, - "type": "keyword" - }, - "certificate_chain": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "issuer": { - "ignore_above": 1024, - "type": "keyword" - }, - "ja3": { - "ignore_above": 1024, - "type": "keyword" - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "server_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "supported_ciphers": { - "ignore_above": 1024, - "type": "keyword" - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "doc_values": false, - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "established": { - "type": "boolean" - }, - "next_protocol": { - "ignore_above": 1024, - "type": "keyword" - }, - "resumed": { - "type": "boolean" - }, - "server": { - "properties": { - "certificate": { - "ignore_above": 1024, - "type": "keyword" - }, - "certificate_chain": { - "ignore_above": 1024, - "type": "keyword" - }, - "hash": { - "properties": { - "md5": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha1": { - "ignore_above": 1024, - "type": "keyword" - }, - "sha256": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "issuer": { - "ignore_above": 1024, - "type": "keyword" - }, - "ja3s": { - "ignore_above": 1024, - "type": "keyword" - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "subject": { - "ignore_above": 1024, - "type": "keyword" - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "doc_values": false, - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - }, - "version_protocol": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "trace": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "transaction": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "url": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "extension": { - "ignore_above": 1024, - "type": "keyword" - }, - "fragment": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "wildcard" - }, - "original": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "wildcard" - }, - "password": { - "ignore_above": 1024, - "type": "keyword" - }, - "path": { - "ignore_above": 1024, - "type": "wildcard" - }, - "port": { - "type": "long" - }, - "query": { - "ignore_above": 1024, - "type": "keyword" - }, - "registered_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "scheme": { - "ignore_above": 1024, - "type": "keyword" - }, - "subdomain": { - "ignore_above": 1024, - "type": "keyword" - }, - "top_level_domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "username": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "user": { - "properties": { - "changes": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "effective": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - }, - "target": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "email": { - "ignore_above": 1024, - "type": "keyword" - }, - "full_name": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "group": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "hash": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "roles": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - "user_agent": { - "properties": { - "device": { - "properties": { - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "original": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "os": { - "properties": { - "family": { - "ignore_above": 1024, - "type": "keyword" - }, - "full": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "kernel": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "platform": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vlan": { - "properties": { - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "vulnerability": { - "properties": { - "category": { - "ignore_above": 1024, - "type": "keyword" - }, - "classification": { - "ignore_above": 1024, - "type": "keyword" - }, - "description": { - "fields": { - "text": { - "type": "match_only_text" - } - }, - "ignore_above": 1024, - "type": "keyword" - }, - "enumeration": { - "ignore_above": 1024, - "type": "keyword" - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "reference": { - "ignore_above": 1024, - "type": "keyword" - }, - "report_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "scanner": { - "properties": { - "vendor": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "score": { - "properties": { - "base": { - "type": "float" - }, - "environmental": { - "type": "float" - }, - "temporal": { - "type": "float" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "severity": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "winlog": { - "properties": { - "activity_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "api": { - "ignore_above": 1024, - "type": "keyword" - }, - "channel": { - "ignore_above": 1024, - "type": "keyword" - }, - "computer_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "event_data": { - "properties": { - "AuthenticationPackageName": { - "ignore_above": 1024, - "type": "keyword" - }, - "Binary": { - "ignore_above": 1024, - "type": "keyword" - }, - "BitlockerUserInputTime": { - "ignore_above": 1024, - "type": "keyword" - }, - "BootMode": { - "ignore_above": 1024, - "type": "keyword" - }, - "BootType": { - "ignore_above": 1024, - "type": "keyword" - }, - "BuildVersion": { - "ignore_above": 1024, - "type": "keyword" - }, - "Company": { - "ignore_above": 1024, - "type": "keyword" - }, - "CorruptionActionState": { - "ignore_above": 1024, - "type": "keyword" - }, - "CreationUtcTime": { - "ignore_above": 1024, - "type": "keyword" - }, - "Description": { - "ignore_above": 1024, - "type": "keyword" - }, - "Detail": { - "ignore_above": 1024, - "type": "keyword" - }, - "DeviceName": { - "ignore_above": 1024, - "type": "keyword" - }, - "DeviceNameLength": { - "ignore_above": 1024, - "type": "keyword" - }, - "DeviceTime": { - "ignore_above": 1024, - "type": "keyword" - }, - "DeviceVersionMajor": { - "ignore_above": 1024, - "type": "keyword" - }, - "DeviceVersionMinor": { - "ignore_above": 1024, - "type": "keyword" - }, - "DriveName": { - "ignore_above": 1024, - "type": "keyword" - }, - "DriverName": { - "ignore_above": 1024, - "type": "keyword" - }, - "DriverNameLength": { - "ignore_above": 1024, - "type": "keyword" - }, - "DwordVal": { - "ignore_above": 1024, - "type": "keyword" - }, - "EntryCount": { - "ignore_above": 1024, - "type": "keyword" - }, - "ExtraInfo": { - "ignore_above": 1024, - "type": "keyword" - }, - "FailureName": { - "ignore_above": 1024, - "type": "keyword" - }, - "FailureNameLength": { - "ignore_above": 1024, - "type": "keyword" - }, - "FileVersion": { - "ignore_above": 1024, - "type": "keyword" - }, - "FinalStatus": { - "ignore_above": 1024, - "type": "keyword" - }, - "Group": { - "ignore_above": 1024, - "type": "keyword" - }, - "IdleImplementation": { - "ignore_above": 1024, - "type": "keyword" - }, - "IdleStateCount": { - "ignore_above": 1024, - "type": "keyword" - }, - "ImpersonationLevel": { - "ignore_above": 1024, - "type": "keyword" - }, - "IntegrityLevel": { - "ignore_above": 1024, - "type": "keyword" - }, - "IpAddress": { - "ignore_above": 1024, - "type": "keyword" - }, - "IpPort": { - "ignore_above": 1024, - "type": "keyword" - }, - "KeyLength": { - "ignore_above": 1024, - "type": "keyword" - }, - "LastBootGood": { - "ignore_above": 1024, - "type": "keyword" - }, - "LastShutdownGood": { - "ignore_above": 1024, - "type": "keyword" - }, - "LmPackageName": { - "ignore_above": 1024, - "type": "keyword" - }, - "LogonGuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "LogonId": { - "ignore_above": 1024, - "type": "keyword" - }, - "LogonProcessName": { - "ignore_above": 1024, - "type": "keyword" - }, - "LogonType": { - "ignore_above": 1024, - "type": "keyword" - }, - "MajorVersion": { - "ignore_above": 1024, - "type": "keyword" - }, - "MaximumPerformancePercent": { - "ignore_above": 1024, - "type": "keyword" - }, - "MemberName": { - "ignore_above": 1024, - "type": "keyword" - }, - "MemberSid": { - "ignore_above": 1024, - "type": "keyword" - }, - "MinimumPerformancePercent": { - "ignore_above": 1024, - "type": "keyword" - }, - "MinimumThrottlePercent": { - "ignore_above": 1024, - "type": "keyword" - }, - "MinorVersion": { - "ignore_above": 1024, - "type": "keyword" - }, - "NewProcessId": { - "ignore_above": 1024, - "type": "keyword" - }, - "NewProcessName": { - "ignore_above": 1024, - "type": "keyword" - }, - "NewSchemeGuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "NewTime": { - "ignore_above": 1024, - "type": "keyword" - }, - "NominalFrequency": { - "ignore_above": 1024, - "type": "keyword" - }, - "Number": { - "ignore_above": 1024, - "type": "keyword" - }, - "OldSchemeGuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "OldTime": { - "ignore_above": 1024, - "type": "keyword" - }, - "OriginalFileName": { - "ignore_above": 1024, - "type": "keyword" - }, - "Path": { - "ignore_above": 1024, - "type": "keyword" - }, - "PerformanceImplementation": { - "ignore_above": 1024, - "type": "keyword" - }, - "PreviousCreationUtcTime": { - "ignore_above": 1024, - "type": "keyword" - }, - "PreviousTime": { - "ignore_above": 1024, - "type": "keyword" - }, - "PrivilegeList": { - "ignore_above": 1024, - "type": "keyword" - }, - "ProcessId": { - "ignore_above": 1024, - "type": "keyword" - }, - "ProcessName": { - "ignore_above": 1024, - "type": "keyword" - }, - "ProcessPath": { - "ignore_above": 1024, - "type": "keyword" - }, - "ProcessPid": { - "ignore_above": 1024, - "type": "keyword" - }, - "Product": { - "ignore_above": 1024, - "type": "keyword" - }, - "PuaCount": { - "ignore_above": 1024, - "type": "keyword" - }, - "PuaPolicyId": { - "ignore_above": 1024, - "type": "keyword" - }, - "QfeVersion": { - "ignore_above": 1024, - "type": "keyword" - }, - "Reason": { - "ignore_above": 1024, - "type": "keyword" - }, - "SchemaVersion": { - "ignore_above": 1024, - "type": "keyword" - }, - "ScriptBlockText": { - "ignore_above": 1024, - "type": "keyword" - }, - "ServiceName": { - "ignore_above": 1024, - "type": "keyword" - }, - "ServiceVersion": { - "ignore_above": 1024, - "type": "keyword" - }, - "ShutdownActionType": { - "ignore_above": 1024, - "type": "keyword" - }, - "ShutdownEventCode": { - "ignore_above": 1024, - "type": "keyword" - }, - "ShutdownReason": { - "ignore_above": 1024, - "type": "keyword" - }, - "Signature": { - "ignore_above": 1024, - "type": "keyword" - }, - "SignatureStatus": { - "ignore_above": 1024, - "type": "keyword" - }, - "Signed": { - "ignore_above": 1024, - "type": "keyword" - }, - "StartTime": { - "ignore_above": 1024, - "type": "keyword" - }, - "State": { - "ignore_above": 1024, - "type": "keyword" - }, - "Status": { - "ignore_above": 1024, - "type": "keyword" - }, - "StopTime": { - "ignore_above": 1024, - "type": "keyword" - }, - "SubjectDomainName": { - "ignore_above": 1024, - "type": "keyword" - }, - "SubjectLogonId": { - "ignore_above": 1024, - "type": "keyword" - }, - "SubjectUserName": { - "ignore_above": 1024, - "type": "keyword" - }, - "SubjectUserSid": { - "ignore_above": 1024, - "type": "keyword" - }, - "TSId": { - "ignore_above": 1024, - "type": "keyword" - }, - "TargetDomainName": { - "ignore_above": 1024, - "type": "keyword" - }, - "TargetInfo": { - "ignore_above": 1024, - "type": "keyword" - }, - "TargetLogonGuid": { - "ignore_above": 1024, - "type": "keyword" - }, - "TargetLogonId": { - "ignore_above": 1024, - "type": "keyword" - }, - "TargetServerName": { - "ignore_above": 1024, - "type": "keyword" - }, - "TargetUserName": { - "ignore_above": 1024, - "type": "keyword" - }, - "TargetUserSid": { - "ignore_above": 1024, - "type": "keyword" - }, - "TerminalSessionId": { - "ignore_above": 1024, - "type": "keyword" - }, - "TokenElevationType": { - "ignore_above": 1024, - "type": "keyword" - }, - "TransmittedServices": { - "ignore_above": 1024, - "type": "keyword" - }, - "UserSid": { - "ignore_above": 1024, - "type": "keyword" - }, - "Version": { - "ignore_above": 1024, - "type": "keyword" - }, - "Workstation": { - "ignore_above": 1024, - "type": "keyword" - }, - "param1": { - "ignore_above": 1024, - "type": "keyword" - }, - "param2": { - "ignore_above": 1024, - "type": "keyword" - }, - "param3": { - "ignore_above": 1024, - "type": "keyword" - }, - "param4": { - "ignore_above": 1024, - "type": "keyword" - }, - "param5": { - "ignore_above": 1024, - "type": "keyword" - }, - "param6": { - "ignore_above": 1024, - "type": "keyword" - }, - "param7": { - "ignore_above": 1024, - "type": "keyword" - }, - "param8": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "event_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "keywords": { - "ignore_above": 1024, - "type": "keyword" - }, - "logon": { - "properties": { - "failure": { - "properties": { - "reason": { - "ignore_above": 1024, - "type": "keyword" - }, - "status": { - "ignore_above": 1024, - "type": "keyword" - }, - "sub_status": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "id": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "opcode": { - "ignore_above": 1024, - "type": "keyword" - }, - "process": { - "properties": { - "pid": { - "type": "long" - }, - "thread": { - "properties": { - "id": { - "type": "long" - } - } - } - } - }, - "provider_guid": { - "ignore_above": 1024, - "type": "keyword" - }, - "provider_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "record_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "related_activity_id": { - "ignore_above": 1024, - "type": "keyword" - }, - "task": { - "ignore_above": 1024, - "type": "keyword" - }, - "time_created": { - "type": "date" - }, - "user": { - "properties": { - "domain": { - "ignore_above": 1024, - "type": "keyword" - }, - "identifier": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "type": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "user_data": { - "type": "object" - }, - "version": { - "type": "long" - } - } - }, - "x509": { - "properties": { - "alternative_names": { - "ignore_above": 1024, - "type": "keyword" - }, - "issuer": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "not_after": { - "type": "date" - }, - "not_before": { - "type": "date" - }, - "public_key_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_curve": { - "ignore_above": 1024, - "type": "keyword" - }, - "public_key_exponent": { - "doc_values": false, - "index": false, - "type": "long" - }, - "public_key_size": { - "type": "long" - }, - "serial_number": { - "ignore_above": 1024, - "type": "keyword" - }, - "signature_algorithm": { - "ignore_above": 1024, - "type": "keyword" - }, - "subject": { - "properties": { - "common_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "country": { - "ignore_above": 1024, - "type": "keyword" - }, - "distinguished_name": { - "ignore_above": 1024, - "type": "keyword" - }, - "locality": { - "ignore_above": 1024, - "type": "keyword" - }, - "organization": { - "ignore_above": 1024, - "type": "keyword" - }, - "organizational_unit": { - "ignore_above": 1024, - "type": "keyword" - }, - "state_or_province": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "version_number": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - }, - - - "settings": { - "index": { - "lifecycle": { - "name": "lme_ilm_policy", - "rollover_alias": "winlogbeat-alias" - }, - "mapping": { - "total_fields": { - "limit": 10000 - } - }, - "max_docvalue_fields_search": 200, - "number_of_shards": 1, - "number_of_replicas": 0, - "query": { - "default_field": [ - "message", - "tags", - "agent.ephemeral_id", - "agent.id", - "agent.name", - "agent.type", - "agent.version", - "as.organization.name", - "client.address", - "client.as.organization.name", - "client.domain", - "client.geo.city_name", - "client.geo.continent_name", - "client.geo.country_iso_code", - "client.geo.country_name", - "client.geo.name", - "client.geo.region_iso_code", - "client.geo.region_name", - "client.mac", - "client.registered_domain", - "client.top_level_domain", - "client.user.domain", - "client.user.email", - "client.user.full_name", - "client.user.group.domain", - "client.user.group.id", - "client.user.group.name", - "client.user.hash", - "client.user.id", - "client.user.name", - "cloud.account.id", - "cloud.availability_zone", - "cloud.instance.id", - "cloud.instance.name", - "cloud.machine.type", - "cloud.provider", - "cloud.region", - "container.id", - "container.image.name", - "container.image.tag", - "container.name", - "container.runtime", - "destination.address", - "destination.as.organization.name", - "destination.domain", - "destination.geo.city_name", - "destination.geo.continent_name", - "destination.geo.country_iso_code", - "destination.geo.country_name", - "destination.geo.name", - "destination.geo.region_iso_code", - "destination.geo.region_name", - "destination.mac", - "destination.registered_domain", - "destination.top_level_domain", - "destination.user.domain", - "destination.user.email", - "destination.user.full_name", - "destination.user.group.domain", - "destination.user.group.id", - "destination.user.group.name", - "destination.user.hash", - "destination.user.id", - "destination.user.name", - "dns.answers.class", - "dns.answers.data", - "dns.answers.name", - "dns.answers.type", - "dns.header_flags", - "dns.id", - "dns.op_code", - "dns.question.class", - "dns.question.name", - "dns.question.registered_domain", - "dns.question.subdomain", - "dns.question.top_level_domain", - "dns.question.type", - "dns.response_code", - "dns.type", - "ecs.version", - "error.code", - "error.id", - "error.message", - "error.stack_trace", - "error.type", - "event.action", - "event.category", - "event.code", - "event.dataset", - "event.hash", - "event.id", - "event.kind", - "event.module", - "event.outcome", - "event.provider", - "event.timezone", - "event.type", - "file.device", - "file.directory", - "file.extension", - "file.gid", - "file.group", - "file.hash.md5", - "file.hash.sha1", - "file.hash.sha256", - "file.hash.sha512", - "file.inode", - "file.mode", - "file.name", - "file.owner", - "file.path", - "file.target_path", - "file.type", - "file.uid", - "geo.city_name", - "geo.continent_name", - "geo.country_iso_code", - "geo.country_name", - "geo.name", - "geo.region_iso_code", - "geo.region_name", - "group.domain", - "group.id", - "group.name", - "hash.md5", - "hash.sha1", - "hash.sha256", - "hash.sha512", - "host.architecture", - "host.geo.city_name", - "host.geo.continent_name", - "host.geo.country_iso_code", - "host.geo.country_name", - "host.geo.name", - "host.geo.region_iso_code", - "host.geo.region_name", - "host.hostname", - "host.id", - "host.mac", - "host.name", - "host.os.family", - "host.os.full", - "host.os.kernel", - "host.os.name", - "host.os.platform", - "host.os.version", - "host.type", - "host.user.domain", - "host.user.email", - "host.user.full_name", - "host.user.group.domain", - "host.user.group.id", - "host.user.group.name", - "host.user.hash", - "host.user.id", - "host.user.name", - "http.request.body.content", - "http.request.method", - "http.request.referrer", - "http.response.body.content", - "http.version", - "log.level", - "log.logger", - "log.origin.file.name", - "log.origin.function", - "log.syslog.facility.name", - "log.syslog.severity.name", - "network.application", - "network.community_id", - "network.direction", - "network.iana_number", - "network.name", - "network.protocol", - "network.transport", - "network.type", - "observer.geo.city_name", - "observer.geo.continent_name", - "observer.geo.country_iso_code", - "observer.geo.country_name", - "observer.geo.name", - "observer.geo.region_iso_code", - "observer.geo.region_name", - "observer.hostname", - "observer.mac", - "observer.name", - "observer.os.family", - "observer.os.full", - "observer.os.kernel", - "observer.os.name", - "observer.os.platform", - "observer.os.version", - "observer.product", - "observer.serial_number", - "observer.type", - "observer.vendor", - "observer.version", - "organization.id", - "organization.name", - "os.family", - "os.full", - "os.kernel", - "os.name", - "os.platform", - "os.version", - "package.architecture", - "package.checksum", - "package.description", - "package.install_scope", - "package.license", - "package.name", - "package.path", - "package.version", - "process.args", - "process.executable", - "process.hash.md5", - "process.hash.sha1", - "process.hash.sha256", - "process.hash.sha512", - "process.name", - "process.thread.name", - "process.title", - "process.working_directory", - "server.address", - "server.as.organization.name", - "server.domain", - "server.geo.city_name", - "server.geo.continent_name", - "server.geo.country_iso_code", - "server.geo.country_name", - "server.geo.name", - "server.geo.region_iso_code", - "server.geo.region_name", - "server.mac", - "server.registered_domain", - "server.top_level_domain", - "server.user.domain", - "server.user.email", - "server.user.full_name", - "server.user.group.domain", - "server.user.group.id", - "server.user.group.name", - "server.user.hash", - "server.user.id", - "server.user.name", - "service.ephemeral_id", - "service.id", - "service.name", - "service.node.name", - "service.state", - "service.type", - "service.version", - "source.address", - "source.as.organization.name", - "source.domain", - "source.geo.city_name", - "source.geo.continent_name", - "source.geo.country_iso_code", - "source.geo.country_name", - "source.geo.name", - "source.geo.region_iso_code", - "source.geo.region_name", - "source.mac", - "source.registered_domain", - "source.top_level_domain", - "source.user.domain", - "source.user.email", - "source.user.full_name", - "source.user.group.domain", - "source.user.group.id", - "source.user.group.name", - "source.user.hash", - "source.user.id", - "source.user.name", - "threat.framework", - "threat.tactic.id", - "threat.tactic.name", - "threat.tactic.reference", - "threat.technique.id", - "threat.technique.name", - "threat.technique.reference", - "trace.id", - "transaction.id", - "url.domain", - "url.extension", - "url.fragment", - "url.full", - "url.original", - "url.password", - "url.path", - "url.query", - "url.registered_domain", - "url.scheme", - "url.top_level_domain", - "url.username", - "user.domain", - "user.email", - "user.full_name", - "user.group.domain", - "user.group.id", - "user.group.name", - "user.hash", - "user.id", - "user.name", - "user_agent.device.name", - "user_agent.name", - "user_agent.original.text", - "user_agent.original", - "user_agent.os.family", - "user_agent.os.full", - "user_agent.os.kernel", - "user_agent.os.name", - "user_agent.os.platform", - "user_agent.os.version", - "user_agent.version", - "agent.hostname", - "timeseries.instance", - "cloud.image.id", - "host.os.build", - "host.os.codename", - "kubernetes.pod.name", - "kubernetes.pod.uid", - "kubernetes.namespace", - "kubernetes.node.name", - "kubernetes.node.hostname", - "kubernetes.replicaset.name", - "kubernetes.deployment.name", - "kubernetes.statefulset.name", - "kubernetes.container.name", - "jolokia.agent.version", - "jolokia.agent.id", - "jolokia.server.product", - "jolokia.server.version", - "jolokia.server.vendor", - "jolokia.url", - "event.original", - "winlog.api", - "winlog.activity_id", - "winlog.computer_name", - "winlog.event_data.AuthenticationPackageName", - "winlog.event_data.Binary", - "winlog.event_data.BitlockerUserInputTime", - "winlog.event_data.BootMode", - "winlog.event_data.BootType", - "winlog.event_data.BuildVersion", - "winlog.event_data.Company", - "winlog.event_data.CorruptionActionState", - "winlog.event_data.CreationUtcTime", - "winlog.event_data.Description", - "winlog.event_data.Detail", - "winlog.event_data.DeviceName", - "winlog.event_data.DeviceNameLength", - "winlog.event_data.DeviceTime", - "winlog.event_data.DeviceVersionMajor", - "winlog.event_data.DeviceVersionMinor", - "winlog.event_data.DriveName", - "winlog.event_data.DriverName", - "winlog.event_data.DriverNameLength", - "winlog.event_data.DwordVal", - "winlog.event_data.EntryCount", - "winlog.event_data.ExtraInfo", - "winlog.event_data.FailureName", - "winlog.event_data.FailureNameLength", - "winlog.event_data.FileVersion", - "winlog.event_data.FinalStatus", - "winlog.event_data.Group", - "winlog.event_data.IdleImplementation", - "winlog.event_data.IdleStateCount", - "winlog.event_data.ImpersonationLevel", - "winlog.event_data.IntegrityLevel", - "winlog.event_data.IpAddress", - "winlog.event_data.IpPort", - "winlog.event_data.KeyLength", - "winlog.event_data.LastBootGood", - "winlog.event_data.LastShutdownGood", - "winlog.event_data.LmPackageName", - "winlog.event_data.LogonGuid", - "winlog.event_data.LogonId", - "winlog.event_data.LogonProcessName", - "winlog.event_data.LogonType", - "winlog.event_data.MajorVersion", - "winlog.event_data.MaximumPerformancePercent", - "winlog.event_data.MemberName", - "winlog.event_data.MemberSid", - "winlog.event_data.MinimumPerformancePercent", - "winlog.event_data.MinimumThrottlePercent", - "winlog.event_data.MinorVersion", - "winlog.event_data.NewProcessId", - "winlog.event_data.NewProcessName", - "winlog.event_data.NewSchemeGuid", - "winlog.event_data.NewTime", - "winlog.event_data.NominalFrequency", - "winlog.event_data.Number", - "winlog.event_data.OldSchemeGuid", - "winlog.event_data.OldTime", - "winlog.event_data.OriginalFileName", - "winlog.event_data.Path", - "winlog.event_data.PerformanceImplementation", - "winlog.event_data.PreviousCreationUtcTime", - "winlog.event_data.PreviousTime", - "winlog.event_data.PrivilegeList", - "winlog.event_data.ProcessId", - "winlog.event_data.ProcessName", - "winlog.event_data.ProcessPath", - "winlog.event_data.ProcessPid", - "winlog.event_data.Product", - "winlog.event_data.PuaCount", - "winlog.event_data.PuaPolicyId", - "winlog.event_data.QfeVersion", - "winlog.event_data.Reason", - "winlog.event_data.SchemaVersion", - "winlog.event_data.ScriptBlockText", - "winlog.event_data.ServiceName", - "winlog.event_data.ServiceVersion", - "winlog.event_data.ShutdownActionType", - "winlog.event_data.ShutdownEventCode", - "winlog.event_data.ShutdownReason", - "winlog.event_data.Signature", - "winlog.event_data.SignatureStatus", - "winlog.event_data.Signed", - "winlog.event_data.StartTime", - "winlog.event_data.State", - "winlog.event_data.Status", - "winlog.event_data.StopTime", - "winlog.event_data.SubjectDomainName", - "winlog.event_data.SubjectLogonId", - "winlog.event_data.SubjectUserName", - "winlog.event_data.SubjectUserSid", - "winlog.event_data.TSId", - "winlog.event_data.TargetDomainName", - "winlog.event_data.TargetInfo", - "winlog.event_data.TargetLogonGuid", - "winlog.event_data.TargetLogonId", - "winlog.event_data.TargetServerName", - "winlog.event_data.TargetUserName", - "winlog.event_data.TargetUserSid", - "winlog.event_data.TerminalSessionId", - "winlog.event_data.TokenElevationType", - "winlog.event_data.TransmittedServices", - "winlog.event_data.UserSid", - "winlog.event_data.Version", - "winlog.event_data.Workstation", - "winlog.event_data.param1", - "winlog.event_data.param2", - "winlog.event_data.param3", - "winlog.event_data.param4", - "winlog.event_data.param5", - "winlog.event_data.param6", - "winlog.event_data.param7", - "winlog.event_data.param8", - "winlog.event_id", - "winlog.keywords", - "winlog.channel", - "winlog.record_id", - "winlog.related_activity_id", - "winlog.opcode", - "winlog.provider_guid", - "winlog.provider_name", - "winlog.task", - "winlog.user.identifier", - "winlog.user.name", - "winlog.user.domain", - "winlog.user.type", - "powershell.id", - "powershell.pipeline_id", - "powershell.runspace_id", - "powershell.command.path", - "powershell.command.name", - "powershell.command.type", - "powershell.command.value", - "powershell.command.invocation_details.type", - "powershell.command.invocation_details.related_command", - "powershell.command.invocation_details.name", - "powershell.command.invocation_details.value", - "powershell.connected_user.domain", - "powershell.connected_user.name", - "powershell.engine.version", - "powershell.engine.previous_state", - "powershell.engine.new_state", - "powershell.file.script_block_id", - "powershell.file.script_block_text", - "powershell.process.executable_version", - "powershell.provider.new_state", - "powershell.provider.name", - "winlog.logon.type", - "winlog.logon.id", - "winlog.logon.failure.reason", - "winlog.logon.failure.status", - "winlog.logon.failure.sub_status", - "sysmon.dns.status", - "fields.*" - ] - }, - "refresh_interval": "5s" - - } - } - } -} diff --git a/OLD_CHAPTERS/Chapter 3 Files/winlogbeat.yml b/OLD_CHAPTERS/Chapter 3 Files/winlogbeat.yml deleted file mode 100644 index 8da301a3..00000000 --- a/OLD_CHAPTERS/Chapter 3 Files/winlogbeat.yml +++ /dev/null @@ -1,32 +0,0 @@ -winlogbeat.event_logs: - - name: Application - ignore_older: 72h - - - name: System - - - name: Security - - - name: Microsoft-Windows-Sysmon/Operational - - - name: Windows PowerShell - event_id: 400, 403, 600, 800 - - - name: Microsoft-Windows-PowerShell/Operational - event_id: 4103, 4104, 4105, 4106 - - - name: ForwardedEvents - tags: [forwarded] - -output.logstash: - # The Logstash hosts - hosts: ["logstash_dns_name:5044"] - - # Optional SSL. By default is off. - # List of root certificates for HTTPS server verifications - ssl.certificate_authorities: ["C:\\Program Files\\lme\\root-ca.crt"] - - # Certificate for SSL client authentication - ssl.certificate: "C:\\Program Files\\lme\\wlbclient.crt" - - # Client Certificate Key - ssl.key: "C:\\Program Files\\lme\\wlbclient.key" diff --git a/OLD_CHAPTERS/Chapter 4 Files/dashboards/Healthcheckoverview_dashboard.ndjson b/OLD_CHAPTERS/Chapter 4 Files/dashboards/Healthcheckoverview_dashboard.ndjson deleted file mode 100644 index 18396d75..00000000 --- a/OLD_CHAPTERS/Chapter 4 Files/dashboards/Healthcheckoverview_dashboard.ndjson +++ /dev/null @@ -1,9 +0,0 @@ -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2023-12-19T21:01:21.814Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2023-12-19T21:01:21.814Z","version":"WzExMiwxXQ=="} -{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":10},\"source.ip\":{\"count\":3},\"source.port\":{\"count\":3},\"winlog.event_data.IpAddress\":{\"count\":6},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":5},\"winlog.event_data.TargetDomainName\":{\"count\":9},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.event_data.ProcessID\":{\"count\":1},\"process.executable\":{\"count\":2},\"destination.ip\":{\"count\":1},\"destination.port\":{\"count\":1},\"network.transport\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.DestinationIp\":{\"count\":5},\"winlog.event_data.DestinationPort\":{\"count\":1},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.SourceIp\":{\"count\":3},\"winlog.event_data.SourcePort\":{\"count\":3},\"winlog.event_data.SourcePortName\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":1},\"winlog.event_data.SubjectUserName\":{\"count\":2},\"winlog.event_data.TargetUser\":{\"count\":2},\"winlog.user.domain\":{\"count\":1},\"winlog.user.name\":{\"count\":1}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"winlogbeat-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"winlogbeat-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2023-12-19T21:01:21.814Z","id":"68a051a0-1d7f-11e9-9fc5-a91039822035","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2023-12-20T15:47:18.090Z","version":"WzE4OSwyXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"title":"Alpha - Health Check - Total Hosts - Metric","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"metric\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"host.name\",\"customLabel\":\"Total Hosts\"}}],\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"title\":\"Alpha - Health Check - Total Hosts - Metric\"}"},"coreMigrationVersion":"8.8.0","created_at":"2023-12-19T21:01:13.787Z","id":"58208f80-ded5-11e9-b926-9d3c5257021a","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2023-12-19T21:01:13.787Z","version":"WzI0LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"not winlog.user.name:*$\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"winlog.user.domain\",\"value\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"field\":\"winlog.user.domain\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"winlog.user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"winlog.user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"winlog.user.domain\":\"Font Driver Host\"}}]}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Users seen","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Users seen\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"winlog.user.name\",\"customLabel\":\"Users seen (total)\",\"emptyAsNull\":false},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}}}"},"coreMigrationVersion":"8.8.0","created_at":"2023-12-19T21:01:13.787Z","id":"2768bcb0-1e3b-11e9-9fc5-a91039822035","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2023-12-20T15:59:12.688Z","version":"WzIyMCwyXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Events by machine","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Events by machine\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Number of events seen\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.computer_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Computer name\"},\"schema\":\"segment\"}],\"params\":{\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":true,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\",\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3}}"},"coreMigrationVersion":"8.8.0","created_at":"2023-12-19T21:01:13.787Z","id":"7243e330-1e41-11e9-9fc5-a91039822035","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2023-12-20T16:24:28.554Z","version":"WzI2MCwyXQ=="} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":null,\"type\":\"phrase\",\"key\":\"winlog.event_id\",\"value\":\"41\",\"params\":{\"query\":41,\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"winlog.event_id\":{\"query\":41,\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Unexpected Power Off","version":1},"coreMigrationVersion":"8.8.0","created_at":"2023-12-19T21:01:13.787Z","id":"12473b70-7bc6-11e9-b45c-ad49d0e60b5a","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2023-12-19T21:01:13.787Z","version":"WzI3LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Unexpected shutdowns","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Unexpected shutdowns\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.computer_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":50,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Computer name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":true,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2023-12-19T21:01:13.787Z","id":"084a95e0-7bdf-11e9-b45c-ad49d0e60b5a","managed":false,"references":[{"id":"12473b70-7bc6-11e9-b45c-ad49d0e60b5a","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2023-12-19T21:01:13.787Z","version":"WzI4LDFd"} -{"attributes":{"description":"Health Check overview","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":45,\"h\":4,\"i\":\"e8d94f15-a4f9-4de2-94e3-c0d88d06b602\"},\"panelIndex\":\"e8d94f15-a4f9-4de2-94e3-c0d88d06b602\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e8d94f15-a4f9-4de2-94e3-c0d88d06b602\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":7,\"h\":7,\"i\":\"ba924baf-3793-418e-a1de-ff805560f85b\"},\"panelIndex\":\"ba924baf-3793-418e-a1de-ff805560f85b\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Total Hosts\",\"panelRefName\":\"panel_ba924baf-3793-418e-a1de-ff805560f85b\"},{\"type\":\"visualization\",\"gridData\":{\"x\":7,\"y\":4,\"w\":7,\"h\":7,\"i\":\"7a2e3d19-3a4c-43eb-a9bc-ffe8a745b118\"},\"panelIndex\":\"7a2e3d19-3a4c-43eb-a9bc-ffe8a745b118\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7a2e3d19-3a4c-43eb-a9bc-ffe8a745b118\"},{\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":4,\"w\":11,\"h\":7,\"i\":\"2b349db3-6677-43de-99ff-111253bee020\"},\"panelIndex\":\"2b349db3-6677-43de-99ff-111253bee020\",\"embeddableConfig\":{\"attributes\":{\"title\":\"Alpha - Health Check - Number of Admins - Metric (converted)\",\"description\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"68a051a0-1d7f-11e9-9fc5-a91039822035\",\"name\":\"indexpattern-datasource-layer-bf39875d-159e-4950-8c3d-803a61d82313\"},{\"type\":\"index-pattern\",\"name\":\"1aab2c4b-51a1-4b7a-8173-1d0c9fb242a5\",\"id\":\"68a051a0-1d7f-11e9-9fc5-a91039822035\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":true,\"maxLines\":5},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"valuesInLegend\":true,\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"bf39875d-159e-4950-8c3d-803a61d82313\",\"seriesType\":\"bar_stacked\",\"xAccessor\":\"f2d64ded-4380-46ff-8ff3-301d33e2c9c2\",\"accessors\":[\"cf94e195-c66f-4040-9aee-44a0c719091a\"],\"layerType\":\"data\"}]},\"query\":{\"query\":\"winlog.event_id:1 and winlog.event_data.IntegrityLevel : \\\"High\\\" and not \\\"NT VIRTUAL MACHINE\\\" AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"disabled\":false,\"negate\":false,\"alias\":null,\"index\":\"1aab2c4b-51a1-4b7a-8173-1d0c9fb242a5\",\"key\":\"winlog.user.name\",\"field\":\"winlog.user.name\",\"value\":\"exists\",\"type\":\"exists\"},\"query\":{\"exists\":{\"field\":\"winlog.user.name\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"bf39875d-159e-4950-8c3d-803a61d82313\":{\"columns\":{\"f2d64ded-4380-46ff-8ff3-301d33e2c9c2\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"cf94e195-c66f-4040-9aee-44a0c719091a\":{\"label\":\"Unique Count of Admin Users\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"winlog.user.name\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"customLabel\":true}},\"columnOrder\":[\"f2d64ded-4380-46ff-8ff3-301d33e2c9c2\",\"cf94e195-c66f-4040-9aee-44a0c719091a\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Number of Admins\"},{\"type\":\"visualization\",\"gridData\":{\"x\":25,\"y\":4,\"w\":20,\"h\":18,\"i\":\"9479b8b7-fd3b-4160-8d3a-d7e4685c5819\"},\"panelIndex\":\"9479b8b7-fd3b-4160-8d3a-d7e4685c5819\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9479b8b7-fd3b-4160-8d3a-d7e4685c5819\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":11,\"w\":25,\"h\":11,\"i\":\"c4bcdc99-aaf7-4555-8ed0-d99f701396f2\"},\"panelIndex\":\"c4bcdc99-aaf7-4555-8ed0-d99f701396f2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_c4bcdc99-aaf7-4555-8ed0-d99f701396f2\"}]","timeRestore":false,"title":"HealthCheck Dashboard - Overview","version":1},"coreMigrationVersion":"8.8.0","created_at":"2023-12-20T16:21:32.831Z","id":"51fe1470-fa59-11e9-bf25-8f92ffa3e3ec","managed":false,"references":[{"id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","name":"e8d94f15-a4f9-4de2-94e3-c0d88d06b602:panel_e8d94f15-a4f9-4de2-94e3-c0d88d06b602","type":"visualization"},{"id":"58208f80-ded5-11e9-b926-9d3c5257021a","name":"ba924baf-3793-418e-a1de-ff805560f85b:panel_ba924baf-3793-418e-a1de-ff805560f85b","type":"visualization"},{"id":"2768bcb0-1e3b-11e9-9fc5-a91039822035","name":"7a2e3d19-3a4c-43eb-a9bc-ffe8a745b118:panel_7a2e3d19-3a4c-43eb-a9bc-ffe8a745b118","type":"visualization"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"2b349db3-6677-43de-99ff-111253bee020:indexpattern-datasource-layer-bf39875d-159e-4950-8c3d-803a61d82313","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"2b349db3-6677-43de-99ff-111253bee020:1aab2c4b-51a1-4b7a-8173-1d0c9fb242a5","type":"index-pattern"},{"id":"7243e330-1e41-11e9-9fc5-a91039822035","name":"9479b8b7-fd3b-4160-8d3a-d7e4685c5819:panel_9479b8b7-fd3b-4160-8d3a-d7e4685c5819","type":"visualization"},{"id":"084a95e0-7bdf-11e9-b45c-ad49d0e60b5a","name":"c4bcdc99-aaf7-4555-8ed0-d99f701396f2:panel_c4bcdc99-aaf7-4555-8ed0-d99f701396f2","type":"visualization"}],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2023-12-20T16:21:32.831Z","version":"WzI1OCwyXQ=="} -{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":8,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file diff --git a/OLD_CHAPTERS/Chapter 4 Files/dashboards/Readme.md b/OLD_CHAPTERS/Chapter 4 Files/dashboards/Readme.md deleted file mode 100644 index afdcc412..00000000 --- a/OLD_CHAPTERS/Chapter 4 Files/dashboards/Readme.md +++ /dev/null @@ -1,64 +0,0 @@ -# Folder for all the dashboards - - -## How to update dashboards -To update the dashboards, run the following command from the Linux server: -``` -sudo /opt/lme/dashboard_update.sh -``` - -Note that there is also a `dashboard_update.sh` script within the Chapter 3 Files folder. That is a generic version of the script that is used to contruct the `dashboard_update.sh` script inside the /opt/lme folder. The version inside the Chapter 3 Files folder does **not** have the information needed to update the dashboards. Only the version inside the /opt/lme folder, which is customized to your specific installation of LME, should be run. - -### Updating to new dashboards and removing old ones (Starting with 1.1.0) -Browse to `Kibana->Stack Management` then select `Saved Objects`. -On the Saved Objects page, you can filter by dashboards. - -Select the filter `Type` and select `dashboard`. - -* It is suggested that you export the dashboards first (readme below) so you have a backup. -You can delete all of the dashboards before importing the new ones. - -After having backed up the dashboards and deleting them, you can then run -`dashboard_update.sh` in the `/opt/lme` directory. - - -### Exporting dashboards: -It is recommended that you export your dashboards before updating them, especially if you have customized them or created new ones. -To export the dashboards use the `export_dashboards.py` file in the Chapter 4 directory. -It is easiest to export them from the ubuntu machine where you have installed the ELK stack because the -default port and hostname are in the script. You will need the user and password for elastic that were printed -on your initial install. - -##### The files will be exported to `Chapter 4 Files/exported` - -#### Running on Ubuntu -Change to the `Chapter 4 Files` directory and run: -``` -./export_dashboards.py -u elastic -p YOURUNIQUEPASS -``` -The modules should already be installed on Ubuntu, but If the script complains about missing modules: -``` -pip install -r requirements.txt -``` - -#### Running on Windows -You must have python and the modules installed. (You can install python 3 from the Microsoft Store) Then make -sure you are in the `Chapter 4 Files` directory and install the requirements. -``` -pip install -r requirements.txt -``` - -You will probably have to pass the host that you connect to for kibana when running on windows. -``` -python .\export_dashboards.py -u elastic -p YOURUNIQUEPASS --host x.x.x.x -``` - -## Customizing dashboards: -When customizing dashboards keep in mind to be sure the name of the file does not conflict with one on git. In future iterations of LME, updates will overwrite any dashboard file that you have customized or named the same as an original file that appears in this directory. - -In addition, any other dashboards you want to save in git and track in this repository can maintained safely (assuming the new files do not overlap in name with any original file in LME) by doing the following: - 1. Creating your own local branch in this LME repo - 2. Commiting any changes - 3. pulling in changes from `main` to your local repo - - diff --git a/OLD_CHAPTERS/Chapter 4 Files/dashboards/alerting_dashboard.ndjson b/OLD_CHAPTERS/Chapter 4 Files/dashboards/alerting_dashboard.ndjson deleted file mode 100644 index a6e0ec1e..00000000 --- a/OLD_CHAPTERS/Chapter 4 Files/dashboards/alerting_dashboard.ndjson +++ /dev/null @@ -1,18 +0,0 @@ -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-12T18:07:12.693Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-12-12T18:07:12.693Z","version":"WzM5NTQyLDEyXQ=="} -{"attributes":{"fieldAttrs":"{}","fieldFormatMap":"{\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable.text\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name.text\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","runtimeFieldMap":"{\"Column1\":{\"type\":\"keyword\",\"script\":{\"source\":\"if(doc['signal.status'].size() != 0) { if(doc['signal.status'].value.equals(\\\"open\\\")) { if(doc['event.code'].size() != 0) { if(doc['event.code'].value.equals(Integer.toString(1))) { if (doc['process.pid'].size() != 0) { emit (doc['process.pid'].value.toString()) } } else if(doc['event.code'].value.equals(Integer.toString(3))) { if (doc['destination.address'].size() != 0) { emit (doc['destination.address'].value.toString()) } } } emit (\\\"No Data\\\") } } emit (\\\"Signal Closed\\\")\"}},\"Column2\":{\"type\":\"keyword\",\"script\":{\"source\":\"if(doc['signal.status'].size() != 0) { if(doc['signal.status'].value.equals(\\\"open\\\")) { if(doc['event.code'].size() != 0) { if(doc['event.code'].value.equals(Integer.toString(1))) { def args = \\\"\\\"; if (doc['process.args'].size() != 0) { for(int i=0; i winlog.computer_name:(\\\\S+) > .*\\\").legend(position=ne)\",\"interval\":\"auto\"},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:49.189Z","id":"e48bf6f0-e90f-11e9-9070-f78ae052729a","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-12-13T23:45:49.189Z","version":"WzM0NjE0LDdd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_security_4625_failed_logon_types_label","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_security_4625_failed_logon_types_label\",\"type\":\"markdown\",\"params\":{\"markdown\":\"|Logon Type|Logon Title|Description|\\n| :-: | :- | :- |\\n| 2 | Interactive | A user logged on to this computer. |\\n| 3 | Network | A user or computer logged on to this computer from the network. |\\n| 4 | Batch | Batch logon type is used by batch servers, where processes may be executing on behalf of a user without their direct intervention. |\\n| 5 | Service | A service was started by the Service Control Manager. |\\n| 7 | Unlock | This workstation was unlocked. |\\n| 8 | NetworkCleartext | A user logged on to this computer from the network. The user's password was passed to the authentication package in its unhashed form. The built-in authentication packages all hash credentials before sending them across the network. The credentials do not traverse the network in plaintext (also called cleartext). |\\n| 9 | NewCredentials | A caller cloned its current token and specified new credentials for outbound connections. The new logon session has the same local identity, but uses different credentials for other network connections. |\\n| 10 | RemoteInteractive | A user logged on to this computer remotely using Terminal Services or Remote Desktop. |\\n| 11 | CachedInteractive | A user logged on to this computer with network credentials that were stored locally on the computer. The domain controller was not contacted to verify the credentials. |\\n\\nFor more information see *https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4625*\",\"openLinksInNewTab\":false,\"fontSize\":10},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:49.189Z","id":"846ca470-e9ac-11e9-92c4-d918939a618e","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-12-13T23:45:49.189Z","version":"WzM0NjE1LDdd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_4625_failed_logon_status_codes_pie","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"vis_sd_security_4625_failed_logon_status_codes_pie\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.LogonType\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.Status\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"segment\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.SubStatus\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:49.189Z","id":"43ef93b0-e9a9-11e9-92c4-d918939a618e","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"0b549610-e902-11e9-9070-f78ae052729a","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-13T23:45:49.189Z","version":"WzM0NjE2LDdd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_security_4625_failed_logon_status_label","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_security_4625_failed_logon_status_label\",\"type\":\"markdown\",\"params\":{\"markdown\":\"| Code | Description |\\n| :- | :- |\\n| 0XC000005E | There are currently no logon servers available to service the logon request. |\\n| 0xC0000064 | User logon with misspelled or bad user account |\\n| 0xC000006A | User logon with misspelled or bad password |\\n| 0XC000006D | This is either due to a bad username or authentication information |\\n| 0XC000006E | Unknown user name or bad password. |\\n| 0xC000006F | User logon outside authorized hours |\\n| 0xC0000070 | User logon from unauthorized workstation |\\n| 0xC0000071 | User logon with expired password |\\n| 0xC0000072 | User logon to account disabled by administrator |\\n| 0XC00000DC | Indicates the Sam Server was in the wrong state to perform the desired operation. |\\n| 0XC0000133 | Clocks between DC and other computer too far out of sync |\\n| 0XC000015B | The user has not been granted the requested logon type (aka logon right) at this machine |\\n| 0XC000018C | The logon request failed because the trust relationship between the primary domain and the trusted domain failed. |\\n| 0XC0000192 | An attempt was made to logon, but the Netlogon service was not started. |\\n| 0xC0000193 | User logon with expired account |\\n| 0XC0000224 | User is required to change password at next logon |\\n| 0XC0000225 | Evidently a bug in Windows and not a risk |\\n| 0xC0000234 | User logon with account locked |\\n| 0XC00002EE | Failure Reason: An Error occurred during Logon |\\n| 0XC0000413 | Logon Failure: The machine you are logging onto is protected by an authentication firewall. The specified account is not allowed to authenticate to the machine. |\\n| 0x0 | Status OK. |\\n\\nFor more information see *https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4625*\",\"openLinksInNewTab\":false,\"fontSize\":10},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:49.189Z","id":"3690c770-e9ae-11e9-92c4-d918939a618e","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-12-13T23:45:49.189Z","version":"WzM0NjE3LDdd"} -{"attributes":{"columns":["host.name","winlog.event_data.SubjectUserName","winlog.event_data.TargetUserName","winlog.event_data.TargetServerName","winlog.event_data.SubjectDomainName","winlog.event_data.TargetDomainName","winlog.event_data.ProcessId","winlog.event_data.ProcessName"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.channel:Security and winlog.event_id:4648 \",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"custom\",\"disabled\":false,\"negate\":false,\"alias\":null,\"key\":\"query\",\"value\":\"{\\\"bool\\\":{\\\"must\\\":[{\\\"script\\\":{\\\"script\\\":\\\"doc['winlog.event_data.SubjectUserName'].value != doc['winlog.event_data.TargetUserName'].value\\\"}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"must\":[{\"script\":{\"script\":\"doc['winlog.event_data.SubjectUserName'].value != doc['winlog.event_data.TargetUserName'].value\"}}]}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"alias\":null,\"negate\":true,\"disabled\":false,\"type\":\"phrase\",\"key\":\"winlog.event_data.TargetDomainName\",\"params\":{\"query\":\"Window Manager\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"winlog.event_data.TargetDomainName\":\"Window Manager\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"alias\":null,\"negate\":true,\"disabled\":false,\"type\":\"phrase\",\"key\":\"winlog.event_data.TargetDomainName\",\"params\":{\"query\":\"Font Driver Host\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"winlog.event_data.TargetDomainName\":\"Font Driver Host\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"timeRestore":false,"title":"srch_sd_security_4648_logon_explicit_creds_running_as_different_user","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:49.189Z","id":"103ccef0-ea73-11e9-be68-7f08998695a8","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-14T17:38:15.880Z","version":"WzM5OTg1LDld"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_logs_computernames_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Logged events\"}},{\"id\":\"2\",\"enabled\":false,\"type\":\"filters\",\"schema\":\"bucket\",\"params\":{\"filters\":[{\"input\":{\"query\":\"winlog.event_id : 4624\",\"language\":\"kuery\"},\"label\":\"EventID 4624\"}]}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1000,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Computername\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{},\"params\":{},\"aggType\":\"filters\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"vis_sd_security_logs_computernames_datatable\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:49.189Z","id":"1c4214a0-f0cf-11e9-a5fc-65ed253cef03","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"e30872f0-e698-11e9-8be5-cd86dcca33f3","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-13T23:45:49.189Z","version":"WzM0NjIwLDdd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjQ2LDdd"} -{"attributes":{"description":"Security log related events","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":24,\"h\":15,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security logs events\",\"panelRefName\":\"panel_1\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":134,\"w\":48,\"h\":17,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - Process creation - event ID 4688\",\"panelRefName\":\"panel_2\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":109,\"w\":48,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Log Cleared - event ID 1102 or 104\",\"panelRefName\":\"panel_3\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":151,\"w\":48,\"h\":18,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - Logon created - Logon type 2\",\"panelRefName\":\"panel_6\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":3,\"w\":24,\"h\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Select a computer to filter the below results. Leave blank for all\",\"panelRefName\":\"panel_7\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":169,\"w\":48,\"h\":15,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - network logon created - Logon type 3\",\"panelRefName\":\"panel_8\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":117,\"w\":48,\"h\":17,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log events - Detail\",\"panelRefName\":\"panel_9\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":184,\"w\":48,\"h\":17,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Sercurity log - logon as a service - Logon type 5\",\"panelRefName\":\"panel_10\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":201,\"w\":48,\"h\":15,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - Credential sent as clear text - Logon type 8\",\"panelRefName\":\"panel_11\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":18,\"w\":24,\"h\":15,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed logon attempts\",\"panelRefName\":\"panel_15\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":216,\"w\":48,\"h\":18,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - Logons with special privileges assigned - event ID 4672\",\"panelRefName\":\"panel_19\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":18,\"w\":24,\"h\":15,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Computers showing failed login attempts - 10 maximum shown\",\"panelRefName\":\"panel_20\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":33,\"w\":48,\"h\":18,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed logon type codes\",\"panelRefName\":\"panel_21\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":51,\"w\":48,\"h\":16,\"i\":\"22\"},\"panelIndex\":\"22\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed logon and reason (status code)\",\"panelRefName\":\"panel_22\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":83,\"w\":48,\"h\":26,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed logon status codes\",\"panelRefName\":\"panel_23\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":234,\"w\":48,\"h\":15,\"i\":\"28\"},\"panelIndex\":\"28\",\"embeddableConfig\":{\"enhancements\":{},\"sort\":[]},\"title\":\"Security log - Process started with different credentials- event ID 4648 [could be RUNAS, scheduled tasks]\",\"panelRefName\":\"panel_28\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":11,\"w\":24,\"h\":7,\"i\":\"30\"},\"panelIndex\":\"30\",\"embeddableConfig\":{\"enhancements\":{},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"title\":\"Select a computername to filter\",\"panelRefName\":\"panel_30\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"b71dba65-ed1c-4917-9fc7-54923511ad2d\"},\"panelIndex\":\"b71dba65-ed1c-4917-9fc7-54923511ad2d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b71dba65-ed1c-4917-9fc7-54923511ad2d\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":67,\"w\":48,\"h\":16,\"i\":\"96010259-5ae8-4632-bcce-34078573b1cd\"},\"panelIndex\":\"96010259-5ae8-4632-bcce-34078573b1cd\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed Logons\",\"panelRefName\":\"panel_96010259-5ae8-4632-bcce-34078573b1cd\"}]","timeRestore":false,"title":"Security Dashboard - Security Log","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-14T17:42:45.616Z","id":"51186cd0-e8e9-11e9-9070-f78ae052729a","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"e5245110-e8e8-11e9-9070-f78ae052729a","name":"1:panel_1","type":"visualization"},{"id":"781b09e0-e8ea-11e9-9070-f78ae052729a","name":"2:panel_2","type":"search"},{"id":"8c100710-e8eb-11e9-9070-f78ae052729a","name":"3:panel_3","type":"search"},{"id":"0222a210-e8f0-11e9-9070-f78ae052729a","name":"6:panel_6","type":"visualization"},{"id":"5c6f40d0-e8f4-11e9-9070-f78ae052729a","name":"7:panel_7","type":"visualization"},{"id":"666027c0-e8f5-11e9-9070-f78ae052729a","name":"8:panel_8","type":"visualization"},{"id":"e30872f0-e698-11e9-8be5-cd86dcca33f3","name":"9:panel_9","type":"search"},{"id":"d99cb4d0-e8f8-11e9-9070-f78ae052729a","name":"10:panel_10","type":"visualization"},{"id":"80125e30-e900-11e9-9070-f78ae052729a","name":"11:panel_11","type":"visualization"},{"id":"fefc2830-e904-11e9-9070-f78ae052729a","name":"15:panel_15","type":"visualization"},{"id":"379f1cb0-e90a-11e9-9070-f78ae052729a","name":"19:panel_19","type":"visualization"},{"id":"e48bf6f0-e90f-11e9-9070-f78ae052729a","name":"20:panel_20","type":"visualization"},{"id":"846ca470-e9ac-11e9-92c4-d918939a618e","name":"21:panel_21","type":"visualization"},{"id":"43ef93b0-e9a9-11e9-92c4-d918939a618e","name":"22:panel_22","type":"visualization"},{"id":"3690c770-e9ae-11e9-92c4-d918939a618e","name":"23:panel_23","type":"visualization"},{"id":"103ccef0-ea73-11e9-be68-7f08998695a8","name":"28:panel_28","type":"search"},{"id":"1c4214a0-f0cf-11e9-a5fc-65ed253cef03","name":"30:panel_30","type":"visualization"},{"id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","name":"b71dba65-ed1c-4917-9fc7-54923511ad2d:panel_b71dba65-ed1c-4917-9fc7-54923511ad2d","type":"visualization"},{"id":"0b549610-e902-11e9-9070-f78ae052729a","name":"96010259-5ae8-4632-bcce-34078573b1cd:panel_96010259-5ae8-4632-bcce-34078573b1cd","type":"search"}],"type":"dashboard","updated_at":"2023-12-14T17:42:45.616Z","version":"WzQwMTE2LDld"} -{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":26,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file diff --git a/OLD_CHAPTERS/Chapter 4 Files/dashboards/sysmon_summary.ndjson b/OLD_CHAPTERS/Chapter 4 Files/dashboards/sysmon_summary.ndjson deleted file mode 100644 index c44c40e4..00000000 --- a/OLD_CHAPTERS/Chapter 4 Files/dashboards/sysmon_summary.ndjson +++ /dev/null @@ -1,11 +0,0 @@ -{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":8},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":5},\"source.ip\":{\"count\":2},\"source.port\":{\"count\":2},\"winlog.event_data.IpAddress\":{\"count\":5},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":1},\"winlog.event_data.TargetDomainName\":{\"count\":6},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":1},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"file.path\":{\"count\":2},\"file.path.text\":{\"count\":1},\"file.directory\":{\"count\":2},\"agent.name\":{\"count\":1},\"event.code\":{\"count\":1},\"winlog.event_data.SourceImage\":{\"count\":1},\"winlog.event_data.SourceUser\":{\"count\":1}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"winlogbeat-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"winlogbeat-*","typeMeta":"{}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-14T19:04:06.435Z","id":"68a051a0-1d7f-11e9-9fc5-a91039822035","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"type":"index-pattern","updated_at":"2023-12-14T20:04:50.214Z","version":"WzI0MzcwLDE5XQ=="} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.channel:\\\"Microsoft-Windows-Sysmon/Operational\\\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_sysmon_all_events","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-06T23:54:40.258Z","id":"8b6d5950-e5c8-11e9-8f1d-73a2ea4cc3ed","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-06T23:54:40.258Z","version":"WzIwNDIyLDE2XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_sysmon_all_events_count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_all_events_count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-06T23:54:40.258Z","id":"6bae6b40-e5cd-11e9-8f1d-73a2ea4cc3ed","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8b6d5950-e5c8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-06T23:54:40.258Z","version":"WzIwNDIzLDE2XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_sysmon_all_events_pie","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_all_events_pie\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":23,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Event code\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":false,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":0},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-06T23:54:40.258Z","id":"8fcbbf80-e5ca-11e9-8f1d-73a2ea4cc3ed","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8b6d5950-e5c8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-06T23:54:40.258Z","version":"WzIwNDI0LDE2XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_sysmon_all_events_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_all_events_datatable\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"winlog.event_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":23,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Event code\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-06T23:54:40.258Z","id":"fb34c760-e5cc-11e9-8f1d-73a2ea4cc3ed","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8b6d5950-e5c8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-06T23:54:40.258Z","version":"WzIwNDI1LDE2XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_sysmon_all_host_events_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_all_host_events_datatable\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":23,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Event code\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Missing computer name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Computer name\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"split\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Missing computer name\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}],\"splitRow\":[{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"row\":true,\"percentageCol\":\"\",\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-06T23:54:40.258Z","id":"4ff18f60-e5d0-11e9-8f1d-73a2ea4cc3ed","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"8b6d5950-e5c8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-06T23:54:40.258Z","version":"WzIwNDI2LDE2XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_sysmon_event_code_reference","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"markdown\",\"aggs\":[],\"params\":{\"markdown\":\"| \\tEvent ID\\t | \\tEvent\\t | \\tDescription\\t |\\n| \\t:-:\\t | \\t:-\\t | \\t-\\t |\\n| \\t1\\t | \\tProcess creation\\t | \\tThe process creation event provides extended information about a newly created process. The full command line provides context on the process execution. The ProcessGUID field is a unique value for this process across a domain to make event correlation easier. The hash is a full hash of the file with the algorithms in the HashType field.\\t |\\n| \\t2\\t | \\tA process changed a file creation time\\t | \\tThe change file creation time event is registered when a file creation time is explicitly modified by a process. This event helps tracking the real creation time of a file. Attackers may change the file creation time of a backdoor to make it look like it was installed with the operating system. Note that many processes legitimately change the creation time of a file; it does not necessarily indicate malicious activity.\\t |\\n| \\t3\\t | \\tNetwork connection\\t | \\tThe network connection event logs TCP/UDP connections on the machine. It is disabled by default. Each connection is linked to a process through the ProcessId and ProcessGUID fields. The event also contains the source and destination host names IP addresses, port numbers and IPv6 status.\\t |\\n| \\t4\\t | \\tSysmon service state changed\\t | \\tThe service state change event reports the state of the Sysmon service (started or stopped).\\t |\\n| \\t5\\t | \\tProcess terminated\\t | \\tThe process terminate event reports when a process terminates. It provides the UtcTime, ProcessGuid and ProcessId of the process.\\t |\\n| \\t6\\t | \\tDriver loaded\\t | \\tThe driver loaded events provides information about a driver being loaded on the system. The configured hashes are provided as well as signature information. The signature is created asynchronously for performance reasons and indicates if the file was removed after loading.\\t |\\n| \\t7\\t | \\tImage loaded\\t | \\tThe image loaded event logs when a module is loaded in a specific process. This event is disabled by default and needs to be configured with the ๏ฟฝl option. It indicates the process in which the module is loaded, hashes and signature information. The signature is created asynchronously for performance reasons and indicates if the file was removed after loading. This event should be configured carefully, as monitoring all image load events will generate a large number of events.\\t |\\n| \\t8\\t | \\tCreateRemoteThread\\t | \\tThe CreateRemoteThread event detects when a process creates a thread in another process. This technique is used by malware to inject code and hide in other processes. The event indicates the source and target process. It gives information on the code that will be run in the new thread: StartAddress, StartModule and StartFunction. Note that StartModule and StartFunction fields are inferred, they might be empty if the starting address is outside loaded modules or known exported functions.\\t |\\n| \\t9\\t | \\tRawAccessRead\\t | \\tThe RawAccessRead event detects when a process conducts reading operations from the drive using the \\\\\\\\\\\\\\\\.\\\\ denotation. This technique is often used by malware for data exfiltration of files that are locked for reading, as well as to avoid file access auditing tools. The event indicates the source process and target device.\\t |\\n| \\t10\\t | \\tProcessAccess\\t | \\tThe process accessed event reports when a process opens another process, an operation that๏ฟฝs often followed by information queries or reading and writing the address space of the target process. This enables detection of hacking tools that read the memory contents of processes like Local Security Authority (Lsass.exe) in order to steal credentials for use in Pass-the-Hash attacks. Enabling it can generate significant amounts of logging if there are diagnostic utilities active that repeatedly open processes to query their state, so it generally should only be done so with filters that remove expected accesses.\\t |\\n| \\t11\\t | \\tFileCreate\\t | \\tFile create operations are logged when a file is created or overwritten. This event is useful for monitoring autostart locations, like the Startup folder, as well as temporary and download directories, which are common places malware drops during initial infection.\\t |\\n| \\t12\\t | \\tRegistryEvent (Object create and delete)\\t | \\tRegistry key and value create and delete operations map to this event type, which can be useful for monitoring for changes to Registry autostart locations, or specific malware registry modifications. Sysmon uses abbreviated versions of Registry root key names, with the following mappings: |\\n|||**Key name**                                                                                          **Abbreviation**|\\n|||HKEY_LOCAL_MACHINE                                                                  HKLM|\\n|||HKEY_USERS                                                                                     HKU|\\n|||HKEY_LOCAL_MACHINE\\\\System\\\\ControlSet00x                          HKLM\\\\System\\\\CurrentControlSet|\\n|||HKEY_LOCAL_MACHINE\\\\Classes                                                    HKCR|\\n| \\t13\\t | \\tRegistryEvent (Value Set)\\t | \\tThis Registry event type identifies Registry value modifications. The event records the value written for Registry values of type DWORD and QWORD.\\t |\\n| \\t14\\t | \\tRegistryEvent (Key and Value Rename)\\t | \\tRegistry key and value rename operations map to this event type, recording the new name of the key or value that was renamed.\\t |\\n| \\t15\\t | \\tFileCreateStreamHash\\t | \\tThis event logs when a named file stream is created, and it generates events that log the hash of the contents of the file to which the stream is assigned (the unnamed stream), as well as the contents of the named stream. There are malware variants that drop their executables or configuration settings via browser downloads, and this event is aimed at capturing that based on the browser attaching a Zone.Identifier ๏ฟฝmark of the web๏ฟฝ stream.\\t |\\n| \\t16\\t | \\tServiceConfigurationChange\\t | \\tThis event logs changes in the Sysmon configuration - for example when the filtering rules are updated.\\t |\\n| \\t17\\t | \\tPipeEvent (Pipe Created)\\t | \\tThis event generates when a named pipe is created. Malware often uses named pipes for interprocess communication.\\t |\\n| \\t18\\t | \\tPipeEvent (Pipe Connected)\\t | \\tThis event logs when a named pipe connection is made between a client and a server.\\t |\\n| \\t19\\t | \\tWmiEvent (WmiEventFilter activity detected)\\t | \\tWhen a WMI event filter is registered, which is a method used by malware to execute, this event logs the WMI namespace, filter name and filter expression.\\t |\\n| \\t20\\t | \\tWmiEvent (WmiEventConsumer activity detected)\\t | \\tThis event logs the registration of WMI consumers, recording the consumer name, log, and destination.\\t |\\n| \\t21\\t | \\tWmiEvent (WmiEventConsumerToFilter activity detected)\\t | \\tWhen a consumer binds to a filter, this event logs the consumer name and filter path.\\t |\\n| \\t22\\t | \\tDNSEvent (DNS query)\\t | \\tThis event generates when a process executes a DNS query, whether the result is successful or fails, cached or not. The telemetry for this event was added for Windows 8.1 so it is not available on Windows 7 and earlier.\\t |\\n| \\t23\\t | \\tFileDelete (A file delete was detected)\\t | \\tA file was deleted.\\t |\\n| \\t24\\t | \\tClipboardChange (New content in the clipboard)\\t | \\tThis event is generated when the system clipboard contents change.\\t |\\n| \\t25\\t | \\tProcessTampering (Process image change)\\t | \\tThis event is generated when a process image is changed from an external source, such as a different process.\\t |\\n| \\t255\\t | \\tError\\t | \\tThis event is generated when an error occurred within Sysmon. They can happen if the system is under heavy load and certain tasked could not be performed or a bug exists in the Sysmon service. You can report any bugs on the Sysinternals forum or over Twitter (@markrussinovich).\\t |\\n\\nFor more information see *https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon*\",\"openLinksInNewTab\":false,\"fontSize\":10},\"title\":\"vis_sd_sysmon_event_code_reference\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-06T23:54:40.258Z","id":"7d3955e0-e9b6-11e9-92c4-d918939a618e","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-12-06T23:54:40.258Z","version":"WzIwNDI3LDE2XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_sysmon_events_by_computer_timelion","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_events_by_computer_timelion\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(q=winlog.provider_name:Microsoft-Windows-Sysmon, index=winlogbeat-*, split=winlog.computer_name:40).label(\\\"$1\\\",\\\"^.* > winlog.computer_name:(\\\\S+) > .*\\\").title(\\\"Sysmon events by computer\\\").legend(position=nw).yaxis(label=\\\"Number of events\\\")\",\"interval\":\"auto\"},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-06T23:54:40.258Z","id":"35500920-eb66-11e9-875d-ef4cb6c5875d","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-12-06T23:54:40.258Z","version":"WzIwNDI4LDE2XQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-14T19:04:06.435Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-12-14T19:04:06.435Z","version":"WzIzMTM2LDE5XQ=="} -{"attributes":{"description":"Summarizes collected Sysmon event data","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":24,\"h\":13,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Total number of Sysmon events found\",\"panelRefName\":\"panel_2\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":3,\"w\":24,\"h\":13,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{},\"vis\":{\"legendOpen\":true}},\"title\":\"Percentage of Sysmon events by event code\",\"panelRefName\":\"panel_3\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":16,\"w\":24,\"h\":18,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Count of Sysmon events by event code\",\"panelRefName\":\"panel_4\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":16,\"w\":24,\"h\":18,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}}},\"enhancements\":{}},\"title\":\"Top 10 hosts generating the most Sysmon data\",\"panelRefName\":\"panel_5\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":34,\"w\":48,\"h\":21,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Sysmon event code reference\",\"panelRefName\":\"panel_7\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":55,\"w\":48,\"h\":15,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Sysmon events\",\"panelRefName\":\"panel_8\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"76bd58e2-b637-4a48-ae79-4ca8abeab308\"},\"panelIndex\":\"76bd58e2-b637-4a48-ae79-4ca8abeab308\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_76bd58e2-b637-4a48-ae79-4ca8abeab308\"}]","timeRestore":false,"title":"Sysmon Summary","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-14T19:19:08.160Z","id":"d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"6bae6b40-e5cd-11e9-8f1d-73a2ea4cc3ed","name":"2:panel_2","type":"visualization"},{"id":"8fcbbf80-e5ca-11e9-8f1d-73a2ea4cc3ed","name":"3:panel_3","type":"visualization"},{"id":"fb34c760-e5cc-11e9-8f1d-73a2ea4cc3ed","name":"4:panel_4","type":"visualization"},{"id":"4ff18f60-e5d0-11e9-8f1d-73a2ea4cc3ed","name":"5:panel_5","type":"visualization"},{"id":"7d3955e0-e9b6-11e9-92c4-d918939a618e","name":"7:panel_7","type":"visualization"},{"id":"35500920-eb66-11e9-875d-ef4cb6c5875d","name":"8:panel_8","type":"visualization"},{"id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","name":"76bd58e2-b637-4a48-ae79-4ca8abeab308:panel_76bd58e2-b637-4a48-ae79-4ca8abeab308","type":"visualization"}],"type":"dashboard","updated_at":"2023-12-14T19:19:08.160Z","version":"WzIzMzkwLDE5XQ=="} -{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":10,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file diff --git a/OLD_CHAPTERS/Chapter 4 Files/dashboards/user_hr.ndjson b/OLD_CHAPTERS/Chapter 4 Files/dashboards/user_hr.ndjson deleted file mode 100644 index 91abff22..00000000 --- a/OLD_CHAPTERS/Chapter 4 Files/dashboards/user_hr.ndjson +++ /dev/null @@ -1,10 +0,0 @@ -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-28T13:44:13.391Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-28T13:44:13.391Z","version":"WzIxNDMsM10="} -{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":5},\"source.ip\":{\"count\":2},\"source.port\":{\"count\":2},\"winlog.event_data.IpAddress\":{\"count\":5},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":1},\"winlog.event_data.TargetDomainName\":{\"count\":5},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":1},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":2},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"winlogbeat-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"winlogbeat-*","typeMeta":"{}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"68a051a0-1d7f-11e9-9fc5-a91039822035","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"type":"index-pattern","updated_at":"2023-11-22T14:34:50.676Z","version":"WzIzNiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}"},"title":"Security - Select User","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Select User\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1587572089136\",\"label\":\"Domain(s)\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\",\"fieldName\":\"winlog.event_data.TargetDomainName\",\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1587713561601\",\"fieldName\":\"winlog.event_data.TargetUserName\",\"parent\":\"\",\"label\":\"Username(s)\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:50.676Z","id":"a64ec020-84b4-11ea-b7fb-01bea49d9239","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_0_index_pattern","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_1_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-11-22T14:34:50.676Z","version":"WzIzNywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"HR - User activity title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HR - User activity title\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"## All user activity\"},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:48.352Z","id":"eafe31b0-8a22-11ea-9ff6-ed89e356f0e4","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-22T14:34:48.352Z","version":"WzIyOCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"HR - Logon title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HR - Logon title\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"## Logon / Logoff events\"},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:48.352Z","id":"20387200-8a23-11ea-9ff6-ed89e356f0e4","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-11-22T14:34:48.352Z","version":"WzIyOSwxXQ=="} -{"attributes":{"columns":["winlog.event_data.SubjectDomainName","winlog.event_data.TargetUserName","host.name","winlog.event_data.TargetLogonId"],"description":"","grid":{"columns":{"user.name":{"width":193},"winlog.event_data.SubjectDomainName":{"width":193}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code:\\\"4624\\\" and not user.name:*$\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"winlog.event_data.LogonType\",\"value\":[\"2\",\"10\",\"11\",\"7\"],\"params\":[\"2\",\"10\",\"11\",\"7\"],\"alias\":null,\"negate\":false,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"winlog.event_data.LogonType\":\"2\"}},{\"match_phrase\":{\"winlog.event_data.LogonType\":\"10\"}},{\"match_phrase\":{\"winlog.event_data.LogonType\":\"11\"}},{\"match_phrase\":{\"winlog.event_data.LogonType\":\"7\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Interactive Logon search","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:48.352Z","id":"2fa5fa00-8a1e-11ea-9ff6-ed89e356f0e4","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-22T14:34:48.352Z","version":"WzIzMCwxXQ=="} -{"attributes":{"columns":["winlog.event_data.TargetUserName","winlog.event_data.TargetDomainName","host.name","winlog.event_data.TargetLogonId"],"description":"","grid":{"columns":{"winlog.event_data.TargetDomainName":{"width":241},"winlog.event_data.TargetUserName":{"width":241}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(event.code:\\\"4634\\\" OR event.code:\\\"4647\\\" ) and not user.name:*$\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Logoff events","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:48.352Z","id":"e02eb1f0-8a1e-11ea-9ff6-ed89e356f0e4","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2023-11-22T14:34:48.352Z","version":"WzIzMSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HR - Interactive v Remote pie","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HR - Interactive v Remote pie\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{},\"params\":{},\"label\":\"filters\",\"aggType\":\"filters\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"filters\",\"schema\":\"segment\",\"params\":{\"filters\":[{\"input\":{\"query\":\"winlog.event_data.LogonType:2\",\"language\":\"lucene\"},\"label\":\"Interactive\"},{\"input\":{\"query\":\"winlog.event_data.LogonType:10\",\"language\":\"lucene\"},\"label\":\"RemoteInteractive\"}]}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:48.352Z","id":"b4cccab0-8a23-11ea-9ff6-ed89e356f0e4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"2fa5fa00-8a1e-11ea-9ff6-ed89e356f0e4","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-11-22T14:34:48.352Z","version":"WzIzMiwxXQ=="} -{"attributes":{"description":"Overview of user activity for Human Resources\n","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":4,\"i\":\"46f5e2d0-544b-4159-bf78-a44737a093cb\"},\"panelIndex\":\"46f5e2d0-544b-4159-bf78-a44737a093cb\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_46f5e2d0-544b-4159-bf78-a44737a093cb\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":16,\"h\":12,\"i\":\"bf3efd15-6e7c-4a6e-bb30-e7b759306282\"},\"panelIndex\":\"bf3efd15-6e7c-4a6e-bb30-e7b759306282\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Select domain(s) and username(s)\",\"panelRefName\":\"panel_bf3efd15-6e7c-4a6e-bb30-e7b759306282\"},{\"version\":\"8.7.1\",\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":4,\"w\":15,\"h\":12,\"i\":\"9401acd4-64d2-484d-a0dc-2647cc626e56\"},\"panelIndex\":\"9401acd4-64d2-484d-a0dc-2647cc626e56\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"68a051a0-1d7f-11e9-9fc5-a91039822035\",\"name\":\"indexpattern-datasource-layer-23f1f6ab-b8b6-47e2-a508-4b3f368cb093\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"23f1f6ab-b8b6-47e2-a508-4b3f368cb093\",\"accessors\":[\"5a238afa-9ffa-4568-8a43-6167c0a76b67\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"cd51b883-1c2b-42c5-95e4-d1ef8aa38fc7\",\"splitAccessor\":\"fc23a029-309e-40a7-aeca-309fd8423ced\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"23f1f6ab-b8b6-47e2-a508-4b3f368cb093\":{\"columns\":{\"cd51b883-1c2b-42c5-95e4-d1ef8aa38fc7\":{\"label\":\"Top 5 values of winlog.event_data.SubjectDomainName\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectDomainName\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5a238afa-9ffa-4568-8a43-6167c0a76b67\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"fc23a029-309e-40a7-aeca-309fd8423ced\":{\"label\":\"Top 3 values of winlog.event_data.TargetUserName\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.TargetUserName\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5a238afa-9ffa-4568-8a43-6167c0a76b67\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"5a238afa-9ffa-4568-8a43-6167c0a76b67\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"cd51b883-1c2b-42c5-95e4-d1ef8aa38fc7\",\"fc23a029-309e-40a7-aeca-309fd8423ced\",\"5a238afa-9ffa-4568-8a43-6167c0a76b67\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Filter Users\"},{\"version\":\"8.7.1\",\"type\":\"lens\",\"gridData\":{\"x\":31,\"y\":4,\"w\":17,\"h\":12,\"i\":\"84db1c16-9a85-4d7a-a4bb-7ee0eaa25c5c\"},\"panelIndex\":\"84db1c16-9a85-4d7a-a4bb-7ee0eaa25c5c\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"68a051a0-1d7f-11e9-9fc5-a91039822035\",\"name\":\"indexpattern-datasource-layer-f67bbe9f-ae2f-4601-8fec-3a935e9f9ff2\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar\",\"layers\":[{\"layerId\":\"f67bbe9f-ae2f-4601-8fec-3a935e9f9ff2\",\"accessors\":[\"5d3a9e33-d23b-4f5d-b02c-260e5016d278\"],\"position\":\"top\",\"seriesType\":\"bar\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"22b4e313-2858-411e-a90b-911198fa34fe\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f67bbe9f-ae2f-4601-8fec-3a935e9f9ff2\":{\"columns\":{\"22b4e313-2858-411e-a90b-911198fa34fe\":{\"label\":\"Top 5 values of winlog.computer_name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"winlog.computer_name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5d3a9e33-d23b-4f5d-b02c-260e5016d278\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"5d3a9e33-d23b-4f5d-b02c-260e5016d278\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"22b4e313-2858-411e-a90b-911198fa34fe\",\"5d3a9e33-d23b-4f5d-b02c-260e5016d278\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Filter Computers\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":16,\"w\":48,\"h\":4,\"i\":\"04b8ad89-b259-4d40-a6f7-40bd85498ee5\"},\"panelIndex\":\"04b8ad89-b259-4d40-a6f7-40bd85498ee5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_04b8ad89-b259-4d40-a6f7-40bd85498ee5\"},{\"version\":\"8.7.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":20,\"w\":24,\"h\":15,\"i\":\"bf9f9a7e-eced-42ad-9d72-193778290f71\"},\"panelIndex\":\"bf9f9a7e-eced-42ad-9d72-193778290f71\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"68a051a0-1d7f-11e9-9fc5-a91039822035\",\"name\":\"indexpattern-datasource-layer-6bfbd839-8497-464d-a473-26c01d5ba342\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"6bfbd839-8497-464d-a473-26c01d5ba342\",\"accessors\":[\"71b8b420-12e4-4dc5-bf20-933b0f4eb4e9\",\"bca165fa-40a3-4e7a-86bd-24ac4bbf6474\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"ded5443c-8b2d-4ea7-b640-b3a6a2212559\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"6bfbd839-8497-464d-a473-26c01d5ba342\":{\"columns\":{\"ded5443c-8b2d-4ea7-b640-b3a6a2212559\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"71b8b420-12e4-4dc5-bf20-933b0f4eb4e9\":{\"label\":\"Median of day_of_week\",\"dataType\":\"number\",\"operationType\":\"median\",\"sourceField\":\"day_of_week\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true}},\"bca165fa-40a3-4e7a-86bd-24ac4bbf6474\":{\"label\":\"Median of hour_of_day\",\"dataType\":\"number\",\"operationType\":\"median\",\"sourceField\":\"hour_of_day\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"ded5443c-8b2d-4ea7-b640-b3a6a2212559\",\"71b8b420-12e4-4dc5-bf20-933b0f4eb4e9\",\"bca165fa-40a3-4e7a-86bd-24ac4bbf6474\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"All User Events by Day of Week, Hour of Day\"},{\"version\":\"8.7.1\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":20,\"w\":24,\"h\":15,\"i\":\"cbb939c6-5de5-478a-813f-fa5aabff530a\"},\"panelIndex\":\"cbb939c6-5de5-478a-813f-fa5aabff530a\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"68a051a0-1d7f-11e9-9fc5-a91039822035\",\"name\":\"indexpattern-datasource-layer-f46d1729-4bd5-4219-9973-01913c208fef\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"f46d1729-4bd5-4219-9973-01913c208fef\",\"accessors\":[\"800c3857-3c9c-4fc5-a403-3fcbede05599\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"1e026cf2-cc40-41b2-a12f-c75d0058eac7\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f46d1729-4bd5-4219-9973-01913c208fef\":{\"columns\":{\"1e026cf2-cc40-41b2-a12f-c75d0058eac7\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"800c3857-3c9c-4fc5-a403-3fcbede05599\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"1e026cf2-cc40-41b2-a12f-c75d0058eac7\",\"800c3857-3c9c-4fc5-a403-3fcbede05599\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Timestamps by Count\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":35,\"w\":48,\"h\":4,\"i\":\"110dc89e-1139-438c-88a9-1914a7b12725\"},\"panelIndex\":\"110dc89e-1139-438c-88a9-1914a7b12725\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_110dc89e-1139-438c-88a9-1914a7b12725\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":39,\"w\":24,\"h\":15,\"i\":\"c28b411d-3dc3-472a-acd9-05ad0a1964b7\"},\"panelIndex\":\"c28b411d-3dc3-472a-acd9-05ad0a1964b7\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"User logon events (filter by LogonId)\",\"panelRefName\":\"panel_c28b411d-3dc3-472a-acd9-05ad0a1964b7\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":24,\"y\":39,\"w\":24,\"h\":15,\"i\":\"c3bc3c62-3c16-482c-b377-ecc40a21bc0a\"},\"panelIndex\":\"c3bc3c62-3c16-482c-b377-ecc40a21bc0a\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"User logoff events (correlate to logon events)\",\"panelRefName\":\"panel_c3bc3c62-3c16-482c-b377-ecc40a21bc0a\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":54,\"w\":24,\"h\":15,\"i\":\"d40424ec-2e13-4d8c-a942-95652715c75f\"},\"panelIndex\":\"d40424ec-2e13-4d8c-a942-95652715c75f\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"In person vs Remote logons\",\"panelRefName\":\"panel_d40424ec-2e13-4d8c-a942-95652715c75f\"}]","timeRestore":false,"title":"User HR","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-11-22T14:34:48.352Z","id":"618bc5d0-84f8-11ee-9838-ff0db128d8b2","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","name":"46f5e2d0-544b-4159-bf78-a44737a093cb:panel_46f5e2d0-544b-4159-bf78-a44737a093cb","type":"visualization"},{"id":"a64ec020-84b4-11ea-b7fb-01bea49d9239","name":"bf3efd15-6e7c-4a6e-bb30-e7b759306282:panel_bf3efd15-6e7c-4a6e-bb30-e7b759306282","type":"visualization"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"9401acd4-64d2-484d-a0dc-2647cc626e56:indexpattern-datasource-layer-23f1f6ab-b8b6-47e2-a508-4b3f368cb093","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"84db1c16-9a85-4d7a-a4bb-7ee0eaa25c5c:indexpattern-datasource-layer-f67bbe9f-ae2f-4601-8fec-3a935e9f9ff2","type":"index-pattern"},{"id":"eafe31b0-8a22-11ea-9ff6-ed89e356f0e4","name":"04b8ad89-b259-4d40-a6f7-40bd85498ee5:panel_04b8ad89-b259-4d40-a6f7-40bd85498ee5","type":"visualization"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"bf9f9a7e-eced-42ad-9d72-193778290f71:indexpattern-datasource-layer-6bfbd839-8497-464d-a473-26c01d5ba342","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"cbb939c6-5de5-478a-813f-fa5aabff530a:indexpattern-datasource-layer-f46d1729-4bd5-4219-9973-01913c208fef","type":"index-pattern"},{"id":"20387200-8a23-11ea-9ff6-ed89e356f0e4","name":"110dc89e-1139-438c-88a9-1914a7b12725:panel_110dc89e-1139-438c-88a9-1914a7b12725","type":"visualization"},{"id":"2fa5fa00-8a1e-11ea-9ff6-ed89e356f0e4","name":"c28b411d-3dc3-472a-acd9-05ad0a1964b7:panel_c28b411d-3dc3-472a-acd9-05ad0a1964b7","type":"search"},{"id":"e02eb1f0-8a1e-11ea-9ff6-ed89e356f0e4","name":"c3bc3c62-3c16-482c-b377-ecc40a21bc0a:panel_c3bc3c62-3c16-482c-b377-ecc40a21bc0a","type":"search"},{"id":"b4cccab0-8a23-11ea-9ff6-ed89e356f0e4","name":"d40424ec-2e13-4d8c-a942-95652715c75f:panel_d40424ec-2e13-4d8c-a942-95652715c75f","type":"visualization"}],"type":"dashboard","updated_at":"2023-11-22T14:34:48.352Z","version":"WzIzMywxXQ=="} -{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":9,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file diff --git a/OLD_CHAPTERS/Chapter 4 Files/dashboards/user_security.ndjson b/OLD_CHAPTERS/Chapter 4 Files/dashboards/user_security.ndjson deleted file mode 100644 index ecd315c4..00000000 --- a/OLD_CHAPTERS/Chapter 4 Files/dashboards/user_security.ndjson +++ /dev/null @@ -1,39 +0,0 @@ -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjQ2LDdd"} -{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":10},\"source.ip\":{\"count\":3},\"source.port\":{\"count\":3},\"winlog.event_data.IpAddress\":{\"count\":6},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":5},\"winlog.event_data.TargetDomainName\":{\"count\":9},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.event_data.ProcessID\":{\"count\":1},\"process.executable\":{\"count\":2},\"destination.ip\":{\"count\":1},\"destination.port\":{\"count\":1},\"network.transport\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.DestinationIp\":{\"count\":5},\"winlog.event_data.DestinationPort\":{\"count\":1},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.SourceIp\":{\"count\":3},\"winlog.event_data.SourcePort\":{\"count\":3},\"winlog.event_data.SourcePortName\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":1},\"winlog.event_data.SubjectUserName\":{\"count\":2},\"winlog.event_data.TargetUser\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"winlogbeat-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"winlogbeat-*","typeMeta":"{}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"68a051a0-1d7f-11e9-9fc5-a91039822035","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"type":"index-pattern","updated_at":"2023-12-15T23:20:50.098Z","version":"WzQ2ODkyLDEwXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}"},"title":"Security - Select User","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Select User\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1587572089136\",\"label\":\"Domain(s)\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\",\"fieldName\":\"winlog.event_data.TargetDomainName\",\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1587713561601\",\"fieldName\":\"winlog.event_data.TargetUserName\",\"parent\":\"\",\"label\":\"Username(s)\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"a64ec020-84b4-11ea-b7fb-01bea49d9239","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_0_index_pattern","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_1_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjQ4LDdd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security - Filter Hosts","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security - Filter Hosts\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Event count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host name\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"8b7ff050-8ed4-11ea-904c-391ecaa2f2f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjUyLDdd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Security - Select Host","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Select Host\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1588685297382\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Host\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"53b65290-8ed4-11ea-904c-391ecaa2f2f4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_0_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjUxLDdd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Logons Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logons Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Logons\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"d58b0380-8540-11ea-b6c5-5d9149593ce4","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjUzLDdd"} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(event.code:4624 OR event.code:4625) and not user.name:*$\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":\"NT AUTHORITY, Window Manager, Font Driver Host\",\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"},"sort":[["@timestamp","desc"]],"title":"Human User Logon Events","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjU0LDdd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Logon attempts","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logon attempts\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Login attempts\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"22170f50-853c-11ea-b6c5-5d9149593ce4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjU1LDdd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Logon events over time","uiStateJSON":"{\"vis\":{\"colors\":{\"Failed attempts\":\"#BF1B00\",\"Successful atempts\":\"#629E51\"}}}","version":1,"visState":"{\"title\":\"Security - Logon events over time\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":1,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm:ss\"}},\"params\":{\"date\":true,\"interval\":\"PT30S\",\"format\":\"HH:mm:ss\",\"bounds\":{\"min\":\"2020-04-23T08:41:59.000Z\",\"max\":\"2020-04-23T08:56:59.000Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":0,\"format\":{},\"params\":{},\"aggType\":\"filters\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"filters\",\"schema\":\"group\",\"params\":{\"filters\":[{\"input\":{\"query\":\"event.code:4625\",\"language\":\"lucene\"},\"label\":\"Failed attempts\"},{\"input\":{\"query\":\"event.code:4624\",\"language\":\"lucene\"},\"label\":\"Successful atempts\"}]}},{\"id\":\"3\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"c0c8b560-84a9-11ea-b7fb-01bea49d9239","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjU2LDdd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"event.code\",\"value\":\"4,624, 4,625\",\"params\":[\"4624\",\"4625\"],\"alias\":null,\"negate\":false,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"event.code\":\"4624\"}},{\"match_phrase\":{\"event.code\":\"4625\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"},"savedSearchRefName":"search_0","title":"Security - Logon hosts pie","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logon hosts pie\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Computers\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Computer\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"489f7350-853d-11ea-b6c5-5d9149593ce4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjU3LDdd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Logon hosts","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logon hosts\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"host.name\",\"customLabel\":\"Hosts\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"a179afa0-853c-11ea-b6c5-5d9149593ce4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjU4LDdd"} -{"attributes":{"columns":["event.code","host.name","winlog.event_data.TargetDomainName","winlog.event_data.TargetUserName","winlog.event_data.IpAddress","event.action","event.outcome","winlog.event_data.LogonType"],"description":"","grid":{"columns":{"user.domain":{"width":119},"user.name":{"width":134}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(event.code:4624 OR event.code:4625) and not user.name:*$\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Human Logon & Logoff events","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"2325be20-8616-11ea-a720-c7a0431f179d","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjU5LDdd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Network Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Network Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Network Connections\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"a1229110-860f-11ea-a720-c7a0431f179d","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjYwLDdd"} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id : \\\"3\\\" and event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"All network activity ","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"d1a74ce0-8641-11ea-907a-33d103156187","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjYxLDdd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Network Activity Line","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Network Activity Line\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Connections\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15y\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"extendToTimeRange\":false,\"scaleMetricValues\":false,\"interval\":\"auto\",\"used_interval\":\"30d\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Connections\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Connections\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm:ss\"}},\"params\":{\"date\":true,\"interval\":\"PT30S\",\"format\":\"HH:mm:ss\",\"bounds\":{\"min\":\"2020-04-24T15:29:10.918Z\",\"max\":\"2020-04-24T15:44:10.918Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\",\"truncateLegend\":true,\"maxLegendLines\":1,\"radiusRatio\":9}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-15T00:48:41.405Z","id":"ec7ad2d0-8641-11ea-907a-33d103156187","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d1a74ce0-8641-11ea-907a-33d103156187","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-15T00:48:41.405Z","version":"WzQyODI3LDld"} -{"attributes":{"columns":["winlog.event_data.DestinationHostname","destination.ip","winlog.event_data.DestinationIsIpv6","network.","process.executable","winlog.event_data.DestinationPort","winlog.event_data.Protocol","winlog.user.name","winlog.user.type","source.ip","winlog.event_data.SourceIsIpv6","source.port","network.protocol"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id:3 AND NOT (destination.ip:\\\"10.0.0.0/8\\\" OR destination.ip:\\\"172.16.0.0/16\\\" OR destination.ip:\\\"192.168.0.0/16\\\" OR destionation.ip:\\\"224.0.0.0/24\\\" OR destination.ip:\\\"169.254.0.0/16\\\" OR destination.ip:\\\"127.0.0.1\\\" OR destination.ip:\\\"fe80::/10\\\" OR destination.ip:\\\"fc00::/7\\\") AND NOT (process.name:iexplore.exe OR process.name:chrome.exe OR process.name:firefox.exe OR process.name:opera.exe) AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_non_browsers_connection","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"a0f75d50-e5e8-11e9-8f1d-73a2ea4cc3ed","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjY0LDdd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Network Process List","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security - Network Process List\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.DestinationIp\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":false,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.TargetUserName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Logged on user\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Computer\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.ProcessId\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":4,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"date\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"percentageCol\":\"\",\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-15T00:59:54.342Z","id":"31a7d490-e677-11e9-8be5-cd86dcca33f3","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a0f75d50-e5e8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-15T00:59:54.342Z","version":"WzQzMDU4LDld"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Network connections area ","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Network connections area \",\"type\":\"area\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":false,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"group\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.ProcessId\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"group\"}],\"params\":{\"type\":\"area\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"labels\":{},\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\",\"truncateLegend\":true,\"maxLegendLines\":1,\"radiusRatio\":9}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-15T23:06:32.574Z","id":"3fb9dfd0-8887-11ea-99ef-bd4d29afe41e","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a0f75d50-e5e8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-15T23:06:32.574Z","version":"WzQ2NTkxLDEwXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Overview - Processes with unusual network activity","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Overview - Processes with unusual network activity\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"significant_terms\",\"params\":{\"field\":\"winlog.event_data.ProcessId\",\"size\":10,\"include\":\"\",\"json\":\"\",\"customLabel\":\"Process\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"string\"},\"params\":{},\"label\":\"Process\",\"aggType\":\"significant_terms\"}]},\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-15T23:11:33.789Z","id":"245778d0-8641-11ea-907a-33d103156187","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"a0f75d50-e5e8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-15T23:11:33.789Z","version":"WzQ2Njk4LDEwXQ=="} -{"attributes":{"columns":["host.name","winlog.event_data.TargetUserName","winlog.event_data.TargetDomainName","winlog.event_data.SourceIp","winlog.event_data.SourcePort","winlog.event_data.DestinationIp","winlog.event_data.DestinationPort","winlog.event_data.ProcessId","winlog.event_data.ProcessName"],"description":"","grid":{"columns":{"winlog.event_data.SubjectDomainName":{"width":216}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id:3 AND NOT (destination.ip:\\\"10.0.0.0/8\\\" OR destination.ip:\\\"172.16.0.0/16\\\" OR destination.ip:\\\"192.168.0.0/16\\\" OR destionation.ip:\\\"224.0.0.0/24\\\" OR destination.ip:\\\"169.254.0.0/16\\\" OR destination.ip:\\\"127.0.0.1\\\" OR destination.ip:\\\"fe80::/10\\\" OR destination.ip:\\\"fc00::/7\\\") and event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"srch_uds_non_private_network","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"027102a0-e69f-11e9-8be5-cd86dcca33f3","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-15T23:22:04.795Z","version":"WzQ2ODk2LDEwXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Processes Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Processes Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Processes & Powershell\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"813d18f0-8869-11ea-99ef-bd4d29afe41e","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjY5LDdd"} -{"attributes":{"columns":["host.name","winlog.event_data.TargetDomainName","winlog.event_data.User","winlog.event_data.ProcessId","winlog.event_data.ProcessName","winlog.event_data.Hashes","process.args"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code:\\\"1\\\" AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Process Spawns","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"ca56a030-8899-11ea-99ef-bd4d29afe41e","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-15T23:29:54.199Z","version":"WzQ3MDQ3LDEwXQ=="} -{"attributes":{"columns":["user.domain","user.name","host.name","process.executable","process.command_line","process.parent.executable","process.parent.command_line","file.path","event.code"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"process.parent.name:\\\"powershell.exe\\\" OR process.name:\\\"powershell.exe\\\" OR winlog.event_data.OriginalFileName:\\\"PowerShell.EXE\\\" OR process.command_line.text:\\\"powershell\\\" OR parent.process.command_line.text:\\\"powershell\\\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_powershell_run","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"2e276480-ec16-11e9-befc-81397a291157","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjcxLDdd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Powershell Run Count","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Security - Powershell Run Count\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"60553d40-ec18-11e9-befc-81397a291157","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"2e276480-ec16-11e9-befc-81397a291157","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjcyLDdd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Powershell runs over time","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now/w\",\"to\":\"now/w\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":0,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"grid\":{\"categoryLines\":false},\"labels\":{},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#34130C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\"},\"title\":\"Security - Powershell runs over time\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"bc2e06f0-8930-11ea-9bd8-f3fed1ec2140","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"2e276480-ec16-11e9-befc-81397a291157","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjczLDdd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Power shell hosts pie","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"host.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addTooltip\":true,\"dimensions\":{\"metric\":{\"accessor\":0,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}},\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Security - Power shell hosts pie\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"2b71e9f0-8931-11ea-9bd8-f3fed1ec2140","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"2e276480-ec16-11e9-befc-81397a291157","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0Njc0LDdd"} -{"attributes":{"columns":["user.domain","user.name","host.name","process.executable","process.args","process.parent.executable","process.parent.args"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(process.parent.name:\\\"powershell.exe\\\" OR process.name:\\\"powershell.exe\\\" OR winlog.event_data.OriginalFileName:\\\"PowerShell.EXE\\\") AND process.command_line.text:(\\\"invoke\\\" or \\\"bypass\\\" or \\\"iex\\\" or \\\"ex\\\" or \\\"icm\\\" or \\\"new-object\\\" or \\\"set\\\" or \\\"get\\\" or \\\"write\\\" or \\\"out\\\" or \\\"download\\\" or \\\"encoded\\\")\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"Potentially Suspicious Powershell","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"ff5a53b0-ebf7-11e9-befc-81397a291157","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0Njc1LDdd"} -{"attributes":{"columns":["user.domain","user.name","host.name","destination.domain","destination.ip"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id:3 AND (process.parent.name:\\\"powershell.exe\\\" OR process.name:\\\"powershell.exe\\\" OR winlog.event_data.OriginalFileName:\\\"PowerShell.EXE\\\") AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_uds_powershell_network","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"c97a71f0-8952-11ea-9bd8-f3fed1ec2140","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0Njc2LDdd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Files title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Files title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Files\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"404f6e60-895e-11ea-9bd8-f3fed1ec2140","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0Njc3LDdd"} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"file.path.text: \\\"tmp\\\" OR file.path.text:\\\"temp\\\"\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"exists\",\"key\":\"file.path\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"exists\":{\"field\":\"file.path\"},\"$state\":{\"store\":\"appState\"}}]}"},"sort":[["@timestamp","desc"]],"title":"TEMP & %TEMP%","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"fbbf01c0-e697-11e9-8be5-cd86dcca33f3","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0Njc4LDdd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"TEMP & %TEMP%","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Target File\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":30,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hostname\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"TEMP & %TEMP%\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"1a0c4520-e698-11e9-8be5-cd86dcca33f3","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fbbf01c0-e697-11e9-8be5-cd86dcca33f3","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0Njc5LDdd"} -{"attributes":{"columns":["@timestamp","user.domain","user.name","host.name","process.executable","winlog.event_data.ProcessId"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id: \\\"9\\\" AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"Raw Access Events","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"6b97d600-8960-11ea-9bd8-f3fed1ec2140","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjgwLDdd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Windows Defender Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Windows Defender Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Windows Defender\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"ebbab910-8960-11ea-9bd8-f3fed1ec2140","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjgxLDdd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"winlog.event_id:(1006 or 1007 or 1008 or 1009 or 1116 or 1117 or 1118 or 1119)\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security - AV Events Count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - AV Events Count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Windows AV Events\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"4d08ec30-e5c1-11e9-ac01-d5832a8a14d8","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjgyLDdd"} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"winlog.event_id\",\"value\":\"1,006, 1,007, 1,008, 1,009, 1,116, 1,117, 1,118, 1,119\",\"params\":[\"1006\",\"1007\",\"1008\",\"1009\",\"1116\",\"1117\",\"1118\",\"1119\"],\"negate\":false,\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"winlog.event_id\":\"1006\"}},{\"match_phrase\":{\"winlog.event_id\":\"1007\"}},{\"match_phrase\":{\"winlog.event_id\":\"1008\"}},{\"match_phrase\":{\"winlog.event_id\":\"1009\"}},{\"match_phrase\":{\"winlog.event_id\":\"1116\"}},{\"match_phrase\":{\"winlog.event_id\":\"1117\"}},{\"match_phrase\":{\"winlog.event_id\":\"1118\"}},{\"match_phrase\":{\"winlog.event_id\":\"1119\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"AV Detection event","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"3c3bc850-7bc7-11e9-b45c-ad49d0e60b5a","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0NjgzLDdd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"AV Hits (Count)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"AV Hits (Count)\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"AV Detection hits\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"45277cd0-7bdf-11e9-b45c-ad49d0e60b5a","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"3c3bc850-7bc7-11e9-b45c-ad49d0e60b5a","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0Njg0LDdd"} -{"attributes":{"columns":["winlog.event_data.Detection User","host.name","winlog.event_data.Path","winlog.event_data.FWLink"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id: 1116\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[{\"meta\":{\"negate\":false,\"type\":\"phrase\",\"key\":\"event.provider\",\"params\":{\"query\":\"Microsoft-Windows-Windows Defender\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.provider\":{\"query\":\"Microsoft-Windows-Windows Defender\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"},"sort":[["@timestamp","desc"]],"title":"Defender AV Detections","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-13T23:45:52.241Z","id":"854e4470-8966-11ea-9bd8-f3fed1ec2140","migrationVersion":{"search":"8.0.0"},"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-13T23:45:52.241Z","version":"WzM0Njg1LDdd"} -{"attributes":{"description":"User Security overview, filtered by Domain / Username or hostname","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"cb956d23-9d5b-4af8-becf-a2d2d108b5f7\"},\"panelIndex\":\"cb956d23-9d5b-4af8-becf-a2d2d108b5f7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_cb956d23-9d5b-4af8-becf-a2d2d108b5f7\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":23,\"h\":7,\"i\":\"d962c0d4-f80a-426c-9a1b-43e2fb6296f2\"},\"panelIndex\":\"d962c0d4-f80a-426c-9a1b-43e2fb6296f2\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Search users\",\"panelRefName\":\"panel_d962c0d4-f80a-426c-9a1b-43e2fb6296f2\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":23,\"y\":3,\"w\":25,\"h\":7,\"i\":\"b5483ec3-77b5-4e4c-b532-32ce796aa1de\"},\"panelIndex\":\"b5483ec3-77b5-4e4c-b532-32ce796aa1de\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Filter hosts\",\"panelRefName\":\"panel_b5483ec3-77b5-4e4c-b532-32ce796aa1de\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":10,\"w\":23,\"h\":7,\"i\":\"669e458b-ac6a-41d1-b3e2-945a0c8571bd\"},\"panelIndex\":\"669e458b-ac6a-41d1-b3e2-945a0c8571bd\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Search hosts\",\"panelRefName\":\"panel_669e458b-ac6a-41d1-b3e2-945a0c8571bd\"},{\"version\":\"8.7.1\",\"type\":\"lens\",\"gridData\":{\"x\":23,\"y\":10,\"w\":25,\"h\":7,\"i\":\"b693e539-d72a-496c-bbaf-31c22eeb78c2\"},\"panelIndex\":\"b693e539-d72a-496c-bbaf-31c22eeb78c2\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"68a051a0-1d7f-11e9-9fc5-a91039822035\",\"name\":\"indexpattern-datasource-layer-d123adeb-fd39-4176-b3c9-69c88d2852d5\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"6f33ff19-9959-4c43-b791-939582a0b3d2\",\"isTransposed\":false},{\"columnId\":\"26752485-2aa5-4908-b400-504d6e7ef451\",\"isTransposed\":false}],\"layerId\":\"d123adeb-fd39-4176-b3c9-69c88d2852d5\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"d123adeb-fd39-4176-b3c9-69c88d2852d5\":{\"columns\":{\"6f33ff19-9959-4c43-b791-939582a0b3d2\":{\"label\":\"Event Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"26752485-2aa5-4908-b400-504d6e7ef451\":{\"label\":\"winlog.event_data.TargetUserName\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.TargetUserName\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6f33ff19-9959-4c43-b791-939582a0b3d2\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"26752485-2aa5-4908-b400-504d6e7ef451\",\"6f33ff19-9959-4c43-b791-939582a0b3d2\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Filter users\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":17,\"w\":48,\"h\":4,\"i\":\"0eb6fcd2-cd91-4c3e-b652-4f06922da3ae\"},\"panelIndex\":\"0eb6fcd2-cd91-4c3e-b652-4f06922da3ae\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0eb6fcd2-cd91-4c3e-b652-4f06922da3ae\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":21,\"w\":9,\"h\":7,\"i\":\"2281ee7a-a6bd-4d4e-8ced-3c594acfdd3f\"},\"panelIndex\":\"2281ee7a-a6bd-4d4e-8ced-3c594acfdd3f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2281ee7a-a6bd-4d4e-8ced-3c594acfdd3f\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":21,\"w\":20,\"h\":14,\"i\":\"13240516-125d-434d-8929-d9a334308aa6\"},\"panelIndex\":\"13240516-125d-434d-8929-d9a334308aa6\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Logon attempts\",\"panelRefName\":\"panel_13240516-125d-434d-8929-d9a334308aa6\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":21,\"w\":19,\"h\":14,\"i\":\"4b488bfa-a881-46c9-933b-ed762dfb6884\"},\"panelIndex\":\"4b488bfa-a881-46c9-933b-ed762dfb6884\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Logged on computers\",\"panelRefName\":\"panel_4b488bfa-a881-46c9-933b-ed762dfb6884\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":28,\"w\":9,\"h\":7,\"i\":\"1d6bc214-21e6-4f94-b4df-94585768f0d1\"},\"panelIndex\":\"1d6bc214-21e6-4f94-b4df-94585768f0d1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1d6bc214-21e6-4f94-b4df-94585768f0d1\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":35,\"w\":48,\"h\":17,\"i\":\"5db1345f-28a0-43fd-9cd2-d51e9349cfad\"},\"panelIndex\":\"5db1345f-28a0-43fd-9cd2-d51e9349cfad\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"User Logon & Logoff Events\",\"panelRefName\":\"panel_5db1345f-28a0-43fd-9cd2-d51e9349cfad\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":52,\"w\":48,\"h\":4,\"i\":\"dc8de60f-b44b-4e88-9f4c-603ebc8be78b\"},\"panelIndex\":\"dc8de60f-b44b-4e88-9f4c-603ebc8be78b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_dc8de60f-b44b-4e88-9f4c-603ebc8be78b\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":56,\"w\":48,\"h\":14,\"i\":\"3b38696a-cc17-47fb-91f4-96884a7262de\"},\"panelIndex\":\"3b38696a-cc17-47fb-91f4-96884a7262de\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"All network connections\",\"panelRefName\":\"panel_3b38696a-cc17-47fb-91f4-96884a7262de\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":70,\"w\":24,\"h\":15,\"i\":\"85d08841-be8d-45e6-8d57-e79d3e63b315\"},\"panelIndex\":\"85d08841-be8d-45e6-8d57-e79d3e63b315\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"title\":\"Network connections from non-browser processes\",\"panelRefName\":\"panel_85d08841-be8d-45e6-8d57-e79d3e63b315\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":70,\"w\":24,\"h\":15,\"i\":\"8053a0e5-33e4-46d0-adcc-5baa505a07e4\"},\"panelIndex\":\"8053a0e5-33e4-46d0-adcc-5baa505a07e4\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Network connection by protocol\",\"panelRefName\":\"panel_8053a0e5-33e4-46d0-adcc-5baa505a07e4\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":85,\"w\":48,\"h\":15,\"i\":\"d6e81b2b-664b-480d-9e79-0146110b5b40\"},\"panelIndex\":\"d6e81b2b-664b-480d-9e79-0146110b5b40\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Unusual network connections from non-browser processes\",\"panelRefName\":\"panel_d6e81b2b-664b-480d-9e79-0146110b5b40\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":100,\"w\":48,\"h\":10,\"i\":\"cf6d87aa-3642-443d-8535-ffc445bb0de8\"},\"panelIndex\":\"cf6d87aa-3642-443d-8535-ffc445bb0de8\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Network Connection Events (Sysmon ID 3)\",\"panelRefName\":\"panel_cf6d87aa-3642-443d-8535-ffc445bb0de8\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":110,\"w\":48,\"h\":4,\"i\":\"e7d0f621-25db-4fc2-b342-de3356d27d22\"},\"panelIndex\":\"e7d0f621-25db-4fc2-b342-de3356d27d22\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e7d0f621-25db-4fc2-b342-de3356d27d22\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":114,\"w\":48,\"h\":14,\"i\":\"8dba12cb-b13b-4885-be71-4f0b80b741a1\"},\"panelIndex\":\"8dba12cb-b13b-4885-be71-4f0b80b741a1\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Spawned Processes\",\"panelRefName\":\"panel_8dba12cb-b13b-4885-be71-4f0b80b741a1\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":128,\"w\":10,\"h\":15,\"i\":\"d91877f5-6b32-4f10-b31c-a7dfc609b37e\"},\"panelIndex\":\"d91877f5-6b32-4f10-b31c-a7dfc609b37e\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell Events\",\"panelRefName\":\"panel_d91877f5-6b32-4f10-b31c-a7dfc609b37e\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":128,\"w\":20,\"h\":15,\"i\":\"57e03c45-07da-4b09-84ad-8f536cbdbb58\"},\"panelIndex\":\"57e03c45-07da-4b09-84ad-8f536cbdbb58\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell events over time\",\"panelRefName\":\"panel_57e03c45-07da-4b09-84ad-8f536cbdbb58\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":128,\"w\":18,\"h\":15,\"i\":\"6286154f-2b14-43a6-a3a5-9e85cf465162\"},\"panelIndex\":\"6286154f-2b14-43a6-a3a5-9e85cf465162\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell events by computer\",\"panelRefName\":\"panel_6286154f-2b14-43a6-a3a5-9e85cf465162\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":143,\"w\":25,\"h\":16,\"i\":\"376ac409-1f80-4cc4-a94f-71431233ffc1\"},\"panelIndex\":\"376ac409-1f80-4cc4-a94f-71431233ffc1\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Potentially suspicious powershell\",\"panelRefName\":\"panel_376ac409-1f80-4cc4-a94f-71431233ffc1\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":25,\"y\":143,\"w\":23,\"h\":16,\"i\":\"570dff9d-ac96-4d3b-a4f3-a81e09fce159\"},\"panelIndex\":\"570dff9d-ac96-4d3b-a4f3-a81e09fce159\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell network connections\",\"panelRefName\":\"panel_570dff9d-ac96-4d3b-a4f3-a81e09fce159\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":159,\"w\":48,\"h\":4,\"i\":\"fb24e6b0-f665-4798-8540-31d38b4b78cb\"},\"panelIndex\":\"fb24e6b0-f665-4798-8540-31d38b4b78cb\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_fb24e6b0-f665-4798-8540-31d38b4b78cb\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":163,\"w\":24,\"h\":15,\"i\":\"f0f11bc0-5607-4a3b-b4a4-4d8500c62c0a\"},\"panelIndex\":\"f0f11bc0-5607-4a3b-b4a4-4d8500c62c0a\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"References to temporary files\",\"panelRefName\":\"panel_f0f11bc0-5607-4a3b-b4a4-4d8500c62c0a\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":24,\"y\":163,\"w\":24,\"h\":15,\"i\":\"5b06e280-9804-408b-b8c5-c75f21bb7d00\"},\"panelIndex\":\"5b06e280-9804-408b-b8c5-c75f21bb7d00\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"RawAccessRead (Sysmon Event 9)\",\"panelRefName\":\"panel_5b06e280-9804-408b-b8c5-c75f21bb7d00\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":178,\"w\":48,\"h\":4,\"i\":\"05382728-1306-4e59-b08e-d899afdf22b3\"},\"panelIndex\":\"05382728-1306-4e59-b08e-d899afdf22b3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_05382728-1306-4e59-b08e-d899afdf22b3\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":182,\"w\":12,\"h\":14,\"i\":\"ba231616-e45f-4299-87a6-56f785c53354\"},\"panelIndex\":\"ba231616-e45f-4299-87a6-56f785c53354\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Defender event count\",\"panelRefName\":\"panel_ba231616-e45f-4299-87a6-56f785c53354\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":182,\"w\":12,\"h\":14,\"i\":\"9d149e7a-8cd7-4a4e-bbed-e4d2ca6e2931\"},\"panelIndex\":\"9d149e7a-8cd7-4a4e-bbed-e4d2ca6e2931\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9d149e7a-8cd7-4a4e-bbed-e4d2ca6e2931\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":24,\"y\":182,\"w\":24,\"h\":14,\"i\":\"af3a8a33-8efa-422f-b024-f2c4a158586f\"},\"panelIndex\":\"af3a8a33-8efa-422f-b024-f2c4a158586f\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"AV Detections (Event 1116)\",\"panelRefName\":\"panel_af3a8a33-8efa-422f-b024-f2c4a158586f\"}]","timeRestore":false,"title":"User Security","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-15T23:35:09.866Z","id":"e5f203f0-6182-11ee-b035-d5f231e90733","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","name":"cb956d23-9d5b-4af8-becf-a2d2d108b5f7:panel_cb956d23-9d5b-4af8-becf-a2d2d108b5f7","type":"visualization"},{"id":"a64ec020-84b4-11ea-b7fb-01bea49d9239","name":"d962c0d4-f80a-426c-9a1b-43e2fb6296f2:panel_d962c0d4-f80a-426c-9a1b-43e2fb6296f2","type":"visualization"},{"id":"8b7ff050-8ed4-11ea-904c-391ecaa2f2f4","name":"b5483ec3-77b5-4e4c-b532-32ce796aa1de:panel_b5483ec3-77b5-4e4c-b532-32ce796aa1de","type":"visualization"},{"id":"53b65290-8ed4-11ea-904c-391ecaa2f2f4","name":"669e458b-ac6a-41d1-b3e2-945a0c8571bd:panel_669e458b-ac6a-41d1-b3e2-945a0c8571bd","type":"visualization"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"b693e539-d72a-496c-bbaf-31c22eeb78c2:indexpattern-datasource-layer-d123adeb-fd39-4176-b3c9-69c88d2852d5","type":"index-pattern"},{"id":"d58b0380-8540-11ea-b6c5-5d9149593ce4","name":"0eb6fcd2-cd91-4c3e-b652-4f06922da3ae:panel_0eb6fcd2-cd91-4c3e-b652-4f06922da3ae","type":"visualization"},{"id":"22170f50-853c-11ea-b6c5-5d9149593ce4","name":"2281ee7a-a6bd-4d4e-8ced-3c594acfdd3f:panel_2281ee7a-a6bd-4d4e-8ced-3c594acfdd3f","type":"visualization"},{"id":"c0c8b560-84a9-11ea-b7fb-01bea49d9239","name":"13240516-125d-434d-8929-d9a334308aa6:panel_13240516-125d-434d-8929-d9a334308aa6","type":"visualization"},{"id":"489f7350-853d-11ea-b6c5-5d9149593ce4","name":"4b488bfa-a881-46c9-933b-ed762dfb6884:panel_4b488bfa-a881-46c9-933b-ed762dfb6884","type":"visualization"},{"id":"a179afa0-853c-11ea-b6c5-5d9149593ce4","name":"1d6bc214-21e6-4f94-b4df-94585768f0d1:panel_1d6bc214-21e6-4f94-b4df-94585768f0d1","type":"visualization"},{"id":"2325be20-8616-11ea-a720-c7a0431f179d","name":"5db1345f-28a0-43fd-9cd2-d51e9349cfad:panel_5db1345f-28a0-43fd-9cd2-d51e9349cfad","type":"search"},{"id":"a1229110-860f-11ea-a720-c7a0431f179d","name":"dc8de60f-b44b-4e88-9f4c-603ebc8be78b:panel_dc8de60f-b44b-4e88-9f4c-603ebc8be78b","type":"visualization"},{"id":"ec7ad2d0-8641-11ea-907a-33d103156187","name":"3b38696a-cc17-47fb-91f4-96884a7262de:panel_3b38696a-cc17-47fb-91f4-96884a7262de","type":"visualization"},{"id":"31a7d490-e677-11e9-8be5-cd86dcca33f3","name":"85d08841-be8d-45e6-8d57-e79d3e63b315:panel_85d08841-be8d-45e6-8d57-e79d3e63b315","type":"visualization"},{"id":"3fb9dfd0-8887-11ea-99ef-bd4d29afe41e","name":"8053a0e5-33e4-46d0-adcc-5baa505a07e4:panel_8053a0e5-33e4-46d0-adcc-5baa505a07e4","type":"visualization"},{"id":"245778d0-8641-11ea-907a-33d103156187","name":"d6e81b2b-664b-480d-9e79-0146110b5b40:panel_d6e81b2b-664b-480d-9e79-0146110b5b40","type":"visualization"},{"id":"027102a0-e69f-11e9-8be5-cd86dcca33f3","name":"cf6d87aa-3642-443d-8535-ffc445bb0de8:panel_cf6d87aa-3642-443d-8535-ffc445bb0de8","type":"search"},{"id":"813d18f0-8869-11ea-99ef-bd4d29afe41e","name":"e7d0f621-25db-4fc2-b342-de3356d27d22:panel_e7d0f621-25db-4fc2-b342-de3356d27d22","type":"visualization"},{"id":"ca56a030-8899-11ea-99ef-bd4d29afe41e","name":"8dba12cb-b13b-4885-be71-4f0b80b741a1:panel_8dba12cb-b13b-4885-be71-4f0b80b741a1","type":"search"},{"id":"60553d40-ec18-11e9-befc-81397a291157","name":"d91877f5-6b32-4f10-b31c-a7dfc609b37e:panel_d91877f5-6b32-4f10-b31c-a7dfc609b37e","type":"visualization"},{"id":"bc2e06f0-8930-11ea-9bd8-f3fed1ec2140","name":"57e03c45-07da-4b09-84ad-8f536cbdbb58:panel_57e03c45-07da-4b09-84ad-8f536cbdbb58","type":"visualization"},{"id":"2b71e9f0-8931-11ea-9bd8-f3fed1ec2140","name":"6286154f-2b14-43a6-a3a5-9e85cf465162:panel_6286154f-2b14-43a6-a3a5-9e85cf465162","type":"visualization"},{"id":"ff5a53b0-ebf7-11e9-befc-81397a291157","name":"376ac409-1f80-4cc4-a94f-71431233ffc1:panel_376ac409-1f80-4cc4-a94f-71431233ffc1","type":"search"},{"id":"c97a71f0-8952-11ea-9bd8-f3fed1ec2140","name":"570dff9d-ac96-4d3b-a4f3-a81e09fce159:panel_570dff9d-ac96-4d3b-a4f3-a81e09fce159","type":"search"},{"id":"404f6e60-895e-11ea-9bd8-f3fed1ec2140","name":"fb24e6b0-f665-4798-8540-31d38b4b78cb:panel_fb24e6b0-f665-4798-8540-31d38b4b78cb","type":"visualization"},{"id":"1a0c4520-e698-11e9-8be5-cd86dcca33f3","name":"f0f11bc0-5607-4a3b-b4a4-4d8500c62c0a:panel_f0f11bc0-5607-4a3b-b4a4-4d8500c62c0a","type":"visualization"},{"id":"6b97d600-8960-11ea-9bd8-f3fed1ec2140","name":"5b06e280-9804-408b-b8c5-c75f21bb7d00:panel_5b06e280-9804-408b-b8c5-c75f21bb7d00","type":"search"},{"id":"ebbab910-8960-11ea-9bd8-f3fed1ec2140","name":"05382728-1306-4e59-b08e-d899afdf22b3:panel_05382728-1306-4e59-b08e-d899afdf22b3","type":"visualization"},{"id":"4d08ec30-e5c1-11e9-ac01-d5832a8a14d8","name":"ba231616-e45f-4299-87a6-56f785c53354:panel_ba231616-e45f-4299-87a6-56f785c53354","type":"visualization"},{"id":"45277cd0-7bdf-11e9-b45c-ad49d0e60b5a","name":"9d149e7a-8cd7-4a4e-bbed-e4d2ca6e2931:panel_9d149e7a-8cd7-4a4e-bbed-e4d2ca6e2931","type":"visualization"},{"id":"854e4470-8966-11ea-9bd8-f3fed1ec2140","name":"af3a8a33-8efa-422f-b024-f2c4a158586f:panel_af3a8a33-8efa-422f-b024-f2c4a158586f","type":"search"}],"type":"dashboard","updated_at":"2023-12-15T23:35:09.866Z","version":"WzQ3MjczLDEwXQ=="} -{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":38,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file diff --git a/OLD_CHAPTERS/Chapter 4 Files/export_dashboards.py b/OLD_CHAPTERS/Chapter 4 Files/export_dashboards.py deleted file mode 100644 index b05e192a..00000000 --- a/OLD_CHAPTERS/Chapter 4 Files/export_dashboards.py +++ /dev/null @@ -1,165 +0,0 @@ -#!/usr/bin/env python3 -import argparse -import base64 -import json -import os -import re -import requests -from pathlib import Path -from urllib3.exceptions import InsecureRequestWarning - -# Suppress the InsecureRequestWarning (We are using a self-signed cert) -requests.packages.urllib3.disable_warnings(InsecureRequestWarning) - -ALL = 'all' - - -class Api: - def __init__(self, args): - self.ids = None - self.basic_auth = self.get_basic_auth(args.user, args.password) - self.root_url = f'https://{args.host}:{args.port}' - - def export_dashboards(self): - self.set_ids() - self.export_selected_dashboard(self.select_dashboard()) - - @staticmethod - def get_basic_auth(username, password): - return base64.b64encode(f"{username}:{password}".encode()).decode() - - def get_ids(self): - url = f'{self.root_url}/api/kibana/management/saved_objects/_find?perPage=500&page=1&fields=id&type=dashboard&sortField=updated_at&sortOrder=desc' - - try: - response = requests.get(url, headers={'Authorization': f'Basic {self.basic_auth}'}, verify=False) - - if response.status_code == 200: - data = response.json() - ids = {item['id']: item['meta']['title'] for item in data.get('saved_objects', [])} - return ids - else: - print(f"HTTP request failed with status code: {response.status_code}") - print(response.text) - return {} - except Exception as e: - print(f"An error occurred: {str(e)}") - return {} - - def set_ids(self, ids=None): - if ids is None: - ids = self.get_ids() - self.ids = ids - - def select_dashboard(self): - print("Please select a dashboard ID:") - item = 1 - choices = {} - - # Iterate through ids and display them with corresponding numbers - for this_id, title in self.ids.items(): - print(item, this_id, title) - choices[item] = this_id - item += 1 - - if item == 1: - print("I could not find any dashboards") - return - - choices[item] = ALL - print(item, "Select all dashboards") - - # Ask the user to select a number - while True: - try: - choice = int(input("Select a number: ")) - if choice in choices: - selected_id = choices[choice] - if selected_id == ALL: - return ALL # Return 'all' if the user selects all dashboards - else: - return selected_id # Return the selected dashboard ID - else: - print("Invalid choice. Please select a valid number.") - except ValueError: - print("Invalid input. Please enter a number.") - - def export_selected_dashboard(self, selected_dashboard): - if selected_dashboard == ALL: - print("You selected to export all dashboards") - self.dump_all_dashboards() - else: - print(f"You selected dashboard ID: {selected_dashboard}") - self.dump_dashboard(selected_dashboard) - - def dump_dashboard(self, selected_id): - print(f"Dumping dashboard: {selected_id}: {self.ids[selected_id]}...") - # Dumping dashboard: e5f203f0-6182-11ee-b035-d5f231e90733: User Security - - dashboard_json = self.get_dashboard_json(selected_id) - - if dashboard_json is not None: - script_dir = os.path.dirname(os.path.abspath(__file__)) - export_path = Path(script_dir) / 'exported' - os.makedirs(export_path, exist_ok=True) - - filename = re.sub(r"\W+", "_", self.ids[selected_id].lower()) + ".dumped.ndjson" - - print(f"Writing to file {filename}") - export_path = export_path / filename - - Api.write_to_file(export_path, dashboard_json) - return - - print("There was a problem dumping the dashboard") - - def dump_all_dashboards(self): - for this_id in self.ids: - self.dump_dashboard(this_id) - - def get_dashboard_json(self, selected_id): - url = f'{self.root_url}/api/saved_objects/_export' - data = { - "objects": [{"id": selected_id, "type": "dashboard"}], - "includeReferencesDeep": True - } - headers = { - "kbn-xsrf": "true", - 'Authorization': f'Basic {self.basic_auth}' - } - try: - response = requests.post(url, headers=headers, json=data, verify=False) - - if response.status_code == 200: - return response.text - else: - print(f"HTTP request failed with status code: {response.status_code}") - print(response.text) - return None - - except Exception as e: - print(f"An error occurred: {str(e)}") - return None - - @staticmethod - def write_to_file(filename, content): - with open(filename, 'wb') as file: - file.write(content.encode('utf-8')) - - -def main(): - # Define command-line arguments with defaults - parser = argparse.ArgumentParser(description='Retrieve IDs from Elasticsearch') - parser.add_argument('-u', '--user', required=True, help='Elasticsearch username') - parser.add_argument('-p', '--password', required=True, help='Elasticsearch password') - parser.add_argument('--host', default='localhost', help='Elasticsearch host (default: localhost)') - parser.add_argument('--port', default='443', help='Elasticsearch port (default: 443)') - args = parser.parse_args() - - api = Api(args) - - api.export_dashboards() - - -if __name__ == '__main__': - main() diff --git a/OLD_CHAPTERS/Chapter 4 Files/requirements.txt b/OLD_CHAPTERS/Chapter 4 Files/requirements.txt deleted file mode 100644 index 345bc273..00000000 --- a/OLD_CHAPTERS/Chapter 4 Files/requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -requests -urllib3 \ No newline at end of file diff --git a/OLD_CHAPTERS/README.md b/OLD_CHAPTERS/README.md deleted file mode 100644 index cdcc4d95..00000000 --- a/OLD_CHAPTERS/README.md +++ /dev/null @@ -1,76 +0,0 @@ -![N|Solid](/docs/imgs/cisa.png) - -[![Downloads](https://img.shields.io/github/downloads/cisagov/lme/total.svg)]() - -# Logging Made Easy -Initially created by NCSC and now maintained by CISA, Logging Made Easy is a self-install tutorial for small organizations to gain a basic level of centralized security logging for Windows clients and provide functionality to detect attacks. It's the coming together of multiple open software platforms which come at no cost to users, where LME helps the reader integrate them together to produce an end-to-end logging capability. We also provide some pre-made configuration files and scripts, although there is the option to do it on your own. - -Logging Made Easy can: -- Show where administrative commands are being run on enrolled devices -- See who is using which machine -- In conjunction with threat reports, it is possible to query for the presence of an attacker in the form of Tactics, Techniques and Procedures (TTPs) - -## Disclaimer - -**LME is currently still early in development.** - -***If you have an existing install of the LME Alpha (v0.5 or older) some manual intervention will be required in order to upgrade to the latest version, please see [Upgrading](/docs/markdown/maintenance/upgrading.md) for further information.*** - -**This is not a professional tool, and should not be used as a [SIEM](https://en.wikipedia.org/wiki/Security_information_and_event_management).** - -**LME is a 'homebrew' way of gathering logs and querying for attacks.** - -We have done the hard work to make things simple. We will tell you what to download, which configurations to use and have created convenient scripts to auto-configure wherever possible. - -The current architecture is based upon Windows Clients, Microsoft Sysmon, Windows Event Forwarding and the ELK stack. - -We are **not** able to comment on or troubleshoot individual installations. If you believe you have have found an issue with the LME code or documentation please submit a [GitHub issue](https://github.com/cisagov/lme/issues). If you have a question about your installation, please visit [GitHub Discussions](https://github.com/cisagov/lme/discussions) to see if your issue has been addressed before. - -## Who is Logging Made Easy for? - -From single IT administrators with a handful of devices in their network to larger organizations. - -LME is for you if: - -* You donโ€™t have a [SOC](https://en.wikipedia.org/wiki/Information_security_operations_center), SIEM or any monitoring in place at the moment. -* You lack the budget, time or understanding to set up your own logging system. -* You recognize the need to begin gathering logs and monitoring your IT. -* You understand that LME has limitations and is better than nothing - but no match for a professional tool. - -If any, or all, of these criteria fit, then LME is a step in the right direction for you. - -LME could also be useful for: - -* Small isolated networks where corporate monitoring doesnโ€™t reach. - -## Overview -The LME architecture consists of 3 groups of computers, as summarized in the following diagram: -![High level overview](/docs/imgs/OverviewDiagram.png) - -

-Figure 1: The 3 primary groups of computers in the LME architecture, their descriptions and the operating systems / software run by each. -

- -## Table of contents - -### Installation: - - [Prerequisites - Start deployment here](/docs/markdown/prerequisites.md) - - [Chapter 1 - Set up Windows Event Forwarding](/docs/markdown/chapter1/chapter1.md) - - [Chapter 2 โ€“ Sysmon Install](/docs/markdown/chapter2.md) - - [Chapter 3 โ€“ Database Install](/docs/markdown/chapter3/chapter3.md) - - [Chapter 4 - Post Install Actions ](/docs/markdown/chapter4.md) - -### Logging Guidance - - [Log Retention](/docs/markdown/logging-guidance/retention.md) - - [Additional Log Types](/docs/markdown/logging-guidance/other-logging.md) - -### Reference: - - [FAQ](/docs/markdown/reference/faq.md) - - [Troubleshooting](/docs/markdown/reference/troubleshooting.md) - - [Dashboard Descriptions](/docs/markdown/reference/dashboard-descriptions.md) - - [Guide to Organizational Units](/docs/markdown/chapter1/guide_to_ous.md) - -### Maintenance: - - [Backups](/docs/markdown/maintenance/backups.md) - - [Upgrading](/docs/markdown/maintenance/upgrading.md) - - [Certificates](/docs/markdown/maintenance/certificates.md) diff --git a/README.md b/README.md index 24ed0cfc..37470677 100644 --- a/README.md +++ b/README.md @@ -7,9 +7,12 @@ This will eventually be merged with the Readme file at [LME-README](https://github.com/cisagov/LME). -## TLDR: -LME will now execute its server stack via systemd through quadlet's. -All the original compose functionality has been implemented and working. +## Table of Contents: +- [Architecture:](#architecture) +- [Installation:](#installation) +- [Deploying Agents:](#deploying-agents) +- [Password Encryption:](#password-encryption) +- [Further Documentation:](#documentation) ## Architecture: Ubuntu 22.04 server running podman containers setup as podman quadlets controlled via systemd. @@ -17,52 +20,19 @@ Ubuntu 22.04 server running podman containers setup as podman quadlets controlle ### Required Ports: Ports required are as follows: - Elasticsearch: *9200* - - Caddy: *443* - - Wazuh: *1514,1515,55000,514* + - Kibana: 443 + - Wazuh: *1514,1515,1516,55000,514* - Agent: *8220* ### Diagram: -A real diagram is coming, for now this poor man's flow chart is all that is available: (Created with [asciiflow](https://asciiflow.com/#/)) -``` -# +---------------------------------------------------------------------+ -# # | | -# # | LME SERVER | -# # | | -# # | Podman Containers | -# # | | -# # | +-----------+ +-----------+ | -# # ------+------------------->| | | | | -# # +-----------------------------------+ ^ | | Wazuh +-------------+ | Kibana | | -# # | | | | +---------+ | Manager | | | | | -# # | CLIENT MACHINE | | | | | | | | +----+---^--+ | -# # | | | | | Caddy | +-----------+ | | | | -# # | | | | | | +----v-----+ | | | -# # | WINDOWS | | | | | | | | | | -# # | | | | +-----+--^+ +----------+ | Elastic <----+ | | -# # | +-----------------+ | | | | | | | | search | | | -# # | | | | | | | | | Fleet | | +--------+ | -# # | | Elastic Agent +--------+------------+-----+--------+--+---------> | +------^---+ | -# # | +-----------------+ | | | | | | Server | | | -# # | | | | +-v--+-------+ | +---------------+ | -# # | +-----------------+ | | | | LME | +----------+ | -# # | | | | | | | | | -# # | | Wazuh Agent +--------+------------+ | | FrontEnd | | -# # | | | | | | | | -# # | +-----------------+ | | +------------+ | -# # | | | | -# # -``` +![diagram](/docs/imgs/lme-architecture-v2.jpg) ### why podman?: Podman is more secure (by default) against container escape attacks than Docker. It also is far more debug and programmer friendly for making containers secure. ### Containers: - - caddy: acts as a reverse proxy for the container architecture: - - routes traffic to the backend services - - hosts lme-front end - - helps access all services behind one pane of glass - setup: runs `/config/setup/init-setup.sh` based on the configuration of dns defined in `/config/setup/instances.yml`. The script will create a CA, underlying certs for each service, and intialize the admin accounts for elasticsearch(user:`elastic`) and kibana(user:`kibana_system`). - elasticsearch: runs the database for LME and indexes all logs - kibana: the front end for querying logs, investigating via dashboards, and managing fleet agents... @@ -80,177 +50,134 @@ Wazuh agents will enable EDR capabilities, while Elastic agents will enable logg ## Installation: -### **Ubuntu 22.04**: -Important: Change appropriate variables in `$CLONE_DIRECTORY/example.env` Each variable is documented inside `example.env`. You'll want to change the default passwords! +If you are unsure you meet the pre-requisites to installing LME, please read our [prerequisites documentation](/docs/markdown/prerequisites.md) +Please ensure you follow all the configuration steps required below. -After changing those variables, you can run the automated install, or do a manual install. -#### **Automated Install** -You can run this installer to run the total install in ansible. -```bash -sudo apt update && sudo apt install -y ansible -# cd ~/LME-PRIV/lme-2-arch # Or path to your clone of this repo -ansible-playbook install_lme_local.yml -``` -This assumes that you have the repo in `~/LME-PRIV/`. +### Downloading LME: +**All steps will assume you start in your cloned directory of LME on your ubuntu 22.04 server** -If you don't, you can pass the `CLONE_DIRECTORY` variable to the playbook. - -``` -ansible-playbook install_lme_local.yml -e "clone_dir=/path/to/clone/directory" +We suggest you install the latest release version of Logging made easy using the following commands: ``` +sudo apt update && sudo apt install curl jq unzip -y -This also assumes your user can sudo without a password. If you need to input a password when you sudo, you can run it with the `-K` flag and it will prompt you for a password. - -**NOTE** [this script](/scripts/set_sysctl_limits.sh) is executed via ansible AND will change unprivileged ports to start at 80, to allow caddy to listen on 443 from a user run container. If this is not desired, we will be publishing steps to setup firewall rules using ufw//iptables to manage the firewall on this host at a later time. - -#### **-- End Automated Install** - -#### **Manual Install**( optional if not running ansible install): +curl -s https://api.github.com/repos/cisagov/LME/releases/latest | jq -r '.assets[0].browser_download_url' | xargs -I {} sh -c 'curl -L -O {} && unzip -d ~/LME $(basename {})"' ``` -export CLONE_DIRECTORY=~/LME-PRIV/lme-2-arch -#systemd will setup nix: -#Old way to setup nix if desired: sh <(curl -L https://nixos.org/nix/install) --daemon -sudo apt install jq uidmap nix-bin nix-setup-systemd - -sudo nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs -sudo nix-channel --update - -# Add user to nix group in /etc/group -sudo usermod -aG nix-users $USER -#install podman and podman-compose -sudo nix-env -iA nixpkgs.podman - -# Set the path for root and lme-user -#echo 'export PATH=$PATH:$HOME/.nix-profile/bin' >> ~/.bashrc -echo 'export PATH=$PATH:/nix/var/nix/profiles/default/bin' >> ~/.bashrc -sudo sh -c 'echo "export PATH=$PATH:/nix/var/nix/profiles/default/bin" >> /root/.bashrc' - -#to allow 443/80 bind and setup memory/limits -sudo NON_ROOT_USER=$USER $CLONE_DIRECTORY/set_sysctl_limits.sh - -#TODO are these needed? we'll have to see, don't set them for now -#export XDG_CONFIG_HOME="$HOME/.config" -#export XDG_RUNTIME_DIR=/run/user/$(id -u) - -#setup user-generator on systemd: -sudo $CLONE_DIRECTORY/link_latest_podman_quadlet.sh - -#setup loginctl -sudo loginctl enable-linger $USER -``` +### Operating system: **Ubuntu 22.04**: +Make sure you run an install on ubuntu 22.04, thats the operating system which has been tested the most. +In theory, you can install LME on any nix... but we've only tested and run installs on 22.04. ### Configuration Configuration is `/config/` - in `setup` find the configuration for certificate generation and password setting. `instances.yml` defines the certificates that will get created. The shellscripts initialize accounts and create certificates, and will run from their respective quadlet definitions `lme-setup-accts` and `lme-setup-certs` respectively. - in `caddy` is the Caddyfile for the reverse proxy. Find more notes on its syntax and configuraiton here: [CADDY DOCS](https://caddyserver.com/docs/caddyfile) +in `setup` find the configuration for certificate generation and password setting. +`instances.yml` defines the certificates that will get created. +The shellscripts initialize accounts and create certificates, and will run from their respective quadlet definitions `lme-setup-accts` and `lme-setup-certs` respectively. -Quadlet configuration for containers is in: `/quadlet/` +Quadlet configuration for containers is in: `/quadlet/`. These are mapped to the root's systemd unit files, but will execute as the `lmed` user. -1. setup `/opt/lme` thats the running directory for lme: -```bash -sudo mkdir -p /opt/lme -sudo chown -R $USER:$USER /opt/lme -cp -r $CLONE_DIRECTORY/config/ /opt/lme/ -cp -r $CLONE_DIRECTORY/quadlet/ /opt/lme/ - -#setup quadlets -mkdir -p ~/.config/containers/ -ln -s /opt/lme/quadlet ~/.config/containers/systemd - -#setup service file -mkdir -p ~/.config/systemd/user -ln -s /opt/lme/quadlet/lme.service ~/.config/systemd/user/ +\***TO EDIT**:\* +The only file that really needs to be touched is creating `/config/lme-environment.env`, which sets up the required environment variables +Get your IP address via the following command: +``` +hostname -I | awk '{print $1}' ``` -#### **--- End Manual Install** - -### After install: - -Confirm setup: +Setup the config via the following steps: ``` -systemctl --user daemon-reload -systemctl --user list-unit-files lme\* +cp ./config/example.env ./config/lme-environment.env +#update the following values: +IPVAR=127.0.0.1 #your hosts ip ``` -1. Copy the file `example.env` to the running environment file: -```bash -cp $CLONE_DIRECTORY/example.env /opt/lme/lme-environment.env +### OPTIONAL: setting master password +This password will be used to encrypt all service user passwords and you should make sure to keep track of it (it will also be stored in `/etc/lme/pass.sh`). ``` - -3. Change appropriate variables in `/opt/lme/lme-environment.env` Each variable is documented inside `example.env`. You'll want to change the default passwords! +sudo -i ${PWD}/scripts/password_management.sh -i +``` +You can skip this step if you would like to have the script setup the master password for you and you'll never need to touch it :) -## Run: -### pull and tag all containers: -This will let us maintain the lme container versions using the `LME_LATEST` tag. Whenever we update, we change the local image to point to the newest update, and run `podman auto-update` to update the containers. +### **Automated Install** -**NOTE TO FUTURE SELVES: NEEDS TO BE `LOCALHOST` TO AVOID REMOTE TAGGING ATTACK** +You can run this installer to run the total install in ansible. ```bash -sudo mkdir -p /etc/containers -sudo tee /etc/containers/policy.json < quadlet -1. start the containers with compose -2. podlet generate from the containers created +3. Then login to kibana, go to fleet, click 'add agent' choose linux or windows depending on what endpoint. I like to perform these lines of code one at a time for testing. The final line where it actually does the install... add --insecure to the end. This is until we figure out how to do this with the certs in the cert store etc. -### compose: -running: -```shell -podman-compose up -d -``` -stopping: -```shell -podman-compose down --remove-orphans +## Password Encryption: +Password encryption is enabled using ansible-vault to store all lme user and lme service user passwords at rest. +We do submit a hash of the password to Have I been pwned to check to see if it is compromised: [READ MORE HERE](https://haveibeenpwned.com/FAQs) +### where are passwords stored?: +```bash +# Define user-specific paths +USER_CONFIG_DIR="/root/.config/lme" +USER_VAULT_DIR="/opt/lme/vault" +USER_SECRETS_CONF="$USER_CONFIG_DIR/secrets.conf" +PASSWORD_FILE="/etc/lme/pass.sh" +``` -#only run if you want to remove all volumes: -podman-compose down -v --remove-orphans +### MANUALLY setting up passwords and accessing passwords: +Run the password_management.sh script: +```bash +lme-user@ubuntu:~/LME-TEST$ sudo -i ${PWD}/scripts/password_management.sh -h +-i: Initialize all password environment variables and settings +-s: set_user: Set user password +-p: Manage Podman secret +-l: List Podman secrets +-h: print this list ``` -### install/get podlet: +### grabbing passwords: +To view the appropriate service user password use ansible-vault, as root: ``` -#https://github.com/containers/podlet/releases -wget https://github.com/containers/podlet/releases/download/v0.3.0/podlet-x86_64-unknown-linux-gnu.tar.xz -#add it to path: -cp ./podlet-x86_64-unknown-linux-gnu/podlet .local/bin/ +#where wazuh_api is the service user whose password you want: +sudo -i ansible-vault view /etc/lme/vault/$(sudo -i podman secret ls | grep wazuh_api | awk '{print $1}') ``` -### generate the quadlet files: -[DOCS](https://docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html), [BLOG](https://mo8it.com/blog/quadlet/) -``` -cd ~/LME-PRIV/quadlet -for x in $(podman ps --filter label=io.podman.compose.project=lme-2-arch -a --format "{{.Names}}");do echo $x; podlet generate container $x > $x.container;done -``` +# Documentation: -### dealing with journalctl logs: -https://unix.stackexchange.com/questions/638432/clear-failed-states-or-all-old-logs-from-systemctl-status-service -``` -#delete all logs: -sudo rm /var/log/journal/$STRING_OF_HEX/user-1000* -``` +### Logging Guidance + - [LME in the CLOUD](/docs/markdown/logging-guidance/cloud.md) + - [Log Retention](/docs/markdown/logging-guidance/retention.md) TODO update to be current + - [Additional Log Types](/docs/markdown/logging-guidance/other-logging.md) -### debugging commands: -``` -systemctl --user stop lme.service -systemctl --user status lme* -systemctl --user restart lme.service -journalctl --user -u lme-fleet-server.service -systemctl --user status lme* -cp -r $CLONE_DIRECTORY/config/ /opt/lme && cp -r $CLONE_DIRECTORY/quadlet /opt/lme -systemctl --user daemon-reload && systemctl --user list-unit-files lme\* -systemctl --user reset-failed -podman volume rm -a - -###make sure all ports are free as well: -sudo ss -tulpn -``` +### Reference: TODO update these to current + - [FAQ](/docs/markdown/reference/faq.md) + - [Troubleshooting](/docs/markdown/reference/troubleshooting.md) + - [Dashboard Descriptions](/docs/markdown/reference/dashboard-descriptions.md) + - [Guide to Organizational Units](/docs/markdown/chapter1/guide_to_ous.md) + - [Security Model](/docs/markdown/reference/security-model.md) + - [DEV NOTES](/docs/markdown/reference/dev-notes) + +### Maintenance: + - [Backups](/docs/markdown/maintenance/backups.md) + - [Upgrading](/docs/markdown/maintenance/upgrading.md) + - [Certificates](/docs/markdown/maintenance/certificates.md) + diff --git a/config/caddy/Caddyfile b/config/caddy/Caddyfile deleted file mode 100644 index dd3cacfa..00000000 --- a/config/caddy/Caddyfile +++ /dev/null @@ -1,22 +0,0 @@ -{ - # Global options - admin off # Disable admin API for security - log { - output file /var/log/caddy/access.log - format json - } -} - -:80 { - redir https://{host}{uri} permanent -} - -:443 { - tls /etc/caddy/certs/caddy/caddy.crt /etc/caddy/certs/caddy/caddy.key - reverse_proxy https://lme-kibana:5601 { - transport http { - tls_trusted_ca_certs /etc/caddy/certs/ca/ca.crt - tls_insecure_skip_verify - } - } -} diff --git a/config/containers.conf b/config/containers.conf new file mode 100644 index 00000000..de8843ab --- /dev/null +++ b/config/containers.conf @@ -0,0 +1,8 @@ +[secrets] +driver = "shell" + +[secrets.opts] +list = "ls /opt/lme/vault/" +lookup = "ansible-vault view /opt/lme/vault/$SECRET_ID" +store = "cat > /opt/lme/vault/$SECRET_ID; ansible-vault encrypt /opt/lme/vault/$SECRET_ID" +delete = "rm /opt/lme/vault/$SECRET_ID" diff --git a/config/example.env b/config/example.env index 4a022be9..892c546a 100644 --- a/config/example.env +++ b/config/example.env @@ -1,6 +1,6 @@ -# environment file for docker-compose - -#TODO: set this via a script: +###################################### +## MAKE SURE TO SET THE BELOW VALUE: # +###################################### #IP of your host machine IPVAR=127.0.0.1 @@ -31,31 +31,37 @@ STACK_VERSION=8.12.2 CLUSTER_NAME=LME #User info: -#####TODO: make these podman secrets +#Username used by elastic service for admin, currently this is static ELASTIC_USERNAME=elastic # Password for the 'elastic' user (at least 6 characters) -ELASTIC_PASSWORD=password1 -#Username used by kibana +# ansible-vault: elastic +#ELASTIC_PASSWORD=password1 + +#Username used by kibana, currently this is static ELASTICSEARCH_USERNAME=kibana_system # Password for the 'kibana_system' user (at least 6 characters) -ELASTICSEARCH_PASSWORD=password1 +# ansible-vault: kibana_system +#KIBANA_PASSWORD=password1 #Fleet: -KIBANA_PASSWORD=password1 KIBANA_FLEET_USERNAME=elastic -KIBANA_FLEET_PASSWORD=password1 +# ansible-vault: elastic +#KIBANA_FLEET_PASSWORD=password1 #Wazuh: -WAZUH_PASSWORD=MyP@ssw0rd1# +# ansible-vault: wazuh +#WAZUH_PASSWORD=MyP@ssw0rd1# INDEXER_USERNAME=elastic -INDEXER_PASSWORD=password1 +# ansible-vault: elastic +#INDEXER_PASSWORD=password1 API_USERNAME=wazuh-wui -API_PASSWORD=MyP@ssw0rd1# +# ansible-vault: wazuh_api +#API_PASSWORD=MyP@ssw0rd1# # Set to "basic" or "trial" to automatically start the 30-day trial LICENSE=basic -#TODO: support these, right now they're static +#TODO: support changing these, right now they're static # Port to expose Elasticsearch HTTP API to the host ES_PORT=9200 #ES_PORT=127.0.0.1:9200 @@ -70,7 +76,7 @@ MEM_LIMIT=2073741824 # Detection Settings: ################# -#TODO: integrate this into the ansible script +#TODO: integrate fleet setup into postinstall ansible script # Bulk Enable Detection Rules by OS - change to "1" if you want to enable LinuxDR=0 diff --git a/config/setup/acct-init.sh b/config/setup/acct-init.sh index 03792cc7..99e5b517 100644 --- a/config/setup/acct-init.sh +++ b/config/setup/acct-init.sh @@ -5,6 +5,11 @@ CONFIG_DIR="/usr/share/elasticsearch/config" CERTS_DIR="${CONFIG_DIR}/certs" INSTANCES_PATH="${CONFIG_DIR}/setup/instances.yml" +if [[ -z "${ELASTIC_PASSWORD:-}" || -z "${KIBANA_PASSWORD:-}" ]]; then + echo "ERROR: ELASTIC_PASSWORD and/or KIBANA_PASSWORD are missing." + exit 1 +fi + if [ ! -f "${CERTS_DIR}/ACCOUNTS_CREATED" ]; then echo "Waiting for Elasticsearch availability"; until curl -s --cacert config/certs/ca/ca.crt https://lme-elasticsearch:9200 | grep -q "missing authentication credentials"; do echo "WAITING"; sleep 30; done; diff --git a/config/setup/init-setup.sh b/config/setup/init-setup.sh index 41a7b34a..c5e9ccc2 100644 --- a/config/setup/init-setup.sh +++ b/config/setup/init-setup.sh @@ -5,9 +5,12 @@ if [[ -z "${ELASTIC_PASSWORD:-}" || -z "${KIBANA_PASSWORD:-}" ]]; then echo "ERROR: ELASTIC_PASSWORD and/or KIBANA_PASSWORD are missing." exit 1 fi +echo $ELASTIC_PASSWORD +echo $KIBANA_PASSWORD CONFIG_DIR="/usr/share/elasticsearch/config" CERTS_DIR="${CONFIG_DIR}/certs" +DATA_DIR="/usr/share/elasticsearch/data" INSTANCES_PATH="${CONFIG_DIR}/setup/instances.yml" if [ ! -f "${CERTS_DIR}/ca.zip" ]; then @@ -23,7 +26,10 @@ if [ ! -f "${CERTS_DIR}/certs.zip" ]; then cat "${CERTS_DIR}/elasticsearch/elasticsearch.crt" "${CERTS_DIR}/ca/ca.crt" > "${CERTS_DIR}/elasticsearch/elasticsearch.chain.pem" fi -echo "Setting file permissions..." -chown -R root:root "${CERTS_DIR}" -find "${CERTS_DIR}" -type d -exec chmod 750 {} \; -find "${CERTS_DIR}" -type f -exec chmod 640 {} \; +echo "Setting file permissions... certs" +chown -R elasticsearch:elasticsearch "${CERTS_DIR}" +find "${CERTS_DIR}" -type d -exec chmod 755 {} \; +find "${CERTS_DIR}" -type f -exec chmod 644 {} \; + +echo "Setting file permissions... data" +chown -R elasticsearch:elasticsearch "${DATA_DIR}" diff --git a/config/vault-pass.sh b/config/vault-pass.sh new file mode 100755 index 00000000..b0f7b8b3 --- /dev/null +++ b/config/vault-pass.sh @@ -0,0 +1,2 @@ +#!/bin/bash +echo $LME_ANSIBLE_VAULT_PASS diff --git a/docs/imgs/lme-architecture-v2.jpg b/docs/imgs/lme-architecture-v2.jpg new file mode 100644 index 0000000000000000000000000000000000000000..b68f23a11d24463ef3b44f69d088aca465978abf GIT binary patch literal 929763 zcmeFa2e=!>xj(GqZZO4|V!AP%<#@HKD;pbDeI>2Ru2w4v2yB&hS6XdTS!FHlmtV-fWJAC8^mx)?)^Xa|9#)t=dqYGJM+%WZ{B(5Ei=oi z=T^Pu+B_A<@xnb9S`}cH~S4DdcC)Q+b;oJ{zTRL}+ zEG(SM_z5?mN5s0E?3*Ih&ldT<%7=ux`!CvPzux>_Q*VkkJEzxdXx9AR!np(D^Fewn z8=gC7P{dXj&c()Bol_?Ab0RHMoD-UdjPh=`XHGCQj}5Q^Zz!Oh@*BlQz&p&4`M%IK@ z*V=nMTB~b(ix|-oWXbt`J3mN?e1znMFR=GYo-$b+S-v!*4EF~q{TYdB)<+Fna(^$d)y!TDWTut(I$)!KSvkPk}KMY&eD7a?wRU9Hu5-&aj)nN8MSl*-2v>*}q}{Jwf}ldXx1 z;E)3QFswkS)f8F7!dNYaQCJwquqYfXU>2RIcZ5W!&n7}$JW8|)4D%J#MiztI*x(6c zp#0bq!}i#Ez``)(!=h?jUm)gn@ndaYVd0q6|MU9z*Kbl7x!a6UF5 zh~$dyYMF^QSO)0{@H z78FtaRH>nhm1cE7(BQO`N7VdjMNczLJs|6b(Y8!B&}oqvhJ)eb(QpBYl9)DlxjR73#t&Oy{M7vcb%F(An1nj{d$U0ZK6o~^JGJ)FeRNU z#}ToNkd10nXt9iLatWl(dH$>64+uihMv7q?e!1Gz+q_l{NUD)jb(YnPbki^bj%^xH z2WA1I0XD%Ru`w2lqF9Lb8NqnDvi{G2;J5PrTYnA+ezT4L2ECd;G$6>j*+{8X4MJYI zQ4I2&(=sz?w@3@T-Y^KhNH$_gZ{1dE4i%SEc*x0+Zj~&PwLlJYEZvAi+mQ%ihdX?B z$To2<-ig#b>2|O5JwJxf#VUa$A6LUk+ewfOr%L*DtgR;^9Gx+OvY77H=;4qfjaDwH zXCiRCmWUuy(?DTPZ)WN~y&6gT5e6xB${y5<_fdk7;u4++1q0=fmI}kDSw>a38_kqc zu#;-Q{sBR~&r2%b;R9ueM)OjrF2Ig0IYqdO*}Mkh%`)87lBm)MHsD4+>V+$1X-Emh z)>6`YFzy$J1SNm58-hJ?FPui;R3646h$EqLRf1Sva&qPNztPa3hu_uOf6~x^;D(1) zLd$*~qVyE4!~;&liAVEs+>mv>O|`q-WC4s14^mwfg{^AEOgr@ko>of(g5iV@&s7v{ z%`9g^WyI;aRVG-rbJjD;*Mf#ZbC#+X#f!Xl2;rBFBG?I$@VVFZu? z!MKrY^i7_XWrJ-O%9x!wYQl%7e8zxqR zpjc3dsj;-ya-<+E1y$IucY#tSDk-=Vg4;#FRS87*j=dfb9F*xsSe|1xSm=A+(@Kh9 z)ewahYiR~8QPO~5KVzglgdkTrl&x|_Z(c9QeLa~@cUn|C>}Vxl&k^DYpW}@uf}Rc+ z$|wOP)kUhlLb2}&Dqf4TYysg)QpPUNLTCZJg=~M!vX(-VsWs;cBcCw)k9ui;$O|o)F3d(~X=55l- zhNAgYfRFn*$DuQPtkvfWg$Nslnm&i(6tATC2^J`WrwIvK7>*d zig`nXl&E_Zzg=~E3R2gBNZOD4agWbQ(`-Y`U^O?SrARgEWNp4hDg6P#c!pPdf^1r) z!H-mIt1!wNeYhJTVr4iM)(C&z$ah4fCsBD`Rg=v?sEI@S`(#j+e?FtI>~hU}HmB)Dx&e zQphhBdrU)XSq;)QNp1&=0@x)`zPAd-vdgilM_ zR)j-gcZcev6ZI||uk-_D&dI039Mw{bl!Yp2$@bOK9emKke!J%hsD3=6B{e*$rl~xN zW#Mv4AW+keCbQEjDi7<$dbeN9rrNU9P5UF|jtciDhMzrkisgpTwmPAjYRe-91 zdyq62N(=~Q!T|!(qy%je0mDq=fiR`?&<>3oakh|kXgyFugxe$b)(Y@ z0X!AMWJyy5tJ`k73Bjoi2)0WaOLPJ{9r38KBI=K4Kzr3rowl7y2@m`1f*++VUWp+U zxY%}gRbWgsLv5-Oa*CverMy|JhXwpJQ=x`@*sq#)uf^282_QF%5SYruXe?#8 z6(mw~`%pQDr^39UrI1DhPnjXJ8p$>rg#fGv90sKuJ+50Uv#p_SV{_$Lr&Y9oi%bhP z$&wmQd3QEK!h)G2Y4cP>9OK)Rque$wD%Vl`5K8&kLlll4ij!8FCMo z9%ST^N+TV_%!HK7BL2P|<;sa#AuknVQYu><>$Novr*n+I2sH3YucahwfcN`Rsb?5w zpDVcGtP|;#iySw=(D4dvxurAZ2G`4QR-jKSX-lz9ltx*oZPjrS%A{GIwaSi%VQHNw z{g5vk%Vs07TqG;!J9)2{LoyD+2A}~!yC;=J!;Z+_Ow`RWIYhC&f)c3e**W@xs1t5tvgkAJ0$$?{LV)Kqqbi-3G2mU5LqWxv)=x ztb9D*XY)Y&#z`w*kOMIA4+axWu2V>cJZQ(GD|to86$16T7K6NAh49LPFqDTR+G*wy z-S(H<%^p(hM=MOORnU2cM-4q238e{JEM=9l(F#;$)+wMwC}=@WPgPV8?i1U-pi29I^=3u2#vW@K%IlXhLkTRHhgbt6H_^%@}RO7nAcD6G^IQ z$k%L0J|%1Ra!L-bm2I?()LA!#S|VKyQ9v#YCWQ_a+laeE`ch)NBQ?UgWC}04p@^l( z8e``mHkdN}1+^eJp`sj2_ShDgz!LpXrw>=OnC2H)A=P49fu7#(3~qEZ(xq za#U37YPArgl9HT{;$*Opt;Mp871DHH7;u!)(V==B%N8Ozh$H=WDCy0V9jI7kta#NN zYOq4C;*rg=TCInnAf^|kMln~_LS!iD@g$^ZB4q^h3=E9TVij%IfUlN?DN?O?u{K1u z*ho#z)ES}@&pLT~I4QkmI#bP;NhIa-`QR|-@kwqt8PX^Z?GMYrI74KhO0Hh!EtQe` zJwP2Zv%DGeCv~@nPWp=NpcEmxp^~8tH+rLmmb@V?02S4MR8&$zvt9PUU{_K6ikpGm z5EH0(a4{Ch;D+TZ8B_rWTZ7$#8>Zf2V;(#JQLC>h{j zUJ-~kp7NU^Un<@x2D)K~taZ&mj6p~+tAcE3JeDA^V9l!Gp?0BH?fT&?p3e^Ll$=3& z;!d;HXBvt@!>wAeOj8a?+rk zKp!R`2cd@A7X=}C5^SpFOqq!56}VJQ1Er6&LwvJD(hXTm<-JH)tvcDJL)R*`tN|gK zV5yZx38Ar0py$V;e4>!B`P6VviI9Y(Kz4`b+KEKmEvaQy;adhCY|3&y->tbZf0Xwr zO+-`CF6#3VMBd*Gl=*f>t`t1B9m$jf8sGPLi9R*J(5e>m$plJpHA+$XDpSWY9M5A- zEXwgj)5Kx~T~EgIfg0xxa2zM)rAo3I$QzBm5OLc<$1P?{N~Y*!(n@|nu&=~o3SaWI zwQ#$f^mSy9k>-$aGG(agY^olIg%oTkAtqH4YQVhIQx%BsWZErW(Gj=pQ+dOKD&1hc zS~iD{AjYJ$qUm!28228v}LYIS1y zz5x4+=_0Iz<50`r$%bJ8j{7CM3_%c9DL2^x!2m*ZGEKb)RPBal#B8Z(`>|lWS{nXg%vz3xO=!@%gQ&Tc}1G8Ly;A z8hkE5B2=wn8AHuMEhT$I*d0zPGD8$XF(4Xk3Mr!+=eX@EOlt99px;mRD3vafom9v| zCCiZPM3XI+ByX>Sa`~d50n?@K9_}fc9QO4DEGcPTOSOEVY8_5{%Vq+y8dky%<=Q=# zO7*H`GAK9+DBkqPk_IK9h7-vraxqWO-Lw!Z|Cb?UXul|vDmRtwT2o< zNyB_Klu08x?KX>9IN4~U{+#KN=rM&EOQtOtTCFf=hYGVZrZ5jMUwVc-ZZUU{yIkExv-wxYxVASvFG&v{8mxV@HWGK3wQaG|f#;KviE|KmGU(0%`5b0DJqSNj63 zZ~u@)CY5@oS%IWJ3YM%s8zrWI-QiUXn>1`)TqU0Eta&#l*zSvq!B^NOeRnHidiAW zXA^P3lkEV@Jr(Hds}U@mN-}L&x1oG?I4Ny1<&&dct^{*IcVETq zELCf^&7KmeR8@ZwQsuCWl9*xW?SdZkr_yPd@-!sWwvxb4mMubUFf6#wc7pMtiy#+M zQanijCo@+^@IbPg16pNFOrVHIk7-#H>v{uTRtiEON`gyBKkKUng7rM_=L{sJ2iy`I zjzVoxQ?a-;z_8_Wip6FpQ_vtt(LE5T)Gf54O{+_ZMYcS);m~TyqnBk9Yu186DW9s< zYZW!!8i+EV*6P=tMzG_qlkEXPDQHP(6^Egs>}x2=W|L+*0XVGFkjjLRgpg{t%Sf}= z&WPT2rJ5^X6~aRK8lKH*MS{!dcrmLr{mp3EPYms4F~&E+jtf;Qp-j_lcsqEeSk!&> zaFzpRFv~biJSxXvzDKH=UMe2;I58oLB|J`6R>54^I=7z$dNeWV?3AI8g z*yk^4Fh*4H4unT@tRn&IFr>+lD*EHqaC5cSnkG=7NpwD%|=N{Wz(^$hWpaFVm3|##ITT6$f{}~*dG%@Nhy=`7g#~} zv{_aOaLG`~jSO`gfwMh!yVMKN4IF8g7F+Mt`fSR$J+)_meBx|E&DCW zpLhE-Uroz9@t~9f_FlUlsImbe$rT1YWQA(4%XI5?S&^}7oXN&$yq*@aZQN8-Kq*T` zdkLBK0z;@@%;m{Yri4YS-FVv{N@e@rU^Riah)BuSIS)Ftm-TYGK&E2#dM#CoN90b9 zF0}}?9?!xZz)3AQfb^=-KoQD?NZ?|QxRs*K5GO z8ebw~YXtyh1Tmv1R)iD^LJJ0y>jX+%pp%S{`6TBpH8Z_fwN2H#2}Laxt*(jmN_Z>p z_~Gj`Nh@0bU780=~agnNJLD zy*ivskbc4{fRIxz7{aS5Kah+dFcBylO`y&-gLFID2;|rt2t9}ePY@`LlI~=>sz2R{ zw+lvxhrDGn)CyQbRV0inasz2a`oUVLs)L9Gir0ERNwOKQeT4OXYYHuSvV zB>J`ve4T1L-cT}`M7b!iitX-$_(f>ws$w-l@;37+IoQr+BL&p1Lpih93=(cTStF`3 zE?I8~$-Y-)JZN35Q-xr>7U2W#WYy0UTATTIVw`14TBiy)F28?I$=oS>U* z*_^~taVnVV=PfTI+eEj>*kPLJq5VP$_dBtoN5}(%53U5TXq+wzWm>Q+QMzu_#l9jE zPCv&|BLz&a4DvEGn3)9&~UJv`)8ZW}n@SZ5DOPMUNkJ?PtpLug*IHHvI81rR zk_<~0%>Z8`f#O#xLkTTaa1f|ODvsY)sWgPclq%MhK5ko$ps5W~ERU+)Tb+DuG=uQK;v`VGx7BI+735f?20TaCzNC#ZX?NwNN&dqZ&+Fic~zL zL3ER3(};Gw2@rN347p&HJ80g@1+iM4GsXm|V|syYlYx7f&yev>P|t^Gpvg8$o-nN= zQQBwc+CkZ;%8e%7V;mkYMYAP6RcGo0g1D#0h4Qr=Q;tN!K~G++!a2mwCQ~gCWDzTs zl<7&6aRhLj9OB%`sMu^Vq_0t`CRh{iW4&6$jHOHdOre_?>e!^-$u#`YxB#(mUbMZj zDA_88b&pvrh^p;m>}Z;dxp^f{;Z=q-8fmjv<|{_X1`Zo4WVJY;{l}?lq06wtEr9Z> zNyv^8akT*TBki=wWne6+cYy0&$pPWuRODXCXG7drdQ2!LBAF1`7uhHjgfjg+3-Wjm z%3;-seT(rn_`((FROa+u4L074?8xNR6Cx#%CcGH6}Qli2{W18OS3mH#^Z|Cuf zn@p7RT%)8*ChYHlWuf_%veamL+zO@H8IJB(Ji&a0_ZPWLCcqIxRYal_p}036wVPEr zNc5bpf>Rv9`9qQ#Oo$b<3OpaG<~KYJaCIBLx@C&#H0E(fo7rf9Mde6DOasSCKN8Fj z12jbp3Lz5ft|)k(ZzdbSO(?+N*g`N^IHnRH z7L!k<5_O8Kr_gj3%rNUQh?PewD}?o`9-KyibzDU7q@vb_R)8vak*E&h%3#Um$J_~E z$yNJIF`xv!7Fu>IUfje9@8I}B%?sxWcCX5G8j|Bff)xj*gKiK`L5xxdSQmpH8s1p9 z?X&&BmeAEk0R)d^5JP|vlngUYf}snAsGVt|vb#e|PS@gsMJ{B=RS+%*`8?$iEM4|-JucqB~9rwwtU?f{ZN+mIZ1=F3b zT*ENJ58{$awcA(2RzF(ExG6T=GNU0lXJy+K$`S*DX3lIz6do!H3S$dst?JI!rFNwm z?nu>mK(8>2-t^ce5ER$}@-;4GN(5J8)k=jYl{5nnow~SXd!kXF zYFJUP#UoD0G($$--ShjwQD29)gp7}=`iq#@NK0<9k&u)g#dNwj@W5$#6{6gFT?El7 zR?DH~;gE}cUgbnHn~6ttf_4Mtk0ezyQMEG-p5`jhn1oR3bmZF z)^tQKO)`GV)POw{uvZ5PK|}<&0Rp@lXt0fPwv_0ClMf|^V@03Hgao$EG)v&j9qlG! zq_0C?X1&pjZ}wZ^~oS z4Yx_s~?R0CDkr z%F|*z8dM2ofz!6=HraHEX{uQY%g5Y(o;71Bpd5OWnUKUmZot{g4S9Pvv0`0}N#8@umzJU9ycfNYnZBytg;X_@3a4--1uW$NktP%>S0IBm z4Oha^c9aNcxa0$C$S~@qcs$WfFm@^%CQavK7Fr}qMy{Sq$q~`45ISbmv_wrTg$Q>VXP}0M&uVO= zkE47xURK9W=d|R^P`7E=eHp`g8sX?!y`iQQmcSYbqtF8fBvjzqPDT>pN)YT=b+Mc$ zLVeDgXa`EH7qwdv+p2a|O-HiDuD_S<4SipQv>OfAh=PZ7Vi6;fK~0esVkj7N$kyXZ z7_5doo=Vh!&YsJ)=xCz{PKA~Oxdsu(GU=+?^df9p$NdpKH53lfc9;gi%&=3kg&bs( zrEng1gGDAd>9LqaE^AU|jk0AJIGhm@G9#sOC0^nDL3gm97gaJ4HZmYy1Gf|6kPk`9 z!2`J4o66Btj;&d3FJG-H1lg~Wc%+ie_-jyGPdD{Uh-R{G(IZi2qgi#FMkXeI3TK3=@I_qz=l0BY;Eg3k84VlKt|U zvK-vi{5l-45OBvtDN3jtkW*kS>Nla11NW;EZc9FJ!VT0bH9HcdvV#MK;5_qilk!Pf z$?=pSE&~)WI3hI_*yxvmMHO2|4NG-_71Q85;LMVf>7Xfyl^_!gA_Qg=&gSwUc;g2} z2Et*zau^_|4ap4$tE?Vt$6wCC*#;^H$65qRX?kt{v32C&#(*Gb78@(uE;@?e5Rd|! z7i(4lV}Pe7UbNd(3xlfNBwZQwfz){&u7l!`%thipF5#)G9x<1S@li<_>W5g44-p=! zY_=k;S{fp&xz(pbi!3<5k&$8%u@i4H9nK=_c04PUT5ud#S!xCN9?D~f<`6dD19;yrK+A;c(X8OCy?0)kd!$LPMdBK94121EY77B^h6L4zZL(N?Y*&a6H;wdM@f zfZ(_C{!CysV(M&sTd$gXI0tdt( zzL0OCCfb3UieFO^!(FBmie_`bfe>UV&!C5LEp5g!HaMyvH{v1*j?HkU$3zm%Zm3m_ z5R0zX3EKy zSWgWIhAKX&-sKQc$mJtik2iwAvCyRq8!D!Oe+tA@rE~{Q8xl$u;8q9enE7nSEd*dw zDs^a}%hm&+uWdUGlbr#laD^WqymnVUA2QJWvm@{D60HFwAwzavs-~OJX z%Y!4YV1Wz>!Xb6xx;q}j3mo6R;;|n*ytwks3oXOkZ{BkmP@2ENi!u9wOJDQzW=m-E zqPhAGP#)ZaYsj3*n$8>~IB)D4(Kkx1>&SirKY#TFltCY1MHg%P!RvCrS=5%n*88pQ zj*a1)y&c|{S#v7~+>@K%U^Q^ttv4!&65DRra~B=S%A*MHVOgI~7!9&wXw(<-_(wU8 zWkpyC&IAv_@HANsPJ?UvL!lNS;xTPw?`-AQ$wZYe}zH{a;AuOc`9`WE&gk zJu32UE)?{Svfcprk$k>U&K(Gjihh9$a3M70M}#%K-vF6^X^IpzK_0t98ELSVwP^L+ zuc7d*xBpT*Dw=Xf6yj#9`2#O@?Kik9IA2}|Ub_vDlR_R|6eYlBA&wjM`Mkm?$_0F* zAw=-99z^nidD;*Dm%8gZGg!eC5cSr7cWQ>6+yI#kwFZuDZg6&nM85TQ9f38|x8C%uClAIh$N}C?$`&~K z>#X-;48t)&L5apUbJx81cdzdau5-?3`7!=lWU+u##!v=VJlEu{>+(<>4QFwzz&Wk>GrHV7|}0=2qvB)S%RN6R}#7-DOP?s{t|d z1Fm-tiGH)zcT?x32esS;Di5{FbXA_9nl=sTH(Zhi#`5Jb>iFHyx!!kt-D^{_=JuDwpznmyI6m~ z%K!htgnr*%@$D^PSa!WnrwpXPFc*B71$-0+Ui(#;e-RLCdG>!Yu>sEhpCmt|HQva- zh3Pn4<8b|32>e@x$GK}9u73-Gf2;5~cm0pSwb8oo$^k#r!ns}W)woq}%qZiL$RT+$ z7soR(@R2%~Yeq67Ypn^JyIf7pHpxVIPPtN@Gxbr|1lM%e6c^%hvAm@dRJ=I$c{@B7 znPY)MW9fCzr_X>d-ht=I(PVzkoOSs>C^eJUO&feNFAqw41#nmdq>l#aM%UKI@;?IU zEje{8Jz>&V+5{a0>DgoH+Aux#t-US5MfS1$1IE%qQxiaXtk1g86voo`g7hysZ4sm= zW+-m>U9Ovc?sCn3VO`#Czj3)XJKE*C@v-&Bv-KFitoM;XS>)%90lN12FAJveJXQG zfXig92Bv$pH+YV$eb)^Cht<~W!&q|2*B~+L(yv`x9x~6h`D0tUCN6)(HEGtyu89X- z0N#wOowv;Nl51?`F+0CC|??+3r%_?d7L_;Z3K*XE36gZl$>__o;@OM^8r_A}YF zk!v&8mac7GJGpjs?d2MEd0au)0@neqm@DPVxr(le>qjo$Rd+RArmO2Z-1QUJF|OlX zzjmGOI>&XP>r&TZ*VV3TT{pRIcirv!lj~vEUtCYSUUa?YTIPDs^^xmS*UFKRk*On_ zjLaI@c4X&~-AAAi&j>oQXe2h086ih1BZrREMzoRk$l)VD8##XDl#z2rE*e=p@`sUI zM(!SYaOClk=SN;2d1vJBBVSCIIAO+wEhp?aVUG#$1aty6Aw8iu;ou3i3C4u}grg^% zIN_`b7f<-@gc~Q^J>lUAPfvJl!g~`|Omt1$c;eO*cbPak5uF&Bn44IgC`~jc9y#&2 ziDyi_c;eL)Z=HDm#3v`dHu3$5pHG@HY1X7UlSU^kn3SAEPvR#Tla8Ep!lZL1T{-E- zN%u~Aa?cXkHsq9pH>M>K#p8DIV zOQ$|Db=lN^PTP3e&eJ^8;?t_rv}r$`cE+@;rrkO1iD_?5TRDC6>AO##KRq{HnC?tJ zY5JwpZ=L?w^kvgmZZvbFJvUmoQE?+>qn~Va)<#!vbl*lVZS;?gH{N*e#-WW18_OI2 zc;mA+{{6-eZ2bDhpU>E0#y&G5GY*>3o^j%gD`wm^4^%vXhxDB?AxXmxOxq6!?w)t%K_OlO|EzUk} z_BFGgp8dtPbGD6bt8RPpwl{72@^+K9+h@DNcHQkR*zUgV-rs)9?H6p%Z-3nO*KYs9 z4ik3RX9seJ!*;l2hevi;vExoVCU(?!JbTAK?)d&rTkmwhPRdTF?R4i(@9aEl=S4fq zJD;}m(w*O(v(+4IPGinlbMBq<(JnjelH8@e%SF39y35MBd(Nfj{&em&b6?(dqg~Nm zrCm?k^`2cn+HL3Eh}{m~ZOLvg>^^;Wbocu1XYPLg?w{?k=N`-+$L?{{9&hhCdry4N z{+>(rd}*&u_S%0hW3P+%dTQ?}d!u`+d!N7eU-p@>kAI)~KIiW97&HM2Kr(bb^!UD$ z_YLi+U<8Y+?TpvM797| zLVt?fiu~QPkB9f1>v_t%i8t;&%6qf-V;|%beHZwi^Uv}V{$u_3_`eDS17_grz&pX+ zf`mkbkT1Xy|(`@`?LFBy#E^q?0SH3z~u+Lh3$R_>MS_FUCJg z1ye_)?oH1~Q|WWkZ)En#n3-FN2}FuGm3S$;dsfTdlyl|q+^M;j^Lv61?c7$FQpgw1 zE&Po{$ivC|saez^)K%1{#c=VY;*0cNbeq1Xv{~t((&Ex*Oq4l=d94hWk0?J}*{&j2 zZmv$Pma3OmR~#5S@bm+h9ppdgn1h}Q zz{`wKv5f>dfawK=;JxA?&)X_&R`*GsOSN>$9pQu0i^H1GBJ>{pL{EYe8tw-;8 z^pB5z^XG}5FF9t@W6WcoJ$Avd7ye?>FXUf5`b+OG&;I4t#|g(hbiDicGmiiA1pb7F zeuez%tY577VlEsl=%_o;K&S<4*hJ^g~X6 z@C@G>7oNG%ne8)QJ1cY6&1dg+_OH+W@|^lPPoEn;_nPx|IPaI|eRjTZ{u37*aKY6V z?s(zx7k=>@`8Us9l(^`|i}$$rj7z3m(z)bsmzFNQ|1$Kl#g}h)`SF*3b%l1tYgdw2 z-n%%sc=1&`Ty@ft2}{~b-udl8zx~VaqQATO>d~t&x@PNZj{m*u_wC=m`-emS@XWR8 zYwx)Zz3%GkcfbC;8)n^b+>IkQIyZiFQ~jpbZm!(?_${eh?zwfrtvB2@@3t#$-{tmm z@7U^&lkVK;&ZF;KwY0x<#a;Sc@84a!`^|d}x#z_{mjC$Fy@h)py)S*=1AmJD>5ung z_b+{5;RClnIRC+09zq|w>EXb`H$LKjXe+m8N*2njI{LUx# zf8y>Zqfh?nDg3F2pUyu0_%rk~&pmt4v#&iTJoonVjpsjpq4UDZ7k~WHXD&bQgS|eu{=)-4eB`6@N6S7oKVJ3s6aKO7Kd$)1_sKmg z@+)5XwE5}E&yM@&w*S2HbM*83zhJ(2Yi0M#sb8M;)!tv-`gQv2msT}bty=YgYtzBk zab3b)Ko=NU^`h%&U|#&-XTrK?;@W3*ZSdV~@D}`A`{IWtR^8>AIc@q^n_V|?WTtDv z%#n#RM^@cCGJovz+!H5{89!^DjiyYSK5^3IsT+f~z{^P!*MB)}WWuDW6Q@j{ywT?1 zBjA%qCQO{P{p^irOrAEfm22W8kTYfKw3*Yln6=R^$d)KpU{9Xw33K;sb;H)BGoIOo z>7IGhv$M;+ZA04`Ke^}+cR&6*Y5w%$H>~TQqT5dgIyatmbLEt4pV&2W>gmB>T=|@r z;-B2DXrFfM{mJ>)`LB2Y|LA9z{L#1j9>>Hklm4`4;;p(M{ye@{_2}r^^4TBPZkY-C zI)=*Bt)_$SOdpv(_UFt=led^Mbr)nB=*p~9>1~Xkoc#D)(1vy0lUoAPPqnuW1ZV%@ zZVyRazg21aMPYMSukYx4{V{Y~?vmY3zu}{wUL5)3rI$VZ`WyVuqPv6U-V~PYA>GsY znCY&1!8K#z2mo^8OxOOd3-4Nk-uQpV5g12c9D#8J#t|4tU>t#Q1jZ2t#Q1jZ2FVf$xx>kF4#yg82`t#He7oYId1@tQq zZhO)EckbCDj2zAH`0JAne&x@9dqC@aD0R=IE?)7-iKTOttIsVE%pUt(ea@~DboFtP zaTW5XEB|``k_X=3{&%;Xz5Ih`|Ni1_mp`kV@PTsG;)|DDS1imTwqh1gg#YOsPJ47V zwcpLXC0l<=*(+b$ANl7Y*B-I?uQvJgcdx&C^9@(OdB#6q>>Y9DO{-ilpR<4akuUS> zmpb-^n~pv5jc0B<@xV80&mVTwSI=Ma*+Gxpx0x8s-8u0eJO6y;o{vvEVo9(2!Kixk zvO5FgRK{@`=a=zy^u3ayV7<_PYT3^h$GegDwm!N01bO{=Pn`3Vc-!p4Sy$eAx_#lk zFG%@Io_+7y#k-yIXpZS1*5w3+%Z=r+*gz)H8=4@cIR}{qeBp58Q6qOP9Uy5Bphq$BUPo9*x~{ z`JU>H)fq}hh4IHF#xW17zyCiX`NxU=w-Fdk9CYwLxBTn_|Mq{s_Qy(g!4Z_Y z=o0lG$B!<)8~)wsu1{axzwepZKK}A06nW;tcOthgd3KY@cie!nbp3{<+cma6xYnM2 z_M_*X`2JaUo_gFF$>y58nGL=9n*}^n%OE55IcL*-PoIVlUr5ckfHo+0R{d_We8Ex$n;p+p2fi zgR^%3`q5`UUX;A%+RooTdzf0~D!iZk>eEYK`TDbWmcIAZX`k-%(PyXZk^buZYu-5g zh*NJ0-dVlyi<7uTPo4YfD_;e_I_laB?)%YBe~&(R)O9y}nLBA6iNp)19=7t;%U8Ls z`ILHY$sb=yo(+H6S^CS5Kh3`M%IC^a?=JksO0sp-VV}IZ;_HXj@5Z7BUp)8K(cD*w zKkTd!AAWe`xnD1RKF3|NnKM^d`uq!D?|J|83#`MIEneli^3z?H<9B@Z;gd%_yK?XM z>DNEpEpz6|1&7@G&y{;>t;28Ff5lGs91-gK_>>*crI`H$Z|^&)fSX^Sh&9v9tr^aD?CL+^gtIWzX& z_a$TTJ>Y*Jle=!o(S&&4ofEaUHoIxj9dADAJ^RJaud=rO-TN;uKX5kVowbO2*?R)} z;6u;v0KIwQN39P&ef+jBPNep%jnc=TzWl)D=awIziR`4@ddc+r&pi311Ftx0>OT&7 z`P^OKgHHS4h?%Qg*R6Q0^w1aEe{kUw*Q|`hR_yTD#n(Q(*nRTY{q*tY|3U;dEgq#R{wn_EZ-2AhsVBZ#eBrSxU-h(J>Is21RrM<@%yZ`vRn;C!ezlgwyGXITt=tp)ou6*_M($~T8<0-EYPuy4h(!Bo2+w{Z-r|wTbd&J5!KOtY;afc(X8$ImNRj!MU#XdOy z%bovxRHt#$Z?C2fu@hfE_Uys~p|@MNy_H(Je3NaSvKAfp@Vra!iH3#A}>aKXJdk@X4h=`}~>@{(SO^(;rel z_{A#M^IyERL_A`X&klcw`RbyJzc{h>ctw2btmGNr*~<8f|5XGgU-{ngmoe@m{&dNa zrTixN{jIB-wWpd#8sZJ;?kg_4w12~6f?tV|6=*wJKvi5iaGeR4-R=eeYkCW z@yHDyF8KPG9jD&f{pcwFSI=L&=-OL|BOc#*<^Bh)Xk2sAogbdR&nnmTzC#L+d;#ry z>#5VXxa+%{8GrM?iNFmz8unFx+wA72S`R%mvKU>yg81zhzq;npeQ&&C(w)~|e^Tj| z_qHi7e;NPswPi=$`vQEJb@KfeAM(WLA+MCaYVR_?c+{ctkG{O+y~b;^E}On?ibu2; ze*V;>^PfEZ&R?aL>o=rcyXw;0o43tB-9wes)UMA-2ji!mv{m}jxxZy6pTFeBiu3zy zta$XS6K{S4-ZI!a=GJ!T{2yI)^}9jtux#~}9k2cC{UzhC7r&I-o!RHFCzdaVmOS$4 zJ+FVZN%#0)oOATDPtK8Vy5fbimOp>o$ICl!^iMu^w7bXtQ(oThy2px-=gv7{&t*rv zcI(j(e6Yhsk!v12q51jWE+~DnWDl=@@!hjO`ptQdesKCl{$|2_Fz~>mFLdPif?X$F zcETKN`SN!*yZ7K_x6s?}aIf6A-~9RQH=TXWrk6kc`PTvE{l^3Ey!-w=^$)Ib^^Usj z#&@n+z_k~K-G93Mv2!lj>FPiK;_G>Pzt3#5&%4dk)Yc_E;9C8=r9&g2IKUnq`tma$%PrWC72UhQ$M#v+b0krlhF9+dkG*Q6>5HxlxlUXCxw%tsKq`+TN3UOX%_9xewe< zmD%@-lHwOp3W`wyS?1N~LbWk+Wp|{#QzsjZ46Z|}o)I^aU-f5(C|sFX&9M-;IMh)a z%hTO<8)J~(LowQuL@LvZI2%EUlKW+eYbmRpXVVgU6j*osw-OwsPNVbi88>Mdeo!qd z3o6kKQI@j;OnepKlb4^Gm*OXA;n{#Tr&N4iR#0<6p68UpG0FvrrG7^iy+cN>np z8T-CC->$C)ka76p8DiiY(f1K3mH{R%gwVrta_|;NyL!QRQhZ4SY|g@-TQin0*3i~K z^(HVt*t$TfG6Mkv*x%j;Nt7;Xu{?O(tD=`NrLJSHq zv%vl=JpR|bW6ubd$Wv#s&)bJj?FDca<5>wEMa175F}?yxqg@81r;QOgltzr`IH5#e zpl`I(;vaM6X<3t%qg`vCZPnX(&q%ozJ`}0;gf0{I zP1mU&ILuhrzBfwASn0DQ#IyN|raeNs?_$`1q>%s<*)^u^Sa^1D${`M&MW!r1UWeF#h+ zVH7nZ)!Nf&*n`5nw}U0>V^Up^WV#3!lp%xil}9)u4kLby&asS!7pY{r*kmJAU_?E& zELxw012LsfqB#gDVFh^jvM}bqj=vBp3JBCKC|FEMFX?bmsC9*Q`PKn7DCO-yG2u@f zRh4mOKXk06Ljn@`OK(w~8<6Mz)HY_)IHF;z1Sg@C!&0m1R)?tMx%r%>5_OX<)K=EV zUh<^!#03?rF%~d;i=LjI82~_m1vbkBbnBIN=e?Prua48G0!WVl-eX~5fdv2gFYyOD zPjer|>k9rVj|yS;p69BRT%VvUTB<^<4Zltf#Sh?jQ-kRoKU}AlK~JIEk2XGic}Myh zUpT0b4lcTKi&1yWq*m=MU8rxY11>>3dypgP0(^{5WmshPL)RU(!LXIH;bA-v5Li}e zsL%J~fQ;^nV`y`H)>FA=UA&LjT1Y}lH0zGZSt-11*3B>gBtboRoo1_qzHWuycYK+v zFxkb1Td|v)=r;CXbFK#&+z#JgpM+W6_bjqWQ2IR_T3%k8#p{`a<(c}(T@8#~lMR>l zV6>jpbQ>S5c0i}b#tW%?o34>7GnP?si_agF;&j_h3?&Wk6)jFe9j}j#H@UdbS9kWq zs^-FchTH3u2n8bh4jm)=@;=w8|E<&xOp%u?q;21F`JzQJhY0mL2EVc%o|c>sMUuqhaICoqNZ#vuQ& zCN*7cY1^~aI-F@1$HFR^#T6vGVIN<5qfF@mq^-+ukzC4OYb^=q|ESC3=@lWEPeP~* z-lA+oaGFC_wtO5zeL_^JtqG5fB}aG6G^D>c-~ zvb)+>LMkmUWhe34N=^gGx!v2a`^#9&^X;Mq7GS#RwzSL z1=~>oOIaX;jgaO`vRKf%pmsX8VdQYb)z;rH^#o+>TuYzjwX!>MM3%k`#}Ju~XMwqS zr$&n5B3j$UAqSd895hw^-Lk*8!W{r?AD`9z^PuSu!qr49WK9FT(B^cnPJ5DTX@p&I zRilTEV02S(t77`cqH1`Rda@u-$rWN*c2GFK%*g3%Tt3ix5kv{l#q zMNWTvx$YB&RhUDac!Kwb1c#cJZkpyf+-T*c|>E`3E4T-fN) zmawi4DUm)cEwCJ?D3j1iIMK=oBC1a>vq*vS*t8059)ItNm+PgVv2?yA4Br<-RHqBU z;J#|Gm()%Lga=&E7RyC^4?&;kfn%o-bg=?kR|PvwA`z zii$U|Cdd)L9Kwy=3fma*Vw*!Rfo@&?u5*IE_~p<5Pp}aCTz26uqt)xo`Yq>b>s#;b zGQ+RS^t^{l)6t{XsVfArK)h?C9V)JY!7w7xsP#9IMKA2c0LCWzgI~Ir! zrh^L7Lj!jSc^gfTeg9>Lo*IVX@dXa_>YSHA-!LY)c$DEnA0j%@q->)Q@Z4XH4N+!d zhKPY}H``C=*{IAwH!Ieutg4N5u* zm?aj-E8c61LFZ(?99q0xR4ACjEv05Gr4X3;E>ZG$L9s8bzoAHIN#NKC=DtwqKIj) zx)4r%6WHKhW-s7`J9m2b1i3LMP(kEvg z7|a?+5=8|RWd?ZI%b|${{Z<$CK9l{OGK~G^m>xF!T(R4{Tdp@vdBl;y1|IKziWqw_ zL2##*RO3QyN75X?HfAjA(CDP;JL&JkhXzU}scX4qWB5ix^}-;ow*Vnz5=4A9+#@C3 zmNF#(Lj;m0oS#U9BH_u-2|*xznD)5QP(&$jW<-bbp>&P(QV)=RkE1r&o984A1Id^K zQrGPMdZ^B6O`MKB=1E{UY3gPf|H6D5NHmt+XprasO*fPPsHK}-N z=XTgg@oQ0`adjb^o1g2kA51dcsdOt=#Oa65gJ!LKUtfFLJ0<$t-__AU{^jqI_&1*a z75SGHGl3Rsrh$ENtJ^Gl&UDMIlz5sb9){`7K`60Z;K5&=N zyl&9Z%jSX2AmGOaNf&go^YxaWPo2qnpWV_Zn7aFJI7H|**<=ug(zbLXkg_eA1L(Rt zf^nt9G@K?qji^h)tP3)1D4Ka*l=y6%ChvE-e;Q zr1<4b+B!D_GEUy?t@xb2vG;I-+ft;VXJY=W%G}c$-7^B12uF;Oy@*PQUkSw)E2dWv zg@}n;ZECQXI&~p9yGXzw>cQ=I3md`abb)#Dr=6(p9$?DH>2b=a0xB^fedg)v%F~>M z2hsgBSw-pB4YF|Jym6^Z;jBC`Pa(wcB{ON;?r3ohC_mI-`_y9jG7(#q!?-}7f3tu= ze3q`Sg<(=QgXq93k^Hxx>~0K3!53@m_iEmET{%*Z5LiaeBJ5i~ugJPH`mx7~Z{~a3 zvO?5--5(qwZ!v^-t*FJRI=|0I0ljUnYKt_CXnZ=t(s`D6eZcMY96TxODJk^#Jk8C3 zpFAF9^@9_5l<72OP(BC2!>tgyJqz%@la^8X171<`2D3t#Jd7n%mVMN;xz}X9J<6+V zZK@g-6WX|+Gr+L~oK1}cCruJ4O1LG8YA}~;@6dxZRL)np@T-shA1dl4bq(xBeIM%@ zn%=M0-}Ns8h=I+4%^`Os`U4z8FPv)5c{|!I5p()si{RerMP>6A#Zw<0Kn{Ez4A`Yu>B-wMgU2?~tl{o;yz?jt(Zh`p3dz9I)|I zMM+V|_h1pHgHo&JhtkJxJ0;~+y69$IheB$4=-HupHrSR25T8>eB9Bk^raU6qq`iRS z(Lrw9$LHF5ufOSoSi8h2mPJ-f_JlJte20*jMwljGZn`)x0nle2Xzc+QALD#C#*2aB zW@oW7{);Z`mBvHAtPPdvBdvZDc-B2rA8bDJoF!UizzibIlwX9KfbiR@5NGoF2=u+& zCey}Zr?xcyc;Rz9Q%svMnMlP2af0U&-o<-k2{}TdCOH^b7)(S3(aldx@n9JCCts$_ zxw7u-uq#@8zbLH?q# zqoy?_LIkQ-^w)WneBboSecW%wE}FlU^iLdF1KJE_W*j-g&}#7G!ybM5-tbbwR%VD> zQ-IBgI@MrxnhTYolPg`qT_JqXl@w1t2Gp$dERFWaGMNTkt` z=#M=!ENB5SI6b7cdu8pGb>obn{FCN$S7qz|@-+I>1@bgR9Aaj{-;5=T4bQi2@IG_e zqw5|fSBK7*YldND80*1}Ro95<%eg-M*)bD7DtiN|iHeT%bN|_2*#!IsFDemHO8oE& zDo5wq73J+-tpkk8$i=sxambCiFQX>923WE|)Wig618~?KXuLp2dl%|*?GXz_BhIr6 zuOd2BT-G-jDgpZBg(`h-FgiHB($!dJ0jNrY!rkzZ95{c$%Y(_2AA5%yV%GqHrI&re z^xaI+JH89W&J}8;#i;Vq^YczT%kI+CnOhA&^hHNpxJGsOA6b&>m#1hQ&yO!n!Es7!*3Qo;qL5Ru1odRAQ_yF5Bo{h`iFW_HE;T65Q`&Iwn~*7ftM$EL1S zn9>Ic4kap19uD(S;AKH*&IHiK#ZZa)?tSUR*B`Xypf%v`r+41EPfeJlFHZ~Q1s$B) z6@e$m!HkvP=rRoHa7DeHoG5smK4xVUW~Ff!0>SKRU% z7Zdwie%o{S{Ov+hy@B3w(m&tXN9pF@Z+bBQ z_mY52F;gek^Tpn|wD)d5=&LF|r?DS9vER4l4ZX@A&dU^ynES3M*3+&ODpb8AS+1io zMsMvtSTgpzrkN$Gwi$0uYEI{yhZTMm{lw@W3zN&9GN&yJ(XUmSyJcK-XWg_R;WKYs zy$uyYl>#ZB(wK#V)(=#ys$ST{dX7ehK2vX({IPY?^Xjr@o2Hw6k*CQ(NJ{S%F2LB+ zaSQuiliHeC7S%HnRT+LPF2V0j_o?&-Fqg>Vx1L0$;EM=!y=ePH^{6~zRo@4hj{-={ z8q!rYB#qH9fC9P72i3GZ5scfZxV-jT+o;laGd8gFsJ0=qg6EHxrniwiwjt=+?2Y2X zl0?ARsg{#1FBC@@*xLbRucLA-P}^`sLA`y4E65bihsVtJg;2^1<9w0T=d$q=JcrHA z@2-%$T*0~BuHw1^Cv!Uh3jyzQNAGqmi_=PusCfQG^elgM-_yOxHgCQItyrbEPJ8N6 z=PUDJTb<{O8j3H~D9P18OIp%-etKLr8c!V>?wR{L$0Bkm072Y?aiHUTBf|dQE5DPBs`Wa@#TlB)tlvlo|+#m0>-K>%JKrEl>geP z9cA6S_PLtSzjF>7HD~9w?Rca}pz3m*92evtj%AhAO8pgff1)dF? z9atHExe(Z{6fsUIf6Wv|%FTF5TkzpgNV(P?d;9kf8umG~wY>TQ;V18+!Zq&(AaWyw z8W+U1=#?Ar0!zcp-Z_Zb$UxHXM{oTH#hq9~97NOqp(g)*Fa8D5^ux5^Ip=7e@!SLY z$$-%H?>z@isW)@{pJ~|1)~ISJx=ufl+bAo!q2g^RmH#fL%to>1#q~a5>D)JxdJP6b zI?I4c+cOd}uzoos!pp&7$dU^9y;wQeDnYrHT$aW)wUtF-n4;}D`kQ{eJ-uxd4GDTqkyQ?bYM=+H7E@En3k^Fk*TWz ztAS`47u{U=`3hXR1{iDnEcr*B6V;I#S=Xi{Hnu^nt80x7@@)v$+B>C7jRnMyLkr;} z@DV7Du!y4q>-pWLMovlCmvoh~vz!kdCppf&_kV*yD?JQ@L+58Rz-JR6Few2>$(UMD zKpDbV4eKM#nL&ip&8L$tNL>BT;o-}xrx(Q6#=jC*kFesj8BZ)q@E7xzDQx`PGBhyh_xyCm#LG?RmQbV|426%|M}GYQ zw&v%j-^2VcuhybXE~}j`$oQ}i|8htczKeECE7&=kGr82+xJ@32G9{6!6xwZ>LKHAj zq=Q&kPH(Gcu`gGiZgY~%%1x|0KJiZtvi!N^GU`+Mf zk+URLT(trFX#I)r@sjSh--I7Ue*f+-ZD%LbUVZv2W3mOSFP|xG-$$sv7eP&(Y{-Oq z=6I7G!7R^SnT?{O9q4mb@0YHWK^V8!b*@hGK!AlRw+wwRW`n>{8(W;u3v&Xb_4r=v zD0aO3!+-6+g8=ZquOj-#%KrHQV51Lgm!hksLyVZ%Wd1TFKB249X`k@ydFbMS{>J*%~;A}-407bIEAi!9T+m0+r(`{SB(@<#RdUSBnJ3g$~#`|tf|Ef!f zrVw`2FUhwsT_)G2&;;MmDby=B%`p$B$PJpRCt>e;Q+ zU1*OauC$Qn5sn6c^S^CuW41gV)s5Xft}WFYtd3is%=j>|V-Y6ExC}^gvN9Wj*+l_Pt?N zH$K#jK&4URsKhm1cP6M$`sxa_R`56R&$$GJ&PH!LoOxd1*Pk2Q^_DBztxY(g>aau! zD<3GywBe@MzHc^{s1RN~r7GejwkZyj-QAPF@*Ce_7|VcRI=nB9Z(}#e)S-?LdZJ8S z(e^{qh|5Aa)7q0>Sy*J4;Ptt7l)IpVRP-t+dX~{n$+;Pj6}?!bf03XsNeoiWibHB` zIcg!b1|7BflLmQO{bO?0Bnh&U016j~^IOsuGa$3gOHN9@{`W9AFV?Dk4t`^qLq)bUnvdA%%s-#XW#Aw-k9rs`R;s99t4+ZgWd-1OT)*|_F zKo?@`3um{SJ;@91UAZ@JJT1E-Q;{c7ejc_dNM^gs!E3DIH&JXsDiG zA}tFxoA6x8A^N253+fy9r+z%_$w&R$RrcjBnTe6@ZpgEMr)vFa&W(EXh?3m%$z|-K zuNUw>?3j`~c@*(XyW|ExMsphaj{o)~fuV`{=$cR|qb;rqi#;nsT7vBz=MeUoo>u$L zS%bGu+==|hBUnlyuO18~^H#{d!vH~Z9fg+BMy0(@CZxdav})|Mvc!KjT7TB#9`zRw zHE#ZS@)wT!NQ8Yb)eFY}YwEf!Vj%#$Q4eKA$eBpL! z<=&ZYt(0h$F2;l4WTirqpQVhe(zm}tjY3~h3JYIe)%|(lTg6z|!s9dG;ZQ#7*WMn~ zo1LfO_Pj^{4**@Nhk}Nv>aUaYOFo{N$|y23>-4U78BS1@%&i|8X91+_`&@!q1|ot; z0Pd}gx?#YtsXlU}YNjGB#4iLBNBJNur`A7oa`C%S;hdLrgW=@G(*ll;(;S^FsHFQ4 z7`~tE-Jw4wlU0F+<|?J$ z#98?ZS5B|0IZDZ90Z1uWf%h3ZRk>BD8!*po)M6*~+Av1Gt$3cz(`jsY7|b(NBeyxF zOAgZs?ZjfTMoP;3qrCCq406AIXnQJcpqkw6MHfbnQRC*SpiU3qeJ+HQbQ{Dsf;;~S z);@4P|83RW|6bTX-}(H?B%!q?iTl?ZY}@0qy6&lXTIHMJeuub#tMNmuJ|}MB)zf&S za!#Qr>;7YsJKb7H8 zZSu{xs{!l$hp{lOaZ0-=Tt8UK|~ZB7wm#lzJoh zzDCXmHR#tRV@C&F8aimw!xI4zIDCf zm6mLVBz6^yxVb%GNyCE*qi@-m@7B}TrR9rqs=ge`Ti%4m`d&#SFbm`2vt=p~Qtb)? zSB$EH@(J>p%(FlJDcmEfvGkiZjWyLz?a+7=jh`c)*J@~VN<<8mP1?ihx`f+rCR(c# zuDZAxPXJ>T>#;3<*2~EHx6}P^d5av!P3|3@Tl|7atv5BK_E#vb>26roOS?)$VXh@;wRs{YWUseV$Fv6D~gxrK1oYJ~zEx zDsYa?1QQjvuFy3ZweGV|+So`>#5ZCWSdl&i$0K`xHj38>zZ+L+Xv#IFQ$xD?o`zcN zXnWGt8|`Cg)Hi%j%spvQHQ7&l`AS{1e~d!jd;g&1GVuA4rbjOG&xn->^LRQ(+UcV_ zWJcg$lArwBpF%iv=)h$9PdWTMkN*Ob$%JI=Z|g1H=9+FzkC0mXCEqM4v@FAbcI&Pg zUJdfn?r5pAo+x_68pP5Abmf5y&um+QD$s~I zw(3&sMmI+6xUg=-!OH91K}E5-$5L|@O)(X5+w_?(J`@sP(7J^*B=!Vs$AYH>PF zi@~JL6U76aUdGb5@7eV(^T&+cNq3oY)UB37is-e!~Q1 zihFWuoP8<7ycZWlc)ds{AP_`7Jv-ix;ini;UL&kJ-WWlg`0=V2YSPQa-{t^Nyq=s+ zVO{3W{q*PicpNw-?*QG+!5k;NGt)4)eOX@GoCmhXyX^cnsQd>W_~+uM zB0W84T7q&XeN-7j3mzJv=NTC?Q3jP;w?|al(c}y+t|AiV$aXOD<`5`%u6GN$-E#vH zQ{ajxn5HBRfS%v z{7CV=_yt(%SxqSk?gO@65MD`c${+;*k|KzoOH5Ah} z$SAlx=hURBcBEvEBQRiz44RB;#tYAU7#uWrU####a$;1s@8^CwBpKMa+G~A2CGk2t zG0tOWC~4X0)6b;|TZ@&fpB!>j|4R-?&G@LY&cCf(sFSQz{wB`q@i&v6z+Y_3(<-Cs zJn5nQ-`j6?;K}fX^iHbdgBnm4Ajx~#D;8um`#Nku-^#nuC9T4k>f8373cN!|Cdc6u z6FODubjGW__XE(bQoIk4y4}ddWYVq@EqO}`WlV_>ZM`DrtyxK%M9r%ZqsN+1YjGFH zTF6#wlI}r%GgfCdsCm#|C*-aLeO1E=swQ&ol@q9`IRY`_Qu0h8fdNa@#22y&sNyk5AsI4G$NEE zCJp@0+hA4CoA~L-#JnpT-Ip@3yN3UCzZ&~p?##LGO7bvz4eGp6Ld%44A^Ulmjx4SI z(IpzPv%7P+t--|f^&+_KMClU#ZdHDdr)Ucq%(%G~&s1nAY`g>LF&mFp`pX^pdi7&) zHo~tV3jxfVrcAM8kQaSkWa?MiRvwYmd}{NwOgaS9EU$bCiEo&qnDUDsI#l$@=o!*F zPBh|qoh_9HI_~qY7uw&%a3khL4q3~`NoCs2ldHtvJ3tBAXwXXA2c0c!1jqcI{hgbc zW6O5E2R_gLWM%OG^z8q1pXVdqN5Tq(7blfKcyTlLqzgRpQN4XZ;s^UyD{zkmvQy#B z3DJFRKgC;%Qo84ro!yIaEtnPU=|cK)nO&7j;8L9fJHbT*^P>%r0xQ97)siJ0GOpPj zmdx{aO;SGetgLart=)XT?9u*XQ0%qp0%DkW*IQ2H&6aZsTu-DTJ;P9D@obr|0WF2z zAjx{@QTAIzDn?_Px0=GP^sbinBvMfIE^AP5xHdZ7aZYm^?CB#N*2{xQ4d8mgE@TY( zFO1sK*S24uGoaZ)-X{D~(1dlFN2Y#$lYNd7RCd(caIt(W2oQC#I`4MbA7mTq;Qo3` z<;u)12G88`-_`cYm|b@=#iD)sq(%VegH37?;`ss0p@$ECW(ZC;t!m=hZhJH)qUX7v z^#qaC@l$4egd}(&faV28NE)>w*ph&P$|IuT2brtKj(pdsp$5Z1X;7<-tAxSoEW7dP zQvFwYZdvrJXL#PFu>N1rB%T?<+oBHWAf;4W-ZOP*GvPu*-Q`$*)6=Fhk5_#MHKz}TNQgdLgcIm0pW6V_66#IeWDOXL*< z9Wi}TpdYMwgmMZM$g4$o2VHbh&z*f$sG0@78W{3ieVx7b9ojqK_SVz#MlywgU3Kyv zZXLmtQ-O_ylrd@%ovIW>{C#Y^Oaa-n(H#{QzVOa}F9D3HH`Z8Y*0Tp5PKw)J(|yy* z3&!c#pp*i-dPfKmzgO4i3G(mtf;z0t;TGWwaF-(KYL< z&SaKEZI`9bZKTE+CDMd~T6G?RRPP(w7siD~NMO(L8t`WVf6dLMNoV`v#}9CsS$PlGDuI{ikj?NL>Cu z>B#??AO0sNE{~Xk&u=N%r0E=Mq=ocr5`dg**v8Aht&vxA&kX18BY>8CgPo2u@bl(H zj1*v23;<~wSA3FIUSeDlG3}7G|D^uhgH>hQ?&+cJVNIeY9Y>}@#Ww9j!K*FacgEtb+(q8xo(`oi>pK}Y-MQ~~v)jZ8 zPv6MK_ox3dmMWLsJ1DcpJ>VCrpfCB+^of3Mk3#8bk^t@%(LC=Cr3E z?XR(DC~vw8p+6FJjFvj`JJHuyBe^IQ&U1po0Bn7M5fo(4Tb?g;3t9*{Ri9C15D{Zj zX^20ADZF_9gE>?Us&B%vbq_)<#pmj``j}-dbec6>9LkF>BinGWduVFr^SUF**ciG& zP3-b(y6yzW^WNc!s3B&`e0oW{IDKh}fSDj;42uzytJwCY;t>{!<*McQYLb$8N*F1i zJbO*9a1bN&5D)<%>gBHDSke~aUROo=Y!PNGm-*LV(%DIHQQR4#b#(A2l~xvTMoQzv zq9s3W<}5tVZGNIA(CYLSD=zxvt;jtR=*c3A;ZC;wEHz@!Gn#qevNl1sNoE$2avU$V z+DF-&n+b)nw$spw>Po*^5)qB*1zS2v`=moA*`AnIo^+U#cFN?5nYo-8z7`X~iG|PE>Nf zI%QAAfW_~GdR;FA4^b0$Hy?n%9P$8w5M7i$={j>k{wk^EnT&|ur|pVy>PDEmF|-Br zE4$z{r!R-Z?XID9n4ODTnip}ZW^`alO)oJEdh|8fX69%q*`^flF9w9AkBZx!{83OV z&Jef3d!S&s)(%MXMT9*c40Qs*9V8`(?n>VfH+jOYn|MnszxXB6{ix-z-P6-anXsP+ zKzW%_CbK>|qmcu7Cn;s$kZO)@)H{q?pUR0fFbY8zRT%8p0UjEKCCc8bFuig=T@fFj za(sY1InwHp8#>3LP8CLUd^@Mb&p=V>I}yrQ0$aQ5WoAepC&NT4<3{Y1b8 zWS?81Xtx8pJzJ44+n3Kd>pPDP$8;x7)}~(VFEL|!N_V8_mGQ?^^ym&0)>TQZ+WsWJ zP+n~&E>)|<-$tsG7`Kr0JKnLZIB=Z2A;L!AJ6>9IN6K4+z1}GQOWUiF=)Af zNH0hx+z}#g@}m_EcB>dul=jEIDfBu~p^}nG<_JBGMg5a z+E2XrVw8Tx2wj&PmFd&kdHvz$fc(IfD&Wwh`mx_@MS6aUu#Cpm1jxz_<--J^m5;QZy2C++g|TL@xp@ zP;~2_EbbY=7}FUNjNtOuMHRZ+Mm-to-y)q$VH%*>-KMgdg!39^7oXOJW^K+E%kkvO z*bXg<)eGlyUa$8CsE2@!kQkvpCMu5Z8)vG}kYU2Y-mN6o=i?(d78VHBDT`lWXC3H z9TsAm^s1!uYM{;8`J@S>8xuqE@=JBSmDCkMkemH5ig;;WiN+4D&$QmyoLa}+DoD06;WhlNY{tg`5)aai7 zqALDcv+B3|`^6s(wck9V*4y2q+5dH+BmJXO2BCg>s?zS&NaKYW$w!|)4Sbf*+r7s3 zDs6&O|FVtjxTn_9BV1p1DcuN}`gJ3v<@4vIFNaQcCtUbHp9Q&q-rHk1ztdm8e%oT^ z%b~>R#E0{ZzrGy_3KyvVbZ2yP8VA}oOxPFD?ws2zF;j~8a;T~9N(*M{Wqe32N0jr& z<wmKcMo1xVIX}(sR(3m1qSCec78eZV~p9= z$#Wu{+6W|0+=)23*Pn_CAS#&#m_F5>sN>g<_w4eys}oOh3QtMaW7*J3c0N8&vaC50 zikVl7cufR6G9*c?UN#6(DeQC|-+qc7;|?>4<&TxhQ?OcjrDee``{<&A>H_u%$4kE> z+rCFbS^6KeKmTpZ#sAsp11pHivS*;`w4RTq!FdO0Wp8T+=r z(5t$>ek7lh$oA}+Ah{}Oa17rJU?P}=*L0;oh6Ei5EH9HI2NWyZ8eyB>QEO_Duevu+ z9t+pT=y(vQ&#L3=Bh#dD4t3D~ zP~-|Cj8V^c6qlWD`Y|L1jip7M)V#q2_VjFd^lVwc6a$;&oJ2Vj&C0>FzXkpjG~A1R zW8ZSy8(X@X#tdK}mJ60OBiqV9O>S#!J^-@L)yHV>$Pz(C?sv^?Jz3zS0sPCCCCgXM z;3+m2*OxfY-Fw+3i<|&BlQHIHpw;VL#|@?kd&eY$0~nT)7SLy8F#v_C>Z?XA_;C;! z4M~$nbcUZNSsJiR@KdR8#r4y!+PmD;YDL=>+=7lzC%hE_V(UZQ98@qmKOOo@s!(Kj zSX#@}XPgcvc1K?64AnW3a}OLMD6b{CuZcN)Z`hvB_zNReK&3@c@kTI4jaS3jXP{f9 z_lh%%qadGvj9RPGC^%)uU~?N5EX21-k35=fa}6vzyGZ1Mnj^A{WFa3{6J{O@)H$w8 zEAe42bnYWUYW}5BCJyv5h$@WnQ5bO4k!v@t9Of-X{ZuvN)iuV`?scg&T(X4a-c&c+ z^~zPb>Z)E|2t%+Qij*%M0TBVOc;Y5%8HOZEX&p0S{|4nP%*DCV{dH&$65s2g&B5FI zfIyITg$91-$n5eJ3@PFLugoEVLvWGCt zpB5`j4Et+0#TvX>a}lA#a5ej^%<3F!RWrSSz=c~wT(MmGe5B%aIyaeob1~%8+_d)6 z)XG5O?QPCB0`^W!Wh4bNccTaa&^lB+3km}BG>xXTe_|@I#l7%*yUUC#Cf^P45V2BL z>h`P;l~o=#g~5Cfx{#&y;fZaO9l9paPJ(9wzVt^@SA-wQ?rrAGZgJy2Cx5us4&g0; z)G_VHsUYTjYPDnNSn@o*KE{JmPBlgmxDWMxB%hg>g|9uXBefI^ut_;%e0`0;WG;LL zDqAUTi4Yu+MbxC$EfdSKG;pBiLX=6=b>athkW1rn$pC8y?Yg4h#~Pb{e6GNWU~A9o zC)I$<_~>L6r3`h1ZM?JXBg>vbp1{FDGG&nLR_0o|kx(L&oikXoU)+={$m973r5dnc zk_IA52G~+|BZV%EwvyWIOrg+`^4XS7`iMy*&L3egecJR?V+Xac*8>a}*5{=pGl`;Y z#7KaGIuo~e?x~V*9V&t&%?C-%(+M!@FztTTZ1ArjQ&srnuvY7$8*V(q|B3s z=^A6*G5+ae0a-z%M1`fSJxyZQV$ItCJy-3iE>Eh4n6VwVL?Yv5)&)}R#Bc%$>rmEJvliSA$v8DC_>U)pei6%#VxEOYG{$guu^9S99txC6<9paO@U!K}<`e$D|3%m3##ZW2g z%|Sj&hF_(7cvS*3jpvSDQ2wj|NNTvan0M1QL>TqJgHXxWPjJ`c5FmyeMn~lFf+(aU;JyLTf9lCE+wnsa z?&79FMgiY9;IuPCB8C7_{w|L-&625U=hkpx7g6(FtgzfhOBs?fghs8|-bVhm$GX4Y zQvX&^$WNSjJ03|Osu$E-M9m?dd-`5Em%^xm@Q)&%-Ti*gE?!jZIDF;3H_HV8z?74u z1!e_K3E3!AVgiO}JS%2AcKad82XX;YEpEOjW?4@9lU4ZPs1@Lmo-Y2R)pYfr=E;>G z{)NBkKjYT_WJ2w~{B-98UJteD-pC8xD0@=-a?E7QX(eb*YVKN?a0S&zEjo(4B{0X6C4Jdso{ITiJ7U9-5$H%Gp-MdBtH$uFoYt zTo_gFbv`VpE*}`*XsVKr3wZprFPKnvR5U>)E>_9Q&7Amn{{Htj51rI^wu#RDF*@7r zaQ1)DV#96VIeGs{i~W)kY$Nw4Eq1eR`pdi#OIbBitdf}jx}cz-9jKZm=D?nf|Gf?; z;=o-kc=~*!){cu}kW}jq5b(z^HJ|)S{!_5ejs(!SAa&XOjER)7ae;KZ*vD zHqpg8QhX4>t2&}rp)Ar#cMBm;s~i%P{7NixjlQoD;(r!mdAkkIo1lzYz;VB3 z9qX+<8uy37^I0b@WFb~V$FiH<@pN|8$?HQn-##ui*AfB~qo~qo6kH%Nm`G9LR!SMI zB;H+_R__ka88BFNx-1~Uc`_Q+h+B`uaA~d>NA+1xlS!W~$DvRKPZF#)gZ_3%CWvMp zG-viTZ|5wD%3<375>+zTTUwuKLDMM)j>*>3B`j^!UaB-F2~YCkYn3k@HufWGbe7&G zwXcrO?2rhW`UB*tJ3#gB0l2*fgJz7Ilj8vTsy~)`7Qm!>C($|z5dm?rTRUgFhXh%| z3g6%!R|iQ9x#A`zf|PAGk=V)aPJ@A}K`WhcI-A}3Y3?7M)4K!=fj^c9!BTnmA#;XT zooP@b*!A|jcAIDFDwj-2kO5*`89Cf!?{VBt<;HMT$oS53W4ZU^Geq@_7aTM>SdC(= zPBjIC#VvDvwJ3!L888v1q6~BL2H{ zyues0*XSDZ-q~YycEXvo?wfuKJ)5U4!Pv%kK%<{Nq81*5^nD(-4;#+<7QE)v76=t8 zBb9`cQIS}~BVh=Z>}E^&UUn|7VXD_?_00?l861ZWt)Iqz6&qb}zTO(~J1{?3~=yT>W6g1+9x?s+KQ$5+EqkbxUGQ^5pSt^7toN;}4%I*%`0i z@MW=}FNYYb&t@K}hNd>UDP;BT z^@rCxb<_XUwf`4{>8V(+FNekh6K^DbIdpw!{L3Mh^8U98pZ3Z=Ooho`3GUndJip)P zywgJ}b9DB$`RSjbW&h{h<1aaBfOWO!(OV1I88ulu9^1#Rs_UT(x7&6E8U0DXT$Ql= zQ!Wnr$Ih7g99B6m_-RVI`fUPw}A^$F>&h2A2qqRMdH@;X^cn#8$JX0SjbP}!+#4q{(Q8l z5~s3=a#`L}tc>Ij(491+*}v7RzR6Fzt)Xhr8346d%nOpXjq^uH`~NTY-aMSmwCx`^ z&rD~!chp`j(^6_}BlcLPt))sR5o+y}ii&+-%S@|P1hq>-w3d*BC=nsCOsz#iiBL@A7-!-|;@j_kE7<%zHe~^G^QAaU}P3pZ9g2xpLj-b)KK=^FgXz&I*TR z@k@cy7>ji@7aZhAKPM(E zdjE)9+Fc`HJNU(X9weHCdX`^jUlV#e0Y6agF`Q8D)vjjf z5659$q_SYh4NLysXQ%t>#LSXoqJru%C93WDp?5053|up^z=uf|0Cw_Qha)jq&DXB9 zJ&mb)sTaQIlEG08r%kiQ+zbjGt(X(m$k&KW6N#n=`|_^tDXF&$wUy=`zczm`lNjA0 zc3(p9hZy6$UAAufxFXj*LK*4;w1ay)G*m)^`kwkjgIIz*RWjSB0%SqDQ3tA73-Tld zo!$Uidih{|k8G$huY|^qLj`MZ1g5xC_7Utu@+se5XdG zM~|RP`8v_%>5$QF9QoD_kBho;-PLdtu&UNOUoVlFf+qmC!;$-CGn_VJO z3h;cvJ@)N3-1{9AJ)OFDsrKG2=1{7+ORk`EIwbA9w|sTCmm8wO!(t}YL+f?y7tv1j zVHwojt%gGK`< ziPRlkpD1#>pwKb+G#=Y)l_B0LM&r7x~;0YSb zLrFG1ZE9va(`WlD;W={F&Hk$y?N4DS+B@~UMrXkj$iy&wZha>fDOa4If6PtK$G6yL z-zmOCHno4nfWFQ$+?|uc9rE2XbG=}Pg2|SjDa>4Gs8gSl)yNy*(hUL(Z63yBD)zyU z*sV+Q@yYe&(-%E`t&kU}bop?hm2cDPD^qVf<*>@jGS)3lAFood#LDCaH_LaQN|zy! z1rX{jPZ-JUzhR2~wNLS@3qgHigzRz&D zF^t3T-j=ZoX4o1caapz1AmrkRv1f2_)4aEtOM`BIQD~HnjC1YQ(F!9{>1)FkhHZMB z${iEe{7*!3PHOC z0D?Wt(_-RxBQja1Vj6`Nifz0j3?a`R3qR9Gj^g*P7cu>;?Wd?|CWM~YEJIC&Hoc$k ze^a=(nSO&Gb*&{_v%7U%9xkb|ZN*w9ny*T`t)rn%L`>Ou6F=BN(_F~w6Tv}0PM{|T zL~E81|JZSHH#EX$m;qY}=y6pe@${%Th6DjM2pQpOu3N($`d}8QEc+LqcJo_Rb!ta! z7oJMBQlIJ8++%$6O7-1j&&XUIdfC#0Cs<=`gw}aIdDDwH7pDS}jN2EH!#*7N93KfM z-fqCTG@3IsRy!28uxQ}<`pO8`)QZs6q6Uc2;^;5#FpT{pN(9Eab(o}+I+RdhupR&| z#n?EOX57{#-zvGIwCj3K>FkR>VO1WPNR`?9Yp~eYslqD`7Zu~BGtye}jt1`3umAKQ zKuZ@W>ubR*cc@Gy8CV)pP;b2_%trO(&o^c|aNS%Z8SU@pw zB#|nRdum{qEr9A>TnNj(o@mGyWv8y|-$yRX?I0&B|Zd@7~4~ zFCjI|F-7(1|JV=zKdyJ*nuq!?{lZ08Jo`L%$cHPdInxM_FTR6puEdx{`s*TP7MxE` z>V(J|*edA>FlZD91#ZDB(*X2|k92_Dm*92q#Y zArK2q0xdn(v8C1SlC@E&f&Kg2%Y%5jSl3 z+mQH&ef{2rGrkiSx<(tTchd1^Jd@;ty&|2X%eYRUstXi%v!F$jSE@_36#OZ9!PqeW zQL&eO>bY8lVps%^^Y(&JL&Js7p$%dQ8-w1?O!A3zAk+?CfRe{YkYH3#is)9PqeFYR zd$yPln>GFEkdNErjL00VA)idDeU8m#0HHz53%6*7){dACFLaKvbU=X8@hSFoTXQ$T z>J25WvD8sP)R;{oDynli4RqOZU!4qjJSI0e{Bi{RB1IddMGdrCNX^B<%BAedj=^#b z*?5GG{Q}Kdr@`s@nwD0`Tz)@6&e~9$m=X}rVZry+rl%lI)N3;w@7~1j&H;;{@bY?o zoh==2`%>$X8gz=K88pgToL=CEaF0Fjkg2@43in4nT+S05p~mtQq|!|p+K;%W{JZ_& zxr56Sbs;PuqUWZXqwD!EHJ&SKw!_#fb%?F$%u%nkn8&m&{;YA3`ic|&+Vftw(p*_| z+SY{{6i5gh6vlkJd@`m!?%H%jtdj1JuB;`ln4v00CrQ^qc*pIkwi{m1-7Kw$CqN^6 z-~1?~P_!L@ytR?sLStX1bcc{63pC?OpgDC${7?shOa^3_SI}&u&X?sl;H#m5Fm9_WwJhTO_@ZY);o&d9OEaTv$uvciik2m04cZlZM-r~M_9B5`%p zQ{B7Hz6$w6L?%>S$*#`ueZt3PWhdT9yFxKor<=7w>0Zn|4({#b>USE2k>oB#c(`Ma z@lCQdGdPJI(4IU z?ApU8?rNENR}!|gi|wY5N4iOtu{~Z131vV16{WLau(1@Xp%JCAtrau($%-4P2DXHb z6gP)cUaq(VkYd(Gvf&;6{ph+R3e)oGud$fEvO$Ko# z`)IqaA=|5yck2v7v|OlPqRq{_6MApwN$|qjhy6fR$UzcEVJ%!HL2vcyeHP{PvXepo zgFJgf;|px7o4&$NRVGVcN2*>_lzPvsxU*I8y z{Ywr#-h_DJ@(Hko-|UlN>j$fdC!yZ?R_w--datrh3q@HIyV*(J8Y|`a-R5(k@X&kC z>{C|d;$iD7w_y2)2{keg3FqJ)$8q=sJWp~}27tvOTwF1isg%(0Al+rAt1WxEO)F0u zkIk!1z%}Fj+L2hQ2N8*I@x$lj%E+SbU%Vj6v1#kddB!Tyt6dbNaTqTl<$L%zNU7RS zpTbKK%%3uU?UTJ-ERxYhuvx#V9e=~)d;9Qy^aHnN69%;!t?ch2H9&G%O-PcbbEn$^ zDVi0`G=z-c5-x24tlL>4a?kOwTo)A9Blp_u#vxx~y~dD+LnO&AQOt8FNN3K4R-uuW22N-Qt7mhT#v8LUM|^vhT9?PbSOm+&nB`)OH^35s}@aFtF+5lx%6_Q(y8-WwE#Plm$_1J z($02Q-331y99tO~YtY~HS#eWxtJ-)r(CQj6)3Hi)%=ILOe;h%!pmLti+)SDqUzwUX z$*W#om|{56ClDbn?#Go{4?eMLn-iqa7jh8coc3_1j1YH+{~6Q#SrYx7V!Mpfi+L7x z-C;>waT*??(|Bz(1iZk#P%b1fSlNOs7>U<$)d};I^QcRw&dS89-x`G7LAdHLjQ~=J z(PHz&atQH3=`eGH3A8o{fJAF~u7Mte*DkR}wNsC6^)X`z6VedZTTNbj5i2Fl0{*v# zJiwAYgWV-I@jE3GyT5qBe(Yn33>F#cj6s=zW!Uc@eMEMfc9>~ zb6D9?Vb=q<&cvprk4pv`HLIJ*39vfKYbi^Gnp8TEcdd5H-x-|p<}H{yDiVu4_DUR^ z3$jD%$VcQ<%0uAI*Fe85U zeHYypFqlNx00RN64a*B2p^hE5X^`xE_yXC;$2Hv-C}3dWeuBpj8eHF_8}?x1)P08& z-`FvhY2TtjHdX|YV0rX#zrRDpfP3s^t77}8v{SP|b1FB^nkZJuq{%g(m6c9wxi6=o z5TFs`7i1pOu zJYxt#5DsKxtHdCB4?P&htJIc=;bGxURUz}%yd^km%eXkw)T(CGKtg-9F7lnULu12O zqEA9%&=BglW+7|%jkVOBLXg#6aFsw8Avh+=+&dMj7HljOW>Mr1GAl@A?KwDgw|+vj zLddZeilcSr0E!Q8c0Qq$z<}tGA2ML0y9lTUnwmTAY2a6_nJs}_P#`WCGTB-R9bp>6@Qii zE0z?fX&L8&Fs27NO@YgLJu02iA??7YZyTHdaaJ%?xuGR+@HycahaOPue6OhKGi_Qi73Zl{i?WmB;}#zI?bX1c*-aH(U6>}G&d98@1U8K z%UB1=f>%u1EWhm~UU^y5nPwEixRd3fj=S_Otmu4yfbR93Z)iNoi;D3*1O&YZi!nL zp7vcu6eBK*@=$yxQ!-D@KXQ`;FAJ`~yhqVB)cvXfuqFR6UcGcpA**XrViQVrIOHqg zsM)IWw9XSn>cVAMiwQFDWlL*jXj_56)gMUAcmL21`h81N|M9KUpe^OvOWZ@57mwrJ~Wt3V9gqYX~VxJxaPol0q1e>J4~G6Qfl_zMS*SDd{XZ z7SUEWQf|*(T%@)ICXMwNwRJVcL8-9X*(E3fo45< z`u6s0uY)^Z-WBt|-RVDr`@ij*zw5|XfF!n0c6b5(TT-TGn{0Vntr#;nOwO=1c|b*PfURkjKS2DDzZUeS2X9 ztG0lx|J1r|DcHPfGY-<#^ZZAt^09^D8r*w`I98b-=SqR;8QGU(Oo z;ZI4mmVGp?=vVc{;2x_=s5Q{rRWn?bGM>qH-Z?kZw1sQjIe&2cbK5w>qBmx#HcHkn zz0uw`?~rdmSAp8FuGSf|1bMVB@qb!i1Zqttlr(w{`8X2)#>SZ=Q7)^nlKG~s-eY6Z zt6Avzn5{FnxfM}K0rz$XCZggVHv&RQkd2Am`B?7R&~ETX({5aGsBNQB-PL`#Z{y83 z_e5#KxSiGgz~<0npjqtB#Qx2G8eu}pG5dh5F>&!j1;S~0;LG+w-6SYBZ=D&ndhlw| ziM5(aG(F_AN3Xv4Xxpy*2_7AJ$mjSmui1RZqmj3&yt7HE`?^r;yN z8iF8TO;><`8BcS7ZmcZYt7>`;)VQU8zT7>GH6DDF@S^N?RNjzo2;~%G_+g>WbB%D- zjgHs`nGWw5BpsTT-=^w^?3 zfwb^fgP|=En+=`pv7R-~*8R*%nN?aJE{1q2Lhmm`F4{z*NsF?UW2*NDzm%2 z&Fo1&m##f;mn&e^q8{=9?d`Y{F?8lm#r5Em^Cv!EsQm;KXQAINqA6MUM7{S6FQ$gC zBNAiR3@5I1CJ=_Pvd3L;&l7{pdm*2f)Ia)d?AR3Uk?Qx6+TiH2B_3Ep!RZlUSK)xX zpif&iPA2(&cSb)Gu1}MMnWx_)XwRohbp3h!_wo;zmWwot$hZ?8TDl_2I98CDy=r?K zXgUl_fVYQhT5a(U(>1x9&Wj2Wd5NPH<+jH5<;avvK36II%z{}|&GKqUoZ+J|R6$fu z&7xWMT`Y8{2n>!$?7U+#LogI&NGQvjkE`79u4*COxVzO+#OAAYYLyW45NEi?1eFbD zM`|HEp|Gol0F6s*u^ggDGrs9tPpoWPT(*9-YoepZ6p=(lCSO<*1KanQD&%9oyhmY` zpaF9>-fa%n%x-H->kj=7-DPKPjC=n4`#u~0iL4!a?lZY~<<|*6Wy$WumruS}?najG z7E6%57qh?7!*9k|)-7$@)&_mc`lq=ktS?A!ylKULD?6B(h99L|R%=tnw>`Y+k~C&Y zhYG11!B)=^6!9;s(Sn8^(pI;4o90BL8hnkIlsFUmLsUa8tpw%`7Lmi0S=h+ppunfr z(DT(Serq!`gT|~R0_WVfI9I!VBDnmfQUDL`$}tO;(XM8RGNHguD3B+DX4b4GcAEZn z1lYUKZ5A=vV8z0f_}Ph^w?Y|Fl&a@~`+TUKHy@)I6Ql$>Txn9Y`^XPf4z9|bg>y!0 z3$)HR&KDtK_M8%p44O#Q(CZD2G8V#s9%yE3&LRv1x>AgQqGr2>wB2^@S|Sfo!w_U; zGVIZIXw4mh2Cf-)DSXO<09(QDe0)zhn(HF1{{(oMoVP~)?xF*vD}($ERhV)sp}&kX zUTgn0SH9XfHC7r0RJRE;Pe?bBl^8b2ihZ4V>&Hz`zip=3#L95@sxT73AE53t+HtOI zyyWySoap-oV-IstUqE?2e~y=kT5X@_I3(4FZpT=~BPk#r68fozH#E7eE9x$9*S9nV9uLc?N>-~XIuh_)g|aC&nX+vcr?=} z^;JkWx+#-3QZ={`k0OcS^Wqx>4a`{3&gMkbNuc2USO~Ohav}7)u+WUj#%0GrwN8qs zBYkA04xLGdm^(876k#kCD~Cn1aja z{M^FM*%XafA|uUvu3M((fs|N^>+Yq^(8^yKt%z|7Jbp^K+)xBaUWck*nJ1?el(wsT zyOJY3a+U9)>RCY!B-PJuOi)pyYs!}!xtJ#*Gk)DhM4H`kEe}Ln;GEAq(Nfc#wXE)C z=$}+p4-r>&tc#E@F!6f!@}K6f`-gTk=NVTb4RLDwFOy$tsYmtOBul6%c*`Z5airf( zPKEK7IHoB$GVVw3JAY^|eoy1V*=0%^l>>S}zkbY4w1__QtIX0I#6(90u33P6%)YRwRrhA%lTFr_{Ar4vSA9TLo@PWMW9_E}+dThPg zIeJ-Ymi(=Z2T#Y&O{oVy1C81k+pc6h)I#T#X!w-opw*Z*bm!sugykMUz_s>=sKR6T zE6w-UBIAb5rMcx=Y+09vz^lF#Hy;Q95R!l!L4zEbhVPpn=K3W}A=~9pm1zR*O5;2Q zal^i#zJ56^_+nL+GP^r?CezyX`U5OdE!9rzl`6?pw41k~`2K~s;w<85gAaNTj-{zF zg&o>n%_GI=l;+pkN!EM^^f>UC@xEc438ms4RT zXSGfIZ8xKBh!P7L`lA(n0=Y!wECpWLu4upmt+WdSmcw1*J8GaLc`E2*%jga&bkC7; z&<4XH@`Q{h$4b(C=@zTrJpkW|0GZMja{EB|I&`SbM2-69-h^NlKVCsPyh@h0XBzQJ zG!SbeE(57)Kf49|ag6;HRpa0V!?Htnv%9yt%ob2&Uw1xRnF&&xpF_@LS$9XfU3t6t zh1k#I$#5KEq8d_k$hR<7+{5Ri4%2PQp_nacl=mvppaxK*d?91CP~31G>iHZ=eVI;o zYB1Ej6fw8<;`bcx|HQUrF4E$P3cr5zYi*3O^5ZjW#*5rSPDTWaf_40Um(aIwG+)7X zo_r_HE9n2TyiTgDUSyuRsZ4xThKl-uO<%EpFyhKvmX~T{RMbkwtz>f5{hYxn-udm{ z$F0^|^~JgrY%~i6Wlj3RiD5~vMi1n1*xVJt4mHP&K4i1Lcv@o9qL*#Anj>CD!&pxy zq)RGpgw;DOmw@javfkkB)SX?+Z<{3!?SiZW3{|a`boG{YKFR+&WcZ6;O`t=)5LlF3UP~zO z*l-9bBtQ@OeyvzjI8b+Kz!v~q(^Za`CJ`K2)P$`>;!O0`Zm*Hr;}7zKJ;8$=zNIEkdzvJt}XN3aUdqo-A3396LnDDt2b>2=QSJBq}qaG-q{6df6M^Yvv z->b#5UVShIA*fB&f$Wo0kQf9xpTRT)2r~J3=#(=IECCPKo-4^2BqweMYS;MehgLY( zS+fFGM#!oitYX|d!R0?&|Jfw~lMU$Mr3AypGyGA^~duBsJ%cH<=dHvBK zZLpTq!uSi0f?=s_-Afs_8)>r9^;iKoLUa?bx!Q!k)P|dlHasNmoRh>rq+C*^w{9>1)4drBcFAeE`XpxtO*`-X zQXg!wfyT}+b1;vwIU;|BIkAD=wamF!rk?{H3$i7H%C ztBsyv?PcAYHm1hB(?}Jr`0~SKit*a+RlrbTXa1Evu#aS&TJ&u8=RR)!=BXJ&!Xe*L zP1n9J(TVing?0BXy+8Z#`}@IMkI)5YFFF+uJj~3MBiQF%BDS$raOROI*YL{|%!!L2 zcLe(fY&0TKBY)ht?z#RwV`4x5I%&G%EVSylqrOL-+@$mSPV+jQ? z8SU3^yEco)=*jT$P}%H3Z`kq>ILH=UUk?Qb(V<{#I;=82{&^0DCRz&b1`i9zr&nQ= zN}W{|9o(#)l#69AGfOkjpW;oOv}}vjaLiJX%S_XdLRJQ{Q0Pu{h4Gc#i=r~s?zb&e zKF7bgFvX6(^nPsr9K#Ml#D$)J8buPa1kNoG%e3UX*FOzoJpD!7j}p>Z&S!(FCn?{5 z)-PSVd56wQD-2z^j~k&0LPA)Ul5MtzR8OLOiI$$bk{}BdiY4&REoA8sl_IA>&q^Dv zw>7;ePSbB7-=xw4RBAk>T?PB&4*7(Z5o7Nesu9R((XF`3FDD6cj%Oyhkbocuu~8&G zCW$czf|e50&_uaJ3KkR%us~wjcmPk@+|rBzHH1Px^h$nitFMomG7pSV>s+zB-4x&H zR)fU{AhqT3-gfaV#|R8)z*d+Mo5O|jgLzM{kIs2z&<`;`9P(Xuz{oS+Os0qEU(Dag zYRD_rB?MMT(q<+8ZG(S9a=Y47WROh^49&! zY=!%u=VIjl8~6&8C;%IU0JdW$T=M-YSL@ie#-UODsG%h81Wozbg7XrGWiI(Om8==1 z_bsDpdD1(%XOucRi}m&O-52-Sml%3KvQphA`iW7m9^zSXUS0OQALo7wBzYEJK1q&K zs7)T3`h&xYe^B%P0=4avV!r1mUX>&Xf{0V~4~K~{15mxwc6#K}%m?pY1K3vPfO^Zf zLxGywh%M~tVg&RRq!_w+DWel)ldsx|Q;&AI7;wmkCeTOshu3tPsQu>+rk}0)I0Y|8 zcp1fnd9=$Uz?)h4x~Akh(VbFEq_wN9bX%aWXoiYfa6QRRdl;vOR-fG+^XgFWPXb)d zAQAKhm}gV(Di4d=ZO#W?zGs*A8eti3Z;!J~<3}{`i-pIHkTOXwI<4Wv`t{x~^#)qw zMB9jAzhbTP@m-U@ahF2 z?pfEe2IgFT{`Xzs`|1Vw*dgCGvBx!E!oE!UG-RDt>i9lO&bqQu1Fwd8_{#sH z7}khnYxGdg+)AL@Ta`F#XESk6Ds`lJYhi|CJdt0YpyM%ZNYCr0MYO z4lkES8Tv?Mu6vf-y5RqPIH??arGLPQ`I36bHyqxmDZ4+vFL}U@L+`JqY$K0o&`$o} zP5dji_@-6EZ!_a3-&&C~vu*FLA6(hj9e8AwVqde_{a6wjpXie76+fGx(bv$|(D33b17`T$9 z0+p1W`rgV2U!opje07vNZMz<{-s@g|3eev3gKZs%wBoJZkQbv*_8I8VrCyS%8DH~A zC_rhmSV949z%!tyS$54`wSM?SUaqE$x@4h3P^=;u1q(q+Z}uK$7uGm z|Adu)!6tuk5wDH7eNAKRMBMt+0&g857>(iR;f%{2BHZ4b!8b?__(bfpxEH=6|M+*@ zz1``0wK~|tz_XQ&OV&YGO}iF}QoeUJ=S-9Gs0TBC2!UWf8{wcr?S|{cb)HO_EO(!G zKXFVXv>&j{<*!0)oL6fjQ}ZVB?8}}e%(dTUHP9$EGPMO-r6ngl;)&FzZ;?bEFF3XE zLi{tr)P#^~k05vDTqAq{M%HP2Ps#2M>GEa;xMs};YT8;mkS&ygnLf1%OJtvrNG~Wq zvTl29slDm0Kcv`6l=JpMmG_J}y9Ur8#=cPWw(!zzd3Gejl==Z_4CxjUd|Z*4CBP6h zIVL@#<|R4B`6@!NU%dz57_m1_#oqpLk|pg;Cx`J z0C%}Y@l-PC6EzY5XkfQ`oWt8^+Ih5NqBrtCJ=FMRN8Z8N?ej+KTIz>;apN;I_G(0k z0{+b$EHdQw@dVxV=k*tQy$OmBmS+Cj~}nL ztOhu7w;QxRVWvf*6r)70F1wSi*PrRM8ritofsu{-C0a5vZ8fxEvA23#ls4)5p)ST% z7j^1G^zE!6WVFtjj?RgXdt=#=4XfslN^09CPDmc<-VnZNDjsbHG(%XSlCF02YPSueU&l--FM9m8(6bmx~ zrZVOq@7j=s14|(Bei_A|#Sa3d(-(KT>rT#s#AqULij(GFX&Atk2(#8nYcp2?fUZeS zgcufXr{oUq=InYuqL?%8QX*JkP;)k|+As)8vW8fDL#)k(44|Tu0D-qSGg#mS@fJ#~ z9qRmRBz7D#zRsX9k0boc5qOg6ZBGS5e)!aSlQ4WzgsybXg{vQNUGy!tdQlEV$vbvA zWGA_Oa^g%NZ6hBK$9pYg$tSZzx0%U6;T40{)-k+PmiswxCMcN46k+L{Ijteao7)!! znTCRMloAa?=fO(goYcunzPy^VJeC2}$zVPWU5cj|^zjF*l%0*#*KS)^XBx*Y7cac^ zjo}03aq}#wcRy1v?^k@z=3Y2aJJ+cF?;7dwaYL!WdW)`8^E@`z_~^-Zv}Die64FN5 zJt=S1F!L^F#FJl7&qtO(xLJD2kN%adFy^?r(;=Vg%4rFSPLxH>Lq65JC$IEyJuRPx z7*{XhlNU)a-wGPw$$<=YFgCOE*t?LnTLU2MlbT~?`>ot`jQ7RX=<_fQaiGtBV&g`W?S3kBvwSu@DNX9An(+=P zYtT=!Rs4L&w<{5_mLEo|X^C zvZ3U_ff|!zGuK;C2ApO9_=n7jhGZ!%aO4SGm z$AiGb&*u|leW(hURz`hzp;)sFFw-7t_0$^2qvjpjj9^^Y>w-F`LSa++*2PdcuHeH1 zwAD{5s!o;BZ6m;*-?ErdGwzpGd2ti~KpE$r1764lUplSw_ z0Dw*0Q~ajB|^;pI|y>zhyT;^+EP^ zvL)>OHrA*%XGHYVJL*+hRf$5~Voe+RM}p(F&<&$gBBgqHNy5+jwoJy#a?~t?T~Ltg zst{Cojj5vRNk?wv9ehj`mjoJKRfT3I#>9_g<+1E6Nk0}B9kUetY~dZs+|XaP0Cwx|Cs)uddS zFdd1k>VI4G0&`b!xci%24V&-LmA8tjdZoj8M4Yid1yd<|0UmgdJll&13#%;w2{Utn zsSYU`q*>z1keRJ`6X8A}McIDY;;OSuP7a1ARuXLA_~L?hL>4dwx$@?dn8i`?^a;n5 z;KFXF4>1Y%2)h+;xDk;4ugfc}+Wj|lYxPh(GEx+C^f=PJ>d+Bb{&?sM^O6aI_De6j8i+9O+v?vlXKC(D4zuLB~NQn}UP z?!O$!MOSc|zN=fbxOKXw!Bnh+{^`Ts$*>>CFuOC6LEKpw&{h*G>&3I+v)~3fn6P7ft% zbFU5uy3rnPWY|K6L9G{UW|@8t12ShVG}KSwtZzGnl$!RW3c6*TfBQWsLD>85#EN;M zYMUzfGvVkL_(B1dM@Wpv;+E+22Con5o&faZ>8GJUC+HZW*xGQny{0N>w|~~ZNz#`a+d|NKB(e|r?7}5qlpO@;{j@NC zrF2>5Zn}asvbvO6nRO$^B6|3{vU@63Tw}9wQcy-BIi#;&koA4QaMy8DZMcbQzlHQW zgp{bk4vVu3rOvVGgU;v-IxmJVkde{iK|=lGpL(QEf98XrW^=c%E-Mm_)|AZW%-k-GM)mCvWpS$`T<03sw`sa#%DXq)?*YOEW}1#>Ta3Tj^)%jgcA)kx zru?TbAN*=_;#98FuWZda*}=ZBoyGekWB|Q?Bad`N#WLV-P z&6Sj6lhf{^z23o?lk0NxnZvih*i=GpxYThM_pFHAUMUV6R_t#B-#+5jUqKKWLGLo4 z>r5jzj5XdTGh(NoWQN}%|m9OO8C6C<~8w_KI9yf9mLCH=qm7z}Y1u>C2m`leuQ{DwcIPVM( ztY@?dxvy6`y-hA34F(I`b6{9jrZ|`4akID!PZkQ_@f}|hxeHY!qyxsU7S_9&6J`=Q zeXnuQ~)}Y zuWq(Te>gERaroDc(s(X(chyC=8$;Z`WAAqWlKK2t@_(7nhbgVBKFd3xy-x|4Cp1|L=jtbS zHvSN|=%Aly%MEw`^Wy)F-G2G8@3FBR^mfoRNa2dxNpwO*g5laDllzdxPiM1(wq!Ep zR(2UJ-=$pi8x68)IPz^ZRC@Wid5M@#LmcdVi`3QJLZCI%z|71@hZxs-n%^@@hv~(M zz_=?!GxqlJmxjFBWnJ)Vc~m*XHLPozf7|m7B^+=5{IfLvw;mOLL}~mR4=sb3k1_i{ z=#Qmd-UY=(#TXn^J#hja@_q3=6wZ>bi)A5?HbR$L(~aEm*z1i7zRH1Np-n)S zO_sUo#gI8?Rs$|4dB~9&P_HEgUkO?E-Uwhlh1L-x8$akMl8JAeX1W>uLQ@MpJA!N>nYryX@z#kB~_To`=ZqbMKr zkP*J#yuX!Ar$qZ)FNRF00lm zl)G;wbteRFd9yO;LoNwCVnT1GA#cmN8GTyyQ)fZ$wdVyWsgo|Ss5gr@Y3IyW{PjHh zudLW?olmM~cU_W8kZW)n{X{_fgH8^G*zK^$Ot7`MnZr;278>{mo$fIgY0hh#^=1WAxBSsWgbrs*5j`QuG zrhh3398_7=jJUV&HWPh=v@;m|q%f?Y@ZA$bwyeGRR`pLQ+N0JR6OZ(AI1_Sn4bhaU z^VfE(*%L3SBvB)db%Rbbzqw7P|BNX{9GF-uULqpBJ91T0S5f^TSO3xJ?x+&qLEtgl zzOR?A>aGi|_EedK^B-II_#gWE@BH$sfpf73Kat`xzcu}mSS~VpV3j{<%#KR>aPX!# zvS+(|VBG`c+2!|FtADYHLOJ=qe?Q)ku6jRpsceO;LLOjVo}_GP90L}!R^Q%1I)pyW zEud=tqn~kUeSVWPqa|7hRmq;r!-zZ9 z+88)cd=TkZs+P)%`mt$pvWhU2N8vHIES}Q$YdNTOA1{;lSAh7sfkCj_yjv5*{u8W< zj4DZTf)>9?xaM7&r9dVoMD%MFk3);#Tk@>=5UcYgV$49JK-(CFZ#`vI-_kt6;4Xhe z;;+l$Cxq-Oc}b_!xQ?#ym5vLWovX>b^yE5qYA!RCJaUDo78ag|f@#TP zpX0UU?*}nFUh)YMRh#5Llces7X-{~A!|!#7kO|RuMrAu)^#nx@s3?KvWL<8JA-oJIeu_QYIc3{6R;*n5^f)RoZ z{e^fFd@J2Z)6D!l^Zer1dnNl(JNzDBH=lOjjL{2SsBdy^lF`BL?}2^i>r|6xbAH2o zZ*9yN7M(e&mH!*$yL)SC-Ss!f_YM~x{(n_7bJ7qG^lGq0d4pVdn>X(~?3 zo%X)hZ8Fh6qk}T1-O_a2zva*JLNuBW+T-x?c$n*HN1f83M|)G_>;5OqNmx%C74@>a zO`{%YK_@JZ0K;EH)tD3{vZVc{uiny9 zd!MB@#6`yl`}pc8)IW}b?!Fmlu;D?;wz3OX2e@$@kr>VTx7RBiQom;(^66^Ujt=&@ zhcCizIDhQ>E|lLxD!U-wCL|!r6y8!gGR;t1Yzo>A zPI^+QmLJp~+^sP&QVK5nVza!DY6rfvQjfN06;qBq&gnY0cE+6{TZo9m7x9eVpgKA#XOn@F42y z*JDPjq5IPc%RNJ%(mzy0H*t}NdqM>%^YA8niN zZS#J%HVfF9P-DE*K_@W()r*h1tv=f^<0_5xM@63%CMx!@F;gX^?`VZA{zJY8$liBv z!z89OBAZsl?!ol>ql8w6_L=%?kbl<~oiqO84HMgl3X-IU-tq0FgT?&MxaBw8g)M`a zVVS^96^ZX^lg3x~+HHqZs`HOTZXNOk^?reV=i*;q>Mr7^VXkblRqd=7ao4MFEPD4s z){gl^8SHFD!FPkskuwStc@NUoFA4O0;0+tQ26nweDC3u)F?HP?B17CxqrA|rbTr#3 zKNKE$%pnw9>DR}WZ!f=5>%Gh1c9k2J{SWru1FETQZ5zejWh=caQlz)go1lP{fRqpt znsgGHw9o{$3L;&)geDyliqrt1CmFk1?)GHmY>=e>&JmS7=7^o6H4kOyxr=yL8i5s(eld&+029V)8jAz2Mk% z0~>8#)w{2}DPGWlh8?~qwzm42?Q@>TRR~;XF-SszzT|# z{3i)#%gaKmq=027W9TMo7~Vj5R;Zm`JM)YFJNpq({*S!WokxQ8fA2;72mkZDoT>PM ze|lbtj10!UszPQXiqAjL-8X;Wt@z1(a;IU{Qx2&;x}Ex$>IPM8QuyQEt`xipq6S*i zsi?<7Xkw96IVg<|hTmC3?XcUyf93P;-V=GpRwwsA4Qn~k?H@z2Mcax*o0^{4jc z#VaFWK+*Y9mpR5qn}?I*(`z?%+*qjlgTz`{eQm1m zb3ZBiMvsJ;yrZ*hvUwa7i4hGV!6E@+f&{kX&g^QPP>}nb!FQg9`CetKV_<5s%$fAk z#BY%_uIK8u577vQM+-pFpiBl(zRA^5N1iIpk|enYl-ux%{BO!I3jpWzW0+@Ao>@0h zR|mP;%QwFvN#nKQ#}A4lR1n%S!18DVJUlGRH=*?o4Oqu=9;9XwWyM+Y`9B}#KYghG z`PlpmeW;ks%i(p}m1(Q?Usye>3l|%Y{6z?j`Z(WH7i%dC5)9jP-&#?;vevx_`|a;_ z;QW2;nXjuWrZ}r-XP`T%;Rj{kT5qS9yp`ZiNG=&&&rEHOPchBTNJcV@_n)!7{rHzg zU68`Qs&jSIDbCv38ECPMn%(bP!*n7}t%MW&e^DsknYwRwvdWPZ^GkX(xxj_ajl?TC z?H`1Eq0m=(`e^@c&$xH|sdy(%v%wl(_tLAS z{YhH35qM2G?0JV&q$wm5E#E6+?6F-44D?+dihDL-bI=*5;i&;rHovUV868mwSL(LY z&eU`Lm6z6iza%EzI? zUUsUYIiPv2ilh?X2a?Ys2Dl%1E~cr^X+!dU^^UbV-rH&g6Jz2hf68tEFD4TS(r? ztt~v2{$cub^d{?oljCuSNS@6{T~xT3t6`R2xoL`OJ*02-`X`XBZjr8TkrKLwQ*Jfg~TeuCjs8vr?Ce^+Qt>GmGM=4Iy_#FO-v)Fs=5yEZeWn2NOe>Z zBbaCmA4BC-KA-xy-g9#kDb~UN_(FY{0FS00oD2xiR;oWHr2hFka;ha!5i!(Rl0yb# z>;YA+ilY+;>gbX_E)!M-zqZ|md0u=rEfapD=cx|$0QmJMU)8@Sl>gv=w?7VY?_5fi zD-boGGqrD=+K&H8ab00`&gIJ9ZNEvc2Iu@Z^)WO3U;mNnzHtTpq&Oz?QEijMLTnZe zeq`)t>;@hqSY7rT6(_B!C)b4kk!t?^?)hin0h|Y8k&`Q~ZzH*s?s2QU0Y95@-D5lipyTiw9`Zn?m1WGOFCFklIw?1m&RMnXAwH zH)a_2Kd@YK^5o;b)#-Q9Q(d*;3%>`ylkg?B?6!E*YS9wLOv*_W2B|OV6lm3VQg=S4 z8Z^t)QX;DQJd3frf#!XdNL47;7ttSX+|qWsI^cP-myp=COt9G==^83T7EdDcQoMMx zl2Mi?PY5D+BECMc!rkf4Fiz<=4;gEzV>E0^>u~@qij6uOi?|^L=d<3GkdT5PY88kE zD$Ejl%2kpf~^z1ur>i4 ze{++ZqDypbWzS;Z?3IxVZ`0R@{i?w;YM*XpmvW?O9=NtPzOicAJ2+0!TK75=_W%FA zlBaKDNsCl}=yP)ZL29`GH>TUKat#O6D>TRz#4#_R-HHuLnhIs$q_?a+J+PYet*pM~ z1JrWZAURS9pj&?RZxc%j)uG+JfrET*zI zJH^+6a|A`X*IgVHP1Cwua99MdQFd<+1XCN-?hU zO~@h)T^oqA-hR7##y&6X?!}cuHfXs`Dh67ECu(FXZxFLze)0KkiU$elvlQDpbQ9=yRN~+ zBU8h7XCL~rRi#7Z#B*&NI?J9EasxJa2RnOspkG|%KoRBl_EPI()vsOqJNhdM`2vIQz0CFdzwTva~j zNey?%#E^v@`0{gcp&XarOeC0Zknj=wU8H)3E1{%Nrw&TOqGoZoB@1q8rAwFIjR1mKw~K>FmRT9l}~sPebU_a8F_{cYL* zcy(C`!2OeAf*eF1t9UFV*?y61z5Gd${gYzs(@tQ+*4fUzynTz`KRExfV89N=nV}#oWsYFr3t=Hy}qrKcV z)G*@6zhITXY;D!82eG1mw4TgL>vEQ9DJJbNN|IQx6~=whSXD_qwze8AAHO_h zyvNgkSWw1wW;0}AFdF?T) z?Dij^WJ2AT0X}i3AE+PL`VM8khLcyt;yiF?dJ&21X8>bV{YH2N2(jFG5C@_jU&Yg$ z9db4UxF7yL)93z>qos60pBS)=*|J^OX~urzZZ$7r(InWD&@K>Pg;VXNfK0EQ@a`Z+ zQtcn`2`wpQt;ZE}`;H2$r8%K|HX1XuJYC{<%$kfxZqxfioj1NgC~;1LCaZ$mzqObZ zb|ts>R&wk3Eqr*azY|?_dLk3Ri>)!lrcocW$`FKJdPPb~KfJ!b2;r!I7qsh5EpT6Ckl^CHp<40RIT%Lvt zROvu7ptUY5;;zkLrw`lWpp>kmIfufRN$$@E+>cvqesP?<+XmyD&8K{P%fz{(x?EyD z;!WK#Yu?dfaDMg}_^w6L?G*r4ggBfie5uxH+*=uoFi5V}h-zt)FmE@oBOLxneOD9H zQlP`|JO}^iUU0|FAyQK=E^xm4aqNb4F|$(PEopN?SXa_JVU6#(Q&8J1!<}G>gZkB; zMRjAuScPydH@jBp@*E*nw{{CqoAB#NO@ZOBXbMmG63zO?;K55%@$TEzt$|vp)PGPcnqEDK3IkuWK>vQxVG0c?|C?XSG+Rj8S$_ai;+}q+mGB|8b?H@%+GJUo zIrQb5W<^Tb)2tIofwlaIHjC|t9cFi&qZ_O&8!Hd51O>2q9jhET8;|HPM6}H5#@4e> zu=%#N`op#b7Sr+2q48+$~;H0{#ykObeV&UBYcG^SAR2@qgV5 zNAOU_z0K$rGKr0S)2%K)o>`F(FT+H^LB`n|M&C<|6_oz$-=FjMr+ofbfB%XjHEFGn z#IAre+N7Fz4BFIH?5Y?OGGCNEC*yDY5>}E{m(MX#_bj3>3C;p-k&0|udO!Af(NLyf>-HqULzH^*1xH)JO<`W-pM zQl8JhugL!|r$0k~{{8^{cMAQv6t|EzGYY`>JSv>&Za_kz!$g`~fqAn@7aQx8T)3rp z-c=ARR?*LHgm7d9c3zH(alOcGcH_&XI6c^X-dI&`ehEuF#Hw#@y}Bv3E4u@sJkmy8>AParMpEb9=c z3fp-RF|Af(F~cF8L3bM!{YdLXllzk)g3mmAq(+bQ`Sh_@Une9YLtV;04obOg<}FF= z6Su5Qwq11>fc?~S(hW(D()n&3n-BaeB-lwS+tPk8f?GKmsmMi2YrEg zkb)LSz@QfS@i;_}*@VQ()&r4%)=8b+V*K}3hkc=k&Z7=yD9MUSv`NX>HEE=VfZ2T4 znt;sC-it(|&IY~l+}V_YjHm7lv-B#|sM4IE`&YMO#>!c;1^Q>jOvB(k@M_{ho*V&S zvoJ3r4|hP3YEiOcDhdxW?doi;ofg)0^VUztMy{f}!Cun9lmz`@)C7aWZom9HtVv)_ z)e-qqPc#$)1ynVJ?(S=5J)DOud#vE79t@+3M%onXKc1Dha~enTYU?K@i*|g1acnJo zk@jh~ujnTuNbyu@{g(0zo{<~GgOIS~)mAav+IMR}kazhKq~wE~5;=nqA}_0oNkHaX zBA2?yOOU=XAddy7R{h}*m?t_j&0FQ`HC2*aOZ7^HC^OZKrerr&P;Iea>`K;{M2dgn zC}t0qdH-n+K2?|HQ}({OYW0VEZ`zhS^x`sY3u@}vCTROSpjVca4hrpZE?J!`#UneGYi~eM+>8#{ zLbk}l^agSLCt5nToHxbBA5Bf@^SJ8_RyCN5yvJ(e5bKL%48>s`D2lHZKwt?C4N+$E zAACeXv5S%G_ly0@8t_Ciuvc49f>a5a^o6`nsy}zcl6)T1N-A>W! z71b@3C#(Ag$L4iTCy?6u&64eFTj13zdL$^B%yh^sx=Fu|t-$nTX6OFp2InV_y-s## zW?hU`(iU@*ulapu%N)swU-xY@U8E#42^Q5ye=`h}>G|a0LT#X-uamM~nIF2z^-C*; zR&nsb*c-+fW{2lsGhHXG7Yh;V6}BVs#)!Oy*y%l^e0j4E*inz2`!cvbL+fmQJ8kuB z1`AqD$ZMuyw8J40Ebswe*tOuERD!25X`oS&B&VH;7^sB4L$O=Yhkj^B+NCLABy-g$ zF@7F^;tR5IL+~DJkMU}=c>`z{kjgZLyhXJ~R(KEq)0UUjvH2!`TxP?y^TgwCZt^}i#pbb`Mvf0`?XCJraZA3X zWS_aTUB_-w%}jMPX)`U{pW(`{EL;29$rC~+CjXjhbZ>F4_Hem+UGSKh%P>}%UCe!p zV`<;W9C3*!9<^EU9^Lb|S!`5pI2=+JV!toX`kTa1-V4x=iuLEgPJ7-b!)ZW4(S@P* zzSU)!@(A(vDmGRXUblHD`iyO3*C&02akM^*5JC3T%PZVEU~AC&z=H4a!GpX^m=>J0 z2uW-*--sStTHm0p9T-|wWw3c z#^LWjP#SH@!S_ipv#QKn#G}ujoSv*oq$R}&uB_QC*9zk7In!0PSV4GVmMjdT~R zUpFNFY@HlbMMu=z`O6OB+2nX%exh`1@+h9#Ov)j?Ro`XN%X1?)c>>=Q%} zREp!b)$lu!w}N`{mpsod=rC?4tPT}*WzHwUOveUrfbFi^=U*+`q2x{<4J=S}jI7M% z)|TjR&0pd!E&$S{A*)tSEemz3i5k?TYYYZ?In~9cG>J}zetkXnI%sUocz7<(av&71 z9=H~4xrZ|9+^)n9+U&@rTf$HzT^f}X3F2^|2;w2KfS3U78pXP$7<&Lm3&UMa#S8~M z%(z@8)!zDr7P|Cg!_kK?gWsV9^ku~m#LlG(%b{_7v#%x%ZWA;n-%G3T2EzaX^|T26 zp0nra)P7S)AeOFiACbm33!b%sdo?d<3%#1)M#x{A&6qI1QMP%!?cs9cC&i4Ee9&I> z+O7VUg^eYh{?U+S1$^1j34{n_Ox#Opg2(0JYq*uoBq_XtOSuUyd*lQ>0 z&crjGvKKzX2-e-Kx@3gsLQ7~Osa*ZgywDZ zq&cId{guBGBvz79PNo=B!_v_)r2Sa9SMhjO3YoI46Baguv@Ckibjxjnyi)!{$NAB! z(1CVxI0RMdsdx7*_9XQnvbTSBwE}Ubo8M;`-I(ZWwHcjgnm<|Letvj6{-6{pwMde# zpJHEVfam1v{kk+1&b=$cCn3PB~TJK_52-;kHHE}TAu3O6*MLo z!~}P!q!*w=D@&t;e>2E7*4`<|K?^6YqT747t;fb`(JjdhY->qa_0$!kx4L60rZpX* zWfindR%u9_tby+5KDuyDm>&eRu>N|b|CHy$s_vXlV)T@)Y0JJ@>4X~@bzQ#u@~iqJ z&%o*9o4yp31IbZUtWOT@Mv`8f4x{%?np$=Kx{eFGc~-@0F$$19n{h?YmD6FNE&cJ& z_DmgK;4`*Q?H?)r_apq1y(lMqn>@Qt4EBW?FK?R?eo}<2i7ZhlYS_vQ`cTbh{Mm#* zN8wLd`16hU_g)u3ajR5_%jYK=W<6(Fyljrq?I}%O0nse*(gcktr?N{W@0Lo~Xrt*`H|=IQB+t2n#T0Y>to4}`2n+3KVpKN?c_r$lXrH(Hk$9pc{eXyQiR$(ZdTyqc+A?98z{ay{kkVKXUwwDysE7?DpVQmxI< zcqMqt&Pe=H`WT(K;ab7t@Z5ZkPo=76;$}Cc&L!V^_Jc3bz~~0|a|dMBOeFA|$HniG zB@!xN_%nxHWXg@O!BU)#%Bdh6Ma`ENg&Qr(ny-)6Q?=&OQ#Xj{`(Dp6qmbLI{a{({ z$w0Awpm?6GZCx=)M9ZwgEo^OppNONAHJRv|z&fX3X>cf1cnnZq>&dP&=epqIP`~g( zXN6q1-&JjWI(DwYDn!^a)^fcYq&g05aGvlq9?KIX8%W5!$DI$(nlCrXy}&Mb^|hbw z)k$W)MAW-Etsk&Z_W9FHM0>upi^@=TotisgJvIqs!Oa|$PU+YyOr+$r ztB3(ndyyN?PEL+%h;BtSqQ%12-dK$GeD0*2%qzQuuU5 z)MT5KL$1rbQm)2~=_|NJLyq9z0z#GbaVBsdJuP#_%>I;ny5-9ie&7 z6D4&eQ`ib|a2cJ8Nv)dzkw80Bkj48Uk8?`3&g=a@xLTicf_`1L>LvrQ_5{@1x=x&F zzf@gZ+9Hi$10Uj-_|&E}!6*IA zZ8tA&wEv_CCNpXbpDkZw>)$_~Iuatq%Pm`-emRvrN;${z{_&^3De*t%;=fOH{#99* zH+!w5J7*novm!B4HS#3){J^ItD?6Q0v4N)0;a#0>(IWd4k?cnlcBTBsN=KI4TcwA~ zE7W~Ro#BPT4MusZhe@)nXTR*SB{&Co7JPc>Qu$l*$d%mMh4AseNbtWpnJLR1`E)=v zejUiO96M7}*^ys&`o$bSNmmSZs45bQ;;ljwY|&8y7=la{H1BB4l&G4o>s!AnScmUH zb@l>wa17b>@2&hWSl{ij;llay(e!K=As5|lJP@$pLI%0R`_|+k$@T>H5AS|IBJQv3 z->&g&S=*{kcV@}h+!jAsm9?oP2D!vn83E%*Mhwxs(lW>PYZ z{Gs5PKfF%R5{k4F<$4cN7gyWtSf=I{zd8p*vzew~wj&i@SNiW(;Msy+mJ=07DIaK? z;`3X5``Z-@aSMlZ;;SG|8Gp(DZ{!u9wNC;M%zsii1+Kr3Ib{oM_(_pP#sqxalc+e( zhHonTbXWbN>>uvSzeR!nPN|n~st*($&2`z<;(EjwsKVb&fn~gQqkBr_3YNJ^gyO&_ zCoQ~fp%sh(ip##+y_IZvLPCr`Dbmw3f!A_Q1K{af*+ZhC?)B!=luCz&i;K|k^KXxz zJSR`1uW`D4L&sm{^Ix6yB>%?{7cSuL?bc3L{GoiEKPw37Gp7=6FFGY!%UAZIm zbnXVlWOPZOmASG{FSJp7Ql3@xOv3!MSoWBVaX7!#+HG`9b;jV;-*}wAp3yXgU?b_1 z_v>a4_DdwAv>pQcW!wD|1Q?BvYPM3g-mUMQH1TIJZ7?e`p9OEk7-*zSWCS!GeBX&) z?~Rz=k{{~$x;E0r(|cad+t|-}(+`ut37NpXfM3AgVgz(aZ;!Zy$iZL4X$ywhz!V=? zV{MY6sQ4Ync!3i(L?!$E2xKiy;!I6~o$j@KjpxY!t!hzE%=$p-*9kQ)^{+gQ5#llS z18n1Trt{vzJO~`x@fnZPqL+U0xa2Juo>zr7MjM{mSu)?*!5-$;23rWaPycG5&X%x% z^h|mBIjCV} zrvPJuj?%p4ObuFyJAu|?PhecmqsW^lU*g-^)kL%Laz`%@Q_`5bDpNIy4+ZzU)_X~# zL1W!1%3M0H*)t{)bHn*-JHuYCPQE|>I%_U>h zsWf0iS{#3idUoNQ?AA|;>A+L6v#(BBZP)*7|1A8}hEm4pC&i0E?X$ek>KwnU{U(Y3 z^NxQCYgZ)q!{{^0pA6&xGXc^ zRh)g%XJ|A({djq|-SALHe3jJjemaDZw|)}*{$yxizNdWS-ft6gURq{*cpbT!jxH|| zY1;REzDD#imfylwcVb@eQ75qwCVC_*)-SVs?}C0A4%TMr$Mb%}>(0Uj6}|1auY||F zj*pdmv46qGvjN`;_YK%uEN9Scz}U9dV9Qi-tMS@Q(kUK?s6yo8^#_TC?F{oD^jmv` zofTGHZ#?VsjO-eya#C%#AHz+iHaTK3i4|^X#r2UZP2qWUPHmFBI{;OBRqEEvV_vAt zsqU!#PYP&j)5ynl*6aK2B&`0n(1~a9SsydtC&j6IrjNAwNm&OTlV=}nCX02#*ZEm} znK@#sTQG_$Y$Hx@)q6epA)|Qb^N7%uH*GJf+g+|$OPPSBAWe5dV3RoIl18x)`QKW^ z4Hat^E85p-2+`G2KH0jsw>W8;t<~A63{@5_>8&-3u4nlD%=JB8ST4%Bx+P-l3r{wC z<+0e+!Ng=|=JyHG?_DE!M4!f6NAyQ*>e)972T6&H(YLTJ-lz$_b7Hu=$W`Qv5feEs z3n;Cft#I60ed7swYxTmT)4nA=MVc|6?XFv;oBQ_ctY^84`H*1PL%*gMd5CXNh!uD-5Cj?Qfwp8lZ%|9&=m){3i`LPl9<6;b2&8N?Rk|WVB36>wALzf9aKf?Sk_zK?Nj9M+n(R|=-VueO=Nn@&0@Zh-oI+l_f3a3h2N@~s+j!h{bGr5ltJF7 z!_0bOM;NK%|FSNyuNUq$d5j%Yxcf|-&QZ;j4&BaOsq`gaiW=Ag@;wxvVGmmulyCWtzxxAd*}M1p zz0`-|8l31K^i&h%_NR36WH6mRrRK$JAvYC@CB5eOLl&x&1U-{{erqu$;LX6|+wPh5 z%ge1D3f1B5y_&a>ve8qI%cpq8ND4UFh$=NwJ;XkQM13sOo~J)cNS4#-TrI-+pFxIJ=!$aA)(2XBe=d z%c#MDbd)O-qMW(l1To|Tp<0FpJAtfmT771ge!3_SuMkKjO(9LkHe#iuuHsv)x;i=f z{F(**tNYBSol_H6-ju=<;vUuRlw{fE7)+}dm>ON7*IgOXD&a`CPM69X_Ypj7#jVR& z(bz<=uP5;hl~|M`P*U2$>G$J{rK6Eu_wyiiRPQmiHc_TvMcEILj5J5(5NXibpN%`qjd`M+6f z$KXcPJ{jqvk`k0-zaYNxPfq5KiyuSZt!D$)b0f;73o12)gAj$cZTqTm!^eHXw0kC( zyjFy?6W=~BUrP}Z25;u-B_Wq+O=~@+>WaIB*rs$))O!+wkG|~&JCR@vEMYL-?77tL zdCvLdYt{+kG&kZ1J^79T^f0t2Jmukl;L)DKmp!Yog|+PO{0|A5otf&-vDUOMF8b?? zr^Qdabdg?qZ4l-`C?`1z%OFI|-q?2abcz0kpWt~ci7sFBu`mPyO!~lgpjW7g^SB{6 zUYBZWIG+@~kx#hp$3%C}+E=;ys4^m|6_B92t!?WTyWJgBu7L~-QJ)1KFv@>B{vv(> z8-u$cWTjP`hxTHhNM_=)k?>9&`uqvw8U~=-=Y%HtVY)~TZ&jaVnOqyR*2`4M?+mA1 zr}m`X(tthsbaT3Mcj8Wn8`aqLDgT1*lYundNRd6|F9+o#e$o1-oHi<>Yp7aT4$C6~ zB9-tIS4NOY-@=AkM-Uew(s9TaxXW)OW9>J548;mahS) z&sP_Yvg6K=7sxurLxnmW12{Xk4Hy1 zqnVO~&k5$t3c3bymS~tUZ_q#~VCNxHNz#$nD655hIZ+#q$(lq6dKLb-iBV|J>sP;+Y_k*dqly=%7zlJ=h7l`Omy_E9015sfXf|8l8(B)a28AN)- zUDxz(+k7d4Wzr%p@>mKhdK%NtkHy3oJQK*sfMQjVt2J?_mjQ*Cnf7y zIx3)UjJnN22RS(MoZ%85w5Gy4F|JIz>_zT{d(eX}VXwoDD&T#Ot!D@8~Vm3UO(29g=|E25wuPd1>m|^lQI* zt$dheq>w6bnNKT!o z37(weqpHZejcz5m&MCH84eWCnS`xqp-_c!UHYiVN4B*l=bJ$ib-qlyp^?fL75Dv^_ zDOY;h%Rit&2f=0ps;-+Zg1IAyE_7fnk%3(E1dLqXxck=+v&|u^;V4|56^X6ETM^xPO6NI?kB;v3kMEiI z@KIYvG$E!C3jA$gT%n6}ZxX2^N)Rl88yX$|AYINDC+j>ZtNn$a%^b%1K7~hUjn~fBqHD9j4z5%Qh-)X^}6QT-A91!Z;Pe)i8G0` zem{(qQRyo!*%O2dOw)c!wBgbcy@1^}lX~nUk>nT&Sti|ROOD=vr;R-hu8rXtWRyR3 z0P}Yx<~o7w_no*#YF(}~U0GFm?UK?tnX>|dZ7`u3a+9BSJoJ*tsW_7x$fM{+#&zA! zsA{K|Wu8bD-B{10jY3EB(5BrdK%gr19mgxiyulqNy7fiNxCFOJHK8Q+hlL#6(~tO5 zJWKZEs2Z?L*7cbDm!Ja2Knp9Tp^Rv=VfQL@6fsCJyclk{ZF(7}9 zxNi>0=TLJ-YRZ`3B`wDK-va`bAK2kPBKk&JbmL3l(O;EbVeIZH;mgpAmNJ zAaqVbgV_hm^9m%=#G#qSX#G^I5`|&g%>X+ z5_I(UR0{1Np74|!^~(iyjcd#yam6>(%U6KZKUV6uV+XElen~b`wLY-mWZ;fb=hT(X zO_QEa^x=-R2Xbr!uLAi8aQs%koe<5!3#t?rlp5n7S+2k%fv{R#=7#(f@FOBpX7JW= z0g6kyx@bXN9xLd_c}+mAW}nA;G_9G`+5txqux3F@`2E|+kNuLj=@RHKSz)aL1S7rB zHmQWr%Cg5j@>Fk#bu`1q4WcSBj-#|rc(oc{lMX4!Dth{6EOF zcaH*V*)?|&X9s7Yr#6@C?8y5CvQq!zEGv?Mv(M=d=BHBJBQ{cw(G98{bL>R4J(>Bj zPv}WIeXxV><&{xC^>i@rR}}6n%W`asq&SyqvO&DFgdG<04A6yt?H{EaZmin2VSRHi z!EfyB?!Ni_SYs_(__u&u>mji0hAU?pAV z8T~KWA1~YGDPBFa8TDV46cz~N(Fr4EM+NGq;I;)FhEN(FM=t+&diQgS4Ec(OVQ<`4U9LG_*wKSgGXm<>4Ed@$;-P{d60{~TtB|XLkY6KmeRj2uZsxFDRd@WXk=V28|ua1X=#QmfI`CrRR z#;@Q*HdqP)c>batRgnw5b}xrgMz>!|w!qvWz8seOY%|QU`BB6RjCvW;%5Q*v4kot* z8kD9Ptt)sgJ&4?pRsLZID5il1yoqf@U3KM=aQJ-f(*~|&U_GtVceA#@IoD66X7`J3 zN&jTW)vgD1rl!za%IPa)JXWrt5=N<5Z)LfOmV@a`M$@DlW9=ZwhOA_++6iLzWluva1 z?37$)IYApSDygyH&i+&aKKZ0iiF*ERhjpxx=2iEPm%g}}_-94l{7Ipnfv0@-$U}{< zbkzPEtJwkDc4i;TMu+QO7(nclD^N>b>0HJSkOau$;vL0AjBBtU$pl>aJlz+6yfdd;L0ZTz|gB;{?wnh??_E zYS(9u(Av0oue{Ths_Gi{^-2?1FBsO3qCtG`$u-uPDJ%E8&h%8acu+)sCL3-%oM3p9 z%!YuvvG=YC-XTp;g1;7+5Pavs&6i}3NssloVE>#S;woKLPFq!S9L)wo0~X^%i^ZEI z#97nyyCRowa0;=;CQ)It-aPS=DL8<3q4_H0 z<@FZEmJuc(rzxF)z7N1Q)=Z8=seVURpY*t+xA!O}H>*FJf9IovqL8|dbt!W&r(+12 zzfr$V=sI6*ns`ApZx{e1J(z5epbF!Tz76>`tdw)Z(@=U6;ymuNW5T~8odiV6plZL= zIe#V~t90{ZGVV=~BuDbOhf1IzPG1jraly(IfN(_XnXip1)=+2DK-=DW_D(zh;ri^r zX@924#zzy2&^2bhpdAVMZ-_dHYK7|WW7YGeo|Ew;0}FqA!S0|njMME6g1x6C^~9tv zc?>WsSJC2Fb~R*Mvg!_EdabntH=O+1rhqOu^M!oZ9wAe|0LZb+x6cgjZ;^S8NvSe~ zjn)))*C&p~0PC&6;kmVjqJP72w!$cnzdwNoVR9o3}QtpR@S20D0pI;_qy@xL)j?7_CecQq6@Tm^f=nP zyeKd0>Y%u88ZZCdtUkeOCKx5p(P!ns`%kN<`8&8!@kem=HY4rJ?1zF-I((x}JHrj% zg&IEZ4e^yg1)J26n~0wjk_JS-;MRQg>|wBl@7!D=oop`CV|MeTlLXa?@7e=5@XM8l z*49~W@}3-DVkdPaUIQdirxT2CJNJlu7mbhJ<5k6KcLIdIRcoRzhj?T2tTf;l5b-%- zygyaM4>5+3kI^h(A4S%$DqYVpmU7}S)Co6`y%77Q2;Bt67VsM~u>Np&Hy^e5mSl)T zfl%m?N$|>0aiMBe=}qVDLfMcTb*3^l;V;Xx?#R!)mJR({2lF z)W!7Q@+H*~i-jhjzjn#IA~;9GhrWCu*9RD)$l4BwhUBXzc=_5VJz*K)%OL_RyXns`E_eZl*R?j!vVw7LeFa^u1o4D^PXlJf znsr!;43c-NcS6d{(>7v92hbm3Nf%G?XDHKus>S|$hBDE~9zXFFBy~-g$3x2ih&QB- z;+M&4AHQ*$k+I2x8io%M8zu1W-;n;v19NWK*(YnC<1a(>r{VnXh{`|1a9#uNnaf?D zoDUvh*yln;)`o2(blQip#(4!fP(1zjqvX%g0FsZHC%4doE?1?j#!re86Dk=fWFdxY zu$4P0JVL6nWk5oGjvVEx4YSksu}N2-LsF^B#VJ#10xC4=yT~V&PZ82FzuvK)_k+W` zz8dGP%iYjL3r8NK`SZiqx}c*=iKpX2&X!{<<2bPYP#nW-KULq7kRu!<-?{zR(itsa z9f9EcbOSrr|AQ|?CndQuToqgByfmz;k!LR5maXGEf3$g(p)%?+%t_ z?Sh|0ka>(|tGlXAoAm%1m80c($++FrxuNyQJeW@5E>Jy}C7b z3ylhU0mb@F0v324yIi+1(d7Sxv~M;F$$iA?RbR;;)GGb6uq19c|B0I4YcvI zeP3CE@}F37-fgY6m8~}I;OJLMGb>uX^ROJahy)#k6bQ(DQunY+-BD%M&ncqN}_vs6rTUxl1 zYMZUN=!~gv*sVIcZutwBMPt`!Ii#C@{6%U zhN_nzj)-@Tse%ok4H|OfLa5dAg9z70_r4Ows(+YX-X`i9Qiq8P!jjB{XW~HCR7l}8 z>uF(AJI?mehkd=f$*01kip)m2_TO){aIsa8k_a;N`L!W zrjGs8GsqQ5!zJ-ftwCDRN-O>m!Dfdi1%`|rSMTdb`gE^u=6N*s)t{MYOJm0Y6Vpk* z09VnMV;6O$778lwD|!wxHBM{Z9Ur7#jObF4lE*%*#;J;K>L=QFsH6k~`hwoa3r1gY zQ{I<{Q{9>wUyk(TF4Z8uNpfTYvqM3uKJLJte%HrX`|edOn>5=aqqK*zj&Y4V9*1!p zb?zO2`+%~b3zes>+N(m`xWL20<>6!AS1|%BjDF>Sl#XS><>WH-YHa@VACa_GtjULovF&lL;!2 zch|@szv;r0qvtG0a~&o2G)q69zvGJCie*sVK@_M>`tz2uaS{-VDWvB1xx~Y1nEA+^ zS$MugwTX%Fee>R^N{N%Q8FdO{4l+#h5=8&NH2hU-H^b_@oK;E_=Q?mm_J)XLDH}Ah zj8(O0U_{v)r(4O-Oo%SgY*70p!8&J&4>4&yQ(k)ey5=>WvIx%UP1|_(uA0)gFIY+6 z#y7<{N;5_W9bZB3Hc#ao^H5ctG2EmzCg6IV5t$4bG~vE@&*IZawU6C%2B+_XrGo3}M3 zF=X^c_s$34sl2@O&%5pv|Hrj5>YdfP!Q9%kG>t_}Vej1^Taj#rg~iPI%^}y#7;iJ@ z6{S8@bChUFxsaGbhmJ%&M8Q_SYE@qjZ4ThskVsQ4!}?X#Gro=SVhKNVl9dd=d23Tu zAPC4M^tHKE-c;^bW3tnINa&5GP74d$T65!2cYt=2tb+ck_tn{u6y69@A+P})wbv1$aeHO<`<`0lTG{DnOp8nr0^dD_|0~;V_`pI zkwcl2wL`UEqoe}zT+EO2pB>ar9kp)4U~BZiEG(LRr>=-u=Oakd#=T(P~mktzVT<6VSjst1u4*4-G3sabL?TAk$cL34cg8 zN>}&4@^3)I_1_6~Q~4*wOD@K)&7qQy<>Ri}>Th{mC3s>Qfsv6Ok6BA)qym}yX=9iM z0FB4+?gSXBXd$S?ioujyRQGh-sOwth7owfoVM6{g>sVJnV$@V*`k0ziggYH-9#e%m z5Tgm8{L!r=)~y}uS5co%?U^=v%9eiE0Im|oA;KGnQ$>B?+&7L{P%lcjLU+uAsdVJD zM1FCabEP*Z3U}7l}OCUr^kirwx!lfg% zqs-c9bc~ZI@4OcC%Q7Nsv+@GH0JFJYf7fgO0E*;4hgppEk43VbTX^qlvN`g{QtBuu zuEQ7Vi#0_u5On{Gz4riXYHia--A%EfNJp@N^dh~>RtZW82q6hwX@LX?Jv70+1x5O% z1(Fby00|@{NC_>JEeJ>n2q7R<={2BKL1droZ)VPX*PJsm-^_K+KlATlByS4Ph&NE*dL+;)T(>Q@~IUP#V^rEwzp)qLBD;Xw@vp9j5Bj)3kDy;Cdg4bmm4 zOwc7*?iyQ__xWSWnpl^8hRJm4(6r(JTK-in`IEWtRh|yD-u)_3QqEJ6R_?iZIxf2Q za^sW|Akv0OwBF(So|VywIpba+L`{^MZ=vhv?^vZSGRvpR&mY$tfl0upp+AQ4sSEgx zWLJ5KEYQA{JzfI4Trzr4o(zEcA?}=ZHYX0gc*MdQK*D7t5i=^@{1!z6TtTZ;c@9<$ z43O+a+Y4g3Wb?d_P!fy5kq@`IDQl*vgiJ&wO7ql8qT3WIX;c(T3?Sx~Ya-cLGC4vn zQ5meR&i8ESLsRoGrO8_0I2ZsSKhOP3>yVb#<-Xk9 zGhE9N-1!pAoiPakx%uJw)y+vmf4Nluraz953O&0mqnY3r<)V3Ek27EJ)gKr{qmUoE zH4aVz$1`qfuXFB3zC!I}1}GOvHh zGmnk%7`t38Cl>K$BaoL^fv+3WV&kGF>Se5QCeYxsSt;5O;warP+NkdeB6Z-Mva`jlKSYB)Ty@%b|rp0PLz~aGW z>V0=hA}jYL4q_pqhQI+IS9qp@--8`Cra!^*qY+Gxy1S6!WREzNFVR z*cC6o5DB?kr!ilOJ#O(vvzy7twX5&wazEW|;qEgpWB(mnt~&%#1a;>Y+z|=|rO}~w z3`|4mPi;nYU5|!y-^NG z8O~lt4s-O0&o<>>7sDp%mTBHQ4WN>j1cldhlibg?ULUO#4@GAyZ=`9QGi*RlOYDCw z+VP3;{MMT@uP!~aI_b52a7WI6P2YcHp|fu#?Xr!p?`WDPpH1!Ordd#RCibLO*$w;g z1Y*AO`0f14o-4n(oNcR@e3ZI55s{@v`|=H7L+dHL{IGXcIlbB^8DV#TM`{mg_Q$XL zgk7A1jyFEOo|XXbQ;Hhh5(Z|i4-*;efkfpM#pS#p?ofuJL}C_*@UQiavoV@OEqKOluD|5ohB^UT~|DO@SUmj zbNBMo$c(9T@Sq}!eh2cb(cXi?yAfVDotRsfQ)@1Sby%x7%gp)0eVaZvd1g4xn?_YN zQJA8E!S_E_8u*KsB@`&Gbn`>L7t|$%p#OsJHE!$K(dT1CuGs_KcoZL0Jk*xd6&+!(HB@q_5yh@03CytTRx?ld| z{OR-)$aOLN$kV|p@~0xHeSCQ|yUd^~Xe@`G5?N>*s1TWnP|H3}F8$pUfRLs8HvX!4 zY5}JZ**v*u!8+b31|sL|!dZfuZYwcbcb+Aea@5b7yeRtI|oXyXFt z^0*K&ZF|vu0UFB^{`G(ZY#cl_b+DeDJkfAoLWU%zz*5f<7}xum1JE8XGq9_(aj-9W>g zYk7K`f*PXfvD<7z#rzhNgD%S4E4+J4-thH3#ANx;^3~#0y$s1KZu?M!8pJolM=nk0 zesDOHvhgOym>wlwDA7yrzf&79ecX0s2d0R=rCn93mtfBv$}I3olt@c_QV^zJpsO3U zi`g+=4DZ`?`Z8|YFch#`5ahs-%Z|!lru*XhTFhM1ZJO7Urat+Z(LAE2Ufc;&7jv^F zRTsUR<|&!t%>pK_wcTXA4v~lrOJC-qg9nK*p4J&|c=&sxYsZisD-xh+W*BPrGYJAlhQrs!mlH+P$rzjrF}IX$N=b z;#BCWP^Oiim? z?#nzF{zl*Mp5nP|x*-E7N@fgzoLy6gWB`1=jq$w0fcT z>8GDa7PP(KB>#*5fXU0W^?ygv2hQP7x8dbL)^bB9FMlU7WkXxd%W3>@dw1ue<*>f_ zhOLgI+&lk9D}TAbF`=lQ{D}r>GiJ9|khbAIxRzt)epdiWRp`Do2}l-p7zbz!;Z2Kf zJzRDH9$#?=daL!YV_t?%BdGqX{I>N#QA)|Mf7C_kiF@yb4j(vCoWT0St@Y)nuI=>V zek<22Tp`#Pfx)go55lJ>_-FSsLs>rKwM`X)qhZlP_#lU{=;P%+lR_Lh=luP`)F2hz*=vX)m{^M9P zw+bO^UCdee)l`~7XBvDs^v&=$BIL93gO}rZk)l~DKhvaft zEuP=mT$pEA=&W0p@3Q(RXhqZD2d78LZpj&YAD2#9+Vl;*XG$%1AWuZ^7qr?;!qE=+2#D!iosNBrVCrsRW1$)=C$txr3|3k(Y1FBOgv__ zx&fLu)%XMb(yd~pzLyz~)i(7%F#y^7hFHl2IXwPc{aV+bAE7teS=-N@%^Mk?ARCib z)4d7s%8jbDO&~jbkU_7aLN|0ehj!lF25tFAl`{a%sd}rc?1cx+k7D(pDS@O$PmzEV(lBBMRl$CjAoKMq+K_G8j$UgP@TC&Lq z%-r+mYdbf$ud4u3Q}@^PHeMjva9Tfab;EM~ibldIXtjz#+4s719Y!kz=i3z8H zKoHoDDbJgo}l9G`5TlAh0#wSR=4*l5V;A7H-!* z89t$o=NoH3zz&;zz8A8=+jwu!vpjZmJGEsR_x#cdeL^Yn&U^XE`nfxy`&5r|f!Mb4 z3x=aUA9tg#{|*3-HCmqra!xk$*51-rOhwXq{;f=2GnxGJPCo-D(%o!O|@GDbTC}!CS_ngB(weL z_|RG<^4A2qPmo1rmO1*_3Vf)5OweT(5ql3i4PbD--Y=cZj$wF=`83xZKyQ^5F9$Wr8SqL7Ke7ajxN=u9L6o8{~VGRdo;drnL6-sU(d_lGNuo^6h(8JSI2dB8aFvprL9C zD|c{9cynao2A1kXo&-twdgtcpi!?*Z3%qf!(aHHunca&)>5w7oTsm@x&o-E=`#~hT zMd`TFC!R85Z;xu?byK>CXTZSQ=y|9gsk0goDA^9Smz6Zg7E6^2^&FDt6i8{kO`=0h zOuq_Lwj$wU8b?z8!x(3%+87Z@CMV0(usP2^6Aqmcy{asX`!)J_pO$?xk2~OymApbE zZYCaE+8 zG%7W>ORPYv0c}1Hdu9^Nlbtj12Wz45`l%Q9GRAh9y)=KHGy0*qB(FCd zey zqFFaIQe_s^99MHc_}!619Qmud)7e}~9ectJBAZWD6R^^9e8`-|WC5u0U0OK}${5lQBWjTO2)F zhEAK_%<1M>p$y9=vqREU?hFmL#MBT#W?z^poHy~&$hdb~jVksem?_f1XXcD^uiccm zQhgc?qk^vHRXx6RkFK==ihqD;D6_C~cY9>(&pwdwkIw4_y<8bXddXGwK-_Tqh#6WL zKxm1{Qa#G?P2k2%gcyFE-qWBa%E$xfMdFmxlr|y=OIcU zE)9c7$l=_4B}TkCve($cxdK}OtnbXfrmi`^J}b^jDM_vF4Whcty+hHJ95^g&YGJ_t!cG>2G0nv7pL9#9Fo48Q|`cP|+TR4ZI>WBGGX#`&Lp`+L#3+cv- zX#2T*yB>|JA|@vgwLwYMAQamgOeRQ6%ZPBp=efCaxw-QRsbN1i!MMDr5ET|!c!>-r zV+n5DSbHm+8*5KUNS2mCbF&n;_b&c-Vg&16s_X2E`L^`MsqODv{q`pl43{+N+H#)9=RU-YS@?FazP4go*OVOnl7JzwA z2SDXpbr)gJF|Dfec{k!=Y&!Mwt?sDDPR#jAdx;WK%>xDi7X?Zc;7pLQfq61KouaJ) z!CCSg-X+2y(i~Q0R!1G%(Z##Ob0vEmz)N&2@YYF*8>NGYterg764nbX2$;`aPzGqb z5I4vaG2zoudEb)V|lZVAk zb#`^uR1=K%pwHfmP}+ICZC-7OtsmLhEO}t|E>F9rqvZlGC|_UN@}i^&%<(O3oka)o zSBzGvU?or{PV?3zwkOZ{F&%obq~l9LwGxh71|mEOsJ-}gz1_jlVmN+7^F&F9eNo8%8?AOm zc*prsUQNr_zo*+t4(=6CL4S?VnV9TN(ruPmSmQ*LYx-EyZ6lKQN?P6KSM#deRn+<7 zP^%x>cNt+vX{YL-VbLlvX!b4#IZ6IBH%I(FXO})Sp?0_Y zQy;6Btkx%VFh*9fE4dvoInpIFC025~&{Cq`IH`94sPX2uH#`!8Bg~bss&PV_`|^?* ziPx?f*sm}_Y;qvEbRL5VhSytIp>#U-d?vc!j`7-lM zCF^d(o|<3sgstT9)w{mZXnvDZ=1O|H+`{D(-)mmfgTXi)XuKelFX}3)p6olIzCiQv zp?Ot1k&*DvH@1S)tQz%NE~us$ju9X_(a=X&DO8`YG2w8>Fh*r5v)hk@q+ImJX?Pk>KDH6Ok(Op2udI z4zp@IO^nL@ruN!5nEtP<3*X0d!Kk}4apz)@ zL2rOn#Ep$mm&CXNtD?_8{>`WUD?^c!AJVwv%ava!|2BBRsBmMiW&6RZY{X#a*Vu!w z9j)(8uf#w6EBk+Y^AvKe0getmJCC9mgg>kFHT`i`<VyObS2XNIlCc#r3DE~h@JN_@yMAz4xc zm(3Jf>S$O_=poKCr?L&=gKvyX5xj%8rG#UtdiH`EG8jz(-y)B@at7XwS5I<7{XJ@s z!$flt+KjwyxY}ziGfF}D_?t*Il){AJhx$X04pBx{zlPN}V~bF){B`kxr;T1>GlseB zwe^0US{bF+NQsV)I|}}1Cf6-TBj=rJVe{5}bkvRuV!MM6z+ECgC*Tu3bpVhecv&TI z5FE+|{&?Op6m1Wm2TIvk+Vv60r3Rkq8mtVv4tSx+?eovx|C*RQ-=Yx0B~WiJnm_yK z<4O7Lc8RN?Lih26BLo%XtOoGJtCb9VYErmjn>%#j3BRe(O7XSNP`CSNd7xs&Y5CG1 zYS`6^N7IGQ_g%nQd{}!>DJx{LL@JjN*VSd)8!+mKx2FmeK8wa$6;%k@CRJh z^fx*VhmF3*+PzW!<(LS43d5**N-NVHKr>Jp(Z;h{{s_DL<$MqOFjW3qMsy18E~_^y z{pExi=_H0$wz&tk`KXftzi&Nbsg-kDCn0wN=;f}d31!q{p10gpT-&*}!}n!7=0I}a zOqJ-4kj0`@c=u+ggG1z=#lo8P1^-@{Qm>z}@h0jmF)#t^7C_FER<=%2=T|jmolkxo zGSYCfK2=RZs{lE-dg0|kY|y(^pe>1A6k!rltoIT(Y~FK?xl+COyj>X10$E zL74K0m5d8FD~v6yu(hy)NSxDbO%+*KgXT0b4m7NTFbP;Sl+sAt7E@bk02snmXyJN( ziwOzNx@_mefB0|zPVmI(r>FXJDt^`pUthi5kpf|*{t=i4^-Uh=eQ9<*3&U}SiZ%` zRxT!i;x;ef#|8+PZD{k%=cNIM4ELU5hE~Di&|r6;XNP4D-_AeD(vSJ{lD)P9I?a(1 ze_6TaVn8xn$B*2Wjk~;kN2lS*9E8%lPy8{g?$M%DH(}CfZY}6`o9^@mE zCwyYNh;x7PK(fv+Swe^lM{w10s1` zj_1?MLV2@+qF4ERaqc{=Fbhzcn*O;SD^rPO{N`-muFqF%XY5WRlM-q?D`?+6!g1v1 z@9Bpz`MY#N>-jq4$9&=XnZhro3R#amkvi%WaWK#B$P7Dw?3l{9vAsl(8OL38 zNStY?M`lNIzPk=fo;(Nk{PAm*_ZVNAYx*}M#FqJ}t58L$F3U+Z&v;i=yGJ{I9qsm zq-G;(W^bYPz1+Z}#e&FTkk3wG)v5l?ikT+B^0^(E#uqZ+r6sfT2Uh2Q`J2!5&xYUq zg8#xL7HT;f<6;u8N*-{LjZuFb0~}Sx;}sv*8Ic}?9!h2Kp#FJ>e`m{YlHvQB5?>BA zrI8SH>Yo#)Z zcJNPL4`p7P0n4Y%N+xzM-AyG8lF~(`Z?z2x#{*_!xTIRsM@gbeH{tk|K5N5rY!pzO z6xksE|DTL{R`2$Iy((S}3G2rziJ!fS!ldgvYlC%KXT&^CE

okZ_M_n$Z0J3Bpo5OpTOmqhTso=*vyLT$pJ#*8Q2 z4ML3V*Nn!A%QRuvgSt$s$vWjUkQ2$_n!Z)!uTlX9fpY^|rSpH_mgMVY=SOmEvXPq|s z?B&YQD7@+6z`Z!%Od~F1d0-iT&!481&g8zUBI*4Yl+kH7YU|X9wEGIg>>zcOqhjtB z)>7!tg)YoaFTY)LK;(EUNGYz-YocGR4bC&m9(VvxiLO}G(-QmhxS3>gK|LG6a`hUzw;0`e|H|Koluhq}Q z#b4am)LCB7S$Rv>ZOXT~d4waMYA=>f+Rc38`1drqKYnUg9lfQ7X&E^^mZtdS8&eH^ zhYxzH$L5p)7ZwC`DoyR~=3UD-uI1e`-yXO(sIXd8FQzmqad}cZJx5ouA~9$=zi%e< zv#UZoC`Sp7cAq>cUJ=*@wOZITlK=?GW(XZ~DUwl0Gc{-Km5~M7y`C#zlbyP~#40;M z2rzG8KPm3$B15tAMPAx1;1ZgbCs_+9XBCxQGVMEQHh0;*#&_b!&W5duf2+@VC1Qm_ zg~9-TvAcV>g0&t`sNDzM_2IXS zb`?KB33Gn$2_!!?m=Uw?L)X{A`6n~LUfPrB#_vx}HGzgCKQk5_&A*j_kr9eP$mdVV zO`vRl?Twd(3Op36QK2|Op(G^)(GDD|xAoQ*i(MTj02mc$dn?rW9uR9`J}ylvvu|B6(Ir@fOF>n&t-?_rP7~8f2gzI z5nMa1YoK*}Jy*P^;CSq?t^wb*=aX1#ul;Vo{!N?DnRwIY&+2{S-Rl!^N7GK~BO!59 z_2wPj$5Q{%%MJYA)^QczS=C5iCHLHZDQHXjtS96hK<@CWE6?nj1k3qeC$+v8{|oiynS^%^O8^`yJ+u%ANf4nu0mM{(cqz-uC;ON{_<&&Fbkax>6fivEt`R zj8Al`_=)4g-{@>yuloW2>CYalVyodGzaJ*x5(_TpX6sMhR<&zulzL6=w{DQUKLB%j zQ9V)z^TVq;VCJj^r&f4$KhKI$u(~0R{ORqToyO#in2~y6C7NYIbz+@yp`ob@N)5qWa;(Sa?a3Bz^(lspaGH|V1$CEJe z61Ja|WR^X!;vb#y(nVQZbj5$MzmrwE={+;2-b`A)+$BM?V4#U)#v`NWrR!AMMl#A< zZ%PG3q4P3T`O;aA3sLiJsMvM^W-Zeh2BfbxcitC?ytqq*;*aEN<2Dba7!A2Rm*NHA zqX-qy0yWyS6{q3{6`&!q2dxQa6ylJeBh=isx=HBG_iy*<8WFMe@*NblQj>vKTABWq zO4Z;8@2y*nGL0@d$Gc?u$k?)&auq8`DbUi(J+mCm-hZS+!>8-hznQuwF5C;P?+V~j zS8|NilV}ObdhT~|Wk8l4+`D^it8 z7gR?tqape50fQC;BS(j*7;SHv-qeS3_NgTlI{Y))m)7XoSb)!;_XukYlFgaCq?Qd7 z?y7a1N(+a+(iNaIAC3dQo306W)s{j!u(jz1s;_>@39Nc~zuSYIw9x5{S6IeE%4}Kk zaY5!FMFUD&m1-G-xfs)yQJiwA%{0ya5yjhmG?Y~ag@+WrCeoKK<>m|wr5GHm=TXfG z80uz*;9ARy`L2zt#5LCaJzw>&=YBaIJoO$p&d7>wFp9VqvKykXxc<~)&oMycs6-~^ zRrK+((v5G9F-Ow{`zjh-s`osmaifhIezWa(MvOhhC%sPAetNVc=*Fbc(5Xhv=)v;L zL%UNu(&2Fyi;Z1UU<|naAr%+MJOyX!vQVBb{!neF+%c>MTMO06717F8$H_rv>dmi? z_7s>D&Eys*BK!K0f+h^%g0Y=^l>PRIvG3R16atX1Hl25`l4=WImqDX_K-QpE87Wz6 zNgpa|EK5o?esD3AG&!ANZcXu89xdjPdW*LK$-ruHX!p^4`ejOE(h+TApyp)Zdb-*3 z(|$a6?y3c3=^+?2xAqg2lnc4D~oM;x316l}#^yr5C2(=lZv_ zgGD(_7;Q=EotGN<^Vxy7GY}nZoY;@0ry$R|kHyv#gS>`2Ns2(tGgW!R)hDI!s!X9C zt->yMeD}DwlcCgbHd20do|?`Zbpn$r(KioK-&gh=v@Va*A=|~31Xxx3Jt&b5%78Ct z6W~L6MwYu`E1u=dCo^(D-6l@YWK#8!CBKP-Qv9d`2IyTB$aj9-t5;2Wf5KcE;fW^jVYb z5ia$06qY_+O~uy4TH+khLQ$EvX!lsR$Yd@7KX&4T3q_3TQDd7XzxCD%fyKIKPb`Q| zpuJjpnaBzrH8ul=OnY6cxNBG}s&%x&is|>p{o!45q-j__vLa7T_q(*}R~a8>-Sd$S zvWb#ZB29IzV)h zqY778V400j8s$lQVE&1w`4Ow&E1qcf5FgF$KGA{jK5%djTKw%w@7cc{{2NBY$6RT? z(u2wD9pdg~hJ7_p;PPH9Wn=@_Bzm83UzG%1%x^_NT`_Vo@+oiJFMkBZ11=niOXnyj z^44MW)#FAd2qAP`mt`F1Leb6yHeE0wy0Umc%VH*+27=5xFv@VyhY8ua#Yh7+88wg4 z9TK=!a=?4p7>w8~Ala6s*4vK39AP>1;03D99RV3{LZR}j3%&&(Yd-$dIerfh)<}+M z**B>{pL!W0Dw7B=%_>9!!VoTZi=ZM?XLt|!dS%hKeqvfJkheXd7G{@okxMzBe3C5Z zQJOBm2ma4{T?!|Qk{@6{kS6=Iy4;(B-RN1Ga=nTU9CEf*Yz8g8!*>ldXT;&$?lt4Y zZOqEvQoCVUE(yKbmL=nR=178JM%y8<HgI0RQp#EBJS}f4MC4 z|2y*j+&Q2Ee}D}1pTteZ4N7@%lW$|}6D@SNw&k4Z8J8K^>q@}UDWZoi;y=P3O z99If*fDA(W?vw}lwXXAhNi)vSeVJ z$e@&4M&(Y6t7F&KykFUmjd#DT@~uV+(NS2wai1p&E-xd4VLoW^v&*Q+?2w3otjM&} z6#To*jYkFig$_*GIf?nTYwbs%@hF^}qcWZa+cN;Np)V+IX$Mx6c3o&^-c22;{q#YY z?ZIxsJvl2ngO5-WVoIqHC%cs=)0I(Mpfd#vPb8@-O6m|R2lPd|3~Hs<-o~knlDAE} zXs&_EC$7Fv@ncYctX*uY+?I9C++Gd!b$)Qa^v2bS)4BfTDLa-G6u>)hy-k)x99qRH zNsUIoHS)j~p6<%Qu*+F8vQCJflDY4fNhcK>)Nc~zyzG-h-NluYe8)i8(6HA>k346( zBD7Oyy4{ns-M*L_%G}p17#IB#{t0>UIBQ`0$PQ8zn+K*L7Z@W$z}+TjiU&<%yGm)CEF z5k|N7)MU(`9?bp_Bpy88V7wN!p>b-Zps>ZQcRZ!a_9St)q%W&%IWCLyr;Q7JDuG>U z@oI}-&*8MGXAe8=L)!oBL~48PHP`2wMd+daB3V37&Nx%plA$tJ_9JkBc*QZpTbYn$ zIx?~5Tr**sZpK)oVCWG=^j}=hV|iqxz|7Wm)4t44{`U5>Ds#Vm*pONM5M^m_-40t_ z!$hi~`4|B4>W*|ySg;a&B6hmgYJJl~!JAy-zUz$178*ez=Ad9mo9bYIWGs}J7vR(o z^2o}~|E!O&D!zLy`AsGaux4Yhkf)6t!ZY*VzwFZa=FSiPmmTpnGk39~cX5LpIEf3| z32l<6z1i?PFZ`q^NGk767qRz`{ldO6-@LT z!=oF=WLFwjJm<6+xgd*N#EjGuOaZq=K0B`*@!j9;TD z1~2HXujjnLp{rldxj)qM*^-*9%WBLSDv|jxraGc?!n3aXgOS9WC`!8kSBm;Lo_|}d zNkB_ARdU@=uh2>M&UZDZr8TJJLq{IvHQyfW%F|D$E2`5oD(P3dZBidDPOV_`2b!ew z`qn0U)!b1Ae)@~UeZo-%$~>l#KGOFx3tXc7vfBJ!Z#O)fW0&=lEb%+&eP9^ac+f7U z+IzcZJiCnT-oNHt@jNrJUBP+0b~gEC*tj`Tit1HPD;S~(mx3UBWv)|ZD>qBb+*l%d zI*B!0){k9blmd|Q_;9Mb3rT~~H5XE+x!z^DK*Uo#eb_xQxIek;!jn=AaKm%(C>WfZu7n}EfnzbiZ zh||yq@&D0iZFI`Ld@8{^XfhpHR%olcul>%ds8-=Dws%3N(0?4$`5fqVJ7h z3yGR(g%wtERoc1Zl{5j=PgP4yZA@0omk}R}g=4gGOwhS)DBauvwp_YChje=9C5HRo zImh2MNwB<|e5>guAOG<_J;AJp>Vc&?E&%DEY?m)NiaiuMN7!#KWC7S*B)Mau zc)r|>HrhE_1z@3(4UDyzj2Qs3#sDd%0f6jpQ0^AZ-(C+B71KZeTYt#qm*m4O+sgv5 z=5oOaM}%1>Re%7rTXp?cIug3%p7iQv2(1A5Ox_J!^3onv6qZ>M_aK0_AIl*R7#}Vz zTQwBCUvwMvkKUI)91~2y3SKvGgh65<7}V>r>_RjoRxjHrelzf8psd(R|GFEoH3^?K zAl}kyYJ+@&ii*JsBZaGcQ&IGo8y0G;T0s{lE0cNxWg~lmt3cR+l5~16`=L<%2`vxr zJh=jvD$nh$`K@-&&C7NglThQ==~wFHVAC$>8`QX%DpyvhCH1Z{tg#DgWHGM!=DmaCG=ufPGs(8&AD;|Nj%~oYP9E)j zQxPzqh^x`A4}jU(3nIDZKM$cJttUOQ^%rgp@=sbdbXg};+SGw zJd5~3U(pH);(3+&}u+RlJMzA5a|1*s+TFf=@NX}OA5*E zkMA?hQ{YqexDD>G05RxkFmi2xiDt;a08kyIYpMX4fOJj+fD|L0ny-xll=)G?+P})r zw*u|2Hq>R^x%_q*6e3Fk0YH>jlz?GdkWGzE3(%0#g{3odAb1@SLa%Af^D1nAaAtAt zoAB!@S*V~Qlsb&@6872y{Q5Hd>$%Ve?(fTm<$dltKcQGO69i@Po-2m>flx~vWTHo( zxGs20Vf7Wf#Um{WL#>#6$TpS+3XYCvr1Jujj6t|Tr|vQsV!1u#s_D86269Ee%GA4F zh^kV+V_H3G9tsU~x!@*O100ntT9tKOsw0%VN^?oRbqC~Jl<>qsfxRi5@2Zy*VDfaS z>sUXy9ENB4&?KC??Z4+EycHIREBFIFrL!9E%LnXFexEBtxjldUL*ULzDH?l_)YsvuweJh+-~y~xM5xnxPT8kLQEk6kH?nL zuGj0FIzcjnSgEKL10r+4C&-K54ADd|DZx1KI;)B1WBL$=Kopf@wN3kV?=B$e!;ixy z2f9Emk1`ta8#OEn>w1x{G`0HhTRPh-!aWL2*D;O7U56J=yXJ}B+?|Yx0u@3cC41JH z5MJ*QLrc+yR$~JnS$ZJB*W{CKJJnEpxWz9Sa|}&vjx%P+&at)Gw%67%PSwL-_d&>p zDLFF)Q1@m8DRlvr-%AJ7`_93<+BnOk$Hoaw*Qi5dwAIwu+)jLr#56OwSI=zFj>66x ziBwZczBEQkl@W)W%%^T^tkMHg2*_${kGxPbX6zm+bz9CRYQd#jH?6!PGAGKC;*+eb zSN|q0Hyz>f^i_^W`5B@-@4FZ)wL0etnCFkV0wV?2Z$2;FuZkj0H&~1f zZp(NZq0S!k%F~|pzD8lGT!y2dpa4n8>EbN+&W4@*E@ull9(ATYBufutGP3 z$>BL%i7u17eJhfpg39p5NMyj21VH+BzV-??##>0)!Mr@mi>g>~8TEn2jQZUIHPthf z>+^H-N)-a(Fu!AsHfhZKD}Ep3+=#D*Z-y}{LAH$(%bF)mg>@RM}$*Gu5n0Yu`vcTgpe!(j+vq`;v?^9?99oQm4J)) z(!r6JnDfR*Toa`GM1#rC16V}}Dln>JNi!ardFX97yUMbA+B+x%hn9JxY0*j6SSL;} zU40h3Q2SxqY!y+6RT9p32#*}^lh%G2keKLY6Jl3iRGMM;Jmv&=?OI5~VnF&H z9QDZ*JH4JXGsOOd`&|`_!fp3VKBxcqw()Y{MmRA-$9qCFd~p{$3zo2rj%O)rPlTSp zI!39Z1T7WQb~G_g#Hsh_NwY78HlCP}zFul3!wPNfhz^?TB*0ai9Y_(iLSwJD&7~H= zK;2`aY*vo;BcaGLyq3430*bhXf%i@=cLuPVCJ0Gfv@yJ`@ZiPdSjdlfD;0CaIa7p2cDJ6u|m`18k>VecmA@dbm z(}KtlaVi!7B*}54<|dg%`b-mKV8E$+0%;p>Yvf! z9Sv%y9G%BUY7ly!*HIj%xjNzdOn<}D4ea;$2aNoEYxPY6ATDiwpFUwsIIQ*FDX<15 z>(@+|EtNg!`WO!LF+Oadx{gyLNyP43ShS8OMyG0D5#{gqkUBY!+Em}lcOQMWoplQ+ zoEfxf0Xkij4wv^ltbY1XfQ@1(ZuW1nr5-pvwzOMXqns7GsVRop1G)Y2s{T({{xd}W z{=3inUyZ2ixAqIu$>0gTS>#uNkZ{9HgemD#&6GY(PTe2CXMR1$CbrQLV)OFk@lkN$ zQ64wJYdP?{Gn{{%an0(!-MB^CA+9ace9wD+L3RmHxb_cSj=vm|o~<=8`J!~R(BwnW@B?X9r0IIHU3#IT%|C+l~g7i2Kvj@JXKz(&-Na09H;OpG5I z-~AU^$cSk-v>sZkvU zO=sD=Gr0L?T>vE2J@>(bx|u$vdhm2Y{Z70-OK^JbZ`i0Ec}@$74B z;2QSdbIbmr8vkzmgQfH8sS0mAuV>!NZgeSI#k&FL1d+m=C~A^A!npQX!##vdA6=pK z4gth>=}sTgA?a;5>}azzfuu?>QV>KWp0XUNxgKmZkPY9nihlWe4uDNVM;x?e6fWk7 zKuWvqn_$?eGl4;K*waDl?7EN39!RWr`&0&+u^s63>^8q{pA8hijaE)> z9S!JB*VqFW(w*aO|8Bzxx-;M?+=Q5Q zN1;8&^J|r!PO8Wd45jEiSf8gk>&=K#8k0tgnVXf*{H%o(&A(3;)i z7QxZ|<2f-;S*PF%i2-idjVl4siDoAA2E&GCG-CxpLE9eJ+c2M+q!P>+(NO?}U4TJ{ z)e0ToAN+og{Fk=hI&xIQ^&}N0u0(FlF8%oR98*~4iaJK8*c$Hg@dmb@XAlZMrL1#( zL-^^xbe#Xv&VMz%phi{mjVDafR)5LakF+~Ky7XuFVmdZz!Zk0~)mXR6fAO(9)3ct- z;Tf*n2$|idR*eXe7Y(RvC%zuLIrz(cTV=ELTFW-3RTdk!eyj$BX(zn0j}-sJLGIa~1^}zoMWP zwmR;?_)IQnpzDlulAfP&iNN*CA3EN@8U5wJE)g@_*t`DIRyA-d^A|6>|F~Ybxv?~5 zG)<->b^E;sLk)j>_}$J9coy1Qxz>5o_arJwM^%bGo)i^4JOA}u`Z^fE`Q>oq3Usr zhld6V2U+NhqFH({^}r@b%W)s8AOafwB{kWUYAmfw2q&7B5*PyVjTto>?#-qhf^+e~ zWGnx2ERBj{HCkR5NUAjQG4d02iQt{K)6J_o7OzO%%BVViAxO3WE1~nEnCOs zNjVcbFAi^%aQYz&V}7<@lO)=ri6Pvf{6|Fn+O|&l?P0ZBDQN5kDveWZ-30 z;tF}4jfom5iH-;K)c0sa*BfXvGBOxm^Rym9g?{1~ve3RHcI~xkDnM1xD*edPf%$Q! z${qIpH1A9N@(&mb*mRr)X7okldR$h!ZPEh#0t8EM@Epv2%$WZSJEbaU*hLW&)1l7W z#s&l43dyL{Y?@Rz-X`qAszuK@kuK8Y4`3B3>izzY;iCTP$Nd)t|4d-dUmWWH_~XAG zC(&UR6CTTtWX0PUlgZDeze^Pz#U%zx} zw#@yT>U(`goe=4|6=bwpqlK$ zd|%Yhf(R;As)Z(9dbc1Q0zycDP?Syrgc>?l1nJTx6sds(0zwEa6b0#o76L*DNbewB zK=kCBnKNhZnRDl?bJxtecg>xwtd(~q`+Zl|&d%QNexCpH`(Gf>NF9v2Otl=O$UWuz z9XEe^%7^#P7CO}#nVHl(XRIP@emJ=X@B7$ycqzlow~cE_4$~9xYW53c zsFQ7HPWr&1tirU(uB7k(nDHsJ8UOJAtr`Cue1+r>NDtg_q~KvmF?BYUd3Rj%Q!2By zgpq1p2I8M4z;|HT$ROvZkM)P~5&^*8+L@6f0V$H~UemhE zrEM0Zx#~rwdaM`i#6H+bCmWIxmxl}pZ4DCt4!b&FTgit*EE`@FM^HUyv3i3(ec zTayhfMNjjvmR0KO8xa5dx!YSXS?{yoL-VSD5o~CF^ZkD(>}e)Ye?PIk7Ajvpb1{GB z=qN&nh00b|rpETOh*u8+$j_H68UXO+^_V-6op)vznk3CHwF?<0#VV|4I~8kHiIt~w zebvTH#7v)Q-au4{DGJ%Bq7}WzlEEQoQlmP9-F%59jXyHpc7q$BTPtj(!3kc{GwUWX z$69wJtc68A+`1nZIA2cY+X<|7p6D?Kb$vJ#gmLZoV-iFUJD`2$YpV5ya94#~SLH;l2fv3q6Da$=!%*C3)D3iwP;R9t~Du*-aJPsLkOB)b?wn z&XmYIE9_ikaqp|)?k8J|awCBgsT*%^lFdQ;&heSH3`?x_qk#*V=SeL}{ zo0o;}R2d~z>E`R}$-smPKjml%(0o{fgp*vgEenwr>wohgE`RMalJ34&X83iEXW8Bp zJg9E0G48LD+{${sn51BW^;0Lg4U-Zc*`L%DV&Xx$ericyM8nV!h!aOHmhoNH)7WBS zd-vd=x4e?hSA9j2!4UyFnUGZvQENx|PS^5e2JXXw-5d@%C9O;18|&*E%T(TTg=CX$smy#PM0K)WIZ(+=i+)eAj5{us@%2w9)?fI6TY%`64#hP z9G;483bF~|4=y#wl1DJg7?eX&gBZ%5fFQ{NdPGqT&QOeCH+#eP|C8zT|E}%7YXaoP z)K|h}ZLo`kt*r`U2junUE*Q)f!cXBa;xCzvopvQS*nBPji0@)ONcUKX^EkOsQ^W*w zcq^C@2kP;(5|oWdmJC<=ETeJZ9zL)6sejFuVe!LO_$aW^8IaN~5CdH@g$hOtN*vzadPgNhRTCoc znMnwFU7XxXiOw47Q~R1tXMI?a=Phya?r})_^0yA9WA_R{>F5!%u+3UDm-wKEiX zKXhB9>4c6op*_z>f#ZI{5BJWhxoB@UU6*2M$8bdE#+e-l%6S)OLjt~Tf7(9k^rM_K zUwj__J9|Imlg~CS335!>oUoblR;RB`*u;Nic#DgPAXYLE{&|Ek@$FeltP3nn?_fiWgQx7%eL7XmjH^=@d~vJ0W= z!0+z+z5sjBf-{NVCs^(W{ zplUr{@>o{vH5GG6qv{)#k_eTBW+qne{HYi3{`h&hSl|cJ;=JwOUs8uV*z+#Sx8bqh zS$@(h`rE5}pT7mZKG+`GKH9F^Dw@M0tJrUD;+l`8yloTM(4a$gSF1S>tNpQ&(dNY^ILFA zHPy7LeI#$);8pl89~q4nNWKVI-nE7R#}>uCk$!J8?kX4XRMzE8fb@w%>AsZI%YuDh zGPz=qylpVsJu&C4TFkv-5VumIVjp+A^I8`slty(QVkrOTPNyAM$a4ovzTD(>7&&|~ zgqL@CK&IYt!A{NWWl&9(H%BwHy}igDH33OAJAs?Ufy1sucCXFoiE_MU**kPcZ4xaU zrt$mX8CT>X*|_k94p#)ZIMkSj7DjdtFm0i!oR_!Kr%M|S#VLot>C)y63iT%MP)OkK zHCwMhRi(NO3LTEvlR0|&L0$amMEdsIJ;Gt<$a&K1lZC+LpBsnJX%}Am(m!-9#?K#c zmpKjEaL;89W}h2m@D4lQv8Op1!2aIpe-}Xd|6i2|-I*gkzp#0Y%KqWIP5H&%KNo~E zES4Sz1YI=h5Bc@1w&nJQ&(-b6D~tcgKq#7IImQmF|II)M@v!$?tl$cII^L3;LdsJp z`1CJ_%Kz^8U&XinkJD%MqtuKC8JpK-N|qwz`=Owet?w^(v-`RWa&D^pL+-38L0#(O zrn5(L!J_q2DtMrZfA__4S4PcI-tN|O)}J4POcj=T_jLnUBomrHS7dhhmh8^#di{)4 z7l$tTB>khl0R8W*FSvL<>QjyGn0BtmhP2(jGgK!-m+X_e%kRWzie)fGF3^jCkg+Rw zQ=)6^WV&nN)3L?{t1kpS0t9o{FAfzM~I(8{4d?go2s}pui+hh2iwAiO>y7k2aH<3i>$URF)p@T>4;E! zH{TEW;&a`Y;kS5VYaKF5g1N71B}vAOein&WX@8`l1&V{DwggK4fAPYdht?Z!s`S;u#sz^qJAR{#LFNqU`L#nKNDP798kGAK+6dT zrdd38ci?lp73$LcP*&Zg5z#DVrCb3~`Oqk`$Jno04!=zO7T&m+I-%(rC-426f zVRMRnYEb#AhvmFQc~7=@rPt}39!3cvOv&%EH!sTt7cPGDHA(MQ@ZZ7)Oa=q<8?p=H zw1>8@yt9xfVQpV{c2Gmqg1>vgV{fgbQ601X80unp zJ+QiIyJ?ZylY$}mZ+=sC-+ohM0dgfH0a_QxqVn+fr}RT!k!h3e zf;fWE^zoc4=?kqvqXs=cLlPvQi;WF>ouKWJZ)Jf1lJ3Mt)eG?H#5d&PyuP zMI>0hxF8BDHCGu~0#er9%oedDrP>l!;#E?ZOZ_bN)N_s6(^Elt)wsxIjQW zj{Kn&T4dBq95ofE*qY5l&?=>sh1T?{ZZ<`?%2vhWgvv&>Tr!|$=Y$_VITGU@SAPD5 zARVDoJ8q+(zO5PLIa$pWj?*F>yNxT!wt`rYS`!3#p`axp9F^$bTYLu%5KS_WldYy2 zs1_`(uOdBqur6ihY(r+gUpqGqjpe@1v9L%>OUqs%K6ug(wWL7eHR@}#Xw}?WCIc)t z>!sC5EZx$wEG*2gn@jx&Vep9&u|{)5U5UAu(Ic;8!aEt3>b$?6niTmY>DQD|#Y2^wdpTm>3w@(7CWj`;+%@qY!Jl^1UWdRkUqH?kiw{yr8d@YPt#t%4pi z*{?=6k(CEZK2HqgCN=19a)k2|D*-%KLuKyNN==_7aT1H!x3(O&U!psRzJA%-bd0mJ zXzi!hNyJM4aheT^28)4QW%w{re2`{}QW@^AeLXxV@&1w`e+P2I8gES@umF0T?f>E7 z^?_!%LGyl%T73Q^Z#1PH-j{V3QNZGC#HunBg%iHa>-u#(`7Kkmy?b|SBt%-lapp1h zMy8Bc-e@c!L+Qzyw$Oi~6P{{;U;dk`#u;hGNp-;++?(gyj=cS@y@-BbjQGbyfXw$u zvTefOiGbBZrk4}B|K?@>=|i9ZK9IVG^D3B3${1a}%SMwKGc zB7F7tSy#!Jj*shW8k;4>3gg++f!TuF@;?`X{5wRHy#vOj%yNwUaK?R$?q@|CtFLtW z%xA?A1_DOa!^x^SyXEFMUhVP39-jg8dQX)#apCaWqTV?cx8?SkPO;zf-+w2v9T?p3 z5}x3EIhEZY>n{l&0>9o{!}3~9a7h=q9*-2+$1Ipr{Es zgH+Sg&PO(7$Ti}H~Oo1!MoQTUp# z@kH`x%i)>MU4^96JiE!x_#F@DuI#zuK8Qhp>3V5=%`qi|v}%%;uqC-Aewvu}<-Mo{~N z$KLOe7H!VoG#N1N3xtkkHRlFNq>7fXgpC4Ni&777Ov1cgmP{cDREY`72_*$Na5|^a zD3PBSpGn~Eu1V?qyuaY)w1@>mao236(qQAM#VNiy_c{;7IQQA&|5#x3@&T#Zw7Ik{soD}WN`Ai^IB?jPN`K{<2Q%MH@k`BBkraIH;xGc%s zYyvAEAbwK;3FW_Jl$2~h^HQ05#+f_GzoE3bw@;vCFOxs_^1^DhYgXhh@3(ww6$9Rf+E)cv9JF}mwDvT^Sn$FuXb<0@Ul>;}E^ z>-6ym5Q` z`ai*+cGf#JVP(@fx=8Ix0d!i zG069Z-5TO+ukKV+O2r!R=8$=I_4Sx26O2tN>@l0O=SBLCK>b1oVI~`bLYu3%MS@9i z*vL5!HZ{gA~2X!!3;y$Hvd+I@LlJf*C&cES6Mmmq8K)z#9 zwlVkai@>$$7?D2YGZ8g0w7Lq+XsV1l;Wtocet*J$0}NyP;yYtqY`>ry{MI@#29~u4 zBf>h$$Dq|cWz}Qv>S7S&MAuto(O!YF1~(!hrt*h*D!(75vkW58g_tQ|_N0YgoCsHZ z8(#dC>avI^&AbHJzXO@gm}JYb46IX_`B8AmopMcbQUQwd5ATnqv$JIa} z$>0)E?r*KSIE}EX&_S~?po0)3{9Pl8!gM%*_{1XfBbm#OZp@(|5ntgIB@!Gg)vrye zpAbgsZWY=H%UJV8QaTJcgMNJbi?JSffBN_4gS&CJej}0L=LUBL949>^#gV@addDwx zwFl0QxWDNwzU3HG{>EWkfuds!Awe1{r~#_SHkaeaiCU`?r0mv}UX?XH+TD9`+V#r; zTuXgy8Qa4dFRnUg0aCX`)v4a~I$ZN^_m4aE0w~d+>gswY#>&VNXw|%EmOc2`y=B|K zCOt1YK3rqau~8A|;`sWrqis|&b;~^^v!;)=vnD=ITCh7*_h>!KLBV&z&#ivrxjB4( zT~C<(m;7yF+V!)mbZ6W%3?RpHUuv1b@$TfBjC=dva5a6`Yh==b+XIhhLA%{{s@hN! zIHf$%)P#cO$IE?BamnEsx4Wj=Piz)1i-Uh6RBlYWP5WnqEtiTW4?Mo;HAqaPL=ibz zGv319ZS2d>R~cVwl?GVmUD~Cq-k1x1L9#{58I-88l&)>0Ns_X6U8Uo7yAce-lbs&k ztL*JV4;!(BiICwRsRl-`i?BgfBTLyz)t5?N&I*|FLBX*Zlc*M)P zl|02?C5xt&R@Z71{Wj#m^1?6CDzRny6TwDj(9UZ9o$_RXARWkzi@YjZL)~z5PS5H~ zs!n&i5Q~Ptk6|?dm?ryBVZ78F@`U6N9ipxU3ouqguHJF@g?0ySx!Z+~kMs4F_R8&*Hni23)P_|8 zlWej?(EBGr8`>!cmVr+wtYqZ1iHi?m)8JsQ;i(5D1KImxZ>qPSHo33ARgj8!+NW^g zE_#YB#5Q_V{)Pp5YK-xGd&lpW2Q7f*clTcJ)|l+N8q?cXS>Fm*6c`BNjr6op?UIU{ zY1qSIPx^nS>sDEgIalEyKQ6Eii1yz>=7X2CX(oAu8LW0=+Z-?9Xp{ zox-j3KW0O_-}zFLjk*J6Mdw0?;zc)M;w#GMSf&*^w5nk7D_6lNGLlqIxR18TQ};C} zsWBl$G224l+b9>(h!WyiK^?5 zbOh-rJMg@C4~HSzEy6slwl>ye)*D0=d7-KPErverNNlDEe{mdHOQ|p4x0kM-PUS4F zlvms;BR>^&5@|Z|A`fyVZIjK8wD8R*vlauL zib+la6aoHgs=pWz1#ai`0{Ea|C`yPK1W~>!^kK8Cwdm#Ycr6!57NEX=0f~2RARdT2 z_)3LV2WS=4noz1o9K<&=^<*#_mV&W^SLo(!NSWDK?4cqPc0=6*0>VN^e44d-q03=4 z`S;#Xq7y%Es<8D2IL1VWx_$}58KgjfFgDdx{X11{x$JW`cgsfRbIJEwn)ZWd+k%}2 zn?Jc1;t?_T_{w0xz^*Z8CY)LS!E@OWHlyMvMb>^+8Vl|IJ!1gw+bz#`7V`*hh9PhB;O0=;YEzw5<0JmO? zeV8nyKE@aAv+x5Y-OlxSc*>|-PeRtodsBUcNvKIGeA3_!#_)AocCG(N>5hc>J7YP= znCGmw1%}4^-f`&u+gpqOSxEGs-OBgx-uTa|5Uy|-_*)^I=~;4=uDk%kt-t#<{kuxY zquDj|WcuxW;VHAY`khl6{j0ZN>ysEw9K8CE;@|-TuKy@;@ajqB{z9M)xZ~JC6JwdHZaP*GX{S_BMyr)?o3w^BIdR2WO@tHPmT6o!pvpd=$*03Vc)MA`{JgqbcV zR8Kas*dRc}w`$D~Aa|sZDEkjl8OF^KVLUsTbJ?Y_p*lDKkHWAUvTDyZK{}^zA_s!X zNSKqUhZS6&qt8G6C9_Sr6Wd;w(Z8vFalC=)%N6%DA5y6@c=HX{Z^!0|A~~13a>w^z zM%U_2F;r%~2g4&_{Tft(9J&=+Y%|i`g~R7QD(Bx?^nD?}io?(?7gm9>?f1Gk zE2x|il244vXl0O8;nLU)7>K>_>0v6e^Mb<|k*BPuuxFN->L2(!&$6J|Q^l8xK_DYm zlA(@xU*A_v9q|DHW$|&s2Ld35m27jo8V&ush!R69n|wzLgl4qfQFgYfO$$}jWqi&^&>S3K(3Wp0!s#l10mo&uD(YODqyO(r5NoIq> z`JCRf!$m^TLtEcBr9(FTpq;l_cpLVvBO102vbH0C!IgQv2=(O*s)x%YXQHGtd7I;@ zEI;v@4qEd5LUnDWuMf9*Z?X+aV>9(zV#>!u4hP$;W11Gu^B{^$%^v(g;&FNi(n z)53?g)M2G9iDlr^!)E2WCHw|q?(TP$xyHBA6vs>_On`cU8R!zwnhH)KDZS7`f2m5k zQ~fMy)7f#GpyLe?z9bJZ&TGn2oXRHl4rP-)C>2Kas?x#4u&SxCS+bHQNp@rcb*D^7 zB;!Mt?BPc*#bm#AldKUerQ)`aS4<6NBkiDt-Q^O}1&gP#(4<+E42o;@$YBDML;PI6 za}U2>+r(^}86$jF^dhH>`$|3gE1Mww=9Ljq$M=A^`y31tMH3C5G;|FH6?O#*`m`+! z2B{+VzSBWaIJvkueCg|Qcdjma3TjH2O532ORSUkQMwWW~g z5+tWzvtzzOV^?Beix^}<`ek$$v|Rc_hjbLug*|#Do#tj@JSunG@c2jT=u~RPZg7ol zw7n?a$K^7vQcLX{dC|AJ^ZQtYy#l&?-|v7PP!fb>EIC`LRKoUeuj`l307}fbpPYkT z-2Arhz1H(}7In=d!JMxV9sa;hq5t`}w?Zld<+P}6bf(OyDE^;m)BpOa|Gq)YTliim zi4Yl>pxMxxdus!$!!utx_SYmnIMgNaYupYmWAo!r*5WfF-w7hF2tyak*9-<<(iqHY z0E$c^8n=Zrg`a}w;)eZy?{F1F#G^O-lqf(@M@8MeRIBpDcdCbDSPl_fMoQ_(Ofb$i zQ3ilYx=e^X!%1LGJbNePmE2WtScs3pPs8lMJb5?awNdMAC(Hc?q)cPU*jgRqAjjf=!U!jdN+zkdh)5`AN$> zwjILJ^vwsYRyfQYJ35<0R09CSu_szys^?oxuTQJXNGbWx)rn-wviOh1f@{x1Pd!>hibS12#n4dIQVf{T5TnXsR{0 zok>ECXH}-<5Q!r5%RkJ*keVZbW0(596WC(*A|kdn zU0xZv?CL1i+K+M!UO;PhFnM0s9p!$q#)k1cyU|ny6nNT&MV!=jlnp8d+ z6gHMW)XGRv3(Qv5T=n)Z5Q<09_rb-nrXEebT$k(I$QM$gc`q8KG>~DKQz&;O$`tB0 z_S6h^mB;vo?i+2xL7J*DL58-Ma_B$Hcd+1QW?go=p#1ozneX|nx3zZAngZ?!_M*bZ zJ{7Ld5Wq%Nk%(4P&JByBkIpZ*#y`pUOL1jqK0_h;s6`9r{N^UxemlA#Rt)Tr0KVSqe zR8g$fwOTl0Pd&bp1o9wetW2G+tM(>E(AO}$$`F}oG6)Ds zal_F2Ve1dg16a6{Qr2*i5JtZlr|ru^$>|{R?*|47i-{Q0fdJ2^j&iq(qHHDaDnFrd zep)_l=Phc-th#>1oO;I1se#yH0y!YFjfJhsR2UV@FRvw1^M@@gmHHzA9+wLEn>RMZ z1XY^UFB$VOr>^9279j(BZ)tn_qB6vvn>x41XO>_WIsJbTvgU$8dH&-!E=;xXP=@Pj zq)y7W-22DzQ-Z?&qrZ7u_l{ZgeTa8=?s+ZjBQjH|`VBGd-wXnDLbD{!EK5PyC2@Ow zCo)!SYeHi!8y!DeSDIOx$~d#0vLalW%`H?hK<38G2Zg3L8@1`x&}NX*j>19~J-=IJ zGaoRNIG#>I?|%q7M=J#?u@O-0=f)@gBkNj=Fv4m=O+@-)3B zTGT3pOKO7R%xw{Zr>i2$M%UI&`!2XQQJRy(G#lRi*o}M9@k)wnx>p60?ctX^nx4EB zUgF(PemQ9UmtE2?lnLZAR~;<#8@eTG~wpG&OlT#bA1xHq3zGNcwV#Qj@t7`41m?Im@8YMjGS+h!S2)Z z-csuBO`Bls6k}uB=gG%;z2npj_mNEoNJl>crUl*LOw(*BcMIcQT|iCCV?_1IDQ!QE z`HVUCk#2Csf~U1%ViEmjjzs0hLTSSMr3m?}SF0;MF==^HlQ~7~U~=sDF~NYrvcu2< zEugP?O_{dYM0TW3vCy`ye5vq;7)#L|A6;DJgJz@L$L4_w8S+y3)E_EOhT-`;r`_4h zb$rVtL=j3n&;OC`=-Px$nM=>Y;j>Er(o|}5hMVmgVe_&nnx?RIA9E}KdwKgz-BXQ;xM_)EKe>!lT-aK;qAir~sBE%!KQAf^Uo;h*(0`;+ zHoNZm5Cakw8G$Ccy#Ybbi3-Nh(VVeL`c8> zwu5~m=-H%*QTS-nSkhWjz2(Ushlh!sF(B)jiSpC_!dKQSVu@S1VmeocQbynUimmdS z1jyf!S4;LCl5z6ys>GhOmS@Fd0PdH=nx`_YOXUg(wAH`FJo^C{RW0nR>c1l!S90F(hV)xn!XM*!|?R`{30KF3~Fxy{?7d=8zddTwbKEQflz z3O|axo?|$v)e^=E!CY?TcBo?6oxLDY&vu`j7P|k3ZsEbun11fF-4xyo-?Xy}{0?e) zD6q%~p5CC{LTIv09Hh-udz$4UdCH=_YTuQr* z>~rhBNUAZz<;>GUzgV*K^HGH-+9Ao}j%%iW=xR##^g%P04(DxUa}W2bd>EgvAgQ5^ zUA?9l^$f0XY;ul%h(H1R;1#wN`Ou^8w&^uj*CKbUb&DL~;|}}XD!81r5Ki>MhK{L|Y^ir|%L# zs#vht?;xr+H#j&(&RRZGZpfS)2Cb$l}dkwUT0IniU-TU&Z7!l!GfGzb(#<+;_}{;D3cL zekbsPpXx78AzrA27-V$vh2!CGG-SMiozI>bc-4GYKflF4*yiEwrm)-7@Q!%Yd&>zG zpz56A|2gxe*D2+a@Xly;&u?}~TKddIF1V*DZY$)?nJIHY5#{ek$zmCeM^Y@!mTS;k zvsn|=I;=s285kKTEY?uvqalMh0N#))UI@FYz_ zyDNUZ|DoG0<4DwHwA_jw0wuQ=j}8g2GrX3H>Ad6F^{m ztggE7`^Ia#!3kd)3aMdc=a4M5ERy~*k>hSLqC8Gsum}KjBZ<=nrmyLQ?@-)|Zo6U# z_wVhz;k&WYtLcl6@WWxQ!>|nx%w*qY%xG@)uBv-kuWlK7;6}H=`YZOj&34B> z9&rwA+Wsw-Cu}EWj&3c`a&w={l;S0cz6Tc>q2*kU%d&>=`8S~JQRla}GUq=%>y8CFPxV0FV8vJGcJz&iP-w^ItOE|B~tc2g-EMjMej< zI@t{_1t^|xx7nh{vu88n?ygJ@j-MA!v%%?;o2OW}SA&w;Dgoz&#nMZqeVvu>#s{rw zXzxM4U%+-Y9Tgj9)Td8Q#tsFT^pSX~AsN}3>?nKaK?lv#%VRFq3MJMAlGkdAp8r^n z^FP^8r(A}ms{@6sOoD7vRik0vCiS2 zK1^iYz@@Z&+1`bJcouOegMRwG#A{Z56C+NESrR;v zX2{hlG`P3y*6cT&qydx|=|qMaW3Ebaj4^62(LjO2h1wsQ?tc`;0dDla_F9pjKYXJ* zrQ8kVSe`Oa&i)YXPw@1Jt{2Kkke4;vAxZxXcq zfa)-6KxLuuni#i(!UN4??#lWQ+33dEf%6FsxKADZZi_kXfA0 zRQ}cE+qZ9RiIqx2aI)%&Nc$1Cz%aCzZX#VGDQ^6shh=h{i^LDh~UUgc`>`JWb1KMr=|_)OTpKTRLKSq71}8vat8AI$`lcM+SA zU(3ty9-dGIxZE>E1G5{RAOmzOABV4+9Z*7Xs%Fnux+SAJRF|u9xnX*%z7nen)7|)W zr>qhSgtc9&_d?e2Hp1hHM~qfalqCqFkB4~Z$LUv$iAf3~{rF`rnOl^-S=Oy~L;^^S zNSmN|X7~ZNXbzn1ya~(d1IDvX)d%#A`KX-80j`6rhvYPk*tAux0{wc^1MTuwA`k#=Q_kdBWsaK` ziSReJ%O{8PoYSD(qb3mw=GXPhj14#k47uw=8% zLg;><$K1r6EY6HHu{|I2@r^8NhpG+6CEev_X&Vd&+Kl)?8F5BaOS;CS@$p}s6=28^ zTeZv=w01ii{`EOFS&s5$(Xn0%ClVdUNEf#2X$QT^Qo4uwJKZM}UC#QzD`AenNiS3) z2R+uL7w=S*7Pz5jCSaoMlEWLRA%}$BqB|4Sw3b=Fg8cp!J$b;dZPsL9j|r)*>uEWk zh#K%GF=y+)nRKv08?z?85zWkD9!X~y5J>4Mn^Y2w36Qc!jnC*@FWRVYZ6STYfVcVc`8SBdN>P-2K4LS6nBAIU~H zCJm%;H8JBNb}7kn(3_^PuKJNDF68e_{*WI#1;)S~;UqQ_kSrTe+RTB4g(sPXr@GI_ zQ0?c6+fZvWlc$90P=g;}io=aVs0{1Z_Ya5}`F>N(k#|0{qY;ZRB=$jbzOB7SJ#po~bG%TXx#9^G~&6|yX#uwm0~)Rjv{|GK0BT}+)HG`bFa{nx#` z#z)R-@3rf$7tzvIol^2qPloh~Bwx97mJl|BxG>u$6FoEUi~3fjkp9A4tsuu3*Bb9Z z>m%oHEbWsgsGEAD>)GtjE}G4+nDbV=kx-33b>N3bWYidTLnV@Z3_vvrVov4P zWIYuV7*z>+yjrI8dbpR9C5=bKDcV=(nT=->F_H3|}>-|Nh>0vi5ljmHBv9>Z2;?VRHG( zG_2SEW7#?FKXe7<%4e^Krg?hOq614Q+7>fch(%&OXa|G2y7@@YPYsmfG%7!^5Km zU!|m1%{K#@NQn;OUZp&Y5m{ynp;^Kx4Sn{Ks%#zMb_;FI?}a!Be8oDn()8Z!jFgNG z!TG8VD_E;lL@%Wd!xf4w{)T2dBW)#^vq)8m(m7Aj2EkRe{`xE}8R`O+&N@~F1W z=+85aJ;mqAV^h+Wa{OwaEH$5yn$ZF_mMpP>zNpwumT-~=w_xl}t2&ZfW6RIBf30N4 z^6tn96A0CO6OJBOU+=c!7fWZcfmbp;(V(VY*uAv~8jZ8{3uM-kzb!|({UsCL6(LlA zHMLjSP`H8u#l#7=j610bT9+5l+lei>uVxp8eyScp26nF3(BI^=VS_LYO+a0@Lw`u zE07yP>gv3`>lm4qfHL3TkcApR4uVBx8>&}6U~WvzVuzQqv6iXDY2W0r6a=0skZ?5* z>-L9^PySKaq+hb4uPsu>K#@~z_@c4TTYR36+u9>;q+fkFOyZ*>c6m(UMh_XutDvhv zUmtgN7!R!}^7zXM0ybOm)dnF&^|Kt>>+vIzS6`+~-dj8}gQx@bCTyusOBoeEAyW%J%fTF&n>%uK=$@Psm7V z)65>VcS4CYfl*DjmX!XDS{~V>iamKGh;uXWz45))2w5z4Lus=}Y<2BT(P(1hlSE}2 zeV|oL<4Lyd?e+uIwXfe=7{0lmlvh?Vsa92nWf*@il6p9ib{=ntmlzFYWznJ!W>3)5 z1|;c;zyH2_`;sr+y9?X427)^$Pt3Jz6}4cX-zl<9&fn`Q4!_~4y@6xC@& zBO1s;_CYbluXi&pWKwQ~ItNpqeo~ny7?UclmMFeqX|l=X^Q6QtWTZHFW<9#B^j?y7>sA4;0jkSE_(Lic=YS%`B@2j=E>E|2$cS z86X#>!QA@=DIH$bcN4Nx!Vlf)`;qD)eL1a-Ro-g_In)H|e?0qeFW@ZauNr+~e#90)f->OjF};H>>(O$iq&d!UcvrhB z=}1>Lp&r=~1Uw|1=V(}~5VIj8^+KjiT9TaYV&d_{N57uJRLeuhae28ykUX=gKCe&q zL+r$`A+kg(<^dJ+WW!7RJG4=@t@%5A`mpY-U(obL`%{CN z#?+U-AWY9eyCrDVdJsOT|PA){dkwvBn$R7AEY{p{1d=EUsRJ}aX1NOROk zZ{d=dvyl<}fN`|8X{kh_8`;$a4^d$du|l13#f;eMmWd~UFq5hs9m!SA&GDr8zVETmTMF$_KqGEPb!|Hz_K>qKI}=8 z6J41=grF3X$vnzc6{`A6HktY-my9m}D}ZpE++dOuM2=qRRg}jum)YJtylB++rX9ej zH~?4)dMx4awT}C#_DO3zazT{)vi^JctRqZOuBK|l)jj-^iD*(3Q7y?>ZYLa~i154* zWcC5rfiY#gOk<5`20`du!cF{ZrvMPTJvkYFnF;8-+nQm9IYTVb|$2Tv;)`gOdU^$n7Sq zn89yr&fp=)D!q0zCpbl7YIN#lLu33JHpNZN*{s&Kk(yS$++x|d3xr=L=@@SAxwP=phs23GVcnRMdwFWL{)UC7g5n3rWx{*2LnXWiGmgZlg2o(_me)a zXFHuHJ@+DS^4HYC6Wry&4BDb!z`GjvlCHh>`OA8bX2GV4Xj|CAJRJl|osnfcupNPK ze}o9Ze#Mu(3b)lV#yfpfe{p2IhZrv5jQqD|nkzJ^p8Y{tZCdbW`NU(D`DgrWUGG)^ zqhsZFI(G58^bP<02JCAK5@MXUV zkz#MCLl*}RqH8EspY85n8x-$RYga*rMqzu|(RcT|9nM<^TsOck{mg;P+d(tw0Z_ zYN7EMbn<$*1F<3daW?Nq*V!;`b-t>A7fq6#zh^%>g%T)apRrRz<6kQ~DU_xKLLz zNr}3Ud#PN{nWn;aj=BBa|In>Dt6S1e1&}shgiR$ZkDSOZOwBIZkNu%Lr%6MmxD1Qb zhRjN8PfC0cio8#3JlX%HOnGoTng9;twz;~umYA?Y**<0e=n_hpbSFYO8ShWd(6V|T z9e`4bq{$8cb<*jDutX%!Gwk)YOdrl23-a|J1^hh8!kv!8UmWg- zaIMK{HQM4!v+BJaMB_z^zAZo5Ua&n%D(_hjumSZ{_a+VH_8Mg%_qZIRP}S*bJ?*+8 zH(Kwu+Fl8?vcvowAEF4h0)~6HB%gu^Ipx3eJS8SpD*+|%%KPm%r$%flIO9pIGm%>~ z5Ip_HFV)!^hvx`NgZgADC(L6(tO-xEgU&!LU=+NNB1;<|<`RHclr4?!P<&thFXslj z|7aHU|M!&MCVQD_3GsNX!u4zf35tl3B=yw*OY`13mFiTllx%EHoNFjtlYeoiY_>3^ za111}ly*W z#+Y-=Io~pJBGOVhl_|gM)2Oh8fD%(TXB)3DL4pimcC&F0Tbx^@6r<}Ver?06`^^`i$7xM@2 z?BFAk!5@a8-OD@rjC*quW%|Wr;MjSj{0F8^Li#;e6|ry%U)|Y_N&=qk0uXiBRVzob zT8-sAl#v8{ARf}Gd~Uq+WXq^^aMkAtB-aVTt- zeR29+R8*{e&??j>Gtc*yZjIf0*nXUMBnSe|(Tf*P^ArA%RiXkam2NmiCoO-wblO$F zs^gR9>W9KQl}5;1{BUMYuON9kwocouYI*l8xnd1fV(c-WCB{<=taISaQn&4unlYAy zjm^OKt%yWOU3lPPfx{S=MGkW~%f5yj>!6Wc=6u52(g7Wlg&ONyRxxbR+f94JUB-vv z^j7J-k@zX-I3#S7cI6hs>!hUADHAr9LYW(Tg1uMcK^onRL)CazAzM;REf!1_P!9KV zdX_0gYr3XX$m;HBHJ*TNb#l%L+0n9N=lP2coMMRo{mg-FbH$4%orDEhh@!a-D3+n{ zgH1~KR?@Ar@7}!&gD5IGJ1|vTbHTj20ed`_nAJt*0Usi~!w+ZMSKP zAVnQ^GdcE14`%k!5cv^&BGZOzwk$+2vubS==h?)I;YrVk*F(WDu)EO}?_y_d=pcd#%#ZKF8J`YCeN=0l2j~tUh%bJI$18g0x^_<%U9a`4 zsOjUAdu!9S+a7S8I5AaTH$tMeiMdOcRVHE?Czp<@z)>*gGP1KvvtADN3~05QZEf-g zDC0$pGBRR6J~PNK##hZPt|8`&TkT=3xaBNSuO?S#A)73Fk+_^E4%k&eP3SF??)gPn ze8%oJrW?z;!4r9(eWQJ4GO~5U3Y;s9S(032G`8`rzq(3kqE3Kr1|geQ)nF^32B-&xqfiEy!c%!S{|9H%5f^+-K zgo6$%p+@H0LU3t_rBs0I)KH-B#FTD||J(%iyL;)z`M|ducfaj_wAt?2w>&0(3cXD2 zLhql~C}@z`o!oZ!2mp282#oBl-`dFWrwq;ITsZKXuu-ltnG^ixPhcgQy9PJrJU{Bz ze6^AGa=U)8LF((XCc@TIePhC%e|;8q+Z!*b3)$BVt@vZ=P$-R5KV^LP)%*?3{jQIJ z6D!YB|2Yi*9EN{B4gVj$6yhyr-h10wh|XZtaw)8Tuu$<$xn*hKSna8zOG46=4X&BN z+F~Z-p?H-Gt|In$1Y{Igo74rcdsY8^(!kFhgk6wZ9Y+J z{#aw7Rlxv&5G>Q5(fsy8;$08KLDd<5{Z2HjsRB|OZ%Z>VkCKTY`1(vuV6}R(b)1d6 z{X`j~c+8ER;`%XFbxww^yXVJC^=yx>2|h`@R!(U-hjcygmQa;B zr(y4HtxjbRG8?(ecWo$#KAmm+xPTY6N|!^R9Pl<#C|na>0gkUQ)S`h5ABmJ(^4kql za*^Lo(?=uXhw=FCftiA>$wynK`zj3fExl z^RUfqDr;wj+<80MTIcy~hwc#uYctYB2i=z-d*_5D5*OXPoAL>JE{~Wg1ceXZd^_c?`Dz=vDz-KP=GZivH zDOjT{66#I0_8Qu-;$c9N1V(bnA$(op*J}{Hfn6r z0T=Zx|u@v7ilN9_zqo~#0u-#gKlSO~oQG6__eBp2%#YtM6ej=F!rQ9;=;BP zh7Ke7gDr!XZ(&vnKh-}dT$Cty@l0mv>Yql@-;7b!%$c|~K~4{e&k;WL@;SlU4-zi`;GWN%=FGMdizG?Gl5FgL9BIIll8Q#OEh1 zN~l2>inatOus^48_Y2U#vm_Q4oUtE5HZwz>mhoNDeZF=|M0-qoHr%v^wyi7>tcoW7;ouNLZ6%qW2s9A;vf4qtB~k8)Bd5=R9ih z)YsyG3=oaqyTja)wZ)xH#c6<>Qbz$Czn%@09gNo-`nV-1#bn{pVFwL~STu1A=3K{V`J^GBf&9oM8x>t03Y*t8@tLV=jkrLk=omQ>6!Ix$jM>>A^Lx(qPT zpCN6z{PFHd2tF=jM`N8EB=wZt<9!7Tc#v*5C!X^xm3n&FFhvyf&O$Fhq0t3%_xG~o zpPVPv4k!FE)&(gjf2h;?$3AM85#uGLQ>MikG@*JvCSnnTsH^A{k=(J`WZ`;Q3eimpo_c2MRpx*X9p-+;4x~Fn)$eF{G!+cVtOU1 z@`zt(gT#@&{51&ylC*{pMsBv1@=l#SmAhno%2hYy`>}vx{e96TqwRjgd%%pBeQ-Yw z|7>S@PNaot^e1vb87)RG#g*Epxl1R*skt|SlA}$d4z^2Bzz7(YzkDb2#YAMD%D;;* zy_T7YHz6fZIP_{S0R3flz3KYpP_wHzE6mNyTRS;Si;|M9c81=1r%r@+UzOE1~JD#iz9#C{JBnr-Sh9LUQ zo;2`|$l_hb6Qo-=Rx?Qy@PcCNPNzHH`ASiF-P(n-PKAeMHs90 z6vObi%xcUN`4hZdAp=?|LiVy8X!WJ$ykiiD47AUUmoUc6N#{o2vU@jrx6HWTj1pQe z?N0knvdW*B$Q86-iLSp#vZ=E!5_Ze#g-Ry4etS5eeYpMUsj2;7aa|?ioGq|%M&#lp z54BH})vEos@ZCYtE&Xiam|`Z2fJ{udp@sAIEEEP^;G5|#igl-+xt7OMA2ON?A{Wa} z&wm&-H(KzxuGhWUxGQp_R3+$_jrF}O|L{ZRy5p@U=fj#H>+1beoov zlM55PA8W%%>S0n`%SM$VuY(-auLw-|Uaa@1EbNz2V{$1g?LE(^?9DV?29WQVGCa&< zc)Ik1(jCV@*0}mdD`y18E!~)|9|ZNQ2M`Z1nw1j%E#47DYrgi8iV;tWz&0ZYQH`Q; zc0WH5qgclYso#aZB<_Q`6+R++u0Z$!(gJPEVl zBQuL_)=F{84>nyJiP!J4St#vo_x0ngeP-msw(C!S0ZKSaIFJ2cW46t)7v7+Qp8OFc zXC@9f+!e(>!YeOQAh4{xWK-8xLZlXbSsLlI*&sBcWqqqn$r2g>?Y+IVHYQ~!nD|Rq z+wYVd#&r>ld}AQ2mUioifX(SX}#(kkX$_KW%ri$Of)=dKA?v<(X-|MvYxW+}iD8bW4?l&8g! zpN|DrE>(C0H!dZ$lNn`7Mfb{Ab^W+y-#;fJBp~UvHpu zld5bs+;9&@50W8zAO@Bm?WLaI2!xr%~zpa%i`Qu7e4cT{!u@|p?W`k;a(#`S5UjDmKfM7OnFK+DBv5A9`|#T>r5K<2h`bv zJeSTwCp8|{ni~0LKhCdGg5{l3!8$#;=k2mrPyM}G9AP6AV`K;IbCD_yvZ2I)XY?H5 zbnKGp(>_zDLNOh{{LX;mLohnbaXRl4i)DV+E3xVoa_wYpfA34D+7(NC{>dOAwU2AF z{T6iRl#2mdOv>;WxiZci*v8uejgh!%4$*Va=+JL<5$n5ZYVkpc!YLsrJe=28iVw*d zO@2Vef|muarSup{7bzv`ImMiJzlRHU_|uJ+8OV{uN@KFHW7Aml{kK6xjT4Wh6L&M0 zF$f>jX|8||ji9evxA^kK?2eNi^lLq=_{a~dC9iNnNg-i{)>rsdO`jTQ5ZhB6QF?Q+ zFVZzu$l4pO17c#OEN=I_IQvCoCG#Yz!Y^5`J^I8uja_U~tdSRB$uGv=7l>JW7$_Z2 zbhfRMlz2})UnFw;Isl#~SPkSyT6tGdw`Te?{O<%V{>AP1_wkE-_}RT#a&XX>J10{^ zf9wVQ)jPRhGIT|s@cbx2`?%zTfO$hw>cL{$?izLCp#EFw-g)0Zx@yFI0n~}hY9sNu zB%sVB=+TMZhFAw9NbOpfW^(gye{JdS6@IxowxnjZDl5BU)w3aU z(!s+0FnT!#({r!c4Uo_Tlr(2{wGFO3 z_6Xz|{SMo0Cf`;rE=BYa4YTW6_;W2#y}HbV%aRpFS!r%=Q?^S$vB-(%f3WqhNR+AF zSGd0xPeU#w@D38Q`d27rs>Xr$*Lpr7S?_+D#UL>>aLCWr_XnGt@>+aT%5p&Yip57f z0av$p)bWGO{g?8&pmagS$vrQCg-=0CL6p_b!_zWUc^=ie0mgWP@V%H)FoZ-Lh0-;94(Dmxci zP1IziWme_oAMEdVh;1zH;$xSTmo+h$ryuhL_Ng^|T(CmC`0iYz)mf0kGo)H%25NZy zgRRG3K{P(#<;pRAMq*E6=VNGXM)hGrhEEQ}O0zwIg(hARc4Fx`_tqbPreDoH9?O+w z+#ENgXdeCi(Sx_Apf{4%G%c`GfywC9>)B_?BFtklKAEfg+LHFgKpP+Lgp)KoOaIMv z{P#A_7&_yW5yP8@TQ}v`?+`{9NwJ9|YI^O3mg=T=N2+~ioz?@t9gyKaq*^3y-C$k=~wNE0%CqF_j*6E)Y<)%O?`RP;?Box%X^F^j7Y< z?2j>(1GPhXDE}@F%G=TKxp%9WwDVi7>}d@?du2;^sU)h{6a(d%ql(N+& zwPP3uncDO*0En619lJ3p@{1JN;rxYBaHn-Vr-z<>At8$QMKG zgj43=2txAPFto`X9XZb>i&>P#46lfh%Ohv09swi^TM#xm^TCW6{Kh9OtpuUxdEBn=LIzta{#wYL6%&sA7@d%2k87-_B+m75d)>CAKHP+broT|`C-lMB zKWWjNkS%9qHgWXIL$?~x5@bSP%0LVFX9nhgMVl^S+=J3SvX0Tfg#bltbtUTNIr9g~ zilZ}VZ`J3SD2dD9m)Rtnce4elMV?M?byEd9-mV_n!{I}|p<9MX`4M>VjzfP1g6o3L=JY7*jSe= zhY~cq08-~#%lh}1K9h9cK@2w51VSH^NQ{$(*~f@;4Qlg?-5K6kk%2&-wrC^6i<1w4 z8ctI>3hwa}Znr*Z5Mz+P#ohGywI89?k4X18{Eh|e>X+Fb1~u-xBal|z2lI(mMP>vk zFL%cBKqpPOzy>`a4heeoVDw!rY>MbNR(89iILW7r_vVQAQQAk5RP6brH@>79;? zUhJG?8DX4UG!};vl|VbBii+Ahq~74(+ge|@T{BbQi_nkRfdCjl^ED7eftB#U0X8%= zzTLdlc;ZG~Z|hLnHXsX5m=&GC?nC-7!d+#i3vHCPThePxG6yWpialM+n>k=qGR5hFj z-M3dz<*(jw#0W@|A&PVrBaU!zck`4+a#x2$Nz)6;hU^P&o-~fxRV?_856Fw4S+}vU zB?;(97Z^Nb7LQ-%$bqV}q=>)=UBkiGl{09X@rjsm2FZ7dXLo~dQq>+Va}zv_Kw4dPyl(M2=_BzlSgnGJznZ(!4>m!C z!IcR^LPA=j{5Pp=IpU3a+-&#M_)>N6rw=Ht|HQ`f3^IBam}7iXMFW=09FJ=vYQ4aY zu`hk3FSu6&y5h`JA%+O7dH_Ep`8cQ%MfH~z1fGl;v`L&0`F`Q%%<6dbJeFuQ2YV#Sh1hb-q_p%U z`s+pT0&do!78*AeYs!=$%h#2JY_y;QnNh3eSZkF*4&a|2@&-B=?v+?9wz}x!Rcl%@ zZk;uxmt#J6uGMG`07d#%qU5{IED!;ai@ZnN@r+n zCaP-xghdv=7DIYkuMM`%$D(o0EXQ2zTvQYb+A*7+1ND}#2}7*q;@0l7cv%8e5bBqj z1q_5(laEI?#?!Q)mJFxEpO@Sk{dlHbrd2Eh-rc6|#R?<1CzvpFXRd2~nL&BYyFLKc zE$#}Mx65oxii+}mj=e?9q>a!dBcHzFidr^Si_>$s^ghxQ;?@S)fw=sgN8leCJ@`9) z{IBYNw+ilU@f_)nX|>1qsoLRTEsxxQv% zJ(Pp%2BJhWeTRU6y{=SoD#XX8INGIF(QRn#F6s`>!D3^B%m0~|JY)#fVE?^>!>Gqh z#?HGGH;+Oi?oa{RazGyih>AO?A{GKsX;XM&)$b>sMYqj03`xCF(1O?o7+)VxTl<+L zX=a>DfyL<%CRVgdANa8c3d6xj)U`6s+o)?|XCFQdvTMqT8kZgC!*niva!8S zJ8elM2qy^K2lw8FuyYtPv=zK-3*f~lTpMpVb*im?e}dvfi=F{?Iq(FVt=lsLKoAf+ z#0w#eO;3+T-@&*#i3;a9-IKg7-R31#5c8(Nia@~8RUknvkX@jofU!KWhZ23yCUC(r za41I(CCB>m(gf>SkWTMr=V#-IMovB> z<7*&W@7*y{_lyFI=~O|Zu7;t|)umCNVX%+TKU-SF|L}rvQhB7W`foUI@w4u&d#9Q2 zQS2k+7iu%DGAX-5y4Q(Bt#0GZI(p;}HvY_@`+sJnPwhRsa*{hg;x{**UfEVl4=XDM z40i5G6NXKf&emmy;aq`@o+Q=gzA<^PeL9VSdIX#(^)bZr^Tv=&4oE}Z(E0TF=$W#k z#6dWag1(!9jGezEJ0y*O4N7$^lOb}ad&V0)xJ#%N&r$Ge(|Hmu8i_O`Ikyt0%y+KC z0a$eG&2!ZTb>#ceyn?33FLsMbDKrQKKv##jK@>O=r09UYE*>4mOR9+gQJ_Ix*$JBu z!=xqJBb&M1@aP^B2sL6^>TSddM$O>2O8pi^6AO`>tngFHR;xu3>S}C7M0+Ovmd$k+ z^cpt0l))}1r}CGNzMNc#oLm=&z&bvQ1*;4Enq~zFq#rj=R;!D$2!5JMoel{U980rZ z?4;^)6LMK?&;#{S*9LMwVxRa@)u;)%5NSc%webNj;5Wn$OtWJo2mDGV?fEe$)q4DMI~=dD=Ji1M?^}ORjyL5V@TfVxg3M|@ ztN4ZvtXBDHXHsFyX7X9r?d8DK^xyxs)%*A6?HPYrX!iK)IZw>oJ+{$0k?*73M?>HH zBVuMI`|5HV3I+)Zg_FgHS?W>0K^L@^zaM40k0gJ~nc|R$4{)%aM_L$tKl6i4b-Wv; zI<;N4Z5)dq-tPbQecowoS<|s65aMPZ>w;BX7Z9Hh?3&W^~o`!(bw+I9y$hY*jydhB+en%>1XF+ zC?nd@n+ZIFOllDKF-H6o>S~5KSB)gY_kexAOP<4zJ?tiD&;zJk(qxdIgs{3#^<#$_R-L-u&G{qp9gtMZ?BsdyG>^u zaU^EzG=%drg!DA9orQfCDmoC+*z#5RuB+m%#8ci;o7;CFOO*V+@8!^{NGOA=?Ru-G zL)3B__-dl~Y=PdrM28tmK)X?uSeTmVwB1<*?=)eeNo0Tl*lJTtX4hCh`7FA9sOjG` zWR~G)5w&9Zc!=v`(+5ktn8sJB^$ZV_&(Z7F_L5QErLzQr)lyNnUJjF{GLfrraBoJM5&mPnA?$V^Ub)SY6^Gj zls-2Qi)fV_0~B6k3q;GMzHx8vm!-5*c9!$ljDX1rtM>M^)MAUTO}m? zwUOr@)tDs7y(@#b%oLs19tuce!8bx*hMh!kOB|0IcKM!mV`9T3__8Tj#KZ?F<^4g$ z4)9^BetU`q!;(qG5mwvQuvM5!`WVSS4!85P_1wd2Uj5j!5BV?c){c#}X0?X9N>jk* z>3x+A&2+#>g>6r_)+!L9GbjfHPbF+Psl|cnf*YEwEKB`Khgf3q{xHZNV=A@J_ z?AhofmWjWXTz!u5an)Vf0j4R^Oo?b4kQ54AC+uYcgT1YhZD(r;;Bm&XLazzF8u86V z>f31YLk@8sy|b$k?GLYNa&N+)arW-bsq5C}GqQPc zvQIh4i^`>P(p2w3J{{YOG#P<#iIK~*utF8kLkV&jQ|3j^-S`f4n8W24M&xF9^PRyH z7%I$&!I4Rbb}rK{k?PaD$7#B9bb<{@o4jXmk0Xu)^_M-svgzVnA=J$vjK1IBSw;Nc z_V_2Z%Mh8VBUqHj1b-hO_(g$MM)J~%T3d@5@$xCfelBMynvm}vB&m8+M3o*C^Ui-; zyDm$=qxAehzlc1snCC?-kE(sHL-X zrHP7|SKihmvvWa!ycB5cE#6sjXiG*Tvtzl}HA@aP?^7oEF{DL}(6>|g2DQ1I?`E~q z{V;W1_l-oGIU08Px(iYHt-`qspGZ8`PJo*4>~x8ybPZYrn=~`mg+;d_Q$7* zL*X|(qn^&2V9&1Y7nyYjUdhM*{=didUzZFY`Crk~Ieqln^SiapuQ#R>=*<5aJ20%d zxoci<_?Os0ebWb};(z_8|I4x;ckrJF7|^iK%`X?{VEYHnftE}k=;UCUf0_u1x%<=T zyOOC$|G{wk$y)47`*(UmiphgrP0sQG59NNr_(DFEiow@fkjLT$C7_x6v4q&ykWR>$ zYeSD-yP)8!!L=?kI(8_yw$nUr%~NSHGo+)4ya={I_ZWpwwWr|jlq{c`{Nw-X%>Vs_ z$0hU4y;|vsiJJ5G1N^?+%lT`oKM(jd_2bhuXZk`V@0{V9qRge*bZA2l-yGOkB3OX4zJ#l;!c5QmmcSXQ}_Zt^d;z#|dhhTQ{FBKsjyu{xSZX zr4mum>i2%9o5hn|7%c)bnc=>yUEv6p=mL!oWtmARd>Z(=$c;P`H%80{;VwU~>d=p+ zS4F?n6zJ~~Z2Kg{4%2u(sUA#)d(7Sc=jn8_YNHmhs3sa(|8dmMrC?iGk->_Q-h@G3E#rC0G zj{KE}9N<-Y>{P-t-Y1yJmmki>ueU6jR)rpa zTJU(DBkqemWcGw^gx;go-}z$B*t7b<=KrnQ=6#ZiGXIno-9okBOpi;?LKLVqkZM6U zQJsq=c4)9D7+6SzR+ix2rNq~kFkEy#Mby4H%ibZ$-U0uMz$od@Yf7+<+ZNrNNW7WH zgbiR%3fiHp16^*fS?|AAwWzG%o`kOIGH#LOHFZDR3#e>VxTX+BWzmVt^ihLa+Sf?t zKqW~WZr=HV55JHrOmz`09>@BY)xL|$(X}0v2UV!Xm~^nKTQfsKnK=y#*BSp3(~7$P zmzdV#KVw?|e~W3cU5r`3-0oSS_!@hBb*eL|yu*x3S-Ahhd_b23DU+`*rN07}wK=Aa zEUuNFP6kS;^MMaqUG{jNLkaJLoXN`Oz#;K>V_i-#l9`}BoZfry9gZe9jQS=t_kzTl zZ^c`sHJE_MX;vLpofG&Rr!}0IbO;VZOz(vBs?0o#PQ|iYZk{7NNp}xVj)5o8>{nT9i%A!1Ox7qD@8e&ZLSMcL%C+mk0$*ATGLtJT=1YIz&;gYb0=B=r_rKzs{07 zEp&7=9^S$-k47}V7KN~FBaVSAv9$8#SF`H9ey)BtblI^6SVp5$bbfJElYpp0vVf}RilN^i z=0hphI@KXX%m;f3v@{j~-;``wz42^UATCX6wTe-+{N}D@nd^*ouw}`8%n+uUJ1q*? z)aoHYJ3Oy&8>yrx=91R_>esl^7~!r;z6arHE|z;SyrzlgEUY-s1Ai)HH}c~I@+cJn zTw<>QwJ|7*0QH-^1w1|uSMPL(|KVw5<+PrQ^sE-^aC`PC(6*|ff?42C_B*3ttflQs zIIsOsThvmT9@`hI)GFR3^s;=IU1~@Z>FZczIQS9H%*_TY$oQ47-_htks>Q3u$2=nu zfugZX=E{PJE*3Px0DRf(_poc8xv$J*pJ1`V6-nWzWs~6}3lpD}3j&m%$(gzSPGfdX z5bombU(!qlM)QkN5>32KtZ@o-IMd0fx+i8$PB}1#gAUG z5-mQk)TtcEqU5f-od#X9nrj34NUp63t>^vEN2qcS&&u;_%|N*uvBFwY8Z|7%>85<= zeV=d&D~AiVthAM?z%Qq+$Rw~%5p%AVreZ8>AJn}v%J;e7oh6FeS28AMq7uDCS-+k{ zUqtL)-pdC|Fr4Wf8e4$p9aQX~cU`|2OLww77V%J&(z7o5ZK>8EWA%GlHZhrG#PAz} zQJ`qGZ3P}J^?36jvWI#)Mlz+>k>KQ-C63Na>F(am7Y=;-Vls8fx;KLy;zG&7MK?)0 zajr|2=6j*^Q03Sm=~aLDz?4R`o(9LmTii7X5;9s5@-~Ch?JyIBQ8PK!XKGOh5ua!I4D7LNn;sJ;MOF#EdplAs;nIqet;yk) zMZ!PW8X5X;qKiwNImegi8{^*L+B;4;T#lKeyS~M{e!;gQO9eXsNqe`ave7W!ILRkO ztfTYAmYAv`;~2x4ustzWmI}w+Z>Sz5a>zHUCoU(}I|HvchOgjaEr5PU-VZn2Zf-X8 zZq!k7pEInNHh^swNT5=JD<|@;2auw%D*7PTfx%rJg|-(*N{3Q?diUIhIjrUfn?4hy{fv4IpX}E=!a38k{AvTP zuv8{QoFDQKq9XOW?Hd15eNbOBJL(B!XSB2zPRotZk}I305i_Y`Je~|44#uaB!jfBO zeH_O=MS?ce=&7hIF3|KgxdYoX-!)>lsYXu{X@N-hdyQ3U^kAmbzVEikg^|9P$<5y| z-Tq=-9f%4yyZ`&&ymS9pv6{cx#sBNdpTaJi-l#&Bg*IOdUYLpbV_R#SeXRq&xBI8b zQB&DZt2=+~fxCbpgtY#&FBJ35;&+v@P!Z|PzJ!%A|N70~ZL3wz#cj0D#Sm4+!@iMl z=WkCpZS!{`50fX1lW{w~B4=NTz5D&IE&aX1>6_$!-_l{*XM^PI36Qe$Pv6t#Ls)3n z5ns0@z1`5{Z}vm;BUKLPoL)cwdrkb8>d(vu_U$L0Z&QDqzZad|Hj|R$=#YJhIV-5H zy0Q6Y;y9Aje!t}k29k zYP*gzH)WcW_jL2Qr!1M89CIX%??##Y9XZ|ecq#-jow?I@J)fpDkIlf_J4kD{vlf+N zn^$M%m$&hSLc7*O%7nRE*^yhyXnBIC$ zV)QoKuWkPJJ6Oy6-=A-j%Z)iH;1l@5{r!fV`H2)y$>k&IA8gd)F`0Hf0sh!uqRRT7 zj{EA@|IG58#CLJ7qgKskNebu!f7$@NM3m)kpwvY`ZYr#lx?8j`7V24ki+Ai05!4eZ z4W_3Py-`c)v*{=&QMD6zRhzAdW2ZP3j`!Q5gAI-2|BU}ov7P1qo^bwroS4(6CJM>u zO-hHCsm>pzK_xwDYFA^@K;08}Dn_JOvgollX^|k_m8O#~M6rMd9mqUoIWCgpb&LvD$v32>pQh z!FKNHMFNKL)UDL2s>dxgJ0|2~1_nxiN8#e`t!ed@^B9_V3+gGv22 zbrWycv4r>!HarOth(k4;L1nCV`yHuDs;+(1()YA-lDr326@K!m6WkMmzW}zC8d?9$6j``o+r~?7%(^>Ha|+!LY&fppEL%5=d!|WB ziVvN%IA}_2Q`_&UJj0=ps$*$oI4a(xhMme%hRT!43!uZdCUay*Sx_A`Smb z#^`SybiV6x#+6osK&8a3Yh}XW@@v#lv~zB$7wvYr@=uv@|l2IdiVOfvqxt+7ISu~W!Q_F2ylB?AMqsH>^hvXgx(c`t#2cGlFv zS%9OFF0l1n6CaFl%UK9L^krtC?fP@3VXA@2gmuItlPq~MiBzUyjR@w%QW84_GF_0y_f_J33a z*CL$ug_w~CU8d3=wL&;vX5F6O=&MKNG!(;?j-l1Cafa-3-$I>8o$Y0{`CuRaHe;gMl8H7GHQmBpGMt|~i>vTPiL*G!o16vU zAUTqPVINrjT-JVto+A-$6Jr|`LU)obEq&tQY!eiTWA4U~MS(iL`12&Q_SWHvG@JG- z(oS3ej0@?31b?fzT5=R*^zv^7(3?y@!*QIHAp|DD3haw26$t4y<;X2G6~{p6+KMzl z4?|8NY$`%-AWJQMH-$v6>)D~~Y}TQ>*X!p%0rO*bZ=;*C&MFyw&f#Q%h1(%Pa?9jY;=tqm& z8Z}=QJNH8AOj2FhMXSt8xb=wdwEkQ}{K))h(UD$9EL5>O(fgT%34ZSld&hu2m;Huk zQMd;3d`$CuKVVUPsy3f`*yjwTBcixZ;C`mR;+kX>pC45fcwY=L7qe|Ig~%MxTD2lV zHtezdbDc+ zPpfFGS1c5V!xGZ{(KD~EE`fws9A17;C+0}H`<6y1D!a^CgPHtYH%H%No(2xOMM6x| zN3xMVmaAMIkBUCKnCdttp#ppjD?0!$!VoU?qtl`X>k&rv_x*j6(>lhf$`TloMQxl9 z5I}p%BwM$#G)wI`*gLx4jSeoX&wrg4r>*e9Spq+C@9^+79u~1oWI7=|$0B1cDhHCe z6r*?O#0V+b?_1_B6>;T&#(%2uRtoowYjUB5~1K9}zDK$Mg>Dy3bA4BbaMCbAe3wai3GHcz#BX^__f_3p!dn))~vr z)6D>Hb$=XOhfi4D0+wFz_ue*kr-pMcp>QZX!T$bv3fjrZGuEj@SXecmOABy=a)WDd zXD!lOCy~U38J!72mL_i6=53ua-Duq>XeY(kk|&M*tx0=BEYEweo(6(3&q(AM!LxtX z{hFOsWr0b25sY~w=q!hMMqA=Nk$uuT2hE_Sc1^COEsY%CdB>8JLdHDaUCQMeLe zMDH7><@bks&IUb8BdhC{8JV@g*Qt)no_{&i6X#H&0+Ex`Vkv-je8-p-nOJro5Wx!!7hK@pNUc=5WXD9>F_FcXQwu5s%=*tBQbbUG=9mmiQRcr7G8Q|EDhN{a6!; zRXmp^@K55ephA`B6h-a#HH#jj8imDgMZ{2-GgY+_eZz&(dVq4&^-;3TO3Ema1Ja3R zjfsI%A#J}}k;t|>Si%$ zX4X?GeJ7*3K^+{d*Mvv=WrYBdb4G6d5dWGPo(H@=^=d~gfq9bXWbr5lV6Y z%IKbU`yDe&i1a?7^V0aB{%(QKSn_x|1#CLw%@R`g;VJmtMyy4wI#5h^+=Q#>xE!M*_LU^&B;THBF~3YI7?q*DTu zmYOk)i}g&O#|wxF+-)^IXw59IQjXl{auA&$~y8+Nw^kE0)_3LHC+NE;~Q%IXD1@dgE1H zR_&hINaEW3Yp$~&sK%Kq&rB(vbe1~KRD|33#=o2X{QPfy&i`%Q73B%5oa-1X3bs$@ z179VQx?1tZTSyv9(HC#eeqeax6-Y)0R}%X^jQ;Tf!51l>mg`2(6Bb|lQXnOAL4mp9 zFYUE-{c6b))Y(T5WA08;89~SP-}115i~9bq0#bH(JIC%;BaoZw6)g2OCB)pzZ{+k-tqu z+@{21CiZ3;K(>NTC4@<<>q>9y>ttXy80>z1%{;m;s9V1@fM7$7qpDUS9{b%_7>f^* z+*Hlt>f`YX9B=YNvI{<<2=iTOyO^*ZRo-!oQD~c=xZ} zOM2I)^Ui<{(Km)_v^}u?&bz5jJF$GixMeqHxoYswR#kp#EW~fnymdEPe!vjpILR6D zt^hHSVi~rdE%c0oK%(lzUM%uyIhcq8d@KZ1RvV29sdW~?rAfhYmP}ghgs!d)S zz$ur;y&U2JErU$lEwz6hN7oXb8uY;=g*%eXI;6IsFOuJ$)w#*Enk2n``Z;7R&KefN zGADU2_%B>nE1bp=Bfy;{;0es8?3pkkpny+Mj}fzX=` zkdjbB=%7*pp-Kr=;8p>p_ZFIz5J)J}ODKX;Lug4r2t`ULp@V>c;K|<4`|f8y`#Jl( zX^e za_jG$e-Y1e>qrPB&QC-1#so+FHH{gWuNhs_jPD;eK^v+$-N^F;!7l|~-SZSkbVF$m z95WVcux88sVkTM0To|JZAEQjK2Yo(7Y-N&2Ma3VJgRx)eg|fGlMcHb*8Vw6g52Bhb zig~|rinbSl%4^+k3S3GxLVVAGVe%*pMns^7kY$>Ba{okPFbad?6ls~q( zn;M{-lwQSXmMPcr*2jxnh;LseLrauU1}-&5TUnWYEY5h+)es8Ov;=OyzIJIA)1D|_ zmR)5?bxX7{>#yZ~U>35=^J444u&EG%(OGSg$Wto|zhFRjJk} zI>woC{MsZ=1SXrQfst>RM>7kX#t^@ivyd#{+#>8&qjEu%xV30~vlHV$AL7MK_*_f= zY-Jlfq}*Y1y-wuD3B~46Lb)-J?~SLeNU+2E$I~Xsi}nkN$+3wF!h#b*X-?taCViia zS6HGa5mcQ2zOIes+gRD&?38J8LT=zS5%EH^B(th+Bh@eh_-F5vNCd;idSV!vE|K-W z(4Fu63%*$Q@7bA^auD@)@2GFCj9RfYm@5hO;zf(M&*EBJ4(%_PxQQZO)k$l$C>WhV zkgK>2X3eV&adi*(Fl7 z+eMizkVCKf-0aFsL-BB9PRn7NR1dwq9=Yp(cF3o)YY$s_JjM5T!Y;dcJj8JpcQjuj z&X|sXR4j$5fdiimN^G&R$a6u}ALkab(%$Jcxe%i@su{+Z?}Z<$P|D@+H$|x0}OjQD?SJoK0TFG)lg8XM>0=w>NadStN}FX)b}{ z`OT|bv)(hyGXTYmWA+AaU--w?b?wfYX-M3ak@{^nNq2JS`|65^gBI!SfIZjxrf*7h z;#1ZR@!06GtRQ&)o5N2dJh4)7;?>{c|Zv*y- zS?$q=mjR&`GkyVj)7h7gpJ&nx(kdNBYLG&tGkr?*^DO8{i~!=|U;p+R|8EBFCN68u zJQd~M;ESFV@w*#m6p$L{Bkz~sv%cKkeKlzJ&iJ1+j=Nf}vs$TExn-brhdO%t9??DU zbi95{@XUD!m3o?WqzF`Ea#sGoUheWmZ&RlFm3SAO!V&uF75CdJ_Iv3mQhly&a^GeN-CRDNR}RLg&MOJ;#a-rZe&VRa56TlzQ`y^BB#>k~S z)M9N5lHcBs-=Ul#Xx+)@;79YeZy)#!9AkQ4x7+RM?YX`>zuM-wh;3_6 z(Fb#LlJjd_m)7|+iqx-CY;_4Pp>#&q( znC_EPMTHs&u0+KBG`8%1+c}2>j_9#@bq$WmGXJJ~t)X!{FOQ#~%dW|5b&iYYkh?%c zVp)ao{y`F_>5twib1k;E{#4UD>OiT>!3>fi%{j=2TFt9c62`%1n>+ihMp^Mj%s-M> zKn$KX?(!cPYo^Bgp#@t|64FwqPW4YzG4-uN$adctWwN-?!og`O)$%dciDt8w@21fC zt=uPDA>T?;#QOHThA6=tX@8AcFakbI4?I^~-6yXN8HWIFK2jVrcR-~A615fWl%mi@ zJ84e|AZ`mwU=k)sn&(-m0LM#w;S#&_}zX;7>p#H9x9P*g!WWB z1tHwq-A#Cr>YQIU&b*s40p4GhpD*Qcm{u(#_f7}!4aC>D>|ON4!P5|r-*o0oaL{d?ao%C%@EgmX{~-L%Yc=<~HI<`?s-Agm1WZc*9eyQzb8`%sgF#uSvf|s3Ubj>$Z4Topn-T*c3}b zNmnzL)(bR$&{N%c$z3zc&mEH13L;_ZsReeWG+{!#tsVQ$%)7I}^3_89`HJ$UOmyL- z(pao<7nAz?P+>1b35v1uM0K4w$ldsKUn(Q>05-rm((A7aGIxAj4+UWFrL6b69R}35 z&k&N_bPA{C>S~_X8zJwXt=GRO7`735HcIcZyGsG~Cc1msJ(|V7ljP zCmQHxktJn}hZtJ>SWR|L59$dQ+hyejkds5J$qNNk78th5xofH`2ES$+1Hj%jS?(!Fju@sKxO_R5v_P0>e;r`>fyQ7B&j^QQkb=J624hbh%rb>{-0K521WlwRsN=O%X9^y*>qw z87;=pe7y_lm%eM7^}wdR$&^mKu1*eO7@-D$_pyVhI%A@%tPN=j5(t=y`)B#A@}|JJT7LDxwSn}u zKWn(gK3)2w9zb!L{Bc5HfUGOk#k-7c1;uhAaqiEZZC<<0LMrST-l5`!*TBh!Uxy(8 zBO~~-Wg#eWWWiZ5N8haYLwrY+BmMfIqIMqNOA>5oCqx+GD1g!%GI5Tv>m7I+@L=YJ zb$9a*!WdKACs~@TCFt!?FUMp~iE|;j{x{v1H4~UTNsa910_y&zIRSSeGjoAZI({71 zgpuM-NI{bH_V=VKC?N?;(8@__6Y#{MqK+dPPQy{(g2>Vw$6|o8hN;E2wgI*Q^8v^{ zO-#3?eCdEgb>>z1k_?1%L5rYBWVcA!W&JDL{r&-Fw z5Zf7%u}zrt^t{xklL+0J@O=EkwYvf3S9$C-{kjc0fCBj1wWOb)(2dirsCQzMG7)SS zIm5;_?OqXFuDRhZDzau_H7qe=Yg!+|_HcllI|o@KyHOI>H6_mbQ{QqBf|(x>1&WHn zPgoFPnCEva=;LC>l*_l0js?AZa7(anq+|UErLMbxg z=+#NYyzo-7OF^!cNCj*n+fOhuc?#G&=HZd6YhIN>n4caTNo`P=&1_-{Z~l*yBP*f; zUZGoaGJ9giHuEJ1#EnPwCay9X!VOExoz2-KG{5@)rW1E?sbP6>O+8W=60kuQE~u&% zO%s6bw0LB$Y)%Vyg%dQQ1)XZ&_7SPFus=s7t!Q@|SQF^F*SIk$%v)0??#h1PvMUxc z@L&?{c!Sl`Q^^D`?_RW%+mvhfTKBrR15ns9t^Bf~{}&F5#o3FF0C_fO?$$a(mktr` zrPLzInmS@@Y`IfmPTUlI3r8sB_)@F9wY`$#k@?H3!|;K$24=jEgN&~S@NO(?1=xy! z8=vUND{#JrbWsEvHT$mOpyk#Rzud>IW#<;=-qlv0iU#J^RQV?SKziHtTTR*!NF7cN z++et+S@F`xaft>uPvnTL8Pjv~wtV0A?zj!ki|-O=d!qoy!NPkHYmbEbn!K`E!qRaL zjee=K>I~+=->X1bkp4ZjvG`@{dWx(YdBgtzABjez7{~F-?CVGMr&VcFdKCvlx7OFv z?099zLnmo2s`_qCEN+HX@vajHbl!|Ns9Rah4L%_^4b~1?JW`imth6(<$oH_%VY6m= zO7Il5sAgEOuu-bFr2uYb4veZ)P{#EQQh}v{HBS2KZ1m7vsV_Ff(lPkdW))DGd1=qD zQbRqO%^hMh6kGT1;aXt0QhiMp35K%G9(3OLhT5^Ez)j!B#?gOP_MLcVDw$i6Y~q?# zwn0WNr}A^jxo6`fn)~(Hbr8>x{7{5bk3H{o6s{nu!j##NNtPsa>(-Er%E*lzpscB} z;ZwbF8Jc_p8j#PU+NEc;bPZWK?MO1p(XKvlGGSf>-3+)g6|Xpy{<_`rO8OUJDoCnHI^|n0-%=Tp3ePYVk@C z(m51Ck;BBbF%z64cb%~D&zWPdEDitlZ~yoIF>vMF?y~we_AE>NQ0x3P%X-uAFzKFT z*Mtd+)~21MJ$LHYfR=B!3&Tk-o0@3f_(|*i{sfO$qTN@$DH{Atz;4XR{ubMVb?ZpA z!oQ{SCZwK!AV3UN(^cM;XRA2}|2@ao`?nmQ#Y#`b@}vT}CQIn>{@;>(F;OBty)UN< zyOxcwr!93ph{^JAq#Ym2WUdm8E83qT!{yd#tuwq+fdoMW>IO%&wbV(4AxA#DF0Guu z12S9c4wz!Gi{sHeRXDK0WbNqAJ6^tSwGoWfEpX&!4(?P|%z=4L#9<83pZ~Gie-7wB zxX-QL|2+Fj;w~=w$UAjztLYci&_6;Ao7N6Z8+|U3{&~{>DrQZs1S&U> zDx&JZ#mIzIKXcT1dop7uy^czbf^xpvX?Q>1wmG5u$E>}C2=n%CEi zE{8+du!$7oCM9Fp;wxaNu=VCQw9fGfNg^NBZ2VCsSDPxU#3)u=)8JI=C#_+o(}(Ox zsBRV3B#4T&-fR`|7gGCb`WO2~y=R@ekGe>W*3bSJtcaR8{@XoZqd5BZBVV6myvPqi z>pk6Cn>U6|Vl6>+#5;UW$IpbnWNL94A)GW-gdamsrs~A6|G7CdR`D@0NL;DL;k!#` zDzq(gVB=3R-{RARZnF_Hv22AI=B7V(i`Ubh;gk|5_-nK|@&SJ+S;fVwVBR%&QXS11 zH$+--KFb4n=8q>nT8e?;KGxs1KyuR>u?&gse$d@4eNU@O`z*xDi?`g);!D;S{KvWM zI4mOyum1|#mrdvhI`o~P^cj7*isL(|ct}iY2sf--(}8IA11b!1_5D}dCQ1tSld572 zi-@95`6}DL=|oKE@tv2_n+%%Yb~V@50pM*x8tZ_UJ~J4D(sk+b#=(Qya+jBs-r6#8 z>M6;=o}v6ZHs+-z`mv936U>ikETxH%6$gBp?1g=i%(~Np!DI^*s`MoP5O`lcb%e$` zb{}@vFj=Pr;sf8n58WP%tgqtyhEX1?Y_5r(M{%lV zcQ9ORz@TvxA`Kc^Z?jmPb?>1b7%C=%U@RcmTVu<`hA1l7cWhmgv$aZ0PupM!?~xEE@_)zM$ctE-4tb$ENuFpZq=p*oiy(Ykxvo;% zzSV9hdsa(Us$?a)G!Jxu#IyYzz*7|?7|h$+RPoWBOa~*^k!UT(^xUTgMoyP(y(@)p zgq*1tDiFce_&b2W$Bz_6aVC4LcZigb22f2-alwzt=`Sg(buk{UmbJ@3Wa=~HoXOQs z2nJL~%nP((HvjXcyw@`~XD^3WxHJ#e=ghm3qpU}Tn+mUxFiuvwWY5Z?-5}rfItf6A zkzli{OOmr)(Xh9&oI3*RT;q2|_sX9&2?L*Q7R^99W^nz05zwZEJ=Mx0aG2+k(t9FS zGpcy^0}|Iop1A$JaNNiR(5HYhHos>(3DyTpc?+fATdWt7zY)fU?_WDWNMBBGyZo!f z=W@`lRd7Kp%|lE(k8s1_q2teMPyY+)^yNY#c*ERr==mA=l*b2sam7P@R=5l(LCvXn z?<0#<7NhPdwRf8ogAu2e*oi72>$jF!D`J#5#KJB4S*g08MpA>5aYj>+Y1!lkA+Wc6K#Z>oa6U0*f(%JH>X#1qLTP|s?gd$999H*7{*Gyi=JCB3iXEwSg zE=43OZoUro2RPS6^qSspz4LbTeo}HnUzS8>ZkYPIbO7KI~k)>i4W4W1n*| za-?B|CN<_6cYw(1H;E(~b+MI`T?`hzKM;Crbz1BDf1pR5e9Sk=<#o$BEA>fuw8Zke z@HOLRaDb3CbJ{ytey6eWyOg>T;D(%>@SsAdUbFt!2~j`NPJuJI9OSqbTlWZm8nc$# zJf>f;m?np(&_@`65l>gcg?(CtAGV6) zAYB-D+icNbsS;!MS@ZMvNTfy<%%Wc(8tswfCS#wFW-O2kVK$a94Kz7)6LQb!0t6iz zq&l~T{A?>m1HLwby0x>`BNJzh_&qqY>PywU#$*MiX@j$7b2fTRfj!>2CMHV9lp&4Oy+iuq=gM~ftUBCVBPUS?+9oWdeXj3Q|+ zln#rp4Tg)ATGp=*n02%o&C$zHCM-W&g57IX?vKL;HtBp zIgL2ym^?*gxjcnx4|GILf_|wPg4F6vh$jA1@p>hzsny~V7O~R31r!${$zj*H_u3SV zQ@3#2{l0Xd64cdrVa$KG*M1sdq%RY;n5Mm)AmZxX{{{=UY!!XNX*GJWGGcaB9ZXd5 zR(pn~h_W7;8nQ1PVuXXm6V|V^)z^qCbs$MAS1jFbxuR2|vi!SxH2Rdg`|~^L-IoRk z(LYurt1o%uO=Csx&X-xc65UUhw#)Tu*$th1zW#I(|5~U0WqivD1Nb28G$D|q;)8bj z6A>-UpL{|6HigZ@WE?pj+BntM+*fSTsc`T;ciK|Q`MSu-()jsOfka}Y*xh1l0|+7>4lTm8SrhZMpFPW zM{v_7JO$=j)3_0|i?T#pvLfdUbn{_sOjqB|AsYkBO3ImUrJ8zO3X#us_TXE=Jq$#W zBm{~lATiPJcHWUU$B_0G8opQu<2*3hr#8*umC**KV4$MOi4q-dpC*oWa|D|87TKv( zcPVyCH@;7ehFeXFeI5c6xZLzTREG}bK!uip=7fvb*Wj{dflJ@87-mt>TEzn!Y{u?W zs!3_tivmDIF!MoCp}e!Evp0wr{>P-Gnz7B%b82q}mE|@z+lhVd4@lA>9a0k4z5hIW z>Ztwgjw7~H_HrxYZ1z#%z!!Av{rMQn7QvBbK*sX9)w40DQ?cL>lXBOY&ANBy<5`v2 zTaM26f)-&!l-hS|<2I&%m-LQ~cW39B@~1s9u{6{O)@Vx%PibcOjBq0q`1h}t19~$i z^B^vs;)xj~@gngoU-%tr^n*f9I0$i2fc~^uY+fi6ASaP02RR=;d!zqKgC88~a#b_X z`?KtZjZ3J2e0>ghC!AvgnA7Sg5YQT}ES+fvnkgE0k8bREsk@89K5p5?q1h>FrhufO|ePYIG=EgDA-2wIpnLe=--p(}hr9?$k8k2V+ zheOOu;*;#l|5?WSHxE1i$0d|SIlf0&rN2js3)`#Y>pi>h|Hmctj}N`XL%6P7bw`wl zf=@gAmyxg_8m-?2F)LTU2(UNQZWKnb_t@X7zDXWb+uVSPQDm_k(fb;5rQ~j?EuU0_ zv6k3?mdgIDq(zO_S*9qYF1o1 zow1w2M4E0wN2hhY6BnE{;dvLb4t{UaKA#7-RBmoCiRcxLt#+*Y>(!F+;PdcN-s_*ad%P7&N@GKnh{SRUtqXVXhBT5eky1Ofjv}g{dX`-Qu zjfwHD{Y%SzKL>;_Hzo&%RprGKyE9SiQxX?w^Ai3xkHq?9?b~p(CWwo(JNAy&naR)b zyriNhOxvZ#DvZvaz*e9*_EPJ#@x~Ezn(U>N!An`< zux2Uaqa@c785+U&s-()sNmaqlaW_rP*uq(#?Dwd6UnV5l-?zVfVX2fREJ&N&19Q)I z8~(aaYm-<1g7|TA@Z(pmZ>)|}Mgzoby(?Hd?*QGTz66<k7{lKX%s)srBU}GuhMg*u{LB53ntO-7nOG z`x=jFGIih9nFB1vyzC&;9Z=5Suso@QUFUSq9lKK9ujpE#_taCx}JRny$hCfk+DqrPM z@SlVU7|~Fu?yNxf=r~wPqPByFE7{P`z(VDs;9FpE41cb&z=xoZWL6TxKz;d|+IVq8 z0a*^onCxa*>zl0>UNl^y$2GdjJT~P@6&_xPZGd$^%miQu4FJ!+_i*{2_iFZs6y6hU zi^E?Jd)h)28gEF(j<*kPKHO~t@8g(Th-ZF0c zccqtA(DlKIce8%ejXlLT;As|p+o-Q6{fP}~&(TjBGkt;&F20_T$Iv?@Fu7CWyu^Fudv-hf~Gb8sjbLVO{b)=sa&3&Oh>EqO7OT+ip1!g7Fc$>z0b7R!A1^5ronZBu9CHMMm zydf}3Hb~ALA`=F7l#c_Qg4I_h+O2Km=)s#0aYhv2j6!MD=Eu#-NKAT~K-tihFU~Rs z7$z&ZHFG4Hy^pnCgQSz3H5A4xuf#9E5R!Z>`XQisHAZY{r6DBmh`4U5raCE_UY>0` z`kPL3YX;gFBMvS3k0FwpYQLz%XQG?UISu=mcP_R;m$v%Sv82-a@MsU>W>DgZF98hD)~9tlhS@r<2132fiDfXQU@03vDc>xgrvqRn2slhr zM(P%hl-UuPH%R$0l{$6i4yE~02{sq=IWoXvps(W0cX(sBpz(gQNl5&Xb;2)wF8$By zw_AH$=2(N33w}bT+I_4xO;v^0M>bD(jhk9<)psN3zTb_sS*Y8NR?FVTG=;1*O;rR! zlDGJ0x{zg98u7urG5Va1pDZa;dInL$DAGe@H)peMlA)eySBtV5frYFq0r{iCA~haX zh5>BmqXr=Rd=7u`D|-Ykn_=FX8R(hVVEolv)3#e?-p=dZp{Ze)YCpQ9*jx6izKNT4 zr;646G{pv*6%}YQU|1r38-h#0E-Z?QUY`_~R0?DjST#2yw>tMdrnCynl!L05^NBpw zm5`hUh!69t7;2{jzjcq4gH*})bfzV~_7U$Isdx!HQKp5jv)wA%l(i=Gy!*meyxI&U z{xtUJH(hn7b$hxj4Ed|e-pXwC4B9jbv#1vV$W~;HW+r29I?s^>G8>G>YRlJv<$`G= z)ya>8;~G~B`2%QP}+i*INrE~!SctVb8>p-Qo9 z_a@o83u-AY^W;%vOrAlt=Ii=8dbmx7c!eBvZ0r>d1eDUq3ohxnI!UyTg4fFm)}n(w z=jd?ynH`-*|F7N0FPhfOA?P$4ruRM0IA*MsF=~=4xov$;tZg(BT73@_UorYy^ zp#tMXK7m_T_pg%mS(k!8Rw4|0H#RXae5hf{dV{?=M5hZnQ0u-d4l4zhLik~NL~~ZD zsG7mK&gJtzk$`mqa_=|Y2?)G!!BgF{b@~h?wXO}a+pt>oX18Egfol(#0)8OG|A>Bs zno2`T3K=<=xAJ5`>HXGfUD7aU2>7sm8^Hv~q~(Em0sh|If_krXBS+kYPucLdxSL{7 z;NNs1^V?ZXTxKUhry#p;Y3EwVvfmUfmZz&yKfx#4EP6Th#}8QXrqaTb`_Vw0iiewt zo$plo1;TWSlK6G|(z>gUQ)Zxjpqg|h4FBlIqCZiWBP!@Ul|(+|NZ5*Gt7khnG7ijz zyowvx4OvLb72JGEP~Z4ApsC(F8-I_>Fy`R)V`9V)ae4a!( zR@U8yy%DK!oS$65SK#q#MnP$(V3eSsBV!22q-Ty1`*CaO*P>6W2*ngSeJn8*S%9{) zox=AQ;-A_vG3$Z2TPi+J6-Gh3vap{z;}BiQ=YmRDuR4ooeH^y64ZvWsuG`qRZmC?x zvM5;*e=U2(WY^^0tYMI1hm z_=L|*nrb@vZtBuDj@z%OA&zCzrP(SGJU*x6(lg2qN$RrOONy{;Gt#bZ63E@2w+8dm zQxUfO3WDpO?wfeIb;hmxiPB}a$^A3v8ynLANo3)FzW9uY%{xgk*AM@g`_3y_v6`P%E|muImkY|Ip3ge?I-cA3Z;G+4sb3bCKdfjn+#ZtZTP*HmS@lw+v4H z(3{Gk93*KVY|-8&HXN1Q#ZqjidJ9RPwEJr6k;9S)d#8xxeKsD9In#`6{|15as;2## z{};dMd^>AXyMUj%h6#Y$jcZ9VCQx!jc^qi{U zcJ#Ex(aI*<%Jdh=R*l^!jhqB63=9_*;BRYy$2Kc}iD5 z=805v2$K^YpjX=LAN_@RFnwBNEq#B~1d)$V)KmyQg)kclX7wr90g|G5)uu|YBK#udc+4E<{O6OaTB-BPUBSMRY zR^ONWsdO)Od;?&AL-O^FBZC#j!^OrE4Ni`;WcA`ZAOHH$E+h~7*{+WZTYL(7w!1a{T~C_sP`1jjvYQv#2Xw5ua~*12*rA+{r0g%$x-f;1V=tAdVzTg>4hp*YQfbgdVbm2_Czs!n~P-!$LeR;WzTVP(SqER-;*3b(tl$lxG!Z`8B(=urz= zj>V|x(9BduDOhRSQ8PEUnM!b`=TD9-&aB?;6b5m`&rWYBY+c>QP6e-w()}yfoO|v3 z^FY9`_{YgJ(pYHEPoq>*Ao0GK%jUFkrDd~)RdU&esM_cHOp{97myZe?QJpy;xCm1@ zzfeq-kLa}G#sKwcwN4NZE#X-bmcf0c-lYYcpc``&Z-{jNoy-fc)<3uE985MJ> zRIhn`7eG~R70qKuZ34PQ69=vp0#X*#L}m1JC(Qu zjLP@U`#}CrH?&#tSvBtOk%WKWQovJj4pfT?z#eqmxxx&R@8m z*WyBQr&)daRkfsPO$q}Is%lAHwbgPjpSi)G4>>qZ3p;3Iot|YU(dt2A=fz&v^B7F| zN@Uh17m~n32~(;>23d}>0$m{ zsW|~LKDJv0j0SDr@wZmhFTlJxp=*Qj9=6f$i~@NCjTWI^&v2nh z%f1!6#T({W>CNJ>PifC|`Sag~faCVBk7o^RS7b@J-Ltoh+9Y9M>lmZSE4Sb z8N1uI5d#af@wn5?Bys$s%zR8|Jm^d&-czZ!ttn909+m4Z^%Ru`n-kkXm|X%KF(JIW z)_-K8RV}*z>KlVL$#Osl0}_7X$>yhAoZtL=ZrQ``*E)i`9oXv|-CffPNE}RI3ErG8 z3PT)?nY{O(>4${etg4w=nf}g-Kh$+Fbg^HJ7Kfg|zNBe4duz76Qq3{NrG*=%)e?$Y zRo7iu!(xrig((Pe?y{6^Ljh*(ho67b@p+vzigGfMY*b6sUQuVOW%a@Xr`_k=m2{jN zy2Wco%K;8zyBeBhsh+T+g{ZU;p#nCDwtX6$CG+8@>$IQN-t*16-LKPy$JWHpKOUYR z{PKD~wzPbNeCnq9qwi(Z(nlW}tV;Z9z7j4n7wBQ&9QR3w)3voqfaHhN!^l@jj1lcg zr521cfM_*w9P{wIx(pT2!<5a<5ChhY4GP>sP5tYUW?_sB-n^ZCmTp6FH8 z9{$mAP$BSYh_}@bTIn|3lu@tSAK4dm9Lv8`Su9NiUq@-jhmCSx7 z@-o5R7S|i&UC0G^V?8i{0Fj+6C`H(o1;{OxWJYFm3t?h3O1J_l|Dx0L^Oe*|E&NTl zbVE7l!j3Lde{9p6mV`grbX(Q>qph-f_M{zOy&jg>(fIlAMeH06p;Q3jzZ9{D{<(NGQVA7O_4#QS3?my5a5RRoAu)wUf!pKy5ok zqI#lG>6>ECn8Em#yn|u+2-A|4%r@8#58U{SYX-kfQD!vF<#CiJ!SUeS%9gx29bd6Z z!?BvzXSx;CoXTbFn{Qq%BMVA{-nrJErpx#}?=#}MISBP(O>rhvAVn2-Doay@{IRz8 zwd=x*)y#d4lB*`^2_E0m!J1{oXth6BZ1f zEE~NDH0>YWyCaalgtIm4bbt|YSVpTWWZ7D#Bw&>jb-CWlDoUhm_^mhYiOw@T{m&*S z{gekI@hiYHKgWa`z`taHiFieW=lMJ3Ca8Io2uR8#8d+oU4xLOOKuNa+UIGVJaO@R$dMy)j`C7^LmSWIVA(pr)+_mI-& zTJOYwGss|0zgsatENQzDyzxiDj9Y&5*`_LtlEXU%U))4Bj^wI@#P+6aEP*OUe|6W# zp7K@q&lrDCe^l;OGA51ZPu3LwX-V^Jg}ocYcwH))bzy_cMahJ_X+=+iKAmuT2C0?+ zRkmE%>Th8nuka)<1tS=LqJ~62{zJLxC$}V<*zbFkm_KiMP@0_M3dUj!PT59TeNyEr zj(3P%KeJyHxLKEL0=uQURtt)-{GKxI8x?(1LV%zPP!BnLRoDymkwp)fXWWY!$ZKcT z#wbyvADLk;q_q(9f=ReTA4jl874n=}gJoD5-mr?tnyJf}GMSudKn5rnggqe||MTwn z-?m1|PV?c>bnhKgh7j=Zbxh~;jk2NE(2e^}ZK|hSeJ97N&I?MwY1Cjq)V0~WCvl8l&$ZfdpQGrg}HZ?e$xSd_P55XO6F}s-P#J5td>(vhN|!F zg&y~2)*t2XZG|xZ%nLA*TgL4_^J9{TZ~I)C)$LufH@Eld=X+H#*pgS0H|=hzTd{QM z6=ZOltvtAoc(N76>!x4*?{MG$ytscGpWl5DHXKv)n284RqM7gVvTNRo=(>GEltBAML$UWyPBNwbiv%yi816@72X*1R( z3zUMebSqoR68cQ%^adb68%Jl);)-WM>CN1xb3)qXLLiiAnI%CX$3s{Hn<>_fZ(hTO z0sGy+CIe8XtSpEnM$(!F%Q2g((_7Hf!Dwgo{YWe;##`8y#m%G!qf?mSk-Hbl#Z?l< zoOHh!nfSnSn^DvByn?+Ytt`{p%~tmxX)hvFZVPUCTyJRbc1G-5)s81bF1EXHr8#zC zt{|kS8vRb0)TdvTJ=AX;7Wz;Tbt)~Sq{ziq7tRg+Xp>t2Up@*zZ=dgFh}ILI;yd1& zKgDlavVp)I0gs3K()EK~5IbFm6#6BFI(KEw#-*t;WAUsvQ8Cm*D=rf!eeNm~Go85> z0dw{*5!rIxW**lszvcQ(m({m;`2JaYN)5T(f<^_AoGPH)vIa~Qcoxq9#&1del%LM^-H%4(wGMsApE>hlgQx&9sD2e86N-!QVehKl1=nd$rc=f1=OHN#$YNg88hXMvT z4g#irad^(QH-ye8w(G2gsy3R=U_;O2jvTAGnu3TPu4k|enf0CTxVY0(?AZ?f7`)uT za5C=kJs?!<;EA7PVC+U7UglD8uF8L2<@Leb^T3T?HzX+)emWeE@Q7+J0Y~=5-TSLME@*<*KPn}s~P zJeO_*#>HaE-K#;8097^#m4#Ts4Xr(6^a$)P-7BmDwikm>r-+Syt%}qir}DbEu48dv zAGzPGSk4v=%Qc&%bT=-3$zpvJEPznh7lh>v+++QjDvKJzA8n15Z@2VRD_7!y<6G`e zz8?hhu8NKHl*;Ixy<~6rT5@#Mu6j&rW6L;rvQ)fw*uc9Tq?Yg_&1r#{SseNx#&X{H z^{?67Q|H;M13|odVE73+;iqcevp`*dCsmK2o}nqeBcc}KF%(kg5x%6Fa8%lSy3zak z&QOs#6fFrHu}~^*21~!h3!{7m-*fh`O`3@^S#!u?RC@cdK7_gq^5~Gpqe-xvHpScm zuI9g|#CL1r%Aqx>t{b@1bgR&r^D9L#z+(!(biYR5==Ie2Qn6AkIf_;g)F3ywyz|+z z?u`|C+81Pb$C5o{s{0gSVZ!rNZDw>ODB zsu^MDDKiQb&CTa+3$Op~c;8U<{;y9;-)&bapHzugf3F>rzI$UE<+HLVbycT)J~ zUF!CjhRjeky{2hh@*9M!4>N!LFt9nsO}g{HDVPrsi4XhxAJREgODN z88pUq8-a*JL+-(Sw@+yKadp`-4&w(dF%OIfAT-$MZD$;9=h;yt&pgo)j0eLM%V<~57s z3JCk2!28ypD1err1j9ly8?TVV`}Uun5|JHWPu{EDIk-5YP^yAAT4w*p0{=O<@KyfR zkCYc4jchk4UBi#g?w_g>gN@=X>VM$g-h~9JmrU)SV5XGLJOB01v;J4{&8rlt;oOzV zU_t6Bg;`h`m2cwQNQvD5o7x&X!c~+79H+UqI^EW5fvlJqJ72Y= zXI;@j*F1}Ql@^?ks4&Q3O?d(vC(t)l8o6`ikFc>`DESr`)xaP1TG4)|y)h9v6O9K5 zUHo!V8-XmZcB@ zv{sK@(yG@mwO_Es{zd0zM1xdJz=v- z#?!4xw`1FIB=WE4F*0(cm1W_nPDgS(y{sFo$CdL!W8p_81(RbeW#OG;1(SoBrxAn6 zuPP`7&)R}y{cLe1F&~N(EZW5_4Kp68h!*8=lhZXWjzJrCG1)zqJ!8jZ#-?`{oS`Ze z6KT5*_b!3Iw9SS%rmM6P>T?wN=E_w&lW-zl+8mt*Ty48c3ZJtwYIzaTr_;|q?Zin< zR~3=_e`41vl6&Up7?mWwn>C+(S?wqm zTd&HgcO^$8Fn4{IQf3GfU^n?F%smb<6No+4WRSy|QoUm*2N|s3=q?XXffgi>u1XKY z#J#-W^vPKD?tNns@yaKKmU7dAIgc9LCLv1U5AzKt8c;?~wH8kRupelkMD7RxQH26$ zGys`zfy}|$!UAb#w5Afec$A1AlU1gv*BH{I4k2t199<#yB+dESO~g&>AouY;xs$8N z$yb?*ML9~>Tdlpp7PoQ~I-=LTFf(T|pYfFWJokNFzZT;rkK5o&qSJ?t$$=j; zw4nu~EotdBKK+b@fLLL{5JU96+jduD>8NPfbDZFsSHJL_Xn3#oXxROJ+>&Tz|_ zdu%K*PLdzdrR$>nwr|?E`7sV}I_C;ZvZa`yi(%bauh;KkI#hJ&Yv5t|x2hlJlrCK9Y>%0*>W zfTOxE{(ag*yj?pjMNUeuO}CrH@Sg-r(4Tb%!=>ErAh9wqm+N8ESck6z_IJ#$U{UoVFEI3FxqwvK6p9)-bP&$xzuwOt<%dhyB>?#VRB71M{30T9`~W98dyfJqV^< zgr4>gcpKcrPeGgzA`ZeyZc$hF z-V#*{nr%Q?rdBK_3S^Rki^6?Y-qQmCkE}~$lS#dZ2O~>Ob`!}X$rS)mw!ZSjwhg2$S#>Z#(8yXsLIVlD%q-&3ULr%HaG zDrqBHAf!jhi(LJD3!DdqMYok>2Nn(8h$c}5o5roXv?mr46mDv1-(ZiW{TJ`&u?y)o z994Cu9X*EWQ&)GgZ?*edM#n}O+Qn$dvLUkCW&Aqa)6Rio z`nPv=Q*y@5)zlLbL6Kf&v{9dm zUqk2l9I`-Of|WP*iWe)tZg?9dAHT6ma(dt%^s(P;)b8og+~l0XBH~)&;}_sF!C>*J z*ya*LmHvlZ*}os*v7ACjmNPy%>mq6o$Qsam^UV1&Jba^egBYoPHawa0MMV!Ga{&(2 zfmlqW1y9QtS7hkO>}{-)Ml-v}&E*@PXlo|m{GOf?JVBcrq1QV&>q>nsxmK0RYG?p| zT#?Yrpbn5p%uWq*F-#372XLR)DF;Gch3(z@IK1=6F(`bMgY?>MVpPqc+H(?4y9Qy` zO7^7&FI>a&XkLha@CQwSrw)?%Kv~bgHQm51<|b3ek|1ibW~i|381+qU#e$&)^L5^@ zz{A7eDyDr?oBuFc9Wi}_gyBa6tuFkfo8 z>yQnn=#+=m7F-BTayP?V^dW>R10-Z8EI~J^fpWwn!DZ+~rq!!56PG*nXLk%UQ?AX4 zFn{r=-0wM*(fel9bC^&A+urz{taPrWCQmU)3xkf2}j=C1j3@Q9E_uG=_rOMhAF+l5Ip9)oJCx`7_1jQRjU58W3jQX zvmG><*gSl+6ns1=eACo<(b+3W&Y_}yy+gMb4+tUyB2g|7gg63Rjs-i*MuI%*)r4L& zpzA<&ThzA*kH=}Y*81+3*vlpnHAg-4c=H-z#MvE>h@p)Ajf9-ylS)8&is5qZs+GkzA4U+?GdOlMTEZzJalK7NL$B1U$06oau@dee6Dy7KXiM01bH+Nc!oUl1$wfUddA4_Ot(Mv3!3ITT>eT?$5wV<#y>l@rNL$zeC;Y1`Ymj0 zbLhd?E=;AaJi}_mc|q=42pCFB{k)Zntv*vaNgdlhLDB+;b^EYQUQj}q zU_uU}7+YsNFbp%*Icydb)BUpN$?&fGuLKvQs?2SI3YDtG>l*qi3&??{;>ov7!3*gU z)v#506wcHPl$C`3Eis6B$H7tZt8jqVr%4ju;mKDo8$#ABfZ@ygTXGqUbVw^A;$9d)tGK z8i94g1@6-MRceErmZ3ZDAUAgySsx8EXhGT3XV>aEcFF+|f(TEfYB9oDP*DBawHQTY zFd75KG(qygPqM8k3`#`C>Et(!XgEab$e`8`2((ija5~wId&=-8Pi+EDG z31BEPf?s*m3QoE`s`A1+bUsbDen5y!Xi>!Fg;&`IF~4S8+(=XDx(cfy-46S>0i?tP z+O&x3H4QK5s=1ZM*_Y12UM`HR3ITkR<#{ewJJ2oAy|+gC7Fw!xh?y0_w~pMNW5UhX zXALC(U`<;H@+zJvfmXfyh~l0aSe4q_dtze+ka`~?kJ5biXZ3<~Y<7|5M`Y&qU`dEo ztYu$JsGWK4IrD!0Y8cbIR3VuMr|N3Q{kD~rBdj6bp2}AmkyMj0qiVVSi3!8ll6#Lw zg0AN(s=yxU5l0-a>s=6*uM^^Gx7j!5l<9XJ(T+TRS4#4=+l>`Q%_nJnB6k_0m5u)F z~x|Jj$8xS(G zg};}$_Y1P?H**>Mv7n~oL!}j{UBGtKyq*~MiK88rlYUvqA`NlxliG{^y!v)}yeg?J zbP(@97Tzdc3zGciLyEGtRs*@2S+O-=9FlfT8sagfbs7+PkqX4mQFlDufYv1CI|gBI zO)}DmWz27;>C{cLEW{IBCE(E_q{Z^(Hm{rMm{_~Hg2!HFaQ> zvjF}Ls!oYFp{ZDstE4VuiGY06wv7x|>dg`^-&EyCX|NjvaiP=kNcvP}>d=ESBjwHbyg!b!GKpX?6fQ^*Sk!pS z<}OgNF_j_}7&ylO#Ek^_5qb9luIw9+4nq(dCL$bQ2&~mv#BTyg>bF`Hf)EvUi1^+j~JB_L|)`;eEB`Rt3f9_DNuwG1ELgv>iHDPe)9e;v z1C4cjTJRth!+wEZglev(^zau2)ID6ns!F-(TF(dVeE|MEWH9 z;^erNR_mBnsUZ&a4c`b+7sws7JK74g@ocs%fviN|v{U>QG1%+Ae}YX|9%2U5p>@@A|RrhvQean@r@Jh z-j;Ras!M8Dn&hKbPt*k`Z;uOTjk8xpI9PuhX~u~JD@GOhj`B{M4Ga6zNqPl}y2803 z1|Uos+bu)Ki&Ltld9i~rP9(*+(=SKnv-`d>8KaxlEdg>+%u1eJsE)biAS)iA(JCUn zMTnrKPp`L34H{CY788|XIaLf087xc*Y%hWf$ykxlOXjcd3*)YLJT+j>bWiXWh$Z;T z*9(bW;uaWr7)*=BJWp`qLVm7U&42a=?jfqNbN@MSh*2Ds+6wBlwY2r# zG-oeaj<0-YDn|->BCB?Bbnh;H#~J%MzB+1mS~w4IDy{7J@?pzKE-DP8(S^;SU^qpL z81xZjeOYEwyo@KDH5;TxEp^MG=+jacn-{-U?<(T6E- z`taI*&%^Uwxbu40Gcx8o{7!kkn_50Ss|-1{^^Wkj%(e^WcM@CYmZp}9*az!U z4^*Da_^YnuTjPZa?ME~Yqar@%k5*%kIrf21G#Q+`g#M#(7Hgcwdo#z7HtE=`fY!wS z{LcUFwCtbarS>9=QSQ;q$y=Gz6tjO*Rk7ZiW%vol<+m)Q5;uRB;& zi?OzsZR8;q4AgU5=!P@a)-!q)zPt#oTyB|c7+aO%wnG44yL$Scn3nBC&8rXH?sqOr zo(s3f7dTqihiDcSP@b3=BjVjhRuodMXSvrl#;RRt7cqP zS$1pLDxrLLz=89u2<9^pn1ehQCwQ+1INM0?TX^SpYg;w%_JOZy)Zm0cqW?RNG+n~l zzUrq6w?7}`DLZM{lphe9I=EmZ)hk9Z|>7W!A*_LR-t%pQ;Xchu*qDbwY zjo_`Ca-u7pEnnGGF#{NO?SL>UtXJb2d*Y+JG4e6OMbke#M_uW%8ZL z$&l*0lMM0gMYw{7jQ8xo^GD6-43!MYI;8b_1-7y($P}|Dkr=elcI|HaP@Y=osr=p1 z?b|g}7masUjaPc=-qx=-nYQhgR9?iEt!ceB4Loesu5kIKmbc%n_N&o33w6U&&#W!Y zwTOgDjVbUJ7KNm6jj=w-AN(RQjiC^eIg zJlLZ_tLtkPp5{C(vsKwn3b0mK1vQ*5b{m6&C)uINPd?kYhwhDtiA+8mfUh~Q;D~nj zJ{sv7y6NoL=eQYXa~z5oUHA4;e4C=%pS@^>(8V!V89%+?pBcM}p19`;NxB=x+gJ4~ zBVAPZqU%P@{K*lIEkjEl+;pPUs_B@+dqrkKOL1CuTA6>hIjGiBbAW&1V1H|=O}%v^ zzV$}Xlu6JTS;4So9G!k z@{K5vOw^i2Ky%oJC`^=XQ@GCz=luIU-qR7}DK;o3)%3>h$TsXTPhJWIo>$I6->^y+8y9q&TdP_vk_ zw_VZ)K2wf;@MP&rLSMH-J3=C&tV8fASCW@fqVFB_U>IE9+E!F_epvT`d)H%?jrG#c z!9Jfymww{BU?PaR`N5OEqM-SOvw$O$oV;x7BWghD3(~|35K^p`gT41)Nv@$wEWpxZ zZm0IbP?CVR%T?7Ie$V02_DG%Map^~N_%GFpCdI0I@)zO|M-D~7) zGjk6)fq|QAa}IL`v`10iL5UTYztIjf{QQ0Ob~%%?b$3JbOS%Gm**|P=X*j=jRv!wJ zMc9v@hL%H!tc!L#dbVkejt#hJ&N$76j}H3|6QOdjjM^UGigK%UTZ+(cz+y4ujn_t1 zvT3UcciYQ5=hxIM#FE9f9llWFGuNj`Rmo1PtYNXVWQY{z>**+ILwvVF)c{i;`h0Qk z!a}_NqX{rEaQ6=V`p3@Ba6|b76@Lxq4TG{QS;D3Mqm;#|gO`dv0U!1>QoQSe^fulG zXC=a!-4k8AcU%(349o2jUfcO*R;_rIP-e8W>i50NF2rdX>e zij!cIrM{x{J0pJIMNb}G>|8eyzlKb@%1`ST6UtP?=?!VDbJbzZj*VC=$pf`q$7ZUwqs7pcP5@c2?40+M?9N6z}2H2mkQ7yA!D0Ob4eND z%CDNe2{I)FO#%6m(8~DiggJJW_-SUM{sTMGmb|wC_M+cR0gk!9FF8KSu8O$fy6$Ej zg*e}evBrl>(ZozP-YKE)QaK+qmuY`CTSj7a*&2W1F;u>FcBx|zks&3w`J7>n*TtS) z39p!7^AdP11+Ewle5hvuv69vrw8l(7IruZv4HV>axL^sq*lf`((7`=LlORZU(6rqb zA&OPy#xv!1C0bKs^>b;J_Job6XRkI%83uvj$+qJqWY0cJ&mpf0?A3H6POsX^w1cZY zCPU~K)Z7{AxB47;y~k#?tyzO#B|EY8caq|)7WDRN12;v^!6#5uu@S$T#(q}Qv0g8* z9UPJ#+6PbK{9wZy27`cQ!y~C3x8=UZ{jpbLUKR`2HxjCJyRdh*Z%;CJ{(5im zpb{!S4BsdC{9K>QW1lmmY7^Lbdn`DzbGTH#<@#%5Ol5lArdp(9{%LBI4XFsHwyYQ= zZo*Yw-0};(f=~6?ySQVwUe+vbPlng2ncY~uSHW(tPPB<-0m=xPVc9uWlL@)sQD82$ zv}P4>*#U3<2Lh08V6ZYO4jJi}1pCN)eq|NmihTP~=HghB6UV;92z%Ls`d!AOZPMa% zU3cBO5)BWI`}~s2gr`o9KK!kS@U`wFed&oLGnz&)W(cBal~yph-Q)l&yP|KOmF#!w z@&>wYmE}zhx#^Ph?fJt78FlgXvU;3dw(!s8Fw%_KYF#%PL+cO9$V10pFqmatfYlnE ze=7*c3A@4b#3w^MO#hzk_dR9WW|HGm2i4KmjA!Sg zwS(PFEbTcQs@|}Pok<+o*hyFhF!?9uU>8yO2O)(DS_+y6>SYaOcp`eEw)_6=5Z_@90rk}7 zxaP~four9B7x8V-dt{NXyui+shmDoZM!D5yK}w-Ziq^@VS!#J|mppZ*K;CQZ6WA?d z8J4^5D~4OY{5G33W+IFT9vlILyl7&HoH}R(&(lB%X;{l+uQ{pJf-)Wfi?Z1!ch z%sy}e6-u)r(f&7$9p!-;T^k=vEl|uZ2DcJ=#Xb8a6M7|U3~r?}1ZL^hjF}}vW5)c~ zuI6g|ovUY-|J7viuVerH*wWYv?e<9-O7=I>yUMTCdlBewSpqFS@@?*n8U2)RG`MYc zqLb9}$6)Dna4J=hPAJF~E{)lyuZqCs7JD^XbVj;Z?`bT*j4+}wutKW9*QGN}*@LDe z5UZSKPGOnFkY#QH(k0#5>08CjpumPc>jCt1*^kAj7jlHpNmX`{hvsFv+<5N5ss*7; zs?w+HL7YC6#qvr-u`pR#Knf%+M^6Wi&$!DC|#L$Mtj}mNDYU^0iJ=c~$|TF3nFgT6ExEMc2lr zo{=)j>(D3zx^E{BA#&2K_;#o2{SjWp5$rlahk5r4wr&4Cupg#N*fB{60OV#09(zTC zp5q%{3v^JlN;1fOa0&2T|LADj;K$qMlp~ zL%<^kGw#?IJ;zVAtfJ;wp^-%MA$A>xDMU5QL{wW`eUe5K-zebOw&?$gG z5Wtk(9HeM2&-%A5rh`GgDAql0WdJ}bS|N$_nPRXwgTIR?c7B|blauhbEyV!F7xwb= ze<9{Lc9V&Eo%uo0YaQ+}-pvm13F=1oi$ zEpmpe93slCd56OBIT+jo^Q$aJicRK&(F^bSz;go(^ZYz z@?HEyg{{1u%V*lm0KC)-ZY(=&4mCHKKTRuhXc5HWWlnn4W>*oxUfN|QYVrXnLr-wr zM|}^@YgmVX`4b0c`gP~EJ*%sw9<_i=bt{m5^@##ytOClFrLP{)NWK?#Q&F?sdVx|4 z9n2Idv`KGBH{%nyarUQ`)Lz38?Xv7ZxI!z|B32APR#M7IUyE2q*l*$&%iy;HRD{CNNhbRGmt+VeALfTQ6m#j zm{q%&UCC~zR**3nDI_;(>hhq;Go_R&A6}pJWTbo#zH>j1`{U!A0^L`o&W<%m9Mlg% zZQx~Ml;9O2b~MR(vRDpoGd(7;_w9K&h$nN%ye@q0S8@ ze);8Y9!g4<`q)=f`PW(E8D7j@UA}!5hJ=S!yZKLH`p+9(h7qJy9Y*c-uEJTRS3}$X za$i#~KI-AnlWl--7TzZ;Te{(l;MT2`_8^YYE@mL|qu{izy@{xfW{`%;?N|AtHlF)N zw`u`gzaQDP5fS@)s|~vVY9CmBvVLMmsbUxu#Bewq(D64n(F9Rq6}qL&uk{@g8mh}Y zYr0BAOE%tIlSw z0&KGbCs`?l0Bw#uaf!UH=fAtzK50Jg7=~c_u#>_$6M5v}H5fI!6jbHQ@jSP_bQnkp zk(#Q`NeY~WQG)a9sT5nJ&=*V-K!Hrj3B<7^<*QBu?kV7eK(ztd7PA0$a`52Pj;;b= zEqJ98y=tyAFk~hi(v|D|_&=U;{##CEX@LU zH|UCBoE>Z!OVPOr%VyApt_lm(H%Of9iJLh-V2QK0)S9 z@bZ@!6`cz1E7;|%4fiVAuX~#-%=LmSc8D8mk7vR|YCKyqY9|93;jb!2sE)x`xStMT zkoE55q67>ua4|~19WA8nHQO5;rZB#)%`WC8{17|3x@(77EmnoS$qkRB(Om2nmjLgr zhwhkD>sEEetlM4rH1m8fsM{(OUVGe75rnO+^wqtwXFm|6shOpi{MFu&(&ap+I` zYVl#huj~skZqEfvJCSb=jHZy;D7x(WjxaEd%S79!k}&rL{W?m`aH_U6QfY8xwbf&I zG{xpwdP`XNLb#V92Mcer=G_g1>mc_Ri@?9$5^)t67p z8L)8fgw32cV0kDTNkIBy-JG3hRG z!znA)r~EVa=!=crT$>y2qZQvMESvW{^y7!<+H4;!1}_=ee?sR4w-s#Y>B>JpyJTus z&B&mL)Z>5KkMHm02Qzd;6jbhX~XS6w5BG zYXuEH5+15g`Dn01>sdmE!wlyxGNNcJj3`u^W4NKL@)S$__UGllh?`M`tA8hMy1l!CX}R$iag(ya|5N?% z|Dt^U%ZIMjO(&qHAHstCQ_4adR|Bq@#0+=sm!)cD`Hp8IrN%K27aPUv^J4c{Z`x*g zM_6E{6cZ=YNj9FguPuckNgM%N$&>FMoK@XS43V5MgZEF}H^=XiN(mr`jxow3*^dXU zJg=q(J^9Wn`}y5zr1KsrPFrF_zT_o8NAQc}+250$O!Uxqt-gqbDo@F$ggl^*#~HTD zfOE;#VUS#!;&-Mjs$6*AL>*mM{JbUKN9$Rft>>E28}t~Wcoka+dyh_>{@QYg+YOgZx$B--)0vbe&UT;(w#@PquT2b4G`mZ#BkQ^r zCyG~{FT1ssNDL+oEON1ds_j9V`jz&^G|8@$4GuJc+i28!U}?J+l9$y%0kF!m!a6l- z`3m%GTe9+_=S~0OZw+fdc8h=%*1eMXct0ZI1Qo(NZL?l6$8hIJ>OO=f96hCD!bc)w zl<{qoA$~0jg?)qC+qave;mbvh0+T45=#R60l*W&`@!zPWR8%=2>hVFoFX&Ug&`CwC zE}d0qL?#FVLJd4pbigT15SQhv0U~$$Dk|A6=hGel1l}{7A^5(&-E7vF$ww}%Sp^wW zlCtSjeH1Tn?u#5mrCk-Dd&b4vIa`ypNkz5yqe4@O!3rAi9ZyxShT73b2yFkNctWC& zBfd6PK1E*H*>AC3IDrvkQcI-D`kz^frUNhCW1RD6?uiD9AipJg)6Z zDcPrGZ?PQv{o~p<=1Cnx;{cXVO>L4}CFLi0x8r-?nfM}K??Mm2%_rx6eDjae{!znz zw5lIH$&cRi@1xO=5##^RQ8K`CLpeehC&x(Ef)ISz%)-(E>}7?az-Q=t*GUSYvJ>n| z1@2E8$z_{LbnvbOHzS>+DN*bN2D6-#j996H3uPZPDx>s@CZgN&S>{qUw_GfzlZCWV z%M(fC64mZ9ImHV-O<8T(FOZleu!zVyNM%pZrGQ!*8lm#j+i@v^ZhI=bnV00Mk))f! zWCUw)9Ib6?EJlc{|9rRaStwgts@6FOEpm5S>cc=Vo#&VghIA1@VOY?2rV9!4-IoEF zV6PX8m}>{Anp`UKBiec=+#Mtl3LQvmDv>F-X&-!@)yh{ikHml0He(^@SZpHfe40pw#sHswvGP_q^k}t!dM*{i+<5p@>^e3X%;5|&m z^mFjeQi6s{(9+b%H%z#ETGTl#4cJeuny)x^&TQOIqCP&x%8+wO(kl3QB+G*^}1 z7EaR;*;svYmRBUE;@jm6<#Wdv(CgEOS#pHo3AT)QCCw6CLU4T3H<7Gs4p{4%V;^i$ zQoO>r9HmI~4PBXT3Xv`IVRsCS0!LGMW_hXN@0Wb5;fpgPo5{0c zl{xy7Ns~;Xk3dRA{z_T-zV!RLD{j9DZnYd(*l^4bj7#T?1S#?gxP&J+Sp-k!%(k;S z%19fX?I&=N{Ca;?xtxYC1Qi6{vF~U!Y!53#gs~zXS%q_bDG9D4_4I9-5!9o$A;Ft= zNX%!^$gX8}V!09`RcnQQD1AX_RNNw*a`W@X{NNx3Z$Pt8WJx9^6L> zUZPaqZMz4eDczNsrZ$9`dKaTnm!17hn8TmH6Oh=bH1Su-z(J7(@@m0G4~ft*d3g)l zZU{}05$UlQ1}RXiES=pkdv=farn+{Z(7Y;lK_S)LK2wJQq4S6@?M*LIJTT?CFIIIv zZDu@D_xO9y`}1Is5ta~~Q#4U=!+Hq%mA1YHB%79nT~Od^PpMbsE-eJ1gSe{L=N>Y2 zgL=R#=g`!F&%|J-l&rt8JH3~cdgWrXalYeZO6`-#XM4V5_HA#mUwi+TW2rv+)|#b5+iSY-6*-DMPm{#0EL$z0!+^7$KjE}qwCGuh*##)a z)DZOU3{;3xxs2W=QBB9R-i71Wq#u0(9lNmu#G&?0b+cjiRz_3bneGwDm3H!W+jqQD zA#Ax+6Gh7+(`7W=k{&Id{>8crcu^Rx4yNLB-_VIgtsMAAnjxzGomRyQIGA8L>WU)3 zdahQ}{qE;0>mSDsW{hi5lhad`jy{j*dFH68svB}36(?@O<6}v`?((+4IvaBn_wP*J zXRl4jocj{ip;pD9!0yF$q$n)79JMY5rMf`G+gyQL4AnvYd>bt!N^PdBBr)9&&S+9x z-On!-?VWkyv#zc+nP1&CRS_LxzcIWHWt<_s1>$;g*c(mQI1U<68gaYZcE)FY5PFW~ zJJYN2xM@ztYoFiJ;}qM_g{*|`-Jn6bKv!4O(G7e`W6^h}lp6cC6Y0(F{5~G1C#h$? zGr<@bi`nSiJ0GZc-|tMBE|mP;tr;(^_{8EHJWA>rLizfE*X7& zODIS&?TKD8^EHC{({LO7Z7}Mk+b=6 z_Cem>cP63J72?*xsO-^;=-pNARo0VCtzlKIy}w;2}pLlqr>v}{9A(Geie|+FaIqd(a4}Wht|6i5E zhEgpoyVPuYbP-$HTrr$DtY;a3V!wI5osY|eleOJ38pKN9nBluaWEiT{87i#7F$1(j z!KM~=U6qbOmEgwiysAq!T{9ClRbO0Uc{bT<)t53xB|UO^Y8Bm9$WU9%x;aQ;UAK48 zK2apNy2}HbmrLo|54-cvY0bZUbERjeWK)nmB{-KKVGoYhdu{!pwfjaf^Uz!`a zY}X~d2U_&7Ugp!bCO2#M;y%j()}Xl&5YGZjDTH7I=o+8XA{~uzv7Z71BTxVWKc0es^6y-dR|1 z-`e53=FBd+xXxg7A(G3*Ih6yvH|Y)+RLx6I3^jS*NX4{~^WGV|aCwhIb5{dgz^MXI z8ZyjTC^z?#Ff?d*15U&>&P*0+g*gx6>+M zWO8V;wsX9|(L~IsZS$SG-MI0w60==ZhVKWAm7K!1*{%!IWV{8yqH)w+pZ{1xp-r zwL{)#Uvz(^i69n@p4{EJUmlu%rxiMUXtUGy%})EcMIm|&HuTnm@%%=aIz_EsLGa)2 zczHNO6I^7ekAG0+I`Xs6` zB7CcMh+U;9t9;(u^>MK@AOwYuO`OfsMYN9P@^F|*6 zE&SDI7ufw}BYfe3TbBtcx5&J9%|ZruzPtL#W~b7xQUEiQ7uV?_Db;f|%A>z5)(qvw z-^>;LH2(1&9FTQRD{}b=^9~l4{{Hx4%Ue=O)yF4m)dwIuY4YCfkTYrtT|ymCRu7jt zEqqja8BehOs^v@0_Dk7HscMf3zajzJ&)!#k$=f|LY5R(j*|awwoMK1i>XkNcMmeyE zFGaHd=QP@XI|}fhW%ciS^KZ)F3G|D7YStHWf=#`>X-&q2xS6V%i`L(6e15k7HUe{3 z-xQJ*&u8&lX2h)w{R*u}1%{J%w?@menaK5CsPxJbo@j~>-Z#4G3?0{PDIgS!2wez9 zBK#Is2k!sY+6i^uzTZ{UG2L8Bc@n2Ykd0I6ep^f9)^n__~jC z2-Tw5t8ePn&%3qc?@I)5rVA*X-dWz#(!^RhUcp;kJ{rb_ar?S!CQfzE$0uvU2pT4T zUGh1d^1gM~%Tdp6V#paU7j|>bWKKGjb#Agg=+loc`%#QPD#-uc?QD#MX%U$YH|oyx zP7b#Z?(8+fIR>r?6L}pW6+HX*A|&V&3yR6Te3Aa+?>VAi$(Xe_}JNh5B+Edc=L|ufcL+ zH9aI`@^$4ueumai1ZiU`J|pDg&`#Q?N2{&-VLZ{@Cj11M$w`zwc|C1EV%j%&UL&uy zD>^^*XT}oML2VEDR4tS~95qH!TP$)-{pWqiAJ2z!eyeIJ)GOK|cSDo*8_?qlN4Fvi z5AtYDS41|ei^@HYVdQX^gB(HKL1?8MdW?R4wq;y`hR_o9)ckV5#28~TRBdzt~Nz@k#?rkp_#32+TIOUW&S zc&6Y$#^(GsfrY>M3Hhmjh*tRbF9?+;`ZOZzHPCTqPjN2B58*>a!HMIL_F&0LB(Z*0 zPWSqXU52>IBbXNy#nBt!maN;6-Z}7PNl)rSUaa8NR8xgxu?GDDNduXtX68P(2Kl2| zd&jmR?g)l~rlwhAJ7%d0psp}?Bi7#Ny<>)UeMxB0!~nENZ>rwbF->LIvN{hBu<1|h zXI0g}nL1S9A)@P*VA-ZCo|_5oOQo zAi%Z~auQPINOZ80rV)eDl?&8t@mvfsTLJ@NP`Mx&G{XZjQwjevaDAz*izQ-PVEpC{ zHmyR)-=$dh-)UoLLVroI#v8^&P9a;UtdqP$Re%~RME!qV+2|V6KbHF+?7atEQ`x#V z%#3620t(V>fOH`g>5fvQ3n3tV5C~0r4FO_7=`eH&O$h`DO=<{LsZv6u3n3si^cGqu z@!QUvneoibIdkrN=eytieXo>c?X~w_&nkPbwVw8Ws_K|?Nefcf3YHKLrex>s`)57p z5XhkoUjIocJ=7p-8M==fUfb&eENM_<)1T<3CM&0bpq?FsU5lbA*hI5OGFh~8DYp|m zqP6Sx+6o3-(eIHrI^sdnPm%A?*tK{)C6&rA)$fFv#}rD*0d_gJ79>qk`A}+BqemZj z+X*hw5DVmZdnAuS2E;UdYS$3Ycs>-@C>!D_RKY5YXI<*jVF009Ic#3C6XwxmmL`EG z?1GD|q*AZukzsrB_qK%A`zKFdKVC?nXE^&5ZQW;jXKI%NX`N*8h(m)S&q>sAHk z800#ZEqhQe8WR@O7SrM~R&V=?|7~da`@Pt_>rTa3kk?^Q^=Uy5_F9&(-y?64_)UPt*{ zp_Yy?@mlx8<7tzdYlt<+ndHRmyw=pU=bUY@1J^&4KNo2!aMAIy#4o}nFYdPIUcPMT zV|q+(mPyhZ50rK#fEhy-n@J6#eoY+ZzSBi#SGuF5ZPp34dT*YOz8{S zL4w)qL;Xuq6O~YzsuiiAs0oY_#^@Nmx3GJtRYv@|&gfvJW2^7lmLh66OOmg2Kwdcs zFo$hUkkWb3p>A3ZZ4ky`oCJT59$tb6XELfZ+K3+Et(|Fs3@l3+5?fZw@U^;2=BNEgtR-P;aa0gXekHj z&njUd=;4z~Mo&;0nwDr2=?6)gj$_G%tgWKmcTpQgcf-t?$B{{#8Y&(&`x4t0=$SGS z>9_$&&8%Q}GuLA<>AX#WOTE*8iMAdd6wqOS#^px8z$8O47MsiKR-+H6Gc{^H77E04 z=M;#~qbE&p5SbTE7~A0RoatbkXp;b~fIxVL}XSQefEj|7YHo!mIKlukTn$Zx;Mnx*%EI!xfoyP3%!JENFv zew0&*f%;0~cv}7Qh9`?TxaaiGkE(PLBX{Hvx*8Vf>-JD2hsutZ^P(N}6OKSXQ(N!;HFG2BUrWeGxFBy4j2Hwu^~M{wRo!~UMD?-C2?1R#2rd-@mOi{8$Qpd;Y#*MUxJSA2Mrh(>TZgvc`lJbo# z?}!t20EBMy2TEL7GOd4!P5BdD(7f5vHmb(BPeXZc*z0F0#(~FJ5SyEmIG{HePipXbV? zj-=Za0rkz#_;FXvGd}IvS0SJr*X8KME@_@{pG5ES-vo+-dwo=WSIz<#=?zXiqfq z6Wz%Hf5y1Aq(P9CpkLDU$gy&1`OWA1)&~6vEz0-@h-%jnS1bp$&6%(PGWlE?NAnl6 zMS=V3yZh#K&4Lk;h8;kGQ@&I7+?(wyo$`C1uL8H(c`x_)_tem2PlxF*Q1Z4~_{f4B zWT6J3UcA?sffmoki5d-n_?@4wkRwPDd|hi@$76P(H?25m%msUVJX7+%UOaVn?4Rh^ z1Dp9az5C%4ag+oGK>Cr&?4LPbcdQMj95E%acxQCt{dU8`>Mt}v0F9c@G_J1>qxZAn zdp;aYeyL)q+dv%~_NKk9b`pLno?SY2wCpq@^3KHRlID_8*23fpL^9z-ozBMSGb^CCr&tt>k6JdM|_M0N1w&;*?Ydat)P~znNra;-7!XZS3 zulsm&c)cID$A<6oS9v2i$Iz`3W}ii35)6(DM&_i8qqzh$gah>+z~WBMZu1!fc9LnE zYixI(BedM>{FH}df1D-I&SJMF`BHJVc9y&T-+#H0{nzPlsO;{3leddHy9G?Uz&X^k z2=Ix^_sI{;d;?WYB-(xO%jcFw2Uuv&yOxQjPv#WdZFZUpCy66Ct5i7!3DwRD-@4V& zl%6NoxVxQR{z~RsP9k2)tHgR&f`WP-v4KKBiJ$0FW-#z)??2J)NjWY9K$F|49_Hj8 zl^=e+>6e75W2k7L>s-~9wtAaNl!df`r;`X{e{A$hmt7v^`Uok#N%Kv9gK^Z+DNTo% zcU{-jE2Hsmqd5KjQE8~F*6i>;{}X=H1?45m)lYPHHKlD?=}B4+O3fC&pwa;)WdTsD zn1TYte~Go|K}Uy%c9_P{Ypg=En7%^E!o1vI%VyazAf&{?%=wx!4JVcKZYJ)ga?94z zYG%#=3+7k@4``S!1j3aF=}Wa@K-x|tZPtwv_^OPDaW@A*VeJiz2-ChTltIVxsk#?9 zWWQSirpj~CEgUkSFaO}m)nm5k7a=z2E64{tK|wic9G8A+Gu@GI*2wZJRkS4eE#(6T zc58j^^N&_;1x{(`Mh}bca03AIvaT5-6Wl!=gq%SDV7?z%0Bg2BE1tE4L((0XHsv0| zwZIf5D>gm0&UB3VkUvVuS;T>|O-Mr|wdkqCwR+8mPwYsd8hwewBT~86L;jhk#-T>L zgha1pjCj-_uM4#>P?(@BeXceadD}+moZGH`lSs~F7*kn`prE2)&oYgtT?_OaMtqWM z_!$M`zLCE44Cei>E%+kw_XpVhqVT^d`F~#!vu_Jt1JMj@>h#R!B@R`MxAZM#&FT7V zly>f?rcH3W)a)Za(FIyxP!a70LYfgo0UXS$K+r}eHU8py77NiHWy{M)?xZpOc$-wY zG;ls2EM|-WqDToRCQb(hO(mvg$Q$CSN5GfkaH#|m)`Alnl8bYl(pF^9R=0q74CpqA z_NXi1ArRrSXTv&AAU3O&n<`Z8o@iWHDfs z%rfeBlO=bK$hlNwb3xP06WhQ*Z zH=^lV9;m3XJAK1o6>v^Tv-tjZbRH%zlGBXY z%uU32yDgSIRRsLA+O$N9I-f7Cok~gG+J5Wge`jctV?3}2uiSTiBiBi-f_uX#!zY|z zR=GLUIEptFU8^fWaPwr{c2NG|i9oGMA0tDMdu=#OZvWJ;gc&z?7^MQ{#yXbwKhO0_=6`m+&gx1-}%;AP}C_8oe#{`T2EHh*2SyzQUq>1 z`l9t;B>#VgS9YwjVNW1^-vE&}d~rFHL%%XDM|-}%M|#r-5th=twP{adOZM9MZ7*>4 z>MwhNgc)p>{I=5Q=#K?HQ<*t2i&P+*-GB0P_|HQ91)HqN@{|$;h!WLmZ+c{$c370_ z9DI%k(|4ifPmx=(HLmS4)j^JNDb7^HM4fcjcXzd7M{oT~?mIOs(tR09*mNQ*o3qU; z(eT($bkbeATgP7kdjNOR=q$kR$;>qn(9v&xz3CqbugxUUdEYsEuI?hzi!h^COlaCX zF5$M7ZG3oXQb4qyA)KFE>D2l7W4D#^&1GULT|{&0Z8^tsxCGrK?75+i!{j+-J?s1_ zf_C0bT$97_M;du#B>!WsBUym?VYTK3kU=mS8mjB6+2Ly8I@#D%31F9DJZ&*1+h(Wk zZ?mwy7fzK!*Qb5|>J?LVanuAaBQiHgO-!{)-;KR-E(dH1NGsf~MVlV8ZNH+!eXZuS zFtFs;NECF6X)P%m$|yfG{(f|EVjQ{wATIj|d6Kk1`qz{>&*%3<+Lzd+jS#U~oWcZ9 zxCb862LTTS9>{$3YX|(ZE!rE}a%%i>iKUt`Dj0GNd$Kn81C5RF86T^4odTNk^s{@m zp4Gd%9P;p(;VbR(MTGQlSesNHUy7n$L+So)(~p)!@@g7@WF--i$4trGiIomcQ5N-% zOmRzUf#l)3_mxaPLW#SC1bC`1Fy`G z5Z9iLmfVyILG2tN>CvFCn}DWeywhtisxz@eczbeSUKz@mHf7P|6WYx&rv;PK%i>%X-$QiB|*EwIFSc` zdrtmkVgKsHfkfMZ# z{o+=d7f6b+Dhis{sI58N+zUSI8iIBX2Ha__k2DJ>OIoBvrMoe@?oLEiu+l{8CV?F^7?c}F_My3{{S3|Tv0<(T!H5h`d7X>Ccf&T&kf zt`7>cSV0$fw#;($XhpDbQoKZ}h}oKVTy`xX_IFz~^on&CIyC70g%=asOFI-zNQT^!XzAnbnry0kI1EA6P z&6_Rj&+H|{n%9)@+5y~gD6W+SE#5wT5w1L@ZXSm*kxqT&*(bK`Y(It(IU^Z&H`g}N z8-w*hpXlPx4kkcGO(>)#j-^g}xJ3G%)w*vc4#2@3DkvN=#Hx2VkZ^ho#B^>vM7aHI zSYxGVAzGSS?Iu1Y>S0@oQuS_dwwXjo{*)5RQ-AE*O32)uhZM04u$7_ZebIofxJrOc zu{KbQ(|<)S!Gf?=4!*H1q8_OB`SyC6=xV5UMOWfg?i0ztq#*fTky-pIvjAma!Ex zIakAW^frge_?cfz`d5i>f*jUU_&hHpY~+)@V)27-5Si4p7)PH?6Ba2QKeI{N{W5B~ z0}!?M<^6wE#DA3ko8awwO?sBg_7r#GeexYI*kR31_}&lLy332Mr&sUHPNU{xefqGO z!}L4(-LgvLLK58Jfzx#1MVQ%OT}*7xD{<88FX)|cutYSlRIMUwMjFypm&luf;F0ng z#{|bLYJQ8XaF;z1*Ql}#Y> z&$mi^B{du3$bkj`yXdA%&Ryo-)=3HdiCvVBp05NV8Z3SEWGxi^%yyC!j3HEt@9-zO zGU@X`xl)~8X{}bLT|d!jINn-&RJpe*{5_Kt)DJQ#XI4Z-!^&@dvpx!1GZ{5&zcvSp ze{t)J)_;+_@wn~IW^~!|_Txz3Jr`$oGnPU`3cy`DXHCh{4OMf}hB|f!Xx-04Cq}!f z)9O(D1)z-4?44xk;7hh-g*n=8io;+GHFb=hH^SS(cskBNlXe(T5Da%9CC4a*6s@q_ z50q{yZ5m3Ple6lCK_2d2k(c;HmlvGmgyfLh8q*5iio5FQTc;c7A~LhPaEw}QEfp!p zA#pm$t-CqZnul9@bk72rYJJdnvCC&*I7O>=JNFYDUf+q${;ZIBuZsO+(Tx87pX2N zNK3rXIXMAcICuGq2?w~Bmtaz#Y$2p2>ahzN+>M&3R-NVOKA6172FKUq|Z)csvuq;d>bErIT&XSOm!m0y!OQrOA&_-Z~3mj zHUJ!vPJebps`xWUq)fT2QD5*6I(^5&vG&xFNvL+8x$zutIa}7;xvc|Sqw-y>)-_xOHnMkn2sf&z_vp)7|B~jqTosssI^g%F0wE~)^+O_FE{*u@csK4!Y1j7EKXo#q~e&ox5r1>)JMP6>Dyk9 zhVI-KauZz$zUzk>mnSo8rG)q4j$5@t{`P)PQrO))%_Cd5>I|iC$!Ue-qc;pJ#5d4OF zMDZ|l{`dUY-J5xbX;?(5C6qud6TYRZcwDEi?tg$tvtZMN@|v_E`7?T~n}{8%_?8*jR7-o@$V zwtInR*~k>Dh6V5S59ENiE_au)<2m3Gi=E_z=}4*v$7x`y6yju3N8u!dOcKA{ts1m5 zEp3hK^Cn5~iGzBJCQCrJ#s#uDSXVaPB0f0sTpd)WP~xuDHE-t#{~UZVy#vsH#jvW&r*gHTH>~?g z-h?|=%Tx3HeF%+aS7@|Jo3!azLbzE8Mnr%(_aap>FBZeVr z_cW3%L|L@1stbSbCK{q4DqgSbFg@6rdf1J`er#@tYsGRScPGy4;Z$Ldt4;F&GN>gc zhEsvc*dzPG!w-QFfh~&AZinTI4p%wahP*C}VJ{TeLA9cNmDDkN)LKWxP;?1^C3R6q znlM=$h(n;UmteO{{Jmei3}XYyVb(Z=KJ4|#5LxMVoD!*m%Y{?X9y0Cfm%ezczDP3N zn!3EJVz{+;tEJZeX2oft@PWF{rCVzi;I-684yNaTNHI{qc>w3=j^gU_%!t-#*StP+ zw^Og5CR^i=qLg$GgkNX*LhByEIXF&PM!3LDH7^SRAgd%VK{Z%cr~}ljX2=3;*7p;g z8^~dULxe1YDff%wNcu$AuYkwmPp83GvKn{WqOfvim^&4T?tYsGeMdkk%4w&Q0vjb~ zEwn(fF)7P5VZ0XTNrC4~js21)Fdu6lxATkpbJt9||4bXhw(sMAY(V~f)_!%s-LbSD zlF+F37Uzz@e^=T2#h&wlzHg+e1E}2-Q1z~e5`Izjjw`I&>@?uk9F~oX2|`y`GOdl} z%(j<1XWyQqpOW}Z?f1>O#px93!4klLvg?DgPgh+D@N9OjLuBh`5HvOkuN}mmmegy? zY{r+{R64o?+SlStbl-n3cHY41nhJwXv=!s$wL2J%biEDg%%C)%0it?03rD;=<*y2O>`KN zgX5TQH0QT*4*3E2fReV;7JZ$=7q0gvq%1cI{BH|g@MRDFb^5>&)(m-DK2yMqjA@I| za^ail;EJonXwu^RBh*%)>4CxDV)O|p8_V+Io-WB=SSxTZ4r4%f{=LtE)e%Yr1}%x+B{&&yetJ6Jf}@_0av-E zXq^Y5bM<-j>8EhO62kw;3yH#!d^L+}~#}b4lUaSMD7fRym+0#jU?JJnz_%*0FUYQP-{EB3TsE=CvYE z?VPskBAiY^AbqV&TT&AUTOjdKZHk~yf53m zzro>ZmOhgFiEfMq;eQ)9A0Lm_!cLy~qTGLzi&sL2ehEhC$?5fO9o-{? zeK@izbU=NzZpMLqzidYEnwC;zo^%@5$VNN=+S=txJ&y(efh=NgDf#SWIk4YvRL%;H z*!I*U$q&}0umyPKv+RnG?ky{VhXn(HO7?gmvH+|yO73Ynq}p%yd`^KTs`zf-`yqv1 z2lqUZW}27XyULcSt$P10@)-A(eAkl(r9Jqvp|zay=qJT@g5%G46@xm4EO%;4awa0Q zgk;ic0sJ*Ipec(QfW`D2&d4ga>u?TrF5y_{0y%*@h-vj0t_OK>m9O`h8urnZ)_B4y z(?Zjnedpu;RL4jERFzAI+kp;7yrRX;!qfPRySVPtU}pwztUKw;`}y^x2}TD_c0hcs#t%#>w{_Z%+4 z7SP~5PEsE69ir}ee3cv8kFFkIr*4mbl=&(*{6CZ%o?qCHA^^P%hMd3(f zgz?q5^{YA^ij@x36r^oXgl2~KoP&d~g~vp>$C8cPu7GxiyzU#klg3t~!Np}&E9eBNdz-~GJh!RD*ilne z_bfEfOwk+GJR;mj#uKqm4b4yadTxl?Y;c*d+KwJaJk?ag^(}<)AvN{LV-8gL9oE}B zXX-V@S0k2FA6`AOV&6OCb`>c56qiY@v{PB#Th!Iz+)X_;{7_GUKf^GkYwD)Qmd{6P z7VnmXPjupE1I;UJUz1y$z)p?r*zVH^0ouun2-m{F`}z_>cdNF+aDsBC^Ze3KPkY1# zrmd@<0zlAF0YTRN6cZeKb_XgW@=QK(hZi@kxejV>JU0E*Z3WW-+wr>^Xy!pnGIp+L zp@NDWh;J)-Zjcw|7GG>AnXqwJL^-Y4^hiG=e7?nV(Rh!y#MD3S?)U|g3i>dMciVID z^x^{6g#9y_e1HtLyD+#P@D~|L7#4&}A0r>$(p(;cBrV16vIM$RUR90oT#aKb!G~FV zaNOaSEPCFF?g>tG%4}f-T2sUQaZ5JkncEYVM6Z?H&MiaPaMF(Rd%08Hq%FO7FS-n)HDN9((w#@W6=#Vz{mhdWTIx_Rd4zJlv9(H__Qp-GbGLdrgZuWkq=+Tl6xn(%2G5M!E+%lw)?+g6yWpN0o_f#Q+PwiMv)jh9Tt;o^FCGO6ey7)tt$Gu z66jh|FxR$JZPucXwZH>Je`Z2~4{_jM^2dNn9*3g={xghH zcl*(=58mg*f7N)mI}N;C%k!GY?wJy?Y;V~Wbbao1fd`|}sh*9a@W(MuY0bX7dm~Z> zR-cV@e^wCIBG~kc$toMn@W&}m%W_sruvN%$$5w8FuVh$={4u7u4dZslE+CFw>vJ(j z?O&{Q*$X^B;(mgOy6j-QoSu8@pQ`?cv1$5L`FH_;ha{yN@iyoGqM*Mx z?XL_lOlR`kN<)Nfa)$jSRi^bM-;+kZ?>q{yid>uVW3(%k^+veOm1L0lSriU3<{7 z*{CZqZ?Ln-ptiQZg)J$2)yv;hUj#3j2?m8Mv6Pd zz*Jo!HhNyJ&_iAaHIR??S^!)Sn5Dy)7Y6pEZ!XXGtmxrr&*T>;uPC3OrOx{AMB;?H zoHP+D;dOPFjW^oWz}&>O|3HraxhwySU6(#rHR%JkO*JZa@=kb+_8wgqkMti}zi^Hl zrQFX(h;j0niig3@kocs=);`g-_B_R+6Hb0on@ban)vwlLZmQ7_#ezMteo z^GeTIx^U+c-O6lLT@Mha64n=(ros8!J#=)3Zi~{VBg?ae?i+i7tz#GXtaVxN?z*p9 zM0Mt~TaVmS?RZ%kZ(t#k+j|F-h@qvF&+-BP~;Q$Z$zMID_jnZ-izG)PKv= z*WGYdtoy>%w>2aC^yveR%V$b9F`G5Dswe?R-;U{JaDQ+!zqYQq=cJ}Eq{{1D7NDQg z+qjZ&>lHY$`+BS@TuS3goTg)p62p*{Y^4L!Ys)@nOO-0U@aQ&XGCKCsV()|{?KTs{tYnKr}hV7E(Xu!?KT~1(@ONIJr z67uiW#_j;Cvc_XIU0!igAsHT(s0?}LmW}z~nU<|Kd?Lx01|pA6ulBk9jM*n1SxqgY zY|qssNNHua51*Jvz$ij)gph0_PZc@%Scj$d_PxeJ%(RhbWa^TVx^S**uxA=#Rnrjm zV#5u4uuY7U3|~EN_Z7S^fAg3-tVi;>JS%eFW}&`hFVDMB+vm={$})FrpO4hJ0J)gP zOTQc3KOP=9L!6b;TM!bOH|kvGNh*2tiB63o&o#WUP$}-7u~XN&S7c9lI3yfUa_gTZ z(SI!J-{<_PUi`mp#sBYV0%!l=uhKr@u}rD@QKo=lFY6_Xen1`3APoRs7`oTx3*V85 z*;@DMYj#iC-~b1@TstWyd_<#WHMW9k|i4nWnrfjd6trc??U?#AS7jWXOGO0)WN9WfnUZk~MokWgR34*qSy zcF_hrXD5!m#sO4koweOM?1X^UjSaRSOw*o}5!QJ=(K%f{chh=(OKq#yuhl=)2XHG6 zaM-6FBNrGNCd!Tecm}bL_yB)N`@83}1_P%PXwsBQXN3T&#`(p{8VwQ+5Gv7k=E>~XeyP2^V3c9POWMh8b;$QoFR;}!VN{Ac@yxp|?7_%m1#N?J zQJcJ3UXp!u2`?|#+v@j`$6!!BZx&ipddXmOTnYx zI_#&^BMw1e5Rcc*mH@c_&Nt+%$eB;@yM^BVx_v4F4NmEv@_}vxymtge{A4M2NhW$IlXYk&l6Wrjef|@N-+I z9u2+xUBmwe4}UM+rYH=bU2JvS+<2qC+few;!fy}pc~k*=oblT&_E4(9t(%1iPJz{~ z$a$hy%_^K?w7@V!LA#ysmlWIS8hmC=y}xRjz8<&}GolrPS$F3=;>R6y>n~e%=rXq3 zJ^zELSwA*q1T10w4J~2XUjsKk=>Bk4WdjjIeK0URSZZ+;`uK;xEbHH0@TXoZ|IHv+ z|Bl{2&YigA`s02^KAd*RVpN{h_;5n={3zM$63m!~s&z}e@F=3ZL=FgGQTi%tX?U%`)#cgb0>-r zh;JBYT`$T?Y*Xpn0{DjMti-qa((a~ZTigH>di`0MTwDI1x9%JL`-o?yX1PKeNl#5y zE#|hs8@#eUL)QKTt<{){5gH!RP!d6_kw0jkHUp-O+`i^am|aR(&fbmQKfg}?M0bR^ zyT(W`E-e%BtGo2*&uRQV_s`5ziuh`kGsP39s-RoJ-WRRI0YC$rt;NFcU9R|u`k4^1-9H8&T}%2+5l9#8NzqJM7zC7HGYeO1Y(@vmfo0E!H+9Ti z9x$6rs@j*Qai`pet#^N6(aF~O*x8Dbog8rPA1b4Hgg>tSJ(~&C*LL2GCD?B`%0uv zcj|OJBw{t$N`!r~6R{6^wPZayw1hr(sY6_GA=fbvOfUMqiRVfd&Sbgx!9iTiN=UJP z-tnBKVOfu}Akwwhe&d-XvB7oDa*Wq@F)Tdk9g=4uO7aJHnSQ$^*Y%Mqf=pL$(7f_q zmC&&YR3m9>ymM<>q6+4SU~~0+IEc0`v&sX5iU6`=q7xv`{)0?`{&yzxMPlUr{u`#?BgN}6=p?+UDb9z zvKaAw+cgz0i-4jsNa4XAB~`5c^VT&t<)@ z`6nf%BM-q>J;6#aaP(;bqssdl%o9g$JBl5n4**A>jT8sr`7aa5Zd#d(RUF~FF;fx+ zMrdngqgB}w6CBi~;njLXS2LfmI9@D&Xf~?u)F)X_`slcTKj_GqV@|1Am6Vr}rn+P++f|v$O zS>w!V0wA6R#xnRys7-p@(2J9-f0!%2O7H*BC4Y0qSLyv%>HYuR()-h5r|umtpUBnP zJiP-lk9j?bK=w@R5B@Mh(?Lx2n!jmxp`%++^AfaT(a@VC;ts83zRfF&I{!|84t(Q@ z%b5RqrkM4yo&nXfsi4~`-N^eIA6}h&9iTQ_P>DDMl~M6BA&o1a@lw5#@?k*i;j`?t zH$_QxcEcOKeU1p?x1TK5yw!@jS%1H6%ya2lMlVY{ zzXg-V6<1u6wp2CT-agUORotP^q&=>W0YJr3 z=!1CleFnwR5C%cO04NR!^h8(cyDk9qelpb<-FgkG!az>Tm_x=H5K{_9xeOC07YL^Ql&0F4nkyjR2LpBA z&oB;`HB>(vOk&U!?X+94&?;Z*5vFHq#ET2`wL1nQF+l}W?mbagC(~d4ao+#R1^%&5 z{_dQwT;Sh@h4hyr^OXzy-^&HUvRxm^V%ZE4uMu5ICsG2h?)9f}EVUonT8sINt$pf{ zQPAh{mA69LLIb*+MezLQq9tlf^}vy5{f#im*I`!}jrC;u^z2*Cet*pG!+70YC1K*7 zs>`w-VcmEcYotPQK}MOU>k5jg{)nWeNzrsYw^(%(5%E+e#TKwaP6!)KmYEf6Hodr6 zT?@F_;%7EjBJHeQ@b?F^Sg)fT;T}jym%(;Y3BAmA@xd^U*@%L~B(T$tTkauDo~5SP zDb@|R6$Fa3^#;o*GK}_QroC?2>g7_AEgIu1X1z`}>g>|zd{>Wfk*l!oX?Naw?l3#7 z*kbY6(JhRguSuN#}Z}C0eic$%gX(r8I zxL##f(Q;AN4@)cYzLPGySAA{O56DEZ#F5O4EZ1`6>4jKF<+%5AX7V^tp6~tTk&Q+eb0~< z!}Nzr%)3bKelfXGP+XCG<4^uIMvalA)P~lA1U61NpXsHQb{D6KN@n;AYY+pZHKj(; ztd$7VD=!n1&TWs}{}6&=ao2`)yiNP&z^y;N(%;ch-O{#A00;53UDV^p`=he_=bcFK zhBY)s#gWC2zGzQ66{o}O5;Hq(-Mg^UcYIdsvnKKbL)mSV!w}62#~kZ%UtcODKhSn3 zpyo|0mHhw^@}%s_H|jC54=%Zd;zcVXy`>z`$e6lts)3JVyR#v^VmRNQ3^m-j=&4FOrjSeb9aGZ)%T?I5u+^BbfY*ck-IOb4ifxOXqMGNH z0pC&5?pSK(#ezw|qAi??;i}}xwZjif-l%y{lPh6y%5hK;tR)MgKP!CGq4lC(4Jcl| z%;RxRm}mC~H2=8r2WXea!B_`Btm1c2`*>ba-Xz<8G!a~t3d?rrHGrjd#&XW zL1V;Fu!B^!XRHnuCURYmc{OmR`VUVpknvTI|7X4O_vU@ob)` z+?%3n`WZKdIEdq=hyDrJG~^d#Pdl{er7du*LmRlw0gQ05td`y4w>5h}fSva2hR5;aKaZ`*Y^9J#&3v_&ShHP6 zoSKEki#C)x?8Wlrx$)TSjtn2+R8Z*!ZG|6dNN!?EHvE;o4`cPf>pE-Au%S!y7sL{? zgp|1jTBjpxr?8IpY3rsjOceIP`^cu!qSTw^v+;g`5AN~A*JM7_?oPbuasHXIU6S|- zqqi!(2ATp4V+|04UIVMEA|Zg>Ttn1n1EK-^y7uvZ2nwo~jEhpdb>l#Fq_?7qVSC=m zM}k?U83H@e!tV^u59aW#Wt{-)Dn0G#`Q!;pk;~l zcG%v7H5f7S=7M$!s9dfS7dh<&R6RyoBtz z{pIh@85osmyH;&tLQp($HICVsB+uNSP5clSZ^5E0Ix*DUc(HFO1e+s_<3^1yYRXyP zEy!Wu>1D++pS4iT%@J=*DzEL*JX)5n%aCUII){@#OqY11BC76?Rb2hZ63akB$OhX; zZ~;M9PjW7+P<*FMd53-)wN;{bQ`u<-yZgN>a>~Hr?F61^;9%)v>tBt+|DYOiQ48e*LiZ|m1%7ess&nx zzIZmDab5JXtoCG$mhs?Pkw1@`l}h{S6Jv7zZ27KXapJc^V~5pT%6MZ2x^;*y z^MZNrk(RHT-o>UoVe%ClA?d?GhT;24HfVf7*ZIXBCa?m8STwcAi}ti_hWaE&oqe~% zYB|hy+<8q($>?rq+_ccHos&sHo*hmUZe|^Q1C6vL=0cGcNZ;N*nY?_FpMCc#9QG&S zUr}4WqPF}WqqhA175&5U?~N_KLS_B;;v)TxP+8Nj+UPciJ#1-jKhY^Y6!Bz@q!{`l zs`yz(+qCv7!)`J=Uiv(o-}u36L{BD2JfHhE^!aM#v2KBKdQgE?So~~sgw6f##+ku0 ze)m0&sE0sUp1y@@xs(MErrn z)iG&~Z^n##)O;F?a-vHenia+7Hg<|vCvx>o@b{vwSwL_FQeizf@47=OS2Fg#%TQrH zr>a@yI;C%qoZsWI?okIbDT8W58R;5Q*YGg4P@Xu}gMstLtcixU-#I0vznH$E_am=(zL)M-+Sn!u;n)Fx9@Yhra0-M0DViBd{dY3UcUD3 zY%m$CPMyO^ra$n-&vtb$-9-FY_jc*x^y|^;zG@IP7veg*$%jS+V@<>qx>9P?8yDTC z7CL(sOmL35+7)3Iq86fEK*UHuks(ZEYL@xXEF38=9Hz0evI&K{q#7iAWHx+{Ufm5n zkgwW=d)&T@I>}qCKI>tyy|r~-{7JjYHAV~ebD@0>44g>Y_^gE#=vqTSPjOS_(10)Y zSaTVpos=%v2@=$7JB?lr?M36}Ab6QRe^H+cU3}=JvU)z8-X>YY#oh)a+=%Ff6Z5bg+tx#b^8_sZFR~N}>ab?j1e4>K+f^tV@>Tem8zMN&FW%P(eNcYhSac zHbr@sYKi#*iqYDtCMU~Vu$-=z+xNz287!eQaZ@2x*Aijd9LXsHsQok^L6PNw!lLt-HX3hIjb+#N&|d%g$Znyc$V zvsj1!Ns$Jnm)IaH{>-k;CCSh{Ba3{-d#OHdHP}ptJkQo6z4Q6oY(43v$sfwinYj|4 ziN;iz-nr|m^>cXVb0mRRS3VdVPPgYS<7RZ zfgRU&2=_jV+qN4=xErf;aLDy|8DQO>M#6wUG7_W#JXJlw2N5vSU@Hpi3iE6h7EA8v zn2=d)KYJE<8*V1OsH?P-pB6s7SPZN4W+7k@N&sfEqG^op5cfJ^E^p%>>;4sB-B_)NJUf|PwWYW$Gj4Nn+oK!j8KsQ&syEI^LC`4Ipldb z00_y=?ZXlW6m+#q4rVx9DKfA@2ZZok(m~4g7rfY@1jZ1Ms%-+r)7(1K1qMZxXUYmg zg>?ntt|!QO-RwrVbAzRh@q&h&+Kw4lN*E>~j2YUJSz z&TH}BO%Ks&_F#mlOz;PzlcSqK8UW&QfOz8x3!8S|+C_(t)CV8m4t?KSqFxj05XxH^ z#V6iaQ7G{t8Ip9n(5N4;SKNk;amh?{?3=PTsQkd)2=c5-oHPrMl8n-TTsx8aIKuuD z9b9g?!#uCb%?m%9R#n)yKWJF&FvrD~^`Lsd6=zr!W&1EU{;BdnN@4i?&ACug+_{XW zeY)`fhrRcVYGd2-ec9VNfK4{hHaXkm4BMDsg1`g;BH9K-7CDHxZIa0*8;M||Kp-$d zh$OJVWJD4o3rx;na>h@4pYDCn>DxVC_kDNtxNqE3AEZ?prB$m|t*Tmc)||h;F(ipA z>Y1%RTh{m|28MsR^ZhC{(X;rgpYBo3>X{d!fWPBL$H+OJJZXM)es4y<2~((WUNFuw zemr*EYlfZn!EN>A)@GdxoK<{x3$QY8wEk7?5s6tz1*@DXsBd@p7&Fy-pYO zv%wmdgN9}S%F{atd>K;K(QDnmZbD_`EA$R$W8O@ zHllORUEE9j5)!R3`2c(ya6QC*cw^z|VQ@16F}USjrH~`Ei;i&vEJGySFOol-kQYL4 z=&{Qs^<`8RbAa#WOpJ(3*)&B{_xVTe)bVBT8HM$+7KR{m6V!2t`j}6}B zv1^jQVCp(Mm3Nqz0i4Dcx7H?J&+^nR->w@WrYojzQHm5Thl}^w1CzJE2k&L}cI9O~ zl=(>}cHE7Pmw%GI1$J)ATQXZtG3>8o-wQtNOs_e~+1n1HInIXaNi6pqyzrqGif{T- z4sZ7;+MC^TJ&uqUuwQad^uUsohoy^`T!DQ=dQ@Q79|B2_opmbzeF_R08F1v`tTX*u z&jtAVXn^r4cKAXg-l8UbrV4*-@cR#}m2WDWP8iF@ zc5J`2;~0MVOT_K7e%pG>L;Z2Ck)x!|ud{ybI|6b%+uH#UXpcp^@BLXz=*E%eWw$@a z#Pn`pt=tpiY0ikhYUux!nSWb8Yc+UW#~N-rt%JD{w$AkJ^N+k{>`vXXpg+U+=V5`% zRm3M}yno*YRvMq9CP}%)ax1x;uH}t~{slkDY~&N2U7!k6tn{TWRIM#>mq+c(8R!k$ zw-mHTS^b{P8;D8(YMXm9q~#!X&e&IXX8L$)FBKc}<8e#V-uPD9Me?CK8oO}j>T6Na zsCnSE^X@B{lpJbI;T@skaY{b%N!8 zxQ9Eke|EFca-}+||IdSnpEE=J)sKW9oGpF(AktB!oUkmIOvWoJm{I;DTReOCt@iIa zQ!^}c<&VzfFBNGo7iY;pg>FotlKC*Pl_|Of_A;8?z?v=whZtRNVqUGFdM=)*>Zu!0 z`Z?70dq)H=)cd(@*N7w@dT^d^?G;1x*-bD5R*4N#qA7)`W5vGhD)$>9&l<3;vE4+i z^ELnG517<`KwYk5VFOybO`lpg%!|NWrR62Opi}bq372bITYsN$`Ja7JV@8oy-I0cV z3m53U6^d$u+?m)3F$t7wOhg#=QZF(nC~ z%%QC8PQoWY-Lm7#%0!FTv75_@dTbnWIt5FQs z#p2Ab!il_sV%>m2$qx6*$qok(sFUD2jsB9uQgj0I@aPe5Nmf=FDbGni*F|%4_B%zf z>c;jBr~V%Z@nDC8IFqu4welZ(402$S)M(VU&2q0r3pi`kySS`acarq{f=&)QRuW1o z%T0aArBNo)#t6Y{;|BKqdMV((mwHU>U$fNfD%X+Nz`DD2zSna>e7aHUHTnH4JQ^e6&arN^tCAg(X}G0QlEi~GUH z$jAs8*QU?^cyIs5h_rjriiRhmckPFIK5uBMw~?D99+|9KclQXzAj;__Y4yCACY*t) zekR+ic(r$xak&_JId+PO@vnN$kqI;MMoPqJM(=E}Gfv;#KTtPDTb$4Zc{-ksC=s^` zy*z@MMC;G?g*Be7!UzXWz2=2eCXwBPhB)1@`ls+JY77mbUrWC#Cg>+w*2hZIsKr{L zwbse-RTNN&aZyEE{J`+@LEE#l^pl~TIOe|Ggam1CO^(kooQcLtpw}eSnGBt+czWMV zi733zythq1hG5X!d%X9PjK^6nRgJrFvAAnN(6lN!_i14iZ=8pJ)?(E}oZNL<>qMC_(knddp8H^24uP4|sF&a<2K4~b-{Sfrzb z8ofdU9^dk~IJ@~gvtnL|M30@)%zN*@&ODK7)fLa{^dl)8-=DW|9)%UvGxuMoGtXdo zX8B{hZ)_(`|0mfNX8_xFb3m1X7F08U(scy7@06Wcf){^WjU)6ji-`RcOrJ@R!GgJ3CdbiC{{z6`q_NFhr~V{hWK3&wpe~a z|Mu_v`@iX@|7nK$PxJG?YJSqClmlcjgt92Keqq6f6dw@ciuEK#7(*V148>;YL<+}7 zJ<`n(N;zLN>J*cSXpNzs&7+`yJ#kgOj&gkUo7-jmeu4>blG{7*B3_ixtl}B7($62= z9z|lWE!Y^StJ?re>iufBCe=YSpSxWa?Nrmr9RJeJfT2WMx{OLeytnf z!%_U4g=EtnU#uHv?qM27gMpiFo?*E%l1g2GE3~p22A#dSkY#rxGkpFqEoh6l;h$g0 zvU})2a%-NyTm+idg(iwvj0_82WO$y%*;h7d*!76@xtLN+mpZ|oW{T4%s?XkHzxhqx z_RHSqDc?c!MY95w{rY7ApLoNKI|h4ksujpM-})%3Ja@%x9hu+)B{`?gqRm2P-T8cG zO@UP|6dN`7Ev_hi4c52PqEF}K_@AY&_NHqx&zZjQ`ZS>#&t-9li+Gm)&5GkuDB8ae zp@HbFev^-VciXjrMml3aChxwZqpC@0Y5UX{lR7+|Ywha}=TCEYPogT#!7LOpWz5b6 z<38s0N89Afp?ilEtsJk#yp?2ss~ZrwGX92WbJ`>J%gKWM=-`7JB*$gXL8{%Ay-s|2 z?o;|}E^7^%K48YuHKCE=tY7OqPavB5S+jj3msTBK8RE|p-`6`kiW<5H%FKIM4=v_P znR^E;Z?VfYD3#`dmab}0<-WetzCkkaQIhw2duiCXr< z$kug-9M>^4a`SQKm%aq^H>-vkg8a#oa?e2dq0!u8UyWzRueY>GIJYLa$8OtMIR)C` zlS|Fh2p8^yrDqaj`FUcAf(Eq^|FBJ&NEHO9Ok#`8R9T{4yPcA#$E#~B|2vwnJl5QGpvN-#Ee(C&*dk2O#D%h0J1Z3;_C4BjKTcg{}BtgNUS89*82dH{Sr4d+&3p6v} zQP95A!yu*Zn$sHI7yOi>^RtM8T=yYX;kXU6n4VaQ#4r(oGq22PWZOrJcc|OM8_H`1 zM+uCYeVi{`!E+<<5RxbNli@3}-QtXA|CLWbIcOJ2e4)-DeU2GvNaJ z))%!=$Bh#&M(p9WsP2<>naZ18PgvKWS?VJ0?aGUZFJTBSQ&3ih{Ln{A86rp~RRyo6 zy6SzAYIEG-o)Bn z)WAgMc|r zHNRrQG*{NXJvNd4+}A7Zt$;*%GK{YVL6k}ov*z>4ua?r}$Q>J{oA+19Y)Jr0Xv{JB zK83yLWv#3Kwf^j4<+%!dhblsEdoe#&k{CFa8}Xd&Cs{KcbCtsdV-kdyH3BfI>Xz8` zCF$+08rRoVuUO`jL@C%?su>^|UC9-FoHg7g{H$rQG|6VB{CLGh^nV+rTT>w%T-+4c$ZG_R5D zpdZt|I*PA0L{zEOtl6vYWM27%0vOpt&U;2BvYnjOzw`IYgY*c?jh|zSKkg9Q(onpD zM*s$+!nz6++dLFHV3R8s^zI4UYT`>LWLG!hy8U9PQf7BOaWLp+{lMqF@Us1{;pGvc z5(((^6pt<5jx^KA>F(s-MI~ZGS+~47D6_jUL4zvqLGi7{@0*ikLTqncUkcR=N-UsD zJfl;IrPb;etk~a*MM`xYN)5w@E%Y6d7c(jX28}&zbUC>bA-Rv-h0HKuqE9@%N{MO_ zauJW<>kRS64J6tang5ZcpP)ih5QFa*do57eA{^uW3;2M1ezLKcUaLml$ihUp(4wj| z&tBj(yy&w(f1&Lyo>|V9sWTn{1%~O?1iR8I^{c*my%|4ZBzjoh`s~-EMCt%mpxj|& zLta|d_lku;dl#l*UNoIhQVO{LL6coB&b-<+`A51qHO!tn^=SJB|EKcqA}7>8V7Q#GB*#>HI;{?yU-gGV7})`X-(*FV4~dVE1|h zfP*@QE6e^h?uti*N6r0Vl^o_U#70+CRYAz@k_j4@7}*b-%y2uUIzU1tno$g5%2#fh z+ft$fm=hJ6iJwnQ0kMmH4jtOO-M-a`x*H4`-df*XtJ#2SN5w0T2>I97Y1V8`X!_y= zK3E`3O6zR^ui`1}o`)kVHEW)R4+tL7IKq|3=hh6{zD~3b^?|Vivu=mpJi~OHooRY< zH&M5aC;bK*N@zWgg(3Ou=m$uC;2cbnIVl@QU-5c=wxldhy~JleDE7=AS%x*TpYHti;{i zd*N0OVlG28o{-DRt4?blIuL2`G5A<bN2>s);&^48Xq6dIYgS$(_l@7@3M$@>qB4kjLTV>&fN0f)$#o6!+ZWS zm(8LZ9TC%lK9iU0Nyl{?pq1yH{FnHuhq?Fv$1a3tkD|>FNfg$FOCf(czx%tlNf@+^ zj+Ib3${$B0C++&4Lht|28nNBERW%S!3aUGdUXx4uH;2poSBEyqN1NX~xkjRLLag?c zc)uq_V7GsgS*9P_Tt1Yl`dg=N@*bJ4XfSUuRHb81aJ}Xvs{96}9LMa|LlU_5kFHT8 zZ5n@wxftc%@s^WJT`AX^2*&p?EmK-)pBib5GfsReHrQSa9<4P%h6ydW@033?8wEOK zQb>buc0^o#mETC7h`Xt3rv`GuF`#&v9MH>=U6jc-is6OZKoFk>Ii&u zpN+SvJ7#GkKb;}pEmxnGJE{>o?lP~V@y@_DO9H%exg7{dzJ(}660IBB*WH>^PfibIX$)*#PnBWQT7kIT=CR3SN zN~Di<@^`aqjSzdymSVfBwPSCcN^Xi?A1}p$qE1KVVI=97s6GsYCw@QOQP}Kvy6948 z(1eLjd$gI$_mPSqqeTy$jvA-+UKkpQbVpoU)2S`C1){OfQ=o?4<*#SkMILhu=-RVW z4AwVP!KR&+ME0#zHDb6ndlj$C42~kp?BeNc6FHe>wDzNjeQ{^ehM0^^Xy#U*isAl7 zGC^2!tDT7?M@=oZxS^tJK2axu029Pje0V>;ulcRHY$^|GCV6oH^02Jmih76UYt!xJ zNVOTwqUwab$W1Q(GzeFwPN2E30it@wz^ScnLn7Ey1+yo1ua0YoNXxLrpzB==*-=Me zFcfT?YMW{azu1`}pP#u{?%R$#Tq@~vp$OV1V!cb*9FVSmU^}Dia--hxU?3l(cydYX zP_~cnb=ytCe|U5DG$%0Gy4*LUVpf z_zq|FL|G~Kb|I=%o5ghTgTr%(GdB2%^hT_(b_FC$8{u522sPMq4&u~5XINM)^zsy6 zb9+xrvJR!TsvaIs7rpH|TeFXm4R&61vD*XtFt>83Iq;(lr2*+<yG zqfHIa6(g_;=sZdNkS=hjquZmK*=dgP=QXnecmiql6*#{2x_juDK)F*|GVT@{V=PwB z?%9I&LPc;N+IPcHLK3l8@+?O{KIV*5F4LP*O>2Axmy)?>#V(kb*&n_|uHMdZ#I_da z$wA3?9wdP$k^PxX`8+EIq=a{a_vm*5^O@M*d~duQbcSV-C^gjN0xs$Cx0;l%0>k(w z#txg>WjzVuOkN(Z`+J6MF3Ps$8H;cE`bvaJ4CjaiA04drZ^%vC^o+ofag1AXd#i^h z&8*u9)%8a3oU_~ndOEmk?2ub5d<#Xd!;t{LI$-tS2MIyBeKuJX<5!YhD!nqBI@dcZ z6WFZiGyZ_!hKSt3l~`!Bo}iTe#-V3Sk&Bh?lK)a7Z?=(ldNA{QNLoPteymX+updKCsZkfcPoGUsPyBn zr_cW={L@kSe~GH0+=isjW3J6#wJT?&|q`1Cai z#qx4R#?;;v5VI#?SQRbULv`L7k4O~;sMx^r;)QG-yGzd<_R1OZB=5w)9`k3;oi1a9 zQjKf zh5EXOGn_D(SjO=aiK*g(23GujOC_Sw3q{+HMwFL}thDZrAH=%=L~C2_NT<}Olv>rT%FClp9megPN&o~ z@T4%S%1<%3wt@G6et#)B&3li}RI;n;-5r%?Wu6DNGcH{@Lw#}kZv)m5J}LeJvu5yu zMII0r#$Kk2{u&NYYLa}q$dIW$TeYQ;8)Zpnb7IXmXM(r22hu!KhLt53zo_oy`|zSX zX|&vb&o^~L?%BuP3kTCQ@v*dPGa>F5xa+HEz2yes^;FHlGM~=JY|gW0wL6Pnp9kt^ z@>;8yz_z%xl^0+J3wM-`*x)d^_`PO$+u$M3{mU8hPvkQ-klG!(^~}LzIGZ&J2z2Q- zFG($%m^P|)iK4x}gL*6%D=aSzTj^2-7Zhk)_~GVFEbJ!-n9xytTFINpr^=kO#kiTn z!i_SmLgapm^OTSaV?j<~N%veQ28ORqL60XxP6=#P0V8&$%ucba<6A`Inu6-@UzLk- zgY!$ey@sIQR^n82&^Fof!6!QVUPDC;5i`V1sqH%l4O4+DLu9QTY>0`<{;cM6#Hq}x z!QC6~AIeHmZ+7E8J8!?^=`9nOwdKy$EFm{N;M$c%7`dad{*R41JZ(3Do?VgxNFRR* zJHCt_c7a`;2ddD=tTb2T4xe@F90k)%tD-Qlf1 z)=W~KIO}$*K@6^Yd-}J`FHtFscO3N%4htahraE~^WkWnGR%Xxia#4~hK?fSHIMDG& zXSkI*hvr+Z=`S?>Ttf$?Tf`YadEk%_@maUw$ZzGA$&Jp8NefouCVO~-_H3OKW9#)k zDvjXFF<4O9@LG>{vOY-tL3N4&_`4F%buTE;q%STR^U@lAdj{Ft%C>g-z0kgim{6JM z`Nq)PtEwSHxEXk>Fx7_lo^TsE@!Ge6Nt%)JoZh9qUuBs3_QjUf%#zK29ZLb<8rZ#N zX?UEipYBx>%9g2uTZI2O{FLURQq-CKN)>H8VFaX#X&P&1;;9H9Yk&HlT6qfX(eDFE zB6a{XTZ9Vj^D@Yto+(pBiD+^rz0xiHHi_eSeX|W5Iq)bk$pfLMUKk+ zBe&@|#<;#7Clk}_S(;#xKkQ^ilX76w*r)%<>I^1?TCV^dwr07JXU0!gOTnby(omI_A%H3HpZ z`Vg+;N1VDUPohQ6D{0*X?W?MhQIB!~Mj8hBCf2ksIE=d1N3kc3n%=CBdZ9sR!5-L# z=DY2$bwNuZo)g6$#E%C(oGYWU3-=Qwew3N{?taf{D(*|JWJ3Xbs1YP{jnDn+BXI`k zI$eCX^~j;XfLH5`sGdnq7sear?6|8I_fe{2_->esaSH#^h22j6l+_K1upGz6z#EC3 z$o*B_==Py~Q%`oX1Wg51?T~e;uDyVqVyx+mUrc!=RJUHV8p9dWoub$Luy_!%b#-Ua zp|5TRrQ-RM%&Cu2vDR|f>;+pu++qcB|5_)_R#z-bG} zWq+N}0%CSkQJ){M7_4ONyPA?H$YQW)jq~kc$9__s z@!0038lPr)Z-3V5Q)69K&fZ5fD6bgi-VEm8QX34c@Wx>VCZm0ZiUzaUihbNWrmS@rfG zpBNg6@m-;TZ}+lpPd_XTG_eWDMxD~GWw|yxcUyXy3$wi0G{W+oBdpmpOJI50Uwb@9y>j+_jv0e9`IzQ2Fon}%Ul|v53}q1lk6EU zn!0PT=wEE2e^(tN(tKB*x4K_&QnFF=3trCUlu51G+3!vy^)s>R_#Tpy z>3R}8-zkD2cVln)uxy3cd+!J_*jviEl0a#PBjA^M2Y@zaWmN|gzB=61ZbLIp zGbx#%l044lp?t>38ksqIa9iv=8CtxEEIw!Cjq^ipsOd>BxxQaaEuNQr;G_0-G7>g} z+O7+?7BcznnfX2mh*ur zA{88byB?8+Y!F>geofhR|9s3XB-(Vc9eaw~UOFaD^n@T<1cf!VbPW););Q#m58ir=HeD2Pg|O_NJxAHvv~hC8;4-(Tvn?-a+k ztmAw7spFCIWT%F}hPw0SUu#215<$no;yzaDy=K`>ZmrL0(@Gx~0 z`xE8dGzLiu@R}Qn7Ir@>Qm67p--wTk+B82)oY)I2aPEZ*~8#+lTe%aG9W6fclZ%h-Q7gwuN6Yls(k^IpDAxVNkl^*$!4 zAxo@1fT=Hh2*g%;F)_f@_JVNV`H6^-v0DO+svSC@WMM6)u;Jm;6{K<0&g^*Gc#7C}IrGM@O7<{vbV#1r9vJ$8 z{)W6upu5~<`!7i)sT~Dn%W4K4Ne0(bNqN4#T)9lS06q2N@mT*!HV|AU#nK)eW)gjF z*?zGy&84VD(qDmP7mw{5fdcuPtM)Aodrz5osi|Jy`SOqF`_Hw1^78&~;N|TtFTNNs zx5EUmZkR6`a1iml@pK(qTRx=&<}LRig8Vk8EdAyytBim_ew;=7$?a@y-SXEVH8F_9 z7XVhtS3X(!oI1Wg$@rTAwK;k1Y1$8oKgnX9W~ zQsPM1@W0#5&L04DGoy@3bc*>9vY}H_T5hW8d#qdQd#BJ>$*-^G2u!{4_#%JD2fB(*joxQ3Fc;^8 zJNTFKzY~y!?3jj*({<0NzceL~BEXVu^%BkJ1X#SgE$SP-7`t906p98F$!oeS4I3I2%xkeEY&%YBA6`)NRgB@y3G2P@RObPm%AlrV+OZ^KLPvo`p-7v{- zx){S%c@sm~;?Mpio6nw>nbfj|wWD3JAKJKf(REeML0Q!$t@Y7d_w=Aoq&OSs zeJ7>tRI$;ibOlZwfQFU?i?(SA<`M|t2y00Zgg>>OK7&QJZU@Yc&5*213pRn3v=*@^ z?_H_G7muX5q1R;sOsil#rD%ZobHTGyT~J^jyp`h_Cta4gG?5>`rl*xZpwiH78gaWF z^!UM7vHKeK%kWHr#CGBFo2rjqS0!lgPB`aN^~#d_CaVJxsHeGI zLz_8bhU!&q#akR2(1K8;*1Hd>!ZArsciXo2Ks1t)+qW~l^i|cXkIYp;ge-%_s6M`Z z)y<($eEa>V=(5sE^(PAUOQDZzghR<%m;ce}qr6Shn}@sjET=VXC@R8@@2NeNo0ryC zn7Q0iCD8(FnuzsKV1M4yQ-(_Ytn3}_q8tZDdmEI3i4`lY9iwMUnBIZLFAExAjuGk4CH z)Z>vlVpg~-S23(7*tLeG1OMde=sG?vkKdmP@uUx9YRW3frNiD-9*%6CI8e(jI)t@B z%=af{68!qQAZNpVz^2PZ*O;jK^dYLk@@Ll=8lStjA579KnUoH*7GU-q`1yx+3Mo2| z(3=SVpvdI0xtKhcA?HPh6i3$DN|R9ZX6+C^zPn0&(aR1Cfd}37jVyribkoOn79W;Y zEtmf!s}O)A!z{$`6M zVxH-@34@^~(R^^M>l*9F_8gl5#}$LMkuAj>GYsE|3f#!wagbSm4TG8tFxScw$<<5p zB}fT$du6mK9~W*Z^=-=Ir}8d9dW_Q(jWedM_N*vxHnhsLFdq18Zo?U6!vYwDYFsr_ zbhBTYOhf=O#Y~Gu`LNm`k^}TcpTTTz(W@Ts_A6bCmWv+qX5?w;d;V*!?DHk%GWtT9 zN(-UuT^8fQL^Yp2y>fBnD86nxAi+EZCy@zM&B|6boWXq)O|stY`KtX}=ZuhoW|`Da zGN0QqizX6sm^j2jEg}`<$7)*UCv*qan*yqF{Zzdlx<06Ve@PW&JK6U;HRk|9X#lyB zr*?N^$z(~>uEJ-@5ftNJne3CYPt1y>g%L_m*kdXc?}Na0$n zXNo$gPh8K9DyPHCg6)x|k$tP*>Kneqb3Ln0!re+UF^mNoifGo@ab@70zV|%%^7N#h zFUNDJj$LN72$YCo3Tt{e{gAF3t*dMyW+R{E#%WSi0iq{QRk;v}kWIU(opEj*%_(3L zidUlg_Oz$#a;W|M?oPo*v)dMW6q2>y6;*Vym8aZ!yvM0nglf0Byd1dp>*vu zvHJnlUj8zYg0XO7KZe%Fx+j6gL24-{G1Gug@{Qz{V7nl!D8z9{xp+@9<$Uj%&r2B3 zb6e&I%rhEonffX4PcR#m$|v>*%;OD$(Mu5h6vM6YhCc5eA3&OhuPTtz{2Esx)T%e8 zB8F@~=+BARKS{O!YouDx(hrIx`R7nexzmfcL%#9*O!`OF7h_IY_b$LI)8~kR;i&dV zKgj;2uzu7rzg*>SJcd!QEs+mu6~dLu5zQ`?Ywo3XlI85Gs#aA9Cb=%~A6Acq zIGPI32I~baK{;V|nq#Jw)-iZZ*@;Y*Z$qC5jc@~VFV4gls`j72)*=ij9Z6L+PUX?` zIzvjzvnqMJ_lxOE?-$byW&#h1SuBt;pMaxgaTo4}lRKjBo85)dt_y`x>wzA^|##3WVC-+t8(i}07Tu9VN9lstM zEae7OyB$ETl9R(XSuYjztbP)mLPRNujC?MUw4nB0HbmAB62=gzq#3Mjs?7;@m3xQ@ z>i67*i2FVaUb6J6tTM;Sa>l3kjHRE;%yHS5hz9W%mbP`Kx4(gV_B&u8Z1}$3_`jX& z8^cMx8AJUXcoNP_3Cf))oNCWS3a_owB;~U8h>_kfs4|Z!=YP|BE!T|)8USerMQN4i zshN|gS&TLOz56OIgdeOq`3C|yErqT8+;0sVxg$=@SM51+wTefrrQBk+_ym@9xl+_? za1UzJ#g}4axTt!VC4Z861wXUBz$PKc`GpN;DRGb{XkG<%50E9s{$hRq&VWaLe|Tnh zX7BXWH=}PjiZ)?)Bm%eW?k23#IP*l%h$lUF!~qJ10O-M1m<@c=a|?v)zl_~KzkVT8 zFk8N)560VGu6%zL?9;D#4SrGE1l}E1s=6Y zToZg*H0j-(xut5uVo2MUTk?7$DCdc*i1XfYe|9juL(uVhPYr}WYaQbpB~CSmP007z zLJp1PwzYjLpb)26n<9LgHW>0fDCOIF+<_A?%mU2{>;Z0Zgq9X&CUh@BmPJO2FzLN2 z@|DOpY>s0cBw3g&D+efanH97U!<$7o&^pv^&(3W2-qPe3KZKEzB%|FtY#}@ysW96& z*(Aydm+B(aJ~l zOqsmIJ=o)N+q8aHW(BsqhiJu^-bxr3N&39iewIIMrj=2V&dcknXV)Er{C3xCSF!@N zn7)k--lp%4)&w<_9UY$m4vAkyy?kB6B;Y#DmEtTnw0#fsUUjEVw5ikBSonUG*xhOH z9*AxQzkB z1(Tyn#_cFy{#cQ4Zmgqcf%Bb$Fx8|FNIM10)Udq^T*@yaZunV`G`xu6G z;B-){$@M{2eLOgE=v&(6SrOJ`O&VxVF4S;^Wdi8*Zk@vF`p5zAh46(t=??3}uH_@n zx%p)cT)wE@eV0)nulQZvLbAiJo%ouC%^_f&C>t;r9EP*fK$Dke}99 zBa_{s0uQd)9pmTq^N<56CSsWTi{f?P(4BURbNMa*)ek$_UVH7-5|Sa9`W`x z3t4;Z3HI^M_gn5!guTp?4!jp@yUtLN;)gN+n;KQ$d+DMZ!0g} zuzxPCE3BPR2Dk^=Zk2N3b+{vFeK!Q?V_EJXv(QpIU6GUrPLzW z9JPrrG{s(5+I5LN9=G}|%=C{rWb({k_F@*b&VtWs&vV5>P8}TXlWcY}=%Kqj@o|FJ z8CFMxlan0kC>HfR|DkXMi`@M#>B5tGUm7)!&ic&3hOh>KH6{Mmm?-D@2RaPCdRIeF z0F2^prRGEFdJk1)Y?&jaGS`i-oR()Nu}~&#i%C( zPK$dt1Xk&6cuS`FsI?1d7n1mp38wEDk{8uXe$-)@*X5PRN>47TYqB9x0Y$uW3C@h( zg|6!k4T~J9P!14XDt;N?FEIJ~=JT+dt_8^y*$ZDEO+MKoZyl>a=;>l5^Sn%>GV2Pu zuJVb6(+9ok@u?U1t4WsdNS?Tlz7d_-rY;z^t*37A0P8Skl$6I`nDNT|y3C>* zP@MgRZLDWzeS^VxwBZ4GNH@Qo21#mWykNuE4)Tni(I`t# zA|-+OMPu7#5;fiKmF5THjSn>Wbm)|{rEZnFG!g@Krm;Ca*TWc<&?hxXrcZ6|tv3KFtR{2B#4g`La%7oc#QF0Tvo2`sZV|Gf& zXC?{iph-8(z4^JO1r&cSqdN)$k8uwhd1-y_jErC=ov&m7M^q5rnj`B4P0nrBOhN z?1AdSe&;(%0l8R1UOXPDo8+bw6^GQ9U%CGNdO#ibVG7^IREVQVS{S(uy4Ziw{Kd<) zeOR6syLK%KMrc9(THU1%{{D<8y=zWIFz#YWh^gwTAqfut_S8}tzja`tnN_|gq=^Ur zQinz~M2HY<3{ij@(b_c+HQrB0);>H3gvl-wFdJ5$^cE;^YiXH{pdLCyP2 z-GTQ&58QDUX$seMe3If9U4$-RiA=ZpJ|$!T1{?Doqk=qNpe(7s;)F@yiN z`ao&z>odzfkDz9}Cpy1Ll-~-jsZux~W%=af9v|(yaBr_1l*Ft`t|=fW=3X#D2W6U@ zmQB5_FKug;yYsRhj7k?6>NmgrN!I5h$`$7uuzrr8=R1_!ZwjtUuQ`oR_s9a8Ds;x< zNck{q;K`+ke(bUST;Sr1$?PYD$5UGM3TMAIxiIwQ^+(`Z=a}~^5b6KtiX_~ToBn0U zw#bElIotBHj1J{xh(pj}b_015i3wUtWSU7nWlS(0d;*xxkgIiq95E)`bG?Mw2VJ07 zW>@afG?jTZC%K&70u*KG2>$lRnIJ9yo^a8I#&*Igpb!cf$Ie+?PoEDSn2LJ4LI{{|-tTw9B>FJxy(Pj6vkFAJd;O%1@lE& z`o8|dFaxhQk55)s!-n#7=MN8pLWt{WPOc)>n?JC(Iy>h5~iQ{qQ!<6 z4Rc3In%p0kt1NC!6e$)+(%kcMe!^e6dgM8^UDaUe${vaGNf>H0oK_i#R>qr)5vV0w>n!lNjyuSpZ@({`-SxVk9jx$=V`*_DmLt&Oqd?kHCzlNwC3MC zQrjk1iso^5#GHeK?#Qk0Sv9}N&ONQM9Tll(=ZsK0YwYJB{tPtjD%~lK9sM zpuhh3-&pv!uH!+;tN!k$Sgb2e(2w;m{_=k{eHY!r%a z#O(l!^O3V_GIFaKtqLDk-`L6?SdMn%}im-$CY3u{=GTS^br=kEVi(|=U><-PNM zCcig*+5u|WCmA>XCAi=uI|<@~7ihU~X^cLpaemMO`eghcRq>zt{oi%cKKFs% z(C+g;e}!p&yy<>#=lSYV-deIB0aGwVeTo{AS6wbA`a8dISt@6QT8=j-CF64>@;?8+ z?T;dyK#?yT{=swaqquZ>b~D0CfZNKjyrS3IxT`Yx z##E9fb+aWU(-J|X3xCpa7fEv(Xn0mkaOpN>grAnaS64-#^SasuwsUEK?=^iq4WrhW zuozE!e+~M(!;3C4P-}VQLWdaorT3sy=7+8ShrRazYbsmYhM93j#eyP5iohUEx*_yx z3rGn_36Vau00BY?H8e+2qz|2hrgRdD5IO{u-U3nr(nSa*H0d4xc+Qz}-tWx!&w2m< z{jT?Vzv0ToUc0Pkuf3kN)?WKr&vW0#^Qw(0ul1>5RZv?{4I+fV*5+@$q! z^C-?I8=8~_lLP55G_T^vLgzMz{-KF8n~IA^9nY=PvUUAH+W#Q>Z7DwBj32X0Tuqtc z`{a_TMOXy<%P6%>te5%Ga-Te2##k>Mt|7LJ8>&Qe=t!h=tO3J08L!y?(g!d&2kj6<*@pfJd#m2I?7m#dWIh7 z!J^4_dkV_>7!skTE$I8jth=xJMU9!5KUCUpccaFu1SKh#8}DS6I%{P;T8#IyA6$|| zfu%6^_`E^ELiXIS^L)Ia+3~U6BHSX}XFm4y^aA@trVwf(j{;S{E@s;|8U2lX^){7t z^}dreOFR1fy>HZ$U$*()q|cwyFQLU>Han$lN$@>}uTp{;>WcX#0`nOGIwbJp5ue|sdDx^reF03g$2Sai8{J7>4jnyNv)WOrlr9=C zHGBL_I*$12m!3rfyj%;_r#xomp2|SfMhuLO-W@VG!prIJg^7Vcw7dxz(_2jjCR390 zpIum-qeh6BZr(RxSTF~)Wpy%Q_nuTwh03atebYQwLq)VoIKqzWBT--R{dUzZa$}9q zJMEXsKE=MpjxU)Q?*!}5JHZVG=}TEoFUyU4wAL)NozxQ~Tfkjp-q|~Z_Fv0HP5hgn z=HfZZdDH&-KkAV#L{>Q-OwGY`NtUJ*p-PTC%C)^S{L?BC2YUzgo~GU9CmI}YiCOE) z&i<$JCAPhB6p6hv^3zlP-4k1%u+(Tro%DSqD`OxdK$udKIGMFj7ZZ00K9OmbH+`(1 zm=04iU47^N@^pQ0!NFx}etqwr8r{z-lUxIhIQ}ajx`3d=D?9CHs{20Ubc4e8rwQyW z?TcS%j<@u86gb0{#dExO1H&n!8TV~(T4{0rDf&f@_vXJ)D-*cY@*$ ztVZTX%dKf)KmGVeBL39zf9YvW7fCK0wk$gS{B$E0*ayK+X}-k(HCu+Q-Q41UI^-+_HqpMOIZ%AgEO-6FcGyz;`6^TfXDX3m zw`b+*XY$c_+$8C&Wq4#5;+nOqmA|J6EUtzDJOGAQ25=mCOmu|dvUo!2&9A0k(@}hb zp&ymBBuX7QDg3`aWZoK1o7Aw{MNIP>H#{NRPdHuAF_o?$spgqVlTpd@<`*%Zun?%z zCfeY~Pv$m@#qmphbpAKba!POsSi3i97ZF`eG2gT@j%*nW;y?|G)e=!WnI3u?HO2-x zm2RLD+i~|n9)*I}z*~~fu#TP*2lR0my#Qf^`UPi9@l z^$gt4v|V(XbwEgPbW|Yr4Pz87t6t4M3O8r8<`j3bzAEnjtA1{qbv?#OWUk#AiR*eA z$NO|RkvBU}vY@xnYL}27arb_%0IPnY!)qauP?(-7qMMgLVo>#Ju+_Qbz~yqL6yZ6w z+pz$Uh@a2}!Af>MNNcB>E-TOF`de+j>^huYz0K>FOPY*fo)N?#LPRAe*kfjoFVkla z0;n4m;`bj~aNEcv`J8;Pqrzqn)o3%KDX5nh04;7ubd)l z(2~gJ1&jF%*2jPlz*p33&jx${@t9sLdiOyfHJICoL1J1`*>k-qgJE6B@J)mdfFj#L zMZQKK6<#=~x08)l=90Pc5;@S8ZYL<9Fnw%|Nw@pnbhRHfGLfd!u%F31bR<;%YrXta z;(Ig8Q|A7_!p335W$#uh^SRDY{?4*P+L4kr8nV_jw@n5!j(J?xJD^JL14Es=$4~!B@_*P7+44E3p8mSNBt0PT?UJI};pKv( zvA`8+opYyn50^mwML5X%0YL`kx;ax?Hvxa3)O_fWbF@2>74k|^@33b06x_JTC!Oi5 zSn-SC<7j#1P434F4vgmgzi{4_3OA_bNTbPhu)RE2UT%#yb69|= zFGQOc*A_#hMr27Mi(jeJ(h`mH&(iLtId(B_FW1^NC%gn54v1=YS9!|Wt6qAfryl1W zy+mh|cpLp`Q|BE{EOokGvm%v;iQi4gBq<~%X`DZDhGf4*-)$92>C;=)9gd!QuyuM} zx>s3!dvnQ~RUYV1JCkmAgRBcFvX(;x#pPOG*j|=WTc?CJ%ebSr=%Y+HY6#4qμm zKK`OC8k#BnX+n;QtwFAWYf}!`YxG2E3uJe9P@r%)rdiE7QClKE{Kayf$R=3Ck`)%r z^KI8+<|+eX4rE9P4Go=7PFD|I(UPD7bPT7ZPysp+P&*|nvWzGd>m0LK9F~a{&dn!> z6<}{VB$Gp5CTmqaWP9RJ;B?W>hVU}WwI?ibb@LtFB?e2>qrtmuJq%QUlo;j;bta8h zld`UvDbUbvmNxqbVG4tpkh(+Cq)MWbbp`dakaEn$Dd&Ku5P{-@8LGVi^8Qj22QaXn zDBm+E=X6r*TeRQ=lALPdiNzpV`je}4#E7^deIW2!4ZcL??QhRc^Zy}uK}dSCWWg^6 ztp<6H%*TH4%E;H8xRm053S5|;-yk8y26t|GpOKEPKd9K+rx23lb@IC>E-eT7ZiyrN z!tzbL)Rp~adTey}AGMTV=S{q#)7MnB066zhuZ*A#ZDZf$9c0z_T|7sPI%zqLekqNU zv^V7Me4+6O(l{+lR$`Q+T5=avMsCo}sx%dWPQ_;fw_O;xs0=<^M4h1(lyG4~!u05& zI1UzYIX*P>_VeE<{MX0-u0_UmJN`$P>g!j?t?#Ks>L*J7AX4vs$^}8Gd?ixHO~{{t zKlwGw|MA4xt8xzm2Mno*R96A(8Bt<1vH=2oWvkk#dfZ*%6GDvraTULP4=~ z=-r}>+GV}eJ-S<+*7KW2-NSDvEl@z9KnuD~))Np)X(1TN@KL@^DJU9Zqw5lZ(+;KQ zG3?LB*+}5@fuKmiszY2xxp4(o3C66lB<_ z&3~cUiIG^{x<5a;@O7#{Wn!YjC2jCYI4o>@klOO;b>Q?@MsQv2$_W?K)AnxMZx>bU zy-+irxl>XjpAoR}K(t^NV*jsO&V}0MW6{hLqoBeGw)Jo>Xl+J;?(*=U!Y(Q(BCTz2 z*YT7i)q7`YU)b~u&Ap7>O?sXe|Mz-Kh70%8g_oVy<4=lyayvtJu{M4aBCbIAL~r<0 zl#^izTUCj9#r_8I6%KBN$VoU`CU|q_9GrKQYnmz8l8D-27A1Oqp*gj6W+ZxAUeQ+K zTw=en7=C7q<=jQx+HWVS=+Tp~$~A+9>XMY2P5ZqdKQkAbM0!8dqH5L0ZC5{pt9E9S z>I*9GGG;F)Ax2O&#SKB#y}8Mmx1Ybi;rIlgUhi#||IzqNs!AB8vk$!nySC?OXoH2T zv5oijXB;)5&OL8=nSAH1v&!KnyUz{LC;Nmfo-bs3ZndW;X?^hdwWJ zZ$~{0c?K0TCAj0N;Fw|(@b7;SJw2OWe|;j|TG+S0YrWlw#nn6DXr!&?Whhsxun9mi zxIFZ_p^?S!As2u!QM9`eXeK<1ek(Yod28gL9GUx9J!A=?ox z`=qhSp<5M}P%CNjV&BTASq>9)tHLpWfunt!x2IqF0ErTatfjhCr!P19N5jBa|t7XXzQFZbVb zm#~a9iPtPYqT=4U5B9X<(yGODxh4<&S4EE|CQlb1&J3J8$~uJZ*t}bO-A9dAxO-at z(VO*@2`;`7#J-p1lYGKOr^e3%L2rdv=3gbNnY0XMd33-_#1Vw^@1qqwWT{ z#zdosP&{siPc{&aBlrxAmo#K$A2fRv=m^2ZQjF}&b!qI@XJK2O+~7C zm!Y(cPgq5Ety-m=Co$Mu;#g6uK4Z%akg=urMvO#~0-?X#yCPt8aA##6hsGNs`K-3v zT8l7n0z4&73#`x50@kOG7HJU-vYEYo@V#zhbggo$GIT83zpmN3vvJ8nf2F^cq`c8qy&Yc^p86%sJ9sPx5i{l{pdIwV$LrHQy9LS&z#0 zDBm@3nO%!6Rr|I4I(XGZ@6Ej!>p{-WHp|TmSwUPL0b$BRe&i{3PB0apD*z*NzcHyk zoHKb>8+hes2>bp~){5?K*0k8?51THBe?9&`wBMaEz>F75dpIov$}umq_o_8KDN;hI zF}9Pgi!r(JS*2-(Lt_0z%JO*m{HUaa3fC_@zB6XZF>8oxA^1sUQCQhojU^7$>li=~ z5)j}XCJhsskCpkZ5mKt86_HKFPkZ)S=Dsc!jQU|aJGZ)}z(Hq~kK zj2Xj!%3^)p^C6ZFss{)z>#?7bS!A-?7M3T6xe;QEt?E_ykmu1WDkR6Y~3U*TrGo5D-`~VPLj>tNsML0xKO|e;8Q9g`>n-+H2DR|t+O;_Ih*^hr#+tlm6 znIm;!rtYhan13GeX=ItWHS$?GVyU8D#=&5z_lNm#5Ar$B2d4Ag1F`jWdhV?nCxQtL zlODOc__pCsi19uNZCea?Y5%E^3H^`Z%G3GMX*tct>Lv{fch$LXb_^qE9~m1Wc!Q-o z=9APxI1o2W`(E3|{L1Kg4YSUEO22ntukoDIyklsMyL>6cN1I_ZH#rx*(nPl*;3GH% zUhP>BAyvdx0ANGyB4Fl?$ov(k>4>S9kl8bPWCPXT$eYb~Y_qW;AJe4BTNAUA26YNe zP}2>ufVM&|SrRoDP8sLH4L(0ke>J_`KD|htEKl?t`M*D?s>y*!E%0px^zxhCpzg{o zv=|imiJu}rY1r!baSC5(te-b&QtY+yQfHQRg+T9#4WBP+kiHk8yH^v=5?#?DS?%f3IMl8dpRf`G`P z&a{f-(p=`oPoL_;1>(9N{iEev>DbCzzsVHk6$4sjQiyIBRP1V3xK=lZ(sxKVsdVv4 z`YG3EdRsa=aBTbfHGwR(VUE5y7Zf?s*Z1nAu>8#C7n=4!Z|(CxX9zYt`L!`#kzf71 zFMNw)5eN%tVu26)`q-HMWb~F1{ylfLEUh~0Ht|J*pCL{O!*NCZl`czeR@J&;M82eb zSXhB1U!uTt7ZhBdKsAHuvz&}tnuTIlTBvcAi&{rsiEH&1b#XMe+oa=(#ilXt+Z^6N zvLL2+^5n>yH}*Z4KU7pcY*6%~t$>DPHXzvYyZ)KtLVmBAF06kevEZ09+Y@b| z%cx4<+kuX%|F%VnRCIwZzVMc0R(?}Sa`AjvxAnN@XH!0~GwTqdg6t+0W0RmA{LUaR zhE}@Cu9y5Nd*zy}F6Tl`U7nvWvJUE1Fi@nkk)v!;wt-h;;Qvl!BSERXAxpG^gEd1aY`y zzF0%)!&NZ_zM|la3JoT-mrgV?cZ`xeRtG4mz*|_X4$ID?5Q(eQ1;=Z!)^Ir!N!zmR zLC{w&r(B-%FQe>V26{;mT%c263t-9eX!t0>Q4Uo%vTlZTtnnfvr66XWIwCziCyPxt z1bYsC{8epKL|{yn7+Y(O>-%C{0Hu6vr{Zz$NPfk4*5^gqa1VXL5BRc`8B zuJ2fpMKX)R3ZaRO^pKQzu#}p)Pz1lCPts7oRGOx@RBG;L`w@64ZVoApXBN}%L#$$! zY7o^cgJu9_31=S@0X@93K>Mghcxy-3Ud57UX9|Bd({uS(wO6%E)%1K}=|-u#@FlT+ zvzVw>dJMbO1F(s9T{gvgdweZ%a& zh2}!V_5H@kqyBoW-vO(Z9YTZb78{Dt+tPacyiM1C>z=^_Eu@&q4KSlc=ySZ}Or#w}v5uKW)p=m(w5*IPpX5HHZf~20TsU^ysyWZs%__R=8bA z#jM~I9y0&=3yq#%=ccE5RPgI7*&FA75%tI07U@Ingu08}hr?TSU9gppDg(!TomEPH zVv%Wr$|ajYBF4w#(h-&-??wJt#-BO!>lzDliG9IDplrIWb()qLGx^$j70xTCTif|@ zRk1Nh^|@(|V(bN}`~i3oqt!`VD9>oDJIOaYTE9%O*C7Pc^`VzsY_nz1>g!kz0eSRE z8IV}Cbi%Lob}S%`5njWuV~TM``E>= z=cu(-6S;QIz0LDcqOf9>S;1KyD*LVk>I+SN-I4sqKU3F#zvg~(Ji6<0#r98D)2OTc zCm$nSpx%?;lPVJ2`AT)~!caC9!bR0#IZAACKB8ARmtREGh5`{0oz<1^&6&Qp15L0B z$ll?(&*p+mTyNW3?P{{0#nB&%k!I&k=I3h0-4G7t4|38UchvFgx2cKO#A&uRJ+Qtq zU9GpG%!MEr_hzw0Au>*llCT0vn7Wv5Fh_Ef25!YtXT3&BfN5_ma&kauK!Um`xK%jG zKp&!1ryl_^-NE7#QvyugaC_C-L9xM>cr<7CMktq-rR?kDKH(Hc0eQvAdQ*ky$H;+} znmrPOJyI{kIb@X%g^G|rxCsHWT9=Cc9PPLUv(2AJ`yUNPbd^}1U(sOaITkaLbOwf_sB?{A=aYjA3&qC9Xyxgj@BHg~ z{O#!X=`J)&z#*B0t-g{E90D(?mX!(>Kb^@Jogcr@3?m}fy8B$41eR>1PN!VA&xKh)<)=HVPQJ?>(h*2}^^g1fD_g!7pLfT0?x13o)6|Ce8Lf@R zMQ2W`Gr1VAj%swFLI(fTPPfSBCU>o&XEXT=P1NyPDm}Nde!y=fXD*7|_6u<<&fU3! z!+7%4X-($WtYAFfd6KT(g?hCnSX+0~wOCq>;i;?VdG9GvD+X8+?dwvz5(8}r3@sgL ztCNVUAR$up_Zd$P(CvGMtpFylnUR@#OEr}U8CtL`tnuO9>JE|${NlL{$^9^l(&kfr z?PYp{7M4(pbhQiD0Lz2;%#NzNSxsJFj&1Uc2k|M;ts>TtzEUimdd-n0H& zQm~4ZozdbNa@egrOt`cII(-C2lGTMzXsry=NA%1BM__(APkyU)YKqsc1_x+sjBq&? z(D#&FFWvDJE*=Nl!Z3hJvHb#3^*Bi{RobfTi9!R{La%0cf<01hLsEumySP9918KEA zxly$>s5uK`hleoGbA)k@2KEH<_m)2Gk*tmqJP9|J$tJE#zJS85L_yih|)J2C+*f-B3Z~0ltKRd#w`EQP2jSkNEq~Jra zFgV_g@A*`+??(l+(j8O*7GT^F+{wQwhnhNbk-c8t9=|u?i0h-n+*6LSFs^H+T&H@G zzXqc2o;c)G=ciI~QWvj19g5PmYB(A%de$Q1e z|CzJz&M%q2fy>VP>U7oD!=1rmr_jHN4Y~mbbgzJ{xCI#F1h z8brz4I)oi-W}%#QB7o}EkeeS$T?0veJMB{iNvXmo6va3lVb|Ne&2r2lO&IM`?ewv_ z*WAlP3o|aH8QWw!>QOWYNxB5ppVt7hCiz&6hclQry7s;VleEIML}WRf(b*QB@o8P3 zVQe}2`d)?SA}&#GmdzC#aA5+$y+(!0blAWQAV91Xhp6$SVk@yRDn;|rA%D%;Wtvx~mV4vWed zzgR;Zx`Oj{**nj-P@;B|5NR@nh$&L|1;3u}i_DZPt_a2E08Mn;9%LDznIDUvv|Rx_ zKP)PVali|+s9t+V6us4EugWgnbo+@#x0h0{TJ;`(C(BD~UtO(ca1>0~pi6A%x8!oT^U0#OE zw-8QcqqCb}m9q-mtgl&C&M+HiPbbyJJruF%OY|&wL8)S(yQcq`C9IJj(ZQhnQAgfj zA+bR)am5=^?e=y>2r{eVEPml}Zy}Y6sf8O%;7K^h*rC^``8>7mC|{FPXkiGRy!kq1 zEy-i#Fs#Pm;;On)QKClzoVk*9v2Cz7o`Ux_DHQl%=%{N|D6K)CFxVF7E}i8#XbyG6 z5ZPLT^pN@`(@dd>NYgq_Syx2ANf$l&^L@}JS*orFKuVM-gnJ|Fj!%zFDeO>T8ak31=#G{_eNk; z1|ur#4ykh=prD&^QH)q6auFVFH)hasYj@}S)WU-D-Om__>{R}+Fd-}!EZ=J;XYQL| z1mQ=664D(OBB<{zUN1H7gu$|S8+QW`tE0z^mfCSC8cjy08==wZ1}Y>^#kJD3ngX~K zv4>3A#bQzTp|3WHh?_U%Zr;4fbKbB(v&v4U{McHaCuS2nM@E8eNAW4gHxxpN53J_^ zxK#gyJ7d}{@m{;>xJtDmiTpgwV{f6k1idDUwMXM8TQz9I1J{tgI#L1jc9MlCi6u*n%)?SeWznQKa-gH=A#Q z{P3Hp`_0hDJAA2H&$)QIsJzLByut5-uSXJv^v4TUQr@)LPca^P$cI(~BDniTIpbP5 zq@_4U8UZYm-7~0+gN)}?R}8oo=hM_XC9btUhBY!x4#zRFB{i?Pa9We8RxwUfNh#d!@6;5e2Ul8F*;7!h*F3xH5B%d zeQTVrA3OHhp2oviK}}+s`V28xx{d3K&tCY$Nig$iW3gGdJiR}cp>V|o zRQs>oJSwK^$b?XLSiJ4XEGf!7G&v+rdJZ7c)3cBu`b03}AOi%VBdKN)6Rg-+-!5*Z zGbPa~D!4y3{xpoAxVgdtE#8Zq<-Ej%`jneO;ZwGad+~vHw7iR3vOoBSAd9Br554=_ z>C+r00JF%!%qeuPH2|y+x{hR0GcPC>s!#?`-|dLt@KnT3~>!BTnS6kzNCMJ@5Oadt zIElFe#o_!6p2nZs`A~?obuLr`?|r`Sa?Hp4)Xz~JO$?fxHkMSdX94q!e47f>$RbVc zI?&4VBaab8tsNUYGrx^r0MDt2)DgO7w<$*ySMb&z5+zYRXy^LPm{ghcA;934b}N5} zg(x*K7~ty|@YiR>f5B&kMqp6GKDo39=TzdbNA)x zBW2jJO@RTDU#E5=W}cPL)DOebV;mTpps75(Tk0%blM$PrsSJdimo}9#>NAx$I+_5% zsAsduQK+0c~dietIZ&J2ygsAx|ax}of(389Ncho^Fa1`ZmLD46?2lPKX16>_u>mp45#rrEqkQOl&=fFe_ngeb-jlB zRUwCXi?a3}0%h+ql@>%1-y}V|*C#sH7k|8+1=sIDt$(30blf%4L8lCI9W#Bsq{5#E zq2gaQrFEc|!>$*2eL}@>sbf~nHk8(pK4qil;B>DV6Go(S;?=dO^vdt%wA|e^m6$T^X|J^EHILq24$Er` z_Y11Ky=e^r z*m5Gjbe5-Wuy4V*dhyzoT~+(0+o-zu+|l#z1g)IR7+#Etr5Kp^QOV^1`~AGBys2*zsbS^Ri1V_u?YY!>{jJQKf-jqH%4N#GAG$6! z;$BnZ4#QH=Xml!-2YTKP2P7r#KB#QRdvZWc=*s7s&oSu-%Sq}j+=J0K9_rg z2@)cVb`+4lG5ztdxYE3QA(v%OXl`TT$U)(n|I{GKt79h@1c5YSMEoudotycrAGQ# z)gE)CSzrC&uAJ)0k z@ff>vG$L@pJ~Nq|UPv~5kNKqj4HsLy`jTs*j30Td> z#x~ic2ufZvpDXH0T6Z+{EFVa;<*xK)&3SiMF85QdtFT3Z^y*hMU@U{2zo&XhWKTu-h5 zQRGk!uxc^|Yt6CuMZU^bsEbl?9 zJ; z3%0JXccL1&FV-3@?|mW&c&?HFNf-pISWO&*<0QdRQ!oW@i_f)bM$h}L@8KokDc$bL zDI1Xbikjoc&6SfY2L-F<-ngOWf=dI(G-sXmOvodie(qb%Qg#~RQUwy;o;gDJ&!3*t z6;ectFQD{RLKsPr&NeqR=~|ogUggPO4d#)p6>@pLGM|z*Q8|*SKx9d!*02l{rQ`1&4+3C9OM~c&x;<8ni%~legixmMn{b1z&9e8J z<+@+%_>u_X^HOHtv|DkBqP)ZTL%9I>`jvc(b z_);`yv=KoKg2GGl{$H0Zxq^+#YAQ1FzuFXXbe~d8^#;7mU7%mz;GeLr$bQ*RGpYAo z&ZKNkwzOey+xE*^<&C@;<=%Rm zjd(x)kAs@=0mGiPpEntgf-B!WbghFz#%G3;D|Gw1dNY0V-h7N&$j`hI#_B}cGWaH&4wxzhRY7U%qO8@lXYg&tK(GpF5+IcD}phGAY zi%rf=4n-%w(AE)783KB3vR;IWFO-<(hI_3JLcGPG2Cb6)AjTFF1ftbKeMtg=0D6{^ z!Hf3kIHPdQ5Rv>(p&HT5wanq_9}}FnV?GLs2-9Upyw8$JH*c1ZaQ5aX4Ymp%Xm*J( z6H#&GUtPqhV&Y(1FXwLvjB@egmFQ1L_xX0 z!{sEUc6ZY&a&2}J>Or9Ma;(ZR#@Q*L1_ zq;XVMP)P(t(#5_|hV>I9Qc2RQgNu$YJ{j81N5lj#SGxfTSV0w9_4$ws4!IH549)fy7*tbBzEYKORnWj`v)R>dHD3RD@ zEH>8=`8WOR=)3w(mb)p{ee{p{>3{6@^zP@F)s=^z1GkM-}MDg>&)g(m6>Z5FEtEqH^ViWS%tUTDim7_c44hU87t*pS+em(V?k` z^cASNRbf&kkhBRxdRxQNizElfC{0vu&_ZA9^Dkevvm^~5vjTUwBf4$2*-a)7FS>6| zx0!bK=V`-`a>?jXLg3!grAiX>Qj^H&s);02Y66R;U=++%2*Ff1O4`07syos88}A@$ zfXs=)Nf6cY8lpnhr8lKr0&GN^g3L3?;wM(zPLa&VYjj0a(M@3x<+Qu`aYI zL9;ii49+j6E=d_yJGs*?@#wQbf<_Do0tE5UwJKVcccKs}2dOjv6-ys46C}v?I7gOMe@1|N8R#Z~5hC zr3u~N9cYm9vsLJfhT4V~uBy~DtUs(UQs-368j}Id&yYmpUpgb(NfrjlRTx@VLtQ@p zr}}pvYO*}w1gx#a6mNv{c>6A6rzmq(D5OyuIt^PyUZ00y1z&DGp1{@_X!kOKfq)0C zkF_*8>0QniWxB>GIC|yh5*B(LHxj#7A2w>QfM;1DSW%B1^+(Ijf z8jov{jkj%i9$`GP#O-BXPj);WNy{h8p+!>7D$#uz} zbHiS?U0YV>UsRMH*`w>D_i=$0rq!`_bj`c(sP?pxfDkE&>SRaQCoflQSS}T&$t?}b z&tv_0*7Otq^TzAdK`jbH^J^Ae+IHfB=&{hzm;YDJ&oRvPs%8G`(Y> zF~Tsle7~6*-SuobliX0;mC$G}<*1$ub<{HIpCIJjilj}j?Bw!SJR!y+D7_gfRyb26~vOp0jUb}WgX9yq| zZ1CQAs^T_z^2bjnU`vc2oJp8_h$6k({Lop)MeS(<%)Zu0M%=z<9-Sav-3d1-=WM;z zlajxosVRA6g>5_&h0-Q3vp43r-FGhZ?b6f2b!M8`mJrf6+gtj9(Yu*G)BYhq% z6WA**qLqc`Hn+7_<~I*gAU-iL+;M$lBrLsATp!03l&!2f{pub$Avy6x~Tgn>gxiXB$WKMVCA@$AAXhe zM~O36$Cu;{SH#7aO?uY_Q}9o|&}eR{@K5Zl)Jl6~A2xO#mpX1ajRAu3ci#Mwj6Zk$ zZ0f`p8h<_LV9$QEH2vQ5xZav9NuJ9o4|;i`4e3M9O&{M6v%apVEynG@^TBr#hg+6! zjw)#F(|qd2>vMI%%ic4aju{<}Tem}@#8C6i*%vOC=IPR$?W2r5#fpC&; zKFUTlOb)YDs7=C5GOF`NTvXO$#>HXL`do#`jQam2jy%3s$ODc(O6T}Ox-fbb0x<}e)FQcVj zeS%TQR6#F#sDS)HPxqaT{bm?AUlv_U&3kN#=O4PEHEBxl54=4Z2j^%Fd!uxeIN4mw zEK&BFw}kO@4e(RonH*3x;4{zxVy-aqWR>OsDlYxbW zO26@xC9mNrlZRbk8Q@5!uV6752+)R#1EV(%LNhU$m`_BRV*Rmsb=QlT?M#RF;eaho z!Bw-NDkSVQ4;_}@IhK4ZbPGp|1EP4Yd~yOIwMbf%DF%=#R_zv)|C`clv^BXEYm^1F z@);Z!8>T-b-N$QVByW6sCP&RdQ2=w}yDTRDSVbmAeVdzsPV$eo=VvW6L{@uVe1-)* zaHWV@+o^Sqn8`T_Vudmb$(^GmN~ko99by}V6%H+KGjAJeIqL3T&%Ay?Udh(J*S=Ck zeZ8mu`J}!Sh#`nIG;FD>zgtzC^q9oXoQr@wSeYXDolipj+$qG;G2&-d74UMNw#g{I zl5!sOxXJ#W54Zj-pEiTjD5sE^HAm{c>*3(G&JoiVWMT$(IHzC(X0CcB?0&0Fv1hW& ziTD`VHVvnu7zWDlAT&73UaapyC!>5z;ne&;HRU*d?6*vu)ykpy2zv=XE%9 z|5jTXai;h6R0p?w%RD)>P*Y=2D?_52s1LWIJet})tngZ$QY}@2GU*IzDdGyaXeiyA zxerM>-Vi&N{lkSV$ie5tuIG6Ry=;9{p{*z=_h!}1 z0wVL+R=20QMz*Cp{ocbBowU)~>BPMkAjS91IP5%q;_XqoX)1iFnz-=OJpNR<6#1G4 zKieX-&IYy1;8-`7hnYllewe=6UMG3s zrwE~vTQ1%trK1X7>mItVRLX0E zx8y68u0HY0jQr*#XGj1|DqRddGs$RwWmW98VsBCOgC95-v+e{rc+$>$I-$5}_CRcB zjx_UifH>>^^XF=Bz2_P;yXTu`!uj%!Qorhx(*X)Y59P!5y>HgSB+u<8JxaGTY|p%U z<&ST6ZhpNd{7w&BbE5<)kMFL6$*plT`^|B6(l~E#VcNI5wTo4vY#J#KZYY3??rC^} zWkpiMa3W!@Il)`^*sag+tDo{zg_Cx4`W&=+sZM<%gy|g);FdgkmKw44gxX%u@>hJJ zaqky#B7{?_fOgue3hUSB6diqYG{7vwF;#HwQB~s{F*{(_Br5W3fgb3{#vq~qoAo$P za^T%Vq6lb-wqVXfbYlRI%8?q$w%ab8(gZSpQgAXV#`;gPo5q=8mvdJcd+81O@j!Y* zfUpm3?t&+we`vGT*`Oag=c$;B6qoARt*HY^`G$Qahl%xr3~^Wh#)^<1ig8WR8ca+E zig}f9xNWt+nccU9dWr{~53yEGEnUe;_VU^g?=%&0X5EhP(tXgCcBRllE?9}HuhD(=d_nL<%L(QZnFHxtrKtskE7@FZ` z9hAem{^oGBan({a8AUcxCxrp8@FwP5JpgABdk_X2w-|wwufIRj! zR~Fs(#5S8tTmXq(R~<{(b*1thHUXaHm$a&yk2HVW^2+f33F@cAED7JObZc}^b!+}y zXqI>7;KRxcshtitvr#$XJcFR>XPDWU^n%J{a0IcY!u4HpqgaN4+w-F(zqasy&)51) z&-M6>f=IIQ)hT?EQ-o15(PCDM8|}0bl&=M_9<41Vp6?eOx7yBAs1R4Zd<%@2?me#Q^^J8UN&tIc4^2J~6<27&tcT%X1U%!31K>jeSUb_rzQ~Z;M!!QzTBqujITA5L!~|O*|v&2 zP#D;l_h_rZER1mCHq)frx~09etKF0)^XtnJB|27|Q<~B|A*JL#_~4pBzWRqG)TQ`b zLf)$Z!=Ll2(^%=B`thC_4QnH;ilA*q4>;dd3ntly{y*%!cT`(Rwk}S$bHc`8f=RZ? z+2jn}w#f(#LgZkQ$Y2mTcH7uwFc~C*O%g~1lYVBqV~!$v^eX+_`ht zyFKsDTJOHK-tV^l&^o8;)Cs$G?Q?3^x4->C$R+f!s+{scY%xM|(IgbqRG6h-;hOmz zUhb3%mESY}SRk8RP*92gsa=_m!FP5iOtQaXamA`dawy%p@84C|*G zqLXx>`h#pyzfrW}pZqReXDLv260rPE70Gxw)Wh(@YE%OUE@_rX_$B`^!t&D8`rjK1 zshKPCH@+n)GVE6U;%RxIX||NlK2f(7w0O8$Kgl<;roGB|=H;@VUww0Ew{o#XW#jHX zPjfC0XnkGt-ihwLU;cikKiatc+@oN_>~nKlnTLFHk^A7KbCH2F7-XVqeQGor|DB3w zx2pnO?bv-E{o`+cbdLX8`Cljwu2>hCw!oG3D42Qmc982>lIYYRK9tAUvm%Nh(`ASI zviiK_DBHRxTuuH-W;%V-)7THI8dIOfd=d%NH}cH)jKcTL1yZCsz`gRypmD%B%LB{= zp{f{}&erh@C0t_mgDzzjoB$LRgE~&N5{%;TQS&HVPX_NCs=D`V?%hSb{Kqz9>9lb@QH-h z4@CpM4~VUNf7^5IdG%l3;XkO^fXmbG*u~+zXXsGrQJIn);87M;9YRX%NG6|qz|v)_ z*D2rBY`vEOd=2vcSo>J}i0HN&W%$IyBk{7i1?fBWelKS!A&w)=Uveq|dayi>n`p$5ng}w$7_4W?V`$TmERJ!8 z!Chz0Q^?ybO+wQMz8)OII<%}?b+Xc48$6c_0At@?by9z;s{KI&Y52AGP7>!^Z~H{f z&VWH7Kl zH|Jz(nEuIW+&hFp$d<2QrK}5O=!z@CA`O7O0D9uc@7T1lqKwG*o5u+se@L+Ks?0QM zzz&Wr2@>6F9t-09UuIr$Tj5TykCg&kyEnDkt)f=TZ{TW-QoHCIp>!I zg9MAc2$Y%Vr2h^s82FI`%P|r1Xe$28pF98OWneT`TIYu2SM(dbld;K%3pOlZ>M4Hn z@^D_$$e~l;z0+s$YOu?7ujMGH*l7qxEoz{<(Tc|?d*I_lCC`8^co13FQpW)L@6x#wA%P@K0E**IHf+f!LP#`RhCl5@-8EKmQ|WQ9u6VQq zle=d3{n|qj;8x5hO$y7+9~jjijEuwH)mR}#_F-==c5Ly7zEzihPexL zSVwjIMT_zkm)v#W#oRN_*Fzhm^sVC4q;vYcweM8dai_ZvhRkbf#X{O1{qhGF`Mvo6 zm29W~vrbCTj5Hn0#b|1Ss<^D~yDgn~3vUV3Dh*P4h_o3iH%8 zJ+EWJJB~@9j)^^>n*I*$WHPu6qk%NwO63G5%G#&>@blk${qom(;S2gDT{D14Gm0)e znDaXo4Xz7+0$-~sa(EEdF}HORpLv|EAwcVS`!`CfOLxus-4MjXj-sShLa|<+?U&8W zo3V~Fufs>Sm+M$Wf9^?o-L6m0cP~sFu6M8;_X#}JNp(Lk6=;-M(BbrFL(fazD>NoKF#xYgy}fag>a?0V2R!l|juSCq!8~ zQ=rSUPeDd3OCg+7?&K?k>z*DSS8&4ptfm`iiH*Ty%pnAG`Z<+vIkrkCuZ)RLVzi4Z zOI5*OvT2@K{NZX~+4KUnYKw#UDpFKbVtG?dkh0KbFjD`X@dXxyf`~Iem^r)AJJKMX zKH_Dt#ZE6?o%98W<|Xd{YPa{@5#k~+NMZR_X<=jn+U?K#hC#vLJ99bEx7No{(&k`2e z4RTP$pw=bpqc|A97}2dt(mg1tO@7N{+wQ0Pret$XEdsszkQuT+1e3?YJuWXv*pbu9 zu{1*xKy!e1&vx-NyvO4XaU|4})cxs`mr6i$A=x`w5+~+ zYp;L#S0}eW(y-Ls;p^VPu%-AUK7$XI8C|z`iMeS7)Gv#&kn^-z?R)5Vr}6cyk(QGj zH_Y9Hq3-EB$v48jb#ba>=#2qr|7%0)`ek+eNSxL~7l!AczU(`-HlxjME&8_3b|ik< zS?Mb`4+=&r!LLA^bg_G#Zb3JZV3WkO8#~T>ZleX@@NFo~2a%<;$4Ds|E#E5~ItKV` zYKEdJ2y3B}(6bQ9XPTRnusdUXQ=z9Qp~mShsSi1EVZ)nE&nIP|P7V&9x`HKW#_i<0 zvhw*VOkUXGG>!=ZUeVoLIZg6$TFti+95Ns_b&YXS`?0`OiL}`MtFL9*PPA>` z9-23gNvgu0Z4pbeI{fGFl~se!YkRo)J8Kyx1HV+0Kx~>&VPJt}+U&eJTzk&Akls&$ zdjTzhdG<2(8^vn=v)}*7HQnDc1m3J!y7R88m4{*QtIyMEvm*t39l4jyLH_p%tVVl4 zYSfoXJtaReOZcMCyA0Vn*p=kXr>k0jo6O1N9!330(wg{*s>3uSLyr zB)<0hQZI0|XT^GVUd$8gkzD+>Xq6Gtuwvrt z-kz>U!D&yv#;Wn?p&8_w%ihF(nneAmsOEH-{dox%%8@2Kq$D=2(+^{7Pmo6tlwMW2 z4a)4kT8U}SHa8WuW=~ZsKY0eDQB=3U1snDJbTAfXyZ5dI*=ba#YpL@qvG}5AL zPR7=u^!h8s6{>@Pfi6_K$ZQ@Z?fvE$IsodDiF6iRwH0L+^=hh?ax=?Fa5|y)K3vp& za5$m!ZSCG(2DUa9&A^>)BtU1}=pG}5M_J4qSl#p@YpckM`*u#QKzURW^1- zf2t~0hw4OM<9+{rK?4=+KuRJEc3r*6Kz3}^H9<;TI_1#s;4!#DwXrk!olKDBD)2?4 z5sxqy1uc|VP*iUx`u7+mm+tf&G#S^PuzQMECwSzGBlQ?{xzT+Rctp3{5e|L>@3lY9 zI{fnZ1*P{R*4b;15@_YU_m|gsgY%RtPkx?0dtOgbhc^+FjAQHttQDPqR{l2$LEx{V zwraVA(>qTXrN%A_;CL!{{yHw-*7`@d<}|l{>_DWlp*C)IHN^YB(+o2wF z%ATvW5U8Db@w+no6(#*KDeh^%dw&kfSH@ZPFkgGhi@m&frUH`47b4BFPjb{QWBcad zJo4Z{^iEUzx+nJOY`^eVh_BnUmo3Yn^ptTdowL>*m}XgK*WMqcvZ8w66LDmwa#BUf ztl1zrPp?$rqpY7lQC8%)xkn*cl8@WkoH&!0*&<-J4I3}sDHE5UsNKH!|8Y+3fA(_z zz3$PqehRv~ee1;aJJl@9?YpGojaSv7ggN$9Nqw!?xb^IWg_-@n5B;&Zy5dT3hw)-7 z%@9i7(W2i95f7N%C&(>d2l5f^jbk8JdEGHC(p5lf7!!Gm?2m6ucRERt{}rY-7d(A@ z=408P%`;|Cy6V%`e4O66)@2}s;>=atUKQg#@nR z$-8;H3dj2@J{Y&s+}b>6z*Z~0?|adi@of7)k;IQS%ngB>Po-yWMeHuFKl)BZ7n*}t zDp4yl3$*`o7tz8#<{o&CC9(cc`_q5Y`hQz=>4w5b50~<#-N~-mjn*Hpef)ciAMMQ2 z!)|%P%Zk$HETW$&-4BZ-F7Af_$&>wmcE=RpU`_9Bmi1IbCn)q$c%Zf| zg%XNOqH|#P`GY3?5{u~)EC5|%mL0w6b{nGY_fwVeP^D^0kEH4rqdqThiBvDEoc#-g zV({^c1-45)eCR3-1D$(OXIujW7URWkm#C(~rn2=DH$<6zNsg%_VntHVeN0yp1awB# zyAMFj%QKgwOTr5li_A0@JZ^c-NMi(wTCDU?fEl!2FUWgD0_(Neqe%IW@h$5ldoPZJ;JBLnlb^pTwR({A)L(C7!y zu4+i29#=i{(7joIDVUsCyhROjJ_vo57pN+vU|2Ps+B5Jkqz}1T zG*E7MVwt6jz%*BndhswG%^hq17U~Ad8?el8kC4)UyEhMq53lyKxypW)-B*<7LvBpP z2`KB#sfmM8Mtp=3ugs$2Oce!Ricnn2X)c}dX>(XtGw)4vsn?#F9OTQE3kcWod zt@&c`SX#8nGd25R13XrZx|Yyf8E5hkpG%L}#V7%MJ@Ib1s0*DGs||(@L2m!IpK!}r z9P%oni$GNyj<0znRtxC%g?^DuFEsM^5!&9pMGX}^KYWNMcNBd{$WI?H-#(%6?G5p2 z&wU6pe0U9Md^TF=)Z6g>C(6-1-TN(EfbzJRrZ1xye*OJ^IQK%#yI?2vXLZ?)0%zz~ zh#_uk`YohDSaMB1I^A`eN9||hFI*;H48~%sbR}M~nFVLvF;N^#Xr@u(bm2l@b42}s>?Q}5C`NYJfI$KZncGDzd@8_r#JWF8g?^uP)SoH|X8|qg3 z?%mYMDyik)bZud_#;FeJhaUt6rm(YS_2|M^Z;^;~d87RDQzoC0;})!Y<=o-B&GkHK z1}ot*nwRr^+M3vM-MwtMhEM3RKWeuW03>lINp=Mc(! zj@v<4A;SB)S~myrJxR^Qmd(<9NsSY9o$NcMfi!;2Jl^fZ>$6)7Lq_k(=lHA(U#xAkFx^z4+;64iF7^QT^q20cmUSx{Dh2d<1ovu2dHRyAM^_*Q}J zde`1f>>JWUYuf9#CfDluW~AxSEoxhH>7Pr-VAU?5a-e8!wp#V{1oAp&R3)Vry67D# zA3#@-rjb>qFueBb-0%HQMMWoM#JeQ-;Ab>ux3pRd(X@a{(FtWK?}6 zx#^8C1y7%n=J?FXnz3JkV=(q6z@Ue7z=p_lr)S;*$fp{nJ+iMosJg5@;x(>+-tY55 zyAv%r;_ifaVq^0e-7e>e_9Vp-Q%YsEca~ z-1e7VRDa%a7xRf`eRFvIk&>-k?r{(HUm4E@Re50(vEwi%v@VdUx$*uH#=cKQqjtER&v^e^ShOUD3 z4g1(vxcmw>jeplOp6v3aU{+`)=>UCgF8zSLPf9V{-9Zzex_}Zs3-dKIMBmKidRUjW zg_Oi&xl)DG1~tagj1f&$8rRX+-B#n8~H zFDVs~L#U@zwit8WNXaqbijK)!p#z44V;?h(n`qckK0Jz`_adaYS#wu7x&oC)??;nf z0|WT#X+c)`E?G}RmnqI`hvX6(T5(17sLbW?yt@V4XMeT!|Lp(&Rx%!{ON)+bx#M&e z_m6lRcO*DiVUMwCqewRilrQA**uF~j{U)CBsli-vn4s*rgQ;FG?OVINm&Y1G(jXCv zXIVC{)VilMmV?^H>%bjhNuh>_TKj?qgrq;r_uqusc#%&^!&v)*Fg()Sq+_DXgS{NVeQ(7!9hQKj76JHfNl@5@tK;kG$MYL%l7+Y+Nh z3SY=f=2Vezx|U%+$HNq+#en4RRBAhYuDZs=n*EE7VMy3tOL|;#DsfJPbIixp3o_3| z!czQ%qHP^!;uQWf`g~RQoV|y&Jg~V%8E0dmlRAm>ibuJL>*uKS zgL)62*8|SXv~kitu3c^7?ytM~590M(A~Uj_TA%~d`+t| zf#~$Dkm<0~)d6Sdwj~lq0xf>=B@H3vT;xX`e=#aaO*m8UYv)t-J|$HSLp~1kI9KpEW=@b-bKE&EVyJu zQhuz<*lVy`O%Hh!?AZ<#T+7SRcCJtqr_siF8`6JT?=&T?l=r%9TXQdk3+rg9cIf}y zAo=rF{?T+u@%&ZTKBs@NN$G#FNt=JMNo$8zRW&eJEz|G)=BjI=fnwFjoel9845L^$ zjh()O#+PfO6Mdy0RSU0p5YFBw~jqqB=>ORETEz%fpIyklc{By}lNjwqZYohS zXywfc$P%~Wkx$g%^=11a0vyvC&#I(FV_##9gk|b`;Zwd^)bQd6Q!fnT^Y;kY6zA&m z&mFnrKK4g4MZsx{Cbk2yj|Xt$44qzrF41b6j~U4^Dcz3|pzc3<uh+ws zk5uR9Ka>Zq6qY0tk1zkxMSd?gS>2{iR(u{{rEqfo>!^Ri9y9Q;=6upM=k7UpeeMiC zJQm#@73jXVu+m}c*Dw|t6tRcVIwV%8-TleGa34~31`8Y3bbGNI;QY6%{BX?X9kTqa za&VNlB@ga-w8E2Vyk=t*oS^9@-tUXvy1y+k#C-97WD95cX7R`o>z`N zK0I#rG4HQA*JS+-oxi2z7JMOBVLzCR7dyNpH$NBLKSN$b(9b66<{Uwo=tAj41@Mh& zv-xYN#N^w~GkF&9`7>Zz4p`Bg_{A&oVhgk8qOgNZ85U z{hmt=L)%Ebu$ZIy7Us^L_3uSmp zhL55JZEt*HRHd1`T2UZw-kQ&9bm2Y~*6Dv&9o!hADpzqfOIaC++-CcL_Bx66u{uWC zQy@X#6dyxZ_8IYQWZ(V^j^6^GOZMYMv0wv&-5u6u%L+tj5CueR zbf!qj*;Blcn>m*BgY>-titHF4%>7WT*=pJw^$qzLlw~^Z<8$-*_-0DDt*;#~a`+Yx z+wIXWs$&c~Pr5FzPEp6a=~ESd#;0n0X_O%{6HS_noDsU|jMV4_Kbh6j{!S$`Xj>^d zRfGjjmlTB&r0^?ou{<7BM`0 zopvvLbjA(a=Wa+LI)L!eeW$9PDiQ|KM7Xwy#^I8&WS@ZnTeJ=x`NiY8lPx8eV82}1 zX4w+tdEP$IJu@rFqBu*)EFPYb_k@Q!pu0RE-8s7w`wNvdJkavdVwQ^04ML->GUQy91M}Rqz~aH3vj9}~ zFoi}kU?AJa6g^!|VNS@TG@g zB!LFjAjucI+S=Nko#b}FiPjji&~qE8Py2#luVsxecT_0w-Z!4h0vcS5`5^aci$u-L z*V4&(G*i@O>a+9k1S5ZJz z*J46XvxS8|wQNGWI}O_bM4VfWJtU)2!c9}0@GQ#1IN(#Qy!hn7IW*--7Og|9sihe1 zgV$i_le@(+KMP;B`=-ud(TI9zg~Lf7*=9ASI962%LG+ABtv*+7sYcBfrn**Exld$9 zl{L4}ZzGImq`LfsE&M!8#2#(*@8f_3$HERnC;wN0+uipl6#EocwRP1~O5}Zbz;>)$ z#*4f3Ze~-B9uUiY3*b^PmwvG^gAR4G_?$w=;Uz@VgVUV2x3#QM?gS$?^IfA2NcFnQ z@pu;bx%9fCZnUR%nE-!flFEnJ54YNv>o$HaFRAZ%1%2n6u3BaSwX82cH?r`?S5L%_ zXRb=UXuIYpJP^yNWqoXef^qCK;m8!ZfQ_1XX*EPxKJx9dan)0mB8 zkZhJC;=N9!G`svN%n{r+G2Sn*2Ah}%Mg|Lvz~32PeYAlpk|0r9cFLEka-96dp~Z${ zYqP6-%_8c^kCKGg@0skuY(aiZ|ww(ccb)qi~bD>S6ujffw$l4r`XV zmr`MGqY*M%lb_axW)yi_BeqH^Ji6=aA!*`>}JcV6p)Q>?h# zegJnSn)&bgwz+RE^yB2BsFqF-hWiXvN)k68;)3G)Th=A|p_Ap38W?Z9fiucrPRtVQ zG3=!GYAss-e(6*nZI3{B9A8*331p9n8A1%~ zNkl!1Qv;BWER5U_0KMqp?A+~sp=EnMbA%ifXi!g6{NLVp?>YICy;+Q z9kZlQ!SOwjVs$Z#`)H ztctd9Qu23C50TgkpW0iCoBL_|mj97)+4&nOXMzT~!yB~$59S_%E4c4o`^BuMy~|^h zrrO9pKq`3MCn>W-uuS>hm-ippa^p{tat^nxtG>s{E zQq}wYf*g!J)*(&K#Kc|&qFc8jem1t}Mt!F(G!!HIzxn;&i)f^xazbB!4sMTG^bAg0h!9)N8ih1GJ#3y&py}n8 zB5Pdl$R67dbLNDx;54S8!Pk`V)GSWzNAlffOUf!{)BWapxC_h^l*|t*KTakL~ z;hNJpZ1t@*VWYc~wJLBcCp_Y?EkA)2ebD*^$5ZajsoZkT66P&$^@^B0A$OmB?jl~f ziM8UhZ!aPH#@($jHTGHRiAj08eeAn;c4dJU2Cxv$wL}K3FPd+50jyyl z8toS*TmGPcL_;Tgy!zp2Zah?1b?%DGjPY2IMZjj7q1&?SghFPv>UXLg6M4oLUBDM} z2w|(KZiLvumU+ibu4Xye*FnIgdB#12_$vg!7!t#BCUVq3~3mPQj~GrMPEB-3m7zS8}JE1ckOky@)tQ&NnZ^Kd<%JJswhK zlyiR`a)j=L$%R^a;G3V%h1l>#BeLAV)l+9ZLO$5{G}0pGPy)h+uZSA~ziIRO+-i-C z%5RVRg34*5ubJ(cCGtDBXSB~*@g!IGs?fxX)0x)Ojpz!2v{gi7`xy>XJ!h97Ad>Vb z;EJX?83&$pq^OR&+lVZ}5fNE&9T&|H1tVfZ)BqX%)n` zwIilZ*L+<)Ea*h$V%_&&)VaaGDQkqwCPjDGo;^REAL%)KUVA`6Cqq6xKHpkjI{h?# zdhK@||8Q}*=XpL%40-!M{(_-j(&oIv)b=`TIEpFbxGnJ38Nas+uN*JTD^3r&dMD*e>&M^ImPN*|IBUGGfZW#Yedc3!LwW5A#SP zyiF?BbMeEqqIu2Gk`~3|8ruZAUlgTIfct=rEp$GMf58tM^`p5658Y5V#-*-DcLA*_ z=fJ=qvSSY$A61~+9vlzD%)?Y=cGRzmOF)bYW*(lQ_wjdha?L)C&w!&_9#*RdP8Vt* zN1aV>#Ps>-Wa@zt1M`^qYEu79UeIK)ptZ%)Cs zer13= ze=ZDv>hMv4Lh3Bwd_UC(bPq(l#3C@i+I-%P<+5z!N2rdwiIMvXctTskY-f`p4jM_# zlYlDDd+WzdvT?*kp)xZ`?FslsG7(ujBrNTjGomA&0E4x4dyz5Dt;SijVF_kfTOa>0 zKdpWcox?ukK`p{I`IfPoM;6Cjar(BH5 z`DP2yr7|#KNpMh6otT1oVBKFW&T8bfa6mR{VqSq0cEsrgSDy$UxK6AJce9!heL$iK z++#2HX#hDIm>lo1B)c&kr-B@fmDuWDh054!4a!0_t(HXfb31D`*Czp@Ac|8GW1tP9 z4eum(w&+Af=kXWWIAtuSjyY~A$ow{y6lEB=Yv&64WO#ty3n!zm_KvcN2$ms}HQK*@ zaq-;TZCuy}=YIND<+ZtF;}&{*YajjFycSdc{^oi>NeokQj$^&SF|1VxS|reOBRj6i zc6+)$<}}75^ib|VAI(TGF@{Y!;n97zXww}LAgwB6r`sk-`Au?gwU$EF5a;L+=We?b zC0RVwq!7w%4>kEzMu(_!Aq*E^wR#`BMw^)6Gl0# z65$~%t+jp;VpCnb$-dQ}!F;J5?t{(#qyikWGcxEwtn~q%hs5^|T6jZ#z^4z@Z z7#abexfNuGc!%;_=p##y`<#AoHYP<_1}UnZ)l|KxQ3bZC@P6$ZNaV!oYuE$swY92| zNM~OPnlB+0h{b1$sh{7!LYtV5c1tMu!9-R3nC2u(ts}~u%2g-gn99~P3oJ%Q#8_w3 zti&OlUpYrWZmM{#2e!gfKWZ|6c?!UlSg<jrlQgyDxkzkW*eEb#Dx)4E9!hdX${S!U z9sn|1ri+^RDa2q=<(X3%ma_Rc@BigH;U5bA1uCO|X!XaN|JSfsRM(a%Q=ImOZx{-q zDnR9E@l2?L+TM!gMqtHT_IQ0yd>miFRGqvmEU+y}DnRx@w<#^x^=^54yf67e!?m+K z8VckX+Ef^V5<)iI2Sjl3aQSE8Z5-paY_8;9$881`;8N?8@D}Y{74~=&i6wrbwpY#K z9CJVtM9F0%+EsJCk<}!)t4&PtZSk>35#RLb&4aImnxn|Gijm+X6y1JYYd;|}qVJrc zm#>o5UJ6fW4SZ;oa>9GDUfu`uVZ9^L7eW{2Ed^+bf1kdh6s_FE%ss32Tx*wdz1cg- z?uB@#-LLQNhcB-CM=-o>uuqjTS8`n+(Sy?RNJ#a#woJ-IFfl@k5+#)M0q{A`-7`E2juxw!VPi<2kBNwX+ z+e6~rAxo8&%{UA|!tNkXs?5m{Kb=>M#}IKlI7C!8f3*XjS0-71sg}myTT-?xtyg_# zUxxdlf{ACU3o~LU>NxI}h^xgEG(etbGHRws5yRJl&*MUv_~!syV{!lwmB?)7=ZMwk z>d_m^jl~wVY&bM9K~dJcY_d|t7$9kZHqU^%+ZT?0r*iI5S09$P;utyf^RPxb@2L6# zp$^+(h9uqEDy%hjU{wf>UrIu_t*l2y<(&-4{Y{?dY_83WxZ-uEP~dw0>8C2UF>i@B zzCFG3;VCKnza8ZIUyynJr@~|1yadww-g>>^(KGmn+TnA%|3N3#EtU?K9sP@1isA+8 zjVzAo6>K-L>v!jx-|pPfPdCfO&t)jr|fznQp8s&I`%u_@Pmhl z9uGxoD!%sMnIX{r)$Ig1-MkZc}ik(M_UtcT=BcJNZn_g8_-p%^A(iqTpBV2DRbk z99DfeO97qYzf<49FkYih)s>&iL}#jn7n~|kWt{MIXQAQLF5wAq{Z(4EvqBJCL$++b zp#9>@TsvzDqJe@WXxYO!JZ@w%J(~puxrovzj4+PaWM0sr`&M~wOF1HMbaQjfs}L~= zxQerT5V8RP(a!GN-gO3`8mOC_T1gMd+S+Rw>#=r;+<>Y(Ul*V^y2ZI?%XB`Lflzh_U$d+^>~g-y zJh$_In(lDZEsOV9zUz+McycGeg~R5FAh39j;^E4J5@3niUTR#ThODtqy93t7avnM} z_yB$zA=j^h_f11G5Dq!cd69X}IVNjR&&?$?%g6})gT(LUbaF%Mc4q|n^ZJg~$a=kRRN5Si4Ep<5xe0q{1mZ3*=%_&kmh8VjEn zYPQMASB7DFr9V+w+xkTS=tEEAd;%6Q>S`nX1S9{DXWyyTQn)?Tm63NYVM{}u%p{g) zo4p@FhgPJoXT4RX9Z=re*}q$P zA`<`m!AMsZouH=Gq7l0!e`%1V(#O(fUQfE!Q#xPxt!zQE#w2HKK$hKZM+t|Amb=nM z%R`wP6`n@YQuuMPzdu{Y`<5G7v z^ZR4RatYMosc$Gz;XsW3X@w+&eGUs^G^rNvl_pIWh28kz;O?|{QNi+zji@J#Yh;?KjFNbmyJrb*4Az_h91;51@p}aj-!eXn%}RGF494Ld6AJtgGPJ~ zNwWyiSTM|61!cIDhNyFdGiAJ&b9e5C<+T9IThiQ>@>YF5=H7Jr_~w55jaoO(0GOTY zw1!=T(G6en5U%1!8D-SW( z&~kw2s?Fo$+e;#J`*RYW%BG9H+XLO7kPa>=`h&W>uE_Q|Ga>CEMN0NV`b~@inN9`R zFD`s5Dt*Ov&x!@-uVqa1)#0{EO&AIG42M}H|E89Pfz&(gze`6K?s-7vWlO^dvdWvIa4;+|hlM_CB&4Mk>DDjb`{T<{{onxmO-_6N&Pp(u zaBxjyQF+)+cMfxCUFEO556chQ&3&#f@Q`Z*g^5VN6F0Y{|Cq#%0f@}kwXi7uu$Yb= ztlxF}PW3ZiEp6{g@!u}{j;^}K`V?4G5R9DCdBD2rW1zM3H+oOH9+Zx{uS z6K1tGx4>Ibv?KWh>b2hb7O#GV=1BL{?AOO(OKtM-%j&u*^FRILjSK4fcW(!aqL{U@ zaUchz1J7*3L6q;bp-Yq0lf3Cv0$MYB`CQXS$ajx0xcAu+^7&`GB?el6UZRHmYA@%` z>JNtN0;Ubs{%OgTI+d>rFFi6n>VN8YyjA7l`7IB=#Xjs&oIzTg9-gQf9bEIrE*j}-2}vgATEL25{9_`*wYgM2Ow8_ElVZ13eniK6LhOq;FAkft1kTD z{ccVv$Wu6Dtt@%)md7PDIt2Fkq2t#($NA6S*8&6BI5p7};mZqhG-16V1x}&IM@;^&|4^9gT$4$LUN;Ip7eT zp|Y2)DJQuhJAhxc4EUvHE7pP%Gu1%vAjODD-`rxYncJ}73-Pu2)g3HE7_-mocS$Ot z`M8#Rgl|cg(=G0wxlITQAd5hTqKnOZHI#xD2JG~XUUpU>R?U19a!9J$q7+5(%?;bp zF%8Jrhtyx8uoJcEW*4>v!P;hTu*m&H0WpSYUX*4i(#h^qg4L8KSg4nj+sjlgM3zGL zJZRbTDY-Dwx?`Jx0;R2~^HV1xNN~uVl&Gku@4o%}Gyi?-a;Nm`y_8oT4Geczx`uzg z;5}Cy3(-$7t=sE=!ww2mE}q#xMb5}wa{lG-P5yzbnwzlbS*eUcVS+E;{ps&* z|3#+DShgDWregftr{%;o)xp%hWKPhVjfPYyS3bINS7@&s5WxA_5z9pT&DV)Tkb+x= z(kRp}fo(_*(Sc|`BrXH3A}Z6l0H9wlf_ld5Qar0NkZwj@VG->kNt#bT9NPyog!tD#*^D|l4++{Q{6M4!@$S>v zet|kZvtzH+r%-E7z7F^t9uV@2DceF6$N~!RQ(roWI!WH5V3TI%hM`i96>AjLcYxBKiQD zZ2~b8OXCDvmI^%?i{!?{h4Hv_RIK?qJGdljIfIzeHNY*m^T2w7u-kNfV(=s>=a+TD z$R0fQ)XeRoeG`q0J)5!h43hW>pjIU_a^dJbyju5o2=ZTqDcp* z8M>y;U9(y8v@d`L{uR=Z0Vh&uYh&#q2Z%%XqF5=?S6J1xblm5Z|eGU~RRs9^R zgvlvM61x@wc+9RQQf9HRPf6*T^D?vL(Z&DA-gibdwXJKrw_CSe5s;2Ys`L_iQ;~p_ zfFXq%kQN|7=pdl5w*u0YPC`>kfP^A7KnN&RNX@jSim`1WtK|I6zCIYG5QeeTzpmJ*Q{^rC03uVFVxY)hY# z(ppb zo;~5d;M;U|{>;q7k}tQ}fBl)q{lk|JR+85$XMt~xJn9Xl3oUPU%HGK064Fe_=#PG? z-!pM7Hv4F0V+kb8HuT|pP4Gx#qIa8yocT;R-8$+>%nNOzZRP@F#}y$?KhBV^L33$cWuy8Rd~H4B z_YvXJ@80L#KN;i2t9yFJXuOjGq*qB`o@;U`he7`eB84$=|B-+9Z}RUhw0YH^;9`DX z-1_~;8Bv~}EOtG2aVj4tGwC8o?mGW|S8j(`w@gzjMarT_U9`D63H|uMv(T|xG`emf z9+o^8Zzv67$piaeYKJBy_zEXH3PmwH7F~l+?IqtP2yR6xB32En0Z<%9o5J&19Gf_5 z)TWRktCFuWgba3j7!N$uJ1HsA)7C|14!90%eo|-g6cXxC;^#1}b!ReXvAE1(r;ki_ z98-ASIG_#1Ui~>{T)P-U)H7_&iBEY{Ska~JJ1M2MMo?QbQtQ7!pAS+^?7aHbgchHHAL6^itLFh_oV-nUQ^K?w0J@K5*w)@us!dfWek;Aff#}!DxObB zv=?$onpju$zfmJ^-&=h6R>9)80~=h)ZLh$6#l-3d88VGm%a^>1YQzZv*Om)D=UNo$ z7xUaN;sjM1AWVlPu{})bF)N}j{)V-MpnGf|Qk*`>o((XDKDfdriKy6cv1+96?&+mFbEsQM!mwsH85FR0ZuDHZ#f2|f zQEimdKB{*!MonLtbIG~*wqaOMdnsk6Q&!&hBH!3<+CZxoQ+YUiAW) zsITxf0U*KW7T83e@=HRBuj&Pku%DZE!uMitAQ9FJ82nX_8O@3}2?O(1ccZA=Soai{>{$0^3Ql zss%K?Cp;#0*kH>+^plRSm0Uv^#ch{~Jd;W5acNVyVXdS9ZT!cC!MYriv`@22wNDNd zwr+&(?nLT0hkxGSS~@NFd|qVMB#T&ewj=RQIs?9i?=_-T)bmk~O}phPdUh*4O{O5L zEHw#?o@ZqL!q7)@47Y-*t9WvTInhdwa;z6^r~>%LRkI zrQ)fvg&3?Bzke(tue?0*Azp_nd==X%H^E=Qgk_5Sy$Drr^*SYEvkX(7+}S$Iz&qzq znbffatn@gmjGA^J?6XFrn?wgp5Qd!div&D8P178 zQs=d&L7NgA0@b6(qe!sW!e%tEGa_moC(PyPj?QclDvF2^()1Yl&7!*q_4PUAnb+wc z?VEgCR|zeRPCRsECyviC9N$GTk{}9ZtX(7$)2`ChMyqy5uwTkLTz_u))=@t;^hnC@ zb!J^w_QQb3uYeFYJnbd}ShlJ+Ap77rT}56vN`wQ6HTy#n&HBMgUjeE?gBSv@3z2HV zqlp zh!;s3-n8qhevNv)utsEQZ3RIrEpBBTNIhSf`(9hFVURauZ3YtCG_$OkOw?6394>y8 z<1FQ2!CWF2q2_c@RUszJt;|K%7Aa2J)m9Uf_rF@3UAAp!-Lo0DZ&v56l`8{NEbfr- zlhkSjturezD394;a`P;R0%ScZG6OZ1p*33*)_(P}6gjBckH$#}c#5ZNO<5B|d(6q< z01&iShSf&if`E!DN{bQcL&QHDH{%`0(GJxEvppx0?Q7e8MZFs2=H*C#sC2w&bdg*3 z*>LcOO5Z$?y<@0DmKieiiP6b*tNx=@gX-cHv*>_Kg?&4ak0B$y*e<~tk6B<~P(*P7 zq7g|dffaPMAJI9ZIN~<4ibTi_C7t0uS&Nh z{UzLGf}~hn=e1y#5Hxinc~E=Ekf)M8vSk~`&+BCCB06SN-usBWVVjw12iCEN+Q)B07Jt=i5#Bo<-#gHX#N=B6l8hl=ciPtebfj=Gdar{sMJK%r>EXcTLGD@PK-A>*J=@G%8SHk0LvCfhBqKL>8zcK=YfEp8GN<|Mk8g@@$ zH%*jwAv_W7NTf%Ua|8xo6lE)fypu(q#Awbm$Vhne((Zx;Ev^lxkJFPd7r6)$=f)+4 zaf4Yx8GkkqkcJY8Z1l z5PZ9l2xGg8SsP@riv^RK>3|K9cRFrj+u%kQtBefRX>bxMDsUMDd%ReR~)Q{Nf& ztl$1>>wjDMKbdp%$Irh0sl^E{{Oj_09%lpA@ze!}C2xfnf_oL}(7+iIyMhk>wdIv3 zf3!|KWM0|_79M*bsv2kWXluM$raY2`$w^f5>;D(*(hf}LbL5*0XC|zYp_x+xgTlUKs%O+ zBuJ!^L+4*S+&7sC_RbULszURCK_PF~N%TzZMWxoU!HPXl0JbJKC91S_Fs0H&9Qf_9 ze4#B^{@0$nEU8i%?b=mq5alGSnP6xI?xoM6P?YRLdww~a3%UaDm)oU7uebXxY=$52 zltl(y?fq=KncHO1frp^53?*(nDXnJ`TWU@A^2}r;sca!7sc{sR5wD_VA!|bB=2Yy! z?CtB7Bx(t$A#T}8#n(hMicbVbiy_xW`?-PHwTD_ENJ?!BsxBug0D0$i(2I)Axe}<0 zk>Ae2uYfWRg?4AKK8Ek=LQFt8sN!Z<2D!%cHgW2rN4mcfTXXE?(1{|WA7_O6<-P?x zEklanPo~WGIIwfdd`m7eh{?7dWra=HE1?_TU+nltVz=18Bp2@h0z`kDS*maJBMoW; zpk~BQU<{dAtVVnu0I~1mu9#e|vv<{152Pe*oQyF%c^p zclyL@_2u^NyU#a7I#qUuPQ50N3J^cfT5$0}_DgaCeHTMqgucFmtN|?86f`NErCn@R zTsUhO16!Rn@QIi{#Zo)Ku41f8#{L*SSL#8m*KDU zu+x-VB%&+cqzzy!x8^HkS+g!M%qef99=KF?FO&QreRZNHxvg<6orSB)Wj`L5>$!>F;F8Y20ah&a*K6?sPIeS$ty`(Fx1yK)et8biQyR_ur@@3IA zHc}2!z)AC~Hf)1uV*5m_QVqe4o1!2-l<^VQx0iC3zOC4*mBR8LX9Uds2h?KBgpICX z-E$X)oV=x0`6V1;IcCx!hAP+=1)jDy8;7Qtgnce4G1*FIeG^pe)WZ8W{(|L#@VUIf z5zS->@}*(~l|@?;iXgHlJq%w6-MaP3yu5!CIxuWsx270&l&eBbHY(plty8T=L`@Y1 z0JT9&7JXLrQLj;5c3lS;h;71Nk(|YV#+UJRsH6v7foosMo3&))w=@j zxF2VjtvKKJq?TT8C|fhY`@6W$n&m3k+3?(u1 zigz`+9WObA9aK%e?Zq^QQTC47n#)ydPi z`%4P#l+ELt?|RN*Y~G^8Qpv2`BtC1x4-;3Sh^F`ss;A+Z2Ce3-PTeI~$A{$&s6Ev^ zwgeyQcnOS|5t+}45>jP0AdPO7#(p3HZwVks|;5V=Y_qXG(-@I|nQ0l0Z5dg) z8ElxSRgSOW7~nlYf9{9ZR9)Pq_1_63Ym<>FUiOV_#TSx`}4Bv74Um_gI^Af_l|@(T(zzk%BMY&$Qib z7rC34sFQWYy`5aIx|-0nnml5anN1lh4{is@Sw>e6qQ#;DJnGzCP*HOVbwZfTD178} z!;?w!^}r)lWz0|^F7_dRGAWSqollIYu!3F6EH!W&sjNf*l)T!&T+l%oq1+)h>~CkJ zUp8oL=Z;i!Mclnb2Im{jR}SFh2sNl2eSN(WXsKVH$j}IiqWJLBx2Oali=GqR5GXLa zF?+*04_%qqwIVX~tx!F)JVR~<-G-Wyd+f;!@3Q-5HGCVnxwMPT z|AdnSVM{h9$8e0)dmPDk))K-pSZy%K%+$@$OV!!D$9+WdtP1quE@>!rF(Ar=YRRA= z_#qyP!=iHP)mo|YurM&RwNIecOYA#GUIw6GaR_hb<4C>y4%r1T->RGHgq8X5m8Xc- zIJ0ocI2RCn59cc$0)#fqnLrZB8PaB8JNzY9tkSB%83r>(h-K(%%UnZ(ZK zSdPG7R9{R?CA;a-A!ipSqDki!9R%^O!3CnZYx#yzc(Eciu0C+y9TOkwH<4xFVCdk> z(6@O-1)}kL{CE`Y_Lpe9NvQ*X&Hq=^9{OM!(SXWgKt=fBgd8uHPFj}ICLnSnmRgnt zC=s0Kv>8oNZ@%gJewUmjHQM4JZ}CvH+^Z1h5`l|i_=vpP*o0`T<8@3h76VFs4Z|6b zQ93^vZ@1{;Ts{4|RDn&tanXTG?`sS^0lCGLtUO|SlAf2|Sa1(0pNF+)1IgP6>{33? zFc|kF{QU!}Buoc&Z^BUHv$5)f-SWe#P?b-CK)9gnY$$oTy-Uz zHTm%P296+%n`T<%7y~4XY3IYEa7gSbCNct#!Foow(SN!0Oi&F=R%1g#DjyX@9kBb2jM}UC?EE=Pd8nFLN_$ z{ffT?d0CLj9xTDz>mP#t3_<-@Z}ZQU?BUb814NsE5c4Vj00UaaugBJyuL{d$4*iw+ z!qiiv#c1nvWPgkx_S|p(mD~N7udz~KsaDM+@|*jlp3n90U`qh#kM`$x65l3zh-I%(Rx5Zv31PeQkGzo9sh%%w4lI+StS_V6c-aK z12vc+xhTpRQdT?m6Te9x-|M)dB%@|HQtav;ceG)hi^^7X)X%-`JP~8Z`MgrzBm?i9 zA!$*U5|xV@ve8>6l>L@2_8^BGX(gF&GSiWfQK|Em)2Px_l{2BuIX~`G%ZrSFeu38; zmMbIll85lshYept=DcW?`u%>Z%Or%%vA(Ldl2KYUjDyQWq#aB03!I#V)x0<<{vLAJ zsBf@BCyo3#6WilQ)`yQ}x%f~uK6jaf%Peg|;9iTYHZXO9uw?*txIH*Li{roD*Z;5- z|E8tLWe5sR_Ss9UyT=~YM)s7?G$Z;x8HBj`UZI&A-&E~_=oX5%M2l>d>czZyxrp}> zyE%Z9!PO=NuoirLAxgx^=gpsqyA@v%4qYH_rIM@4vRtaW8bjr|Ps7J3YbS)H!UJxE z1wq{{vijD?3S%ILWQ^fSOTGFet(aw2KBb6HS1D7)b^E&B8Vrs>;2;Daz35AAobNwo z!sAWy)!ZNBV9v?sS4lSDf_qLml-ttJ`kh&U_5~Pu2$qpF-z*)$>mA6TBhRd#-94g8 zt%#)l)_3&hrZ7)ir%kD`=tRsux;g!^>&{|1Y$)^EjBDt3L1%e?&H{>}sN7M)#;aS4 zdRLn}hwe~L7JK5??)S!7d{QVCY*SVgopz~mvA0tT3bg0y>^|ViX(JPm7QSL}vxvFg zA7?s^onra0Rb2*UTV4!}Lp1WU+UeJu@M_K2z%7*uEWx}45hC@lpY+}r z{wX!+0QoGZLYSkZi?v*~_nmm+j)KJGpa-<>BkxW znoHP>l1_{EB5Dx_C&39(y+&90kg!@fAy4qyt>3)`!j1c~i5lBk=1)ME3@n9JT*Sl! zbF3AQnXLG#Av|g8 zgLqgH64M&HDYQ=DOXw6$C=!QeNb$!*=w^<6)~ApY9v}R9J|Bk6xT-g|!uJ zm5=ikYReW&jsU7;rfyb>cY8~@drTz~ zzNHFU53K>)JZE|=p6&}Wb14?dJ?J`g_d5zj2QdU-qfJmmpYhiyK)!5%?0Y>afpPr1 z+muI}Qy(pg>$E4{?{^dsh@w+|{IS~T!%j4+E{g0pX%c91bp(&{Re9Tfy*QeSw|_97 zub1YgauH+{wcC@ogE3pgn(FZu{l%jG4|D7PWpm2_MH}aEF*|l?ri>(9rL&cY9aP)L zyoa%h8I4WCP|t)IkuDQv3k4VF!5BMsO-I@G8w~Q$hzx78d(f8=l4?AI4iJ6ELi`)RK6;~$E zS?(*qIK3~C)lY;9`^lOZsQp?d_z7La1aV|_yeqvtt1e? zwpbuzD;g119zjNuu{hCEWMospTJ`>Kv&kny8EpaT8(kot8mtS}&8n0SIZ4aO(k%~m z#-uePspB#@A*`)fH&7L#;*XbgJ!$l4yPLBratkCH`_0wZim}WzJLxTDLW`<``^{{4 z5+C8cjKl-t!v_$HweMPDs8Qax4roGHv52&&JwFL5`>8zZ2*{_;N;D!3c%|d&)3D?w zSTt6MAU_CTmUD2o#Cfcn09heWUmPYa8DKrEkVdach8;Ro(spF~*bDA^Ev>*Fb+)`Z zCnC{a{isN;-%yPw;}bp9ZzG2PHm1-sJ8awmU}b0CITEgxg2#XFW#0p0(RP&1dEeRn zUGCd+R=H4!olY zlOjPiy2~|%mck-cVBH}8f<&O1V2qz4=#jo!`CvrmT}kAIr^&tHQ($Uq3@?5Ox4QWNH(BkFfhQCg4G=R#{NeDY^_7P8gLQ7Y<_<|%r#@bm zL2cCl+>2RccF@x=*}02b6chAFVSnHP6##>^VKUk}@s1oAe7Y})f&XO?k-!h;{DOP8 zwkP0CNRet(tOiL=OA7)5`0=&X;`kHzFm(nHCU!5aCrOyK%AQ}D5M`g~f%@YI-KMz5 zcaw%{kHf4gzE&$>J9$|I=Xunh;wAc10F;Y1%~&pm7R)u*CpOCmSHhE%${r7GnRhR^ zY0FR6!Q{XOzH5vyXB<&{Z&!9#`O0BIdhQ+E7%8oHGUF~0jVY}!C;>6#4iCQarzc0N z-*>5@eR5q-(?4r^U6yXOh1#8f=ReL>33%wqj}g-Ky{j-834)i2hrYpRrJBPd-sUBg zTo4mz7|n0hP+ui=AW!Gf=d-QKGkU==Oex71hVrWuax;sdry}_|aP>JfxgMY=(LnIp z%r@XL?c1>8NO0x8GlxMwbSmm@9Y~S?nrSo<$6&k0Gz(#oi!dz;udRbeJ<|s^zw>R$ z@T1Aj>bfnxHUG2tpRe8Y$!w%>dixoq)gvzS()8*xE-rhr6o5r+SQbL<e9=15<`XrZITq=9vLywaZQ8h9_G<0+v_a z86(DwO0Q%#py6Gx_&*Z5NpuK+tC^r*@i^%;tDT1N$7e5dHK;gM9!KA=WaKsZ1eWr|7(r^UETRR!~vg@Q7h|VV&)V?(ebC#)TLlh-TIi1>#FWSNa9!9 zk)^RJyNk%*pZvSF|BVxudOubtkxG#)jaT{|1ZW&kW7CbfRmyUL*u$`Eu9dY|XX6y< zi3*21ygqzdr&t=l7Z2O9hKm}Io-!XKWpNl6k1C9$*JmN4=2|!U1fdQ^xFxRxKq$;n z3c;l63t<*K7VzLw9T1M=gwMH}s8*wz(5O_A1-f~#RlU%@n~sG1G@cM(0b!>oy7xod zDe?x^66SgBQ@IUAbu&5bDZRdS0&h|tc`zm1%%O1vBsBX9%@hbUNwDAl?!7(Y;olVZ z3_4I7@)p!H{KcJ@08Fd%LX`$N94`^RrXP4w<;-(ykN`Gej%Xjt(t!Nq{OOYe8v2^Y zwDI(F^xbZB%}X5B&nZVFM?t)wWvqLwAR(=E5mDL}#eV_2o)fWbw_9iGZ%r5ylfsQJ zy6Y*tq#=~KyM6x{H1>5eoWV@i% zGl<6QDHL0Dq*gm@45Hf#GmsJ!IYLM~HWt^^2mg)1{!`O`Fv|TqM!BDOvY>u9dyZew z6rb6}T#nccMt?Hg)4qkTdcVW^(sv=9LXl1OthFivySt1fVX2--mLX*5=B?xlIEILd zn#~#2+{9OryII#JJ91quusgW>EngKz_FMcHJIwSbwL2$A=p%o8!=fjcM6N=2x$({9 z`MbMQ$2DB~uMVz+qZ7;xZ=!VN9!5OC12MZ%r*IA|6}Pr#nf$!x5&_MNV}CO%kYFk4`AYfJ6iUKd;7 z{xJ~s4vZg~N1G1m9UwSi$~jCJe?5LN9~@R!D2usBpz{1xIrTjHSFRKf1+G37?&jo7 zvnM=yHtA=DP(hkwe(5Gvd)Lkli4in2hPOgA-)E^*ZK=4yT2cxXW(PT;qL-?)ub_sC zmYy`{o|#zdQ}c@VpE0j=TI;1z{TYfCgKb|9lBHx#c9U-%w?j-;V(~rM#j*48yEM+e zGI9r<6&Y130#9xrYZCn>9od`uYCm;_uB0TGnpDWBqvSs*rcT zrTzNa@!NN3niL2BIe35`(K+eXr-9Y0OK^u9_QOEo7)#Nry-=m9gM6Mt?)0k&N5|tQ z{nUwu>-roi=7Jo9lg`doialOD1t=InYKQXtfQ_ZVy3rF2sqC+tuJEUY-Fl}RdYioR zR7KOC2gi0$ltMc7pIt4JnD5EW_wh$MpAU<3S3R9A&yub~$Lgi&&6YvtY@hcYq;J<$N{O9f z9`v$j9ksD?9u#@aa$iQjCwvwep>c*m2(o%*c1=Ks1kJk)MUd``OWCi)e~)RnoLhnb ze|^GAGl1=v7p}oGZc#Yj;PVSPzNBa@OAr{iFYD43JV{Dd#LQn&&ZxrEk|~8( z6)GB>;yeMz`6}V1CLM~=ctKE$i&eG7)AsPLy-NJP^Q1hA?pHX3ZS)qnwGxWWsWrcL zZd$Ahn9x<@b6_$V`KIF9+md6TMt`cBy~{lr+YLLfA?J_oaku zqGg;``&~h=md(i+xNL%*#) z8IxuQU%W}z_;F?~qiRoPZ5e$zN#`gyTU9^!NHL`TrjpO^rz@w)CuY)tcfHqtocSD5 zs>IVC5@sI#-Mal`WlHFt4uie{n_V=zZ({abtf_L}8s2lvCBl5u=JJO>|K9&xz8Ha? zUA_BZ+C%bocl6tr-@(U0g~$24)o!b)zi8n1L%? zZaX%A+?NZyzx`{Ii}7g0cZv3_8mx7IpU8zTx~KfaXzGDcpR++P0}%C!Jbl0e*i%V> zGae~_Gwscn1G+Ek=U+*7n}WIeCZsFahPqt6k@XH#*r%IvbC8=6Q%_n8Q@~M01oU)3 z8Jaf>1j?fz6v@$*V4-b*;WP!FxiknMR?(IjvgkDsW&|sx=>y(YG^bt+$0riCQkK9c z!+;T6G=+b68B)BhPw+e7&MeXKW0(_kUjs0LE94au0OVr=gv3ICK3+Y2=@F^-^I!VE znXfgH&&|3^Bx!#`x{g;`XVpFS$#|1;18Bd?Q%bLACN#&~Dc`rb@X-C5>Bd-D(WGI* zL|x3v@kz`9HspMIDw6K2Vu#b+Ug62 zHch&Q(m#HTs4jtKqV%kh^$W!Off9n}gycPvBeQ2EuX^{9ba}{Y*DSM%(RK{p2`7ZY72>q^pG`iu@ZMEE*_w(V z@TWF0XuoNbZWM)*o)N_Q5cQQy+@sO)=0cnpgAg2#!B0xie_qR(O@Tdgn|(5Fzvg#F@J4lGbQy{`!qxfOGa?Pix)S+fs2!NoE}l4 zX*rnh`Q9KNXUsy{z4}SP>5{dflXrIfA!5j=ZBmd7ngpja!g4VqO!BbXkyT~!xbJT{B2Qu>W%xD^X8<+Vt zeH!#(2AK)pL_a44W_<;!Do5`zvCt2K+`5pCmmIgf4)JLP7o#>I-kkW(O@WU}#9#Zr z6?Q1(a>}jqCBRe$-mFYS5m{=qFTvIgmD~~ftbTpJ*vQ2uV4Ze!JFnS@DBklRLOi{K z2WbuYBmhi?buwE%aFfR()sX`0?q->1fdEwH2Du|B(f6LW*Eejh=JBsA9uOKd-i7RSF)QZX zriTB%HhfR61nY&q^X5;R%};xB44#_7KDi2AfpV-fE=DlL%prUXhjrQr6%4&YiFEVr zM@QCq*{1un_Vn~JF>zM{0G&)seWHxS4VFQ6swl^laXa*2i9sFAHyV@CNerjaXzn#u zh(wUUQ(cM2@w$FS;x?358ce?z?|pZhX-~#vWEGJo%2OzVeL$KCKe~1?Z4pP>fqJ!e zD5@Fw@SyZa$05#7$_$=whNOxcC1W1V$3&3niqXRJ;j)534=oynl#jhHnsYX7)6 zK~q&hJ7Bcd%FKqBMft>R?8y7Mzv44DSdfqJa{#Q8k$i8aMvbA!@C2kQibX8P1(TN6 zI5o=hs4S>D%U<)krRW+05ikezX~|SoUH;cC_&+ZEf6U+XXJ6>2fT!j|n^9w7W&_VS zV_VutuP<>4Yo`kcZIUI?v<#oh9!B7NChz@g1<3BJZ{{j`PaRgzssU&l9j=pzc6#02 zF#@L)s+w{yuguH)FshIkj}wg?Et3eY7e;=cKQ=kRJUg=u`FLUOTAiKUGh#>e(lScA zbU0lLM!#&?K&!{D_rhdksts)^^6k{L=IA~X>(e$TImkDfUfIXjk7J)Y(6Q^+5KMVML6lA5CD zJ@;n)BfLYOJ#BwnbCO+*^<77O6>oQqvtWvvwGGy(*-4)Xa-jTAOVXds)Bm){`|Nw2 zMO50-A}!ZBk9esP_-<`(E_gaLbqm^^d755S6;>+^7kl{H*GWCqbwFSIX=4jRgZ*=o z^h?s$bKn7bR8E42y)U>SRZ~sGu3b=K*3yOJP@laW5nYpoNOXN|GtnEv&mq$ih$`@@ z*i#!sjJ;;AF}dw0ctxoVA@9D47Fotc%VXCS5>1S!Oioa#t@FZt-YsfZ7~Ylehl^RR~~?srPoY*?p``^1dhY(qKCDZ zl+(Q>#J9D`VuenDI}?rE?ZDe%SM-ic9UAzrogaNh^pdrSwcMRq82E?%^B4BdnV)cY zUCD$($%H>@h~`y@c8W%dCM2{2Z^D#kIaolt{Ollc8-^b0*v;{koJD5z0+10IWM*b> zZDlA)8mSq<*}w?+TGR>#SMSK4wvd*##E1npQ_JYg&INpuq_r%Cg2!ud!Wf{apG#^A z14pdZp9zE7=$c*P4@=2Xbp*rlMsocze)JeS9-{{CYqN1XlLQ&;pu{MJszeDu;mei! z)F`)>7|dvJ6cGUEj&^oZbDlHYvcR=l7}te}8Q8EO`OfY9!Xe%$J>;H*3hgLrcY^yf$5EJWwPy??JLeE@lw&vg2ceNs5(yW%otg zEX4b%U@cdCb^&}~cSH(R6?|^8?Rf>^={&O>gbBn#4V|qnCo*-iY6GH!YP*|)R^v0J zAUzhl_FZ zBQMW;NxS<_xYPjW!$l16v7^*6bys>Uh~UeHbrzZtnnN^jz(X@bhbDnD!>gWriyU+# zqC<7Mk1OySzyK!K4q%zYF(7aCwn(J#g;M35+JgA1FClI8wb{k`U2}I-k29Otcsg4S zG7aw$iKjs+@(e7amVuodgGm6;wWfw3`JW$UZ8u?kPH&5!hFCsY%~V;yW=xGIHv@Je z#MfetoUqC4`EqyIakI@ONn;g0xKKZyd%l5kXrV2~m7(fOdn(D_U_fYpkZrmWBlH8S z7l|yp-d0*)m{r2e9XHW%!ml`O{b{7Y{%-f`up~r|ipZ=Zhqg1bOqLc!$*lJSz1rVAHB*H(NMo5;+GXGv z=cPQJQv5M=C$ec)sXS-d%+?F+FVWQsVobgEf+Hw5U1ro)F|E zM?w1gPVxR(ZPSSX)jZsaPXG#4*+ z82OkFzvT4EVTqv31s;lWg+SXn3$T*b_=62)p@j}U6uM>xU9)0_i{+QlsmYN}KjIT3 zn^+<1UIUoFQ~_B+a@KNnRMUMr_r_iFtRYz{PYxQk!K4~PR@Can+1^aH3x?Ptqidz6 z%|htRqBV03zp4B@q|~A>7t9UpN9iiD%qbopBfi^1y zAp-;OIOA+>?b^cVvl7-OPI03X7~QVwiRWg6uF0SCD#a{wx92}5qcV0io!1TQV{BTm z($RH-6N(oRZw&TRbKQ;T%e3NC3m>J4K(di98V0KO70p5QF3M!^HMF)GEQ@yt(IAY( zX9dDUQtx8bP%h?UP1~6@Ri6Z@zUf=2Hb~CY2a#Q5 z3Xl>IFY1IZ1VKt!$NkCigv1u&F;NVFMjGRl!NhqIJ?27P++%^c%b<%G%SI%lPWWPE zBm=v#kd|edGSlt(pFS`AsiOH;k?Z4nBTaMX)%SMVJ_O{TFB~oqg92ynp3IK?cF0hi z`Fmb6R~r-a(apQ3)eW1w7?RTU{U*S!Tc1^TuA`n2;d^%XttJIZF1xWDCjaRb2Zt{n7E7RhbwvTjXvzEr9xhiw)B^+EKp+Fb}ogqr{vgH#c2a^dS zn>MlCBVu)Md6?|?=bp?VimxKS?csNR4cw&AXQ+EbfFi!#BeD)IH$h|u$c{38Z`aac>V;u;vgaL-ed>#1{ z;rko>4SvUiVV#eGVNJ!{nujkR%%_0r^%r9_2;Yu-AHd+oT2Cc63fL^{?UxEGN3ISg zx;oBK&QGP2f%pIBVExMl0gAij)z11u?T0Sy&DE$#n1qDTJi)~1qG(qD%$|JMc7QtW zjM8U7BAkX+*c=N1%nKbpV#FhfrP^s*Xe7w4Bxv9;HD=PdybI6vohL-m~P#Epv^ zACg479*2HTaf_r{NnCIX<*(o#)f6Do8e&$lw@mm=1iSs5$4^<>sn+|r$6U{<^?XZ~ z`%r$%TqfS~8%9=9j>yQJ6&%mzE7aHNsOQHBz5GYRkNh-3oHr3Rn1|Qu+Mv?mz1Q!3 zi&6bO(LKBUi8X_CGMabrfZhMBMw~mxp1b$cwenQw<0REcjQf^`+oz6BsGD-<_aA3k z(v}M{BfS&Z6ke-XXMMqe?!9O!+fLvAX4LehK+el}F3WGG*ia07GF{L+FioaRZ-&OH z{~@IQUVaGNfH#W!_{W+3+v{<^dS=hUa~J|MJ57O#k+1uIocX#`u;!=EI&7`CwQ<5m zt<(tb(rQi9{Ew(Nf41eS4b+oXoV@&McW&hmKhCfOXRT=z>6BOmI()p2C*K}I2cA$j zd48(?uMg$F3@PLN>_xS=?k=VCyQ6Ki)yAKHefzI3SDCl z0@E*h<>4QxZV@!|ga%39vf$C5DlQG#XXVf;FTxWi-y6<$3kn>^NdZLMQH(jf>jhV#+v6|z@pqYxI8T_S=D-QG6g&= zU!2TYXPVzHGEAPgY7p5Ue>v>BK9u642<>v=Z1L;TqkU625_C)0{nSvYdvTDVUGEmJ z5nLqKZtNL>!9>J$NF`q=8?=zgTYSozQFbr2Jm@hgqid|&1i?aur6*hA7Q5&$s2dmt zmq6qoBO{xU!il%Ee6Mj5o0cfX+f^0Z&3EF$5W5A$m zoybhxf@KPOc3NCY`XXjJ_{~IrA&m^%C^do9#h1rIB>gsOMF=Okz18aOr69~3MoqhIw)tNHae&SFTymYB z60|%Y{o9__Bon<8eR%Kz{H>+zr;Yu8+u*Ms+j2b@)}w_jp11_i76E=9w^xH57bddE zsoK3s*(P7_rAP$3rE5#4INkc|_xby3t-?90RktQ?LNoF|6j^dxP@g^?Q!%(B9#r-) zo$~6U@?3EsRY9jBJ5g$!GyrLFe-xA+M*12zR%;PI;dQG9)lQ>p>Tfyx?sSWDPuP=DdTTFw{9WK*|EqcI2IylU)g2~|Yb$NF;7ks@;5$a{A zoR(ADK4f#>F}>oF=)h-W>F6DnHP*OaLc*}1Vn!a3qrKtN61nn;3)_jWHGUaAi9X>d zwf8xJgOV<$t^WJ_LIYeaI>u+W%5Bf9u zoM}9Y=u?H=YKtNHSj>+zCHNRG4!ydjpJ~3x&3;vA53LKvZi2Rzs6C?2{n!0+|7nN+ zub>652}rGit_3^Jr*zD8mG_QHFyt8Rhf>TIvL1D+C3atAs06;_Kr+-FLv7?LHC6c; zJi0%3Mx-?dWRwF8=D8CuyjuIYyECZ4m!RF~DG#H+gOy9IU334y=E5NqBNAy`Dk63` zAPaQndrAF2?7atATgjF+>TY*CU>lnT44B|+lT5bAnYK+ZNf?9>nFfIXfyjsq-8PsE zwuutSCJ2xS2ALp4XcJ8k7=%bdU~&|goatYE@0x>)5-_p7g}$-5u|7#d%r(7<^ZGQ2BEW)kDoV3Ox+*p2 zG!HX(4Ac~6V8@ozi37c>{$SS935@t6G=;NCQ(Mk{gve=KdOAVh_vWDsS6$+xx*ykXudfBVM zH(?T0DE7Z=<$qD&pdWT=H{_zfe1eoJ#Uwx%3tJqnu2Wai1dvMj6eO5G%cI<p&y&`FE0 zk-_~`?nLo*vY2@F+XZo~Er)WP=v*|X0alt|!VQ)DbfDJp89uT{^|eu)uioL1Gy=T| z?YO(Mn&jCLS6nh`4V;Qo@I-o$J<8<7Ck=7NlmsZ#+SUV1&~X}xh4R!@5kcK-77;E< z@_UfkK~l)@yy?zA5%PM#03e2%2j3`+R17^QPd2oPW}AciIYrH$trInxp44+82}i*L zc_Ev)OAnK}m0q9ENqNa2I%Ve6{imC;sMd#HcKFYFc-u+EX#V#{dpiuuZnSU8(fPdZ zvv$IOB!bVcMQzIf9r1m%-HgJ@{_mXKc2o7mIrU;j(lO_oDsKVuJy|US2}IpbY*b{(cW%Oy>4q(@?>r)r}ojh`$J4>@D6Cv zN_gWug*B=-y>z@awi8*kIGttb9AsSISL+OG0@=0b7BVcj;mH6SatG z2&k$3qSw;GOUI^En)>0*zHpB9JWc+PFkE23hJ;)FLbLpkh7pHa^J&*ic=zt(yYMOAlX%MwCC|jXe|*gU zxqV~xk`BiOZ{*{(5QPjbfGXEf(Q=Tl_!~vTrpHHxD%x7}x>_k|t{}@>=pP1T-)DJz z>f|9?`Z^a-%hI>$JjiaOk#IcEU0;ahZY0te^1=P=zZCE_8LJndRCj-XE-+Bsd zIt3V6&`w9(B%Ez3!TAgFID$uf24d79PK549F@^YuU}=Ht?Hw`zO6hYvU5(9I#;2w% zN*!O4-SzD84{{&Yd)UjyCqJjN7&GCqX=J-cg7VtZj~bBiT&dJ*mN|iB1xKXc*}=#* zvFR<$zij=t3sv*gb$A6OubtZx6rT#)VpQw`L!fEXoPhr1(LCz}@7xd22myfAT)Vkcl-&xkYcO``rY5_}@@ z45VT<;wuwOtP@>hu%lI!Zmpuyg={+-%j2X+px5LXjQ`MbwsuXO*EdREE;5#djeg@0 zv-qs4lgQ!OFB=s__sreV(j{q5@eR%#vem5!qO-raeJ%GrMkHc=y!Hp^yQ!9tfMDGX zj0Y)%ZF+!`hRb!p`XW6R_F?yh@5=e05`ylRU`jLFI7dUxKMm&1Y!t&wI$f$bpjGlX z%pzb8q_{W7xr%oPf0Y~luiVc6>aG6)UQhOY`5GvaCXOo0cE;e7k?iK3yw4@L2P8YU zl2zO~FliE5$geQ83(|yb_iRN_N82{(PVL@G!0gERYSpofPE4KxFhE8taIrKgFd;F{ zV==!pHs8|<4{ucQSL_XsoctD7D9rbPG%@T>BK4A;cVCvu@HzOPf>+w4WJpOqduG*S z7J#)S0lA>KUuxSCUOhz19~P6`f7GN@w&rz@Q=i@RWjA*%P<0tN6I2AWEpY#=asTx8 z3~C)ces5!cetR&ytYyUGMnFe0j%GAm zvbW}%bE2lv37iW#k^AiebHB>*?kRgk#5<#tpewK2G>RMSnhQ4ccdf{Ir~ICqpCD>J zL&M$sr_cYba}eJNysVr1uCX#VEd19MRh{D-r6&{N>+(jI&+&eq44qTB7F4rIA=qns zriwTT*Hmjeb}c&DA1z?$aF`quM$QdemIdYWgH&t&sg=`YW%ccQ=1Z=(2c-Y39+ciC zi=()wMk3o#!=dKsN=irR;PM8=$iK}+5fO}QtY;-_{pxn6s?!kUJPljAn0z~;NYP@*N|{E=d<_sf(p zBDkw)2Vqw)VhpOEZ}W0pz9^y4E~Y>RF8sA5Hd_oMoKkCrLghQ>3Sj{;6|jd{M9(1k z@_+~M&N}4yu0@8+3@knT?e0lX8BxVq$cpVirUCxE@{ZmjT%z}B+H4Y?8kLRv*l4Y- z%8_~iv}}kvewmj&w38uw_LyddPsfg9(S+IX`Svbx29%Dm0i<+f%OOT1yC;?vX~_8F zFh)2{3=<@zzHR_y#I9Jta++jQ&Gt4*M!=>08(f>(oe%6RUAx7H8%0w0E2Jf_6Eo~J z`|6ukhl;;vA(V5fdKDb=^s~)UAtG_=`Hi`(LMbH`=ubs2kFTfv{7)A6H~(G-dOn(# zD&VD~>dD1;tUf@*6op zH~uc^o)NF@tWh9g&#hSplHwFv+HUF*TrF*B-oiOC)PS&e5Dy-tMw95rJW0bgj+t`c zp-MQ#Ii-JLEln7#TLirFHr*qq*jdhcf$MrAt1WDPhGk@}Z@?sT36<*-O0$EIch%Gv zOG_u?gH%lCWK?(5^jwq5!A61r9=!OwmFe%OW0(1)@hdWV$7M55O)H4cMIH&R)liHL z<PgAg(wf% zZFnuNuZK>LbFp>t|1iI^H#zih{r$_S;#m~i4gkK?(QH(5!0_wNpRL6OQJ;U;zPP_&DTt&FH6ESjQV_c^689iP+U29yMI;6?oHz5`Q20 zCqMV;>xW@^B-((pA3}Mo6HP+OUB^zkYurXdVb!49eF;eTYLer#@ugl%s>eP6ibSEI*;83ka zWMD=ors-su*c5K@*N3!y)VZP3feGcCP7O4kl?vaJ+_Xy%WH7i+3+m6c-FR~9_0_ly zxaFF6xo&}vEiit%NuM~nP#J(+eA-eCZ15vFOpk_r478||*Ml0?BeI@j7K^pY$iv0M zra3uUFHlR5$U((Gb4Gp|CnEClKcCKnuLbS4XR9_-EfT6X^*XavBfX2Glp$kt|JvyU zo5{}1^Czl`3^jN0F)6xENyvQJKP_lYW(hec4G2EP4^t8ts@!c}lwof{D0zpM#NvdpKj}T7okIDtpz$?s#ppbmp?H*g=!O=aJpKjrtlAZv4Od ze8rp`{VGZJYq8!5PvC=@;=m6BFR0teOsZO&Q$@73?ScRPodECYY0Jd%Xas=YSM3$M znC8hOs?AZu<9ad|dLNXfWY$=ib?Yj}crWW}TvF|4d!PI)tm&rDfe{kVzIYG;>~Y*t zcrb>=nXTkwOFM-b*lh+CMQmH;t;1smR2R54Rv=ah=W3j?jN4zq(0g!k@Kz}NKFljy z2+H??_+Y)i_QFN3kWT?`XAm?bSUDsuA9YP;${-^k`QhFj%v8>^5`Zo^%gCQb0kec~ zn{;cf1yOs}-euPZuj;;rKYy<~lvpcu^UxEwx#3gN+h;x`-ls*~)9lmSSvNKkqV)+0 zJ9Ealw!*OhjOgK=jjv9AD#lcPPdU>d^nEYXIz>${ICJLrRO)U;ZOLDH%tz&vcS}aa z(wXxr#MIxevI;`ADMXQn`BmvIou&^mWW_sWNkGJI3WnnZ@srlulYZOiDcw0H!`T)%4+r(4K3Q=xU3tet-&dkagm{OCRk{r`u z$$Ta;jT-oQ+HB&A?If0{cSVi3)mIy}yWs>|1kUJH$2es5qx)UjqJDkUO93SypG0$d z6%5u$CWmySc9vfT;lq=P6kIEY4|ARCKr*xI?fcvXzQM*@{Jymh2K^JEf-nX<6-=}V z%GXk}X)v+vlE<5w!|NFK!$P9eDsS^9oH{{Lw-^nHuuMz!gav3-fh(z3YdrOB%D0Eu z1FqYBevs5~ReMd{Wo9_(2g7#qr^3?KsSIjzJA(hY3b}xsh8o!kY01WrWWk2U!J}@O z3|upUj668N;abbM#{y=AMmmY`J`i0oRryOuXBo*O`QBWghy zcRfF-f?FbXg~6}q$`El=oFE+i1pJXPm$0!-2l%&n+sV5BjCahmKtfkm)0k*_YRrRe z7(av@H#yf8iq8$10{|3_1l}@G1itd6Eg2PA>7oe^SePgVTFJS@8OEO7O~Y}<#^zIcb~r>b z<4T%P1bA79jr5wq7P2D%fw%;J66@TdfzvkMcZTb7;$7uGwPn8WR~&ywigYNj&k7Xo9X$wDdM;^@@nJ3uKwatB~AB3Mxu? zog4TT%VZ?GwM?9=KUP0jn9ZIyY&>I$A`Z7B$dvKS#fpR=q;nS6I2s1CdJ^4eFvWa# zaTN#5Y$~$G3T@aDa!0Lq5FkJTl@O_^<<~wJspU7yax2;9w+k2v2N#D^%!1gR(om}k zx^PeP2YmC5ddWL-dOsI_!cI9i(X4=+HpnNX6N+)7eJ!^VP93|SRu6TmI81GO{dOVn z07j?;z&suK(R(H6lD4x4r=l85n%b(bO)>k6TXwz&LvaYl9hM9VOv&c}^MH_S8H*Yt z@*KJwFxI4|j0;RkA=s%5zGs(CbBDbgi-wqy6l8z&(k7HIOQhWXJy{~FbF~!$^9RY~KP2Ezen< zcvA#MsM=d~20!^Ail8`DXG&5-=L94>Jlwa-Qz|El$Yuqm_xK!>CH99oL>Rs~ix~!Y z)FpOzgzPGV!aPi0z>cC)>hH;ft-;kvE%cOo)cM%loHDvPHB#(r>o>dF1g~IdH2;wQ zS_^#dqjBHs#hl(plL%jHw1*ZelwV^nKvsk5}yL zuvworbPn0c9UI2R^bRJw)c^q=lSY+Jzqdmvj^xW2GV-teBCz`8ec9@x6V zP~b#C0lTWUY3VaGgDo$Xr%5!bcWgK5ko=3)055J6+P();BnQTtAtgr@AA0i5&Yx&FK44EJRC4ON{LX7eHXT>0wrWl^iGh_8MHOa``9{2m zHr`Ql&GJy6`*y)PS0&f&#;cSi;_DPc)dc0Gbn8~N;^|XRdS)vR`}wsnfyQO}>QPSU zwW|4#t(0HTB9^XLDe_y_V-=FE9 zyHnLeFung?Y zZi?SQh*$%$CGGR}Yi@Z&I~Z_slG5u#SR;XZm6f)$zboB!t{lk?)D{1n^mfi;b3v~BQ&Tn(Oblv_++XvD0Dx+G^!C1;$>OiB z2{2shAPXnacFDP7K@KeeVh6)d-N7uJ`>wc~yUw}6seL^l^HKiD;mwfGw zwUpm>K^dw%BUu#$l~d#WsTGWbK-nX-TRyy1(y+%t6f1(lilXyfV_IQjF_zRX7bKzV z_M$3TK1G?n;P9NJ_eI!`9Z0;FwZG8*iOz2A4;?zdbZoOtwQNY3i2cdh_+q5#`C`&| z0Xu7+4Qs<~H*07MG(7MZt<&V|u2|7J9SN>PqpPRaWD>w`VuweWiP$;rpa?lRTYSDE zzB5tEyE>!#4uUG@W@;?svjF17i2-?PtWi61)=5Q#Y>`v3>`Y_pAcca>cpO}p0UZd2 zEU$YP#W|*YUZrR!7QeGbB^Cq~raMm6MzRJV=Ef;NmjXj7KlY8UcMa#0gk@Q^Ia zU;s#`*CqJ2S*Ov{9!m@@>$Yp0gk^p%+!gaMiQypY`}20V))6iP&!T6yq>wjl&Nz?+ z2DKK7PAJU{!a6hVpl~Ijl2gT)9ky|gO^NxV${&w}GLNIp%5288%T2Vo_;09}iWgm~ zH1sNaqftIlo+Bos0zYy|Q0&}%_S}bnQZf$s{#o*+yFTZ(@w?mGkm0-|e_jsnfZr}a zCd(hA*C{r%``DJmDw#!i>=HI6S5Hz$70d~Z)G{C1{jrnq!{^@2yc4IgxX`fkBKKMH>{a zmr&%}+*9fv2L;yR{aKbf=EPsWq%~T@5|rAx&fet+%oP}EpMh+Kr1mTR!vC-Y99o50G-f=|DX@b$VPZM`s?FjYVup4mSTXvr;CK_Td4zW~Wb)R^;^G+q2 zwO2qnM%$z0G~=sqq)J!Ul+?1S04+O0Z!I|LHk=qq;R<0%?3;quFQKIgaLGln1aEAX zuL0DwUBgh-X*TJ_M<9orwc!+xhV}}VXa(7m6XR){EwNBNY$OZG?1R8NSYNV{yk)vs z#Y0W)8n7)vCc%YZ#azoR~p_S@dPVkTVmf( z-DSTrZ7ZaodsITM<+LiBp-C+dim@tR@Ao#nP?C04dHGXv#ag`M>>}VfUZg`9qVKUyxl~ zI+=aboa@{kGosL9TFQ<A+B_A_1XX4O4$&TxG62qYbmQaXlU$4J!xxRqwO+%DOz)i_h6(`m31+cPEv3{|L z8)cHD>Wp^cq0k|0mMKxlE_{C(`AJDExyG=U7G_pjsq&^uK`020$sIL4tg%AF^KLu6 z{{ZCQY>v{B-=*ox8KNB?Vj74DmRVz@7>2)!<@xApR@H|>ELn7d*03_pQtekbXtum!Bg1#;bYgMC6{zq{!q^wrfpr=9<>T`?E>s1DhSGuJC&xASs}F zZ@|`lF!_uVqv35(Ps=LW-T&&Eku7h;6;$V2zoWu&$o#$o7Zp;(Givuwld5SD{`9h?_rSFP6OE9F2BXx)Bt_3@vqh`=uJo}| zVu;}nUu!|0%&>vqF6hzxRWyF(3BPs#x%;t&Cfwr->ZBcIc6mxn7W5)8v@T4kJ?DW< zz>a*xvFY0BBloXu{@$n8&W1vZwmM0NsJ1^J=o-Q^;dWvba0vH57bs*L(sG*-smc?H zc$sr}im@W-q#x}o?T+s^Y)1cfK~9l?VwN2|$#g8qKJtx*$ z+CY_C7yqf)c&0M!w+nZFKO42AF!{3z;_093t8#AC%}z5qg6|*I|Iu~-7&iasePwFt z>6JUz{&}vs$vO}@t$MB9TUeK|l!6ee_aZWqWmm#HE<`g*H zcqA*$o{U60trYwktrAp~=Ax};q`0nhW0ZC#?a-KRLgL^@moie=wiwB|CEGUo z;OVfnky7kbQEs0#9-_u#*15aJ?!1@PYqbnGsa& z5;L%EiH6(2!m8K5>>$q%uJ|@Pc4Gkc5XB=&`>V*#r}QI_f+-Z6|Gh+CoFw>xd*u6r z7PiHhg^!7*+X_QS^AH9p%n$UmHw+N+7&zIZPSs$j3vT6{Rc}NWv3mcZjU$OZm$+sQs=MPtK z>5|sc!8D{NR|Ot|;JsfEAYol+;+Wwv^S#q+Q;tU#{Nme&R}95JGg#)dFBdbG!hRio z28O?fy~GWSWZU;%_c%Csv@_#X^rLAt}S_^ zAONnR)7}U z4#mbC$ij=tzApro;eSPfTcCXidN5o~5DTvbYE{$Ud2{A!nth*Kv0C3@IjJalMyK!2 zaEr^;dl8Nqi7mnT^0t0cwV0=!lB1R*c&>7;+X#KVpu1)a@;IZ^G$qTP1f?mPrBTIq zB^{?zBUb+Fqlq|x>JF(!CK553Igc*x8)Ri<=+zk7*u|?tX;W8R(_9*)-~-+q0JpC} z%f0Q}WShg-&di00I@rUC4HmGkA*&%sXO=W~C#kC@TC#%s7oNN)CBu-2XYXvU_I4J? z)Uj5qTHbJa?xLQrJ9hZsUKNr7h7dITAo#Lv$yvclk7N~x08Myk+Orxlf{Wd1sCm?C z&%F(2y$Ugp=5XQ!2A%^25|M5d{ct5HycA6|oVYJm!&7gplZE$q7>Cf*zBXGcV;jHs zq~jeVVT@I%IkGC(^7*=mX$D1b?kZFa-X{PYE!S6xEs8$U^BdiOp;ft%^w{s}r$4hs zh8ob1i<&fcfm_yS?EVIdZ32zUwJGZaU9Ae>+JT71i4Y-@3M;6Nm5A?JTrS0zbmT~> zEfK;M3B-=G0QQ!mN6Fr>JX)IVjO-|w-seD=5`SthuI?kjVcF~=mN^qv~; ztET64pi|`?{#|DcLLa_5TReAa1Am+Lh)E3z;pKvO6~dyF@D0*eBuq;iODnHBL7&3k zRNgJ+O%eW%!G1HH!*a|7t64+Y3V2tFfSc~#@o?PD`an{U;q)N~XlNO;dUVN|Iu$c* z`cB6&NZdFgthR~^FQqgzAfbZ!u#!5%dbFqWeeXEHZx?XA>vM9nT=NNxFf2%7&JLX~ zn$>$y?j#X3={sJ#>M!nuaYLNqEe;99(jNkRfSryDPJZ)gB0CHP3k5NB6XBJlm_%^KTK zak{vQHyCw(f+3(0eRJUMF23<#hBJ9U9Mo&bYXI*oZ71YXzOc5_`HbAN}5E9pLgS$nWgKm zLCyU&Tg;-w@;ioUk4o*WjeMJm0XT<~JBy)NarBR_!(!}L)5;(`rB^d7gNo7v^{=#A z*k8FM)kHZzu`~7m<%sxY^VS!&f9(DL)DwQpB}WW%`oI1~S`sa@=!vgLc#`J&VZw0j z5oX5P$X%_Zy3m>}J|_;bR(n=#R0dkqt9s&I2z%rzgtp)pfO5gmEX>V+ILs>tAr_%% zb-Vgnz5XxY@{h_dmPt3_1X71O#qStiSx;zu5_AaC=R~Aw2}c`W+`e%FR5qAgxi%!D zROk|vOKl7LjNL#LcgV1M&{y4JhJ8QuLD@r~G9D6E6=+O6%DUFF!9fUHb*3FY08CEx zQuz7E#>l*CqV6PEq^`snQ_{MC1A}B<_kdX=$rIub1xaH7yD_Q{_8{8A!39 zsHkMnrUVoy1rO!i5e~18nEzym&-+|%I-^r3M(GKLo^T$^osLh285Lr7oc8^5B0TRE z(#gHrIS%U~ZUCU_6eD;aZ#p2*(U?s!AaNXp9-o!*L>#p>--)=O5Pq%FDGHv+iSJA?geS}{9XqH2*~k8S&-gr3Cu^PGFc$&&kxJi7Ui2169do35| z6JO09Pye#5{mDDb^VcJO$3IZT@Q)HzSQN=qH^diZvtz@1BF;2V-o(S9Y zP(pfnfqmaEeSU&RN~O`&56YEFi{in+Fsxc$RcNL0j*Tly>$>P#7qgZ&iLZC8<$1L0 zQSOH&Og1M3eu7P`4$H_o<@xiH46D9#sinEZs<--woro71C2NAx%M0`C4{=LdllVYH zWS-h&l6lcbQ-bVFU!?qA#BE^#AHeED`r@te8&QM3qU!GkqMLpR{uk>l-v3k9Ti;w# zJIX5GG+@uzw6U_snZ2|5l?zyX{Pok7K`w(?&fxR%rZl(baJ<>h1DuuUdKociP54c* zn6{+#gKnUZg{4+d&c`Hy`Mq+{{g8g|`cZR~LnK@1x!>aJ2GCbFv|(`*b*8|>HcdIV%9eBP zHoZ%tx27G6*9@B|W^#><#X>o|%3Upio{+vyD-k0YmJxnUY8;qM3R)FB(s=?rDe=BY zlV8!oa}(9gsNF(#q&;ofJ&!9R^FWVlaXl*nGgl{v8bmBaZXfIQx5i$@7d3NQB_zFv48(45m<5t#$=ZMfhcFy+xkl5fj>WJ6dL?E)CT8^ssc}C+7l1 z-P_YM(>#H(ZC15(7s6VGpB_B1Ea!-xE|l$!c46o`_YKThpoRIuN;-v-7OsztrrUKK zJCEG>#eZ^C=%QtsTB$YuE#1Go_s&W^yJgXnM)o3wIqqs40KHQNu**`_7ljj_COl2PX@xYm1YI3%&AD{GxnTy8%EGwz z+o3B*4R**1!hP*sCJvLvHLN7FhdqxH#(uqU;U@*N#w>}khLK^QA%)qe2G4(5p1zve z&@sC~?M-tFj=@i;5wvSihDHSn#bxnq3x%JpT3wycs)F}qX(iWu5AG4OLcd?VNSYuV zlwBs=n52G@ddBBL8EE=R?UTpi^f$pj?;tC}*1p+z5+HwgZTNCljqj%UO&@MT-LJN9 zRcW}q;9o;t(MZkT?tQaJw>}xUIQen|@s*?GrUHCv>OJ4Qg0JV#O+N+^A?kZS|D&5&ep!i>20)w2Q{!R2M@V4HEj%XlWfJ#02^w@F9@cdd5AHXkaNlYbwXFRkQ? zUEsJcg!Tn5Jg8)*a+1`4X}XJ@+vKa}vaym<2)Owe?avE@7jyd$!t3{&O-eJzQT?#{ zXwfdS>oxxGyY4z8bS0keSttP{)V4a%Ym7JAoc zicqQ+@GP*<47u0ZpDo50x+YoJBf^`bsR;7D*B_}Ay>ZPqK(20kDlTPMq{iJY`i#=YhL@%9G>(|&Wr=NC5rxT=3h!geSxZ?jok z6UYxMtXlMK$cyp*vXEr!%u`mCd>PhXJj)})skGvS>*j0gr`y@BP}K=UUs!lHtyl5LA`y5p4>E7@V(3#}yo~t)=%Mva*C3 zH2`$lht3LATNjL4!T-ryzb?=5bX>&<#D}lV+%r}r%+5n8-fr@Fj+5icNf54Wf&5Q= zWRSv!c3;KB%j72ml+;5cu}yQS6nwYihmRl@&h=)b1xC~4K%oW720bClC=8C8H~ ze*y$EMbF-Og-{>!bzEvIO@{0U4r=XY>^3>P0_vW77STDE z%yL1E1WZ%SmAicEp}2MH;(u+CJx55=MyMTeWcK5(yK|^r9hU2He3NLoTEM{aj z66P)k%TZ`PyPYV&>MiK~6xaFjDgBM@b$ikTXYhqfkLo}n4rtx&vEl%f>BYfMfBU?- z!Eu91^dRcE++V>Jf;|@Sk%bn-mutGxZhvYJ)t83nV|}$PiqI_Su24>GZYDC=6wD5i zVb`2v<=IjTG;t7mmI!zSKgHO8)WkpC!gbLYoMz(E&j6CD!g93Oa$P!I3phIgNn<(3 z_wPSUa?YTP+Dt4ibfYW4GBPrXeSO;u6t(#8KRX{s$BF#;auPg2IRNJ($1pSrA-r`TioZLINID-&5V=H=m2#yLveGv=BCa!>(O?D(~H( z^1erXjYGff0+nJf!$!peDd0X3tLY4I1i&H#0J3m4-CB-9^=&HLtU3EU#S{Wtb*i+= zVn_s;Qo^&+rt)JKS|uoO+N#$AgWeL`iX;Heg0>_4a#CS7Bk6Kw`$=?jEi+{LQz!Uz zlCy<*tH=jb@U=!?FB1zdOhRdYIbi#Jq@s*>N~>!kl$dQkX|pn3{FvgmPFa1w!)BK+ zxxE90mBv>k!!j4ng{p`Is!dCKa z)nZMG;@uXm>+l}qjDD-+ZtFOB8{TlNu6HaJR~0X$Qls!4#d~1^;cVz(=xHiC(pw9r zKKW))^hSlUmF1e!mzgvj;mPY5lW53B4nx{BO$d$aWM)g(%~l3;J{U9z?F<%;%^#56 z3&nh#`R&5@l8!RSy_`+DzfBzg%ms&u#$c5kJi&aha@0cH19T~>4PKhyiZZ$@$Ir0z z-{1cD0LgDc%`wB9mGIi-$U}DJmT!xm%{+04-Ku`_?v7zy7V}F_PDDnDiR(aDGF@av zWIuj|za%`e54pkT(K(fYai=5_o3MoaMW1Zdz7tOwc6aOKwx02xxnBJ}mCu)d=KEIh z@|!a$XpLw8mOI??<*>caw0piNoEzsbrViU$|>gFa3a)TRv zPt$q9*IK0O$IwjCQ;}~~yEF(asF9H6C#CLL?aS=C9p$x^>l7ll7xn{Q1l3ks!f1+M zH@#lkx%!^s41m7A(D*QOq2>+VCl)OQR7adsrZi4hrW=#L2?#$Qi6)*XH9dial1O@I zEwcz9XZwkfm@kh*kmTY9wL-pJoA*M9*ES>G_y5B7$Ie65;O~zC7jwExq-`lSL$CNh z{KZ*ZlxiqR%ibu?HLGa-(0?OgWrrvQ+EQ+dE9vNE|7nh0$N93mV6q0o|8L)64ek4c zsbud^@~mYUzj|+Mf2Y~4HkxuUTh*%P z8`Rkkvt6F9IyscEd+yZCHOY8dsGZt3)MsbOL(HRUQ6Zs7;Lr4u@UE51Zn+<+bJc#A z5l{9to~l^yGf(rTyj6kUtvY@*vGg8!xSsRR)n3$fIW99#M6ZXxLK4<_n^lB=L=I~} zcVE;D{6yaxSH4*L?&NMEZ$-#uPsY@rx8~;9*`MgXV=Dh>?7zMnGuAmfxmB1{)RulX zFvC(#rI&1UzL#VS38LxFwm5xC%+gG)hL;#zSt!X+dl6A^&g1$>G)xEtEbP}I>S{d`Zo}lh-ytI!<-@@ehw5 zzTwqrTw@OAXSP@a;BXyFKC!}mkt#QxqTAP);ZSTBw#;gHe*B7WLvBFJ8na%|3A1Q% z2~Gcsd$ddzNlf)nBCM4=C~A;bOR)5c`!7D-*~TZ+3>nR9c68#|AWKUj$AQjn2tmRa=7MFyaL(xznh!ezWp;!2kk?ziz5n^miJFigLEo+RG zu>l|~YcW$J8YhnDSJ5r;dHhtj56z_GseA$Y^98O;G(&ovt8lMF&Xm)$n>v5`7tbX7 zyCLP@yNYq@Eu|@8JXW)UKSL~8a-|FL9A-VIu@EepG4R=Mc zD>W`ZzPDR9B{F#ETn_dqlN?R0OT#FiPY?__`0FPtoU3jEkHuXz-qqiY0Ao?{4Y}{a z>vNmf_8ZGIk@s;B1}_gp$^>v2*htmSCg(bK?=PBlnkt8_`ImcwD{*?UCbgzzEkU|r zK)A$DE-(yDG=bCjY5yNaS3*-y>g*tuYIFW#@is%ARm;#0Pxgyr1{-T6XVpz~VH^ zL51WB+Jj_njW=Y7-BIzwI|d;p9o~iwD+>h*nLYj7Dj?R3{RqF{T-7bAScEyAs&ErY zv@Iw>Xv^AQ84|!_+y4H-RD}{W4pX65Jt6~08evfgK~6rf9NE*WZMo!%e#a@N?Xtcc zjqQqeiI!G<(5p;-5{1uVa32Q0*j^b-{sleobVG5Ohkr=L>9)T(BjmRSNUo{A4Xs`B z0E!w^MuEMVzFOH{KYYgKy=B4pmR&ordN*&yOq54;q=}mcptGizHFt3ygnn^uxfzC8dl$mcW_u|Ms{4+m6(Kkb?Q5_KmUhK z`fnV_?jL<91i@Fj|fYSl|8a0+&kS=KAQVisI%P`KuY>JW7K; ze_!YNdG1R1aWX+_&=VN(HL<1Tp7ma@K1i6ledXV1=mMVfg;yx}<#uz>-pR$nt-H(e z#hb1t@5fc|9+L)}j*Q-wvM2tqOIvB{ec8F`U3%-_<_acblWLp9_w$zi>XOxwJcHIP zbs~0td-$K5xf%PeE^CC%hIKgfcArDjmMjtJKK@O@4eT5Gc>iknJ@-zYwUu0=y=<1e z*E{i`6Q!(h9%kiIpV@KIWOWt6aW2BE@y+12IG3(B4}HjxxY-fUI!}N)iI4F(CnvdN zs6x7bclt7>kteFbj0ZRHYC(Dsify!;=alq@B;WhzX{YiSlAMIt-s4H7wN;E6^ycv~ zsVHTW@}63N8`l-C?6ORz#N66uZ%|dRzdv$6lZ;5c5fT0`7x2U<@ zpKWRwbDc|FF^B=jWyy&Qo81@CcKM}hKMsU`#qp!6S#IBP`h{My$1n!}d*t$Z z^OsI;`!SZK)5@VMbuuGX)KIezWk_vqCvDX+|GQ6ZCT5j;Ve5Mfgcp3y(x&#C&953B zbY*>?62eRjj8`X(nf!U;2-K~MmS?_GaaewgAe=?17nB?{eQ1HUdm|1j!19ylt$D`7 zAyX5+>-yZD9X<~V`XlcN@L#<*9Mb=OKJMW{HV+swyF*|jFFn4M&Jy{a%A31WrsP`G zCKDf;N|Z;8kB0+#S(5qV2=g9=8998geovW7v2LCm2=}u})mb^gXl21(Sa5PRj^*fI zn@7g}G3Sy0d^@@D?@qTYrU+hEjr3n|sc2SUd}H}#UEA9DAi-q5vporXAzaoJDsC^k zI`W`D!;o!mOgP}XKr8vjE@8B(VOMgEs2f4iyh2`dU314M5x}_*a7lU{s?^e+bZ1f8 z62TpOu3b-BC`}4pt1~pVDOn>?!4N|LNkPR{b*$YMlg>yw)m=dA&ZDJC3{(SNU$$yo z7O&6yI`T6ETFD}Rpwbl-i-DmFmzMAx0((}Nf0Qxd`;*|Z7 z#r>XAwTA5`lfuRXr^pzwI}1aFpWh%-NHXT@>v%rb-MNv?e!7$F3BYt=$Fd1bvDRE) zU!X$_+4^?0hbQCmh0~FMq^B8GR<8@JX}LEy7Ncy~jf16cdst(jS26Sn75@n#UHU=szs(7`)w#t_XBmJ!Fe`V?a`@ffNDLoAz zGHYTWF#(%-Ns<>ytX?{Gf<)@*H#(cljsJ_i_ke0@>H5a;+OVNW2f;#<-a>DR6zNhz zFVcea9;66Y0i^_x79cbs5Fnulp;rX~A%qq}4@j>8=~DgTectwzd!OgN>-(?u`TpOt zSgbiSb0%lz>@(*#d-neAi|D?;zvd5e&V;+{WblCLl6Q+2eG{>xAA<7^vJzbV_sp53 zbYED`of=ghRJqW%7{4?6gI4}j5nXSTi`HQkN->@NL*d{zQSRi+Ow^i6xyj)UVw28| z641_}tKX8ZCJ1?W(f#ZPImr9*qy_x4OAnQh+yKU~jKoZ=xz=M%@Thc4$kuk4 zRQvT$4eIYz{)uDTkdfVvTU41mZ$(n=Ehbv_9P_2Da^qm;^j; z>%Zzz)W>tb9#uR@AGPXTl^W=R7u9hlzaK4tPI||09~S!KBCXB(4LPNs=G=hTQ1F{K z+~2*qo0ldMBXTR|acM$EWk!Qd)h)9|6%pGED?9zI*^qeH;nrxun5)}{?(S`_A)mZ@ z`VJ8&zp@PRe$|@HVD9(^+X{vQA{8~$Wa0NQTg0ec=2PCHk8Yp`_3kuy3S`NANqoOh zE@UD`dD)zM)3x4`@k z{?V9RuIf=}Lvd}~$%3n=P4q9D29f(Q}tsvC*LuV1uRLYwE5ZU`4x*vad)*_zxU&n3Y^du^u-jjmw zXPUtcZhfZX&GcQ;xt(#?{Pj1gDN3fpf2W$tplWXZ3$L}_(eLqEqooXk?U$O0Q+LF4 zIoMk0{?SB7b%W44p!2fni=cxYzJ{sr%A3kU~lvP)Dtwc@b+VqGp^qDW@efI_jRjh+%a^mBuwgS=xx zF3#|!ttKY}TVxBBGsLRu*5{X<0k8}MKk4O-Z)>qL^cQOjNu26UncvA`KA+zG_5bs- ztIt-qedTlrtA_2~&S`;0;>ZJqG_S$s%OeRBB6-?sLq1B5n^MU^m)RMg-=FcH@lcO^ z^>&nP;(lvth0qGw)eu+2UK=1`zD#RFxZooE?cWZUHJwR)BViJ6Qeyg%H%(!_prBIW zYsax8Z-1$*t_b%+y>m%jM1_lymyC@F)KLSbg@EX5IT%3nOzW4JdbKPfJxw6JjxlOZ zizIml;#-SlwH)T=!$k%z=A4{N_e@O%F^$7_Do0`4#=O=kjb>Z;009vpO>xIeQz#PV zP%AO4*w*b(8!APhsB{6c^sRF%X@!{N^U>~J*0hR3x~Rr)twD6aZ8MK+U32d;*Kj!ZdFNTLbu4l!#-tU?ecB0*%XbLc`RsxbDurDBBToK5^%nC(}@S!MS zSU(@QbfEV{f6$~o1?`_#1~F5jQ@_88BosBrS z8PAw5cMx{1z zID{kIQ!raty*I9-k&cxXw#Y$$&7jPMIP*LlNz|gzAEJhy&Jpy(a=C43`7d+`~E)xkkY0%Y}K<=Cxm?OkL;bxZ4cn*QD5OX5yA#c>6S6~*A_t$5Le=2Y!S+Wy zhBDeNjf#^ckvR?}?Iyca-=5S~$tD0e%R zHahLxJWTfC0d%SOgNtcyK63@d&1FJ4Bql(VPGoo~#;hvC=Gz4E7{rlM!iy7IbFtF& zOM|-DM7y7md&kWxr+#3$Mxv1FT{Fz+oJT-1VEG9`nT^L5x;>Oa`Z#eAPa`^7-zbOJ zEtq3;>OO7nO6NVV3U!~iGvg;Qvr3`(WV*O>H&;NJesKETGI`fSmWbT-o`?hj_N;&# zSGL1}sj+iqlt);-7_TWwE2^)e8wFlQMA{TmUjM9IhFS^uh+3#5I_~;q*vqEYr!@Q5 zw%1pe8UiuZJekG7VIUAFYn=Kl3%LE@uY~Qtd-8MZLP?lDl(qNrtRN1;O5vyUZRX!l zy%zX$z@%G8#N+uzMyk&0RCHQ3YQNDz72zNGX?NT&p4g~uxTOxd+gVBP=~aajCq>0d z$fDmXMewD}S<(PF-FhKxEA@sXPrEew?QMa`!<4Oxd*g0$+Bt_-fKLj1?FXJ34%3Fha2b$wH1c^$rz=#Q^PnB6!;^`9s&mJ%$c`n-0>$Pqk2;1r^0wIXB>ROJj9Dvi*W!*X^MU#u0d3UsY=>Hz$h(9mpyf2Dnp{0 z5L85+*XCN975O&V!pVTa>xRfm%W0+?{!(Q7swRwE-1y*7=Z8y6X9?`joIay~r<7$E z;qR_{CuNu3D>nS5{D~#zSK0pymz{Y<{96C%E8?qq!nq+qY-wUKbfo1?5YB1Kc7;7( z*?eqY{m2+E=Py%Lyy4F=O|6&1b3Ug6JIf172)Q&(-~OcaKAG^fy0mfX0c~iTbVJuW zmYBbr`G5JfsZ0ydiOqF*TO_TurO7svV8?%%SuSTYF+urRN8RFTw#bTiKV%!sMy=)A z#^NT%p=Bza)}=LMFb`flVMvMCw1EZs8coV#2+SL3T3@(kr~NWQ5aBkOGq105NP}nc z_Uh%M(UUMrRqk9e%}ScZ)$OmdEHAa@laeW@ybv?rbX!x& zTW+;3AI}ZVWMobm-2Mo^&1p}IM!^lwaW{@HK0sH$rdK+i(8EZao&(*31V~GK@>Kk? z5k+;wdg5t(#Oy?{gYh;W8c^Za>RnK-z9&P+K!Uk_L5v%@bti% zmo(FYtYscA#4?oox_MNKdo97lE!98IfeKoXMWZ>9E3rH4iY~+7$)pOwLXpJ38@<03 z?Vp|V^9;GN5DCSSta?8y+!|>YB5i!E*xVdj%^^^E&b0ybs7Qvrii(~j!(M=jfuWuz z5KpZ`CE7hrc?&Hf(@%*{wFC)QN-vvW8B4N$L3}5(Qz)!rj#0VNDL^~)Y}Ya3?u@gPG|3rWErMRb!_fu*60K7CJ15WCVyBdi(-W= zD_1b%r3d$0cRl)i;or$dw|^ZAdV?~GGTla56*#7Jq``%PU;!2eg^RHcBT-;(1cw80 zGiYAEOFer#dYn+~!sC*YX4Hp(^vv>tKQ{u6?~-1TN2x3?m0kInH8?XK`>0ghF57_L z`Z^q%nkl;>8=fDq-$ek}<{;fm1>nZDBCgim zH_v}^1V$#$O0JSg({Ul)ir%YBpo4DOmEMc{;7cp=o1NrShxW%E1*A`)SCFcO>ZS(h zHl-G`hGgdc9CW&?WUy7uHk-NeP3nftW|yYOEPrGjx(632tKWQaE-?i{r{sZmXk&qg zd<|07Ofhuyn?Cr|Iv*4@mpGa`UNB>|)vUCojO8F`N2C#BZCB(>mm{YsyNe8E4SOGf zdr3&`RlWUR5-+Q~#hniY5cEv{KhJO*5g(;jc}W5of*iFgq7o^ArTu~NX@KIt8qX2d zK?RF^)B!vA=~yOeBZ5eJ9!cThV#_Z+-hY%K@bQ4%nzNwX@pT2&8*y8?>mA{(=j-(Z zYB=eAZeN^Bp4Q-kV03S`+DfKR`Rg&PT+eAh_sC^mYnYiABAMpNE}4qV$wd~Eo%tW7 z^7}6@|CzTggOekO_`oVI!UB+N$Me6G{fVU2*~B+QcBiS$vn&VSX1>Vui=PYdG;M5j zrw;nM`XPX%X8bb;{p%^!fodziV3SE-KMg|q#Y4-~1F^+YyMA;YC;n7>KFTr;)DK~Y zo&WXEH2eE?!9C2C(wpX7O`cg4sSjq56cSIy@0CjEtk+ifhku1?ako>3S~2KCSbJqU zPmt#9GUvU$n(G)Z*i?F)eNpe41|9vOI*_J3)E2#kV-n-nNz6flcyjhU31jl{>9Utj z(k95hc6LNb_ZJ%x)8gu6OXX9>AkXU4$FllI9Tp?ncWFRQ2y2HD62_@(PK3B3cWZSk zh;`AR=NOs+^@yj56Z0!qh;hgOY5nrvk;OOiQSr}qFD?w{sE~>B#~%mwJqIR5B`zJL zceo9@>GUS!JaKd)zGAh7B}lB-_A`{>=wt;4-CLtBZjpsEYN?rka zSq=)!DjQ7R+SSv1KG{f#q2)72%AbFFr3jS-b+1bx*-sUeclEMRuW%P_W+-vS>H)T~ z^zE`{+T*X|a+m8Ul9Kv%oM^Yku>MTR&;Gq4 z3sSxjE5j3WJvF;$^p~g{|BdJjD-D`Y^orL%x4OwxC(~G_U-B;vx!K$}e_II3B>8sX zXlrC~o-y!RBSQXM{bdcigAc^AZ>*Pr?OGRIVn5RB+Hjt&>i80!qUZQq29uzR>Tfkb z*9s+=tK`o)f2{ns8e+L$z$3?$=nI4C6yvvFi9H=lcsXwKRk@o<*In8Dl`s)Rc z(y%Xq9R9sE3O5#MOd*(^`=t2pLB1>B$y$bweuP9-bXz|EmyoE|-dd;M$xcH~JhazE zj=2XdXHLa8lsAPA<-e2344!Cp@ykyIM|>1x2@Y}BvYia!-|+X>Vd0lSGI#{&98%Q3vH z3<#LeD7nH7lD;mY!+*D^5m`Eggz@TV;DJC5Qao2m2wuO3l9H0XyO&Lcx0cVOK8Psh zj05_jkX#6uH3*4JZMk<(5(M(Q#|pIzl9(BU_E#~K={{D-*|0e*n!q;FH^jRua}tC)3u7A3l8I9gg>Hz3YjrrqWEsdHV}xWIdZ-H+*eRp)H=#2<*n| z3DMw`Fb0mPQ2@+tY+p0{Br|5>3eMM1+LbjB{mp(??LFj0ZBV38S*$<`DHzA3iC`)M zNt~$HP$VE}chgEnhIqEdi8RxCOO%kP7NZv7VuMVkTUh$mtUga=@)pVkj12WkuV=8W zfU;>I-N=iFn2|F!9Q}=k6I6w0HLiMLg zequ7Xzx4AMA{J)t9^`H{l=#uSFwi*`c%z=m*1ur4P4H9u?KD=rBBC=~%<75rhpTt4 zB>wT(@U`Ax5-bpVDi+X>zHEIm%7T>jFoIlt`ddPe{>4|TAqXu|m0aPxernqe^^eBL zk2mn&$-+wa2&YToQv+9y;D?60wx5z55GMjw@-aK%5@{cb5r+H{Tzoo6T5*K-WcXorLfEW{f{xr~HG)DW~T~7&Bb(gMn zHv7vquwn+TIbWJ8BBYaPk*mA<+8FZpBX z#4q}8GnWSYPF2nEIpf1HQa%9Op}G*gXFCCvXuFiD+93+;;$#welk=Snt@kSn-Sb7a z7e4jOXwUsem5Z)F95H&adWUiy0&Hs&ISm9I482`WRk+M{F96)`kPj1r z*sug@k8@XKwI}3_Rwv_xtDd1j_&Vz}FwqoozuGm@h8z)jAHns5dzkbcyd4KQ z4Uk0Impb~Bc-D5WwvDY5YDodqCu%(lOX^mUevZgGgd-^e6bNMZ6(sZzc=-Gf+UFFT1-#E^Q5_)g#QIsl}TWq-UoixQR}Ky z|I13w3(U_x{ExUGdF}3dWP(Jq!mt1K41Qh<`9Bb%KT-5^qwOFJFAmEauMQwhDeUp8 zRwS_P053PTgEHBWh#I9yi?N1lM1lI&w|)h zEyCyNDJ5H17G9liheW0s-iw&eX_)u&k_M;FBNnV(W&!joGnysjt5=IA zjxACIJ303!Ah;u7{3hL45j5DG-@j*D@J|TgA6EV8(fA+s?jIHY%xdO;)So|}NB>~{ z?vbj={_%s3rXY!$>j2GGIn^gj4gOXqDVqrN{oiV8=Zhz)9 zc_B!%c6HR-d0BNgIN`v0cww}{<`U@T(?8Yj?^M3%X%(O*Iv!8+M%BHr>R8WfBzwf5 z5L?Bo`+5@Fw+ZFZr1yfey^R&N>5?DoA8?Gh_Vs27jqAFNP4NCqRH~(roNIf67G;4& zy8Oj)z_6BbIFi*h>HxNca{ScDb&~pmWp$>S(I$eC7~R-8aag<%IOvx)mSNPRJZRH9 z#sNbob!)5{g4#seu}fx^-^qMbpP33E-$Kg#bMN#()5qll3nZY=*u^ghLO9|o;=7Cb zR_wF{7uzo`?q`duT%A(mf9o$#;i~5;u7=gi#INIGH~n1=kQ}?xIzj+LSP9CQ2iPu6 z=LIlJfjuiE_Ntf2&ihM!mDiuD_tBBYf>}8crl{+)A_tL{?$GFeA}6uBIaE zR!cxg6tb|LG}j|Qg{kc%Ot@uR_ThJ)+n>(EKD(tTHwU}Wp(sJz{sn#k9rEnpHU`S+PIO3jA zYD%~zKFnFw!Ib(?-!2)>%BeIsm~8vJDikb}O4)EwOCHR*O=eS{6{J2s+gA z4jYz8(Ddc>S*|DYaS)6;9C5;xKrIWfJv0(cB`%WuEFJ6ya@C_k-#BsKQU79L2=6`X z{o(^MlJz;Vn%JmT=bkxQ0CGT}P8}t=5ucP8Oo7Tw21TYw8-^q_D6O=990q_Q-3y2I z=?8An6XP5cHaci%ODk3fqpQM|d zUgu}tc&Aux0VneKp2H72v^&0NrpBv>QG93wYL+<&h%rZAV~6sn*n%-KRO8(dbG}5M zWpPXLZ>(-1X=Oq8r(E_C#5A17K|@ol8+ngmryR&D38<_VT`*c}U9{fa2F|g;^^U&m zU&-Y3@L!}6f89M?$CM4MugWRdrrR}5>Cq*5wdy1yU}&GU9)LwYS0$6UU|PiIYK^L- zqQiITU!m`2n9ryur?x~53u7+)*=Gjz@Ayp z9K5$|Bq!QLmBg(%Gli=PYhmdmHb=B(?R*I>0|2KD!1a>;Wcp!#3lI=#_Kg`uz@8CF z^EEvYV$&=Ctk${8k~6tFvCA}P$N*2>Pugq$@$VC9$DM?a^fZMisd1zYCejv@JV)}z z6qdwW0xS8k#Ki)K^|3#exY0nM{_Kw>?r+DeOlfOs%Rd*of3e2@uHU?a)lQ32{@?Ws zG>u*?GQT$qsdoEvH4OPeV#IHf80<7qY{uocc-78nz8;nz(5#kZhbumIGpik$6iwdu z(eY!_?RV}};-=tC0^G^n3?-}iLgsyfEigN8XM6PMl7(^W^)chDyMWY_knnZqWV=4k z7hl_z@Gc@4g^$P~7{QlE)ht`eLnlFLE_91TRrnr4w*H?IH3D?3=%NvZn-&im=`0O` zuX9)WHv(t1{3!x3~L1K7h3UkxTV9#1^Kpwm&S${_PB(L)J zU0jUIw^V$}f}vd%7&3l$y_Z$1Dg1+lvUq3Bl+Y;PYI3;ewYVgqwxLm9Xw`%Eee(<7 z%3YPCE$R?;J`d`MZ+6vatk8~8>}iG4K7&xD{>;biRH}eGG&Q8#JQL2m8nCicR=eF! zhZA_Z^2@iKPtTY3yEdaL%kWr&Wi)5>aFE=I?02%Q65%EO=uNCupX{an2K$?{(KFAv zHnWqME^HxeO=&To0gAUP;g;Z}T0dPTpss6}W~J~V99{fgAty>j8+Px6Ha0iOLD$%J zUY9Zy-Fq!Tk^48WaIt&)b9%!4+=0*O@z@_Kb&~#zJ@m)?0274%rU9ehzDp(*OSy98 zmz6U~AN4*Q)ZbX>a>+9>n5aY2$Fhy4-c3TgXVcuNyzs>rG=#dZgL>S?FfC#z!qLz` zPE1a{A^rS69|+kQ+`d@0J55po@hZEY{Z)AfP+;hQ{T>BtZMk{!!_NIy20CCxFW;35 zC=(~2iDGuo(B(E|O}cohP7>Qsi{RNBvNNv!wS&Yk_%%_Grk)+6(v(HVh+KC-AR#f} zd>CV)pFS5ao%1U!apgs;Wo1Fkiip;V5r!2Or3fciaeTYra>bbt+<5kko81S)pq!oM zXP_(mo#or-gD(TQ{7PQhjVJ3xAt%Z=Pj(KowQa2DuEst#m@yA4gLNoe!cVOJpa45cpA%^VC9Sea5h6)O3is%aY)rYv4DeEMYP^-e5I>Ws41!asYAo!ZR&c$i#tA(_a~5ZuDiaCsJyXK`ZPw6 zfg_wpt9z^8dhTQED2vfSSG~|SqKXjp za4O1Ck_R!^Cg~*VsWDRK#A0Spo60|8W(XKui2S;oNFf@p0~Pwhdn%$pbMeLsM<|l> zTwbgg<*UH^UL5ku^5t1@zMk_tf$$*TWWKTIAx#97ygzq15eit!vDd@^@d(FC&xZLf z`^$x;qO>JAnvoWn+b6k%J4>^-Z}ChJr${{Ox4i>g)dq2L)_eYru>%a@D?sXr97u5; zoY66#Pu!&&7r?N>I>?#v^!LQ>Pv@U8Gzt!@utW*$riGYq+N|vB?Q+ZdkJ$(HYHudg zOrBzcThTG6jq>N6vX=BtCl%P-dzaUfHwup8PiS`*zmt)VA8pa}npIQ^zi7Vm>mU65 z6`9F11NH@OJd0VD@1?XUPeUAo_Oj})C4Br&RzzT$N<3tYGwK)6oJ^OgadzEjjJxiB z3UdfLsa%>~x=!6x;?tbqc6dp%AXA&~!5{q0zf#1y{hze&7Yc|Yk)_B)9w|1n_R%7y;Mq73tt$$=Z| zH)J~eM2^ySq8m$b#mfc3$tmAH_?t=3JjYvjJE=r(;x`XAdI|gBp(GsP&Dr+JjJ^g- z$~G6%u-56;UvIwKXF7rhO*w90VLdzSzbKkW4?qR__F$U^N$z#Sk04fW3Tf2Xb1Rn( zoXqQ}?G0;r4E1X8E8Px>piyfCk=@J|-LdtaIV^4(u?K8Q%QZ=iv>n`=#%ngAyHBg(}%3e3Uil=52QYh%XV zqS5trCXYFecs`y%eI6=FP!THyUyH706%*Nqy=g)VKDvkIL}ijrD=(oZX>Dc_S6Mh% z@7WRXbZjs{x4m$9MISkDm87s#n-1hZL?$ig&CJ8}xl|wOiHDzA1z9S=pm$RFn zG{$bgPWX(U6!xvH!b-JFyc0|mEpg9EEh-Fbfl%+HByn;KJqEza+xPl&>r=`LbEzAY zLor`5`F`i8iky$Y3w0UE{BgGBDfltds*_^7PVYh_JHM(64?i|%92#9O3Klyem&t&$ zCHnBtel>9T5*c_S_22hvDV>K6Id+H2_iJphbDvix(N-n^OxlIXk~~+Zp2-E~ZJPvCCk$(`*rL7sirf0C&p;N6tO0Ik#hkdc3I`2K}sR9`1@Yk8WzY&iSm9oms7o^yr@7%Q`3G z&|E*}F-f=TTXWQ(d*)4yl6IwCmTd5W_Kwd$!OfHZ5ZK>O{M7DD(j6DaGR6&)YRoxX zY#xsGP26{hGeHh?M2uFaia&(Y7qTFXXVSG<z)UgItt~iqx@5e z5;mQN6>C`I$oJa@8-|G}G=kHSD@W~0($Rb4-d)#WFl0k@cI;$2GaQn(4hZg!W9 zwAx=bwu=SHs4boEuWL#$XC?VV;dwO)Edz@?nPnm@)FPC+6`OAK#)0;Gx+A*EdRF+p+_Mlpr6;H`2@}j);&2|mvD?%j%&>ROB zdJ@zXz@Q2m%?4Am+ya=a_7H|iFy}utaBJpaG1wZ>9U-BP7b*ftW&$XZ&>4f0so(u z{F9W-tT^U78MeB98#4vIorNvB2u~sVyUYtgk`~v}N^8r%0lg`W4gB`cNrG|;ALkOy zG%X9zsbE|$FDVK%ObU3vm%lRymY`l80Ey?x?(^P!q`;J%Sj+LCE=T5sT`t=u`0;7rnH-~ z1B}~q)9f*oA9Dz9mdP=^UUB!q*jdBue&q9+ViyZhT35>_DRvs*uu(sw(ML>#?f&#C z9mml3Zmg+&pn7A3@%h0^C$6J{s zJos8zDnn&Sm#x92I!f>9jF7RKH5L!SeSEAfsKBWeyj^W3XK|Q!a$fi=OUzThc8A_m z@ah}Plz#I&gvD8r^umn3Bw5QZjzRT+sRseeWdlCv9g|wR2Arr%ii$&)Vt}QCjCw;h z!ZhN(O{~5&tKN@U0X+r|(tF{b(Mb%dcg#xWT@Ie34AaWoq8~WA9_5*&x;+9buI>77 zZs+O;19MCb#$jQlFe9AqEA@s=0z$_uHw|F>3Pa$X5_V1;Xe(u;zd=yVm&xyT}R@(8Jcv}(9x<82M2tVC5^5l-#XJrV_T)mjY01c z(YfV57YFXKyuR}{V5j#$kcm*?P*;unxLi{s&_x&9oR{Bz)TH@FzwwZ#y_KYpZ?*)# z7(!_C{TO7I*Ii?;c<-5`}`;x4; z80KY%nQGlCytg@wI<-XB;gwI3y+(r`9Gv+k;KnFE+QH%{%c~RK>hT*W;dn(GE#pSb zv88uWz8Z}Cp!Fx6lU0)UP2LT}uzWV@9jN-cmX*3o^~S}2UA=a6kk2%kX0Eom`)-tEI32K4OW29^{rTk%U<1VpqG_bvzPIFZU@1^HA1grZ=Q?Dq`!?p(v z5?1zn?iIeh-Nv>$DotzIjVgP;?vxO6PZ(Ir$gb9h)N?G=g^Eb1Df2Tc+q)(KpJw~1 zAFX=sy(%=SR)Pt*=PQh>`YdtgA}T3 z5xO0g1kLs1L-JDj!;LMn{Mb^x1dR>B{c7Qo=2J zDI;{6l&@G9}RZf%J7T?w?|J21R~T`N+yO$qNs1p7U|5C z(_=iJgf}VZ0ZM4*d68c@Tanc{Fl4antm3k=7%=qpntD}@myb}=_OmZ_k4RkLjVOCV z$}rIA3rpn{<8}FtD4?!q)F7V;U&Slx*W0Sxk!;IKCKXpK@gUjB>`sgBky2r+V%I9qxMd#W)@#w+?jKd=xKl-p0@%lqyl(`uqH~&_;Y!X zKGjvAZK%!1v2(J1SA)Oh1S_~5O`Or#`ryfEr2V{VHE=Ra9Bw&-0ZCHWj;Uc8qcwTG z(uw1>Nn(bsm@{}!Za6C!hZ4wzMN~UWzx8mr&MzfYGXV0 z?W4a$2iVSJty0KUw5CRs$w2+paIn7-xVYZJ>tTo;D=(2pw7TGaBwp&3>%2~mRm6hd zMa$zP**S@;@rcuzF3UaJMB%1q3|WjBh{id$ybNG zF6?xuqZksN!Ah9*rrbF%CA%RemVd3Tojrc&Kd(`ru%@{4(cYd1@zIc~rhGz=|3LT! z9Sc6A(A2|Ye3-h#h?SqmhBl!*gI+5w&xRp?EZvTrVar#X{fqf#Q2KS2V{~#^a2{^p zJK2;?JJLy*dGh)Cx4nHI!hX;yXy!W^O2(PdTj0^A{E@zPQP?+&F4{l2U$X zd9TbbEJx+y!7IUuy_$m@Xy0F*wnd+8hBYT6>0>5ZjmqCe0-!!aRe8UBD-fz$8(T$& zg~fOfY9BXqMUUhr-974R*_O$`M3}L`-#ok@Jx~wbidmJJO6I?=UFAH8$Z`wxYHEe&BX;3_6Tl z`DW;pcQ0%SmViTC804#^?aQ{mB^_Ok72-g4Bl%3`nB-!8NJ?hyqcx=7tbXL>$A~s6 z9SMxgT>vZj#iY|RpGv6fi!BDd7tE6$O#DPaw4z+H=G(d+s~m`p4V+%!k0%}R{jaPz47JeVH*q!8}8zg*4J)ke!b^V&1J z4=tYdYTor0DE92HH+bgOUDZF-&zwlG$R5}Wkd{O0`FY>TnmVHOhis)uxMP#JzFNP2 zGK3{LK^Z(B0W4X(nF-zttLeG@^h;>ZZrVGDPrXXQ%VN!YGpMfJX6JgkOY=yg+`?y} zY~`irGl$K#^+@uD=vvjBf#*;+Zd`8cnFh3nZfh6=Vw^ryPyEabaS^sL;HpbFfJ255 zQGi5H3FI~?U?oJsp-=%W#V@yZdnXnBSD*kG$z-?az*SQ956fjBrM z-{f6+NvQu^D=pPbI3K=x)K+0v3dxUiOo=<8{etOr(8okwpFh0DOmMlZC@^OJ(Z!Z2 zPkQT(W`Lm^pLOPz!M1pQ_jLERq}zGiWA^FJ(@7goH)X1*B<-Cj+*q{^EcP-T@U>U$absytsZQ*x zI4+*(0iATV5YlM*@ZjCC#X_ZeZ@jtQV0iLC|4y{_bJ4((kety{k)lPkSot1rKm9Ox zcV(HRKc~ba>sAmj8S)`-UH*&OTTsbba8yqc#4Lo=uE)d<2SD4Qb>4b#1O+|tn(y^;} zm1%i%0)qs5{!ZYRs_0g;QYVx?W`sDpTH$5cJJr&F?{<$sMmn`%Q;}kD0Y|*ZHy&Ng zzO$=ohJj0B=uX{L;8R=(b2;x~7%w+PHWtF#&YMmJ62d~2xoY{{Lk5^fRf72Y^_9FqB8J6yh-v=y-tS~Yy5%c| zOcKk%zTT$&Uhex^sM@QD?pdX^9=uQ%R)zP|9%g8{%oS;GUC-cT$TeSUAp6AMX#4n| zi{HOo<9~#!#=qR#-zxr84tHmJL;{kUuOaA(IdG<$1!$g4Xb%DU^ z2TztLHs`9uTwl*LQgXi{&q1|S3eL|&u;25l^WZPp9+x!ql8JAz8%l!f$A@maz%J$U z);||+xp6&HA1)T-OY7ud&u1!OlDVjPou0ey5;uy@Yi0KA`wW~YHPj(ZG9zTZ53;3f zoD+%btPYXs3-``vGq+2cz{c3>0IB1eym}v3$NMd0>Qlmqs-HSpdHW$ZwRlQpHlgNk zr+Wb;P1b|hbrQ4QqH9fHyIZYm`XO$4j5fCF2zEd%VM7Iie=F}bA8TH z2zRAWr0B!C)r&~*@)+ptvS~fwT}&92mbtKGo4)-X<0=PUI*zC`w@%Y!F?SyT>3qIa z(=@BQfgx8GjIX{ZtXd{%8+!I0+25?2Piq;+vWaD}@nqZ_bjs-E_P7_%UEaXz$ znC+SlP7WFYvfqwYeMvq|{1itg-=sI*FRh2p_zS!<-E81zmm}BQAITut9aij|IY?U` z?wg}n>J`gCSv^}7F{Xp`O5jG(Bgc@@sz4EmFi-Y<0QPw{&BYH z4)-H~Nx3baI!)9$F@l|~T%Gqlxtb?~sd#Gp_I|=0NKc=N685c+u&z=IA3+!nBmSEs0*v(kxAtxUTz%%i4t>bd} zKu^@`9?DDy&Uil?-mP{)(yH#|qR{78#tuGwC5SC#?hV5W*7!sPD(pFZ<12^gdzX9C zSwCbb+Pdem!vx29Ibk=}`p1}F_&%(h$B4C5TrElPDH;!!T*}LfjMlmlB|4w~rQ0dM zBtrGxHh+8r$S$a%u=5fd)aQr-TL#&_2(MuYKCZ3MNpczPVON#lNBR#cDNVDzH&%R- zriy--xT0`N5~u8YS=pErbG6+MPJw0477{oXmVXy}GWF{l&bzSmk0vqO$U4Zlw!Sq+ zxnjZRQhYrBxFAvhX)nt0On}}aqAGAEX2{1j6s#@cJ*1y=xR^V`RSK>Tf4{Fr;@A){Ng`}%al~}t&UIa z2N)gPyB6Q_{v&-D)~a>aUOA(0AC$l4!^-(^3|R!%Ph)lH<4WKGkb(`{ra5nGQ(P^- z2=~9AL!eHpRt4O6C`tM7oNW@DjuMyEJqNb*w@^i#ma5eyI}%fZ0@Iyy-n9mU^$$%gmbhp0ch=pGjv>5-+@l@s z9QE_4n;ReOE77QMNL;lv<6T?guITFItCjU)9b{G;dt6e)#5z^GYakSVGmpHGA^%Ie zh_YWR{qbx0V;%Wy@soA3r5MvGjmg(CIl^w4=LN4T4`I{Lt|4O2?&0D3y3Tl%ZSKQ* z(2^?m<2$b|sdGQhiPZgJEqeoMY(=_zvR^OqJEW;HuYU|?H5ich95-H@XiPen2cCx0 zcq7mpsM^r?#s=L(1rixt95CU0;T2^g1rcloM@B5vxIL8j4FwG;$nk(uMfqy6Ojl8P z*L1sH0TQYGW51pgCIox-o4)*x!s=U+{wk7lhvPe0;|HpaPNVg1%(s=(PopfM1Irz? z3SD(&gaha1$oDoL#>thJPAa{hWGbD%X>yHwM+!z9{G!P_ah|nYFcv_5ZqhVmf7Vr^ zOY(|{>vPO*@uTIj8UHZr={DZ9aUaxPo>IPq52Ft!+ZXAw2AA$+6S%N%pC$_G++Q=K zX}9<=PgF8L@hZVpaQ+&uI(;%(EMb=`lEGoyRN^$mq`2{&j$KjtdtoPO)kDB|zqDhR zPmM3wNWAgg@~5(37k%@=Dd-&50Fw6GnrZ_vR zxLwc27;A#JkK01AfJrQ!7xff-u%%CzFN8IvB1w6jPB|0`&dyE00cmh@RLh8=LKF?0 zFPzrIU*`^dThs_NnedwJh(iHi%z5kAUE}oO7<7Jinx>w^0ZBllC5;+-V?l#c<(lUu zJbBzTW!~$G6uipzs_NN^fX)REdn)ek3u3^h90lvs7Pc1m7IHJXwn~O62B@{NWwxc< zfa;n)3rWjKnU|!Mj5MhcB&CC2E7wHQ3Hu}Uqa63$UIT<$%RV01>FsE}kYTXhwdKe@ zPAk?fpiGe*N@tR?N;|p}nR5wq>4~Oe&Ne5nHOZBhvUN(}JDJ$zMz6q&k)U9)_bg!t z0SAaK7DM0CIlKlr>lXcYvQ5R)(5d~JU!IH~HRdx<2UQ2eHZne-_ngzKa^qhue$bF~ z&JNtv0(`FCUJzwx!6)pgECf|e$`lM`1&lwEPa9{bcu`mF zrz>Dm^&A2t$FFwY^nRsvGmaonW_xjsSq)a+%Ufd9>pz7* zKXVWm>G2CD8KXnPwaj@fc8^YoS(lk?4Ui4#o!QmSXm2V9xQtaV)Q1Wp*+B{*P$iO^ zA2LZf_w9VWUv%{9)b&}faT+W0jN1a9Vuk5~KccM^L;<>OG{M3LW+deh=#3+>x(As&&9dC5puJXL7F|Ecc0NVM>VbDGaSuF^vCq1JiL z(=i_bTd+23*jyUKM?jCnn@FWizBbw#`aV`>Gk?$D+c`6yzy@f%XjmrxJUB%FjD%P>JM~!4-|ke$H>EcO#l#+;8}!NG-*=jNVaY75(c)eL zX*=X5ro#Noi0YJ{yP{Try>Df%rSo^K15cf`N1YY*C`neU8Y*n^TvQ??6ICsdyTE@c z690OI|K0p+u9MFTHqiKgcJmMGr@#>3kIU!E*DwkBdcDHinJWJjF zb_R}&0JDgGt{!vTcr&V3IlK76=YqPM+!c0E5-79*{GuSY7UJzT#%z878J&!JU@XhB%s*YVp^8oY7VycBN==K$|sLS&|WNEb^(_{ojLQm%(}j+x@4QwV{W zQgxx|-hzE3&Uk;hZI{aktJ_K&b_tg_7)eK)#jSO-h_&4#JRi)x=MpLYMg2z0(6o!K zT}F3(hY0OFv!{W6-t7Nj@4cg%>e_u#)K|rVmEL@%N|%ll5tQDfgkGct5(pha$3l@V zB>_THS|AXR8XyD|q!U^Q2q7RP^deoVhi~tF?%8|nZ+z$MyZ5B=CGrsk0fNPSTOL&|r0p#bI2fm2@vhSjM~6v_q_yCR3R|_4{4P)V_*AdB~%0yAx@e>F2m%hh6hq(hVXlJS}iUyY(fPw zb>X0xf^MEZ7?e5a9O+`%6+xVn`NeIDIjlZJ9llRjv+g)(`a9^-O-rFK5UBEsX5G7BUP<&EiEUWOv?CW z(1oyy@x6CLV18g@mZ)koD(pDzUB0SW;Y`lZcYS01l{Pl#!^U*ERhqS%{%qQ)d7%X$ zz^K$hW+BZ1ko6LhVU%+xw4o-+$os!zaqy!`O#lGmK6rKHBV1i?dB(a1ni1(5y zG`+d#7H=Uu8(Rf7I0*TqtWT;ARPr}NbOGBGTw|I`=$2?UlhxKP+-%b#be_WdR)ez#&CgxJ@*A> zqO@X&((HCD7c&8&*ei+b0tOX|o`TzzOABij&v-Dl%VMpAbt@|g$(|^be9ce4WHBow zx1-;7jjzw7fGGyxwvV%s&{5HM(r*?4*Q%CNXcuBMg!cou)*ipU%QY|hn`$=t^jgcN z$N4%rbp+fMrQA&k{>k?`@X4Ehy=_pZTCYYb?dgZl@inJvk3QG?kmHNp0Zy_SSdBsp z#v#)u`lwir879`Q*ywyNC*1&BiHCKjZ5elVJSJ_Lbcg2;U3e{z?53_JdW95p9GiDm zm&c$hKw1`PbLi;pvgs6aUnlyVo_Ov(J@#q8I-St1Ld{I^@8wy2^eWtl`q=QdL7JPk z1j^UO*}bWT7|8L_Z>q1Utlp{anZ~0bs`1DmtIe&#Lm#{EgY*taXvo1`w9S5F{E?&v zt0wX72dJ!}vT4B;!Le1UylNXHY*d`a7R-!DiTi}hfG{2SVozZyG-F6OeW^WvKX;JoO`4--x8d{ z4C#eB$m^N3)@X5vj29HL&o_f_3ad$5eS>|y`zO${-o5M&!+6FEb6Y-kCzQCI{`18e zenU1Z*1v1l4EM@r zQSA-ZR`NWpuB2&r`>1Y?YYTvmUuH~B0SR%@B6$;w{n~;gBkECJUuATAv^>k=i^3lY zkIR0PkKL4io>{g=P6?2&F*W(vN|_?r0$h&@P(E6|B&fdsjI0U;0AZT=O|`L7Cygy; zVC~W4D)A9eN6kgY22kxSca92G$F2!*GL0L}FYUX@)d-c+4;SQL<5o>`oiG9#U8i}% zXP6}MBaHi7y^Un2pMm?3aU-+dVJ7k@L%}+ zcmvlU7uZHjxL`f+8!c9z5MRYNM$ur;{J$gt_0V)hQKkElZ**#oZ&leK2Fjpo-N`CcQL&Lq# zaZm#MM@hZ%a=SLf_nK!v>yg=}O5c_g%J}5txeP=zuz!3|zWbw4@Zn+59FlI&T5?Mb zFnbFrNpO)41@)Sjp5^np^f{J&Q_F}hntU;d2oS&ldQ*BWab+{`*?E7@h9_(z-LCjv z`bwN-*yw`5j!C)K_6)#V^o5>~)NIU?l5lZom&-+n(aOSXfd#<1`P(mHku6x1fbVRf zR4L%q{^J&Ro}X~gpt0m}e3QkWGf(m|W2~MaK8&A7H#eY4Q`gk4{t|)puha!uAG+V_ z2$GJowZi%m&br}$V?(k-H!h(#oLfRq#qqbr1GPLk&OO8LF;(L%nL)UMbw^iQ8G@A$ z@oXqiHiaatikDR5Hbzh6lvPS-rw06oM*fdZ3{Xh+h~-OlNtL*kW|Mwomuu98X7#2_ zWZ%jU#7h$KTV@kK3Oq?8>$D}TmK3@sKRlN$szz7qpWrqQ49=>}$R)!LSgw^k`$uyB z%9j4`4nKPV{3J}Nk!6H?zFcJhAvT=g(Ir4g9~x_}I?JxSrPTy47^WC#Itp3j>{PD; zYWYT%=@8Tp>1LB3BOWK4Lf*4kt?6!5otg(yo#1y@m%OgJ%;0V~r|716Wn9uj$PPDO zYoRMpzz}htr*gJ<9%EBK8o`|x@?RLtS3#KBfPv2sXm@GNYK&v}``>!&2-B|4{CP)nejz4cl*!Pomd6U0Y3JD9NS*w9wgMq6(kO-ZtAr=+YwrFELV zr^}QNf=J`EODu|8AI+dHjvFFz+1`=2*|rx7`+AbtQ4rnNX}`8 zrHjIb$WEb_zNuv-?>|k`7<^zcA?>Og`$Jg1+Mv)1vdUL==fjE@(uSX=BsD-X{JdO) zG?5&wruKSu_Q9TSJlP+&%IxJI>>0z^IX*+QAwa1TBH-uP#D0H%VYL{}`8YtglL~qhltWT-@Pc7;`sSOzX3->kYd; zbM7H{p72qq(#Vyhn)a;C2^GHV>#(2&!K*P@X`|eTW%j*H^9G4eJaAW#L685ki}s$DFtpMT`5@~&po`S9IBtZs5wDOWctYY6VF zdN+>hJdf56>YKJg7`(dRjYg==`n$8)>7KFe2VpiFrjgB;8{7|mY_?3l`Azj~*M@B{n{_Vc z$5xNWyOu8))`$6Mj^$*e6?z$?#q3F-0GD2k!n^@LBX4(@<{&){nPf6Z{Jy@YQLZo9 zh~Fik@;wEy(IYyNoJ@t`oNOO0J?L{y28|U(zhHZIv0|F*4s3{Ge0uycq|HA*ISPt9uy! zz~B1g$%pS(UB8>ovD;yNai8J@<-}RdA+#AlI4;6vaP8Q)icl0Ij+%;g7eyNC8~9it zxqz@os$$)OPX;5ulrM;Q&Z>AnH1wCu31}Q2B)381{opv`iz1hl;Wlm#14geX>u3?S4+le#<_QTRU){ z_HNM&zTq{!`E@$1<Y*75*BfN#N*JDK05s z=jVEMOPh**VfB1IhGbGk2xK7;exbl2u)mP!W40|Ta89~gA4ys=*M4xG!d%DO!X4N_ zbj=o}d-aZB{g-T^}He)zY>M=Vd;yvd#<(w@L=?u$ zOlM3Dhq(|TmSX`wP8@w4u|TAQqGqY%2;?NmvhIPkgwuY!{x#O&QP(|5z6~ze3y!Rx z;m_)S2>qrK1)Z;j?}Kzoz?XDn!}@)h#Xy{DVdOY_|XXOkD2 zJxHPbA!!e3WlX4!;TMu{LYU$iztPmu5=Ji)tV&;2`YgZud3K=+Ja(zHs>I1w8{{~P zH7@jhiZm$REH{t9*$p`xMWtQpQMnciur7}4H*&@QQIsRbkyRD-$_k!c8ajayiVd+a zK3#U0f}a8jO|Gj|@w)Zv7FERh<$mV_np!UsF>-*9jueVj_pdf7%jPI`(t%}jJ0LWQ z;15S-o@-CI6NGp$&j^0G9+A1uCXy=G+q+d-8S~oOX*1uJ5o?&FP{zxnY*$|Qm+HIq zvl_TmaKv<_*@h3MrC){qBMtwb&$)t)dLWLmF^+aQ9i=)@!75qg2tqozy)T)Mqe^oo zzksL&ax~TehV#H5hYyAa{Ja>yRn#7;dahfwLK+TguEt9VY)f>W-G>a|KFWhCZIX%< ze`dOctY4VZi8+Zs_h5ySyf>Y1GrOA1gAz}8NV!4J{0Vj~oZ4YCQj^CMmpU@(4w>zL zQ(dcDoEl`8_+HUPc<@UH^K}39UvmEHxBv2aaD@xgI~NSqAzXfslWnb9ULD9m`#71w z(9gkT-8zY0aXZ{%??rV3QV>3rILA0YRk2nDrA8SB@OjQhpP?TDjNJ9@Znfh*!-|Zl zv8Rkxm`<{0`w5_87ENmz3F7yoYO5{NJN22)j*KhbWQH9wXYY#&;E*XNuogMJ)VE;; zzPEd)cJ>0CLIg~{;9E}Ob&nZ?^mq>iLj7_dopKh3S|8+=_MS8LHD7`JrkV#szqd^U zD0W-y)EufUvpwHFXgakvo7N=$6nFnk#c9~w!A|Ht)11ym_9&{aJV?VWu59=JFVT

Un}-sAE|#*3I6}`T^_sq zdMl(6?W@%)MW$;?Wy*sIwMxJrm5{5tJMIg{lwjb_+TCSaiDHlAc#YLtg!Uq{5OCs5*=n^j=g6{N2cmgoQ(J&|E`Esi+qW4&Tse^JS?wpfhujDJ zlvZfYQttO`3*cA}!eEo6#6&HL64oP|Lkp$vvp^^@GjLH!bQ}nm(K}h>hwf*%mb%dm zu`nCy;`@pM*eb|oQma*V%T~F1ZLn$oIn*>1$BB<(VtUB#pvT?f#H*@#r0Ek&*q#`* z7V(&d@?%O?2uAj9>sY`Xtc!TR+XPchOK_twe(N`gBl`3c>!Wu&k!k9h{ujQ)ZP;tH zNMVkxV|Gu)fgTNR*wnBZC%!g#F6cYTC9jExQ{37dk$-(FF8JVIDQAh_{~z@%7jE;H zg7%kA`j;C1m*w%7vGtdI`G0CsD|ebZ|4A}#jCC77&pA>Pv0l!5d#x*(k5>pX!mT5b z5?*y49a~hs6aJ@?&QTFUy4SEM{e6)*#^e3M$&Nmhm<+ef)g^K>!tM3+SSN}yWnxAAhFo;f)Z{nsU0c2{NS6P(xm~r z3O(fP=fTiiQB^~zL>cU43cMHg&P5~*10ap@mPSbE8_h8G&4j<`U3Z(>bYUSkJz*n~ zSLqgf*R`ab1k!5tX3qC_QKZoNY}(-R;y9;d(T)J7KWZWS`?!mlFWkQ(ZjyR0kHT4G zA5J92luxR;+kLN&UWhwSM@n;OT6z%GpUeswlYOyOVKcjr#i#_9`<3*LqdfP^HAhs= zaq=GT$c*>uyCGJP)D6%&tMrKmW5v(H7d>LtewbX7&}CR6(GiL$e6a_hIEBj0263o# zdRFi#gZr2lilYn|8$>_r=Nyqkaj9rg8Cm=^GDF~Fm4zt2V=F0XA7GD#is-XPds43< zSa&HOPIb@lZt-DGy7A+;2?3#mZwiawiINH^j|P{zp>r=OF%gjnb}Y)qdjDc79WQ&r zAL`KjwG>+w4=hAPglO4l7Irf-U@j~c+Xza>(?sG>DJMD-5f2V6Nh|)|da5J); zZ{s-h^tlrjqp0Wmz$kwdjT8G3MYK*_kyZ#@Ik@$D;^W_`{NJ_co79mm411&ZXmkhL z16=!|ID9hDjZp{^j?d?=brExpmw>fw5 z^j<*tH*LY!r*9O6Uj2u9`NB0Th!1&1u{ZK?({tz&bZ5D!WRujKU|r~eSy_B>DAoBf zyyPHkH)DCR=P-9{vpb+I@#BOOE`OtUVB>KJaP{d)>ELjaI9BrWKa%@b0^on|1VBco zX2K)TJR zpxr+rHrNG6g(d~F^kb?E<=>D<*^8fTDXi0vBvm`07{4dw6-q1qEEp{cLP4>a;MY{nm_SsMBhE#L278_fih$VvN ziyc??k`gN-e|0h|=Bx#z<(OJcOpOWI!c<-mFb~@bi)LRG=z=(!-Uxj7mlxzu$?k?x z;qvO75kdlZ=69vw z)gEY}F3qyGi#CXk1gv;jpf9u!kR{ABD>_q*C29+G%y{ECsX9liplBC@8cXcs{w=vh zre!>v&HQbqp7ybLl(Dd`OB5Q#4k~|IGPrcQn~WEq?%M!!zuiY;O;hYq_?uOnBY9sKd7CWylJBr2wm2r(3<>HoE#@vL}~7AV=6iclw(f|hrq zeChEkdW9Z~2C*1-aaB#-0$u}+`DC$mglX&D*Z1_NZ9lkA8a5_cnK3X}AB0MENhMHM zj0(xEd~I-%3Zb|HlESo-maU$Vkz8 z6Db5NA_Kg68f4(xk_?fxnnP?`EyILS5LD+SQ2FPM3FM?S5sWo)a<48Ovys(EcF`P{ z7GW?pdnntZ^H|g8Zv(z6KagJ8oKq?FqTeiXK^Nbio-*(Md|SO|#wdVet0dQeQ;-Xgs5jLHvPu+0bYp!|S3zLp)g)D=v~*SM{HyYd-n zC>>)mfhJ*`3LJoZMWy?FY}yn_N^F1wT!r>__M$l!E5Y;; zrv+YU@6d8Q#$5Z3cVlLY;JDWIrDHKxavk}JGl*BnVQIoJrWC^4IhBshlT%_T`AH3}MQi_=9Ck>l6 zaJV34TF8reS)nKwV5vQqO?rix`S3$OU9+Zn9?;60p@iq++Gs zP>c;9m|eLxaE<#dDAMt71NBe8ON@=#Q-_~UxmU24mfk&@hFakCR(N*W_Cq4#&@2}z zW$iT?Z4V#Dt;Ob1u;iLT)6`5qmjqv+uOLiv#ktNkFS*)4R1@%=_u0QR_+R>G#}dM; zNsgeLx&)9Z;(i_vmP4K9NjbPQ)&A66lS4(gP$(o*^)cL;{y!=9LgTA$yvC|#ki={? zru;6L{K$LJ%$Hk72D0+7H8Ydl=OJEp^w8b!O}$)U$!5o%4N?FbsH%GAE$LV8;wQGh zg7qqst*+KyBe2#2A|&R-@2s(uV40_mHl=bKjxoTpjuw=YAjNAxKL7Oh`QXgb8uZaUyH9}b`g-^=P=e)Q4kB#mf*yxzfRQ^f5d(Hvd9qF*A z2yo6Rc8RiLawD|dM=!-SkXkeMJgZ0}CnvZf<23XnElcKzrYLCQ=~~m-+|^OH>dhV; zjX;}RwZ%Ua{1*(|jpO_ylRbxTOWCKtsZOsR&E`%z{Q?xXw4b<7#n0OBhMfhJ9Azh} z_+|`aj}=w+Tn9c?C5iIfY5IHpnjX2qo*YMWaB=3OzL8q7{QZgdHM{E zo+#YyYqZ&J5iLtbM1Qg8afz2ctKR=2QV4cDG} zecIhYs&mEje8nRiTK%64C(9_C8f96_T2w(6Z#()@OMn38Sd_LxYqrjZ4F6JzLAYa` z@~fU0-DR<Fuvm z1uBfeIwl9yX*^buPAYs|BIB;g+&6|k!MEOXaM^4Ih!tlm?1f@@LCa#g%VPjzQM`j8t&Qs#2ee+Z~+dgxnjgI1{ zpG%SqZb-vTG(L@zOSmws{TJOH9^C+Q9hVbHYL)8(MZA{ z-R5-t3=vilXmE9R+I<1km!M#y9}}8Zu@;SFlK=KxjhogRLd{U&f#Wl`?%C?Dtp2-Z z4)=`2-!!?KFaX1MoznLJ_OD!G4WYV%Teyvis}sIGum&3(_LySvfEBlN9nap?wMQSa zzdRO5^!0BP=oh_mA1QrbkRbd)C7dfWXWgpdKY_KuE=`Unf%4vA$L7%et@h2@Ip6fETf8S?oB4K7PjY9l z?waCC5$^VorP^kb3G2s~nPg1DFUVUHnnG;q zQ65&UtM%UKYTNe!ILQ*q-4VyeOoV-SY;5(Wrcgfdz$yAV*2BBWbf z<+GA=%18Uw#k1>)3RRcKoswy&ENMuZlRxYxsg?V+g9AE$5Dtq<$`ai`y(hW3uChJgyL zL4#!%LW7r!J4u3&e4bEs4)=B^vg^WhaM}as{O5|pPP=U*cbLvD-Ie<{*joPcM#six zJ7d48Qh!saS@FO5z_!Ht$x6bFh}V{=D!Mm9pTDPOUbmE{!oo1SsxJ$nF%RiVAvzn> zH?4Z>ZWPsO8ejiu`>epEz9d;+vcAwTTjmP?lvm5fO%0#nB;whUf)S{ceH09;L0Z)c zOywQT1@}9$wX4w{D{}u><5n+L)G0MB8SFLzh7ZBiJ+b#^wC@cLZxnm@RX+y2DL#EN zZL}5@?WMynDd*SR0kDu!@>@mqR47##WUIrJ-+5aQRadHuAA57SG0Un3@TO%@e-kal z1%*x}V6-b-Ob=CR7t?$%g&HJPOqepzVhZaU2z6N_tcJ{1&_dwnJs3|v1`N0&%pw{$ z2-Po^QT3MwqBMl79!6Wp!9L@Jk1C6qVPw&=xT{X{rHCju(*qZ1ua%@$f=fvoya9X47O5@k|oMH?eUixZ04a7F24O?+Mu7DnkYP8FwCYrggBnt7GL z{sXehoIxh!m!*V%?q6wIE!VPM8o|w_PE)e%{cLvmFXL>`vy;*w*-p2Kb3TAR9}532 z!uP{yL0-zpp!p->FkHw1ZboOx8Z~aK7qeq>|s4P@jM` zOT&av@k*1sQ)d$%!{ll>dgYRuS8;ZwQMGHYrgo%qF?%q_^uy`R8SF*#U!EZMWHr1vdT6LX^NwOS9$?;=y7Pi7!iOwHOoUi6WG{N?L*$eRc_SNgc}w*xu1j^NSoa|_ zw0`O6s&8Nn{=31lQ60^QSzAQv-*OGlxkT@T+x?;CEiGU}H{t~$#bf-Jcnz>^^Oad! zbjP#Z@qw*1Q_`_860Ze@X|NJ#*PMp2>YMVH@-@yID)N*_@wgxN;cd$0!3_dM6l8DJ z&>opm&Cb!y%t^FzTzgcvAl9pASUz!JMg9Y6W^p|#_&~*pSaQ&0sOgNcxB93r`&2ZE z9woSL#_~d(tzsQeKe!R^d#%*C{*<-2{OV`R=@fh7#^D;DFnkRxu~5M`OzxgYYZ?K3 z9GYK2D*C!nvR_bioizlv44!?}xeBw-=a<@?G%JgnNfZ`fcnoxjL9T;*hlF{@2g$>X3K}%T#Bk+Y$QAI zs@xDKIpa8|brT%4P;`!|*UYuzZ{j$_En&C4U$zT4^2 z+D3SW(>#TnI=tgVeRSus0&^Z9P%;yea0G+fn41+*@mu@+mlK={~7+*>Rl^4X=Lo4`UPm z2lsO0{g?eLHhHLDlNMNzQ=Hl47HfA-2^Yuu2-Yub4Zrx-t22|j-K;S~?|PW)qDIU? zkgrdF9JVwA;i~{fNV3`6m79Cfmuovz!L;p9R>j@Q+IxcWK0~S12~ySf@2{n;pcoVZ~|AxD)%Mw;_p2*9^~DGM2>&1F#*%is|H?s0T_l13_x! zwA{&8NBGf@Lz7R1{!V@_ul`lD|L*Yr8Y4Pem|>6qS;8S+D&Jd7X;qRVHkDgrE`b{q zBx_haUe)ax-I*cLBvjRz!Il)+#uJwVY_w~1&L|32Jtp_ZP6khr?+Y~rURif?cOJ*; zd*ORZdneZ6E0m%}XIvmTh^~W9-?$&|(+AMTi{F=fz;5aE1C2Z?G+ev4>Adip>Ry<4 zZ^%I9qJ|>TavItl?65`Y2)#ZLh5|hO%07fY<2qY}ha}2soS_zuo3-Y66NSZp8WT

dg9IW zD3RSs{4TrT_H&mxN^CG~*xtR_<3Xz5&nQaI$daVt zFPW#z7iH}d#Yf*qXDqzW@QXDOnyOQpQyKOm4)c|hTkrSe3FMW1&gM2SQ139C&(ZkA zsLI;)r7ax+1eGQitLkX!j7UIK&r(WFv2dc;m`kl6u?H9n-_SQASkV!TUJwA1FTQ>2 z5PdxM=4*+=+nu4b z*+c6`-UmhP60{E1E7Wd3^Do@^Y3wvT`2<|u2zQE|Gsgm`*+A~!}@QUe^@G}F(_UAmA`wSzo)4HCJ}_GLjX%>`QBq2 z6&_18sJ~P9?-vD3Z#XJJ$ic;@prvS)pyJ9M?`-99daDZ#Mb5*t4KRCD6W2~`@{7C4 zd2RO$S;dthAC%0%{7O$`G&w&D%LRCYq+_;AeVFq1hqbIaWyLUCl%154Wc+0i9y~fL zDP&{~8l}zVOJ2H>M}{~Jrm5=E+Mzz{MRBBb#$4BfUj~jzY?eaCGP~Bm=Z??2bH_0* zI;Un;)#6_9?QgtPFxjHwPsrVZ1fKj(6S{U;e&xFv!jT9?{>y9IO}=63MQ*URI=Uzm z9lWANh7*&~%kW-Le!$PuB&A4KgMwsgv;?asG{r(0RG3J^_h&P?Nrv~1ctrz2%Q{8j z`-JG1TgxTGOAF#d8%Q2V-b^E1t>mhJz9(Ib0qjX z@Rz9Vg&Jwl##k--#3og|JiR9O*~j5zO+s57cr^Z#A@U`uM#sn=GJ8XTaZ=2n07Cmq zyr!_7vBQUQ?rzyue)UF?A8JJ^mHZi*>D3XvT61z0tqdDFws$P~qg(J$ zVTb}HGu~{5TDLHW(@snEXK9JVL)j1Egb{)3stPe~?uP9Cv^-mopcyoYS+Co?7%#$Y zo&kD{$aWZqJtPNZHo2W==glqj*FZXa zCTTA}cynM%Y`O)4*6O;IMzBgW1D{y{e{}5!?HYa>T?b3*0EQuvK0AMK+bSt*z?0Vd z!h29c-+{OP4Zp>~eEqQsGt*g$ViEht*GmZ|HZ?;ZgmH zX`iJBzP-qh8MiAJQA=#;G=LX<6hb*3#Ctf}7%|6$CAeMbHWJc)V^*_w!POMr-U1zF z{S&LXSJ(5STW6)5Z{y)$V!jUSsu*g@_ob17e3dZWw+wgMNk(yQ`&ikXwlSUZLYP$t zvFH9(sdprEzn4g)N^<-k4$j^AJjogY)*MDikeHWtc=rHTiYB|ie1>W*o^|tRjQzdP z%FaZ&ToIwxB%D8f)Yvi8m|qs$Pm^xO@GhfXkjDVknx=x1(lARNZ#QOD=F?)D5wl%F zr+5kFzZY#*>NPn9$kIi{mc>?ZOc858F(u`jOX*xb?ezix;CI7;y1A-Ff;EFHwtwDb zns2m^#Q>Pz`NNNzdNng}JEd_$KC^48DXD|u`}?AWqswCvbJ~S^{D%Ft&BR&b_IkXo zbX47tIl#aB9MyzDzh`wHA$B#b`RYlr&mYhO)ul_RCYjJc&;jp~RscQImq4S2Cf^em zQOWV7ZNQZlFjOmZ8-NS;3E`P0@F*8ZY#eY7yU=mfBii~!uO{nB)5#P5Ob0&KCe;SK z+~+BfI1UD13WQU4`7`73zw%b`b(bITQNR)Ahu{464wXvhGoQj+^Us;ja*p!7&B~^# zl;~Cj?*af6IP{SgW9cKHVi>e$u1REc)AJx-{nBmLm|Sr0)4=mwPOPWo0qq$1yYc6Lj*K-hA3tIE)_3lFkIZyn}le zz$))m7X5R?K=kH?O^#```sezx#v`}jUT0NX#?PEmws149LkN=pn1rJ$Ep{dFQu~?< zD$&D!&BAY(&$rZi`JGxBSWE`4y72)n|I}gln`mxVXzu|V^xX0Ahk{pCUAbtFzZ~D- z9fN=(4Ya+adBeT2hCiq7^GP%C<3C%;g8qi9*h-T6-r>A<SZYY9Y<~JpN~a;d(hBA>R~F_( zU>QQY2={&>pnJh@v_M>3N-*I>O*dk!ghRMg$2|>dyo9|32^eR8r_=yA#Bj?hk65Lf zv!%dD;ku{O)*PA4C%ptKgkKl=#>?2tdtLNLFWZN4DrqXagZ#!4 zXiEuY7PC>lg^6y6mXLij@hc^oMRlmfpB$q`(2*r{Fv+_E>arN_poiK8_E69Ss32yMm2R4I;P7`mBaf5>CZJxG+Ukt$wM?^clKu3hKba z8hMC&->470&^vV-3NI{B{#PN~!Z75UU)3O%*2vuYXN zoR^4nkFL<-mfAfEUs2DObYn6IcY-^7e6N1&FC65Jvevm`ITG?bHo{)UZS!+g$hR1w z*&+HgojI_XZ)wR}bx)cUm~6)C-4?%n8~ts?FOkDPFbyo+h<=%rTKF zcPwni)V`7Pxb?tFvd~vvQLkprLyd_1Q~2O1+t6 zXHGndZ|abDzoO{{b(GCF2+y+Qd51vls0Pf)R~0c%Oo#oZk~~|r5!9JbEF^2+enBNa ziK(%o!%dtN%Lg^xHmz@5=wmjkFO@mqw0DYIisyHoG*6Yk(s>INpEp{JwXl0~iE6%X zsQzW4_Ih>NjT-xx#=xDCdDClMAO`=U%~OhTEX-#hM-=F-QLX9gH{Suc=7^lva^#_- z*Zpo(-lq~&SvchbPo3C)w5y;5hCb`tVgkC(XcWR87+AuEp#tFO)Nq8TH;TzGw3E$Ly{BWl~aO9j|zkdAZl9g@~JCh}XKl zwvJ)=+K{fCi9n9#qaxJGe397|jB~sYicL0V%;~Nkgx_0$QQ7*5^SVAEV+P~E<1rh6 zOw^~w6CXq+$ZkOcWPVe1&_HA5x@%>d8;VW*GWEqRO)DAAdmM%O8HuVELMmmr`;n3= z^%)%{8M)tiul%z8=%E#XkiNM~lRkWY^HM7fqO|*~g!sOGVEsZ&HNy%vw7&B?u;G1c zdIWsFx4Ol5aC!K;D%hS8YNHi7)h6!abWZ<4tt=< zujyRs#2_~<_zt+1==cz~3oVD>`Epcx>KA}|DQb=me|RK4S&wN2KKGU1(@0#`?aL=T z=nMW#%zKKYYljgZK1v9->}zx%`Wl`9tWXZfLgqh1%3SFSq(jCCUtRhC}tZTmP6!iYe!#)fBuoRYxWkRi}g zmDbBo7esg*Gd#|fWo(0w;;c4{M|5SjFTR^-mnE(xt?;pgp;Y5vhScD#lYjG|9cM+ zW}n|3E-$d2WSs^kc_vB5N|`!jF3a5X;P$UKQ0~6^ zvEw#h*PR;{ZrY83gC?0}+fp%@+b2@FJ028}Xb<Hf6f7jP1*E55n;c#nJC74_)HXP2Wza&?SD);px*lGwL; zg5RA0rI|z<4GG@j2bN290h|&oNJo5Ipf+GNd_JI5x}u}j+yx3|KhawY4&IaisqrQ) zQ?t@$P(S8EQ1wM+Uy;$y!FFAJSzvf`JUe^m9SOy0Nuh%ZP2)Q}C;_!G(mH1WRn(~^TcYoZ1mu)Y;7}ftFM}d5>rC1A&#n5pcur(v4 zWJnT`M{vg@r_Y}*2!^2*ZD08H-u=HWo707X>@@6%M%LHCn(=E=ul_o9kEkDQ#d^{E z<*!qt@Z?R(W3C5PzS)>fOHn6vjp*bDFPonLRNG@1yFt5W6I{XCpL?55e#MMfNul2S zyDRa(^ONWBGoF24a9t;#4DtLgPtiGBv?(o|^6tgq{pebaKWxxujByH4S4nTJp*Q#% zbENi+nMVqOB=asdUE*~1`-3iyl90h}i>b#MgB%%O9-Mx^|Qg^wSK_o4Ls>Ah{W5mLPR=S*M{kMVXirY6~<434^@TT{=p3e#)=}EficH z)G0u$4_bNVF@B(TByW$LmQj?26d1)R*S%A3m4Y{f8(kiU2q~7F_!{d-0W#g{RDw>u zO4bl-{mfU90`Pt{NkXqSD%~jvNKkk1oQ4!xCToaz<;}3D{?{AA6Lw626<@B24NrC< zd9CCsT8*L8+K+^=9K)Ntqf@4zxL2zUeDYQ6GS?ap-n~%h$-WtHRwYl`uxzQ^?<0@e zTXB@3O8p%Nu4`ifs`XgTs^kbne-Y;?lfI0+mRpAC&Y`{b)+de)YQ)q+;`t|Dutb!Q z!$vb)C+g#7UOHTdzaLKF4GS%eavk$n^@8;^fet_Se&UyWZS?EHbX9XGSne}Gr+v2= z0}!)!2%;5czdZvb*Q>cSk_1DzXZ@pJZ(IfVdK^)OaVzr#hQPY=EZ(t_6?SAxhAHxA z%`O=|2u^rYHvH?K8m>;4<*Y&rH;!>jRX_!%_XLYpmiKI?SuQXSC_N&}F9Hz!Q3|dC z;jAtjmEXy=z&2VV&*OC~%Q7agFwS4D@N)!j7`_Ly!USIJ8Z0}m?}TxVKRS+2k5CZUohQU*2kWL+b~XWw zd}1pfl%$_M+p9oDSz1i?#nrZvZG4GztZs7tcH_NrvklXg3$jh&F0J(er)SpO(dLbA zHpHC_$V2c!Ckj-zmGxi%U5OD`?Yll=DPP;<=ctXuPc|&?{6J9mPkU4AMBe$RMZbHY zZBy++s_|*)MLqAVMo0Gw(W1nkzAxCjCnLdpZ>M~E58?E4gxt6D_6`0%c=Tsn1~ zjW4*m^NN13T#0@AcN^Hrp}!gRZRy{7yjb`|avE~8T)#LDP==*+sUtPPcO#uqD?|{!xv;sxs_aGFP$4l{5y+7 zMDAD1i0iiFGu5xcgkG&(r6tRS+^j#=zrhS$P0u)6{muC-$W46C)+NmeOV#y;os=!< z`ssU^LL?WSE?9b zn~#UeetMbm|Hxqp8kNmO2`stTz5D$g@!aCOaKV8{yrNT9^#0q4(26yAJ>OwmHmfDN zDW=LjNg)p`>y$ihC)y{J<{776dTz@*P_^!5d7_WPl*YYTwV}|VVHqv9mu{URt1oOW z%l68>P)x2w8bqd8HKR|kj}4`CyY`3Qsh`hWtq(Ar1kY28sSM3`UU-eLlTh;l0vVDp zOj*G@)!2S^OFI1^_J(d9Rn4a6A!%0G+?aPeT@C1?40$8u&~r7tU~tzd(ru_t{p!0- z`8d;hg($BBWc|QlO#1L@YtF-QB1zG>0r$8M;ARovR9!}{6nQg2lBQJMOw*ExmH5M* z8Ivtpe~;wOYC)^Xl{kSTCRzf2)o(y>MZpN5k6?1tzMOGGR{Lvc-7tKG?v08aad3_? zTicMx;-524DNC0Tv{E*E;eMzf+_gIf&+N3LB5D-OZ$Qmj9BF_FF~XIC%}{{^e|&TC z3eC&5omnX85U5M0^JY?QdT9E&UWCsrVattc2M#Tt6oYLX)mvVpJ@xKD zQa2<#JhUbd*7+@B1W{kuoj3RSBGLx4Y8ef*567@_C8Pyr7 zkw;DT3E~=tXKV9U#@G)EUNMEOgypR4Z(z&D4S^PzZFXg!?8W7aib;?5j8k}%mNWxY z6C||bsq$aX7`6mP@NQPwNAZnxi52dxXSq*8GPpk90-A+6d|K7wD2NZAo##(@064Qu zAAY;qD_w#!ml90iHRZm%%@9%@8l8q)P7zi6UWDnr+6}ZIOyq`l7qd7HAUMG9+Q~nY zrqKvz^#BKZ*u`Y8AV@YZ9Gc3k1WLssajti13eNNZ;W`0zYVcet?o}BT>Jhq zfJQL05N(J>-fUN$BujYaq0bihNLz(2$WCTNEkAM5Y1|2a z@MoA#(JecLmB(=s>(+#kVCwXP5>2u+@w;D$T^2H2uU??MKFkVFlOy=?%AHOFfU@Ar z##D^|8ooZvCHeJ9j1yj%mfr4a* zEAFX@^WS_HEt%wT?rHGd|4wxKkGA=zsYIMl`EwL2JUu_TuK4Fz64oZ-;bODRgV2yl z^|jQ^2ZO(sC#iSndTuRJA{35&NoFxgpBe~BI`ugpv?})7tRUm~JOy~m$@R>d3m)HA zcR~3rhSMM=6a_3egv@5#no#@m;;`^Q`SA4!e~+w>>&r)$BOwcl)}m8X>lD84AoMb2 z$kqb@e4=6{Vb`J~qU8MeAizto5%?5Xv)!=&U2v^H@{u6Yec|fThi6G!W^BoQLCY#} z?%<#QI^~5lZs%r+%Lj(HXRo*FPZrWEy~8WJS!)}UKawbex|a0gu!U7j1zN5?qXpJJ z?;%ur{2=15Q(yf4IB0S;YG)jLjwXBGzg4dZ_LHi=UZ$c%RjT(UAx1!a{MJY{_`H7a zfPh_0lWWeO|EQ<_gR*~dw99F}CoUta+@FK(Bi}>%nGefp-yZQ_e}}g3QY{`t8}hAD z2J3V=Zj4Zc+(aKWx>R+IH(6=eMSWtm{_-VdYn%DRA5O^NhYYRzvj!Kox|0YFvK_b< z56&8=`O;f{h2%n5b)Kzri}9l-Iru^)B;e8*cS!|pF#A@wEa?M^=vF4-@Mpc;g_)#4 za6rC+myk1imX0X3GP{I=g$YD-LouMWWn$8#|BR7v+{9${=N2}tw+i&adtRkCd|u^y zrbP&|$=1X6D;S|ACiV*57WP@s@h&Ui7r71>QD&(EN!yte0J>}?L8-|1&c*3p{MHY5 zY0;#vegy%kM5m;4b0Z1Y#pfmiU-~nqjQWr#*@@dHjZ@qkBD24-E}N?l7dPgb+N4Dh zyMo%VHqhmYhMit{kb}$RuLkx3Np7cZ-#}{t^YUsXg8kf|7Stpi2Wy0!0n&m*#oFNA z__l;k#%y19^t_ihWb9X4W=EP?m=S}ouOAgb9lyJ@gs2a-Yxs?*e?NK@*3bV^up4hV z{NuJ=5zt59J>cQ*IL51cAfZ-c<%&$2>CK^ZU$(ro?w=YKhmOof`&(iV6OPr*U&YFX zw_LrbT8<41ZQNCtpCez#m1b>9g{X(l3k_M`HdE=xh1`G6;nwksOq9uI6A~LZ5|$8# z$LhJcAE%t)woQS-)w6m?-noR*iJ=0o%Eptdtff(}sPzbnEq0cSH9E5CyXh1ARZ7t6 z5=HQo(qE@qJ?@RVv~B^J*Zw*cHlmA#-aCor`aJNdP{k3cT}{jC60Vr8gXy6M$aAm^ z7~00H=9fPbTX;d?uPFZ9S2q`sL3@ml(R~6G{1&SOliFJ9NyoWI>Ugz!x?--=uNRCCwqW?j6L;Y0{z6q9LP#byO+N0Wzh?$|f#^VCIF`E*F(TeOC|;D6`S} zvPsNFZcd3D1{e9Zh?UaN*$GfHq$%+U-dMCKOwj@iQhNly1;WtZg7IMf&rROC-6l%m z!HfitE#-*>Ot{B6OxJgR3u}HzF~f)Rr$5-YhtoUYiD=S z?{-C_K?&V>2x%EJ1-;_+5X%1>?!2j>MS7jNs@7X2l?fe(7iJsAKSm&JaGWH&c_p$* zN*E86Y)VAVLcT;%`O1~u0^@FM)RzG1II&n1< z((l*}U025hOs1+JSS~(=2{Rt`f}pDz+$j~F`SEt1GkKu)8nXhenP4L(XB^Ebs(08r zN&IrY8sgCKiltJl_}(HLyhB%>{--5FQP5#Qp}`K?wZmJBMmXw=8T{BV`Z zYKqG3mc`IXu=v%^E+wTqVp;Bo>q@h*IJH?^^uC|ubl!p@zwdTwEGD*Bae~5!sXH&F zs@|tsZ{TZEz{kt#L*WxqI5Zrn+1c4|VdWyJ*jt8&Py-!rfyem4OI5GAs+!^;s zNvUet&pm#!k&>R*xslgDi|g+W)NE7@hSkvSfT^s{2i#W8%-yQajn|#Ia*Cb~gpl@I zatr0DN>SSw=EzaOP_Pzea)N6X0!rr;BhL%BdHLE*QkFg0u)c3i7PI5!S*8Hy`vMW$ z(J<|U=hp2xcngXpl?OywKyO-vVS;j+EY>Yz)NDh#rN@SEMKtJ54h3vr(ohuZs>NB@ zysbkMze8W=bgz=7Dm|(hEt7LHuc3u;w=t0TnfGtQ@4x@~*Gj+r8gqC*uUPrT!DE%_ zq$f`aRo0#h`5I{PC>!{NUJz*sm6-H62tqvK`U=Ma>#F>Iykpc@S4-TDNaV_-GL0-kmT)c7 zQNXL?P+f3ks8q6*9a^SIwLXfcl)YVwdw!Et`n~}GSjImT4sHIzBv~xKK)6W6)K>s5 z=SsYmU+Jomu!PV|z4BVh6@Xb3IVpL&d!FUicY5S&f0hyXqecBFll8PJ4+|2m{zwXL zFSh!CRESHEu{T@k1*;jPB3;7rV$9~L4x7iXlyDc)0=#Liz)wqF`2*N+SkN5X$w-OA zeD$JfPM{ORpTe*k%=8JXa?K9dT_W~EQ_9_(O7*cL5O4q<$E=Wko|)r>%A%SReZg!3rc-@&dF~&R7sz zNShIM5tGRBS|k$i>!^LPk{J30>QL|iv7NlZ{Q-|id( zECxDki~*(?wL%*hBC27E@U7ZI+A`JWWaF+68BZyWz5?n!Vrdg-!M7%m1=Rg7O`@fBEtL zH?!Ktb9wU1!l_sVms0qG$pPWlH||uU%A1!RCO?8jR)yl))BP@YVago`UI#cdYs<`D zk*UMB1nTz6qXAjz5YKbgmA&Ru(WR50!&yu`GTZT6-gW1%#)S*T;dAn|=XIW=`S@MX z9Y$;V2b9_|)U&d}T+>dv+2wMlt%IqPB)#fuw{6F&;*?pT!AD_pItZ)_Ti$qkknh7( z?rT`HI4Iii+i`Mx3EdxX?>Uq>QGRNVqba{L0#V(we6=xhcF%>REb|_^6jC!TJCU4! ze=V?}$3I`dVm9usmgawU>Om@+eZYBr1LMbWM8wz{46Sum+p`~QQkeFTTy@ObuAJ;U z*12xrR5#ifz#hybC2wSR%M`W2SFmoQm)QE$ zvU2Xkz`eizuFG7xbMv#0O+s&d;1KSiNEHWs7hhC~vXodQK)W}#?o|A{Kaf1IRWtHV zm{Dur4Nqsy(I8|0UWe}1YDdd{a$SIl0&N)`+Z&cg=`;B9W=!cc*+=z>Mfr%QWu+YK zYr{}5N4Wt~*?_N88rFTeKkuWK)reC;x{~OFriNe=^BQ*68Sz4NgoI{e?fpjzmABK)FXfyQ4F8NJ&#G){ec~D_cRC;9ao+rf z-Hx4VE7}gR4qJUQ5l@q6Q0T%X+_LIk*-yYXV@R?FT=S>`?GQkJVdM?!&$qsLWUwe6 zG>mHF*3`MFqUTDAvi0QVO?+yVo;BUD9yV_AT&1nOdYDMD(2p#wZkBREJK9$$( zQM4`8OYrUF9@-Z;1pjr40KWDENh1H~|I-ZYM0(Iq!m%QAb_0ybYs+5=4{6Eb{DY5N z!j6OfHX2%ds=?CAa`pQ$$ZE#>pL&_rRKna9v=Wzn$vQ^VQYsvk4^d&!9&^hekGlgz9pC z9G_V$t-l0%Miu#T$E%*7RV}-)RXu{PcPl-)>!Kk6|3O+$Ox|1fbF7%lD?}!`Aiavx zg4gdXG)vniy&&%`R)2E-v|`~TzdquoZ%}haCJvm0^2=Xp0L5H;;8~eNxr@h4|T{H6D@wg z<6`AAO{4utOd)&{T5%AOyXp*GUJ zw2FocEYHbwW@A?4P^no0il&kACaHQc_U5$AZO7`O-mKAuI+a3gs?Itx@yN$llS%>7 z-Zn}Uu0#jgRo3g8VXd2lSxsDRiOUf?&s`o(+*}zdVZ5#wndp^8wEC9#%D=LZ-Ru%P zI_w-X=4uW=BgS!CJz=fZPW6y-&M*n5$3c#k0h|SO^fS7Kf!A{}#SSRjhMLEgQ&GmXTUkSB<@3iW z*}kqq;fXMZ27I5`WEQ7$TL_Cw(0T0IwRwZcISeU`BmYBezDLvVj!&epVLu+T)Jnb= zU;##~Z!x=VH2|xrTtc>ON7nK1EYXqCBr4OfyX=M= zK^)~S&;@JN=M4ufaO>gjgGA0L57bq=V3dDPQjt)0CgeHf={UE0+J6g5SoZV0Izf0?4lh-YJlMw1R+69q*9$t>zo81Qm zw+?Df=3%btCkErqIWa#HWA*!__lz>upo3EG3x6})=1H5|-2jipEUvw;?9Rn1Ecb{* zKWI7Za#ZZDxkh zJb!6A7}yEDz47&!kyhz{KRt7JsxDxE7qd|pp#EZ}1~#|9&j=_Zia!BD)wCtxSxCmP zvJq!MpQVdW^#oRoTcj=R%tK#+i#{7B^B3pM!vpkJn2$p^y|W9%3R;3qE`jTe4s&Yc zcp-1-Cuiyrli!#;PC$jAp|V6aaoTCGO#C$VdF&MS1K?ptV`1py7h6~4US5Kln+9B` zz6|~P#A7t+O6ZOQ%TBTO&dUn0rE?W43v{!z-eC?u=b#5Q!}Z>rXoU@AX5k|YJRJ@7 zME34uu8LRX^Sy3hRpi}xaj!F1JxxJ!p{cN<9yDiNUnZ-XFwa{t99r~g!#w=$(Akki zDmE=V zHGa2u{r~B@l{#W|WZRXiy5ifk?TP1OGNOIfZ~IKj_<$69KmzL3>MN8S%vx>0N*v`V z)r>%&V6Ls~jo3!v?QUJgFdz%2r?Ih>{et0hD;vopFP8dmR3!OTiZIW)&?lR+0>}$Y zWUQk3&Rkht+0eR>G`HjESi4fAS_Gq1r#Hg%<1=oX1gG&zc~&gfiywgZp~;)PGn2%m z9omKKxC<)x!+bsw%+s?TR@pbvpUqTlOnbqc`K)c@-ut&V5*(gqk5KTJ3xgjILU80^>bXTitE|;UAnDefq;fo5p1Y&B1f&+YQsz2qHPla4#9@2KJ z8}#_~x+CvIVV3b5hHZj!=!(KG8W4?}jqBwB4Zg!AvpYG(4y)S zN>)bDK=*Qbwm+?>q3>Kzg|-Ht=1cM;$?5(2&bCc50~u&Y+w|U~3kCqxebFVX=GPLfV>D4vXnZf5*-ice$KZ2HHl<2va_O(8L>{wi4s#3;#SXFe>cc-wU+ zvWuWKJON*5=Jncv|5`zlk(&ur&}=JkeGO3_Sv7%0#qw;MX zbi2rGfeqQ+7ozqc+!mkL~;T68iLLXX*M-y~0ppX=7ST3scp) z-64*r!jFGi1X$ERWI>I`<1Nib94SB^9X=3lgT@15EIhg8tkQh)q)h)>nBEG-1=mLX zNY}b1o8p|)JC3VJ9I~>hVokK<;=I*M6s_Uj?sTQgGRi}S|M6h?&)5EIgB)jJd)}92 zJs53(NJpjLV^^E)d_UyMw=Um|_23p}%X66DY(2yz-5ANXHUi5fNYCTECYp3YHJ(2~ z7D==mS7+nZYJ4`0$aZWiLj@3Bcf_&D0)&_kS@3NFfY>LLvabQ~6)mo|s4K+P7yR@9 zN)xgxiF@ut|AY<~(%vk)#WC!S<1}Z3VhkA3H?QEW#?xYcm~jp?J*3p^tPT zDJ49oV;%{^a^iam6WsL^DU7*wyV@509x$jcLjnb13x#;0c>CmU$k+9qV_S2_swo-WdK&Azb~Lnt2;yt!eM&JMV@lC)H~F)=$>f zO+hK5-8tx_M8n)rfjf28t2W#Z%{cs%??tKUm7+`Iyp17rNdHPz-P`F(Ra&=-p-u#s z#3v()oH`=GQl#0`kPQo%1Mv^pJ;31PZk9==8D^%l9h&P6ZYPP?{pR5V$}3gn!&B}z z)J*dEL9R4xC+tqPyr|5~_sFPJ6AJI*OrkSm(0S*xjA;NtOmaXupen;8?$=^n3G`0^ zXuBzuDrd^!2NCF%$ZnHLm^pG3RCB`%y66HLZ@1a$;Fl=Xwv86oq04f<3tE`+OhEM4 zn2`gFs@0B2-ewvD@HW%gR<#*)XGOPl4~p-WbJ%99ql=4ObygvgS-OdGxi!sIJYc5&(cKfP@35nP7EcEJ1rt2;lE01ZQ@`(eM zjzFq@Ya-p1@ojXR(;d|&E5a+zA{H>8G$7a9;gyB7nKtE+Oh}vv1Q(X%N7$IlNw^xruTI*& z9e(7)x;T8K8z^9wA9giMrRk+!xKekG=t%$A)hTay$iSua$5#*jI<@d)3q;aRj(`eh z1v6?Fn$R6$MZC9YJn+bEf`VIYfY~iifYooDv%((aQU%xj6t%i>fDP#u+fbeBM#Bw# ze%Vd_SX^ra8{;7`!tjIoAeMbU{PElqYZH*(Cs=gfjHVJbQ0im;5lGByM@VCIROp37 z)owMAo|(IMyGyPsmUFv3fM-+VH zWhSdlxH~yLb;f^)M}Ep*g}P& ztEhF_kL1gSK)ylE04w=^a`em5N7r9Ju5u3aoZc%sJ9hz)@%J@K>Xz3bTQPS#Co~`X zyg&Sf?|+|S*SC58;r_pNUo64j{m&=Se=9lneUtvzskoYb){muEpNIdKmP-7eHs)^? zehttlfn`5g$lgOFZx^?Tc(mF3!kq$PHdiOAhp|ptKSiH#5IBjfV9SmvvO*Hk5Jy^C z=og_pm)+x3ka;!uYkI`8y@lZ7I}PeidVO2nfiQFsapx{=!xE>79?O&S?7J?mSNd?} z(YfCiTKup%()MH#HA|y~XUVSgDLdcvzH{5@&Ds8UTa*9Hd$sf8d0>7Xp)G7`z0QUF zHP0`(ezcmvf6K0UG&g#b))Gjne*Z{wx?{gjW6w)Q5~m-aoHS7^`|8c~XCwIv-n{=; zE&lIS`lrdX{5Y-@>WWf2jv?O8)0_8=$AhO znI^+P#srsC$^M$ReoFs-8_;1KkEZimElp-cc!7;*bcn2SreJFYkX-PUVY%KG2^0&qFB=2%lH;@k_Cv=mQ!B$E^gTiW=}`T)JXk!l*r;zVa9!Z-zScG814O z^Z74$*1vc2^zk^8Dk;{w8N?hMNlFA5mvgtk!Qz#?vFTp<=EHcaZ<-9|0op0zd zV&VU<+Y|kZtj5o?f0&>VZzjU+PdQh zCAKvRGOCFn&SKy8*UWUtl*-qN{)kbtlR#O9Izsv5)E5#w&d#9L$|m&NKr$Z4mm7hc zGK1cK;!GHBjT+OiZJI5EKb`bXO(HhDWjGGgky7fUnsobMGtruqJM zU-jyy9Q!5G!2YzqYR6P=YmMV%Qe`S*gr`Q!f5U_e^jOHTrp^{Z#5E^;RKEa%A!^z< znT>+Wi;+{md=MTOHpb!w_NA&lxkMb1aVAnY}XdFE!@CCtF;1dwqls8Q}y)-g9f zw=^mInRLgSbo{-HKd6C{V|GIK+KMV3(@1Y>+7)!t4u`2>7YGRFLA*rNda zh2OS)E@rxU-_WsJZ=NW79vxnDKaeA$GwT)a(^J1%BB>j@xM`h%;u;05Aqmu{>XC0J z_r^!MzdORX;DmK8fsYpG#&q893G!z-d15?Ujkmk1ELCEbFSH8M=fW8*n(QcNJR8V0 zxZf8#o!MghCk&#a4tkQ13_hm z4#IGggKA8{fliAxR=wH;J|n#q;&7m+yiuY;u*sTk43q5QMJsoCr+CI{?!&!MN?#OX zhbBZze2w|;``5;LkZ&;wUA@GRLj7>gtj@#C@}6uT5#+2%#y!Yz zT-!rL*;Pkcb0MF(&Zc|p=c45RQ8r+ zq;F3RJQx${9UcxV>WFgd(EDEc1Zgl3vuAzeb1N>Ns++Sh4k*tmhAtGuTLPy}Lh! zn3{%Wv1QN4(eMR~R60IGkU`W8Q=sXD^{9@4uBL$+!#U2xzxmH*p3Av^at0W@Vf?{R zFE-g2-wR%)%*Mxxc+h)lWZf=S0Qwi!&wF2Ql@5E;;c8^}$A7k)zpwvS6F~Zhjrpe( zUbr7vw(R(}wY@q}rxgPq_~qnQ|M$F*vAU&+;f$5PPD$-_)llnwyLqWU|M~yrfX+%8 zmyrl`dmAD1jxctL)UzcmsV-=CoL=Ok&hcBmxbF6f1WHNmfd5+-`O&rMMq(G&W((s0 zd7rkiK$uqI2Q!v`C{kM^B{$sHhTN(8@5qRRD8lv!%j>J(Z9lJzzjUlIo+4NIRL@r< zENI4)hh*Y(pFovk!lpC+pm7ODDE)0D!BHeCg_1eUTSCbhw)H~8FT76TL#fD5LtE0{ z8)YU@WHf-PL-F5`GpRht_7q(k`nS~9Jtt})dB^EI{EECEX5PxULKKWmf6YC>m&1M-&!;Hv+~|+Z@&PU0A1dq=c4}gT7^&)nrG3X%x&a) zE%$TQ)twVTl8$fdoqlFX!B)TZ`iToED7VIj3N!*&FjCBxDUO&?GnREMI8Xu5ua3uG z@4INht?RnX)f336Q1{Xxi55K#vv@xjf55C)7;QED!-8+i7-QqA>DRd^YCf zLX`fT>f<|wX;&ZCGj>~>^4Lb>GV!?iU`=2lT6XcPi;p;8EZs#bXQCwUiflf2(r$8c z1L#?GzFbQB^WNP1M41#je$B^Z3?S44oYaHl7lsAun~*3AuHDl-Z1<*27$fkIX6XSwh6yDSk+K_^nIFd zA%Gd*oo6@WlsXivR@mUy{qL*?y2GgD$B6kOfEf(XdqKgb8YB6-Gk4k+{hE*1zOF8nTGB~h89g*%Z3=|jLJ<}$?YG9a2R_ud~ z0iJAdI)NC@yhbgp*QYR*+5xf!iMjnus&;6mWe{K7TYNLL}_nkR4HABA)$BL@7Qz_i_HbbCF zgul(eLG}t@F{m|m1t3fek5I+Z(55;)84v36fTlv&R3xiyoc6Va^Wb@8NJtv14_VR= z0<@6B_m;8n07l8}R2366VIEj-soKpCur~?(q!A*X*9#^Do`E5vxURU5fB<}mb!NQ? z5KiZbjYR9x!{|DyvlebDc09@Xfoo7%Ja`%uuS^M(ts@D#$9Ak zBW9$EQ937kQBFawQE%R)S|w<>-SSbXtygF)*i_5b#`~m4?E`gmtikaJ%dIAI*uP=P zmQr=xHM&A}is296!o0%!Y`e?G_nfN<^hO_h`vhwQIt&NG9G@4p6 zpObW(UH4+wE1c9-v9>le3|q(L0uV#ILPBAp+1B7JL$h9jQVaifU0Ts1jV%3FjW2lkC5D5vi5nrJ)^<0P2(_Zhr$+i_00a;w)E{Gop zQc(h_0X4grY*6WN`V>HT=y1WxJKr4f8VV z>Y8mO3|v+9az{@4HAm2()V5Iks{|}t52U>wAtsH(!9)GP)FO2@iE{4WBtTUGx%H<>dx|<)X;oY9|boz@o^a{Yr2? zC|OKJP7YjipfT`!+aUmFFQOb=;Q#qBdYgErKi|hu!*$1aSn;bdbul8=P|$T-Fqs#o1h{C?zNM5VvVzWgS?#S*5t=o=I)#T)weT>IE0g79aXjR z{akV;T8B@Kt?r7nDOhJQ*2b~dz_*h7_~_^oU3xq3ylz221;!_r_)Vuh3@&iM>|elt zxKEw-QMvX2f(Q@tewb>Y-^!1gQXlJFDdP;rH5l`qe+YTs-btci* zaYVEqcObdxWS5Vd-DV?QN@hZxQd-02LF=8x};Sx*J?Vz?fdKtUOT`UZdeqoDC$ ziz)DrTJldS`zLwnI(46Em_4UMo|5QCa{`yXONUH%d>Ogc`*nC*xo73I{vFrG=Vf$q z7PR1s23RH8ZiQI6n#ZS`q1xpDH*3}UP6ZZ{4R;W8aKqWe$y*Z|Lp$Wqm22V}DczUZ zfO>rsMoI)@VsK$;6+shXX9FCy40nF7QUNeo{4FdMkfxf*3y`C+GPN#LCOzo)L;E#m zo#G8$o)@eng>V=r~FI4z)5|(?1 z_;}bPP9u zziDloTfS=jnG#Hn30%}jAwehg&g5x)-Cg&mKWPN?)}rF$<4agmwD3Tu_;@xms}h4# z1RI6+iH9z1ybzY|T$zgGC^f^B*L{$rUx;_Gfx6!E9vaKlSgR$96{}K$%Drbj5O1}N*74C+RyZiDsvIa#xv-uU0$3@nzlxf9aweq=JF0+KxHRQgms zv+izIKlE_uHl@MA-6(@|>eY7s;LKHc{*-aGi2O{R>_z*Bd6W`s-yzwgs^114tfd>i zsS@YNnBXX1C%?qc?Oxla5g+|^>Z_a<+Ph``tLlI%HNr%G&4U;lGW~*&s#l8Gvmhk4 zMREc4z7G$$=Mo|xQB{)J0d1d-=DHjG!v!g{JES!_YG8LAuzYWSjq>hFcW6>X$!Ik` z#)}y#ThR16@Vt%?c!@5DptQ<>xjq#rQmSZv0$-(_%+#Pa>G9*;=Wf#L2o8g_8u;f- zCVI;6;2`jpWyt*jXWU8Rh*J~e*qPBdBa6e$ZiTnQ#(QU$gd(FqV}J< zt2n5`=BDbS@=*Ia&b^FRI2!F@b8|8-c)sHR`8&hm1#RG$w?T?Z*lL?WVN8fS zBnJa)O)xbpW(sggzAYF+kvM2xCCTrq_U37x)1i{-^1gjKg+{#a{KV<)RJDwc_Cp%C z6rz&4%ga15tmDj`PNy1TC$p#M+q*Fpp5t+XSP&j2o|u5Fi!|3ZUS^PuzHek@^iI1RWRsC4UcgJ>1{wiOuYpR9vIwk?W0mu<{3q#E>>V7gd;1yA36i4d!j08LWq! z<6c@dLwBY2ehoDDTH$MbL;r-xOurGPX#nziR_jj~u^CSDE{tk{!Q?@9X*=8-C-ZFE z7r%|sz)G&4R+(4qiSikezYYLoM^*!Wa|}%&isd1UZ{^&AulHJ1qe2kG)$#fGQ zkeTv&I>ZnJc{ShEYn|%+Y0PfB%^#|wIJO6h4_3=Ux^5ALmj61XH>3NS(PG{tK=zlV z(XS8X(xvxaSjn4LMlvOLa_W1tyi2w!>t;YRm>|?43n2UXlBQ!w*luN$$OLAE-&>jp zvIc;w!Nyca6-^UG6~2*#>LGrBl9PETd_ODjaYTsA1~emZQSrWxoqJ*!=rWZVMyt2$ zAK;;PMA5AcL8@Ir9d;Ul1cjx%{=jv6A06d1pSk{lsVu)@KL`K(;q^Ym)BB~40#uzh zmFA;(H37S@R9{D#s&%^2Op2)P$&P(R!}gcQKZG{k)qH5}4vA@^OwNV2HrkLwhn%gi z+?pgn(Y}~hxpM{i;(moK7e6xM5pI0WFQ^Ej`pqJv7% z?mp>39qKJBXm2rhG$!|_oj+VE6W?|xs|5gN9}7s!5-`tGGF`p&D45quEZwXm#9TL{Pkx6@c}1Jfp)a8!U!K`~G}q9LENVbSaJ^AYCA#gELBzE+vE(99nHIT@)Eza=M|>6JFQJ}`#Sl6ssbU2I)A!ILU#)Ua}u z*T~Dd^3o3vj6`amJlC!v=G@XwF9EDl4no*kda@^&RN)O=_w=QrqvS0qAiiEn09bI` z23eBk>Ysf)Ek-Vd9}s-NDstWAV}1EiM{KfJxhK&0z@=*%(qr| z-zbLK+JCGPasrSKL4O-RP{S)X5vz;oS&^g>WY1-*Ow0)hzn@5|l2J$t%t`NY4>cKR zU7AC0R&*Y#KW|cT#gJ^Qu_P3R=uLzbB(N<|OLuKR5S4*GNK-*6Et{5K+;jH5|3ESp zqU}))KLb1A6XiV#B#7!)-*LbwPoQLCLD^(I0WTY$&aZ`$A++U-9WuL^Mw#O`0v&rAVS>(RE*vI*^F&(9evvCrN3Wps%+MyymAC z*C5lWE>RImP2_JJ_qw8ZSW&XQFE(~goU#I|Xje%VTQB*bapBx4VPa$2+TfCnD;^I{xw_EdTr?bSc{G%QR$Prb0>&?)RF_+if+O2Gzdh zIz~;TA3Sa>&mO4e26$`UQomcX;k9apdcaGJG$1aAY+9u$JsTE4j~o6Sd$IU4pz@B7 zgTh|EwrO3Xy_Nb{LY)W0H8P{911b{dK2~OjC zbZdQV1d_W?`xS85dlzY~XAQ^Xzc0v+U&i7qw-4Nqh%=Y?6RF7)aDH?r>L^OVq!GNH zQg-0|kM7f9cb`r+gYChU?Rx*>emmddzaA1tD~WrOT6zf6iTSr5lFCV6{?e$h{G{e4 zG*2{2w~$eKz(Y%>wjaF^|D5l*?X0ba$XZxx&WQRDi48@5IZj0tezbt9v4@!{nA#Ef zzmMTRFXCTj^FMpypFQ!XzmC9({QTVPqV&rZq{^;u_=A#`r%R;)Lh76WSi@R3 z9jLb()NL!()8Uq%#m87+9PsN{c0z^XxTiLxJ<)_R|Bw6lLpLGMJa3oY# zpa@i*tOh2`QHN^r6<2mLT z4lfHv(0$~}k-SIKbq|r+5@-*zX*O#AR!1gxmb+PBA%Z`tMF`>Nb(9pcfkb&ytW&L; zq%M`_bz5H8XmKoT!Ik73q3?v7U*q62 zQ(eZ*XAmAi`3{E~3MWon3_e?1B`J~!JZAy1MmT`^?!o-uQcskZvrSg+{?#L7>d@(v zFAm>0{N^^}lTUwYZ@OO`ZEI?tFgN#&VIu=0MV$=O>oO5v9k)Vs(D2S?6?# zd(oDStV3`^@OkRLbMAlDqW>J_&foe+RyJAt;gLeGo1G>^@UxG4xX}a?K&XkL_ASZ+ zu28Puf>b-eMr>B&0ueoHG)3`LbdL{-jJif7e%td9qt&Ss=ZuZ_sX`esQgg#-lj|v65PPDhbk0iGzJDE)! zvO*=9K~E1;L5)#Oe&Zl(&^l#!Vco8f0;)Cu*bPjVh~k3jWOmH->PN{XcnZruJ+3K= zxq=fi8y^XtmKz5JnJJl-x3;T=?>~LLF%=80n#oZuBQ~w&Ks{WiHimWRK@&3Xu<++G zrx#7r{N63BZs4&t;_p*cjk3^CTQ4LJLGWgcd2FuePOjjwj#rLqWl}&ZaQa}gA}~j) zel3jXU8W>#*$2@G_a>*;Il0t%%EJk45z+F);u296$gPIuvaNmKlvbnJFwFZk2#spJ zFAuW$n2T91DBA@xE5`>&sMCH||9H!ya)bYS>%I%dEFb)q<(ZS(a70SHaC^QP&?1Vl z7q~AQ+YZ*0>Z{i|Ct=b2jiYGTLKi%E)*fXtBocXkTxa7Z$~ijVIZMs{aM}4q#(XZV z;_rX;Gm&9k{al~4?{P-*_i2-hbY6=pHmq_q-J-3YDTfHp(W<_n0_LVl{-_8#y%bIV zpqC3n&!EDYqj(Oqes0WR#%uKumdFk5!YUumIpstMbwhVq&kydW9?MNd5 z^g>}Q%_!4%0Tjx~&XyQ6>n>#{)Lk!9-N;nR!d=)^^>mjeqn7O>YBwC3;Y6rrIy+rQ zS1wTJyVG186=Ak8S<*;rDo}QqO?KwB*xFk5!7p9zVL^hNgXys}Mea1kz6ee7#d2#ePu9}0y4Bb*_#$1I zmXui{R^?Oa-P_wKMz)uzi_~qE0u8Q)DA5Pz8sPzJ>mb15;(QY6YWC6Z-12h=2SUQ( z=JQX_&4vkNW@VFR-;~v^3}MIpw~MueW+r0|jTsgiv8`NfiyK8ct+>{QRZ&|P+Fr&5Al0;WS_0u#TSA;!A# zD>`2*BJGCT!+UeE0`vxgxT#quSOX(+$33_+x!ppjb{73X(1Z;wn`du;Wh!^N9PT)F zwm8780yRV*YGw5esnf|(8@z$Li~2x)?N(=V@I?QXSo_O?A&XnNL-y?YQTTrU-JGy( zJhmXuxk^e_G$fBeaL}K$b(%OmLX1=jWE+MIMYJmA<_)zAjw@WAy5Tq#yE5DB7YJ}Y zy5ZQ*k^%lwu=&`RX&bMVSZ(h0;GQPqL#Gmt`Ve40d<(yJqn(vg|-< z2%k)96jf{{(@Yo4#amkhtMHJ{CobSy#jf14`0fF}4s4=d^K2^Zz=MCRU8$Rm_p;-3 zdMrDfZ6&SdVIO;O2YDQLtr8HX7hso+C|tIelBQ^v$qM?1TKD{LbomHf2@kS2$&!Ck z;ObqOh{qE0T0o{3Aa4X)8< zCgENuVvO)*Mm|qH$W}~6>V75cxOQB#-bV$4jsB5M?qP~aGC(eiN&)Q-G>`NU6Icz* zX|+98^7*e%czffAN1D@XB?({#fciU!4N?rW) zYuDnyMJ+Gu+ntIlsfPBhmrWNm)J!y^+CMpmeahA6ZBf!G_Lo&A-A%is4_AIGcJrc! zWDMO!$Rp+BgJ)}h=lJekrs~~pt=~hYVT-+Fp~aJ_=bwRpFHQ!=X2=bM-2RBDO!~z{ zxAQ^1U2P>37!g&dqSYb5XIXCRTO{1)J)$mE;@v_^Ha=C8O=;x;fft^7;RltE*3CC-P94HIPAGe zH&+Me%-iCA`e(EM#X9->D#S*=aAA$f4+Jv*Cgheiu5uC@MEG@HR*|ix7@(K_ASb*RF;1bnFA$k%*}NHyeC zs(%|0`3ocB`jZ)pi%99cW}>ZMn*Ji5vQU^5-ZGl;i@{EhhyBp(y*%FyEvw;Gp(d4M zkLh*hN}e$xN2)8YsB7Pwow&P{o&A*Z#9*xMBsScc_A(>*olBB$o4yxZwi~Z79lb4MWEMPYf5Q>ODcLum-EYNX<#h-SGR~32z)-Xz z2YX3S3te3Ef-(GNz7TWOb=*r;uaXP8I@YjIXvMzkL>OV&_2e3PEWTkEF+RFdwCe!Z^j2cQ3)HokKeZU{HNr#5prZf9ZTr*9m* zQF&{+1j7o)aF6#_iLEy$;Nhp#P0_#A{rvBo{a>``Kgoy5>FmeaH(0L9!-QURK+pK< zHLS>oTX#mDe@fek2_wo%@yNN<+>1$kn5%R|KP53FS;MRw2z|tha5A&C^^jmkm<-Ad*vjD^JHJHb>YB|p*Xsjf zh`*_u4PnozEvBR&E5?VFz3$;Bp*H49&X8Js!>NIcpvBgJMKR2=TGTFZT+o5yNDj|G znpg+v>h#Ozi)L9{0{zeF0IO{+RCn?}BS{tkqqV0u;Ge1>b*LHNaU=a!<;dYMdfgA9 zbw#=7vZA5OYgbgo&rRk%+Q>C3%1U~zO!fzPPiShbb=#u)s!Iw-FPW~QlG74j=Gi++ z{4gi;+-3?gIQA(2QW%N=co(O7PgZ1!pqU%E6XDmGdDJjfyKeJVlQeA;61|ML1BUlx zICLoYFMB(&y*~K;7SFv#)7>tZUFcd$h~EVSQl|n2k+7xMS8MkzGOm0wtCgx7EvC`9 z{yx89BEW_;W;YcA$rHxTTdzKt&RVbe5o>YPs;fVdJnyROKk|EJGimJc%64FKp(!9? zH+Vln2f^(Cb@gAfu>7?tbWC-HQ)LN1#jGS7Jpq`K9}pU%X5T&}%-NI8fY_O}Upg`p z&86D|wZ9z6gb$c$3y&?zcba$uT+X>8*)A}Y%v6{qSz;~w#l0%%on2(slS>twJs5L`S5C;6>l0~- zXlbNWj)%u{k6WCrlM|jV`ePDI6whB&?GcFWAO3$7B?Cf0P}a>cNq8+8?M7k7v*vY(h+MAJ``9^DJ>ByND4CTw&@Na0U_)ZyK<=;Y@LyowEXJ#;4f1S z4U>(pw>`Ly-Z<`EW|pMRs(j$>|3Rjv0-Eu2JzR>*QH>1uA-vw}qe0A;(!ypQm4jYA z(pNXR2+c1=v@OA!V~O<9{Ul5T28Rhp=+THx1RAmVwVvq|d}hN9UhW2UyO`n>5WlWf z-Ezdq`T#Cnop3Jb7QoMRf56L3CwdW~x3Mhry-Ll7#Z)QhwV|AKSm5U-Xb|r?4x%;N%W@}wosurd zW>F!QrcvuP${3%0>?50w10W_j>am-6Pht zH-7VH;eXt4P)v6z8axi7)TDdPg>d>cGK1*H$gm>#elB!FqA$1S( z){I0{?Ip%v89nTK9@WFlNoZWO+Dl5mF;NL)zTU|VqlB1;St;ZkE|X+~D<#W!1)Qmw z@-%$^DQRN54!CBS#)owX)VBEhyc7i+=+KPno<@8m5*00NKxQ_BUE@k@jB&4=sfC=W zdez5jY_+qaioTlip)?kTFHIy6*%{&Z(i~S;_HJ{YQ7p?#*!JDTruZ|m@N1raRkoo8 zm=&C^f7j;A9tfKhqUwu&XLf$-5@*J<8WXuR{C*P~a83w_fGTp4hd((drNCT)zV*D$ zsXaZ~ln?RD#04qArH&?8$L)Jz%iU+9LkkH0A!AJL_i8*riYh8v>ZX1)OkNmSMbJV4 z0MZ+zIGTKZHK%nrBTHrv#xrHn8b=}^%Ynf; ze2d$~h?~|st%w%I#KkL0%K;!mMU_x&Gkd*DrA7?BYm;H^HZXHE8gVq2^KQ9f zLICL6jEOcXNc^+zFMT}hKjmMiVqC-mjFy-;AERA{6s@l~yhMu+$&jwxeEajC4*EX@ zXMfr?e^T+EBRKoppyM7G%r@}V_q;l{#^wHiXB|COkfn;8vA7WAigTC17&Y~|!iH40 zJwwz5I+EEopHntbFGc}hF$sk*Y2xXuvGNg2GVC_fM+s8i+7hO^X`L#m{PE=Wd|qph zuEffW3Zs<0*WJ{HN>Xy>0jc`!Ohqd>8OqTIKH`_ZW(Tf2mT@@=eeXUR+x`en5&Pc3 zPXbNo@Ls%NoDPlO$o24~T`+)Od6gGdIGpma>*N;%bQe)2+>oC;n+&dB)B4(S+zpmY z3Qz&9PX-?FuhR;JvPIS6aw}%#hRp)*ss{S@j&+Gw@f5Hxk3*tIkZBi0wDHOUQH zzOHuW271&S1fT<=EH!NcdNsxbl8=YEeTWSstmX|rO@>_;ZM}`xa4x7;~x4JTTje3D)D3g-MG658e#+u{)Pmy zg~bpaB^z@kr9LGk>I=I@ZJ|r5`@3ZfO`Sa3oj1oH`!g$4FZF1jH=DKbGs&3t_QTp0 zku+nQFPL#%8S8YHq_g2vE6%UNJ^lKDz{N0Dn)L{5SEyQEs@7D97)%&Wkj(&iWaW3MY!UWn@7LkFxC4eM1{ZaM&O zFOZ3^kC(q|H+6A%J4sNyR%*r8<&@dvTg$xe-LL_btwsKlwj-0+M^T2AXiH`)#kgEg zY`k|5S1$UwDR6ue<@VxTMO7LwnrN`5TMsuCE|CrEURuV+8-!8}n<_QK5tw@o(tPLe zW+)rxet0^cOLq%A=GFy+m9jyKa=lxYV6gm;4mj4Pz))F3L{Rf(-4SAk=dQz%qt%yV z%wu@X?k^f50KXs`C4GamdHriv9yrr}zqDZ~m$YkX-s!dzfxG+E_>M4*4DpKj2xfIZ zOlyFiZQCq;Ej=YLPh`7DCm8udUb_pqeUKMc=Ae z%`=Xv!ISD_d`z*HnMQ@2zcn=1nIAx9#-*w2tF#Z<8>mf6aQ95uflNXos=$AjM+@YZ ztfX!(Y7&kljL41WmYFx^47g|^>4{Lkc}g7*kL}ZTjqTj{bE_y|~!2ONGew;YE|8z1P5Sz zPGWsPN>}}4ZcehHMRlpQ>8ROPfK#GpUT%|XxfDroUMC}dE3*G{S40a^$V$JL$GWuw z6$Vus_w=Fg`eKZ$4e7240PS#50{ zg=HJ$FmA_hdypFJ@lmhmT4Ec~ezZollIm%1>}vjf-rgjI5G23Ub`E17?-KxJT(xQ_ zzq8|Ks}daonzSj^`M~+>8YHb-?aIpGW!urTdog|eF?Vp)CW6@~U~0SR_K((sU5oHp zx7zW^jxK#dXEo3gWVavCqamVgI`NIe1Tj>YozTN*KE>zN^SjEMizW~;c|+_k z-QGpJro!7fxGU54UZ!`0yiJ<0dVp5@Rp44J=jy;5_Fey6S?vtVcP2X?bH*6~41J|U z_0d&;*9lKG9JSN|Hau%4hFpiAz$Z*8N+((o!9nxMmO6SwYouVu&9=UYePv`(Kfbb3 zQ42bQ#O;X~`nI>3kgA`SI8KU8Q2U1ds7wia-+!lte&=*YSoL5o^DuTBEc=2eesO6z z&`4fzechkd5!b&T2e7bz57?jY!{ZsbiK4i27MFu(dd7Q@b_->lw5tWsICY6q(7-Ff zm(Ut5vtmeg9{S_b=BD|7YcYPK;L}>-*_kE(&9M zLvb$O|D#odKeL}AaeqLhkL-KDU!?EcJbS%y4!?HF?4kiInBFrAD{(*=U-^=ouiAJ`w(4i!=4ih3K~g zsAvlF>UXHR!ekR`&jPXwl=nb_ATtfe(E~D&lnfDs~L~VzQ{~mZH^{MQ3mh(he#a>Z1{M?WPB4rKPfIRmpOy zU07KNs}D@|jh@Eze&hIYMymS##`&|Jy)CFNjg})@S8PwzLj5DMJ1}bQob!}20D!Kp z$zM3tZ`b^n_1FJ7Fn?b10PF}+3s2pdZ;O}-{+V%d%+^UCY!zk^oaB!iM|I7rS8mBf z&YenzhwZd^?tk5J_Fr64#cX+ft=avGzG>ey+%B^RsJgOA`Ag!~-@ta!v9(Xi6!&q@ zA=_?iht~TtI^olvQNtG7=?$}Il;}=U%316EAAIsxtj}g2-0>e?-OSo5{hD^lzxU}I z#|8S=9ll|w+B)UP_MiU#FW*Lsg?jPJ3&GipcoAvk^1B*6v__>!zc3J8ytl4NC5~5e z#KirUpnTZ$gobCjuc|?mGB?`geX8NY5boIR1?B@xxB&Jv;~+=fYXX-c>A9fzTr0?aoK8bwEMCjQ>y!~2oVMCSI!hJ!uB ztH1P_`i~}GiqC41x4Y>QtjyECXd9+;0@^QPi2k71Fd3Tg$oKdqHo5p|wQVt}8Mn*5_3_zHAQnd8h8`6EAn~NzVZLafr<7H2v59cdZ)9DY>^ES<36Z-YnLz zw8F`o#q!1UTNo!Rx!+j?ZP|YDY|jdg9-rJB>{?AXn6b#FWAF9CO;O`FW)Q zk(5t}INWN8@hQ+CKPvdB5GFOaK~Z^7B?YGn#Kzzm$9i}?A+6$lw-aLP0?Py->vRtdUciS zQQ5Eq6}C;6EH}`cqD{IR0>M>oGd4-0J41QuK{+w?T5I6}E5ck~Lcylh?vDuc11M zfvVTgeT5G#pI!IOxa)VU^;@UBNxUryxEfYohr>9OCayM<(cK@)prtf?Y3B`@1ZF4K zfGGm{)t&rcIWcHbai-t|1fU43yBQ2km{TnWn1p=Mp)Hw zX9RC)4Y9Gelx{Hm{_!d@ywa?%-*yEkFf8A9_h3V4Hw)-x(pfy_y)`3VJ&}yh5{M3s z%$YxPQ%s*A+4~#~cJnw{`XFw2CD0Oy*wvEH#DqluUQujy=Y`&Uq*}9lYdxG9XshTj zFin)kR{9<rhCO%bC`;~T>G)0Y+p9&j1TA-_zC_H<0N|FI>b2B+T)$q3M3~R& zG+(y6Fqb{u_yQ>#IQ3a4QVU9(%KNE@_x1FzzVXTS?yCszLvdCmy{U}6>xLxXwCY+~r3>Ih2#R}tVLire zQ0pM55WnYMlNFSuLc2(YF+hWc@E%tzln~!DcV9}Ju-wr7mKnsqGvN^w0P0`GOGdCG z8>WVexb>!z=w%ck+8W?d~VJHu&aC7T!BDA@6&dKE}}gvw7@NBEIdd5IL7!??8E=&$cv zs#8_(>6e8`#I=YsT~BAI$Gd7J!c($XVqPoAbZ|ITc{FRwY0$Y!DLkM#kU%7`DAwrV zbOopRfPcA1{Q0Yxz6inWzSZ70jyAW)sTK9|D|^~3#A4)waas*V`qy07!}_tpIgs=p z=umI%%B2Bgk`*|vCbV=@1;vJ?S*q}$g9vOtM79#`_D9r#?Qyqy&z^sQwMMh=AG^^@!?$x!RXTo30Rx^l^jr_J z{mBui{PuwMY?}!d3Oxn0>V4b_~ljQFbjbsCv^<g_vWtv52YKL(xM(HzgzaLafPzO$pYLm?wnf4pPPB~)^L!M;$mcs$k8ZM^~3 znR_+tyE3WVzsQRC{~h!8&nM6SCpE6Zky6Ht*yU57FvhY9%KzqSl;;vXuQkhH=yg8$ z=zgYrlpoH3eV63_e{b$b4Zp{b8EQY0J6{RR7FuMW#Q_x~Y220rn0cqK?j7VKH9oE8Op{9zu~5vl1nGf`8og?gKfzjrWMnBCFB zSocrB-fofmIK6ALTuv(>U`hm*hKt&T>&#!~cucBiA)bZi*xa_*_ zBBNrUSI~OB+Pu+WyWiyFDAsfG*n0q=YVvi-MGSFn`5?E|`W9|<%Y{EE%qR0xRctUt z?7oEc{hh4hc2Z%eJab=XV?GZ~*wD<&LICwlkFXJDpyjGT!$q(;d`LT|8m2k?P*W6& z2^jSj;N%-atn9BrbV)`}(Ws&wjEz?klPe94GLUY7wWJSB>g_%|#Wng+m$&rB!x?OJ z&Lk1j;ntJw$C`wDY=K?(d>I7%@E6Jz>G z{*v=EuZo7_z0_0zRfR%J&xqvbQi4OXRw@zz=re+appinKi*2m>D0#rWXiUXs*Ykpo+8xnU(mUwbnJweqkKr=rCh(*__4XzCf z)t2_Dz@M96GI4qlX8?|dEx<9A%hEH0U1qFt(7G%ZRuC{iMR2lhg*%}#*~D3HZbRP! zrF5G7jhym zWpSoNZp@8v&d2sk7E>g9KWpbhGCvHuys$bBj~5I1n0}WY?G9A$pWgE^Fe89LKE4ebg#$0SNh5GJ5F>vtlIdZ2OJ*<#XuF9?X zA~r$wS-SDE*O+&fEGA=}r@zQ{ojYdtuHHF2#~!K1l^f6IOxnnfG$kS^Le|JnXl1R( ziybOdmolETAs@aDzYVZ|i4~Va?CkAaN znB!N*$PZuKNT~}6*kmFdwFdO3%dN93ah9&j$C7MYFmOBFLq{?FJ|JS-tmnplc0%xi*WzxY{!;SdV4(>nBQLin8y#6#vC#HU9NBJGEaC+Aorce@7 z{Rde;Y=%P0&iVD%=}JW~|HjS?(LbIwxO;E4fVh?@jfP=5wC(K`yeUo3YHK~6ry{@S z_m0er+mQqXK_{y>!c#$EFSiT?&aA+fY!sc6O<@_DlgP{8IBv@_A{gl!p=eP&>9v#U ztB`whwQvj0;9U6Z;+CYRbuz0`-Wu{X0H$2O^`rp1G0Lq3>cgw9BoN&$VlWu8;QA&} z?S9-evDK z;BizjJ`y1`^$Lsrww3y+`4bdc{fEcmPPZxXthjAEsh*SPupH{Cfr@Mm21 zBi0MnnO+t`Nd7%9jpV7>E0e!rh_cO@&43LqB7G-AjUXO5?%BM+iRV!~dA(xRc6G8uZCGlFc8lvzlM2CW* zlC1Srs90!|FGW|f8#jKl1H(j66glVqh(c&kvL|*`%>HM!pBcNlj3g$ve_c~N>6gF% z$-3g-6l=fNfXz+qN?=x57g!+?vyqt9GAEHG$4^&mG2)9P`YS~ZVwkZdQi z_6)(yJiVg5y#T!VjY9-B^NnM8^H{@)<#}&iG(nd-aWVzh@&NAai(YEdIGSOFICag} z=~B2#$S0$(%$#Nh9X57{WeU6&eQ#0Hzm|X}P3UN>)J=)lz!c{yl{{av^0gRuCV_e~ z?BH&#-KKTDfwiC0FM|@?^;jSM@|a~BPqd?23pQ$qb0Jhk4XwA#!RHp`_g>M+@S(zm ztVIP$f?bZ`Of`Lwbve@%`NZSTG0W$oLfBN`j;XKkZydpTh}9oXM^9ysYg~iP&%SY- zJwFYw*i<=@nRv2rrnY6Ut#o|<8;AD9sd;Zf)8H!PG{4}u-gAWZC_DXv^S|lMe|>BE zFyyL{!TGPh`JXvK&fQ!{9cLJ_u_k2*(}r97;KJkN;U`V4oo`f2|MiUj`frpt+tQ2S z9Xn@rEt@--X7#Ik?J7Hd!_EVRp2iksC;0>X?W&YQHaPY2|ND3OZta~uVdV8;h+}QN zqSd@I-v2G-)iass*HsF$A^MsY&$*_vKuSk-r=(m7-5^8{X0!?wBsre*adjfK?sDuo z?A>mzJv&WtObXCW=k*9kz$ylAk#eUP9^9Ax3R(o}hUdim-D-jfk1QyeTH+UrSEiIZ z9vS8W5(pP|hjPD)u*3cj7nnh*&Ho7dn+>1IN|4O~&XX$qpP;3^H(&=ZY#Uo`%=s*% zmC~B^7EPPM8&-?oI0oT@9--22p3r6?t7j@|Bz3TlarF~yLg&R2dSjw1RYh+ z8t^?B9UiCew*9|!>wjnQD94XZ9{o;rPlJ$Z*s!G}nD4$3G)?4g59~pj%@^($9}a%_ zX;QgIM^BtwsvL-1hn5n>g{C|EmcFiPjj$pLgO2q!H(fV^3@q+vSKSJ{FHFx|BSG_H zL9WrvqC>n7S4oQ@QY>o&ig~fpRY!+paLtrM4w^%*%90dgCmI6^03~B@o!-in*AcB% zQ*CTLc}z<#8GXuBF%!FDGPQ5w1YDRTH= zJafB*4zb_1hl6~E5V~&*X@gGvmd3r_w%{Ts)l zIuS5rdb*{pq6BOP>3$!i@x~255hB1BHZyL%NrpJ&M%PSQ!<{jiALZbZFfU3Vr$^s$%sl zDnF^=gooL@kJ}}!6S?M>Htfj32h&;3C9;Rw2QZ?dmxcd=gAObL*J1gdBxf;+QE zsFrKj<=OnN(r$YRwu|?*gw&7}2c6^9#t7tI6RY6qAQfObPF=zb>;xIAWX@f#6SiS{ zSkLSOsKeZK+`0+^jZZ@;t$kDPHtx%TZVJ8p}C@! z9)coXoy-lB4C?6t;nAOI05@(Qc2kMO${vlFuG$T9cX&T+(?3*m-66R z%&qUmJDCsn5f;09Cy?$x@_}>ZbGi8*)=8UOh1HEqeQ;#@)7qBOJ-(IIr61N+D>lO+ z)ps^$n~IH)gqKCc>Nov`#gmp76lFtA3(|WaBs0O!!=k~2R-pt&vI?EsoZA-Qr-!U> ztx6Fg^`&q~{Wn)m!ywAK6+kL~$u6}M z5@w4rlI6p>R{v7BJ|$0t1#B*_)a9xWWQxYhTYe=G4$5?gpoz(jDhT^ijm(bOz?>;W zAs5UiDYu3_LCox27S#AN0uNH19X72R4|;6{GFf%C3`i^&CkPJCi#}TNj(n(-JwckPyE3zgX-Ac13_BCou*43{SLhu> zOJlDH@P7H}%iYO))V!*i^U>qGIlnw9@%qLA(tJslo)iq0CPWxWT#c-;RQCx(l*%-6uzwtRGPpOuQQ^6Af)6|I0- z6Z_w4IyvxA?(@mjd~g(bJmcqZ01iLI8MH@42G&}}qRQ|%fl7yy%UQQ!33ykx8*X(@ zv?V;0=#3W-8Sl#N8)o_<__w{mm0M8`*n31q06%;R@mT@PW8=cM5Q!ED;(CN3O5?@J z{`(A9#WKArIlFQRAydiUsBHCmjw#=;*e=r zPmw+e{ksFAiY*RIL>O{#s5vjuO$E~o95e(fQP}kP4y>zmLY{qm57d*tc&aXE=rcTtB!YT zK^-!t#btrBd}W!i;6#e{xQT=+og`0i4m_3`eBmb3a;=CJSPwgANFm$xjG8RDs8hGk>VZdwg19A_>0^0_k%o{ z6&v_J?%SQ0JH1_J^P_{ejyF5ml{4m+qRI`2mM?}IRyy8_hnj?=suFf~Kn;EG-tJa> zaMxCS*%qrU1*}Z*UgSMWJ7_D=X|B+M@L8z5W#Gm69x%My!U-Fqy& z21phNrCspN!j@~c(I+tg(EX;)MpMI=rPBnlPR^HSt6Wv}`*;YC%F;Wy<;{jqqj}nb zyUldGuiy+8NVIup~Ktnxfs4z;1-?LYV{LqPA>x_!m_b9}KfOc>vv z=hys`mire|;oqzJPoU-g@C%H-sgQW88b22+=d7N2xk65LPfKr}57Lk_+gT^MVK(PvSqGyjKtNk8j!g~@M25<{*Nnz&xJ0Nxn&2RF75J2I zvl0o8|Kks-3&<3$fFQm3sARIfLni$8>9pHTpJn+j28AglNb8{{$`a$tE>tqRTTo@O zXOg+PzZqp{gw_W)X>sD*2F;o!9|b|N+F#xS(%E|ji^HGt6Uq;QqC%-%1DKg!I5jk> zRdYy%o13m;e{$xQhILE34R>zl9W`|^Q&KW@F*UeZiOvHDeKG1>Q_j?~#Wmm>i{=M( z*}LI=cFRP>l(sWx3yb*f78bH)@;5^BADTU;n>15KHI;hMGO$G*i2 z4qW(veut)Oq+1B#*DR)c4a9!%Y8C!+^UddU!zAR~c+D%@z*BB^ha9$}hoF+s+l0g| zs*OY9Hj$C&=gq}qR_7?ia6i=Ofqgl=Y%)6gP3^-^rp4tvG;pWy-0@&j* zjevQ+S>ncwQl$;8-Qn@SH#z>Jvj5(j1)RXN4EGF!&o4T^RVE zspYxXj>8oyaz=n?d~*q?y40PdS~Xp^4Y#kvy|zdODakPcgKPBqT~3X>PgzS0oo*py z^2gp-?VVvA$FzI3^23*3zcOkr3s?6{3c#cQ$^X&rQ^!Vy@)kTDNvi zpD=fKF^4K2*j#XI&B6g-`4#Ugrs>;#*MiTv0nX5W<(0$pO8<6Y?46jGF*Ov`kGr=7 zcezXe)`9!{ETVJ)u|P6>R3&COd8lR?WC7ZsYSl$F@BwYi!qw{&>|x_Q_3RiAJc?;Mw!%@2_&*cMAT-aX;hB z==|lU?cks&)HjZIcYX6)f^`|MA{tQA|Wy`_}v<52;Nv7<8gt{*A*SwfR!-wZj21 z$jp$-iSXI)-RFNRhd@_C9;xpdt$Haw7Lv%#5I%raEVYRb@;6NxlPQP6&X*Nh`7Yn6 zX7~Yj|Jk4ig{tt~WCb?6kmt zXl6Zq7^GEA!yjnRv`mTw0|cQnV=D$lFOT|wqp zz14y0T{}j3pJ-hs6A&Z8^vmSdIJy4$(^b4?lrACT%RpSm`7eumAsTU?5nsQ*bhx>y zjZ3eophi#aVOorP-#BM(IP^EmJKdn)SqwQ$esNsTU)0mlT6u|i?E_!{JMt^(+?z6c z!iB-zL}L#d^hz-xhxcpd})-H}R)dm%cbIAX}-g|&Gm91^V&NwPI z6zL)`O7A7~BBN4N+E79-14se^LhlGVq9|2CN@t;bH4YK_d5T7zW;mw%YAW$m9}?Q*=w!mexB#P8EWiue=Zi@loe>vmWD_2mxS?7 zk&PlfQ!<&3)Jj_t7((X`2pO$k6px=GVt6(O;PRD)X6mWLil2q8`mMx7Mc;D8u+MSj zBpD^=nvP4a`zjIj}F`54{UZ9|L*m31kRpjDx}^?}3qP-{{aZ|9z#F!ds&w(A{Tvt)@b z_E@p3(0JCivfNog|+Ak`0U7o zeQMxM?!C4k@NGbUCAJr*c5DFkS>e;>XHlx#A1r z6^559^u|Nfqhs>&N6WAJbF4%{(w2{csPzxL&+b|wS_U3AV`K(ep;gqGW^)MQKFLg8AdxnQ7 z;105XKPA97aBap<=UbNF$c>^OQ z`siAnNZSj>3o~c8>s_5_b`f=w&vCx;7mEL8rN70Z{LQBMt8e@th(-B+d0oG#M-FeU zTUjlM9oPuH`oFym-C)DiLtb_|w+N{wLCuuTpJXO7=K=3VetWLIy^oGPopdNL~8 zYQQr@@u*=!+-T)YWGfzIs-xyJ(r!u6Br6iaxAI3XJQlcUnM33OPl-hxajYOjtsd$; z$#A;-Cen^z2(`ZDdsnS3)_!QRH-)q}ZReW@*>avP85j@2v@eZ%$0_1M2Xf)Fnlr50 zIwFB?DKe-NHz}W2BNa-I!m04rZ{bl_Hfzs~FCVJ5)*2Z&X;j>X4Ip5%E7lp(X&Lj7 ziEjSQ;f~3i>R}?si0c6)JnYF|?V5k^;`i5TMwW>E5viBACT4QZt}RgXO(yY=Z;&2N zc~ZMxZF(f!Id1~!KP`bM-N{=TrIU$UQM`95yF+!xQ?ti@IUo-_-Zy`r9|R3>`{nOl z>OxK9kwnh1Wkm7V^|csY^P21;qvZjL>TXCxY-Y>euG z5n92Ug-N+9F4GcdN$;R6GhOnbS9=R{|5&P z$B%vYO~lAOM(o^!;522e@$aWlqD!^t=1ij;`gEyNtOIwt(hj%coeA#SawXI4qn)$U z5Z4iaS-^YCl*-K7YsUP7%Bnf_X*=R+rd*)8{@AhN^D$T-6hu7mkCxpJJF!z(wZg#_ zB(#<}C^i9@AZz+?$l;@2eHjH923AB4NF)5Tj=G(1aebj#N*tZlG*XnhL1gzVG*ALP zObt+E)X0MR3)1rvExL#`Ts3c5&EOa0w)0+ma*?1d?$}W5LVbLVLMAnEYkFFC0_+44 z1Wij(B$r`o5;;@hd_cw3rYZuEALxk>pxQaR<4zi@gJ^`>f(&E^ zQNieV9FRf3BM?j1hE)VVe}*jWxW};A^(?W>ndw;l;@vL+4YQWbzmY=(WM*0~6t-`p z{WWzY&;==J zujUX7uE)MXdxrw(i4Ip4F#9%5G%hBI)ydSosdLljqbC|P>zTuCd!z-GT{>jH^U z9kxatN;-<*lzVzrKb>N{U1FC1vunaKxIOcBoOZsP?Xf|LS;$DH9;(beqn!|PeAvtc zBj@_%$5IOOHrx0=0O0;lvp5+2uyVLeA3OmhM5EFWXh?9*EoBI_=xQAmlZrKgkmbz- zie5&$0@@{6E-&LP5j0Kdgrdj$L2M1xVX*BIR~r>#r$4)>(IQ!#g_ryb**c5)evGz! z3(G+!?8x_gmB=kQHUp%J0kf{yENZ?nV72?S|H_H|Hg?AjpXbuwLNy6+s#@8ZM<88s z+z--mfRtLt$UN7xz-q-3sC#(ggmu+6Nf3y;WNNYS$CO7O{$F(sSM3v|-GXrW;tje@V{Q&_u#!Q!UFA76A&z3)G2wSZV> z*X-{V(RNvVMRwPNvl|+V_TxX0bHbMwY~vqfHRS1(x6bFTzjLOT^PR;8-i{1dKM9=9 zSZ~5g`z!^NKHe~JaT=p38vEZqoKEeZfwAkz###8jU;ELfJb3bNb4}~tNqER@u zbBGyJISqUA=kNUAUOIhsbVmE#uEaf$JOnv}SZO=;L@y5uZ6GO-OJZ+2hfGxo+=_q5D z+ex*4y){Z+s`k_Kr6bEE)a<-$3M@mtBAcX+5lC$i6h*@A(XWVdGhiaiIPnGBTuqJI zx-WQUki*Y_V=2_ns(U`i*Ssk9acLs%2m(Z3NFiS3kma?i0Z?$qj6M_RRbPa1xSQYN zvf;k;_5~1k=gaKg7JXy!UOLZ(`vq&kQPVG)Gk0d#nTpCh@wD1|6OSRcWafzJ-89bl z;H>+jr0`Xc+S?{-0{^|8=8)CJ^-?by$+vQe7)PuzQ+Eq?Ptk6b^X(#I6xLtPAsQJi zlb?*6pN`3?H!i83(q)eqjAkHnlNfuI?g++BReYd7s7-8eX++44LKd2iaekhk;{zR&1BE$>s{ll zFiS!@8#?20>03OLn@DP`5R}VII0reOaf_H9C_RET-LJhK_D}WX|6~$3pu*lbD|ON8 zz5v!}UzK#_-4JMy!UfS4jnQf!LM14{sy-UJkD`nAvW+hE77&E_4kjb*D zuu8Y|_l1z{ajSSYLMUzo?ZlCZtb*LC5p+~2#ERx%VMS^F$N8Slm)HaD-C9Z&vmMG> z*S5QIHo-cqjX2+v9vde={i!p@U-Z$|J!Idzm=>D;@b29+{ui&Ck=`Ej)+$>o7w7GW zp@hyax0)gA`%tcFG$|A`chH6U-rSj+ zM>=%^zQhJ!c~l%ASGW_26Kozd6AJt}HC8JFBq{4iPTEO~R3c1{Daf%t94{_vA)jIQ z)(mJdO?=U`L^CXBcF9~?+)pCY7Xta@Sq#Mw?T$Jr(?)?Q=#XA^5e(-7;cCi=!m8J3 z^nriK@2AfAk6}ZaW#WQi%VW{!M2Io|_M9)-cfpwfqaU~N2_)rjC-%TP=Dm3+S;g-BZHy{E8$QZaH zq7*Z1=TICehrz#!_=yhKd)@=Tdz!XzogZWtdg&L&?-Y*N=>3QV!lRS zz*c5t+GZM=NWY&_T-(2}l)Y~@zHOywzPK7cu|}<>N3gkRz`di!5LW~fAgU*xlbfs* zjm;9`Vx@+TU%*~?$%5OLGJ2QvVbaan-j&t}^5Mzd8t4fa|ClZ6&*xAlwD9^oQbVdE z0z=F{)r{rg+7%_&RTNm7cI64$@B2MskdxICG!KEwU#5#LBFMdF#(SkQs1J~dOEb5y zf*$;QYU9yxKNW*7OSKvVGZTr%P{h%EINiUwT`Y%y4i=$%!?UQGRFJAglZPR{&piU% zUv;k#f_276Nw`&kE7)Aixctpc=^ol-`9VXn5(mg^v;G#@l8-Z~0Oa1*@N?`^e-M{og4_7&Ss31DGJkIn zuCEvb^o7RxGmVIC(p9)LbHUAEkgEL1&FdK{@FG z8_QI{IBQebu%D;Dv%09DZ5@(0we!>s zi}clH5tUb76&^n+Pq|99Lo+2k z7l^mK{74AMPWCw9_z7UlPx$>*EbhVYr*=mHx3FNBN0}jF^Y{~;#n7mC)lf|oQafAc zNoe|%3m7AIzIq9Q9r z##gFsy&kr3|KT3gcT?@uc*mhi9Z_GIWZ;@D?`eqhJH+p2_B3Z?(shk43Jk1=~{(?EHB%2OR$&kxm5&Y1nBe`x{`$r9 zbMsDOX<2r?0Wj>~EB!FM$Cr%&m7%+itMlfOH(c7NMeA-h9bMtVql7mku<1DNNK8>< zM8bqMIBU2fglh7IwUhr@fy6IML^Fl$)U)T>cbn;Qaqs4fJOpWS#EFSin2(4=qcb%h z>SLUw@Bd>4yAl4bl$=5iI&lRlQyR3V5v*t^Lw_7963{BiGWdcDxNDyJWVm3GQW-J} zkGC~9Rp9kC#E(S9Lv36N0h-ECddY)&#PxPY%Qoy*KrV(!aCQuG>Wkf1mM5dkZXV%%g~g{%)_vr$>ES-!%HYE*?97Q{7;T5LDP+z&KY6tEjEUT=QO!PW%z`66Yz``|EiD zAg3^QFDY~{A=LNw@L+|xRHuPlZ#=n1<0(8txF9JJ!Uv0Z3{opmEnPDp)$S*_y9KAG zqJ*xywqEp$_#A3=zzzn_SX#34N4(JsA7~=QP=zuR%VNJ zZu3nDQQnCof|so*zU1fC5Z)_+twD~+?Xl-e9aN6y_8FXY+H!NCU>aKE8BX2BPawj) zpM_5)fLvr!q)$#Umyhx&dT>{o?t^!eFakeHFkZy9RAR{n3~T)210!(5I0DL!A<{Rn}$8LpG-k_g?Vuh60*y#5}EK zG`&?5k3o;69Jo#ydcu2+Pp-T#>QMC-*Juzk3RvQtALR+Vmck9ya5tDJ9eLlUV@)uH zpV$Xhx|gnn8W_(Vmhmo`r`H3Sqr)gN(+eJG7W9`#N|y=2R*t^@3n2NO0IU|vmtJ@@ zgs&ML20pu|HrKj=6q}&3e6e;YOM*G8T#a=8yvwsZR28dmuV{fjzqOBw9;gZMs~AK< zRqK$?YrRiAph9mOIU18j2yRL~zJ|ANyK!U9VI5wWsNwrB@hHm-4IWIYx=&60Tw7;B zN;^U#r~x#&7h9IXb+c*AAF@8b75o8C7uM&gQg!sZwD3?e(UO)!96hXKA}znsxO z5R~J+w?2O(7@kDpmrcz%E;*SL!OF~*TJ}qtba43e`pSTrhguK~!A{9mdt5%NCKYB$ zsHve2OH^1|j?kXXjQC87g|@}}Ff*3Vz7D;l^Tv^(yjRNZ<_z}>t=LQ85uFRZjLW%x zV@uZW!TOdGd(>s5GO26?W^vtQXnn3@l`3A*3K=IV+?82y zpXb8+|9%R_{!roqT0_sa2Z!;F1k-DuE15d&WBl*_XmJl^kdON#52(-9E6jaqrV{xjZ2WOYS8SUuS zD}P-yE1#WCzOCQkYp33>78qvDNnsy15sVRgpL;I)E*Hn3KvsPH1({({AJN_OIJ}Z(gMaRbk)kq;yp;q_vZoa;09T;xI-1Q?pOX# zfc*2Cd9N+IOH36?6mP28)HL&TJ!Za<1c-OZbS*M7>yhQPS?_I=e)@|I)44Pu2_Wj@ zx9|^_EDy9`g^a)UP3m^BZW8`v^jPO_LvOBGhrhTAil{@-zVf5y`$+I{7i~F>oUpXI z;QRg3Gx~}~v{jkrTPqq*5(U9(Jq=jpBQ4Vw>4dWyQ~9fBZHs0b%l8L!Q(Md~<>H_1 zSOlI{nG{Og$LC(TX;O8vz?+`X@V4Vs^D}dm+t9m*6|hHrKzJ_yO{ zGko-6p%rm@!#Zy%eYwSeZ>VoGlW024xV6lrsc#b3*%hjhHiw{CFwcfi!|VmdA`WJ^LzYx;Aw-z_%KE! zch(gju%g{L?+fk(VtLW=VZNNm)$s=JAr#sr0i<_tle3ja+|9;ox(eTP90<$kD#}0; z15n3{JrDEx$3x_=eB!(FwjO@tG>wiI`)l64 zrvtZ^P(^D14q}(@g{LiO?klvui!9oU*hVZZwC`sRuC)a>CcGPgl5$r&x>uziLzZtJ zVS4&%K}7k#>oGZF>u|!>8(v&L0KXjAoPZfO>@VC|cFjCg*Jv@A2|bkm{S;%D>cRFA zD>mZ2;bAbtn?{X-8vDB3Ro!iCO7;<-=h`Q8b)UZew%wy&|5%MH2*Sis9=0G8W$eV- zrM?X5zG{i7T2yhby@e!?3wH<2SlTRllfz#bS1;rBV!-Yl z=zN$>3I%!=1lOQ z?SpGtEJ-OKVKlmk^O3%?03cKf=@_*@#_0RTb$EP$8mE>8vZ4#XHoZsfhV(T93Zbry(_PU_)`;YV5S3UXL3>l$Z;)e1;TZaZp_Zo{x@7K#G zyXZ@~*F!yO<_A(?Sa+y=1vt1^S@dOlFF5^8tTyZwoJ{!~u;HevToO{+yMKOe7_CrB z5$2vFgmuLCsTOpYTm)4~y(e z*J@8@uIR149&=A8=+6(9&hGiFbOU}vN?F^S0`vqsYmLD}Txe72q=?k>vC^^pW~*L< zzI%=$gg5ObzN&`D{wtC;t)*N>6`BW`aw>T-j9>o!Zv4*PO8NFd*;@mJxu$)LrQnpl zu3dOsUJ*m9`#LgX^#U$Y^d5qflA?99U!P&+Rh^POjuLNdkD&@*#TV78zNr}nf=kodMzBY%o0ToiL(37I2CN3$ zFqG?ZQ^T6Ox`h!;M(g>Z{_3m#F-|@!)I(y;-K16o=a_5)*Ut{(PMdFh8BsDR=Ss#d z9HZ0IYr(@k)yoCp&-!V@1>5lklJ=j#=5o|PDb?WOVkdH$89b}R1fHftqJ0+3Pl~Px z#e|NU@o~}>635K><}YmvO>H*DdX`UhsJ~v>mL#wPdG(Wo?W_1>liLs2ujYwHyRfvibR3Pj~Em>QM zA|pp-l9BE~jJ*id@1!R7OW2g9=Xjw3Wf)ijo8Yam2eejk#f5RlznBW84Xp50=}(S- z;i%Y-rvA)*CciGVSZvPMJuu~!c%bfL*S(3V<4Zq6en0gXL{&cw?0qsdYf znD_CP=hm0@_xMK%aKjA=60})XIM&;-fBsth1bf{V)IBz*v&Vme zyptRHPk-A0{;}u&-zop=H-Ld@w<*sBBlDZ+k{1tF6cl26R$Tf_vSB~Jm~bauudIC( z@+vP`DLXY{^jx1~oq%_I>-UOoAo*3hd1^dd7;{}}S<$6og&HMb*HdQW?Al7UuJ={d z+^W}#D5vDoZ)i+`S7n#?A7`#iR5wZhM$T}b$6#DxY_RJtodyM&-AEPheTyla29XDQ zR)$CPS%xsHXYOJE^=UI#5uRrr3gi#JpAz=TFpX7y6L~GQFl~6UEF#x_X?&TgqVK6- z&#kCUN5T{Eh60w$12dz;XqkqH;c~o4hmom=k*#INMw@NCe(<3sz-w^86;QdF5K4-; zd=EU-O-l!L7#L97cC)OCWfFE{$u$+M6s516#vp*x*xE`%$MDQ=|6C{jk0urPTIDcu z*WR3fzZzYdP-RlIUwCBPPDnNB`mN>Y%EwIgaOv6bE&BIr-T)YbprsyPuB=`xIXbl5 zxq;8AO&8)<9PubW_Tn5RwOd}N2nc=tddB}exY<*8&L@1BmQ}>ot+vegiu!`8Tr2Ka zMX}^LoVPQDq=5PJKSc83U*z4&Nu*CFnE^T)oCkOO3a9FI=n9yS=I%b#Wm^*Fx^48d z)L_Er!SH!jljI7Gw*+Qequ60wh-+G0di4$A3G7YV^cs&kN^UQRbsnzGwvjMl9shu6 zZ*sv4UvK-AXt5Nse$;FHZu&uf{O|yP z@4;CFB44jaA8l?&FS)j0Ut1-2Vh^BVpWw-g3MH<}mgoV4I79;y+oEboEQ{>4s|S;j zC@e)EE#xQ=zqCFRh`*JYk(o&{cKV!Bz=6vMdspG|b? z6e}+I_3Bvo$(0ghIawepSSZlYSjH~(=g1GkzlAgeZHTr$<>)wb^P|~)ZME}r33B5% zIF?Q~$A7n6R=b=03k#BFFPR&^ zJUKB|iu11}DGJ_ljCnH;A8o~Gd3W5XtDg^$0V~|rx54tJ zp;zht8GSoHr~5&uu4_rH>1S!~R$KuOSRKS6>U)a>%GQgF$FX%ZPes`HgvcP1o-=&# zq$9Hw3B8$CddUs#mDX-IT+d~#Pyk{v_rDgn7Kxl#@>tkZwIrWa4t16}at73PMtZsL zALT3cw#8XbhIq8LBE{w*djr>>D+r@mjWDLAcO|29l^ zKx&Zp*Vo(}K{t#1B4-Q|8pHAx`5ur$@icaqSHGWvQdackAy|EzelQrsCQemLN+UrK zM*?5e0uAv?7i;Z*9Y}xRB%Aaw<0b?DaE>+q15Skoru3)$0*Q7g)tjd`qH5AB>c-&H z0lNO%@xz5{CtI}bQ4}Uwj~c3&L5d439ei%WLLUS#??D8GbHoVd0nKFI;XEG8Y&tvjtY{yt_jFh2d4 ziaikKhu!sezg`_mhxD}~s;#k1UGfXJB@t^kuW z5uFfG1OZ7lXNqT?uaFPb!uwdw1G~i5L>Xq%Ql7+B5D2pVe~-92~{J< zCI?T66jVs1^X9g7h2B=@SAe;*+5|5D*~sqHg^AsrOZ>+^qH4Zntw&w#}0s&AvF)ud>IURt+TR@>xB~ zJNjc2efLXE+`wt;hk?7d#k~gdeG6Ev%p?oF4VF?iKSY`sl}O(IsJ)}o4)U1lRy(=Av$u10*8Zo<;5#nLQiqUWn6 z*QBYbV|BAWXK=EYEt0-4!$s!CR2aK#TxgJvlj!0r7|GY)ApPP)|90#|s_(_#I7EgBR=J=(LnUdr z0eZ=nOEr=7hBQ*D!w*oO$hA5((OT7ll9<)XHiv%sb60+MC{EFp10<$WT%EqUA%K8T zIld}Dhl~tpP92D0sQ}*|Sy2QKL(dQtRCaU(L=uEj1eIUCL<=HwIg+QRN*+|BItPY6 zVUq*(hxtMtcNLt6#wxhKk#m!YI&U7Q;QQlDnRrI129OTwsvf==c&LNBJVr>KD!A`X z9h+En&@aYT*eQZI;V@Txp`k=@42O@l8yO;@7s1V5LRA#kvEy5J>W@4a5~2y_AMV79mh* zh@haOk=-0I1rCPM3)_bBRLQ_fhhGI(gxLLEyhG&hS|w*F)C zeaaW!^r+*T2pu_TxNrLhr>@kmRyMe_ZXdsY1hiPbq68i#GmM(JZ;?}OM z*XfV-=dj-Pc4cLx^vN=xu6`h(3|y2AYjPsfYvyam0TxsrvgL!ck*b0U@?cXH)TPp7 zuhr&4ob@vvU%!QfpK#fbq40y+H)bw6j~trYc>G#6k7G#J0lCHHn$idK`Hq<+3K4?H z^`LyQOs~{gx-`x)rO`CETp$9kZb24+09Xs#Etq*+TpMxBo9jyAQ4BfZEZ%K-k8$r- zup9TK-zW)k;%%A8DWkT>ZVAcKj5avz6;Ul`Qr zDLAf;yg!vq8JC(g+7mdCSn57u!tc$BWf5Fqj}F7{{P9ZXI>*++jm=HEC>PV6RkD!@ z&Egn@zuL+r&)<$XDT6bN_t$Rs@U`-4AYHSHB6>!3&T*R+}QkR}bX z%KrQga$9#r3OIDnqq0ARBW>kDJVWI5h-bq!bQ4(33e74Ri9!PNs4F34uCZ0 zK`fp6Cd{z@W+rf;pvDhMyq>t>N%idtR(&JZIUih$43k>r1W9jGuhT(+-p#MgYR+Y0 zVxVw^KZ)Vg*@H}@KwZD|7MM4ztuvO7tZzEQ;nioQ|6wZsc9*;I`oC#t@-cGlhbm*h z7M&)n!vMud#9XYQ6`)idBZ{2*3 zhjW#XNQ!{mXb|YGN8);)$)g~Udz6aw!f(`&frP+^od#X%pf4!)HEC}WS* zyb0h-j9$oI7t2t9MtmzuG((yLfHTc#U9T9LiFnWE5y@ zW=k|Kz{gfdmAm*lX9kf)jdcn$@9Sh}#UnCrZK|`^Xe_Jgqdf*|DVmSAG4fN->4qSE z)42^)uvo4X%UG9PZW6r3jxHl(+Mu)j^Ji_}JaaC;EFKCgg}7lej}xn$i7U~NlA}gk z$W1}6>GdX8*h`X^cWG%zM{}xCc*A6#O8CsL6WI@)Rm$Ed>5B7fm4`Cl;Z#msM}2P4 zoQt~c(r{ISOZ63jxX{Wdyfm8pez$Y?a80sA3+YAxgY^Tq%)NyT}zYHqR$+3SqBc~U~CX9BvP--)WJ%P+>b_R?MI1&jl)j;fRKuKD(*UO_P8}_fP zn_GDJU`M(WHM=;Hy|OJW2T1rZYSYRf5gLSW&MOpnb8&E}ZA}0Q%9+JKOb+^Ihuya& z{BJDb;ukHh$7l7sFR)p3e<7y4o47XapAw^e(RzD9#4A6q(nzV{k()dVG_qZUVLe?D z$#t_uM7%9HjzY|TPHu0T_}t3qtExJV#J$Kz;!K+@#n?q!WCs8~f(+_`peVLF!`&in zIDR+;xzY|lwH}@6v%|GkTUFLeH$Nf63TNwm5GQ7ZS)pe0f+7W%ByHmDL7Egh5knSA zEYQ_l2ObZoBGZOeh98ZTR*)9-Xg2|l#uw3j4boFWYB$LX+DyY=m9Y6Pg$-DB`7~R) zZQx*qKy2u&F0XttE~7$0N(YfuY9>@9Gn{bD9IMw@x5R3;^Fl=3qsl^mi1ndM1L$4t zhe%Uxmqy6Ml?zOf0r#GZJ8-`q{m_rh$_&-(B*&D2bkybjMdNE9f1$~*`il4pguB}= z#9L(5`U{=dP-2xq3o<|bVOX9SUK*6w_aJ&Yj!Vu=25*kpUOw2Or@TD&=i`aA3eK&1 zXgvo_Q1m==CKvyRKPxzY$8$G$n@ngdv6lL6RcLsprg@d{GuB z`x{ECD!Vr|`?8D>L*__lT6nHgiszOmG8rd}D@teJXFX1ugzcCYCnp{JL z6x72HL~NYk-9p`ABJtfiYAVhV&qUu8tZOJ)InO89PsyWT-4(BHq zHjIsc>e|G)bGueLeu6j*Sod3Zi6zwEQ`y*A(iQ}@bp zbq$~Q7~k_$%?UD*;Lb!^=8cly9u=JoN+xEp2kjW1#|O%cD)MIJQEe zu-ZAm=CmaeTmVZ|L~kqLuIcc|C2G|9`vpeDUV;lk;sKQ5qH>uR!wZpSNQ;$NC6U(5 zYY)SlC*oKqyJ4Ba_yP$T$0pmpZS@*2K>Ng@2@J+afyg{nLdb`$SrmUli`Tgn{Np(Wa9jr79_1PfW;Xs_9jkI+2b`J)*$~+ zclx*W>aVX?+}{<}_E9cb#PnMij$7B@TPY>iLwbIFow>rFlmo-$lBYi8@>ik_8Fo4Q z5pua4-suh;HD-Rl0&GQ7II_7I7`?Y(G+KtTz@&1O0ZgXy6lz5>3hjm!N+c#*Re-qh z93x@;Q`D1Np6bfFWwt7e))x_&H*L>3y2xl~k?rs+lu9Lqb&yGw!{8E)^&Aem21^#w ztt;%eRSG*^&KI=oz{gWF10~JPf?Ax}Y+YyMC_3pJO-Iu-WL9no%`y&ZPVxnz=hp^9 zc1Dx+%_YYPrh`6n{)Q4@b5kHsXS1`jqi+ReF7c*)wC&L%YQUKM6-aJjp=imlQ1oSP zykP>40ryU}pS}(*(*Uwhh`?R2P%K5(`{M(ePm6kzdk~`lAk!`gu7t!oTuz6ifOHue zpI7mMz!Y&B!m`Xaan`5TTnd3H0=-abHFi2bJ3rUpG!H{CbUUMvUi9rvih5SbZ2_C{ zR}H~lA18rm^UV&mr2BbE9pan98GT(Dn}!Vf{F{d2PU66W1F!-ET=n#)g=?0CR3bR0 z_xXruTH3-~e5a3L%#Eb(%Mmg%N_u+W8yjj#%mZKXP+C*HfxsW{jkEVFDT($IW*zAv z6=DUfy2jdtLf}jRQ>`5d7ehXg8^q7ew^yw0aI|q4au}3*r387Qeti?Q*s<%e9X}Y< z*y!GRWv?NFdOSC7C2m!q4rZl#f)WX=CaI{MBf$iZA-XTTkYH+450RLNAGK9RF1^Tb z9qYudx|zZb{6=&6vXSU?BN=9`p$0dk%L3isiB+5FIjfT)z>gs~f91i5>A(Nj|H2}D z$JH}``NF=mrbE-zxST=G*fA zVvMNtz3tHz!TEFB*Zki{qqH)ZFTxyl)r@BUk?JgcSJTF<*bw(uXz z|8vCGRqPdL_YAMQyfcQAbfCpj1&3B7i|3?!1YfvO*@pi2IQtkOu<*}I^69I@I|Zh0 zOa(Hwt@m!_Eqe=hYn*$=-}}T`r@XnQV<*Ms^wuXzX^!+2=NSLgW$~VK3vUYSHGkph zU|W_NuzYu=o6n%`OP`=7;74(2V z@h%8RKxeos^OF6Kv4nrzQvl`fUV3b2iUj~sm?aB=Z^^^IMda^iC&5E@ZMjs8AKTBK zSm5@nJUALG-&y=`-~8`AHLE@tK(5wsm7YJx7n)e(ld?q2BsFaSwiEFYq3P z?(E^j#A-gWbRxUcsVunaxH1^NV_!$~si`S#9lZACY3YVZ1TOs6npSAYYFQQmLF@qO zbNS9o7$t~XmBEE8VA&I+ImnQB=^@GZ|6Ygw*H3*5qx$P%R9w(fD-%m%VZB$9wm6sM z&P+Zk@@16^Rb%5|pm4Zl$$ppBMuReI;riSENs_EdSXN()N)fEzJj&i6SReH7(} zttlwdmusS$?%Wcz8FnWfO*l@NNa%y-;e$ZV(v1o*SPuwP@`pei`O1Im3hpqhV7rI5 zspzWlQ=sVU;fmT@WIx7TuH3qFMo`z?fv-LK4WcpL-RTU==eug>`6D&t#s#V;3pW;` zEyw8uaC@LnXP3P}nK{2@yES46?b_l+4EL@NO@WA&Itn?CGx21v*L%y3X^g90SC`SF z`M0`vjwMV^04`V|j8=8S_>BojX0ZYq4bA^_GW6t6Bjuc@MRHw?tNP8(^_UmeyyFD3 zg1l0kIj6*pqAplyyN-ycDFle*vY;YwiVGOXs08e}X4Z7V26Df2c(aVp#anqt1KD)S z5JXx|Sbrx)VH)WujJ5^Yf7*@d&A{*_c3?PWc0cww@fk$s^kmH3v?|;)o#KM}Rn-+>aR)-<<9{ zs{(#8-9v+*-POemk?0L#;dt(aEfydjz|8<>#$7jO!mKx$z3Zj~2I%hRm{JMFid)et zg7YJ#VlY>-+ZGRm3~JNtmN!Qy{PuET_(+8y{qhxZhCd}g|4w;fNuk0r%g_f825pbm zkzL%?v5EIFgP4`bE<35;qAmpO{2Y1nyaU6%ZSRIU7P!<|MMa6~4E0Z=Z7!BBuQH_5 z@vCGxik%b4mmz&PhA4yg!RDE0G3nR1GSO1n z)C_=lBM`{fL#1Cq`me_~XgNHFHk^IW`Ie*J&A;ZP`cCHZn7RN5*Xo(ZeQ&?35z!ik z{=BBS10^Kc&rwvn1e&6HIBk#d$;i7uwddb|xY{sR>G$iB&S3atmy__*Du-ZHUw<%f`;wwy^MhMz*eUG7_Bej6&^ZiH{M%C|Z5zpe;RpB7K%9ld`~ z@>A{0a`A@Mw0#K`oe7a2nQp_VVMp54iVIwAV`uJTH1dsj)U;V@4z6aoj^uKJBl{Yd zB5%sw8+-D%7twz?v3G5!jH~ujk3AS&^321})0yP+?}vH{9x!ZwFSD@jSX|LrIkvcB zY@yBNtN{><;u7-6bqd~xA6r)DL*bv{Iv#BlIlW!tLB7Aq^|&wdBQf&U_&0bEGn1L! zP6t@Owgq%xeT+Ef6`SJy;Us+Ra{OT3=;TO+zn0Pb%2Ge&c29-cAt(U3+-1%r17fFJ z6ZFjg7klpk)>O8yjWgqniUmcwAS%6M2))Rt6zM|=9UNL9q1VtE6_t*Fl!T^~gaimu zLV!?a=q(^6ASECz)PRB%Y5uq8e&?P!=brN~_uTW``~RLV&y!@Wowe6q*{kfee(U$X zuj}~&aK}_Fv^GpmMVigHOv{R7=D?LDlXsOykFH#xMTY=1_Dn^Yvz1Q^1tzPp0qB`* z=EUwMv|EaudQ)s%AkQv~Y7RlWM$$rmfm>-!EI|mFRexl8c)z2so+(MCJ}h+>J{lN; zj*0-uIm-mj_4Vi<1<~cSc-@8VzzGm$Pwf@PdBuNRC;tz>{O=EZP5Ms(Un}i=m+X(^ zO?kX^{eLT)`O2^)7bz7HM<7^MF!7{$BnTUkaB)9tS+;pp7d(v>dLg@m*h};+rM{jI{>T!}Ka2Q#B zzHU)2eu-n#XjhcZ9ry#Tvg@fkaxVia}chVtLi}eoXobPgqRqLAe6O@RsaxYdk zWVjpUM^+t5hMeaL;dvfrN;Xaz@u2p*dKt3X5Hu~saiOC_0MgCKkq_`Jgm=`FB5`g6 zo*lDxjo@n4mz&}i3@#VZ0kqT^>*#^VD~u;yZABP?YHg(Kb+MdXIR~zgw+S%@=i9Kf z-!hM-S6GI<<2XFWT@hPup=!ZSNXlN7tSO87Gj?%w*^=*bISs&;rQgYtjKbUq#D8-2 z{VWC*Bafi^yS8Kw?2vi2)A}|^L`h$@Bpo}#WAsJk_qi7m2gf7Jy#`aQM!+_An>){L3V*f_v3`rX}x$x&g|Lynp>MFZYbM7a^ zs0KcT&reQQPSa1UK+3{VQC}JEoz`LYxlY;O(x0NZ_X~rwP5|2KJa{C=X~+&5fIl4^ zim(B%cogaDL`(l|zTe_Pw@ELG3eQCRRu?5D_2kMY?bXe~wO64OBHH%qVd>C`)^Y{a ze(oLjpLfFlULJow_C2R+z7z^(DKut6aLG; zw||%&|H^RZZfSVSNAKJW-ZSGH|M;5!^sL~5R%N8s*irY$x&j;M>8f*z&LpmxGLrt# zGgSo}D3 zko(0zGWeMt9!JZnXQi+hK#U3c5H?dVLBHMCUWIe{_dwx;j;IcfBO|$kbQSFhiz4;4 zjM8P1&&x@jN+0cXPC<`8J(vusXfHVu`~2d>gc82QoAc>?*WHU)^-l3qk+5&)-E^^k z`IP}@U6E5blJ}QPufS+6*9tdEhi~rcL3Un+`gb|;97q*?W#FthctckmpErw04}EZo zg*W>p8wPJU<^MREzrgmDfmIEII@V3Ds(2Vhk+c{vULCxV;Qyf^?bxwp{zc8sqgdlT z$m*5DV%(QrHRZZrPSTCDL!T)PU$Ig#yigl3p##x$UZ~{}6;1`{F#*3$hrw?IhuLR% zaqt2xx}>!PW`MXqhH$m$cjInLZ%G}iA_~Qic^k{x63zVP0Pujm6AKFq83G1wlYaZa zM&aVGf2X>+@xO+>vzxeA7&CIn2hHXF!7ScVIYl-d+1S@=F9msx0z^v_f;w4lz!7}` z*qPZZ2t0&y*4u3;cQ1OD$W`BKTOUMLLiz1jc;ecrm7%kqXk>vn5#Zucbb8MpsDMJa zE*C3D`XL@nrMsw+*u4zR!Dcpupt2^5`Mhz16=EnQ0*?d!P+eARf{kfa!(l_0dCj=z zaA#go3My|#?WS3F_U})HcJ#PX5<+80<}i~Nrc69eqgQ7!Q4f#oxRjOFx#=k+18#aA z=5tVrkZ%zqgwk3xoP&Vzb#LQ}g zY4Twuie%TYwv@T19y@)H+RXHE%6y*pIj1PQ2dAU9qI3IX!6Z||} zmD?ei@=U^5|??O|ai$yB1}N;%V1p&pA!93mlX*IS%u^7#Vmf z)*+r(ZOJNqn7`AG{`$}b zD8M~CHr!3Duz-E;x`^o#c$)s^$7Q`|T#7Sd4-Jd1C2V(I1?ZdkIkm1XYb+5Rci(qX z!Jy0O^*lG`lds7j0&jG_+r6x3ROwF`4K}^3J3@{W{C_tV**3p-4VwPOzA;{6Gg^s&>A_yKlq5 zvevoFLF+{Gj_xdM$v)Aai1C%f?IXhdxN=o&hz4>7*`E#AJjOXk%mT&GB{Uoo1$A`d zadcFY>9YRoI%4=g`%8a+e~IWon5?ks>nJmG;Lzd5HCAgmN3}ZUed5-Z5yX7gz`>0su!HML; z!8Pb+_}Q-F2%`((+FLWl)Xfmr1SXbkiOOSX03UhnZhr)Cl&OOM2YEHoIir}9qft`R zpv0%gt&y4;>d*FW&TIc66IIbqH(Nq85%o)XcNC4ftGYfmw;ew`0(}lS(Wegn`u;QK z*>xQv^AgkXdjCR%d=WI z6MY;n5p{7xy*;`5rgr`)dHUdTvTm^Hyn5uW)Rupr>MuU|DK5!#5ibr>_MBFB4w0n% z?6w{&&EB+jd;Lo2$wQ2ms~D^`gl6KVBf&BuA!HIvzLBf%#9P$f z9{^dI%En7U5jTUpESRGWtS+*EIQ!@NwB^Czg-S19j>ye%1u6K%A>K%py!I(iUnwMX zhnl@rrkQBDkWA6&{_;W`2$jzqQpB;ZL1xk@!^5amrBcy%-cV z-!&m!D7_}M{*{5Wefsj_)0P{%g9!L>^&hjj>D-*qQj%S9y4831pq1$uF|I}}-5$Iy z@#w>au~Ti=Q;CSwLz&Y8ua=`0>D4ReRX)wy?gv%$sk&80{VHzrvc_op=C5d!CH0l)oWfGJP?e?v?4&QFeK2ML1Cz?D2mU+k<*}u3rABul= z@1CLWDO?Gl(Kthzq=kc2?XojUF}#L4ZJcXH5_Oy2n@4sS$0nPf+bScM)JX=$cV#Lt z!=kdU=F`QHhG;?F(11Myq%g17j7MUsq2-Q2{cEqhwawz#KCfmZX0;x+TqvGdorw;& z_88JIdbvK)^guno)LSib_waCE99O>$NBRl>;_&NV#?OBNITCNcT|gDb#rkL~J1V~u zk`S_eVr~BcI(4*_>yHZ8w4ANdrY(Fd2D{P1r*ckZ-lSoHRZ|a<0``t1loATg{o*GUQ7Z8T=svwsh4}QJ zGFSdmFaP2Y?@!r>Um0lUDBhW;mv^e#ehWSML!AV0o+6hsbeWD9)v~5VU^>CGGkTY z6pYOYS3Ot0`>K_#8;;I8WZ_-GYZVK~tq?|@vwF-CR3QER2ArWCjnfYjsX4VP9|t^F zk4lRt5}Hb?4Ok3}H2|M}Pt8XiL(I>>2ao|uAjEvsA?2pSe$X-&PWd>IdTeujz3tpJ zm32h@#GZorM{GOO7rPxm{%!9j!YeeR{Ly8kbjRC|zqcnHQa6Jl68=XeNbD(XFh!Vs z)(+s3B{(Q}(9>w3(6qjS(5aA{-8FHFFgt)qqU`A?UnBIMn`GO4H@)8y-ey=nh*KoA zTefh;Qv6xWAS}R*9N_db0BM+l6#Y6mjigjJ73U*QHCI}c)4$+^gfEFq05mrGrmX#j zJe4n`Epo3l8Nl!-)UJ}yB=+W2JFh1H+GF zzvyr`)QWFR3uH&5%Oa1T^z`Dy1ghDGKe`$`)X&)_cW8U?pWjI)0~2bpdl+f>rXQkI zqyJG4oPFQsAb}iDuxjz5Cu+;tQ%D(W=%t1d`lx~22nZx+*uQXXe}7MB>2o6DaTt{p z+7z$Um`GkYRqj|1pjP`)Hj=CpQS|A!@^OO*TnP?U;B-F0iShY1{r4Jc4A1tYHLLcB z4`xO1woFYrCh7f0mkb`k_xE9igK5um-qLh)m@0-c_u743Uqn)xt1b>?!L^gYI`2GPtRTWkOx(G6e>PhF&Wrl z5s*z809PA;2vPiO5Y=i|q9svZQ@$#owYVcgrq+e49WGN$rRcPeG{u?rmcD zP*pp^sWMsszG9#q-Mwd`emcyQHHpw;5?h2#+aQyFXgI5jl3@;tE1PaYl8xb;Vc;OL zZH)z62bZoW5~pHsQ){f=1-U%+PPm{ps!;oKb-H&ViI*j?adA91J8&c@-YUEaA-TA{ zw>i>d2i6!z;+z<#`hyw@4{$DHT(pfi{B>&yN;3Nl5D=Olo}S^NLCfL5oe(ByDkfPCsjc8Ew6w42JVw za$m%c3)bcBHro8h7WOwsSQF{NBNA~JQ54-^Et%8pj-2ZI7u6$xuE5^isygF+7Hp)T ztRt8Z`ZQbGv9Y6@sGY3l<~hLV6Bc|xZ9#hWzvJ_q$Y1ccicN6qU4muBXX0p`c*_C` zXO{;F!n$AphL|ml2b!591MfSEVX3r^RI;tXt@~^gd1;Ps*wGhhxz&JUx(X0p^f* zgl>>Q)vRQRrlTt)qMDw0#q<8m`S&9;oQf&4HcbPAl?}vahPM#CTRDUc*SAL`|4{<` zz@sNp^2Ku|0mRsrfAxmz|EL6BUfB))2#6@-6k#||8KOi%x{*!nSIR0FX(>wlj5i>g z90R6$PjcjiB|fGyPjNo*7|~MYP^@gXA$US?G)JGdR1vgloLkJNFVhN&xhR$u~GIN3C?uQLFP+-V(3k%mYfZ#JqCe@4DQYTgym%P^pA)Hoq~*xIkU1 zeKn#_))Y$Ewbp-|@3G1JC^o%OewM`Z;N6iq999^z{i@v#ld9tEuQ}=T$^GOrz~8m) zXDYjp+{wfVix8{xCZ@;BE4CF_qpJ3WFF1j;)y&27yJxd@!0O~3P6!KoDPAhj)b+fo z*VEckp}Fc;rgjZ0gFjxgVk>$QE0(j}DKp5IY5g?9|=@l~1jqhduFixV7JUc-+Ks5h<{ zlZxR8{M5i?RvebD;F`w=kcI*DX~0WKNRUv&bkX~CXO%sW%pvW#mmP^ji6wMo(U9np zEYv&<7=~dufMC_p(d=ARU%^d*_^17AUyeG%XD@|4+bqrP+$xGluI^$}>u{ZuS5pRA z=QK<9XO?&jzLY!%Zy{{)BnC{&o-3{K>u@#06&oY;$BnbwhXTd|nN64z;&ddocM8vI z#Hozu_pXup@FaWV>Kv+PkO_n)atHXDA$&Ijvf_T>+QczhB z`b*;Npd^>*xIW%%{$y!|yoV9}^UrB3N9C!*J73~oElW(qxyKOvN@6=hEA`uVb_JOa z;(zDm^JY3)vz|$RMX=9D_LGCwviD#}v?D(k8aMBhjdJkK>ywHJPnEg?E?wT@nm7h+ zax~x(+|4P&&4WB<`)v8q??0~}RpAfSzB0H?A)19O zc?Lft3zHWbyC`a>bgyxc*OJp(%Tv(G$}~RHzpzA*l2UawJG#gvHRO#1f0bodmY;Qj zlpUH1G1ZiVFcZvGWET{j6g38z2Z0ZsA#nFxza6e4Zp&B`0WXNfi40T?dVBWDNBYj|Z|U#XHf z?BEJm|0@H1=h3y0T?@MC2NyO2wpH#aHjO!ulHFZkmYMdIfqb)>oRQwh0KW)`H+?o2 z-&2`)CDlmLvky}9X%@fXKW};e9`Kdn_}!jIP5Fm2KijkU4i>yUy7382o#Y52A3yxc zAk+LK0uvT_5d*9eUsSskdox^r^0722g6+lot=PQHccfbHdF?OhAH|zgras!Ke`SzW z%a#-mW*FsoX6wIFcDE~Be?RCMwL0pWdVj@ZyVaT5C#zo>zP#C(fZ6Jolo%W&_Q!w4w;6=@;#VqXS=6X+5FWGb$vfg7EJ6{)4-HYL zZejA)<{!T+k-kv3JY*S>bb#EXUnD_K1)`9Tz9)?|wfs2pm0?HQbs~GZ#wkcD9-ccG z@?K0@HdRM%*?H74x_VF`?LH*eT8vtr-N(3`kdmvjWN1~K;3O+BAsaeVG2|5AV8`Mw znbGTt#Y}&R1GOp-MM~&z`^_2;>w6Zi^j$xb902ew{9+7@=sr>nzkH1AZ+0Tg0JSiaUaVvXZ9$_xqIP?3$zON zHjp6thSefn&L!cSj*k=rfo>zJJ$3f`- z@NVsT48EyK0SR6GUrsK6ygLjGSJBt>7Ue0W@1{XgJlr7=ze82%+MYwR)_ut4s);8 zcxS=nea&%`I~kUNB&VvY2@XAQ3Iea$pnkz_>v^N{jJ?=ao}TZ%;kXB-I`htCjw3ZY zV4K>J0M8hPRu+rKi1 zhw||`am6bI6QRgfeyH^i58*)rg~ovCb_+*w?OzROuu+h^o~~Q4#BO#NsFn(@5B{># z1umi%$|nvZH6bQ2XG0w)*`es$oR6O+-uH{!SAf-47}r)vx?3W0NA!)I*ZdVdh5PuO6x;5+&T2EmYGIslz zYI=Kh50`_J{~*qrWN=ZrCHSr}hUb;Zlo%*KA=%|aE9^Dbz2UJhx#OsT(qVe8s=MB0 zDk9ytJ)tD%$3c@)$AnnB2-T0e=ByXbNSR2uH#cvCyRx!{4EbeMSV=Cl$7wzc)@O;I zy^{ieeg{tTh7uOed23rA+WrfE;Tm44GOcOzLS3IZ82WW-;{LeBWDAPu|IWZ?V-zW7xfty zZLIY>>jF|h*klWx^P?~}YZI($aYJ;~?;~u^G(Fkd60Xlp)iK^o>8`;w)<@9%tU~u{ z7Bc8hJ_}9;0lQ+c+V)5)Z_QCXZ1r5*#jvpYyxb-uX|Mc6X$y0fY&6PuqM+fp6P|on z3JBgUKorEYBVHNPe)~HkK!cr{DCdZmS?vSoWbE2~HGM}MlVF0{qGDFy^775SrA0Sl zOQZVeJYZsRJ50x7u*|NYbi9xXc#0-`026+5EJ>NhLn43+t=$%(^4w^5LkrMOOck+=b2A9-8+!7y_~G zkK)Sebs`(oV?d5sah{Wf((tU9T3tHPrZ%@D7oIa0M}p2To7l4;uJu)W&~1BK@3rU5 zcsQd}l!hjF9S+$(%<>*Q=sKCigx2Zc7XuR&pm|f8xIKR*IF3fl?wyYF=W@?Ud!|r6 zL|`UpQCQfFo*zR#5Lp!k8`->OS!z6J=_O7U?zklttMCrlo$-wRAp)>Gm2iTTrh5z` zE1)GPr)c>ji@#H2e>`-?#kfSKs1jjPQfE-eE+Vot^3179BgN2?EIYK^>DHBd{(%QT z>H;8f6K$s3_+Jk8R>!o;X zoa7Ljg`L@ue!rdhdhYqr-F>7}9+-_eXws@3f@MbAYz^g!xVSgvtg74}$$$v1AlQ#2 zW0mUCH-0u&O2J?l>y|Rz@xj&YVhT5PPR z7%{M)+=MQy!~Xa(`V=9F`5d2mzF?%#OO}h{&om^xf7(Zn1%T(gB3ua?T*K} zqpU@Wr~)tV3B0@a!=fguajMy{rod8kY*DJ;eXDOCg3$n{P4w;a9*-H(P%H|U1J4U_ zhaquL9Oim)iLn+R0o0Nlkd#`=#_c5S?#)^eY?9$K@Wyq%N6KT#*A$oNSXOFW>UoEH z_KUX%B^4slqbvup>=50%_pqmy`vET#z~O>r^~0GbUa^?CfnrWb65G?tzcrsjwFl{# zYI<#L>4hA^%U-=Sx756{>Hom1r_SUzIZnU2eWTtvfr{&1<)6|J7Yfp>6ZbJ4FQMzv zMS=l^!8VA%-d!u$uz|$-{qr9WSROo<*wKD+_I|)ZOMZYkPHeQ)pVd8{xwfHHR~BYS zkjanq;I<1h5Bn|s`VCMs^tEOAIwdy8sJ%N;$s#9ySvAwiE!C0e1k2*c)#FL8D)9{uB^d7_grhsPn>GLO8u-8{(6yHraE;c09J{MRw`GV z$(LPAU+7z*t2vIbQ0yRU;_34 zX2hLaTTIC2L$;>*Vc`qtJ0x!&IMI(!zNEC;NY#*;sL^3O__QdX?t>Q4yT?kC!@-p| zm8xo^zTiz_5=ndIrrZ|uqA`>GOC`w)2~JtP9df21JDeNI4CyWSSA*sy(XFS$Mc#ei z=VQ5*bJ@HaoqMez$J7Gm+|W){tI=MCvO%$*k(w6OVutA4hpqN5YQt-ysx0mjmzg`8 z-ktDcOq;l_`wqB>PBby|5Uh}kr5yyb1@#q(S^u1dAcxk>Ev=L?i~8%i!LToDwc9)3 z9xX@yj3j%vCVdU<)8RN+Oy^?ZUCn?chVLR(8fB~RmiW`f^6i{d5*(6W4{!Bc805>n z@Fh-)|AJtlOqCwvFHKaF`=Um|mz9nxG$&)pZMs*J+5oqwfxWF8>^rOrMN4n%BSX`e z??Pwe{YqM$ICEq0P8rwJ5~jW~a6fC{kaiJ|8L!To=+hRGrGRK#4r72I4`9aez)``R zW?8K;bR4W8&QBoKL>HwaEKwzd^3!Adlm4M#s*WJg{qA$${@$})6BO;Ip-RC4FE|bg zM|MI(XpdaXfBoZ7_Sa#yz!wKLnuk?Dhp&^HWxrbysBTg?UXDg=eE!P7rINU{F@CI~ zxV1j=(Y*fjnL2%uPy5no-fHAwa=rABw_()B#Fm!Zw!3|LrovO(=l_y7Q#WBFz$+|b zq&-)Etmv6eP>+GCq9;UGt1LZT&N+j}(RZ#~!70L&u+|X%vBuVa3TmLCk{*@=!8kPm&LnwzcQV#V75Y5^)dpTa4BvJ!L0OG? z447niT`QkeY;p(dF~0e2fy;J4b*OwQG`5{%9f zE9PS{fg9&4-oI)Xl2?@n0$|G_B$o});|&0`9EZR>o0O{XgO+vGV5|KA@Nsqvj4|@+TbaQBX_q`Zq>yb?p*wS_Jb{+$cLyak#HJn3xjkYQxz_*{Lx;e!vN|Rd zOv4cvUqZG`Tm9j4cLRX4%|OA!76&Y~lgO5aY(uIP8@yNnz-o`pLPjUa3O3!(%~}hv zy;q`WDp{6koGTVl83|6g;8Gf{p8X^(6k?apq#;SFJU+Vhf~_j=1Xh6Zt2GySP0T-b zUm41xN;J{erwu2vs8haj_I(hr-A0q@jvbpnwbE#-wk45hgu;25676`~18i0Y)8>T` zl5LxkdkKIad=@cd(3o|qciEkWrc8q3{JxZ?9dN6+Kf*)f_{jcVl>T=qmsbw{((4#P zp7>FkYNpSvGj!w^nd5$4k(B)0yM*@*v z>K9DqlU&L508JW~GN6g2pB-T?Y3RU9*=iOgUxMevMF1}L81Ul~Gk9C>m5}dCg>w&C z|4{6|3jPp@So_M*I)3E!l_5aGd-cbYp%d}LD#rlB)2|GtPfvV}Ho?bYqmSlK6}GfK zfer!FmFnn;VOK#z|Ek?de!*d_>${1ES!w6(|0>)6714iyxT2$V_UN(Csjb})H|LW_ zsM-{f-BNG;y4$-Jg@=iQj~bfVUdxyKy_5gu*bjH=J#XAHlTX?-m(bDo%fiF#i(uVOB*#^<2gKe|)X8w~506_(-1aU7>j)HpFhAOG?nGdZKMcfaR@`XmKGAKcEP_>TpUWyt-Vg;^v6l6m=v+;qKPLjg*p z0Obe;9#W1dSPT;Ioeg^aMAqGBOL*|DNzF6E_~HZ=Q@5jA79$IjqCw3lkX2&ZegE@% z=f}OwQWI=NavbD@(q#LLxGb!2?tx7FTa+YTw=ks;bQ6s{0)i&#yibCWY$GLaHpLz* ze?+VHTY%`UXAd3~e>R`1c{FGW-RC6qft2Eo$&q7)c`~0NoL#WK{x9`tC|D`0>w39O zAz?shhPV=xem36Sh7}d@{S;Bu?2zsI7dr6x>vp_}I&Nv#J!Nvpja9cOY3yzfQ+0aI z>j|W`UVYwu)dG~&lHG3s$X-GE$-Ok(8qOE^qdCCiI0Op3T=8p&tr_y83UC$_nPc4;|V%-=+6vFRs^t zHG(^<)?yJZBw&?VN0jy$@exb)jgmCr`q_@dhzon}Az9{ChFJ|n=jdgh(1mwr<7z0{ zPTH*vPHh>^mbcGtkI%W7xbKrDZnsWc@A%5#f7`05)W7Y8d^f2?lFLEXL8{xIp^-se zPT5YTrlUiq($L8qP0G-*GhOrKZgHfUji$f^eTIhNL~AQHL#sE8#YsKI(IFpy<(wNG zTd|ut#1)uX&RY9bmi6T>rsU=sv<1Ko#kxl`KPG(AEy?v7!^k_>2Sh_qGR4-eX0Du_ z%t)?6iON@!XD+$7*c?Sy1;)n8b-diNbKNX!krK-Ae1Yw46H9N)uBlnw;=1m_djwG& zUAGX#cO`s4*w3{M$Y+g-{fxe6zVj}fv3iO_u0C|id>0U4F4>0^2EAKVkSq6}q6nqO z{n+JYk)?opw?3-eq~>}_tR}PrG-=4KbWdl;vL;{a(h4J1i^Mf z!qU_`C)Ox-q*S`v+qJpzteE8JW`5bA9sYii2EIE>kv@f#<692rE~q_fJ$v=PB~o9m zT*|q>sS7(D66NzvrpB7(T|4b$PHt4cJ4>_>+;zYjd+$D{BKYoV;3#YmDjco;0z?T5 zJL2964t~%L@oz+k6y8iOrO(jOl@kJ~WYsC9m-50F4-DEPWw$&NJLkNTbH|AJpy%vK)fY#i6ra99oTtirBP!ZI_Hxetu%Y;e@K(#@p z_Hi+}@$zo)rUV1$s7nXwa(XlYg8tf&L&q$g_W<&sln=60;cQtZ$*&yOM1Yc%7ER zS3+WSo`>QhDk5RTNOkoS5U^MK{7qM)xI!D#4Om8%Du`sOIo%mVE}ht*wYQHzSS>gt z7e(SKQP9zGRMte^EL05N|2g?v15gVLc^u6nvKw`t^ImJR#mE2Z$lWFR=k}V1f^-MRAz?J4XQDZ^L(255*f0z60|0g**$Zz-tF_10kJ;j zpDnj$!3XP`L@wbQl|XA9tfy?fg{ZuTxwr!1_X7zzY~2AN)3Ev4Q;4N2K`QUESqT(;LpcIff-+S2@SIq}I_te@BN*0`L7 z*)B9Rg=a`#i`f9wV*mo6n^${AcU3p5^GVn>1)O;suaSA9^)x=hIrr@5V+TvzRDgKUkiR60+WO^mr6aV|S|*#L zh6Q|V)aO;2&}tDR#1j;FUhXM;p>w?v%5`%jX+!cX%sfrsAx5?*9%U|?ijgJKsh)3J zwoNf6S~{aagrkr`>w0eehV6R~UsHnmNAg`+=onNZZ2x@lqB>Bd{Wu$ zHhk)@lv}iOPlwrWu1yC6tcXqfYAv73(JvKO@ETHrvi*$l$LaW!chzP?4j~JAl_T(h zz+t=F(@sOQU8hx4Vt_cie90KAulPTaWSc) z)Ijb&fuk$Wk4|!@)%?H#bc-VUEDQ*)9-*b0KEgw-ngPoWnu7|UeAuk5u*c04O}%4I zU~b4N!UuiQ(uu*^fyhKH#St~jPGnYGWsJ+ju1e=ngO|t6Osw3+M`8=O!lTd%o${Uz zGdA;=McqpGUco{9n1(3a>+x8}4<4}NN8`Y(-eUoTe9w?Uh^ zQJx#X15hN6fZk%cZN_?+pE2rQg%)M@^5#~lK9ngJsDX}9vs%Ltul1e{DccY8QSy%3tK?T%Mk|$?nFt}QfzEY7Vvq0 z$L6|Q3CvZ^_Wh~GbSZSSaJG;K!ZA0IHuZU7dBc1yzlgri{f&`u1(@x&m-3;8Vj0sAsF{dLcF;EznsU`-pcziAy}ee z@_ejUD7g#NinU-~1Jwo?e*81%3{E7CmKujrsK9Vk| zNrIAxG6FMw8b(?H(o1F(tnmDO<^;Wx0#bSh$yd%6=g7wgLLwJqVv+!ixto>W5=nlI z6oi8j48U>_@HZrSfB&F>hPFiiwuX?yo68`%;ej(mxe73X(-Pta)yO}4 z

lA&07vKzPIkbl`SwQFr*u3Y8B#ez5=9J7uN8~D{0fFXFBFY5OL7A^Od0{>-bXW z*un)TCY>x?$+2h%vZMT{zGZ4Q%$Q(y`l2#1r(AWm!xT*WcqE2U{VCc)qXR*%&?&T? zY(PgKx2jjQE2B0rTIKX$B|;~l(fn0v8X-e36jSPXPPI*YhjK^oQ!TIXAasLR95$a< zxss9;oTsxCT-=oXrb#8X0&v3)|9ni#Y_zhbW!Hz3aU0Zv&>c-*7TG~HxlY+}!#_c< z>z4i`GbjV61^)9Q!dFz9O__}H4rd%ptBV7b6F=6nc4S<#zGtcb)Ph1Ic;M$OZwmyA z*87d{*Uph;6?;Zf6tzI9R<{|Fv;H#W>U;idz0}NC(mbg~V8V+^IZJmE;6LAytC@Zm zb6&g__D1Gq=vwS|iasnJuliq7FzW@*c8twWHs=e*~hM=B1ukzN&@KG=UwR6F_ zw`OZQPqCP9Gu}3m7Kl^mNQjH6dP?k*lwE7Algzxx_p}(Ao#6MRyHw%wLq(Ij?g7XT zCyBk3lG)2t0;|{9n;=-dS5{1+G%^cS3yWDqQ&!?|1zC#)ICp?W)~$F``ksAiNVCW$ zec<{Q+Rd`x@^r zIRtM{h3^i31G%oU;a)3W)Qga|wCJV1-;%s$xtTeX^P7gqwY;UU|y;FW; zJAA)2YvZ$j8`|PP275i~%nmS*EdqiOngp=Vo?t>nn00a>vX6p!c~UW;WbZXciK0nx#z$1CU`4u4DM}O#uU8 z{|7kR^|#9pW`4r;EdPhe_`f%l?{4NEwtOUc>R^Z z*7PXhE5ii>$3aWt(NLp)Wb#*rK{<8P$`yRIvPG2ZN^?2#v%HCrKr6?u|DNYx0xVal zZNtWon?Km9XL8&-cTo6w-*{J74L&s@bv^>Ja$4v=zFFb3avArRQ~qJ-yGv3w+7G2( zMIh+MG?|zikGrvZW!1}o*0JbmQUm1sN3Z|kssGhKgnaJ}fYY*WLYf~PC=B#n`EGsh zA7A31s z0X8j5MTOq`Bs2JxL9xaC2EVwigB=MWnw!(#@o4u83L2&@#O^l&Sw*2YG?9a=7(>fG zT}${tD<>+A>RAq}iY{&T|G~AKDz|?pMR$qnucjmL=I1)`!P{)+dDpsAO?tTe-;Tg+VenT&f++i3b1Oh2JSt#4vxq24|1mtL^lPi}Fm&7$cSBs&6ELyvrV@!O-317!oK z?R-eJE!Av4VocWqvl&mipe74G--aGWg!mkY! z%FXdx7ZP-@DfV4jB_DwGm*SNaNl4kH1Uy$Oo9Js)%w4+>mEU;C}n-%~@uI1^9P7zcI&tl)5)zX&vV%PVndP9MSY= zsq~BcSf5d`Pvj>6d?}_H4l>=1SYpSI1ZcjjfQbroiA=&fBs^?YFdE{8Q3j=|ILP>W zL<<|t2mtkaS=%J$P?=k&enU}+~KKlwK;>75I3+P3> zw(yamDRZIaK-5_tHH*yE?qxTPLk{fD4$^?b&cVEj+j=pWk*j|k9Cdi8rT7l1ahoz?C0253W^-JX-6 zltXjjtKtbFhjZFx;&It`PNJtmj=oR3;X3v{(8cVpX9MSK?xLM}CQ{1P8%EsAi zrkhyI`gcQ9Si81xI3F}BWDVzdd*v&`{nKPC?%IXqV*?`lzNrz;eZ*rL^M!om9}Pt# zljXd~-4lJLJVbvGp~s*kzS`|wUIOU!#T~hG*CwwKannh4xJ~`$f=M$t2YF+TQ6R$D z1eBR{Kh_}Q#zj3CXXj-kM*3oOLp-jGdA8~EsKT;+ed#i&P!gaKFY}EzpAX@$hCF&^ z_ox{catAFMlS*1`s;6&{l~TZ#Bbmuy=!|Lxy?t97ie1Lz%T34P9HnJflZu{?9eSkr zY~7vFj!}?*uW-X8A8nvIToQ_!;Q+Rj`v=0FzY(bEMJu%7;f#g}z54MN=pe5b={ieK z`<`2T(h6L;_VN31u66N{pf}q;er0%0w1o*@p7WGn4Vn*(UP#@wc-TZo<@y1HXwCZ*;Usf}~hu$)gGI5v$sk@}Ry8jJ{f=$GCY2FY`_ zs29D~jw8GNf^(j#v)8kG`o_yk z9E6#>!U~uH1$%*7))k?TN3qxVj6D0aB%S?Ey-Js;Pdmikk$%xHq509U<&E;sERW+t z64s)4;>dTv!<;Fqp^v6V-4Y1w4dBqqYDSiZE+#!+$kzeuPob4FZ}sYCJ9OT4IXevb z$^L_z|Bi8tK(}eXluN?c%bb&KR!%2K`J9;}t5w|#ZcRLvky6q1 z{K4d-^brF`9|QAdL+d9xD`^Od{ozNNi|JwG^j@!B;`Os*XV>=s_-qJEDA3xdYpu4g03e* z?xfFtOb0+V?GwwldQC|$oIbnTw0YuU+P_fg%YHy-4p3k|y;q{;Y`N{Z5fP49vo-)Z z{_WuSjUx>ph!lK4DLgu=>h88)%$0a3>aZ7hvQg4mkrX{y^b8+Y;}jRPu48zXUk)x- zcuCB-9H%StIlz5NXY;M{%i62GXHe_s*Q1u)E&LNz^_4HAnOVjp=xj`33{I9s#PfIX zg%!6L{fg1oU)1pU-_x(WXlhu1SbeuO)@2{@Zr9F(!KUuFh+Ea?YB5m#wq^e&@j?B6 za&!K-OZorf?f+lb{$4}qHwz(LcjzT;(8D$bhdc@ZE4Ku znhL0L!LouM{BCKXs$COa#7;aq|0>`lJ$Q9&;&s}S;uOo9QTpjCOGx=pCNtDjMggp_ zR1e1!0DfQ4H7N$fS6{AON?!f5v41?d_~bF=V7qs-t?d)zos8e;I%lXLdwANyLl4I4 z-r; zTla=H`CZ54DGX-pKbc(Vz1M#EqSb>vIC09U|N30uhq2w@J14sXVX^^Z7B=(e!z{3c&c3=4hDkxsdsva`VAOVIStedhbR1ezQiHODE5JEgSrwo-tuU|dM zgs>EwhtXv9Rj)Mr_}en}A-GjyPoiGWZ$Z5p zSm%i*QLFdJMztP-2?|Qc|eaAG#VK(v*@_);Xc3GN#%k;@!+s;Mj z!5qDsPT6jQ)qT50p|f8w!5Rg_QjQs}QTG}rMXV%3#fKvekBmSUNAOKF%BNo_7CN3(J z#Z%L({p~<=Ell%RWF|)0{!1q)Cs0{g+1faaek?vm1N)F0?1Ew02Whb-m-IXglk3&> zW;&G2>LYCD>z%kp<~nYuO=$f3ukG+h<&cDJSP

7~muXGRryMdi`a2ESt~+^ASd z=~&4zTREzD&1wBB>7a=5vjE!}AcTG?_ua+*PLG}iByUA_tS8NJIaWM>!n%ZJUJu|t zSE0tc(;~_^OPQzR8UsoO@0zZM*X$Gc?X869Sog?EIIkTcRlQrE2IbI_ zx}8Hhy}De^ZM@WD6lhRd<8~ZZBQo`3Df^v+C!-VmHcLhKMG;9?0LQ9k+idsQ;yBQ) z6|8aSN0W!D?J)GFKzA}TGc%TE#IRip)wQI0m8JUBCKPs&m}h}3r~^Fdq67{o2sE6& zI_>cHA^4~8`G21}%`jhVKC&{vkN{Kb{xUxW|-8khgo7pI?#oHXzMwre@}mE~#3 z>Z?xz&5!@_cXCBeYWGuY1H&yQ`~&rvIj0Y7vi21gDjoYs#iEQ8gSj}HY(yVM82i(& z|CdTmn@y0ZID!QQbXTV6UV|)7qqLe*f#u-lYQXEQSI?VVm_uSxbl-$*Ix5}LbnX%i z7A)V4sCHK_BS@rmjSrA{mdGWJi`W%nSxaWDJ$GABAK$Tck$0!>j`HH9eRM;GmErV7 zyz^98qPJ@-sy(w8Ar)8=gR?)kRVyOs!=^+>H{~>HcqvYgw<#i=PYr(vyQ~?#rQ_$S zVAFq_h~TBwR9F1893!OGExF9w(GLk2O;6>+V_CBu;3_bG=mTpN?P6buNe&$EKR)U?WNO@YDw(ZL&;lMwsbKC)(_J&&7Zo}Sq9kg<>Z zP=x)zmQfazr@oMCHw*0JzrCagwG!MFeP*ovHPQ5*b~h16U+tRUq*U);Zt&YJFs zzz>v_DI`DAiYQucG4ru!5zMdCWmRh9t*biGZM^0?BeaZMYTlJdmDU+eHu$B&xH9Ol zHuW5RIrdc=EUDDY_niF_&Ionk8oKe*$XkrPg$o`?{j@`r - -## Chapter Overview -In this chapter you will: -* Add some Group Policy Objects (GPOs) to your Active Directory (AD). -* Configure the Windows Event Collector listener service. -* Configure clients to send logs to this box. - -## 1.1 Introduction -This chapter will cover setting up the built-in Windows functionality for event forwarding. This effectively takes the individual events (such as a file being opened) and sends them to a central machine for processing. This is similar to the setup discussed in this [Microsoft blog](https://docs.microsoft.com/en-us/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection). - -Only a selection of events will be sent from the client's โ€˜Event Viewerโ€™ to a central โ€˜Event Collectorโ€™. The events will then be uploaded to the database and dashboard in Chapter 3. -This chapter will require the clients and event collector to be Active Directory domain joined and the event collector to be either a Windows server or a Windows client operating system. - -## 1.2 Firewall rules and where to host -You will need TCP port 5985 open between the clients and the Windows Event Collector. You also need port 5044 open between the Windows Event Collector and the Linux server. - -We recommend that this traffic does not go directly across the Internet, so you should host the Windows Event Collector on the local network, in a similar place to the Active Directory server. - -## 1.3 Download LME -There are several files within the LME repo that need to be available on a domain controller. These files will be needed for both Chapters 1 and 2. While there are multiple ways to accomplish this, one simple method is to download the latest release package. - -1. While on a domain controller, download [the desired release](https://github.com/cisagov/lme/releases/). -2. Open File Explorer, locate and extract the release file downloaded in step 1, for example, LME-1.0.zip. -3. Move the LME folder somewhere safe. There is no set location where this folder is required to be, but it should be saved somewhere it won't be inadvertently modified or deleted during the installation process. After installation is complete, the folder can be safely deleted. - -## 1.4 Import Group Policy objects -Group policy objects (GPOs) are a convenient way to administer technical policies across an Active Directory domain. LME comes with two GPOs that work together to forward events from the client machines to the Event Collector. - -![Group Policy Setup](/docs/imgs/gpo.jpg) -

-Figure 2: Setting up Group Policy -

- -#### 1.4.1 Opening GPMC -While on a domain controller, open the Group Policy Management Console by running ```gpmc.msc```. You can run this command by pressing Windows key + R. - -![import a new object](/docs/imgs/gpo_pics/gpmc.jpg) -

-Figure 3: Launching GPMC -

- -:hammer_and_wrench: If you receive the error `Windows cannot find 'gpmc.msc'`, see [Troubleshooting: Installing Group Policy Management Tools](/docs/markdown/reference/troubleshooting.md#installing-group-policy-management-tools). - -#### 1.4.2 Initialize the GPOs -1. Within the Group Policy Management Console, navigate to the "Group Policy Objects" folder. The exact path will vary, depending on your domain's name. In the example used in Figure 3, the path is `Forest: testme.local / Domains / testme.local / Group Policy Objects`). -2. Right click "Group Policy Objects" and select "New." -3. Create two new GPOs, "LME-WEC-Client" and "LME-WEC-Server." Leave "Source Starter GPO:" as "(none)" for both. - -![create a new object](/docs/imgs/gpo_pics/create_new_object.jpg) -

-Figure 4: Create a new GPO object -

- -#### 1.4.3 Import the GPO Settings -1. Right-click the newly created "LME-WEC-Client" object. Select "Import Settings..." -2. Hit "Next" until you reach the "Backup Location" page of the Wizard. NOTE: the "Backup Location" page of the wizard deals with _importing_ settings from a backup, not to be confused with the "Backup GPO" page, which deals with creating a new backup with the current settings. -3. When prompted to specify a "Backup Location," specify `LME-1.0/Chapter 1 Files/Group Policy Objects`, where `LME-1.0` refers to the folder downloaded in step 1.3. -4. On the "Source GPO" page, select "LME-WEC-Client." -5. Click "Next" then "Finish." -6. Repeat the above steps for the "LME-WEC-Server" object, selecting "LME-WEC-Server" on step 4. - -#### 1.4.4 Set the Destination for Forwarded Events -1. Right-click the "LME-WEC-Client" object, then select "Edit." -2. Navigate to `Computer Configuration/Policies/Administrative Templates/Windows Components/Event Forwarding/`. -3. Click "Configure Target Subscription Manager." By "SubscriptionManagers," click "Show." -4. Change the FQDN (Fully Qualified Domain Name) to match your Windows Event Collector box name - this option can be seen in Figure 5 below. This domain name needs to be resolvable from each of the clients. -5. After changing the FQDN, click "Apply" then "OK." - -![Group Policy Server Name](/docs/imgs/gpoedit.jpg) -

-Figure 5: Editing Server Name In Group Policy -

- -#### 1.4.5 Link the GPOs -To "activate" the GPOs that you previously imported, you need to specify which computers they apply to. Here we describe only one technique of doing this, namely linking GPOs to organizational units (OUs). Advanced users may consider using alternate techniques that better fit their needs. See [Planning GPO Deployment](https://learn.microsoft.com/en-us/windows/security/operating-system-security/network-security/windows-firewall/planning-gpo-deployment) for more information. - -1. Create an OU to hold a subset of client computers that you want to be included in the LME Client group for testing before rolling out LME site-wide. See [Guide to Organizational Units](/docs/markdown/chapter1/guide_to_ous.md). We recommend starting with just a subset for testing before rolling out LME site-wide. -2. Within the Group Policy Management Console, right click the OU containing the client machines. -3. Click "Link an Existing GPO..." -4. Select "LME-WEC-Client," then click "OK." -5. Before linking the LME-WEC-Server, ensure that the Event Collector has been placed in its own OU. If needed, use the above guide on creating OUs in Step 1. -6. Within the Group Policy Management Console, right click the OU containing the Event Collector. -7. Click "Link an Existing GPO..." -8. Select "LME-WEC-Server," then click "OK." - -#### 1.4.6 Restricting Windows Remote Management by IP - -Both the LME-WEC-Server and LME-WEC-Client GPOs include a wildcard filter allowing all IP addresses on the host and client to run a Windows Remote Management (WinRM) Listener and to receive inbound connections using this protocol. **We strongly recommend that this is restricted to IP addresses or ranges specific to your network environment.** - -An example of this would be if you hosted a LAN with the subnet 192.168.2.0/24, then you could only allows NICs residing within the range 192.168.2.1-192.168.2.254 to run a WinRM listener via the GPO policy. - -See Microsoft Document for verification and details: [Installation and configuration for Windows Remote Management](https://docs.microsoft.com/en-us/windows/win32/winrm/installation-and-configuration-for-windows-remote-management) - -The filter setting is located at "Computer Configuration/Policies/Administrative Templates/Windows Components/Windows Remote Management (WinRM)/WinRM Service/allow remote server management through WinRM". - -### 1.5 Windows Event Collector Box Steps -1. On the Windows Event Collector, run Event Viewer by either searching under Start->Run->eventvwr.exe, or under 'Windows Administrative Tools' in the start menu. -2. Click "Subscriptions." -3. If prompted, select "Yes" to start the Windows Event Collector Service (see Figure 6). If no such prompt appears, continue to step 4. - -![image](/docs/imgs/event_viewer_prompt.png) -

-Figure 6: Start the Windows Event Collector Service, if needed. -

- -4. Download the [lme_wec_config.xml](/Chapter%201%20Files/lme_wec_config.xml) file to the Windows Event Collector server. -5. Run a command prompt as an administrator, change to the directory containing the wec_config.xml file you just downloaded. -6. Run the command ```wecutil cs lme_wec_config.xml``` within the elevated command prompt. There is no output displayed after running this command. - -:hammer_and_wrench: If you receive the error "The forwarder is having a problem communicating with subscription manager..." refer to [Events are not forwarded if the collector is running Windows Server](https://support.microsoft.com/en-in/help/4494462/events-not-forwarded-if-the-collector-runs-windows-server-2019-or-2016). If that does not fix the problem or does not apply, verify that TCP port 5985 is open between the clients and the Windows Event Collector. - -## Chapter 1 - Checklist -1. On the Windows Event Collector, Run Event Viewer by either Start->Run->eventvwr.exe, or under โ€˜Windows Administrative Toolsโ€™ in the start menu. -2. Confirm machines are checking in, as per Figure 7. The 'Source Computers' field should contain the number of machines currently connected. - -![Group Policy Setup](/docs/imgs/eventviewer.jpg) -

-Figure 7: Event Log Subscriptions -

- -Note that by default, Windows will update group policy settings only every 90 minutes. Because of this, it's possible that the 'Source Computers' field will be 0 the first time you check the subscriptions page. To force an update, logon to one of the client machines, then from an elevated command prompt, run `gpupdate /force.` After doing that, if you return to the event collector, that specific client should show up under the Source Computers tab. - -## Now move onto [Chapter 2 โ€“ Sysmon Install](/docs/markdown/chapter2.md) diff --git a/docs/markdown/chapter1/guide_to_ous.md b/docs/markdown/chapter1/guide_to_ous.md deleted file mode 100644 index 78ec9158..00000000 --- a/docs/markdown/chapter1/guide_to_ous.md +++ /dev/null @@ -1,37 +0,0 @@ - -## Guide to Organizational Units - -What is an Organizational Unit? -An Organizational Unit can in its simplest form be thought of as a folder to contain Users, Computers and groups. -OUs can be used to select a subset of computers that you want to be included in the LME Client group for testing before rolling out LME site wide. - -### 1 - How to make an OU -**1.1** Open the Group Policy Management Console by running ```gpmc.msc```. You can run this command by pressing Windows key + R. - -![import a new object](/docs/imgs/gpo_pics/gpmc.jpg) -

-Figure 1: Launching GPMC -

- -:hammer_and_wrench: If you receive the error `Windows cannot find 'gpmc.msc'`, see [Troubleshooting: Installing Group Policy Management Tools](/docs/markdown/reference/troubleshooting.md#installing-group-policy-management-tools). - -**1.2** Right click on the domain and select "New Organizational Unit" as seen below. - -![making new ou](/docs/imgs/gpo_pics/new_ou.jpg) -

-Figure 2: Making a new OU -

- -### 2 - Adding clients/servers to OU - -To add Client machines, Servers or Security Groups to a specified OU: - -- Open Active Directory Users and Computers (run `dsa.msc` in the "Run" dialogue box). -- Find the machine(s) that you wish to be in the group and drag and drop the machines into the group. - -![import finished](/docs/imgs/gpo_pics/aduc.jpg) -

-Figure 3: Open Active Directory Users and Computers -

- -:hammer_and_wrench: If you receive the error `Windows cannot find dsa.msc`, see [Troubleshooting: Installing Active Directory Domain Services](/docs/markdown/reference/troubleshooting.md#installing-active-directory-domain-services) diff --git a/docs/markdown/chapter2.md b/docs/markdown/chapter2.md deleted file mode 100644 index 15326292..00000000 --- a/docs/markdown/chapter2.md +++ /dev/null @@ -1,130 +0,0 @@ -# Chapter 2 โ€“ Installing Sysmon - -## Chapter Overview -In this chapter you will: -* Setup a GPO or SCCM job to deploy Sysmon across your clients. - -## 2.1 Introduction -Sysmon is a Windows service developed by Microsoft to generate rich Windows event logs with much more information than the default events created in Windows. Having comprehensive logs is critical in monitoring your system and keeping it secure. The information contained within Sysmon's logs are based on settings defined in an XML configuration file and can be configured to your liking, though templates will be provided to get you started. - -**By following this guide and using Sysmon, you are agreeing to the following EULA. -Please read this before continuing. -https://docs.microsoft.com/en-us/sysinternals/license-terms** - -LME supports either GPO or SCCM Deployment. It is your choice which of these you use, but you should not use both. GPO configuration is recommended, as the process very closely resembles the steps taken in [Chapter 1](/docs/markdown/chapter1/chapter1.md). - -## 2.2 GPO Deployment - -Group Policy Object (GPO) deployment involves adding a GPO to the LME clients that creates a Windows 'Scheduled Task' to install Sysmon. The 'Scheduled Task' will periodically connect to a network folder location and run an install script called 'update.bat' to install Sysmon or modify an existing installation. - -Using Microsoft Group Policy to deploy LME requires two main things: -- A location to host the configuration and executables. (e.g. SYSVOL) -- A Group Policy Object (GPO) to create a scheduled task. - -If you get stuck while trying to add and configure GPO's, refer back to Chapter 1 for a quick refresher. - -### 2.2.1 - Folder Layout -A centralized network folder accessible by all machines that are going to be running Sysmon is needed. We suggest inside the SYSVOL directory as a suitable place since this is configured by default to have very restricted write permissions. -**It is extremely important that the folder contents cannot be modified by users, hence recommending SYSVOL folder.** - -The SYSVOL directory is located on the Domain Controller at `C:\Windows\SYSVOL\SYSVOL\`, where "YOUR-DOMAIN-NAME" refers to your active directory domain name. You can also access it over the network at `\\\SYSVOL\`. As you are adding files to the SYSVOL directory throughout this chapter, you can either add them on the Domain Controller locally or over the network. - -First create an empty directory in SYSVOL (or some other network location of your choosing) called `LME`. Then inside that newly created folder, create another directory called `Sysmon` Then download the below files and copy them to the new directory (if you're using the SYSVOL directory, the path would be ```\\\SYSVOL\\LME\Sysmon```). -- Sysmon64.exe - https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon -- sigcheck64.exe - https://docs.microsoft.com/en-us/sysinternals/downloads/sigcheck -- sysmon.xml - - - Either [Olaf Hartong's Modular Sysmon](https://github.com/olafhartong/sysmon-modular/blob/master/sysmonconfig.xml) or [SwiftOnSecurity's Sysmon](https://github.com/SwiftOnSecurity/sysmon-config/blob/master/sysmonconfig-export.xml) config are the recommended Sysmon configuration (pick one). - - **Using the SwiftOnSecurity XML will ensure the best compatibility with the pre-made dashboards, while Olaf Hartong's modular XML will collect additional data and may be suitable when more robust monitoring is required.** - - These configuration options are a good starting point, but more advanced users will benefit from customization to include/exclude events. - - **You will need to rename the downloaded file to sysmon.xml.** -- update.bat - Found within the folder downloaded in [step 1.3](/docs/markdown/chapter1/chapter1.md#13-download-lme), `Chapter 2 Files/GPO Deployment/update.bat`. (Based on work by Ryan Watson & Syspanda.com) - -Looking in the folder you just created, you should now see the following structure: - -``` -NETWORK_SHARE (e.g. SYSVOL) -โ””โ”€โ”€ LME - โ”œโ”€โ”€ Sysmon - โ”œโ”€โ”€ Sysmon64.exe - โ”œโ”€โ”€ sysmon.xml - โ””โ”€โ”€ update.bat - โ””โ”€โ”€ sigcheck64.exe -``` - -## 2.2.2 Configuring the Update Scripts (If Not SYSVOL) - -**If you used the recommended SYSVOL directory, you may skip this step.** - -Otherwise, edit the variable `NETDIR` in `\Sysmon\update.bat` to match the path to your `LME` folder. For example, if my `LME` folder were located at `\\my-share\read-only\LME`, the line in the scripts should look like this: - -``` -SET NETDIR=\\my-share\read-only\LME -``` - -The line to edit is near the beginning of both scripts. See the below figure for reference: - -![Edit the NETDIR Variable in Both Update Scripts](/docs/imgs/edit-update-script.png) -

-Figure 1: Edit the NETDIR Variable in Both Update Scripts -

- -### 2.2.3 - Scheduled task GPO Policy -This section sets up a scheduled task to run update.bat (stored on a network folder), distributed through Group Policy. - -1. From a domain controller, open the Group Policy Management editor (Windows key + R, "gpmc.msc"). -2. Create a new GPO, "LME-Sysmon-Task." -3. Right-click the newly created "LME-Sysmon-Task" object. Select "Import Settings..." -4. Hit "Next" until you reach the "Backup Location" page of the Wizard. **NOTE:** the "Backup Location" page of the wizard deals with importing settings from a backup, not to be confused with the "Backup GPO" page, which deals with creating a new backup with the current settings. -5. When prompted to specify a "Backup Location," specify `LME-1.0\Chapter 2 Files\GPO Deployment\Group Policy Objects\`, where `LME-1.0` refers to the folder downloaded in [step 1.3](/docs/markdown/chapter1/chapter1.md#13-download-lme). -6. On the "Source GPO" page, select "LME-Sysmon-Task." Click "Next" then "Finish." -7. Right click the same test Organizational Unit (OU) used for the clients in Chapter 1, click "Link an Existing GPO...," then select "LME-Sysmon-Task." Once the GPO is confirmed as working in your environment then you can link the GPO to a larger OU to deploy LME further. -8. Right click the Lme-Sysmon-Task GPO and select "Edit." -9. Navigate to `Computer Configuration\Preferences\Control Panel Settings\Scheduled Tasks\` -10. Double click "LME-Sysmon-Task," then switch to the "Actions" tab. -11. Click "Start a program," then "Edit." -12. Under "Program/Script," click "Browse," then find and select the "update.bat" file, within the SYSVOL folder (see Figure 2). **NOTE:** the SYSVOL path needs to be manually changed to be in the format of a network path. It **cannot** begin with "C:\\Windows". See Figure 2 for clarification. -13. Click "Apply" to apply the changes to the GPO. - -![image](/docs/imgs/sysmon-task-properties.png) -

-Figure 2: Specify the path to the update.bat file as the action for the scheduled test. -

- -At this point, the GPO should be properly configured, but without additional intervention, it could take up to 24 hours for the scheduled task to activate. Before it does, Sysmon will not show up as a service on the clients. However, further steps can be taken to ensure immediate installation. -- View the "Triggers" tab of the "LME-Sysmon-Task-Properties" page. Click "Daily," then "Edit..." Note the start time specified. Each day, starting at that specific time, the LME-Sysmon-Task will run, repeating every 30 minutes. If that time has already passed on the day you created the GPO, the task won't activate for the first time until the following day. Generally speaking, you'll want to set the time to the beginning of the day for complete coverage, but you may consider adjusting it temporarily for testing purposes so that it will activate while you can observe it. -- By default, Windows will update group policy settings only every 90 minutes. You can manually trigger a group policy update by running `gpupdate /force` in an elevated Command Prompt window on a given client to apply the GPO to that specific client immediately. - - -## 2.3 SCCM Deployment -While SCCM deployment is not usually the first choice for the deployment of Sysmon we have included an example install and uninstall PowerShell along with a detection criteria that works with SCCM. - -Files for this portion of the tutorial can be found [here](/Chapter%202%20Files/SCCM%20Deployment/). - -Install Program: -```powershell.exe -Executionpolicy unrestricted -file Install_Sysmon64.ps1``` - -Uninstall program: -```powershell.exe -Executionpolicy unrestricted -file Uninstall_Sysmon64.ps1``` - -Detection method: `File exists - C:\Windows\sysmon64.exe` - -## Chapter 2 - Checklist -1. Ensure that your files and folders in the network share are nested and named correctly. Remember that in Windows, case in filenames or folders does not matter. - -``` -NETWORK_SHARE (e.g. SYSVOL) -โ””โ”€โ”€ LME - โ”œโ”€โ”€ Sysmon - โ”œโ”€โ”€ Sysmon64.exe - โ”œโ”€โ”€ sysmon.xml - โ””โ”€โ”€ update.bat - โ””โ”€โ”€ sigcheck64.exe -``` - -2. Do you have the Sysmon service running on a sample of the clients? You can verify this by logging in to one of the clients and pressing Windows key + R, running "services.msc," and searching to see if Sysmon is listed as an active service. -3. Is the Sysmon Eventlog showing data? On one of the clients, open Event Viewer and look in Applications and Services Logs/Microsoft/Windows/Sysmon/Operational. -4. Are you seeing Sysmon logs show up on the Event Collector? On the Event Collector, open Event Viewer and look in the Windows Logs/Forwarded Events folder. - -If any problems are found, restart all of your machines and see [Troubleshooting | Chapter 2 - Installing Sysmon](reference/troubleshooting.md#chapter-2---installing-sysmon) for additional tips. - -## Now move onto [Chapter 3 - Installing the ELK Stack and Retrieving Logs](/docs/markdown/chapter3/chapter3.md) diff --git a/docs/markdown/chapter3/chapter3.md b/docs/markdown/chapter3/chapter3.md deleted file mode 100644 index c963ca22..00000000 --- a/docs/markdown/chapter3/chapter3.md +++ /dev/null @@ -1,274 +0,0 @@ -# Chapter 3 โ€“ Installing the ELK Stack and Retrieving Logs - -## Chapter Overview -In this chapter you will: -* Install a new Linux server for events to be sent to. -* Run a script to: - * install Docker. - * secure the Linux server. - * secure the Elasticsearch server. - * generate certificates. - * deploy the LME Docker stack. -* Configure the Windows Event Collector to send logs to the Linux server. - -## Introduction -This section covers the installation and configuration of the Database and search functionality on a Linux server. We will install the โ€˜ELKโ€™ Stack from Elasticsearch for this portion. - -What is the ELK Stack? -"ELK" is the acronym for three open projects which come at no cost to users: Elasticsearch, Logstash, and Kibana. Elasticsearch is a search and analytics engine. Logstash is a serverโ€‘side data processing pipeline that ingests data from multiple sources simultaneously, transforms it, and then sends it to a "stash" like Elasticsearch. Kibana lets users visualize data with charts and graphs in Elasticsearch. - -![Elkstack components](/docs/imgs/elkstack.jpg) -

-Figure 1: Elastic Stack components -

- -Elasticsearch, Logstash, Kibana, and Winlogbeat are developed by [Elastic](https://www.elastic.co/). Before following this guide and running our install script, you should review and ensure that you agree with the license terms associated with these products. Elasticโ€™s license terms can be found on their GitHub page [here](https://github.com/elastic). By running our install script you are agreeing to Elasticโ€™s terms. - -This script also makes use of use of Docker Community Edition (CE). By following this guide and using our install script you are agreeing to the Docker CE license, which can be found [here](https://github.com/docker/docker-ce/blob/master/LICENSE). - -## 3.1 Getting Started -During the installation guide below you will see that the majority of steps are carried out automatically. Commands or file paths are highlighted in grey boxes. - -You will need a Linux box for this portion, **The deploy script is only tested on Ubuntu Long Term Support (LTS) editions that are currently supported by Docker ([see here](https://docs.docker.com/engine/install/ubuntu/)).** In addition, only installation on a single server is supported. Please see [the resilience documentation](/docs/markdown/chapter3/resilience.md) for more details. - -### 3.1.1 Firewall Rules -You will need port 5044 open for the event collector to send data into the database (on the Linux server). To be able to access the web interface you will need to have firewall rules in place to allow access to port 443 (HTTPS) on the Linux server. - -### 3.1.2 Web Proxy Settings -If the ELK stack is being deployed behind a web proxy and Docker isn't configured to use the proxy, the deploy script can hang without completing due to Docker being unable to pull the required images. - -**If your setup does not include a web proxy, skip straight to step 3.2.** - -Otherwise, to configure Docker to use the web proxy in your environment, do the following before running the deployment script: - -1. Determine the IP address and port of the proxy. -2. Create a systemd drop-in directory for the Docker service: -``` -sudo mkdir -p /etc/systemd/system/docker.service.d -``` -3. Create a file named /etc/systemd/system/docker.service.d/http-proxy.conf that adds the HTTP_PROXY and HTTPS_PROXY environment variables (keep/delete as required for your environment, substituting the IP address/port determined in step 1): -``` -[Service] -Environment="HTTP_PROXY=http://[proxy address or IP]:[proxy port]" -Environment="HTTPS_PROXY=https://[proxy address or IP]:[proxy port]" -``` -4. Reload the service daemon: -``` -sudo systemctl daemon-reload -``` - -Check the [official Docker documentation](https://docs.docker.com/config/daemon/systemd/#httphttps-proxy) for this process, including details on how to bypass the proxy if you have internal image registries which need to be reachable from this host. - -## 3.2 Install LME the easy way using our script - -### 3.2.1 Preparing to Run the Script - -At the time of writing, security updates are only supported for Ubuntu, so please install Ubuntu on a new virtual or physical machine. You may have already done this as part of the pre-requisites in the initial readme file. - -You will also need the IP address and domain name of the Linux server to run the install script. - -To find the IP address, run `ip addr` from the Linux server and look for the IP address after the indicator `inet`. The IP address needs to be reachable from the event collector. See [What firewall rules are needed?](/docs/markdown/prerequisites.md#what-firewall-rules-are-needed) for more details. - -The domain name needs to be resolvable from the event collector. If you're unsure what the server's domain name is, in some cases, it may just be the hostname of local machine, which you can find by running `hostname` from the Linux server. To verify if this is resolvable from the event collector, open PowerShell on the event collector and run `Resolve-DnsName MYDOMAINNAME`, where "MYDOMAINNAME" refers to the domain name of the Linux server. If successful, it will return the IP address of the Linux server. If not, an error such as "DNS name does not exist" error will be returned. In this case, you may need to add a DNS record on the domain controller that points to the Linux server. See [Manage DNS resource records](https://learn.microsoft.com/en-us/windows-server/networking/dns/manage-resource-records?tabs=powershell) to learn more about doing this. - -### 3.2.2 Running the Script - -**The script will prompt for the following:** - -1. Confirmation of intrusive actions that will modify your system docker and apt installed files. -2. Asking for input of the IP address of the local machine. It should automatically populate it with the server's correct local IP address on your network. If not, fill in the IP you found in [Section 3.2.1](#321-preparing-to-run-the-script). -3. Asking for input of the Fully-qualified Domain Name (aka `hostname`) of the local machine (the ELK server). Type in the ELK server's domain name you determined in [Section 3.2.1](#321-preparing-to-run-the-script). -4. Presenting the option of automatically generating self-signed TLS certificates or importing pre-generated certificates. By default self-signed certificates will be used, which will have a validity of two years from the date of install, after which they will need to be renewed. -5. Skipping the Docker installation process. This is available for the case that you already have docker installed. -6. An old elastic user password. If you are installing on top of a previous LME installation, you will need to provide your old LME elastic user password, so the install can properly authenticate with your previous systems. - -Now that you have an Ubuntu machine ready to go as well as its local IP address and hostname, SSH into your Linux server and run the following commands to install LME: - -``` -# Install Git client to be able to clone the LME repository -sudo apt update -sudo apt install git -y -# Download a copy of the LME files -sudo git clone https://github.com/cisagov/lme.git /opt/lme/ -# Change to the LME directory containing files for the Linux server -cd /opt/lme/Chapter\ 3\ Files/ -# Execute script with root privileges -sudo ./deploy.sh install -``` - -Running the above commands will: - -1. Enable auto security updates (Ubuntu Only) -2. Update the system - - Note that the script may request a reboot after running initial updates, especially if it's a new system or one that has not been updated for a long time. Reboot the system and run the script again to continue. -3. Generate TLS certificates. (Optional) -4. Install Docker Community Edition. - - Note that this action is destructive and assumes docker is not installed. Either indicate in the prompt you wish to skip installing docker **OR** uninstall docker before proceeding -5. Configure Docker to run ELK. -6. Change Elasticsearch configuration, including retention based upon disk size. -7. update read/write permission recursively on `/opt/lme` so that only the owner can read the files in that directory. This ensures only root can read the files that get created/written during deploy.sh. If you created that directory as root you will have permission errors. Access the directory using a root shell OR change the permissions for the `/opt/lme` directory so that a regular user can read it if you desire. - - -For details on how to regenerate these certificates, or for instructions in generating and importing certificates from an existing root Certificate Authority (CA) please see the full [certificates documentation](/docs/markdown/maintenance/certificates.md). - -After the script finishes running, it will output a number of usernames and passwords for use when accessing the dashboard and for the internal systems. - -The usernames and passwords will be provided in a message similar to below. - -``` -################################################################################## -## Kibana/Elasticsearch Credentials are (these will not be accessible again!!!!) ## -## -## Web Interface login: -## elastic: -## -## System Credentials -## kibana: -## logstash_system: -## logstash_writer: -## dashboard_update: -################################################################################## -``` -**It is important that these are safely stored. Access to these passwords would allow an attacker to erase the logs. They will also not be accessible again, so store them immediately.** - -### 3.2.3 Updating Log Retention Policy - -The amount of logs that are retained in Logstash is calculated in the deploy script based upon 80% of the machine's disk size. The calculated size will be displayed as an output of the script. - -If you wish to update log retention time, refer to the [Retention doc](/docs/markdown/logging-guidance/retention.md) after you have completely installed LME. - -**Note:** The software starts deleting events based upon whichever retention criteria is met first. - -### 3.2.4 Download Files for Windows Event Collector - -The deploy.sh script has created files on the Linux server that need to be copied across and used on the Windows Event Collector server. The files have been zipped for convenience, with the filename and location ``` /opt/lme/files_for_windows.zip ```. - -There are many ways you can copy files to and from Linux servers. Three of them are detailed below. - -#### Method 1: WinSCP -You can use the WinSCP application (found [here](https://winscp.net/eng/download.php)) for a nice graphical interface to download the files. Enter your Linux server's IP address in the Host name field and your username and password. Click "Login", and then navigate to `/opt/lme` to find `files_for_windows.zip`. - -![WinSCP Login Prompt](/docs/imgs/winscp.jpg) -

-Figure 4: WinSCP Login Prompt -

- - - If you have a keyfile instead of a password (for example, when accessing AWS servers), see [this article](https://docs.aws.amazon.com/transfer/latest/userguide/getting-started-use-the-service.html). - -#### Method 2: Windows Native SCP -SFTP and SCP have been bundled in Windows since 2018 and will suffice if you're comfortable with a command line. To download the files from the ELK server to your desktop, run the following in a powershell window on the Event Collector, filling in `` with your Linux username and `` with the IP address of the Linux server: - -``` -scp @:/opt/lme/files_for_windows.zip $env:UserProfile\Desktop -``` - -The command will ask for a password to connect. Enter your password and press enter to authenticate. *Don't worry if you don't see anything appear as you type; this is by design to keep your password hidden!* - -`files_for_windows.zip` should then be downloaded to your desktop. - -#### Method 3: Web Server -You can also download the file over a Python HTTP server, included on Linux by default. On the Linux server, running the below commands will copy the zip file into your home directory, and host an HTTP server listening on port 8000. - -\*\***This will download the files over http which is not encrypted, -so ensure you trust the network you're downloading the zip file over**\*\* - -``` -mkdir -p ~/files_for_windows -cp /opt/lme/files_for_windows.zip ~/files_for_windows/ -cd ~/files_for_windows -python3 -m http.server -``` - -After that you can use any web browser to navigate to `http://:8000` where `` is the IP address of the Linux server. Click the file named `files_for_windows.zip` to download it to your downloads folder. **Be sure to stop the HTTP server after you download the file.** - - - Alternatively, you can also run the following in a Powershell window on the ELK server to download the file to your desktop (make sure the HTTP server is running before you run this command): - - ``` - wget http://:8000/files_for_windows.zip -OutFile $env:UserProfile\Desktop\files_for_windows.zip - ``` - -## 3.3 Configuring Winlogbeat on Windows Event Collector Server - -Now you need to install Winlogbeat on the Windows Event Collector. Winlogbeat reads Event Viewer on the Windows Event Collector (based upon a configuration file) and sends them to your Linux server. - -### 3.3.1 Files Required - -Whichever method you used in [step 3.2.4](#324-download-files-for-windows-event-collector), you should have downloaded the `files_for_windows.zip` archive containing the following files: - - root-ca.crt - - wlbclient.key - - wlbclient.crt - - winlogbeat.yml - -These are certificates, keys, and configuration files required for the Event Collector to securely transfer event logs to the Linux ELK server. - -**Download winlogbeat:** - -You will also require the latest supported version of `Winlogbeat`. You can download it as a zip file from Elastic's website [here](https://artifacts.elastic.co/downloads/beats/winlogbeat/winlogbeat-8.5.0-windows-x86_64.zip). **The current version officially supported by LME is 8.5.0.** - -### 3.3.2 Install Winlogbeat -On the Windows Event Collector server extract the 'files_for_windows.zip' archive and copy the 'lme' folder (contained within 'tmp' inside the extracted files) to the following location: - -``` -C:\Program Files\lme -``` -Next, unzip the downloaded winlogbeat zip file and copy its contents into the ```C:\Program Files\lme\``` folder. The resultant folder should look like the image below, noting that the specific version of winlogbeat in use may differ slightly: - -![Winlogbeat Install Location](/docs/imgs/winlogbeat-location.png) -

-Figure 3: Winlogbeat Install Location -

- -Then, move the 'winlogbeat.yml' file located at ```C:\Program Files\lme\winlogbeat.yml``` into the winlogbeat folder ```C:\Program Files\lme\winlogbeat-8.[x].[y]-windows-x86_64```, overwriting the existing file when prompted to do so. - -Now, open PowerShell as an administrator and run the following command from the winlogbeat directory, allowing the script to run if prompted to do so: ```./install-service-winlogbeat.ps1``` - -If you receive a permissions error you can run ```Set-ExecutionPolicy Unrestricted -Scope Process``` to be able to run the installer. - -![Winlogbeat Install Script](/docs/imgs/winlogbeat-install.png) -

-Figure 4: Winlogbeat Install Script - -Then in the same PowerShell window start the winlogbeat service by running: - -``` -Start-Service winlogbeat -``` - -Lastly, open ```services.msc``` as an administrator, and make sure the winlogbeat service is installed, is set to start automatically, and is running: - -![Winlogbeat Service Running](/docs/imgs/winlogbeat-running.png) -

-Figure 5: Winlogbeat Service Running - - -## Trusting the certs that secure LME's services - -Theres a few steps we need to follow to trust the self-signed cert: -1. Grab the self-signed certificate authority for LME (done in step [3.2.4](#324-download-files-for-windows-event-collector)). -2. Have our clients trust the certificate authority (see command below). - -This will trust the self signed cert and any other certificates it signs. If this certificate is stolen by an attacker, they can use it to trick your browser into trusting any website they setup. Make sure this cert is kept safe and secure. - -We've already downloaded the self-signed cert in previous steps in Chapter 3, so now we just need to tell Windows to trust the certificates our self-signed cert has setup for our LME services. - -### Commands: -These commands should be run on every computer that will access the Kibana front end for LME's Elastic deployment. (i.e https://) - -1. Start a Powershell prompt as administrator -2. Import the certificate: -``` -Import-Certificate -FilePath 'C:\Program Files\lme\root-ca.crt' ` - -CertStoreLocation "Cert:\LocalMachine\Root" -``` - -## Chapter 3 - Checklist - -1. Check `services.msc` on the Windows Event Collector. Does `winlogbeat` show as running and automatic? -2. On the Linux machine, check the output of `sudo docker stack ps lme` . You should see `lme_elasticsearch`, `lme_kibana`, and `lme_logstash` all in the 'current' state of โ€˜runningโ€™ -3. You should now be able to access Kibana by browsing to `https://`, where `` is the IP or hostname of your Linux server. The username and password is provided from the script in [Section 3.2.2: Running the Script](#322-running-the-script), specifically the credentials under `Web Interface login` (the username is elastic). - -### Troubleshooting - -Should problems arise in transferring logs from the Event Collector to the ELK server, useful logs can be found in `%PROGRAMDATA%\winlogbeat` on the Windows Event Collector. See [Troubleshooting: Chapter 3](/docs/markdown/reference/troubleshooting.md#chapter-3---installing-the-elk-stack-and-retrieving-logs) for more information. - -## Now move onto [Chapter 4 - Post Install Actions ](/docs/markdown/chapter4.md) diff --git a/docs/markdown/chapter3/resilience.md b/docs/markdown/chapter3/resilience.md deleted file mode 100644 index faf4fa2e..00000000 --- a/docs/markdown/chapter3/resilience.md +++ /dev/null @@ -1,15 +0,0 @@ -# LME Resilience - -The Elasticsearch Stack components of LME are installed on a single server using -Docker for Linux, and this is the only supported installation. However, **if LME -is installed on a single server and the hard drive fails or the server crashes -then there is the potential for all of the logs to be lost.** It is therefore -recommended that LME installers aim to configure a multi-server cluster to help -ensure data resiliency. - -The [Elastic website](https://www.elastic.co/) contains documentation about how -to install and configure multi-server clusters and in particular mentions the -requirement for a minimum of three master nodes (which in turn implies a minimum -of two data nodes) in their [node documentation](https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-node.html). -LME users should follow the official guidance when configuring their own -cluster. diff --git a/docs/markdown/chapter4.md b/docs/markdown/chapter4.md deleted file mode 100644 index 9c2f4cb7..00000000 --- a/docs/markdown/chapter4.md +++ /dev/null @@ -1,118 +0,0 @@ -# Chapter 4 - Post Install Actions - -## Chapter Overview -In this chapter we will: -* Log in to Kibana in order to view your logs -* Check you are getting logs from your clients -* Enable the default detection rules -* Learn the basics of using Kibana - -## 4.1 Initial Kibana setup - -Once you have completed chapters 1 to 3, you can import a set of Kibana dashboards that we have created. These will help visualize the logs, and answer questions like 'What patch level are my clients running?'. - -In a web browser, navigate to ```https://your_Linux_server``` and authenticate with the credentials provided in [Chapter 3.2](/docs/markdown/chapter3/chapter3.md#32-install-lme-the-easy-way-using-our-script). - -### 4.1.1 Import Initial Dashboards - -As of version 0.4 of LME, the initial process of creating an index and importing the dashboards should be handled automatically as part of the install process. This means upon logging in to Kibana a number of the dashboards should automatically be visible under the โ€˜Dashboardโ€™ tab on the left-hand side. - -If an error was encountered during the initial dashboard import then the upload can be reattempted by running the dashboard update script created within the root LME directory (**NOT** the one in 'Chapter 3 Files'): - -``` -sudo /opt/lme/dashboard_update.sh -``` - -:hammer_and_wrench: If this does not resolve the issue or you wish to manually import the dashboards for whatever reason, see [Troubleshooting: Manual Dashboard Install](/docs/markdown/reference/troubleshooting.md#manual-dashboard-install) for the previous installation instructions. - - -### 4.1.2 Check you are receiving logs - -While on the Elastic home page, click on the hamburger icon on the left, then under "Analytics," find and click "Dashboard." From there, find and select "User Security." This will show a dashboard similar to Figure 2. - -

- -

-

-Figure 2 - The LME NEW - User Security - Overview -

- -In the top right hand corner, click on the calendar icon to the left of "Last 15 minutes" and select "Today." This will change the date range to only include today's data, and the dashboard will then have an accurate representation of machines that have been sending logs. Changing to "Last 7 days" will be useful in the future to visualize logs over time. - -## 4.2 Enable Alerts - -Click on the hamburger icon on the top left, then under "Security," navigate to "Alerts" (in older versions, this may be titled "Detections"). - -From here navigate to "Manage Rules" (In older versions, this may be titled "Manage Detection Rules"): - -![Enable siem](/docs/imgs/siem2.png) - -Once this has been done, select the option to "Load Elastic prebuilt rules and timeline templates": - -![Enable siem](/docs/imgs/siem3.png) - -Once the prebuilt Elastic rules are installed, filter from the "Tags" option and select "Windows": - -![Enable siem](/docs/imgs/siem4.png) - -From here, ensure that the maximum number of rows is shown so that all of the relevant rules can be selected at once (In recent versions, there is an ability to "Select All" rows): - -![Enable siem](/docs/imgs/siem5.png) - -Lastly, select all of the displayed rules, expand "Bulk actions" and choose "Enable": - -![Enable siem](/docs/imgs/alert-enable-menu.png) - -In recent versions of Elastic that include Machine Learning rules (rules with the "ML" tag), you may receive errors when performing bulk actions: - -![Rules_Error](/docs/imgs/rules_error.png) - -Rules without the "ML" tag should still be activated through this bulk action, regardless of this error message. Use of "ML" rules require Machine Learning to be enabled, which is part of Enterprise and Platinum Elastic subscriptions. - -### 4.2.1 Add rule exceptions - -Depending on your environment it may be desirable to add exceptions to some of the built-in Elastic rules shown above to prevent false positives from occurring. These will be specific to your environment and should be tightly scoped so as to avoid excluding potentially malicious behavior, but may be beneficial to filter out some of the benign behavior of LME (for example to prevent the Sysmon update script creating alerts). - -An example of this is shown below, with further information available [here](https://www.elastic.co/guide/en/security/current/detections-ui-exceptions.html). - -First, navigate to the "Manage Detection Rules" section as described above, and then search for and select the rule you wish to add an exception for: - -![Select Rule](/docs/imgs/select-rule.png) - -Then navigate to the "Exceptions" tab above the "Trend" section and then select "Add new exception": - -![Exceptions](/docs/imgs/exceptions.png) - -![Add Exceptions](/docs/imgs/add-exceptions.png) - -From here, configure the necessary exception, taking care to ensure that it is tightly scoped and will not inadvertently prevent detection of actual malicious behavior: - -![Example Exception](/docs/imgs/example-exception.png) - -Note that in this instance the following command line value has been added as an exception, but the ```testme.local``` domain would need to be updated to match the location you installed the update batch script to during the LME installation, the same value used to update the scheduled task as described [here](/docs/markdown/chapter2.md#222---scheduled-task-gpo-policy). - -``` -C:\Windows\SYSTEM32\cmd.exe /c "\\testme.local\SYSVOL\testme.local\Sysmon\update.bat" -``` - -## 4.3 Learning how to use Kibana - -If you have never used Kibana before, Elasticsearch has provided a number of videos exploring the features of Kibana and how to create new dashboards and analytics. https://www.youtube.com/playlist?list=PLhLSfisesZIvA8ad1J2DSdLWnTPtzWSfI - -Kibana comes with many useful features. In particular, make note of the following: - -### 4.3.1 Dashboards -Found under "Analytics" -> "Dashboard," dashboards are a great way to visualize LME data. LME comes with several dashboards. Take some time to get familiar with the different dashboards already available. If interested in creating custom dashboards, see the link above for some starting points offered by Elasticsearch. - -Note: If you make changes to the dashboards that LME provides, be sure to save your changes to a dashboard with a different name. Otherwise, your changes will be overwritten when you upgrade LME. - -### 4.3.2 Discover -Found under "Analytics" -> "Discover," Discover allows you view raw events and craft custom filters to find events of interest. For example, to inspect all DNS queries made on a computer named "Example-1," you could insert the following query where it says "Filter your data using KQL syntax": -``` -event.code: 22 and host.name: Example-1 -``` - -See [Kibana Query Language](https://www.elastic.co/guide/en/kibana/current/kuery-query.html) for more information on building queries like this. - -### 4.3.3 Alerts -Found under "Security" -> "Alerts," alerts are a powerful tool that helps automate detection of suspicious events. Review section [4.2 Enable Alerts](#42-enable-alerts) for help configuring alerts. See [Dections and alerts](https://www.elastic.co/guide/en/security/current/detection-engine-overview.html) to learn more. diff --git a/docs/markdown/logging-guidance/cloud.md b/docs/markdown/logging-guidance/cloud.md new file mode 100644 index 00000000..b8da5737 --- /dev/null +++ b/docs/markdown/logging-guidance/cloud.md @@ -0,0 +1,43 @@ +# Logging Made easy in the cloud + +These docs attempt to answer some FAQ and other documentation around Logging Made easy in the cloud. + +## Does LME run in the cloud? +Yes, Logging Made easy is a simple client-server model, and Logging Made Easy can be deployed in the cloud for cloud infrastructure or in the cloud for on-prem machines. + +### Deploying LME in the cloud for on prem systems: +In order for the LME agents to talk to LME in the cloud you'll need to ensure the clients you want to monitor can communicate through: 1) the cloud firewall AND 2) logging Made easy's own server firewall. + +![cloud firewall](/docs/imgs/lme-cloud.jpg) + +The easiest way is to make sure you can hit these LME server ports from the on-prem client: + - WAZUH ([DOCS](https://documentation.wazuh.com/current/user-manual/agent/agent-enrollment/requirements.html)): 1514,1515 + - Agent ([DOCS](https://www.elastic.co/guide/en/elastic-stack/current/installing-stack-demo-self.html#install-stack-self-elastic-agent)): 8220 + +You'll need to make sure the Cloud firewall is setup to allow those ports. On azure, this is a NSG rule you'll need to set for the LME virtual machine. + +Then on LME, you'll want to make sure you have either the firewall disabled (if you're using hte cloud firewall as the main firewall): +``` +lme-user@ubuntu:~$ sudo ufw status +Status: inactive +``` +or that you have the firewall rules enabled: +``` +lme-user@ubuntu:~$ sudo ufw status +Status: active + +To Action From +-- ------ ---- +1514 ALLOW Anywhere +1515 ALLOW Anywhere +22 ALLOW Anywhere +8220 ALLOW Anywhere +1514 (v6) ALLOW Anywhere (v6) +1515 (v6) ALLOW Anywhere (v6) +22 (v6) ALLOW Anywhere (v6) +8220 (v6) ALLOW Anywhere (v6) +``` + +### Deploying LME for cloud infrastructure: + +Every cloud setup is different, but as long as the LME server is on the same network and able to talk to the machines you want to monitor everything should be good to go. diff --git a/docs/markdown/reference/dev-notes.md b/docs/markdown/reference/dev-notes.md new file mode 100644 index 00000000..b4dfbeba --- /dev/null +++ b/docs/markdown/reference/dev-notes.md @@ -0,0 +1,163 @@ +# Dev notes: +TODO update these to be relevant/new + +Notes to convert compose -> quadlet +1. start the containers with compose +2. podlet generate from the containers created + +### compose: +running: +```shell +podman-compose up -d +``` + +stopping: +```shell +podman-compose down --remove-orphans + +#only run if you want to remove all volumes: +podman-compose down -v --remove-orphans +``` + +### install/get podlet: +``` +#https://github.com/containers/podlet/releases +wget https://github.com/containers/podlet/releases/download/v0.3.0/podlet-x86_64-unknown-linux-gnu.tar.xz +#add it to path: +cp ./podlet-x86_64-unknown-linux-gnu/podlet .local/bin/ +``` + +### generate the quadlet files: +[DOCS](https://docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html), [BLOG](https://mo8it.com/blog/quadlet/) + +``` +cd ~/LME-PRIV/quadlet + +for x in $(podman ps --filter label=io.podman.compose.project=lme-2-arch -a --format "{{.Names}}");do echo $x; podlet generate container $x > $x.container;done +``` + +### dealing with journalctl logs: +https://unix.stackexchange.com/questions/638432/clear-failed-states-or-all-old-logs-from-systemctl-status-service +``` +#delete all logs: +sudo rm /var/log/journal/$STRING_OF_HEX/user-1000* +``` + +### debugging commands: +``` +systemctl --user stop lme.service +systemctl --user status lme* +systemctl --user restart lme.service +journalctl --user -u lme-fleet-server.service +systemctl --user status lme* +cp -r $CLONE_DIRECTORY/config/ /opt/lme && cp -r $CLONE_DIRECTORY/quadlet /opt/lme +systemctl --user daemon-reload && systemctl --user list-unit-files lme\* +systemctl --user reset-failed +podman volume rm -a + +###make sure all ports are free as well: +sudo ss -tulpn +``` + +### password setup stuff: +#### setup the config directory +This will setup the container config so it uses ansible vault for podman secret creation AND sets up the proper ansible-vault environment variables. + +``` +ln -sf /opt/lme/config/containers.conf $HOME/.config/containers/containers.conf +#preserve `chmod +x` executable +cp -rTp config/ /opt/lme/config +#source our password env var: +. ./scripts/set_vault_key_env.sh +#create the vault directory: +/opt/lme/vault/ +``` + +#### create password file: +This will setup the ansible vault files in the expected paths +``` +ansible-vault create /opt/lme/vault.yml +``` + +### **Manual Install OLD**( optional if not running ansible install): +``` +export CLONE_DIRECTORY=~/LME-PRIV/lme-2-arch +#systemd will setup nix: +#Old way to setup nix if desired: sh <(curl -L https://nixos.org/nix/install) --daemon +sudo apt install jq uidmap nix-bin nix-setup-systemd + +sudo nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs +sudo nix-channel --update + +# Add user to nix group in /etc/group +sudo usermod -aG nix-users $USER + +#install podman and podman-compose +sudo nix-env -iA nixpkgs.podman + +# Set the path for root and lme-user +#echo 'export PATH=$PATH:$HOME/.nix-profile/bin' >> ~/.bashrc +echo 'export PATH=$PATH:/nix/var/nix/profiles/default/bin' >> ~/.bashrc +sudo sh -c 'echo "export PATH=$PATH:/nix/var/nix/profiles/default/bin" >> /root/.bashrc' + +#to allow 443/80 bind and setup memory/limits +sudo NON_ROOT_USER=$USER $CLONE_DIRECTORY/set_sysctl_limits.sh + +#export XDG_CONFIG_HOME="$HOME/.config" +#export XDG_RUNTIME_DIR=/run/user/$(id -u) + +#setup user-generator on systemd: +sudo $CLONE_DIRECTORY/link_latest_podman_quadlet.sh + +#setup loginctl +sudo loginctl enable-linger $USER +``` + +Quadlet configuration for containers is in: `/quadlet/` +1. setup `/opt/lme` thats the running directory for lme: +```bash +sudo mkdir -p /opt/lme +sudo chown -R $USER:$USER /opt/lme +cp -r $CLONE_DIRECTORY/config/ /opt/lme/ +cp -r $CLONE_DIRECTORY/quadlet/ /opt/lme/ + +#setup quadlets +mkdir -p ~/.config/containers/ +ln -s /opt/lme/quadlet ~/.config/containers/systemd + +#setup service file +mkdir -p ~/.config/systemd/user +ln -s /opt/lme/quadlet/lme.service ~/.config/systemd/user/ +``` + +### pull and tag all containers: +This will let us maintain the lme container versions using the `LME_LATEST` tag. Whenever we update, we change the local image to point to the newest update, and run `podman auto-update` to update the containers. + +**NOTE TO FUTURE SELVES: NEEDS TO BE `LOCALHOST` TO AVOID REMOTE TAGGING ATTACK** + +```bash +sudo mkdir -p /etc/containers +sudo tee /etc/containers/policy.json <= min_length + fail_msg: "Input is too short. It should be at least {{ min_length }} characters long." + + - name: Generate SHA-1 hash of the password + shell: "echo -n '{{ ansible_vault_password }}' | openssl sha1 | awk '{print $2}'" + args: + executable: /bin/bash + register: password_hash + + - name: Set prefix and suffix + set_fact: + prefix: "{{ password_hash.stdout[0:5] }}" + suffix: "{{ password_hash.stdout[5:] }}" + + - name: Check against HIBP API + uri: + url: "https://api.pwnedpasswords.com/range/{{ prefix }}" + method: GET + return_content: yes + register: hibp_response + + - name: Fail if password is found in breaches + fail: + msg: "The password has been found in breaches... this should only happen if you provided a password via the cli... choose a different password" + when: hibp_response.content | regex_search(suffix) + + - name: Create global config directory + file: + path: "{{ config_dir }}" + state: directory + mode: '0700' + + - name: Create user config directory + file: + path: "{{ user_config_dir }}" + state: directory + mode: '0700' + + - name: Create user vault directory + file: + path: "{{ user_vault_dir }}" + state: directory + mode: '0700' + + - name: check if vault-pass.sh is created + stat: + path: "{{ password_file }}" + register: pass_file + become: yes + + - name: Create vault-pass.sh with secure permissions (only if it doesn't exist!) + copy: + dest: "{{ password_file }}" + content: | + #!/bin/bash + echo "{{ ansible_vault_password }}" + mode: '0700' + when: not pass_file.stat.exists + + - name: Ensure ANSIBLE_VAULT_PASSWORD_FILE is set in .profile + lineinfile: + path: /root/.profile + line: "export ANSIBLE_VAULT_PASSWORD_FILE=\"{{ password_file }}\"" + state: present + + - name: Setup Podman secrets configuration + copy: + dest: "{{ user_secrets_conf }}" + content: | + [secrets] + driver = "shell" + + [secrets.opts] + list = "ls {{ user_vault_dir }}" + lookup = "ansible-vault view {{ user_vault_dir }}/$SECRET_ID | tr -d '\n'" + store = "cat > {{ user_vault_dir }}/$SECRET_ID && chmod 700 {{ user_vault_dir }}/$SECRET_ID && ansible-vault encrypt {{ user_vault_dir }}/$SECRET_ID" + delete = "rm {{ user_vault_dir }}/$SECRET_ID" + mode: '0600' + +- name: Setup Nix + hosts: localhost + connection: local + become: no # Default to no privilege escalation + vars: + clone_directory: "{{ clone_dir | default('~/LME') }}" + install_user: "{{ ansible_user_id }}" + tasks: + - name: Update apt cache apt: update_cache: yes @@ -95,26 +244,27 @@ set_fact: ansible_env: "{{ ansible_env | combine({'PATH': ansible_env.PATH ~ ':/nix/var/nix/profiles/default/bin'}) }}" - - name: Install Podman using Nix - command: nix-env -iA nixpkgs.podman - become: yes - environment: - PATH: "{{ ansible_env.PATH }}" - - name: Update PATH in user's bashrc + - name: Update PATH in user's profile lineinfile: - path: "~/.bashrc" + path: "~/.profile" line: 'export PATH=$PATH:/nix/var/nix/profiles/default/bin' create: yes - - name: Update PATH in root's bashrc + - name: Update PATH in root's profile lineinfile: - path: "/root/.bashrc" + path: "/root/.profile" line: 'export PATH=$PATH:/nix/var/nix/profiles/default/bin' create: yes become: yes - - name: Set sysctl limits + - name: Install Podman using Nix + command: nix-env -iA nixpkgs.podman + become: yes + environment: + PATH: "{{ ansible_env.PATH }}" + + - name: Set sysctl limits command: "{{ clone_directory }}/scripts/set_sysctl_limits.sh" environment: NON_ROOT_USER: "{{ install_user }}" @@ -124,11 +274,53 @@ command: "{{ clone_directory }}/scripts/link_latest_podman_quadlet.sh" become: yes +- name: set service user passwords + hosts: localhost + connection: local + become: no # Default to no privilege escalation + vars: + clone_directory: "{{ clone_dir | default('~/LME') }}" + tasks: + #maybe check for each in the shell script below? + - name: Register a variable, ignore errors and continue + shell: | + source /root/.profile + podman secret ls | grep -q elastic + register: result + become: yes + args: + executable: /bin/bash + ignore_errors: true + + - name: Set podman secret passwords + shell: | + source /root/.profile + password=$( "$PASSWORD_FILE" << EOF +#!/bin/bash +echo "$ANSIBLE_VAULT_PASSWORD" +EOF +chmod 700 "$PASSWORD_FILE" + +# Set Ansible vault password file variable +if ! grep -q "ANSIBLE_VAULT_PASSWORD_FILE" /root/.profile; then + echo "export ANSIBLE_VAULT_PASSWORD_FILE=\"$PASSWORD_FILE\"" >> /root/.profile +fi + +# Clear sensitive environment variables +unset ANSIBLE_VAULT_PASSWORD +} + +set_podman_config(){ +echo "setting up $USER_SECRETS_CONF" +# Podman secrets configuration +mkdir -p "$(dirname "$USER_SECRETS_CONF")" +cat > "$USER_SECRETS_CONF" << EOF +[secrets] +driver = "shell" + +[secrets.opts] +list = "ls $USER_VAULT_DIR" +lookup = "ansible-vault view $USER_VAULT_DIR/\$SECRET_ID | tr -d '\n'" +store = "cat > $USER_VAULT_DIR/\$SECRET_ID && chmod 700 $USER_VAULT_DIR/\$SECRET_ID && ansible-vault encrypt $USER_VAULT_DIR/\$SECRET_ID" +delete = "rm $USER_VAULT_DIR/\$SECRET_ID" +EOF +chmod 600 "$USER_SECRETS_CONF" +} + +# Function to set and encrypt user password +set_user_password() { + local user="$1" + local password=$(read_password "Enter password for $user: ") + + mkdir -p "$USER_VAULT_DIR" + chmod 700 "$USER_VAULT_DIR" + + # Write password to file with secure permissions + echo "$password" > "$USER_VAULT_DIR/$user" + chmod 700 "$USER_VAULT_DIR/$user" + + ansible-vault encrypt "$USER_VAULT_DIR/$user" + + echo "Password for $user has been set and encrypted." + echo "$password" +} + +# Function to manage Podman secrets +manage_podman_secret() { + local action="$1" + local secret_name="$2" + local secret_value="$3" + + case "$action" in + create|update) + # Use process substitution to avoid writing to a file or showing the secret in ps output + podman secret create --driver shell --replace "$secret_name" <(echo "$secret_value") + ;; + delete) + podman secret rm "$secret_name" + ;; + list) + podman secret ls + ;; + *) + echo "Invalid action. Use 'create', 'update', 'delete', or 'list'." + return 1 + ;; + esac +} + +# Main menu +man_page(){ + echo "-i: Initialize all password environment variables and settings" + echo "-s: set_user: Set user password" + echo "-p: Manage Podman secret" + echo "-l: List Podman secrets" + echo "-h: print this list" +} + +while getopts "isplc:h" opt; do + case "$opt" in + i) + #check connection + check_connect "https://api.pwnedpasswords.com/range/AAAAA" + + #check if I'm sudo: + if [[ "$EUID" -ne 0 ]]; then + echo "rerun with sudo" + exit -1 + fi + + #set passwords + echo "Set password" + set_password_file + set_podman_config + ;; + s) + read -p "Enter username: " username + password=$(set_user_password "$username") + # Use command substitution to avoid echoing the password + manage_podman_secret create "$username" "$(echo "$password")" + ;; + p) + if [ -z "secret_name" ];then + read -p "Enter secret name: " secret_name + fi + if [ -z "action" ];then + read -p "Enter action (create/update/delete): " action + fi + if [ "$action" != "delete" ]; then + # Use command substitution to avoid echoing the password + read_password "Enter Secret Value" + manage_podman_secret "$action" "$secret_name" "$READ_PASSWORD" + else + manage_podman_secret delete "$secret_name" + fi + ;; + l) + manage_podman_secret list + ;; + c) + check_password $OPTARG + ;; + h) + man_page + ;; + *) + echo "Invalid option. Please try again." + man_page + ;; +esac +done diff --git a/scripts/set-fleet.sh b/scripts/set-fleet.sh index c78a67fb..d8be9438 100755 --- a/scripts/set-fleet.sh +++ b/scripts/set-fleet.sh @@ -1,5 +1,16 @@ -#!/usr/bin/env bash -#set -x +#!/bin/bash + +get_script_path() { + local source="${BASH_SOURCE[0]}" + while [ -h "$source" ]; do + local dir="$(cd -P "$(dirname "$source")" && pwd)" + source="$(readlink "$source")" + [[ $source != /* ]] && source="$dir/$source" + done + echo "$(cd -P "$(dirname "$source")" && pwd)" +} + +SCRIPT_DIR="$(get_script_path)" HEADERS=( -H "kbn-version: 8.12.2" @@ -10,10 +21,10 @@ HEADERS=( # Function to check if Fleet API is ready check_fleet_ready() { local response - response=$(curl -k -s --user "${ELASTIC_USERNAME}:${ELASTICSEARCH_PASSWORD}" \ + response=$(curl -k -s --user "elastic:${elastic}" \ "${HEADERS[@]}" \ "${LOCAL_KBN_URL}/api/fleet/settings") - + if [[ "$response" == *"Kibana server is not ready yet"* ]]; then return 1 else @@ -40,20 +51,27 @@ wait_for_fleet() { set_fleet_values() { fingerprint=$(/nix/var/nix/profiles/default/bin/podman exec -w /usr/share/elasticsearch/config/certs/ca lme-elasticsearch cat ca.crt | openssl x509 -nout -fingerprint -sha256 | cut -d "=" -f 2| tr -d : | head -n1) - fleet_api_response=$(printf '{"fleet_server_hosts": ["%s"]}' "https://${IPVAR}:${FLEET_PORT}" | curl -k -v --user "${ELASTIC_USERNAME}:${ELASTICSEARCH_PASSWORD}" -XPUT "${HEADERS[@]}" "${LOCAL_KBN_URL}/api/fleet/settings" -d @-) + fleet_api_response=$(printf '{"fleet_server_hosts": ["%s"]}' "https://${IPVAR}:${FLEET_PORT}" | curl -k -v --user "elastic:${elastic}" -XPUT "${HEADERS[@]}" "${LOCAL_KBN_URL}/api/fleet/settings" -d @-) echo "Fleet API Response:" echo "$fleet_api_response" - printf '{"hosts": ["%s"]}' "https://${IPVAR}:9200" | curl -k --silent --user "${ELASTIC_USERNAME}:${ELASTICSEARCH_PASSWORD}" -XPUT "${HEADERS[@]}" "${LOCAL_KBN_URL}/api/fleet/outputs/fleet-default-output" -d @- | jq - printf '{"ca_trusted_fingerprint": "%s"}' "${fingerprint}" | curl -k --silent --user "${ELASTIC_USERNAME}:${ELASTICSEARCH_PASSWORD}" -XPUT "${HEADERS[@]}" "${LOCAL_KBN_URL}/api/fleet/outputs/fleet-default-output" -d @- | jq - printf '{"config_yaml": "%s"}' "ssl.verification_mode: certificate" | curl -k --silent --user "${ELASTIC_USERNAME}:${ELASTICSEARCH_PASSWORD}" -XPUT "${HEADERS[@]}" "${LOCAL_KBN_URL}/api/fleet/outputs/fleet-default-output" -d @- | jq - policy_id=$(printf '{"name": "%s", "description": "%s", "namespace": "%s", "monitoring_enabled": ["logs","metrics"], "inactivity_timeout": 1209600}' "Endpoint Policy" "" "default" | curl -k --silent --user "${ELASTIC_USERNAME}:${ELASTICSEARCH_PASSWORD}" -XPOST "${HEADERS[@]}" "${LOCAL_KBN_URL}/api/fleet/agent_policies?sys_monitoring=true" -d @- | jq -r '.item.id') - pkg_version=$(curl -k --user "${ELASTIC_USERNAME}:${ELASTICSEARCH_PASSWORD}" -XGET "${HEADERS[@]}" "${LOCAL_KBN_URL}/api/fleet/epm/packages/endpoint" -d : | jq -r '.item.version') - printf "{\"name\": \"%s\", \"description\": \"%s\", \"namespace\": \"%s\", \"policy_id\": \"%s\", \"enabled\": %s, \"inputs\": [{\"enabled\": true, \"streams\": [], \"type\": \"ENDPOINT_INTEGRATION_CONFIG\", \"config\": {\"_config\": {\"value\": {\"type\": \"endpoint\", \"endpointConfig\": {\"preset\": \"EDRComplete\"}}}}}], \"package\": {\"name\": \"endpoint\", \"title\": \"Elastic Defend\", \"version\": \"${pkg_version}\"}}" "Elastic Defend" "" "default" "${policy_id}" "true" | curl -k --silent --user "${ELASTIC_USERNAME}:${ELASTICSEARCH_PASSWORD}" -XPOST "${HEADERS[@]}" "${LOCAL_KBN_URL}/api/fleet/package_policies" -d @- | jq + printf '{"hosts": ["%s"]}' "https://${IPVAR}:9200" | curl -k --silent --user "elastic:${elastic}" -XPUT "${HEADERS[@]}" "${LOCAL_KBN_URL}/api/fleet/outputs/fleet-default-output" -d @- | jq + printf '{"ca_trusted_fingerprint": "%s"}' "${fingerprint}" | curl -k --silent --user "elastic:${elastic}" -XPUT "${HEADERS[@]}" "${LOCAL_KBN_URL}/api/fleet/outputs/fleet-default-output" -d @- | jq + printf '{"config_yaml": "%s"}' "ssl.verification_mode: certificate" | curl -k --silent --user "elastic:${elastic}" -XPUT "${HEADERS[@]}" "${LOCAL_KBN_URL}/api/fleet/outputs/fleet-default-output" -d @- | jq + policy_id=$(printf '{"name": "%s", "description": "%s", "namespace": "%s", "monitoring_enabled": ["logs","metrics"], "inactivity_timeout": 1209600}' "Endpoint Policy" "" "default" | curl -k --silent --user "elastic:${elastic}" -XPOST "${HEADERS[@]}" "${LOCAL_KBN_URL}/api/fleet/agent_policies?sys_monitoring=true" -d @- | jq -r '.item.id') + echo "Policy ID: ${policy_id}" + pkg_version=$(curl -k --user "elastic:${elastic}" -XGET "${HEADERS[@]}" "${LOCAL_KBN_URL}/api/fleet/epm/packages/endpoint" -d : | jq -r '.item.version') + printf "{\"name\": \"%s\", \"description\": \"%s\", \"namespace\": \"%s\", \"policy_id\": \"%s\", \"enabled\": %s, \"inputs\": [{\"enabled\": true, \"streams\": [], \"type\": \"ENDPOINT_INTEGRATION_CONFIG\", \"config\": {\"_config\": {\"value\": {\"type\": \"endpoint\", \"endpointConfig\": {\"preset\": \"EDRComplete\"}}}}}], \"package\": {\"name\": \"endpoint\", \"title\": \"Elastic Defend\", \"version\": \"${pkg_version}\"}}" "Elastic Defend" "" "default" "${policy_id}" "true" | curl -k --silent --user "elastic:${elastic}" -XPOST "${HEADERS[@]}" "${LOCAL_KBN_URL}/api/fleet/package_policies" -d @- | jq } #main: source /opt/lme/lme-environment.env + +# Set the secrets values and export them (source instead of execute) +set -a +. $SCRIPT_DIR/extract_secrets.sh -q + wait_for_fleet + set_fleet_values \ No newline at end of file diff --git a/scripts/set_vault_key_env.sh b/scripts/set_vault_key_env.sh new file mode 100755 index 00000000..d80de0f6 --- /dev/null +++ b/scripts/set_vault_key_env.sh @@ -0,0 +1,6 @@ +#!/bin/bash +read -s -p "ANSIBLE_VAULT_PASSWORD:" LME_ANSIBLE_VAULT_PASS +export LME_ANSIBLE_VAULT_PASS=$LME_ANSIBLE_VAULT_PASS + +#set password file ansible-vault variable +export ANSIBLE_VAULT_PASSWORD_FILE=/opt/lme/config/vault-pass.sh diff --git a/testing/v2/installers/README.md b/testing/v2/installers/README.md index 2a13e8dd..dd579b80 100644 --- a/testing/v2/installers/README.md +++ b/testing/v2/installers/README.md @@ -12,4 +12,5 @@ Quick Start ./install_v2/install.sh lme-user $(cat your-group-name.ip.txt) your-group-name.password.txt branch ``` +#reminder activiate venv first: `source ~/LME/venv/bin/activate` ./azure/build_azure_linux_network.py -g lme-cbaxley-m1 -s 0.0.0.0 -vs Standard_D8_v4 -l westus -ast 00:00 -pub Canonical -io 0001-com-ubuntu-server-noble-daily -is 24_04-daily-lts-gen2 diff --git a/testing/v2/installers/azure/build_azure_linux_network.py b/testing/v2/installers/azure/build_azure_linux_network.py index cfd4556b..bf2a1cb9 100755 --- a/testing/v2/installers/azure/build_azure_linux_network.py +++ b/testing/v2/installers/azure/build_azure_linux_network.py @@ -3,6 +3,7 @@ import os import string import random +import re from azure.identity import DefaultAzureCredential from azure.mgmt.compute import ComputeManagementClient from azure.mgmt.devtestlabs import DevTestLabsClient @@ -52,6 +53,7 @@ def get_default_subscription_id(credential=None): return subscription_list[0].subscription_id + def create_clients(subscription_id): credential = DefaultAzureCredential() if subscription_id is None: @@ -112,9 +114,17 @@ def set_network_rules( print(f"Network rule '{nsg_rule.name}' created successfully.") + def create_public_ip(network_client, resource_group, location, machine_name): print(f"\nCreating public IP address for {machine_name}") - unique_dns_name = f"{machine_name}-{random.randint(1000, 9999)}" + + # Generate a valid domain name label + base_name = re.sub(r'[^a-z0-9-]', '', machine_name.lower()) + if not base_name[0].isalpha(): + base_name = 'ip-' + base_name + unique_dns_name = f"{base_name}-{random.randint(1000, 9999)}" + unique_dns_name = unique_dns_name[:63] # Ensure it's not longer than 63 characters + public_ip_params = { "location": location, "public_ip_allocation_method": "Static", @@ -211,6 +221,91 @@ def save_to_parent_directory(filename, content): print(f"File saved: {file_path}") +def create_windows_server( + compute_client, + network_client, + resource_group, + location, + vm_admin, + vm_password, + vnet_name, + subnet_name, + nsg_name, + project, + today, + current_user, + subscription_id +): + server_name = "ws1" + print(f"\nCreating Windows Server {server_name}...") + + # Create public IP address using the existing function + public_ip = create_public_ip(network_client, resource_group, location, server_name) + + # Create NIC using the existing function + subnet_id = ( + f"/subscriptions/{subscription_id}/" + f"resourceGroups/{resource_group.name}/" + f"providers/Microsoft.Network/" + f"virtualNetworks/{vnet_name}/" + f"subnets/{subnet_name}" + ) + nsg = network_client.network_security_groups.get(resource_group.name, nsg_name) + nic = create_network_interface( + network_client, + resource_group, + location, + server_name, + subnet_id, + "10.1.0.4", + public_ip, + nsg.id + ) + + # Create VM + vm_params = { + 'location': location, + 'os_profile': { + 'computer_name': server_name, + 'admin_username': vm_admin, + 'admin_password': vm_password + }, + 'hardware_profile': { + 'vm_size': 'Standard_DS1_v2' # Default size, change if needed + }, + 'storage_profile': { + 'image_reference': { + 'publisher': 'MicrosoftWindowsServer', + 'offer': 'WindowsServer', + 'sku': '2019-Datacenter', + 'version': 'latest' + }, + }, + 'network_profile': { + 'network_interfaces': [{ + 'id': nic.id, + }] + }, + 'tags': { + 'project': project, + 'created': today, + 'createdBy': current_user + } + } + + try: + vm_result = compute_client.virtual_machines.begin_create_or_update( + resource_group.name, + server_name, + vm_params + ).result() + print(f"Windows Server {server_name} created successfully.") + return server_name + except Exception as e: + print(f"Error creating Windows Server: {str(e)}") + return None + + # All arguments are keyword arguments def main( *, @@ -237,6 +332,7 @@ def main( os_disk_size_gb: int, auto_shutdown_time: str = None, auto_shutdown_email: str = None, + add_windows_server: bool = False, ): ( resource_client, @@ -442,6 +538,29 @@ def main( print(f"Password: {vm_password}") print("SAVE THE ABOVE INFO\n") + # Add Windows server if the flag is set + if add_windows_server: + print("\nAdding Windows server...") + windows_server = create_windows_server( + compute_client, + network_client, + resource_group, + location, + vm_admin, + vm_password, + vnet_name, + subnet_name, + "NSG1", # nsg_name + project, + today, + current_user, + subscription_id + ) + if windows_server: + print(f"Windows Server {windows_server} created successfully.") + else: + print("Failed to create Windows Server.") + print("Done.") @@ -590,6 +709,12 @@ def main( "--auto-shutdown-email", help="Auto-shutdown notification email", ) + parser.add_argument( + "-w", + "--add-windows-server", + action="store_true", + help="Add a Windows server with default settings", + ) args = parser.parse_args() check_ports_protocals_and_priorities( @@ -620,4 +745,5 @@ def main( os_disk_size_gb=args.os_disk_size_gb, auto_shutdown_time=args.auto_shutdown_time, auto_shutdown_email=args.auto_shutdown_email, + add_windows_server=args.add_windows_server, ) diff --git a/testing/v2/installers/install_v2/install.sh b/testing/v2/installers/install_v2/install.sh index 323b0c84..e6643c2e 100755 --- a/testing/v2/installers/install_v2/install.sh +++ b/testing/v2/installers/install_v2/install.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/bin/bash set -e @@ -27,7 +27,7 @@ cd "$SCRIPT_DIR/.." ./lib/copy_ssh_key.sh $user $hostname $password_file echo "Installing ansible" -ssh -o StrictHostKeyChecking=no $user@$hostname 'sudo apt-get update && sudo apt-get -y install ansible python3-pip python3.10-venv git' +ssh -o StrictHostKeyChecking=no $user@$hostname 'sudo apt-get update && sudo apt-get -y install ansible python3-pip python3.10-venv git && sudo locale-gen en_US.UTF-8 && sudo update-locale' echo "Checking out code" ssh -o StrictHostKeyChecking=no $user@$hostname "cd ~ && rm -rf LME && git clone https://github.com/cisagov/LME.git && cd LME && git checkout -t origin/${branch}" @@ -51,14 +51,31 @@ max_attempts=30 attempt=0 while [ $attempt -lt $max_attempts ]; do if ssh -o StrictHostKeyChecking=no $user@$hostname bash << EOF - source /opt/lme/lme-environment.env + # Source the environment file as root to get necessary variables + sudo bash << SUDO_EOF + set -a + source /opt/lme/lme-environment.env + echo "export IPVAR=\\\${IPVAR}" > /tmp/lme_env + echo "export LOCAL_KBN_URL=\\\${LOCAL_KBN_URL}" >> /tmp/lme_env + set +a +SUDO_EOF + + # Read the exported variables + set -a + . /tmp/lme_env + echo "Exported variables:" + cat /tmp/lme_env + + # Source the secrets + . ~/LME/scripts/extract_secrets.sh -q + check_service() { local url=\$1 local auth=\$2 curl -k -s -o /dev/null -w '%{http_code}' --insecure -u "\${auth}" "\${url}" | grep -q '200' } - check_service "https://\${IPVAR}:9200" "\${ELASTIC_USERNAME}:\${ELASTICSEARCH_PASSWORD}" && \ - check_service "\${LOCAL_KBN_URL}" "\${ELASTIC_USERNAME}:\${ELASTICSEARCH_PASSWORD}" + check_service "https://\${IPVAR}:9200" "elastic:\${elastic}" && \ + check_service "\${LOCAL_KBN_URL}" "elastic:\${elastic}" EOF then echo "Both Elasticsearch and Kibana are up!" @@ -75,11 +92,11 @@ if [ $attempt -eq $max_attempts ]; then fi echo "Running check-fleet script" -ssh -o StrictHostKeyChecking=no $user@$hostname ". ~/.bashrc && cd ~/LME && ./testing/v2/installers/lib/check_fleet.sh" +ssh -o StrictHostKeyChecking=no $user@$hostname "sudo -E bash -c 'source /opt/lme/lme-environment.env && su $user -c \". ~/.bashrc && cd ~/LME && ./testing/v2/installers/lib/check_fleet.sh\"'" echo "Running set-fleet script" -ssh -o StrictHostKeyChecking=no $user@$hostname ". ~/.bashrc && cd ~/LME && ./scripts/set-fleet.sh" - +#ssh -o StrictHostKeyChecking=no $user@$hostname "sudo -E bash -c 'source /opt/lme/lme-environment.env && su $user -c \". ~/.bashrc && cd ~/LME && ./scripts/set-fleet.sh\"'" +ssh -o StrictHostKeyChecking=no $user@$hostname "sudo -E bash -c 'cd ~/LME && ./scripts/set-fleet.sh'" echo "Installation and configuration completed successfully." diff --git a/testing/v2/installers/lib/check_agent_reporting.sh b/testing/v2/installers/lib/check_agent_reporting.sh index e19fd017..a4b45a77 100755 --- a/testing/v2/installers/lib/check_agent_reporting.sh +++ b/testing/v2/installers/lib/check_agent_reporting.sh @@ -6,11 +6,16 @@ handle_error() { exit 1 } +# Check if ES_PASSWORD is set +if [ -z "$ES_PASSWORD" ]; then + handle_error "ES_PASSWORD environment variable is not set" +fi + # Run the curl command and capture the output output=$(curl -k -s -X GET "https://localhost:9200/.ds-metrics-system.cpu-default-*/_search" \ -H 'Content-Type: application/json' \ -H "kbn-xsrf: true" \ - -u elastic:password1 \ + -u "elastic:$ES_PASSWORD" \ -d '{ "query": { "bool": { @@ -63,4 +68,4 @@ if [ "$hit_count" -gt 0 ]; then else echo "No recent data from ubuntu-vm" exit 1 -fi +fi \ No newline at end of file From 05cba6ab1550f42c4be30831c9cf1a1ad2bce345 Mon Sep 17 00:00:00 2001 From: Andrew Arz <149685528+aarz-snl@users.noreply.github.com> Date: Tue, 15 Oct 2024 09:32:21 -0400 Subject: [PATCH 07/19] Documentation update to volume and index management (#468) * add volume management doc * Update volume-management.md * Update volume-management.md * Fix download zip command * Update README.md * add index lifecycle docs * Update index-management.md * Update index-management.md * Update index-management.md * Update index-management.md * Update index-management.md * delete image --- README.md | 8 +- docs/markdown/maintenance/index-management.md | 102 +++++++++++++ .../markdown/maintenance/volume-management.md | 138 ++++++++++++++++++ 3 files changed, 246 insertions(+), 2 deletions(-) create mode 100644 docs/markdown/maintenance/index-management.md create mode 100644 docs/markdown/maintenance/volume-management.md diff --git a/README.md b/README.md index 37470677..796a2106 100644 --- a/README.md +++ b/README.md @@ -58,10 +58,14 @@ Please ensure you follow all the configuration steps required below. **All steps will assume you start in your cloned directory of LME on your ubuntu 22.04 server** We suggest you install the latest release version of Logging made easy using the following commands: + +Install Requirements ``` sudo apt update && sudo apt install curl jq unzip -y - -curl -s https://api.github.com/repos/cisagov/LME/releases/latest | jq -r '.assets[0].browser_download_url' | xargs -I {} sh -c 'curl -L -O {} && unzip -d ~/LME $(basename {})"' +``` +Download and Unzip the latest version of LME. This will add a path to ~/LME with all requires files. +``` +curl -s https://api.github.com/repos/cisagov/LME/releases/latest | jq -r '.assets[0].browser_download_url' | xargs -I {} sh -c 'curl -L -O {} && unzip -d ~/LME $(basename {})' ``` ### Operating system: **Ubuntu 22.04**: diff --git a/docs/markdown/maintenance/index-management.md b/docs/markdown/maintenance/index-management.md new file mode 100644 index 00000000..6dda60cd --- /dev/null +++ b/docs/markdown/maintenance/index-management.md @@ -0,0 +1,102 @@ +# Elasticsearch Index Lifecycle Overview + +Elasticsearch uses Index Lifecycle Management (ILM) to manage data over time. There are four phases: + +1. Hot Phase + - Newest data + - Most active: frequent updates and searches + - Needs fastest access + +2. Warm Phase + - Older data + - Less active: fewer updates, still searched + - Can be on slightly slower storage + +3. Cold Phase + - Oldest data + - Rarely accessed, no updates + - Can be on slowest storage + +4. Delete Phase + - Data no longer needed + - Removed from the system + +Data moves through these phases based on what is called the Index Lifecycle Policy. + +# Creating a Lifecycle Policy + +## Create Lifecycle Policy for Wazuh Indexes in Elasticsearch + +1. Login to Kibana and go to Menu -> Dev Tools + +2. Create an ILM policy by copying and pasting the following code and then pressing the run button that looks like a 'play' symbol: + +```bash +PUT _ilm/policy/wazuh_alerts_cleanup_policy +{ + "policy": { + "phases": { + "hot": { + "min_age": "0ms", + "actions": {} + }, + "delete": { + "min_age": "30d", + "actions": { + "delete": {} + } + } + } + } +} +``` + +It will look like so: + +![alt text](image.png) + +3. Perform the same steps for the following snippets of code: + +```bash +PUT _index_template/wazuh_alerts_template +{ + "index_patterns": ["wazuh-alerts-4.x-*"], + "template": { + "settings": { + "index.lifecycle.name": "wazuh_alerts_cleanup_policy", + "index.lifecycle.rollover_alias": "wazuh-alerts" + } + } +} +``` + +```bash +PUT wazuh-alerts-4.x-*/_settings +{ + "index.lifecycle.name": "wazuh_alerts_cleanup_policy" +} +``` + +This will create a policy, create a template that applies this policy to all new indices, and then also applies the policy to existing wazuh indices. + +**NOTE: This is an example that will delete wazuh indices after 30 days. Adjust as needed.** + +## Elastic Endpoint Lifecyle policy + +Your Elastic agent logs are managed by a policy called "logs" + +1. Navigate to Index Lifecycle policies, turn the switch for "Include managed system policies" and then search for "logs" + +2. Click to edit this policy. You will see warnings that editing a managed policy can break Kibana, you can mostly ignore this warning if you set your phases properly. + +3. The default setup is to "rollover" once your index is 30 days old or larger than 50 gigabytes. Rollover just means rename the index and create a new one so you keep your shard size down. This will NOT delete the previous index. I.E. logs-00001 rolls over to logs-00002. 00001 remains, its just not 'active' + +4. Set your Hot, Warm, Cold phase as you see fit. + +5. After you turn on "Cold Phase" you will most likely have to hit the trash can switch to turn on the delete phase. + +6. After you apply these changes to your policy please allow it some time to actually take effect on all indices. + +7. You can also just completely skip these steps and manually delete indices from the UI as you see fit / when needed. + +**NOTE: By default your rollover policy is set for 30 days. Do not set your 'delete' phase to be shorter than your rollover phase. You need your active indices to rollover into inactive indices before you delete them.** diff --git a/docs/markdown/maintenance/volume-management.md b/docs/markdown/maintenance/volume-management.md new file mode 100644 index 00000000..681bf84f --- /dev/null +++ b/docs/markdown/maintenance/volume-management.md @@ -0,0 +1,138 @@ +# Podman Volumes: The Basics + +A Podman volume is a mechanism for storing container data directly on the host machine. When you create a volume and attach it to a container, Podman sets up a dedicated directory on your host system. Any data the container writes to this mounted volume is actually written to this host directory. This means that even if you stop, remove, or replace the container, the data remains intact on your host machine. You can then mount this same volume to a new container, allowing it to access all the previously stored data. This also allows you to have one volume on a host machine that you can mount to multiple containers. For instance our certs volume which is used across all containers. + +You will see volumes in our quadlets and they will look something like this: + +```bash +/path/on/host/:/path/in/container/ +``` + +On the left of the colon would be a path or file on the host machine that is persisted inside the running container (the path on the right of the colon). + +**NOTE: If you do not have a volume assigned to a certain path or file, it will not be persisted. This means restarting a container will blow away any changes you've made on the running container. We've made sure all required files by default are already volumes.** + +# Podman Volume Management for LME + +Managing disk usage is crucial for maintaining the health and performance of your LME installation. Here's how you can monitor and manage the disk space used by Podman volumes. + +### Check Volume Location on Host Machine + +You can check the location of your volumes on the host machine by running the following command: + +```bash +podman volume inspect +``` + +To get a list of volumes you can run: + +```bash +podman volume ls +``` + +### Checking Overall Disk Usage + +To check the overall disk usage on your system, use the `df` command: + +```bash +df -h +``` + +This will show you the disk usage for all mounted filesystems. Look for the filesystem that contains your home directory (usually `/`). + +### Checking Podman Volume Usage + +By default Podman volumes are stored in your home directory under `~/.local/share/containers/storage/volumes/`. To check the disk usage of this specific directory: + +```bash +sudo du -sh ~/.local/share/containers/storage/volumes/ +``` + +This command will show you the total size of all Podman volumes. + +To see a breakdown of individual volume sizes: + +```bash +sudo du -sh ~/.local/share/containers/storage/volumes/* +``` + +### Using Podman's Built-in Tools + +Podman provides a built-in command to check disk usage of containers, images, and volumes: + +```bash +podman system df -v +``` + +This command will show you: +- A summary of disk usage by images, containers, and volumes +- A detailed breakdown of each volume's size + +### Managing Volume Space + +If you find that your volumes are using too much space, consider the following steps: + +1. Review the data in large volumes to see if any can be cleaned up or archived. +2. For log volumes (like `lme_wazuh_logs`), consider implementing log rotation if not already in place. +3. For database volumes (like `lme_esdata01`), check if data can be optimized or old indices can be removed. Index management is key for space management with this volume as this will end up your largest volume as elasticsearch collects all your logs and stores them here. +4. Use Podman's prune commands to remove unused volumes: + ```bash + podman volume prune + ``` + **Be careful with this command as it will remove all unused volumes.** + +Remember to always backup important data before performing any cleanup operations. + +### Viewing Elasticsearch Index Sizes + +As discussed earlier lme_esdata01 will store all your logs in indexes. + +To view all your Elasticsearch indexes and their sizes in Kibana: + +1. Login to Kibana +2. Click the "hamburger" menu button top left. +3. Scroll down to Stack Management +4. Click "Index Management" +5. Check the option to "Include Hidden Indices" + +You should now see all your indexes and their sizes: + +![image](https://github.com/user-attachments/assets/f32741af-e77c-4bec-9e3d-268c25d65323) + +### Editing Files in Podman Volumes and Bind Mounts + +When you edit files that are made available to containers through Podman volumes or bind mounts, these changes are immediately reflected in the running containers. This creates a direct link between files on the host system and within the container's filesystem. In the LME setup, many configuration files use this principle. For example, the Wazuh manager configuration file (ossec.conf) is actually located at `/opt/lme/config/wazuh_cluster/wazuh_manager.conf` on the host and is bind-mounted into the container. + +When you edit this file on the host, the changes are instantly visible to the Wazuh manager process inside the container. You could then restart the wazuh manager container using: + +```bash +sudo systemctl restart lme-wazuh-manager.service +``` + +Now your changes will be implemented into the running wazuh manager container. + +# Backup Volumes + +Remember that your volumes will be ALL your important data for LME that is persisted. You may want to back this data up to an external hard drive or NAS. Some general steps for doing so: + +**Stop all containers before performing a backup** + +To external hard drive: +1. Connect external hard drive to your system. +2. Mount the hard drive. +3. Copy volume data from your Podman volume directory to the mounted drive. +4. Safely unmount the drive when finished if desired. + +To network storage: +1. Mount/Connect to your network storage. +2. Copy volume data from your Podman volume directory to the network storage. +3. Disconnect/Unmount from the network storage if desired. + + +Example command you might use to copy all volumes to a mounted drive: + +```bash +rsync -av ~/.local/share/containers/storage/volumes/ /mnt/nas/podman_volume_backup/ +``` + +**NOTE: Ensure you are going by your drives documentation for connecting/mounting to an Ubuntu instance.** From f6d6416f26ede2e674ccd7303c9b5129a0868cea Mon Sep 17 00:00:00 2001 From: Andrew Arz <149685528+aarz-snl@users.noreply.github.com> Date: Tue, 15 Oct 2024 09:39:30 -0400 Subject: [PATCH 08/19] add image to docs --- docs/markdown/maintenance/index-management.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/markdown/maintenance/index-management.md b/docs/markdown/maintenance/index-management.md index 6dda60cd..2b7e56d7 100644 --- a/docs/markdown/maintenance/index-management.md +++ b/docs/markdown/maintenance/index-management.md @@ -53,7 +53,7 @@ PUT _ilm/policy/wazuh_alerts_cleanup_policy It will look like so: -![alt text](image.png) +![image](https://github.com/user-attachments/assets/962c3f8e-4a7b-4037-beaf-ea2e597fbe2d) 3. Perform the same steps for the following snippets of code: From e1d00af1d01ee639bfbb351ee88e1cf842ae5fe9 Mon Sep 17 00:00:00 2001 From: Andrew Arz <149685528+aarz-snl@users.noreply.github.com> Date: Tue, 15 Oct 2024 09:44:43 -0400 Subject: [PATCH 09/19] Update index-management.md --- docs/markdown/maintenance/index-management.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docs/markdown/maintenance/index-management.md b/docs/markdown/maintenance/index-management.md index 2b7e56d7..0bea34cd 100644 --- a/docs/markdown/maintenance/index-management.md +++ b/docs/markdown/maintenance/index-management.md @@ -63,8 +63,7 @@ PUT _index_template/wazuh_alerts_template "index_patterns": ["wazuh-alerts-4.x-*"], "template": { "settings": { - "index.lifecycle.name": "wazuh_alerts_cleanup_policy", - "index.lifecycle.rollover_alias": "wazuh-alerts" + "index.lifecycle.name": "wazuh_alerts_cleanup_policy" } } } From 17335894210c745fa8d9fe928158968e3d1f090c Mon Sep 17 00:00:00 2001 From: Clint Baxley Date: Thu, 17 Oct 2024 16:26:47 -0400 Subject: [PATCH 10/19] Fix tests after password encryption (#466) * Remove some old TODOs * Don't remove the Azure resources at the end of the Linux only tests * Change the variables to work with the 2.0 pipeline * Run the cluster run workflow to debug the tests * Run ansible playbook to set fleet * Log secrets in set_fleet.yml * Debug setting the environment variables in set_fleet.yml * Set the debug mode in set_fleet.yml * Log the Fleet API call details in set_fleet.yml * Loop through Fleet API calls in set_fleet.yml * Change the Fleet API call to loop through attempts in set_fleet.yml * Try to set the Fleet API with retries in set_fleet.yml * Attempt to output the Fleet API call details in set_fleet.yml * A new way to handle the Fleet API call in set_fleet.yml * Export the check_fleet_api.yml file in set_fleet.yml * Make sure the password is in the check_fleet_api.yml file * Exit the loop if the Fleet API call succeeds in check_fleet_api.yml * Wait a little longer for the results to be written to the index * Update the cluster.yml workflow to wait a little longer for the results to be written to the index * Delay in a different way * Attempt a different looping method * Remove the set-fleet script from the installer * Reverts to old loop method * Check that fleet is ready in an external script * Call the ansible playbook from the install script * Get the CA fingerprint from the Elasticsearch container * Adds headers to the curl commands in the set_fleet.yml playbook * Address the hosts and fleet API issues * Change the way we login to the Kibana API * Increase the timeout for the Endpoint Policy API calls * Increase the timeout for the Endpoint Policy API calls * Increase the timeout for the Defend Policy API calls * Only print debug information if debug_mode is true * Keeps the azure resources on builds * Fixing Error with certs where the permissions should only be on first generation! * Remove sysctl edits to lower privileged ports and add 443 to kibana container * Add notes on starting vms via azure cli to testing v2 * Fix ansible errors in checking for passwords that are created * Add debugging commands, and remove references to 443 for kibana from debug commands * Update the cluster.yml file to use the new IP address for the Azure instance * Only allow the ip address of the host to connect to the azure instance * remove unnecassary script * Move ansible files to the ansible directory * Moving Upgrade Readme into upgrade directory * Add upgrading docs and remove dev notes * Update main readme docs: - add section for LME introductory content - disclaimer around small simple siem - add Pre-Requisites page - add Upgrading 1.4 -> 2.0 docs - note on lme-frontend coming later - remove references to lmed and make docs accurate to current installation process - add TODOs for docs that still need updated * Adding updated cloud docs and firewall explanation * Update FAQ and Pre-requisites --------- Co-authored-by: Cbaxley and Michael Reeves --- .github/workflows/cluster.yml | 16 +- .github/workflows/linux_only.yml | 6 +- README.md | 136 +++++--- {scripts => ansible}/install_lme_local.yml | 8 +- ansible/set_fleet.yml | 310 ++++++++++++++++++ config/setup/init-setup.sh | 15 +- config/vault-pass.sh | 2 - docs/markdown/logging-guidance/cloud.md | 65 +++- docs/markdown/maintenance/upgrading.md | 146 +-------- docs/markdown/prerequisites.md | 65 ++-- docs/markdown/reference/dev-notes.md | 163 --------- docs/markdown/reference/faq.md | 7 +- quadlet/lme-kibana.container | 2 +- scripts/check_fleet_api.sh | 59 ++++ scripts/set_sysctl_limits.sh | 3 +- scripts/{ => upgrade}/README.md | 0 .../azure_scripts/download_in_container.ps1 | 1 - testing/tests/.env_example | 2 +- .../tests/api_tests/linux_only/test_server.py | 88 ++--- .../tests/selenium_tests/cluster/conftest.py | 2 +- .../selenium_tests/linux_only/conftest.py | 2 +- .../linux_only/test_basic_loading.py | 2 +- testing/v2/installers/README.md | 30 ++ .../azure/build_azure_linux_network.py | 12 +- testing/v2/installers/install_v2/install.sh | 5 +- 25 files changed, 675 insertions(+), 472 deletions(-) rename {scripts => ansible}/install_lme_local.yml (98%) create mode 100644 ansible/set_fleet.yml delete mode 100755 config/vault-pass.sh delete mode 100644 docs/markdown/reference/dev-notes.md create mode 100755 scripts/check_fleet_api.sh rename scripts/{ => upgrade}/README.md (100%) diff --git a/.github/workflows/cluster.yml b/.github/workflows/cluster.yml index 2ea477c4..f30cfe81 100644 --- a/.github/workflows/cluster.yml +++ b/.github/workflows/cluster.yml @@ -82,7 +82,7 @@ jobs: cd /home/lme-user/LME/testing/v2/installers && \ python3 ./azure/build_azure_linux_network.py \ -g pipe-${{ env.UNIQUE_ID }} \ - -s 0.0.0.0/0 \ + -s ${{ env.IP_ADDRESS }}/32 \ -vs Standard_D8_v4 \ -l centralus \ -ast 23:00 \ @@ -251,7 +251,7 @@ jobs: env: ES_PASSWORD: ${{ env.ES_PASSWORD }} run: | - sleep 120 + sleep 360 cd testing/v2/development docker compose -p ${{ env.UNIQUE_ID }} exec -T pipeline bash -c " ssh -o StrictHostKeyChecking=no lme-user@${{ env.AZURE_IP }} \ @@ -265,9 +265,7 @@ jobs: run: | cd testing/v2/development docker compose -p ${{ env.UNIQUE_ID }} exec -T pipeline bash -c " - cd /home/lme-user/LME/testing/v2/installers && \ - IP_ADDRESS=\$(cat pipe-${{ env.UNIQUE_ID }}.ip.txt) && \ - ssh lme-user@\$IP_ADDRESS 'cd /home/lme-user/LME/testing/tests && \ + ssh lme-user@${{ env.AZURE_IP }} 'cd /home/lme-user/LME/testing/tests && \ echo ELASTIC_PASSWORD=\"$ES_PASSWORD\" >> .env && \ echo KIBANA_PASSWORD=\"$KIBANA_PASSWORD\" >> .env && \ echo elastic=\"$ES_PASSWORD\" >> .env && \ @@ -282,14 +280,12 @@ jobs: run: | cd testing/v2/development docker compose -p ${{ env.UNIQUE_ID }} exec -T pipeline bash -c " - cd /home/lme-user/LME/testing/v2/installers && \ - IP_ADDRESS=\$(cat pipe-${{ env.UNIQUE_ID }}.ip.txt) && \ - ssh lme-user@\$IP_ADDRESS 'cd /home/lme-user/LME/testing/tests && \ + ssh lme-user@${{ env.AZURE_IP }} 'cd /home/lme-user/LME/testing/tests && \ echo ELASTIC_PASSWORD=\"$ES_PASSWORD\" >> .env && \ echo KIBANA_PASSWORD=\"$KIBANA_PASSWORD\" >> .env && \ echo elastic=\"$ES_PASSWORD\" >> .env && \ source venv/bin/activate && \ - pytest -v selenium_tests/' + pytest -v selenium_tests/' " - name: Cleanup Azure resources @@ -311,4 +307,4 @@ jobs: run: | cd testing/v2/development docker compose -p ${{ env.UNIQUE_ID }} down - docker system prune -af \ No newline at end of file + docker system prune -af diff --git a/.github/workflows/linux_only.yml b/.github/workflows/linux_only.yml index 54bab48d..c5e5223e 100644 --- a/.github/workflows/linux_only.yml +++ b/.github/workflows/linux_only.yml @@ -16,6 +16,7 @@ jobs: ES_PASSWORD: "" KIBANA_PASSWORD: "" AZURE_IP: "" + IP_ADDRESS: "" steps: - name: Checkout repository @@ -26,6 +27,9 @@ jobs: cd testing/v2/development echo "HOST_UID=$(id -u)" > .env echo "HOST_GID=$(id -g)" >> .env + PUBLIC_IP=$(curl -s https://api.ipify.org) + echo "IP_ADDRESS=$PUBLIC_IP" >> $GITHUB_ENV + - name: Start pipeline container run: | @@ -57,7 +61,7 @@ jobs: cd /home/lme-user/LME/testing/v2/installers && \ python3 ./azure/build_azure_linux_network.py \ -g pipe-${{ env.UNIQUE_ID }} \ - -s 0.0.0.0/0 \ + -s ${{ env.IP_ADDRESS }}/32 \ -vs Standard_E4d_v4 \ -l westus \ -ast 23:00 \ diff --git a/README.md b/README.md index 796a2106..973feaa2 100644 --- a/README.md +++ b/README.md @@ -1,18 +1,53 @@ -![N|Solid](/docs/imgs/cisa.png) - [![Downloads](https://img.shields.io/github/downloads/cisagov/lme/total.svg)]() -# Logging Made Easy: Podmanized -This will eventually be merged with the Readme file at [LME-README](https://github.com/cisagov/LME). + +# Logging Made Easy: + +CISA's Logging Made Easy has a self-install tutorial for organizations to gain a basic level of centralized security logging for Windows clients and provide functionality to detect attacks. LME is the integration of multiple open software platforms which come at no cost to users. LME helps users integrate software platforms together to produce an end-to-end logging capability. LME also provides some pre-made configuration files and scripts, although there is the option to do this on your own. + +Logging Made Easy can: + +- Show where administrative commands are being run on enrolled devices +- See who is using which machine +- In conjunction with threat reports, it is possible to query for the presence of an attacker in the form of Tactics, Techniques and Procedures (TTPs) + +## Disclaimer: + +LME is still in development, and version 2.1 will address scaling out the deployment. + +While LME offers SEIM like capabilities, it should be consider a small simple SIEM. + +The LME team simplified the process and created clear instruction on what to download and which configugrations to use, and created convinent scripts to auto configure when possible. + +LME is not able to comment on or troubleshoot individual installations. If you believe you have have found an issue with the LME code or documentation please submit a GitHub issue. If you have a question about your installation, please look through all open and closed issues to see if it has been addressed before. If not, then submit a [GitHub issue](https://github.com/cisagov/lme/issues) using the Bug Template, ensuring that you provide all the requested information. + +For general questions about LME and suggestions, please visit [GitHub Discussions](https://github.com/cisagov/lme/discussions) to add a discussion post. + +## Who is Logging Made Easy for? + +From single IT administrators with a handful of devices in their network to larger organizations. + +LME is suited for for: + +- Organizations without [SOC](https://en.wikipedia.org/wiki/Information_security_operations_center), SIEM or any monitoring in place at the moment. +- Organizations that lack the budget, time or understanding to set up a logging system. +- Organizations that that require gathering logs and monitoring IT +- Organizations that understand LMEs limitiation + ## Table of Contents: +- [Pre-Requisites:](#architecture) - [Architecture:](#architecture) - [Installation:](#installation) - [Deploying Agents:](#deploying-agents) - [Password Encryption:](#password-encryption) -- [Further Documentation:](#documentation) +- [Further Documentation & Upgrading:](#documentation) + +## Pre-Requisites +If you are unsure you meet the pre-requisites to installing LME, please read our [prerequisites documentation](/docs/markdown/prerequisites.md). +The biggest Pre-requisite is setting up hardware for your ubuntu server with a minimum of `2 processors`, `16gb ram`, and `128gb` of dedicated storage for LME's Elasticsearch database. ## Architecture: Ubuntu 22.04 server running podman containers setup as podman quadlets controlled via systemd. @@ -20,10 +55,11 @@ Ubuntu 22.04 server running podman containers setup as podman quadlets controlle ### Required Ports: Ports required are as follows: - Elasticsearch: *9200* - - Kibana: 443 + - Kibana: *443,5601* - Wazuh: *1514,1515,1516,55000,514* - Agent: *8220* +**Kibana NOTE**: 5601 is the default port, and we've set kibana to listen on 443 as well ### Diagram: @@ -40,7 +76,7 @@ Podman is more secure (by default) against container escape attacks than Docker. - Elastic agents provide integrations, have more features than winlogbeat. - wazuh-manager: runs the wazuh manager so we can deploy and manage wazuh agents. - Wazuh (open source) gives EDR (Endpoint Detection Response) with security dashboards to cover the security of all of the machines. - - lme-frontend: will host an api and gui that unifies the architecture behind one interface + - lme-frontend (*coming in a future release*): will host an api and gui that unifies the architecture behind one interface ### Agents: Wazuh agents will enable EDR capabilities, while Elastic agents will enable logging capabilities. @@ -49,10 +85,11 @@ Wazuh agents will enable EDR capabilities, while Elastic agents will enable logg - https://github.com/elastic/elastic-agent ## Installation: - -If you are unsure you meet the pre-requisites to installing LME, please read our [prerequisites documentation](/docs/markdown/prerequisites.md) Please ensure you follow all the configuration steps required below. +**Upgrading**: +If you are a previous user of LME and wish to upgrade from 1.4 -> 2.0, please see our [upgrade documentation](/docs/markdown/maintenance/upgrading.md). + ### Downloading LME: **All steps will assume you start in your cloned directory of LME on your ubuntu 22.04 server** @@ -79,7 +116,7 @@ in `setup` find the configuration for certificate generation and password settin `instances.yml` defines the certificates that will get created. The shellscripts initialize accounts and create certificates, and will run from their respective quadlet definitions `lme-setup-accts` and `lme-setup-certs` respectively. -Quadlet configuration for containers is in: `/quadlet/`. These are mapped to the root's systemd unit files, but will execute as the `lmed` user. +Quadlet configuration for containers is in: `/quadlet/`. These are mapped to the root's systemd unit files, but will execute as a non-privileged user. \***TO EDIT**:\* The only file that really needs to be touched is creating `/config/lme-environment.env`, which sets up the required environment variables @@ -110,7 +147,7 @@ You can run this installer to run the total install in ansible. ```bash sudo apt update && sudo apt install -y ansible # cd ~/LME-PRIV/lme-2-arch # Or path to your clone of this repo -ansible-playbook install_lme_local.yml +ansible-playbook ./scripts/install_lme_local.yml ``` This assumes that you have the repo in `~/LME/`. @@ -120,7 +157,6 @@ ansible-playbook ./scripts/install_lme_local.yml -e "clone_dir=/path/to/clone/di ``` This also assumes your user can sudo without a password. If you need to input a password when you sudo, you can run it with the `-K` flag and it will prompt you for a password. -There is a step that will fail, this is expected, it is checking for podman secrets to see if they exist... on an intial install none will exist :) #### Steps performed in automated install: TODO finalize this with more words @@ -130,16 +166,21 @@ TODO finalize this with more words 3. Setup Nix 4. set service user passwords 5. Install Quadlets -6. Setup Containers for root +6. Setup Containers for root: The contianers listed in `$clone_directory/config/containers.txt` will be pulled and tagged 7. Start lme.service #### NOTES: -1. `/opt/lme` will be owned by the lmed user, all lme services will run and execute as lmed, and this ensures least privilege in lmed's execution because lmed is a non-admin,unprivileged user. +1. `/opt/lme` will be owned by root, all lme services will run and execute as unprivileged users. The active lme configuration is stored in `/opt/lme/config`. -3. [this script](/scripts/set_sysctl_limits.sh) is executed via ansible AND will change unprivileged ports to start at 80, to allow kibana to listen on 443 from a user run container. If this is not desired, we will be publishing steps to setup firewall rules using ufw//iptables to manage the firewall on this host at a later time. - -4. the master password will be stored at `/etc/lme/pass.sh` and owned by root, while service user passwords will be stored at `/etc/lme/vault/` +2. Other relevant directories are listed here: +- `/root/.config/containers/containers.conf`: LME will setup a custom podman configuration for secrets management via [ansible vault](https://docs.ansible.com/ansible/latest/cli/ansible-vault.html). +- `/etc/lme`: storage directory for the master password and user password vault +- `/etc/lme/pass.sh`: the master password file +- `/etc/containers/systemd`: directory where LME installs its quadlet service files +- `/etc/systemd/system`: directory where lme.service is installed + +3. the master password will be stored at `/etc/lme/pass.sh` and owned by root, while service user passwords will be stored at `/etc/lme/vault/` ### Verification post install: @@ -160,15 +201,13 @@ sudo -i journalctl -xu lme.service #try resetting failed: sudo -i systemctl reset-failed lme* sudo -i systemctl restart lme.service -``` -2. Check you can connect to elasticsearch -```bash -#substitute your password below: -curl -k -u elastic:$(sudo -i ansible-vault view /etc/lme/vault/$(sudo -i podman secret ls | grep elastic | awk '{print $1}') | tr -d '\n') https://localhost:9200 +#also try inspecting container logs: +#CONTAINER_NAME=lme-elasticsearch +sudo -i podman logs -f $CONTAINER_NAME ``` -3. Check conatiners are running: +2. Check conatiners are running and healthy: ```bash sudo -i podman ps --format "{{.Names}} {{.Status}}" ``` @@ -180,11 +219,19 @@ lme-kibana Up 2 hours (healthy) lme-wazuh-manager Up About an hour lme-fleet-server Up 50 minutes ``` +We are working on getting health check commands for wazuh and fleet, currently they are not integrated + +3. Check you can connect to elasticsearch +```bash +#substitute your password below: +curl -k -u elastic:$(sudo -i ansible-vault view /etc/lme/vault/$(sudo -i podman secret ls | grep elastic | awk '{print $1}') | tr -d '\n') https://localhost:9200 +``` 4. Check you can connect to kibana +You can use an ssh proxy to forward a local port to the remote linux host ```bash -#connect via ssh -ssh -L 8080:localhost:443 [YOUR-LINUX-SERVER] +#connect via ssh if you need to +ssh -L 8080:localhost:5601 [YOUR-LINUX-SERVER] #go to browser: #https://localhost:8080 ``` @@ -246,7 +293,8 @@ systemctl start wazuh-agent From PowerShell with admin capabilities run the following command ``` -Invoke-WebRequest -Uri https://packages.wazuh.com/4.x/windows/wazuh-agent-4.7.5-1.msi -OutFile wazuh-agent-4.7.5-1.msi; Start-Process msiexec.exe -ArgumentList '/i wazuh-agent-4.7.5-1.msi /q WAZUH_MANAGER="IPADDRESS OF WAZUH HOST MACHINE"' -Wait -NoNewWindow +Invoke-WebRequest -Uri https://packages.wazuh.com/4.x/windows/wazuh-agent-4.7.5-1.msi -OutFile wazuh-agent-4.7.5-1.msi;` +Start-Process msiexec.exe -ArgumentList '/i wazuh-agent-4.7.5-1.msi /q WAZUH_MANAGER="IPADDRESS OF WAZUH HOST MACHINE"' -Wait -NoNewWindow` ``` Start the service: @@ -265,12 +313,11 @@ NET START Wazuh ## Password Encryption: Password encryption is enabled using ansible-vault to store all lme user and lme service user passwords at rest. We do submit a hash of the password to Have I been pwned to check to see if it is compromised: [READ MORE HERE](https://haveibeenpwned.com/FAQs) + ### where are passwords stored?: ```bash # Define user-specific paths -USER_CONFIG_DIR="/root/.config/lme" -USER_VAULT_DIR="/opt/lme/vault" -USER_SECRETS_CONF="$USER_CONFIG_DIR/secrets.conf" +USER_VAULT_DIR="/etc/lme/vault" PASSWORD_FILE="/etc/lme/pass.sh" ``` @@ -288,29 +335,36 @@ lme-user@ubuntu:~/LME-TEST$ sudo -i ${PWD}/scripts/password_management.sh -h ### grabbing passwords: To view the appropriate service user password use ansible-vault, as root: ``` +#script: +$CLONE_DIRECTORY/scripts/extract_secrets.sh -p #to print + +#add them as variables to your current shell +source $CLONE_DIRECTORY/scripts/extract_secrets.sh #without printing values +source $CLONE_DIRECTORY/scripts/extract_secrets.sh -q #with no output + +## manually: #where wazuh_api is the service user whose password you want: sudo -i ansible-vault view /etc/lme/vault/$(sudo -i podman secret ls | grep wazuh_api | awk '{print $1}') ``` - - # Documentation: ### Logging Guidance - [LME in the CLOUD](/docs/markdown/logging-guidance/cloud.md) - - [Log Retention](/docs/markdown/logging-guidance/retention.md) TODO update to be current + - [Log Retention](/docs/markdown/logging-guidance/retention.md) *TODO*: change link to new documentation - [Additional Log Types](/docs/markdown/logging-guidance/other-logging.md) -### Reference: TODO update these to current - - [FAQ](/docs/markdown/reference/faq.md) - - [Troubleshooting](/docs/markdown/reference/troubleshooting.md) +## Reference: + - [FAQ](/docs/markdown/reference/faq.md) *TODO* + - [Troubleshooting](/docs/markdown/reference/troubleshooting.md) *TODO* - [Dashboard Descriptions](/docs/markdown/reference/dashboard-descriptions.md) - [Guide to Organizational Units](/docs/markdown/chapter1/guide_to_ous.md) - [Security Model](/docs/markdown/reference/security-model.md) - - [DEV NOTES](/docs/markdown/reference/dev-notes) -### Maintenance: - - [Backups](/docs/markdown/maintenance/backups.md) - - [Upgrading](/docs/markdown/maintenance/upgrading.md) - - [Certificates](/docs/markdown/maintenance/certificates.md) - +## Maintenance: + - [Backups](/docs/markdown/maintenance/backups.md) *TODO* change link to new documentation + - [Upgrading 1x -> 2x](/scripts/upgrade/README.md) + - [Certificates](/docs/markdown/maintenance/certificates.md) *TODO* + +## Agents: +*TODO* add in docs in new documentation diff --git a/scripts/install_lme_local.yml b/ansible/install_lme_local.yml similarity index 98% rename from scripts/install_lme_local.yml rename to ansible/install_lme_local.yml index 5ebbff5f..d6e849c9 100644 --- a/scripts/install_lme_local.yml +++ b/ansible/install_lme_local.yml @@ -244,7 +244,6 @@ set_fact: ansible_env: "{{ ansible_env | combine({'PATH': ansible_env.PATH ~ ':/nix/var/nix/profiles/default/bin'}) }}" - - name: Update PATH in user's profile lineinfile: path: "~/.profile" @@ -291,7 +290,9 @@ args: executable: /bin/bash ignore_errors: true - + #only fail on a real error + failed_when: result.rc != 0 and (result.rc == 1 and result.changed == false) + - name: Set podman secret passwords shell: | source /root/.profile @@ -306,7 +307,8 @@ - wazuh_api - wazuh become: yes - when: result is failed + ## only run this when + when: result.rc == 1 - name: Install Quadlets hosts: localhost diff --git a/ansible/set_fleet.yml b/ansible/set_fleet.yml new file mode 100644 index 00000000..d7839383 --- /dev/null +++ b/ansible/set_fleet.yml @@ -0,0 +1,310 @@ +--- +- name: Set up Fleet + hosts: localhost + become: yes + gather_facts: no + + vars: + headers: + kbn-version: "8.12.2" + kbn-xsrf: "kibana" + Content-Type: "application/json" + max_retries: 60 + delay_seconds: 10 + debug_mode: false + + tasks: + - name: Read lme-environment.env file + ansible.builtin.slurp: + src: /opt/lme/lme-environment.env + register: lme_env_content + + - name: Set environment variables + ansible.builtin.set_fact: + env_dict: "{{ env_dict | default({}) | combine({ item.split('=', 1)[0]: item.split('=', 1)[1] }) }}" + loop: "{{ (lme_env_content['content'] | b64decode).split('\n') }}" + when: item != '' and not item.startswith('#') + + - name: Display set environment variables + debug: + msg: "Set {{ item.key }}" + loop: "{{ env_dict | dict2items }}" + when: item.value | length > 0 + + - name: Source extract_secrets + ansible.builtin.shell: | + set -a + . {{ playbook_dir }}/../scripts/extract_secrets.sh -q + echo "elastic=$elastic" + echo "wazuh=$wazuh" + echo "kibana_system=$kibana_system" + echo "wazuh_api=$wazuh_api" + args: + executable: /bin/bash + register: extract_secrets_vars + no_log: "{{ not debug_mode }}" + + - name: Set secret variables + ansible.builtin.set_fact: + env_dict: "{{ env_dict | combine({ item.split('=', 1)[0]: item.split('=', 1)[1] }) }}" + loop: "{{ extract_secrets_vars.stdout_lines }}" + no_log: "{{ not debug_mode }}" + + - name: Set playbook variables + ansible.builtin.set_fact: + ipvar: "{{ env_dict.IPVAR | default('') }}" + local_kbn_url: "{{ env_dict.LOCAL_KBN_URL | default('') }}" + local_es_url: "{{ env_dict.LOCAL_ES_URL | default('') }}" + stack_version: "{{ env_dict.STACK_VERSION | default('') }}" + cluster_name: "{{ env_dict.CLUSTER_NAME | default('') }}" + elastic_username: "{{ env_dict.ELASTIC_USERNAME | default('') }}" + elasticsearch_username: "{{ env_dict.ELASTICSEARCH_USERNAME | default('') }}" + kibana_fleet_username: "{{ env_dict.KIBANA_FLEET_USERNAME | default('') }}" + indexer_username: "{{ env_dict.INDEXER_USERNAME | default('') }}" + api_username: "{{ env_dict.API_USERNAME | default('') }}" + license: "{{ env_dict.LICENSE | default('') }}" + es_port: "{{ env_dict.ES_PORT | default('') }}" + kibana_port: "{{ env_dict.KIBANA_PORT | default('') }}" + fleet_port: "{{ env_dict.FLEET_PORT | default('') }}" + mem_limit: "{{ env_dict.MEM_LIMIT | default('') }}" + elastic_password: "{{ env_dict.elastic | default('') }}" + wazuh_password: "{{ env_dict.wazuh | default('') }}" + kibana_system_password: "{{ env_dict.kibana_system | default('') }}" + wazuh_api_password: "{{ env_dict.wazuh_api | default('') }}" + + - name: Debug - Display set variables (sensitive information redacted) + debug: + msg: + - "ipvar: {{ ipvar }}" + - "local_kbn_url: {{ local_kbn_url }}" + - "local_es_url: {{ local_es_url }}" + - "elastic_username: {{ elastic_username }}" + - "stack_version: {{ stack_version }}" + - "cluster_name: {{ cluster_name }}" + - "elasticsearch_username: {{ elasticsearch_username }}" + - "kibana_fleet_username: {{ kibana_fleet_username }}" + - "indexer_username: {{ indexer_username }}" + - "api_username: {{ api_username }}" + - "license: {{ license }}" + - "es_port: {{ es_port }}" + - "kibana_port: {{ kibana_port }}" + - "fleet_port: {{ fleet_port }}" + - "mem_limit: {{ mem_limit }}" + - "elastic password is set: {{ elastic_password | length > 0 }}" + - "wazuh password is set: {{ wazuh_password | length > 0 }}" + - "kibana_system password is set: {{ kibana_system_password | length > 0 }}" + - "wazuh_api password is set: {{ wazuh_api_password | length > 0 }}" + when: debug_mode | bool + + - name: Wait for Kibana port to be available + wait_for: + host: "{{ ipvar }}" + port: "{{ kibana_port | int }}" + timeout: 300 + register: kibana_port_check + + - name: Wait for Fleet API to be ready + ansible.builtin.shell: | + attempt=0 + max_attempts=30 + delay=10 + while [ $attempt -lt $max_attempts ]; do + response=$(curl -s -o /dev/null -w "%{http_code}" -k -u elastic:{{ elastic_password }} {{ local_kbn_url }}/api/fleet/agents/setup) + if [ "$response" = "200" ]; then + echo "Fleet API is ready. Proceeding with configuration..." + exit 0 + fi + echo "Waiting for Fleet API to be ready..." + sleep $delay + attempt=$((attempt+1)) + done + echo "Fleet API did not become ready within the expected time." + exit 1 + register: fleet_api_check + changed_when: false + no_log: "{{ not debug_mode }}" + + - name: Display Fleet API check result + debug: + var: fleet_api_check.stdout_lines + + - name: Confirm Fleet API is ready + debug: + msg: "Fleet API is ready" + when: "'Fleet API is ready' in fleet_api_check.stdout" + + - name: Fail if Fleet API is not ready + fail: + msg: "Fleet API did not become ready within the expected time." + when: "'Fleet API is ready' not in fleet_api_check.stdout" + + - name: Get CA fingerprint + ansible.builtin.shell: | + sudo bash -c ' + set -a + . {{ playbook_dir }}/../scripts/extract_secrets.sh -q + set +a + /nix/var/nix/profiles/default/bin/podman exec -w /usr/share/elasticsearch/config/certs/ca lme-elasticsearch cat ca.crt | openssl x509 -noout -fingerprint -sha256 | cut -d "=" -f 2 | tr -d : | head -n1 + ' + register: ca_fingerprint + changed_when: false + become: yes + become_method: sudo + no_log: "{{ not debug_mode }}" + + - name: Display CA fingerprint + debug: + var: ca_fingerprint.stdout + when: + - ca_fingerprint is defined + - ca_fingerprint.stdout is defined + - debug_mode | bool + + - name: Set Fleet server hosts + uri: + url: "{{ local_kbn_url }}/api/fleet/settings" + method: PUT + user: "{{ elastic_username }}" + password: "{{ elastic_password }}" + force_basic_auth: yes + validate_certs: no + headers: "{{ headers }}" + body_format: json + body: + fleet_server_hosts: ["https://{{ ipvar }}:{{ fleet_port }}"] + register: fleet_server_hosts_result + no_log: "{{ not debug_mode }}" + ignore_errors: yes + + - name: Debug Fleet server hosts result + debug: + var: fleet_server_hosts_result + when: fleet_server_hosts_result is defined and debug_mode | bool + + - name: Set Fleet default output hosts + uri: + url: "{{ local_kbn_url }}/api/fleet/outputs/fleet-default-output" + method: PUT + user: "{{ elastic_username }}" + password: "{{ elastic_password }}" + force_basic_auth: yes + validate_certs: no + headers: "{{ headers }}" + body_format: json + body: + hosts: ["https://{{ ipvar }}:9200"] + register: fleet_output_hosts_result + no_log: "{{ not debug_mode }}" + ignore_errors: yes + + - name: Debug Fleet default output hosts result + debug: + var: fleet_output_hosts_result + when: fleet_output_hosts_result is defined + + - name: Set Fleet default output CA trusted fingerprint + uri: + url: "{{ local_kbn_url }}/api/fleet/outputs/fleet-default-output" + method: PUT + user: "{{ elastic_username }}" + password: "{{ elastic_password }}" + force_basic_auth: yes + validate_certs: no + headers: "{{ headers }}" + body_format: json + body: + ca_trusted_fingerprint: "{{ ca_fingerprint.stdout }}" + register: fleet_output_fingerprint_result + no_log: "{{ not debug_mode }}" + + - name: Set Fleet default output SSL verification mode + uri: + url: "{{ local_kbn_url }}/api/fleet/outputs/fleet-default-output" + method: PUT + user: "{{ elastic_username }}" + password: "{{ elastic_password }}" + force_basic_auth: yes + validate_certs: no + headers: "{{ headers }}" + body_format: json + body: + config_yaml: "ssl.verification_mode: certificate" + register: fleet_output_ssl_result + no_log: "{{ not debug_mode }}" + + - name: Create Endpoint Policy + uri: + url: "{{ local_kbn_url }}/api/fleet/agent_policies?sys_monitoring=true" + method: POST + user: "{{ elastic_username }}" + password: "{{ elastic_password }}" + force_basic_auth: yes + validate_certs: no + headers: "{{ headers }}" + body_format: json + body: + name: "Endpoint Policy" + description: "" + namespace: "default" + monitoring_enabled: ["logs", "metrics"] + inactivity_timeout: 1209600 + timeout: 600 + register: endpoint_policy_result + no_log: "{{ not debug_mode }}" + + - name: Get Endpoint package version + uri: + url: "{{ local_kbn_url }}/api/fleet/epm/packages/endpoint" + method: GET + user: "{{ elastic_username }}" + password: "{{ elastic_password }}" + force_basic_auth: yes + validate_certs: no + headers: "{{ headers }}" + register: endpoint_package_result + no_log: "{{ not debug_mode }}" + + - name: Create Elastic Defend package policy + uri: + url: "{{ local_kbn_url }}/api/fleet/package_policies" + method: POST + user: "{{ elastic_username }}" + password: "{{ elastic_password }}" + force_basic_auth: yes + validate_certs: no + headers: "{{ headers }}" + body_format: json + timeout: 600 + body: + name: "Elastic Defend" + description: "" + namespace: "default" + policy_id: "{{ endpoint_policy_result.json.item.id }}" + enabled: true + inputs: + - enabled: true + streams: [] + type: "ENDPOINT_INTEGRATION_CONFIG" + config: + _config: + value: + type: "endpoint" + endpointConfig: + preset: "EDRComplete" + package: + name: "endpoint" + title: "Elastic Defend" + version: "{{ endpoint_package_result.json.item.version }}" + register: elastic_defend_policy_result + no_log: "{{ not debug_mode }}" + + - name: Display results + debug: + var: "{{ item }}" + loop: + - fleet_server_hosts_result + - fleet_output_hosts_result + - fleet_output_fingerprint_result + - fleet_output_ssl_result + - endpoint_policy_result + - elastic_defend_policy_result diff --git a/config/setup/init-setup.sh b/config/setup/init-setup.sh index c5e9ccc2..9884d2c3 100644 --- a/config/setup/init-setup.sh +++ b/config/setup/init-setup.sh @@ -24,12 +24,13 @@ if [ ! -f "${CERTS_DIR}/certs.zip" ]; then elasticsearch-certutil cert --silent --pem --in "${INSTANCES_PATH}" --out "${CERTS_DIR}/certs.zip" --ca-cert "${CERTS_DIR}/ca/ca.crt" --ca-key "${CERTS_DIR}/ca/ca.key" unzip -o "${CERTS_DIR}/certs.zip" -d "${CERTS_DIR}" cat "${CERTS_DIR}/elasticsearch/elasticsearch.crt" "${CERTS_DIR}/ca/ca.crt" > "${CERTS_DIR}/elasticsearch/elasticsearch.chain.pem" -fi -echo "Setting file permissions... certs" -chown -R elasticsearch:elasticsearch "${CERTS_DIR}" -find "${CERTS_DIR}" -type d -exec chmod 755 {} \; -find "${CERTS_DIR}" -type f -exec chmod 644 {} \; + echo "Setting file permissions... certs" + chown -R elasticsearch:elasticsearch "${CERTS_DIR}" + find "${CERTS_DIR}" -type d -exec chmod 755 {} \; + find "${CERTS_DIR}" -type f -exec chmod 644 {} \; + + echo "Setting file permissions... data" + chown -R elasticsearch:elasticsearch "${DATA_DIR}" +fi -echo "Setting file permissions... data" -chown -R elasticsearch:elasticsearch "${DATA_DIR}" diff --git a/config/vault-pass.sh b/config/vault-pass.sh deleted file mode 100755 index b0f7b8b3..00000000 --- a/config/vault-pass.sh +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/bash -echo $LME_ANSIBLE_VAULT_PASS diff --git a/docs/markdown/logging-guidance/cloud.md b/docs/markdown/logging-guidance/cloud.md index b8da5737..56ad50e5 100644 --- a/docs/markdown/logging-guidance/cloud.md +++ b/docs/markdown/logging-guidance/cloud.md @@ -5,6 +5,7 @@ These docs attempt to answer some FAQ and other documentation around Logging Mad ## Does LME run in the cloud? Yes, Logging Made easy is a simple client-server model, and Logging Made Easy can be deployed in the cloud for cloud infrastructure or in the cloud for on-prem machines. + ### Deploying LME in the cloud for on prem systems: In order for the LME agents to talk to LME in the cloud you'll need to ensure the clients you want to monitor can communicate through: 1) the cloud firewall AND 2) logging Made easy's own server firewall. @@ -12,11 +13,11 @@ In order for the LME agents to talk to LME in the cloud you'll need to ensure th The easiest way is to make sure you can hit these LME server ports from the on-prem client: - WAZUH ([DOCS](https://documentation.wazuh.com/current/user-manual/agent/agent-enrollment/requirements.html)): 1514,1515 - - Agent ([DOCS](https://www.elastic.co/guide/en/elastic-stack/current/installing-stack-demo-self.html#install-stack-self-elastic-agent)): 8220 + - Agent ([DOCS](https://www.elastic.co/guide/en/elastic-stack/current/installing-stack-demo-self.html#install-stack-self-elastic-agent)): 8220 -You'll need to make sure the Cloud firewall is setup to allow those ports. On azure, this is a NSG rule you'll need to set for the LME virtual machine. +You'll need to make sure your Cloud firewall is setup to allow those ports. On azure, network security groups (NSG) run a firewall on your virtual machines network interfaces. You'll need to update your LME virtual machine's rules to allow inbound connections on the agent ports. Azure has a detailed guide for how to add security rules [here](https://learn.microsoft.com/en-us/azure/virtual-network/manage-network-security-group?tabs=network-security-group-portal#create-a-security-rule) -Then on LME, you'll want to make sure you have either the firewall disabled (if you're using hte cloud firewall as the main firewall): +Then on LME, you'll want to make sure you have either the firewall disabled (if you're using the cloud firewall as the main firewall): ``` lme-user@ubuntu:~$ sudo ufw status Status: inactive @@ -38,6 +39,64 @@ To Action From 8220 (v6) ALLOW Anywhere (v6) ``` +You can add the above ports to ufw via the following command: +``` +sudo ufw allow 1514 +sudo ufw allow 1515 +sudo ufw allow 8220 +``` + +In addition, you'll need to setup rules to forward traffic to the container network: +``` +ufw allow in on eth0 out on podman1 to any port +``` +Theres a helpful stackoverflow article on why: [LINK](https://stackoverflow.com/questions/70870689/configure-ufw-for-podman-on-port-443) +Your `podman1` interface name maybe differently, check the output of your network interfaces here and see if its also called podman1: +``` +sudo -i podman network inspect lme | jq 'map(select(.name == "lme")) | map(.network_interface) | .[]' +``` + ### Deploying LME for cloud infrastructure: Every cloud setup is different, but as long as the LME server is on the same network and able to talk to the machines you want to monitor everything should be good to go. + +## Other firewall rules +You may also want to access kibana from outside the cloud as well. You'll want to make sure you either allow port `5601` or port `443` inbound from the cloud firewall AND virtual machine firewall. + +``` +root@ubuntu:/opt/lme# sudo ufw allow 443 +Rule added +Rule added (v6) +``` + +``` +root@ubuntu:/opt/lme# sudo ufw status +Status: active + +To Action From +-- ------ ---- +22 ALLOW Anywhere +1514 ALLOW Anywhere +1515 ALLOW Anywhere +8220 ALLOW Anywhere +443 ALLOW Anywhere +22 (v6) ALLOW Anywhere (v6) +1514 (v6) ALLOW Anywhere (v6) +1515 (v6) ALLOW Anywhere (v6) +8220 (v6) ALLOW Anywhere (v6) +443 (v6) ALLOW Anywhere (v6) +``` + +### Don't lock yourself out AND Enabling the firewall + +You also probably don't want to lock yourself out of ssh, so make sure to enable port 22! +``` +sudo ufw allow 22 +``` + +Enable ufw: +``` +sudo ufw enable +``` + + diff --git a/docs/markdown/maintenance/upgrading.md b/docs/markdown/maintenance/upgrading.md index 5f48ea70..bb947a0e 100644 --- a/docs/markdown/maintenance/upgrading.md +++ b/docs/markdown/maintenance/upgrading.md @@ -1,148 +1,6 @@ # Upgrading -Please see https://github.com/cisagov/LME/releases/ for our latest release. +This page serves as a landing page for future upgrading when we release new versions. -Below you can find the upgrade paths that are currently supported and what steps are required for these upgrades. Note that major version upgrades tend to include significant changes, and so will require manual intervention and will not be automatically applied, even if auto-updates are enabled. - -Applying these changes is automated for any new installations. But, if you have an existing installation, you need to conduct some extra steps. **Before performing any of these steps it is advised to take a backup of the current installation using the method described [here](/docs/markdown/maintenance/backups.md).** - -## 1. Finding your LME version (and the components versions) -When reporting an issue or suggesting improvements, it is important to include the versions of all the components, where possible. This ensures that the issue has not already been fixed! - -### 1.1. Windows Server -* Operating System: Press "Windows Key"+R and type ```winver``` -* WEC Config: Open EventViewer > Subscriptions > "LME" > Description should contain version number -* Winlogbeat Config: At the top of the file C:\Program Files\lme\winlogbeat.yml there should be a version number. -* Winlogbeat.exe version: Using PowerShell, navigate to the location of the Winlogbeat executable ("C:\Program Files\lme\winlogbeat-x.x.x-windows-x86_64") and run `.\winlogbeat version`. -* Sysmon config: From either the top of the file or look at the status dashboard -* Sysmon executable: Either run sysmon.exe or look at the status dashboard - -### 1.2. Linux Server -* Docker: on the Linux server type ```docker --version``` -* Linux: on the Linux server type ```cat /etc/os-release``` -* Logstash config: on the Linux server type ```sudo docker config inspect logstash.conf --pretty``` - - -## 2. Upgrade from versions prior to v0.5 -LME does not support upgrading directly from versions prior to v0.5 to v1.0. Prior to switching to CISA's repo, first upgrade to the latest version of LME published by the NCSC (v0.5.1). Then follow the instructions above to upgrade to v1.0. - - -## 3. Upgrade from v0.5 to v1.0.0 - -Since LME's transition from the NCSC to CISA, the location of the LME repository has changed from `https://github.com/ukncsc/lme` to `https://github.com/cisagov/lme`. To obtain any further updates to LME on the ELK server, you will need to transition to the new git repository. Because vital configuration files are stored within the same folder as the git repo, it's simpler to copy the old LME folder to a different location, clone the new repo, copy the files and folders unique to your system, and then optionally delete the old folder. You can do this by running the following commands: - - -``` -sudo mv /opt/lme /opt/lme_old -sudo git clone https://github.com/cisagov/lme.git /opt/lme -sudo cp -r /opt/lme_old/Chapter\ 3\ Files/certs/ /opt/lme/Chapter\ 3\ Files/ -sudo cp /opt/lme_old/Chapter\ 3\ Files/docker-compose-stack-live.yml /opt/lme/Chapter\ 3\ Files/ -sudo cp /opt/lme_old/Chapter\ 3\ Files/get-docker.sh /opt/lme/Chapter\ 3\ Files/ -sudo cp /opt/lme_old/Chapter\ 3\ Files/logstash.edited.conf /opt/lme/Chapter\ 3\ Files/ -sudo cp /opt/lme_old/files_for_windows.zip /opt/lme/ -sudo cp /opt/lme_old/lme.conf /opt/lme/ -sudo cp /opt/lme_old/lme_update.sh /opt/lme/ -``` -Finally, you'll need to grab your old dashboard_update password and add it into the new dashboard_update script: -``` -OLD_Password=[OLD_PASSWORD_HERE] -sudo cp /opt/lme/Chapter\ 3\ Files/dashboard_update.sh /opt/lme/ -sed -i "s/dashboardupdatepassword/$OLD_Password/g" /opt/lme/dashboard_update.sh -``` - - -### 3.1. ELK Stack Update -You can update the ELK stack portion of LME to v1.0 (including dashboards and ELK stack containers) by running the following on the Linux server: - -``` -cd /opt/lme/Chapter\ 3\ Files/ -sudo ./deploy.sh upgrade -``` -**The last step of this script makes all files only readable by their owner in /opt/lme, so that all root owned files with passwords in them are only readable by root. This prevents a local unprivileged user from gaining access to the elastic stack.** - -Once the deploy update is finished, next update the dashboards that are provided alongside LME to the latest version. This can be done by running the below script, with more detailed instructions available [here](/docs/markdown/chapter4.md#411-import-initial-dashboards): - -\*\**NOTE:*\*\* *You may need to wait several minutes for Kibana to successfully initialize after the update before running this script during the upgrade process. If you encounter a "Failed to connect" error or an "Entity Too Large" error wait for several minutes before trying again.* - -##### Optional Substep: Clear out old dashboards -**Skip this step if you don't want to clear out the old dashboards** - -The LME team will not be maintaining any old dashboards from the old NCSC LME version, so if you would like to clean up your LME you can remove the dashboards by navigating to: https:///app/management/kibana/objects - -From there select all the dashboards in the search: `type:(dashboard)` and delete them. -Then you can re-import the new dashboards like above. - -If you have any custom dashboards you should download them manually and add them to the repo as discussed in the new dashboard's folder [README](/Chapter 4 Files/dashboards/Readme.md). - -Most data from the old LME should display just fine in the new dashboards, but there could be some issues, so please feel free to file an issue if there are problems. - - -``` -sudo /opt/lme/dashboard_update.sh -``` - -The rules built-in to the Elastic SIEM can then be updated to the latest version by following the instructions listed in [Chapter 4](/docs/markdown/chapter4.md#42-enable-the-detection-engine) and selecting the option to update the prebuilt rules when prompted, before making sure all of the rules are activated: - -![Update Rules](/docs/imgs/update-rules.png) - - - -### 3.2. Winlogbeat Update -The winlogbeat.yml file used with LME v0.5.1 is not compatible with Winlogbeat 8.5.0, the version used with LME v1.0. As such, running `./deploy.sh update` from step 1.1.1 regenerates a new config file. - -**Your client may still authenticate and push logs to elasticsearch, but for both the security of the client and your LME setup we suggest you still update** - -To update Winlogbeat: -1. Copy files_for_windows.zip to the Event Collector, following the instructions listed under [3.2.4 Download Files for Windows Event Collector](/docs/markdown/chapter3/chapter3.md#324-download-files-for-windows-event-collector). -2. From an elevated PowerShell session, navigate to the location of the Winlogbeat executable ("C:\Program Files\lme\winlogbeat-x.x.x-windows-x86_64\") and then run `./uninstall-service-winlogbeat.ps1` -3. Re-install Winlogbeat, using the new copy of files_for_windows.zip, following the instructions listed under [3.3 Configuring Winlogbeat on Windows Event Collector Server](/docs/markdown/chapter3/chapter3.md#33-configuring-winlogbeat-on-windows-event-collector-server) - -### 3.3. Network Share Updates -LME v1.0 made a minor change to the file structure used in the SYSVOL folder, so a few manual changes are needed to accommodate this. -1. Set up the SYSVOL folder as described in [2.2.1 - Folder Layout](/docs/markdown/chapter2.md#221---folder-layout). -2. Replace the old version of update.bat with the [latest version](/Chapter%202%20Files/GPO%20Deployment/update.bat). -3. Update the path to update.bat used in the LME-Sysmon-Task GPO (refer to [2.2.3 - Scheduled task GPO Policy](/docs/markdown/chapter2.md#223---scheduled-task-gpo-policy)). - -### 3.4. Checklist -1. Have the ELK stack components been upgraded on the Linux server? While on the Linux server, run `sudo docker ps | grep lme`. Version 8.7.1 of Logstash, Kibana, and Elasticsearch should be running. -2. Has Winlogbeat been updated to version 8.5.0? From Event Collector, using PowerShell, navigate to the location of the Winlogbeat executable ("C:\Program Files\lme\winlogbeat-x.x.x-windows-x86_64") and run `.\winlogbeat version`. -3. Is the LME folder inside SYSVOL properly structured? Refer to the checklist listed at the end of chapter 2. -4. Are the events from all clients visible inside elastic? Refer to [4.1.2 Check you are receiving logs](/docs/markdown/chapter4.md#412-check-you-are-receiving-logs). - -## 4. Upgrade to v1.3.1 - -This is a hotfix to the install script and some additional troubleshooting steps added to documentation on space management. Unless you're encountering problems with your current installation, or if your logs are running out of space, there's no need to upgrade to v1.3.1, as it doesn't offer any additional functionality changes. - -## 5. Upgrade to v1.3.2 - -This is a hotfix to address dashboards which failed to load on a fresh install of v1.3.1. If you are currently running v1.3.0, you do not need to upgrade at this time. If you are running versions **before** 1.3.0 or are running v1.3.1, we recommend you upgrade to the latest version. - -Please refer to the [Upgrading to latest version](/docs/markdown/maintenance/upgrading.md#upgrading-to-latest-version) to apply the hotfix. - -## 6. v1.3.3 - Update on data retention failure during LME install - -This is a hotfix to address an error with data retention failure in the deploy.sh script during a fresh LME install. We recommend you upgrade to the latest version if you require disk sizes of 1TB or greater. - -If you've tried to install LME before, then run the following commands as root: -``` -git pull -git checkout main -cd /opt/lme/Chapter\ 3\ Files/ -sudo ./deploy.sh uninstall -sudo docker volume rm lme-esdata -sudo docker volume rm lme-logstashdata -sudo ./deploy.sh install -``` - -## 7. Upgrade to latest version -To fetch the latest changes, on the Linux server, run the following commands as root: -``` -git pull -git checkout main -cd /opt/lme/Chapter\ 3\ Files/ -sudo ./deploy.sh uninstall -sudo ./deploy.sh install -``` - -The deploy.sh script should have now created new files on the Linux server at location /opt/lme/files_for_windows.zip . This file needs to be copied across and used on the Windows Event Collector server like it was explained in Chapter 3 sections [3.2.4 & 3.3 ](/docs/markdown/chapter3/chapter3.md#324-download-files-for-windows-event-collector). +Currently the only upgrade path is from 1.4 -> 2.0 [HERE](/scripts/upgrade/README.md). diff --git a/docs/markdown/prerequisites.md b/docs/markdown/prerequisites.md index f34e9ed0..039478cc 100644 --- a/docs/markdown/prerequisites.md +++ b/docs/markdown/prerequisites.md @@ -3,26 +3,21 @@ ## What kind of IT skills do I need to install LME? - The LME project can be installed by someone at the skill level of a systems administrator or enthusiast. If you have everโ€ฆ - * Installed a Windows server and connected it to an Active Directory domain -* Ideally deployed a Group Policy Object (GPO) * Changed firewall rules * Installed a Linux operating system, and logged in over SSH. - โ€ฆ then you are likely to have the skills to install LME! -We estimate that you should allow a couple of days to run through the entire installation process, though you can break up the process to fit your schedule. While we have automated steps where we can and made the instructions as detailed as possible, installation will require more steps than simply using an installation wizard. +We estimate that you should allow a couple of hours to run through the entire installation process. While we have automated steps where we can and made the instructions as detailed as possible, installation will require more steps than simply using an installation wizard. ## High level overview diagram of the LME system -![High level overview](/docs/imgs/chapter_overview.jpg) -

-Figure 1: High level overview, linking to documentation chapters -

+![diagram](/docs/imgs/lme-architecture-v2.jpg) + +Please see the [main readme](/README.md#Diagram) for a more detailed description ## How much does LME cost? @@ -44,51 +39,55 @@ Text in **bold** means that you have to make a decision or take an action that n Text in *italics* is an easy way of doing something, such as running a script. Double check you are comfortable doing this. A longer, manual, way is also provided. -``` Text in boxes is a command you need to type ``` - +``` +Text in boxes is a command you need to type +``` You should follow each chapter in order, and complete the checklist at the end before continuing. ## Scaling the solution To keep LME simple, our guide only covers single server setups. Itโ€™s difficult to estimate how much load the single server setup will take. -Itโ€™s possible to scale the solution to multiple event collectors and ELK nodes, but that will require more experience with the technologies involved. +Itโ€™s possible to scale the solution to multiple event collectors and ELK nodes, but that will require more experience with the technologies involved. We plan to publish documentation for scaling LME in the future. ## Required infrastructure To begin your Logging Made Easy installation, you will need access to (or creation of) the following servers: -* A Domain Controller to administer a Windows Active Directory. This is for deploying Group Policy Objects (GPO) * A server with 2 processor cores and at least 8GB RAM. We will install the Windows Event Collector Service on this machine, set it up as a Windows Event Collector (WEC), and join it to the domain. - * If budget allows, we recommend having a dedicated server for Windows Event collection. If this is not possible, the WEC can be setup on an existing server, but consider the performance impacts. - * The WEC server can be Windows Server 2016 (or later) or Windows 8.1 client (or later) -* A Debian-based Linux server. We will install our database (Elasticsearch) and dashboard software on this machine. This is all taken care of through Docker containers. +* An ubuntu linux 22.04 server. We will install our database (Elasticsearch) and dashboard software on this machine. This is all taken care of through Podman containers. ### Minimum Hardware Requirements: - - CPU: 2 processor cores, + - CPU: 2 processor cores, 4+ recommended - MEMORY: 16GB RAM, (32GB+ recommended by [Elastic](https://www.elastic.co/guide/en/cloud-enterprise/current/ece-hardware-prereq.html)), - STORAGE: dedicated 128GB storage for ELK (not including storage for OS and other files) - This is estimated to only support ~17 clients of log streaming data/day, and Elasticsearch will automatically purge old logs to make space for new ones. We **highly** suggest more storage than 128GB for any other sized enterprise network. - -### Notes: - * **DO NOT install Docker from the "Featured Snaps" section of the Ubuntu Server install procedure, we install the Docker community edition later.** - * The deploy script has only been tested on Ubuntu: `18.04` Long Term Support (LTS) and `22.04` LTS. + +#### confirm these settings: +to check memory run this command, look under the "free" column +```bash +$ free -h +total used free shared buff/cache available +Mem: 31Gi 6.4Gi 22Gi 4.0Mi 2.8Gi 24Gi +Swap: 0B 0B 0B +``` + +to check the number of CPUs +```bash +$ lscpu | egrep 'CPU\(s\)' +``` + +to check hardware storage, typically the /dev/root will be your main filesystem. The number of gigabytes available is in the Avail column +```bash +$ df -h +Filesystem Size Used Avail Use% Mounted on +/dev/root 124G 13G 112G 11% / +``` ## Where to install the servers Servers can be either on premise, in a public cloud or private cloud. It is your choice, but you'll need to consider how to network between the clients and servers. ## What firewall rules are needed? +TODO -![Overview of Network rules](/docs/imgs/troubleshooting-overview.jpg) -

-Figure 1: Overview of Network rules -

- -| Diagram Reference | Protocol information | -| :---: |-------------| -| a | Outbound WinRM using TCP 5985.

Link is HTTP, underlying data is authenticated and encrypted with Kerberos.

See [this Microsoft article](https://docs.microsoft.com/en-us/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection) for more information | -| b | Inbound WinRM TCP 5985.

Link is HTTP, underlying data is authenticated and encrypted with Kerberos.

See [this Microsoft article](https://docs.microsoft.com/en-us/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection) for more information

(optional) Inbound TCP 3389 for Remote Desktop management | -| c | Outbound TCP 5044.

Lumberjack protocol using TLS mutual authentication. | -| d | Inbound TCP 5044.

Lumberjack protocol using TLS mutual authentication.

Inbound TCP 443 for dashboard access

(optional) Inbound TCP 22 for SSH management | -## Now move onto [Chapter 1 โ€“ Setup Windows Event Forwarding](/docs/markdown/chapter1/chapter1.md) diff --git a/docs/markdown/reference/dev-notes.md b/docs/markdown/reference/dev-notes.md deleted file mode 100644 index b4dfbeba..00000000 --- a/docs/markdown/reference/dev-notes.md +++ /dev/null @@ -1,163 +0,0 @@ -# Dev notes: -TODO update these to be relevant/new - -Notes to convert compose -> quadlet -1. start the containers with compose -2. podlet generate from the containers created - -### compose: -running: -```shell -podman-compose up -d -``` - -stopping: -```shell -podman-compose down --remove-orphans - -#only run if you want to remove all volumes: -podman-compose down -v --remove-orphans -``` - -### install/get podlet: -``` -#https://github.com/containers/podlet/releases -wget https://github.com/containers/podlet/releases/download/v0.3.0/podlet-x86_64-unknown-linux-gnu.tar.xz -#add it to path: -cp ./podlet-x86_64-unknown-linux-gnu/podlet .local/bin/ -``` - -### generate the quadlet files: -[DOCS](https://docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html), [BLOG](https://mo8it.com/blog/quadlet/) - -``` -cd ~/LME-PRIV/quadlet - -for x in $(podman ps --filter label=io.podman.compose.project=lme-2-arch -a --format "{{.Names}}");do echo $x; podlet generate container $x > $x.container;done -``` - -### dealing with journalctl logs: -https://unix.stackexchange.com/questions/638432/clear-failed-states-or-all-old-logs-from-systemctl-status-service -``` -#delete all logs: -sudo rm /var/log/journal/$STRING_OF_HEX/user-1000* -``` - -### debugging commands: -``` -systemctl --user stop lme.service -systemctl --user status lme* -systemctl --user restart lme.service -journalctl --user -u lme-fleet-server.service -systemctl --user status lme* -cp -r $CLONE_DIRECTORY/config/ /opt/lme && cp -r $CLONE_DIRECTORY/quadlet /opt/lme -systemctl --user daemon-reload && systemctl --user list-unit-files lme\* -systemctl --user reset-failed -podman volume rm -a - -###make sure all ports are free as well: -sudo ss -tulpn -``` - -### password setup stuff: -#### setup the config directory -This will setup the container config so it uses ansible vault for podman secret creation AND sets up the proper ansible-vault environment variables. - -``` -ln -sf /opt/lme/config/containers.conf $HOME/.config/containers/containers.conf -#preserve `chmod +x` executable -cp -rTp config/ /opt/lme/config -#source our password env var: -. ./scripts/set_vault_key_env.sh -#create the vault directory: -/opt/lme/vault/ -``` - -#### create password file: -This will setup the ansible vault files in the expected paths -``` -ansible-vault create /opt/lme/vault.yml -``` - -### **Manual Install OLD**( optional if not running ansible install): -``` -export CLONE_DIRECTORY=~/LME-PRIV/lme-2-arch -#systemd will setup nix: -#Old way to setup nix if desired: sh <(curl -L https://nixos.org/nix/install) --daemon -sudo apt install jq uidmap nix-bin nix-setup-systemd - -sudo nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs -sudo nix-channel --update - -# Add user to nix group in /etc/group -sudo usermod -aG nix-users $USER - -#install podman and podman-compose -sudo nix-env -iA nixpkgs.podman - -# Set the path for root and lme-user -#echo 'export PATH=$PATH:$HOME/.nix-profile/bin' >> ~/.bashrc -echo 'export PATH=$PATH:/nix/var/nix/profiles/default/bin' >> ~/.bashrc -sudo sh -c 'echo "export PATH=$PATH:/nix/var/nix/profiles/default/bin" >> /root/.bashrc' - -#to allow 443/80 bind and setup memory/limits -sudo NON_ROOT_USER=$USER $CLONE_DIRECTORY/set_sysctl_limits.sh - -#export XDG_CONFIG_HOME="$HOME/.config" -#export XDG_RUNTIME_DIR=/run/user/$(id -u) - -#setup user-generator on systemd: -sudo $CLONE_DIRECTORY/link_latest_podman_quadlet.sh - -#setup loginctl -sudo loginctl enable-linger $USER -``` - -Quadlet configuration for containers is in: `/quadlet/` -1. setup `/opt/lme` thats the running directory for lme: -```bash -sudo mkdir -p /opt/lme -sudo chown -R $USER:$USER /opt/lme -cp -r $CLONE_DIRECTORY/config/ /opt/lme/ -cp -r $CLONE_DIRECTORY/quadlet/ /opt/lme/ - -#setup quadlets -mkdir -p ~/.config/containers/ -ln -s /opt/lme/quadlet ~/.config/containers/systemd - -#setup service file -mkdir -p ~/.config/systemd/user -ln -s /opt/lme/quadlet/lme.service ~/.config/systemd/user/ -``` - -### pull and tag all containers: -This will let us maintain the lme container versions using the `LME_LATEST` tag. Whenever we update, we change the local image to point to the newest update, and run `podman auto-update` to update the containers. - -**NOTE TO FUTURE SELVES: NEEDS TO BE `LOCALHOST` TO AVOID REMOTE TAGGING ATTACK** - -```bash -sudo mkdir -p /etc/containers -sudo tee /etc/containers/policy.json < Date: Tue, 22 Oct 2024 22:37:42 -0400 Subject: [PATCH 11/19] Mreeve 461 post install (#477) * Remove memory limitations in kibana/elasticsearch quadlets * adding starting dashboards docs + scripting * adding starting dashboards docs + scripting * Fixing passwords in init-setup * Uploading first setup of post-install.yml * Removing old dashboard * Uplloading updated documentation * Remove optional passowrd setting and add in small changes * Updating post_install to include wazuh reset and readonly_user creation * Adding notes on manual passwords: - leaving notes on this, but stating its unsupported * pushing ansible changes to expand path and run script to change wazuh password --- README.md | 45 +- ansible/post_install_local.yml | 923 ++++++++++++++++++ config/setup/init-setup.sh | 4 +- dashboards/Readme.md | 62 ++ dashboards/elastic/User_Security_2.ndjson | 39 + dashboards/export_dashboards.py | 171 ++++ dashboards/requirements.txt | 2 + .../wazuh/wz-es-4.x-8.x-dashboards.ndjson | 9 + docs/markdown/logging-guidance/cloud.md | 31 +- docs/markdown/reference/troubleshooting.md | 176 ++-- quadlet/lme-elasticsearch.container | 2 +- quadlet/lme-kibana.container | 2 +- scripts/wazuh_rbac.sh | 3 + 13 files changed, 1346 insertions(+), 123 deletions(-) create mode 100644 ansible/post_install_local.yml create mode 100644 dashboards/Readme.md create mode 100644 dashboards/elastic/User_Security_2.ndjson create mode 100755 dashboards/export_dashboards.py create mode 100644 dashboards/requirements.txt create mode 100644 dashboards/wazuh/wz-es-4.x-8.x-dashboards.ndjson create mode 100755 scripts/wazuh_rbac.sh diff --git a/README.md b/README.md index 973feaa2..fefdcd9e 100644 --- a/README.md +++ b/README.md @@ -132,12 +132,6 @@ cp ./config/example.env ./config/lme-environment.env IPVAR=127.0.0.1 #your hosts ip ``` -### OPTIONAL: setting master password -This password will be used to encrypt all service user passwords and you should make sure to keep track of it (it will also be stored in `/etc/lme/pass.sh`). -``` -sudo -i ${PWD}/scripts/password_management.sh -i -``` -You can skip this step if you would like to have the script setup the master password for you and you'll never need to touch it :) ### **Automated Install** @@ -147,13 +141,13 @@ You can run this installer to run the total install in ansible. ```bash sudo apt update && sudo apt install -y ansible # cd ~/LME-PRIV/lme-2-arch # Or path to your clone of this repo -ansible-playbook ./scripts/install_lme_local.yml +ansible-playbook ./ansible/install_lme_local.yml ``` This assumes that you have the repo in `~/LME/`. If you don't, you can pass the `CLONE_DIRECTORY` variable to the playbook. ``` -ansible-playbook ./scripts/install_lme_local.yml -e "clone_dir=/path/to/clone/directory" +ansible-playbook ./ansible/install_lme_local.yml -e "clone_dir=/path/to/clone/directory" ``` This also assumes your user can sudo without a password. If you need to input a password when you sudo, you can run it with the `-K` flag and it will prompt you for a password. @@ -268,6 +262,33 @@ sudo -i podman volume rm -a **WARNING THIS WILL DELETE EVERYTHING!!!** +### Other Post install setup: +A few other things are needed and you're all set to go. +1. setting up fleet +2. fixing a few issues with wazuh (in a future release this won't be necessary) +3. setting up custom LME dashboards +4. setting up wazuh's dashboards +5. setting up a read only user for analysts to connect and query LME's data + +Luckily we've packed this in a script for you. Before running it we want to make sure our podman containers are healthy and setup. Run the command `sudo -i podman ps --format "{{.Names}} {{.Status}}"` +```bash +lme-user@ubuntu:~/LME-TEST$ sudo -i podman ps --format "{{.Names}} {{.Status}}" +lme-elasticsearch Up 49 minutes (healthy) +lme-wazuh-manager Up 48 minutes +lme-kibana Up 36 minutes (healthy) +lme-fleet-server Up 35 minutes +``` + +If you see something like the above you're good to go to run the command: +``` +ansible-playbook ./ansible/post_install_local.yml +``` + +You'll see the following in the `/opt/lme/dashboards/elastic/` and `/opt/lme/dashboards/wazuh/` directories if dashboard installation was successful: +```bash + +``` + ## Deploying Agents: ### Deploy Wazuh Agent on client machine (Linux) @@ -321,7 +342,9 @@ USER_VAULT_DIR="/etc/lme/vault" PASSWORD_FILE="/etc/lme/pass.sh" ``` -### MANUALLY setting up passwords and accessing passwords: +### MANUALLY setting up passwords and accessing passwords **UNSUPPORTED**: +**These steps are not fully supported and are left if others would like to suppor this in their environment** + Run the password_management.sh script: ```bash lme-user@ubuntu:~/LME-TEST$ sudo -i ${PWD}/scripts/password_management.sh -h @@ -342,10 +365,10 @@ $CLONE_DIRECTORY/scripts/extract_secrets.sh -p #to print source $CLONE_DIRECTORY/scripts/extract_secrets.sh #without printing values source $CLONE_DIRECTORY/scripts/extract_secrets.sh -q #with no output -## manually: +``` +#### manually getting passwords: #where wazuh_api is the service user whose password you want: sudo -i ansible-vault view /etc/lme/vault/$(sudo -i podman secret ls | grep wazuh_api | awk '{print $1}') -``` # Documentation: diff --git a/ansible/post_install_local.yml b/ansible/post_install_local.yml new file mode 100644 index 00000000..ac4f5ed6 --- /dev/null +++ b/ansible/post_install_local.yml @@ -0,0 +1,923 @@ +--- + +- name: Set up Fleet + hosts: localhost + become: yes + gather_facts: no + + vars: + headers: + kbn-version: "8.12.2" + kbn-xsrf: "kibana" + Content-Type: "application/json" + max_retries: 60 + delay_seconds: 10 + debug_mode: false + installed_file: "/opt/lme/FLEET_SETUP_FINISHED" + + tasks: + - name: Check if INSTALLED file exists + stat: + path: "{{ installed_file }}" + register: installed_file_check + + - name: Exit cleanly if INSTALLED file exists + debug: + msg: "The INSTALLED file exists. Exiting the play cleanly." + when: installed_file_check.stat.exists + + - name: End play if INSTALLED file exists + meta: end_play + when: installed_file_check.stat.exists + + #SETUP + - name: Read lme-environment.env file + ansible.builtin.slurp: + src: /opt/lme/lme-environment.env + register: lme_env_content + + - name: Set environment variables + ansible.builtin.set_fact: + env_dict: "{{ env_dict | default({}) | combine({ item.split('=', 1)[0]: item.split('=', 1)[1] }) }}" + loop: "{{ (lme_env_content['content'] | b64decode).split('\n') }}" + when: item != '' and not item.startswith('#') + + - name: Display set environment variables + debug: + msg: "Set {{ item.key }}" + loop: "{{ env_dict | dict2items }}" + when: item.value | length > 0 and (not debug_mode) + + - name: Source extract_secrets + ansible.builtin.shell: | + set -a + . {{ playbook_dir }}/../scripts/extract_secrets.sh -q + echo "elastic=$elastic" + echo "wazuh=$wazuh" + echo "kibana_system=$kibana_system" + echo "wazuh_api=$wazuh_api" + args: + executable: /bin/bash + register: extract_secrets_vars + no_log: "{{ not debug_mode }}" + + - name: Set secret variables + ansible.builtin.set_fact: + env_dict: "{{ env_dict | combine({ item.split('=', 1)[0]: item.split('=', 1)[1] }) }}" + loop: "{{ extract_secrets_vars.stdout_lines }}" + no_log: "{{ not debug_mode }}" + + - name: Set playbook variables + ansible.builtin.set_fact: + ipvar: "{{ env_dict.IPVAR | default('') }}" + local_kbn_url: "{{ env_dict.LOCAL_KBN_URL | default('') }}" + local_es_url: "{{ env_dict.LOCAL_ES_URL | default('') }}" + stack_version: "{{ env_dict.STACK_VERSION | default('') }}" + cluster_name: "{{ env_dict.CLUSTER_NAME | default('') }}" + elastic_username: "{{ env_dict.ELASTIC_USERNAME | default('') }}" + elasticsearch_username: "{{ env_dict.ELASTICSEARCH_USERNAME | default('') }}" + kibana_fleet_username: "{{ env_dict.KIBANA_FLEET_USERNAME | default('') }}" + indexer_username: "{{ env_dict.INDEXER_USERNAME | default('') }}" + api_username: "{{ env_dict.API_USERNAME | default('') }}" + license: "{{ env_dict.LICENSE | default('') }}" + es_port: "{{ env_dict.ES_PORT | default('') }}" + kibana_port: "{{ env_dict.KIBANA_PORT | default('') }}" + fleet_port: "{{ env_dict.FLEET_PORT | default('') }}" + mem_limit: "{{ env_dict.MEM_LIMIT | default('') }}" + elastic_password: "{{ env_dict.elastic | default('') }}" + wazuh_password: "{{ env_dict.wazuh | default('') }}" + kibana_system_password: "{{ env_dict.kibana_system | default('') }}" + wazuh_api_password: "{{ env_dict.wazuh_api | default('') }}" + + - name: Debug - Display set variables (sensitive information redacted) + debug: + msg: + - "ipvar: {{ ipvar }}" + - "local_kbn_url: {{ local_kbn_url }}" + - "local_es_url: {{ local_es_url }}" + - "elastic_username: {{ elastic_username }}" + - "stack_version: {{ stack_version }}" + - "cluster_name: {{ cluster_name }}" + - "elasticsearch_username: {{ elasticsearch_username }}" + - "kibana_fleet_username: {{ kibana_fleet_username }}" + - "indexer_username: {{ indexer_username }}" + - "api_username: {{ api_username }}" + - "license: {{ license }}" + - "es_port: {{ es_port }}" + - "kibana_port: {{ kibana_port }}" + - "fleet_port: {{ fleet_port }}" + - "mem_limit: {{ mem_limit }}" + - "elastic password is set: {{ elastic_password | length > 0 }}" + - "wazuh password is set: {{ wazuh_password | length > 0 }}" + - "kibana_system password is set: {{ kibana_system_password | length > 0 }}" + - "wazuh_api password is set: {{ wazuh_api_password | length > 0 }}" + when: debug_mode | bool + #SETUP + + - name: Wait for Kibana port to be available + wait_for: + host: "{{ ipvar }}" + port: "{{ kibana_port | int }}" + timeout: 300 + register: kibana_port_check + + - name: Wait for Fleet API to be ready + ansible.builtin.shell: | + attempt=0 + max_attempts=30 + delay=10 + while [ $attempt -lt $max_attempts ]; do + response=$(curl -s -o /dev/null -w "%{http_code}" -k -u elastic:{{ elastic_password }} {{ local_kbn_url }}/api/fleet/agents/setup) + if [ "$response" = "200" ]; then + echo "Fleet API is ready. Proceeding with configuration..." + exit 0 + fi + echo "Waiting for Fleet API to be ready..." + sleep $delay + attempt=$((attempt+1)) + done + echo "Fleet API did not become ready within the expected time." + exit 1 + register: fleet_api_check + changed_when: false + no_log: "{{ not debug_mode }}" + + - name: Display Fleet API check result + debug: + var: fleet_api_check.stdout_lines + + - name: Confirm Fleet API is ready + debug: + msg: "Fleet API is ready" + when: "'Fleet API is ready' in fleet_api_check.stdout" + + - name: Fail if Fleet API is not ready + fail: + msg: "Fleet API did not become ready within the expected time." + when: "'Fleet API is ready' not in fleet_api_check.stdout" + + - name: Get CA fingerprint + ansible.builtin.shell: | + sudo bash -c ' + set -a + . {{ playbook_dir }}/../scripts/extract_secrets.sh -q + set +a + /nix/var/nix/profiles/default/bin/podman exec -w /usr/share/elasticsearch/config/certs/ca lme-elasticsearch cat ca.crt | openssl x509 -noout -fingerprint -sha256 | cut -d "=" -f 2 | tr -d : | head -n1 + ' + register: ca_fingerprint + changed_when: false + become: yes + become_method: sudo + no_log: "{{ not debug_mode }}" + + - name: Display CA fingerprint + debug: + var: ca_fingerprint.stdout + when: + - ca_fingerprint is defined + - ca_fingerprint.stdout is defined + - debug_mode | bool + + - name: Set Fleet server hosts + uri: + url: "{{ local_kbn_url }}/api/fleet/settings" + method: PUT + user: "{{ elastic_username }}" + password: "{{ elastic_password }}" + force_basic_auth: yes + validate_certs: no + headers: "{{ headers }}" + body_format: json + body: + fleet_server_hosts: ["https://{{ ipvar }}:{{ fleet_port }}"] + register: fleet_server_hosts_result + no_log: "{{ not debug_mode }}" + ignore_errors: yes + + - name: Debug Fleet server hosts result + debug: + var: fleet_server_hosts_result + when: fleet_server_hosts_result is defined and debug_mode | bool + + - name: Set Fleet default output hosts + uri: + url: "{{ local_kbn_url }}/api/fleet/outputs/fleet-default-output" + method: PUT + user: "{{ elastic_username }}" + password: "{{ elastic_password }}" + force_basic_auth: yes + validate_certs: no + headers: "{{ headers }}" + body_format: json + body: + hosts: ["https://{{ ipvar }}:9200"] + register: fleet_output_hosts_result + no_log: "{{ not debug_mode }}" + ignore_errors: yes + + - name: Debug Fleet default output hosts result + debug: + var: fleet_output_hosts_result + when: fleet_output_hosts_result is defined + + - name: Set Fleet default output CA trusted fingerprint + uri: + url: "{{ local_kbn_url }}/api/fleet/outputs/fleet-default-output" + method: PUT + user: "{{ elastic_username }}" + password: "{{ elastic_password }}" + force_basic_auth: yes + validate_certs: no + headers: "{{ headers }}" + body_format: json + body: + ca_trusted_fingerprint: "{{ ca_fingerprint.stdout }}" + register: fleet_output_fingerprint_result + no_log: "{{ not debug_mode }}" + + - name: Set Fleet default output SSL verification mode + uri: + url: "{{ local_kbn_url }}/api/fleet/outputs/fleet-default-output" + method: PUT + user: "{{ elastic_username }}" + password: "{{ elastic_password }}" + force_basic_auth: yes + validate_certs: no + headers: "{{ headers }}" + body_format: json + body: + config_yaml: "ssl.verification_mode: certificate" + register: fleet_output_ssl_result + no_log: "{{ not debug_mode }}" + + - name: Create Endpoint Policy + uri: + url: "{{ local_kbn_url }}/api/fleet/agent_policies?sys_monitoring=true" + method: POST + user: "{{ elastic_username }}" + password: "{{ elastic_password }}" + force_basic_auth: yes + validate_certs: no + headers: "{{ headers }}" + body_format: json + body: + name: "Endpoint Policy" + description: "" + namespace: "default" + monitoring_enabled: ["logs", "metrics"] + inactivity_timeout: 1209600 + timeout: 600 + register: endpoint_policy_result + no_log: "{{ not debug_mode }}" + + - name: Get Endpoint package version + uri: + url: "{{ local_kbn_url }}/api/fleet/epm/packages/endpoint" + method: GET + user: "{{ elastic_username }}" + password: "{{ elastic_password }}" + force_basic_auth: yes + validate_certs: no + headers: "{{ headers }}" + register: endpoint_package_result + no_log: "{{ not debug_mode }}" + + - name: Create Elastic Defend package policy + uri: + url: "{{ local_kbn_url }}/api/fleet/package_policies" + method: POST + user: "{{ elastic_username }}" + password: "{{ elastic_password }}" + force_basic_auth: yes + validate_certs: no + headers: "{{ headers }}" + body_format: json + timeout: 600 + body: + name: "Elastic Defend" + description: "" + namespace: "default" + policy_id: "{{ endpoint_policy_result.json.item.id }}" + enabled: true + inputs: + - enabled: true + streams: [] + type: "ENDPOINT_INTEGRATION_CONFIG" + config: + _config: + value: + type: "endpoint" + endpointConfig: + preset: "EDRComplete" + package: + name: "endpoint" + title: "Elastic Defend" + version: "{{ endpoint_package_result.json.item.version }}" + register: elastic_defend_policy_result + no_log: "{{ not debug_mode }}" + + - name: Display results + debug: + var: "{{ item }}" + loop: + - fleet_server_hosts_result + - fleet_output_hosts_result + - fleet_output_fingerprint_result + - fleet_output_ssl_result + - endpoint_policy_result + - elastic_defend_policy_result + + - name: Create INSTALLED file + file: + path: "{{ installed_file }}" + state: touch + when: not installed_file_check.stat.exists + +- name: Install LME Dashboards + hosts: localhost + become: yes + gather_facts: no + + vars: + max_retries: 60 + delay_seconds: 10 + debug_mode: false + clone_directory: "{{ clone_dir | default('~/LME') }}" + dashboards_path: "/opt/lme/dashboards/elastic/*.ndjson" + kibana_url: "https://127.0.0.1:5601/api/saved_objects/_import?overwrite=true" + install_user: "root" + installed_file: "/opt/lme/dashboards/elastic/INSTALLED" + + + #TODO: have a task that creates dashboard_update user for later dashboard runs + tasks: + - name: Check if INSTALLED file exists + stat: + path: "{{ installed_file }}" + register: installed_file_check + + - name: Exit cleanly if INSTALLED file exists + debug: + msg: "The INSTALLED file exists. Exiting the play cleanly." + when: installed_file_check.stat.exists + + - name: End play if INSTALLED file exists + meta: end_play + when: installed_file_check.stat.exists + + #SETUP + - name: Read lme-environment.env file + ansible.builtin.slurp: + src: /opt/lme/lme-environment.env + register: lme_env_content + + - name: Set environment variables + ansible.builtin.set_fact: + env_dict: "{{ env_dict | default({}) | combine({ item.split('=', 1)[0]: item.split('=', 1)[1] }) }}" + loop: "{{ (lme_env_content['content'] | b64decode).split('\n') }}" + when: item != '' and not item.startswith('#') + + - name: Display set environment variables + debug: + msg: "Set {{ item.key }}" + loop: "{{ env_dict | dict2items }}" + when: item.value | length > 0 and (not debug_mode) + + - name: Source extract_secrets + ansible.builtin.shell: | + set -a + . {{ playbook_dir }}/../scripts/extract_secrets.sh -q + echo "elastic=$elastic" + echo "wazuh=$wazuh" + echo "kibana_system=$kibana_system" + echo "wazuh_api=$wazuh_api" + args: + executable: /bin/bash + register: extract_secrets_vars + no_log: "{{ not debug_mode }}" + + - name: Set secret variables + ansible.builtin.set_fact: + env_dict: "{{ env_dict | combine({ item.split('=', 1)[0]: item.split('=', 1)[1] }) }}" + loop: "{{ extract_secrets_vars.stdout_lines }}" + no_log: "{{ not debug_mode }}" + + - name: Set playbook variables + ansible.builtin.set_fact: + ipvar: "{{ env_dict.IPVAR | default('') }}" + local_kbn_url: "{{ env_dict.LOCAL_KBN_URL | default('') }}" + local_es_url: "{{ env_dict.LOCAL_ES_URL | default('') }}" + stack_version: "{{ env_dict.STACK_VERSION | default('') }}" + cluster_name: "{{ env_dict.CLUSTER_NAME | default('') }}" + elastic_username: "{{ env_dict.ELASTIC_USERNAME | default('') }}" + elasticsearch_username: "{{ env_dict.ELASTICSEARCH_USERNAME | default('') }}" + kibana_fleet_username: "{{ env_dict.KIBANA_FLEET_USERNAME | default('') }}" + indexer_username: "{{ env_dict.INDEXER_USERNAME | default('') }}" + api_username: "{{ env_dict.API_USERNAME | default('') }}" + license: "{{ env_dict.LICENSE | default('') }}" + es_port: "{{ env_dict.ES_PORT | default('') }}" + kibana_port: "{{ env_dict.KIBANA_PORT | default('') }}" + fleet_port: "{{ env_dict.FLEET_PORT | default('') }}" + mem_limit: "{{ env_dict.MEM_LIMIT | default('') }}" + elastic_password: "{{ env_dict.elastic | default('') }}" + wazuh_password: "{{ env_dict.wazuh | default('') }}" + kibana_system_password: "{{ env_dict.kibana_system | default('') }}" + wazuh_api_password: "{{ env_dict.wazuh_api | default('') }}" + + - name: Debug - Display set variables (sensitive information redacted) + debug: + msg: + - "ipvar: {{ ipvar }}" + - "local_kbn_url: {{ local_kbn_url }}" + - "local_es_url: {{ local_es_url }}" + - "elastic_username: {{ elastic_username }}" + - "stack_version: {{ stack_version }}" + - "cluster_name: {{ cluster_name }}" + - "elasticsearch_username: {{ elasticsearch_username }}" + - "kibana_fleet_username: {{ kibana_fleet_username }}" + - "indexer_username: {{ indexer_username }}" + - "api_username: {{ api_username }}" + - "license: {{ license }}" + - "es_port: {{ es_port }}" + - "kibana_port: {{ kibana_port }}" + - "fleet_port: {{ fleet_port }}" + - "mem_limit: {{ mem_limit }}" + - "elastic password is set: {{ elastic_password | length > 0 }}" + - "wazuh password is set: {{ wazuh_password | length > 0 }}" + - "kibana_system password is set: {{ kibana_system_password | length > 0 }}" + - "wazuh_api password is set: {{ wazuh_api_password | length > 0 }}" + when: debug_mode | bool + #SETUP + + + - name: Copy dashboards files /opt/lme/dashboards + copy: + src: "{{ clone_directory }}/dashboards/" + dest: /opt/lme/dashboards/ + owner: "{{ install_user }}" + group: "{{ install_user }}" + mode: '0644' + become: yes + + - name: Get list of dashboards + find: + paths: "{{ dashboards_path | dirname }}" + patterns: "*.ndjson" + register: dashboards + + - name: Upload dashboards to Kibana + shell: 'curl -X POST -k --user "{{ elastic_username }}":"{{ elastic_password }}" -H "kbn-xsrf: true" -F file=@"{{ item }}" "{{ kibana_url }}"' + loop: "{{ dashboards.files | map(attribute='path') | list }}" + args: + warn: false + + - name: Create INSTALLED file + file: + path: "{{ installed_file }}" + state: touch + when: not installed_file_check.stat.exists + +- name: Install Wazuh Dashboards + hosts: localhost + become: yes + gather_facts: no + + vars: + max_retries: 60 + delay_seconds: 10 + debug_mode: false + clone_directory: "{{ clone_dir | default('~/LME') }}" + dashboards_path: "/opt/lme/dashboards/wazuh/*.ndjson" + check_path: "/opt/lme/dashboards/wazuh/" + kibana_url: "https://127.0.0.1:5601/api/saved_objects/_import?overwrite=true" + install_user: "root" + installed_file: "/opt/lme/dashboards/wazuh/INSTALLED" + + tasks: + - name: Check if INSTALLED file exists + stat: + path: "{{ installed_file }}" + register: installed_file_check + + - name: Exit cleanly if INSTALLED file exists + debug: + msg: "The INSTALLED file exists. Exiting the playbook cleanly." + when: installed_file_check.stat.exists + + - name: End play if INSTALLED file exists + meta: end_play + when: installed_file_check.stat.exists + + #SETUP + - name: Read lme-environment.env file + ansible.builtin.slurp: + src: /opt/lme/lme-environment.env + register: lme_env_content + + - name: Set environment variables + ansible.builtin.set_fact: + env_dict: "{{ env_dict | default({}) | combine({ item.split('=', 1)[0]: item.split('=', 1)[1] }) }}" + loop: "{{ (lme_env_content['content'] | b64decode).split('\n') }}" + when: item != '' and not item.startswith('#') + + - name: Display set environment variables + debug: + msg: "Set {{ item.key }}" + loop: "{{ env_dict | dict2items }}" + when: item.value | length > 0 and ( not debug_mode ) + + - name: Source extract_secrets + ansible.builtin.shell: | + set -a + . {{ playbook_dir }}/../scripts/extract_secrets.sh -q + echo "elastic=$elastic" + echo "wazuh=$wazuh" + echo "kibana_system=$kibana_system" + echo "wazuh_api=$wazuh_api" + args: + executable: /bin/bash + register: extract_secrets_vars + no_log: "{{ not debug_mode }}" + + - name: Set secret variables + ansible.builtin.set_fact: + env_dict: "{{ env_dict | combine({ item.split('=', 1)[0]: item.split('=', 1)[1] }) }}" + loop: "{{ extract_secrets_vars.stdout_lines }}" + no_log: "{{ not debug_mode }}" + + - name: Set playbook variables + ansible.builtin.set_fact: + ipvar: "{{ env_dict.IPVAR | default('') }}" + local_kbn_url: "{{ env_dict.LOCAL_KBN_URL | default('') }}" + local_es_url: "{{ env_dict.LOCAL_ES_URL | default('') }}" + stack_version: "{{ env_dict.STACK_VERSION | default('') }}" + cluster_name: "{{ env_dict.CLUSTER_NAME | default('') }}" + elastic_username: "{{ env_dict.ELASTIC_USERNAME | default('') }}" + elasticsearch_username: "{{ env_dict.ELASTICSEARCH_USERNAME | default('') }}" + kibana_fleet_username: "{{ env_dict.KIBANA_FLEET_USERNAME | default('') }}" + indexer_username: "{{ env_dict.INDEXER_USERNAME | default('') }}" + api_username: "{{ env_dict.API_USERNAME | default('') }}" + license: "{{ env_dict.LICENSE | default('') }}" + es_port: "{{ env_dict.ES_PORT | default('') }}" + kibana_port: "{{ env_dict.KIBANA_PORT | default('') }}" + fleet_port: "{{ env_dict.FLEET_PORT | default('') }}" + mem_limit: "{{ env_dict.MEM_LIMIT | default('') }}" + elastic_password: "{{ env_dict.elastic | default('') }}" + wazuh_password: "{{ env_dict.wazuh | default('') }}" + kibana_system_password: "{{ env_dict.kibana_system | default('') }}" + wazuh_api_password: "{{ env_dict.wazuh_api | default('') }}" + + - name: Debug - Display set variables (sensitive information redacted) + debug: + msg: + - "ipvar: {{ ipvar }}" + - "local_kbn_url: {{ local_kbn_url }}" + - "local_es_url: {{ local_es_url }}" + - "elastic_username: {{ elastic_username }}" + - "stack_version: {{ stack_version }}" + - "cluster_name: {{ cluster_name }}" + - "elasticsearch_username: {{ elasticsearch_username }}" + - "kibana_fleet_username: {{ kibana_fleet_username }}" + - "indexer_username: {{ indexer_username }}" + - "api_username: {{ api_username }}" + - "license: {{ license }}" + - "es_port: {{ es_port }}" + - "kibana_port: {{ kibana_port }}" + - "fleet_port: {{ fleet_port }}" + - "mem_limit: {{ mem_limit }}" + - "elastic password is set: {{ elastic_password | length > 0 }}" + - "wazuh password is set: {{ wazuh_password | length > 0 }}" + - "kibana_system password is set: {{ kibana_system_password | length > 0 }}" + - "wazuh_api password is set: {{ wazuh_api_password | length > 0 }}" + when: debug_mode | bool + #SETUP + + + - name: Check if dashboards_path exists + stat: + path: "{{ check_path }}" + register: path + + - name: Fail if dashboards_path doesn't exist + fail: + msg: "Dashboards path {{ check_path }} doesn't exist, theres been an error" + when: + - not path.stat.exists + + - name: Get list of dashboards + find: + paths: "{{ dashboards_path | dirname }}" + patterns: "*.ndjson" + register: dashboards + + - name: Upload dashboards to Kibana + shell: 'curl -X POST -k --user "{{ elastic_username }}":"{{ elastic_password }}" -H "kbn-xsrf: true" -F file=@"{{ item }}" "{{ kibana_url }}"' + args: + warn: false + loop: "{{ dashboards.files | map(attribute='path') | list }}" + + - name: Create INSTALLED file + file: + path: "{{ installed_file }}" + state: touch + when: not installed_file_check.stat.exists + +- name: Fix Wazuh Post Install Issues + hosts: localhost + become: yes + gather_facts: no + + vars: + max_retries: 60 + delay_seconds: 10 + debug_mode: false + clone_directory: "{{ clone_dir | default('~/LME') }}" + install_user: "{{ ansible_user_id }}" + + tasks: + #SETUP + - name: Read lme-environment.env file + ansible.builtin.slurp: + src: /opt/lme/lme-environment.env + register: lme_env_content + + - name: Set environment variables + ansible.builtin.set_fact: + env_dict: "{{ env_dict | default({}) | combine({ item.split('=', 1)[0]: item.split('=', 1)[1] }) }}" + loop: "{{ (lme_env_content['content'] | b64decode).split('\n') }}" + when: item != '' and not item.startswith('#') + + - name: Display set environment variables + debug: + msg: "Set {{ item.key }}" + loop: "{{ env_dict | dict2items }}" + when: item.value | length > 0 and (not debug_mode) + + - name: Source extract_secrets + ansible.builtin.shell: | + set -a + . {{ playbook_dir }}/../scripts/extract_secrets.sh -q + echo "elastic=$elastic" + echo "wazuh=$wazuh" + echo "kibana_system=$kibana_system" + echo "wazuh_api=$wazuh_api" + args: + executable: /bin/bash + register: extract_secrets_vars + no_log: "{{ not debug_mode }}" + + - name: Set secret variables + ansible.builtin.set_fact: + env_dict: "{{ env_dict | combine({ item.split('=', 1)[0]: item.split('=', 1)[1] }) }}" + loop: "{{ extract_secrets_vars.stdout_lines }}" + no_log: "{{ not debug_mode }}" + + - name: Set playbook variables + ansible.builtin.set_fact: + ipvar: "{{ env_dict.IPVAR | default('') }}" + local_kbn_url: "{{ env_dict.LOCAL_KBN_URL | default('') }}" + local_es_url: "{{ env_dict.LOCAL_ES_URL | default('') }}" + stack_version: "{{ env_dict.STACK_VERSION | default('') }}" + cluster_name: "{{ env_dict.CLUSTER_NAME | default('') }}" + elastic_username: "{{ env_dict.ELASTIC_USERNAME | default('') }}" + elasticsearch_username: "{{ env_dict.ELASTICSEARCH_USERNAME | default('') }}" + kibana_fleet_username: "{{ env_dict.KIBANA_FLEET_USERNAME | default('') }}" + indexer_username: "{{ env_dict.INDEXER_USERNAME | default('') }}" + api_username: "{{ env_dict.API_USERNAME | default('') }}" + license: "{{ env_dict.LICENSE | default('') }}" + es_port: "{{ env_dict.ES_PORT | default('') }}" + kibana_port: "{{ env_dict.KIBANA_PORT | default('') }}" + fleet_port: "{{ env_dict.FLEET_PORT | default('') }}" + mem_limit: "{{ env_dict.MEM_LIMIT | default('') }}" + elastic_password: "{{ env_dict.elastic | default('') }}" + wazuh_password: "{{ env_dict.wazuh | default('') }}" + kibana_system_password: "{{ env_dict.kibana_system | default('') }}" + wazuh_api_password: "{{ env_dict.wazuh_api | default('') }}" + + - name: Debug - Display set variables (sensitive information redacted) + debug: + msg: + - "ipvar: {{ ipvar }}" + - "local_kbn_url: {{ local_kbn_url }}" + - "local_es_url: {{ local_es_url }}" + - "elastic_username: {{ elastic_username }}" + - "stack_version: {{ stack_version }}" + - "cluster_name: {{ cluster_name }}" + - "elasticsearch_username: {{ elasticsearch_username }}" + - "kibana_fleet_username: {{ kibana_fleet_username }}" + - "indexer_username: {{ indexer_username }}" + - "api_username: {{ api_username }}" + - "license: {{ license }}" + - "es_port: {{ es_port }}" + - "kibana_port: {{ kibana_port }}" + - "fleet_port: {{ fleet_port }}" + - "mem_limit: {{ mem_limit }}" + - "elastic password is set: {{ elastic_password | length > 0 }}" + - "wazuh password is set: {{ wazuh_password | length > 0 }}" + - "kibana_system password is set: {{ kibana_system_password | length > 0 }}" + - "wazuh_api password is set: {{ wazuh_api_password | length > 0 }}" + when: debug_mode | bool + #SETUP + - name: expand path + set_fact: + clone_directory: "{{clone_directory | expanduser }}" + + - name: fix wazuh password + ansible.builtin.expect: + #source + podman exec + command: "{{ clone_directory }}/scripts/wazuh_rbac.sh" + responses: + ".*'wazuh'.*": + - "{{ wazuh_password }}" + ".*'wazuh-wui'.*": + - "{{ wazuh_api_password }}" + timeout: 30 + become: yes + +- name: Create Read Only User + hosts: localhost + become: yes + gather_facts: no + + vars: + max_retries: 60 + delay_seconds: 10 + debug_mode: false + clone_directory: "{{ clone_dir | default('~/LME') }}" + install_user: "root" + + tasks: + #SETUP + - name: Read lme-environment.env file + ansible.builtin.slurp: + src: /opt/lme/lme-environment.env + register: lme_env_content + + - name: Set environment variables + ansible.builtin.set_fact: + env_dict: "{{ env_dict | default({}) | combine({ item.split('=', 1)[0]: item.split('=', 1)[1] }) }}" + loop: "{{ (lme_env_content['content'] | b64decode).split('\n') }}" + when: item != '' and not item.startswith('#') + + - name: Display set environment variables + debug: + msg: "Set {{ item.key }}" + loop: "{{ env_dict | dict2items }}" + when: item.value | length > 0 and (not debug_mode) + + - name: Source extract_secrets + ansible.builtin.shell: | + set -a + . {{ playbook_dir }}/../scripts/extract_secrets.sh -q + echo "elastic=$elastic" + echo "wazuh=$wazuh" + echo "kibana_system=$kibana_system" + echo "wazuh_api=$wazuh_api" + args: + executable: /bin/bash + register: extract_secrets_vars + no_log: "{{ not debug_mode }}" + + - name: Set secret variables + ansible.builtin.set_fact: + env_dict: "{{ env_dict | combine({ item.split('=', 1)[0]: item.split('=', 1)[1] }) }}" + loop: "{{ extract_secrets_vars.stdout_lines }}" + no_log: "{{ not debug_mode }}" + + - name: Set playbook variables + ansible.builtin.set_fact: + ipvar: "{{ env_dict.IPVAR | default('') }}" + local_kbn_url: "{{ env_dict.LOCAL_KBN_URL | default('') }}" + local_es_url: "{{ env_dict.LOCAL_ES_URL | default('') }}" + stack_version: "{{ env_dict.STACK_VERSION | default('') }}" + cluster_name: "{{ env_dict.CLUSTER_NAME | default('') }}" + elastic_username: "{{ env_dict.ELASTIC_USERNAME | default('') }}" + elasticsearch_username: "{{ env_dict.ELASTICSEARCH_USERNAME | default('') }}" + kibana_fleet_username: "{{ env_dict.KIBANA_FLEET_USERNAME | default('') }}" + indexer_username: "{{ env_dict.INDEXER_USERNAME | default('') }}" + api_username: "{{ env_dict.API_USERNAME | default('') }}" + license: "{{ env_dict.LICENSE | default('') }}" + es_port: "{{ env_dict.ES_PORT | default('') }}" + kibana_port: "{{ env_dict.KIBANA_PORT | default('') }}" + fleet_port: "{{ env_dict.FLEET_PORT | default('') }}" + mem_limit: "{{ env_dict.MEM_LIMIT | default('') }}" + elastic_password: "{{ env_dict.elastic | default('') }}" + wazuh_password: "{{ env_dict.wazuh | default('') }}" + kibana_system_password: "{{ env_dict.kibana_system | default('') }}" + wazuh_api_password: "{{ env_dict.wazuh_api | default('') }}" + + - name: Debug - Display set variables (sensitive information redacted) + debug: + msg: + - "ipvar: {{ ipvar }}" + - "local_kbn_url: {{ local_kbn_url }}" + - "local_es_url: {{ local_es_url }}" + - "elastic_username: {{ elastic_username }}" + - "stack_version: {{ stack_version }}" + - "cluster_name: {{ cluster_name }}" + - "elasticsearch_username: {{ elasticsearch_username }}" + - "kibana_fleet_username: {{ kibana_fleet_username }}" + - "indexer_username: {{ indexer_username }}" + - "api_username: {{ api_username }}" + - "license: {{ license }}" + - "es_port: {{ es_port }}" + - "kibana_port: {{ kibana_port }}" + - "fleet_port: {{ fleet_port }}" + - "mem_limit: {{ mem_limit }}" + - "elastic password is set: {{ elastic_password | length > 0 }}" + - "wazuh password is set: {{ wazuh_password | length > 0 }}" + - "kibana_system password is set: {{ kibana_system_password | length > 0 }}" + - "wazuh_api password is set: {{ wazuh_api_password | length > 0 }}" + when: debug_mode | bool + #SETUP + + - name: Wait for Elasticsearch to be ready + uri: + url: "{{ local_es_url }}" + method: GET + user: "{{ elastic_username }}" + password: "{{ elastic_password }}" + force_basic_auth: yes + validate_certs: no + status_code: 200 + register: result + until: result.status is defined and result.status == 200 + retries: 60 + delay: 10 + ignore_errors: yes + + - name: Check if Elasticsearch is ready + fail: + msg: "Elasticsearch is not ready after 10 minutes. Please check the LME service and Elasticsearch logs." + when: result.status is not defined or result.status != 200 + + #TODO: --cacert "{{ ansible_env.HOME }}/.local/share/containers/storage/volumes/lme_certs/_data/ca/ca.crt" + - name: Create readonly role using curl + shell: > + curl -X POST "{{ local_es_url }}/_security/role/readonly_role" + -u "{{ elastic_username }}:{{ elastic_password }}" + -k + -H "Content-Type: application/json" + -d '{ + "indices": [ + { + "names": ["*"], + "privileges": ["read", "view_index_metadata"] + } + ], + "cluster": ["monitor"], + "applications": [ + { + "application": "kibana-.kibana", + "privileges": ["read"], + "resources": ["*"] + } + ] + }' + args: + warn: false + register: role_creation_result + when: result.status is defined and result.status == 200 + + - name: Display role creation result + debug: + msg: "Role creation output: {{ role_creation_result.stdout | default('Role creation skipped') }}" + + #maybe check for each in the shell script below? + - name: Register a variable, ignore errors and continue + shell: | + source /root/.profile + password=$( + curl -X POST "{{ local_es_url }}/_security/user/readonly_user" + -u "{{ elastic_username }}:{{ elastic_password }}" + -k + -H "Content-Type: application/json" + -d '{ + "password": "{{ read_only_password.stdout }}", + "roles": ["readonly_role"], + "full_name": "Read Only User" + }' + args: + warn: false + register: user_creation_result + when: result.status is defined and result.status == 200 + + - name: Display user creation result + debug: + msg: "User creation output: {{ user_creation_result.stdout | default('User creation skipped') }}" + + - name: DISPLAY NEW READONLY USER PASSWORD + debug: + msg: "LOGIN WITH readonly_user via:\n USER: readonlyuser\nPassword: {{ read_only_password.stdout }}" + diff --git a/config/setup/init-setup.sh b/config/setup/init-setup.sh index 9884d2c3..ef5e9bcd 100644 --- a/config/setup/init-setup.sh +++ b/config/setup/init-setup.sh @@ -5,8 +5,8 @@ if [[ -z "${ELASTIC_PASSWORD:-}" || -z "${KIBANA_PASSWORD:-}" ]]; then echo "ERROR: ELASTIC_PASSWORD and/or KIBANA_PASSWORD are missing." exit 1 fi -echo $ELASTIC_PASSWORD -echo $KIBANA_PASSWORD +#echo $ELASTIC_PASSWORD +#echo $KIBANA_PASSWORD CONFIG_DIR="/usr/share/elasticsearch/config" CERTS_DIR="${CONFIG_DIR}/certs" diff --git a/dashboards/Readme.md b/dashboards/Readme.md new file mode 100644 index 00000000..054932ba --- /dev/null +++ b/dashboards/Readme.md @@ -0,0 +1,62 @@ +# Folder for all the dashboards + +## Wazuh Dashboards: +For more info on these dashboards see wazuh's documentation: [LINK](https://documentation.wazuh.com/current/integrations-guide/elastic-stack/index.html) +This is the dashboard URL: +```bash +https://packages.wazuh.com/integrations/elastic/4.x-8.x/dashboards/wz-es-4.x-8.x-dashboards.ndjson +``` + +## How to update dashboards +Currently you need to run `ansible-playbook post_install_local.yml` to upload the current LME dashboards. + +## Updating to new dashboards and removing old ones (Starting with 1.1.0) +Browse to `Kibana->Stack Management` then select `Saved Objects`. +On the Saved Objects page, you can filter by dashboards. + +Select the filter `Type` and select `dashboard`. + +* It is suggested that you export the dashboards first (readme below) so you have a backup. +You can delete all of the dashboards before importing the new ones. + + +### Exporting dashboards: *TODO test this* +It is recommended that you export your dashboards before updating them, especially if you have customized them or created new ones. +To export the dashboards use the `export_dashboards.py`. +It is easiest to export them from the ubuntu machine where you have installed the ELK stack because the +default port and hostname are in the script. You will need the user and password for elastic that were printed +on your initial install. + +##### The files will be exported to `./exported` + +#### Running on Ubuntu + +``` +./export_dashboards.py -u elastic -p YOURUNIQUEPASS +``` + +The modules should already be installed on Ubuntu, but If the script complains about missing modules: +``` +pip install -r requirements.txt +``` + +#### Running on Windows +You must have python and the modules installed. (You can install python 3 from the Microsoft Store). Then install the requirements: +``` +pip install -r requirements.txt +``` + +You will probably have to pass the host that you connect to for kibana when running on windows. +``` +python .\export_dashboards.py -u elastic -p YOURUNIQUEPASS --host x.x.x.x +``` + +## Customizing dashboards: +When customizing dashboards keep in mind to be sure the name of the file does not conflict with one on git. In future iterations of LME, updates will overwrite any dashboard file that you have customized or named the same as an original file that appears in this directory. + +In addition, any other dashboards you want to save in git and track in this repository can maintained safely (assuming the new files do not overlap in name with any original file in LME) by doing the following: + 1. Creating your own local branch in this LME repo + 2. Commiting any changes + 3. pulling in changes from `main` to your local repo + + diff --git a/dashboards/elastic/User_Security_2.ndjson b/dashboards/elastic/User_Security_2.ndjson new file mode 100644 index 00000000..3bbf5dce --- /dev/null +++ b/dashboards/elastic/User_Security_2.ndjson @@ -0,0 +1,39 @@ +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n| [ Credential Access logs](#/dashboard/403259b0-42ff-11ef-ad69-a315bc8e9abb)\\n| [ Privilege Access logs](#/dashboard/ff4536e0-439c-11ef-bb7f-8131442929d4)\\n| [ Policy Changes & System Activity](#/dashboard/b9590350-4ad6-11ef-b548-fb0fe2537bf7)\\n| [ Identity access Management](#/dashboard/99145260-4618-11ef-af9e-99159f20f35b)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY4MCwzXQ=="} +{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":10},\"source.ip\":{\"count\":3},\"source.port\":{\"count\":3},\"winlog.event_data.IpAddress\":{\"count\":6},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":5},\"winlog.event_data.TargetDomainName\":{\"count\":9},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.event_data.ProcessID\":{\"count\":1},\"process.executable\":{\"count\":2},\"destination.ip\":{\"count\":1},\"destination.port\":{\"count\":1},\"network.transport\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.DestinationIp\":{\"count\":5},\"winlog.event_data.DestinationPort\":{\"count\":1},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.SourceIp\":{\"count\":3},\"winlog.event_data.SourcePort\":{\"count\":3},\"winlog.event_data.SourcePortName\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":1},\"winlog.event_data.SubjectUserName\":{\"count\":2},\"winlog.event_data.TargetUser\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"logs-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"68a051a0-1d7f-11e9-9fc5-a91039822035","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY4MSwzXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}"},"title":"Security - Select User","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Select User\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1587572089136\",\"label\":\"Domain(s)\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\",\"fieldName\":\"winlog.event_data.TargetDomainName\",\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1587713561601\",\"fieldName\":\"winlog.event_data.TargetUserName\",\"parent\":\"\",\"label\":\"Username(s)\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"a64ec020-84b4-11ea-b7fb-01bea49d9239","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_0_index_pattern","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_1_index_pattern","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY4MiwzXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security - Filter Hosts","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security - Filter Hosts\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Event count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host name\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"8b7ff050-8ed4-11ea-904c-391ecaa2f2f4","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY4MywzXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Security - Select Host","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Select Host\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1588685297382\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Host\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"53b65290-8ed4-11ea-904c-391ecaa2f2f4","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_0_index_pattern","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY4NCwzXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Logons Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logons Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Logons\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"d58b0380-8540-11ea-b6c5-5d9149593ce4","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY4NSwzXQ=="} +{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(event.code:4624 OR event.code:4625) and not user.name:*$\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":\"NT AUTHORITY, Window Manager, Font Driver Host\",\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"},"sort":[["@timestamp","desc"]],"title":"Human User Logon Events","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY4NiwzXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Logon attempts","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logon attempts\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Login attempts\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"22170f50-853c-11ea-b6c5-5d9149593ce4","managed":false,"references":[{"id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY4NywzXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Logon events over time","uiStateJSON":"{\"vis\":{\"colors\":{\"Failed attempts\":\"#BF1B00\",\"Successful atempts\":\"#629E51\"}}}","version":1,"visState":"{\"title\":\"Security - Logon events over time\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":1,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm:ss\"}},\"params\":{\"date\":true,\"interval\":\"PT30S\",\"format\":\"HH:mm:ss\",\"bounds\":{\"min\":\"2020-04-23T08:41:59.000Z\",\"max\":\"2020-04-23T08:56:59.000Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":0,\"format\":{},\"params\":{},\"aggType\":\"filters\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"filters\",\"schema\":\"group\",\"params\":{\"filters\":[{\"input\":{\"query\":\"event.code:4625\",\"language\":\"lucene\"},\"label\":\"Failed attempts\"},{\"input\":{\"query\":\"event.code:4624\",\"language\":\"lucene\"},\"label\":\"Successful atempts\"}]}},{\"id\":\"3\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"c0c8b560-84a9-11ea-b7fb-01bea49d9239","managed":false,"references":[{"id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY4OCwzXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"event.code\",\"value\":\"4,624, 4,625\",\"params\":[\"4624\",\"4625\"],\"alias\":null,\"negate\":false,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"event.code\":\"4624\"}},{\"match_phrase\":{\"event.code\":\"4625\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"},"savedSearchRefName":"search_0","title":"Security - Logon hosts pie","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logon hosts pie\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Computers\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Computer\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"489f7350-853d-11ea-b6c5-5d9149593ce4","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY4OSwzXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Logon hosts","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logon hosts\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"host.name\",\"customLabel\":\"Hosts\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"a179afa0-853c-11ea-b6c5-5d9149593ce4","managed":false,"references":[{"id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY5MCwzXQ=="} +{"attributes":{"columns":["event.code","host.name","winlog.event_data.TargetDomainName","winlog.event_data.TargetUserName","winlog.event_data.IpAddress","event.action","event.outcome","winlog.event_data.LogonType"],"description":"","grid":{"columns":{"user.domain":{"width":119},"user.name":{"width":134}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(event.code:4624 OR event.code:4625) and not user.name:*$\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Human Logon & Logoff events","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"2325be20-8616-11ea-a720-c7a0431f179d","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY5MSwzXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Network Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Network Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Network Connections\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"a1229110-860f-11ea-a720-c7a0431f179d","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY5MiwzXQ=="} +{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id : \\\"3\\\" and event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"All network activity ","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"d1a74ce0-8641-11ea-907a-33d103156187","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY5MywzXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Network Activity Line","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Network Activity Line\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Connections\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15y\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"extendToTimeRange\":false,\"scaleMetricValues\":false,\"interval\":\"auto\",\"used_interval\":\"30d\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Connections\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Connections\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm:ss\"}},\"params\":{\"date\":true,\"interval\":\"PT30S\",\"format\":\"HH:mm:ss\",\"bounds\":{\"min\":\"2020-04-24T15:29:10.918Z\",\"max\":\"2020-04-24T15:44:10.918Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\",\"truncateLegend\":true,\"maxLegendLines\":1,\"radiusRatio\":9}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"ec7ad2d0-8641-11ea-907a-33d103156187","managed":false,"references":[{"id":"d1a74ce0-8641-11ea-907a-33d103156187","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY5NCwzXQ=="} +{"attributes":{"columns":["winlog.event_data.DestinationHostname","destination.ip","winlog.event_data.DestinationIsIpv6","network.","process.executable","winlog.event_data.DestinationPort","winlog.event_data.Protocol","winlog.user.name","winlog.user.type","source.ip","winlog.event_data.SourceIsIpv6","source.port","network.protocol"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id:3 AND NOT (destination.ip:\\\"10.0.0.0/8\\\" OR destination.ip:\\\"172.16.0.0/16\\\" OR destination.ip:\\\"192.168.0.0/16\\\" OR destionation.ip:\\\"224.0.0.0/24\\\" OR destination.ip:\\\"169.254.0.0/16\\\" OR destination.ip:\\\"127.0.0.1\\\" OR destination.ip:\\\"fe80::/10\\\" OR destination.ip:\\\"fc00::/7\\\") AND NOT (process.name:iexplore.exe OR process.name:chrome.exe OR process.name:firefox.exe OR process.name:opera.exe) AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_non_browsers_connection","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"a0f75d50-e5e8-11e9-8f1d-73a2ea4cc3ed","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY5NSwzXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Network Process List","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security - Network Process List\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.DestinationIp\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":false,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.TargetUserName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Logged on user\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Computer\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.ProcessId\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":4,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"date\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"percentageCol\":\"\",\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"31a7d490-e677-11e9-8be5-cd86dcca33f3","managed":false,"references":[{"id":"a0f75d50-e5e8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY5NiwzXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Network connections area ","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Network connections area \",\"type\":\"area\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":false,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"group\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.ProcessId\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"group\"}],\"params\":{\"type\":\"area\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"labels\":{},\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\",\"truncateLegend\":true,\"maxLegendLines\":1,\"radiusRatio\":9}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"3fb9dfd0-8887-11ea-99ef-bd4d29afe41e","managed":false,"references":[{"id":"a0f75d50-e5e8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY5NywzXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Overview - Processes with unusual network activity","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Overview - Processes with unusual network activity\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"significant_terms\",\"params\":{\"field\":\"winlog.event_data.ProcessId\",\"size\":10,\"include\":\"\",\"json\":\"\",\"customLabel\":\"Process\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"string\"},\"params\":{},\"label\":\"Process\",\"aggType\":\"significant_terms\"}]},\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"245778d0-8641-11ea-907a-33d103156187","managed":false,"references":[{"id":"a0f75d50-e5e8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY5OCwzXQ=="} +{"attributes":{"columns":["host.name","winlog.event_data.TargetUserName","winlog.event_data.TargetDomainName","winlog.event_data.SourceIp","winlog.event_data.SourcePort","winlog.event_data.DestinationIp","winlog.event_data.DestinationPort","winlog.event_data.ProcessId","winlog.event_data.ProcessName"],"description":"","grid":{"columns":{"winlog.event_data.SubjectDomainName":{"width":216}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id:3 AND NOT (destination.ip:\\\"10.0.0.0/8\\\" OR destination.ip:\\\"172.16.0.0/16\\\" OR destination.ip:\\\"192.168.0.0/16\\\" OR destionation.ip:\\\"224.0.0.0/24\\\" OR destination.ip:\\\"169.254.0.0/16\\\" OR destination.ip:\\\"127.0.0.1\\\" OR destination.ip:\\\"fe80::/10\\\" OR destination.ip:\\\"fc00::/7\\\") and event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"srch_uds_non_private_network","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"027102a0-e69f-11e9-8be5-cd86dcca33f3","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY5OSwzXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Processes Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Processes Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Processes & Powershell\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"813d18f0-8869-11ea-99ef-bd4d29afe41e","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzcwMCwzXQ=="} +{"attributes":{"columns":["host.name","winlog.event_data.TargetDomainName","winlog.event_data.User","winlog.event_data.ProcessId","winlog.event_data.ProcessName","winlog.event_data.Hashes","process.args"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code:\\\"1\\\" AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Process Spawns","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"ca56a030-8899-11ea-99ef-bd4d29afe41e","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzcwMSwzXQ=="} +{"attributes":{"columns":["user.domain","user.name","host.name","process.executable","process.command_line","process.parent.executable","process.parent.command_line","file.path","event.code"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"process.parent.name:\\\"powershell.exe\\\" OR process.name:\\\"powershell.exe\\\" OR winlog.event_data.OriginalFileName:\\\"PowerShell.EXE\\\" OR process.command_line.text:\\\"powershell\\\" OR parent.process.command_line.text:\\\"powershell\\\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_powershell_run","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"2e276480-ec16-11e9-befc-81397a291157","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzcwMiwzXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Powershell Run Count","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Security - Powershell Run Count\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"60553d40-ec18-11e9-befc-81397a291157","managed":false,"references":[{"id":"2e276480-ec16-11e9-befc-81397a291157","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzcwMywzXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Powershell runs over time","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now/w\",\"to\":\"now/w\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":0,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"grid\":{\"categoryLines\":false},\"labels\":{},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#34130C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\"},\"title\":\"Security - Powershell runs over time\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"bc2e06f0-8930-11ea-9bd8-f3fed1ec2140","managed":false,"references":[{"id":"2e276480-ec16-11e9-befc-81397a291157","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzcwNCwzXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Power shell hosts pie","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"host.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addTooltip\":true,\"dimensions\":{\"metric\":{\"accessor\":0,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}},\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Security - Power shell hosts pie\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"2b71e9f0-8931-11ea-9bd8-f3fed1ec2140","managed":false,"references":[{"id":"2e276480-ec16-11e9-befc-81397a291157","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzcwNSwzXQ=="} +{"attributes":{"columns":["user.domain","user.name","host.name","process.executable","process.args","process.parent.executable","process.parent.args"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(process.parent.name:\\\"powershell.exe\\\" OR process.name:\\\"powershell.exe\\\" OR winlog.event_data.OriginalFileName:\\\"PowerShell.EXE\\\") AND process.command_line.text:(\\\"invoke\\\" or \\\"bypass\\\" or \\\"iex\\\" or \\\"ex\\\" or \\\"icm\\\" or \\\"new-object\\\" or \\\"set\\\" or \\\"get\\\" or \\\"write\\\" or \\\"out\\\" or \\\"download\\\" or \\\"encoded\\\")\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"Potentially Suspicious Powershell","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"ff5a53b0-ebf7-11e9-befc-81397a291157","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzcwNiwzXQ=="} +{"attributes":{"columns":["user.domain","user.name","host.name","destination.domain","destination.ip"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id:3 AND (process.parent.name:\\\"powershell.exe\\\" OR process.name:\\\"powershell.exe\\\" OR winlog.event_data.OriginalFileName:\\\"PowerShell.EXE\\\") AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_uds_powershell_network","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"c97a71f0-8952-11ea-9bd8-f3fed1ec2140","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzcwNywzXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Files title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Files title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Files\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"404f6e60-895e-11ea-9bd8-f3fed1ec2140","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzcwOCwzXQ=="} +{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"file.path.text: \\\"tmp\\\" OR file.path.text:\\\"temp\\\"\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"exists\",\"key\":\"file.path\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"exists\":{\"field\":\"file.path\"},\"$state\":{\"store\":\"appState\"}}]}"},"sort":[["@timestamp","desc"]],"title":"TEMP & %TEMP%","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"fbbf01c0-e697-11e9-8be5-cd86dcca33f3","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzcwOSwzXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"TEMP & %TEMP%","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Target File\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":30,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hostname\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"TEMP & %TEMP%\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"1a0c4520-e698-11e9-8be5-cd86dcca33f3","managed":false,"references":[{"id":"fbbf01c0-e697-11e9-8be5-cd86dcca33f3","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzcxMCwzXQ=="} +{"attributes":{"columns":["@timestamp","user.domain","user.name","host.name","process.executable","winlog.event_data.ProcessId"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id: \\\"9\\\" AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"Raw Access Events","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"6b97d600-8960-11ea-9bd8-f3fed1ec2140","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzcxMSwzXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Windows Defender Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Windows Defender Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Windows Defender\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"ebbab910-8960-11ea-9bd8-f3fed1ec2140","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzcxMiwzXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"winlog.event_id:(1006 or 1007 or 1008 or 1009 or 1116 or 1117 or 1118 or 1119)\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security - AV Events Count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - AV Events Count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Windows AV Events\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"4d08ec30-e5c1-11e9-ac01-d5832a8a14d8","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzcxMywzXQ=="} +{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"winlog.event_id\",\"value\":\"1,006, 1,007, 1,008, 1,009, 1,116, 1,117, 1,118, 1,119\",\"params\":[\"1006\",\"1007\",\"1008\",\"1009\",\"1116\",\"1117\",\"1118\",\"1119\"],\"negate\":false,\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"winlog.event_id\":\"1006\"}},{\"match_phrase\":{\"winlog.event_id\":\"1007\"}},{\"match_phrase\":{\"winlog.event_id\":\"1008\"}},{\"match_phrase\":{\"winlog.event_id\":\"1009\"}},{\"match_phrase\":{\"winlog.event_id\":\"1116\"}},{\"match_phrase\":{\"winlog.event_id\":\"1117\"}},{\"match_phrase\":{\"winlog.event_id\":\"1118\"}},{\"match_phrase\":{\"winlog.event_id\":\"1119\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"AV Detection event","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"3c3bc850-7bc7-11e9-b45c-ad49d0e60b5a","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzcxNCwzXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"AV Hits (Count)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"AV Hits (Count)\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"AV Detection hits\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"45277cd0-7bdf-11e9-b45c-ad49d0e60b5a","managed":false,"references":[{"id":"3c3bc850-7bc7-11e9-b45c-ad49d0e60b5a","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzcxNSwzXQ=="} +{"attributes":{"columns":["winlog.event_data.Detection User","host.name","winlog.event_data.Path","winlog.event_data.FWLink"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id: 1116\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[{\"meta\":{\"negate\":false,\"type\":\"phrase\",\"key\":\"event.provider\",\"params\":{\"query\":\"Microsoft-Windows-Windows Defender\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.provider\":{\"query\":\"Microsoft-Windows-Windows Defender\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"},"sort":[["@timestamp","desc"]],"title":"Defender AV Detections","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"854e4470-8966-11ea-9bd8-f3fed1ec2140","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzcxNiwzXQ=="} +{"attributes":{"description":"User Security overview, filtered by Domain / Username or hostname","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"f755ac59-6f3f-4dcb-ae0c-758507dd83f3\"},\"panelIndex\":\"f755ac59-6f3f-4dcb-ae0c-758507dd83f3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f755ac59-6f3f-4dcb-ae0c-758507dd83f3\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":23,\"h\":7,\"i\":\"064b662c-7a7a-4a68-9f89-6677770cf040\"},\"panelIndex\":\"064b662c-7a7a-4a68-9f89-6677770cf040\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Search users\",\"panelRefName\":\"panel_064b662c-7a7a-4a68-9f89-6677770cf040\"},{\"type\":\"visualization\",\"gridData\":{\"x\":23,\"y\":3,\"w\":25,\"h\":7,\"i\":\"4104303d-2849-4c78-85d0-1fa9f49f4b80\"},\"panelIndex\":\"4104303d-2849-4c78-85d0-1fa9f49f4b80\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Filter hosts\",\"panelRefName\":\"panel_4104303d-2849-4c78-85d0-1fa9f49f4b80\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":10,\"w\":23,\"h\":7,\"i\":\"0195638d-458a-4ff6-ad4d-a991c7a7e882\"},\"panelIndex\":\"0195638d-458a-4ff6-ad4d-a991c7a7e882\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Search hosts\",\"panelRefName\":\"panel_0195638d-458a-4ff6-ad4d-a991c7a7e882\"},{\"type\":\"lens\",\"gridData\":{\"x\":23,\"y\":10,\"w\":25,\"h\":7,\"i\":\"3593d5e7-318e-48a0-9b9d-73ba207f18f8\"},\"panelIndex\":\"3593d5e7-318e-48a0-9b9d-73ba207f18f8\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"id\":\"68a051a0-1d7f-11e9-9fc5-a91039822035\",\"name\":\"indexpattern-datasource-layer-d123adeb-fd39-4176-b3c9-69c88d2852d5\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"6f33ff19-9959-4c43-b791-939582a0b3d2\",\"isTransposed\":false},{\"columnId\":\"26752485-2aa5-4908-b400-504d6e7ef451\",\"isTransposed\":false}],\"layerId\":\"d123adeb-fd39-4176-b3c9-69c88d2852d5\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"d123adeb-fd39-4176-b3c9-69c88d2852d5\":{\"columns\":{\"6f33ff19-9959-4c43-b791-939582a0b3d2\":{\"label\":\"Event Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"26752485-2aa5-4908-b400-504d6e7ef451\":{\"label\":\"winlog.event_data.TargetUserName\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.TargetUserName\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6f33ff19-9959-4c43-b791-939582a0b3d2\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"26752485-2aa5-4908-b400-504d6e7ef451\",\"6f33ff19-9959-4c43-b791-939582a0b3d2\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Filter users\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":17,\"w\":48,\"h\":4,\"i\":\"387d6ff2-16e6-4efb-959e-c31b718f481f\"},\"panelIndex\":\"387d6ff2-16e6-4efb-959e-c31b718f481f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_387d6ff2-16e6-4efb-959e-c31b718f481f\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":21,\"w\":9,\"h\":7,\"i\":\"0c2033ce-4b41-46d4-9360-df760fef6fcc\"},\"panelIndex\":\"0c2033ce-4b41-46d4-9360-df760fef6fcc\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0c2033ce-4b41-46d4-9360-df760fef6fcc\"},{\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":21,\"w\":20,\"h\":14,\"i\":\"08b30cb5-bf80-4ca4-82f7-04a3adaf6a91\"},\"panelIndex\":\"08b30cb5-bf80-4ca4-82f7-04a3adaf6a91\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Logon attempts\",\"panelRefName\":\"panel_08b30cb5-bf80-4ca4-82f7-04a3adaf6a91\"},{\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":21,\"w\":19,\"h\":14,\"i\":\"f4085a94-9a0b-436d-8351-0d3835018b74\"},\"panelIndex\":\"f4085a94-9a0b-436d-8351-0d3835018b74\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Logged on computers\",\"panelRefName\":\"panel_f4085a94-9a0b-436d-8351-0d3835018b74\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":28,\"w\":9,\"h\":7,\"i\":\"1dde117a-b1ce-4c92-ae25-1f5ec64a8033\"},\"panelIndex\":\"1dde117a-b1ce-4c92-ae25-1f5ec64a8033\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1dde117a-b1ce-4c92-ae25-1f5ec64a8033\"},{\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":35,\"w\":48,\"h\":17,\"i\":\"d1b7aa24-820d-4c80-8e0a-e5af2df3e656\"},\"panelIndex\":\"d1b7aa24-820d-4c80-8e0a-e5af2df3e656\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"User Logon & Logoff Events\",\"panelRefName\":\"panel_d1b7aa24-820d-4c80-8e0a-e5af2df3e656\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":52,\"w\":48,\"h\":4,\"i\":\"f04dffb7-7c21-4a21-b3be-72e290369616\"},\"panelIndex\":\"f04dffb7-7c21-4a21-b3be-72e290369616\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f04dffb7-7c21-4a21-b3be-72e290369616\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":56,\"w\":48,\"h\":14,\"i\":\"1e09c80a-b1f8-4c23-a669-07dea699f6c7\"},\"panelIndex\":\"1e09c80a-b1f8-4c23-a669-07dea699f6c7\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"All network connections\",\"panelRefName\":\"panel_1e09c80a-b1f8-4c23-a669-07dea699f6c7\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":70,\"w\":24,\"h\":15,\"i\":\"790db76b-0f52-47b6-bbe8-8ca8611dcee1\"},\"panelIndex\":\"790db76b-0f52-47b6-bbe8-8ca8611dcee1\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"title\":\"Network connections from non-browser processes\",\"panelRefName\":\"panel_790db76b-0f52-47b6-bbe8-8ca8611dcee1\"},{\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":70,\"w\":24,\"h\":15,\"i\":\"7e9aade7-496b-49a9-8e35-df93fcafb8d8\"},\"panelIndex\":\"7e9aade7-496b-49a9-8e35-df93fcafb8d8\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Network connection by protocol\",\"panelRefName\":\"panel_7e9aade7-496b-49a9-8e35-df93fcafb8d8\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":85,\"w\":48,\"h\":15,\"i\":\"3ea3bab7-f3de-44e2-b656-ea91f798bfa3\"},\"panelIndex\":\"3ea3bab7-f3de-44e2-b656-ea91f798bfa3\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Unusual network connections from non-browser processes\",\"panelRefName\":\"panel_3ea3bab7-f3de-44e2-b656-ea91f798bfa3\"},{\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":100,\"w\":48,\"h\":10,\"i\":\"cecdc65a-4681-48ce-a897-e7e502d53c51\"},\"panelIndex\":\"cecdc65a-4681-48ce-a897-e7e502d53c51\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Network Connection Events (Sysmon ID 3)\",\"panelRefName\":\"panel_cecdc65a-4681-48ce-a897-e7e502d53c51\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":110,\"w\":48,\"h\":4,\"i\":\"f13a86c6-fb30-4594-bd8e-a6599de3b105\"},\"panelIndex\":\"f13a86c6-fb30-4594-bd8e-a6599de3b105\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f13a86c6-fb30-4594-bd8e-a6599de3b105\"},{\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":114,\"w\":48,\"h\":14,\"i\":\"62305f6a-aea7-4392-bc0f-1b39401608af\"},\"panelIndex\":\"62305f6a-aea7-4392-bc0f-1b39401608af\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Spawned Processes\",\"panelRefName\":\"panel_62305f6a-aea7-4392-bc0f-1b39401608af\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":128,\"w\":10,\"h\":15,\"i\":\"c9f7b834-936e-41ab-899f-0acd5acc8ce1\"},\"panelIndex\":\"c9f7b834-936e-41ab-899f-0acd5acc8ce1\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell Events\",\"panelRefName\":\"panel_c9f7b834-936e-41ab-899f-0acd5acc8ce1\"},{\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":128,\"w\":20,\"h\":15,\"i\":\"df23eba1-9d1e-4776-9427-45cc96c3d74c\"},\"panelIndex\":\"df23eba1-9d1e-4776-9427-45cc96c3d74c\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell events over time\",\"panelRefName\":\"panel_df23eba1-9d1e-4776-9427-45cc96c3d74c\"},{\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":128,\"w\":18,\"h\":15,\"i\":\"f04ccc93-e9e6-4de1-aa00-cc20fd3c510e\"},\"panelIndex\":\"f04ccc93-e9e6-4de1-aa00-cc20fd3c510e\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell events by computer\",\"panelRefName\":\"panel_f04ccc93-e9e6-4de1-aa00-cc20fd3c510e\"},{\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":143,\"w\":25,\"h\":16,\"i\":\"d630d92b-3dc6-47a1-b463-06dc87153147\"},\"panelIndex\":\"d630d92b-3dc6-47a1-b463-06dc87153147\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Potentially suspicious powershell\",\"panelRefName\":\"panel_d630d92b-3dc6-47a1-b463-06dc87153147\"},{\"type\":\"search\",\"gridData\":{\"x\":25,\"y\":143,\"w\":23,\"h\":16,\"i\":\"5ffe76a2-586e-4f12-bfad-9715292678e4\"},\"panelIndex\":\"5ffe76a2-586e-4f12-bfad-9715292678e4\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell network connections\",\"panelRefName\":\"panel_5ffe76a2-586e-4f12-bfad-9715292678e4\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":159,\"w\":48,\"h\":4,\"i\":\"106ce826-a753-43a2-b8f3-7a28b0d71b3f\"},\"panelIndex\":\"106ce826-a753-43a2-b8f3-7a28b0d71b3f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_106ce826-a753-43a2-b8f3-7a28b0d71b3f\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":163,\"w\":24,\"h\":15,\"i\":\"f53fdf2f-baed-47bf-bd90-31bbbf4d910e\"},\"panelIndex\":\"f53fdf2f-baed-47bf-bd90-31bbbf4d910e\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"References to temporary files\",\"panelRefName\":\"panel_f53fdf2f-baed-47bf-bd90-31bbbf4d910e\"},{\"type\":\"search\",\"gridData\":{\"x\":24,\"y\":163,\"w\":24,\"h\":15,\"i\":\"26910234-8a4e-4797-92c6-f671974c3d35\"},\"panelIndex\":\"26910234-8a4e-4797-92c6-f671974c3d35\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"RawAccessRead (Sysmon Event 9)\",\"panelRefName\":\"panel_26910234-8a4e-4797-92c6-f671974c3d35\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":178,\"w\":48,\"h\":4,\"i\":\"773e7777-35f0-42c8-ae3a-16fc9194d154\"},\"panelIndex\":\"773e7777-35f0-42c8-ae3a-16fc9194d154\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_773e7777-35f0-42c8-ae3a-16fc9194d154\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":182,\"w\":12,\"h\":14,\"i\":\"8ea5e414-49b6-434a-9833-02ca36d879c4\"},\"panelIndex\":\"8ea5e414-49b6-434a-9833-02ca36d879c4\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Defender event count\",\"panelRefName\":\"panel_8ea5e414-49b6-434a-9833-02ca36d879c4\"},{\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":182,\"w\":12,\"h\":14,\"i\":\"fe6db4cf-96dc-4798-add6-dd01080f4e39\"},\"panelIndex\":\"fe6db4cf-96dc-4798-add6-dd01080f4e39\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_fe6db4cf-96dc-4798-add6-dd01080f4e39\"},{\"type\":\"search\",\"gridData\":{\"x\":24,\"y\":182,\"w\":24,\"h\":14,\"i\":\"230a9f9f-3a92-4d27-88d3-b6f6622cdffb\"},\"panelIndex\":\"230a9f9f-3a92-4d27-88d3-b6f6622cdffb\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"AV Detections (Event 1116)\",\"panelRefName\":\"panel_230a9f9f-3a92-4d27-88d3-b6f6622cdffb\"}]","timeRestore":false,"title":"User Security 2.0","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T22:18:43.029Z","id":"fd349c99-a0c6-4578-8133-92a10848b68d","managed":false,"references":[{"id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","name":"f755ac59-6f3f-4dcb-ae0c-758507dd83f3:panel_f755ac59-6f3f-4dcb-ae0c-758507dd83f3","type":"visualization"},{"id":"a64ec020-84b4-11ea-b7fb-01bea49d9239","name":"064b662c-7a7a-4a68-9f89-6677770cf040:panel_064b662c-7a7a-4a68-9f89-6677770cf040","type":"visualization"},{"id":"8b7ff050-8ed4-11ea-904c-391ecaa2f2f4","name":"4104303d-2849-4c78-85d0-1fa9f49f4b80:panel_4104303d-2849-4c78-85d0-1fa9f49f4b80","type":"visualization"},{"id":"53b65290-8ed4-11ea-904c-391ecaa2f2f4","name":"0195638d-458a-4ff6-ad4d-a991c7a7e882:panel_0195638d-458a-4ff6-ad4d-a991c7a7e882","type":"visualization"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"3593d5e7-318e-48a0-9b9d-73ba207f18f8:indexpattern-datasource-layer-d123adeb-fd39-4176-b3c9-69c88d2852d5","type":"index-pattern"},{"id":"d58b0380-8540-11ea-b6c5-5d9149593ce4","name":"387d6ff2-16e6-4efb-959e-c31b718f481f:panel_387d6ff2-16e6-4efb-959e-c31b718f481f","type":"visualization"},{"id":"22170f50-853c-11ea-b6c5-5d9149593ce4","name":"0c2033ce-4b41-46d4-9360-df760fef6fcc:panel_0c2033ce-4b41-46d4-9360-df760fef6fcc","type":"visualization"},{"id":"c0c8b560-84a9-11ea-b7fb-01bea49d9239","name":"08b30cb5-bf80-4ca4-82f7-04a3adaf6a91:panel_08b30cb5-bf80-4ca4-82f7-04a3adaf6a91","type":"visualization"},{"id":"489f7350-853d-11ea-b6c5-5d9149593ce4","name":"f4085a94-9a0b-436d-8351-0d3835018b74:panel_f4085a94-9a0b-436d-8351-0d3835018b74","type":"visualization"},{"id":"a179afa0-853c-11ea-b6c5-5d9149593ce4","name":"1dde117a-b1ce-4c92-ae25-1f5ec64a8033:panel_1dde117a-b1ce-4c92-ae25-1f5ec64a8033","type":"visualization"},{"id":"2325be20-8616-11ea-a720-c7a0431f179d","name":"d1b7aa24-820d-4c80-8e0a-e5af2df3e656:panel_d1b7aa24-820d-4c80-8e0a-e5af2df3e656","type":"search"},{"id":"a1229110-860f-11ea-a720-c7a0431f179d","name":"f04dffb7-7c21-4a21-b3be-72e290369616:panel_f04dffb7-7c21-4a21-b3be-72e290369616","type":"visualization"},{"id":"ec7ad2d0-8641-11ea-907a-33d103156187","name":"1e09c80a-b1f8-4c23-a669-07dea699f6c7:panel_1e09c80a-b1f8-4c23-a669-07dea699f6c7","type":"visualization"},{"id":"31a7d490-e677-11e9-8be5-cd86dcca33f3","name":"790db76b-0f52-47b6-bbe8-8ca8611dcee1:panel_790db76b-0f52-47b6-bbe8-8ca8611dcee1","type":"visualization"},{"id":"3fb9dfd0-8887-11ea-99ef-bd4d29afe41e","name":"7e9aade7-496b-49a9-8e35-df93fcafb8d8:panel_7e9aade7-496b-49a9-8e35-df93fcafb8d8","type":"visualization"},{"id":"245778d0-8641-11ea-907a-33d103156187","name":"3ea3bab7-f3de-44e2-b656-ea91f798bfa3:panel_3ea3bab7-f3de-44e2-b656-ea91f798bfa3","type":"visualization"},{"id":"027102a0-e69f-11e9-8be5-cd86dcca33f3","name":"cecdc65a-4681-48ce-a897-e7e502d53c51:panel_cecdc65a-4681-48ce-a897-e7e502d53c51","type":"search"},{"id":"813d18f0-8869-11ea-99ef-bd4d29afe41e","name":"f13a86c6-fb30-4594-bd8e-a6599de3b105:panel_f13a86c6-fb30-4594-bd8e-a6599de3b105","type":"visualization"},{"id":"ca56a030-8899-11ea-99ef-bd4d29afe41e","name":"62305f6a-aea7-4392-bc0f-1b39401608af:panel_62305f6a-aea7-4392-bc0f-1b39401608af","type":"search"},{"id":"60553d40-ec18-11e9-befc-81397a291157","name":"c9f7b834-936e-41ab-899f-0acd5acc8ce1:panel_c9f7b834-936e-41ab-899f-0acd5acc8ce1","type":"visualization"},{"id":"bc2e06f0-8930-11ea-9bd8-f3fed1ec2140","name":"df23eba1-9d1e-4776-9427-45cc96c3d74c:panel_df23eba1-9d1e-4776-9427-45cc96c3d74c","type":"visualization"},{"id":"2b71e9f0-8931-11ea-9bd8-f3fed1ec2140","name":"f04ccc93-e9e6-4de1-aa00-cc20fd3c510e:panel_f04ccc93-e9e6-4de1-aa00-cc20fd3c510e","type":"visualization"},{"id":"ff5a53b0-ebf7-11e9-befc-81397a291157","name":"d630d92b-3dc6-47a1-b463-06dc87153147:panel_d630d92b-3dc6-47a1-b463-06dc87153147","type":"search"},{"id":"c97a71f0-8952-11ea-9bd8-f3fed1ec2140","name":"5ffe76a2-586e-4f12-bfad-9715292678e4:panel_5ffe76a2-586e-4f12-bfad-9715292678e4","type":"search"},{"id":"404f6e60-895e-11ea-9bd8-f3fed1ec2140","name":"106ce826-a753-43a2-b8f3-7a28b0d71b3f:panel_106ce826-a753-43a2-b8f3-7a28b0d71b3f","type":"visualization"},{"id":"1a0c4520-e698-11e9-8be5-cd86dcca33f3","name":"f53fdf2f-baed-47bf-bd90-31bbbf4d910e:panel_f53fdf2f-baed-47bf-bd90-31bbbf4d910e","type":"visualization"},{"id":"6b97d600-8960-11ea-9bd8-f3fed1ec2140","name":"26910234-8a4e-4797-92c6-f671974c3d35:panel_26910234-8a4e-4797-92c6-f671974c3d35","type":"search"},{"id":"ebbab910-8960-11ea-9bd8-f3fed1ec2140","name":"773e7777-35f0-42c8-ae3a-16fc9194d154:panel_773e7777-35f0-42c8-ae3a-16fc9194d154","type":"visualization"},{"id":"4d08ec30-e5c1-11e9-ac01-d5832a8a14d8","name":"8ea5e414-49b6-434a-9833-02ca36d879c4:panel_8ea5e414-49b6-434a-9833-02ca36d879c4","type":"visualization"},{"id":"45277cd0-7bdf-11e9-b45c-ad49d0e60b5a","name":"fe6db4cf-96dc-4798-add6-dd01080f4e39:panel_fe6db4cf-96dc-4798-add6-dd01080f4e39","type":"visualization"},{"id":"854e4470-8966-11ea-9bd8-f3fed1ec2140","name":"230a9f9f-3a92-4d27-88d3-b6f6622cdffb:panel_230a9f9f-3a92-4d27-88d3-b6f6622cdffb","type":"search"}],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-10-11T22:18:43.029Z","version":"Wzk5NSw0XQ=="} +{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":38,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file diff --git a/dashboards/export_dashboards.py b/dashboards/export_dashboards.py new file mode 100755 index 00000000..0c98119f --- /dev/null +++ b/dashboards/export_dashboards.py @@ -0,0 +1,171 @@ +#!/usr/bin/env python3 +import argparse +import base64 +import json +import os +import re +import requests +from pathlib import Path +from urllib3.exceptions import InsecureRequestWarning + +# Suppress the InsecureRequestWarning (We are using a self-signed cert) +requests.packages.urllib3.disable_warnings(InsecureRequestWarning) + +ALL = 'all' + + +class Api: + def __init__(self, args): + self.ids = None + self.basic_auth = self.get_basic_auth(args.user, args.password) + self.root_url = f'https://{args.host}:{args.port}' + + def export_dashboards(self): + self.set_ids() + self.export_selected_dashboard(self.select_dashboard()) + + @staticmethod + def get_basic_auth(username, password): + return base64.b64encode(f"{username}:{password}".encode()).decode() + + def get_ids(self): + url = f'{self.root_url}/api/kibana/management/saved_objects/_find?perPage=500&page=1&type=dashboard&sortField=updated_at&sortOrder=desc' + + try: + response = requests.get(url, headers={'Authorization': f'Basic {self.basic_auth}'}, verify=False) + + if response.status_code == 200: + data = response.json() + #ids = {item['id']: item['meta']['title'] for item in data.get('saved_objects', [])} + #return ids + ids = { + item['id']: item['meta']['title'] + for item in data.get('saved_objects', []) + if '[' not in item['meta']['title'] and ']' not in item['meta']['title'] + } + return ids + else: + print(f"HTTP request failed with status code: {response.status_code}") + print(response.text) + return {} + except Exception as e: + print(f"An error occurred: {str(e)}") + return {} + + def set_ids(self, ids=None): + if ids is None: + ids = self.get_ids() + self.ids = ids + + def select_dashboard(self): + print("Please select a dashboard ID:") + item = 1 + choices = {} + + # Iterate through ids and display them with corresponding numbers + for this_id, title in self.ids.items(): + print(item, this_id, title) + choices[item] = this_id + item += 1 + + if item == 1: + print("I could not find any dashboards") + return + + choices[item] = ALL + print(item, "Select all dashboards") + + # Ask the user to select a number + while True: + try: + choice = int(input("Select a number: ")) + if choice in choices: + selected_id = choices[choice] + if selected_id == ALL: + return ALL # Return 'all' if the user selects all dashboards + else: + return selected_id # Return the selected dashboard ID + else: + print("Invalid choice. Please select a valid number.") + except ValueError: + print("Invalid input. Please enter a number.") + + def export_selected_dashboard(self, selected_dashboard): + if selected_dashboard == ALL: + print("You selected to export all dashboards") + self.dump_all_dashboards() + else: + print(f"You selected dashboard ID: {selected_dashboard}") + self.dump_dashboard(selected_dashboard) + + def dump_dashboard(self, selected_id): + print(f"Dumping dashboard: {selected_id}: {self.ids[selected_id]}...") + # Dumping dashboard: e5f203f0-6182-11ee-b035-d5f231e90733: User Security + + dashboard_json = self.get_dashboard_json(selected_id) + + if dashboard_json is not None: + script_dir = os.path.dirname(os.path.abspath(__file__)) + export_path = Path(script_dir) / 'exported' + os.makedirs(export_path, exist_ok=True) + + filename = re.sub(r"\W+", "_", self.ids[selected_id].lower()) + ".dumped.ndjson" + + print(f"Writing to file {filename}") + export_path = export_path / filename + + Api.write_to_file(export_path, dashboard_json) + return + + print("There was a problem dumping the dashboard") + + def dump_all_dashboards(self): + for this_id in self.ids: + self.dump_dashboard(this_id) + + def get_dashboard_json(self, selected_id): + url = f'{self.root_url}/api/saved_objects/_export' + data = { + "objects": [{"id": selected_id, "type": "dashboard"}], + "includeReferencesDeep": True + } + headers = { + "kbn-xsrf": "true", + 'Authorization': f'Basic {self.basic_auth}' + } + try: + response = requests.post(url, headers=headers, json=data, verify=False) + + if response.status_code == 200: + return response.text + else: + print(f"HTTP request failed with status code: {response.status_code}") + print(response.text) + return None + + except Exception as e: + print(f"An error occurred: {str(e)}") + return None + + @staticmethod + def write_to_file(filename, content): + with open(filename, 'wb') as file: + file.write(content.encode('utf-8')) + + +def main(): + # Define command-line arguments with defaults + parser = argparse.ArgumentParser(description='Retrieve IDs from Elasticsearch') + parser.add_argument('-u', '--user', required=True, help='Elasticsearch username') + parser.add_argument('-p', '--password', required=True, help='Elasticsearch password') + parser.add_argument('--host', default='localhost', help='Elasticsearch host (default: localhost)') + parser.add_argument('--port', default='443', help='Elasticsearch port (default: 443)') + args = parser.parse_args() + + api = Api(args) + + api.export_dashboards() + + +if __name__ == '__main__': + main() diff --git a/dashboards/requirements.txt b/dashboards/requirements.txt new file mode 100644 index 00000000..345bc273 --- /dev/null +++ b/dashboards/requirements.txt @@ -0,0 +1,2 @@ +requests +urllib3 \ No newline at end of file diff --git a/dashboards/wazuh/wz-es-4.x-8.x-dashboards.ndjson b/dashboards/wazuh/wz-es-4.x-8.x-dashboards.ndjson new file mode 100644 index 00000000..a02f7704 --- /dev/null +++ b/dashboards/wazuh/wz-es-4.x-8.x-dashboards.ndjson @@ -0,0 +1,9 @@ +{"attributes":{"fieldAttrs":"{}","fieldFormatMap":"{}","fields":"[]","name":"wazuh-alerts-4.x-*","runtimeFieldMap":"{}","sourceFilters":"[]","timeFieldName":"timestamp","title":"wazuh-alerts-4.x-*","typeMeta":"{}"},"coreMigrationVersion":"8.6.2","created_at":"2023-04-24T17:17:45.191Z","id":"f410770f-a2da-47db-8a47-20b2ddbdcf5e","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"type":"index-pattern","updated_at":"2023-04-24T17:17:45.191Z","version":"WzI1MSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":7,\"y\":0,\"w\":8,\"h\":5,\"i\":\"9931cceb-51f1-4e47-bd26-491e7a624592\"},\"panelIndex\":\"9931cceb-51f1-4e47-bd26-491e7a624592\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"id\":\"f410770f-a2da-47db-8a47-20b2ddbdcf5e\",\"name\":\"indexpattern-datasource-layer-1dc5f9b1-9f0c-458b-98e6-e92708af5b9d\",\"type\":\"index-pattern\"},{\"id\":\"f410770f-a2da-47db-8a47-20b2ddbdcf5e\",\"name\":\"b9624937-542e-4ac9-9f09-ae532ade3311\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"1dc5f9b1-9f0c-458b-98e6-e92708af5b9d\",\"accessor\":\"df19010a-26e5-446d-9d74-56fe2495e38b\",\"layerType\":\"data\",\"textAlign\":\"center\",\"size\":\"xxl\",\"colorMode\":\"Labels\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":3,\"name\":\"custom\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#db5871\",\"stop\":2}],\"colorStops\":[{\"color\":\"#db5871\",\"stop\":null}],\"continuity\":\"all\",\"maxSteps\":5}}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"index\":\"b9624937-542e-4ac9-9f09-ae532ade3311\",\"type\":\"exists\",\"key\":\"data.vulnerability.severity\",\"value\":\"exists\",\"disabled\":false,\"negate\":false,\"alias\":null},\"query\":{\"exists\":{\"field\":\"data.vulnerability.severity\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"1dc5f9b1-9f0c-458b-98e6-e92708af5b9d\":{\"columns\":{\"df19010a-26e5-446d-9d74-56fe2495e38b\":{\"label\":\"Critical Severity Alerts\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"data.vulnerability.severity\",\"isBucketed\":false,\"filter\":{\"query\":\"data.vulnerability.severity : \\\"Critical\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"df19010a-26e5-446d-9d74-56fe2495e38b\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":15,\"y\":0,\"w\":8,\"h\":5,\"i\":\"a0b05cdd-c4b5-46b0-af2e-32253bd965e6\"},\"panelIndex\":\"a0b05cdd-c4b5-46b0-af2e-32253bd965e6\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"id\":\"f410770f-a2da-47db-8a47-20b2ddbdcf5e\",\"name\":\"indexpattern-datasource-layer-fd6049b6-e52c-449e-9775-ded5ac1eac15\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"fd6049b6-e52c-449e-9775-ded5ac1eac15\",\"accessor\":\"2ce8bbeb-74d7-4e28-b616-6edd33c1f981\",\"layerType\":\"data\",\"textAlign\":\"center\",\"size\":\"xxl\",\"colorMode\":\"Labels\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":3,\"name\":\"custom\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#0c5da3\",\"stop\":2}],\"colorStops\":[{\"color\":\"#0c5da3\",\"stop\":null}],\"continuity\":\"all\",\"maxSteps\":5}}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"fd6049b6-e52c-449e-9775-ded5ac1eac15\":{\"columns\":{\"2ce8bbeb-74d7-4e28-b616-6edd33c1f981\":{\"label\":\"Hight Severity Alerts\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"data.vulnerability.severity\",\"isBucketed\":false,\"filter\":{\"query\":\"data.vulnerability.severity : \\\"High\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"2ce8bbeb-74d7-4e28-b616-6edd33c1f981\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":23,\"y\":0,\"w\":9,\"h\":5,\"i\":\"b22f2aba-370b-40f2-8f30-c7175fd21d84\"},\"panelIndex\":\"b22f2aba-370b-40f2-8f30-c7175fd21d84\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"id\":\"f410770f-a2da-47db-8a47-20b2ddbdcf5e\",\"name\":\"indexpattern-datasource-layer-a8774fa0-5ae6-4746-94bd-cd21a0210641\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"a8774fa0-5ae6-4746-94bd-cd21a0210641\",\"accessor\":\"b7764bb5-540b-4183-a8c5-e9e856e48949\",\"layerType\":\"data\",\"colorMode\":\"Labels\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":3,\"name\":\"custom\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#007d73\",\"stop\":2}],\"colorStops\":[{\"color\":\"#007d73\",\"stop\":null}],\"continuity\":\"all\",\"maxSteps\":5}},\"textAlign\":\"center\",\"size\":\"xxl\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"a8774fa0-5ae6-4746-94bd-cd21a0210641\":{\"columns\":{\"b7764bb5-540b-4183-a8c5-e9e856e48949\":{\"label\":\"Medium Severity Alerts\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"data.vulnerability.severity\",\"isBucketed\":false,\"filter\":{\"query\":\"data.vulnerability.severity : \\\"Medium\\\" \",\"language\":\"kuery\"},\"reducedTimeRange\":\"\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"b7764bb5-540b-4183-a8c5-e9e856e48949\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":0,\"w\":9,\"h\":5,\"i\":\"dad9436c-6a56-47cc-a52a-065c86d64c7f\"},\"panelIndex\":\"dad9436c-6a56-47cc-a52a-065c86d64c7f\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"id\":\"f410770f-a2da-47db-8a47-20b2ddbdcf5e\",\"name\":\"indexpattern-datasource-layer-a397e361-0b6a-4d18-b957-2afce890f6c3\",\"type\":\"index-pattern\"},{\"id\":\"f410770f-a2da-47db-8a47-20b2ddbdcf5e\",\"name\":\"a532bc3a-2caf-4353-9a37-17d4fb373b0d\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"a397e361-0b6a-4d18-b957-2afce890f6c3\",\"accessor\":\"c0f27509-4ce0-4eca-94c5-e1eddfc176e9\",\"layerType\":\"data\",\"colorMode\":\"Labels\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":3,\"name\":\"custom\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#222222\",\"stop\":2}],\"colorStops\":[{\"color\":\"#222222\",\"stop\":null}],\"continuity\":\"all\",\"maxSteps\":5}},\"textAlign\":\"center\",\"size\":\"xxl\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"index\":\"a532bc3a-2caf-4353-9a37-17d4fb373b0d\",\"alias\":\"data.vulnerability.severity : \\\"Low\\\" \",\"type\":\"custom\",\"key\":\"query\",\"value\":\"{\\\"bool\\\":{\\\"must\\\":[],\\\"filter\\\":[{\\\"bool\\\":{\\\"should\\\":[{\\\"term\\\":{\\\"data.vulnerability.severity\\\":\\\"Low\\\"}}],\\\"minimum_should_match\\\":1}}],\\\"should\\\":[],\\\"must_not\\\":[]}}\",\"disabled\":false,\"negate\":false},\"query\":{\"bool\":{\"must\":[],\"filter\":[{\"bool\":{\"should\":[{\"term\":{\"data.vulnerability.severity\":\"Low\"}}],\"minimum_should_match\":1}}],\"should\":[],\"must_not\":[]}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"a397e361-0b6a-4d18-b957-2afce890f6c3\":{\"columns\":{\"c0f27509-4ce0-4eca-94c5-e1eddfc176e9\":{\"label\":\"Low Severity Alerts\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"data.vulnerability.severity\",\"isBucketed\":false,\"filter\":{\"query\":\"data.vulnerability.severity : \\\"Low\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"c0f27509-4ce0-4eca-94c5-e1eddfc176e9\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":5,\"w\":25,\"h\":14,\"i\":\"8fe06d85-091b-47aa-a809-aae9150a3314\"},\"panelIndex\":\"8fe06d85-091b-47aa-a809-aae9150a3314\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"f410770f-a2da-47db-8a47-20b2ddbdcf5e\",\"name\":\"indexpattern-datasource-layer-47832b00-8a1a-4d99-8631-89379474c236\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"curveType\":\"CURVE_MONOTONE_X\",\"fillOpacity\":1,\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"area_stacked\",\"layers\":[{\"layerId\":\"47832b00-8a1a-4d99-8631-89379474c236\",\"accessors\":[\"32448531-8094-4131-89c9-38ed77a620ec\"],\"position\":\"top\",\"seriesType\":\"area_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"yConfig\":[{\"forAccessor\":\"32448531-8094-4131-89c9-38ed77a620ec\",\"axisMode\":\"auto\"}],\"xAccessor\":\"f20c7be6-a511-4b95-be88-6de506dbf1d8\",\"splitAccessor\":\"526e79e6-d985-4fc0-b5f3-ec87f5d24b83\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"47832b00-8a1a-4d99-8631-89379474c236\":{\"columns\":{\"526e79e6-d985-4fc0-b5f3-ec87f5d24b83\":{\"label\":\"Top 5 values of data.vulnerability.severity\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"data.vulnerability.severity\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"32448531-8094-4131-89c9-38ed77a620ec\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"f20c7be6-a511-4b95-be88-6de506dbf1d8\":{\"label\":\"timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"3h\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"32448531-8094-4131-89c9-38ed77a620ec\":{\"label\":\"Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"526e79e6-d985-4fc0-b5f3-ec87f5d24b83\",\"f20c7be6-a511-4b95-be88-6de506dbf1d8\",\"32448531-8094-4131-89c9-38ed77a620ec\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Alert severity\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":25,\"y\":5,\"w\":23,\"h\":14,\"i\":\"680cfedf-a868-4de2-8173-897f4df7f6d7\"},\"panelIndex\":\"680cfedf-a868-4de2-8173-897f4df7f6d7\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsHeatmap\",\"type\":\"lens\",\"references\":[{\"id\":\"f410770f-a2da-47db-8a47-20b2ddbdcf5e\",\"name\":\"indexpattern-datasource-layer-6f9a4ce5-1395-4bc6-9dd6-0a8c130e9d8a\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"shape\":\"heatmap\",\"layerId\":\"6f9a4ce5-1395-4bc6-9dd6-0a8c130e9d8a\",\"layerType\":\"data\",\"legend\":{\"isVisible\":true,\"position\":\"right\",\"type\":\"heatmap_legend\"},\"gridConfig\":{\"type\":\"heatmap_grid\",\"isCellLabelVisible\":false,\"isYAxisLabelVisible\":true,\"isXAxisLabelVisible\":true,\"isYAxisTitleVisible\":false,\"isXAxisTitleVisible\":true,\"yTitle\":\"\"},\"valueAccessor\":\"4e7e0e20-a869-417a-b9ba-fac0c17e10ed\",\"yAccessor\":\"6fcc771b-b4e8-4684-80da-49b7b897dc24\",\"xAccessor\":\"e8d69708-c954-444b-a94f-9eb1befd3197\",\"palette\":{\"type\":\"palette\",\"name\":\"positive\",\"params\":{\"name\":\"positive\",\"continuity\":\"above\",\"reverse\":false,\"stops\":[{\"color\":\"#d6e9e4\",\"stop\":0},{\"color\":\"#aed3ca\",\"stop\":20},{\"color\":\"#85bdb1\",\"stop\":40},{\"color\":\"#5aa898\",\"stop\":60},{\"color\":\"#209280\",\"stop\":80}],\"rangeMin\":0,\"rangeMax\":null},\"accessor\":\"4e7e0e20-a869-417a-b9ba-fac0c17e10ed\"}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"6f9a4ce5-1395-4bc6-9dd6-0a8c130e9d8a\":{\"columns\":{\"4e7e0e20-a869-417a-b9ba-fac0c17e10ed\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":false},\"6fcc771b-b4e8-4684-80da-49b7b897dc24\":{\"label\":\"Top 3 values of data.vulnerability.severity\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"data.vulnerability.severity\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"4e7e0e20-a869-417a-b9ba-fac0c17e10ed\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":false},\"e8d69708-c954-444b-a94f-9eb1befd3197\":{\"label\":\"agent.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"agent.name\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"4e7e0e20-a869-417a-b9ba-fac0c17e10ed\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"6fcc771b-b4e8-4684-80da-49b7b897dc24\",\"e8d69708-c954-444b-a94f-9eb1befd3197\",\"4e7e0e20-a869-417a-b9ba-fac0c17e10ed\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Vulnerabilities heat map\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":19,\"w\":48,\"h\":14,\"i\":\"5a8626af-2bc4-4317-ad7f-20622c16db0a\"},\"panelIndex\":\"5a8626af-2bc4-4317-ad7f-20622c16db0a\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"id\":\"f410770f-a2da-47db-8a47-20b2ddbdcf5e\",\"name\":\"indexpattern-datasource-layer-d94ddf3d-d285-450e-aba4-46057df55fb7\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"542028d8-117e-4ee0-ba25-3ff4475940aa\",\"oneClickFilter\":true},{\"isTransposed\":false,\"columnId\":\"e26de584-b46b-474e-bcd4-11bd37ff8e2e\",\"oneClickFilter\":true},{\"isTransposed\":false,\"columnId\":\"1007fe8b-8a98-4b60-b8ef-93cd49227cd4\"},{\"isTransposed\":false,\"columnId\":\"ec84289b-cb43-4fae-9b94-7b17b696e4e0\"},{\"isTransposed\":false,\"columnId\":\"89ac7aeb-dfe3-449c-a109-6686a3610a4b\",\"oneClickFilter\":true},{\"isTransposed\":false,\"columnId\":\"5a0e5d4b-1345-4f59-ba8b-662451bf949b\",\"hidden\":true},{\"columnId\":\"4732efcd-d7cd-4a02-8b03-c498b3bb637c\",\"isTransposed\":false},{\"columnId\":\"056be5db-ea40-4979-9985-8f0c73a8dcef\",\"isTransposed\":false}],\"layerId\":\"d94ddf3d-d285-450e-aba4-46057df55fb7\",\"layerType\":\"data\",\"paging\":{\"size\":10,\"enabled\":true}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"d94ddf3d-d285-450e-aba4-46057df55fb7\":{\"columns\":{\"542028d8-117e-4ee0-ba25-3ff4475940aa\":{\"label\":\"agent.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"agent.name\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5a0e5d4b-1345-4f59-ba8b-662451bf949b\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"e26de584-b46b-474e-bcd4-11bd37ff8e2e\":{\"label\":\"data.vulnerability.cve\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"data.vulnerability.cve\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5a0e5d4b-1345-4f59-ba8b-662451bf949b\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"1007fe8b-8a98-4b60-b8ef-93cd49227cd4\":{\"label\":\"data.vulnerability.package.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"data.vulnerability.package.name\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5a0e5d4b-1345-4f59-ba8b-662451bf949b\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"ec84289b-cb43-4fae-9b94-7b17b696e4e0\":{\"label\":\"data.vulnerability.severity\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"data.vulnerability.package.version\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5a0e5d4b-1345-4f59-ba8b-662451bf949b\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"89ac7aeb-dfe3-449c-a109-6686a3610a4b\":{\"label\":\"rule.id\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.id\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5a0e5d4b-1345-4f59-ba8b-662451bf949b\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"5a0e5d4b-1345-4f59-ba8b-662451bf949b\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"4732efcd-d7cd-4a02-8b03-c498b3bb637c\":{\"label\":\"timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"056be5db-ea40-4979-9985-8f0c73a8dcef\":{\"label\":\"data.vulnerability.package.version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"data.vulnerability.package.version\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5a0e5d4b-1345-4f59-ba8b-662451bf949b\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"4732efcd-d7cd-4a02-8b03-c498b3bb637c\",\"542028d8-117e-4ee0-ba25-3ff4475940aa\",\"e26de584-b46b-474e-bcd4-11bd37ff8e2e\",\"1007fe8b-8a98-4b60-b8ef-93cd49227cd4\",\"056be5db-ea40-4979-9985-8f0c73a8dcef\",\"ec84289b-cb43-4fae-9b94-7b17b696e4e0\",\"89ac7aeb-dfe3-449c-a109-6686a3610a4b\",\"5a0e5d4b-1345-4f59-ba8b-662451bf949b\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Events\"}]","timeRestore":false,"title":"wazuh-vulnerabilities-v1.0","version":1},"coreMigrationVersion":"8.6.2","created_at":"2023-04-24T18:37:41.475Z","id":"1e68dc60-e2b5-11ed-9db8-9f0e23f622c3","migrationVersion":{"dashboard":"8.6.0"},"references":[{"id":"f410770f-a2da-47db-8a47-20b2ddbdcf5e","name":"9931cceb-51f1-4e47-bd26-491e7a624592:indexpattern-datasource-layer-1dc5f9b1-9f0c-458b-98e6-e92708af5b9d","type":"index-pattern"},{"id":"f410770f-a2da-47db-8a47-20b2ddbdcf5e","name":"9931cceb-51f1-4e47-bd26-491e7a624592:b9624937-542e-4ac9-9f09-ae532ade3311","type":"index-pattern"},{"id":"f410770f-a2da-47db-8a47-20b2ddbdcf5e","name":"a0b05cdd-c4b5-46b0-af2e-32253bd965e6:indexpattern-datasource-layer-fd6049b6-e52c-449e-9775-ded5ac1eac15","type":"index-pattern"},{"id":"f410770f-a2da-47db-8a47-20b2ddbdcf5e","name":"b22f2aba-370b-40f2-8f30-c7175fd21d84:indexpattern-datasource-layer-a8774fa0-5ae6-4746-94bd-cd21a0210641","type":"index-pattern"},{"id":"f410770f-a2da-47db-8a47-20b2ddbdcf5e","name":"dad9436c-6a56-47cc-a52a-065c86d64c7f:indexpattern-datasource-layer-a397e361-0b6a-4d18-b957-2afce890f6c3","type":"index-pattern"},{"id":"f410770f-a2da-47db-8a47-20b2ddbdcf5e","name":"dad9436c-6a56-47cc-a52a-065c86d64c7f:a532bc3a-2caf-4353-9a37-17d4fb373b0d","type":"index-pattern"},{"id":"f410770f-a2da-47db-8a47-20b2ddbdcf5e","name":"8fe06d85-091b-47aa-a809-aae9150a3314:indexpattern-datasource-layer-47832b00-8a1a-4d99-8631-89379474c236","type":"index-pattern"},{"id":"f410770f-a2da-47db-8a47-20b2ddbdcf5e","name":"680cfedf-a868-4de2-8173-897f4df7f6d7:indexpattern-datasource-layer-6f9a4ce5-1395-4bc6-9dd6-0a8c130e9d8a","type":"index-pattern"},{"id":"f410770f-a2da-47db-8a47-20b2ddbdcf5e","name":"5a8626af-2bc4-4317-ad7f-20622c16db0a:indexpattern-datasource-layer-d94ddf3d-d285-450e-aba4-46057df55fb7","type":"index-pattern"}],"type":"dashboard","updated_at":"2023-04-24T18:37:41.475Z","version":"WzQ3OSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":5,\"i\":\"c90b5ced-c476-4336-8248-5f5eee09b7d3\"},\"panelIndex\":\"c90b5ced-c476-4336-8248-5f5eee09b7d3\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"id\":\"f410770f-a2da-47db-8a47-20b2ddbdcf5e\",\"name\":\"indexpattern-datasource-layer-f7d51ed1-e2c7-4eff-a2f0-426523a27b79\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"f7d51ed1-e2c7-4eff-a2f0-426523a27b79\",\"accessor\":\"bba216ab-0609-4fc7-9f00-3f95df7bd9e5\",\"layerType\":\"data\",\"textAlign\":\"center\",\"colorMode\":\"Labels\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":3,\"name\":\"custom\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#1E75B6\",\"stop\":300}],\"colorStops\":[{\"color\":\"#1E75B6\",\"stop\":null}],\"continuity\":\"all\",\"maxSteps\":5}},\"size\":\"xxl\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f7d51ed1-e2c7-4eff-a2f0-426523a27b79\":{\"columns\":{\"bba216ab-0609-4fc7-9f00-3f95df7bd9e5\":{\"label\":\"Total\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"bba216ab-0609-4fc7-9f00-3f95df7bd9e5\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":0,\"w\":8,\"h\":5,\"i\":\"dc864252-a518-4187-80ca-b581ad14f1cb\"},\"panelIndex\":\"dc864252-a518-4187-80ca-b581ad14f1cb\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"id\":\"f410770f-a2da-47db-8a47-20b2ddbdcf5e\",\"name\":\"indexpattern-datasource-layer-a63a4df1-6335-4d1e-a8fb-44d550e0513b\",\"type\":\"index-pattern\"},{\"id\":\"f410770f-a2da-47db-8a47-20b2ddbdcf5e\",\"name\":\"4cd727d8-200d-4869-b702-ff540bd3ff56\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"a63a4df1-6335-4d1e-a8fb-44d550e0513b\",\"accessor\":\"65d5d9ac-208b-4393-b498-12f4351445bd\",\"layerType\":\"data\",\"colorMode\":\"Labels\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":3,\"name\":\"custom\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#e57488\",\"stop\":8}],\"colorStops\":[{\"color\":\"#e57488\",\"stop\":null}],\"continuity\":\"all\",\"maxSteps\":5}},\"textAlign\":\"center\",\"size\":\"xxl\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"index\":\"4cd727d8-200d-4869-b702-ff540bd3ff56\",\"alias\":\"rule.level >= 12\",\"type\":\"custom\",\"key\":\"query\",\"value\":\"{\\\"bool\\\":{\\\"must\\\":[],\\\"filter\\\":[{\\\"bool\\\":{\\\"should\\\":[{\\\"range\\\":{\\\"rule.level\\\":{\\\"gte\\\":\\\"12\\\"}}}],\\\"minimum_should_match\\\":1}}],\\\"should\\\":[],\\\"must_not\\\":[]}}\",\"disabled\":false,\"negate\":false},\"query\":{\"bool\":{\"must\":[],\"filter\":[{\"bool\":{\"should\":[{\"range\":{\"rule.level\":{\"gte\":\"12\"}}}],\"minimum_should_match\":1}}],\"should\":[],\"must_not\":[]}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"a63a4df1-6335-4d1e-a8fb-44d550e0513b\":{\"columns\":{\"65d5d9ac-208b-4393-b498-12f4351445bd\":{\"label\":\"Level 12 or above alerts\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"rule.level >= 12\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"65d5d9ac-208b-4393-b498-12f4351445bd\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":0,\"w\":8,\"h\":5,\"i\":\"4bab10c4-2a6d-4f8f-8094-323581c98950\"},\"panelIndex\":\"4bab10c4-2a6d-4f8f-8094-323581c98950\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"id\":\"f410770f-a2da-47db-8a47-20b2ddbdcf5e\",\"name\":\"indexpattern-datasource-layer-28318134-b7bd-4faa-b21e-b0a6665b526f\",\"type\":\"index-pattern\"},{\"id\":\"f410770f-a2da-47db-8a47-20b2ddbdcf5e\",\"name\":\"1b7728c2-28d0-40f9-81ed-74e77231242c\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"28318134-b7bd-4faa-b21e-b0a6665b526f\",\"accessor\":\"e1a6a50b-cffe-4c92-b756-bad658aee97d\",\"layerType\":\"data\",\"textAlign\":\"center\",\"colorMode\":\"Labels\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":3,\"name\":\"custom\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#d4458d\",\"stop\":4}],\"colorStops\":[{\"color\":\"#d4458d\",\"stop\":null}],\"continuity\":\"all\",\"maxSteps\":5}},\"size\":\"xxl\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"index\":\"1b7728c2-28d0-40f9-81ed-74e77231242c\",\"alias\":\"rule.groups : \\\"authentication_failed\\\" or \\\"win_authentication_failed\\\" or \\\"authentication_failures\\\"\",\"type\":\"custom\",\"key\":\"query\",\"value\":\"{\\\"bool\\\":{\\\"must\\\":[],\\\"filter\\\":[{\\\"bool\\\":{\\\"should\\\":[{\\\"bool\\\":{\\\"should\\\":[{\\\"term\\\":{\\\"rule.groups\\\":\\\"authentication_failed\\\"}}],\\\"minimum_should_match\\\":1}},{\\\"multi_match\\\":{\\\"type\\\":\\\"phrase\\\",\\\"query\\\":\\\"win_authentication_failed\\\",\\\"lenient\\\":true}},{\\\"multi_match\\\":{\\\"type\\\":\\\"phrase\\\",\\\"query\\\":\\\"authentication_failures\\\",\\\"lenient\\\":true}}],\\\"minimum_should_match\\\":1}}],\\\"should\\\":[],\\\"must_not\\\":[]}}\",\"disabled\":false,\"negate\":false},\"query\":{\"bool\":{\"must\":[],\"filter\":[{\"bool\":{\"should\":[{\"bool\":{\"should\":[{\"term\":{\"rule.groups\":\"authentication_failed\"}}],\"minimum_should_match\":1}},{\"multi_match\":{\"type\":\"phrase\",\"query\":\"win_authentication_failed\",\"lenient\":true}},{\"multi_match\":{\"type\":\"phrase\",\"query\":\"authentication_failures\",\"lenient\":true}}],\"minimum_should_match\":1}}],\"should\":[],\"must_not\":[]}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"28318134-b7bd-4faa-b21e-b0a6665b526f\":{\"columns\":{\"e1a6a50b-cffe-4c92-b756-bad658aee97d\":{\"label\":\"Athentication failure\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"rule.groups\",\"isBucketed\":false,\"filter\":{\"query\":\"rule.groups : \\\"authentication_failed\\\" or \\\"win_authentication_failed\\\" or \\\"authentication_failures\\\"\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"e1a6a50b-cffe-4c92-b756-bad658aee97d\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":0,\"w\":8,\"h\":5,\"i\":\"3cc5e7d4-2f44-438e-8529-6dfae4e29b16\"},\"panelIndex\":\"3cc5e7d4-2f44-438e-8529-6dfae4e29b16\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"id\":\"f410770f-a2da-47db-8a47-20b2ddbdcf5e\",\"name\":\"indexpattern-datasource-layer-67c3da39-aad2-4ff4-812f-15cf135b2d12\",\"type\":\"index-pattern\"},{\"id\":\"f410770f-a2da-47db-8a47-20b2ddbdcf5e\",\"name\":\"933a08d4-fd4c-4829-938c-df17bc87af15\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"67c3da39-aad2-4ff4-812f-15cf135b2d12\",\"accessor\":\"ea00d671-3e3a-434a-8813-1dfa3a023112\",\"layerType\":\"data\",\"textAlign\":\"center\",\"colorMode\":\"Labels\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":3,\"name\":\"custom\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#1a938a\",\"stop\":2}],\"colorStops\":[{\"color\":\"#1a938a\",\"stop\":null}],\"continuity\":\"all\",\"maxSteps\":5}},\"size\":\"xxl\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"index\":\"933a08d4-fd4c-4829-938c-df17bc87af15\",\"type\":\"exists\",\"key\":\"rule.groups\",\"value\":\"exists\",\"disabled\":false,\"negate\":false,\"alias\":null},\"query\":{\"exists\":{\"field\":\"rule.groups\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"67c3da39-aad2-4ff4-812f-15cf135b2d12\":{\"columns\":{\"ea00d671-3e3a-434a-8813-1dfa3a023112\":{\"label\":\"Authentication success\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"rule.groups\",\"isBucketed\":false,\"filter\":{\"query\":\"rule.groups: \\\"authentication_success\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"ea00d671-3e3a-434a-8813-1dfa3a023112\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":5,\"w\":32,\"h\":14,\"i\":\"fc1f8b94-2637-4f4d-a998-f6a59c6b9e7e\"},\"panelIndex\":\"fc1f8b94-2637-4f4d-a998-f6a59c6b9e7e\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"f410770f-a2da-47db-8a47-20b2ddbdcf5e\",\"name\":\"indexpattern-datasource-layer-e8600050-5477-49a7-a28e-ce9a47ded5f5\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"e8600050-5477-49a7-a28e-ce9a47ded5f5\",\"accessors\":[\"8d76d731-1e09-4706-b3d9-48108dd7dd32\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"splitAccessor\":\"3f2d0dea-171c-41ed-9452-29106c10a968\",\"xAccessor\":\"c5296771-93c8-48cb-bf57-cad19d8c829e\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"e8600050-5477-49a7-a28e-ce9a47ded5f5\":{\"columns\":{\"8d76d731-1e09-4706-b3d9-48108dd7dd32\":{\"label\":\"Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"c5296771-93c8-48cb-bf57-cad19d8c829e\":{\"label\":\"timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":false,\"dropPartials\":false}},\"3f2d0dea-171c-41ed-9452-29106c10a968\":{\"label\":\"Top 5 values of agent.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"agent.name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8d76d731-1e09-4706-b3d9-48108dd7dd32\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}}},\"columnOrder\":[\"3f2d0dea-171c-41ed-9452-29106c10a968\",\"c5296771-93c8-48cb-bf57-cad19d8c829e\",\"8d76d731-1e09-4706-b3d9-48108dd7dd32\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Alerts evolution - Top 5 agents\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":5,\"w\":16,\"h\":14,\"i\":\"e35f33d0-784d-471a-842e-576523d0ca80\"},\"panelIndex\":\"e35f33d0-784d-471a-842e-576523d0ca80\",\"embeddableConfig\":{\"attributes\":{\"title\":\"Top Mitre\",\"description\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"id\":\"f410770f-a2da-47db-8a47-20b2ddbdcf5e\",\"name\":\"indexpattern-datasource-layer-d2ef6c07-620f-431e-85f2-77175187e0fe\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"shape\":\"pie\",\"layers\":[{\"layerId\":\"d2ef6c07-620f-431e-85f2-77175187e0fe\",\"primaryGroups\":[\"a676e778-cad9-431e-b520-3e87b3a0afb2\"],\"metrics\":[\"c2640e02-f544-4f25-a0a4-aaec8e9e2f47\"],\"numberDisplay\":\"percent\",\"categoryDisplay\":\"hide\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"layerType\":\"data\",\"emptySizeRatio\":0.3,\"legendSize\":\"xlarge\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"d2ef6c07-620f-431e-85f2-77175187e0fe\":{\"columns\":{\"a676e778-cad9-431e-b520-3e87b3a0afb2\":{\"label\":\"Top 5 values of rule.mitre.tactic\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.mitre.tactic\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"c2640e02-f544-4f25-a0a4-aaec8e9e2f47\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"c2640e02-f544-4f25-a0a4-aaec8e9e2f47\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"a676e778-cad9-431e-b520-3e87b3a0afb2\",\"c2640e02-f544-4f25-a0a4-aaec8e9e2f47\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Top Mitre ATT&K tactics\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":19,\"w\":48,\"h\":15,\"i\":\"ee6f5f4c-2a18-4733-a593-23c1f2a24376\"},\"panelIndex\":\"ee6f5f4c-2a18-4733-a593-23c1f2a24376\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"id\":\"f410770f-a2da-47db-8a47-20b2ddbdcf5e\",\"name\":\"indexpattern-datasource-layer-f001be29-b6cc-4c99-8aae-5941a7f9a8ee\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"72a21fae-312d-4cbb-8a94-fa24d4b29933\",\"oneClickFilter\":true},{\"isTransposed\":false,\"columnId\":\"884cc56d-feb1-40dd-89a9-e006ec72dd85\"},{\"isTransposed\":false,\"columnId\":\"5333b889-bfc5-4e1a-a4e3-54828d1dd91b\"},{\"isTransposed\":false,\"columnId\":\"b3369c71-8edb-4569-89df-883f23ea2785\",\"oneClickFilter\":true},{\"isTransposed\":false,\"columnId\":\"233f059c-ccd6-4a64-a6be-4961a3c4d500\",\"hidden\":true,\"colorMode\":\"none\"},{\"columnId\":\"6bb85b4f-0834-416d-8ade-49d83caac7ee\",\"isTransposed\":false,\"oneClickFilter\":false},{\"columnId\":\"4a2c3535-ba05-42d2-8dbb-5218d3309ea6\",\"isTransposed\":false},{\"columnId\":\"c74264a6-eb65-4232-9444-a503723c6fdf\",\"isTransposed\":false,\"oneClickFilter\":true}],\"layerId\":\"f001be29-b6cc-4c99-8aae-5941a7f9a8ee\",\"layerType\":\"data\",\"headerRowHeight\":\"custom\",\"headerRowHeightLines\":2,\"rowHeight\":\"custom\",\"rowHeightLines\":2,\"paging\":{\"size\":10,\"enabled\":true}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f001be29-b6cc-4c99-8aae-5941a7f9a8ee\":{\"columns\":{\"72a21fae-312d-4cbb-8a94-fa24d4b29933\":{\"label\":\"agent.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"agent.name\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"233f059c-ccd6-4a64-a6be-4961a3c4d500\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"884cc56d-feb1-40dd-89a9-e006ec72dd85\":{\"label\":\"rule.description\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.description\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"233f059c-ccd6-4a64-a6be-4961a3c4d500\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"5333b889-bfc5-4e1a-a4e3-54828d1dd91b\":{\"label\":\"rule.mitre.tactic\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.mitre.tactic\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"233f059c-ccd6-4a64-a6be-4961a3c4d500\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"b3369c71-8edb-4569-89df-883f23ea2785\":{\"label\":\"rule.id\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.id\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"233f059c-ccd6-4a64-a6be-4961a3c4d500\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"233f059c-ccd6-4a64-a6be-4961a3c4d500\":{\"label\":\"Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"6bb85b4f-0834-416d-8ade-49d83caac7ee\":{\"label\":\"rule.level\",\"dataType\":\"number\",\"operationType\":\"range\",\"sourceField\":\"rule.level\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"includeEmptyRows\":true,\"type\":\"histogram\",\"ranges\":[{\"from\":0,\"to\":1000,\"label\":\"\"}],\"maxBars\":\"auto\"}},\"4a2c3535-ba05-42d2-8dbb-5218d3309ea6\":{\"label\":\"timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"c74264a6-eb65-4232-9444-a503723c6fdf\":{\"label\":\"rule.mitre.id\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.mitre.id\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"233f059c-ccd6-4a64-a6be-4961a3c4d500\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"4a2c3535-ba05-42d2-8dbb-5218d3309ea6\",\"72a21fae-312d-4cbb-8a94-fa24d4b29933\",\"c74264a6-eb65-4232-9444-a503723c6fdf\",\"5333b889-bfc5-4e1a-a4e3-54828d1dd91b\",\"884cc56d-feb1-40dd-89a9-e006ec72dd85\",\"6bb85b4f-0834-416d-8ade-49d83caac7ee\",\"b3369c71-8edb-4569-89df-883f23ea2785\",\"233f059c-ccd6-4a64-a6be-4961a3c4d500\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Security alerts\"}]","timeRestore":false,"title":"wazuh-security-events-v1.0","version":1},"coreMigrationVersion":"8.6.2","created_at":"2023-04-24T18:37:25.862Z","id":"1002c610-a23f-11ed-9c45-1d7f2cbf4bd8","migrationVersion":{"dashboard":"8.6.0"},"references":[{"id":"f410770f-a2da-47db-8a47-20b2ddbdcf5e","name":"c90b5ced-c476-4336-8248-5f5eee09b7d3:indexpattern-datasource-layer-f7d51ed1-e2c7-4eff-a2f0-426523a27b79","type":"index-pattern"},{"id":"f410770f-a2da-47db-8a47-20b2ddbdcf5e","name":"dc864252-a518-4187-80ca-b581ad14f1cb:indexpattern-datasource-layer-a63a4df1-6335-4d1e-a8fb-44d550e0513b","type":"index-pattern"},{"id":"f410770f-a2da-47db-8a47-20b2ddbdcf5e","name":"dc864252-a518-4187-80ca-b581ad14f1cb:4cd727d8-200d-4869-b702-ff540bd3ff56","type":"index-pattern"},{"id":"f410770f-a2da-47db-8a47-20b2ddbdcf5e","name":"4bab10c4-2a6d-4f8f-8094-323581c98950:indexpattern-datasource-layer-28318134-b7bd-4faa-b21e-b0a6665b526f","type":"index-pattern"},{"id":"f410770f-a2da-47db-8a47-20b2ddbdcf5e","name":"4bab10c4-2a6d-4f8f-8094-323581c98950:1b7728c2-28d0-40f9-81ed-74e77231242c","type":"index-pattern"},{"id":"f410770f-a2da-47db-8a47-20b2ddbdcf5e","name":"3cc5e7d4-2f44-438e-8529-6dfae4e29b16:indexpattern-datasource-layer-67c3da39-aad2-4ff4-812f-15cf135b2d12","type":"index-pattern"},{"id":"f410770f-a2da-47db-8a47-20b2ddbdcf5e","name":"3cc5e7d4-2f44-438e-8529-6dfae4e29b16:933a08d4-fd4c-4829-938c-df17bc87af15","type":"index-pattern"},{"id":"f410770f-a2da-47db-8a47-20b2ddbdcf5e","name":"fc1f8b94-2637-4f4d-a998-f6a59c6b9e7e:indexpattern-datasource-layer-e8600050-5477-49a7-a28e-ce9a47ded5f5","type":"index-pattern"},{"id":"f410770f-a2da-47db-8a47-20b2ddbdcf5e","name":"e35f33d0-784d-471a-842e-576523d0ca80:indexpattern-datasource-layer-d2ef6c07-620f-431e-85f2-77175187e0fe","type":"index-pattern"},{"id":"f410770f-a2da-47db-8a47-20b2ddbdcf5e","name":"ee6f5f4c-2a18-4733-a593-23c1f2a24376:indexpattern-datasource-layer-f001be29-b6cc-4c99-8aae-5941a7f9a8ee","type":"index-pattern"}],"type":"dashboard","updated_at":"2023-04-24T18:37:25.862Z","version":"WzQ3MiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.6.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":29,\"h\":15,\"i\":\"976e6302-500a-427c-bd29-75cee9034fe6\"},\"panelIndex\":\"976e6302-500a-427c-bd29-75cee9034fe6\",\"embeddableConfig\":{\"savedVis\":{\"id\":\"\",\"title\":\"PCI DSS requirements\",\"description\":\"\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false,\"valueAxis\":\"\"},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{},\"style\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"\"},\"style\":{}}],\"seriesParams\":[{\"show\":true,\"type\":\"line\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"drawLinesBetweenPoints\":true,\"lineWidth\":0,\"showCircles\":true,\"circlesRadius\":10,\"interpolate\":\"linear\",\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"detailedTooltip\":true,\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"addLegend\":true,\"legendPosition\":\"right\",\"fittingFunction\":\"linear\",\"times\":[],\"addTimeMarker\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"radiusRatio\":9,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"labels\":{}},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"timestamp\",\"timeRange\":{\"from\":\"now-10w\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"extendToTimeRange\":false,\"scaleMetricValues\":false,\"interval\":\"auto\",\"used_interval\":\"1d\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.pci_dss\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"group\"}],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}},\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":29,\"y\":0,\"w\":19,\"h\":15,\"i\":\"d299d776-0b4f-4955-b7d6-5717119dba59\"},\"panelIndex\":\"d299d776-0b4f-4955-b7d6-5717119dba59\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"f410770f-a2da-47db-8a47-20b2ddbdcf5e\",\"name\":\"indexpattern-datasource-layer-c85ec231-a4fc-495d-b8d6-1aad7dc1e489\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"c85ec231-a4fc-495d-b8d6-1aad7dc1e489\",\"accessors\":[\"0ca7b7c5-03fd-401d-bd44-201d8ca00b25\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"e17436ee-06c3-4b4e-acda-f8d379648407\",\"splitAccessor\":\"852bf376-24f0-4b54-8568-0964c3289eb4\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"c85ec231-a4fc-495d-b8d6-1aad7dc1e489\":{\"columns\":{\"e17436ee-06c3-4b4e-acda-f8d379648407\":{\"label\":\"Requirements\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.pci_dss\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"0ca7b7c5-03fd-401d-bd44-201d8ca00b25\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"0ca7b7c5-03fd-401d-bd44-201d8ca00b25\":{\"label\":\"Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"852bf376-24f0-4b54-8568-0964c3289eb4\":{\"label\":\"Top 5 values of agent.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"agent.name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"0ca7b7c5-03fd-401d-bd44-201d8ca00b25\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}}},\"columnOrder\":[\"e17436ee-06c3-4b4e-acda-f8d379648407\",\"852bf376-24f0-4b54-8568-0964c3289eb4\",\"0ca7b7c5-03fd-401d-bd44-201d8ca00b25\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Requirements by agent\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":15,\"w\":48,\"h\":17,\"i\":\"f3674cc2-b4c6-44e1-baa9-6dcb9b932a01\"},\"panelIndex\":\"f3674cc2-b4c6-44e1-baa9-6dcb9b932a01\",\"embeddableConfig\":{\"attributes\":{\"title\":\"PCI DSS\",\"description\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"id\":\"f410770f-a2da-47db-8a47-20b2ddbdcf5e\",\"name\":\"indexpattern-datasource-layer-951964d6-a0d3-4593-911f-b598f1bdd7a6\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"951964d6-a0d3-4593-911f-b598f1bdd7a6\",\"layerType\":\"data\",\"columns\":[{\"isTransposed\":false,\"columnId\":\"27ae8c68-e64e-4824-9422-df1611b74c58\"},{\"isTransposed\":false,\"columnId\":\"30508bd4-917e-4614-9922-c445af8e8a8f\"},{\"isTransposed\":false,\"columnId\":\"7044d45a-dce5-4fbe-8af4-64a9b1e14840\"},{\"isTransposed\":false,\"columnId\":\"49885e99-2da3-4165-9b20-9d78ccaca4bd\",\"oneClickFilter\":true},{\"isTransposed\":false,\"columnId\":\"df70835d-3cfb-4ead-a942-d60c00330c30\"},{\"columnId\":\"f7cf15d8-617e-4a52-bdc2-6b94a9c722ad\",\"isTransposed\":false,\"hidden\":true},{\"columnId\":\"f96a237b-410c-475c-863e-60acde29fc71\",\"isTransposed\":false,\"oneClickFilter\":true}],\"paging\":{\"size\":10,\"enabled\":true}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"951964d6-a0d3-4593-911f-b598f1bdd7a6\":{\"columns\":{\"27ae8c68-e64e-4824-9422-df1611b74c58\":{\"label\":\"rule.description\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.description\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f7cf15d8-617e-4a52-bdc2-6b94a9c722ad\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"30508bd4-917e-4614-9922-c445af8e8a8f\":{\"label\":\"rule.level\",\"dataType\":\"number\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.level\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f7cf15d8-617e-4a52-bdc2-6b94a9c722ad\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"7044d45a-dce5-4fbe-8af4-64a9b1e14840\":{\"label\":\"timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"49885e99-2da3-4165-9b20-9d78ccaca4bd\":{\"label\":\"agent.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"agent.name\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f7cf15d8-617e-4a52-bdc2-6b94a9c722ad\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"df70835d-3cfb-4ead-a942-d60c00330c30\":{\"label\":\"rule.pci_dss\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.pci_dss\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f7cf15d8-617e-4a52-bdc2-6b94a9c722ad\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"f7cf15d8-617e-4a52-bdc2-6b94a9c722ad\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"f96a237b-410c-475c-863e-60acde29fc71\":{\"label\":\"rule.id\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.id\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f7cf15d8-617e-4a52-bdc2-6b94a9c722ad\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"7044d45a-dce5-4fbe-8af4-64a9b1e14840\",\"49885e99-2da3-4165-9b20-9d78ccaca4bd\",\"df70835d-3cfb-4ead-a942-d60c00330c30\",\"27ae8c68-e64e-4824-9422-df1611b74c58\",\"30508bd4-917e-4614-9922-c445af8e8a8f\",\"f96a237b-410c-475c-863e-60acde29fc71\",\"f7cf15d8-617e-4a52-bdc2-6b94a9c722ad\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Recent events\"}]","timeRestore":false,"title":"wazuh-pci-dss-v1.0","version":1},"coreMigrationVersion":"8.6.2","created_at":"2023-04-24T18:37:10.201Z","id":"ad09bc40-a634-11ed-8b0e-91d62e747cc9","migrationVersion":{"dashboard":"8.6.0"},"references":[{"id":"f410770f-a2da-47db-8a47-20b2ddbdcf5e","name":"976e6302-500a-427c-bd29-75cee9034fe6:kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"f410770f-a2da-47db-8a47-20b2ddbdcf5e","name":"d299d776-0b4f-4955-b7d6-5717119dba59:indexpattern-datasource-layer-c85ec231-a4fc-495d-b8d6-1aad7dc1e489","type":"index-pattern"},{"id":"f410770f-a2da-47db-8a47-20b2ddbdcf5e","name":"f3674cc2-b4c6-44e1-baa9-6dcb9b932a01:indexpattern-datasource-layer-951964d6-a0d3-4593-911f-b598f1bdd7a6","type":"index-pattern"}],"type":"dashboard","updated_at":"2023-04-24T18:37:10.201Z","version":"WzQ2NSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":18,\"h\":13,\"i\":\"847a1b06-c15d-41a2-9a08-73b056e959fb\"},\"panelIndex\":\"847a1b06-c15d-41a2-9a08-73b056e959fb\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"f410770f-a2da-47db-8a47-20b2ddbdcf5e\",\"name\":\"indexpattern-datasource-layer-0c3e7889-e551-4507-bb13-1a4ff7d96f96\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"curveType\":\"LINEAR\",\"fillOpacity\":1,\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"area_stacked\",\"layers\":[{\"layerId\":\"0c3e7889-e551-4507-bb13-1a4ff7d96f96\",\"accessors\":[\"9b7ab5ea-5a4d-4fc1-a493-861ed613bfdb\"],\"position\":\"top\",\"seriesType\":\"area_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"f4e6f4ad-fca2-4012-9dc4-a34df1d4a5ec\",\"yConfig\":[{\"forAccessor\":\"9b7ab5ea-5a4d-4fc1-a493-861ed613bfdb\",\"color\":\"#40d4e0\"}]}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"0c3e7889-e551-4507-bb13-1a4ff7d96f96\":{\"columns\":{\"f4e6f4ad-fca2-4012-9dc4-a34df1d4a5ec\":{\"label\":\"timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"9b7ab5ea-5a4d-4fc1-a493-861ed613bfdb\":{\"label\":\"Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"rule.groups : \\\"rootcheck\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"f4e6f4ad-fca2-4012-9dc4-a34df1d4a5ec\",\"9b7ab5ea-5a4d-4fc1-a493-861ed613bfdb\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Emotet malware activity\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":18,\"y\":0,\"w\":30,\"h\":13,\"i\":\"cc5ad74e-c871-4ac3-9487-328adc286921\"},\"panelIndex\":\"cc5ad74e-c871-4ac3-9487-328adc286921\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"f410770f-a2da-47db-8a47-20b2ddbdcf5e\",\"name\":\"indexpattern-datasource-layer-5ccb00b3-1675-4c9f-a542-927c5930e66e\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"line\",\"layers\":[{\"layerId\":\"5ccb00b3-1675-4c9f-a542-927c5930e66e\",\"accessors\":[\"f001735e-ca2b-455d-a50a-b7f44b005f0b\"],\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"b662da8a-50ee-4dae-a2bb-25861753d95c\",\"splitAccessor\":\"52edc505-8c8a-4965-a3f3-46ca861738af\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"5ccb00b3-1675-4c9f-a542-927c5930e66e\":{\"columns\":{\"52edc505-8c8a-4965-a3f3-46ca861738af\":{\"label\":\"Top 5 values of data.title\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"data.title\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f001735e-ca2b-455d-a50a-b7f44b005f0b\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]}},\"b662da8a-50ee-4dae-a2bb-25861753d95c\":{\"label\":\"timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"f001735e-ca2b-455d-a50a-b7f44b005f0b\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"rule.groups : \\\"rootcheck\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"52edc505-8c8a-4965-a3f3-46ca861738af\",\"b662da8a-50ee-4dae-a2bb-25861753d95c\",\"f001735e-ca2b-455d-a50a-b7f44b005f0b\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Rootkits activity over time\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":13,\"w\":48,\"h\":21,\"i\":\"e3873842-502a-4ba4-a3ab-d5bcdc9d908c\"},\"panelIndex\":\"e3873842-502a-4ba4-a3ab-d5bcdc9d908c\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"id\":\"f410770f-a2da-47db-8a47-20b2ddbdcf5e\",\"name\":\"indexpattern-datasource-layer-777017d9-58d0-4f3f-8461-64af784d41a4\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"56e30fec-0d21-4af5-9751-7630c08713e8\",\"oneClickFilter\":true},{\"isTransposed\":false,\"columnId\":\"94ca03f4-c063-4be7-b4c1-007c8a6d271a\"},{\"isTransposed\":false,\"columnId\":\"1169cee0-a32f-48d2-8e12-2919736d710a\"},{\"isTransposed\":false,\"columnId\":\"23107287-fb86-49ea-bdea-79d55b5e7ea4\",\"oneClickFilter\":true},{\"isTransposed\":false,\"columnId\":\"125edb0b-de81-41b8-9612-1d87188e2b12\"},{\"isTransposed\":false,\"columnId\":\"a1caa30b-78e1-493d-bb05-f29242d47609\",\"hidden\":true},{\"columnId\":\"694278f2-f767-4450-90f5-4a95905e989f\",\"isTransposed\":false},{\"columnId\":\"1073b1b6-aa33-4e11-841b-0b6459a56603\",\"isTransposed\":false}],\"layerId\":\"777017d9-58d0-4f3f-8461-64af784d41a4\",\"layerType\":\"data\",\"headerRowHeight\":\"custom\",\"headerRowHeightLines\":2,\"rowHeight\":\"custom\",\"rowHeightLines\":2,\"paging\":{\"size\":10,\"enabled\":true}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"777017d9-58d0-4f3f-8461-64af784d41a4\":{\"columns\":{\"56e30fec-0d21-4af5-9751-7630c08713e8\":{\"label\":\"agent.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"agent.name\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"a1caa30b-78e1-493d-bb05-f29242d47609\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"94ca03f4-c063-4be7-b4c1-007c8a6d271a\":{\"label\":\"rule.mitre.technique\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.mitre.technique\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"a1caa30b-78e1-493d-bb05-f29242d47609\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"1169cee0-a32f-48d2-8e12-2919736d710a\":{\"label\":\"rule.mitre.tactic\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.mitre.tactic\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"a1caa30b-78e1-493d-bb05-f29242d47609\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"23107287-fb86-49ea-bdea-79d55b5e7ea4\":{\"label\":\"rule.id\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.id\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"a1caa30b-78e1-493d-bb05-f29242d47609\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"125edb0b-de81-41b8-9612-1d87188e2b12\":{\"label\":\"rule.description\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.description\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"a1caa30b-78e1-493d-bb05-f29242d47609\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"a1caa30b-78e1-493d-bb05-f29242d47609\":{\"label\":\"Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"rule.groups : \\\"rootcheck\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"694278f2-f767-4450-90f5-4a95905e989f\":{\"label\":\"timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"1073b1b6-aa33-4e11-841b-0b6459a56603\":{\"label\":\"rule.level\",\"dataType\":\"number\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.level\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"a1caa30b-78e1-493d-bb05-f29242d47609\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"694278f2-f767-4450-90f5-4a95905e989f\",\"56e30fec-0d21-4af5-9751-7630c08713e8\",\"94ca03f4-c063-4be7-b4c1-007c8a6d271a\",\"1169cee0-a32f-48d2-8e12-2919736d710a\",\"1073b1b6-aa33-4e11-841b-0b6459a56603\",\"23107287-fb86-49ea-bdea-79d55b5e7ea4\",\"125edb0b-de81-41b8-9612-1d87188e2b12\",\"a1caa30b-78e1-493d-bb05-f29242d47609\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Security alerts\"}]","timeRestore":false,"title":"wazuh-malware-detection-v1.0","version":1},"coreMigrationVersion":"8.6.2","created_at":"2023-04-24T18:36:31.797Z","id":"f9bb41b0-a3cf-11ed-9187-5147a2b9eedf","migrationVersion":{"dashboard":"8.6.0"},"references":[{"id":"f410770f-a2da-47db-8a47-20b2ddbdcf5e","name":"847a1b06-c15d-41a2-9a08-73b056e959fb:indexpattern-datasource-layer-0c3e7889-e551-4507-bb13-1a4ff7d96f96","type":"index-pattern"},{"id":"f410770f-a2da-47db-8a47-20b2ddbdcf5e","name":"cc5ad74e-c871-4ac3-9487-328adc286921:indexpattern-datasource-layer-5ccb00b3-1675-4c9f-a542-927c5930e66e","type":"index-pattern"},{"id":"f410770f-a2da-47db-8a47-20b2ddbdcf5e","name":"e3873842-502a-4ba4-a3ab-d5bcdc9d908c:indexpattern-datasource-layer-777017d9-58d0-4f3f-8461-64af784d41a4","type":"index-pattern"}],"type":"dashboard","updated_at":"2023-04-24T18:36:31.797Z","version":"WzQwNywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":15,\"h\":13,\"i\":\"caf3fb07-a3b0-4f51-b000-926f4b26ee4f\"},\"panelIndex\":\"caf3fb07-a3b0-4f51-b000-926f4b26ee4f\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"id\":\"f410770f-a2da-47db-8a47-20b2ddbdcf5e\",\"name\":\"indexpattern-datasource-layer-3ef3cbb5-abf3-4697-9e38-f4cf60bcdd5d\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"3ef3cbb5-abf3-4697-9e38-f4cf60bcdd5d\",\"primaryGroups\":[\"ccea2153-9f5c-4f65-9346-1feceb3783eb\"],\"metrics\":[\"06ae1d26-0a3a-4f59-b5bd-8cb93b640f86\"],\"numberDisplay\":\"hidden\",\"categoryDisplay\":\"hide\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"layerType\":\"data\",\"emptySizeRatio\":0.7,\"legendSize\":\"large\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3ef3cbb5-abf3-4697-9e38-f4cf60bcdd5d\":{\"columns\":{\"06ae1d26-0a3a-4f59-b5bd-8cb93b640f86\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"filter\":{\"query\":\"\",\"language\":\"kuery\"}},\"ccea2153-9f5c-4f65-9346-1feceb3783eb\":{\"label\":\"Top 5 values of rule.groups\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.groups\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"06ae1d26-0a3a-4f59-b5bd-8cb93b640f86\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}}},\"columnOrder\":[\"ccea2153-9f5c-4f65-9346-1feceb3783eb\",\"06ae1d26-0a3a-4f59-b5bd-8cb93b640f86\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Alert groups\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":15,\"y\":0,\"w\":33,\"h\":13,\"i\":\"115417e6-11a1-4a55-8055-220b69dad98e\"},\"panelIndex\":\"115417e6-11a1-4a55-8055-220b69dad98e\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"f410770f-a2da-47db-8a47-20b2ddbdcf5e\",\"name\":\"indexpattern-datasource-layer-54e72470-df75-47d1-a7a6-3d2f807a39d1\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":false,\"position\":\"right\",\"showSingleSeries\":false},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"54e72470-df75-47d1-a7a6-3d2f807a39d1\",\"accessors\":[\"db53a2e0-d936-4f7c-86bb-fc4e20810e64\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"f518cf1a-0d1d-44c7-97a0-12c5cd840e14\",\"splitAccessor\":\"a195fccb-9268-453a-b824-54f1e3f72d12\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"54e72470-df75-47d1-a7a6-3d2f807a39d1\":{\"columns\":{\"a195fccb-9268-453a-b824-54f1e3f72d12\":{\"label\":\"Top 5 values of rule.groups\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.groups\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"db53a2e0-d936-4f7c-86bb-fc4e20810e64\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"f518cf1a-0d1d-44c7-97a0-12c5cd840e14\":{\"label\":\"timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"db53a2e0-d936-4f7c-86bb-fc4e20810e64\":{\"label\":\"Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"rule.groups : \\\"audit\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"a195fccb-9268-453a-b824-54f1e3f72d12\",\"f518cf1a-0d1d-44c7-97a0-12c5cd840e14\",\"db53a2e0-d936-4f7c-86bb-fc4e20810e64\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Events\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":13,\"w\":48,\"h\":13,\"i\":\"edc2487b-0a85-4975-b841-457471ee5cd0\"},\"panelIndex\":\"edc2487b-0a85-4975-b841-457471ee5cd0\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"id\":\"f410770f-a2da-47db-8a47-20b2ddbdcf5e\",\"name\":\"indexpattern-datasource-layer-f001be29-b6cc-4c99-8aae-5941a7f9a8ee\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"5f8c9137-f9b6-4074-ba6c-9fa777b6afdf\"},{\"columnId\":\"4a2c3535-ba05-42d2-8dbb-5218d3309ea6\",\"isTransposed\":false},{\"isTransposed\":false,\"columnId\":\"72a21fae-312d-4cbb-8a94-fa24d4b29933\",\"oneClickFilter\":true},{\"isTransposed\":false,\"columnId\":\"884cc56d-feb1-40dd-89a9-e006ec72dd85\"},{\"columnId\":\"6bb85b4f-0834-416d-8ade-49d83caac7ee\",\"isTransposed\":false,\"oneClickFilter\":false},{\"isTransposed\":false,\"columnId\":\"b3369c71-8edb-4569-89df-883f23ea2785\",\"oneClickFilter\":true},{\"isTransposed\":false,\"columnId\":\"233f059c-ccd6-4a64-a6be-4961a3c4d500\",\"hidden\":true,\"colorMode\":\"none\"}],\"layerId\":\"f001be29-b6cc-4c99-8aae-5941a7f9a8ee\",\"layerType\":\"data\",\"headerRowHeight\":\"custom\",\"headerRowHeightLines\":2,\"rowHeight\":\"custom\",\"rowHeightLines\":2,\"paging\":{\"size\":10,\"enabled\":true}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f001be29-b6cc-4c99-8aae-5941a7f9a8ee\":{\"columns\":{\"5f8c9137-f9b6-4074-ba6c-9fa777b6afdf\":{\"label\":\"rule.groups\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.groups\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"233f059c-ccd6-4a64-a6be-4961a3c4d500\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"4a2c3535-ba05-42d2-8dbb-5218d3309ea6\":{\"label\":\"timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"72a21fae-312d-4cbb-8a94-fa24d4b29933\":{\"label\":\"agent.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"agent.name\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"233f059c-ccd6-4a64-a6be-4961a3c4d500\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"884cc56d-feb1-40dd-89a9-e006ec72dd85\":{\"label\":\"rule.description\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.description\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"233f059c-ccd6-4a64-a6be-4961a3c4d500\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"6bb85b4f-0834-416d-8ade-49d83caac7ee\":{\"label\":\"rule.level\",\"dataType\":\"number\",\"operationType\":\"range\",\"sourceField\":\"rule.level\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"includeEmptyRows\":true,\"type\":\"histogram\",\"ranges\":[{\"from\":0,\"to\":1000,\"label\":\"\"}],\"maxBars\":\"auto\"}},\"b3369c71-8edb-4569-89df-883f23ea2785\":{\"label\":\"rule.id\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.id\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"233f059c-ccd6-4a64-a6be-4961a3c4d500\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"233f059c-ccd6-4a64-a6be-4961a3c4d500\":{\"label\":\"Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"4a2c3535-ba05-42d2-8dbb-5218d3309ea6\",\"72a21fae-312d-4cbb-8a94-fa24d4b29933\",\"5f8c9137-f9b6-4074-ba6c-9fa777b6afdf\",\"884cc56d-feb1-40dd-89a9-e006ec72dd85\",\"6bb85b4f-0834-416d-8ade-49d83caac7ee\",\"b3369c71-8edb-4569-89df-883f23ea2785\",\"233f059c-ccd6-4a64-a6be-4961a3c4d500\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"Security alerts\"}]","timeRestore":false,"title":"wazuh-incident-response-v1.0","version":1},"coreMigrationVersion":"8.6.2","created_at":"2023-04-24T18:36:14.435Z","id":"e30257a0-a641-11ed-8b0e-91d62e747cc9","migrationVersion":{"dashboard":"8.6.0"},"references":[{"id":"f410770f-a2da-47db-8a47-20b2ddbdcf5e","name":"caf3fb07-a3b0-4f51-b000-926f4b26ee4f:indexpattern-datasource-layer-3ef3cbb5-abf3-4697-9e38-f4cf60bcdd5d","type":"index-pattern"},{"id":"f410770f-a2da-47db-8a47-20b2ddbdcf5e","name":"115417e6-11a1-4a55-8055-220b69dad98e:indexpattern-datasource-layer-54e72470-df75-47d1-a7a6-3d2f807a39d1","type":"index-pattern"},{"id":"f410770f-a2da-47db-8a47-20b2ddbdcf5e","name":"edc2487b-0a85-4975-b841-457471ee5cd0:indexpattern-datasource-layer-f001be29-b6cc-4c99-8aae-5941a7f9a8ee","type":"index-pattern"}],"type":"dashboard","updated_at":"2023-04-24T18:36:14.435Z","version":"WzQwMCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":12,\"i\":\"9c90478b-ef8d-4f0a-89ea-7cac2fb2b631\"},\"panelIndex\":\"9c90478b-ef8d-4f0a-89ea-7cac2fb2b631\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"id\":\"f410770f-a2da-47db-8a47-20b2ddbdcf5e\",\"name\":\"indexpattern-datasource-layer-b9d91550-4d81-4724-926b-368cbac70c5c\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"b9d91550-4d81-4724-926b-368cbac70c5c\",\"primaryGroups\":[\"393155df-15ed-400b-bef4-be554873a6c6\"],\"metrics\":[\"bc0afca3-aed2-4b22-970c-c91ac3e2bc02\"],\"numberDisplay\":\"percent\",\"categoryDisplay\":\"hide\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"layerType\":\"data\",\"emptySizeRatio\":0.7}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"b9d91550-4d81-4724-926b-368cbac70c5c\":{\"columns\":{\"393155df-15ed-400b-bef4-be554873a6c6\":{\"label\":\"Top 5 values of data.docker.Action\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"data.docker.Action\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"bc0afca3-aed2-4b22-970c-c91ac3e2bc02\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"bc0afca3-aed2-4b22-970c-c91ac3e2bc02\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"393155df-15ed-400b-bef4-be554873a6c6\",\"bc0afca3-aed2-4b22-970c-c91ac3e2bc02\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Top 5 events\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":0,\"w\":34,\"h\":12,\"i\":\"ec92f542-1336-4a92-90e6-548fa7a78db6\"},\"panelIndex\":\"ec92f542-1336-4a92-90e6-548fa7a78db6\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"f410770f-a2da-47db-8a47-20b2ddbdcf5e\",\"name\":\"indexpattern-datasource-layer-45315f08-c693-4bdc-aa72-8546f280b2b2\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"45315f08-c693-4bdc-aa72-8546f280b2b2\",\"accessors\":[\"69651d63-8697-41d8-b639-5d77e806c90a\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"93ae869a-82d8-4825-9391-568728d510a7\",\"splitAccessor\":\"588460de-4d21-471e-922f-0b59d3ec977f\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"45315f08-c693-4bdc-aa72-8546f280b2b2\":{\"columns\":{\"93ae869a-82d8-4825-9391-568728d510a7\":{\"label\":\"timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"69651d63-8697-41d8-b639-5d77e806c90a\":{\"label\":\"Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"588460de-4d21-471e-922f-0b59d3ec977f\":{\"label\":\"Top 3 values of data.docker.Type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"data.docker.Type\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"69651d63-8697-41d8-b639-5d77e806c90a\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}}},\"columnOrder\":[\"588460de-4d21-471e-922f-0b59d3ec977f\",\"93ae869a-82d8-4825-9391-568728d510a7\",\"69651d63-8697-41d8-b639-5d77e806c90a\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Events by source over time\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":12,\"w\":48,\"h\":37,\"i\":\"cac9a63e-4892-4879-bd94-210fd3b5b3d0\"},\"panelIndex\":\"cac9a63e-4892-4879-bd94-210fd3b5b3d0\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"id\":\"f410770f-a2da-47db-8a47-20b2ddbdcf5e\",\"name\":\"indexpattern-datasource-layer-c51272e9-4ceb-4095-a2a2-7d27d957fc4e\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"1cedf71d-5da2-423a-8108-0d28190dc1f2\",\"isTransposed\":false},{\"columnId\":\"09e332ce-350b-499a-8df5-9b15ed375c20\",\"isTransposed\":false,\"oneClickFilter\":true},{\"columnId\":\"e323b79e-be8f-458d-80b9-100d79e6fc3c\",\"isTransposed\":false,\"hidden\":true},{\"columnId\":\"655b8229-82ac-4302-a97c-a5b1778f22f9\",\"isTransposed\":false},{\"columnId\":\"c47bc042-54fd-4134-9cec-05f36c5c95e0\",\"isTransposed\":false},{\"columnId\":\"1bef96c9-5098-47db-9d76-2eba9c1cfd33\",\"isTransposed\":false},{\"columnId\":\"a61f2679-de38-4a5d-b105-dab5d341a400\",\"isTransposed\":false},{\"columnId\":\"f7109d3b-68d4-418c-b4c4-fe451858d375\",\"isTransposed\":false},{\"columnId\":\"28c7593f-f805-4cbd-afed-94dfdbde7d29\",\"isTransposed\":false,\"oneClickFilter\":true}],\"layerId\":\"c51272e9-4ceb-4095-a2a2-7d27d957fc4e\",\"layerType\":\"data\",\"headerRowHeight\":\"custom\",\"headerRowHeightLines\":2,\"rowHeight\":\"custom\",\"rowHeightLines\":2,\"paging\":{\"size\":10,\"enabled\":true}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"c51272e9-4ceb-4095-a2a2-7d27d957fc4e\":{\"columns\":{\"1cedf71d-5da2-423a-8108-0d28190dc1f2\":{\"label\":\"timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"09e332ce-350b-499a-8df5-9b15ed375c20\":{\"label\":\"agent.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"agent.name\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e323b79e-be8f-458d-80b9-100d79e6fc3c\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"e323b79e-be8f-458d-80b9-100d79e6fc3c\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"655b8229-82ac-4302-a97c-a5b1778f22f9\":{\"label\":\"data.docker.Type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"data.docker.Type\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e323b79e-be8f-458d-80b9-100d79e6fc3c\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"c47bc042-54fd-4134-9cec-05f36c5c95e0\":{\"label\":\"data.docker.Action\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"data.docker.Action\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e323b79e-be8f-458d-80b9-100d79e6fc3c\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]},\"customLabel\":true},\"1bef96c9-5098-47db-9d76-2eba9c1cfd33\":{\"label\":\"data.docker.Actor.ID\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"data.docker.Actor.ID\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e323b79e-be8f-458d-80b9-100d79e6fc3c\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"a61f2679-de38-4a5d-b105-dab5d341a400\":{\"label\":\"rule.description\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.description\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e323b79e-be8f-458d-80b9-100d79e6fc3c\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"f7109d3b-68d4-418c-b4c4-fe451858d375\":{\"label\":\"rule.level\",\"dataType\":\"number\",\"operationType\":\"range\",\"sourceField\":\"rule.level\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"includeEmptyRows\":true,\"type\":\"histogram\",\"ranges\":[{\"from\":0,\"to\":1000,\"label\":\"\"}],\"maxBars\":\"auto\"}},\"28c7593f-f805-4cbd-afed-94dfdbde7d29\":{\"label\":\"rule.id\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.id\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e323b79e-be8f-458d-80b9-100d79e6fc3c\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"1cedf71d-5da2-423a-8108-0d28190dc1f2\",\"09e332ce-350b-499a-8df5-9b15ed375c20\",\"655b8229-82ac-4302-a97c-a5b1778f22f9\",\"1bef96c9-5098-47db-9d76-2eba9c1cfd33\",\"c47bc042-54fd-4134-9cec-05f36c5c95e0\",\"a61f2679-de38-4a5d-b105-dab5d341a400\",\"f7109d3b-68d4-418c-b4c4-fe451858d375\",\"28c7593f-f805-4cbd-afed-94dfdbde7d29\",\"e323b79e-be8f-458d-80b9-100d79e6fc3c\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Events\"}]","timeRestore":false,"title":"wazuh-docker-listener-v1.0","version":1},"coreMigrationVersion":"8.6.2","created_at":"2023-04-24T18:35:50.548Z","id":"8359c240-a7cf-11ed-8b0e-91d62e747cc9","migrationVersion":{"dashboard":"8.6.0"},"references":[{"id":"f410770f-a2da-47db-8a47-20b2ddbdcf5e","name":"9c90478b-ef8d-4f0a-89ea-7cac2fb2b631:indexpattern-datasource-layer-b9d91550-4d81-4724-926b-368cbac70c5c","type":"index-pattern"},{"id":"f410770f-a2da-47db-8a47-20b2ddbdcf5e","name":"ec92f542-1336-4a92-90e6-548fa7a78db6:indexpattern-datasource-layer-45315f08-c693-4bdc-aa72-8546f280b2b2","type":"index-pattern"},{"id":"f410770f-a2da-47db-8a47-20b2ddbdcf5e","name":"cac9a63e-4892-4879-bd94-210fd3b5b3d0:indexpattern-datasource-layer-c51272e9-4ceb-4095-a2a2-7d27d957fc4e","type":"index-pattern"}],"type":"dashboard","updated_at":"2023-04-24T18:35:50.548Z","version":"WzM5MywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":31,\"h\":15,\"i\":\"5177564c-7c79-4412-9c03-99dca92b90d5\"},\"panelIndex\":\"5177564c-7c79-4412-9c03-99dca92b90d5\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"f410770f-a2da-47db-8a47-20b2ddbdcf5e\",\"name\":\"indexpattern-datasource-layer-bca83102-e00c-4277-b280-a91ef087536e\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"left\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"curveType\":\"CURVE_MONOTONE_X\",\"fillOpacity\":1,\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"area_stacked\",\"layers\":[{\"layerId\":\"bca83102-e00c-4277-b280-a91ef087536e\",\"accessors\":[\"80ac5cd7-4cfb-4c07-ad75-3cedb6212f18\"],\"position\":\"top\",\"seriesType\":\"area_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"4d2f8c1f-5ce3-449b-b0d7-f1d1989ba49e\",\"splitAccessor\":\"0e534aac-0aaf-4458-8d88-e2575fb2ebb9\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"bca83102-e00c-4277-b280-a91ef087536e\":{\"columns\":{\"0e534aac-0aaf-4458-8d88-e2575fb2ebb9\":{\"label\":\"Top 3 values of data.aws.source\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"data.aws.source\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"80ac5cd7-4cfb-4c07-ad75-3cedb6212f18\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]}},\"4d2f8c1f-5ce3-449b-b0d7-f1d1989ba49e\":{\"label\":\"timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"80ac5cd7-4cfb-4c07-ad75-3cedb6212f18\":{\"label\":\"Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"rule.groups : \\\"amazon\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"0e534aac-0aaf-4458-8d88-e2575fb2ebb9\",\"4d2f8c1f-5ce3-449b-b0d7-f1d1989ba49e\",\"80ac5cd7-4cfb-4c07-ad75-3cedb6212f18\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Events by source over time\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":31,\"y\":0,\"w\":17,\"h\":15,\"i\":\"692e518d-0688-414b-92e8-6b2bf1b960dd\"},\"panelIndex\":\"692e518d-0688-414b-92e8-6b2bf1b960dd\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"id\":\"f410770f-a2da-47db-8a47-20b2ddbdcf5e\",\"name\":\"indexpattern-datasource-layer-ecb05aff-bc9d-4ba1-b817-bf4016e0c5ef\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"ecb05aff-bc9d-4ba1-b817-bf4016e0c5ef\",\"primaryGroups\":[\"e81edf81-ce10-496b-8ca9-eb38d5ff2ccb\"],\"metrics\":[\"4a2c1031-e343-427d-b141-b47ccc7a570a\"],\"numberDisplay\":\"hidden\",\"categoryDisplay\":\"hide\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"layerType\":\"data\",\"emptySizeRatio\":0.7}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"ecb05aff-bc9d-4ba1-b817-bf4016e0c5ef\":{\"columns\":{\"e81edf81-ce10-496b-8ca9-eb38d5ff2ccb\":{\"label\":\"Top 5 values of data.aws.source\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"data.aws.source\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"4a2c1031-e343-427d-b141-b47ccc7a570a\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]}},\"4a2c1031-e343-427d-b141-b47ccc7a570a\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"e81edf81-ce10-496b-8ca9-eb38d5ff2ccb\",\"4a2c1031-e343-427d-b141-b47ccc7a570a\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Sources\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":15,\"w\":48,\"h\":15,\"i\":\"25e0d536-4163-46e6-abd5-5cd45cd9f30a\"},\"panelIndex\":\"25e0d536-4163-46e6-abd5-5cd45cd9f30a\",\"embeddableConfig\":{\"attributes\":{\"title\":\"e\",\"description\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"id\":\"f410770f-a2da-47db-8a47-20b2ddbdcf5e\",\"name\":\"indexpattern-datasource-layer-c23cdcb3-1e5c-46f0-9ef2-827d9b867cb2\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"8882fc10-f772-4a02-af1f-049b59a04dfd\",\"oneClickFilter\":true},{\"isTransposed\":false,\"columnId\":\"1835ff08-affb-403c-991e-8e642c7a5456\"},{\"isTransposed\":false,\"columnId\":\"6dce6ade-b342-4645-9ff2-228f319d69f7\"},{\"isTransposed\":false,\"columnId\":\"f8266242-342d-4046-8bb5-90efe4839a60\",\"hidden\":true},{\"columnId\":\"06b78908-beb7-4a01-a9b0-b7f9775318d9\",\"isTransposed\":false},{\"columnId\":\"ea992e31-8ea1-4548-8182-da51c911cf21\",\"isTransposed\":false},{\"columnId\":\"a8c6efd9-93b3-4636-96ea-43b359962134\",\"isTransposed\":false,\"oneClickFilter\":true}],\"layerId\":\"c23cdcb3-1e5c-46f0-9ef2-827d9b867cb2\",\"layerType\":\"data\",\"headerRowHeight\":\"custom\",\"headerRowHeightLines\":2,\"rowHeight\":\"custom\",\"rowHeightLines\":2,\"paging\":{\"size\":10,\"enabled\":true}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"c23cdcb3-1e5c-46f0-9ef2-827d9b867cb2\":{\"columns\":{\"8882fc10-f772-4a02-af1f-049b59a04dfd\":{\"label\":\"agent.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"agent.name\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f8266242-342d-4046-8bb5-90efe4839a60\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"1835ff08-affb-403c-991e-8e642c7a5456\":{\"label\":\"data.aws.source\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"data.aws.source\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f8266242-342d-4046-8bb5-90efe4839a60\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"6dce6ade-b342-4645-9ff2-228f319d69f7\":{\"label\":\"timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"f8266242-342d-4046-8bb5-90efe4839a60\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"06b78908-beb7-4a01-a9b0-b7f9775318d9\":{\"label\":\"rule.description\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.description\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f8266242-342d-4046-8bb5-90efe4839a60\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"ea992e31-8ea1-4548-8182-da51c911cf21\":{\"label\":\"rule.level\",\"dataType\":\"number\",\"operationType\":\"range\",\"sourceField\":\"rule.level\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"includeEmptyRows\":true,\"type\":\"histogram\",\"ranges\":[{\"from\":0,\"to\":1000,\"label\":\"\"}],\"maxBars\":\"auto\"}},\"a8c6efd9-93b3-4636-96ea-43b359962134\":{\"label\":\"rule.id\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.id\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f8266242-342d-4046-8bb5-90efe4839a60\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"6dce6ade-b342-4645-9ff2-228f319d69f7\",\"8882fc10-f772-4a02-af1f-049b59a04dfd\",\"1835ff08-affb-403c-991e-8e642c7a5456\",\"06b78908-beb7-4a01-a9b0-b7f9775318d9\",\"ea992e31-8ea1-4548-8182-da51c911cf21\",\"a8c6efd9-93b3-4636-96ea-43b359962134\",\"f8266242-342d-4046-8bb5-90efe4839a60\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Events\"}]","timeRestore":false,"title":"wazuh-amazon-aws-v1.0","version":1},"coreMigrationVersion":"8.6.2","created_at":"2023-04-24T18:35:30.916Z","id":"ff5626e0-a63f-11ed-8b0e-91d62e747cc9","migrationVersion":{"dashboard":"8.6.0"},"references":[{"id":"f410770f-a2da-47db-8a47-20b2ddbdcf5e","name":"5177564c-7c79-4412-9c03-99dca92b90d5:indexpattern-datasource-layer-bca83102-e00c-4277-b280-a91ef087536e","type":"index-pattern"},{"id":"f410770f-a2da-47db-8a47-20b2ddbdcf5e","name":"692e518d-0688-414b-92e8-6b2bf1b960dd:indexpattern-datasource-layer-ecb05aff-bc9d-4ba1-b817-bf4016e0c5ef","type":"index-pattern"},{"id":"f410770f-a2da-47db-8a47-20b2ddbdcf5e","name":"25e0d536-4163-46e6-abd5-5cd45cd9f30a:indexpattern-datasource-layer-c23cdcb3-1e5c-46f0-9ef2-827d9b867cb2","type":"index-pattern"}],"type":"dashboard","updated_at":"2023-04-24T18:35:30.916Z","version":"WzM1OCwxXQ=="} +{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":8,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file diff --git a/docs/markdown/logging-guidance/cloud.md b/docs/markdown/logging-guidance/cloud.md index 56ad50e5..dd08bf5b 100644 --- a/docs/markdown/logging-guidance/cloud.md +++ b/docs/markdown/logging-guidance/cloud.md @@ -13,9 +13,11 @@ In order for the LME agents to talk to LME in the cloud you'll need to ensure th The easiest way is to make sure you can hit these LME server ports from the on-prem client: - WAZUH ([DOCS](https://documentation.wazuh.com/current/user-manual/agent/agent-enrollment/requirements.html)): 1514,1515 - - Agent ([DOCS](https://www.elastic.co/guide/en/elastic-stack/current/installing-stack-demo-self.html#install-stack-self-elastic-agent)): 8220 + - Agent ([DOCS](https://www.elastic.co/guide/en/elastic-stack/current/installing-stack-demo-self.html#install-stack-self-elastic-agent)): 8220 (fleet commands), 9200 (input to elasticsearch) -You'll need to make sure your Cloud firewall is setup to allow those ports. On azure, network security groups (NSG) run a firewall on your virtual machines network interfaces. You'll need to update your LME virtual machine's rules to allow inbound connections on the agent ports. Azure has a detailed guide for how to add security rules [here](https://learn.microsoft.com/en-us/azure/virtual-network/manage-network-security-group?tabs=network-security-group-portal#create-a-security-rule) +You'll need to make sure your Cloud firewall is setup to allow those ports. On azure, network security groups (NSG) run a firewall on your virtual machines network interfaces. You'll need to update your LME virtual machine's rules to allow inbound connections on the agent ports. Azure has a detailed guide for how to add security rules [here](https://learn.microsoft.com/en-us/azure/virtual-network/manage-network-security-group?tabs=network-security-group-portal#create-a-security-rule). + +##### ***We highly suggest you do not open ANY PORT globally and restrict it based on your clients ip address or your client's subnets.**** Then on LME, you'll want to make sure you have either the firewall disabled (if you're using the cloud firewall as the main firewall): ``` @@ -44,11 +46,17 @@ You can add the above ports to ufw via the following command: sudo ufw allow 1514 sudo ufw allow 1515 sudo ufw allow 8220 +sudo ufw allow 9200 +``` +If you want to use the wazuh api, you'll also need to setup port 55000 to be allowed in: +``` +sudo ufw allow 55000 ``` -In addition, you'll need to setup rules to forward traffic to the container network: +In addition, you'll need to setup rules to forward traffic to the container network and allow traffic to run on the container network: ``` -ufw allow in on eth0 out on podman1 to any port +ufw route allow in on eth0 out on podman1 to any port 443,1514,1515,5601,8220,9200 proto tcp +ufw route allow in on podman1 ``` Theres a helpful stackoverflow article on why: [LINK](https://stackoverflow.com/questions/70870689/configure-ufw-for-podman-on-port-443) Your `podman1` interface name maybe differently, check the output of your network interfaces here and see if its also called podman1: @@ -56,6 +64,21 @@ Your `podman1` interface name maybe differently, check the output of your networ sudo -i podman network inspect lme | jq 'map(select(.name == "lme")) | map(.network_interface) | .[]' ``` +Your rules can be dumped and shown like so: +``` +root@ubuntu:~# ufw show added +Added user rules (see 'ufw status' for running firewall): +ufw allow 22 +ufw allow 1514 +ufw allow 1515 +ufw allow 8220 +ufw route allow in on eth0 out on podman1 to any port 443,1514,1515,5601,8220,9200 proto tcp +ufw allow 443 +ufw allow in on podman1 +ufw allow 9200 +root@ubuntu:~# +``` + ### Deploying LME for cloud infrastructure: Every cloud setup is different, but as long as the LME server is on the same network and able to talk to the machines you want to monitor everything should be good to go. diff --git a/docs/markdown/reference/troubleshooting.md b/docs/markdown/reference/troubleshooting.md index 140d9d87..bb7f943e 100644 --- a/docs/markdown/reference/troubleshooting.md +++ b/docs/markdown/reference/troubleshooting.md @@ -1,12 +1,12 @@ # Troubleshooting LME Install -## Troubleshooting Diagram +## Troubleshooting Diagram TODO redo the chart for troubleshooting steps Below is a diagram of the LME architecture with labels referring to possible issues at that specific location. Refer to the chart below for protocol information, process information, log file locations, and common issues at each point in LME. You can also find more detailed troubleshooting steps for each chapter after the chart. -![Troubleshooting overview](/docs/imgs/troubleshooting-overview.jpg) +![Troubleshooting overview](/docs/imgs/troubleshooting-overview.jpg) TODO we should remake this

Figure 1: Troubleshooting overview diagram

@@ -19,39 +19,11 @@ Figure 1: Troubleshooting overview diagram | c | Outbound TCP 5044.

Lumberjack protocol using TLS mutual authentication. Certificates generated as part of the install, and downloaded as a ZIP from the Linux server. | On the Windows Event Collector, Press Windows key + R. Then type 'services.msc' to access services on this machine. You should have:

โ€˜winlogbeatโ€™.

It should be set to automatically start and is running. | %programdata%\winlogbeat\logs\winlogbeat | TBC | | d | Inbound TCP 5044.

Lumberjack protocol using TLS mutual authentication. Certificates generated as part of the install. | On the Linux server type โ€˜sudo docker stack ps lmeโ€™, and check that lme_logstash, lme_kibana and lme_elasticsearch all have a **current status** of running. | On the Linux server type:

โ€˜sudo docker service logs -f lme_logstashโ€™ | TBC | -## Chapter 1 - Setting up Windows Event Forwarding - -### Installing Group Policy Management Tools - -If you receive the error `Windows cannot find 'gpmc.msc'`, you need to install the optional feature `Group Policy Management Tools`. - - - For Windows Server, follow Microsoft's instructions [here](https://learn.microsoft.com/en-us/azure/active-directory-domain-services/manage-group-policy#install-group-policy-management-tools). In short, you need to add the "Group Policy Management" Feature from the "Add Roles and Features" menu in Server Manager. - - For Windows 10/11, open the "Run" dialog box by pressing Windows key + R. Run the command `ms-settings:optionalfeatures` to open Windows Optional Features in Settings. Select "Add a Feature," then scroll down until you find `RSAT: Group Policy Management Tools`. Check the box next to it and select install. - - ![add optional feature](/docs/imgs/gpo_pics/optional_features.png) -

- Figure 2: Add a feature -

- - ![install gpmc.msc](/docs/imgs/gpo_pics/rsat_gpmc_optional_features.png) -

- Figure 3: Install RSAT: Group Policy Management Tools -

- -- Note: You only need `gpmc.msc` installed on one machine to manage the others. For example, you can install it only on the Domain Controller and modify the Group Policy from that machine. - -### Installing Active Directory Domain Services - -If you receive the error `dsa.msc` cannot be found, you will need to install `Active Directoy Domain Services`. The process is nearly identical to the above section [Installing Group Policy Management Tools](#installing-group-policy-management-tools), save for the following exceptions: - - - For Windows Server, the feature is located under "Remote Server Administration Tools". Expand by pressing the arrow on the left and check the box next to `Role Administration Tools`. The other nested features should be selected as well. - - For Windows 10/11, the Optional Feature to install is called `RSAT: Active Directory Domain Services and Lightweight Directory Services Tools`. - -## Chapter 2 - Installing Sysmon +## Sysmon/Auditd installation: If you are having trouble not seeing Sysmon logs in the client's Event Viewer or not seeing forwarded logs on the WEC, first try restarting all of your systems and running `gpupdate /force` on the domain controller and clients. -### No Logs Forwarded from Clients +### No Logs Forwarded from Clients TODO update for new sysmon instructions When diagnosing issues in installing Sysmon on the clients using Group Policy, the first place to check is `Task Scheduler` on one of the clients. Look for `LME-Sysmon-Task` listed under "Active Tasks." Based on whether or not the task is listed, different troubleshooting steps will prove useful: @@ -70,27 +42,9 @@ Windows Tasks are a fickle beast. In order for a task to trigger for the first t #### 3. The task runs, but Sysmon is not installed -If you don't see `sysmon64` listed in `services.msc`, it's likely the install script failed somehow. Double check that the files are organized correctly according to the diagram in the [Chapter 2 checklist](/docs/markdown/chapter2.md#chapter-2---checklist). - -## Chapter 3 - Installing the ELK Stack and Retrieving Logs - -### Events not forwarded to Kibana -The `winlogbeat` service installed in [section 3.3](/docs/markdown/chapter3/chapter3.md#33-configuring-winlogbeat-on-windows-event-collector-server) is responsible for sending events from the collector to Kibana. Confirm the `winlogbeat` service is running and check the log file (`C:\ProgramData\winlogbeat\logs`) for errors. - -By default the `ForwardedEvents` maximum log size is around 20MB so events will be lost if the `winlogbeat` service stops. Consider increasing the size of the `ForwardedEvents` log file to help reduce log loss in this scenario. Historical logs are sent once the `winlogbeat` service starts. - -* Open Microsoft Event View (`eventvwr`) -* Expand _Windows Logs_ and right click _Forwarded Events_ -* Click _properties_ -* Adjust \_Maximum log size (KB)_ to a higher value. Note that the system will automatically adjust the size to the nearest multiple of 64KB. - -![Adjusting the log size](/docs/imgs/AdjustForwardedEventsLogSize.png) - -### Events not forwarding from Domain Controllers -Please be aware that Logging Made Easy does not currently support logging Domain Controllers, and the log volumes may be significant from servers with this role. If you wish to proceed forwarding logs from your Domain Controllers please be aware you do this at your own risk! Monitoring such servers has not been tested and may have unintended side effects. - - +If you don't see `sysmon64` listed in `services.msc`, it's likely the install script failed somehow. +## Logging Issues ### Space issues during install: If there are size constraints on your system and your system doesn't meet our expected requirements, you could run into issues like this [ISSUE](https://github.com/cisagov/LME/issues/19). @@ -104,16 +58,17 @@ root@util:~# resize2fs /dev/mapper/ubuntu--vg-ubuntu--lv ### Containers restarting/not running: Usually if you have issues with containers restarting there is probably something wrong with your host or the container itself. Like in the above sample, a wrong password could be preventing the Elastic Stack from operating properly. You can check the container logs like so: -``` -#TO list the name of the container -sudo docker ps --format "{{.Names}}" +```bash +sudo -i podman ps --format "{{.Names}} {{.Status}}" +``` +```bash #Using the above name you found, check its logs here. -sudo docker logs -f [CONTAINER_NAME] +sudo -i podman logs -f $CONTAINER_NAME ``` Hopefully that is enough to determine the issue, but below we have some common issues you could encounter: -#### Directory Permission issues +#### Directory Permission issues TODO redo this for podman If you encounter errors like [this](https://github.com/cisagov/LME/issues/15) in the container logs, probably your host ownership or permissions for mounted files, don't match what the container expects them to be. In this case the `/usr/share/elasticsearch/backups` which is mapped from `/opt/lme/backups` on the host. You can see this in the [docker-compose-stack.yml](https://github.com/cisagov/LME/blob/main/Chapter%203%20Files/docker-compose-stack.yml) file: ``` @@ -135,55 +90,76 @@ The user id in the container is 1000, so by setting the proper owner we fix the We know this by investigating the backing docker container image for elasticsearch [LINK](https://github.com/elastic/elasticsearch/blob/61d59b31a27448e3d7d28907717b1b8c23f52f3e/distribution/docker/src/docker/Dockerfile#L185) [GITHUB](https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile) -#### deploy.sh stalls on: waiting for elasticsearch to connect -This was a bug that was fixed in the current iteration of deploy.sh. This occurs if the `elastic` user password was already set in a previous deployment of LME. The easiest fix for this is to delete your old LME volumes as that will clear out any old settings that would be preventing install. + +## Container Troubleshooting: + +### "dependent containers which must be removed" +sometimes podman doesn't kill containers properly when you stop and start `lme.service` + +If you get the below error after inspecting the logs in systemd: +```bash +#journal: +journalctl -xeu lme-elasticsearch.service +#OR systemctl +systemctl status lme* ``` -#DONT RUN THIS IF YOU HAVE DATA YOU WANT TO PRESERVE!! -sudo docker volume rm lme_esdata -sudo docker volume rm lme_logstashdata + +ERROR: +```bash +ubuntu lme-elasticsearch[43436]: Error: container bf9cb322d092c13126bd0341a1b9c5e03b475599e6371e82d4d866fb088fc3c4 has dependent containers which must be removed before it: ff7a6b654913838050360a2cea14fa1fdf5be1d542e5420354ddf03b88a1d2c9: container already exists ``` -However most users will probably want to preserve their data, so using the following method you can reset the user password for the built-in elastic user. -Run the following commands to reset your user password to a known password +Then you'll need to do the following: +1. kill the other containers it lists manually +``` +sudo -i podman rm ff7a6b654913838050360a2cea14fa1fdf5be1d542e5420354ddf03b88a1d2c9 +sudo -i podman rm bf9cb322d092c13126bd0341a1b9c5e03b475599e6371e82d4d866fb088fc3c4 ``` -#grab the name: -sudo docker ps --format "{{.Names}}" | grep -i elastic -#go into elasticsearch container -sudo docker exec -it ${NAME_HERE} /bin/bash -#ignore cert issues with our self signed cert: -echo "xpack.security.http.ssl.verification_mode: certificate" >> config/elasticsearch.yml -#reset in the container: -#add a -f if needed -elasticsearch-reset-password -v -u elastic -i --url https://localhost:9200 +2. remove other containers that are dead: +``` +sudo -i podman ps -a +sudo podman rm $CONTAINER_ID +``` +4. restart the `lme.service` +``` +systemctl restart lme.service ``` -If the elasticsearch-reset-password is not available in your version of elasticsearch, you may be able to try recreating the container with a newer version of LME and running the same above steps. We have not tested this last suggestion, so attempting this last step won't be supported, but is worth a try if none of the above works. -### Elasticsearch fails to boot on Linux server -Sometimes environmental differences can make the installation process get screwed up [ISSUE](https://github.com/cisagov/LME/issues/21). If you have the luxury, you could perform a full reinstall: -If you are unable to access https://, this is most likely because the elasticsearch service fails to run on the Linux server. To perform a full reinstall: -``` -cd /opt/lme/Chapter\ 3\ Files/ -sudo ./deploy.sh uninstall -#delete everything: -rm -r /opt/lme -#Reclone the LME repository into /opt/lme/: -git clone git@github.com:cisagov/LME.git /opt/lme/ -#Navigate back to Chapter 3 Files: -cd /opt/lme/Chapter\ 3\ Files/ -sudo ./deploy.sh install -#Save credentials, then continue with Chapter 3 installation +### Memory in containers (need more ram//less ram usage) +If you're on a resource constrained host and need to limit/edit the memory used by the containers add the following into the quadlet file. The following is a git diff showing adding memory into the elasticsearch container. This can be done for any other quadlet as well. + +```bash +diff --git a/quadlet/lme-elasticsearch.container b/quadlet/lme-elasticsearch.container +index da3091a..fad3e8b 100644 +--- a/quadlet/lme-elasticsearch.container ++++ b/quadlet/lme-elasticsearch.container +@@ -22,7 +22,7 @@ Secret=kibana_system,type=env,target=KIBANA_PASSWORD + EnvironmentFile=/opt/lme/lme-environment.env + Image=localhost/elasticsearch:LME_LATEST + Network=lme +-PodmanArgs=--memory 8gb --network-alias lme-elasticsearch --health-interval=2s ++PodmanArgs= --network-alias lme-elasticsearch --health-interval=2s + PublishPort=9200:9200 + Ulimit=memlock=-1:-1 + Volume=lme_certs:/usr/share/elasticsearch/config/certs ``` -Optionally you could uninstall docker entirely and reinstall it from the deploy.sh script. If you do end up removing Docker this link could be helpful: https://askubuntu.com/a/1021506. -## Chapter 4 and Beyond +### JVM heap size TODO finish +It may be that you have alot of ram to work with and want your container to consume that RAM (especially in the case of elasticsearch running under the Java Virtual Machine. Elasticsearch is written in Java). + +So you'll want to edit the JVM options: [ELASTIC_DOCS_JVM](https://www.elastic.co/guide/en/elasticsearch/reference/current/advanced-configuration.html) +To do that in the container, you'll want to.... + + +## Elastic troubleshooting steps ### Manual Dashboard Install This step should not be required by default, and should only be used if the installer has failed to automatically populate the expected dashboards or if you wish to make use of your own modified version of the supplied visualizations. Each dashboard and its visualization objects is contained within a NDJSON file (previously JSON) and can be easily imported -You can now import the dashboards by clicking โ€˜Managementโ€™ -> โ€˜Stack Managementโ€™ -> โ€˜Saved Objectsโ€™. Please follow the steps in Figure 4, and the NDJSON files are located in [Chapter 4 Files\dashboards](/Chapter%204%20Files/dashboards). +You can now import the dashboards by clicking โ€˜Managementโ€™ -> โ€˜Stack Managementโ€™ -> โ€˜Saved Objectsโ€™. Please follow the steps in Figure 4, and the NDJSON files are located in [dashboards/](/dashboards). ![Importing Objects](/docs/imgs/import.png) @@ -215,11 +191,11 @@ Select "Index Patterns" under Kibana Stack Management: ![Check Default Index](/docs/imgs/index-patterns.png) -Verify that the "Default" label is set next to the ```winlogbeat-*``` Index pattern: +Verify that the "Default" label is set next to the ```INDEX_NAME-*``` Index pattern: ![Check Default Index](/docs/imgs/default-winlogbeat.png) -If this Index pattern is not selected as the default, this can be re-done by clicking on the ```winlogbeat-*``` pattern and then selecting the following option in the subsequent page: +If this Index pattern is not selected as the default, this can be re-done by clicking on the ```INDEX_NAME-*``` pattern and then selecting the following option in the subsequent page: ![Set Default Index](/docs/imgs/default-index-pattern.png) @@ -280,15 +256,6 @@ Note that this will need to be run for each index that contains problematic data For security the self-signed certificates generated for use by LME at install time will only remain valid for a period of two years, which will cause LME to stop functioning once these certificates expire. In this case the certificates can be recreated by following the instructions detailed [here](/docs/markdown/maintenance/certificates.md#regenerating-self-signed-certificates). -### Dashboard Update Script Failing - -If you encounter an error when the dashboards are updated using the dashboard update script, either manually or as part of automatic updates, this may mean that your current version of Elastic is too old to support the minimum functionality required for the new dashboard versions. Ensure that the latest supported version of the Elastic stack is in use with the following command: -``` -cd /opt/lme/Chapter\ 1\ Files/ -sudo ./deploy.sh update -``` -Then upload the latest dashboards by following one of the methods described [here](/docs/markdown/chapter4.md#411-import-initial-dashboards). - ## Other Common Errors @@ -302,13 +269,14 @@ LME currently runs using the docker stack deployment architecture. To Stop LME: ``` -sudo docker stack rm lme +sudo systemctl stop lme.service ``` To Start LME: ``` -sudo docker stack deploy lme --compose-file /opt/lme/Chapter\ 3\ Files/docker-compose-stack-live.yml +sudo systemctl restart lme.service ``` + ## Using API ### Changing elastic Username Password diff --git a/quadlet/lme-elasticsearch.container b/quadlet/lme-elasticsearch.container index da3091a4..fad3e8bb 100644 --- a/quadlet/lme-elasticsearch.container +++ b/quadlet/lme-elasticsearch.container @@ -22,7 +22,7 @@ Secret=kibana_system,type=env,target=KIBANA_PASSWORD EnvironmentFile=/opt/lme/lme-environment.env Image=localhost/elasticsearch:LME_LATEST Network=lme -PodmanArgs=--memory 8gb --network-alias lme-elasticsearch --health-interval=2s +PodmanArgs= --network-alias lme-elasticsearch --health-interval=2s PublishPort=9200:9200 Ulimit=memlock=-1:-1 Volume=lme_certs:/usr/share/elasticsearch/config/certs diff --git a/quadlet/lme-kibana.container b/quadlet/lme-kibana.container index cbbba789..fe0e9c7b 100644 --- a/quadlet/lme-kibana.container +++ b/quadlet/lme-kibana.container @@ -20,7 +20,7 @@ Secret=kibana_system,type=env,target=ELASTICSEARCH_PASSWORD EnvironmentFile=/opt/lme/lme-environment.env Image=localhost/kibana:LME_LATEST Network=lme -PodmanArgs=--memory 4gb --network-alias lme-kibana --requires lme-elasticsearch --health-interval=2s +PodmanArgs= --network-alias lme-kibana --requires lme-elasticsearch --health-interval=2s PublishPort=5601:5601,443:5601 Volume=lme_certs:/usr/share/kibana/config/certs Volume=lme_kibanadata:/usr/share/kibana/data diff --git a/scripts/wazuh_rbac.sh b/scripts/wazuh_rbac.sh new file mode 100755 index 00000000..53e89ec8 --- /dev/null +++ b/scripts/wazuh_rbac.sh @@ -0,0 +1,3 @@ +#!/bin/bash +source /root/.profile +podman exec -it lme-wazuh-manager /var/ossec/bin/rbac_control change-password From a2cacabfe8f66b4265fb1d095b5eb75a29778ac1 Mon Sep 17 00:00:00 2001 From: "Grant (SNL)" <108766839+rgbrow1949@users.noreply.github.com> Date: Wed, 23 Oct 2024 11:03:39 -0600 Subject: [PATCH 12/19] Sysmon Install Powershell Script (#480) * Automatic sysmon install powershell script * Documentation on installing sysmon --- README.md | 9 +++++++++ scripts/install_sysmon.ps1 | 8 ++++++++ 2 files changed, 17 insertions(+) create mode 100644 scripts/install_sysmon.ps1 diff --git a/README.md b/README.md index fefdcd9e..4d28188e 100644 --- a/README.md +++ b/README.md @@ -261,6 +261,15 @@ sudo -i podman volume rm -a ``` **WARNING THIS WILL DELETE EVERYTHING!!!** +## Installing Sysmon on Windows Clients: + +Sysmon provides valuable logs for windows computers. For each of your windows client machines, install Sysmon like so: + +1. Download Logging Made Easy and unzip the folder. +2. From inside the unzipped folder, run the following command in Administrator Powershell: +``` +.\scripts\install_sysmon.ps1 +``` ### Other Post install setup: A few other things are needed and you're all set to go. diff --git a/scripts/install_sysmon.ps1 b/scripts/install_sysmon.ps1 new file mode 100644 index 00000000..c8249ee6 --- /dev/null +++ b/scripts/install_sysmon.ps1 @@ -0,0 +1,8 @@ +๏ปฟ# Curl and unzip sysmon off the windows sysinternals page +curl https://download.sysinternals.com/files/Sysmon.zip -OutFile sysmon.zip +Expand-Archive sysmon.zip +# Curl and unzip the swift on config xml +curl https://github.com/SwiftOnSecurity/sysmon-config/archive/refs/heads/master.zip -OutFile sysmon-config.zip +Expand-Archive sysmon-config.zip +# install sysmon +.\sysmon\sysmon -accepteula -i .\sysmon-config\sysmon-config-master\sysmonconfig-export.xml \ No newline at end of file From a5196ac1c5b63c43c41d0c06acdfba7b2e9124c2 Mon Sep 17 00:00:00 2001 From: Michael Reeves <147089975+mreeve-snl@users.noreply.github.com> Date: Thu, 24 Oct 2024 11:03:32 -0400 Subject: [PATCH 13/19] Mreeve elastalert 2 (#483) * add wazuh documentation * Update wazuh-configuration.md * Update wazuh-configuration.md * add agent management documentation * update wazuh * wazuh active reponse doc * Update elastic-agent-mangement.md * sysmon install and auditd install * update * Remove memory limitations in kibana/elasticsearch quadlets * adding starting dashboards docs + scripting * adding starting dashboards docs + scripting * Fixing passwords in init-setup * Uploading first setup of post-install.yml * Removing old dashboard * Uplloading updated documentation * Remove optional passowrd setting and add in small changes * Updating post_install to include wazuh reset and readonly_user creation * Adding notes on manual passwords: - leaving notes on this, but stating its unsupported * starting to integrate notes * Update install-auditd.md to include script * update faq and troubleshooting * formatting agent section * Push documentation changes: - remove old irrelevant TOC links to rest of docs - setup agent/tool docs - fix up missing pieces - add docs for certificates.md,upgrading,faq,troubleshooting * Adding elastalert2 * Adding elastalert container * Adding elastalert2 config * add health checks for fleet server * add health checks to wazuh * Updating diagram, and readme wtih some clarifying changes * Move faq back to its original spot * refactored dashboards, adding divines dashboards * Adding in powershell script from grant + updated Readme * ADd back fleet with healthcheck * Add Wazuh with health check * Add support for backups * Remove todo under backups * adjust dashboard names --------- Co-authored-by: awarz Co-authored-by: Andrew Arz <149685528+aarz-snl@users.noreply.github.com> Co-authored-by: Connor Aubry Co-authored-by: Diabe --- README.md | 399 +++++++++++------- ansible/post_install_local.yml | 2 +- config/containers.txt | 1 + config/elastalert2/config.yaml | 18 + .../rules/windows_event_logs_cleared.yaml | 53 +++ config/elasticsearch.yml | 7 + dashboards/elastic/User_Security_2.ndjson | 39 -- .../elastic/alerting_dashboard_2_0.ndjson | 22 + .../computer_software_overview_2_0.ndjson | 14 + ...redential_access_logs_dashboard_2_0.ndjson | 20 + .../healthcheck_dashboard_overview.ndjson | 11 + .../identity_access_management_2_0.ndjson | 9 + ...icy_changes_and_system_activity_2_0.ndjson | 14 + ...vileged_activity_log_dashboards_2_0.ndjson | 9 + .../elastic/process_explorer_2.0.ndjson | 12 + ...security_dashboard_security_log_2_0.ndjson | 61 +++ dashboards/elastic/sysmon_summary.ndjson | 11 + dashboards/elastic/user_hr_2_0.ndjson | 14 + dashboards/elastic/user_security_2_0.ndjson | 43 ++ docs/imgs/insecure-powershell.png | Bin 0 -> 746536 bytes docs/imgs/lme-architecture-v2.jpg | Bin 929763 -> 448003 bytes .../agents/elastic-agent-mangement.md | 95 +++++ docs/markdown/agents/wazuh-active-response.md | 67 +++ docs/markdown/agents/wazuh-agent-mangement.md | 150 +++++++ .../markdown/endpoint-tools/install-auditd.md | 169 ++++++++ .../markdown/endpoint-tools/install-sysmon.md | 66 +++ .../logging-guidance/other-logging.md | 301 ------------- docs/markdown/maintenance/backups.md | 44 +- docs/markdown/maintenance/certificates.md | 226 ++++------ .../markdown/maintenance/painless-reindex.txt | 13 - docs/markdown/maintenance/upgrading.md | 9 +- .../maintenance/wazuh-configuration.md | 64 +++ docs/markdown/reference/faq.md | 38 +- docs/markdown/reference/troubleshooting.md | 154 ++----- quadlet/lme-backups.volume | 12 + quadlet/lme-elastalert.container | 32 ++ quadlet/lme-elasticsearch.container | 2 + quadlet/lme-fleet-server.container | 10 +- quadlet/lme-wazuh-manager.container | 6 +- 39 files changed, 1417 insertions(+), 800 deletions(-) create mode 100644 config/elastalert2/config.yaml create mode 100644 config/elastalert2/rules/windows_event_logs_cleared.yaml create mode 100644 config/elasticsearch.yml delete mode 100644 dashboards/elastic/User_Security_2.ndjson create mode 100644 dashboards/elastic/alerting_dashboard_2_0.ndjson create mode 100644 dashboards/elastic/computer_software_overview_2_0.ndjson create mode 100644 dashboards/elastic/credential_access_logs_dashboard_2_0.ndjson create mode 100644 dashboards/elastic/healthcheck_dashboard_overview.ndjson create mode 100644 dashboards/elastic/identity_access_management_2_0.ndjson create mode 100644 dashboards/elastic/policy_changes_and_system_activity_2_0.ndjson create mode 100644 dashboards/elastic/privileged_activity_log_dashboards_2_0.ndjson create mode 100644 dashboards/elastic/process_explorer_2.0.ndjson create mode 100644 dashboards/elastic/security_dashboard_security_log_2_0.ndjson create mode 100644 dashboards/elastic/sysmon_summary.ndjson create mode 100644 dashboards/elastic/user_hr_2_0.ndjson create mode 100644 dashboards/elastic/user_security_2_0.ndjson create mode 100644 docs/imgs/insecure-powershell.png create mode 100644 docs/markdown/agents/elastic-agent-mangement.md create mode 100644 docs/markdown/agents/wazuh-active-response.md create mode 100644 docs/markdown/agents/wazuh-agent-mangement.md create mode 100644 docs/markdown/endpoint-tools/install-auditd.md create mode 100644 docs/markdown/endpoint-tools/install-sysmon.md delete mode 100644 docs/markdown/logging-guidance/other-logging.md delete mode 100644 docs/markdown/maintenance/painless-reindex.txt create mode 100644 docs/markdown/maintenance/wazuh-configuration.md create mode 100644 quadlet/lme-backups.volume create mode 100644 quadlet/lme-elastalert.container diff --git a/README.md b/README.md index 4d28188e..7476adeb 100644 --- a/README.md +++ b/README.md @@ -1,27 +1,34 @@ +[![BANNER](/docs/imgs/REPLACEME)]() + [![Downloads](https://img.shields.io/github/downloads/cisagov/lme/total.svg)]() # Logging Made Easy: -CISA's Logging Made Easy has a self-install tutorial for organizations to gain a basic level of centralized security logging for Windows clients and provide functionality to detect attacks. LME is the integration of multiple open software platforms which come at no cost to users. LME helps users integrate software platforms together to produce an end-to-end logging capability. LME also provides some pre-made configuration files and scripts, although there is the option to do this on your own. +Logging Made Easy (LME) is a free, open-source platform developed by CISA to centralize log collection, enhance threat detection, and enable real-time alerting, helping organizations of all sizes secure their infrastructure. LME offers a seamless user experience, integrating Wazuh and Elastic tools to improve detection accuracy and enable endpoint security. -Logging Made Easy can: +Whether you're upgrading from a previous version or deploying for the first time, LME offers a scalable, efficient solution for logging and endpoint security with a range of advanced features: -- Show where administrative commands are being run on enrolled devices -- See who is using which machine -- In conjunction with threat reports, it is possible to query for the presence of an attacker in the form of Tactics, Techniques and Procedures (TTPs) +- Enhanced Threat Detection and Response: Integrates Wazuhโ€™s open-source tools and Elastic Fleet for improved detection accuracy and faster response times. +- Security by Design: Utilizes containerization and encryption to meet the highest security standards. +- Simplified Installation: Ansible scripts automate deployment for faster setup and easier maintenance. +- Custom Data Visualization: Create personalized dashboards for tailored monitoring. +- Comprehensive Testing: Expanded unit testing and threat emulation ensure system stability and reliability. -## Disclaimer: -LME is still in development, and version 2.1 will address scaling out the deployment. +## Updates: -While LME offers SEIM like capabilities, it should be consider a small simple SIEM. +With our LME 2.0 release, weโ€™re introducing several new features and architectural components: + - LME now provides organizations with SIEM capabilities to enhance event management, threat detection, and alerting. + - The LME team simplified the installation process and created clear instructions on what to download and which configurations to use. + - Ansible scripts to automate the install and also provide detailed steps for users that want to manually install. -The LME team simplified the process and created clear instruction on what to download and which configugrations to use, and created convinent scripts to auto configure when possible. +LME 2.0 is still in development, and version 2.1 will address scaling out the deployment. -LME is not able to comment on or troubleshoot individual installations. If you believe you have have found an issue with the LME code or documentation please submit a GitHub issue. If you have a question about your installation, please look through all open and closed issues to see if it has been addressed before. If not, then submit a [GitHub issue](https://github.com/cisagov/lme/issues) using the Bug Template, ensuring that you provide all the requested information. +## Questions or Feedback: +The LME team is not able to comment on or troubleshoot individual installations. If you believe you have found an issue with the LME code or documentation, please submit a GitHub issue. If you have a question about your installation, please look through all open and closed issues to see if it has been addressed before. If not, then submit a [GitHub issue](https://github.com/cisagov/lme/issues) using the Bug Template, ensuring that you provide all the requested information. For general questions about LME and suggestions, please visit [GitHub Discussions](https://github.com/cisagov/lme/discussions) to add a discussion post. @@ -31,27 +38,48 @@ From single IT administrators with a handful of devices in their network to larg LME is suited for for: -- Organizations without [SOC](https://en.wikipedia.org/wiki/Information_security_operations_center), SIEM or any monitoring in place at the moment. +- Organizations without Security OPerations Center ([SOC](https://en.wikipedia.org/wiki/Information_security_operations_center)), Security Information and Event Management (SIEM), or any monitoring in place at the moment. - Organizations that lack the budget, time or understanding to set up a logging system. - Organizations that that require gathering logs and monitoring IT -- Organizations that understand LMEs limitiation - ## Table of Contents: - [Pre-Requisites:](#architecture) - [Architecture:](#architecture) -- [Installation:](#installation) +- [Installation:](#installing-lme) - [Deploying Agents:](#deploying-agents) - [Password Encryption:](#password-encryption) - [Further Documentation & Upgrading:](#documentation) +- [Uninstall (if you want to remove LME):](#uninstall) ## Pre-Requisites If you are unsure you meet the pre-requisites to installing LME, please read our [prerequisites documentation](/docs/markdown/prerequisites.md). The biggest Pre-requisite is setting up hardware for your ubuntu server with a minimum of `2 processors`, `16gb ram`, and `128gb` of dedicated storage for LME's Elasticsearch database. +If you really want to try to run with less than 16gb ram or at a minimum amount of hardware you can follow the troubleshooting guide to setup the podman quadlets to run with a limited amount of ram. We suggest setting elasticsearch to a limit of `8gb` and kibana to a limit of `4gb`. See the guide [here](/docs/markdown/reference/troubleshooting.md#memory-in-containers-need-more-ramless-ram-usage) + ## Architecture: -Ubuntu 22.04 server running podman containers setup as podman quadlets controlled via systemd. +LME runs on Ubuntu 22.04 and leverages Podman containers for security, performance, and scalability. Weโ€™ve integrated Wazuhโ€™s Manager and Agent with Elastic to provide comprehensive log collection, endpoint security monitoring, alerting, and data visualization capabilities. This modular, flexible architecture supports efficient log storage, search, and threat detection, and will enable seamless scaling to meet your organizationโ€™s evolving security and logging requirements. + + +### Diagram: + +![diagram](/docs/imgs/lme-architecture-v2.jpg) + +### why Podman?: +We chose Podman as LMEโ€™s container engine because it is more secure (by default) against container escape attacks than other engines like Docker. It also is far more debug and programmer friendly. Weโ€™re making use of Podmanโ€™s unique features, such as Quadlets (Podman's systemd integration) and User Namespacing, to increase system security and operational efficiency. + +### Containers: +Containerization allows each component of LME to run independently, increasing system security, improving performance, and making troubleshooting easier. Below are the containers weโ€™re using for LME: + - **Setup**: runs `/config/setup/init-setup.sh` based on the configuration of DNS defined in `/config/setup/instances.yml`. The script will create a CA, underlying certs for each service, and intialize the admin accounts for elasticsearch(user:`elastic`) and kibana(user:`kibana_system`). + - **Elasticsearch**: runs the database for LME and indexes all logs. + - **Kibana**: the front end for querying logs, investigating via dashboards, and managing fleet agents. + - **Elastic Fleet-Server**: [executes](executes) a [elastic agent ](https://github.com/elastic/elastic-agent) in fleet-server mode. It coordinates elastic agents to gather logs and status from clients. Configuration is inspired by the [elastic-container](https://github.com/peasead/elastic-container) project. + - Elastic agents provide integrations, have more features than winlogbeat. + - **Wazuh-Manager**: runs the wazuh manager so we can deploy and manage wazuh agents. + - Wazuh (open source) gives EDR (Endpoint Detection Response) with security dashboards to cover the security of all of the machines. + - **LME-Frontend** (*coming in a future release*): will host an api and gui that unifies the architecture behind one interface + ### Required Ports: Ports required are as follows: - Elasticsearch: *9200* @@ -61,38 +89,37 @@ Ports required are as follows: **Kibana NOTE**: 5601 is the default port, and we've set kibana to listen on 443 as well -### Diagram: +### Agents and Agent Management: +LME leverages both Wazuh and Elastic agents providing more comprehensive logging and security monitoring across various log sources. The agents gather critical data from endpoints and send it back to the LME server for analysis, offering organizations deeper visibility into their security posture. We also make use of the Wazuh Manager and Elastic Fleet for agent orchestration and management. -![diagram](/docs/imgs/lme-architecture-v2.jpg) +- **Wazuh Agents**: Enables Endpoint Detection and Response (EDR) on client systems, providing advanced security features like intrusion detection and anomaly detection. https://github.com/wazuh/wazuh-agent +- **Wazuh Manager**: Responsible for managing Wazuh Agents across endpoints, and overseeing agent registration, configuration, and data collection, providing centralized control for monitoring security events and analyzing data. +- **Elastic Agents**: Enhance log collection and management, allowing for greater control and customization in how data is collected and analyzed. Agents also feature a vast collection of integrations for many log types/applications https://github.com/elastic/elastic-agent +- **Elastic Fleet**: Responsible for managing Elastic Agents across your infrastructure, providing centralized control over agent deployment, configuration, and monitoring. It simplifies the process of adding and managing agents on various endpoints. ElasticFleet also supports centralized updates and policy management. -### why podman?: -Podman is more secure (by default) against container escape attacks than Docker. It also is far more debug and programmer friendly for making containers secure. -### Containers: - - setup: runs `/config/setup/init-setup.sh` based on the configuration of dns defined in `/config/setup/instances.yml`. The script will create a CA, underlying certs for each service, and intialize the admin accounts for elasticsearch(user:`elastic`) and kibana(user:`kibana_system`). - - elasticsearch: runs the database for LME and indexes all logs - - kibana: the front end for querying logs, investigating via dashboards, and managing fleet agents... - - fleet-server: executes a [elastic agent ](https://github.com/elastic/elastic-agent) in fleet-server mode. It coordinates elastic agents to gather logs and status from clients. Configuration is inspired by the [elastic-container](https://github.com/peasead/elastic-container) project. - - Elastic agents provide integrations, have more features than winlogbeat. - - wazuh-manager: runs the wazuh manager so we can deploy and manage wazuh agents. - - Wazuh (open source) gives EDR (Endpoint Detection Response) with security dashboards to cover the security of all of the machines. - - lme-frontend (*coming in a future release*): will host an api and gui that unifies the architecture behind one interface +### Alerting: +LME has setup [ElastAlert](https://elastalert2.readthedocs.io/en/latest/index.html), an open-source alerting framework, to automate alerting based on data stored in Elasticsearch. It monitors Elasticsearch for specific patterns, thresholds, or anomalies, and generates alerts when predefined conditions are met. This provides proactive detection of potential security incidents, enabling faster response and investigation. ElastAlertโ€™s flexible rule system allows for custom alerts tailored to your organizationโ€™s security monitoring needs, making it a critical component of the LME alerting framework. + +### Log Storage and Search: + +[Elasticsearch](https://www.elastic.co/elasticsearch) is the core component for log storage and search in LME. It indexes and stores logs and detections collected from Elastic and Wazuh Agents, allowing for fast, real-time querying of security events. Elasticsearch enables users to search and filter large datasets efficiently, providing a powerful backend for data analysis and visualization in Kibana. Its scalability and flexibility make it essential for handling the high-volume log data generated across different endpoints within LME's architecture. -### Agents: -Wazuh agents will enable EDR capabilities, while Elastic agents will enable logging capabilities. +### Data Visualization and Querying: +[Kibana](https://www.elastic.co/kibana) is the visualization and analytics interface in LME, providing users with tools to visualize and monitor log data stored in Elasticsearch. It enables the creation of custom dashboards and visualizations, allowing users to easily track security events, detect anomalies, and analyze trends. Kibana's intuitive interface supports real-time insights into the security posture of an organization, making it an essential tool for data-driven decision-making in LMEโ€™s centralized logging and security monitoring framework. - - https://github.com/wazuh/wazuh-agent - - https://github.com/elastic/elastic-agent +## Installing LME: +LME now includes Ansible scripts to automate the installation process, making deployment faster and more efficient. You can follow our [installation video](TODO LINK HERE) for further guidance. +These steps will guide you through setting up LME on your Ubuntu 22.04 server, ensuring a smooth and secure deployment. -## Installation: -Please ensure you follow all the configuration steps required below. +**Please ensure you follow all the configuration steps required below.** -**Upgrading**: +#####**Upgrading**: If you are a previous user of LME and wish to upgrade from 1.4 -> 2.0, please see our [upgrade documentation](/docs/markdown/maintenance/upgrading.md). ### Downloading LME: -**All steps will assume you start in your cloned directory of LME on your ubuntu 22.04 server** +**All steps will assume you start the downloaded or cloned directory of LME on your Ubuntu 22.04 server** We suggest you install the latest release version of Logging made easy using the following commands: @@ -104,6 +131,7 @@ Download and Unzip the latest version of LME. This will add a path to ~/LME with ``` curl -s https://api.github.com/repos/cisagov/LME/releases/latest | jq -r '.assets[0].browser_download_url' | xargs -I {} sh -c 'curl -L -O {} && unzip -d ~/LME $(basename {})' ``` +***Developer Note: if you're looking to develop LME, its suggested you `git clone` rather than downloading, please see our [DEV docs](#developer-notes)*** ### Operating system: **Ubuntu 22.04**: Make sure you run an install on ubuntu 22.04, thats the operating system which has been tested the most. @@ -132,8 +160,6 @@ cp ./config/example.env ./config/lme-environment.env IPVAR=127.0.0.1 #your hosts ip ``` - - ### **Automated Install** You can run this installer to run the total install in ansible. @@ -153,15 +179,14 @@ ansible-playbook ./ansible/install_lme_local.yml -e "clone_dir=/path/to/clone/di This also assumes your user can sudo without a password. If you need to input a password when you sudo, you can run it with the `-K` flag and it will prompt you for a password. #### Steps performed in automated install: -TODO finalize this with more words -1. Setup /opt/lme, check sudo, and configure other required directories/files -2. Setup password information -3. Setup Nix -4. set service user passwords -5. Install Quadlets +1. Setup /opt/lme, check for sudo access, and configure other required directories/files +2. Setup password information: configures the password vault and other configuration for the service user passwords +3. Setup [Nix](https://nixos.org/): nix is the opensource package manager we use to install the latest version of podman +4. set service user passwords: actually sets the service user passwords that are encrypted according to the [security model](/docs/markdown/reference/security-model.md) +5. Install Quadlets: the quadlet files are setup in the directories described below to be setup as systemd services 6. Setup Containers for root: The contianers listed in `$clone_directory/config/containers.txt` will be pulled and tagged -7. Start lme.service +7. Start lme.service: kicks of the start of LME service containers #### NOTES: @@ -176,6 +201,22 @@ TODO finalize this with more words 3. the master password will be stored at `/etc/lme/pass.sh` and owned by root, while service user passwords will be stored at `/etc/lme/vault/` +4. lme.service is a KICK START systemd service. It will always succeed and is designed so that the other lme services can be stopped and restarted by stopping/restarting lme.service. +For example, to stop all of lme: +```bash +sudo -i systemctl stop lme.service +``` + +To restart all of lme: +```bash +sudo -i systemctl restart lme.service +``` + +To start all of lme: +```bash +sudo -i systemctl start lme.service +``` + ### Verification post install: Make sure to use `-i` to run a login shell with any commands that run as root, so environment varialbes are set proprerly [LINK](https://unix.stackexchange.com/questions/228314/sudo-command-doesnt-source-root-bashrc) @@ -186,34 +227,41 @@ sudo systemctl daemon-reload sudo systemctl list-unit-files lme\* ``` -Debug if necessary: +Debug if necessary. The first step is to check the status of individual services listed above: ```bash #if something breaks use this to see what goes on: -sudo -i journalctl -xu lme.service -#or sub in whatever service you want +SERVICE_NAME=lme-elasticsearch.service +sudo -i journalctl -xu $SERVICE_NAME +``` +If somehting is broken try restarting the services and making sure failed services reset before starting: +```bash #try resetting failed: sudo -i systemctl reset-failed lme* sudo -i systemctl restart lme.service - -#also try inspecting container logs: -#CONTAINER_NAME=lme-elasticsearch -sudo -i podman logs -f $CONTAINER_NAME ``` -2. Check conatiners are running and healthy: +2. Check conatiners are running and healthy. this is also how to print out the container names! ```bash sudo -i podman ps --format "{{.Names}} {{.Status}}" ``` example output: ```shell -lme-elasticsearch Up 2 hours (healthy) -lme-kibana Up 2 hours (healthy) -lme-wazuh-manager Up About an hour -lme-fleet-server Up 50 minutes +lme-elasticsearch Up 19 hours (healthy) +lme-wazuh-manager Up 19 hours +lme-kibana Up 19 hours (healthy) +lme-fleet-server Up 19 hours +lme-elastalert2 Up 17 hours +``` +This also prints the names of the containers in the first column of text on the left. You'll want the container names + +If a container is missing you can check its logs here: +```bash +#also try inspecting container logs: +$CONTAINER_NAME=lme-elasticsearch #change this to your container name you want to monitor lme-kibana, etc... +sudo -i podman logs -f $CONTAINER_NAME ``` -We are working on getting health check commands for wazuh and fleet, currently they are not integrated 3. Check you can connect to elasticsearch ```bash @@ -222,7 +270,7 @@ curl -k -u elastic:$(sudo -i ansible-vault view /etc/lme/vault/$(sudo -i podman ``` 4. Check you can connect to kibana -You can use an ssh proxy to forward a local port to the remote linux host +You can use an ssh proxy to forward a local port to the remote linux host. To login as the elastic admin use the username `elastic` and elastics password grabbed from the export password script [here](#grabbing-passwords) ```bash #connect via ssh if you need to ssh -L 8080:localhost:5601 [YOUR-LINUX-SERVER] @@ -230,46 +278,6 @@ ssh -L 8080:localhost:5601 [YOUR-LINUX-SERVER] #https://localhost:8080 ``` -### To Uninstall: - -To uninstall everything: -**WARNING THIS WILL DELETE EVERYTHING!!!** -``` bash -sudo -i -u root -systemctl stop lme* && systemctl reset-failed && podman volume rm -a && podman secret rm -a && rm -rf /opt/lme && rm -rf /etc/lme && rm -rf /etc/containers/systemd -``` - -To stop/optionally uninstall things: -**WARNING THIS WILL DELETE EVERYTHING!!!** -Stop lme services: -```bash -sudo systemctl stop lme* -sudo systemctl disable lme.service -sudo -i podman stop $(sudo -i podman ps -aq) -sudo -i podman rm $(sudo -i podman ps -aq) -``` -**WARNING THIS WILL DELETE EVERYTHING!!!** - -To delete only lme volumes: -```bash -sudo -i podman volume ls --format "{{.Name}}" | grep lme | xargs podman volume rm -``` -or -To delete all volumes: -```bash -sudo -i podman volume rm -a -``` -**WARNING THIS WILL DELETE EVERYTHING!!!** - -## Installing Sysmon on Windows Clients: - -Sysmon provides valuable logs for windows computers. For each of your windows client machines, install Sysmon like so: - -1. Download Logging Made Easy and unzip the folder. -2. From inside the unzipped folder, run the following command in Administrator Powershell: -``` -.\scripts\install_sysmon.ps1 -``` ### Other Post install setup: A few other things are needed and you're all set to go. @@ -288,61 +296,66 @@ lme-kibana Up 36 minutes (healthy) lme-fleet-server Up 35 minutes ``` -If you see something like the above you're good to go to run the command: +If you see something like the above you're good to go to run the command. The services need to be running when you execute this playbook, it makes api calls to the kibana, fleet, and wazuh services. ``` ansible-playbook ./ansible/post_install_local.yml ``` -You'll see the following in the `/opt/lme/dashboards/elastic/` and `/opt/lme/dashboards/wazuh/` directories if dashboard installation was successful: -```bash +**IMPORTANT**: the post install script will setup the password for a `readonly_user` to use with analysts that want to query/hunt in elasticsearch, but don't need access to administrator functionality. +The end of the script will output the password of hte read only user... be sure to save that somewhere. +Heres an example where the password is `oz9vLny0fB3HA8S2hH!FLZ06TvpaCq`. Every time this script is run that password for the readonly user will be changed, so be careful to make sure you only run this when you need to, ideally one time. +```bash +TASK [DISPLAY NEW READONLY USER PASSWORD] *************************************************************************************************************************************** +ok: [localhost] => { + "msg": "LOGIN WITH readonly_user via:\n USER: readonlyuser\nPassword: oz9vLny0fB3HA8S2hH!FLZ06TvpaCq" + } + + PLAY RECAP ********************************************************************************************************************************************************************** + localhost : ok=27 changed=6 unreachable=0 failed=0 skipped=3 rescued=0 ignored=0 + ``` -## Deploying Agents: - -### Deploy Wazuh Agent on client machine (Linux) - -curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg - -echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list - -apt-get update - -WAZUH_MANAGER="CHANGE ME TO DOCKER HOST IP ADDRESS" apt-get install wazuh-agent - -Start the service: +#### Verify post install: +Run the following commands to check `/opt/lme/dashboards/elastic/` and `/opt/lme/dashboards/wazuh/` directories if dashboard installation was successful: +```bash +sudo -i +ls -al /opt/lme/FLEET_SETUP_FINISHED +ls -al /opt/lme/dashboards/elastic/INSTALLED +ls -al /opt/lme/dashboards/wazuh/INSTALLED ``` -systemctl daemon-reload -systemctl enable wazuh-agent -systemctl start wazuh-agent + +which should look like the following: +```bash +root@ubuntu:~# ls -al /opt/lme/FLEET_SETUP_FINISHED +-rw-r--r-- 1 root root 0 Oct 21 18:41 /opt/lme/FLEET_SETUP_FINISHED +root@ubuntu:~# ls -al /opt/lme/dashboards/elastic/INSTALLED +-rw-r--r-- 1 root root 0 Oct 21 18:44 /opt/lme/dashboards/elastic/INSTALLED +root@ubuntu:~# ls -al /opt/lme/dashboards/wazuh/INSTALLED +-rw-r--r-- 1 root root 0 Oct 21 19:01 /opt/lme/dashboards/wazuh/INSTALLED ``` -### Deploy Wazuh Agent On client Machine (Windows) +## Deploying Agents: +We have seperate guides on deploying Wazuh and Elastic in seperate docs, please see links below: +Eventually these steps will be more automated in a future release. -From PowerShell with admin capabilities run the following command +##### - [Deploy Wazuh Agent](/docs/markdown/agents/wazuh-agent-mangement.md) +##### - [Deploying Elastic-Agent](/docs/markdown/agents/elastic-agent-mangement.md) -``` -Invoke-WebRequest -Uri https://packages.wazuh.com/4.x/windows/wazuh-agent-4.7.5-1.msi -OutFile wazuh-agent-4.7.5-1.msi;` -Start-Process msiexec.exe -ArgumentList '/i wazuh-agent-4.7.5-1.msi /q WAZUH_MANAGER="IPADDRESS OF WAZUH HOST MACHINE"' -Wait -NoNewWindow` -``` +### Installing Sysmon on Windows Clients: -Start the service: +Sysmon provides valuable logs for windows computers. For each of your windows client machines, install Sysmon like so: +1. Download Logging Made Easy and unzip the folder. +2. From inside the unzipped folder, run the following command in Administrator Powershell: ``` -NET START Wazuh +.\scripts\install_sysmon.ps1 ``` - -### Deploying Elastic-Agent: -1. Run the `scripts/set-fleet.sh` file -2. follow the gui and deploy an agent on your client: https://0.0.0.0:5601/app/fleet/agents -3. Then login to kibana, go to fleet, click 'add agent' choose linux or windows depending on what endpoint. I like to perform these lines of code one at a time for testing. The final line where it actually does the install... add --insecure to the end. This is until we figure out how to do this with the certs in the cert store etc. - - ## Password Encryption: Password encryption is enabled using ansible-vault to store all lme user and lme service user passwords at rest. -We do submit a hash of the password to Have I been pwned to check to see if it is compromised: [READ MORE HERE](https://haveibeenpwned.com/FAQs) +We do submit a hash of the password to Have I been pwned to check to see if it is compromised: [READ MORE HERE](https://haveibeenpwned.com/FAQs), but since they're all randomly generated this should be RARE. ### where are passwords stored?: ```bash @@ -351,8 +364,19 @@ USER_VAULT_DIR="/etc/lme/vault" PASSWORD_FILE="/etc/lme/pass.sh" ``` +### grabbing passwords: +To view the appropriate service user password run the following commands: +``` +#script: +$CLONE_DIRECTORY/scripts/extract_secrets.sh -p #to print + +#add them as variables to your current shell +source $CLONE_DIRECTORY/scripts/extract_secrets.sh #without printing values +source $CLONE_DIRECTORY/scripts/extract_secrets.sh -q #with no output +``` + ### MANUALLY setting up passwords and accessing passwords **UNSUPPORTED**: -**These steps are not fully supported and are left if others would like to suppor this in their environment** +**These steps are not fully supported and are left if others would like to support this in their environment** Run the password_management.sh script: ```bash @@ -364,39 +388,96 @@ lme-user@ubuntu:~/LME-TEST$ sudo -i ${PWD}/scripts/password_management.sh -h -h: print this list ``` -### grabbing passwords: -To view the appropriate service user password use ansible-vault, as root: -``` -#script: -$CLONE_DIRECTORY/scripts/extract_secrets.sh -p #to print - -#add them as variables to your current shell -source $CLONE_DIRECTORY/scripts/extract_secrets.sh #without printing values -source $CLONE_DIRECTORY/scripts/extract_secrets.sh -q #with no output - -``` -#### manually getting passwords: +A cli oneliner to grab passwords (this also demonstrates how we're using ansible-vault in extract_secrets.sh): +```bash #where wazuh_api is the service user whose password you want: -sudo -i ansible-vault view /etc/lme/vault/$(sudo -i podman secret ls | grep wazuh_api | awk '{print $1}') +USER_NAME=wazuh_api +sudo -i ansible-vault view /etc/lme/vault/$(sudo -i podman secret ls | grep $USER_NAME | awk '{print $1}') +``` # Documentation: -### Logging Guidance +## Logging Guidance - [LME in the CLOUD](/docs/markdown/logging-guidance/cloud.md) - - [Log Retention](/docs/markdown/logging-guidance/retention.md) *TODO*: change link to new documentation - - [Additional Log Types](/docs/markdown/logging-guidance/other-logging.md) + - [Log Retention](/docs/markdown/logging-guidance/retention.md) + - [Filtering](/docs/markdown/logging-guidance/filtering.md) ## Reference: - - [FAQ](/docs/markdown/reference/faq.md) *TODO* - - [Troubleshooting](/docs/markdown/reference/troubleshooting.md) *TODO* - - [Dashboard Descriptions](/docs/markdown/reference/dashboard-descriptions.md) - - [Guide to Organizational Units](/docs/markdown/chapter1/guide_to_ous.md) + - [FAQ](/docs/markdown/reference/faq.md) + - [Troubleshooting](/docs/markdown/reference/troubleshooting.md) + - [Dashboard Descriptions](/docs/markdown/reference/dashboard-descriptions.md) *TODO*: update with new 2.0 dashboard descriptions - [Security Model](/docs/markdown/reference/security-model.md) ## Maintenance: - - [Backups](/docs/markdown/maintenance/backups.md) *TODO* change link to new documentation - - [Upgrading 1x -> 2x](/scripts/upgrade/README.md) - - [Certificates](/docs/markdown/maintenance/certificates.md) *TODO* + - [Backups](/docs/markdown/maintenance/backups.md) + - [Certificates](/docs/markdown/maintenance/certificates.md) + - [Encryption at rest](/docs/markdown/maintenance/Encryption at rest option for users.md) + - Data management: + - [Index Management](/docs/markdown/maintenance/index-management.md) + - [Volume Management](/docs/markdown/maintenance/volume-management.md) + - Upgrading: + - [Upgrading 1x -> 2x](/scripts/upgrade/README.md) + - [Upgrading future 2.X](/docs/markdown/maintenance/upgrading.md) ## Agents: -*TODO* add in docs in new documentation +This is documentatino on agent configuration and management + - [Elastic-Agent](/docs/markdown/agents/elastic-agent-mangement.md) + - Wazuh: + - [Wazuh Configuration](/docs/markdown/maintenance/wazuh-configuration.md) + - [Active Response](/docs/markdown/agents/wazuh-active-response.md) + - [Agent Management](/docs/markdown/agents/wazuh-agent-mangement.md) + +## endpoint tools: +In order to make best use of the agents, they need to be complemented by utilities to generate forensically relevant data to analyze and support detections. +Look at adding them to Windows/Linux + +### Windows: + - [Sysmon (manual install)](/docs/markdown/endpoint-tools/install-sysmon.md) +### Linux: + - [Auditd](/docs/markdown/endpoint-tools/install-auditd.md) + +# Uninstall +This walks through how to completely uninstall LME's services and data. + +The dependencies will not be removed this way, if desired we can add that to the documentation, and you can consult the ansible scripts to see what was installed, and remove the created directories. + +To uninstall everything: +**WARNING THIS WILL DELETE EVERYTHING!!!** +``` bash +sudo -i -u root +systemctl stop lme* && systemctl reset-failed && podman volume rm -a && podman secret rm -a && rm -rf /opt/lme && rm -rf /etc/lme && rm -rf /etc/containers/systemd +``` + +To stop/optionally uninstall things: +**WARNING THIS WILL DELETE EVERYTHING!!!** +Stop lme services: +```bash +sudo systemctl stop lme* +sudo systemctl disable lme.service +sudo -i podman stop $(sudo -i podman ps -aq) +sudo -i podman rm $(sudo -i podman ps -aq) +``` +**WARNING THIS WILL DELETE EVERYTHING!!!** + +To delete only lme volumes: +```bash +sudo -i podman volume ls --format "{{.Name}}" | grep lme | xargs podman volume rm +``` +or +To delete all volumes: +```bash +sudo -i podman volume rm -a +``` +**WARNING THIS WILL DELETE EVERYTHING!!!** + +# Developer notes: +Git clone and git checkout your development branch on the server: + +```bash +git clone https://github.com/cisagov/LME.git +cd LME +git checkout YOUR_BRANCH_NAME_HERE +``` + +Once you've gotten your changes/updates added, please submit a pull request following our [guidelines](/CONTRIBUTING.md) + diff --git a/ansible/post_install_local.yml b/ansible/post_install_local.yml index ac4f5ed6..94c11815 100644 --- a/ansible/post_install_local.yml +++ b/ansible/post_install_local.yml @@ -449,7 +449,6 @@ when: debug_mode | bool #SETUP - - name: Copy dashboards files /opt/lme/dashboards copy: src: "{{ clone_directory }}/dashboards/" @@ -718,6 +717,7 @@ - "wazuh_api password is set: {{ wazuh_api_password | length > 0 }}" when: debug_mode | bool #SETUP + # - name: expand path set_fact: clone_directory: "{{clone_directory | expanduser }}" diff --git a/config/containers.txt b/config/containers.txt index facf6b2e..609346cd 100644 --- a/config/containers.txt +++ b/config/containers.txt @@ -3,3 +3,4 @@ docker.elastic.co/elasticsearch/elasticsearch:8.12.2 docker.elastic.co/beats/elastic-agent:8.12.2 docker.elastic.co/kibana/kibana:8.12.2 docker.io/wazuh/wazuh-manager:4.7.5 +docker.io/jertel/elastalert2:2.20.0 diff --git a/config/elastalert2/config.yaml b/config/elastalert2/config.yaml new file mode 100644 index 00000000..994064e9 --- /dev/null +++ b/config/elastalert2/config.yaml @@ -0,0 +1,18 @@ +run_every: + minutes: 1 + +buffer_time: + minutes: 15 + +writeback_index: elastalert_status + +alert_time_limit: + days: 2 + +es_host: lme-elasticsearch +es_port: 9200 +use_ssl: true +verify_certs: false + +#exists in the container +rules_folder: /opt/elastalert/rules diff --git a/config/elastalert2/rules/windows_event_logs_cleared.yaml b/config/elastalert2/rules/windows_event_logs_cleared.yaml new file mode 100644 index 00000000..8718a5c0 --- /dev/null +++ b/config/elastalert2/rules/windows_event_logs_cleared.yaml @@ -0,0 +1,53 @@ +name: Windows Event Logs Cleared + +# Type of rule +type: any + +# Index pattern to search +index: logs-* + +# Elasticsearch query in DSL format +filter: + - query: + bool: + must: + - terms: + event.action: ["audit-log-cleared", "Log clear"] + - term: + winlog.api: "wineventlog" + must_not: + - term: + winlog.provider_name: "AD FS Auditing" + +# Alert when conditions are met +alert: + - "slack" + +# Slack alert details +slack_webhook_url: "https://hooks.slack.com/services/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" +slack_username_override: "Windows Security Alert" +slack_msg_color: "danger" +slack_emoji_override: ":rotating_light:" + +# Alert message format +alert_text: | + Windows Event Logs Cleared Detected! + Host: {0} + Event Action: {1} + Winlog Provider Name: {2} + Timestamp: {3} +alert_text_args: + - host.name + - event.action + - winlog.provider_name + - "@timestamp" + +# Alert text only, without additional metadata +alert_text_type: alert_text_only + +# Frequency for querying Elasticsearch +realert: + minutes: 5 + +# Optional timestamp field to use for events +timestamp_field: "@timestamp" \ No newline at end of file diff --git a/config/elasticsearch.yml b/config/elasticsearch.yml new file mode 100644 index 00000000..62836211 --- /dev/null +++ b/config/elasticsearch.yml @@ -0,0 +1,7 @@ +cluster.name: "docker-cluster" +network.host: 0.0.0.0 +path: + repo: + - /usr/share/elasticsearch + - /usr/share/elasticsearch/backups + diff --git a/dashboards/elastic/User_Security_2.ndjson b/dashboards/elastic/User_Security_2.ndjson deleted file mode 100644 index 3bbf5dce..00000000 --- a/dashboards/elastic/User_Security_2.ndjson +++ /dev/null @@ -1,39 +0,0 @@ -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n| [ Credential Access logs](#/dashboard/403259b0-42ff-11ef-ad69-a315bc8e9abb)\\n| [ Privilege Access logs](#/dashboard/ff4536e0-439c-11ef-bb7f-8131442929d4)\\n| [ Policy Changes & System Activity](#/dashboard/b9590350-4ad6-11ef-b548-fb0fe2537bf7)\\n| [ Identity access Management](#/dashboard/99145260-4618-11ef-af9e-99159f20f35b)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY4MCwzXQ=="} -{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":10},\"source.ip\":{\"count\":3},\"source.port\":{\"count\":3},\"winlog.event_data.IpAddress\":{\"count\":6},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":5},\"winlog.event_data.TargetDomainName\":{\"count\":9},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.event_data.ProcessID\":{\"count\":1},\"process.executable\":{\"count\":2},\"destination.ip\":{\"count\":1},\"destination.port\":{\"count\":1},\"network.transport\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.DestinationIp\":{\"count\":5},\"winlog.event_data.DestinationPort\":{\"count\":1},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.SourceIp\":{\"count\":3},\"winlog.event_data.SourcePort\":{\"count\":3},\"winlog.event_data.SourcePortName\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":1},\"winlog.event_data.SubjectUserName\":{\"count\":2},\"winlog.event_data.TargetUser\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"logs-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"68a051a0-1d7f-11e9-9fc5-a91039822035","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY4MSwzXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}"},"title":"Security - Select User","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Select User\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1587572089136\",\"label\":\"Domain(s)\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\",\"fieldName\":\"winlog.event_data.TargetDomainName\",\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1587713561601\",\"fieldName\":\"winlog.event_data.TargetUserName\",\"parent\":\"\",\"label\":\"Username(s)\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"a64ec020-84b4-11ea-b7fb-01bea49d9239","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_0_index_pattern","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_1_index_pattern","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY4MiwzXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security - Filter Hosts","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security - Filter Hosts\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Event count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host name\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"8b7ff050-8ed4-11ea-904c-391ecaa2f2f4","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY4MywzXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Security - Select Host","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Select Host\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1588685297382\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Host\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"53b65290-8ed4-11ea-904c-391ecaa2f2f4","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_0_index_pattern","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY4NCwzXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Logons Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logons Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Logons\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"d58b0380-8540-11ea-b6c5-5d9149593ce4","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY4NSwzXQ=="} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(event.code:4624 OR event.code:4625) and not user.name:*$\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":\"NT AUTHORITY, Window Manager, Font Driver Host\",\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"},"sort":[["@timestamp","desc"]],"title":"Human User Logon Events","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY4NiwzXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Logon attempts","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logon attempts\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Login attempts\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"22170f50-853c-11ea-b6c5-5d9149593ce4","managed":false,"references":[{"id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY4NywzXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Logon events over time","uiStateJSON":"{\"vis\":{\"colors\":{\"Failed attempts\":\"#BF1B00\",\"Successful atempts\":\"#629E51\"}}}","version":1,"visState":"{\"title\":\"Security - Logon events over time\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":1,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm:ss\"}},\"params\":{\"date\":true,\"interval\":\"PT30S\",\"format\":\"HH:mm:ss\",\"bounds\":{\"min\":\"2020-04-23T08:41:59.000Z\",\"max\":\"2020-04-23T08:56:59.000Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":0,\"format\":{},\"params\":{},\"aggType\":\"filters\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"filters\",\"schema\":\"group\",\"params\":{\"filters\":[{\"input\":{\"query\":\"event.code:4625\",\"language\":\"lucene\"},\"label\":\"Failed attempts\"},{\"input\":{\"query\":\"event.code:4624\",\"language\":\"lucene\"},\"label\":\"Successful atempts\"}]}},{\"id\":\"3\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"c0c8b560-84a9-11ea-b7fb-01bea49d9239","managed":false,"references":[{"id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY4OCwzXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"event.code\",\"value\":\"4,624, 4,625\",\"params\":[\"4624\",\"4625\"],\"alias\":null,\"negate\":false,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"event.code\":\"4624\"}},{\"match_phrase\":{\"event.code\":\"4625\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"},"savedSearchRefName":"search_0","title":"Security - Logon hosts pie","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logon hosts pie\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Computers\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Computer\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"489f7350-853d-11ea-b6c5-5d9149593ce4","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY4OSwzXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Logon hosts","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logon hosts\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"host.name\",\"customLabel\":\"Hosts\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"a179afa0-853c-11ea-b6c5-5d9149593ce4","managed":false,"references":[{"id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY5MCwzXQ=="} -{"attributes":{"columns":["event.code","host.name","winlog.event_data.TargetDomainName","winlog.event_data.TargetUserName","winlog.event_data.IpAddress","event.action","event.outcome","winlog.event_data.LogonType"],"description":"","grid":{"columns":{"user.domain":{"width":119},"user.name":{"width":134}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(event.code:4624 OR event.code:4625) and not user.name:*$\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Human Logon & Logoff events","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"2325be20-8616-11ea-a720-c7a0431f179d","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY5MSwzXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Network Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Network Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Network Connections\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"a1229110-860f-11ea-a720-c7a0431f179d","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY5MiwzXQ=="} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id : \\\"3\\\" and event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"All network activity ","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"d1a74ce0-8641-11ea-907a-33d103156187","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY5MywzXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Network Activity Line","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Network Activity Line\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Connections\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15y\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"extendToTimeRange\":false,\"scaleMetricValues\":false,\"interval\":\"auto\",\"used_interval\":\"30d\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Connections\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Connections\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm:ss\"}},\"params\":{\"date\":true,\"interval\":\"PT30S\",\"format\":\"HH:mm:ss\",\"bounds\":{\"min\":\"2020-04-24T15:29:10.918Z\",\"max\":\"2020-04-24T15:44:10.918Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\",\"truncateLegend\":true,\"maxLegendLines\":1,\"radiusRatio\":9}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"ec7ad2d0-8641-11ea-907a-33d103156187","managed":false,"references":[{"id":"d1a74ce0-8641-11ea-907a-33d103156187","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY5NCwzXQ=="} -{"attributes":{"columns":["winlog.event_data.DestinationHostname","destination.ip","winlog.event_data.DestinationIsIpv6","network.","process.executable","winlog.event_data.DestinationPort","winlog.event_data.Protocol","winlog.user.name","winlog.user.type","source.ip","winlog.event_data.SourceIsIpv6","source.port","network.protocol"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id:3 AND NOT (destination.ip:\\\"10.0.0.0/8\\\" OR destination.ip:\\\"172.16.0.0/16\\\" OR destination.ip:\\\"192.168.0.0/16\\\" OR destionation.ip:\\\"224.0.0.0/24\\\" OR destination.ip:\\\"169.254.0.0/16\\\" OR destination.ip:\\\"127.0.0.1\\\" OR destination.ip:\\\"fe80::/10\\\" OR destination.ip:\\\"fc00::/7\\\") AND NOT (process.name:iexplore.exe OR process.name:chrome.exe OR process.name:firefox.exe OR process.name:opera.exe) AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_non_browsers_connection","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"a0f75d50-e5e8-11e9-8f1d-73a2ea4cc3ed","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY5NSwzXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Network Process List","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security - Network Process List\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.DestinationIp\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":false,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.TargetUserName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Logged on user\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Computer\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.ProcessId\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":4,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"date\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"percentageCol\":\"\",\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"31a7d490-e677-11e9-8be5-cd86dcca33f3","managed":false,"references":[{"id":"a0f75d50-e5e8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY5NiwzXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Network connections area ","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Network connections area \",\"type\":\"area\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":false,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"group\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.ProcessId\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"group\"}],\"params\":{\"type\":\"area\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"labels\":{},\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\",\"truncateLegend\":true,\"maxLegendLines\":1,\"radiusRatio\":9}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"3fb9dfd0-8887-11ea-99ef-bd4d29afe41e","managed":false,"references":[{"id":"a0f75d50-e5e8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY5NywzXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Overview - Processes with unusual network activity","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Overview - Processes with unusual network activity\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"significant_terms\",\"params\":{\"field\":\"winlog.event_data.ProcessId\",\"size\":10,\"include\":\"\",\"json\":\"\",\"customLabel\":\"Process\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"string\"},\"params\":{},\"label\":\"Process\",\"aggType\":\"significant_terms\"}]},\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"245778d0-8641-11ea-907a-33d103156187","managed":false,"references":[{"id":"a0f75d50-e5e8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY5OCwzXQ=="} -{"attributes":{"columns":["host.name","winlog.event_data.TargetUserName","winlog.event_data.TargetDomainName","winlog.event_data.SourceIp","winlog.event_data.SourcePort","winlog.event_data.DestinationIp","winlog.event_data.DestinationPort","winlog.event_data.ProcessId","winlog.event_data.ProcessName"],"description":"","grid":{"columns":{"winlog.event_data.SubjectDomainName":{"width":216}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id:3 AND NOT (destination.ip:\\\"10.0.0.0/8\\\" OR destination.ip:\\\"172.16.0.0/16\\\" OR destination.ip:\\\"192.168.0.0/16\\\" OR destionation.ip:\\\"224.0.0.0/24\\\" OR destination.ip:\\\"169.254.0.0/16\\\" OR destination.ip:\\\"127.0.0.1\\\" OR destination.ip:\\\"fe80::/10\\\" OR destination.ip:\\\"fc00::/7\\\") and event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"srch_uds_non_private_network","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"027102a0-e69f-11e9-8be5-cd86dcca33f3","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzY5OSwzXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Processes Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Processes Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Processes & Powershell\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"813d18f0-8869-11ea-99ef-bd4d29afe41e","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzcwMCwzXQ=="} -{"attributes":{"columns":["host.name","winlog.event_data.TargetDomainName","winlog.event_data.User","winlog.event_data.ProcessId","winlog.event_data.ProcessName","winlog.event_data.Hashes","process.args"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code:\\\"1\\\" AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Process Spawns","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"ca56a030-8899-11ea-99ef-bd4d29afe41e","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzcwMSwzXQ=="} -{"attributes":{"columns":["user.domain","user.name","host.name","process.executable","process.command_line","process.parent.executable","process.parent.command_line","file.path","event.code"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"process.parent.name:\\\"powershell.exe\\\" OR process.name:\\\"powershell.exe\\\" OR winlog.event_data.OriginalFileName:\\\"PowerShell.EXE\\\" OR process.command_line.text:\\\"powershell\\\" OR parent.process.command_line.text:\\\"powershell\\\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_powershell_run","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"2e276480-ec16-11e9-befc-81397a291157","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzcwMiwzXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Powershell Run Count","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Security - Powershell Run Count\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"60553d40-ec18-11e9-befc-81397a291157","managed":false,"references":[{"id":"2e276480-ec16-11e9-befc-81397a291157","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzcwMywzXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Powershell runs over time","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now/w\",\"to\":\"now/w\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":0,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"grid\":{\"categoryLines\":false},\"labels\":{},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#34130C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\"},\"title\":\"Security - Powershell runs over time\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"bc2e06f0-8930-11ea-9bd8-f3fed1ec2140","managed":false,"references":[{"id":"2e276480-ec16-11e9-befc-81397a291157","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzcwNCwzXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Power shell hosts pie","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"host.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addTooltip\":true,\"dimensions\":{\"metric\":{\"accessor\":0,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}},\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Security - Power shell hosts pie\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"2b71e9f0-8931-11ea-9bd8-f3fed1ec2140","managed":false,"references":[{"id":"2e276480-ec16-11e9-befc-81397a291157","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzcwNSwzXQ=="} -{"attributes":{"columns":["user.domain","user.name","host.name","process.executable","process.args","process.parent.executable","process.parent.args"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(process.parent.name:\\\"powershell.exe\\\" OR process.name:\\\"powershell.exe\\\" OR winlog.event_data.OriginalFileName:\\\"PowerShell.EXE\\\") AND process.command_line.text:(\\\"invoke\\\" or \\\"bypass\\\" or \\\"iex\\\" or \\\"ex\\\" or \\\"icm\\\" or \\\"new-object\\\" or \\\"set\\\" or \\\"get\\\" or \\\"write\\\" or \\\"out\\\" or \\\"download\\\" or \\\"encoded\\\")\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"Potentially Suspicious Powershell","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"ff5a53b0-ebf7-11e9-befc-81397a291157","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzcwNiwzXQ=="} -{"attributes":{"columns":["user.domain","user.name","host.name","destination.domain","destination.ip"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id:3 AND (process.parent.name:\\\"powershell.exe\\\" OR process.name:\\\"powershell.exe\\\" OR winlog.event_data.OriginalFileName:\\\"PowerShell.EXE\\\") AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_uds_powershell_network","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"c97a71f0-8952-11ea-9bd8-f3fed1ec2140","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzcwNywzXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Files title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Files title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Files\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"404f6e60-895e-11ea-9bd8-f3fed1ec2140","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzcwOCwzXQ=="} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"file.path.text: \\\"tmp\\\" OR file.path.text:\\\"temp\\\"\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"exists\",\"key\":\"file.path\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"exists\":{\"field\":\"file.path\"},\"$state\":{\"store\":\"appState\"}}]}"},"sort":[["@timestamp","desc"]],"title":"TEMP & %TEMP%","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"fbbf01c0-e697-11e9-8be5-cd86dcca33f3","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzcwOSwzXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"TEMP & %TEMP%","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Target File\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":30,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hostname\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"TEMP & %TEMP%\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"1a0c4520-e698-11e9-8be5-cd86dcca33f3","managed":false,"references":[{"id":"fbbf01c0-e697-11e9-8be5-cd86dcca33f3","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzcxMCwzXQ=="} -{"attributes":{"columns":["@timestamp","user.domain","user.name","host.name","process.executable","winlog.event_data.ProcessId"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id: \\\"9\\\" AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"Raw Access Events","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"6b97d600-8960-11ea-9bd8-f3fed1ec2140","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzcxMSwzXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Windows Defender Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Windows Defender Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Windows Defender\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"ebbab910-8960-11ea-9bd8-f3fed1ec2140","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzcxMiwzXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"winlog.event_id:(1006 or 1007 or 1008 or 1009 or 1116 or 1117 or 1118 or 1119)\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security - AV Events Count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - AV Events Count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Windows AV Events\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"4d08ec30-e5c1-11e9-ac01-d5832a8a14d8","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzcxMywzXQ=="} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"winlog.event_id\",\"value\":\"1,006, 1,007, 1,008, 1,009, 1,116, 1,117, 1,118, 1,119\",\"params\":[\"1006\",\"1007\",\"1008\",\"1009\",\"1116\",\"1117\",\"1118\",\"1119\"],\"negate\":false,\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"winlog.event_id\":\"1006\"}},{\"match_phrase\":{\"winlog.event_id\":\"1007\"}},{\"match_phrase\":{\"winlog.event_id\":\"1008\"}},{\"match_phrase\":{\"winlog.event_id\":\"1009\"}},{\"match_phrase\":{\"winlog.event_id\":\"1116\"}},{\"match_phrase\":{\"winlog.event_id\":\"1117\"}},{\"match_phrase\":{\"winlog.event_id\":\"1118\"}},{\"match_phrase\":{\"winlog.event_id\":\"1119\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"AV Detection event","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"3c3bc850-7bc7-11e9-b45c-ad49d0e60b5a","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzcxNCwzXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"AV Hits (Count)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"AV Hits (Count)\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"AV Detection hits\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"45277cd0-7bdf-11e9-b45c-ad49d0e60b5a","managed":false,"references":[{"id":"3c3bc850-7bc7-11e9-b45c-ad49d0e60b5a","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzcxNSwzXQ=="} -{"attributes":{"columns":["winlog.event_data.Detection User","host.name","winlog.event_data.Path","winlog.event_data.FWLink"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id: 1116\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[{\"meta\":{\"negate\":false,\"type\":\"phrase\",\"key\":\"event.provider\",\"params\":{\"query\":\"Microsoft-Windows-Windows Defender\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.provider\":{\"query\":\"Microsoft-Windows-Windows Defender\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"},"sort":[["@timestamp","desc"]],"title":"Defender AV Detections","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T17:52:25.220Z","id":"854e4470-8966-11ea-9bd8-f3fed1ec2140","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-11T17:52:25.220Z","version":"WzcxNiwzXQ=="} -{"attributes":{"description":"User Security overview, filtered by Domain / Username or hostname","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"f755ac59-6f3f-4dcb-ae0c-758507dd83f3\"},\"panelIndex\":\"f755ac59-6f3f-4dcb-ae0c-758507dd83f3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f755ac59-6f3f-4dcb-ae0c-758507dd83f3\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":23,\"h\":7,\"i\":\"064b662c-7a7a-4a68-9f89-6677770cf040\"},\"panelIndex\":\"064b662c-7a7a-4a68-9f89-6677770cf040\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Search users\",\"panelRefName\":\"panel_064b662c-7a7a-4a68-9f89-6677770cf040\"},{\"type\":\"visualization\",\"gridData\":{\"x\":23,\"y\":3,\"w\":25,\"h\":7,\"i\":\"4104303d-2849-4c78-85d0-1fa9f49f4b80\"},\"panelIndex\":\"4104303d-2849-4c78-85d0-1fa9f49f4b80\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Filter hosts\",\"panelRefName\":\"panel_4104303d-2849-4c78-85d0-1fa9f49f4b80\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":10,\"w\":23,\"h\":7,\"i\":\"0195638d-458a-4ff6-ad4d-a991c7a7e882\"},\"panelIndex\":\"0195638d-458a-4ff6-ad4d-a991c7a7e882\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Search hosts\",\"panelRefName\":\"panel_0195638d-458a-4ff6-ad4d-a991c7a7e882\"},{\"type\":\"lens\",\"gridData\":{\"x\":23,\"y\":10,\"w\":25,\"h\":7,\"i\":\"3593d5e7-318e-48a0-9b9d-73ba207f18f8\"},\"panelIndex\":\"3593d5e7-318e-48a0-9b9d-73ba207f18f8\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"id\":\"68a051a0-1d7f-11e9-9fc5-a91039822035\",\"name\":\"indexpattern-datasource-layer-d123adeb-fd39-4176-b3c9-69c88d2852d5\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"6f33ff19-9959-4c43-b791-939582a0b3d2\",\"isTransposed\":false},{\"columnId\":\"26752485-2aa5-4908-b400-504d6e7ef451\",\"isTransposed\":false}],\"layerId\":\"d123adeb-fd39-4176-b3c9-69c88d2852d5\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"d123adeb-fd39-4176-b3c9-69c88d2852d5\":{\"columns\":{\"6f33ff19-9959-4c43-b791-939582a0b3d2\":{\"label\":\"Event Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"26752485-2aa5-4908-b400-504d6e7ef451\":{\"label\":\"winlog.event_data.TargetUserName\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.TargetUserName\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6f33ff19-9959-4c43-b791-939582a0b3d2\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"26752485-2aa5-4908-b400-504d6e7ef451\",\"6f33ff19-9959-4c43-b791-939582a0b3d2\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Filter users\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":17,\"w\":48,\"h\":4,\"i\":\"387d6ff2-16e6-4efb-959e-c31b718f481f\"},\"panelIndex\":\"387d6ff2-16e6-4efb-959e-c31b718f481f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_387d6ff2-16e6-4efb-959e-c31b718f481f\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":21,\"w\":9,\"h\":7,\"i\":\"0c2033ce-4b41-46d4-9360-df760fef6fcc\"},\"panelIndex\":\"0c2033ce-4b41-46d4-9360-df760fef6fcc\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0c2033ce-4b41-46d4-9360-df760fef6fcc\"},{\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":21,\"w\":20,\"h\":14,\"i\":\"08b30cb5-bf80-4ca4-82f7-04a3adaf6a91\"},\"panelIndex\":\"08b30cb5-bf80-4ca4-82f7-04a3adaf6a91\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Logon attempts\",\"panelRefName\":\"panel_08b30cb5-bf80-4ca4-82f7-04a3adaf6a91\"},{\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":21,\"w\":19,\"h\":14,\"i\":\"f4085a94-9a0b-436d-8351-0d3835018b74\"},\"panelIndex\":\"f4085a94-9a0b-436d-8351-0d3835018b74\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Logged on computers\",\"panelRefName\":\"panel_f4085a94-9a0b-436d-8351-0d3835018b74\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":28,\"w\":9,\"h\":7,\"i\":\"1dde117a-b1ce-4c92-ae25-1f5ec64a8033\"},\"panelIndex\":\"1dde117a-b1ce-4c92-ae25-1f5ec64a8033\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1dde117a-b1ce-4c92-ae25-1f5ec64a8033\"},{\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":35,\"w\":48,\"h\":17,\"i\":\"d1b7aa24-820d-4c80-8e0a-e5af2df3e656\"},\"panelIndex\":\"d1b7aa24-820d-4c80-8e0a-e5af2df3e656\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"User Logon & Logoff Events\",\"panelRefName\":\"panel_d1b7aa24-820d-4c80-8e0a-e5af2df3e656\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":52,\"w\":48,\"h\":4,\"i\":\"f04dffb7-7c21-4a21-b3be-72e290369616\"},\"panelIndex\":\"f04dffb7-7c21-4a21-b3be-72e290369616\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f04dffb7-7c21-4a21-b3be-72e290369616\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":56,\"w\":48,\"h\":14,\"i\":\"1e09c80a-b1f8-4c23-a669-07dea699f6c7\"},\"panelIndex\":\"1e09c80a-b1f8-4c23-a669-07dea699f6c7\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"All network connections\",\"panelRefName\":\"panel_1e09c80a-b1f8-4c23-a669-07dea699f6c7\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":70,\"w\":24,\"h\":15,\"i\":\"790db76b-0f52-47b6-bbe8-8ca8611dcee1\"},\"panelIndex\":\"790db76b-0f52-47b6-bbe8-8ca8611dcee1\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"title\":\"Network connections from non-browser processes\",\"panelRefName\":\"panel_790db76b-0f52-47b6-bbe8-8ca8611dcee1\"},{\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":70,\"w\":24,\"h\":15,\"i\":\"7e9aade7-496b-49a9-8e35-df93fcafb8d8\"},\"panelIndex\":\"7e9aade7-496b-49a9-8e35-df93fcafb8d8\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Network connection by protocol\",\"panelRefName\":\"panel_7e9aade7-496b-49a9-8e35-df93fcafb8d8\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":85,\"w\":48,\"h\":15,\"i\":\"3ea3bab7-f3de-44e2-b656-ea91f798bfa3\"},\"panelIndex\":\"3ea3bab7-f3de-44e2-b656-ea91f798bfa3\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Unusual network connections from non-browser processes\",\"panelRefName\":\"panel_3ea3bab7-f3de-44e2-b656-ea91f798bfa3\"},{\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":100,\"w\":48,\"h\":10,\"i\":\"cecdc65a-4681-48ce-a897-e7e502d53c51\"},\"panelIndex\":\"cecdc65a-4681-48ce-a897-e7e502d53c51\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Network Connection Events (Sysmon ID 3)\",\"panelRefName\":\"panel_cecdc65a-4681-48ce-a897-e7e502d53c51\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":110,\"w\":48,\"h\":4,\"i\":\"f13a86c6-fb30-4594-bd8e-a6599de3b105\"},\"panelIndex\":\"f13a86c6-fb30-4594-bd8e-a6599de3b105\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f13a86c6-fb30-4594-bd8e-a6599de3b105\"},{\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":114,\"w\":48,\"h\":14,\"i\":\"62305f6a-aea7-4392-bc0f-1b39401608af\"},\"panelIndex\":\"62305f6a-aea7-4392-bc0f-1b39401608af\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Spawned Processes\",\"panelRefName\":\"panel_62305f6a-aea7-4392-bc0f-1b39401608af\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":128,\"w\":10,\"h\":15,\"i\":\"c9f7b834-936e-41ab-899f-0acd5acc8ce1\"},\"panelIndex\":\"c9f7b834-936e-41ab-899f-0acd5acc8ce1\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell Events\",\"panelRefName\":\"panel_c9f7b834-936e-41ab-899f-0acd5acc8ce1\"},{\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":128,\"w\":20,\"h\":15,\"i\":\"df23eba1-9d1e-4776-9427-45cc96c3d74c\"},\"panelIndex\":\"df23eba1-9d1e-4776-9427-45cc96c3d74c\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell events over time\",\"panelRefName\":\"panel_df23eba1-9d1e-4776-9427-45cc96c3d74c\"},{\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":128,\"w\":18,\"h\":15,\"i\":\"f04ccc93-e9e6-4de1-aa00-cc20fd3c510e\"},\"panelIndex\":\"f04ccc93-e9e6-4de1-aa00-cc20fd3c510e\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell events by computer\",\"panelRefName\":\"panel_f04ccc93-e9e6-4de1-aa00-cc20fd3c510e\"},{\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":143,\"w\":25,\"h\":16,\"i\":\"d630d92b-3dc6-47a1-b463-06dc87153147\"},\"panelIndex\":\"d630d92b-3dc6-47a1-b463-06dc87153147\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Potentially suspicious powershell\",\"panelRefName\":\"panel_d630d92b-3dc6-47a1-b463-06dc87153147\"},{\"type\":\"search\",\"gridData\":{\"x\":25,\"y\":143,\"w\":23,\"h\":16,\"i\":\"5ffe76a2-586e-4f12-bfad-9715292678e4\"},\"panelIndex\":\"5ffe76a2-586e-4f12-bfad-9715292678e4\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell network connections\",\"panelRefName\":\"panel_5ffe76a2-586e-4f12-bfad-9715292678e4\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":159,\"w\":48,\"h\":4,\"i\":\"106ce826-a753-43a2-b8f3-7a28b0d71b3f\"},\"panelIndex\":\"106ce826-a753-43a2-b8f3-7a28b0d71b3f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_106ce826-a753-43a2-b8f3-7a28b0d71b3f\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":163,\"w\":24,\"h\":15,\"i\":\"f53fdf2f-baed-47bf-bd90-31bbbf4d910e\"},\"panelIndex\":\"f53fdf2f-baed-47bf-bd90-31bbbf4d910e\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"References to temporary files\",\"panelRefName\":\"panel_f53fdf2f-baed-47bf-bd90-31bbbf4d910e\"},{\"type\":\"search\",\"gridData\":{\"x\":24,\"y\":163,\"w\":24,\"h\":15,\"i\":\"26910234-8a4e-4797-92c6-f671974c3d35\"},\"panelIndex\":\"26910234-8a4e-4797-92c6-f671974c3d35\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"RawAccessRead (Sysmon Event 9)\",\"panelRefName\":\"panel_26910234-8a4e-4797-92c6-f671974c3d35\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":178,\"w\":48,\"h\":4,\"i\":\"773e7777-35f0-42c8-ae3a-16fc9194d154\"},\"panelIndex\":\"773e7777-35f0-42c8-ae3a-16fc9194d154\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_773e7777-35f0-42c8-ae3a-16fc9194d154\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":182,\"w\":12,\"h\":14,\"i\":\"8ea5e414-49b6-434a-9833-02ca36d879c4\"},\"panelIndex\":\"8ea5e414-49b6-434a-9833-02ca36d879c4\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Defender event count\",\"panelRefName\":\"panel_8ea5e414-49b6-434a-9833-02ca36d879c4\"},{\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":182,\"w\":12,\"h\":14,\"i\":\"fe6db4cf-96dc-4798-add6-dd01080f4e39\"},\"panelIndex\":\"fe6db4cf-96dc-4798-add6-dd01080f4e39\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_fe6db4cf-96dc-4798-add6-dd01080f4e39\"},{\"type\":\"search\",\"gridData\":{\"x\":24,\"y\":182,\"w\":24,\"h\":14,\"i\":\"230a9f9f-3a92-4d27-88d3-b6f6622cdffb\"},\"panelIndex\":\"230a9f9f-3a92-4d27-88d3-b6f6622cdffb\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"AV Detections (Event 1116)\",\"panelRefName\":\"panel_230a9f9f-3a92-4d27-88d3-b6f6622cdffb\"}]","timeRestore":false,"title":"User Security 2.0","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-11T22:18:43.029Z","id":"fd349c99-a0c6-4578-8133-92a10848b68d","managed":false,"references":[{"id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","name":"f755ac59-6f3f-4dcb-ae0c-758507dd83f3:panel_f755ac59-6f3f-4dcb-ae0c-758507dd83f3","type":"visualization"},{"id":"a64ec020-84b4-11ea-b7fb-01bea49d9239","name":"064b662c-7a7a-4a68-9f89-6677770cf040:panel_064b662c-7a7a-4a68-9f89-6677770cf040","type":"visualization"},{"id":"8b7ff050-8ed4-11ea-904c-391ecaa2f2f4","name":"4104303d-2849-4c78-85d0-1fa9f49f4b80:panel_4104303d-2849-4c78-85d0-1fa9f49f4b80","type":"visualization"},{"id":"53b65290-8ed4-11ea-904c-391ecaa2f2f4","name":"0195638d-458a-4ff6-ad4d-a991c7a7e882:panel_0195638d-458a-4ff6-ad4d-a991c7a7e882","type":"visualization"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"3593d5e7-318e-48a0-9b9d-73ba207f18f8:indexpattern-datasource-layer-d123adeb-fd39-4176-b3c9-69c88d2852d5","type":"index-pattern"},{"id":"d58b0380-8540-11ea-b6c5-5d9149593ce4","name":"387d6ff2-16e6-4efb-959e-c31b718f481f:panel_387d6ff2-16e6-4efb-959e-c31b718f481f","type":"visualization"},{"id":"22170f50-853c-11ea-b6c5-5d9149593ce4","name":"0c2033ce-4b41-46d4-9360-df760fef6fcc:panel_0c2033ce-4b41-46d4-9360-df760fef6fcc","type":"visualization"},{"id":"c0c8b560-84a9-11ea-b7fb-01bea49d9239","name":"08b30cb5-bf80-4ca4-82f7-04a3adaf6a91:panel_08b30cb5-bf80-4ca4-82f7-04a3adaf6a91","type":"visualization"},{"id":"489f7350-853d-11ea-b6c5-5d9149593ce4","name":"f4085a94-9a0b-436d-8351-0d3835018b74:panel_f4085a94-9a0b-436d-8351-0d3835018b74","type":"visualization"},{"id":"a179afa0-853c-11ea-b6c5-5d9149593ce4","name":"1dde117a-b1ce-4c92-ae25-1f5ec64a8033:panel_1dde117a-b1ce-4c92-ae25-1f5ec64a8033","type":"visualization"},{"id":"2325be20-8616-11ea-a720-c7a0431f179d","name":"d1b7aa24-820d-4c80-8e0a-e5af2df3e656:panel_d1b7aa24-820d-4c80-8e0a-e5af2df3e656","type":"search"},{"id":"a1229110-860f-11ea-a720-c7a0431f179d","name":"f04dffb7-7c21-4a21-b3be-72e290369616:panel_f04dffb7-7c21-4a21-b3be-72e290369616","type":"visualization"},{"id":"ec7ad2d0-8641-11ea-907a-33d103156187","name":"1e09c80a-b1f8-4c23-a669-07dea699f6c7:panel_1e09c80a-b1f8-4c23-a669-07dea699f6c7","type":"visualization"},{"id":"31a7d490-e677-11e9-8be5-cd86dcca33f3","name":"790db76b-0f52-47b6-bbe8-8ca8611dcee1:panel_790db76b-0f52-47b6-bbe8-8ca8611dcee1","type":"visualization"},{"id":"3fb9dfd0-8887-11ea-99ef-bd4d29afe41e","name":"7e9aade7-496b-49a9-8e35-df93fcafb8d8:panel_7e9aade7-496b-49a9-8e35-df93fcafb8d8","type":"visualization"},{"id":"245778d0-8641-11ea-907a-33d103156187","name":"3ea3bab7-f3de-44e2-b656-ea91f798bfa3:panel_3ea3bab7-f3de-44e2-b656-ea91f798bfa3","type":"visualization"},{"id":"027102a0-e69f-11e9-8be5-cd86dcca33f3","name":"cecdc65a-4681-48ce-a897-e7e502d53c51:panel_cecdc65a-4681-48ce-a897-e7e502d53c51","type":"search"},{"id":"813d18f0-8869-11ea-99ef-bd4d29afe41e","name":"f13a86c6-fb30-4594-bd8e-a6599de3b105:panel_f13a86c6-fb30-4594-bd8e-a6599de3b105","type":"visualization"},{"id":"ca56a030-8899-11ea-99ef-bd4d29afe41e","name":"62305f6a-aea7-4392-bc0f-1b39401608af:panel_62305f6a-aea7-4392-bc0f-1b39401608af","type":"search"},{"id":"60553d40-ec18-11e9-befc-81397a291157","name":"c9f7b834-936e-41ab-899f-0acd5acc8ce1:panel_c9f7b834-936e-41ab-899f-0acd5acc8ce1","type":"visualization"},{"id":"bc2e06f0-8930-11ea-9bd8-f3fed1ec2140","name":"df23eba1-9d1e-4776-9427-45cc96c3d74c:panel_df23eba1-9d1e-4776-9427-45cc96c3d74c","type":"visualization"},{"id":"2b71e9f0-8931-11ea-9bd8-f3fed1ec2140","name":"f04ccc93-e9e6-4de1-aa00-cc20fd3c510e:panel_f04ccc93-e9e6-4de1-aa00-cc20fd3c510e","type":"visualization"},{"id":"ff5a53b0-ebf7-11e9-befc-81397a291157","name":"d630d92b-3dc6-47a1-b463-06dc87153147:panel_d630d92b-3dc6-47a1-b463-06dc87153147","type":"search"},{"id":"c97a71f0-8952-11ea-9bd8-f3fed1ec2140","name":"5ffe76a2-586e-4f12-bfad-9715292678e4:panel_5ffe76a2-586e-4f12-bfad-9715292678e4","type":"search"},{"id":"404f6e60-895e-11ea-9bd8-f3fed1ec2140","name":"106ce826-a753-43a2-b8f3-7a28b0d71b3f:panel_106ce826-a753-43a2-b8f3-7a28b0d71b3f","type":"visualization"},{"id":"1a0c4520-e698-11e9-8be5-cd86dcca33f3","name":"f53fdf2f-baed-47bf-bd90-31bbbf4d910e:panel_f53fdf2f-baed-47bf-bd90-31bbbf4d910e","type":"visualization"},{"id":"6b97d600-8960-11ea-9bd8-f3fed1ec2140","name":"26910234-8a4e-4797-92c6-f671974c3d35:panel_26910234-8a4e-4797-92c6-f671974c3d35","type":"search"},{"id":"ebbab910-8960-11ea-9bd8-f3fed1ec2140","name":"773e7777-35f0-42c8-ae3a-16fc9194d154:panel_773e7777-35f0-42c8-ae3a-16fc9194d154","type":"visualization"},{"id":"4d08ec30-e5c1-11e9-ac01-d5832a8a14d8","name":"8ea5e414-49b6-434a-9833-02ca36d879c4:panel_8ea5e414-49b6-434a-9833-02ca36d879c4","type":"visualization"},{"id":"45277cd0-7bdf-11e9-b45c-ad49d0e60b5a","name":"fe6db4cf-96dc-4798-add6-dd01080f4e39:panel_fe6db4cf-96dc-4798-add6-dd01080f4e39","type":"visualization"},{"id":"854e4470-8966-11ea-9bd8-f3fed1ec2140","name":"230a9f9f-3a92-4d27-88d3-b6f6622cdffb:panel_230a9f9f-3a92-4d27-88d3-b6f6622cdffb","type":"search"}],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-10-11T22:18:43.029Z","version":"Wzk5NSw0XQ=="} -{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":38,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file diff --git a/dashboards/elastic/alerting_dashboard_2_0.ndjson b/dashboards/elastic/alerting_dashboard_2_0.ndjson new file mode 100644 index 00000000..58f3d83a --- /dev/null +++ b/dashboards/elastic/alerting_dashboard_2_0.ndjson @@ -0,0 +1,22 @@ +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n| [ Credential Access logs](#/dashboard/403259b0-42ff-11ef-ad69-a315bc8e9abb)\\n| [ Privilege Access logs](#/dashboard/ff4536e0-439c-11ef-bb7f-8131442929d4)\\n| [ Policy Changes & System Activity](#/dashboard/b9590350-4ad6-11ef-b548-fb0fe2537bf7)\\n| [ Identity access Management](#/dashboard/99145260-4618-11ef-af9e-99159f20f35b)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T15:11:26.658Z","id":"5eea1399-b3f9-4413-9790-7bd5f75ed5f1","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-23T15:11:26.658Z","version":"WzI0ODgsMV0="} +{"attributes":{"allowHidden":false,"allowNoIndex":true,"fieldAttrs":"{}","fieldFormatMap":"{}","fields":"[]","name":"logs-*","runtimeFieldMap":"{}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-*"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T15:11:26.658Z","id":"c25323e4-7499-4278-b64f-842597921b1e","managed":true,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-23T15:11:26.658Z","version":"WzI0ODksMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Alerting - Tags Controls","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Alerting - Tags Controls\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1588260438304\",\"fieldName\":\"\",\"parent\":\"\",\"label\":\"Tags\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T15:11:26.658Z","id":"52e59d99-4f20-4784-8bcc-00eee6b867f5","managed":false,"references":[{"id":"c25323e4-7499-4278-b64f-842597921b1e","name":"control_0_index_pattern","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-23T15:11:26.658Z","version":"WzI0OTAsMV0="} +{"attributes":{"fieldAttrs":"{}","fieldFormatMap":"{\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable.text\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name.text\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","runtimeFieldMap":"{\"Column1\":{\"type\":\"keyword\",\"script\":{\"source\":\"if(doc['signal.status'].size() != 0) { if(doc['signal.status'].value.equals(\\\"open\\\")) { if(doc['event.code'].size() != 0) { if(doc['event.code'].value.equals(Integer.toString(1))) { if (doc['process.pid'].size() != 0) { emit (doc['process.pid'].value.toString()) } } else if(doc['event.code'].value.equals(Integer.toString(3))) { if (doc['destination.address'].size() != 0) { emit (doc['destination.address'].value.toString()) } } } emit (\\\"No Data\\\") } } emit (\\\"Signal Closed\\\")\"}},\"Column2\":{\"type\":\"keyword\",\"script\":{\"source\":\"if(doc['signal.status'].size() != 0) { if(doc['signal.status'].value.equals(\\\"open\\\")) { if(doc['event.code'].size() != 0) { if(doc['event.code'].value.equals(Integer.toString(1))) { def args = \\\"\\\"; if (doc['process.args'].size() != 0) { for(int i=0; i winlog.computer_name:(\\\\S+) > .*\\\").legend(position=ne)\",\"interval\":\"auto\"}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-21T19:34:03.463Z","id":"04d761f8-31da-4fa6-b411-492982bffcb7","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-23T17:32:23.746Z","version":"WzI2MjcsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_security_4625_failed_logon_types_label","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_security_4625_failed_logon_types_label\",\"type\":\"markdown\",\"params\":{\"markdown\":\"|Logon Type|Logon Title|Description|\\n| :-: | :- | :- |\\n| 2 | Interactive | A user logged on to this computer. |\\n| 3 | Network | A user or computer logged on to this computer from the network. |\\n| 4 | Batch | Batch logon type is used by batch servers, where processes may be executing on behalf of a user without their direct intervention. |\\n| 5 | Service | A service was started by the Service Control Manager. |\\n| 7 | Unlock | This workstation was unlocked. |\\n| 8 | NetworkCleartext | A user logged on to this computer from the network. The user's password was passed to the authentication package in its unhashed form. The built-in authentication packages all hash credentials before sending them across the network. The credentials do not traverse the network in plaintext (also called cleartext). |\\n| 9 | NewCredentials | A caller cloned its current token and specified new credentials for outbound connections. The new logon session has the same local identity, but uses different credentials for other network connections. |\\n| 10 | RemoteInteractive | A user logged on to this computer remotely using Terminal Services or Remote Desktop. |\\n| 11 | CachedInteractive | A user logged on to this computer with network credentials that were stored locally on the computer. The domain controller was not contacted to verify the credentials. |\\n\\nFor more information see *https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4625*\",\"openLinksInNewTab\":false,\"fontSize\":10},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-21T19:34:03.463Z","id":"7b7addff-313c-4305-a681-0e73e4fab8a5","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-21T19:34:03.463Z","version":"WzEzOTMsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_4625_failed_logon_status_codes_pie","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"vis_sd_security_4625_failed_logon_status_codes_pie\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.LogonType\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.Status\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"segment\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.SubStatus\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-21T19:34:03.463Z","id":"e241d441-f788-45f7-8f78-cb67ab880af7","managed":false,"references":[{"id":"69b1e834-ded8-4e8b-8d0d-8b870dcbdaf3","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-21T19:34:03.463Z","version":"WzEzOTQsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_security_4625_failed_logon_status_label","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_security_4625_failed_logon_status_label\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"markdown\":\"| Code | Description |\\n| :- | :- |\\n| 0XC000005E | There are currently no logon servers available to service the logon request. |\\n| 0xC0000064 | User logon with misspelled or bad user account |\\n| 0xC000006A | User logon with misspelled or bad password |\\n| 0XC000006D | This is either due to a bad username or authentication information |\\n| 0XC000006E | Unknown user name or bad password. |\\n| 0xC000006F | User logon outside authorized hours |\\n| 0xC0000070 | User logon from unauthorized workstation |\\n| 0xC0000071 | User logon with expired password |\\n| 0xC0000072 | User logon to account disabled by administrator |\\n| 0XC00000DC | Indicates the Sam Server was in the wrong state to perform the desired operation. |\\n| 0XC0000133 | Clocks between DC and other computer too far out of sync |\\n| 0XC000015B | The user has not been granted the requested logon type (aka logon right) at this machine |\\n| 0XC000018C | The logon request failed because the trust relationship between the primary domain and the trusted domain failed. |\\n| 0XC0000192 | An attempt was made to logon, but the Netlogon service was not started. |\\n| 0xC0000193 | User logon with expired account |\\n| 0XC0000224 | User is required to change password at next logon |\\n| 0XC0000225 | Evidently a bug in Windows and not a risk |\\n| 0xC0000234 | User logon with account locked |\\n| 0XC00002EE | Failure Reason: An Error occurred during Logon |\\n| 0XC0000413 | Logon Failure: The machine you are logging onto is protected by an authentication firewall. The specified account is not allowed to authenticate to the machine. |\\n| 0x0 | Status OK. |\\n\\nFor more information see *https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4625*\",\"openLinksInNewTab\":false,\"fontSize\":10}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-21T19:34:03.463Z","id":"4b319ad8-e537-441c-88ee-15058cbf346b","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-21T20:08:20.649Z","version":"WzE0MjgsMV0="} +{"attributes":{"columns":["host.name","winlog.event_data.SubjectUserName","winlog.event_data.TargetUserName","winlog.event_data.TargetServerName","winlog.event_data.SubjectDomainName","winlog.event_data.TargetDomainName","winlog.event_data.ProcessId","winlog.event_data.ProcessName"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.channel:Security and winlog.event_id:4648 \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"srch_sd_security_4648_logon_explicit_creds_running_as_different_user","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-21T19:34:03.463Z","id":"c3113842-6bb9-484f-8110-72a8652cfe4c","managed":false,"references":[{"id":"ee32517b-85a4-448d-b063-ef0c0e1d5887","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-21T21:56:47.529Z","version":"WzE0OTMsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_logs_computernames_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Logged events\"}},{\"id\":\"2\",\"enabled\":false,\"type\":\"filters\",\"schema\":\"bucket\",\"params\":{\"filters\":[{\"input\":{\"query\":\"winlog.event_id : 4624\",\"language\":\"kuery\"},\"label\":\"EventID 4624\"}]}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1000,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Computername\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{},\"params\":{},\"aggType\":\"filters\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"vis_sd_security_logs_computernames_datatable\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-21T19:34:03.463Z","id":"5e135bcd-9c31-4c84-aff7-ea6fbb6ce752","managed":false,"references":[{"id":"4d4fcf30-df17-4a78-b6ac-890b383e8e2a","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-21T19:34:03.463Z","version":"WzEzOTcsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n| [ Credential Access logs](#/dashboard/403259b0-42ff-11ef-ad69-a315bc8e9abb)\\n| [ Privilege Access logs](#/dashboard/ff4536e0-439c-11ef-bb7f-8131442929d4)\\n| [ Policy Changes & System Activity](#/dashboard/b9590350-4ad6-11ef-b548-fb0fe2537bf7)\\n| [ Identity access Management](#/dashboard/99145260-4618-11ef-af9e-99159f20f35b)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-21T19:34:03.463Z","id":"e885d176-bb6f-444a-abbc-6ce6fbf14f74","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-21T19:34:03.463Z","version":"WzEzOTgsMV0="} +{"attributes":{"description":"Security log related events","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":24,\"h\":15,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security logs events\",\"panelRefName\":\"panel_1\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":134,\"w\":48,\"h\":17,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - Process creation - event ID 4688\",\"panelRefName\":\"panel_2\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":109,\"w\":48,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Log Cleared - event ID 1102 or 104\",\"panelRefName\":\"panel_3\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":151,\"w\":48,\"h\":18,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - Logon created - Logon type 2\",\"panelRefName\":\"panel_6\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":3,\"w\":24,\"h\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Select a computer to filter the below results. Leave blank for all\",\"panelRefName\":\"panel_7\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":169,\"w\":48,\"h\":15,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - network logon created - Logon type 3\",\"panelRefName\":\"panel_8\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":117,\"w\":48,\"h\":17,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log events - Detail\",\"panelRefName\":\"panel_9\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":184,\"w\":48,\"h\":17,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - logon as a service - Logon type 5\",\"panelRefName\":\"panel_10\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":201,\"w\":48,\"h\":15,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - Credential sent as clear text - Logon type 8\",\"panelRefName\":\"panel_11\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":18,\"w\":24,\"h\":15,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed logon attempts\",\"panelRefName\":\"panel_15\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":216,\"w\":48,\"h\":18,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - Logons with special privileges assigned - event ID 4672\",\"panelRefName\":\"panel_19\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":18,\"w\":24,\"h\":15,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Computers showing failed login attempts - 10 maximum shown\",\"panelRefName\":\"panel_20\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":33,\"w\":48,\"h\":18,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed logon type codes\",\"panelRefName\":\"panel_21\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":51,\"w\":48,\"h\":16,\"i\":\"22\"},\"panelIndex\":\"22\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed logon and reason (status code)\",\"panelRefName\":\"panel_22\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":83,\"w\":48,\"h\":26,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed logon status codes\",\"panelRefName\":\"panel_23\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":234,\"w\":48,\"h\":15,\"i\":\"28\"},\"panelIndex\":\"28\",\"embeddableConfig\":{\"enhancements\":{},\"sort\":[]},\"title\":\"Security log - Process started with different credentials- event ID 4648 [could be RUNAS, scheduled tasks]\",\"panelRefName\":\"panel_28\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":11,\"w\":24,\"h\":7,\"i\":\"30\"},\"panelIndex\":\"30\",\"embeddableConfig\":{\"enhancements\":{},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"title\":\"Select a computername to filter\",\"panelRefName\":\"panel_30\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"b71dba65-ed1c-4917-9fc7-54923511ad2d\"},\"panelIndex\":\"b71dba65-ed1c-4917-9fc7-54923511ad2d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b71dba65-ed1c-4917-9fc7-54923511ad2d\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":67,\"w\":48,\"h\":16,\"i\":\"96010259-5ae8-4632-bcce-34078573b1cd\"},\"panelIndex\":\"96010259-5ae8-4632-bcce-34078573b1cd\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed Logons\",\"panelRefName\":\"panel_96010259-5ae8-4632-bcce-34078573b1cd\"}]","timeRestore":false,"title":"Security Dashboard - Security Log","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-21T19:34:03.463Z","id":"49c57924-3cac-4bf6-89d6-0a4505d2a808","managed":false,"references":[{"id":"c5dc23e1-4a54-44c6-b354-223faa728800","name":"1:panel_1","type":"visualization"},{"id":"d10da8a4-38ff-4703-b91c-ce984850f9c3","name":"2:panel_2","type":"search"},{"id":"7e46da37-24db-4262-b778-7111ec268295","name":"3:panel_3","type":"search"},{"id":"eac15a4a-439f-4d5f-976d-99de3f19788f","name":"6:panel_6","type":"visualization"},{"id":"47abcb6b-0a7e-492b-a7b1-40d506194862","name":"7:panel_7","type":"visualization"},{"id":"c988e6c0-e97e-476e-a8d9-de7a5ea87e37","name":"8:panel_8","type":"visualization"},{"id":"4d4fcf30-df17-4a78-b6ac-890b383e8e2a","name":"9:panel_9","type":"search"},{"id":"3192dfcc-b197-4b42-9b53-fadfb83eff73","name":"10:panel_10","type":"visualization"},{"id":"b3c5391e-bd30-4432-a281-b60c8a3fa81a","name":"11:panel_11","type":"visualization"},{"id":"5b0cff9f-8556-4428-b34f-13fe889001b2","name":"15:panel_15","type":"visualization"},{"id":"fa60dca2-de2c-4f2b-b441-edacc3489600","name":"19:panel_19","type":"visualization"},{"id":"04d761f8-31da-4fa6-b411-492982bffcb7","name":"20:panel_20","type":"visualization"},{"id":"7b7addff-313c-4305-a681-0e73e4fab8a5","name":"21:panel_21","type":"visualization"},{"id":"e241d441-f788-45f7-8f78-cb67ab880af7","name":"22:panel_22","type":"visualization"},{"id":"4b319ad8-e537-441c-88ee-15058cbf346b","name":"23:panel_23","type":"visualization"},{"id":"c3113842-6bb9-484f-8110-72a8652cfe4c","name":"28:panel_28","type":"search"},{"id":"5e135bcd-9c31-4c84-aff7-ea6fbb6ce752","name":"30:panel_30","type":"visualization"},{"id":"e885d176-bb6f-444a-abbc-6ce6fbf14f74","name":"b71dba65-ed1c-4917-9fc7-54923511ad2d:panel_b71dba65-ed1c-4917-9fc7-54923511ad2d","type":"visualization"},{"id":"69b1e834-ded8-4e8b-8d0d-8b870dcbdaf3","name":"96010259-5ae8-4632-bcce-34078573b1cd:panel_96010259-5ae8-4632-bcce-34078573b1cd","type":"search"}],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-10-21T19:34:03.463Z","version":"WzEzOTksMV0="} +{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":10},\"source.ip\":{\"count\":3},\"source.port\":{\"count\":3},\"winlog.event_data.IpAddress\":{\"count\":6},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":5},\"winlog.event_data.TargetDomainName\":{\"count\":9},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.event_data.ProcessID\":{\"count\":1},\"process.executable\":{\"count\":2},\"destination.ip\":{\"count\":1},\"destination.port\":{\"count\":1},\"network.transport\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.DestinationIp\":{\"count\":5},\"winlog.event_data.DestinationPort\":{\"count\":1},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.SourceIp\":{\"count\":3},\"winlog.event_data.SourcePort\":{\"count\":3},\"winlog.event_data.SourcePortName\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":1},\"winlog.event_data.SubjectUserName\":{\"count\":2},\"winlog.event_data.TargetUser\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"logs-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T17:35:04.094Z","id":"ed7abce5-3005-4a1f-bead-55d2c5c05971","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-23T17:35:04.094Z","version":"WzI2MjgsMV0="} +{"attributes":{"columns":["event.code","event.action","winlog.logon.type","host.name","winlog.event_data.LogonProcessName","winlog.logon.id","winlog.event_data.SubjectUserName","winlog.event_data.IpAddress","winlog.event_data.TargetDomainName"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.channel:Security\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"srch_sd_security_logs","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T17:35:04.094Z","id":"59f2d4f2-9d6a-4fe9-a631-ce9050992206","managed":false,"references":[{"id":"ed7abce5-3005-4a1f-bead-55d2c5c05971","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-23T17:35:04.094Z","version":"WzI2MjksMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Vis_sd_security_log_count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Vis_sd_security_log_count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Count\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T17:35:04.094Z","id":"1005636a-f473-4a39-a905-ec18aa855ce1","managed":false,"references":[{"id":"59f2d4f2-9d6a-4fe9-a631-ce9050992206","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-23T17:35:04.094Z","version":"WzI2MzAsMV0="} +{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":10},\"source.ip\":{\"count\":3},\"source.port\":{\"count\":3},\"winlog.event_data.IpAddress\":{\"count\":6},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":5},\"winlog.event_data.TargetDomainName\":{\"count\":9},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.event_data.ProcessID\":{\"count\":1},\"process.executable\":{\"count\":2},\"destination.ip\":{\"count\":1},\"destination.port\":{\"count\":1},\"network.transport\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.DestinationIp\":{\"count\":5},\"winlog.event_data.DestinationPort\":{\"count\":1},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.SourceIp\":{\"count\":3},\"winlog.event_data.SourcePort\":{\"count\":3},\"winlog.event_data.SourcePortName\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":1},\"winlog.event_data.SubjectUserName\":{\"count\":2},\"winlog.event_data.TargetUser\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"logs-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T17:35:04.094Z","id":"696a9992-8ed1-4ca4-88f8-f075d7d7f377","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-23T17:35:04.094Z","version":"WzI2MzEsMV0="} +{"attributes":{"columns":["host.name","winlog.event_id","winlog.event_data.TokenElevationType","winlog.event_data.MandatoryLabel","winlog.event_data.ProcessId","winlog.event_data.ProcessName","process.parent.executable","process.executable"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code: \\\"4688\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"srch_sd_security_4688_process_creation","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T17:35:04.094Z","id":"754b3596-ffcc-41dd-96f6-081f4b7ecc44","managed":false,"references":[{"id":"696a9992-8ed1-4ca4-88f8-f075d7d7f377","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-23T17:35:04.094Z","version":"WzI2MzIsMV0="} +{"attributes":{"columns":["winlog.user_data.SubjectDomainName","winlog.user_data.SubjectUserName","host.name","event.code","winlog.user_data.Channel","event.module"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code:\\\"1102\\\" OR event.code:\\\"104\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"srch_sd_security_1102_security_log_cleared","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T17:35:04.094Z","id":"1e97e80a-ab77-44eb-9cf9-6b6cd1566017","managed":false,"references":[{"id":"696a9992-8ed1-4ca4-88f8-f075d7d7f377","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-23T17:35:04.094Z","version":"WzI2MzMsMV0="} +{"attributes":{"columns":["winlog.event_data.TargetUserName","winlog.event_data.TargetLogonId","host.name","winlog.task","winlog.event_id","winlog.event_data.LogonType","process.name","winlog.event_data.LogonProcessName"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"winlog.channel:Security and winlog.event_id:4624 and winlog.event_data.LogonType:2\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"srch_sd_security_4624_logon_type_2","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T17:35:04.094Z","id":"92562206-3ca8-4227-8dc3-c69d56598302","managed":false,"references":[{"id":"696a9992-8ed1-4ca4-88f8-f075d7d7f377","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-23T17:35:04.094Z","version":"WzI2MzQsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_4624_logon_type_2_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"vis_sd_security_4624_logon_type_2_datatable\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Computer\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.TargetUserName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Logon created for user\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"_key\",\"order\":\"asc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"logon created locally\"},\"schema\":\"split\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.TargetDomainName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Domain\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}],\"splitRow\":[{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"row\":true,\"percentageCol\":\"\",\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T17:35:04.094Z","id":"eb90968d-fed5-4d22-a21d-bcb58a3787cd","managed":false,"references":[{"id":"92562206-3ca8-4227-8dc3-c69d56598302","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-23T17:35:04.094Z","version":"WzI2MzUsMV0="} +{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":10},\"source.ip\":{\"count\":3},\"source.port\":{\"count\":3},\"winlog.event_data.IpAddress\":{\"count\":6},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":5},\"winlog.event_data.TargetDomainName\":{\"count\":9},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.event_data.ProcessID\":{\"count\":1},\"process.executable\":{\"count\":2},\"destination.ip\":{\"count\":1},\"destination.port\":{\"count\":1},\"network.transport\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.DestinationIp\":{\"count\":5},\"winlog.event_data.DestinationPort\":{\"count\":1},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.SourceIp\":{\"count\":3},\"winlog.event_data.SourcePort\":{\"count\":3},\"winlog.event_data.SourcePortName\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":1},\"winlog.event_data.SubjectUserName\":{\"count\":2},\"winlog.event_data.TargetUser\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"winlogbeat-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"winlogbeat-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T17:35:04.094Z","id":"b642bbb8-f3d0-4c00-83c7-4f28909ebd13","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-23T17:35:04.094Z","version":"WzI2MzYsMV0="} +{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":10},\"source.ip\":{\"count\":3},\"source.port\":{\"count\":3},\"winlog.event_data.IpAddress\":{\"count\":6},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":5},\"winlog.event_data.TargetDomainName\":{\"count\":9},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.event_data.ProcessID\":{\"count\":1},\"process.executable\":{\"count\":2},\"destination.ip\":{\"count\":1},\"destination.port\":{\"count\":1},\"network.transport\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.DestinationIp\":{\"count\":5},\"winlog.event_data.DestinationPort\":{\"count\":1},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.SourceIp\":{\"count\":3},\"winlog.event_data.SourcePort\":{\"count\":3},\"winlog.event_data.SourcePortName\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":1},\"winlog.event_data.SubjectUserName\":{\"count\":2},\"winlog.event_data.TargetUser\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"logs-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T17:35:04.094Z","id":"302f5e0c-0fe9-423a-a108-6d154e1158a9","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-23T17:35:04.094Z","version":"WzI2MzcsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"winlog.channel\",\"negate\":false,\"params\":{\"query\":\"Security\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"winlog.channel\":{\"query\":\"Security\"}}}}]}"},"title":"vis_sd_security_4624_picker","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_security_4624_picker\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1570446686972\",\"fieldName\":\"\",\"parent\":\"\",\"label\":\"Computername\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T17:35:04.094Z","id":"21038ddc-61bb-4709-9a06-e9d399ada64a","managed":false,"references":[{"id":"b642bbb8-f3d0-4c00-83c7-4f28909ebd13","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"302f5e0c-0fe9-423a-a108-6d154e1158a9","name":"control_0_index_pattern","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-23T17:35:04.094Z","version":"WzI2MzgsMV0="} +{"attributes":{"columns":["winlog.event_data.TargetUserName","winlog.event_data.TargetLogonId","host.name","winlog.task","winlog.event_id","winlog.event_data.LogonType","source.ip","source.port","winlog.event_data.LogonProcessName"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"winlog.channel:Security and winlog.event_id:4624 and winlog.event_data.LogonType:3\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"srch_sd_security_4624_logon_type_3","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T17:35:04.094Z","id":"0d2b506b-85b9-4624-924c-a588072e5ad7","managed":false,"references":[{"id":"ed7abce5-3005-4a1f-bead-55d2c5c05971","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-23T17:35:04.094Z","version":"WzI2MzksMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"not user.name:*$\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_4624_logon_type_3_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"vis_sd_security_4624_logon_type_3_datatable\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Computer\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.TargetUserName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Network logon created for user\"},\"schema\":\"bucket\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"_key\",\"order\":\"asc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"network logon by user\"},\"schema\":\"split\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.TargetDomainName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Domain\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}],\"splitRow\":[{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"row\":true,\"percentageCol\":\"\",\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T17:35:04.094Z","id":"e60c6ec4-f943-44cb-b6ce-f93138fdf660","managed":false,"references":[{"id":"0d2b506b-85b9-4624-924c-a588072e5ad7","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-23T17:35:04.094Z","version":"WzI2NDAsMV0="} +{"attributes":{"columns":["winlog.event_data.TargetUserName","winlog.event_data.TargetLogonId","host.name","winlog.task","winlog.event_id","winlog.event_data.LogonType","process.name","winlog.event_data.LogonProcessName"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"winlog.channel:Security and winlog.event_id:4624 and winlog.event_data.LogonType:5\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"srch_sd_security_4624_logon_type_5","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T17:35:04.094Z","id":"08f51fba-7f74-4724-a424-d90fd6f433e6","managed":false,"references":[{"id":"ed7abce5-3005-4a1f-bead-55d2c5c05971","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-23T17:35:04.094Z","version":"WzI2NDEsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_4624_logon_type_5_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"vis_sd_security_4624_logon_type_5_datatable\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Computer\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.TargetUserName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Service account used\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"_key\",\"order\":\"asc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Logon as service with user\"},\"schema\":\"split\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.TargetDomainName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":16,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Domain\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}],\"splitRow\":[{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"row\":true,\"percentageCol\":\"\",\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T17:35:04.094Z","id":"4752d143-4f0a-4685-b890-7a19e29a0efa","managed":false,"references":[{"id":"08f51fba-7f74-4724-a424-d90fd6f433e6","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-23T17:35:04.094Z","version":"WzI2NDIsMV0="} +{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":10},\"source.ip\":{\"count\":3},\"source.port\":{\"count\":3},\"winlog.event_data.IpAddress\":{\"count\":6},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":5},\"winlog.event_data.TargetDomainName\":{\"count\":9},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.event_data.ProcessID\":{\"count\":1},\"process.executable\":{\"count\":2},\"destination.ip\":{\"count\":1},\"destination.port\":{\"count\":1},\"network.transport\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.DestinationIp\":{\"count\":5},\"winlog.event_data.DestinationPort\":{\"count\":1},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.SourceIp\":{\"count\":3},\"winlog.event_data.SourcePort\":{\"count\":3},\"winlog.event_data.SourcePortName\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":1},\"winlog.event_data.SubjectUserName\":{\"count\":2},\"winlog.event_data.TargetUser\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"logs-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T17:35:04.094Z","id":"66c72467-6323-44b1-b788-7e7d6f5ddec5","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-23T17:35:04.094Z","version":"WzI2NDMsMV0="} +{"attributes":{"columns":["winlog.event_data.TargetUserName","winlog.event_data.TargetLogonId","host.name","winlog.task","winlog.event_id","winlog.event_data.LogonType","process.name","source.ip","source.port","winlog.event_data.LogonProcessName"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.channel:Security and winlog.event_id:4624 and winlog.event_data.LogonType:8\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"srch_sd_security_4624_logon_type_8","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T17:35:04.094Z","id":"bbed4a2c-015d-44db-ad34-de2173a81668","managed":false,"references":[{"id":"66c72467-6323-44b1-b788-7e7d6f5ddec5","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-23T17:35:04.094Z","version":"WzI2NDQsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_4624_logon_type_8_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"vis_sd_security_4624_logon_type_8_datatable\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Computer\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.TargetUserName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"User\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"asc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Credentials sent in clear text\"},\"schema\":\"split\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.TargetDomainName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Domain\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}],\"splitRow\":[{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"row\":true,\"percentageCol\":\"\",\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T17:35:04.094Z","id":"a7c34827-8829-4c45-81ad-26ffff747efe","managed":false,"references":[{"id":"bbed4a2c-015d-44db-ad34-de2173a81668","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-23T17:35:04.094Z","version":"WzI2NDUsMV0="} +{"attributes":{"columns":["host.name","winlog.event_data.TargetDomainName","winlog.event_data.WorkstationName","winlog.event_data.TargetUserName","winlog.event_data.LogonType","winlog.event_data.IpAddress","winlog.event_data.Status","winlog.event_data.SubStatus"],"description":"New settings test 9/29/2023 16:44","grid":{"columns":{"winlog.event_data.Status":{"width":221}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code:\\\"4625\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"srch_sd_security_4625_failed_logon","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T17:35:04.094Z","id":"2fc86684-4065-45c3-9847-2d4c241ec544","managed":false,"references":[{"id":"ed7abce5-3005-4a1f-bead-55d2c5c05971","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-23T17:35:04.094Z","version":"WzI2NDYsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_4625_failed_logon_count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_security_4625_failed_logon_count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T17:35:04.094Z","id":"3f754ea3-d5cc-4060-8b99-c330f973d797","managed":false,"references":[{"id":"2fc86684-4065-45c3-9847-2d4c241ec544","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-23T17:35:04.094Z","version":"WzI2NDcsMV0="} +{"attributes":{"columns":["winlog.event_data.SubjectUserName","winlog.computer_name","winlog.task","winlog.event_id","winlog.event_data.PrivilegeList"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.channel:Security and winlog.event_id:4672\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"srch_sd_security_4672_special_privileges_assigned","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T17:35:04.094Z","id":"9058d77f-3f30-4d94-90a0-6b28e0b61084","managed":false,"references":[{"id":"ed7abce5-3005-4a1f-bead-55d2c5c05971","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-23T17:35:04.094Z","version":"WzI2NDgsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":\"NT AUTHORITY, Window Manager, Font Driver Host\",\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_4672_special_privileges_assigned_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"vis_sd_security_4672_special_privileges_assigned_datatable\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Computername\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.TargetUserName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"User assigned special privileges\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"asc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"User assigned special privileges logged on\"},\"schema\":\"split\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.TargetDomainName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Domain\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}],\"splitRow\":[{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"row\":true,\"percentageCol\":\"\",\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T17:35:04.094Z","id":"ce7bf80b-284c-4130-a4b8-c6d5b93f601c","managed":false,"references":[{"id":"b642bbb8-f3d0-4c00-83c7-4f28909ebd13","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"9058d77f-3f30-4d94-90a0-6b28e0b61084","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-23T17:35:04.094Z","version":"WzI2NDksMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_security_4625_failed_logon_timelion","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_security_4625_failed_logon_timelion\",\"type\":\"timelion\",\"aggs\":[],\"params\":{\"expression\":\".es(q=winlog.event_id:4625, index=logs-*,, split=winlog.computer_name:10).label(\\\"$1\\\",\\\"^.* > winlog.computer_name:(\\\\S+) > .*\\\").legend(position=ne)\",\"interval\":\"auto\"}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T17:35:04.094Z","id":"984414eb-a284-4630-907a-db530e5cc399","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-23T17:35:04.094Z","version":"WzI2NTAsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_security_4625_failed_logon_types_label","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_security_4625_failed_logon_types_label\",\"type\":\"markdown\",\"params\":{\"markdown\":\"|Logon Type|Logon Title|Description|\\n| :-: | :- | :- |\\n| 2 | Interactive | A user logged on to this computer. |\\n| 3 | Network | A user or computer logged on to this computer from the network. |\\n| 4 | Batch | Batch logon type is used by batch servers, where processes may be executing on behalf of a user without their direct intervention. |\\n| 5 | Service | A service was started by the Service Control Manager. |\\n| 7 | Unlock | This workstation was unlocked. |\\n| 8 | NetworkCleartext | A user logged on to this computer from the network. The user's password was passed to the authentication package in its unhashed form. The built-in authentication packages all hash credentials before sending them across the network. The credentials do not traverse the network in plaintext (also called cleartext). |\\n| 9 | NewCredentials | A caller cloned its current token and specified new credentials for outbound connections. The new logon session has the same local identity, but uses different credentials for other network connections. |\\n| 10 | RemoteInteractive | A user logged on to this computer remotely using Terminal Services or Remote Desktop. |\\n| 11 | CachedInteractive | A user logged on to this computer with network credentials that were stored locally on the computer. The domain controller was not contacted to verify the credentials. |\\n\\nFor more information see *https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4625*\",\"openLinksInNewTab\":false,\"fontSize\":10},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T17:35:04.094Z","id":"e473e94b-5e50-4ff8-ad7d-c1fe232b17ea","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-23T17:35:04.094Z","version":"WzI2NTEsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_4625_failed_logon_status_codes_pie","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"vis_sd_security_4625_failed_logon_status_codes_pie\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.LogonType\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.Status\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"segment\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.SubStatus\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T17:35:04.094Z","id":"bb4bdce0-0c10-4fc2-b0a7-47842a298301","managed":false,"references":[{"id":"2fc86684-4065-45c3-9847-2d4c241ec544","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-23T17:35:04.094Z","version":"WzI2NTIsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_security_4625_failed_logon_status_label","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_security_4625_failed_logon_status_label\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"markdown\":\"| Code | Description |\\n| :- | :- |\\n| 0XC000005E | There are currently no logon servers available to service the logon request. |\\n| 0xC0000064 | User logon with misspelled or bad user account |\\n| 0xC000006A | User logon with misspelled or bad password |\\n| 0XC000006D | This is either due to a bad username or authentication information |\\n| 0XC000006E | Unknown user name or bad password. |\\n| 0xC000006F | User logon outside authorized hours |\\n| 0xC0000070 | User logon from unauthorized workstation |\\n| 0xC0000071 | User logon with expired password |\\n| 0xC0000072 | User logon to account disabled by administrator |\\n| 0XC00000DC | Indicates the Sam Server was in the wrong state to perform the desired operation. |\\n| 0XC0000133 | Clocks between DC and other computer too far out of sync |\\n| 0XC000015B | The user has not been granted the requested logon type (aka logon right) at this machine |\\n| 0XC000018C | The logon request failed because the trust relationship between the primary domain and the trusted domain failed. |\\n| 0XC0000192 | An attempt was made to logon, but the Netlogon service was not started. |\\n| 0xC0000193 | User logon with expired account |\\n| 0XC0000224 | User is required to change password at next logon |\\n| 0XC0000225 | Evidently a bug in Windows and not a risk |\\n| 0xC0000234 | User logon with account locked |\\n| 0XC00002EE | Failure Reason: An Error occurred during Logon |\\n| 0XC0000413 | Logon Failure: The machine you are logging onto is protected by an authentication firewall. The specified account is not allowed to authenticate to the machine. |\\n| 0x0 | Status OK. |\\n\\nFor more information see *https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4625*\",\"openLinksInNewTab\":false,\"fontSize\":10}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T17:35:04.094Z","id":"cdea8dc0-034c-4249-b90d-0bd1b400e305","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-23T17:35:04.094Z","version":"WzI2NTMsMV0="} +{"attributes":{"columns":["host.name","winlog.event_data.SubjectUserName","winlog.event_data.TargetUserName","winlog.event_data.TargetServerName","winlog.event_data.SubjectDomainName","winlog.event_data.TargetDomainName","winlog.event_data.ProcessId","winlog.event_data.ProcessName"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.channel:Security and winlog.event_id:4648 \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"srch_sd_security_4648_logon_explicit_creds_running_as_different_user","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T17:35:04.094Z","id":"50bdd4e0-8ef8-4a5f-96aa-6aa6eac3b6f0","managed":false,"references":[{"id":"696a9992-8ed1-4ca4-88f8-f075d7d7f377","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-23T17:35:04.094Z","version":"WzI2NTQsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_logs_computernames_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Logged events\"}},{\"id\":\"2\",\"enabled\":false,\"type\":\"filters\",\"schema\":\"bucket\",\"params\":{\"filters\":[{\"input\":{\"query\":\"winlog.event_id : 4624\",\"language\":\"kuery\"},\"label\":\"EventID 4624\"}]}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1000,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Computername\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{},\"params\":{},\"aggType\":\"filters\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"vis_sd_security_logs_computernames_datatable\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T17:35:04.094Z","id":"a7410752-98c4-4145-adb4-1c39506f58ca","managed":false,"references":[{"id":"59f2d4f2-9d6a-4fe9-a631-ce9050992206","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-23T17:35:04.094Z","version":"WzI2NTUsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n| [ Credential Access logs](#/dashboard/403259b0-42ff-11ef-ad69-a315bc8e9abb)\\n| [ Privilege Access logs](#/dashboard/ff4536e0-439c-11ef-bb7f-8131442929d4)\\n| [ Policy Changes & System Activity](#/dashboard/b9590350-4ad6-11ef-b548-fb0fe2537bf7)\\n| [ Identity access Management](#/dashboard/99145260-4618-11ef-af9e-99159f20f35b)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T17:35:04.094Z","id":"a1aba1fc-12c2-48d6-8bc9-0a6af60d8abd","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-23T17:35:04.094Z","version":"WzI2NTYsMV0="} +{"attributes":{"description":"Security log related events","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":24,\"h\":15,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security logs events\",\"panelRefName\":\"panel_1\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":134,\"w\":48,\"h\":17,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - Process creation - event ID 4688\",\"panelRefName\":\"panel_2\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":109,\"w\":48,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Log Cleared - event ID 1102 or 104\",\"panelRefName\":\"panel_3\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":151,\"w\":48,\"h\":18,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - Logon created - Logon type 2\",\"panelRefName\":\"panel_6\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":3,\"w\":24,\"h\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Select a computer to filter the below results. Leave blank for all\",\"panelRefName\":\"panel_7\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":169,\"w\":48,\"h\":15,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - network logon created - Logon type 3\",\"panelRefName\":\"panel_8\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":117,\"w\":48,\"h\":17,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log events - Detail\",\"panelRefName\":\"panel_9\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":184,\"w\":48,\"h\":17,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - logon as a service - Logon type 5\",\"panelRefName\":\"panel_10\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":201,\"w\":48,\"h\":15,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - Credential sent as clear text - Logon type 8\",\"panelRefName\":\"panel_11\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":18,\"w\":24,\"h\":15,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed logon attempts\",\"panelRefName\":\"panel_15\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":216,\"w\":48,\"h\":18,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - Logons with special privileges assigned - event ID 4672\",\"panelRefName\":\"panel_19\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":18,\"w\":24,\"h\":15,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Computers showing failed login attempts - 10 maximum shown\",\"panelRefName\":\"panel_20\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":33,\"w\":48,\"h\":18,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed logon type codes\",\"panelRefName\":\"panel_21\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":51,\"w\":48,\"h\":16,\"i\":\"22\"},\"panelIndex\":\"22\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed logon and reason (status code)\",\"panelRefName\":\"panel_22\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":83,\"w\":48,\"h\":26,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed logon status codes\",\"panelRefName\":\"panel_23\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":234,\"w\":48,\"h\":15,\"i\":\"28\"},\"panelIndex\":\"28\",\"embeddableConfig\":{\"enhancements\":{},\"sort\":[]},\"title\":\"Security log - Process started with different credentials- event ID 4648 [could be RUNAS, scheduled tasks]\",\"panelRefName\":\"panel_28\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":11,\"w\":24,\"h\":7,\"i\":\"30\"},\"panelIndex\":\"30\",\"embeddableConfig\":{\"enhancements\":{},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"title\":\"Select a computername to filter\",\"panelRefName\":\"panel_30\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"b71dba65-ed1c-4917-9fc7-54923511ad2d\"},\"panelIndex\":\"b71dba65-ed1c-4917-9fc7-54923511ad2d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b71dba65-ed1c-4917-9fc7-54923511ad2d\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":67,\"w\":48,\"h\":16,\"i\":\"96010259-5ae8-4632-bcce-34078573b1cd\"},\"panelIndex\":\"96010259-5ae8-4632-bcce-34078573b1cd\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed Logons\",\"panelRefName\":\"panel_96010259-5ae8-4632-bcce-34078573b1cd\"}]","timeRestore":false,"title":"Security Dashboard - Security Log.2.0","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T17:35:04.094Z","id":"beeeb066-d497-4b2a-99d3-44d741238bd1","managed":false,"references":[{"id":"1005636a-f473-4a39-a905-ec18aa855ce1","name":"1:panel_1","type":"visualization"},{"id":"754b3596-ffcc-41dd-96f6-081f4b7ecc44","name":"2:panel_2","type":"search"},{"id":"1e97e80a-ab77-44eb-9cf9-6b6cd1566017","name":"3:panel_3","type":"search"},{"id":"eb90968d-fed5-4d22-a21d-bcb58a3787cd","name":"6:panel_6","type":"visualization"},{"id":"21038ddc-61bb-4709-9a06-e9d399ada64a","name":"7:panel_7","type":"visualization"},{"id":"e60c6ec4-f943-44cb-b6ce-f93138fdf660","name":"8:panel_8","type":"visualization"},{"id":"59f2d4f2-9d6a-4fe9-a631-ce9050992206","name":"9:panel_9","type":"search"},{"id":"4752d143-4f0a-4685-b890-7a19e29a0efa","name":"10:panel_10","type":"visualization"},{"id":"a7c34827-8829-4c45-81ad-26ffff747efe","name":"11:panel_11","type":"visualization"},{"id":"3f754ea3-d5cc-4060-8b99-c330f973d797","name":"15:panel_15","type":"visualization"},{"id":"ce7bf80b-284c-4130-a4b8-c6d5b93f601c","name":"19:panel_19","type":"visualization"},{"id":"984414eb-a284-4630-907a-db530e5cc399","name":"20:panel_20","type":"visualization"},{"id":"e473e94b-5e50-4ff8-ad7d-c1fe232b17ea","name":"21:panel_21","type":"visualization"},{"id":"bb4bdce0-0c10-4fc2-b0a7-47842a298301","name":"22:panel_22","type":"visualization"},{"id":"cdea8dc0-034c-4249-b90d-0bd1b400e305","name":"23:panel_23","type":"visualization"},{"id":"50bdd4e0-8ef8-4a5f-96aa-6aa6eac3b6f0","name":"28:panel_28","type":"search"},{"id":"a7410752-98c4-4145-adb4-1c39506f58ca","name":"30:panel_30","type":"visualization"},{"id":"a1aba1fc-12c2-48d6-8bc9-0a6af60d8abd","name":"b71dba65-ed1c-4917-9fc7-54923511ad2d:panel_b71dba65-ed1c-4917-9fc7-54923511ad2d","type":"visualization"},{"id":"2fc86684-4065-45c3-9847-2d4c241ec544","name":"96010259-5ae8-4632-bcce-34078573b1cd:panel_96010259-5ae8-4632-bcce-34078573b1cd","type":"search"}],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-10-23T17:35:04.094Z","version":"WzI2NTcsMV0="} +{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":60,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file diff --git a/dashboards/elastic/sysmon_summary.ndjson b/dashboards/elastic/sysmon_summary.ndjson new file mode 100644 index 00000000..5756ce73 --- /dev/null +++ b/dashboards/elastic/sysmon_summary.ndjson @@ -0,0 +1,11 @@ +{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":10},\"source.ip\":{\"count\":3},\"source.port\":{\"count\":3},\"winlog.event_data.IpAddress\":{\"count\":6},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":5},\"winlog.event_data.TargetDomainName\":{\"count\":9},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.event_data.ProcessID\":{\"count\":1},\"process.executable\":{\"count\":2},\"destination.ip\":{\"count\":1},\"destination.port\":{\"count\":1},\"network.transport\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.DestinationIp\":{\"count\":5},\"winlog.event_data.DestinationPort\":{\"count\":1},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.SourceIp\":{\"count\":3},\"winlog.event_data.SourcePort\":{\"count\":3},\"winlog.event_data.SourcePortName\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":1},\"winlog.event_data.SubjectUserName\":{\"count\":2},\"winlog.event_data.TargetUser\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"logs-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-21T19:02:16.690Z","id":"ee32517b-85a4-448d-b063-ef0c0e1d5887","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-21T19:02:16.690Z","version":"WzEzMTksMV0="} +{"attributes":{"columns":[],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.channel:\\\"Microsoft-Windows-Sysmon/Operational\\\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"srch_sd_sysmon_all_events","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-21T22:21:37.974Z","id":"8df10862-b41c-48f1-8103-acabf6b6a43a","managed":false,"references":[{"id":"ee32517b-85a4-448d-b063-ef0c0e1d5887","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-21T22:22:32.149Z","version":"WzE1NTUsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_sysmon_all_events_count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_all_events_count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-21T22:21:37.974Z","id":"b7fe57cb-6119-4ba8-b169-63cdf51d8d31","managed":false,"references":[{"id":"8df10862-b41c-48f1-8103-acabf6b6a43a","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-21T22:21:37.974Z","version":"WzE1NDQsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_sysmon_all_events_pie","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_all_events_pie\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":23,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Event code\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":false,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":0},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-21T22:21:37.974Z","id":"7c60b9ca-af8f-4563-8719-099c16c0020a","managed":false,"references":[{"id":"8df10862-b41c-48f1-8103-acabf6b6a43a","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-21T22:21:37.974Z","version":"WzE1NDUsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_sysmon_all_events_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_all_events_datatable\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"winlog.event_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":23,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Event code\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-21T22:21:37.974Z","id":"875432d0-510b-4d4c-a77d-563e1bd70a62","managed":false,"references":[{"id":"8df10862-b41c-48f1-8103-acabf6b6a43a","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-21T22:21:37.974Z","version":"WzE1NDYsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_sysmon_all_host_events_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_all_host_events_datatable\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":23,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Event code\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Missing computer name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Computer name\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"split\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Missing computer name\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}],\"splitRow\":[{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"row\":true,\"percentageCol\":\"\",\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-21T22:21:37.974Z","id":"34250ab9-39e2-4601-8aa5-3d047b43c632","managed":false,"references":[{"id":"8df10862-b41c-48f1-8103-acabf6b6a43a","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-21T22:21:37.974Z","version":"WzE1NDcsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_sysmon_event_code_reference","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"markdown\",\"aggs\":[],\"params\":{\"markdown\":\"| \\tEvent ID\\t | \\tEvent\\t | \\tDescription\\t |\\n| \\t:-:\\t | \\t:-\\t | \\t-\\t |\\n| \\t1\\t | \\tProcess creation\\t | \\tThe process creation event provides extended information about a newly created process. The full command line provides context on the process execution. The ProcessGUID field is a unique value for this process across a domain to make event correlation easier. The hash is a full hash of the file with the algorithms in the HashType field.\\t |\\n| \\t2\\t | \\tA process changed a file creation time\\t | \\tThe change file creation time event is registered when a file creation time is explicitly modified by a process. This event helps tracking the real creation time of a file. Attackers may change the file creation time of a backdoor to make it look like it was installed with the operating system. Note that many processes legitimately change the creation time of a file; it does not necessarily indicate malicious activity.\\t |\\n| \\t3\\t | \\tNetwork connection\\t | \\tThe network connection event logs TCP/UDP connections on the machine. It is disabled by default. Each connection is linked to a process through the ProcessId and ProcessGUID fields. The event also contains the source and destination host names IP addresses, port numbers and IPv6 status.\\t |\\n| \\t4\\t | \\tSysmon service state changed\\t | \\tThe service state change event reports the state of the Sysmon service (started or stopped).\\t |\\n| \\t5\\t | \\tProcess terminated\\t | \\tThe process terminate event reports when a process terminates. It provides the UtcTime, ProcessGuid and ProcessId of the process.\\t |\\n| \\t6\\t | \\tDriver loaded\\t | \\tThe driver loaded events provides information about a driver being loaded on the system. The configured hashes are provided as well as signature information. The signature is created asynchronously for performance reasons and indicates if the file was removed after loading.\\t |\\n| \\t7\\t | \\tImage loaded\\t | \\tThe image loaded event logs when a module is loaded in a specific process. This event is disabled by default and needs to be configured with the ๏ฟฝl option. It indicates the process in which the module is loaded, hashes and signature information. The signature is created asynchronously for performance reasons and indicates if the file was removed after loading. This event should be configured carefully, as monitoring all image load events will generate a large number of events.\\t |\\n| \\t8\\t | \\tCreateRemoteThread\\t | \\tThe CreateRemoteThread event detects when a process creates a thread in another process. This technique is used by malware to inject code and hide in other processes. The event indicates the source and target process. It gives information on the code that will be run in the new thread: StartAddress, StartModule and StartFunction. Note that StartModule and StartFunction fields are inferred, they might be empty if the starting address is outside loaded modules or known exported functions.\\t |\\n| \\t9\\t | \\tRawAccessRead\\t | \\tThe RawAccessRead event detects when a process conducts reading operations from the drive using the \\\\\\\\\\\\\\\\.\\\\ denotation. This technique is often used by malware for data exfiltration of files that are locked for reading, as well as to avoid file access auditing tools. The event indicates the source process and target device.\\t |\\n| \\t10\\t | \\tProcessAccess\\t | \\tThe process accessed event reports when a process opens another process, an operation that๏ฟฝs often followed by information queries or reading and writing the address space of the target process. This enables detection of hacking tools that read the memory contents of processes like Local Security Authority (Lsass.exe) in order to steal credentials for use in Pass-the-Hash attacks. Enabling it can generate significant amounts of logging if there are diagnostic utilities active that repeatedly open processes to query their state, so it generally should only be done so with filters that remove expected accesses.\\t |\\n| \\t11\\t | \\tFileCreate\\t | \\tFile create operations are logged when a file is created or overwritten. This event is useful for monitoring autostart locations, like the Startup folder, as well as temporary and download directories, which are common places malware drops during initial infection.\\t |\\n| \\t12\\t | \\tRegistryEvent (Object create and delete)\\t | \\tRegistry key and value create and delete operations map to this event type, which can be useful for monitoring for changes to Registry autostart locations, or specific malware registry modifications. Sysmon uses abbreviated versions of Registry root key names, with the following mappings: |\\n|||**Key name**                                                                                          **Abbreviation**|\\n|||HKEY_LOCAL_MACHINE                                                                  HKLM|\\n|||HKEY_USERS                                                                                     HKU|\\n|||HKEY_LOCAL_MACHINE\\\\System\\\\ControlSet00x                          HKLM\\\\System\\\\CurrentControlSet|\\n|||HKEY_LOCAL_MACHINE\\\\Classes                                                    HKCR|\\n| \\t13\\t | \\tRegistryEvent (Value Set)\\t | \\tThis Registry event type identifies Registry value modifications. The event records the value written for Registry values of type DWORD and QWORD.\\t |\\n| \\t14\\t | \\tRegistryEvent (Key and Value Rename)\\t | \\tRegistry key and value rename operations map to this event type, recording the new name of the key or value that was renamed.\\t |\\n| \\t15\\t | \\tFileCreateStreamHash\\t | \\tThis event logs when a named file stream is created, and it generates events that log the hash of the contents of the file to which the stream is assigned (the unnamed stream), as well as the contents of the named stream. There are malware variants that drop their executables or configuration settings via browser downloads, and this event is aimed at capturing that based on the browser attaching a Zone.Identifier ๏ฟฝmark of the web๏ฟฝ stream.\\t |\\n| \\t16\\t | \\tServiceConfigurationChange\\t | \\tThis event logs changes in the Sysmon configuration - for example when the filtering rules are updated.\\t |\\n| \\t17\\t | \\tPipeEvent (Pipe Created)\\t | \\tThis event generates when a named pipe is created. Malware often uses named pipes for interprocess communication.\\t |\\n| \\t18\\t | \\tPipeEvent (Pipe Connected)\\t | \\tThis event logs when a named pipe connection is made between a client and a server.\\t |\\n| \\t19\\t | \\tWmiEvent (WmiEventFilter activity detected)\\t | \\tWhen a WMI event filter is registered, which is a method used by malware to execute, this event logs the WMI namespace, filter name and filter expression.\\t |\\n| \\t20\\t | \\tWmiEvent (WmiEventConsumer activity detected)\\t | \\tThis event logs the registration of WMI consumers, recording the consumer name, log, and destination.\\t |\\n| \\t21\\t | \\tWmiEvent (WmiEventConsumerToFilter activity detected)\\t | \\tWhen a consumer binds to a filter, this event logs the consumer name and filter path.\\t |\\n| \\t22\\t | \\tDNSEvent (DNS query)\\t | \\tThis event generates when a process executes a DNS query, whether the result is successful or fails, cached or not. The telemetry for this event was added for Windows 8.1 so it is not available on Windows 7 and earlier.\\t |\\n| \\t23\\t | \\tFileDelete (A file delete was detected)\\t | \\tA file was deleted.\\t |\\n| \\t24\\t | \\tClipboardChange (New content in the clipboard)\\t | \\tThis event is generated when the system clipboard contents change.\\t |\\n| \\t25\\t | \\tProcessTampering (Process image change)\\t | \\tThis event is generated when a process image is changed from an external source, such as a different process.\\t |\\n| \\t255\\t | \\tError\\t | \\tThis event is generated when an error occurred within Sysmon. They can happen if the system is under heavy load and certain tasked could not be performed or a bug exists in the Sysmon service. You can report any bugs on the Sysinternals forum or over Twitter (@markrussinovich).\\t |\\n\\nFor more information see *https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon*\",\"openLinksInNewTab\":false,\"fontSize\":10},\"title\":\"vis_sd_sysmon_event_code_reference\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-21T22:21:37.974Z","id":"2f1ca8e2-75c0-4f84-b0f1-192d2bff49c0","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-21T22:21:37.974Z","version":"WzE1NDgsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_sysmon_events_by_computer_timelion","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_events_by_computer_timelion\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(q=winlog.provider_name:Microsoft-Windows-Sysmon, index=winlogbeat-*, split=winlog.computer_name:40).label(\\\"$1\\\",\\\"^.* > winlog.computer_name:(\\\\S+) > .*\\\").title(\\\"Sysmon events by computer\\\").legend(position=nw).yaxis(label=\\\"Number of events\\\")\",\"interval\":\"auto\"},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-21T22:21:37.974Z","id":"c1138577-9732-431b-8584-fbf5a7e333cf","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-21T22:21:37.974Z","version":"WzE1NDksMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n| [ Credential Access logs](#/dashboard/403259b0-42ff-11ef-ad69-a315bc8e9abb)\\n| [ Privilege Access logs](#/dashboard/ff4536e0-439c-11ef-bb7f-8131442929d4)\\n| [ Policy Changes & System Activity](#/dashboard/b9590350-4ad6-11ef-b548-fb0fe2537bf7)\\n| [ Identity access Management](#/dashboard/99145260-4618-11ef-af9e-99159f20f35b)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-21T22:21:37.974Z","id":"21ac13ec-ac49-42f0-94ab-1075ca23e3e5","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-21T22:21:37.974Z","version":"WzE1NTAsMV0="} +{"attributes":{"description":"Summarizes collected Sysmon event data","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":24,\"h\":13,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Total number of Sysmon events found\",\"panelRefName\":\"panel_2\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":3,\"w\":24,\"h\":13,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{},\"vis\":{\"legendOpen\":true}},\"title\":\"Percentage of Sysmon events by event code\",\"panelRefName\":\"panel_3\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":16,\"w\":24,\"h\":18,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Count of Sysmon events by event code\",\"panelRefName\":\"panel_4\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":16,\"w\":24,\"h\":18,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}}},\"enhancements\":{}},\"title\":\"Top 10 hosts generating the most Sysmon data\",\"panelRefName\":\"panel_5\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":34,\"w\":48,\"h\":21,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Sysmon event code reference\",\"panelRefName\":\"panel_7\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":55,\"w\":48,\"h\":15,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Sysmon events\",\"panelRefName\":\"panel_8\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"76bd58e2-b637-4a48-ae79-4ca8abeab308\"},\"panelIndex\":\"76bd58e2-b637-4a48-ae79-4ca8abeab308\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_76bd58e2-b637-4a48-ae79-4ca8abeab308\"}]","timeRestore":false,"title":"Sysmon Summary","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-21T22:21:37.974Z","id":"newdashboard","managed":false,"references":[{"id":"b7fe57cb-6119-4ba8-b169-63cdf51d8d31","name":"2:panel_2","type":"visualization"},{"id":"7c60b9ca-af8f-4563-8719-099c16c0020a","name":"3:panel_3","type":"visualization"},{"id":"875432d0-510b-4d4c-a77d-563e1bd70a62","name":"4:panel_4","type":"visualization"},{"id":"34250ab9-39e2-4601-8aa5-3d047b43c632","name":"5:panel_5","type":"visualization"},{"id":"2f1ca8e2-75c0-4f84-b0f1-192d2bff49c0","name":"7:panel_7","type":"visualization"},{"id":"c1138577-9732-431b-8584-fbf5a7e333cf","name":"8:panel_8","type":"visualization"},{"id":"21ac13ec-ac49-42f0-94ab-1075ca23e3e5","name":"76bd58e2-b637-4a48-ae79-4ca8abeab308:panel_76bd58e2-b637-4a48-ae79-4ca8abeab308","type":"visualization"}],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-10-21T22:21:37.974Z","version":"WzE1NTEsMV0="} +{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":10,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file diff --git a/dashboards/elastic/user_hr_2_0.ndjson b/dashboards/elastic/user_hr_2_0.ndjson new file mode 100644 index 00000000..62ad3718 --- /dev/null +++ b/dashboards/elastic/user_hr_2_0.ndjson @@ -0,0 +1,14 @@ +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n| [ Credential Access logs](#/dashboard/403259b0-42ff-11ef-ad69-a315bc8e9abb)\\n| [ Privilege Access logs](#/dashboard/ff4536e0-439c-11ef-bb7f-8131442929d4)\\n| [ Policy Changes & System Activity](#/dashboard/b9590350-4ad6-11ef-b548-fb0fe2537bf7)\\n| [ Identity access Management](#/dashboard/99145260-4618-11ef-af9e-99159f20f35b)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T14:37:25.744Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-23T14:37:25.744Z","version":"WzI0MDQsMV0="} +{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":10},\"source.ip\":{\"count\":3},\"source.port\":{\"count\":3},\"winlog.event_data.IpAddress\":{\"count\":6},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":5},\"winlog.event_data.TargetDomainName\":{\"count\":9},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.event_data.ProcessID\":{\"count\":1},\"process.executable\":{\"count\":2},\"destination.ip\":{\"count\":1},\"destination.port\":{\"count\":1},\"network.transport\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.DestinationIp\":{\"count\":5},\"winlog.event_data.DestinationPort\":{\"count\":1},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.SourceIp\":{\"count\":3},\"winlog.event_data.SourcePort\":{\"count\":3},\"winlog.event_data.SourcePortName\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":1},\"winlog.event_data.SubjectUserName\":{\"count\":2},\"winlog.event_data.TargetUser\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"logs-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T14:39:31.396Z","id":"72f39161-3f69-49a4-b39a-b0168b88856a","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-23T14:39:31.396Z","version":"WzI0MzMsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}"},"title":"Security - Select User","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Select User\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1587572089136\",\"label\":\"Domain(s)\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\",\"fieldName\":\"\",\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1587713561601\",\"fieldName\":\"\",\"parent\":\"\",\"label\":\"Username(s)\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:34:04.109Z","id":"a64ec020-84b4-11ea-b7fb-01bea49d9239","managed":false,"references":[{"id":"72f39161-3f69-49a4-b39a-b0168b88856a","name":"control_0_index_pattern","type":"index-pattern"},{"id":"72f39161-3f69-49a4-b39a-b0168b88856a","name":"control_1_index_pattern","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:34:04.109Z","version":"WzIwNjcsMV0="} +{"attributes":{"allowHidden":false,"allowNoIndex":true,"fieldAttrs":"{}","fieldFormatMap":"{}","fields":"[]","name":"logs-*","runtimeFieldMap":"{}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-*"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T14:37:25.744Z","id":"252e4f32-a2c6-483d-a289-5d658410df17","managed":true,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-23T14:37:25.744Z","version":"WzI0MTAsMV0="} +{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":10},\"source.ip\":{\"count\":3},\"source.port\":{\"count\":3},\"winlog.event_data.IpAddress\":{\"count\":6},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":5},\"winlog.event_data.TargetDomainName\":{\"count\":9},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.event_data.ProcessID\":{\"count\":1},\"process.executable\":{\"count\":2},\"destination.ip\":{\"count\":1},\"destination.port\":{\"count\":1},\"network.transport\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.DestinationIp\":{\"count\":5},\"winlog.event_data.DestinationPort\":{\"count\":1},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.SourceIp\":{\"count\":3},\"winlog.event_data.SourcePort\":{\"count\":3},\"winlog.event_data.SourcePortName\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":1},\"winlog.event_data.SubjectUserName\":{\"count\":2},\"winlog.event_data.TargetUser\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"logs-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:34:04.109Z","id":"e3f24157-721c-4741-ac8f-8be48c22d612","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:34:04.109Z","version":"WzIwNjksMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"HR - User activity title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HR - User activity title\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"## All user activity\"},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:34:04.109Z","id":"eafe31b0-8a22-11ea-9ff6-ed89e356f0e4","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:34:04.109Z","version":"WzIwNzAsMV0="} +{"attributes":{"allowHidden":false,"allowNoIndex":true,"fieldAttrs":"{}","fieldFormatMap":"{}","fields":"[]","name":"logs-*","runtimeFieldMap":"{}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-*"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T14:37:25.744Z","id":"logs-*","managed":true,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-23T14:37:25.744Z","version":"WzI0MTksMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"HR - Logon title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HR - Logon title\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"## Logon / Logoff events\"},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:34:04.109Z","id":"20387200-8a23-11ea-9ff6-ed89e356f0e4","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:34:04.109Z","version":"WzIwNzIsMV0="} +{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":10},\"source.ip\":{\"count\":3},\"source.port\":{\"count\":3},\"winlog.event_data.IpAddress\":{\"count\":6},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":5},\"winlog.event_data.TargetDomainName\":{\"count\":9},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.event_data.ProcessID\":{\"count\":1},\"process.executable\":{\"count\":2},\"destination.ip\":{\"count\":1},\"destination.port\":{\"count\":1},\"network.transport\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.DestinationIp\":{\"count\":5},\"winlog.event_data.DestinationPort\":{\"count\":1},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.SourceIp\":{\"count\":3},\"winlog.event_data.SourcePort\":{\"count\":3},\"winlog.event_data.SourcePortName\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":1},\"winlog.event_data.SubjectUserName\":{\"count\":2},\"winlog.event_data.TargetUser\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"winlogbeat-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"winlogbeat-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T14:39:31.396Z","id":"68a051a0-1d7f-11e9-9fc5-a91039822035","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-23T14:39:31.396Z","version":"WzI0MzEsMV0="} +{"attributes":{"columns":["winlog.event_data.SubjectDomainName","winlog.event_data.TargetUserName","host.name","winlog.event_data.TargetLogonId"],"description":"","grid":{"columns":{"user.name":{"width":193},"winlog.event_data.SubjectDomainName":{"width":193}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code:\\\"4624\\\" and not user.name:*$\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"winlog.event_data.LogonType\",\"value\":[\"2\",\"10\",\"11\",\"7\"],\"params\":[\"2\",\"10\",\"11\",\"7\"],\"alias\":null,\"negate\":false,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"winlog.event_data.LogonType\":\"2\"}},{\"match_phrase\":{\"winlog.event_data.LogonType\":\"10\"}},{\"match_phrase\":{\"winlog.event_data.LogonType\":\"11\"}},{\"match_phrase\":{\"winlog.event_data.LogonType\":\"7\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Interactive Logon search","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:34:04.109Z","id":"2fa5fa00-8a1e-11ea-9ff6-ed89e356f0e4","managed":false,"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:34:04.109Z","version":"WzIwNzQsMV0="} +{"attributes":{"columns":[],"description":"","grid":{"columns":{"winlog.event_data.TargetDomainName":{"width":241},"winlog.event_data.TargetUserName":{"width":241}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(event.code:\\\"4634\\\" OR event.code:\\\"4647\\\" ) and not user.name:*$\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Logoff events","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:34:04.109Z","id":"e02eb1f0-8a1e-11ea-9ff6-ed89e356f0e4","managed":false,"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:34:04.109Z","version":"WzIwNzUsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HR - Interactive v Remote pie","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HR - Interactive v Remote pie\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{},\"params\":{},\"label\":\"filters\",\"aggType\":\"filters\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"filters\",\"schema\":\"segment\",\"params\":{\"filters\":[{\"input\":{\"query\":\"winlog.event_data.LogonType:2\",\"language\":\"lucene\"},\"label\":\"Interactive\"},{\"input\":{\"query\":\"winlog.event_data.LogonType:10\",\"language\":\"lucene\"},\"label\":\"RemoteInteractive\"}]}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:34:04.109Z","id":"b4cccab0-8a23-11ea-9ff6-ed89e356f0e4","managed":false,"references":[{"id":"2fa5fa00-8a1e-11ea-9ff6-ed89e356f0e4","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:34:04.109Z","version":"WzIwNzYsMV0="} +{"attributes":{"description":"Overview of user activity for Human Resources\n","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"a6335da9-2093-46ac-bd39-f1c5e5fe8825\"},\"panelIndex\":\"a6335da9-2093-46ac-bd39-f1c5e5fe8825\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a6335da9-2093-46ac-bd39-f1c5e5fe8825\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":16,\"h\":12,\"i\":\"ab726ae4-6c98-4f26-8cd3-07bf2808b704\"},\"panelIndex\":\"ab726ae4-6c98-4f26-8cd3-07bf2808b704\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Select domain(s) and username(s)\",\"panelRefName\":\"panel_ab726ae4-6c98-4f26-8cd3-07bf2808b704\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":3,\"w\":15,\"h\":12,\"i\":\"c8d3e871-1f5d-40bd-a0f9-5441a58cad32\"},\"panelIndex\":\"c8d3e871-1f5d-40bd-a0f9-5441a58cad32\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"252e4f32-a2c6-483d-a289-5d658410df17\",\"name\":\"indexpattern-datasource-layer-23f1f6ab-b8b6-47e2-a508-4b3f368cb093\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"23f1f6ab-b8b6-47e2-a508-4b3f368cb093\",\"accessors\":[\"5a238afa-9ffa-4568-8a43-6167c0a76b67\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"cd51b883-1c2b-42c5-95e4-d1ef8aa38fc7\",\"splitAccessor\":\"fc23a029-309e-40a7-aeca-309fd8423ced\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"23f1f6ab-b8b6-47e2-a508-4b3f368cb093\":{\"columns\":{\"cd51b883-1c2b-42c5-95e4-d1ef8aa38fc7\":{\"label\":\"Top 5 values of winlog.event_data.SubjectDomainName\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectDomainName\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5a238afa-9ffa-4568-8a43-6167c0a76b67\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"fc23a029-309e-40a7-aeca-309fd8423ced\":{\"label\":\"Top 3 values of winlog.event_data.TargetUserName\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.TargetUserName\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5a238afa-9ffa-4568-8a43-6167c0a76b67\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"5a238afa-9ffa-4568-8a43-6167c0a76b67\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"cd51b883-1c2b-42c5-95e4-d1ef8aa38fc7\",\"fc23a029-309e-40a7-aeca-309fd8423ced\",\"5a238afa-9ffa-4568-8a43-6167c0a76b67\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Filter Users\"},{\"type\":\"lens\",\"gridData\":{\"x\":31,\"y\":3,\"w\":17,\"h\":12,\"i\":\"69771c75-8536-49b2-a835-c134ada8cd8d\"},\"panelIndex\":\"69771c75-8536-49b2-a835-c134ada8cd8d\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"e3f24157-721c-4741-ac8f-8be48c22d612\",\"name\":\"indexpattern-datasource-layer-f67bbe9f-ae2f-4601-8fec-3a935e9f9ff2\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar\",\"layers\":[{\"layerId\":\"f67bbe9f-ae2f-4601-8fec-3a935e9f9ff2\",\"accessors\":[\"5d3a9e33-d23b-4f5d-b02c-260e5016d278\"],\"position\":\"top\",\"seriesType\":\"bar\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"22b4e313-2858-411e-a90b-911198fa34fe\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f67bbe9f-ae2f-4601-8fec-3a935e9f9ff2\":{\"columns\":{\"22b4e313-2858-411e-a90b-911198fa34fe\":{\"label\":\"Top 5 values of winlog.computer_name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"winlog.computer_name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5d3a9e33-d23b-4f5d-b02c-260e5016d278\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"5d3a9e33-d23b-4f5d-b02c-260e5016d278\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"22b4e313-2858-411e-a90b-911198fa34fe\",\"5d3a9e33-d23b-4f5d-b02c-260e5016d278\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Filter Computers\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":15,\"w\":48,\"h\":4,\"i\":\"f2f654b0-42ef-403c-bee2-7e26499f809a\"},\"panelIndex\":\"f2f654b0-42ef-403c-bee2-7e26499f809a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f2f654b0-42ef-403c-bee2-7e26499f809a\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":19,\"w\":24,\"h\":15,\"i\":\"4b306ffa-7af9-461d-b7aa-966f67b4ed57\"},\"panelIndex\":\"4b306ffa-7af9-461d-b7aa-966f67b4ed57\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-6bfbd839-8497-464d-a473-26c01d5ba342\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"6bfbd839-8497-464d-a473-26c01d5ba342\",\"accessors\":[],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"ded5443c-8b2d-4ea7-b640-b3a6a2212559\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"6bfbd839-8497-464d-a473-26c01d5ba342\":{\"columns\":{\"ded5443c-8b2d-4ea7-b640-b3a6a2212559\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}}},\"columnOrder\":[\"ded5443c-8b2d-4ea7-b640-b3a6a2212559\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"logs-*\"}},\"currentIndexPatternId\":\"logs-*\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"All User Events by Day of Week, Hour of Day\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":19,\"w\":24,\"h\":15,\"i\":\"e40e6077-f799-4c66-9bf8-1664121d8069\"},\"panelIndex\":\"e40e6077-f799-4c66-9bf8-1664121d8069\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-f46d1729-4bd5-4219-9973-01913c208fef\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"f46d1729-4bd5-4219-9973-01913c208fef\",\"accessors\":[\"800c3857-3c9c-4fc5-a403-3fcbede05599\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"1e026cf2-cc40-41b2-a12f-c75d0058eac7\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f46d1729-4bd5-4219-9973-01913c208fef\":{\"columns\":{\"1e026cf2-cc40-41b2-a12f-c75d0058eac7\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"800c3857-3c9c-4fc5-a403-3fcbede05599\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"1e026cf2-cc40-41b2-a12f-c75d0058eac7\",\"800c3857-3c9c-4fc5-a403-3fcbede05599\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"logs-*\"}},\"currentIndexPatternId\":\"logs-*\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Timestamps by Count\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":34,\"w\":48,\"h\":4,\"i\":\"8fc3d2d7-94e5-468d-9fa1-6ee2901ceb2e\"},\"panelIndex\":\"8fc3d2d7-94e5-468d-9fa1-6ee2901ceb2e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8fc3d2d7-94e5-468d-9fa1-6ee2901ceb2e\"},{\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":38,\"w\":24,\"h\":15,\"i\":\"755f30aa-d6ad-46d9-b2c3-7425c02ed03e\"},\"panelIndex\":\"755f30aa-d6ad-46d9-b2c3-7425c02ed03e\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"User logon events (filter by LogonId)\",\"panelRefName\":\"panel_755f30aa-d6ad-46d9-b2c3-7425c02ed03e\"},{\"type\":\"search\",\"gridData\":{\"x\":24,\"y\":38,\"w\":24,\"h\":15,\"i\":\"bb42b25e-f934-485b-854c-440cc1b3ebee\"},\"panelIndex\":\"bb42b25e-f934-485b-854c-440cc1b3ebee\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"User logoff events (correlate to logon events)\",\"panelRefName\":\"panel_bb42b25e-f934-485b-854c-440cc1b3ebee\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":53,\"w\":24,\"h\":15,\"i\":\"9cdb2eb7-3c55-4e81-ba4b-9b4f1b31c59f\"},\"panelIndex\":\"9cdb2eb7-3c55-4e81-ba4b-9b4f1b31c59f\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"In person vs Remote logons\",\"panelRefName\":\"panel_9cdb2eb7-3c55-4e81-ba4b-9b4f1b31c59f\"}]","timeRestore":false,"title":"User HR 2.0","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:30:38.918Z","id":"ff0170e5-e0ef-4ca1-8188-c7bb9d736898","managed":false,"references":[{"id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","name":"a6335da9-2093-46ac-bd39-f1c5e5fe8825:panel_a6335da9-2093-46ac-bd39-f1c5e5fe8825","type":"visualization"},{"id":"a64ec020-84b4-11ea-b7fb-01bea49d9239","name":"ab726ae4-6c98-4f26-8cd3-07bf2808b704:panel_ab726ae4-6c98-4f26-8cd3-07bf2808b704","type":"visualization"},{"id":"252e4f32-a2c6-483d-a289-5d658410df17","name":"c8d3e871-1f5d-40bd-a0f9-5441a58cad32:indexpattern-datasource-layer-23f1f6ab-b8b6-47e2-a508-4b3f368cb093","type":"index-pattern"},{"id":"e3f24157-721c-4741-ac8f-8be48c22d612","name":"69771c75-8536-49b2-a835-c134ada8cd8d:indexpattern-datasource-layer-f67bbe9f-ae2f-4601-8fec-3a935e9f9ff2","type":"index-pattern"},{"id":"eafe31b0-8a22-11ea-9ff6-ed89e356f0e4","name":"f2f654b0-42ef-403c-bee2-7e26499f809a:panel_f2f654b0-42ef-403c-bee2-7e26499f809a","type":"visualization"},{"id":"logs-*","name":"4b306ffa-7af9-461d-b7aa-966f67b4ed57:indexpattern-datasource-layer-6bfbd839-8497-464d-a473-26c01d5ba342","type":"index-pattern"},{"id":"logs-*","name":"e40e6077-f799-4c66-9bf8-1664121d8069:indexpattern-datasource-layer-f46d1729-4bd5-4219-9973-01913c208fef","type":"index-pattern"},{"id":"20387200-8a23-11ea-9ff6-ed89e356f0e4","name":"8fc3d2d7-94e5-468d-9fa1-6ee2901ceb2e:panel_8fc3d2d7-94e5-468d-9fa1-6ee2901ceb2e","type":"visualization"},{"id":"2fa5fa00-8a1e-11ea-9ff6-ed89e356f0e4","name":"755f30aa-d6ad-46d9-b2c3-7425c02ed03e:panel_755f30aa-d6ad-46d9-b2c3-7425c02ed03e","type":"search"},{"id":"e02eb1f0-8a1e-11ea-9ff6-ed89e356f0e4","name":"bb42b25e-f934-485b-854c-440cc1b3ebee:panel_bb42b25e-f934-485b-854c-440cc1b3ebee","type":"search"},{"id":"b4cccab0-8a23-11ea-9ff6-ed89e356f0e4","name":"9cdb2eb7-3c55-4e81-ba4b-9b4f1b31c59f:panel_9cdb2eb7-3c55-4e81-ba4b-9b4f1b31c59f","type":"visualization"}],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-10-23T15:09:36.784Z","version":"WzI0ODYsMV0="} +{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":13,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file diff --git a/dashboards/elastic/user_security_2_0.ndjson b/dashboards/elastic/user_security_2_0.ndjson new file mode 100644 index 00000000..ce1e6e72 --- /dev/null +++ b/dashboards/elastic/user_security_2_0.ndjson @@ -0,0 +1,43 @@ +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n| [ Credential Access logs](#/dashboard/403259b0-42ff-11ef-ad69-a315bc8e9abb)\\n| [ Privilege Access logs](#/dashboard/ff4536e0-439c-11ef-bb7f-8131442929d4)\\n| [ Policy Changes & System Activity](#/dashboard/b9590350-4ad6-11ef-b548-fb0fe2537bf7)\\n| [ Identity access Management](#/dashboard/99145260-4618-11ef-af9e-99159f20f35b)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"dec45d9f-11a2-4e39-ae58-4fc7885ce7dd","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMDksMV0="} +{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":10},\"source.ip\":{\"count\":3},\"source.port\":{\"count\":3},\"winlog.event_data.IpAddress\":{\"count\":6},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":5},\"winlog.event_data.TargetDomainName\":{\"count\":9},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.event_data.ProcessID\":{\"count\":1},\"process.executable\":{\"count\":2},\"destination.ip\":{\"count\":1},\"destination.port\":{\"count\":1},\"network.transport\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.DestinationIp\":{\"count\":5},\"winlog.event_data.DestinationPort\":{\"count\":1},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.SourceIp\":{\"count\":3},\"winlog.event_data.SourcePort\":{\"count\":3},\"winlog.event_data.SourcePortName\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":1},\"winlog.event_data.SubjectUserName\":{\"count\":2},\"winlog.event_data.TargetUser\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"logs-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"3b4066b6-77d5-404c-a7f7-b30ed6cb5ab0","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMTAsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}"},"title":"Security - Select User","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Select User\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1587572089136\",\"label\":\"Domain(s)\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\",\"fieldName\":\"\",\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1587713561601\",\"fieldName\":\"\",\"parent\":\"\",\"label\":\"Username(s)\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"4a675166-ce19-4836-9567-eda4ab46b3d5","managed":false,"references":[{"id":"3b4066b6-77d5-404c-a7f7-b30ed6cb5ab0","name":"control_0_index_pattern","type":"index-pattern"},{"id":"3b4066b6-77d5-404c-a7f7-b30ed6cb5ab0","name":"control_1_index_pattern","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMTEsMV0="} +{"attributes":{"allowHidden":false,"allowNoIndex":true,"fieldAttrs":"{}","fieldFormatMap":"{}","fields":"[]","name":"logs-*","runtimeFieldMap":"{}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-*"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"25aa14ff-d525-4751-a29d-290859861006","managed":true,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMTIsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security - Filter Hosts","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security - Filter Hosts\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Event count\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Host name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"8d476795-134d-4689-9050-a24b57adaa90","managed":false,"references":[{"id":"25aa14ff-d525-4751-a29d-290859861006","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMTMsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Security - Select Host","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Select Host\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1588685297382\",\"fieldName\":\"\",\"parent\":\"\",\"label\":\"Host\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"5c4b0b82-4972-40fe-b2ee-86c366342a98","managed":false,"references":[{"id":"3b4066b6-77d5-404c-a7f7-b30ed6cb5ab0","name":"control_0_index_pattern","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMTQsMV0="} +{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":10},\"source.ip\":{\"count\":3},\"source.port\":{\"count\":3},\"winlog.event_data.IpAddress\":{\"count\":6},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":5},\"winlog.event_data.TargetDomainName\":{\"count\":9},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.event_data.ProcessID\":{\"count\":1},\"process.executable\":{\"count\":2},\"destination.ip\":{\"count\":1},\"destination.port\":{\"count\":1},\"network.transport\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.DestinationIp\":{\"count\":5},\"winlog.event_data.DestinationPort\":{\"count\":1},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.SourceIp\":{\"count\":3},\"winlog.event_data.SourcePort\":{\"count\":3},\"winlog.event_data.SourcePortName\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":1},\"winlog.event_data.SubjectUserName\":{\"count\":2},\"winlog.event_data.TargetUser\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"logs-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:34:04.109Z","id":"e3f24157-721c-4741-ac8f-8be48c22d612","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:34:04.109Z","version":"WzIwNjksMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Logons Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logons Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Logons\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"4eccff45-c97a-480f-b593-4744922893e5","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMTYsMV0="} +{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":10},\"source.ip\":{\"count\":3},\"source.port\":{\"count\":3},\"winlog.event_data.IpAddress\":{\"count\":6},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":5},\"winlog.event_data.TargetDomainName\":{\"count\":9},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.event_data.ProcessID\":{\"count\":1},\"process.executable\":{\"count\":2},\"destination.ip\":{\"count\":1},\"destination.port\":{\"count\":1},\"network.transport\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.DestinationIp\":{\"count\":5},\"winlog.event_data.DestinationPort\":{\"count\":1},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.SourceIp\":{\"count\":3},\"winlog.event_data.SourcePort\":{\"count\":3},\"winlog.event_data.SourcePortName\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":1},\"winlog.event_data.SubjectUserName\":{\"count\":2},\"winlog.event_data.TargetUser\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"logs-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"64c636e6-00f6-469a-9315-1b8ae52c344f","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMTcsMV0="} +{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":10},\"source.ip\":{\"count\":3},\"source.port\":{\"count\":3},\"winlog.event_data.IpAddress\":{\"count\":6},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":5},\"winlog.event_data.TargetDomainName\":{\"count\":9},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.event_data.ProcessID\":{\"count\":1},\"process.executable\":{\"count\":2},\"destination.ip\":{\"count\":1},\"destination.port\":{\"count\":1},\"network.transport\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.DestinationIp\":{\"count\":5},\"winlog.event_data.DestinationPort\":{\"count\":1},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.SourceIp\":{\"count\":3},\"winlog.event_data.SourcePort\":{\"count\":3},\"winlog.event_data.SourcePortName\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":1},\"winlog.event_data.SubjectUserName\":{\"count\":2},\"winlog.event_data.TargetUser\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"winlogbeat-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"winlogbeat-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"04bfaff0-0ab7-4110-83cd-4e3a46766985","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMTgsMV0="} +{"attributes":{"columns":[],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(event.code:4624 OR event.code:4625) and not user.name:*$\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Human User Logon Events","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"ca236bdc-289e-4f9d-8f5e-05d0c3da14f7","managed":false,"references":[{"id":"64c636e6-00f6-469a-9315-1b8ae52c344f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"04bfaff0-0ab7-4110-83cd-4e3a46766985","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMTksMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Logon attempts","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logon attempts\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Login attempts\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"3f7d1f53-6b70-4235-879a-f149d98c9063","managed":false,"references":[{"id":"ca236bdc-289e-4f9d-8f5e-05d0c3da14f7","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMjAsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Logon events over time","uiStateJSON":"{\"vis\":{\"colors\":{\"Failed attempts\":\"#BF1B00\",\"Successful atempts\":\"#629E51\"}}}","version":1,"visState":"{\"title\":\"Security - Logon events over time\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":1,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm:ss\"}},\"params\":{\"date\":true,\"interval\":\"PT30S\",\"format\":\"HH:mm:ss\",\"bounds\":{\"min\":\"2020-04-23T08:41:59.000Z\",\"max\":\"2020-04-23T08:56:59.000Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":0,\"format\":{},\"params\":{},\"aggType\":\"filters\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"filters\",\"schema\":\"group\",\"params\":{\"filters\":[{\"input\":{\"query\":\"event.code:4625\",\"language\":\"lucene\"},\"label\":\"Failed attempts\"},{\"input\":{\"query\":\"event.code:4624\",\"language\":\"lucene\"},\"label\":\"Successful atempts\"}]}},{\"id\":\"3\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"42ae3f23-386c-4ceb-bb84-98879107338b","managed":false,"references":[{"id":"ca236bdc-289e-4f9d-8f5e-05d0c3da14f7","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMjEsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"event.code\",\"value\":\"4,624, 4,625\",\"params\":[\"4624\",\"4625\"],\"alias\":null,\"negate\":false,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"event.code\":\"4624\"}},{\"match_phrase\":{\"event.code\":\"4625\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"},"savedSearchRefName":"search_0","title":"Security - Logon hosts pie","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logon hosts pie\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Computers\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.TargetUserName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Computer\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"1e3228b7-ae0f-4e37-8586-558d4eb63d23","managed":false,"references":[{"id":"04bfaff0-0ab7-4110-83cd-4e3a46766985","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"ca236bdc-289e-4f9d-8f5e-05d0c3da14f7","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMjIsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Logon hosts","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logon hosts\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"host.name\",\"customLabel\":\"Hosts\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"b019f88f-c449-4d6f-b812-78ed5a9248a9","managed":false,"references":[{"id":"ca236bdc-289e-4f9d-8f5e-05d0c3da14f7","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMjMsMV0="} +{"attributes":{"columns":["event.code","host.name","winlog.event_data.TargetDomainName","winlog.event_data.TargetUserName","winlog.event_data.IpAddress","event.action","event.outcome","winlog.event_data.LogonType"],"description":"","grid":{"columns":{"user.domain":{"width":119},"user.name":{"width":134}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(event.code:4624 OR event.code:4625) and not user.name:*$\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Human Logon & Logoff events","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"e077e6a8-f42a-4444-bcb4-19b8916163fe","managed":false,"references":[{"id":"64c636e6-00f6-469a-9315-1b8ae52c344f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMjQsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Network Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Network Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Network Connections\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"80b03097-c117-44d0-8413-3c932d0886a2","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMjUsMV0="} +{"attributes":{"columns":[],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id : \\\"3\\\" and event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"All network activity ","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"f02a3c3d-eb39-4347-91f7-d62bece13128","managed":false,"references":[{"id":"64c636e6-00f6-469a-9315-1b8ae52c344f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMjYsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Network Activity Line","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Network Activity Line\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Connections\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15y\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"extendToTimeRange\":false,\"scaleMetricValues\":false,\"interval\":\"auto\",\"used_interval\":\"30d\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Connections\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Connections\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm:ss\"}},\"params\":{\"date\":true,\"interval\":\"PT30S\",\"format\":\"HH:mm:ss\",\"bounds\":{\"min\":\"2020-04-24T15:29:10.918Z\",\"max\":\"2020-04-24T15:44:10.918Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\",\"truncateLegend\":true,\"maxLegendLines\":1,\"radiusRatio\":9}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"aa741894-2140-4529-a488-6d34ed57abef","managed":false,"references":[{"id":"f02a3c3d-eb39-4347-91f7-d62bece13128","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMjcsMV0="} +{"attributes":{"columns":["winlog.event_data.DestinationHostname","destination.ip","winlog.event_data.DestinationIsIpv6","network.","process.executable","winlog.event_data.DestinationPort","winlog.event_data.Protocol","winlog.user.name","winlog.user.type","source.ip","winlog.event_data.SourceIsIpv6","source.port","network.protocol"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id:3 AND NOT (destination.ip:\\\"10.0.0.0/8\\\" OR destination.ip:\\\"172.16.0.0/16\\\" OR destination.ip:\\\"192.168.0.0/16\\\" OR destionation.ip:\\\"224.0.0.0/24\\\" OR destination.ip:\\\"169.254.0.0/16\\\" OR destination.ip:\\\"127.0.0.1\\\" OR destination.ip:\\\"fe80::/10\\\" OR destination.ip:\\\"fc00::/7\\\") AND NOT (process.name:iexplore.exe OR process.name:chrome.exe OR process.name:firefox.exe OR process.name:opera.exe) AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"srch_sd_non_browsers_connection","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"50b150ad-5aff-4706-9229-d9bcb38255ef","managed":false,"references":[{"id":"64c636e6-00f6-469a-9315-1b8ae52c344f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-23T15:24:04.448Z","version":"WzI1MzksMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Network Process List","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security - Network Process List\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.DestinationIp\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":false,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.TargetUserName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Logged on user\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Computer\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.ProcessId\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":4,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"date\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"percentageCol\":\"\",\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"e45875a5-d1ae-4c92-9683-86392f740aae","managed":false,"references":[{"id":"50b150ad-5aff-4706-9229-d9bcb38255ef","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMjksMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Network connections area ","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Network connections area \",\"type\":\"area\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":false,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"group\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.ProcessId\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"group\"}],\"params\":{\"type\":\"area\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"labels\":{},\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\",\"truncateLegend\":true,\"maxLegendLines\":1,\"radiusRatio\":9}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"48405764-dc21-463c-bef1-3c0da9a0e42a","managed":false,"references":[{"id":"50b150ad-5aff-4706-9229-d9bcb38255ef","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMzAsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Overview - Processes with unusual network activity","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Overview - Processes with unusual network activity\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"significant_terms\",\"params\":{\"field\":\"winlog.event_data.ProcessId\",\"size\":10,\"include\":\"\",\"json\":\"\",\"customLabel\":\"Process\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"string\"},\"params\":{},\"label\":\"Process\",\"aggType\":\"significant_terms\"}]},\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"5e7314fa-49ae-4328-b799-017c6a3c4fbb","managed":false,"references":[{"id":"50b150ad-5aff-4706-9229-d9bcb38255ef","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMzEsMV0="} +{"attributes":{"columns":["host.name","winlog.event_data.TargetUserName","winlog.event_data.TargetDomainName","winlog.event_data.SourceIp","winlog.event_data.SourcePort","winlog.event_data.DestinationIp","winlog.event_data.DestinationPort","winlog.event_data.ProcessId","winlog.event_data.ProcessName"],"description":"","grid":{"columns":{"winlog.event_data.SubjectDomainName":{"width":216}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id:3 AND NOT (destination.ip:\\\"10.0.0.0/8\\\" OR destination.ip:\\\"172.16.0.0/16\\\" OR destination.ip:\\\"192.168.0.0/16\\\" OR destionation.ip:\\\"224.0.0.0/24\\\" OR destination.ip:\\\"169.254.0.0/16\\\" OR destination.ip:\\\"127.0.0.1\\\" OR destination.ip:\\\"fe80::/10\\\" OR destination.ip:\\\"fc00::/7\\\") and event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"srch_uds_non_private_network","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"e35a92e5-1ca7-4c49-8f92-bba46bb6b8f4","managed":false,"references":[{"id":"25aa14ff-d525-4751-a29d-290859861006","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMzIsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Processes Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Processes Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Processes & Powershell\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"b54164ff-6ee5-47d6-a42b-8ac2cec9cad9","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMzMsMV0="} +{"attributes":{"columns":["host.name","winlog.event_data.TargetDomainName","winlog.event_data.User","winlog.event_data.ProcessId","winlog.event_data.ProcessName","winlog.event_data.Hashes","process.args"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code:\\\"1\\\" AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Process Spawns","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"826cccdc-b0be-4819-aab4-4082eb2ea6b5","managed":false,"references":[{"id":"64c636e6-00f6-469a-9315-1b8ae52c344f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMzQsMV0="} +{"attributes":{"columns":["user.domain","user.name","host.name","process.executable","process.command_line","process.parent.executable","process.parent.command_line","file.path","event.code"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"process.parent.name:\\\"powershell.exe\\\" OR process.name:\\\"powershell.exe\\\" OR winlog.event_data.OriginalFileName:\\\"PowerShell.EXE\\\" OR process.command_line.text:\\\"powershell\\\" OR parent.process.command_line.text:\\\"powershell\\\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"srch_sd_powershell_run","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"dd7d1b84-be2f-4dd5-bff9-5dc3d41cca62","managed":false,"references":[{"id":"64c636e6-00f6-469a-9315-1b8ae52c344f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMzUsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Powershell Run Count","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Security - Powershell Run Count\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"bf65ea9e-3cf4-4394-ace6-e45968bdfaf6","managed":false,"references":[{"id":"dd7d1b84-be2f-4dd5-bff9-5dc3d41cca62","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMzYsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Powershell runs over time","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now/w\",\"to\":\"now/w\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":0,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"grid\":{\"categoryLines\":false},\"labels\":{},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#34130C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\"},\"title\":\"Security - Powershell runs over time\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"28a2a074-23e1-4739-a9c0-1f04e4416aab","managed":false,"references":[{"id":"dd7d1b84-be2f-4dd5-bff9-5dc3d41cca62","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMzcsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Power shell hosts pie","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"host.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addTooltip\":true,\"dimensions\":{\"metric\":{\"accessor\":0,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}},\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Security - Power shell hosts pie\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"04061d59-6e1f-46f4-887b-e1877e32a7fc","managed":false,"references":[{"id":"dd7d1b84-be2f-4dd5-bff9-5dc3d41cca62","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMzgsMV0="} +{"attributes":{"columns":["user.domain","user.name","host.name","process.executable","process.args","process.parent.executable","process.parent.args"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(process.parent.name:\\\"powershell.exe\\\" OR process.name:\\\"powershell.exe\\\" OR winlog.event_data.OriginalFileName:\\\"PowerShell.EXE\\\") AND process.command_line.text:(\\\"invoke\\\" or \\\"bypass\\\" or \\\"iex\\\" or \\\"ex\\\" or \\\"icm\\\" or \\\"new-object\\\" or \\\"set\\\" or \\\"get\\\" or \\\"write\\\" or \\\"out\\\" or \\\"download\\\" or \\\"encoded\\\")\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Potentially Suspicious Powershell","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"3617dcd4-57c2-404c-a865-74ef3cddf9cb","managed":false,"references":[{"id":"64c636e6-00f6-469a-9315-1b8ae52c344f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMzksMV0="} +{"attributes":{"columns":["user.domain","user.name","host.name","destination.domain","destination.ip"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id:3 AND (process.parent.name:\\\"powershell.exe\\\" OR process.name:\\\"powershell.exe\\\" OR winlog.event_data.OriginalFileName:\\\"PowerShell.EXE\\\") AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"srch_uds_powershell_network","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"04c60a34-98a9-4073-8538-97996e80855f","managed":false,"references":[{"id":"64c636e6-00f6-469a-9315-1b8ae52c344f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwNDAsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Files title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Files title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Files\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"77c2b538-1477-4bf8-bdde-6dcf0605b596","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwNDEsMV0="} +{"attributes":{"columns":[],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"file.path.text: \\\"tmp\\\" OR file.path.text:\\\"temp\\\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"exists\",\"key\":\"file.path\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"},\"query\":{\"exists\":{\"field\":\"file.path\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"TEMP & %TEMP%","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"d3792434-6184-44ed-bad4-830249085d68","managed":false,"references":[{"id":"64c636e6-00f6-469a-9315-1b8ae52c344f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"04bfaff0-0ab7-4110-83cd-4e3a46766985","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwNDIsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"TEMP & %TEMP%","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Target File\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":30,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hostname\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"TEMP & %TEMP%\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"45809ac4-b7f7-47b9-87c4-2317cfda1493","managed":false,"references":[{"id":"d3792434-6184-44ed-bad4-830249085d68","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwNDMsMV0="} +{"attributes":{"columns":["@timestamp","user.domain","user.name","host.name","process.executable","winlog.event_data.ProcessId"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id: \\\"9\\\" AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Raw Access Events","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"bcf814ff-fe22-40ed-882d-2c77f3c3e7d5","managed":false,"references":[{"id":"64c636e6-00f6-469a-9315-1b8ae52c344f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwNDQsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Windows Defender Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Windows Defender Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Windows Defender\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"a2cdbce1-9070-4851-909f-774a80d2875a","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwNDUsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"winlog.event_id:(1006 or 1007 or 1008 or 1009 or 1116 or 1117 or 1118 or 1119)\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security - AV Events Count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - AV Events Count\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Windows AV Events\",\"emptyAsNull\":false},\"schema\":\"metric\"}],\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"6ac9a9da-1772-483c-8c32-b049f0273186","managed":false,"references":[{"id":"64c636e6-00f6-469a-9315-1b8ae52c344f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwNDYsMV0="} +{"attributes":{"columns":[],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"winlog.event_id\",\"value\":[\"1006\",\"1007\",\"1008\",\"1009\",\"1116\",\"1117\",\"1118\",\"1119\"],\"params\":[\"1006\",\"1007\",\"1008\",\"1009\",\"1116\",\"1117\",\"1118\",\"1119\"],\"negate\":false,\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"winlog.event_id\":\"1006\"}},{\"match_phrase\":{\"winlog.event_id\":\"1007\"}},{\"match_phrase\":{\"winlog.event_id\":\"1008\"}},{\"match_phrase\":{\"winlog.event_id\":\"1009\"}},{\"match_phrase\":{\"winlog.event_id\":\"1116\"}},{\"match_phrase\":{\"winlog.event_id\":\"1117\"}},{\"match_phrase\":{\"winlog.event_id\":\"1118\"}},{\"match_phrase\":{\"winlog.event_id\":\"1119\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"AV Detection event","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"60f38e0b-274f-44d6-9b66-fa83080c88bb","managed":false,"references":[{"id":"64c636e6-00f6-469a-9315-1b8ae52c344f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"04bfaff0-0ab7-4110-83cd-4e3a46766985","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwNDcsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"AV Hits (Count)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"AV Hits (Count)\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"AV Detection hits\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"fe86395f-474e-43a1-a772-34d1306373e0","managed":false,"references":[{"id":"60f38e0b-274f-44d6-9b66-fa83080c88bb","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwNDgsMV0="} +{"attributes":{"columns":["winlog.event_data.Detection User","host.name","winlog.event_data.Path","winlog.event_data.FWLink"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id: 1116\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"negate\":false,\"type\":\"phrase\",\"key\":\"event.provider\",\"params\":{\"query\":\"Microsoft-Windows-Windows Defender\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"},\"query\":{\"match_phrase\":{\"event.provider\":{\"query\":\"Microsoft-Windows-Windows Defender\"}}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Defender AV Detections","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"1344681a-24b5-4829-b4d6-ec18d2de5ba5","managed":false,"references":[{"id":"64c636e6-00f6-469a-9315-1b8ae52c344f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"04bfaff0-0ab7-4110-83cd-4e3a46766985","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwNDksMV0="} +{"attributes":{"description":"User Security overview, filtered by Domain / Username or hostname","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"bd9e6265-dae7-493b-88b0-e3dee8508541\"},\"panelIndex\":\"bd9e6265-dae7-493b-88b0-e3dee8508541\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_bd9e6265-dae7-493b-88b0-e3dee8508541\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":23,\"h\":7,\"i\":\"956d6ef1-5d6b-4ccc-a123-fa66805c15db\"},\"panelIndex\":\"956d6ef1-5d6b-4ccc-a123-fa66805c15db\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Search users\",\"panelRefName\":\"panel_956d6ef1-5d6b-4ccc-a123-fa66805c15db\"},{\"type\":\"visualization\",\"gridData\":{\"x\":23,\"y\":3,\"w\":25,\"h\":7,\"i\":\"62ea04ec-0776-46c0-9b8c-cf2915600337\"},\"panelIndex\":\"62ea04ec-0776-46c0-9b8c-cf2915600337\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Filter hosts\",\"panelRefName\":\"panel_62ea04ec-0776-46c0-9b8c-cf2915600337\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":10,\"w\":23,\"h\":7,\"i\":\"45ac8571-ae44-4bb5-a237-cd230ede51d5\"},\"panelIndex\":\"45ac8571-ae44-4bb5-a237-cd230ede51d5\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Search hosts\",\"panelRefName\":\"panel_45ac8571-ae44-4bb5-a237-cd230ede51d5\"},{\"type\":\"lens\",\"gridData\":{\"x\":23,\"y\":10,\"w\":25,\"h\":7,\"i\":\"1324f39e-f215-45e9-b679-05b06e4fcb9d\"},\"panelIndex\":\"1324f39e-f215-45e9-b679-05b06e4fcb9d\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"id\":\"e3f24157-721c-4741-ac8f-8be48c22d612\",\"name\":\"indexpattern-datasource-layer-d123adeb-fd39-4176-b3c9-69c88d2852d5\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"6f33ff19-9959-4c43-b791-939582a0b3d2\",\"isTransposed\":false},{\"columnId\":\"26752485-2aa5-4908-b400-504d6e7ef451\",\"isTransposed\":false},{\"columnId\":\"cc4e45f6-be3a-4de0-a416-e21043b601bb\",\"isTransposed\":false,\"isMetric\":false}],\"layerId\":\"d123adeb-fd39-4176-b3c9-69c88d2852d5\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"d123adeb-fd39-4176-b3c9-69c88d2852d5\":{\"columns\":{\"6f33ff19-9959-4c43-b791-939582a0b3d2\":{\"label\":\"Event Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"26752485-2aa5-4908-b400-504d6e7ef451\":{\"label\":\"Filters\",\"dataType\":\"string\",\"operationType\":\"filters\",\"scale\":\"ordinal\",\"isBucketed\":true,\"params\":{\"filters\":[{\"label\":\"\",\"input\":{\"query\":\"\\\"log\\\" : *\",\"language\":\"kuery\"}}]}},\"cc4e45f6-be3a-4de0-a416-e21043b601bb\":{\"label\":\"Top 3 values of user.domain\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.domain\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6f33ff19-9959-4c43-b791-939582a0b3d2\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}}},\"columnOrder\":[\"26752485-2aa5-4908-b400-504d6e7ef451\",\"cc4e45f6-be3a-4de0-a416-e21043b601bb\",\"6f33ff19-9959-4c43-b791-939582a0b3d2\"],\"sampling\":1,\"indexPatternId\":\"a2ce5204-8ea0-4af2-a2d7-daf564ce2841\",\"incompleteColumns\":{}}},\"currentIndexPatternId\":\"a2ce5204-8ea0-4af2-a2d7-daf564ce2841\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Filter users\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":17,\"w\":48,\"h\":4,\"i\":\"b453a1df-c025-430b-84e3-d6dc7a8c48f1\"},\"panelIndex\":\"b453a1df-c025-430b-84e3-d6dc7a8c48f1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b453a1df-c025-430b-84e3-d6dc7a8c48f1\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":21,\"w\":9,\"h\":7,\"i\":\"e5de9fc4-5863-470c-8246-0a86f5af897e\"},\"panelIndex\":\"e5de9fc4-5863-470c-8246-0a86f5af897e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e5de9fc4-5863-470c-8246-0a86f5af897e\"},{\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":21,\"w\":20,\"h\":14,\"i\":\"8f7f6de1-8c0f-4a35-8d03-1c4e01e72c48\"},\"panelIndex\":\"8f7f6de1-8c0f-4a35-8d03-1c4e01e72c48\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Logon attempts\",\"panelRefName\":\"panel_8f7f6de1-8c0f-4a35-8d03-1c4e01e72c48\"},{\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":21,\"w\":19,\"h\":14,\"i\":\"c53cdf71-278e-4972-9e0d-cd9b3b75c2e2\"},\"panelIndex\":\"c53cdf71-278e-4972-9e0d-cd9b3b75c2e2\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Logged on computers\",\"panelRefName\":\"panel_c53cdf71-278e-4972-9e0d-cd9b3b75c2e2\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":28,\"w\":9,\"h\":7,\"i\":\"0d1c0533-598a-4304-80be-c22047edcbe1\"},\"panelIndex\":\"0d1c0533-598a-4304-80be-c22047edcbe1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0d1c0533-598a-4304-80be-c22047edcbe1\"},{\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":35,\"w\":48,\"h\":17,\"i\":\"1a7e0e6d-e2dd-4bb3-8d5e-432d9ac12396\"},\"panelIndex\":\"1a7e0e6d-e2dd-4bb3-8d5e-432d9ac12396\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"User Logon & Logoff Events\",\"panelRefName\":\"panel_1a7e0e6d-e2dd-4bb3-8d5e-432d9ac12396\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":52,\"w\":48,\"h\":4,\"i\":\"0fab3d76-5411-46e4-982f-4d4626c977b8\"},\"panelIndex\":\"0fab3d76-5411-46e4-982f-4d4626c977b8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0fab3d76-5411-46e4-982f-4d4626c977b8\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":56,\"w\":48,\"h\":14,\"i\":\"b0ec1bf9-7f59-4cc9-9f9c-40aba7375305\"},\"panelIndex\":\"b0ec1bf9-7f59-4cc9-9f9c-40aba7375305\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"All network connections\",\"panelRefName\":\"panel_b0ec1bf9-7f59-4cc9-9f9c-40aba7375305\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":70,\"w\":24,\"h\":15,\"i\":\"f068f3e0-1c90-4f9d-93ca-a7e7c96df39c\"},\"panelIndex\":\"f068f3e0-1c90-4f9d-93ca-a7e7c96df39c\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"title\":\"Network connections from non-browser processes\",\"panelRefName\":\"panel_f068f3e0-1c90-4f9d-93ca-a7e7c96df39c\"},{\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":70,\"w\":24,\"h\":15,\"i\":\"6da7d5e7-a679-42d4-b2f7-bb3c958ab16b\"},\"panelIndex\":\"6da7d5e7-a679-42d4-b2f7-bb3c958ab16b\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Network connection by protocol\",\"panelRefName\":\"panel_6da7d5e7-a679-42d4-b2f7-bb3c958ab16b\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":85,\"w\":48,\"h\":15,\"i\":\"6d5d4b74-133b-4fef-8ae5-14d2e7037a78\"},\"panelIndex\":\"6d5d4b74-133b-4fef-8ae5-14d2e7037a78\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Unusual network connections from non-browser processes\",\"panelRefName\":\"panel_6d5d4b74-133b-4fef-8ae5-14d2e7037a78\"},{\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":100,\"w\":48,\"h\":10,\"i\":\"ea6ad677-7322-4c5c-8946-cac4dd983b26\"},\"panelIndex\":\"ea6ad677-7322-4c5c-8946-cac4dd983b26\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Network Connection Events (Sysmon ID 3)\",\"panelRefName\":\"panel_ea6ad677-7322-4c5c-8946-cac4dd983b26\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":110,\"w\":48,\"h\":4,\"i\":\"43b61744-5553-4fd1-894c-6e91a799f4a2\"},\"panelIndex\":\"43b61744-5553-4fd1-894c-6e91a799f4a2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_43b61744-5553-4fd1-894c-6e91a799f4a2\"},{\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":114,\"w\":48,\"h\":14,\"i\":\"9a522603-8d31-4ad6-ac4f-130a814f54fa\"},\"panelIndex\":\"9a522603-8d31-4ad6-ac4f-130a814f54fa\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Spawned Processes\",\"panelRefName\":\"panel_9a522603-8d31-4ad6-ac4f-130a814f54fa\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":128,\"w\":10,\"h\":15,\"i\":\"fad5ef2b-1cc8-47bd-832b-48aeb713f6e6\"},\"panelIndex\":\"fad5ef2b-1cc8-47bd-832b-48aeb713f6e6\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell Events\",\"panelRefName\":\"panel_fad5ef2b-1cc8-47bd-832b-48aeb713f6e6\"},{\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":128,\"w\":20,\"h\":15,\"i\":\"68d75f76-3806-4d15-81e9-d0dcfa34c9b9\"},\"panelIndex\":\"68d75f76-3806-4d15-81e9-d0dcfa34c9b9\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell events over time\",\"panelRefName\":\"panel_68d75f76-3806-4d15-81e9-d0dcfa34c9b9\"},{\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":128,\"w\":18,\"h\":15,\"i\":\"ed7a59ea-caa7-4396-89b7-90c6b8363800\"},\"panelIndex\":\"ed7a59ea-caa7-4396-89b7-90c6b8363800\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell events by computer\",\"panelRefName\":\"panel_ed7a59ea-caa7-4396-89b7-90c6b8363800\"},{\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":143,\"w\":25,\"h\":16,\"i\":\"cfe390f9-80a7-4a11-9a8c-7d599e41e38a\"},\"panelIndex\":\"cfe390f9-80a7-4a11-9a8c-7d599e41e38a\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Potentially suspicious powershell\",\"panelRefName\":\"panel_cfe390f9-80a7-4a11-9a8c-7d599e41e38a\"},{\"type\":\"search\",\"gridData\":{\"x\":25,\"y\":143,\"w\":23,\"h\":16,\"i\":\"9587ef7f-3554-4886-be6a-fae4648e87dd\"},\"panelIndex\":\"9587ef7f-3554-4886-be6a-fae4648e87dd\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell network connections\",\"panelRefName\":\"panel_9587ef7f-3554-4886-be6a-fae4648e87dd\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":159,\"w\":48,\"h\":4,\"i\":\"7cfff19f-bf9d-4101-be63-4d9b8ea78e26\"},\"panelIndex\":\"7cfff19f-bf9d-4101-be63-4d9b8ea78e26\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7cfff19f-bf9d-4101-be63-4d9b8ea78e26\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":163,\"w\":24,\"h\":15,\"i\":\"4988f659-a275-4317-b071-8a350087a4e6\"},\"panelIndex\":\"4988f659-a275-4317-b071-8a350087a4e6\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"References to temporary files\",\"panelRefName\":\"panel_4988f659-a275-4317-b071-8a350087a4e6\"},{\"type\":\"search\",\"gridData\":{\"x\":24,\"y\":163,\"w\":24,\"h\":15,\"i\":\"bfae12f4-b2fd-471f-a111-daf49cd25ed3\"},\"panelIndex\":\"bfae12f4-b2fd-471f-a111-daf49cd25ed3\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"RawAccessRead (Sysmon Event 9)\",\"panelRefName\":\"panel_bfae12f4-b2fd-471f-a111-daf49cd25ed3\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":178,\"w\":48,\"h\":4,\"i\":\"a4f5d22b-fe87-4488-8d26-d0d9cdd10d6b\"},\"panelIndex\":\"a4f5d22b-fe87-4488-8d26-d0d9cdd10d6b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a4f5d22b-fe87-4488-8d26-d0d9cdd10d6b\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":182,\"w\":12,\"h\":14,\"i\":\"e8c5ac63-42b4-4081-85e3-378c85c0b4cb\"},\"panelIndex\":\"e8c5ac63-42b4-4081-85e3-378c85c0b4cb\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Defender event count\",\"panelRefName\":\"panel_e8c5ac63-42b4-4081-85e3-378c85c0b4cb\"},{\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":182,\"w\":12,\"h\":14,\"i\":\"30454a55-0210-43d2-af3d-822c5b519033\"},\"panelIndex\":\"30454a55-0210-43d2-af3d-822c5b519033\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_30454a55-0210-43d2-af3d-822c5b519033\"},{\"type\":\"search\",\"gridData\":{\"x\":24,\"y\":182,\"w\":24,\"h\":14,\"i\":\"6ff4d4db-16b6-4c80-8bb6-95e009803d1d\"},\"panelIndex\":\"6ff4d4db-16b6-4c80-8bb6-95e009803d1d\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"AV Detections (Event 1116)\",\"panelRefName\":\"panel_6ff4d4db-16b6-4c80-8bb6-95e009803d1d\"}]","timeRestore":false,"title":"User Security 2.0","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T15:24:54.858Z","id":"2fc36188-8461-4927-932e-0e452b7dc3ac","managed":false,"references":[{"id":"dec45d9f-11a2-4e39-ae58-4fc7885ce7dd","name":"bd9e6265-dae7-493b-88b0-e3dee8508541:panel_bd9e6265-dae7-493b-88b0-e3dee8508541","type":"visualization"},{"id":"4a675166-ce19-4836-9567-eda4ab46b3d5","name":"956d6ef1-5d6b-4ccc-a123-fa66805c15db:panel_956d6ef1-5d6b-4ccc-a123-fa66805c15db","type":"visualization"},{"id":"8d476795-134d-4689-9050-a24b57adaa90","name":"62ea04ec-0776-46c0-9b8c-cf2915600337:panel_62ea04ec-0776-46c0-9b8c-cf2915600337","type":"visualization"},{"id":"5c4b0b82-4972-40fe-b2ee-86c366342a98","name":"45ac8571-ae44-4bb5-a237-cd230ede51d5:panel_45ac8571-ae44-4bb5-a237-cd230ede51d5","type":"visualization"},{"id":"e3f24157-721c-4741-ac8f-8be48c22d612","name":"1324f39e-f215-45e9-b679-05b06e4fcb9d:indexpattern-datasource-layer-d123adeb-fd39-4176-b3c9-69c88d2852d5","type":"index-pattern"},{"id":"4eccff45-c97a-480f-b593-4744922893e5","name":"b453a1df-c025-430b-84e3-d6dc7a8c48f1:panel_b453a1df-c025-430b-84e3-d6dc7a8c48f1","type":"visualization"},{"id":"3f7d1f53-6b70-4235-879a-f149d98c9063","name":"e5de9fc4-5863-470c-8246-0a86f5af897e:panel_e5de9fc4-5863-470c-8246-0a86f5af897e","type":"visualization"},{"id":"42ae3f23-386c-4ceb-bb84-98879107338b","name":"8f7f6de1-8c0f-4a35-8d03-1c4e01e72c48:panel_8f7f6de1-8c0f-4a35-8d03-1c4e01e72c48","type":"visualization"},{"id":"1e3228b7-ae0f-4e37-8586-558d4eb63d23","name":"c53cdf71-278e-4972-9e0d-cd9b3b75c2e2:panel_c53cdf71-278e-4972-9e0d-cd9b3b75c2e2","type":"visualization"},{"id":"b019f88f-c449-4d6f-b812-78ed5a9248a9","name":"0d1c0533-598a-4304-80be-c22047edcbe1:panel_0d1c0533-598a-4304-80be-c22047edcbe1","type":"visualization"},{"id":"e077e6a8-f42a-4444-bcb4-19b8916163fe","name":"1a7e0e6d-e2dd-4bb3-8d5e-432d9ac12396:panel_1a7e0e6d-e2dd-4bb3-8d5e-432d9ac12396","type":"search"},{"id":"80b03097-c117-44d0-8413-3c932d0886a2","name":"0fab3d76-5411-46e4-982f-4d4626c977b8:panel_0fab3d76-5411-46e4-982f-4d4626c977b8","type":"visualization"},{"id":"aa741894-2140-4529-a488-6d34ed57abef","name":"b0ec1bf9-7f59-4cc9-9f9c-40aba7375305:panel_b0ec1bf9-7f59-4cc9-9f9c-40aba7375305","type":"visualization"},{"id":"e45875a5-d1ae-4c92-9683-86392f740aae","name":"f068f3e0-1c90-4f9d-93ca-a7e7c96df39c:panel_f068f3e0-1c90-4f9d-93ca-a7e7c96df39c","type":"visualization"},{"id":"48405764-dc21-463c-bef1-3c0da9a0e42a","name":"6da7d5e7-a679-42d4-b2f7-bb3c958ab16b:panel_6da7d5e7-a679-42d4-b2f7-bb3c958ab16b","type":"visualization"},{"id":"5e7314fa-49ae-4328-b799-017c6a3c4fbb","name":"6d5d4b74-133b-4fef-8ae5-14d2e7037a78:panel_6d5d4b74-133b-4fef-8ae5-14d2e7037a78","type":"visualization"},{"id":"e35a92e5-1ca7-4c49-8f92-bba46bb6b8f4","name":"ea6ad677-7322-4c5c-8946-cac4dd983b26:panel_ea6ad677-7322-4c5c-8946-cac4dd983b26","type":"search"},{"id":"b54164ff-6ee5-47d6-a42b-8ac2cec9cad9","name":"43b61744-5553-4fd1-894c-6e91a799f4a2:panel_43b61744-5553-4fd1-894c-6e91a799f4a2","type":"visualization"},{"id":"826cccdc-b0be-4819-aab4-4082eb2ea6b5","name":"9a522603-8d31-4ad6-ac4f-130a814f54fa:panel_9a522603-8d31-4ad6-ac4f-130a814f54fa","type":"search"},{"id":"bf65ea9e-3cf4-4394-ace6-e45968bdfaf6","name":"fad5ef2b-1cc8-47bd-832b-48aeb713f6e6:panel_fad5ef2b-1cc8-47bd-832b-48aeb713f6e6","type":"visualization"},{"id":"28a2a074-23e1-4739-a9c0-1f04e4416aab","name":"68d75f76-3806-4d15-81e9-d0dcfa34c9b9:panel_68d75f76-3806-4d15-81e9-d0dcfa34c9b9","type":"visualization"},{"id":"04061d59-6e1f-46f4-887b-e1877e32a7fc","name":"ed7a59ea-caa7-4396-89b7-90c6b8363800:panel_ed7a59ea-caa7-4396-89b7-90c6b8363800","type":"visualization"},{"id":"3617dcd4-57c2-404c-a865-74ef3cddf9cb","name":"cfe390f9-80a7-4a11-9a8c-7d599e41e38a:panel_cfe390f9-80a7-4a11-9a8c-7d599e41e38a","type":"search"},{"id":"04c60a34-98a9-4073-8538-97996e80855f","name":"9587ef7f-3554-4886-be6a-fae4648e87dd:panel_9587ef7f-3554-4886-be6a-fae4648e87dd","type":"search"},{"id":"77c2b538-1477-4bf8-bdde-6dcf0605b596","name":"7cfff19f-bf9d-4101-be63-4d9b8ea78e26:panel_7cfff19f-bf9d-4101-be63-4d9b8ea78e26","type":"visualization"},{"id":"45809ac4-b7f7-47b9-87c4-2317cfda1493","name":"4988f659-a275-4317-b071-8a350087a4e6:panel_4988f659-a275-4317-b071-8a350087a4e6","type":"visualization"},{"id":"bcf814ff-fe22-40ed-882d-2c77f3c3e7d5","name":"bfae12f4-b2fd-471f-a111-daf49cd25ed3:panel_bfae12f4-b2fd-471f-a111-daf49cd25ed3","type":"search"},{"id":"a2cdbce1-9070-4851-909f-774a80d2875a","name":"a4f5d22b-fe87-4488-8d26-d0d9cdd10d6b:panel_a4f5d22b-fe87-4488-8d26-d0d9cdd10d6b","type":"visualization"},{"id":"6ac9a9da-1772-483c-8c32-b049f0273186","name":"e8c5ac63-42b4-4081-85e3-378c85c0b4cb:panel_e8c5ac63-42b4-4081-85e3-378c85c0b4cb","type":"visualization"},{"id":"fe86395f-474e-43a1-a772-34d1306373e0","name":"30454a55-0210-43d2-af3d-822c5b519033:panel_30454a55-0210-43d2-af3d-822c5b519033","type":"visualization"},{"id":"1344681a-24b5-4829-b4d6-ec18d2de5ba5","name":"6ff4d4db-16b6-4c80-8bb6-95e009803d1d:panel_6ff4d4db-16b6-4c80-8bb6-95e009803d1d","type":"search"}],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-10-23T15:24:54.858Z","version":"WzI1NDIsMV0="} +{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":42,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file diff --git a/docs/imgs/insecure-powershell.png b/docs/imgs/insecure-powershell.png new file mode 100644 index 0000000000000000000000000000000000000000..a36f930243a3e804f287abbfd32385ada46a9eaf GIT binary patch literal 746536 zcmZ^~1yEeg(muXOa6*D6xI=K4#XUf9_W(hIyDb{v#T|k!?(V)og2UnxbQ2&rEbhxM z@4ff??ydX({^!)x^y%)WpP4>gb*84~M5(JP;9`+t0RRA8#rLwB003Go0DzQ(f%ZpJ z9-sjM0I;g;WMtG8Wn`$;-JGrM9IOC<_fcsX=-Mei@PkjE%Oby|2YX06&l&;V(KG{Q zyW$d2F&Mr`0$!6fwj;Af|AmoGWJ09wq7z+>E89?yA#jA<$XtFn6pEX6gA!Tab=rLc z&3>N9)3+#A2dCMHS- zkK{acbwg0{?fmBgfJ=~|XEV8w@$p{(Ksa?y-{h}ix&V9)Oa~O~#yX=l< zK>PJ9^#ER(uw6RCTn^Va+sh9hWZw{&69M4#0!FE*07a^^IX5B2_ms&b1G>l@X2D$N zZ`(`CY+PQ;A0S)O%l`%U2=p5;JEwnQw+ZEA%Fd?QdwyeRay5G%jv zNAZYvS25qsXA!>0W>a^a;FSjpXkJF>OKc=AoX!RRAXXCt#n}83+ ze5PNI-_;~^6?%DrHpFxwmG3Kjs@Qkc_G)^ z(jh1NnoVl~RCA=_@tikoK4J!w|LPJNc^%_s4VqiR{FrElEG+q=QWAR)$?{|T3T&82wbeB@G~>3^nT`U=B`}dROG3{+k&X9fc)7Sb(oVJ5Q>OS&5|+X)o=W@24)P zAyb}Fu4c=Y6Ro$|(3e9XV68=X9xZ$z>Rdh@i3LF zrZ})|5zVdhHS8<#gxrMV1oLk(;uxJFQge!iz-4_0EH9!~oG!A}Sg{0(zW9$!E!t!HUweP_jHjd(I0-d|G>CpC>`k6vwKZx3%LG!hzM z8>F-8dDS@7I8+_s{?Kzn6-E(`Saa(L=wRs}a9i3j9V6Jr-N`(6xZ^)>IWOBr-(ezT z##+Sc$J)oT!otPUBOD@hjgE-kh&CRi9ej!=Ayi;yj;0J({HZRW{!*PoQ@%pK@^zY= zNyII z1(o)^j;OW|3j@m}OPh{()vR`pj+RbaWow1Frc704Wq9RI<*`Or`L$+lmu~GGP@N!UJYT5QcaWL)(WAcpkuFB$+htD zE*}GFSh{>wsplL$kQ5jQw8#YkLBNzw`Oc)y@XpE3gv-DDJbGk%lzKSCqIz2q7Ej1e z@=p(Fs3@IMjr}jfD8uj~rh{HQLqed-5(%^v624t~z|Au`ZaC?jPt35Bp8;9^o7BTXa_+-YAzZS0I-? z$f^t)7aFfg7fau)KB}3meyJ~3uiJdx#?gFIA82W5|E-~-rNc_O^{T<-^QzOs3Ungg zrfvA7R%|e^;Yt31y~}zu1BGw%>J@(vCZ)JV)Yw6Q5oettNKGi>&rQpQ0l3(3iII zhj}9~>B3#VoQ=(mX>I@bbr-TfVLT~%8h(C$#d3CVp?evBS$h_ERCJiKJ-0`9)^cOA z5Ef?!p|0R zzx0zo&$bqyeY)AM+|CGKghV_82RW^r$0Fxp^D-4$b~AR9`?r_3ms-ejQkD54GOTo* zmXfxNY{W0EfHqE3sed8MqBrGNTNxbx(EcQJKtvV;A;8;h->Y;oI)*y; zC9zswSLlaSl|f%ua@srU)(Qfqh>wW-(?yKd+bC<*%SY`r5kSwa<~=N>xXj$LTKB zoy5laZdY9kw7%9}!Yc@hC_^uNdHE>&T!F}6>7NZV!^3=uOYu@<&E!8!3{?OJx#dogPdgu47CG6|%@&$M+sMlQ-=Cg!(A61%y#^l|iZm48fu$Wep z+`8RbaJ_sTqJ=2y1R4Vk0~>C4rtNa)T5M9GsbGdYcA$tS$Mf2E-=B9Gxr(`TCaj&5 z#(#CVREacqom%t_j%NgLnCzKf=5!tT-CYvxvX<4(*0q|rw=b@I-dsJeda7dwy#&=P zQPj2Fh+KK&u#pP+e|wVORjJF)aB6Te>7wxPhpBGoc7-XUN1nKy#;+@P-P{L4pGMIS zDJ>||MU#WHuk^QE*PR(5{CL7Rxo@vYPeAyH?S2fK?ZHz6NYGn$Kczs!s}BzbPhTgO z_g%qfh+XBpgx*)ZUjqytBL}FuOy5F)cV)xip5!;9d!J_xD+H~abv7yeY;I~l(|-DO z_HcQVLZu{L87TS~g{atdzudJ+=`eFKtAu0)9N!YdkAG_4&!;A`TTI0wGt2(`E(_Qo zM-C>(29!_%ekK3N^pns3@r=ZaiXfPRuJir^^l9J$q!*E3Aj+TnZ&5W2zR0`^`hp(p z=vV?2e1=XO%+Us+0;Z7VQF-B`UhJ5+krU9fp#29h@%tvkBm$d#4INC?Rg?K=^_p&_ zuV}5J0$}+gV*p+t;R8_qNJxKf01_$S#Xn>KKnaQLe`QT1=70Gh0|1eB0Mvi^82;)1 zz7qemKj?q;D9I53^gmDdf7+LPw{`X? z{0bTWqrh}|Z{Q995HtMUkQ6oP;Q#>gvYocRhrY@Oprx}ThxsRG3o8yEN0-0j07QL& ze?&(s4|8fCM+YZ&ppO{sKRkecR=#lb}@jzvvP zE$a5k8mK8N|1bETCox)E4-Xe0C#Sc!H-|SbhqIdvC%3S$FeeueCl3$%9}jkSUndW9 zA9g2qx_<`wpE$Bs?v`$LE*^HyPSk(LHMel~^bn(^{hR22uYZoy%E#{COiu3qn%18Q za{g`McG*59Hr-0BTyf zJ3Dy(okJZbI}hVW_-zbBB!^FAy`2Gd@Pwjsr^#4!9e`^05q2^}yClBU-4^5o= zUkv}L`9UWUijBPo1v4bpeDDGT(tgloW2kZzsh55SX0~GrSvL zV&?=e6%`JMcF0&o`;*cKH6i!w@}D{{IzQ*2^iDMsq zT}p-1XXlse$(q-uSCHT{ZT2MKDs^q6aLunva9`PMx%NSyGxfu0#uy7-LN}tFHk|iB z9AvQh^pxSTZ3_XSIMoziq~_LXujd~79c``^`Qy!3k&+WGi=zapT-Q&@1l7?oaUP=g zAgN3?N$ExJy7o@X^RJKkB{(jLRUO{_h#%k8b7(Yk-!+>~vLw0OG|ic|$d~gD`o-J% z(5EY=o}qie4$DN!bAs)YiI>pzT}V9Ut7QO-+^o)ZAnqyRw|964unlX+xMJ-SGi{}< z&VWiSiN};B&!dTQzem%-9(fwOcWIn@&AKZ7l~)~g3zemnvU+BiEM_nKV0pCs{9n?b zoh^K`MQ3wUO{Qgt^V>$W2+J{R{K~a5O~t+N3zL)B(aG8aZ^y+* zO8@uXr*?}1P`y^a-gttHt0D=I$?#NsO`da_WbM}ao9TB) zs+V{9R%XyNYZ=F3=~u+|mlzTB?bM@W z5aA{;`Q|;C%8?gVYWktd_f2yKxT?#6CT<-(a9z?j z8ShdzYgKNV_XK-a@}tufDG*ar`^#tIxk?=^4tQQQiYN~o2yaBagzwOS`=b>WiIe7P zFYf*9ZX(e>X3trT4A8YxO~IxoORfEdQpekYaII99bisu}m7AqQL4;%OxnAkzJj7q4 zOf9}#;z*DD&GHKdIF&~_TdK%P{xv%3)xvX)irkqU1;Tr3KaK#UlN`>Rg{u@5&~mg| z5*hTgWzT7ld^#fNdGh@Q=z?60d9yqW{1{wG8?FT2*Hkgk_YQE#AT?x7%a~w(m77Y; zd3ZZBe&6)$X;20%Biu3{gCwRBmu zk@%bVX!EC$8Rkt(mDRH~=<1^5A#`n5?j-X_86`F~#$EN&erGlYi1YMxrp!y;B!y0e zNUR)qp#(Nr-yJ?xmr)Ks|53Ji-Qi*|tb618YqmJO`|X0mIuaGg(EE5Jm|UfjgR{tI z1-_kb;|ZpK&-~QVyDV}7|3WaPIj+>*|5g%POPp_Ar0o#kW7#v(-B>n=`_SQO;nYPd zN8~qUoe`i#;(79e>GGUx-LDe6qZ1HEtFV+35mw)JN0+PgE{w8bvsd9p^xW5xSzmW@ z5Td>tu6$p0A%6Sf9&WvJ?XxW{-XV&nK$(91jtsBL?nVG~dx5v#SBvI|%b<;~FR2=P z`1m;kwps+7;jZn?SHt`iVj`dIm8mTN)a!nq=MyF%v5flUp#I5RsqXOsymv%KH;o6^ zUoex;9wOVfm8~7LZ&~XyFq1Sr-885fOGAAezxa96P_;Ynx+mgy=g}6pMl$LMz*#qLf`XWwqmNamSEWnX>y5k$Hr{-6K`E6{k~Z%| zvLm0@Ng-~FKO-|X_7=4Itjz6jIY!32H7`k&ZV_%h-RmDU4Dg9?z`;meA+F(4+~@{;O$!6V+cR`AZJ;*(yiq$eqVml z*`z~dt5i|jS0v;&%0J~NQ|7s6TZV96Bzt3=$}|Eg8{ZypwjD+%yF7##(cSF*6$WV{ zVI+TKa30vqTDyEvnUrnRd=)PWIz~~98_)|1V6HxQ10$~J3~F%j4%HCbIZ)$VEzzSF zXx5R%Gz{D7pHf!ves7QGl1-~InrZeirbzetq<%TTw=^-7@9lOus6-sKyokF(-&S0( z-+E|0z=rs%`?u-RUJ#6V`;&_S7w;lC#Gfd7e9#`R&|8GGXq{W-jVQ|(IiIcLu#oo} zzDeoq>|W~Y=)6~S0GEWQ#^w2$PLaz%Aid0H{H@F15)MvGR9@!J|L$`74*r?TFNQ7S z76K_V6ZCm$Z|n2c$1i`5T%Kp2a9HIX#4DxJt5>b-lzAGmCR|&=x_++~6ez{iwVQ_F zn`ZFT-9Ln}Mpmxf?vvuRwpwZS~-k)#aI$rDEQc#O-NP$$(CHmeZb`db9hkzFw)Z_Arrd;-IO4!KrP_9w)X$GaX z#$w$>hZ8>^q40fqYwd?5)O!Yj(o2W3msBUy;Gn~3j?1ZcuU%OwI1~L#46`>ND&Xh! zF3;UkECr6Y2p;&R?eM!{Q$NH9$V*(=W-hP=-Lj6zwe7P4)l5k4RVReFi#10Fr`NN; z4ehW&xy<8d=J3@~l#^K8lfiPQ-c7*cYl^iW`49Ffm8J<2N9Q;;ypO)S=&9jUd7{XO zK+)ovBnDsUM~*S^qJMMCu-ELIP0!v1 zoJ)HXhYI3^ZJ#&Mv#%C7=SLRiPN#pIDQ^KI<;a4_fV=~(yrw}f-550+6}zZx7bG6| zE~6=dcWqO9Z~QK{3#s&XVEfCLw&)CFJKin!o5P1!X`8jWmrCHg#~aSWwU)QIf0AdI zmL1PNyxYXRE!%18FY%+$>_L!S$>i7@=KVXme=0H-V=R|l7P4NW_P7$ckb10f4S$~f z%+z)1oe{udyIK%NQIC= zDeXvg^(uv9!7gqb7WAlAs~xYx;i{TQ-%xg`I$S>Nf`aF&m%SBUdISu&yWmGyS4n*s5=riHsb?hXlTeeVE?Ux+{%m9U@UYez#e`2^^aWLh%*OhxEMBCVv?EDbX}V{VC&H(2?kV3K_)p zqR0C{26CQ%-M@Pr@)Zl^!Z0e~V7qDevPeRrK=A%IANiT(#c!cg_D7QNK%O`tJd^n8 z;8cJ$ut6^}=+rm&cpzhlN`GsW|9*n)Cmy|h^F@)!Ub%&JMh-@B{6)Rq`cF1fFkFExv&AYXT(J==CPzxdc{x;61?GGlhkm z-qOa4po$_Aw5vZW***@p2bjhuFX+agcv#s+^OWw+ES6UR9Fx*lsCj-U8L=3^8KL}wck2l|Kf1Y0x!CgC2*JKSAvKO( z@nrJq&j=a+o%ML=!Yv;C($ocZzWz<`YSNOGWvyQCMj|$FS+~Z&s$f_2!UpgWZB;lV z;JYgHyvey%VKij!J~E?r4=;~&@zTYxS3Rm#yk3tAvG&l6jZ#En=Wb*c~Ix+Q8s6}p+>$es{NO)?MAW5RVhi0PoZX&HekE-p%(v{Z3L|Fz~UEmpLLARO0kFJOxlnlYUn@Cg7=a==r zOSjIE)rO(SAA2Qh&c_4~Pw-j~8WQwaKs(9tpa&-4%gsE40f@;0>!JB)pYCLIaE+~)3eLYm{0wm^dj`bK$lu$|` z47*rljtvxtPwRsAo4#wXU-&C}c`u`zo?<3b zg?RVPbNt@0(WX_oU`*~>j|rxPuJ#RnhQ^eOhZ3SiOwR|Y z(0F!xHXMnX0SV=a`PvrH#+8)FrnMt8o|%LhDVSq1NWRF%bnzzsrO>Yb&4WjJ|Ar!P z(?^saeoVZ6RiNY3m?wzk)U-SrK>Ojbe}{DGa{_ppAm}km6?e*xi!=Yb^lOA_&2^Ap zTNtE9=Z+=pd7$c+EI1M>@qj|n$yJddPpd@w{NnQrHvj!R$!9_^RFCtqt)knhJFWuy2h z7#*~AwJ2>f(u9YSp&(e1CbS&qV&DdI+ZGwVdU{55s#;9pp^$V}dQ0&J+>$IkbJ8U0 zN7GUT+#l3|K0NP25ILa%kox*y!?yP2W92v_3d)+ZxjMFFkt7e+x_b2%Z-=>33aiS$ z;#q`wDzH)JvfOvm~~)1ArWOyOSNWl z`RI{MwNP6D-!83vuSe?~01BSYDDg`r4JCF9HC%w20PM9yLL5ZdG(Nz%kXM7$0s_c5 zXTj1XI`+VN4H0kM3RHsP3w|c ztR---GkFsZGAE_BX-mygDTPR-c4nqdGg(Mm>Wo`XpBiKFfM!P4sw+L$dy1qf!~HLM zh+oJ$4mDavB1pexG;n+4`(skJ$8NdducR}JX|uBzeydj5MWD`qGUg`PWo4!LFcHNDzk7N$Q#;ic#LODAU-eP9%g@BJ`?wGoM7nApS4* zhCS#l7n}NY3;W6kK#iZD=?rFQqf88GUU(k{VvDl8w?X>&f|ms%RE)rh;;HuFh1)1# z2$_x^%xfz>(R`4wW!b__31HXbB2&ML$L&NBJV)LoHI=eUcv(@0y<#M0Mzk9yT?cl4 z>o+RNxiR{7kD-*=BM)0Mi7YP1W886Ep5TLl!smJvZ zlk$~h4@b}|d8cG>f3jOBU3lerE%Te)#p&BZKSlzjUx^*>vEFuWYJ4)+?{K*k+X&bp z%CM91?;+*Vw~2l_U|dFJHHI8%zkFe3p(Gp0-ACIA>@mQlpA_ULdM6@Q6XpBseFX37 zUJdaOH@{RCtqVAoNw%C+MkIIw766x(3Y4aC*5>7XH~GOT6=s0+NypSRj`U#c&(54i zpg`sA^4Ho4C~{pj7DlMHPD^Eef600cO7tYOPvW&NcIASfch||XMn&Uxb9$Xhl{0ru zJ1g==!IUkrZ9#q?OIdQ!8=^czq|E0$O_yX&!L>o`;6X=U?{%INNu zKYLz{&T@57Sx-mgK!w^DkMtnr$_0I+Qp0Gha|iH93@a}$R2=(4tg^Zp#L_n9yGTDu zk>IxRGw>?hwU#mE027%iGGV#wOoOpJE7x%)9MjD;XLryT)f+q2%tU@#v_Rk7e39pr52WC^x;<@-`PT8Y+k_kA5Dl zt@x2qQ@1QlAYn*P^gMea_8Z+C9cgaP9Dj2Ac+4xR{(ITf{0D$rltuX0B{j+6qQ&FE zN(UAV%y{kZw)5X-**S`es$US_x`~hl`frTU*74fq=^<~PRL(_A-YMPS*?qLr3=^8* zz%MpPo(hDTHP^^FvaJM@ALm4~?&Gp(8bp%^ZwivI3JF$6#aL$1+A5agtl{Hi_Y2eh z;1-HulaA|fFgtpe5<#UKOLa~WSpM^F)etMy0) z{5|;uMslBXV;C`*VsT` z;L<*u9vgu)`r>gY)aRPv@~Y%5>=zP;PKiA#N45abJ3f(OZsf-~)TP>QRzUQO0$*~Q z3m^gaWIS%=X_j(0{ZHaU=}H)OgaUNR-Y&E0t5zEi4W3)C4YDCah=rTD0w=2YJ-WwW z82iV|*=^l%-H-G7)yerJy*ypRFAsA_cN0;WkiylalCV}uo2?YOPV6o!-U$`;ntF(; z+C&8B+W1P>E?kl408+>iu(>xjU&nveMW;AAGpx3Xp29fIZ+YA6OrU>Td7=*-&^Oe4weo4GLmLwC#{T!0L z-`8LJVzFu)9nGcFe%vw99VR@tBL6{f#iFlKy@Km$@Az&1fI@w9t^J;&^QF`hY8BVE zl9$u8{Iy@8g;K670ts}0omSb{t5Q?)T1Rb?MO>mTZ^PF!AqlqQJ-D}@waC(fl&wkL z)UiXPP&g~H}woZJN60q?^vy--1St3-O1#gt5 z@5w+@EKE?5?tL3Q^;lVLtEEWy!kQhVgzwYSe3Stpe6UyR$ujz;oHbsjvW0iXeEZh6lQYMv=E0(1V)QD1Rz?Rm0~R zQ<869WU2Ns4T^Q4gPS|aMwZK76~tKJ;X0y7y_N;l1=~&ilo%GjASti!);!KWB*Nmf z<)cDy2kN)c@D*R&eejbz`=0pwH`YQFNcW&(x)%2Zp)#9&&M$Ih-A(E#-3*ifV_}0V zCHga_`l+=5;-39;i!$_X7Ph}e+g{C~UL%h9&hu>ULd|_z78_(LX~(fFQKpK#cO!-| zudTIX*$qrv6|LeFj~$N(sjl|U@x64}#TWX$j#mteL&G&DP2SF-BJ^iXsPQ}~&eAGD z&#LVAbfl7c9xs1pmxQ43v=Kcx45tT#@5;~2SZ1|8bo-7>x$&p^v}A%*+tWRrXiH6z zTSo~)pdV$!m)XdIO!9k+Di&c=d=bfI9^<#!S zbmtb23JDR@A7pUL*~wQnV~T~EqTyf&7HI9zfgn-Rz)fQxY1A^BrWR)mod)?4TO{!; zpmB7kHM5n+*9lnmFvr`v2J!smG|H=3oC@@?v2c?-9aR6Ns%SA`L>HHMWKhmW@U%WC z+%mG6|8+gt;T$|xA!U5%!8G*yvLHcG7KP#B2(nAPSdqI5<0nmJ!o5U{OjcbcxhOgK zx0BWY@uupt!M5GVY6j^$thD?T?>C}0Y3l(5qGj+UrjT7!grFi7>q;j_My#-&C6OTD zS1Fb82xk{QtFkcgVq#2CnienI$*UADvtD4aQ?O-p<2ZnaQSNS`+SA8i>0(!|oibX* z=;P6>_f4xWTqulTAz*n&F(Be?w9-&Ixt+8q8i*%05I&fy@T&Fgle$thP0yP@IlO-B zLA4`J5-w*4lK?#H2a~$uypO z+A4ZtFmsC!Q9#S2HZBss;8elB#Xi?wRxj%wN#?OcG2BLXQvmDd)S_aVGsq z5}ei8tS}<(cB(}ji?nNjAEqOSNlbFq$=1o6idpVP74AyN;OPQ2g~f79HyDT8lPY>` zb(*Y;C z6L}o+MAy@QnLfYc)s5mk9Vqx?Y6W zdMN~g4AuO6TUBiPFrf3x+SJ4yo`L81rJhbk`0?kdG0&qGCydsbU`(c0&{5kwTp5=a zZe}k}BBFPPmsfYbU13KTUZ2AaE({@Jt>?`S3iKn&D>0OQ+3M^{@GSo_*@wg0nI;nP z1IEI|LzvRV?8EV!S7*|*@?9Iq)DoQM`G5m_s1}~Cjr$=LfE6tde`@>@kfxsF;PPW7 zf(?nI-6u=7lnIx^2{xM=raWfB&6YjK5^xc7Nb>4dn8t-HiWU0^KUn#dOPK|t??K?R z0`Jhp9m#@wr*g)wdOI$IYFfwZ-y)b81Rjes$?**3E7S#=uV-J$d$HiBQz^uX#xc^I z8RtD*tNk9LCWJnpuQhXY!|6=?D&B7@tFuRGA(kNyI^oWW!_NnQaZGEtzKAfD_30X+ z&*p8OFclS&GOX3M^Nm4_mbnIxYh@u2yg;ShZ_2VfLp(%S#Lf%p>niu>HrKYwpxh0? z$5>=uY@iag3rC2QEtQ zu8HA9sONH$9Cr1&kBf)d#Ecoo^j#3ago~?$5@LdbaPwHXE4iwb1eEJtLN5ZmCF>GD zXmw{j9F|WwY0^aG5=~{}g0`%%;tqlc=g;vM%(eSYm^;d`O)@UQz3Wx(bf~{s+CCp% z^MG~=0>Uw@wIj;3r6mJ0zc2rqD29sN$Xp-IZ1w%%Rnqy5oaT{Djj)HfL3KFOtg*MK)s+@b=&b zcdeAL02nJ3>ypK`@Rd!Z$NXF3SD5N>Q&r6^OE8U#o-E+VAC>@3$#`{7V89}-+-m=j zC%@-FMHIk4{bP=PlJSZ~F;;fAC|nMfd~R#p1cWU%;^G>kW zf6lNhF8G>XAgS@bw_Xh?6m!ED|J(F2*5#pg!!97XYnS5r69{gdOU*jY&7LCJg4IqR zeKVx+)%_#S3mI;q%E1!aTyfPUc@_N|M}}z_crj@yolnd<*CyaR9WWv`ljHu-*cZw4 zt3=p&WhoyEPmoRc9>c^bs(L4d=Ej~ zzU`a^mfPpMH>C$#h61daH ziu%$-`+P~4t;*sj6Md`6z1NZyjASX&n1<*z-?iU6h$l<7Q&f(3DL%QnvQR`c*?jYr z465T?C;E;#1+7!g_OegHT+$^zh2rzYf*d=$Bsx85nSAYm@AfD*OA@O_jmSw|(QIp! zq)3PZU8FZ8E&IAdsYEESxizu7Y8oB#KJ*p((@I-VKG-Af^(A9SGKcjO@VLEBHv!~W zRXIM^e7t8q*!Amx*4)@wrvhDkt=Mp?&<`A_H0AYjpJ@9kV9bV_u@YL*PH#Ykj+UO| zxs~=Nu1rkh)?Du5q6Fy6R&|{Ax)MeCo$A-Qq@|2^^6mT*`kw9myv83AeO4oNRDNy3 zG7Z9*(yp3z^X4v?Y7eIDf(!@FTpu>$>zt5BJE>|$zK@0MVjgv$UEX*sk}n^6L^Kx` zN?=GFiR;(Y1$t!&5U1PjHheQ=q+U-M4WrWi`HME>dS1)#e(cXdlJM-Gp@9jcFRc|k zB3>rCM@C=Wj5LXCu1YF66Wsf24kNaSJYfN5MRX3CCqjZ=QppeGVi7ss9fgEU9tTXD z2Q%(JEGiw31217qWI5ZXjibfcdxMxe!2HRDpXj-0>4^W3j-!&oJQWJ*xZ{B{IdUdUQ@1NkG@ z$hSY5zE2~o)Yk5-&YV$HG0o0rt&?Td9>5)XpXZli&vs##C%LnXEGNw!tsbo4xP>Nm zKE6!w!|p2JX4o%T>14@T%#h8tH0zq<*bZ;MZS~zH_1D|TsmsF&D=axpUwbii6$Q_# za|~l+#BTz>PG|DYYuk4^v}(ys5WG%A4Mimf%S`K1{-J|3X!(ue<2 z+uNg}(pA_^?d;pcy1f8Q-Li;^_08S>yx&1h!N9?PWkk)@Gfk`xArVc6$G}CZ3C#n0 zd}}s73uNmYW;r%X6J;jYkG~1AIQ)(9mS3A)SJcnciM0e?f#smj3E;iBT08c_8&a>+GL#)HdzZF+);)W=*Ptt8 zuTSnJ;+KQOa?I^}x8tV=qewtQ3~DxpezVGWtW!hKiP@2+V_-*X&pnnp^{5oJueFCd zQ{W>W@c0OK`RmpPTJ0tJuKE(M#w#~a`YiznPWSarY* zF)1I)QUttLfNw6?c@`;G1erxjFyg(TCE@sUYE?eAJDisAe9kD-M+WWHEacGKPbjRBB>42`x@_X8j@61azRp&@!p4I z?&B~4MObjHBzniq6AGty(153b52KIzj{fz_uU=1pnp=PLGvp_#poB- zJ+0JE*akAM_BRgwd_e^pXr|k$UnI)167-v-V7*Eo-m=YGtk+xcFs(lCZ|l~%u6UTI zv1C0WIwb@O>njF1YBzRKJj=Wa@r{uNEIv!4O=Ohj67}BLh~LOJPWa-!SQ!Ep#jWbc zI&&YuU*``q8kGI1NwA~)Gq`UH+G+AZ@NX@1dY3g4z~UzQ4m~0Nx!x{MI2~BKr_I2- z8C@|Ib-^F#)2l?B-ha(t_!+DWON9D~2^macV>v zaD8NvdtfNI$GfKY0d{_VlQ(xaK7B<_F~ooxv@Z*Z+#YaleOa~TR)>I1Cvs@PZS{E* z#*apRp+T-2r>Z_E-L5`+z2DudcDwF)hFyV9He{)(OcuQd>oO6h6xpPUqhz-U`3~jr zzbLNndRd-Um~QNwMASsgM5H4LLcEg$DNChg4@^iU_{+->^=g69EGLNjKt^+%3j5!_ zxu+b9c$`$~X(FXJ4;P9)1m#{$dRwPpC98;XGS0(TwUm$0GC-;0@NhF2^~V3F1i2F> zdOVs4pYKVyvBK<8av@=2JA5IsYf8g)6Ek<~aJs<%beQyNPol2ieJY?mX;Y2vmaNS+ z2JH6b1WrYfj%!qP1+y{Qrg*cI`HaAMLFi$9m!tp(b86LfJuB9TKctD-!!zuMSw~1N z#}k>rAE|CY#Zo2iVZa2czy@!_I?mZBg~C^^e~v3+{fGt0FCBV5#IAq(8ObKFvi&JH z9&$2M8yaxDX;$g;Nv>`>B(;EgPxmpA5z|&&BT$YG&Q?;-U3Fs)?x=pG_$rIO2M691 z26{BB1>uTXj_d9Xb8awni;nnou?hQmIAC;4;^~rysaa>Rz8_Y)(_McK!2+FGKIAt^ z?;Y_E)>A~j6RI{1S3dgyhJqg6=0@fvAZIMI7`v#}8!1Yo4AZ+g1U4HD2TIQBZMw@=ixcf%e$tP67VU{P7CcRIF&UKzSNlQEy>S z3{UW2&a8HZ+%`T7-nIX@c;>9RcZ5TP$!q zG@!}P4z*IqlPXG0wh!nw9X7o>^r7xu$p4k-Knu!aAn^28T zn?W)v^OrCvn|eGD=f{UEyKd`T8in3w-{E@%(PteeN*w<*8AKdi+_715ulS1@h+m&eF(mb zc0GjWnp_zVLZftBv)zPKfE$o!chbIUdYlfQ4YM;nC%6h@`fRJd#PeW~`$c+6HuFKS zo5vhs9uJc`4Dd{eK^8nr3S?ann%OjorPHw_ib!pK| zWN9e1hEGVzT0LP5Iqg~V2A|@d9L@y&?tOQ{E77+%al#w;SJKKIe&^0}WZN9Np_U=gvUOgOjZVTSWqawHy8(arjOTinrP ztoTI~f6k)*sa&eS<$JxkFtFY1x993;p*OvljfkO08C3c(W5Oi9mZqr$p1Y5?m8yuV zCLnKpIe{{v8IAIXliFP8C-KcmfjWiEWM4wACHuK+-23@DzIU@hayE!-;oQ>YgFWfs zQD%l}y()An$9X1*dPz8SxUT%bcXr+iu>VSBbkgzfU-+ z(sZ3HWD(V(uPFQ;xw|m@<%=sUQzcb{94A&hdv)n+|J=3b`ddRQ=Ied8-6}`5T*_P7 zCQT1Us;4Ka#wj@)@C>uu*apxBj3?nGsgg5#of-RrZ>wraJ_{g@Vk`}R-iP?AmhG*H z^qI06Zw0*#Q=cjFlQ*AorBhO zuv&zwb!N&UCyUNrs_m9X%7{f;EJplFYe52>Z#5e}#|Kp1oqnZbk3kZvX(NlI$S0^1 zy75sGsgow!eyk!kriw?nf?!?7Z~rl$Lthsy11Q;IoA{b(9h)7CSR+I(zo3GzikI~f zIJ9K=>Nz(*3eeCXu4_(K-g-6G+>!V?vf8`bU!N09H63nsZS#a~$e7R{Mft^B&Kr0_B{tF2!sW{?K^C~fw zI{Azhx|j0hpEm0?qzI=8cSYm+#f2mX{(@rSy$uo^SdclaC!^{7Qtt`t*j|uS2_a7A zX7LMQT8If-^Pf}_;_|@FbNYB#syrgoI1nmULEkUfnVNIKMnG7{G3}6wrJov8QJZ7k z86`ySDEDegrR5O+rQdEa@XfGSCT#nN`S@syfiyqVCmougX~s?DBc9esDw8QhhABSu zmk$@c(ShA~$;G#v_3DfRs3^X(V@ai@LkPMbb1AOC*XYl_ewoGZKjbm&g)1ezsC*3l zL8S6B!LHn2-NgEP%2B{YfWQzIL*E^~>q$urr?)s5&8668)ImLU+*yw^J_B1lvw&E= zK7XkHftaOO>DLwzOQjbl*Tk5o=nXKY_$@Xp0%};1pHZ3Lgtiw;9@|tpZslU2ZDs@E z$UUA-W2N&T*w)xbF^+!BvaGhzc$*72%A5wc(D*jAW~@Gnl(oBl=~#L}eBc*;kgl;HT&=O&&SF(h|#p{xP_oW{;l+Zh=_C{L!!HS1|e@`gu=w>h6 z#zrT(z_K(*QA~TtB76PQ^zsxOP3i}cb@f%=8?B9W(Vj?XFRfk&mTJoUfTEj7u8lLt z=i4Ueuy&|asy5;@5KgU=LDmu`3Dry_J{|DmU!2}q^i~1I&UZ*=U+`C=ZF!iq*A!;e zX7G&`eAQWwzuw2%3g+;ds!ym+=dOL++2u1#)@4uob3CAIjmVRwhJ9f%l!$1$=Kf%T zh63%B0{)_aE);6#sUf`7)GSr=#!H6*i9fx4pByJCC84}lybudN@@Y$3+skw=+*L4b zyH7ZHYY0?feVh80O$JpO9%{;hh;KF(RMu(|cyO%0=sB47QZXD_JC(|OCA zan}UZ6!f|?svqJcqn?JUZ{+-1t%$6(v)Ovon(eW@`IPj!HX^GBdtKhr=o>Y4-4gzC3ykKnyp4V;R z+knZNAF)13tM<#u>u?E1eqEl5BWrXF*9~12%h(Mji{T?+PF>^ zV^=Hz=yCLz$t~*~rqh=0-mK9}+^+#To#${)X(YahURI?XUBfnVEU%D`gzc4TtRQ%W z9vkZDRM)jB0{c`}R=bRoz? z;XFsa6wxu&H8!li%h%{|L*^rce8D9Rp?@+>jMJp!ZitSn47Nb9xSVR`T5aCQNZ7=( zN_RuoCFor_5YX1VTwu3JeyrLhYK%KTK%#;7VZ$qSdk3rpa25vQ)>OgBXVV_K&A zJULaSfohW9d8P88$4b$^dBA^olCdp}UG(BK4bl;@1WtX(y9sdK-^IvbY?d7Ukf*Eo zLmfHre3S0%J77#OH5H?)2VEAWsy-YdiG!>v!T#*CAd^M$9l#oVt>eHtdPg;KP5Q~9 zDFqkDb!8|Dk1|4W?X%A3Z(QkiesVgxR`sSObbSaa7he`yW5~fz(VMIEW_vV!Wcqn# zglbc&&#}!qnHb;-5+L?>%UgO*BawMkkFIDC$C!3XDw`R73I58W!1?l&ip%IcBe}7V zWMnh=+XenMG}Tiu!`M9%o|EXPVQhjVvs+TBkOHOo+JJs2WE@UTKa^56UZE|mbaGWi zu-B%YPBwp>MB(HLFf^P6G%#xTi%}>+$ISrzcWs=&?g1csZzKPMShKxQ8{qJHkCT}cx zWn;v=Bo%UWMgo>|tzGZ7`TC&hAo^Q-&pqGRi4*_6pTp>B|4l%t~g@8%&cFKp8wu zhV}zbtZoOMaXOi-Yt?O_h0h@yh_E`Y=OpGSBIIk=dT>KRE z4o{R&a0$7w)HfVQ{Qei>Bk9Q>;Ja zs=lEtHC{g(CC?6Xz;&5zFN8u+W)nNV;e z_@l!pd@_dqyb*uqXPP|9D+sH;g^n1UrKu|mnsDqhilnDnba}w7W~Q+;*M;dG@#|DC z`^Kho(Q%cZpRdM7;$(E%UK*q`jY8$_1-h&mDe9+FbF>1!sUZoryvSH~DqdkTKHu18U@H8(xU zG=m;pI#0J&7bQI;meX^k8roP#r+Sh6*n8#RVif)!n;;pxXz{!N_$vi}amJLb;*Ws# z03*U~hUXeTNyZb?Efbg31W8@*Jh+S{*1iqQHy zu2RIyNPcXEIb^V9w{r9epF*EhpW$x4d0&;c&$+L!^+S*=Ep@~mLhCdPthQGxa`pR9Qom(2z(om&53NrdjJsO}ucbu4=O-D&VHx?%> z+uTkeTo1{)F+k$ko%`txT(vXfZDQ6fOK`BvS7Q#2Fps0ePXGd9L z+o4wi1r(@bQ*5Vm&_fYbG4~WvOi)P-(C`rxXTH9T7By+|Rx`=}JFjJgp8O}TJkC}?-+~vEKsAR+ffh`;5 z=N-2*1Ao45$H=!Cx!!!*fT@beuPaaqPL*qRaCJQlW#pkNfO1%&MbkQ05KL|sa9PD6 zBOd&W35b-`s@P4^tAUy5Uul$!AR0xt7>p($yab{ciBv|_4n}wxLE?fk-iwl+XH?dV zIxZ}zFt1K`f9PQ~K6t0@JMoO3d+mb$=rHq{8GT^^HNdrMOVBRwz>~l`EwK^iM865o zP!66{hDObTWPNjM4F(Q8?0bVf!7|IhxNXD}_^=TX<|p&9TU_?9W}IV+`$$}%s81j2 z)*G))GHaDF0|h~X^N3*_(iQd<4xpSdoQe?KV;I!lV1bGn_Ntk8czx}|4Z4f*N(mgE zoHOm`y;3pd7clbX3ZtMfE>pHY_V2||aLxz3{rsB;7zV=_-uV&60KEPA%t&$3UAA_< zu$>R%7IL}qeEe*cH-Umxyw^ljI^3)D)PPPgBI{Cumj4JaL}4b9JzAd3*V)T=DTJV%ED4L^%p(X}3^FEe4d`3I{>^_f zJQ_(mM2%x$LHHE!u*hJ5+ddrjvF+S+Iec$)YJ6qN%3#6zxA^EycjkU{k{Fg~N#n>x ztNTF!06+jqL_t(6b*t}OpT2n&dIY}-65Yup!3e5podDCiCzvzmA*mau!)u)P!4+ZD zjo(YPC^L9V0u#LZgJ1;CzL_I-u{%yk_!P%786#-7xk~Myr=pwSl(}9E{Dqd_pR1iZ z&%EVVPj>6cY@;%-V1f+(p@+O$QJ@E1;tcMlEkvA)s+6`!MH$2vab~JnG1dE-!KqdrKlP zEGU*X9QBN7ZjcIker5_Ddl}c_G@TL0=cxG0Q~JFw<%KYq!GTr8|2&r?UpVv1%sB4> z{62~FZhg1YLm(2J1b&=KHiEec5_dM@)0|zSM|%&F!?zyZ|A2wz$R%)U;N{mp_hs~N zyzGnsBY6=js%1PgUiAK#<%qiI05v0dvq81Kk^AyeDsnQM?oP7AaMe zP^o`{1Qr#B4p$j3ym`4z9zsXUGX(5TeV-AkJq|oa2#z@Lv=Mh!L2QZ8_3(W25x4c7 zRqI;^OMqg6;-|Bmrz}N@Fx9L@{ofW{DoXoVF$Ul_yB}S2OM0;zOtx6St44X@QZ?5uG0F`3e*>OBKaK1n zAXq}c9X;q=Z&{D^O$V`o*bG4l-m5qmDAVM9B}!H&N#soMF3V*K5=@?%B(o)Rc2t-I zRC9xi!W%k%8Cf$+Kt7#WMs`x@K*wldE!_?jXRJgE77x)AD5+u6mHu*va ze2{SvUaDlh1l@A-h410DFtWu zGP0M-g)($ln9Q(y%6O0jl$XMgkujb4QIAfY11^lLFuN#CLJ2`nw#t|dcX*Q95)!~^j?AH{ve>{_+_Y+Z$(89f6TZAsTcZ{SZc%wa^iM*G7GvZlJBT5h~#A ztr@0Bpb{}A|#6hxeVORnP2WT#mm9`F(> zra~P$E5qL1xyAOm@y2};5Onq#Vx%n@n6gqrlHk$JI3;JK9rA2(a)9wCkLya;fWAk^ z$|Ssj$^?%D;^?AtDxKHl8UO6OE68kGH>0ko@{O$Wdyd&|l$q~-q&A%Of;KxjQfk59?bsjSt4VW13 zCO7&an8!OeNO+q3w4}wF{Pa<%6NV4w%we|wO@}!9q|@#y`@Gc0KJis=+UI4{d+Z?r zAI9;=Lsm4 zGzpU){Ji=C>uMaP@QNhe>kI0o)XiP#f*08wII+SRqm`fa@}M_8jHg;0?^Wlu@2Z2O z&J)%#M&SNU{#)0PWHA92yUu?kKfH{;H+}16|JGUjk8(NBF&iKLE2Z-yzXm!a5wo)q zTXz#VR$%7nF=(5#WgdDf;*T>v$?fQgyb{U*8M{0~hvfNlD=ORDst4(q{J_)&-T&G% z`tFe)-eJb5>^USN_Swxm>hJ^fzQS0s;hBpXDk{~~Jr(dnoPCUI-f(9A3VT?8+52T3 zc#ihya@XTbA{p2Bukub;3eIxyTgs#WS9?3p4a`aKC8!Hr4tyq z#2Ml2yz6V7edZ;>$1FPRCci@HdQOUsfPTl;$U{Gbc(s7@-X!B2`_D+!AqRNK3XaT= zf?nWqhsTV?5a~BvxqqmmtsXsZ_QyrgAs_j^U5rn|)@Njof!JS*U=sv^GiwBUx-SR4E<489K(S z;If-33ne6vb~Y9B3WG(t2kgDw02SVM22fXV)a(EE3#BB3I3h@mO zd4pNT*D{)M3ERb{_RKG-`x@`)A{M!`xmW|sOW?t#3*=+_G9sEnPNSDZKgGt!26X8f z^a2cA6nHuI{3^YmAvqKL=g?W*oA>qEeS^+@A>v|j?9UtSBMxAE=f(C7m-AkwylPc= zEAYeXwXbd4b^O_T-odyENFs!6x&}o$hQGXGih&rvI!VXq*>h3Gn{LuWUue^Vqi5j1 zpXl$7^yzQt=u9nwXXwP%wirQ{A~K`c3GO?0p8JTO*?sRHIivTycI*4tz|VXc-$G@M zEVJ=`V$`7*ScHsj_|04G-rQo&J}GRl^PS^-ReQGRp)YP^pKox!=k#sP_qTRFI!)Kk z_p|KNY$TH}p$g)&8|k*j1}@=!Yv-;G@G1uEN5+nP#SQns~xo<(0vrqUljPGM~7U7-S z&{@md?9<}h0gC-?q;p9bx{#6JrS-gzE@*J+;GM}fp~FuCEeDq@v0^WN7RE990a|Fe(g28Qqz`pEq1ec>rV00=RtpeBPF%x5iw;idL`{2*=rwI^K zkbJFQGnYiOeXRa|bt8603%dGIWg$Na&v{v3lr{Z{?xwo@) z@>E)20O4=G_HAEwX4bQJ1FfwWj;}Dwd5Jm4m^mmQN`{=rIaR?HEH+1zZ5YfIk(HZY!CMlgFgLELIsS-+4!8CHIL+9uy zDqCcZITeE$H!ZiD^7TMiJ5s_9*$}W!^+_30CEkUW{l-F!*>QxzU(u$ zJ?GCi|6oVXy-tg&bN}imaz}jggX_Mtdt5F{4lqKAPN+#LttYLE1P9XgVsOb)a*@VZ zvJqBhp!x`sWvC1b7BZuEe-jmQrOHq8?lr0~2AJ(KM{+eq2U`(Bw|RS(LUW8eqXTE% z+#c-=Yv;&q$9{YJ=X36N9>sIsa=skQtRv0AI|-0bY>64a%!am+09IK=0xs*Kn}8r$ zBFZ}<809p_=PEERuo+QgwjWcdHp(#vmucQPk!C(V+gybU^a5NkeJ~uEx%}3RPrraU)i@xG zF*HfW&RO*dc*f{=lcaIFNp51D%MpL04X)IwYwMx-eGY zFAJ*VF2gr;<^i57%+&9mpwf;m02n&uP2mVeHFTw$@e8Ajm|4^eV;&tN(-LPq!0?@h zKh5b_TEI!gk+2!=Yy+7|w+p;v@W3i`g5o|5jR2MDVelTcnc%#)%)vVW1nU<}CkZMz zc*mjPoR!c@5W~Pl03y0lsevJ8Wmi?JdCvhVd7D&@<1P6j$|IUY%Oj!%bR3O=5rD$Qi44-do=e|8z0+)PK#FK+V>N0x)o z48f=9>;#<#R3i2;3XS3in}2Wo<`hTpw^i_)tX^Bs?!8ei<@R)&OaGLQS#S_uC1C4C zUi-jt7^f^Ty`nChz$GfR9KpqYoCGTJIth$MyQmE3{W&8xnwQ@tmZCV z+{kE)q@VF^+e-9_;<%>i$jL5GYm`Lx72apG!n=NQa)`4)h-oTw)60Fp9ezk{P$3D= zja8SFVAR|tsu*K*PQ1wv90{0M(#twGEEzaCJjfUjUZ{C9Jgwr@ssq=-^QQo0_18JU zn582ri!+#CnxnHFn;CD)J42@FoZ;1IT0mZB5)`sjxzxBBCmH>0Qoz=;&dDf2qe0+u z2Ay02TpA(-^#Y7|LhgSOxXjGt;4)%xL61f0ta0oCdw_vv9jd{Sb8e%_HTl2p*Vm8b z1a0j`{X6xjUxl9)Hg&zs<4KcXsQP4Jilha+sA=rlbrB63x)-GEr0jXuiKiM_Z;mAnOzjIXg5oza{G%5V7i4GX>V z4|XKGIb#Vw#(9~XjuY(85CjS!Cj;0y_S%V`b~%sXVK#AKc@BNVJ8%+=`E`IKg)VIRBfrwwF`Ku}?>?cGH0u<-L4CoL4%O z35spFr%5|D<|#z?+2pmfqaT(`KO}v;pOo>0?abVVZ>==Jfscbb!xLW){&J^UXgN!|fF#i$kN>}~gnzV4vnJV$4%bi#UR&c8f8PIo2muIUNTJ<0D- zb@t8@x0hfR`tnA3X8SbK%F&d4?_9Tmi`7rQ^Iy($I63mc%d`ZG-Gr08?+1C+$N8d` z1i1wshC9Inw(ux+43xVH*mquP{cp`)aqKhxPB?UieFjbV;knzPv)r=)2BW?*nRWbt z-DAn@x8nym9$4Z_^3L06yoXU(esDwwF&(y>t2=lX3Y|(8oP=16Ox6x&HmA!bFD%l% z&3LQ?_TVBkMY|X>gbw^O*K~q+Je(g~W=uNtj*aZljo}NV*+{n~;|D5{6UbwyBNNeU z9Uk$;IrzbB5k_nlQT#FA@+c2S338 zK_n5VW?W$35bt&&xVh=zJ<4y|tU9_Od;u#z$ z*0!5W4l){+_i+wg>QM)9n!q8?BKKEj|3CKLGf1}Ny6^m#>FTa(@4b88n|b3MW&jK< zLC`w@1i4F*5vy43iYvx$?0(Ugjo6JKrI08}q*kI6Ns%BW0i+}V0thn>W1gMoZF}!+ zbyt_!-^p9mUEN);pBV#yy7#^As;;_uGxL8;o;-Q-BsTZCcXXPv71Lz|vl7r#wqG5m zTJ z2UF^W&z9KPXuHW8I)iH6jf|PC0);FsVStPji|o|tJ$FHGCvauXl#!yCg|zYm>N-Vg zy5MS^thJBb_wifhkwDL9@j^raoKlIK` z@G<@3V*Q9lE{Zg8)JCnk8p_p33g-D|pI5AFTFuC8uz5d=^VK>^riG4`X5E}vR0V-O z^8_6wGo$zd+R-m8wUu=0(DNTs+1^=ok_vT&pog+{QZ{Q!moJPFurh;F+ZJS5G{-)R zU@OOv$ZnO=U7CCDLyGR2Qril_Uo8j7DrIz7 zb#$obeC~3NA+QV{X3s~kmnzE{PqO?nJYxJ}It)7@uW>mpBefHdz-KHhdgVCB6+Roe zTRAJpk7ep`dMTV%Y!&*AkqH3$C2V!r9A2)jEd9uE(svR1*^V)D0HV_u*{RcW_JZD8 z9an6sl;9+ERplY=;V6QiYo$N)v-ljR)Iu`ya*xraAA-r3-rLJ#v6+EVP^AEkfi^(GmMqHHFpHCTGHp5f;bSs|5wdZa5qgQV~d<5Y6oj@>tH>GAlD4mTVb#Y>0u>2$`wb;>uKZv7yMK+srv< zk)L}%e^^gEcU?EW^;dfJt!W}0Iq(hN4Zi0s%xIix6B8WuIBh40lIAEMqGq{|d*9P5 z>#fYbY=1NzHRnMZK_iQ@n>e@#bK2rAlOjB!=9osVi2kC0l`;KdAU)t^ldCk72oqSV z&kkDNR38uZA|rD{E)_UI25l5uhTRdtl|Btznbx2DK8EuJ@|@xnPcp#st&QpVnjJDw{QgFbYa=l9dqA;GEsoFL=!cIkyYV6dzG4 zNer%ZvPCsDo%-a58##MtK{x*DYx?W6cR2ebNaSHT11>3So@~=E{U5tk#l$md&){(m z)=iDvAn1GAN8_P&x-)5E&`HBgMfArTZ>ZO-T=>i)6*uu2_T~mBFo~tCMW+@%taDxmt~91Wqb8yh?IBOk3Ng(4Ax#%G+ZWPCQpVpJyHppzeN*B5_- zvnR6p+IC5qZcK0(_sFGJG;u}x-j~y=?bwsWucY;?r>Qo#fnAg z7rcx<1;2Q=ADVGs=^okLhNFo&9}5aNXWb6ndp(=B+E~EEAdNm-O}DCVqFr4$*-q{y z4F!ILp4-rm;06(p61D?YP?^Mkmpq=9=^VW8<(uzQ&G>_!21uX^*FajFv3UGdV1A zJe$SDWENp{(Tnh+*;s~T{ZxWrm=V4#14J@n>=&`~g^eXr)mRArlP4ED=bT#(PB7JlzNOtIG?klqa zJUtJ+P2pu}U@{Z19ZxLK*=IQieTw*r{iUz#;?-fjI!7wOId&4RHtBJ8Pk!OoyOlz2Ey|k56;SuNR^J6X zYrb7}8#{b5wDa1v5&hBcU(!_;feW{j008u7e3_lpFpkx0m+7;xjSobamX%v%IQ;p2 z9Ur`QIaHu;06JLzu3oYJUDUNcc(NcJy#B3mHkL){x(R;nQ9Hc4aT$KFYz2JkVAf>FjKu0O_?;yVN_u+yfiu zv3)pM5%8WnxN2NJyIe!ewjxzr@q`Ahj_8el@?Ca~PrHLn z_8!Z-K7cEIE6UnE9xw0(|D8Ob!|ePTGYV{h%mU)l1ajEP*`;eYK(XM~=lLViw_G{|e+xibL z-_$?*ZzI@SWD$VHjJ`xr9Fq;hLOkw>I4PXIu=ESzNiDlIdYQa7`w5wi4tsVLhEA=brag-Fc1v?9| z*D{=YR>}OJiL-0Q1Eis2r^D1#m#(q1uI|tgJ{J1onqm~%jf{au`i*508P@WVMeu$$kq3Pc%*($Jym3a3wpI4c$(6IK}gwDh3x z3%l*-@GC9dlV7aoAjHCVj?ZQ(x44M@-+|AZZZP^0RFooc;oSK?=yz2;lhDuf5`9_M zOW24O_+Y`JYou?s#ov{gA@!e`)X>?qzR6hAuu0ThcQks%`gdFZibbvmZ)dhg#^2@_hJBI*d|4nEF`LL(mZPB& zjN!&|d+S|R7F&lxfh4;*nX8^T%}%gCx~kr3c2^aop9T98XcD&+kU9Co)}TH+11(}7 z+GX;A{PE&;-t}$1Mv|;O5 z01l5_Go7Es1(%d}tz)tdN}AI6oAs-kZI!dVb|~n7_1`f9o+h{p0A{e;3g{|_ z+VrzirLQVZcSa9U#x9)& z(J*FA;~jDJn3Azb#5B&{bRAJF>~z>&*{>dUT`ZUbhjV_yp+?RpYF1Z!M7!%*Zo0uy z)kHek+{gNNUzgp-&9-A`%?`|E^*&Wk+MXb}f&+M>$f<8TgQ9g6YI=IFPCnPEt}2Wk zyk147q-bZt(mxQ5l8oX+pg*zHBoWxRh=juAz-euxh_%=Z4~tj{6QvzOxmzSg8mw2@ z<&$P|pC&43Zi*HEU?UE7ODor*bZ1aU+v>D?wjKu<2d(31H^pq1J#!t;Fo#jvnMXLz z9iBw_8J^}Kx9AhIZQQ~M;Mh4pZboVcIJ+~CXa`1sorSi7!Dxq^r)<%a=I7(+1_J8~ zALf7VwZ(p0!@M6{tqc@IMld;QX)IA)gtQmqoO^NghAxa@fQ33#*|tZKx<-{@AeOO} z*jOyvwJcuNLz|r97$lWZtfWx?%pp!6UH|9@hG%~N5-4*^&0%MH;g%UGQ0q-9CG&`qdAgEv;JpoGTP=QZYNny4#D?UBv?Bb#^N;KPIb<5h3?$ z9T$g9t|Q(Jc9Xl-KhAydK(FvAbjq-m+4ydSe76}U?e%q}Q-S}(oM+%hOxGr(lSNxY z(`n9CnX1-Uyo(e#0i8P0$c`pbVhmy!GjTH>$u-jr!VG-&ndgMDg)y7xB5%c<_fSU; z|6S-6qI)NMNO3}r`Dx_QoHq81Y}FgR!U3Uh0tefYZd{#Jq^n3D+0%%gnjjxs zHWsUfonyB~hIH#PXKGEFA=Sx2;`@-J22yll;8P4Zv!!!n@CdWHrj7P&{ybOa-MrEW zd#H1!A)oYTou3L-W=^V{++yqpaONe@ODQG*w(}yvByNSzS1_J3IMvC7g1r(D{c-^N0w=jVuMvvH05PN9`KcBqW8zR(Q4s?==U}8!QQBt;K^|evcJ=P+(kcTBA zqHbJ)e>yYTzpsg5VnNl6)060b+ijeG8H<<<+IeMeAr0qA8r_6SbGTZ^tc*q4<@De> zo^kMGTyg3C49|Q$NQ*KU;5LyrJ!>g~qb$Ue$a2 zI`ElAuc3cH1bN~Y%}rUv{4BUIju|f4+*;1!Qk`j23f;NClhg-e)2c5SXUDNk9x3S9 z+<1{^Vi(vMYo&~1MT}<_4V|>fGM(C~e_?2Dk*ju&gU2rxjm?kiAK18PUB>pnB13QTAyNTdB~|J-uc2p%zFn#YH_ioJo6qufDe1Rj z(~7Q*Xk}tZy#rhM8cg8lFlmN^(7@>Ec#~ICQr729{a*i)?~M=b#qP~s0iF@er(cZz zhrFn57j%?IzfI50J%DGLeh(3CXy=$k+385wF}t!!-($RPo}2Y6J04*Zgd>$|AlH3& zSB$X_?0YzyXNGdvjFv9YI+fq_^+)XV#`WJ8u2>Wzf_{NBzQ$JBO-m}OCm(4bV1o0g zI6G*Kvp>vc&Rw~2)AWFWll#VAJv_6Y!D5-HxJs;)ySCY^N| zl+hT)1Pi9+FTrbymkgj8yZUtD~@e9 zP_Uhzz3XJ1S{)V!S{7$#pRT|6u(Gc=E^DRPX*dvVXFqy3VCjmGcXzfBxG(Ip8tKEMOeA;_6a*1zR( z9KSpC&)cyBMjH*^`JMF{O4zw>aU4~S&(;{r>*IR*6nsVohJjHQ#TJNi-^6F8>y0Lq zcYQQ@ps&b7g!xBJ6KBbGvJ;&Mh)GfePtliIycZ06n`JuNIy*lM?Tx-()V0gAindAz z54W&rmQZ;=k@h&?!st(rZLLlVq5wA{jwbr;EVK#ru$$C)#1OZ+sh#iWQg@jx=dpJl z7KV`Z-FwYG*nMyE;8L;imD%vlE@ufZ)r{j9x!zmW%Yp#o%!(0;G+f2(p2G3Gr<2`G zIB$~7SC=@?Axx%`a?VC-E@su6a;N*Ji6vkM8<>UIsT#;|-sksj=$qFkNtMj=YSF)r z9(lrPEws<919s(o<=JQ1kBRgSvJ)o80&F|uW*EJ7d2m42FZJri4D;NQJ*4nFLW;LK zb_#GW4>F|kFSo0O53)67-+2h-eVAY5UB7qTa{WVQvi-Er+~=E~z9D}m`$WdlUuc7z znEY94=>+n(%1_+JO!RopJ~O3da+_an&76+>bK`VgInymRk4xp`kHDN%X$?DxN0Gll zEsafRc%YCT%-Uzjy)AaySyS=pDdyAcyukLFXD8uupaI(^qe>Qbo@y;t7xRx@q|UA( zMf0@TXVAnX*WvHvfqD4!qOM$;Q?w`X&{j$FE-PvNigXHj#nxIS z($_Lxn$C6s6($?}xOpm-7;c+zAyn4V=Q~_XN6~g?zc@U3hFg`z4ua3h;IlT4MIaZU zruyMC7C>&!G5$yQt9o}G=UmpQg1Su4yZ$(uvY-quD|xsqEV9cLTtW_)Mm^P1tPaDa z-_AfB(+u{RjWga;YmfEV1&+DEehWDS}(x;yj}OO4tIt!x0ufljAz`#!db0^=b8x zF(kox%@O!!m9tHgri-!9LdAnD#&A9@XHJe06lc8R6a(Y28{aV!ZQc>c`HxKBXZz{o zHTRc&nEfL6efBo*B|E<7>}v~3ij`oMnGPofnpJ9x^f~^_J;UZ3b_GN1;*VixwU*;& zV{w?d&qNPrNMrxZn~dINTyceW_+>j|3^SucrO~03Y)NA`G|GWqx1fV%k+CB=QqUlc zKeMGZq2?CoP)Evq+FXhqwv0W$6mQemw4D!DrEbnU99@~$4frLqgxjk6S;Uc!E{Nz=k|6#1)j^QekcgPv^WtXt-R-SARXcwCG0KS}?krXLp9!mFbT4Fnw)$iFtS&{hu)V z!+eVTc;h2Jv~BIAf1Gr0^TY~kXG>IV+5T11zXxuo^@qX90?I5CLYg^fs<{R~_qb}H z%^W+R%qA#r;r!x*2X*9lGv}Uh)}Yg4d}Tfbv+J05rJ!FZ(wn6pc1$7qu{dmVxPaO7 zPVab7d1Iy5mOStZzcqgW<6{obR1s~+>G`bvxthh(e8ILmKIPhpo^X6ddi$bYQp6L8 zGd!os0__a2U~W6>E6EOK{_70-Io(XAkID&$%e=#dv*X$fmqR)VE=|b$D*D*Q`mC7q zY7A@($yJoCC4jX;yEwZwvoz_l=8P~An_QxOs8<`#{L4pRD*~_+_QGARA{1c-k$EMR z&B|09#;~g=Z3}rVwX9~&$*4hNl_jF?VA{uCs8$6ImGRd&h!f|>B+4g_BC){+z33F1 zQ&+~lZaa2^DmaYzsZ$u@Jnzc)dNn*Uhoa=r)~rSQpge1xF@wyMN`}RO$`%f8{z#ju zOGqE|#yjq?^8RJ)VFp2yBqvNL>|nTz$R~ChwAJgG$7^uvEUNd-OB(1OBi}FzoymH@ zwtBZU>4|6BI3O{usWb0rXkc8uEY2|oIU~yI-|4dc+o+QXl`%=>oPf4!J^KXxCuP9Z zZ(k=J*epg5gAl2@x*j1)X%}gFDp}n#IooOi)Xlsied2u&eokp5*#v!OZX+;c(Fba?8hUJD1^U1`j{{M>*jD;KxPz(kGEG zzPzPYCqCAwa?*zlf9o2D5l?H1S-(5mz?z8zKh1sBEj2p!VVoZXE<(rR!V*~4kK@GhR^I=92{h9 z-5wlZi}?)s_M3P<{VvN`zi*P0c!nea-~zu}`>R?#+)6inAEY(j1;qDtIo^O@+@Z3p zB$tz-Zr@W!R2#*CcIym-%eZckK5QPl$k@xC3s++RnzxC8tEokMpFFHia^u#|-iA*` z^zzkdQuwhWD$9??rH(P(0aUa8W=oJaSeN&3UN4WuCm;uxvyYSxoaw=ij$cXaRP;P5+ZETprz{nRnGb(1>m z%9%lpPZ1GHMFa@bQfgs@w@JE*w{0J{L_%q6XI-lr4?XI&bBcCOPUtde2k<#>Z>Q0Z zbcae;v4aIUV7E(!I7bONA09M4$1_Xe-2dCKbMO!4=!1X$Gn9uwuQQ+&XK z)Z{6ff3cIN*KE~Pq3vc(VQ;kYzlLvQ#f$DOZuu4-t?@XAl~SUDMAX4B!TaT%4c#b- zsRQv*9(Dt!$tma8)qJ)-ZEX-d5xXyjB*oqnbHV)*S!X0xi(C|58qH0Na?yR)yl7di zK9Lg6L|hUpjJ^BbTk~250s=et z)a|`8H>e)MBWw1=oPwMz4o%zTnZkHh_dL47TIYwFmoJOl-LNvM!gwxf7d}aQo>vz! zOn314!K88xi=FnHd3D4>9;CGu65|RpkJiR6?nji?FmsGoPG~c|;yB4=7k*rl719Lf zCo?IwlcykUIqZQZR_~Ao>Q*6OA@LKh(}tgSiq3`eSX}uxC)H>D2_*}5B)xgN%A>jh zMk8-mNut>)qs6Z9prDU*Bc5iGb^E~96j|>rT1swrDV&M+TQJ{Wq^mvbU@1SDd9?MgRMcIqNe{WszB~7wP#`cV7kDJ`+mZqbAq-Kc;@ro)`FL$NoA^Mq4KiDVux@i zOm|nCoH^=sEE5rR2Eq)-~dRDN`(36p^qvpac8Q889cU}eVRM;ZQs3S>dx6AOi^1| zc%4P@U9i{+Qsh|GZ1zSZ{S(f;SsY>9q??ZSp*-%?-y} zXPVyacVhDZdW$Xj-(1p`YKKu>zd^M{7uwOrsl5CR8fp@nk2Ze2Hy@*K$MMJJ*z;rH@4zSi3{$5fjnJ zoz7oUC-i0->y1=|zpcr}`|dH1Zf?HGHQg2*G0hD8BmG44oxqPZqx((ib_WwYv{0MO z>ZPTo-w2n;KdJt3WEIAxBnoSh+%la?O)~7xkX3$vBV>YiH><4H$V1`xQ$so5ais2o z;kf34=3?n!fcf67_-Dz?x6`gFT)cH2(VPKZR@;CxJ7#)#I|vIaryv;r%K_G~4qu^f_*~>kl1Yh@TUU z0vBZ1Hfe78S8-Mu_OI?cmk%3c+0U=2@<2#$Kw{l7%{%TKpcKt7GGzTi zAYZS8mDS+3UZSnw_p;zvH!z!jqDb!u`>p~sqkXm!q8NLO8_yBr7Bc1%%I0V4m8#O& zFv0O6)t}wa?4|Kb0n8w7ThZm5t!qdwwnSR1v$8N>esqOHD|1#wbZur<|8=lb>a2u^ zz`1?2S}@F(9YlG@j(+kw#_ZK8aB0Jb0$8XgcO{G@xh@Ccf@-NkocJynWuNt4>t{Ug zZD0!kCaH){IlZjvp7KAVlpvh76T_8g@7_1K?2B8lE~;w1C#KBdlGC(EWJr*pFDB~ zsAAWCi{?=PIRe*PR(_wYRr!p@md!E%7EZ4mU1%Afi;sKZWGr9x-8>B3!L>7i$D{dN zq|`-0pv9QrJx*@D9s7ZtxeokRQ!mnHJ__3h=}XBu_DO$HsnFbmHhV$-qcSl;<`pQx zTLN}~^TVRJ`Q=2n>ButiB*C`1c}&22=dbWZ9G3lN!pQ+bcI~F+3Om>?Y2JhPpuTha zh_B1KGuT9MOFWp;VoSlKFl+1mye?l`zW=pQXAm1~$5_<-RZ3kgr$Dk?V@rQ(Sdj=S zNaPVB8XKEys1Vi7Q{;@CZr)EmaBHYK)s(a?ww(kLm^ml7Ce7ffeT2m@73Xt?d#6-|i>G$m5{DmD`RGQaudmrrW-K_3+)}V-cR2PAj*U`e{Z~u~7jj_4JlE(ag zik}U&0gv_n=^Ov^M;-Unzl)3iPo3W%u)tb zrtP8^EsQ@Ni2m1voY{T%|NmM5|EGz<4Hf&GKisy3)p7~N%JPy9td0oU>8@qcyVo$Q z^3Q3Nza5Gss4if7JjXlzkLFeJPB#BTgP&IFjm?*2!Vf;@G+0`*j=nzo+IsR2XRH7X zJ7e9dpoiQUo`C-;di-y;N``^v1|58}rqRS#C}svh`%_fm@Pij z1J(a>&Hu?Aa7?to9x0p47>)u>ES_2?feVHP2-ms)^nvKqf7);Vvpcgtq6Nm`S+pVP z z5i=SkH8nb4K6Srt;jq)wjj*%vQ9VoK)&`vmmx|v0rD`DR{*t=k`O-i>m*GXS&T#ja zH!KJ4-ylPbdKk%x1bGT#kHYKc=rZ)};#9BS}!h>qT{Ws+SfhI`uC5Tk0Re+LMEEx3QXH7Ph?9NT)+(cnV95 zDQl_8Td^VoAeB8UD8=^TbU46@ZLwsxmBQ!YKx@Xlko)4T7cyE}5 z=$+2?_NP=+wV$gD%rY^yrf;`RJZ!}wb~Ul8+vUe*Oh35PJ{lA&)+nuD3SPq0l}dia z+MI7LHLZvi3~jxiYNkN!VNT4!tth^l$C3!16RFed<>-9QbKQ1I^e!4urPkDWSiR!0 zIw*2Z464%dpny$7Rd`D5y*1R~Ed}Z5Q%xLr)AB*cV-uC_YkCL2&%IAA2sw0G_WmGN z5uc72QZQR-7v3q;*(n#$@?s{nXZi|vjQM_kS@{k(t|rgdU+@CRWApQC@KZipuf$q2 z@y7&pPXO1j%Hrg8KAYrwg|tlLiAz8Ez)j*U%8RSb+){tJT;tgfSu*Xz9meZzNc3!D zS3f+)K9LG$wU+{A7d_}TPUvH5GFOwbSVGBXYoEF7+*Jw*usCdAC_F3Eu-H+Z(Uj64 z=V@k=$%vYS4C(1-ObJEUuzZ1(vd<2gB=A-R77Cil(E4NWudGJl?a|Q68vBPsx7Pi2${l*b7!}pKX_xl zBr1OE4k6Df@UOfsMH7L1RTF3{(Y(_M=l0rqem$HwvI44@5{AHkz}~*(@FYt&xNq0s^(-0db{}+#XYctu35QR<@_4Q;oUL*Mo`fe}(Tv zFV1dV9WGfFeIt2LeHdd1`0aFgvj@-IsyS)vJNoHWED6f58y@E)iUQV_hjnait*dV}2F1W44WI3Ny(MHxL7Qgaq0ftW?1(7v z+?BHNMEiq$1&dLZb|roOcRrc4F#F?Mt>IAHXG%$o@0?Wk@*Ge-pc?(eI4MI^Su$cY z{k}={gBCe@ce&>pHt&w5%UD!?iXJX}ica+LwebD5BgI#Rl0cuSP8UOAH%-tztI^z% zRj51J6Xiu1@(4sfHx%*WWO0zWI*K=bmfQz8khM`m#Jwm$+iG$pHSpi_0K#FF-4+PA z5DWahR{J$BKN>BO;@jCl0zHSBRjWlr$fHB@pq8ckN&S;-#h$b~{{3k;9i~xxO{kfF zt<){}Xq?EuRsYM-l)#gQ-$V~~UQ>umBk5v^C)DQ$&VA~y;-fg4C#bM!Ih~68zO21c zZ4b8IP^IiSiU7FdX*8AYRpf&$vUhJ8dG}Cj`}k=eiQBB%!d3tsKi(8HYq|&8Xm9wF z#Wvd5<$lYNguEpmt@CtLv+_S`Zu(a;rF=ZXMlx!W@*$B6QhJ%94D*r11YPDcpb3-e zDeTV-*rBE#sFj9aRAIIZcx@zIXOW^&f^Bfes?7vmfWt(6zgZM7k#-e79!`6lMp?VE zRMLRS+{-kq%QVAc#OEGs_2UNEW6P82+{yODsE>rbu8SBq8vL}GtFwoiC*Uugw$W?y@^y!ub}>N-tq0z( zpfcy1vYi-_Z>^8n3Y~Fyt&;0gSFy$%@n^xIEy9OJO;+2rdjJO2=9vOAWSM(+==wdL`Gu5dCb(`KJRe%Zm*z?6g`8A9e-5CY}e!+-GnCsI^75fMrp6}3##j62|G){s{?AMV67-& zBS9(~@RUrD(?MzN#m*hT648qV!7NsTb;%$mS+jYOb4NP5-x8S=zvx`jr?uwQwsE53 zD^_OPuUR8Y);u&s?;%ukZ9v4LF}b$IKv0raC}LN8?5Oq;u9Qguo_g152`4zg#p_!!!a6U?7$s0E z$wXYdt)(BgbZm|(XJ9_xRD{}P9#8R^4@EG<*)N6554wg)KA{{-yzjcG? z>B)Zmupsi#I0(2-JTi9uDmku{`j!%CAbPGqHMe>ny-21vy*UFvxLbR$YK<~{j0XSO zbWw?MR%|Q^?PBKR!reb3dV4e{0usATXCSbQ%l7h+WyIG;%v2c8f>2ky?sh+PZ3u%i zscOW0XI&N^Q<^C6e^EMQ%to%C_ZED*UuDGBOUVO$xr}XFN{kBAA!qDX29k^T$~9lj z9$MRcBj~{^tBfE@Z7r5u)4ksSwdSoo9RATmQp~A5w#M2$g7uCg|7ognRPf3S+`#G{^ua;30OKWl#j(a`(q6M zy;P-BrCJ{qNG%H$f_v0aZhOoe0ckN;#vYRJxgXlQTv-F@@6i!*sh#rUj?afRc;ta< z8L(;(Z&b$HjU6X0$#}Du>`n)QUbf>NH|cB7E;TFqc9)^Xi#!kL+U84(=PHhv7kw>$ zs0L#k>6xg0YJ{$DKEtDnv*zXS{gx&2kP`EFNeOG#o)&D+uZWI4VjTLS7Y<#PZJESH zS$JiOC-MkI=pi<(nh;yY*0cX0bCMqMz?Z)^q& z=NSO0xyv32Uqsbga#8IyHA~ywhjjh*(P!cmsR~Xa^Ie)juOiwa9F;^bunz@R%jnVJ z$2XOQGTHBD#G{x&qyt3XpX!XJK2+Z@0ygJ}r65{6tFeMB_U+j#eC%!P&V4;CKIx9y>MvG(#lG`;Wy zYi)(^x5`Py<#~FV>{`{P&&-09=6r-H3!mG|bNW2VBxS%Vo;`aRq$@OMW3uKKFo#|@ z6~brkB3BxqAle{VkVx%p!)-7~!7{@agSGkRXwj!taLP1uj6ONEonzp$dvN`mld|7y zi6_$Nkx|v>H+~1)y<19AGFwMw?hV?4-Q%qKy#o?YPl*WB^O|_>P$l^r|J(Z7<=Y9- zE}jhkDsAdD13|ZA8rvz6$`^pV_zC}utG^Dfe&4RPU0lAu`*CGC#D@~xt$MqC`5r-F zVKdf>>!WKfzet;^=!iCC9b}?`aL_C2 z6#R^6T7gYZBuEy9S@38!k{lwbqEU<$<~Q7%+PrbHkK1PVVjIv3k`~OfJQ?in87!Mx zy7kY?ymN3^o@}p9{aNx+^Cx*L95udUxiz;qp|3<#$}`CV^{t;7nxDB5;0VX?L?sadnHzMoi4T>+b*^{2V~{ zN=5JTN|tF17cesmhhVS&;{%3*YQ4zwnHUP=^8=><966$!X^w=={y5uR^UMGv+Vt1 z^hK|k-himLq&lS%H|<|{WHFxF^d5+}@lw13Ii3y$*TkYGPsz_oq7xwn&?Jg$g_3-V z4Gh za$Jwjt;~L&;T`k%D=wIem7uyaIHs@fv=9J&1t=TKFgoZr_-oU0zyZso(fP zC)?|5)=>OkC$MCWQ-?iJ}JsTu+ja*Rdd|iTdKeEOhs}7pTmhr zV`q2z-C0{qksfRX*OR58zCP|2(QjVHQ6DeitL;57%+zX?RMY?cE3T9M{ED?+%lLuQ zEBoyF{xmht)R1!hzV_p2WD2REU4jAFR57f)-*@>;fLC2rd3D9>=QkHX{PCge6HL5B zhL_d+lIqdcATj(?w6XqV;=%8f!bTp#!~GSM&G~QRwNP?`XGhOPn$}P)4-3IcPNeYF z5taZ?3I2zXB8hUQL9UB5PwNTqIk5S@#IYE?-WOZ z?6p}ynxdL1`HDhlJey!3X%*+3rIki_d-gxD>9I@usmiiu4CR}#L4j_lRx>kt#|vsy z=hPix`f0wQXY!H(aJAuwt6kG__Yi4I&R%9kr>U*i{Jpei{OgC^(UD|NGfSMNB6$r> z_ymwBZnhEN<9;RYy@k1DRI2x7hr-qtVs&P!gpdo8tr!{iKgla+8!exnk3w0EFPTTl zeJl#D_x+%+JL#tyhlJx6J9u)V3c5BZUtDz&0b5uN>W-3czgoG`gnhx`ZOziP-1xcj zRm!~0=A>k@i=Kr1RpD=`!6~usIAgHCX-1nM7*?Vz(+O3U$tsyBzl>0eIbn=B*=#l` zF_>|PUVQYU@CVlvRv_QM%bdWFH)rm?I(Vn&R)ld%t4G1LeWGN03j#HPMlxtt* zQ7o?Dscveu`=HR%tPILZV*b{-#*#K^Uk-1m608{DA8LGs3M=lGxq9wg4|f+d1-_u) z&JiTIa!&nsv%fvZxKYim6RE(csWwr(TPKidEBn{dA<862cehF?A(U_g*Tx}AO6r;^ zc%{A?BWvYQ)!jzb4I>3EN~~t*8Qo`9(|0|r|6$2mw;Xu2NmQTm>L&UHPr2_!QKB1a z%$#tE*&zb!K3@7Gjrl8f5yq29hCxRkHMQ5A6Y<)RUs)#NB1_ht%5YZ%f15O}WNv|N z70O59FYYj0E$b{`VT0#w!CC!cgJlc+&UAktM{v?vl5#v#+&^kv*&}Uw)lBI8w1%IC zzygtKYIdOqVeI!apSn=QHE*wPbpQ3t@Qq(Y(%+igZw`js42|8R%GV$J-|7{Ru!yE4SIsWgU)_c*gZjPzVycrt*3d`< z4Q`*o7jQWbP-(6#lLu~6WTtBovbELEj0$VTH{aXceW>cNi(H``+NSKYOL{9fedRdl zaLRpW@6j=5dY8a2f^Ent(j9B!X9?t3dF|kaOg&2^>r1&xZ5KZvVOCn6?BSh4MT%8W zbJlaY`fAqiGDD>a@#mVE9!?|9BF|z?lY9wR0CNK1@jtc~<(V!6D_&RUje;i+w#@FA z!JSccIhL1%2w?%#VKSNQ}TJs8S!Q1U-wZ>bUsYmqamWAAt@#4mAq>D`oh zrM>s4%UgI!DBQ7TiMtKcAlY_1;n=8$U?dRA8lC_!iK3fTsJi8+f zcq@tSnK$Eih{LwKf5DY=z~;$caPZ9C0RGBsY`{=Ui%DqbWDNN5v0^l((`Bm;YF5J( zs``QcwAS9Y6>uS$e%FZNS!`?s`yyfilP+#emhzivsSRaLkDBd9Z#6c!>@DA~78;|X z9W~YA)GP9P!8MK4xC-%(bnmoSdCgs_w3@Eq?~}_kMW)w6H-I(qId;UI>#s^PMma_Ls(`n;D-u(|hi{nVxyz2pmRoW|?a_S_v$- zX3)Kym7#(8y0>N>Z!av#xl-LT>YRMKeWJ-1weW&B9ssUgRxgW4RFFK8eSqV*N1%Uw zwU8D1&y^qTzuA3P#??z*1b7~mLH_b;75ZE| zGgAr+NY&w1x8rInA#=epq3T-`uidT0qkNBlX{LM&S4duFF511mm&X<;0t1fLbb!ws z;fkwSplRw6x?a~5ey4@fTjM$2#}=8jK@G;=*0X20wMUWdtHnQhOQb5Owc$u(t#(g> z1pPyv?*7`UaW?}|to6-BId;1y-zwfZ`hQ-sk7x@Ix(0cDtSwbnHwb?Fmaz-a8Z;AE zlcnNi@W1P*{hZIeMQ6Ibw5PpRHDgxfEtMH@y z>15xe=HznklpT>3uUe$8cD?_T+IC}llUtKE$hlZH$9KK)%)D}|vsar|;yF~0{YP~9 zP$b_(6fTLv2z=XcxzEDk>u2~X5g@E@26?h#M9HI}W74wncg!|N*$zC%XXJL*SVDd6 zMxe_pIFgYGP!Rz&<*W>fj7tHPSygd;Y-~(5O;6>&sCY%9oo3&(J+ zDH(4vx)^k-;nYr=Gk827TEO`2U>!EJ?e3U;cvsR1dU-Reu$;NU1vHYS_8VZ4aQV+vx*^~w3F7UKB5fZ^*VM1xm~mlS=@YF%DQFs zj0HH@?XQUTFQoH(kKG^3o0}r#m%f#}c>Z2$!AxbI{NBs zkw^ZALlty$Z?#8Zm{;P+w_#bW^|J^1%QBX1etCbE2c(IX2QFoJ@7=p6$Y8nEAeY5WSftx@=*_<(Q zaH7xVzaV!9#WjC#gFQzU`oL~_DwT@M*2AU0W)!S*gojXuW8s>5qP|G|8SJOTAO`y&^f_KvVoYp;bf;Y+lgLxCohEYxy50~zH+m-b`i=$g>qRh72< zd9Fx&`dfG939CdWS~;Inu>t|)?9rB}9%Ot(9C(q{S^`0jZyG2silGBfO;J52yiI^| zqEgfI%Z(?F>tFSLDl>icXndmA*R%a;C0E+n`|e-HAEJ((B{PAg=IqZ6eBRl=nSTeA z%aa~zG+$NfrA4?~BbhV39lk$~X`{HLJB*{CTxk83FNDh8nOL0*y6gqDojaAgB*{>S zD>9?{$K0#)!ZR6qt?s;5maMhQfkzcFqcs4?aw+~o=|JhIG3&o{-vsF94QhU5EqYAH zgk40RMWK~lKh9U5C8>?IM_xT0bwfhBGRx*pMyf#rmkc5$Ni8>oH)<$H5 zK#K_BiSbEqbgt2wXGafdW;1!^b*5Z+i@kgI7?il*!HQmQnwsP?q-I>wOp$qfVC?gkDqA zBh+l*){4pRU&FqV`rc1kc=ki=iB{ab{q(kQz#5VtXTU*uUb1~zsT^iFxOcK}z^%~k z!QVGpdFCv5Z=gP#waq=UxVP{X0x1<|D)qX=e3cxLln%?f_Y@^7fM)5g!32$t14HA2 z1Ff3IpgSG3CKmzgr9ONBll|QnYJIcug{@LqcReik^Lu1M-p*sJ0b5U$#z)$bZ-x!P zdg`)a_7buL)L|Bb*9|k#ci%^qg$B;b8dngucH!l!dC&UT{H*p2G6mVetq`9_dfY0p ztt892^@f2@lWCBVn8g&4(U~S8W3M`2(E2HY=Baed!mI#E@p&qXMUrqT+ z#@uIggWf0yEo>?*SNaTUj==m_ta{4tdo&}5u+NYF7XO4N|JkN!Ik@$SRw@woDNP8~OVTv-}-i>BLRcB2}$G5L~3QXl{Kc3r_# zJhRdn26yXA3axAjU?Ngvt+Y3kqsRFtzVYsUrI29RfJk0<204Z7x(&LY&6kNnie?RC z&Yogao^sB1m@^d8rbOZ_eEeacrIbN1rpj-``r=(V<`;a$nZF0&$T z+vUH5ENov14Davmrx7N9m3ZWktH|8J(Og82<>r}Gw%jVuJS~TeU5B7bGwouG>#lsT zU%hzX`eI4*?4?cRH*TdGxAwWwQ^Q5?U;qn&_1>yFC3phucz9#87T>%7sR)*NA(o3@ zz@F6;-(a2{ALMy2@o}6Q+-bO?CPn%*0-^gKitSv2J?2>VT_0^+(-jlMa#Bjjg7aoVEED+uS{kSk!vi47Wf${^h=kD7&-^jaO_mkARTFMSYE7k=@Tr4Q3OS zq<|Sb8$A4jO#&VLA8aYJ#3-16a=?MNJC-tEJ&SRGyuN7lFVl3cBrQ!y8&tnmGrA;F zJ({h0>^s@^+uoc3wCSKmSNaIW0p`K*YBwnO+8hOUP9ABboX*3d3eEzZTkm zpkh~aFopn7+s&mIj16y1vjm+5_p&CQDsX$v{>@puUOe62Y*di6Rs4wCz0M!8Do^{X zlv9Wd>h(v!40fJkDHj(PYjtw_&d2xe{4cGHx}%8-r#STTOA?vrr2qHkDT>7<3iZlm zj5zOsu2RCjms~ltZjSvP+3%^kE8STX1gRi`c+M))0 z{TvNfouWA8T%dGKCU{^%Q%Pl{EapA7yRB35oapqcQIf->_B^~%I5E0P3~`RglE0(- zUo{74-<;N3sQ=kMTMW1o5W^y2W=DsIcuoiRWUc4p+}P(eKd%@2XXBkI(6j+Pl%A~C zI@}Kz@JO0wP}9xt6GcX)y&XRI>_=!!vomo1Gc??%Wxigv+;=LlCxcfbuMX&7YhqA> z^-bp5#XtPa%ic&rSZ*YKPZYnZPF%74O>=z$i>8vq>n-Az7otmigkJ>eYeVjK*f|YS z6`8(Wor&XoG6O2sX%8O-x(t1oJ1g37T{kH^WDqt$+vnm`boi#MM!C!aL7U`-TP79&__ zxR+q;fCy#0q#^&P5KbI*A&jyj-3#B4`)PaIrp3($*4W+PXFuF%tW4;hvb&rG%uXoB zFA2DIhA~(3k%aKt);>xmHjyk7hW?QxUFssZ3>cdv3~ZG*EaO%-o}2skD}x3>)5>eS zwRwqw#6BNw{Ft|Yq%jDiylQ`D>-pFp`F2Yv`cUAKbj!h^k<{#Kj)=oUC;Euv&_`T+ zQcu*28wq0~?b+gDJEDm;LQ=er=;^sO-#hUzAW{NIB#JzPcJwZ`%!B_`JtH=Ht79>+Hk?nMiou^Twk2XuCk)wFgIf^%+t!-N7k?_@3 z=Y+=Gd(FMT_m{uvWD59F7k}re#nbG!2#A)2#68E!rSlojvV)Dl)wk$j#REvxobZ{ zvahKlpK5UY2NzpDss)zKHe!ZZm+2+Tq{v(zOGh&=NOCgrx(v3GzLN%kR zNU<%x<_PXMoA0V0b6!4xLAZkpXlZB0{y@zyU%4@8`S2~}>Z|ItoT;0vXAv>0N6}uOHfzIvi1K&(R-43>(DN;zGLWgEH)Fe)f7fmaQss0Zs2a`DmvSE zfrHQ!_?l9ZV&r)6_r-YrYmToLu7*psGSMD8wu~xn$oRgYK#Z+{&3qq2V1{XT#y{$@ zdZAsTfBKL9t!<=-5^qlosV3$KTRMyuzW47kg<3`1%FYq|0ON;FL~#-pNpoAG(lTFf z&A*5_;dvaIh4Jr9?ayG18Z1C8VVAQ7pL!9`Tf65yfNzW5vj_9celwLdZfMIM$dkf0 zn=e0$4~!XT#6!fE9gbR84W{KSdNgQ!9aSW54>4MGezGtO_N$+4&=P3LsyKOBBhBW`Ahmk}j|(Sry;F0exh|IcPxi^!p>%*h-BZ?K3;?VVF# z$D*#B;8pPpkm3;aRV;1;VAc7UOP{dmePu$|*>MKy(IFpX5Q6O#Y_o9OJe2rL!BA2&MrM%D(d>D19c7j> z-US!k(CMIrVej(uUcp`Ir|0ZM+MdH}gzAj5(Xt3xcV}5cN8ZW_0IcgmuIg)FCQq2db%%sxL3Ea1HZ9_p3}b-t7zHy?*0g^-;dh>Ppu! zz#ERSGkB;cEW%i(Zf2863Hl&{tpTaFs0Tkx5Y4bhin#doDqn=it%Q!1BU$Yd-LXC` zO}J+zFLB45RM?u2j!zWW`e7(dU(FXwUz4`mF(QD-7l-;Dewp&afh35y>Wjq=4(!+{ z#%b+^{w`Amd_l?a)QlUAftCi!OkzgUmX~v4wnlaeQ-@S3Gtq*P_R1#8L-YONJg^VN z8uyNuCn6}BI(o9$Z}a%Q*lt^=#-cV`6IuBAUIY)xCiI0#h6PN2q-!JYg?u~=uxq+w zq~!9}(4GS#%Rr(-SHt46nW=#;>ZkfxThuy6dGqD*0u!mTd4>g8*&rRn_#ji=QvYus zx-HU_z@e19^j0$CO(uxVR`O?T?b9KzRzeagd(-)|A)XfK9U3$GbucM%I)0+yxgS5- z^sbEk5&K$?L5%V4`uwk8k zOJ%?Q7EicIFpqA1?4u83uv_1RX|_sm6sP*BmW5gK6#mSF-f8LPexx*a#4vs6UTo2H zi2qREMejP(UO*3l$%&?(x(c8!dr`hh9dgROzJ!fm`NhwY6T&`HV5iZeJA_lf6gnDZ zZSO2bGykA&?yP6|P$hfV_GV9wCH~C8x2W-=v$6S(UEqxQI3kPnW8143xZlEQ zk2mdH6`?SX=C_{he-bH!_!RYrILIm3s**mp7;M*cju4$2a#GqKs^_1wd2NAyW@g_g zh}?wQ?%tJ7-{{jnQfJ=5Ueg|oFkr6#xvoKr)b=E-go=UXClOUBHr%&YaE^vpliA^r*y2 z#^S_e^R6$4xudkgWRLO|+@2;dS_>8T7#TrTvDTH8g#+5izZ@sbjgH3H3x>h1H!tUM zZn^I%kICx*leGHJM*0dqG|5EOS2uicd)zLz9)G!fv1{z!2$!cfs`|z0RJH{qhu{C-DlDIm~a8nk`YmO6V3(S|4`}}37 z+BG+kNxzyKIlpCfXL@z%)EP(foL@nm~(w}YAyOxe^K`eWfIL$*LuWv6PEvCBoi z<6QHL$a+SbNmjP@FsCKQ-rDs0)IF=B=m8?+r&{Sm<`LBS9N;L&@*M{GyIse+@%iu* zh0?ti-cd@b7jBK#QhekL;tjw&WnD6;z*$zY@XyWpa5tf-Er!Zb)8X5!mGg&?9Nk*+ zp9eSIi&r^U#eCdL0|gv!keDL=Vwwo4!H)_2H39>j6NTz@>+J_xnY$ki!~Ee|EUBCL zJ>Kb^IW>FtR5QVtp8NOG$-2_<^q*espjhF~(s{)D&mK4b26bB@7K?fA;rWE=J=a#! zVZ%W}$B*N;jc+Wxw=mdD&Y>laLwrPf9+SN{a}EONd;#uz^s@Zp3S}h#-Xq3wL~sC( znvRN_3LaVc>+hu6Mkw$qAGWCbEjz=yNqE9LfU&rvudTBxWU!1b^r?iQSthq-%qK}p z`^=viu5$1X38m~XaX%Ezu6A9gCBGA|8nr_>8zHj_#eNDKvP~I z*v1(9Yy<5TVEI^Kh3HMyy>DQZb9>q6dIv5{h|<%9+e~V=S3kA=<};cYcD&_yIa*fb zc)d^OgUH0W=a)_?__|o7ZJF<}Cof%ojub9w3O>6@T)Ml>*86plyR9%dzS_7C`*WQ53dykc*MOjdVp;<_uJLAgwQZ3)|;dZR$v)wO-B` z3gBD#roYtqV5vJMcW=!u+j;!s*!#{*!1b>(9P$d%wI6json}-RT5+vl$>Co_jV_nRJ@R)C}O7-H-Cn-O~d-uLQJ_yYkHvDuZXE9<_EDOwnY)Ru4} zV^HdD?DDn~+TP>fTLlpMr_8F1Cxef_eHw#~JqA$%vTz|n@t>gKRUh^*j-rPHTyhm& z5MqAWzX*9cJUr`f-`pe~fA8L^!*bG_k|)2BoFy^S4wVWazfP6k?6Y`;9O$7%&Td=kQ> zcHcYs*DSe20>-EurXKnE#cXNb7>G|kpGgjS!emLa^&JFT5a%mVF|mYSsDdEUD($7o z%8306RIavJS&fb=QV?EY1ISVudxY!MSs zoXe4$FjQ1KzFOos8fX*IPe$C~zFsD1^_A=R{{dV;qrbA9S(UAt`*%@a7ckT1Gx2s@ z#yPwF@PBSz3GaVUdyCifXymxsNq6+;#{iwoVQArjZv31BY4Ojs6fEiS=n0KQv-N7^ zVdVuD^;GbrI=gSvF5i3pZrZ)ywacO1L$2M2Y3KTTo4PJI;H*FA_@O^DnA*7Zm8|J; zolUHINHDhFpx#&e?@Lu$TAm^#OQkJt?+aQmz9}d_oWJ zt$5`1=gCj%2>m=(zQJW4$C2@SWvO<4v&prwc7geR#o+gU zdb3TxhoN|J0$InUxVXAePkfGAJWa)}hF5lo2)>O`o%zWH{rJyM>1+=M-DC`s_DrUk zpfPh=ML|1fGtd1`{DL0YU#SmOZ>l(hvz>Vc=K2*KJfk1I*{9&mlh z?&>GkA5pN`B^C7dar&#!6ZBVft-n4+2hQq;^!Eq!X9cr`lOid}UGUEg z{AY%96nPqP-p2Xd_4kz~?FL9_`xoG|-uVZJ6XVb3$Yq}Kx_w-%QF~+Fd9X068U3gs@q+qr@vLL^^QLDMe4SWZm1vQeqrq{J^6(vba-cx zc9EIH_HSjKdVepofB%jB>%%aGbKVS&j#inAH_j|<20L|aT`DrYapF`n9VR7xMM=pM z@BuBMbqCzACzv6X^SFBFUe4o(kb`+DgpV>+~#jM4f$dYR&HTwj-FU%d!9Yo{d@f%b6~i?vJZhx zWaO@WdivizsJ+!&*CndqcaL%2j_c)%OZv$mbd6!rN4h;*PuH%=YqyVf1=rT|db{Vj z_rEgaS5`@l?)%7RbYyq29xdHaL3&)i)Rk)2zuS#`F}cK5AYQxcyRUZuFhKt#mHAeF zxAnAf8{o&zqp|{OyuW)!v#kT_g1Tm@ljVWhNFAst?*Bwk4Hu~~b5S3BvP!EdD>`># z6+0S0o&z|(kc+ho^XizH(>RvYDfAkn+q-{xpS8$Z31j%>i=^Ia)5bE-!Pt9nU%DEh zLonrTe%GJtweuwzwJ)gmQoBaFy19cAwS%I!4iMPRhX7~T65!vp!gW$dW^(7wK)0H5 zGIS`O$- zzwvsK7i9IjhbkCj_lSq zpWdY%0DdhiOo;U~2h70P*LC6LQN4I+QLn+b;Z^jGlyWs4x?Zd5MBj|Au;+t-fvtXZ z&`+)9gSFJ?vRYPGb-eFwokMO<;jj$zOw-Mi3$gD#Sgj*mSdToCqig`S>*%kGoo6)g z&a3*t$zlD&d7^;OLjs)B0f3Qy>~b8UWCIDs<49MG44^8xKH z1rUsUNkfO&U@U`Y-eBKtek*!y7!rQBqGc1N=Lg^Fx`HEO8J)R7~UKLAj;N*0Cz`n&LxalJ%;Z$O`6 zb9B;Q5O7dhZj<&sx?A7);x5&5E?9pljMK7544ipQ7hW0F3zuf~I_)CZDouUy+BLgz z-l^R)*hAhNNh0Ox4n6SEPv{Xqqej=}II+7Z#qhMdZXdP+^bpRIDZ6n)pLJ!#yS1Ra8P^a0t18|0!bBW z0_6XhUn++NGt_%BRn4@2^kLFlb2hC)!wX&P`?BDX5`cJ>6^FJBWvu9^?bTkO?tWghq41E*(&XJOJ9KZ4PM1S2){n5mF zhGsgn(tA$dhX1-oRuoLf#@_gV_Ex3pGu06l?IxK?%7^S!4JBEN$>_bKw>UsQB) zR=&=*dupEeu$dq3_?qPK`ssX3Z?0u2AHFgJV=@NY!kq_|m!GfCHTX45PRgVpmtAT$ ztA(xiLS_-!?&2mU7X1Xs7n>1>GK*0m*^ap3C!!<^E;yL!ckZ_O|E&6r_GG z7^hbj@Ccf>6clzg7qi+*l_#$#D@@2e1-aYtCPHz_NO8h2nsAu4BO93-KQa{@G2 zEL-MBEN!S$J(@ww0LC;TzLqfn8#2!1%N@G7UDx;YcN?ew+BoYOXO2pyy>Si=Qjl_- zb%|vOhr3D|>eYavv3sDM=m~PtW5^Ag1IO0K7K3%MMcKM8alIryCUbJ~S?V5`qqC69 z?v6&_y2BtYj!tP{+dgb6qp4OqFzQ!NPileUb8D>qCW!dikv{dd5p6ZGsUDJ_hfzwS z=1@#6;+RWT@ty|lr`?sA3B1(Q)G$Q}$3WGAIyEi$$OFNf#zAHdUQROP3pMXh z%u9Gb7nE8a`)Tj{FrJwsK0T*YRpfjx4=v-61${d@qPCf7-j6DqNTCw=GqcjCgY^Si z2i;j}0{1x7@%+mop;+>dWx!9O+mWDlp1$NCj}}&vs8!oEj7bidY0k zP+)RO?bH@rwY*aHe8w6e`ZYb5ahBz)f^nwDP##7Y=k(Tb*2l-$4^qjm3v(!)*=4Ff z(x`)bK%;HIC+(B!#%Q?;3M!CRq|`_@(WrZn*Fp8Ij_O@5$ZJGK1VfpwMqn0ep9iwl zt(Vcf-2#z?p%iLaahb_v+<9DPz4zfWjPT(ING)=l?`v367-L>fKhaeqptEpxXK=O@ z@7$psto`nRPQ6P+=?c$u>5f?|Pfjpxx30He+!*_6Y3nlba=0kMf4edi?j?u&!Z`Wl z;ZG3v5=J1_E^Bukk;O4pv98Ng>!kc(EsOKv_j)xok@J5R0<}MuHZql7ghBtvPS-AX6%-Qf zCbqOoWB+Oo?a_l64tqgbkHwZisA04s>qZ9ksOIBz=CjDx9-=jj&bXjNp)>yk2&ys8 zMrSlIT4wJl!a3U4r#3@tTCK4fKaobPF$RQO=pfxlk}vON>%qdnyCEV?3d=Ek6B%1V z)b#r7yn1>--H!s$;4+_!+%2o6p!DpV@-I@~f(QdcYG;*U#KBm;za>|h%S7&h=AMD( z)&rpKh;}Kbkl3EwHO+GYzC5|A&PkJN7&+|tyFGa%2FQ1Bur4x;+6399@JvsE}xBiyZF>Yx(Kq;qtHIhgISpT}x=V+v zDRNH(OiaXF19pC5oI@_GrJT;{Gfkn{!q%Sc&itgOYSlDQp&jph$13)2X zeTA~JNJE#Eq;@=|9(}U-My5CJ0dhD-bi8F$sA`6;)8@3;Mf6$^Is}Lzhia$Ijm_*_ zwsxspeyfZhQoVK)@pc9VL$GijKnuZi>SZLW39!J%?4r|0GfILOO8{}q5xH@GlzRtG zdr*-X*?#2{jX94@i%>^0#ChA4pF=I28{5H`=f~ph3W(HCv_oIS2^7M?vWs>b)((C2 zdVh&_HfP#pEjpbeJBWeG7U()Fd+Yli|Hdrh5&b%oNSWfAO4Za-$hy53_yeIQN!nzWjoj?Qr8 zPY!F2h=w5|6f9acytblg_`N%ML+S8)J^WC>nPidGv%T;Ud$qzmVoPHZ^XftG44Ztn z+br^Pl}O#;9%^_2@m=Ix-noMsULe7(KB!mQZ~OGj`C@cq=+)fPYVAF+OOMt2R2G=f z)s8uJLhDi1AV_~vqUgJc8VKWrck*TXqwearoBBK0q{kZM`fF>4cOeL`zfo5^s0ZNF zru7#^KiNReS5-K@U|(~#GUi4&`?zy+?+ph?%?0Q(o#?ck5A4$dj_JXb33ZMVnQlA* zo!R+k8A7l)LcbZRZXq%^nP{l?361xn>j3^R=cdU&MSv=CZsb;RHgNv!Ylfz#(HG{2 zHO;xQ$-Y~3Ty2^NW z2(Cg%`C;BLg7nEO~d0MIgQ3{_Pjt+sZnb8tYNCSTDt zfT?kA2UK_;dI}jfE)!)k0Jzlv9f)oxqZ~i7rs}Spiad1Ay3- zt1}$!Ss3SZ+Tygtu<6L2!Zj9)@ zY1w48!I@f^o1$u>eoJZ_RMj1hi&IO66pP0l!GNdu|f?4FV zooSBF?7X-COwQOqZu4^VNKFh|mlE5Diuk(pZ(o-*z)#+~gmjsx#{rPzQ5=|Av@5lC zHL(Lbo2hJKjJd0U5k$uCb)WO2olFRb?pd*)jjf&b=+ z+#o6dv3euF$1D>Ht1l<79HYVsy+tCWTUveK;@C$rl$Fxn`OkuzhzO zov|*Nxuh$E&T?^v&AD}%aqD8tYhaG_oC0MLCFJM~8B$WWgQy*%zbz7DV~=(PD)n^s zx{C%5aaPWcO=z?SS;sl%(HVO}-`nqh9-Y6oZ6l`)*~08pYt9pzN!)2_m6cae78w{Ev{BcL|2`uKx)m}dHBZ|D#H;oNj7sI4#La#ARR2su(( zmTamNd7ea(u*vp5O&BN)xljmFB{#Pj*|nwz>w0l)2GvcP%beOOHDWK=(+I$CazGOR zHYYfbB1ySq-Xgj)4aeD$1DZ|lBBRzc_FLviB&In(%aQ-7ee{d&mO>wnD6Q6$&#U!h zwXE!Yt3ib}?%t1ZKd=bel6-73JC|6W8C`5c4x)p(dk*s`I?$x1)qooNd(}f~!42T0 zb`^K@Vhq5N+0V9;u21)U`#(|m+iJz-5{YE{UQtYt#)WpW)1YWLddY-d(4(142>`4e zu>rM?&T1HYk%4J*s<2C8FQ_kvhtRt%y3+I>bDkvufZiM()zmOLGY)M#77dwi|3!J8 zw#{!^7h18|P;1Z^BB~eQO5>ht_2G~{J7STbX7|lhUIUq2u(P)i#g;Noip_D-X%dAV zvFsEn=;;|HYGEH{l6u((i|}I_n_0@Ouhve^&E45RDvUenL*6kpYzdmgR8xZv~aj^B1xxx11 zM!B|~I&SrwN1stgpZP?Za@KNhj76tNe?GE_S>RR` z7@Afx&Z3bpx>_ok$UsG28X|If5E5gK0rXk}!#n>&e9;qYf2$e(i~No81X>O$I{Goi zh&c3N_qo@Xsrt8lnWB3U>3VcI)gh`(kXoIDP-c!Qn?9u4jIbWyOa}jskrc1x^nm6s zzN+J=FY8Z_&1h~C4>yRwyuvzt>@y8&EDmethcD^mnGU@+5yN1HQy{lRO$Tc9t6w~% zUDXx(z{pDqV#InA!Cu=aTvHg$3wJf^$furGLq4d{ zy5m9*qcFS#U$7%ac(F}#?=`HO-bdVE#EhUMFE1f9xg6}ty{t=} zt@?dx(wuF_MHsDA^8>YvbC*i)%hAI&PK-{+q2W1FMcR(M_sc%T7e-Lwz{q1Cp8RsX z3Im(!|J&#FM(dE;f#4+eq4EB5eeHL4s;Df!58X=`&p?oq^5^_deymHc`t^OI1G~tA zyz!yzg|c_6g?8WiGJ>Fp2$s`tXsMm_4^a%L1x0$_higw-ZuH$Kj)bdVh{J+IdM(T8;T`kny6GY4`ad>;>@L*qlW%CPgA`fTpPL`4k8abhnRZ``w{!C&T~asv z0M6&`rso~+Xx})#K}r_kB>KeXcc?aVNu&SxB9Q^zdSlv0+Mg1o=C^3y;cETr=kHf@ zS*boW_<{l$JC1|i*}y4pHAq4jK-ajLBoLflE@hNPob)Tel#@Xlts(n3j~!iF>XkJd zUuh`y2k%SK3`V1G|IgQSvUO537@te`?9-7?eo=K9IF}nhrLFmKigI<5p^<#B`yMfA_py8dIhB^ zU{OvCHiGe*6K{@HqB z2u;T!{{0t0Z1?DOj7`%jA*x`v_TOKnZ+;Hs5$ie4dIm9;p5PK|bZ)hg0<75@h9q0h z>n{{2q8C;`oLDWZH7=G651DI+eF|JxMsZ@FnhJ^h>S@y-e5YTRx(u&b34*9jU;g(y zm5b5w$T^JD#_a}+tj^Dt8T)+@C4 zv2uO&w_8+75#!w_-qd>cI+0<>`QlG%Ifzd9z#Z?14gIS zL?n^+&E{`pu$2_x5iCud??IwCaNHC`wLiaKC)?ZfhtKt?a~fki>vHH&j=u4sTp}}A zib{G%r>4`pg#_ROX*i-}j%>^A`tn4EkKkB28Q4Lpn(Mq2JzxgTAj{|K+8A zou_t#6)d%MU3a4snDlg%6~RHse9GwWvrpHvde+~wdj692$E7!mbXJWI>QKDDvEE+& z@k;|JsXn5=KzngkufhwiSS|9!84Dak@OsXr<1B+h`o8yqp1VAxw`PfuT*@J`f_?oE z&-o8kup1E>wjUUBB3yXN>WcM|uj0VQF?02AeyA6EF?Ql8SqyXW+^o>S4_4^QzqMCo zIYfXSdkYZ5l6r`4Nkn{Y-C8%S+x!zSBp#RGIid&7zVLmWGlRH0Z`oMnfG?#?sd>9~ z-(w~EwJ#iSPKQJ2OXoUzb^iJ9>a@?J&%+;rK7Xr5!Eqwh{^U)JcT?(u0au_aKQd;6 zD9BYqJsKMPZU?t*%-;SxzC|A_Ox;8-UDmOVtNMfIadgjNKrP>^!w0kVOOMx6bUaBl zXD*VyuUF@u`>xKCHsc@Qqx+w%rgl)Z0%PMkVdDf)apO2wh=$Ott;hHDF8uTN(Q?`` zzu&Bpe{{^7AMLug&5x8@oL_#T6JR3bK4-up;F+uqRps~St@f+>!*37D40x%5Y8`%} zUcdOQX5}49*Za;6DQRL!r{*$TT9^-fv|1&A6R!T~d9`+p>DXK<=~K{O0ODCqiHKeL z;rBHF5efdW)$v}?ENM+FwX@YA@`DC-a^IYBiH~es|M*`qK>DIM=F`$K8cMmGzr91G z^CJQ`YV|p8(sQo2^CO2{y9yue*0#4pH?jTRz=1zIiUBbPM|VDHZb;V{CHG+Yt^$4W z*XtDntZl$XBz<95<>*72c zjg2Y2{DyYT1$vtPqCM81wZq`em}ln!H_XnE;&lNdAT(+Y$h&%Z>kzYuVR*irOZtbu zT&K|Zv@ZSkpXiw(Km|C!mp7=H5~J$dhr16(xC zz%@JEuhY+dS7#hknVxKXi;)5JbXox!2R=}uZ+!MXqGWQk|M*ePKq6?UwNg}t-UXc% zlGd^92QTPy_k@nkrvY5V3CS6WqJ_R<=cd)-2mnr`pXdHTXCir+o2&*`HS1WVNZ+uI z|6lMC&gvd?npI>+g5O{cKG!~>P4MB+oj)sc1VNcD@sLX+WBs^eAbaKuD_pAzFh0Cs*e6X zjnm3Uf0uOTOqc%PSu?}l{oaeZaCKBi z=aRJ;C|73DZawmNg}(mr$8`YE(roX`N?TsiS&UrR!rk0`@SmmX%}gh?a|J0Nsi)A5 zOz$WCjEuJ2-I@Ij1KeZ%YIip1^YoW9H>B3@ze0awIxz>boOE-AyB^S^O#%IS{je@w z>DGUKVMtwFq&xEyk;VCEwLLe8-nD2OZd7r(U^)Q~Bs>4;dt(J%+|)pGcqgO7cU{zT zBUicV=7V%E)1x1+CNilUCs4cw8z1#v9zXbOoSbiUjW*6Y<<4S2{N77C-!TrIC2MvO z2#l{>kJxj*Ri-5(psYJ{-bFVv$<$D)k33zg-~e@r{@)jI00R!d;kmLwjVA7?4}Tm- z&95C&Wm19mym^#%L0hP4AOPC8juHj3p)pR|^$k)aA?F)&7F3nj1#-GgfAlh`kXOjU zQn`mrFB$sEqs7XuSXOb6)Wh6ii3#-PYV&pDWZ&I5W6B_vN7n%39A=!R8$0?Y#dv`i z8T!~EGEVGCQ7I`KS5X-J+ys3@9+V!C9{30myCKtP0P4K`j^6&>l-_K^afz|l`OcxC z_kP9Y8TJ8R3}@P&ay{{dTKRfMboNi42Y`Z;7(n658fmM!2ORlirM~#h!>SJCu`b7O zaBphZ&;HTw!`6;8wbrf+CqR##m+^Lwe2RA8IILRIrtLpY%_i;_rxr$ZEK;B}YTdl= zQ#JbBH!1*B_v*wSAJvt?dG!(Lv&QCS;#iH3-afSb6>sN&BglMb)~9n9sfX^F zN(~Dur{IfDtD}q5VS^(WQ2CtQSKT15uZus5Ga`eiK-MK~{QA2109<%*YALyP&hTb!CLQOVHUm zdX^tO&dwE!?y?9+TTUmVkee=Zju~Tbe8vCdMG@gFBD2%nXupnA^DE@~BVy_6)Rw#2 zrQ?5m45!MXqw9?u`txHiup@mFyPMeyig)^TxI9RWu~z-{Uv{c>7%&u(8I6y8P!E3i zV}M{M^*~FK=9kme*I5C0t3hA*a*fglJ9PeUU)I?!?05^3dfrz-WO4}VDa z0ZNTIL{5`&~CYO*e z4TrExf2vmD);^v3qi58K-qvUPzKVS?P@xZgk<2|`eLyt;N%y{Wf(WRnCU6v05&`q% z&sQpQ@T$)I^~*YkYq$Bn0gPYh(%wFKm3Fs#V{a0m7k`>^pe)xL3 z{-0Mzu`^U)yJ*o9kEH1HhnrPBA5;n1Pv+LhXcMf&nPqwb_jc&u+;?8lnNI8^*mTyC zYXIal>&XvS=ogx8UXV>JM@JwReSCJ<`tdpn$gKE?Vdu9eENwe z^k7PXmWN)|seubR{)2wK#{4t6vpvb#`KhmRJHFh(JqNl5I59vv#RQ$Lq1T1s<3I+p z^T9J@R~R7+Qgoe6K1uM@FILmOSmW$1l9N4h!o+@xzwDfWH;8<*drp1QxTz68qb?ju9{_q9TEKhTnL8c{Y@Fhm^-rtRGj6SiCa&N58vmC&vMS zadvE3PfK|Tz6jbxl5P_HnnS=vc~q^>wd2ZEze^8(>i|x`R#LmZqLaNfIv+el zwC$!IA+=*B07GH7VW96lrGKSQ_)>_X+kZr1&P3nIS8dtu>2*gl>Ky3DOUp!{gvnjP z%ML$F!+CX16*PM*{`p1FoK)ad>u+P~wncmmT9Czi8!4P;;c)d5|3w@X*s zK?9DYahb~35DMH9UhCovizpyu5+lq?D9`05ZXoT?PS8n37#RvkDU-(~dM1`e&7~sk zAku7S9VxQbsJ~E{qKT}i`VmwXHE=KEy!KfPG(JDY+aTb+wtij4P~YA$!l8h2!ofFK zmaB<%5brr5l~ZS98jtc>=+sGtyHY6cxL9}jrp?X9Ns+-NQbb(skFV#b=KE}%F%5!% zoLI*r4obJIAccL8F;4az>1CIvyLma}FA_hYd0A0{(#G$H`jQKrIS!X-fn)mLV!5Tve4j}pvMG=s2iQf*b>sm2Wl zau8%ZDus_a2vHP(buI&ev}|&+?;^4%s+q1KogJ9aAh}wj>&%nfp?;zc{K!d5X%|dS zjI%;D8H^L7TRzCdt>fIaugr}zh3KduP%aasE*wDcTL!VaJ9zD5#yea-xw=>$-VGvN zl0Y~X?r3!5oVIcHPiW{C;|y4&8RN`CvD{f-q3X1#iflczsOQCc&bjq0Qq%r2Y7tc{ zWiF(_f{=zW6!k?w-WCw?!9LVc2jO<@c7lQk;XE5;-)(+_C}wv%KihM2cmzOyr4SvI zQ&ym+Od>K@xxjZ0>CH>SgvfI6n0y(Hs2em_*CMHEK=v2q5#5p>)fsAim@&qX3kmrR zJ8paN4obWCe&RFU2MmdW@z)G`v()rJE?w8@d&gWreyiN3`M9UxVarB5L{Cwt-%l#jE@&XpA+GI}pFzjwRU(Sag5l}-NkLJbvh z$<872IJyQ3HlQ5R0r_%qAoln$Ddh|kwMhIRBZ1}+qLuO0m0+TrL;-UJnts?v-#9q%RI@dRmdNxL$* zD+ePHC@E@)7@ZAvlb@dR&Z9G)gHywd*mhrKM^Px_wZ@jAQ`QJKYr$ z=fg6F+-{udcHVYiJYSf~QFyvg1I0njvtPk{LkELYhUX_iGo_F#xx50$`Vx_V<0Bfl z+6lrDxtz=1q%3Ke^DatMbYu;hCfaqAnjOJR5c6CNw)63=dC&VRn`=lf`b)*YUS5Gi zeu0QL`s?Q+xV68bczSnyZ#H>b^{l=vDNAW0!`wm@sLa z#X+KjhCshApi7a7z?}>}z(y9imqR_ET|3CLy-5*vM}`>umiLj^}iN~ z+Q>n+CF3MmBh`Myp%m9(dQ=H3{>8q+LfPo}I^V zH_`{{kO(b1V*}i>&A8$C-O;gW7wlw|6u2uR8U`@+(({uFq5rpI1nplphv?0;;pmn9 z4|1sw<<=;N+IY<=Gh84@i-nQ*{DehzaV2q#aDA7qx8q#R#TbI|tT}}{0C$2{Kv#P0 zkWX=W8(F7T0`MXSe41|^#x4m(AffYNkE_Ayz_Hz2GElOoPDuP zB36taaOx+S+#1g#69Z9B@WaF)=Mm9)eO%;yIKo|8GR_9$ckev9p@tWcIF`0<5xHlR zMswdXZBHm$B$LVcY*I(=+DjCDCPl+rdnx8l>L!dF%NV5RIn(KETYvX1U$*y`lUMBZ zhXHQsN{!$W{WiS7filU|fb6c8!i(I3~^oogqRE^0>d}jm=Y| z5J2Mwj>1?0nFp%WP+bNfc187tK{Cpa&d;8~!EGS7B#`j7p85INYDu1?sQQGC53g-m zPn##}0pBJk$NSq^sSF}y^Ez(q55C<)gq!t;O=F-Spn>!-Mm=8Kr$NDKZhDHW8Qr>a zzDJ!HiDN{>N9PJOM8w%rb}si=?$q4Vvgyo~L6_em`irT;eje$gW2?9uVa zuuUQ!m#Et^)V-;9S-BAan|_epImuz=#pb9PNV+Oy*Cu-v^ixL$drTh@{qx*$Oh4Ji zV)pxOUY3!ujH#dK z=z(;i8{_<*(03F3etkVj6`oP80`!>OAu=Km-FS?BzXTsaX2^AKDGUc|(d}u33glx8 ztE($ieGc_v7luIGSR4Oxm&nlzyYcde;4IIStOp&8iK)eyStCEd2tiHH(+uXQ}V zm3y{*blWf9@oT_GFJ)OWwRSQ&Hyau&^#FXHJTj?^9ZPEKN7n`XlmMD|>q3gfv@D`& zYE)1NospVzj=H!j|RHebq;5GQ6c9Dbe2b?Z4T$~oY5K4 z4-xd60EX6n=*%)T&BMSJnS0N4hW#a!N-f9|vRgD(kx_+c8jSn7=nBO|?k%ooQK|!d z*XX6HL|H_S^ym52KN-?=I&^kpyXi%hp!X%(9oSt>yJBVb6U|frouLbM5}g|%ZTvbB zLiYXbt%n`;wtICD#T9Cv_Ag8+g7nHsP>kZSe<`f~b(F{$bEmim$C@+s_d%&qmJ&2Nqrv7CPZJ;yj7 zHi{`rk~gkGwrnUJaC8M}1&cFe`!L8poVYTqQ_%JZc1;72tj(|wyV-~JdZmYml16@( zl&5QCliJjUX|COXwX^-B-RPEfox8KVc4;H3VgEWui3A#iuG!l#y7ee`^;P8O0-12e z`=GO7^g8Os`H-I$DQva^vrCzNW;WB+CG>0}hGV2g3nBZ5C#}{P_eo}-*y>yDi>-?R z0H)Dbmf80!m(bD3(BfZ3XT+g30)SzOx_Y5(QaRGsAiDKt44?*)b>k94?cFFpmBbCYn6S(vz~bcN)*lV@&Ly>6+{x;~Y58IN85` z_RkN1J!<=h<9wrpavcTJDnb@ca_&rE)8hcuT2d-D3)a*479i=EttSrW5x1V+{nmn4 z>`vz7uIUw4dmP)+7;^a>XII0%W$i;o#K-_ObFo)l=ui`-Yw#WRDelNg=*#YP1JB(& zpMTxI1h^YTa2&=iogli|929r|x})Q2fc%)9CG{iNU}7s$xI(I!_KU3=X}hXXE+EOI<1m9|l+EsX`#JTZ(E30@ zML0w^%yDIR-@9Lf_$Li@Ks^Hv+G%oepM9xYXOB)2iNQu^gP7+s>?87Gi3ptxOB)4I z=VA$)A-zOuZn<)N1=>|vpnc!0qMi#%9Z$9KTPS%5WO@#$@-dX+{2ZS$@|o8x?{UjT zpSg#z+N|uN>y2}28YCU#Ja>%3(p>(MF|x)$F(f5z5JlwI0=ZO^u~KE^qN9(-nGj;V zw@d3iFC-1Nj+5v(4*0V#_JH7+1X<2F^O4l7XHwFp7C^2qU_cA8pc#3%1I8GjDJ6Ho zRPKP`G_pErsae!b%dvgH=w4l*{l8j6G|mnCkj6gXv>2V7pb$Dqr}8iYOi`-@r8&3e zKGogVq~H3vDm_%6>5wn(5{KXorL2+mVn&@;N!fwJF^t0Q^Ut}I7FRCKlamxQ-_LzU zRZsNju~RSW<+m^CPu^V6=r9721Ib0%n1Rv8nMta(9E{7*OLKL;_W#;##+eu8qBX`i zjb7M4qII019(s9ig0c0t&!Kn*)FdUhtvKj8t@?^H&ZGBiP zc__yiMzV8}Rc6FSk@;C(R>VAj61hamp|+kY>TT`RI7&*W0HheQC$dKI#5ey*UB=s_ zRfrH-;^dNvy!h6|yOWL?Z4ZI|jfh3$%Dd{LgnV|i+pjkmvdzm@Wo*&N; z!q1-kT%2W`y_X3i-agLoD&u_PN9sgU2`7c0eaptsl}GKRf}t+0jC$+Y9?p)hr$tru zXeqv)OF673vW?PI&^GIN7d*Rt-Zo;BXBeoG$210V{GI2CS~xRBbQY1e1sKY3-UTd8 z#1s)AAfPNAQ#v$b^6YM8g!Pw@6IPeeQqQI#uk-xWwIeOX{@&1NlwO(8+4>E1=Iu8-$md+GF{_!v8e6SK%Zcw%<*l~K zTNm5+VA7aI#wPX7b422vn|4l(Aco@zP5>WBtz~K{q@3avMX2-Qh5Y(d~FpzzWy zf|%5VA&}!~^~YI&OtIb}wKd#6w2jO&lIE1<^7_{Xy_^uv2; ztE5S@{y=Z18ZZIbZt^`1IqKEXvN_({%Z-n-&#Mu^fJrxDjssiIAiV64Pv9Dx@q=Cb zLgehu-2vL(_Pwt|WBvU)H5pSEfTJMizYk?N09xB>z*#|IA8jlWFluutK+ePW`S8P@ z#(Ew2%?8k)@HxYensNd^q~U?g#CX=vAM@b{Yzw4;;4NE!+vK~Ps)yVqy%0r}^J?x_ z(}Rur?T?geZ$*ZSATskf%tNgLA`UR9URcCgg`D5yZ%M3c%+>??vUvni00Rgeqm2yc zGXq85QXtwZAqVe$zg=_w@h0Wx>08>_{H$F%&)tmAkCjKZ+lAiE z6naUFb3~_p3?E%2cQ~etB=~lM6lp$t7}qW85iy4K8o4*>kLlw&INN^c)WV+b~tEmXm^@4pk1zA zoEGUZir%+QnvHcFSF`BiOVCcJnDnDb8OTynq^*!TuHL(|Oq8(QGd|5P@I{TJHUE+} z3d7ghB^S{yIZbmo0n=83s&0Vqx$C%g(_7muYrTke^lklFJ1lsbr(G)j)zsUC(N8;O zhOV`z>F_@EGc$l{BJh(z41_;3o>CxkiV6dndYv7ZvXK7B@zE z7P@1~rn-%9xpQD&$5_gP?XY9J?)K$U+p%}4*`#lUZ}*ah_P3wHX@=fqk$(xkO{0cT zN^nx+3#7J2rHG(^nqoKS=xj-OhwDHm*XfDbRz3FiOZwq4Y7ZWxb{a+%J2#!4%%J?n z@8-b5=o2Jeo$*7!-h|&%i59UGlXgZ~$~Sv$=Xd0!Ik3%2g5DIwDV2tdw(}@_lRz*@ zYO;`sR3aoZDU4lHK2Pcr>Mgu8s0(d#+)>a&&>NkRAihW2`*TCMtAF6w>-~WkxBhC& z7v!4(?R$EVNL^Ae-q4@*6}8AVlk>Uh%G*i1?11t?5072#)k*ZC0T9~B)WwR1F?XzW zVAwCwJ69f59Wo#X9X-qRT|6I&+A|>og48#wh#GjimjR57_n}`P-xm{ro5XZ%#19i&f6vK@bZO9eB`+Ik+~*hSf_l>UE6o` z%9cek$=En2sp%6Rr`4*m(JoC8HFs=MJ#R<#BFkr}^!f)rphE@o)C_z_=Wq)CIW_zy zNpS^U1OOlUsL6ez^*p)n?I(}A^ULw0$usr=u%oR@VW2>b2dZ>mZ8Lg`$+PSGkcr-( zN*cxvK(D#j3R00j=_#eqqqm;#)vlfW%VYmC(05Z7Nv~?gS**sX=(eWs2JL)g{W6g+ zsmPZwYiR%3%g(=q__(&7q~JF`D(2qXve-?UOtJ>Bo+C@~eRp>NqZ9aph_ag959o={ ze}I}iYw+Dgy?nGy{~HmC8MO!Xflq!y_fzNU|Ja+a6R%&Bze7RE06Y+x`IIwOsG8sPIH=&XT=!uuO`Z=o}jTYmH-=!|-9QRpnc06Lqu^M-cm zWV3*8cigF+pQv%fwY5t(I$KJ?)P?*BBFC77>4OIHPX+v#kwyI>BAFtLZ7ZD_AlAm4 z0idjoh_uIvNc+_8kP7+i@&@+LG)vJ)H2#myP$Qh^k=a$}kn+ww7?unlL8EJQMl>pq zt~oa|vZx7qi~by8)1ON{$P!Eq;h1c{K$=|AjWXs?5e`N8d}*v#7hW9IMa~(Y>6Jw_ z%G*`00vu6!9j&_DF`&0+lQkhyuyMCE;N#kAJLwCnb@Iv~)pBPtS(?e`DUD_#=^kH3 zWoFYL)mea&2c11S`9t(wBAG(yL_VC-rVCpw-Pv*Mc7XQMvA2?uUB0n<=+Eedev%9j z0llPKumbyDcYg)-qW8G_(+2Bhr8taUvT$yOi1gmTQIcQCzUOgwU76M7$c!#rSS6!W z6B%B1>VqR^^}b`T=pLd_zb#{bv}iZL&OFXN&*&hSWb*@T+R>vEHb0_bLqt2` zzSSnd3K8yS^T_y3?g||3$_79ZB#Jj9jS>v)SBNwoWFN?|V`XaGJ}eN7!9EPsvJXBY zwK&tz4YL|3|3k!SW(t4=+P&-c?}m16|E%3X)hw}ptY>x}Y3`?qoQD{uttY#OnT;%2p1q zAtC;2q!F4K!yDh{*VF`$3BY_@to=A4oCn{>V&kDs1_cu|;|^#=EiP!5eEm@(w9Fyp z(%y0T-N3^?zd(+840$CyBgA27-cA#2Ze!S}We)Kr99ZjIWQ^$Tu(Xs5OQd--1=dfo zJ!kN-ad`A|`-$E19h)0hFh8F1%~efKld=a?WCX>RDHG<;xEV*7fkh1A$H$Wyt0`SU z6!$dpQ$|P;(B8esg_IN|Hb0vp&x~3~Xm}me!=TzoiPBG)vrCQevyPL6@y59ZGRMY= zmpH=^r?zB<;-uCPMwJyVmC1y$@Z&Wm^aLaei*R;mNiMr4Oboqfmot0+XIsBpEh^8( z$+iiCa*}aQC&p=e$L-n1X=$}qabksWklHw{Ue&$4>~iGCm>=L05+rKE_Fac;8nC9^0N2pbjT|kYI zJs2D8^2_4z4f^#F4FfXyN~Rm&LD;K_v;MPUOdAmmC;$QMUw zb~)!iWQfyO_?!J~g=xcBUo6VN)R>!I5J80ZS4cCoL=Ne7Pz@de*bI6b)ImeJgw4$1 zWC&y1ho6bB;tc7~b8i3b(6KLj8NYg8-f!-Y*Z(n+;eAtdR^}NeGIZNGaSAPw7u!SP zqEK=HPDY_l0=1L|dUj=TQ8OHxiS>-)Id$s^GKDf8)KCCu5MR&hbMwY$d};G{w=R=4 z81%v@-7M|3(R%~6@gpZNuC9ZGpCT-Jnp6T2jKkAK($j)_~7%SwuNkX25IeZg) zb$zmT`pL$^`eP7t@*2ZRT9_IE(;(uY>m{NOZj=)yv&Oo)q*1eBnDj;HJk%;9z0_qC z!wAOSdFp&+a9K~PRbETJJ_R4mpg;hZ23a=?G8uy$hDpB}m)-nG39#Hr`<0O};p^VSH>`hv?SR zHp2dQUt8bx#_v5Bx{k|1x9{vNOilU-`ry2A&!In~vqXR1TF{O&KbS&IJNO}WbIwJn z^mT$fL&?9!4@kdg45c659O0taMj9LA2bTuahII3=yuoez*8~C6wulXCE?OjS!;u>8 zZKP((!k8x7BOu_YO}Yl3Z3ICj`&H9SM7`-+w7WKcQ*i8m{$M-gUe2mxH0#aP{&rVG z@><{aUq_?Rryu0x8hkr}{xSm^FPaUr(19~r!nek=7U^mRQD(#m;XgX~wNE!Y!3t^JR6J&H=pCvq&8uaIo1# z*@C!;P$z-xeeOI7lMXQ&KpxY1gm!7x4iJ+$N^jZD5U?l**Vz1jE{Ljm^=6EkU> z)C>l--`7c`7+}GeISp6`dSER~w!*LN-PE-togttxevrx$nFqs42jR*`uk1$XFO~7Dw73q zp0-(Ff^m^duD=W-gQ=tA`WwD=f1WHL)eicW({~B=P6eeKA4wH$O&;^}}=>wEy9E>7rD>kMZMvS{0R>*-!b+VXO$kY}ZZi{5%-M4CnKaPo}LC1knTCz3FpCnvFgchet{ZLP@iarW1SYxOTJ)5q#6 z=Mm{ET~r!C5;sSLiRlt%o3Q#@hz6+4y@fD?HUQAtI4cjb?}hW4?HbT9k=mY&<5)mUd4`KYnD-?teu;h3Bj9@X^`YZ0QW6W8Uny0G-m7X$9QQqoj4TSZrXU? z`{jMg4DP0vCk1hiuT!I#eK0-b*89MH5v0AX%Y>g)#^^68>|ZMBZWqUBhd#fx9g}BH zwtuuEs`JmQh-mQnufKUxZF>n90>l0{lI9ik)$ zPOG}moUWd{qEl!3)WJH=nnTW0dR%92U7)-SBB?765-F57qnVC=BKOD!v}Ikc(HW8S z8`QH8lUcyd(P$>=s;R*`lZ*pC44q9vXUO3&eK|Tq{`oO3-#eYz+Sxwf$brt1<8-zF zNZROSoqMUr??#WTE%dTVdbxp%)S2b3Hbn*%)00EAOT#|&p6xEtj)=qwqcfi9QUPx{ z18gwn^f2o3^wt|_%;X(kVIrtpL|V^=i+s$%&anzVCXr4&8lBcvBI75Zg;k!NcscnR zZ|}aj5m=9|w_EoYZ)}p^+H8=91i|r)|1G){z$zV4= z|J(vzo1Oc?qH;~&T_HX7ICWy@iJTPKx;RvM1~v+uYO8=jSFsm_oxQ;3fA6nr^ny;9 z!oJTFvEB>4Y;c#lkzQ6-JbGy*YG&FD7s%=*=(mTGGN;xkZ!ihCn(?jVv}nfzHTq&D z<7X|y)OYOR{O=mI=tY>o#5wcB+ThY}PfSoxj`{g)e!T47Xy=*9dAn;nIS)@HXCXfW zq%lQO2|C+AcT!2nJC2T?WlRUrJd=I2CQ}M$YxfA zT`iY(o<3o;l8}=&W^aXEJ#+qUcQhws-KcN)$J+7V^%|=;ynmZt-MX;v%Q&gVS(k-{ z_`b8dcD}oeKb$2o13n=SlR%e*N#Q*^TT4oD((5E?+55@P73^e21mlvpM;REDtAF_M6 z(Ym*PX4BxDW<6Lyz8JJScdT=7J?(k+Wng*JIoxmdkG;INpb6$ql)Bl-4CEPxUX6a% zIlpITD2I{;=!w6WUB;f9;4}N}-}>dpF&yEH@%>9Wu4Yj}rxJ(ewHexhiNnT_&UmCV zftt>6adDgIbSP7P5dNmOu|sx&v`d(Ii%mgEG6R`gKzkr7kI~HzU)}=A$kwo`cB#9* zxYi#GigJ_$$9RVxo67%|PRoY})wb9eA)z!~8|pp%;5{XVa5cnV3TTBCQ_2!!HG<;H zP|t=~w(*%zweL|J7yk8r4WhVz=i3)``uwDpXd8xmJlf*({1-*J+#qVpAyRSBc*QX9 zX^_`G?8b@F#Ksw-uY@w-g>Z4O1h|0V*qfQ ?HC3tQLS9%J+MCSYT8ikl1nvcLaJ zy_h}E^wtw3yjxGB51#MP3O3F~kXoBsOpFs*%TAwLbEJV#4>A)IrYpXUB~=Lkc)MK`Z%Zc+NoCk z?z13^Nwek(Z8A=ujq~!f{^r{kboLUdNf>A3hH>6ZFGlBg|1yW3DMprVZagv0XGwEe zUZd*6jC23Pj5A#gjB}N7zKT-%d(T40<1nB}NgL-XJciHQoFPGe7{#pOnID;rRL1bu< zpRbJ*`C;QU6udbJO!4#NwK?eR0vwmu@%8i+6$1?zx(1{qhS9`&ZX4jO7R~;~`nYd5 zeV8$!V2{MP;x`3}7G{93 zeK1)OF<6%NCyZ(mh4;>+yVk;YW>I|ANLgdTH(Z2p!uPyWvW-ViUSyae%J&UJXU)H7l z=sNTG!Tk|OtPlC!*)yj92|rx!#t4oRJ7Uk^)AmUlsY6zCskPc;&M#KkmdQcjZU6DxW8Jz{_zx5M20lq zc}CA3ZP$N#X++BaSG+nO9z|FuW;_dU`!Zv^Da#4))An`nD2@<6c$*76hVuswW~qF0 zf=K*PB3s6(rDe}Cxwy6Et=i#W!&!Fr#SsctZ*Ld>w0nS)sYI~)h%hTAW5S-M46Tsj z>;Gf!y@TUE(>u?nGjh%ZL68K%C@PYoBr1*4L}`M(Ue9=Iy)Jw0ajx3BtGc>B?y7d{ z>gu-k{<-z~%4ve_b=b8hk0wZ?Fd`|DVou08=iKOSboYI}@2?w)00n7geQuH48A{~8{3aKt(++nf-DJy)habg0& zTTz=DSEX^xmmL>mzCz7Mwnb?v!BTVHd>Xgi%gF|vG4x!wDSdF`?(`!+uToBr;DtN4 zhT+?r*4mHLHXoi5UGjNv6uLkMTIn$^4HF;g+@U!oe<_o_N^jpi`|On$D0j6;BnO#4Oq=G$%b>>0tKL!V5}3U|L)kN#>|Klc~5xdNS%1VG^gn42Y|o(SVK z+1Ji#ysP;2DK`yLYpC)(n>6^^b1X6K{ zt6nBVmXENB;UhV9#Ygfn%5CUNauESMAEW+D%R%(oiyAzvOI{7K36;O{mxcJW@myY8C2E4^Ksx=IZdg}vy}ZK zP|BzBUs-qx7eFMGTR<>Fy_Hg?cW*&IJ(1h&RqVwJT~SwtIy#Nx^t<1+aN=<*tT|&< zg)?^Y2)&Q6BgopClTq)huFXBuUuxVfBx@H5aE`|>&do3pD|`|K~jdfU1Qnu|+s z@@(zJ(J*wTQicgGKvMYF3TbB$CKxxhIQzllq;DCwN(Q1Une1)vF2rQOaM$nUuMj`Y zkI@Gi+UPy+x9=0th)VT%R0kqBJWgUkjDVq4GLm&vzUOPF$u!3>?KWFWHAW-%-5-y&rJrQ=L&WZ?AnW`}y_% zom|eWdF#@3IU>6}$b8E1RiLzc$zWo|3hI}=8&!bjI0+F1afn?qWVSxZ2Y$!%paUO) zUCH@bdS3S0Uw!Si_0R(;j$Gm$X7g4jpLfFH9o*A$K}(5}N!?HNn4wEa`w?rbI`n`Y zJo%J8{cxTAufN3Q(P9^Vx%cg_=wbE8@Ja%IySrg<`(S_YfqH9(B~SDceQuQVY)WSi zcd6noZY0jZ8E^sQ>v&+}@&hUW$Kip%U+xB7AV-omBEpBxja$e0aO%q*4#=M1eBjqP z$Nh7w`6vI9p~5x&7XmI$9DoPsM-hC)-~91PiPC0+5X;H&7HjLEhu+~6cIKB3+Vhah z0x$>{l2w_Wv`gQZvRA*`W#=ee?cfL8?|y;jjLh|zP(LzL#`f|)pP|$Y{z5!Q+5X{7 z5Dd$5@YI@}p5}RC1^xR-ugrArvJ1S6&qOH-mWEs5SNWS{FX(4)`R<#4Mqhjc5BiGA zKJ<#P@^*eLL)}a6f+71EAusd2fDZ;-^s5d^Kum%)`_gTyZYbk4UrnNTS1W3$>$JEYbp$B8tU$4gyfZM2!h`V;aR6Nb-3D!zz@C6nbqdy)0HsfIiYu)M2SQ67shwOjsDIcP<*-J%S&wof zukCHx|EA6F_6OGN=44+8bsf;6Th@7?mPkG#+qKSV)~Sd+DNto-2rg`l|9}&)PT|0o zK@h`eU6B9Y3I2I6W)EF-|hj3&)DkV8j$&;wR zn!_(;tx|g}vCnV!)std8U1`<%WGAwx#2is5WF01QD`A*rx6b4=rFMt_;IuEj%WFG& z*^K|)VnBSEU1w4ebl_p0NI7qvlnG;3)U(B5KZ|k(o(by9- zJa=5D6eZEc;atoK@Q@@5G|4z0;|fv}jH7=4&v}1>zaoDU$d?o))RH)%^6?fo7ZX7W z{+D9Va9Z+(QWEs2IM5KZ11Kur9c0=fv;(Z=bPEQkdkt>$a+4@$MF%1L3ut!yz(H!o z?x(Ri?=MerI1=wT)NBI1Cx5`#M&{%bl8ZmTm!73LkRPl!to7!wULu|1q;9T~!RqP> zV>EivXd7o<7uZ_s)|VF?MjQ;*P;yA{ z3|S-n4eYkyDI*BD!Hhx5c}2ntl=nfF3!Vfu1PUvytO{r#7AU+RWPtdQX*ZK#ENm&ch@c7R!<6Y_G8F`%|dTeD5BUXHb zp*WAjQ+$--60JB@Z%;G?>}Ui0K0ZN7N@^2hsH>EWhXFm4KcK+j;cir{p+-?v!b37y zY$+mA3dooc9>##@GW}y5T?fm+L$w{)7qrF@Ft~v;X@>qD>8Pcv!JozvdDdKX_qf~= z#=#Gb5yssj3e52X(>wam8a+CTuz%t4ZaM?kqBYSBSag|DzyrnM%KNF2weXNczj^W+ zJh1n)3{5$R*LIryCJUGB&)NSopL7Nz^AIc(qONE`X_3|COamuECz6bdWd?x*Wr91trPRP`6^-a|pj83;9xfVE^eoHA!LsM%VSDhgz19Fd$KV5* z=5qGMr8mV7`RZda3qOomd~(qG=~cEPKgh6WoplXm~D_UYvOwj17wuAqQ5KJxG%Vx4hp2(FPb@_K!p>rdgmtel5#oSfJG z6nVWij`eVm-1N%Ojrya-aCR<(|3HLj^l~!5>#D4&CS`@=F}pIGBEtpT%h|vMP<#P- zrm~0FUGqf6MtxNr)KgZR++&Z|hpf2~c{WUc%gC6GBF_W@C(+;!A2Y@ zj4aPdde}}-x@H#dg)TQeB4MrKC#oU@L)e|vpg&w0xA52ky>%$}J*?n>T%MQxytlLL zJjz;j<4TG)j9bLvtIL=TD_@IP0>GTb_qR(JdYt`SLqR@aYc;VU(C3{t>Y@z$59X88wVf3Pb->_Y^_b>iZx#) z^JyH>k(3Xf)j0GfBC^4iZqOL{XU zy_uCS{C-)E4wSS{hhF$ry^iuJCA+5@ha!>kw}uC;gA9gtO45XLnknIU+;S_b9N#K0 zRxu@_Q1Rd@8MP}j)97k40im;n1$sJW=&We9*3sF){m|JUrPRaYHi2#zpKH7}lI0@> z-{j?zb&cHwSz(-VY_421k5B-Hn=e*Fd6yz9OqaU(#_6TE-FzCM`Gqql=P3b{s>KmbN&Du) zUV6N#L?H5#tp8vRSrU}5Z^ovtCv#1eETZUl1(606T}@f^VtP3pslE-PQ*9QR@>PJ_^=j(ECJ~Q8io+)6Of={3#dHUuUTb+YGP;wj}H6+Jv#kIsdeO7 zTv_+BC-}WC9%B593hxk^=u@9{=KxSJ>XeN9=(|>Z}f4 zm_q+)KG}}(S?nzF5&AEXJ7)QbAzQ|N8{U?WJbTdb1UPX$i-VP1MiD%ml!Q4^G9p7s{>}mA1kMpZcpe(&PP;C~K`qefsF`?uxc+a66 zKBXpw_tp6f-rYK-F9rC`FHhfPCJ{dM?b<)te&Rj&H1nP}S`u4lt1SP4KUb;=eDX*5 z(*?S-%i&qko62e@Gv`g6W0GX~1n7m62OgHjCv9XKJgAz6;1Y%obxuu@39!nz;0KKJ zt5lopdC4@^nIX80e8DFIElR!wC}E9ChCUKAGT>f!<4JBrBz>L?_9UDXFKgIK_(OGp;UxE zQ3jNgpIW3YHh@bwLuVB$E`wii>D~YrL4Mr&j zC%}+0b=>(6`LBy~W&OJSW%*BmSNY1K8ifA_$<&*s$INzmGec*tRBl@bqQ~`KywFS-Mts`PTWo=jrzudeb*NOwZf;lD{A&e=l#U zm#90Z2IwJQyVuHV7VSX3vecH)JMw4YtH>{>Vo`;)>@%yz?-V0Lo8(m{;zEo1gIb@1 z2PKVZ=FNL#wUrfFP16xO*h1DGFp=EQYi)0CZJwTxpLB&xq8Pd$7%Zl2YlD^5mD!;x zE|Ab`ee_kEr^m7L6=3(I0`%t=KS(l(Uc?J4QTD?n4GIq12U*1aV$u(^El3s= z!NYyvoq*JlSsSNvgkzVC;*y=EvUveYjH;)T-drVXFG`fH{Da!>Vl>ZIXrU2;FZ1J- z_E=qx)iqb!{w|6u2Ix5`e}VhswhR0{I6EHjezoPRhorRdKtH$?{Fkb001pdx5InTa zfrn@Y4^$&5sVH}NsG{%t3KgZIWDh3@_DoaKI$cK}uIjtTg&0>%Nz|4`@JIREDENyq z*5N`#z`p$8QFQImnPk4`T1(|UC+GFQ*2*~O)Y)eeMA%{KqZh{}ba>GB4iCsC@SqZk z;@d1C3Lbi8Wx-asc<=H7_*Jho_E-d8RdETyQM961p(VlD_G!07IjgoPiHNoWXNAw9h+JV3Ki@RM+OU|uKZd6q-`#;5&k-}@BcPZsQleaZE)<4b6B zktsWVV&^w>Q>*m7l_^pem#S^4y3s1BEBWZ&TSTR=+FN7+#W2|Oid(Ftw%HzN4$x4Z zs3(NSI2Ra-GC>|^5VG?;|G&K>;m!Wyl$D5)9y%X6V0)wD zp*}0+1hu)tqYQ2s1G@|UfD-s8V)XubJIem-y}#2gGh=kA1Cs?If|7$RR&})5?yslJ z2_?*~kfu1Pj4OGHp*k6r5gZ!D^(U<9k;C@8FYU7y|FB*E;eWHYE>7EbI(#&j<+G9( zTL^xqRqX2bZhx#3C9HI9Z=Fr_xA0r-?2=t3?bEFjIqT-t=N)`_x01JYrMrA)0k>U1x?~z}rVh#fEjN zuN-Nk-a3E6I@_%E?D{%`Zk-|4Nnb418FlMyBC@R5o&ui1DC-2Cvs$Nfnr7)5IDoel z5p63(aYk{D&E+&%rN*7qxX~TPeZ>8VK=_vg?@=yWW6>&GtUX{=#UXpF{)R>SR;lsp zHD=5!IYfq8lTkk08mU8kjR>VlcR{L05IscXTsTarM@smVlwjcCM9#r*I{xBAcKYc? zJ6twu%cGRsgaSSDX;;+#bN-O1pBGW}gaG5P)p|+WCQ!jY1E0vD#rh<3KhkRhJe|DG zz_Yv{fK%zZ#rlCKPQBH1Iep{~V;Is4r#Wp6L?>U(z!R~OfhQ$*aCnrlzT#pc_o(@v zQ(j~zUV7M0KhIcbQJ}Y_=eXbDkKA+oUjT}6mIr**yW8*dn|1HdI zp=*pL=cI7_$8)ew9KVx|B6uegWL#c-jfShOb{jr=`_U@Lo?m*z%J&?whnrJY$4TId@GyeI z(J0xlzs8m{j{Zh&+~DSM74?~Mu|>PG$T;)^w#phj*XRsAAv!B5#eke;573!2dK^sG zX-&Fn4gNwZyUp%5tHf## z);4VmL^csG!1FmU;0Re(NH}HP+(oX|_aP?s*35-n1cSBgxK-Cz*%SM@fFHYVfBC0Z zK43m3${av8!;v5XYJaDw?Vej%Z1;cS5j*{4t+f=6*fa+yU5sasXAZo45nX3tn+1k` zcI5>#0G19)5_!2Ysgfr}wp3qZVM=-&AvFKK59-9Vs2Aak6(& zmel3$_zZoD_S<}Zi`DNB+jFPR)4yceraGyoPoyGuC_*~m6K`zfhwO@W|G!5S@HWC? znc#*97rsFvyK{2o1c6^#YVGvr&)9RoaK}HjlimOUl9KCzwiE z$y&fFC5(nI|Ins8?%4I8p0LNxRM_vnffOaT{HHR%a1acN$Rtp8 z*n0R|8^>j*#uXJ=(hQ{cbanm#F<4W!tM?Zy8mFvL{VcY^i zFGWN^Yrg53v9RLrK~;1151sVX;6iLG-+Fx) zJyMe>7CxMOaj4{b{mK3=19z{78e`CZuGb$2TiMCVhz(KcLVYE4DOP%<-X8n>llJVB z^g}HivO)A$kY`90=(#TH8oSz$16M0ZER%ut{;QOcqRcjQcIK%v`<+ii^BFoD-Lt%M>+6&CA~w6i!*$Ld~+yY;~fTNU)qcN=eEi!ytQQIr}i(Wi`J7Ov&j6E)}3px zj;?Y$o|m%69C?v#u`>ef-9%amT`mri{R?OMi?dHpzgB392?A>IA zE!MYKDRl76o@?mAxLrV22ZGX9^e{r+pQPkg{?M|$KTF`^G-n)O73AVEubduPlohH? zJ7uIBxZOE9^|euuZfN*jN7S3MHy2BL#1y96WRx zfxUvPwql%iS}S}n@XApOQi-PoZ*-9_%ttQKkiC!~xraXesGT}fVoiC2){CIfJ^VVp zd4_P8(SIK9v^3$&!>dE6*2}+D;1H#pX&hO*)KF)+qjPqQa)r}W8JP%@8PmMqKK`#B zw`U&7x0ZqddL%I)LzB8hLH{i;HrYbq5vyogwUL;gt)9VK0=UX9n0cZ zo!=$T@=ELJf1GDEsWBVFq1A_M6+Ee|>DHztx&UZKtS-wLl$oyx`wbkuc=|jrTeNR> zZ!;gf?(9z~K<_V4+x<(lE_emW_)#D3Le^PJS)>ux*~>bIx2$vbPu|5RGjlt9v3OR( zE6bDKW*qPGB}qW*3Vnf>ms)HdxKy^p?c?CVA6T+)fd>kIY{3Ki5d13OVuj1$Mo`zGWS#-h#YU5h2Ig$cmzjV+B2GipTi9E_<``#ap^tzrGFTg7>m|0x)u| zCOHbeC#}c96J5Cx@A|M_@RNcC+{Fh$f%*AGws&uc-i&5lID!=v5Q-o#;LDnF`nHfg z){icdUG7w^Bq@Kxg%wubbjlum>X3c;sY(kEUA7B9_@=#febIhQz-1h{ERmLFV>h+7 zC|qQ5konn@jlzd}OCNQ1gFdI8R*jE5XHP$rV_!HhYONPq?Z15es$K6xhjIo|k54y= z8?478hZ!$A%PSL|<-iZ4*6-lrb3MOO^g`aWFgN4R_(k*c&&dhtDE*juq_;nQ(Aq?3 z{9Rola9VU0ZLx)7dXu#*LucpVv8a8wXPwTJouadz>pjFplKRI*p|hpTxSB)D_6hNA zX!~(@)0x(##bxM>3(QLBtcX6eWCm=eGq-+k7s{YdbMYqM%G$35=*%Xw`*K%aCs ztFK&u%D<6^KTC97h>f#0pX7A*rDuMKmzx)WI(W+eVimTuuik1Vm+WJ8S2-)j@e7cp z6Y}&&-M(5o)vRF8sJ)LanwHN(#zB_vGVsW!*LpgdveE;!cJk%Z_Q<2Tb}-U!E68iP zHa6)8w_f2~&qA+Y^G4KL?a(o+=N$2Hb=(H9?OtcT8TyH)@z042^m);Q`{g@>?$N1mJM>Eb-Qw)ao^qhi<6&xBn4eNKQ#U5mm2n1 z?dXC%S9gswQQWQ*C>ahDq$NGRuf`s2<{}Pyz92jd5eQod{sQITk8uQ&Is9!M*H~+h zHW8RXRgQ~-C%yo;RCvzuG;~czHcD~la9+Vr!)KiQ)Hzsm=51^9W`qOaEj&1!xOctZ zWznO@f0UQ#K?Ii0t+m3c2kby&nVqTcwbt{U_UB)_;WFk{WWOkLksIMScMin4qXMYt z=78!=taFrX*PP;N0!>falh3x;ub(cpRQJ2~-Vev^2RE1PP3Ro6SmNU6_j2%5iSiBb z)Ma4?o`TQM{^B7H&^#&g|N3*Yyx_g{QSq>=H6q_o%DejL#t-Sly5nmze8l)DEu#I^ z#4L;x!)3s2BlJ9hs$N(aYIFTWoki^RTNQSKoA84VpR`J98Xh2Oek5IFfuaW6TT7JU zSi22O4cO)GS-XMLd5MV4VwgF!HlLcs-+i{-aq%DG4R=7(O((`_m|IRo-l#NF7M$Mu z9P$CMN;Fy%SnVTB6v+r@EdpOSy9e&WBCF?2JV>XB*R3&=?l!Wl7=52~v z^lj~v)V<`wD_v|wL_#;6sIbcNax$(;?O;=-9V64BnA*+p=g(Npo_+Q(u7X}9MF;8D zV;D0oEtCkXL>!n^7uo~QKW>$KaO}c3OL(#)`?x^E*|Bi7!!CFA*v%1Yuj=!%o*i=u zt3-5AA|S+#bS2pg4IG>jF!w+o&LEur65yMohCT!^-A6Tth##ho7tl05v(EY^*2%?~ z*4fB9apo*s>9FC>Zo7%F?OP3#AwdLUZ3Zr-F`^$v zCjwScPY;umj}sZ&V3i!`68SZDaDR>+%8!yw#9CFC3mE#?S2AA0I$7I^Dw>eukip3H z<5^158z=71w*(H1I`A;tH)adNBQ~>0>Ue-iS28?iCn>SQI+vSS=dp)b=U&#y0dig` zxgNdvlJoTYVVyW-C+OL=iUH+n!tM$cfcn zoQCeh4xYax)2wsK)f-L_u|GXgZa))o$a&nfr$P1Ryj0MVMk7%wwk?U_h1~kCZQz_wvWh`+`(4sAL+Hry$g1W z3%PiDiVH7l3-@xdQd?y$j4P{cv|8j+qM+8A8p76`yNogJw-wBM5xzgHuxcIGMy^lR+6?>a)54f13)^jL2 zVI$DX^d@%JXcm_$C;;gUlZ^& zoA8m%QM}h0foD$t9qSwFwoAQ>b{lxcfTs?hoxPM)sIIcZk3Z%vR_ee*vVfj89MqaN zz>}ppc>3I_UJj2ktEw-uM?di-QAmgFAsnU4M8xMdQr5DJQcV}ztm6(f>L-@0pT^*E zu7yhWlvwk9M5q@_PL$f=W0iIY*_+D&D*o}Os1-kKkC5fk3!Qaz5S>V5vgE|%*f8`t zZu5;nYq|fFJx@?YsMl{}WSe^YM}83eH$Dbk6QMIXMHGs!82XT0s>s9gfTC5DVS-+f-oU{ZLAQi3gcM6I%nHBqYIu4@?~`>Ry-F#I z_zZaH&$Az)H;i{It+uhnS}0*OLBw?!y53($)M@W+>l^5{%l%PnoruvFsLv(_ z87KT@$L(*iX2wl{zfj5EwQ;?JYHTa~5e2Gj&j67(WDGAZp{JlTe|fbXdE#-apkeu5 zBF3i|;Rn$f@VpM*7svwegNO1u$(IT%BT`d%ID)J>M5I$VL=NO9pC;OQ#2!Ij_l{44 z2jm&$8(eJ*9Oe;~y5*83gkE3;?&TR!{7kfu_rBl)&(WhVv4q2WA&7DdI2j=G>@S-EA{O|dmsTVDCC+?HH1Zx=C?#5U zk2N1#x@*25^99{}Gt4(+BV+I&8LD%X6>05G+hJgF^vn}hwy(wNF#3H(_13&6U3 zC4V=~fP;3S|F|_on(c`fW48Y|QNaEp%R^oqp)P(2(Vg6hSe#5HMRn5M2Rv|TJ2ql( zpBuOP_eQMwq0{yvJ;QQ({Wvz)`9bB4#zv(#>07|TCIvp$5^6pGnCo(kLlbf=y26F; z1X)Oh`|R)&XRKgPv(>_T{*roYsSn!0yewRl6)m|dj0r$QvNL`GxVCkhwG?r|_2d&c z9FIBroTavVaGBB^W6)860DLq^ZTlN;og9$R``-ShC{3yTXr0q!gq)p~wYj9~Yy+WjXq@I3`rM5qJ z+&Qk!lT|ar0d_U0($zY5Zy1-4%-Uug!p@aUbK^oPWxGD#Va=C6W8;hqlKFKc$D8i} z^MQO@BvTqS?f6juRdlBu9AV&IT3csF57$^OJxAv+h3y8xMgg53ovs9)%GgPc+vw1U zy$Ro*sLitjk3McMH5{?L9+hsVcD}PC$-aeeM`#l6_!b?I3Y1vo-coBqz7%sY5ssDG ziATuDE2=i5>P6x+F>8DfXDsridj$D{yq=<`K$58YC3+E$PDHFRXFu}nDJ$4_#2Sb= z4Ph_0)X@hv54}n0o;b9JILA|n<1ImHLFlZ7`O1mX&mkbiN6#Xs z?C^0e5bO5aFV`*DB-J1y71?Oks(lJs^}t6^Ic=U{1co5?t91{s-yQs9a)Q8=Ia3u+MoKt zEKgCr0H@ijx8dF39((lJC$0X-oEuT$?_Xk&uO2|YtCoG3d z?CN8O2}A?DL+v)#-)BR}Nb#SuMKT<#bB10iQgP!;<79^9*x(X2d|^GhC~9SU$z%o| zI{ixD2FYj-hA8(w!I`Ri1p8o-K63O5o}EMgfwyqI-OoD9T8`O%?1)HNqqS70ZC?(a zKhD!Df-RR|M$eoS^isiDwB>k(6-CO)iZ8VXPgmK&!fGl*Fz3s0+dney(dW=4^htjq zh>SSRM-)CuKESisYK|V}{0B`B zb=YiwuMN^OY6f^_WuM?ED8b?UA)Ax)k(=-Agx$w{2Q*(JrAyc5lb#`qNb`|7*4{Z| zlM6f_o>0mC2-zGd^pVO2`jH8;BeQdO`e^-qp8~)*ljajCUL(9$V0R6+vrhUBQT1c% zI^Bb|`663Ev>hVIAqQJlFxmX_*5G>K;V7@!hdp?l3;ZzW{6wiebeatRf+~wQVuO7) zVF!qOAM#_H3{6|N_z!)U2#nd_z>vLpw!!YJAhP}OC+(As^HvO8=D4s2ZJXiJK{n&! zq8m4$ap&m0M}XWx#)WnoH$Vm@@SKO{lh}(X*TZzurf27&Q=c`4_u9kHKW$Yf$Q(hw zEW>XBde(N2%+aHoY{5n38|x?};8gIeLa(mDlgM?!Gs{N~K04&^T19TG%oCwMRBZ2e z)>wUbpFQ;A(^ht3-deB+=2o!h{S|iT2$eK?uiEhKc6*;}k#_8IS85I%OZ*3j!jBY^ z(YdGIj<=L^FEMD-1YBOpIOW~plNGpXB2afl9hrtLd#soX)?%`qk3Mt|T|s4;*d9w$ zvMgOYVUY*p){AC8tfVi1?%_NSe*N%!ifreBfhl?*uaE2RlbnD)8Q1jW zlNLO-8oc=)WIpJ6B|1l( z1{t!@wdPZaI%OE?92!#KHn;UT_zN;iSkqf;(>eV>07{G?Z1hoQcb5*1_ z&<<53tv(lfAN>%Mzm>@Y*qlzTQb{L7=Kj9J$L;CQrR>1Of{h>-SLwl7(15JZCCl&i z0lR*_+gcZrHbNi!bhyN758|&o3cYYqlbbBDQzxlRMMhX<6Z-h`X*)PYe`-T6f%k6k zH%(S#f*y~(j$Yt7N}9Di^^^sh2psMsgDQh}>4#Nd;nB-1{iBfs;bQuumNQ?um5_xM zmfb^zrd8ze3R#K1!V)VZbA0d?S@PZE=u7-0$XR)nRSGsj@RNMe618ei<6iDRKEwMt z?tL6Lrdivww;lTwG7wFH*rFcOZc%bUS%8g6beYM>#j;vb$ zGyy0pUDoZ!l`*c-p85E*wvTa_8Ml-jMrRCxC$xW8p=|^g)-h!c}u1Doc_zg#c_z>l6fCLiY}o12{Kw2@ng>AVdvDCzigk~ z|4_o}I6Evs@5;O8dKzB=Iv(H0?8tpubg8GnX@j zPf?30{K4$y_=8oJ>my5@B%;S2s!^cOf^&rTcp;MUnUZ9QGHwnzrQo1n^|g-uUl%Hpc$yfAKVji4uDl;jFY&MN9-ZJcd`;%Lz;Nb~_^8Dd>_<^9|Cr(a!UT+|j6U67)| zbF_q-$$PBjO9yCZDn-DW!ZD(97Elmv_TxW(*Ur7$XIBxJ(?p}YJ?U_apz|_SX1Gwn zc``*hE@{?2MavX&kr*U&Ss}r0?>`I7*?(r8Wi_Oo|H{^N&RZ`6)UES9%3Tn#HyzHW zM^z;kn}_X{FFj_DKSD`~EL_O`&}#O5(SwT*cwT;=n#*6gX6LP1&e#9|KmbWZK~#ou zLPv09Oa$$<|CVQ?rw-ZPUwpz&K3i;$P@2MR$KhcXA>V0NE->z^I5P*waOQHz;?l6Q zD@8NW25!~M?PH%@wO7b)na5E#bG6%6`Uh>axe8;OQaS*}mn3yK&OyB9n7#Zf;Exg% z)kGcU;rwyY;bemZbCNdJ-e%Xnan3GY?66Lvr5A`%#S!}1taNNH8oe~>3*eaCmV0`>CD1)M>8|r%+<>kZ;5m=Zoyp`@ouUzxd=QkV}613=Zx&96iE&9K(CG zsfx&*fGc$-C6s-MN3)1<-)GOcq%!~E{haJH)>EMYI^iHc?{pMSCj$UxD)3qh20RA^&r0hPJW-%vkUz)?_$h${trA$b{3@47@O+%b`QYhL{+xAPykkH5 zWAwvij8Vc{X2XT%k5^l5{So{8ub#G3Cu*&dgJUuL8O}#BQ5I_dziy^{;3P7%lY0J= zpUZY(gi9HoIWZEnAN&pU`S>B*{|issW6u@ZsYR>+1?s?m!PRLTVx4w@UP*sCPB|+w zosvG}QvFf;oaVcaM#~%c-3Px1xVRX(eH*y6*~Lp3gIs*a$Pfw=fT1IZvf&&q98Mex z*1teY?mgD;4sT>`CZX%$wxoRrJPec3@cU1`WG__b*h@s-Bm<&r@Id6&};4mW)pnY|H+*5at8@YAct_Xi_oY^R4ZC#WZhG+^Sd}anbUYN7cBM0plKL#Gj zWc)OxAXCs;VBmfG(Yv?pKTOgzb`)9VYl^W52+_Gi?{KTpP8T#hQoLxPL;tsgeLJo4QD7jziToR!JTTkM8l>PR_ z-#Kly^td8{CzF{YBNUe!j;ih}*X`}U`LUh5F>e#~neR)#%f(&zx~2*9yB4Iiwue()X_za}G;FRI4zbIiW*Yryj;kzRr)26>1JF3YR8gTHnN zc#cz5qsz|z^p^eEI6XDTplkZJ4R!|XwYLx1;}7k(&wa7U8tJFAh#nhl>$lD~-=~Bd zHcM5D4dZ~)C0{s5Pp~kN_XBtA)&Cl?$uozn=?fpTC!a5{$2jo8n(zaM1o*+f1pa;s z{*Wz~=n1f_>g2j!=4(k=b4OK$D&MM3p^<4fqAgUBTr>k0k_` z1Hc7dDfA9y_7SGx(f;IF=HM|eiKQ)$_>#H!4v)^G8j03>w-ALz78y2LwV$L zWsx1l=4mMA^7B@g^$>_K0fLhpyyV#53gWeKI5IVEU-1;j7u|aAM>?pKFX0u_G_Fkm2dUTHxG^%(517`l_a)yE;@4MY^bZA zpj^r#`X~ZUmbloz`=~u|5GN>y^dj)8z^wFM0=NF{5$;dv9k$qM zZ~TODBg=LPy}8WA_v~Cfd>gRJ<1O~Y%Qf~q_Uro4Ay~X^=xujpz(tDwl>tMqjxKo!zpF*M}&vj*X3cl0yN4;#{*# zphLO6``)63AKGhQ_(Z+ESQLgI7)x+Rdf<|M^R3(Ve-f0kIL0M%xYin)+23!Ta{DV^ zM1FE$4~f5sMsE7eqwH_gRu{Cto4{p}-e+WZ5sW#D{JAmm4u|;T_RupY?bzc*cK;JG zvSH=q#$K80vlRO88*jA{G(eN^IrY+jn6fX4K2VN|Qb;ePxy{6{(P$r~Nkdwakp z&_^lpA4|*fpVNQ*9OrU9&c)zRUx*TTXYBD~HTE0-jsOfCHkfE@G#LmfPzopMxl8u; z-@j&WFO84^9<$MrN_+RhlI1*DZ=e6vUVE{SvVh=iu4l|<;o~HM7XACmZIIa$&_fz} zNhfM;U(0>=%fEHX?%z-F2H9>7fAqLX?;}vT<{LOdTYp>m~zZhP&YZC;s80X%$ zi2d;G!}j$3hwSBFBh!?O>jm~VbOU?roeMU)NGYYN1C+kT$;q7I5El^5tIWB z8JRpRM=Ez4eU`Bm!+b8Y51~N#&Uy=BaGSTS+_yN9r4BLH#l8K%6qaT64K`wyP z*mdZe{|KfR+!deV6R--e{)`AUw?_OaM7q zMnxC#QC$Q*bWQLavMJ!X6CbU{r)?4EZqJ<@`@#8x_OS;V?Um0oV)t;_%sfQCfH4BY zI^MIMvp=*Omj>HY$2a7-|CR_ zAOGU>_An0nL%^w&ECZG8^rsulYCca^A{ivBqjv6F7wubrG;Qw;g>2kU$+xmYKa zy1C8{|ITsfY?xAS9ro(0H|#3|lx>4vV&S;;-HF(@zD6L>^G$a2mCx8GN^|Tv@gFil zlpFyj3C8_k(>N|%Zr@-W7gaAb*^!rD-Y^bY;?L%B3)V_DdCbunHU$@GBg3`$IHQ)w zIpVXg9IzMi(cK8r5G^g@y_fB;e*&G2kQGLiq>mDCrS-(J67bJLy zYCWC9HrIB?QX{$6S67VlTxBdFJ#>UOZ!U6;%kcXf?L^HH${nMtu-`%jl-lGXK;3E;sN{8mmjesH3XqbE?(SV8Qt z;kEvQe(%~tK()bDf`&Omw7<_9X)o{sc=+;X4?8?eX7G^aT;FrC+s|U zm|v!s=*n&DxEvr6uh?E>+;4r3aa5GqJnlVv|8L*0H}81k7Ger~ggWpQC!y=1!9Cz{ z#h$;v*#x4nO8H#*>Ik%@a>AkeAG9xi`C&U;RR~k!P$gstLb+8&Udcb*ZNzz7zV*)Y`VaG?Rzs&GVpP4I9aI+SlKZCWqeX2 z_?df)?A*vx_Qa85`@=J|F9|^tJkqnt@YNy{bk@J|`gwcnAE)eWPtQPBoxk2|9W86Pa`@4b_{}zNJG`#{-uqOVstrkeeS`h==%bhw-rr)M z`GppHF?SuF(Vk287q8y3uCX!rRy&Zq^kA~_d07y7PtGpF+i`-6TwfBM@ZkOSumA9* z9j+*_QsIGn0wvm{j@8+*Mh_25Q|*o#*Wjdv;XEL<_p?@<{S07=!Tu=+dTX3e$x8MG78V(Kp3+3 zUgv<#p|BO_%qR}HRW|0MPILDCcVFA^K0+@UP(9sQqDOK16N&OxeT)pOa(Z1QU5(-t zLf%L7^I&Ymx_ag?Mkr-O?M@@wCq~(T{?0zT8D2tgaS2AWVHATzO(H|235IagL{>(u zyI12f5w9GAd>jgOKvBlXPzNRKh@xF!o+J^V;UH=2H))i6d(^HDFW59ujy`Uw^-@Z) zE(BMX$gH3&%p4IHvlu?}x-=jn)-_!ew+fltBXoBl^=4aN=kg5eoUp_c>qMwz*V&De z>g;WrbGvn7yx{=Wfn0Fu>*%$@;G&hmEP~52(ZwkcAId}c0hcgv=@MK}{K`i11y!9Z3H27@~4tHJf zMTux1yM70!1CfV|6_ngqupVGNAt9^!#L;Qi*<(ck*2x+p9LSw0A+st7E{1vU!mV+; zK8TYy&i)uD@A%p}sb4C3nI7M1o!Xy=_iPm8?hzmyaw$N6j1}PD*U@JM80y=tbBJ|b zBy#H70P9R-*U7wsXHN#6d$<@Jqtwkd@NDnfiU(**O06Yw}b=ie$19r8Wtbw>!PgV4?vN&aZ z*KR^f3syE;WIfgLq!39%PmhV~tvIs4`+NlsXz)&ynndhm?Sc<{W%b=~XX8XFZnm0^^D=U^+BI@f7N3_QnCf_l02A?N#n zX9Reba>=%z^$B2$!xJ_RJm&*su*_B31epfC^xv5jV^Z2~ZnEDlyq;_G14Oj|#5`T# z@FxhL2dVwse%Y(7uI$m763P=vei9TBU7WVw_CBI^=Bxzgsgn~JYAMEts5c$K@fD;D zXB+f6!_5W(;H(q6hHvM3DCe1%u%FaXAAY#R@;1^nP4E542{pT)R_`3iCCu2BB_dDS zn2+~MGW?E)LjPpw+1&b&d zQQOjJ;mQN{z@c(3O2|-YPun7MdooxQyYnksPC})3L-{3cz6Sc^X}(V8>)bM5aV7Py zTlQJFYRMjGsi3Ah4$#&Z(TGInbD5Qc99@GW(=HBdIV+tnu*Rwg z`aW%AZ3EVJv)z`vC_u;a=f*KY=My%C5h{GILf3QM?REzT|LgF>@L(}C&cOrPmc!Oh z;Eg{DKREnpzK>|ULSN#)g{g77{q7}8PmS2}UY}JLdskD71d@zjZ=>8VI&!9*h+ZNe zImAyO&$JHNJ$S?EDMYCw!4*59c&32NZOXhz4la(FjZazU7`*|MLF7(=JL7rlJCZq) zNaD*>h)DO5e*5XGWXsQxIR(5V|3#l0-+zbqeR@B$PS@ajZJiU=bNM=aKke38uXSSg z2FPMCWgp^f&#u!Q#(2B@eW2_IJr8=^65Cnp%tG;Y~H;^y4 zpkEoW}b+K_#H^x<=n;y4q;OMxI|52+Jh zRaK=WymrlUW+@MwOV(Eh{Rpu`VyLS$a(wo#ag_Js zf==T)7#CR^H*9^_i)%ykyH2Tv{>TRqAo6*O(9a)p3>iW&VX^nc?$Z7IWc%Cu0%PMqk=na)$!L?Qs@cttZ&rDZ?xG$H?|Sk_G4rn z_i}MV0KbFFGIoJC-;@;*@DXOy;$)A`maOM0bas2nZbE0vNzs|?ES@ZR!9Ev}7u}bx zTP`o^dOV;4x2<2O+t&2?KRrtZAkJ#U$o3EGhns@I{@>Bcs!%OX)JLb@1 zN%&gMxK$!_qYJ&((;l!l-wxYoL$OuCu({|lxiy0e%ty9y*Mu_OR7OU4W2qnp$bvrt z%*Hyc>+*{I1ChkJ^L^IdwhaCl&w8`+$T=9qMHgV&YUGpv2kAl_KSdr`cbp+wtbQ*YGX~#YrwyW4Z(_EGY0>zx0O09;H zwiA@~*()4SmEu=6fkSc&ptOdWqWSQgWni*m|MA zS(U^R{-DpUJH6(co3LWaBa#m8^q)`J7(|*!uo;EFj$wkiz+Vdemsa1n5zclOZ(0sL zX^ZCbtgbxbvI&N{xN3(!<6{x}elFTX7xI<)X2=x7ONKo^VKW`AcC$EcuT`yZ4xsXg z(|_V4K9ZcVwCF{bNTg#XiQdmCsdSZ@}`?8nS^u$sQGnh!ccU9ZjO_D5_2;ri(5X#!~a?XB;TkwF!Y4&=u)bcy6= z02$CWW1|Dv_u<`TO7GKmJ6uwgS!c}h$JW;wqxY9r2HP!d`!CWjyjJM-Hr95{t`k7H zN=AO?fO-oeVHD2ov4A%o53-8ME^r=G|GV_`m=y_s$krwPW$~9|$fboboS9tUE7L$R zFv7z;L7m96o27C4F}RH?E7XXy-Ff=MoJGkBlBYaH+_jXC`7uVfr}QZ|C%xjt^u z=CKP>&VG@e5O$Nc06%qJylQ!iqn0lLUSGLSZUX5a=A>+}O{#n03U^M^68Z_1X2aw7R%Mk4yq6a`}Bo*&ooG zd`Mw}7*bT&xI~ScHLO( zRs2?57=Y_m(HZ+%r?bp+;3EY=&2i4@BmgEko@a%Wn>5a9%c3&^A42%Na^MM@ALr5$ zIzzpw0F7+7mAP@7g8yznFF&Rim*i(;6TM8)cWm6F&$V&*88YLpXUCOqGmiNjT_fj2 zXP!L*KFHmfr+<3qg{$cGYRjF&__2$2nyjU2z{iRnKbL0XTB^v zawhYwvV`?PPjg*dYTfR{ZxAN9uhfRFq94HR0>PT8z_g9@cG{cY^I5+xgjioh^dq_q zQ-U`>X769>w(~@achUzmT82ChA$OsddF+S|=p`|l1HF*3vPLgtlX7{IYseRH+=ZRI z07J>{@%e>!s+&yj; zUq?Fu-xqFV6;Q{`mtatZ#2A)~CbP}NZ9WohjY2O5X2`-{c!Nm{U z^!~T;#oy=$ZrBql&0Skd&(T6_$VKN+*78R0Bxe(aE6Ap1PH3@`GM5!(Qj919<5d*>(DpURy_xw~m`b4nKFV zbN&5p;g5aj<@Av+X0zZi3(xQbrT!_sx{7>?EDYGP;K?N=WAV-vyIMF&*-h*e0v?f+wg`;dIpf7jJv^kqLv$-1 zkg?s$pl74%ZTHXR<(qh}0T68e`ePK+|3j3nKevj=f&DOK1xkx_KPg5GMKxJd!&&j_ zPFr$^Py~ygrb0m!O0J8F;L~na4Mb)0oEXt*36Qf2bE`C;7(=P=Vd|*6%q!+|jodz9 zzU_DNLBG|UL>3cukVD3k*fLIJpoFLnmd-fb;eGTPLInlI!AEJ%x!hKVQ1m)?2`1X6 z6IU>c_P2sTDW@O1Lx3SHiGm2a&pQ@$1gX_}x5{uk<5s!UiUOZll#HY(rC%Q3Z@>A! z6X}%`wTu7hExU1ny4@(Bc`il*9Q4!#c7^pPU~Ul`;Plp_h#icVbc{?KN@mgn+|C zW}FVnp$JY&#_^Z6@i5^X!KUmq?TXtn_wy?FTLrGFlD-jt&Q{bK+)%!Xu9+u>U`{|s za^y&9d6X@B*~L1AM--mh-$%Mg6kW4U2T$=Ie5j@U+}8j?=0> z{A*3V1jI+sjmkRdf>4Oimnuy}TFT%( zK?%jA@W@9LF)Mm;a*%Q=>Kpe#a?m~aXZWIh`nFlG_97X<;*cv`d~-pQfNu3t%K3*~ z=SFynA9A*Vr{q!G$?ILh6S{DGB%!zlPsvx5q2#9KA!1MR*Hhtc`Hok(^+%3z*dRhm za>BDEBrL!)vLq*;Ly9iy93c3$;K6I7{B+}?Pw|n6eg3>-p4;~Q44pxs;GF%5t`!|7`gHr_3kzPG zZv$QH11=Kl!;BNW_@~!aI*Y&;0p{IAXUL^x48v7)vGm?uc+lRx$K8zwGKe5kcuV7? zZ-J46iw-%^$tJjX@26!S%r9G@q`@i#ExURBw*AL9$w(qH)DQiAkY3ByOwX%qw2GF;?7qx=u|DSe z3+AI--XadPcy_+~PkHlI#q0s*yH2pfe|%%XhN)p6%IA;+-DKe?u%y8MDm3kYE`DI& z38J_>et;gg()9}MM&lu~J0WK%$M_Fc;FT=>bh%((W^eO%3){)`c9p4w!KGHfp_j+QyK(Lz zeDQPu`keDdgaC#hjvPM$E^6K$MQ(9IrsPPDlczx(SE zt{l3~9em#DO{V6rdr5C*`Q010Zr8aoPV}}4p{M!l$x#NXzl4)#;$v(~={ILDA?Kyv zJ-wNoZwETVo^W)->{^RQ3*M>}gd@2oI+L9yxt7&OY1uvOPY%l@Fp@qBQz}Mw!LIk0 z!Gq&_cq5b@j~v`+FU!u_IG=OIWQkVLLtk&kA2y4_pKP+N_!FHn_(RO+oSK4-vkO%E zMfNUPv>E;EHQgrLl3<58e5>++I(LNNqk_ug_SmyE_B)@?#Ub5eU;Cr8c8#+9Gw`2u zu3p)#$etB|^J|)|@(>k79xbsyJV^xqtzP@1uUxeo1TZW^Z!0|C51$@>tLWc078)eo1hy(zG7E>=J*-z!jZ4 zz@I>wm7AiIwfUH075Z33|Eb=TA6+av-p%Lqik9SETspeRL>+6Lf`>%S&2J^C357Pu^=j$!)hko+duR2FyVp zNl!XE(yd>-pxL1N?EA>=I2mtgN;DQ!9k(-D=Vxed(n}|`)oO4csgO1jaVND@J1n!;@)_KY4hm3sT^RB-YA90Uz zXd|N#ITm*MPyQBfuezx4J|$VnIwfPHC&G1AnW#E$JQqHu+pd%MBRjp%lSCs~z6c}Z z)#76fj~n1AeYCbNE)YWmjl{VGTcLtQm^FLzbAG_zltvEtX%7(KGeOFa>2onEHF@WN zEPd_*4^Dn+g}ZyjslpLJ2mRKszheLXfBqGGi3IM=&m-TYch;X1|C|48zW@FwyL)Kn zQ;3ESerXQf$g5uR;?f+lh^rjxJjhV=ZufV7hKoky^GTxF;zZ#sqGa6(%njkez)KF< z0E*u=|K_Bi`TQW*%{RTsdJqhBWNEEn*h!bMLPMYlo`iJiOwq1Y2)YJAiiYBd7t-F zhf|R^tPEJtFpfkAKN%+T)QcYJ;RYIkm6jJs%)|ddgoFNf5`jG^(<+i*XhqfaR$4}x zm_qv3v{YC_ywB!aN9|JUv|a2cs&WN9Fl+-|Wf%0J{#Sbc+B%alx6a|NLF=X@$L4hs z*Xv8yoj`WO-;izYQ_;oTyi)DG6bZDQq>gwTysyibj9}buf0Ab!hk>-RLfI?f z9XrX>p1ijs-eov=2aMR_g8R5X;6(_3kQ{Uae}*qwlMK4;*2{wVE9Hu8K-mQ{o?w-5 z(mF-YJ|{oLE1rDaX(@sW*2Wq<7uMu;7M?sy{DTr&qw5SjcUs>XJXwd6bzAvpWjlTs zeeqz)5e|Bi$6Mt@EDG*sb|F7CUUJvT2~Wy=3K?Gc?&V_LZMQrOX(W1reMbKV{+VE-csJxF(m7pF7eSbASsScw8T!HT%WwzAtc6|2pDnIHD;~*)SAS-le)!scvgeDoyt&?Qja(JQ-F&lAz*B{I; zn4PgWA2ber(zsc&JzA&kHO_m4<8kMZ!yca_>KYpJaarZ$vmAcdqYI1k-~@cAx`UJ3 z(hr(fj=T>s&e@+IaU8s`Zr1?>E@4*VM5$AzOqot{Zu@a237)>pxo90onp1SeB_^NW z%(q$Q)HwFV{uIedV-m)2dACGn*AxcNCcUR8ZyqN;@@MrX?`!t> z`Z&wiG$CJtFV^9c83*5PobN9AaxeVJ?$UNQyguxF>dWMu;7-3&8j;e#^RmyJT**Ft z9iGCya4H?WO3#+D!ML4&hf>MCq{*V9e_Gm)L>8uqCHQDYLU^mx<_gx89i&FZL^Yo_qm`hm&`dzjxmgbYb5$v2CW39{R>4kB9h=(~LvUxt8 z`(#Ik6 O8XJgHJ~vK;Gm*>F37b}5jJvSB2G-0s;#=wV51vnJ_WT9HF?@@DUYdZ1 z(p{RniAi~mpSi9j?(|e z<9F!H1K-*Pv-G@7&#DFbc(21T`;pD?%@PD<&RV)RdFg+NjY{^Qnq9#lHxc{B9pR6(G)~Npa6mdi2VV0`!X|c znVC2H-ZR}j-JQ?5zy9^~EIrdR?>#(_m>=+_yMMpmz4zR6&pr3tbI+1=(QYoI@0ljY zlefsEdvyJNQpn>()#&@%QS`I$AlElaug|=HC3h#rzBK~5stCL?i zSX!K#V%%s5nQG%@_dNN))(4BAV02b`{QMg7q^pOYUCx;>6pIN=6Nw)ZEV_W$7B$bTWp^*>sf5_sz2!P z3HVqLy`R6n+d+=e#Rh!j`L4%b;H7pTLw!LG48k0ydi066Z^?1DHdpBxO?`e{x5bCB zn()uke90?oYo@gq;$MNk*tjF-E?{&yH_9AYvp#Gr=fR0*G;-Pe*k*jtFzMmNoA1DB zau4%}c&m&7-et67^kDje0vtTgZT39h&vM4W>Di6n(w<8X03rl9g15uoPQ;7d0g(MmZ9@xiH zdib#wwG!faiFG`MJQ;=-`}!)?ng`$u&A?)nRUVU6t%IpXb8*j3rqiF(cnVJ z<&I9*@ZA#Qof3GcQ#<_H(LRV*tYF_C>{s!Wv9(1XMGs1vJS2s zpp2vqR2WYK*omPLTyC{o``zOmgg|o>w}m-JSdBH8Ppj+dGe+tTYOwIj4_le-t*O1t zAKt(l0}qgl(k>@#Sf9OLjxe@-4mDVEIOxi!Ggq?skB2kY4Q|66tvxJ8@*OOGb=`Nv zAwrve z#mEhH@kRZJ@CtwS)`Z?8X1*g%s`2{mitql96P8S|Vit6js;)I&q4BY&~rj7qqBnTpnKS+ct1|L<=6lrpeee=uM++ZFR^Ot;|+#99(XLFkc#VmOpt=P-O<^1Z`jJwxA zTRY+bK7A=0fi57*6^KKFxBcz^{w(lK<}bBM758 z@7fH$;&T3b`Oh`;$P{y>_+U|c&U(|8&(rl*<%-(##>l3jRc04=7-Hxv z{P=kBUMOC#+)Ku{9A4}>n+5unoF(+_)K!fUg7V_Z6MF2S2lch?j}a+=jWhMSFoVqL zils3{$Is~puV2*v^x}1$>$ki%&@=+H&5vy_6VMPMQ?m=2nx;K+i(Sk-p+|`c{k85V z73T0~V|!=y!fTiGKmX+oog;LkwHLxd&#XHO*Cz8JoZ-OpuAowz?)IOX^CWk# zj;p$+O4V$5Q^=Q&25iom4DRzkAAUE#O3+!J_N<(1Zxi?-a&HYqrn7@IyVkr9OjbNY zPRqsV_jU2jfCk?;Wdvb*35lIU`D%mcQKnbktHZllDE9{C$m_FRxz!r@Mjy?y&o-I< z<>Q;19OUIE9uMul``^u%54xNWodII&E{J4$U=QOi54NIpw&?W@_|K2onpgO-+CRfI z$`Iob)=r7{{qn2j9Ac2m!6yfGTV2KT*5_yCw6}(C)--*;^celpR+V<7}y7TeN&%>?YUE7{F4jbsC2p>K~9zMO≠RY?0KF0NkCWM!HCi3 zA8Tf*`RDe4U}t%X5a8r`xxGKGOTov;>+_&~>%hm!!HcD_krHd1VKGX$(9kG(qF%nB zKX_qC1B93~9&g4?W;UOPdQ*DaExlMj*N>lD|0*yf^Z9KNUfjFJ>g)j5$`;sKjPpjc;z>p5H%bPH%ES(b~QSen&^P zpJcA&*M1L9a$io)>OJ7R^cHXeqaAvb52pva&3g;`?4iX5-tcGh&3j(>TePkOYs%v< zR?lih<>O_ua%Q06#=gY(89u#o1&G}jqt!sLG~L+IuPJ#~Qs9$tQ}4bKU@gnz6Jx?$ z9G+OlxNm4@Eg0^XH|Cr3drxtR4$er}mm6Kf>)vt4rWqBLi5DNd4Rn^rX-PVB^I;cs=HwFQAF?p#Gn?`y zgK3ps974Ha^2|=k`91SK{r;8YPuAvU^J;B1W&bL_J+FVJr}O2dt>|z)0Bh)S{lolk z!twYq#~#w5&px1kd@6xKFg(ftvNa9ec=h59(hJOO&%uTD2G11w(>O<0J6LH_gdZ6 zl?w+m&CtK|i_UvETU&ISs*K@n^8k-PaKFmh`tIl#ecQ6Jt)CZQ-Lj5i0Q2>g@xHNq z^9svW5aVV2%)kKLB4!|!Y^8j>Y*xk2 z#{pP&MQ2;US-NutkPB^=@ou5euD;wKI6t`l8B(A-pQeiOS^Rwy+!bK-s@UX>&2RbE zDw{vOcX!voTShaxhx3EP=Wgk9i*jY)rhviO=*VYlOK2lRN<9v}RU_gy~A&X1$E+2QO3*TfIqbo3@9w z`OroE_`U1u-_TwWVHADcs(pjN$suLGzgpXxaoeQ4^{v!ZC|mlKQbl)sfA@UJYpMY2 zj$7VI0iXU#mD%n&Be^TNV*7GN?m6P`XUUN_K0+?8Kf}Bb>*`B{RGq+ZCwHfE)(&W3 z+dg78m`$5!R#ppyvTz0?zNgYwo1xv7D-2iZ@!6XGKIn1U(Ry?Y=#~ofB52kD!4u$fAZ`a|DSVp2%O?0- z*HHfF4%+ieY_pcE>ARKL1WxC9X<|~@aC(hzs5=kSW*>!jx5MLRg&Bde$6-zR9n6O{ z<-8vSnC<5}xPi!f=`P@NO*>w#JN#SJ&uvR?^X|HS`qdR+Eb-h&hyT7uXLx`jXJ_;L z<)?wp3c9{h{Va5__)8H^cT~=+qkvocxr_3}kd*U%r|s=-efK(3z-Kvt<=@#Ue6A&* z53a}G`rqr|D73ZBd+Un%kgn>6%Pha!_O=^?t)Cas=jI(Lad)@nyy^;lwV&JIr||AJ z@2v;4P;UK${BIvGws$w4ogo56GI5K%)7LHVwC25h;T_-GqJAHq58G#1 zIj%x+%W-vp!;yLfQS-Jk3+TP;gU5gudd1JhW$HD{0paE1@+ekD8Ij@;dD7nyk^R;Ztu-K4D4ZG4+DD`_()^GS=3{- z&aftdl>lX!vIR<{9#48^Uvcit<`yL%Ye z!@&K(fXOfTM;7JmD>bwRzujTl_9tQR>u!n&?4E(HPz~uz9_0MvmS#C44v{)ly<`*vu=|RjKKi83G`Mq=O ze9-Of9KyX4A7u>qIYmn5;`&e_hfQSJhgHRZ@3vfV9edyRFz`{wK=~HKKBfx%Wkb#{ z{|$e=#ef9sWj}}9T1#dB-JiA3o#XTVVBn_(&ijL%owvG&&&_eRhnLOqvUhh61A7>_ z9~dzC#q#8q&WYy9FP7HC%Z+Ri$N0C#)9QXezSrh<7}$BJ!0l?>dwvfwz|P;#S+rSB zl&xCkM9T6Ygd!YN@z1}U^&LM(vRbEc5g8V|&yVn<#3D@3hcZ`9( zgR476;r*y!_tq_&#lO6FJ=i^*_YS5HQ_Y^)faFt8;C@^oz>t4QPx7l5X*YB9RrMaZ@-o7#K$5yU`#U4ch_FxLm&-UrjGjje1l zZ^=k&iRAa@?M7^Uc<$`USs$LU*n{Llg#nZo*%hKqkc~S)VxK@bV}U02_}PvI>7%m# z?FcFN@ns92>dDqwWNbzUy53u-@8f{%HNA&{Jq+w&U=ITyLJSmi-XEC0;6sRnpD~aS z;rFgR4D4axzGA>UR!wJUpZP2h_Z6PK#`iFAw=m%7+7UK2ng`3>s(7!SJq+w&;GSW? zpSNzl?n(Uj49|NN?_ppM1NR;Sj-UB5_PuXzuZ2Af+)E62D{`Kw3k~h9(*;!Qec8jn z9tQR>u!n&?4D4axXAT49dt3#G7fI6d3<=NebF<4r(G@J~k)c*SMohpm&k`(!u)xpx zSz_~**oml_z*!!qpoIatOY&EilYpG%bHby=9SS%l%qrxi;az=a+izI$Wi$L+0VmWS z%v(O0jxxUKil^0 ze!Q>?eBM(qp?f#JmbA}o+bTlNbHv8F)c9@>k6FxN{TYlZ9IaPlbDa(ztXEAasfD2d zjZe&KcrHkyz&+2a?QyxwH+(uvd%UcidArM&ykf3Bvy#ks{15u^D9F4S;Cm6{olw*r z(bXM6SX9`6$n!O$d*e@$a_Bx!*P)ogkvcWE*6ZMbdQ}Aynuo5(Cg(K*T`wD5?|EJo z;rniX-R=184vxZlhV?JYn&WN7HMw;*=+Te!-q}6lEUFgzG*4BVPprRoxpua+Jmx)< zLkv!GJUY0&l3v-6Cx1ALe6LFPboYNg==OFCsXuQk6|SgLYg>a3?yprWyP&zDL5)u> zxOtmQ-|Kk`zKriMHs*os_>Qf&czk_0_~LHydvD7*Iz}dU^TFoAI@(>Geaa?IsiHs6BV9MN7Vi+l?LJy13&c^_^edziOWHU)gZ6|8_SYy+Pq<#tzS zMWI+qZC%Scaxkq}Dyq2~wYohS*3fK5sTHrzdxhuwfUOTJZg)_A6iS)CN~Ysmvj&?C!D!gtmh0~ET9X5uIKRvK zcUyk9<$ii8!1#{Gd%St&#~D02@271wK7mab3754P>$Ew_E@vp!M3efX_xS=vCz7juwO&`sDvA-h|2;O5@v-lljh z6#5zYl1EHoynaTymG6efd@~A#Diy8jQ_rar`n$h&T8HD~y79el=(RVd^sUPQC6*X( zk2G_gkt+U?kyEf#0 zMb@5MNckugTbn_1K5&%zIXDwLXk-h3>L)wSh4 zjQI27Uf`#6d*!rde8%1b!k=bZal?@x6W5<|`hJJ+SUV?jV<1Q6< zm?^+pCT#9CWQ=fH6%8{w`AkCp#jiD~1*4g(-wx`9HzWF1BCF&wd#*^n+jj}xy=vBB zAWzyJy_GqB>#ErMna2P|H#R>*;abJ(kLu*pr}gV!KBT&-bGrK6gkC%|ujdj$rIP3& zOa*hl5yx;Bc>Fzt#giBEjqQNMc3bWqcI9WQYJV*5J0bpTq4mD?#>R6uV_8Ny$0w{~ zWxTuE|2%>DW%56F1>?ZvjZqZ4wQZ`dt~@C(Euj z6IWeJmG+;iR#YjCo*mQl#DWsg`wC-aS6Sq;9$4r<0Fj3x)oemqbl^~rPE5-rbRDiyRYQvo9`4bxNI;QyVj8H*3CB{`j1x{i_zvC?c0T-tJ%-_r zUt@a}<5#6%DnEYE*Vf~=vmRQW1sEjW!quvXx2V3oL8tnv)m&5IyqX+mWV}-g(^?q0 zsiE;X^-rQOH0ycBzPxp|7$&cO87zvktkpFwE!uao*PBnw;q3gRCWo)<_683jTTulH?z_GHR?DCX`N2YZC(wt@&@N%vI@DkQr#Sm@&y`1(YH9S16 z^Ox^Ndz(X1{#|e0qUmKls)0|n>d@hR>Px2-YN^oGc(yQa%dc}MZ~Amw!NA7V+`)Q# zvRZ+qCEY%ITeGvv1-jj18LN1;`G-FPR^{IOYiO_6sr}Vzs>;tlH_4cPb5ojU{@t9I z*WgrEsl4|JCh^Lwr17$=RkX2P4ITA*pto9$$RPwOP$0X6d^@Y#!&AC=d0NwRDP>{c zc`k z1&=H}7#1iahf8cj=Yo1qEULAUwpq_BIK4@xD>Qa9qQP?&nlNwwFdWl(bm{8u`4i`{ zkxQ$kcSVOz1J7(ox8IFvhCR^Ymhb^JEF};$53;oCTBXDLD%Az;1X_bSTN#vd0Pxt( zJ@3aywE=(pTKiUX@KjD2=z5g#n})s;TaMpH6=U1=J5R7~ovu}VbDNGF?NZa>AQ$ zon@VNTT*+?{(az+*Ml#YiPChH+Iy?icPy^-^nz}m8`a!m3cdn=zDuBGGw^d&sJRn4 z@JN@M>!PYd-xLlkBV#5sc56~ME=_1Eky5g#-QAYkZgf7X&uuS6J`I3-f8sO{KJKYnsz<-5F`xe%d_2YwE(PYYZu~L>m)HJZQ5@mr?(2%NNSk z({97g+x=;y5C4E69Ia3!7Ipf~>R?KXOIb}V678add{S;XlYi`lJyyfKZK_n9Jy#TY zD7~CgVqsYe%NZri+q%$Bp1*W-FAm z111B~=bGRwi`K0oTBG`&htzwdLI3c?hyqhX`tS1n4iOrMY2g?}RYQ|bf94B1)EZLf z)&HQ8D^vQ$MGn{!R9F_A*7#4uwGN-HJ^IX-pHWvlsfj=NPrCHplzt38r`O~2o^{RO zfjCj31(sXY(zQ=t{*8lb(5znjXD{l#ky%|v8Sful?G_AM;BzqD>9X3_>4n`kh0VfCn30&xKjsq3dPSA^K~E z|LSJd?A_ZH28`O=dc6`=DAlIU{XP1d|6spjvlHIt5dPGGS}bL*%$sqFTR6^(3MpWAxG0FY=hw{&lB*0NV^ zFTZ?Vzc+SXXYR1Q9piA*0!&C-kC?YB9CR)&BsIUndPJzuB%#dM3*5774c(?Y)O~25 zzVe^cIy<(gYcUS=k$DV^J=T#Q3g({~X~mFp8~Ps6si%+XcRt^xlbvxT z*!1TJ&lzOLw|Mh{MqdBEzW2s8{lOc{Yzj>#H#ynDY-SXR=gWWmnEuHxcIZ@BjTV@{ z!PJBT3s>~=OXu`|jJ&URCd{w`V;%(L-Hbz_y-KgW)3o*R}VewYNxn@Cw(S z*Izrd%B3pR+l2H*!J$Mp4`03%M3bkOdq~6i z5!u0qg;0Z+p%myiG^;QEJr3b!rQ82sPVZg_>t&4h(uB-(a{dl#E&ZzB-iliLruBBH(ps{o@FwN7>y;F}QvR88Y;Xlply|IX{lmnmhD#H*dnUihp78X!&CIvt9`nAVM${mlLzUPf!CT(d2 z7IpB!W&OtQG%0mHqaO}3e$dyoa>j3`&3#avt|Jfn{CW4#dW<}WkzpVgSI2=9diHPsydFos zIvQP89s8=q+St6NYsh+&DOIjOhw+4g%+$8XB$bU$xr0tMu5h z8Vu1eaL@NIlTB-Ma9Y>${hPRh{@J_@ut%si{2yynR~_>E5IDb?WYo>*IYf)uNL~8ZFt}rM=YjEDj};dVd6+ z=(rtzGk|tTg@Kigds}x6<6fo4c$hs(mUDz;9FfiuHcH_vJs!bsvl6pFVhig!x;>63b#xWdBRW^2L|C0yx!0A>s zrY1FgaZ3G6fF(9d=J^y{npSvnT<3HqRm_L^nnv|V~+L@R%cw*%gJSv)XI=MBWMa+ z_dmbwEmNZ5g_A}BFusH$tvafMSPMrcVtSJ>6k6gPPNuy&{d!>tv>%S)?q650p4J7F z3o*qw2r-?p$7GFJT1bEh%(7WctzmUeMwO1^iDPbR_L9M82OPHfU8hy@VsCQl$E-D& zSKGI)pzN^2yF!itgUh?Td8x~x1P z@|FjuE59|IZULl_!zap=v877YRaQ8Bh9{TmnU)U%c9vpF)DS*Ml#~Qry*xt<;{xkD*>4t7_ z82O!V&FF0e?nw?$u8yJXb#ueY=6hQhH`kb3_^HW_rL}LDKkg3yHWq$a@A1z5`t4bc zBRaGpx7U`>eS9+J#5nf_86SWx;dJ#vqs+UFbZxYir_Vf^tV+;jM9nQ>6>o>* z@THb6U|UG38k_}}uw=wjEra!<6>zcZ&DzOm+Ws?x0m~VdokLM{UDq#2-};YJY7fsq z*E702jwLr1RCyyPAN;~+seT&0c-djI@9Jkx}E#tXMXg3?b=I%OG#g|mY z*aq=nStR=geQkF7NL)O@ag8bFsdyMV*KHbeIE1WgP3nETN5_xUO1B7KIf*w98-gks3wnik`x7C5UIsyC|)9 z*B;$uY_nzt=Z3}RrOmO8{D0H;AO+*k8B2_jomFCLPy=Uk`jbDNU~@L1@pE&!IDz*# z)vwN58iGc>TvXPmN1w)<9M5)e@Jca#8ow?Kw0qHc<$1ZrsN8^O_YyGUl&~F6G@|%G z3B>_otiTt+t?R4tL;Id@D35vPQDf@^6VB$5@w46G#mXDJ>)~A2UdjID0V?yu^#d8w z<@Ja%GT{THAE^nHC-G6&^d+b$&4C=3f%I#d(ZJ zb80?GNMbApdQl=KR_2sOMhjPQfYjK@!ATG6Pzwi0X-yAY*W0&(nzgx;nI#g!h%Vlm z(+qMz27cjRg`xCsZ1HLQ*7{IEdsR)ecd%DS9`f3o>ZiS%MeQw)z(0ss;I{|SIO87h z6Rv7e)xIO@J$OWqx7X;Qj!HFf=r-P3ty<`$5>y#nwhloYcvQEkrSE|1BS}@y_mg9B zP8V)N>sWDyz~3r8ZUOu~d}QmI9q!wjILw-hqnl1MhDmtAD~pV^h2}JrZ-s2?@Nz)$ zk{#3(U2ZKw)^ItYY+bRs*pMXVqj(~)CL|eG@OI*8t@=3ZY~B|VI!D$DYtmt|s5ZzA z+B2oEooKnK$9u)s+V<9g4Q!UnD~nufQ@!|da~1C>TjQJ@;@ZKYJ%KR-^C86g(YB9u z3v1sv#)7!(u(oj7`>q^q@!eZzsou)dPL}zxG*+XFZ%Y5~zZ+Krhn}NnD|Bv>JV0ys zSur$Q^pm+*+}@qi&z<5k1KqgsScgx)H|z0gOPP&|mCL3!ABRAJULcz_?|Ws@8M?7| z%IbW(>)Ubk!69=t!5F&n%aUgdgRsc}2CMM3661HL`1Janr?WEp7cd?Nt+*U>Mh`Z= zL`^XobkuLpp?8?>Gzp&M(<-%kh$MA@6@2XHeyeBi3 zAwZT9))oc*a&fO*-THFISE;uO56Rj_WPL(m#g~Zg0G;HB))B#&rUt{RN@Ej6fVy=Z z#Y`1t8Zmb2Y{Ba)lhpEz9i$=G!MNSN2OiLd@nmXrSxdLmT4cO)@ELE^w}5-yBbz@K z6{#4`%B|qs3McF8-t6bv{#6s1EUYRHWtL}h8~WEy|I+#XC3e|A2Lodf!OhCNC8Nkv znR#%@JeoII%^@H8E4i!{qLA2OrO{LInE3rDht6zYZ1{}Z9=#``dKm1&_@WjWV^cR} z@Ni;9P@J)faj4vg92V8m(TFoS+D>-Lw-CA`Ku zis&q1`?FopnUBN!^Xc=ajl{b-fAQbX&rP>K-JG8lctp`0zFU1n4Bh^6gi7N%#ExwC zwr*bQ*Bk!^OW0RX!m?qQw?nJ?6FT-#pZ@+=9?`L$E`4_Ry9$jB>7|8M+(7s1i^O6+ z)}GebH@~MJy?IqXnhtAZIf#OZ#Q`D0EDu*uo-ARR@4Sw7(OKKDnoDC#)?mLv( z;)W0znbZ92q~8AVuqJw9`f6QF2M#x=a(GVJ$utX}*On_{wb)PU&9Zwo%jN|(tN|1X z<|^qoLe1{G^(U1?*|-$JV}TQX(=8c&Ssivc__)DmzGCmTy}&(JkGr$}kCoxxhH_TM z9+>27pKF?Ozug~K-2Qm)*gd9f>GpWf7~9773_`2JK27?egAqJ5@DO5~24v^wMh7?vBgT%FEUkixxUbIQ(F1zo4&)>3-A~;=tOzML+Eu2omtlBv2 zFmEXM+S<~E_Np_dH*c*BnM1tgATpC}nFnH=`GC!(nyX z08qJAY5z=)Dh6pyyY{{Zhldpk1XoyKa3`Od(3>xF0N)+bSDOe=#bzfqG|#@!=&U@& z*4A)Z!%#MdR=Hq8lOtF3!XFLlFLU(@q&ju_6Z`b_-|0me!vgMLcA%F0vn5@-{ukk; zxRy2eFoe06-PqW#jTi93+g70aMO^m77UBcpa|I;3Lu`tB^VaGquEC@0%nEcpe@)ll zxvqbAAwqaIUdwTy;?wndKI;SEfyG$z#lHK$X~X9e{;PNN>DOCm$L~Y_L4Gmz`j)@9 zuEDi*?LYM1wP&uzO^TMJmrdUF`fu}uhwgd)(|&Um+VPwBUdli5#xG$e=J2j02OG9u zvocoP;nUUQ_q|ZbwqL9c2T-;KORz4rw|D7Fzfh@~gzpTDe&goU|^mDqfyp3|!i zJ@~0^{n|g;r|9Xhj#m$BIXA0oY+RBambPs#4>hb9LQ2Ke+S{wof9;cM%O*7UpI+4Y zb1fSB(qAPw4c^RV3F!E~^~;AdqCgsBmd-}~{1;nPmzdG(|L04(d}&DMSaupuJ*=m{ z_+=e$II2&4?6T_Pgfx65fd@8xfCIM81oh2i@?TdAY}Vh^r-g404iA4`UkXp$m(ALv=6tVwIM$Zg=`SA-Zh~%Fn05;N zLn(?!cyOg#on4*!rDtQR7#-Ae|NKX~cx7DuoPsQ*8(3#L^w=+S=~w?@kK!joIvF2= z7o>F+g=`#yvfd|tL7#ZELBD!(QWKZo(;xos`+9G1R`Vzi(imq1Q4FS2D593|#Irae zOomN{V^e7To95MJO3ipvaeEw!Ui8{~zeIbPD2fak%b9@)b=0&r1Md?$dZbM!=SEa@ zQ@Y$8&;>#T&6^C62h7^D_v<>k_2@7DvQFd5bbR?QJOT26OXr1<`y> zAp;};{c+favMhtKqj`TKf-`Q=p>>c?n>Rkl?$avcpM`N>nQGAGmufZm8v9B^H}7X` z@5NTb$=80tHSOAu68$V{&(?)Ir=Jq-0Kxk4TMwemME@Q4%D%Z*jxN4}=~ zdw#usUF%BbHPJo;h2dVqLvY(S#H#S3}x3SV4dza{ongzU-X=5^~b9#S{Y zBdRnh66n&WzTB&?{DV%6FR*pBGJae6FIG;(H@SJ~jK*%PmizRtc;#j&gBV#<&TsRh z^aASs55}Cmu^aoADlk_i%7f}DG2F8-QOn787 zM2phDgY@qK>tE~+`)A-dnuCtn6HF4)b*P_ln9FD=<#~{q`r0t(jFMrSOc}<#1fi}D z*t(AT{X_8+#9OT~s+0Ta&+vlIyfLdubl`IslBHKz%NXASCn|N~B+*e&inRomIFBZ3 zM2_&BO%*zHD5Bihk}khaS|apPGZ^94qwnwTZBlD2uA|+H3XEno!#}rYjf7RduG|>q zW+~S|xvn+kGL&PT!nh_FW*l0pbP_tNStfnd)6~eA zZVn8q--tMxRFq9-WpzwL$zy6F-g0MarTW?stNK>jB4mgzs`+C zIW%H{Ls1hzV{dMGK|alrG(?@&`SLGMFbf7N6e0{sZCf`BW`mA&b5i{t7T~X4(8UX5 znz^}zMHLL!LwD z?kbz~LCU2U6Ph|ds(7GDIYO<}wn`muT-G2b)mhrexx*{3&B9;Wu|C>@>o#rq{uTr} z|3&V5f~T!l_7XY6SWH4eEZxZ&c7&W`mNP7Zg2(hs?1qUEx}fCbE!`fU(xs8K=GpL> z$43sqHoH`<>Xv#P{$z(buv(3Cx{i@0-v|n6DSn)UJf=wVUpwFD6YUBoQPWK7(z{>`i_EU z4$v~Ur%)6jki*o%EyUEuHNLwt<19wP>Jl%pzEa3?1*)XT3$saJF z;jwuZXFL}nke*}v)COa02vG(_|9oOjoOb8{sJ#aQmI4bK;}2%a-|dW1q)yOHze=aG_!#}F4RVkKoz)==bi8(1!$xPugYxs% zr!$*@Hd(VAbmx|<-26NISf|>_fmT@xPICRF%}N+0poR8WCJ#pr0tqigb?ZRAW;u`! zGeCg3;W7(E6Bw%M$;Z=oKrPMnYOmrqN;h|aou_NVi_x{=<+kM(M9FOJ+2$b>s>9R7 z%PrVO{PA${I4m&^@QESl`r>esG+cG+IdBlc0!#IZdYwGoqyzD0tmR^Q;&Y!+`;loq z9F5>9yQE+O0S&00|*F*gX1z1eyOfjG5zkY{J z$(R8*vARa)?_sqPUSMBsRyDYgXF1@=r58AS8P^c)y=UzaGu=Ya?ToJBwRwD26N0s+ z_kdbk@S-FyK-|YC721$5PER;|4wDn+HhjOgn=J0cNNVg~OGJ~(p&r+U)le$jUBK(!|0;M{ z>3}D9Xod|%13aq=Wq1SxdrB04^vnA+1z64&O4hMuc;!(4AaT|ipYy}2>Wt`!g&)Mh zBxHcor?tUIhjl&ZEZUfiel(^JK}X zvZeuE)Q#6>R?WHFnkVeRwJ|fcFbim_j~BpXQF%NP#U2j)=&xIV`E(1HbC7#@(rr96{q)X|5K6*+jBxk

znlv?-Q+wsCt$H>p-n!C)k&w+lXNLsJ7pBKFI&f7(%-fL#ENSDc>78A8ZnH*bMpyB| zdb0s9t>C2+&w#+V=H>{AdYgPn%fJ<3zVD;GqfO+{u=cPfM}Rb$Vr6NDb?laIjm`2t zMprwG7U1Rq;~lQ7Rji)*(_XDpoy=|K^|cGES!m5SvzN~8K(5x!eR0;2@B*Y5D;5=UlCmOG- zQqKuwraE}@*(9#BWuDlLWIe1p1B+5SIMcc`oI(ptnF3E zk$tq+QcHUrB3*j@f@|+u$@ZuM{$iW?2)Wmq_I2usPc-TXJYeXZAvW5C7-?*!YH$6t zY3?qgclgZmd_uSThqRAyD;0+x)dMxn`dhlJ*Dg-zJbQuE0sP;bA)SLf;CYaR6gpX;`^8_ATke$Cg=-a*D&U zoHHKdyf7Zs*wuR7ng}B=p=@I9H?NBH68U}2JA*l5o)p)IneWtP2YKiSHeBWzWI$9m zlNamYjM|&C>Oz@S3EoX{XAH)Q&0BldXm1juMA}<%yoV7Ct5nUXD-s>0Dad;NF8hU2#KJoFG_TjmbYs=^pzdWIRPv!J6cwI6D zZO+HlKNQxPe)A-wLil_`*SvaZH9s@~FV3Jx`V-cKvg4T^kPTUD{hpnDWl!uN#oI#f<_!TNc!MV3z$` zR-Ji#nsJby+j)*X@>su*PxC%AS)O$eC2=5Z_*~MdlWB)fqH@7ndB#7?vXDc-SAsqE zRE=(oM%V}1{>Ki02~mA8p%YIe)k5g}VtSdUy>aN}rqPQXRJ-^+D{AQ>%>F5G%N}cb zIHfxFR=xWuTj_4GZ;WYfxLSj^BPe$`Yi(Rq=b;(+3Ts?EqmO;U8^4wI6+QFiG4+f| z!{9$nPPf2(m97ni96pyBmjE&ZE$#5~O02NHWH~Hp&iAjGyw+8=gfrZ>>RA75KDhot zpMe-MXH!C5-5EX96@sr;=8Zg+*k~J*6F634~!o)Z@Pz__0JUS@Lo2AmdmM|Tu!aXbG7Isaw{lq=jSv! z#5z4VM@|@c1v0azP+)H5b4|5jP}_Ty!Gh<{(uX=C!*q8>*+-g390sv-9Gc%A)(vtu z-MCsI=F$-j%S)C)d_mUY1!3=6!+S%vqhmR4t z2fDGW3AWF1@(}Z4ZhTmy*ZVbueqkJAUZZt09!?TTAc3)Aj(q`AGW+aiEdXb!!xHNo zlv`8|*eN$O+Dv$4_Gxa8?T`dNM6a7Si*2$>=71{kJZXnO6ph8f1~lRh4=@Ue;`&mJ zw?hPe&$g0(gpp;Q&7!B61n+6q6=UWrxUr^*_K>qk1++hpoRwq%ZEtIQelxl+=(fBK z?G{+1ZJRr8?7Y`pS>`E#DS{55gWM(E@aq6@+Wsh+z}R?hNptYB1bn>$8K|lb{Rtj9 z)s*RK$K!|aV=Far^&Uo6M1EVKAI2jgQcYS2F!rpLPAtodu;GML@{9d-Tf;Wp_ z_X}Fx)_R!zT16##4#vNBd07*QW%k2aO@kg&0j)1ws@yo^VC5hc_>))8bggNU9nW$A zpPeFyE&t+C*i<@PZ$e9$G(G5(E;`$ zHS8ZEwQ050As0ZeG;dwn05f+=U&cy-GsXDK7@UN3PfR6&Gw$FteJd>LjxWQTwd3_K z>T*A|$LQaDioFH>V=v*y>C4_GuhgP*LWGdGavq(aOA^q`y@R7VJXI76-|qMlK^B30;I zsjmv1yy@UfALFfO95QpjH8Y-2l91&S)IVhg5vIGZNvjH@nC9w`n#g}uw_u!~h1gw` z<2_f7vg^ymF=A^*pW@1~elYRjAMg{-GK_|798%;=yUF3 zC(4=3C4K6Rfwq_2H#zj`B+dgtFir`KO22M(TMe(owKP%#Ntm{9Zm!%DS-<{HLf*4a|2hh+(t9sRW?6`iFoMF#A*s4mHP6eCG0Lsnf zi5r@E_j&#Jjr00f3nYIhXMax> z|N7sa*Q><-C9OA`)jEWrK6M>G2AmJ*6A!ekg>(EmaQ=l}e)GJ3_hsOmVKaf$@9=pI ze71wnz8*qQ*63i(ki+Ky_+)KgbD7fEGJiI zA_z1Ya+Fo~KBV@;UHTh6X+3;^P*sQfIJ{j}&FC48PUQ63^l4R~O!~|T6o#`G^#1q0 zsTW?I)qk8pC~WA%!v9&U?GNY_@qe2+v0owA(K!@3e@d=~SI>;7A8QxWTbS6FBfM8| z8O2sdhyME4yEqhX)TI}R9~`XFXP+V5iS3jYrAL~*FbE}5g8K{V0 zDg3_9|JjUQdUHzO9w1zdh0`JCZ*^mX9{jmas+CYgS))%5${zkD=<{Hks^L3P=u`6- z_4=#l^sgt+>veLbEXScUEHCCcU`XR}wYa}e)mYXXuD+?c+_VNcfLQMlV%Tvk-7LzM zo7qSn*Ixt9rykt|&hNr|-kQ>%0_U_X%C-obA`rJ`w1A9DOjVq$T4Kte3kSD`q}>mj z>sjcnnsA|~KJ{1h$JM75vHI`Dnx0C#Wr|3_Z)b!_MmI@mpn5*=8Z$ospI+@ z$S6E;1&3o!zRKQ&$Y`txMCa|X#dlHMNdC|RG;gk{W^>U>;!yn$hG&vPpmz7+ax0s zgC=aT*uk}m&ldRE=k??x2k9sHBsLP~hpYI!Os=FqpJx1~^_>9}=;n`(!aamLdS%rC z^_(_*p3=uK8Zdl@+5B6s84FdgVu|j-YvSAsdhyLm`n}m1l=p1-Q-rbWKA~Uw`X}_{ zLmbMIFuKNeVP*kOd*_~;%F|0wGYcr0GnQklLtp-T-D=`s;?hf401;mHv(GfBtFscm zhGLT3QKN4@ukVAG|NTcWv$|HD{`430@kbBo(}bbx_Q$WPLx;Y0cy;{dhZMZ^rk;QG zqW%Zgidls5o#4~fOdCJ2hN5$lbz)gJh8k4g7}m!>*^42_jNbUm87*cS)O`A&I*+z# z|I#9d%2S#GU!#K zT?Q$1hE^{ZTF}__0e$xmZ$faa3z*cVFyN>_85d#ANz6@aaj{YrEo^M#)y!8kaH|!0 z)ouINhtq3sbg-yBgg?K%FaSzGwZC&VF-N$cMHKSZUKQ<`_r(s|GkVSee`S4(dLR3Y zPIhGU>Fg^SB>dX%{s=`D>#1Evo2Zx-Z)hb{;%7J<$>`?-KhfojL;7E_Osi@+s89WM z=G}u`I>EecjLtD1ZtKiTXZ7vheO0et9M^Srs;DHq|4@L1$VJt)zg>UhKjXkG+MtWj zXGe9dJ_CJrbeO>h2T3V9e9Y`U(BON4>gcy zjPRrgy0+d{#FtQ(Oz1sa%tHvm8B@Z-vw|V7-2R77=r_n2_Q*jiw}Jr&xMPQN`@&m# z|Ia7%Jo3wTt|FJf&w3vFtR5f)-lsCJ=-M^I3)XSSLq1-DD8Awx)b~FAS)J}!0WYuV z>XiZgOO#{FiFh8)llqOndqNNIr#&|R5$3t^-lgG7nmY3r`X0I4{>_Z7xA0t39F}>R z++w@Kh|Br(s2+T#PrviI8bxkg)VKc-e(=tu-b6`SQAb?;hd-lFKGUwRKE=WPyXW=) zkTc|mgum{OOknsy9*JAXKJe*J{#*}Ag?YXC(j1AYnST!+B9}*t`YiVQ#FQqG=SB#j zmdRrH#OCbqeh%3u#`Vqr>usI8IIIzjc`8g!hBdiRkM8iwHZ07goeJhYJwrQo5MNV6 zc-%hnI*yO&oB!@@oxM1sQ8rH{+XFvlIAw>2m9@vzeV|9rK8ok=r5SzyFK#Gyph{0X zO-MT)&}LhrXr7Pd=);uYOvOJ#j?;q`gAVlUwe;{g1aag<>ki zVfX#IT-YEQPt739%v33P8msk_&@DzEr(tI49J!{zxi{}t*Gumka|PixL;iv8BUAc2 zzg@2nfN(tnGAO{1+M*|qZme;^! zT^MJ9cdlZ^3lGSCu5(_GePL0bdZbpr&{M5eLIEu!UxiGe3E2;wN$Sj>2KDFp_R`DT zH2EgVoT;DDQE2xc{zj7??ujdkmAvIrFi~Xb#)`(@4CbdtXzc9E$RM<{`d#d)e#ORZUaYjMQ!Z;KL53#o<8N}@Txas z4ZOB~^4(?q@xKV_HS#ZCC;TAn#&wquce$L!9A4FR&gqda%<1PIuhZxE*Qky5lk_t@ zZS7U)n=j;ab=VAC*yw}1on9V3102B5>+vrdKI`abm0H&0^X;VG0iVyk6+sSJA<`QC zGhCzWsc4wiv8NOI?cZ$HL*2-E;M1b~ImH1TGMY(p@IQAZsBix`q#Kij|1ssJ7CF?L z(%1gW20h9+`1E3O-mSNnb>`dFUIp}m(iz^G3oc;1me$w*NrNI7ie31@oDQ^w^tsP+ zkl$E=krWYEuBCPBCjouqFGKqMNen4k=k(ZLUDRhDuG7z3zfd%~@!Maa6aNU~G{Zap zB8E@o<3D;{x&l5EGvL#-f&PH(2(i$T%?GU1z5X@nk$shg{;klzp|_Ux4*mP?>rs8D zA6!%}ss6}>o_aQ_|K`~?CC_H`AAUEW7tVzB7WvR3jnwtjxW4%Fb^7{KjT(9}rGJY- zz$@b+4S?({LU<;%z+pW2{KvG%IQaOq_HMoD;q$vTeuEqYy3oTr>6AxXMlZ%c+xH*W zvtRiIFPBq{FuJVMiR7?edyZUA|K@dakSu8kCA%G5T1h|G)PWNn`rE(NMfm7CU45B| zFzt2v)F&{=z)&TL;5$F?u7=)xLEm}py8b;lN}&kHCX#tgnuoe09EzXR-~Y7}I?+*$ z4u`pn{>R31>Bf5+J@W(o@k@)kj$*Hx+|=gb`teg8dZv?u(JJd|AAfBIw_<(J6;j4>@swWW2ib#my;kM!>M zM)m!77xes1cn|E$JmP~EX4|<_T5c^2GB8}^HhYH>xOVsba;5^qkOm{aZOfIY?!$9C zPcJAL0~pygS}vvsE0r4aayX505WT{Qh#jD;c|PhrH)De|h>O+6$dB8k3Jzui-Kc&^=mSoVnZ68X3S_<#tvB3-q|UQk@6d)r$v4AA4xJ z8!Ej=i=^Mh9qX+%aLx*AXv? z*D}e(4C-eWD&X%?_8+W4tfgaw@D8Jcj<<18iV;r(dcP(3l|>@5sJ{X9S<|B!@?p$p z2A)|Amopr!+FY=GNy>N|hKCUjH*J6IbVKNDY#(FgW=oYr#>rp=Wql4&r(I#zq8Mvq zG>TC(<1jmoegoOW8wd8M^~?*SGx$Oj+y`tN2#acYuCUSEF`c^A)K5*>r3VJO4<7%8{3#dP8{5gO*(1vp}=b9r!)*DU7H|O5}RgI&KZZWIaK;GB%4AQZx0S?_8;of z5d^0x67pR$r3;MPahXCTb`nWQo26m;87EQSF=dF|dbp=fxx-P7PT_Wr;&Z1;*0t~% zOtwfvP%BKRS`r>Ueo!Y*H7hjkzHuyqyZbuT zRk5hrl?5%24D0;VBwQ(n0tD-ou3lAk2lVivn_8M4Cm||zqHyhb^ngyBFgWo*z)E%k zYtIx?P7F9Rvsi}@nzulj9An^!31g@GIpT>Xmxr`~b>n65xu28oW4(27g>j9s*;)4S znI8kgt$7Tj$*DGZYe3g3)2c+7eg&%xvog(w$zN32%7J27t)~y`Ar_=_li&!~&t;#j2g>jqW+j9wwecV2pSpXz#*x&JfDl6rxHF+2I2(ZT;e9%M1ULtQbKZv&Em*Ej70jdRQ+YVY zC$Q34!it1G8hzVJZ;LIT+wlbV4rA)*8jrne@YN`uAx&nD(mVmGY;bj)A;yd@q(q|n_-7#_+lD`l-nz}aWJe?Bo>CDokLg4lSmfFiUZ&^h=%SY&XU_j>y#W?Th z@OlWE#oM+4x{e!d89T~fF4q*+P?fcHsylpI$4?*8Cyzwb7ah~UwHbI5>K8jGOH3+A zdlyG&«h+?6kj;}_)cbK1s_g997CYyv|A=<*WyG%HKTccI6f;M2y@ycTm2+PpoWAAk3Unm$mc z6V-=R^LV>{1xw{=EZsv50X2t)^uk}@p*KLjoY@pS4{Itnr)(5=c9{TcR)$N|lS^}e zq6TM_VluXgou%rta!KNoFU`Qg>1!y4#V!R*`D8pVg6v{7%+8ph$E>qN-fn(w1^HI( z8J7%`|G~KY>9EL}00yk$H#CluCkO>WzTG|Phb_CBN=6M!EbDrYMwW{vw z(qUJwQMH7Mn>vRDHsz9m8uA}ClY0_Rt;ZkGQ^ z@Ct|MbJy`Eo5Iobh=yT=Y@AJ8%6>H3Ll8n`;9w+ZQ6-xSq@;N849*TQ5xAG~6TpGNMyez{7o zywarP;d(7q_o)6vOn)obr1NKq81eq7Cb4Wy#n{8xy5jv`PWSH8J79?rDY;~grkN*a zM;Gz>3+j<$%s6ECAr5CStafX3Jg#)n6$h}HDt?IjH^~mFk z`W$%>yO2H3o=xZ+G;A`PF{Y05oZU zb8|(FZ(+y^{>KM$q!CzDoPC%#esN_fH+dQFK8!{d{qY+K>dGj*6h)jDGQ`JS`Jdi= z$f&k^ncSDl^bez04s9>>r#JMkhO-$W$>R2drSs28|-4e)^G|JJ5dR z^(0os;Qmt>O>!VLk0NgPLXNOg!h;-nkwdZ?@YzLs2m5Fb`Rft~c@z_R9cA8OY@_WO13k%yB5%3z4xiM_3EA9uKq2mm*) zXppfQWBm(oa8<#+GCek=sT&J~mNI$OJUJIMj$C~?xTq*&dZ35=HAD!=F0ilYpVT}G z%LF=}!2GbXW7Bx&C7puIi?{>rlcQ>E;Ib}eaml-3*7)!~6YPlo5Uj*oJXfOwPaM~S z=$bCFK^uf`=TK5wE*9fqcJN@I_OIN_WG;)W;r_F-qZQcL6R@i?rbdh#Y6)3lXM&3; z(anp(0I$OPIvyhu5r)Ctbru{eqbc_Oob5XU5^LVS+}Aug`u7T-2orWFS&c_f6UyMI zodmD|tQPma1z@a}O2i^VGkF3*0RH%xBs;)-7zK$EaIhsv6+Exd7G`=M49EL z;k7oto;+`O#$yZbtg1LX9fiDwWivRlCQPw|sbbBl#Q3h21C|jy#HML)#dIa;EG;)r zV-0Hy?Gwq3+~?2sS{h?c&YXo$L>&>VV%gp- zzMLl`qfmhYzrGp%!5)1HKJlRZH(oL(q;!^3(wHxw@Oh5@$PKRZyh{w-PmkafKNac~JOTmP^Z!OPD2 z$9w-jb?*Ts>2=+A-b!6nopVmplLKZj17MJdK_CGVq(q4nB_@fIX@#Y1Sy{4=yxMbo zR@QpY+VWbGkB%()NLE;i6oW_*1V9pT08GHdp4`(p=TzO*)m>qK|Myk(boT`GfRuOj z&2(3F)%U*l-hKDod*6+^*Xdt2+119|98B2r=tYXiz);kJuC_Xf&QH6VQL*>5?z0#P zRfBn1i=)roZ$}Pz&p+@iNL=RC?FWE2;qm0=(WzKF=kP$^+bXDqFQ&Qx;RiL<{Fte0q} z1__i{Klbr0+R4dP?PR2h;~}B6q1s3Rrlo%b?Z=_VI45; zzz;LXNjW^rg5^EEcyyj|>pws1FYSBg!`yXwzr8!|ww)sWwTD$Rtgw{GGVCHtBk*ou zirt(`0LPZVPf-K&Mawz?J(Rzv;N>Dvi*O%g~)?O!7$f8ySq2@hZ*@c$TE6hTKK)MjQl><~# zTVkOXBPi>%;F|`Z2ql(S6n={cU9mhE1jsKTYAst8`sklL7c)@|bn#+4bCUb;WP5_p z`jTL&z40c(*g!V&efwMXM*DSpbtYmH%P=Vv zS~9PsR}$RIVFtydAA*n}1zTBdl|B8Fq|(C!z3*>cu-7m4+ZB*?4)0sv5{mc-8tn7G zxgBLGkq^gTwMnM?xq5C3u*mc`~|C?9r==m|51Wwg^_L0Klv$nNt zt8K;WGs6Mz^65egmR8$iPq*-S(gvS@-d?}ZX|GO4Y!ZcL7zUaf=Q875h9l;TmTAE= zGGeiX5<7DO#S|VRPZBLsgm>{#;5k0HK9b1Q3PAEw%B^$X`G&Q>jQ1wE3031i(IDX} z@M53sexT8Q@pHRv8>s{joOp#GoN2qdTw~=mZT8V0-)`GbI*A-)yyF@JL0?rPN6g=Ike3M^RJIVq@d>@}G3rRHoP-`t8SvfFg=&{smH) ztk@Sj-iNU>Z68LtU0zW_5kyijjda*6U+T4^0o8!v`42bQKl`m#D?%WXhk-*=QRD2z z$|Gw^;2|<-z8nQ)&<>RK+1YEC>_7cgx3v#ZU#51yOAYo5AHqwnxzTE(6r(2pH%Y

|<3*Bzrr%}-4);+ZrKRF0x5`bu_cHaSe-^V^qlb_d#REETtI#`*FU#>u{$OP3Le)@XYkZNNiym(|v= zj~M3)o@t!`Zes*j4%D}M)d7OdYx5JMcJ`&O+4=9nB!$<`6CHzHxCTT0KD+1P2K&XI zyvMeem)n73uUf1lZXK9EORB5wiDz4_IgCf-^Uv9LF7?`L?7x}Sb?|7MM<<|>vt#U^ zuUh+e%Ir%-R2(?cj3;TE6)oaD@u#m@JCT4L7@T9k+>h|Bc1w8W1rf;czodrOHT&)t zyX|GI7yD-a5%$e*v|`ZoYIuP@>n>M|gb0A*>N-0pPs`nSI2X2C@0AW}5@OixjbZ4- zaK#!zjG+-;e-dDYgR9J4Z-mYcrQNS=KiSW-e+ixv`sc<+?97W_W3J%y8hHA`wM0Yi zvjdOT+b@20Kj}fC6K?}gQWbU@X-pco+Q&b&)fz)H*8im!?b~O2?C2EFD{8fhoe$eV z3{$_hd)OxXdh8Eh=(cw*l9FDH`@Nk z8|tw$#v(M+}D=b`%!7cKqrk`;X7{V$3hZ6K=m9JXCJK z@C*jE)+TExB3)$1fSr5c@0nY92FWdFK2W;dcAGe1OZL|O7S<*?R`z_IPiiohQ_J2Ls zXV+13I2w;&sA~f{WS{&lFFL?D4_o%a3XvR~G@T5aZMJsx*F9;q9XOz#`LA?w;t_ek zq_V0E-ibin(@#o2#*LeoD?I+521(Di?T<(U`m4g284ks)ySv}I_*urQ?nZwb*J1sv zB&cdwIi-sXc{9T}b>Lj%LunbztH2;vZ1p=T?2}*EYN63#qI0ILUoOfVDrPW<^iEHc z5^2WuIW>62UizC(`(CD;b49(~|A8j(u>}C3U=)bf!9ah&kB~7`8#D%fMoU*HirZ~R zFJHF*@U33!oZ>LjaKP@TcGAy1U1o(%bygc5u>m5r66t!YZ`o=;_GuhE(&N_schB25 zE)3Y~M6!>^N->f*P?M?2KKCol&}IyBI{Xlcn*pEeTQ{_8@3+@T>oo1JBc;%%dWlA|_Mj1vuT356>-{GgCVmiW{cwpn0k&|dGIw!s`+X6J#+ z1Suhi$c>XiZ)+Vj%37^9Ibqkn@f>MphwY6Sl$h`V3GF)6Nk()vpd`OIUIDyv%eA_X z^nu{!eW8!N_0yW8xF@~v#ML+KJn2`*@CABsyV<|m*^^PJzj?*}|Z{)&4%7?x4-y5UbD9_qztkry;WKJkbms=9zOWdKKSukonRbq zygp%vNwxdLgZV~~g?;BW?5ij#0?=%SH2g{vC6$41HerPLk)Oxw6QjoYKg4OSCu~=6 z!kDFQZ#p?=Pke02e*U*GLKMX9-tRHLfjsya`<7{WJ#TJ)ex>Q7!E}GI9sm16!rc9G%$al#TKrFP;gg?0@2%AcVI*N@HHKmSb(ADtO{{r4lZC#73H zvMI7{0GW81ehB)-Aj-HfDvxwj**E?qWnatI@OuA`QN!!EBJfod=Zx2*XEz|=BB1!N zymiJN_~?v1v$NPfLVC{Q$ISk>FQ-X?hk_GtUU?zQOLetBJfm0T5Is&0cCQ*o_HXxr z`-2a>YZab-C3ft~MRq)QZx){E{FsHSr|knD2A-cSwmqb+J@g8En>k)LB7Al)*iU~R zhceD6m;Nebr`z+8>rl#8lAdqhq&>Z_z`K2w>_RNupec}BDR^FDhCTP;7o^m_!ps|V)}9-HN>$6M?(Uubak{c<&#Jginb zy%V37oF2vrwA@Nc=d8KB!=7)yZ2##+oIVz-ti0(SJMu`O{q$osR?-;5;TIl+BS$KU z{LorwPk*G@%BFhl-2d~uo$sEqx8|elBOE*uYkL=!<}~Q>w|VINwkh1 zn*H%s`{XY)TD+sj-ui<#NY6TBU8HNnT*di8ibD1<)`DOGatr?^`pAwm+-Jw3>5|KJ zcGu;PG{ZCY+7lnFvCn_(u)3b_I2kRbQb9T6gT6D{AZ zon$6%lGCn~?kgyqg+cC9^>K^u1;bnq94~3(gJ%agR}jfgEt+#D7ch=fhaO>DwPBjt zs;$(I!IMY>x-qhE-xwEf?{qn(GB-%c83-4^-wW+N>S0w9Y2lL`#YnsvcmN6F7@l5Q zv<{psPh+58Vh^Hf;2w-ls8>t!Rxq^1>`EVzPUsyMwp6XPFa;i%9cc8cDaASj`c!QV?=MD4BxVYnnwGGfaks~ zqf2C+F&l-?6cP!xbt_T-lr$K+h{F;Q;)9%bWH@oEQkb$FSTs&WPkH^Vg*@N0k6cYI zXk-e0y8;j7{~a%B=A^t|3hMtF7v2TvIx<3!6W(I!I4k~(DdHc};TjV!u4or6ST`Q|xm z3Gs8+9rsu6rkh`-taq##J*bHGdwk5z56*t#rpGVMFN(e+f}?}xx1=BNCsJNW>Rrt* zZEa!Aj}(dMdwr~jE7wO`$!G8Nk_to)VufWGDd6#KJP4A({`6?@2+r}HR}$6>4k)U~ z^|cWQe7IWsO?XE8jdYpi<|2ZPQYQ068BW)gTLW~Yxrv%rq#uspsTQA}v$K83!9AoJ z#L)qJ8mQ=XCdV@8WRUGUhsSwxuEg4xLEf0az&3DC0+f z&82cUtLp%sCBU<2MQ$Ak>6vK?gFthyY|2r4MtQ9hrw-L~d34tFVwN}$eC5=RtK zrUwX_UziwkLj4qn@ZD+hf9KY5`gCn{}#5cpXl%StQB zM~*V2oI_F^*U!4ef9+LvwhyoRUjt_O) zm0k}&<%Js$_IUV79C|$|@g`6NCGc)S>%nRgg@VGe=ftoT?m_cGdXo}gl@-6^;h9qF zxOoEr)%ytH+3$_B(VB^Ts?s=1HO>Iz^!Cvn#<`2MM!^Y+Nixo{A`bb$Xvs0tjS#%k z-#NTi(Piprf!Eucsr7-^k%!krAr{tCAhOaLsDF}Ln#EX-=L_rLLs5}t{k?S{hxg7s z_$dn!@%k~KpTiY(f;$(CWb(fMhg^Nh}Zz$oH3#wRl{y#Xv_w?sa=Gprw{iM zuO=b%1?DgNn$~`q9EEY1zgNSH_M`xtMfj3u%X%Rui%EEc`cl-~DV6N6KA((75JmAc`+YND3E1V{4ni>k`{iL5d&da09RL@}%Zo*SS%Y z!KCqm&Pnc+;FKnsDMu%Ev=rf4xCWj@b+$hX&&0ws@I;7#(DVSh1!jK;p*3%`TcM;XuheY*w{e5WW&;paS&RoBFwGGsVY_71<{6xT)vuR7AGcjmOEq;c8}SUIb}4X);32yT7d(2WNfVe#>Bxwnj{FiX zuC=P&dr9Gjk*s6T&h(Aia4%6=C=rx%U(tI?dF@9IR2{ttk>(!1Ew(MBQ7Ga&dG-0= zx6(>Xl7gY@Jah>!#yB41E2O){rPE?V{Wh9DXYI)ezqV>TO2_bz2q(?EHlp8w@UCuOqUmIcfJ%TPVnS zjf^b1^j`9C4dKNe#duWCp|2)1Y>C++Yrh0<#@jxFce_%oRqx$tJ2|NA>A7YX7UxkE zfQym`z5i+E$ePfizajc>QIN85E@;KA|;CqO4lNqdJx8 z!uN#Qqy84W`Ad)wNp1U43@car>=?YQn?vsmN^}*2-qieVG3EF2k@KPiMoKAr`E}|t z93mapy?AG1#VL9-W8)~^V3pc%nh<9V6u+c7E3czw6b^C~b;wJP&QptsXe|`=Gdgd8 zzYpD)XWOgsrbI!uqXuQzpx=6chm;DM-{vo=l|_R*MMhC|!uGVT7^P_78+h7>apEdX z+M(T~3nlmcL?O{b$OOdtvNz$i^ry9olxM8wK#X)WQJcCPwNpJr9Cb1`Mg5W`!H?V* zAPtaV5MP`p-RL~dG$=v(!PyvVlA;FESZ{hhdb4*78?@bJZtv&=&{C2p&v5PH3j^t)y~D6PAg zhon&P+ZnQ`jGqeF`IBTH=^(x3Yybz;CF|WzNCZ57*bBLm~WO75xQ&HKK1EYlxjE|4q$ve6SB9i zgo#|kk*GrHMcH3O>sQj>zFkBRm(kx9ufICMbG5&yZBu{1vxojh#{AX?4c2~O`8Rz* z8n_fOu3AnrUM(lA+C!?z1YR$*Hg^J> zQJNrwaUn0w_=p}}#0haRj^LZ{(_?-W!Nqx@2e zGVx7xAbHg|!PeS6IO5b+gI5LASLQ5^#Pm<%(ivIHEl>3@HC&1??v^6l1et@5&OW8I zVtp58kv%4X7j!?#epfqPp-s0#x8P`?Yvz7==l1Lw_QuDn@6?07U5`JE7Mx0}o;PyI z98o|M)V`T!U46*yX&fPadDK4TyjVbH8r9)k-+uM+w|(PS8T2fTo@jwultaTj2W7Ep zI0;s3pBI4UrHOnPmC=gtGa?jRawwHfWQj})^J6$2W5}E)ECBT#XRwgXS4J&Kv{9%4 zn#m@LA@eT~!JOYyrn(eWW;7^t|f-WR&TLcJs7D zTE;0{?Qj~qsU2g}I;`$-%_i+4Xl5DX7-OAA_D&J4Aw%FCXSFy{tNG}o%5egn!hk=n zw636qGNI%V{Z>$gC5Q;t1VymMFksDRJunolD8)Q_=o{TR*Z@P$|BB|HCh^Rb4rJPS z){)2)>`6|p=C%!&2X&Pjk$xth(570>tcw`wd&n#@jv*mObJsWY+Q|XOwL`z;wWBW3 z9ouOQ*RS>Z=dS-tH8_JZB7v83lnxLuQQd+*x+p@ed1NLW`1%M-TR?{uqwXu>1k%TP zxU7HT=Ks2zac=&p**gV3;Gp>hwC@of;@SDtv@*Y948-u9V4V4p@(%wW=7(_>o{Bi( zV0hPks)6v6{j&&O4E4>}GCImhj$v#8clnV2rQh*Gvs%%U*hri*2;e*dq^kkXT{_KW~wPn+)S@J8w*kS&>zGaDe?1<~&zHG-0!9*086Bl<5sak|yWz&CRtN#PMem zL!ibOWKZfRlU;`(&KA|ILlNuH0G96A&Xmd){r%vX#~+B=0-wY1NAZUe z_~}~ypuHTMA#)D=VF>{u>3E0ek=HK58WrZlyYJMFbrWAvS%Ludx$;RlS;IL}&xk@( z3ea)SvA+^9ks!H(>xu9yC+ahhpRjUd(`jgqE7K#qfnP0hUQb~38ik(CsVsr`00yo3 zYMcRB;{bsk`Lxi{CudhAi?{TEExs;#I+MP)A^2_`!)xjh8ElM(9?K~@3N2m*dg1QH*QOv$L*El zm+beRBb^C(PyNC=7Uym+g$@d_bvRfJ0p}r`d6LJlh)&|rmssq!feU^1*PSp1=Dq?^ zOmd*op;kj%`#ga`$_^`F$v^ z0w}0r({`zS77y7bdz46p)~65IV<%p)myVvdKYWd}KLd&~LI`lHs}zbDXo^UIRYn1F zUxn>zsDwt>U$Ou21)221Y_jt7{%)FQmJ6`WKX%WLNCnW)zW?01}#E(TZ^$CgQKjOT#dsV2n&f!xORDwa8~AyKv2Ak6gKsE3l4UfO=4VuFkfCSA_WF> zp;)AU5eA;CMFb(%B|MQbJq064q6}Uf#PGvsOBCqKgi+j~$UAm|v`KjUtvpF+J zAq-r~3KZ6hB7PA6LIj#p;4+8-HxC7W{r*So@B=&TQ}^cEE`)#VWC%i}N{f(!joM^i z`-6EqN{y-xa9Ot5yT7zAP$JkY-hI<{;XLb}zsDZ?$S17v=`MTh_zU*J(F^uR)ZQ2w z&f=%M_86m-T9IPvw3XIdnZMF@x0c(zUuY$2$D=Pf{3LTBM!=K}4h@r90B;G3ZwJOS zQVEy{q8OkqcV4uf%hzlSZYPDl!%qx4S6}-F>r{jYhL|)5u4N2Yekr&R7!$K`8##3a zoBI;RL}{p4jMyZ?StVk-WcE|?&|VJ3Blxo z{6tjKknrGQgqbC1fi70u6FeQxY7M|^aGhLJJkx8hIu_`QZgH`DGX*Fe>&Qu7X|45( zmLHt76KDGDowJi3J*uF(*_s1DuD=v}UBYXmxXc>weUzGZJM5F-^$yY+#GzNd;37i6 zxLthnf_-)Pb$e@g&N>-KlFcOrRiv=S%32TGj>Eg`SD$UN`&tUu!7~!20BioZT_Qch z3UtoZ7(u{OzYFAnF9OCs<`V*#lq{0IPI(h)fd@Oc2kUOp+1f_xsWA}X$=9>qQB zzNpD_@L#sw8eeb{=mShp3PpZsgs71TJMmn%ojOf=7wva)(5F$3`0#dJ zz-2wdLB1H;Th7k}iu5IFaVfWYz7B0#Qx;h3S4d6DBGxa#`U#f0AX{!;9z4r|=lg)? zcKg)9d?I?Y@C=a}iv4hb{rlCSS$lg#@Fe<_u_ywude2^a`m-OhM|Vc-f#vgd{tSHl zE1jeQXtO6i{z+ zwLbW?-Fvv!o@pGh84Qu%#%Oi23x%AbXM}q{fNOn!&)C7kHPkd2vFR(}$#g|v$;8IK~;N~`*N#I&zz$G&W zTu?5n<|6S-801JPdv4y!2!VR?6Q8yZ&Rwx1Z-3kV;V8B1-XIkp?uR)!%iBjNMW7L? zIo5ROaeMgwHu!DSS~;M(^&^dKFgR-GUTL?l47_2-$?@MUIfA{Ql&HxBUWk3iNG-F+ zzEt&;t5x?)zl0n)b=XJBe2L2|K)Vm;KJ33cGmhy#4WCT(YynI5iOQoCy(8UcQI=I6YR<`xSfh zY>z$HNyN$&X`>B3^Ym8xseiG@$_^FSk#`0yN=nP)*bS+5yt%z0G+_yK=t@f{%qzBx z>#y7Ocl2zpeJk5v9{oM=Ot!y!^Xz?Z_u!yWZc}?7v~61>wl785|l zYWqCV0?2I0Mn9;%pBu}aUY%zvgN={n;doGDedq{A-w(gRk)s+qG|9eI%~)**MfC)5 zm#*w*IvpP`2UUDbFJK~92L`PoY`+`iPE zwzoz@)>S~1iq0bro{OYN9=8XdNZY^t;cDAeAIZWK0h00N;5qEziL#Yue8D-CEF!>N z7RVqqy`n|S&Pg*^$XLVKm9tf}&DV%d8|IXusv&=eSXR|W& z0pn3pccIv3<8%H&b_RBNd>&d+2x9&JTEU6*4~{V*{FB4P(I2=Eqo&iYbdotzC~y+MiXA+tWll{_clsEpI4e z7rq;^tH<)JgR|Ex$}yG&TvdOI@M(&&)8C#wckZu0*WVDkL;G*D^wW)+U)g!CujNGg ze#a-J+`b91vn?g3vj<5h8wd_#Z0xqTzuse~ugzH)#nlS%NTP%zWrf9%4_Bhp?SLPZ zqO6|gz%oht-}C1dtm=WS@E3l@+wI7kFWQ&iAOiQTMbfK@{~;%2b zjj+Gr?eHWyR;k@)E~jVHjX3P2P(+N9iD7IYhY>eFL70+Dhb7&fOS#Wy0qGlXoSMYp zq>n5kgEK_$G0v2XYv?_6e%4u4^>E|_6$aUK_K}uC&NQwDmwOI4ic@hO1|!wGWhx>Q ztCz+rr)ouGtZTw##azfQ}vlZxcUboQekN>sYcO3|$(hp=g%jO*+d(j9A#; z;Tfdz!}#q3E{kM*85x8B)#clEqG-3pX03IA+OGqPb`C=yL8ji`)Am>$E$_9dbU}Mn z19Pl@k!&dX8{GisS=B=qKIU%It-5k#B*-3(lv2}-vwRIs*gZs?4Pb~+nnFa?O|`3~ zT{qdP2Jg_$>-Fw_3l9>=Gco2;P(pMEr7DVuw5f~{g+B;fMpi6>1ASu~>GD}KU29=; zcfI|8arfH!6)`_Ds$}PPjrpBteo<1uH*6{P=EvmT>-@YLUP|3Z#xt^T^f12i|qdsJ@5wf$y>HpTNC*HL3ET|Ju!Rd%7T}&6FJ7=td@lF30K3U-z=@K zu*T}3ZO@O}0I3DrIn$04Y=NobX27g#N8RA+z-l{GxL$oK%oW-fdcLv=E%2tWtjKmY z;nbTXxFJS~g~0_oKbmqW=Nl;7QXpD=i|*WqoB0L2AT8*xNqNb9w!t6vBCkiGMdA-Z z!nx!~*?WcZN*J$(H7*GvYugb8yG^yHZqcrXc9+!-17S?(dYs#JCeK6fT8L~{juTWf zx;9-NC)RwRLwJS|;@}+J5Di#=^(pvpmygmElO8=AA4clo!BemeuLb#xb4 z>WM$dOUt{-i>@KEQdT6ENUw5z+?K(R7{baj9=&;_GZ^jav6CcoK1)%<32HI#bG_8e@!QY}MX`&@ZEMYCi{lA*9&fXxqC6OncfU41PZsjQV1+Q=#SOw@ zypNP+GK%o0+_-rNIkLtF5&l=GNilTklAX)2k!DM6E8dRjOrsT$>flF8$;UZ?*Ap9T z1i|w{A6~Nb8^A~smXSe|9~@*{E>@S)4~6n90_fZv zVms*L3J40VRxfYunW&p9w8Y`~x?5K7)pxmXSSJopE8y8Akrh)@coCByT3=^GF!)I! z5JBoVC}NUfp7P>QI){acVQS2T>@0?|X=?Gva3jN25YMT;tE5K~t}_r6yTVw~Rcl+fnK!!N_3{g3SWgOxj zZnXn@N{BujC7O@A9l~p9iag88D3;xJ4|$!T59pzp7eAoI(mdX`7cSZvYSNX>Q0IYl zNCsN1gmj1>XC0;#T{SJXR|EHEHtG9%i z01EVAv;cfT3A93O0isc_a>$I4azjx8j_xup;q?lhal@Tmb_MV9e(+j{E2T*ED<){x z<^TXd07*naRAnIEOyd+uo+3&nP0o73#HGiPAzV=x`~-9m6Ql+7?2kil2Yq3$pzf`m zgP(47-|2SVfi#M|xdBf+#7ow|Gendb@Ejr+G!Fbci~WOAGAN^JT`eKy#nxCjZ=C14uxXghj&c0&Uz?RWTxvlv?XxYt9 zxNdgt)gC})z*7<+G7uv+a7A0^q#$9m(O-mI|06gg9?5e?poXT z?Z>J8qH(XkZt8FUE<5s2ne8s8KO8bHslPG!^@@Z%=BWjP_q%m~UJrEn>@;;pMsn+b zH(M|`4Qx@squkKpLCzaWmFDQb6bKmC^Wk$1Z5V@iAM2*}B5LnQQHhlomRS;`5&lM6 zK(7e2V6Q8OH-b0A*fJR{Sd?s$;f;NT(j*&ccV)&Xcl$V9G`}`3xQDjq*m|- z_!M~O15!~mYE#30YXT;PymS?jqp zJ7xXn+wC-aw}kYEjrl0d^0rykfg1bqDm-l|LYqd;8X$W5${+L~b{jqk-ik8Hyes0F5*&owBoCOMr@T91BDfA%- zpIU&gxf24+SWYjYa5a$zHMVb0k=2E!Z15x=^~bK#$G8Q@3hcyNSMfG(w%r)fs@oRr zP+J%HfKwT;Oe2^3l1ke_q~SH9t%zW|K7?YCc?C!_+%-@{U8MW18T@G^ntPOp88T=I z+zx*>g(TeS_A|UwDx(1X%~3z~>eXRuzd*zs{iQI71u~?~94My#-~FVJtg*Us(pOht zxH`~cJ6nk4DS}6nvf`N!)>+R%qD#Y-w)apKX}E~!qh{HoAAP@7Z||fAPp@?%Ka3!Q zCs{=DLs*@z$K+e&O9_=f$13yqs4uIHYJK z9oC(}L($z?biLKya`N{wupmX{6ougj;Mrm79PMu)TL5xoJJIB1@^E8Qs<|MB0hj6o z89hFmwhNc3>nU$?_==7X>O;Bgm4bBOQh=iGM8Rk;2*I`4?&5OrBP~iL#*e*E`Rve6 zcpCMVhDnulo%Bj`@YoE7n%XV-*1EF&|PpypyMiAg*x6!njUa(G*IF&JMGFcs(G*VZiI_rq-hQ+>m5{&W})|>sr!|Q?IH9 zyjns*D2D(aDKD;Er&bwR29(V}vXP^WM50vUth4Vaza1p?R8Y05Py}2@HkgOU3Z8XD z{IpPy*n_9Mdhue#hjk7|tB#(SZ9`t(^M0bec1&4|+Ld7x!l`LHH99YzTCp={IRj(K z49IWT zEnPC+iN3Nm9S;M9j@G-i$>L#d{eYsQuWIM5kKU~=qxZ*}-?!RFE^VHk>z?h=&)j}+ z^8?=(Ft(l3{9I)B`u(8!^lvN1t3x==p-`4#Lj#jcsqwiLV&T~--k9NYH{?%Y1UQ5)0Z5{> zBVzwZi|wUGnQyEQzM8gfMfJaLJmWN zj6H&4U3a%-^WJ!|faKx;o= zZRJ7Mr5Z#|SthCvYUX4Vt*IhHlzm4Jm%QWlBA@5FT7AsBy-{1v=uuJxmZHZ933nKm zp5tML_e9AJN-G~jM=?v(l^hT>4qd`8IVZ>9eX2?AlvQf&7&$NCiuMcG4UV}6*~Zxi z=rdh@NGSc@6Taqw2VLfS3RPWr_=wYxFS z&Am&qS%ix#IEjWiSF6tK3Pzn3&I5hWwO(rGAv&3#tP*mDm(!-~gB!=I-Xuqe?s?)6 zcK{H<``a*7 z>G4+FIV}5y1B%pxIHxY<*&OLWmu0k;o|OG0acJ$OQ|L{2#`)p~JUy(D{!EU&g~(X7 zoW&yG_tXf6RcdX|V$5CQJQm7duxKL=iquUmL9bm;4L$Lx8RTeJ%aVN|NB3}H)T(RA z=u{iTS!UTr2IpL4_cSyh!Tu3Qb5|}xYkfPSnzHTsi3p#{wi7HBV31(1rqJJL9i*4c ztwS#nlYP{4nx|f6s7&jCv6&Tcc(%6FT<4p4%`TqKzRTo;o<@EdU=HHLkXrQq&_6ct z7&0CKuJ8v>?#V5>+9hI3Hbp(cTeVY)SFfEn7^hc3c2T5r2)SmF2(@V<&Xg6zOUvjj zu%k;nduAL*1)Oi}f^F|>e7D8-kE zJcwcB$hRUZ!6SlbeNzfvvD$aPv}hW;HW`K@n5zC(i1b=vd;N2`U(AMisb)@+sHXl& zA~RULy{&l6VyNrsz)N6K_j!+B-+t|1V%%&6q7j0@V!V{eMOl)<69j}{4SaaMt&lou z^zt#AzJ9_^ebb9zYrg*}J9O|N`}8w~wlh3oiO!QmuwAs@|K<|4mOR3eNl7`}XZ@EZ z?XUm*oSi&3K?)3%q#S4%8J7kpuMDMLNg#-Z2wBCr$d{VCgcPk~h_qA+W7NGuQh8eW zNay2CE%zi8WTckSI479!Q0ya%4w3716xbm>CUcz7l22^np%4?RhpwbGbf z`_i}V>!&)Yoq-W?t_aV-8r%JFqkaD0Y;!4#lB`XDjVhdxax2Mtr?EuK3rCFIU7Aq# z@*tD@ORw44N--yaAMYO=Ao-Z_1CKm;cXNtECkKqyJZSABHu+vFpSx59SMZLY6jm-_ zcL?BX)$WneL810Yq*@tJl6%4b#Qc=?oqEMa&Ij!+@K{7vkJLRd5lK=IEcIB=g$er~e|FwZU!25aAN+*K=CDemPC;js8YsbmGJ(?H ztN)P2PjEBDoMkL@ljQeJ_$gf0u!UoKhoK`w?&%fk81+rmTd0(jBPb1`s)dCD13MfK zQ3LMPoHfok<7}U>zx=avcIML59mkpE(B(yH(sB@Eih_}(218YF8qgY4IrSBQU$&9|Ex>+CuEcFWC|na5=z@y1kVLh{G=4QbsO%a z^%QQ$som7~&dWA*HehdL@me_P*gAMDfh@6rp%+0nExaZjo8Vbp1w21MR0OrE+Q0Zb zsZ)CG^_ifJLMJlu8awbrv;E9(x8XE^5|@5Lc*{{BgmG0{2Xwr;c#A#tbhXu?5c&}m zHyIA}q5Ns<0H0s{Mz6hjrk?`dpbWItp$tk$17DQ3@GrsZb62Nr5pUNNTwNIG;VF2H zfm!Jm6N|VnBdCeS>Yr*9M%V`tgoD-n&L(!s0qu8A4$gp_eVTjZ#$N*UZLU>#&QR;& zzR43S^jK#j5@YbqJGB*nU4{C2k;J3UL=C-MK#JZo=X!r1}(nkn$sEjP4v&to_@k8|A}tADKT?`eDR zfol8gzA2l(-a&t7=x;pRpB!R@Djr@hPLEm7@$cB+>43d{hjmy+u$D@}BTYO2MXA5I z$SU!szGru#;TvExmj;P8n6YA|ltgJ?O7vD7qc^s>8?av;@!h{sZuB5LFzO->y~B!o z3b-rB03UdwdI1iDviw#D5Eo?xjp9t;@!K4*1z#SZA9o2b09<@p?Nq=wqjuUm4llWj zdz4C4G%ti>PY|UWT{^|R_K4(8KgOfV3Ot=LSj33ZogqD8$ib!BLKU@EN|eMBh9^qx zFmC84#`O5ylntGK-Nr6ts7HyHe(O%#a`;Jm@ZMJY!bhq1k{-0Vj+6G>n^)}re16EK za_|F(g{e{NKK7CgkXGxJTdv=V$8X``Ij0XFb94tg-d=m*TRnE{{5&#RKC(Cl;upV7ijn)R zto{Sm6vg>rR}^o(WqS#^D7ge6#xwXgo(xI%x!ilPtMitBHT{z##C4czb*SQXAA z4HQZ!=MY=hRExpB$ab|P?cd&q;sQL7ql)Tn=>Q)nY_VOxZ~$5Jq+R*m-`jVfKi^nj zJt5nY<)rkIj8jYogtkXMY>z)dO~HprxqRW8ef_^2Wgm{%W%$Efic=^uf!f^F{O&aS zEI!})c^DO%B>n_jW_=y z5BV%aE!ZSp`N&Tz3q&Qx?B{=nT1I$h!oJ{N&?XMuE7W5cK2>kyr-@_&4Jvm`Tic`K z_Qd`9_M4v~Wg~|B_@$uz-OFab_Ybg2lmcX{{GW6Q_L`?)rBvf`xTBue6sfD`pd)fb zbp-b2;kZaSzFWjV-2E!)@7_$?3!Kv+d)bRO06U4XWJzhEkQZbK%OJC+aOP`miQA_> zQbDaMpB??nEIdiMG6Fme8T0+rhWfdGQ($D0qMhiP&Rr!azVTANJZrUwO6{3X5W&Vd z;FBo4f;tZ%G@XBW$)5WQKQ)ZOC9OdLi_SD1zQn?I;bhAG^p6Vcav%6Yl$j!**5S)C z3PJE?9wo8xOg0UjVdOL!We#B?6S5%VtR}geXA6wn%huG(59AUU_1GLk$i3I+>n|h* zI`vbVArs59^A}V0-+qv(|>=tJ1Vq z*AYDjy-H~D+?DN*{g+mM?ezCw3+XR#8+fAl)Bel#2e5NbT0f6}oWDc^w8BB95hqG( z_1vgYNXX+wJX*?rw|4MSMcKutN38$!D>if{4IeYBqDEjF=eYMBY_ebfv5?g!dO72r zurI&bVgGpo{xc7+m(07#OLCqrr3=R-Wm{UC?MI&`f?~AWUjN${>ZRTxGA0o&0V5HD$n+k~N zD6k4w6|>{hyQ%bIuEKN0|P&&bhbrOI2LBieEv zT|6?{BK$!*&h<~%gBS$=*WsBar5`R2zKm7+RU&(%jJ-IRAfv?sr4NWegl`08gd~!4 zq;m}IcRBYF0Uk+EQxjfIhtdm4PpffykyfNeuM5~dqVI-8Z$i`(dmCOwK>>BfQ&*VXlKQMk7)Lh-YESe6{9+AJMPQ-Y!cOG!`7FXX0VvuEMVG6whSHxMu2?0vg&Il&Jv42q=|c$IBhgpPEml( zc*1#TxzL8Tau~%MvIsAr8tS)D<^yXvv(xJh2qa4 zl;yP;dWaC~$C$+?bViZvGo9iO=Bdww??MnURe8w;!xSYWd~Vw|3{QC6Pj(I1`1m{p z%sALcfc5^bAC;7&)bxrk5;1al+VYs&jxE(FSsJZ!5HHGM<_yFgK_Cp<2`SYSX%CVg zo5}hXm6{4fz+e>!l#^M7)J;Td)nauXCWra(5O6}XlEwpLWoj11A0EzlUCd2kc<|SN z)DVPJvn5*1?xk*18;Qzm3#lK0!f_cdy%nsZN$MK-!b?_^p+412r}cC2C8viY2$~e= zh>;F~qCgQ<9-tg-vNP5DTU`#8YrfEZDbmp-@M2421oOrTV`iL+JS$E$xp5wFlkX`Le>j=IREyX42V@a-ZA`E8#ylMrdu4P;jOCA`B6ab=Cz} znd!bhG9`9%Q`F^s)PDl`v>PYcJt7`wfLf62UKyL6UT|-oDCh zE`$zwv@7b&C!nl8ONw#u01ZOeM;f;X2RkB4mPE7*tE}SSR@;7Xi#6f-5Sg6fV8Ohy z<4F;@k$}_0m`4Ur;dwk4m;BX?BfIV`coH|NCQcRWj<+*mGRxHaSi#GDB}(*)ErOpU zBAD*7{=wVfClOUJTrmsHIyZCgeeN%&qwo21BYv)h63FB5Y>^_U*DylmZ3)?~ZM7J` z=B#31jvTJk9DqAHk2&^H5`iI^Uv6O{9*feG)N{H0I76h1^XMVCt&nOIXym2CR;G1V zBp>vV9~p`hs?))Ey>$myz&0O|M-h~ebyZ<2htXUgh31lC>;j&zp-?L+1b17shB_vS zv_P;xx8T-60LiU`Qd(x90dshA#MyrggLHT7Kh|NN)?sU6eQ3#o zqz?<{&6Dm0<2exnEAj|Ju_0P7`1^B;S&jxd1tAtF=BP*^6o#4~9j;)ISz>;1o-5`k zrvP$6LV7S>FIP}EiL`;Z7PL^PcWO9bmnVrrQUrs9WpPRrpL$gkmgFq{fPQihA?hwX z`4)IBxCeySqGJwEc!uCf&dGY8XsWSd8LQB%{N~LrqoP&PA zUutocG}O78Ru3P*!Gn4rT_-Qth11vUjdl(QM7sq^!>Br$J`R|Y(3}_|BEpXfN$1A7 zvmUr6Z;W$@apodC=#1Of^tWfbJ$!G0>#y@b{ovIhn_G;gwk z&`&(JtLUR!MRCz~7gU#76X`n-Jxu*T(o8RbhXLT8T5VTosTyiiLC>}q_t;c`T5C8j z_$Ue+3MmzGjcsiSSc^t~o&yF-^~5w$Oe@6}2QKB%;w{A)>if;x01-d)q`KOAsDcR0 zEL`wzoS73`fGJC^D6VCqpHjd;V~?@MabLB2Uz8;MaZ>r3d)aoY@W#Vc}tMzAqlTuiF3Fo!afaM z2@#bVfNqDOdn*{_;tK^fovEfBw2J;iWEof%y{68S5!vPUQ;W9DZwl(xJowrTH#?b4 zyod$~KXEddo1{N#8>Oo$@JoN30rEEV=kw8Dx!;O`iM*_*#z+fw>Kz;Ctgrzb-c%PP ztbK{3mPXzy=U~~0Oc)?SWx8v|`mgj8vC2V~^^*c!X&aNQMYOaMqvLklwsWi9e;{IQ zq$a;|X3#p0U$vv`kBh@(5kS84__WsWy|3R zDl+q0Nvg<_<53&#mm?N~aFgJbee5H(S)h;@UYA7xnt{BpHBRHjt-|q$oX(3q!?|X8 ziL|A03`r0^rJIxdDT&wBRw5mI6KPB$c&D}x6Sapph`gicGZ?{y{`7veKj54~sgu-x#6ZaM0&+fd zjKhPSA5U1-?{d%J*-mkb2dz>dHr0|91V@7Q{sOz!PQ5Az&j~Bs5d)rh69dm6@YGQ# zt@M25q-!Mdu_Yh*7X!OX&f5?bSmB5AhFUe3XJ_#Op z_(B@>F${_u@da4>;1R+X@n&7CL5f=XGKq=MmX=coPP zW%rP0p`QqWVDW<0HYe;cH6-4}usyAXONUQZr==p*tq?{#)aLA#fAcF>PxI_(GK zWY>|mgsTr0jBnNdy3ceE_?wI`LJOwc`CXA9G1BHQ!TS3iA2-^hkKl?qdn`CjN;+c(t?jQP$xY-iGFEd zz&bAWS=Sur&-`6hzO9B7!_*!|F|9dEy(V%i`sO0r9b8no2v}s{B17Rad-?`kq&D$e{<~i!226aYQLBC2|Kxo+5}QL2c@inQy%Gsc>QA=QsYo z@s;FqZ(bQ_x+{&q-Xf1`sUOMIG}0Q#qhC%Dak31qv*4nx*yr<`C zTuqS0BEhrV`tg0P@7(K+QN7DMJ)A~z#Fmqi3`rr*YH$q3sJ7l1HBgVIWS_UO9k_Js zcF->2*oI4VUuRVrV3f9AWmJOX;EHlCLX?3&QXh}Zors%U%#;1JjIbbmAx(*1!T`>m zQkJGXq7<8pNbAWtvy8~52s%pGvV%!>nEWCA5j9p3;7W_xm(Z>S^sbAX0hi!WtM_H! z$#F_`yz?`taH4<)1Z>v2m!=Wzy zcDiJ6DA!*x2Ej7qboHm2YBA(DrC$`r>;4pftA^RK=7*DNh7`d|3|iui*tPDI$q0+04Ai4)nnf5-Wfir?sl{24#^}Xau8VA41KHY7E_FK~)&vEAEr-(I zhryS3Z6}&UQ;j1rgN~il&B-WK0bE{kct#EQES`Dm0G_c98Jwes!Npk|-F4l7t^0G+ zznq#)u3&Nfo9C?uFFWww2}>%bzPwOw z3$@kMTuG8^lcK|5Ooxz0h4+f{mX4cNK-OD=;LMazLCPCsiXGa4y_N;qr2O?C=SS%njM( zRSNP=iD3Z;CsY6*V5#~)Yj=;Jba$7x&MMd_#^#NaLT(pcwb@?A`L@Pc>&6+TxOfFh z+bZye(i;emZgp55h!^l&MA_AI>Y{~H)%Gm#tSt#x{n7K*i&wBS@VK=^5JiBGV-QNP zu0c`*MGy+|IS5CZs_oFn9=0bRZ?pa6FkhMOg~h=rQRXjAunvnAwoq4Xr6?S>=ZCGI zHMqJ&O_=Hiyu1$E`;Ro(zUomd;V4^Rs4klD?tro8?zNEAd*R&8pJ__&%Dra)yqg!d z=V;)qC+Qf(1#WY>Jt_QO{hoJDx>QK^l2wpOsk9UVIhwL4p3wWKtM>4bEw;0K#Fi-3 zn@3x~=H}w{2Y%`Vg+P{0le*{pD>g&H^()}#>-X2#FN2?f;$rqaX@5wAwBYbFWwVj3 zM8p)^kq3_BDNY{kYayE<`qJkPee64MLd?(G1M1Pk75C;n{&Eaect%mlu6Hh4BwcCG zexwDXTF~m>IBx@KjDGZ+#t64GKMNCsNkz612~}i|A3kQm#0dK+j}#n?ZNoU7F_1kg z@x;MazqH<2Si3*n9I~J3gVjracn4FZJwaCk6ZY_0`DY7TYwiAzJz`Hi-eUJujMxJC zk6}e_{|G8Ktpia_qvyY8GhJ8h@|&!~gVpvcALk&bC=Few2m_)pos$2-%t< zyYK#L4EbYr^ff-mgT_fN;ujnH;yG^J@Q{5syw1@vZv_yN9GyToL5b$i(uq8jVnthO z?C{4QwI`1>**)bbw)>Zzf;AN?u}H;!t8S>XM_MN=K+T!I`fsO+w41a!3QzSQ*bEWC%{Cj|W-YBzd-4I{3z0V0NLPj;d_BHo53bU(eIJ)MPr;h? zOBZ_UM`(We#`SaSlU={Ngr{3W_?3*YX_TKUq+l!v6D83|TCV}WU7O|Lv7~xm)zlR% zvKrFyQE|z7#+A37;0ql{P?E`@6pWT&Fud3HKD66@>FEY)v31$G7ysT~IW=qFypFK| z!=Gc-8fp&RvUnzZ%D!C#F+S0MeZeJ#fec**7&e+8_<%i#5$7{|CTv!bPk(#L-o7|) zV`xEwq`4CvRJ*m^@PKvW-1qPv##wK5@lHGY0^=mYM+6k&1bV2+aBXDhjHG zte#>T(=*gly53J+C(}jp1?4GQZ|L+c6G82XdcWQP`zLL_Qs_@ zb8yMtwaFJ+X`md!9lu>Ju~-8&L~!ugLzKW6hrYf9G^V-P-v610?8%3y!&y3D0~}~V zv`e#(;-nK^UaqFyHY-9_d92~ArKpwo_6+OgC*OPdZmVo;wfnZEtZHu2PLV!kVhE)O zb)*tIN-^F67t%k~`$)q#GiGNy`z=yaXeE&riXWF#6OscxX$T!$@TybrjpRf>MqkNU zx{`@$8$R=rO?O_l_M`jl%||QkmwuFeUR-EZC^5Z3 znLQ0*i%+F&3|_m;vx4ac6du&w*^#hnES%j$f{af97b%vqhx6M^Z}nrhm!wKekV8M- zkK;tC^`#CF{g}CH~MR&_;HQx+P-2{7~Xn_*1te1!PnnFo+sic%$h5!gA4-6 zL@AT6x5FQ5v7h``t>zmTwzvM^HEX{#Y*$c(&yf<=rRjr{Db;gXeTyCX@Q>T$+k^JO zyi<0bNUMMUjb6LjGiTV^od>TXxSU~Pb@cDyjSLpr*98eH**a;5o=n@n{$Qn*V>CGV zjexy)BG0~l4dpFHbs0@IZYJlbg%x6MENYkEA{7d9PV~cRYp^A2e95bIg$Wg7BnshH{G%e=L|+MY z(u5F=9c!^yuFTo-m#6H5ADFe@_;{2wqiL&Q&cn3TK5{xl-s?=JAC8<>Q%gF(e)uH8 zg6KSv0rWl3Uo+OVZ#Bi$`R2ZGPXGiZXJ?#0~xFW9FC9{5Zqva-kZC<=JqJZ_Bq zZr|nBPjwR9`r%RRBdRVf1^1fu6P#RMZXe-GM#{y~9TRr=DWCn;(>NDE*N%TPU@x2u z**8#%Cd6;S>m&wIZ+h04K>IIC}a~W($9p7l^<*@hzgP zF5BtX_t{fVmDw*m3*x|Es<~G+k604;PHv2}%ixTGV^d`nh2uy05?qsx2Xf*rZ#wKl z=$@SVRJ$!eO}`K|IKm)|pDYQL`&;bMj~%fm9xbt5(LU?s9H!>d6Rci(kbVGgw)gB; z?*bRsZuQpH$MG=l{rZQk`Tp+TdU`Ja$$7z>_l9Ti75{I#?!H}a?1B=CNpy4t>^*{; z9qc2;L@{qGwT3zr+sHjKjOorF%v3k=6wQ;(p1~U?iOe;IJTf^9P3QAl!G$~dT(XB} zSjyG7x)rQ$0^XfIfLCY8(H-LKi~p^Kl?GYo5)Hx;?b|iZwgawr*Up2n<|1GR$>TffG38!I*jCFL@M?nvyMUkUCkr96Ks?erEl}dJ<5s> zS@yUEf-Vvm7h|G>_>BFOPlt%^fP>F`I*b+hY#LbeMaKhmzthK)^I&#Y>%(^IY2St6 z94GiRk|(&wL#bVWY8;n`C!* zE>7@rh#ce5ZjSqsmPT*d^d2sfPCse;@%BC5ciUopS-Y~LyA%+<^Fv%@7qnL|H`=L= zJ*4}3!44fgZFd>S0%=l$EeDCV0?&hY?B4L8T_IxYCecxGqOn@{ci4$1dabXw$r^O% zK`ED|%}lV-Qcc_sKzQZC(4>t`jM>~09ts>7bJ=N9AdJ~}-yXO4=>|J{<{A53=YER} z1h~{vIAN1&DfW*GT*?}=8|3~UpImZY?Bd!m!d~g`{nZ22x;P%!9yq z7%x~lHej)FE{`7Uwo`3K?YYmr%!Ta>c8d*nq=yTro6^>~Le3=)J1OdE6CvLYmzoIA z&wAxL0w?lp5>G`*|5MLq2)z}XL5PX>Lm1;s9Rf0nu{M`MK~Ku2vlwssy1OyXblAyL zJzT1Xp)$`MBtP+KE?yk5=Q+9$%#t$Z=CnYQRZGfi?-5;d5edp3H`{RO#hmj zH@aKh@CME__c{%9Jy{Y`;K$Z5FYLrdxLpfF0}T_xp1 z5KBrf-GQ7a(t*(WdeH%EL6)>r>0pba!vVZjV)w>vcF3bcnvJV>5wcJJ9_Wv^b6>BW ze(^=?IdsYnkj8J0yJ;ecX&XasUcATL#7M!hl)H|&gYF5U@!a@2?DQi&cBZqB9OkWz z@3VIBba8yhms`k}X(DP;AtLf-V|L{`_pI)TZaZ`KF?*Ex`%8U9i_E}#94bN>{JAv7 zMxpyf?sixtXRpH2wd`zCF?nQ)($%Q zamh6@ZFCBJLcb*pgge2fg8+E)M5rW}hl!ADvG;H9v(q?RoO$^rYhxWd3_fQQEhq$g zFxa7dm||W{4BPu`8ZV<9m(kEOTmc_)G1}C@<`TJhdarfHiCBA|dphv?)1~fG2D_Do z4X^HgZ0qTSmkz*ZtwgXz?Zg@6_92w>L==Rce$k@c2hE;LbGHb06kVNQeaE}4fYFAu zYEPUa`svv&<{fwau?KnT6L^9jSiyLU2RpQj1j%45YND~Cz`wM zNCS5tg;(qyjI1*WA|djf)_Djy!QAU?MlL1Ut38Rl??6q*9ZQ-2?6Y?0(Fq$5#;u>U zCAV)Om!`y@K&SOak#_Xw_>b{R?CNL0IXHRz8G%1tbRIA!=lX4WEMn(}9ah@6B<0_GG<1_54fr znZ5fgcYfF|3}OUM4ih!eZ13LMYbP4^+oPZPly!iYW5|}d1d;p1@*gFdrG4y*O$`m$ z1=7mgAfg~c+P>K2jJ@;jyq)bKv%sfbw7pM26C4v_i8ku(v17-h)-!d@=BW1pcOYJ6 z-e%mqbtK+mblz+2P4a~_Mvs_HPt4fc@5byj4j(5z{gU-P@wgr4aO?HQ9_={U7N)OS zZ1A3aFt%(Ta^KtpPD?qIAWqmL6m=ApCv7CtOhhK@V^l^B?pGUOo{!AhbXyAw80df^ zw2jEw?nB(K_t+^rx0icXlXLd|%{%tydjs4x$T|QXA~II1ypyZj8q%hP0GdE$za%Pj z4^N~e!==Z}J0dd+th1+xM*4tsi!Oz+3RQX}>-d*luICQ6E}J-k!H~PZ!flF-ZowcG zvTN{XhKOg&HQE?F{*CX<+H(h*?9__|`_hp`Yr4w?*&O)m+rI{KLx*c+oju*3BIm1#S6E^MPj#oZo>*i9mLCYMnXAq$p~ zccVm!o?y;D{`rKp9E;f@*5XKK(oO@z2@doc85zdCy(xPR?fcq~CG4?h(zb_Crg{`j z1UK-#)>qCgEde{!7O{!zIqSb3AYBOt9roG<@Zch$f(;m&lXm6yvYp|cg{OZULn={d zNAXNvT0*W6HP}BI=3eCx>odJGzCA}6AN{p+kCw*w?2GkwN-6&i1J74x?D!``Hc}kl zt!oivB+4A-?#xJ?oySnz{0u3{pHABI2NU)ihgOKZB0Zjt4BU5ASZuPpu0I?qh-mav z<#|V7kFMVDMV75VXFtL#&N?>&K93Vc_T(#b)_NjlM}*I=l%3hn8He#o@shx3CgWIy z{H~d$M(z&bqHc`ybwrOo{s|0G$2c#xt+v->!6e%kEI#}}-*pXioSe!);MJQTI-*A*QIPq?TU=!RxA$mQG|b@Y|@=o4O+ zk*kjVQh@iGN?HoF82aOM^t-iWr_dcd`$g#UWWkORWxI?5GQ8ZliqE9(Hk0F*{%6e( zGLNDySsW4?+=b&nxgU9c~( zZs)!qvh!ENc6S0kxD&U(ehqvU`}?V4f3dRuh6W=JpYzM`8RKJUz`UKu8(@LxiU8-) zzQdgRA1CUlj%a1}_s_h5jK;YjbAnImNtOKe}1$G@u@;sjN zy8GDMHK>36&dycuQTpcK8|gRPonKi}f*xfb@EFb%L~z%k>{2v)ma|+c(n$)^SxZ`aEPWJsepYzltRlRyJ_s-Ki+qnBrSAx5Z{bt*IF~>3 z0`*we(?{9cmejj5GRK{FF`yLKs70S3OaJ=!FWb6FJT}dc2=hr4yY8n2jzojsJaRh}a6U7nC-l z1v%c?gPsUQb_m7v{=Gy4;eeHGXR4meTNe=`OGJgwp{0(+6yb*B4IsPJe?*;DTNc%? zJLj?Nx$GGZ3BV{_3_O=bx5EExG;su4|6cOK$By;}9)57f5q^j)-*<$_d(wh-6RDfQ zfEr|$p9w+Gt_x<#67i$dJH95vwLo`&J@_BSJh=G^nJy83HEHNM@-OK;ga8E$dJyZ34L&D2YYL9Q4bI9A^l$; z5kieotcd%%tkB9nk4P5X<-Wu<25}5m*NvCBf@j-&LeN!o3iet*KIScY%hnE$&vfUW<1_d{C}?QrJ}OcP zD;nn(d(C_BTAFu|ZuJrCxG}PZG#2?R!(F@!v=uGkGtFO@X^Q*0wQn1lC-W6_K5z`V zgkF3P`@s}0!ScCLQuTcY=>%44P%X>*f#R*@qqBKvw`qYvw63WB-0MPw<)| zv|KbiI9w(IagGSA73Ojd9c^P-y|n5b*jR6gdNJz7@rY7z!t87qJ|l|&vaJ0;7kdwn z4ms#hSER$N&u7IuvMO`@D!R7)i=)%FORp8&yq*soazBsUU>|vx%s+kTHF^$pS&(_e zHRb38it-d(Dk4^QV$N{~FuuUg!W{qrKmbWZK~zF){>0CcyXeK>1F?c5^C}3w+||B9 ztAYxwzITCAa`J495v7C*txlu2gAe(mMTJe8?Fzu-ET3eVKwYUEK8#dK{#sa_b zihc6gr|nlyrLB!cQx_lVGW#%|MDs&8?e@3+U;Ezq8T*r)K@Mic!Aa!c4Wc_oR+dRI z81=$y-Qut*M5>SSK8Mgx-nQi#@?Vd9&JsN^{Sof0!XP(%sxS`-$f4T8Kg%9yiDJ@1zs)z-%a}fYxyJ>GX~QrhWDJYFaPoj_R_ii z)`yk8Q5yiElmlN__`H3~E`Iebd++>hyUk_Dad``J?^SH(wtf3g8f@bEGj`|~U$AqZ zYq#gvWGl40fWQcmTR)P77VloSKlr~sv;|D&+^FD$m`AY^dWbOomp%#HC)~}V8%UC# zrT2_|NpOB*zx7sv^VUtq_kDX8IJvJJqnu{|S)=)Sd@jw@+r^R3+e%jlDHy>gIc*1T zbLlZID*50jms59eDS3{?=#YK-vt9Q2pUm1%5p}RQ5wkhccqNC2ZQ^7vhgPLR!Apcl zn%vSYn;IbZ{u?JP@!ToY{Tg(ChWmsF8*apN#PKH^v@mIF zCU4xZ5B}`C_U?Ok?9Lq91~$=#fo68{mc9BP8f@~DD89e)GM<)g_8gw`%JWh{N$U7B zfl~7AYxV~-7cnvs&B9^b$BTo0=Yyti;Z*ZB&b+;afw$2<9R0icG;Ng+?yex4_G9v$2@xUx1CKHbdKcJig9zpw0(Jh~(-i z-c@zXK8+{uE6B{B<*=|gI%{(m`z<{@dHFY}kUBj*=BV=uhY zV&~TJOALOwWAA+Lvi&|dSr{g|j)7^P;C7l-hgpgP71BQ$o}pg|quE@Wz5DKhMV~uv zU-{fm+L3mTeueoF3xdyA-@b1DjK~Y6TG$Cbb?8u6GM22wuG`q%pndbLW0rXKnEe9% zd>$p}mzXL!WN3)!;f0|qHuU|k+J*OS+Z!0thFRa`<>crG4dvvbXz45=OG_wQ+6l2* z=0af^w;T@K43~UiY$%>O_a3*;{_Gd+lTRG5v#j?$oB)EP1K@gKv#y`CGo<)@1x3h* z-??Oe_OD|0#t=%;pdv{2+S6wn?2!|#C{B;!DSg2H%R}efojGpaMoIY?ow6%$T(&^a5ydOTZ$!BTbNjh)dapfmwh;4Xa^0e(I6N;DI0)w3Y=2+`!wWKn`$}iC_28Gg+73TvKmT8R(w;xtYu%&^XyxD& z(Rzd-SGIWDQx*7V}Vac851oK&BVqm)jBh<{PK& z(4^0o5-lF!%KIE zhZo)LBD`=ywgZ7-OO)WH5a`8$IsJRtA=U?gp$m$--VtJm!O zhr>3o#5#sT%{g*;SlRNYq75MmG7{zB@lV?0FCMUe_>)9y-X66-`NJW5;}U~l-CLO+ zu{ZwjZ&~6ep0MNp;K%Hd=cYKU|D}EN&71an-@Rc2*Ui51{o|H;_OSijkAK--X%5(z z<+Y1~LwA+T4_vgt?|qfK=lbo9fr5<@!GY(2EfD(n?qA-v!lzE#r+)s6IF~ismr%}y zs3R{*zuqTnq@$P}o3eN4FZc3Ve_t-`@7{+t@clox zs~70+UcttR%t5C_$}qnxNdsmg2i_3#sSyK8m~~s(8yZ}S7^0C;zNTChn(kCRY|nq` z7wwt7X?tezTciZNYyZa^vnWip4&bT&f=n4kkIs3KW>a=H%v|2Bs zqgB=joj&_QcJjY%GyH=rzZkJ^e?4oz%UZOAL1!7`b1X&_98pqxo@%qt6Cw3!QVRVt zea+vEvTmYO8fHJc$J>~2iyy)@hu>O{yJ;FH>2v|h@e9f$@yn}!nX}&oFEPA~mzjHFS@-zzzW8V9hyTjaO>>k-GDP&7M1lCm z_ZF<-6V3L^KhtKPLWA}d(GU0S%)N;H@vCOHz~>512qB%}RaXrGl%l>gkJwIN>|h>A zL8N))3VCIf4l78?)S(;R_~yRI`2IF&lN8y|O>e*J4X`@MSsdp}4z)-%)g z{O23&fBN!1i@%e$|L1p!vct$5!5|(V?6CjzJM{mHOLqFdZ?$KiE!bI7r+y9N$-jOh zWW$%c!RM^S=*(T?GouSbCQLEeH)K=;^QZ&qe6wfcJ#~>_RGKdygh!n z)4FgrYJtu&QWlQvvy;F1D7t}hQd8ftS6}_m{vF=vi&9v?`s&Z&vq+@!<$CpR5T%_= zmi`LqeaxdLU4KttFzdwIUTOq63Wkx%1w8%-&cA2x|M_Km?+TGvM1dwzfVuNSXqj>- z;wO6Tt#{&9|MVgIxi1~EA43s3&%Q1c>$mLC1^eUIZrWY0PgrJujRz<4

T1DA67{ zYcKxHe)|IbEMaI_?4Pi?Yqu;n7PUdL^XUApb-2L(#WMTt=-DUj@BHR-_V_^$FReJz zC>>Sdn2(n+_8oWZ8(+U@|898EJ{*H58uyYidb4_uIDC5bE>myGu5tHVp3EGYD-ZR9 zyeRN*naGWyF`WN;>)G>S%w^w#x&bF3q6tur7to)~6NL`;-BUg+@x>}{R2*=TlO-ID z%sx1zJpOctyY8bAof2g53_du0_dJb52|3eqTv>4I-jcnKWn-4PoQF;_M(Ieg<>UAh z-g69HQo0=Ql2`6mjl=&%zd8I6MFCF_vt~rOUgD9HjdlXZCXTJ79*$d%du=XaRDBDh zzDv<4`22b}Sr4J7jBHU)sZ6EW)fFBxM74J}*j}O&CF11&6N*3#_U>bMIsaaow^7pI z%>iGUy-A>e(GPq+!99k(WPTAoK__|?ISOb_BcE|*A0@PY6oZ0}le*v9f$7GoAIuS* zt=Rv%wEdh9G#36}|7b4pO(U5adiOP13p$6TNwN=c&c>yZwXeM0V)b?Pn#riK?CQ;P zo>Wv$)q1Q=1?F%|2lt&n(rx=NcVi0>iB{e@zNFwPoH$xN(q;RBv!@E2CxLU2Xl(~4Z7;7W3Dx0he@eq1z{sCg{~+D* zvMb^3lcBK9&7hyeN#!W}C5`Vy>G;5bXzq_MQE7Z?*Nu-9cP0I?MJUc4Q5$SYdC(E(%25OXp;PCV=9gpF6ko>YLy-_YaVM|IzDR);7Q7!gb+=}p|P-n7GTPBa?)lvh<)qp^LCky*qwWeb{h{n zGIniFFkUl-89Uz7%hVfA5Gvnl&pdL(dh6r%&J-T?Q+QlsHBT+f+U$)xb`vAn8x4JU zPc*Y>)FP6>qDd&I!^;?6@k=(7#WO(ZK47L4d8Y?%^;JVk|%-{Q3bxfu~53gIj@`Ris4##Zo9WW_R!59g8H92UQ3< zrnskM@X`fK523&xjoB=U>Np{+tUVPrHo~ElNko;c2+n)fgfh3I0-WP_@7cRofpY{U zir_>^U1>6S_{1wh_(X^{65jYU_}o*EhxF7e9`$kRlAm^I#%{j*0bY^Z-@yG7`?)hs z7kIBs%-Ph%8#Yf$#mrJSsS!~wbMM0x?{p+uiA~$!MN&I*$nIQfvC%#lg>lai6?Bud zG7Hpe=3cNkipskPwrTLaGJDS^ZcW?Q5;NR4#)8dhD#!gtZ@-Es6Y7dK`@;2WQA6ozmW^f<7M{eFJ zq&iy`uRrL}NR(PThT}T7(G*@JC-C;YdDo-Es63>U5`>DPy{53}zcg!uA6~X-g8H#m zJA$IvdBVnLEHFK7*YOZbAg|#jm$4M1-9efsIQx2bd zg-@6zK1Ry8OE+yX3_j<<=Y;T?u;~WUC2|i=`(C0fTJSVq8L>N;@MMZONf*MY>S-54aj z8wdNm+kh(~V%Wa>SKRZ!JvG<4D{BgT2_GC$h)9_SPebBeCqI&$8%?CcEbAKzhvQ+n6=Q);V!&) zS!kWtCNgMt00)tGN9}zMAX9j(vp6sYt<{25(ScktJl&5B&e&Ij1IWa2yL)ZXE>Ft~ z3ue@iwJ?Z&$oXWP16%(+yB5H3hQhHCeCU3XEXEIVY2rPcv4(nNEZz`fY?KLdrVSJ% zv2nZh_Is8ZYqJKFVDefN7r+O#eavAJx+c-m%l50~cO1;&BHOVeDl9l#K%`4@s7nmaRh zZ`kb%V|L-zqD>RwARy(Pm_e>D4BfRmS9A6T_q$Atwm8pvWm8bS={wYWk9v35hY;Dq zHkJOg0oHo9_2Uk#(7^5GStByYsf9uMBZb+Uhtl-dOn*4Ixplzn@78;xc7c0)X5xYq z1x|52@_J)$uK&3Av_Q&7@z*vjoKBQ&p6k+ zGMhH26wNq@%#)V<%01@D;TC)O9Qz>h>3?UKblNzXNOtD1D$L((w@dKDU-r&h|3U5} zU_DlPO-^h$(15>{2D>sCB=VQFL!R55d*bu;c9T1N0x>xWAcvXLaoj1DDnt%c^>R3% z?W@$|UUmh!QV++DsYbi>I?g8JFk()%v=;CO%k7N(C6pMQOVc6360*r5^!uYNY5v_@WC|8W| zD#&2C*luJ3wO7BnXro6+yUF+);S<3d!r`Le`ojTDN*{Q7H;+3vvF0pH;vn_Wx(GgRb1ns+3pq_;c8T^M~iJ9oA~goD{d95WO1jW&M^14_I2g*9Pc6hF^3eu=;@1@57{It;&n zmja5K5O-CM4+iX;f4XcLzQ0cN-IN~@2Tw@JI57~gSN-?#lJ`>H!OP3jjiiPb{kRhr zN6LMjVWJqIANb6T2kkbFVA)c9a`p$^C{1u^7;CnhZ>Q}KQ!|XW&Td?*vui}+YpfoB zz?;kk39JnFA;oUB+eM9U&ph{KdgD`+k>*1LkM2Uep7Di@>krwx5cy4;lQ#qQb}Q$l z4}5*EnO4RyuOG&4w3{GxV2bj>MRMAJX4nRO^rE zN#S!I{X%Y6{KD9ze<_gJfc@&N%Xclu`l)*!Wx>-r9l&s>sOCD-0|%ElvyQ|Ky&bj$ z*5NSG|3icJ`q$!?A`8oHDGrg1&NR%e>ZnPfum7HVrfF{;Ie{k?`z89jLVwew-(vlX zAY9qmFmI8+M1tPM5#ZhHb9Rk;1(SK4476^DaH1c3vL)cW`|gL{>P!R7D1!<_E6g?;!Sp-4yXZi@q>HhuM$Ekm31cqj9L zb((XP;4I*5vJ{*2@G?DK#0w4s4lhb!MFtY^!r|L)jgqZF+FPBcUA-y0?Z&rty#?yI z%k2U6p?@6yiFjd89K-o)7(-+P!(y`(;Ow)KoDt(QaZBTDlVd(F%_MD}eN;*ce&$Mg zCB+@~F&scr7R8Zl4g)sTDm@;@{UnsrR!{TQtEX|eJq-A9 z_t0SslI%+%vvdyU{sHc4M+eDXF2>n50}LK~$`&Ae%DI}%1=`QiJ0k;~{6y%_qDLI& zF6dc!U1uLB57i-$V3s~ZQC6r8>_&vSwv@0LqD>&FgU>5TSsV;>rAI3fPzO4gpX@s) zXNg85(zv``zmDr;T|H917wb(?FINUnX+0rRILVMHX&yaR7~?>SG3h>A>4&|nFF35> zJb+Ypso<7jK(<6wq;2XY$WAeh)5txtaPp?kj~;4>$DP9W@w&0w^=#5xxs74{67nZ)O!+v-yWX9PHto5G1p|mT>Q)vrRw*0v9v#Q zRHcts965t-Xk{*r-XU-OqyTP*CrZaRN+zCR1pETJ#2gO18^`DMH?8pjvo159W_+=- z{v4lSjMW{+Gt=ls>BsRIjN}ZY7@0Ffc8|=WAHsmEeMS)DZYk9648y@7i_U$Pynxq3 z7(1vl!@jGW&)_gCPN2s5OdaF;5g_^UkLHTdL7D`C~p%{@7fe}S|W`|KaT6tkw8d-gAW=Y4zi zJ<{Xh1(+kJSrFkL20sn*5&}q1a2D|bKD5|n6o&7{q>UkXWL))x^~$TLxJM~=?&Fhs z2qV?Y6*rs0yf)hk4HaG*@ETLNpBwHf=vvX}i++=AaHSLyzNFBO)}xrAu=AP$Z@P?7 z2H5rW{f0CS;1u1lc2|Y7WPEFI`faRz`uJ?@!T9$$9>?5`^^aeiv%1Lv@Oi<$`Tmr{ zXMt1{5gjh*7m{ng{Au2xAql+|!e{oHa z4X_TCnK+Y~N(DTxv>B_Duw-)T9u{?2PlSm$I88Yzi33FTc_EYh4TGf!UsZn%tMn6L z-T&&+31NEXi#0lEqoZw$__z*lMaPeX-HRXPxg)yjfT;KNycdUNR^NMbt}>lmmlc0# ztTH5q8K>wdytp(slrG1o4kOtWDbbkAf)l>pitZ^Xn!#@t{uGau@~7h)@V#CB6hB9} z^l6npwJ`xP)%mmHkQtXZZyWa(MWRVJd~eC<9*PVdTn-?(V=}o$jmkO6FgLh!R~&&i`(l8iBiHk@SB) zUst5VYJa6;UXw2=51gxscxdpth!2k+N|4&YPkpY}H@ z>V9q$PRGx1uty)}J3#KdKM%g`{`Byobs9Qo?PJp^eiD6!U#;JQBdo)n<}DsLkj2TR z2=clPZ#&`BMV~NWhfmPrj1O9mh+@%xLi>WXdK`4%&kg*i`RvAD_8ucCOQKE~(2)7Z zeD~#waID$=BhqMYLw zQYD2^90tkly#X)qLm1}|4=)-Yt%0-kco6{pv%bHq*1t0O>6hI4lM%4jRJu%g&(~ue z(?#qF6entzX$~!l>pOIkd~}Kn6hKb?a%ggEi{zQ`$yl^bdwB7B*IrcnTwOlDHvgyx zqLt1|8Yuc2i~00xxl7!?8%{|&*06^F@gOl2Dj4w+(dR=6=e%>u_sQW zz|g#NkraZ%E8>1iaS=p`6~)6&|3dujz?G*zS_bW@wg1+>T#Bvg<72!uT#gsFpBEY& z9)wSv8jAQ4DOIOZe=NK1T?we${#Epq$9EVVOvJQl_Fv)fPg*z(ulqMiy1pdiqoe?dh9#rqxR2VCG8dWeS}bkMe7+K zpWEdZw${jba1MRaqAPfo9G9|5n5p(&Zz+b%=JW#3Xq;p)s!G2N_yqa7k19$%$wjd*HLsayuHa^-|oe#hspzS*GC&rV!_=v11E)Mwi+z3SV{bgPb@GMPLR6 zAa)$*Y$4vwW^uhPbvL!nM=WKlb4%xN-Bsx13vD?)4Er-j zCpW%QIO#$E7lB!a7rcv-oX1p8Yv#7`>DP0DTR8ieJm6dR086>6J%N*B!VBY&&Z0#(E~E9}sqlWa#d7@c!oeiwp)tuht=C?AtF;_suEXnwdhA;@hh(H6#qQBZ zxnt^CoUAZ7482E+eD2m+08h*UhfnE+oWr`h1$SP5Tj7&^1hBb1nd%i`SWh4RVvLd( z+Inekukt=ECEN4_!woo0H{0=}QG5P)2xA^;nm?4Y67vN<@ZfPp-H#3Rj#2N}T0M;~ z#T+iLx7LF9n+)CJGwJEp;4ZD@!6*FWbcW+k4?p5%4?ohGir+L8@vCZ-dj&A~-owdy zeksnQ9oG{oHlu^)lJ`$MQxTvI1An-_C?8)rPThQx%qYrhjnmNqT>5m@y!83dLj&)M z?^iHj>Pnrz|6l#I{m=jCSGl{4^vjE6Kw(W$JN}dYqkm(8Kly$C&ux7o*0+A71Pb8Q znn{z7m|TZ~G(?(?pmrDhz6L^RTL>;Gg0c9giDO+tY2j%fO3U!OkO3A#q>R$#fX+L! ztjJFP6i(Dmj{97ern%$5&AL)3g<_S#2!H}5sD3&0t>IEDAyEJ*cUJHcM07d$+<2KB zr7gLJ%71WR*Zm{9>uO=>h7E+L?CW5XO#Z0KokXX{_1H4nH30U30<< zaD~Wa>-8&mfeYWiG}i6J0vkCNp%S1yC^ppd;nidp4W!It!^p+h>+7p;2`_M=e%b6Q zKeoo2BR$gcES{DW3F6T%L)LnHd0nsl6u$r`%E|k}hA^A*v+`JeAaB%Pze93C`b4xGfd^(`ObD{LuywfNlMK>C@Fp5S8zngy= zlZ>3z-cx0Vj|Ce1(EUbFsiyZse349AEBWsZ9D zR*iawlr7;zKDv3NgXUIvDW&^rJ#T!Pe`)f+dwfm*LIpo6^Yu3A07RbLEvJKr8?`OZ zq)PM`e``SsVgL%FY*l&}OtqWO_iE!4|FXV_e={6nH_i(Q3co+(wd;?0>~P@0x|5$8 zm*bcCCirA`?8z(?X39m4Oi1IglqdCAsGZ9!@mzf3IlP}c@&3WMl+xJX)jj+7+G*~} ziQ?h^?f?-(BN-wr!839@pJzQmR&C1Ht91AHC56Y|%G{bfS-XqH!&mk9U}Q`BL3jEK z${-DY-VZ)E@`+Cok4TPJw2m?F-TJ<6Uh)U>H>dP~c%X7cSF8J|!0C zJsP>wx8GmMCt41r5DFpZgUBV^r;(4F$R)pONj7U_SuJMA0d8r>nRGgReWhaYy6eoYaAF-Bv)4ab;a$7se;@NVnlJ<6s5S(fzhqE zI$iQ!eB$pXl?KT%tw$X}Bz_4N`Aqu>rT{Zjp04lM(_ep;9BQ8@Kq+-}eb;3Kf87biuUfsQIfsU6OsqDn7kwM~B7v$9`>f zpUZmY@WQ-7l?rd-b+^R+lY1CFPY>bKuc!8zwvo%6 zgT{YGWZmK*_f!$hmDe6p1vD>F!lvjaL6o_(Cb;kY<|(7I8%qBW%6Dv(Y)Oe)!1$0L z9gXvPT35buJrPBI+6g#ySm;-eX|U{3>X?7{o%2cuUh?V6*-JPdf)04}usQ zbXSr(QeUNyF2&BW_R26LC95}1J|$;x91~uH8l$%ODB^cKK5zOuz7S3`D|lAVmg7f& zt?%!C_(L$1jv8GGk?my3kp4)%iyvLXpa% zR<-v&9mO|UcrGb}>?ZWvfKSTj!BHH#FUwmTIT*xnsw)NrgWo-K8lHw)l^on!+jWl4bH>)b)t$p7b9^|7!gDfdop4pFJQeT~*s>mDpsiAT>il0( zTzb7cbU&qElCy?ObqA{aM{AHt?N-;GP1~vN{cQ7OA38xf;58*=zbQpFL#gnDB`06{F~v^gRe**bysY0?ZY$X zrKDUg%75*Z96gJLJPDPP3rT3g<4x+_e^w-jS^{4Y8q zgR1fQj^Qlpcc=aN<4bEkaW?vB$LGzHN_^(#YH=Po!{@qG^chxQxtpLx*Fwj!=VjeD@5AH%~>w=8nlg`jRg z+k(cMc;#d-uL@e6R0a1tF@b-)yB2H zEzM=tx?Bfomk!$_pL@*y-aq<;o#PI!rdjSoV)a&90C}&<2_ll1vij*O_WJo7_AmbY zwp}L0mb4#&U3l86Pd7%&m9W?bd9oh9jq;}aeYHMaUld+Xzw+AK|GQd0ehZbx=D+hk zJ$dR$&&qS4w7f6pO1~@rePf^Z%b)6DCvZN9{>n$S`QJWX%IRB5p9hJT)&4XGDu7n) zeJMPp)%;e#vio|yJkwX}@n2e3zgJsVR^cc@>GORl9J|3wwf@TC+WPOcaczXduf4`k zG`EH7XBu6o_#sWRQh{gMalu`fJozy9ByBkw-OD?HvC*c>~3WNBmiT{4eT zPIz(H3d8T&e|qz}{qz4gVq>Hx4awm|vaq~P@$b#x+*qXqA659zAKT8_-PqG^zVWt# znia*-@@u6zQnhW28!mDSA1DG$QQBf~Qsf3mU%wAg3!d|V&(~g?C0H)&TTvW>Z+&?m zlFjOQefcFf^y9zSc7MgbiioL(pEX?i9q4ln&hl~Wc6@&8mFrjU&#$-BPcNFLyw+Mj z-Wy>By5q1|2rk%XzOrcl@SpbCn7j{+f#f=l*7*=@vNb<5Z`M#J_OujlQz|3lFF zhvmHC$rs_t$K^))m-I_H{&$a8zW7JU_r-6D?NxuTH-4Xf9q)6kzjFGOmRqY^EMEbJ zO64Ey_=Jth{rm83*5791D}{aY-`C{bX5}R7O8eVN23CK+b$?r}e}3EL@H%9i*5Le_S@NANq1T3?y6FYvF>E3>-xcq2oGUJ zoMrI1mgl7o^C428xyY1Nfx8?0+z(s=a_99oDv;I(A|u3;#|wW2EIuPulcw zoxS$0D0c>QSs(MfnW^p+>~gP@OA>kXbE7xxohyUZKNcr_CeeCIt&4ZA7V_=(SqlCA z&iCE)S=#@0f4~2JcD4>~g_p{3KM4NX37ik2zse)2_H8x1Y)+ru!&$9AAHHhuH-|?% zl=bVV-=2HJt7>o8%B}xxcW~?;FY9~X&R^T%tLpGbbTyeKafjeDqPAW|yCkJ`9A~zr0d7wHz{P9*Fn_uFi z`}DSg8?dwe4i%xI$SwA|af}m+ga|5filwI1^WX2s``ljhUOLt7l`Sph_f`7cc7ES& ze}3CL?f3rs1K&FpGCr_7_!OMmdniY=Y(Cj!!?$wwmtW&fv%^u_ivhBcc_jtB^YUjl z2Dlq7J=kh*ydNRj5hE7HPHXle(!70$dffi_w!*_!@73E*>8CpWv(vhM`R%}^KDH|7 zx97uC{^`Hps-5zBJO6uYc~_~;tz=;J_q*$_6o%?;mzG-lz1ljxR-)2xyM=SN^(w*e zaDP{oH@A>+TfE*d=&Jo}DEVN%*s8y+-uqB&x13+z|EyfEh&4sZb0^Hw!ix3ZCGw4X z)#uO!CY1rASY#{wR&L+#efyuAx8p^Y5CG-w;FQwSMZ~RvS*4@h)?44)=CG|VTmIMm z)KyzMslSu5<#76c@3f7bmiPPdKetG-xPU;2J48Mhmppi-+n9}Na{Fu=se-5pM^iN~Z<#%M9v?pfud0qkSi>Uw+@NX=Kn z=f{+k4>i~|K6|Li^8*D=5(a^-n?Re%P0mHffA#Ng+Ba}Z^PHP~LGCThN{y?uUujMN zNzzzEnw2ZbGg|#X!LD^y!$1uKH4NN027LLKL}xx`L${~w5C8WIE`xx#hxO%Oc}FGk z5a%s-=L+e~T>2{SRe6Ql-<2?+lz|ux$*M(O>|z1%S35scLe`J+ciueH{0VZ&^w{ls z`{RGb-B=hh#S0sz6!$n4NLQII-scu>QHGS-KIBK4LuzBIVW5VAhYJHi(%2HeWOI{g zTbLy^J$5X2Ck%!mN%ReJ`-cWT`#cs1=_&oF-R;4)+j>8=fz~>%VW5VA9{~*13|AjH z5hdIorbX%_AMi)qK@FcDF@kH&I}FtLti}i)2K+m?HoqfD8YCPQxLZhh`(5sS@&db% z>KYOhJlYM2K+l#Hox<$ba0-cU78SgA1e2ggh-9!<*F|&SNnZC7%25#+)nvg znIBCIX#ObkMCCiU{4wjWiH5Y~?yuUs^Kn!AtYM&rff@#WkQngp*r{|E*AEhk?e?|X zy~b|qZ5OUuxf%v)7^q>u$3V?+RmOe_%b=I;vry zhJhLeeiSiKGhF>BQnfaw8U|_@s9~Unfd`C%A7)N`?vufhy5Me;)VDpl=EMIiqlgP3FzdSRqvP1gju4U?9rD~gc;-YsEjG?cP)|Lcq}wC@+g|sD zk*ccM=syd^BtiJ@x@}ha1-;Q8O4aA1MDLx-Mq z-|_%|(!gZ_)QZ(j2S^afdZV~Ni*RiZ62p%7Gm z+C=4ki2UW#CtkwFEN%=JnaIAQaPzYW#qkX((HQ7UCvu24wnM-6G%2aGs{R)L-Qn3RkrDd$#au^?1WkpVY0PXq3PFT59iZTgq3iFMo=(l%2Z(qnLrBQvHjbvEuR3r4)!LVa$Rh90#7cIhyGbihp#-59*k=6$B zM7D>8t*1@J_g}IMPGaX+?7z{S_{5TtcB56qUca8%%7YqWFC3wLTbp~idD8B7Roznn34r)) zgGB!g3u^GO#{#}{*Yd1m&xJb1OGZqO*-HPSnNT~6%(X7e&Lb<#lA1z~l#JK1I*CkoK={q>+j zrt+6*<3a1Y&ekJjeWf+(Grt#^82>o;&Z^(iHsjUukvaorE2mhHk=Mm{w9}#It*gm^ z+CB6D0MUlQ9}+QxWe~=DoA}d3ebe7vJBab?_$zfzSd4aiyR6C8ohPWOdr)6^pb5Z? zw22}92+}(G+#7yag=BC(5ir$u?5M4h1_bl^)~E0yX(2pAnjgFDIU=1PU(Fs&rjq*{}T64F1$D8}u8av#000N%nQt zZq)>v=s=*~8+xu{Y}U}lmiV88&Di+lC}1vn3J@`lE{WY4*(iXHqZPh?v;*oog$XD6 zJFj}ZgnNuUyApIfqeG`Ef{CB0#B)RIPbLsyAsFCCQ=!*6+hHOhqJ+Gd0T1P+rry;8 z!M~R1Rc%w7WUYRhdYw&J_4e2^4^5)abN%`bv=n3r-*KKw2OVk-{@+Ig8WyvBM*$JT zXF%qxbZJe`X(}Gu4hf%y6u4KO(KMv6bZD*Fk^ z%Z4?56r;{q*ZLm3?|A=Wr_+j5Q|W21T-qaosT;y5;zEG1o`{AMd^d9E1x zGI@$=3C1DlhUwE%=(ArFdSaPPRm0VEsoVGm0e`T4<~B@~`_{1}qRY5j8qwa82nOo5 z$itm)DvBGB7>YF~xcg2HF&$(EzHa?9ji0Qm9m)I9D19?pKt*LFa&q-{=!RNbf61CN ze2*2pLKj5EjEhETz2%QML>8CzGz0oNO8-!`5x8b30X|0V1buXdU~glBkDQsIx2zpF zBOVNm7S}q6AHQb&FALzbrm8QQr z1>GqmZFP)xZ`^>7`oZdT2BIu6r=vL3(OI%&NLtvVovp;>FoF8H1-GJ?g*O^$%^_%* z{;pvMe2}nLaaj*vq)8g6K%0dLrGePJu1k@lOL1DvZ_lPxyCdUDQvk&-=oHw_7=5~j zlkiWoY%8>sVouo>6k*+pYFrl2c=M}#VXujPs>!_f*Y8e-`5$qtQw*emUyA|=pPK&w zg1~eIf6b!4U@o_L4|)+9WC1WZR5i8(c`G%-Txd#Qok@%HRrbyKgCe)5^n|`jM44D> z2cn2Q*-0B~ohQ1m4vBQpW}}+zJ80U`++gY@8A__y$L*)&AyG06%rUx#J|a?BV*wYy z!4ak_wbP8rrh1BF3%dT%abw>bB`SQ67v~dRN?xV>BOVo=Q@n;Nab?)P&koo%f!478 zj8I;LWo9k;?3=V$=2zU-lFO(I2~xed^VZi%WPGoM{t4i%@x2B7obtOtPSLF`YH#49 z$jQQ_VusvM<$p2opUcHm%)v}yPhh*1D@-vc?(k(`_gz26c|7Q&Gz^oO16qU`m~6e^z@5m0@h3`|!6A(OX|ZjriX3*rWU3vK#M zXBnTO9cqO~D47v~0BmAPG;tl~g10$Jto!k(rW*Ate+rqLy+jbG%bMTlbIj2VB%Snj zU3Cgf7aty#d9ydYzz>>kaID@Pt@#XG|F(p;pDsm}xyn$!y`_Zrl0N-;&frX6sKz6H zhMJVQv;rf0b9O*zj8Li?Q@#fCgz~vh$SI(58M1WD@Yti49#}wX`PcGt&}jpRdfebh zW|431;^NH|F*+Ix`<+BQFG}FxpAhDYzD{!?V+wF?4tyE;R)jY+@4LTEn^PQh2P`Cz z9QoCX%!hiDQV7HwQ(gXwY?u(}ueS{RCl$yyh{*D)f+4(ki1qc{!W`U{YMm@JB~Hz7 zea@BnKFvmKwsRp_I7@mc#kOYxC%(iox=70DBH5e<;zzCn|YU<>}S0&B0hk2+SC46_C zp~1Y42+(Ueq^(A` z;ob@zR=6*?H35D_&i72$g6tZF9Mv}7vKAqU`_X;vke1-_Xd;5lUH!BE|CYNSe+z(k zXcbY+tvy_E#?PmxXBT}9j>287V^0Eqc%vE_<;(L-TI>kS`GC;2ArZofFj9W!^S+2x zUN%PEf2Nd%F4msiNKP+qDc=T%2@!>u<{KFU1*8iCy2gmrOVE0An~?cFH+=FJ$#T&? zxe|E|c}HB`Vty6)Lniju)*(5x{8DB0+H%gZROji214|ecsw{DJdFN_@ z@1MUNgN%lk39BI8aYrn{WVv{srjB~^+t~PoI?TU zWTPvLd;F(qMv!eTu|eYmI19aqFdI>Usq6zI*3fepd{?VvV9(}s6)(?u$aGjn%veu? zAtNY#b@C^GaH8P*ZeMSk{Z@F3%OJ?5XaeJ&cfElxjh=C7v0`C@>j;MNIaCqV)5(9# zcr>fNQK^$OlSGiGFaTx-z&8)LnidkvuItMzpys>6UGl@YlC;&S&sasyl_TiWQB`%hCWbHuOH6;&@3jO1w8b!9EX+3jW#u|HlT9YnABI_4%*=LI! zx+8nMXsIf;X&$8pBTX5NTQWZYud!|A)BjXFYUct{E@yQ1Dk<|W=C(b->%U<7<$laM z3`iUVY_6H(@Cm0jd}d19L`U}o!R?(o)Egg4guD^JPeTKKF4V@qhIq?@)w5opCuwA)*V}&V z=hJ9)kjRD13tabGM^ft%2Ej96ohF;5Iclbmc=5@evbaxMKVKfHCt)})iF;? zT9Y7;wudsh=dooX+1i4sAM*~pKt)s^YO;JQZZ_>8ltN9>Ve!bQzwhbC;8O6X0MXZ! zgu1IZ)^)E>jML@mX(?K9bskj>D^5!i7D8Y&l;DVe(~NzS6h3uK>ws`*4A#NnAZ z#zEb5uka!4MQ`+7ZKO!@}7868Q=N0u!6J=H`+= z=&Op8y>#Bscaq1!ji3{TtV{{~PHtIR!W#!F8$Dci$~=!>a|wBu4bvR1-~IpnOgdW5 zP9!>Pt=sq2UdG;p$3YR8{`qRuo-ksKdWnt+Yglt}ZMaFc*B9gl*(aAv z)Odmqr#R-v3`D3?U4_b7#uoC3-2PJ9{CO9>y_=%k6Au1+Ry(C>hIOXB#*Nu0vB5!N z;YNEN4BZ`-1n8W1qvzc7;k~;Sf>C&T9G<)uQ{Ul8S^Nv5xE~f=FZ|xGA~#=}E@)US zkpi8ok9d#J%p~KCkUsi(j2a&}$5o1K-2IBksDEzLi+GQI34&-PlATwziULFEkJDJo z9Q0 zX?V*oDh#ak0#2>6dy`&7;XJA$YaJLvLW}_^-a>yECZAwb`rfUU!m&ZUU%;XG zQ6kegWa#%R3(D2dOeE&2e8}%?vjww8G2%hS5!Bef?VOqlri;24vl|Izua+J6+LD+D zcAiGnLd<)vZ0bD1=a+5Au=X)Z2<$qeu@(%{F$csr|BeTFs0AY zHGy%qG|BvmY%NJm3}-FJj*Xt!&)-KB8Ax^bc}*yn%;-<&@;slwlp$2$1}*=)uN5 z7*Oib*z0|XjRq?qgJzQ5NVSqQFH_Cir&G-Wtx5m0A6K-FH5Y6 zFN6tyml3bQ$&o8DaYKI9k{{7xdGkaM^hs@|8t%}8A`khKYTeysayvhw z3+lY*8|)omc$pMIu`nvmVO5@5AL>rqP%p!Jp&P|%O|Zpkw$?<8Zgpi*D3K8utk_SI zOHe-hYrMo!?|{~Z&N1@qo?h59(gV%9p*zp-G>K@p*_q3+Jp#T{AY8=lNM#?!%`a-# zYkhkWW$FJ@yTV5L63}!UO(xkkH*z&a;_WBXFUYj`4v`*QeeLAxJjV+?yk3iR8A0rs z!=)}%J0h9$j6^~PFiQ(jCGePCz8K1Rq8qXsPKulJf!*cseD|c3T6GhDX{3IHsggMs z9NcM{kf?q-Pz z6_JO-GgQ7P7x^|DL>;#OyRj51xGaMNzff5zTCIZ#NP5dUf+F!9Tk)~*B(SucJ^d282Ck-4z zzL3bgjzmny;y<^S=m$?Ms{>q~sZfHc*P`vn$cymfvTzz~6%YioH}>jmpEWkqfqOjO zQd&WHpR(31W;^>UF3NH8F7GI563ox`<{ze5BHg?y1R(&xw!Ca45|wL$i7OKcZKxx% zOeF}5s!`>|T$#~4@f&CsU0?i#hhmfvMlQnOtolZx^kNvb7n+!XXe;hgBh(8P3)!Qi z`L1P6ay!1CK(h<=Q#tJur7&pGU9R!-o_BeA@7D(Oc`y1K7AMg07ruSb_z$xL*&oYD^LL%mP{K34WY&qKBw_;Ua$F8KGGq==aJHolg#}K2g8euCT1>b;L+HxFceCe>_#6Gu1a8nB@g;jytzPJz zFz4N7TBt{g+`S|}wQHUf<&*m2kZwmbQmnaQJdJy#CFGE&=CSAjT^Ypejx<=II4PF{ zBOr^`?IA8rSSn#4mr7(khH-$$e zLB!2fS(^9=#b(Z^olnr^JnnA;wLB%A>v8czUzK}~3UtQ!HG#GWugH!v*L{u``IzOv z0=iTS1u(aW_D4A!-4kYJ&8^t9tVZ^*v&%kLLy^%14=*+pZF^XFAR;vC7Kp@W2j9xQ@tRYHE@He(mA+R_HNPhJr2lhcyp3&}`Rgi% zwN?o2rqP%Twwf4Wfc*}L74NZ1`^D&5l^e#PPNbY{O_nS&f)}UdCQWGJo-PvG2wbG0 z2wfEQCH0BC85WJJyOFNjCo+kQP`h^fv`=gMJN8QyMjjH(qys@!W1MiLn)Ib_EECwdmVq~)5)HWMZKxv#{-&+6m_D~`q zPT?8J<8PM_p7xNNMdXLbs~}PBh#)C2v?!vXWsZX_#40Vs#>GjC$SWqJCJVJWS2q|t zG$$sdz&b_ID|~l_wg*2};A`h~MtH+6A5JwQmEqPpU1b>UQ5{U0$21tbdE)ZSGPeW{ zd&qxx^T7C?@7Bcx%Vx*$EOgON6T|qm4E6a(+>$cX?Q`x3A)^pd=Gxg3PQXeJ#ZkED z+cy)6SRC}ylSD&po>EfMdrB|d8ZPk&?Bsy@{fcRrP~}_H-Nla!x#ocLc6}5O#m(jv z-YJ|*pQOzyj~g*R@x7{9NoBig(iY%6*PIYH4oTqL8b8E~IJdcWkvoCZudQgxwFqgp z-Jn;`;B*5LZ8%(6|3S}p099G3h=f&ook?I~XA_YkpE5*Onv-`3o~j|%23OR;4jQ3e z-6(?65!l6GRi=3w-5>pb9%z)v%`l@w{L;6&bS{tXPvmkj5=#pCdpJh2;`bE$+3EIh zE@JDWu`tg6-UXm1xeAC{qsic7sc%G`+hgh#JPONs!nAPQzc)RQU)GQ<7hhpTRKf|X zUZt>(HP)>B$p3d0@VFTi=ydIBVr;nE_N9g8uH)zq}6Wd$VCV3!KX z^eS7=ZYt-m&W`{Mn#u+dZtBXP6RC2*a)DCl!+u9`v@i0tHIv~o4^Jv2tHU>%qv+OO z3*vNO%p5nUD^c4!5&@ONqN39eT+b~7kDB8*%6-IU;{nJNSP008@i!h0FgX+toq9@i zVL@4Y6x$Mfa0#(k{Y+Ly|tH9?yW5Oiu zF6b%DvA1i|&yw4*{MG>eEet=P#5!qk0qbhof_iOWIaYMFYFCj?1XJF>vs6&06n|P0 z^qTN_fVUK_mvfq0D8CfV?uo+@kAT}u!A2_)I{CyH!(6{;=07hHM_HE9hy0D8(L&m~ z%}Uiy4*II|G{aRf)k86uiGi2uGn9Bk(nGm8BOf`@3AnPlPC?|eI zA2@F!_xXJRlr#<>cl0I@KxZMi&Dm|a1w20dr<^&>-Fb8RfCpDg=?ow88R_LAq|Z;V z_Knn3FeocO=)1@l)HG+xr#r!HWOl6T(LoJeYQtAK@p5+}sTh|KzTF4XYgP!*8 zdBEyxP|H?9H^brG^o(fGHxpO8YZ>^QkU1k=tcLiapD)kGD9NzYd$6##K=Pm~R}$ zN6}AwYXKMx3hBpk8b9k*<)FK@T!{Wfg?yK=JZ7G*2!b@?eC3?hW2=xFI{H^b7q@i) zIvKq&BN}#xaC4zD(KL3uMAKB^iuIUPeI8H5RZG#UM!-NFk%2`TDSRY~gC;a>;o|`D zGA$#%xG{D!V;YUmI-J**O1BPPOG^-;7Vv6e_(V9nW>L@SGqSRp4 zsjp$tFt}}J>?<5$+bYp8-*~ymK1W5@W_q6I;#BpyaF7UhH1**yn8Q+t6=)Gm?F zVEijpq|Zhv{t`No>Ibc$ZB?i8O3I5*j3Z@!IUk7d(N~ENFM|}^TykbiON)sGxD-C? z>3(_UG*5Nf=O}S!th>L(+yHTDD{N2*)m!6pNcnq*DP_CZ^sP*bY4{SQ#NVL+!0%5q z-ot`cX}<7#4=lH?QSN!F;@OJF2L!@q!Jqz+Fxpy=7#dO_5H3C35${>pis$8wc#GlG zZm~oa28s}TRVyNwBG8;Y#VE!6p+%m=`jDd3_71-#CRlLmBTVKb|76+4dGo!29>)4{!$dN1JWFUulZaYZQJK_IY3o9efr4RGL!zYpOXe>Qe*TEIX-8l!F; zKA7fmtR>~%Tmt^S^k%w?YWnt`9y@H!E!(0d~4}4?L^6)XvmxfyklF5FiT$_qC0vLX-*EN zjaMQm_uls2?BA7@`>Cd}s)D}Rok=ZU64`p%;}cHj^@}7tz~5tHggu=~+NcYujfTCL zB3*LeF?5j?33wGAiOa+V#*;Kzx+XUSC)fQ$DIV+ah`xWRjTO?*4Wh08@$h_5(1`)Ot zK* z-=k{67FZ={o?Q}i@a`zIsmJHo)gtvy5PIo|H?sHEYs&mI;(hF~RmN5# zAyzH>ca#rgLKHH=u$5bZ_LUQjI*7_Hab~^xie%|Qz-WuLF+=>>g?HcitH`@d>P-R* zgRXFo!ggMsMFOL7nQA_3Jc(OcBF!EggPg5+IP21%v45tD3~bBHV#OYhcmfA5nSED7 z4x7WGG)N_*q6OGuC;x^GWfzx8C1wk#RM?}eo0_&T62(=Q2 z)2}p*-iJW6XE-^kghU6(wvg2i6I1&OqY=d7Rk!1N7Xp?0{mN0VF>wqgxfa=xEFzl1 zRAlp6D89#i$y#;D4@6NJmjWPfVbb4Nor_2Imcc_6cKf{-@?8;TXXC97Vr5uIcE<3>1x}o1u57g);8n4YJIs&lK6=@#8*iq&Dmmi&lp_Q z(0Ap!E##n4Oy_`$ZqK1D1aGXM3<1&j-rIj7lI#PA$Jck9@}%7Xw^BVY@k=h_qP}o1 zs}-tm4h;4?Hn!K3Yt8M>M?1~+hLktkUr8WIw)Z(2f8pY~glr=JAvV`vmlBb3K03c^ zBUYS;D}95ITalw4=$AcT86xTn_=&$?IC@V@HYo~VjQXbe-4tm1pT7wSUX(ssvCs3? z@9mIe)X5$CbYb%$ee;TdIY|T0;)au)tnY}F-h^KfmXNz#;&y=!Qg)qZ z*I&E|#1UALJC($QVW#xT$O4>qBevvE&W1Xjf*#o(x+lCg#XfC8nnaIpZIbo60>DSI z59oDn6tqt7bnlic|KsxU3KeV(vi?6+783DmlpqgIRUn z61*W9s=Y5Q@33I6NAo(d_RzlnsRbTFpuR7!v(K=nml5hks?{`@D%}!7rxC9G=%Wc0 zyZ7%C;Fm;pEd8PH_YYQ^rnEaCT6+j8X>q=gN&#${7)^z3-5>|2zNR%R5v@b5g*>Dt ze+z_zcM7GRrH<(e>r-KRRE!WB&bRp@?p7GdcfOHF;E!}xgB|1mnco__wg^ed*mXVHBSq}?A>L)5$nnH1ouMPSV-aT%7 zW)mQtpz-ymA>DxIk7!4zRnb1R;h-h~tn;0{8UQZhL`-vBi6jw4>Grg_^lxJ2(X)?s zO#E!GA4<{d4@Xs*CaA1wCD6{fT&JZ&``7IL`8x)Pp(8!xGJ6}s z;sv6fOMBkiq6wMX8#c!)pO0X=7`k26mO_g41QRaOb3UgocU9m>0Aw5V<5vk3E$4__ zHl_3&)K!o`ML;@lMr>Xt@^dp+6ih-~GSx0R_mLM4v@92{s1J0aS!|TZt&jo3^8t*= zc?q0>u+a2OJJ*i=v`gdB+gM3lg1qN|{)i|wARZD9e3BME2m^F`&HbtZFT&%mg z*0e5z5y*E{JKMrl-<(H{v(^0gmN%v-+yd?L(qd_HC-MuU8h+9 zbR?)d{rf$LvgKMb)E>B966!GWbu-0-Kl-+eMLwZ>?;!9v)u$12GsofW>)gn7$-qUE zYZcW}FK>^nq^Nu+v1$k7a{$^Q6fN_K>>}o)Yit1{{C3CCQDc4^;$9`eI}JG*z#=$# zDb{kA#T3G#Ml27zh>)@45N(H|AFY?FTf<|?W}#J;*lC8@wqj!Od(?EBaUe9)#W~}w zOS99C3);*LtTpfTIsoSH5*IpU;Yh8?K((tmO=jtaZzrflh|Cap?V9Zh{DI z0@QWLA(N_5lFJ}XD2Hqme#7v(-?hVu0Dntd?U@4@v%lW&7YBl1vE@r zf172CAMT7H&fbW5$3kc(`X;-&6-Vs2jcvav-Jg@Y4SbmY+)&vz zep{qol>jU;+dRUxnG*(o^PSZwg(e@%gMx-Q-!8At+fp@kbkUl%d#lhjA+5mDw2VD$=I9XeGvlxc0&IY*aKnY zoPnlohi-!u1M{h#CG~E8aP8aA0!zY&?B2aITzb=m0!}Nm7TG?{5Y|8E$Z+Y`$?}YE--aosi!0Lptd)2H z^RwXB28-7AYM>#CC~h z=>juMoWmHi&Ixn_fi7e7O2+{U95LuFGmYe<9clN=Yvp`h*t{T@Zt9d{e=Oy8NiK}h ze2$RALZ}txk`6zCed;>sdu^mmw@G`lnFi`5%Yz@b1+2$uO};>!=h+$ZBSLd+Qcaqp zq*tyv{fQfW#o?^ElB{8erk=4{0g=Y>-Y{v`PKWu~jfPsP|W7JDV)vI${la1KZ zvqzs2#PUZW2Q&dfybkBqbzgo?Bke9H)UN5ivW678)8s=AmGY8ak=(%}b!U8ER zC)s#2oMu##*EDR2I|HMAT0-$emB74ja?`t4(BX3{6s*<^z7{9Z!Uf3B*uJS41_JeI z3?p#pd8rKho#%xj?qBH)ZiFNe$fip@rqi`Syh*)W>`i(PNQ^dnLs`EP1`U6Z`@*@N zGb_4^9rLu7Rmk?*dJk)57Fen$gv|Uw3LJCBsK180JWk`naYBnnNAf@E6Gi}9!+X~~ z+afU}%4WrcKa2v}88u2) ze9s#MS|grk!XAovZW$CL2`(jXxSl^7SvGZxlF^A__$ycow4gL`o0UuRF|EoA-iJi1 z`r^;oVH;JlQox~?+_Jo-r4CbUCqSBX#>4G9t98=l&c`OUi3=~DT3Xq4DQ(!A`+aG7SZD+u=8+u{>=iey2j^q?>ayR?&ns6&!_9-4(~UT8}aP%SoH z5KXCKOEeDRpG#J*3t(tYgG#0l>oQ)yX;1Ys~Y#<4?b?Q)1c0q6^zq zi-Y#pm=D;Gn5KO5`*@oM-jFE#Vg?3Gf)0^~EZrm?p{Pw%*SG0w2)puu&N|X$j zXi`|QM+pH(8LC@*aes}AQWu{`$hClT+I)}H{qfp|B#MqB)&mTc5SPXExT|mOx!@lw zCYWL-av1r;QJ52=!wlzDxJ{D_n-1J*^o3Rd7QXMpn+`y{dvEvdaV~4|D{8q(bnzYCMF)3%5|3V!JX?v=Xj=#1t#o+Qi@ny!5t$=+V0;R@C1z zmIM-|>yKKFbg_;3Wg`CwtjlhZh1mH7E(!~jCOo3ue)2n^yC*oH0rJd;&!mp5-Im4s z^AC6WFMsDp2vdRHLPo2#hlc}0?c#{^Sr<1OfrIl^c|~@icRhLyxR$T0#@b=t1tr<_ zFl&`BwWqb0fyWD+WvYHe-yjwpU>1i7%;Fz>Ef^0bt}R`txOF{l|IvgDCAU#v-WepJ z)K83Rhw2Rniktkc$p?iH_#4q!UfuQv5u^x5RHd6>q+}AJcb4rCcaD06k=WG)5QzT> zw!8Y|6tiQ2WfG$ir3qBr`fRldc8f%Zs+!~zqbus3cOGs>`eY}l&Y@#1Bd*2y7D5)< zfZo86hLGFbZvpNmzM+1F3L=Rj9(0i$aMX(Rrlwhv%+I)cN!@fmv2IbN?=sh(1%l~! ze3nxT%Rx3o0JS=@rNY|b$F~ssumV}txCA_f<^Tv-s!jDV9brIrF+#Uc<@eNR*#7h4 zxYPQxMcGafZqIW!itL`PZv)6Md`(V(@Q_JvH)KPu-=@wfg5h@jaab|jocj7>MB}XB z_(iUXa14u@vx+86Y2Za}zZhDT4m#h#$M;;Ml<(>N&jS_)T6wyc=y`xKkCLf(jA#Pk z6_v9f@8)R5Xj4Vv-mtM8(m(9mNxH%3hZ8!tLKx6Jg5ZGgTmwm>&dC%2{a#ceIt;Y? zIa?K@<2U<)U$ilmcuyE-<|bU?2`4B#vTVj;jOZ9nBu#bO41vx-gz(dM_9EpGzfYsw z^Zfk)c#GxH!ucko5Qj6tNQ?09s8&r8XD14H9T5?_*zL^4N&aUVnx7Ntqp@EHyk97I zVV#HGZ%_NFVl{Eod9|V|yQeHs88g{!7Df97Ty=_PA1eqJQIv}D(m?*m=YSRB1Yv_` zGm@~WCOj@2hffK`_Q;6W%vQ6$&k^;)5v|a^wv^!|cIrfOdjhHbpz6{}rNRhOI(E;8 zQGr@_YI>`;yju4?v1T6hmVc%5Vsk6F;z~VkJgS%4!Bd=x*Yl*^Dc3tx?i&($+D%yTL~#ZSbc?@OG%KW5U%&i9 zvVWHTBK{oA9rRm`S!6jJeGY=>T>lJLN<4C?dx<8aN{e(Bil9QazD-wWjuiiFj2yv| zAu?~8%9+!a#U0jtRoF+vNi4N~g0};E`9X^#&YkSAs3I^?lKn^2oIhGjZ~_ls-_%Ty zGe6PT9aTg?+P|z8gJ_vFd6Gsmp=dF0=e^a!L(LJ=Zz+YD73S~#(wG2n|8xo4`6LjOB_Yv&_yLAzKxg1fY^Qt?dZkg&0az7P$)M}Q*lCPBO zRu;Lv-m0!H)kp-;eRg$dY|I@(E|20Nv4s^|?1YxdJE|>6_AFIdJF0tk*c>?KmKSME zG`~wn9-XHqzob=~1OYOZ@RM6+RW^lEPe^yA{iUV2z^dd3p9h_b{@s zq-2O`x z5L!4b|LKSz=9=lBpLz#gzpXFd0zL}n=Id6+k4qy26g8DSz zfPD_*h$_NwJpaQvQT)W9E5Q#}$h7qb_6U=iR>dgQ!O^8M#lUmN&N5+Lt3x&JiIN45 zit5rsH-(l9E?%jK`l#vSG2cNYN89)3HY9WsUum6iq@r3w*X>JDasEie!iX6wxBI(PDd^Jf0Ipr4ifI})=l43UezH*k}RFifJ@ z;9Tc~wR>-o-7!POO@QWCMzm$G`1Z?hO>>TZ*y$gCS$)5gg`3ozdZ*T_itcp3Me~%I zi3}IcEn}Bk7ZCYisV-F|$z_c9+l!3u>W#b>Sm6GR6`8uSj1_JjX%pj~ODWLyI?=nM z8o5WvxXYsS`pN$_lY6L&j-ZYPgLiSjtG!}WBH2W!3@MSomD-yrHNqBon9J`zi7Vup z#s2u8Ug^>T=Ru0>D>Z@_4EA>Mjdw~1;U1WRmIEGPKDr~8NYUYVM#;fv3(GpVupN<< zujigG5ATD=p;GOz9}2Man3$cWY};hp+bpHA2J4J4*{Ig~5u%D0S^s5vvFiSnbb#~X z;^a$pJtTVk6tnyC?`hs8kHW&%zO{88rduOOy6zVVVT(l~*EZZUIwHw*YIn1WQ+dYo zsvpPOUfUZ@r1nGP(K%8N6Ol_ewJ^iW#Eqd)3~E?X1yJ{FN7wi9yM*3o6$m-R(1BE6 z(-Kf6&N5eMU%+J$7N1`q<LCf(gHlJmTCwl#-} z^3tu)yGP1PYJjnD(+yQ9eyV-abbyD=GRCc`Hew=#GD5lNW&t*fxL(i_@b<-8O4{hG z7Or?1+s~VLHVoV~^Au1{yT&_Hhw6>*JQrebbF+jWqE0h~_L3JleNCpAOgp)18Fn(pN z^5qOctIms@*V!bDaE z^%VPN`oT|aH|*P=h|UAv?vz^WgOc6OB?M7A80&Qe^GZaR!@$De^?#IG>Bbq3OM|M% z*&S&42O`fe7$oi=V#xyApkGS441#d~2|qcDYfpa^GO2E#nCqT8>?mEo%x=i_62KQN z@DWaAJ9sUG&|a0Q2I$Np>7O6Bg1F)*VN&_?*0m8a6IuyD_j9H0lzEI2xV>B!@@6u% zFo^pCR`L)4x3((0kJuM%V|tRG+_1w2P2Qb${9k=hoCI!j%%vRb)U49fu`n6|=ALve zny&Qm$I|LP+}$j*iv%xYQ+i#Lb3j6Y03o*ya&oTeMM1C3A`_x%JkkcasAi>SNbpc` zY>}pPWwzdk>6m1*;_IXKci#srh{zum$u-GjpC7K9GT640RB;?%qdpnQ;yqx)$$shZp{8E`!5A;kR4r=ID;pGn>f(DJ zOb}9l z?26DO_6_o3uqtMe?V0(72$&3*3DS^bl_i3MHTi}Ir3e7H)aWzrgS`+0!X2T8m$P3=D<*L7v(J44GyMK>y_ASLHks<@$`l*|zutt4^Jy zUd7=N8oM&gEZ)N+%j~V9@H3a@q*yzBvo;m~X_yrE1`D4Zbm z^+a6X&*WR#zTx*`GPE^1v^Rdnc77=rPANyXt=GP1LVprMSOV{Rl=8Wi%Q-66%@0t< z4wAKO2-2bzDBn7uhL`JCaA8bK0y6s!4xVo*sOq2s_Ir%08mAj3CFgLf$)sc+u8WeI z3q6Ykgb=#!NZO-L9i|qumL@LX6ND5n+O2|3F7uTbq4bgDW`|~*D@xrqtlJJ@lnSO7 z=21BQ{ho+CfX2`GUuTMBM-M;S!WCKnfFRj|Vy{8Wt%jtTqbXd06~*O3@5JOHIYv6{ zy-t*7`$L zoyQdG^=pUTzXT2an}11NF}iUGMGlL={V$&Emms)Q0pcqkD`)vPp~pHCXY*amH^uP# zQw&*Q(%-1tGd8DspjPDgwWd>+H}@Ajm+v|u>hNM7UwGc|dA6vZ>R?RjN^PcK2R}tB zHwE~eKj7c-7@Q-AQtbg<_>?4bc*EvCW!gu0d*T-Na_J#iY=1Xl2`gea$MzG+k#Fno z>dZ^NC)cNDtqScgiQ8G)tK@a zM%G{{I*y-PH9m>&7dZ!w#jw@LD}Ey82s6&Bn4*sgvuJX$3zlbb4FCh@v1}`mz>g0p+DbpYV73t80ZPcZ6r_$pPCtdT_$3(beUWF~K=?*OC@G*yek-qe~9NWuaj z4^2dyI4@pN;vDd1u9jdAmsa!TAEn+uQpd5k>g0yq7)m zxSt8!7YR5SCI2W2;7lpFe{x|ry6tQ2J|gZCf6cEsId=dHPm;hK2JI&U5yz%~rh%?6 zBGhs&A|BH)`HFKB5Tx;m;xAS5k$pR}-7}PpjEny^t|PzOrA`z3T5f6(Xu z2^Q5`7CKP8Nrd2eO*vyM#!VcYkDRgeQF4)sn3BjcVo)n(0TKXXP_W#`tTh=H4ddrN z)20ueu)2G4bgqTbPM_f^XLuoR)Ld$%k{l?mYcNFG2b@IP$D~_P^q9#yEcxpeCKPIX zjwXR4Zjt>4Ps$N^aR4SQKG2?P3Tgiy?^ z%-O>6c)#fgB>bjq`LoPpwIoz(w=ibb4D)oAE;7tf(OEXtc-3H_BelUf4EvWjMInos zCY6&(Mu^9LVzVgPKCoheu=}s_8=eZVSBVZ@ zE9sTaHf$V=(}r&LXvo>qEb6v_Pw+MbFy47JFk?P~sLl0%0F6L$zudqT4AS!io83S^ zD&f>*c>xxi_Eut^0DR$wJu?eo?*+Ocy_Ix^#d6`wQanaywe)TFL3}D_n9^|<*|KX& zm|p`X1{0VKw*C4bG%$u9a=w(P0eGFC0_XIdd1!!nuCCE1kF!bxd~{g)(DaJ(w9J?k zm@;x|9jDJj%2BSA&^3T>i^gT!1l`25J>7H$VOWB=ad&~Nu0fb1g`^KH7=n1nV$I5L z11Lf}vtgLC1jO0Newar7EW@*w=ze$zjO<~%!5&aoiVHrz>z!Xoo9;Q~iyAm6mk5S~ zM|RP1_ywb5(L7$@8T_VPw-4^->BU%uNtuy3#bIy8xBWoP@R28<0F^hh4}cX1`ab)1 z3q7>UzOnDBa*_Ix{ixr59}Y+MwS91%_t`PxKyUdc;V*oNH4EC)7yN>UX3pu8&wuax z;?2SfUa&)1P~g@; ziTT)P)9ma120^sSlzt&1AD#*$t6t|kLVntSHuj*?2{==Kuj;hA2A`Ov@2<8Pg0)<} zciS8AsCS!h_zCNi-o*Xzko^N35YJM4CZFr@&OR?O@w^jF`FROpix?wX%OJhph`+_onTnbS@~49KFKz&kM(XUBLJVt ze_=Y49=)`+8C+09Hl4@DV3mOyHi`uTPD-N&x@sl-pn|@E9N{_Eh0nB*os>m8Wa^fw z5V3f>4)4Q(MMiZC-AleZg2uExmHEAV%bs>*yF!Ca`8SyI+$qr$a)B)02GtY9L#s(9 ztBB`{c%bBJ4LsZd4^xz7XySY-Krfb=zahO4P*x+=`1J{Tu?N=(`Dq)QOc~N02S>W zFJ%sdR_ux#k~t11qJuE*{^Ijyc!qG*;jpbBaoqXNO_aq-EXSbdXR}8cv~neU=R4FL z$1u_Paw9xjZO0xT2Pj>6dZsMlZ20NN9K;;74_celiywxUC@l6INhO|loaDFon(I<- z;_z3nEfFE2q5tu(4>0QG!=0ZjQepwYuD?aZ@+kavXFe)&-$hF*p#bWf(Bbufh?ZF- zwB0Y7;VE_K@%0c%N@f~8aV%T+qn}XX4=2>hY7>P9!zYrw(cb+5&p;8qUhZMoXoY{K z7sDzM_{Ay_Rm;WjlZPnmIL{hn#Owp_t!MN|c~J~s5J9zqvFEd&kiw4v@5OJMVQn?3 z0k6JjZGR8{tfo3|z4=mBO1~5pRRqofit>izJuAfVmNB0F7310T*YVcRji=*EhltVk z7|KwNKl%uPgUp~dy>gx+lsv&oN|7?~UJonRE8!;}&r+6x-XN`wFohBCIXY0pN0i-A zP5DD(>&)UpjO6;^wINQqz3|K5?Z=W$(w(*BM+1yi2>Xw|hd_mpyY~f|YDBo(n7FHj z7>DE14SJ-3hZ;il3Q;`bVVnDvaeI`}%87>x4m9xa|9;U4YbhSC5oz{Q@xVOmd3sy` zs4*qgRA_$y-tVH+ncA)$GfrDbLrggwo%sRfNLE|n=O`gBh!)bhW~6w9tSanylnkT% zCG(rRj*-l@6Un3latfFkN#}p@sYeg?;pvsVC%$ncn|)-trUA-K5hbXEu$wR9xWd`8 zLuhFgg=d8_mOUe0QE;YEGNuvuRcxXHrI8n*uA7Q9I47(&0xIPn8TzA_)KS8{vwQPHyHk8m)i!;~9Dt6v7>% z1FJZl=rf%tTdc)>F`|Er87`mvpiUE7vK2LEA$XhZqyxdIF(a8XYhBEM;66*6nStab z9lhyF6p=!|VE_O?07*naR95JVeO#x9Ndcv%aY*JG&f!&r|E3B!Yj7A|0Sk;nJ@^97 z>c_8%7)06oKA9gM(39m8ywOiz?1!Hrl)uzytg_Dk|0OS{hBBhz$Lv9~VvSnX5mf`e zMx1X`LT4A4>k)`BNEc#;nQ$HAq=fWOx%{xb3bEEs)Iur!uoT(Q)ds&o#+PW{>f8L+kR zgKK0s(wlC8GhlnY6`p^&NhT7LWl~p21_em4j!aHl+ zg8R99z?^tXgnMQj8|(DZJv&2pD~g!fot+m zBgNf+by94<_rrRa<{Wr}Qx?A-XSw?iKF0Ys;oR}^yfCPxhrwfutlMeMhllqt-k`kZ z$WAz3eEd4=cQ0WW!)bo+L7hwi3_q{v<$*DA8$MmbIX32*3Mc7SjyGoKQV-+G+T-;= zJBjdxp8(LP2xE}WlfiWpdilx6GnCOSgljM9dBPOTF42fGu{@UnAWSNcleT_s{s@2A zc)=fK1j%rI`g?dL^Nd+37zHfJX?arFK_tLrMseNZbHHahmAltMR-V z3jN{3Mz{e_zPmI<#yarz9*j>1YxGznvie`wxF7gNo{^!Hyk{$-6lhjU z7HjjTnyn85^h+`sbhepUB~Q;*m)vymztMR|cD($o2cEEHMdMkC{bjE<@sm#d;s>04 z7ra|Cu||o&dk>IX;qPsD``Ricz{nSXHXiOA80c0c|;Sk06hR#vv=N3jUvv{^8Fnh}_FCafx!;j$0^Ej`}hW0YzAGVY@ z9ytS*nYLf=g{NOo7MI|x9gL#|dA+beme?hVV2FWl35RS$XMgK}@{~veoMFkC=eiOA zCF@fkNY+QPV_aXtG*}<^wl}uIm+bdnvA(_rf3k!uW!I!vl$n2)8f~#(b7X7CdrG9o zTgrL{IG8QFi@sr5T6PYAOX#d#7(r);;p-;*oy>_nWZ5$N{q~JQ`0Km$a%7Lqz?Tof zySjlH6gM8;2={SXeOPFP*U07n__gJ0vz}ip=p6ohOFnygeGlS+ENoq0i}fX$B5{2& z!vcf(d^LRU6C6MUl5PEABUS;3Jtf%-(^cf>yGd`Q>+;FHO-dAx2x5ayQyw7AdZ~X3 zYs*8{(78BqfE$i7`rgU=JcB$i1~}%2-QBP?-3ZTbEMj0ShmUS^)>a4{tRB*1l2UnV z1{y)%z%t4=DGuW}t`j;cK&P`yOW`JEd_Th()gt@gXXqX4WL_H7*t5PFmzn+s5mYcN zFH?@zEt5FJpf5P==F9!?&FB5_6#Cf!UXp0M(s7EMgN>W$OJtNZ_V;5M!dE!p50pRI zJ8}KlJ?X9Q^eermz#1*TrE~ZYy3;|Vp*s>$f;#32PXoS|b2YH02rU*$r6_ODBBT5@ znef*Ln6YnPR1KU!#0xylTA0-Lm2dnKnQ@)^tvND17R(Gn|1&e_&G%7J1m3a9`Jlr@ z_WNJ?%6dZ{peKGs^@xdW1mG+8KE#pmSLg+R)}#F5OTGx@a!xPdNSv#*!ylg?g#Z1N zKqqwO3Z>QW-OSUo5B+Io#5qkyK6D`0NEZM)+dux$?x8WWiq5@30%WI@nReNL+i*& zRp|L9eEtE|T^{B4vD?7szhR!>Dd`Q!LfMpN;3swl<^XZX`)5Dr z)aKoI8N@O~cdZgwd5hBJ>)45Y`wJWy`~8>|Id^k`-gYZt4!&_~k@>U#nlz_uAg6x! zQ!3&R`1JZ$tPlCn^$pVX-Tw|5Za-vw1gNgOAe0rpn`FYJ1AnVu*{t99=6ASHCdXxE zfd>5RA@-wBmuX|cxfJ;dpNTj8%i#_`InFTzmaz3=H$3|T8B_$RcF-5*5NJRBq!P+h zBw442+yOoH)IRxGn)`&6`T0kIyl90N(t{`v)fh!1HLEyg&1hfsk z$Av_x!AijdBljT&-X=YCwh-h^hbN9J6fi&?5>em4_}9VlGvV+peY!-Mj^p4Hiv?-W`wv((SPKH5SBxzA7H??w@nL!;WBfy z!EKw!pC(xrt=bI6DSMMBFsQ&{fHgXWUSHQxFl#sZ!4f?L{{Ri*?S_=wBa>j6$h~R$ zPVEC5*GphpR0K8V4v4&L64A0w-;^d1Gkr>NjVML3kAbUGpl22lT4ly6p;_!>92}}) zAhfkma{Ig}I$olC|u;?XiGIeNnA5Lrg4t`Xh)47@){@vbN< z-ghy8Hv0(Flwh>44ZXs{D{LVx)4=WKe3(UATSU3b7pNajQ=~n9UQzmE+cFj^ zWJC|ykHmf&i#R_Q&>ZXFp@zd{2Bocof*lyzN zS|___n<%e-JHbN>!-sefZsLKwBQhh15G2BFbsa&E$Yt!zA~dDe1m+BiU4nUHh-;zn z86^~HMtq>e+IMYtkH|FeutY>>0}sN%6P#`sY=%oozXiqmqsP8!FMvZ=q7tFwM+XCe zQ~YLr(DW{~@~dP(-ND#ChjLxUNpQgT$~cECk!R|EmvpT@8c#F?@;K>6gOZMn9+`K0 zY)H0x(!8CujL2N*6B)WqbiA1+QOk~6r}QLUlf8wqzm6lK2|Nduw&J<_v-BlE*|X;M zEaj7|1-}Q45$sJFEeyXnlJZ2+6|9wwP(91D2@Xb7rNp5QAuh8IV`FQ8<2;iqg?skr zTYhH-bff%k-UNp@7Hjk^*kU4G=9FbLWRLf^h8uh6>~0`BBjJ}YGA-i}Ea6<8YBa)! zAD|qq;K;{FvyJg@69bf>c^4e|o%r*XdH-2H20tPL)J7wEEO`jxbqL1oE*~@^T;q8L zfNWsriE%>(T;rYP@4R^X@{92_d~q8;(kDL{NAehl%iwwidMr_b;xWo+)>8{@H5!mx z7{q%p1=-r4dPV#}x8g64r$GEIQTj{#<-p%}z~A+2oNeMyBMb(3wiIh*zO1m1HM2v8 zu?o3LyFCc^u{ytm#|)Wgoe1NCd;%Vbo*8YH=~p=?aK_%6PwKxz>m&Gajs9X~9Lrz5 zpq~Z2{{UX+{_|%9a$@fxtq`1t`)!=gOeWId8vwzyBLAF*t}h$!kBqmDqSyw{9CH{_ zz&B%Pv^63>Zzd+u{#BeXb@)ArvDDS)O!ItU>3xVqC!}kOjw?2yJw|%;pc(R=9hBof z_?^W#Gli#3yNWQ&`NO&^q}SAlvb;q=hP|VnV8DNhG4YVBR(pI!Hw3?v>@;W%dP&Z; zgumHa%X4@UUScVdXf(z!fyIpoQw)JP=j??f4m2d1HOEVwYe|H@bJ55X@rTj)B?|O_ zjDR{3t!8?PKZ03f36$7R4f>O}y7=foI{|;sE9YtSsKEw#jrTBK*IDEYGg7@yO5%WX zXMJlbZ19;S77=wYx)ABiepto;wvN$o2pl7AF;0#%tvG|>nKNz0GLh_$Cm4;kaL(vZ z(BP{2?yRzFigVn)Z(WSDYm{@|fnoQ_5FJDF`xu0}z-NkszskK-m;tlzf4TRElxpqw zfSGIekinpl$Iw}WXP24LA@qXn9~wxW-{D;Ea87uxOTgkQSswvEmT+W!_NsDyo9X)e zUOd*`I>iJp;znnQ_=tFjvJVeA1)<9y=A688WD69Dh@VBKyG4o8oF$1@ai(L{>6mrR z_oPpQgA)4WcQhO(&z4>y9;7u&9_iTG6%UkalZ^M;rO*cda~KL|kr^AniHeqQm}N4r z_zhlWe6|G%D>(!QA~J2=_%$avHA1X?5_-(Z3QO?E!|&UCniqeMQ~L>_FK1rrVR ziDPz&GC&RXcApINUF5M{9NRrIMEcUcAcuh^e2hQhfX>>_pl^7Gl>-JaD%d?Vn7&U` zxP2IRq73LH;eSNK91!aLV!sg@c}jCVLKe8ecK~D`xzBRM%ap7&I~RLbG{rBkcX#d6MgYz&9PKSK zf}ZkyW;{kdi|b5jMlASuw!SXwQ#M!5Kf6Brq)MZazLA&ByxK+(t&_cW2VH3v!|OEr zcqk8oM^shz_ zv_$sYJXx}Li1sh3r;)C|PFAHoqT+m|FV0PQR0{+Bi(Q=f=t*}tz-IEupof%NrCP%_ zdq@SC7C&N#ERI0&PhK1Pvjz%y^&Mz0`PYMM-TD-@_3 zoRmMgh_X{##bas5);nga#_b!0|@eItS z;`&_*fTZHXDl`=rd-h z0RAYu#UMQPQ=2`eeyj6t2wf-V?EBw`Sm2i6JccJC3yzV4lrCC_^iBkL9&snw!s#`5 zqi}_8y2vMO&W803_8_nuaqdle#n76sgr52Ya!3`To+kUV!}rCDRcdC~zl%#V$fP*& zkr~$ssBKa0#DQ(gU{+alc*-Bi7L}e?c&3i=D$cGNdVYiN^fC}ge;fDic z!WQ(iNpRJUL6+>R(R7apk?QDa`^apzZ;08y7!Rhg1-QOCvWe^Kr|Y}9oUE^d zy;!X*d=?p-K2$r~W8~AsS#Ks|m4KKk5t<$7ZkLjfus*1derWKfZD^>g+=>0AjvjI? zN6<}Ao{Lk6!>E<=U3;i*FXkiPt-yEZSjP-}chiT(RVMO$AD+FBU0@6QjXkZVSnN2( zLu;x>035nI0fu8TyzGs&EWN;IyU_Fw=Srk&;N3fOt|*L89nmN9E%a&W`-nemTze`0 zpnm8RyAJeeHX&b&_(N5{x~?E_1%WFFTtVQ!Aq3vbaiw6P!BK<3{E8+QaKbeVU|Y->u^xNd`xD} zOX~IObimrCvmmE|2tjm!6sqy9%p4Da|5%R%0&UW}ONE3nIP?`vOC0zLJq#N!e`Sha z9!0WFiI$txn*SluzAHEhELn&)g0YRLPkNJm{)_GK3?~PHObn3-!jmWkJ08X<9(>t& zDiF%#3eTl^A`gkAt{#vkL;06gvTB+s-s7C;4Kf7pYxE2m0-G7;4H%&>;KrPczS0qO zjpiqHGNVS+eP2V!|IL^C;f2ZvGU61`u@TDLl$X{b9x!B3-s#2<-+%|oTZ)HiYeVDv zQiK%`hbW9M9@E$7)k!=s5O^4f2j)M`SQQK^oj%Gw!WjW<5gtC}+?8rCQ6Yr3RARl1 zNb6u+93gn_HF+kA`z(D_>O?ucA|tJd;xHl_7Wp_sK4~bwLv$tG>usnGQOUo$ebUfVN4PAcLzaavhMzpgxmcp%TGvRw=5H29l5BThl zugEkb68%8y?ti%}S)6N(u!COY6Pc0~9ZPP;GcbtD@I7I{?`Skg>HMOv9xprI6nTE+ zo#1T(ZA}wVK8?~;#c;2&G4|9#A&osuTmU$40nzN81uKYWFe6=p7(nLW@kY8}I;&l<5W>_u>}o(oTKq%7a0$Kj_7 zq0W~(eD?_Jyoe>yG$0T-P{C;RG4D-LHg-a9z{juKG2*rf-%V&Np=VzkN*jATGH*-# z35T~qLUeExqg*>4ialsNIo>yMJRIs6iRGU~_Fr_!LHpB`60LCvmxxIhxYS<(&3{QXmCRF0S&<2K564{|gVJkk zfJ~8#zy(VK-JA>avy>ES?cs#t%wd&>?1vLad^#20BYPvqIkwOF_TuZq@M=TLEG9M1 zx>#b%a}0WleOQ<)b_xt)$#rH)>AM&F0&eo~F}NolC3HA1x*#lvEFo{~;+!dScF!?q z%en2tw@HkMnNY+!0hbI&tWP8Tjak;m`QIYb)%5{4oulX1cfnlFy_MYO+pZ_W+qth@ z_C|VBGOxL?Vu>;6b93(?d`-6S4)n30~yYo@Lx6gEq<1`8hpf_c8jJsStxO;0Y7t z6P?xWUu6r+rnR0i4eN^r zX6_uoZ(`6Hj`$+Z(s~`^GCadRaEk^O6>+Sgmu!=HkTSVsJobAYIco>m&ix+CGR6I# z=nu-RJs02(*!T+9tKg)kvMI+BaaUuQ~&Ap_<%%1_qRM)pb zFwz&4<rah}PO5WYAvFuu2^Dcd&zq(u1x zQ&g%j#r`+Gj%2dLaU5|WopC2;Y>xn>bDx%kE9+SNHzW)Ng=+sTlDIV;z&pjCW^?m;FqbY*(CK$c9Ih+4w z)3v1&Iy-pEXx-=H-7G>P-NF`d+lH}Rc3Z~qyxlz?8LQ)-eg0eiPKJj*fa5H^$nH_e z+9xC_4NZ zwcHqFlqEl&o*&()Dd2mk?vjdVvl+ zE8(SQXYq!=8JCe`3B{9{P<7~~59|!AMLLET?*-}X70z)Tq#2!CdhxCIp@+X>ZDzdb z5FfrGNb=PreB(K`FdOD>EQH(iLcBlOjdqYov-N*{Ak`>sL z@6!AEfEosQ<{EYO5f1!=a_nihz;;C>k8%io3nU5nJSD^lT(Jt!Cg*eyyk~eAP!4v3 z-icd6176lA!#8lQRIxuTkR>?6K=9->4pnS=vHu|Q|IvPsFvXw4K;LGy79l|KXXT~a zb3{C)^cg3@WR#BzAZwF(R(V!|79`&ae{s~Sf36^K1%WFFTtVP383LR*-{Rt6F&bY7 zmi=Trl~mXiTrDpbPj}8HqxYvdQSD1p^DCL(g5$kRO(_?}~C4>|En$IixQNf(ai`_e+} z5${ImcZDnTLC@DnFUj*=39#T{ZD1}9Es(-?NMxn`r`i}? z2PnlFx1&*nn-qdnB#J~LiH8mF(7gZ;Bj~M-qQ6BZjOAujX}FCa@Qu)CRCtGIq_M&+ z|0_iK6Y&5}6SVRHlm<8Z6LOC-c&}$6r zdyL<$VPv?AQ;2A>8616_ZoGDwWa1J{5VYl!BAdxZ!sSP;92T&J5Gzn;$@V! z3Qo$3k<&O)bv&r(x<~%h%ZTe9JgbXBm}iXzjQ!`lAEGE)jxgH`8Mve1&%Et( zp%J$a%!a0G@pqZhs67m^3zSouT^fgFYTgWR)(e}+I-D}|KFLPn8ekamJWDM_M@5GegF$d{ICRHGk5&bkOJSty(Xup)>bHhQ9&C7x4%0FB7RQ{^oT?;`mrurB4vQ&06f4QG;=@ zjABooWK z9?EWO&FKGO?7vaMQac5p?J=VR>g*cD#1#D1NZu`Ieh%Jsmn^grhKB>jhP{!QigS#N zqw)EipF*|SWB^1M9|;qmuASR@mHaxoYw&9L3W>0`#g;%#~- zGRHiIwSA19_RQ>w2jEwwY}h=GX#8*ydcsru4H(;ge)1Q449Z8uU*w(QkJOhAPUb>N zQ?5}bmZ@4@C zC>;!*IE}-00s34fB6$XWD9#@}D2Lr^&;U`w(x=%{xk#T2VP>9eNt_j1^b}=#vyXTd zc#syvL&r$^c>eL*eFGqLf-7ShIK$T@mq&;F1PP64|TS$ed;zyXOMU|nOfm%dDEcG|6PaJx#k6`*e zoIo9d8oC(YH9XE1yD<}fc>&&ojJ!ui#V)1o%<7E%oxu_~r~92qt}bhg`#r)qp&`B= z;p%?3q@7xX`c;|UB@;YOJ7jB!KZ7IQ1%D2zaa8;rMtSf&{)B^-7u5ffQmYtyIs3-^ zpyse>=K-AH6XG}1|IFera8Vx>ES8JcYT+K`50{H%K&>87;t&TRvVK=t zhWorHUhy|iH@E`h_aRxdX6HFp6XUyZ912Hpe(H)sJT_70$S#0C<-!6%5!>qoOyM*< zB7_n5A)u#C;Ds3$eT8}U zL>2vLj%+u_eA|6{=yXyv%lb#q!QXEE@GF>?lX#H&h>mBCz*Oz zcKEvs{m-*{AAm?-*<$-OH?W!W38^A_(>+WCv8RH?NQWUU7ZNBeH3|`|o7c z%8fA-3Wu)rV!zpAda(p4az1Zlj^}L0yvuzpcvS2!%~0|y@#1~3IWo?`JG9aP??ar* zU2Hjf;AX^{VyS%Y(OEey-GICT`#9mdR(D~Q3V)oDF{lbWjDRmkVbpOk4MaL|b0<83 z@lretPT)Zvq=QVGj+eYf<=yrW1rSk!UIy@jZTdsERCF$&mxMaFmw9SGi}VTpsNzm_ z8ZvV|d{g1{Bz^8~(GL{oEXVfMbp?Sd2wXwn3IhL4A;2;A?JkW?mQUgwOD+x*6;Gpi zRk{^WJkt_IT|tHKrh-^@lft9-#QXRx_NMXP|Ez{jQO0Kv1^3s#L9oOKGeDTJ(X0n=b|pfa!iWx|bGR=Va!b*823VqyhEYbrv$^VS&;WDup4Qwz0o~Zp`O%;jb#6= z?A|y?`j3GY3=iS(m_fH17TtH&mAZ^tXb$yew1t@o)U`xEKH2d5h26!;yZsJAhm zV;dscnPK^oGHV3|dxea%CfRtqM68bs{cw{KZaI3=XNe4;b0Z)LaMLDw$o$c-Lve`mm zrc{|dy#BgDDYOu7*9`{_VKbJ75lW}8h`$II1$d3>;G77vXw>qnXKy%t`+NU&a=aWk ztwLzi81(FIaG;|C1>eL#9i|nG{5i_xoScK}mG75z0HEMYXO>=x{Qih2j;D2MJn7T% zD0LCbnPCLfQX0OS~5tQE&7Vb6c-e=>jGu}(bqbJ+neav__ro-QH7JLKV{}soo zWf-%~q?51=4X#jTYI_r&@boY$%r`%zd?185WivXQI}wH_7s+dhsxa z`tgjz@4IA>5vBQEdT7l;tE*pZQhtwUcOy#atuX;dH}BCC?Wc8M&Rltp4g|~K_Q*CZ zk-=bJ${C_#E%}wgUMB}=I=se?Eo#kqhS=^|cCE}jeNpWo`2&lA4D#^&KG^g|#C znd}{UHcj>64V3nUUdrruO9pDoJRbjeeYaTO6b8Ak2~gM|mE~>gyKt_`QtZk+I3y_p zo2ePO1`u(^qyn2`3x+pdoT0+rDB(GrpEJY~5xr~3t^+kS- zG10N#Wjz->@8nyj_@Ey^kB4MnJ=@%;#2#f5@7KZ)e>6jn)p592;~b+G9Yp~+qmdB_ zwy`PzK3NQm$hv93)yd~y`kKjmcIucdnPmX>PVzgJmRx+#fTR%~Z!^QXG;M$V%`qJf z+3zEI#NK+83qQO+L^iPmAT(&^0UJ4|hk*a%zJ}!N^~1aDSNA$+9w~?JM`gN1BH+vE z;KD{3bc(dX-L(*Y$v)K~HAEOFlbKcJ!Ns`mDPM;pJUXtpJr3wNjGxF$Z&)AS7LOy& z&~YF6Y^e}Stmesjn1zrFl(1cz#UM)%)+$j}y95mp)0E6Hj^%jLLPBRO>*$KO6@KaW zq)FE%J!!a%{W_8L<;mg?b`w88g8k8x&cE>4%1W25FKz&C)8P{JKj>Z=R(T(gCG(Gu zu424jMe z`t*3&QGSLeYyig==}r?TlHQYm$Y&TxNU1L}`L?$>@9FJx|0Z~Zx6gv(edLw{26B!k zFX!(0k-aaBuNR<6RDqpY7B0dKfkc0?E;9a`9G; z-qqYsfXbWiqsP@32RIdU#PIawvFDd}$vZIW!tapv>2l<4Ki!Sn&y_1RfiTmbTF8b7M306+M6=_klMLCImbrROc z`z)cqBlLO}!9&-O16|(^0ZtdMkM+RAEphJHNB5tZ!exKHJH0Rld;R_CEW6Jg1`M2F zWSGf}bfjw|O6)|uh6k58l2S)+nY#2>PH!Ur5T znM*>Se;WQS9RKRgD+pXc;0gj)5crFNz_)f>Wve_E4zqWX-=4YAQKRy}!8S&cu3%7K zC?h1I92gzV(TMP1LvpfiPn*e6obdpxrgrt}tB#?MF$-^NTDh4C0gjj=&H zk4`ZKUY{BxUb%0A(K)-1TjTq&Cjkemk)t}P-c@)>zUR|VTxeLVkE}x{|5f;|oPm zV-FEyHW1b-Y-xugeT}Hb5*om44Mn&^dBl;9EDXcFAxbyToWrnmhywi@93BF@YOad0 ziSiW~`dAd@br9I2V#a8~#2?n`p4Z?k58#`?Dw%`*dvthNqBOaL3l~T;~dpHufN zV;Ln_3H`34yiA(-6M%_hI8R9^Uc3=AEmhbV&%p46US=rG0KHH?sX~pBb)v2bVn*@r zg}HegvCBl-!>g9ITEGV55AgHBQTey$oV*`im5Z;GR6p~;L(2B;A zQ{&Cggyj?CZ4mk@eZ~wgoR(vnE@{C71fZYZ&zaWj-`!6f$EvPAuRRT zVE)qBF3;0`B3#@Qb$X&%c4$l)EK5s9IP-C&6Y+Hk{-!ugS}5rg@K=TgZHQbpiwNgt zj|_``8HX?0-rdDR;5`*qiFPyt$ulY%MudL`dtRQrG<=%fcR=*^KJb*Lp6^%bt%ZY! z5>eO5EU3`E-Dpi08gUuVG5$`^KW2V(ju}NAjau-P2$*bO{uKYQHyz`()A1(IqT}Tm zZ_)860poZ^>KpYx)c!;!Op$YAj;K!e-zt{P4ij^%%i7?vxxPzub_ru32mVGV)+h02gsF0ZC=`Iwu(+yFie`*(QiF~bOLp=ks{Cj_aK6FQR_4j_Vl5qv z%q?ieGPon0A02x6Wp0*81$n+gF$ERS3E3}etC&zFYs@WCog+Gl486rd+d zn?4UVDBmGEJC@k;RxYNPB0Bzg?jJusd!2vJy}=LTDl6%vjdB+634dV{qwl>@U`m(r zROn?yX5EnNq$+d_%OG>ZtZmB5urH)VsYicNdpxX*nCFEkvBVAte- zo)JlA7V@A6ng=*P1L$*m-PB^T{CJz=GNI4NcPMKL?afM`z(M-l#UQu|58QK4`v}J4 z{|HwNWkcpk2n!Fv*pJh-#QC?x`Bx?)`IQmW@cJQHVmiM)ABxndu0myd+?NQo$@yRj zr#a4tD(~+Rc1+u&l#j6%*TzqB-kn~bd_tR}MlfYUuM7F0_Y+7Xtk`9-2M~uYdzZc; z;Mg8fxTS&pbZ8mz4{e)~a>(A>AtW3&8R^64C-Q76CnV7D?c@UP*||K#qv_mF%M;0c z$xPY5;CsyZYDVyp+{!*G)~b}grZ>_oefaQJ9dd^6z>7In;u(<+mLMY=JN+H!m+bV2 zFKJBJ6yT9%&f5qk-(*qtp1~&0#XNx_Bp2@#&+hHapvkwnk`G;9G?E&mcIo=k6>9J! z;Hpoy_Ac@n94b_4<}m}V7clB=awa$7w>n?WJFbLv95_Nbd3D*pZU*o-DuF-tASL@2 zC{umNdA9?6FUQ~6=ZQbR?>T>deev6ZA@T|6+UO9@086kgOv4|L+lP^VvWLiovUKdC z*?r2E{3LP=K}GPEBC^IJIKEA0<^mq@P0BC7T5HELSuKq7dCq6E4Kg64phzan_;H?| zR~-1h=Ez`dK0Yt{N7M;ROUQP2TV&Ve&{^n-i?#m#qnS{`u=>p=RR@%_Qa#DkO*lgldxx2wRF}0v*hIbq);e2LR<sIEI>KAQ-Fxxl)#yFvR(B%474!rR_=D;1<&WSL~L8GLWg$?*W zTLqRSZIBVdrdi)4VC8^4@}~P3$MT6W+scQ3%S-%5T|*}9{|Oq>rvY#Fu7-FQaB`S$ zcVBXT#B&p#quguIk2_3y@XUiye9=f!0-2(DQS?43)8?mqLDLXNcq)1f{^gtb8tv2=#N$F@j=E**? zk^(DWHS+m#1`Fujd0y8>B;(UEio=9*2&(lue4JJzEIY`x0 z7bpYY;D$pM;qWKG5ucF!b2PCN@1>ulHzoW9+8-mI#r5@&)zNd6u`gU7^J0DC!wd44N{Pv8?{Dt}br0}EvEZpJDsEFRg@ zKAzL`P+O*?bAz)DvO-Tfx77H?F^!!499;9(1iOy(GN9*!azT-C7qRC_FFVfT0($Y8 z?j7aG1b^s%g)V*E?L!Ff(YbhzKL0%UJG+Xjzpo&01%WFFTtVP32LgYx3e_5 zgcTbm81l^2FmuBCzm(2a?!55%&ROBz%PE|@_~@c(iOb|l$0O3Giu1^N(X{h9JsuBG zAhCIS#5+it>h_#M{lkB;(;Cv;z7my7!SNw zHdlCMS=q{X=iM$Jq$EZr)gBG8f5r1Px+Yilv=e^=XbtQ3F))*=M9I54ilx!N+S%j8 zc%2wO+%qUaCy?XI6Mv@Tq`&+OSVsZ$KDFI%RKnc~y{onl!|x~w@p2C{MO-UDwX6h| z{T=F5<}ip>7f~KS-W+i2P;O_BIkufgTwk`1)5E>*Uq|!yar|MFZVAPuxXMmy1Os!LV;=LxA ztx;tbhjW>7RVeG5M1C&at%Se*XeQjE#7uJwcZaEB#1ya%~^ysSb zcS-)heX%SQMusuHe|lt%P2-qagl>JNMm7kD{eVFeqvag+%ggYO=agF5gtq!P_NzG3 z?%xDHSX>URn{L(%y}1gMQ={y8nB{qU>>o3A;{Hs%WmH_j)-;T}OK`UYmtccC1P>O1 zdkAiWTL=(>yGwAlfx$hvJA((e!DaA|d!PHQ_5MHWtke7S?%rKpyQ*dA{dNNx+YBbo zpJdb-X-@2gP*@K1 ztaQ=w-ZMS=)D~W5oPw}q551T&ZjD34&x*IH63m*xd>9o`f_W}aKNFn%qgn(IO$xP% zZ>^);g_yn0UKHH^{j2)itlJOI0If&MCL#1qG;3(}3_1AJzzJeoeqRAZdN1FM*BAqD zMbfOug3mcITJ>RU(wOYU8DYgjb^q|=-~QWPrI4-YkV3tZdw_f;Z;>1Idf2_$ltX7d zkzsyNuK!L;SFrjCSK%zp%XERw1Za`J-s6wM!}FZ=rjey9w8zAmM_wS{l6n)De3 z$#lkEC|htc282|X+)F=uNefPcitJ_iMZ!e)=~5TAV>xkdGhL*AanyqPJ99kL2!?I(^9w(_^1R zw5x1vJK>_jmp@7w)^59iPZv)zN{>sJx9@=QVt7l0o?)|i}k%xcmfu=QCKF0#;YY#Qh z(cj4k{rIk(eg1&sVQT2gyje`O7DH`z@si}+vUst`SDcC#!l|N?4#%Jp-l?SiBI!hN zuRp@hcwBdly6(8jSMUy%8|T@k>znx;Q!{+VNp0*}!zz%PignJ3Zd%C zjjJTFIkQ)6;aB&8J4m88)*t0Evsfl)aXKz9@$RO5w&w2I&J|DV%&Tk;!hLL>7ky69 zfvXVIW8iDXV&w^arlGiy`IV}w+4-s7fo7-{eESBouN%UtN#{pi2_wPdSCH|g^&Wq4 zN&;ULd>ksd&`0s79_eN+ifI|!NY_MYZFJp&cy0c(5!YS(WaD*J`d@y8GEt?i^qwUY zR3?0AOkl>M4UXg>pv|7Nf1x1`?g@dCw9b-q zpmpxL<)yl0L@-FhTB2LRNvr;=Lba=Wk_Bxu!hToB@M$GcFYY_E+a<=?qpRmM+j+AD zZ}&JM$mk~B>1y8z(}itVgud;Q_i+E#GfvR^DPPyBVedc*fU>X8~!`}74s4*z)<|k5YbNIfGkE!BrXphSVdr))n@`g#?VBQ)T=I$ zwf%Bf+cAw~Y}qFgI1%;-f;JTpTc3bz%mqrL{s`ga{t4>TD4uKd%U3z{`P9e%A+SWI zOqJUzvpzSxk^FK;NOY4Dw6|akxG7 zxi2%tmpYW|u<`!Q>dROv!RpX|BelBS6Y8%%dF>vnF9`H{Wc~lO0NOyHHl*4w2=vIb z@A2{_Nm&(t{zX&jLHz(LHT{K)5%GsbGvE6kq9i?994#CM<`3GSesh~rfUYYiT21f44fRYdWLW^ zZgn?tx_ap=`a|3M&-WRmdh&W#_tY!8U6#$VT}X)J3%G)fYR_Lezw7+~?iQ`Nx1lX< zhk-BMF5ZsVE9A|+-lD@3_*M@eeuEg7UifC$27kLkj2^UMpYFVwH?-^byxJ7VbYdHQ zW`~uXXt^3}5>iEZ!XE*?s+XTF+_sMw*c1II{7>k}ZSt72d0x;Y@)qYTC(73ThH z4|AmW^T%+oMXA;S0vE39S?#oh5$>n5#jeg5;+C1Gh-&aLirSPP9UjUk6>Mg$OKtj? z?nu5)5WEOazRRDLL<~^4ibN9NcT1MS_c&Kz5jy8dIi&>+w|=Q3RBwvX5}YhF1=KOVf9EudAe%deV1p?>tlXHPhyk3NHv>&xi&gQFvMnUetbQmO zAf-C>g|9k~Fw2K;B1+K$oAoQs>Cjpoxrr71zLabi2dQ-1z$Ew8d8tCs!$!@vI$=cO z;p}pC&RG#+_)!(^>_>2=4W|j=6Q06XWXOsCyg7XaFdxe8*ZOgbv{>l-OEOo>Hm;qu zWTj9Kr%Xf_9r#cogt^)sSyg;4@B1ph-E!v|H$lj5FRfGNQ*>$LCvI?@QTVUE`X(Po zrOAvP?2?kQ@vVrBcFzldK3A|(6BO)F0j|?J9*Mqi@k-Xock5r4UfB~=F6bjpl3mX0 z>q;>l7}hnE#li;>mMElUuiL@?*pK(Eie*_ntfp8kRO)_GA*}qO#f$u8X%H9BiJ+-u zFNLcd$q4U#@|QVeBjkX~W)MX1$+sEwfG`M_wft<*g2jioSO9G;{mWf398+5^yPsId z9OkVybT8@rvN~e8aIr=;p-PpN)wB3fg@a)ub99LgW!_od$>7clyc4awZeoaJ4a zC%Q;}&^nUTp}2L=_sub>P`o5`I7U*~flVH`5;{&Ap+jq6Lrg^abLB6Napt}sjcyE; zIFEgSg+J0xod+jXFsnnV;(a8Nu?^$wj?tX1|5*7Lh~J6^M4h|ap1BHcR?9{eJ`08q z6Gg2U!?RDLgTsx?ezP3OYQMf-M&rxi+G|@aCoVb(fhWu&o*u>8L;k_@*7J^6A4fLlp*j>hQN1xslcPs0YbhXq^fmFu)_Z#CXs$K9b>dj z(i?D9Wb8eAZoKP&->>G3BAenCcv{1&l|;-pIDPz&2Ua1)djcbsigQG0w6e~%TTve_ z(5=zXvgc`bzotzUX*TWoCqZhr#{`sXu03W52_GWyNtH(Nm43O=g^>(7bW1>(U}NCe ztGQ`xS-9^JPhj0y;5M_=Z5FlGez3Q8T>f` zQBkRNY5#%hGPf3?#^G-HSO;#x){wmEe{?t%gT~{|n=WDST`tRS=mcB>7BDKd{xhP! zng!}78~ONqb|?+Z?Q}zW>18+vov~39P%+$SbdVF)L-hBHU#+cwrE&C#h_v?#8V{y% zQBdW}=S|FX#5PB3RXY*&-4?p%f;F+9FLu7;$cHATqS@Iqw@kb_-v<6g1 z`$eP0MMt|;Nv4zNMdzZX*egaavECoGM`(oL0ax+qFDS4kQofx?u2tQxY>H-JbNI$% zTeT_&!{_r`7ANk0+E$P!-L&+et&jXuZ|3e9rUxIu#|9<%+VGQ@-U-D zLmeE5bpKZ(CI^XzSw84Y)1CE0)|_)MFz zywd4P)(2d4Xr8uC9?Tiw&nsbFcO_Q>Y8`{q1@PDYzXTi!O_+OV`|&EM9?-v8FMb>PJTT{c)&13cl$3Hv!Ro7!*iYycF9J~<7LTJ2CoKeO|vW=Cy+ zO!9--MAigzPtjOmlGQTfzXUBjP1_!A>Mrn_QFrW-Wzf~ow^;l^(99(-K+Qlmovv1< zsn&g;IP`(DbxRNGws0k!0fO1h+OzDz1aV&Dh9mu9PMc8JAVw3f->(CAgP72Cwn-eI zCK@c90q&Lc26HwdaHc>M*edzhIg;M0ckmirR9iE6fvSKhAf<0`ph!+3-a9gf1cmm_ zgsE@8#C%GLs$5J$tFLJ`4-yYyIA4Ho6l75{3$-tNja;jUzqIM$4;|K~Z z~=hfJh8zgwEdhQasR_|S?+O7q2lf9ox5X_#ha4Y(#*wFYh z0Mvi20)&(3n#>W_s||Pp82|#)@I$15iNJxAOG6qh?pEk^x|xU<(Hdh7B_XgOBY;Rm zGs{9*2uzWMoT#G;=&do(6%pXd#gIULbu%qAWoV#S`C5d$u$|R!b?JM4{L$rm4sfiB zULjzuW&96W)cNl~3=8y@Bl?rk-q>J)ssya@Pfs@^cb@=cmz%F6pzwQo*X5SmL^ZbJ z!{^ykyvgoU;E?!s8>KjV+h~S6b6rxd*(E&iGtg7>a+oajsW7I{1Bk+aq^tJ4{nOkN zp#?41f})|kdF*Jxc#Ed~N^Gbzk#CDFqd{L=^ryI-ga~crA*HIlXk`dZZw@#!_$>3} z!Y2;hwg9F)iR0qPEiS$lwmSUOZ3@r=+&SeCZyN}We#PtTKRXnmSQ!33co6|F@*{f^ zhZ`N)WVDDuH9grcvR$wwn>Gp81>J#9c+?V%4>lF@bDi@!5RLjXYddjDVMd`{wO7Ih zzh;WRFT8=+#Xlz{Mo8m1ob7m&K$Gv53IZ~eZ%k|YItn?hc^oxuElV5}h`Clg4$+Ma zTP+UcJ`X8(*smzD7{y0_UI{t)=@Oj1S|HkZ6BsW=hMmq7F~O{qJ)k8#MD>yR6|*g){|=dBpu z#6L$9MMpac+$`^3E{&gG(3LADt04^T@L{kRwST-|3wQ zOlai!}(=`iMg)>FYQZ zlS>McasRZ7{B2Xx;6ovXJCIZxFWX=$LcME+W<^IWgd)j6t^NjINYzC^HbIAsi(s0D zMbb+*+Xwt^I;uxx*6!9OgG`-jzU&ueCQ6Gyv#OEBt{5#|$)&N7wD*`-RH|p@WoQ3p z|GV8}W%!MnHN}1r8J>M z;pZIiv7ro6`ovXTzE!`)(OKKPcmnCw5DyH$!{5Y|aVn{UOaMW#BYnQ74+pjx$>cG} z;qml!|3X1p@2vmsxg;Oo%$l8EYeD-XBJP{rxCem8t`dA8vT9{tZpD{1S{Kw;hEskl zJ20wCJ(bPeEhHo`fVG)G1s`}=1rAZ%NfY_h08QBzaUJ*#ucJ)GF|KxI9prF*@3=VZ zYWu|@-dtyw9??#3<7<7JmOZ}Q%aQXa{-OZR2NbzkqzUCQ@$sp{1)vH!^@J-}Ct`g9 zslXu{$z9MI79BwRrz8?*nrG)9QaBOc;rfH+JW+$ZE5TZUz`%#A64Ju-e*TKI&+eA+kGv%w0mH@{ zIj~kcXe>y=AnE!R)QGu10>2ynSkW)ttD>M+x2w_~e5vv9 zi%Bmi0h~lCkf!}1f5OE@x8x-SXE1zGNKoWNAd7r0!db#`C}|yL4JJNngJB^eRcZkK z<}C@-i%$jx3IhH>wg`hS!GiZwO_>53=PM<6;62a&j%xhS zcqSTUa$0gUa72LM;(a72m~7FO)-I+Tr?5{YyuwMQJ%v(9)Liu~KP6T}SH4HIqfe%) zct&3+Lqi(sr3Vki0n}nG(Hzuiv4}vUCaz^T!F3jyAba>y;)Kf1uhO3|Ru}Kh$?aDx zKWrp7LDqS9Hq5{vU*Z=fEW{U0CkOA69@g@TO#_5is}Ri&wne^bBX8(ZT6UO82|7yt z53Kjx@Zo%VS?zeH?c;?+*s`Y0OXd-LmyV8K?iFLRy?}E#KYE1igO7@TJAtrIFL$EW z6x5uy8LB|bDtu;bWLOmYq6vL6Nc4{b4wO;=&Pu zwQST6B;7p&uy5Ph4ax9MX33nmN}pva`(3f*FpSbVnjG~48!YeAWO;BEn((`kfX*JB z_B2}>l>OrV_bup_LBw%83TEe&RM|#N!*&h08Q+4AZ1f|>;N6il{%u5_JEi4We`7&- z;US|P=vonKl`z#XL+RoPp`zTz%2-qbE+HX)aS{1N=DAy?k+bt4z(yURz|;NHSXwzI zI2K}{j1>inKE9Bea6hSCEL8X|Q)-jYgAv_p)X629o)(1d;S zmg3&S^kydAFaTWXm_LsNrcHI_1)!48IYBtrFn8=JGTH8g}4hdc=Eq4!sTr z*v_YSPg}}j8zMjTan4_Ir8s7yHR(FBkEi?p;t`&powH+MPSZ$fa65tvb?xBoYw6b8 z7dGIq^Za+uoG3v0Vv$$h7c)g2Q+H`(KyX{oWn$_Yt}TtF#uLHP3`$K5z0dbm6ag%^=A*;&8&@QAl@|23tjtS6xD ze5Mw(DArJwq``BPL)s* z941%v(t-c=6{@l*y<+SR<|OXsIyxjGGRsIwLS@A^QlXx3bT;eEm$=LD%{QAPd@bHz z-+E=|Ej6?Q9~u)0ff?{|ph`+08^&}6F<2ox3KoQ6V;h@o{F_SWdI4TrXA?srOU3T; z*YZ%Yo@#6HS-=*q4Bl!$cBQz@<8dSxHbm-yU990a!=NCTq%WL&_e92l(4;rDc>-c0 z@mFxPw;;jq#D9^&i|?B{fb82z6Nxc(y-c;}PSoI$-mtM<@-(k<)R~D<)1yj#fzSl{ zk0vav%6j_a%g5_KYS+s!zHK0R;7cKFB9N7?zmPqu!KiDT%&Gy`dszY-&S_e2)!4** z^eTXP8G9KCxHY7yDv!A%BA3DY@WPo$nj(<)^gb{Gx-K99fSw{gkgDLdcL(eoX{c|R0lQBO?$AJda>vXx$2_u8Mo9_$-1An z;?ZL%Fq(YmLOdp(>*>P{3ZBfj+@4P!r!q1K=Pbu~vSu6Z0 zH^>yHat2!GE@sFG`Gj=rkSMR*Z+Cu@xK|@(+C}gLCTj7g4H~>=c7m=Gy_^`0yVQAIEOT9$no>+Ce9qlzCAUG&CSr~C zdy^0D=N<_Tq3`z5e(;94>q_Bg**ZMym=|~I;;wco3}z;OmdiTS2iLIW;b8>W^HO-? z_;<;}(T#&yzM}Wxpenwj`dHO%s@t5ie>h%uA8lY%EQKStOw>HVZ3-Syk##6b_2l!I z=F;_8>p(V{R*Rfl3eEc_}BG9P~RBScV^9Y!rtGiJaLJnFu84EU%+E#7il5R7UCB zcm4p9WA`!bGs=lqlrQ2_tY{~Rt~0L~&2|H8%hJP~1)f*_QgG%9#UM>^pAu+X?h=zk66g{VC^c27hK9#jEtf? z{U`)%muEtcQfe*A$5E)(ypK{tOqNg8*ytK;9#UY1k^+7vEK~c=bVKzE92lO?>6W*) z#GIrw7wR^gDlT9x9J!iN3HvesiTbo2P6q%3onbuI2-}Ypg8hiK&cR!kW2ER|EwJ(K zC!o7fofp3hsy^G^9CKN~?46zivZ!0Vp6u;S=TS9ie*psC9jHng|C1_b4dANtS4YpR z0ovnxD-}=}EwN#5l|Q?Iqkwxr+Z2Ta7~KIlx0Sm-lGSqF;@^^^5B@A9(9O| zoV!WAQQ`Q~SA(WZPksOXXM~>Ew`+lWG$!j!M_Sz327Nt!>|!0)L{5`$mTl7<>umw3 zQI=er>Poj*Uw;ol1rk5+p=+3cRgcYdM(I~vCgK#7T8CdBN+f?x&9btwi$QG`PFET8 zqyyZx1cQ%;sFeqQ?mrRDPL$cixP%8ZSrJ*}*;h19NNx($f400FVD4h#%ACjv!M#jY zQ0wn9ICrv$p5jQOf6#d{z|<4vHQw?=%=WIA+xJOns&+;gzm?KGi82d`57%MF6m4$$ zzNkMe5W#6n+!6))5!}nc)fEIEv4Xga5vQ{=q|EIsr;t0JjES{wmwZ{Al5;gGPvkMl7wOX} z`4|$2xZ0ovGpU?wN!(T80iPzua86GU6XOl&Et@lKi=8|@{LszeFQu_+d$8T4c|^Ja zhuNE$C-h<61`pz(Dyc}bA)@1{@#Hc1?xC3VYr}`B?3UGlakG#OAOY=oP0Mn;yGP*x zOzAihljZa_v1PfO$^XPFcC-SVdL0>Zl@PAn4kn5d)jK|9mC=OodpdGxN&Hye`NPMS zoa|?m^s{F*@7Vxu%%LekL+Kx)Yt^k8PR?qfzj1L+v)B|}EQwgC!o+F5ukfNc(u-pb z&r5JQ3av6OQaEPAnu)JDI{b@hkiU!k^@eKmgSVVSk6n5h?9Q!{)^fE& z!660%D|kWw&xLye9}?1wnO@q?9NjCI0*kp$&*7w@O8@fwxmSybA=x>$=b$fb@&(nvgTYUF)JL z3oj)5gy}gl^bi3UCS{KzZf$chIR)P|A_LSR@#$9Ny|o*4TnlnaFtXW4c#)kHJQgKk z20YgO{TXfroNx7rbraPmGwGMm4Yj?$@e5URX39P}C9okZ2KRR%v5}UA97MoK)Jp&n zfeChCnssyDp~_|4i6KgBNnO|MLh1w%lRenZDW0#1HBp60>2lJVIThUt^gu2)3yJ)? zc6gFo&*F@|xa9G}4cQ9xo-58wLFX5tKc@XTl%heoH^Q&}l19;_W%YPT86~XvwE7E* z@G6SiUb|4`Z&<=S0qvETB>x^+Dw}fy0rJ zZb%iH@{hXU+lE9vBi;1DDPq{elkDlVP-1JsyD*?Rfd2j8L?xLe z^qZ3KbJSfDS)YmsGxGMd{+ww-tTaZ6nG3V=;-T%&>BB_!SHisl<5nkwyooH#Wse?> z3LoEZg)o=2?DVqy)FuMEhUQOyN*IK#;UV3@gD+(^ebECv%n$I+^45~Fc<;jw9eI5! zIpf!gzAkY#;vTbKbRutHVquLlaH&yK4T#$Gf1Y<64$c2~zMLFhtr#Q1WU~sqUAR}R zJjs8~Eac)=?_$M$MR<&;(#l0Pv54sa)VO5@Uvou2C(`_Y6h~+W!WkfLG(rn?8I(%q zO*rb<10py^-|irF(>7^E@P|DK{JAV9-@T7Lk@gMC#i1q_?Z{nB|66F*n~>wg1;WH~ z_!0xtgx~Pa7GEcD%`ABSNxJm`7Ct*V1(yRGj+{`}UR!(hE9+!5_%hI4Qo@mD6}fo4 z7Ja-AgQJ`NUU9Tay>0S`pasF|1gNuO2%71f>C}zKT{wce%QSEw(}Yv^+#Lo4js-DR=?!zH3*23iv9RUT*BxVRM}U7Ugi-S$_{1rZgzu&*u6-oGFMeA5L&)ARA3iEk z*)=*+q%9tu%jU_Xy)T_D+;NOx-db}BE1B?io@({gQKvrrUed06j}uxRP8oP%_-M*D zMIS|#F%tXm9i=nJj(gx@`-=FD@Itjt`q+bxCdj5%nf>=-%$$Hk%tO_1tq-%^PtFt+utf&4; zJGOi1E*&S8yUg~>#fK5lGkcH7^T_aZ?VkRho5LT*Y+&#e-U`|x1~6~uT5Vfm)g4;B z9^FyeiVBQSzo(ChZAX-P*yo&<0Ze~rnKrtU^@_}S2iu=PM@(sT@gZb`wnE)%oColO zQ!<^#Rv6jD(~!la=`2x&hGtit6vvM#e0n2nvb%F zxAoY7km2|8g-f`CYaWI>ATtf){+3Ndy^ zkoLh?UNONqu<>M$F4G=nk!YdM3VA>#l1D;yY6eHbwH^_t+KEM9TMdeTn4~qb)Y}4n zV4b`#n=2xFWxX{H{UJwdv$NTaF`{8Rty9zfNp(oZbz4^rLr=j1*6>dKT0`z+VWqUt z3xLf!{F<_Qo~00T_K#I%P-1PTyhOrG?bLf0H`LCTsVG@=L~Xds(@W2IOS$b#$&s?E z*K!corMC6S?nnVL{WC(S17iri;1`$LKAen~qHcK&m2eW_&Ix6%xx@MQxY(VB(<`xi z5}00$+NF-s?RZydfEnOsIRCcqKAYGS;geA&-h!6r)-|fDQOn_hv-H32C8e|Fg4&l; z&0Sm}Vc}hr$!#GWWArY?i5&%uyY3oSr92k3E}<~h&yOWf-P6N1s{vt`WJ|>VNSEZw zT7*qAzEE&y^i0`z(X(_q9{(g{qSTYy20hr}0HKDbes7Wjwsd0Je_id-%$uk6+ z_*4ttYDwIq_B^&-d7qpG6@V}=y~{$+wc2LUavy-^CAY+Fy&P-Nm-uItG}14pnYf(C zak#2bv-eyvc2X?_l-ZBaCv+Are13ZNJT;$d*{icU5^nXp|6WLWeMH+y3(7Qas_uHU zldyR`KYQi1nE^%49%JD=Q7wC}3+n{StfXAv|^*7zhJ6V-84B+LEacsFC6@vCFRi@cgEvM+CU zMEo#o(T_MVB8T*X^@Urr44Ye#Cf6#xeRTiU+z<`?LZzc|SC07@Wj_-B>ny&VHWiK?Y*anxDeWw7Kd6SlY^+zVhc^5zs&V ztU)Twp%xK;Pw=5<=Jk)C92ua6{*Q7+eGg%TJ5}Qk@Jx9{la#(A8}qP;H{ff(Taf1S zYLQ>I>Xh51>;SQ>W{%pKw7=%Eq_OE|D)NxA>!vr2SsM-$CfpIkub;LO*|<{FLWQ3! zS&oid*px0ygE2ZLCH!UeXuED^MTDypIn~tLWAG=bsPn~iHM;j7c7LV3uR4+8i1z8^ z0`yC8E=If^O1x&#QmuFSt7*I|_D6LV?rr19hgCUpkGAN=OMUP;(Q2(T1q-yS__soQ zi<32uB$Ya4H0PgTI!atQ=Xr`D+NO-@6x+g4>tbC^0oY$?)_||9?qhMlZ@}lvf1geCM`+hEpshN^;juE zo%$gY>mJx`S|nzpI*V4lgM5j}7z3*O7j@9)+d}`(&kB##*BqDX-Yq`wYgrBPbA)y6 zjWV~MnC&$rRy=d8k1I9h$uV}ai^XClG{)+Wl=gYc{U;WMF{cl!uGcO^Dow_4qg~sz%JD^l24%R)5L|DN-3Sap5=}*ljk+?h2&vVI)%z87mv_2x^8?Rw%6c%gr#{ z6VW-$sS{6){4QN94_7AkmkMQ=k?}`6D9aVdH$1HKh!>` z2|Hw!lQeAiuP);67EB@`fY!9r-hKBoCA|eGP!topHtxz^&v9|RCAXN7{`-QR<@sdw zWcOC+h5Dt+$` z6|Ed|$6YSyUPV9Qb&!syAx`O6^SmFvDX4gzWXNlCYr;JY(94Zis9dEorPbqAdZaz*!8~lPN+bsixSDN zlwF}l48JXa6~rQ%vAA0feXhNih%aXf#&gxsoqbq%m7C4h{6%82zo}a?XP!CNS8}PX zGvBvTmKr{`J26^vHkj=m`!aR6_9)h^9j)R05~Q54BAAn3;A;=HWvNOZn|)|GIm5W+ zEVl4WOwhqDAh&&gruA-Fv4nm5`T``4xsv|(_$zv0n5FhQL#Xw-?M7+X_2p6rO$mtk zmD@lexFWD`eUd`$vfDW3`OA%OHoZ>k>~p|xtHrYK=YX{L zVhZ-!T||?WDYyjJVM38L<2i$TjxYWs0qw>$DK{IK>y;G}nsu5T`5PYMY%uih+H;?e z@5{DBu;BFg(ihx1h}#J_Yuvmtidb#j5PN@?GjFepZoUDy>08Ch+n3G7hY4(em zxX;Fhr*_^X$qPUCSYHOws??o=Boxw`F`xl9fs+(q3myQ&s==;F(TGb+bvULKe|{I8 zzvkXUWu~}~85d>#T_J(x4i46G%YLU+m)G{S+!h4^h2Mz@Zn;~PjNUI*Ih+q{m!3xY z_&^t*eBX;PZ(&BBfF^Sj0>I-hKANVbPtSYf`BaPg`nhBcW?%w~J6B+aWrZTxxWhY~ zFAq}hkdj&N$!YxNtT+2)f!nDt^)qVeAI;(1%kW^?XbE7FD)vs(cKYNHe&Ml`D1D<_+W_aFtMqBhb3rmMe zO!}nz)!!i)_T3VGzAcYjC*dZ3ZAjFL-2Nies)+lGiw|51Hkk!!(XBQ zJ*nn=M_K~rkS%k_Ou28Chrd(zy>=_tI{6GLkQ;&;aT-NNu;Hjh%7GKBscj!SNa7d2 zx7=LDUe4?rPqLkz?Du;O;9jf|&r5q(b#{^1`Vz0Hc|VT0arNHb`_2qI zzL=EfEr0x~na=@f=vC7z@GN-BpNPnmQpnRa5I9&jKFq(qnCv)OWS_L2+_IVrsOcAa zY1hp0ohF+sSib|#3g(v>leI273Tp;b6+7KLmu4M+%$^MgrVZL8D2i8}%iFGM-B}ZL zN9`p)?E(u}#gAO`5ss6aNI0Xvm8I%w$B0uDMRsXD`qzkN?zP4K<(QStSJrwmI3<+}f@Ou9hNSfFnz6<9*^aMO~j! z8!fVi!Tsqnrz&C-Bjh`k><)j@ckCB=ZTJrD+bVV8-&#pgtB&Z%R#zh5Xb`8##gHrO z$)jZAt~-|!hcCtqePje}gWF!o<(-1;HAht}uL>2ghDha#UD+Y9k#QTcJo2OZe>){M z@xAEr-n$tC!ZVsw>}G>2%zjK+P`*`s&hxHh;=%vvrT9r-OM|L?)*zyB^Rstr`1TFv z$l*m=#nKHkU%hS0v;%)^adc9#<7PW?Xv6n&*cb)#+t+Ae=v6#)!nBy*cecLmBS8wA zJaV+(2R|*}`dG~GH7%TQG4luMuf^z0SYJYyEJl>nQ~pO4`wxgh9n69oe0h|RtVcqj z=Io$dP>iUj(8>#}Ecn(G5=s(%d44DM_K-R}0!DL+z5_q+vK5z@;CIxpwl!nezut;4 ze(gKIR(lk{qbM^04c`s2o~|BOPN2Vt4KcIa?c0p}XB@ff-<+_f82<+QtY6l^^|QOgS| z;d9vV@f~?t417u9P;vV5rW_W=$DdhrGx@*mH&oJjPiKwqM{hi2f&&v67i+e^1E7HRyw>lr1I`a*cf#m^H*9gfZRQkW`GD*v{OCK;zdOXS%DM z|J5D;ZQ_|@(8%hv*&TJ#ciqO%bz!o(?eD~S905)^+TVk!b9|H@3*pcZLt<_Aj}j4f z8CXdw8=Ib&t=B&t3$xX2jgSi21DR$%EY=xrujQju`O!9!8NQ_dKeJ3717W?y`?JvQ z;q`x^yZ+#8<@zGAh(W&Sq{Kk#%W54Vowb@tT@(7m5I$c8Og~wz0@pi-=#1v#cS^Y{z4gEW z?x<>gef95&=R)P8S_S??bN!|p{`$6qz8ESZ*FS4k{CNjI+rv9QovNUv2-?x6&gZsq zLDupD>f6#xmWcK}^FUkK2g+!;x`F`8(Bo4qi9Hc|1Ru;Nw+i+T&>?5%IV4Nx? zDcEKL>uZyPX^j(P?5SL=+t}u+cR#VlhDy1PVbkr_`r|-Z!DLv=|MmcmaA$|>?BLPy z=}zm)`mABJYwys~Q$Oudae3c*4s~*lTqgF3D_oDydrhQC{WN;*MsXS!26J9@8eb{k zo02FGc`0fOJ2^MIKAQ{j*h!i0G7xBNw$-Zmz<~76uk!ix_Qs~h0btM z1N%h3t+0o6$JW>awb=3~4I0auh?UZ=JFg>XL3z#O;D6b(|5*}wkj}Ax(>zU`h`g>7 zD6`d}KEAf@cP9gyCS4ciH{MS`W{%=IbSOW1=&dmY{_NCpK14lLI>%r2IeHmjr3rW* zy3i1=Gnc@QtJwa`Nz9Ra2%cC^1fKL>-Bxs6CS)IHgW3YG4Q@NmxR$!wGHS;;Sk(fd z41=%<#|iqxGlK5BEvCTv%) z+FqlwAI6X$SGum-sn|A}RsvxLw-2~)rl#PuZ*kaie!2GxL|6DvQLqbqODO0XP1G9g zWT`|!?n|MB-;COc#Os$<1-TK1aRoxck(5t2`gh&>zPFfMOEu41ZUS}QYmR29 z-P_^q^pd6j{k&z_AgPMpdC$sgnwKIbCnH-vLXa40b&?w@-+kwl0XToH-o!-Q@$4?U z{vRI;v^!Xe;`9@F8#+M)>+--zf~rx61#YpPJus6jLQXVx^A(Klw@S#X{)^9_*E&>+ zB8#-%jfKQva@h@;Fb?{KhL zo886j7(SRzHp0G=M9t^hp0#1QF{GcFzuM$j4Vn2A11T8u^2rxvvSwuZobu^z+MBE? zu_Si+J~+ywea*qsXPmdZ^5{|42>%uEuRkuDJMsJ}lt<*_$XGAwE7l9s=0-@mobT~M zD~HHS&ob|C-IK;Y5ym1{=3O31O%8hN?`X!7K2y>#d-CIZq~fjJZ!2% z+yi!pmFu=C;V#Ea8qDlq)1;!*UQB-?Pr$7;5hL5ua&Nv^GZ3}I2-HGJQk!hPzHI;IHCzu&y7RFz#iVUs0>S-=%m6+8Qu1>-Iz#+6`L-%#yTeDM zQ-!3*H9$x2Q9Q(oJ!-4_M0&||SSEt`{%O*+Rd?HES5$H8mp(3ANBdbPwp?NLGP?Y^ zU^9zxa=7H;&WRid*)UqoGCd>bH_&Te1@W=#@%sv$nSL!B6F$7Nb2G^1PtmiD>ct>S z$Ys5y$jed7cc=JDPF2>UU{#{^E87LaRKBEo!|s+_TrT2q?kubEPd}gG zLrR&%UrQ}=tOF~*{I*$`>V!ZPvm?i^cp@Rwp~kl-@{|H*pkKcV_eya7mNSI$o*@5J zm`FmiX#Kw=aAMVw2U{W-<*)uZ*M&(;FLR&(&?iv$yXKA-s}aGl;?+GJ5Yv?n*qo13 zbiov{iBkpgV1scL(_s`Sd*Y~*0AMsVP&6HC6tX+e{bm(wc_=-|>65BYwb? z9;Q8!d@H+(v=osU-`tU-m#l!H%To}CkoALfK8F?FBFw6_<+BpMhQK^qV6AH|0+_a| zd@%48`ktkDh#bCK6*qLO=XVViqZL_NE&CStb0@ZQ5_#Y)|2XFO(m&(`gY^h7(c+^} zG6U!ywCla_n_o@#rbNKrhR{|t@cclGwGK1;>kUuKIS|t>+H6OwCKMe=ia2paqy>r-IlmY{au=t<6LqrbptI<9wznMf-umiv|dN%vc@gJ>#i|q#vR&9Mw zBw41h1lh9L6PrnlF7Vd5!R@!x(t$j!aV^2>s;lJFi*el;S^`3AvPsa%=@PzyIZ8D~ z$H|OD?F#AX{53DTZ&Eg$STaU#L+1%)+^MPkz(Y$qDJ^EBD0`^mgPDlK^_g0|?QZJB zu@E{%F|*j>=@YsegQ}Ck+Z-KHiQ)zWEkTf#Bj<~I=bCNd%+5JOV>oOxT2ik@@@Nd@yWxFxlB)l2aB6=JGg@*}yG`#vi zqPFj*2!EM(!Md4IrhJ09!fx}Uj7JlmC~HN^cpV3we{4G-TPQ1Ab+9J#=}N3l7FL8` zLw%=g@0srGvFb}%ab!q4`XBm>+2+ljV2%;0IKo^$%I#E^H!8~KCORA?;dY5gEaH><#y^gTvX%tqR|!TPGbB`s=!@w!kyE2(!Z*|x?e=`F!}luGNox%PuBc> zyZy?zQ5~a(a5_qp)wfA`t=lVSR15CyB%-@B+a8G+=tlFgUJr`-_^*dy;p6e;Btkb; zBEoxW{x=btCC*!Wj|R5d0oiJIzF^-QG_JQSLx-rp_%^ruW@uzj!F$)hOmyTq_Q(nR z3dFR%k#!UuqdAr2O~xw+RhNc&z?zeMb{2je;v!r2A6&H8JNuNn_J!vJGJ}ywevBP_Lx>&+SewSN}omxQ^yYZzg_q^8EM1Fj^rtyzX>PVZCju(pLjO9W^T9F`S(6=os?q7}jvo9PHn{ZN zmz_0y*Qi*#s|mo;d#35TRh(UkD<(%%o>|{6n@!A5tl`vvoR)%&S**1pSYbe=;B+0jZ$E~fUO^9&&iB;0Ub`;UF>f;W0MlBH_*~a zawSsNNn3u)zi&0d(sEb!Uuc%!9Jhud-Cu9L^tAE`G-LI;Lc3?W9!GM6LG~>^lZa~8Cyx8wV!I4 zvrJW0x-$Nwv22zi5`W1QZN7x_#ekh*-kys`uN_?XHo^nr8#k^m7Dvr1$fYV6_@R|n zNVUNq2){8IrDCKvsO_9iil-Oi?qO(QH9cC)-{eUUs4A)3>F^M7a1VNTTd2G$jRz9# zhSyCi4Rw2$Xp@Gd9b~C&RPBCxWO4J%r7N&<`O-D_AT-?-TV==VF#XXQ)y#kS zqqbfIG&PUtCCPGUcuzLd(-v!NrnA%*)KqNKu}h)~tcRpTUA{AI$e}WMKW*k;=MFZi z(ZQ`ZH6)i)J7|870(slFJ#wwWwXIy|c4U4C`d0k0&yhE%&wZQE2K*9bJCv?c@wONp z62(gN*D`6jhT9M-PsA5_oEXs307@4R={^eZ%_#&fay1{mpSA?_k)5;aA%W^o;i1IE zb*^LH<;xM@3=*l`vii6QuUumu|Xq@MK^8J zo_imc8XrGKFgB@FX_+LzekP5WoCtsJzhUp;L?IM-foauz?jD)omWIOZEXt&1Y**GH z2}QhVhOd62ZV&zJH!%8Dv{QC>I7mom3Bw+iE?u+;cS!vB6%?V&8*AIc?18#x`(Zjt zW_+0in=3)r_{1u2rNN!bbE>zfc<0T7D`xs@_>-+Em~7LweUs0vcjwatlkFC)C#Tp* zjD(C{mSU@=pfNN2c<{5GH0&G6W)|j40;}L}R)Wrq5hy16TET!->d(c)B+en}{bD$O z^22uw!w-hK^+w!wzCa;TAmT$U9N{ATw%;m|V0rUP5aUC;qyqgIZvQ|M>Z-pCkeYMe zYP}{N5XYTrdY+)VNm|Tqg8gKDy<>O^xzAckHLOX@>|LlnOzzz{({qZ7d&ef5lS&@1 zlfGPjx#kZ)R?-foJFSBS<;ovv(-UcghSQA53c* zSUZ%TAJnUgaeWS`oEjIcoKiMwzfFZyh$bsvD(q|M1YQ>NA;D@Eq+`k~>C%DPp|n_W zc+{KoLRB3~KlM_gdGRLpmVuf(2qLtk$fU!w2Ui&b)0^vy7g;wM79s?@PxNd8nrR&@ z-DBK<%5`>!6>c5Zken6e!q!e3KR$en%l8^HH-0W!3J<(2N;NDNuoBks?2$>FWcRo~ zV|p;db!2%-lcU9CANNzDXd$(x|awEbS<0nqyWS>g3N%kaSmro^T53}Q%-)Kp^ zgYy5ps&im)72P>7l)sol#ZAIt)yTdyh^=N(cIVYSfScOYhyu-~=(j1vk;aML(WlV$ zfwN5SZM$?C&*rO^n@tG>CnGd__$%KJa4nJMiF3>vi|!q_&kFN^iC}(M#d?OuY?x~RY(o)k#jylza;r*k+nIZF@vw$x z-_7xkbnOS{dq{(czM5dp7|&JitZA|nYU0nA;dN8bN(1~unzWfE-%@V8d4J6ixku`u zkYH6fIk;`|eo&w#9?&G8QJ0)~kBRF@_k7rk7Mkf~H2+tyvq-_IjY~nLafX2S=Upqa z>g~N7CE>rPVBsXi!RGYX_ zUSCpajP9LgoF!^l_#&a(_=RV|V&XDVs}12?eO`mXz5t@j2#jh(lZ( zf||b|NZ0yVhOlB+i~)96(|-fnbZ!~e-r_!*U1)QbyqZ`RX;-P+AqG0c@EPoaE0-x@ zbR$nGc(VqHd^!K70Dt7&D)ZA48Cn_Y1c2G~T*z65lpp3fW0zZ(Xt+U1&y_Rwj~p4^ zCaAr&=2_G!pY1F>HU3y8-mis!U>tQVBp+wwlJmjkJk#VTt0RGF zlI?HdmXlmrBT_8Vo9pwZv#;uv;l?-Bl^>1g+kRE$bsj6@R@{)kWU%N*lP^se4ynD|d#+QjI607cm!jgqI8OFtek($x(4F5d{c#?sCTfDVaAU;B~g z>OVupv}E@`WYRLS-0E(ub@a~pD7zP^bc;ZQqbkcN4|3aumH)KN12x3kGK!&S-z|M4ut3wIJ4=M+Y7Ps83l2ST` zjLYA9&o=BfcP6^J;ual{dMitTT7_SZy7yCgjn9^-k~}fZS#IjsQ_V%$p+EES5+=7F z)i9}kc>oB@-+jhI0Wa@xNIIGk+qT_E_S?pL8S3SmNzB@M+x9?4#czIq%4A%= zud8tJWVraF6RuMW`NS=X2D3VHAP0xtB?UP{BD>VZfEEiy@99cs>rOvU`#xP!*fR(w zQsrJRI07UWe9HSexabqbo@Nsp;&Bt5Z`ZNXL}rP2F)vW{8ZtFatC|=j2#q}FHe5FSK%3{_Fr>Z6B(5pm5I8hBHex1rlgmBY zfd0bw$gBW*e6J`-R~I8Wz0R&nnpYwFIpgG(KG)-LvgW6*4f4o?3b`+yPbIXmO5{1~ zj!$DjTwf+{bHz#XP)rAmu|XDVD9LAxYkQnbYmoAHtII(VzkaLwYK0rY9Dle?ze#co zbDM(XQSqs8UEQH17TnR`RBEgGGMR}=!iQY~ku^$iqZb#1oCfSlo#l`q{cTo_8nGH& zF%1AX&FqcHp?JfjJ#?+Ykqdh0CxsIGpNYo4%=$28qDsza z>G7`0GRcT$<>9^tQTqxpn##JiPg>Gp$lvRaLx#(BMOXlM`eOvPUA{*3nc?wh!a6Nc zGXPki<<$^BkHjSIfPV0|kKL(M20ZUACa5HaIz&)20r024^Js2)!R$XYvn{b*QY}#J zNoQ6y2<*RUbTwo=bQ#?zldB$$@{W)#@{XV*tLu>s#V*Ja6O;+{^l`d&m>t%}M5Z`@ z*0a@M<0*195nj_@72DvZu6J5;`J3ZPI73mch-B+Y(~1(nYxd`0d##!fWI!N{16p2suf-ZzTDdChKb-)~>+;$^&>(HaR;?@M7Y(qqv| z%j~j=^N9lr=T_oRgR;lrcl326hi@b?NwgWC#j3j`$!!S7^lhd+m{~kz!(AqY6bpzu zowT?>E*O7B6gh@t`IoR#nF8XY2W#RwTU{Vea!Tq zP@w0dhaU_xa|%7vkU?t z|NoEQsugtu#4ro;pBsha3)v+Qm#q_8{N&B&|IJkYR}B0g=O;sVTTHCTcb8q&4+G-$ zTKJjs>{rkW{6FL6|M={`quKuk>i!!x{V$((Dn`l4B551ubooG4`Y=#GP?NWGWgv2{ zTR8~O_kTYApWglt%>^#SOy7+k?0)A-eE0+V#Ep&O%$UohlSE9H_uyr35y=Ze_zBJFJ1wWws?g2t#0`d@-0bd_O?wnB!HrB?z0*pHGqG(d#f3?i6#v2s z`2VzE>$_)}LM2gE(hH_|CqDdYi$hP_h%qv+wx7^85t&_LZ+*Ej!Jm2g z;Qyuj01-+vvO-^iP~s_ouG)K*gI8R@NR+LljC))8yT9qC+I6D&sJ$t}wmVOGyKDK; z^#6AC|IQHqvTOl~l$_VK0-?BWzOx#5#kdea8)mDMroS`+Y}vV6dh|L+FSKtKSO2FF z`mD(sG|_7M2>*1*;Tr)iPD$6I zY6JX!Be4J|@*@YlMvmhI=gdA2J;56j0eiGZB_t#qwz_l>M+5%$XB7TcZ1y}5!5Xll zWWV>v0mTlSW~qPY|C6td1-=H&^e%@M`z|%I4;odkQ~?aP{s<**?1F!VYzl#fc2$0; zMr+gsxr#hZc?rDzJ&aJ zl=9y2Snb5kL*)JR7|N1P*CgR19Rk#Z%PBEYUGdoo&bhvhZ9d30e$tO@&8sUGz_+ed ziW?fD$}yetvvYHmk&XHpB%j2S?$*eZ0QFz-7MxC*Gog${+%m6$*1Nn3%#{^w)i6ne z^2@E*CVUe@M7+sP|L)1bA|bM5F*Y-|l6|_X;@gKOZ(|<*b}w~dwY{%9z#gld^n#m1 zj{{g4I7$=4xw@<_qV-~h-1z?QJPo!cTuQD@d^aM#=!7av_#{CTo!~H3M2^aR|6D6x z3l@E##iV1B-74EVYplX15hTh`KryOJAGh$)V!KaRhc`(Fv^Y${-&zH_MoT_$jsMcN zOY?sdm3dpnnvn2UHJ8}sLz&;rP!ewn0{htt1D05cW5MY@^M;BF%_$2Bcxm_x6hA=) z*|-8M{bfGkp0wY zQkn|%z3VBr`jprl|GYq8HpW0Vqma{0xwJDfbFJZ8J-d*WG3fn6F39vkRuBXiz7Do{ z3WjN&@FHq$s_H9CO2IReqmOW|vmyb8I4xTkfjT@(M((mGFGVyDyHNshPk=pytC(e> z^U5nnc?!7N-#if`{1AR-^t;n1ui=~+PhMwmQ7+pw3kKp;>a&F^= z5ETgMBue&%PpE^%bMO%3AhN4Hy9tj%h)B0M&VCurKt*mSY44cTFv|}S`KDVxT(~6N zAvFNt-(?t9fg~Yy4N{+rMhy4!`mLx^99}kgc{Q>&E#RLEtMI%XxySQpT<8a>`Fk(l z4HrxxFPiNan*3^e%rFuZOZSp{5}ENO9eU-Cxqr@PsGE;c9

sqcHt;W&V5c7Y*+M z%jx2)uT0Y7R;JJxoOFxzluUY6=PF-cmi(;ND(Jta)nyGixn+3W%FhzaMf;;oSIyU zRP`rfqZ==yyMm0>1*t)e=tt^+4I5tHcp&J-^_}`XvT^si`9J9BBdLX;4#|}uL07-$ zUF?pgsS|)G)kkccaJJZOd>-4)-i*zin)lcr$K`o{K5Mj}-!0!K3QFuP(YGa(4)B-G zpgOa`V;|m@+BdTb&s@!=QABP5ArQa1xx3yy_};@z*gPPkFnve&dVOBaE#~Zm6FM>O zH8S5??7l;G(mkn8RnJ*lj37U-?x&@0J;Q*a0xTteEbV|<#A)-DTds42cFQ~V+sBlS z2lp8^;W_oO(qjC6@d7hqMWMP(WZ{cF_cpW3M%59*-c*FspM!q z$ZS+^E_6zHn5NuOOj?)<8M7W~XF0zv^NLKz9#H(a@IHRbQnVwb^s$q**@X3oEo~pg zMb*yb6~{}>^^TA$%p3E5ET8Mjpe4(B;v`$^GOl_1-2ua2j>@hR{NEJMERwqzO50C} zRpM~v*es>1?Df*)C9iDP{#blBW<2Gl55}VF`yW6lRLs7QL7ZoSMO@-Rp9E*ZuPY8=gGG1_6&+vi(@ZUD zNlMD^GMHLb%wd^MbJBtrNyB5#piT0({kc`f4ZoU8?EO78ytD0o!k1ToFA95`s|Sgv zJjhqydu^&b&s1!Ft4C00WcMufknYlyUadjl(u1rVEKu1gW^Lug<%{&^nLPH zsz*cC4!!8j@4WVy=Xy7seLUO0A@75m0PXB)5Q-xUYKy01st`$~GYl=)T*++&aA#;r zs5V)Ljj_7B#@biHudkvj3vi@waaayJy>!JD`D1l1c8WN5%w%jkij}sxP}L{%zG%V* zMigUsC{)}2u|AtM)#&xy4dVp3wT9ZSJo09@72-qZ zXL(q}J$#IhHzG!bRj|D}XRnS)M{A-~wM}^7&W!YV_Jgu{g&Oub=dZYhyiH?`2A3aO zI>>me{b)K!GO4HnuvC6bq}<2^WwIV$m8u5m_V6F!iQ{nFvX{+Gbpn>Zc7=oLVh<-b z$OOyaFSvipptlR0#UvUg?u2aCMfuAF@3U@WzgNP((w7} zivHTwF@40@E-|jF5`xF(p6$gml&|0@B~KC#adm`sAZDpg5$rqbko)@+EO;9i zgl%;4-wR@y**-k1jgq37=+QRWb@K72-_(pZl(YWo;nqUOKO%X2O@lSjj(Xk)jovpt z!|0eW4*k5`8oGP_IQ!)17HtCZ+x*XrnpOEt+y&jLDMgVd^Ue8Kz-MEY+M_vTgy(to z@nr&FhITM|hLqGWv4^_k#v77K?uV(!^ol6t$&M`aBo>c#0%1n^UYv3YjqLiqUpdC}dlvYij*6Wd z&TS!QL1xP=%mY0b~=`-60_|odwaUUN0SX z+$p8G0k$Uemub_vqIJ!nEN{TJEGECwM0~`MqN9Z~+8d5=zP}M3FBqF+ApUc_C8|+= z2nRIT(*+Z1Y)`!BfA-rX-?i30%yIXd{J7=+PcrSo2zVw83f?SBgn_4=C+avg-xyPbYPpT^AckIb>^~QcAvn2d+By>DkFL>sZ zKHg-KyYv10WKsd9Np#){wBP4;}SVQtUAO?0smvU;G#3xOlJtAhEahjr%#k=C;YO-?|5wHZuJBN)US ziK0&Q+0^8lAHkx2D{7?r@9LPa)jQTTGT9l7wT1Fw&Bw6A##gg`hZK7XCP$_zH&-vK z2j(`*WzV8*5&qCW89?aVgcF*|YV&gOdu{FZGmyRWlK1%_{#f2;)MuK&0PIoRGpIJ)t z)a~p_PGOEI*1`9tGhZN&PX2PJ*iJ<)$4PZlLoSB z+Zd4^^Dm0f zj*it@x<5!87LTkwG6r^clJRf{V!{G%+!rd;gXv7$q(}$szU7+cUec5}iv|qe{-_`JLQ3NPLIGW-%kiYj zt6I=Q=6YVk%L!3bs5KPcMiu(7Xgn`_bU-#ug$5P1aTqNTran2hwMHMa^$l9qYn*F0PQAIPw z`EmcaM)qlDL~AMAnG{|W7d-J)zDZeT;P6<31$a9fCp{KZNe+qlOt6IEjAwTezQ+c| z+M}BorAir(-Ms#1{@}m!_?6inmi#_PwBTHE6xW0pL)w=^I=V*nd}%DBG3tm3%G;(! z0t#=QFxKVM7L|SvE-rB@ACe+(LKuA^R)k}mKcYD9bkmcs*Nk5}NdOuYjPT~7n zS#+mvHI+!)M|>1T!^~A;<_yc?$W_VcFCf2(DS=tJ_g=b8`kl;rU=A?UIA_p}RxtJS zlPEHxyG&%vjsEsMiMp2&-sc1s(CdV(mKFs#=1o6;OQ@cz zD$wSaDYTpFWgyUA>~oCKtvsmD!LDJ>6@&2{ab>e_LgKiq7&#FYfB)v5iz9Avzq#N? zV%6}8&3{sB7+`5oi0pEot9i^-{k|Am39d(k$AwZS;Ir13xz{u zUEj()80H_#zzmhiZl%0~%et}oTWMmI;(}TYNk9$=ttAiC=6KbrCFN*flWr+q;{3Qy zW9+evjzn_qte`;Uw>B(tQ7eNoa^mM(-)<>B7W=neqBuXx1w`Mt(_i}SMNm!&Y*9|U z_Q2Zi!rdCi4Kkt=-(Q; z=pP%dS-|g_&bLiG%fQms#eheF>d=gD^#RuKMr z`{5xcBg`j?0-muX|ss);n8iH&D0nN-to(d2izs zTXu6>DWyF|mp94~ssU_-2E>t+_YCD7a)q02{idmTg34%iz7+61XufGq{F&b`K|RI@ zA(>=^U&<*aC~HA+|Ci$Sg`)F#)VZ%*02>LT=E6Tr0n=@?DH0DefWhoTKWBko;D7J;!R_exEl zNKwoIR*RU#>i-r&S&1p$KIE8_F@uOH$wuvp|I^_A7??$z{GWNl2F-~jf3eClvQm#`# zmfJILh}YF`IF|({%TN6}d%Y65ZS8BiDn+#aP`IPcouJNq@#g6XDfGp$KsHU-*MeL{ zTDC~d)`Nqz_2*afz!GW}w@{==CL&?J+%1x35|ojQxQBT%O46%ve>VJ95(BU3$?gTY zI!j;heMW!1w$B+P-(4og` zwP6-#2CSpv^Nj8wy#cu0xFp47->(H>od4aHc5H7AX7N)VRN~ox`&ta3 zxHXAbUA{O-&9h$1onrj>%rGkCq z=7u_IeM~zX<@Qc};=Chy#pcJBvKAbfs@%W&xy%~36n_Fm{BYNBoL&ZFs`qbXvFn_rxTJ9>O>NRBXPZXOCd^;@hz zTRFl!mmc`0(A`+mzCs1BJGYJFQRuabyZ%jd9~;LR*ZoK;h2LW~eQNydXuI-2>eZ_i zPIsufD^U|Y%wT-4(X?p$?nw?OoLn)G_+f6m?P_iX^ez(gQ-yi@)5x}wy zbGGPM>{aGD-L+7-v*#bTd&^Ww?m=ZZo$ot7etUaIM-F|BOW#1g5Y>ihJahdH*X)$} z-mD|^RO2sLH7(vqV`QxZe6~}LA)gt`U6+JP4VpH39Rk$-XV<6as<2c^4BZ32jVhg2 zLrWmOZZVB}1sIQH^&T~<=-*WyRkNP1i}{DfKPx2+sWZOi?=D@&gQzZMvi^ty(d?K`>?jt8)cbO$d1=aZj&(EX;K-6`j_HhxbXzSfI#I;Os4?JH9B zh$Qv~U}@~2mu~@cwL#HV7v@}D;mm3df~dR30^dQt&#k)bZXC4cljx4A&F@j)(^N4?0;tKqUwpu zk)CQ|eAKE~jSSdu@o+|*{pRReT-$4`l{~Iyx~wYt6=xVx1ZtJuIQ0&_7w|fN)P>&t zGHdJ{U&aU=`Iyw;f5g-TG1t8+PtR7eN(=P}zz<(}i8c6cjC}X_ye@_{Vp}F_IZQkW zn;r~B-EZV`zuh%Y@V(e|KqF9tR6nb0cK;x%t3da`?WYg~EKRG9xE>nnv!Qmw0ewu6 zWnXyyV|we;t&66obAUN`1X{hplR{O>1xrP~AL*la8HR%ZueTxv7P(u|m|XE0&2w|= z*nFL-uAp!5;)LK1I>mtf*U{5b?NGDuB#QH|9kr6IzedByzv&wP96CJ!w2g)#oKBhnEe_9o5tE^3()U|(*Jkm}ul$tN$WQlg z>^*v_Mz;=6VjU)5Q>6l zX22!X1<&Thk31jyXVz=$g^d+&+4IDEH6C!rHRQLoh9ug6gy-f97Ay24<@X-Wt(ebW zDG!~kAIBV;GB&*%Rfuv4cXi((2qq+0aWf4uUCn%-1cF|@l*x%I)mKwL6m_J0dDz-W zBq$fzv$ys4Z;zIW~ zP~9%<_x%0652kdbSgvqAJm|Esa0B!xz%-?8sZ-b5T+YaC?L~!j75YpRYT}^ zdp;IU3VVBLk1dBA{86>)Fp~R?!;;6{6pelT&|vLxVgBGk@M8&hAp_mVPZUxoKPiq? zEf~kDTy^w}3$j@o?W^#;Hd2(=I+bLR&~4QNz9`#I4hri&G*9YYN!k4d8E!#2_unrh z#l#f_7D`Z4aRF0nSp32lM0fWjr=-h}Udw&ADf~G#bF}*1vT18lvUjq5b>KfWZJiSj zg3?GXbZeUHi+_!99oMRV^7U5kTd3OX>RW4jGZQ)HDE1 z;Cq(}HSJ4g^A^F67UTM}!|mhoAv5Q~f)$w+IxV~#VZmuAr`zSR(4K*k4Ro=9)L(%IzDzA;@q~PygnKWp&MPNb ztLT}mnYPnMgbz5s11SdeMPpDN3j9Oi&Oyf|ukTE#ZBU;T_MC8mEp_`W@mq@UPYfng zOM)hma_x7tsvZyW>%OrKF(^zdIG6SaL@Xg|Ln}STeCWMGIAkX~+SiALX9m z{jQ^zSemE;7qOvXY$-0V z;%4!-&MoDE`YFZ5xo$l%o>KXG{x&}cQOMxbj%ga z&tTrwwg&c8vvqx!nw$y*Suj3g4)pjkCerATw?`ANz6T~&i;ka%q%VRL7Ugs(^T)u04 z!rfM7a$C+`?dHp7 zw>v>Q(p#i%ThHym5N>;_|W&Q>w;KNkY7b+1@>3%X{Lg(mkfs2ljVP;|? zE4589H7hH}2FF`@O1J!%s88}ksfH7cZ}~sWDjLGS(Dv$RzROatU17N~KX_JAPwwfK zHCO4PBb+uz!HpIzt6x-huQ1WzE3GhTVIjPfjyQIG@OUbyx1{(3X48OrJ&%i{Hvbs; zGLph#=rw>PMG+9hYjOm6WE|+l{VRx{gGA@Y`y@R%s-T=LgpHg27^9oAnMc90Iu>#y zR95)*RYB~z_&eFqb747I#S=_Hq)!F|F~f;3nTW{l8(B?<3Y{`|zW<UW(6ri9s*|wofEbe60@($Nfo%v*A;FkmnMIBRBFTw zzgd_4XJ21A!_=$!jv9q};RU^KZFT-V%3zVL9?Lp^gx6GQICSCYfPisCZ+?|g7k=Pv zuW21tm{z2no>s`XW^}LftDe}-O*xnxa6xm;^dhq>bN#LGPqp+2Fq}&1jk;B3h|cO( zMg#9^ZiS*58Gb{gRzYC_Tc36F*dlrp7DDK+>yR^f8T7hmMJ{ByYAOFM%#Q1Wi2`TX z5Gy^F#TqV@SrPo|w14HcV0(%E9!RBB#V&?wPnG$S&a7$;ojx|RlUvWbmIc6moxe*H&z;72R= z?r9D5@%}}@v)XQuOz`O8NF1rPFQoW+K9Zn+Yy{K1fsiNclURRxvxt25;63jzkgqWV z{|uM@Bj(~O(cmf3oQz5R1?pR6zAT>eQr{gj%T9%K+@-W?x<_jS1J#zcl5N;_kPDz_ z)nb71<&uVuE%=vRGKKtfk*hCrOR*Uh%dY&oZKx?LgQJW?o$M1C1a>CUR9>er^}A(i z{mYzr``J_LZ1%i<@*);*Ts9p1a1-JwZoUj$=qjt^F7A5n`DTa7tGhRWj%c27@BLsj zThiYM8nV2i!YsMtZk2=~DUvj4m{)b9VA)89<^xEC9l5kSiY2x)wxNmzaVHlHerX^s zk(RMe5D`yZxQ_*T^bsE|b;;TSH10Nj|M+F9yb+AW)xi2Sj$yxKEtE^XTzTXZpG<;It_S+-AQH2lox$y zRAgYKC9`cf*{-6UukpN6#p^*t1*Xq!qg|n(*ueA>c9*(*({ml&RH({(is5?l!|~ls ztx}7ZFK`BO;o*IpS3Cwck~g1S9>pMd?f4oTmy^p9IpAY#6e8QpuU<|FhDP{ZC*QKZ zO7u6^Zp*6j#-MZ`yq6b#MY$*tdvooI;;<&tG(cVESn8As-9FU!J-OBC&*Dk1GR>Vax83Uu@*=vV^QmEUkx zS=xN*;eC7=(TrXkBcX&jTDo_4R22EQdYvD_Cv#48H?7X;Lt$S)$US1w&!>92L&2)& z-B&M*;Ku0_2-4(RVpdct1}4hV7{Aq8%=~Y$f|I!rnNo>4bAKi$2LH4G=NdhB9lrDS zDV8xdkcv+K3l5^3$r<0!dG9!Pho!kc~70~-~8#zvGAd`;UXTkKT$ni^F;#0=UV1c>SiMcW@jl^vV*~m9p(AQT@>%}iR z^6bu*)^&glg@vW?jnU3m`2BPyvzZsyf_{0!homjp-Mha&s?MZd+q6Q{*c)HiEQ!mX zr+Zh?5oUJyjwci{=8`s4olzKA=?%REE+z>jkhcVmdy(6ByY1KTobPg;MgqQ=ez&|r zX`Fv1U>0es9`GDyl{da&5xP_dIxN=FGfi{?pR`a?v@kedMgTN*Pg&kk-2Gy7x_UIW zdR_-Vusybe6B@T0ZK}KmlVr+fvgLIk%|BgfC62qR(hLlqHZY3&b^{qrRJ=0|>{y0V z3VInE|0c-bPj(Me`)rJwkHjfVx=AH`vQ)1&@vVqua>AH!`OESOCG((k;6>&xUhfy- zWIb%S#j_)_!`H7yoj~u_0|&~llX{={))9mbQISLq2QZRku;;wk+(k99)8bpe9{;DT z%)6dfZ{5#axv`#_Sfh=}r+bOCbRJ^^YRoaL0tLB7C%y+&-m&fkWa_H~>pLUvi=CUy z@;>NEbklr(X@$9(xxmpfFQuj0zEixpaN#77pi^Q24f3w?R{$b2A(oe~6cY{mR5Jpa z5zQ(jjzU}f+1Scx0sPE$g6_Z`6Mf-;$+lNSJ;OAwmYQp1^Ff*YV+`H!kbv$JWA9AW zqgpp{H(HtD5Po(ZhM0IVGAVb8%>a$Z+x{21!pG{-gzUp?-5)>>|K+N}fsBv(7o_KB zXD0X_;fo|OI7-|!&3SskoU_DViNcT3bLd?7Ot+4p*ex&L%iw;{2iN3F5$K&U9Zy^L zer4v%lmvosrY8DCd~1$7Zz_Wi|0 z)8eb?kBT1r9{^-Po4+%;tbq*c=k4azt=Yif2sov+&3g9N(GO0R>3DEOOYLv#(od)K z(uFzwc**oK;J9Uhad33WVJ~+~%@3c{AN+QUPF8YI5T{F2(B<{F(d&#ZOFAD3;gEzV zL$y2XmFQ;){e12>SO;6;{cL+n7hj&#OPA*LlSDra4l;MUpT~8=`pLMrlxHir?2TU( zqvW;M-q9<6Iic6C&FR9j-^pp?uLquN(7*j;iRuc%ng=g4#BVso6^Byn7~xc-{GvL3 z_O9Oet8u-yGOL+&4#oWNOYU*CJaSV1^0$Cjk)ssar=_fEGX}g@p^NcL`;sm=x-i~2 zBqi`Gt#1LpPw9~phToEwuD_)V4!;GxK>yr0fZrij=v|~w;xim<%j!?+xi3GbCr+iP zIn<|XFI>=HBd5+zEo;d5Y)ek#tmp~eCo53eed{h>MGg;LfT;yJZK&!7I)gnrhsq)W>I4i5PddZuJz z2yT2x4}GjjfA}k9tgoqBWWM`?c8Cgxc3;rodoSs`Z})5H+^UvvzzA?CdB;~WpXD{{ z)T1Z$zkID(%_Uh1aCnzSKR2TDYJKG`{o`LU?$*x;2W)m|#MBESCo&T4e!H1NnjF_I zb#+LQ$!q%IkFM&!_P48p1FtA{kWJv(*l)Fa%=m0)yOoJ+`q7WC>c7ygb8Z>C8;4rR zF%QlO{lS-ysj(8RND`(>)V~z6|6t4lfU(>YJEM* zzy7j*@*aFWxq%(!kO#5}c-f`Edr(h*3V4rg>iQ3^0k2J=hEqEE+rWzfk9qXtcL&wy z;L%ST&$SHZFnc!aHNW;dWtx1WO>cHhsuhRDf%w7IHVNRDbyDOL_)vBHw0`BQ&*;Hg z0!va>l*N3QUmDaKe{)X%z@gHGxrj#gwBLTxK|gKL)9^d?kUsXQeEt5Tn`-@jtG?6K zu2AC{o%-4{s*QFl@A^yn;d?_KJ#m;j)WKCUJ&!%;;Qb!(u6_@Ao$X55g4YGSm-T~p zR~@`noVIOQ@HKo}~nZYBzCvl2ngUA5EHI|z@ z$l+CLc8)5G7wBIqn+zDrJW8ltvT2NF8u*T}wstUdfI~Qx7du6D`v~4$zH7AZ*yg;J zV|^O99@Y2$c3NlCmo$5AO5LM=EivZKTZcwgi_5%LW05rl7BK|kU6Y3rQ;dgK8o&9L zS2)xRX~X3^ws!ISyG#P0?Sa>SJ*Mye&9vS#c&*bI3s9H0;KixM7(}UgVzmW~Rz5RO z8%2!fZm#hT{rn~X!PDjX+~RwFV`jSC?+E3@+}z?{_o!R7kN4qrZw?F*11M4ERhyl~ z_$_s4VRl;WQ$EdrQ;`1oSMaKt9MzS6l=iq6u-BKH^wYt;+4zBu(FKLfsB2?v<8FDG zw@w?~KpRaM3;4u&n{&?{U)DWnZ}K6l(8Djh*rEC9X|+xJG`of0w8QUm|Du-Bz}`MM&z`-{xI4s?>1lJEFKtc`$q-ql##%>* z(l=K$9ZXe2ZBQrfPggD*w5)It9_K#y413`dn~1G;ot<0l8fn)|yPWbIWm`KNpRIOB zA8t-?3{XUM7MO>-Ey#}Vcr%8yLucOI0**{^-!WR2gWX-`{YV4*-OI}k zpVG{Y`_ioXI~aE&h~~l@%0xD8np{ffV4vva5Yf7)TgtVzzM|Gk%bH(gP9Q5IOEa|V zx^+7?_p3zqwqC~AIm4zjWE{k^Z^74|9NeBqi7;Q1rOTtEKS*ttR6Ku5%XFr}&$>Cq8iS|hXtzeXiSnAjBZ>j^NNsZ| z=%TLDva(b`-_|nC{|330lExusp$a*O$nK9Z4>=I`282U442DL}_70^+h|&p#)l?rO zvMkfhzbw|Go%1#s#aq+!=C#po(k?N{9UZ~P)?KSvX`5VRn-j;$;BWDnyIIP45d5;T zIE@Ec2S%brO$5QOA*f^b#_>xr{J70Ab)o}_2lE5Za5X8+x@Nq&C5fzm=ImnqvwoV4 z;`ao9nU}7~V+>jL?s(okmNmyY+%RzH8fGl<@T9%<4 zV~s&I5y_o{AubEP+>M{jQTu0Wekcv21^iN(x1mM&1!R~j>F^7VHTePM+}L#da#Q+j z;cNW|U(;O-U+;ep<2XDUON$E3$Oc~ihUN_(l=r0ouLO8_bmxSChqtWE(Cci7jm*5Z|hu&QB^iNNJf#x=@jNjVkjFx=e>bS6>Z+~k|U8(D-Pzj@6}T<$9N{clk9B&e{2Ru@}}Vw`x^So*Gpsw5ls} z(()2Ao2Z7urdl;Ud9NNmlcS>5e$96D;wfygRv3fRIFyWK>-fi8w4BqY@t?B>ap<~9 zUvle!_XzN6Q?v}cYdhf80dEa>BN*Tfo{tE3@H3|o;~V~kF#u&2Hmk0&Q4bZR>QqUp zGA-JSh+;F|r$P34J)#E2gy zlI`FThBn?t4*JP63-KJUMsGb%KXWH{^)oA=JoMJBep)+pT_4V)`E?usJyoUVnt+zB zG47pW-1$9~$S8DB>*vXbYBdM#doCz1s!rF+Cd8VOGC!W4X4?vf~l|D_kZ{q2lL>GVV4!R6* zuo_KGR{{9dg5R$NU-Rvx0_l z9e=V)$7-<8T+l)NL^KT^V~-ZZ2zvSv_$(!)o{Q+H3yfzN2g1f;H9lOehN^%T zu5{|^b)S<ByL9nn+BiIlE2wa&B0TS3;b#^yJcxOVlGH*fc}wc~K(8W}XA zI9#tsrik9_*SWJB8ewAlR+$L4Mx)ncmDG?4r$MFuC7ktU6eP>UGV95z@d~u{Q*+(q zd^R+%%3al5x$^SJ`om@Vl+_$|_7~&Lt?MT362H6lw#J%1$Qo+<2vc(tzaRA7)@b%Q3x?lS zm}@+a-@swwqF#W=I9yFq%AH6J; z&Q2e`uFi{SEY0JyV0so=P0*89$2>lB`U{We`8N97sPH6Pvw`RI7n8frw#z-+H_^gc z!9I?!886_~ll&XK{CCBShtERvlY$dFnNtN zbvdFnQv_ftZ%^dofQy#wO=8TA`Kd8=!!OZM_$3t5$$Nq-tIH)rNhWXz;)Dh}y6Jjp zFA2Q7^<)caBQ`BOSRTy8cv~x@XA1N*{Hnok82mPww`tJR^t1ex5f8tc>Vx)_gIpdx z195n{IUYTS;`9t9#&3C;d5@eBO1NFnD$1T`YGO>SoL9^Z7b-U;RgL$gAph7K6{ISQ z&0YwHo+v>%F&w@9w#T5UIV7?Az&6Ot81L{X9?$j*|FhX6V%suD_cr?18@qu>T_|Xs5bE#dgP6sr!$mC%I9wpRZ(>B-fO=|+eKfiZy zG=B{ySuAaWltYvH`~P}TKgcL1l|ze~PnYQ5d;x>37>N%^<{h-6jZKnuCh7Pn zDaBCoe4$jOk#a5&oP~i{xZGT_8)<3E+vb`!R#&yarcs1KnxWL?vE;^tp>hWd*D%pJ zZ$fPS&Oq9N6N|2Db@_&dTL<;+uJ>#oPAlUD#v9&EOkOvy?RoY%cJij^Eid8GgCJT% zxNSJbFd@qCJ0)8jWCC8qgLlo~y_*D&@I~P5yZFVyI$YzD#u@hLjQ3p}?iO-MADm!E zC_7>%e{Y`;&_1cjz8@XF`~rDxQ$8~?pw^!6X$bFzZ(k4S26G5`kH|1>kH|KJLIeYm zdAE6FijT{_{WQem$QuBIWtTOH|KxI-#=mzwko4JWkZ9yuzONSxyPqEJS8Mm*Ymn3b zZ?^^1cN6@qz^My2HO4XA==9e3@wX>36ZChtxW2{LkN1z?ZRu$+fsf)J^K)1=+Npp1 zPLE!RVQE{f&?z>Bzx#jHDHEnd7q`)iUmiXE$?d*v?eb_>uG6&p9ol6;D{E&%b#&bs z1sE2tb&TNiI8Y3$;|D)bduy*=n+a)riIKqAxQXFr)0hS2L2GF$tg6=Yzx9MlNfkH$ zy;pVZa-N2M^$W_dw2wrPx^z(X*yQP8pLs-L-X#Cz?z4{A0NM}sInFOWqEe@ZJN5Fn zZs-*&nrS~Vw@n!fVl2u#_NY!Zrs)qG%k%)7o^N;eDn_aa^WdMnWxK~{mrA>G+HL4N zw2Mw)sKRr|qlwoKufNHhl{}BEvv%2><8yEo5{+v3#+d%O^F>tz&oVa)v<^`%oCqW#AN)lSIW61>Gwv?f~H74IRw8%9KR4b4!=Z(rbrP=$}ITB9Z2m!BJoEY->nIj_&)jF z;L%_Bb9LVMlS4LA{tk06u?nxRtYGZJ%RMqY4ZJzv!JG&MqkG~?`k44C>D}&4`ZNB~ zeaFiV4ouKv>;4_Tx|ZIvxWVp$fNuPgpJ|`B+Q)yeuUx~#I_=%F{q*?r61Ur*?tart z<8&Eh{}3OC^*CK-@ycFd-dd{GjSV~K+y`*tnYVdQ^w0EQ8;9A!d5tj+LyUuYY}+`@ zk|J$|aUUf$;U?o?M$Z@rE%_C-df>BP(#M;EdOmzk7l_3BfBwE-oqe+y34LmO;1NCc zxnI)>QiK22lY?r^T+n}bV@@+fcG|{n6GPbYBC-_S+idYJWia@AecIJ=es{(Ml-cMe z2IKiIb-i~(eV341?vU8@>z(>8RQDcYZ^rcA|J&cWFMwx1+o0Hon_PC+_I!`uxOM;b zi0*D~xY)efzG!6aw%YR1#@zm~4`k=d;VN`lh-ec7gq?dDUF@EH=@NgiHMeIZLvqiw z-`$V#8{JzRxV;^SF5dmgkMa7lO*H#$3%1?vHHibYKll~CiEhAWa|@bfzK@U3GT%9n z!%H2%`x>8*?X)HF`f4AF&IWEpw#*;4)P|HPaq$=Ar0 zH?%giuE9W-N^6qgy#~B7;DzGwe$~PIq=UDtj<-mYz06*RIlqZ+WCxI07|m)QeOS#6 zr1qK~RCvIrwlb+5{xQ{VYg`iKIqbVDE9J^AY1UKEmgslB z_^2Ku<1nPo-funfAukiNR>Zw`Da=i<`5x}p~@4D;P<#P zhCTc)fZvVJG7fX_HuyyiKSS*Rgxi|ax475#sP@3@@>10qpVj5)_++1gg8^M9=qGi1MQbJ)_2{_4L>{>!+FK7l(G}f zv;XPiKK-jR)f!{|hdTP%Tf(1#O4V}^_{HbQe1v`OZ~woak#2iNH!^XnUddNVtXxn3 zdX2vP2Mx*|kLqN206yPTANDLSp2>l@zZb5>ouP+CNt zv|C)5*5cHHF1&h8tv|;YYx)KJw7~(aeK_{mb9xB**c2U6Y1@0cdTm65L~X2d_!)2m z<;nTTEaeRb&?hXVJT{ta zdt!X|uCtze+0%M=yTlC%CbxI~w=4eU{c+n@?{1q9KC(9TT|cLho-14UJ@?f*{rc|_ zfx{jLas9#JXZ=p5OQPR9@Y}}G``P;L>B(F4+^?Nc#6vUjs{xC{i+`1XvvtSraj*wi z8~4f!zw<}pt}T8{z==QKELNt!I6fnic?^Ac2-#TZ_ze5S?3||H>q$yr#4H`Q?N_$? zkleTJJ*4|~&rR`rllXet!SndK*yhpFvL@m8N%jGg%p(t;DUdL($vzx}%?`e}u*zN^ zXEFOF$)4XFxV&h7urX`6pBBD0*=gPn?xH_7_$aUL#MzVwyOJO17|y=5 zQ)-B520P<#7GKZPmqs6GJ799EZL+}tnTPy3#*h{AMB9N*WDd0vf{Vou;Ot_Ij(FS0qB7@bvL z=d7mZ*`(v?ZYG$lNSzdnk|&z;b&N3U%vhEle*Q_763YA#8>Z!r6$O^Y zH4415-PCfjhyf;67CC&aCQK|h|6XMByd62P%);8}f<>E5lBNGFC)IbYral-hR z;o}6*&%vZWZ1c(LirH`?7&tTE?q@OmBvJuhfZg2lmS!h4-qWrDGtexiAap!|pP7qC zU~QGcoXl^Ke?Nm0`O>B$<>Y}UC|V7h=<0;VMrL%S-DArf-=(M_~j<>TLM3#Lc#B98~Dw@uPKH&eemUB zsLInx#=VT1KHK!fVH$dlb+>D9oP`y7u3O3~4x!f9Sd>^eV|Y*oSJE|lEME(FgrtD8 zn@;=D13uf?E=?o5+U?Wq=&J)!0IIWaT1wG{N#?-N82N+4gtUk7hC`vZXaSp}<|XDL zH;900>(=BdH38V1WRwKd%qBIM!Ln`x$mOOqGSmzxL81h#R!Sxt`|9*fM8SU|cJ z4!->J?3^N(GY_%9b*Vl;Ry=gn@4q%Y7cB$~PxAxIrCnvm`6#13Nvy(+C$xn;( zHCUP4AtG&MV!+7>s~xq(VVx((>>UF;X_)~lI54e9Hk)wdgdYzoTce<^!@;6j0tm)bL_dL?`1~;U zkei_}UW%Ol2cUx)4jJ(H{Ymq0iM;P@?nm+1TVyOU63?|~Ctaox8pK!(uW~(8(u;NSxQPAHq0k{zjoW}3UzllOpUJ0X>)cExi+iojK}iU zcqDb^HXkiwU`xI@{4&6=z~Pq;Q`vdn-V1)=zvwz1`w{A|RTb#OBh)U%(>NVNsMS(1 z{1)+88wbCE3FIJp0VYK}^zv0!o}uH7(3b7gZduRTgQN zf)kx6&T}|tkb-j&FRpdGMym@*v$Q|Fu>?Jrp{FYj6vxkW4fDKU^B9iF zeZE9WG4qPU$K& zCT56=kk!bkN>}|UWFV3JGegLT)Uax*(7Vhd7=0u%Kc)E*(u$yK^h}yj$2wzp*!syh zptoA);}G)LW|&2b1jBfJG7d%;znixV)cd$>=nQ}JpbemJq@pX@IM}Yl;5j+L_h>0B z9gG8;u234$9MHJ5rb3Tbt*dl%Os~IvO|QJ$jwk!H)=4D_`*Yw@s%Yj7MNj$ERGF`a z&?!B{T%TLA2$($G^I)N>LxoaNKu>=D6ByDsbVZh~uFaEyU|c;MT3+lSvUS1aEuQ1$ z#njBCHXV^K`F?aS>bA``utMeUdx)}!1!WTdS} zv1Qhy3C)wPZDOMYJt(Y-9M(nZrH=OXa*)sXFS2eRqqI(h0}(OJ50$Hk_S^HF+8q-k z%=bgJU$T*^v+_mQvyCRL9rm_!lAaVScEOXd`NhOvca$ z;U;*>UOf5Y@tLU`w(?l^1jlFaRsio*Z#}Xx^n^u1zW6cPhfA4*BXLdGQ=x zB;!TzwN9}BYodKjd7)CBz``5EU}GwyH(F5NoIm&%Ot(7E3A!xEcVk@Vu8iuPa|7xb zBC?rG8ky`R{8{C$US~n=f}_g>`$eV&csiCjaId|75-B{(__cP30n!9cJ$d2sTlO=Q zg?^b^r6La4Pv9(ZV~(`C{iF`QfnG)QX%OCtjHYU!wm}mdVugw#YA9#}4pCHuxG!;V zw`j~qztPMvXp$iV=hfwvB@BzyC??I)NCtWMDji%i4K0nY?y2d)j&Xz~q+pc~3v9=x1%3qH{AE@7mi>CtH}=YuIj9 ztgb9$V$ozV47Y|z9_d$eD%t1T+J#8B{e!z~@xy)=BBDHtxtWtU#k#blwi}}wBI+^7 zdY@HNOWm$Cm2%J%!d{02gFfC0<2~d6ufVX`5y~Q}IloFJ#o21XP~0{#95YEiA6J#nn-=<|UWV9nEx-sg`V@C{D&LWpK zh{Q@&U3I=XN66F?;IzxMH;XKq828$B>};1(W$o5!m!^8!b+GTZc6QkBGv^8HJ_|%z z+1?H^qK6S3Nz~fP%Bu3C-K;Bpx_B8|$PFB)Iiz;cD@G1(HhseIAt(j?2R+NA1K*jP z53cehliTTbR?}_=@7M$G@PYvxJSXQ3o~K6|ycE-yA~=&9yoA1F@Tk?iid|v_-7tnX zYznFM#;6Uq4D)Z$f0LWLyXDOXXlgaes7+UbZK&l0>1eHHn62*^t1SX{4%^viZ!tg_nKjzimOZ0OaKkDxFcH>~Zrim^5tew?r z+}myseq`KQpB|>(*qp0nxv|E+fpvX1y#3m(L6;u%imp-cTVPG5(o^a2QZn+CQ6n&< zH0(GgDZ;f~IHTsLm5XWcU{Izj3Zco0<(aUsfA7hY`mPR=jzZXq*I(EyEtZwx}wr(--A1#)2ZU%4<~B)Ifx20e0(bJ@f#2 zCHC6vnr20RJ)kBs9ZZDC{56d_4zR^jt??sUQN3VHeC!6{Dq6qkHd3vi9Xm)76s9h6UdJZQ#$OQUC1qy8!L;{v?5YE zI*ZAQ%sS)Pd?E}MoI+~|#}zfBK9{Wwo1(TaMD+VP08DF8Sta}Tx-8{Uk37XnZ6IS- zv5U^(crwvHsMY~=1%j9?sP%4N@m;!2_5Fr$e{goE+ZeL(H)CCTW~Q=N=pY6>m#Y!N z>=qvTKj~KA+7mnj|CWby;-S_7KD&*%gJkz5p7o1pmw=Uc2POt6!#$YJLQX_fhy^+&SFG}pb3Lbl&Z8GYB)XdoF09+MbA_LCx-=$KAU1x z_Z#)}nf@ab{R?9X4WHHP?_Sjai_hc;DMc{G8ob9p1H6aobqaXJz}o~~>$_G%=;wO# zya$hiVV(s7q(ksU5ZV;+{ruM|Rau&^_E#<3F)Lw0>5e zY|&T0ahhD*)=z4h8D9_*KGAcP@tfAG?@cj&=HO?F12t;$^K|B!r&N-erzqaT<>b1) z_Y3#ou~ecgHs4_k?Y_k}z4vyj{?lZu-X0^BBf>5U55=e2Eiu{eM-z00Ul9CK4Zm#U z!y5QueDDOj;RnNFaE+N4YNUjXdzrrYb?UOzx~bAdaR{TsnCjh<(x_1$iYEE>Zx*0#v|)7aFI;>->hGf>o0 zz{O=v;+B2qxov`Xx1)G%3NpiQZrMlI`=fxPFY8g7tw-?NYKY>JHlN&(@odJFL#r5R zASMPn_2WP5bq0G=5|0&-?-yk%jh#VaD%*&dVs89pX~yzu?^9K6iM~v&laq}^%r(?< zKgQm%OBjR$dS~VowI56L@e}aD#ARLj$=~P|YHR&NryX3e*+HX-p|nI%rrZG**1#}u z^QbdXLdxA4yk$l>a9-yi#pVYS17i-nVaDKn+T~Z%E_=J3IW*A3I!!xLkY?7a_RI-= z{Tmonk5Rl6!$67=10Gx%>D0`{7xfZ3kB2ZaEs!_H&q1|YPg%#fMLyDqq_BQ?qUK%%|GZ9ShacUtM4k2x==%e&=^Tdr9+)S_7+MXv!pdWM z=GQ-~hO}{o-^4^kAcY|F^1?HFZPp{@IM)CZE<@9FDKEW45Wa=K_wa+rqoYUqEu* z06zV;KP>fMYEhAD9(+cp%hvQv^yfIS^yxpoPBHRX^K!G>>;Q|*qWKhQf9M&VDO=aG zdP~=@uj*JMcDow|e&^8N3FK`;Wc2-w@GOm};&*_IZ;7<<3 z?4Un~h=%(=^^EdJSm?h-ZMv8A6KehZw|9x8AQh20^>tw$SU6oEEb$y3YA z)bu;e?tm1buE1O$(WGbfz1Oa(Yb2uiF_RIbY^rL~C%^Q(9;RkZOWG<1X(G=yMs)t= z%lhtrd`s_kQOgHUSKE9VKe`%64G*fmHc!78BTF^rM~>^i1a8W+|TTr}b<9^W%Ep76!Rt8%&aq(q+|8+LFEmiG6N?AqYHZ8vEMbi*h0geY3_!i{b%*}ueD*EBx05#(tc{p<&>7| z-e*6jC#c!?v5JVu#%0MPoUThV`uR3|J*F4WP3ecd?7z}5wn3Lhqf6~NslT90eKmBM zfG$@#MD^%W0$rXyhUaeIJ37a__#u0Nmu5><)=;6}{FjxaG0aiN>#3?P$kE5)>*C@# zU-w?t$a^p9AKvbTuQ6(37=$ghF5}Yhaj|D!gV&a+Il_WyM#W@!oCYm%sIWruwr~!*3Uyhm zzm{$Y_QqI*{K;)5(yL0Jx|hf=)}0@}G@xt_)E;>%U+EayZTt^^d5wKUs#`=$f7?|I zmTfpDqH9Fh8=cJ13Fbj6{j@u6T-{}B1$)>qj*WRuL=P2HhZDN=cizz3(4~DGx}^D( zSzDk=qf0e&61oJ8F3mx;FTv}OBVy+cPUs~be6#oDeiBJ>oqqOk5J(-PDEiC2r|Bnz zNVC&5u0%hb-U=O4aX`sCPE;IvVt&_`9V;U|uk8+Re^plPH-CrwHtm~TI{&VJ0+oIkhqSiT>*t6pIhr;ku{t4AF zme1d_q?w;j>IW|jD1RnT4?n>nxMc!yPxfA%p_Y${cJ;?9;LjyZ|7^l*H%q%Gb6r`6 zefe`&KhMz5-}w^#>}=Ire?FnN+81>;sh{3_Mz@9De%p@|QDctWQ5?jrV`;@X%CE}h zpn!ufoPWoO0CF}V4rw<1Q<|IKP~RZVNSRgo#Pc;;N{#6Jn=1-s6sqXHMpbaYSUp2J zyy+Q@av(Nob8rX7NyzW>(UoD~`_w|5kebWIHeb0NgIdSYr4RjcBOgA)*c&4nZ;kX= z%ZugeHt+sGo*IgSnxTK=b2u|yUeai1mphc(zyQ0-L2Jm?OKby+a~!f3lYEmy&u}UL zOj{s59*c&0uPkY>W1n_7Su7#XR*TJ9+uEhm&PI}dW^>`N-t0D3uieHeC0yh9ps^xT zPo!Vbh50`Hm~-rj3FZLnkm+{T+Ah;4Y@S(^hwU$H8YlD#`+Lv6!y4U%%jCR!KF>0k ziFL)(m*Ty10sy*^4$bUA!qFtiUMd4`Epu*2tPcq}vDGb8F1doi9Bf4=bo%jAu4dRV z(!*PgvQ%WoCVJ|?IqK8DFsvVu&i>^A_N{0KepRhF>G{KL}j{ar|QNtl3f5 z`Y&kmGWh*$nbfEp2w;D7@Sdaw+gEPUu8(%mmsi_v@?w<`JDL zBjqXw0vXJyRU3!*{!y1-7}AfdpMzK^kmG(Fn@Z|y^x$)!P$~zNfwmiJy0=niK6_dv z$on)7WmDG%wKR53|L}vW`qTanbrZ?DX`Xd(wA%&2MhQN%2*Yi@hVJNh{@sff_~T~6 z_~$u1ANWL*zW%u)EnmK-XIs86TQm*qcZEW$UXAGMDkSIl-Au zP*ByVhd=X0J$a%)PnNDKhc(vpNQ&WMi@66qlKl%j9G>aaO7B_y>5Cn@K7i9NB^N^M z@jZTF!sA>Pq(p$TXVBcF-M$z4iV21QhqxI9Cv+cCqQCc>$5oF5u+``c@eG>}E4}A5 zbm0|!=V$$l8+IM`KCps!#qmhc(=GQ~_}Tu?lOOxSzvC|r5B|l+&px;%a|<5dB*SxP z8-5nKYMCZ7(c#mTmVqNbdjL~TVs3xRM>ob6l!Cq-oxo{tRB34?$|-w54?TKDUw@X= zuuZhh#p#G_8grwQ8an$rbx$YtR~#h1L+WHqUU&VnUOJ@h^-x!w@tjcQvt5UNmQ5ds z?IV9}5D$pL;yj%=o~JSl(E&~~%`oL%KrmQ%|M)lY&K{rE)m9>RreSm=DhC%W2WU6R zV&8ggSG#85!JxN-HwnDfYeaBNtY`z{q8a!Tmm`6_@Xvit{BSqkd8`>c44f%Zn|LCx zEfWopQ=pTNS<0#)x#n((@VPT1fOnUzge_@agN{AQw7<3q?GN zAxPXQfjnyZpfqKpm}EHd z&0tL6pyS;+vpO3@7QVx3VFIYfW z&gvCT*DvAayj6SZ5ZrDX3#&;H=AfnYm%OEu7m5DDYj+9HfIueWr*xIwcSesOjQS~n{2p|iB9g?k zv{VW(R@Pwn3NI>y6gl%Z`gCDv*ll8SvhmEVs!>Y0bbn(%DYzzekw}pR_PdUUx7qtZ zTx|GRR7n``h|*J!D!;78;Wq|;A@GZWUu2TVDe${Ki~(ncO$T{YLwLXCm5}4SHbFv$YOBbHJu}1j5izn!G$Bf=)lNvuE>RV~RdL9fu|bNa-aefl zjN_LBewDRKsWAL*;5j>`^HZ4$=2YnT$Bye>4ghl~N;q*5k0R)~0ww(!9D4CyasL@T zidR}c8@!8ai(23SZ5@6yx+G-YL22YvfgSDckgx}${xA7W42F%1H$Z!7;YFqp7Ec|9 z7=@(S(&J@zIW)*DC{*o(4XlCL3XF6U<W6Q>KW7X0FcBv0<-oIu|i{OblKwYP`xe;A>FQe<*5wG%xEs`6Dyr16$D4HDi5xZ){TgILJb`>!#gOGE3Za?^i+c*@ zHAn5UcZZkMIzqZB=RIeA+_z)5|I*=RW5@rud4@&%7>?QKS)~}h8=6wJjK_29K(DT_ zX`na(D?4c%G4N%dX;K5@Q9DYyr%`GJEE2_v{t?7Vm0GZ(lH4F3(ilomdi_L^1k;Ip zz@gxHrBupV(8DHae1gp#5gchHxfIL=-Z9eFTqT;Nzh^HzYA-aRL|2bZsFO&p4P4o5 zud+2sjf zKA6^Tm$8A(e5u zJ4-~9^iL9jK)Q^XLFn?Px`TLB8(kO&GX(73CmWd$awW!LoyfRF#-ST{-!^!C9z4SF zb?((Sw%~Qcml1YXsd%UsHWIl;bV+RTJxx!|XfdNf<@cuR;p0RoWk73;?NjJvV?7a~ zZ(sxAZ}slSEH#5~+nOBfEfa0*9}W6~-N%+%~xZ z(rC|PP`*wLlLgYg5jB4Ncu0zY0erZbU zRnn>I>qVZ#7Uk;;sG&APWkeV_x^zGnbkjwPYJe`}*VFZpWe$Nkw8wka3|gy; zL{fEL)0Ooxt#_>|lgMJX2}VyeKFh%{SMlHp-9yB|H6nETOddg(+zL|5L6-sy8rLsD zhaBiqcTAN;S*iYyXU1u!IMS}Ji>dl6GF(hp&1a(K0#gGz`^p>Y)P#H; z%j%(4*}Cn;z|9RPYn=UOR-FJw{A||khNg0yps4Xk{kLrPVaYPw@ik31A|AX>gU6g4 z1K!9wya@fzzVf=VWAIt$GErfym0R#g&xoOL#j;wUg9kZ;Fo#gn(@ln&lS(Xx@qQW| z1V=~9>JhStsxl4(v#9yA%zltmdTlr-EQE_yci$-;KV7GX@Ad0M!79tR6%( z4KJ&l1LgannKM%EBM98S17ozS?O_TXq}{$)m*6$yEfd;i#AP|-7I=bjTrnp&>Nr`{ zx9Nj!Pr2(6W~etCL@1rTby=PYa5hX|8s4T0wuk!rPC}P@=;Bjz0Y%@(Ft*3(l8(X6 z#xt=$vgfglKV(16i0Q39?wQ+&Zhf+6n@!q>fhv$sG!%zSS?qa7NXNwS3pN%En)%cb zD`wx6O>`YjB}*Jg1`_~MK&`(XcyNYg*71yQJO@C=D|Wfh1~~DB(FJ=$COUFHb-~i8 zCpr(mv~vi(m{zKW`xE>UQ*%BwmlAX#;|8i9GL6U#4$tQoZ5)Vbr%v)J<6xJ)8kuf> zc?0c3pxQjjDP$gzdYceg_0g9s~w{xB>6VNM_Jx74(|E}wL zBfI6nvBvkdf@OytV=BKvb3E{xC83(AyZ#< zGc}E4Uc8;-UvCcD2yJYDFKb73J$1kyu3{fYl=Hdk>bXAV4%LiD0Ee9L_;8&}6$``H zb^Uxu-y-d24>rdMqIs7`d-d*5UsKlVfYceGo;NlQvk}nGn{mR;iD`2o0S}zvuhw%x z{pBR^t^yC6$BMyw+2HjnwhuhxGMk?^Z~1VGPI&wn#gPn2tAfTFYLp$*>0@N_7-WCd zAJyn02P2_;^!YsHr4;e|1DXkUYj}BFox`lr(Oe?8Yt{T%gHAS(8K=Kf-F-1l&~BY* zqZA^bj}>mHIb%_M*nKWy>+7^b9YEj7q1A4BZR58WMGq@$k-*Q^?+j`+dib4c0>1$w z$ND_{*3oA}>C`-8U29I@hfdNtg6$Oi3ONvR_|>y_?(0-nFNeHKh?h8i$BV#^^t!#+ zNe#a?9K50%)JbisrHll0sk==(YN=Vf_7P+tYfyG$k!nv=s-h^S>9;TIg4IQ|$X9Af z#<20_utpU<+M=e|0QSKt-Jr%bX(L$M*rVi^tFbtu@;r2|(5m_`w5yl-V9tFdrHpa@ zNwO2I=rQzpW3vv77HbRe+2D0uIUCepj4i1n&eyBMJ$eT|%UtUH|Ji%*D7mle&huMc zRh@HA=!8aSBm!UnL4Z-DC{Y?oR<`A}Ebn+mw%7KY_0F#MkKH|c_MbV&$DWE|)#yed0%>XY_(!5s)vNd3efQmW-wofZ zc=wt*W|^0*o5!Avg}rDrM()}kw>q`WO;sR}^r<(SK!x>l#9KYb*YIOx86Cs*=Xd>G z#Rfka4=FOzeXT$Ay{>sf_h5XSB_mzvsi6|ZsYl$nHCN>|1WZgXX{vh~v?Bsnf~pyyH#^bD(W z&XX@GdZtEk$KS1Cs=vW@wVtBC(PaV}CtQCq>(AD2(fWg)$^M-3V*{qGTNCctKEFXg zB73=~xwJ8}3E4on2PQb1WB395@e+b$2tL`qTg^wfzn7zrqn}-+9_pNdIDl{#$KFzc zEqd4E59(0lie^sCs0wJpTONsbJlV}}u2c1nUHa@V zx9IVG7)Q9t`YlbGA=-8^FNZ%mOCj=ZT{v}Fe@1%dt3W=)GV4^eV>j(~>4|-$w7pBa zKLrMCF4b=5Zhek+kMF&GyYr{p^=Fg7c~I1A(J)Wm>s7hUG8n&kYXvhAofBCt;IdVv zPy8wopMeFvJ_N4t0B-_fsRSh=1En>Lgfb|W)$u8{{^Uiqzh;sLTEdiY8s2*7Tet_< zo-O+Ch!Ab!V!Q9{*R4RY*ndmK_~wDRkfZR0_)tbCEFbIZwAaYi*7)% z$AmzC-SpR|*OUG2I$Wn;`=2Q0%O#BSFsa14ZN>ZTG3DAK_UU`E7y}OmpTa?%CqnHH zzT2bL;ViJV_h~mu-*0{dM<4Jw71?7BD|k6lNlI;#KK|)uH5CAj@^{DdlT%%KeTsR* zgC#qUXxGj{{rg>`icAdXPkz{|ciPE0MQB(QI8(pt$LJo563LQZtS!5qRUNR6hfw@t zc7eqRu{zPG`3q!*5!E>g%)$I5hZ5r~!&vn3&oIt>B9#8_2m0wLYAs>>notE1LwmIM zkw*Q-7ameeO^u%Jf04|OX}v}iKm>zVXbD&?l*0W7z^3n*(6_(#6TR7rf`);-V$VJu z{p2reTTvqi4;RoCpSs#8kUGQEJXw5Kb6lSv4%NC{&uI(udvw$MdNoJJhs|#USc-YG zY~j?5p-3*XegWW7_7vfG0tfs5`fe`>Fh7fn6-24b+k)5Hz94zT%h13#}3e3*S|96*GNL_#Ie|}P1$`({IcT88u z)AYS7j}t(!s*e&3P*@1$j-NbipxAtga+IxIWP~2pp$Do}4qQb+WLjyf$dlv!`qQ(M zdix3v84OA$SDbu~p-ilm1AWp$yT@n;B+m`)rmnRkx{ksHu2AsPAF5YX8c~Vg`<{-q z59-xfpsc9rkOAbF!J^s4&{FBc7*Gv{>|W&9eXXZE$M^)k`5^#5aeS3uhbhHO_o3T0M1v zOm+G0VWK`tJFD=t;I4f5|P~tA~y@=*ypfOnb^J zHQoCn#oc3iXNt9|ZK7S1D&w^K+n3aOfisj#?Q#LI2Rk3r!Io_O-p*l)p!exN|A2ac zD8Vk<_I+Ouj}qpz@&VCWK>_p+|7w$R=I7M$*Wb}g-Q()ud|r;)Sz1fh1GV^mZ?9^A zQQPzSD_ZTtI6c`*O|4wD_B5&#XtIogG>W>imh+ZD0Q6XKEzolrz^z^7GBK#vE-dMt zwjlBCdD;pezhM1gAa(uqZ0v7~_CH5||NTBy7nW(yYp-&VAd?FN2=|k_dQ2%dZjVrC zdzMJNr9q!M;TO9EuC2i@Yd~84!+^&xI7?$(SS%|0dVZmW(@Px`>HG@W$r!9TSHrw_ zBTwC|zmDS@`kUC;-x`-x<^-PyfH<8Wozz4T@~D(cH5mu-NWN-zm+Et0ZdTghkY4M> z*+$kRjIKFqHuW1Ehhdg8*yV{4oq6e-I*&eO0ZnEEX23+#)!@V?Jt4t?!U+jIs)+#-ghx`z$}>GnA_2DpH4%c4Hf zvN~IdlwAv83?f=RZ&me$=xUeR^dG)Apn*9q|FsY3&?80q_2+Q%ZUHJQeL~}ivyeIG zxX{h?oFXI3r>k$;xlQd?TL+BcW8dgcuEW~3bx4NQ-PNM==Jj>BU4Q@32X82X`>hx-p=V};9{Om5zWBQhct?hH{6D{{OPyS%34RG7mkgHBYL}Y6OCl!^x?JC7 z9sAl`4!#ZvE3&+p#3S zgaMDhsPqOM{>V1{@^9@?$$>0Ad1^qJ7(`EE>|Z6&Ylc9O#eS*n^(0@jz8YE52sKSp zd}i_`f^+SfeBozf0h^oEY-DdQ;D}1cfN%1}0;D!RcE7SGyyW#q{DdyQmh8_$+PRO8 z{N1hkvq*L1A;uM>t=F&j>6t)EmXqbcjZ9r#1M2M?ad(Dvcs7rFWD)quu|;GQ`+o*# zz5J#oJ@~?>^yDtTo&)l0g?rb@!EA+xsP~dAGGdX~2GQ&@C**p6p0vzb?+<7s>#yJX z<9!B&PM}T|`u)=%-a+6(k4AoaO091%s5j9__A-&q$hcI7tvC7&U)`kmV*m5c3~O$p z*U>T6!n;fJc?41VfYnK0kh0C@H+|5xPrWnsoloQ=g9QKNLzhBot{7eBpvx=}Rt1hO zpVpHtX?nJ}o%7SLlLI-54gt#wUHHfij}7wP$7w5Q*#I|tED*^)JF-N!8ivhKv_^A4 z#b=K#>Oe+20hnWDd!;clUUNR62AiC?M-9$en(H zT8@riqACO;?xBxBmz~lxML-ckms10vXh4@-ql;Ug;wt-0>g`o=3A`lDk6z)s=(GCP+2LK@XQ*KuS&|*~w)9l#>7_ZLp=ONFVrcp3<&h zFZs%_E{@Exw{Yx}C1~&WnZV{*BamT=v;3W2=`4n8gJ@erhe_)LG3e`@-<*GT@9^Y2 z?Yw5L?cIDy&F`lDarUS6Ueq9t){Xt4Qrts-Ne+t=#Otfo&OOcg>=(#BBPiqCe?6vC z1ed(EfZZ@yufnQ5`XFcj7eDd=9Yimf>wXzX9|A*GYqfRPR(+m!8NIao`pY^^aQew5 zpajeJsG{XzJ+~*We_J=K6Q{fNhsVZTz`vh!!Mo?)4Q1~3y{Y+;A?4em9n9}@U#L?i zS*vHi{sSDnWMjJdQER$tw?6m+de=vu)xpeS&D;EdHNU!sfqqxBKL1N~3R=6rvH4Bu zEF~1=>+z;KRh<7F#_c?vTC&Vz&6)ku>0oiK191;r`=m8yBu9c z2hjxc z0ujP%1Xe8vRF32EU`?9ddG)fs^2b+kZp|se*}3z{=XLl)A0@aO9j^s_6sK*s>8!J( z1aD00tsdzVd>u8r0JhdiWXHf@TawQ_y&U#i=d+|1!J-hTWcmyBJQoOxSjM3oLRB-B zWaHxkYx%?K!YGi1*Y$@yn4-V_4gE!<2r^{MR9~Bp974z zr~Ao(U&?lR872#+jiZr!qxEG0LMa)xIzK|t)r8)Jp6{gSY4hv6fG&A?ot{zb6C3Gy zN5k9jCYK$>@77X9%1^M?mVx){!3necE3d@U+<6C-Gd$50yFKi90G#r zn9$q>tMCTXwW0(xBIOBewo*Y&i2gdB3Xj5bZqI>*i=8Z zRiAnOc|8Q2e|YdUwE**d?JV`Wz2C3SM8?eS_jBH(_G|?RnLr7QhG&6{AS>iFnJ=W^ z2Vq7dqBl}IFnKRt%s_ZdeS}O75!n?13M!5>Yr(Z6m2V>dUE2*4;S=G~l4^JM6cLc) z@74}{XWE6Kp7Y|qN3*}($C!=~<&a!P(OD$QF};{eMF~(3)T>G>uToJS(JZ(jTdHA1 z-Z!4ZfsR7BOw`LF3Zxa^GcSZi4yG3t63vzmvR+Zd4-gRxXt%i-H&U|6Q(;&Yj73(QI!tYp1ZlW_Hu_j& zG0G~buHdH6l0`E%Fs1<%RB}vtKbwZW(lC^nUSUdIl(DX^_m{0v+ApvfnUYf|Qwq~& zdYOg+kN8odh+OTs*r(PrJ?iQnB|1L`%-1oEkO47AR9p!u!$tI61btTGL^`KutFjVD zUpi6O(-Ru)?j>r1XdfaCGjlPj&@M(~Fc=1;wj-#Bwh!cTabW%_C2R9oZvUH8&=3%o znKnP#PoyXZ6JF~D983W&P?0&XQ+vRn9p?f|gs-3MxooiJ3#-Z4$Xp^jXjHE-uUCl- zy1ESQ5Gtz#t@f7&h)&;vY&c)X)ExqdyocRZJ;n1*kiR@VvoOk&J$wVSeL9G3G~974RKCYK4^4fYF+@sQjf7{j_UTuR+hw75I^o zkD-Z#`hYX&oZCk21frT#^dwl(qbt&}h{PnNb|mIb;x;eB(T`dPfPL)ijyZ)z(f7-%~08 z^C**yiFg3R2S)0hduxE<3h3OxBGFvPYGfT+7~g3}-I9)r9kiRgc{^n1If}xMgIAn@ zIio0V%NWH2B}BU7w9Q57UFjIm88Ghq`iMvddd(n8)6l+L4Ly^)x1IcZxl%}Yi=>TZ zP}8nj^(}R(tSwVXA$u$h_=Dqp>SUagzzsRW*UbbF^NU47&gqtLb>}e35xHv)tPrx_ zUSNT$8b1BEt&w1PAu!uGClA} zwRTcN&@Ki8@cb|ii$1cYEt0io1X^d1QC*coh6*$%yTnhlbY5*O89TrUaaN5_46EPp z*r}_NMXk6Z>#vFah)OK8{_5!uqt`r6G#~x#v;HtDMYtFYl##KWA6Gw$wyn#}*x_Bd za|6FDZR8hj`=JF6CZZ4=znD=MtJAeU>|7zrkjUNe$`G(LQN8%xF=enHJAtC;1zO4= z;oM=ck;mSxKR721+It2@bST24S7#Q0x5-e5Nv;x63BC(~EoCY#0g}r2qmIB6bb%G@ zF{X7{J&vgzgJhD|aCXiNk1G$OW+r{W zd9?E`EfEZ8iz{Rs5B2Hlz^HnL$Ot2IB9_yujN(%o$yrdvIP;}Gk~#ML=-Fu){TIkw zpE^%q5PDW`-xL>M#~Q%vgBWX-(yup7(D53)iPJ4WhR-bL(fNTn>h2Wi z06`NA)B>HoI6#DKvBs-I)a_!utyU`0>%sh7_IoW^Q(II@=41KM1yxgXtDduGk?c}m zyi^Z9L?$}*g_bb<4xm#GqY% z685$#HBNt-gUqKT#nM$2u96&Qh7tZP2qCy=&ubf--=+Ze?rU{@2 zvkQ=2WG@7ra|H@hA4F*@nwy@~*g3L5&-SVhhjC~$gF9l78ez4XjufjpdtO`0gBTBy zq3DBg>N&-!*K0u_OIWU5W)J%(!JWtBYctXz8;!5gx7S5QQqaVSHeOq%CR}?|-~ILo znOdXj0EwWF8Yb97Y{PGUFcQUxvc6q^7W`>J5S#krQ!I4HSj=T+9Lc~_GT z*DWfOY`{xhi@Mm$S_Ac(gq>DW(I7g9p=qvdZ+qIRt90zhR z{tR~O2PX)6I1jWS=i@3?7r4S1>cZSb*SOED5ovCo0?Q1_vHE6J1iV({tEt4#{S-~! z3`*2Vrtk-KM<=PdMZLcT0uR`O=A5vhvXh+5$ETS5JvsiHeq+s{YX!;~Zl@b)Tos z9Pm)L8mANAHyt1SIJwTzy~dd`-L2ulpx*A^t@8X9eejcMdSHfnSDf!F8Tk&XaSsvY zv!Jvr;UzbkFui+vtk$^ECCYg+OE5wpuUrp2-^h87p|pHfS)i-D(RPWtYScQ)Yb5*2 zqsujZ@z%ju-X2?U8{2j3rME07$7{E0vWZ@7 ze_6X#SC0&bI~?A05!uvGDphZQ?ff6dk<#!;+g>IkXn6qi z2R=I;2v8(}rpXjN_+YKlJGqw-aX-g70wxx6uUKVul!w?+r50+AX{Jjj20<&yh^m+X zi_%8v$o`lvV~8Ic$9ZPXb^;Jm{Toeh`y}ZeC6i`(s!KxyL7fb0lmma>oQwY{YQIYBl&HTf=(5#QEt zP9f9jjXK`r(EZKi?)rz^#Siaye;)KD zcCLIN?TQEn2I8-UY~LX=(obLuIf;{QG-^&$903HRb??bj*K#vi;HB7>{6N){v4bro z8;r>6>MX61iM}|3uHP|?J(hZQO9WIGtZK5BJ3;L-G9En^Iz_3OmsY@;X!_3v`rZX; z?&z(X=0_l1B{kGreA6139@bm!V>(6PjGG^Jr^tL<-Fx$avfQe?^itK9-~h7uO?ssV zY<{63^kkb~=Lq&+n;!wr1(Z0k`NfwxkI1&3Ctz}!dkp9s`S~FB&~9abcEdNeb970z zn;_^0?-DSy1gKYS(XM73W#}AbgUhO(UDhCSWN8g~omQs92exP%JeyNKiGG$w?O|#s zvL!f~pbPdx%XSU*Q6sufR|e2ML5cEHC#w@1LR!{I4f+ODOj(v8gJfkRT5ZW_h%*@I zW5?G7ocPgSA|a2jonwO{dN=U3(_id-U&0wh9s3JmeJjwbaDOkEwm8!$4dRyf+IDs8 zb^~AEv_EqmnT|{V&nl=Y)cw^0*-XH;PtGCd(e#$kEvJUjJ%_P<5Nu$!WM@z2^U_lK z^*!*HofCFrG3Q+fq^oiQ+$$g4kIvbxwa#Ik>%)dP3BnDIAU~xk(s1}2y{uN6OTIzx zjc=3_x0)XUFm0ngct>1)$3j*$ zhOruodhe+Q_NACe*0^f8Mb%W1eFBu#95$yAc%0KjuP@Ecb2%nLGrNX#;D^=paEt!k zN9uHRYd+9Kc#Z9L%%%^fuPP^ZMx7l*?r=%9h`$*BOkf4FxZqn&9}EjQ)aJ=Rc`!#} zYVPYZCe>= zO7>?pgpgrQk+|`&vr(9k1AmkV-^pnrA%D=TvtU+-i9`qjgAnJElg343h0L>T996j} zqD5@VQ4~LmSXic}2l|vV!evp^wqS+11C`+iA2^G3_FFU_2T2ZTyRIG#r}Yy z59Ztpa1ey%N%KAXJq>qW(cfS36Gd%!vCQ8hcQA%TaKxxb4$^NYID-KPF_u7_-iCwqqrPRASHRkx85gNwl-xX4i0`-b(s?aaIvEw$d}w?gJ!-A<-|p7{ zsm7b;2R~b+vk$@ULlN`=b(x+%4x|+ILyob2?*Q{c{f!`z&;}{y)(<0m5Qv!6`VCo^ z#v3-jxka^iUshjR2lFF)+Rcv(9Ex?v>)%lqYmEgGn64TXH(`*j%~t79H<^foIs@i% zXVmCvhd;(7=(#*u2tA1&L5Zzo-SaU>`$u{C{o3d@mw$PF{wToyaSnN)Zz4Uz6rY?? z5Aq{e!2Sr1X^{*0iIa2cng-UZ3{V2#R_vM_b5sc~y{^MV^>TQaLt|9{y0gRu148a&&{{Fw*zTF?uZjmC#OSD;_ z*!acPc@-Smsi*$cr}e>5r;fgTOy57=uK(vXls#len#nPfHS2QspM&h2)wX%q>j~f~ zN@}+2sZW1Ik2U$Ucjko7kn#Ax|F~bB{nR)~DxWu%KU|od;UA?>8Qwc=9(EJ<0YhSs z(jMy2>lZcnw6v_`rZp;;8D45-mSJ zJy&isqfIZFa?RlBk4ysUvRR?|;Ih~mGY>c)He;H7ZDI*m$8VOtI0G^FPNK}#&`u3Mq4kaR=mHA%pdH*;RRrpfAURTA$Z9L zTu*p~n>@iMndpf@_SWmLPS?Br;a%6kyHLf~xb()rd1nauxg(|m0d2WUTe1>*s&PjB-JSZ&zvxy5 zwQC;#w-0KyKcp*M(o5^pR18mAaeIR%$|9I4gwxUV-2ikqeKFJE*2qH0C3__dE$qMK z|Lgj$?SFH!C%~Bx5CxutGsWQ0>80@=lfn)NIZ!OzaN>&RQj^zAo0^`~!uK0$pxKh7mzG91$G0l`e}0l?b? z2vo3I8{7h%QPt>@16^{UOXNDbSYd91WHSSEanm8~Ke8RZuF=j)vb*4GM-}LsnZ3e2 zWL(2!S47#9Q9j3X!5B^}JEv#HX4H#AyxQpEAK~|5y$N0V5=8M=Ll+Pp%(#WEl<(${ z_4vB4XFw;ui~iX@53izc;;c`@;bwsfbD$p-aM8@l!{|;eGamtNCL>+&T@t^<7R+ri zcOKoEuT%0R26XqzJarjPbgBD{$rtWk+*fWbU+B-AZFkvUijmAXZ2XW%@K)pD=W$f# z>jPC7{0V6L$F8U@V1SO`1vI0P(PxP>Y!W$BP}Qs#4n3|SG8uM`{8VqAY-inZNHhg> zkG-@6khQ+3wTsh4Xrw z2=`-M!l+IJJMsvBs57>B8wlD%WM{bM{$_eb7Bv9tA9_kpK2)#IK0xigJnFL%@EQaj z-IshmWcxI;I`N zuTZnu=rX6AZRupJl9h>0V*QxY)o77bVdH#SPd;3y&+P+l)yByg5F{wk=Ns2MZk$B* zPZLRgPvb-nVwlm$4Dhtn5W147m)~g7ll!;p7rxkn!5N590tRCkonnKX8pxQ|rP*9y z82?lm$gUh2B8og1FVo2kz*e)0ayy6{6R>W%Z_8^A2R zgD%WxN7wf|eKK@=;BN1S^c8rOz_`{?>Z!eh!PJBI%&6L-k{u8031F4~^_L2%0p6ki z^RL^~I*zQ*$yNQ{L;BD!en3a6mbGi)tX_JpO@HwHA?0m-n3{^8(qjj=>i^hZq!X`P z)_?gM#=?0LBm2qBL3i?`=pGGEV<069zdhUW+0#Vif8y76sg%Iqc^smNi9xdKfS${k zAqzMMI8qB@fzOiDOZAnK69v@`YI^K>J^Wyfo-Oaw#g2acT}MopMhFzLyA?<4MxJr) zI4@G|9-`d`%4m1BUw_+4*^BGiSuI`LABDA5YCQC)8Y<^h4qZD22GtAmFK{LyU7f8d zH8%V147;3Zo8&HkH`|a8o0xl#6Z|(nx7{1=;>-Kp-?bWLzz*-IL4G5HJAmfx7}VQf ze@zlJ5(E-E9>y^dx~i$62Aw2fq!BpRd=M7$3OP8Zu;IYFO9b*;5TT!7zg&W20+iVZ z<{4x-0q}N5Ll+97=VY0q&zz$?b`5zyAA^jwy_5xPfAJ3NXJld*F~9T7@5Fq%rZ>!Q zZMB2>H8MY+8mUR0htir?0G}{FJByc=ab{u{vtY)Y_4!dN6kRQIeSW~8qq|3gOpG9y zaMPI)!@BQ=Koz>+^ytA}^&WxwM}fn*8iOaL^L z;I$wQFU!&_EFn+X>=4||OrPh9020QyTCcY1O4kH1t>}Ce+%ci~;%K+dAH&gL4t(xo zPQPFuI$Z)nVR|>Nw=ecTO9o%FW~slK9J9Zto>V4cjAW4&0`JcL^r|kt!I_HV-pMoc zB!=$RAl1gcdwk76-=#nAbY^@wztiBK1W5+2MiuvFZbRHb(6#g6H`XZ=B^Pd7AFGY? z?)fV@JM_RrT2$j?D_>|`Q5E*`$A4vqo*p`-qsM=wufN`}uf4q@;v}%6KsRjRw(Z@$ z`X1&-llyw^l%BSJ?y)toAMHB>N7LiG*-g+Z?LQ*&?7N*m4y~7SlSNgq7?|b;{)OjN zd!BlXy))`S9)|MRUqEVticjVju=v<--oDJ;XgZCcKOgeI`dRPY8^e8mg>~#PweRQQ zF-6&g4FUnHU_Qlh8;Kw-Eu=UoJHR%u8>c%QjQDsH$>x}w!D!e$i`S3WGYgehTBxSR zJe6VaPJ3V4&C}nUrd{m?7M}4WS^j+_qPOy{u&&LCp7K#Z>$j89G!xLonHdcOOI1<; z^hH@72L~5IE_qRNfFP$L5sHQua8N&5uLFCDfLR>T5LqpK%iySja~h-eL?Lhi+a65Q zJQprgjjRuEUbZp4c^U^^Q^;;JUDuE=_P_ht+bMQIw14&)sn2mQZ}=!)aWr)e?M3(A z4R5%~kJbjwl(#ZpB2i~&i4rvE5U}FyB~xw;A}EGrk0YV|Y}9lghG8E?Lsv@FN1ARP zHKZCIIZB-+3YSt)d=_5Hs4E9zWQ}O+N$Px!lf8xm45O;+?k3~7qd(bvIAjd2YYlwa z`6;3zhWvatV+Udcqqq-2?G#v|K{Dwtn2XRhgBG6kC^ao+fedrm23%lqTk%=cc%h~M zC_)%e{i;HkrgNa$UETz`4cH292nd~7~tl?_}@4`b2j12bjxhxvy3bGfKagYn+Z`Qm`K(<%UXdSSUU%i z!}=wlj}?!!3zn_A*Vg72BjS$vQO_bwy$LS@W5fI`PZnXEi-9?SVJ#gaOBRl-Rca~B zg8%R6Nu-8lt;DHO5TRDd{35k>c%RWT1LeZ#>4ebFKw!FqkxPzU4&y{u*u2f?;f$| zO_+9MPr1nYITT>u+p0P=HbV3l%EKz}@u5J4$+QS< zYL`j7ag9;4B-L)awHr#{d?osmJvY?as|$048qIk zW^&=?14*498(%d;*8M)VUrZKSW`x!GFvE1_DjB!P-8pJ8T2zzC5tF;I2(pxDwRz<3 z5;D6Id7Ob^UlcK2CgQMn0J%|00n?*TsJNj;4P>n>pY+x&w$AFN#GUr`FIdklugj9v? z?Mw}6w2Mf(u~iKLF%hT#RnClo(}OD8OX2f<%xRH2i=4j!tc+Wl(^QbXNT6t3uzD-DKE3hlX3Sddhd;2;6D%mEQ@2AJ?_xAFS%;V*JM0Wk1IVtjQ@0sCH`}(d$H6_7Hd!U!_JR*-Hh*ik4EmoC~Y*MwlY) zah#~RmcjOTz4kWaECOb@mmrK@^tuHy!s2T|Rcr~UaUX_OoFl2M0%I`SDYjiKASy)W z&N8}z)iSagIChVTat?78YlZ4*${Ed-sf@WG;%V= zXIKQjIbf2P4EMTyc~`ouzjN~s_qrc$*B_K*JnSb^M9`1YLbDie^E91VLa<6mHSsx( z&RE3vB2^#)dN{;hg$Di9E%f2U%i=u9fKI53T4t^$e@r^qV|&bWU8A&(AvF&B%MA~& z^9J|Ny_YvQ-nik7{K4MGWBQO*Igc=qxQsTtjiNtU=J~<`PIELr%k(f~hEoEO9RVCk z=Ag@tP-ALzT3uI&mM3V7>dc$=dzfsok&Yf+ounQO1_&$GY_&lL&Y#!G)k$TN1z(j# z_Eh?Il^>|l7pkdCh;u7OHexT1w9A7;$$}T-qT}7X7=umEW@Z21lrFr$lfcP^6M$!Pkozmau-QqTa8D-5AQzBR!*qk%k^@FOl&O#@S+Yi8{Ji z77=uTSC=_^ayHV%^=gCTQ=s1(kbP6r2IIxPCo!Xwg%L za@3qPtG45pb^1)NI%XmS85qO(h^;Z52K~4cgIZ;a%FxA^!@zux^y>J9E;6CUHPDw( zZ8>rQ170?aWeHGhds}K`6ZFH#9!&PP^WZK$c_{Z(-yL1ePLDR9=N0E>>&ffMFy$MX|O~;7`>7K`FlX4T| z?B)(OKL+~5$@9us98>mmHg*vllXwmyBV@_;k1E~_jj91=23ca6%nA^f9b0>!@vcPi z`huV)hZcd2TP>l^QB{kpjkdhj16_c5x?pqx8K+OGtAQ3q7rTQK4+=@VC$%Vd(B;kE z;_V|cVh8|4KZe1Se8g|cQA8~PnDd8n*$!*_9-5Tay3H0%r3vU=Y#`Ys zK<<~TmSEs$9kS%JQpF{l%Fs~FMQYq%r>zaZt!A!y?LyWL^Z?hcOtk^p5zvtMtWPx^ zU22CvJE>1JI!`79b{Lbz?>5d9IZ|^p`GXYGDwe@z;2aa&AM6asnlDt0T0E0LYbNUJ zRZ1q^jiwYZfYIr6gqK#clx|XPrJX{2CyK3TRr#O->p6{^>^!%rS=ot zVa}8w2K!8qk|OAVa|Ypz)f$O~EZ}@X*INY&Zl3$g3c=td*h$hsp@?Y&TU#AL2-L&O zZU*N2S(QGppqZX8@B^MC+pX5oi{}5!)It^Y18EP)3aU5ebcQ!FoMWV>z&;pJv)(g;NXU}t) zOI8n>h&K-!jx*Qpk(Tk}1P*j^-#1h9_WFx8FgltO4Ecn;F2+4C4TqB5o4s}B^EZEF z^0&L}&pyNk>b~1Y81vG#iAKkzb~YzTWPiGk$J1HkAnS~&=kysJUmlWgh~xokJ+I~M zRrBFy{c4kC(^FS=4iudc0{_X7k8)=F*P}k}a()}fo7xX%^JISJR5It??d8N>^k<~A z%Lxyy_*`^c?myO#{cdinAUtKxE2qpc2s^V}NrxhQ2SER&b1w>GH(i`TrV;oj0{7C) zW}28G(-`@|KFUH~r(-h>qWiqpPrxpN9^-lwd2g2f-iB#o@oHQ_oZKeWQV91;)SNm> z&8bZ_t~fyLX6>h_xvOz?ni^Msc}B0{9gk%-(r&kFcSEhJP3^jL;dGn+>@QB!j;xz3 z>u=Y)v`g01vKm)^bzX0Pt+|NtA_lXjsCREOzmrx;Mnk&Te+Gd-#vafxFa-i>@W+D~ zC#SXl7fKYUtB`+!EEP0RGXkQKVqgPmuBcAWKShDh5(*^#-Anq;$xdo@q-kU!4+V&H z@<(g+-&Sr@2_EeTO125I_nzhMWUhDr9y36Aqh;f9QOLBqDV9}WldzYJZv1muV#a68 zEY2lWL}G?kO4Z#Jrzm%=o_)MbbsvuD!x$yv0bo{gi6lDHrkB1?eUg)d)IVZ7Uw`o4 z?QpGsTNbofGaP0R#gWhDXEAICiH+4}VhV#r=<%IX$%-hO!V^WvB#4U2NGapCz8ucx zgtGcrL83jdojSo}86P%v?_tLD7vORk!2jA>- z>5%zRj5Uk2Y9e=*py|f>Aq_WtlD8(ry|R87iiyt6z)@#whW6mTudkmuZfI)83hxu_ ztI09?v$;VZzqL!gx;{T^#{p}X7^|xm<5Fw%glNDn7!AG8u>~-CT9gMb5gBH5LZPQq zufGk${^$PDZAiXAJL3`i-_6r~zs+FW>-PTlsNHS4`v2QY&R}W_&p~O<40G%Tp(9)Z zIgM}Z0&f58XWO^--i=h?7vATmtrwYxf!Vkh1N73sh?a-))E(WT3NCInW$D^lB7x|E zk<31X{jlE7jKh35mqBZ{G`P84b7`7}=7MCtU~Ij7ToY{xo%koB=<2o+S@^6DJ&3~f z0<~I58(iu-rDJbV!((Phi$Hw&kd-&PAZ?t*{r~I{B`ttLMt1PTK$~9v>J`0N0i4YC zN3?hAPW|S`vNh5-p#SAt1K=|Qaq!PFuFW$uI@l7r+GfaIi%g4J#250_$qAENZXcOE zBRUhMlDiRd7x@6zP9lNh%0Gmoqf(tjj8_#j=$Yp#R7nQMGRA+D7M$iYYJYQ7Fa2Ym zj$fqkJv`(vxjhnH8xX&neg^w^Jmp@u(Y;5HeH6hzS_wH=-M{+t3%b}jrxl$0G1CE3 z-I)ACc3LD|l&p{#GBJYVYV6b%4Q7^V`pIHNs^cml$ittLt{wF&)PR}OxeGwvQoD`6 zk_~4Qp+hnZ67<*EHKM=%^HyE#dbj>knN9EEyi@af*YEVnxne;O1_$9Iv&i_vs|)vD zjmP>xc5vbIaZZ*MXKK&RTxwUvHFIg0^N{Sx+;XK;;Jm1iOlF{p!|b6L#+L;3ODd}B z^shcpqH>D7pZWTWI!~K7sl_-sPsUBSN)LnG|EpV?T*^X>eoQ?`J+>S!Lz;6lXy>Le zn{hw?yIO$kKTb=J2knw*0TVEzMSt4sSp;=tI6aHkXlnA$=wm@<_RpHwzxV91K8%fQ zn5lnmx86q&$^C4QZxJ#H*MJRNE6Jo>AWm3dNfHDkgn>y*%gt3Wa9)cTUBgv*iWWpE zv`ls=Uh8QtnN;T$SGa4#vhlqik2_%aV574;k5~(+%npMv-uaXPuLjNVbln(CmrM}x zpTG!u1wQ#J_FsGdfyw}t-IB9 z=ouY3NNv?mWT-Yeq`8ih`u6Kr)HgXo7LnDhU6&xKPrl`MPrHI|$P}|$TeUS?^zmm) zR5(wBwDC3YKE~J6^92e-t91C|4f>V31|S`Qvty#h*T!p}fz{~X(Zxn!ubLj{=;H2y z{1H~(^cYhm`8pd%OghFQcP5$#A4!--5J@0_VQ+yGS;34m}K~c|f-{KKi_llKJ$DJ0{dm0rx-t`UPqgkW~kbeDH#u zfDs_l7AEJk)>5hRhnkc(eM$W-Z5?fT;m z^!zo9=Oc4xVhq!C2sqwst#(3}mGL27}Pl39_f-L*0OuaB^=SXAc_ z=EE((#@|qnO>@XWlv2kg-z8FgI*t&eX8t>bHke3($!#Go8 zq|{hl=DS`p*8sSpb-L_S`NPy|oHV+8Q?2I)^->2JVq?%HJxLcblncyQYpg}Uq(Ox) zO%AL3xHrxpz8~YX^=8U;A54H)v4%5wwDqT&Y)jLd-+_kah-IzT7W1iDU7@3&&DSqI zzl?)%6-T1+HLGvsMeca(GCBSa15IT75^mX{3iu^+yj6Wa`bV9IF2_228aIB~NEiGS z)hIuNqL4qO^^)p5=DtJzjeEM*KV}+Oi0i&`V2xGE<-{ z6L#|H`f=L*)9I8qp@2K=$lBmyZviB!6Ey~k&O+~i=0*#2Rkgr@6{)E_O#_SBTFt6e zJ~bI@a|bj70?CWt!&%jX;hxNo5D-rnUwToQ@uOs)J)z3H89lTUm}1WMo=(;gvxu#| z?Hao+y2W*8r0p5|-TNy)xX1X+p4Itrja>MNCWy9wo%y8rY?VxWU${a~e4$9c_(32f z323@HWpKyXV5}aO**UnIo72iNt)6%|OTV~%oD9@<{mEBabzu-Fc6SG|&BFgSFxQNB zFi)!8lQ^wDzl|($?lph%)eCAJT-emk7|oidA#3~z^d=A$9^Nvn$xDO!r?;uMIzj+2 zdXSU7u7~&I%Vv6dJtQaeesp&SpJ}v@5#(X^jVNnr&dGG-tX);S2N}&-8ek35u`gl2 z$BtsJpvRM0G&i$Not;5d?cSxsztEs(F;p*cw@uF>Q_we|)BiN1V<709z-b!A{$%#E z^^Z>W;1)Kuxa)%Ze(B=%VgWvJWIxmM=4UoASjo-LEeG?1;q9IsM6Y)9b4u$X;~&uM zbO2RAs=so6yLRibPm*cAaeh>oKlSZt9eb$<7|sPU7P$zL;Txqa%FOh3?l=T9w(Qp9 z8{6eVmxQ&0F4nGpngAeV3)yM57kp$eMF~E=d=kX5zq(BM5(2S-`b+wgp%@c^m!sTG zos$aKdK09nnul(!lKQ+++SxB?W&6~ti^QZIX*TcU^`*GuACl{14iEYda2H5}Kb+iU z|JyiSH+TGbcmKw9R=NA8w`^he8Y9rk(wZ-N002M$NklR zl7@J<9gN7NO9s|P)Y~zmF(PcDC}i>Ioww`hpxzRZ&R)CuJLr!?ca0hVv>PWf&YU}r zx$b}BxBmp!jYX!wC`87tE#_!(El-s&MqLiLvB5>1n(G6OC89!qgYvV=i4H~KC&f2R z)ZjeOf`(b13q)Q8%1lxAqPofQ8R+WOn#x37kzd=@mA}oK+NggGh;ES9Q@U$lnx8d7Hx=B{*n+vC5&KbOsS{7A+hF zHpx>iSxX!-=$SM#=K|}$u|Mj;MBx6oZ4}0^YPi$zLJY@-LEYUqIsM#$4H4 z5(5~Eb4!XjkrxW+-9AOa=m2kx$|UoW?zNR5ZI1Z0~dkhDvMm!5pB zJDMaPlLe`t@BF(p+1SiJ&m%2=<$vQbb6SOgmx%)n7~>M3gF#{k^c;bni|h2P21W~d zHU!n2OJ-g>MrR_#EZfQUg+Wi+e()3VylR<^{5^^`XL#2R7ajJpnne~h>n=Rn=?!BV*&$(S_gJC&1afp`kt%rpGFM9{ zE3`#N8WP$^eYg51Y8qvsn3+cJ{eP1=cr$sgzgiS&gy{9q9Po?O_)6z8I}a3UepNAs z)kPxuhSmF?jf=_IIfgJaST=Ef_%X=Zy2qfi?OQunLUyhob1g8}te}=X;^ZzF81YIB z0r1Ao{60-1Czec>VciL)mnplrQrjB+YV_mOX^m-Vm8?~8`YrRjE_Yh#MESqd1I8ec zvUaZc0xKwWQ@TnGl^)r0w^q zMUB|L<>qCIrE!$a&m!FIf@bscvF;|9Otu*GR_febu``8>m&sjwZ+MQVJor4CTc$w% z0+4~z@+}THqoj)rF!rVsJIB-Pas?!VWf~c$SypOjrH{-6f?vXQz$WCVs&ZMyr2#bu z=c#8fMMU75+Htf*@}QT=UDqEO64c}ja^@DLP06<~_%8i1$<#h_>xZM&&CipcRy!m$ zzh&lU<6D=zkmg<=w+_(O2jp=uqezw2`P#lUN5M5P)jI|?fsct^${)P#nk*Dbsvh$l$Xhxf>AL?-Lxf)VeuFc zbp*du;_%KTJI12xd#_U4bB4f=tnDgprfy7iwX5lAI-9q0H;&RRb7}?~Xy#;}`@8Yj z#&+H>*W})&7dO7~zJE^bhd@>yI!=X3sX5nDMaDFBaL4<5G&;Sc(M2*Y*7w8Rc9|SI z^s#K%2(XBuB{GZ(vdM7UrfrWz^f|I{a&Trf78EK16yV1`v8HV5w}l3-YV_(DXQ)N^ zV}Q4PVz7w;A`mei~XM;9xyW*G2bP*LPF<7CqXBj9TNfIH8bN@CCYp z)mT~KlP&1S1^(E1blr3PUpAiS?ybDR&H}gp!We9Azhkg0PMaY6cJ$i*v#sVXt&EY3 zzW{~qouSF^O$T5txz!BSIQY0QN~KOj*y|yQdg?_#uAmL1NqE(>O=YQ z*on^r1tJJtf@EGAT>?qEn6UNeVtdW{Xa8EwF#@_Osc{#yNND)F2fpqlyCEZcyK=Wx zb5>Mw-vM%*emn_bZ8txgNCgeNv)rTB1~&H^*`H00a$bi`ufw^%%o!Za$OGcEUIjJf z+EGQOG?v|wSv$zJuRV@+Hkr@%YRlRZ~N4`&Kd@m*zE2?XU?$jj(J} z`q(s&JNWF4Z;5lCwt;5k7jxIC(YAft_1M0E>VeNY|JnteBopH;YMP9LP!Rye7MnU& zC=8d}Ip%vNwY;Ymxa?}=G^$j&I#CF)M+0mGAS z*$+5h5}dVV)KRS4ilrM^s+rCy^|$q@Z8)reQK=gqw zZqQD4|FH8l#RXm_8gi9;Z(1Uy&!eTmR~(K`A2b*of{r;mxl04NI!|5grM$SwT3`#~TxFaq_cc!LRGb^e8&M3iY|fLuxzmmR5QTbO8ffzB&2V`HY$-=%IB@WaUs}Y#Ki6zSytJ)Oeg; z7?JPz2@MzLs}m^AeE8FAM@A_8d958;gvOtj2Y{)IP!ET`ji9E3GKAZYlR#+R>+N^m z&wm!MYC3{z4AUat8Zn3V6#3A zgN8E3d5hiLonhW!;WHxbL&)j`dZi%*5Xr$rsCQaZ1)uFv-IiRH0?R))N_}naIfDe? z#WFZM3ejz-o40fSHa)t>uj<&SPXDA8Sl4cy=$Oz9HY_U_V3{*!Cvx{EzGl)ckGgWH zc2&`l^>%NAVlV?t+j=|pt=+?n|MMzKRa&=STPn$xCU|b@YQHWF&ufZ(>_^u!el}WL z=D7v0+CBVs8BvaAxB231O}uV31v9C`S5-yL+zLuzVAmY&@8v96)%YU8anRpH)4e}Q zesTH)3%CrtEq9VIykq)=$vID-Ku%gmoarVLV|M>F`;tFTiQ0OV4KHbXF1A4e)50Jz znRhYBeWswajM}qO`6LKE)TvsDfC|95P*|L$I_{B?(FwhJX&Tbu6zAgu)Qpcu#&s4b z;h%QTXpr@Ym2lR>w-A{3xlQ5G1wN~)F4PW3mn5G-m$3!TzjeCYI6psi-quVG@>w=N zCnHvFoS(bL1*nzI{K}~tW%FwTRy52#pR5HkGs{4nD)r_!K}iwz(K7Q(FQTMGi8sIS z=(t|Fetu+=odKHkryza}E|Gau!u=o%h()rDi@DQn$sE(2wZqZQI;?T#N23*rQLi*3 zXHZ3nQMFIcX?zUhs_jq5A9f#uH#5EaSe!G(Say?+;2mx^u#%_G-|**q`h%^XeV&iH zQ|aIrR@WC`f6P>L8oPQIa+eJ9IZFUAv3ra0++D}^A

@Hq);&xi4poAwGbR{EOu}x+SQZW?+A>PN@(*dKo!w5QdC|_uu_v4rC)#&=6UQ%Bhc5sO{*# zu?6(=fqo6ou4!V40JHV|aCd#A#+8oF9ONuq0~39fdT727vNf|9eYb)vDj+Mdi!E`- zTn>|g%2{DHhO}&KrQBgw(9uG87s6FFswGSNK;DYlRu}jjGPkL#o|C;rRqUf(jo7!? zmuuKeL!czMbMNkkd)s$ozOd>1d_3Nz!mDw$y42-rRehxcWz!7YHpGoXwLcg&V8IxY zZ4HHoz-S;Mtj1Np-tTr{GgfnuCVdMwx=q7#e|Rsyz|aYs=iGwUW(p{rUal|-Ol52e z;nt_|^nR@*Cm)aN+lF?6GdVH)-Trs4+26e1ldmSf@d zCS`cJLJQ>$sxC^`;o6H@?IrS+sLyaBSJ{O-fd(KYd22#V{zaX~vC2KtY^4-*Os>&g z58yr;BpJtc?)rbs#~pOZd2L$u`{?S9nI*L_~QM zE8VH$nyosxHLf}wMCX8snw(-EnUe>h@1SmypO@lC#}fQvimyfPSrqUM&-&brDoHlC z@5y%d-JnM|J+>D)WHU1JRJdiYb{^WL-~LdY8e#*w@PlvY)l)P2HW#`T{+U5~{n^xR zpLRaFOTY8{7S+d4)Q|mxUO7FZf1*w3PTNKMb^ZtcpjU6zZoT85;~yMfLf>`bCzU=M zviln}w6#e7+aLk2$-;Y?-ujx-34+y>lps)lMLU4_*jl9ewMpQRhSf;{*tSVzBS~4Q z>;*ex+~AV!(ou+uw%4nqsYng9i;sHk+LP@}0VA{=S!EU|PDsvy@r$o$uD4THPVCcL zkCyA-eUghO83ZL50B{unE9L3M>+;^Ud>_9sDL+pqD5oA0_wj|jJmc_2dH~czPPBf3v1L8qE=qPK2_9K>ahmu^o?EASN`IR&I6gZ zL?$Uv@a|lRqS%EwkBJs>O7r@;!oIchDVSBD!utK%eR!9C_k%U6;(R)L>>K*&nOS|8 z3l}y5#%+Z0=I8OOH$Nkm{n=izC&kb1t;i=+Mq_52U77{*ph0t4TQOh-^~@tD$Yh_< zRA&a6d+ZHkA+HlI!6^0U4({{pU?#95k%>_(UP^{V9(8ld)zG}61{`3G%hOtzC8``l z(G+K?)8RJum)We^hJcuoeL>W|?`-z$iEC*S}Cl=0UGceuX-W7w2^X$hZiGKF{EOm)#}DX?(W2OxDX% z0reHiRY3N2P1+n#$KyIj4WrCTP51CtM8C>wxG;hp~d0 z*~$jSFbJGlQA>>ufAXlFdAwXL1;d)a5D3JA)9dbXq(9TQ+g@NpI0Hvf!vQ^TlymGE zppfR;bn4i&etc$5FX2cg_9MlrcRAjq)H9y4Xo6+n_HZVLFj~x%?PA^2_4@~B(7*gz zTEU=Dl17C3ibl@Q>+Nq~Y`-vq(GG*SoxS!^c)sK4yV=wzD+Bhiun2t{-i}y^Z;D~B z8=0*<{54xS#m&#Ztl2JV8yw%K(@&J>w?2k5mHH}W$ciG~ zlak-oKH=z+OPveg%F5wS=n}kvE;ec2i`F2`^tSi-ZUNcZ9UM$7)pX*p#o}Tw5WPVo%WY8rokn>GDkM#JZFGA zr|-2_JJ4}w2J)%`s1YzWD zJoKE79>{f>3B6~p=#Rga%(P;?g4}Q12C})c7sAvETfk^C(^sngW%wTGp|J&=l>}x4 zxd&wy6{%!biz*w6v@eKZWeU02wyLw;WM5FTs&Fectqy%qj~~p@=bFdWda!Up1?@l7^rddM{u=w}%92h+ zfingoRA~zurVjGNP{$@dv-XkIBIaGICqLb&U;OeGt+e;(_#eHl3j`f?G5)o*Nd->y zxxL|HmXi|a`gY67b{Bi6)CuVgdd!ehd}%mEAZcox`;Ip2OP^w#oozbtwMm`0O5G4- zoePAyZofMoWsL5-Wj#ZL%(4RL*`P9lni`;c$0)F4!x8mi@5w4O7(KGQqBz|tGE!HU zp&lG)y%-`fp&wpY)DLkMhYbw|HP9UojL5P%42m`Z6rhbSP9}(-Izr8l!e?JRs)KnW%5OWX zsmnmna-XH7H~TuS;>rex2=T;$41Kz3RF~gs(;t7u%a~f^JPsBbF;cw1(9CknDD#u; zo}}HUXm^Qrf0Akk4`1KT0)S24R&1-(gCBZGjlK@8ocoa`uZ#j8%UOqR?(s78b^WFK zyt944pl%3bmG{!UcRuTACWN{!M5P&dDBn1i$A6| z3PRMoLtblZ{FC~Jvh042QoA{XJtUMU)naXp$|n}}OwD;R$zwXh#V{BoV5)47YU-=> zP!l>oFm>-tM>U20B&%e<8tRMn*p@+cpX%0E|Kb9Hcw}T`;|wJ@(cmT{cF(bX3%HXy zx_b0X(Io??QL)kGY3TBJiF|!0_4W_O;WOw$a2D}`o9U98U-G+~PjZUx+@@}`JH2aQJv);<>ptuN452pdU)%qVr0?V{HDo9%`SOB4Gqk%b^sVm?1R*j z?wVwNIm{2+pqn4IV5?s$pfN4WB$!zNy>_W#OOcMy?kerR`j;2fJ;`0^ChdG?SEPN! z;Ag|2PlU3xkk9$CeO@0vj24w1(TjbcW?`pE>1Qr$lQYx;pq!JK`CoUeU0d|`>nGOM za&dxzB6kmd@ab*(m5-Ha<-&O~gA2+iqX=_wfG56FrAm*D0_mg`Oc)K+By?#t#UqhfwhNKZG`vq*nY5}n#}wPm4HC=_%l27Zw?bE*ZG!C{9sJS zT9@_8vghF5WQV`w-b|Z9=Vo5H$m#?ESRs;Ih`eF10#`}Ea}=F6!Wk6CFAxuq`A2YZ zAcG(`Aet@Mf2OZZ)607_SGtn`wQPN6+lsy$ZPOcMrV*~HlKcbOi41v!eKdlDxOF-X zl>EI?mXt?oIh8f48aR(Nj3o{A8QPJ#h_Q?`U&B2z zg@jrbF)j^xHO1O_5U8WlQs7$)wG}L@y=7I($I~7E@KZ!54e79!)Qgd?y=_VpU^+(; zs4*gaVkmnnp%Pu`i7LImOxqrPOqI3Gswcu^3Oww<3bk6sXLP!I0YeO85P?)!N#q6n zl_&daZZ5^4R*5^IMDZ8sZ|jgAbNvCg)Hb2fQ4ISAi^9b^-5>(lLIDJcF*o9jf3{90 z5`jQ*3T`p){Fzr)!ox_;0~ z9T=brc0$MMhV9x3%_e|92o%(+raVKL{q58O=mQpDUafOv;gGVO%>frk&!9i*Wx=zy zyl%{?ZNJ{%d-sDyQRbDDss6xYM8MT6w%g~Tq675rCsNb2x;27Byl} zE+~(g2-YC$$98t(^bTZOUsBj@eL20|>x|zWI`n16l=KX+fw^Ef_O%J#FhA%?A4bm* z^c?Spo)?O>r<@3Z!$(xpv;%rtA$cxcg|*sJ&Ke=8dxp7?_s!|TG{)5s#^eh2!-McA znEdH0McTFlEb)>`>P8eQ{?TXD*fIitQojZx(UtZojZb2P;WLYfG_-wGT3kxILT%eg zyHeVPuWvV}E4GiQA7ai^Hw}nj^=&K)E|0yiZEJ-phz4CEgYq(kEYQ>4eBFV&ks;UH z6~Nb(Y9>OYg6PG?vJ73Ko%uMdgIl*NR6gyt(XO0B%-UVf#+ZAnc6{8==Y#CDN|V5x z6_k^0w5twy8|o+`3$|{n(}9M3RUsSv2aix7wO)Y-*VIO|U;kMmpHaLWE;NpyOtLw$ zk`O|UUyUCzrWySWZoukOxSB{Nf3Qr%BFNA3JncPPt?Dw%nxWPYkvT3(6u6Ng?7vl_NOza2rMQBN3z2vqi>PTIkxit#_fY$#y$uC*VL>ZtJ=A5$(2L03 zU1WPa@Wd0^vU87i&G}q$-}J&7HB`ViovrHb>(5)E{~% zqVl>$EugDJ%xJ}bunN)qQ7ukQYnZ6yiRl&Ui(qWvoHzbR?e~I;3TU&|gM2#c5>>z?>{L|gZ#=Eu2-T$-5RoQ@OuPNelK zua9a!j;oyyKBnjEb}F}z`C+IxzV;_VM9%_0IXt7w?bDhfdOKzU0OPWV=v*dZt*al$ zNkgF?duopw(*`g|w`yg0nDd7^q-Ho{t*L52e?(K_Xnp04Q9VF*@XiO1&|eGvrO_Xk zpd0#QoG8Dsv_h4-{ZLNr3~zqB_7MR}WSZZX!~CLZJ}{~gw|+Co&uJjVY@8U%+G`k}KL!hqGxS&mnk&si;{ z)0)kj!#FTWMoYF9GPV%aSgfsCt!ucMt zs5xK+WARBYYO`wZ7E!%5df=I-RJ~_W+lWwK1QR~6i~)aSM(2B%&^s}f0liUy;b+Hz z3KbD)Y5R8X!7}Y2(=t(q5%3pc+WrU-Oz?Hrz_`;342H)+R{~3ug;O{a9yd{H=aJDp z&fjpOu`f(_#V~{6Ba>*GHk3yeYB1B@mf6M8XGYnhE`ULugP-D-m1M% zJ+0zx`?L+2WV&usd0Y+fbprH*knuGuZ!niJbR=^gWW#$|e77y>NB)>z>E~~#Q|^5M zqYLMG7Iz%T1^qaKVnnw_3RG6NLr0){)1zcQao(>HX`WqIqsH7-^}TWx2TZpvQJZOm zyMf7;dw$q6_McgG{J}hGI+to|b2YVhr!@#%Up@{UTi1JkjInv}uB8#&R$N}EgO4@q z@V;zqBhw;dC4mt&Lsk1Qw*Z^vC;P!Fm`wCfsPo(iv|r@6VfFXq>DZ5nrlt-`1^n{d zwk2vcV#wia$*HeaV_-pj$J=z_JoTog!q9)2=I z)i>#{>m0J18a)ft>~L8@wsJ{_1QthXDiml6d5&tt8DbfD|1W#*86DYm-FyB~RVZXM z8nL_4IR{2Hb5bBB(GrzqNw#eH*|MBH&o9oWnJ+VIKD_xf%l5n_`>nB;pDZg&q-2Vu zMN-UU=iEr$KqKdz3sp70eQsT#02D$M&`nap?M9`0Pugdnz4zH?2l#Ub2Vf;dtXt+8 zBICizj2FCNFa7GlB?hm}iia^gsno6`J5-7xPYGUuhweC_yQ<026Rno+`>?WibgAIJ zDb?1H7xW_i>>0u8xJ^yh3@*jmM?R0O4?L!i9U60Vce1on1v?EcgTUpg&TwK?555do zjvn$3+tApFtYU7H`iWdrj>lheKM&t|kbdT=d}h01v;CYVr=<0>Q=NFwjfe78hGFV% z##f1gw1mT(0E)jD_)xublMbj(!}U#i{zS9hCg0r%Mw)((ALH0w4{R==CANRgLq2o# z#SJ3?Vvh^PVt5Tl+I1rVm%Rn~+V;=~_3^{N1>Qb|tW}8edoN0|##d`}`V6^?@XG2% zel`pGiXDva@J^LtP`jCEC^o)3nTN6nIh^kQFewnaRmeQl;icYksY5+@IE)*ArAiUsRjzGKP;~DFL-GP%E;>cJLm$#`$ zeO<_1C54nm&j6pELCAm3E_HSk`6z8Xj(tR#m<9eKmCkN zb*gDzKNItg(wAMds`pjs;GM{Icvj^yKLPW=vaxVL8m_>rBh;sNe$nVcGG50MW{mx{ zhMUycvPtjMZPBjqZr%GEkE`nVsE)yhhNm`>GN(-Y4?ricp8=NjI@u0>oy(UTZ%_cxwIQ=v!SuzCOVCWKWv9_Slt?3 zf`4Vj$JBY9TwUin)!vt_=`ix(7O&j>t{i$U@~u3Ss@yfoooC%n6^P9r2kpD{&^=Y! zPnf&h{09^)A5!+QJRCX68)o}B@Z99@vA#C-HDA*W^jU35Im#G$Mwd(bfT2@P9-e30 zD)3t%#CG*2T_9Ai!E=`GrCqy^FVOj{Lh_@Q>(HI7wd~F88%uQj!76A}nI;afhQAcl zk-i=>H<2!+u^U=Jc-Rqg(DpW{t|3o9y;!RKpd;nl zh@U&DYv-=&o%V3Eq&-C%Em~lsu|8qbO#G| z5nyaF@>e%DvQNbrvUiky7~xS(CUkl}=)0v7fh~HMhaPET)k+17J2>qW^ehBD+gw?p z{d=~uZkp7X59M-#|4Oy2=Dy>W9IkkBVNc&Ma%51u3ij#2r#`CczA4>q9-zQIK0;(H z@+@3#BKPzdIm77J&V!cI5PS)MFR>EccR%X^S-bKOI)<-g>)1da_%Z^%5dEYMnF5^8 z3UAVmLwMNVL4+e@#~kRcc{Q7t))Y}z2*038jBQ#kw5zG1TO-iq8T71c1GQJ$a%jh) z6S?_#Lc{ZOrj1UN=**3=b)gee@Y`T;vvwZZqg{7kkYt9L7&zQ>7x^3U%C9kDNsRTgx1Ur!M*Tfw82dvruQUwnr-Tc?J+E5#e)P4y z9Xa*3uAHvXI~@^iLS|>FJALkIW_vZyAhIWen$K&KlvmT{DxQIgqb#s|Jh2tDSBBDd zxo+D~Zgn}=`mK90h8o10A-sdUUsVvW=4s^*j0pob7(rOWyuN3MPoU_{%Ks2 zi94AUuv|`MYG|0z*79n7=#f%==;Jf`B`eyg2-e@Ojo7)Yt(Fk>5 zomQYTSjA=sx9H3FKd!@{2?B~F(A- zO+v0V`Uozv7Hc${gSF1u8lC#V>w4o< zyRx2gj!GO z<#&h;j}=OP2g-Z{2AAt&;a~L0u7!~2hSOGT)nDOKYWe(uGh<5F|1A5Bu`bUYTFTg`l}D=!MnGq5{uv>5Wrs# zyMBAW!_TaV2AzESqQ2S5!CW(Qgf&z7wxfC~sT`5N2|H<vcFC|C#*uUxrb4gnufyK7OoMICrA{E(msCJ;>LYID^dJ^HC9nLlFK<7!@k zQrG2|A*@AK>Bn^tCFO@K!S656>PIN=UPFkTfWBB*IUBb7ON`&cIlj2>J`UQ!6wf1k z%uJF0VebKb`gb1ILwAuYVj_a@1Z^>;VssFvl}4R;2TQf@UeG&NQO2-ijAmPI8Vm)t zAJu1m_d(rvJBNlDl)ImD6;{r|s?xtK4z5FN0$VR#(&-=6l8n7c*X?kdnC3Q*J{e04 z?G{X2q9q!4;d|J`xZF4fJ6gw}b4}OmY;mv?m}cGXIHu2j?E&3;Y>O%gEnGxYueY&!y-DKgziY=zx2unX1ccL?sGfbML|qRYfbM=&k5}dD2@B`Q<~)=` zsG^IPpu4Z=^|MX-WjDDT@N$kvFQ~UIs1q&FiMw{|D}QpowleW7JA^oIU_rtoWd%lc z?euxQ`t9fS`o&?Lu&|E)1b}b0Zl`grvUOX;hS05Bvvf@;7#!lc@qsTpkLq*3_n_`M z%DfZOx5y4A{PBIw#@EgG8uSJUum6s4Afp%#jM4w@)@;4-9TIv!a!3ch^dUX;c#-ZW ztVh5O3gADXnI331;hji${da968pWb=9OD8y&;JlPmu8@)ecFbCkg~P7f z^jXGt?~zJ3e}(@1Z9z%+dvo*m+AEj!_pPHk4R0A|GhxVWAWa*c5(StANGM8r5;%`w zRh~ttsBsPtrh$(?Rhb~F$*xvD9zb!7@;8D-aDShLahp+fQADLB!y4gG+s@kuqbQD| zMcSHmLnB#)s-$m2yhq8UHZokTy80|t-nmbYK3S=cSTrpP4L5bE?|g$IE#%DGU8!bx zA8gpk1GD{gG>u-^|1<{U)4kMX5_HhUmiS8___IA^`V3ASO5iax(cPyZLeex3l;cUx z`YR|RazG(?h_cSb2TOaFT@PK@6GCYRHW3pvc75>=?$_P>D^xzlx<%<=`P4Wu)85}d4DIS7yc06WFV5-jZ(xwb zp^#0M{c|B@9h5zI*?hRUvEST$+FSrXQ#_M@E`)JfUsINz|L0r{Vc~rEHy_udPZa7Q z!#aPqXk#5pgkpK3j3;O$JHu9}_M1-qQpx&-8eEoiXU_UZCUTJy8$7myv!vQX9 z`^M=rI{AakI&q;*&1_aD;VaIYRJ{3= z%Z*is0(F>>sPXWahK9DQwl1KG+Yji`Pi)cShS$)(p~g=2U%aO2R`R)E4A;z|oJBt~ z8PfV=!?umG!NI>wK60>0{9v&2LFB{B@#{#Lw(Y~1>FWpGo(gA5WVA^XAicWqiwk=8 z@3DU60HYQ-jgjlj#+M1kdEH2qrE^AKrU^$mjF(dw`f2nflHe2m7}9-rV`Pw)Kgx23 zm6c%7cqB)A@pze>3~Sr%JM~8g9(19};?UCUTofaO4?OvE*wFUtT*es)y2LlM5v@-oc1_aK7Kgt+MA-i z>N|Goj}OkZ7pA=|Ywy`J`XT(|1ZVUStf(Wv)VoYQ&pctM86*yUK1MFH}ynWti!#mfk(sv)8 zEq5fBU`M%l&B42RYf(bK`V;-)Y^$EBEm? zXd&Otv;SP=EXKd_xu>+RvcSWa1YFKMdsRRG?nS)?jybrP1?Nn@w(dEqkA8{q9l!v` zjn6E5P<`7xRDN1V!o%ndy7bmF(2Ax$okVBQ46QU-(faE1X$$o|jCDA|(xP=_e8h6S zm{HK&Wq8I#sMipCfV?~mRiKx%c$Poq3_C0zvW2UgyZmyb53q9JjVs5Ycy1xlYzo)| z+t3!^r|T!-B3(a`CF00+W?(wE-V>0Ipr|Lj;-15I=_`MHuWsLghZTo)cAQ207Y=iK zNl$uRzx+4$5C3vW7ZbUl;z16E`pAt_ldl)v-lvb;y-T0}#2$T^z2*?YWflho%(D7w z-crMBztqLkZF;rM3>VBm2mFK<7?K)KwEf>CaWaQS37dvz&In7_e}oJ1`)GP8kV?cO_m?SV0(*>VR&+=e7geMzo5g&T~C;-%b;k^DgTWpbe?~e+-B`AN1262 zob@o98~mz1d3p!v6ds6UD0uq`9eQJs&}s}W2jj)ud=5pC8@x@t^&q{=@X7U@y=^eK zP5W=VTfgO;n#2^|{BHQm}cdHLSaiSNItmoXN9s}EcnwlLp=YHKM%LH!{; ze56c&`q0Bd+#w9AjlmmBD2zc5hA@|2ep|16zgMp{jOzj(W+s=|6Q(bUf@f3U+2B|K zvj3z;!BYYRB(BBd`)$T|bW1VoA)v(lM-JbkKYw^a z6eAq1b!~2ZGd8}L-ei0Odg)4wE_L^-v1yg%UZmU)`t<5#zb;a7)5RPP+c3y^@_=sp z?5Ff(NsgYdHG?^l&2`R9ho)_OKV^K4q&wa@p~xUGX3}#Ih#T+Ol15y~8}*y;qNYX1^XsA3n&&It)xE z8c*r}d!a@(E#wg!!#F2c&7sxZ`s$zEqazp)+j?;L0s)F2;;?e(ZR|J6$J$q?pFVR| z|A4{&&?pC9>;n$m@c~!vXcdMOgpI}g6+IqC;ut4H(F@eS@}^EajmP>`A`f7c65+hU zdYUn~9o6_65MjLIM-J=gzP%ju4Z>eq^z=_o>wo<7Sq%{}Wtz2ijc}PGu?|f> zu~&ca)O|V_Rb4T6ACxcpUbvZO{E}WNzec`mn#qOP&MgeC# zs98ZggMqjrpc@;dIK&|`*`?l=8om7Tq#BFK4^r2HRlyhn1si)Tqk9_abcqDQ&khC& zeMb!Q8!Rv^DQ9p~kB#=J?&N8hO|Qmw1XYbyLlDKz7@i@$=W8`Y`RSoD^$(7z3CsUZ zWHciblVd$loPY*u=M8tNm2#BL4da2rKH% z)#NhTJgL%&8>&0gqZ&4l6ZGF%zH?YmRJK{wM>&Nq*{j-Nr*q@O z0`vSyWfS*wY)eR0MP~hLV`DCWK^F5K=nW)z@P^go;Viw|h9hxvPUN_iYC)%GXm z&+vq>m$7WS&;0$I`&g9K5@)*$Mq$i)3gPMc85>_z*BD<FV4e^*ym$Clsh-AA7wSF!j(hNqTFPvFjuqX z5JD)|Lb)F%%3Z%OsLS1R?PZ23H=z_TvV*-D;*Uw zbHbxF*EMjUGpIqVjLBpIJwv!gK!~$>HP5~Lyg{`fz&0Zgjc`CX*YjBuQ z0ps9Fq;FEMJqyEzu3aIXbID2%5VYjB*oG@5BjB!3RmXcp|Z5wQlKFDR8gc-ARC+yy*s-EtsFh_$#`>0?P8 z&LX+!L>u10&}4SpGtkF4i7h4uu)3|es!LcYJ{#Dg`YJGn`41SKfM2y-ZGi4}KqsKP zGbk}E7ajRM%Br#K+BB--(I#C!*`o^_d`v(CEuWgr6Sm z9L5(MxADOPY<#%G*m{_T9uGCusg_)RFH~WmLH@iv4r)>FIHgc9I*h#BrYi;))cJISPV*5$hYU5poXzw!p z?1Mi{w=et-9K1^M_nuhgOLz0V)6MD&K(*^A*E_dYUn{)_1O>?;>-EZ+DLr3-C)bt&EG{vAVh&9S9Ex&q zG|r|IrAR*tq!{^J;vw1`=%h@orn~SCf*nK%s10D%=4KQkK4p7i-fE)-ANQ-@yg1FAh8%Tts** zg9|xp6=!dAgFOq|wlH)i7(~WmKKilHpG3(q#N1|Oj{`qs{01{$>lK7xOM=UV6NH+>o8sCqdp8Ti z2p@D}R63pHS+Acn8Xffe*#Qk-x}SBfpTN`fF!Xbr@m*(pp&`m)xKxNt%sGjA>uOYg zu8pV{gG6`0YZ-wjNXR}!F4xal#520CKJxJd_2N%RRnTnfC<^>-e!K~AuO>rck?p~y zURO#Z`UU*Gq1=N@E;J;@-s7CXh5U`zk(s9*zSunAc@EvYez}Hz7L&JosqyuzmP5`q zw4$Tnk!v5iW$nkDfoBWrKcc69)S`G-t7?&Po83C%3GcsyezJbZAA{kU8)sukzxXlZ zywRmP|>@v9( znQfrAU6)T^)mU?Zioi>sPG?65Lp|K2x6ZfdV(SnQO~~m4JdM^`p1vVG+v`u9Rv7P( zP#57@@n*7oXhHVPX5`UTQ=__59Xi{Hk-!ArNKkQGZx$`Zt_b^@;r3ec&W-3>!$gPZ zzmBd6>-z!d5)9q*BC}%Ny!-PP94KOMZg@r*Wf)&~EwbVHHl4XXOdcul4C4dR)WB%y zC*$jFzpm3SN$t?oTneGqrFo%0_yi44?lQRVaJd+3eJJ5HmqTFTj54D5v zlk9(H2yfed?W$hFutve+bMaJd6O z;662g(N_fdr5DRDnjw$ytOv5rdXb zfR84xggBJV)gXHWcxvXgGb~uQF5CR+RyR;kw9+00a=QV zXmmskC+pZZcIgs)dIV3pFkUNpcq3O5NoIc`IvoycPS*7}uat2c8)LRZyNX>qv}F%@ z|EhNCoC-<P>QBs3N=DE z8_}=Mz$=YDb7i=07Pju>$gF7%b+xJCol`0pu2i6dv2_8 z@b<&NpY<>k8DZ~4#D&@+)%U^22!ovhC5?#-Ih0c$5XA&0s=*@$Lp)*)Y3E%B^tr#l)p8Tb z*M9f|U3urSp6|)#)RRq|oqi{jOzYp>)eh@jc+M1lY_6jyq(j*i#QY@o>+x#+=ikmz z$#k#&;crjq^^=`0cajUULl@JB4vjmGSbTKw{*1wePIYPNa zduEHrpmMM(vi?MD21&_iGRJ>9i4tmD1Uu)(~j|Mn6DtC(8w6fWHlAc0DY_Ps&>^JTLLE;irY#NV8lrLNNa}))4a< z2JcJ>9L2NE){n(SUlM=(a2&PZdh1&PP5q`)R z1kfxqCoCGhF?^2joZH-h_r_1n20RAQoyI%O4j~rKyVsU2P}VHU4wo~L=gr#Dr&kv8 zC~R~$3D4G4&f$_bF3(dSK_{qm7R{h}Hf}S(2D37C^HHNe$z|QQ)xX3UyB*+U<6>S&Eb+S@->Lujha~a7aYNtz-(S!hX9@9ox^E9Uog_-5MQrSYh%I;Yp2unT5Bb_jY3eJZCVnFdmp!u@}DbknXs* zLjUC<4n3Q0=>PfqvpRuc$2jYMl4tC2aL=9h>cKDkuI{dy)?J-X>*9s0`oCWuRa;kr zuYfmhy<5AcEL(EjWiOs@oVR4lVbg3Qaxony2J*; z4nj}_1$?>4%oc5K;BO(;TM)&d@ug`tU*=71)8ukXxci<0CV|d$llwdyHwFc*v+pw; zIM};^)a1Gln-t6AX>v$3<$NU%$j3AIw0ZK;ek4&}vYZtH2U6Wnt|^_*mYdaNoA?Bt zBavOY^E3D9PyV+LYfn~_hJO5ydiCvV`qq_f4UjL%asc?_Uu_#k?<{Q8mZKlgk;gxy zNB73`rMy!*K~A3k^xbClv~qBPLd3V6wu62bo-85QBrgS9O@=E@4mY_Anc4V(yKKIg z*9ddsi~-zfo=2CAKNwxHsj~V~(IuZxn1Mx>%^mmw6psU3wU&oAhwE8_rQn_Axk&G5_kSb{{l zhdj7gh(43!tnW*~#f<%|N)JEje?qb7&#U2Y%tE)A!qo5@`OM@++q+UZ&%-iM-X_Dv z__WQj?F)Rk1c06K>8UYHMW=S?zR&H|*Z=E&i4eMP{UI;kzGtt z69Uf+Ypq649`x#V;i}yH+y2Vr!G&-!x@|H-3b;7=k=oXPFPZjp2D)JISv0-`$ef&K z;g8to8=tmzQh_sF_!|U`zGMSe4_^%5ta1;(9KI}o3ruQpKUXymbMwDw9lKYbQ*qQbQ;}>lgogy$DXSFAY!J{PXJ^H0=xc%ziV>y0`K$5En_s;A#2_YsFRRnoBW% zOSQxE)|Z9jOXfp~qOPCGcw=y#v9{@3h<$;=ooZ1`4Dn`dtS3K+XvbH zdck;IV)3Vr1J`ti5)JcozhuOVdJI6RRp?YzFM zzL{BghB@@}4*saiLj~?7fKGj8s^jC0;f`lqZ#TUChRL}(z-KK@SQv{qbyn?=X5+&s{?J%>L;xQ zdanO=-FHW>{>y!Mm%Ul5zxl_DDa!o@q3%Ab59D5VaC!E`4gJ5bV=O#^5efAhzYd%J z0{O$AM-Lt5=5Lz$i#f%Q=Sdpka5BsG)lRR79yDp4rh!UnJ!nD2!)uZXVyQ8NGx|UO>+dKR8EcsI3nsUD zd@AiB%oea7rgu5qVKHUpsRWnXZ4W=H9Xocb8elec4XUe-*t)!TP7>3YMPoC$mdQ-7 zbGQ0w6K?@X3@n-{P)TKp4&Gg6dBkEYkkCDH}loi}IYvCXYS}z$auwhY;W3}p(8QzY>0nC)8E-5uN#7$8G zr8L6na(Gc^gwx(h5*fxJ2voWl$ovM`bai;S#`x~h7@qewVpC%zAGdxXB(ci5c;}uG zA=iJ1i)}b9y`3@BwA*v#aAPM%x^2=zgz<1=vc+l*VtE#UnAv?>z(Hb-=OVCAa#}t^ z0_1p6nMz8+#DGU(TRw=jA^6KsO<__&?AF7@eJUjUz$vWGuQX0!p+xuD0P<>sS@mU> z5hgHBk72C{2m(RRGSyixEn5}b3&AnUMq?VQq%oT(2S>kYU=9F-ruaheunDlKvb;N) zwddEH-n%zGHu&R<@yx3!dES|O1SEgnO&K>~^GBaO{A0{X^Oy2ImAY_RVvBAFg;g~k<7$(+w2ugrZ&1Sf&dYg{qcPo2ffUr5_(8CbILPR-wVS{A7M{T_$ zAiKOa;7Y&_=)o7W!k&Y}8pfBPuV(c*X`UYB39wDJVess=2rkS)@|yAcNqE8K`)M^& z){TF)?XmuhodGpBe*@kjL(<@9yJ^48Ur!7AIrn6mpG=;@iv%n4(O!eKt=HuBlV)`( z9(QzUiVZPV=*HKxIDv6=0sct5MUBJXoa|(leM$7fX33N*)9${_9ls>z#_-5!7<(*7 z>+HZKXmXuX(3+zX9*yK(^5jVTK#gzC!>a`y1-G-zq8>O*fG5fIIX-O%V9VWKP~A#j zZG&U==50bY+h#cl37xmOLU$f3(UyT4aqF)uvCT>$l(l&yE@;aDHc$`l_d*1O-HS@7H5!p-}V>(9fr zWDm3?3PSxJTqc2w%V$WlOTi^*ni{Sd6l8{he? zlA|y14o6>dp)b~s>A;HwiAiAhZ)k?b!v- z`*2xU?JB>g-A~&~o1)GRD_A6pb2@np!X=+ao^bpCuY{B+VWaWqlYOUyzwsX@7yI}z ze<0?kJ&P}?;F9Q{YZsWA0@~!J#r>RL?<`#X^2~!f5KBDfucLAB#P&xW z(Fi&SyiK=}$Na&^g4#JiWC`ZU>aoMYo%_h87i`u95p`awAJG}S*u3$YTw+tnjtFnb zmGR8@7!femIKI&l4kwlvpGEy}2QhSP20Aj?V|y@ve9}W73~1K?;WLxQw`;$RuSFBR zjIUutXWNLX#GZ|?TMASbtNOOM9s(}Ah^R7K4x+bfU$Iw?NDD94QLZBa7Yu4*%*FVS z(XkYGy2SiB`iXb1$ut2@HkMk~%b-w3x3bKz4EbdYc*PQQH;DXV{Mn2?63acKy5|@2 zYO;LY^XZx)D!9bH%;}R&R=0y`)_cq%rr=$^>h)myI_QgqZeG5etp|*m(YLO3oQ_T~ zr-fzPpc8l}mTc92@|_+(98zKHc{N_D)f=_rx`^YDZHY|Y&*btCi=4B_^eCY@hn#n` zX>|gj2_T66!W|A<1K|JU5bFd_vtq)6=b-QgFHMggH-l~qmyZrDGBgStI7}{JSI@je zr|}lc$;TTrpM{NlU^T5D0=W9@B_lnQok&Iq3z)x&oCc47R276NdkPo(=Bssj0}wMp@+TPOb_BZN+P|@GXsR&xvmS>m~e!S zd3+$FegjB|l37sMft6iA*umEWv2DJ{X@#;hv6K_{5-meWLOCRSHaG1Bm#c^0;+7E6 zuhSK?g9V6C0Ss%I%P;ScG6p{Q37BqSL4Aki+Q(0nI-4Y#+`&|c1V|5 zd&>`F$-AyS7}gSa=9inrF@Er-iTPnewCwyXao;hlTLDjqy4l{Y1wYfrYae2%=ij%m zTN;0EbveJkx8mJakO|zzk8o`+BWKl<6)Gdl$Y%)obN&29_|bq~Jx!QU_|dd2YF0bxl!P{j1WO_s00i(aJVxI8+FN-h9^e<7+^^v#_Zapl8 zFPWCJan6m)gMh~^_)M;(EX(0$xwXFbpzcR;TZuAsGj8kQNP{|1T-oN*wh!xZ8DB6M zMRB_yo4lf)=3Je+_@Hu*@6%&nJ*Z8CSJis@7kcjP8hvvB;gb!tdAO!82+_z2@bt%% z60Y>q`0Yw`*KpBrciyS5?zm53HX(>a$aBzt>dYSRRG1Cy z3vXZ5e}AP#HH{;%_hi1}w+qj*NTpn<*ZUgBXBc4~Whe$nYnk$z50?dx%))1-e){Dy zX)m!J{PpHnwcvf(elB=+^v;J3KNgLbGtTYpxCZf@0q1 zZ`QE=WN#j!VUs#1Pq>>&FFrhMjnCGZDCg)P7Rxq@)OeLtk$v>}9}0X6>%6eO74I*o zZl$m0d18mCc_kIve)k9U*aL_3<-3ZtJ#t+g=U;*@5SRWup*p+FScf@+9(&MPspk3j z&5Io%qO9ytGvVyAWB00X#~1bBZQJ!H$H!Gh_$<>O1j)M;40Y?wzn#+$8~e!tG@?e7 z(orVE!O&If$y)&|iQRe7{HEq$#_yiRdHQ&5GzLN5jn`H0aFPBojI1K|A_fKiBe}DQ zMBaC3>ix#6hY7acEsX9GmYY7_cz9-|=%<_aB?tsh`0XakpRRxIB?&Gm+MFwEaPijF zs_>e819N4;ffe9l<1r&U4=yMutZ()LQ*#Gl>}`$K=N9Cta1(iI2q7CW%{td?JBj|e zAJ^r@r!U@o%(mn8ZtX23)~$IOtduj_8k=o@cAWG3x3EKto?ml&3tCu-?ksqG)n60q zBAMc5Q#W>hbx--8j*&K%Z7O&P2hq%dN7XKHOQizP`urs{iiB$QN%u z{9nCyqn~CNYj)MCu9e{9DT2-0%G)6<`MkqVxQ&yM7xRau%Xxgo=+aW-OYXN{4~iLn zMkY$LTo&*&IoE}cUjinn+DpyPlAlcdIga6qO-unf<#*rvxSn`mpT2lou1bfms`>28 zdhPY=dYZ77eFGSzSR|AT71Fb<`}o2-wFAlJE+3YTvnA-fKi?+X`TLFJI{Y%Wvg~hy z(16jwdbJ%bRBh~w@+QxH(%;@9{RcD zVC+43H|35c%8jQk*K$Gse9GX`rJlY7T!4);z(YPurRTFb@#i9W{)~RwVZEClZe)tL zR)1O-`#-1SP4suJZ;mjeRn=-9wtWjqm6UXCu5FVe?OO);VuoI;C^y&E+Qw;~oi=Yp zgwovmz!Q4%fj#;xIsc0KFX{$#;)T~6_4H*zzYZInU|!cqCuXqhijj_hn25^7TMAI( z&C6Hh8S{{fVGQST;^vmJi72K$4%VXs_5kY+vlQTCURB|oQsrr?PitnNgFH(il^2jGlGw@p zEv>rJHLeb4-A+x*Rkw6Q@3T7$5^EvLeKR>m&VbA0W+Db@DPbkDajTmeY1g&-7F`{({VkyuschBlss^oI*Eo^_O?<=*PTrSi0oB)?x(Spx*-^OT* z)GSgXGu`TM59^f|v&r2+TwfM&ArHB=W(yF7ReZEp@%Ae^d-aAIi0>Q4n2IdvTuZs+ zKCky@w}#C-0Dd$AAG+}R2~Bn0(6z##%HT)A(6oApQGT^&QeEUb!(h-BzV~NuAlgzi za=E@P#LtD_t%1eA!SGZ4xLiYtd$*#TM-S<_S=5koWeomaOAa@eTZ`OZ*^`5sAZB>Y z)iyPg_hZ`eu~l?_wT~G8#H++|np}MI6gg$OHM%QE{xxpflE_L0=(TmRq$&FO1N-WO`z=34GqTvoj+pg%X%dNVB+!W=IFodDf z>;Y+_>npcAH^#M$&u}-Pqn)cTjZf+H)2lZ9_SQDOGzPQ8qc^+#rRrY^wkzIWg4(TA zZV51~NY9oU$5QpB`rRFDBah8YjPu@INt&8_5NIj;ygohG+NRhsYRlnZ1NUYh(54Yb=zsH+hU%a-1grH9*@ zz$+C?SzJ$Qe&mfiy*^r*#r4lYaCM*3YjY+1OvS}l4;S!;8I0pe7mM|gLn)}2o*q@S zvsX1^UJfNAh}H+Y)`nlMiWOecgUt$+rM$hi`AfflYin=u5Z1dszlF8cn?79pcGG>& zw4a%lTiCz!>Pa6i>D9lmci#7vXh!N%^MB2>AL*1!r=RK6JAWkU&%ylitC4%>N@Uv4 zTU&1JFqs?iGM~^N8PkZ2k7}^3N!PAS=(RBp_5LmWj4}mTVBm(vTWj>@ z<#zS-TaF=bkArG$p8jm5c9REuE63MZW8;gu@s;C%uy}k;8f&rfk^5%=8Is(@)1fxq zs9T|2KjnbSTbDaLxVUi7z$O8gbl~B`#>%`~S0??e_%v9MFh z#W}9dlH+Pz{r!Z>0LU)a04{Rod0;1Xu9GNcEUcQvw)Ao;dBp2x4`7+G-NIWaq;QLK zIh1fAwRao0bHBw$+sjGd#iBQa*tp&+5U_dUv=}@N6Z*i5ah|~Eq%OKeZQ+n`eV)V> z*4#C1f;Xlz2}m0sHz4pXK)|hEJn^y#VPJIEqIY_-8&)E$R|_{}x$b6I=lrDKdXDD>oa_(3zsSs8^X02yoKrPn!G$)VF zO@5u*y%`f@IBDF$#^G|5nLNO77Ixj^E67WPADrUv{W89r0ke%dHz1H20;oyYAel9( zmm`&@Os00Z9gQyV)z;R+#g)3UWq&mqWIVzwI=!4?L<(S^He0nVVrZeu0fbk+<@#7l zj-6#YvvKp5LBONec)$`~#&U$MR}Q6HHh_(WHXyJ8fei?3K;S(I0rPzGa=d%;1e==K z98Q+1alPc1TRnK=o2KZt5W6lHkQsTT+~-*6P{NB@?nFZLyG&)nnTx3LD+-re zjc30u?U~n=x6iq`bi&r3yAo@4ZhwRR$KOb~ciRt{vfKaTNz-k(b#JBka|c!SoVPdP zrmNcM!t^K}gq#!o2|2F*kDHa_$`KQ5(jSy-KE(@OSC-UslpH-SL9TV)m0_`Rie)iE zy_`zR`){SF`F;G8#U-~KN*rtqb2@2xFxHSLOI7~8 z^jj7lWafoEJw>edDaue_J0a-%QrIs}X^koR&;|rHAg}>}4G6q%Az;Rn(|BF^xyC&Cg|N_;i|2i`uUR+&KHr?gJ9%ENF<&4` z>}70k=R!2vc>cWCAH z$zHt;j{D>w?R)h_qZ1h0ayUi!u~4Xpt&ye4u-voL?9<4JCb%>kvqq zx7Fm-^3dCK6&u$E1U4Y>UVs4nXsMi4zrOq^(}_vYLk{{D=GMCDd<>%Ma`7$5jW;)k zu-Nwv-CY`v3uos2IlhIX*!aEyftv*Zk1n{JQAueVZrZvrI%INuBBxlYQO&mf{vk-I zhOzOR4*|DvXaDB%ZX|v*S$|`GeF$y5Z$MxJ0viz6fItQiNR?}BR)(Oy_br=A@J;i$ zN+;*k`)0h1Z#B7&3?=5zC&I%jawIJ-XTNM*zkU$#6dMb3cR8FgV3;h*+j^}VcW6b_ z3a?@!3|Qr^1$*amcyEo;1H0!wS|9myT{XuI^RXhVHffPU!4ieDO9)j_gl|?3hJT}) ziB9qir*AjunmxEmxBgoj&obTKt@U}EAUw+~6o`4@Fp+_fSy-~6HOqZB(W%?WEGA~= z?WOL;#;@r@z?-+Ec`&azR;)ko8y*|!LUiN#4G7#i2>fdEqgw|@zopFhm|r^c_g}Sn zT$-<7No5`zmZvRqaBY-)PeUM;JmJlI*01%vFNBL(9(x{4OTz_O>=rJRUo|@Po?a&J zq0TM0w|ftDbE7L85ZHjg`xXLb@ou^$a)S^8+ro-v8UJ&hDK|qNyw&a9>WNuAz5tOL zTz%6{=SSFC(Ko2TI%tn2{IzPf`nyI}`gyoIuhiD(oir&~xP{bTU2D8E?} zE)K=qISKlWn{>@jX?zPehBs+E>sT$oU_$36)qs;Uo9oz;SJka)LxaqY3AUMWSt&d)s+SaUUIc+@A3W z0R7-M9D3|MJHJZVg~giaAJ%wZ2WM3S3Wo_3m|LKDPBHb9qT?oAn0X{>_TO((L+_7j z&C&p7N36zB&SsTWl<45WGL>XcX{7a6r(^CYt|aJoxOR>OfzOB+1qVSAfoGp*O|9xxaZ+zbjmE5Z2hf(CqAB$*fh@g=J1#?8U7O9W&_Vw!jSjo zeP?w^(pr-dEF^(h2qx1(k9fq%@d92?Z{W*&VisrDqsK3uaf7!g6MV&6kMsFTp0bfA zs>eGogoA-tF+gJ@FjLv(xH4RRn z-@ANe-cL6Vtd*>w2bZneN_BAmCgsflm*#8g=p9wt@ItuU`r*0|7tFQ8Pm?E*llHK0Ca#y$bjr_2g;WE7&us<3Ul()hAsNqYIk}}{ z>m`G7#z*2N_ZgqF9N4zkw!aL=zqmfz+uD*(f(L78@p_-%;4Hl`y2jXSzY+8MY57Kt z4y>x5>A_`v^$hdJ^j`Yr@js|$ut4EF-#IX#y{ub6EXc;KtbcT zz+gFfXBM7`@om{zrUSc+6ddo>U`yjF;kmved2iRYJe(c925TI?fS+3v@C=OgXrLK* z_D`x~I7k?<zw9iWr%SW3&`+w%3Nb9eqYoSbF&zSj1k_c7Ch z;U#DLD%*pae%E9+qZj;=B(J5@-zA>C)$J|Ojg6nvg@7+NZ<9T52U`wBIk+<3V%&v&T>e&V-LYHSA3Uhsp?XbqURBfZjBZRh(J0-Ht@?R- z1qEL+E2->v`d0~l$jnE3AAGaS>>#jFi3 zD!0WFH=)F}nP}I$oAl~BljxII&IxGNeg1j%Bt5?HqZ?A9twfvlNMfX}yjQvRtGPx8 z1G&mA+^rqQj_G&5c83lY^r-o{@9FJ#diA5pER9dlu0QXI`mHyvo(GtWW|2-Nq!*$K|?ZkI&*5&%6JuAKUcW*j7=+a@B9# zdp99qlb66*`?P2-?FTrr;jWJ_i=J7~e}^xL${fxcuGljh__6>}nSGrHUz;;;4s9y} zguQw4C(`5z_(}*xMQ+hP?YsLn{lV`XRduvkP0xN;ub=MMkH^EBm`u$5N^_f8kKdc6 z7^_deJQ&hVgIfZgfHDEwb?UxfpZ{*v@;UAHTp#_unee{+yyq3~(}54%u5Wzxh_*~! z*Y#(=r`Jvo=xOGCGS$2%)jzjx*9iveSxrX$^bS{o!9wK~@7KY5fXifO?&nyL(_3ZnKbs3T*=Gf#^hm(my?z4B_{bD$@o>u~{bGT`h`$T7{hK%lji?;7f z^wr^x_09kDi(1zcZ8*%G*MI+uJ(MWx$}MQ0@?Jak?pJ&>-mM>rHg5Gi+>GJ;+STbH zk;9S1{Mly@H@$lf&(;YphR=q$v+X55TYI)XoRZ%jNpU$0=bqv9+`8}|PQr7mCTTgO zQ_gSJYK_y5{qrvW-G3sz_r>-37-d74k}{WY$xT6oxvZ}TDD`N*C6 z{m<`HLFZZ30M8d0-*c;g=St1|>fKMm6CZVKke&bmer{6!=EJ)4QQ-Nxy~=Alt(s>$ z^^5bP>KP3vf&uq(_<8f;wM73{XqZw7`ktWk5GjXit46pL8c6%LH;!30kaqc01#AKF z-}qf(ZoPFi`(^g`RHf7Z&1>h@wU>SmH%g>}fZ>C;9-I@0v%tf604c#cw2E*)$hR10 zSsYr~)94(X?BmETpJy;I$j;Z@@Ri^B=q}|nzoGhH4Cv<f6rPw+-I;EUN3vCNbhnC%vs5tJrs2MRU2UJ% z$QVcq0bDCxcb3Z0Y2_DfR_V@zs@htv-DN=)#)mc0-K@6GeqCyt((ou&0i5`Ta5c;+ zuA-ksuAkZCtx{n(#>i_{CuY);-$^ox8 zC-5aSHm17MJ(`H+Xft?SSQJ;`NSg+FJ$xA*&kV2Uw^v1bg$_T1qhqSK_DD?V+AH+h z>!-b1@YC9JxoqNOmyZ@|^Oiy#xT{dv(J6JD>rg*TE8=apXv0B=-rQy^f1fmyYL3pT5$Vz)|)0@@w! z)Y!;~F11c+6uRr-OAh!_pweyN%bi#fPGgaIu2cPe;0xAN^XJ>gmmF=X0$-p@TPg~{ zm#D(fCBv7Vjy~v8x4QesHLZMn}I+UmMl%a0LDd(}1rSe=pcvu04CVX%FjOm5{WX9RWq=j4VFL$eFaAJ1d z-g=CIzC_uC#Iv<|YlTN&%JNl`)X(m=UPoVghbHM~&=9$ci7%<%s@-?&)t0gXZPK)6hM4n~CM?HC)t=;uX5k8q;>6>5 zDD8+4u&YeRj#a2)Q=Y;gYlv9$(v*7Jx{wc=)B(L8hy!!1sPjsg)S8FoawSjms@5SIIWy-7O{BUygho8`5}po9f#Kb)gwt z1r7nT^j{-#`qrK{54j~(^fymOsD70DSd&_j&ZImlqqFgKG8j;b*tXvj{2o)->s#a-UL{+g)^$xOM>6}R$ zf6cnyXhCjqC355rl@~^|J=CS1zF}QyC9+8n1#|@#(bXlogY~{C7jIUq?`QDNoJn}L zn5RK@HZ(aN(O^fX+G=m8wQpR#(*cF4w`7a;bBcaaFa50Vpr6yMbH~6826Gpbj4!tN z_TW;n&)`|+;1Zk%&p}0@ZS}zOJaCzqm;o;4<@Kw688*QajsJysFS+fT^Vu6{Y$lhrR-mo>inRA=fu?(g)N#I31FSQXBMhsS z#0`@t0@=tD9z6E~&*I#2O>7PVPqaPD!1Lye>AhHMGMo#w{Qz)2lCP<5c>IM94UQx8 z`f%patgLL8zow+TO8fS0QDJr&@HG6in~cw^?iLPoe*bqIEYhCC`I_t+RL6x*4NfHW ze_pSw9Fh_W_N=TNRqfiUU59t5aua&Qzzj0@geIqutr~mOc(q6U)HCJ7VO~A!^(FN< zCOQYzd2zXMEZ@Gz|15M{Dg3rV)jM)^s49*Z=YSe64JgRIrR;FE3N)ge!B(~OjOlt; zL=kvEDmuP=YfQf#a01tb?G4-*(6yxY3TZE#Xzv>B8PCb2y_Nd2aX%9Xcx%Jo^CWv3 z8c#688t<~_m~Zk{#qG4(KAKk+f3e7fW~K&I%K6A))>SZnulg@-Ro-=vuXs@zGU?mO zWe}qb1vjqw5bzX>(FjV!kuePh$2E-d1o=uPDy~1kKmvBJGt-2ov-Sc>?Roe$zkBI^ zgSnf_e;5V-rs_Mi|AAfli%+9~=A zxE{W5zwR!Ma(I=+;Q%|1kxpf|ozg2OF6&0`r24wY1+R8W6;mjC^DwT#_=H9h^KPWt zYIlDeT*aqQ5SQ)L!=HFk58u02w-wB&G6w}rpj%f?T+vVd`gOh0KCFf?Z6*$`TooHH z>jweDEATo8g;L4(yL9-W9s2iAg_PIQuK(G1LhUn~b@-PKz3ceBW zxJ#GbG(3AvZ*~mpdJYQN+4AcL;*FZt9|B%zmnaA1<=S!lL%JR1{U>tXR$F7ETKZ-* zJQ%^q04(63J~&;at-E&Wi{IFbGQU@Ewu3L7DDa>u(OKoee0(Xb+M~xl{iGhaYp0GG zzCf2E>ePkTF6$>>GgocMEG!z@x2uj{bv#iC6>DT6h zews&nc3z1#?>esAAKR+`@FW(Tmz(uZ4W~3vSgoU<|Frg0j%$1U^E!QYO05G?jY6-3 z(6_X&+4eST^X}ui<591@sY^HXPxYrYSiD`wzVIpSt{Btyy61K3Y`tr5Y{YLbG4C8! z#;5aCUcFx*{@icqfjg>oC-YwB<~^X$aI@mgr}VSeucFxV<~@k4VTwGP_lV6q#xaA_ z$aOaF$dNA6T0)+%gR3l*H(vc8*ZsEv2b6_n(D|uYht9rqQ9o&aL+^Bt=thuaxQ0>y zBLj$}4MMMgM_*i6#~B|EPwKv7+jNY6mgWwl5be|%>t`GN>=~t>-og63ekM9R4=x;v z3{J2frlPC|w^TCh_>}gP4rv?s z^7feqwe&|dZunv{UWOB5hv8W>`Ks7)P#^g`bmfj6I+`=7srpko|6-qBJTs`DC3~WQ zR~B|VlwE|e+W{RoeoTM(wWGRY*JkBR&2W%TocX|*YTrDmm!`V)>cv5w93vR5t-IZK zV|jm2|KW)$9j?sNFmSiCE4!SWj|Mbrx?7Rq2EF?7W&LCOsLpi_YZ_e7+gzy~A9zfU z-M?R7xieq8;>{YWc}qWdrB>H^Iy5;vfdblT^t}o*eDy*i$DLwi^X_|e_lK(VS09!7 zPh8ixYR_qW>s}rE%};9grhaX!eO_;!y{=~FVFJUqwai0?-Q6g*00RE}g$v45y7yik z|8S-L{YSFY{bqxkzo~5pbnHu?(4N8`ZK-_$57b6A_hmkRv+Wgn?cGCr|I6c9>UyJI z|6F@suDvg_Z!GAhz327nsV3K+Telb>Sdww`NI87pF@58AkLp-;k+M-@hEVw1(#RgX zt|;{VdoS0hrfpKAgB*B4->h67o-;?5D|h3RzH8;$+1vMW@{q@YZ$-8C-2YMCT{)x= zM&H(%D=oT#G1A0XdiZPf%J$Ypm0o?vw+!itz*{Im zTc@tH>c11tbzkvE7{bKufaj<__T`W1 z{(~G07EG%+C!4YuRSz_18n}M@#adl$9oLv0FmiBZI1-N~+JoOBd}@@?<5uR~yiBTa zR|Er$tZh1Y=U#o~kE=Cu`kG#E=+mWvapVXKakE@6O@{WyHw8RLfM+~ue2Ct^_Lt$C z17d^&`oK0Fx@)h#{72g~bfR9b*Z1o3z=Q{9A5y?G=I{l1b!1A>QS_kTr^#pU#%xD_ElSz9^k9^}!<`6LI3tce%1Dnxk zf_FPQfx(Uo)t{(5D`514%btPn+o6@w)!59SCP$^|u`ZkhX4psMsxMxyQU1YX_)C@Y%b?@di)EQZQmb@+Hm17UeJ2-8a0xeXi`{H-(o+aHN!2a?k@~DXHd8SZv}W6z zYsWT9F0L<@Q+B>$e^H+EawYJa2}C?@aXu5;0-Cf3ZF1-zE=``bB$GiqQOhMWGr~mN zP|MYre)7XUohm@tbQNpT&Hx15%6aX~^?j*+`cKUDcP<7o_iSvgJv@&R?LGa2ex1ta z(Bz8O-WZlo^V-8RC`P>M7($7gHY|H>faW#rey}D}!Jmh%?T}eJ7Zz#TrnokZBM4y) z9t+ta52x}K0Ts2!m8VJkk__o=Ztc&%660j28{_oc?gg@`!xX6AfB(V6yCJxpvXeWi zutJ*z`N5^^-$3>*rSbSv+R_q(`owSa6kR zsklA1sGr{HF&p}vT!l+^;oXITsWPgaD1U0M^y{oyyamCRNvsfhJ9O#Bh{lW?gFCUA z8AZlPG8bo4b0w-Df4@)f<_^wZV^IAcsL#+)0Cv-Rf9iB$(Zupx4C@9@>pG};Tz zjnmqtx30a_z=eujT}EU>xgNe$Z^8m?z}f=x%*iJ3y0k2+;ub6uu|i%uUK^g$ULH!L zq9Rq7fN%XCe#QwgT2jF}DxXntYusy(dG_cEo7O4*#sG`LSl4sdHa@95Te#yBY$CEb zxB@qA?LxEceARi~V9`D~HlQ1|b;?EY*~1#xzXv=!p0A>9#aJC@vkvH!gT=xZ=E~z)8=e5S74U4XoWV4KXV$K*vt{72sGqDMYjJKJQHS$@UQBn5zAOb#tHWK)b$kL3 zoT4%vy_YV6>ApLU zTB)dk&_FoLZk8g@x0+hI`ikzFxGi4o)~4jRK8=2 z?k=CymgzQKINz@+niggAQn~uncNuH& z9`aj(#$I2Np?p(T2><{<07*naRF*Uk^Ty{tlK>F#Ssvf~=T~}9uK-X$ufIJHuJqg1 zg^w@u`swv=cD*L%!REkVX?-^OnGb*8UNWQ60^^b_D8deGuBcF1*?@`~XTWuoIu039 zQ@0gIMO$8bp4^k~=(V-SL6iYKI}dtId!<1Y!O!#J#viQjUVF3io`>f^#V!sOs&se7 zq$;Ocb?#cfra2_==Do+w`{lMVHfOepWZvQHk=UTd*}T=Co6+~a)1lH>FY}I(LN5oM zv-6I8%=3cIk8?2Hc%?=mjE1^GIpjMH>EK;ODq`&yBBz?ctLxsPfpf!fjWz3XUo4>W z3+EvdXwu6>KWFG?AN{<_LG55tKcO#p5*MNBmXJ*8J}JPKWW$2h0O;v#}0%{PWHp8B(Mv9VvH=TGVp5Wk$pP2 zXPZjUR}{*dySPMHe}aa9*<^UZ=ZNzHds$DtdKsbR2xA9^}N# zW!Aa53&69pp%Vp(c?i;{nDK{OAN`JaAJXqdn0pzcv96W2QSVtVr7KI{CPPV;6 zGGx3SCBw(ok?q%+0|SKjKhbd;xAB!Q?I9Bvd+RoeM*<-b5B028}3%`DC~SGt_>oLZSMxdva{Q@&$8XY;

%m#004vdDC%r{JYgf+=vIq(tE9 zx7sO)d;zqrZ*w3bu!v8&4+4%65Txh(&^?<>ia;yEm zx&KT)CScModzQi4>!a<#0cL3*IH!^6NA6D>$Jw#asiQMm@^|UlnRWe*zh9Y4g9^2; zs13a}8iQ9k-C_$O=9sZ7l}yEqyn0pE6zN1^m?|R6I^8zIIb$&ND`jy^5#ZW6zU*vf zP9{L-TxYy+s9RUhMD#bler4QZyyVDUzZ{dxS(oE8iS-!|PVfiIAoR0G92~J1m>p&7 z`^hJH_t`zB?>qennI{g?OwWif6RZr7{3&S!@6hwBH&tot1YazzvQt@`!x#IQHG1P2 zs&>LN9O}~557zb9@jhjQ2Ndc^z|+p69X!|Ow4H8ljQ8#HG&s8PoP1?`$l%RW4DW^- z=3?$xf2f`MW2pdJ{c0Y3pz6&g7p|<%Q@TFhkBQpe95{^j<7QV z87avRxA@HM!6msq2M?ZS3pUxv@g-<(bDj3S!N&Nfm2gXLH9I@`v66oll<3YGmsw@9 zFY*f6hXM2!`@Ro-$Ibxzp7D6|KUjsb^#z|Uow=sJGsuA)|?Y(h#TLnEis4We2qA4 ze#vLLU)?P2S>Ayh$AGc6GNAFc5&fw596c)d0+bl1+=ltTZcN-;&%AB8IKstOa$=KvgR?eL?~%DvbL^Ch;(_4sGqs0hA4A1 zLJIMkbC}sfcV7l4#&#bWUUq-J^|vuoW86U$mCXG8lvb%OP)5*^PG= z9I%6MMYEwEz3~rydNZD{_$txI_tomx|JMfPA>bgVC*=E&0FY54fQ+L|dwBHd+5y$w zX1jk2o*(}=yE(BpZb2_LW)hd)9P;PYV<<+#$_6bShV|w z(GaQSYY_xsk9d=d*?P6L-jc4piN-OItTW!+u#K0XPs%ndx$#yM8J(sSUHRh@KG`qptFD5pe*h+ zI!i!)YaP3Pv*+=%#g{yICgJbFc=t{GZF8}CBwh_i-o<++eY*D(cuRg{ue^Vw@!a<} zpJCtI`r!@_-|qgc_r38GYfOIMeY~{>M<*Y7pUu_2uO9BrzE010%^D^40SO2z0uSN@qp0CugN1>PBZ&0eE7uMnC z_~E&2zGKhj=VQ~$<^w+FFG-j=xOp)2p0Kq(``hD7+n$|Rzro+#%ECvMrT@CkY;L?Epx|Ommo99Z3lP5l`SbI~mNqT~4a(#*SnXj$$cIYj6 z$8Ejd=6LQ|N%+|xAG&Wh9uj*eF$v?>7IC~rY0SByux2QgF-k{r+_vy*f_7#Ww95Hz zC7m`l5(fXoy&wO@n~U-5wS`5^Gu|}kz$gxsRg-(j_L-X{a0q^F<3+ZQm&ALXhxgLz zY#ms>tg-e{{Q-FIg7@#nyE!bAc#p+#6fE|rkBpt6Yle5=V2VNvymKyY;+^uZ@xYQM z2HW)V-*oCFGI#wORl4hmT7B<-sptD~VMlfR@y6?Cjm*_(+S|9@EB`t=@jkFScjDp3 z&$`jO9{(3Nc5L#+!P^H-{%-ri=IaoXeA8ZS_wpYZoW5u#5%dju;yb65KR=`S zXI|Bn_F4^*DV~XAG<5|<*UlG19sI?unsUSbNTq5U_v))p9#*}7KvS>$Odnk6qX%ya zhUW^hF!t-7N6PgtzkX8pR2CuAzO7jIxQ3B|&-Dj&{gs5l(Vpm>J!G1dwy2=_KHYmT zsIvXz=mQI6k&~T)vnIgL()5^m-+xhk?`G&_kiAV@sOUN)a;zhbON0Ot1KlDydrwea0}oGlmb7ghT_`Hob3;m*h+IaB!SsTyjh4aPe#TU<0 zV53?Mdz$q1ryA%r)Th=Tyr7GnWVX+zDjcC4k~^!-*+3wIt;P7eAEPOJuVL@b`z~}$ z>HUQd-)HiGcP`k&jC?8AM;7kt%9<82z^xFhp$J zIt&bPJiYc-h@c8eeWnly7b75`gACXnpDw@UvAL1D{8fJtxxa#;hVbF zKSw$I6s<5X3oKY)C99VqeDFJ~KH}!d8kSl6jpmu0k2a8Nle8Jm~TVvbFu^ zc&`1M{J@RnJ!^9xChl{8y9wFD_}O-uq0i3zSd75v`A)UH*Q@Sx<_zS)W@kVy0L)u* zLE>H)(8a?tiU``>bC6Q40qvhVr*qc^^}qcDJJmF$YctH0XLRai)U6twrV}7%&K5Tw zSy=D(sQc`#$J?565^na6TeSBPYuyR&Ex>HT!+qcTx_#>4=yVl+--L@jlMiiQGxrUG z^_I!-Stcuxt>^S&;|cD^zG~myb~$)*Z!CuVHs7JvcY4%y=Em#Wc3a|Cd!Q#nC;8y+ zdG5Z)*5>AroJV3#?mqiq^T%7(&ilR3?JLRgHox_e_w9Vj?fBVRxac$zk-b()1 zXLhz@SdZY;TrxVL#G!?@#gg!|uOxp@zVcom)r^W%D`-2f(Vi=mWiD1~pjwZAt3hA; zmlc{~W3TdPC%5v=n_h|eCh@&{o-UAY_sxlU*vlp!jNTm{BHlU@dOaq{Pkhr-864seZmnPoUvuZHYn#ghd^f+HSjX+t+19w5`-x{H?`H&Wkj;VY6MlGm>#(!0*!LVW zX8z_>V}H6IY*yGJz3C=rZ}}M@#X6K?YjJStFteqq6Dt9M`P|gHo!m6g*%OF zb3y!m!`*8OHLpF3@f9kktWXCJm#VrfODQnE0D_?@6DI6L#NkV1UVMH?p-Hl7=-DwJ zX5n@K-S#?cJPu)ewSFIEJ1Povz{V@}#tXt|?0L)c2%$Y48Xlk4P&m~&TR8odm7lGW zhFWE$rsJGhP!@tw`JNKx7v&J0$0{Pk1+GnM0)z9_cIt~xl2-4dXHjV(wfpIbM1*TG zkzm2-GW}@~fH8y*bk4F7Nt-q23dpp}BaNN&G`LhH=D7tIpCUNDHdg6@VKu!cW_5KC zaW9Q1sY4B_svvsnmg4~v1RLvll2?+c<|CQP%1YDhNE%Q|RULIr^KubXfXx~L`ob8! zqi{@hk)j#K>fs4p-~hv@DWU0jq|=-sg~xIdS#(uu>V_z?=Ww}`4(xtlZkbal1u80~ zWZzyQAu%6Ah!9O&qks%_FvPlz1 zz%r+mMef)UV}xQ6^A>H9ZV@4NP%^DJo5|*xM%f^5o<@_vgt@s$9~AH?j<~d3DZQY8 zNX;zy!yQ@}K|t&t(0oT&exd?=w&BuZ~Lqp(icnP|Wm_v2fqc)#;qhA<@%LHNTsgzGim}W}5WTvNU zW(4?AhpfJa%&;7wX!No;=jdfP1igf!TC$!@C@on9MJjKiCmH*_Dw~oNID#yi*4AXW zTAG{E1oIrWd4@5@1&E?AC@(Q7}gq{0Jh@?<#PqEYyDBQfXNx+u#zOorK;PkM9o|Tr3E{Kx*`|N!J+kffZB- zT|+Nv9$gcA0{0@y!A_J-oNS}()Iycet86dzlQUvV3Uxx)lh8FG$Lr29k%Y4w(9vfA z`ph8Gzy(elyxB)7&{Yci2zN9@0AC?ZJuR2I!+TrkIaEP!lw2J+Sg7W#Ql+P4>E6#j ztm;E^x`)iE75bS3=)E=!zd7HtpgDTvuq*_%HLW73#St`vE18-Ik&cT2CzW-xg5<=u zz4D$Z@kA$C?f!x)`1PR@dS_(1!zI9dMo=3or25ihZU}zVI^y->GWxS9sOTE~Bl3$> zx_>`C;^>)_Pll$IBLsMH_OFj#K10m&9P^x?C*qld&F3S^+fRfh_&Wq2tSHW)j~5CQ zGcz28XXwWTzqav)7NJdR0$Wl_gsev|h51Q(S$FgjUZK1U^pcvMNyIJ~T?uKtuUjLO zUz`qB!3Q!`pS7LNw%=FIeHq?;tCQR4%%@e#e!1Qt5TVVpyy!;rY}XJDe530PzHiQ^ zLVBJwAIVS}nRUi@(}T8;(v`zLvaGSSg&DVxhA?z?Pa-TL4R1g9oMDB1m6A=QTWzx{ zYKv7tn)UkFu-fTka+MM^EA&UpBs!|1u|*|?1By{vLiqQQDd&MOu5G8Ua3T6;aRCq^ch1G^X=1Hyp6f`Q2uHy<5S?B01wBYz>bd88;YUme%zb5dP$~iU*AIv23 z(D-0ZHj!coFKdg_WE8L;zEM1_JZ0yUJ;SJ2G3IC+Xl}agm)VJ!nS4X*i+a9maZ09w5>zKtxam=V}`3H@dVe zs380^mGVV?;O@i0?`hkc4BNo;F)x!pJb5BHUMhwngLIN#ry>tP0Z#65l7+1s3sMsA znI+&Iqfu5CbDs;L6dK-#v@p1Z_W<)YoZC-fRVlryYE=ebDWt!g=zF;sUeGwbfJ}~@ zC-ODE4ez!fCr=okhsNXdrbt=OMlM}p-&#*Ygl1mOVUtJb7YkU^h>KoK`uT;*_>ZiDc8uld?q63#fE>-1@ft z#{3e!u?j0ZxEQ}JFt{Z4!#KT825mn87e@@v`C#Z^AH}m(On;W9!<1K{hve)?igMuV z^|fir%Cvn;2^;i)dF0&zWc}VLjKr?j5%)W|u=nbVwg2ua_yll4K1)S+FgjeIyxl~1 zClP{+8U-$vOkH1-k>tKMs!3Qo;vqJ2VnG2|c0xCEJpDQFJw{9_JG%Tf+z zWGbVyQbk1T?kDm-eLSSsuZ`=>g<*9MlbM&9p={1xe-82n{S5-Ot2)?_N-v#=MwTe` zwTQ#kJg1)U1e~CKqAm+F)|Ew1S3ji&d)vp<*B#OdpIPLk!6c56VvRm+QPvY*n}hF^ zv#$fHh^8wGxgiH-*3H#`_)l>`q%Ld6pCdR<#ufuwL#7nvl!_Wl*hf_= z$VyD#O|_w^<3!%%0B%qy)xE^k4;%2oyI#AfX|8f?EqsS7sGo-WGaEoo2N`)GoaN;3q6840^3yZgNHOmB4Kq2JoR^~MWQCLg(+d;Azx z9O5`X1ITe{1P>LJ7i%9pCdzr-Ha@0-u2BumGafYM=Ww#DTGKBqtKIa}KzbUo=eGM6 zz552cZ+xF+iFuLEwuy~LY+d%}jb-?)@9h4~b7aJoR**-(%{}y3&Qk?;g@LglU7cQ4 z7y5oQ4@tt#Px?@-BfBgb)8T!r9GaY^-xk5L%d7Nb9-GqW;EcwxCHPH#A=t(X1WN2> zH(#6c&Ux>cQ({d4>@8{ZPbyBpa|6A(jWYj(-D4VB;P514!h@#;qZmv)xS*!(2Fs4e z@BU+xK7u()qpwSOZKn1%1n8lL1Mc#KrorQ?3;r^AlhImTp{hN#%AzNqKh#N&S4!E= z1<+ES|hCo5Hwo9^g3g$c1Ev@kKOvFVa?GD0Z7h0B( z*)=TlFhEvnSzWp7=~G6}^gMExZaUsBrtRb&Wb>TTYUJ|0s-&l99a+X1$SfN+4|u=z z((0g>))nieWtD8ugRLK0d1JHFGb`asm|8r(WalkwnV%SfFLkS*p3W01*n&!`$#_A} z$w3dw%F&5?OH_&eSX8}7v9CzY^vaw>7L2aXVNbO2W*Lu?nnY^`$j&dVWqtc=96a6n zA_T53E_m?l*#^(V`b_FG{wNC^q&Hn@3w#iMU66$wYy6sd8Xue=XP&*?8lX4i_);2Y z9r^~nN-G*O)Ie{j7;Pfv#!}#)8LF*D52SaTIj2`?LRTwO)9s z^w5Lv9^Ah*p4UTI?KSTh3(R|L5{MgUE5T?M_P44$;-FnR%=bB;deJo>cnL!Su~ z5F~2wRWxvJ?zizgcqZ2u;p|-svA!|uWk`uSJO7}Ug7RwUrAZa&H+GJhozHB@ zmeuL-06!Z84}-I-&EG_Ui%9-zjcV|(m?qqXZ4>S_YLmAdMcvzjGZ`bgk zxiO$9SUSsg~u;c?BpE=O6E5?@hxFmSVOl)AJqPZnWZ$8sP??CC>L0 z&UZv{O6!6*plIXSc^hOr%jogOv-=bJN)n#?%eDWG3Ki~#=jZ@g!aW+~{4jVL-pwhv zfqrCsB)1$M+PFtm*uiUa;4_>fmbvR+n^A<`iLHZk1Y=PBg5Y&mQH}kcLN$R3v?ZP)Q(__3;29;l!~PKAotM@DDCB%O`+ zJGczYt}8?--zc~SG^BtXxv#qcqS7pd*S?Oe;bN2f;u=6cWsk?7h?OjwE z!?ve1=ptT-u3f1*>`Mm^&`&l!==z?eVPj86M_!xip-);n8N5;T&89oCDG2P!8>&>> zKo9kzJmtd=*2A-!f@hAj4N*yLf+`INN(H&lqa9@bJeTQ3x4zgEmN{c}LesPARJref zzW(jQdiYqGG9Z8;4BDkcni$HVxi&Sd<G(L={dmBCoR9D+>M^gx?hUzpchXD0QNuDB);%&azRCK0lSA3CMV!V*R4 zTTq^zqGMk=ruuzEBC?OtR;CqL>d?ir*Y#hfuV^0U+9Co@PC+a8eRuA3VqQi`5J(Apb=i2m-jQ8$zay%Q2iN`W2b4O_#GMB#i?Hbiq z6{+J51b|qs9=ShX^>ql}q=tsa=pA*Q+Tmx{_5JrS_+b$Brfkd#TpB)k!+xAmhs|q} zqgxM}fH@@+OSFN#?}L9Q=x5cd=3tAy^K^r1{8PI4-=EXz4`%fCtQk^yp3&+qG`sO= z{%S(l8pene#OL%ZN}X}=N6B_FXP_I$=8?RZk6ji`;pWM6(Y?I6*k>?F%Q~?6+vOB% zH*ZUYhLIwK=4Yf}BwBZZY&uSxlmh0*fo+GT&wjvV9HVAVA-%Ak_?+&eSJmOH4V5@N zOz8R1c*UOiH?p<0AjJ7b-J5o6zE&o%bn4EKffQ}*8y!a#oQQB~7${p+<69c{{! zTI!XaN{Nn%OGGHgb$aHo((}so$bQUFbJunG#UHWGN&T#ga*T7C4lX5?`}KvVfXkf- z!rS3u;{lg9&Q9y61{VwO-n=||v44$Tj129^qdkLPl2!ns_tnH_(6v94vXl*~JKUnD zpT>b18Q1y$23?<>)jO1ATSKsObnV7UAi?b+JCdPKki*l#yYWd!q`a`RlnS$al=9=>F&p==_ zIz!pcL`g9tfZz53&)I!>Yi3@0z zBM5X0IE38ZXALF*<`kCd;6snIFZSv2`VH0PeV6s2`zEhC zI(x(D%*Lh0bViQB#hd5d`#iX8&a?9}^PJS{=ce_KJpqJwl)+dT29!#D`RQsE=dq7o zr`!Tg$VVS2P!-L`BRK8D!zjh)U(qklbm-4cW6TYk-~?SHP~=J?0@tic6hU}?4a#;# z`x(vjqJR=bHe*UFJhGHtB8MKN*U269)PY`VauKe;b1W;arl(rA=w%T+44u=<@3&GS ziXJ*dUV6f7f?hD7T3HC=OGYn7pC6_cBU5vhaE?PS2A75-2lSoq9n#4?G<)4fFDqpJ z&0c(2uRt$DGmBa@dZC9?a(%n$@K%4@UU76r6W~J+(<|`KW<6fFq3S%8Dl-~c&nS9J zy!5`;GinY4xos=U;59mHIC?RkF9(gcdl@$s64Yg|m{Jlc$_x~6CEiYOrIO822)B-5(*?Bm+ zh<=$SU||+RVkSo7g?zGj!JVBccDBSZ$ceiBg=LMd*Vw&Bs&yc9ot{XG7zW36`ORzk z>3=2?x^+qY$Q`(}JeCB03>N_$+8NnRYGi%iv-LH5y=#IN5e>|&Y?<|HTmv8BtFP*n zvum!$i}ix~Soqi+FB`l!so|J6-ifALjQ0UG@uyJwmcYXe?n^VEA#6_&;du4MkbZG~ zPS5n>C?IeFTQh5gZ!xyLZ1K+oCo`JheXl$W_`D&--ioqzea`dTLwPZ^EqOi|)E%$n zJukQ>xjXFD``zBRJ|Nl16FCGVOcOvbOKF=7@V;~-ywj_yh#ou-{R%zi4kvn5rIA4v z8~1uu{V{kaGJg;mD2aDBl9MOcwJTpnaib?Ib92{*$QTS7YhV2c9 z^e>)1rIY*Vqll88&6yHoKa97Y)wLHU^y-CqJ==%<7rn)ibaJ^no_dQvY@TKy_Qs-z7rn6#WUSH~Ymri!W4iDvy|D}~UCSC|Kg1BA z+}gOuw^8BA6TewQKu|vNZaU?8*|*3qWd!7`lc^sbK+j;`zHqu%e{sg>5@pRuhtgI4 zNV%%0@&A=yJEc1@Ae3&x#jmmJXLRlPalLYJUe5s+D)GAgZnICy4Q@pM%O2;@V7!vw zH?yei%bS;X_WJ|ur`%@kJ=vn)da7C(<2^e4UuSgs+Ja6~a?1=wwh#O%$Y^nzgLk*; zxuH%1+t}AA>W6T4?Ss*!0|z&*J>P*6s9+RH#W7jXQi%c|RMB*&rn`Fu%Tnt^E_^7i z?0U|m<27okuT}OMXEJhGV@rxU=W!TxW7I^3^JVZ%6IAWdYsRm#RNYvmM;{`PV`WrV ze@;2fHcC(NnejB+4nBBJ(5#U@j6dmwCnp#0N++6&RI;>&Lyq7TXkhH>`?~tVm|linp6^c~ zyBf9UN_iXaM8Q_d>%?!lHKJ!JLqSxNTRja~B>H6lm@>bw_mL541w;TR5kJoY5%+US(t<&rqQx6Brnc+eE!K0Gpt^^>huGTn5iHgC}qa zSkRAyCo*Lo0mCqy_-=T5!#P~sdXR13aK=!^!%&!!w@-&pRq8jtmZRx2oqDEcR+na$ zG=zO9YT45mEvs4%>vKM-M&ggg4A?tDG?OaJ5%W2g-Exi^m8|%u^P|(zLY^ zY+!AA;l-=^^Pvu1oghF79kZ-qzdrl*&+4w`V(q1DWgb0tmR3h}`nikx*`Iu%^OOo7 z!N9y>jLj~4aX9e+6$G!j$e-!-T%V+ulLg6U$#Q>1l%hTHxi9I#BNckIhMt=kQW1G6#ot9Qt@EyzRy)14 z!UXOLS*5Uw??3)4I(4vA4_23m?Fy!DiC%#W#WHn4Up@e`P4Byo!3=!S^3H zSf&T~eqkoMnK>sKF=+qxAp(mmJQ-)J_3r9Fr@#3Hz2a;CeFyd1Pwi7nV!R-9Ww6M|Ch$}f3ZdH}ZMv#3F|s8Mo}YX2G1miX zFE*Rp44i)}BYO8AJ$POiUD4=vc!ENQc^kw)j(ft*xE-==7w-)$knS(>;>E~>CxU#5MhnS~L-bjhhjGofz z6 zG`FCXtfB)tddkB?6D0v%ufHT7a;$FzrCbdUz!Bfer@NpfJ6G*;@)F2_E4cL~-}lZx zcPf6mu@ZNCr+9Ka*qj}}_J4vFogQcBkh|<$=Q9F^U&~c{C?!KC- z=7Ai1CYV;Oy+`lVw+t?pNWpnz0k-R8k`I3HsxH4gqUWxx=(S-)b~cOg{qp7pop|hF zrQT{^|d*puWUqzwF*Q_BVzS4E)hZKEipK_R{F{ z=#gUOF0VXx;(b1i^DK)n1&PlHpfYhce7Wv0>;r8 zNX)6KRPzISb>wil3RcH7b#Yh|j2Dh$;LfU0CK&~#M-J(34)lTbVVxloFto(xKmbpp zr&48YwQ5r_X0FdGJUE~WV`DHqGDmV!RZ~|je}#0sWdJYyjLu9Fu}m)t>sfRW*VGjK z4;rgebm%Vnj`%O#?AJA1I$uqOZb}JsP<_ zrJu49QYh`w7hcpX!osEZ-`7Y1QL|l?SGZv>FH5UphAesrFc3Jf z^Fo1g(c!DsR|=yjSra}YMe`}cm>F5q5{kq;#FtD{b~oE0g0UsKzI~pn3e3)_Z;|K^ z4qG?Re4-tg=ja%l%c7IB$SSF>Q)yX&8Vh}@t}a($GX{^s6qUvf;m9o2H?r0=JdaRG z+VC=P8ENa)&?u3Ululeu^bpFRM)(wck(z3Q^q$F79=)n^p{*=uKuF?!YnjZ}DbIFz zJL9H%<@XPNm77d?;`1@aO2Ic~&Kt zp%+S9S(M>A5qY6rQt*8^RC{SgpH7w;0z(|bj4!Lq)#WWa(xRhepIswj2>#1KK_*~H zfm)8mRYzt*Tidi~QKp=hMhx;%9U>BHnZtEtxmv00ow8yWIgz759A9a`rTQM~&F{_D zT1PjAm;qhi4VV2}a9JjDYmEaTip9xlcn@6->BkYOVo%Mgf0-76>*Kog&U+fpB@>5; z?ooP`Eu&09#!eq_uwyQcu31xNej#*C_8o`dIN6K&2uVA9?VI#TMjqo0Ukm9cj2C0P z0XN=+E;8Pb8;@+A5K(;yTYly@HPEeg>c|HNQ#3}FPIWVD=8&H13~3%mVc4QZR%eL1 z#;`pQb_cO@^e6XK;x(yw-yHA8KcN*Amz=U<)t_wAfxTqCjZuStrd#6}Xe?VJ-5kbq zV_NJb3S)w@SuRQzUeBB|+1~}w-@ZdFdbq_;RM4>6uFvYah0>aXZDmG&=6Q({Y0C&* zs4_(S!?!A{)bik79VN;u7pKGc1f$w^(KJj=x%cv~ipXo#hurc{m7b1Jz+v{)1iF#-S- zW-NlE6yaqZr+sFoYWBgq3s64k^*7NoiGtuow%ZpYM72-!cd3nYAut$JGZCfLO`LgT z{!AOaU@SCxi4uU};ejYbt2w-#SZzS}!`NC-JWzbilRpp&#BV4@>Uh%tWU?Ou{cE*aeF@*aMTw^!w-|e)z{Xp z6tcF*F&gb@3Tp51Y~@u_haCK6a!wd^B(HdkeH1l$10Hx^vySbfr`9CTo9&}V1nYxG z`N?RlD@xO`!X?c`X7xVh>aLP4X{Cs6A0OVBHlCF#%d4(tycRcJs*N|($C_vsj*#t* zm+FnTKErs6;DfB(Mfx}rF?rxo_R#?Z_UQqQ&h> z&)rZVcyG?G(s%Na*>I4gBTp<$hCIBFlYvg=&Z6~z0`EaG-^Vc=?rAo>=QzCQB=Eis z?K_udo7K)4_ha;N^UEAUmW7{-+*8?7qsC^&zTAc_ty`CobK^1Veu(l+AE3OWEy!yr zsvVnDHxaBG=6JH9ZvOa>{>07GP4yQ1g|%2IBqCmyTn{g=HeGFF#FOsj4agSd(?~(!{E|GgmnZtIYMQG@OX!ME@kL%!(?|1 zl9d3xXl6*~UVmHN0nWe9CH3y6PnOBkfrrV-tf{b=u`5wL(JPRJa$UBl?Y%9iTV(D! zJsMV!P2=>R2@?2cSuge-`*-{0j1R~w!3><5S9OJs4b z1AnK#ZBE4I&KfLp#jFW_oHRJ(v$HXxrc&~pjIt=suAl|luz(%-+;?gM&@BVDF!beXJ7^}tv^_!hWZpOTp*~bgEQ8= zap;>yFBY(nd&gci`;p(EmtF!zHqdMGYB}>cH}^JRB<*ce`+(1#n{nWij(i${H_nk! z(LGHGEcT`4(fK%U^T|NmysxKK?ftv%o8ms?{|KczM`Q4Lf?_bN z1_+jEBBS_7K3N9Hp_l3Zdu;+1K7wZY(4py=Z!-0$vuP@p(sHwu_9$ zEGsHUxkc=w=1R)Y;qXV+vwdWSzU1ZjJb!!RwY%|tFt;^cN@Bdu*o4G*-BZZEri)=- zSz93!ay*|h@?>xLYjyb1sonD!#mU+tQ7`pYcAw*edqPH#ZQijqOQj$GmH>qy@B zn0Ftt!`1Fx_W=tR!EHPJN}1Pnp@-R;p3-&)_I9IdB)} zU|d_R1=tx_9gGtLC(jx8-Zq$ita&92lQ9PuGU9;exlZJiK%I_!2Dls?*FLK6TF>|52?SbDHa zL^*2$sr0AK$No_jS9Q)JJUgP{%kAoiXBnJJ%Cc2jvX36ytGcJT54+2pstE^D zUgWqAr8nr;O4o5CJ@!*XI4s9C`xZ8M1&>LA; zCW{eBZdnysPmMZp=RQ4Dx2A%%euB_v`N(d7dxgie0bl8$N10VBa2dJq+7;|cBOOHk6S-XdxJHRu0bA7fl?}~wQ zAH2M{nck2O?9t(79J%yh8yJjgl;RE%ss~ucL_x5ao_BX@HmyseOXF(A=4c+1V7dhx zH-THfs;7`cmT)>^>x-ttcggmxLXN0xDpw;mzT8Wc+T|?7IHiJGXywi(=mmQ~`&C`< zz-_d|XE;bv!>I~2pcyKc^c$b%NZz5xB`5!puihGC$PebIEpDmTUerNeW*4Ti zMp+JXI(AU|mg()>->n|>=2iBlIfjhiIih!jpQQfex^})gJ`3Ip$&{-?zOE{cY4W{G zI!}h3>tjTzR$&#+gO?TGb3iTe0V+{Y{c9Q6P${K&Z@u>2Z+PJBAn2mMFNp`}j;bHE z&3<%BpEuw)q~auOh5hd8_K2) zO00Wb9W#~*kw1Ru*k&@|_REGoQ1z7(USwA5`1Ol!l4ik7FCktEeT*vPpNH*rNw) zaE&Z4l1u_$N^r5@;;`1SZFWzrKqk<1+`ODrY@l~+$gq`X$}h(j&E}s&koaDH06!-%mBD z@?|Ytxl9>uzq%=PoRx*$gFu9E541d(PWCzaA~sCZoy?>)ONEE7%dJ`+Emc3&(vBXD zk$K8KsG`p?x=A{`ZOP%psQRDhf~{=7ZnTjRcrb88*ARTG8uW!PH)&saM5BNE0+~bY zdSf!K>5Li`?LDPEM6Un-p>YK*b z0ub%%81O8jaV1Rl3y0a!V`*CIozgS^^>qMNK&ijId2vkBL`{|KKd4h*`L6bq5OrUN zVh2<2xwcB_3;GrPcz|gBJj%ae+`Owsznyh*g9^*;$O7GMx3Ix}w=MdGUd!_RtkX$WP#>?lfGss8mB$d1D~ zSDG18p>W(0b!7&e`N7L%*!cDRvpfq=@jB4~Bynr{*$L*vdpNXW2*wcvdnc&dYI)l( zV+JPNSjy(&0)4Uq7@fF(o%a&~ZQd8%m$!bkh~;!jcBEU>GR)Oa4e}XM7*`<*EAO<) zuz`sQ-O)9a@WD%No_}&?*F2xun&$?B!77fiyvjUP9==y6Pwv-~cVy^LSsD@hC>Tu2 zuOc_^eGl1saB`*Lz-n#NyFZxM+sq}*cV;K(AM_9XdJCtK*Q*M==QX-sRSxfNDL2|1 zTWkF2-wc5KU^Exm9)*>q)YolNk#Al7fAta`cNh_SWHAO#S8BBPzH0sYzuQX#$`T!X z_YJMXRJ&k8$xOeG9&77Uu!3M>Y1L%mEf!MRAfSW!gSyyuP5%ei?OjEt!zj`A|D{WFfjr&!?;pk}OjOmv&nZ_J)pMN>kewFQ7dXIkatd99 zO@3vu9{+ZuN+=`L_m?l|HF}M;p{$2v`9wC>Xy2)7{l>rBN9j7?@(yt64XX>~b{#|0 z+yL}4;?w_Q^n!D34Tm|YL7M#87|a{GrOZtfLCc~vchj}u#xl${NTD^lo-+q85yWfI zhG8yw*`77}w3466@%ldCJ4lcGNNJ)hg!=h`DZTQ?WRXz*>2Q7Up! zZmoHANmad@XMGwa5PtBSp1;8UXP(olV4f&e_ciEWJ$1MCmy;RT`yAy(X7sMr{s(Rg z?4wj*b+}-FjG1ftqo4JmgqczLsE(Z|((gV&xgs*NO4BD)5MRVei!$smXoP^Ek8qtq zv($zvALVFq5~Jkw3}WaZO42pLL@}PHgw>^&eymIIgTIed>G&hi%kMQR6T|O&-+x0_ zFOR7MfdL;RjyS7n5B{uI->0G%qI)P&`0(e*aQ4rs|JmpC0uj7MFY`pMdh~+g;phc= z2L{`-$!Bn#e{;H0ls2A#Yeu?O;s&bVChqRcDGJ52c?z*Q%PaUUBWD(^& zkuB^T^b6q|lpcPRGc3p+NLf+;#VdN}2V}|;Kx0Amp}`Kl@`G-@3Lbsn@x)_>$9f#r z)|-yKwt1xRAltW;+zP-Ss%mY0jVdEkppSiY<_YYg+ty@`G=&T5bfAw)PelbQrd5rQf1i)<_{Lt%ujZw%%A9Rl56^>5WxX=ZsOCaM?Z?B79bnNaIDP})HQ?rl2c!&<4=594<1a_<3(*$HyF~Hp=_-pZ{^V|Yd7Ip z`6-j<(vaVZTJ}@oi;`Q5oM&VGx-cCj_=huzsCnZl+tIQ$Bj$@yH=O{1qGBTG$;b|j zc+x!V?I!nZ-F>s)%rIi(S&6-wp0ir$_o?+Q@PJX?&N;l}8l&fD5)T^$gIJVo5PFFc z6qk~@q3mjmXJ?1>{2%ry*j%eq|Mosrq>QL!`ej|7$)Z>-mteI3y70k!s`SKn zn-mxr)73wJUS0I9=tf>$U5CHKYIX0g*66$c<_^`Q6#JwSeMtsli+Vwi|nK8 zZ`zq}(f#0Wqys&}Yl~tGVjs=p_zEtrQj(NsuxE_El9y+=L$ykb zcaia~QM%g3TeEn0<=Q!kRk+o@U0GHm@G`&=ofXf$}^f)|u zZnRZDfBv$*Z*aje5k-DATK*((vGGiXiL5Rt9_rKhV7@N*)hjbh@KvFo%nSAcihD4f zQuC$Nz{#ibwX2knLl(QVs!Lr&u;bv~`w(>ftwyoYb@BVpQOayq-OOukwHViOjUM<~ zoxb(ECspgGB=s9_K{HV@r3vUTO*{<-IJ1PUZ^lrO;@MrC`f0)(^(f`f&J)%=z z{IcqTwYp;;wg}{#zV@(&+b$6haGd~!BI4P|mi&4H861_GV@qsj&(=@PuB>95q9-5G zBX`#5YlqV?f?CFt0S!BWsM12v-aTxDU>e_N&$YjGT5tbdNN*DOc9#C3L+zIo8rT}| z5oG44ey5T^Wt`teO514Ceznrwc9k^j(Mja;N9xz~P~g0N@m`ny;8}vkanxs$DdYGq zSue>RWkD-52{I=M&YT&+$z>07e94}No|#dn?9zk!%r95yH@-|J!A6dbzx%c>_qOT` zrKjJC6q7|pwl6a8lfP9(Fkg?}{lm9#oG+*kcw&*Fmu7N2)=R}Z^2S*onM!@v$OI_D zmQc<8^?LGmsyGY1^?7oZO~&L1E&><>z^&zg^*+5(s^jRPbKNfz2umqYGBj2w&lO%M(w?j-)#P>Pr{`PsAIKn^GaF#t5k2-` zw!ZTKnG2N*Dhq}*jouWE=8(x;&NHi(Gs1X(`@Amn&C&CXEG+^V)3Ey>Ot|yGc)aWN zZuU}}?`>Y5JkOU|U(iR;o2~Dgv`WEQa_NUJ=qwK7cUj-UViDC$s`Z&~HUQ^JGBe3O z0!XO@@c4rZ8fv>hpz>9(2b8}`k8xIfgYQitC+wydCJn)uBaq-UvcDhuJnI{xiWTrY z-#5?tGF=GGrPQxzek%|LGldQu@4)vv_@_gsk%#edgPB`o?eEtvX5o z9)9B;_ybjwQft(5s2Mt|RT>%f7ykMMo#`gKKvf9-D7<8wIt`a77US2aS#tkOLPb@$_6 z(r0THbdS#Hxi@?CAE^v5OWE>FGLMopWICMNM*-~fF`S<*73{w%W%gayIq-0n!0$UBw}u{UpZz(Hh)qEL4;*B z%FkX`+3FRw;Z%L;QbbotIEmvd+IKf=|4O}9&v)sAKY9;`pTULmW4Q$TON}1?UY)-B z^gXIyfzDok4_l@=#E^T?TUR-c%3IPnkEC~gaZP{u_hg-Mo^4Ro?7$j2hti^VA5Qr2goDI!7_$WMkOMLSe^~XxR^`QEItU_c=neeJ~4UCT*vn zd9%eh#|R9}qMOo*XvxEH-;%MUvZavT>KoIWZ7AenBNA$rhT>*<@6m2;5LISsDl`@1E0SNvbNRi3*zo@tpm!C<^8b zbu=+x2g39$swk%OOV^@M>-arQD%1qPRXb&Nu&lqgImEq8*{ z*%*<6LCff&56K1*96@@SL@@%cK?rf0wAy$R^OhKNxJ6JF}_)ZIq9)Q+=58!2;CIB2)#*605Zdlr5f77zRI(B z;Q)iVP}a*eVB4Gk-!);8Y^ilJ-zNLxdg)IT`njk@d1j#?N3! z90O&lLO8O_nGl;PdulyL_T*DoL2~I|9XxVYa=!G5~z2jsJWh(}~jF)9-jvhJ%#R+<0 z53X{^S--ltFAu{8y%d;i84d$W;f_(lBSy*417xh!Rxsz)St6V`1Q>1sBDKRY5GHMZ zDx_;e^z;Cbhkay4;gB4?KCI56n8xt(7Zmb5_(KrGhozuq6nk)K&WWq+e&A9;_7ldL zc}gC}3@*nibg;2Tf$0H8p%Zap`CBmIl*V4i?RTKH& zhhZm1M3f(+#6l>9@<*mrQL2tm1AcLJUh~(6;M)O>RW4Ja4_I1yzZvK)1JURV1#R=b z;^cjEn#UR3ITF-3_mxm0G@c2a<>1V(sX{qno~dL8GtZZLCiGT2(e^7gPaGtavmB@( zB4uumngZqCJPT2lW*{RBP=5akCGyDrywvOXZciWkh_Y$%dH8N+8njODvSOlO;h_Z} zk60n+yfougkSMIQ{04edPzyYLMj7D=JwLvz3lr=&_P1wnuqYdv=0Y!VN-zbM=^-;| zJqai*M&#y9h^XaZ`k+|^Fk_g((;^;S?}bl6FQm*NT#^-m5in3xK~KEnWc{X-5jvo= zeG^3OvByx@1N5i!Bkcu<^kF-FO!`a+GG=&*lJS5eaS#38s!MPfgXg~M)CnITLvu7q zXI`01XBbAnOrbnTMrjo_oWWnp0+IJ4da-+4Z$oE&3H+^d#1B-Zstf$p`wV}nWZrTw z__KXs_*ConUzFC_O(Uy&T5K= z7&l1vF0I&9rYRgS%k+>W8xQ`Ig0nu9r%bF`!Pud_7_wc6I_^Rl z&#bB<`ZQnr$X1Ghho6IociQ1A2JUJYs)q_qwz5@@f1P{z7l5&;o>#$lnewWAJ{q#X1JOIMMYVqE7+@Ru<-&Cw$4t$#xEIqfdwj%0-@7M%f(3 zuolrXKOLpA!MM7pKGBCf0SVq1=5F~nhrxE>SlOF2&g_^))sNG+)f_30Jx2e%O5IaF z&pw`FFJ2*Fs7BNIP0Az?EepfJ=F=0u#Bq{Y1Z*ZHp{tLP(N-O%U&}M1dTNigh|P-vWK7-6#quxyhv{lf2>3&=!3JD=<-E+l{J+HH9SN) zBLZ*M;pt(52rCMz>49;FvT{2)H_6oQrz%7rv;_R^+%#Rw&v+0YKgehBkEQMR<#cMj zYmob>4zS}sGLP)MWe>Shu{aC;{sMx|@^!GDpbL!2=KPNmsUFC!(MitKO7{5}y}WXe zlTz8|KKOhFP5LS-(BsMeSeifw>*_;~PgnMQ0aYo;7Og~9M0dC7+DZCLSQ+)y5_GpR z)&*Sh3UXBXFmM^4QxiQl7ctcNiG08FWEF5J*E|&vno1~5O6KYixQ!t9x_t!ETXyIc z{>U(dHf$exeTMA}*iN6oh!Zk~zPz@CT+q6qpZ#Q*>~aFUMhW(zq$WqlhlnapwSbuI z+uh@#&);x7JEOU0ew>&BB+SoW>j>^*_*Dfexp(k(f2AuZ^JfvjkU6m zH!v3X$g;8CUftXmywQD6RwV8t`^xScvZ!Ua+{ZPFvCQPZ{OeYcO`xFKJ*&)syocU9acjxGL7&R7KfKHsut(oSKRQ8XhB) zi}O8>oJQ!5m*F=@ruiVjRzvifWj%iM6JKi&{Nw|&fF@Kt4!wr$d?Ns34c&n(?Kn}% z)Lo(17UifRWZ3XddC=K4IEOH}&kgsfD}6z4g@Y+g0^g7ANvn zz)#?H+c^3a_6_6f@R*HN_5$S$;}}lec+-?A9$`P(&}E!}%)l z4{GW%XRTGI8JtyQ4(APg$ORT4Y$kh@S)hf<*5tII6BMFf<>>$c;kkU*dQe7FG4SVC z>jatkWn{@LXHcG!Gt7@Xuz(#XhUtlpTEK(K5v*njdyUt7ZB`RF#jN^^^_WYJ2TL>V zK(-`hfyss>K9EwBcK?d&-Dox)#~zaB9QF*OmsEIs7CgF?5?uSS3ymVTp6-~SbTgS> zc&06ob7LW{-h(;n4mVSAg#f1F6qV<%s~z3Pg2sLRB~69Uht45~TrykMoP0zO`c{xb z4yS6VARpUP94;Ka&a4gz6%i7S*tpur+ z7If=Npv2+jR{yX*V}_}@xs)oS$0?-&_xZ?FfnUByWu3F#(`34$v@BxpA`^U)o;u3} z4@Q}z4Z{n!Q#u!Tt~r?scoLA2glCk4^~Tcy_N*_$`M12ez7tB_w!X<5tq;Cy_=|ET z`2*OTu-6&A-3Yo?@!>N7d%|MJfM-GIkEuh zzlp(pY^F)G(GuljM6W9iQ2vcIk_cm9x*gu=@mX|T?7C^314TF+4m8!cM2M2%W$YGV z4WS<{;aExam*_qmTYIWY2pXZEUy+||Zi0o7Jxhu+wU4au0qE?#j*!mw&`Z$a0S$>v z;>kIB#j+p0vVJV>Q(k5dG5#A)o_}UT0;U%DvCQ7JQqR_6$H{No&)ZKp?oG#|Jl)oK zwto%o7KjZzv&)@4Vem|0KBXhes)B!;JtMq|eI!^yiv*mn)%5Z!p_%}WpZ-v~#^UH- zC1u)wI8TLwmn}9xj1bX|iL7IH_N%o)d76#*7Kz2g+pMj5cW3#G-pElHGQ7w!B3v83NKlAN8 z%GyvSRRhA4<9rq+DF%mY9yYN`fWO)63;K`7P8u){cm!mD{y;VK3$wN(2l#0KKg z*}!y66ATSx86R6Ewy-&}>V}5wJPK*lN(U~Id3UvgWP>7A#(R}dkGWyW*~U3jEc1V3 zm1=f{F)Gwd<8v8Oymwk>dM7nJfKP%9u@thpV{v3P_N?;(prfyb>1#+J5g7$k!${NQ zbRoKM0pG#jfnJn?4rcK1xG*pO4A(Ztl?`OqZWhJ+987k!IKvi3m=!BIfx**iI_Kd8 zS)=q(FcZTHjMvidd>H66iOl!ou;MfTq3*%A^^Y~u3t}M8CyF$uI!A@{Yx2!eZ=Ie{ z?IuuUc~V&6Y-deLCR$n zVD#yJ@8{}+WBX7%Vkl@9ZbxCu~5hA>om7E$;4|0C|b-y^-QJI_<7fShw`0NnsO z2R6xWlHJUtNGe#tHZ9w-t$A!&9(#5jW}p3OpJ#vDKVWvA-L*7MBUv7MWJ$KfC{kjR z&CWR^=bTXp1)#!yzW1#H&_H*S-A&KDWCMk&df$8Rx#ymH?g`%$ViGtic_i2{0%a&^ z!&afd1r7t)&KzB`b2$W2c4Zkun@1NJ;4tW5ly-EX9Z68tXbNKOceQJ1FN+lLblO9v zxb`-ajr(9wrS%4aM08My?aVt}cK-O7EfLKh#N!o*DbvV8T0{^;@Hl64a3l~C&n#n* z1Yv%#cdBNoyS&35{owGU_S_**-}OFDenK^PqWmY`=LDHudFYTOaiis98i1+`V{O6T^D@@X*4!V4+{?2p(?xnxC-_Q*WdyS>xs0P!@tuG$4Dr-JHU&Hqt)+2MB z){9f``z@ZpO7XS$Lo{C_`3C+>^2fc}OF)AFifJM(C0A4vgo3Fso-pRKbF(dvti%X1 zi`HCYYVUsJrpEwYFJ#{h7~y)oNbcZ%0nQWp5q7ZvXc&Hf=Vs zGz@u&CEC=a0$&)fLXM;GRgv|Awf_v+9_KDkz!7Ayl5vvaKlM{^Z*pV?naBd7T5`%s z(eG=w@F2#Qu{f#yzz6}6B!lz{ktp+Hg=B|P>^m2SG7425N*=Adi1cXZfXxh0%o6_d z!!N!dFor;DoIC@>4jD1=QuqbUBGGFL@LWDl*6GA$fA-h`L+{?nrRAJUK)#l2`q&v z#b+>-c!T{l;R9P8MIf7g2O)fbiOS&F**M??VH#1NJ_CNi(&zYP76{dAmuKLY9roN8 zf7M=IY_lV$-nKW6-?aY>zl@KHUs!9Bp^WW*`BS?kcOh402&@9S3O=ixqh{r(ow^90 zU76&$$Q814Z{sugN6z995D zXY!Z`?KeJ*g#pbUmbH^_bldq$zzmRK5uiwYocT+`5WIl1E^o`Q9XajgkrD_7%~Ic2NS%j}b6c zYYZLUUCCeGAIW!Qa8N*t>Z6ey3}1M)Gjhll^MgShKu5@8?zN9AQzKgkU8hgn|9ogJ zFm*(S@(!)OWfaKvVT9Vo*wo~w1F5HZ%g_*(TMQat43r}&xg>bjF2;y!qgA25^W zX!xY|Bzk=|KQ&@qr+;oeWYfOKe3UlswQWzmVh1Xs_M-2EwYT>oKY^AQTP6b)IVkzY zyvLIBE-ZZqhXPcQt5xM{K=EuQTsqUkUpxaHM#k_=pd+*L3Ec7#72e!n2mYiH{co*WIWXoif{ucbmsh&gUVZEt%g3p@W8i%|efFmPKgT94xW(+~ z*QoVG;E;n6r3sCknfJI5-Pwl`x45{}4j-tn#$dm7o*p540|+-A<}rMDdX2kj^@m@I z7S}|7r;C`LIQWG5zx292vnym@&%I{XPF}VD+y~qu0Ue91X+1<-@3rl2{d7N)>sH5> zd(DH+j9vq9i}V5x{854kCPsjaMz5;MRp8d3O<+(zeiC_&_MKJ*6c_rZWOfW$lu-io zd>+Q^G_rFZ~)3 z-%~g2$ceY?pFe81?;I!i0b{a^BH9bY&k6JhPR-OXowO^L!&ZD~o4uU6?_=&ezVSYf zaxrCMATTq55G&et*bW|Pw*N>ZaWl2v<|8s9LThx*jI4Ritpr11*j|QD0F;6F$a(fR z?JJo;!UR|^f||=nU}$i19;ih2b`HU;EnagrTcmzY7TL0yxvV4TvU~Rydvwcoc;gOq zVU4yDmS5oH3(X;4z*Tc{Q0FUmF$_17q?{Kmyf?fRnfw;)!Z^5M(OFv{Na*H?cJ^St z`w8pFGhB(z$tR^AFS^6C8{3neB8|hg3YQOF{lJE<#OydEC~e+nO;5dS&m25xUnP>h zGSY1mw@%rA`z3I*qeQi1FVIZ zzobKo(bEYqEN2X}-T+&5En86pz|n}v)L^!w9Y-WTOOOr!w=jGd>elNzFhAnZ^+ zp>GNZ?JfeS;oowyZi{k&6YCiPN^cBo8T3eM)Mk~j-Z4sRy>H)FYmZV7%JH>i6?>KT z2M|;dJHXRnw<`dKBm)>iA5JLA7*urUT)BGlirs1jLK_EnIyI!F8!rM)dF`Elvg_J~ z2{@Bppo~JnBN95#qcM{5ng@b-f= zvS$F>vwY4M^;I~kdiw3yX|hPM*JPp>%SPg4G54g_k|-6UU0vBl7^NGZuqU2rv_F5P z%IXPDoKr-2QZ8i@+>Tq@+OQWa%Ynw6r*mGSVkntH)LtVKhaOXV4O=3%v)p`S6=xsf zfo^Nh(;1;BV{NN2ONn|Gjg!b&R#cbK~oU-kpCjA6Gq&rN|R|fsZ0K9+_ z!Co>)us{siT7VqRN6t^DP1)GUgk8Q&0REvSYOOWd3&R)f=*REaKYZ9_e{+&-1{{li zWwNnWv<6Z-v1s~fu1(|1_QrRuwbxEfhX}D_UUT6C=1;YqvK${UgGq*SzX-zj^j42w z01IG7vr#6pI&J``O zYyu>U8xPyj=Nj$LUZ%EWVUk}Y|M{0i(0^Kd$ZitUsxXJB+ZV9$2E2K=)z)bze$rzX zfi+G?_w$v(59~u)2UDY}SN<-cc@zKNHx(MuvbszPwQG%xH&MC=nt0em&t>SZ|u zQd2Mb)&vM^y-Su(;Av$u8JX!r79rqyiggnv7%4=}-t02jLp-`P9HNHe&V8Hd0x$bx zAX_1B3rg6J2(&|ubbbW!_h{d+#R*tz>m(Q#2X1;f`VITSEM*@qjrQ0T_M-%w*%CpV zmeUWSR@mB46l)Vj$QJAC${{q4JL_WfVrF`#5jUO|MjEeLQR*l7;a*!Y|+ z1zS{teJrRmD7LCJ`5!n>AYpJYd;5V%@^5u{Djti}6Gb$$`a(^n{$N6UBNkcAA>|OE zNH$O1!J|O=HCXiwP=VABC^qSMN{K`(B^rAOx(tdgGh`R&K$z;Mno-02bM2?Pf6w3a zn+;=ytfVQTC#I+A2U%}Ys1%JT=&~q;P+@LC@deqTQq83vyRj|xAvN68cW(c!PfCoLZx`eZj z=h5eleOce`#?LnOlX1$ZxipW0xda`6s*44RtPq+^72$;@1$tqI=o*AqxR?Cl+TkY&UMrFn>fhqH(!IL1-tK znH5FTqd2w#>(d3)2f=!-kFK9uM<_`y`f_z0iMQb^?oZJyHKTe@#_1I@Tf{Fj)KiG% zdItr;5{O@7q9cbYMNjz=LUGdhvvIIBK84X|CmZfmAJLf@zvjU>U4*xYtS_WEc=JIr zqG*>ugCvjff^`Lsh?@_WiO1Y)&B{P3zL}fnaLjj7{gh)zMmUcy6G^&EJHB3}3#(0V zek(-Nj`s9fOaD9=uh7L!+S=5lo|$@Q6ThTBSp7|Zodbp_5ez|L4)zifK{m-XzFz(E zrWc>4JAUCg~|rA^{Hhx!DT@1*2Yw^tRJEICscRMHz)^{ko(^cX55{qZC)Tc< z$%;TqPx6a0k2D|i$au;cc>JOUbwPOXEf#WTG>$+-?>=R7thmGQoH9||eT++erT=bU zN%nJ&eoj+cYGXf_7sb(qi{KQOth@Awn2Ue<J)E|1^ zd!2eG^{xB;?GEDNm+%yI;x5~HAYXDu^Q?xNK5=WXygg<1^>Q%!$yAEZ5Lr4*9S4e^ z&IzuOd0gw?r)k+u1hRsl4)*@s90bY?HDKVsKKLxkAv+BkiWsSJtxh>kO>h3t3*a*t zgZWdICEv$^qy1RfE-T6Tn?rf7M5Yn6lvLx(S(@H&6QebFKeop41lMfrOwtKYam*3HiyXgTB7NJN$I#UVmFB5 zTVxNFv1I+Tot`CwEbGIq5uU9gwQhf4ZHd#Q5v1CipDT0iH5bv|(dUxwrQ!G^x~rB* zEi$XyY47?C+CxSLIM9Yz?}DbxU`;2eGck>zcQuz-C<#0wnulc~II%n09KxuAKBk9g zTSHAvC@(kijv!|~>H6gH-Tet0AHTUhWjwOaM5y1u9;WOtU-p!n_o-a?0b0zF`725a|6&t4%h%S6S7vufh-2{?dA-Q9`4&n7v#ub zdna^>IJ&H6MBUam*OdFQnP1jE^IkFMf@DEYnP-29v0i+fI|3L{6*2x$^i0w$N}yAi ztiMI-Gi6uo1Zo*L<>hXh90LCIa)*6%X~cTEV^)bXE&aTEsw$-pN|%MZqxSJi zueDH5bPR$6Q(Ou9;K%S4U>#*F0}}_tbsOtwo*+%9zc^XW{=hm~hF=C+JAnsY zvO)CZ1pCC|6t$NwU9{6g-KP%&0ho!t6x?nVL=OK>4SNI5ttc5Lon$Iq@57nLmM1<~ zK#ufW2TdgE^zty-?KEta z4FPI(0Y}R|Mz|chNSO7GgJ8A_IUgX4tikp?Pc5gNQ`Q8;%mP^)S=4df0(9Pui_|W? zHUaIZLj-(}&=3LvvV@m8yAGH~7iHr~uUk(SQ@rJRo1H$(7s<`NDq5J1{EhcDv%-N@HV zEY|*8ZNOQrP_vfx#Jr_3_YxjDuPjOqld($-z1x3uPFNwcN_FTY-(+8M`zZD$-6pP8 ztug&~uS=iCkXNE(l;^vE?&4WsML~|q#E=gv$SiVaU?6NOIL7A{Q0DYc>>5t)Cf5gT zeR6wAW>g>pPM{EWv|OA_3qUb;bI}j1c;#9R%$nDT75%N77Z2Xnja8Nu8JPN-ZsReYoxm z>t1@#Q#W~2Q0&rMgMN(2z&fiQ%?w6a>8+X%*%y?t8NmrP1G3Ws9`F+OO`RXy^9f?o z`5{8E%p|ahVY1nPG;(dk*^}cs{~>cpe{&8AL?m(^IZQ3x?(^sE#C*S{^;3f?gySx2 zx78Eq@XZG7U^9~zU2?Sf2zU*H3ek1`9OLVA<0}rqpV_;u;R(jK zRpSFf6ojtU!D(t1G4=({4neZxYin)ybCiInp$tZMtKI5|Sr>cboKRYD_SQ6uXW(sU zsv&BY+?ARK0;DHFN^&+E%>#XjJ4f*n<|l$kkv~x|I9Ft2&;#!0;`=%?$u1SbA(0Uo z2DvNh4FS=LD5x$&k&J++P~M)bF^p0 z+HcJwlkY;$Yv|>mfQ*9hAxLU`!pNmrn`G^Fb^tw2ZT5r_^)kA*c>GzRd0g?7b5tvruEOiE|2pRktpIPSQ5xAd3Y7Ej~;469@^PjQ}y+ z(E?pK+Ys5ej?YL)nFk{ET9@5|F2iJMIytJfO4BRoFG|)~K=&n_-0cG@ld?kQt+yZ1 zZ}ua+yNr+8%)>p_a{d^yf^tfO^8|(m*hlu*wnKIHt?E&W6I>l%>ZfLM80RZNx$+(} z>;&t~vnewc7kvs(5|kG}H^~vqAijxD5FJUvKKL(A4W39?l~T8@a5c~2g5$cSO(L+f zV3?>?Re))FghIftMC}!fMvCrF&qaB-bPHT)>LZ-!u~Ec~6wLJ_(1LP?H(tomm}l=H{N{xWazXA5 zvh(Nf_OG%`yT^NIN3polkl-;rXgem;zoQw4X=Jz>FRR0Wne_gAev9))YQ4drUaY*V1W8h(YFuYQmRQk zL1U&Zgm%yw{Afpqh~)fv-{d{b2j1?fk#_s#KTxO-2#$iL!?wL~yZwh(vTbRk*Zz+m zce_X)SC>VRCJ%ZsPDSVih>%xGc^u^=6C*)7G|9lQ=HPS?3OT?AD5^$%7hkxcdt3PM6ik-Pa4K>Esc{3-~4N zu6%u85B-#1zQbgF$~*7%HO;dG!V)lvBR5al*sT+G`d^|h6S4mAOBA;}V&8Zzn+WS+ zTWCLP@1DGF|JT3vu))i*rN~`qOTP>982O z%u!{xiXR+*5uu^YK7=uGlf0JfV(n`E29PD1Yt6Xh7v{t{jy94?{K~u~oH8ear5vtm z&g1EH?h~K61;c0V!f2)%UNJ)WqR3A5GX#&W^;7q1UmgW`eBYZQxV?^>?n=wNBtx$&`zsS4oz-i|@%{;4;lOWd6AR z{+rP=)qw~7t=`c&j4ukP$VBc+w}a^JZBLg=%3XxDzRj`9>As>%9H(jvk?DW)-79vT z+6(tXmj~-HJz&iV+DPzjLZHy!UNonp^n*Rt-K90gX-ozwYRN=)R9fky4b*eIX?^eh z*lt|tvY)m1Y;YI|NzemIK$s{ac&i{8lqbWQyWj=smRYK8)ws*b>I;Du>Yzw8*&A)k z1hIf^Pv(X@h~J^NifEQBE^TPE!(aS$Ys?(C>dqh8ty6vWpKkeWghMqJ7fKqi$9mJ0 zd`fc8oJmA$Nfr7p=r7qyNtSp0JHvd1sC zdS`7BxOeQD?ue@HN)b>k80qCPY7*+RSa{3^E*~SqByPvpi%J{!*w(`@*iq)@kG~2; zYP8R$T29*!kF@|>#CdTBensD3#8^3SWy5_>ykJisOx@SZeP_7uCK)>z_ZKnvrPo+( zO|53+COh&v)N+MXnTzZp8dLhAiMuG8z|f6eO}2M;?RI>_0rM;;HfA&kK^L>M+0^dsAL(Aq(`pj>-%ivGyA$I zSlx&K06+jqL_t(XPol8NeAN|=kePP*=Qen**gm2b(KBD$L2ak)mfkS$=n}%Aca{K` zh!+d{sfXYK>3IGEfm8$I*R8*(#3r6Cw?qY5(!hxo5uDjvH)rv-NsvCK>_#t6Mj1MR z4R=m-t#{5ySFd#2-~QD#Ys2BSbT_`n2_7MX12qQypZS2_U7!SdVE~&0l=s$(K1U~# zZN^Q86LH@B-S4#P`9l8DIsjTgrN7X#GJwsK{7T0`;U_~W>R<` zCuh?MKrIByuhO2U9_nvysd2Ur_0Y2yq@K3nx4QEgU+(-Mrw#jHR9Ps@n^fl|C&U<@ z=!~3^z8@muF`zw6=Lgvpb?KZSJ%rCQK?cwnGj)0AKc1mIHg$ebpgi(xabn2&X2z}W zeAM2@j#;+-0GV^o+jBsF{lyMYAr`xA^yV3|9NMfMBl{9U+40YP(!e_(u`kiS^m0MS ztBXtPW z1GQ<9phbU;H3HN5m6r&f>AYpX`2O3}fSN!)0@n_|q^DI;JBpfTf0X1G$f{MKOJ{IS z`)=K3lBpI-%>(ay&SGjaa*m1+R4_RjH^jA;tGA52M||>6M>de{r(qKup2h(%xWqi!)M|SHxEfZ1JJ^|P$ZN2(A$R@t=p?&Y&PIsn^66Edigcg%_LfOS=TmduKxB|eqWgzcx zVYznn`M=dAdmnt7Y(Sm3?c#m15d;$x%&#UDxRj!VVG8}W+2zwj>2rWuf>?4=1cMXQ z80xk6u49lRs&ful8$XJ#*Lenr07wJlGBaP8`~|ja3wVzx)DwLjHZ(d3V_~=gfSnt!IZ4M3@OS2&2Rj5jar}!!c+eZ)Sw?E`kXkW0G|c75q#_K?xY@ zC03g^W4X}f5_Gw=fi69_dhF-dN9?BPQa}V7X^EQnwf4YdPqw!Loz&hkeTYDiMVxLi zMbcpKUEf`eLW0k|xAr47xYggE4eN+OX9wKhu;f2+CC(BG{ab=bvWY8LU_S*a<$nqjAAGRTi0s-XakM|-( zN-3!P!>nip zKl;?_P$3@lHll`l+wt^|aPUvBx1xr9mS0H=#qNeeg9s^*P$XSEzfg&ok`mF zXe)d@7KX3W$aYgd-T(L9f^HCpyWdW}Y7ERPFjDEEIiehZt_TvLL@})>&;-trh`~i! z8=TV}Rb?oOad5)I&p(gPVvd)Nm*D;d4$aH{ zQWpuCzOcoPHpJ|aiXz*xwbaV9h)SV0N6a@y6D2l0k*mNlYuJ))(<6SnIZAY?icIR+ zbj&IF+BeikjMz)eUku2-Sb4SO5P`J4u*ZfeejcVCfiI!x_i7++sGU?Fv~ASEieIJP z4EEM|2CLuA>)Pst)XB?x@1AV5_T|-k+zZXu>SxJ6P%4*a$>7DY9V-Xh9{8Lch21vF zfp)E*L?0JaS`*RC+cH?o*VtFUq}Mj+J#O`({H@n(f2-Z3uHd?$+0%NJGc1r<0yIy) zHI*y_uN$_HscqFlU4kVrujR1Y@ECW0>iIsRS^~h$We_PUehE_FaOo5I1;+w>K{yj^ z1OKe@3%tVn^YDxBj{Gw1GEF>wA)^rtZ^6%|&)3)y_+@`3wa>Pe0R0BevJPq9|99$s zk_KzPG#vC*rBF%1%-JQ?kM9XUa;uKtsS5S1DNa^kQ z-8K%N&7s7K&w}9Ti_e;fI^P;(+*fh>fPt_1Ti;3b<@T9d>*wZId{;cm4UVVQUby#D zAGpul%@BpPAw!-Vx?o6<8AzQs%>$#4;T(4RJMS+@CJ_9g01#n-hqCi6AA|Fj+zAVj zoqeifjJ3o-aP75V5Py&M+JLo;6e924IszsH zYeu}H*7DGecI0*2)NS(s^efOY%?*BQAb4TrGV2}rfylaT9vrzo){!Z}@6Q1G=?+Lfhdx8U& zj{}C*s@5M2fxK46x;O7GLYjH^`}3tG6HjEtT;euRJflyGZ?(sGQ53LMlBg;kwZDEVY*(QAoC_O*Xa|b=x4jC*_WWF z;}_^Dep#dEy794}NWS>gPhLysQRe&V_|&2ddK<^L{yw)JUk`4{pT84X1*|WEbm1ZS+Q83cYpro7T3Sy_)`+j zk0CFk(5kA@CmLCwM2HS^HX5Zi(!?^*xVPyOtO@4V1yrz!r$y79ypHM|fNq)~yH|Vs z;v!>H^fdHbnIroZ9QyFiYFjL*B0`zy$$rMxMqRBw>JG&#$;8@9?TBLAQ#5J0Q=@hP znC#X;kw$BX5t0F%#o49ik!`>NBXb9D+E7Qkby5pq0+>)i*NPB#qJ>+A{0QN}&jWrb zGd5{4V4$b^ao`MPVW{Tl3QVhu$X0XWeSQbBymebf&A45vwG^TDhSu%Gyj!=+=y{*r zx=qf^`T=M>tFn9T^8|dj%-lqmK!eCFrxw8^{4(n59^S?;tRd+=E@K0|+zZ-cjVi+e zbcr~ERT(>xMG9*Bz_?+}2Is2nXdQ_l6kx8aA18tz$Znm5d5$tOqEmOc4;i8Rj@0?w zeOu~_h|(W&wQFQ_$e;#dIki^;KmpEBf2pg*t5ubrz1{MfYpkG(dZQT5=U7*QMUMru zEmR0ZO<}&(Wsd*_GHoB-8h7$W`-(qEAYFXSuAb_!_uD2gB*AmV>4J#PJ3?9_5>o(_T=D zI)*3@ux5hP*euAg9mSlhr^9xI42=%TD8z_%zMG@j-TV+ga5}d zz2u!+N6!Shnh#@{qvsOxAve$RfT}FVMpSSI+s3EquJ$xt(Ph;S?zZW-d^| zQ#H+{*JMF}OdFe04%{eEia}N7Tb|%gT?204{xX*M(l5;2(0HVD%MbCuj zNmfiszm8(Zb9xBxN3@|}ixN#^lJm&SxIfntHDnqO&D-{zPP{CwX%!yZ*_djjL!-g-vZes-uN0A-xI7%#ofH0Ry$(1^b6X;oA$r+g-vIc7FU5iZHW#nl$ncKvo zI6iZ9iI!Uo-p|bGg)T$ZI-znNo9W`uBrpvqKmx$Q5fWI}l}HS-p!cMfU*=Ys6aLgW|rrv++W z&r)gun84*|1r--EZ59Vs2X?@LFg1R$#l$(UVEXbJ-Poar{9A6gwH2eGrB;s~%;q4) zju2b$8Mj$sWtknS4_jHZ$G-R9NWD8dY%>_uqXcw)_FBV`w<4t`FU-=JPCmk87HlKuH0rzFp`&L*rD2M zHs6u3V=9WB04p=U*$S&0Z66!V_AC@QU_dB6BIGDHDQ*()i#Tr9*^p&Opdb3jLz3@$ zuh|6ko;N0WWwU`(+fA|fDm&bOLl3x&@BQGMojgBc)6gY$2fFxmICeDFbJUL7yPE8GzS&?~{Nr}vzy8cl;jH_JRPadB zVC4GB;aJd&Ar@^KuzbtFF2uq)h##0ACeKF^DTWZ(6rH>hN&e>y(QDPsgNV;OxX63g znEG+PaisE zfyH4PZwcDO6!Wc(F!e0WzZAoyvh0*Kw~i1fHG8e;@Gkq4SL>|N`t1ss+P^$AZa=}m zvB1BFIm9>-Cq;(C*#Zz05gc!V49O;IEeqpgW?iK{_O&PN`DYt!F9j(hBdl#jCONv? z#}AQ^vC62sLIm+5H3p_bTdg8Rm&mA%w+4ar5*_$%lK#$dvW_nI(c*1ib$pFN<4;3b z&S|i^eNFbw->bKZm0>$Cz9ur_IDEa7G^jj0gNn=bk2N1B12C9FA@GnDgI615jLQni z5&!7l>ZR8n--(Y>yrGXh+2HZ3Qo&V3b^WEog&#aV739=~3ExJpePGkwZPt2fpPf8Z zZh!V`5SH3Y#YAWok%2Mkr)cDSxwUoVTXtoxJ#w&|?5Qz3{sA>Bkg*;#oX6kZ5}{q@ zFM=^-X|c>^%P1PnVf3k*%eLGXw~v4yT*0-PU9`hWYPQ)U+u~NeG-nrpj2xSQXUdYp zm5lqhx>96eb6C>8QdD5!@_H+!UgD8dKdB)XH5BIJomNu2)edZpSv3dZ^T0t+!omxP zppP3!e9s<>zjWdeY*khs4m}F9l_$o{H&0=7is1Inq72GFs5O6wOUF;~ixiYNQH>!C zP{kBoFQQ?y z;Fnt`_t~i@OYP6TMl^mle2e@pqHmn(?n8dl7ygU;P&9LQb+GaW3oNH-kCj)K*;94nwls9b{_ek= zC!%_i8a_n$!6(wQl#RZu+5v??v^c{7eBzq)3~|BCd@HCsV7s5%ZGZl`Dyvv%w+nCn zlf8d_(*AWJ#354$K@NHp^~ovTYvn+FJ*oBvuh`#y_q<(dy>oksBCoxu4vXVc1bCD( z58HqTNZ8YwhvAr=U>@Ss49G6gJk$dV6a(I7&d#}ckkJIXNRB;r?di$&x3Pb> z-3N(8rqp|0)~dH|y$^KYVLi;TZxVetmDy-j4Qckmp_4eerfs|p_y+C?*iGOHqFsRyL8Bs>X~4S!f3qUc%1vSeQ`O%2z(|(Oku-8J8*QT{ppL9mOp;g&b&3o zx}C8%7BDE_-`9}u(Xe~oXZ9mWUp2fe{d2C)rn8!@i~x<74i|HdoP%Gem&PWynO{U8 zZ-Cl21%Z>`e5AgwEKl0drFU(ry~VD6yw5H?TWo*wC9*ZL$%11J3*j@_WAA=nEBEcS z^Utl_R|-x0XfH;v%`yhYc_QgDskM|&ed#Qo>!;8|@g9Pae)WhwcZ3YO9H70?%L42x zu@J_yl6_WHOCkB%AsfSq`nP|1kqnd>TcCza4Ee2nMG#UeGMZ8YRE8iyO+^;Hbu^Q; z9SGT|ql;?2{J8xdba~iy1h2p~7@zWRu5PzoPc+)Mexu6LdRpxC_r~qS^{|}*(Zo4` z-JbYh9N|{GTU(lpRFg57G!(()xb#7Pau%U3#daljO74M>@K$pKGnA_AA$si5Fo26uwe5mHDo3t57Y9kaVJiR%81qAWNpVG)dPCMG=W+|-ia$9 z7`~pLYqlAjy~T|Yd*#Vu)_BDJr6a>YImQUB4ry)}r}j9ZYiTR7eW3+=>S!tOQFHe3 z$AUzJ57}STN5`XH=XoG{C#R90O*&pwrH%^5u| z5KF^kIV3L)RJKO43*tFIf@NB184gYArmCh`Lg#P3@7m;>{H1TZH$+dThd6rbGw(|2 zA*nr8_pWH(IX^_=B{o})o-;9LFVtMLw3(R8_zU8s&MDhtRa+{ld4>|XG;e1nL$**0Ko|W~N(!#I}oO{bAT3YPl@jZ6!$PiEWiOS4+Tu<+$x7s4a}6Xq;fbn%&#%)o&cOXAh(U7u#)Nf`~K^ za%Q@YrHHKg)xT9@@~PG``o2lePp2BHa^a`-uPPWg2wl`0{erPac;s7WjtdP z+mcXSmT^4Iv-smU-9uT}Qn4=qYz$QHR(twuPunw3W>`~t59T544%+)}BZvBt)HU@! ze`c1Hp!e*u+NKJ7q$FZJ2@)NczbVi>5@cDrwFj@diA;?}w`y!op6R!~=e@T=`H@AO z5OZWY&*bi~^5z+P^(l7m(2D)63&bv+GuFuotplCMqPkD|gqw$I%dHsm<^jY16m{fk zb~jRM=?QywpMop9ZAOkO`k}2?m!OW-*K~reiW?8vkr#H@zdy=pyX&-_dTZF;zA|TH z)H5V6Kx)`SUoP7x)gH)LM_$-&f5bTB9VhMN+e7vi_1S&_eB%SR2TgSenlrM3++E!1 z=vmo3Wv@LcdQ!u$dow*HYjj?Tk?|Hq=NKQ~Z7uC(wlAGvpl3>L5=4*_Cvk*PThj&0 zxOvnZdL)sI@c0u47=a^xoGkh<5+1PrGjCFVvenKX-)%Qv%eUWq9;6nnKR%y@*HA@~ zN6C4}V;-6g+0hqw*tele47!|pd)VH(GVkU=4n55S+~_qNB#;6Wy4l68l*B0pB_-3g z?*bOLWXYYa6BTFrv#o(&%Fll}^_fQ7LZfaHxw)7F*7`91_YXpvZ$`^V5 zL84`|i_2_VgS^csfu$LClj6}{wx`-d38TKx;!KZ?_l4}8OU1UYrpUHE{v?X`Hrv4_ zGR)={D5%9-AF}NJn=nVOo#~juiwUe1?G>PC2s$nuhlzuXLb*+{)aqEh7ml?VABNp% zwiS@Uvi(t@dCE#GxR7sKi7ek&PNW)`xQWj{N2Gb9J%y{K8>7wjYebz*5NVe-Xmis+ z>z-;N6>y8~cmy*o#WO{hl}&V+f-b#4c`VvE@Pav|c#iS9d+im_9%C(|J&HQUKmWYd zZR>aKby39k1{qsJ80ZAIBN&o&ywMrjFc3JPT5)-^=flXErq3~SWwK!g-RDk4-!S(3 z{gY=fH-4OTnR!HLHxM;|@E^$!5rKvmHz_POJyq}1H3u!k3XihlV$g;7guB^mH$CEh z-;mIEc&bDgXW~H3Py}zPe@R+7#mCJ%(Lh8R?_l1`N)R#&1=iSDVtbi~oCL15FE9_y z1H@T`t#b^xf$O6-GRomGfpM^k10wg8ufMM}b>9o%YxmnxvY|T1G=F0@Jj_8qK4Oz& zg?0>xhuQ6!wrAHNdkG_KR<{Ac$6T_8{0TDfVnjU;PukV%<2Ymy&b%-6P?A{luXU7L zQf}Lb6sRV{Wv(RMt`n3P6keLF4yjB0z(LGGO5%i3F?46MadhBI^4fFoR+LkQKG&fQ zXwXC&nKw%nWJ3mVIMiD6lh5LyZL-=~RE|udgKB|c2+dN|5Jws5sZwf)`J*j12{Oep zfkKJl@Dgl<;M~NI88}A-?G-?-#Q9E;H7Xv>WaA1D$vHKe?dUSUBg1y@fi9KX99@Pn z%&n)3iY zMa33^Kby9f*ly-NYne^|OE22iT|`?`$Dm_m%5L5mgFm&-IBZuJ!=IH_QHsNn=qf*o zVpI{_jCCcu+A0eZHq$W(c5}at6UDuZBOr|$PGRKR)eqV&V}BWii}#WpTWjB_2J3u+ zLpaWOe~buSqJMgshqG;}sRADQWEauXA$#*OQQkzX?O|NC6p-FIO@OcETd<(UYKX=Q zbX>Fco_0IaHEY*q^DRL^)pQP&*}%apunC~1B;^}v$0&M1tq0x}EL;$N$|9=6)i>sE z@mW^#J|D`klZ)ar>O9a*Cu4+x9OSu~K)YqqllV-RjdUCRM7DE?-c3Jins?hS^%KWO zFdrx$4o$(1tJY4I%9*aPU7NyLgYvHw>`3lK-OVH=)|;iQAlqH`|FtY?t%wNs;p z)TxEZP8;Y>w>K^oF(#sdpvRV-du=!KH;Ka}R8VcTrL5<+D~``jch3=Ri_%Rb^XmK| z>l8miH{9ivTPU|We;Ynee#_}Xg8m8uBa(&85Pb3KzT!Q}{fx(eA;B?SQp5UV9!m1r zSEz%za}SY#g+%mIyjSzk^av4cTDR0D(*7`pgC`Ogv>A-RoznygWi{BoLousppq3}R zr-Hze2(Uf+jn?Ue4WMU@Oc3FU!C3{bosmoXepZ3ymz7&17~2KZmY5>?xFi!}AcIzV zzc?ix74|jz5c*5k%vLL)z5R!2Zz~1QlkMr7EH&5O>=<=AZ=t_TPus$Dr}cKF+s`gD z5BU{#;Mr%bcGo`JL+1Qs8c-k1!xq+&ujP`pb+L|m=IjPhg3GH}#U54f?`LwtWH=<^ zK0rorVR?yF7f#wtZGpA)Q17XW@wo`i^(*TBTG{k%=VuSu_%$gq4ytDoWSbx9;k48q;s(m$X&5x(|?{!&=bF_ zf6^ZWuNH#vQgO7SdcsG0w+ET+)4G+u>!T<$bQysz??abIwxrvRLr>dl4g0L12gA^9 zbOC0nPjs1}$h}7w*y}cVyl$fJ{Zd_$M0a{}j^zSfwRIcCs6*87BLgXqLXEE9?&%8V zQ{-{Tif|m)@7iJ|dAU}AC8P-h(}68Of?0*79eUm}Yqnd~p(VT3I%d7Vbq)+82NQ$V z+nHl;zlV{wFl1$n@8!k=R!?n?MdW@~9qSJm(B2a_?E2*%YaL%AONE_^J_K{}aR@Y8 z&9+JcOy(_p1W2cr8N1xR$oVPD8EWrE0P()YsmNdjHz~p$71TSM=*HXD#yXO@bqlYB zvaP7R*eW>$PZ8aFqkG%}-8}Ol*R3-;iI>?sq)%ib+hv31&kk!{W?$*&b!7hnF5%Rf& zb07Ly0ohPwC8Uw9BeaQS0uf@_71mI^1Z1-^5C%aEArK5rB({=|oQ41Ibzc$p-Qd2P z!#2%xSEyZ*AX9mPRP{kJ2OF{o+~g1+8fXa&4T~<9>?GSb*iUFMmeYU+rUVe8Zg7w*E;}R z25o;;mNh^1tbL&|Y(>336J2y}=hSV9CD0yvC+zyo37ZT9p)dJz4^~*m6?b^)xC=hQ z(GbifBbas6Sj9P)T4Dr6X&v3Z@801N_joIn0T|3Ku*@R#W6p8=YBDj-;5@~V;zhi} zk2v%L>}?IDMD3rwV1qYX?d-sUwGnce!I`KU^pJzdu6x}#bLN5#wY1y0;U()}j+AY} zlsH{Onc?L{hwRCcM*C(3L1WZpl};hV355g=cT@M~!VontKx%=`nU(ogxpyb}JlU?j zH*Kn?#|EgwHie^rQ{25qoczq2XHQ-dIqud2Gk=eHlI+c*pJnQ2F*QNRWSS&%NoQ(* zAlc83VQafMh`}nyd{xy}L1g-YTA;Ckue+U|g`5K_tiFUgAkbw1dWtTc1e-V;+`Wcy zkI^ZkM(M>f)QfHFiQC@l5_|fk16J$nu-MoYTO=z{SsQYoc{>N^Y1VsRPoMq#ST&L5 zxz=>_dHYh+oRzXagvns`_?r5iM925^j61#_n@68_iX&?cBWMUmOQy0cq|d5<+9Yqg zyf@;YD(D6%qWb|3{ucKg%t)rAF52>pt5xPJMXn46QvA*1|fPCQvY@ z_EHz;Xg@M5gwZjR*9uZ_XOGn9$qwA!UIpzHqR-Rblgaj)SXZy7t+m%ZVYhCvZV6J2 zq1%r2jM~Nb+Aa5y5c~WScDQz@Eo`MeF&P5s$ksI0dTe&YTKXpKGDV3NffbAqgdU!& zC#ydTRHkM-`0~qEvUl2cFF>QBEw-&_*=mq4G4}CA>;)Q?XM9A4rjh*y(#Hgu7uP#{ zAaXR=q1Rrr>O+gRn{!TNewy4rp=C~iHb`5r#?FUlhV=X?V@fF!3;|pkf z6XQ07k+qd|)N*UmroxjpA8fZ)obLa6rO=vub@ue^It^bAOk9+H~yr2I_kDe34b;)w)V&52lvRW@ux36igWsk9)3TUvooUN!K(`s?a1Mfo#-I| zlOVXyzaFyvQ!(qKrc_a7sWkwDnl+zp%lYWyD6$T6i!5)8s-LBp1Pac3L{n>BA5bxiE!YN zZOPR|XC)z+(ILug>+b!Q_Iki}PR`jddtDTpU3P7`HD%1&tv7q@@~L*aLEz~Sw%vHN z(5jm`f59)g0cr(nd|D5TuW~ywSL2%kB9`&Bc8ys}%ao1JhB#@{R?o>`fza5_>m{OodUhiKeW(bCkNnQ}7ujF2>uer#IbB^lrDJ(!KV@-$=Iu zWPbHSuVUt*ZgGtISDFWG3-n!UA*qq`N_!Cd1OcQW`d3V1M00&UXQyHtDj;(=T{@=w znp^P?DmFK=Sc0=zf-KbZOkilM%CHBP*f{#x#UAWEz4XdC?jNKztq*K|1gx&ahAB5B zxm#iT3yZAz`IjuTbJ41xr{M5IDEEHo8HJu*ozy=hXmbi3Q^B3Xog;SP=j~ST2)4&V zN9;)LUW+!)D}m10g#5^*Wgr1>^pauQO%^45?hjGheS10lSw@^E{HgVaekLdTQhEu_ z;u5RCG2f3~-Q5mP3hj+UkGHbDpDtkoIbA{~dsBTLj?^L>)I2DIIyn!w(K3y53wzSU z)RMLKCTu@^dGwV`tM;{7Waz5RqhBpEzpMKZ!2&DMA<6?lmk-KqUtzIrf8k{dp`TSl zm&FuakY!QUcqf^ZHwi8s57Q2Mo}MFrM+p0Ey6mg`gWQ|06tdnDGC8qC_I-1MZQomH z1w!yzW^aiBtxg;B8N~!A7owkoJk?2d88u%Q$*P^l9v34iqPnrxo+L01{55Rk8Fu&y zoW+@?mWI=K=^L-u^z1nG0T=Azl|Jk4p0l82!lvFl+#BBBao1dGR%AFl;0`)5 zn1=k{S(J=85gju`j*&r_R9w^^%NJL6WWECf*^<5YW`PYnzRUjf`KRrrFJ;?vq?@A_ zgYO%)k+wEF|Ia7w*Is|h zjy_Rq6@*9Sa&HjjOWaxeYYiwdlje`K+of|i?Jq~??N}f14fB&WF%Y%0J%=oKXqSEA zcOCu$F^%=_x68@Kwawxri?y66D~Ak&!l;_{vL+HX8*M<1^Nk2hwRcZneJ=6%cS zTUq22q?Ho2e&(9}B?Xp0L^)o;sZ~_I%Rc{g_~o(cd){~c%ys+D@VtcwM#9eNI>i+0hyIqV@oz<>=#I_$#fYxe(vyFEKdc7m*B+Os7AWH3PZ zE)!|1LgiH)9B1Lz)pfLftnT}wfkz9GM$}oo+~+I-M=L(Vkp-p${{}c9ms)#U6bHvv zd-j*s0?)Z}t*ZpQA@PTCUK$kNo zuR@n;4zwtTKBAAvZvEnKJ!MZm!od^#$ZV8GnF4(rP6FvGHhBGpo&6z)$8(+5h0|ZK zq%z*mkI!1m&rc!icG)9GAG1Sy%k0~aQJ|EYW9$cMa|7n@J7@2ox?x>lR!{N$SgeiW z+);b`r-e3jc)R`i^Do#7z<9ktlwORDJdijBuMSIcp zlQo61;nC$f{rt#|pKrHcj3#UhXQ7Ox(g$Q*b8AUYPBMqrg7=5|<<=6P3(5wS3y7W^ z+e!5OHVjzPZ9N#GT5S{sK!;KpF*ft9$1iaiVEqF)F!SxK_~r2?d;RIp*;Wjdsx6tA z>38#>8f6_Lb2dGM?C_OZS@mxFm2W(0hxcJj!?2Od{^j^3tJ3O!yUFp3EwtImkFVNy z2H+QpyGOXMv}U(`N%!r=i4VVIt>YIz{4#L$s-6AsEq3;Nw{_tpTO@EoireP?i|%*7 z#ADi|XGf;(*6;}wo85Ns>BsEx-6i(#AE!Vm3bgplA4amkXK$al>9EnKNu7@Y576Hd zvp0WQV8c%|Gk-7H3lwE~QIUH@)doV#)_?UH^LNaSU+A=7j+%{Y{@^pspC&Di{M6hz zS(@yon?t=PnUwte&I99{dWL&ck^$B~LlOf6f7&tuDYd)oE5C~z+pT#Zpao*7?hO_w ztNTV11^{3HnTL-*Vt*KroFB6p!DsdR?Q|cCIgzSg|D!`FkVIgzH^}U*D-D>7G&u$? zT(%E?0PNG1Sv!MsUnm&vQvclkK#^(oha4gRXW6Iq3^}b*QH4<{`tt-v^wD1L5qs*9 z`g^x`{*oR0!HgZh+;69mll?cC2cUyTh=~95=RRjIlxNsWMBFAYENUM5E?;3DKCq82 z_1Xs`KAR9GH}kG@_WkmV8<%4?A{xmwS|E*Xb_iVksWQvP3F^-RvMie-zG)Q8z+wD= zEqL_1(@$vXWDcK+ch+C4>mLI^+6vGf^}FpWzxRYawgaan#;05u&%rsCv;KZ}JM&KA z+xa&8=z}ZvoxUlX?q|LNWmZwQhx?x7KBCe$-uHXDZ-o2W?ZXeQ*?0TU2}Ur)WGn+8 z60mpvA!L)!?64iLKTpJDjy=hNT{SGFPXwaC-tGhfib>@R6pn1?HJ?xZm;AE6bccj zhC}VH_kA-tKKi+K9~mIPNO`)6ekc2T8}oR5lT21HEmklxH-Uo57_rgroAxernSOSM zZU1#@4!!8nB`rypU=-mHZnF=6dCk7lORcwYqRK@V_)Jf|t(o-`{wZE3fTdaHoHH}S zA$*QVX!HpOIqaV5^;t#XQDBg}P4@g(U$H~GDr^_?S)`07;5^b2q$3x^m3jM?KVQf$zIAHSa;jmuu6^`?r7X7263kVPZZ?AP5jW=@WM4{SJHcuWs0ho1->_ z%uN7M4iyQ|$+x0rGN88rec~gKL$$5iqjt5Qtj>GXw%R;wQHXt2a!q8zSa+vOpR1;6 zls#o(bR2lQQR|%|sDi!($@b37!Qc%{)n~G9>4JDxyy8WYt4HvkY>)GzL(Ix z;P_?MCc1p~&fjO)ED^^$fBhwU`o(N}icHZoWTxsJieD15ZT8FeF57o|;OhbQsq}KI z-nP$v?e`CpO^$J6Zpkv-zK^~@O*|jbsNFa{&i)Xc;wn&%L@omsj5DdywrtyLzs`LJ zKH>s^A6ZT+O zSVk)kEaU6~&V8^i(@yn2V@LK@+Q0kLCvZ#?II2A%$?1NaRtXGuEgzq=WB)j5A4NvU zSVnJa3)x$LAGDe0MVFWDnTl*X;^+cT!2-ePh@;EZ|J81^>pgTr|riW z-9KK)voz?r|CuKH-(JM9Tzn^bE?CDY==r0c+p%lZW`i!XKnE&I_d)dnWr0Z!&0#3) zZyUEJjMoQ_67)DYMMmc^u(!y0=p$Bk@z7n|0L`*+xve}A`? z<+Bd4oA#dN9QE-@>nE6T@zn+!q7hu+Af{wu%&%Id=k6+;E1T%K8$EK+mL^;6XK!4x zzoCxmG!DeHT=;DFBleqr^tkP=BKVQoz%T5xj8B20;_)bH<59{P)a|abz2)06 zxRXiFXX!Z})aBWKxoSW8OX_;}0uzef6Cr3S7{mFae!?%iE18GX_@tX)!)pE`#>aYy zFuph5xNLvji2>gSlp1?(_qA&_BM0g$&9>(&U$D;=X4ngo6X@3JQM%UAWQ+amXIe*` z<0z}K08h7F%e8m0DZg}JmwovU_7K3BLEuWf2q(GUa4mu6g(ow)$KE` zjGs7x#*qbVM)NpNDW4OT{o9@6G~=J1N4#&}`KQigYFZg)^TT5{IZTG?H1M{p({vzR z)3b=6293w<$9(bjUf%hc>)-V(JUoJcngq7RPV5L%f~{kmIh@7n6Uw>}hyoZX#lR>__|RO6}1jO_m_Q*}%dmj~=hci2V|zFPV!skp8X}Se1F)iK)}FtfY&6J(CP+13oFB8+t1T$v6IMvnK!E7DMHE?FVWb-3 z(c}=4zJzC%$j2cB^a?Ny*+e%M*4DTPfszQ3jpxVgCfKfv>*$hKROslE4qbLZm+;t( zU7AM;pB=Tb}mLh2*}1E>OEGS^o6hK4** z$J}5T4YDe3IU;hH2mjKz6#`!nU}x~=oyaQYJxJ}2^azoUEZ`9ooTwxpQOt|n z*Gg25KLR#t>OMY?A+*-t*WvCXm7Z`nOIu1~b-a{g;>R$7$Vm!q{jokp;*)TA+pk&FhQo^c*~b z2ptXwAHBI`+4T7q#u<+v_#A#&`#fUV)Hu@TBM71dpDoU^#?PF!#MH3O*7&W8C(fXcXTPA}US zkt#kiTB6~gy~)8Rj3F%ytVt|7V`1phetE@yUO_Ytbjif}PoS3P;NpHi^Uy}L!3YNV zRl4x`gI)9kV#RTkFE5gX(iyk6el}_a^rHjCr43_&+nmHQ`uDJx<`1LpBB{cCY*J^5 zD#;$pwfa)w)zX)F9HbLNcBzL9CKMDO%CaIa=fm*l}3ud}+CS3ule)!=NSO4P)^6*_e#?W{cr7cx_hP@vjUg_ zW&jKpf&>`=BuI)frO1+Kla_2pOC*}&7){`#%?zW>~F-+lMJ`?l^G%nZ(*>35fN{^fjUKmS>v zCq~Pe-e~yC-~ihBb0abWo&PevS1#}ChM@uO*v~xyd1L1<%X_CM?B~;~Zz|Jo`uvM!I>q{0jCrK8Jj< z(F5G-Cn_BXWO~62mh11I#A-aumYd!o4`P6Yjg>fz4&ueb2IGPC1F&DkY{=0Q=k$z@ zehl)*z4DAJA5D6}EEuGha~Bq5hV>iifW_Jp&S89i6gW>wKdc-b5W@5lM|w#hu5RKi zjrXuJ;Vfp!u3^t~rp^L02z$|bMTN(6N13EsGN3-<(tf71%-RjPaXBupd_ReOqX%UV zX74kdvA#0lo0OACjJ;)4Tv4zl8r&hcyN3=Qw1E(UI|O%kcXtTx8r(vHyE~0FE}?OE zZ`>bu=FYqCu9@}L{MBDTcwVx_tkWPoWLjn4mY!xe#mi|+uWs>UE*CWM3mB|CV z+|Q86Sc7`Ig2Epy_D|eV9VMp8X6*M*NmXDG?su{ld| zq`?l)gTPDXRt|=uvULkX$Y}pXU!^M|mf=6cx4$QvU4Y+Jg z64xgUHG+vR#>!KJ#5=8U2{ZJSFb%vt^j_(FFfG)LkNIqeK-Yao%i*}-9{GEM&WrK6 zg)6|0)xA;>moJzgJ=|3`Urg8I!{h+)D31l&>0mh1yV4O;C;U|i6p0M6LG@@rupiug za%AiEgD)2!Kz{%MVJdC9;?|)(;)LSd2%v2M1=0A_`1Lub%(n|@72s8;@&G^m-#pL zIWSNds|%An(NA>kM1|;&wVAfV2#BAy^=OCgTbLRR=$Lio=!4SuiGZd$il!<;O!!3n9GZE^J#{zxHbwi2ymk9evOw?CF83PvR%Xjq_9{b&g2+#c<@s$ zsfp#=Wkmsc%&>-JA`%xgJ)~T_nw`?gGspxlOaEgvBge2{#Ir#ks@vY(?gI*c$Vd#S z2~)QdYq$t|X6Pl+&1LFr1{rtMDoLr5M?uGywF&pA=}3`Ie4(J4G+_h~6NOd2$lm7^ zV*||ahqq=L_f$L4$F8XeKp+{7EdzC!>&UCG;^bzcXO!8#Y;#{WWY5&%spz<3U26O=IWOPqGQaPy4 zvoz2GTQGr%b=KLO43{+s4QUpVRzV6+nnL2CqiCV5$fhg6(%%V&%4h!~$?FWAFO_vh zOx{7|)`juc2Y9qL>bbkA6R^e)AKr072`%5qNcz;vA@~eo(Egn}@v>;U`)bw^*rhMx z6)i@TR$kWMCORLo#!?wdkj#d5wTdN8sln?~D9?ozdj-g7Wp@hQv$W+4ZH^QIqZD(S zwuA#U#X^ypSLDIo-n*sQ;g=rRp4NWfdGvj40mdsa1(S2mf-lMOZv3 zf)gTiqjU7Au#(L+s(2E9Z-xMKeuleKx(h%cEm2$%IMAH)pSo+&_(YKPCb%=N;>kHw zblcfk&Zzs@SMpK%Cb2z6B_4{WAX5j-(QEw_MnU%cn3y(aGxX(T{iMcnqF?PzstiUS z+rr(4fkR(D9wRn)0E%?m;c1;1k4gvN-2n&3p{zf#M*IJ6xZrALf^Ly#u$OVKW{KX5 zlFK$mlF<^LtfKL-=9G1lwTS#&77Ade?10;G;J+^>8^CC9E`%;nUzDydmd;NjiySTp zwMFV-@@dRK_DYAVbl25Zu&r)Z!qv}a{*8hML|jT#KA+n`P|LnBq6Y<1P%(xOp+!P? z{{EIB;gTD>W|8moH7F96Xtw1iO450bPKrx?#z`=_xTTaK_MEf-*Y1$h?e_pO*?}T` z!pyci4&SjIY3AUH!1S4JFk6WbpTKhmZlaT%SW-(nh2EBNxN?~=QNL^-=P`Yt{^xZj zO0i;wo@3RxJiiP1VKPjQx_R-hyl?kwoSVzaw7!IEX7`Q?S>ad`F#k*}@5bU+6L5$0 zCHX_8i>25EedN8h2BWewuQb>>NQSs|d*Q_^B-#=6)N6hbZW}#A`5(>}uAH5C-DL|& z#wexI5AoE6cO7&0mkD<<8hok@V|eOuUohvI=^I-2e-mTr)xn2&SBJ-+I$x7^K3nvA zkZkIF3ump%3F8QokLeyWAW2I;w;yhPN~`^b-tI-M=lq3>aj4jF&?2tIP=)AFhOAjs zK!;3HV9K*a5l5A2{|g1w`Dy@x$YG)=FILY#ZR$5rkXi$~3tib*5=aChGLFXYQ z;TJ>YSIa65Q<8E7HrvrK@rHoJuQXs%!381(1rX9Qrv1-jMiitA@c6fnmd z!cqBvX0c;>p5#j|*kZQ^WV28xdf~?CguM}`XQg$9ZSh6pMlx(M_WPk=;bJMao>I>% zFCZ2iL3BdJ;V&N^;3-$?qET|ppzdXa(-tmLoF2!)soSQ;k1CBR4{?h<7%!OF=zN zbbT@C9deSaG@8%d5c@@EPPKH!jK8~61CY*gG|gPfDcKGiILKcUisyaxh`~+tCgSyQ z-JttPh}H-5Eb;C3ihm4|JU!qNX=wN9+z1VB?6#m$FaqBHgN~Tr(fJGN1kxh)4Be1y&;&~E))^2+@> z%>*n0CB%#6qQ?$Bkb&LA`e1r;I5GY_z1kP^>fobR_Z`yt2+O(R@uGn+D{1gRCswUO5bUo`B zx+>b7iZc`uMfE{vc)v+6W%$Yt(!%tOwOvG%Lx2UPz9}gq6;gjy;J^-Vf1e# z)b}RfIj-aJ(T#s0(vK&obz%S$=ZRCt?`x>&5d0_FII(=<(hvt=3dx1q!4NO$x$aud z2bliiH{$bL;b(J!(@oDF=q14cbg7NrXIS)b*fnd=9fLM^$J~j0#8I z-9G^S>q``8mYFY5K9V}Qg(h8;zIB?b z1dn84D?>%tb-asN=cq^wv*;?z&=r8dlx;CCR+{X1G1p)KCY&R8AA2mqA+onPk*5FO zw^3-azg#Agcd25jLt2EekRSZb_iP$H76bP$hkPW3n;UMkQ0a80JND?Q zBem}>;9b_)%6&{)gE;cp9SR|_gFlLA$!|ydQ!w9#HrAgh%q?Ir5Ed1&X>> z+Ta0Sa{ic5>DdUN4NyLpPDz^x&q6VKil2NAZ2${{+4fg^6inE;=1)YVHb5dAm?D*ByV>S zfLOfIUKXRnDOBxY_3g>eixm2=5{S+x0`Hags5J`yy2eZ8@Zf@_&U(6_)eu1%LD~$RMo&!z3W-TS0D4;p3W@1DfwUQAv~D4TJN#j zU?g8;$tH`!U{9X(G~k_Q+#4Oa89U6_R(e_hE!!u+&A_(?FM%CVb5Hp^TSd>yac9DZ z+*8AGOcI7)>&%mL;M7x;sUo0UaGZ`S;;d}kaztRn=5C42(a8JgqXp~xr9!S#EfVD- z=;z~T8IQ7X-J|V3cLJo)qm4p~j1L#1OwVhc0rMgkbl%v-FruP8AdkddHqh>N?#9#LkLeY`f z6+?VApdCCZZqGj*a<3sG71=4id1No~BCH}$yOhbRnn9h5nS*C)!{*>w#BvJ%!yxGq zdu#v@4u6oJo>8X+4&P+DK~L$d@O1do+P_ZvQnnOk_}qOlM~fIBdOmqOW#SV>fM{-j z|5yK~R=0}mF1qfgYDL3u!%3!XwQht*DMUvDlDTi$9Ty({`niXB$-f!8SVelGb_3ke z;RYaWyuEgO$`ijY2~*=oTgnPid)589-wI=_7$_U*hh*7C*ZWn#R$u^LfUSm&EbrGL zCzR46^Miv3C$lB&(vICG;o|C+_XqUG>lYIAO~~)IPjcc7K?n8^liew4k*evtZ!hT% zeLX=a31tENnSimv;JiEIS@NedTO=o4y7(ZgG@mRwvG4N7kzFd7T*iXujD%Fo)@Yu{fh*Zz&R=3jwDClLi_dF(uES9R$tLlf(PbN8GGv8X|TjM+pegFIn zuCL3j_)!@nxMNrm;+$bfWG>IEzww6}thq-^i$ww3!!8WL+GxpSZflf96#Y@w;9@QJn>`j&-E<4&j^nyO-tf=sWIoB1weLzHL@N(0| z-Zb`S+t!-kt&q&1;48>DJ6WLXd<}`?oyoCd^uN2|-t4Vzz26uyc`*bNhD6-Vjpn5E zhz@BQp^F1+;*`i>J}$#mM7tJ}&vZ~?sd)!Wt9o*NsEmjoq<9}eMGIBFIt2A6Kj5G8 z>y;cHjyTrm40P!!fN4WhBMWH!A@*O&7qigvB;&c2v=l5G5b78ndrnjzAO11z4#8~& zI!&`vbUf!9O^|J8I&-2gy8>(B4n!{;)&G?JkY(9Y`cuWRfv>L{2JW3fM{ zU(tg(;t16q7m(r4flDG@#l-(YvevPMOKso2wSs9CH5Ctde94k687MR-9MNMB@vZU) zYO@4fm)1nR3O3;|z)Bcx)j!iGzO@`cJ|4XnRC@7`Y|j^DC>hp4A2ID4Bh}K_|GI1$ zz{Z}@#YOe#pByl<2e%@u2@uea8H=+{5Qe-FF|?GyaB?uni7UV|n&;L>9ou zq{8wOb>Xo4qNEk2T>G}-kMkP5HnNSrU8fp^8?l5*S3}}HT8-}@h!}nr$wyMzH$LIm zrlmGz7vtv*ltK2fzcsPRjSnCRA>iA#MhN2^DnJqRlFdjZ z)jaGQQyz0VAAvO==8DXp$qz!wA7UpBKK$#;@o$5&evd1oWGwTAjEcp82|0lYCmSI| ziYG_VFkbs7z9IpbzQRHbH?j%MbQF)G>m$fi}8`%GBB46@8YQ7(YsCz6v#fo zE;chMDRq8uodRAB6!c|u)Q7dW*sb01b_cLjQ-}%c3`7N5Wq%1?%p;@Q#s@%e#O@iD za`7|uKT0HH$pbA{!|z#s6WUToi4Mm~?5e1FiwYsOW$k9>=_fEG>Kk*At=UgHqGm^? z&V?KBeHfr9_|9jX!J*b?&F;dm5Ct%CgMZXaApInnDsFaH;VC4Z{}OOwPB(s;{{{pIqc4G{00JVw5r_qaTd4%e5}M z0+r+&2$L-+`_Ofo7?p{@jUZ0g`n57PRacl0^-Qe+LCh&7FG=e2dX>-T zJ;MA;T)QLhbl9yV)iyeL*t2qiQl(Y}FBd z90)woAxS;_1BMO`7k2o-ZT2o|3>ZDJk~|Wf+bY(@{lz^m>uxy`Leu3XP_hqScFXcC zAYM-Ne>GXg%bSX_kB!?j_33MPf*6fZz18WdFDhVyx$b|={o?5~R0`4A$-3^lg+He4 z^092f?xI6PO>omjr94iBN4#$l5OorL3V_=*_QYi`gI4XbE~5(1sXX^$kMae-b>$YwO3LI33BPeO{n6EK@J zSBdc!QcdX&+eA}lg3QhuUh9u4L6 zLOu0q)&<9WfQ8eDFaV16gvDH;KW5nE6NEU_yIQv&8R~oF!m${Ee?U5H@vBTR^9&2v zqC;^?ls@y^(&20*zSbVeiDDIM)llrmSIl*-^=Vl)#z8gL&O>-6wqhy`uur=&;ob`3 zz!Uo1z2qDC9gM=a)Ph_p^10e(z#!1R1VLa~fhphC(66r7AAh4F?ReLqSbFb{duhw- z1cyD&u1w#bm<8m7I1?tGeHe@l$aiAHNS-f9_l2NfX&=Dh_SqaJf$ZWNIZL*<`9)cH#FZ~-Z^!{_B?f-jyI$5vCd zr#m;ii;grBOZuQFd^a%|T+n*dmD3O_wawK@vnN6a0#Jp5s?pwX@G7$Pm)swzPC23c z-LyZLm3-sXC)K9fX-HkRik1(dBj^wTPx4cu`SjQiiiD+vUpTGau-rJ;_^Ih4gw=|i zBOl~0uV?feztJ&jaQKogu}L`gB&SMi>SymN^ZEMIhPhJUow%^SPPr>=C~ji`UtEJP zOQU?NU5C#%um5;DuApth>32yNk{dq|zvExEwxgmNPf@Qq2{(lQmYF1h0&jG>GvUo< zBX0>CeL47W?ud?P;`klqc*F1LMrZe~LwTrytv*WSo7<3Y{GE;#gy^RARmP-4(Y&|i z{N|EE(PaTd0e>yTywF7~?YstDkACk4iO6+Eq*xXL&%_NAjx4L&XP2OUj^w;8tKrb0pXGGjlS#l(&g>}-C zll8F!0S)AY&7-jcs>zP0zF^-{!Ka#a$}vTrRYTvQ6j?dA`;a#p4_NK~IH2eo&qtY| zXQXZBp)VQw3BvNMb-5qM%c`%4>cIe{ZJ1r***~|+qy8a^6*^JuKP$PV3Af?d21XuL zVqFOa#h3FK{H}(H(sC+rEzb@8@O}%?m!ao^#j!4jZg(M%?DfHm#@P)qdMXVL(U+QO zyKVCCiAI=xgMm{O?~DP8-~>LqkuRKGI(n1c-dG4xoQQG=HE9lnlqIf~8Xui3dL_(O zk}yWsNd8+?b{$VNDDuL(5? znMn}sa+}-Yj!O!sR;Ke9&z7&emc*t8H@1mrL!Aa);-TG%KB@TxA|HQ0-lr2gOVDc6 zoD8jHk**vW2SnL{fH38D6m1ly?Zl{_K>kfFfAaWh5 zC62%bS&I-taZ3F2w22k)L!Wj{QJ>YUm}UT&ZK)H`|G2w)WYHb=@TvRjQp^@5zKBjg z$a?-U$N881LZwS}@f2zyRJHho2?%J7jdujj71=OkD_`GO9T#VQ&8lg;TC?}I3ZHl^ z$R2&3F3sIh9r;;tQwT^q%w8>Gj@%U?!C|&X3XjT_FrD~`!fZTpye4vR-Iq|i#$xtV z8@mX@|Jcg7qv8LAkR8-ClpPu7XeGi-hU!YO$RuaT9Pm6S=xsiK?t9v%3nB<4)7&0w zUCx@wH|V@CdQ?7hjaE=}t?Vf5GxOu1q{jbLm9!jrT2|xm6d&;2|Al1|Tpy1$66a+r z6geRr$1Vyt)xbDogPW8Eq+j|QU>#{K&sh9U3-_j0ESucb@0AMe!JuUyA0^fB z3b+~k`J7D1ws~<;)A8>r5hH-hL*aX2ZNNnV(QZVYUW!TVret5gu0jzc35%F^yo-Z^BUrz)5X2b zD-*X%2rAMOK$HE^LfR@h5<4>+Zc^?sY9|p65|+t@2Acf1@87i9Ss%3uC4HH81h*Y` z(NZS%=ebdX*~#B(H-!>{j>5pdgWf)% zh&U{p?Mi}lK8q?F#cYWZlLQm=W77{E;n7dF*_;t(^52Uj{Zv} zMa83!B{o8BOeE0g7`RXW!gD`Gdvj)gsq*%o@e$HHq!6c+U(g3CrF8-%ra3Dn|DEY3 zj*kGJay`{49sH%;ABl zTUExOX$Fx8U0>c=O&|&^y)AZp{6&Zpnf=#l`#Jb^Cpkny$%9MeA24pXj2fFgALM#K zRj%yFuY=Wo?}&xf&oh;pPWVjJ&l{I8A1zTnfKa*W*ol)h3>3C25=iR^>$SZgExl+# z`C-0pm`~wY;KS*12%-Z9SBIhA5H_wO=d15pjWf@;g*%&T%kl1l$WI-gG$Zs~`Hc>A z?o*WqhnZ6?BSB4yxXk>wt0{8vn}K$rjSQ@~5L%b(EZuJwJwph|JPlWP1XBY(MKxcX z9lm|nV;kQvC9Z*)Skx@P;^K@EGPsgOtGiW_39rF=I|6wT=MLB+=HeG7uBi0Y(9oQZ zJKN9$MUCD?h(f2xL74K34A%77IJm}WOK6Pk+5SZWH2Kf5c15RqU7^)>OfpQQ!mHi8 zQPyI&S#sSw3*~qGMf*Hsj0VKuKF77Oi`ZXhVfM)EJjKi;mBoushcSeB9fAlUa`>yR zq&+%#CrI5{v$nk$n8a;ijL|I;3|HY5j@#4;svsq)`pf#IC7+|%!a0+x`~;Qy_%1}o zLcOa~@;Cl*k-qn*r&`7F(DIeso|vVT6ghoau!lj^_Qgd`9a2o2GMjaO3fE}a1}7#4 zr3i~dHi%zf7IH^<$P!t(!vAV1I3eMGdQG0j>n8M>jW>yx2Oxqz+8_5pX((AkCk|v- z?t#G->V$tYbMMy5nUqesRRfu|;dPqW7WaB0o5<1r$|9x_PvyG#&A1%Z^SbiFj$zH_ z&pd0+ZX^DqV1aM#Ch|I|(fY6-OG~Jm)o!O&Yo(!qtbe_8Uqh^;>f6OYB$6(D9k;(4 zYrO5~@h>Z4ajizz-RzDyF4;Zx>7e#Z=f5>9V@vfQ4d<&)4DJ(+D=uLntZxbosW&RBsbj; z0bq%1e}z6&wp_N(pi4Yk&qA)hFR2yEV!Y~71DygQ-#rKR)oUH_sw}0Kw`by>-`fY{ znkq;Cq)lr-nU_PgORA&&a-dCQ6aSWyDvvbMLVO1vnePiC_az<}M*Ud4c?#4q*xVc| za1Y#XY}2dk$yP+YwF7mqEPO5vcQ5q`i}HsE^2SkVPpksxm(h6HscSvN^?P}aYY$!c z7A~VY!d&>B0L%;+h2)!duCs+d!`F0%W@~IytJK~a@f>(5mI`dt3`Q+)XKLZenR+zi z(tQ$EL9J9qAdxXRXCc(!eEfsr?QGg=n&6<7OcJtDk;e}Ei@C{Qo)bB z)mrt`flOm7%ms?UA8I0Hqd7TAgr~wCul6#0uSgA2&%4}VBfwiV{I+-VL6rnEn&FaW z_Zrjog)^3>mt(O2i!>KwHsJJnr}rW8H_OG}>{KI}H*QY7IPR=P&0HmCX1aZsjZ)*! zh|la6NAlGgkorP(72--RdbwK9Fo1n9c6T`~h0;Igk*spVzUub=Mb!W$-Y_(|TrT0B zZdfvmuLygc78)P$)goY6WnUUjAP#73DDCiI_Q0UE1(DaZF+vyqB{x zxkwR8alBbQtqKYzk*||Hu*pRvezdjg;}WWI9@t&h!B)cu+VNLgSQqF|*NbixsdpCc zvs;R!hTt`B*9W)yv{oXoyhB(oqvqi5eRM?TgC~QfhHv>?bf{6FsOSUV+y`PMJkhu$ zLR!E?hH+2tb_S`zCXex1F;Ci&^5+H$mX>WyES5ExOqGE~{;XgoV2D0niZuP1=R$Nd z!zX>t-zMnQZA8FisB{drBSW0V&~v)^rRj7d*lY~Kzg8}2+z#OaTDta7EJ92??3xBM zZN8k2wfh|8;hb|hQNdzWk0l50GWY^whuMH?T>f<8=+0V=Ee^uzGE z8pL|auoY_!!h}Vx3z+{#O0C$JG| zp(yuta^5gWS@^ zHbTDkfCKpO+EREP;09y87D^g$j4Mlw<*aoB<5zaL~v46<*FqKxI^q zTk$uzAZi)38OL~2{+b$NC)ZWWb=G`wvs`&E8U-@Dxy`-NnZvq9Ju@KMJ?+0;HJY)F zp~cPMUIPSO?f>VuJ*Z%-*4n=$I=4H$JBa5NxxH)2D00KEx1|ymS$9Pp z@eTV=`^_ZklIQSUM5aZ1Stv#E*`*wtBsJOX?hw32Lnw2ApSp_qAIpt@ zv|mGTH58^PN+dp2B|zQpS!5&1t15yM%Po1Z=z>;h672t3ijyeFToI*dt@JVKIf+MS zDQ^+TScfz&dejEO1$rU#x(#$K^O1%~bkbnn?eav|5>1RrIaa#`c8kO5>Un7mt7g;e zP}9Wb@&&*=l7vuQ%k+u-TXeEoQ@=qI)BMAhQWWeBgKP*A0&hdgffBYAsu|L%=R0}> z#A-1}q2uevlOL*lifFTA;09wKWZa|(u>;&L=*Y4B7~<$h`_u`esJHp8Fk@|G?Dj|g ze^2{gw4kJccl9OToWJy1i5(vy1>ZR_EwdcNHxYEs))eSFEufiPJ@%qM&rbAwMsT<> zn`o&^3)lHvDgKJebhocgi~e2%F+=&wVR*SwbIOSvw)+QvdURX5kvm0v#6-8ZdZves zcJa5x_choU@Z&eu&!uhY{AUyjb85TxvI3kCma`Q~E>EkL5XvzZEfJDw*{%ha=$0e20hL&0jADw|;#A%;zcuANJ?3Q?dCzr`v zIHt+<5pFlx1}{bPc=VG+YDMxWSxIxTiEdtc zmS4<^H#^je90>_)slV!gylnm3zv?=)V|W1bD2jSs=L#d%tn`9;$Y8LjK1F%v$J($A zJRakjP8%f(@7J1>Wf7_nl!H0}#(G{h@W6GjuE9GE7-(CvHIK@EEc^-mt}$#upLmou z@rqR9u$};PDONmNpAS+~mJ$hz89!=B0@w=y5Ik_9|9qah?FIL-NP9Ny;Hl zw!yt}em-iesK9f@C$=*9LxF@LKXZO^iPCe@D* zH(9wg!|r>1`u3CTbw~68N~l`r<1h32j{W3pR;xqt@+U8;Ki++$pnN@%g>iEDymH6P z2|FAw^ry~tqboH{WydQVWg_h)Wy<=aicI)k=}x?mSNzMhBDg=^_3N4e*etaf-iy8J zPb>p<(s9CT0n)Cj$OA4klaL}g{w9@R{CMG%dy+{Hqn1%$ME}dcKY0)IRE8D&GYNrUqI|n&LlT)YUi$QxJ@Y>~J2d9}6Bb%2LHb7Hu$zTf!-i*N_Bj0O$aEe2Rv zHIK>~BVD(@S@8$oKe2UXq`dx-e%Q8g7-?)2=6^)k@ZzJ7sPdI$&0a|fsD%aY*Z+LT zcD=qH>0%UNo)ms7e%`A0gPJZ>n6h;-vvqr^+q15vl(eczyUtk88v_?m%3c018P>BJ z_mvD0*`}k82e8giK44e?@|GCfchp=VSrw+H=-P?Uwm?$`$ z$0-gcZ4nQLe1?~gsXbg}hF3pHVG++40iQXfEGVM78pRZ-=0|`FQYJh~I5W%-W`u=; zMBC%x6Av!`cM8}Ofdym2a*078zxkA$z72l7eg*d6 zU)#=6Fjp5t2TQ5hWF^Si zb=^jL&R(Do-EYkN5Xy8=bthn7q1cS`jccZ!mQBw_Q|t%40c}_K#-2!Oz9dIpgpu9X zvw%GpXrv-pg24l%V}NmTr292MVbq54w<&W@iZ9M)D0P`8lZ<;k6@oAAoU&;3zre>C z_67RL6$;`dzwfXACjGw)JHLgScHh}~9ahdl8T;v5+v;?@-6>KTbK4ENp0R{!CWX2r z873%`Pv+@c^DmD#TSxD8(g9o6z+|y!d{gqv<`{hEuuCuEU;0V5n1ixJZCmVhX6ghx zgHP4N<9F*xCJz++(As_|$l#^nWZmt%aNBuBF+-HItuXbKCaCms$+zck$WhmSBnAIR zpY`AU^oCeiphZ7QrgI_n29@t@ZqXw5AuKLZRXE(+52gr_in6HFq^`~oC|y&ukD+3G zv0;kzku`nxW&<~)Dxu`g-cGizj&!f(40Ek<{Pp=+_$3UBhqs{Ft9eARqxnn$Qk!W$ zB_e*!nyy|_YNQP(V%zj#M@1h5juazCj$4ABK2b{Af|E9o$h)Bh;U=WZ zNfYk4eWegeF(j9EE2hR;zEXx0f}n>JkZdL)j8w3V%ul1${dB1;4QHfV?Ubb$de9ij z&G-tkYx{{(;Q&dhDJqww@U)FMS=CEwoh5v)mlAuCTF7A-XeSY+xgY**hMy>r`As(+ ztEPNUKszO`Z`~8}_Fdp}j-OA-TM#wBKuY3E81X~z1GCptCkk;_)XN8>j*~O_=jppe6}RDJERT`v#=;fNZykNwrI(Vx+9cM>OG%%S$nLnfY{~%o$+|%`jS^!~o&}!b z1g*p^Ynef(!9|FQT$^zYB$u7qPpYx<3~|wPDu?%f4=MkT!OF@LvL^$aCPhaL$@Y&_ z=Aa1-JE>(fLdDQRt5RVN%Tcb>txJ2`CwHY=azB;VWP|6QzGuX_Za)&Z-x=gQrbn8( z*{z$hu$Glrtv?3lj={V<@vB2)NqYUqCQOAT#7DQUf0$6Ug8A@lfwWT)BBZ&HoX|K@ z&iS=?s`o& zuqYQl%J$M9v7_XzzxGz-F!IY`3|#(DoQqUa95j`j7Q;MgU;TR;q^5cw!cJsjh#ZWq z*g~#vEk^LWY83o-CeS1TKWUb|d_5NeWk(0-p&aD1bi%?ed2mVht1#KMpUr5HLN-fnD@@I>?|;|snoh`Kr46o<|KI5A zfAF|0{)5EM%~lrKd$T5dHIr)al008ue8IC!6xGeGkV$!u%>1V?D8};aW<}AnM4syz zgeBhZmE+++@@}|iuw|^nLySSgu}h^u2dDF?m@zkPRZ)a~(v99ws`ZmY6@e)S8m%IZ z1t$hYaIIPTiNCLc`jGkV%0Xy$S1`WT>P9MHG_g|*dO_=Bb~jR?%W90(LN}o?YB#(z zMo%mv$YL<*AmeQ&&01M83`D14T=NwhoQy7JodEBAms4j#k|?ah2yNRQ`};lK_2x7M z3G+0SRujr4G(`=^T)|MsAqEf~uscG9@iMsD(bN9|Rp`1DBNib{Xh!j>!2s2aeo6;R zo8z-2IQ~b{~<4>dy2fi)Vb1dNVC%vysgA0$eRzAokGl8iCn=Nm<`R3*)H`g}$7aFaD~mvgS? zayD`nWvGp^Uzf~Frd6a&v&cJ4{7nJ*2*^s7MeF$pZLggHB=%hibkV*JzDL2)tub`z z1iPc7e*tNwyDyZlO7>>}nWMg7Ik`cz%1^IzeF!DviyF0_dBwBz#0S_~2P^PjW9e)o049gzltRxuxf;*a+D`Pk5J&i(Tfm*SuXyY4?p zw|juaasR3f27Zl3yuRIs>|f&s^?Wu*gUnjw z@gtNSXkQKGMvOu7e;Vjq*0Z*PX_$BG`M@aQjWn@}gGxUTiQ3YgH$txdq%D|nbh4Hc z+loc({;>VGEUUp}B-q!tXH5z58N-28)wmeG zOCr{&lD!_qiV#!1$n7@N(pX8KPdf=Id`l(fcTMnV)L7?J5}A*U=IcDx!p@@%rVbD% z&pE>mVzc^(*Nnkw?Z>*D-8wbQ`%rx*nn_5-(5Au7dJ2;olsBzZy}1xZ@&fSZ?1 zox$Em6qs-ca%SxLRk@8yk4q)SB8v`uTbaYuH_X6~Hf^hF|+R%BIep=7*!lDLv z)g<^=s_LuC@gF%2|3Z=S=91dYyPF!!)3yFf%Dw*2^DL}I2KaHvzYn*)TbMEOYOfGr zjW9G)3>T(Guh(h1U}#-`ao65~ZW!!?6h~Y#PEpuS^U{Sce9mZWH{Q-XeHCTl-HF zxv?gZzj#|~$M(GdyGpYE_2rQ(O7y^|<+ZSW(dhF*A5TyvikOF8{8aVBS-baXN?ljD zL4r-mr_^f-!ESy6Po+A?r@qnHo%3S@<}c3#_Icr}cAgd4E%+xaw#>dr=OHCEXN~8| zU89#|d!$hC6im`vssYU;-HV_tlBcxdh*Z86<4h>T0&Ok zie2PyE5?UwS(2S?@mL(ytqOaiiZU~F*E18YTqNm)S`^*iFW$q2Q015>?N}FJENbc{ zyS%%vNDo#p2%OAr=_>1FB*TE%Zu-Y1&(-ZT1;&=Y1ufGUu4k88Fi$6$tf^9GNZoU# zkgYeQs)voMyN`6jC0Ln0GRy>}UT!=T!N2zT?~gGV9xi6Ch3{Qgr&?YjU7ymOFz3Q< z_|(OFEyPJg_rf}ib)bN1)NqN^(`WIcJ!0Jvg$n;;(ggo(wnkolhAXs%-4|RMMyFB@ zY?iLawmRpFf__Mq($3*AZBp-|iELQQPG;-)+oQJEVSFS9h6$PbNpjd9wGo2%!oj4k z!tHMlFj_>N^V?ts|1^6=HeIX?UUN)_w1QV`7+|7_+tS3v)W*u za=a7K(1Yf2G#cmg|MuMq3khL?9k4nVDQ?yDyFP+Q6!qnMa49Y%=->HJQwYvM? zYi*85R3GOL?dMjRJ&tUtteY=LE^FtM@0cE~A1a-HLc8bBQ~9{7_tkg3uT!^ZGbJ`j zq(2^hB(MxO>@%Pp(c#e+cPW(p=n!7(C3JKZ>uTrh$dJ?(B*qTJ*KcNn#aPzC{1JA0 z_FqL#N+#IEo8!+j*5LUj1H~)q;c=i&k$8y?S`bQIg_!vh#`Kz>__1S#N9_G7|B`P@?27t}LqyXJhDKL7cD0h^|Rg{M&ezl8ip($L(kci6p8xkyqGt9%V`8)+8XnXq76p-d58Or ztJ8KK0QNU-yNSk}j!6%ZfY!SViw4jZ~`iN6^P(rnIi zlis$ghs>(3uph41mlKBE`vZU8bDdxdYQhekVz`;|b~CX7>oxq{EWhtbP7J^CchXeHRS(M`(Nx+}Gy_&v|9di&FAv|BgS#B@DZrsh znfMl@M(yu|-KN#0KF%5N7VTHo!h43NJ<{m6RIQ#n-`}NU)FpE22dQ56Y=->?sH8CK zwDpXUJhmU9foNK+^b4bln4lIm8&<#%pP0m^il&(;aXpQ%efGLpEkec7@I)0%Ss!VK z%KNzB&-r_jGR^c5`we_t?y)JMfQd+>s0>VCkSDDK_?0Mu#|NtYSe{TKzeys7!8|UTropZD#yu%GaY89Y`Ee`dG#fml{>c)(2B=dqX1dIuno} zEVpnVL?tj|(>iX~8ThwwYg^V%Vg59D=@qblvHDmw?OSnSeOXKSp3<LI9j0`%Gc8rv?QgzMM)c?uU zCH4MgnsRmRN&DK4?>k`ZHDdCs6$FX_0L)6J`qfk%M@)|SD#||fm~g;|5q_1zMoU6q zjgEaOmSA{Nxl+K?R9AzfjCo@&uk2prCYU-9s@rV>KG7wxPg4D=(J}E7J^GjHwv1Sz z@Ci18=Hi33IldMdOX3#5yrUSl#Q43%pubgdvTQd44 zvuy)4ox4x2A=)Y4sP7Uj#jwGGNV z$Uxfm*V{VUJyvdhvdgU2?^K)FF*DKxvtHluZ-EtET-b*sAE=M>+%a9{HP+Db|LE1B zmS#5S-aU{Yn_xmC(jP%lGC;jKcm{oyQi?ZH=Mjhg^%iOq64dBGP>TaM*o%$_zsm4bt zA4jk36ZJvkwKJ{r8669-@X_y?uAIZIXRzt{cvlW;_?k@OR;Deb^Ow?nxLUB|qW3NX zI?P!tc}8YP|7~o)>mn^}_;$|C{O32cE(u$c*;m%Mt_x=|JjVGFR#YvIqo^Z}aHBl| z>oA>eMYU{`RNuLFnfUl;>BU{m-V9VJ*(K{7gS}fr#*joQ_1Zv?gdHKrd~D#Vc|sl)zmW-& z>QX^1K2@UcHPk0UP~CkiWVj?@Lnbr6lR+bzE{BEJiV*Cy3Eos~eV3aA2&Q zOVz9JrFI`CdzS_`;Lk$CleNxt5_gJ!SR1;yzj+o|7=O|n!#bEdO}C$l4URDh8--2g z)cEx&FKk-@v~J*#^v&%PH%V?U)YT~c41;WL!*rHIaO0^ z6VTOr-R-gI{Ac{-LlXvVYV&8trV zxVEkFY|y&M=g-H_snA0f@vxu{uEBmdjuD)ms3v;I>&p1hDWiG)%eg7z4ChsMr*oYt zpA*5n5a;&yO5l24glbZvEGG%;xqNW$#e+@CWQI~Zg zEgAIJsG9gKb;Ce{@V3`_U!Zv5g0pXFWi@!VrhCJSDn<}@$QF|5d9{#r;)_-?vyKz* z^b5PoIEAL(RQJ8Qr0!v5-1mxPuj)IM5S@|H*${rUPEDUxMm2*?oYQT^K;81EWt7M} zhGHgZ#ZO%#fkq1Uay>7zNS#xHDqNnA5DL=vq}bib6inyKp-n5 zgCDA%*^Y>WF(D{U`r|Df36nS`R(OZMK%zWWxTDh9=P=YqJ{A?0xBP#YMbPCPrC1x4 zpP77el`%-WRTgF6ke%cmDHmNl6|ZgXmo zk%C)<8N(C*q}O$2C4eJJ!dct>#gbeN(5C~eeNyna7eK6CA)T#I$n&>|yck)qy6nY8 z$p0I6vb=82%8gTxO_~}#Kv&hQyc_Yn_6|gGT>hwm(IS;2A-)O1Y|=f09Jf9O$c%hP z)L=RC6}6v^4THeJ4cJXs>K2D~zN8;-M|PV7bE~lip+zN@JJj85`&YOC5>#;Ml8cH= z4&IPj?JF^MRv7q1zML5RAnYCgh!V@tkFJD9WOVArIT0!qX|V|3J2MTDL>9r}g4|sU z2u6u3q_lM73TyH3(vNypbj&PO;K-Vx>>!(YPG=)?nCj6e}c=YRk^A*To0fKv) z0sQK(^ABb^_)GF@L9SMk=S?uH3uU=8Wng=&e>lFc`a4+7r|ILO^;+E`gjx<1>tx_x zBbC+`F1-ZP)dhp)C(w-?yv11>n*6)j?yn2yLNPmCyMaXO8415co#p^=eP2*J7kGE0mbs%q>>K~qk!G245EcoCB+4v2px z=Kd~!CnNpYhx8opP<}%>xu)4W#%m4Lni%eC7o<@OySH@^QBh_1V^dfgdx-=f{TkQV z164kpF=I|g&8zu865?8bV0&hE-JKNjj$Eu0k`L2d^FzaeoSpir>b*HG|0xOmvQPDV z&JBa*tT4f9F`N8ORoLYjU&6au+mroUh}7dzvs9Gg4V{;$!>tJJEZLoAw2-uQl1+m5 zBHsl2+eR@8cc5;+CHN(ONKf;&5k;|iMrHes(UvDLpu!xec3Zx4%=q*R*(ISa(l#p3 zVe7y9*#5tQEsHgm3-^&urIAXFpQ|65pHh=TD~%LZ%`;znY5qq$IG4 zqfthk#FccG=W+}YRtMW+;M*C3{dO{7we4|8^8 z7%$*c#*HY_tBBW-FQP*JCj!#r{JrLDiDfA5mvbflYqyU3kHrFRz`x*X#g;VCT!w1% zDh^e7kVylcKdQ#j5BmM2P8*dA)#H3{)kufJsk-$W<-+LSTV6*no~d(S^IzpY{H{w@qETzfp9>9c1mnHMQOyS;EVCjwx+ zoILEEixhV4z=tM_MX4KzNLjG4dbsIyJ)UQ>K95p?0H2ZajMp!1b$`)r&ZvxeM|?bNUGLzrUfmmGLrp z@S^EvKos%Sd;k(d1ZpX>FEV0hT*UULijw#53Bp<7ueourT@!0`zN;yNI2KLJXy^vX zFQy$JhA0JpkD*2)Sl=ecFATbIKW~J`xjopqUEt`(;1F-o2q1r6lOj4D%UKq>2vv2x zs66lRn(jMUuDH5E*_F_B!549nZo1(XvSxKaUJ$q?!cgUNf++MgPg7%qo>K@tYUPWv z_-MPYZ?j|N`J1Fa9)3&4)jCN&GL8-Ik=>kc5ydWTb}-@yshtcd(Lq|#!D1xeh{~MYlu7Tc508WbT3L&*s*AhDy8|!ssTd&LkoUvILnCps^LhnW_M$f|9Af9oX1dp( z%uQND3ijdNQ+G|$Pu(I$f#)b$zQB94u%oEQUsz>VA`x2as_een2qu5)Y<;ArQPD2vXCLk!Q%mTfjZOrtl9wCb zfOS2eUyk?&f^iUg@th0J$X_wVtu%!+`0a$ueG1DYu5lZb> z(HiZrtYR8#oVlIV(M$@e^1u5QEd#x_*87Kw%am?GG3MgJB(;s5GC7&Ugt#-9v_HBV zw}$$FwT{C>bVv@gZ*g6I^V?I%IwLK4N78aF`M#B)JhsHWTb{C!{0+q!F403<8aWh&YBS3#Bw7$7)=iw zH5Vj)+zzJ-V}4^8ANyBs4`tv1x<^VSDhBpGYo4mla8Rj(ZeIX$6 zr=(?TvfPkCgD(~R3<<=lLD=#*L-ycHxv=60)^8LfwC6(J>jc7aSmY{`h$__Pvb9bazf z2ENjasNP#JNb1XsF?TfE_#s=uQC#5i-v(9G65XNu2d~gf$&%3&X$`eH37ek-X5jAd z1-h7lmf^sYpMyDcR})tDbOM&g;?J092}`^6_*J&pYBcGAJ7roIp96}|D?V?^H&;;= zmf!iZc)fLX(ReUXAP{h~nh4mRnY=w;^l9H04QbSX zTMKt>Ur$@$;OQ7D)On745^LwAVxjf?r??bHJXo8w#rwI|iIv6+uqn>{zyFP2q|@GB z+M}kgn|bW3oA?eMt&M<}lIf&YBT;;mKKqe)9#(9$3?P)}7eZh+?BAGNz}*B=@RFk_eS#Z?-3Lv=7|Lw;Lo`!P3CL^aqRN2robMMKQF1 zUn7#I@STa$6E5UH3$*e@+Fh`Z+D;?(cjqx9^<0KK8OI{jDqpZl_`o4Rn9Ln>o72O? zc+ZCjYXgC)?fFT3aTManaL6J>Ju?NtrYKv(N!dc^?w)bm!3DtZ)APDlkLaUj%O|r8a9MMGA}d! zHq5+a-}03gQtywO)pQ+O`gl06tDrmn6TaH~FZe3qt?v)A#gx^Kz`n&EG^z zWm-FiNOxp7#J>t@bol@2)BjZ$SPOk)*hovZ`ZD-iA~)YN!t|l*MoPjWSA3%bTJ2DT zbuS2vc_EOJNmTyao5-Yf9kjk~B30a}U;Wuiz|j0bFt|0g)fRXTLS1aG%`yl(UpQ2C zXm4-qUO3|V_`iX>5+XrW5%^J+Y?C-NPfg7y)qk*W6WPX%r*(~0sE6uTdDWe6W;U+i z5e#+A;cxhln_&+}Eppsg)s!H(F5C^?4TYEBTUnR&R*2Y5Gd&!bnhZUvEDO12BBX&f zL2c=sysjdPLb@`Amz6+ob>c_)J<5v}NJCMOe9&Nj!j#j*?WRo|faR7y&9D@Y5Z7v_ zDi^Vtkp6W!1FPc9e``^AHH@Qq%Vw0#J6z9~w) zp-BjbfWrf&&B`=|AK1|pmV;f%!IOgAFwx5*lt%evLDWo3!y~uKp&g{L$%EA&cQNfk zpvF+Tgsn&f*UXFEB=55ToMbDXjnmLbNWTQchbqH88^jS%kt%Obl!H&6tq$nrL3~)d zD4gbW5y^qB){Ve!ds;n^R5_eai|;FkHN8Gm5nQ@eVArkRnzIb8vCyNc|1&Nv@n}yu z(o-m!AF6u?0khq}D(CjoHK_sqk}E9+>rBt_mF;$w1P0FX=BX*`P{6~sTf~#)N=y6K z%eL}lsPtg!=F2YKkZ^%n){R{ry7X>DOju%caiv>4ki@4&HftkgW~r5~^lBA9O6gyI z5N!-oqCVxI8uuZLalo-W70z~s=2(U&OCdD{6;2HVb7ve|7s}|lDx(O=`fEaWa}NGT z!NdF0xnq^Sr3X#2`FS;M2j0N21{ao>xzd?)i2Or6$=vOv(_%THXF8>(kH7fi2o5J@ zCcG6~9wdIcJfGP^Yr2kv@OA>R|MMEr`*FUE0kI?eAlgr#Yl7QkyE5FL8X*|x%&fRP zu&3ZJTZR-DUBscL$|QQO!d`Y=18Ecd4V%DjT>~xRB@4bsk3f~nO)(%J!P`o~%e|$n zeJI+#fd10&ZM6OkzT2}uds8xf*aFP{I?{)Ncp{js6^K8^Nb32d$n&DSQ3B|~-H1T; zq(ty;)(Va(Q|M_mPA^yLSuv)_cpmg3-V2q>SPSw9;eM39SKwj&4lM?;3jq#qDAAj~ z-mg|^V<2$98E`k>@&JWp>vnMv1ok7#Zi#`^j?>Qco^$!?8?VTiOI)9`CB>!zo=c#{eTBED`KOX;={O1=)@0Qi(RBd-8)}c)-#$$cXbSK7}#n zJlt$}=+0;P(Kmk)XZ2C+Gu35wd+MSm-^e`3e=I;B)sHEf#!n{e)%r!!5k}+)8t!a| z1^}|^4a#%ei++fF${Xty0tE!WyPglukhxu5xXrcOPuo;}lu)C_7K1E?hC4*mJ0u|x zQTqFAEyQC^NID`Q7BB`1n1K=gtJ!x~mMYcfw}62m2^7ST4fiwimSC0wC1gV2-Uy9^$maF_t|&(6 zsDM-;3Vv_PQk#VS4TIUpFgfaNC;fV0Zj$%Drc1eL-7c1YE+WExVEYS%bCyp)`sgR+ zMxC|ZcIEM$LpJtfv~Y3TwPWRq^ZMM(SGHG*!jjil7Lc?C-~XG z4NWhUn=*=W74NmnZma&pQf9;}xTJW^*zX^xpHOedzW5i;3KihRSe# z^pF_Fq1m7t;x*jFgEcw_szDSu(yyyPuM3qV(k=hlt)qydxZh;(q2t6&yc=^Nnitb= zMK1{y@Dvh-`w&zKXER3S`-ER6x8+C)#`1=D`*pxPc?5HkFPWXgJa-i=wPmXyR6!of z^o~Okt&TPQJ;w+g3XcWEtxJo=g<~lS4YJ}=Use(bXH&mgSk7d(y^FB93(&ijNc|g4 zirJ%Kk~V74fPNE}%UsCBAb|(|B7`RWwdzfZkGkJ?#ReQLkTidr982P{w@t0JnvIUt z*%qW_^`L>HUtX5*bAU5QU|%*k$3nP8hiAl}Dk&J&LxCkjup(FF9HH8t4|jLRp(x9H zA!5vZVhY-1uzIcsnOp|fhSdq*$*ueXb9qbci@gyX?hqCS-o7 zujEQ~xgrqoQx6bNis_A+78MXc_M#vO4*-MvB0<^s1xKwT>=29eYCFxoq2DS9QZEy6 zPLZdV--JO68?aDJMQE{*saFDKH0UnwxdfkF**!-^=B11WaNPwVhzwqM-ft^+l{_NB zl~XgA0lZE@gg1|=EinI2&}5GmtdTR%8hf@R0#jDDaq&98y#;74O(_0H6X${huIn;< zN2c(X?e#YOA(oqR@FVKM!L`T>-3TA|a@HGbsMVI~fOBR`Pyp7nb$Hh{-!BN_`p7hu zg*Dt63Do6|y8-}YkZuBM|X~IoR6WjBo z4r5&O3-I7zp8{JMu!SqY_D*rv*wF=q2&zhOsnr9GPI}zzFa_I{LJk%D{pO?}{nsh& z;S&?(sZqZdD|-SYFwe*ZL5}sYAmQJot37=Am-Ds#EP5xJ3+&Y}>nZOO7Ll3-%rg{W ze&K0%n&dSyA(pD>DuARR3_*`}b3AQnk@GFl^$Om*neZRq+wUzTl^8iZ72Dn9oKMZm z;IYp}2xk)3SM%$pJyKO40`RW%50$|We)5n4-gdz1Y{{sgqj43)Pl{cq{c!lpsDSP+ zMt|7k?u3}!X*$2Gsbhqw%8F<(%y@#CEx=891XWnjx!=L4eO1B?2&eOr1&%C=4Ro;?&jeW1Yi!o z$35k1KxjzYOCUfU%#a>mgKZgQUBd^u(@;&Pgnyq-Z%wv2*mz-OeYWUcZqIGHz=k#% z%g*8K+Re;h&^0lY?~*s%?APphj%tbckxQh4YKX)x{2QGeqaJLiP8s!>STK63Na4FL zvE^0&gbjL#cqN*JCpExb1@j$-uIM6@oPttfOv(M71+64XsLMoEC{t3MA`$SE36~D< zjs>AhFTzEj@iS*64gBl4;55v70#st2fEKDNyE{Tn9=mPa>Bnt$%?<4LcK}}zwn{HuA{PY zMM%T5vanFtuQNY%?TJk!)J|<6{w>qqD}o~H%fD%ZCZVECeHL9$CeNCbAVvBh$^^F{ zN+5UMKh>dBfQIojG#I)2eb3tUWX(8MH&p(e;Phe(D~2`mQ>R}!9Nk+5N5p9N+egP! z;g`d5S32?y6_itallU7HItTSjzmDQC4p#<|C`iv1tiR8kOm)v(xX6 zZ>)}cUmob}lG;~a3t3>I7G^Oo3EaUcFtxsFT=LbR6zlq7TZ@)gqguc;nCwx%9{J0gP9PTGROGjr@ETz>+lR7ohcxvo7KAJLJUo6|1UUMs z#ADt^mwfwX&N!ZK6I_4jo37@peqhV-q`>q70>M3u&DlRaZ@ef*UkraS11*KH-@9|O z==GWNN-*-cwgXa=a8suJBD84NSU$ftC$B$x4KB(5b0hd`H4_)CJNz5WInH#zk`6P< zS@Ko-F~Ur$m%{mv>Ci1R!aOSHq&H#H|m0N2wQyKC3v& zc=JIwM^oCK^J-g}Te5o5+K%*a#CP0+#Xrwd+S+!*j*7W&A zt?fGCePMVyIv2&O!o85OqpvIAQY?;y!KmNm6#b6KlY^b%{pC16ZcM7IZ*6IP+q~qA zZ4QR|T3}@+yt~2Dntt@)jlGLWng^<0wGDw+==>XABr);ik3JI-QNFKone5iuTLl$> z=2Cixe8#%Kl)9iX$|$$J)qy#Sh-+gpPO&Vb|x~h+F z?*%c!Xyvd$90f>rG_iDHm`DiW>%{CdCPZv8H@YGj%Nbyl0+KWB9`pQxm#66*`v zi?nQ1Uv#>$-DUvYZj28`K*WSYpHNqNHmSQkwCtI4&CYY-;G)cgd0XA>KdyxWCy+#a<*QiTs3q!s@;@}%5? z5S%Q`!;jvvF;iAJ*>N&dYwr;EU^3zJmyN(j zUm|l6Jru1xBu01m%uhlcJE9llq-n~gezIOt{#(kt5%dno7GFvrb15n0!Tno8^PD0| zv);$fL(d;k4oF_TQ)<~lrl9g_RXTJN zWp%?mG~%Dyzb*tS{lY-yF$Up#>rUeSE#8htkCVxa74XP65mn26qI?Wkp+{0|P?M#k3tJ1A1LT=JiW z28or1_A_XlPJ#v$_9sUQrpQ9O5uD+P+EWhpN^DXGt;7s@FnrctOYZ>TKIouON! z;oq|gov~^~6BkTig2`C>s4Rlon@dLLHkggcZt{h{$1B!MUqG)Ud#EdG)N#R{2^}3M z-`H+Zao|b^;0*bbX}Z@8wVT#1!LQ%Q0H#3{<(zd6H02(>^V8{QQ4BtOmK*8Pzu7cT zfJMrVUkhv|WUUKgCO)`r#wbGpjmUO1bGXt{7%zWbk+8EA(KhNSOLWcO`J84RM#1iR zWZ)QMRpuMs?2E(5{G8QiD7ewvdqAHv+_D_^L$U7(tyKc69AaL9=T=$&i&$T}M7o7NGfS>t%aoXon@D1h*Mx zOVP#-4A@;VvX9n1v@-a})lL0+?rIl!)NfU7cei#?*cybn_OyYWsFsVrhvgILVB6-F z5hG7XyiW-L3fdbJ$dzE3jJbr880)CxLMAy!h*?QA=6NcetneUf{W+D1pMtEex>7IKkjpNl0Alhj_h;0x2wjMu6> zOqzN^=;hL%64$}HObNv#hTkC7B*-r>l-?23T)DbBatSf|v5e+Zk3Ez(I9vmfmGAyb8cQ`#|5BVm{$Pd5igFD{gbZTmHka zPKSH~%J6!zpHCb6jYl>#z6*xoQBttB&AbhXGtB^bCL-B~4VF*={^FF!rR?=P#cmM? z)+Y#wm6Rj1ie|$IEbFK-;-F)NRAm~Or+daOs1&M|-nidot4wEQ2Fhd< z>i(Ta%Zk(=ZiPcD)(EVgI)1)z4I6%^8XA&TF@bnlM82tLnm7y7_znMli0_nHqur(` zVIP~@Tz|A8UA7MS!yhCM6lZpFNSY1EgDWyBOg>6&+B;XULK9nO?Lbv*S-D(LW|Ak)#L;Z~MAHZly}uV1whMiAMjSo+(xE)wsY&CMv)Puk+Ffxg@J zTRhbiJ~8KA(jRl-!?25~bWITAD%QV$CpPjjBR&I_y_$&0hNZbz@kjXxle1M(`Am>6 z3-5VYYeJ&wSVfGi28T!;T9N|iB4 zYrp#a14arM+UaR*p%vpQ8)%zTrsyOZP|2(mk?L;I)w1w~JjIf*UDp?g?DoVeUHwYI zTX&^4Bs_c?W8jNfSx zR=~q0&^&AdN@+Zl+5-hiS{ju&PX7GF)oG){*a&pFtB}u1Ov&y5{buNI(szn7F3RSI zh{Z&AE+7;1>LORpa$&d_xje`AoKn6P7I9j4y{{Z0X`Rz~b|<0{LDNGbq8_a?w>Yz| z3n4zMJ6Ny564z@UU2)@W)^1SIfGIyY{<*P$39bq*W$)x5yQbUAI~b1NtoA3zBPaAk z{GQ%bIFMJ%sIp@gT6Q^$TRw>OtC69Z2P3M>|yZi&iy69Y9~6 zXX?{9bbo$O^*XTU4DEu&?QJ#XZdzM%HmziLX*Yb6zTDw92J|WkwR8|Fa%ch1{QPP7 z3q4b157iRQ%K0Hk{_e@_X3E!TS3%^Rx9=ZcfPZ)0h5*CJ@g0ovAS{^j-ate3aZTnm z1LC>bEaZVVF#%wewsQA%MG_G35_6UFWuN54DHI7?B_#He1Op^)*2a|2eM!gfh4{(J zBdLi-J1P_QW^<(OW#A*JNim(THaMhQfL6nFvL&W7SssCJ&NNc>)5Fv{X0~r{#Myg) z1fKc&9{E|r!XN7??4PL?+NV)tp8=0ZF9-HuK;uF(b$-pe2SyE?Mmuz>l%JCP?bpHE zuz~xPUA@wb%Fh)WmOoNswgdaQOP@ zuDyX+1m9&vpVUXfI55SXs;;<*eyX(JU(UO znu6N3-l4p6aOy-^2ChvwY%Chl37}sRc<@td7GdEzZqqMP3Oi zdAf}eMAWQ2-B-l00 zPr-z2VSr|N^FH029lZOB+WN&I2fSC~$nFxZ)58|XJ%Ot4@!6v<#5b%}kH%%tAc^?K zd!@@){7Tk#)Dy4YgJM3K_r%G^#qQBZ{^^weA}^8|1ymCFdnPU?mt1Z%mRaD!-vVz$ z-^xEcih=C_*ZBa~Ef;%p#GE!%k|zlHSD>PU%P4l9wcevtF>Zs#KPJ25z4zj}RVmkM z$4e+1Itb!F@)4N@Hdoj2Q{lLe(|TK>re? zM>NZqV#$x;T4rzAlv%mE0pq2vo{a%$QfQ%B(&KoAYE)mWXKOvf8yBb@LGzOL$hqa@ z@*-r)d)@IdeEa-)D~qwH`w6pZ&D!&4Ae9N%W7V5mvtx6A%exK`OdE#Mx6h9mQ(knv zRC4HWp4hXd%FnY!I~q)uFZDDYmMV4VI!HU%^uiu2*b-y&PiSaP=D}=03IDfTR{Mi! z#L=ZFJ{H*#D@Y=x@^NNY5rkr-RN8E_b*KiQ^#7$K>%PbH2@s~0q=r*R;6RSN{(0@19EuVdExggCJrgU$U0Y?bt&xB#uxI+`q$G z9{Vd{d5TQBauF}=H!^||(;Nuo(ak(jiaaoj&$l}V|LHnD&UcFvzRQQXas-A+wH@zV zB%`n2?~06A4li+0cU?ZY4u|{F7F9hFZ(c+yyuD9iu9-F6!e^is(m*vQM(z%Ep97UA zLK9Udk}E3e{r1kAPD3|TTU|FfhUM1o2lI5cd{N9yPq+rfz{);0v8J(qdLd05{^(`v z$ZuQB46323>ju<3{Su(L4~-Wcn*?zul~H=4N)(2 z)c-X>M?nrqY*Sd*@94O=!Xln*413jC&9#kRQ#{HOwOfk(_I=cvQ)2(JRTf{QNS{WV z0UIwFrw|3zQ=F+Gvgatm=MRC9IEo_^{8naIu6CRW<5bTiQrP$@!^X5l`y!l zN*a!j#f52GXLE}ULmtmQ^j0CwH?wA?%TRrd6rV*Ik!=4G z5u6_$2RQuGrSGoF(R&atL?Wz5-YySiX5)4V@F6{%tjvExpF!CNykqR$4frDwMEW7A zBBr*@%M2m}m3KI6gH^+7u;ze0eJ9E5w9O+^ZUz7FgyH-l)Qd`Mw@9118>r`t!HHew z>k2D!@j_e`Qw?s|T`bBjaNf>)-rW6`LR6Jiw{vN^N>|-w#5q-H>6WCUp@dm3hi4h+ zhx9C&g^*hrOh`hqP88!?4rIBSb_GX5Smd9!{@h&x)QG4kbG)1*d4L)bI6N7x=-38C zT)}$n9z}(xl*85RND_)aPIc_0tB8b}y#lbk?QUs9b@@>8lB#|othJDn#Ol);NStB- zO!D*rz*u2ODk-jXF%-0KljzF2FN|rS!E*8!Wk%<=2^4;_L(FffIhEn2qHwVzRACoi zgY-cZwDqTZ##ll?aptNlO-_tNOPjQWjR;~Lrf5sK`c)C`ckEpumO)Oh$D2~GlVN}; zMJaSrn+J58cun)=3%=-P-=SOw@R;wDD=^M8;dN5;u3#S^82F}gDcOi2Uur`FY|vX! z9GRVq%P-TwD?z@m&XH3*?+Jq3sX{DpSlreos^Sr7G@Yru3k%1A8rCyvS_x|-6RedO zVGw2uJCG2aQp^y%KDTVz3@txm>8ZpO*b#|1L>@5I9^plf-V@yp3}f_qpoZV3`iRvs z!0BTg$Z;Ofn+$*1GlAu9sSEu!qlbw5%I=Ip{6 z_$lRDn8N zIN9&AGwf4%SmnQ!T1D<-a_QC5m+)PCP2O(Aht#Dy{_`^_I?h9MqyFO$AkEV(1??m~ z%>w(fq+CTg1eck29p%Jy(m>h{{+ z$iA4>heaHL|(z};F21IAo2t3`8SZH-xE_LynFlB1i zR9Ai^oNR<%&3*1U+O>59+TQN2U-ZAPkDBhHa2j5JAX1~XZ{YBDz$k5YZ!JcF1FwxC zkBF}_fBenp?R&nP?tT*L;<%J{MBcXR3rr94Qz@2`% zH)|#;$FTej9G%?}UWd-gu4i>6lt&4BEo6bsQ@OTHf$aB|;|rW|qUU7FRUse#^+Ybn zGRDi%>_;gz_`jz5G#=Lj9Jrk&kv{>L|9C}?zme)*1<@WfGdkoY@IQ)*lXZRz)hRBL z_eUE?|0lw}1?Iv~Le&uSGb_!_!+!gSZ=zqaT)M>-pQbb5W0X%JhBoUmG|6N?xnF^q zpI6%Veri1TfXP*}0ekB@Ua@)lrrz5LS`nD649>)47MfF9fLT_Cz0)WP!8iOO%;z9F ze@#VIvSi|lg+!y7AQrfDlRnmK^h*wy@a(8&G~o}3ofOALH0lsphfTV1=oB82b~~E2 zRLOSMe!+wh+jjBn9uLnG)d=2ob^EG-A>EnY2UF?jy`%P$Ht)|LI;6T!TkkxMZ=E|T z<6cZ}Fr%Uz?LCY;rI$B8Tn zr(}uMtPl#nE?wxdPN=pE-tya=Qf7D^?jXa7P&|)FUNhw{>&IpQD}y+T=jp}2&xWwd z@bk4YRVuYJrbe$GzNTz$;;?SoHu=cBfzZ18#N-V-9+&2B526IR+G^juM7B?2l8xb? zp}kxoRgP6Io{GU=u)y}j!byLc1#!B$r$hT356+KF`?#+qf~DhXN#+J1igfUyiJvPY z&E~s0H^?)v*8d$JqOv#H(H0hdjt#L5b2^Vg2g|LdjNA`0j#oYHpr}|Fm0>ZofMy^b* z+q)5ZUY*4_ExN^r@D3`zYuoj3y^W!kFlj#pfd?{aNxF!wKV#dYB9pj}E^&EDPV4Nv zlfiUF2hqV+t&S#WSxM*L6Q0#xTwtG8Ro3Bi3>n9#H?i{@Vc2ZcTwg<_8{_mshp8)0 zhMp!i>9h%k2x7e>Rh?m`2b122{>amMvKn4c{)1uI6BGZJ81}L?2$&H4aT{O7rR~0K z%}iWG9_u@k&(`R3g)>Fg0k7&?>~i_bX)>ITym;V#&)f z{J{ zHm)eGTtpUVTPv%TOT{H@KE8HK*ITQJs5r`dS(AiPnj33ePS(k$xcqUtwPyW_e@gGr zI#tFbuPjIYixvO7 zS!v@XhE%Qk(qj!?7pn=%Lyb=H(q0zdu@r#QzYPO8J{a;0%)ZXMbjTL}#7QzK31x55 z$8A(S;5LR8AR&lcOJ$EGw8Lqso^e6Bq+Fqk{=-$RvZ;2|JxW0AxrSKIMu~q}2Sg^S ztI0W*JW{d3&U-(pmtAul^n)i2-#nz3(v>!gC$eSJ)Ai&DffDq+58IkH>4eR^J4+q! zXc$CPo-EMus&}-XY3#c4f_lRB^TF~t&r+|Ca_8k#geYXdd`PKyazDo`PJ_BqFWBMFh+ zZX4FJQ)`eAJ%o$(rN$Iz$pfZ$Z3`}(Yq`bp>T0Ip3pTSuN!V7-_I=i}ihwzbrY66_ zSm5>Kre0>YiA_aOas*t`nXzmAx4P&Wf3YQa9$;%sjHs>nD?F%S{npzuads`Mm!9#!jkX zE;HSc+h~2^Y|Qk{CWEU&lZ4pl)Xy4%F&`8wr@p9LywF^80h(E5CMNw3v5I?0 z)5~fIoxy8&b({Q+!#a(QJI1;Hgz=t;m0yuyPOw(t^eA+CW?t);RG_jKX5eHv5`4ro zxiPjpMtd)`#!z0?JT`=EabDKA_nzQtFv!^b1Bs!$60~exUOuUHKl}He!e#Q1M04Ja zn!1r`I?`2VdFNu9vRk>tbT&xUteMUE{H#EBQt=Sc*MzU|G=O?d{%6XoR7EYAQ)+ch zQB{fOU9+qfNGsQ~-ua$rEW~5${u6UN8HMe(sOmw%$LdG!M;yT!f1c+R=tp8S2T`)T z)8S3P2NOjy!IiX@3(}i^=fznZQXi9s=VCMAhE=1AM!5m-$B$0^snhl{S#Bn}lX@bzCw@3(RtVYJcG9K>fEDz=xmQsg_=o zr*!KNwO|q7=CpIK>tPS^xL5}kwckh$(VJu*9bS&An3b9xq#C^|c}?sFOVex6aJE=%@FDai;zwfJ&out3W8Ao2Z-yF={>`$Qz zKD@7?Ge|uaZTGYvy6_cmIoUY%`_Ku=JY>TwH#@J3@(QUeuAgz{#KawjbjQS3F=1q$BsW9BVc>Bp0v^I(Wy#C9v0LCiEE_SXRx2yJ`jpQ6r4N$m+j&elttVG` zad52cu>2HCAq}c5MH4tn#ZH$++KdV;N*e5kC_#5DqD{mykr6BRF4oJ-eZdU4AtlP^ zX`GZYS7|JcmbEZ7N;aJc9nF5t4Nx|wulf?c+EN@8ql)Z9u3)LQ@<(+gBf2KLqs)SZdpo;f)^D$L zk3VFfW~nSv0}p!~Ac3ZfXN%~!A-q==2FS8}XEu#6a?C?z(pplB$CAz_xc5}Rsm+Gk zXD2P=5a}?7!tz+J4L;e2?J9E%!L67XM&yHA?p85>*c)So$#tq;yzjRY9%4)z4KuA+ z>7z&VF|>#EOOT`bHk)P>P|}y0hp}b@NDpvBX{nkhB&58gJSQUhXkzK&IvE> zG53G_*~$0OR&+)`Q@T2FsAyvFMBDQ~a3e{SeN3}_bqLIs7TM?-vO9 z6l?H@h*XZ!;Z3BQG*cRn32r%@t?{P#2{>T3NdHmeIGDQzC16(}X;&rHgc*s?DTwmd1Ef9t>C4I6fW(JAECm zdz>3OPdDObY=LpI7+cbVP`h3G{{dJ)r@yp{=&E>nM3*PIRDlAo79C1gca`-c`&Mo) z*y!7gJ=&PB9`Cb87D<{GmTh=!%FY9CgIylw)fLt?&~N<*_E>X$tyME$N*8fw$CzdO z#Rfj75H;1ZPd!aYh$iIqnrUHu+1 zzxUrbzcA+)a}lEd;w$nBgds=mxN%&C2S1M^Nbwcn5CypIsN`#ufMkNm-?*IH8F)tV ztLN17 zH#dNH1uNhEV~D4|x4_&qw>e|=4GG)BZl84RUYm4yoV%n|%Z%p3DusZkV^W_h{U>~_ z4nMlKbrK3t?0|rbcFWRbR#wftzrM+OJ8Nw}^NdyI!y{M6Z38~5+~01Ew6WIN1-m)I z_+VtgGRXY$nz~RWz8g)-nDZ8`0bR(A z@hQ77I?1k2#^tC)GovygjCD5B$kmN8OUw<~+3SmT z>S~_3Wy&fmt1MMkM}Jmtb=FO;q)eMQu_v+X{*JT{3~oY3L7u zj=VcP<8ZHR#f;O3xca+&IhXjWI5mtb#idRt!sC0~?u5@juS=S)`?w-P&^U^jN~`1C zp~s&8m_7I5L-urMjdj)KZJ{`C*WWm2r^cu44HRnM!_C`GkH`}fHd;#H zHIP|fBBGKgrAlRCMZP7Khe+%0_!M82>*)|{O!)NErM+6AiuKnc(hmeNqVFE&%mPD4 z`FLJIQ%nZL;Dh5BBcv(J9+`KRpJM+U5~F>N))W!qdF zvXei$X#eME#$La%VaqkhKls5Ht|*k_qa48{T+xFwFTn^QebgdQO;eja^z3uCzoX3R zu7AfyQ6ju>0mU2(SGq)kGCHmr6s3**k6B;8*}ob%X~n5w`$GnO(-Smg{Bde~rP_@C zI5c48nIHrtgpueKVWxOa6K=_M1oxP2E)Uxp2L>)yRoGm%&Xx+zM4u(1MhMV^{M5JP z80lwOlxR56YM=e`!`8(>^v(b9nw@0P>O2FGOjaXC=*oYF<=pff=q$yN23MO*s5Y0z zZFyzM=Fs*}=NfD=(Zu54Jk|&-fOt8m3jnIkD!EqAW5tus7t^K2sj~W_4Nsv%RHOF- z`rT>a+LMnSq7e;Jx zcFwYS%E!c7)uDX#6FKGcdb_-YfE1+kGCTe#ZHrRe>P{NBbbw#IaSKhgYh@&@5fAF$ zRW9d$-Mx17KyHc`@xEZHLW7*)4(_6ffH&{zu@C>kr|ppw2dtmE>#SL}hO$vR{qm3O ze;Yb)uMSVzVp$afZ`BtQ9?C{v&!D%{KKYrC*oPitQdU=H)m1276LWU{m2>tV|K~Y7 zJw9in9Q2uoe+x1n0lwo(E?^+!^biUV$p;094&gia#bt^siVQr7$B8~G#M5&Rh4wg} zfAq(*(X$dqIp`@0;Jy{ZL+|I$Hl9lUF6l-0C__DYQ4~g?7BmH0$#cxmbIWU1x39sT z{Paidxu=iWlkI71t;yID^62WzZ`m6|!}cTkq&e6=m#k$V(@l}_PrP2V# zPd$3TcCW8m5qDgdUw_Shcq(JF%NxE>;=C3$H5FNd4VN8!5I!2L=J{!|5iaNrZS{}N z0eDr`*}um=`isxo11Miu3$jio{q3^Ms+_f%^cB1D))hPZ$CvF*4t#xiA;)A5D0Q?4 zWLIVxyy$bw)2-ItdDuSlE1$9tKg>inKVuiZ_lo_m*RI-|qYJjid4Rc8n0)%K%$PqQ zl#^O~F9c}^qOI?I^a7|1@S5ar9*ci_0M`V4_N8A-+lfb7tfr#FsyFAYY~qZ)@%?w~ zk0w{`ttl3G=tQ)h;CU(EpWxC0om>IcwszR@=bpExA3tcH++)_dI%wl>ecN7qZNr9U zbGF0+z79eyXVBNU>mfVxOt<~lKaYXJ;E4Un*kwnn8H`t=u(L^f`}=3@Z^stx)rn=h0e|J);N~YN&_7yI zZyiju;mKSj<=Yd=ccPc_Wvr!gnMuZkz5UWT``cTK_S&S%hw?oPmHyGN{P6)r<%4Hc zzLu^%_Uvb=zY{%nq-wi-XTC@MseDr^AFdlBzLX4?yOlH(v!?!s?fA1@_OCyUtG%;B z_9ugH*+M;Z`uyi?ciW2fUVgz&!Y?Cpd0Sax0)i6aeP5bXBL~W>B6uI^wtxLRisg51 z+Mf=dw1o!v?hBu_fz}o40p44u0=(7b2wnuzCldvX8c_Bup$wkiT(d=#4d|a;Dg3_i zx@Q8lUfQq-maE1^-G2M%FMryeJl<^&)Ml(1L!%5GW{NSa4Zmq$`{5!Z!TKepm=+d%eJ%caU>!+^TFuV7+ z=u(o`{XA~Lt8TKU-N5?@@IGa>d6X#bK&%A={X z+aCPb&m(X9?c;q}>#AphOJAOxyKecLui00>f5`?XFgRJtxa-LxJetgP+O7lr_N)JL zz-(yLet3P(&Q7h^RmN3X5Px@h3BTu2)T-W5x>c{N*%I}>9)<$5W;g5CLzxsH>W?s8$ z|KZXZTkqU!N5AwL8>pMH?!g!BM<=h-kL7KBh4!v-Ow``DGJKDRZFnu#JOI3pM(|#Z z;q9|yU-|`y*F`(};mM5M1l}6*MT3Ae#x2#22khWuN9}ii>xdoO)o5ifR|Rvr?EFRh z_P3aCj9jqu3!9eHBCXFIFegK4Q`2r2W9k=kz?Q|AR8OB@HO$Y4Iqetv_VtBZWuh<0M+(rA=x6j(j@I|{2!P8kR;RX}Sy*pvGIF={?XW)>1 z{EPH2N4xDHbIY|$ui2UJOxw3lFWNU&=r=Zj<0xvb8R$|CT@GV`|NFmjm_^G5D__rY z?g_4fY}qcpyiJ!=8);wo+A89^qjdMLEUqLAwJ4^+^Gna$lSjHDJYNORDf}KN#?5krOH$f2kpq?NA351>yRDkuD7zaP=CVn!uMbE`g{4pqMck#(O)*fUk}?u zAKqtw`0)1zsbVosQ8S^3w*YnPW92f_qKH3JatF9 z`@!b+I7KY^wbudHJMshjzr5Jv9@84q|`}`;D$N-C_7`gV;R9Fj(qS+c2Eb|v_@LLz`@f4@D&V$`jRFW3v;J#VjES+uvOThJd-Z!GvG zb6qToeaMbK&|zQxy|nG>S;@?4chB}_m+Ka zc-~GfXKlQ)(se8D35uOW?jlYV9clW}vVco8#v@pt0-lbzzJh1uy3KV`$O42;k~wei zUJ@o5np*~aqRJoI4G+Xo*~6tL{iLsQ-qM}uo(~IunyV)HX|7#hp2!T@R(Of3 zo*lH7$0E(Ybtilqw)B8%Pvj?kl@~~*0FKb|^vY`+N1zZ+9#Rw&DUn;WjnyIQb<|d~ z55x8eo6k4fy3K*(B0um@zYhK?t#aGWF6e25sQ#%Rk)BjEOGrl*5`dx}NXLRlKDS^S z(zRlQxtM>@o7oiYW+e%{H1K3}qPeQ*#hBG`6j;h94`$Mp2OVIzJ6-su63PHnI>~az z_*LyK)-$Tk;peDsrY)Vt&Ep~3)bBoOA8PHkr`FLq)}?HwX2lwp z-m>)dP5Yy7tlPO88OjMSW4J3lj*dQATUxjI`AsWd%-9U>Ni$^_+R;BPGgsS?@eRc< ztE;#E!-wqoFZ`k%!82J;MIK$>EQ@hh?Cby6H|&qkp0O*)=u9Ps?Y_7u-U>YF^$1^U zY$2~q;v(rk3u;5sF^PAmv%tUME{i1J9qRO@o|*4@T*dcGb#nWqwyky|zEE2tZXDln zQ5xkhkf9xe%s;E^J{PVcoP|7%tqd!QR)lIDoy6SGWt&@?wrlI_cJ=(Q-N5Q*gg6;B zcnBVe1{w(j5aA(~TB%6m*@<{@_G-=gLM8YUjVpx(hHuq{(G@c%%Lvg~k`3YH6^B1t zEnF#YS0XA$G6>s{5g0N7b0|D3W4Ji%=%D#%3nFlfbfQY+XD|szmu5<*1iJVZZl09{ zpDI3&*$qWS@0Yce`Dq)xc#%y_8+Ne)OIa*;j&`Tnc~WBymDTLbsI=t-7W8D~6BqCh z80F(vblZO6yTb`gL@#Zd_`o-m-n%=htzwR|acDG~>r9-r^9#D>u|Uq}))`o$7_Y0g z*4B0upQ~7xZ(`B325eUACF8{K5-L(;VsWy?wJ%2pzM!DS zsviSj4cdLXt9+n?yR2v3KdQ{5prv*|$jV24hHU$6?=O-)^$RWSffE?l?S z={dWy*V5qLG#kvU^EmA(LHLhfu*kwnm)g?=;E?9DN!LHv}v>U;q| zw^CA)k1UwQ2wr~-#I;*Z2&Fi56;n?ulS@iqt1~W;CWp^z)pvq{nzv!e3;3ZxxtzbH z+>OeoGlldVH9lVy-fjb-;}Fk#`6EHT)kLX=RnAzudiDYq)$2BdwfLcZW%k&k71q#) z#jC8ckdLbnP(wB!7{WW^t>pzQvCdzj9d1|yhimo?)Y!g<*gezQU=778tHwI4kf@aL z9~Xc`f=~e}saUe);$z7>B~lE&D^YxpqkBf7JaJHb-w`#=urw#}bI4Oq+t-eS+rjsG ziqP7|^Ij24!qo-^Mt8|rmC#Ytot%(iDU>5swVVgj+{B_w-e#{{v?;91u5HpEogTHT zC>3wfzOxJj{$9d_c$r|rNYtYYR+(hM!xI)jWd6xfZmNoz`HXsc>($U$U* zdIl;%C~5V@iD2o4O4%GuT2$YN4I6THW2+wC}$wn8~p ztsU&L;aLjiJaSvUoqf>?S_S1Rxbe@ou9KZ;SInqk%hFM@m!B7oSdw`R!E=c*TUaRA z#dj*O3|eO5wP^#*d3&TaZ7u9{siN&6`aYmb^iy9`&Dk!Tnb_H7$M+Pir*hJ+zddCa z$FE@}IA<3o7#K=?N4Toq%XCmKGN!AZ0VGyV1wIzbE3Li-C1UdmyV`P=#_&M~4L)kc zI&^J$#;%{gz@j;pi}a-j_m!hm!z!v1#T@-*6}Xgg_;w*hIQmxFaDmB!_c^5zCHv@q zgDfu1<2};F0F+)vK9YOXq0624+k4#Ao_yCd<@NHNJ8#LQc`x4q%6IrtcJ6f6Q9i84 zynL#>Qsf1IFl1*qn+KjjUX|kD{R{oxcKM=mNiOTm8hF*u2$M`zR?5=*UX4ehvxG|1 z^Gy-o8=lHWR_a43-zwwG>y$6Ch@~CH^*p z@FYdH;hELKkAXi)O>9w zUC2(CyVgS}_5J(}_0D({#aVT2sE2fwPAdR6j6<|bw+Y!%6V-!gr?IBouhcZNJA|E| z4?c9zKCv%nZTXw_=E*q>v4Rk4W}@3wf7n{~SK9L@Htem6b-O;D#mIn#bOI2_(-rD{kOhZ7OOIG%Zi;$evBBAr zdKa&#Vv*PK!VnB|bSF%VMCAlGC>qDW6XJo}>*GD!-<|arXik15?cjDfp~mVi!ZjxK zE)pCyo<>=k)VUz^i%lKuxSB(Opj~aE3$9kY9}?ckk8oxfeHpm>StLGw7u-8*{f=^h zoBFZ$PZ!A<+MeXQc9Z~2_^UyCJ0hsG9R7I>kRYG7OQiB`wZmcYv60OqXO+Hhmy!DfY%0JSFT%i z)Q(hN3=ZH+#tOZyw(qGvJJ4TdOK)GYGv|x8fIMknXGCW^J5PHv_RR5dOXDTs%sfMv z73Mn3-I{j~*r8`1u*Z+FgKXuxO`XfxwaKEbQ+HD6rgL?6@S{g+U;x%K99i^jJa`sZyxSg%8v$af>_3pu= z%yG5fB^!C`7K>Tz&??K?%?r2e;#}4y)+#Nx(O^xCQ;$9eU5?@rE8^%ziP=(>d9+ht&{E4@iag{G+>-&1l>Km<@@-=SNgBR~E ze<-)Nqj+4xIG1rxm=oU_-CcjtJ}Mfzt-j-k?cKN69&cvRs#PMF(-@otTgo< z>GtlmCt9}CB}@1-PNy2#u5;uHcxo&W#!tdi?LFeNC{Z|Ph4I7eq+LF99s}e$y9K=~ z7!T3Spa)`6sF6iUc0)e?K)2y{!Oov!*ZC4VtIBGv^*}f6w$~2zGNm|m(cWg@?)6?( z!>+n2>VbNHa=;cV(supiGV`XKpOwTkrvz6agM5qzgkj7;kYuA2U*J;MWb9g~w(i61 z=zF@y9zMjn5(`bYPF2|HrAAw3=hr5Ee^qs-?f=};LZoM*NLl_6jrPu7}uw8oV z6?SMPsnaMCSZpdF&)WODY|jJj*3Vg> z%@bEG)lz9|2L`OHwbpttl5S$RL_W)Wn#J^l^Z@xa@L-48$eg|QYRayWzoEBEGp4Vg z(6zmLtbSmxwbK{ZEzU9@XYPg0&bfaIx_z7{+p0+MYPp?RtzHALsu>KF?g{=MT^xoG}?i7 zR6{g?MU3PNb?6!J64I3%w~qV}yAo&cjDgIN&JN+SFgeAJ-_y3lj=>h>@X_OD2M$)U zK*8c0`lmFQ5E&fBgOY>NC#i1&Hhr1vRoS^0#{GdAyeRzfJ{KY5{Gc+be_{TsbBbJt zO1+3TR1_Y_kp2)oaL{K&;{(^fKo=F5C@Qq#>rworv5c~1FaeJIBu^Pr!Szs5b6mz0 z(rKX!Q+p42E49jm%u7`9X?5@M;vb#DhGw|vPA8i3^!`HHyDhpwDCduPhT*iT~Glm zu3&%W`ZI7rmiv6d%cnUVl=E`acg6F5>OH@PcOb}^OxIameHtUaoGn)8Y#lv8IlR}^ zvB%ohC#*8TA`qIo1YRn{%OaSUPhmRn4IW^F6LVzgMln=E2c~(Fc!?DQ;?ve>KMBSq zxLe{I^sDG*tbtymYo8t6y@4^sl)d)7AzPZpn0I)Vv%K(7g}x<)9z-6Eq=Pm*&(yQH zd;p!q0_|_!7!TCrO{1&FIuj$-icw7U<{a>-M|c474RmzH+;hmv@|r%|)q}jOL?=FV z!(KeMVe7QFO?FPzX0KZL%)AXwfgg3J1)YuMWlOS9nP1iTti=Y_vPNM69&HDwc6HZYrICybaBhEXXcoDjlZa6t;M4pUi4 zUMQLrk%0(7D0(ubb0H2n=^*JMY1Cw_kMSkK@y@adFeLP-Kv+VtML8FQ0Pu!OGAV|_ z4iODn5rP8CUAs0UK81#0hHD#65UnM_N~8Q)6ml3$dM0m7+Sev8*o(DYZ0mf;4j${W zfBDM^s~6)jFe$4*Sjq{fH(+w415o7(iVq0V_*1}9oZgq^*lLT!UgO6Eu6#V7?{!OB> zof96A)qTDiVNnVGm>%gD7MoPR;6NiTqcLmCt_VzQaf9RLJ8|F>SLQlAp7|o-nxtN| z78({j)kX3}ADxfAXCs|Q7JG*)in9GGm@&WcQE3Gne$ncGWgU}TioLnI0>2De;>Q1L zBUdiiUtg%O;dvB0)Qb*AO!3R%Ru5e(7HOJXP%MO)T8t(q!c)k_XY}|zRG7nar9uE4 zrJ-z|L}eFkX(z--Hb+IIL@J{5BXLwN!SSzzli1%?o{+)=6(-E|E2G_4t9%s$5*#H$XMKSH@wQ_0?-O$w8KqlNuEi^kV=wF}!Sl z_ZP#!Z>8@Zuwx${u;2b~uu@y5j#tGLSbULAa;}&{W<h`U^Kp%p?)|Ehfc zUFCFy^;Ko(Z@BsM9e=z^^+(tCedm)hh(q*v+xu4jTMx=?=M^Q{#&hTA9dBww0>@8x zmye3TvlMfBFJtg&b-3waheL9c1#Xnur@#GGyL9P>y)sv2Ggvlb*26+zy$=TSSo`ML zx!H7RkA3DVpR_J^Lyi6Q8}`ndw`}CspU09hWi_~WDr`_8$PCd;Z7t=9h>|#_5aYmr za_1$6@ZG#V(AMA_-a>{*#snTk&N5+|x_ryNHFS=45AXYAiow#-922d5)_(kRcH&T* z{o(!%tUMXa4X>dn7Hr8mq*8<78m7SpKD6KV?ZImO);w*#XczX++Lgj0<2YR4p}<*;193*;w@zeG)5LAQC6qku&XyKZS?;@5LGssRd?Bg zk2KnU^@Up7gbr}!2X=YC2~y=K32K^;SSve)A8Z-1;>bz+(?2?8XD&_KA`5bYtAps{ z!MGSggSrfLwJ^G3D-&}z#_rxF3cn_0%KQ?C=HeOyS4ml{ro68!!wuuDLHo|1U$yVx z(!?^|_Q)st?JF$HJ@&{aDPQYu);|lri|^j$BOev%J;Jw&(+uT%^i!dHN!lOYT%!7m5DAd@ z8(_(JWpioS7DsSrglo<*loK1`7p#B9FB{?)T-RlDngraQhl)d(_nWF~p6`qjL5$$R zpPNj27DrGBO)l6N3wWFG`Z@+)3q=;n$7XE;csVJRokpSu@`6c85d)6R)f;y6^stR^ zb|}Lx5Ky1Q=tttk`~Cn9wheR?nVrrNAso$!-VuK~f0f{^F|hV%riM%qaK_t_oxTudOufyM^DOZUiH3EQV%)Gt$LWpMcP_a z5BVJZu82t)n|pTKBR~In`^dhOeZ2flcH#}%|M=BmyE=p;H006VN1w6}efCRsthLd8 z{lmjpJ}=w<@-l8_+1aVFvc@rMxG~d$O%7g>3nDE57DX4aj@MOG3P7sfr7$WKQLL?U zp4q7(8$QdJU-6=PXXv|C@6L@ zWf--C9rdoSj+5>l)p2p&mexR%Y37D&D;UtBAoZEZ4!Q_tlrZ9(kfjqLW~Gp^{;DVu zpNXd7;$a6}c=dw68(s7*O1(uV;Q{~`n9x|T6sNR&TQCWy4HYod+rZnv!pM?MGQSx^ zfgz(8=d<-CTN$Oj&*CaRkK$;noB^)>hB^fVeBwAqNR@&KNC>aM*W2)rFKCTYz*|ER zHHY!r5^g=mafw=x0rO->JP;SbsufAyH{%3ZU`7r$z+Aea7nFl~$3ZmYxE`I%32 z+V6hp33j_T+4$QpbAWsn!-+cU*o6i4r+_y!4!oD_0`M*|XYGCb8GHH{ei?ZCfj0=e zRlD>f7E9LTz7GD?;xA>a!!_)lryjF|dz$RP?1+^OC+t#p!Uo}=)i7+?Cg6|pB=@KZ zlX@<0-41n6QPv|CXJ(vd?b*;xAYYE>X)iG@p$bM2tW!Fds|hdu(9;LHm_o zJ8C_fS8V*nzp)>k9pwxjmUhwAJrEIgh-A^*n3v$i^hd(%tv_UbjWQ{P0vw%N>( zw%4Bh!hroocb~1DyqS!c&Qbol`W zWPf`ZLnvrghu47Tp6|5Z`TUbs-Xebafn~;U0f={so4U7R*zV{$pEE^?SJ21YE!`Gie-K`h`!SxSa00@~a)drR;%;4e+a_;f zkVM;%=qR$7FQHY@h4I9}$L%AB682x>I&K2_T6Srec_a&x3DpDj{$+L?;l}g3|I^EM zjs=@*UhliDo(18Le7M$r``M#*j5*2c=c#vg6J*$FsUnwNK@YZ&3p+jj<=Y%aOm8ulEukA0!fzVe%&v&Z{R+W6V8S!!a{ zuA>{f`qoLtIWJoUO5Tc^R;J8oY%n0H-1Q(kES|NeSrGfmBjk@lzx*cjT4t`rxM|n! zefEh@J!#crgSPmcuiN=C6w1|~vnmX^6D%l|k@p5Jju=*8G=Q=-f#;s$xV`ym-cG;G z9E&-T${?d&-TNPU(vCg%bGDzwpn>bBZ0IsZ;04@-v8yYWnxo8%=r!7IWDhxH38cU25pBweT-J5_1>VL5Y6>Bqhd`K3{E!g1z)^Z+gyz1|nJTX^)&V{v4qc&4l#BAKxLyX~NM6#1IsU4iIA7Ht zi$?mc`qZH8!dn;Z{EyCA1$w1g$#e923G}fQ7<}g#KW^)eNJgH@*M}j>7PNxlivxi9 zwAh8-2!)=Xdn6^4{!{-c+&OBI>EfH0?7|Pv!O!fXgdRmKHt5pfOCri3NR5%7N*)&F z7_&3KFNh|D>8}baT)h0MSCSUiSvY3Akik`GeghZBtBba}FprDP3A>Ja{gzdXaggbm znd>%q^Qw)qP*+yhijI;+6)kii_gzN?ZIkG?TnFcT;{f>s5b+c9meAOUkD*wRxVl%D z9YL4<7#=7%LZjwwJOA1R`+xozS-^sJ9*<=i=1heIyO=QyOR_kdU7u%+#ZKrMXfVBO zGi=1TfU!?tT4Ol>9kxc6l(i@j`V~Db6kM*<^?UA8(?3-_l z*nj)gA)CcTZZ*0YEgGiKT^6NJW(-ozLgFUw8Z-K_Gxgl}25s$BA$UHv*0`PT1pDQ<=qchOk5>vu&&pn%l>SHQJn;wo2a3Iqs{|1tmBSDG+T0u~ zjGQGhQDGaK6)-kLq!P6%TZSN$y8yXsTVI`IMHp)dF|xN_5uS#L6^^vgJRrG1W);zQTdA>O6<>jJPQoF>E-BwVC@npkP)TN#$>Is>YJJEu+PQGo!JA}61rfp4tZ%qlDDt2zr})6!UO?0$f4m3!K( zr?tR2T!=LMt@~~hTpecSm+>1qVxw$xzC;JTt~vqVdi;v^v2C=wyUkh{T$GXbGM)7F zHLS8ujoI8hiup!d!Ld3^^>8*rt99)eu=cJlYr*gE{zE84uw<&qFaZ8}Eb5PL*h96= zfX-Ou628${2>apXjLl>ImqZuc*x79T2lrWbSF1I%AeW>*m#4;T0&A8VxcQN9{9+Qp z#JNdcCs=tDHp{W*th7T<)Z-Ht_l4uE#24^q+FowB`o-d0ZU+}^fHXH)*2DI8e5iIJh^jY9Phs$>Ei300XqC;NG@iq%5FhsEN3mjJ+j^NA zw;Fm}Q)(FAuvK$<=EkMEbOnR7sQzPDB0_I*kwH5?WiMZ%Ugsz)R-3ZE5qIWF?N)2W<*OHyC`Zn?*@z2brxgC$MBPlvT0-j|MqmYX%;^lyXsJS zcOy-zY<-6PeGN(LJ6>hYSWc=41?qWoex9>XaM^PuW0NSnH*gbHr2UkqdVtFgoQGT3 zwS&6^+DeiELM61%&a+)w^cJ@x=a8p(OjcXII|+H1gTAY?xZh((=lFCj3%*#UR1?RQ!H`tDpx7mv%a+^K zi{m!N_HLblmG0@WLnzcLSS0cVROFs7{AzH^LVX$Ay36Huib=yET$DAnHCkcME(V4x zmK{HDi&%`#X8PGtT4(#(X{(&ecm2wB8=J(<7uJvK@XZ>0l`XI<3)gLhEIyA{IqPn< z*BbC6o$bYobZU^ZS6I-mT469F-`3#Er$ z51JUmRRVsZQz*N%xU6zIPw=2VzYMFMYWh1|Q4`Kb>MMn2fIIuvX#60F<$f(zTLKXNu^|2BlNKBCA0e;ba;6FN;~+F*Jea(GT@n7iVNu)9F<} z7tN!V*=;j%nex%^jjU=4Q19-sT6=5l=mBIs3frqE$84Gjz&iC2cEy*&f4F7f%%lbu z4a=qmIm3@#wsY(;@H_lm@muwj2z{o1D|Cqo_Hg44)TFY|M zPtP*OVZh;dQn2-{*Lr)LrzyvkF?Xn z`)l!qzGM?90Vi-(HG?cydAETJ9@C15KdUsM-QrLBBl;`xXKIT-p*@pVSqL_F>kKd4 ziMCc*i!4Q%FfB2e93P$MYy!>&mBl`7KDe@m=VjfBtD-i}A=&=`<1#D^=SI_bLa4HV zzDldDrBv|S#v*Q=Zw=W^>hJ2b7Ht^Npv1`29%MOJ-3F&NH(PZzygolg9xPfh4qO?5 zzU&@Jl+$lRr=;Xfn(`%Slkjyr^(VgWXv8WxY7c6k%hO}Dhf7!_E_-{>q6<}U8(mZn zCG8g1HEG(j*Mqm)?Rtpo=E#y=xOb*t?wYdPm-{|ABg!yoVPsfT(P4 z#kFgXeW-WCICH(;_?qY67KD8GN8O}#S;nJ*WYXd=@a%i@@t8S zem|ZlG?v(1(P~A;p3i>%#Q&qG2Xhi!VW^XkaR7*$ac;`(wQ~Q z)VrzPQ4)-!XuLT%Zwsr`Q{=i$L(MYIu&ruhS3+&24bVM={4`7h%vizIHC7jVBd zo$aJQs>EeE{lfBujor9rBebWn-j^8LtNw`_LbiwyQwCG;n9lU!jHKho+N`~Sde?%9`W5J!Wk>Pa(yqplk1<2v_pc4b=~=Mivj zAr|GDU&zIc#>Y#{3C6DsI-iYErX=1ds+!xaA)-qo z1^KP(S8ZsLalm4;HL`Gf@Bzl(SZ%8vH4;zlsJfbd6`8#;j|=D#+6ME7%QLvLLYc1l zoc_p*L);&w!B6r<$^>ukxF%LeGEDfKR{Wt~QEQPxtOlc&X6xu04!jie*fevZw5*;b&*F9@#T%B+OEa9=^X5g%j855= zp((qL3-WmkUdribhbJ>OFp#$X-ewz}V7EzPjd=&>S2M0|?WwoJ4S0eWp0qd4P1zgF z`G&@Duf^D)p$i(p{Mh=}fKNz4oDJ8f*{St*^d5Viof&wtTAH6@`HkPL3b@PgtCUE_2Z3 z%tbtbOxyJ3X$(TU?Fi%fG-GXsK#~}K#R}Cj=D^kL(h*$_)uW%dF=elxg)XOKx-bXr zLUAs-u$b54bSbwf`t>m#@hf>KzPZn93(wgIPtLQM9-QIKLtNd$gXO}LyteTS^N4cJ z$f;@C#XJ$d$}igW`3XD2Ty`YLDsRXUuS$cH-&)#?R5&nsRW9=RE6fuz-#Qm0HWTGK$rZ~q`el= zWq2GJTwiYuoSz!#!p``<1^A_$wwJdl=CSkQm(zH%;Czyq%QLwA?z6+x17738F8{cI zx6v)0m+D-|G%}#GztIlutwymAj+Zzyk-6|JgG9P0Z$}!}dAm!<1r_o4^f10|uzt?6 z8hjN#W4xRDL|fpq9WZZ8H_#1#;u?zav!`1k-N%(K%(resGivWNMRx57&n^to4hm1s zDxVnSj4JS)E5S2VsEj+A>*AiOK%KaeE_ye8<5U`4AXhMEXS|1TPq~!B$dqyv9`(I_ z*4_qx;%;n^dOwAZ@ry0kMV{x<&+|^lJelea)q!yVUF%DxFN|PP8Oh=n#``PVWw!%?+D;Vmb zuV5}C1@8h!3=E#Vf*a$TwoE_S*oY1fx2UbOiAwZ?+I=K%ED$B&OW&GjXVAt9{VBSp zqP#5?v_ONLu4jP@UhBgJd!94nUc4~H89Q0d`_uRnx@z|hN^mSBIsOm50b?y0qvtBw zA&%0!p0QCGm>x?5U4G@S->NcwBt!Q z^P_SWEb7?JtA1kvI$;LI5E9-*Sn1y;ixF8oj^NK7Lz_nQbCj7ebe{39`U!_lf95+_ zl9UM}*(8lDVa;sX?X%qnyX@!#oO8$6FUtX8X^b1v^er3At7k9KzvD*k8vMvW7`h>| zIX5W9ctdBEJ#eTSzN;Z0WCCMjEgG&f_gY~WZ*gVZiZgiS8eg-^WAvwFAp>Q{D58^S zqssFBP9GR|FhB-Z#=b@PfcbMGS#K2;9Jc_!Nnh96hTfQQkR~~sEaET9ee*EqoGm47 zdb5SaM(Q+!Jn4e}29Be*VXVSgWUbAOwrf`x`a;ba;W>2Fo72N~1{Zm zItKb|;4p6LFjQ(}9G737v-z=68^17OW0$7zqQxAj75%4VI&IJuyVPy6z@keUUF)F+ zJA9a(%Z*j^)eImprp;h5hXxju>lkxSSa$5H-5AZ;jhQy99jLYbM;npbjn=@Kr#axw zF@7IKmJJO~*(&u>#`)?p>{olwXS8r!feXB9Jow;(j=9nD1iAxuCN;J)N3N6%s9u7QVaAzkU|`vSS3H{GJuHI}Q8F(hAr^kom9N9Y3EFORFYTs_u`_NK7dgv(d~_6} z!b!_AkK15FiTbf5^Ngm)c)2p%a*{aSgwYCQ}bf*V&>1dD$M;vKrJxIkgrfc=Odoaqw7ue+O88# zcK9eBxmZLiuvlG#?5SeDwlTrkUqh321$=MNSLI|JMe9*LNR$NcKWZyvUV25Zk`1~F zo0O69Rqw%a_!@SkjV_I{W1I0@XLlXrXY@ztFP0XjZH(Px*T8?mU9RxLn40$jZ4}H*M_NRoW2xICOBV1AgEat>}GRCGeyl>2Rdm5b6kv(%c3Na&>#bHo;SvbW!WEOD1dAql_VX&0lffR#j&he0iN*MpsX`n#JZm=bV5lMkn-2^^;%j?@Lu~}tn^EY4$ zCW;&o8_uCZ5hoW;VIU>0Lur< z23ERhlm$B649uK^cI7o)R>30KCX-^>!`Ct>DyLCv^>rPlpG9d=T$y75ZOv+1cH5y3 zeVjqsF?(juCI?P~Pll1Srd4beUAr-1i!c7be(=Vi{oAYa9P}EjFd91h?1@i)(w=za zi0yBzwyrcQ)P+$y|MDyLC;#1F*()a*NK>zy&{vl6l`LExe(YoR6TTEeBa)9EkS3vYV(sU!m#Sy+`G#@{OM2F;}0LOJ-G2{ zO|N0yFlJ|e@T&dEe}5B;KRQqvUjc;@KC|El7CtsucwnLHv%k&3u6-SL^DBM*PdqbTGfUX z3rwE8RnG!mxy?4=3UX=C3U9w?Z@fOpLADtN1T*X0>%k?7)M^ z?JK`Oz#yTD^PyJgAQRR|8_Z(aIR3&*_7av0lb13!wTysgH$zk3UVHc>PvY;Gf%WNY z)`)^+-!DBxN7rg?@MR_bv2$|_GJiB`FaGJgy*AIn7Xmd)ClUBkC5xp`D43U+V0VcK zuX!2a%N&-{1qM?^%2#CjSfR2bl&^M$Z)H}2D=+k5bhh&-Y&p+?#Xo#qu;|=pJ$rlY z3;#LF4kmk7zsulflL-JwK)1ihv1U3%T$$7+P>5ZzGjF_L|M0^z_BSYz<{6~^f2_S{ zlx5d-=eJ*em2=KjUEN*XU7d-XNrD7Li6SXdq=r!%$^SRlR!2zyG=QI-wf`FudKbUcC35d(J-l?D*f& zoRC#CmfF!L4_is7($;_ysI83HqhBhwR?_41u$uYU_+!(9cIoXg`|;n*+9_at29(;4 z!z@zJZoBsGw{L%|#X8$DK2awnfUsMfPu3z?RTDpZ-F|)sXBQ5yDK1j5 zK(NZixq#rtTnUq0Mjow!v=*@DUIf6#26uoDLH8IMd_;-J@Q{me7ZN{!KcsQ2rcvHu z5UgEqxMiU5_8@(rIp8mR#+w26cKeS$@xIpw?icU*kto!4Nk6&Akv;$J=i4vDciJIu z9(P^wuD3UT=6dX1*PXq63GYt4&%M7o!&^ssrJ-~8t7pB@XZpuWy%P%+%z=vZrV-qg zKAneCwivj^Lh3>-#}TZgaJT`*P#R^fN@{F%Ib$#W^&2=Q*>i~YY|k&Y9q_>jf|;M+ z%3tlqU3(OJPPnYz3hVacl*+Z=t(dpHK(DMl`k*C3^OnTkF@{opY2`Vq!pQS$hv4;7 z=k4Wx`Ug9PQ|vT*O&mj5I9!Pgj)IY%rOz@xQh1l&SCm#*1$)Hg+&D$Rhj3&pa<2#_ z2tCm-ifQ39*4|WW&+erL%TSN~)tf&jQ>)Ov@Tt$@v|*hw26BMwkx1ge-=M8Lgx_i+ zZI2Kk`)r#X-CaUf1$qVoqUw9a5V~hBoVIt~S+Tz-gG)7ZGGtb9vy47YBm|I9j)b_7 zMT&u%%g12JXGsnCFZ*!Q%6eh!I=20_I5p2q++y3R9cjvB;g9_y#r(g$#+xOTv zzO~nmwxi%t^C2QekL)nh4fglT)AsYTOZMYFZK)6t3Rf_E=XpoA&kMqn91IppObQx{ zPxadB-fN%x`eXLM-YTnF-?9P}-3)7L>c%;{_RV*FGf<$0 zN9-p=U!SFh)&OIiV2?AD*^2s|)F%0?wMJ(we3DvXm*;GfK#&3I0C(cVv|?X`1D_Rj+#!yu+OXtnJ8$#DVE`^MqIL9QW6gyMh7cv9R6R54Tg}rNIhWr>FjM-rl{uY$u@C1VVs| zjkR(^Gcg zb!vG1@!NKaS`@B~AN_B2R;?^L(5T1w;bQ*`Du5DPkGJR@``KTr>|d zj@>aXS`*Gn%*?!J9&Qfo2Y#WUr5PTYL$!Bn9=v&H9`s@Mhs;Z)2wuGFVXJS>vnK)< zY_MD`y&pA&egVubi;ljS^syFcR+HZI6{uV487%xIJU#1xRcV zS*E7ic79_Qtj8Od;PQ}Vs1^3(w{B1?j5=0R;t^2{;BEHQuQTs^Ypf%>>1xw$rY7y| ztC#J^fAWr<>RY!FbR@wl>3+gwb(gdrv9{(?`>p1LwNq?5-P&lmnR&~bzJl>1*Um2Q zvkGb#Jh=;*Z1{|we|g4U1@7=gppiDExTb2Xp{>)t@a;$8XUKu;aVtP3NkJ2nS57g1 zllHUoEB3-5L0j-Mp&a<(gSo}+w)5~_SF>n8hSxCj9)gbvs&#Yhn$2E()qZkp)p{p3 za3TTy`qXFa@q-QaWZjm5p6Ha=OfBQ`&D+LhY0%P)%a7jbvKwQYwv22isOZ8lZ?xxy>Md9URkUr*sjjL{Cf=;J&UaOEu35Ivrj!< zj3F+U{T1We;1vR0erEst?tqP+CMy!yAfW+^CPZWU=j=0l;!Hc5FX&42?qHGJdcSR_ z;d`CyY7iCeq*l@n`@OH$TZlRhC;!W=ow&Ygr;sTV$oE=5+2eM)mhDx$m)9P24lncC zW8J!Sr1i_7g$Sx3gJ5cK(Cv{5n%KfHh6cjkE`)NTnKv+Sq2GlGcH?6U^SY!17_~~j zmCbkCc;Aqn?)6*OEV@+=#-f%ot3TXet&NN^G$lUSLLfsu#={H!7(1@T?D-)Gh(5XY zDxnu{BFH*lU(L3cgW(Fjp1x|VG$i2&PV|xvYXTri7{_LIX4>2wT>Wp<=v#I_rBD&dsFajO~;%+Z|EC)M;4(~6|@C!X6CHYpe zQ{zHZI^#0JxSZWxcFV?A(VtTlAT|yR2K9JNUeb`@cn2!*EkSvwHg`R;UBoUv& zK~-aeF-kuWjL=dZu%$)6jV|Nh5Z{6n*dQRk2nJB(30?(Re>uq61w{m$ka4x;BJa`r zaTL38DaTPUcf;||lf3~TZZ$4IE@sE2p}~zyUZ}uYMK9=a7YCrvt5@0YZ#daEgN$*A ztd%|RBkbo47?12k+&xZi9Z3{Z4Y%Fa`N$6YmtU^248cV2{`HK#(?w=}ay!68*V_Jl zC`t`iGW}cIk+1i!+B~p@FaB(tjG+>H=n2soYv;DM#C!EVdtQq>j{xPjXYV@iKJ@7f zSI~g#=Pv7f6nWxH)t2eGZYTbF+D_2VGq?5AliBz^<1NQ{8Uu6&K9q_h5Hat$1g4b( zPhXOQ1CcCGWp<|tB#7eZFX>?33D_;^9kV2X1S15trZn$3;WHQ@w>FvgSRM0T0<0*` z;mQC(cE-FjJW~4^r(5@~{ZoU_C;CuN5}=qH^(zm4TH4fRg*dN+1aB?$#tD2Wq6`3z z^qNI0-IKH(57Yv$S8DnFga#2j(byKUsx6$EBj^~osFFCe(gYZQV5n#WO&ZDRolKJ<_Pfvj>qjPziK8SW+skW4eyZRdKa)#GSV|5F5n%806r5FuA! zg!DR&ZXslt40fgz_R0)3ZXyL0R@hu?d+W;WSMrzb6zk-*;dPrC$Nq(kZlX z!c7!JR$F3SuVW{Ogx7HD;?#$C#*leu{B<^mb1Op-iKmN5&dExfutJ7WBk7Ii_L%bC z6VN3mD#Sq!Cdupxf-aVj@JOKd*SU{mm^E$kVREfoV5 zz`&v)&9oc}*!6PZuVER?Wh3RF-R4x(fDGi2f5WZZwK)Be@3@3xLTQFsr5 z@~ctHOoIl3V__cqPh#|xt)Gk8kKfq@I+U?cwvcS0x_`-oj>foe(U>=6yij%z_a?_x zdV+mqnB;~7R#bV|4nB0ye*2S+wtF}Bx-#Y&8FF=Mku1(Ptmov2y$nx2HeG3n^=0TG z2ApHHJ^ab%K;MtsX5S6#*wJDSKK7v1BERMp#w~Z@ip8(LV=ufuY~Lja{1Smh33y*^ z+dlgwHI(-60Ll~{x;(r{pkbf=?0YZU_x@zSuFd;xEe#Dj=ON6Uc~F*fI1Kb`>0x`| zu}1samn&^&BY`#O*r~NuoU|AZqcF;x3XAn0vx#@d?4{QTRH46h*y}$1l|2LnHd-T! zdr1&y(gO9({^lk7{-5+(*D|u!7QwU9hvX!U<8-nz+jY3wzVbgb;s`6Tk#~v++y<$I zy{rnyUIC8ZjefES-+jw|^5&ZTJ#y9tYe-T3!3d5kY_bX8vdslnY#I78^s6xIH-e0l zCU9yA+S|f$6rrxuI!=ugd`kB70FJ9L_mErGWcwfAYhU?f3pEMP*~y>G;3!|V9)hS= zMVH!Y#dl$9l2^oFGK^O`8mC?CER>ZAA%8|ou>0ZY6b{apekf=?VM$Gi1MY&EZ^RFDCGn3-DhHhG)jw zbw=+vMgIQ@N9Sun-I@Yn0g3L#HtKr&wUcmBn`SVInija7;i% zeg-+n&KJZ(8YGg(&t{w1!W&G4PH*?Dje%{6h1)9YakR8Epw$=-NXHE_Xx_Z29f+Me zIsRCW&EXZi+Pz_uMCzsaor)?ybg05=3M3)ItXU8NEpiA-#WV%$klG|dcy7UZ2I4?F zU@(S&6xrlCpETijPPsQqVye3FZHj=|Y9V^R*6;Nl|3x2su1pK9yc8beEgxx_7$mc4 zqBu~!UCjN?k^HR|b^Yxo_z^$UTb>aR1$}}~!7<4##yid;%Oyg0|Iz(cke;^1(-XEr zw1sMb6yy~%Ka*q(!3c;HNCJ;CGuUHSVPdiCn^r*q_pq3)7GGYi6=Bxt*imIoM7-}> zV397x@EnJ1oy}_yjOBo`XQD9RraU|PF$7mU?1jZdS&@k_FG7%l#Jq2j(m6qD`&Cjr zH|Gj%2acm1O&AGrL{9Y4$3-HDghNX$np~pQuM>T`f>S{0F}lwf9{Yi7SAopJP=n`t zM?=I89SvJi1I4`+O@zUA5duuY1pE?6#6wY@Bcx$gRP3@Hbwp9ME!ZpuweIfgz}11D zT|opAigQhEx$WCYA@{RG)(123rCNwiLTI6I`=Jgpmo|rh=wZ>OR|!~w@kCpRD9*LL z`7tnU7wq`Zrkxw5UJ=CN;460HxyC{sm+=X*4jQ8?9o`F2r? zl@P7b+(NE=p0%{TZL>tG4I&K2G(K!1Zubx^yF>Tm-ILyOTih=jlh!+0w4hK@I1|O3 z6=B!9Z@)EytzUK^gJX_JrQAXX#kM(l-G*=so$pyjQBt%e8v}}ODF&dn%0jDbooD{W zt?N4UIsi_4c_Z}dx9SFr8M_zk?bAd)P=GN`6ndNu*k6Dlw6@k7^QSF`XotD3K_C{0 zup)IOuYjnTh9>hh(Im~N00Qp)QnplxuyYgi#Duxt00W z_^~>ayd2A!xrBqH-v+1UfFqlXeq&RHTVjA?Q%vBvQe7){VJoUCw6;f^Y-ekZZOy9q zdD>>Fp_W1cj-ZSuFj6fJ%-anNr^`5AGa4`q*kW4ZzfOUGNSwoieN(WjeCfvUm-dIY zq-3Yy`#}_^5VaQkIDpG=?!^-DG}gunb9V<7YA)$#68^P1)x(~YXMam3+a{6YqniY8 zEREZlH;)5{f^geQw$2O!{(GDXq9qZB=;3~McxBbNXTX(DP?mV2~mNk-$lSw|+4ZY;r->z-g+W5SUK|@LQ&@*oww>~29 z{5`Aie&i`cn43;0kpT}umB{#*hvB7}dMG8it2P3@dZCQ@*(TlZ#N%lXT3ns%w*CvW zM;*i!3?XVSy*OrP-#BJ{A+@*W+S`IY740f(OKf?T+KE>IKc8} zUlZ8t`r|dJbD(ATKnO!`No6ZRK2fV7DlfJ$VQ0>d0{bI_A;urpcQe5}P3)J&=SFRn znpWjI+HkbPqsskO+t7$3gjx~Q%PC79w4H^5V2s-w(5g`)QJ0BI9J@Y1=JAG2t(90& zJ#{ml-epI25&1gVXCv?tw;oWu1X)u^6lvpwhwUMhztMF9oRl$7lxBj=?$yaIH!k1D zo3%7L4^$vZo95y5x2zWh-HppEMs>uxoAZzz;}7`k@p;XI+Uus)VUB$th>^vS?e+)) zI!${$0RriIfGe6MDiiH0hjA|7v4hOWRZGmCa z%HF?5WTWOiGe1Y|wutQ}60-eJK7kF;9OvP$xkcxCjjSuDcu8%s?K+sYat7-9nJJ4A zoRGJ3r&TkL`v!;}#z57(L||JopRA=qtH&rHc_jyVv!#;&ua*${!eu*m4W5eZmdOwZ zh89o&G*a;)dau~E0h~t|H`1(+DE&+<0M#Nel%m0`fR%-$e-iHKY`F0mP)UvO-XuHzt56f1^b z)j$sqUba^tdhfaqq{TJLf-;{rUH#s%mYe;=}U2*+1Nn>FW!td=aG*z&lY zV!dp!clt5~R#E7)n!O#?P8L+>P?ud>-!yg_?sLUfC%UZXeAK?T2xRNvyiJld=O?=S z^v~a9mzaaj)@{Jms6$SX>?p>?9;<&M^Z-u5g3>bN?`oVovo=I+r2^!V+j+R-XPlSV zxU;>P0RjS8V*y~!PQONb8R(4m250FT#vQLcYC&SK-XPOJI;fo0Zm%bpP+bXA_eKVk z1v1u`Kqp8ckE^z3UKL|PICE}ng1|AL{s>N3&8Z|PX20#)kKylt*)B45CNNN9Ma58x z+`_gYh~gyHjD%p1Z?;E^u01k%*elbSRoC9~(h_a6;3Yo;9iCq=2)2W^y9Ih4>$1VF zSvx*}cD+amm=O(hVDT zve;wX^xR*EI>xH7+T@57y2m{c0ZUN{OWZ6!v zA=9F-gxDW)%Yb{VswRk)xn9K>j>9;h00MW=U&(~q<1M)YW!{g2K9@cs6843y^`^}vf<2*X5^X`90PeGo*p-@;>X07xywK3`X znU6ei=c(R(rP)_-hg!pqO51&;+RAV~MG0ds14^^JVcmSlWUrkE0cX@o#<|3`O~Fu$_J)tejP#_1%uI_uwB{0^awx<1!l^k6jZuHDZ^jEU938Q@Up;QYjX4l@kXu1K z+ESe%)~x~$y=%#Nit(KBfZNi99{P@l_>Y2RwJy-_d?}!0alBNwHQT`_>#V&MeX{48 zjbNxAT42u&m1D~xu#JR+s%M(5lgyk0*h0Ezfl6DfvhrQ+1gdw~;dvMoVBZkRMDdT1Q9J{Skbp!FsCy^N)N=SPky zusv4Y-f8Vmv>>};iZE9tLt^^JMki{kJ$?VbHS1uSPCgixJ)smf5Q@oFWjF25}ya0498JMdfGDxPZ>)a(Rv6dJ6tbT$Zg}Dhkbru=5KsCTCtcB7D^*Gzx2*j#5j{^#M z0BHh%Xkrrg569O06 zzhv0emicW5zK81ey;jj)V|6&&%Lwdxu#9X_bgWfs-zBIcJdI6s^eP#F=pSf@pvcKC z(`D1c*tyAY+;K2MrV&UsAg5sRAq!HRf&PnLC9Am^;n}TY(Jr4$mXKV7Jx2kG&VRu$ zxIu)GB8f3RWG!?5CCqVCCkRqe9QAKdE0oWc2~@}-8?KaW;)cSI6;X?_hK%RB!DSm> zLy8cuV~uz=TINI7=Ah+!9OBya(k(gyACTi}YxaU_ma%3KZYCFp?Znw0yTDqn1i7FV zN8gSe6}EeDkz^KN)g5p0+1kP^Q05ox)O@bZ=97Vn?M=Z|8GJT@90DeT1VTKz-wv>L zM&DYtQs(>K{kcaMKj23n$#KP$cx#m2cx(}N$ZqW-8}ucE>3)M?mBtufgg5pJUwPIZ z{a6{!CZY%sUZYHO6h?~Mh4-rnE4_9FY{)mW0@szl(`xn{w%_>X5qq2hjJX&; zf{GG=;fWahC@Ue-0rQeW)F`=Z|M5S)2^3fi1q+2`Z=-$XtDoXLaGf#e38O#E;L1B0 z5|%vUevUBkMh4Y0(S!%O#eV1CwxLpEmSth&;h+k# z5pQZikQU{G$)bfa)_k@CWE_z+E#XTxH*?DV`uX!HwG`v7dIosCX8VILhDp%}vVgSn z2xFT_9wF7Z#h(3ajkT3g^!*=C+KcZD+v|g*?dR24?E??ko;^kOZ<}ZFOi$Q%iO@XL zje~)RWo6GW(fre2@5s`R;7s(HhmX!H=)p}T3{^^lB64$a?CfF_ZYt=okCXNtS2PCS ztxpZv^7Soym&~{CzE0%N8Y#wUiiS3|*e8FZ7GZPMy8iA}8@MoJ7Z-vyo`%lzc3H>6 z)%JV8gTuBqZBJaEHvc5!NJiE=5yDFt%B?V9yD5~sj3W4xzdB}bV=SLaZd%oWPJ8-m z->}vqGQXPUt!jD9!o9_oSz^P$SRke+Z=39J)U?C}qIu{t^gBIYmGf zbnLgL;!gV%5mX5rfpL_>waHOiqK3oq(+Tiwfj6Z7Sqex4rSPxJz#~dR)*85ojpwxe zCG*!ajnRbpJ9M>MPG2}Pn1fR6LKAfxI^Da~TcVQK{6<{kKI2^Nu>)rN;e|gp3 zyf|qy$qlRN+;2~R^G*?*l42G z(s}!=h7z0-`@Jooxiws#(VpxOY8ev563d~ zmhsOHa#G_7-N^&iAx5;@9P_}6a7F-eS$D92WCTlY;OrSXZ>ysS z$L~Ue7_6kkQaH?Jel$j3`HbL{4DcF)apM*o^<tGQ^HUYOjs<7OnTY z&)ZM?)n1VHO39?6y=NQkxBp;2N+dxhw3our-w#g}+x;+y!*fSwNUSf};@~-oRZ}13 zo!jUIht~8DMxYng4zRYOmjwL%ZhDczrHDPjuPiU&Xu;{S2EEC!b~{boY7fWoecGG) zr{SCJr5S(Gr(e7XwP0qHsLJp4*ei^KKUr%JJcry=-U1)Gy@pqI1fUT0Te4*$NR}Sa zoCTZKSk!NCg0KF6`~+x`MFL{#57+|_mD+bcU21uCC?x(-+n~62!+}Tbp$B)^Zyn6B zRx+z7$Hcur^BDp_XyU-fS$pu305H@8XU^NP?@!rlI3MSbud16`?TcS-rfBn|_5RoA z?E?JeO@eDy{TM+jJME#TTI@StdCWR-&d&F~K-A`{odkMxo#N8jap`*dwt2wlJNZvT z(7a>_3@YMHx2@ak9e>d0Tk`;<%fMM%8TQ$YI zdSJ@sa^VWwFxCvhp9Ay&WFTsOl!VyC;zGg4~O&10a z=s#6w4}G@TzFFSH7!XAYfl0NvdGK0$RB9_uySrquKe^r449wnqR0RJV-$&> zBopLiyF8z7Z{2v@Dw)GyAu=`}SzT&LH4rGDVZBFyc<=g)m#v2)?mdwpQM}02sRsMl zuQuAZ{`Ent%VoX4&Uz=1V344qiiS#i3SLmYHg4TNdEPGfOxf|}90GmF4#o-R3R*LN zs`HT0S^{?G+)w|(&T?PDOr1UatIhU}f8AoK;Zbi~`ZO+KVMD?Tz-> zzkAebLgQ9G_Zl*Dp&h^e7z*}=eFj5!Q879qM!ba9(JC1TIcq>(_1PU;pp-TG_#-)_M-`ctNwoA zzH}{V+D)xwXZXvO>N6577y_0$hCz7ij)`Y{60X?9yg8D>c6ZH0t*uc;PV?nkAb5mGE){YF!YnwP=sRu}q zT5)Tu9e(cf_GCxEK3)RE7y)jlNArLnL>DD;S_I21ZR<$)XbwpptJ}4`>@*6 z?~ujFvZ-mRx2Hc%MyGGU#@{%HzPMsTnO5Wj^dpqkY=-UjUEF%oeIeW2;>z3H*^MJ( zErs{C!;>||=e9Fi;^;g4HUK?pjJD6d{R}4?h1jbKfiNyc_e>L*u*|qDX@aD>@d1NjT6Ux?$Z16w!hhZ zI*w6&X_@RDts^o865H3mc_s8yUnbw`T100%tu5VUqdz}mmrt(Su(g8NKyWE--;_ID z59r11=Y5Jmo)qW3cE&E9+CC5ZOmmW^WxMOQ_3qY7^;58zTigBASl!uA@3;D$yAnDx zA)D5``yiRs57_=D=8eqg!W1x9)RTG{qxg@{VA~;!A|dETG6!Ol^UQm#EjBUl1VtT= zlF7z>jBv#$j=gdP%mls)kA-?qngtlQ(c7i|g0@%fE|WI4enaHOS)PT64o)9cC{ z08VZ1QTyG0^^EPVDX=hgr2IBOP!~|WFZCGPtz8=hNeO3M24oUn5PKlO*gl*9DFWL4 z>;Vz7my1BL$;Iil%Kj=CWT#(C{%5T^y;}|?Xk7cC_(2Z3-%e0@p88Y+=ousS;*SQ& zhMq-_1T`rK2u5gUd*uSTjD8X8wPQm;dj~xvEggk>nCrbt5H8Rg;^R2Z1<#B)!Sy{m zfX0n?-s4_FoaG7bcj60Ppx`EQ(=^#R^L-gRA)`KhM@2=Z>Y=?s+LNp#6b}$O2vU)5 z@@k*f~39fA|s(P3$#6ctrp`M`PnTt=!E!y7K<$8yS@3xFRbB z9WR1xQX1K3M{$Hc^BX`&5|n=8zy91V;BdY~rd={r4cvB{{mSP$?Q5U^oONd2v8hwv z;~uG@h!ZsvXmB>Rs+zPNEDzf|$FAC6{(!*Fp=l7T%=UfqQ}*N+zX&YxmhEgfYYPjT z4%&PWr`6QJMY=-GqF}3i>TB)xBklz^RFkP#NJHD%aye99UItw+c*sbmo*0ZM=bCb0Wnv6EL% z*?;c|)j21R z=*ApT}vu1C>WK-&A zGGhxjF4;ieH3-RD^Kk(eQD&jC9)~K9^G_eCvR~bUv%jFg=5f-72+)e6_wJ??$y1;` z1xVmX*o<8zo9P%?pKn}WvI}$6`Mh}1Mp)aabsVtN41D%mP4@Y3Q>#jR5BW$z`U%iV zSoQE9&%sS6+<$uD9pWF{ONu>D_CdXt<4EJ60JH!|Wv(6<`(9gTxjp$=f=A9?w`2d| zBEg5 zd3+?tmG0kdUT$c3<0gl0Y0h})J7*|F8OLXBOVo8af0D>TjM9c;;V1J3bY;^1r10R} z;CGhlwZ1MMlfZhZG*uo2W@jhu()mlaLA?^6@M4G-^0Ju3(7uBP=mVjhoGG>*=9J(+mYE;aWZ%TLBio z6IZl5f1rb#b%(c+(>XUH9+5zxA`)+~yz$ca5}tW>hfd#qdFuo3mG?bMLYtx65Md~c zo9YtC!>xKM88Cf=xPE;^x|Bt0F~H|qTWd3sC)8icC%TgBCx|N8;(pU)d?}LA51e9d zX^HKjUPC>ZHa?6d8H&3k^ICv2AVa1dL1Y4NER+#}8Tr|q6H-RWe!@~iZHZ-@Ap>g# zMw3sJLkRD67_YgzC*6y94n`nhxMnD#8(1r_>B$oCK*@YTuvx+QKR+>RlcXr8FwQ#Y zG$M}uI2@&yajULY*d_(~BtZu^iC3H@{S!}r0du6ba^(DDE=6|^st#H}M&LE(A1p8v zV{0~g3XILO1Jt8ZeIo>!wOJdl0{b;Z-7J*!D2y)`FXK7|74r+D7?}~gh%CP}GiF^x z&-M*LEBPqpl|Eanz)9Mwh!)`dC|no^Vk}$?>;>u5VyGU?-!^Z&%unV6)0%pxiJsEvy7S0o+S`)fl)U5ud&lTj2vk4Rh{jnzewf@Ab3QZ1 z{UJCH$52yAyHDe&-X!IJxp&aIN0$&fNvSS^p@S2iAj>TlqYlGpl5DarU>*CJd!myu z_PY5a^KvaiaYJxu^SPf~+F8U9Bu9~t=-_n(_JNUWK%xNMH9Tp36o2)xIg%n_XOCU5 zF`~!|m#LAat){NhN*XBmil-w7L-~vSq_vXmIYIOnl*@PqsLiGEJV@Gbis(v;!IF+1 zS!E2^gmm}boJt^O180q>D7zSHPzx{n;62>XIf=8M(Org?>&Wn^e#Dc#}87>Ti}+ zIj7al->DD!_3f>xkM0T|;LmOS-u|^tz4KG=Vr~<@+17TyvMprW<6eAdxq{;f@NiqU z`!3rj@5)YCaNbpqas?49C^QNDItNN|^QY@%jT{n~-Pj=XYpmjA1g+r6x(0o1l?2Gd zOA=kWWvfJTtM0>OCGfQ+Tpy=cl#D$>z*u{7tiv-`M(x7slNOt*pp+HuMR1G(+ZhWr z+M&bHVQ|#m>8EBON>f48K5OY{v(9oLOBYA%)#DR(o+zp5HH=9Juv-!oFro$*$)+Vb za7)g&2zA(k0|@6u)b9&YGo{fE?0?Ye;qT$=<93!v@ZK@t5y={mFc{3uCtC)iB1Xw% ze3|=XZ(-b^3ioh|12pRB_C52HorDkj%+)275@l3URZmTyW~;5oSX@M{mdu#_^RYqe zMUj|Y5uP%$axbD{ouv|BZX>j=D=U=w3jpCDMQ#&ExNgF)^nA@N>+D{ac)wn|^~j_L z2_4U^tg})w6m|uc$P5{`7jWvl-9t1Rj!48&1V7j(j>4XWUDj-sL@E)jUrK)#h~6ej ztCG5l#W>2l=4PlfGi*aRH*-qJQZ8Dz=^FZuV?BdXFwgxa!Tb*a&w)IghFW+%a$M@XZx65-f@H=s_^=o9p1uNgD-*b)4*n z0i335%Vc6BD+JgF>!@|IxWIl+T?|166gB`mQiib{Blk3W&It0`ED$Tv;wm!m$za2v zQbWdewc2aHv%SuTy!PVA5hE2Ln<`A%FotkS7kucsbfa`1dXcgC{pm&gLk0?HjjWF` z0#=^?;eLeM)xGn!CG(*UUTyD3r7N*YNTh zR^Wpl<$P&@sKN6C7zhS!WOU9p7TNd7W|?Y@+6s`velp<7G4{-nO}{eEI=ixNZx9vN zSA*e#c`1#it%}`o4TEF%EHzFrZiECG(KBq(-kGcn??b)-CJeBdpu( z@ZWrX-+54b9-r_Gl0>ZHT&k`lvmWF7z*ISCmmmuO@l{%cf&I*ct<@9x*il8DD855MTt$j*CU~0-8+Z$6FnPPKo)P}BY*^hoOX8w5`!sEck z0tLhJzmvDBEdBI7-k6G z^<-W3(~arv?Um793+=VK_QF#bi^v$bGQij&cSp;JY_2BLuMHZEj@iaYkG=Trn7wro zJ&pT{%V7&uD9|xZVfi>lu{iupvb5yWJfeh)>zYAmDYSN?=kvn^El7t2-iQJw7$3<1 zq88&cHIifKJRG#4M} z;C^+aQ|OATI9{)8*$)X!$WW`VXEJWXtRrRiNKb=&ka?+tR|TB`U3e%uVk`Z<_WX%) zJ9e4O+f`)9ES<6c#g&amW@Q|wZ?qWH6X>(OZTq}F&U=^hE^!|ACyzccsIs<1pBvEU z7LF7JbbI@mY(ic?H`mDQxe|B%Oiz!|&#jyN)WquEZ*mF(f(Zw<`I%9>crwQp`|_+n z5UpfGr=b0%aG5>uU?Xy6#4e7m!T+(Lg?iy#%=^$j0+{#ObH5q3Bk;r#45S-4>%)Z+ z0BTjSi@N zxS$3Umxg`V%s|}1>d}Q0@Zv1BIjQlM1yGVC002M$NklYrPXt|wXQ&OYn9?&AE09=oyD?2As| z7mQV$V0A%6diFaUyRJRyIq){=NV-|=E!b1N_H^gEhT7Fv%BFKa@jm7o?>qIM>}??B za>&-HEG?iW8bK;RPQFX6ziR|&&SY>fGX^<0=mtj);5_WG()c79+|;VCWNi^RUqPU8 zBhJRfsSV`LZZept|2jvl)kGchO)y9mi3+ti*i!8I?5#;^Px+}A<EQGtLx4pZ_{dV8_pYx1_cmka*()!DBrvxCVh8_{s}buSY_==Z?kftET06m7 zV>4lFK{&S17307juj7DR!?`*$Ifni+1I9J(^ zR_dvXU572a6giqenMLS5MN)?mSem4!U6LR%TZ5NU<9;3o#wJEx1$L;uTA1+?&B)%Q z%xI|F?SWgoULmM%V2;eA6WyRz;cQrdpYfS*bUtK=T5){V{>#rnfVw^p!WVXH==J92OxxPaM6a$a z1az3eD=bHuk3C!&)M@0sjb+UN_HFbkEhnvu%^1Oe*dH&4S1r7hp;QimTgW^$dFxi= zr-t@84$UF#&^g#bsG&M?3B7IF&Mj@pv&fcQGX#%vbT3||3}HF0u)jorxvng0K+YvI&=<8<=ywjPIz+_@xAxj zr}@Q>><`9m9Tbe=X^;}$y+)?#IAt`La~y<=AmB|O!G?>@kV{H*1=pQ{Z!T&NCGXJ} zrlu)2>Ag)tg&_MDex3pvGg4A#M?0ubN)T&4`vM>pI100U*dC-`!jtT*ANmj-NvX;z zRx;>m{U~i%9LOg%3m^y4~w9EeSuLdv*5`m78?jA4#KTr=*ggy&H{JuemZx(|+ z-=jd~tW8s}GG;#+QQ5uEGeaw`fh$o0Q2VBdw2^+oK zZ+|mBN=kGILONz>oHuEngBZ7Sqtx8OLA8+_fv~~-T$0DL2;+d9TT+&ExGi;in%xKd zxqI-l@9%t8+Mr7vgm@7J+*#WA0ytU%eCAl2s7nL2edr1|iORk9zSUz)mmzaDA6Spk#z*@8Y^o% z0^V?^{lTZ(>=B9pu99lG#l{~*84TyIgZ~M%3K?&kM5e}Y=;1DNQBW#e?U#2NJXJ-; z2Y?0i5eX55m>m&u6OKOVOMuPLkC7t{YzM$r)Br*`qzxftM@g;CEhq#4Ye1C0_M?z} zKn^dIC>~<;${x_z`%v&hWFQ&QGy(ESbD{o_vQaQhifM-=VZo%tA6(iaOiXW5e7^>+ zX5SFSpFl6b|9z~0^tz`1}6=kv!Ei^QP_HWz+}Hnq!^o{ zkCfLEqVD9>?RoVj>n24tw{FDEqwr%T@Mu1~^}rMTcS0C{v!cdL!?LD?#UlmMk02!) zSX*AU>wTwf^u{&&(dAVeUE=p#7L zBYTcW{%WACDELUqx^JD#u`MF3U^XOzSsrs9X7dWNd4*_iabd|`zi`%uu3WZ}I1yM? zDq=1HDP`TqUa=nE60|#G!E)+>PzNEuw$O^l;Q>?2c4Q%BMGDaY3+Rtm=pOOd8cPngl@@lVb*(Kyah=a?eO zB%{~dHJ89C%=OS3lRz3MWynVcmIhR*#G+O`^TN?jn$Ml!B5uVd<&JH-qY?M^c6w6- z4vIw=(B_W7sMGqfC~lmLGAV=7J{| z)gy|Ae&Ejvq;L?nobQ}hx`xJIkP8SCNrc{2AcW?CbQ)JZGHUNFC8sSkyJY=WDL6Za z@|Fj-cQIp%qOrw(sCn`!A_}O4iP3rc%l~+c_TY~c!Yx2)sy_O(9m09@oiEkdlY4<` z`_oY%h;Rga>|@q(pvv|KhRHx4x3{kQZD<7esB$7>{%sh6qGoAX3d71Mf*Ti4+7G zfxMaIwd2bYHzllSKfi74`Q*bNZYCHUXniX}O`je1#OFV2kGA@(bKwLK0R8sAyn#YL zOpOzaIRPH`JeU{Hz^(PbFX)!*8J~xVD8KcYzWfLWr^!GXhCdeXBC87HXz55VnGqv) zcHU>hDI9_M?Cr=UiNt`d5m<5Y273?CK~)%R3o#T27~3QfWNSEba>-f_0*#c15?(-^ zKR>WML6n-jC~I0l7;?hH$NdCR=tf-sKSH-Z_$k~V`;hk59I~==3W1sR5fsr{YzMy6 zO0WuoFdgxn+88f$3GzTl9%S1q!q}Tjrb%#tNIjrTh6dsomIHRMp_pt1py~RM!3ead z+)+jSHYf*JzNHc1fr$!JEy-N6(sHxy?V!EizfXG@GX_aFDJGLEhc`+bIK5i!n=o+y7^l6n*ry+tw%_|AKjNxB5~3{K9!)zL8hbWLo%uDnjf8@_&N&J{w%_utuz^ zPc#GD(br?&{m*?CX{I*P?;o}J$fn)6oUqDfYX2a&gpfZ}*EWYboEwa<9AK_K4C^{d z@KYY}*7j_g^YAbERKnRF^uO+ zHiR5hgM-%}oWy86Ztsw#G6=(psI5OhbWZMGWdS>vL8`j-Lcti5)Xg&$wW@ z(Vi#WRq{*#-BRmlsDH#xJkL7nqMix#8m@q5F_7X0AsCW9mvtW%92#=AZ&EV}ee*kR z>mGD1?Z}&OCx6^FpIQErP7)}FQMv169}vX+_80OO8EEwQaP4KA_JVOTR#-)Ss)s*m zhmTMbuX5D-hX?KN`cigzgs@W78^MIj(Xs}F(HudGMIaPB_t4{3jLfrZ>@_=n>W2O4 zu_eoE3)|ygKo)WL*C2__F1|}5R<>kLRTcew(w_QQqy6UoyZbq1r(QU3KOl(i z)ExWHN9w01-zEu&OtNl=yK?Nc;~nXmlXA zunWSwKKN+d`ActHR*`w;2$C$V-)YZ1@~D+1CaitrHGBQ!4f}uJUa`Vm)DUD`iY2RY zfsfqWcH`M~lu9l;bdjs?^ji0+?X`{3UnnL{mSJ59KC!5_1}Mr0ZBJXu_AFntHwU}y zl|jGFi_WOW%^5F-pqgCf!us5O4R|Yt5K94$W@PjOUa;|uv zt9>n2m0b{APxtEjiSzI(e6#!H?fs+{i?$>YIfqB>ypVqH8?(O41ORoDdIT@mz(s3! zTlww>>`CVJJKropSM9O?`!BB9wS^giS*b&GBiCL%Ms~{KcKiG{JFK#Rd1oDa^WJO2 zkp;W5n2+8}CJ*AiWQ}_r>g#0yV9%5Z}@G;Pik8$)Tc!xke_K|(1>6@sRMp*^->V}nz6?A)w% zA_KRO^;J1NjMbfNL^6UlLFk#Ju3vEMh7Ao9gpT7N2e~2)jOykx^36*xS{F`=Xolbh z9Bi_K3Qa1K2gD`z%n**F2=bX0f$Cuk#50_oGrFq}CAss;&a52Ei!kv$Zg>jIpy zcP3@PQNSq@+*T6j_UgDp1i1Q>J{w$0(_R~>LnUNplJtNheF-F(b!5~Ki$p^Q#he%l&(|YK)S`+HOoYYH`W0XnQvTMgS?e7Tas%j^T`@nvCtUhiZ z3lG_=Z*mp-8qoQHgA+24v##qemGtCe7Yt~_udkZRH+WAMAYuT5ACCIYPRurkTW^D939__GD z$J3xKL~MzUu)=?EYU&T<+j)CLP_ax`T( zVv`sK*?6Kv*i|=D=r0d!aSDJURH@*ikE|V6P!Q&#f`i5BDoO&Z*jXGmBXeY{L@THp z(rBFr54$3~Nt`!n@V_%S%JloZ2$833dx>O@O#=OP$=Xa&xVl=3X>+>Z^nd{(FZuL1h zjgvA!6we}&9`i&V$3rRt3LZKRThUFNO(hCL&w+l(!*rW2jD&vBUYZU_Aw$sd3OZ_R zXbb~#f=sRiJYbXiF3bZjn4*_{#>tX6B-iH{cltm<-~a|?ISv!+2p${M(1I~+vDt^% za7i+T2QhC%C;AbPMbs`b7}`w8LC#u>vR-odP7WU|z;2`WYWivI!^3dErlD!aC;2|Z zXHtqFMYlFoZ^#GEugBv=OEUE!ydp%3&n9Ri3B4;c2Hkt{Q+MczaZ_8GcL`qNt>P()`qaI93WNHneseHZ z+>PrUUvnzoah~qe32r=xI6nekK{R1M;QIQVgf%{Q8E-^AWr%Q3p>%Gd01AFKnoD#y z>GF$&tF9ot`w?0r@CKclg8vDQ4d#Ww15L7jt&vHZfks6i@%2%hVb`oY(rlZL0Ogfx zwr2LqOai#B&PF1WtEtODK~&btum4)P4dWOqET=Y5XEB)JWS&+7{rB}xSp`r7wbYL3 z!l^v~JlMtz*_W5E+8KCBJ_YFoeLzJP%iB|FU&T1R2EXww_EBReW)~*dAK)cgGlJjE z;)z3PjF$Is1fqHVB^;Vf(Yy)*$5v*o|MC?J;%J*>%wy>?JJP=9V5bI%cvC$Y$4fMr z_c`2L-u2zRKD+BD@B7wM2$_BaMq^Z3lHER`U>48_IwX)V?xh*QkTD0nfWT!_4&q zo-ISJ@c2cuj%SL-p`Z5|miN6seW`s&du)JO5<%!VXN$cJSfQS4OF;ZU4;Ts^+h^6J z;Qcr;69kIjY$(JjL8SRIH6F+vg+DCV6u}(p(?n}3YgDWf zt5z5VM(ZKS>nM?ks^PTEUZ`4W`cXy&w3P|TdRUGrY|WEH(39P~-OfVp9*4W%-{U5^ zK19o2Bq*K_yB_Yoe)he%nllnfo+QHFM}5|1WX6Z6 zV*vsRYk;*5AIN3QBRKY!`D~4gdKtg!J>$Y>&hX;eU^2ER^PY3+I;7utbFVAh_sDi$ zauae<65}k=fP+~9r-t{;B6YQpE)AcvH}<+1^CxF@kl>h{Eudk>sLjKAU!(Z;-Rpe| z*>sYu_#XK17{(IW#Wt3xC3x|Iom`)?;CMcftE`8>E~_}yXy0t0HYl|kl1tP$nOws8 zA=ntL74M$hy}KK~H7@S{bT966J<(YmK)8U_Y{k`ew&%$PvOUp9$iBHgl&}FZl~>7h z%xnSq-2%MI0R<+LQNd}tjFWpLUy}`^ad9Rcx0ma^0trCoK<-keM|K$1q&wRwDXaml zBVY#=bdVvk-^qE(azaiPY+?*Yu#bHpfm6gy@@*Ho?WK3syFYNB-u{PP!(Wuuxz3y= zaT58_Z-Ufi)n4-9`OEfT-rmIa>sy&tWf&@3tmE)*d-_3i$jH21I)25@og1c}Ai5Lt ztwZCtN?n}I3LLLMz~thri>(tFGd=(u=>VBfAQX&bte(u_5Ki_yg2xD4mpJa`!qrhh zR*g{4Lzz|`M>=Q^$ju1QPRG<9QQAb4FDL*H`MRj2+;&lWtz#$I;$)+D0@eG)_zs&~ zpxi*T%=R3na5w>$=>~Y)R|3}94P@tJzjZ-xqtxjUl+fZR0gGg}zrISQB(nS_`(_Zs zKLU^S0-rvDOtC7%(e{|!f3&uLaL1F@Cc8d5^Q!dla>k`@FOFVnVo+;)VZ7hoxWw47 z=S_^5HPm_IlFNP(L9Q3?mAt9iZ?2!w6?=UpL_dM)yse)-*JlX4qy8Je{Yd?E3qc*1 z{7wMD6zCJDFHnnR!ot(kd&WK>D9f$MdD|qYgkr1~sly&a#%+xHDFk6Vvd*r{JBHw1 zZ$#rTJ7u1%kfj+1_F3anh9fhkaT)9L#^n-G?xPsZFg}N&mt5qJ2z$d#$iwW--m8rd z@R?8Ri2WzF%pL*nk*wtQY4$6vBP^b%4am@?(Aj=uvUZ?3Aojq?eh|x2c*8v+m}7BN#~J;(%lPv z4gjkhqi#Fd8t8aTDSe=y7`1Qp6CI!RE_w4_>)q9v#t<6^!DfRxGimrc3J&ttG<6fF zY__S4z?GC_FLIkyuf1ZFw$#SdlC#aoNPY|Hco)7vH>DbqK=yCjR$~u#*DBs zY_ZX40&@H9)$>EtHji69**Ccue+xlg3B$9ccZs(;yBKy3WvOi~U^9Tv`mx(=ZuVjH zFSV)iHp@H;#M$mvAlz=)LYfR;_LU@at(tj4Kv8`z1vDi2T-{?RZ#iJ;s568kpJ+W~ z2=>bWkzQ6k zH@s$l(&nr~ZM*ZfpI!fv_cRvR6dac(6>?`~I;uw?Hx?VEEct#>$Es?WtdV+IBraK-)U@Dzb1( ztEvB+n6`J`9I^A4(V?h?6oTJ*-KA~zVm+j%t6WG19b0xO1zx$k*RAq3-=M4DP%I+A zo|yIs^$`}5jT zLazb0%h?*4?*u4Oo50PlW50oQuqV?OGLM|okC#|!m>L|1jB}DTEbg2KZ;xUxlkGuM z;+z)*9j9>|FAy})H=eZmLZEd&^J~_EBk6&yQro1AO8}_C8lZB|zDXA4r77rwtSEG1 zIb%Ibg~o^r!n25GW?axYa9-hB$Ehm)QZy|TE`nlNFB!5ggHZy_K*PZO;@}t;km=WP zh$WDF@NYP~lXH4<$sEq-&Kdi#vqK9l!O;%)#+A7?1J5(J%WwF@@12d!eXKuPx6()D zghapC0#SxQ`$fwB_!M|2=a2p|w?YnrRd|<2c3PgAvVNQ;(b<5Fg$gVduC+(^ZP^X> z!_jdv8VMZpE4qzl-AN3?od^A*O&$8mEf){Z6=sbRq0!qo6 zi?RRulqI%I5Hi_!csqd*R2C)Yq1y(qkD(QNvb^{S$Y24S*-Eqt;Hh`cWae8^go2R0 zOkRx}W5hz0ZzRC?DQ7oQ4|V?}c`$}~oF75{mJQCyr`YrZIPX>JLZxepVjz>uQWy9N zIvD{MaRTB(_&Rc+chT1xdqB^*QM&@l&jjtqdld2g6{r0gj$9?gcP@t1vg9OT1Xm7X|u>?X)N(UA~i=NuG# zF2a#(!{;kyneDZP=1%+i?;Nm4k5*zEhif4Ghu}s`InVquHG?6r!p@$}wLhO(vy&{; zAYPREU5D*A|HUDDcwe~%Q6l^(Bii)+oGWiPi1Qe+XTYMoYJc=+Q9QQgwpD)A8V?_} z-~RRydvrgU8q{)1!O#>jr-e%VBW+T5WUI%{P*dywSvdjz{v6SIf-%!C9D8yDuKUU^ zkXu9K?)KJOy%IrihW@#`7lrBJKIK^(h>T7=JSExv%3b5`tLYlvp=&^h+^=I$2qGyM zasmVC8Y$Uv#-g}3$M!tXYQC#M8~FY(v^H-?zKpU;5x)QhgcB%N8we^f7VFl!(&HQK z*+;6axp39a|M?5RCLr{K`8l&uh(JUk^^aBCH%fK@*@V*uW03?CWreVdK;$SFjJTM* z43C)8=qYnZH|4E&`=vV0y}C#^D9i1q5*mbe!Fm!2%VWl_*5eKN>%1o1)_RrpCohw+fbqg2cd3^btBPy-u>C7WT2 z2vAf`GN;&Zc$FkYb_sZ?8-r;pC9~((Kk->>B5Pt517ixIHm7XedVvi2!T&m7$Isy8 zDk5UM3aa4n;Y1Hc&XQ8d+f-&dYK} zcmiV|wZ2lonD8-l#F%RXVn+@z4iUA*`J1fAAW>$~a*PFR>cV59TNq^+d-cWjTXUwF z(mU@HJ-cb*6SuEzzmYRmUx@sb!C1g1UJ8t13E2yq|37c<8D&>?-TCd8E9YFOLKUh| z$gvX|jm~V6%_NFRlqim7iPA_Tk7n!{ujS=gV}J1nuNm93mX~L|W;n7WYAg;j)nv2T z-E6YE(a50y6i_+moa4*>{m*?>0Ggmobkn}Ts~7LR=j^l3KKtzO-`w|Z$}!3#hWwZu z0q}BwxSU9^oZnG^Gk2Zw%X0VISR;Ly-Uf)=QM*%$;3YCP8$MLVRY3d+!>FYZB8qFs zAc&R#*8z0F3UFz0gs~#Y@_^1%?X4}~s#3sDrpRPd>hTs)2MHoFf!bw$;+$fUN+Za( zaCD*JTEQ-8T1sCg;hlA|Zip&M$#MnF+_)l(C5JLEw2mu^M za?C1HhVJlCySMp)p^#x(A8DdUk;8eWc_1Eejw`q|&Gn=-1vD`QAHlPmD_qVS7LASC zrN7>x| zoNFKF@!lD?+}Gl9y@!t^QFwL%2Au7dF?Ua{<>ojMZp@1i(cK}^1O2Q~VTf2MQ$x!5yqd859g9Sa?cF|^Q7OgM-oE7Jl11(TX zVbUTBFO%g{L4Aa9oz)+ywSV5C+Hq{CSf`BpS%j<#oLtTSyEN|B1>^!HG zu?>JyFoQg)?vZ&9O+NggafG%gZo*ie9igVrf9|w%m27ZYPTA4D`|Zy^onsS2Bla(; z1vEtFRe)?=jo1I5hvN@!C^?+OurDWm9J!h15n;h|HUHe2k6c71Ntq1;cN;?a6oiN{ z*)1@EqobOF%4w@9+HH@%SYg%RhHn6;4-OHF(t^{_lxU;l)C<3HZATfK|6fzdCCwyLS`%^k!OO0jBe zrU=F{Xg1JW&lA;G#pX4P0W60gkot9tEH7Crfk9o}=qs8-WZ!5m>VD}B z?$Y{QHI48HVyp<`T+9ciXG3*R<)CH# z(79S~G#^yYF^=Iw^++P{$h`&^6;f8Vbwu+)^PKw$8~-3OWIlJRn~OKnx6cKoq1%B{qbkBtUfu$M)tCO z|J^R@2OesDiJ*>bH$Yx{@A)gby#Lr)qggXm>uXnSoqgs-oGgnYcIiLA3Y5&Gom&pu z!ZK00$r^j|w;JpZ8XGMR&nM}qXfHL!?Xm8mi#G=M(1mew1M_~iar-vL5P6ANaBl zxR=&5jemh4dQZJX&FOsmQp>arUhlGh|F^fTmD+{N(9K6SvGn~o0d6ZZ)Slg6WfhEZ z-rQ{)dgBLnr**_$?WTs<3{Ft2h-GEK+?4pqL__bT!T6QELu(7Xn$Nzo@sw&@=Xv+L z#{Isj`z^Tp1*m!D1JxoIxl>;ewDRh53^sYTzcy+A{bR@+NCbtT5p-cF0vPJ||Irbf zzH`Ak-kP@8ucJq;2W)MM+B(ZPeaNVB2p|Oxs}i~tq1&r1Dfmuvb8VJ(Uhvxa#xJ## z{t~npmz@2e?G*Ltw+wK4u?4j4c`1m%%Qd) zSu+cZjJ|Z(2Txsh?l1k>rVHo;v4hn2gf7|BH*N6s?^D}z%wBsRT`Ef0t7Dtck#u{B zU%KMMe~_6+LFR6N^+$S>tGmuV%Z)X9iyzdVJdAU@D}w|$V;_Rg4%MXWUp?^vKBH#f zfj>TCN3UFh&wgezB?OX^U0zU8Mt$4-Uws~)tpg25k(1}F{jDkcY3s60QwvW9S&0%S zpX8i=Upu8wJdh{FtjM1rj%?Yn+37mkq}VsF0zbAqRct-B3nv}fFckq{+CnzI60xl% zAWz$VVbkq?JA3cAuQ2Y3YJ2wgitQ_mdywF}P8OAi=###QzlnOodkVyvVNXhCqQ zBetDQoB%6xWGWmxU$7Jp3Cv(!eY1^hgl&{yV;309 z?=T9`7G#^6DEdl9&}6rFbt{785PM(=5_EY#Cu*}r6<*51f7RBH&tW1gH*ex4=(zEw*Pgy(RLqGd|wM!6> zY!uunYP;$~x&wNG%3fgQG=>C)z5@i0m-Br-E&r zW0W>akjh@GfNs@b)?7)kFIlHveUkbTa!kd^jLOCyvO)GmOm-r4`=Z@jmP?Rbx=(=u z31BA4%%_%m+fdYAIMisL{!%GfL4M#^SwBH$u5stm0lc2~(=);S;76y&4hZRU>Cj#<}+Z{D==PHM%~ z9=FowN9?6zmG(dUZiW5gLWljE?{tDRg*zxvOy9W?d=aDrhXOf$D$d&9IvH%OHNd}@)9@(HpAcqy!RS+D4+x{dGN6FqK}becqgutx`~dL9XZQ=(H~;Bs6>y zNg?3G3M@Gnpyv5)`}f~CXF~)+r;Cc{0kRGUu@O+`OX5R;$CHe^t}h#==dk16x}V00 zy{glOT?f=a(PR6W7UAeku)r&bBd>@A0D`lEz$GRKI$2+t#?eO-0lbo8ZfxR!++r+6 z)i{uafiy7Vdu#2pFVdFwHhc3MZ`ft@#w$Q{t}QY5LpApCuQk~h>uYR-^-Xsb=lrG* zEk_^VfS@pj_fXR^bb(x=&-O#c#306GL7ufEe#YSvs zkZ8|1bvNj6f=I{3$sW6Q4mh__3fy5-_e>=-`IN`$TN&4xY52x!Jb;8SQn^mySN$*V%r)dqus{r@9iSxL0CwEuQ#0EXpQ% zlfrS!M8{OI=r>h_ZMkIKE^YSP{Mwuqu2KVt36MvIRu*3HB+<9ZbV&e(7XnVI6hBoU=y7J#8oH@_%wtQ4r$6RoCCylo_1eT_pD**|QVw8F|M#7Db<0MfE zZ2&>9NE8XaFg3VX!k9dypl<1YlSFOdPz*GnOhl-a6r*4wka1`xDU2@xWzK*R>cd%u zEcX-xEjHT4G6oLT%+ZmN;s-LuNq^B~=VYLH$aE+vpnlP~6|y+r_yy_nWF@V^pm8Gi z(m4}0)H!VL_6t*&dQ!SJ#%T#EajzSHUdsug!^sDCefQ3_$&1{{a7t$0Xf|tpgqQ;% zWoGCDH|U(qJEssiEsXXOF|oA>L}3&R`055LVb->k5yjL$iE@V{CWWv?am^{IvwbZ- z+gE@i<%$YTV{jldhgkzDbO$ZMTwALE_ZEL@4vR((8cn~z8_ya;6JR#=X`6OxmV50Q zsm{4WmvUe5tR8BvIYo?5C9=0zbk}h7tP{l_BjQ96{w@kvbB*~7@CtlET0V=i+9M@K z#TuQlmiLN!kCPtpEbxE*|*Yoln-{N`^KJd_2WXrWbml&zr8)o0gx97xKT z+FHWuK+)U6+6Dun8SK~*n;e?7Rif?^&@(`Vj@*)66lPCYW7fKDoQ;tI#=?~bW`+eQ zsb~%|IVo5KFT>NpJ=`ne=EESyuO+hN1Unc3vNNQG3OS^#h4po62?5I%Aj2%mcqT}1 zPk_O`#pGTC>SC4pWoewoVTwO9`DnQmc?^XtP+_7kN`SsBE6=fpYWhe9+0-c6dNV6z z?4jrrrOBbR8AdG7@pKJ?+vzyB=fJa89#z?b*^ z)N8Msclul}Xuqd~@gDwg24;9ihTRZ`7V&6|jDZBulWDM}H&I+tIG2!kq-Ik$j;OPR z6_km!Z0g(CC^c-y`Ty4lbBEsK899q&M0e%x0+g#FH(52LclfQq}fW$F{QYJ z<`)7;k&FTAp=1};k-=GMxdd0_ZZ2RLUZEDqnoV6jPxMi_^->?JSWb585%}alA>*%< zfQ9ChC6-Nu;tIyc@jD&XI}F4FW4V?Vga(_*%_*YaSrgZQv>}>Cj)OGOJ=t6JHcuVH z!(@_{?y0oe5RkmeG@!jujn;eP>Csaw8Vsd#y~)q_znMb{X`IORO+gqW7lB^dvgKXi zDOX|yiv!&e0e@U_)%*V;@6JWwQw0m8P@L1yEl70m7LIeJ_$P>di~*^(33j~_FWnA` zp;f>|3`b=O2+>qkofRO5_ZJS?ydRx}pa37rUnpEbAVan7+Y_`sI4@(j$RyiDR{9o$_vVnj1td`a95ob5kU7c#bsdI3;NbvS=c)-+ zUR`X5>vAm{`7kp?&5Btf(}0!TA`?$~s#c-<`={Wb?fxOF)IS#$OSXU%Yh`tEs}zPj z)oV;d(GT(~fw)|=^2j1Je$b7`?o)QOV`%Q+vc^fB2_nywX(VMh1qAcf<}jIt0ctHa z(B6Eju3AIR1Z{5+V1 z>3-^@?zcUD=o2{5HW|MJbP|+wjLo&iPyJK-6h-QmPe}7Y52quD^MP;+MZiX8dH+A)t=>O=)Ma(!$A(&bz}lek+t}$Jebg?0=eYOv&WHEE zct0H^wDp-z^#r*0`|V3*K9?NUOX;F2rXC{`nz%tr*VJ1Pj;#aChouQH|J{5Loq*OX zsbW4*o*Ee!y@9h9T~)fPyO4L6hx)rM%Y!+qA{O z(GBDbv~int7+6LwWoWBzLN2;uh(Mc7)=F24Ls=Kd068YyI^pI~hOg0y6%6I%68ek` z6RuVYQJ8MtN;lHR>E7|mbX8+?@1dXE_cPwRKp{8(fC8cZOr&VpDuBxF2IXSrSIs}1 znqDTTjQ(VqEHeJcG0Da#!9Q_-DNZmp{>!`U>BgiTB9pYPk(z~JYDb_`C{WE~J?WsL zi+JRIy0{=2Cl{G(PJe+u)bY(i->E3Y2t%OA3iX$U`-W^}k%;5meO9!;j)LRV(Zd+E z0dq-gIQ8XTBIxz|2;*_H_oMeu32!cVaz=(a?OWH8E!qR+RPJ^)Q4eC|4zq4eP+O7& zGf!uF-#y;ngkSZ3TfS)j5~9XIWj*qx8NF|9$)=GnQ^@9d0uUkf{bTv7F8C`xPr1p5 zv5E++Jk>Wl+G0-~@mqa*(yqL9%dTGOw~O7>m0XJBoW-aNduz<&WQQ+P!*2a>t!)%l zQ|kfvozY1$@y2ap9B9pSjpf!hqmPhnQp`F>t+neTaq4rC>4sd46p?Agy1DPzUV=!e zxtpGF_q%d=z`Gyy6oLe($?@t3dVUFq&Yg4TsTW#kH`oK@V?7Na#|bBA?qpkKZJssk z1@(iy#BA5B4R;J!#|U*+6l5qqBjPSfhS(+qla93`-z2;=FIg8Hl%=PjWmrRd1m>Rt zGL#jJlXeR|I*#s!^!;>Zt8$!pSx>YJ+2Az=KljgG^FpE;Re48S+35b9+_3i7t_8 z+ef*Fqq}T_0Kx=NvpaMVzxZ~MiPdanHRv()5V6 zy?2f}%LR5FJ}bbwnLKutyYk^PoFV9@;$K zYz#T9lIWG`G^e|Y%203_S=b>1NrGe9^XFF|vC0FFTV>6(rTX8t$vcAtZz#)_8lL&s2Y@wG zaIxU})7YkbAsQ(D(0p)vlDqT5z0w~M>;VU(hwdZW7W+N2n)0eZ(Jdmd;>*i_L+D>P1sy^AcG8Gd1Z+~zd4!~dF&s!qN%qBlIzSe9SJ7r9@E7+f> zkRd9Ql2w#vmDIO7khf;3i9Y+;ZFrXbl-MUshI1l0YL|b}O9=pUSM=lvjswXBAb+s; z0nLqlBE>infzGz6n!Vv3SC47{=fW5|+!jt3pCBr!qYR)kO@_9#+GViGe&%>bebjox zPnakAOuumlZ^UP^n~B%lgLnFtw;b-r?i10%`%Itf@aQAtiGb#yA4f+7hxD!zYplzo z&h4blvQJ$iyM2v7%_zD+iZx}s9+VInHsLv6aLsayKv4owshq(5O7_5c=mHBg*agkg z1W$W(t)fY4=XML!{!BZ(kG!_KUa9Sw_Di_v8@n)5SVc$aUszmv7lI6Osr_9^@&*+&ZDC@Z+Hlmv zS_dtwxXcO8*aodE4x+E=8hh_YeLaf(1oH5)<2Hx{uQ8WS4 zQ-k3ZYHHlJzx)qvEJ$U0QixL=oB8aAI&fuR9NNrjCW>v76bRp<_JA^~3<$s=M#gLkvCRy(*lFi=88p{P_s9Fjjfmd6x8B4S^Jt*lW?#%8 zL82u7>hw{m0CxFI|9cxoDGZsUg#)Ba%Ghy!3g#f9hbufRL-<1vRKBHR!CnFV>~F5 zh_;y^V?}illwuhq6*7jAEd|3D?JBmC`gscuk_wLDBR@njcNVf`l#L`t`armxZey&s zSr!{6KUrixFzLf!y{6bvO`u$j0gn}0?_r}<9g7;RV$XEPzyx^8f zgqD4QS_Hh)LB3 z_txWQz4X3wFLwT9e&Y3wKB{LjE+%;>BT~^yTVNfN1IF0kB*0*agy&MsU7V^Kn=l2R z;YKpbSfYq>ilO8sINv#@SQuTj19_4fKUW`$jR&K=^N&xtKfh;e)q)_#D{5szLQ#$b zTA~laOWf88Wb_AMaMou=$e;o~v;0vjqxQ^WdoJ2MO8J#B_|zJKQaNhnyZ70VhE1yk z!}mPK{~@9weExExaRoNYbx4a&rk9~B5gbJBu{E|y=EDTME(coxWg?7%6Jo4mDC7yX zoop^G%2+?)OPZ(XGaw3mC?b|a!+|GEQW)Ea3Jc)G)dC{pWs3P1CW^DPq0vq~w%5M= z%r481&D+Jd-m|mUdhO>pkT+1$9d@`I80fDE5nv9pDVUgFeb5d)(ro|D%e$;PHe&C- z`UAUggJ@bd0Gr4LVI?EY9i1hQwZRRs2`p=9wkN1*@%t}Q7c9PD=iWSLZ&QnCL6AE* zedN3Gc*EUP1os~B`>%EE{4De0p7*-M4m_Z{uCC}w#_elsOn25JDIA(etWA2BbJ;D- znom5mu0*m5-P)Ca&jhcPLZ->^?FafP2H(%*EZGdT65}Wlgw&%*5v9W#qfc68 zbE%aRT^Jbc!5BVnH+nIQqoAj zk6i?Ze1SSGK1HkJXA9<{aI=x!Vot?l6ou^u5(?OozH7(r;^|WR>KCC=2+VD24c1~b znwHZ=8w&BJ+7B-a-a>11+O5~>gZn~Xe)t0!5DmX$cH1=YcLx_=_yJ^njJ`YOoWH)CyvwaSaUh>6Jp9kw>hew#uGltxHVZ zw!iwz>vp4i-qxt|qP0?i1Tsj(Soe%;SuO&4<=|6??4NzC)~bPN zYW>N)y>)%TULlwR{ol3I{kgY)TK8Q4cy@GCU%mB4QFbY9j=7yOU86Y4m94uNX|lTA zA$$Jui)1q_+H6n6R#(L99({BVtrxDHnQOXwqrd@1fe#p(&9gEfA{zIuTSNY`?Iu%p zX>rCznUf0`s@+;1ikX`;OWH0*G1v$Lgka}{^ zyY0jO)u4NH_WH*Pqn@BgB0!EZ6_P!Ry4n6S14#aOAU<#GS3BbeSj7y5QYiCd?+H~_k

  • Sj!MpA0B7BtD?My2Cqwq% z9$&x!Za|U07#6@uOC&FV?~i_N-Nwl#yzpNpt@9Sfg)JgiwVTp<#G0B+5`agLM0q7p zV5LA~;b@L3+mdl~`+`gpol3I9*W4Sq>-btTH^bN4x}rlrc-XGF-+Ob1NEwTg5wW?t z+m^D3IB!VXi>H`>zBQZcjgTR#{(F3QcfP9~&Kdbr-seEunW?x_;npEqiwI1NR5xa7kfVuQ>)bn*m# zkSNKbPHO4?16JL#%Z`@OCNhEF0*-5e38mb0W{a+&pOmt)2GozS(9sT&5L4 zJw(L03;_%{;?vkN#+hY;c!tVsP<)Sra++Yc7>3NS>VA~qpgefcsxZJG2@cuV?4Vug z*s|6E>?>q)7GogaL#EZ4lR5S~O_S8`>au@FX4lOjWp;5tqU62%K?jUjlS5=+k5RQm z^H4mO8PUWR@Lfdup84%Y`|6+Xwpj15z4yPp1AHgN)G-XLGvD-62i>YLHMV;~CfGj2 ztM1^*y}IW+eZIY}NcQTrrx&OV`VxbpTUYo_W5DYeS(qy;&}CS3DIoAdbfHWEdV84Q zlPu~6JG$UNISgHf*}GkaF1Lm;zGh(@!+|FI2f@q_-%j)t*G`N~p3zP1=W>kK_8Q@8 zz44J_X2`HTZ%Kuacp~B&y$fS!(_;ti(|>r{P83XAerK!A-RZX;9C%CUV`|~Adu+?~ zxcFstVuvmvoMqDle~B(~R%e%$S}FWey}Q5;1%_-8x?Jjv0V|3uq28RF@(P^18vx*q zf!4tE1N)b0p_@lglx&QgqJ4JwbhG`@muf8C*I^gGF=OYuu$Rba?;zL-y6f+->5-lX z@L37{-eu2zagTlF&+2TwYrxL^ukYIJL4u5+Nz^}U!ApZ4kKD(fI%?Q37euF%_V7yf42E_ANhRg}X7ztsRZUZsm}jvyP| zoDeP08#U1{kqMzGw$rUmstDUxNGmk-6Q$b)^2*#9(%6A{`@(RA|?jyt=BJ7M|#{A zSJ$bHPUFy1;yBz^hbIU$kJ#cSHk%lROdN1goJ7*zv&m2^J9^k^>kI5eYRI~#`s_;I zyxp0goyb0)592GfTT;N>I%k5Sr0H+|u12dp`4OvyUn&-+Y<{rQdWO3w34)CwA2|tp zsE@si(B)FB6KKTjQ7Ht$er%n4%OVg|sR#wVWBUu@Br9fLy?gIT+yC3Atvc~jTfB9} z?TzBT7Um;+Lui1x5buKitXmkEJRh`4kjX4TpTLO6>gspchlq=&}U87K50RL+K9o1#%Ds$R_pq<#m))F4fv14NfVM;h#)hVvntEk=&uc>V1b?3~z= z-dqsad?WCW#|WNbt!Q4e3GA5X7M86W2ehEZm2H*;6(!D|MEFgjr69mXLdkuP?mW45 zhk1%aCFrk&H&^%`Cnj)j$rKKE$^m2(NE#<7cnm#di2(lywQ?z;1s@9b6K8VaE^DqW zwU?@p`(zk@{jVCdeJ!E6zQgm}dP7;`A5Xo}Y|1IjNJBrI~|;x3Ib7;b6?hSsa&r5*h1k zWv+#4xND5}bWdB1PC}M2_S(UpTN!&MZTs8@=Rg_G#}#@-VOXM`e_h*CNPl+ z0-rShRC_fDI#MKyN^jW0hv2ta5^j_=l^v-fiKGG_2Ivj=^B3Ur?!01xvTE#8&+f*i z7`InDD5I1rc4dBIYh?Rl50~@RM_n$uM_ZZaDpSG;<`U$(``|JA^waz7lP4-{exS?V z{rP+L^V=krU@J%}QG_|51OQz_7WX*8EMDS*oRHX#a6%@r+X~Uip+3p3%6#z-jR$rj zWb8V@B?+w}PnA?CXAn@?=W9H*G+*X2wXGI@FA($Fx0MSe-B6F4Dp5*-& z5hHOt%;L2m8`D6D3>deGRg-1>Mlb{2rR#*i?`35o!ekC+LM#yVk=R^kpk!Rt0**q2 zf!XJ$4JZaFBB}gj?4%GJ!v0rekKoi0SKLlh)ZM}@7;X~ly&AG}c(2`L)=M4|2+9I+ z5lAu)F;O&?lv?Vw+x>`7+|_9h-+M1JSM{#xE|&Sk(MXEC+Qo{h)Ifg(sJG^WmW!b& zy)tMya|6&A0~;Al%YhoOWgF~dIni$L_`p&Q3^vcio5#SyMsp7Q$)XB7_{Y>IETE#f5>xSJF-K?@S`4{N? zZu=}oTMV>}b8$_X?SGyK9dKYn+;4A7xg9Lq#eO7ZpZL^^cBr|unpQF3cjrE>85E4!DVjH+JFyMY?$h&w8o% z8GXd1_wrGgS`k@5&g84E6DiO>=886$PC1oe(RnNwT3k~qfVePWQ$xA-%JoJ&OyuFA zr(R?OaKIj&1hOPuZjlNU!(BK@*wpoo58AbXCA&?A(;89fS%{7-qQkIdTOQAJ%_$FP z6lxsP7mm~|bx(c7YuB5d54{f@zpAISNr#&y`p`X?yUfkBA{SAtl~P+&T7=Q(xYaYB z*@u%h1$18sM@le-pj#QT@kvrld#Pnbjk6|^1TkZw-NI-&7X zt&M=94Nw{+NPP&|kc#8-C}5GvV}iD=k&su{;G8G>s`+qbX6 z4wvr6VHUH`{?^Crk;9|lB(I@hlfBo85jlb5LdrVPJ&EiZt0<)ARmTWWf)h4F1kWl#04XUdPC=0@WBxjRkmDGk!3N`A z<%Jggh7LwYgDn}yxTzkGQ>gh&syzFf4|!MY1{wkq)pih^N&sS?HOtptk}B0pJKmZd-X=K9W1GYuFu)-!^iC?EV1Cn zK}7~+9foP^x@p~meRgSR!#aq-UJr}`l@+pnpc~6_n(X9L)Vyec)>4?6Bhr;rTPjE` zkCoYZpcBaWq}JvF>q?CICmAcfB?P=dL3xEWHI`cuPM`VGu$5x`a&;k~&wc%?rw+(t z)B-3hb^SYVsEjsO5FM!grEH)2M?j1E*M4W#rl!d{Op~!WF=ju1XUtAC1gYtzb2v)F$_&BT?jx{he3atFoHt9>MG`}fTR+gR*2oCy9ma6bSZGf_f5i6qM$Er* z!#0TIRUIYiUfw)r1BnB7dScYxdV8Gvh1~r<-Uy7wu+Qd+X1o7>bMAiAb4Wjbft5GV zzelU7(UIvN5Yh*WiTY#>b>sJ#*S}sO)zrVaOgm)3$9~`%{`rRI`+d4f+mrB_;Hwr z3z;veP3q4L*c#V;_4ReDtP10Vq0R#kCNr}t&h5AIavanH19qJtgRXgCG_*S-J2sh` zv8Cl|Ywt_jzWh2n@#2eCcWl)TK!a6+xq{Ru?T0_F_90uASx4aO%0~DYzAnuNT78SU z8^_RpiwNLqKnMSV*};iv#vLQT(6p0Fs}9-+oa*;?sb}pI%_pp6$j9cEEE(y{3a%lrZ**kNZfm}i zoSr0rqjFC<^OgBmlueB~cwZZNbRMlM@f^mz1f8XG%=$VoY@&C{IH2P8LS0DuXMm!D zF1_aHa`GkUa$?O6LYH+s*@4w5>m8f7YoZHKd`aIlpVv_vHQSnUo9)<(AF+x93w8h* z5y-ExMjS}H*$*aJi#KRA+btgO9s0f?wQ_*Vbac_Mpf6@+Gd~1{nfYB%bip{8L!gOl z77oUlH9Q$FVjk|dr@zQPXKKZ!(MjW_1S{3mT7CAW_5ZBX`da(#HnpH8=$qJDN9M_U z^K1Wg(wmbpoP>bL#<1DgSOrw@tPNqz%6G<_U;APY_+e&}W3cq6^U!;MtbMA*#{0RC=2;_sv3vsjSc@19n;xY0+4XTyOjfC4LICMNp1t-ad$+=Dt9j~qd->p+ zwJ;7_@MunbwbcV<(|@+zZr)_?0qpQRfmk8P4)vW-fv>unf++s|CjVzjqAe?D*A( zM;94G1(#D^S80uhcUu`S&PD98_Z@B~!z9Pbl697T@ zhHo6C7ty5vTIN{Indj{jhu3YN=u!+_>X;7(1oS%{1VRp5A2eQq*R=BM*lyiJwX>df z9`f2*OgmeS&`z?{OA~cwKz3#|PFvAbl$w&$w3E8Ri|BdCv@*tM59d{Zc2bNU8^Fk! zByzf@Hs2Z(?Y7i4Y`3nE0f3=+4MC<%3^h=iw?`@7$WV$tl9dDcisXy;lMIQy)glGA z#A48;FW;jJ0l~YTe!)I@WZm{dmndslE_gA59MV zJRtn0Id6vZiqX9kD7C|%v{m{9(fI{9IQKB$lbaJZ06Iq=`h?fc41XqYxL}m7#olt@ zBzj#w86`OB{n}@%KSiv!WV=*j+&=%tAhmKvaHOJ7BFB7quF7|Bk9!1qa-NLaI09rTl-&l6M>Tr2uadn& zhzVQkz1DRrZr}T1()Q*RS>w|$*=G-}+d-U}Q4k4oaV9hZch&aZExST}ynY^&rB+m1VflG0wtFmuzRo?BaV&mfP4O|Q za)nGM>mXCM$$Dp+%}*A{P{wW+ixzy9nWsfyIL}p)GmrWA*y(-55 z1dS7Iq--32xR`x%wKdm+coQqJS?sxO2pJ*Kpk+AcgX)6CfCcOwT(MVL<90Ns%8q~L zj1@lGU=7$Y4fKnu@+Qz|aG0Ne&+gppunv$Tra+*QrY=W`{J7GKl#wb+uOBLRa{_dT*UIA3ca1VU7}@`uOQ4Ysw+Jr0IaAzWiy2bhQy$v+fS|9aq_l zZ%}I<+w1gPf%R|JS%e_37hXsqR}?Hy@&V3FUa`k!{;=LHQTT6a1VjH4bi)}?y%!tb ziDRt)j2}+e$De7!?t-)XV6(;l!OQ4T)MWPq^^AVn-bL^+Gzk(+Bt)$U8R!v$IU+c& zv=>m&zJueW{~`7P+2}!G980AO-^#%) zr!2PA01%8N6~(r{xfs--92>zo)d%m#u(c+{)9{ybw74tjBG_x>5T=wz9NWegYl>h( z3z_)YoR^S3FM9+=oSpk-+Q$>0?@SEWzPrECwK-e|G?y~67g;4ce}sET7Yy;N?8YSW zRA@OaL4-DHPn#kz$LC{jaj*q_w}j*h5@M1CcKmofI#8Ka?B8#pFGlU;{C*&cr>(P} zdD4$R?QDCrvcQf#^MVz$JYu_sL3hD+;bUD3Y|R6W$(jkoa>oF+1hQn)g5s8~ zhVe_`$c$%KAv39ij!dmejM`XU)NU$BUTdIigd&?xq3;3cq59pbHz-u7Ahh=qi!c!L zTR9lBK}UeqYPRxbzPnVH_ErtO04DhTeiKG&v1x9}p`nKUr2CQA@FiIfx&b`Y^u zQY^`i&?E`5c!u$O>s&=9@t^Z$sFi_JUPcCo`)|c0nblss^(OCKWzr+KCa!ZR@RRo+ zZaQlcxyL;NB%$E$sVUCETV2N!0{32J`<(Yb^BdP^O+JLI1dHk!LE<0^cCdNBr7M9L z>ON=DzHaj&WCNiZ3`z||H#AwxL5dr**iPKe!T8KZfvl`(yu=0uQ&v}1Z6{Bc*)tz~ z(q3ROn4g@t*&BTp9hkBHntHORNOi=EY>6W3X(bV)IrfpyK4H(D-ej4BXxT-;*fC4BJDqy^faJth+jj>`T<>7;N^jVx~2!<#T z>RY3??d;WdHvio=i{UOwapHoaTzmO*r|nrLd=*6rbD?E2g0cjO_I}|LID!`uHobP? z689r=Y6J)izrPllqs%fHY3VONcG2O=SYuq>$tZ977l#KFmF5HLExp`ri+y3c*6~pb zKXbr7@n;*hs}MNEH5Jd30hg3@l$bE7z@r^K_I6;}&R$uyOH(M~Y^ZiJI<^N_gUv!9 zb`Zb1KW-e|8^&MD0&~C#8-9n9$)NEp#}!N{q2lI+m<7SAjU0VW;T7hkrIeLA1aJDh7=Gl;Wssuu^#t8I4iDxUV?I2frc3MevYc|6E45sypRQBy=r zJvi4*MLy!4$E!TweWCVd4*h^b@7+uHh5o3;n(sU_7t=8!NpOzj5GC8Z`-s&%iGU+3 zPEe0>>IIpjxeK@KoeOQ&Gua88zzPd05RtS;nJ|Lw)E!(}t29`|rs$%DEU87Gm4+G2 zlviJnB~ol~R5|==6t#e`1T`M~YP%zl(Y=;j5v>zI6O8o^+P7XQwBt|iw|@#fU;K2g zeGGUQ!H0zqzEeHjcI~y>cAm)8%cBTuib%8Lv6`wz`^4`&L(RTDR!tUJK5a^)%nMh2 z|Cj67G|b~W>9Jp&zheJ0bF&vEFDqDQWhYPA=fCo-ojy*43Q&95$T`(z6G5APs}`rj zA`!(zVV%Ee|NGdx6nmzKu2R9-_(;wu6KxBgn;@-t1}9pc;5bnp{Ww-!?Ko)$nZu0* zzfZ9!s+N+9e@96Vnj^cSkZ3GjOEP>Ny#t>qv{qyY@)3GE1zEIaGqVYl;W$Rg33w?2 zRA`(iCM@!>5%&_Wavo|AcV*n6vD)dPIwb$pF*gp|t$NV2_=m$y7CmL&>s-Brr`(hK zjsCpv&~3Pf`a%nMsdk8`_3T|sWD(YVoUF91`6V{&jrPn7FWJ+l8f{-;+zP|=Q%V>L zLU7-gC=^N*SI&&JzH`I=diYJ78=r)J1VIpirMtMcvTkW+C}Jg!%uyPRPpLX`X44iu zZ4vFZg7G|mZ@qou%g@;pM{BHTE^7JwT=g@8Qta0T?ds)D`^H;$?DCxjj6QidCrJed z2V4_Y0Tt>K-dyNSL`=BGaWLP#43^Y6%0>^x!jrtPb?zNs9gVqa-$x;rDb#zycH1Bwe4ATHhA!5ezS`B$0 z?LYL}%mulj)@&`(f-Dp!Hg|J0{4lo=FS?~~e@9hO{7943d;1}MzWB&n}w8FZ$o~E#NcgkM>aj{LGYO#O*{EPNHo9P#T{z}Q2 z8IIWq^t|$&ckMk4RPPXwG3$&Xw{3nRWY^B$ey|!iQZ4%MFO=s~nj_2qG(4$K+%UuVGhYOHcnc?kB|A?ma$Jw;i9io3v z+GB?v(7&(Hzvv7`z&<;7_Ky9>;Y|NnS7+EfzxC~iEu7hJEnj}do_H?b9%mgEG;<1h z86;EQ4_(f`%XuTfna%*6sthr{lfu7A7T{FxyzRokaq!tjtD$gx>uVHZ2YNLfgMZwn zoDLH~m}dQ)9u0c;d-{Ow`|`8)#PjdJ->mu9biX#nflR_tXiX$rW&L6Mt*_F*0~K!k za<|8?obmhp7RGo6$8N8^r*;nC+fH#c%@xrf=E$6&Ij=f~aSQ{?WV{=&3v1Np5PZq@ zP(93Lw|~3CpXgLR#;@A-@02~dzrxC(f4-&!n?eKnq~WW3UH?++eRlSpTlV$gC0j)9 z#E}aMZb>>FICI5JyWN!Lwd9BUUYVZUJi~t5&2Z29jRH@!Vj{lo>z5Y=%x6jTHFUO- z&b0kBP-1gWHZvbSYR{Et*$WtDjL60SV?2E0rd|HdJ9hTgsGXgqE~m1QJa&2bF`zxp zpg?Dmz(H=z%-J%5P9uw|Q^ER4#Az0WPR%14s9(GOJlr4XLjQe4(E18$$nT%BLxmJb z?wzu4{wE;Ek?SrnM064H^j~xZ;zb3PT@5IGP7q$wN1^B0QoC|_#j+mVZBM-LaeJXK zY#$el;nI-V$W{BhcRQ?ejE(1{oGie#HXgCx{)1C?axanTjC&q(P?^2y$|`I81MxM{ zx6FsPe|FQpKCo!FKo!vXrZq32wT6dh)Pfh_1J&~I)>DD>pimDPQCE5qszOy_41^oC@ul@ylS@s^P7uFE4^x526o)!85JJ>}LTt^DC^6;_|NtFN`%_XTY`HE%=I zd7C6~6*sZTk*{jHjO9Klw2fru~S4aU>IE-EYkb@eB?f&_#%F<<@ zw0%JLeX+K7_CQmdGwOT8zT@_VuRU%@>&dXvK8#OM0ST6yVgEN^KYw$;{^r|v?9SMdt*~!R zA$J4Nv$}D=z4(Qf?D1wYQyKR{90(*BkYRPfdd~jP-fNw(A2aTYz=_{K?%bRIaug(i z%i1J+V4gsP@QP>(LJtTqtcY%nQqX8BMU5UK`|&zv&Cw$J=*!3K&%g4VeY76b2eJV| zLH3^Pi7)+d%)a%*E7m%)X$#pE$QlGXM&ib%7W>_Q@RS`SK)L`}?OX*I@Rg6ug!TDB zd*k(+_7~r}VO{8*(Ht^hWUOT`URgn%u4hi$nG=n6TmgW{;~2q-sTj5AYCd9z2!j7) zIBn;?^PYXb{m0a0B=fF>pz6W}oNF7lueQkojsL=q#Nzf68)2=RS{qawPJN&3yk>XK zuG;HYfh|{-7sOKyB&W-GEDw>q7k7C=V|>qN(n-j$p}`iNi`nv>q%AilZRm8u!8`hb zt8DLqO>-C3KFd3IN3+bVP2P0lJKpQ??#FA{Ks>Dt+b5_tpzYK_&oBSc^L7-+Whp_B z+3>E=YElHq?D^Ur%S~hRTphM=fB%w=_g=(4$G8I7+TBUONubYOJiW*M?B%c6OE`TO z*>eP$W1>gz)$4ZgZ!fzb^UDO|F0T{l9__dB;cNnwUbLqlDYHNP_!bUWg5Sx^#TbX- zn!U6lHOZ`LKX=960m0~O4*}<71*(Q(3jT`Zf^fop)|My_GY4`OYv6Jed9+C|8~e0a z5(r4Lj{IrLN??~9?pd^-yhaVp=Ns(kOULa%=m~pfhD^Hx?8dpPcIWML_RinDZddzp zv~HBzS_=J8a}c{=5=Tu8`%#Q_gr%Qr%I>BB2FU1?6(oc=1UOYTq35dAV{84LKYG@V z;A||zH<5#bInCaF*RFkb;tz3N*`zJ4cH7T>eA{AVd9Dpi+sf3O^^ca@c_NFSCR_WT zK6x7GTl5!#eH5OFRAOI5U@I`R-EW__%RiX6pU#t=g>7c{zFPbJKYi8?6ChoLOb%mz zOb}#W-PmA{{Tcf>WPFtS{q6V9+i-g~0nWs8gqzVvkqhXf4mwUjFHCC9QxsDk;%(Y3 z-4I!n-wSRot_LcxoO_D?yn()Vxd-vPk25Np9cJGxDd*ugL>_7EgBfx?F>+;m-HZ11{>ucyaUL+%-u{RTI%MK1NGub;q^`0C z#@CpiYcrH3AqZLt9PpdtZMq@3p%MbJT?wXFb{?`;_(F(y5KMMJ9OCS99mO;fJ~9uJ zoHtJ}M^A6aDsj#|`Pl}09(lZq0>0ESZ1Y_p-A&}#0A)$WH++i;cyBQ&MF-4mG zv~^_p?8mby%K?6>tpnWZSuj`;R>{>x>%DT#{PQ!mS>v-^Ks8Viml{}$HhrU$C>2s1 zr+7w@8bk2T!01S65Jonvv+WKrY;#sY^j?q|ze-VRmUzoklqiacKQU=>n{-ZJO!othh^&(U5C};&+jG-tJNt_H|Vu}PrU!WDb1rlrM>)yAx5qsQ9cn6m3+>aF9Uj*GvD;wk{* zpr)mfbkABl&{T~wwP@|6$_vAlVRz%@84h^Oy*z#wFKPTZG~NgYMXcq3VTuRQ`f+Nk zm!yc~86?siOlSnueaAKra1HNzY-G9T0>YskmV3*#Y?8>SEz(&rU(pT}tv(__&-YkI zAI3p&Q-y(>#XL-5%lc4Chs3&q zgUTwT9t?|ff9n-sDtk#8->?ecz~aCoC@ngTfDA+zEwV&Ex|Uhk;Axc0cyik2N2B)M z8{-&6HmwgOZ;B0f3`SL~wS$eZ|%&C_ex{ z&A}@hT8vx=)mk{fk=LWKWP%@|ytTY+^LP5Jodxt~=@lDigB`_5ChhS~ym}SqNvUP8(=PaWi|D@;vM7{ABn;Ue;f)dN>m0S|O`_u>WLNP|#wb7DrI?D~ zj*M9U)wF#lG-Opcxh8J`y+F;WtvHdVN>z1=tmF#v1(~S2beq5|tc-QqaO;+RJJw}Y z(0aOq#b*u}Q8HH3IQ#r8$dW~(kXV`#<=hQh8z19-X5S4BS_Su;Y8|rfiDexAESS;; zI5Hv?y79&%@x3qflZQAoUb@KLXT93F$i|WtF?rjD zaKwKLScTOYoC#zDCxFPfc$PYgMAG+dEZGtP5aIT58^pKw6H=?DCgyAfS)&>t?UySp zj)s{}-H2@X&%p;$hblgE%R1Ugs~;m;eKQ9iHhjhaU{1TI&+02Ypnd?ev<4LH+c>EG z1ckKs5Lru9V@&IVB0DjTY~rYF!x<7=9J7)H{D*;N3m#7+7Xu;i{>jShA=0jQT86-F zg3>0G#t@k$ilX1zTqIi@!v}_jH45M+xDJzsc5MG%g#Qg3ZWwh<83l*}$H*H1KRp|V zdyvg!RQ)0<$Q6iw$XmO0lPmiOSV*%TuP#p7?W^s;WdRGzybGYTZ76C9IT0dLAlfgYkrrh=0z_g66;do?y zM48M2@41Yq>wP7wRsfvw4P?j_*1`=0Q5<=xtj6N%N~=4#kF2dmJF>5w3}iNRovf`y zEXvuVxw|&qYlGJ}>|3#JD}-N%+E%Q67Nan0fb=XKJ`DJ2V0Bl?B31vkX1xCSF>r6P zfso9-+rJ6x0nbl;5HPs_>ZA)_~&{)K3()3|V0_@GM{>#fd< zBj+`2+8C$>@eM(Z0OJC*?vH)c_9B9~^9Ip}qeQrprMcZsrzf$-@7(VO_bVflL`iJcD!=Ib1Eot;VZ~QQF z(7z7Rg|#C^@KB0O`q?qR{rra*otKuZn`qW)ct;LLWdO0wu$fVx_x<7$HOG)M(1qoZ zHQS@l)(ZMx=XGl%dpmCEMP$rxqT}t1+cpt3>gaS^KtRs1LAe9U`70?ET$h1L(9CSc ziMk)@0Mhaf*+Ju*wuk}Ettc!K-Wt4fv0wXzGe{C>5nEoPt^ztA^&l1rMp{9?kKx!w zaA#!Y!w-U6U!_0caN0mmnwZbFLgw$|2MM%UpR^yJo3S|cJbcJr$v<}o=&OibAvU;& z_)Izl`jiYr>x*Q}TyM4T>ICs(c~)IamV)%ZbvB-}Q+A6Wm?(}3Uzm9tAj@Qa+-_aI zLtPNE1#r&!+_)qESzm)hhepV<^RJJS#Ra6MY(NAotWI`WAM@{<=(MAw1h64f7AB*N zGd1~UX04NAeT%>thr3!WJ%x@z7SA|H0Z|3*pnok7cUvd=z)woZ7^}*$EHbDBBg$QY z3dL~*pWW$2R}`P&91wpl&ri5^u8!tgK71*y#>oeeF8st^58q+jyB4hjBhr?PK~6qN zmhnU8{o29|&aLYhKqo9TnQK)=1X_r1SjQY)M#$LUy`TFD(|>sedG_7~i;k7sEc=x* zVYR}7tD{pk+tF{p>RW8I#AYxQjS#87NG5-3f{ZBW^0#cRhnb^M{GNi(lhCDq0GS3|!^oLH5QiDTB{RTbZ4j-$ELj(#CLzD;AkzH&AXzjRS2xKz z6J)UT{)gwf4C`kmM2ZZ*t+i1bYLD3uzBg)tg-P^V9D(d@AcrSkGN(NJ6Rl%?z=A=5 zB2a#BrETIC`yTYZZ0HoiNFNmAas<&0e17(b?bPRC{ZpM^@Q*PnieLIjDvsG3WvkX* zK`kM8Gy2R_sM;hp|r?V4oPH06JDz$G@)g5Ao;TcJ|)7LpuxZwsVtq%IJh0B$Dm5v$u2B zMi{?!1w9~>*XdvHP0pJwurY#V@)&c$r_c71O>$$xt`CqU05VHj8E6>hH9XSkWz%q$ z7=jT}7`w*@efH+}mYI)a$T9y#|84Gf^w%bkeN{~SGPq3_P)f)O5?!)@gG@n}wu^m^ zF3JvyLKh*S0M%hD3)75)`j>Cx7;A$XhkN>$MgPLV1?%mie_U@BzIFF!t<(J#Tozqr ze{`F9^xa`gPmdEANgxIDNHuNrBiBxTE4JC@GF?Oe1kIK5(a(Orz41K|Y(}Q73q4{^ zhI_u(@!<22ubK1Sj3rw8Q<5*d>rf_ zBMWWQX33-qV1!@BTF!PB;*ecJc37BzmY!SPHbL;$mh@d@)97%Iy^g+gvyyCmIoVnF z0?Hhb{Sd~NolOC_%Oi5ipi81tu`;lZK_~Hz8y!O0X_S zRwNE`&62@aG>!hgDAkc`I@usT&Jf;_mvLa;i@g`-rtHS0%eDwo zP9e74#5%z>)KUy%56GcDSHL#|%yPfo>Y=t1Y;C0kiBy$S6RgxKg4kw}2k+d#CWKRU zlkts0Yi+wr>zfG1YX&W;-cAxUF}#TF7Fj$qGG^D#bpTWC=~-KpCt1RFn+2?5K`!=I z^cTswjv;IoDkDRtbUZ$61KrE^=BqijM#gO)bX#O{VZ9(QbCp_W(`3S$z4pBYTkD&! zK?TXMwmT?G`tNv7{mzhpSN9zHaGU46kF`F~A#6v?H*5r3OCS^7UbI(bdl?$BcI58F zs`PWMAnZq2D|8LXQ3bE-eCa*u6t+O@f*}I5eb^rqXupZQB#QnR1bQzkmt+^#fdn=f zwN>1He@ndf-2LlyK=*O4nA1WhVFjQH2eQ4V$1aQx+sJ0Wb)Ywg^U4X5f>T+yFv!t= zUV}`4Th=DWyY1pTaT}(FU|2~2+E2TTWM!uZfi;{n-!hr51LL+zpMr(h_;abzh1|V% z>5|QqP-=n=a1LjYWt#_7WEd2$O`u)dhhz_6e}sM(j}cssy?U8op|;j8`(bFx zYOAnCVeio%RCe^N_>?7=M(h^QwX2|^5rxdWMSvo!0?>I2Sj@%V0lW6@iv2ab?Hjpi zL*3M*2Zl6F;E$(|BbV^W$f-4SyT^X^Bb;cU%M9S~T9iW*Xlj>Ogrj-1d%)iM@t7^O z!B1R&g@6Jf*v*d(Tk9{*+U8)9jaLu|k4;p1{Bj?%t#8OS$FT2r6<9Y8{~69ZPFD2a zKW2AF@7I0hi^bVdz3-3#8aZfVW8?OtSH5pQKi6v4x`-s4;fF+o*OP|&`G5Qg+XGJd z{4ZX&_UrBT_TakBs=y%8_)0+x6@W_}VIW}~$EBHjICkRNJI_w((1IW~6H~iwD(}VQ zG|kNrzR5i6H%Mvkw@f%K91hxw4T{@D=sNnZpSTzN)q9=B;jZf1q#c0{eZfP*%f0rV z-akFI&-Z?#i|c_xO*Em5jDj3cO{W-z0s{eHxk^sk{?kY8U;Wu0DFY4C{m0?Si115|@Y z_X`Ay-B_i-=tXKmJHBJny+IVT55=~i0fQuqRbrx)novZR@f(d*1P55KkZ7ekYR#~z zS|7wPnstmCGhemiPt@AKe6GiWZ07&<|I}tbzd-~=6;Yx@?D&BWsBSrK$3FgPI|dZr zQ>$k&RJPmy@)icpp*0qDjgf?~$4`RD(`x4wI_RLd0U8Qz7(Y_)^I3cpLAOeMnpD=Z zxy0|&SwmXwnp{AA%t;Hjy4KK z#%JlDcDulyg(+s9lg-0$RsaA1KmbWZK~(rcf^{Oh;xQs_8B1k0=^V%M-fgyTmwBiA z-ouA{s$S^We)isFKHx*my)c`noGdc+ICpbP87do=pM&DY{WejcQa*}@lFmv92Kon> z*34Ooj4}T71LK*Wh`hW;8G|YMJyGIndc|2#P<>gf8NWQnwt5bJCL*IBM>uc@ky7r* z9Ekzq>LZ#scQ<^<5Nyp-L>=dkSL9J+qn1m~Fs3YHdT67TAfqn?{}<-bew?OKdR3n) zg;FkhMyDs7^CJz+WiT71fyiSYY1k?MIKA8=YliuN;vZu^30yxIB+HX~ss4i^ID&E< zGGC)OE0ZkLK@1~;sR@P4`5yVm9DsX7GTOV0ac&HK06x#!!yL#)vS1v*P~}INOp{rW zOqBv}01j|DplW371n0)N7xla&M4}Oy>IPeVg{P7#&P(>A`Wz`haik7ckbXtj6y~DP z$Jmt3FQF{Zz7W|Ueq~(2$5P(argRc#PrR6ULKIAq?zd>cg;C@Lt;#BgP7q9dugA80 zcEU^>J;_HMy4Ky}ey-y4oewfEcw*XkUvR3swD=@*eSMb^iO2-*LyB_q6Nl~dfAT35 z*tku<^{Tbq>allF>IAo^BDI=}K^*L%2xEu?RToVGeHLIG1=pzy#)%k7;i>RZgTu9% z)a@V+*gO^fB~ojN2wQekq)jt!%)takRLdc%zMd!)Hf`%;jM+-16{nlvY0S6zqhR6> zGVc9c4@W@g5tQdr7vU99AyNJqxIL#C*mXO{@|RWGwx4IM2xB za0pEC>=v4fV=2*zvN&a1Y$DP)cZ0>ihUAvxsHSEkidQPY`hdI+0TCoVSK(i6B(ymS z!w)&)N#@-$YnJN$1=u8qfqaTYb|F6!WN(c+c@xRnWrxpH+kf|m)s|kEx4-y5uGsZ< z6epq^HBWSSf8EQ6`s3Ca#v+teLz?+9JN81I{fj>a@^xg`zVko+%+B8cRttxt3Jhz^ zJ-&FTTV#GLJ%LRW#^&(06KtDb#h&6R{%IXmZ9GL4$1&Wy;_Qz8p4<@BK*(*@^`ZVt zt}}d!I%EDP{vY<X+j2Z42?(v471rV6Vjg_*b04zzR)`x1OzG{bqYi zyskv+5>NU(2caQ76L2l*^DuYQmvt5iAQhwojVK=ZV|zp3&DHW{IUb&*yS?%dciWmhlmu0fD#2hptt%)j znh)l;^_NY!<$Sny$Q1+HTlu`|^sVFzWtweFb7mf$E9Evjhh`FRrQ2;zm;K??iu{A2 zX~?o$yWc_|FtiU9b({uE$MP%8%)RnTjiiZbRmyq8Zzpj6Xl5_(a0+iksH(Eptl2k z%C#I%z4EsCj^9;4b%&m`#Vr)o?}}~9 zOW~Jeo>_=PU}m{Tb1_~zWOZNWy$wT+hyjix-)lupv>BDvrZ~~aUnmi zE8i*e>fm8?;4po_!SkF=e)>?%V9%Ku-AuQaJ~YOK>ci51X1mzY)pyeGWU|M^OXzS6 z#v|+wLH}lnEq+HBfWSn}WK|~pvO1&B{s!B<^|P9$Z@@E(2+vlA?$pyyzj^lDQC3** z!CpZhboD)icgGg`HtrTedPkUSHnxTdb=U(s6Pz_e{3Ujt>F0K$iRU=Nc_&)lnXb8He$QJr|cY@wfk0H-7t}SK{d}za0PMe|RNcJI!$|w=>v)J!p7jYuxqW zPsL-Oc``n_>PS3t`kV0=Prnua%h%b;`zW?XY;gk^^GDWhfqt!BuJC}~MeGu+7V9t> zbZDIOpjk~t#|OJ92_JS~(*Zf~Ofd;&gfoCv-+^9%-!sQ(6LAd3;3jO87|^j1Fa#Ro z^l#_LzgZ@~kB-bSfWUDeOpH9uw(c;UlTlm%0VmOkiyF+x&*7mBz}|#Eg9?3z(rPrw z&OvnFxS^5(7Z*+}G3mLBjkm)#mP<=)0eQ#cvGt)R*lA-SzIZnSOi#Za|NH;*dK_XK z-3}9xrmzKh48wh&{Cs@u=f4mi8QvfF9sINSi|_A^fBG#}1uhJ*-6cnA*dK$Q4(F`R zF?p_^6^cWoYl;5)B55s|zzRh=X4zhOWDBd^ZX>@Y+3D&q_Am9iOQ|n(h_CVUbwJkkm#?>~IcPsXksZ<#78a|Y4m%wG4*KmF^nAry%g9D!9%^8@kOvQ%R zVWr&61pQp($yMWh+MJOoVdwUO&~NlXWN*WUJK|Tqcz^unuiO!@u-)*#_@BNO&%b#z zjuT*H-Huqlbr-y4@-_MFt`{~8Eq`r!DEYSxthkz@y0Ocg zehIt7E#P<%_zbk7+m-^G&VXm0!6S}u>BoLKz{IjamVc(**$E=R>BElebAicZ3k*bO zzKpZum$o5xfpZ0F7u);*^2X8*zNuf4-M&61mvb+{w=R?42L{n|grA*eXP2pC$oMw$ z9XUpS&QH9VyJ!uwP@|v8%=UlhC)KM*fwKvI-dgJHL0hi0dq4wD-e(5asP#-SJ3a*>ry z=VD+pa_#O33?g?mj*^YGmt3{%Q5d;pteHT5*(SHnHIGm(OnByeJY?nff9IFuzy5>2 zPq`b)3I5t0QjS(+*|ols6W4e_pv%ez2RJ~Tl_=Xk!WlNVZHfDtmAG&3;W)@jgabzy z*`y&fODBz#WMVQwD5TsP&|z#Fi537dBnu3F?Uh^gA>=Xx&n!5l%~j1hn(+7H130 z#+^EW!J5i{3Ipg6`yI5 zY~|NSLxt)W8Io^yE>JAEI77r4k0b1(J)p8>W?6@UnR5r3sSKQc6n-BCg@A;%vB8QZ zR}iqW!GhCeAZ3I>ob$(z(V$?}4g;+lKlp+8_%Bdt+s~)tGM!pj`^%~m<@NH0V`Itun8(~kRK|- z+^riR%5KRl{LMxXykRzioe*cH&9Y+Turp|ALL_s6OM*c~9#ZM`)4&@x^QidjWG|54 z(`@mxh;kdm_})(?k}DCj%!rRWxysLFF8#dPXML4}au)z zl5HGw6;M}0JOePyx^v*wEwEg{G%|$TI55iAXbZFmEGuakvTQhj>1=3*=h)1RRU^z4 zU}hOvOT`aQMr~}uTgt;ME1s6fpG8)jcn%iR?U4)c$TDxKx10mbVy13&CPyE$bZ6ub z%hr=8xujOZ6M1iWa~mfH(gvu^21w%~TZeVnmw9H2#tan@>jNRCDg@=UkAduxPtu2M zkFTe}V0{O!4i(JI8Mic|Qpt9LTM|%-%R}Xa8AxvRX8zGGOXH5^(u&$Y=2XzRVU`_d zZ8%Wo`Cdz`_;NtBKbJaF*3`Fz&9q?X9T;+84O22R^=25v5uP(V&Urv4{Bh}T?ZFO_ z3|u+$q+dA#PTvwTMuTkjEDgR18+0_DDC>h%YOcC1*^{sG*YEb`^=dDL%4k3+K+RMA z@0G$y>Xiq>S#KD@a)(2f69&?0;!z*1jm;l>jIEb$jr)+h{TQGQKl^+fJbX3|(|~ox zOg~$rb&#Vu<%NdOU_&T(Po5QAwC?;MQ#wsqNq zn~p0GZ`?&rDuXnBXC~f?b0I;MHE53(L(1CcFv+#BwqRwLpyeqF# z4z7s^@(&&^Fl%WRxo9VhTna+i=tj$pIuiYvSzvi!FmZ-i{nO?l|LKt;N?l|Av06;M zwFI6nayHAVyai^KcGqu>P4|zmozOsRy_c1H7!K#mTgv>_TeflD%W+npo{n#^y5ae^ z+}Z|OGmT&dZx>m0>*REYHt~orS4T=*Uhg7((2~T7t&eSujjYuon;pLBKZUJkq`61wrgp=>w(&f zgAUd(dbRTDnJ)bpUFzHn_yS$CXVF*4-v9%n%B?y{nCcBDD9mu)GwsuP( zIIB{PpKYiD(<8H9;OR=ayli=(okrWs0f%?PpBz{v9pmfSGG)h3&RD%Q?qMb4BM;KX zKC?THA9_8$#j5Qe9HfO{GsEWi1#){4=~wv70TeX;M=Z>FkJ?KKg+efAo&{ zQa^{zGvj(loxp00e(Lw5`%c7b%qBd-p7zt^MHhv%jFvV>u4-b2Hv>&ewCl2JlQi-t z_tF;@ZEib#ZW%L=UYa?p0r28-*AfhT%YI`3ux<+CQ2n4I)Kj!Msm~Xgd{J^h8;CQ_ zguUp_2sDB&$X8@y(ekHUyiIv;@!7ZPmA}i;nYutd_;&f;@MYGS$8XOU>m@IZ>hsf6 z=nBGTLoS^g`J~Q6yqDmy`g#z#&+Sd#jxTh$4Y$k}%LwI&?ZjNgFoTdF5mi(9|4>b(ji1O1TjQmy?%+oHI;mpe` z%30H|y)>Q6^qoil_2OSCJh;?5ZiO~;hPYRf>np|Y5#GG?=to{plNJpp>;&?z^C1hZ zde{B~Z7v%_D@t;YjFwL1!*c?c@hd431JI3YRvV!*$I&Wp*pOg=16Xg236 zKW3N|>=uF7T#hoG^!qQ9&XssBCM(1IL!CbhKkVx>g*^4IIyfgBFmRCrjo8Ho8TebxcB@XNak6CA z%h)s~=`v2aBaHST=*bnIJl#ph$;Y|ClfH580K;mcnTIyUz`C7r_hW2{{7b9jVRj&y z--O)4_dd=#yyf-{obhv*$;F4_&pDIn8CJSz#OBgc(cPO|j!R z*>IRMg%%h@nm$TjoLyIy3C6V$O2N8Eu*LeOb!Z|IwCu%AF#L+<(+ z3_Z_LJ!fbWcR4SNy`>2cTq7Z;c@}R$7>vUGhRK)>PWWVbJDlAHDUtCx`-!b^NN>j6D@T16TTn$CbdkKKZ)&>b~B4> z=2_H$l;vc21E&t)jPNWcgmoq0Eak|F&)QY`vAuZaU)p1tu0g9j%myGn?chdUvY(1Q zIqfLwx|ZMe8!5}Wdv|G94Xqo;W=5DBd|ihfN@kHX3fDN=;a(1{+xGa~7@$Yv@aucy zYyWCGzWy{b)Y-PpikZMs97gB#m0L- z5P#>_e=45*)E%)Mp<2t`L)FLz%U<+X0MK_SeS}YMq{x^710oZUr z`JO*Yv;`NcFdEPDV$y+l^Q?V&HO4FO15}v(oRu=fc6b`DRkreNfY}NI%x39ZBQ9uA z_@QUX!2^`d05b;AXoOcG^I#wgNX$^!%n&$6ISSb#GyZ+bCzIjh(5xupAX9&kLW5# zjU(KD1!B}b_Q~ycnLFs*!}i4U-->-}PQ|ll zo{UdD@j(2_fAMJix((MkR{hY}@?gP%*%L8-_DAvEXJ3u~?z?+9(2_H};IaE&E1%Ak zl6L7#!Q`n@Pg%{zSmm)Z9J-5ay9CTpwo5e6`eVTS2n#Vi^+7X1udb%1N*PbD(EmX&M#(Z&QGxDrO8NmMv{ ziS^=3w@l*29x@afYVe9CC5;JJYnXPoWE-U6(hsh>Wj=J{m$Si{ts=H1217ijp^rm< z9qG@;6&0Z(uOhbsR;F1Ok}TI=)S`T8aP`soPh%8p0g|ca z+dN7V(xnD=;QMOm%UL$Xd-XsL0@+%oe0#=T4jw_HD=HRQb>ym0w*%`N<5m{|S2-1f z@`(oGt>k&Z#r>_u~)7mazxPpRw4-Qs{3mQ2LGUzZs_v z(QIJwZVsMmlpS7&9*|Y$93)gO$~oz8FK3*=FWeY{q$E-{X{@ra8(PRWX0yc{`Dq!4 zZ8r30SF>`Eyc%R{4o9VzI`@zWW@WMZm^Ja_J&7_S;Ozh_U`J^5~%4A(w#SNxsd_*{IPGg`L8`VFp5n|dh@(&>{hrTa!)>OtA< z?4$E+O>unRSUmmGCt~D7_ry>C`aQA!?Cv=D>|exJzWZt%q#-xSd5e~vl9g+r03_&3 zSM2n!qMj@Xx&XihZUpCF;j1vv={B5}6WebWgl(WmQ@JxUYGR6+d~d{Y&cfO~e@}em zp@-u)Zu@YIVB~kwlC$kh`_S~^7(DWPeD%98$N&6|1Mxbm1ao@|>dnMY?zMOq?O^Mg z{|#LY?sR-N=@YUYbablCnU(2V`QD&6z=hWe{=7Y%ZM5sbcRl&n;(NExhFRYx14#gfA#-`mc;v05W~_R#51) zt<*=la|zGMv~FeGqJd)a)pk~eGmKYi63aV=BjvfpdnJ5T@m`tEg350%c`a2vpTv5B zoV_hyDt;QCspG2eXT4wUEBUC?a(zHuehqxFM)gWLr(UyPtDQ^6j;jbX8)5mffH4`3mEh1Gp*iuYmwum zIqhT``>_SEX%=zmcRRV1PE)7r4k=DR-U2LurcKQ_qH`q;{d)B@b`!=ziHo25*e3~9 zhxd=VI!47QEws}$lwjZ)aHYa1I|9*n)h0yOh`y4>V~$YRbUWdppETs4q-nALOInjp zrce8f@HALsU#hU+C0;v`KKrM}<(A7i=|121a-|%0(bc!z8n-<5q4?Z~?~7l%e<0RO zJQuG&|K<2gY)OCo);7*LV{3ZaFQaU^+ksCB2?qPT`~~c!Pkf}AwAzNzj?l@Sh~UR6 z?RY`}27P+ztg=8v*1gGRuk-BkqJK_QrIXm719|X^yk1#m>zxVm{K+TnE0c%z#LR(C zym9L%;+0Q784vx`Bk`X+b_({8&)5$!&F8?;*z~^W9(^(X1^w~=_3H=X1ns6#22;kd z`7B`*vA)f14BfJg{;(6Hm86j^+N3aoUV z$xGeR@4%n^S$H{Uyu@Wv~O7G;qjh<6gFSb+X%Q56Bz%tBzxBAx}QZ8yCN1J6fKMGRVrJ zfMN6oYqOvicuc6y_As`_Md)Do3q077I69+vVhW1y7q^$BGE>+ll8`vTEZlL^%k$JmebDYoO<6ECsMcN5BP4Fe75j-8GdkIuz`S(O&T!r(=gHcMPX zyiCm0h*l=1r4o&)WjfA1N0W1*2w$SeX6BpR^f_6oLm@(5|I8 zg~^3RO=V^vh)6IxOTXVfATSN*gvptZIyIN65sym9JkGR<7gPds8v|bQUc!>Fl(N@E zPPo7}ECU6pK$8H5LptnBdm!R3|7=wp-p>K)EFoS6?-pj*rj4z`QaTy9ic_z}i?1Dw zy+>Gvjgfo_W5#d}J~Z;%C{xqmC5@R>Kfon#&G+gYS}vMgC~7(w<3%LiVWCS^KjhoG3X#^dkI6B5QO z0x2>e@kzU7AoCyrh}W089C*s|(!f`y7gG)mN4mHf5ly`6tE3q`romYZDc1_D;WBkR zl75jWWPS=qcvL;mGr%*`n1T*|(w&*CyMIn&B6DmE*kQ<-W#AKM#%$$8F0}BEuau((Ho@INCgE4u_Vr-<~ zdYE@VZTx=pA|bz&*j3sQ&}*%7pM73`FwG>mQ^e9UKKt7T}`+a z{*|69@m?uR>z?f&J}!&*3JJT|`Eq>8K7<;Xng5HdWIwXcGn6Kyd;Da)GTn(2C}Ynb zZJB&A%$B|z`MeyRHyZwB`FNE`t|i|Dd9C5!iH!G>Ki67!t)%rvr*kFji{G!8&Nkk= z&Hsz(dAslH;Y&;B+rfP&zjrGq*Bk#@<6Uid!?pR=KHrH4`d@Fni($J}T=plL{$CAR zwT)Ej;Ou|W*U&aarRWYZ+0AJivh*{uX9}DP?Lx*OMfQJ5VfD4aWjw0&S_uLC9LUHN z*$KnlAi7Hf__BX&uc*<|4PNam*;kW3DA0Choh^O&o^}*y=C36+ndS$~Yu%TeTkL?FZ`&vmE9U&>sc+Imy60H2bMmbh1Ok&w3B*RZJ%WsYMX;abe)4H2J1`xCXx$SB7 zn}J6x<-L&IlVq-_%rMLEnJ zFr1-5|5-!pA_FAzv-@Mu?!ox8e={Gux3W7K2^_|jvuqJfkbZgAB7PjpGy!Qa4QEL8#PI4j(eOBb>DRl?<8k`mXXIZtXX9UKmfYq&{ot#9xY1 zf21C5+`*$AM!&Sv5iRwMWi#VjzRmXvZ)TO<)3WEpb1}hR`J$aK!x;y6NdOKJ3;|%> zybVu4gXbuyd1zS20gw!d$&0+fzd!A*Qf!uH*=<7*vB27m{2sTS^UA{8=PFy7N@57?0aS zKl?aHG}FuexK0-oUJaI6IkMFs+kly$Z8}pKIEa88cqs!p!o8ef>E8ad+0=fgJdmDt zD}v0g9>1Xzcr~l0NnfiV%`>l5Z01*`D=V$cBhuSG6_k93t1ax79R-EoHeY%U`Ep6H zOB?_R(QSTZBr{6~!^)TBjq<|3%CzB;4w;`cJ{$H`J`1FQ(QbECk^%tfC#{Jw-y4FO zN6HEAE&4Lp3AJLH;%AN|M_MJX`&%lUEz8zOMYcvcz9D)Jjqb(5{}9 zF0U*L%1<&<`5_m`Gq*47cV!wg^9(aE$XRmE)?!ABtC8F?vjI`rnE63m^ReZ*2;hP2 zZLg}9CY z+kh5M!tx<5!}(V4y>wOd72z{rx>h=jD$P6__$kVWGc2XiL^G0Q`Az~DVT&XWpB?UJ zWf$dRp~IFO@Nyyb-!eVC-H^-tRS)NE9t^@c)@r$=!ZbH7vfuA@IP=4}kB$UFSh70Orx2Dds z=xj!-7jBSZxKt0dZ5vCldYUdOGhFkmBkRZ;g!d;dPyR*`T>3iC#$f`KZ6CLLbyoJx z{QVo1(Ki!wlLI$7aE%$1PZi%;vr>Mhx)@wPIwtxNx!KWb+5XN9VMkxqtb z`Yycr-L{AGlQ_#)3*SMAx+<)lm4Yu7;>ms#kjl`jtN!iP#`e3V(I@V-B{ZM=UVrsg z_7Y)Kddhm<;39nC#rth8;fYQg;{e;}4zLQs^Orc7nYx7u5;XWb?qovWz53~R!R*4~ zuUCV!`7EkiKf~kF<0&80 zk0f5SAJt6|0*X1yoRR8-7vFV|@stc0TobZ!Mh5M7=45Y!wCpt#yecW}qud&Ipy1z> zb>PE2%*yQmND*E<=$vQ^&@6MdIhE!JVDoOyQ0S(qd+leq`S zkS7=;z1eSWc-$kXA-DI;r5Y)d6uK+g%M*cR2Neie((VSUN2uTx9E5OONj4%B1(?2T; z`6?lRuCyCJBUd`4ACJrqpGKEF!eqLnSD5+hTT)x}rn7EHNCPwd0cIth2Y%}dKxwJf z1g67?khGHA#OJ7a$x!kmsS&!g)Lk)A+{8_TGkyasuT-8VPqD|cgBRpuDG&D=P!3AA zQbsYXdLCFAPvo`mxialGKhvu;e>MXyhn$4j7R`N;;sXCqu5p8saw!Xl_vAS za0-g?_)qx86E-x#gRU#8N?7yhiYW6@zf2pig-QTo7H%f6JkqmV@aVl{c@b%IWz#GP zGp?7KtWB_>q{F;&Yq{c2zVM@KrPH*V9$+NRq}dgPT%;N|VJIV9jjYI%h zNNUk}fqZ4uCcKXZmd^QZ{Pa$Mz%jkR%6L@c3_j0Ku+Q{@Gp8ANmU85w&oehXON7Z% z1MsUjDF5XLGf|vi!PcavV~|5K``re^GpvxQ#jbm%yVB8E=3)_LxmqckS++=H+wsVO ztwu&GjS?!H<*S!G(donGU5&Tksf7m-mOjP z;3y^za=TTYTW(zW%$*xVzzqe1v><<;sdmLPwagClz=3jR_Scy=ndLW>lAFM8a^NSM z1L$7Q;F_hsp=WdKe%h>UpT@35_Jy+lK))gT68>=KNA_46UjyUL zBd?5Gui1BRqP1btcI8Ze^|JjU+R2^=Y5eT}=aU~V?@j1ml_X*l%lklk%gC>4l^E{}r|EmpRF%!`X{VoawW~w)=^S z9XN7(;~{LDq^)}M=_7Jj2(siEeFS)sHWSmd!muu}i9;R{KD&Dj&C)JynI7IVImw$u z&o`M$pz6z)Tf$3s{lJ;dP-bT=`|Z*MpP?)B2%K&|H#<8W=g*NgZ5X+FrB*1VtPoF| zRpy~*bh6-Kz{&WIE(Y#jVvWB?qlc$p5mNVoSl6ILoT- z>C^DUBzPrZ4V9#?Rx^LllXGmPX@v=heI@{E#(AGyrA4oW7;-LW5VMak!|WzY z_5s0yJkB?Ep-i^|DDWT6&^KfG&1O~FFAl1>I6NC0uFp!YR1F7k(5EvAOw#0u%7{v< zZj`uT(+H{(um{h-f=|TU*O$21r74`;JQGt>@M~*7c>>>{!+|gHu|HG_YR~Wrb;UEo zkVSuaPLn#FZlRzNPRh&sPbOO(~8ch8IfJF2z(TUT7VqT<(-Pa3ZsobfZqUgnLSo| zo)wgIcvZgT>xy(0|Agdig=Xj!S`%psA)T}_n_`LCDe^=kB^!rU`clgi#dry<_sF#9 zQ?xfvf)z`PDu0X9(r)=!dFiHHfJ=Va3Fqon!g|ApH2#>smJ2TPwO!?6=pJ1yt%bUr zlfmRa`x)mJe&)SEa+OHK2R8`xLVOL&&*429cy5v@-)+K8Gye^j8DTCzjc>B zcd3;1|c0`o%Oz zO&gY1QQ1m}hSMfjsU3~)Y==l4Y)=S~@iTW(u-^w~HjZC;)SDDN%ni<}>}(BZr~@`KF< zDFf_h+`k%k>MR;K)nF5i5+WY12EVVF*OslktNbKQnI{mSoT;}OdCSP~HXFLF%v0{N z{>$=7s+@UcrkXsSl?I>62z0o_9T?g8PB}sfOsnKcn>Tr;V}BzTWH)puGdu~WE=Z%C z^4-Hl#N39HGq>ziQ3ed7kyhACY#AtQVI&S7H}ry5w~pxNY%~bMYq8H#u;V1MdL`(!P`{o#|)NzbhM$ zog6DdYr^)XU*R|Zw&1NEtBTZtzD7C_+{V2>_VMgb^0fbGKV^{>NZIG4ziB_IogkU! z34+s=D!2ut1tvCu7EB(g(vz-qES%!YVDwQXx$&wbH2u3Gzv<^xdeg>`eKEr{b_M%j z5S;cB`@G!A4*R(POxpptbRnZsA#5Su_Jocd`qDqto>9PU1J$*lY zvVOJ_O#2Gq-MV(kqaw0@1|IlU6L{ns@SWUa9+i2}6lOoL><`s7%uXO3!R*6Bbh07` zh#DTGEeo7!8@1mIecBsH3#aJd4lX;AJhd$i50i&!M+d*Q6Ttv9?EtJOT4Z3rK5%s; zp@9H-B!bou`6?c6vnB@_@CRbTpi`L7wtuUPXhSftbZ6f2Y+stxR2<=F1jBmrWoxiM?`}NM&g}r339Ivv7#iK)#E+i`=Eo=`eAYIB6dSu{;x%HmtO9;%C_^doO7cpE;WJ zz+B$DoNvC^J%znzT@1NH+`uZ>#2Ko6*m|7stUP3*iZ`TsnFr<#e(g~#@*(Z<;_<(+ zucVz2bSbu(R?;NhNgo5UP5zp;v;$#>@;oZHycGW;>166~!WOV4uD#Kcghig5>}o@` z)v4xznMueR*w2qlbNiMlk`99zJUvXG<)Z9l5RvJ(4CYyK84#YBz=~k(_r+y1{kkp- zgCa)~i7z|khM;_!QT47fGj+U?s6>gS%?!-GK_Gt$nb42LFZL;rKbV7dO?!MDl3N%OuKLi zlfi)A1kAiAOmDd@VKT2;SjtJl61pkOT7Am_97?mbghEi1$qMh{N9WaI`^MoIQHVa1qtHmdZt23T5MB>dTEuaFI?wPt3w53;@8-z&0 zGLwrQz6CEh(V4I6v4X6eh?Jop4$kc#*`AI4^OMeuI>m~jDLNW>v*&oq0(_~IwD<&C zE<#QO7A_FwpHGn%G6Gk5&#*X_d=^Y~n4~LbD@D4Z1KT_lo#f_VTe&4c8L{%D(oZ0- zhBgOpdnA}Ac09d&#-S5ZbzeovcnRda{gI}I+V>XGUjuZKLRv0O z&E?$w8pyec;wA@vf;mw2Ul-%d;sQDo{n*bz#yRk>A?F6EqNw!%06+jqL_t)itaSAa z26_|R`zmh24&3CxO%B}TzzPmr(C1M}wu-WSZ=ZN&U#Q}iKE=;}x)a&Av18(k zj`_~3-M5}QFAk&_p}FiLc~#%2-s_is4&kh;d!Z#|`Ky7Oju}7S>Jt?8Vtd^9`Kyy@ zNE#bhx+Oj3o^}Hw*yl4DIa$}B)!@%(+D3(MxL*475=H_vf|0omWLUqw>M8uR#bq~A zT;5Pi+sClE@(E*jw=wXDr(icw61=eMJAXw(+FDFWbJ8FZT@BpW8RTu_!Xw`@&4kf9 zoBvG!LuP&_jpiT08JMZbyTI{z z;-v?-oOCunO5FV724CUMNEtnyam>LLX@{OlV*+U6`_6sAb)ka;Robyz`A$3y+KfhU z^C02q$(;*5ij;!fc>9s@eQD7&&t7`8p9&)x0R0)a@MpPo5Gw7iz>v*eDGah)K>`>+3&>8!No9ZS~7f;xwcaNr(ax z7DUN2(~x;*CBI{h?C*PE_{JEcw~42CUBF6vTc`bsb73OI6{1XT<>b&$^*S} z03kDl1d+m)2lZA-RseDkN>6i){Hcud1+mLf$YODCxZZ;6s3vher$&Ys@O&ehjK!U} z=8|C&W&th)DQIFRa~Rmls}U>$2$4(L7_4xFnRf-ORx>#AX$WXkk?{sau7pjuF2bHd zDh_8oh@%L=A9@hPLS;-K_asUB37fYdjIRJ2W|?~$oiiT4(vb1-mdg5Vv(C5-{OF9I zD{8VLmp;SF?&K4n2_Eb`O>29Vf8k3dKzd!GSrK%>FA*3~{wVAi4RkjeLDTrzz&Bnd z#UB-txYRyeZ80c*5Kd73L1SH&zq!&%2l+$(zl`om=?y^6k^4I$0Vcgl;fOegL+;Oh&weK@Vf;jTy8S6+Fi!imoOz5iPIdd zTs3_2l@W?k!?pu?i87HpLxz80>!_aaN*N#?ah9CsA|EsVzyaC{gehjQj>d%85GG8+`=Y7ITyG z!f81D($gRH0r9&W;K(xm)M-P8p)4{WgRL)C4;7^Ivo?Bx#<+`N-NG-j{iS?JGg5pyzCB1D}Wz)ucOJC-xAq;4|;@y%JivZM<%2zVH7;pVl zXSG!j>9Cv$D(fR&awkWkwfZVa2Aq7$)r`XHU5Q9f!WS)BZUqR8Z1efjOJh3sV&8nZ z$$^_3xXFPZ2M1EOTE93DkA6xunL72yLCsB^H#u;V12;KvlLI$7@HdwO_9_yl!sJ@{6i?$zF{R{g%%Xh`iK4A8F3ZA{Prqg5qzKCn5Cha7Gr)NUf%l@oh z_G^qO*1UKm4$vF7>;ncY@3ucxbT@9c7t+6h#Jlk9=VvdDr+;~6M+(2}6g4;rRa?SA zuduS4RB z?>k-6qu!KLLqdoMxof3alRlAfX`k+=AK!03o?zV^!6IhnyS7#`894qG*0Rg+QTFS` zwek#XY5yRkL=UoSl^ z)6lCE{3W$|)OR{s-Wvz)Vrf6g5GhXygShe3e*=ZEzM0-`P3uYehQK4}4jHd1F;#PgCyJy~T5|N1eb%2UnwO_V0wkN44zeq0+Ba-b>jGA;|V znUX2<$E%)MsldhD6SQ^B`1mISkt&3^C&+LpXP2w-ICw83hY{6!D2Xc}ofAKP2TX0gC2vi1pF*JC5LXUfsa#$6@1YI}{xQ!g8!t=Zq z=9#76AqMbb1W&h7GLR+3Tig~%jhR{U5H#ZE{=9nTMR;Ph?vpYWz8ThcTY#NfyCxW+Z^*!kzp0qA<&Ql7s^pKR? zf7dYZM0cEWF18DCuT=F()GTqXfqLyJSoHoYX0ugay;Kn?&GP0VG%g~3y>}Q#` zjf+0QCV!m$;Xn-xQD)s@Ew=-cUU;0PoOlB)5q98}%;$FCjfRPFa>+4qz+>`zY2fwZ zZ|U_;naU4B6w{Kn%#%jWlHTM?ljowh40t!W z&zt#_QHv54ulZx;CwK=*T!OD$X4ndxd@u%$sHzB!W1bS;AZ{_3=>Q0Bu1s3w;L!m_ z1Yk$R7@q1E;~3Mx=8rB$;XR*zb1Pr0vJq08-2{v5uspuDuoNIw+1bzs&LIRT6xYiPKS4uTyHf0W4O~3L8 z9p+WVCm%$Tbm9tah8q}N9~*C58z2AZJ+W^7P%Iq$VH`PmK3<)KFAL;@4b7y7@Wf9^ zY-kr)yNy6^#v5``lQiI^bSt0ATr+@gQ_EY~gfS)}zjLbzT;;9XLZ*E2Rq`p_+<+YL z@OX5{BIi(9|5+bZ{YM5_4;qeuaup^g{g$a}d_u3NGmK9|dCPA+M4^ml86+22+0dN< z7gb`GF_-YW7kA>x;KcI+25C{3D8r?D%ST+|u6hUr_1}2bqjVIwh@V@lLQctpfh`a4 zk!=^M9+T&mBjhT>3&V6u7h$2_B9ckF0L%4%6n!)nsh3pW($R1I50cdX(3@Lq>JD#; z_Up%YGvDyGhr;IGxXpv319$xc}Y_G1fU7XZOAlhfhqzfpY^f zM_<5d`TdjL_X*p7tYjdU7^xQ7D%-Y2URnQ;SL$l(6YHnOYnjyRjkgTp{r}dKhiq?M zSZ*)n$BjtMUpKyMq!~SJdpCD=whyl!yG(tq(bIG9P}t}M`dNmfopy%AYp{1 zAC_AmS0kj=6ZYe>ooZXfHgn?j{rz&$?%;1x{f-SH`wg^jZ4X|ZoLq1G>y7t*;oJ4m zk#+!NOvCH7$ivmeTPdfuyTM`Gm5GDdzRmu|#dIUU_DRiu+t-%o$qDY4R37;Q*pzoz8I@}pO7>(w-hDQYzc!86ZUvM!*^ z+b>?AqahCyhJp=V?OWBKl|SOb+be-LFZu3|_$ePee9L|g@N=ts^D^T${Tj|g&b|rd zT|QW@oCuHE^j{O?H@7Fl(6_o zw)s>q(YH4L)jbYUc-E1|V<$SN4ZyxmT9C~P`-e^W7lm-GUsG@KNI1k+hB+FcvdDfT z2?0jtpZ$5mi627vg;ZspJn-0nw!SW6GmbK*UC@3sLs7(o&WuNYQ`ilZ>M!$2eQz=r z+5XTi&T0n_jQ$wumzXH+wO zEx)xc`U;!4(y45*?Vt4oAKCu!Y+>yaw#&8e4r1@IT|%ci(=48}&1Pm1&CK`Tx~g6h zR=P`{yfmz`YJQ0~3Br5yn)f-+|M31NRZVM!~2QV(QWbv1;zd^Y}+MRQD2h|SX% zpMJmdl`@>*N){zG%d#X9-Fy*N+HgdPoTTkTM`=xe19K}wc}b7{2_WB%Q!+;U3}=2L zW0?_$Z^M7nu3L^f6hGt%SkW1V)vx#i(1vzsllS@~1O0t#Vt9N< z?ASFHJJ-*}$hp^I`p}E9=S(N|ohKN$4c@T1VDJG2Nlg+bfmt?{ENL=rS(uWB%qRIk z3?FF^_0y}74fR>lngQg8Fe$^ru2;Uni`*;wsWUAP%4e1baE^)7r18^~JsqS-*vSg; zrj)Lr#{i064um#zbsG5;Uq2JvZ3}f7Us;;(iy^itb(~{q)N}&7O$#r%^M(2)`43L* zZp{Sv8uO5t_vV7CYrSMmDJ_{JPf{+HQv`3!RB|A>NNSr5%Wnhg4)-dPRhFeNlM)QC z7KV~R;;P77gBs_)uZ*Y)Nt*`}V~$us znJd6Iz7-gE5zDW}Ge*IOz~|W^RJCn>5wGa1ux7k`DG6KxhKgXo3MeTPpU6!NwDo9g z+=!-o?U%}HQ<17%gzulvqPgC!n5*IdgBe0P+zK<3lenNsfzN38`OGxKDU;|eWFusD z@t%0`N=6yqK)M^QRVEoR2QYHgLE<8mX9|fVC0*L!ohzESDn=Jp#NBC@KA8Pp*(hbus*fe9$=|Fq@gzS|j)j$( zP*R(D(|*e=-%S&D`X$grobdGKYxy#c4&D_Nd4y{4>XbT@wAMf=6}Exow~QAD9YHyk zGXjW^awSX=aTS&Ms;Dpu1r7gjZcHa{bQlciZ^GJi3`|8ENKQV`&kd! zZ~}qU76kCxfKB>!Bb`<>IUwRgU5I`G7673u6G1rBMqYAm)8Np?7+td~Zhz?E_^to& z@wj*RXdL;Iv+=E`CSuQ2#7x&RCjZo}MRhR<`rv_;S+C^GW!!C-(nnAf~2)1zS{2 zHZ(J>k|I6wT52IQ^M%bc?#L-+GNpen4G5O|7z)jbPl92{NM5y*211 zFplpO7y$p*x!W6*< zPgl!ume;0Uc{_gGh!p&FMz@$PTfOjn_(6;yK<9}p2eCkkpZbB?1P`!E zTXUytYk0v||8~&8L9pD3sG(c?M$$=V&0S7}nYIu+M|n4WC<0ke*#|Vd{ip0B>kcgA z*{-zDTecD$?EvO&93mM9u$gZA3F?=8HtjhYZ8;DHy%|;mqGa%y>4hiu^D`~dngcQR z*MX~%nF+Rw47_AtM4o6vvA-*h9Q0{;rp-zFT6XB5EBnam(M*Kkh>aabeoA8|karT9 zb}X5ITas_O#FbP4*D$3(fulP-!EMO_RnPFr6$hk?bEWGX=i1>X)17e%mv$fewxZ#E z5ZjCWTY1RXT$ah?Yvw(OO@H$)9hbe5SK2}ZY7Ek6$Jw+hYsm}WIp-Rg8`2BDWIq|1 zHw|f!$37w*PQbO_-?Q(Uw`MMP^2zeqz(gp>AL17`2tz*br{$pR!NRNbX{t)T+s6iP z<)wI_(SM(rCGuJOUG?*w#F1PmgUK=r8ip+MMY`%MZ4QahbeFq%O134R#V4&TzMME} zT9Q^6M1Xe38|}@eDlY*T&v4{hvRrwAcgl};{wxRyzTsE$7e15jEV}#@KMACta-28$ z2j4w&%uD&o{1BgTv%tWY#AQ^uoPw0$`Z%L|slz$wL#yNQPd*yI{R_Kd@W40YM_)Y| zU-{vgIPeCxBX%ERj`#AFvM!9uLjWd&GB47giaU6!JcBQ3vEZ6a>5@i1l5c{6*D2%D z2|s}0u^o&O=X*vJm*ouF%a)R^IUv+WAA^UK@N~TIkz0@ryu>=th{gTl#K!0G6QJK3wb&+da8ncJS$6|c*rr31Lnz(z%SPV_h z#J=wyh)D!&^oiSI-RAMwIz1E9r_RK42ad*>iSsaztdr{v{CfJ^2v$K)+NH;A$qRgg zW24~P9GkX{#|L%{$MDqo*!TS-G0C2oqfgu!Yd5csZPU{+brO90kH)FV^9U5HYcgTN zk#-a5<-3Ka1gF80KJ`=lP_XlE0`$HORIJG0E!2xYvano|C`zkfca=cnW7!PD{Pa|h%2 ziSyxNmPM5)$~9AMdRJz$WacGdmZ>Jy>E0u@3Bfl3YJ0#Io)HYp&C~KjmC%Fei|I@! zp7k!@jn}|8eiNoZsr1Ubg6MAmFDn*?={ke4VauAh_o1!uYd(&=zBkUCo{Sk9DILam$Bqk6X8Ih+Xh|J+p?oV^n_KGtqzUaO^pFCcgbj zH_o1+!9BQ&)mCfS7H?gQuiG5A-+4>i!2s0s8gw0FDZ{kXtd4SY**>Ef&L{qU#c&hlqt(DJu&`?`4W5oXZbvO3m{w&m}996fL{-gy2{ zoIE)jb8Pp=iC&4P@}%^Q?_JLST0qy03@^mp_ikrEZ#ZUOzCFfYJqzEY4V;-Q($v&X zZEhEBNqj>s@0A_AMi^cIjM996lMZ|L{m0J$*i==^S;Nd|^5cjhv0K`Hs!; z*yCH{mQCX^$js0|INyg(Jay!F?0MnMICx?@P6NBPZiEOLZe37L z_pXiY>xP3#f8;UsdFMGr&x*YY^6%147jeV>I_z0j;@W-_1k01t<;Y@(XVGF;+3aQ#2jU7(?h#r z?W#_UpWPoPPM(e3ho}Q)C`UF@-zEO*BKl^e9tYa|8ys8L%!D{3#i=v2jkBDt(62r2{B^#ld{8}IdWF!rZReW!z+-D-X=*ACKXbUDb0D`n zy=;+DZK1T({nlrz)^ChEcW#Rv)8}G-<8W+L_ZzX$B(9r3KW+|C({8xo!DzEpV?C_CkEy?^+x8KDs8l)MM(2(-U(y7~hrX zxV(GW2k45f+7P1~w#C*B{qfMc$v8oO;+Z$6Vun@UPH3x{+7auv-HHymJ688i#>nZ{ z1W1b?bfZa^MTuAn{viM?_Gna;+DI~w@21Q=hV44sGLmB zttdB_*C&rS6>6(%hB@wcdK0?mSSw(_E@v^&e*zUj=s{-ICg3>UOKSA z#0c7g?F`rz$?3(Tjksn@8}A75rZV2#oW^pRvvX8Y3q!Ga*R65aqj$&ljbpK%ZKCE* zAC6=D_r!sdGjV8QAlts#h0eZ${RjGRgBxPoU0dQ|`rDh=j9^ggG7;WMnX_?h??LqF zUgFNt5~fdVc$SIEXOZpgF*^QW+(K zmf>y;kIZ3Pn~FoP9*>2a) z(CDKf(}SbfBNjIz-&rn*BAGqOZ!&sj3du) zk1_i1+Fhz0Qk*Ox;!X_t*-M*WJzPa&ErKY$P`}EJgGgYOv|f~!F4Mp*Z94HXx(>O= z7Jb`}wQ=XBp*Z*2={Q6g?{421YaY5SHZriZ{_I4&b@X`r$ntu2E?Cwd9n*%FiFN7iqkd}0&4V|DD>JQQbNJ3)Ck8Xag@^U(HK&*cAgXV1l3$0pEC z=c424D%wMs%}@!$vGv~D(WAR!8+NF*w6A7P9K`mvH};*Hi=&ec%!&EExq52g>cPup z5^rw6om?%E6!M;YQJ@_WR(TU5g%X8Up0EugnWNx2N>~a$d!3E(%qh*aFC}M?j9`@A zxidca(L3Vre`Z~*J$NF%^1|78Yknx!Klw9p=M%TY17{AROka)te{w!fQSsMSMjGNO z2U94L-Xte0m>lIcXY=OQkxv=|1EZ^B!>+sILGb;9&uobG;``CJWAC})*zlRp#?B|U z$Ni@c#{L&~$KEeb#R(cF&g^$!!ZTA8icDs{kwzsQGHgdw9u`eSiTH7EEb;YaAt)HF z09JuA{&ISxyA&G$T9B}EiKT>Hwz%5(;FkE+FMXO0-%xz*pMN`kF!@%zK1%}$!9)Er zsYT=OIIPCdIe0$Cw^2Dh`iXep)?4ED#$Ji(1FyzjjD#oTr&~1Hcy9?30*S1p%t=Y6 zFPGO!4F5UsN`f*?m9U0hKC<+iPC3GphpIwnugrTH)=L;};4^>nB3#SkWd~suhmEI^ zyaug`Im%$I2$SCh&$u~L1_SlR+c(E2fBwn%@MHJH?W_A@%ji_B88{R_{ML8kpT6;O zeCxHtac-@%2Anx!XPnV{wshOD<+k|QUwAV9*2j0oj`agEK8n#asARwUQhfQ$@p$Ic z$vDK!p7YRC<-~lmEFf=9BHFYxluEs%aWxF7j}_m=f8n*4aa@Y+RcGOd$M`%gZ?Ge? zuVJe)(3f-&2F7b-ZOdy8?ih~v%3{H8BI*LH4ue+F8ILX7cf>D!;iIu`X)?a^M<-(U z@l$b-tre#!4=L7?0OF#AcR%aFFR&6U7&P+oC%$r2m@NmU!#D-O;I&eu5|p$W$IBqi zCFSK%@Ny;$QG`@0i-3rcevpBr^}BY(BOkjX{)3-h8$+)gjX!EjFx;ob&qgfko-x8nxrO(BOAANxG&>ve@O~#tReeujUz7>DC zdv{EoJs#8R(H|oiOrfjtQ5yY(x2D(fXy);s6A9dkOK-3xzcO$2Oy_j#y|wXl=;@1$ zg#)t3;0L3lOfc9HfBP4oj8A^#&bW2$K#Yx1{+3R}^WS_SzI^;dJbV019A&FilF3XW z2M+~k*@HT8^exQ9+~g73^G9NOYBJ8Q8i*5}jd3DS}C-+U?laR0eD z1MYb`5+iHr>^%I5_~gg$kKcL%BlsZs_xg9@kH5J)-aL6Irp{>4hY!V26MB7@azZ|g zGVrnCj>qGJpSm^v@h@Odd}V+9(W_6#$+27FgMaUrW7qcCxc&97#1Ef)Ee@RO#N-4W zEXwV>MSp!n-;CAc0QqOR8yZ_5>&d@|fBM$=Pe0!mb1#v9uRI-R*4`cu{mS2som-}2 z$7^4SA3Qr7`%iUaiu@bE@OiCQ8CIEaCB8c!k4GAOGcW7|-w)#KI`Dl#e3K2nIU4!h zm_!$=6NZLYGr8d2xaaW)(h?gQ23cJ#N3}&iLZ*?u!0HhvVCCor>p=O~sq|(@!a#d#wq&LE+o_cnJfnbnbx8 zU;DjX(Z|G~Z|ynFcC{^?RnuR>`Nko28M6}?W=T87=kfE?F@c_eMK`ba6$i|5{-~p! zAh-Fpd*aEz_xbqP1KZ<)vANhZIuWzoBk}ZCUx@#A-!b1bgZ=T3?>!hle0hJo zf}Wc`M>|4(&}O$ywQ0wl@uAOuA$Ilei>=bs5alifvcrk;;s+wir@VGJ7e~xx8j?xBPaCH-@@3cZ9s{- zSZ`K*JTg9mB@7<_7V&3Z+Vi&YFOGNj2P@wB7c1UN?|}D4^Wm=xp6z7QzJ`9qT_68! zd}Q01_-uSPzW<|6ymq7$GoB}uwvY=c%Jwz&_nNI2#{1q&2Ql~&Zwi|W@q%ra`WdLc z<*opc&~ z&wlae;zJB{-`PDG=lAT6m!En%zWVHZ9Hai7qwdY}(UU&-W1B1Kh6oa&eM{-Al<3dR zhudOxI;RFp}Q-czooOkHvrV^GpQ3oyo6^zpdXi!Qk_ucC zCSGC?y5lZ?X@8VSzKcUn{r|kZS9GP>b>I01E-rG;ITuj5s;hHuHZ#Q_CQ+7{L`k;S zvgXB}(UNA?Jk45OGxOl_gTr_fJXWMel*lI8Wapf_azqt?Le4o|;3C{RzyJAw3e9e^ zDckz00Nn7M@0_#GKKtyvqn}%MLbNmZ-r%QxvA=8VZr7*3^A#Pb%2&(sgsRGl(Sg-s z5JLGnJE5)l3H*ab^zw3a5W>zO}0r@wh;TD_$8PnKervi@(LXJ+EuQ`xLL zAGk+<@SFFkvOK2Ig)wE33O{3MNH09!tMATk=^_pi3$#@>I7VrLI0m+&!uxgNz6Slq zuN7;5dj++y3t2<%n;uv1PoLG9*h^#}1;BYY<8?7=oqBMgUxhg`R z*!0M~I$FM}&u?7N>!&7k31iVtvH+tb2DQp|)f{fu!w*;Jt4A_5^8L$t?i7Imm7Qw* z$|ux8*`cPfem(d41@%nhoQPAe9T>cZ0nohiW$@ql9lg2no>gFsoEun& z;mf~tB!~X4=(#gzwN~AwhA)4V{?ck31+M51u1v6Y$#pUc`B9t`yZW{$(#Y5r;aSVbcXH09X8xf1z*ic*73h4+s*pBjGQ%_$yDx=ZvrLxfKB3F}{5NjY)<5gpB4J`Gott2dzOjAkLl6g#pgaJJ^nCkzuX0L=${XR{x#_2+=wsz zoUqS5)<~z~Z`?5GAFR`}9wLCr`WAnAa~?NjbDrV-8_^8<4>$66?|$^^(VX0+Kjddm zcj8CVpS!SgpRb@FWG<1cz;8d_^Fr^ky*01o>b5pk$1#Vy)KFaWJC*2+FzU)bd*kzX zcAv$k5mfwqMiOqZzT_78u~ziL_ct%=yu3=jEu@9q{mSnRw-AvQK0|&pvFH9g_>kHo zhxO6N8uW#Ox$6J!1-*C{npC?_jbD9SorT+~BQ)%%uNXh)*k@bl_WZ!zpRmrn_TSy% zunJKxH$Q@p@*4tkaL}kca8QqZw3hvst-ilLuV+uKXtlnZ{vK0X-ioS+FYB4tuBmT& z8S)6dC#7kceILs#R`dR&`qZz(Z*^3v9hZrPb1&-D^AmdV+?u9W*%L;~|4!G3GhDHX z4oNkjG9b{#@ql0fI7TufS2#`hoUlI>{8pF-V+PR}Mzpk*ckGUxB#Y#GAZ%6&N<0%w zq76;W6;%gkzoft~Ft>P~uV&-%UR|%o z@&Z-QOlm3N{*pWbWvnSr*ucO61a{pKM>E=+!k0sQL)bHY1_J>MIN#DOIbOX<`M=G^ zPuZI3`<+(K%1x&ea>>LTG9A*kQAmp0!RcS8ivib zv#|-Cioyv!Uf&btwgmPdb(j$2%W$eTrnHUMnu%T%{>T^|7KxV!A2LV&a}e3%!@(OS z2HwO$aSIIntSH45?aVX=#PcH25aTCcp&flW^w;+qUcBrFREE*DaMwWVs96vrYUeRVRM|t0#%;p0d+i-Ad*8Xg=<+=V zfV~HeXY9EE596TcYP|AV@Y^`Po7OGh2KU_{=-}E8IJ;#Sgni&chi5repz)0T6@)~d z#!7^LKKBh%&pRWFH->Ej<}#yD#dXE1WQb+#=lo<2_h%EGW+NXs!u_|7o=4ue_GTQ6 zjC)JUTzv#sKs63T3U|{M!<+H>0zd3|of!k)JXR~Hz4G8#l>45D5%#9>EP|bBij4xs zPa_9ewy3vz+yhSwSIG+3nw1deYlzZ*B@e)k$%t3ck z8o02g@BP(;%3{l!JU@?;JyR=qKjA9?ec9c+;G(^``Y&I=BYsW&S$JEvW$Vs+a+F^M zTyhIk0(~d;3_N0L0e4ve<`(t^n|_D<*zPYdU%^mgLviy7KZ9T1z2Q}O zA6|y#^PawW0YmnnnKs|Q%3LpB=+RbURmJgQHMQrd<3z3sD~eUb7z=hVFsHKF8jgyM z=)Cc3+qBm?&gs%j?NHC4{^HMGP!-08nafk^9frAK4k1ON_lTJ=2J0F*+X!o6<9UyT zbItoFnxF4;N{meJJu}#TKD8JEy<~qnzj;W>$ru6yZv5dHb_@vcXa5Bw-!6WpO{>7q zcus-ZipjwZey+2()^kdU5^PX?xl}Vbp|SNb@P+5dhC~C^ur%EG@tMSYUGvbN$FeYf zde5-tfq@MMGw$~~VrU{%ibyXj`a9L!*{!>Zs&yov*eT$v@_YnIqK{1n{A|NFNwg^f zO7};ab*Mc@8&~^up|4kqoNe3LD5{H!mA#g$_B&ef>Q1Zw?PaY@;V^-)lubVsRYVSU z(Dsf>b=9nE{L&T8Ulwc-hOwPxWo=C8YR{ae@Vee6*Rnl+wl@-59J@|b-L{@xD%NCU zhMFok^V*X-Ts^BKp6e^{7=Sx~!qE7KToIjSEy15G@IJQyuV;9W4eH&29Yh`CVAV(h)C8@L(lsr{NEe)&Hi%e4=>)@!YwV)-%WfeS6OMA{)jxm zbuBoM;Jv0KPE*ZI>VBkC$GZxYG1{x%@iZy$(l{Kk-q4oV`mEA36FNJzMm;AG2Rw4b zBJR5wd4UV5VN0tEl*!o~hu=-F5g7^nGhY^HFK{&7iQow8K{I}t^DR zpQ(Ik$BdinVW7|t{Jb5X!l~}@gmJPaq)qiWGgh-1C;a5k9j9rg*PHezx>nP@>N&Nc zzsw$1Day3DD=X@q%_5tC$FjE!9@yUg;WZ-&-!V?(s^{P<>?8B6yL9_!_5*x~Y4*)| zMeY3C&-mc>H}Cs!ulB}Ef2`xJ{kfk|^U`bhzVyM9`Ec_K>(1?A{T$L7mWlO&zBqkP z#Cv+gd+Wyo7sQ2!(|ViH^&KWaU0G^E3@qAa_#JS?cl9HhzIw9{n_fe z1LYbxkPm(kFy|h3FSp%ox4>C^E^0SKyZtxXVc-Ri-R{;a;y)Oh=M$`8{`>RjuKCCJ zgX`_<@U!!KKRWHf{QPwY>jyZ^b9n!FKUm-A$o0~i0&PvRA2_FX*bj*`{3>)S`~;q2 zci+Be&bQA0gI@nke?*~|(BI}%T-hJ0KRSh%40Jc_bJmLm`#`vS&_F)$^9XjX^OA-0 zXkk&N>dNvoTF99gI@)W{bc-eV4x`I>L85p*&^=fo! zO~V@){L9JO(p0N>S(EO$Z=W{cbqCL2EG0t44knpd*~%%zF}66ZYG`pO^&?E{jP4)q zx&=PeWeId4)Ry)>x)rxS+|zE}wL1XIJSduS^U26iTdc$=yttJNIGdqb<#rGDb~@o2 z6F1g<4d*o9wu@)+VdGg6JVPmFUTzQ1d^P~fo9*!Erd=9d+W5KGZkx;#Khw_qg!e5# z+u>|-EiMy{pGSB1_Cqv!&)`-#njZ0pn_u$AXUgt=Wgp%8m0RE5-s|A=$9sse{p`(A zlf8CsjRQ!=P5}<7t-UFz0$%TYUwu8|DO zV7K#B-C^S)scxHz@Eadgsx(uH&IYB5k*lcDjyM>Nb9ZB zl`LE(a%D&TQ)z7=bH~8>oOFo}eDpBRgd>`HZAN1Wcu%tJm;~N7+%Ver`xVV2

    ~T z+#1HzcBn&LEf_LJ2bC^t&}LheGRr54WW*pGGoNI{@P6FGKlkMI^ZV#KRxsd?r3En9 z-$sgLXo+!5Ng^z_Fp3>Gs^g!+L9dfk`RhFzyp&WA4s;;73d@LcL$2xO`_(g9z;#Tc z>qP8k`RVSDG1I3VB0XF85!O2V@*S*O*dty)gQUt?_5H?IG?A;Vo}~!po4dl zRi%DQ%V&_QE^KOr`cQ>c#bjscP-$lZ=e-eSjc@8a8+FSvH>g(CU8aMNx2vTgrlFJP zb#)u(!Nh{f*u#x=9T@midf?zRxW24+hf^5JP)2VM(RZ{##~x_WiEjAQm0pdU8qmZ- z0TEruoY0$s!U}bL>0T|7O=#>*oI=TfmCCSFEYLT-G4!ET+Z!0qcHpb4kR2aDslB|e z#a9-|ys^RD3!yR4b>L^3tyr-N^Rl(Cgy_+NG)|)!>2YAFsjXK%4vAG8L(1Qn0dc^f z+w?D9Y5zpm?v~km%iq24JSOuxz{ctNvnrLJU#t#f=as@7EmHR=R#Zjy4)nXRaaGb^ z!Nx3Ypfk|iz}M2&#)oa|HOzM#n_2Vdnbs4q{>THyw1DZm#KwHD?}_+Vx8to5gS84e zUf$SY)kM;I12+pb&AhMRTTDAFV?}$4KVizIv*^F9C$`?y!w5Y`^K~x~&PRK}eMZ+! zN)TiL`VKYu(93V41M+cVy+AD2x;5?%@G|V+_mH(*_spdyg5J$En89YCiwU*qLOpmZ zZ22sFXPRp|Z9NBnJ?~8HCI2Zh@!u!M?)T z6@cnK-3FM#ciNa|p4BijujQI;Db9f;PKl@AI-@^AUXP*Y8oRit;TfJx-=^;ojQwCY zW)0A1xi6~|!~6mn;5)t#aAf@M-u!|g;`Te})dR}$xyNrB5zWu-`0u%)lQdB5c<6oL zac5=`nwV|lvGH?9bMQZlL|W$*kzuK}Mh)p<_QL@9InCJo4Di`)Jtl+B7hPE{)RtWfOUysUx?+fPthe6738Y3bX&6pmAtjwW{A)Q^n>4(YABp z!A`Z9fs=j1K^!!EJ~Wl8V5nc)@N0>dO2I&>0t0xFON+P#ef{^kfZm6@0-}0#0Jaw> zjLf)ZWbyz#%J8)T=^yR`xx-f$bZx~53K%{Q1}YHRyN+iDL<G}uel*RDbw!N02 z<#{&9)B*~rY4x+AhVpZD7$Zz(ti`rGEv2@yCqtlfUD zk(o{dG8(kJwgKt}p^AF;?~pf`uRRKGU<|;5H-X6tOd#+1Aj%UQ!P0kzjSs9n%>Z2^ zt@}X{f+$D&vv#~0no(S*G(R_^CBn!PV}u(P)~iY zgbDJk2kqCuEUZ^Vq@ySW6LRhc?ok)q=ZpKo2HhiWex^Yb;O{=cFTV{N*+hUZ;oM-O zBh>U`0?-(}i7r0@bP%=afk8bpI>gs@TWQh3``h%LVp35Mj_!?JoL3eI%oc>&2X4%N z8Q=VPLO=T6fPPG}s+~lW_TS&6Z~tM7D#8JW5SGdzoSwta2MV z{>|kN7>MUV&%9;~zTZE57G`b%D70ffff06_J$UWWmxz8u29ul53G?y2%*)RRgx!Tf zT_DtRHIoI5GI_4)%N8DP%Y?QD`m!{wKAKITa6itWkcq)}?dmD5^!E@RTg;*DRFQ_Q zVeh|O?)v?%Fi(HYi~`;n$DwBljGzlU&=-6@FqB^7pr6mp*PS4990O|N>N{Gyeief+ z@I|1`M6(g1qQLvCG7O?^9i*Bl)!j>j(7ti~o9_^yXPoyt z?BgBMA?)lBs()ob-|KzTBzG5@Fqr|g;A);DqP#9Uni(3_vtz?dv6OXg(~(D7_3e^& zgbePBmys6JQCr|lSQ{_hF8q0_SJlt)oCA#uX8{`kxJLqH*tENS!NBdd-CeBkXBR~x z(1taPX^^-Y002M$Nkl)epXVozKcio!zV>kG1IQzu$@{K1^nk zLmgpp3t=<`J&iFh8?TIE#$(eGGivdiJof*r{^CD9sTfRYE=<)9v~(R~xQ*%V**Fx0 z7voM4?D+_qZYY}B31>>6PrPS7(PwcPu%3HTT!;oRRr_}gw! zT~mv`{A(~=tMfYff4-ng7sk~?`pWeJoFXa?>-dRs{qs-n)6t4Nz14G8v!fWVct&1n zm74B+To2q?sc#;d(o)|={l`B(t9P%FIs*pU4*M1Y&G>IQk2?YmA8CD&koJ?$lQuC| z&!=#>xW8MU|E&j9S<#`p>Mkf}F0Gg6)1>$XmTnMW!QWr<@>+T+e3?PtTv^rP=qlcr z^BRXaTm`2RD32CNxwJ7puL)8)IvO>cn+7TW4CCOH7y+C2e6aW0cX({3;~wW;Z{b7V z7U4$poxk@~ym0TiKl&>CrbjotF^0XbZfzIN1owN(^~qGRncgt<O}qCcK;q6!^8ZIX)kGDmQh5Fu8{7A^pmV#68e=`PY}7p z`b~KKmZ29uCvKmM9~0oi=Qc=(v-D?g3B5%tYxY`0nY42zFl$5^@ICIOOcR}}I)-U3z>Bnt+8UA72{nDf2J@hzIT<)%i zk#=w0yk@>1+Uapx81y(Z7-ujbdYt^2SA4&52FES3Ved&BetYBadPS4+GXg_kwmaOw`_Po{ z_x8b!cJ9~r-wv0k1vl}mXq@2*oEt0(iI*n_FX`#O=s`JBhB(xy2R`4bZ<11L3we;N zLxFTeT|`gHbfJmec2E8JE$zN=OFJ68hvazF{P(!M_Iz(|aKGU5@Hf2Xt>+m&-WzY! zyB`>Eduh-Ao9pMN{1Vp(_6Hvt`h%DF1^orSj-dtK#>3`{=C=nI!*~~t(bvDk@7*T_ zK8egAIJYiC8`e<1geOK{hvylTRzz(=x7Ue?Uq$I=eXZBc&a>NF3mPI)>+BOh(wUwy zy|NHje)|a>c=(h0$l(%w;o-wd;w1aVm5Z9g0Ba+bbrUct4pP*Q?xVLuy3ex@Ctu}6KD-Dn5F%K&CS(=N=_3in;QYd)EOMz1}@^(PTf zxcQd-;IZyqH}K47#e31o1N?w?x3%|J>{u4=4FlWz`hEZIt~PTm!uhXJH8@1ya|q|% zbCY`hm1&(FSkY!SN?Uuk-*Vk(m!_TG)9z*34My#P!X1NH^MMY1iU^qekx?x?`IOG| z@7KU*Kcj*LqN>4TJCufNcj6g4g~%-p>e%0{um1W0)vsRB=uf|=SI&;<`@Li~ftD86 z9neQUQ>*WM@qXmPGEJU&RU#65lyyQ1xMj4z_+?04m%%s>cIeYzzhAk?fs0T6RObf| zYLtlCf@NgP)n)WXt1Ri>v!g|d-kH<#W&|?E1FyG<7XLxNu=>GC!n!tip{#AjpWd&d z2ky`pzf!A`m8-h+}`UwS<5+J7xW_$L5XK&iimT<>UjkVDI}Q|ceOqNOLE(CNViy_O&qW{gz+ z$Qauw;y2*+of>P0we>!;qS&;0?+U00Zb$nbi4=H*KEn+@zZlDAgR)Z%>TYS*uYMv| zODE6h&;QMfM9Y)fG_QyVJ|gO~tMurX$&mDo3gvh1*D=y=ZIYU6kgn=FQ$%Uue12_I zFZ|zUb&b@z)=xA%@R;uY+~>5vZbOfJ;i|SyZ|lsP33N~!$ni0Zqow-zr|Yyu#NVI& z+n04|5Pp*Lz5St&>Y>kmUWZ7D`rz?P%x_Vb=CicH+%vZt)p4*vU-}mE{p=+T{O}3A z`PP)4yOO8*G;7n^rjLKEUEliFuPEJgS|ewXmvKOxWM6EDxf{md9LAmu&iU9*lbS0k z^s$2&h~8Y%3mEK94WlQ@A^l-4GJG2NZmgoy-PHOtK?kI}Uszv4Zj7sjOgM22RU-ZS za?hI>>K8a8%OO*C%(Mc_>u_@|cyr4Y5Fxxb{`n_z`~@d5K5RPU#~kOx3~~UG`4BKvOEt`1ayyn zh1YZ+ku1>1BQ`xWk7vHom}#5|zf7xq(bjv%_~Xw54WmC_H|e3jux!s??hUxemu|NE zM7NHf9a`T0YmcWu>p-LxbMdqMNI%GzUo)OC3h00Mi0{JJ;TFGU0_Y5UbMz6jU*GFzM0>)Mh+tqq@VOhizwp=h?LN~V`1=44_y7}-y|(^5z?=STAak~<;GFI@ z;32fdw**?`=VGX_?lnd*fzQj!@Al{tS+U}vlGlBUF0Z*;xFlDsu4rPOH8W zuZ6lAkO0qznX9B$Noo!SXAUWUI_o*yQu7+>@6+H2IZG!~T3Z1bIfP3Zt99tngXD08 zNUtT8hhUMLn@1@1qDE0@4NXmurVCG!1jw`jqks`6Y>O#tHO(O(XX%W4`zPJj4+1_G1~;md&WU7cT4c5#VXj@_k( zW}+ubc1Sn331V=_C#i+Cl^|#LvMvnGlA6_kJlCf+ zl+JV8`|$8CReLRlk}W(H`$!)K0Uw{u#@n_~Sp|6^s_I~SjhgYK$S*Vj%jLi=Q(a4` z_LUWCbBy{Qn^`J=z+?go6A&Ym4LTVd4B7Nw&{addkP;$2sOz#Zq249x`H;_ejg6H7 zY;y}Lfg_P;goYOqU32)eU3e$peU4F&@;A((RO=WJN3WjO@br{MiOkv9$R*_zUi(#r zL~=3CqI?ua1srC%s;S9UX-Otw?mJpvo27n9zlKI9bsZ)28nw%E3iF9rDphr3owA9x zTc6lb0ZPo40|hFtVhs#;Qd%WZl1`(9>btZ~E@>2@u>~UW@idM#suuVkMHyOMnN2!i zyx>vxAsA$>mrxsrT*?@qaxEBOJc#k! zn7u>-k@VK*$GEkHmk8DoaJU%gT&AYsGrx)MiJs>7 zQH$^*EE2s0LTJLovrLd(T#zvGTxvX&bT_EFHc#CJ39Q^0$gtG2SrlI$&@lBXu}x>lC6kMY*YW*pf|7-hh-(RFYM!q{4emL8Ap;cJ&@KTFDjEWkl+ zq)fs|>nq8z%$iiAOvXz*w#`AmRj<}=_EihGF*r+{m1zYGoFlV11nfCthQae?#lp1q zegV2Lefx-KKs*B^!a-;Opo-c>Wja94|9WsGtO1PVCN#o1oKyJ~OcN$;zE5MM@;u+a z2F$^W(n^(3`{_U{%J3=}P`r1{x^E>&#WY8qx1nnqn@?&yS*s-4k|e1WGT56b>gbTc zn|?{L0Hd;#3!E|j6mZDp;+>U%60ES_qx0MI*&VzmvAaZG>F_2@FgoyjS9F;!@nge) z@5d083tV!*trUl7%1m4ydDYpA*+h3HNYk(e!<@BEK5C4fj$qqH;M|6W6cbgIS6zg+ z6%kJuxu!=)@V=YW28`~y4{Hwd%phQ4P#|)!rlCsv53?Vr0aXAU^ITU~yl+UidWF#5 zB{(@~8oE=~%j0H#%xg1=aErHU8UZ&8<{WWEsOLOgGFFa$324{3l}NtdaUlt3}D7Yz{j!GI>FO@^EY z<^K^R{WokM_Z;8|3ro(3=%?j-fK+Gb8|7vK>uJUD(V{4 z($%T@x+>L>FFq5Gw56FbP4tc6i94)WYR9C@NzF%1yMW9Xplt*zr_R*AyU2%5Ev&_1 zmUD+75IxhO2oI=TWYsfng?m z{zXNDy?)>?^YxEyOlEFtnrko~wJH}nIEhkca*9xHd>4}Ty2ta#LY*N^(r3KUj;N_^ zzaD(3R&AL}diT}S${zwvs_R%1XrO^_+^3%`*PyH=H#oJXx;QbCi<9c%Y<*{h$Ot@0 zv+zXQoXXc|b%rKlokYT=$=!TK)1;rg%AR!ulj(XzaZ+O^d(?aCvfjN!YEFzpnNE4g z{>UJ*GBXFKk$hGY?|kEc6@5w4IPAb^r4vhkBWgfyE4DH$!QO}mFOk-C&Go>%Axv*cF+v*2GHQh#J4&v4_X`pLMaGJedTn0oQz-sPgK=?m zlTt|De}+}m&Nar4zHhrZ+6~@pN4fi6we9p`l;X$)`>!)w*>@_B{fka14* z_GpMS1EY*{JB*V)1$`oSe--mPcFg0k*_dk!30>=5mSW+vC z(1b1U1sZ?oK_d04ZiNfwpA46)z=i(y;1cKtb2pvI+Fie#-SuNp70+e;z%LuMGfhL` z`}VGA{n<;TiOJ4|o;8%}05urm)Ipf+8Pw$L8o~vBBPE^LE?C8c?)-*0^9312P0fRb{AiqQe3nt|ai-My5NWAz8E2nsc=f{5kwP&OWl}{0HIk0B zst&oM0%dgu=h!mQ?&HvzfgThdL=>b*;p;TX9^qast?FiKNgn4+f@_=~B@&+f)=pG> z0kp)%zm26CEsPFnkU8{D!xJD61fz%XGv+x)_*ujJvTngo%NkqeMZnMPxnT{#PhK32 zYNPFW&h8?^FZg5ZL~6n5M`TN=Xs_1c`! zdu16#lksI}hSY7Vx$qm%0c5AGB)s-Av=J6NzFk5MAtFV5IPK2weSyUOxV>GeX5qDO zw7aEI#JBM5f)Z*aqGY2sWIObztQ^HJO6aTD9lPs*qlM|N*TGwSd1_P>*E~P=1JBy=IslWJ-F0xSIpbL=&u?oc zD(J>KOylq{r2g>*U7LnKDMLQ&?hgC5p8as_1g?W|(i7L>4D{8sx^PsP!Gn8?nj{(Q z+iS?tr}~hO*5DO`5&D+N|D2ch);4~X63t%^ov1FW3j6QqUVn8_f88j$-QPC-k%LOt z*ncPKFR|uSzwW@b_sXF)(YaDp?Am+K>#*)AEddv=`ylD{#)z(t*8LWe_;bd1`&Z!D z?iKBfy?5{P*L(mtce6!6CvHR;lia}hbY64RMwy<^QDJIIeZ}KsX{pu@k=@1h6{zE96LKH6(zPidbIwaDEEI&s`vUeLsqA=0U>b3U*aBUHc9?jQOh zcz?rVWEPbve;+9on|Ji^K4cdn;+^_DtOI(2fhp?8L9Yud8`RhZp5Y+WP*AAjcU4le zsZ3jq5dW`bsGEH_gAQeTbCDEc)YloD0nb*@O;88-z=02Jw;x@=t?jN1&*`*lk*&A} zVG;BJx^%Q4L?SJ)AIhOCrb~Iy-EHVga(+S!@X39XtI#F*RGgCRneM%0$GF;d_>fS` zDI59%JwiC}8f`D*s5LdDzVW3{gUmIj>_`^)QNEAX0sTj7DfNU{hb5d*dWJN~Jm<&~ z@7A0N>LoTmG6giDz%0Bq(z_pY1mi2l2!UH|x~E-WO~ z7uuNyy3r=JlBd*j`jU2rrZjhTmfAlXI*7pvDG3^WbH9XW3kXiU5dNmDf!eA#XBAP; zaePXzQ|tBJGvgW~S~9-`p0WvfzNCRVv=|(k7j&>Ku4yc}DM&rae zZH954!mu$oq1kJ*swrF7VdRiJ_KW2?>pp_w8hDt7@BQ;Etqk{>6|D*90xuom%WdJJ zDLk@2Wq!z5anfTIw-&2451q^Kq%L0S*BMePPmD6Z@;YU;wGk=VriNmpsSM4gCi+@EbqdKOS22+Fb`_J^G2@Anq0naueKIBesPL)#nuI7!e?c| zk7YVDh2K{r;UN`B&ntI9^tlUI)Z1U|eb2c7OBk*b$g$tE;_9J`9X2{*~y zJ5`+9u7=DSYQT-_U~62<=wTMt(SzBk5HHJMv_=LisIMlIK^s|R3e_?&t&6>+2%ILZ z=?am6;XHwEb3a;c;JHZ_51%iT9zd>6<&if4*|7+na||cwWpsuK8&}{vy_yk5MeEBO zucVh6+7a;}Va1JPT+wg0@K3aPGh$nj{>6F>bRX$lbY_V81@xDJgVaNq80QKf{3&GUc>* zN#&p`Eh#vLydPI{E2VbEhjs13fL5({$SgswWU-KuYH(m}>}H>$hmKG5!Y|E}J_!{jI=g|c65V)aMj7%`qgse4Ja&}yp7|JgsTr70 z#-w~?t<9-^&GnO3aui3~nF98abrfW!>8w@Dz7}YtBU>3aeER~aKu6Iv3}2c;#|Ph6 zRvJ`288|JcL--j6C>)}*vq|OLRiQ(NsdJ5rbd!u@Ip{UwUWc(s&GruKD)Ph7D(5o# z8QTCFJ4@9{dezNYaA`QL8f3cG?jq{RlaYo@W{Ig`aOS%DiC7$kMrrUhI)C>lQ?#j7`B77op{)P*<_R{#;##U=wJMw4M`oq*(V2@>T~QL;|gTtgF6Bmc&esJ)mPAX7=>xA zzTCd82lkgM_sAg>N-Nswds34VNu6E#1d6FvefD0IzU$}p+K=Y+%=5$g;S>=}iDHNl z!cxmIed^nv(|spUcA;b_=g_V!t=BS4{i!FX^uoy@eSZ>9DhxZRL>Zp%kSp@eW+C`2 zC193O<~S`}b~-_rF9dcoPjeZyD8=wDApAD%C?VPet9Z1BK?M3}EZ0}R@eqt_zTW-O z>w4#n4ZZ6ydkhXdFibyqOhB|UQNZOO7;kLgh2SEI80T`xh?zmuLW0ok#aOMz;x$Uf zVDc$6oR?jKl8Iu4iDebm*6R3UpVotq9n^h|N!7;}C>l?C7Y?@Ul?9!@HmE;(Zds=n zFwV5y!RD>eH%g{-Z)dT#@4JV()mU14e}Z9cTjzjhF?nh~eJ?dVR?g{_AI|96muB?j zVm=#^VuFOWHXrZMmmec%>ybL@z1YaIhWGab#A{o{B}E#!UaTroeU-S*4R8r*R}}}7F1r-tWSL73%d7? zdX-KN6GkY6p%yK{gr5BIgkCs1q$lULG&Sw@t5jJ-<|k(Q_}a>948DvxIP)OW0y%eVOk1=m}Nkf*U83sx8UY17E7qz5~Dw zMR{z4T%~h^9L^(p0w(MA$+UWQTnH0^zv!U$A3dV){8p=u?$6gEOo@{|7ZV=7Ju;!0 z=U>&!r><$bpIR{#^-bf=Y|nu#3JHzy91o9F!#Nou8bKVcjc2Kyx@&5zvroY2k_qe&@VUp)T!c;wx1&7uCkq33h9Yy-p(qY0p!O+4k(nKyRckE@o_4Z|51@97@r1B#_YI{e8 zeszCZhq}rX?`-B^A)MT6P0E3nCaaZ&VDmAeB4P`d^~T>%=%u$t^(+x9+oV6pE8ee; zquu)TZ`AA1ewYZ-$K~T0(2!NHLJTR%f&pC~*<{`plHrsQmYrV52C2v-Wv10kgC`%& z-}aGkz#11xO%}dpm&Hj(mX~)}oku(L8(**1Jx9w_3;-hw7;V6)BTf$;Uq3ds^4up46+CXZ53z3Jz#I zT$5uc*YK>N_D&Yc(B+LHCALVlnYD>Q0L3|UC&~Vw$*9v*YzD;z^o7ITTzTM!!!NHK zG{X$-?)*Z84HL9c&P&Ux@w1CZe1O^+`n3Xm$=8~V^6@otSwlxLny!#?VojCwNqW@O z3_=2M%c|iiW(c^~Mwbdw2oz;$IFZy0Y3nL0FtlRi*unU+! z)qQtU;G8yvdCY<0(-&U3q`&{SZ|U866y_XOYm9fBG+AaoeVMs8)20|gF$ZQLMQn2s z^Z^YQc6bmSnBh%kJmFh32@AmPC`_R>pw z_U-eeDqP}Rpr|ZL^ALG!;VvLMdkUo>J2LE*J!gcQ(Ouq0(Qfe`-C<8UWt-DJ78GP) z{PP|J;^w(vE)023Ylrpn`Rg3Ll`YMB_;a77hSxp}{1|q~<(s=bsMF8Asz3SH)Kt1K zr#ZYYF)z{=PoSP##yaO02DvZ(HW5aop1J-!#z5%sp<|WMGn7|FRxn=Exwn6+=U*cw zBg(>M^3BKdY7xpY+G$d?o%{4F|Ln^;vA<5`lcTD_A)vCP2IdZf&5tJZ?74CMXbQ#v z!$peo4z%WM0j}f(Us}i8kV3x3&up9>GEmN}qikB>{F}@q6{OdI^AG3%(_K(9b}Qmr z_IK!a{>A4=gOkwPfBb#D{?>K9v_VQp@I-NpKf?IVzRk;{#ze)#I?&dk&m4(qg~-1@ zeeoyC!a(q)Pka^z(Gh??M}Q^xm<*G^T0RKDQ39NMBxOo_E8`DY71i z&$95EHj|mcZ7L2^n;^9aA|I*80=Z{S|Ml1Imi8uQ&Jn&dZPt>Z@u7vOkS@={0ymqs zTe)Pf&a&1!)Pf@VH(EDQW)TtC(W1P}Wfe`IqX>6g?<^caP^{8p2bkmJS)KjKte!tL zt0yqRCZGectr{Fq4(W5h`49z`YgB`PUC6#ngG*CAr*!G3cmtnY&=0PgnTC#r2tnv| zNhgKB59%A=KBPN4%9I0-6A$MUg2eb$&7FBxPrtpPf!S^9-5FolE2N^_Yxhmso%o=3 zZ$<5vsN?1SiYjqLdgPOO;Eq;(q-j(2q;_#8O&f{q**1OUlrBDn*XF53{jeXMXc#BL z1ht&_nU-aTyV8gyXOKvpFoB_Pn=YE~JR|C&n3; z&PLiCoGr3Am@^FrlumKd3>K7e=WljF?-&$w%32&z)v}UMJ0l(?=6&T!I4l_{Sep1>Uvkv%P9YVSD@wcLayD0tB(V%Te9ufKPk@9K$H80RRCH&ZAk5%ww?+V$w? zsgZOT9)uc6<+&73Pfh65v(!lXcdzNKB|Mm&*2Og5|KLwTEv=4vef76-5X&spwU=_# zP*SYN9w}7~N-&eY)!|E;JoSuz^5!NrAK`mf=nn%;7OBBQt+5k_^zCmS)bSS5wFdlT z?Mw$aYcO*vIgWA&{QN2VsUO48+6wTAMQd~e7kpBKFY^>o9TYZT9;FwM7>7qw6S&mQjkpmo#?P>DPX@8HHjA^UGCZ8S{JC4o03| zTB}3R{GNRCI%(5z>Oh&w)>0{HKu+KxS!$0J)~~g#g7rJDy83bzvVOVA36ybH^!#%d z^`AzrP)i5TXbdKqR94&yZao4EKE_%flVPp|05jB^b`r)jrS z136_(nv57(q%1GU!*P%MO-nxzTJTx7x64LRK|7uooKS9oYw*TpZ)F#hQzPk4b+(p4 zcem8hS*28avkKs)3Z^dVI=N6zE*-{su0oG=V;CEJN2h-}rDsns=*KuqZfvp+DU|m6 zj_ON9@ZQ;35!RtFtON7A@Fw(STu-0DJ9Pku%q7+#ll!~sS%)U%#%LXyF_w89sxUx0 zrRUn<1&yD4RzG-kRfDse%CD%?k&pa}9zNEn#}N9fVU0r6P(!V{zPTSbu}HutzIa_J z_U-pxqPEP)28Mg+HS6$Uue~%wCDiOWN`DWM3hHP2`_}FK?NCGSdoSXVJhHBpdFVX& zmz{%>sI*JncOBAqzIjkb8gVdN-@+LXK83+dTzEqlo&qjj_klEgh1Z=gK5%hA>^mtJ&KOvJuA!(S8J^ooejDFyeh7DDb#wXxe6Sb9~YZ0EIFJA0tFPzk0 zJeAb>>o`XMQ zqYsf5x`O?HA$aZj8I8TWr60U8q+yJED{IK~z$b?MS5V%q1NR)#?@-I>01kJ?vut>L zD62Mx&uQxP^ZNc97=_4K;hIx{-riUT=u>I84nMF@zw=cbt@qZ*q&pXovIt(7>A+JQ36g@gbB{8*}3epE#VN5RmikU0w?H|%x zeKGaTV~ocrUQBI~#uH7*AC06_%SBgHp!V)8^^m0~^E#MmqsfON7ZGM=Is`$>8oG2r zV>qyG?vC?rl%+>-rnKW*z+%I~KbCtLzhxwT2R_T+hqPNh+x$QLL_C(;n68EJ2L9&N zAUhGra)vt; zJ)AL&!EyDaY{HFw6gQ6q2Vn$`rr|Ljif4@kI{wZAsW((BBvg61O z4j}2Bam~#i#JQzP-NkKs{3D%OhKD-&_Ld53kR|WCS8W&$8aFU}Es#lK73I4f6{&AE zdX>yaqZdJZWL%up6BwT|k^9n&bsZzF)A8pNU;se}nMvBzIF32_g;g58vP@m!mz11c zgjYzCVx2ML5bio_t2l2bNXr*=Rymws1sIOddliHG1X_@ydQ$UOR@K*6s3{zuv+JmH zvp-JC!j3Th(th*+tNH5e%+uiZniwJmVy8_+Ps|>RVWgN{nHJUdE|3i4is@dzo+1zpSHUroYK} zwdS%xu&gE48eXLsM``rWY0}eofQw)GmtRsR^|VWock6K4FT_c4;N2JW`cKe(_D$-Q zIUBjqOHg|}zQ*_2jjC_GTL(XXw;t+9=rcv5oJ$Q_%qEax`JyrhpV5D&=Ggf$WLOLx zF$`Vt{5oh6HOlVq)Ng;JUG4R(9lFKhG7S4Zt-wvJ9bqpyh z7+aI*FJj0cEr;*WC%^unS{F_!_tkzqeG0=Bdi{)ar3%Up>EMI=^_$;nRZRtOCXH+z zcvyo#w07p4dY|3YU%yW2iAfCaY`omc3N>I@x%a^b6r0S`#^t2;-&vyjK2N&FDuPka zvnw%4J?lZe`NIJ{JvO3~I0_Eq7@Wo06jxH){m~Bn^KX!DwX{I<%b6-GDj|g_xPAI* z^*?=0e}f+E`ZPiY!3S}?23yewfAWhT*U|PmwcyZRl{ZfvyIwu@Uw*1TAM6WJhimCF zBNY1|qG^Xha4|dAdi8tt@JILQTmPgE$G06V5(!n1M_Cl~X3HlpsQ;;L{oTn;jbM~@ zs@d%PO6|X|Ltpq(tJW_gb}|3McU0?zGsUU0DP% z9KYv)e*4>xXmM~@ulxY{=wcF@gl)lifgW!gx|Rh0<2a^+teg|M=#~nQ$uP)bxX#YN zFoqM~3P$6p%u3DSZ13|i13imki|RXdMuX?iBM+h{q}JX2>3kjG9LQmR8*={`*UvXx zdGiMX0O7|dkdL9G^N7@hC;hc^Q>eR8M717J1Njk?gi|NdW9nI~Q%;hUR(O)_Huc;S; zwMxX+7@@7}5Is|d4ML~$@~hN#_oM1Q)~QDipeT%u;VHp}!!n*;CEALg>_h?!`5a!l zNi5kI;PC1!#KWiac!ugrV>*2aLj#J+)~5YLYZ0P+9WQ4vpl7ZT=B=2#+uTbo^q{s^`=L&?VM*R${VormS7HXj zzKJ0vdlnDY4HX?~Q40rE3xs2VJfhpAd&tCls=TsW`|64)Kuo0B;GnKvyQs7M`P2nz zQFY!H5eq~E>~GSmZ!BwK4C03IY7^yMX08=?jk+fn0?VN>k7fIn>n6&K2SZI`YolUV zvfI1ymRZWu*kmI$Sn71g$J%ul-d@>r*ERk|0X- z@}iEk4&uSQMuFE6BK5Ke8E+xH`vAF#U+RzJ#8IO|A8W+B0mf&U=$@10N+ygonaERF zdVv&Sgt6X7iVeVFta1vznBn60Fo;&{hI#W{I5<5QUUPZ|L`!Vu8Ltjdh zYHY##?oca+T#AS$y4YJN#_^t-1V+geG;?xHW9NG{G`^t;6m3fjbGmrp8qsCzM4^fDn0&R>DycFKl)?eEOgi93lGYr@cr7kLp;7)#*JmbKCBnx zV;2!`!^7kqzoN5O@m@oasV+#Vwh3i&_nclkxvFWrNjKNmh#)Oj_x%`jIH`-* zU>s%=7)&`ISV60bdsdqprJnRrtf76cgr zTbQ36lsx6+;Jh;}4MCf<8_%g}Ya z4Yx3EJ72z?0rF6;=hxz70n=TNNB0(r;TZ6ZQy4U#`d1Bc96m7m4Y!?8W9eaax4`^y z&H`=>)U#S1zODfxZmvu@5|DYZBwpj)5%9)mn%9Z6x1dc4wJ-~EiO|HOXlDb)3hyEB zz4r`#?*TvmuVG2^ZBnDGOybFWwm^S{=h8Z9oRZoSB0kcpL*Tu1a#AbMll=Xis-j-m!TxD*e^Y&njmpM}q#7kuV>#)LQKIBl zmJ(soq|S~UEuX%qQ`fG92$56@uPY%8k*c%u$Ub#&F11Zg>dFie$T(aSHCCzf-VPn? z%-2r;C0!m$YaHPdQwZK-2vdvW7!t^{KZ(NuXC7=W`;17G>MC{6&fenNAJA^u?WUr3 zj(qbXnD-eYQt<3L#coSBp|dE1!HF~qsEm9fxtVv}2^8Fn^AeGvmoRv3LWfFQNUQsh zYdPT@G~TD)i4+mOM8IU>;Dl1HjmZ8xD;71Mzyo|>NhgOkwT3abpaG|sLlIn-PF>Kc z9_ADbPZ3;-a!Gf5v`Zb(q?Uu2)yS9rOtj?Lrgwo26QsNQ+u zW%VMwX5ig7%=$U##^@9-(?x!qN;igAeL-otT3U%H%|p3Un1xdX{O0bh(S63XJ$&g= zzxyM<{|XTd?k}}4qIaHuS=Zw5PQ9x{ZV-`(M;i&#pc5mSoh;J3J$2egO^HK~eO%Su zV>&Q1N6oltox4DmfCUuSM2DF!8t0Q3e8*8RolP!i^IBZ{+6vXQ&qnqQO;f9H5ngJA zHAn%+jM;IW8KSNNio;O%gE?*xwKRI=oKCNeYK8SHzOjBNLRi0Y_{Z8i53+tax->bZ zOEb$DFn|ZVP+pPwMk2Kf%y+D7?A#SyKNl&FDu}diXxyj#rX&UEuj~5Sf@TLU>f{Ed z<;pBPg$vclILWiAnJe!d=R`D4*NU;1J4y@JNa{U*L8;jp4bk`h?re3Rz_3?yv)0iK zlHm2=+|9rMo}J@53+-x$Z>pc1K@mTyx85D%>__olK(sB-ZzCGD4JU&#>Nd>cy_ta^ zR^HaE{SSkmC}#*kC*lRSgB9FXP!MH-pY0VpI#Esrg|!)-q#o?K5$KKg(=TDP3d6)P zCC&aT1+N>so7C2h_wL*0bdofPp?(I6O(+`Y(Wc7p=vF7hx@CM)SE0F1Cl~kpC~)3Z zl&v~=n$?9-y?M+0YVjy;Md{Z%xx)O$G-IC3q%y2uwc5(y-@^KBX!y)!^__{y74(Q}J9%hfdL&_}yAg!nWPj2e)D~I>At)Y z_?j_YcGNNFhWU#?v;8X^PM-ZQaqYGHz$Vc~bw&i!-Lm>pbss0w26%AktqE$s2(Q^L z)j)R-U!Oo>wW(_h$f@vr_0ZjV6d;bw&c|V{9lG1v64Tt9q^v!E`#KaOJC>c;&pH4% zylt;xEI{*yb58{|Q9IOv!n1yACalBj$Yk3Xd}1gv>RE?o=teskGb+HdwM8;#T)m*v zWH{I;i>s@h{Q|C~@Zz4nGOZ;dT36Y(X`&X>)6}#ZUJG9Qzbt;4Px4;aSf-W({he8# zQIguK`$B*D^oLW|t^KXhA2poMVT9P?95-JsWcl)rW*vB}TX%3iWDQ?c-_W+k!n)%K z$37~Lm8kXpyL2y#ypaSt0Qk=}_Fphe-nKD6Z~_0De&LAhZD$RDmrsyYA`kgG7iXhl z9A(NlvzGZ8WiP;Ho3jik`41a_@y@sn-oa}X(?=_MhS=7WuH)HV6!RJT-{Ok!JB2Kh zN>T5k3`f0vC@fb-^y=G#M6?olQveR)@X~y!O$U&_-=090o=2AGxuBD*>pFP0uLC?I z5@{PbXU6MJ=7|*>LdianA}!EG*3D~{Ty+K<&espw?gIGYNUESu3Cgbul~TMO-@wK;xP>i8?7tu^)D5%5nxfA8t;X%^FVWdxxf~XW8bsv1lz9wpBTslLvF2>?D zXcBafq$}E*8`L7QZSM^7E(;g-g8{rNP&;MR-a53k)uL=BMcRj0hqMj&=tByL5NSP7 z0*AGv`Ag_ShA2+~KyLK&o~8VtcGJUq?SL)ggZ<=;$FqK&ltS9rsF&#KciHD;*>MC8=@FYCYyw3#gMb8oF zZG@ih8THS38<5qJx$wA)$X2`KG*9Fjh#6LV!r$?9*4hqb%q{59+|ZwTo|f67SHS>h ze$YAri)ReVG@3&ln4mb#ho`D6p>!^L6la%3B80Cl!UvY)9C73U9Xj5s`;RZGD?eMK zL-4eoAG)zTvKeJeux38z0q))y0*}v}gM!u_dKh7R@bLzS&s)Z0^FSVsnf2{0s(Jig zRUcT;K4j5t>Q2R3`&lCT2K!K!Bcnk+IHUPRbC+QVwUKek%Yqjut-=_E9wn75*9_6l z!#K16Ce{@NE;J~EwQyFd(f+G?`Y$szREz$p=zy9(vQPiRF?c_W9$6I=%7L%?>%SY; zrSp>-1gM)uoGC<5ZLXnPL3bDl$jDXbYJ&465iQPcwVi^mnxh;DB?p|Dg~^hs3jGB- zg~U915@3)?d4Y^A_BHg}#4a1-Un;ez6?n%L_`f6uq8O1YCCsG`p0+Ycxde0+=f;+` zn72>e4?LnH2fFmwz7$TL;MppA683EY5$+s!*am? zdqF?pOj|&dx%y)5jZgeUj>A6dyvw-!caJ8p)-bHx$63C%Mv%mS&b&+H&{zijVIbMU zv3w8kZYy!mtUj}`c3p;IXl$L!k9uZ zs|xNvp>`t1`kzJrVj~7oEV)fMAa%6q*geI1uz5~}%;)*51IS}@7!zmEYYr&}jlM96 z&eghWWR+|dxVpWZYzZys+0mo)oFwIKT(ii2arm{|k_;`44Pw;9fH0q-H5@V0$bJqj zvi{I2$q>y3l>9HioL{Cv?A`zy*X~L~Z#Oa4t*neemn$fx-A|-o(99jBDGSG*?2V|f}+E=ZPJIjb1UDv=%I0oU&xI`A0ybQ7j5JA^e zxTW&DThzX~io8n%A3Fa{48c2`V|nO*J1fb+RXN4B+|ZRb2Xr2ZIEHSbs-X&JjN_!I z#Obr+lE%=jjwX>u;6n~QP^+do^uZ_3YH%Y%SC@z~WC6;d^BcotCK$jecG->&z!cdb z&7NPJ9?{jar*TxPSASlS?l_jM&Q^3BILH>~5!DJwO2DreZ-~-?-{qXbkX5@M-RC29 zYHvc{fBA~$(Bb!!wP`Dk(``{X&e&us_-Ln20R90S;jc^-z*AMBCu>k;LkIHVsv719 z2uY3TxfiF%)IuF70(e?5rqv#6Qycb%f~(_1F0yD9@1W|c9Xt)8A)E#Lq@G}O!fgGMipYq6L8un>WUZ3G5!J|MTP zBS)qQ9J1j&q%EcgOa1%8Pbe>?0IIo2IdC?j|8RDSGMw0i?TVVFr`YOgFf-KGiWc>H&G@$c36-sZrAcXqki|W^%thgYDfP0^B%Ix6!~ag8XX} zqbMB=7SJDMGXce#p}&v|lv+h8HWH)@xDaWzu#WddlkWK3=c(0!L80)prY@b+pZtH9 zbm|IT5Ii>vW-beFgdMzA5_r&O5tf)-Oz=Fy4m)!-M+&VU|IsT5&PDpnA3UUv)}$&{ zf21qJN&Ri#$HVx(Ksav=#+-bFi8!fYKF5Y>tz1{%pZ-M8yg`H;hwQ`}2VuHPhacXr z--T$F1N$ZPzzGwrK+%k_Op7sPkg_JPv`F2AqqY?$G`uoPF>p55d>#y+Qy&oO&$u_% z7fB6CZt$<;sTfP@;-CMWUORhL7l=Ywpw5vJRqA@QN#FV352>=NTwO1cCW=%E7Yrj{ zyS`L|f;JPO?lg+@xAbR!e^TcL@pvnLTt{F`{@{y+2z9M^iy{c3z?mU^*%IEXi%ST{ zShnvuu}+@bKK);RdQ~r;B6J<*qW(~~KJlBssZKmrvRhMX#8IYrZJ&xD7N7o7gPKd` z)%TZAs^{%~y^DAIFhnnvdyqr8LI3Rc@KS2e)I;Po&LvIC>$oV7bNB|hn7M-Z`!dOo zj90)4JaN8Tr;Ebm7ryr$p-uP;<=|kox4k{aL-A`q_l4}Ti<3N;|KaicioOjWaaZ(( zSt_tHdLLeeQ5c=k&l1VV0n+sGRvm)5{%6X(N&o;r07*naRAeD3x2_KBfBk+xUP_Bm zjUx^}?-Apf^P#&YQYairsBu*bcszkZ{ZFq`jI>bq{Hr_F+KQLi<~a-=F|7YY8WBD7 zWe&n-4i$UGmQ*zA@h^~msC-S=|Mo>)ey3k=PHk&)9!>LFV@PB5Tijbl?IZKxaR%yi zPc~ec$;E2GJfl4s_NC{|Tq1@R!t3`KNhwQfhs$eob%VnY2iV^)iaz%X7074>v7Hp&ZA%21DM| z567V|j1fl6(wu1^Ittd$W)!cHFVD?Pu?<&docujAc00fJEzA+*0e4JaHnlKJC^lXe zS5F#WVA4@SrSPbjeu84DtX-NzW{dhOn;7*gn(^j6a+e;s=b*lL93>$Nr9~KqjP!nj zj+buT^*?>3Oik^iwJIkcIjOQ16LTmgOZEBRIm%vJ(4{~A zu3ox0p{qNkc)?Uq=LMtdC)@Np|JxDO*H`L}XBLorhII~4xMUW%PuiD@(6FngF*JcM zTL>ZK57N~4N5V>3pmgDANDugFeDwT1U`GxRRa?@E9k5z6JSSsq8c!Zl4sCIU5hY>( z#z;vKa`30CVYaAe_811@Vp83_aYp^`pzzqCW>{%6D2x&-4WZqIuh+=_+EDYdzpHpGO6<+BW+p9Rw=016c zit@|!Ad#W9Xm(Tkh z_@%6D_@(+x&G$^{nSa--WMz#W{+}OHL)pA4=6`}AC`;eJ@+hfg*Yr73kQ9*u2x360 zsv3Rj8|@h3m(>3!Kh{$SSXUuF3HEwy3ugM`E&9&yA3=dd3WJwkV1I3JcA~JY#k1=Z z&8pj()%71dsY_Qz_0l5Y{?Iw>9YDgkfA}VK2mrc#Y1p~DAs|UI#T(z z>&stjSJmdE2L6m%PG@mSSwQe8=}^_dhjizGJXP)=BVv3&|L&P#^<1NFlZw@KtWKZ# zR)_ND7u5I1Khm}SsQ{Pt02g?$Pc`ee{zu?aQlY~bcJZ@UKXhr6!qkgizY*!`>$j|5 zaz#^rH*{nDQW(qa9S?ai*4#iF)0Px`pOpeji$o}5j9Nu$y=kNPE$9>!cZ_t4{uTyK zV|1mz*KY4`^0xjQ)r=UwvrOLoC5>Xxe(sG9CGY9fuRY$P$Mfg(xtYsEzFg3M7-8R1 zi!sT*3n>E`<04+lr+)f9o!oX!0i1k3-KuZ>t2V{P#`W5Nc!4x;&>(6ykhz4T7>5eh zd<%M!#b-W`7jbkr{nYn$`e)Y9wds!N?vK{%_rAgU<*|M*y+j&YQhs((~o|erBWY`z+)9 zmu<=%rH0qPe*xzkYWFcF{5NhNCjuc1CJq8u^vqvg#nYHN2h`NNhxXsDYGq9@`LO^# zVsF39ccAEDKd!EnDG&a(skmRypS`62x zmtWl|P--|xgHDP^y zBlhoJp2UGekPwarLC?IeDR(w3_s-**EKtCzW74>*!9D|Dho>=2{_#(!Wie-c%&}Mk zg93ED@1L~UfAy~p0rLiQ%qz@ycyW}~DGtP-`d3&;|H=mJXBV&8|Mo+mVAa2td+b5_ z_YL}2(!61H;aQtTF(ZE${X$M>9IwDU-`fdI?`9Ea8GO)m&%Wv%uJYtVL`(e}9K#U}P}5ndB}GrlLl&X--esOaErb0=wGm5%yILp$Re3hZu{Op!;%Cjz&)WcNfYYPzav%k5t7CC; z*iHlIcZ&I=8a@wyzTLk1tu{*%k^9!~zh+kmN*HAR#ohfRC(u9fHu^Dy1mVB-U7gh4 zYoqoFC>P&(!OmTqwl}H0w*}NtN!@;X^yv=!#+M$ogC(`L4BaCbs!jvlD>>ophIiTC zU)Ik&Ve2 z6T#hl@{-*c?IW{$+}=%9W7clAN59x^&;83b+a4UYxBsu#fv8%B?!YavU(xy?=Tj0x zUvh55&T!q6@hYOPIqx?*?781RR3yU8z#IYS>$Cd1eO2(m3(LGIqL z7tZzCzy2{s#c>Rl1s(RtuXo#X|Lp;*MSeYYdYGV!Z9BIP^eLHOPktKss<|P%`aCtt z1{dwb8l@y?lY)}m{v@ZrxHzqxyv>hsew`K_mMH}R6jzU}6D1SI6obNdJG;3tS!j|`dPY7qb$A91Kg zagfZPLMsE6Bn?lk;>1|PpisGEmmU4==k2lGDSNW47vpBYPLCE@dIDq_$}M>JlSk&BnKeb69mg?F41E4itxCcAFR1zMYqS|J5T4~nYqNB-9@zuN)P16&`h85 z5B`#3#m_kOiy#p4g;owCP?e!mB{8D17uYPQBoOsJJMvGTwWoJ3+h@wp*kZiV-tIkM zX<$~1l#WiIyO1Q%7MwivGOlz__CB;v`)}P_HMN<{9y!YC@ z$h|oG%?gaiCH_sj@Wy%j!C$;?DKfB@2{4s|QGv~AWfhUemWmLV2SQ0YxlSpNWdemj zji4k)D$ZI+bxs3EH371B5}Mpy~3uK?#s#$+%|5PMC9)z*{uA1fhqSqmu-{OyN-4Cg{76K)b5a3Tq@{U+mGce#3>t0YI7<%3?CtTWorK>~Tqi-D!KHqJ zpay!}d{-c_c+RuGI135VR)=^F4$w7mqB;mPc+P{R%ridE%zdG;D7YX-62ct1`CB6? zJ4Iqd3Lz55{x{!ul?=1%TvPlbTLbpKEJ6C%VK&LuKJZk#eflehZR_$iyYz4VvkgpO z+{dP}wNj1!qtPD!dYAqB?>%I#*l6#45&6GKDF)CIDh@PSCmDGUbj0kL%n9sL!}h=Y z?Sw7jc#ldJ;OJ3MY?^18DTukTC^YZvDz@W~)L4jMuTw9)XxI9-?BYVD)2#y)vM<78 z@P}+7=^z38&{dH7FeL-R13kzaAva9k9N_v|jr5PuRqP({1$;Z3K8e0r!dlQyfLkl& zL^`abV%Cz&pw|?YSW$hGm1B#qT)t}8frk6uN%Z}h2B7b&Z13SFkPr%N{UYnhzrR30 z!KO_^$0TS%p-7cI{nd8+^4AII#gTXHjYZ2)*5N8n$n|BimB_}e-JP+An%C^rpI^5> z{)<7f$`=U0_uGMIK4XtP`#E4MZ&*d=l9l7^_v3VG+SO!_{u+*^YuD`5pS;3;W5wQH zp=<_rj0nykQYGmy)@{0a>OK(yJfJh#)n_%$;5;O7W| zMFj+gIYmVx!-vx%W6 z}$)?@yY0oen8_R&VsT=po<0PZInnC1q1avx)$ z;IX30Zg`@a;2fY=38G5QArGjvEL)EY8bAgHSWkRu?2PN!({a$hHBo3MLDNYg-x6eW zE)ldcfV^^igdRhvBkHlvm)vH)sWbv}JVmCB_R3nv_)oj|^AB`*n(fElOp_nBM=<&^ zd~H*U;|6%NQ%RT?!Bs-E>?$~>ic*-YSj8YkbOa0-iQoV!C6b$rr-qJZ+gI(khT{*~ z?%GD{X3&?JK&e=@b?mRRd%LLlur+7XwM1VHva><~Dut1`q=agB^?%*d~#xuf7BvPmI)CHfbXhL?m!;8C!+N?M7WA zuT265{}e)D3n8d=&QH{Ym?Td0gBBwdC3OYph&pzLEq+s2fk&DeK+WxD^XINp{O!Dr z4$o5;g3TqyA$j~ga91dcM>!xvxEM|X2!(fQ-2$Q7yFO%_r$boeRJsP8U;M?cGo0e`aHv85%>=UQbE8QB>Rbphsc zF%ioUZ{yWGXa~zxIR{~#>C%Znk_SdSIMMG+T5uDyL4uRIy6Lt ztS}xc6eq_awobZfxCl&CHf6;aJQta$P>!)LWKm4w{p}^H_!3!qbEJP#uZl%|YHHa| zzIomzYN)rcK0?+MMv4Y)(8){*pnQL9eOs2~&3$NXF%+lpxC$w|0jy%r-j5R`Q& ztvkSm#<8`vg5pR`g1`>pM;F;{jObw?BwqkW{M|Vq%cfb#5xR-xu=T?i7wKasQA+hS zb=KK9Z(E2ab#`=>ycN5f>TA(5GTqDi3QfwStR+O7C8a|Dy=9vaI z_uwPXft8bGPOzynYKz({2Gq}Ku{(vUxW0O{6>NaMS2S*%s9VxbaQ*>DFpnHU3D>4jU=W}ISEJ8`<-dM*sxBG3Q{oC6!{^ETaDjH$c^B}y32 z7))53wy0fGRD;rm(W)a{Z#54u+OEb$G9AGyM$yf(hIZdy%ed4LWrMu0Ew!<76h9gs zXZ~iSTob7ob9mFJSFC>-low@XxxE?lUF)BqOtk*#$jc_xA`@Qw0vRSR{LMHH#Yr3K zo3|m>YiFc_ud`rkM}Xxh0ivb3y}|aB%@bKQYCnCOjN$VbjW=4!q=_2-P0yf3Teg{N z2`Py&=KtcL%_CRe86azi2)&1Y)olL*%Qk{6+#usQP+SU>34DlSjeP^rIVd{PF&X0^ z2EZuJt8!pZYJC`#<_7EpzA;9QKH~H$Nr6q>Wt|9?gCp1NB9XxBjEic_h(0QeD~?>7 zpR+5kzigW=)LSe)Y!zg;{j+Y2eGX%_RqeTi1 zL-!2`3X%0YCZ$l^0jz}PgX1^dhX)p7f@Cme&CLM?K~yA=bBEa&ud{htxZ=hMTrlf5BUjS4k#*@O%7Xj))s|W@lZ6OvbZDc<^^X~3LNn^5u;NWP)Bjj7NXx25j{MQv(KM_zj4Sd zsooq0fiTX^^4ezG)rMoPrN$eV?nUdyxU;GZc8qfej^PAmT;f>D$7`r(NVD`eGPGnkXI1l$TFuG2z z*ricH+mU^lrTutsf-xXtmw~uOpY(I@m4#)SCktmLs(vBAq~FlL0D6!DG9*{C=vbm( zS$#S32Llojw~l^f%KM6O1m06&&A@joj8Qj9^n+U%P1v1lASaXC+z0(@ieQX>^w;rO zGReX|8}A#jvu~WVsiF<5B^z)8SjyF9qI(xuM}SjXAlOUo^ilV9m3GceQ&SVe`TN@G z#5u-Pbn=+^09#}TnYqAxR;?q+yqqY=6D&_Q_pEx7exPWU7tuA(4%wx%BQ_4|L2Q-9 z0iAblCmD@Il=_(`Rb(EJ$ZU)7XOt}5+FJB2_B&h1mg!;YtWhhc5Qk6^QO66-awxFq z0&61vOaToPBAY$H4$iIpcedtz?>za8UIPqbsE7je%=g{Q_iCc+>z~>p18mv$z}IVJ zT{M> zo4>Nms_7qzN1!?q^3LO|UjPRPDhYTmTOF|0ETl4r=>P+2K*x5aj|PFGV4 zq5kP@+cCRhd$5?V1Gz0a9Daz}0j>1}D`M2H0j`-0F4go^@QhD<2Cq0eoFgKdH8-_J zTejKPbw?Z>0u|5!IbKZa@FZ=>0O^%NFIrq-J}{4y39S{(Tjs+YQSi<|&Aj!TqMCDB z+dttbGDlLZUGYsO5C4PI7<2QF`w30M-EWF)&fD&%{e$Lln6;>|3`7I=bX`P=FE5gz zIxuf1`Y}AY(N&?A-6x_&`J*KQ0>^*#+VIViQD)7 zW)vg96!I``qhu;Nz4_*P@=0%S=kK*%2hblD;j_^*!0ewNgU=|O4lJNAHfQtuft9Ty zSh!}zYT&a;$7eu*^L;u~W{ViFV@$?v(VZaPxv3>vz(INkpD`wB^a$}wcAfFmc?8)i zJ3NL#d}SVa{hssOz7zdL!AvgdpGbGV+Q~j_+ln zQi&~rEXDGqUBJE)XK%8Gv!u3~AiD>T0Snb#$s z$vQzTxy#VuuSdvMoV30i9aJ|{w7#7b-rhnGqZlvCI;;u@=fNOQX+*aFe3BsD1@_Lc zmM;I{=j}jVl-U8DM~2!*oyX|hNze~_=dm;UVcF0W@JRg`>VbvJ8tw4sy5Z#pJ61VM zpu?2Ce4)pd!de^rEzq`KINN+9Udne%aSNe>; zyY0bycMi`^?{M>%+AY|ZN(qV~^34{;S3q842PZ(u3wFChYAWzii{6l~fbt z5M{2g@UgZxSaAhLX`HJMKe0e|3*`jPknw|Kb&GqaSno6FmPs;mww9?;b9u}DHq=9) z(4q}atlKE-F57zqf^1o2Zm@4mnJ?_L*2aVO6tQ##)H;1}`kKv@ByFvZG7QLvLgo|FjXugQs`gRHp%l2m zA`oHFo$iZ{+cX))FQfbSEIZdeDhGtZ?&PKcG|HgEx&C287V3wyTOs38vXN|Q0b!1_ ze+|)hkw{D=dgl)(|M@^R7-u%{Si-FfVo~?KUgY>u!G$UI6bVqNWT=v3S+Y-1fPxAX zZz$P8pP_!yC-k0T)vsgkzLNk>^yuc%b=!|lI~FK$C2&Gy(HwcS#r8noS@uD*wPiNA z$hCdNR@F!%#!YzL0oQ z2fQMhgetL1FlXw@NbEp&>PHWhExCt)jX47CRp%+e-e7pNlH`(ltBx&`+>xSe4)YG% zieGz3xuFP(pCh=Wm%4q^)7Y*-R#^vva(T1PQpGC6!M=)SMQBS5y1AfI?c?D^)yEUE ziQmb8_;W39FO*G(E=tHlceUBs&9GI=p%lOlF?3_bp8u;pi}&JyB4~CN_@<1%82%RB zy?$yM%(GX?GzYvW$qwv1w9u%fSByYQ#r$sXY49n)kDqC?np>PN0 z2PvSpO(9a4SG^J@Gbw`spe_nZI#|$mF(F9tZ>_ey&;2GIY2f$3*c4u75m1a_+U*a` z*a(8B2q=nRJ>w@q>YvB4F>3uITh{xdJ{!0KzHCXegA|JaljCD@tYE;$Gz5(^VC_O# z+8BzG{>cKeM)cZS7th(q)k`)(7FdLZp%5d3pT({Bt)E#hnK4Dh^9b=4E2eH%v_5L3 z7zi^MLoR_A+fP)1j}%g2=^8>Xu~}g~r!k7whHW=OzNnnV5hspQ+~F}dd9@K017S$Q zGGSpky?CUl{gp-$(RbLIytUBH3(iLv`w)OGD+}SkGQ_xRTL+D$>@oC?A;pwBmw)&F<+^(908*(64OKh97;QDB1MEG3gG#0FPRANhaTT0nDNXdXG|hSw+c*PD;(7w^sO%=Q{#Nr>VL$MDf zt*mbvC2iKOk~KL)+I|TR^9*>?ao~v-h_HO?3>yoS#(m{%YMV((X0x6JGSo9x!t-vh zMIOy-oHJnL=MTw({Gu<}kv}9kq%^s-ba_hn%ByiDI=f!G>!D5Z%)$3sJmg$djUK(1 zBSslh!9qE(a5@bQh(GQ-On@8g940B0N=pyRM$vNmJ%1F?tel1qwU1*j?*>()aecggY ze-y z&yY(%LI8_5xHjV6M{vTB=#CT5ZyOjK+$NuSqrpN&(Gz3CvmCHe$nxVQqq$_Z4%#ky zDWb|#$Y?WPIVYiLBU$UZ<_6zg6M+EVqD5iE50LI$K=i2Ovkzlnn9U!Q@a_*iGKwa{ z;4NJ2H1d0s^y_}Xp1lBsRNpGf9nt1EcvDN7@! zP~DkPpeFl)G)PdK8pR3&WEAKM;iK!H3lNc`48BUH*O_w!CJY7awKuygesq_8>De9D ziScR!zDX?tJ%qz)GP`KKYh^f)kS*wx+VE%-;Zq+fx>>6xtZeKDcKJ-deV?q8sRc4f zGR=1QQ@hBZ*=rT|l-Ti8;}*v8eqxn^r(_IB@$yR%kDnnEj5T? z)&?x~{#7W0d~r1@A(iN);}-oi+w**p|JHp(U!jY>BQrI&K463AhHUf_XEN^;Wtv7N zNM^~Pe8=JV1(|!7_frvYIiC|iyv+8V0Ol`aCzDx(#;`Yl!NZDKoqP9j_S3mSXT+lFm_)>oW~?8R5{cu)Nx; zI*-}Ghq|C&lkEpf-=iNLq7PxwFT}Jw$b*%|6}xtwjoGykTS6X0 zfCQI#iLcLD?`z)!rh>si&&m)1nMP>};gAm^=Zk1lFxSqgiiWdRe^5Im-qdOrn8wCl zjy89`>nFVEl4rrFoP>vr_0W!xde?3{JL{g(d5`e${%3q+Lcn<>?n& zCFAJT=dD+U5Da0V8iJaLcCDxmTIKK!o4;hPp`2VA0o0DgTp8msHRfZ%)m5`tVtlt)@{UCUz#O% zX^?b#*69ew(n4TX938r$15lR%cwV~z@w}r0`bz{@oBkXfBGAFl9Q3gl5*GEb95+Yt}L*}NfO-~1d^zb`QYjh0^way%>Iq}P=rH4^G&zb z-F0~L!Fzqze>us`p91Yiy!%N`X#QoTe;`}mdp`w{Nw7tb#}(ZTIQXa|F?gMf&`~mY zf;No{)T6tc4Fk41(?k|l+IFB*Ru^GB&(U4&l?b@mfxB+>$NVriAR3-q2f7+MM><8_ zoTg^$CQ!D7Jwt+i1eV#4kDa&YU%zg@Pln_i`|AL(Ob+t))&)NCtNi+q!F#t&hEMOi z{nmemMxlGjko=+R!zaFz78rC5jEsTc6o#o0JMqI&J3l}WUxes#jJ|0MUZm67DuD`d zqM=J^Mj3pznB%hm4*5b}i|!%l9@Y9#3XBkZmU<7L$=>3pPKo&C=6Tu^<=2(>oF|=B zhZj^Pxy$&{&cPA26S*`Y$yR8MU(uX;b^CG0dAs*eGw<%syZst>^IA?J z>00aStV?Xbs$0A4a}PfRoZGl{j{V$z_U?82qZ8{^zL#2O&t|L~%qz*N_cZrzZuQZ> zkvhO0B&%`fwcGd7Hs>&42z5UvBi&?Y)zV(r{Yv{ZzR?eKt`77+Ii6fSWq$8x@3;jF z^gQuj^^INjrDMNprSTyv8~%a)_|5C~r*Cgs{XP%~zCf+yh=R%qv|@c`WVn|0t=LCs zfmp%ajccNQ@}1@kpGz0j{)pcOt-9lJd-|~o z`|qCNb#=APP4wbK0s0d=TN=L2U_?)CV@tt#arw=wHh6|034&l#z@%>w7?y-yh1{bI zeQuqAt8Hv1Ef3ynpZ&_C)c1_rJ!{wOuU@`j|MT|-tO9g_XMX!P?byBT_CM|O+r>Ah z>@WVmnDwv^Tm^9>sZ0#u?X+?6Q}Us@b-(R@g4(Y4`0Z%v6&qb$u($dvY;qi(I1siz*XU2N8l51z3f5{Uo5pYOHe-DGG#xsSY04C@+SNBCUu6t;vS0@^Eg9I%%9 zu-&_H36zf+J2hWti#rg%#0RS5Vu{nFWGprj;> zlP~%muk(L|HljtwmF?hM{=2oylMT8P+#!34coSQIAS%5~T<+y~nA7DTK(?tv(rxjO zb3g2)*fff(_F*4rBk-=o_8&ZAkKxQ?k+BW-PQf53AMD?Q#W>7u5=0E(|8a&UrwK5o zrgJsHFo!ydEzldcS5HpZ)!qem?&t;RpF%xwwkO74+gKj~kr~#{GkZK?Jr-z-bDmTsEqP6tg|8X=M47P6m|Sm-^%ejZOsua$m0hl7(I}EpVM`rsrs75HXg+8quS{F82dOi z;$RC&05Oz;7X8@e3M+yAZJ=}sw5Y$aXy*slfz1us3J$sedaVz{n+%THrLhA9=#fl7 zNMBPSC49LgHEX0g#RGCk|Zkxym6qey7QzrfWH$sor-0`zXq;p$vofBBT3-;6RL z9Xv}>Gi6g1go#$f5I!@NC9{Wx4DY8i5a|S+s&loVYg6F1LkLb%^Zcu8mPF}gSS^c_ zC0qyt28lFQRNyiOTT*tF5-2z^8DT?UYlc{4LkP+YQI)FzWG1O&;Wlkd$Sfi4DZJt` zvZm>i7ISyV@F@ofh6CX%*L0N;2_FR(am`jKpuHeZv1&Lm=6;OZE~QCwhpEfqrrDcBMc@!TFS+kHr^=iW;__8_PCKk?RyjoiG!CQfKHY8CxLAbp{B) z4IFf7KRkr-Ty+RyL>$Cf^dd~oLhj4-f?qsCv>$#G#G(QNB;7ThB7k5kx5=2uBsX0l z;1a4zmXN`K1fu`I9imvQZ$VFrEe6~s4Fd(~y9qMe$f~E#3JW8@B_@V_Io!pELE7r~ zDcS<2gw}%m^RaPPqIQ7{!1DTQg>l40_(+4(tGZ=R1CN*Wr8dn&S}(Fdh8OlT07zC(3Feno+Q9<)KBQj)_16M|+eg`Z$?b+JprV zTynzd4o;ba{<^LcO7zEJzO%X6R<K&TYqn^>D@O|2 z$r8qUKH*D7j92+bjy$~e6nDme1v4Xgr7OWA>0!4163AMg6^wtS_Z zdM(I}joN~&h^;N+d{i{lDlLs#`EI`uFf2m`U3!&>NtE0aQQxbxTHH_#;Q={OL-1;l z28j369!(-)L~|w&HIv^vruw z@=tPD5BEc6CC;ieiiA)7<97v)ci~y+n#L&SOESl}ZwNVDL=7cB!g_@Wm?fM`@d!>Q zBF+TUAiBnZ7776yfmFmfN0v;q#3=#A)DhSiU9f9csd+=nd$AG%gw)eedzG#v=`^V1i7M7(B9$?9Pyh z5hR)}h;b>XKoAtW4B2=^Y!Y@KY_fxg%BZvCLpSx?7k;D4#^)nA0H`UnuYznU)(vXf z*cW})vS$EiX+N0Gi)6u4XNw5nkqegz-dePR`63{BFbp&P2@08R52HNQ69CcJh>{Hi zEbGh`1y!>sz<&58n4|^*DeFDgspErUKQ@iQj>upiQOpz6{27=dQV?fo9d#XAC{i6# z1U0OtBjX56&RA)=RWy*HL{@NBVwk#@S$i`*VZ&fHPj4}IwCTRdFpQA~QU*&Wmw3$t zaBH9Bx#q2R`49a2Vc)sW`E!dpyhirPQzzp|oO?z^L*%p^%NrXQGckY?2f(_+t<)y? zMaFD7mkScq;Eu~8r>@@3N zc#1k~7;Ljyu(l62+H*}nG*DY5P3^$p>1De(Lak8hlt|2NBS*${9vgI>*94Cn=as$h zye03vRdgsa;>v28Y|o>ucBm7YP4ofvkg!4a*{hq(Q8x2+ZPaf$jJ%RuVvGa6ZCXD` z-)jlV@!OutHrxC7lUCPtk9BQO5V(jeU+|pjQma6>&e)Y+3b|WBOa8WT$uKTSjSKR{jSK75do!Xwl71gXar7I>;w_vRY3K&CpobB>!6xSy;+H$_ z$6QoIC=qaJcqS{ur*GV{(M#qdt1mQ3lx?R0Wz-H-a@-D{VMB%PNOd)*O?qn$7lg;e zOA@90hhOON%}(nRKF5*dV-r_aEBdwAfgQl%jQ3g3h)2IQ0zNWi($u$yZP&d7Dx!~R zZP#VorL?Z_LTCue{M;rwGewlBXM{kkphF~;;Q_G1jZ0}h2g`K!|!j)2Y%xEjGRGN z6e2{3jYt&O%w^Wi8$H0I!)Nc~YxrV%V95HYhcE_TYdKc1m+K#EuKKqDQUjI&cT4q8 z>!kXZRsSGZZgu2)jSxDaqaWG&=!GfJ6Wn^EWg$mDL9i>cu8cs0AQ?GfoXAn}CukRI zIH*-WK-W@WNrts14j-&(oN$uVGbY&29iQAG6kY57zW#W8=^#s)LxLV+L>MauoPCF& zP~?!@MqkAT<+Y9P6?q$A9~#6M5vA735_?6-U5#f}1`o%2=nay)qC@|H^?`6PK?aEI zW&vk7Ko@6U;?V(lfdPgqyE)?Mz#Pc(ka-NBA*04|bJB7Ve(RPc@1?%Y{m6UyOZlt& zxf|FCb-BZCmva&$*O%F}&IhA{2v-4^P$ z>wawGa}D5{+8gNbvvxY@M-2)GE#(hmimoVl<01k^ir{T*OYo@IE$Oj-_Ldt2shBtW>~8aS`y>8Gc5k8+rdh9~O9XL1 zI=S#M`ot%?p_6BFtW#{A`M#;O2ow}II-2j2`^Rq52Ov?v)8Y)P7qjj2^5Y?i#9t!t)U$RGig4s z-l8gr{N9l#33{?*Vj6kw)oao|UN$4f?r!)~?SY|W@9}Er@`0`iBWMpSdxG|f?lUKC zr9Yx8i6;r3)pvQ_!0`rBSs?*iKyA-s``T`=0;c?a>Ly|5Sh!*{6Fqk3N}s*OTwR(i zwu&z5cNG(yL;aZ$hTaeveJ-nuHn_}x>DfF|^ilgn@q}OYHwgx4p&%-Rud}x$;;QRJ z)(iD&)CL)I)dx(;R@}X_UqIUS|j^o%uc;>$%-E= zvzC2b21tQ*bzZa;{{~QB=wQN5X7nN;A=K;!eA2o_asajfWa_-_HL z9;a2u4|6=%*gkoc-YPi2dY}&~M@vZ6lBj{i%d(+YoDmw&sfO&XP$IAO)zR zk&NXBo2iq89f$M!uVFXZV(%h{8j$<^($PaSxoIDRbk1R={kY>N@fAOFbI3`3y>V-> z#=?EYv-^xaW*WJhpb;|BIawz%h^Ivgv8nb;{5XH6vx)Iu);M>++_&y~cUkGq=v6er zAD}Etm^xORT}FWa{Cw8VUEX9*!v0)YrOY8^4aR{2SlwU`+%rsoH!%CGJ3a!Dh+DDB z&=j^Rf>LpQOmV)Cj2OWm^)irNqXHkQ(siv@#uaez1b~eV_L>3oJ2`NQ*r!&J z9k|uw6rrjdFK#su*86m1qYxlK?V_51dn6 z^i#VNz-`9X(Miet5k$N8=`tLxOpn;LbFY|x3zQsCriwu7iiHl~$ZEHL*^YfpP=_EvAPBuLQ{O7Xa zlHh#Vxd^=gMJ&F896{fWp~GXvr&pXu`^9hIh;ZIAeIUVOzQAHzNWe0bVUSBwo5%+O zq?0&~GRU4Fx?_;NWkxo8#s}&-j&w!=?d5Ji)J7W0llzS%t6q7$M1Rvu1iKGX!+p*+ zsPUXp(3E&s{sPuH%{l38?m$m)PGK(L*%Y{!CZ2Aod*mmOek_LhM|McRx%)%yXH}H9 z&L^)c3R-yy(XC|M$iX6mOa#wr5fOqxh?2mNC?@eI)~%4pfrT5S>i_vwJ9%!7)LVoO z*OM+vXt-mrv<&Guz=S{Rr^Zqcq2P>645$-0w~b#GBDlkSrh&fwOMQcxG|q-PKAgKA z42lr)vulteP0w2N9HDM9$Sp>3^y81%#2In9yk0AsSnTP%|H3hjQMev&Y+{qbb29qJ z$gNFMpcTWUHkSD|iXG*+a-M&8KNyaQ8zLInkD=1fwL(Pxm6H`w$_9!G3SjGk*B+GP z3SpI`FgCJ3fPo-Hx_qpRa~N~OZk!-fO0Wk?bM<31RWz)aQIborb{ZLtkBaj7aOM#weDFWKq;IxTsUNQD$TY!2~Rzw3SI))=Yh%2HHE%#vP|klFzdkX?!@iTxOp%Xbxv6XY7LR!DL6O zWDszg&>9k_z&ZYq@|Rc4qzv*}q5a;dJNA+Qms3dto99yrO7GBTTC5$1xU<|JU0XaY zCl3xszmMD$Hp=m}ah$wM)S08c4CCx0CD&mhvv~WUm+mWrjI#T5D1B7vrjXY;m$Y6w z%3(wdA=HZsYl!#+3Wd3x#!;s+%;K1qkn`dA*)CdPY*$H4(*Up`Q@8-UmclRhJ5~Sy zKmbWZK~!iL(58X*X@Qhe74^X>PZ~m}G>XqPoa#C}=>(#9Q+;>+&%Mxw#)lJfdyS~o zRf=FX+Cz_j-r9+7-T>w>8(f1or|cS;jL-icWA-++3no!YLk&c(kQEq)pSOvy-^LK@ zheuN2Hv1_6oR)Jy{UoEah(1QSPYQ_281R}-(UD>++AvoXl|#$aP&HGZ-~EV z$pEiwx`I1Nb4)+e7rDd93U{`y;J$Sy(NgbZH#mCfuHtC!6n%cJtE6y-OBohCX_$Fm zP+A4F8${nLC> z+w>>be&?;AlCdq+Icv z2ue$36`2JX^OPyTpkd5LLD9Hm>zFT+X9XDk*raen#jI)y_%QlJsmn7#O`bpgPOn|M zzKkrysIK<2_9=owY1)EFh_jK?xCF@L4YJN^F7vA#E%lP$yC?NX-*6E%mp}SO*|pw* zazqALnyfuJO9~o+jmr>4z#NvLHb9nuf(O*MqHxwangi4*!^s$KrIuQg{SOCNdvS`( z!0j%{I^-uJz3Z#{ZK3~?UH{ply@K(4VUrq-6bDwO$YQ^rnmOVnk7mhjKm!UW~PCo6ttE50K(%u#79O3X`Bh|?7 zixlCm*@2ws(ePTF4 zHUFE4P;RkbeX@#LRkL=H+9ww;joBMGwHDUO(L);S$fv2r)!vCw7)K@p93Vr)0#i85 znr&#%$b@LKqfgdaJyU6m$>5LRSdA>$)z`=Eg})?w;R?T%zDc%?8zhYjo3#G^Df@rF zebFxW14XQ?2FBT&4f%0l6Yxumc!wxr4(5CS9YjGrBAU}9HMxIj2Qo@BS?el#k*=H} zC}8f|>o!Zq?YrqFyYE-Js13ExN;;DEP~&9_vJn=vro_|DLz7j!?J>#CkM%+lPk$9? z5J&<4+~Co#dTYwgLB9)ECS2{BMY1FP$ws^Xb8YrtcXSeUpc}@orPV)+u8{Rp<95Bp1_!Bmbk7dE|LJ<7O7r|l)NpvgF26EjFMM~zPV@p9glut{ z8-JHhaBpWwBx579MJ?YellCY7;iB~nlR5AKd@Uo50wm&FVDK~H<&2WPqVZP$!pM|7 z;qzIQGQc=*3Z98&X z5BHl-{3kayp6)5i=+K8+%V`5(Xi0;)a>wx_5I+7c4j+fZ?{Cn}48(a71)*bHV)yJR0Y>`gP z9CUJ*cItkz**N%W_K?Bgx^p0`kOjWFrnMqSw$v>H9ykJArw7hU}!hYNr1Ts>#pkk}3DhH+ts9Wk=>9{%na-DX)*VyD1aL1qAXbn6N-f@inJLNe?pY6?y1NI_8G^@)vj(|dIXrOjWb+LuEG5U+o)k(Lp;#%BaYYp2% zUV8G@%>}LR8b^MuJ&|}%`>O=7gmP9DlnY{wa~Ld_Ve0yW4R5^{eK={?H#4)E=#KA*WT65g0OI8Th#m+|Up&Qp~QS8V9Bh#v`YrpM$ zTu>AbgpdQeQ35f=@-&u^Xfw@Q&3~PeU)|^dm zw;=Zb?G(iL@}O-l&Dt6=ZX2lg01jAX*r+C=Yl*u*@=rFy40>RC+BONy+ZrE%U&8h( znXk272W;nk57@8ZT>s{8qw6KcY>hqmAH8(Ru3qj(U)_YCJX?+o>f%hNckoKnWYU={5j*!(f4pU`v|rsUFfAGkKi)npioPe2eO+gsz4ieoooKKaQ^UtJ)pf0a6$mtyujX0Gb) z$85*_pSRE6-(1P?NKj-@NsMJcs)^!wbbboZ!a~&ks%T4Cff6+aK$F3ijCzi4 zNPs42G(j@x3W6=b5w0O8u;tLT47K4DsF6T#lH*FqXwp#?s3r*Y6T30NIWp0o|RGMZ1jpe(87Rx*3bDumve_hGjf;b zy18fVE8MO03x4n2(fj>BhQIXYlOH0vi(=4Za04MuluE^07Pp|3HUy_|`{S##FgebZ z@Gc<~QE+Y6N)p#>Xa=TcA@X4i)c1@k&j?7ES;iDEx&s3j*Y!x|{neQ3@D?R*t2g@N zeXV!A%zeP*NTGOFpqSiqcrSE}+VnWkCwRpdgxgFcg^1z~k7Btuj#7N3XYXp-n}}iD zlU{NQrvMO%o<^CTnJsmx_xqY~q_k5Ij>yPu6_ry455E<&Yk>=b=^Khx(La5TF-y)N zd7qu-Nmtic!o0lq;kVE&RoJ`^`m6XVE! zJ8-<&T8L0DS)y1yi)n!(RPe4VGbkKjF=f%*gY%{_gwUCrv5VA?T36H)3bDJP?oXrB zM3cmp5TvW5bB7vGlw)9LPg>FTbsIs@WVeVaBdUaziJv2sprs$d9Hii;FAc05%rBTV zWqLU1MSdy0TGY{@v|$$^CZ(SpL{QLWk}M2^g9zh%Vp82deW(Q}tqU;oG zvFlSitPN^thFxb96^R z8v330SmWxJVjNd2AnWR8w7PJE@NlqBhU`1XQ6m+w>B3s<=-e1hK%T4FgM92|n$< zN+6QR5;^(in!N+otINjmBlyGMm0upQpOMMaKTGs15N74v3$+b99JOs4>q%jc*^#Ox zTN|CQ8Ss^bo9xfjQFs&>t6dRmFI=|eD~mu{E}`d@(@u=|nr}{W@ub6ze@@XB1#)C^ z^Ij{9MvV_;a0(UU1g5rHc~zzD2M@Ru$KL`<%H$%@VDlSfsU@X9dUSMW>U>94p7V!y zP4AoAKhtYy22C7xwW7o1fRS;N#n!chZ=3_&wOg7)3(y5T)sdZu z5kkB{n@IK`YMN-s*bM3E%(FrwGoW)ISnL^P$WBbd+bN8iTR7)^;SL9LI)-t42*=;D zAd)ahN1$H-=$I6E_z7yh%oLDaQwHo9bvR1Wv(`&(G%U;7m%90x#X#pLx;a|UoWv2Q z!-+fQQ-t>=)kH8hl-W+w#sl#E^w^|Lk*PbqNOX&$ytP5d@vds~DDo}Kh9pQmkhoIj zX+sjohD{X1H92^JUd_rdhod{}oV+NMk{9Y9Q9y!y*xm+yG}uKzOrebtkv#&m<|S)vRRZ~fDyxt?P}H&h;bdN18yt;LSsdgc)6 z^RFbMq?FXNRvbRI3ukBACNB)w)bx_g5Cx$cYN2o;8BjpQz4NxMPZZk)oV}$Os^!e~ zk(rSqAfT$Y$T|qfC|>B3;`=iWdy=so*|Y-;5;p?uOwO) zxU>C49ij(pjE&mRCJ=YqIMr|<$2W?ooYBO30UQ@Hs*vcfSt3@m1Ya03TZK|9YuSJa zwUZ4{f{nRbnt1CDHx-e0(5bkh0Pzf*>+&iQYm2PMgq2)lv8c;_xXjNCCfQPoDVwOm+%Z)ZvuGSRDFe| z!TS&6c&v*qTQoLqql@sPJe`{QT+P)|R7yXPpmKH~+);{|BNV*Lu!)r-9H(woirRB& zb_D*_7JImZ8k*3gwY}PEBQrLMjMh3T$l}!2o#!R}??11lL+4Gox-NnAcsqE zfNd-g zgJ6Wu#ir72lE^oq2KeZI#9wX8ah#phjH{%oWDVK*FU3ixy0f{SbRMi2Z+hOOgIAh7(lVAszL z+bh)h838*!Rmplx0Lh0>?hhC;$1BK9cJPj`W3`U2qtu42N5AUZ1~z>W;}FZu9rK;F zA_UA#J~-i45BQzC=AHL)s!aZ)50gFa`#Y|bKg01L-00ew009D5xMiB!tddC5y`{sp zF++_*WUMcP0kxnCSe<(7?gZYMbvkwdJ(>-@3>2FGS=F(CR)Woo=jf;PJC5AhhJNJO zLOah1sI^m?{T+1Id5TJ9JyV8zT<8J0^ITwxEDImhjrV+(lf*assB^MpXCvRd+(>UMEXZs{7Lq6#t+?_+pLOOTzgB0>>LJDkM2Ob zQp2;9S{Hjd{nmuhN$uX;fM+l!!$2R?p#0bTjs;rC0&(~(>qp;eskLJE>2>U*W--iV z2y65sJn?4%{8?NmXVH7lV~v&m%YVd$_lE(}{7txdN^MSz%f2v6q_ck&di&Q?8)7ZJwHh zWT=YAIHVuz){YJZ71jV9x}igMg$yc32W7_GqJw0b4u4R40%{CmB<-p~SD#pV- zO)`d@?_?rDKEV=#SLvg>Ukm#N_N?<`*KHPgHMeANrAOOG(grydW{0 zFBp0?K?{HcF0I)~?X@~<0mYW6ADl0FbQYq}Eib1X^#_6@j{89FE0^NKI-8W6JyMbu4k?3}H*9%tASux%h ztg;8#M!zkmHrDQYZSOtZc6_hj>VZr<`=cRy_tc1;9-gx$99#h*fS{j7sJUbzvd9YN zt)Q^U$|?_8_x?k6q`S`Awy9VA)ARP$$$mRS@Z=ITo`M9aYrPFJ2NJ+(uM7g|c0cv< zs>7BTTd}oC^!z?-HB*c)wy=`+POGo3vHO7f&w$c&a+n%F)cp*xUriS?Htgw(2{3D= zZr40xdySf9gR`JXk%i-emK}ph0hMskY}Mn|fwZ{w=Js{trku@vos-j|SA?3lg*XNq zDl2Utc1I$Y(aC3RY+=nN(an?4Rdq*YadCplUDtc(-QN>fE})m+xOe=%_K)x?C-q^&n*Kop}lT|x7RLuMWf-;ktrG99cU75!2h`ik2 zO`xFBwppB`>|@1C+LwkX%Od%e!q&@2tS`_5JE8*AGb#+tK6;yVD9O4V&2+LCsI`Y$ zvXmXDvL@_hjma?^#>u4h4@DZ=0lXQdW*-jUW`5Jvp!I0VW=H!N7iw!V-{o+WKgZcv zvB{-CJ42+rgZ@K?YS1wvrLGg8-#0s3(bK93}AjWN`_> z$<(hZ-eB$$bU?jTXBQ_CL3Wue8IFN696r=ER&Z_>esH@M#)}o5U~>42SCXx64UnOm zwMzTjEOm)x-}B=Xl&v_njV+b^y=pG|1K6BWBmCwKdpp%-;q3-HTu(qtZ5K7xfaZ&W zh9EQ<^wJoaM}pkU0$GXopYv*%ml0;3feyCHn54k+eW|awsng3@xH5u(1ZhdN zDcPd3j-i{ghR4wJ<;2teCW{SL+v8vM!H|8zBi9IZMT?>$3ncdy1%y2x<2A~*jH?*o z1REG9Z4EKWlzrM7YwPSW;D`$GJ}+I4AY_0o!k8#UIh9<6kiv7Xc2R&?A2pJ&pu4ek zRPzQeKjv;z%SXnXoL1P6fN)0y(V$P=S=Df}$ph z6*pK53TSa`!G@QotcT*&vBFC1__S4y6&;L28pGM<@&H))B^bFVmP+lhNA{zvEc-Ax zf=j%BahbYWh+k(klVV>)T?L=76r+m_R`7-tHQ-vpC<_t#rBr5O9%&DZpPQ_L43ttG z;Ne4%Y7xr_QV`n7xGG2o8BcU5f*`{~yoYuGpYdBf`YM*0j$yQ^J?4rl-`jT5=7`8X zH;x!dcUVcoJs5DiZGT6K;?eW=7K+2jJYH}EZcZ6V)C4PZ?d=H3TzI7Aby{29wz*19=*yABSNuRLWdo zkpWsvFoZ7SPh6${n%(X{LK}W?hDl5Xetze}p{80jn=FKv`x-5|qrjdzI&U>Z0-XQx z4V$4JT)7hG&-`5^r`3x5O{%K(d@!~1pLFt+qff;LFI)6hqbO(}yi zl*K5@ovfs;1CAMNht^%NY(v>OyRxx@W1`-U{MsIS;^_zMaGk*)8=m8eYh+mDoKqXx z%Ml`6?gx%^+iyMAVU;)$&c6CHJ9&25USlDQv496qxPmCUp`uo6Y;3Tn+PVLFzx~_q zzGA1Z%;NMbaajLUYal|8=%5woS%kAh3qJBC3B+2AsJVHta9i<=Kiv(i(&DClZ<=)3 zco`Xtdu><4ZadydCTMonUck}Y!}qZi$`%WX7D)z|HuG=<(0kDUVn_yPGb{RN^6TLQ z0nA7L!ti?a-d(oqo-X?rdpoTYKD>PSl)ZZ41`vKg_fW@03vS?M#2<2lduZYIo*l_` zQ69O=yH|Scn1RKU^R=*XOJ#7PcJP39C_Qiyn|+Kq7z-R`Em=xgWi{m5?^45=JaT+# zkrZvEuqfipWjaP!@)!?c0SC#T2!)mL(!iX9A5iuwiOXD@=l*Pb$fDKaOMIM7V(6E% z%g@H5EP^b{)FLOq^Ii?uAPPlWOWGcOxRXrF4cj=sU=z#8vXVx(a3|7p2u(TRpdt9? zn56lf%_{REL{XaB_MLY8!7lsC6V$CsEZMt1f6HD!J7BM}d5WVDOOAF{bS zoAVg>R%&fFw9`79!uI67)Z*jxg&sdJD#%YFCUvbe*(8D*Edc&9py(W6tDK{ZYq^L< z$ABLD=^i)NKlnmyndc$L%X}gZQ-ie0YTLcbe&=^SZ*{;4y!(fLV{ZaK`7<`f+rY{e zvVJYkQ;hnrt}?c9=ns$J5E15k5~E}sN6z6VcG&N9JjlAeZYTcW=hPvXv}^F+27PvX zi803qEwjSCsT#xh*qL1P758U&ZSyycMXJ-*Mr^$eLO+x>R-#RYri?2`Rpn~eff zNYh+X@E_uE_tMR9;3OARP`Me$@D6Kl3EAWKGry>BH-CeTFA%8O+~galbwYDm9dyk_ zeg_E_Q0+Dyf)}3adEHh=2CeV(K|B9YjeYC$1ib*QTE%(fhGX!DOAs(0ci!)Pfep9L zLx7Yq|6<7cq#zH0QVA197gDXNQX=IjNMDZP{NS%YXiq$hA-inS<}nP18241L+zKl9 zTWw>VJz+UPc)TmZjtM(3? zR~ca>Uw@&)@hYulbC>5=LAi>)q4IJouB-)4r_3tYVMbxl7&1y|$YO1`BxwypXi3*7 zX5Fo&o=8wDUHqAuD85c9D~e1(b#!dgeEb znOoENT%XC|Ar5i}?Nu-D>W~nVYyh*r5dN%dtg&M)K(-8x+n@Z=dAl+MjIlBvHPyJP z<4<%#U!^v?y5C*j$!m@`;T>Pc&=0pZc2M7TC(w*p_?kc-*IPaUgajoor|z)yY~9cT;tFK4KCMwYv~)rbFz zd5eCMCbPK!l#yDZ^DC#Bx9c)+>R$Aie$#PJ2mSC1ef&2!=O3AKx*zk;-EW5bVbDro z&~p9K&G@fizHO~X$r@XQ?xpCokF`K|0>4fI_v^!RYKt*-ivDFyE(^(-c{E z(@E1aN6e3Inn<7@rU+DvalaV))@lO*3iT^?fO!Y{q>V5RAtDkBF=SU_$Zjp4x9yQR z>%WntNIH5j`!jDFt+jxC3kV;j5sX|bgVeaKv^U<}VZnnTYv#H&4a?RLnlsFGE^=P8 z*Qr;IA3R=kJPL1mMoh1L-q`5Jde0%b!J9xp!CJd*FTp|I_)Y5Z4qvx-|7_MyU`Sno zhAHjs+}h^O`Y-fHa#wt&TFIh2a(*7eTF#K^_)K)rBi}#wB6nVfOgD_wIo*QPxGxP4wL_HCVR)n!WoS=s?EA zX?QzN2kqT-gbG=Ms?aluPOnSN*!cRq0r+8)1gbu7njyb>#9)BrQKI9g-F8wA%8xG}d;fDWuoD*{e% zBvkF)YYnX>w$DFo{c|If;z-z)3FZ_>jf=9ETx6P#LE12D{c9<-gM zS?ij*VZ+p-?F};i*oUHqzDa)_41buQ@v>F|#JlacKih1vfzx*C`$Kkqbi=M=)J{=P zj)I2JIEsCRogjP7EdudWr*-$CHk(3U9tKvM9jJvWgH~RjwCbv5D_9^CYAkHqQv?ib ztyo#-0qc15v-Z%TsC}t=!g^jECS!^~bDSR=WW5B*_)yRw;o1ZtVd;y|ui_<8g$`P0 z_cQj)p&I*j^z2I~2JHX&Pgm^%HO>X&8`K8WU|96ppuY_GO|si?E-sDuZ5}Ujn$i$6 z=(R}@H;}4U0H0NM?IV_;)b8Dyu**14-@TT!YXo(KN-NAqAfRdo1;a^;tYb?AU1W@U z2D1e2CK*>4o9i&Q;d#wG@t5cH*BfsxYF&3n?ny$($rHZLKXW27o^zq8#_ z+JgtX?O${@n{Q#%PMtq#FP$5~X~~|DahF`;3@+{6$1}5epXiouiQ+3cue4im*T=BS zw6Wv{B_?7+How+xQ{e+v(K>6NJA!i&C)4+DU@MJbyJG(?8f3^Q3gi4JD=8yTP%w9c z1W&fx*&Dm<2%kOn1oI=3vU9JD*c|)gAohkZ`gjR;LpfH~fzX#NAc#FR5TQ;Ifqg0V z<8tC}ulCq9=o71RyX<1m9y|ANg?;4+``$p2b&v_S#emFXQ*<`eXqgq)?4Yd&?Xk!A z+SeZ@b8qN1JNr_<{rKV*^BsE{`gi94XYW0L?7Xf!&+|e@bT_)u-Do5N4Sy}tI%3Qf+rj%$@YsrQjE(g&0{1QimJ`HPj$%cXo`GgTDPfGg<8pD8Rqoqjzy2&d zR{Sr&-hje(3a>zAn-KuT;5-epAB%@oi9lYw8}Tmqtq*+P2;Q!;oS!80&=mPB!EoU+T#ojb~TbDO<#cr)YI1J4pgD{x3b z36_<3EfUKn1#c{kVr1YIj!139hwMecd75*wl)k0-PyoL^K7)Jyo+}6tAAS*3T+SUFmmDWSXqJNU?c z`|9sKZZlm2_VXWnY$qERZ3uNK2Q#6wJ z5Miw`{3t&mUwWT9o_qkJ&nKK;>VEIPU2Dt23c7CS>u>S4i4M7 z2Hc~-2oDo9RE&5Db97P*EJ%Xs6hZ7C0XoEl{%KcrWJtSM227|Jibfk_bKcf>c^}NAEXf^)S>tcLEGAF5CA{j&0&BAt;sJyJEatDj1&voQ7DXu z2+WECtg%Xf=3+L~EDI@$Hbap#UnWLup|=?zT)+%>tL>}UZbyFYS=;;IybZw2Pgj-N zI$~|rp~(`yhoE~9?~BryMVmbZiC0(=wYvTH+LrpYX1xvg4{o&~ER3eGkV5s}+Yn}~ zeLPugS&*89LX!hy_U_x=Hg$iA9o_YeeR|`5D|sl)<^YibqdF>aJ-*=wheqtol@aS7 zgrV$$0oo316ftI{Sb~&jp^8Xg6VrI=&@b)mQi6+@O4}8Ij|*yaFl5hEKs|I3tq?@3 z`P6ue!g46^DFNBAII_T4e6G)i`%CTn=ZH(NxfB-z&)`OFpB){_f|%A@N$rDZ9C4s& zZ@2dTW;@Fv>mnKklbHQf)UCCBj~uo-v;v4xY4`5hVD}ThqX>b{XFvbE9Y!dzNPMN9 zG2%+#x3_-~!Z1}s5MbhaaKPP&%YexITHCgH1Hlb9;WrgS;uoI5x~tx%5`)$~G>u!M z1WZ}tpaDzL7nXLBZ|)HrKzpkVqWK={Z#P_G+Z!80_Tc(b+xzLm z_7CBaG7Z>vVI;X#La?qhoq}J=@sBFJ z@e+LNpVIg~qXH00Db_$C8$~gi*M-cd{Ay<<7)Gm}0C8TB3z5-I%`UEk(OGQ|63DWa z10w-Cfa@B&uaY3-8T$Vli?(~80;i5xM?dh{7)L`CF;a2HsGW8L@a<(@JXSae6Pk9_LSNq_Z_pRHtnIm{Fw2(R3TX6!vyfsgNTT*5R% zpchFS8-KkzU}qo#vI}dimUbS3xw^TIxPOZkw!NP9w`mjji1ql{XKe4mtu{H=%OL?b z35_#0I7JX`i2LfT8|~qzcUdj{DZt16?!B9BZ_PGblEv-wzxk3qe5jN4K7|J5sGVsX zwt)c&nx%;Z{DHa(Sc?U?K4AEn9|_`FSHQe9u?w_s!MxA#K1{!`_rwASLG8P}Hn}Tm zM-RPV&+a^8rCqrCz~w>-+HxTd@R>z44f{qROo`Jrg)kYssKb;5EqT{_4l{yJ>U9_d zj08!+-p5^ph+vnI1acWKTuqd0!NuNo0_JYC%~DhVMk^thi#aIcRg*QU*dH9MV$#}@ zPh=ISqJXUh4qtQYjF`P>=~6C=9&-e3ox(C{stkb}3?ji>6^z~;4{QeymfJe|UBp<3 zF;-n$YCEHCw%9UcZ=LG2vrW@BhN)i&OOXshhslvqJAQo3_93)-;E5+}>*0g8i}Tdv z0#_NAe2`V}Bg_u)^Up^d3~>196A(mjuJGiYE+ ziJ}7QinHObn%N)PdTbmf z$O8B|O~BY&<=afY@h0W#BOhAvC=H}T!yLFaS^qFT@2hs$15ZC|b-4D~O&e_uTApfhv1o!F|7N# ztZy)8!p$R^-yYFw~$W+Nlc7eRb4Ttd?f4POb^ zgTv}=P2shPa%funnJiJ)RLWXygH@HxSa(?zm(HxQd=8~u9qjU{uDMGnrZpQal|XN^ z)u9o6WE;Xk%1$6C58SA*TM#ENjIzjPf-%pZJ!jn=op!2k-kM>sC3VQb)p7T#({ESA(+3?ik)`g+2^co z-yx4R7GAT#w$-Msp83ma{x}S|1|e;wHgGv}$)T@^PceY(27fo{yY@22Q+{v^+S#CX zR&KF_&pk&wW450|@a+7IMQCSxU(n83gjv#htlQ4M1zgvl#a#&Azwbbe?W@v(l!N|n zh3vk^(0E44q6Pffz`PH|*bjv#btXX|8e$C=vR_O1mTL*~0OL^WQU0mVusNH*D&f|Qgax|F^qfr7OPqRPtT<)=<2{bN|x;kT&ak$A)`21fp z9?Zi)Z?C=iGvIn#5zOzW?APy|v1;IY3XM_G5fKj7S=M`R_lR9=7_~txnV5v7{$=T3 z0sVz+zIuVbg>OnEaMOGGAMyE9R?Q!03bcibVNOD3uiR$J6t+p>>V1Bq-MZR~?6tG& zY+o5}B!RD;hhhYq57`WgEk*3vTdPr#xp>AJTiWb+_nbB0?I0dshcZg79r)BH;F@$O z6WxEXhPkh`>~^e-emiXUaqjc^>%mPZ{ToB@k>*^nVP`P!)o9b_^X(&FM)|%Jw)=DW znu(*>$h^l;#E|lpEO6K0*0Y4Quek{3nSGi4S^OH0_a)&5%(hZo7nPzl8lnY5%)=Y+ z^xKiGCAR-j=3!UNYM6&<=#Zs(h)-Y*X6Lz`{B^WfYC8%Xu z?&!+HTTmYw_fwm|6V$h6n;rfP^&OqRroLw8LG>-dxSNl(S!Y|J{oowd6D24leC9dZ zd34qe`@FA%Nxi}9s}TU5KMgI&y!R|x6Kxltcx9kkq3M3sX3p_YF~>Q%qs{F5XLsAS z&~|(7i=VM0xI6BG8MJ^kO%Zsoz8VJasSDP82A4oEU3;JhGvFb)rYk~|x)|EHi2a}l z#Yi!ZW4K;w`?%fe%j<3Wfjux`Q83-p3NtH>BA$dfzzyY>uG?gFHILY_x;-|t8NLNt z9YtDyQJraKIdhCy%jtd_MCoS^dQ>N6O@;3doL?)}Ra-rtFe13l?Z6_o97VG`oT}>v zC%>SBb?9&m{h;+O7!JIcC{6x7JcDcA2XC^Naime&o0!^c4XtLoigD5V(hIir;RSmD zyt^TK6GTz4UCx`!Bim3U`yT*6rB%D1y_+eX_?JFBr`Sx4Rj`=Qh7SYNgc zmxZ6Tjhmq4KTtlOxXbO))cEe0iQ`R%(Q1jVW3ymtfxLHGFRDTb&*{xhL)fz zW)=2;I3RMb7Ppqm?e^LmHHM*_?R(-`t3R+{#~>Y(Yu8%==aw35BN~3vWR0grtdZEr zBWU$=$N*tTAO*vQbuJ~+DwJ$@ZLi?0w${cfa1+YfU1Tg$oOhxq)jjUT;jDh71;NGRABe6S#R5)ebK&fXxcpkjs#W_3?57U8*L9k{;M*1!uZFB`Xdls;XKD76u^#q|_dD@Ag0aSdWA-S@AKC4F#8;&4Fy#uM z>1=wy&R-d_5Sj*CCk za&1m-|Div#jCmRte(IZIzt?P7Z})CR5R5mdA^2{U;;Cv3bs(^-uZh*(nB} zrgyl~j&82CW82esb--gyM>_^v14i@%tjPjCY!)MvM0@}tSDAhAcA*_148ftNp0~Ao z2=mdYc-@@eQAiJQ7E8_I(vp3pp>vkAqcnghLp%ax1f^24GkC~y9|;fH&(BPNv)g^{ zHR<#VA#gZUjpvs2_Q1hf`hoYRI5a(c-zWwyZmn6q*>(Wy6YVJ4_2MOnJsq!&@LveA zeeZUA_`ai7292voX8W3cu$vUYTOTDT~(7K4jmy zu-Z?|9n;uq||BU9Em7J`Sg%}Up!sJOIVA=E=Z=&;Lg0)wLlL;5P9vDet(-lU;VKrBlzO`gA}zl z?c8MB_v3j14@or`cq&=vbGjYkp2q#2Xz#x~^iI7ErD#SM9qP4}GiWYjO?f4JQ!ic!fcK*RL zcI^2YI{?EqidJm_8c7C1Of6i(66%bNb$x7o_;@cW+yrwQb4&?EV8k))0br9{6DQ`K z+5~R#fz?E6HXRuun?uY&))=ATB@J zaKJ*3Z?%^{_mn+QCjk*c0Tx>0>u-V!=d6FrVJxvqZ4jmlN|9)vr*UakXnQ`j4Oe++ z&RlG=q1G!PQ8YZuD|h_~9u$IpN?TC5%4(*@DZ&ZL*C#xXC^|eaTMr&SF^sRKYCSfP1pfe1Um; z>=b47+xfGX?9c!0`+k5*!Y~jrPI<#M*h;ONzVqR(jYTfu^j$VK8mlbxurM97{*O;u zd3Lw;0B4(z9JJp$h#-S9k{qt$Y=VpJm+buyGIpkQEC?>GIc4KRE&zO~`~be;YX*l) z*0TC3OFNBkMz-qcvV|9kU(=JYAH1>IhK_ErufAAsFV_}Z4CYN=$FMcMcNWdcE^DaV zZ)2EBV4np+MEP_e;C%v5gPg!y}+{G|r-H=d82gg1z(gpJC~xAd%%ZnZWvof1GW(g85SE`l)GQ z_;dJ$?|`X~jHZeC5b-2UVN|?<9ehK>aER5i;Xj$g6)7$|BhxU65KIHxf$%$rlNei- zAJn7TRiHP3yRO{#WslS%5qfeFsI{md;9JP$)`?fvbSAsP_0EOgt4A2-Mu{&_@K0kBtXp|D4BXGv9k4IG@;vQC0|pl}MeG%6 z)?b3asGC2(5rN_)f?V7x{QRu_dDpu(*iOs}TrpKVxWiul(v$YsA*z}YmuwyYR}?XrKnfBf8~`Qt0#~7E z%<+*%O$B&)h5)MXzk1pxp4el1|KPKBWKX#rV%&?sZG{LK!>KW>n=aYUSW^S7C+I&G zl(-fQ6Z24(nZahoO>2NE0~qBCAQbqQ=be7!FW^E@8^P?oxO^L1$$H%8U>^k`Gld%p z$vF$8AqQcf!kr-#Yef*n!U3*5<`!@|9Ad#5-GU|+@d!O0fD{cN#t?d=pTge8ibVKb zxxU_x{rZdcC_#H;a@d=wvvS;(g|VzFLHQ#b0r(gPrv;S$E-oK_?N{K| z6nlEg=_U19dl?^|>5-sbR<|AxMt~iTb4Z@Fk-oIO`|T2&esZtv`JE@wT&=K&5E%IZ zoAyV6m+)+>ef0iC`-|=g8}DJ>IJ~Xja=*R&%47Da`_@}63K=C3@1mTvhewG$+H?Mb zee$80pCQ45P-TeeyKGGevpZ#r- zO+K;L_WsV3tBgyFefVC3{To!LXK-mXFXk2tMl0fur!$wq_eD+}NnCPFBgM_mK!-uQ z#-Y)ct-3pg6c>;J69u@Bu0%s}|6^G0zJSsULBC?Mq!n$e@j$Q{DOj}bv&`SO-?R5G z^xFHQSV}HRL!CxqZJNefd}6HHPMw^w;)gh>J^6xdt17Y=pm9P|-DW+f?1vv*vCFtL znq(fbg=o7^Z?cw_tgU~r-ky9`^B1z0>C-fVfHABi<2`2G+tynb_%WcOf-Z_a_V{XI z9MMJx@0<4CcQSAS8o`k{Vsoscozqr)ly-g^25PRI;i)cf=W8Eaw#Gi%Hwc5aV7+as zf51NXj~=nZy9L*H3ZTnk;AipRQ2)ETabq-WS=PgQ?_9M1yOV<_#7$DdaoXwU72sKI zq-)DAt;hU%hIs@&B@A91!=X!mv7PS!v_1adR(s`-KZWZc_ND9L6UB`d4z2J14Y(a; zgOf0T#jJ-sx{WIs4}-~&#f{7maQ)V|3T^r+0;zxLDSPzka(ft;wQ}REb5#LKJ&FaW z{>{<9arWdi+C~Z@?(QY&pWqO5e9a|%Bl=nHTZNNEdjuE1HFr#2K!0D8ZRtlqzc6lC z{4dNPtZmHNPhdh$Jhs#R3H0@+Yf9`H7`-9jQ|`mMPM-rl-?g8^*b;nB!+?usH`rD* z$G`ATLU0b~~d#jg|d7ZxgqnbHXP3cvr-{Z$DsP_)0Dx zXDrW4AB z$AGi{>dW`rj_P8Yf@lfgY~I>GQGKWFg9a=jaGyGlu*T1p!b^hb+&pJFGmC~=7-vmS zjE}pc*FoVZoDmNj>Q9MMqTqq-!@@|;>hoiRl3Fa31NLNvb=+9w0@uRc$ zU0mCq7>!vsLQ%*lW|NQT1@?#d01wmxacDlaMzar$ZPPs<11)*!BSAK z3eKldJAi3_F9_FfwV(Iwr74(KBSUp|;zZ2WK-V98{vLY<0TFT|i{e!!-F2GSQOtV} zj7MCD$t#0JuI4*=^7?$RJrQQ7x=-7;5Slb7pAaBtx(qI)(#dMuvU`Ue*nk@+5U-9X z1*I_15Y(Rj$rbz2UwmXII&j5CJ&OpwqbYE~?nCy)uRdfC)>m0IG_aHaRzRu0Ds}dX z$dVtvK>P8N%zJ~KZonNodtX8fak?konl5T)U&_q`?){B~ATuH~yx~ z7M|OSCHt?zFxB~vGf4^OurTi9ULUd_eY+9i2<|Z%lQ67XOzuSlC(Ey^?c8h6e(`y4=N=SPtHHaWG|b%WW|TO7-=2Id#(8kqKKSk#`(9f= zo)d5dSy2ki%gO~S3oOyy%^GgFCMOH66icdUTxL#S`8|ef$^?8d4t03IfS6CMu^yDE ze*B$~J^k#1_QzlNjP2Nf5;pPa%h$levuXR;tF87|U%zB$;BSqLSmrgl|?8AqY{1=bPP(EDbAO1+#ag_ z476by%iRR-`{Y_U0&g&ZrQbB;(Q*YVnyuUHsRLE^`6mw9!&nr4CIxR3rA3g8O}8Ak z-jhGF280oB;4xw;^xu-U&Co{^bN5*Fp^f&+{r3Zb2#nyftVO{oiZ`Qo zzW=WMRm*EO+>3I13T3WhJPYl`qH;6w<4|s@J+#;U@bD4VhTJ|A*Sr9!;9|eM^}`SB z>uv8KT#H!@<+AR^G8-GIwP#=4X@AVQ<1-uaqJiRD2~6+g?1X*vy)OIa_dc*wC~{7$ zsYM{jTEi1Uecj`B@R>&ut~J`^mDg;bqYt4R{1?V8aC@(H3QV$mv_}1lek{8rNbxJb zm<708PPZs2*&LmLOWfjv%_TXG@?|3ew0qOm$vL^M5QRRJt>k)Ih(Y^`ThdUM6o>tM zA(~3%s&Fo0XjSc)p1ZfhkqSyC;P@;ALND~p6rM*?cp19yAO0uyX^fbjMyaG&o@xZj zsa~5Izi6+%e%88LQRWt-ehmuU2v8E^%UU}2T^3JgI+3u7n(-7yKoIV4nn4j?|fqKeCv{(MzGq( zfp`G{v=B)~e6=j`vr$BlvXNW!&mgGAQwj!Xwg8UuQPtS!+yIX*gmqwq{Yy$s^LUFI z9YH}^g0qKFK4?2`&3|{+M%zZ%M^Sz%muD>mnQ7cgQhw)!xJ|Qxl>Nqi_9%4g&N5hKr6e-}BAsUn8Vr<^nG=9K5Gwjiktu-GrDc(O;vmXw%Hj&v zAmc+t2*%f}+XWA-8YM>7^w6-SaGjaKtAmUc0;50a0WUsO)3TGjrnV$rUJ4ofqfrr#~Kn@r~3}n#X9!M5Qf-$zNi=lSA|*nlzZ}t)Wg9 zq%>TdD1;yrQKl=8$b!2DKY((VYq*VtA# zd!;P)d4M;G>1}8l={wTsc}#E>^mwMf$@=jn`W>tQ(o-5w7$G4{+CRjHegWe-H*S+? zB3W}U1XzK+Q3P_ta%~dx+js*1v8PUA4S`@}Y_s*^i&R31*{&fpU^;9HB4ZKcIDrXj zdq>QAalH^mvwR(r^n<%&wiQNn_j_~J*oIJQ7J$cW+ZlD9-v?6Rg7+Q*?KTB<|i2$psk``~9iR>8rr9Rgu6 zT>=AyF=xu;7kLg#jpJ{fwK6vO?rt+C#>Lv5XiH!UORv41iqTr z5g3q0;Id8rl(kGFg=n;LU|5stww}&z8^F?F0cPwRS_kl?Xg5r0kcr?|@TI#tlz|{g z;fh6bAdr-GhXhMvK*-;Em=!fP&}Tn?2TPYewA3)GU&E;_$%dAJaLZ2g*kvsHP!e^5 zb*gpHdJr0X3#*d_#%G#w&rFL5nX?Ks7CIofCS{V_a@w+Em_Q>$nj2xgv&I)-SoNK) zvJ@ro|=SQC6xdfLb#|LeKLv{gL>unIVuV;F#jhJ>NNlg1;cBZ5K5dJN8 z{_==54`yuyONcmlC&VNRF0Ntb&}M;?&xXUOwiX=%NrlizLZUPqpVoeqLq`%OS`4eR zu^ly7o$dF)mC0C-Wv9DH%g*Pp&Y@TZ=B{O5d7@uA0M@tVc!%enR@9mR0a%P>_I@K8cnQc(4^b1yPYfu^{Lp z{_mONG*%$7-aZ)C8T;G9cH$fK*#J!T=0Ob77gJD|% zBUwImW0=;vi#X~n$l%s;77NQOZNzlKdK7_+0_-kuu)28WEbF!xZ4lhzLFY~)Se3iK zwZxDqiLh%Wy6n;wOvX8c7eKJ2(P|tUxMJ_WJ%ZLh_-q13I=CW%rkVn3N;@?+Fle8= zHG!*3;*?APYaFf?A<(3Gml*4^?#qkz)4#*zW)tHAv#*5pAC=`FexMWcz1DCAm#5ja z_)ligfrU(N|8qET$|ZoFJi5@YV7KGT3YRqNwZ_K!C+&MMyvyeLacPUy6>bR@-MUvW z#@@$#1{9XyOz_Bug(qTF?hj%J<=_1w1U5e3TcCi4A>7=(Er1=u+H!sd0{UX3h0zWl zK&VlH`Mb>fCwkD&BO5KHE7)?nrw1o3g2qt3#?8gmBd+WVf>uSRt4a^T& z2gtHc`8!Sy+Jz37-E-`P%#SV?urW4rk(pWKK!JvDG1^Pz^j9cV)=Vp2jz@^Q0B)ZJ zR;Pwy#7ThB27^n4Xci*Ztz52Ihbxw};={ZdzT&RM2Aiyt_5aPWarVIl_I+^8=z_ib z8k&-^DYVj4Hoiyz*Os#omlTIa^q8lkUmU_``dX~zeB6FgGh?lrQNRKJBLii&7{3fL z|JbXVnkI0^0izBkc9y*+HaTDyPh7J3LEsBUpVpM8CoWtVg@pcQ+?iaSu*<_ZUPUuB zgcWBN2K>wf0m;cXw_?6|*97%^L(Dbfdl>CK;uO(09jXP3RU0?jmiu6M zp>%X$H*Ts}Pvw*J9CG4wz1G{5u-9Jgv*KCcy=TGNiKpjEM=Ja-DhLiJ2vS8~PePlvX6(JvA#1M! zN3jkvIpQY58Vkd?>%H7&XB*Hu?w5s+)&t|sJZL@1XZjqPgI#COS^-u|1p{TasS>6Q zV;Y_xWp5v_vt3vefhQG{DTKAy42PPA51GG#HXCLBYRiN5H8+6OpXLv`Jvp!r1s3Ly z_zh!N?`v_*kB?f*C-2*2AxaJdtnFb0TS8gO$g`Ek+DUBog83<2GJ$^!aD$X@r-Td< z+L;+0Xc{+tv3R#z!@Otch9TnKd(iXudJvAZ|SfHyAZa1r9j-cQ#+NAAdiA%kn{6>_U@%p0hZE5{Gv&bos2ETI@q` zPTWSUHM9&IKT~wH5ZXBe4rv^+E)H)q%&+%OxP)|yLA(gv-*G7poz;!YssU@I{%%>` zE8z-jil?`{fRLab;j1k1Lpnpi*_6exENw=SWfVq~_IGhlGg&-=@cxZu@5iKEr}rZ3 z_!b)*vW`=yVeI!K_ zUX)MgQ+MY|ufoCy2)!nU;f0**#}z6JbnV4a1XmfXVn32)9@G*_AP@zM)?o*J>1*2VEKQJ!0L~elc#} z{dSjSNBWoMA?8fO zxAWv{TqR$=2)P!8y7B$C`RqmTP`ULmXHm||3ox6R0W}Ii6x@;Mq_yI;rkj0wPJ}Et zG%+_}(_O80`7HDxcxmf8VsoJoTm+vejZ(v<OVQ45a9DxplW7*r;u}6C$!VWVd708Jjx){ zMc0q@%%+3FbaEccj)AOQKA*847f-nd4fj@1h^Hd(?deb8X`mcFf)FZ!AkT&O?6dMV zl7xXS+G)D4fjGSr_SeG*OUAK0Ye{0ARRlbMYnl5j@K?zGhwUu;5yHNYP7k&H-B4^3V`Y&Jdp9vi0J{DUNbw z1S{&X!G8Pr&7WFJ`69epXfy<6WoxP#?_$;n%7(s|jlY&2FsY9&o^t62-+~|hM1Pj}Aj%3uT(5P`6%R0wT}FrV2Cd`FF+1I7mpT#Tq1dCdmf{A7QV9OpH`-gS z*pGh_vnzGwwjQ`G;M}!{moYT6a0}T(Y$z0X6U+&`JSlaKj{x%@ov=yxSTzWI3lM}z zKpRGhB)vFh9q@S1buVCHhZP=e^{_mQaSHfUe5M85@K5zzv@;)#*w+UO!O`Nar>q$v zGICPzf;y;C^#N7^j1z4_DQ^s`zq2qi%djTTbe^~NGhOgHaBG>ZW-P!bq!UgOpDBZ& zdTtzg6}B#uJkB8qdkFDxq}9vJj>YPuVx4d}JP zYP=Lk_ynCaFlzmYX8QzF&3e{xRT(po#IS<%*aAGU<`Wm~>`D0ED8?*C6kCj#cC4}P z_ECHNZ$GhELyxugah5_EG^_aP@F=3-gx8#AJk9>fyae;-IX(Za{sb!{ zUmK~}$0YBV7$#K2>GKwcR_b7GLeS3QduPN~MW#}+21PLFl~ZkaOaa%=LGP~8m0LAo z)%PeZ2$ZkA0SgY|=HRy+?>B6?r038cDh4su!>B{*Hap1X zJ6VO6{8oq)CcUTyHzW8wt*B?f05CLQQUoc;fEXiaWS3x;Uw~g$*&xb?dK{Nk(hMm8 zki(j4>{q@_Cf!JPU*U3XnNnCl~kQ$S#l5TKJ(w;1B2qV5Rmk_~g}iX~y{ zM~LU7vJ%zRFh8Y5!4Dod!;136ly=0aMardm^fmXBbUaWMFqEbF5Mm{>3@__ylfsAk^@V3cwKr4*>?F$rvzxFhW8iMmZ=) za3dJS?I63P#}pEQQ@mC&o7i~qne9P*@yYA4n^-()q{;KMEdJsJtJsFt3Y%Y|kAU;B z5-de1696v?NkGYAWFs+l=*wIOE)Wv9wnB?jM1(e_P|=i?ZYA~^ptXP|Kx!UpNA1$b zCr1kj@YN47$EEcYC#WY>QJIj0Olb973y#fBK35YEWhvQ=V@ew#rcN;u^$`6^L9}25 z3JHlO41&C*pX6o9Ml2+a3fh3GBMOr~4U$#R^E7d%q7dlvO&uu^Vn;(o*oI9+O!hPa zfaGkq!%AVrcF#8->u2sU|HZekTveqd5TSj(na~f{jukA!2-3V)mhuGxXbSf?Sv2I! zVV2;1l8vmJP7~J$t2#Qzrp1QN0iXh*8a+1LW8?M)mnxGGGdf7r4l*AgbhMtbe4=bF zP5>gT(D6$y)3R*BiwGWN*Hl;xLxgo0M-YK(4b~wDsbCV7;%*>IyJv|LmC)u}rdT|H z{tV*+Tqanva_m|54x`UCr)zj@MH2U&0R zhru1d8O%`CUsQe%zjZle>kZ$T6A=mkLzY8M1VXWR?KWT$2IS~jPg7F$0Dyv4 zDflx5<2DpU?E}~gG4`_hiol#wEQlx@vV3lH!XO`qeOxf5u=-h?ZUW}O07b;oDG_18 zyucvHqG7wsFkEejkNi2}2rPYu7owaqls2`1@sV3UL zfRGn$Gc>QVteF&y`s7SM-&t2B_k!n$9mN`gbB*%31mtLhL2yPeNiVJCSw`@JnL6+{ zTf6~g9RwDP3;xgs@PstaU~uU`Qb_;gO3*(JGZ(lmq z?;CCu0!Mfw$p$N{&j>CzMc(>)mz@E)T#U_y{jo;yTf6#Q6> zE5t%vszo-V{Rcjq?*Z@QHjQH^V~-0Pg1O5he}b57vdS!S{E6Rs7|kh2kqQ=_*(rErA!`qoyALT>6ruH3Ube>%Ac;%|FhForn&fp-UC<=(2xBCdu(Ebi zE4(HA(LqDy=q@)}O7HK2h6cZ=SM-M5Udp6i-Sf-y(-!s;S$8bY?}riEnZ;c|cCpNM zK7nQ7fANBChOrj=?ssuF)oE{yVZp$DsBY!Q$^~A^hi~#oe5>t$@reD=fB%f_DjBqy zAN&;-!_D@M%fxP+qEFB{`Fyz+-TqA(8Rsbdk(H$I2TGW<1<@}S=o;sgtOFR0khH>i zBo?*zld01|TSVrHJv%8$cc-RW6wJ_^J&pno0*ka^|*FMj3WMeBg^(mG&xue+78Ziq|Pc6`n6& zpQ>~9i;ms0od`T(pbDpcAy;V;XV?+)1rJdAO&4 zz-JN$Vo~i*Tfgs^9r@Hc`_o6TglX!qe-52|ju=<-xO$6|PJ7|bqsQ#A-+aXmRmbeX zq1Wsr+WP+-_#8ocBKOvJiZ>h&+}3)(v;HYwifG`g{bycjoaQ~sUV5kV7o3fhHwUNJ zbd>oLodBKYXEMR32AjL$SQWr@yNcg$cmD1$AN2{J0{-A$;YaYU=x81kNEilS2#$p- zrG4tI*8Hr!%OT9Of+kn zabv!nX?-0W2K1fqsBj@I^|cq!FZsAb*S1|a3miz90Un`>YdRQ|;q%Nn({YjZS?~@2 ze+ic=3-FaZtK{L>@f@!lZg28_sR7ITxx&0l_>|J#0{*;aif@?@0fO?)3!2bhZ7f?d$5n)p^&rDvyR%BXjlQ z7j0dd2hBh91k>#Ekah1p98*fRd2F^PpR2V$e!0MU&$Zjv|F08R8RB{#%M%wWUoDjJ z28nPLmTu#m`hY$8Tum-t8~IMInr~SVd=-4Ef9%n$ae=h@6#NZ(5%eerXHM4%PvpjD zsb9H#FvLR$A|rTa2t!v= z6lYKPO9+wDFqBhR_C&EjFTy2S7XCsK;k{d2WHv!#$kPaXGZ^P=K?tL#v2q-DhOt~^ z$(?H$dZlB4ex=_E{{ovbZEE#_LHbyt~AD2ez_0crjc2}(%mtldO#>soQQ@nT^<04AK|v{S zJ3oZ=@G!3733xzXq>z$!1!2m7k5o!qORMTQ+Y$L3evbrbg`^9G;e(2&0&FHxjLw9s z7{6_-33w#XRq+_%a)=`pC9YfPMtHJw@aIR?f@7FZc&q`<#e6XMSqVlE5mFm;9ib*r zDvrYMjuapuBoqRb0;lpug7B3XREY_2kc7tYouY+x7)Mnz`w}+O7y2EMgRq@j{gO3u93f2k$HpGw30RP0(n#1`3sM04CQCwT>M`Q z9Eu9I!PnhFx=A3v)8nS5aQ&J=1`w{srDf4Q2(-aJh46^Nt+qJA`o&8TrlnR`N31yL zWQq?iCN;N2au0%=dxy(CQ7kNdw82T~y0m(yt*P08tYHA*B?=Po&ag}&+#bT|D)@g0 z)B~?u6p$-?Nk}Y!*Top=pDyh#+Fx{e+$~>10X;AG*8$%`Z?$&xH^}EaD$1XsZqd_! z@`sCSSskXu2xU_* zsf1yPHA5P~lbBwrUwFi?+!rmt{4+;x8aUFpW?+6o7}YckyG02KWQ{b6*`n&k$E}z< ziX|1%YUjTXxK@i#Os+2d$W4S7>GPLsh$dI{@ei>MUr39apCnrS2`p7mhO$@;1cKH? zL=G=?h+;A5AXKDh07Dw>AZe*$?+yU)L4zU0crNy8qYuVYeT%_t%!07RxDQKX1m>*w zlg(;YrpYikvtcxE&{UM2%K{s!4rFs^mCLLX6vX01qjHYmdL2Xd;oG<^gh056cHA(B zHID3#_?U=UN!mEmC&a_}K&Xm|?}$mlB&vzi-^2jK0PrFUxe$j-O7*mHgiKlL%T6GGLLi~I zHX@^Ztm&VRfhIwd!^Z`QEMNsmi~~z?v|saSb@!xBfH7-~A>Ocg%(BE~RVof5MPoIM z#=W-{1T6uQ1Vdp2dKAQO2rU*~DT*B8*~krD0*3n{)%;EA&!UGB2G?-#8vAnP!Tj~T|ztpTXV9^!i`%YWke7JE7)m98c3L4y6Lu%H;B;> z`^=L}N0~sz4QmpZ-6@zl8f$Iz(j?Y=g=kk&hXMo?()3AeA=X*#4y(gg^;1t1Q)>sp zP!1AF*0O|GYifwoQ!!x$69e`>CfQAGSZv604rWn?b}rD)1>#L)!5dMu0W~fuEQv&{ z6_*2B^j#Z{1S?rSGSAgqX{Liq@Wg+f1&CE|1V_Lwmjt$gf#Qlvg2ryM4I4Mu9?ba< z>{(~KW-r@J7Zy2K)tu@ngrE?tiW`z&SNzoc@)6qcul~SG)*miC)fFUE?cP4LDHK>a zBdZ~_U(*PR;#f+G`4VN_g|QVDuGBh|&{cDwx~28AfQ5`;LpaslaMC0Z0%7n~8tsuJ zf;eeX6aq(unA#Jx3jz_i27kyBKrUAu$FfE>7GX5i-7KBo5n`N_RtmmJ!yzS%7E&s~ zW{mZU@I(gu8<`=ln_@@+oEe^{7DS*Sv&8k4@RIM;V(!D(a?2$&+7iHb0w1|@Cl?}+ zZ-n{N9w9N1fYk+yz?a;RE)s8G7F_D<5BSsNb4NN6BS}={wcd;P6f=(MQ-XEAIE|YP z@JmQ1Cyg)bU2P1Z;V--{mm`9!Vh&WYjMRZMg0agutWoXx7BL zal;@hxfDV|F&UJCv6Zkq!5%u#x)sWbDt-&NMTZI@UI~jdp7Q-Jf*?)(Y6FOY&(%wL zRex~jTMmBnprq$&zwn1*Rwb~Ei?ep;AQasl4pwIo9q^P&WjV<41>m7ne$y{MSTjkq z1^sb9Fw9PIU}HVYV$Jab6?sKfr{&wIx4}i7^gFI~ zD~6(Qt{2K%l@ESW45)m5!Jn8>rEAw&<>u|Uio~rCT2v40uCxa$vHt7rx04fbyNKXP z1{q!!qyV@vw5fyfMt3)&b+H zxGlopI7I+Yqcw+5`fJ8f>3u#Zm-JyYGF@T8_e539K7EJzgkA)fIxr{D@Dr2J6?(iL zid288OR$(_pU~c>wItWj3s~kR(G*NoZLpgCCHDAp1q8�vG%g*FezM^&9JKPx&zP z|Cs%}dBQH>Mgs+G#)olXzlfuuCR~5>abbMKoXfRIEx!9J2dB^!3-p18Fz(C7@$L%_ zayq=wN5(Ou@#6nA^Sv~GtOxcVG2(rlUQ;i7AbUVc+Kb>yhk;x`m<3)OXXw*I~%n3RRKbqGsX z;4>lkB>#p@8;M6WU=a?j?>0}mn-^Kg-7VhGz82uY)!>@>V-8pE-_`k9-oFI>Tk!s0 zeXpgPVjoV-!2o0phsDfdTvo=w0@Pcd+=fz#FCll3ZKPC{QVqV#yhHOdj#I=*J2^6OUT;;<`rIQZoU?XK^)UmtXY)=O?bb1P7A z%MyOd&pYcbIGe77m+riocUqtJBQaQX{$89BUC(@KpUdOP92_Q~gBE~8?VS-^B|F@M zEht>dxteZ&-mitTrF{8)Mf1K4K6UOCeELJq&Z3n|P>4)$c9RK6kdwcRY=Qht5O!zbr7=Pl%4 zF1xP)XFfi;{lVc&d=!C$fNv>1`yTt3;9)sqGhedK!-~}-t4&!ui58G$P5}SQdh7tb zQahl3+oM^DcXhl=^f|DqaJxL!5s)uf0kZ<~kch zrRYe3itjUz#hF|TsvQwLI|zSM4e-SY4f;`v*)ShbX4OaMAvOxd*U>mK#|tR##!%pu z^#{icJ))oLtF-mFYaVoXRVz4K&0?iJGf8_KmxR97hqYn0&c?3X7_;qTh^BfVBr51<4 zBjdI>34_YpkK#C7InDh74Di$%cv)KS686!?#i?N|V2A8&;arPQd+6aT4;T+=! zS;kg-2!q0addu~PD-U=6FnF}|RejYD@(E>-*A?m6qoW7~OV+Qq>K$8cGcnZm*Alkm zAXcE=X9*$EWbZYH?A(Y#u#gYDuk*1h0;&lrlkzCt+oBfaY6L~F2hk4FSAV9+d(ky&j@fhH}XdO6g zB3PQlg3j>)=c5RgLoiIhgVe)##>69oZ?3bUfI^-;+zlnl>~Xom(Oin$)w-w72w_OF zDB@~;r-7YWczzjQKde72exxv~^`|~B^_ww~)v@!!uzt*7xuj4Y*-7?8@LdEY-3SWH zT1Og@9QZlB$ig*&`@cDOJPYHr9qa4}uI@wdqrJUyo5{M26cf`58Gt-sgjic~6qpxq zUl)<*9C+GNSZ1hws)58{Ir=ovIe7+AKY@Wo;(ev)mttgrQs}p6Shb4v<4TY4p|I>y zNC|rE?a3g#T}05j$h>LI1Z@*AFa~&C3e#38>k6Mm8P~FM?GenO;K%VM9s^jb(=)6R zKjV-Qg2Qo;lnb)LcWOWLN*QT*nTzoLj+Dj8Omj0QV&DQk5o# zZMGOoEChpDU?L==69>Rxc6<$ZQ~ATCr^_#$j)H&mi?L4--UVj@7>zI|Si&)#j1?Ae z2oj@=dk{lwc?mcF9>59nkxM3WBLe^=@S2bYhiOT#c;)t`EI2SqoZzId$1fcq;(6Fc~2Vzy=g#&byr%h1x z<_dJ=sxq(ntt85)thsxxp=!3Spf1&^yuq_z39?C(M@%Sf4bnML0=9P_DoNdgE<`AFE~Z#0g|>-oJ1%GOAH;t*w0;1Slej`S-)QH=i!#+DjRfLVJQ9sJ$9%mG9%Grscti@BZG$LSvx1HD2n3 z%F{##z1CRfzIi$)22_q}bGTEjTxvhCK-YbKeQbT41A>m^z$3`s*S_`zHX^A+;mWcw zv)k@_=7{|_|MXdV^nSDxCa1B&VIzeImP=1DZBnr@o9}D1caLAPfA!i$cP-=09L7Y# zG<6~E8sNE3sy;P_wF1jR4Ww<_@OiH_;|)^7b&<|5-Sgjru~0f^iU5~kHt~v0_t=I* z2kenY9<=}R$^BLz!IjFn@7o(6owtAa4sPOlL`?dKTrEpQQLJDuAT%^L4yayhP-njG zT>Z?2Gu>HFVruBhubYU^d2Xh1=|rHD!0T`rS9)5m=YlOwtp}oJP9zLczhqvXW`ow| zt+|tHITxfe?%pQhQDx*4z=m=uD{EF|`#RKjVKx<^^~*PXc%qG(r@U8rDoaGPf;9$h z)!_wdiZ%xI<=3*{PXb}p>9~^e0=yBd-2l(g0ttAu7?#>YdDQ7+OCFWy>(%S0Eoz#| zcKD`AT!MY?i?=nGM$Ohc^@C<>XqD5~k=}V)o`{mu_~gp-`4tZ1BiKvPHlI}*j+z1}XPuV`iN}o>`0|)k@!QmETr;pgteKocg!Fmx)e{E;7@RfFM!7SQ| z1Ly4TKE7iA%lA60t(#!dFaWNfmuu?GcS3jSU*3e}uYS?*UgzI;`KvYZ4(h#OY;KYF zn)J&D?-px*wWi+g^K0r=rkk|$hP2mLvO-?vxi!ube3B6OjApjkp_dNW*Z$jw?eH!< z9^m4#kn;+>9^f;eV+wE)9R@yM|DehK*Y9^&SDzFoK(Z^;e|-~g_4{UhT&W+o)4!GS z-Krh8dcR^jZ_)o1^DL`qwRYZ3KA|0&vvjRCPS>Z)XSi9NE46dA@|TylQoj8A{QZV{ zZ!xC%e0O`l)B0{muZsU3+xW|_&&#_>dsnP4Ke#u^mrru5^7HBL_O9}821mDgpRf0Z ze%?mkly{|koGQH7>;l^Q*=_d3D?9BE|7?fNoo%&u|A#lRSe>-CHMp$GH~c1b-B5nM z!Mfih-|}So?&YkS9{LVC1Af1Mbk0ahP`w&5SStK(^DPzNUvAn*rC7DyD~$gw(tCx= z{^a{e6}Pqw^&NCWgC70Vh zojLrqnDOF$`A32q%|Y&5?ybxJ4h}0$&nvGhTIgItS9| zul75GJb%8-jgiiUev!s`WV+LS@g@|*Ugu2jrP{?~?<+L3_zq%K`tMx*YJ=M8jnSR5 zbl&#!8ubJUKjej`Q3>8$Z?XEQ`5~>&g!vB9UkVJKJ70h{>9yJ-_gV-${QRgoG@kxZ zwZXYwJyQ;ywcQ$$dZm!}#LL;UZ`l5%r1$V)cf9GewTMfpO&QdRDgD6&h zJ9pTY!w2l;Cl1=zj@H9VyI|cXUbnybpxyrR!#UzEA%sA9u3-sy2Yks_N9A6=8lg*x z{1)8vznAW0bRHz_5`0M6MLarWs4IoNog$m5+*nSA)+yd=F-aXit};NqDl);#LGrnQ&L?&+0B<#A`x1wx^q za9{TzUFXf@$6s~PH*Yf)XbtF6nHmF)lVZJw#KYElknw|H%i)XPf?e@`bk{{b=Y26A z8c*d@`FWv@)`W&eRXR*lrt<@xzs~rJ_pCgEagwO7nm>&nA$f#S002M$NklTzw15eysqopqgP91ctJP(NzUO? z7Ddbd><>R@|LjkH_ur?*)eUX&2kMt5--Rnoum=s-KxvV}AoE4#lf>{jKne7ffsYmq zgDVEMkBSC_0=4+`TL2gct@!CzFghBf{NU!_FU%l|=krCas=OQ~p8JXulY1DnN?Fw>??Nu~vbqH|s++O#g`)a$3&7i;jFcBJ zQR#&cl@OZR?qk9N(1Oy!;TH8f5@%{!xyFYGT8N0Lsr%aNPsgl zw1-76D@*P5dP}xkU-fPI#cxM2UV^tv^W^j3)2I4_kMjclg`Yrh2 zQShDjo-?5=~AKMs48 zn?q{6aCp-QI5O9JwO!?SrOW!K@nl}K5$3xR)a_d~RS3>hm&(u^mBDYBRT2M2T061X z4q{?`h*lW{zBF#odXaUUgb)$#%Hx6-HiWFKKX5e|CeBbx--K&`is*7!p&bD{YYg)P z#GMi{)UPrErF5A9<*kR_*iWju#~KLoI+dra}V*jV>fMQp&p9))QL^cWSgb z=pXGCu{t+uHr!+vu5=NX0qq5}8zXLoC?NrDRWn49(HCi8sDl!uI9ZkJPtYbG0iLgR zUG3jBDOk%Awk5DGnI9RozNR*Nhj=qJ1nus*grENog5PE~W8EdKHC&&f@f3`n23yV1 zywNtk2SQ4fp0Df1HZ6Y=z%x%Am#G}}i=PtI(RaP4RPLHLzI(C3GyMq0Cn!;CR_?#N zJrEvOXIkq)_(m`UuGC$XD8GNxU%>}YeZA*?GxySZ(*y+T7wjV#R>>rFnAR8C<%Et( zK!Bybcw70a@`8)<>5t${1Lbb)c;VJo+#R;PuR&^R=8NWDL>hU3P2nP48Vi{;JB+Gr zDp$mmw?)0y#V?Z6vf!upFPJAiB@5*QWht9}JFKHA=md?I7SykT!nl|4gIo^RsZ{mc zVN+u!_#|Bj`1ii}TZ#lHDP>yy(6}g*U-ZYDmT#ZR%D>FtbMKat1ievz(`bWfFK|Jh z!-lseSN2kd-0$EPz>>ZTPIL%Vc>&XQS;K_cJuP{ zZ*Tv;ayxVRp|9nAAc^+}k+)LLlI6OND>}xmdfjcl>k7PS+pbG{{m)+{ugbcU{P}Z$ z?*5&z(OJnSk!PB7od?Bj(wQ;f4F$|upJ&o2rlb$7&S+|Yeg-eSG0H287`+tzr*n{> zL3IY=U2ravM;`GCc;b1LT<0RSE2vNT{jBZvX&>gD>QWi{&Obl*!XNX{9?pkQVcsgg ziw4Drf=5ctwX7~m$+cH^PfmGMkmqN3dOsX`k$y&_eJ&`wT9CJkMhE@SQ8!00WYrIq zD+NP%CbDc$MdI@X1?s%0^ufnlsPU5IOOP;<-o_{z4%K(o?L}q1+&dhA9oSs2rx77L*iIBX7K|WLb&OCMZKf#`lopc>g7>x ztW~c!L67`WyOt&MAO6VyC@rNpT*y08d>WUY14Gt);fnoaYS6-?#I?NCVJCV}pDnIO z(Fj+Ngk}j24nbRJ%GEl9>aJF>+Bc5=!c~1ez}36-+5Db!fZ;;SA4|MuWkB328N*f^pBUFYtQR z6dx-oI;$S%kLZc`3fz@9ch_6*73qAQJg3^KO7#q0hT3es1A8V=w0b{jhQjj|&;bQ32A9%TD=axN?TxVim@urWbUv$HY06>VHJKx+r|cgGWt5WL}l85~8*vn_I(ZP&`*<0=4f=x);~x-V^Un}H$T#qYW5Yc;FXo*wZJIS@ly#|mM!HgVaMRM}9eS-Ggz zOXhEIUO~{aT0Ku-0vgi^S@#>c>rd@jz2(^FQa$03Saxl7(r$AgO3hV8U`2)ZxlUMy0=%Vx4HYN=V05j zWAeYbHt)2-zg!&WRUAtVgmbC*fW|w9B3!evvArmnqvYs2v;bl0T#Mdl>MA)i^aBHP zBCs1b$nS`FKns7nU>Js$l_2bDTKRjoc^AkF@@rpv0*T!6u_~DGt{v=4nub5Oed5KQz(+}aJbU4Y4|E6 z;akuXhzMV%;8k6Z>jy0b_jbCw@4JF~c=iZnFzDpYHbyj|Z>@6@Z9x5;yTH?Ps_gf1 zQaSL);a3LRmvHgd9Pi0)!C&IC=Qfv1k@5R4O2h8&K0b|^S2gRw2OWRs(?vnw53$G! z34{;)qQ|thhZVG*WR9042ASf8X&*cxpznWQ%;HfrWdo^3z+CLcogozV*f0m}KENuk z0na{dR65x4-ws{x->y^K7v2~2v?|$gMJ-&Tx@RrR$?)8nX=uiFw8bAwY5K9f49=iI zpL51m1@)DD23*5G#2=SG)IQ|RKa}IH@V@fBR%}Vk|41p zO&}J8B7Q0G_l21)?S?!JCVVJBfFcxxmk5duGeO|WKF!TNtEsuF@tyFEj){r!y>)QU zajxBJdG+oNJyx@2=>N>n?Ko%hj?QT7dS1M(lODaoV&`9$A+Q}LK)?GlLXdnnz$$RE zV<8VTbWwQ|e!eVjoENW)r=#3f7R9~7MX*43BQ@TW4 z-B5})JkTT$p7f=GVY=$vcuVrs6oh@knj&Vbp(SB<7T)u)^p-^_-1Y`Vz5!vLoX5R7 zV~mj4y+_~+&-N3JF9W<2vBn>>13qL+8{e=#5u!4?-!E1Fj=ECleKyaJf0YyLYsE;1 zPJ$^YB--!zh{822H*q31ha8o#&>jGHwh#)r*@#H+3B-7#uoIg)5JLWDJBV}GG%@8k zg{WW`dPKr)mS8CJ?g26Jg}&|B?4WTZpB-Sm+q*CNdNKpAXUXh)@n>=`N2$Yuc4s|j zhOvB@V#mOTvawv(l@JjN$%tpOc1kvL9_u5B6kOF?lXt@xFPEiVxRsNq0b_`}gJpv9H z9h)04w@yAmsza{j-qr`6RY5(DT8S%PX&Pz;4Kr7Xpkf(ggMgh>Vt8^pW+^i3x=S4! zvm!bUdB!#4C^l7pwW{Q9m2vhzAaKv+os-$4ws1;Zx zk`wlenVe)%tYsP$Hh`#5&@uiJ_SF6}Atci(`(5vj;`Pfc=!UsDg5in|eXt0Hr4Jus z)0|Tux^UTbTh80uQps&1nYx z0o8!)W9Rh{x-@60&bN-GZxTymE&nBUnJ1;sawE&>^km&WG zJ#{0_fa9?PtZ&y9Z#utNLjYRcqd~|Ja8SX1zp}x$L4qIyTYgVGoF)5L(~h&gGFpN< zY}W8GUx+exy$N;NBI_6mi^3r~7KFP(;_(J~YCi$_ucBDAU@&>+;g~){(SZcl5`xT6 zttxI8e<&1pC&2ccD3>eRon`6V<1gJdQwcx@s1WX>!V~72cCYuC-!9){5{yEn+6#%0 zcx#>ZnRol7X-zJ!d=R73{J#C=a#T1QgMhao>Uwm207kWi(PF8;BcF4v-~2=VzMx^j zW19Bitai9b7dbDW4Jg*hLpWxUwo5H)DCs5H1E#Zp$>40833*&Q$E18PkGs$Cd-p&L z%C3`XDDF|n^Tcc<7!TTRFl@-H9z1wSfD+XxklVIXrV^nwa@Sa5tPq2X@hsOiUU(5J zGjAKx>b-!r3&Ee4Xx8pUi6D{5`Jk@^%Q)X`ePKUUSZJHmFuq;$`sJo1ZX|d(h+Em* zL#7PrY(R|J#X_4LU5FqW6)EXOT>C-nSwbm}2~_t0Dm${nMSFvIs4UGb2tTDbG$4MB zZATX2(v)MAVmM>kJ}yn^6o*Ne@8lN2EpOErG9@eZAI&I$A+THN#1U=RCw#2rK$pKt zzRB`yPkQGvU>{K0YO|DSuE~|{{1_g(dswK>H2de8lPbkq$MKVTRmggzkV)$W=+}w2foq>J$rFVnielbVLJvjORns z>-D?${ZhJ^q>cCj9b9!g%0qb^ly{(l?`a@cylRN4H+5Xj<4+ExJ_sMRl}-k8`v`wp zm`{dFV8`7i9tI{yP-qGSz!a9)*yEK8LwR-|-Q2q#)qftO$jHkh6Kk$3-( zzCYgFFQRkwA^&8 zwoK{zF7dviEQTHmV(-%iW;VHIrQ!o~HB2Kmlrqsbk&>4P&Yh6x8u7II2;ZFG`M%o* zSxNDM7SS2_jn#r#Pml8pO(AukcJb1n_4<`rcT zwq%MC9#i_ZBauJr3QW7cRvEc?oRgzfDBHUDt9|n1S?+v#NEG={UDx0ESl@x%BfzIw z>w-wSO-x+S;O3mh#%4lwA^6slWKprY=W=jL%j1o_$)#+EzuTHouz_>@%K5LTqNxqv zl>iobHr}`hu>HePP9JmX!c)Ylm5|i>{+P1fw926+D<2ff6KA=vJ#R)m|L-wRC~^0@8k#Q z1@QQ)#3LxREvbjalvW`LY5KsYUntoaPb85eK^4iU1W~W^bgx&0TPRrwFYkH;IPAY>9-C}f&@2r#xWLGuqso1>ax2vGTchwp zn0cp?yEu?0)k93wgy&lP4yBNBR-VGHbTmy0}a5)6}I#|b~CO~aJ$O|Cg z2YwMOROGdSyEo&y^iW!REAyBTei?}f6-|>R5#~2(M#J?Q*JMISU2wUfD6h?5gHmSwC zb~^|~a6t}Y3*q)si7}6&b7IlTRS$!esIpI9$@Q1Vq**up9-VuE)*x~&9LNT6=KPkntz+#Ys`Sg3x=!90^yOX_)A)X|RXJJw{A za-~gT-NY9OhuZB>CMZvH3GJa61#2+ua%}vR`j@^^* zd#+n9Arqk!ilpOh;H|)RibYn}Ejw`%HEQ1Jcp$f)$FBk=8^019{i2Lz*2*6}VSDqR z#$6oD28_TuP$8ckYt^uAX(_iog&yX5R)79eaQ?(8e&Vh^;2|E<6=1Ww_y z@T0ioN09DkaEuk>QPXOf1@o-m7eg#D`$<4oa7`fBoI5PjF_YF8KU0VrK@@gO4a9i zqYULdF))N+z_HIq8U5cG5Ccq65@4i2eOb`{*T%@DMO}VNTD{&L{L5b)R_pP*pVpysMb#*CVc-K|WfeU9O{a(P6)^o&+c>d^r+U`I{mwcBE4N>_|56-hcgZ+qdzd zJH1b&s2_lR&sv>}Ie+LT^D*|9%4_ZGW_mxwT`L8GEbm!utgX0Q!lCoo#f*B&C|f^` z2v8(_nzWsuA?UVH1ZivT-gZvu6C?d+)+6V75e8FC_!s7O=Y%`E!_kxd@vSeBx-6jx+R-ui$BxZDzT0=wfRf zDDGO0cMnKHhsj~q|9Bz7tFp@Qo+2!eSKO-)c``i)VhmrgsH$p ziFb+8aCyj4`O@?)Gi2Tkeu~Md5XLdtAYEd=u_hmFa3y<;1cr73iT%3CE;xou8iS^A zxgf18M;|3MLX`rSJAoM2=sSb$!4=PBCbQAk`on7i1vL|_ve|j16P`szKubxF&gM&^ zrqyeIpz8=JTwbo34LgcfCck6X8A&r(G$Fxfo5w0ihV() z)TNfU1?9;Nxn4#AgY-US-{_z~@9bbW_~(3b0=znQJIBCt+|r4>Wd1FJQ;svCB$nQG zQ|gbM!#dRTMW*Jk3|4N!CJJIFkf|}5zT3o$SS)(qQunYtc-%W1;yWoI-4SxeW zv}JptRxtNML=3qwADT%OqeDNUvX=r;LHonTcuvw)`DAO8ZkYqJq}cqS^1d4~YkPnC z(EOT;>#RKXs_R%edDWq1b%I?k4T|cTc6*(k5UdtJ3ZgvaP+dbabiBuEy{aJb?(>Ah>5T+?tJE&O$SD{2cYld zsUdThJBtja(jBjxH%Hknm0jsxrqt|C>Kict2l=8Qz%%&|c38hYP16#1 zWC_g{Ae?nv>th`nU_3pJ%tSpDzVk{~+?dQ&El%3Bz1z7b?JBX+Mmu{mso!OBCX2E+ zch~uJmreZ}>Eo&B=%m2@$Imc;?|~@4b3qIS{CIK{35#N$Q>Hls7YLu^2rMA0Eypt6 z-#JE#!M_aVdC5P9)=O|#ztu>8Q~gAV??c996SH!&2wK(z*lKu1#%~r~DpxvN#7vkS z<9#`1$JIBVv2xE;1@=+!QPS6_xs#jUy(tdr>z>C1W7`K9A%j2iOM>`1iSw^Bmg zlNvbq^x9mtjHx0*NPH846mdK)4toPonz;&j=Ibo%&$J)|XVSSsWY7{p2}^Mr?Yrobz8CSpf@A1_?-elfkdp zC#3$qHSFIaB7PvPW|#obtSzcfl*bzsOu5`=U;mbjAX>_iI#5n-e5oe49D1wKvZs7n zO(JM&fSD3+`e%vDZ8${XU;0h1eY5VXAi=xuy=^sBE?EVec&J*pO-tn;qABUtme@wsH{+KR9(4~^g73@ zs;!ia@YtJdpCLPk!N(c(M#CG}J>fmTt}f4v_VB6RygasS1Ho_1`c5So36x%Kr+h|h z(&j}0&_V%#g>LX_>gA*|fBZ$2<3dPuqP)MWY+e@dD9N?@E54@5D994k`=f&YRSK?@ ziOPA`fC~xS-Q8hjA~H zg&qU?Y>1J2f)#{+$U$e!Gv`#JEgiz7=Al|N^4ib7qh{JbuL-+d5K2bYMMP*;#fbNnF&hn)|Oa6ZFnPc z-@~5}oE>>DM`adMdZb+p^f;gt&wC6LcYav$EAJbDD8X?}n0e9MYr{ogE+^QX>lM7u z0#r<7$WG7@i{g=;r^hm(t(FcMQFH}VLD33t+K@GzD6ir%lDFkk# zRii~Ug3A#tf`_m*!REB(Jye*bM#qv_w#|ul?b zt!rgZr;&~yw&Mur8gOyB?Sko}(bK9;lU~7&qnbcI!}~tS0+6p&ir0lPf7X6UnyA^x zV<>r)swY072kRJnzcJ9NL$f|7K5I31Z!*$t)5IAGf5EuVtvy*;cBEETaf~Z&FGOkc zWIe+BuG>u>Q^Lg4AY}$5Xskc^5pQ436|Yls5<02oKzPKtK)?}0qef4=<@UIe;l0>B zxgF?PlavAR1pWe2V1(cgjvyjMK#G78|4^QY-W7D9j_2pEbT_2cnK?Vq_qe}O;X3Pi z#{t~jyvxTx?tjmBKZ!=5hc2!`&9=(FiZ-3L{gw0%-N7#k7Dfe#?1v`cVL& zB)s~$K(b=biJ^}MT7%F})zv6PGJgr>;8HM!Zqn>|7{$l0-MF6P>KhX1=2eNHB+M~k zj4O6s=|bJ{4hwH>q{CZ~7BW}SgVcgR<4M}+g)l!tm~M8&F9PDym`9jV?z)i60j4hw z_EdLHr{Gi($xKKLc>adkRBsqAt@39PQ5F12l6xH`C;oyff1JW2(OyRLHCQ09=5?x> z5~vh-@$nEQXEQ)qF3adB>q{TYz)lcA3^Pq9Lil56Tr6}AVv1{OqY9+S&E+S7D@Vj> zw8Z=k#_&XgkWW3wVafzLOicvk&dDCLs2Zo80Ay3_3{Yz(X^iugy_d{T3n=n2e2#|_ z77~NMBAbX;6A)QXyqJkl_}e$(<3+5mTTK0Xieoi#g4j7><&BFP`9s43yW}1aZBHC# zoh`t!w1%D81y)NgZma)7Fm$s=eqYgxhi!wawT)z@_~nBl{vQrBJ+hJVJV#1OYtVS8pGfda6eIgGu)>boCYJ zzmU%SM5%-Y|3eLO05hzGUi4ECO-N$Ck0Bd`@a{?n18>d$3YM|AkXF|yZxSB`zAJ~m z!BiXnqeT0g=;VciZ1emG>Mz>PyhIQ zKVivFF96&1{yyP&>R0z~UGfKmG*A5Jk}Pv7)ZU17#YU5&RO(<}4l3!7sQ<>J|G<-9 zDB?{na0lWA(<+A-%?0;K8ULHsq=kCWgK(a(Xbidr;R$ayM;BBEuAWHn8t~Lc+HC^T z9hCnK5NTX>U2XcE<_-&9l0n88#a@XloQd&RsbyT(KHV8i~1LVSgT(PG&JIF6S%^u@sxqX1zLIg34X?)GBWA@7RmeAlV`{XZ9}<3*0)Kepf${-QwpG1)_l&A;E(1YWK2#a3A0f-^RcFpCBigy;2XTyX8pgg z1HEI1q|Q7F;A~mzk4?108Cw746S~f#d^oeA<8V*dwoxY=QI$3u-qj~2t@yYBsBPu~ zLY!=f+CwTtP*0(xSiVHRZ=fKeq~}vT<$O^m&x=|6&)4QrB5xOT?YdjCl~^q?nXoR( zm5PGzs-Ti|;)jlRDx`XXmRNBWWXU=AsxoL1^fn@_CBk))jU5K>srQX)P`u}L!JN_2 zHrl8hRN!P5KN_|?bJr(;DvsUk`)%_5OM>fmXo$`cKAjc@ezNMEo!#uFGa5)n`t z*uVeDS|E4{sq+k`5ZI;~fccdl2ycF(UUA&zC$_FP8MxqJPghF7%BadNA7nFSbEO z_O4v5`lGX6)L8U~p8+OY6R6~$+A5dv>VSZ2l%F+?O8Z}&0J}8bq|O+vhVhiGbsq*z z7(hGAatv=gT4UZ~G&4y!-*?q#hCQ}O-`{^3Z$-X@>tiY)+M(7rz|Uh<2|HlCkQW8n zZ?SuaDpwa+S`x@iX%f#WDR)-XQ%c&)x)tsmbk+Rn7*Ku4|2D=?tZT_xOgIy_?jk*9 zZ)i?#f)2u9v770G$`SKgvHnLX{09rVpCCO10zM;~)O){*pX!C( zx8A8P8p*Pv$wAMnG3~<`XaI*(4JIdDW4-DBN-cj3&y=U+LBoED_A(23$$RZK*M(d) zBZsXmUzXICrbGmbMIU1M_?PF2bWFG=I%q!g1h5P8QCzjuAVeoe^mrh%!r-MJCDe>c zzrNQAOgzo*Ta%Te7kL~Kj80WV+K?^VXX0-&ElalCwv~uerPF=H#KqRx$_1xgC<}m| zW&r%P-pJ`~zw1ZJyjbbsxsJQ;%Yt7KG00@pvCT(mjO%{0aLXAKLRu}xgxVh$?ikt- z{|i4HOiAdKV=EAhr$8G~U*$3DZm(Ier+T1bh&0zUn@1w&qvgbuG;wV02Uh|PZ=7toX1&dTopg| z9Gb4iXgyWU9EzgQGsCi*eneh?VaMw*M28oyLt~7Mt&5_OrSk4(Tle)KeC1$#N>x)B zuH{zv=xRGgrmrWIMf`BE4b1bfjVfb(HPu?6ozB`DF5|sf+R4RHXxh$pe0kpYb**{B z$=wu=rn>GY+>VLM?={QmtF7^FDmua5ZhU)7{@|?o{cfM;zM&huWElOUpPGgCnV7#F zI2vHlZb>6F{$#05RLXJND@myYPC~we1_s4tPk|(jte1-@CU2oj23~nMHa~)EER(6y zoSGqVPXN}tP_c<~zu zx`t1f-*DQ9K}HTpko=nTjHwoU3GQgPy?sWsQ3O90Ltj z9D9`ifMtx%|1=Na09}{H2t3`C-AKNxSXK4Zqrh-lhDv6zZ@(|Ducn#VLd!4nkWUR9 zn;c!3dj9L!N$7dpupi6wd@ZZu?PPejMmV^+s`$A3j6e9+X(Ok3UN-$*a-$7jle#Cl zM&U6ZJmU{ElLG(L+Q*H*)Iy(=<2|3wPXa@smy)*g;(W*Pbp~_y$q^^vE@yHz8<)-L zB7WubR{s%w>Cf=(RY>-Yk78}zQP<2zqwHLIa57{++VZu?^?Loi*NNNhss8l}(Q$Wp zmYw|)?=P+AbKKO~_R+Ta`Rd*9Fw>os#c?g!v6S$N676)>+;Wg3@Q!oGy)V zPVkNL>MrmhVOPC!00>WSt>7q9-1zJM{HqB*730hb6ok3lU7*baz|sU~W=^~bR<9s( z)qfNPj?YWh0H*qC^M_O33?7~wfKkAD$j7x6dC_qO=BsJ&DHpAK=jjowV07b+O-4M`@vC^x9-uV)j9FVOX(cwxwE%O6Q% zMfGT%@DJ$rXbC+TE&=R0@DuW>a;uD6LlkMX!hKETu4Zu8=1_`jS*C65DXcP z3F$x6@qd0GVBps;addP70mB_KJfKmhhmx*57Mt(I_um6&*Uc6r;6qo5=hfKq`S{T@ zWL-N4uYbr!sN~)4;#Zmv+UCDH?kNtXdesqW)7C3=P96LpdQk-lnD#xSvIMd3r zvJ4NZF6)O4i97yd^01-&I0hO}_2xy6gxbDj8BkT5>7hE-@1kVrtS4m1T}y)?_!9nl zguwHhT}xE67B_QyK3G?uaPqa(ce}x->f!t2wXQZYGv{Dh! z+K#_{#WnGGr)y*a)*pg+-J8h6InEkb*l5lhDGu&3jt?gHva_|?DYAGtZb6x=V(q34 z(a^{zZ~Q8owbc)!pG%mq+_bL*)B$PodI_Nu#5??-DHq$@Nr%%h7bhfh2EU(X;js_| zdL`wVS6Om!9VTf+4Nc-4-o*Yo*f}W~=9xN3?qF#AW@pmX+su<%I&xwl7_VyW`P37N zb~NdUGC2I8Mn9@XR&Fs*LuHUBkyz5?bxSaRG}~w85+~eJuAS(ByZ9H7<5E!Tz%=b} zm{i`wv1}gScrg1j zSv538Ha)fv45E!NZMuh2APe0Xd_LzawbQW{35uKY|Efd(dH??<77-zFdI*Gv&3|nr zn1!3*sM)VyGsKr>SL9YwEPZZ$#jSHnGRVhwg(Q%wQ07gX8A5eRVJ3;BT1GsyI{hxg z@BNc{s~URw>$V^YqB&mZ(#YdFij%p5*fwN8Aa0>8_ZMt6{+)t_PfmJ-E!S`iGY`Ke zwyXcGQetVa#iPJ#8nAu=)tj{i__?PO?!LUv>0Drh=PxFQ&hyA%TU}nacofa{Cdl|9 zYq^=R%{?xz&m*3@oa>y#@1qX)BDZsvR|x-WiaP>7FZt!Tsj;t%DhY3`CwHxe$2z*4 zCnDZ;dum?)MQj6If_2DG%t>iEO3FPMYdC;f^H1ww9yig#*0o{Msq3q?|Do#ZFbqz^ zhxfOV-_3ygp}RmQ!^$$eG1)TC-CJ!B?f3nTkEGvyR;lSHK-bc*oBrB;*|dv?;eDf{ z;mtw&DUIC(ho+C;p8eqLqqB1@J#l?Ktjg~eM)Pa$_u6XCFmyElvXkb$gU4yVi(ou9 zual;yM}V%@=N;{p;k&elG%Y?i!5zJJv;d{@u2vmkqPoiyR}QoiY=p})G)04Z;&|qG z@z6Mb&2WUT4KA>bg2=|}3feL!a>eDZqFK5sK>Fz_I(SGlu4>sxGs)c?1sGY) zEsyS0)_hkr{w)mdmN9gplCr>rZ@g%L&?_uSqR5e};sDx_9QZW?*-0$gYXmLzg@ysb zS?T9}{6=mepQpUn;W8#N#?{2tG}y+5Stu7Ptd9**F~oq*7D5An^DM#9oZRW|uGkoj zI=xoGkiHw?N(xDE;)5)r4vCE~h$;GiOVX&zm(x$bpB|(PtX9sMk~h1Xz*pEadsX3k zZ)^#5MgP?2{GXDipooDBDEY#S1=TT$Q>F<88o|{YD}mlQrTVHXp*ziOWK+LiaGZM5q!0;{cHDaQ7gT=qdRINl-d)$l zttH!h&7gkjnCVdfH9g*_Cp~Y#4{LKQ?qFXd~fhCV$t z{(6)GCHpAoR-03`2#)(%S5nxMxrR>y)Ltu zZ?7jpcFVbwscV6kZV&+7caLyY<;*k;)1yNar_+<}>`kqtJYO%-ZSQaC*Nc1E)5X%m z(Rvsqp1TTM0cSP(oK_kJz05Qk{Rp4B^{`hyA2(C43OePRpM&9~tA}n@Y+EkYh2+O#_3j3cwBtt%Gvxh!;aE0n|-7lhyrC?Q` zdos=D#k^Y(>gH6+`By1ut%%Pjp7O~)_8?0FmEh`UxK z|Nmb&lM z>aZQ~d3|*TNeBRM>39lb+`0zU3DZ(4MY3~+1GT#r@fgA5-k`vJ8}X+1ZPXd1!Te8y zs!Ea`*#vnW>e6DWwo8Z`Qe9kR%8mET?(I}FJ)P7rPU>H~d0#sGpZhb1!)od!a(F2j z`}a|US9j!3wi*0RN|`L_2Wy)NaxgT2Gu{s_%R>}(A0LBs_wZOdoMMkOHHi4{EIpfv zxs@#D$MNn-yUnDlCF{E}3WP%dj!zHjwzun7mebWn4|#3pS1PXEvPpY06@{L~_*~k* zZ*{hE=L5bSMVRr`z4DqayU-KQJ;DpM}HmNRqHmV3l|s}4k)fKsYv zuDiX&$OuETb|UR_?>mRE-0Ly7MzRiF-YCRwDLi&m-cf@)>d#^!3m>SuPi)96jdcxM z2f&Biv0tmL$FvF$8^#vxndCmSlW3UK^L*=DLo0tconcLqdteAt8f8}U=y1Bg^W)i_ z&_P9X%4sR?XXV~_8|XA^Y89yO*jsAa_=>Vt>Y0=!TKV=3aN)Z?(a2Mpj9MZ^<>&&s zWIRV(0AkxQn#TZb=^V`<8rYZcavUULPS;7>0*cSp)ZlY|BKJ*NHOf*7s(1g>l|Vd5 z$)$$@7Tm$J%hspFCktP$yj-o^XwwfIXVwKI)d9=Ttk@U@||^tqlm#O>Ro7Xhevu%Pk9O~qIKx!<}LDL z`8$MONsM~`wGeom;d~hRpx*aXR`}U5+t~EW@@M+aIc-OcT;7ru7XZg>^WZBio?Q|x zDeo%yTGG(2(>V;pswnR*Kt`H;G^#t!DrqWM4ej5%+1wPh772qqcsXL0N^i(l7-p+f zjKIOpCyj8ZxDzKc$d39wl!PQWb^he&heOM1qMwxQp49`8@1W;jl;ggr(l{pQ^Y(TR zKbuL98;P@`)xlF4MvtS$bGtu0P}HHJyDta;OzAQWo@BGFNuvsthD%Cajv6J{jZQW7 zM8`~R&d-}0PA?s`UB8CtEI_LFsPT9nwQWuQfSY&Mp`!J=&p5o>(=-(T}KFDV4Jx?vYRFWZpHn?9im8!U33Ps_@739~Q0F&gQHZJ;GY7tBIGg za(Bl+NlLBck%vpel|$E5ylbabWHYIqGUQDUOV)00H9B>lSyya8jJ41fEEfPf9jOnT zl7mG3qEu&zm5Qb1l{-hm2a2bDljZMybz3GTpP{YhzB}s1-HeeGM9=pE=L`#n+NsgF zpX;J+VSOsr2o+tuI+yB!Oo7!B3{z=+%;4MqMkTeh%c~=iMx5#vz0fM4XjNg0*NK__ zCrnl$NqBm`wb>R5$YN_=Jx-t2)LQ+SnjH7qndG zRa~g2Ix!t49+t~XPaDgACeI=!(CV3k|I%Ghw z#ZqUjQ@);$88c*(rAEVar{}EC=aeIO5Om>q({ae#7aRYzMMogo@tCh-%IW<8$a2h-cl3kMMm9@Vc9Y9xG)>=U`GaTw7w5LGVEKdl4Q-8bS6~!g zXRqCJAw>M>!KVG1nb5(B3~mn3Tw6LT_m4IZ|R0jtyG9~R&9?jPtX09 zulA4E>)fOsw>xp>jV`k9qw(j1r>;2Kziu~W{kqd#lGY&CE$vRK?Dkv941WFYu7Q8U zq3W-GYkrx#v!2;yUGJWa@?R`78ZHGG;L%lV_mbki@GP)(=2>II$R8DNY^ELkBY}wsp#YLXnv{m*2`~o~E|lA74Y5G0siSb| zjYzD{ND%y{%PoZaJl5sBORP{w&8~_ek@yYwpWuNC+kB0JX}tz_>&Ug<-)J`1n>z1| zRw%xas0Yq8RWjxkOZS$8W((&@my7$X+oabn++i+3?nWED?v@*+Z#wbsRo;wnaSIPt zu=FaRj6X`}*KX|w+?>JjTS5__f<<1e#>p8|hSSv9%aa!?t6W09VpO%JQk)i1CiA$v zfo^HZxHzVZp?XqS(Yk~fy1n#g(X3kBpUatSX}>n0l#nAS7)*0Q?RDdwwa>>V zl|~gS@_&MML8O~6Sp?jI-+lE_iGODm$0ZZNe-~MPlONoBIU~OkPif9j?g)$@HwdRV zlF6t(jbD%o^I3TG%wE3or_`w=UO9C$+?DRbU734U$vrxv)z(^dc}mk?tKAh397o-r z{)(kBude*fuQy!dvu)(pIW*B%Z1d5;R3H+3CI?Fz_oS3WEZe$7%-{8OeAvWawu$E9 zIEt}x&T<$L>f4;&BAGL7FU1RApAldGl#^L)gbfD}j+Ea}?aE7KG zL6Q815~1WAxI6aJc$!2%wA}vCSe8DVAZA!2HOyaU)-bLra@j8JPm~;kUVE zjav*Rhufuh0|fFD9V{>n9o{1FhJI&57z`86&9<-Gr5wc_O+?Q)x_!YfK{ZWlSlg`q zD9EQW#{Ce|-Pp11xS0a9EX;J$9BH=}0*UTli~0#^rS#*^dYj44+8hT60$&+bSCgY% zL+bU|#t1ZxZuu3Vfge~WmQpwLu_pYv3j{7-mXcgquZ`ns)jEq0qJdH!*qpXfiH7RcOv zJS~r=e0$zaE1UX|L>?HmXskm@oL81T5K+r$_IF!N{}_7@nBdRT5vJaHKRNSpuYH{D zZ=shP;N-vaF>^BW9!kLXg?7Oo3MoJ}BHs2xhf{Lk+nv+mN%s*-;TgniYb1)W9EbFd zKE@q)3PN#lo}(~Ef}^E>0f&m??yN>VbS|Bor=|Ibp05Gl`>VTshnkhy0iIm}w&U5ner zbrW7REk}P*69|-{NXCsYnAx;Onvf{m>w+S1%wHJi2F3{Kg{&qg zCl(7D=lQ&#Dgkz5ds90p4BNi?Uti5}I=&8Kncnsj6Fs+ZuUX#{Fix*I>W4EQ;RuH( z)vB*)IB;!|;=jnX%RsI;g%nEh{LVaTRZu|uH0A~+ONJ-2FI>$I-nLS+xm`rQ=IuXC zWiqEmLwUY6`2DU&?s~o(z0*;>6~FrJYsV`wh_;7A7V$}TLl$ZEG>4!#I$0{EH~J{I zjoH{ZAh;bYxn4V3EEUx%mRhA#|Y(Vk}yyrmpFpZ2-EIjb0FwWO`|H$;t9#$ftB*cA5^^iJdm z*v~jk59kPVGp|WR|KDDT?k`BxcaERnERDHvcv}w2Wdeuaiho+{!&~x(?(k!kQ9k>U zM%XI29@ZD3^r4iKXKDo{KV7{oXJ{TN52>X+f11UXSXl7s)(@t@x&M_m~ zxdVNs^b1tVUTA!tL$#)jqFW^Vo+3opD1Zbc3T8aF{UQQI9f%eePgmyU!q}*MB1KZ; z-=YP*!8`;&-IZ4>-d`gyWDVChWE&N~yd?lC_wxrYU!vdd0P$B7>dzP^=GMAr-UMUw zT_rmDUb65xL%+Y|X2uI(G@@PbMr(w?={)PY=_f8pn4Mo;Wppk_AEry4u8(|Q2ju;zufIMrb=njG<;v-dnK>z^19%x( z?8XA^{g}(PjL=XgP-BOTxKb+_kvVS;>78A|4MP^B+ zcSU^!7Y_$%igVsK$z$fA@X00#H3Co`kg?>YOzj^3i>6Y&97pSZ^-~0Zz*ZyNa&t6a5ab4Ga z$H;MlrY);AN*b$IDyNguwi^pl<>$w63Br0sIb*|o=VP)e9$g3G?AX9aXj;I2jQb_QH{h!G2|4UPJc=PR+-y*E}ylK3SVDXULb;&A5 zOdZ`YF6tI)L~DP44@TK(l?80T?QHs0;Fws^!7gmdiUeI(r4z%O8;xdv0VY38_*pLT z7t2|?KX1K?X1fcZW-_L-00hr|1_))Xs}Z3#68t_Sm3Gkf1tfA&kmm)P;$~>R_+Dv{ zz#gV~D_CmKsiN%Q>zDur5_xxrveLZ%(lyMmYBy2DKmPi(bL(9jcc&4Nia9kz$UQ{O zO5dzL$63X!}hM1UTb1a&VZzX+be+7Od zX1~|jF^NvK_`|HEwcnjETE6M6ecMv)xSPlZt7PhHzaV!kcTi1y7!Zp$xIZ;Nk8WFt z<2)Jrmg_1vnkh=psKnWSH?E(OV!83uPqCXD51st)@33k^0EB8aEogu#jUvFiEvYz< z{_M;Tnzxy!Lw+)6S!e0Ebt&a>Tk%luwb@jl*L>dMc+!_S@NgC`czw=sSMD(JDw;m< zF&cE;A9!c9CWS=aXLKTX(%o+9UrutabBwhr^u+ zZ`M~!IoL%fI^iki?!~rFrY8q;Xjx$VoGcksxpu_kcW7wLpWl5`s{L0Js*$YKaXgwE z-xGP>ZGKXaeWDGQ$P0JuxqHph!5#6=gC~wod|A9&rSnsj>X^Wy;qs{RaYjOcP1bCP zV-u*&fyuP_v6twjRLXxQCDsmuexV2kZ}8DHE?HdaYPNy=y9mQU>t7|0?>%mf22wkT)qo(ckPQ{2tG$j(?>U2m+J>`ex5YBcl_TWD$kT zh>kvWHM3;dlDFH}-yNI8m#{NB%a+~~^U!Y#mJQ=hSU(H;i8a*pD^$}*Shs=%q{4BK zFY3tlge!EFbZDAxYU2zPnG}AhRqy}Gv100pG|8U@Ft~(;Iu;aIBy``p%8~Rv{ku_n z^Bk|5liD9Inyqn$^6%RE3ewZ&Bqldo^x7icI-vGeCK+A4S_bvu(8+X2#SDM`FV7LyH7?H339QT9kFG+VK*MmW~_U89c~C z?iL*gvX^RwH^|LoWVCgLT3oTO}oo zCQdkvEo7RyK}5zPH_kNpC1saef5Y$+hG;4{YCq|(47-7h{-yaMiZB^^@Q0r5{3&qd zH?cF-PCTYggoWTtXsv;31pMjve`nZX?Ti4RUyAb8ini}L+0Ys1g}um_bgWz{1NN0rn7`LggBHEOZ7a=u zuB`w6KJ6fsGCW@{%i?MWM{psL?KQoO)OH%TbQ3#94@|)g7kQhA1fyvxb5Vsp_6dhf zYmd4_*`&Ef<&+uOX@$or@a_M>I-r$!<$Lf=$}+3XU+=n6)o-745TE*?b7APz^?Z$T z*b+3G=SZulx8Gq!PN+GF<9PXZ@qEzEOXj|>{RYp&<)+^2vLbN{=;Nq(zl>nMwr=9M zg%=zhTMzVhMQ^R7>tDO0r7Wm*V`e#^u{RfP+sFwU?S=9I1vq<3+Cu@frIMW_x~%`^ z)e2XTYymMcU0=k_j<}=}KQlI$q@A4;c9D8V@USm`elx{;ePpnb;O6V8>hrJ=;Z-db zBFjD31+JRWtQcCj7HslB@mfIl2B(qA+BO++#!gz4^-n~TKyh7ToP(^7sj&GG_3MB! zvu!j`$$vN7IZar|uRCml$YkkI8!NsN1&N_b`{2f9rPlYHgv7+iJ8=qm#@2<;uw2<} zZC>+{puW%)Cdyg!8P8(axVl(e*6TDHp<(nltk!uF%E^qq+6s|WT7E~$;mtP6(E!7Ax8w#ZrRc6Mh zE@Lx8vKV&XOR=gq>PauZ9#GE51Pc_eN(dC$mlQ^Sz5awB@pm%@AZ1`Sqc9)V9qrh`X>^IR~t7eiTiSkwPX>6MsIO9Pb$nr+T$@K~{=G(v9q&oehi! zsk*SzR4@9rPK#CT4`p^X;-5(5seVE4wAEiX3~N z7vBl6-W*<6qS)}1Zoc4(|LbO2WNM7aX-I8Y>T2O`XubH&^{W|nljI!f*5$7G;HU-!9-tXiGB zJsgVBw_o4LS~Q?c3YzE{&9fiOsRtg=?cOX8NCH3{u(?t!fSI#(wRom81U#jNcLMvX zQ#?5CDwcB2<(Jq?`$9N5c|z03C5r%}2~Yi3XH&{{xJId^-`V~Cy+CI{*t`%odmtVi z>87h^&$x!QLMT-IUw1or$=?6g;*DunN+UrR%Wxx4X}{#v&sjqUdzHHV8t?@L+DozS zllt1_-)Dk#FAboK5|^$MGHhMx3}7|HYZ0WH*&nshSRP1$ezz$QY^cD) zK<=G@mVddOBZzmuV%Wh7$MH>XEdKN6`68J`@${rN5MTbIF30ER2xWxtQhWCcMuoWt z$%m}KMFOv&qYwLo=SB!RuNNIS^K!yi953v?7ZqgqqV+;Bj@*DQ}_)!DkD^UB@Gd`bM)c;n&E2Aex-uBP7P znM^Eoa`bY*I_~3LlTRpwV9?-&_xGYXw{FH7wx|cN&U1H)m#*Ap0nIZpM5T!b_EZ+H z2nF#J)~3!z{~%M3te0YhH5;~9@7KbXV4f;bb-*DnW8w={;cB1TFg-9TvGrkGqRE50 zs~t|7l9ATc%-G6mg;Ra#)^UN;gj^}U+nh1FHuBak_i3b|UWUeEu_iD1!*19ZQa`P# z_dQoHM0~GLtQZ^tBDYrWR*IMIyp#*f%uO*NCLxym+dGd;*yW0uEf$6`K9Yrr5B3nPpEz=+?vfBT>b+TTQf+UC_wlISzv`ga#m zt5Ilr@RXv9j*=Y1v`*2`VCG8u7=oj&t_8>f^?2J0>5+NT+G*=au(}76-fl{&6$@(Z zPLmum;>gv_0%s~@b*S5xk(*vZv7SP(R1-L2mRIf$ZQ0PCa4;cvOV2ncW7NJ-qxJT` z5$l2_v+^Fe^R|pl$@3o&OcW)x4@?n}ITu{h2Bvp}4F(n#@6&wy}=%wkeD?nA+?+T`xZzHs5hj(F=%rlb+NIvEwAK71gg*I$oy+P}H#A|TyP0eca#-Ihl;5pqC^6TWVxH8cLSQbXAb;2b8$*btyBINGG>bN#S>_b-0lc+3d&imahLymk$Uf;x|71Q3_*6vGelNH!0DB)rQ&6;dl{ zY%`Qocy2sNDYY6eLz@EwfEdx_5aS2q+)(XLG6%!`Ty%;oyW(hv(|dHu*mzYqg0gWz*n` z)>FUv^uJ#y00m+{kv+>*)N8VhsC4^uUDLiAr`Sqe9NxD!omP_^-T54kx@xxDL?wM} zxXY5Mw9#@_*WGy~>E3wu4MN5x0py&MOA=Dp|?e>F9AfKfR9Ug zIzGKFq?x6-E?l%K+J(B-@lHk3Q(DHs|g zs_8=dl;CYQOUZoGixhnU78y=aMiP(!t6i(TD`MG&3_wk`lIDBFI`OM7*W)3tfcON zN?vxS+3B^a0FwLwLijh=Jt~VcP3|_Y9`fMSxG*Nl|8@>DD4#RTKaepVFxvQ1WHK^e zTy18S_6%62(N(vTHPhS!n=>+_9QJ&eBDfravOYbX{JEj*qgYyMsbI`CUJn3NF51ZA z5%SbAFvOBU|5zAK6c@2p93%(6Ep<;7_0ec{FEyY%Dcq1_FZZbq{UbqB^KW^62599* z$eLOyR}>`!S2Ri>X(UVLN$qW^IH(h%qWxVq6E`~bF5|cln{BQq?>p8D_W8fvL>bh- zWl$qjf&j=LOVLvx*t2+WS0(DrlkufK(Yk^9eIx}nat#6(tNPX27f zhbw6X4KPqB-w1pGynTI%NyRDPNxzXV8m+YW1FP&>5BV9#%UXd~2Y= z*Bo^J)|79_$9F)B?7yuI74(caN-751D{$^%jUwc+kz5Wv-{0sZK{)?t zD9}t_2288C^B9)-$t+L99o()ksaMf~%q+tq4ikk8S_zLP=uPHnNP^BX{_2|^W=aJL zhk{_5yGbJ8r>7wA-FHXKd6iN|<=PV@zt=@|l2iU-HTS>K_$E#fR>=}}KDAgsKywqu ztFaZRzeh)!!m*;6f6mhX)%tZV{;^9?{M$)R0E<2K$<%_jZc-#z-VxqaaAydw_tG** zKrRz(1(djLgLZ!pQ)VWh6@S`2eclX&?T8mEsD>pcFaen~%!j-`$XsuIi-Fe+rS5eh zzlHr24n%yr6vNNQ>N^>rvA2Jq#u^0n_S(ZQ{$~NGOF_Y14egPPln;jW+_Xf% zfPgCJ50?K#?XT3O*JM%h8MSCeeH0LIAK+pCX`eCjzQ#^$LXk1-lXmw!Y1GiBxAHQdhQ5PqkfV)~$;VJ^j`Z##<5#ar(uDLZ z^6#MiG14dXqenxjTd34;)*W7+-Y1t3rcpkve}^2Zeh1*KyD$&R+Co2?!W~t zzZqy>ajis%$-$m>tAV_U6$+n9zY*IdKIE~-YV$Wa?8I}CO^K%Fcsf0~Dg|y@I=$PM zG=%2fWM0Yc-z8Wt`S@x(BuRbis;Kb?xg+9qCO6-E4ki~5bdlZ@tr!0~PWgRraf-G$ zT~GN_x@YpA0l}%{8~2%8jr_oB>evE zN8hySzarYddKr0ohHih#1`L}Oh7_2to-u=QsfX4ej%(x)QQ0 zK8eKqV{CDjewj0s?PM%ugeh9^PV$vR^>~8!JY)oc<-R-HW-aQKRnng-?8H5t8rQTy zy!Pw$(curS17}J#5>qXU9>tGqB*bd-(wGWl;+fS#+A`Uy9TV}NuK@4I&F`;U-!@77 z7;e5&E$+;x_XKy!ro?;E_xg${J~XO z>36!U@x4mIj9!BXp)O7B0 zXRwX9&~Hf4F&V@g14dd7q8l#J!C7f5aRmFv&ly%kD8{Kr|-aVrqJh_8#>7L1<|zRINvE zk({Nbn2GT_FqNm}=66S-Y09_I!(7M_`Uh`oU+Ib@8KEX`n{b4SFs5?=T+9|6AR0#T zAJdYh`L|6wdcDcNWKaX_wC!1Io1_!{-TXf_8vbuM`gg}9~2x~f0S4dE!OSntGPpy7pK-1GjNDDFTr+@P+${qvR2d2p`qblJwGqt=4 zq!0stU2%uUQ=}~pugw2lV=2tdvxn(z9 z7-+F_^fQ&C8t>Xn*Bo^BPgFHtFQoK7l)PWXJqa2-VZDSEHSQ!fkgNc+Ma>uFJs-G1 zl#EE^IH2ma*eZb0&Q64rx_!#N(f);4l$;k8P*iR4a7|zX?Ro}~rp6cr+hrJ}UeTe< z*Y83L-#8;ri9zqCZfoT$o{DC!->KQL^g7b#FZ9n+Zl%_k^r>yvj1i{{Evav@bo2O;aHfdoWj@N^%W^ra39bI-BTP@~aiLJNyE;^%rWw_`*n!aR6L!zo6|8+TO7fGhskoo)J)dZfC=4wH zMM}~kol0Sq-GGJK|Am}Ns=np9`U4NWLEn9~OEH=bxz!&OF0=cToZlx~ydpqX6Jn5P z=Y`TeZ+K{#-M-u@Jf9bX(Y8NK5;fI~$D~v41!EU`)z@3000;y9brcyva9d`rtEABfFVTxKjSqNDZe}}CoVjEOX0TZmnQ`~o zJJ{r2&&>cTYiyWn*iJdm;G3e~?}o|zRjH2*mrp4-vVfoS9^0uS`yL~-kdD`XcQ zEk6zdp#;vhc_WgB7Pg-k)qf7;{ga;W_$!iKDmtXovCA{%fYT}@O00H#c7wQF6?&u? z?Z%B4!+JpaF*76c+~%vzjYkaC&ouIa^iIvBLse>KB}-;if)qk2daC&+;YbBQBo6Zp z)u@DJ5*k09%V_u}Q(ZvgfB#(u(BV5?Wu*JwRN&&ambl`V{?lH>lc%&S)&><<3{S?t zvHYf~K-V#-SkuzOJsnY7BI!{UKmrL!Pjh7VnBT5BjQYfe)6<()C1tYfTZj55l1(S! z`HSw{ZYM49r5}2A!(r8BtS{J|vyb?mL6iTWZ#38II=)S}h%tIw4zEO_1{)6z5-NHt!<5f1+d8Z6&dvv1yXw$56lQH-s`f%;}vdziR-ztdXJ$c2zcvJH*n=jKL zLE^T&zDFP=Dx-59$IO7dCdB0U%0tl6OQX%(QKET~{Jbx-Yyh304-d02BaOn^8EtgyTs+V?cV;~iaeAt(a>=`Tt2LJ2J6q9T1}(d z1lCUb`hhSmPNxum80{wqM`=J1i~%d@?19aOathBE)?$Cu2yMFyg9^7Wkwi~#@39G) z9Z^()+>NIfVip$In_R85@An|Q9vz-t-K*{hjt|gM?R8u3b$`LR z-3!Chw&2gthrG5xU+{)fUO8?JYd2jIN0$f+3fD2Dxg8J5h{4$168TLrC?{R*ot@p_ zUduLP-^#qTltkN^?0ioAp<=KP7gwgbusUY2F2UALr0MnArm6Pd>z|L^LO6~hZA(aG z^!>sT@IsWJiKf__(*caF`kS6#YMH5KAsB(GO>IR}GY zuR7bvAaxEMcNgAnw9vX~)SIxX`nHm61b%Tk{xh5dgSOd!Tk*+efN%3&pGKd^S>432 zZ8VCAG;oGcfntRPj>Q_A7=`4{tbq8wCMaD%zaB30aXlUM#0ow^m19IAQGWUP3cU z2w(|yx68d#&yF*d2Az_W2CfmN^8f&SpZO=;VM6$4*Y-pFLzfqgQ1ICwFG!=vQVeU5RN=5xq>(+|Izkjg8yw%@hL7CYwwYUOj&wycz5ugoZZSl2ibmPv?KT#(eRDbpgnFFC zw_e!jSw)Y^5~8Qb%KdKB+_u9xPlmwlda)tow<=xUY9zonok1_A1)}doZ*DlDiFWPY z(xcz;f$GVR9HAg>h??4lLuuJ=Fm!ixAfMmi!MQl}wpQK49-iUle}P`EqlBKE4V@NmhJ8dW zAGH<2aD>5%g4cgvcwDzMwhKLO*VnVh0lJQ;K@vvn?V`+}40}{s<=%}=k z9md@cXK9vKgAkm9Y!8*uHfNocYy1QBDegg5B%ozF^XB@V#BsB;UL>Bmc2_FJKqMM) zk9}PykK^dv7B#n69c|EjVnokOu1eVMoSC|DsV1LTky~-oN#f}3A#r@X4ycVp`n$T` z^h}zg|YvwR$jlR`i`-}YX`?QG7zK)kZJc+YkKH{Xi75egQS=>wW%_?4Z zNC)G7`R}ALZMpaiNUPi(qAR*-O!0Qf$z)~4ut%%y(?Q=u~$$>nu58Bd0$C>F*BcDI(c zA?N5Mf`O`Qi&Em=Mm2MZ1>yHKH+SW&4@30Y@QqfFd%>owJBRDKT@riI-r^snZE}23 z;B~CYWn{3mU0J_6loN1mqD^I6Z$ga_kJq9G5rhl)aKaq4M>%JAX$YOJWZ_lucN7u5t?(_A8>;93}gsfIdNU2Wkg#kXH?V8+pXZ?w^w~ zbM`hyKV~I@pC?avEM}8H$qD?UE~eK*SbIQrdCE=VaJwA+Sq)QUC-3#aXtP(C>x|`k z>lig}L?faG#eBp&njYK3p8=t*X8Fvj4Hl3#s%Q}lxw!wxW+K4C*4Ci)x^wBT_kqLiSyFDWJjO2eh9g>aDGhzjL7aO8e4g|?3!5Pr+V~@3Bf!AW z4OOuHuPXc;_OR8k1@wI&^0@t`IXZG8@8qg!>vb7=XJoE@zf7it1grWZ4f#ED8_uwU zul}g7+wU8CoN{mkhF1(4+>Jfd-p#LeOOf-thtwa-yInY4?`L{3`BL-iTQ%^Rq>FXo z5%NiZdvOj{GL&An-kaZ7du=-Fb9gng@dH3{4{jl>(OKA**Ws!742@=H_ygnNc0=2< zQA4X9oAu5~6+?B~lud4Sx@5H#>B-q;g%ORhdxldDbuIKIdtNJjk^O@^ZEHe*(i4{S zDS@=_6-wZ1TW&~?>#_Ttp=vE%h*&d><-|Zj28U50vr!IjOZDiFix9Z7!3KHni(GlM za!1V<=$w`}&9P3SPo6$|Ot`Mw2SXr#nY3mi{OK2~O_F9;b{kx$HDG0^huclK#x;Cq zp&U_esta1IPB69dXTZXDdiLfe%`Vhw&nMH#clpCN|Ic*hrTQ&*5KPIvTVYfN__&EN zbA&#Sm?H16rL)EL=pjms)ELM3HFmyv(RwGN%T=4FD2Q0uLx?39+oGOJlK6&L=AD?k zoL$Dx^&G94Jb0Q#hFh~;`v;Ro^bhZyMoafSW>I^)bSlp1Ke$v5BR9msM26mvJo?>g z0MOxGl>4UdzM!el-LR^VBQOZrdFvQ}6L!@%bq5M>6XPi{mbf@j;JM*@tU#8#IpHX0 z_nrjFb*vTc^GT!x^?r7{7aeYvOpU>Nyc8{Ix}~|-2^7txb<_OAY%2d^faxfn3oh&{ zdtx1NSk_~qnEhI}h~6!jhKY-5Ry!!c^S1-Rif%qSBK%VSU%qC+CFWpfcU-hQh14;z zUB4BH3;d4zV(_wqF=HmSMQ-}NPM^h(n>c1tCL%vmmrSb}@-&Di*hQmn7tJKn!Mo5o zuyfys&QVOWtBdlvfe3jr$+(%~T5erQq2V17E95Df4a_xe9~2f^@h~Z-1x>xJng&@d z|1q{ZONO9~k7V3swMl1p{t{7w8>Ak*1BI=vWrqSqQrf$vebg*@&3)c?eX~?*LyF$i zQVFS56qe8oYPXigekS+ap9^bdRM<6?S#ei= ziOlp?N_bJi0{2oT87(iivy`}im|aPQ1}H^&om+_hsvARgj=~G1UGB@w&`(6#q76~X zr#~C-dH~8d9W+!8>t!dMKtR_`R?S+oW6q&43iI$VbKK$Gfvti6VuQhv$jQ5fD1;3I zOG(G*VU4GuZ>X+;>+67$US}jCeC6i*T7@?CdBAehStqV({BnMQOxWdZ=7+4}CZO+% zr%sJU>#kF#y6JI_oG@r=zsBm|QRKEEA}({fzUU3zcs6`xSb%k+ye1k>y7eRTJ_iwR zHaRqPc|G=r+gzN!L)gVkU6lIi3Vig$cY3$s%->I}=FWE1J-cgYqlxO&QQAp+djaKv z{0LU+NivwiKAjK_g*KeNL4AB>_h9_uCcu1y$G2YBcid3}M{tR-y&GWiv;r+fX}${n zak`c}D*g*0np-J}MFp0YY0}JK)72Db(FQJUx24zyfq{Eic6B8#Cf^7z4$o6;YeS8E zYQE=#2N6B1rSD<|J#Po|Qu~Ofq&|edAolvy9=OslQ`c5qstwhb4VO>Vou8=IMC|%b zBbT}KPC)C2(%yhsZJ(e6OFA{^;JoA zZ&&r*Uz>h*GFhDSR{Eo}&8g=v^WA=2HSEymYG%{L#~IS-gIV(03Lc54$EfZ)Bb(9M z!vxLLx_>Qs^6xwNv&?NxIo$o<5>C7uELBB&E8ZX~;L~k!&OH^jOz+$MCVwi!PoVz} z^?wK^=r-dgZfi0N_@G%`RZE=zV5H~iq4IXa27;ppF4E#%ySn`Ml{^A)@*Q43h3lMYz}x`Ip*wW^6N7zur^rL znwX}(h1h#qDksf9G>~8+b|xYi#-q2eIOh?TPdMA3f{@R~#^rHWbk|<=ZR^5^glc}c zcUst8n6`Th=)NjxMNnEWsZl!KsVstpc9EUBtDer@)GrdK5=DhR7bXz&c`B>tX57%6 z@3uWZT_{W>89Qi6hY0c3l|Ie=JOdw}k8&7p_~W_T2&%ioy$L+YG+A2X-2@ogxm~Mv zlO6;NR{Y`+dx*!MHYv$ii+Z2|P? z!M5PQF_rw>d%rQgnQ$@DTnmctL$S_#N4At+c{&e_t);j!Llk%YUF9PfIbSl)E21r3 z3M4q&=Ssy+(kE%~&)N4l{e4WL7sVdChPXg7e5hJXR7IR8bIsPg8UoO1ONP`6t8(g0 zxrrYRFugbB!D?ybDild2DW#7XeoL1_e2-m}rE$F~=hKr#{m(jD62MbNmXAR$>Z^ra zz}>x7z+2_nA^1&6qFGTX=oWMp$g+7Gzj#v(5^O40@_((#^=(!8*E1)3cLiSekjswA z`5XNJlnVJNhwS$08mDN9oY?6CXkv&_bDB5mETdSa&9Glstoo_^!fdNDmROJ_>$xMSL&}&_GSu-Kub0&$(pFtx8af|}) z_d#1G`;{K7fNjB61y?2{~9yuf+hkju52`5Smh{S*?Sfp)P9f0hurfZ8rpFS0dl zXv^~zsVXS1Qry*R``o9F3%ciP^~GpSq;A-=)6vO&EMW^GIR(v#J*gmcHzTiUu|FWE4q%CE%qv@A!8waDBX^h(*XIK@_+{5ZQFSsOM_7S{LQP= z2;i?V^(&U$KPJH3j5`{4=CSW(T|>~Fq~OaLH{byyG`Gg7gc=8AOAy|G++X}WMCumO zgtcd!kVvS)WC5X)(bq{%|M#JLT7FBt?_bI)!pH8|ZiFOMH`O{1DI4n;uK%B6# zl`&s|!aHp79C?-aOd`n-TN6^hxG}P)_4*`-c3=N3PYK74)`;u0yf>bcIu*xU*Z=fn zS0G@Gf5%<3!82_Zf$|kCMtv2C=KvPFO%=YNDO0$rEzSNEq%tB-m|Y+0%T$+YI)Np zM|0|}ZGs7IDOYutJsOmB35;`ie@7}eBAU`GxgvNmSl$Q(kCA5*koj&Fx}hWejJSP9 zfxk;jKA_uZAZ29q8||iVgGf4Qe|=duNJ}6vH;lT_5&ueEt=HfRPpdyQAj~i>Spz`3?^v{Z+}wj>84c zp$J8p*Q#v}{`tgnZ~vh0tR+YMoqiN=CW0b5Me?osaf!O3 zX?AsJF`ipjJ964S$()Hk1(#zIW<#4}-Z9FC)jM98F6ef=#P9Wz=JF~}YVAC8pQ2YL zm%e`^D{1>$mWEu}ekYjs*LlV>y9NIl+H8~S$FJ$)7FD&q?^|e29pkXf_)P!~*=#u- z3jE%zGDxnb+@Oj2AvxCvi;E{#6TrB)!+f4*;9O2Mab&(}-Ww8`376cC-0gR-?-?DW z5x}?*_>JjuKPSi@5yd)^l%0B{NXf>)!kEVL3xD(ftpy+)1n$;4>^l=^CEL1s4bu;E zPcGzWL*qwbn`{G0+<>3D6AM_-!WwAxaogii?C6OED1+UpU8H&n;gn3 zzwCr|;{j~a+|Vp=f`4?}P{fV{<^+7q{i@B?yPl(>P<{@MbJ5oJ=wEsV$}FPanmY!i z6aDV1riwHaqsS;5870izrC=XjxEY0X@{}tX#35(s4Fe6mn@o}=lIj6UBgmVjs!CB) z-)H~iKPBghRG$&QJ;V6SnwvCLs*qn8lzUnI*A8BJ#4dHM}g#u zizj%XxN-CI;GJI$ox}A^bMa#I~&`*X>12d+X zPFFnGD_b@Co?K@nRCZ`#)L2vitP5dZed=->!5rKR$$EOCCp742<>C!h;HusBr=G&OYcX;HNT zQF@;dXj>k{yekzGxPK&TWYqMv$IA1n<0XEmx;9Pc1dU&a$)Sn5M#*|ri?gppHMcpZ z)z2Rin$om7VKGMC^KuK{G~kga&{1=WMeOXjuovo+Hv z6;Ip;I>1{UOs6vxt?Jwc3a4QotmZQq^GqR+yt#u^vgIVw@7|c>>z(hU`mf|RoQ?sD zc%vDI0vmyd_Aq{U-&(`UwJ?SK1GjMV8UnerK}`#s(! zG<1=srDd>dC_6Z7!hGS8x;%1PjZ5;m^*O&v-7a>QyqG(wCUuIiu1WQ>XYd@y#gajZ z4wB2IQl@ofL_@!(Hy$+Ml{*TU)wrEuujU-y;Tw+ISI^c{-X+gAO*o*j9^y2 zc|NN;?cOMNae7q_aWY9}`)T2?5LHhEJEH#X$|N=P9&f04fKD`7uJ_zOI12BlYY;9w zG|3w-K$%K?zxVQac!w`uuiXo{33;G$Cs>SMr*KUva zF5{`(py4VGS#}Kz<>09mf%^9&5t;sXIR4*X3FuuceJc0d703me#4&k;KHJ}hq>VsY z&RJ@LD&DWTj3`FgGeTz<42zqe9p-!q*ZZO3Ne1}pjFEr%uk-E5=lbgn?gZMmpH2&y z8p;EmbaR^jRx&8*P3bwWc0seBG>5>u+GwX!fpTiI%q#?JJm(N~+!C0dgbmO;$u0s& zZt%)%ixrloM+C(M9*C#w#O*_gvKfkEe@GEH>tSM(YREh za88t~Y$3&mdk-7YGRrvZUkk;M&-fWat05LLPxFZIW3mVQYhmaiRZk;`2;Zd`vjRQ;1WNe$?5Ylg)Jf+E^H-f z#wVnJ?{O-#pjDKHpbO2?h70&!)BYY+(R>BHu^Pf&PY+otSNwzi{5X0pM~{ zEs^&+C`D3@NR!lqCT(+q%a(U7Ow6dyZqytYu7Y5bGY4g#U-bcAvg-$+n1}#_4j&e z8l<;9AS0Bv$p)881p*&tdnMi0 z*4WgxB)#;Rg=)lEXwmpneIW3%gAoOe|? z@4^t9d9pcUlY44Y9XPo!QMEt5)q&zvnwCeW2>(n7kB_OO*nyz@R2J+BO_Wx;0#ex3oz!?({!_m|@U{I>SsX(hMIUsy z)+7SQZz9JG`guThaRs_m8qu`EEs}=ek;iaGMB>M1<= z(>|W5E%m3dxqCqggLjF#LWg{28>CKG7!{})QsJ!9l$?UGo5dky-cK4Cz5e}Q-hiA-3sFPD}MOr!+7+xYmtnd65~&=7oK0S&yQ&A%MfZ{a$y;s$GF;heOB`*9;g_gr8g+>=V(KBQ)A`pQ`2SyJjSbAs2ofr36=);V# z{MzGb_6^3$xD`qPcIx%NV@~dT@nPm@TorLyZDR8w70|GvIZccGMqF83%r?v(~L zx;MvdGQwlU;k&g51H_(%F@<_Z)m;@(8&R`!E&|qI+9a+%9-lD79&@@%jP3&-AG7r^ z$c?kp&;J5zE^~00_kZtCPRk!EBGS512k*<(?|hbE6kwU@_TzgDk3=}S$mPAt&MVOV z>_LSGM)aLOJ*)GS*PX*C$E@s1^Mq}LaR%`-2D=3^a0eH)I5w?e0x}ko!&+V?n1a%Q ztCSZUnOuN>Vw~g-hzqP}a;QVEfA@-B-ONrL2a0y>#{6GNBv+TVKX(|WP)d8S;ykza*_ zB#hzwgVx7;Ab76^x7~jpZO5Q{^lX2>%Aq(}?i}EYus`ts=sRMAOa`#~6lLEYJ3H=P zvLB*|{&0A1B)E&NZ?Ijj{!Ir89s9RYtb3oWV11RGarWJgw?l`A6C3G0c9u;ZTGtx% zGB>cG$+1~SFRKvM3fV1lM8~gC=5^H3i#gb?e}|#RJ1?#dysgzf0zPj1q`~8V$Y1M} zikk)AL=@gSwC>U8yjDgiAw5aP*rvfl4ss}u;xYFA*b-tZ;rG@*HO_Fm^D}(!oFcr$ zj{5a;x_zr-1 z_a4@f&wWYzveWg#kv>(07W7}&BbB>u~JR(e@^R z9H#&ycap23wG|9`7y31D38mc0u%3KvY|oRgZI*^?dk;h0x6IpZYIMK&wTFNEy?yI_ zcKiI^aQ?h~vtjn!@Okgo?rZEEIK#&_A$cE&?Yo5H)V1SoZE4ze&bkjUr zH^Iv`{n@;cTa7l|Iy^AjU%h$SnxpeK8oO=0*m#E7{}_9_bnPZ%`W6nl)j7_)qcix6 zmBfqE^~?$ZXhvt#M%Oq!cA@JSUa#^Oo7DCEh2Pm}0vX27R_7NqXYeLCN63)=D7@)q zgEs}dd2|SKJ|$u4CR3*@OOHH7)>H3@-u%iw!E>xT4XY{ZQ|o?br7%Cum`_SgH99I{IvpzV*T(9nQ_r z$l15FM!D5~`nBa#YR-c`N=Cff2CG^ zpZTcc}y((Gl(1^p!fWF@m#Y;hh9yYu@f4>eR zzYU*#TVXPA`ng-LX71eD^kefZsjKwnIb`#ES?4?J)ED%{FwA`+tfBb>oIcIoD)G|0rEo{&upD5Hfzj#=Ovy5Ke)*69HLzFlx+GFcGq~yUN z&HVIbo$IPo?{lA03K`G=9LjEew&~IB*cE$rhH+MyF6rHoyPYF%q~{QiD7`peRS(>! zx{6fQjQ7dc?^k=Fbj7k=p|k7ZT^(28#?{+69DQ*+#u0CN!?yJ08F)>NUn=jJpgZn3uQlGJD+~U6xY<@PM zw1P75@sys%0Q$wMAu5Sn)E|GlS*?`BS_xqjUS!`edd(wFgcQtcvb0{lWswaM>QeVj}(G)rWRcd46 zw_EcKU$*IzyZ1T{>)r3RHM?-$4;UAN5xcLAR-!A6{pmyg^*-%Su=BwB+RtgY^P;yt zf2p4Ol`4Jtw~DC%#rl|9j9uUOQUe_04>wt#6J4)g-v^J2!P#|v9{}%Wc(x{- zvJsqZCLe_fN?t;~Ud8FW#ov4h&_1%HN1v?8$yeCj9RHkGZ_63Z1Oc5ZIZBEz)w91= zrRTp{q;U}E;*_F%V8;xj-+u7E@7(We#N$4tP$yv z6i+lNN(q0r&)wN$+=tEQlDc^YjQ3_QTGdLAT(lb=r*rYNdwybA0yjgRu98$R_L7)AXR-3c*ibtxQN=a_!#RUbOXFa;EhZH55WL<>%cQR zw9Vf27~3SmuK-y0hKNuJYN{VEb6ldTD}u_*Kxnc{jZBQW!EV+!jW7lCqc?%58EtiQ zeQ`Mmu+%EQt3ag%MDt^$HAT>HYXb8cQM6mjb41ZnJARbf?ETb*Uhq;pZ_4+)ZM*R+ z1MI?Z%#Cct>Cs{J_4&0p0fXj5+U4WJF=-6hPe_2-{>;D|0XM$5T;@rsu)7OXl5g`2 zJ0Z^Aw?LGT?Oz{w>X|3zk}NpFiIke1p@NzUvNIC3NvXzUgvgSH0x~F4Fxujap{G`O zWlV!)ep!wCu}R_=$YKE49iL&FPk00RpPh8;>+SVxY4ZB@1>E|4zC`GT$j(Cc?;fIN zl9Js11xe4Zt_Ue3J>c!%{IuJ@KK8GT=*C5|`Plp$)@NBW#d`}`UvhMP3#@P4t?z6z z>zi6p#KP$Ol=ks~&mwB@-%agmdit0V+c8DM=hUc&PkPk#g3k?8ba6r%-&-SkGJ;eb zSV_|qsrSo7AX~H#Z`~bdIBz$Js`tiG=3ynB-euI3Wn2=lY}~&-cZvb92Y#(D$@1Ks zW+%CiCXz_OhQ5*#I7`s7@kBEOy3CX*b)0L_01C@k`?yjHlGKDm53AbV2m843P*aWq zA^P*tD+DcJ2I~Pz|1B>g zWI-=s0uNk93r-d@Y^QEmNf!7@T*yVR1;`3=Jlx=N-mScyKOs+<#U(m?lxWw)E%m)W zjDv!|=M)eCVA8=(oY^?e1pLhJ&vX&i2M^{`^PP+)bATJ2AyIBFO>1SeTRrgai}a3K zz+mKMczE}i1xTz=z9&9`d2KCgno?M6lxj1D;NzuJ-exakPChbd{3wW4zGj8{Wo~kY z9#wN%Nu@jhnW^SzXZjv|zOl?;3w{XU)Hg-eAp!+80p5|A7>~k+DG(fT$oUgviKyQ` ze+1YBRx{{5L+y72bW=)qTNe@z=rzN!@rf*lPvg5q?0-D?bhc(d&rghK7{1#(I;Z|c z_yi>>Ez^!JU5sNND&Q~NE3t9rXo(O6vPJadI+xfM_4~t97_3KUyk1`0`>}IxKjizJ z{Dt+!ucfm-lRvf`U*Zbek`>n zQ!sYYi$z15%wrCNc+RZRO8_~_=!H15Z9I7fbbe1+h4>_Tc9dq48JU7H69-6Z5023# zO_2HR`W|fq_u$1vgL9IhPpV8g8ia_q=`#S{-PB$9>U32KotldoIiw-wi6K zw7~UlE6NEfn+VakEgbR-I3xOzcUz}4P4HO+IzqE?`bK~Z1ncpaPOqAplrR+?Fi_`Y z5FxoJ-|VPnh_D>nC{RjDNadO62J}lE>bj!-@p%n$AFWs>4OucdHTmxR6>>i$V+63? zDaPaH#wbI}dGDdz(ZCWiBf+kA{(Rh1fq43}!p~fqa6t85Co&P)!fs)8)uWXf;Bvsb4_=`+%$E0pGK z8%MvwN@o5ycYnpsJ9K7Q$&SB7={f5 zyt1M!?mhZj5D*q2!rE{W=L_L5%cMkFi5_}5Rh3I?y8QkCeVw_dK9TPXSRN+4<=yF5 zlL;*7b8d2s425Pzh9@*Z3A5ZJO6`*Qfr-x3t)c+D3`R<@r4W^zUZiYF;MJ#)MKVtH z5%l1bhL=(Bl7@4zEKP|S#VVj5cuwh@8mr6wba;4qs~<ra2Xi1jj)Ae z`pXrmVy@^7em{g^hLWwj9J_^8S4 z>|X-=U0uvR(EA2Gyyd-qCC-Pm^;FLGK6t#-7G$=;b#0nMi}P*Sc@D?)&WTUVb_VgH zxK0fCJ^ESmoG$f3>$W!I@%HeI$&m@jDar8pgc#pNZ%IV&NT5%iUCuM z@!;9Ijeg?EB8Sfd56odBHa!P_fxI1ty!ipt9|8^g!HCYY-d9 zetJQpTgb;yra9FY=_@-)6_jDhlMYdGZjC$2DN$~kNA+ru$X;(Mv8(HEka}al~@A`2*VA_1HU0^0e&1Yd06jAvP(GsY+E+>)^i zpK$Br+$Mt0L}Xq#Ip_9TeC{@vTlt+A7)uoc$0vZtIX8HYPnbOf8PDL^F1m+h+v=~u zOF|}@*4TMCCKgy@PxK%6z4ygCM{$&8jZer{Ngd}1yjZWm*g3LnFj=M+OT6tNLO1i7@;0MUXNc0t;%9{JmXV&c6S7L368-U;}-y@1ac z@tJ`=hGqW!g^e>rxW_2Lh?VO*+0v9@SSXdDAPO>bbI9Uz+aHgPy4` z(lPc@#|Z3Sw=?#Q!-1ua&SF#w<1t?)vN$QdKy`;7(a{H*^hDXFD$*ccc$Y<_1julj z>S_cghWLgP#BL)p@ddl!tgtcDJbQ#R!m>$3+{R#QNh5Q@R-Bz?8ob?W^V{n03O?nf~|!tBCk$Y46RyE;RK zQ$S(x@ni?a)@Nz%*RIdjYC+9iO4VkA&Sq5&SuWTgkC>MkEAOSff5X|v&FflVR3}| zxqcjs$p}DZ^l{3St)2gFcn}0E`@rYMVbHd5F#LFUhR+Op|N4A13^@GSeH2uP`zRG- z{Mhkqy0|5o&7j@yqNxgn*T0iQ*afMP5;4V;- z@hbQ>4or(03g)HL5E`d)I;C``Fjip*SVuX9{0un80D4QLVYsU-*W>#(lt|R}Pu>|s zn~T@c$0#v~gyKa4dZ=@PB!aXbx(uaPt72b+zVfvu9omz{87C^&mRfVzWF~q3Vv#LB6xKHFZLU^nYJdw=Z^D7c~3v(cJ18S z{p>ehyxS7&ee6RZo^m>AHL5(&ps#+tQTNt(_)Os5v>=1A%V*W{(uiI=HLD+X(nQ(9 z8o7(D0ct3{MpcaamFTzx_QB7+Y^Bre-VGC}ur_){a~FQDpSxQ11eOCPUf!cHl1d22YveZ()oHTLl>GoAlgQ9@PC!`O3%en1VJGL0KAWKdaUkNAxQ6 zJa&a>&kf3sq*SZ=V2Qr*Yh*w5_UlJPai6jtS|~dk+{dD?O>Rl89{&P8SI9 zi<2~0Cx8K&!r&Ddysti}LygzLBigma;GMxZ)`cN`0eVCZ+~%LQf9vcY0T@P?wmy4y zS)%uQ!!`S8@{$=1J$m8u{N92P%-OIH8 zNQZS=$qJJfN83(0`uzEsIsK%IAe=?};}(tq6ptq#RW>qLJR_1SKWO$2a)OhC1kEJW@CO?JwHFLl(kIV z(@3GF{q=eANuhf4^KYXiAm-@;68%3r| zAOn~ZMMs}|Mu+KH(?AKL?4)_Eg-3Pzl?(dee|cBO!C@bJv2{Qu0_c{klRrHP?jUGDi>BLw|iI$($I|D`%!Lp8GJ`;fN2@i>rE{ zKKHc;b?+XUz2h86g<|yGvs7H<(ER4^ai=xdL-@D{xY0G zRC9=DeU=HhGT5Sta~t~cTR3)xmicUfnjU^uM-P_jQRp%+L^1%R7oiDv?N_hjC4R0) z;l5M)0X++v`w3cD#nD9IR5}^BO%Fe#hYpl@kN3w$6@<$T}11>$HB{x{sCEXd?p{d zF3~UlMyZ0~balL$q|&T3J&OL2%f#1FV3v9>YUI?0e)@j5`ev6kGmnwdo%UzdEnu8&Su&gJWZj zm)Wa%xA8MG!0@xdGup7g#w~+~Vq$uW2@`Py>nMIfgB^<+>1IRS7~V^U6er&bV~`;@ zi;jpcg!4Kff#O=cGa)0S%=#h%7k$c_x~xIY!^uvvo+i_9YEin49x5ew)8M|VN#>;@^)9C?H7nn8mqsbug}6G13%kLe$NKBVmVOdWaD=!~=D zKIwh2GiOKG#--#msETn$pKjbMHZIE>hg|NC`i`;gTQ^T=z~-6Z&GVbj7b((liFuCb zUHIM%fzGjcdNLcI$KYutO(RLjE66Hg=eQzvqA*>#@ZhW@RW89wb1H@?S~(XNa^jZug)IFt?u_Z(=NDW)G|5cjy@_ zte4;@!|ziM=O`0r>zVfkbdkO*;Z1lyduX!0IR%p4J{0JweekwdNA%NIh6y;y)?xN9 z$@UL8v2$U>Z1RwgKqaQ^?tFur5Ug@~45?!_!5kU**Y9Qt)V(8xVhuRR3vS}(jL%7|H(`rw&2 zbn)c@{p0x+VG7flIsX71pXiO-k6rOMzgmYr?Txd*3Dch<1RxvE*80wA{QR1}_ui^H z2pnHU0E{5lI~;CL<^#TA;zl#pYQv8VKygZV5qbbl(GOam$>FBkdh0`OiLTFjoNccU z`Filo>$(tIUmsZ~w#m@i_P8UB`c3dsL!gh1yMBGEy=OIXVNHMc&XO*VpwHqoOv&A= z1GhTvy%q4n;af|B#}un(-@Rl8-LIy?RArN?o(%6^w|Sm^jd}L756c?wkB~6pmH5oV zPH^9|Pbf6CBtH)OTI8<%pW3JVOagCL)+k*&sO9li{rD%%n(fAhihhB013LBSI;O9f zZVKCVGKSHa(Vv~n8?_|z#m1u_3NL@*Yf$ZI`*Amy|YRHR?HD^e0Tc+ z9`xj$Bcp43Gn>o%uEImtFg=;Q%POwYJx@QUqYc?QTDVF{Tyz+dBMH1}K!%NQADQfv zG~J=)?o;|7FL&rd4_S}wp9RBSLobw;3_&mEFLf}t=d|M+U>f6a`<}N~cRkcZMtPm8 z2w3%_7bozJP3E==tf8~Z`kQxGv0tO3nL>l=Yjbh372boWvCgyDrY zK!%q@beRpDjRPmiT7RWqTPxN#JX+Rvw-UV=j!m!w#1SD1F(Hu) zt1w3gnh*j}9L$LjXB5EWDF9qb)NS-_p^TBSbB<`Ip$RrGnTCdB&is>)yMR}jCiNQ@ zjbNvI=VQ0!KgGjqEi=k76)wd@t#K}f`bQD==^@qoP7nR25F&|$N=r3mf@b94 z&5t#5V|j@Tl1n4XrxvPh(qNt*KOCp1q&cni25RXDVc_OiR-E(o2vqcP2M>gfRmBt z+e%kjG4;P;y8G%;w+)DL|&sCZ%Sn@W4?bEo&6G+lNuXN(I8OS5WH4delEWsq;jx&dp*#+`vFmL1V(l z>$M*So;=Op-|f&4QM-#o2KZ8mzy4QreL4l>uqeL>hF}x&ib`p;i%}#< z53RA*%j#|GbeBUqidY#6ez+h`_w4DVC&PqJ0h2%$C$!xze>DN$49JP88O-M>k(0HG zzsK*4CRf)-<{J@?=LhIZG|idDX%~o3Q<~eqROPXM3&TS?bFNqKHU}}J7brJzLv@9@ z?B9%X&#kGC$m9r-8F56AC5CcYAH9o`=2#yQ@h$D@X}#jsmw`f6R#7GuM09Um50Sys zIzHw_iZ(t~uY(O)3QcyY?_HF0@VP|Qa3AL(1L3deu7f%ZJ_pwNbq-~GmU*tDMcEPe zj(Jq@x&<<@PZ|f?W)Iun+$!b#>*qcc0}iJjuo=*cWyY>8;Pl);F+tL>XfWgpZ%?lW zz=pYq7M#W@M1I#Eh^T<*_vTZ>A|XmujaAA_-Bd$(497hJ%v7lomWiUzPE$F8aY7FQ z4GuEjR;qH!bJcXXScM4o<{-_?NK@FJ9X~y)OGNw5k!@qj$QF^gmJw0)-~lyK zpF9=k##qZ35wj~8mU4726HZ{QS4oJ864@5ngzu9LWYkpLVJ(IdfR>yV&;cHN4Kk#4l8|+Z~;1>4^<>}yae(sgZoJ1YU zSjY)W z%$c)A86`{~u4hW_zCEhK!caLpto9-5iqFqu{6K!d$QVjnR4!SuSs@%QNCG}GSpx|K z4NwZGwqQd!YfHK^xhX0@YL)ul$widDq_j;9@TN}yulYK7^s>y|4?KcJDu+jPnMhhE zXStNSiv(g!G-+RRSQU>3g?Gbl!kYy!Ix20Ol13 zZyy}Hj$Vum-1$fOF=sG+8%xXcmB}5`lM=vjV^MR_$9;~U`2WT#^f}TFyrBLHcvdFN z;DwQOPQ3a?6yBox#;yD&W*=m{by7rNMHi-! zKmE`|R+VZp6ID<@u6fFMy?4BaUOU{IyswB5`RdXFRg5ht>+FEWImCWDx8P-dxJ_5U z%Xf$_pBtRg;5uC^ru!XU+KH@=>s%x=$ne76UUP0^i2m?@ZQpI{Jb10@I33hqlBGXK zrc(^w@t?o0bO&!qJ!8noD7nFc6ta-2=?jbFX#9OmQ+i`FyI$pmX?h4AoI^(0Dn`GF z!DWqJS)_+8ycj3aB69Uud$Y!I2+i~obzY63x{fnXnU%3iWa)6%SpS&tG66J`Lpt5F zNIxsiIZ7@_*TM`me)hc9M@QAk9__79pmG3_>llu#cN_M~t90(@3^;h%cUNQA5YEdLwN4g8DbZZZg zaRuEqzc+}(S7ZY0A%kN>4c&ue4-=U`Nrv=VP=$t<9L{m4opIKlO~3~Z|02^Lpv$*$ zQmuxOKQYYaXGBy&23a+c?)!V%)UwRkMuOPDfjvLes>`R7^p}=J)=Q=bRSf)C_m02v zIwL1BqT}qOqJov%b$Wv_E;AT824le@$x4C0lvU)D^*^p|to11bbw#f#K5YEX7#{G* z_?#bZRr~2g{RQwQdUnEl&4YIZx*oTE_27At`1FIsse}?qj|p=j!Q=5X+iMdEpo@^P zH#JGNk|d_bzrUWRuvo&cTz zbU-XCAb2-2&N9v^bH2ymSlDSb@sG0{4s=g9q zR3H4JZ9?b9*Hw(Jdx$*^FyY-1`XxWQDRzI4^~&!hx8)=p$nqM@iISXK%J3WW#~IGbT6LyWP+3 z8@{jx!&D#yUdZ~jUPMXIi{a(6!%LxR4;fy{ba?+3_r|irOLz*raOV*e?%-@8H!Urj zylnfx`pnV9bN%|>SJNRf{Rp^9;)2Y6;ChN;y#PR zkm$?Dcy9a7AI5CoDIJ=?MUk9aN@+hz9g;Phgs#76S##U_e%+LB@}tQJ_E_Jigix{4 zQj$~_KTGejWcAcPM0R>ahbzqX05dm3FTJ{E`nxddlc6vU*;o()$1#dtcfRaACZy!R zv#ZFsO4r@-;~GOgeu>O-cdr;dLiZMQn2kN8=EyU~cM`et;flChFp8>BAc;moZ z0^Tv;C9iq#IypySgU2v~=k1EU`@^7npLD(Oup#BuSE%99J=$MEuwX~CT3R;gTZal1 zPszdLY~=>BRde)y9Z9-EMw00P$ev*`ZL2HQbQFEFB2Fu<1a0E%AP!yYL7azVTkp-? z(Ec=n+Q`Izr(;3Q=ueP?y9YmPhPH~EJ~lY^->x6>)@S_0vaRy>R=V{ym9syTj%&Gu zGmiCbY_BgzwGZEq^Rkoq$JUpn{F+KNK2*i}kV#rE=mIjz&h<6qvA)!Kb<%_P?G8#& z4j>C{&?mLNQU@NbQe$-7dB$Nf-p0!{<1WurJ;7SBP$7y;mg;>}qR3j);Lnjm;mLN7 zha+h$7blhlB0R89HIY8G4vwp5of2?3rsK%^52fX6PwuKpvPf9qerX;_O z50o06*<&|@vuIHt+fQ(3I{muKOLDb5mW~eY!y)c{F80-Qce^;&vF{qZbMFI>K&8%0 zWDtj!v_`InKWYJMQ+_-DS^>e>Hl+<^WIdk@cNRCTHy-0^4)e=?QvVCpcp!@A^rr zO5{%2AgXJsXP)!!1>E?MWn=4`>u+}J`yYMuzil2z2lCeUF6#>|_9_fM+YO)GoiTj6 zN!`YmZG0{vLjmtB_%wJOm&jNK-p0UXz56rd{TMuY?(W<_17(tw?PB!*H-R2KN6=;* znScfRI1i81s-cX%Y(1}L?xMjZcydB60sRCp#^yN>4b@P|s?q595Ara#UT8W`j%9}Ol^UpWx;r(PnfE*vrD?_0XGgOH)YeosHow{)H zlKz-76H|CSHxo->G)*5c4#L}-L3Z5uwUR_KV>y)@a@ci_zkV=Un{&qKI8SuhKC~K9Kfj~iYf;E@)6E(3qLb~{y zFRA@q6U_OHd4`c5e2J9tOW&tGhs*VQ->OqJ%F4cX7BL(SsDqMfGZWo<`$yEZ4yREb ztwehtDAPA{szq|O*V6}1;Ep^OuAgYVrI|@JzwuKwzltWk7XAExs8Nn@LC5~`H5g>S ztF69>LSyB5T-qgjYtbzXp!6j0e%Pb8aVl94p}j}S^ey0Jaq7GtLiV|xY=^bbKWhu6 zd~uP!U+eLzPaD)Z>Nfw$54&_}0Ap?eiWcSIe)lt}N?|uZ z{j&>t8)xq{k=F(L?$Xg;{yK_QnaV9YZ6Qu=twg$GJa-K3HW%sEhv(fKYB#Di002M$ zNkl4>_3hgq&}8eV{`%V&^e!bT zrcs~^W9!SbD99wOO(*Ky6r~dBkMbGAXNZz+;PYoE>4Ad~I1N5ivYTAv+TZ=vd$os5 zut(|D6(B3--5Db6F(A53yIbAxfBoG5J{Z6#VNQG>QdNX(i3odXWx^bZd-wCTbL9`t z5sShfh{t$V zW;}?>$p}ptpIG-MhP#>G^P2Cc55fE1{O&-TzmEx`R)NTg~wRhui!;te& zzaQTE%xM)zKtw*7gwKAhTEUqab^htk$@sBeB$O1}q_@RJsSZ9vFR*{VPlcJ;YI@@} ztr5I&Wuk{3r>VNwjiKL~_on+P&4saNmLM5QiY4dJ&jMq0{zf};$AI2yUeL+*1cE_u z{@z`vPky~d!6|w!7`)Ew;5|!kF5neqWUKM@*R_du*$KlXQ2n+ZGXR*ua+3g#nVxfw zUOJ9lr5C){8vQ|^+v^Xa7n761VVrf=hl&1aVKQJAFbu7s$n2!4YvG-B@GgG06Zve9eIErQN7djf})o~ z1esxpQk7?4{;@7_P+~H)&Dl@XW=i%x-S=d%e&_24RExoC-y1|k6S#DRa}<*cQgK8a zC=RIWG?{b%y;&zOPiPT3EWhuF9{Qy(t16)sBXW=ouqCyTt+hsVg@uJoC8e#XG_6~& zpSz_0_eXsip2<{t=|SChI9tE{Nuu)TJ&~UC!#;cz!;kIz#?9d2P}>P_eT~dp_)S4NrS~ebluc>Nc4VZ%m1NZ%I*OuPt#2I; zsX7nYmRcJ97dqAY%5iN{hA)kC($U_lb3Z$)w#&#Nl-#=avsLU{LS;(d)Vh zK0D!YtK2hIUd9aT7BGgL0iK2vr>|A7{LgkWakJnzl!bk+Lcdl}j$9Mj(Yp=w*kkt* zG_wUQ#0SZyFN)Ln=^?%JpS$I&EYZXN;b9df4J&KnO`MD=db9OmT=)>?%6#D9VmI7O4y6-dP`t?6JpyD8<>t1^u=l`0z2_VZU zhQB>kLiF#DI)3z1UF;au+my#zLT-!QE3QE}+W00x6zdZMI`iV+>l7t%1L0CV@RhD)7+&`dq{wsJPg1&1vyac_Bsu}pkX)>blqwb(Jg#`@!Neh%FyrP%Rw(0-*NxugB&_@$0^}uKA^{c2}?H zafS-M+rUsU-A&o^-s|8E8@w()u^T+@Qj0$3zwL*Q8P5tPC#it!Z*DYQ=^RjZF9sl! z6)3ZuiXNGX!*FW>$L}K9aI7x_L*?DiepZjv$LWcTOIk!;KR%E`2|}_s=?Mi>Vg}q} zIEuX96H$o#$*eRX;N=qp6cG1_!Rs3#GMKxFNFW~u#=`Pq=!{I|xK0heaYh%8FQ_+C ztz=3jSw>(i!*+We(Qlk%1wP{ghSB*|?reC5h+@_gn+K2S()OuXMvGO|u(>;V&}h#7 ze9dDzGZ_Zx8EI)jWza(-O!+*+%RG3=tf_W*c@%^FCG3ap(Y zb3}Si^i4Q#jLwSTmybVPql(RT^}Tjl7fukkp=wHmCZdZY%NP>fW8?TQI<91UT$}n{ zJ+1RQ$8iTk3fm*2FSzC(bIydf2nMiu&QiUGc`n*K4d{-?KId(uWi;ihe9v9_rC+;W z`^(9=B?BXUYfS629eNRG{P)RDZziB-zFDN1QnLPv=5$Y}%~dYwMW7Cn ziJQ~Vq|!ZQ>^p{GvOF#^=T$PtZ|gDQwSA%tY$&Hl$poGiY%XaN{e12-52}O`wny0W z49=|uYAkl2)$plReeYPGdI?-vMhCLMn;5d3BbPS@F@WdPH7GA9PPH=x?2Yv4>@*#* zh_)d{jIFSmD5)wX%h>JT+9mbAdP?U{t!W?**%}}CWOEGLJs!vX-9LPp*MbjooD(3p zQ}1wtZ{tgh&&S}M0^Zr3@Oo+IG1UGsz%zR)Cyh260bhyg8mjfe3#E!D==|JY{UiD) zRRtEXF$O9KqH5C9&sFIgpLGbA6?%YpmAu&zC6vN{i0e`YuoE z{n+}7oAk_c)%wO~AJ@V7bj=~NZB4Ph)go2xW!#roALGt_=S7|1ZzmQA&SQOfjfeDf z)0Xnf2Xy>or~dORqm&sAVZSa?(}9{@$HfDqg!R8PN9p|!J} zI`=2}KCAM0`f2Y8I6mCofo*Vh6y0WA_-u75MrYgulikhg z?Z*&!6S_7Y?LAR`wnTdzbdx3S#6{$v>-kxXuGa{hU0?igcv}Pv*#Vp)c;)?}PBLfl z1E7mM!}_29CIEIoiN8I~T3hw*e|m=!sOUqho3l`X`^zT}$y=>wQCeQ!L;9<9&8W zu^;b?@8oSx@Z^%P@@5;W^!}ll`nzvpT)0A%DPDX_54OjctqH(!L=*-#Q0RMy>FGoN z1H7P-4TO5ey>lz$dWO}_xOE%14m_fwKM0-=c>aws;1S(N`IA+P7IZh;ovilu#uyk& zqg$6l{7*v?XlOY7_L{qfMP%uS#WqA#!6-JgNdS?&; zZM}KYi3Bi`wkO8IjL~e-yJ4N4S`kW&_!qp-ukgFI$eJ@sPK}e+j(|#76?3xaN)#NJ z3?SKCV?1O;Y{N^Vj24ktz)NF@2_(Ct-2Px?vM?$k)LlB$qcbR%y?qlnN{BRtQBD+v zG#4sV4w1+iz|UgH(pI92vdhUKDk;IDCTMoqKd7EjqMH%IlZg(SEFuyWK@*dsX6ZMu zNmfK41;qg&FiMgh5^nLU(YcjM+#r>9y04S0hgo%E-=1AVFe4LfbACcg%)4c9jlK!s z97QiVy%^ykOSL#BQ>RDtQqQ>FVo)zxS{7ftF&n4B!gyVt*h38g>ak)pEWwbNfWYS= z&EVlA8XnM4FHuFqq4o3$^vJuN#zT zmw~wEg%DdG5xBjRM2paq2!Y*2pdz%#x&4D)5#*a~|4y=h{gYarp!N|Zwfx4_zMqCSJS%Ki-ZYq+mVU1W1zUEhFP-)P4F&)$1K*?FCJp5L4L zcFs9xWRL&}5+Fbjq!>g|wltEgV9B!OSyxTm@s`U~-e2}V*sZPIt+8fy#^bd;w&aoQ zu|!gVq?ic;ATrSCM&}%F=XCp~{XFO1ZZv=fi3UJgu9_F%$%NQ&lK2(RJ*AL{(jHYouW!D2? z(ps$pSz}~@_UV_W2Z1Oh<1d85YMDw1O^#2(XIH5Yu*&*R0JVkL!KG`@BEVLbRcYtr zM^sAv34ePJ#kMEa(GL#(D#o86>D@$KyBd1;$j7##)F;1Y3LlIfr&3`BSw8z4Rb5@E zVx0H6(E;G1`gFZ_99uTD#(3^zf?FSouxN^Z1c!G5qp6)AJ|evAzzZ*7u;7sJf~D^@ z`Xe}QeO}!9&>MfdNK&3rl~R?L9;- zocc=O8OSulct4znAsc7VB3W0xL|s}0dNpU{>cIVQO=nm_} zYO1V~4P!#NVXoi4UhGWbG$0EwyfjGmNLc^m0#^ zJexyqdcIdfeZA@eyRHqXdcgfgbbu7Ra0@)8kZ+ z&Y$Vm@NkI8NXUTPKG}kkE2l&PYOM(4H92EQP9~Ppr`Qd;xV299s`1tJd9a{0+t2s1 zZ#U?_{>v@%aC>{maI|Mo)0VNHLC`>1=^`1k33ZQ`DhllEp&dTuWl!tsNwV3<8&RW*mKlxyoby4azY>q4aqSIWa#n9rDX6Ybz1KcuOsq5E-G9IAfCQi#-ot^1<7% zTSFOS4V+M`WFIAf<_<*jF=oQkP4ULSy(Js4O<-TtKJj9pogqN!BIi+d@sbYF{v0)u zrY;VueYQx`wP7-O_&7mfK7)SE%Vj;)sD=GrMxDmW&#$V5T8#TK#?J$j=8c1LaTJKY z+H&MD47nu%4UxgsPnOauQTsF0wkXT11&-?p6_<9nbLDh5HB|>KgBiYO=L&Q*ew;8p z4jC{(CP$1jZif25YoIQ~QgoSyE>l2_nGxUQMT=OqTE$N1Fy-D$e}Y9SK<<608CYF1 zp&TR=8CPD`^}z%A$hZLw6O@+;F`=vrc1Ym7@=harPCyro8oA}r#kUA-IvaYA6CNyxm2SX^%*kS5IOaZe63drPiy{3VOtfVeZb!k9@ z1@KUl2Qk3LY+W;Fw%>1GXV7JRU1P|nspMsi@>eWo{H0&LS1{`SuuncR@VbXq)r&0Z zV!AeNNZn`aI&zo$Xmfk1+hg!m%XUu7hG$eYYscPJJ=rj)05yp&lSz1~XAQ>{XCG%k z5DQHdLwE>y?Etm(9(k#inzH43qIg^xWC;F(49(eKqZY_i%fVTh!-BP76L%$t$DAeG z3liv)TiK-6eJwg(586hmz02LK3j&DJi%Y5D2NV+!j|YPN=m;J9$;n~8djSV7^1v!Q zjghDHL-q*zOxSp(JL40;zL5=E-3U}X^*~Fgp8;>dAI+TN@b>^+*gdXmr>Ng%jso-t z^Ap_YYVwcuzf&XF;sl1A3`BVXLfzADobMPp=TkLl-Uu4pFMti|F+ z<)-N3v3bL=mYz>Ee&ZJXqz)OCb*Z~HuJ+R(-%n!+qH+$P-Ib*Kxf1kXarA z(si$1{1#c>b4wb)fw_$5JV2IAOKFrEQ$(#JI$07I?CG8^E0y5Z3o>blEayO8g%173 zF6C2?^@+k!1x7~o>KWEcdW#l|8kL6uFq?6#`x9+IChu*@^FFRerl@ko*+;7jed@lr zq8|l%6rUJD4+MpVK#N$4Pn)GMy$~6sd>4?Sg*p)E(@cMd{^5gRy>rP7zt}0TcVHF4 z-oo#UWqFC(Ud(xVeuZ0~EkI;$+{gM{zi*BCH3{70a;qu60*vY!yvgeICC@WExvif| z^s`@`7gzP)te@k<=;LeZL;tsaIy&&V4NgJ5RPYBhH3n4Y+kTA|p&yWamqt)=l)8UQ z1RftdigSTLf{*$*m#GE4=%>bRpI`5G6981OPcMBtLyu!S8o=(bLbh&NHW{!bQBf5D z$E&qPKmfdA`xo~xXNI&Bune0#;6PzoCDAtO0Y>zTQInt0-*FIC75P=Mf3J2RJMZsp zS3B94glZ+T02p>0-f4P4HhiG|Ap4^f6pOJzg~+B|M)pDF;Y^`sYZ3EMzEdqt1$x-u zt5A1`{{91?$u3hq0?4Z5{4o#kIGeu}VBOXXUKUxzc!dRP+lbSPs+3;=kjE%@$sY5Qrn zX8{&=1f?MpWEWdav<$UG#y|oX*8816e-oe=UsL zY6l869XY84y-zXomR?TzCR-qPoz!P@ofay7L?1Bl-7AOB~qVIO; z^GTn-F}^(dQG+8iU9HhE^`yr4(fasgmAm_BIAqL_|Vwo zgYU=LOkj{@<$KsC>G@<-mJujcR|^Dex+*~tYk^-6bIvV>fq3;5>&OxGdSs$p&fozY z&;5L6*ez9)V+f={FAFX8XmAi7Lv6c>De}UxjrCsZL^gX@1D+w}k4MzIV2%@$Uy;cS zKJ=D#9Ywy3QBK9lX6T9z31suSc6=B4CAvVHy}EXGSw8?-COkNxE^5#ZVefO(OW!tM zcUsrCwa0$-vR|XvuGesiCFTe;2A+Hd`z{g+{FOkONn}U@(PnX0n z-bbH`G6yka=*{%BfT{bvKJE5wAE6*At$=+*rfxaDhgSGR`&g1sob4l!n7XiD^|6lN z6N829qb6i#5*OGd(BPQr%l3L#KsG1+&tv`IJM#q|S!Ev?Xf;I?n zKLabu$ehyk1)zCo%OaIbkTS(GKoLKy>0>ZJuBHz{s;ixGYj4@OUSl9^XoDd1dXk?H z@S0&}r(40_9GE_W|4K?i-k_f&AkRgK-P~R#k@!|a2p(qpXA5RzPcX&--ae`2Qz5Y7 zU+dG^4~T@cXXW7yX8azQ#wsbbt0>o5v~32JVMNp@0?8r*>oS^*!BtsJs6xWKBh<=C z!w6(GUd-v2p#PZ`DFPF+`M4LRXymdeM?VMA>Rd>Dov(r-)uz90^QoU~AM~lD;%-7P zf>#77DF_s#VOHl<5dApZONuIRRKT(HMuA_<=5U}Rkw~AGLwUN~zNWQe1Vq+m4vIPO zuk@Rr90E&3Lv(Z!UDnn`>MBYGj!(`xqIYrFeejBUjEo3%35~ z3#%xG4n3F0pyyOveX(_VVoZXb2HA9}oi$VF!&u=Xg9fAB2=s94bo+GqA9wr{rGPCl z_G}CVHcF7h91%?YtUnOnh!7pqLTFs4&djNMI?usvW?Q5li^L*vj4#QL(?4w-VP{f* z_a86v9_tY0Hm$f`MLV9ruw0`*`U>?lx^uPg@6V_WNSw;Y9#QL_9EwvD)j2>QMqi99 z7cyw6GLVVU)4}B+IQr;^MN#|V$7>$;t`B1=&i5-9XMq#gr4uiFNmVEI>hTX>)hq8^ z)Bh8l2Mgb_Y~f?J@8Avh%Ez`po2DK^6L?R88byWWO*;0QU)0eiY5&v*I!$Qd|Mqsj zy83}xqJKVw&n+*;opdzZ@-DAi?S>oIJ#JL%A`XEx94`esDiGF!DgfeSyq|1aGF%7A z1Wv=rXmhw0?a|_7u`XUi35OS#b57<0DdoesAH^WQfTEU(QO=){O${_4)-YmusT~sF zT*=~GLCSVt87BA=2x7eK)1MCp2ru*nQ927saVAv|#F4LE4f)#t2MuI>m^t0poULML zN^Q3E0E!O^Xl@=6y9ES@#0g$Ondt9b1=88412y>sjN}r{I71LjP^I9H7Z<`uacImA zjBAFX*a0$dGfK*+d00WIciL;*y1igVoQO8s16DDI_R`_I9-JbUa%GvW+rI9!UNA=a zkS%UpH?J4xbmq;3Gc*wlajr*wm*@)p@42JLYPhjKdgqP%GYY7BCY6G>U!fRe-m$IIa!GnhB$33Qo3Mqq6PDJoLj zdPMt=?$95ryE-t(c~EZGRxBHups6&@&;S`p!^1#Pa86&H<@3};!5C(6PaX_@ z%Z3+*!k+_im_ki3PDf93mVN?VY~?+W>l5c8$&V6b=*yxB=~qtH2(lt7*z8W#W+n7= zoylnJ`m;anQn0>QC;s)LS{+zb`{k%g>oIQNk+Wjbe#V+XFw+W%16eq3TzwcaBQh{v zWanXMBzq;2vgkt&cO~~ZaxIw#X822ZDMU}Sr`2w=nhhq`t$%hiJzU@ubd3VJ7r_`Z zjpJzmqL$~F6LS=Y&9FW=y#RC`^Ht-aZ76E;B(x9WbTBxXBKG?pBJLmh7tJ`U*7v(D zWE`8B@IKF~x(Lw9&BtI{i0p+9F*_O3^R0>m?A%M!T&9|zz3?sEP)4k z$j9jhhnAb%Lq;V?Y zig^A&>EFLIr>y35J@wV7@_=P?%K9zacRiCLcT;=EiwD%%-Kz_VW!w;xX-_PTa1A%Q`vGt~YVIOw3r_Eg*Kx*$b^r7E8)J$Oz1N)N~eGWt?R-2af5f zN9**>htgG*M}{wfae*KR8Qw9Sdik7w)P}4!Nss_?lNBMiu5Pu*9D%m{W}jw$ST{+! zkWp0Cq8Fby23F6@A+}2F!LKd0@k#d*mI~D|LXRh`01i?zy&&u3XKgsl? zavS|Ts~@lT6KAdg-EFU*PAkGeJfmf@0{c5M_4+%z^zgM8qe?2Nf9r zGCnY)w%HsU=0wS}_3*RY<7G1MCc0F&>hnjBsxUmPX6W+9$!q%ldkf0j$$I-r%oTOt z-nh2z*7`n*N9VLMyP&Hdu$N9J_jYn0B_rES<}v3-UL_EDM_6Y~QSF?+sJC!jz0vO{ zODju3gSbKt^RYJ8*BRRw`X`iK#eKFun+Oo*zBl_pJlS+#CK)7-gTkBq7*PG3txh&D zqlI0(ZlvAl=lj>$^PBs5^L|f0joZ?w^{OGtHH@gQ{S>^&EX6)i zPNUBF8IWL5?U9X)FqTP`OZI1pjyznZ+SMs_P$Z>i7-S0c9_yaLZ01z~ZE5q@u%=zi z!)pVb%tJu4v)P;pK#gtY6E+WK#J1c>e3{n&|{mehygljqw59%=o5; zn{@93@30P~Nm z5N2T;U1B&m?7qB>`>b{}fl|n2$@@6luqlRf$y_7}Au|IQWG_hs2deZ)%Wk(0p)_0G zoqp8YMJ~izRQ*&KTQ(x5_VWT_e-qxNct8H~22+46xc4-oCEO@6k`rMpr|Y^z=I(Cl!JU3h z-RUFgf*_`e(U2}(SXA}lRvrFktB#L+q{rX;rT+4r0sSRewh`pxb$QqErc{G>93TC) z+H5zjZFlg-t($)PwA-`!G<$ajS@MOpkJ2J4Xz$fz*N9Hf2g$0&9)cciB^<)5*Fj?0 zp^xyt6oM{Oite68+=8Reras^AueYj@_xrs2ydUwvlr^yT{b_|1Kh4+9RxlGO{$<7# zbCleeYBsS&E63(Ejn}me9PIIFHVjc8d1MsXeHEW@UuYtE-^2`uc?Qv7-~sQti}pgU zy%3&k>QkVM-d5x4KB=(v?QALrZ_L>07nmrU3)8GeI3Am#fI5ZK^L=wf*Ar1$iV_Zt zU=$_KqJJz(HUeBndOnz)M@bLgLowWmZgAmO)kAb?2;m_L+)q(?K)Vkk0C3Rb=1B@+ zw|2(u?RD00>ziBrz41|-I|P0k14`lz_Oiu2n_o(OG{uuPzjM>?ux$Q@E*NiP7|G@> zU6m+?7zd}lWde`G7Ke+*aX|S{sskwJ2@lac%Z2Lhiz~aqFq5CA=G1PrphL`%5*@6m z02+kI(`)1EBcf@Z2m~|uy5?@`!8ZP2FlKy+GdGdt1ua^Z7YgypBoSZMT_k0X!6vw| zv+iln;Iw=wZ$TU{QHwMn%G07dsf#NJuTi}2~urT968iyhLhQraWWP28Y zWYJ&|B5CY2LzYhVgJ*J{xxHubT^@_9u=ele;yz~(N0^NO-?cc)UYWp=1qS}+@j1h} zjn}nfGsxoLz&A&tWz9KZfi-ULug_nc`Ag70FE5&cqbCCN8g&P3d}}eJ0yCWO z0Y_)Xm%tdnF)Cj!h9*+4{RmO%YeZI1qhg+#Wfn1Pbw+SmI(kOK&~u51HWYG4PZS#0 zo-rZ&`iw8U8T4-QRt-pP6klpW zxEfh7GB1h{sygcnrv*`c%Vf+1j5jA2<)#7Kx@NBv{%f@qEZP}Ht~6jLv@)tO&Z&jZ zmn#F~aARpV#^HS6JE^<37kq8ftTU;d^tEu4dXAw~6LHi;W^7AVF~)shQNQj}-R|qU zMz-*^5i&t=tSnI*WC%>?)63%u0OwYdNBfZmW$dfacdCF#otsf~W>kID`uT_=ri(<0 zd2J2d*6&S2ctF3pU2ba?$Ijv`P*rEoQ3E1d{Rpxv@lqY$wX9qmf7dyiR>(Frf$6j8 z*XH55{lW{zhmG&L`V{a2CKzSG_5wVDGmMj%$ae%-BGR!TYuTWDFo>mL*q3L7jHFV| z6&wpd(e8fwS)ktzV35P%hgSPC+xQ?UbtdS)#(TlNhctw3t zjA`gPs|3*ukd;ufA6esIq0$ynep%;!f(z=JJ<3Z5@Bi$S+ON&9KQJB>y>A&AR?{pa z)n41BY0VQ&zg2tVuDxaT0WFlwY)bAe<9wgp1rf-oF(>5;`y_?}%Os=FXX04mT(Gr# zubr_QZ7_V9a**IKjuY^cUFuhDGtrgI^#aj-i$wn!tZ+eI5jB?xys<20cuyok(d%e| za>%UQeS*xYdiGG?H4G17oDM`%lXV$iBLk3HVmlu7x;jgUf*bv{=524;d1B{g7^hPd zh|;7Y#OuKQMwSW3w$Gu}ax}XHZ8v5Vy9kcidDhAzYd6lBYL`2w;ej#MsPPm#qm%Er zx9{tlGq~INXPK536ac+$I{)tZ>9+3>M2s&l&mueIDg>-vW%`OL*rS7?DP6@un;lrx zQQ%!IFJcgrEny8=MiYTptkV_Frp(Q4vu=H4L;Bo)2hs+JHrwwD1Z^cY?e~~vN+B1Gb(8%% zwyGgu+!Dx>t8-Htyg*H?#bK!*NH@-=xOPwvt6tx0AaIV1rU+;NodkBA?^{N$A}TfI ztlJolotgB>Xky*J`Qk;ph~6}q)`E&^?PXo>CEIYZ8;g0HGjzV}32rZ?=)#Ob1zt6|5{K#%V_hXP8K2}Wb7HhN0T@~mAT>7!+5tQ(VO~~V zx2RT&j1D7zFY_Ft+%RY*=lGTf(c*S4+J(QE46%lhD{AKed(BVArDdSq7k{~>8=Etq z@~WD&`;ndc+~IVfgMhz!^RmtYW!pK!o(Ag5RJ17TXn}(*T!JyOW*-h!Xgz-oNTVLT zehDb|i@=o*Nj24+c^EFTpcQC2oF|ZswymC($=;S}wYk0e_4dvZq(XbsIBR_|pp^@Y zwPPRkBzI7|EEv_p6u19Yd>4?YK+vTZXxBr*t{WkZ)w^BDea0gcPvJU6(*gL2sHze{d=&eYAew{bjNU&K+dHdFZl= zLDc9%tRsO0Z3+!_>$Qu$dix?#?rf3tIt-mg7YhbJcd+`t<_w7}SwE52eAD{b6#XRF zCJaAw{WSPQ`q@K2=d7Qp9&W3j_F?yB>oY=jDA^=u&MGiBB+oF}5xD_)H|v+u0V{)( z@?nh1qE1i%1M~D8*=+)e{Xz-1we&Ow*KF1^NjdGjJQ zmq`ss=bSRSWTKxTD%^lPv^MYOvVFwf41=N*GkF6Y+K+?W$yGRE&9F}E7?4Y}b3f~> z1%#2bm<|v`^V^=?nk3^n4|vqw2Z~iky}PK@XZoFV)m&<4oed~XHgnwpPy*^aK-F_! z;tuyU5S;PdbTxLcHb**%OefQc`XaFDq!IUH`?)^jn+Rci2@bc0J!f?mp3AvxJSV(D zZNSx0O;VqFrLtDJO-tHUc8$Qbn0nyhvm-!@pFRup=m78`1Zfg1<>uY8qj3iLcT1Vo zVRT{YIy3Jp3rXJ0F_yec-$|XfarTkP1r}hjE`O#zL|1HG^ByOTm;QuUZx`CAp?jT7 zQ3z*5erBQe9JKk%(^@0@@4Fdlyl%P? z^FV>2LFOS!77Zg;0kydH?;|*Bab9OnQa`w37I|1O+Ivj6MUrfz`lu`WieWjyw=v!6viJEF=4rpsNI_XBNkyIx}6XuD&#C zL+;R{FMUB(k1y!pGB9C9lprZ5({6EuAo5{dygJ1hnnabjiMK!(2QiGD;l?^MJqP=h zMXTTQm1JTzKBvbKm=YutGz!ANqQN(i@#)5AP8)wsDz(1~+Tx(dG=QZPVFSEDhWGKz3fjHX1``w;;9v z0b9m*&Fl7{*LCuF(3#dvhBSM!{j=*qv}JU$e$Nx=)N|&P-kc}6y)#{fLB^N)keZI} z*1y=zdZG4KI7Dso!C76Q249rm9-r}!`@J^ygYkO00&n%93o?oKxgYMYV?N|Nw~sv3 z6ogMiv9lUt7WmDM@Gf(Y^=12L9zKx;vQ7XewLj&kzQ5LQz8k6h*XJ@t&(e5(V2q|` z)vJm^xZnQnZaulLMClm)ye>6}g=#0OO(qdVfz@tZA}#+8)LOWx z&cFD%E}!bqo4~@2&QtVnxl*l9P)n+=Ma7KC9C9|S2RE`Lb1}whUl009vN3xwOd16} z9S?nwh<1xYa2$@GW(0LvVyrWK$T+af5;MvnP^`Y*7^&%%IzWAfdLmb!#W&B`rT!MCx#U=p#psQjX6UY zd*3poyhO&{xHfLO@zOSb+Zdlkrcj94#f7TlAah-P-5a7?lFYah=o~0&maem9pcGn zCFyBd9i~{N0mtAR#(dsU#vc8TaM`{w-iN-&Sgj|vrj0iI{xN;Jzx$X2ctNr~qsu3^ z_m4oDPqj(sKyc)S4p?Q(u^WK?P=kL)6H~x3+F+b8rs?+FP4nR<4uc_Q77<0peQZ%D zIP{l>#W$OD(JclvH8-o#t3ZEVjq5{{uq$*D1aF z{xx+^4pM}k01%?aHakr|9fBr_;>B<(GQ%c^uIaVE0;jsH2~7JV+P7ne{+BOiXtZxY zfAY6|>IMJbXW6cw#)0uM1GM&Rx=o?B;`K2i?IQ4k1OoX6pJ4vo+!JJDQB*;q>;jC- zAVf?FvU6p5sZzZ?2~`)==+ILoA`wO}aBh3kmN6EDboK2){lkCl*L#=A+CwP3^<25J zZ;ftA{^s_d+xs6gfV+5WouuYyAaw&6;1zXu4eKwze?b??np(n`=IV)TdX`0*Cu`VP zbQ@!(#?n}*U4xmWntY}}(Q=~CaoYL88{bj8qyP@ovt<6YQ@d@AweP`@Wt$_BYOiZk zd&?i&UNREd@wrX?`D}hQ-fEkTbA@aYFY|2c!|}xXQmQxi-c}pUSg;Cs$R$PT+DBCS z{AgS=SBKymb2zQa2xvALE`VW?I#aAQ!+=jjsrOi3t(TrIR>|_P&i(mMbnX(cq8Q<( z=gGKHB6!Qu6%YbZ)vuM}PQlwE%q?7By-7ig~kcT68puVgi}N z-p}BDJExt@!t^E`&CrJf+P;#Uj(Z-+fYixWF%I_yGALqIxr*mgV+wpN4^jS87-TFU$}Zcj_GRCUobGq~ z`$1i9B6ygsLw6oAe^A=aBRov*dH9el|amN81`o(d4$ixi|Sh45Wrwm8z?1^c&9*z&PEn(|`U`oxKVi6voNf zIo5T&N=LrjpzpObD6(l?+j?_`)D&IJrDY^=awR;-(ZvZ+bjA9z`7&igwjtg^=gp7(_}^{q**Yd;5uL@0{GQ}5_8Px` z{LR~XcRkZ8x2#$Xho99Gk7nzujW|g@YS;huH`H+eI%&a_2iCWNnnlnb7bt+fx~oDZ z2Y~{dysTbomR&hJpr2m%X=;KXgdnxgit|-k;8DI=k+@uZnEiqQ#)#}Pt!VEk?R|~* zx<0z5|NE~g&fYgeduCLm=r@Juvj}RaDfUvMvrsGP2h>s#(;pvXIq(ce6Nq6yeYLgP z@q2qUe&qwTy+$3g_#8#={lGB+4M#9c|7nk2b8}+zY4mlSar#pXJ3<`Y!lv52Y;WD| zWjD~iIr-24Jvp~XNn2ug~n?m*;z3MNO z7Q%T&MlT|0a$VcAKIw9Vgf1Ww7+u0fmq)0XIeK0_Kl_m`o*UN7ozxCCx};|VyH&t? zfi4*O?6Mlg59G3agh4g{FY^W0_Ypi2ea}r@sy0#PvhY znFPj^+C8hYlN!DBrY5d>^zO#I6YD_v25*eI&EGE6cbIoS0UB3B)Qe8dyAjJ;biHvj zMP@a5*YPQ%PqLqoi_1Rj9?pY9)c*`=Xo$>K=DQ~Zf(dgG1p<@Q6~;fWzAo%D$kWBy z)L3&FtBk|;2am{NK8jj*sk}N%EioKT6a6~V8CUxV=WT|ykFhjgOGAgcpRB z85^H3IleF6GQRk@PTKf>-m6nX3vPTK5DsGARUCTL>M^?P-l>CMtOI3g6J6}SA0_Ym zaA1b}IRDAwHvP&&uvBDmM(rPV>A(D^E7XA}7$6%R$hx{g1J=7a`uP0niaDp?5UKfc z0b@jv1h9h{Rh|8U`>d9ueciZ{JNU-m+x;zdKj)e`d;I8d0CG7#VSC8Q=-YkdU3`9X zuZ>r`YyIb4-2X`*@ugDFmO{e>XO0n^xu(~U3Cs2zQtOdt^xUCZ{oxL;ik7=H*>+n0 z>9y->A0}8H+2W=eqMy{z9p2w+KNx>Z+TiYR(`WFqtv6?fW*<2|VU8^Lm&NfK`3OztaUU5pU`Y=WMH|5g5RcN{Sg$_1i~IV! z#}EvN>>(58GpTXKa7~ahCKaK0eRwX5hzJyCj7K#Y%NnOP)5(QiQQ}qw-X`S-OO;Db zd^Ai7EMD-Lc@|fMC^gb|tp-PK#ymm|N@(987^p;o1%a#rI<2g=QKeZJO_ydBFhSc1 z{bsbsco)X&A4U-cLwJ?cS%c=V1mHEit1AfdOB{IUw@EL%Sw_}*nkju`_V}r)nGXC< zb_Nl66u({z6a7Q_jlmEaqjk8XYyetioE)NCwMR6hMFm@X%Ta4@-H>$qg8NuLX5%s? z3oaYLAdv%nQDecJa+a>@!?z~&9?=S`^eaJs14PC3w-4w|pc^`=wY8FuvPL@k#sF_` zdfTr!LD{zcZJoCLKvyj~ZhnQIg^E?wD2E8CT?Ks_v3d&N;FH7&eXFRQLPlL9M#EgP z0NN;qN)(kHz|M!W?OxsI4fNX#zj4E-4FfC1;Tk2H#YK3S)66kB#%F<4o0_tz*|;{p zvGL+3|MGFSIeNlN)-XuLiB^vTUy|dGYfoXH#wl1ZlcHxJPzCfzm0FtuYRw{I>?%$M zBGSxw>kQgNld>4)2j_l;NVq7k8|FTQgL{Bev2G!eIY8`G?B z46zA>skIf9N8cF?Zs0@{1@>f9LWeL8RW}q9IXbFA)A*AAZ`zC79PIW!&e;_uQz1qa z9~FDFoJ*8n4MlCqvMxfwEy5Vy`@s5TbZ6d)3NwuQ1bfua{M){@y=PEEcCIYjIcC~{ zDXvIHj_(?uh;!Cf)+!%*?AO&0%iEx_Q1^{1#AvgFldMil4n`@(8lXN=r`nnoY2ia8ZWUWT5%mHgLJiW}>P6m~=x3YvY4}$^i4Q|n%kEj7Z zk)WgW6DI($E&a=LWO|Qi7RZv; z3bGc+NXQ`*!D<9e&*4CsN6{r)!C*^@F{)(|iM=>Asi9u#afN^gA=QsU; zA_CvD6=q9(s|#vv_3|BFyY;iT{(Xnr?%`!;aA!~WGxL#gDpXcQ%_EFkL9(AlyV(x} ztqsnRwXj~7bK7mC`fmFU9ubKm=aF@=0+d~hS{gfnBKduybu$WrYRE5eS^WOrLN+9W zVX3c8BkiL^w_0`)26)>iI3WVmkMXj8voe9N_AMj-nD)lrw;&;dkg_k9sFQcs`4Wa- z51BWsJd0U&=SG;lys||056Ys+PDz8nC)0Yf9I(DP6Fk@UUo>2#SY9QxoL5!GjJj7x z*ne0YEIlc;-<=Z5e)oejn9Kx4pWtka(no{cHe*m^txFLg2V;vEY^JJp90;w4kTI(3 zi&UC6stG>hLH|N zP@i=sNG-^074B|OSqKtk1^@s+07*naRAViX-+p*D1_SQea$Vm-s*hdc_F2bg3>Fi; zhU}3g<|9DHb5?PK@~Qi^x0=8(G7U#S>A;=^59Ag{Gwb*Et_}X;2Lc%WQeIb}Jv*}G zS(wqt)jo|fS5pLgnO)cB^Ik7=K*H^THZ)WboIcc;I<`-$jST|HeNm@Rck9E>358}O z@&n6lGP%w98mJX>UDTu9Tcsu7WD}MhH8`$OAY#UbLG|!Z3uvew8nE`VoM)M@8K%>l`(k-5(M zo#CJTh79GPecZ-#W@PAMIuddL=Sdvl+e@~e?LVtmX7V71wyTqa=meim(S`OMUG`OJ zIj>x?5Of(Bb95OWNzx^&x>?2WDWgkZcoMoqbbSOp94F0o`ng`$`?h{2(y75=dWSg* zZ}bxp61f$<7$_>I_?dh|wnP*@k}%naj}jmcp9(6MIx2OCA69E?mP*G5)iXr>H~7>5 z4sXn-jy89*=Iji!^|?mvFr&-TexpknkoL?eFu}H7Cd`JzddaFLFt(B!+XZBL4MCSa z=rU?^0Pm&M=nC^-QTsQI4_;{50?2J{d|}3i9Oaxq%<;NI*6SxrIfG2u2C}AFGL-=7 zV+8oyu^ED-*heul>=LXxJqk4ZTkj}zEk~y|t+Rv~FwmtdYID@cIiH}O?f8{(bzdTL z3Yl+eY6$-Pj=BnRbQuHw`ubeIuaf&3+gxefp>eiqp!b$asr`B(?ocKdb2H zF6-w^vY(?ftC}La+&-J!??w}oTd`{)BP96+gvLH*m+g&UA@Ixj=_7YXGFQGYKpWESbgsz zYaE@VZ*p0~oVO9yvhltc`qJtQ^S+#+kf#JY99dD`HKkK?Y-X9gi%#wJ=3vyNRuDDV z^XHjqGF~FoO){0pA|?#3H>Vh=&_|n9TQaMq-t!vj?o~f_y=fd>xU86Sn?Ls2NT1HV z`Ie@x=IG>Y^OvbAbmIorbPUV{`Wko&VhJE&}aMAhZkv%0RpO9pg# z1mq@ahWc|Xur+DyH;6K;nX{f@mZYj9?Y6#|y}-6pfQ+(Cpn9uo3bn6-QX16M8tLhz z7Waxq7Ld=@GxE0e^i3Z|*tNMcIoV`;(uxo_$bc}X6sO~Q&9CJ}_L5T^u&Kfm&DOR? zkV)L1t3)m5>d3NoXZPq5bs|@oKTjN4D~I}lWu@BFEO-SOrwH1M5p-9|E) zYr{j-utU!=`wBXg&yV9OI;D&6ckA6=&NTRI9HX|$KDMqs^wp+6ki{Bioz<|;_Etid z1yD#*bQxluSs;Y5Y!l{h8=oILEMql0%6d(@m955SdK}}Ejc<5KI~m_)5F=KXlH*GQ zKDhvh%Ds%QWGw2&w*>M@u&|n1o>^+n8Bv&h^6Kdc$8W>fX4c1d;a$ephf~xt*WpV6 z_I8l^k)@^CYRVbrzCpcmiu+gxH}0F1yN_Uz5p1d!jP60Ma`IWMoS>*eW#x~mI(G=)H%D> zPc2DmK*G=5@_!(Gvxjhod$HRhUuWP1&9dM!a1z60z+2FflOvscZD-Q$>%|Am-THor zSavSwqN`!ZelS~|lXZ>8ww?&)G+SN_z1mZ$)aO;czSbrxCghY5^cndFeYw$|1{%gA_ zcq{{V!fo!EEe%^DFlu&2lnEdc97AM}hOYE&|Gt&veSdY=?IBP&L(`2#nq0P<`}hEV zhbtM>+3Jiro$@soML=MgmBz+Z5bM)qZ~)~tTQ$)Xu=|iDc2sb|t5n-*0Kp zvV&Y2EKA=!+9t5sm$i3K9D-3L%y>-Au3-KyYOPf1P#sw9OP%`ve)y3-JP&LVa~m-R z2o+2Tvh}4R#=vW?qscD2et&A;tPN;vkQ=L0L_RK+X|{;Wz`TGSuf3%3z=+-oVPLUn z#loE^N=?88#Z~W_*Et-k6TD~s6%YeI^FuAky*WH^02=nMVSd}ekaS$xz?gT($v)Lx zbMw?dOGi<8Cz!XQ^h2>VdrR>u~Kwib{I)7RHD$)w8k+zz?r()c!g$@o@B(oSeyp}qPqr>{Mzc@?Hl#mvPst4JDJN-;)mc)>dLopNSQhV(r4 z-+t{rwpai5g(_7nck1jb6MFq4pjVf0R2u@45yieSaU0_!YMv2ojL%+o=Vt2cj2U0T zh+~e;@FLk31UO6w8dO{3(}~AQfo+=8WJem1fzZYR^mxAggHWk{@{;|H11>>y;VKZ1 zeG^2O=-{B`Q%+M_8C z>*dDym_Np}&Ue?xXOUiM%x&DpXZ^eH#cYNqlzYaNk<+Z^gDv{rcY)-Y>eGjRHlYu2 zEX_m$F8iH0jO|~k!@(4SFzbJHF^~08t^&@ZO5m=h<|cHucSyksu*K7xm6KbbT;N=m zfIFE1B4m1&BZy$0I0jpTH4Ct?(k#0fxh@?;UD57p9sTMNJ$)2tq}(Bmp-A{ra^3bj z`;T{rQ|Oq7Kt?{!gNL>6I5k?Iqlop)Rh@oiT)#XE0AWC$zXTP|Q+$`URBdr?^GYog z*0+Z>;c;crq8VR(XDH1mo?44HMzj{3ZH^+^E>O= zzDzENt)E5P9G!jK=~h6;tZ}|9FVt!}tx1*0HqSg>!nR)0RA&%qZMOJr``!8qedwn_ z*ad)JOA!5T{f}7y%+NtJLa+HqJ2)e}OdjbQ#is@v)rJDl)B})6oN2 z`eyTpIxX|*hd?m8Oe^Ye0O8@*31@??(a1c|xO3D@>n~Q%94II_Ehm;Tn3rr2EvWrf zNQT6o-8kIxw9DJ4p^09dz82Rj-on-7R|I}EMGa6kjK$or2(XTYg;Id+J4gKEuV*Hv| z%4E+c=@KL(r)c*s93Z*c4PE-6%PHt`sUOD`d*}Z8$x3(qQ=qc<3b3A7|$C=}2 zw6{ip&K$=05bLFTp1>-Me(Q7zTCEl6QoM(Znz|h5(yQ)q&e66tT^__JNWD2{&_-7z zMTdDX`Nig7)A$@8G`T%FzK!$U?IWhjm#fUY9ol<@ef0GTsjE#N{P~#P16FGq18NkT zh`b9L?P=2lwY{83?kJU{OJoJK8c&Umf4xz^(^R9Sb_~-0$6LD8JFPBcn6MXky_3DE zKG}^o-}lrv8ugvc_x0I*1Q-FW=GG?=rN&=eKlAD56V}g4#jjtXpQC!u&UM1q%?WE0 z!06rjHGbqpzF&7-Ij1bGXO`!ycvroOD>76)JEV@`QC%5{s%O^L8IRb|18&T_RfcXo zyhmUBy~lMRb4Zz2Ps77|)QPiW-p(2~EcgX2n*p`3@lhRmW|#iw6QxQU!Zz~Cuzq%) zI=KtjUo4}S8zMw`#KVJRpq7FhQ9=E}IrL_8ta^}PpgVyQX}(%&o)%)*UR1DqK^@31 zlh~zPZF<~NuC^795vy%gO>L|8lh<{rV^lM6b_?i&Y|y|olm!iUU4>V)Z!v#GZvLMB z?M8jOv04jlU3&L_Xa2}&>1G}lap>BbX`o*CV=q0T#(2BJmkC7c8l$Ek`y5mlS7+9Z z9{NLfTifdyW=5KOxs3nXqA_Pi0rY$fdj8v|isb7*t&`C6)$@xkV|2}&+8ey@9$K=q z%OnT-Y_MJlbXx~AX5+Abylz=j0n-o6js;DP$3+O#Ha%xKR;<~IY85st=tRwV0x0Hn z2ARk2FI7(YUR4peaj=fSGwSB`O%XJ?LVetVz32@Edc0ytou|9>7yt2sI)P+d0d*k` z^I=5rBlH}TZ7h)26xtMhEr2vhml72=9n#~UgD%IZ$JBR9Ctt-$be_G6p`JLAl#}|F z@v&ZQ92>ej<1|^xzcD`AcjE)L*v1#P@l~m~eooIYJ}*k|M{ay&ZhX~sWo~?t**UVD zYt=l;R}?Y?9!ZD?c% z-e-9k-*tKz_A=~`2acm3eYs4_7tR4EO?EtRax?3W`0X4hcN~Ka&}?Dg3vkwElBr!* z2GlM*#=B^K1L$FAMrsckjo=z?-5bQI*?KIX(dnYRXIXZ(PXczH^7{HYW<0_ej;q^? zyz9@*GLn;NJ*JWKztnVBuP&Y1quv+u^n1@B_fy}tn7uW}+~eYMxASA$m!Zu$^q!nj z6*WDkqtETszeL83cD|<%*bgsXAW)KVnj@EC-TTG(j88b5gE1W2o5uSY15|Lfs&zZN z(Z!9(_7Q=z zv-#_Iu_0jgYbYeEM8zlZ?6>MCOOun+ls+rwZilFcu&B@OKHC2bnT5f8Sgjc!5w;oi z^(v@aRocjqidSc$k>RRRV09@UgC`7lPn?XA8FfwoivTuz!ZU%Vxl|+L6p+s*>h9>% zM6m5t6CTmk0MYkVUNw?kM6irz@nqY2_EE?pwhB~7ZHe|Bt|USQxRm8wHPjdCU^&d* z13vPX<3#@xQKdQcjD>XZ;)I4dxS}wS7|}6tuSMb%sI8M|mc}yeICesHEqk>C!6yVx zcmM`BGzyk6_`)F^0|psUScS*-NTn*vid}n+w0EGaOxYq*p7vVz(q3X#J>%9M83RKc zjK;JO-c3Lz|A;h24qTRu9h}C%JP5)TL1Pet83>X=TQgB2lI90AAM)$^)K1mqwdmoa zKCtuWw16RV%?^AB;V053K&0~mslNj_Q%A-zw4qR%;Krlv|J_}wwPFHMAT3DbX~IGN z!B1Joym{MNqTevr82wzC>(%&xU$1;bv|42$^Y@hMckb0b;7X=MG!qfDTjDwK8t-ZS&#@&3%4E4E04KzM_0_S|If{%JN zhL8|I(C|hU* z{?1Ek$KZdmdq(GpdRbh~S7Ako_Om`K$f&UW(A-P}cxjn3BE|B5RoZzVxgWY&*B392 zvtHn3D2hd?eN&X^n5#(n18ELMGOp-Li)sx9O`Q*Kh{(w6tJ_WbGGhr(I6abJ-8 z;6Zn~??%hNX1|$|M5iedpAR2veyCC9K$aA+${J8MA8I1&3BlU;_z4x%wkYoy@EO## z>-w;VY!a)rWWo(=lf{*3XAK5<2We^iglIv|eVj}@A4s_X?`QCP04Gdzjhc()xjJ~f zMzs}W&6ttR__z@~D@%U*kng3i={r4Sb`I)#Xhk6e`pDdT@-uD?+X~Keq($)b`ik{4!b{%etzA{nR;V|!d_N&3uPl2VgS{epw zfyfCPhs|?>nvzkC5v@Py+B?uddxwte3(XI!Xsh=6Cw2ak@j;YdXkFT1atPxi8qwx& z=WfPFy$YWdhqduNG0yzW>iQu3^U|ay=x3Dkz_Q}+X?fe;mdMN? ziY?A1%hWYC=q~&0JvD-;n?N&<&AT9zB_Mo&y4RkvDb4016Rl0*tj+yKy>a5*#MEWaWc=Ukhy}&&TrPk&pofoJt6I3?gWHmZE-~P@RvA{ZA)f2aOY-f zVDR^(T!2v#It6gde(dF#L{g5*$mChTshM8mZZm$Cdf${D_dXDAH{So)Cx7glDHh@M z0GIVZ=1z8Dp310a+lXKNijy*UIIBf=h@=~v>1!_5uFJH%6QJYGDnot=s}2aw80ZH} zoXIR}#)~5f=b9h7WI=;Wql?kOK-MX*OoNQa_S^-1YY)pNBy@{*p~L zUu`{*ps@*c<7mjXNY{INaH;nPAevtU*WiWx4hOD`|TECF)3%*|lYRQwy4fk2p9>*L5fP zQcsM4goM?Rr2ZFtEP-CR9GXS$;XKXHK`t}hKdCEhCjFgBm!wOa8Vnw4L6_E5sA+!# zwVwziVqdlFA%L?sQ$_I_&b{ZA-7=w)@l{=Gqvpj&!_Z}3OWq;%tm^4mWUSVn zcvfFJxT1ZWM{9+p)KscaRb)yXZ(PwC=+fh&@_8Pan57LBuAe2AQHhS{##cjdRkRKp z#tX_~9?HgTe85{WzA;cp7BM>7DzSdJbDHty6cnN#l~F>08c(*5I2)4vw9i=94Kgn> z^sVd6LtP#!F*|3uHuay3ego?&CCY_sy|B7xQzSaoyHu z@?xEuJP{zk#QIrVsyL91H}^BOKBHv2qBqv;DAV3Um8?&)P0>Ys1ZvwSJo)+ZvnNa9 zlX?ffbm7vV`alqx$GPu~Wnx&YQqw->y)ejnVcyAHr0Su{nfIENi<;=}A^UNVY|BOL z1klJP)d*#0IhU6?2$1ERUs9$foD(r>dQ|~soQM4B_|p22umi>7Ga4S4(0lJAdlVy= zz4U_WPOR!7oM=m7`swAYu8%6G`?Pv5cIo6WnfT^lBPci>c|5zcRrM_;I#v$UBq#)L zwax2tFVMXhsm-oum$hjQ_>KAF-sF|!6CSc>(#VWnBskmV4=_wE5%4<)Us;4t_^1yY z%qszDqCrm_ELN+pMd^7blu^5&{KtZW41y5(x9GsF-r%~2bS2E zXvpqg0LP0L*=TZL1ay!Amx(jWygJ7^lWHXy(y04eP+F?S>U<#A3Xmmmu_6a=wu{;L zd|t-4vrKyq0h>*|LmS^g0x@^w6li%j=ednwaRE<;LF$`*C`joM_IWxwJ;!45 zTHhwySyFfLSvwuf{>Fjf_*p)3QXSch%j0?K#2E+T@B_L`ibJ;Z0>Ow}I6hfN(27q@ zS*<$u<(JgJ8S>bI)s74)F*iz}K}hFunuLK%^#}9Ru%}#m9;r|+`#+QVwU0c(ddY^D z?Lj8~Zk8UQcIzm?nzkRVUY#Z&31<{FHS71lcOM}@j(Uv7cReQW;@}Ub6=A!f-X`cI zL+AR{(>|tIf>0yIHy*%<9iJdT-X9=47W+_e89q^wuae%SBoD+skYv=`Z7kWlc!UHD zf;<`--)^IekMa~Ly0qpX{~BF>H(QUgZ$@LYYU_Y5ZPS`rn1r8p>hiS={atOIb_ARB z>_2-+JJ7Q)<4{{oM;^>CQBxr>nIF8b^B)p8!am9+$kw|2z?K8U{xx-6*#U}@0rRt9 zs=L12e169F-F4?4%mxy7RBzbz*Ja*e03`;QF=GsMB)5LDFibFDOi}l~ffBHdVn7xW zwL3H7)rG+)lu0d_FZ}jF)#n0f1Px-&5W~Uh!|4`SQU8@Tz57=)dUs_;?-6lNhBXFl z8c7KzcRj=O%?hGhA;%~?+S=iz+n(bh{^)0dey);%INBA_8?O{v?J-C*=G zb5!1XTs2t~T835;lpi}>eG4PR3z)$uw_< zsm<@Z`Atf*u1!mYH=JgZXB|Cn>GG}g9P5hejh72Get4(;=yOjJWt6EWH|V*hp{s2v zdUoo~DUYTWQIf+YD15v1`QLg1;kVMQ&m0pCOVFI(7Pk%liHRk@J0~ z$`HL)wp%ZJ?GE=5P3pl|l)R6cef>o9Q$ueFLz1m8GrqdK4u zOUJg$$Z^xPaUU4G%S0Y>Up|g2yU%c_*Xgv?eKg4a=e|^XcHcC{18eV&_ubU^ugf2{ zmRJ-xx2>pqeo38zy5?Cf2dq#2+JAt$5eN7botZ58n|?sb$wlD&Jqm_6vHa# ztj+)W(qSl{(Uoe6#w`=UEFsJUta^RK_ty3rb!rs<=TFfm1Y%K`?`#Zol&kgPh@e@(b8pZ=}?X@1<`szTIWi zJ0erTXlb5=fZqJupk|*07VWo>>XD}q?#)QZ z`ZB|_KRQW7Tc_URzJ(qP0b?k1C`NYpSzyJ=0`4fH->WMswBvZKDlt5N^a?_6A6bJy z0^4WY+Cq6v0DUnr&?oL_1FnKx;qqNA~9z8Q&ok^O9vC zUl_e*f`gr@nr}9_`4jzo_igwt{hX(tOT2HSGD^8V@bj*()D3nnS>3WVQru>76vv4y zU%+r5wg}m~e%S3FOs;lb_p)Am^A00DMDg;~jEI^t!phB^(_-2J+Za45xWA-eSICEzDKvI%~A_00xJri}e(QS!V9$ddD<*u3f7GQXhuAUi!OAhd1b8 z`^@;7$p*%g?rJc``;rI;-W1u+cRQK%`2WuW*KnD5cdHsh@g0)~G z*0$A#StF3mWJo)UjBA>FYc)fdrQ~Zix29Cv+_L|CI9;dv68hB-2*M%qd(StY(&N=Q z)|c4t3EL|;t0V9UYwwMVK!1gZJcjmZ^pkoaU;57BWIr)Z**OL)!hwci%D zZTjdE(1T>ag{iS%bRr}Z8I`QA3FvZqUKx+p>F|l?Rg)jobB->(NPVg9UTdk?622TpDSTq<9ubzv)v<_!gvClWXBTtM>kLVg`6)lC@^POg;Rzv$3U z{_G^qHH=1Bg;qI-ZQ5;!_jVZv;4=Oa14ecQXsu~#4FS2f0OoJlZLE8HvU{u>m7S+J zcBu(gfbnvFvrjb?TU=TOW^regewWBztNmdU6-dW`ii7d=tLOA1plzdLlj?;RjrFGK zjUVJ_>6x8+{OiwC+b4%}BuX7x_8fFM`?GQV{L7YdU&+rT z=gXT$3OK=~!(C~5?Qej+eRh|Q{MHLm|c##!Tv?ms51Uja5l$)KBBwDrE47bo ztm~IO?bcc^cAs4dKjjo~>ZKbLGP;qKIIwk=k%f(g*P`qZ%l=t^+HLo-Zj2$?`b^`# zOm`nI-4fkwJjv~M>nC+wY$%u$rNn)b%ZBX$4{`U5!y- z8OH|%ny5O)sOv+Jh^36Sw%ZlK(JG5 z!HRa2mdRKC8)`&9I>EE;@z#znjq{ww#$0Wze!X&T4k%*FFhkx;^~HK}w^!2cz*({k z{MPuSrildUr%q!P(;UbmIK^djnEaBO_q%;?>T|Z9*4K;ATMk_10e$s*k7;ie!LsNg z8D>MUJ%E$6>3chY@EX337`R9dew&>a)CO5v3#vO*`R;-?2CF5N9l9e z34CPFT0N`l@0`>JKYBxNqNjd{BX7~_dxF?7O5oesv8VOqo)Z1@qbttgWO|O-2kpC` z;Ji3z`sH7Jpm&zW^>*j7&Lba~4&&w(OMMKO%M}78Li0Flk*{Zgk+f&H%L3%=laxF0 z`Ur;Jbx>dX-XZO&+%!JhJ9Rjp7+)X?bTi}o=}#|e*2Wh~j<1XHEyN16`eeP1KmP?C z%OQ|rV|-)*zHQ@sU2lPmu|7WUl8vv3@jas_cNgn_BA^wrxW28A&w>x5jPJ@D@9S-l zQ(nI^tV=jd`v;2Mea8r}`-5YvTi-`LtIOQ?&eDY5BGd39$O!{iu4vvIF)!}a{;$5E z6NTw|3dl@yg`g%C?xMglhLA;mdP$+{vjnhVmmqlA__Hgs;^cW&h1)Ml(j^J`V85rN z7ap4AXDgeFKgAzELO?P_>`$%iph1I2%BB&qe&Y3-zntFEihfFJHcVnfbD_ zeV4uY=7iNfvD=>iRd(G$+g=`wU2i$sn-VW0W@lXjR;pEhubqJ}^eu#g zP13JkIl(*wlgsH3@3EgpMnA;F-Y?RQV!m8@3BG*k2lfK}%lXL)J4j?T`DE8Jm2*1= z(#x&=@`~Y)!mXtVKOsY5g4GT)#2!}1p4*1H_M+drIef()3YfvQ_H@pauo5wafJ=M$ z=xzN1t(@9f7Mv%Y*4J8K-}~OEU93u3`g$ves!z~xF}87N^j^Jar)|KhdsuNe*=y%+ zjM`;pJZ0Qx#s>-M@g_03J8f`B!nW0Fn{AK zQn4EH{99)|)@B{cPKt<`n?z8xqM{gMsF=o7th2^+W*8miv^$Fs5MXNlYHDK0+RvS~ z#6-W9byeG`Mqf%n8yvR6!CQ9e+6YFBR{X##I?!?8oqh8RoogFT_5e?31ZaKpe0aTn zwpqG_ciBN3?k}{Lzd4CRE6GkX9FD%aUA$wUUov2vRqF36;M3LaQR^hEP6@GfoAz>u zXVU~u-Ya(IRSaSj2a9Vl?&&5l(refuv*(ecY)#!`hZ)?AkM!E<3o|zCULcjfIcI}KY>wWE_UCxf#*Rxx!d0QnN z6?}ufL=kb{Z?xL!bIgu+a0UiFnTNo@h)n|T+OgMcq&hnXkCi`e5UvvU1qdzqGp289 z4Ej#KPVDYh8`x6BxoH@iPFrw<7ETRW;Xs>Rpx(zYP~=c2SQR_33hbq?PvB_h;Ba;u zb+UqCR!qUMr~1>*tlWDJtn9+!E_*CF!p_3CUbT@b4sz{gBC{I@hlliAnV+dqV8YL4 z@sn^@7q`ymXZQ6MRZ{gra>D*P zeZ?AQwNqmV13#?BQGL$45X_KoGUPi!zUjGq&E49O7vx~6d^4$#?`D**VHStsxnX#` zOul)Ayv;ut9LkwD!-VM+4(3Thpw6V}kC^25@C1@`^ie?(gWb_SyL#pvo?jenC9Fng zw3$S2dx#DOuUesAUN&kS&4jm^n6(k)G1c8{w>T5;ulffu^y%*~7E|nydFks(&IV%D zJ!c6HOpjaQ%1Jh-2w0Exb+IB1BeIZ*+Ow~pwyEw`t6{cV;-CqEf|(I3oNTj;7uxJ} z`-pYQIIUronr5veGSNj1@soDI1bVgvCkUbHe)zR9D^8BtRpR$|qvvL2^gxH?b9AV~ zPQQMJvmsk@@MQWICeRba!tcDwP61XHUFv}sT6OFOlK}D&AK9U$@MQ%V`Y{|=Q|iYw zYFw?Ni|}66m(wYJ(FRJ{6vnn=02%Z$UDYQ&0oxpe_!v%M2*C*r<&_-^tg`*k~K)-$nHK**Xj8yTZV;n*maqNiD4ePNR>M5ATp^09)e6inp;Ft3GbJY!1m!4#$JZJq}!NDi~R8O&c z;^d%RXk&7R0Za~0wLb>uX?BQ@bzHH_r;@-!pRf~gF}yBo241)93>r+fP&*6Tps(CU zZb2XIRrNPHg(oIQ-?-PG;|YVN!85)jVQasTAlhk$9XP28t)@)b*S<^`0@ zIJ;p+9gqrN9{^c)@JEg_`s{8(Cw>1F>uZ{|W7r~Bt_|U+r{%ID_VQbAShlOgI?HZZ zPYWyR=^s+8vMi+j#s`qSS6{Uhb=b2FcWbrGdR97j^;-X>>o(3ged+dk>u+PnII9!; z2qC1cP!j{agyi|L^%sv>HTF;!{fIBdSfDBDVyTZ$vJNn4r<3p(30bnZ6D?#-Q5U1$Jw;h=pGLZFb_-G8??XD*Sx8 z)(Tp7HfGw|gvy9TYTjqwZw4Rog93+Hg*G;HRq$zlGLUOZ+q zI#4^q?xvea0DLWF0xrS1vBSOCo+sL|6Q*q#!!^r-TDp% z$=!M{msf@QLBEXOvYY2q_LVQSGA8P_>r6V_lzxePcIyEVw_CRx*mc?8dEI{cJ@b=8FsXwS4X8knKVyNa&GjktJZufW#6qIwhNm$^AFuy z2Cp)ie!D2Xbd1_f%AD3B7}@j4(1755f5uvltqkv41aCyVj+$`zQa=NKi`eCo?Kiq@ zd*RDNgzD|LEA-EO*vHzPtt-mr_pAM*aJf40X>@?Lb?mgIx@znOE9Xl%LueBF2WbE{ zyIh#eDk*|5=N9v26uw+KHD%v{FXssPTg=$F40*}03+BR`L~7_5gD>ifkX`B3b%=}O ziH;iS2hZcDY&ycTcp;uFb|^^*PsR{TFpO&g271PvzEkuMHFllFGL`sf)UEX2IBz#k zcH43E(IDq$Yl6(f1(D6wDN-NvKZE?Y-+=#L8nkJ4q>KOk8lOa*cmDH7lR1(X=gY~I zeFyz=mJs_TbSygCdX_Q7g*Vul4qsYgdC|C^UB^z}G2vP5^{|k>a_B4K?9A)up^q7u zQRLU*tM7reI&*VsyaoA9+TRx6uxu|ot~xj~c1n&jQiT7D#3SbzWk+fTJ=w;jiRhea zgHG&^ejJkX=!{BOl{{ovwctMsc#0Y>*>&u+ z?Z+;7>*XTrLcXe#j5i}aT{JUbvtzgHt&_Lx0=q-|z*S+=+>Zi3hx;VgC!wR-uBqPX zOEl@&ckR60IN3uOVkQViIb%x`qx5a+zr5ac!NlU+81U(h#A>FD2~~ zkpwhWa{mG8e2faFN&J;M?T52jQrdVy9_q3 z{75MlB@}Qj=kNf13=?d%(4S_)Cd*<}zt&;DL>VLc@pGZSdr_2cy_~Qv{A^X&G+DQk z8L!|ADrP*)k}=Ma>a^2Dkr~h;7cD|(EBhq+rSHO7I{^>BJjnt`W@yr~3yRT&EXcXR zBB;~Y1Q&Z4U$YpZw1!Z6O#W@()nrF%S=`puZ7(5LDQt`+@|0!~jl!62KCsVr9NcHc zjqJ2O!a`xj=x3=TkVU@|xriOtBkkwy%q#u&=RI`l{Wt7-^OQ9sXS0$sx4XcR@o$EH zthZD26<;oL*IoncAPf;rHRJ*^kGwpzEjN_ z7w6HpC7khgq=rR}ot^f>lSHn{rw`mVAJ}g@?%T`m$DQ`Xp?c1YF0xz0oK3ugv-ZeW zxJSaC^Kv`)ZYo} zZx9}5HSy28q0U=&{wF`QP9|c?x;WFVKkRgg)Xwe1bnWlGU>yT9hL7>4T{;Qy2z zTYw)YLx0gj$MwdK3alO9LM01%U0$$j3$Wc~|CC}UXONc@EOs1XVN4dEkn;6*gnVt- zsa5D*-_Z}2-X4e=b?wA8JAG}G-PH7XSuN1KEeR_oa6JJXsR1^Auq%0pGfqd?^;$_A znsGhB+=46U^)fWdM_(ZNy4#@dC9^gTQLl{K(Gq+)c@w_CP{bNNkg`eo)n5GhZ{p)> z93xzGRY^`y%!)6^F579w0hjxj&}Hn-UbPkJUeC*dX`Mp4;PM#jz-n)2CC)d#YCnAS zq#bXbFvhv`W>vQP(S!Eu|LSA5ua{uK6cT**IQ&m#E{L!iX{KtM|T0D@2a1{ zajFB)ic6X}Bj-`u_xKL`xl*`#)Y9v1_+*p0VQ3&tS`^_cr%hfunFbLM_YSLn}g6 zKdOh7FLJ1Ey?%ik(dK!$k9Q=g9#n5CPDz%6N0NJX37(9p6rka}5E?{oEYyZXz2 zFEV7<=zJ5=8uN2?^pPXtXOU!E1;iKkF+a6pS@Px8lanLKGq9JfGs&OY1K;!HbG7-F zZb#mR0W5sM5Eyi_2+xZ2iZHePw<}-F!+Z9P{ODhrH89g0fco@d`_#YusBJ66ko)pi z?cAB`_V<09*}-J+;{GTY!a5H?{D^9GF{V_k>Tedq-B%=&R`Q&X&ZVL1AYGR`pJbB0 zkphO#u77za-A29WFz%2}_0IjmMy_^%fW&g*LcAE8+!N`sM5M=rhxDA_`y+;?pq9&Kl{Iq+X=!;=&UB4m82{D zohxCrcYe+wI24y{2hPKs-L>2P$k{giNh*H{>#uyisC*9%AZ%<(NM zYnAO*K*b{s4C3}PPfw_9XprHoFap|1Te<0gH6416FnCS&@17$p>CG1VKmVT-_U7e5 zn}BcAtT5E%;GRc5V9)->=j`!q)Am@;H|^ZHX8ZRq5yKzvwD&7M+pqejy;GO!FSSEv zsrG)y^hsw+KVVnzC8FnFE6HiBUxcS*0=W!&3BD{jV?mlV!qdd4e*77)2E#+qH{Ss)&aw1485cs(wg9tUPxn43AWBz@qU#BQj)iPec=mKTq$)xm&I@Dz^XeYJXQLI{AsDHejtnhx>VsG<8 zdP0j5Y^oL?{BC>XSD&&!{GUH!dyVrc{_ZdAmA9_jUtKC;wI{eSn<8;s%QZ_|6rZ*n zdfX0u^jGcY4w!wm`lKCWSI__WH@B?2eS)1`jM}^nQa%ktld-A~U5miEY*UZ42XDeT zWT+2#@A^Jx??&yLNdnh#OUe@uy>6su$d9tuf)usWgyezOaeq`ye-!Ekeu0^GxNDqH zD0$+8*am&(I4;-T7r=A-1w7FWKJHkuU!g6CHXm;Y#u8^)Lcjn3KmbWZK~&co_#)N@ z`3(JL#Ck7ukzB(|?Zo$8sB7X2LuxGuOVa10ci9I%wckGfZ}(f~TARK4zrSSX*ll)= z1q~^Hy9*x~(atULJMM3npmH6LoLJXy_eQ@+Le*}g`V+Y2utZig_7gv)CPb&V>zw`z zc91i{%b?ETzxd+gJ}Pcb53CQ~V$@>%W#`YyH{yI3>H)sckYo?KeYUjZ!mz*>?P!eQ z-kvX#m(V`%TwYd*C-{ePM~r9C^Xfkq(&xGeTThE?rBl>qmzImQ@qev+32@g-U%s?} zXDp}4i3C{sNPYC``suaNIR|+`KJ~MCax#}LzFRGxak;c3^$)bI`QrzTMWXiS{Q~4G zi(kw0bJg`OczBE5?sEGM`wu=_#pZ{Av3H6OxCQC{RIiK-&p0nTo zlV@ym{|W2;+86D`<6ZWZDSIlB|NYek=N`vYMYKcZ6AHM!v6b5N9`<;L;m#7&a$v> z!gtP2GeIRI<;aJB(VqR4PuUX{t#*Isx9$7KTJ8USg+;hbPA1BPXI%dQ?wp(~l(Rse z#zP5j5BG>Z7ENj)R?W_bY}4VV?H8V_uz&T)h@E=1+5W?ya})<>Txn;p=##(oF!Vhm z`iigE{axR+Z?sq2_lF*~4?I+2|L%k1cA9*DO1{er@*R2pllJs4|GGU{e$x(ieA`}l ztJVJFt1OBgBfLNMrnfuy^HLA<>T&7%lTD~FmvD_mr*|&5`L)0Dy#!5mY}7v^>pA;j z<&5il3oP+ni!5Yc1DsFbiN*>ZS&FtFCYwpK3VB(qM@7#{ayHi<+)i2_CG&D+Sw!Py zjW@7Ebf10f4?b+4``1reecS8S{k6Zg@1E?lZ(L*7EX|6D*mrQvwIlT_V&8IlBA+j^ zyMt0u9{Qw}^aTB1lB0mMoB9v`;MeSb`?tSC2z+*GjS{g0BIB{sdWm2(w#LgF5Kid= z4&WsQ=iZ1ARt@FY)Ywsl9E#W1mSjpi`StE$|PI4ND8Vq3!G@)0& zjo7{)B-Z<$?SyXHZU?uP*hAaLZKSQ=S0^ql9BZLg76St5BqFQny+d)HyHFd!ETaNboz!>Wb+h97I){IFqT;p8Z&{HSQA``S5$lZfu9m;;+|`ep7Qpf-+6@P zZkK2eE}!ej7qt}?t#*`U#e?w8AiH$Q;76D+@YAYHSij`;cIR6XiF@==eJN{TXhX#E z-_~Gzf8k@CSMabMVmD+9D?`0M(r$tjy9qRjgriUOH_euD8RD@nnvWig)C46uKs&a? zTbC0VLt34PK~tz*Ahbd08?~_n`ch~9WZ3N`nP&|j>Cn%FsL-TVY83rR{`vB_$j-vkPK`Rfn}(t>M86d;Sxpw(IDahqfVL9!e|A**Tl+U|lyWSqD5k#hGjD z$f9m@PI1A_Z|@8$bz@B znXC+JfG7Jv>}Ch5?4IT1+Kavoo-z0}e+%ERgFXX~B(w>3$jU(w+RvH`T%5u65-`w9 zZWj>d#`&#*MJ7%EHW6$ybbjdP^&R9>6ED;LKI(6y(j||Q73s*V`U~z|pT+rDWTh~$ z2raa54xFB^(2q#J3Ar?@Tc@l7_=yvZHQ@!F7clMx6D>*Z!e%F4^l-zC) zaAw;>hpKGH;CWV3UbCNE8ZkDS%><1sP zvPbsX?-q3tN@4PP}Tkz9*j#m~*=@x^J?iqB>FqP`FQ@m`A(ilMih zgBeoTcvGAxJ=8-qgbGE6fF89GbYHLsB6)W#@5UeLT-rXn12W*^laed&am^5O?UMSV zZ(3a6QHj*y(sbtImnSdFrN3i%3n-jd9{fSRT<=h4!R}d*eziYc%+P0x&OBOBz;blb z4(IA^WxmXxa9B|O?S8HqPemG_{c3zl!%Y&DN> zD=%>&vh$+;-Q|YgG7?nZvs0F&PnGQ=JJgke^dEF+m%02)T12LuRB3G0$u9h7$vT_a zyvuezR%Rdnj`*O zy=fPEVxR45B;@|4MtkgNk=3=Gv>RtG*-x62#yVb~*m869PFU&f2%i-7m0WE*@^L`W z6W(6Y6=~^-rP@)%7mW#YA?kPiTKmM6Obj~EX%6x&soZS$f9NB&g~OshQ94bi2oCN0 z;-LMQL%fDKu%6v@RH`t)>v+G53PjT=EJlj6pqiqynVtY~K#srNZClyZS2sc*$Ivh0@ILm^uI}<|7;hRV5XW-WR|L+}yF&xG zCASBvzEetheef`LG;zaD?^+!M%4xF4O1n%yr9}bU>V;+4gXAjjhS3kMb;RQeE*WbeT z-ignHH%EUi?V=m;llqPMx#)fVgQz@jz!9F6%zUo)^6cx)HwR=MzBJ>xYh`-h?tF82 z-RnEiEh7&<9$|IL>$cnBk2ct*(zJb&^IvY9K4-6fvDbb~h|~dM5Kk#KI|hPwohB;Q z*7YqZCk!;^=^Nyn=OJ`*5u+13Hb?E^sB8)*R=dY;mm-f6HS6Fp}MQ1}1~RdpSX{li;>1TJz@~}w zJv4aTdN~X0;?x2Az=KEaH@81dI4+z>LPZ8PeL(Sehb1~r+V@_+WPkdTcDvR(?#@w# ziX<7=a&Q+4${o@Nv;wxOK%#jdZ->3YpGDwTi)UQsdf*}RlKVB)UkvX~zn8;zAtUYp z4t-04Wps&(CG0HZrFdTd7Qu<+(;ak)e0yREJn~=X=TqGD+;tmz;{Hz)8u@6(?c{dv zb8uF7;|nfWomW=dWIG;y&OZF~1NPgGRok}IHS0L}_k{htV&6TRv`(TusLjx%)^*7~ z(qMm*5N(qK-7JH6%BuGKV|(`DUG{sAC2bSuY-rI#Q3;`7iwLpw;%WOzbFa;^AmRox z$t%~Oq0L72mK;L2Q8m6p2)JvNYv~w;FmpRFk7ByDdHsSWWePRmTyRNCh4xM*-Udg{ z>SD1LJeQUuw?kLOmyqA(dY*hPAY{=`*>kJsOX$f$??;TTuu>PtOV-b*DYwd+Dyw8= zb(%g$SNO|KEbspGZv4?WLt``QW8N@nX+EwQ;=FdbnhK8~F*fc!g9rV z>6~Ts&VuBt{^{(cm9Y3zpH*KmowUQH>uo_vx%3O3ulDD9@pMCNHT2y^&gRu;9@5Lw zwKl$lVpfA^9&Ft%fMh5AU_X5ArhVr;Ast6Ji${@r7I)PP z5n1_nO#f=-B`z(hh-K>`P8WU4eo$|i>>IS%p{v$$xZ0ZSkRATOgZBCRpSEJgh(6BI z_IG5ZY~(s2eNWkcd!yOD@S|QE7)a9B1)EJp&V##>oI#&#nnm@iLRPw#qHi9Y`I+bF zBNXQ_^gUQ(%>{?;&<7v1KX~97r_Yah6MamK#Pt2;%?tMDFXQ`epR}^-a_c(+UkV;v zHeWe>Nx_%Dd|iC$vB5z?p<=IT0gvd^r2ES4D8f6UZ*f1iKDnLGjaB@TAB~T~THCzw z@x6gB{|z1XZF%E6uGS+j3QxJFe0N5t7Ib0#S=FYUw)e@8*e9RfXP-J!Y?b|II40m_ zJO5gXef#1JXUbuxV7}cAJ;7*(b_5UCU=GIpt=elsA2sh4+7V0)*PXFvNdZ)sw8~3^ z9V{UZqMID;u`{o|!9mF_c8PfU4aCqd;rVbE=Mr>`+bt%wv@kV?_$nd1HMweYiDJ4-za=iWQUZVXTNU<|C=Ihes2dAPE zN-1fNfr5W9bD!8_e{2;mm@*ZsO^`!OFZg>)&0(nND3cdVRpo690cHIxFezt3FW{^L%wg z=J;5^uGmaBXZ;k}i{HxF^|N)hnc~Xn`!&Y!2|F#X9OrQDu8V|W?zGMUb|h;wBnQ0r zKdXbek!phj?^h0JFswP6^du9(t(>t_GHTx&A|CsAyS1Oc!J){5);EG>mszDDwj!fw zn>d%kxnrrT zlN#fkvK!5IzG%QIdsyT(aD%g=Isfh|XFE+W%Ak`8Z-=*W6dGw_@Pxg}N zW5>&;3TuMCk_Ge?j@+_|_GbIZdCsO9)#6V0GTmu6317W@K71FP^*PzmY_B+92v^N& z`FAs4-W$^S-or9Pd>}&I=n&_%Ub3@^J}c=!7J50){#=W_d3D4l2qUVAIJK({TNECw z?u@HbI9Dc_5hhfIcHij3N<)vC3>RZYdOSqJScRC$?>zy!6O1KP9$S{dj)yaH&CMSa zw?dvQdG^zt0NluXS2*DHMh~i3pNe%J%Q6)=S3Y&@ z3I~|2_T4wK(=l&+$EA1Qepv-JcQHxaZ(^5W zm}ybrl6F|$I7j|7e!fTiXLmxM#l~QQk-{@XgZEGK|v?K0-J`T0M?m@ptrdUUwCgz1{=}ELEkWR!A?E z<2#+`;Z#0c^EA2LP0FMzzjzw6hscYT+AD6dr}s3JskpxW37Nb^Ppjn|V4$;V_^_lh z6s`E4d3jWCI!JJu6|}Qy&Ig+rb9jZtwJ4AZ?!(^KY<3#fWZ0@nT{6IpQ4}AYEqVM5 zl`KcB77Pm`Q7d{uhs0o@0B4~C7Y72P9KY}v1O7VaOQ9Vws@QF%GgbUu#6RI3t{8Cm71$Wz7^MIz^e(7l zy`xU!v;VT_W358;b5;o9qq7G5yb`g(i=!0HVmbU6X8auiioPPY`!7LOo>oTyysA&tyI%N9$^kDvh3Z#0w(`1taAkNQJx zxmRdO!On7+uHzQQaNuVCePCL6yzzH~1MevgEI2cY zxc1BIg*zuq{nc`3hIvDiJ&7KS&kCa<&NaU~2ftCmJHY{s2hi(j!s7bbHpsxdv)kSY zoHk%?aA1Q28ywi+zRp&f$@P}A{0ffLEKaoG7{*b@kUXT}op8q?=Z?4VhQGSvo=Pq>-G{QnH%>nF)F}S~ z?SrL|jJ6N^fnd zLmo(!pVP}z5#T6CD>we$4=MLfou4?R#YudmUj%!WYWpxk(^vbcSkC!{Itc@Q(I~<@LvJ**d8y5{7q@3hI zALyATSF*g9Ols9oSb5HS7?eSFd!3P%-!%ymm?E>E3I@@{5*X74k76@UW6T9q|p{3e=WZ7 zPx?!3kH_MlA0#iGA^oPwEA*2*l!FsDT8yII4&t|dOEw&Tazl+kg)4yNKJOX7 zVse z&w7?gsx1AY_*%-u)ohxH!jUPL9XC{+-@;LCFSNn9eG0!>O|Gf_M2leiB|KufbgvIj z#3Rw?yz(dhJboYj*!bGuz`K+KkzQDM?noZCInmC0w(eUB^W9yyJ2OlG?keDQW4w{^ zPC4K@96hZGNv&~-uZ{YRIkEA*!GR49Y;a(M1MA>GuqPOY&O3K)uAuj9Hxu=niq5gB zGuR@M-!t?=pZs@gJyRC(=p4igDfsD!s+vjEh=M^wd*( z8t=ex^681c430a$^#?fDwTVEe^a3@3UU`~yBQq;x7<<%I8$OK?@b z9t)NV32)qyi<2=Uhp#`D!#2>ZQj{)WC5J^hhbnI8oP!MKxXC#<$YF_0WND=c4rMtK z#exFi;?Bt!jvlHoU6kjrgF{heb}Ql6f~CzTY{3oJH+D5|GfwT&98}Kck5jzk)nVZgqvPxSi+8tDNj{ z8ou>Lm&+RA-rUj7b4^4=z#Ionm^dz8RGceLqYNrk1?pS3l*lKZJn?t_KD_p}AKeB$ zBCRAW1ei+*sO@^YSDB(OE?WsA9D*VX#mCRQB&Bdfv%&}Ss^#DeL0^iEe!Z^ZcUOuW+sf9?{1 zsD8=p`C}d^x#|S`^jv_Lo^jAlnbLXM2wuP>SMtJ}K!?(*u=smns}Y~jP}MhUhoc5mL2mQ# z;8w|U^a?e<0zUDtjqkUM1FC23=%)VskUgz9We1@z2AD5FZx=@I4mcZpd3V&q1{NC} z*xwdKy>7yLIU$3yR8HjJBn|Jy%P6g!eSR+o zEFUJ;#5I*4CavO$E0rPK{4IaM4ySFlK!mA;P>z2qo$vz}`5hCbHC9@?A75j}#>cwY z-aTlgGyT45ezvrM-4F^JNLrkeVC?0Ezd|FF%pK3cMPRt(Zg!`C^qYipj?p+#?pwJf zZ1D8u!Fm!xMgEK+)d(hK3wbJ40@rEx0lpmLf5|MXmwY`z#k*`o5EpcpTL*Wp~T;y<4VK`%L`SCfd`i$1*%?B@YLvTXaGogQa17AyHn ztNG?(LiL!il4(q@RFO?<_o1w?QraBh0D`g(1*+dDU}sf^Pb~kwFvDd}JrH@Fj}F;k ziY$MoqWsdkjq9D_fLjVOVw}YoZby^H~8{ysD%w2HaM`sfej99aNup{ z00yJZ)YGvHZWkyjh3xcug~;0t?_SZdT)7c_!M1{z_nM!};qiWXzKEY2cI*44YB%WE z;K1GCK=4zjA9KAcN66bWzTKF(npcCtNmsxGMR7@^)o*RE2ajyBhLR~8ZMkgSUHx`_ zu)ro#IE_?icWh-WhIjPAO;%r=ba-7|19sys!V6A1R;F;U^z0Ny5)PH3D#97@?W?+3 z6Cluea^^1m#|E6DRVCb`QkjA4Dn+NinK#Y`EfD=L*N2V z!jp>!9`cD5?{c08uby7WP~?My*|%_W4oyHwd-eklTHS1yP2D%b@NAH|ok)etFILX_pk(ii(DlO;BH*MI_)LyU01~Cbi#pV+rO+b19M>7biK)#< z&OIe^AIIiSE) z$V1ojDpdF=4d0$#e@LUuk|p@-?=>;yuP})yTl{t2D6Ai}XQNQJ$|qLLOp9majY0zk z1rJZM();k2UAih-VKFUHVMS#-Z0nvTd*E=n)uzWReYwrrJCk-{u*6c-na6%-axsLQ zjd%-wAtWL=0888~aJp50;O7L1m*L|$h)iV{z44WI8y<FEeom zAuhM7h`Xz=RS|axkG2w4mQneV6&DuqkXlfCpw68R>OF2(g^5ZlE^DyOyPE9ip$4m% z9kJmXm#w{b#9D_EHibQ*y7JmsRKChqjZ>cVg3d^l?v2G*uiuI54)FAT69QtsY}wsp z4~j48VH>&$UwTHZbvR+Ee7?K`G_FoQqZPnH2Qz>Yt@6k^2mxPGye> z$Axk)FiV%2kMkPtV|*9s3Hroo*>!3^cex(cfZj&Z+i+lE{YjoU0|Y_3H}$tlcs|yY zSm)$*xpov9$ntW&)_k&k=+kL~YDYSERQ>u3~fTo$-c;j9#+6hdNYG z<8~oozg*v-2ZF9xfG3M<<}}Q5^&j$vaSO0rDJa+N__{j1|wT%=R=DW-0(o|!Iu#;alzHI$qhs1o9jS$-*k}bU#ys8E8 zdVqIzmGG9v;;ue*JT=CpZ4m87@~3gJcS9@4Y~Uwt2l`4Y8sTS?^Rs9i`fgsa*1kz= zzb!xSDkbmk!g73u*Nk6uc5tF(j?Z)atcITrwsZd`JA7ZA6^(b>0P@n>KWQEBBtLJ1 z|H{md?RVM@jUu++-M+?;qON39G$VV7VM+mur5xSB=#Wp%!at2h~~So&P@*#z3T!LV@KLf?Eez|Ly>5>JDPD_}Sh<#5BG zE-d05*<`qTi8^$SBndfXyf{7OhL4=PDn*k)iI6RP1;}L<{ zvB7&k+lxETPBPy)rXrL_zoYMkgMxShF#rxAWWYK)%CCMql;D5g4}ZjqEJEb2cJalT z<2Tfo>LEOH$KPEbc>VB%DCnsj6bJl*41{`G5;YezqC3{{0QyIQ`QTa4+qava* zJeR}Jot~>rk>ATuZavlCK#y<>lUB$Lm-81`l$!UO0{!w51D??B{7@b7Uz3S~HH(u% z?O!~QKFBgTq1;}Vz)COypV977*JpykTX56A&_BQj;VAtjaAK;6^PiL_bSc;I_Kvy1mC3m>Jw&u9XNWMRTgc*H#5e&MB8 zj#Egcx>K3DoEAZGR0&I&fkRkO%JWhgqHJ@deKfQ)psEw0a*-D zR&}54IeNrC`?>wLcc#_)zWG&q^~9jHk|wQw1%03i%Zvz$^9pyB$0x)2i>kj+H{i$s zM099E&G8bEsvwaj7DXibJwNBJ_{H3lxBE`As+Gocok4!R62XiAg)Afy&Y^vTXLpL< zQtIX|EVzEu?UEXtMcjtcHd(U+dus$M{HZ_x?THL zxBY~A?-@^6aw^WNJo)7Z84cAbrtnS$N7XBs@7Q%mc;@k?2EIK0u>Jn;9I>s*YtEOK zPYhW%e3{DU%R4~m?d3&vrMlMVE+LrXD*~noY}K{&nCf17YMD!YnbK(DJC?^d>0BEM zeNMoa^wDJ7!t}X(PLpVq9CF18q1PwVTub@$tY zPd{q^{2w2*>Ymfq{Oxx8!O0Qt|E5#28>2d0f>f{X$WGGhxL$)E4s|USyZ0I$8Q?u& zN1u7b{@G^)?-cMl9A4L0!lsF)u@bx`P`JB~q{r2d(eD+Ov zZyd0Sj^lO-`F!!zsCB=S@^U-;Z^Ie4-&x2L8jQwHBAn{w{>bxeo!<5Kmo zP5|ovT!%xV^u5zXSvh?{-Nv?>s{Kx{wZOYmSR47@MI1m+$X+TguCvO9!}i4UkJ<13 z+8!&q{+eClamIB%!9WCFDe$&CJO-hSr4Elp5qAtPIJTHvDXp@yx^335z0Mv!SZw8!lXl~^ zb{n2fSjCfjt+uh!HjjWj?KR0$I z;IotXanv&wS$X|ttKa*mZQZfOj&3TphIEgOw4AgS;GOO-w-G`oC75U^sjOrtSgqAH z*4RVas=;&0TFf!&?bwYz8=OetAgTj3LN7s6dI~4xOp(=W z*=&0sf53L^uCuK*NvkYix7Q>)5vJIMh1aO3d&JIP?YF+6X6&sO*y&dRWL8SzDOMYDW4RD9IHwScXQ0<5%(%z#vRr6*!}?T!s}f&nJtgtWr26g`hj=O;Zb)oBskZ`W~!`l zXN?{CK#di%8?fW8HtXvdw=o>yGjhUkg}<6qAk%D#)os~i_dR;Rc5JJ)rs7#ELyprk zW7dP5T|L!dovhTGSd@P?bS)4Z$sWKpc?5@Ym^encq_l5;6&^@NU52Cg;*tNOAZY?6 zmf@6}*ow*x&bVBmkqn35Zd|zn5e<4qiLsD7@JPq_z0z>`;78LFdF?48K_%$v{A&(& z$Q!{{BITQR#cA`ul_<^==nQ8g@i>>C_kJJVOE+c<*=@?~v389X*EU%7uKTQ}*6e}e zK1&S^+NmqUHi+}KxTFakW0p>i*`^(J_Rv#1trP>h^Kzf{^-kE(WQGAJd{Bjn=ZKhK zX_b8a_N{i{&;z!06MCsEW95kn=C1~=uf5-zkM~;VK+-1Am6Er>*BH-0k=LQhjLCIg zs15}~9g^ShJI=2J`H5BcUi%>r>GeBYx|{nIJzT?=VCzzOlp`c#$F3vHZ@y!Qw4z*E zR`T}N=&W#!1H`m(%wkFpy*q$xtEUPqO zWrtd=`R0(lbRlgc!}Mn*rJR#kL!ZK6u%^*=?$~X+XYtH869#CspBTQF*PE)o-^gJFD!` zeekY-)GoZyZRwI~YkYLS)s&~LYPi*UdWX=T(>8&uuV+R2ZQ&8Vv5Eenx_o*?c$$mP z&LpgE+jiUi(0#UJYmIF$%UUH4K|lE{HEPCcvny=__WEV)rx7L@eWDmUvZ%r;YU^$1 z?oGC5YQ$3YC01WbO{rSEnyAZJDuv4CKDcUa{o^)}EwLh2rB^iVwC%eZ?8&{A z)>w(Xtkt zqW-3)Xh-X)zvbXfbPUaO3aqkmtJQ7aZB6t$ z+p`_kGcfM-r-;Jflgg{C4lO2eIs_dmB=LMhRUtjDN%c` zuPC$>=TXeCt7V!U7YtajO|Ug}EJb$O2HHEV^*k%4d&jK@Tc@;ct2JP+Y{ItLmZjX= z;OS#j@6;H-7d6^e^wQ&xZLv)?OYyVAF18FhUy_s50~7B*8|@a`RQ+FZl~va_+HQ8? z*A~~?SWOZ7EZEF*3VFUDuy%>+F19B6iQNw}9^6!c9g?w9d?qv6wLcZ)^aApB?CQ8p zj?-Rba~mx=O^^Bi@PQf=&NP89ot#=o|bnrggibMRM~F$eE-8$Hq|u*pV=jW zKAUtt!%M~yv3%AvG}#{bSyfPPqsWW+>DSvXFZ1!=bGXh9K2&K_o#1~0IhmmEUs6t# z4;`+kO$Ft)?Z6JZ@1ec6wXVz>2-#j#khElS)Y`6g+tst()`xF!YRPgUy6^aF0Ubx` z?0)D-b_|Ak0RGZ+tPEHS8`Y4DD;w!=x7wb4Wp;FX)&{Q++T~LNme{u0nvU+ant~B4 z9c;Cm_$4oQrY+45M~$o2dga5bpfB6AH^3XXj^FdtV1V}!@GOGY1-!2H!&@tU8|m*Y z2Q*@k)D++gPn1+yO(S|@N0Sv#)!T42;{qmQy<545dSYYZYRNj*%1|aVQj<13G-iF- zF(yZ5n3T{2glcTbOn2~5PU-+}WLWUVZ3tlW+qt7*?x1iC6FD7lgp^cT&Gw_V|3e4t z_dZi&josb$txG?$mZ2hReE#Qb&%>MSP~RGKs$Rt87ikMTTp7G^J}I;z&0p;D#;rg4$oVJ% z3zt82kF>nfJm-N_LYN2$_26Yth`#4vN*B_rT%QC{Zgy;V(naa#=YCK8VnR=HU5W#; zZs)^x|8u+Tzx!1tNN;u6f4=;tb*3Ba@Gt#CJFus~_FVt2T|AYvTZ3{aQ;#KZ#jW-= zP?`s?*5U1n;I-Qqnp4&_+Ze$!;JsiMfY;{m7?^2g4UH&I*7VP2ndF=8c2RChRbKtqYroNBg(1}g zA*1Ku7aEo)3?+Mp@H+adl)Ck418|qo?&SLWkSnxD-G@(@=<%F_&c$DF!ff&ok+IQH%#DklwL(f#76xAMj@den)Yt9pZn#H*%L?EdfZKe|Ez$O+fJYdg#<|%vT=stUXyoON137e>!wBqC?D{TFd z{qV@6XyJ$qce8q1=>YPsEj(ayHwawb%FKWYy?zuo?a ze~2^fT&w+;3n?3_-f0j1+OOLF%@elk$_sY<#FX9a$L<=XuGcZZQk&2qD~5Lzc>e}? zQ)gQOyqaBh^dJ3-?b`&r%ipzQC#UR2Up_o(GvQ3zo~f{=9S7_qzxqjg=HVUoaMiRm z;Pji;Zg3Vw6to?)Z@zNL&bMJR_T%&fU+Io4bv>P&u;IZ8t7K8kaB|l0(`jQUSE%PK zE1nBx7))>7YtQ}CC+wMrcG!bBH5fiBN1P6 zYUJ%EQMI84h|CmM)LY%2$L-;t-)4XOi2@rval`)0`4cwQwAYS)>epDvHf%dCzhJMQ zNFpz@IHcDppMvR4mL1F4O53vgpgsR9pR{Km*<}xwr7U&zn4NjC$6h=+>^t;wJJBRr z;8|2sW0kDjzyFB`?RP(S#2(pGXC+fJR#wE~tilPq{Q5C_d7{f+o*K3{Spk_SV=>t7 zhwaF72knnOzSRzGF1Jw@c?DTiMNvWElSng3H*(cpe(9Wjp>@Z<9$b{~I{A+0@{La6KqyaG zWz#m>`_xD6@y#Rl(b=Ecv5RevkLZshkF2H&M7M0I>P2fPdY`6Pa1pC|nVuuaCe#Kt7*kfnmSF0k^r~#@C#{8UM!3*zF!$CeV zE#8r9Df~bChdXTOrkf4n_dR9L{bG~-(T8U2;(@Bw@7la2OA&&}9{Z(ao6MJw9(pgr_kAGiI$YXsi6-=M!0Je=q2 znJA0lZhXJHIG|%Pvg%jR6N96ZRx~ncBlKg^6H>d83+SF8jR$^hmyp%j1R2gr3Oi{Q zwsIUP7(@zXqi{OwSt&b*5#*yp6_b52ya1=LNHNakSkrGYi&d~n&)FgBwbY<>`FTki znEJ)g%5g-YX+;W72AK>p1Qk0ylV%oW=7zPLOWBwIs@qW2(A2a1BIIFi3&WG5>ZnydrPCsgB zy0F?B>i5_tR_7MY9>)>bBi}woZ!yL=d0C~JDVVmB8g^;b-e(Paci1C!eYS0M%ubx^ zu~8-kOLV9Pj*@96u5R4uwXP8yXPl`pHQi?g;E=#seCtZWzW86iYg;ReZQxRy-E2u) zl6St@O0o7NE5IEe8?ZBHFIsYPjMaQKwsUWV9eSDpegmtUnBb~p!Ya#0tFqx5`P614 zJPZ_Yc*%i1ODoT6HdK|QkE&SwBwVHQPWe3aB6)aCi=rG=sAN`oG+5v#m%jBT`pF$B zs1!NIW?5zD9ZmuqC^O4y3wIzZmFh09y@n>EcBFW@I6;s%Rcs6=hTvgiJfA{q2^GPh z{XiGD{?Q-D%M%C~F9cuY@GO=eZ@;u*l^x_;N>Q}WQ8W*przJV*^;~jYQeMs~Mphg% zM9Xnc>+@jtRGfAF0VDhQl_yVrlBJdPrTki@vqfD{z#ozpt`S41Cx2XaL z5@EiW3bS-k1g|E|K8!T*rpPP$)y~mJsgxzy?KQ*7^{R#nt6|_$%*5Nw#3bjZF-f6q z?BWSTzeRlQq875mfW3RBn?%!Wx4?SCKrL4>^Cr_Dp5R)?RJEn_zWDql_ zuX!%rp^#{_9j8ud;^SlpJ4$$?7ts}JRX;)=f2`ZwrE=h(1C<`rCB46to)K*EOFBaQ^iAh$vOoC!{#>Q43q$+&+kOu<$_+3+UstD$?s- z?H6aUuT)oE!3XJIm7%b)q5hmgFIDwC_sbuJ-)`5zAL$8aveLzua07PKPe=~D{ky)P zO;88(^F`?uzSZqB8>N4MgQzt0b$z|nRMTg;zMc=y`2hUla(1e3*>9V6ZL!DdMyw74 z{U@gfYzk+bc#%lbRtMVc`M z-H_`L$t#Gm0(5-1$C^)^vS}6+UE!S7!w;0QGq=o2+1XT%{Ikhxan(6fctKr+c1wGZ zK8xC|UVFcpR}bsqrsSqTx|2zf@!@XpM89-(1w0Rd=Tn5&Zen*Cc(RZ?v>C@O`U8G` z=84YUOAlaoUST)Hr2S=K3ulQA*x+R*)BAA1<@lm}FQs{oL+!~6r2kQS zl|ED3W=NGCY7z|If|(FX^|U(zxAn&Legfdsd=)sJH5h zN!qRSgz5pHe55m-PwM8WOz*=S8R;ON$^H``dB3P#NS`T%^w}!qB~T~WOPw{Q@&X*! z)ovTm$K?94_2u*ak~419?}alF0~W$PhL^8*B|70+4qo1SZpD|-hpL~~ZGW2dH#SsvJbs{<-DD3 z&REw3eG-F9oxhrx?6FK=r=4tJApx>cVC)b{v-|QO`95;M9^Q-IS~1@^`Q#)NzC`9g z7Z+DlTXpq}HO>}WZ5eR9eaH0N?pyUiNjUtqprWp+!5(?0(srk5pRY|=->oUyf#jHR zMSqL6UYN8O3Tmwpn3K~?INw)mM;@!O*#UMeyiO#OWYUI;r|s6|TXva+8{M4YJxd!& zuobJcvf8S!Z33Q=Z4$ueAsHTIz^9N2_)Yikaeg{qE}yfrmokLFgP)9jCHskqUYmuV zr&<|@J6{&odtT8i-l`o3f0V|vvhNq4jTE(K+DousWZwmQBrK@HevuAbQm(Nh-M4XAom=`%md6+N;i{%CIxPAj{;^PbcgPsmm-} z>a>0qtz8)?A~d(koKLimV|Y|r%{ZWeozA=J?eXdXE9o7u7g^Af#(s?DbhfX{PT!jF z$w~D!GgFL%B6z2fjX$4?;U(?Lpmu5ncuUnlpp*XE_2`^{YTWKR!pAw%XY^>IFZLJY z(#LcJ`EZ>Q@l(fAc-^5>j2$y@3Be#r4mL!l3Y&^WUg>dm#Gt5yK2jeKPd%iz>R~=V z$KdCwSD`Q2OoSey1znnQ`eJ_0r!STp>6N(N=I9IO0Lia4Cnu@{`MumfKvIo=Bn-ak zkv6T%`xEzv1icx{3kf4RT^ioPeDiVjqSyFmAv}1@RREtcSGg&M&sCPKE4Olx)S6l? zX!fy`##4+}%r4oI1MN(4+I{jQOJeD4t)*8?Q*t^3&^;=*#s-JkS^; z_(jwnBEC2R(w)Flf24HIm^t~>_&rV^e}{Gy>0OcG@YHU}2Mt*kxQ!NEw6|U!vx1@X zRy=&udM{7gWuilP@vhWky6^7ynkTM;Gl@n*2O{HNmk81oge3ayOpIQH*X#JJAzr8q zIcDPWp#1uw`ps1?>We{0I^Ah~*V&QO z07gK$zj`Vdm6E)y&QYSQMZ&!_o&nB6zNj;dkd@%#AdTVmUhB4RwyXp%!c|6*v>gAX z&`~4do8L}}iWhAW9DnS{C=brjF?MXQB7CB|$F5Cdu+ktN!GKBNbep(*+{Uh5z?ohR zofQ-l_$l@{i>PxMDq2~o$qWg%J8b=BfUA&M4o>hBobgfGXk|4=tZ~Z@duD5wm5-dV zKl}e)u{Ykr0n7H*8Nv$8WC*vDQ7AtgKI}@EohW0V%pB8brxlE~TkB-X`U^JML&vg--b=}5sL7ap;g95gip~4NahQ0s7VNP zR@XrHxPANYZt}YhNAxZ`^z0t{z3P3|K<7U*jYAO!!ZcowEDoO{@sU9@Y$m&8S&fJC zP_o{pxc7@McW}r_q>ralTHTY6a-Mx2Bunb-_0Dls z63I6|-OA#3bj^e3>GdM;QjY9t4j~)q7&q%4w60Xz`U$Hy!7}AhR??(92d%Srl+a5- zUgI*uw_^<0U>K`RwJY&;@daQQpve@6*UpZ@o&ay4G=sw$c&t!LcL^RVl?l0_i42{2 z=Bts}86`PL65g^D$EPM_HAz;CV=L{eeIyS`BOIu6Rt61rU$d9La?O4;i#I8?(;j+$ zkNp9T)G9g<#)C^@8SswjQU?hRVzZ;KOyP&qsYxK|x9D=Y5RLrSM2>fMsu1A>PyIY5 zg;;U@B3_VEAO8;kuRrMrFM!|bW(0%(E`y>ml<&{<$IC(okypFCbZ(Z~h$zTN<{d}L zBRI$bM0yWb3SZSC1j_%oEU9eCA(g1I#QWIz<*9h!a>x4_-n)o`o+F41xK1ODcp~_^ zd`Fq;MeWsj7rocu#?z`?-AKNaE96sN@gvAMJV756W|^FtCDdf)X8Xwf3?jzI?Wf0> z1b=hNhS(QcT!}6#9Z`2<#f7`9xN4J4Ft9EhV8>|pkQI&)&a|Qu2M~4Qcmqo~aW98? z_thKrgVq-2@9J^V>|w?8KKp$_$&_HYjcM>K>{P$hnWOADg1fgr(II>_VAQwTt!U)E z`YY%aTSGq4D4OT^q@u#__<48|{)#KoJIXbeSB1G;P`)m`*X1x`*!+&4`%Art&q1z% z<$MU4VjD%1~Y~ zz;)|6-Ddy(uL%u!V~qAIhZMO9r;#Cy?92oPyhemfK-nxIT#}sMbFsy~eo^fRnFHU9 zQHRpUd_+2=IxfP^2Y2WL=au9M2aR9O57me86yHeeAAXCw!kPSm$01ApU$0_P=0YS! zFP(0+E8&*Uf8NjiCZEd#55+%+C>)TBynK42%k`McN>pHYOnJy44(8M-J8jUP1BCkO zWI}`9pRjAJ1|A%>B>K9mf6Qi>RS-H=-nN?lg z4buRn52&uns{Hca@7#0GJ@!3d&E_@jR6%)~cCNH&pmjk1`DeZA9$F?_ooBb{*)#Fp zbsUDi6wZ8p7EaQ&P(S@K2lbC_P{?TEc#%wg{=B6}THjCqiY5lz_3A%#;2gBeDKflfn9%6!WiQN?Rw?!H|JTd zdp}#{<_QUa=VdDP_S@%be8~fw4rO!+Q#Cr+JgA>t{{Xt!hq&kBJqfGc_K3-@`1km% zpMs8R&Z79_Y=(Ts1{EQkAC4V-q-Zr%T> zGX2T74(q;>T#a0LQyZP*>g$}x0q;}uE9~{eWUOl4_&2$zQTdGz=*aGX%6E=xo_#n5 z??rJU7=-uA^r(7)Ozb|HqL*VC+W+WYeg1p*0~Hd{eZ^OmJQveD=XY@}zv|DoH zNxnAMB`zG}`^fBD_a3`9e!2HB}qa@*&Atouy% zvmPFjcI>)iJe%W3n5X-Y#OK)0H|J|F><@98ZSLO>8_%@1_!VEj5CKzLzsX7DJdS%m z>t}L)b{SYz)^B_!v3|_?_RHvFI-l7+ZqvKHbaNlwe7~(1&>SkjzHs z8E-}t@U`O?c-S8;S50HBp89&Vf@3{u`^j^<&^D=)WH&5f` z%2ia5rNg_ZdTklg>+b@)-;KSK5+Lw4rKuYrhjhnu@kPWrHO*esnQH_3Uw_f3 ziK!65T6?~mbdAENejM0wJ>;W}=LWTZ?D;Lw#GLH9`F!?JCS%+;exD%td%WLhvH9oi z^3y)gbXa2Bia`^T!7=vN3UHbR85%X668pvi)tdvk@wU&y64V?$m!W63I?wm1`_hNg z)5f;XjLVhxkk_}ZyD^t(#%9Ag{Uv_8du}s_ww}+?B);JMyY+h;?gPiW?LPPZ-}j$e zo-e_p^sKOeo7oa8i(##-07nd;SOve?w-)#}KSj*=bGcg`XZzH7;cn<@&-?-OyzTjJ z;TPLS(9kZUoG8IO?28o_6|%>0+B9$n++7|FX{!#hn}H_tCyH*UjcA$0t~ z_RAXSY$lkS5A1%0KKboheY3DkQz+w>7v;pk=7((mzP0`zBqwa{iG8qj@9lKiTnFTx z@jW)sYGNJMSO?6;k9j3N7n$nLzu5)N4pF6#emcrolh4;G$PR%YuYfFre z)92$1YBV+rc7vp$RmPjyHeLby*o`+kuPN-f?c=$zK9rs?gp)0|(=#zsoA+&eV}EgT za=gaRyx!cG?$urLXJUkp`7N>D7OSxNGf#Kj_83l&;ysSpw?F45T{t7zsqe8LZl%lC z^Vu`sb{^T8x4EC<)Zjgd`P{Vq6Z19SnC&CxdCUHDw6ymm9wYG_PEME|t0nlCGyY_c z+Rw889sk=ome3#K>dwccpfuBmK5AFo*xR^!Ys{F zG1JkaJ~GgIQH(-l3Zb5nMVqDK1{6xNy&~Xh2XQWx?s3)k;DgN4q}Ve3aOO0|=Id^rLJ)xCZVC?1Vi!Lp=1HcJ&9k&X z2cb(<@%zw)jK$bYuZD4IpYLXY$#85q1e{ZOHset##DQ^hyh+9jCC0PS;2QcMSdX0S z;&kmiOjS>MnkM_nI)F~~)v3y%63Livb#X@XgFPCc2UP1=M2m}dSjD;0n$BBf-u?^N z?g~(ek`yIMp9+pcj3<@%iJY>U|k`|4uYQrjCa;Q+qOxNr} zL<<888Uc%NrI(Cob2O#Eizqx^D#3hAIJ-1owfpyikDLQecm`PlYg(8Z(@58#dQgTY zfOpy;Guwkh%45%iCg)?5t|Oq==INJ(bHTTerD=KzEE6!vGUb33bNZ;!m=_y7TY&MB zlXE$EftH$CQbt*h_CLN?W%RH~!8oUQN9kmDFV9SpC3jK1)2D2~wC$Y(RLT4bYhk-Pr_tXBP1Ui83nCv4Xnv9#;8hR&zTWneRp@lfV z^ud?c;g=;KD{MV7^9xkkv|FVmd8*3fHI7&t*T#qRTACiG=T58oMyAxaK*bQ%9jU-e zWMrnPE`39VdGuVM4~*YORxB9t_ziJTmQqOU`?U!U=-zsMS9pwqApNGEm zDK#8n9F+7h4ly5r+CGf=lVs-4&XMiy6dcN|*()&$0{pAlnwe#<5rjx}YwZ@^9%kER zi^Rd=A@dr%@0@bv5*YmDV4^4ChzfAX`H~2#E{tiR8$KJH(3SBdvN7pp+U`fc*Laqe-RVo6i?$D8Z z73EXMu*%xAS5kPs$PE3PI{MTDzqHL`T%$ZCXB1Hp7gTMwSB3P9ORXqYfQk~0_iK*l zA6}&&PHIr~MaVvS4fOSNYj`21d4DO8NCE8*gj7KGm51uen3sUzL_6}%qp9_JGDS1h zP-1i&RcA+=`f#3%Oea(A5F{8BM2_ZZe_e?xITzB%Y&TsZj5541KA{OR%LnGBHOP4q zUO^ttVlQH`{_N_3vCuD#kUVNeZgf$ zvtDMr2EYUk*3!!cKCk3#SsNJwDrZ)$z??3ok%d)MqVnDMsHC)%iqjJKr9ivrlau64 zm-ng1Rd#$qhmqH7tV7y-w|WMq^;UaWbDXoLysbwFs^S)d{ z-a*}rcdBDv^T=8=yu7}kk^%*+N1^sN6{xHzMJYjZacw9tS+3*nhm&P}sy7L#2T-4a4E3aqVn zk{%(W3&4#6X+{*=9ovcZwX-3<8g7MH2dA;Pb&0Qvxfso9#yRNCRbCZ6DGn8>G>DXA(Opx@Fm{kxL#Zo7}<561&BEs#|`+>X2kYOJ3L zuQPvR2j@si$m<|y{K}>hkFYa&ox(ZmCvZw9N#1QL>a9FwbHDq`c+!k&J0JY$gkGwb zY#z23>8F`uXEJ{?r-ZE`A8coz@#Y5m$iC9@aT;Zl?F_7Abaq^`!~N=~f6xjv2q8DD zYSqWQz3dY&Rb%b9c$9tG-9pbGjMX*ZC0X*DPsTp9eH*5F zFSd-Xu$HY^_KdezEFIs*DjlsBOqI`XIKo zqEE06tl7F@{%;@qj?evoU)(ZJ8uUh(=UjZAE+%!ytri60@U{!Z^N6PHY%m!a?QN6=~mzN=KJ;M;BI_GihOb$kC;TbAAB2Kz?`KR z^GVs{PtMIG{>;WsbIE4*=VuYPpvU9f zsAg7@HNIY=j9{v&atT6ko(-XY_5*D>xZqO=ozfGb&u?R~#bxw zaQF9Jv-^OLH~T85q+Dfa=s`lK2I+;hROML>@=%T+E|*R?_i(0uKyHE49bI@ zV*6+Wc+n|rD2^y-xXCbZh8vG0u-nG75XEd@uD_^-q=pDtW z+L()|g=+PY0s1-3r#YVTVlQqc)tD}Bj%%OO@e}uzaNlf1t=u=vnJ~U^=Y88Voe>h7 z6L#NkeRa#9-uFd3iG_0^FIzdqJ5*YfuEL1{^xHw;rhr{U?~9Tk$7#hrr5~=HWyS-` z$S-Or=g>35B;JMAK$1b`Oc9u$NyCSMEn~p~(^a>Exm&aNfSD$q$KnVRVf3}`X&{3a?0gBTcxQ?BKY-nmlj8U~ zi3#BXCV@51*S%9K@qGje0W3xjS@hM~D(qLzY?2f63N!F8nOs31Lb&_Z=d`vsuFh_P zh^^2Td&P&%TU0}j9eTT!<|ZNIL&#IsVxFqE-f8vFOK{d;9MMmlUI4i*5ypZ!>jXHN z4r>Aoer_)MD?!Q`sjI_+D6cI9s6&CfNEArl}bneu0-dp%ih4&!n2%2kU74 z(8?N+OXxinL4&N_CYM;V*EK=_h#@KZ8G8;VP28 zo&i;aAl5X7dz9W?G5iNDeVlQOw~9Z@dUh4_d`8a_`i92o2^8Wy{jqqyp6fFtHYDho zcs|vJm1&Bgf-?$m{yJ7qq-BUovnW9aVqMhj#$e>1g za7BU9oE=J5K9w@H)hXCU$RhUGGKn3tL%sC#Sybl)ykW_PCg?%F8|XWvZHBaTjO1 zT@m!b7&dWXUAdZ!p7;@so*U~%&sh!jV9&xYM$ZWRX*#9NE^bY-C!nW2Um5f~u&+or zpU)&am6n{ni=(}2Cke=&FGRr1_I_S@HTUdreu;9yy$Yi59Cf{`V4;+8PkXGvEPd|@Fg>0d;~ z;TM^MzryS>^UaxbyPe_*YZ-qwHXY|*>7EkpJ64I0FiB~AP7=>x$xJi058JP+2Y>A_ z^E5rlf}9@g=>U9I))Zg&ydeH_w+@_Tti#@;8LDDW*_`Yg`v3`R%k%+P!jA>BnVl0r zUrOh5li+7&fm{HU$IibM^kse%=eqZL;tv?&z5bLq-;+2u;^Ub$Y2yVL51$(6%?5gh zOFDM<8#k~XtH|AGIr8oZXm(2)~h+>Rp{?4VBs>7JI!n@Wc4t`o;pjzcVV>4u6j{5tTt1FG6V6H}C#WT0JqD;>Ig zu9Xb-E1DZz)jTDr!R%5U{=~x$!+mcss^S!?Hv$vD+FjQ#|I0giXL3V|;nSZ;nvZ=DXSeGn%_Myc+3^kF@GtWooeb|P&G~B+h1qi2-Qc9XRE3zh?9u`z*w(l zE-}v8FeUn6)X#E2xs%4|8ZWJ%2e%;w<=+QHKr+n7$&2GUSqnIXN0P?1?puV&SRiI8 z@tFoUXA12GSsMj7T)+OE6RO0qdHPo;b?P(<82t*C$wqZBLZ;m@pb06WY7z=(w&s@$loJeT#2g)7;NoDQj11r& z2v`_QV0KxNjy~~(?!T`|^>m;tN?KOx#-Ogfc}o8;S$OYGOwe~MmFKa_EE7KQO^M8a z4_OuzMi1I1{uBZhJcnCz)}6mwsEK!BS0g}^*gt8dIP!sLSszzkX^lSl%;$7uf4Q4fti0YP^LRoM%{{ z)>OXfzK3<}Ua)~HBC5g}0I3~6ThL~zr&Vn)OzKUtaDU!Tz>77>D&MP$dV2EIM0B7o zOR>6Y0yL}2n!HLzdrYUN_b55DSdZ+&AvD*jYcEXebsBCz+d&|VXY{QXsIY98p7`o< z9Y0d0BCzH&?NrAhJlWmCejjI^)B1TQ0a_~Zcu*sPqk&~I8h$(EaKAI?LMzK%H>DI> zA;Ea3y+3}r{mX&i0|F>HSfk24je6z>DEg66o%`{uPA|{sZH(QJ9XOCQer=9tPF=DS z-FWt?e6bcbox2XoFEXE0h|gAK8^q7lLErtT&Psh;p&~t=9WoDs{Jov0uhG+PRYTY50YnhqpfAd5O7z9uJ{@2mq#oK&Kw(L#-S28}XhrW# zaKPu3>r)4d}{Im*+ zi}b`1_+je2UjN0gUV3{yog-UtRxQH4JDonj2L9QD0{Q!7f7dinxZm!tG&c(jC5zxDjfdgD~9 zemOI(rFoztF`zBzirxjkAPoo_XB5-S@<;;#4P@|zF7|sj4&`}`Q(fo9p;CY$xBD=? zbT}7|?o7cs1&jek?M8Z$O1@ujQVt%c$v1sSk_R{R_DLKBqZo#>D5dbJIcj{!nwSgz zv(`A*EqLfEElpn7T-+CO6M2HSjxQYSNreQr_o(SWlYa1hdZ5&2;AAJzO#{xt3>;ts zS2gk?)fT6R)i;++fRJZHPCKWj<3&Dn^RfrFD>0V)(ftgsJC?NDt-G87|r3CU*=z+K#o7Uwwujn^__PVaLENc`e*lG-Tlyw5CKp3rW z%+VW!;Al>rn)V*n_dZvrL%Rt$=K^!P#=4GWX%z>?Y|a`6T8knVLVDx$in>Q|w5+lg z1W=8>j`~}oA%6a{@`*p#YS^35mskUTfPDzGZtebEdgj}^bx%D(QjAoe$u@VEVSpf? z!lO4dcl8y$e1?7)V>rN9aB^qYtL^~zeTVz%xDP%}GHV^>ccT5GT3#I0s~5<;>yju$ zwF8l1O~B+%%z%hRP^W>P z$|<_pt7;dJRr%X{RsGq!Ix~l%Vh&>WjEPYh-}bGO^XS?B2*F|uaqKR4uEZDg)~AoJ zCu?fZa2v>_+P(VR)5mo0PWmX~97t!)Oz#-GeqPsK7}hHn=QYs{pW_E}d+_6sc59x{ z$Ew}o+hE$}d6amTt!Ww;GRv*rShYI-na6eCZN0HBymCdqOwgszbS1mT{)3i20uAN0 zrTWSbI0wAh>UbkrW$5=0oycY{61+#XT^?xF_{CTB{AthwV6xREj5T8&60m$5++Vj> zUwG!24in_Qg)Xh<)Cyf*zC_{(bg>G5r|vrbG(94IzGLIMm5S>V@C)WY9KsB5CtzHj znUgCeqh1Y%8}$dzR44^xfU`dy*U43qQPxT3umChXZ-GtM$ zry;1_JU}Wk)E>j_Wk*V*C1LJ-lGK_?as1JncIF0i?-6Z5)ILSPD$S$JS{#9g%2Y=( zM;Zam6c33)^?sGil7!HO(~R-0fZAob^XVHQUT_vyLgzq^@gbHdq= zgT@}!D*F6(o>>xOY6QK04cJI}hFTzoO=XYu&w6dGgY8>%S!iHXXJO)U0!|^M!b|AF zS|z9FD7W^I8ftU(4EkqXU4f!C6$)ZQq)#*hMVYP(^ShDR`8v^r4%T;8mtGjv%NJ)g zPK9iU9w5G0Df;U^eGz^+RG+5;5{A;*mr>SZtobzZY)CI%TGT`jx`G8raftb_LxQ=D zYD)AP+gm{;57qQZ5ZRn!p}`hSTn_8GlfYMvM>$sR?mJA6vTxIe;*R^8-F?5= zyw4H?u{SacOQ^d4v>u?>-XrB9Kj$RJ>1CW99%|Lh)ipf_lv&3ZYaAxP zYc}2{T?}H6bwU*0D(6{0#D!r1Gp;B-+&+Yfy2)f&y2sY0hBnq1_S@19P=_&1fN+!W@@&8DzhYWU(}= zvHa}i0CsCC$*<{|VPLD1wtDP3cvE}7yX!9gNj#U2aZ`*g7O_asCE4hiw~BKS9qcxG zZqnr=lg04|&j){`Wi@E`(Q^IK*E8sW*Fi=5gf7ufasbEey6XuQ#L>1#kA3|yRfOB+ zIoYRE%`@tsMNx{-^T%7JnjHuAYgQX$mqH2fC&qM-M(|32_ zc8c?@_3m2hweg~Eyd`?V`Uv_LS2x9<4>@i0%ud583q4OgdqKY%;rWJ)o~-lch5Ru? z%;aEt{toTAf46@4tsQD4&}MQlg?UDK_TkHKGS311j&+~x18!}BeUn^@v$kB{_~Qx! z+!^Y6Cq)hAnR@VnEal{+kys7nbD@4THGv%tx|rEjoAbWg@9z27@=3s=GTy$Ud))IikSJv1`JB!P zh)WRP-o~g#IZxmgd|>EYR7)B?A0d(U29<|+-&iH7-$Rge&pmqT2lr_Y$*TFti8OrB z5zd663$N?yOa1!Y70?L!p{FIX!}5+U1+2p{*5R8?Y5)e)_-u0>QdozL4U%UpIf#+% z@qVuhUb4MwXSvbJLB-n#^4gLY?7X!nwNo*EUjAOAL9p%TZG1fACtJI9>?%8lO@qCu zC))!uHW1b(cN_K`*4O^vUhOW*P#(eWAoL6qupB!7D)j8rZ?A?#K1Mu{#JbzFA(&K9 zQ>S|$|C}D$ldp%%;2X}a6&#bvGaXv(Ij_Hd>4vWKF1t1trW4sZ1PgZRzyo{qhu>&Y zT`ud7UoqhJJBe>S@XMuT{XP8I0e`yIEgvOtZ08YYt&gC4FsDg}9xB!MKA)!km#^v9 z%_M~{tZNv(*?JV3PE)n(fFA$)Ln@iMsOYI)z1~bhAuya4Aor(~s}Z~ZYd^eKyGTI1 zNtcKQ&%NUK?6=pTOFzdK``6CeqS|U5;XFzOQOegbpvFU$+WX`l6=tD7t%gz6=|wx< zreFOU9RYNhE&^N@Sn?<3D7|o(4j$jb`PrzNoZIL^lJXF8>F?eFR(2G*gnz-0f3Te7 zgin5z-j~%`YQVRfiQHYpW_a^w=k%Llbm|Fw?c3$<@5yHGb$k3|c(1>>-x;IXM(~q8 zkV{~v7)(d!B zg2%vFk8y|wQu1hOU!qzdmx93bOtyEZucOOtrcB`Cs>s%e6nS*0v5%@5DjdcsKV6ts z=hbF;$&lG`>4xbhKOfXPg zzY@l?o1@mWJ2Z*1cTIy=rC*2prKve8dW;Xd_2yeI0HqQI@@G_o1gz(%5=qI*rI~i4 ziYxQAv)rrNN(`%-auh8L{Ll`Ca!d3~zGXg9F{BU5i;4*QS5^#lQTGgEPKGX*!bD}vKGXO^MM^02t513D8sDgO~xb8 zfq<6T4|bB-UzS(qltDn~z^ChQ6y#{>%6VPvysFR)PU|pO?7l(-!LqV;SF1W}Rdp}i z&9~r*n_i-Vlr`FO+@Aukz7Kx)OC*4a)VD>($CRNBR22-(ynD!}Sh!`$k|X$DTF zY{(3hFpX%($(+41qQ6^)*QxC3VeZSJQJsI|ZS{cB?&~JweU$8e>s7{lZ;B(1Res@P z|D|SRshlc_N;1v{2y$j(?B5b==O)Y2-yE;c##>@MvKHNV;SpVU^DXtH+juh?9`~b& z!vh%Fqc@s$i3*vOoMbi83$11sP9|VYCR#>ln2VgmxLl`+x^HGcEuB;(5~#Hb4##k; z@ZDb~KkblACO}f4`eStjkib#y25Y_-rF?~b$us0+kqJCAr15rwKr=xqD$F=S=|di* z(p#hc{)e>hV7)$3A69X+TNlm^kvy#fGZ>f?1VwIb=)K z966wS3scnj?nTWn;s~)IzmKZC?47DFO~bi00c2J$a<^G$nzINFgFVlH+)jnq2rDI4Gso_|G8f%b|ZC7=%C8D-joKpnAigE~?&kkz3)vMO= zELSyZGR}vQ?S^v3c6_YukO?=%lZ^>K^A(qmYdF#JsZMFs-o5ZyT||ZJojQG*tSL$# zTseJ+K;-nGu5@AGo70ZO0jn&@t}4-<$I9uk!u)5N)pmAWlNh~W!|7vv^Dq{x?mNW# zrKvA!ul0ftAwn-k}|5UYYG%RIpKO` zsjVJcda(yGw2lC&$CO5~|gz1_Z~b3FzH!8%~{d(H5-^TwS&(A=E^$Sq#m zuk4g{Yr+dx(L$zWZk6@;sMkIM%`sr$uJ^BN1U)Lmcz!BqYx0wIUp|I7f%P+8GdkUk zZZl6Ws*+0W`}7WUC}i1ShdN2d86>-Sm25&EdPpwWS*1tr(f!Dip_Kt$TLUr*K3!j3 zBm=XZo?mJDDGiC2N66|7QMEZUsI#xWsg5Ktv%5HZ#;NqOkQ~`e! zMDG#aas6QlNCL>{WGdF@=}Fb!+({*{WrnT+u|{^=1?yEs4=8V{cI>#>tIB#nS+6RV z<$bQ3e{pB{`@D-)bOE7QlnSKMTr$clR9EHK^r=fadD$|f*<~^IEHK8|^h_-}utT-J zRMm`7eQHh>r_aC_@B8_8@rS#*+0IO4?n2Qw002M$Nklu|lJ__Qpyn zpfAlPU7*d@<>Unh7Crtlb81wdO|~NX?mUTcZ=dP{jerW#V3EooXkB@ss%pr7zeL8p z1?F(jW>djgxwAsG)jmxk$4_3|q)R$m3ozZ0&x{&#}#yr-6pj#NZt{WFp z^b@jZ=LTmqNQIH6`gQu{*QuzVgq~jF4UEMvu42T~ zxsUbRT9L#L_LQdMT2L#83Q5odGD*-$0{+a-I0A4!k|ivt;Kb1Fw|~fMmly`~M?mga z9BEaDt-~bMssrd$ktKPj`gEEEm`u+!>%f`FI#>YQZwVU#dj6E4!|$Vdj6HDeodKm% z&0Vvr3Aw$d-Q9yEBCV)pf{N|cR28E`l%j)Lv)nWg5E>4U&{FNu#M|ff?zx-%LV6qg z5?219ovOnQsxp3o(biJXEozF8>vf#dBn@6W4~mC0v}}5oRj|WPoSXB#GoW7p&4m7J zFvuQ)&F;Ll`{2(Hy^mCMgPKNlqhb!nJLC8`8z$(t76b~3Kci;=1qb|aA%TgKd-rG` zI&CX^t%K^4^%!uc4OQCnU_HH@0$S^$ms7{OMyb*b1CJiSMrte!=$;&^A?RWE?u|K} z@3ZW9g7!6eRFGDxx{^ZpH_z*xGn;flmy+!xlH=~#sao`!s^Ky907VpGt`Y3o1%hDL z&nN3|CP={Roz@81x&8^(@5NV@K|s;dwW6NMMD>)(dD|KZoy7#dRaRIZ!b2S;>Za@qxMFJGlH8b^;88<6S1@9;PJXn2|XhBI`=?n~mn zPd`bpnEU8EbftYv+wXIgMeILkbhyL!LpH#N{5eJiYmA<=L68cnc4R8oyQt}A5MhA) zGl!)mecpOGqTc$eZLi$BZ@*>R-#_%ngn)>yV~;KMX>=$Px=?i-sMR6pQgP3y4jNtB z=)Yu@=J-auR5@?b1$8a1lYHnvi8mySw+-ax+5&K`_)^xX_(;kEDF?eI8#`bS31yY< zNh!t3#=dMSS|Nd8g*_OhLY@5(PF5BH{<^&t=c~v59J00w_z$o>E#WnVB(l1am@2bCpunE(IC)vu5@%OoNe-3#JCso#)&osFoC_-? z(uHX)Fszod7YJ|^(qkt@yZ0v}r}!-9mx`TWy&>%~$FKdEo>!vWidvQ9huB%@qk^{@ z-8WCwR8QnY?xo-64*dyn8gN(IAwyfd`6;?Ou2#I}O?Q?0NLl;?O0J_q#b1>~n^c}!8pyXty(v99I@@qsWgF%+j~cl`NwAK>}+V#jYj zA8$)oC-#W=qOhT;;4W+;sq#^h#nG46+pnsn1)d<5vqp7HAV}f{)w8uH?$fc9PL0yv zsRaZY(m;_#dGwQ`+9M~X@`*_hL8kQ5o1Bq2fRpfTRS^iUr~#b>`0MP;Ak1Jh3SV7* zb*UQftA$@kF1vVEXIR|fCHROSN(%N`1ifOmcU~P6IQyZOv-{nQ@AjWKUk3YVz3qxxdA>nVNJ1na_|Qjdb_DPZQkjlSGF2mBdWm;UbCdMFJad5_Pz7oO z(P+=XWYv*0mrT$0RQ9M@iSf(ELw*9Q?FH2(zot|TJYQ|`x@Iq&(HWj$nDfs)A4%&G z&gx`EHC z6FxUVv5w8M5kv3G^C-7|R*N8=yvRC4_`MgzsB)4}i}#a&xg5}5kT-4+M4{%|1%{mH z*phWyKWskOE#Eh&LdRNHK|MYp^y|{Rum)c~MGFd&oOqBJXDVqVD#+v%ynm1CWBpX8 z&`WgL#>!OTF4o}@?AuD@4eQWMM#mube>kxYwY!p3RTst1vfvJMxn=abe_^z=vt^A$ z>$!nuT|Vv8kNQbwygsD~&Z^a+8#?(s#R4mX+UO!UI)i_m0q@l7?rzMR<4tdk_t%N> z#;I;!9lW7;e`n(jB*sG*Vmx>|6mcZIn9JY zv_a%=od660lFxpjhDbFfm_L0@ubpbss}rL71!FL04~^~X^{;<$fTqS}da&m?Qoknj z8j;s^Dh5_L7y>wh_v{I1iIVM~|LCe-!-+nPbGC5TUY&UAyD$&%A?4}17iUX5jg|*d zsNeoopH3o-v`XajzDoUJe!U71?CAF{dv0^4yyAZ{Zr3P1EU4CJzsSLqy8>NaBjdhJ zuR)jj)G8J1JfVi2z)V3G4+qqbUhmgg=;D;ND2DKF`gLj}K3>!Pj8{;ve3*u6=-bAN zuLYQR92g#8)nI0_A)C^NbY=FM{_2-qY8jxpdC`7gRZ8@yUql%y2md;43~pPVsAAV!P*>nDTfg_oQlGmO+2xTS`_O2sKkluZO74O1JmUTRh~&Vq6+ z;-Hybn^0(c6vJ$id+hKt0czqGWrN#%XruJ4k3j*({*Xt#IPGEx{B-tn_kil^!uT=nHr6 z(;*`2Pag-)qJ$t3&UJ%$ibZmT)YGw})({@31R7HJwq4V!e>0+YrUo>zysqiN9=-MK zu-^4Rsg+VS-CM5jXV7%ojGHvF=z`eqd(fs^pggJ^nt$>ey?t#^9jwwym|j_n*=l&WSU>#V8&y9 z0@#z6+aE^Rj_M0IH#0JzJNwcg8$b2UI^`2M>-z7n>P>osT<1_<-XOpbs!-F3O8wD) zgf6^q_gk-nZ@i!m_&OBEAv$oC@!*$p&;eQiU_hV0tXtL+&g9A84)gr{$^{n5oMm~8 zP3^iVUo9w#Qz2yiRTdS52N!T)TB44z|K{a_xX82U_VLcf*TUdf+<4DzAJ2l73_drZ zYp?%C*XU8@372WlL)H4>e*kI|$NZ@uzpl#{hj7*gw2blMP3(p3*zfkqcX!$Q_#$xS zp?5|$d+zw7l`6*(JoKwq)OM{;ug|2AtxC3#e;PU<6Feo*A(v&PItb_ZJh;fg!crai z{O74~C6g)TlDe*3*I)d+OIJG=Ip{g?U0{sB7jhy5tu``&bn!O;P0^^wzf!0Y_UZK> zzogDfWNi~P8dIe_*?XyiEz%GF0Ec$=qK;i4`w*5$hAljZuszptW)$f#cbZ!hc0#R+v1JYL0u^PBvH#Ws+;ew?E&D+wo@ zRm#NK#`qKdw%7b3&LRA3udRaDL%KH3Z?I)J#|m}yar!t>;d=e2FRJa*px&IMX9^FI zgo5P9Dd_Qkn7pFXdv&HXyZ zdB1}E4rbKofd_W$e|YAQ>Zq(ba=M@On`iwj3oJz;TR*CmN|O5Fk2CtwZ!W8UG6!ep zqdI)FO#k*vWYd-8yJoo=K?0P!cj&=myY+2gOv>mbF>eV3K>h{R4scj`bYLCXg>fAN zzNNSMnofC_^p1wLh*NW%faI@!)E<{RDY-{wTuhytwZCpKn^PDbS>eE{o zH{opH3U{5*!Cg3bcMb!=(yPCGg$C~JK*S0CsJ>2L`D&F4BV+3RG51~W)0^D4=mjpe zV6P58T&I8a?fbPOuSgGfJSYGByiU#|=SU2iCChYSz@v^+@Fe_T{Vrkz491@Ack?y4 zjTnhR+vW8pcirvxO?kae;?f=CnY^~~etC1ebuv$_5+IMBKxKRH*KzdAZyo>+CO1G3 z+<4Zu8uE>Q_dbMvlSHtQO1z%)m-ROK%3DiR)WGAD1plm8)hiLst@ZM4y{cja@fnx> z`ukmp^<&?9BI!U+6zkL9u2VA3!Op*WNjJLL7w9^n2o8Yt3LSj1N`LV0_Yqjn)9%+^ z!--ASo$2&U!anKup3eI|O#GAIzc*Gjy|JoMov8L@CXO!KCxa8s0wk6>zqCkFSo#W( zLfv}pVyphsulhAQn@w`tLEU>aPygyOc}g!^qFR1b!{~b}$f;ryah~{2osve`M@E<4 zadm8?%RQfC{Qq&k%5XY4x^M#Ypd74`0B4Stg?^9P-eq3KpYRKKR~r3gFZAMf@4=r& z%lKvYkeo$H_$=pXm@2RZoU38><{i}Lp?ze9da+ep=_$c{qY|(XU65Y3w7DJ$F99 zEqA}~i_L&@WQ8Ovs-EZjJZdGG#O7;yoo8%OBfsd`T8Ak7Ve-QdzeI7^`conbmU=XP zW>hcyS&#e#Y##g%CsYy`QtsrNx;&k!w|pm5#NPcJMt_jNoh6o(HX6UwDnLeD`+t8! z9sTePL7*^jyZ((z-S@?6eed5LAW)jEJ+DoZ86PI`4Jb;2rVo9JM3g!7_-CKf6?%!i zGe<=`d}uZlCnR%cZk%JV4QD9(7O0#e?t7T~a&EaVmHUvd+wVgNnjG{4&2D6!9U0Jt zu_0YB5}Q0hw>4t>Q!12>+cPwh1|Z zfh3rB=RkAF--(=m0LUeuN*V@r^?I-VpO;58*o%Av{-*Ib2p`|AmA7|TZGTN-!2l3A zjxNX-=yLQcRr>C~J*WyCxO-m3k;FdgMITvPp3)4kJ+^)=+t&{Wr(yKT586j&H}PQb z7tWv+s;z;*@dGct2v6HS;<2|bXLs@{!g#YJjLr9Y)O`DR|8#S_4eWN)S)%AUOF&}x zwI@+UUZ?dVHG1k()p{glQcnUY_xuZ2wbZw$W-_KNpluFiODtLkDs9PNtJ{;e?)zHe zzGb`bdG71I^**<7A9q7+J!$-*ErG`zv{@NJ)s@jH6DX}tbf&%$!w7`8m}7jrtsDPE ze{g|jMsReoB-8d3N0;c4YCZK>f}W$-^*cwGCABOpZPC*$^R~6Tn~83Y7YWUyPxq2Q zmP1lrjnWpA2=?IMoZ|8E>G%mM2SG`|{h*?7iw1!Yd;QufiBMEZkjS=^ip9^c-#6Mx z7W@%>4QzK8FvV*j_!^t#!EaRSnLoXUpV;pt)U2_8`-sLzNPY~VZ{}2Z@HKdJ@tscn z!%tdu73jPW+5ZhEKA{Ib_f^$+N~xZuR~kO4j&=gV9apKWZNYvdK;o&;!{4aYGe!7P zkZTlaY>8((TkJ~9C0XX+2|aqGLSNgLqGFJPmf?R(MnPJsc&|rCco|5+&p{Bj{jJk_ zdtnG@T6%|qoHERK6Mc-w^VoQgd^0}YJhFtMrLFO7EGMoBT=8rC6AileGhfl8l`A?C zJFAyZ-O&H`>p@KdQ5El{#RsrAH+z)%>5pdeerlk{!KR(#GdAUt{oa>SgQM$kVm@7WACsA#T#so-FPsF`4T}Z*AB~54NW&l-%2< zD}Vc2oo%1cyTC@S`Y0yEy2<1{rbcsnfm@CMWA^ssK_^_N#uVN$9XA9PY*vTuI&6b&2OY14P&< zo^N@9_5^_ned3u~J^d$TT0n+d1!_`&L;(MShUft`*46CzC5g|m9#Bt{oHxx{bA;T& zFE(mi)(|MFEz%?O(+m!@sreW7d?e>D0yF~f!|MWcYfFt-B(`)pJ zZ-K<|#|KnQ0O{fLJxV5t`P`D}2n>|){qWNVT(%3iNdEPBvs8DmoC=v5g)evM%71%X z?UNK5ASWU#1)S5B`s8U4FQY~?=+j(YU`{P`j=U;eXjO4-zo$Zm%n-9|TCB7zmTGT&q-H7aT z1uI11*IRzDk2>ZZ<8|LU-qaoAS>Ou2jbt(}zV3!YJUe>G>V-~S{>!&@eQH5{_&4M9 ztk7fMgD!t~uc}wmwfD6tus&QR83nySWC!%ispyI1i0gw!`^1aIBEJ7s$xdZ=FG3Z((`V_8SQ!D)c%GEWs43aPn%GeI% z{NvDNh05VefANmm(0MlLk`$=ai*Yb1+>fPpOJtl3u@ z(_1gK=x_h7U2UVYTE|Y<`RHeK?9-o9b)c9eQ@_Tr!8`jhK77P_R|xT?$l@Vw5V z>zrGHF6dVdSm8Fh_|l*+KG(k13-pV-f=|A{@$nNssG}0G7@j9@*yMuS-5-g9ANkEr zY`*_pHVM8EZr04rdi3OBpk!yPsvErN2`YVhfvE8TZ4=BU_)!Wp7zUf49wiG1`gN+U z{6RC!ZdEkjZ@jp3oO=j%q>^otRZgatk1R?s>|g1d)LUJ1>O~k?d^$4c(QtuZ?cq;L!(Q;=z{Tg@K|LgyHbD43`xkhhn^rj~8;|;a_uy#O*^mW6+qwgA)%&*W%*5nlJV0 z;+b9q)09@pTp;~Ylchn;r{JLD;LWD&)&dc$%zho?X=8&52?9YYK=ZjWW)uStuy7Gz z{%ozC(u>o}f-@GXvCED{YmRHdHa`Mn3A()a+(l)t;`}?;OV64mocxB{iUTx;(-h+} z%Jb$HQ%P~?5RSMq<)y9ytu?LZFVCnC-1Na28{ah+agby2YvAZxmWUPA|xhk?sm)tUYz zje^l>{f=fw2Ps(wLW&aL2=leiFe4NK$-5K;aw`XZSf~041CoGKk{O!Db+&J9etemz zau;-RiZoGddj>mrjfVE0y_>DW`?(RN*F%PCAeFN5yeg{0aQx*2RQSl8c2tphLiX@H z8Pc9m29Qmex~DOhK&MAzWWf$)EmM6#1(Z#|jUL~Zj$WHITOf^3a-+5^umP;nJq%cF$0NC)f7 z$k6d?2*|F{><#t6Bdbp73%gQigR-<>xeqLLTQKVlWsBhYj}UaR-WNC&mj&bCSm-|+z+#=f?9M2$u2M_(5 z(t%EBS|Jm6eq6tv8rOL;)<-7!OwzW)!DMw)HFc3dK{b3{iVUl-h^jfndTW*{K7!|i z^m4$MYq>apte^y+jJ)O5DUDU7lW>5Mh$5N_52hmD)={>j^vp9&(Stk=7FW=hfM(jk z5oj`|XD0$wo@Jr%Kv(33$=xW=6k$9PHNkC8*VHudaGXt86v$qj;}bMI<+Hs6lDq_% z4Z6mc%04%ihhetM1!G>5PhP5!?YomtwgF5_<}+dh&&j^v9ufu!s)nZMzm-QnwEO13 z;_pxz!I3jJCe_}>*@=@f8JHq-paFv9J}bUC;%sR$kI{L-XWRG9Z;WSr93PwS4#JE6 zb(STxGgGDc^sKltpq>``%25pyp5lyh$qDe7?FaUdL9`@so~D)1+XZ;Ooj}vZ7RU7~ z`oo+@&Wz0ZhVq}TBlwl+oO!$j_VmzZE=Q_Cr#1AX;D|(sFp+q zq|mouYIs;3&}kH?RfEMby!9348C@XQzmN$IG;+Y8Rv-*JJYKEl)(b_O!_LFL4RFro zQbAZ=Ko;i$JT*q3sJo9KDVd}g&CBRK3;9%I*8sWeHw^l5MaWLtpflWaMui5I>pFVs(bh?LmT6WTmI(0>PL^hE)Z#rD2+f z0Pw73pLkMXyUXJ>(JjrCP9 zyZbxU=9|;=(4m|}i6jsO@>4f(7g6E9u&nFjWO0%hlN6w8wzp61WI2xzi05R$Aquad z|HgY&<*@FFURAa~-KO|`9wxrW?UU?G3#1h(tDs!<xn#D9)-9crm0wsw&0^Wc0xhuCnL%rS0853PFXNJ-pBr2%#V!QOrlU0gMy zA9%27deEKe(WUc!8o|kk-;zM~q^1abFJ=^g`arcMXG0criDurUOA+#-^hxM4Hs|QF z=;%Tp&7($_VtRV6YM=nRjKrV|l%)zk2ERu*%VNMWxg;~P@hyQWYWk<`T`~=gZ*SpG zn8)i*nWngMrL;Cs8`jj+3sqO)6rd2YaZR`D>G`A!w>njkY;$Vh;8osmw-Se3S zDvJvBK;eXfV-tGmLW|~-sRcLPDWC>NE7mD$1_X-s2|-0JbZ+y;oe0F%J)=p|H^tAh&N+c`#v(ge3J#xQ|#Ixdpoq$Pd~_z{^=ijslFybVko3ul7A2zcQO?L zyeRg`o&54X<1vi&v{|5T^S@#B{v+^H@;n|$4JhcoE_G+fjOM* z=+$PwGv5VJAGY6D!+q&?UnBQ@Cvo2l_YK;8zyK3GzOx$2J?dTk6R(g&UJ__e&8p+f z&eA^r7;81ES4MEI1I2Fg#mKis%e(sIf2KE?-htgX4_&&>#pxO8NmF&1(WO`^WMzNz zyH)JV5l{o@MdIiQUGTTKdWB3Z_>6%1kWKjwz7#k*E zSJj3dvW86Xdx3Fl9{?_PT@%O+^Eudf5p!%UnYO;nc}ozO`QPcwveDrg>}(5&=Fnne z$F87q2osE4>``}HpT?=^jeybE6w(>1nOWO@*VrHkz}iZiD8}Un$bC`3TCiv zys<%ibHZ-SQu}NZ&!4Lj#1&Cy*#K1=%QtG)phicL#bLu zM*6cz{^R+wc$#TEZ`S*L4s@A1F9AN%&-pEIMXLt zhjnXlu>t}HYd3?xC^vzGd!e0 ze3(7${hB73Y#kX8fv=qXW^#$ZuRVK=76`_ltBya>eTwT<{_qK9ciH~ygFmrX*?%ah z@Mj$2*68(7_g`E`wmo9~o>*ggig%CrRZV-DT6{u%i}>0=FiA%KcnvsQ>#rsF*sAHh)h`q2i!1+d9O9$%;50KXC*@@L~*(>D1kIo&Ny8d146MuFyNu3^{(-f z+L#80u#JaIapT=Nq)pgpjMFNKlKa_3oqnZHm)<4%%7zVO0cOZ1^}?*HWCVmL3l2gT zWWOs_bdF0hvwa8=4_Ov=nE`4&cI;4z4{8<%2R(zEpy!>u$CNd5l%OE_FmMQ1{`}fi zMW*`+t`OD5FkZtk1!jo5*Bo|+W1B%^=;NOO!**x3b`8I%)~lWRUrv#I)P-<$%D+92 zO(IT@_$$N!obR$OjrKNAJDBau9OgI-46eZpfM}RQkuu=WG)hD3Rn2r>)4PkK&N*Cl z{L5g}dsUhJrk02L^ye>lfSxlUH4lw(&Zk+qaW;+<9C1E_f=qX-#4`uc#}AhVx+Wgzz6SriQvptylLhcDn6I{roU(Jl(eUm`vX`G!rRUnfFfAETzW__#4;GG-KENqH9bN-~WYQzIGxx-BCec7w6Kv%CT4r_r8sd3!xOG-2()QoeaP3T?eKJ~M$3 zGv~uHP^46D{QY%XQ)umiVTsI?xE-!DZKV-FfbpE9ZzxC=?0>6e1A`kOY`X z<+g%NTb69A-R+*X$J6be`5Kef%(UIhwk*qDwq;9gNv0@Ll$eo0gaQgc<(zYT`OWWt zZWUq?1W0=IB`e_7z4x56&ptbc2mhiqflC3RQ!&(ByD~%V@16Gab6>Rj6Fcq5nV;Fu z-U-9k8{M}ZL~CyV(z_zZf$ zz=Utim;H`V5~*M_S+MlDs_Y}Hb9BM3&4jH_sr#(UA6P^=qvR!#&h2N96EIk9Ed@Bn zYRELfn3_UCOH#IT27$1v96YR5&y*F5Q~KicFL7K=BXqwU!{G$N$ezLy)xcGTyTu7g zM`6$$IO>hq+OdRvL1pkd|71N zpctwAXaF9nCe~@Pq5RO3hzwWoju1Q|8)ZC?%+-QG0j2Sv4Wi|2gLbYf z|L3RuIM66zS~`crBnWTC(aE_J3J76&oufbexa;zS7{<~K+^D(w>FMMrqdJF%sSVZi zZlZkXnTte_w^4$Nc}CzR982)edzBo;639b1z>8=QUqI=K8nQ~prYSkLLir7PG-c!X zSE-En^0G}1Qu_B2N^g1EwnJlUnxVbp&?NS6IWb@zG;eNym0%X?J!}8+=uMEAK~Re> zq2A-%4QJ7)w8$c4Oc2O>pz>aU$U2FTPa)d)aUK7O$mD; z^MQ4B_S^sQ7Pvu%aTs{Wg`O6#B124Kib^d6FxY3-dR67JCiEyBRqhr1KkdakIO72V z4zh{L&PKT|_90`@Q*zJ0+d`Hmw16QTeFm?>INTzEsCA>TRyd3Zg%fD3#uNUx_{Il!R{9}O45mUF?}1Ho~OJVW;0YkhX9ecm~af;4qb;gI$r zZ!V*FX5g{;pmshbS69jM%gQGh$5&{rTPbPz?**52qZXU72A42&ubaSwd|*N;e9FqQ z8Z3!EdiA>Fbm!uPFUaV(uecB-rHtetXs;n*(;@8%YeaGByg5-pOY|9u|^y z=eJx8;N=(@k40ZUbNb!`A!oB?7$-q40Oo zOF0i(mR(Fh7{NBPWIA5GG;igPH`@ze*=$eGUMJJ{HT%)~o%W}cs#};P&=8}f+XKOZ z0LHYRpd!lAUE#UXThF!IVV?WpdtLTt_dF-yNhXz1Et^2ivSxa=J+;mLx0hAo565j( zf0MBW`bMSqE<>`SGH5OHl<}ra`-hbC86(gx2%iN7{)b#Dy`(FqfSarD z+URBA$&oB?*+L@agq@5awLAg? zva!LX))0CfttHQDf0U)H9yaUi%aLBqO`=b_yzl(fzxh9_6vOfMP4w|iVZ6R!S2_pn z>>TBlkr71y(loh@MacphX|xONX&j*eD`C%bDP86p)1EIQi;SW-^x6AA9k7d(E{q^^ zB&nQ`T*c#sthj_epX9S55Tp-Kl=_1Smh z;1~7`1s}SMPUgQheYb{(`Q|dGc}^uKC70*rq^!8}hF$JreK>Jv$WW48j&&ZsfYT7U zD+o+)!P5atGV&epyz{>MCbae>>r?IlL5O# zX*lhJpJ0*zGK?~i=O$?FvWk6${lg^d(ZqFx_&A_yy(}@9qq39G3CdiS`Acl;z8Y+b zt^Db3I+2}+1{Ytjd7Kd9e_28Btd4yk6SBDDy3J5YM*A@5_5m6|*?6zV)<>PkkDK7e ze|HXEY)Y7#@47^n*J-o&hld5kU9Y+C9}hd8$G2qbUZcCfv)oV6`~FR20PVaDPvjSE zl!IrCfNt!ad9vway9~r?p-b6TUo~SZ?SuB=87kHEVt?ek5qss)rF&;cfOH01`8ag? z@}(uKd3>wA{OjB7_{e!X^uZhUH}Ce_UvuUY$a5-f?a614e*PS?Xl(H#D&WlHxa#dD zxS%j>`48mlpk-sY zSPUmSHdw(WoXQqFOiKg7IB5;d+tMm>+ z!R#2OZwp>=gfszk{c;S%MbXLOAZ90GiJ*)kbSrX^Rl7_em{rs^3xcYcVDCh4YoC(T!XditT zyd@~ynTg@iN7k*Sf8?cks8rIZt*#VU4SA1ygMfXj4)2i;IxRhb7>iP5OwF)F6Bl>OkS1&ChP!A$`i$Iy+H#x zL!v$bX2LXCqIL1B3~5LM-aollw>!9HVC+PmCvbGA$5cYm8FcE90VPbdP5@s^!=W}|@3gJh94YuIvZD9{MpIJOf%7tD7{~et?M5ecqhZ`h zl(m4{GbwJo%Vl!#UROjK_&FQ~mNH}mI0rf>hHJ9=J8Q+zyhxn@HHS{;avuwHC2tTS z)6CQ1i*N-&ES;c%X>pA!&-d6i<}}h_ZG#wj*z#%W!zQEDs@)W#Mk)-MGnvp{H~{+_khJ=zZ*W@EHJQ5dC*1VuUzDNJ_yd6q4Mh=wBUdlkxs?eEQg^k2q9s%)F+Nm^qb6sk>Ma;x%7|100FILb3tPEPMivZkxwC> z805ma;I&FdP`)i5n4AsyjZCc-N*1X-hu>wB$YIOaoIN?MePn8-h}eP5<5Z^%AC65wL98M`p+h!Ez#KdBHH`!BJoQZ6mJ9t(K1t^VEAgij_ z8V;1(mRgMbJ;T;}17jK)TTZZ(qgeuoz{z`*d8MP10luQ=dbd88^IUKXh;B+;U@q=? z?&S~Qk`!eL|2We0k&HQHPD)`3LZ=)@;5}~tbYS(oXg$u5B^=9L7;t>ioAfzZwsH&s z$;=kZZmp$c?lguPybc&~dWPoggEpOGMNx?c^1R;3>-dFtF=zeCH;=dRw>6;@%@h=3 z@8KIk_){MJ{4(=60mxz-q9>)a(8rc7J(FO14WF~t$$CgWrYAWRXZ zq*Inkp>QJ`EXQ*xm4-@;bv_T}$}eL9&K|da5RG|^)w9Zg$|BQ@y-yQmtASQAWM!b` zA?SSsr)De)-V(X0`qfFAuNIJ!zd-b5#z&+V2sVSlnj)BIX=;plD`Jo}^A7bZU_1Do zJ%xuj`mCQ)ESPB!Tvuay2N(8Ak@T6gGMC3}V!qDW2eWK5Wd)yj@daz$J83=$x1R#I$8#uO*?+Wd%-`y_8kYB=AuclRb0?}MpjiZeL%sNB^(8~NT8cUwxNtf38so8w9Dw`Ip_snZ~RX? zi`(Ga+1(>=h)SC_9cK)IVzNS7vR2NX|5}ggcYso5%`rZkXD z9Hr}kx&==;SA@WyDLglr|M~{qp27wu|{eF4Mr}IsqK>;I0DG?t%+_OU8Q$Mxe}=2NzzT`K`~9Umxw_LD69NSri#G z$y}vh1Tn<-fgA|)4b&a74xT7KOw%O?|gY4HXnn0xKbD?Rr9rD^)ikR4b> z={}sMxt!Ms>t45+3tm3xelWWTXU!HXBT#66`MhP3x%xrpvbFUJUqrKn&-brhy%L3h zc?27k);3tF6k?gsMNMT|77D;Oe(&Q&kb-Otq6&RY0bN1L6$mas15 z@&z0h8RVzhtzjB;`)mQai-v`$MBjzXu+1-2TW4R$nse!MMK7nC{qwem3MQ*$>*f$K zUb#ZQObpfMuTCPvfwvgrRSh9TP*5ZaTzXTEzAVz%{64tA2gbVltP{BOBkxE8*$8)T z0sUit(MEcFEJj9j3fe0tQxIo_AHD6f!WT_LK`}|ngewqA{A8kcfIy-P*mh96@ilpBudExr02nxt?B$tufnse$pXp7gf@TAt$H@5=iOhF9&fPnNc#9p8yCam#k$t zI4buLixj<-43{JTILR0a=+3F8Y6;HaWqLNNrNT13rzR&UyEqHI#_{3g5FAws>bpx0 zal}`v`lxFS8PWSO8)JhY=q`sI(HM_=p;u#L?4y&fc>b<;dCz6Y<{@m{%E-#x3tie? zO(g&I%k+6oVlVJ9XJA91O2dw@>wUcpUyzg`NZ)#$ev$ISrSGr`Sd5_M-Er$acgF_b z9(03V$lqma3Q=K5!Pk)}l@Nd{q7txW-}q12f@$O=*$kz3MhW-}Vt-)i-b9^1kDe;~ z7jnpovf02TU7{N*HRj|H;162>zu12kDczv={29tP_FB9vhw4MnweT(s#x3>-Eo6<& zQ(g}KaE;8q%l)!z$}XlkJ=&%Hmt5|x551Iiz`~fE&XsgqkDexE=g`LwdOd@G9GZHL zHe`>7H_~N7FY2(faU)ZY@1O_zLAtGClP{w5R0dN4mJ*$!*BjAslpBtHUHyCIlW6n0seF6KIlA1zn&uqyXSPjH64U*Zzu2v8k&=u zqOUyssF_>n0eTfVqK97gN&-+jodC9_u<&JtY_bUtF42wPLSXd}*_xdMN{`a#($P^3 z%l4)?-_aHInT2PNm>_+~OY(t7aaO#HJ9?U9>rwXpA{nPW4lZ2|F2xc22-$nBiB=i^ z(@rXstieT@=2!25i=&t8D87V094V`-(PHcCrSA!4rS=^zwJrH6dk(lL>mdwWx-VR}AO8rr zoEowzlHaVj$N5tS6;QZLPf@P)>>w*iD*h1So2t$jQgQKabiWV z!udLcJcoDPM>(xf5fS1<`Y1{!8zb^0{d;EVkra$juN{R_1`QY8#j{CD#2Lz}h>s6L zm@5H?unORW_Q+8PEohiQzGN)cnCo-V!FAK(#yd{QvC7fF0wEG~CdgS*2_Qc3l#O**e)5+;;7M=a9D3{5&+w8n6#|KXNIL!XGd522*cpVY z;`(OWa`a_8dU%I@^YaC^B{GcB?k)Sp2Q)yZS?;W|hEfIK9S#_k(nH!x#VQcWff0sw zIYr&R$${j~3{(Oq072{A!};a&6{4hKxkNyLzdjtaVH_rDYP_!y6_`OO$gLzwrUaq0 zj|vM5^g-abA%4){mOYliA49hvrC}ALx{pZSKwi0pNxcuq`6MyV0~_z=7mSuc$~*-r z2kFOY9>NG#KvmXU3?3@ImLwB46pCWl#j%PrDnZ{bTqQ(Ok=<5`vm51uWH3w2%25dp z(6hz|O%G!T%%_e}jxrx9Ll~c@UtVGheV*urMC0Gw5IvZ1Y-%pcO9--@&tRqs6e2p1 zNS8E063%hOjC~jY({XT$bnhY>&OY%N4k?E2+lqJ20E;t4v-IwQ~uw>Gy> z;EK>HrPVo?xXT&)z*ombMfZd^Iu9}?O0ja+I+yhRrE{mOtMzh$4B${+=iZfkWL)(- zTA}=JZ|6^~uPb4{d_8JK^}DU%@UPnw;LGoSE^IZyUYqQE+kX1)4f+I3kuerq<7E=y zys>m1-KC!z=hlDRAi)j=9=|?+gTGViC7xWRe;o=I3QH^souYJ;b8dNWao@GodYz0Q z%Cb%K>`DnngK1tj5AC6`kiP&p;|QChADLrp;TZPFKQNZ$-@v`LPpnW zh&9l6O+sP_Jk$bR@PH#uS}XqpAO$r5DHfui{KujkzZ2c&N})KfB<5^BH%gZ$=0!As=I{H#kZVu6CMGh}AYJ*us6~8@T|NJ-oIJe27WeAl zN*>~mn!6Ae*mHhV%U=EOn4J4qG)%v{;43MZ-0eh2(aZ#JSphD+L-xJ@N|SQ>Ry`72 z9%6R)-@<$aJjoNxH6RbR;0dleo_YTRkMIfaVXZ3by+|3mDAD7kl=v%|p@+e1|7h3G z_u7wd1~6tS$b#NW7`UrSsJH-MmUx!{Chp=N;wf45wkm0+ztQGm+h#pBKG_XjPgvU! zbWoWaLWK=3IpyRWD#Q4EluWCwS>smS@%Pq#a=?CYJ!Dh!q5GHn;nDpSATZN zuJ&)}Q_$L>Ez@FDoT{(d9A3K& zO%4*g;SWyQ1+vJ0@+*2g-=yp^d*>%p);R&8FKG-(H`)j6yMha)c2^$&m;30;BX6J{ z@XnF+$`G_HsK_Pu>9aXUcTY(2vLBk_N@g=mDn4VQZEsN~?UKDu2Fg=kZMARx@eT_$ zF545;mn?|9agx3jN%5e&p2K1MkOZaqs%q|NFi0RDjrM+plcodhMKncije;v)bW9}NQC!!N-(Xn16qvPg-^>y(c#v*~9mEmKKvTq>B9l0~zvj%M{Y zDF^oJA-ag4Lqp#bS_qq4|_NNc}P4}+D(b;tPcNS&yBG9ie;}N2VO(2K<&?!pk z6D-H)Vu{}M=;L`%m)?L}r}CcYYO4fZEYr&?MrlrbTJDxxL-0=|dH11@V86PqGF*N1p!(((`&M(EEkRo}!~5CG?YCkTQGy5qHP*Db#=i1wfdxCR**kyzGdtZm zMeiYcam`U$GFW5Je|xL_*4A2E7QO&a?~DOg_5ll{t6q`A28OjrE~j^3e+zK-71*dA zqtg>9f>`woe_wxryZd9l2{?=+JCiRtN7mPz-8kK4-~ID8>rt>PPH~k`^gyf47T2~?SZ5scP~GM4m#jk!@rhXe*bvFmrp+) zv-TFw_cYEQALaBCRDZg5vdg~r7gw!k8hDEC-UCks+(}n>He6q3GbiYXT%NQlf(si6dTy>q z-yWT{ljpIi66B*QWpa4AzJ}=jf=k=`o%X%I1TM7XiIZ`P>G>`^yTy+PG?ysL7hEXOEV$g|&|81q|A3!&a@P%phmpx>gApP`9q#;c`bCs3T5+`9&b~u*9vL@L z42l^d7(zjMM|2I^+t-LJn8m`t$#6jm2SVXWfKT*gq7Mj3T=G^u%-U0iJi zz-4RcJUyS<5hQ8!NV8-ImmqM#;WtQ1^4r(OtYdl|F2Z_^C&MsGAkn=VZHs zt}=~%(<>OuW0bU8q*gN#lbEb*Xqg(-)C!#=wO>RgT#(H(VrWD?VRTK<2o=goDr+A2 zQbE5b3=23Fmx=tCj}!eIopz=00**kD*1AfhezMH0q|tJj>gK|?tuJ%k&X4kbO11f% z!Hi?+m=yc&9BnWVJm!8m)nJ6dT#V}Zl#8e=v0aoME67j_yXT5c(EDbDddmx(kr+fq zOB6vAo=M2`1Wk7JLEG+N1B`H9g~0C;9DxO7rA5ic7#$$GZw$dXn<(9uTB~YlvP$+b zhjLx0$ZIA72lj{jrv2axW|knmHkn^+Dasy&vxpYXTe5=mFb#+05Y>6%mF{4}@TDwZ zO!Tr0Ha-^*Hv!=R&y&Itj!+YssMFm$3+TnRWTWl$+Zn_0L*J5^oHpM75BJ)8?qU@8 ziRXOaEFoNlC=Z$yAu^EYt1$iQVlkS1M#YFcfktI|kTD%pU8EEOX$FH8oEt|u5fvN~ zoyQo)bw`(Elp^{|(Wv5DI=!lK9$j8_Y-iCXtKPIk zU!6$|70@BjFwNXXrs;b@meHOqWD`xLQR*0ntb>4rL^4>?^Z?Nnq3o09u`)G8#$%=B zRnhbo+SXFmP2}pREzYRdAf;&h@Q;cHYu#bil*PMF(m!aPy~P0zU*)_Z&ld*eAF z7*dW1=!$|e6oJi@`J2|mK0yQ1yf+k~^aUj$8|6@E4=+%Y`^LyTQH{VCB~(h2@LPs3 zp}8i9EfLYN|yObwvOCln=0sk|uVB{MiBNXg{hap3l@g<}(z z6K%9Z^**At2|}o%KS&OIjdG45XsFCQyox%=WoI@U%I=KKxev-LGE9v2cnFWVm&@LSDc3I zw-jFWgYuTfJ~;=fv{?^d9dqG+Ic_s<-u&b|%5j>CVLV562qp7bF9renX2r?aTBPTa z;}7vU! zsi>j9N*!k+PA&cJn?$P3+W@6sqB!2g=0D*u_f5*lA9ua%_CM~HO~4TF`WC%LUi1-s z;xc(9)F7P3$l_a(9LYbW(29q7^a6?p93_83;N5eo%`Q4Gz8^;(y!{-!0h*~g<1z6~ z6uV>r@^BetA9Cj@sZG@0FsbNr6aohi5-2l7c?BuA>39U#tgIXHzaV`#v+12tLFUcA zddhAB&(R*ilOBU0-fei^Uf->GlEvb!Pc#>~mAS7-ZdD{9yh3AbxIR6n^@&ajF37*@ z&#A{MYjC3KdoHgC>);=pAVuPn#*fpEER(1-g# zuoUI?Qx-IwU1F7_IPcm)(1kLeul3sK)Ur*Gd8;T(EyAtC(Qas>9Klo|@DZ6VxFn!C zDQHv%V~BV>6;Ro4rj1;XpvuBLjT@GBY$E!;n&1l}+{xY_>mIeyVPsdM98wJqEzZa8 z68eu$Q;KyUW;cfsRTYFHgADv6r>N8#_N%uQGR0sU`dhd4(Q{;)rt+?z#QGfXS-zI( z@P_@(fgXf-XMBdzE~ChyQ^>e6!$61e0u?R;gtTym$I|sGs2fLhc7v$3s#pyKjqkn4c&t;;?sU~GRdFX z3uR^~!y*aJr=gpU?k744LMx=VA$?&cYVE0}xb3Z`&ssyNm50V`ioF$gOe%{PT5#uc zNlJ*P=!uY+thM80Ywg)oYBlb;QJaFt`f!#-&KU}rIdoB?cFJ}( zS#?t#;{@R`7<)M5>2N;5LiFmOZ(?)NxcMfg?2Qkh^T>oTjF^7tye~t^?{mHMk)E~z z0(w#<7~9ZIMPE{hO5j3iU&;j6=FS3_Q5)U}E}}2g{}x<;s)ygVLI2Rd-8x5wvFa(OsRsiA^g+g5_kK=byC!!hff5EWI$fc2Stwm%hIqwF6y zPxOiV=Lv6-WtPJ(r?%v@jp50fB7!I7g@9)sCHqPRm$hu9N1e5kzj-K0fI>9cXY=$C z8jfut`zTCs^{O?Lk>Mlxg}$_H;B+??0*JM7=RL-GPbI?hRI^A!b zZ;GX?UD69Q);bMy<8CzgUE?8_BJca@W9!BP`I1f!@#G1O=Y!XZ-)1OaGTJv;5G6k=BZ6|hWyMs>z(Ke`Aml*zkc}_W zm$tanN_Rn*8f&c_hn|zCd5q(`cCiTLYgL8_hjMuj!N)n+J1CvKifutb2d*j;dYqFB zHe4Sv1aw^ROn`$<4nc0F+aY@iy#+rdv&810w}C>-)Hhni_=>gW(W`2j3L8}Q@S#^k zC>L8)QE9uj`mBQTn+xCsMY{oU_hhu1wnH4na$$PJRq(?QDK*Oglywz&#) z&1v|AGI5J>6shO@p`#VnKtNd^86A4R+XwiVho5WsLN=n4>-cN(4tT0xwJXOe-X~QE zyjHfVw>}K<2zx2kN23t8zE!QSDP!B~DcN2-#`?x>5&1&+l7&sItO$LCp!4|&9ADid zHnBv%Y-MuqXtt^bWPEh8Bs5yr`cd%C0rC+v+U+yFfL6Ijfr)vPO)dkLdp6NKXe4gE z^rTvt6P=bF4EhQVyYmp_S$F=t^+ln-tKf^)C%hKEB-t;~i6lYXDP*Pmk}>GSl=agm zd1eMWp=mif!85{9^ynbv?2^cFar&*LsdABKE_qZ;p=i6*qeOaQN|ZtA{5j zb8}tick6^N=z~yh2|TyT>gr2v_a;hV&!gw|c3R)$stqY%lksJT__UYKqs9y8k$FvN z#Jai?+fz-S*g3MIdOEBRd;Z7*cAQT-oUzm?G{dwNU8nj1KOwG&p%`CCGFcjp4QNWT+YRH>(-0efpTdkS1e zdb@xNmDKLohui!}Ht!7mqjJe2++vv=zctjvtQFeWn5JwY_;Uq0yFUtF)v{%i5kE?U zXT{)f@rVZ(>~tH!C7`TIf*4d9TJsd{+`8`i$E{EA`bD>>!i&nArr& zda1(ZinkzeM=+YT*-D?^-kv1&7=uYpQ45M$6NZ_zHDl1Zh|o7Sg?$g@2Yu=8&3qU* zIct>|BZ@YR*bi}4DY<|MHD8LLQ6xr~&tj}sgwP+PW@jNy94o0wS-(irxE}l7Kb^M^ z&cl2j1Q+JxdL~H;f^aE9%}>TcNP;S3$q1@m7@_s?+=3ov5sz?>;{w8Xj~%Qtg?o`q zhtUsg^ivrDX}&7!YwR1}de+r2KKkG4W$kj#y3h$ zQtNgM#XXyz9|bsQia`2RB%c(52wDPj(ZSGInwBt1_@IB>ap~Umi(g&DI{#k3PbjA) zfr>m0GedLmhla)Kt%L9%L7+JNYlrRWr#4$_DfL=MiEz=`f6z-e`kVGv`$CD1 z1ijK$QI2N<4OU4nq9+bj;S9v^d_8DW7+c-eX$!T{e0dQ`9)sEF)erNT6l5u`0gSzo z+(xV4wavcuokpvsq2{^o5*0zV&ATARy5Y`4%!hgNN8Ka1BSc{=Pm=u;4Cc|$l%}nf z)by5vN6rKpd)B%wQx>VuW89zDe{3C$8Wa%4o!nY<|}kX$pI8kbne?I0bbF=@qq| zfQ5urz_>qv7K~_LapWi~BZO5hKnA3<>B#{g6y(?i`9(F$onXSya74E}&*7lo`4Y{P z!vW@*0O_4^j?Z1@jLs5~VQCy}2@Edtz2^xgXtc@fKCR&f2Gl-XgfbM`>0mAt?-1s9*2|=r^7|Kbed^G-A)G25gvz z9OF8}36v!o!BKCxzzT}#4MeG-Bz-YP7glV9k~=XBQA}T+JGb{9hG@6=je5ypN*}7P z*eXuGY!t5InhGl+iZq1dB7xznP~LC60rLnFX_afm&~q!hm`LdqXDF2>qmw;?)xfjB z3Gjj#P3+o498#iF86#<6ta6EJqU%GU2!^Uz8+5zxm)16Y*}85Xv6Fk7?cbd!V+%IX zI}v;#(?|}G1Q|whNXQ(=A{^Wu?A?LUis1iH2j_Ul!D2LBPti>s>nams#71k=???H?uW2rx(>tod;uVZwFmR&U9Gk6vsF-9kz7_yl_>MGgc^ z0UH;|CmyJ?1-%eoNe8_(sqt+Jg;C1C6gk{+!VKn%ft+`cnhM|G+=k&poGsr9xJXg% zI6*xr&RdWO|2Vy&{8oeFRZk#HrB!0oJ=#DiOKMer@4ul~cP`l?ecDz-3uLHGaQq@< zIMtcI5+gQ787xYa8$f1&*Q%Ulb`ilooA%n?!>#s*FK@Q0m8*8;)dBnExltQm%0;kb z9jqacRcN`ztyW%LZinioEjm18fBF3jc996>C6op)UO+Tbavf_UTTNn}1l?89>(z3b zp}Zg}sy$hM$&zCP?GS*Jq<(o`S*umn)!W{Ngq6-O+8N3{O;D24bFd1KkA67?i?bDE z-bHnLtd)`mfBX`T=EduF?$vSo#rYYVpe&92`);p3*)Wejv0G0tAn5L*B<1+izJnCX z_!O;H1a$zJZe6ZR^SLfJO^08i^T;U5%D&?{$%MC_L!nM{_GBbXV(>JaBE-Vbr?1g! z>&%`$QUQJ}+GGd)0@RN~B9Croe9=fxHuLzV%hCj%A^N!$)$g-iPwlk-^iqwL&9~e6 zSI6v)^RqUFJaZeKYwKe^x8|ue$)Ke7ug{ZpE2}y!WcjG|@tlJTlasRP)_3bU2NCz| zqkQxBoM(|kqm$4HqWGu7l=!Mo+cSrOi!C|0ED0{+C0y(Bs>gFbojf55D8?nnRaX91 zYo;dFzx{2RdXIJ6>AxJe4_4=G7RQw00z@m^rF|EFhc1H{4iKhL8}$jA7_=dVZYVjtN- zB1`ad8R^Q(D(vxnmDUs(wC+<~cKKQ#&JlDGDmXZtS)1bhKeRvaT}txAaXu~33vgvN zh&_lPCW0ZBoeaY(MEbdIom(8FMGgCG&+(o1pP#R`!s#n^_EoAfoF~hao{6wl_JapL z+4j4!9_h7g-CP+#k>TSQ2$m?hosB%0m7h;`ae+n1x+veX*`EB`<96aG8Fab**3UTz%0Lmq z09LZgs>lvLg7I*i%&EWq^9y94ux|ts%D*j{-$m?m7KtikP0Sbi5<^y7UfgQ4k*)OR zjM;OKmqEu?$-JhI99hyE!i9Hzsx5>jiI4^Y`8eaY*^a}=9lup$fxa7d>bqn1ess}h z6YxF>iyo>9?2ml8S#l5+UG4ffi+1x$4KF8usD!gsUP+)1y<>oR2!qTj2B{Usb(Ld8 zzrg{H{D#j}RIfdUF=rL$?h1}aVTgl``vv$hzHAHP2^>ql)@i2BK6h$9l7IOM5oDB8 z3U4pWv5NR8#>5HhBU@=0o`>k??se~eWJr9>1Db|tJ3K7}jsB>4>MdH&1L0XwVHH)m zR)lWp7hHfRmE#>;K4umh{CRD)^t{R7d|i&$S?_oe`bwcS?^v~Ml-8>u6QqMuo`V>p z7n!@t?Wg4+0{ao_d^stgJo^p9C!Pire-A7OHnZ&k{)-R|NT0RE4c{mH^KM>_Z5m zUN*P~7C}?|$Ac&13!aiEkl!7o!Bw|DjHb?s?oF2IORkb*B7VYW!i{@Ke zuyc#>;6R1tSM5SxsIvVH7?R1x>zhg0G_hsc3(f61y4EfB!YhaD#NHr|EBef7KY7#z3J7N$etPg!_J&Hi--4&))-`xKSxG|*Kkr%} z&7^oDfvsxnvews2tB_sR&H8@-CHNz{WjUxlj$Wj8FEI?@i?kGwz18utA_5g~&Q~9x z518=fNR~B)d+Dn#e7V=Y1YF&GJ==$zX*m@*yjokWwyA=E+!cCkFVnInZL?H%$7!iKDs1e+=-w0>@U5@9DYW}ZS>MFY__Y{ z+Rp5>zRwle?>&dkg`K9Hxz2-YXjXUc!`4G~?1dfnAD<++zLWlf?8CoY_Vz)&g1vpv zE^=W<&IDJniEo7;mAF8o9Xq48vn*;=WPY7rAUFsePML&K$!b%i`#X3h=j6mSupWN)Ck?i}$`=SY;o@iESplM(Qfq><77wJy(+|50xj!ZBgo z)Oe8lZIPyb9aF8Ash~#o6G7Xw1z1~)njxjCF7>PBtjGuLK(!u?LJI3t)3|JeKs)=v{y+l-&bE`O^+Y9hUQk= zGYjD(qBmH$$;t~U-_m>4ZjSWZsm>Yukm%55qJfKb`YCG_~yr z{g%kH;%Xukk8QFV3^@_{R&A~?u>;kWR-lZse?wIG&Jn!4bJjgRWtZsrFgSsy-}-G~ z#s^$>SYv6k?Rzq4HCyLtx<+I*UotcYF>-|{Rkt_;!d~sRq2U!9UnwTC+8eKSZM;T2 zy89U~pBkXyU(49GU3ZLkX@n?Rln_PT5$&R;mf0AQRY#ZCb9v~io*62ul|?Pz92qD@ zlqLAyxAyf9^cU~h^-uIupEzR+`>+4hv&k9x@@VK=-fWxdH(3MCGyB7F8o4i`XcHx@ zNHi%vLSxN?y%gXvu^_B0;Y=wYV@-|fF^ocN!ivttpp2Y@!ITj(SVN(}mG#-K&24>( z>mO@^Yu9>oo(`ik#AxQ=t;$GB87RPMmLR&qGpuNCQi>GC<9Uu(@phL`;&K0T+pMaB z=xr3jZCguiFA72y_k8uMFWQmaEfx#RTmSf^ooS<2*{JrR%u4GTZ2uD#R$Ez&Qj=@- zn=079P4vZL|33e$?bx~5rpe&yp$XrGb_~@t!%LEdF+Db7Z@k`VQ`CGu*z$}$wP}Y1 z57R_&mT2}MY0@~#(quUd4vyOC3nQeRE@Hf3+7OAf${V7Ldgq9Ujk>U5y0hi7eCxmy zAH%4*N-b_z&IJQW8Y8=+`tTWB77ABT(ImVI@r3VO?2{jS$`U?dR0$)nU?Sn;G4%Ng z=1i)0{bt*7;yKRyPTRJK$Pp$AwA!r6PnHTLWtNCY6O)0&d4v#xs8sqi2T#U2J_H{_ zmV?1oCFDZvPfGiPku?XWLT(tPFi5Go@mzcJmqgCB=Gp#T$LxiMRx2K$=^%!t0M7;J zQ{+!j#)DMc4=;_|Fn!D9tWlPPt_{$`eg5EY5>iCF*!%oKqMm>$#^?c>nHF%c81_?N zoLHa@)O{Ga14K$Mm)g}1gt5A6Ykm4z+uZt?wPGNgU7|c6eT4dlC++8(AWLedSKKhX#LqW0$sW^X2WCPC(fc$qMY^| ztF_uH3|i2|AcCU$;w32Gm%vzAj`4hT3-&}N8iOF&DE_soqBTiaWGmbJUo9((K% z*)Ut}JM^X-q90S347(tP8UJ#R^$lV~Xk(tUBQU9`4UZPtKYloEyEf(9o~K{1#+JwI z$#DcnA9a4qc3X87xOTnUu6K4&7JxoI3;Ezc(jo};MOj2Csic@_20~?o6zQBexB=|4 zz@IciJ;8Vufj&eOA&A343^WHCzoIf3qP5_$44^^iUPyEoM{x#Yet>7g?62%`5Mdi1 zD6pTMU$rA!s%_`9$LtlN0qX|_ZJrWxW#tGCrD0pWa)BoG*C-d1#xPI>?GhdJvY#S& zfU=ltLV?<6Bns2h7JH`?8imt(7AN18p0I7NEwt7nhpnk)o9(CJ`_j@P^lH?)2gdEK zOZ4lSA=(Wgr(z2cgU4_j6m!O?0lsBhneC_~^Pq@c6~F$1?L0#Cc6!!2z_W{2Cv0>= zjw?#UHEg%XFxXY%una_5FV4iE`eUF-#>nU>1sE~6|45qyG_ zamDS#`^Fsg%oh>%=J3#iaEAh%xif*(RWx6)w5PGWGs)=-0xyvn^D{WsDgtIu` z{J+LN9NKR47*Klpm+i{cH04ByMx?jl)Nrj`8`@`8IaPM>%O%!C^xiU&-cjgZf-K%F zU|g6*83HoZuU-7m2BwJ20^gGufj}fDaEG#rtgwts@P>fp&6nD25s`j4w?g3B8jEy1 zd3CPOW~Y31V|u%l)0F%1XCv0KkIY1XlMwHRKLlB45E?x>Ht zpU;t{N>t#!XP>jCeFts-ywBz^9EFS2gM%Hvdcm%upr7nrBI=o*gzzAT7N3BwN*ooR zS1c8NSZFg2|KbAXU22VF%Wf*63@H2R4CQO*=u;DKybQ>h;9bS_A7wDY;GV!Z>E$+*&!=dWdXNNZ+#h} zMSW@3w}p8gC3?EBgxdeCPxC~kH+W9um7wh%8AnEEo~-XO~vhOY75f7~X&L z&gUk0ZrnzYvxF=PfXYVk_u-TYYcB+I2YgLV@-=@)zR=%8(4G(_FwMqnRB-u4ogHY5 z0N1DOi!BGOVgL@es&lXo7b0kJ5DP97YjBZ0TyK8lOZdQlo{=|~jDljTBa$;0IjIL; zn+Hv~C3o@iH08vldz962PWNqrZV{M(r?GiEz2-I()PghH_rwcUxOLphh_b!jK5pIT zs5~*cXp1%ieap31Un{bfim=r^@r-?8&#LWMg7g#;AzFvLK)=7PcduF7WqNo~5n&eH z!B5t0n5@p+l5O-tskR9}Z#s&!dD;4md8_t&%a)hg1q$ zh5|LF4?^q1=q|Y^A2}GTec;Q;z<~Yyje0wI=Z4WEC~b_sobgc+g2>~cv25F#*J1}=df96B&DlOOc?0l^`r@e7 z2k7@pZ?k3fPSAOPkFL&PAe#)@_336J$8+uYOWC#?2j~)XKDkckF~|jiahn+#v;M2S z;2E+V4wC-9e*4)QG^Vf5vE5HRZ(rK6Y*qdA&|)vw;gTjmrmqM3as~c1PsSFo|HS9W zogy7__$@+T9#P2koTFfD%(`fzo~I0o2cy~pu#hvVKt#p}!8dZsYLWR%?C@rsDZnhQ zY$18Bbe75N4HS?mP>{5_lV@$9{idBBTCp3P%H?P_Z{a7L(XfPy8*rE+}j@ykhR0Eh=fgckzNq@_l zeLHyuJ)-}LP4^AhFjZRS;r(F#1J=x9+~rOK^b)>_u9)FGNEefo_EArZ_U4sI_jrPN z?y^|p2J^f*V%N_M*@#MU*Ee7rC?#+Wc(PXxo(|rEC#5WbXDxPvnfK1vz>O|DJrc7{ zRf3St@BP0v*GKpvy8)8r9C+8!pTu5NVJBWj-p+K<|MUXU`xkPXr=*xLu!e}^U-QDnM%GQr960n30E|`Qca>`kp zL%?4M+U4N44(3}^_dZC&H>Jnbw;-1vq33y430ckPNC(Sp2Rt;^LRQkZvTXk}W27lb z#&}oSCT#}UJ;iwImybx-#pua^P7w}UwD)r zdz)<-9lo)6haLIC7p(U1yd7k3BV+|P6yQV*kO>8kRuv)bglBxze&8hXjnOx>*4jF# z>X1bV+An|Jnx2Zm;ykf#<_T)^?AviCBb0eEf2dx4BB67(3hHDp)lR4AkGiu)lNdvibfHz!ad z;!$N|d8z|?9k%zn2~;TCV_*Juo*kj5`4B+>`6Y$cusBShW|l=82ow=N6rlrOEQK9w z2mDCzq-sYtwz_?XJ$SCRMlAQ+xprXoHay$tgE&R7ig9m4YnAOfM0OPG%Tj-?d)C*O zKj*EFlD1l39HV}~M>UqkMjM&HZbneW<6lfz?U6-0vI?(8*Q}@F&L*Tp<`!g@w zS9e9NVTeFNYyvv_0q8`EiXWXf$LtbtnWhBrGI-X5)8W1DD)wQoedXKvb_CnmFj>R} zB{;9YGfviMEXEKdG-`R&e0X(sr zwmkPa``VtUZ3dpvJK?!9h4Xv@y_l8+*ksk~ezbcGx^&YD4~1;o;p29^5qsHAZ1CuU zm{G7TyU?{n$xQ+|BSp4lXBE0OeOR$6Wsz{;0+6v+#IR##a?5NB)fk2@ z^jr50@Do`!q4Otjt(|W_@L1o6hD`+|AFvMv>;rZn2aWY@TL-cD5miQ}XQ*<}pR)b5 zRyzLqJmm44wlwykEs>3y;N70B9Qx;5CJ1MQ;9%hLi!$3^QEDyEf6l(XCuUm&7aaE< zo`H`m({}SF^o%~T6AK8`$Q~|0UH%S&&a$A-qR|^8g*Q=EKnn!0Bksihb+Fn>KLReB zb7m=T+HXDZ_cVVMu#JUfN~O2)tt4zjUM1j)ZUWAB~5X}_BA z+t{+w-8}ES4EHIFoJri+@?_tOTi%THodqb9Ay#U|Wi9sHSDvurN9(K#0-O&LE7C($ zqUuWxL^jV@DB5M0&b8a04pBy`9|PdZ485GpE)E`}!R=0a={Fvu92Al2Qqmmvfz-mV z1A@&<%`Imk`{ZG@t)pbylTetFpSN``2NKw*;wa_eYx zoun~6jqAt8ERBU-%79PO9)>POhv_+2UmYPY<6wx=1<#4$tO(=42oOFRA_7KUTQx^k zJcVBep2<2H)|fTGM)yh0V&m{PDO`!%4l$DXf_^NVwBAjvq=wAH>83jgU zP|Pn_PIDsy%#%a}HCY|FSd4+%Poq4Zw#{F8k-&M%XOTvE{?s|^@48{_(=>JU)mzzP zd+aOU!0|+*+=A(4%aW6bwX*eA{rod9v;#y*4%@j4Z4j$>Y-(r{3Y!LB`t9w%f7eDI z-)42+IYIP5p>1ECvn&`#b`oWY#;a-S9-sc;yp42Xs2!YkN|q1i9H+)>B05i*5y~U1 z$hlEwRX%=VET1Kuc8X|*CBYl~uII`}AO~-L*o$)lo+LT;RVzbMdIq@xce@ zAqNolu?8HPsQ_6&a|L#h?0|?L!^43S)>0m}r_~b=VJ0|q&fYxLX6>wPdRS+V=;^9f zd+}?>?AU&UL*S7o0ZwNMLv+no8=(`^lp5`{vnSi^zxGYrWS?jxP zpFI1bJ^zIQdy#Auo$nwD*I@f~JNcu__RcA4T6a?hq7WxP#(3eP%8I5rk1DGtXHA?a zt0c@N13dsmoggQrKMrv~_N5Fadj{UcIWvl2*EWeRs$7IC8Nml>;WE#QKSkkV`geqT zMu!&dt=AEppDwo6&o|qX6$k7H#$%u8bZL~*XjkkPfAx-?`mo2YFNeuyB1Rec`vM9V#|+HglZMhZoK zq3GiUku$_S@75sdw04$6qi{4%QKsX{RUCX-1$J!LF55|lQj$!}I6W(tdN14SC)@4P z2<4(EMUWzFy|}8tKL3s5_V{DQ>K{W4D7!)#G4QN3vTP$)+w7emoTag7pN-8Dm6YOz?3J?1 zGOSl+G34%142n}QfC(p^)wmtzyLb^WLoigIfF&GP9V4eLoZe{%pFU!Tc2(GS_R;@O zbQ_!rEDV}|@SMH&K|76oF_=u!$B7_`k&d*z{aU%rks-44ORe@4S&NTP!E>~K#R>^EL!OAzX(Ah!;k&N90CSM8 zn~GDa5KRX8Zbg4q9~%=jaakCBRyJly&Yof63m#0rCz?_Nh6_BwWwf zF9O9jeQcZkug^Vg$0>1m9HN<_9(e#`aR0^2b_zbH``?`k*c_$XH0~N}2VjqQ=|R4f zdABk#jV*&RS+gjsIKKn*fXvDzD8^6vku2oeug~g&?zl42L_$j85RSOZn+|B9fAgKd zk3a&)Z{05Y!YfDZ(2fc#TZUeXfGGl^w8H9sV=MG?!ZJ%8_U_wPY_WUVrf{xiLV9ku zec?BGZhQI1Ja^TWy5?+tjE3@AaRR)Me}4d-I=;hp{MM6pu)Y9;5io)7r2%*-IZ5^* zJMIkoa^yRb?oHi&XKy$U3I6Uw=8(+or$l!k3j_MV4g1wUgrW00to1jK+rheg zJIH*MN$z-mK>q6bGG(9 zY;XObz?N9w;a8rsowYQvX5X?ROOPR)ac|Ib_`kQ?$(tBtkh6`FCE}4`%5)VqZKYxb z!Fg%)tjS)x*qyR#BVn?Fpbe1d2VZOJ08VliDPtFs&hHLc?t9dW%4bbvYAzG>H;<8J%XHy^kC z1iY0|#xaX`O5+I7AJ0dhL1jKptw5dfKr;Ox<(WmXnJvH{t|8UsKh;&9g0~#JJ2=IO*Tl3}zXYCzy zyLVPc$wWZU?h4zRe~-cWxgECqm8b1-GKr4df(slJxTNPh?9Df>*i0wo(J7y@D$DMt zI6+_*b7Aj@P>7KtJVRN$AbRs6XI$sVqf7Up+CzQdIi{4sgi)|zukC)a+5YeaG7rnL zh>{lX_fCFL`^P?Xq4%BqhhN&;SBC6^8O~8L(c*P`ZQoPP_D6b-p32e}Zaqg3mJfOB z)^pd!?c_|r7BJ#FVHVj#eA<^&X}Mb~F`NZ#+cBgK$*Wx9Y#ad?@=yQtL;E2u23Cg& zdPROMsv=0_aFgpbI)0_wdfJC5bK}AEO6$=b`eGc;MG~P|`krKJPeS8Q_gv0~ zqA+{Sv$@K)P}aL;gL$6%(P{hPRr+NRAmk@=clQb4@;vJzDEVHvAQ)NK2f*_O!1LOK zoy7RP94B~-rR(dHT&jq})3!1fLpGeGuN47JhZ`(sc*0H-;5b151p+gBi6sM2_^1>> zM=czK?e@msk)cf_{hr@=)}E-K!o(8%f&WCR!--KGG#&Q(&%x^s%7ej=qBwTcLrA40 zRlQH|lI z{rt5nHrGMcI{{o#*;Ljp;jP;f*?y4CrAvEz>fLZ_yrjmX9Ne}Cjn{H(yw`r_jkgHi z$8hq`^^FlY^#MJ3_t}9L58BQH`L_Qs!MFrfKrV26bXlVBoPGbzlwIm2$O$8*k6@8m z9B(%}%qm;A+LJGDvg7cZWzOr|%|V;Ga>HT+S=LisVgtYocE}vHZ@?fxWeD8)W24n} z_RON?AE>dXp0BqP`C0Z74*QVC>pg3K{bs^0_jzUg0=`OXATaXReg}BM_e$@CC$w+N z@3ascJ!*-WoAxT}o9!gXergImaLIZu6W~tY^OYyJ*i+BFWKR}m*>jwG(OoPV*75FX z``{nJ&+FrM8vI;|kvT@7ou9KJJ4O-()Z-%_-1QyK15a7EqhQ zcMjVw=2^A~9D%d650!b(;PmKt_mrLd$E$X}9oe5?%>;YC2ASIfJm5DkKoC4k%y0(g zt+zej-Ynm4&mU;EuYQxvYl7AmfMeh3Ym9}%c%{&m%9?D5Jy3t?RDvoSnrF*?``Ygw zww)N~g`Zi%Pe78v5xnJhw*$`+i%;LQfBBb-HhXg#+bsdh0ZOR3=MLE}_mQL<#AwCia5SnWX;XB*800!2~s6VfWJg?aWrSf?bHu@?8kq0(#~Kr?ZfF6M@I>z zXmhi^zG^CS+_S!>-}CTA>-))1FWW4El1n}+b-)t`+K~^{kNf5Aw&&|F+HvUpQ`kQh zm@oTk1U!p_XFvVPWitAa%crQSG`ncs?FDWhUf93QzWS|Js{qfm54|U^TE}~*C>2+1 zi=|s^g!yZIj_2L6&pPYU7F(K8fbV|D4-n5 z`>OZq8U6m}X1J?Bx+uhCt>SgB5YtH@Ob8p@}=bm$UpZWWE9hJ8)-emzq%eJxb z2Lp#|XHMJnEVB7uc-Wo-&!1x9&gUFY$!J(q8u8gzzk1Rp@cyB3sl?bbb$QSh8JBi# zf5x8q!YA$FXS(fE&(fb*pe$E)?XCasbnXv!VBF8Z`f>Z^|MHXe=$;?!h6rySr*pf8gA^&b{{9*UE2KEo&tCg-RPENbEsR{0#oC zO)Yj$vSEw*axVP`wXPV?G&zm zP}Ndwv&Pv&dFolX4U$mA!PSn#!U1}_^;=$KC<+~pEJ!<}(`$pNe&)Qqaoz2SYMKz&?6{j*2Kko`oO;;UGCsA^br`c z<6vl%{Ta&k+}fTMZoTH)j~@tdim99l`<#hGFj9f2nPTwK84ML-eVTU47qf0>wOJ1) z33b-P_d%oI9X!7U$|37|H74F2(=0K*3GqXw^fPu%?s?2gZXQPjo+xzBY_vAm_SXvq zUb?P7D;rDd#&-0Z(NryexYCVb4iOd%5G(#pomluvT=UuFu;HLAA$m=Wi)&8!_)uLP@#|T2bn3~|lK1*b^7IDS(u%Rn(XSC)WxfsAw8rpzCMfG;#99TzKIg{uFIqeN~)D2FeLxBxDj1z_BkZ17!(|$N7CSSC%d&_4#w;~ zT)9T34ou=2^7RJ9*Q85VJ&#DUK0KK=o}0O>zF|WC~WBs z(n+6NnlyK``|QUP_sP452{^tAw?K@2i3GQ}`q##4?ChzUQ49CWIF*JYD!U^F4db{% z&CaFz%k5?j`1MDJwrQ@Yr)iL&>V*DwXporA?bnfP-Zr6+l|s&PrNJe_U6<6?i9O1< zLgfZos1Xt)Wzg zFxU8>Li;ri18lW6U}Rc=If&}YX@F%{g)j-BQtJG$z}6xm75})wSao+aQZuezn{pwm zeQyPiU!Azoi14jny6S#)c+q}onUK9n=3QM9{fULnIO!jo0Keh=xqZwsC$-^2kSeSl zI7&-qLBsqTzxVuv?w^4*02OSIofrDEF7onHX?w?b7}2KT-6A$)brf8I)z5@~n^OY} zZkdu_&9!O;RQpa6!LE?AWW9{+`gaf4F|%5kEV|z2zTo?rOGb8~t%7t%dm>5gyK!9G z(ws;(=11)f8dc2do&1?Icb0m6GfvNhu%A>pfKG>`4tBG1a)0Lv5_|9Gbkm{w`@6XE znCPUYGYqZ@=_Qdztlq#)y`$P@xB8hlY;$dm{?t_|n=6F!My++fw2m*-S_$6(n@<8& z=U1L@*EwT9`DL3JFsU@mU3XGsdqwoeuI|sS;yYf}Sx3Lct(qpw6xg0|&N#wFb2Bt=ZnGHju*^6NLr@p}x_ zGHaypnf--5L%J-0fq*<{qgkvztKOOjdyOARF|RDBQwKACPd5@!&9T4SFk9COa{Y$7 zI&kv?fdTaSq5x1!U=@YhuW7)ve5F2Ud2hK_WU=p7L95jCu&>4A2yQ19_RN--e46U7 z{2EsO!>u?^mB|=AR|)sLU;vl(ChV%S^m{E8RRWgI95)c-2a~y>U0FpXS>&$LM>lKM;)>$ zUQ)BbrTODoe+#R9*Dyh^*2pBz7A)2-v%ftK)g{8YYHh~6LUPO&#Ui$k$0Q2MDr)CI zq0?8n&|!Ke<3|6CBTZ`-&%yom$D)5UZzqx&y+Lk`m8hrWgOVDsWmPLTlm*zcSs>js z{2I;9$)M1;$_3TE^^jzTY;^&u*bZ8b)mq&%v&=3p6oVbwczS+i=rixN3*Q|w@0U-{ zo8z6fo8|)a*yw)EWFFYmQ|%ub@%Dpo_sE3r{hs(4ejxv->Z4=^HmVvLfda)Ek>4uQ z*2(#M#%ZBVh2JF8QcEpVIrM=39PUT#DO{{}at-0;1JDvUk>-3~;H*;}@#Sve7&|1=XHS>M*8GD)0849gF_dBmlRZ9zf`35Lhid`L z2$_g8)Pu`my}lw3?z(hiq^cAmm#s(C`dI(v@ZpKg_s&KQAa@?6NBB-J_2#bgiIO@_ zE3KUkINHu`Uy}p3YiFC>LHX2Oep66Z@HQgaVQqsTh&V~&-SS1$gZa5;nwvwP9hmGQ z40LrOyzp>B(#J(tTig3m(%aS*CHXMc@9KT?e9qbF+si`ia@Zh06<2>IZY88FAvijRX*&WmE4WaDGh#6V9RP z3J@#M2xJXLa~@Af9ix3(Tq?de5E<-zettYnlbRmar{a!e9#9Rl53ma317|}}CaqQ3 z-7M|q?X2GNYl*C-ww>O1KsH7>9}9m}j>AES4AnKitOh0JJvE66!Kfk(*t-6VNLPWK z#s+We)*v>?X_u^)N4AA;Mjj6s4dG$Sg364D+8xu}m{+))q1}0BPQf8o>tIFMAL|-oDCs!yD6DDp@vih7Tsyxdf)?+18@ATK_10>qm8Xj&t zK}FKLynt$mpRMcTLvZpdJ8jCm{m>HoZ%H=ihFy9DRqe_!N26e*pQh<>&OO9SsY?t- zc2_Z3(o=VfYksEK_e4*{$+t9S`L2(MgOV$1s>f+B$>3?0>>Vx! zVfbOYd>ZXX6m|mh1W%-qf<=Ue+KKWmcpsDAm~pu|4`5WeVb5YySJ0?$wNSrQm^ES{ z>dYRZ&lw2!8B0SO;Vv<#Mdz_;DX6EJ$j9lKR38P!R>~DCG-J)^De-;FPh4f#R^9jh zeK~j8HMWt-Z|h+&*tAP5@@1+QO)TN&wP`9kx7t5LUbn~kOHjY#`DAUXpylPNxuT89 z^z>4L@B1FD_XdmkEKfB|dQ2t%1-}I>Kyc*wEMD;S3I%6zOw1i$&b(7RWVF`wS@tq{ zy&2IO6AR$kQEa07CnHlx*wQ3DyhY{ZVr3>n{Ze{9`Kc2!ouWE=?`?2m&ctG+xlGya zFBzQ?;gBi`Et-WR!nh2DSr^DYdjBms@+0gMN4NJEbG9eKxsnO<@GS1xx0RPQJSKwu z?1TY1Im|B&lL*IE_L(Tr$VL3#NrIBK7+2T}j7!=^J=0gm+-Hpg)*2T>g6QWo={`&{ z+n$}=tgJ>xBWNaHoz>Tbo9z#?fFf_~s5L>Jzc4BeYkoxqe&YbGU4ECnJFdCPX;H0SYJ(DrSH+I*$sRB4Dejz)i*eJWh$SZqU?d~rFsN642m^2;UaVig=#6WG@UW>F{`eNR zIf-+S_ON&zalY#xvUakn+h+ZnU6{1cGy zDfa9fjZ~5y1DdQ~L#%1b+_ay5a_^>Zurki%x2tD&xMoQPTS>R$s@KvJ6RNz{aY?i_ z4kmSE_S{f@??~*wxhEZYvi;0`Vp5oJ_m=7b`l4cn|T#G1Y9F zCLD_bUli%S;9B3uZi>=5+Q#_KN_2G+=WZU74IiGFPx_$3@+lndu|&t`OfGG?9qjmg z32^cdX6c;MYG3eAblkz%tnf)n{xdn^J+6mr&qy>4rR({lWh_6u_m;ChP*n z_(xOlh{hqVb~|5}uF2=Y{m+kZMYB)exZF_eRi}7I{kG->qUV`%YVF@H5<6nId=RzV z9-o6k;b3&9>d~&|7(iwuV$=gm8bNLvnKgfvUYzFjeVI(S^C6aGTWsfldZ21Pq3)K9 zm(5*5NB^NNnv?$iZ8QzT`FC2Nv)c*sU}PNpYF7#`{!1YYznA77SYL&D-4Q30E~_F~ z%k=0vKu*|;Sd#h0r=!p9b_V74VVhmkB3y1v(=nP(d&TotdpkD`CrZ*sW)f$P=z{ld zLza(a?^`ullg}T+2{)2az2s7_OR4Jb$jFyR@pUqYfzdXRH39p#NYCHKx8@7N-R9m* zIlt*ENw$Qyw+YRuQ(7~BBTed(0(kpQcdiK;JvUu_TZ5W3Va*=XQ+ErMEN4JmJli?0 z@ZBw!^!A30?mTLSNsYD26ba8#a-`$gg-lsh$$r7#&*(wy~Tcw{s{~%nP=Q=SnS#N-s*i^%<85x zFsv34DAeP1i|m{bGCo5uzWj|Ot2^XODl6UQ`e8xtogKZZzI-LPD;PPe>F~r3MxeW) zDz-%fSLvF{mJ7kyj4(b{a1-{s_G)&$P9C$7*PWebxyJXqMTLoWliB;lYv9~&4K(0IUSv*NQBf3F_>0m0EyaZu$n zg8ex#*ohS>u2;NBx<670In%HI@MxhlFiGOef=tm<#vk-U+tJQ1h7AK6N^uqB0*OF1 z%f?bTc*#s%$y$7Kqpt9ja&c&8_EHf7M6Pmz3iK)*1f47dI(0Ts8hs5!B?w@S#_@B#Cq%+~lc_?h8%Mo4q^uFin@GgT zF)k2V(!R?2cY`m8lTWr~Dsh{lbc`PQo~*S2m*#)y~Ky7q+fI-pHJ7ti%4;X_`?SasNrme*H14tPvOJJ&wF%;o|Q^?!l zvq6axswxO&-C_y|5uarTI;09Gf0+jJ^bzB+rUmDU%<7r7DYG%l$%>@V>8j_W&`Sv4 zU?(7ro?LpBIo9I?e+{I#Av1w_rrC&n@%L4Q!ck3hU2&9sl9fq+HRYn81AgT{h~OqJD~gg!j)+~thglBzl_k=GHpcuXuS2w6>`z&NOj zxe7$r_s z0y95I57XgjODSPZ`3;s2l7!mH6vWyNOTGNt-8`2B8sB4cKQXV{>v-1~LR^5a^Icqa zohmFH1w*MM>Grt zfb=@kR$KSpj5cK17fXw|{`z+hCG5=PB5pSXT8Dz2(YMtKUTZX3!@pOqfygGQ_^%V7+-;3JY1tY7zZ*SP!-U`lJ!5I#ng5c&}ar;tX!5nOxB@=`;xrJA{eB znHEtm;Csm5jizJu_$-0_XakH0Z-3>gE>P$rZp7}VI5JG!2c!C|)h@Q83Rpj9zeL|Z z*8ARX`W!^b=YR~~uXD2MxS8vmZb?GmK`g&~^Ve^#iXCj9C3U|gpU)yPFCRM}o*4*C z4z1tO;mVrdz~MaKUkl}-j^rnRn|cwL$8YC~2ZYr_rqo{kG?}RE1{pgftzv zFrnT4Eg&TrdH4}II6dX`c2(v73xCg_L5nICWog&oCFHfkA2RD!*u4`e46%LQ1~M)C z^DTyzqYVDglDo`v-;Wrw2D{yMCVmS2S(a{%5__yNF?b_0AWI^f$1>;%=D?hVv{zZS zZ%DLyVWH!s$Qf9T8SFYOCTl9<3gRkxEk@fRi=Q+TcD{>sTr~K(LN3s7r}r;SEhTg1 zqLf?X70ICP2!(McpPB;}PnjGdx7&7|3k2u5C29^X(`hPm6h$a}rEeJLla`2vzpB7J zv{PgmVBBqj{A3khEVAcfaDf(=twmTj9ODloS9v>)h89qL+YE2&sisom2c;iDZ6^28 z{_n+4B>jX#sa<2nfkxhb2+>q)L$VQsCs0(%U6nh=RFlt-CjL*V_wN2T&Tch6%hc~z z!b@`1538vY6gcA5cX1Hg4*hnD5ZpUuVdNW~an)mMD_Ag$v)k4I{n*W|FNihU6&hr5 z(Tw~S^XyHec{mkk6%GbS2ydBxqJ~#A%ixbev_VU8G<6*E z3bSl6*va`geO1vl5z!T}c)JY4%>hVecuUzALdrC`9Nkz~Tmrt2G2IJ{u1*az+`qr* zv=dMHtwh(6d!@54Z7I~!W^j$MGVx}gpvv!Bl9vKI&~uvdF$vV!wbPH zF{nE0Fi!zNdh*+Ogm{2 z3I{AfqRL{cu$^`!saOUHSmF3smIKUuiE5?ib2yG&7Pmth`{>LNyCs)bH9U?-s5ZWw z2!!n-3Z>m$&Q}G*ygrZ0H|$;fqiR_NjH0Utsp!KA=Q35yEPbWhB-+VC9aflO9(Tu% z&v9j`E90wCtekeRfSZMBd<(=PnyWzJS8t^6P29(=F5kT{@0|yX9k`*Th$!UC8{iw;HyhqBhu@_Dbh=N|By>+MW>GW_WS~ zWe)yGm+Nqs=JrHJr6_EsZDaIq(sCr?vEOr4wfzRL3CuvUj$U0hIg5Y2t@fRGTM&LJ zJje4}xAWTa})5kzZv#(KCL_mGFT*~TMh+yo{Y z+>)dif4=4@&+(cquPvQPZi+*g>dlyJ+t}^LfWXri2 zM*h(Vrp|}DHf@9s8sC39z38>hR`)J~@x`v&#EZ&@>g{3-(sw0VaJeqVZR5jjsH}r> zz5gm^t-&87Xykhab02BYv5DgI(kfW%Gp!K2RgZ}XqrLuXfMH86@I^Cr4xU^k=@$kT zioI*eKHz|n_rnDHaGlw30mt_nZ7q>$c0x!~OZOOV`CpmL?RE~%D6q&gi;8l=ihJY^ zS0IT6m&v+_{r! zp60acW5}0mO#HGoh+7aOcY8~ity)p5ug6r zA=9{r(TYSp+NWS7!$pca9(`O*wCUss7u-}dsLr3rs;2v&peqSAFUV&XzW2`(~ul$j*)Mzgvxy`>xCNqxk+Oxjop}A?%DNqS$Z=;u775mGuk1}!xi(g~yhcoYT`yiMO9 zDCMX59FTo-C~f&>FglYwGOuZc&^Ao zl-S01r+MXk)JXdkrJ1Yznj%6hs(LP6mIMlh2qjuW?3!M0n(#(N!t%xXDP_@RRWtQ9 z`sZS7<&er`2SUkLQ{Q;gFZ=4ro-458VxKz<=sBdceeEb?kWc)7wiZmIrw}2aUHxLe z86d1kFI21@gQfyxv}t@j`-(F#*})R!&7u*xop|+?L3Ok@T{)x&fqp)rTdw_w9uXtS z^VgQM^IqBkp3qaMb~@}-+GwxeOG!UoEo!6n6}U_?!XpqB=RgCjsO2Et-FS%^bP9~>2L!u44Tf|?z)T@k=~0$2&i)?YU2&23 zSG*4=D&H(50<(tuQOGrrM@^;RgNbgEs9x?=3{7F)3}LKGafMG9)0MzZMmoFIAvur% z<=FkG5mW{+5uC<+Wv?(*&A0XVa^69_d**J~z}afP5(U!^2CW9wgws7!tO8KSw_LR3 zXq}u@nJ1a|$WWE?pT2SMZy3MpcmbRLW>K$U7ukGE#{BpRfQT`#p2_v>nqO_e-Jcnn zb~kRoD95!F7n_wiT-alxf^{X=W$R2I%0o6yG+XMME* zmaz3&zEFB`$z~*gFr1v_Z}%j_x5pNAAXo9{x{9Uwc7?ux$y2T)*wb0C-xR$$TznBU z@h7e@;Vte;a=lfcng}hk!VphOYI`m2R0PHTz1!i^pn^X~qsw=$c?aeJKvaWWl@bh#36NT5rAet9Kp+uata-s^=5 zc`^G~DdM4P)|1p-^k}16Ez&Q8Bz*)<(nRfey>c!vD9dt~<@a0{28ICE zdcaAuV=M9P>TBD>s`6kJ4d9~bHOYSUUt{$B%rY-OSBa+koP9xq^0d2K)XBbe!5?!E zzyPG3oI7?0aFS-8UB;`f&Jc;e==+BMU_LI_0jL~crxt&edBNx$`XdAVwpJq?GV;jt zZ{!lfD$45L~fS&e%iWu(k9%=BRhm&w<$UqSJ(i|_`2BihH{#%@OiWjN{EBV9&`Qh}3BFdC@qC_U1V2kajV}1=BUipn zxMRNxGVp#zB&x2@-6P!Wm!!QZma8xKXrJP?$z}cf_}hGZ7!Om^)1bPBXXd$Ma2DcS z$m^<3BBZtD!oYV&mANhW_jUL7qTKjN*BA}$o%7&}V`o0+SaJPF3m5h)Hn+z;s7=1S zWF7wUk|AcI%TT!ENFczqV@-!QzuCB$JSc6!xOFKHN zT!g$YxHqe&?<`!#lJfv#aV0eiYIGw>{CMD*WiTo33L}j?Qu3<6JD<`s?Jdp_{xaNd z6WuIT;V7+ayc1he^&STmf>SPwJ#_2z-B`a0MV zis?@r2a4mPVqI`rA%3bm-qX*>n{r;j{#!Y&zkZGPEgnIE`#3IkO8Q9u^s?7usV*bD zy0AU5iY~Rrc^gxeV_S#L9lZHW#L}N`?vE4il6)fW!UzYW-Y7)QJFWj5EZUKi)=zZitSAyktImjZ8^EyDk7 z;Mp2nl|DsGj`kq)HvI}poP25*i1SD_r|bEIq-gc9vmBe?p`Z6v zG?NQ=9(6NLzVz~t*^IdyBoioNq__X7=nD`n7=*uLx0mkJG2O4<1{Jan4^efl%)du; z&5(DxBXj_7i3gu)4<;L3V^;J2^{ecL?zQI;-y$#JbuIig$sZKRXnCcc9RO9ZO_cao zRRWNZV~3w;#tI!5H(UOR`WUfYQb4pdd`$}|0(TD_@^t-aIIiron3!0mwD(^Vj#Fr| zd0y7}H&=G7uEKoJ%e(A1eG|qdH&^WVQ9lGOd%p$0gL<2>n4KcbUPE8F-~!9BwVgk% zYd)j;zBe(i^~?r?=BG%(MfyK4Kkr|Xe05Jq($BaHKrBOdWk_2h^mZWt{d1Y}wGf)rpRVM)ANIm_ z$_n3WvG-&++UQa{go; zxGcv7xkmh;C>@?P>u1%yDGSuGE6vviHu34*!7E6Zzv_Pgv`Lm>o33crU|Z3d*wIyg zSoUy+svq75iX@33k3en?%h>%@dOdt2s$r+es1l&l3a>@`G?VzaJ_7PbjM&TQ_cffiHI-8s@)wAuc@ zRDbIqR3+ygbh;zre+_ifji8bDe~Y2`MA#Ev)AXR-W#WXW*sX)H)6E*#+;1?!j)b04YolHgcX%7x@M3sNpC(WeoJ8skbv^2h$BaFc~_&(NsPXX3yvB zSf3fXZGls?d{Y1xYH9g;zB2EUsrhuoxZuz0{Xt#4{AnlNKX#siKfV3Q&D~N5s6qR7 z%UCdCCvP&KgWJ1!zD7+-z#vCcuhu##yb@dmkQUCC%g=(I0pzodPHBfUKcTTcqr zj<#xhC~Z;vQrEgsK4yX%mRs;%h8iK_IGAryUbD%pv46j6crCBitvOwET&3xW0S;g_ zAB%r*ze}T&i(>reVuUwF%CN#$dWOCqP~opAxWq?rp!-|4tF0$%xZd3Eo!BxVJ+Y{J zV;VSyq^&TXg5Z?*FX1pJgs(B&CRTk41cuj!v@QqVudY7@edt~hY>*=lum^ZPciYI)vT zi{OMmU3VVXpe3QvIRV%sgd|;UCqhb_m~NT3^=o~mvL9Q9&M#j~&WA$`z5HO@t>9)O zRn-ls{EUpIoWzHgtw$`0=B47^BYkh?5%28{eg&^9C(o*Ibpj+hhFlfu711ASNJ%9laazv2w!T9)b9VU; z$(~OYU03s7(3p-lYJ@$=Vi3i}86$dvB|IL$Wmd8eh-dq9t;OC;_BZ4iM(>fYV20F> zFD<<>1N2Mw`Mhm&VkJ@Ei_S|GqA?F zR*_l5Je&PKs|jo40X>O~@rf<_ulPyZrclPDGID@Z8Xc@EB80pi244JCvhzuI<_{gz ze@aXQG0F6$_HtTrSv=>}^SRd?WtCYtEV_F*$?fj$@XXzy)2!56Li*}&zmYCpSyJ&`=HFvsc*^} z5J`|s&O^_3-LQ6beoKj5FK@rQR<|Xm)>m#Xm0pmFN+P*>p*}u*1Kdra*Iz^*yxrY5 z#tWL?OVADumxZ<_zzPIEcV=DlOMFZ7Q>Y(`BI)tb{f;9F`==#2uM>b!2KX6DEz0x? zF-o3W>;vcs0=h~8Md9#3Em;6OkVJz6 zAVY87~m(m!l^yeX^n`c_0uCYQpX%LQ%J*@)I4`0KW>7r|=b=Kzyz~V=!r^ zGuk5qWlh2jUJRZina_8j{`oSwOY;#afijzvm>1t7Y@c&q`6z-%6+0F|RLzYNW*KFP zPOWYagCwUItj?dy$5NjwUv9AhwAHh@j_{aFlbb^rm7h{(dQJz~N04sIx{d}YVQP}i z1&njp{W|iYPI6JoGHTRpbrVW-j1cYe z^=Mvsn2*-;5z1e6m%n>Uo*&AV9tq}#-7m%i`zV#X>|f&bIbGB!4OM z)X_0vAADCuhSp3Dgc;D8O*z-R@$aTO`8bpn_pT4>di}%pTU?!M(7F{mcd%AqX-B=Y zxCWu;Xq>@-Fhm#E)*yh&;RepOQD(bjqzp+@Hj(QKY>hrp1z zxXJT*fdinWwTzt8X*0Bh=;Wi(j&pSH=70I`yR!oNqYT;Br7OhC(sAN%Rqdj(-(V+i zpn2pqXdF57!53_X!|A`sQ>{!xwnGsS+-3!A;>1LAqjj4vbQsFXAg_olEy5yCa8^D+0)jLYug3liRO4NWJ8H07sR4jTN7abKd=}92^5# zrX-Qo?8iYpFGMS|q526>p_c5C7XEbAJN;IlO>;TYzYqCGZ8LO5%6Yb+*naIo)h0D- zzFE}L6SC_#!=z#eN&CrcC6dOQ2x}mVp#k&R0Il1!0KawZJ+j(GBTy8M=CcdwS};0P z*kON(j)V*wT$)0`%=d0QnH18c0=gk3K_;;^kE#3qX<(g03-#d=xoFVHQgLaUcT)c{ zyK>75uTc=)Uv?q6E%~39i~{OK1rUagi@VPR6S4(f4E*qQRJkaxADkmUG%Ca5D2I|> zh^qH9yZTSm7irvMFuDXO&c)ZBrpMCHK|JER#a}LhcFEt0Q2G34zP~VbN?7(D;odn9 z#C@}?NetjlsrArFmBqX_i_e!tfYlB!A@Z0{fzRuoGLR98f!6ktAyJm`apU_k5Lhgk z1c|*?10?Lw)7FT2S)>HWBLE@J7V7WHueUM6QFz9mf{qT1$9|VA_1JjyL$Q(|W)G&Zlr=C*5^4sFFQA%Axicvki ze>vv5Wkix_$Ro3sWD=estkHZoiVX{=<<=`=?=Bj?3|dIT^yA>3IyrBi7MP^F#NXar z4ddGwOa@Dzk)0GzTB00gx=}%@m0O4^hZ9_D6ShVzuqM;vEsRWPV#JRfeZdR4Dy+U6 zo%%-fxbrkssVmDgN45FGr}>WTR>Fb%FO|;y+&kuPy}n!ir8)nyD6T3;rf(iCu1vdE zpJ6?%w*!taaroBqquqlitniSZ%fc=G9WDc^Y;m_iZ9N0OsOuw`vDc6^U^tbJrAZn^E$rOhgd3sV$?>{(W%%sc)&zPnoE0*qH8> zx8`L>Biq)7O}|gbrM2un#V6}?PMO7ey$}7c0u%n9jtV9J!WI5^`FsSL>!>}md=D#| zq^JIT>^?6Y2fy)(FodId`A(vF*Gl?`}k+XdH}@uwIN-2STld}U9P{9 z0&ZL)Ie&nh1G|UL=?EDP}qyhC1oNV*RPglrUhGSHxAx>1Pd4);jOOFIS{Mn6|m zkvy;vSAl-w?wZmj26}xZS<`lJ9);>}7eEx+I5hH6ni10#zG@2zT=aH)=8vI^IlCMK zFh7o zC0NNQwmIz74b!3;Q?B0$bu!zn2S!R9C4Ly=ct)@PVF4_J)IYdVskNwhP(rF8)}-XO zs>NLjWhYENJ7Rq;e(Y#v z#@<)ZeXC*17=T@F*I3*2Cp^vFibF?K9Bdq+e@;9Gw)BykOwKrE>@U0LR`28HSP26eIXDKt3UqW7Y-?D$DtQaq2|){lXFu`lIzFm?v=kXZ z8R00v40NYTnvqcuH>q;_%7|tRI-NvtB2v0h;?JZf;b!Gm7Hz(mfEcXaTVeev=co_{oE&_h(VQgNV(H&wj&)-lu}a8|=n2F{;o)PH>MK0`jlSF^DT) zsL$x8ymT#O!&g;1bY}gYh3bG^LrdO3UlO~<2mO~UueN(10G(pAEV|79lm`&)ssq&U zo_+5%2hr=i>wQ6b3cbIccej45@CDM!)XSrT*rE3nEil7F_GDqIP1}Z_`x+pc}w8L^<^i__`I2U*ChMtOuW1%VZ ztG;b~TU%kd07S{rPlmTc;ms+(QcQ>j(E7ol;SkV3#nKD+BU27VhJ;@ugLp!x|KvsH zU}@?n7svUv(?hnEKA7eoGG18IRk4Kna|oE$uPPCZln@KICKIQa}`L6vyh3$%mF_q+kscGy+EHF=}*Yhk?BpUR10MQ|_6;@v}eT!U%I zVNtP=&Go;}_2FBvY83tn?1Ke{W3?^MX294L=lbJWkN^BY{=XBT5ADR;Nq9G8?pscg z1=}D-h5Ss49?wB1r~-WgC-Zk-jQ4#hAtb7eH0|aztX%<0MQ|SwX{`M_TK+W*0Dqp` z4Py#PAXU65YT(P!srr?b*I%cL*b3isdolt55m@`U-+#USM=7(yM|;`eE)sgTu%*O~pHUoGiw05XLXM5D%o%U*VXQ^iPwzt|GfDB z^YZ`y&+c$Qpqk^|wtc}vh!}ihI*@c3p-u>XkrFOhDb|C@I{7L(TIMTt&tJP2!1wZm zEhSmTNY=)O5JW8OtzIs82&Il{YuFa1qGT(DU@t%X26>)=RIi}q-I@b09^y#^VO)vN z_j9q|;8L)bCcVCNCga+?e+P&sPK<7@*0EJm;dUxCNZ_CeT@a2`(j9GVvEEhm*AJy` z4uK>kcC{o9M=3+iE{!)5rXZ@RJxwwDlTyR=Q$^uvx_+R>3+z-#^@yrja(GHg`V=aB zyx=LLgXdg(XA+ ziBJjUIOVhDPJa3$D?&y1KteCC##qQ&z5%mpvP#8~%U8w0MOP5bS6_4FBWC+TEKV?ejHDTv^}`=3z}&Q#I& zw%5HJZ}jeraUB)$Onv(1e!0o;m+`p~(;|g7$vbwa(^98OOuV$rD@-JtA&UPDPCIZ~60)5i1FV>kzH%T&6OotZMP95w+T<-L6?xW~TPTOfFQ!C)hS4W%QY+AY?rZ zbbb!uQ-y~+pI6y3dLyEhDgS-@#J=j&F|?F&zhVC&ny7sm=IHXrv%q7;|Kl#<2BJ3Z zjD-HE5UH{NlALb`V9_m3AlQen&nIdSP_z#3bSecgoUh-YgtA?h2u$~*Y^&cpmO1`r zkt?5D*Q6y3lBoqN9P5lq1#Tcbl1lWuw_m{p(HRBiDtX6ZyBuUo4^ym#8Dw9}Eb_@& z3~L7o;A#cAYlz8=^n@xmN)Xc_$|sI;y1G3CfY6jZMfc_D3c_*tvD*B|mxi@J@OpYs^^F-tqOMioauQ3biBb z4Rd>Ek2WCsXwTdfAA74umtEpH&(I$W`JaNnS{euy_AHBWzu%xF!@S$}W$p4#Ee+11 z3+0ecgyclgc;-d9q?!$J@@0M7vG4KFMd~hbWtA>s1V@k)OLH6Tx;88ktvX&8aqzaA zM)ojDlnIZq;~(wadbZeo-h9$ix&CJb<@S3xBiVh+e7p%<33a}rNZLcby)AXw5ZDs& z3?5=fXlACudpW;bl-LraGzLY35aszMKyAO13}N?d_)RQ5cAao0)~bKx$f zu@rajbX2&g2K6n#x8LvF#XlIHWKX0qGk_ zVn{)8eJNbzET6`|e6%NTIa+2cRf%#LI!W!78!1`pZ|}gAU!r&fksH0@_5`-xQDNTjw#dHe9XAlr3z)qM+b!rRH&&W zd&vxpYNEXK8iHZ6k*MLc6Esnni29P!H|WLD6PY{lXo~oOfwRSE@OTt_V$kn*ZjmZs zry?RDB#vT2y_!a~#<`;Ib!uX-T=)yLW1dqt<%g|d2U2UdCj}uQTP?9xM2~Dcm)(Yu zC4s{8)rr2$7s#ys>@FMtn6s{aOowzO zu1r(ZAbQS!5%!f)ZARO+Ermj%h2q7FySo?H;;zLtxLZpL#i6*n6Eu+E?g`#v3GS}N z?QzFA_q}u9dGDODf8kQ1fMZ6?*Pf3r?jouwy=`bh_RVVeC_V;ceHYaccA0fC_HOQAE+o569hB~Sm`x)wnf-E^p@yExIVyEl z!qSS-m7_b{ z(;6U%(l~3=l)y1(($B9-VVRu)WE*15r}$sZ)yFy3NeK&88m;pPfy=D=e~ScV+!HHb!?Lj=T}=wH7Ec=(ZHR8@Lj9yS<<#lqX4&ETo8oWO_8D2C+CUmo~N z4yKs_eBx1H9j_e4Aspobi6kSca4D*;pGo6C_^znc+V(D@7>uK%oP0|V;Hh1PEn#6= z*k=>}U`w)G!=!?p-FT`KiI4B=id9Zsg}syqVtzY5W*v}ZDtnTAPdJV$>iU}4>?{PY z+9!LdKMptye2`cx@QjT=)uuA}fRlLf78?6P*=YNEA&JAaFy3pO`o@vfc(R`6C5es4 ztSTRLY59$J_I_(RM}#`{a$1LFrX%^jK<+z^IEvEkf0u9Yg2k=S0-oJlG(@!KJ=)&& zD=$9|9-i1>&M)7=P!PPHzaJlpDfFL|Q^_7~*ymnhdCxuQb^>&l4M6$n+L;*xLh`SL z^!64eC$*L=^4m-u>$7nSFA;={&JYCoV^3~9wH%_ojX8;5pz5rmX|1q`I8;Yiy^pj( z^~T1{{V%-fbKabR9u?bdatyL#W}zTj*wYyLF00UF*yYT=jpOER<>$q;`erYV2z=f5?`xW_+SS!??3WYr zNaAI*)oS%U`*n1~Y{Nunzz-6_XLG7^%hzjW{+G7w2F&$iIRzJ9afp+C_scy%A_)gB=`%tMwR^(ji1{t)1X1p04s~3X)R1=6|t%d0UmR@ znaVoC;+68}aLcQHqmvm!3JdKGF`%QBNr3ulR>R81nlFd*=rb~~jm3iuhHsVkjE4TI zb^M9pqmcZaJkm+B#3NTm)xX>DmRh`mw#y1Yp~%~`$|OzSz@*ehi1IuPX8XH}$zRAU z25dF%Bz#|wHUBE?YCfk~9hfyfH}YGqs@)yv>9qxL5LRUIl}FdcDq8HXN#fMrn~&|W zM|9sgKE?mI+!(xszw*~{JUAe_yG3Yc%77pS#-M=R65~!T`&aHjh~z5VL(CW13X5`r zrcr6ia98%|eu0eQuQfB-4CJi#5biyfb3Ok&%ah)(iao4gw{<0fnOLQ|>~MZg_rhss!4 zV)aU>n5#ukP(xnaE}VF_dWbkIXOPxD23lVo!EL}l@cn%TQ4C2l>J_eQw2B=sr=beI zn`|iMO0xd0X7MFLGT-=Tv%E}y$l#=Q;oFy4R&02NlOcDw`t1K~*XFF!Xtz4Qf0>2^c1raFkXo z6RMJTr@@Q3@<2zzr&{-7)1#y0iAM@6{HfHe7eqH4pCnsXG}ix_ZBnA)2adU?>!fv9 zY9${hpqH7JMDE#H&uaYsAae0T4k*7)pE;!#C!w{8PC<>q@aR=NAb+J6OEWKjH?<6B z?@t9#$G||^6=XSm%1ELg3uA^OZN7``+hp`aHKNj{t+5C89PPvA{u~F+vSl&M zg?s8Br$l7&4B$0uBh&cVma#C08#mM>42%h|Pr zs?lcp$@N^36>mQ^DQ zb(~;?9iFsf@I8(?!=uCn0H(s=FSA>91@N0PvcSt<4~w0iePX^InXFmabv;%_sMe*9 zV!!P+ldUqdyR}yZBFCDET9KEH#v2iddi_>}C4i$dyUe{#M_9io1B16-wVE`M9%xmw z2C-sTgK&rGw;m5uU!He9`XXj$E#eMEeh3e~@i(h@wTVwG0T+n^Yma?CEQ^GzIboLn z*efLdxr`P7t`GZZ-}tC))IWt?jKS{^v@YQAJ$X-Oct*|{8^@;ha)FdL2u_-@RE*~M zI+*6laRin*JiPu#Sm(j~x56vhdpdJ;LM;1ZF}VzLtmg68S|d17%?Cx zkH{D>EJg?ndS4C0TNbIVEdLlLREJ5-7cGCF-y~h)ZDgSK`y-Egrf;}lAVP9#xZTbd zL<;Q2$`7#=TouiI8=+bJA4)zJ7E-2`kwSC+Lx|e@In0HtLy(PF-T2Y+vcqAMb>gEU zdVZ+g!a%mT)$GrKL#ShBawJ(w`Q_Y9d;8^1X-j2IBWwV5Zoh2C32R~5P8fn;WK+B8 zi}&H#Qu2jAS2npmxY@Ul4UdsFjm6F_^t&f`v$DRcokoy>87?F=XIgIkK}`bp=rAM1 zv50h)P@F{3h*_9vXP1d`0EH-d@oBp{~py2rUGYzsiHm{Pf;qX z@l|oV0 zmQlG}=A5T0fQ^NtgJmepFO-b)IEe2Csb|4=`C0L zSJob4Bf#EaWIYWB1Nr16!#hdKrIb z_?Uhw>pBz0e=Rw#We+S&pGc#S98o)3OkS#}Nq(2!yfKsqUte(%?N^D0kXBPFAv7>dPLw}KFrcN-b&8P5}>EB9)bW2{6VX_ zSn$<5FZc~1ybAcoLi}RB%IhiL37GfVfVACObFkBby|cr-5W}61JBCEek_QJ~wqRdu z4s5z(Ud@;Yb!VVw0s?hpQ)O!n=V(HOGz^9{n033Rjb{TP$2(G&vq6X9WNgat%%`9k zlWdAcLR}0<^cpqf1qK&oaj!;LC(hA(B?gxs312;-WL?3;#y^$^C7}b+KnQInQL8ok z(c>QbxAYezCa&-9c@kX7>8M;^oHaJI> z=#HDxE@)0T&N_EPx!FE?d(>^b`dfAGN1TWm!liRg)3A0i3=TkiJbHQ8x|+(j#%gHj z*}X;BXbWRuY1gR~t+ymf(oj+YFjQa8eevqi;gYG%4kI@bCq9gu)~jy+qOD6{4e;!+ zlsP%*de#DH)X^AcDyv1SxzoNFY%DUhIdqj|?lLpqFMB~Qk_0~6KmrgVhL#OfU^ZN@?k3J+*xQ{q5hMr?B22HL4pa{K*eYK7+J0 zOt;)#&RduY*sF@xA^b}24&h4M0NZMNcl;#0_A5P8!+|6JHHAA%?^a`WV~8#xly4Q9 zPd>F|gL>s$zbNNw<83h)o7-g1p1W7;I4*XXXwZ$afZ2N79SFITp1hrO(Nb5|(oF?C zZpn~{c>eBa&}z8s7i{GbxB0zULFRvBMIvBaAMg|s^A1F>flV9ZLG&4iD2YOl#orGy z7gX7Iq7bXq20BRUOLhGWu);B)iE%q0H^QBt_!l>RIra@aF`1_zo z1rieTnv$lr$|MmhX10{t7ffHwbh>!I)FRtcZD#W|C2=>+!JOwE77ZbY4hRZjFh@g5 zE~oAxJ8phb3NX{G?R3tilaUE(4p#C4xb&#R>bzBr(#ut_qoI2Lh4PIOQ*}{gLVp%U zyRBQJfg~m4CxpMBqnvKoA;b6_bfL&NU9T>F#0l|qstTW^r+|zHnD>(}@mrp+U(MZ= zdjT74D*Z{AAp3_5rxg$m5yyvS+Pf*ERP8N7$1h$pE~K{Ney6Bj)umse9(ujpi_mgp z(2Qi7=%N_4R5d;-nxl?_$e9}s8^)>=0LPRu7QE>ef@dw*Y0?rZW&&Lq@dc3{`LCil$`5|N{vCAT!+`(#BT z3gck|y2JPUk(-Ca*qLok_~Ow`qaMw)?7Jkj&Lvw_Zp#6B%tCyLexenb3dI5y?jRF~ zV}9uNB`w|L+h#f`KB#U@Y8v_2h51_4b(`z$Uxoj8RzomUOEXbXCUH)mu_5aAe+8bh zlSAY#YiECd^%={#Th+f?N}HDk@Ixa95A#(;ZJ$=0#Q}1dM~&mg*;dEJ5_d~(lR7Y> zOw&1Yuz5H69yzG7RCWI8AuRP^1I)L-_|PEwcSP)Y=BHxZ1$oo#rAG|hD-$e;r?5%o z|M^|E?2Xwa!Z{L;F@mNb103NTgWR3QETAT2=3C5K?eS-mzpqlq)lRpM$=+{_4nD{1 zKr|Z!no?{MOvq#X!Q6_zIf|JBxuLB8+6ifMcG4oZV{H27R{FDF`yFA3?}qXewu07Q zCsG{w;WL(5wrBgG{RL33SBmbzr(-XYr}A7-*qQLbU|a^-Tm&d?w2wgU4zQ;;YT{RA zDxRGcx1WnMmCJ42s$9fz)#dYCZ>Q*twK20hM9rvnUgXfjB~J9- z{h3NET0a`(y6w8(ka^hyHX$JyhgVNk;KS>B>b(rJ3yT$hcwve)U6)km*T(jwRs6J? zzMkzQk^Y)QJsWfj`|^47sf-!oA^mo4%Z&lqA-f5+=+V%x%AYyqYjy~$B)bzTCw8wv zRJ3QF<9Xnm%g1>Et>G9$iz@kXd~HrPhXfR*SJM*Bs8O$s`9m7=|Ktf6YF1E%hEOI1 zt-FcPDA?S86l;tGN;8RMdCUsTykGM9Wm1gx=LVckMxvOn^PYF`UF8AG=MCi4*Co#A zYEF%-gPx~}c+zi8!~ySpf2>%l4DSm^1=-Zi&UhULCd7hgdjw-^>W_M_al-gCDglWD zi80l-7N7{(ulx<42cie-eC{0b{b-NYZy}XC1GLqp)E_fhXxT)4omNQ9{qEd|;FN6aV)U9Nv;TZ2{jbjy zD#%V%O_J9di5L*fg}eM{xZAjja6)z+ndbWCqQm;-RI)ya-rJ)c9h))uNp)Lx=S?2I z*8!-b1GCke-jFy(;X~wI<3a(edAG-&bZ7fbVGv1Etbfxf8;m6y(bqwq`RqGrY-|W% zW<&M(HZMcc#NnVz=mueVl}*POAL5YYjyRhWW=eHns+nx~OvLwnxr!My zzLLN`yJQ1ksJZn!gEV?g56F$p!`6G6$xtS|5Hp$(R4nqk9}KQJL_P>bZd^X??!}x; zopLyitfC-ZpHtm0=I}P;`kdLheT;r>-5Pv*0H4>7OQxBFMDZKn%>LV5iz{|S^^Ju8 z;|K!M)Y89oB{phe(}0f-wl9{(@QfGqQY*%BBCCs)l%NGxJHFf`N6{v*HDd!E(5K{Q zz4Z@6VJ;EEUlIv*oYoomc`$PIIA?vlY_TpZ?qrx7H1{~Ls!l>o3R>T;Moi2V-~+Q6 zYF6H*M62%1ZZ_P|ZY{<{p!kIBz7G1cto# zDK)~0Ypn8*b&C@kXuroY+eK3UcaKtNz%%5lnC#ZS*ao`&g1 z;CjMHoyFWnfA!kGPQABf9}(1*F7N?>pWm=api@_DJ5P6zj4$(FPXm06GRHbgSW?}> zlASRFCxptB$ZPYBZ($lV9C}F;q7U<;Q;3rhb|saz0*kJiW{uSt{Z7DS2-35OZpoVdi`a>b$Pwl;6)zvr-d5tIn^K7PHPy zW~z1mhxy~Ab<5YIrH3n;hy%?U)5e99&;G7L4w?s?wBC^krdIVJTgl>ZF5piGDRENS zAde`FzPBY7f_M@Aiepa7tScoo2(hP|@m?%_gy7#WudO-GJJSv^v#3KXIN{@7n`ld} z2s87&DXl4Jc)g`|!dejC1EWTuTa~9N>y{D{C28l&W33G40$KA4$xsl`IZxq-_Gd}b z$)Mu}`-AS~Zt3Ox*N$^u=F3j&r~QCV))AIfF^x!&*Ax^91|+a5UEuTfX?Fc%NP}za zY379d45W$iC&=l>d=pRX=5t@k%mMvUf3uJ=C(f%1-pq?dX#2AoUAQvRm|l?#E;E>r2JQRAoJOd(lt=3+ z;D;^6K9=-(yFN1p?_W1ZMaw4?@s>QPxZ$vJ207gLux2-om|{^!ourk>-s<4Rf4fPr zSV0c)wh1Rn#mhA;R_)b5{&!0(0F4GLzF(fmBK=i<(hWeC;yiBX-)x({Nt=u>x@p%D2RbvI2TofN5wWE6del zwVTTe6rhy(*y_hdBL$>I@{IcBP4-IXz(2G$H%lrkDYa+u=3Ci>l0?V%E@l)23iy=> z`-5c^`)(YC6yt)#_k>@9Oc zAzdHmSSUy)pdML`Jfk2)6C0)>NneL^)YU_k*|5weoM)zqvd7MRk%d zxiS+84A(jg(@KW%CousJ@{?q!rz3ipmJ;PPQXDY}{X)GgNa!43)X%exurImM(^q^j z+vS&pgwJMzTRU68iAH_-A7Jw3`EKE{)oaEAG=7rhvgv|&PV*v>?=YL;?##I%MuQXq z-^6hkW?mpe1yJMD4ZrRRQFgiAMra!wgWwBREM)@+qcEVCTdi)Mp_wqWWQu1_1u+y; z0btxbd_my2XgEntKqZmZi!@{VE5x73JLsoO@-aQF@-<9SH3tm{Wabm(dZt!F<{>sY zW;H-cl3S?m;U9#Qa-Zh7F^A?Mu^#@Wih^ZMOBVOyaU%%|=G$1=F zVYB)+AsY%WZNtN+-Vj^jH%9L2EHC*V4tJjD9s~zkhgApm516#uKOyGHTRA6x%9zG& zo-dx{=AT4geWK3aEAM<47ele9puBy%K_YG!tHee^I7#YxxX3ycDmR)Iy3r`#!1wf5 zOlBqJKr+q)BbG)vbMwwJW8i`{%0U`Kx2`V;aNX+GnUWw}o;tN87R06FZl{PK1*J35 zDlI76Gt!x(?OQl-C4R<(8;$w3?B7(wn2Vxe&Rw2i$d#~0!B3uVL%9O&X*9 zU@7)&+TN~Xd%|z-GpQjAF6(G9LJ)Z!R6aI-my%`Q9)UK&C&TUeimd;H)BKQl4iIJq z!M_y1vMD5gLV#TQH=KN%%z0`As^iB_TMHP25tlIo%cbEUv z@cRcLPac@cQdow0;}64j2ChzWFYUg}#h6pz)bA^gI8}Dv(jF5#b(wk|*1Cf(Mq6`{Cl3 z#%0Jc!ft$F*#-f^;9L6IU5%xxC(iarkRn5m&fH~`ZdFr$!t3+x@m}6 z%xZ`){ys`5Jojwx0*w;PJnVGhzH;gYuS*yXUBP$$MjLmEnfLx!{8NR1Lyo|ZK*VA9 zL%rA6!OCok!+PMWR!5Wo?q)6zRI4JzR2Gr&-$+tCK|iQu$7wjOghfN1JW^RVD&3Xh zJiTfRoRS|Zw@Lu^=>0nZanpV);*8YAo05mSNWaz4cHczSG&_>Az9NZh)`pd0I}&r-V-OIX^Opqa-_)LcoTTM3)16>pBNb47e*1-Eh$W7 zZ+Z*w9VaDh-OsGAPdh<909nF?o$=EHyG3e$TJ!N|-udyVEHhBI|1&%K|L~;$`|0`% zb`y9_vB8X2(~uPb-KeZOm^1rrsP5C?Jx71!k4UM0H-ElvjWKPq5BK}ywcy@I-dSUf zM}10VUQuvJ}#`3W?L)Di@$4vRNpx+PZs_cY*+hVuwC794p?_<5MT}d z0s|Jr2zB7XEfr`8gM2Gn>=}xgP?+;FtH_jSdMt=?BJr}d7cRhH zPs8O$xxa9}K{l>8!P zoW*!|!7gSg$MwqVY`^#Nwhr6hxAxtYzcEB>4Drmhx=EMFL@WcOq~Z*%l}2B~+94sy z+NL&R1pa=N$B+J%SC6b-Pfz1Z{;!9Vt!&IqZ%3e9`b&gu{O=l^^F}?cMqC7XU4@O@ z~6sqpXPKoi#s?QmOV$-}c|mf-~~S5O9cW$Q-L-;EbVUe46CX z|BLd3-^9CvRGz#GpFxmUp# zaua;A3gs&oFw@xlqD9#l7>1z;A{-e}?i6x>J8pD88~`1=)$GdXB5vFy9b}tQi7$el6*)b?;iXiVT3vV zYY09edF7hJgt~~F(3KC4&yHl-#8H8k0)<>Dcd85SBnEQaejUc&U0E0Y7BVny20Bbm zPDUHE;jr^!{;8YhOPrWv&h@(S*NUMqfw zZXk4(ciE5Z=ZwN}JirIVk)_ z%kN*iVXKKJL9;VRPccdb>cmzR^(VMf$?ob7r9ygx1#^&aFT`&paH8Vj`3dWlFhZaE z^cZkE#FNzAhljgItL76<>kQTf`74F0R8 z7GW-Cg*aZdFX|OM=Qp)pAdoQrg>F^~Z5wQLkLVo>vXXx1D9?g3*^>4qhZ0*SS?|5}UpByjGJu^LNa|^$VxYb2c{9reG}RmlhtH3@Hi( z7;iqx5Gb-#;^EYxAiuh>1*2dq5Mqxd6e-3x71$;ArxX;Y^`Qc#Laa?G9`EV4a-WOp zG1FFaLQ+B*;w_(G z>GYUiNHUUd#+6V=dvrVnSyTXB9W8VhQ|AeUkV7nS93+c30506&m?{MAN-9 zEeIEN(|6RKFTOpgp)Dz9D@7y|=;~^Wu*GM}{!`ZyKoazqHF9{n2i{*riO*e@imuqm zpS{ci;VNvfD>vRNjy`)0AUCNmNcOk;Ze(1cQd}-zoPLbaTtH)}^E;AxD-<6olYis^ zWUeEsPgOz_r=Az!W?7kGV*2NQrmX*w!A>|nx)81@W_*m~?A@cq#iH~mrI1Pycai;D$2=$20MCrf?{!6ahGGp3RG5Vy0KOQ+V$<6UC$p%g_&g_E!$ zWAy>016>#=T#Q2wyY}7(=&H+tgeX|`$CxI*!EnliMl5A;bhEQLF>`m=E zeaxy+^m&>!cc~Ap30=!uuTML8qa&7l->T>nIY&Ang?5^$R~U2Q(09fIKk1q7>6mvXk-ZHVS=`DXk zdzHw>!tx7E5krFRBGQwXhHYR2&NIk;Z_D}R3?LB_?;MjYITBD2dz_7)hT$`%ipgQ@wD#!j1Xbo^Ey*58~ zteiHjRBnN=V+N1L4pzmc#?01>Y)-jb3DP;#)XD~NFP|A@b$SCnS$&6|LvcpWp?)#$ z+*fBh>AsfEB^=eP!;Sa18nMuXl-wGqsKSpZ3`dG8$OIl8aJJq|aX);w-vt!%l{;81@3czbhb_mS_5tM+S-;qQ{Mbw9ZlY!qIw zg2eH@XJBJg1xl+?HcGSGm`T&swLs%5734yLDJfU;5iJS4F=_vzxbE5iE83*_G<7@p>kb*PLUiGDy1WbvA!g@j^C+ zw|)(CLh$Nni=~N-(dD9Ic6HF84l=I6Lta+$F4`_}YfF=RE=>DC{2Tq0zlOmVR`t=E z$uNdBsLE9kS6Z6(!=#pS%L^3YHyr+$&60RTE$@|GIHrEZJP_#|B=%*1T3Ci|a9o7+ z*{VjhWb14bk(B30McFfc=)C_WJ|EejQm^-6J^H$-9ei?lByqK5owcMJrHKl3Z4(S# zIYF-e#n76CPQ6;d+*2U+g=fI5c`fNsO~;Yuf0qHg-p`S`(uRB+?Vgj<3Y@@QfoGP>o3&64vrslv zz%1JC@Q@jkrSeDJhvgnvc@YbC)=yU+`-rs>>r3%>id#M1gfJe=RIMctl$3hFeAxl}dV7Q9*k3sM5p2 zwx(JVAV(;qlGB$sPS$svz1z)b`eDA#y-CQMY&I&fX*E*agx|4JNkACICPF%SjldW` z!?Ua>M^O$4iz>1U%aJQYmV;pTjdk(qGLczZiW*Ye_l2Mr-lH!QIuS69Q7 zGSYTdLeOfoQWf8wJ1cB$I`ZD!%J?(VbHDK~=aTxt>LNl28gnvx#%iMGEe0P9+tUM3g$wd1CnLtwwe0Szr zA#ay$-O|Iwq@hhr0sXF2t{!tMpv{eU?R21~GL?rb~Qv}t3#8nv`%PjD?}jn}n)C#$F*9K&oa zJWUj(wpqbjFA}!Fgz!jR&Qhi5CIJ*Zrz&bb6$DnxD1Y(KiwRnR6Um0@c zky`C^->pvae0Ji;lQD!LLF~W&_M=xw8BHx%c}MqDRuS~Oz4#`086LM~NvTZaDZjMZ z9Nw#l;5fXTTEWAhpfB1am1yt(E|cJw89ehaAUeG!oLYh{h?Wsy&Js;9!$3- z`~7*j&8bkhJw0%f39 z#Xy|YNMkSOI*Gjs8YWfSndgwVsDHE?)-vG+l%shvQOKJ7C^BFgEDOB~HPX0A6-&`b zPS%fCTr3~aiytVi| z`<;g+f3@&^KMEP-5nru&2(9Q0R5)3ee50AJnw;hqtIVnR4!=i1mOX-$vZQZwDZyki zubu!5Ub|FHmsW5ikMc|sblXU}k`AsUrz?1|$?HdARCju|1_@YW&}1W!Rv<;$V6~%3 zlo*hOQ4(R+FR&a4Vv&ZjEX;(g^=Sq0p1v89)NZcm(x4`AU=)6zu2@=fgb-m@D#nCu zR<@On^CHC|A#n}N5Wt%SD1r=>j2EmXsUAva#LYe(K6aB5){ z8J*`@ml(V40$9}<@gms0p^X|Q&3#h!;am*9gF)IG>?kJ)j7POA>%i_X zZ7(DGXV!9T0Yiks{(ZyAzs7ghdhoYfvX-{;xU=K-P1b1};^0Btmx)0>B8E>N8V&jf z7z|fK+YB_2q3XNJWQskYKDVYF?1?6)mV7SC#WF5HosRuVNEk?m2xa@1wGoJF;WMuy zLGRReUBayxrnIG=IlC>0UaYTKa-crOpGD}oHfTqQI9QG#_%PlB8m-*r|GRy1O>+EqSGS=MKMI@{OS9@yhOuZo;rjMSqeR)zj%Z?*XY zf);CB6h|*qWe+4Zn0M~J#lL~66f^kt_sr?A`& zbz6F>7C5(R^PS+?L>#!PUh=zai5*zU}=@Q&RbtSbi#eMh!IVT6{4B$hz z_Gr}_$o)jmk$B+Y~O{R)}JkF z;PK$&1DZBIRiirN(C>N+8)`+g(Wf%0gg5PTlBUi&rDQsW`Um;hf8ckFQK32#ebnqJ z5(~f>ATuLjuVi>%RR6$v%wqyDDcK6YZ;CM$B_=+clQp}N?=d}OO5=5%mbv65E*axy zG5Z`lCWd3>R|j!rnjr1qGw!h@Aoj)KX93?fqKjCX9`Dy2yu5J;35+#6NW7HUZa&qI z?*y8Hb!l8{dhr`=!L{#HRaT=VZU5pkbq$o2=m>cjYl!!a<1409a%hB@-Yrc*NEx zswgp^dUY+zbk&VtA8+%mNZ;>KOhDgr^uJ22#m{dn&4vqqTfj0aeDQ$Y8?$@N$^aFX z#bxPyq4NJ5|5H=w8n6rE61N)H~lw@7mn6{#>6!$17IB)AeQQNMh0yvamAKFjbdlU81(> zA1(U|6j!!4~wnA2u7fn#mj^cDehv14&;%epvY5zXW` z$x$hPMwLa#(JH}S0oXtr-$lP{INXPM(8c!+v%kw>1I*oN^T5e!|8Wt$LMZN^cPLm6 zBUm!OR$fm5HbYglvGh8ES^dQu-){C!6#9xx;@Z1wat}|wykh82140bYHuk#_iv#%Q z=vY+FoQ99IGhz$mi|pln(hWX+$n(TJ9z5$C^G<&~rt^g43h2q?_=vO!6lR@AEa17H zQf5A&xO&nzm5sN4#iLomg#n#xsq8%7ipAkqcfAX}Qk(dxrx?!27zW~~8Z~~UDn%dg zj$C9O4<$i8z=u2f=8J*;54}b>rFrx7lr(QJ)*%_|oH6PKiIJ@fp&2{2hO7hBW%vyn zSm3e^i`A+BuToG z_uouRso|GolBkG3n$Dr)fY6voI~f5S3ne~u2Oo6m#Grr)(-~*lHZP4#s1+wd*Lb<_ zl1$qF?)H!*hXYQC=4zxk0;-CIxltY=I9W^3NjC)P0}fdQT>QjagaT|`H&!7pxhHNMes= z<%I8gEu>1JNpj`RSj;F<9wSJQD1w6uWD?4aAy#tyibq}-eJJa{KZ3W0q$yfmHwCVtsc|Ff>HxJq=% zj!T%6a*K#W$H!xPczLbuOcwrGRYy%#uJGTaNr7#`8C+@KYphG4ICAbwehwtexr6Qt z-1SI^sB3=m$FH(5vQz$xwG!ZkdCWdS`OEdA0!n^c_oJ=z-wU0*yH<}^0Wqj2@J5q9 z7`sQIsOBe6suxOY1Z<`Uy}6?UwH!n;vDJNL`OBm<9yh7u)@s_b->7XmBY#x!c`W|5 zF#m#iPJ>qHn!=c(a!@EKhMEeCYN<|~b1!=N)h7TwjiNWZnP$s60h*i+nuBK{%i3dB zBY`{SwMg^TklmXZzSpss6G?ugnF3kI7Yz%WedaB!0}yuH{CKbh$(~I5py|p=?UY`Q z&{WUh$SmLzpc7gCe!~({kOmugAHErV`*!??gVkdEY_X^>)AwQutX$uB>>~ciHCK4@ zF9<$4fBCp6AIdwZ;Yb{N8s&5Rn`9?5+QKR2L6$i@y8~Zg1mAYeuHo1-i<0qVkLj>p zw)9JGQ@FR-uFSDCX;AFv=?*eP9}cz>RY#g@0i+INJm`iuE6@)s*8R}oLfS5nH*B9` zu`5oXLp%%3V#tcpl~!~hLLI6*I~QZq*%P3uy&?SdmAGZcd7^cP6|P;W_uZ>sHErSx zC*Xsg^qQyFVO&GPRbqw&jGT$4FvM=*I)`~)2uqq&j0)rh!_07j*(i?!J20Y$3m;*2=uZFU4H(I)j~6wke}Ai5EO!K!m6xk0CnxH- zbt^9Z-kNsvsIx50tlxXx5>sFLzJ)jBi!J8*pSES9%z+8Lx4jC?ij*-&fy~}U5ocS1 zrkmc<*ip(W(3>cE6jPjGf=#l(cW)$Pri53pdF~Fz}$mjM}N3px01imr0(Sv6Zx)pM)9sltQ@A;mJ;O15%)_GM@rdzm}S6= z@kd$6_}&d{s>*wat0;7ht-4}t@J7nbqJ^T+`@U(l@mC1mTgO_Po?7HEP8Z>57m;x> z>@TB_tiuZC9*ob24;^q#+Y?QcvR|RGV6r^Nuc}{GZ%NEZ@Po_+DFeSWp&?XQ_{_!t zM&U()Z@mXEFX{r%i!bW{2M&gQFH52pKdYBH)DXbZO`#sS2k;8sHa%X_D zFYDOqmuLGE)807ZTn)ubQLPPjZNi37tX+Ta^>;t0WC|Lg zjFQ{paEZ9tVm{*~xiKOoVakLSi66zjm@G(+U)=qeKIG$*BCv(}nv*OaL-TU`B-{1v zXF86Q0?*P)Z)N5_3n_n+%WSdmhgO404*s79qe$QBv3icmWs(PDg%V`9+?cqA(oCX> zhTJTdSgIL~9JEV^xxejN8sjT5xfWwsiGO>ec3 zF)u~pYWoscj)DFV8tY!}W{P|L8tQMA=1O%q)U9mQ&D~Gn_1{=~m2%rcv;+_e@#Uit z{)RE{b||qPeQm9()#;Ty^72GsJ_;q=Msgss9_9Eyt$I&Km~`(`E&8yoF2T&Jha(W#ooRusjH3+O+HI2mZWt1*OIWS+6#d|zLt6a#_^=pa08wqj2pF?JR za#IjImsWauvPSgfeLg|)^ZQRsKV2hz?!x)+S_!9ILL&0dh6z0rN(<5=&)X)4s4L4% zO>)LRi>;;?HO1z+O(etzZGKmjC%`Bs!IVp)dVZ)%hx-$e%JfV>UxpH?+KfI*ng~t{ zg@jRYTJ4J>c93vKiY%1A9WhTf+*w#7dqCcotybBvVQY{3!PoG#I&u`nO)Ni{4R{m{ ztu{h8O)fIdPiU))z~i^(osUF7Rr`0CKC|1nqsT>BkB99>I3dlyHn(CC-z3ls9P=FE2x^sz3#=d_hasSokT1uG~Ien2&x^ zBA9xn(OZCkMWZt}nn%9=kMaUu9`6DV?^yK$uk5vHalMQ;5-Nw>mvc5C>}lPKXuX|; zKQheF1Vr3Ifs#qk*G7c2`!_odlU9%WVT|!@p0kVO=N=oSpN)GAc*4py1JUMhnJ%Ai zukIZe1>;QpDHHrRu8Z6ptbu{upFVebctah+REMKkc++HjuVUX0xyRd2+8ZGZUjEHn zGEkyCDLNEBdJ9liFP2l%{7OMSlLYD=Xk=U!0QuvQcj*dn%eUlaaNZp7sW;YfHAqlS@T z84dlnB3;*dTb2ma1XYDc#6+xNihwl~(Wuf3<~Nw!41(pw+p&Y;wEy5gk1I1${4q0#jpw zs-_~DRKpm+lB(h7^CMR1NW7^9&V@`tyQ|g7k;&#BC+f_UJK~C)VTclcv?{GswaaYMGJ>2aTMW)%(=?!$~M*GCP44iQau|-??YV)0{ol&|^*{YGs8!#`4%` zBCBkDcAk>O0o|@#s>RX}D(QWBrHj};JZEHvHs+&SX*N&GA3+%>S1Zr%r?Vc$f?ZOkEiBTw20ym?n;oT4jT6YI>C zu3(8*)+G4yYWMtCPv}#;@iiH&7N1d=T;BXowMiRBOb9sO#L^>UsyO1|ioxwcK#E&PO zv$0^b#)bW&@tvG>wHTk80+AlxuLd8xdtq~P6uAl*Lk!`H4xV94v5`S~zB>6f_^4~& z#kH{m+u4p*R_mhV8Hii25!W8<;5mN082SEo5Mrn_^U7r+sWmZ*zR|g<-Bb|fdJ0=Z zy>Z6wg%SkFGw*6+3Do(;# z0ihg9SELcK?)^)wAA9oG;&eAyZ9bf!m%a7GwywX#JWo6JVE-tO^7q~ULZS@>`GF|17DkFU@Gdc7t zsvvQ@F$FU$jE=(Sq?XP_O6@jhSxkL3+}^nhGd|i;S-AIb89wvoByEApNwDy=FDooa%!m@K4?@?TSa@yj;N@WJuSDoTxvFV`Q3`DdsV_k^2&0 z;NXplvG*s`mt!HOJ44c@@hxmi@E;Zq6Hx5K-Yq>^k+Dzudzf&F&gZ=*=KVB+WRy&E z${*Zz{w#NeVCAjHC2jF*Zz^lcPZm7R3%(r(@P#A2D& zEQ-o9oVttx4VN7*Scf2iD!^Kn36Mt{|&7rIJN@U)8=eu#ZodXlx8o=WT-JB{@L`7je!M! zi-ITMk$Z};EZdbqVv+ya$?!v=_O$zvF=Qp62ftd9oHC;&cVKtiVn%uX_g+etWv$0< zq(hFx^oPd64DCQlW;laC8kS&J;KDwKm<1?;4KaR2VJu?J^b8$&Y%UryJ4wdf$^c@0 zc&pkn&+sRJXQ=7~lfB7fuf@L>I)_2xbMcq;742(nW#!m$_a72S#)IprPSS zhPQ=c*(9@eXoqhf-0nV|F)vfEvXS7iSzA^d$Ty-yd=q}(Cc?NT?xXd~u0l3oWN8x} zV>a*`V2m3HR<=qmtUn+tJ>gClRh-f;6z9NX{gYk%X5LLR&ee{V-5S&Kaf-N18+%PY zs*IW{$uqk#hgH(cC_u`nG8#dL71Tv2$p6^1>+xvnWK1-?y0z)JZc=`4FlgEnr3gOU zrqH}6E7_L%A~f7&FtMW<%3LZ+PHz@N@yuY)FVNIfZc{EPF#4dSJ%mb^{LJ{8m{Jlv zjkw+GzTn2X&hs`263U_hhAAE$3x~UTkXAmz zxpH}^o!?Q7Z`Vjy!YlT`bkkd^c~M+1G2rBw#A-$WtATyy(yOh#M-l}L)NxR>!n#TM zpKe^89^~DvYX{8f+y9Ic{xIb$>ZoB+m>Q)Ai+6X8a{(<)O-7cMFhZ}Z({*1T$6f`h zN=2vVpSS3&-Io!O!J7U>K-iQyzgIo1K(+qL^I=QM5?a_^gjce;pmZW}#43%DUNXVeTwmR?`hLxI8b=AKe*9^CNhFA1$} zw4={vc~R)^oP96>^I6{L0hnqK68J?GzQqYIeK6`#_}dgRWtSdke=d@EE}CW|*t;B06pNc08Abc6@UrIA;q!&N~@oH*p!P9w-6A3rrGb z+ZAA-nxy;jqW3|!ScS$H2c<{-Gh?-_n+`=7pXVLWn-7^%WhyecBx%iSG8QDUGX!Kp zGLV|vo0#^+$u>s7%nlOPH&U;QwzwJy0FoqecQQIc3p~782pNgBi@!_AQ=OI@Zuy;} z=a#e`XnA8}X-(0ORu&FQvo@jFwLW_>VTF=noN%oCt;K88fY0UU z?t6KEB8L$>=8-G4;F-X)DvXLOU0ePgJ71gcw~gYNTWLweASgk(+BHj#IiMYnNx-S| zqvGtrP*aja8)?$W$Qgksz#IO0n!irHrQvgqdui;0EO5q`CMJQu8rEu5L=}U3W3DSz z-BwUA_g^=V;~8W ziILAer<9J&e7QF^Ot}4lTArof;d}*@8!5$F|Y#Gus zCA;(>t5pf3FIfYClPDviT)jqc&I}JrR5>X>-i3S4_e+e8p|vKLh>Xno;8}k`-NK2T zEmDgyY-^Q}+saADz#!UQn_b4XS43FXRHLY*2*s!SK^>nPV*o|lN_-$Q+UDU69i*y< zTU=rT(;$M+LaCuHOOSbL$(xhe&tBaKWr2m)wcQ`QFR!mGUo~Fpzf{t? zm0&}m9;}`5x@dDURlotdC4udMwL&Q_8_w_~`xxHY_DAZj=eXG26sm#5P{{8Lzf95E zgK>ouHQ*hK?RVD({mF-q4wa^TvuYoeu>( zhC>6(7Q@jl=L-i>2j!_EL!XU&uh2dYYywTW5Wi?4qUL{+WYQ2A^WmBDCDg?!X#;&x z3^N$pJ`OuC>rHjVfV)MCy4ea#>^QCvvll@URvK`Q|w|e25x~JI*_}ALo)SGhF|K?bd1V{i9fhyJYLD zJ0PlaVHb{EBFuG^w>#mtpAZ?)tx2&zqFb)c;-If;h$6f_ik?Ttxm_2+mq4l`6R~^S z-2zeL5G?)bMMb({F-Wu+9Z~iadX31Z$NsP#HaDJ`8aQ6GBX;goDlQ&%S6;EHMl2iV z`MERndXVPQOO2O9T-|^1I{u;nJ_c*Ahp4!&A38A#jI*M|UG65p-bMr7(I42trs-Px z>g1+(?PyCIe!(Y_+lT@E&Rc)<2L5_m?0&_+G{_Jh$&_4=ocBCw`TPbQT6|XOhQ@GV zAAf;BwMxn9)DUHZqxpTY%iGnx8=yzG=79&V>Fk+y(ZL~UtWXV&8ZQ4*i`WbZedh{` z{y2MT5yI`89Hm`o&g%n~>EPIe+po8`mU@=X_FN+qqa;kbEX;(AO+FA6a^Yu4U+HL#Rdkd-1*_y`^ zk~I>ahNYkod3sn+iYQ{K&P<^6K2eJrSmhKN+vi+yNNy)Y)E73-csp8Hjs ztG$W@@VTi2*yRZF5M>NuYs@A+DYbPOyf4@Gcvk7hTn5UNyRUh9d7QSj&wERb7yW-l zE&m4|1BLuX)~qMscKp`iej%c+j!{}#?l7&iEkX8QEgV2hOhP3!Evc+7+}0OF-iBX@ zs=twJX1R%m-LkXEC5nAkVg{44ph411U0%RQ?xkEjs6G@o3dGrfn;j-GF~#7jWYClk za20}_$M;hZ?+4^yH1w^Wi`ltA=nBZ!aW?gjw_LB=TH&AOYbQF~D9$b>g;++-ywIRV zs(57O zpnEwkk^^*#(2-S&(%YlwNRX128HYM))pcP*G?m1>q=$MRaYUd4afx9qzMKbC3#OU2 zdIuH5Sf;pjX#zN^BE2BnD^ac+i+Xp9R90f4QZdM$kMcWOUZAk7bI850U9A0$;mFiP zI;<_h7ShG)qI-AY0MEu0vnk}l5_FWZ9A`zSo^EMsXK|t@vOu}#`uZ1zgE2AWv79k_M1*kbo@+1MSAB$ zyz?MJh!9bc#erfv-O=}(;mCo`g(huJtXM0TtL#+;+@vo48|g75KbUfx#c}AEB6cg2 zj!Mi@d6+|eogMue`Pd>LDX&)7iHP|(Lg@7APAz}Y(&bcVrutP^mrrr+Jf$i0 z{yLMmnpBo^d3SdaK<}gDCOF8y-Mw@0{qfy_P5&IGur~nDLBCyrwGs!|99&+QqCp^8 z9CMa8m}m%~o4Sqokwefp!~crPyM}F0=Kw>5^gJshGCoUwM76oPwo!uZ-PpP|#@mcv zl;hH@tyAo9pPgbPN#0yvewqDmF_E7d@@~aTY2?iNE9Vc)3H$vlE-Iwxp*?Ns^*`?A zm0g(fI@UKtv!Z`G8<2!N&XAE};C_C7QH`kMbbR-JMYNaV04lU=paK7{sKsO?U5_^RIVQxv$<>-maHBuI9RM+oO!%Xi#;< zQDfXCQSGPs?Qed3B1p43MQR|=1qTlb+msh>%8D4%l*S>))4fD24``NzQu>RxKR0Mo z2#k`%Li0gzw@LS@EwfVMMplx;R^Iq?`a>)IsW66-_EWFuqKzaWH;p*nc(N#Ft7Aba z^de+2#>e^^F=2>J^jCbmJPv%sxrgt#rmp8fXU^5<*j;5-mNdfdCLuY?5Fra+x=9Q0 zr0#UXe5l4?GQ)mEKcWOYuQCHLAsrOUeW#6}*osbB`Yn^dVB!X!H9*vm&?qYoj!p1J zL23W6SL|P-e#V0%_;Su&vBGPMKqHi`h><^0Rp@h?-L62okEX$(hyXepQ zRb_JU`&K8mVA~{uoNQ4J!Dh(>zxtMVcEIjobr$wT#}A=MQcYEXQ7&zIvqJ2bW31N6 zsm2HjD7`3U55}Q*owb3c%tj{Z@s3%Y?w;eHL?7*O7bf(?z$fN)P2z@33qKKU?c<h5crt^oxEtWSG=Kv>+=Sc33)+4Pd$PZU6ke6YEoj((w$MLLpDVDat~gENIJcL zg+DBBS78in z1Y!xyJF_Ue4sxhgg|Wm7xmY0&HM_vKO_^rkEI1?1{@$i%$P&v^Y>VQ7WO@Vg1k1%n z=q_|onm9Pmd5(LNx5F~v!4`gD&GfBMyHz*UVd##OSQ4lq8;3c0)yFt4yY1~n3wYj? z<2{dNwX$aRAjjB)OXF1s=vrF4>=jR&JoOaQ_uOJ+qDnxS5| zB8ifHS7QrX2yCb=viXF?kNpP!54V+feV1;4d5tf4H%m>M$#lfXZe9@|kIba|=XZBT z3{n32pY<_}1Yhj|pcLh(e$^}_Od^|_%({R=qOe-(yffoCEWWhzvpm*Uj+{X$%4L+z zb^?i-{p!>XiB{66<*URrc};pyCrCR!cuJd73NCngNTG_TJwkz|g7L*>>yI)mxhFcn z*2(%dk) zJbO5b=+cm~0b0ivi`ZsCNiXZ*?CYb2$>9TPgC%6Uw!7beYdi|A={h5)HH!uYu3Z<6 zPE?2Le;NCOYG|U#6GP>u9Dh&_jt1b<;n%`y8<+Bgo$H!leo29;q>sTz=X{eNy%g=n z#BB%>wF5DWiqdVJ`aW|Q7uc72M1vNlZpdc24aCaD-KL!yHJtT3E zD|=wZ^c$A_@NrZ;W=z!6TIBIIU53nxtdm*zW5r!~1^)9#9k&z_?Pyco|ELH3UmEGJ z3~?VOB3I>ZC?!>MxkgX523$v5+wo>!I$O~1Nkt@n)6F}44rkO3h` z##Qowr6wETRCb4wG>|-EuO;ip=-KM{@v> zS^VgG=lfB2VIAx@6bioi`UhLZS5qj@CU|-|w6=2r0CCTP@IF}UsBX;j-7Y;@wJHiC~IGUZGi>1o5F`f7Wu3z#U`COVd3T!%&6E1V(J5?Soe=sC2O#c^~YgpKZ8hD;)LmI9g!QUc@ zn!*WY>$4v9knlUI^he>CZC*tH5cfp*gzki`ayCG1FWM|CL^$d1+nP^)J_DTh9VkI>F)@g zz<)hQk+bTjMpiW6m2v4YGX=&vRc%llMo-Ct+efsl{_wQ-WoH)YjPrU*x62@OYh|X^ zyTD7~p9Ee$C0R})IQf0*AQ-ep5;9P5ew*kS0qV zHHgr?ijXiCsgUH+F5~jgsxThQMD!~DCvExvwE%zsn^hgtu=1jK*~!SjIp6Lk+I~Ca z8Z~+PhvY<|&8JK%3#hd9CM-Bve|i!fg2Sy24IcA|PTzE7L-$pK#6$x)aRgr*4PnB~ z8;cCLsyxyA*9n!V4vJ8r#gH^9i6<5z+PS(dA4Hif;S4=LF_-=sd;IlSw6z+9+s-#$ zRwyOu3=@V!M0Z9C+?9ZUs9I=!ehA=>SiPp%$S5`5YDiV zFY<lO(=+g(rB3=wj7BJwUin`Ek)ecK1UMyph%>AS@F$Pz2 z3z1dHFE!?W)l_CBxsPHOuZxDaU^FqP8V4_D!5nu1%bt9bp}n^UEY)O;Ps1zHIABgGt`V!8ddp+tN2okwj#>#sU-8H zr_wE~aRlvy9o5GDCU@g@WIqRNu@Ag!4%L3jTnQ81Jv>jrhA~)*MQ0Aeuso?SEBh3X zxHyxvVC9m0y4=EG)mHUqs#7gjDAjVlEBENLTAYYvT$G)Al@X*%Gj=u7iF>t{xJ{FS z=V^zdWgZ&z-}A>UQe%`U*yd47ENR6dr-u104wc&3N%+F$;4>ebm!oa z9Z}n&-4|f|F8?03#xr+~3#;OD+F`oFmyPGJaq=K~wV!R{w>x&%{69soieIpfT>|9b zg+D+Z+KI|kl++G@io$VG{NB zd|fvTGxEIOb0X3=k(~P|(>uS0Q{a*|pFRkmsqxz+%T}KE&L1zMRybESOudUL_2@Y;uCT&`>EHnqTUvP8;{*ot#P{kBH%Em&6v2nzWPLR>Ys2>_L5X4s%@--q(`Xrc)+ zF3vA(J6H1dr|6aC!`Zuaiud)dKSs^?e{rVl;7BasFJ3Rm9=VwRTMO}(0R<8S{wz6I z-0crf7&Wc4m?m6UT>RsySt!wUlvQwSG7E4@p)6pXet*~BLdfhR>$B^{k%l&wmf0`SAb!^NKqzE>F zauTnCC(qT2CykJDnk^wSK?DZaCJ$H8>tY8)EkWAr%gR=f&dM=bVVp$8L85?659$er z{*KMb^u%bilixuRKsiy!_>r(;HeCPyxCx0bB;r@k3l=L~pj!IjzC>}~rez?pv9FB6 zuxMvrB}GUZXQ$tKiuhIYLQ`~?R3aeyLYJ;c1-tm8>$GwbzBy2fY9 zWU8TD``fEvtTQYL|9M7M0b)Y>`ON$R^|%OVCg5fb`2eC*s9%&e9kD0%e4GlY;`CrZ zZ0(`Bjw zT*<-Z-gnGOq}fcPO`i`SFd$of7v=x^Lvm*0Z@A~-ObS(Q0)qLGRe?AijuW0GnhjU1 zBCkbJXxe~75|H#CPL6FQK#{My4e;DULY_i5j?YmOEg@J2u!%hx^di>?GJD1>AhDt_ ztr=GjZl3~idmci59ODVBWa0Iua2;MPQTa~{aj&CQ75R#D-6mYI-oCRPt|#GXJa3tH zWyI|BjlXo+?{~bpEIpp!J{M>3`GK^HhbT$)U2=TIn1KnC24a*8lbY!$Jb>DA%k93IbxU#K9F-Le)^Fc6r3Y zhFMUpg;|M)UHf9>0^dh~nYDi;L9@Y@tLp&K2iW~G2}d{LSXqx&%o*n~%6c|V{Laz= zD@c34kmG%7iJI(z`y-v*C&Fc}H0XQZtdd-aWI~g1dh8#{m&0Y+m61&`>2$_!XelF^ zBmsw@&~P(9l|D^O3^&W{EX@*J(8_=*8ir7!GzVgwY0Flb#3-AL!+$^8>Tti#RXZ;2 z|Eu2l&kHUvhB)7~U(Qln|6=Peo`8VB7+P9LTSB)p$C1R?hAFOp2AyfVnQexv#1=mj z4VWw~x$1=}46XfK`3_s~(Ai}mU0o?*CN^txR0o{8&qKbEChEUP*v4YaayI~(PL*){ zbtYV_2ESV;i~|VV{w0UJlROnoZ_g}~g~LYFXYva-JQ+V;b3q6%V#f!*&TLut+CQDJ z!bPy=q6#!$Px@;Ul;G{GF9xYvbj)ndB4`#u`FP`AsrkTHFwnGiTl6MSm8P?W6r6lx zG|27Ux0M^D9@oKMALNy-p9tUTrN@8Oc6usVu6w+q!H-@=&c9D*;|%=|_Jd@!r6}%H zfEcqm>A5$k;M$yay1w|EszgxAPXqtU0P4uXPqk4bp93D`87a%CiLrUCjB}AMq5;*? zX~C47Caybk-Ic{+^kt>9kOWMXO1qji6bAZzXRU-vI|`q zdv=XCGM>Ev`W-QmCoqTgfMu~|T{+@UuI7}X#@2I}R$WJwGg@tArEu9$dIt@F7Y9@M z-4xrFit#R@xrFW0NvL=BdBt!+n*QJxsO*ZoW6R*KZ`VfB}r6S!Ncn_CbBfh!6bIMPp*_ODO-#c9ohw zK^h=8vG?AE9MoVODqTD{SafHQ`Y!4`Qu7j92g69N6!QV{!y6@On?9=uh)mGaWt>Z# zVYnb80`hi`IOSgf$Z#lgi`?HrJOyXBBFLD!qx`58KMTtQ;^@B*6JHl=8)sM8s!imvFNt1~L-W0G^E_#OhFGwQ28p2que=_8=&n{Nn7~|-!?6@w3Y&WSd$NKCUpU6c!Hvy0_%Q~b z=^C_PC|9xOptGmP_fye8(@zRO?Y0|!&rYs~AfOWe7W46v12)(cc7{#d`@|}-j33*s$}rOBxeP94uyg#{ZQgHV6N<@;WHgSLo~Bf9h+|(jUElmD3$X(g(I0a@;t- zN^rdsILa4Cnbv+`_;cFOPp#bsHn` zWhZ@AD5AkQja;0drZWAZ++{e=oT&AYef~qi3sGB7Y>>|yi}-HLX5FBQY|D;X0RlZ{iPD`~~D1-D7cYQ?TA^nC(N0Je@h}nH)WO zm6&O!@7Q$Z7-b4MgFp=`{lt2*c}F?jfj0Q%SuSbTh?<)7Q11mUqCT5#-rzJX0~<5H z?k2VE14Rd74%DDe1vq7GC5+<=23ZQW6V`TvqC#yeYHf(pwmRkcWba2g5w_bm!dR99;j9r`;6fki#7)SOn$>mBbgho>bn3 z@}BgDlB0n2`X)PsCs78ceG;|SS=_iyd-iwRQS4r1Eq|P* zyE^C#3@C&b59bpdAM*Eo<03+vCh6pJ2+sTW42cHBrHi=HJ~i2nyk0rIS6}LGaygh& z*^p_koUQ*9cV&Z`hBZ!MNC;m#Mn6A)^bn+(`}+(1Hpw-Z>V43EbZ(Da_R;*8bpwTS z9Q}709tOLe^a*6wlYab5IuS{GnShFiYr+)JL=8-~%*hY4=0FQtcf5H~p3cWxs0pC} z$g(bHC`C6Pr_zwJ%@oR9zo)0#Y0$zbN|z+$MnubQVxFJuPJC5 zn%h8@*tPDaa4T?ECogy`!S=9$9IvPFRYvx?`b*}nx6KCbSJUA!-)+WekKkwSILe|3 zWh17SKGO9+y6EQIn0v~Q;51Lp8^gB|7M9|rJ=8|(TaIi7spNJv26~J^-x!!o@Fvn? zfw|A6mv&~3=-npiQ47{-G`xKqePDCGf7bpm^ zVktJ#PKptG{NN4lzE>b^`fQ#cssKk!#Y>y~=uv*@b#B{SuRDKcK=*4m^wsX7G$7io zd>vY+9cS_){2FhYFZw8#n1}pcnL9&P1J#(*0?tIU7F5(tI4~$n<~lik6iOPnz^v-0 zb-L!Wm3Olz6ZmxBs0qpoxP*x%vX@A`Ie_eR<7|m$LRK2$62g@vIubYJl|a?hS7Sa5 z8*8tEQ3f)#AS=I5hscgSn&B+{d7teNU*N_AOiR|fwTnMO1dcts3Z2fFS^rm=H8A`K z*ge|*^*ir%om*O}=KqnG1rh*$Ki@cUj?aj_v2nF^QS8a65f(lwMe$|YQGj3vj7Z^tOCHpOIfvy*@sQib~mZa0bU9+jTuh~$CF)Xe%y zK@JB<5Dstj5qOKf(H~PV|2AUDGMiPLGJ7_5+;m5$d)chS)meXU6;MO%spYH0rNu$9 zceP#fD1Zqcyrfa3!*!aDeZLwDGsTW)ngR# z29by{;u_H#!v5`0rX=igk21F((qa}ygbh1o+z%EDB5LvJ9aNXcvCIx(=i9LNJ+U*k zztcehcUpEXx}#@N=_A)0UowlGxn<88$lc+lh(#KY6JON_P9D^-leTbMartIC(-?QP zL6*^vpgBIaCt^&|?5J}9br}v)Sxw3J4n?6rYYQY3DGsuB=4iTQ7Z{2W%<>y9&ep-X zF^NNN99W~Pc^4RUh`%nvkQPQ& z_;p}#6-mk&$pMNjL4_SEcTV`pnkNYrhEOWiCoq0*i};?WC(OtkwH}Mlz+UnxXl2z z^v)v@kX$YYaAT*(koDg8qZ)PRnRLf36@(R6R()9*Bj-UM+V8QB0%2nxMKbAVUv;aF z21x1BVu?BZpj&Fqu5JzL^Z0CbNuSRfDWoLWYJOc}3*sYzG=l0Et|*{T&&4INcYClI zb6rTebt@E?SP)6+hHD2i2PQ6*eHCPfg#&VLX3Yv6`9q|R5xnf-M{}r1#)%C^+Du}UYdU6{t^&Hh(H zBnbuv@_M0e6l?jvY$JN6zI@V9&_bgohgvcQ7ncSG$o*fEh;}cKm_TepGcXe@M$MT^ z{LojM0Uu`P_Xo%y*KsV4K&0-Qbrd;eScxA^-e{T9KRBetcjM0g7@?5L2z4~zEZ!>` zA~Dc?3_j*umApUQ2DqRQ>1QhglWx>DMw>Z&rJj;?sigfeDkHUdyC!O6&~JLiUcMHe(U87)RB&9Q4W}>3;DE1BB4Sl4Fd)~fSZb)TA z7oL2$eqTY^+O<$uwpdC4!spAjf7oLUa~A^a3jL^*^s>`F`PAD(K;(P}zbEA#686d8 z*w2Ga=CC1FK(NV<>egBZq3kOHyCeiY7uArOyWk#UefsUnGy1&ziuC9) z+_`KQ$V>v6%P(*Lt}Uqm785J|=wQhck6&r(ybarv{)tf(V4tS=(TfQi70KZX-I-^5 zw2J#FV%F0TiixS;fFYR<5U4n9Z-bfQb z9+AjSm_%Xz z@*cX@8J_w>ZJSRh?DONZHA3h8wr>8QGUYxxrPS8?pNj$dV>M|4Y2AJ-*i#{(1R{ek z?t&7V9{gsdFdwf=7}7K&QL=LDzZrvk@c(LheiO_4&u#p_is4tSr16onXPBVow^^ZQ z&X2|JH?R%pwO0__&cpq1Bd0YW#1@U&X=MknbrdDVV+{^PYsMn z(e0S(-b27!Lk($lmE~y4A(6p)nQ7a)m;?ggTzW9kAcP%9)^r8=+dsuqcTK?KGPbE7NZ&bIdY^F<7Uf zQsJKb?-sXzdPXG-6MEjM_|QelOJ`X<1SJmuDi1ph#aK4*r~)92@fo{j^aIJ#hmKA$~asK$x>UzlTv@|16X zI`d`Jz+vHPr8=)WJojU;UcT*xV!|T-(JmHImQ7CFD%3qIwwhZY0WM#MUS|C@y;uSM zwK5(SBx~C|pE{rLwK$wO=W&?=&LC_5{RP|DFj@&HEKLuO#}lz=-GFnvi!|OcDFgRz z*!B!cOErXTO%QeX$%uzZ(b#8I(xuVfKoPgyZM?`0&x;92^LDK*AsQxnk`#Esd3l+h z{T+3Z7jD7#&L(3309bi9QwoTU%`!5!DCNYtP;nHt?cu~)1 zU}TI_4TM(ylrfZzcvRC5#vp2vkyGQ&K>sbTe>#tZDLl{&KF(XDOY8J+hek_KZ#!W- zK8~Wt;W)Mt;H0=^T_8_ska!|1M1 zlx)0sTih)85a)OMGOFc7nD>)s#|S;&Q=cY~3q5@Q2`_>r!tMMHr^bY8AH2$CI!`Ns zMys(Ibj@`v-v0^Fif3;5@jJP~TYhD6r)C(spX<4JON`8SjtlF3y4zc`E8px}RPrA!*`Cdnwa(()E#dQWmgkqHWPqR{ zJ#HrxPH?^@T6OjLUErje(+9HV)Ud`2mwd zzxLe-GYapniM)}nBpKc-@>Ef<$^s;uW)O4D!Cx=LxQkO&x#LvQB^lCgTz@2-t6#)S z&BOd9TkRkJ%ZR1Xd4>gvIYtT@>9Wiqjg*tz!W2M03Le%X^pJ@a1@mmZ(mmJJpfn^ftLnsUDuQ_Yp~!yk z-MK>TFlpwBa{9Bsy;TP352JlPXLSeijv6cG+~y*^UCjU94gb9<{`32JNj9VAElC1> zV9d=Pi?;eS>`u{m?7BQ)YPSqXNDt61tlaVkRn%x4vj z*tD{o&wE_thynGuVjM=Vplb2If7CbjgS_N>9VY|A?YR;R{LKqO(yAZ~9i z*wdImwpWbzUJlb7>tNX7pRm=oAwdz|61F&gKFl2lc<mT^+3Z!?kC?s5CD^wS*Zw_>UW%<-; zE-39q#ARW2I6)oUaIx5r7DYSWzzE`brdPo$?8;$b06}i40Q6* zk{klf0NS3FqkB%x;Z;#(`NB_;MC4YM3?-gJna>ky@GxXGTGj_FY^hd;4(*c88zCs#cCAPY-a95@K_a$eeTPO@$JYpLByPS?6p{#^ZeODeZa+W-AuGZ8<&waadW*nC{l zS12kmFDGo*Hn;GzOF51>Dm-AHv%2t9wj{Wws*-Ljuukgxsj>J?ZdUet5k{bB27BY# zT9fGXT`@_ z%j$1DI=%wQP0RK6ZhIsDWy?}qyQF?#$OyCq^Gs(`*QtT zKR@)n7SnGzMme8lpS1cdURqX|EY?oFUGe(n&$^fOI=|y*?G<|J%m4(Qu6{1-oD!M< D9c?9L literal 0 HcmV?d00001 diff --git a/docs/imgs/lme-architecture-v2.jpg b/docs/imgs/lme-architecture-v2.jpg index b68f23a11d24463ef3b44f69d088aca465978abf..1392ff345f1baa6c0f11eeb1944f14acf5f93f68 100644 GIT binary patch literal 448003 zcmeFZ2b>et+6SE7r8ntPWnDU9H+52$qUo7T>Li&Inv8J>Ziu8`6B1J?IRK#ojW;Zku@AbX!{e8dhdw3zX^FQZ2&vTyhoaa0< zzaIbfV_r*>9@O(nN=tZCxgXxIU-J6f!?9E>8IHxvB~?P6LJeBVzU0+jEo)2gO1PgJ z|9|~N^JqAgidPE+OtK2aV*#QHi_wA{8W)JFgaY2chjMWgqli>_fC!Pypo*_Hzg|&J z;)5zYfJJDDYltvuEU<*LV0B>y3RB`04-IZIFjt+U<1~>%%X4&;Nml0uRn&o3bLrY_ zK}C68krXwkLRH&pxz}PZ*Th(&Tv;Wm#Dqd|IoE#O)xW&d5lc0edL8>(@fu;y8_cvH96iX{b!b-8k zC6ZK&CDl@(QYhu*e4ya2lD9?hHb#tf#bVLH#aRU2=2y8`Q6(?$;~^P5mQD7(1M5bO zyTB|loDAlF*CBarhX9ekSpSYfcUR|THIAmx-vQiXM3y_t-i6}|r|AHLlF?+{%)T|@ z>ZZ6Vn)+>SEj4TBXq2p*s&SM}614&`sN$wX+?w0BkZy3Gb`Dl&Njw!EECytC!@DEv zcCT*Lt0j3|i7-Ki!l}U`q2hL}8+re#S}?}aXlk&@t~1=OcO&y()gx&%L<|-vBLb;P z<#1Ad6C6^hRUw_qsZxU~l~y2ksFH3&ID;FM1=OI-f?7-3qEbm6RMe{C3srTOTE&&G zy>zNx-E*n|Do1T)?sBNq0=`tGrSw!lY>KK3uDWbhP!Ldo+|7_fr&hUj>X2Kn4p9cR z!)MZDLk4vyWY(%;kR}_0>HxKBl|`${*8VxPDydzkQrNU=i%YL|xOBN}z>rH~#+)K} z>o2P_s9M){&S`=eEQRVRg=vbC7m*9iTg93|n%3 zQlWwKp^Pr-D8Mc%0p)!XyTeE)FaB_-l)>!7l-30ok|8gK*lG5ML2^?32$5;G>Z5^iA@*w zp+*v1DLF^LHVfFg0oL&s%gJdsEzSyYyZ!73HV4Ik91 z9h|s0d^!y$5P@3ShILxCM(4D+b$T~!4TB+nF67tc>i}Z`V^(i5!cwPIqeo06meCbV zT38zjqfU3;L;B=qjap)NS_zXbl*8RrHdHrcQ^c<~kT`|w-4aE@R>yr(1Httupd{2gRWE^ASkq2 zU8%6i4u%;FiwIPZlkzGBU`FjsU}B|>78o)RtJB(OFdxo&Wh^TfsEkZn!q?*plZ)~P z6dAc)oGb_pxDi%bq+$q+GL5CLKV}iY}ta|Z&o5gnM7oFnKLeyi7LGr&>Nzq z79&_EN#lj zvk?+ac`O0Bf${kOjWZy2npBbilyZr@1vAIP7$QJj9)Zm2k<}^nM@LU8bc5YqZA%77Q|p_L~qhKB6&UF^Sa>#Dvo>Ih)N>~`7<6BLTExx1dy8) zphOn%#bAO(J;F4d^Wa4}4CGwdTsRg9xGedY(B;Tz5R=NMH0B(zFK!M(o-mqAD{J4S69NaAvcx6x77{3PvvX+bJ)I zlWY?CAAZyU-d)WVGZ;f~T4RgZAP0&fO1?Q@=Vv4a$Z3mteaV|lyjwBUN9$L zo-U+`i&Zj4@6LF=N-%&#;;OV;-~_|^Y`{%vymf#=ryx$cLcxesuS_ElBA22*h0_j! z1*iaN@_~fYnsq{fARO|Cq8YvRE;_g@dUw+0P$4E|n5+YI#vG||Ld?j*d49slk7p5M zKI{g6UqbLbs}DbMPeuwCX90~Sjx=+=3otoz<$r~|xkBl|hjWSClmySb_%UuVkGep&tAEUh*2QIcq zf=tGVTT#@>Pm3&2J`B1eDCC5NpbtxHj8SDA5-BulQQkmD>}E^OC>0oG9$TW|OS;uy z9U!9!M&y)LkWWeSxFC}c3Mh9_1|)-dgDa2Y0w`@P@SS;1O9V{{%I|QwSPw0TQDn&K z)IdtDFdK3B?Iw~CSxj|+MvK5?G6xGm01W$_)*v_aOeqgHL6tb|vuc0@!-iEhBpH?_ zRB3rgrE$6_0hNp@GAV&CXGCo}O&AaA1gO)cr~}M12>}fNHcg0NF+(Ws&Kcs_AZ1~w zf*@yi%pH z0vd^?NJFz+g)-uBI3Dm7@Sp-v3!-6tAfJb2lrTv`E~8#%;Z~Qp0>WrFWP`;COfA+Y z6&L|IBDe=J=2}Si5K`I-zD!*YZ5Fix5YR?z+!Kq(6$IlAf4grOsep#FqkIi&$&S1f)_|GT^qG^cf%-5y2i&7>Nq=Kph|g%E6?M z#zAS6_Jb0YTA~zLtr1ZI(&|+(pB69@ELzYYM8Xlx5#^~jyxRQ<$eh`ew5Y*#l z4WUFnrt*L`z@Jr9QaB0<&Gs}}?4eG}nSybpEu+qdJQAAJI&-vBAEn$*hm(jxVNeyz zJ5`CST&FVzK?%S*O%$1o$*>ru_6gl;mD42>tMsl=G9IhzA>@uFGcKP-2j!5o$pU*Z z$R&az*}NmAjvM@H>MlK?h$;$vLJ8Sv2+gM@QWPr`JcuA35L*OwfC*=w%BpOB5D+1> zG^@)MR7k`fk$Tt^<;dqEMmC3Yi@(4ux3OUW(*aH(C)HSUup(pUTpI*K=OqeO>1IUQ zqQMyr7+`VKBh+{(jCG_m2A##?GkNKP!J$q>7zYB{#BM-~<>9<3pwOA%u)&nbs_aRB zfbxg{hVLU1K^nq+DYm%kIWv%jvxI}FM2979F^^K|OQ`cIX@MUlJa|6ubXbgf9ca~P zG!iguwh*pxCctn8lU1#C(OCr^5P8!Ar-rddiMk=n6ggRe)yosMIBLcSZzvfQam%fl zH2C8>lCm0f!59iKA2~jDzIzW1ykdREr zgAvAK<_H_sqcNErhaJk4B3UiA~3^A41stcm|8-Ol=l^0AvpjJPNQB)sS%1tQW zXO73oRKXmG=^~Uf0q2s!Fy9t3u_Bq)YO%tUG!(!Elu!)jq8J=Z`=W7i(Q@#Ll$c$s z*C8IrEb_}qC+WzMF}GTRhCFeZKaJ7xh?dFYrnoH+$Vhw4&Sqppf=#4JuQVBUxWj_QL_C=95Tbu{GKa3utCsgm$Y)DnT;tu||Q21gj@#}wgoFvw>! zVm}ktS>;Awj#e-flQ!uhs7s`exI&UR*HwMQ9725hOsdG`vh^E=Rnh2`F7~|F_FcQinH7Fs%!cxqq2)m+y6^Z6m z8Y}{8qkcjvtsAl@O5zznN@appP6=qda!45C({_!SB>W*g<%B7KHe-QY%#*Mip?E%; zQ^ARJM#>N18Xcjd5k3-(NP=oTn<$D6oKBgwIU8w{fyppxiUL6d$g36FWRUX+r=mF^ zsnwBSG8pk&<1yUI&>jyV_Bh>c*lz-zPL(TZbD2|_kkkVfhYaT-4+_Lna>A3(iS>D9 z)C$StR=ZvwC|HC(D&h8$>|iX zf}ips6d*9b4n-=HXt)| z#t~{0s;P7e@wmkWETji=m?MeX;^t&l73b6@95H0gW`EJ(Buxeq)!;Hbfuw@4jhhin z2+K+|ZV+-NR31l&ug9VWL=efRLTJV(CX-Y+!Z4YFHjxf-Lz2+6IN)V7c+OGOhdLC_ zKr)9tuXMslM3P8Z(_#%GN>T_R}nboZIn623%f4e)`2!ocPT zqrn}40W2fJt-_=zg1`w+T9Qu0bwZ;k;d6oE0EO7quqd8!u%d!h$cG#`g@y5;tlLp1 zHqoe5DiQJvQmYfq1Zk&&CiN+`Jz=p>dWl_+dh$-Y(Odx7g2!SEioEuMk8eX@p-x4x zcvSAnyCD_}vYM1%#?%4&#Obh%^|_KUTBMPXkrYCqgw;qum^133LgBR68FTSnAX+ej zlujeF%T!EKZqLF|H(vv*VoHhCs{l}?UzRMIb5W_o3#UzTjm9ZXJIMl^6DA}oH|5k> z2#qZZmc-Do&Y^b0utTNwsZ@T_ zMyQHRfizxJ1O$^-pT`s^PzYzgs4@m7=Vq00kHQjgxpd}$A`%2eY=V&?A*a;qwz+I3 zn$iY!QZOKOrmR^Pm9`{_qPx$M5_(~yFs0QSv8Wu4gJCHYQ`_Al1D{h+agx{9P z4<|e^uT_AvSPGM1ahmpdwIPgjppcDZQ_fJ{t`XNUg>P{OF_{($m|dI`D1+r4tlyw< z+JYjzCGOL}24$^_G8{q}ZV6@imMmn2{JALST$0N(IJf7}3P3(d5CNAvPzM-MLNX=p z#r)Bb1Gd|!JfG1eLotMoP@tcoJkBJpbwCDx)}qru+=e;Ld7T2mNCxG+b~cMa5sng4 zu|gor36P@3R%%nMK?a&rL6?e3TViT!7A&J-k#UmuE4q7usqutN<*sc6z(2Ki- z3W-G-HmiJ$RgO8-{s8VW8DzO!m`d2aph>RehjNHn0QnUxf#432(WTTTqFHq{dA!?Gk zBPz9&;iM|(Rfy!MIINIL*g8NfD9go-8V?S{Ar(Pq5ISI$#PVuVZ7$I1T!Bew4Pa7` z^yS6TJgedMv)p3l^q8IQxFev%k`XE_jqBw?d&XS!aJsU9I+Dx*I;9;8`$0sLJ8JW`|mIaN*9H=!Z908*{nGfb8fP?Y6%~rEm5b&f_sdzjD1Gs88ew9lAu z2qZykDs71tX&AH`wO$#;Z5-?pM1Wv8Co)zbEzHa8PDz&ZvY<(dD>FiiE^76r3et2? zp`yfMTth?(G0uB#SFi$=J*vhnf+CmY9Do}((P2?WDGP>`1(DI8QPz4V2sdBEAc3G0 zH>a&|T1QdgR1`>4kb(hOmk&|Nl?9iDumr5?Le}g^#fyN9Fb!~eT;O))vd%20e2r>I zlMJwhgoq0vP|JmRHDv>H84Pkb=qv~(Y+;$tZL3|uGkSZ$Ba%CVkeAMDJ)Yv!^N75N zS%yTzNtW@_!n9Du9Tl6%LRO+B3sRvS38#si%?zsCjGZzTL~0-_WZb4W4hn-Ve}IrM zsLhrWK_Zc%Xo~P@f^(R96lmBdP_R+A5v9#~S}y{^aL|Gupg@Cto-jT4OJ0S%{bH3mr&1Jfgip!kSXyZ}(EDUq5*YKMR@JfWFV#H_7=XZ zv7k?A!&13Bl}`$+6cTjlSdlsJHHS61m@^qS`HG$;Qt6Ok{!~CHaVY&kH_I(^n3E&~ zWK;8 zECCrh6^k)WC#QuGqg@M}|MMoK1kNX%-t6ORW; zDyslI?rb_`3uV{@D$n?==AR+tMhMN;T?IGt|J*Gk>+5+^(fX@cNuU6>_jiJ&IR ztCKrvpWnx%Nlt5G3}Y_Xt#+*7)r+ZIT8_&(sSJooE5v5=FhV$OYEwdxQAx7tx*l4E z-k8mSCUJ)0>z2y6EAQhzw?j zJZId?8x(vZM^!}=-+B{o%79q<8w3gM?H+yTZAnASRkd@$$K891S*B@s#-HJR;sCaz2+ z@-oUyD+$DJh$>BVT5CiSa?D`z6m9Gr4*9hqEruybNWl44_>9bMH_0eb!q0hl6`T=f z(xXaiCaCqM`8ifc+F&T-(bz<&L2uM3JQ{PBl8Y2@n8k|+))18Ec1CxeaNau3$_5HJ z;1vZCC4vQG{A@;Pfs(K>m^EQq#-vNSj3K{|M4(WDbA6y0Pf-qY2`ho(R7S`h8DXAe zG-1v-tOgX4AigL+F4l+vC&(IQ30T2$I|u_|k4kYaDgxrHMCCnc{X$LO)*I zFGG2oLYUz884j6EW0wSyxWs3SbNVD_EJ*ksaatw;!nDYcCsbL^cG4sx7FHFDxg&ng z0v8js2m>8br!3$>wMDU^@|YX-3GI2eq7Y6y_z8sD-WUWxET2U)8XF_Fs)dF)x4`g) zseF)P0fquCjL1q_LoP5UkP7p#C=Dud%7~$;VEt*r4u*pITEo*6EVv91ObgvcEabG< z`Bn=k;)7Vo?Ub7f3=Jzp5&^{6tr>;NjtUeJ57%&3kPmZb#&!i&TqG9Gu@d6ysePk*fgyd@-my4oMtr~|wygCX22;x^%iFiDG? zGN+JaqD~1(I8%lw#m}cjMA{kAF%$)x07&SG$%0l8l(Gr#G$@mdMG`ryRT-)S)KYHH zCR7Od-as0ahf+#7M0j#hYX%3sny3kpKupx7uuwh<6VfJ)A9is+q|+p#A_2KM=Ez#L zE?)%Xb}$L~e>P;w$k673(F_o@E3YV+6YAOnwnW}wD{gOdVS_KBk_frec)l;4G&rOM zX;5Sfict(KXmgnuKQFN202EeaVZs~Ji2xcEXzdvgK^?FnBJ)vDG~|&g@j_Tw*TYa= zYp~g66dudxjF5}uGjg*`$fW(|&}}zP+z*f`+@7}Dy)uDTZ&mBU?_6?Bb?# zq@X6e%CI18cN>JLUoOMYL;xuo?NW`*nf1tN!Y$4V3?N}nI)WtME_I-cl@;R&g~v`R z+?Yo!7AevZ7ZZjMw>QZropGx_1BDZjLLnIjL9vC^6?daX%%7kER~Ncgj3v7}+H9bp7(@5l*t%lwZ$s{iQGoZ1(HqFcpH|!1 z7@o!m_C`1&=Pxghk^vTF^W`Er7tcFT@S9S%J2DW*s&B-?)%8&ji4&oLg4?;jEt(=z zQR1%d){fz~y)B0B-3$=qLUya8D8mKb<|=U_h^C{diouVgWTk?@WD1E$T&a*r#FgBH z5LTjqTvRCyh~;vzR2-0rq$B<(G~#-FcLxXF5hz=X{fx2Bbl~2hn*%vh_*UHQ-KFm! zL|tHQwKj&OYomBU?O-mW3McVunM|YziUVjR5ad4OK`CB|N-?yO5CsE-ScXahBD9W` z7R#O0e+LaR$rQ?9#0_YYg9ZRXDHH{zl>{aMD&+yGtWv2|h&g;hE|uWo04A2-gubKt z@1Sig$;FeS(R=is2UTgx_r99x%Ua3MLqw ztPSVZMA2k&@D1MIM7Znj?`mramdp^io{iCeGRAaZUD$Fpd7F6YG)Fl_P$C6_n4(fB z!8kGF{3VqNu}sV{MM@~J0KlCMbCmmC-P;|i4O}hW#(&Rpkq{8#!Jw=%D8z!5GF&RG zRA6$B-jrw)Y7n4Q8+}hdo=S07Ve}{biaU0n%!4w0`g`D7tT_Sn4P*yFK+zc=;Le-V}V~}Jl zn98Cop$c(o=H8L!z@3riMbO{Y`eSq~%qe98A1t^@xSJVwSGl(e{{IH!{+wF;j~I9F zCj-@=;<4z61wO1YF_V;#_dqP1|J=C2f*yK=@ zMj0HfiV{p1W%1NdE$0)B#!x&t)EVWDVn?_LEX>5Bu@FflN0?)wSXD9;s){q5Emc&g zw;=D)>te@i8@^+O;B2a6Pn;JLE-d8agP5_HOjwQlkQ%6ie>M3 zTC`4U6?3^~QMspJ1-Bl9{hdO)i_8C=ulG=`{~h2vQT}S=PHOzy^k3xqwnAd=?=B&P%+)Vu1qogaBUi=8JsIq+vhk=T>9Ben&8r9 zW-k47h9t6F`Y@O75lz!1m;Rnhx1|X*$>Y^)R-2#VcDGzw$fcXHE?C2*2l9B0nuYF2 z2kuCxh#c2X9#0dC=Q*clI91*U>s!vf2SibBB(hN=m8!IJyJl`D&Aoesj-yPT$19Gx zwid5-Ep5v=BFjWdnXFP=#gYHk^)GMUD)p}uwY)8s_{LGkvy%3EZs*;udpj>ShsRS~ z<7o53?YzKr9&i0qJYI*BxAS`ZgU7pXG>=!a?~d`bua%cO-ityKSXC`SZ(aYkz^#&h zoVcUCs@nE$(XL!uJaj3qB`U`GDAH_sl6$!fQC@ks5dX&&@95SY{pioRG>X2Pa)gsI zk_mC_zHuf{PBMSQ;s3DO9et=x7Uh~tw3+t{ukDB`Udw%Ld1YVj;ni!?lvg(N74A;S zExwr>BfQ#~=jnE#DEC~NyI=SDn~%~7+}F}187i;M*1)cEEX`(W)7+e>{ix4t!n=>x zme-N@0Ixf*53iCZ=E->jcn|Y*JQL5xbMbt<;XI5N=FvQsm*qXidy@Aw?>XKJyeYgH zyjOYic#C-}c&mBqd0TjI@^ zM9C*57fZe_`JuF|v{`A}(ypbwN(H5gQdKEb>M9*p8Y)ec7D`8#jxT+wbWZ8A(wfpY zOW!L!Qu=Y}rP6C`>Xq zWnYy2vtEOGZR(ZRtE@Mmp0S?09#$_=@9}!i*PBsqQN5aaJL(;(_es4g^?s?}yndJZ z{QA}P!TR3%q59eSPuHJXe?k3q^>@}kQvY22?;12{(7r+M2J!~R2EGQ729Gv)zQM~4 zRyKH}!GQ*!Hn`TXVZ)9M`3(m(v^7K(@-vY-qD| zv+>OqHhZJliDut4Z{ECD^M{-Jo2QzOZ@#$sTg^{5|Gq_=7F8|47I=#%TFh)w)8b%@ z%l9?DujhTL`-b0FxNquxYwp{3-xn<#x9rtY(-Lj@c*~hBH?}<1@>;7ltwgPCt>{+I zw_4KbomQW7&oy0_7^!P@-2&Ac`{+nj6Lpl$EAVB1LB z=h`lBySMF?cCFh<+ac|8?Pj*y+V11_W$k;l2ir&6PiVio{n7S6+~4(n)&0c%WA0yZ z|H1pOcj(;V;SNNHu^m=+IMU&Vj^!P79jT5JJFf5eVW)bX`gL-2%659C)6Py`bZ*;u zKxeG;*v_jvpX^fFrC%4g%cEW9cG=VATGt1<8oI{2PVf3w*DoGu|G>i!L>`#@z_tf2 zc5BmZa5u8sS^`oY-`?tSpbiry9Oicu9SD?aSr zq`RVfu>0ih+q+-s(XEH2$74N~_Bh$IaZg3haL;Ky-|l(6SMOe)UeEMe-|Ms99eRVk z3%!^2{-96uJ`eRt^qJG=aNh=f6@96`FZbQwue2Y~FWhftzkU2tzKl=uU*;d^U%$Vy zKhu9s|6`TSDpi%4%B7W`RJE@%SBA3`6R^U#@xyFZLSyx`#rs=lg-YMJV?TBv5#>(tjZ)tZr-H?(D1 zgLbTTudcPut(&1ct*_9B^h@M#wnPcns_cV&G!%ib-x7Y1#obgPhO| z=#06anKf^+lv+%d7cC!Hdvebjt+(-PpzTH5hxXp~gnhH4fy3^Y={OII;K$&%oo$>W zoJ*YFxzw%+u2b$l?zDS5avw4jS&UrwXg!lWAA1Gfk>2-woqVKkgTJ94@h|XS8=@OB zWyraqz|g0M9v#+uSZ>%m!#fR+4&OTBz7gn%HILMP#Pi6KM}9(W=p6J~01V6uT){Nh zH0%=oFg_W-NDLw-5f_4kf|G)ug$9LQ3|$OA6rLLXg4B>R$g2@!11f&i&2sw?$7jd6Iha{ZYbElSX~}chBE9jqW=7Z=*kb%J9_Er&~PDK7H(&0nfbp zY`tg6XZMbgjF~>>m$CTRcb^kJH}$!np2wblcbsV4OXGeW9~{4Tf^5PoFEn_8dEw~9 zhbAtX)M`>;(x)$4UaXm1K6&iqZ>Nly^3GK0)K{l9nU~3@GXCDNAA^~kEDtD)7~*C^JkSle^$taWYHjjbuE$=6(2A720Q2H%DQ8%-OxZyK;^ z-R7#z3%5MDW#-m)TPJL5vTgLXUtcf0e(jC;8(+K`dh^rmBetJ<%lp>h9gZD)cS1XN z@6zvj>uuHBukRkTd&@i3?`(Wm@$UNfWbf7N0rsqWA9#P=UfJH7ee!)9_AB>qIxz6S zwu28HeDjd@(5}Pa;rEVMj~qDaK6?Dv&|@DT$B%z@B6{NL$;`5u>M!p9 ze8}hLF2yhX_{Gy-w)%3`s_NRtFz4UY6pEvyi{qn)D^sm4EdYRXv?uB4H{0+_) zDEajiZ#1{P_|sSE?W^q8b)$A^NeOqC`@41H&nA9-gV(B2eX!xlvXWN3(pDv9txA5~ zQ8JJ-Z#caAcNjU1n>1|HptP)B{ia--ypnolwL7DmSEG9M8#F8_ZCuu*C1>T-Tj>{S(O z4ozO0o^m8pBR`gV$=7M(0W}<8=N#p?fb@(9Pd|M%$Bks+WFh5bx9b*ORym$Z_K$h?VmoD_dO&3K5d1P= zPc>=Ayp?-gS0!G5c+~Lom){BOzAS$kii*0oQHgusU)o}&`ecXMjki89Ztcp4=^q!` z*N+|t#!i0r5A)}{XRH=1xX$l%#OfSAYxP4PeL${wY4~gCbE^weYIZ#Km2oC>Qom#3 zUfuC^2UhYQd21^3M7u6KO^bKs98q+Y<-C8~yYi=BzD%EYEnQLd@~gYgZxb&XIOig? zV$+nGlOOpXBl@Omnx6UCV*6lZ{V#`~SYZBgq%*b2DD5)lr_RcDW&)VK>%KOrY`eoh z6tew3+tjc3XXk$+OuKiw_PsXs#KcyP`{cVm>g*fQ^YahpS^6FumOi%V>RT(Xj-T!N z>GL6`xj|&y`&}2Dwp7k>NoIt+?M2CtkI+9^pFGojo*2C z&wb&C>-Tk9`gZ?Gw$9zwY#MgJ7y8<}==`bRTkNUG*&)^$Zz+!N%3trEpEO{S4WQqK z(NQBd#smv=V_u!reE8f+PaT>(v+;(_|I90^mQxR3{#kY8>?FlY=iUjPL-tvZ%65F~ zrZrD(`u?!pzX}?-+&cEdlcQ{=ce<Ei-%mAy?Lpx?8E7u-E+P; z)qL?G_xZlxWM0edMz@W>zL{7uX5*1>jo*cS3?29kXoDT=wR8HHL!TM{{m~wM>2ba_ z4HaungD>meJk7fnS=V^q>b3nZRXy`=6I%Mp{E_@2i<9e)9elY3O{3m7x`b9^6H;7;OaMtQ;Y+}K<)z=62+ccu}oZ}Y`Z9Aen@#CIFN1#C`Jb~>t z;ndGA1>g8!O8WutEZYUP8xoRrtXO_^%oE6_Da+rPv}WLe%CCC0fgT@x{>P*3VwHm* znyXqI`>EmB*N&_no|@FN-xKRXA9Y_t4?UHlj~_ZP+_CM-inVc>7}?1l+p%u%uROH( z=>_Y_4nInd$Pl2=>%`i*EoJ}rmB@c{gn@wvUQRHtYYtn!Ubeg$IcwV@xU|`YzPZOo z5VL;tfBMD6i-ilJG9~#Qnfazk&6aPN{+ou46nI)Zu=Q#sJM8+vs;TL{8)xkJ&c>dl zMs`^`y%n-Uw8imU{FmmNyB5xLdRk?kI@dYiZ1%NrV-5^@Z|#^sh@DHjM*Z~Mj;7J| zP5dj{k%v2h_dQbm^}EUsCmr1L%1fhABHL_MqbeugYLK4B7-twySB{6aJJ zInh(Qd(1>>MP#mj%&K`8@Vz_41Nl2ADSP}A>UQiM2XgIT%C3xhs@xy;F7Qt;{qAJ* zz^N%cTs>cGPYtiXee{%I)s8D0CQVv4JC!%?hfj#+ADlJy_zL7p_t!+tkORy6u$wQM zj;>p%Uw7`1d{@66*&nCG3MbA7eqOR^_o4mcYV@zXXrGvSqU@2M`W=QwU7o*SV(a&% zfoivP=)QwfKDsz4li71x^bNmOW_C{R-tdzzwoN*lAJ9pC{yStZ8X0lC^HJseh2r@K z&tD(=BDIFBnU<#KU))>u1H5JOqAkO6qkh`hZDH!jKI>-lqZ5~2x2)Hl9yMq7gb^>< znw{}p=l?Kj>hk{kdeF&3*zA!r=pi!yS-9_-l?|4$Klz_oUYNcSn|4b1cF(cz9jTi5 z*89~bPr1&{A6avx_4&@xm6eR*P08r`x&F)j2d#t-PKTRW$|8%u=|6Ff*kzf5 z;NyN7#S9-i@lyM%fsOoDN4!;wzXixC71M|H@3*#_W z+7At5`D?vvlq2SiSz|+HAZJ%)mC|pA1j72I5o?Q0G}7^8qjO)qv<)OL8yoj|r!8>$ z;LP)_X1>39dWe`&z3Q;29r?6qQ4u`ZI!;o>+x}(J{!e2ym~@%>^5OIYecbJin-})kJ#mq^W9fsI`O`;E-G4AT5gb=_ zdC9R3))jk0)ssKJ)V$`*v-9)MbkdJ}QrP_5IO=}&apu`sGnc*l$}6KEZ86bVbqL;> z$;@4ctOb@PKR&|Z6y?y2E>&IpdTiRly>KwC7 zGfud78FTF|uc^b?tp};8cTR7lQ|4A#)9DsN1Ub1Vhf7R=aBcFD>wB(vOG$GRK z>5tiOyG1T`q!)MXPf>xV9_qAc6Evl@fq(i`y}$?Hc;PZj+wS-8@IQEUt#p2P+-qa^ zUt6MFTXXI5-rgTj&%HJM@ch1oDf$^{?*EXDeN8ZM`udTJ+{%4r>-op7Sx>NMwI?Zf z*Sf{89i7v=&vfq-Er#a&mx&{Br@^A$w=P1kKla{8CqLL+RaiPLx_kT4;ct|6J=cHh zSYZ@+yCOJi=7g(lOXf}*zvi)-q6w-B`j~6(gqod`Iu3Ylh$$)Pshl>1-gWTO^3|Uo zoN{(iX~$k&55^ju2TOO4E*oT(Juvii2zI@>BG*)Q&UEnemxj$h(&MSsO{RAG+_z)@ zr^~l?pZJ|??SgN~taI%fgPIJ!IN_-Q)C~Qeb=CV$UP_MH(emW_0g)AtK3h|@)!p{m z@|`OpqroOt@cQh*r_2v6nr3=|pwgAAFDzNms*_K$;`O)z{njNPs()j+;3(? zv)(@U%&Hj+PUriaT~1TuGtVoB#q^7Z8qEt%fA=m=#>E#TraxcR^95{tqT`Ol3{QuA z#o`Z+fAm6cmO(}cs^42_UGUzQuYKKYzM#*k{DRiR+HLPG-!yr7zt5;k%)1Ma55L~l zX~WT@TgNVE3*>7Xr%3wYE>|DHfEAawEy6d)!WE1DF{OWs1-cyhb{Zj>v%oc^UAuOb z<=wcaXV3nOPAYsVedh-oH566tqblBCvezy9`@;3FMAl4?Z97ECpSF)rnD#Gz?HV$F zrS!-46BFm}?;#w&X2q-_&^IHxzTM(Warf4SiXQNa?E_@zDmVJSTO#LPCm|2dd27qa z#Y2AOm3SWe?#N?Dy6&?sxvo9dZ(nK19UOVOsd%uw`zz1y{&vdP>+(m}KJ=_B7Pi00 zd&PUI&EDqE#uU5GR9y-xKbO{wC`=2_e`W?cTG^vw@1k`zm%b9er+jB80nlaH^K z`Inm~9tI@aI=kIn#!R{DUowU|zT_|~HaA!#f9?OY68rBAjymc(`Ez1>XvTBB&NqrC zjtmkkdAju2OF#CqL6!55EWY~ei56eCCP(tG&N_Se!qF-7x2&5V7E`Y_I5YF-#XS#c z2EMi;bYga=A6gIc?>zUdPi7Xhyws*1>RINwb^)rd4ov{@DT6x9G3=hTbjY+v4tvH| z{g69O9IZ(1p46F^FW!GXCpvro$XR={o|*}ln+5kT8FqEcl$vQ@|MJX>b0l7%@A#e& zPV|R@A=7ggQ_TxcH0*!$+CY3=sBGC-(}_tReDS1XP`7Q>z?y^WC$rD4Y-bU^*r&4J zmQnv~rMMLRJUvA{Z(i@k)8Kaxzu12D>_^ozE-8m-}`{`rq9jwM*t$R4}5? zbAvX#^2r0ig81v$?(t*BT?!oSuXR7=ozV5Q{o~ggpMPbJY37)LglmPBEGqnt~2^`Z!+XN7R{XL?uLGQ@z6Z(9kHWZPw5AntkcEpvYyqc zvnNRW1y#>eB+=TDIe3b$nOt*&Hwc0(;pgqkdvpuG<>aM{ zv1MJG%jWwY51jxj(z`3isAsZdI=)fpJL%lGN4xE6 zDjbv$pM37iIXm{Wd23c@piQ%(`NMF^)BKToE@EsYYV#j{ac?em$zVEl%md7K?+;k@SnJN?K3R@@)9H-8&s#kPi%$_v`!Df7`Sif2HZJbEw$IGUv;CKn z@7GMe2>-3c!&mm~dob#K_m{&bzu$Al;@lwJ@}TMb@vVc7%s=vAp#J;^rZ|92Cy|-};4*m;KOMt6st#d9~j$7D83x@_D^O*0tuJ*m0QLykRP zqK~xS)O35p{zqDAmmKpSIe7V{R)eUMHJkLZ_j`PHa)$Bj;~&Pq`*6nqM}3(@Xdly_ z{(HIY)7gzj>VQe-hcG?+wwXFwHx<-*BQI9=+^LiH{^~mH+KW?0VV&r!pGDH3!_TDq9sjmAM z^|4D)ktS87cce?T&=Wv`gc1^v4haDXO+f5)LQm)@B|riRQW78(AL$T!hY(bHN9l^? z^1SE#-*L}4=YF{3-VgWO@vaYRud&D8WAF8wYtOy+oWD6IcBhRyPQIa73`;VL?~2Zx zS?nDz?x}c(B^1cTvCRRqFEOrt3f|~@wH>2GShUdyM_eE6S#EH`r)v_UWAUf_(Ty_+ zLhMG`j%Ah0E9bR@=$@Zl_#$`(Ha&0CW6f8StHdIcfNV@OQQD@ruSzq~7bKjUMD2mu zi3ESnVJ(B7cQ~TjuKB8(N10L0hD`~RLOm5AGJ8O%T&BQbk^M#gFocBN^n88bDj)+`kE)p{`Ry~1fttdV#||$jNx381t|hB+LuvVIlR{6s z_5yI~FhJJ5Z4#c_Sg@;MzHAIARo*jRvtpIfxZ&_~qG?eE%dcg^f7RWnZ>YJi#sz%6 zeNnnA(l_!6Y38dU`Fb-Io`vhF9Qn1S0!yBofFhf!NwqX6@5SW75J8+F}e zO+D}D@vWqsK*Z>JNJo(S{hI8{%{$*ifK@$qG>9D#Nkm>hXI@je2_%Nki&)aVU4)$_ zWb&Qm^3aV9py|=jq%kDBMJ3~ElXumWXqEwVDpZ3XyD+I=EiD#J;Wu<@nE>LvSjEJZ z{UYTW%VH~MZz!eVtc~P+sp)AEt3&&*=Dn#ucA(BO>kyP>BV{-Z7kIh0a*=Onpv?Ol zecdfq)nIRW{7%M#T}WkGYM8O$H*qgsXX4>b>2y>8J^y+hXE*a(bBBEn=5Dz6lpcYt+0w#p@lr2>1b zCl)RI0fRL>&;p2}7HrC3L+S={)|4qWFdIJw0zdGB6uo8}=}&((5HV~fBF1Gc`aQ4 zG_NyJwqS!om#vz%2Uw=z&OXK3d09r)FU@J zWj+BFZ^KHWJ_0h1LnADdL@e0Y*p!6DqC;Aj!tb8Bf0XGf>KJ8>T?#LGj+8h4e%Zsg zJ?dSlI3TF_W07#{pq^H1tlb0oL;x%zxmQ9B5Sg(I6DWCild7cai z+K%?|?(h?!&1jr4e=x&H9bjL1rt4{>oxUF|nQ+bxV+x%T*-(u4oDH|Pq=@Uj!Ta4b ziP@VM}lAf208p~LRojYvc4 zub~%LkZ}>|^Rk0iT18;bR{mx&sGe+yTIOrAp@kkZPx4>LyXdkJmKH4inWZqnpC#RX z_pee0hYK`ea`kjd!wv4|03uWDbl$!s;Va#_E!feLRV#_b@1vG~_4&3(8)d|>$9@5` z{Wt9HIaF_6YJ%+g=FN;5%(_jDiFJsdaFm`lalvoXxOS11WB%~=b}q}nv+17fh9}CF zX?FYa#k7@heC&W_KMjn^WmR=q+u}+b`PD=)p;971wv>X3V_R4uob)V$Rz%pjf^fMw%Zuv( zO}Br<*Tbw%k`VD?m87s^DV+LUNg!pQ0p3}?&?Ug4T%zQ>`)yKq`@@+^R;8vWESamk zO+3@9>^dWwx=>+p$TWq-j)jTjiR6buMxR4=bh{90Ur#`=}1Y^f0?Nw5R3o>2p zOymE5`{wz7V`BThzGjLP4=?83SJqfH@iEf& zy(3-pNwJM8NtJR2|0f7pd1|oMWqi6E-7kAD`tg?b$A|7Y!SRK7kxELo2E&x_uzjnn zw~7XCY`zUMuMY}=S*}_=P$M^FBPsSkU=>X+KA7=6WRCCSA#PI!M|d{tUfgOs(+Bq! zMvWoCU^{%|`##zmQpT2jSfx!Xas^t2ck3pS<4HR+%KyM$!w+g2%? zg>%avtBrD2ARDm6MV|ENAXg_{oHStRgX8?T65@Lqq_26HQ++BK%5N$8ex2q0Ft;PX z9%2_>`&Wk+?xzXsz>!Bp@wu+7aeK(R!%n| zsQtx}igmJ^NA2B*LWaf=!Z0wcm=IxPZyo}=wcF)vcrMLv;;x z%WPT^QNtj-iRyifw8}O#+B{c-3+mOG=U2Bj+%1~2Nj&jmdLb#pWMarEPU=9inc>_G zOtI#@j}noImm^k%w=glASJ+qOQxUDjrzV^);}$hL-ow)85f<*y0TiMvRBvP^%!_MR z;el6Mu7BAhp2AnN5zcwM{3nUwEN_kU78qQQ^K>V6yQbis3rNA)14XG)XWpcM@RjF^ zsufFgAlW_lU)~ImIxXWZU7O=;{qQm0^W^Mbh^FD7I@64DMT%TIx3SW1(QLJ(?B52W zeGorq{+tPQNJ0AW`Yi9QRnJV|ia!A802r?215BQa{`-W|7pLqX8t(zMQ)yS)K{jPM z_vAN_s1dPOJW#b+`I)~i1vA{pkDY@=F|Nb4mh^aOEaMxQDD$LFfzYV))asK8@bE~~ z$PO93wB*nIT>)NZlUA>k@msnz;CjQAF(-QWokh5_HQkNS>2cyP0Qnj=HP%$3AonI% zSh6K1n&P^tUa6o!Ov1KrkYdU0;~(vUMlo0?L>RYKXeL-sJ+5G_o$t@7Pn`NG5yNEl zLZQIgfMI8E1(O6)+OV}@pQ?V(dy{NnI!Byy$@FUTCy4&$y-#CD%6v9!Ex&_efij0G z;1zo-rT_@nWR`Lp-QpSjzLt)k(@UP1lK`0iwEs&4^!}W>{&bCS?oFX>cns1?+g&|S zU3bO=lYelpAXwOTE~Uvltw~4lt#!Uau038aHK~Y%9A`W~DVKNWiqf|aiyx%+amD#Z3VTK#rCe?qL!plD$Mf7LUmtl zY8i|cwJyQ_fqgD!*@f7EpQ*f$T^MwptauO*SW&AROXeQWK4X<3EzAB&3SZ=`c39@( zfw$L`8`d}QMr@ga5_+eN4<$%eL58Q1|3uFGt1vE{u-{z-(P@gGgAxvh#TJWbAus$7MAHf7lIQ@{+ya}{BtVt@bZJ-y^k&t z`gU0q&$MNpwyL~xw59sSzF>>8FafP1z7*G}60Ver&K;tW(yZg9GiOpt>osE1hL1TP z&frIN{pYig6JM$5Y*gSAjuNbHsF4Q+bTQ@@y*%O3sO~nl`Tr<)hX$$ zEA4vi^ULkJwEHWDy*PHJ7@D_rzo$&ecrMCZIn<>?3FO2en_~ zpNu!EGW-B&7@9Io<4km}Qh>_~QECd7xng>~28*hVf8V#xH?!6p);IAjOOqnB+X#dv zls{sdC;d6KE#Sv_{I@FKM*hlQ^WW6+FVDCh=XKHj4BkrBihVna;kNfQizlMejgC2Y2e(6|&$CwrMr8hlJ_bk6gyAxBwbR9$((Vn2%|s2z zYiFx0WN;|lRJ6fl`Eog7D0KTxrJdvtYU2K48WZ-w=Zlw!R-?T*uan9l)5A45FNme4 zLjXI>ChgG8=*#NTQ=dKCMK}S4rCFr`>Dc{}4?dyxYpFXB>XRj(z8DdNJ(#cT{G~Ecpw#-7`fq zjotF#-tn0Y8X3nEYAp~jV+gw5v=efZnr>@Qezf_S0L^|Ip0-g)4GlopBRmCLsTu}3 z*ARxW%bTHp^IY)E+vkflEJn_xUUx3;jOso!bLC1WYB%<^*SuE(Xe%bO@7EZyZkc0~ z#BmQ1LGTsd0e(ngI@YK7(SmoX-9LV79QTpdU^L$pQ#@q-dNlFtDosvPFJ3xn;FxpA z53##@wpz=S8gaPaK47wv*H1vXTy~g6##}nx;;sEWkRshR#1sGc^V|qOx|439e5-Tv zNk})(6b}#G3Y%Py&&M|da?c>(XCrJaM6bajIAAsZvLK)Qb$-`-BJnNU@A=Qa+yxy>RfLtaoKQqQem!8|YSyP9o)uR@(9^hT?v%m`Qo@E0=iQ(9q+@|GP*29r zWbEQuX%OONDYot*?%ZD@&`VVb%Ui)$o4P*9;YWI-2q)RHt)O2ufAoCOxXjL)>v~%@ z7Jy^S^N4pRFLCcqVJMM{N|-2x_ma4IMjwD#JEhW$9IWg-z@|-#Pk#*4Xlw6mYyMey=U;rg z-7)Tp)a(xCGPvUZ!eJli_38_UdWEm`G+D@%7FvU;wG(8-p0q*@-};w=|V z9CB?>&#&8!2&T?D1X`uVTEJ1H1)K(c9jSqEGYG2RYHRpbgJA)Rl)cgjv7W4K7y&1m zg!2Uf9l5nueUbJCCL%=at72P?P_?4oz2vHu6W_OZUxa8E{B_ui|J7skpMC#Az$W!h zwzq$LkUS~?2Qc0hYmE?U#?+?KbLUqIjMtBG?euQ{F=<$c3}nYDAHeALOtnRpflH^m z@_UZv@ZdkE4AzDJoGMF;m~8Jh=(SIC@wy>v@D^2!+oB8 ziuGAXw%tqAQk}cFPyf93(3zz9@1e}{vg8QLhkQl31T<5;>{h4obu0+i*Rx3}7IDZ( z-B@UBfS-Cr;?N3At~r(v{hZ#Wv9r|ovK3uRSv?;TDyHYH5I}yJ)6o4Qoj240xynMj zz5i0e#YQF2J`I}7ZGr0n3tNZ$ZTGKG-?M6dh&kwLsbBQ7sx>-WNMVfO�Trfe%Fuz3^x|c2UyE} z3bULjn0ya168rG@py7zwP^e+}pbp`K16mfRc$U){BL1?+qSBA=rDPziTlMGmB7>kK|;f_>oV`kO$Zm@r)TR*4ugf7Ob| z!2v+`q}#aX`_@kZENr zKx|WW`-tMIK|>d_rsVKB-m@;RJtCjF*qXk&IQ#d^unXJPj!F;6z!m7)C&MMP;U8XG zZoD*yl(CnqT1&mZL42l!AuYAk>29|K3m6LIRZyh}&_gXV-gf=u7`|k7lPON3>A@m7 z$apm&@O7BWjG0N?s;3sV3Y|=j<820kV~qfv8Ugl0B02TRO19Zt*ojVd_l?w3kq@Th zR3g8pxnYen6%R5XX+aIONmYAHacV7SDaaYKx>O{U?o&fMd6Y2kBDryAYr%^;bfp5? zS&}os9mWYFYXEaK0HNxBv+qBp>&Wez$0m*4?Y7|73Ybn9`iI&=pi0ML3kq@uA9COQ zx3JF`)E-9#)qWFdjrpebx1yGWU%b|n&9)E}%d&01!^iIzUu_fyY+vuaC^<4MkRo_b zoHt{gLtUPLqAqHXMYH2hi%eGkImI)}DW&a>bU2Uk3mdz*Icmf?oojVBgE$zkKS*pz(i^9o1tyv zANdAfCb3VJ8O%!X4EyS&Bi;Ah8%(vdx2&CTgdGk_Ed15H@YTq9&f6s&b?q0Nhq0Jk zo+ZYprG(^s?@ehXtG{I4{WlSuF3>EaTnSZ9+Oa%Vd==wj+L_TkX(KT<#G8_*z0)`f zPq{7m=y|jgy^XV2&USmKq}zE1qC`-H=zH9 zpbz}e76ZXGmn{L#;fo0?Dgq+;l_Fsn!h|f!-dVG^w7&aghqj9<1^Vs{&tH-Lu^53s z%IsYIUzRIF+G{q)!bi)X=PQop<__)tUVsxLniQ?O$QNnkOb{n$%PnE3 z#MOLNRtrDr)(x7CpNFHpta;2!@727YTXz5waiM1{XVu;214fBr%V%r$r4Fi8ArvGI zk5R+O8BAJ*!??$Wo)6)^phiD}^|xzdHbd?6+K0fE-Bn|iR&H09?!Te_du{(`@NWbz zxZQuV%AQBGTfhO*QbAId@939KOr~m3rxTNDI>b&t4MwJ}lZbMZX=`$Y(8hTEmZ2i2 zLz%O%8yMUhoh@Br)0AB4nru-?<^+Si_4RuQgnBkMW&AlUSle%~3??LE6(WX`ST?A= z#h1dHRq@n6#80g@%_ZoT`x=w1E=>yQW#ba7ls@t{)OnLKJjS^B-Ulzavhw@!{Dhjc zyZVF2{x!VgC3KMHX!XpHWpDI880@T%c1G-cYxKR61u1taDNjDm8m-JO%v~wbaZ%(xUVB*7y~Ko1ceeg8Kthv>Kdu=#CRO* zO;!S_t^wa?3mYZY9M1^^3^InEVqQtP0G^B(RMls(6+EX#P-WbQKN!geNxMlsPUmLs zIeNR;=WgA*hPN>ptTG$+P&i(T@)B!6qHmfz<@a+HAId78^|nmMkCv32 zcXmZNgai`DGXt`KQyy!K0V;W6J=Pwuhd*(07H2e7l4P1^NR5a!!S-Vis!EsA$Mu|G zOpmiZ;$~GO)^Aab7koVGV`S^^%+g9Eesr{3rk${UrY-46+zE#??WD6xIq3&+QupFA ztAvGZGZP2@E$x2|uK)IpsdO-1f1vWzD{<$7Eh;cE@rgIeW*nMplSt>OG9DGnqr{ZEVt2x#179Wwk{y*@BCeoI}#f4p1v((isZ1_VzYnqDfI z(I}&-l0-(ANR`S0jCAi?po(LN>x^Jr?P0_9{X;_?4SgfmU#F+T6~e(8WObpgB^J4y zeR;_YT7g}Q+M7LW=e1y?glU%s{NitP{f&)HcZyw@#27PglArNj zfK&8y+T~;=mn8l(xK$&??#_LudSX~qE8OVHVvKO#; zZaSZ;mPV5TZZF6lo;p~k@M(Jp^-BO?kPYeO@qCmn8Di3 zoXrVB9|*=vZLl;dlvY$B9`74u5-Y7GkwE)v@_}8eoGNdfJu9<^RaYs0{{scf4W21e zHl^&h2?gJEZym~so`f}V03I|k=Z0op07deg>)uG{8lSX`h523N#Ou<%mB>}O#v9mNHBfqzgc46xBG}7XZ@s6CRtm^mA0tx~4C#S7trcb#&QGm>vOjj* zCE(1KCyDVs#>?i@?z|=+@@J~ z7F$;4*y3u>Tsd`jR3y=ekMSwd$D|wh01Ss03$-%8ZvD_Ldj&sr4*#B)NJW8WFw3- z#ge1KE-Mm$Yc8R`qpsuzty%3i%)Q;kEYWoBj?Aae|DE zXE!NsZuP^~N<~;gF%ymC3U(cAsxth=Edwh!kS2pkh^z(5cs&U|xd76*xB-3f59q9S zd!Y9NxG$K0^7BE=3fyh|uBI?Kz+bm62s`6KI``VR_)h zCEEHMc&ui>pSxY)-GQT8S?AvQv(7!XR$}u%KgQz(QooUt{k(fLl7v#^TeNQ*IfR{) zkEz${WE`^zd0I!<*q163$Hi2#zZY|d*PIdh=SEH%O9)13OXA~0kNCIQRnN3rGlsRo zyewIwFyfVsVdq^G7l-)xG<>g3`KRigaoegeml`V0Uz5eJCCZj*bT}f(XV|`&F@}Go zVQ$|G9P!zIea9@zWet~*v?2A@&m4qNYkycrRwkv?8NI9OoCxsS^Vu%7%&KWYnnEyd zI0N?@=QitD-~P8-(R*<9x8TL)E=Kk5Q(hbLV7Il3;jZjUHaJQM-2TVc!=-C%yV56V zY$%|$!7TeJU0=C7i%&6kLg6&KiUx;X^_Uw}=uQAz*UtuYJzFApfN6<#bf<2=G76@N zO*l$0b$MMlQ^{i8t)hs_9dZY!s64QLIP?7u^A=WS$B`8_qvc$1!Fl6^^|l0kHfnHK z@zBk)Ae<9u`EW|4Ig(+ekffFy;-+a;IOcnc%=PD#n^FrAGWIuX%YJtl!|czg1+W4% zCX0t_Z16ZrtW0oNxYmi&ml`)-T}hs2e`jQw&OG6GJnU{+z0TPo``V3P&b1 z`2M4(|JwriA9_}`PXf^mko|s`BHT)U*NfHr_59i}W&gg|l~v4+))aDP4b{nejqtcS z7ui0Ga;8ypB3agLPD*cEOTLP9rJV5H`e^9b+$%qPtSf^o_z9V47vcuIj_)jJHehS0 z$>X?PcN!?HVDxi@ZAaX|z#lTU-;w+{X8fAV!zh8QETMW+nlQAf>Y__bI2dSpE5hd5 z%1^V-;S!ETg&-js9O*ScI6Dq=`(+kF?$Rj8UNo@UR7Fwh zUqG+~W{8lgS%7K6-UgHYGj9dWMEcHVd71R+^ex?9n0fOWbi>|6s2U?hp;u6AC_Oe< za*2dw*JJb-V1RQ&)jkOfkVdrR*>SRgEs}dX>n+%&396hY{nD*mx0&=vv9Z2Cr=sK| z3o9VUSZWp*q0nM@z)aSU4Bd(-U9M+?Qba6}U?9_H&KE(}H$~(CEO*i$erTWF&|xp* z7dLOL@nwlCb@n(PObJ><(!9;ds>Kr4Y4avZX*Des)MDW|t%d(R_iPPOk3H+Gpwe(0khY^TecdZY%97f`5aCeoURf+{K?Zq+Eaon?uFAMk+SNtY0gjGHKN+kXW6 z*Uq`E!X`%e(w|fAzDpq$@0foF%jcdkAv)LizlQcl^_` zUgY1L{9DrDqch(RU%1^_<|MqkQZo794ZEe zU7OjCSc&nKR<#F%-tc~|lTo!R=hbm>id?Z6Gq2LXC!=%kuwI+W#3+{KddP#2(c=ZS z$~VlfSGjWCOe(xEX8O!az%!+WCs-|Vh`mMFIt>sfM;w)czy(J8tJBk}y{XfCUKYF+ zTFnKkjS>yg!#x>d0Y1}Y0v>+ieYFU(Y!`Ry3$t{bFjL*XO9g=+Dp||-$4w{b!*D=v zl()1r|KAVOZ~Yfc|JnWvfr>j^616!WtA8AqZ!pO(lC^FI*&&g5Yrsz9yU5e>Ah3+b zoytDhRWr)^7EZR(A}43sdTrcv4W7rGddcAl38&^bzB+G1d>gQ=q2ys*{Pd0d{D~Z#+4=W*Ap$DIVVRx0Xe8&PQa0w&sszjsC6Yw+XF3Y zs)Wp^XYz7r%+-gYG3B-SNGS*NB=kPUe_|X615v@s#>-7XGy5k@bycvq9OE7^5cU<8 zW;R$@5|OOfV2UmsFDZ(S`oPit=wxbVUAD(ZT%W4!Grw@Ta7IKvp?poucgKo{7pD28 zW*?CW$>cSCBGt_!4#{W2F_(>}=?;7sFwv#^Xwr&`3sjw={2~P0e#I05vTTcug(F0h zu{yj{H$;Y2T`;o#d^d~=K0F(7CMa5-`_?vpEI3VcN5z&BO}>V(p-wfPs*~4g&U&KWg@>uFl^^ahRdH*7H#Oy{?=hb4@Q9Wi;DY& z6Wha(*_5|6nS7kS2_KD?Eh4UU7p6@MyR3&;+75j?`mwl$W@24e#VPaVvfC#sh?ZFR zl@jIb#IC=uDh*_j$%9QENRGPyRZ%bPLM@#yXiB+It}I$bE8AM*5+a*x&@6h}WE-lsRyRz*jPC82$jZYm6fun(NSlw>JDyf^R~%7O z!Q2o`6~ND!TSb`$G|i?!Wf4%aoTFAwva83Tcg)a#_O5n%t~R4Cm_JQb{5kZptG z@wxY+?kQ3pk|45HLDaa!uHt0E0K}vi7s(~rQf++TMVBSVKV4S?0MXrM(m3gSwbXF$ zn%Qt^DOX$1h2;97DILyA-F8Yg!eX-J+t@a@sZHG0xVp>#Xg zG33Kk_V+x*%ITxrzTd`goSK)PTkjm0K7YW`d7W^ju3kh4z*zz%%KEUKpN6HR_Iw&G z@&?p*1A>CM$V>`y8W(PaQItunOc}f2IKd#{9TA>$9PBx81ayf3$ON zZpMy(=-6Qi9P4_)Wb{5lpff?ON=$ULcPMszDFTkMMbMh$j6+U2|66I{VO)4j zZ^V}Ql1qy^JC-xXrmw^ZYg}TsN~tLs4msD&c3a=UaQRN0gMrUYj)>5MV31*{KJuC% z+{k)R3u40%_ba7^CF7rz32i-3xOmxYD(6aK@rG_K>;ZgZ=DtVTTxGY6ksHq~D+JBg zH4~a3LAoYoUYhq@yHHjM%ebqHerk9-Vcn5MC-~_kGBKGKB8(;zE}-WLc4pmna9h7_ z6KTc73_$^icaUX5dl13T!phrp`jb=a6)KjFtbMr)o;F|Gjq3>LR<7;U%giKOu^DsW zg>Odr73;L4Fn-skWD=WlYFTP^I}_~$ez^GuTT~7W@nT(>!M09#KE7zB7}+!OD}PP} z(%TwNyJGk4y$?F6M;7x3QKQa9Udb<0~!xun7h#qJHzT{`v(^veiA< zyUCy%x9%k<%D$kDYj$6&yNZFv)D(-3SKv|1kh}Ho{&{J#D$Fs*Sh=&B(o84BYYv|j zvV9j;^H8HFn14GjbXbT4_E-HjxNPbsr#E;Kz-|*L1wrk^Z(G-nY-xKK=uqyd#GE<6 zR1wq_q$-A<{}3llsPQLWTU+{8Y)!W^V;XI1kUU~@pr9DMx_9oaMb>-`?q2Q<%%45m zWWZ_{vwYdilX=-cUS3gJeoEQRj5uNa+o2yHSk)gPm+wYLYJzb}O;2E~`R(3~g+LKv z2_l^#a!mg)YCJInzU3f$c)YEBNp3)iF2}H5Qpa%MsgzI4Tp+W!6SMubUX^a)zyF!y zf7*W`aJo@m-(F+hGno%f*>5n-|7(>=Ic=SZ%KU;DZV;H0YfhO#WUF2-d641uYg1|{ z)lb9c*F8<+CjT!WSYpe#r-CA>8XJATdosP2x48XIc|!h)PuqJ&{?}0BgfcLVVEe@I zzSoO?uEy5gmM*ipB++gv-vGsLlP2T?CAd}oj;^!@2l)$8db*`pZklvw67MIot@`+> z&J5daP#4BCgJBM_^s1i%|ToWwM@Vhq}+6 z3~;nx_tm9rTKna7Do}cWI9YmZ;k;qVgyWVab)QF-W)kfi*1y}R@FP=d^=5-~rj_y% z+DSjrA3I;-|5m01ovb99JP=46GN_uphd*X*AwC;Yc4-V(>$!%d$DahY9x=TOp>Jxdyp2FvYVy%|w)n}7E`aj*$E%sGT>=I>QcSdEP` zkT0Q43{j4nK`TH!!V(lI3jv|dxIsG5&eX;;;=Kgo`PxU^5JAVT2&^{d~Wl9e3;Wk(XQ z$>{w6BkNWh~ij<(l)YJ1L@KvZn6E4hch96xU zu;muCs00`rw(%@imt^Z+oNEmiKBKZGFz0R)h4~>L>WT zS$;h{Auw3CTz=vqtj?jpy65*&Uig%&_fTK)DnUvjAOVbyw*eO8+3oo_%U#%-|C};< z{~PlWB}K~U%1QVj9Y~m)+tNrnP&F@2%9$>zUB5Z5Z&`>=Djo0PfxiZE+Xzw`>6bnb zx2=#t*wVT_csAs4=S#!Oi3mXvf9T31QtWMpmTjl5!OKCQHlVVSu&lW48cT~_}YJejl^rSBVf zn?N+0*uQBqM6iL^78fnQo5)B}=2+zPr!Eo{+7dmP(1`BK>Z_!QNM*+J!}XkFe$OAME2r{rUs zt0h07%d8LID$d^)bx~cE_53?aN-4cfD5OA?ayMOCZ~ih%gxt*tmjd;zN*BbL#!KDY2IZcWkP3_Mj^+YbblS+L=X?BW6Nx=uxi1#!6<%fKN!tU!qUds%4 zJNn#fVKIb;zZF0^_e->7KR)BAm8yIF_L=a5uschz?5K8Bhy3Uhl9Eo@Wz&a(t9SxpSR)=_3L}qhc(89Q?_9Z%Kcm4nPd7@TW~r6`Ka~T%9i1Du7KM#=M^P+ zi&UEU?j=|773*6G6%uc(g=aq#uvn+1TUfJEB0i3Iw>sV5_hT(MaQU7p-D@Y|TKg2x zTg_68ZxXBl@EH*7Ui((A>x>y&W-+`qhi7q(tAs7g#Yl5nns?eysaA>6OsqdwGKr^L zeM#nfJ2UaMhLN)w=im6@%G)UZFFu!Mtu`L*~t21YlbsYQ9W}4!H=Y8JjDP#2DL~x70+vO;@)Y zJifMbX%NY(X_osppJ?`z=2mLjFUteAo9-9(Ytwq`u4GeQePiy+(QvhAOD2z@GCG|5 zATz5KY_b_KKvkPLR8dID#f5s6?)uE%3KHH)^|#yn?jQX?kqX$e2cD99BUE($a?Lyc zNdHDcpXT?IZV-g#z2;`A#$zW_l2wBn3c9?z-Hp`h!g!Xh^et^7G0#JCWE zZh^#VAz^F^nwX1Ylj@S5M%h{f;56@E{+G$?%twD8-@X*gD1xE8rC2 z=*MJ2S+iXCp`2vQ!<5{$RRqHf&T}`Gt<02{y?Rw(s38kROfk<)*p}jxyW%jMYJ<&A zv5?RWV6X+4d;_Q&z!GLXI_$FO0?m|#mJ%{Kxjo}dg{GQ$CIn8RFt)lXRaCVIfyVbQ z6u(hyxIaTUdn>Q8NOos6>2q$3l(<_w3&ewGhvZm+9rI&OCnP|x<*IXT%GnruxLYrP1!+~<$Qtd|njXoY2QP(m$`mF~GgB1>v0flDN_etfIn%dS zJ=&uxg>SETK=O>j_m~dlRT%e47N#P_J9$4HpT&&_wjT}dvd-~r6h;1$s_r@Uv~8Ye zj}%Azb87g?e~$Ry9*?08KmA${q2uS5TQs8NOY+pT^c-B*QpxJ-S10{~mAVvst9Hu- zJ^je{!Dt=Jn%b0}Jx$e>LHk>nZ$!R0Xqqh_&nMPKDffbuU{P;pMJrUMZEQolFPW4u zld0^{1FZy)lmWLv;EaijF!_9ZY}IW@McCL%Ly_^mKEu^5!5iyFd#fmY+9vs5#mWAk zX$hH*72kMsHBTFj@mWe}>P@Lj9nTh>W_2G+pcewFQ;Mx?Io38uPbhl>x0-h_*WeuA zjUM_WC^+&1;Yc5F7NQS*HKH1jLu>M>75XfX`OU;spb>y_MIhZqpG+TX#fCZtd~lc8z^6LB%T4rb7udMY1)aX22p20U z%NRgl^r&DmM6bsZW9edg6W}Jw<5eVS9%5tbC6R(mqtZ5s@+aD|rb4nv#}g}A5;JH% z-poygEY-6?mI$_`rS+VgO49NMrm>DdZ`BG>vno}Ihv#3rcI9ObrhH9VrquMpwzPhlKSLG#E@i*IJS_V%Up=wlE6GB8b9~pP%7Tc1P}Wt&T#@QYqLc;;4?z9wRkF zW5Vy4p~BxsovXrS$uaLLMZi4?)z;x~t#iwdKdiQStWCy#0{y=A)^JUi&EQ+A_v3~# z;%*{wU^>3<#lD_QL64#o|E#XJwFXz<15pjPZPO@ONPXIzwW?~7@hpDGV9$2m3+7O4 zYXUZM8m*b;8{KROfHTJiQ6$N@0B2LbVCq_HFxXy3KzMXS(?qP;-}TkS`Iz0NV3Xu* zLQ`eu%w{H^G_amLY5tzv@W!JBlkV335EGmW1v06lFudb{*eOx}yvZRIJ6wJNDQKmf z9NQ;m;w4yn^=HKZ*VYQ(Uyoy_h@Ky(T=-2<4Z4ty%o}2h!;0Zn-%IA6^aP9g&D@Yk zs5JGBo9}%^PZ9To@g^ zu(0@`UH5EUC8cyDF#p>ULL%i$j5ogiW!js4#STM!V}noC7O?c3<$d2%)h2SAiC5&v(n8FEuE_M&i_Ai_hsY8Y3hu%0`f}h0R1n~d$cxzMQ?oR57m-F;D!I$ly zM30CSTm=)RKjvC*+zWG;2y}kiWUR

    pqt}*g2A2mDO8J)q(G3mm?66j_K${M!?QA z_Nxl*<%NLX6Rm}3a!dL06Hw-Me_!R;+REBhXz~79tBpSmzL_SOWbBuN&+}61jJNE4 zTHn3@ajbIq5a@7y)Std)d9Wx+bUBl?y&R-S-X$i#xbtIJ$`%DQNPXoyq+L5l)cw^&FzDjZB61AS)9Zk#i@dvGdHEs~_PG&8*3QAY zJPo~4Sy!nCQg{2Ne0nzlnLx8HvP6jP@W*sJPo0K3rdg>GtoxkjL3uAN!J9Vaj}>d$ z*Y0M%`{$)1c&04H(7ls8aOq*1oH3V%oLa3NlF2wiBQ`D5KEAnS6ZZxK*EI%AeP`yNz9 z&=LAlm-eJ*;qdYl?H&Qrdje1R()gR9lq~>?(MMVHFQeIqxMG`&T)6`$?#`5zNEb8W zy^*w))!k_Sc4sNLZ`jUWsBLx*tG%)p;JahWOuY)X4-K`!#mZKc`Qo2B{O{KOLMt0h z2g`=?n*VNR7%HM0*1_8`<5&~pR)t=5^J zk30Z41K#9_Jo%qa{J*`!raDgKOtbJ*_|vJnAE7&=#c-IP4a}_;@C}-g$pk1+9k-&8;VO6PF-Y6tLhi7tS>^s%I0@E#4|;N=^>4=S$RoGb1&A0 z=@k@uylKJocn*1K0-O6eLAA!8v7a&sRyQo>;qNRS$smlG!`YcO8>M^^&CJ6Q(*fXH zRkjRDCz*e2Nt*wSCFb2f5S%aa?a>=wy-dHBH|^k-wV94#02s)${EI>ZKn#o)=mi*W z>#iV5jS#)M&Cy0Ccg}C$GaG4d@mxLn`%!HVMb%Gd`jgqdpJL;L20JF_`-)+q?}!xN z+557?vWTPU>t3CZjO(a*M4N`+cMGbG00BL&K$ku2(T)aD?MQ?d)zTo zC$0xWZD3}HPt62WM~ohb?$U%;swADAyG0XGOD@+ZG-&Um39vY%*mrq}+{LrCK=a)k!-Vjh(FF|o;^C9ysr|V zsv7_FTW>|AdXqqdPS-?P7NM+OS5+VE5CO?VcMnh1kbF-pF0?#o5i?J*k9QXgmbSlk zOkWx9ScZdT5}NndbZ3j*<-8bqXfn28eVDH)xD#eZRG6i$(Lk9jIIaQPgtBj2J0&Ei* zV(zJs=y>@5!QOX=HMwp+L`+eV?Z|1yz*%DMwrra;w2C z4FsJl#}wFl3S{arc=i3tSjrt)$~l~kH(j3E;l=}FYqTArasC(wU8Oo0ere`(c=x-l``$+{+;aoTDA_hYxi<59_W6OO|fq2HC#f=(y-3zyr|qGLvXio4&pRjqU7b?DhD zhhL=zPD}<}eOjaianuGZmR}!VTk)85F?^(S$cwjs{mie#HCMYS<;#!2qzX3Z#!De< zx+&|%few7(QL3kw>Edg0z>RV#y%JIpw}(4^HMF|E#RKc{?QXZf+FLQDxT}E&&9@$^ zOuYF8QrIo{G0SUJB2a5L#c7TmYm#U3@{OdQVp`^cPIhx~|H@6~yT-j_L%}tcgW@>CexK|$XK z-9w&B-!TW54k>rcah(|~0GlN`O%=U9U-A5=u-wGMdxP(^(zq7SB;T9z67Ur2thhKGCnBcO1AA`dq8* z2VqTv>m`TKf@A1daEK!C(hSDH|S(P&5p z9Q89H_WgnIgmTbLGDNdE&GIR;MpmHH_SNHe5?elvf@nZ>qHmyXf$Z}Fiol7gN#?-3 zreslFi|hrJnSsl>>iEm{0!lzeswhw0pn_|MfXHh_)Lect=HNsU?6|B8gR>~TLZ>L4 zx|ZXdBK9f0%CqFS4N$vS0I_V&Rc+*CmR>S&$a-Zt^?m8P^o%+oQ~IuI@Uv^JmBm2t z8OTrfTmAZJrd_H(fjU_FUew%PI9JYf=}PkuFvZ)JT1B7_B#6R5H$gMR|GnSP*JQtbJ*{#_I< zfa;{f1i5hw&!Yi5!R5C(X4LAIIt6<9s&5zVKu$7xuTD&CD>3WJdcnZS(*TX^gz6kx zd!6a`N96je$`PL$+yirJrLI4_K+z0}G>(WFA|@pnbpq7-%|^r8CsDnf!t4#}7$un_ zIh2-`B13vOdSmRXeRrdzVRCXV3I4KCH+b?pp)Dc%T;h@xcWc3K(Zjz^M_DjUDS|Z( zH2llRcrK}jgFjNIWFhmNz! zS<+_%6Z`Ni7Pbn*Fx8J*W@(y=EA zSsN4&6-`s8>g__H2D7VMetz7g&**3SpZ}@j&FCb zx3PZiErW$nNj@I2fa>nLD;H)VFLJLJ%RK&+36_zd$u{)t2Rkom34Ws*5u}0~R{c*Z zYQIz0wA2=x!T_wT{b$__mmcQ0HtH5Z3dn9oH;mTSQv&!DV7ao&Ck93N7aGsx_GT1A z=dU#QtXvhxDp;$nFbqVJHNF>yT}wBJR-kp+Kkpi^pfaE0@~AHwHw;2f+Nev}%^P*P zieF8WN=jvF=_2I2fY%q}-rN z(?MPTPU?&QDmZn$;{}H?iGc%a^C{{_A_gjmq4^ToJ#4`)Y0a@klJ< z*kk+IfnaLOLqiOJkDbUJGzqt}&dBzcI+;RsAg+4@n+;PGYn9HFO_Ae!9mH|!Ff~kC z)8_@Zt8QUN8V2rJ3WLaMm?xuo%@6 z!3wYlH&t=95UQ$LG@gpi=jA9cqCJ((h7Ifm_1Hdy6&e9$JIhwA>bt+t2J<`);7;s3 zX916%K*y25^@N4y-Si<%18rCi&z1_mL(!t{7-t)+vd%gvZUvx+=Gr=zI9NyZ@FR|5%efnCh&Vhzj^#?s_u! zd7{3=Ik)yY$vT1{)2xT09d#Wzv;t4a{N+7*feSuSW4BTQ3E*=^WXn2O61xd6AtQ<< z{LZNU@;tRj^*}9g>$ff0*4UMVH^D7|VwEPkB*r!cCfHWU+!qYZoiR!2G57*D(M=#IT|wU}heOlM@T&V>{;qs%ypMsfdfZLYh|UDFh3z2r*6 zqCI^yNvkb8WO%YWgjt$2jE%Nj4Y!Q2Q^eYC*BL7*bP;GMF_^1VlYN}UQQk^n?FIpv zwdsfEmA?=l|GJ>95C{%+q(SF<2?Qe63M!NMk2#mSS@iGcc8kWQy{QZXCb{{GD?Q|8 zhMv8UcIu0BNO)KF>k1ZGq=8V8QmE=&)$USWTN_c5e-N41cdhD1)0Y9#fuP^p=I~Ry zYJVA}Kg^J!SSnXLZ#y)T>jdFSIq;!2?J`ytlJ{zL8Kqc9OE(Rvt4}9I$moIkc;zpZ z<#vpSyVASp7?L?STEg7A{Bk!)RrWVTosTdYA=RBj6N^O9c%O}Yd(|OyS}xdTZf$1t zxNJam((N=kHQZB+pRNUG)0yFZJ{%zg{s)E~ap!iBc{NweT4L{}`Tg2zQI9n=JaeP)qI`SU z$rHHz595jpHrrj+9$IJWo7bR&?Y|$>CJwCDO}zODq&?*L=0O@jJ|R>4N&(T$5+9T? zET$YYZR@ro&ENiAnf+gR z1OK2}bV*=)e$nO{e8`P|yrX-%H3a@xU*cUOWYS5ccx_Fc_{<+sF23}Bc&%~-si-LG zvlKm5^18z}`Fdk8F}f|g;`-DN4IEN`X`ZX^m&k%oc0S4+iiB}x4WkAT`Km#G0?}nt z-P-(o-T1o7O0HQT3~Gm^=s$NAeCGiBl~QxtZzIFd6CICO4!enSAMLL22!IQEjPLqaxZ9T;>#9unCk~3FMpZcYX`$j~ZuatzN<+`fe<2G7I zZpvzmKL)q_BN8Wqcx_sHI7Hy}YIpW}Ik+-=mT`KhCu}OPJ7q~mj9gY?R{+A_EaRT& zn9N7wAEha~2bwGpNeFcn`s*eU7gyZOSU7QGq~I-0=$;I4vv~zu>zU!0mtH)hLY=JHSog)XVDjvS0_8#wRwre6DYuUQpQEq4eA7Fx0 zSxZXtauiY7jM*&a2+W!b$n>{1{a zl&ENya~!=w_LdyX+bB0ow&-FLK4Nr%eB#w$!kl5ps?9{~ho)hsp7y)+;rf2>+u=3< zQ_*0udUuzs=6FK>GLN5ZrM1;HT zjUea((J_u>TL}yTT#lv+%R6;sU^CTvSR=Nj8Lm^8+UIpM1tcq3J7pn#{4>TrMGjXN zM4~O|wL4}OVCoxEvJAt_MB>yX);FC}+)TU0MuNI$f@OZ4T(%b}H#2zKeb4}+XsJOM z+m=C|PF#m6NwgeRq|yCPq*?k57{>D-MMtaAiWf5gZSzJ2Fgm>yoz&XsR`2yNBlVKS z*PxmH@Gn6?z5T@Bc6Jg^_vESRea-%8J9&3UWLD>E{qsn#*_T(Ib!WvNR6C!3nWN{s zm47fdeXe-r*^5nq>G`=QgSUh~SL-!D=P1~F8;cOCFB?-~Y z&x@`3+Y1HJ>wNDP7cXVs^p5_b*;H1Szo63=_9fz{-M)4`g-aRg+?(Ewmu}s-KRTo7>yBmtQ8|hh9}gNKf_O7kzN=%j>ph(`oks z*#y!5K@K1OyBMDRV@Y9e!A()wosRd^lw@34ql;0O#wlI3W6T8LPs*}#JgJ6|J@ZZr z!~m&o1(b?yd@@&?au=0Zy%Eck+XE2~J4<5cViMv#-Kh$@R*BDU^s$rNNEwzuFn3)U zsZzdXo$ej=FM8te>woKt_J@CV=HFSRjmsn6-glEgSzS=vi4a(~TE6HXAol+CDML^{ zpb9T5Hm|V3hT{je!eRdTVFNV|(D8me((KzWEm_I9-h9?DTae~-!a-eGsb*9aMyd?G8&#Sm%N53Pg z8%wb*spv+9f!x16w}q2kMA zp+Ktdq*Nu!5MwiBv{0o%z_XcL+>O?IzzFS?w}kGM!yq|j%S_=o23EJswMb^pFld_~ zPd0$5D3>o`2g2258{huN=I#HqrHJFSy2`h{fv8GS%Q|jtH zEJsI>kc(4Hd*l90%BWif%hB=X;D@6IYp>^{!Y=oh?T*lzzqr&Nj})}{OA|f{s6A%y zPCb5cB;#`K8dudtMJh?g#rQf!zFQ8)2G=w%ud80N!(NdG3Q0C=CfP_<*2U)YYV^BC z0)oy@2}aGdgx$xGQc%9<606JPz-KI&miI8eThFYEtiA5MG8JF{-0NB(vjsH`1oyX; z@0a-7=B%<(+p<`(`vfJmfsKMe?hoDP>UPj-wK@b8bP75URC#h*}O zO@MExatC29o{|02q~n||#-S()qTA~`z{;!iTX&!;3N@Y}y?J@}uq!z4R(=0QZ|X1= zC|E^a`f?yeeXyV04=J=~G30!mVz0X`#e?`+u%F`G&&~IuKghStb~Jgc^6)Htyy}Um z&gm`Fb(bz8;lwKvL|=^`o>Nd+d7(1tjySd1T%+v_@%Y4=sEMSn71cW*;2{9rPwi?* zp|nuD5lmt5)O@Fy7Pw80*b_NCeNZ)VfE`$LR$pT25jMT1fr1Hb<`PP#f{avcCI(*6 zR&38KMT;Sv<)U)U+__}|b>s(WI^@Vua1S2GPkm>&!jUg&L#=)~Z};8BaC{4&fufCn zz@IQ`R6?vC?v*xDG&eG0Ym>S%_l43Q=jop1qY7T z8HU>`hpN!LN|bc7kxOM5BNMk*e`weVMCZ4`@{pw)jL*fP;v&mOz{y6*FgJok%;=Ho zl->=0_hN}s(h#sVvq+0Lp=PA(>R_wvf3IvPUvMMx4DCQnt(Lw__{&o=AkFcLJi zU<0v>`d;r&RBEdNaR5kWW$azw!U0fk14LRU3z5C*6;qS;GsHE4zQyHy4^UvV%0GSJ zgYc$I77!S?`PVA^Ck~1z^-=W9ESmbQ)a>(1^EJ4lw=G5MswRW-Wl0-k*5_Zb%YGD1 z0-wGtRQSaaiZoPdqq<&Sh?=Kd?^Y}c*KFl*=ZldDsqXewQ5SyMl-O-Z<<;Qj>H8@Y zdzlu#UD=5UL=}5zT_)(g`m2leKc~P`YCTtdCMuVFbdLB!_}etLRSve`kYAp6UiZfy zK$6NBIvj|P<731#hpOsF@}Yv=iO;ekuZESaZ3~GfDdhsD1B%x!X#VQ2Z~E&W4G`?4 z(TjCsD&FV6`_R<)Af2k+>av#Jn0s$!e`PArOk}8RYtP?X!PpV-Cg02fbsq2S5;IW8 zfQ^i8yt@G)7ncEMceZ8dM%nNO%+mvaDdtCjx& zeU+SS$rC6>aIX|iwV%AO$;TAC>da-ef5)*<$1?T%(#X(C9PO(IH|YQt-8uW|G16!r z`#P;`BC=a)H4#NS>a6Yxij59I;It1HoDaLp*}j+unsVZp(k?($;3x+m_~L7oMgzE- zL13jw`a6mxLN7M{;0oDCD8P~2aZuTH*tyo}OO@-dK?w;KKPD9D!k#DVNsh=$Ncmsw z2I5-Qw>n2PRBn|RfQuvyuX|fUOZ1w~_+*Y7N3P0{`QBe{;2N$ zeVL`bD-8b%(&0?r{Z_g$&Bdr>a@|?`mbrOVShEVmWh?Pf=x;$$(5`~(y=n#MNKKEh{EED+Zz%>zn3AL$(c!ec)?fO=Oyf%(0Z11^(5sFvxQIpQ33va|+ z$?t(Fd~gF-sHzmY51NY-iax|w>EAu}c3e5$tS8(i;6w${BHU&)svLT_gR0FmSCV@o zS*>z7FktRjlvl0&{Zq`T3&$Nk-+nQBe0bta9F-jJ{wTC0r7%&kNvo4i59L1)V37jc zDxB2v-+;j~Wx%!iU-MR4C@F?SZ8Re|g=g+fkFL+CsfJ+bH48u?4b+Wx69N z2qKX|Q>Z&*RF&e+uE!6o-X&~#0CEdm=NP%94Beor+Ko3KMKz6ttRLMEWTr{e+ z|LfzvArQb8-m`5K*pr`8(fND?P9}NYXGh1918{j+t6!9qugyC{ZE6BROkMbFB*!l< z(EEnQZXS`|mVydIp7qzku4|)MVKyl*`h8#l%w<99);sLTCGH`Y!)`b?pOpZwys1k_ z-6hM!Ksjem0}KTL^C(6N&|`jO50SrL@aDfd9yu|oN1=tc9K$ykPvw_T9^QC25xOVZ+)mqjgTBYzKh&+;L4?WO{5j(MxS(*u$nht zEctBd%=SIh#&6cC1}|hZO`nc_`iDL{66~xRfo=bXI@LMOp5$< zRhI4j#7fk(5y5+N)x8Eir}ldGoy{C=VxBoTJuhbmU_J2uO@;`__E?Sd9_mb!a|?Q~ zCAhY$%%(-3N6tn1@?;&hIcsmduTJl!tuoZg3de%RHs8EK%E!M-$Q14vVMuMF{}N>* zC(huXtM{qW;;g);cCFZ;zKp?6l!3{w`Zz?VIyz{C+jN*5MK+zMO{4KKptLl+wc_5# z*zs8P%m|yNNkOwru3}x1z@TMEd<8lq7$N3fS(dF52`lq8STiMNHx@&Dz=Lho1E}#I zm(;6E5^6I%#BFa&vFSUUW{SxSOoih$HwDmYlz57;=r~I<-0`>2uC< zKXHBY2{Cg<@TKgec^%9X^7Ebn_T|#93Z9NhG3c6?7uMzc=@0e(&t0M&`$0fJsRp6C z*Pi_S9zrnkU?=_(LP9IKmUF=}-ag_c z*_FPfsU~cOnl6&-cA;PYt#Iljk1g~KY=Fm*L?U3^Lwhiai$c1m3bdBHG2`yv)PQwp z%XF_5cwAv5Kz*+PX`>@z&>E5gBr!=$ITF2oY`CzqL-$nShI>)G%-V)-4 zYlp@K#_>WX&w~Lh*kn{;^?F|kVj0#wKpPx6mzu+-0Y2K&vB%i8YhKQ3TGwI-7;#eS zy1yLolMmu`VluM*HKvL@E>on&VBOA1w6X2o2-(FHLDT#U2Vj+&!Tm5tj_AbPZi!7p zIKDs1rl-hoRC@YKxJM$yM$ZuJo{`h*XVGKw(bKYe0EwHV+K#BZLDLAJiqC4*IOho3 zeEI!?Bl9}kq(PaaB?31MWvxc|DsW1{Lv+S{pn;Ggb))h^9Nf)OA%@o}qd{zLUm;IZ zXTYd{u#GM(j~7dX4A0_ijT8p$GNaR8MZtOk3#8?#;d|-Z@7Y@LpKHD!JC>A`F-{dY zoNa%2L!Co6>PySB$yfWN>xXY-G7l{FE~f?5TD<*NmGvL-!IF?{G<*^g zI?P7H*H$MXonmCoek6!N>5nDp+*+?xP!6B7M=hKH4b zyTc@(7>S~z_k~dYzaPtb?l3><(n^JH13qOp2A4sxxjpaPB4Ij#K+4!!Q!nMxT2@=@c ze%_Ls$GG}*j}oWJTqgF;oR0Xd;E;?=N%c{i0=M(L&e1)b)b(Zdptl=w2_2YEuOOya z>(^nVYzEHb1B4if)4lhvf+A*(O+~9V&$^d7;Ec6?3c`lnaB8Ew1@X!|$Rp@k&#SU$?%lbTaa47Fi(OY*JmR$z z?}#Yz$-2AxdQl<9XH>g5Z5f+bNbibAbe{LEOhJ*^w8flTBjsJx?6OFCAM>39NU|G& zFl#z}P9dq(xEQz0MT+apMN!_a)??46b4M#x9m&D`Xw@XS4yhhpLtVHIU|F=&$HP@C1yPu_Kv!VnX;XRs zIIgtb5gY>bnd&SfUM#J+1ya`n>F%xzf$r$Nv^GS~RhjkI*ePY@{us#` z-zdY`N3-LIQLIbqThYz1P|zf#!4}I++hsTa>r4n6DZ#0lM#Bn(x-)I=U@B(^9ec^( zQ|=ez2#3b!&nm?~I&jj!CjnepW1P%3%f zk4F=1dtPV`F{(N(^|;8p%xz>GSfx;k(`zGRX)tBoFERea{yGZf!8$AwWRHJ;Gp?U^I@zD0Q zY(I^PkLudK1d>IF6N{4x@|9+74XTR9VgL_|%nY|{3zim_@TI9)j;U=2>Y*xBFrS{| za#cj(#{Hj<9ZR^-k9qaEBrZu5iIE^x$`C`v2qAsR!!Mu`?KcXu@(mm^cpPd5<^g>b zj0govJN&lrWXKd>pWqSs@oM~zo%TEii0&;NAuuE25{kcO9o5}C;7#n^Yb^0lpXy#v z3r^`6f|#4J3Puuh!JHfgdtZI}s?HtXfo@(t8}qJBYpN^HHK-$``BZt$LP~L%jqXFi zptZ-peq}LQe)w;f+b;-KO=sz4PMZ7=PoF-`zZeCGi0>1=j_7{iedrY;KDkymjneKyp}B$%~w=Kdb#y$p5U6 zf2!1<1L)7`;?K$P&o9vb&EH$8Op72-ndfU!8m{g+Ra$OW7Q@pXFJ}c=(KA(~cuGye z@494g`V1-5&$U6lB(ZZO?A*NIkKb#Rvf#dh6Cpg?D*M5^9T&sNFthoAn*df3_g(|q{TeE8FR z_|yLWbG7m3+Um~*?EeeP^_)~4dR@LO2%!=Ev{e&uy^F^tO!f)rY)N*AFCH&d`FVe= zOywvEuTb3>;zv=C?S?{9al{|p02<4Ep?2P4P{K&g5qHL`GHHecg}L7->}+q=hFUg>RmFc6quJaD@v2?t(aRmTeqDIIEqxO zW9L)6YRzkJ*-JLC>tH+T*nYY(TgOr_Wpm;Fq6#`Cz7wHENJvPmO338Z@{SPCpZL4G zz>f=hrc`g(@2cf~ORP(B6N(Us`b;KPn7F^t>^dU0*-qxhQtz#=gP%qVWPQWwaCo#f z_vl_?4DCm7VA}Y4vHrD#p{Io2YUUTcJzo6~xFQ|WXS4dC$P2RawYP960=v=xBi#40 zSqR*rM+)aEGY3zT5EOw3q{|)YT+mf?7w2X8x?$MU!M5T4Xp+R+|SepjGU1L4@59K#Bwl*Fz zFS64JbM40Ag2v~ANsh}O3ZV303@i0~(tQS5iE&i8M{xWgc}L2#qsn4c-lDso4T9T> zdK!0D*tqK24a_PaBns9`6o%nYoAl)&lvZ(U zp0xGd{r2OW;NHMO=#a$>jUD57@+GKHBJ&Wv~8EbQ??%g{E8KQ+MT1_p5s=BZqk$UA;&YVw!TWUz)Q%Q6m>XtkzJrPGF{XB72t!~)gNoLBlY93aHNPqB1jseo$J*MjAsQSP zp-fk*3S9z;O-6VGY5}h>tCLB<&H+#PeFpp&Iv0KLM7ww*nD+h>YTn_Df~+p^Jex3* z)h{>bBZqY5+MvyHW$McloC;mSxJ{-B7NE$x$R90X6Pg*_Bd4-5dp+*FF2Eb%NoXm5 zeQ{2f0n^YcEHF@99F51XIf7S$>(MLJuhEFr+%ZZB&ohC)nQS7~XA zIj`hk5N574-pTOov14)}ZKv1Uo%L%Wqvt=fvMRpS`rW!b^jX~pvpTrX{iZ(J^kcAr z{3U1#FWdk9H#w$1^C6JGANwHtrjIP%_dfavI{EGQW1*opOdVqCo0(xGubSr{epnLV zdHc7h{=%0h`%yPmU(+v!lkac0B{S9T)+xR^n#k|FS>pgo3{8@+ZF{|W7oO8qTGhnN zKp}0C6*tVw&@&e#pKaYd&#`4GoKn?-;Wn~c_wLB$a$s-wAl9g$YcD=pL?vDao7uXo zbh;**4I2>g=lA=!v{?#eX{MZ_@vDxB>93vAHrKd)Vf83&Df2V$drU0sHZQC!3XUDd zE1ad8f7L=H1P$fm7Y0hiG>&lMB}xibfGJ9_b^BON{XO@F;d3OzmIM1yUrQ;#xSOQG zdxo`D%ycKX-}ED)ApkDe`lJ>iIA&oj#Or*LK*E%HRNa~HouJzjC|=uHS;(IXp+bN6 z=%@=mS$czXw+{nh`-&^dNvJuG&6zs#yKAYxOv`Oh1VEvog3RU`svYO9Cvx9@O+AC} zlG?7`CTMg{!vmh|%qEGtFl`1&ElAkTPu^iHGCYIEc@31}d)dUfrh+6eV!pB?5uuRD zQ_fg*XApm@7em73xmAn`Q(1({jyYo~b0`4^fML(fKKlheI2=k540paZL!Z*ULl10= zJxjcUdv?d~-c6>N&qJsLX}5a*6ziyLG;+L;qCgupV?EYz9D6eyN|x0#d8dgUbbjWB z=}iW_U}+X-5p(?#QC&nfis^d?KU)JsTM5gposPUabGnk03iaVKQhY29 zTg~+}Fz4R9GMWnp^31VNxX4yxxL?<5&^YXe(DBI34cW$2`$HkwUK)W*LQz z-JHxlcatIOJV9ZkK3L1S{?yp-En?z22gMm_}=Yn5SO}MUnC}{qe zQ2@nR>;+aK^2*(>-;^+l%*Ian1F!d*;j6}2NAL4(Nwboq;bH>5naP*x#A$oyIYB`q zG5cnnsplNVghi|-^@G0(N|J-Bfwt{3d(!2fDW4VRU*Yn=SYCiy){=g0=zF+EpAj>Umn0*!C4bg4anb@aOO)Z76+9DFhmO?LAfmz*PvA9R{e_Pm*uvnq!}?28gnQZeJGh~e=tBQ`B!Iz`G2-unA7xF%7JVivc; z%Z{%^I*T33;)^on4Z2F{<%T0I-qg*qanhltI~S;+U_Jp|S@Nn*TMox`j4R7yTIPCp z9lp%FPE;81*_E18Ci0f(M;!%q3k^n?fhR-a%Rxw30=BgLW_JW`DngPEwm}<%K|qL@T-Fd3s6YjBq{V~~9|hzh;58h6 zxpUE^e+?dvO@L&zbcr25nUhp)YE<*AYDp z>+vY7yvo6`@~R9PP&*r7$y=6h@}4#oU?gBRYF=_eaF^LS{J2cX2wY`Go=1}k5(~;q z1zRjz-3*rG1HCs=`q4lIWG(`BesL(Tf+Ft*4%Nf16>ntFnW@2Qt3r81hBz})2N+zV z;bW3O(;`*+wvcKs-C9p*k{nl-4r#0H*fEDTKXD}}8q~K0H$E#W&)Yd)ThxX0*QjwK zw<@ZU+F(B3S_-rmF&dP;7*c2UeWV@%_WC>>*bl#_n8>7$GsbZ0qa+8;9gje9pY3Zn z+u8Rg32dz6m9Z?jZZ0Zs)fA{W4LF)xJ3^zYj$nvl9ZZNd*7AFM_?xRUp+e&J8-PJx zZ`$gG8@L&{VY$Al-V#I&gnL7)b<_*=d8)i<&|+a%Ya$(g;%V~>$R!t{2F3SUrW}%@ zAx6>$dj_w~j7by>%Y7g!XH^B}@@ng%^qVbs;FNtV0ZORvpg5upy9?SRlhCyJem5v? zzG^Tp>DNkjhC7UW{g$8hp-59>hjUvs^VxcHz~|VKcSMU6r$e{D#cFnSh+V}|fP{W66yNRg+=4&K2CrIMm7poEGH_~JSjMJi9Gf^yf z2(^&%s;EH*&sZH9m0575t~+)mt^m9YElNuh5)$I@O)Cv@8|H07W2@K?Q#{+^vr$2X zX=?yQFLji$I+)B3+g6MseAz1TxOZPkt|tACRk#2PpNNaH;p17kivV9?VB%J#wedSP$Q7h$ph%_{Vj%^$kON^{cbGvZiNlh6{Dx! z6kMCYV`M1~uByB;+3V?!VT8i^H6{q{>JY7pSpn6b|2BgBH%tBNBH$h8Xk2YOlcojy zcywttL(_@~LOT|Sbq}9QA}Qhh;1S+yYtNMQsB^anpp4W8ZBW{I3bXfz20&C*;{wBj zKw}0DwjwjWgsQ9Ue4`e-=$8uzg${;^aBPORntQ|z<(UhZUm^-s~4GFP1K9o*M8 zl)rF;qGpAv+&Jmgb&`_E$hqRcpiUdCVMaO%OJY<04d(wr{AZV5T10u3-yk!`pvV;F z#d;E*h0(^!J@9AjcpvMJ-8sa3GKm40r7-ZR=SFgp-ID^T>w&(7sjXH9*KOr&Li$8I z60j{>pmTh??PFzJdjuzEhA^R<#GZ&v-7hA`Wnnp^)5|=i3Tz z7=7%(piOHXo*u~tbL1JRtl|j&i>}zMCS4j&ZhUr+QpLALQg=DJH}T+F*(b!H_;AUZ z^uzGOw5Fvvdr_(=;MadsxBf#Het7dqacKDWW3NCDUpgAUd~vi-WgLB9Tf3L~`h3JQ z!X~uO|JtkLA5>)jR`u&Tas>hyj;f&&HUY6esS8Jmy)Kz!lu6p%9&U3l2^<(3XWKvd z#Zzb>Cxgjzkit&ky`zxVL5$7f0*ScAxAUX6wv+sMsYSWUN}mbSfkne);YdOgDH$JM zk!(1DcizRgESvvuX2jxe)PR3e`hVRa|1YZf|9u6@7Dh(ic`${X9PO_VL49kJz{+Vj z$I85PWdKXk29sn%BJ|D-M1J1Blidc~7kq5G1>62!si9|_(d2VpEAEB$&;LT4|MQ>n z6dorThH1=xsxccE3;p_v@s^wWy^@U7Ld@C1_g@x#E+_UZHAG8og|z_pI}W9rFcKzl zM9cbd+tRy5t5#OIJUPrzVg+?Crtl4AX%Y;yU0kZMG8yM~!))1Sr;Sm9n1n^GZda*9 zC~Jw{_c-!scuKFC|M0%#(~{)PLdGmwbT?UG`tFyH3DMGiTe_7rjRyWUWd-nH)YM#% z08e1lz59mWFjrU7PDQ_uZTl?>qBD7D2=P-ZVOhgrdxw&zTa9Z@w>Xb-elNT3HPLZH zl-Yam00SO>_UHA#lYFc_yW5Q8kf3h!thI?z34@7+N0A+?EI`Xs)mwO@Qv5jqcuH~; zzr+ceb}HONZ&wZ@UtOqJCY|b~*8L!8#UGN|^tmuU*g6Qzxt^Er*lJrTJanJpN~aH+ zl2K*->NZ2p4N3y&Aka|z&6@I{mQKM%qeC+T_qc?F^2qiRf#Oc_1@p;9x||Th^^j!q z443*?J9x_tqCD4-8>iMSp?BK?7M|tQw=CD<%2@g}l+g|QOc7#|AGP=C&vQJ+zx5|v??2Ml+UD#rZ zn`s!09$)jFxoCXt=cyRi^j5(wfna~Fhc>e3B6S?e@u`<_PwmAPsy;O+a0erunwP)SR#|1r zRX{VMl5Gv|TcHQ+F*PBRoR})z6PioEoSOch=f{8d%*FHR(44CQd4_I2mVv{N7xMJ7 zN|6jckCh2ww~e!$QdK(?d7`4ODQnzpGK4ljU1Fs#C7uEll~S4xuqTDUdqE#;joR>W z58VV5qq&?7~1!J#{Irq88T3=+#)mnHoA<;mmF}RHu+OaP%~K7p6MIF zxUH!n&ea3(QnWRPCn7ftE@nkMy!7(En_dDir0=lu?|Or-`F^|qdmk+8&R#k21o{GcC0B$OS9xbV zwI*L`@7xd*aJC5>JCgJG58ej&u+5lVeeMsY&gJCm5cq`}bm)~r4`I$aW4bW8-_2%N z#}I23SRe)<#SvY3gSG31bmw8b(}wYcX~<2qn;^+(S-0B_WIEJ?01yf!37MATZ!-&Y z@+z~h+)iONU4VGp?GQL5ap>tv7&*Yxy?{_yzoXW-^7ejOyY!NXrt`De z*~K?pl#-qMqJ=ZZ$5XO?KPDOA|9jU3G`XFE63n8a3S(S6(_wmav$lEL{xu1kPZ8Ql$#I_@0Ao&FH z{nClJvaE3~ruwviZcsoNai%$n4RacvThnj=3Lmf*wu;S9)iEOEZrd+{^aaJm!=G%|iUk_()er=zolBTB*yxg8*U%=k$LLymF z5gf-vA7TD0%+&u`9sjGR&W8V1Gj6K8`$PI+f$O`Xy{)+z&7{IL^%H3`HH$yKZrT29 zdCluK_t~ZYRUzzaJfX9vHxk#34<+_4wA~3nMD_Gcerb=fhyb=(_ks7ml>BOgYyNn2 zEXHkJjWze_1w;N9x*uO_+80BI52?>bd05UVZWnD#^+)$%%!#R7FdU_HbCuFKU?!6- z=OfAMfw^VR7lZnkv?*=Z^~FwbbjCAvJYP6Sx7-b+3LSbMUqzVjA`q86OZ=k93ruWB zH#tv+t9TV(nsK`{QDO(wvg{GL7&JwnmcSw=Y_}XR;4f}u5s*~qx(_FnnFHe4Z z)PC;-JTa~yO~n-I&~3qrKhKvXtf-3Nt5DIbqE*v0jO-ofjm42>K%P~*nKOXZq{eP^ zW8?~Jzx>U0-RbbDivz@9E4N%E7GB%&8MpzF%UNuwEXJ% z?lavlbR#TC+P&OWTyW&5;0ysSB-mC-O3*Z0Flh0=Eo9Gx0OW9sWAL$%vgs(JGkXdN zaW3eal@0Y?;L)kbFybYR7hx^`g}t|qYinEAg;}d!XesW{qD6wcRB)$Af`mYELI@Oh z=xU2wai>KBBoHW);Lze;EVvYRDDLoO?Q{1&Yu$Ulz0cXdeb0A)-@WsXWXh2F4x3{< z<9(l3kCBi>rT1!UVj@6^KJe(p7mWuHVQX9^aCaVsU2v0>kJR%rEgVZUT&Il-Sw?nQ8j-Fo=*b-kg$*S$TUla5_ z7rrKF`3Q>&xF*2EYsbVF_bSuxo~vZk)8_|R^qYmiX1lHN`OWBBI;ri0IU?<(=x=_H z8)QqK$UriA8EDa@L-e+-LFs|~B}vDQf-=p-=)~9}k}N`&j@f=agmTs@ zn9OU05kkbfQG^IGbo=T6lI-B`sf_-dqED~M?5V;c9d-$bBEqTC3U6t-_zf_p73PLo-iB(>9(;6pJSk z?MAvKjk|HWRsQb#0PjmuKQSR+wt_&ZHkcxc37+=GBm_Aw-dSsFk1Qi|pmmI}6!So- zLdHl{NrkD8hKRu=Pv?_CV_CrCstFx#xFC)y!Ao)SH7WU@+Tnln;$a#Zd+tzn4sXCa zw#2{DUtUXs7rO!LR-MG_|5OyrY11e2>gmP<6)=KaBy23|B`=S7knhdz`@y|R{YaJR zViVlf%t|ozvQg&d_bQW3UzbR?DsSR94|+Wcw5%$r6^KY~?}a(=O?0R&Clvqax`<6I5bGiL4KKAJLgHkFk(*ci0rj|HSl4KtIFfKS2>)jOnB}Ik=kedrojl2y?w_ z!8tDipaF+k*;y?a`k#%6mO2#O`0y!Y(SkyM_G%s1%cGZT!}X9+|k6&BZ4HA5R~5 znK_?0RFYVwT**@Pz}Uvd_nHZCr&Y+S$qwyX?lYEs8W?oMPpGu6+5AR{cL4&hdf}BXUi!N=Ny8bxlw!MbBE)G-I}2J5oN`VM}m86!!X`&EX%!Q)|D~Frl*ZnJ6DeM)`oF zB$}18&Wg#bfb|naqc}w-$L~Oke@!}pU7w~@y^rrhDPC^_jP8B{x}>5|NC$(^Pd`y zyL;-`Jl}Psq*@Z4+$f=C0zZ-#;ob)}LC@AOy_{;Vkn8u$Ufx$;UyH_WnU@2&zz`^r0`>T9nG-@6EC%!OT+UVoO|5Pq5UXm?<(o# zZq}cIJp5~jn7;+cF%sp_!t&`!+nhF9G*Ul%?)%1b=$c>+OUSud8R^jE?sL%{*KyWf zWPx92xh>8ps1IAn~^!N)zf^t4mVn zjPLI@mIMG&W(0h^R90H~dhIhs3O3)6Jrl0xP!001oJcWlZO&)dT;R4s(6adc9^KrPZizVm$h@{U>J+tjIVcsrWgQbd_-# z6zQ^-*(eRvNqb;|;!;^FV-z+WIasWgQoU>cBau7-Ey1^WFN1bu@-35e1HaEb{@HEj z+HovNyu;vy8g18b(3fu7*a9G3v^lj)D7DLj8gB8jf|MAZxf=cy2zI(RtB?2g2&Qg` zx8}#Qj0*;jdG3rV0oeBBVl}f4y4mRLs`ZnJEj*vw&TWJ}-=Jq%_6V|UXzsyrvdB|S zu{5&5gVc0~zyW0&&=*_+Q{`U~K8J1KH=c=0xBF_JGvsuR8?@@DDcs_>Mwcga8s$VP zd!rKvN3c^?_PxwL_p#l&rZ@dvN&3SSU zn_KeCuW-~+!ud;xdPwiqmJwyk&HX}Emq^iWFW3-0rr3EELjmdHEabM`KJx(ScaxJx zs2QKqj|d>K#m+gpLpq#-ri>4%J#o%KHJdc$E5enap`it3qIFPkVlXLCaz+jI>(h7V z4i()c2;C|=O*4JxJ&4X$1G<7jvpdJ!8TUXRpApCdHo_NA>7^?vM_!_(a>hx!wdlQk z0BHFX4{cUE)k?bLoc1-5x=7Qln1MpiTI^(?s{M?AnaD?GI(;ri2VjtcTOMO;K zTX_MuG4PP~*Uo>yxAe^PAm44*)A#pWZT}^i3bYw5v^SLqzF-yKGrA^7>V^3$IazU) zlT;g*W_6TI)0w0d*Lyrsn*{0%@mxMQK&Umw*Y04eM)*l8mR^uM5zhq zcw1Q(RSJ!5P>51-gGNxf}!3APT5jsE*meJ}n zw{@~u?<`2P6aV_kF00gz*>f^tw~h{Dx$8>SuZ#Gi9-HS`$m+uSPFRfsS&P?C{{GI; zb#(N7P{3LlQ!d9vm3MDb+oL0wL&Qp^fQN8h*2cHy=Lh4&gJf66^gL$7HqVVrJh!1< za({>-ZqUTo=U-8`J2ki$Tylr#nqbKCxw6*jn>VE&WYRC8UJKQTC1R6@G}i=q9sVCb z?fsauxa%WvHn`vJqSnP&M=x|upz-nY$@8Uef6Y5;IVoPoQ{3h%?a7&JK==E=h$ovX z8*1MfdikDu|9tcPQdI8X1HKmT5K_yHe;-N8lu9*ub@*fM)0utn+P!N6-iMU@!R4RO zeA0Lsa^jnglxVbadrP10<;O8H)a(~+g8J?B4mT(dHB}|Ej%nPm&TLA4(EiowPR#@3 zVm~vp?!DcpjnA%y`n-u@5@DhJnD1cFR0g5m`YNl1Ylc;j56!pTzu)Em$){phwg?I{Jm&w3-4y(tjGPg zb=O0~Z^wP5)e4(UzyF=Adrmkot=f9T-{+ae<1XB%PDbs4)un^6? zR^*PDn8ykug}{;$&2t(3(dEovRKeY9wVD{I9ouh=h*IrGyZMP?l@aT;Qs0#@X3Ikl zPr}}RGZ!_sV0XqVa|m~&FlnxEQcylE8h0!*ys)D0DBXonY>xikHyU@n+ zoMv2j+G*J9QmOd<%AT8=mxG5}x9==%0PCP0&cPkJE$~c(f!o!!f_94mKv6acD7EiF zgq^ig!yas#ikHyRKA2Q<*-n{%@7g~w)IV*4$J*J~Y$tPaC+#s0OgfA;T!m5&P8)<<5!L z2^g+euPfAAm%?6)ve#_nINf2K*}Qwm($L~j^S&>a0zp_?q_yeI43v)+{j1#2iV>2> zjxKs?6e}~yi=xKbib-l4a*|nA({Hws0*b6bc}CEuKm6D%;|B!|nQ~)WBK5O*w7XjE zpv=rUWhg)j53qeVpStMIJ1*PT=&(Ih*lw*^@jF$|Y>;H8o3|n=?)%M1=UlrbSdM}` zXmY@4xIfgxRft4^*;(TTu9`lU9oV_rf5_Xl^)ZDM@1i5~&_hCz=CjMuNMWd{6Cz1A zW8~GK{g9{(R4$aqf4=^K=p#e;;cH) zWyk=iK`Q%4rcX6bzb_8{PRUZuHQP!?&d>raUuH8A5(TCJB9S}k{@4Mdm9Q@s4}7g` zb7owy}5j^hYtQA_Yg5LqLDXk4pA3;r;L-8;LU?;{VHjsBJVG-QFQ zLarPB#%r*J5kHZO;*|?ICeu!HQWS7-nt(gM`0<{xX@KuVrPu;%AqkHf9sG%o0#qw5 z(c6kMns6HhH%{vdbw+(CVX_kruixCNRq^Q5x-m2Y>O)R5N&rT^zQp9-~d^{JZI ze4r**Qsem#@i@OxV~VI@TZ&xUaayp=Mc;}OwDR>iVEN@(agXPOo69D?uT$rv&nkrq z-Ky*QO!7TgKMc!s`%YaGa9yBPbk%A+M1!`-76u2lBLNJem1;^V0DN~>bIE#eGBF<^ z68g;XV!F;2cFedvEtTq-KXq^(EvMz|Q{h?x$w62rh8JO5Sy_H#f(ljU#P4i+6Nzls zUtn!KTep_PILI4C%J7&`=~wlW!Nm-bB$vZ)?;Q_?EJWU^4cpuIdAfT=sT%w7qKitL zDQ_Vy1Z9zUY9>F0#d_O$EdXz2AzNhzd}MF()id36)~b}QD!nGpQZq03&a3faOI(Wl zuLKkNQso1FmG8Ua%~$nxd1{L}>sE6>pg755$!5-OmtR1jqzkK&U!G-rKfdcKCH7T6 zL^4!J(kE|9j>s=^F0h#VOMGZyp`w)Ohupy8SI#iqe2sEYoza|CQoLbj>SjeVOm!si zH`5H2`4|?Q12MhEiK|rc8}m#XlE^4OQ z4S_nXyerd2{S%Y$A0~IIX@<|;&I5%+Uwb+Tuy#8NerV_85;43LTbImgrIivSWsk=5 z%J0Brq*Z+8RcFD4ZqcI<)qMwS{I3IF32rnwt9dW4+*C-BjW7t+0Y50=d*V^>xCt#- zH=|a~Q*&h!tn~So2KiQAQ5a$^w_^#GAUaU2pm(tOByFOj=b68K;}0uFPV$VNYXVDe zvBNRk&VYAjY8sMpMA2-2AK!>>Jl$3H5W4($wrO{~TCb&{F&qtJ;Xges!z0V_p1D#f zR~>%tB0dKu`FVNkN|=~r-;42puU*nQ48JG&td_R^j8At+*Nx>5**#niC}V;|np{#L z*N`o386C(bU#&<%a6ed^wX)}1#LcdXA z-P_I~*T;}1_+nhi7zcT%c z>M72^IguMu=2$!2bIB!KAU=9(|7tr$LS-ibSBBK&gdWzMZ#Z)oqoKPP?D{L; z^mfGq1u$I9;m(K&^(Z^KWaDbRCN@Y?8TA^}F_ymMth1e}Tm%nElp%8%<_Y1w6Z!S` zG5;^eO*bc&d66)2x4G2bCB!&a=iml?8vhlyYCd|j$22Aus3$JTS=P*J6{NHcQi)P4 zggYRJzQn=>ULwYgQtfPp8x^W)Q$}G|LnbgfgCtN1ufta1`PPaEQtMYhI7^&lwf~5y zQP{Eb039sh(dj09X5SwBQ}cVe%|+PCDU4e4_qn{U1nQxq;wDr*S)c!P4mS0%DA5qnkO8mWMZVM7P8PDDxB ztEW(O!={h=oKqv7wXyzH#6SPv{$|%cIgg)sm*++hA+ zWnx0Q`^^y>>$7@;^H9F^y~@Ty=Y2;Sr7^pE9IcLhw`@X}ex}Oyy<;cq{|Dke-D)GA zrW%VrP+6ym_%J_woR(I*AALW0FDK$tX5q%Z76AgVgqY4Z$~dlg9j!A~5aK!1O*h%* z2FX~-nfS5~4fa)d`J>3z>VW0eDTC`tS<)B&-A2PJ z=Uu93*aera(QWnDElEyKuL;J;t_gyo3h@pO-9<9d0sGekyCNPJEMBl?{8|pLM?I>4 z;Vi7!BWz3H2WU^_sD6x>=0CEnwKupugw{Nt;8#N0>&Z()mm;?oB#Zm@2eu5nDw-RZ zKmRlc({wy`7#TVfU*s#h_0E3%nxG@Cu+ID_#0y?bENSq*4Z{%AcGxCP2Ja~oVT`Y| zggCP`sJ0C~exW+78;$1i|H*tH) zR64_U&mz8I!L0e{;W1`qB=Fp4%ED_%)2gMYGqXR_u(w(|du--YB2^#blJlHsrgO zJB-d@Ek7qGi#2h)8jT&#;Hdlpd%ZDP_L(Xw3dq+lYo9 z&qrw+wlF$tPViuYre=-PcQ~o6E=O7XBJVs>RVU%|jdhP4@1EAY8Xt6OC1XWu&bJeH zk{c!!VTSM$9rrfN(VoS&SG92NVuaxSs02d~0;{*A?*dhI)_Ln&EA@Gsey~WQZQdey zSI>Rnk)!3=y~HmtbJt4J6xTxY<=cv^F^j{RK++^9nvTkMothdF%Cg=jVCeVCc;W&h zddW3(s%-cTSPI2v--D44$+g4=vS1a1tac^~=LG=~&Ox0ekjV)~&QNh2nnVLFbj$}f ztV7&z-ERo_50d9stO0uJyp%bbj6zx>iDJ&%sXk)s{{HNR3 zu*wN-^)H4A9+2J%TF$a9ZeeY_VoN0(0#X6_F716NVD)oJ*JYV|Pwu6cEbdNiGR9ss zTHY(i^J1fG#;HTuGCOV97@K5b6mDPh{Zs)FZ7FiDR=9n`(Xt`s#blyXnL<`6iy}7P z*<@i`gN}s0Y?XzSo5TPWbv{wGUkDVMpCMbN+;Y>I(L$R8jYu@$5qDu{0-0Ld&| z!ImC-nYEN8Gh7dR@$Avrw#RoF+Gj&hQ-Pr=bNoH#Dc)@#3|Rmj3>MlcH)`Q9i*Q%C zw6_Fbyo|f_nHyOG`Ly1xf)z5|GoWgqM%YuYe%u7ZT8|IhJq}}@i}2{$=sf$pTE=VNU3j2YQ?s%yQrtv>|<|Z z&RX({8>F*z3x%CubnWZOQ#-MVi?L>xb%`z>GstQp{XV0DvWKIlS;vf*7{zf>Twe+4 zlct;+!t`yiw#Fr)5UZN|#W2QEgRp{V3)dJb#YxJJZHn9V|6auZ?d-;DjK$XO&1-`7 zPn)8$LcNBkjtUpY@4I~Mp5JUpLVaiswFbZVA7cFrZv3C5c<~?jLPaJ~cc#B3_(jt% zWA1d}yOk)V*~aAD4*BkAx^qubTg8y&`7MD+cX#irwXu5^91*RMpg1A7QE-VGPJP2o zVa8N)+Yw+bN{+|h01 zTnJy@JH@?+o@XBxCOK#BPc4VL7Q~#V_e|-_g1|W}00>n!qR=Yu;SuJV;Hu%o_KJe( zDw}ZSp6TTcGT%E_2d(17*97N5x3BQetHi=RDuR1CMuM*icD!=F@KGB{y>%+NCNM6# zTmZM{M>;Zmx_tii`I#~rMV;e8_-g`FU*UlJ(bojpx1E~wuL)kX%>HssP%ol||Gg%7 z^L2Kl@%Y9B-jw3(d@koiFW@YMo-N>jNaH8d`M_7aw#5{`*kQ@#H_wvz; zt>ERF#fyobV5NC|jjl+U9O&{mlDSPC^jEAwRO!!H!@qTI;zzl6b&)z>K0xn*%2P(| z!ZcOvfNoqaY8!EzWkH{Yw^qS@XfMt|CYxa`R*fK~`u?(MN)!r%T^UdSlTN1*rd_(T(%olo|1J6d>F>YkP{I;@kL{lTvC>rrC+N?G1x`hK zd&U5hjHYe}wwJ-FkmJJvRYE@clE}>hm-Gz6vg|!LW3Zj%RSh4+bl}x1<-V=#NQ+dS zkRvIL?p*YdAUHR=2Zaj5I|J5uv;DDr`*GMB&B=qc%M5q(E|(CNB3|0`7MSG&qEe3e zStgE$_qg4CqdCW)|Z&)+%Yru>6d_3NB%RdJLkx7M;HAok!RnK*ov`^kgkh+#`R2XBnLT+VIcjWxdP6t6lRHVII!5^} z#d09QgLk;-$`<@m3>ENY{O)%Vo27cH{TX7;-GU3!GZPfqL$(z7|Fm=dr*0DK9qdgr z*@L!MvxhrklD-R`SHs+nK@}C*_sS+f`|(dj*9{FFAph+EQV%G*4Fb+12I7d)-)HlHP`S`QsWx6uf>`V_EP-#( zcG_j3@`5-KFl|;}ZGd!G2ky-1fqp~V_(0<*ufkE(QS&&{JL$K5&rsox#3wKxnD?gd zLO!lN+_c_FzZvQOR3@kX%aPKL=*L3QsI2BI+L?)&S|)KnV^7TaD21I%Y&Cs| zILRU{wjVNJ9kdB`uJG*eH*AY$S6beU^TKhpQcjw6Fd1sqU@%=m%#Ol{5Q-#l7v46Q zsB9y=p?haq4_G0Fo_(<6rW`w+z%v-RhDkA69P^woBWn)zX~xnbEDHnPAO1m zd}mFlsi`+Ao5n=R4}$XNIPEA3BH=*E;)qZS?X7_rTAY46)2jlOzu^&gIP5<3%<34` z$FgvEy>v=Sup7y{qkl7r76_Fi#Hh*#lj#zo{Uy`4jXZLw>YW-0t5735jeI`EQT4P@ z1}ms{G$h46s7_W`5hSpzb&Std+>yj2{u1Zj4;t1%p`fid%LIq}Qq}Dc$g;#mu_g+J zkE|nN*jwsaoS!tTlgV|tf?9KHY3&fOZFNI<9*JFdk2d@O9gj#rAD|^9yyOYn#-fRV zyO~*yYp~U&DnqbGHI65fLl;vN#p+$uu@p%X78V6`i_`<#e~CA6Sgrp&jM2c!0Oa_T zbaC0Tt242v>hA;ck>EVkhOPonw}YI5{tFH`l=zLyhwikGY~?6UqZ-k@7-r{FsH2{Y z>Ia2bjr0wqCb$?OVaMTi`wKtAnjyoiyQznQhHr6cjDjJa?!)*CSev1Mk@7 z-svn(RZr&bH-9C_Gakeyk+kDTKzg0R!o)Sf{rHjJ;;04Krc|FF;TJe_IjG;~dkm2_ zg{BvH5K04bO>lR{=qG*~{F>mW2>yFRA4yXFfR=zs&1pGwTNy9VErzOZ=h^2ZSD`X; z0w2?jGWT6P{GH}>8TFjv_Hlmx&>!T8x{BJ04c&&L2$FTYW*0H7mxYgKUtxLOfe(lg z&c72!()<=)ugf2L zO%VEcl>T?=z}E!ZOebWH;v`3LQr;4pSM8shAB{F9_TclY%j=j=TE=S84!eur`$TIT z_xT^x+3$~kA(WP@wf#cXZ%~4w`BJ$JnO%0Ls=Jet+K_kP z7`WMInTRL-O4Kf*gCC>{@RCV6R%gdJvF|ef? zE*j>$e8RJfxFi7e2Y_AqB{!CT7xPcYe+kaaAO?XaPWv4qu;Xxtn)L%tICdxzgZAmt ziT^b(HWu}>Fzj8BST9&QGD>_5=Q4AQ5{a!lNu?nxD0 z;crJ8OZ?)=e{qk}gXNR8Lb?#DE>5uUot*u;wfwwVXI-B8MqhR%bFr?88re8BRm|Av zt6FBliR@Aw-l0ohH&-U^g4{vtYxb3(JlOJx2SUFMmVx4|i=b7FualKnzaO zg;RAR>YUTb<2M#bnihq8xN*L?KG%W`gTqvW=-9|^qR6`JMUZ+*)8lP3+mv!%iuBKH zEdF{;v3FFbqS^)TX<`s<6IrgRF&ZjaKg=_^>YgWTE{ZU|X+p2XZEmwbwG~|xCyboS zZxW^TnXH7HMCa?SNKASKAzw>Rq71o9>cUY#RLzp;JWjNf?A|E4*H=QH2v;wh^lXl6 zEL2E$Y*|HHun@0AUMLK4H=-Ac_<}P*J8b|@WcNzJT+BQb6v~NmV9mk}Q`)guX3JO^ zb{WQ2U&q39zf+z-Z0jOr)|1wBZw~g>R+E&@3>?ED+c!inCw9ykxT>dvHMJTUtmhh9 zz;D#PR_?uHXvYmC!SBXPP~qLOba7ehcEO=`-$~cwXn{Y{wQ1Qb??;7!CQ9{&8m8Ow z?)X*cU;rA4GE8IxWr|0Y)1YC@YA|RElK6i7Yqs3JGZS%$!yQrP*ZHEKeNc8$*!@Fv;oN$PI zjBtu7DC5^6G%5n&1vQ$|fOdjmFQvru)`y(KAl4=Wm%C?gw3+j)m+bfRrvYCCbXw(A zV&F>5G0`Stt(HFg@EbL^S37kIsz*l^NYCzB7HeRlt;h#8@#T;<5>u|AB$;^upym3# zcx(r>`|=wJ75{M|{kKS*ZrnQ!cNgbdpL;=P`)>uW(*J3|`sXkHH~qY$Z;!kY?Ku?^ zT9huu`;y^z<>0oAh>kI(-lMZDCbCx^k4Ia^)W;y3M1$ETc>sXod{XC}P+K&YLXwfj zG-yLLj#}45A29AbG%bdq&;`Y&QX8#8=xg&5iv%?}4;v}7`Y5G zFIx_)f{9JyNkxAaBayL^iQT_8m8-59wMnuMZ;wDx66+t&hV|^$xWwek?%eD>3X))! zqYrvf)&*3yEjlg=h|P(_dzzE{G4DfJQB>d{sdd*JD?r-rP)~IO4-N$| zXfRONI02@5$xS*F7zGc@pulEZ`m@xel=qcLy0$WmUepVLqg=U7c8i8jZvLwF(J-0A zi9$EtS-dHQoUQ)qnM;~>n<03MO*?T)8tv+la$S3AhwV((j5%2vr@pje+u;(wJzRWQqZK$&92_zLfU?boYs&W8tQ)4vHrwx zl2wiML9B=ih0Zj7*x)t}LpyUdr#Ddvw8x53`(AOdzgJ5+8!8)sz9-DJRvaC_$q9Mn zt`M`v#UTvw9;-;Wd8mV4|G;3DxHs;HDPG7y=hQ*d3_W_u527m-cB}E8uYh)A%P5S! zGZ!E{MqArCi`J35c)z;P)P0tGf6zo=JfD1^fs-b8*vB>b0G5_JD$;4khW;Jf$)}-E zxOY&=Xq&nC7T-huMY@8V5{=WfV6D}Kj}0A^_sa3xnamEwyWta0matXQYv#oG*_9Gi zanmfcM`P9I#yO?kBhB+m7yVhCa}UO{xd8U!?cMjK{GIQ{Okez3kukt@g$F&i@JQsC zvWh?N>}mV*r<2$RPT#Ky4jZrL@G2yt`+ran5_sTqYTvgTKG|g-#pw^T#7`Y9-lps# zIwc7h--a3+stpWO3@Y9tWgTunQ7d~oh^&TDS>@5_rgrN(&leba3~p4n4#iI3&9?R2 z2i#IYyiw!MvC9olKEpQvY-$db<2iyY2cd8hp}YaEubn+x+~ z^0#QQlQ{U;HI|dF#D?BR1=^>jO(jZvDU)FB*K-*ZZ4i5I@dKc3S~bBGpX;q{oQPsA zv8x{BvV?R=fpbHuDb|;sO5MD_1_`{dq^Tj_z6UK38`7ydZEm-X8 zL|<-k4?{KgX9sEfuMUVzx(@tS0(r-I>sc`|z+UiQZ-@7i%v@Emfhhm>k&pg z?L%YMZ4%r@AcM7Oe!OL~N^Uf5bo$vR!5MJMKHD1Q_*~iFe zdr0KCB<~n)-6I*Od|@GdC*ZZ+$dE}744GT$oRV1N%xohMlm}Hm8^`ac^(ErDX7%a% zo4(@P?f>iX#KwC~fv&tn`TLRt+h$d961yO#E^I*4D1kiZm}>;$_@QLJzM9}5sX`Zf zH!~5iAwi4px>c~iM&Wt|{As89EdBe1 zllfo@R;OP?z1^GkW1{7jDHe0DMeFaeLl8(i*Yq)|kiXZC|c(=G=PKJ7@v!_V%R^FFZLL1N?)jTMaL5;dDt# zneI@3+cIWfi&=@z_!4k?GNI2UrWisg(iI6y$BIzsthh~K#Im1(I&YFYRij9at{j=>lIzSRQt<#BbVUSY<2(i_z|NF%DUliBi+bB}_=VHZdOP=xNLVhF07Dc8#>_QS2PpNidXn+x^gH!AD$tu}S^~9*ychv0s$4v+;EVq-Pb+E_CeE8hD%qqdN)l7^ zwvhU)F1npHiY3-jX;du6?HGC-s2&YeVn!h2t4*oB%U0gewyS7qzm%+|;US);F1AXw zH;#0{mmtt+83UxC0LWf6)AO*w#OrO1l7+gDe*Q?_Y8NbN2s;XADrG&{CtT4_5-%0w zKmbq&`lfh|9JWC4d9{c8i!SHGy)?_2JWNo6K>KeyYdkT6+Nw*JG+niXS8Y?X@3oHL z&!~6wN39$9)!xX=pZsXo_c1Xr*bGwpa5_9$7QVt z36xdKp1eEePN6U6F8C%YjYG{gG)hpa3khfMuhA=)oSvVw^-40-lwC7Bs7ylY zd7;BZZg{p9dwziox0gSdAvQ|Rlka@M3@FFqFv4p%4|bNaYRIoOy|{bf&M?iGvs!r>V_oY}jHD<6NZ$v|VS0;v34bZP6mSLhVQ(fZeqV1edB@#vj(Djqxl~B!b z5MPi0AOP5ehO<4eDxUVQAHk_gtmIILeYaH0x$RRX9JY-Jj8SaCwv|RIVg#3rLlZza zU>6FND_2~Is)MnWpq(3vq4dYq?#4?%;Bv8LM@rn2jkA)k7hPeOtenDnZl=GTCOlxJ z<&ymUUQq0V|4=Pxj{6fE%;0A(JH%`|E11y!gcKp@*#XnYbOl+zzK0lq??2{ z#p(%50#NJ4j|~LwbRxNtObOeW6qkU56Un&2+=1l-(m!_yJ# zds>Gx*1e;XN8V*(vERk$WTFI?o|0PZtcA8SvxkRcWIUz~NL5Jpr`ABWDbHQd3PMOz zqA%PDJ&{|^UF{8=nPW2@(;Jx)7Uj>0F2Lo~E+B))KAM|ZmebkF7kV0j-wreNwr;g` zb~`vm%1tfy*kwGD))pLA17#r!M+XRX77O6~X{2K@B1wixc{B}9dI=}Mka)h(w48xr z3%r{O{f-d{S~P|N?eSuo1G7^K>^inQi>MM9q51k~n)*sf@-WJalzN(l&6m70do0Vf zNFQ?~QR2fBtI@~NPRgw#92rX>a$2Q2=pi3)&U8&sap#)A>Q|e#B-XW@Iz>Uz z7p)UwJ8!BeZ9Gpfxj&tE954V=%jGn5Og=khw*d!RyCN7ab>qb}A zK;ZCMI#v|S@~|4zTYHbN6-H>5ZdP2Ix7HdN21X)Gzt+K9OrFtQt=XD^*9W zS}Hm?C@7%-)(6(&_LFb;bre*i5Ctop%YCRF;q#Juatf}s1d8Sh!QiVxy$ji&? zXx0eQk5*VeLFd&vpu)~7SzSLit<-m?6xkWA@NpvT&Xmx`=6oQtOC@uOEDLz-mXY#A zNFvMnRG0Wb0hXB?A_T-*>nW(WWGX}YK0dE+e2PAlS)1-0TTd|pU7_Z`EP3n~Y6d#2 zFwD5#S@fYaJ)|xnpE1Zr8)Nhn{1kK#%8KLn8i1ANlcuF{w)h@Mz*fgG$`{}wPwJmBAVPTnD6!TF%8lzoUoipeTF}#*)+4oE?Y&#gJ6xLOOgb`-p2U66A9)+eUS$WZag>?ZMStXF z^3rijK8xA#`Rea<@_ulT>X2MaMJ9G%&-b@C=Us6{?ZeUFnH&4jEsTjD8w;{(R5p`R za~27MXY?|xpXGYb{A5b^e|%68c&YGUP|LCo$Mo3v*$7|&m~o>=e+3I`<|U5ljPUCc(wtETf&cm_`{rV7bCaO zvpL%L_k~jYB$jC0FiY6=!CEH0Xzz{tI|@L(^D8{svY>7!<70fR!HX&}Tth;0GU|IR z(&%Uxv1J*Qt%})*0#tYx_&zEWy)U4Q>l_l`o|ZQRZE^j@5x)<1mPr?CuqFyLa$!kLK8GKEGEf zEmC?+S#8*ghb-$glj(9DoxNZghy#JKYYs`wmTHVA_wyLe*nJ&pb0AXCTZ(@r(o z=~t^-!4S~|3$1(~>2Wn&y|m~pMIPAar{Ea=D* zA}!(PAQ7@GjZelX6soYe&Yo@iOCLGid{(FuSVj$V1`J8nShrKJEtBXOriRdfwCQ|O zYl&p!j|R8uvSD5x5HwA^KRi}>*nyIzne zp-m_Fjnzdy8fMZdCSg=i6tm^RKo^5IHMGk!PF!hRwRKqA_L+&X+a6zx(o^jE(n(*M zGck%eBW2DmQxfTQp`c>U&dxJ<+gtYZ*;`mGma?VnWIxfSiMv=UQl*Q(P79!Pegu5$-uC;FX_49GGUW1l@oJ_Wz7ym@*xwa)ckzs>Zgr9Vlxw; zW(QGgcO8ULTi82QYK)uI02EwsWGY>S=3q0mfZ6A~CJbX8vG+l(^xE=K`ngWBEm5LS zUVSbRY;{*??h>#R@MYJnM2dOx;zj5?Xfix_(_N=4CV$H3qZ7H-qq)$cW1U&@D$yoq zfBm-`J`wti%`OiG#?&o0fAl-q=9Go!SS8v`JTm$aOtIfQT4PLA=MgmD`2*BR9wXtZ zqnsDHtJ=$|0OBg$miJ~Z1htmB@Tr9zpHl9^UFPk7+A4RlIFCg~fg~kpazju!7si4p zc|3-T<+Yj-Wu#G0rZeyiYRmPCa?0Ef`Y}&5e=L!@NLe{dItmr8A$iJs9LN1s9WlMN zraRs_jDsL%G7}z0WdmVqJ(7nZd>b{zTkqzppiC+*a?)|UYrI=Lu^l4<#w#o=b|OWQ zv~8GLI~1y#mkM|30fPLT8fD{NbEwMm?TS^Y>0~VviPV?qXk!*Zn~R_oxA3hp5jh~8 z=x;j+knFi1RV`bGER;NtNn{A%&=as6C6mt$+ZK&S)D6`vb#43A#iJ{o2P+WJ4*mry z(NH7#!a<~LwV+!8C|`oP#jX>e3WVw22XG!D9nN3l?{UfwQ=2KgDu39p$L)9C zZ9v^lrmH=rr8*H(;*$-qluS^q!9RhbsxZN~vnf@pLZC z@smNf?}qor>2ltWMtyL%`(emw`^sX@?%k4Wf*H5-!92fXJL10vT6q5evICeLVOb&W zRGcR{Suw5WvYB=Ne0msB*;iTIm?_SWo7tPLH-Gl#BHrN%Q`G;52{_?2m$*Y9JXJML zpFj53ZkL^h=W%};>@ML=nt&XGmvO!55hM680yco)E#c72K`r>2l&Dbd6-|>+ka*}D zg-nzH+kZv6tBx$&rb7z&W~o(BUcb+I?XdUIo4uT;ezMYl^{uIWBI z$2^>UR+@M^ayYu*S4VBP1XjhWmFF3tic_B=h6aNBYu8n*=QrP~DAK9HbT)-I zgqXuSc{ffu-G+J3CN(1gC8{O=W1}P4uc#qu=L>u<6!fZd^9}rXgnFs6O3jA)T{x9m zmOvBHdRY1*nmnvsknElniQ5X7b3InGYbqTzm8C7}tY zrAZ2kkieJf8PjtJTIo&r8IEscxU`*@?UuSi$kI=6?!t3;_i;;#tD{yxEtleRi3oSQ z`|=BPk~8q!DIFDZr?$bNj%1%pKggJp9-s=D*| zRUD9{7c3kDP;)28xR&?~9piTJ+{1!;-dsjzg|wMYHiL~f8ZKszKl+it`+O5nDbehc z)&9gW`p#{yxn-e zpwF?spo^ilG@ zdhxp*tsqpkqy+Wq%+#ij@hGzd1?i8PKT@3e{X4~(+JB1T?7y0EvZvrx2D1yUP&yu| z6Kfa9rAKGRIh4=d9U;EoC%B>ZG&USti8q2nU?){aFpIQiXqTx-J1)GFCHcO>iVx{P zc{P23{k>@uvGe!oLfxCe{||HT9oN*8_lx7#E}+soD7_=S2`bWi3xR}y5Q0(y5_+}L zn?VvfN(n6l43I!*HhPs3S}4*xh*UxJW_O>vclY-^``mq=*Z%Ik=Z|pCejwE=JKe}v5dx)(>Xsekg0r2D9B^-Yk%4&Wg$273Y>cAG@^T|KlFV zH+0%khRc~U$qe^^!|0a;AA&neyO>wr9>&{~fq>aoUfO27DrWgP)W z9=yPzI>V-W*$UXzx+|t|x|`qoUGXUUMl8w7Hy(kxTtP7Ojlr9|4>Hd z_66&XcRQhNP#6!x1)%fqoZSFs&wo7hEMju zJ9ezWEZum4VwtK-PN3{Ot&?zMOMdp^Mb}-p<-}fd(W|nfBx&QiI1A`N%M4izZm4g! z41uMEShc*5MGLkow^DFDL9Zcoa!Ey;^`hlA)<6T=aRoWsrPHlM0E6Fen#*cJNUBYX zv9^~Sx68M_@(T9^^}9L4>r4i5Bo;|RJaw|*kt6aceeCJq zbtHd(@Lyd8;9kZpE)*UUFXq*lz74Mr!$7yArmXbSo_1 z=j>cg)$!spXR)QB3)yh#7Go}^;U2G?j`6XKsw{<^>08+o)(6@ZZU$CQq=+Otv!oIx zg+Eop+2n2^q%E_Jky?%c^jn>=wC1j4dJimFYM`UsRD#>fa_44Br;E%LiyB$Iu}p^S zQg^Z*bB4Hcr2=KMic;~Gw}5jYoz?ki3nEtvRc(qN{t?-1L7Slmm}rVJ;qezHOC=kx z$75)1Cz~{eZxz6gh9q&))ToW&Q`I^enuMvExzeZmR&uiI;0UF0`ttGG5~m;Br$IxF zM)uvW^T&Q-gbMkg>O$60LQF5^NPPZq1E8{XyVw%NvKvP)Q1&d>Z`q4!OYj0%O~n47 zz|Q)%U!? zeEM&#;p{z?yny&+zCE|KkI8KvWWH>P_dkBqTu2|PKixG7jqsRFUA+Ht^!CKRo&Vqd z^ONeKA^{HpVB8!GM^FnmRf$fj<wTCBFTVshl*sLmmvCj~#4x(e21bX98+4m)CBoLQT*^7=JV+{5_Zd zIh9e9i5m8UkeAw?{_k4NV={2Q3W9rZv?|*`=etmF!uqQB+M2QB-I%oS6aRr}S$)0x`yq1!mZrsxkq?Xt&8up@95;G#b{+jh4#oa3aS~P`uA9}Ku&K4^g8kug$3rP6!8-3|Er&Q}4@F)37sr`J zq~{gYx*JsB^5<~N3=1nn-u~;W){=3PQFl-`6;L`eJI(fy%Juc7cVk!o5RM+}jNZ?P z%qt!7Z@*?DH0Y&wuJaYuf>5J^GwMFNXMwF`Z74cc(ZP{6oo=r125 zQSNi^3KHxrCD{}GPM=fycFRE{@jef`(d*hGe-qFQLc)U80>jl`lT{inVOD@*ll^S@ znF^qrKH307cCHF^fJ;TCc(D+*&+_3qcXYmg{Bc2wKCam$e@w?d{$^EM_F_V0^QTVd zS5#WYCzREp?hp>MmFh6QMfe4sobjReXh#V4S39a~yMxX1;gOLtv2@4B$$}3TTz*5#w zmajBIV(4gM1W{2nJtcAO*JwpO8iBg+3VJeA<)G++j@_0f_?5=^>|A+!%rbwmU9c|1 zf5aw1rX#jkufWNg>gK#y0l}$txZ`_06-c71++DUqn(=PwV*oW*)o^*G5fgiWN>>%< zlTI-}YL7|L5FRh?*NZrId6^jU;O&3(8lM>oM{~faR(!SN;k9<*X_P+&oJ+x8#C0!> zn}4lkBQ>1K^7ibqdV6v7(8Y_VeJu@#*nv5x%xHrA`MO>8xguI|v{14fXmD7c&GPn; z8&KFS$!PpFF2dz5I#rC&iTo%A@qDJ`GTi;nROHQ-nE{||_oTPAOYfMUJ2ehN3^~}C zK!crebr-7M0i;zw4NZBwhZS(y7zS=sxnfGt3o9-^xeg=)P?;w1+#N2`LpG#f1WWP^-N82+mLKPXEz@P5AbQ*7x!#iHrDX;XJVqw z{{`^Y|AWX@W24BRSTC=}kFTNjM%fMmUtZFp>XdG&={|Vvvauvx6DO|UQ54AXTE^w! ztwA-ybwPzxrBa3YP4Q^n@FmDL4)UPqzI`ofQ>#-Vdst7S5-sG99;?vLZSk!dFI)gV zDgeV1-G$X7_Xo;1IQ)q7pKHrsO&N!f@Xg}E199t8x{^DFOLD`5lVdn%Rr@`!*OORu zQ=KONua4w>gBO}hS_2;rDgqn!;wmOx9RH8m;{5Myca(-`JZHG+^Wz$O-&wb6FG=x* zE8SY#nK!a35bKP%Nji()e90!8q&Hk?os5Di1 zL+rdYa+T142_@T>;q;`J4)gi307kNrC#1mn!Oy@pEFa|ibh;^q92h1qX%;c>*AmOG zSZPzV$?d+V+f-IBN^}z<^&0)1k5KJjeS}7z{6AA+|GNqmK(4MX>3`qkN2;s7@8Fvp zZPILRlCfUN9F zhCM*TR78`z?FgaNS-^tf&zt0ZLjb^f)VdQ47JO}EBJf5q8PT*IO158a>I3*@FN>4< z5Y)v~>h|XDl=P75KgoRe{R|2uM%%ywvq8Xs#a?$~ zGk>%wUTv?fQ0=?)t!ks1bt5GLvDVJNrr|Z!bl|RAU7?>G(RIAAogYKO>C}n|PY#Cy zuo;%07Z`ZZ^HvIB;fOPCY4CBV`|8Cnk*%s%{wm_*$Akj}!ZDmU1nYE>5_bpc4O zyCP2kx0nN_6Qp?VJzs9E<=Ktqik;0>f@GnyvN%WrwYTAXO^}b7QlK9Q1Zl)ELDX-|_ne(&B z7Ud2^G&}O-mNoV`zC5XG(nx1yIq_A!CH zj~a7|FQ%uMFQ9W!^a#}oUQjcF%pB@K#I3l8myt z@%!&fnc!aeO6bA>%NFBudO@3){C88UQUuK4m{bTFY&gJ85zc- zARP1+(#HHeW@cJItYBlU2SX6uH@&vfWvvy8HL9fQpTigP*br90GC?J2{{SkJj5D{w z_@R)tXj3l_cUJy}?XoN&U&2dCRAyG}x>d&8vd=t7$Md+f1Hp$1nzK`t`g!nJ)UB28n zl%#Y*E7~AIT@b6m-DP#!iU`8HdP!%FX39Hww6nK!zMnT<@RD+OZ^d-QKXmAKxxyz| z@FG$ug@bc~1n^84{7vJlP*smYhdoqB6aEPO%XsrTp|PnEw6n*>cwA|u!#xxIC)_u3 z$LTa3|0Hbs{kTHmVBF{44}UW_#clgtI~f0}^P8q^-9)p~gvOAMRR+-=`*8XUiLZB5 zfJQu!;AM9{>t!V(e8yP4tvcDsA7&|A}WZuyfX3&+f4D`{*waNkSz6}~0Za~~sII{%a2Rr&dX z9qn!QPU86vhG^2&yZ$!)G7-8cIaT$PV|M5KN~QIUQZ)00=>{*GAob*5Vne!gsdf`- za0`!x&l=oYI7QI*0TH2jidG&nscA@^=~M$o>JV#IxcEM}PTYkaG^E!m-% z?4I@K{JiyS=|}B5iaJe+J0{;F-Lucy)qaNgAM(M5IY}>fO@SE_F?WbEPVF9ZRl+Mo z^@MqQ;HAJvMDh|*wX@I&(qGyK10_+s&c^5mRQenqK3isu(X{FD`6)!WeP`;h8gx)) zmmr&<38WntO=_NX8+fgs1-;!WSEI61Ek{(D9>LFMmDDTd&V&$8tZd&_d7i}@OHadZ zZ-ok;Jbn?HTfDiEEz5-ve&_s<-sb~ykF))z(=)*FZC{s8LI2JfY1ZMC!9iakx6#ya z+B~Yi&whQ{8R6Yt(wL3I^2e*+hzq>L34uDh`NSl7k)z?4JbgX=6U%J5>c)*Q(L}Cf zu~9@V6Y4-MQNdm2&2YJin?gbOW6SkqP4{x* z_63oNNxL{FF01l`o-fd!yVrp)(>e3;8h~C@UK`%VLnZhCD3chjB z<%Dk|>yIN_8lHa??ot^MxdR_PG&p#W-mJR(i3{feM=uyaj`E&y1FGb3lOz4xseu+4HaXPlVxTE`N&uVuOx@QjNgSBzu*fq$v# zeBONI=Q~zaKjWlNQL@Tciv!`NDJ>uYG)80kd~|?#ux3YY9VaaKteWMe5X&|fuY|35 zI`PC>>s-tO-gT*+oGIK(lMizK`8FS%r0q@TLu;>fj#Y#W_KUUC2b-~0&2RXPO9rQk zB~2lXqCJ{T?SIn@9k>y z<9l&X6$83Y%NePW)ON}%7hUQ5AgM4)d-BVzv|zn-kHo}OP=1a1+X-{Jv#qo>jw-)t z3e0TiB9wGXe$G-w0s4;=+Hyv>Gr^QyN4jEhZeh~WUxh6GrqBE@?VeHOrmYgfWf-|V z&LLYar~P zZ7d;dcni|t=bHSbyTN72Hl(+VYkT=2+ijU((g_AWpaC0FuX33z+={b7)QAZuGO$6# zuAT(ax1Dfh)(*Mv<_bmh^sU!keBe)^x3k^S&iI@KCY&eoRUE~0md5IR*S+oG?wPva zC!cl#W3!(Py-!%?oiu&^v{A`cO;Po8ApTuf8|bgcW;bMa&q zG(LE|$8*TGeq8SQYe>AAE78tMhgs9*;$;p)hgnmJ@rkTy^1VWz)_5NCmbB?E@CJ!F z?r!??Vdm^1YdfQF-GiAaDaWOG1sOsO{ADRhCP=?|&$yAUm<$%~VZ8-=;)1M4TS^N0 zFgFVALe26k>5gK-!p8B1!+I{AX*YSzC#9~$x&FNTu739_Vl=wQBxPvQLcSk& z{l^KyGPCw_SDmk-_M4kO0>xZ9emST~NOYN8`-LA1Pd56B4C>`QG#z`b8R)En}0PIdS0ZT!bG?T_w9_^e<*L`iAq(46esMfDQL6H-ty4u6=BwvJ^v+bQL(`gtrEAr^4)hr1C zyJeHk3bcR3Jg3s7=|rFacg!-stOCGc51?(=7zHU_{<1Gk{7mSk1FYNV7QZ!F3z=_Y(;ZV(W;j;#cqd{f?Hu-YI+=s0K zaGilLFB?@UBMU0U6BO^fe18_KV-aZ68%VCzExYW3BZKsazF@GXifHK$~JWDvy z9P<<*;QMaef|L9byYh_n-i!F?m8+!iMghqC7p4q(>#~hu>eHw}*~B+#smkXM8nw@0~)YwWj?xgRfne!OyLS zph2{62^8G~}{B|7f#$^cuNL*LOUKPdp=J(;v z-ViG&`?@#fBYD^w*<3pEnHijE)%HUHmnb)JdTymk*l$AkiU7OYOYQmVZGVWO;skhM z333=>DyB5kmdi>}nE@_lXqhU+X(UxFa{sMDFT|QaK#UAaRrde8S_Sjy4BpDz# z0x$roQ533Fw;;8ufUZWe>ZM}Mf6xH}9qTKjZW*fZZGz`N8CloO$J*5O%tb?-*Z@tZ z0d3A3K^RCHr$G^$|4#5ck{e?W`58Teswdi-g^5seqnc-w=Y;RH(a2-Eux?wC?nUn227h7qH4g< z0PzRtPCKWLj`!%)g~Q3F?J)67VxIOM-b`)!%~Q>ou$=U*tENx?!E^uf$^SAm1ZvXF zr+iDO$&NLcKS7mvU+%LD3x%gM@m;kYM$9>=@AB2xsn6V@R|RX8E}sP~N@)8V+TPPG zvIw>|#fcT0m>4`SZKF_qNCn5)luHn_J1{fqdfBZ{Rl8#5pNLfK>hit{ows#lF3DkgJ4{nKz4wghJ zbu%Y1A%-Z|KvUr@4hRH&T^R-3U9~nc5j+*+eaYM7SN(pGo>Fd6l^Zphq9@>j?57G? z0~k7}q&RU53FVvH_mz@ce9eir>?_XCt30p4t#rYc1rT@S>=mofwZ~!AI zcWJGJ(7%yH%0B+9B$E01|5Zt(qLl5~H7ICZsYA9#)S}NeMX`ONs6|<@9>A7N1<2A> zrS2TA$6;UJ^zJYwh-VhdbxlL|Dz(-TIs!S9$pGIB_Z5vE4^-UJQb63I zk(G$T05?p=V|sRYb2G#qp+@_W@zRK^ONvTSNt~D;cZO}HN39|Prj01GUFSw6ak=b_ z(I`=jUo!+)rq-+9(AsB6o(*eRRZnOX!TX*giu&;kAdMZg$KbUh{;*)*AbpF@grm

    ?zjyM*difptIT`n8xLDWi} zV}pCFv6Jj1rJoIWA(Z9QS7EULEE2%ro6nv&W2_S58W?p@+Z2#G3(Pp1uWcx#a#7+A zzjlt%^XG%C`5nBbMo4IBN^u>?lMmu|7<>DXHDFP5ZDZxtrOzT}$Msnwos-+D-A}inSqPbt? znMVi8%A8+=28jz5aUH&B!v)&%;4D*~Atr=NA0iFQbko#-m1)L5c1X||`3J}WW?%|w z%K|TRS8G0W(|EF>ti<{WD17ZLxOp)VG%8gYnr3Lgox$L+&LAi3;;vYVZo^=`#;ze> z{|CMIqlRYbQak5?57=ca62bT5-(sXD-{{IW6^l&cwEu`aZr>;O|_n2J$-Bq ztU*Q3YHl-zlGaOX=cwY$;?T6uz)Enuc(AE2kGest> zonx6yDgsdBxfOVvj8aSOIDG#tH^}G^}4pW4PNAY4l7yYXJnE~mUnj2M4fcF zZ?}2ELmAgxyR)Mm4$4AtcD(gwl5qt}qZ}YVWeopZMX9wy*5)m`f#%FSQeAZ{Rc=Ik z!1yBF1e5G9yrDwBvIl>8@wJaB{zo`_($F~$$Chaa)r!`*i;Kk5(!d`^O;l&`Rgd0z z`!PJOnuS1hfTN7IkXIOK2@B|1Dt#2Vee$sgDT z+_5bJ)86A2Qa8$f+3zPv4lJq5qFs2`{pdn2$thR0+KWl9nb{O15b2a0v}?&tz+D*P zsY&m%y3+fF4wis!{ff6Yi#0EGP1BRpwQ@@$=)nUraLHBGr67;0GGE$t^}BepYo1{B zj}x>7V^(6aL8F~@Ps|mISr=?aUB;(>diCx6VvE#X?15w?)v32noiN;ZWd5e&71laY z&uTfvEpiIJf7VWZ>&uQ=3#mSoqa{q5{{;5j8_4^fdGQkO`W&6A7~%3xl*fYGcTX<) z>YDUKkZSn)=8YwPTF){rgJR2DeLiVtxW<0dJg8yaqxRw_B9shk1d zfA>`BUO>jO%g=B;>q5Ja)&;nJ`*qXWTbYufLhFI8;MM=- zEi__vJW4%GL_c4a>|QlWeO3h)D#}tuA0|K5{CI!Ah$rzuNLIjvVZfkJa&da!tESMD zWl6ob!Te<1ZVhV&iV#tPfO{9sX>LBN}aD zyl-`5{mH8%gvF8s+~|cWcC_3cl96nW{Ez_@ulz~`s#fP<8`&2L!;*l-W=Qg0Z%DtI z>L=>dW>8^QVzBdet8s?avrEaXc<#?B_U4>DTIv;wOZZhz6unS7=mc&SOu*3LY6oX% zEndxTxZ&tbZdYKM-JCL+-LYjn27lm)`H$4}hYT!Ri9H>qM38rw;v8F7iu*j1rCYNA7^Ry6$L!?EN$J5f1mDkc5GL2ITcofdZKjLMd=fz zNYzj5ZPusa)D$?NSVGI*09DtDMap>JPa*?uRx@T_+AX_RMDDg3nLKirk3sMSHvhT<9+LmF#{je7sY6093k0-koQ%tVZLqQ!>aav|am{ilTO!F30G?nL zi-267k&QY<2rqZiw>TCkd+DT{MjY}Ny+u_U32I-CpvrL6I@ydx^GUk`ZNVNvnS@rYC*w1Rfw2TZM6P;l*l9L;q%2! z_l^jrI6MzT8wKz`R3Q9mCb1r5CEm1+pvLhW;;4~z>}!{rVUH_uRe>Xbd%?{`K+-m1 z(8MEqk_T)(##6a^+1cV054&rzMt5R*~{PyYm5t?a<&# zrId-NPr|~5b@QJ3F%291wbs+HLpI~0!@B)vVUtKI5M|rfMCT7hi&C)usQwD&Z7XsG z=U3sO##){Pi3HS&MKlsdgB*cjK#hg8tcoM@`=3k$_BgK>JQA6`sw{~eaf^ttEQ!>t z8as@`6ik{W-TfX*$4-Xi`5!|Mb_=8pqSUo{%}w^H0Ns=V?1c~O&7!1y#mW3U*L9{jAnyLa;7Y*&iv>T7MD(PH6uRBN{*Ster@U+G zlcLk!2d=+@LXK&Q0;;8PnWxWjRGEoM)dbwaVrB51+t`Urkk|5NyLDsALU zZ9OeItVLPI{`*ZVR0vg%k_I-3d$v9c78ui2R~< z@&*1M*m4T`*!OMH1)!Xmqufe6w<7D1nLtiqi`Oz;Wr#-K7ieZuh-wKAe0qt7O5FSN z#(e&7{T`@42!Azv*g5>aYxtmIs{c%O@e+46Zzpa2ft@e^2%wg&cWt$PrEEZLkI;;& zA}5w@O5Ib$Nf>eh2sjDTrzM!ulq3wwB7z}F$29P5DKc1BBkmh{D&g^z7h4n3X1k&| z%&c17?{!{ifWo|gGK|E~tA+is>>y{_WW>_`kgf~o*#vq%Up2g%P#$9bvSEAe3I$EE zG7z(f-NY;v$Q_HBfWA9=iwKQ+Nf7r68)psNCNl&4Oio-Y28&BbsXK4%)Nrkt70omL z&f6M;7BT2wV4BDxU)j(+4t!>5$#tcbgcZ%Zh zmwH#VK}6M`Y}eONb#QD5IGt7igOq(+J(N#iP-VdWP@IaapfX93OfaC+W%LkEuw!(t zy!`Z5^G3iARQ{!WSwSul$M55PsGHM;=am}+dGuA;?eKvJA)z5Y@`dWFu4-=;RADDGIf6>53(n*IxL z?xzt`N!d21%||o3#477Z7njNu-Lm|)6x9R|+XcNbaww7kjLH61d<|y)qv3XgkP(L? zLpvKL0G_P(TDmcsO;C3X!?M+F-=PP-j!Bov>75kN* z{%xNB&i*y?y|(ci2JRwS(kl6>%y`+zYy?bnq<9%1w_rHLZut_+1o8K9LQ{$BB^&Le zc#imLXro+&%iMmPSf1SZ>r5{*wJ(ooKP(N}R)nyW0b$Q!|V*G1j%| z5VU5>$~_lKkM!Vr=i`x}H`eLuj0MG*dp9L|Sojos@gL@T z+(*9G9F$#T3qo-KNSYZZeWEw68cI9cY9($J3bQp2|?IfxcW^dI}Ian*9 z;PTpl>!A)D4a(S5B<%S1`l%@qE1Aiw`M8?zI{ZrAa%v-Ttzg7MVyi|U?bzYujltvL zV#v|^CF~n+D;3acj_j67MuVJ%ntM^%1tAkF(T|U^Qf->dKW$4=D&z}{N==_0Ide;y z#Rw<4P6zS7@O7`%O>vv^*aX8v)WoC^t~xr#Sr_{7sb*E8Y zT^j7Jy)KDinkeeVsmCHPOp>L;o5AeMBd{#H4c;DUNHZC^N*FphB z+5@nZkP=BRq{HqdIr$x$OxZDeh7^qCB}THx#FQ;-IF##-5iu2mVAeKV6s!6TAG%3e zQ3sxAkuTZ2%_nYN=Di6q7>cThn^F^tg|WO_yRK|4P`DNq&NrOi+%;TH#h4qW1xy_` zeq4v|$juziKN+)9h2}$vg(V$7%E2tk!UaGHh+8h^>iJJt_`3K^;O8e}LnJ%>cDUvf zN9mbqBqs?p@2dD-|J`)0X5)fV^-{31N;g>AJ!`q=z3Ag?n3xumwUBKntgpL5>MSiw z*O%A+*NH`jI*;yI%SBmZrHkZaWt( z;^VNgD2*rcw3O>wU6&a-Lo-F(^i0k&s@PKP2v&-KYOM~jYl~e(JNK-Yw{}_nQ4jL} z8A@UTh+N>u($|V*e$!NOdziinr+u{Qr`_~vovJ!g`y}|@SZ45PBE?I(2@u#-Tzz{Y z$``v+vsf8AfP2z>vXgdqo~G1Wicjrn4}iIeF*Y9*0>oI>uU?$B}hWvpIi-l zzMWWm>=^r?PM3&|P3bm^fCRgB|9F#e&obkb|J8S~!Qu~8Wc~7;yI=oNssHKpv?SW_ zn%6UTIn2t0B{|I;dG)P=x->tV8)!;IJeIg^Ci8NT)sNv;?$dwbif2An*%&@|8WVgY zyfCirqI8+wvuQ$yKcKPOGSA2@viL@RjH%taz5S$3uBEkpN-Cmt{i>K6BJuWMcYXav zgT!{+QAKx^h>4?ojcwa9ppVKU)y?OpqLB+g!$4Jwk}@>*`_KAYM z)9UefLf`uN0=MJ4Jd?)^HL%R{1UsRUV0WiT!w2UXdVe6thv zsAZ;>N|Mk;GNqGXzN#V-%d4opP|?ALf;!eZ3r3e$PUBycK+a~jszT0)4Nr<^QW zUnBxET%gmw@yfO+1`ZBJ+01BJryx?7ncvQ6%0_WwKh>U^jNZ1ALsj2-?1z?Ky_&M+ zt*6M41b}6NlpZyYkZ=eItFb9CG`_)>T`TT4O<`^>=y0fg$~bOVU)+x=AQl=@jx2B) zoE%uI_gU!})kyM~s{YI_|KU&nLD@X;6PiaK+2yqqufB2HP_Q zU0j+fVjYh(j$9uYs)QxggoMt`NNLUN%CK*nEPt~*e!lxD0;h?zcf5w#EEp{)cIf7L zw0GFr40^HTAUmDa|FwGm?8{S7IDcI;pAp6IaA&$##aHH-{Ij#FPoaxfxp7kc&QhRy zyh+2wac{Y+tpU)sA?zEdy2x0ohBuj%1IG0(A@P>Vvy6sUHk<4#i`Q&e~Pz}{$9Log(hU#H6VK73g;UTB{!2y>9L;J zh?I{zuM~mQQjFxzUJu_N8F|ql80MwdRyInNAi)QhSlWCspSJGHZ*+>wPh5o-AQMBm zvrIjZpwgARPtf#0hWnFJ0WotuKCFJkwJDEO#5E3=$5c_Jbq{|m7w2FJhKwN>%cx^O z$&Cc^P_0%lCR8c=P~4ZrIAZNX5btcMAth<4{t=exw2(RV+xwyb<#yyHmN~qa3YX-*jNvIFSRES~!|8H!!h%KqnCM4l5%u_c{P)x8UC3 zpOL{?>TKJ|Ihh;T;G#6@O28j5v|HMbg}f(ijSOk+xz3u1XfFT|t46d_X�xWA}A5 zYNS?ncYf2@q(9k;P~tlm(lq^>W_2ypr{pMnWaK0wUT?=|GtXP^P4aOK)h*fg+t*}Z z!_29MnHRU_x<~kXor0sfgD`KCH;4W;AU7mq;j{4OE*79PrP1QuaW1;*;UDA-8`%As6wTyovtnLp+{6 z1cNt^rTALgiIGjb5qH*xuATOOey-uL{bX-nqwetu4tH?Mnmjj8(V9-a!?*7i{cCyl zBX4Ek`{R(@NtORu1HMmT^g9z9{pZ8lND|^l3okp>ImU||*~g~dREA#tHvMbrH_fAW z_a|~*?>AIiT==yR9QLcYw;=~M3I?MFu;pAn)EBxIz`N+kijJ?fn{s_^-|i=a>IH)q zjZ27NcNpGC<2Ma%)7d#b9~^hus2o}r&ZFeT+%xzk)WuteTQbD>UK#HJcCKRUZ3f01O-(x&a;6Ni72ldc1nagSdT$LfqIYU z+)M4419L`(J-w0Z`J;d@O%r17dzMC~ry}BexA51q%4zXg*j9DM57n+sw?FRnTOzCw zizXa$t><8yFW=;Q`Z{ulHFFL&VN%4BLFy`FO_$v#FA=^LFxkG#Qp-6=gPa?2@1|9R z`K8QBP}DgS!=<>CYE5L`8!mK|4ddh8@xCC#qH18e8&=?r)M@athebs(#%mTVWF-9j#35Zf2PbhJG($qaWo$izP(Yy7K4zA(y&OGHhIBcdj!@z|DN$9BBt8xr^rp2PbX9R z=Plvi;}rXX6;`djng?onWS^dW`j5-_&wcZUgNoF_pjkK#OtU2Yots8j@J*9>(G&W6 zf=9R?AIf)bH#6zmebN5(ZxQtW{G#W;J`o>&BtK9*Zyb1~7Wb;TMUL(XzroE!@if~L z#i;f%*du$}`AyMIxlW@l5n!t6OF{G3~m7ntHK$X(n|v?25Wi*#4_LS(U%Q|H_CF3s6Pv4Iv&0c!5`?j38e$hghHAZU_n zy~`i0~$>MB9cXxs`ofxNl$0(*Po>u0+s zdfqcn0RegI(vyzP0o}*iFd6Z@-Jy%#gz;}BYWR;)RlkyE-qVzA-XDR~HMeZ0?ZtFC z0PZgrU7hi$o;CM}zMzMl^1P2Y1DJ>|Z}16^rO2!@q&AjC_Z#yxk3RhLcCGyaXZNvs z#Lqvlgll#Ib0XdeBs#^ky@1oB^FViz7th+tH*$sEEE(se zI;&n}f*$IJ=rcaLyX9-@>!vDbf7Poj!@-y@`Y@E+9+Cs92!)lYhTX83x{`WF7v zr#;O^ybWj5*0DszdS-6LH_vYIZl(-=J>K|q{8l1?0TvLCO7wpp;*mQ{RJ4P)n$bWL z)WaMCsVn^^c7gWat%TI>nRnjw+jXnb?XG*T1GwR=k%;QS+vIJ;c9qHry*lSD{AZx` z8Ec0d*`fzsp+q~d&;$ENSvTgh)0a~GkS&ez$>Tu6ou+)@ssp{3Om64yIT;$I7Tc66 zgV1;$E*4B}g_ni<^H|hG^GGw}+fUYM@Kej0LzIM#kVzX*Af0?d$;8WPSKkATx=BEa zM*Y;(#G6CcljEn~ZHGHMuq`pce$%9_%mCFCjnW3$&0Kx^`1*qBsdJ&qB5j%O zd!gVW-l1iNC(!rDl#g%x1~MOi#^&st@?vW;Kd+5f;1*A%U(Da12%D4H2&5Xa1<7w^ za^G584tt_kwkhy0Jc0U~@8)r?*h*28FL8NKG$HQb+o@)*qF{jT0fjF-h5Mf9d9FA|XA8`=HwANL5bZry7mSmCIi|z!65m4E_4!|LH zE2L`JeJh01*kkY28_vWJfl(Fv!6pbtR-t{#6l-f)-ch2ekhN~xsA5T6c`Tl2#Hzd1 zK$S&oe_M1)M??AgpS;lje}QWL?v?=g_%~kiqa$=|%PjoPYru|2CrjRdYqyU&e)Og_ zuAY`56O;z>{w~YE;Na@i)E%0~#Q{r-R)L|G0rFp>;6DxDIo)>?V^)zPb+PYUtwH{8Q zen_34*xCb7 zuRKEw?xwU>^4-JBl^>L zWjVV{pSX7GaOJCk!=C9f-rybNZk9~&&^-M^mo?cd)v zq*j?|12!NnPT`8kEX{+`zK`{v4{b@Khr12R3Jmj5RcS+L^!M+Gp|m13P5t?w0-2Nm zG836<4JCm^b?VSnOL*4aOA1FX)#|Wz2T0vcmH0x!i21s=Bwb2g-e-Aa&4?45GVbn_ zFBRqAy&_+l2^pE{1bv6V-5e4xO8GiW35!brVRCu9xw#>BHdoM^suUP?fr3f_D0LU- z$CQ+mc7e?#12k{^x$I|XG=>A~EE;DvdVhY~-#cT-<8z`lE2AX|Kj8c#)W`lkV0&9s zok{n#KW#!ZSVDc^Y-z-ufYFeic$Od<_UxC zw{*q-gT40vYGeD-eerR&!GRo&$x-B-9LU)O5kxWw0TKvI&Q2JUGZGowfCvJKC}EKt z$T^E3zy?H4CP$xhb!KkOo0X`2rc=p|_Q8WEwyIPj2@=`gNJhaZChATkQ_jOw#g3%4>#i+kEFw z0vdO|n5;|2y=MBKP`>{>$?D(ifN)m(U_Hym#X`?&OpWFeocUY6WQSPH};!1P4?1TazLy zL?EB^0tCE1B^f2(j0<-DX<+4?2)?E;S=J$7>SB{B6s6Wdwk$;+-U9Wdw_hzO2ZpTg zB^JEvAbs-B!(^Yo{bisUu?!Y@9(d6=eZO}YRrXnu*L`Zp=D3qvcUV`yf z!{?THw<`Fz8GnUkO^^EKkXHKD^*9FF#5|XTBeRidOuZ)iDR9R;VIU03JHXC*;v`e> zjJ)yMZE`NYAr}++K4_BHEft|Rf{=ZRQuM32A%?&R4K%Eq709~Mfck#$p2!NgNp0Wr z)?O4+yQ;bC8;}3>ah`XNpbSXVeP#C8{MjICnaGPqJG4=!_dza!EA!|M<&qSSKI z(VE#Gq^YqKq%c$_TFqcW+2gYMeT0R`iMRi=7yEzhfAjSx@2!9t+3+JqlK|Vllh~qF zjiM;emcNtOcoG1gi^GJ_e-tj@E6-f|w_HX2#pZ0E1;un}HI=UfQ2 z;kJ}9dAJHik%C^ET+Oov9UF~#NT~`vv{2BO_%KW&MJEh&t6b$?R8#zdEQ2x z?GVR6Ydj?TV8vj`0)_PfmEy4)K;H^Y^IA;?IB6P5yv{ZtY0`KJ77&`hR7l8Za6zWt z3aw$33d9Q*q;SVy5!_=KYdF*wLydnN@>6(^-)Z8Ioe-`2rKD+5 zpbB>fhA1dpB) zpmEdPKnRW!V~{D(9y)r>cbS^00$0EvGAzlxgPQedK8%mEu8B0cFG-`PG>ZXXu2F5G zBDd(@w(GA*yK&jFu~`f2j9^m{2d3H(cFa8jx|-?hYE=DLc+M2&DiSTbR`A-!H>NcH zxwz%OV18-|`_+DN>jL?9_l_TVN^&|0)Rc2g>&frRL;Nc%F>jZHUeOZXe~wsyTm&Z+ z$)hOaH%}%{vA+KWwm&z6e%6z8RSzzupA|TLD>~dIN6N<+ZpvOsTc}_8qqc4D#E{GN z3Ej=re;JYfmpAvDTUVmFNR3>xR@6CnPotchMM%LEF&nqc2fLJ8=~7yB4^8g%>ey9A ze8sxMx{xysWXz!fx`;ORz5no-QhF7&KmjFAz*gU!GhWo6860+H_Hm$9HeK2v#q-c} zlKH}tueWMj7g6157}230FQZ;#V4o1ln$`bXY2QHp*h$>jhWc{SvYIFXq+D&Qj+?OY zgE`lNlmCr}2OSHpVd%XiQ@Rcw*^G?a;Oex7$%!8Sah~ztRBTH0l<<)?z*xK!5ptD|whgW(y6OZupG+beai|LOQjT$@}m2K`y#f$u#b?(S{` zPF!^7sXzj}ItG*ON*Va`e4s4uoQ%1iKrwHBAb&Pm+3+n8JkqWg)G- z5mJR0pQP6Q#!r17FHJ2J_3-PQrMF&NpFaD-o;jaFU4`ku4pxYrbVpT)IO{EdaKu}F z@)vq`^-Xq?eOWcZtS}rS27AV%+Kz3H{A@MdL|)3ow2Ut?>gr>(3O3?C5vL%vKO4S+Le%h}z+D$OT%Z;u(~8@-3~=;rQjt0VOdy6+g% zT_+0o0|q2{iSoc|T>gkoQx69$t{i@J3Gk3|1V-1i+FbC4GaaC=;WCz6hHr{L8yTlT zax^V_JDe)4=vz0kP~;p*iVqwuEKY-NMVeT1d8LWAD(hLSM-bJ#So|P*Ikz zs%ubF7TnM(wphXr=ryFQ9M*>VfGtE##^@M*A{t_yJR39ZGJXUK@YP|01*yJ*5V#ZV zz+YE5T@QQoTELNedW4!FgHJt5=XB;r2G<|zQOpp|w2M|*i)hMdQd^P!&5Zm;!7*!; zN>YgD@(@kp-@o4_&Plp}VkuR($-L~D1V|T%i*-WCGf2vyJ7v~AW!A3Bg~quk&m|OU zd?n$?E-d^^EzA2|J=f!A-4b~=jcW?YFiqjd>%EOleSy@X<86;@lsQD8&Lb7yaG6F~ zm);!G$;7U{WKVZ4RZU|a2^8E+N4f$%*0yYuanX#2xZ^2k8(VkyM_>B~Yi-W^s~7H^KzU3gL@rU60t%&(VX_=Bq7$D&%)iFz%nY7NJ4tH@Wa*D z^8YYmd+8&)RdcTx--n=URFE!@7^2Cvd?&L4Eu<2lhx;!QqN?Hs20J_xJ?gq(6$rn&ih1UW|l#hOq5 zdg00T7ZtS;`-lcpy~1isiGUHLnB*PLOvkEeITA(d$h6PFz1tBewT*gjfhUfZ*@&aW z>r>C+4X>d$&j|?%&s=#o8_GZHND)<>{EenQoH!2b!#2NPbh2rDB$16l$@?-XE#12> zLt^BMOoJ6>)w|(RPQl&LkMjbpEPjb8C%H}@D=wV47`$$(9hCG0MN}Ish?jX(yR+l( z$~hZs56n9X>o4ce{pwkSjEj>UyKbErM&PG9I^h%Rfn{WyiQSZ!h^Rj?`SAvA^c zrRZGIs*Gb4>*KO4lK_TWDZ8{I5LQXVCgSNmA#AD3%|DV@wMhB{hLJV55ytkF>l3zClpu4o&aHo+U*ibgm0I92 zN$%QW+;}OeRAlHoUnZLrIS<>gSS>c%c@r}{mu@1?m$`R2(YkPa3UcJ$2#qTr9sZ&l4eZb~Zr2Fb`xY zE>47(<@ay|9Bg#7SVw$br(kCV^tNAYXM1%>7aIi~{(!mGMAzLXg+4dpia4%>DNbOEUX7R+!sZ|&3Z#L%Z zVgr2Lp}840ksE&$qt{yL^b3xZAUY`?=7(Kq!qN1&u>r!?;05HG+Qi|gp?Qj-c0ghI zT>EMYDI#-n&jsjA$pvwf?QT;PJDTX_+AZSOb^15!y02Y3TN!k7Qf0fJv5s_efs?tt zB=&OzmwO+2`g+QmIieE?QaPg4y7USp4=K_eInqKxZ;V%kvKgP@s8l;|8F<(P>s|pg z$6+<~O@JP@Yp?=9EdI}U|JqVR^No(hqR+TA|C(QgA46KQwvbl*Z|sS<^V}g_w&5CC zj4m^}`io|wFR;(4-i582c(|*b(y)|eo1f-XXuexx(BS!VmM%)>1LU1}3xLisv2HR( zh?t6PzXg9h3k_QYH0$P>lSION7B6?~SY{VDL(6bELBO#Ez07)@HRvZ@h%>7ZOm7*g zNi9j(^0g^CYSHFFB)p6mZzv8kY_E?&4d1!`xwOT|-{Io>sHv1*c9{v#3c(<4EZp4f z4os;SEw9k@5FG-iG+5?IAhjo~8xvJ~Jb>V29zD~8jCB7v*8FMUjJKP;Rc`F>_V#M) zA{K~v3Ext-btD_q1qneegV4m6wpTBG2C@luMI+CMTz8MP`o0T0vt#dsCsZ>i+H*PAVM1GeKpbOwZz2 z7xQvt2cF}qHG6qg0!#!EaR2VdLF}?Lmw7ZHY%T4owp$9#Mx1R$#?6S0H*21fp`lOF z+@KjE@!h$n*rB=DKK7(%%0GhzWF5awatNwVaFN0i4nu)zOyl9hpJo{VQU1+dS6?Dh zT4hr7H3K#9pe4JJYMX*pAiBnrGbijxz4mpvs%F?PJxT z$UF|zwsC@bUU=)XE^AE)PLmTW5}`M|Jp(lG6TAau7EI8#&&VZc$#6J2t|8;uT=>kH zMc#uaN}d}n$W0WSk6TzH3uwC(I!ae6;t-i~=1yt%zc9>5&uCU1zB>FM!qhy?N-*?_2@ zmRKoVODxdSi<{09h*_WDmb2tmEO#nUtftsz8LXn?s*2jYXqB=9Tk;P&GOhqqnnBB* zG#>pp0#o6PRUC4R!dBoG7A84`zOov;=jE9HWX~%$tl@6dO;F>HAf=h#6+4H55o_(e zzx3ulhI9l)gi`O_O$#$y8dA_3pF96XT-gGzn_M4_%lL_CezFQtdei(YbM)Z5aS1_) z+DB}p`SjFB@qtQ+X-r<3WSlLMexzT>cD1F3BB`&2e)NV!zCdv}-(OTulnb&2R@~EsDKwxY@O0@38CK4l&>zZ9 zv4IGWUI%~u_k;KU+h^L{Z(jJ+(ACRAhZ^k>x*Ln#x4c-iCt)`Q+Pwy@y2dR1%6>ZV zmY;6uf4?E&Vcx#JFiC}>T~KaUsf~ry)HZWGyZW@5kP?Y!$6DTy^rO12L2w#5om?~( zmWN&vixMylry*-(Hs_u(I5{OLbe1~`I$5S9k%Y>=N`&H`MfF#e>QX8p&sN1obK zSG9LsT56E!%Vd1>6p4D^0qLvI{L)}$pncWr}aq`TrjoW=EJb>mP#WLr})D$cVXZQ`jSAH zxs=OXUc>C*HZ8Hgq$_)`-i;-YQ6!xV5X0`o-`zq!Z@NEWI%TA6wd5hrOTNJ-ny}Wv z8kWM7DhJgii+wKNsv}Wf9^35GcT~{a{z60jCNZ$pKLC8&lSo#VX?^s3_IqFC$~Cp7 ze%KAK80Rp@kmwnIIcXbu|4-<#Vt0VzwPyvoyfvftMG=p?eFJCTEtIu8c-M6(;@N0Q zL%dtxGQ3SDE5U5HFJyCTJAx-~tgrP74Ftobm~M)`VsB*y8{MGx@)C^|Rh9K>Io||A z+Am>P-D69pzsyQ{$ViKOxICVmypWDiPTOP>So+SEySHf1CGJ)=nkv|#pW4aF2I!`B zEBqvev^qA|tbE~#1_{=+%P~8?_T9SHW@Fe<@4#`A=px3=_NBanP|xKebN1$~-#MUu z-oxu%wU$bkX*`r!Ua(49^0Py3iGbdxa(ac#6ZFCQjry_-sB<19=Igjn@tK!KYb0J{ z!1RKUEP~6utALhu%By+xeeZhT%l3K&@FnN>3icWmM=Z?Vp7FhfQj?oK?Z$Au;OKbC z*N1+hsY&aWm#Sv0j`yGQ*mTD25$l$M(Hwg7QHd0t)iLPNBcB%*v4VR0;MhQ@Vo> z;ro8z=pXlt9xCm$+cheXOER`-vX_`deNhBqszgg(tXj+lQQ78tBON6E`FzqyfdXR7 z2$%X<*r;f)Pm&L=@Ka#%-)5rjVZPhF;t){?T8#;MDfAs`)IzEZdOIoAmzErOmC;$A zZTL+?v@rtTzMJ-rPi1cTWlTGdIqa6uDhT4S`dZ41kp(}k>K!)EgbpFqP4R#-CN{R=(&o4hEu`IQ?|*2ZXx?@V%K0cK6_~XXv3?JT4lX z5&hiq;%MS1ypKdvKHkFT5h_ie0md}<3fC6ZGCrk<^ql756n3IB;}66tl(?Q>hK3kEMxKf_4i*{Tz)L8%NRHT^$K`kTllEg=T1QD zS$#bFWPt3)RBybt?HcW9b4x(`{zm$DYeG?lX+4Zi7h{8!t&n{|a?@i`uHzhrSy2@f_O{yYdyyi>J8v6%=$+I_43A|>t&m!h4|7qiIg z%AKi^Lu6*ocJg)#WZ6Ty0Uokzs`PXD3tnip*Hg_uMz-4K+shOmy_B7Z^*nYld`~R> z#1hE+^{8A#9s;l%s8%3FxF?#&{dh}X&EwQAG|>?UayJ|v=M~d@x@7>$W`~z|Uruqv z^mnt-b^02xbDz=)R=EdsyrAvO@kqMFrjj^C=JuImwnnrdn_e9^t zdnTt#Zq%x;>%Kz^ypyamRh!8dp-!+JAf~uSeCiQ|x}+OYbxk`pK605XVY8<_XTYC} zC)2GqP0-KA;-_U(#~;g;wbDb1Z;Cm`sPj&Fs>CRlH#T}@!9gD~?6p;AF-txVY)s}% zG~Psp=BZkCSG7=Q{zc_;xUb-GvFOCdy5C5h>0sg7cR6r-2DsFl+t6HxF0tg}x5)EzeaQ0T&5=gOlmL%b7*Qc%moashJ05H)Er0h(pg3=f zmQ%$Pmk)1yKS%XkQ}1&FYRr(E*?MFDbCbK)rqS+-vI7<%cu3xB{ktqWa=v*l21ud) zh5Qf|-Ta52zj@kqq_N8?rGclG?7jaWTXTfjRc{O8Zl@Nw-d~+2f}hQX>srJ9ETN3% zr0|bVI_dHso@?V+hg(5y7V?wn~_K(VzdqcRHYt*?P#pc%uXXE%B~`62M`pM=?) zoY?`sFedCo^WwtCwM)LxL9@E;K=6eKhT7P~Ffhz^{pa4Nmv!RL_DV|xb^W=rtgmN5 zZi|2Lhh1|Xo7Go;f1YFbdY}x?=CP+2|Kpp!GzJ*6{~#!tY`_$UH7T#HM+ZaIU z1@+%&;xI?0$M;s?7ytsPb@=I_I|=Ob<28gY5%yKf&72IXmYF+a9cXm(!ya>KF@+^g;!%Ouew4p^j?Fm5>#H zNlk!Q(rQGNK!YmwF|=A^gCiA|X)6lh>taUA2*ZQ~5jxF1H;H}bJ?&TTd=u>&%V z)#x_$fUUkTJp0+0aNO@Br<;qO=I=lx6d7fmXQbYGd4(^hTZ_1a5C-g;iwxgsRI|pU+`mu9&5%G6 zq88!Z`HPC)pcSzw*@sH8Ik!Q(RBn&EKJPoGTSgMPrs1 zQqblg7co@u^_eGpHfHa)U7gs@QkTGWjKwasdTl@r+avCB6FW$QAQmQ4K>>SABjm4+ zY#f~xH?VG9Ek#t||M@#;?uK4J6JTk%lW+mV(2;1*&Fo@UuS^qr)0^0rbNj1R2YW0_ zZNtR%WO+#iEi$8q#Z(lFs6Su(+5nMK`~&zMzRhGiEx)>D@E04q(Gdp?uEYGahh8*c?}wvfLKLzV)w9v_-*v!hr4R04J_8is-KV{nq-n~uFo8ME|@@ah`(4#VQiFPqE!Mby%3u~jvpGCMi}GU zikNHDJD&#h%iaIXA6m6pflay}mWfCxwd|<~cfCKC9{`71)d4Flj z5LhYf(kwR{zY`<5{{%sCx%@@c+^w#)LR6Jg@G;G}R6rgaraRcM5y#aKNz%VvRkJm& zRmT@6v7m4*sKZxOJ>7~<_hT9!JjFR}K9b(BV9?N-ihcS@Zt z1nS7NV99sxII=akHFVZT6!=S(y;DHa#0-Mfv>=qHP^<*IP~X>^MLcc3i;QfCblTh= z?)M2#x5E~sQ9dwMKE#qoq-94-9Wa{THor8O+#rRm3nKCc%R%EH}r_R9i3<^ad+;)KUhcRVj9RCb)n7;hAT&{9E(~Bb2m6Gijn^-l zd*z{~y`lz;h!nlvB6*N{RQ>gRU44Nk;X3@mlvrBu@2XSI+*6A?^i>Z|I!E-UJOBT# z|37)ajixgU00Y&|S575;D|m(6oY?nlBilfW>4B@R~V z{LL@h?rX8<#l^SYY4pU0+Lj#~YT{b5x!(NDzs4^Y z!&CJ0&;C~i?sd=Y53d!>8hu&I8k@_MSyt8M{^WZmNgYattjw971Ldxjt1Qg4NJWr7 z!3UQ2XY_`WDySpZ7t=NFscP_F{L|=uiDkyFU!s|=hj9{e1oHh;R*(YK+iz z78x2w0i}?|2tD&sD`Q*MkF9yuc_Q9^s4@Ipi9d2QwGJZ!vM5*z8Xs>rA++)^Q(RI? zk-yVT6W`_|b!3)e_SD9EveFPKUC+I2k-__uPG_2Qdj*1O&zc@_a!NMq+RXT=9cOGF zf+zU$!;Y9+QZz0~qk5R478jT0%Q!mKcYl3yG`J&1L<)VZ zVQ8|G4myjruiP`HwtFTRIns)0Shq3KbMWHxB%_q*DTmjzDUUL`#ik9d5gcd>gg1rG z9yU~4`aYh9Eh}!ptP&}j*Q(gqGI&nF@*r$U030Q7k6rS;#M{j$$p|)%6rA1%PHXmD zj7;W6ui2E_Am+VdF&}(2mo!1^UrY0vwWh;}#T&~;b?WxjF z@2yA$X_}&XN7M0^{JCCEfBWH@`=~x3;#jf6FS(UX`|GSN)aIGZEN{&4Me0j2=|5wi z&hja_dMsu$N$$NZ)Uiw^P6Cmv#mH>OX45)+b|I})9>#f@Vgl@8wPVwPs@0p& zNmZqlbCY!T1%kC3CWP@~Z!klez?X;|^|<1S$^?)jYqtBYyvX+k6rZ1x+wcAgmk7Uc zbj2)(JHjNkG+|iN4!~=0w=_|Q6(4$4#OIU0VSs)-S3P=UddjI2xP+@`u@A4efwwDE z2yb})rWr#)K^D1nB&FS=GR*ijp0}y9Byx5X89(mfVf`RWZgPUVxCej~14~WVsT?Yy z+9b`;MKS(Hn@4`4o;jnx`ElJY{dg<Vb=2=l=+L2R175sRL6-JvCW&YtIz#=WiNXvDXoVy z7KYaQ=7-!mnJpBy_$InNgM#T(k8KT&CJgatzc=kdXL_}bzpOE(O+M)y!dB^BOxjDBKziue?7pE+xl$<|j-&|{vaB?^Bb92Po8 zSwHP>At@T*2aNP)_1&dLxtZ?+B9f`7u23DD%*|`)Enr{_@5lb;zD; zAUB6!*<`~q?Ri(%e@0jF^3rU4Sdz}7reC7DhK4>6=)=v;4+PqF=~~{-W0Qutt_BDQ z)<4_wY#(7|`NPpdQ%o~Q%7zvjhb|bv<3BHEvhKZ9%FXjwU4!3VQb=E!lv%EqeVYl3 zoP@3UXTB|d)Y8lZP!Tiec7dWayN~)3;9Xeg#x>L-@WDrkQ1p&g3AN>taNtuie!U>I zlaGhV3GEqqD5kk8>H#-;!<*_YFA~GpycXJ~&7qq*xG&a9b{1$@47Zy&8D_byq|cn1 z@1*H_)nw7m+UjTK)~%X&(NlIrdmfV1t<+1;4Ao-tP?u8IPV-h-5Wc8IOZ+N%-7(px z4;1R}ol$r4jset-zeJDib! zQQ^ZRrNxvwg|=3@eZ=Zqa((Mp=XE{mMiHtyKjHC{N#Y`jvIW8=<)-}{fiiKTUyg5= zKRqj@V|pi@|8Pph?tZ@&4_Aj25|Af{++fOT%LUkvE#$8gThnsja3L_b)+f%B3w9N9 zk8rDChwF(Z2W2R_`aGz>t^F(^8M&z@2w4YpBY0&h_Eg65@de)qd|R4;>R~BU=oqQG zX$qPfNrD3mCR?`a>&qCOqzp2Z3W>B%*^Kk$3;Nz1GOt2HGXMqvgP!tyw^6m;sbPqD zNU;dE-@Mi#Q&(L16Gg;1xvdA8X+~_Rvx*?INMaRl0RGA~4d#{_7;u98MD&K>i#^)ayUk!q(J~AzENoR;md7B+AouL|<YJ=5uJPDcNu(Bi7 z%ketZQ`qXIG9o&vtr+WOV)qB4;a;Ai;cdDHUZzIg0d(OV$ZLREF?!!7!q?($y0cxb zj_Rp%Bc|~R#|H?qrM0x2s>Rm38YFxE0IxW9ILH~TV?9E8CzaaElZbg70*`9Yx?}vAb zaA0#-Wa>3rA5Iaz0ne%&!hQZ1l9)>wuOL>2N)M^|s&Z8Wz39F08Vj5hpr_DAoahh8 zbBR($l6%WcL08O+IinZtTXNdFSkpv1>h1!| zROF7mICq`1z4@juw%*n(Wtlz6!?jp4c6gXhf^5T65S#2zUv^Tr|LW|}jurnl+~iLE zuyO7K@47SAR5p%U_NK0Z@Vhs0Rew?4$rs60PK6kT%@^j?rI7Sj%+_-MqPpL4bS9lu z*)yH|Qr#-FE>=ALqGwnnntYOGbGA4kSNu})uFN`VoN#d{YkF;Cz2xSmH}*oc_GNtU z-ff~wz;wa>Oop4UGa`o2yd%8SpA1%w<0jiI#+YX#>b^f4X1Q?#U1%hTTo4I~OIVV) zgvnJtc}!-PZ0&SA^bIIJSrK)$YmKYyAVl$jmwaM0d_K?dRZ9GJ_|~7$TXMe?ygs4u zKsln=yR3uj;Yj{?X;T^&KjKwK{o~t*D5CF>D)fWY=FAG~5=~uS)(t{2u-j_aIcuAH zGm#|-rfMx%D|vCTJJa)`_q&%=>h^PJEe*RAJ+pH11xptjrU};sJ-EV33z>5Pl@xnJP-r@teyiTD(@We_&BHj6Cu?3 zBH7-;c`PmVY@Ys8zf22pmcfes{whz|ZP3IK0FW8hL#i-Z1 zM=d;8)}fK@ItEZxm(JRXsaU4Zt&OY8x%-hd|99&v*ScOCWmI_56#Gh&?*e9FsGdby zqeYmwMwb?})0XX8jUhN^-BD{$NR_@8#g{Qy8q1z?c_tD#JjOfTt{Ep3Zg`paqODWK zEAzx28s=rFE3RHaAF7YrEYyKnXpFw`jn6)asjw+&e>-$LtU=yAMY zFNvIczqG}l>n)tRWc@%s`Qc0=ch+B2p58H5rwc~wm^ij2%TT7yEP=?b`Q4{B{Hxvd zDKM9Pj(bdjM|@Fc1yqNih}KcTpT7?lC{!$hlzQTvpsP21()FPJq+@t1~?D2bx=-nstKd>x!wMjL_se1l@ zQ89h>T?6T6qWiNMTn@4x@j3^JMqah4n%pE3$zii0|m(x^=y; zA80+A-)X!4{3LQc@o1MW8|q=O#g?$_k_)&wqSZI>X_Q}OIkVkyVB7kocjj>Ms}7dkk2Z_UudvqA?e{B4Spe! zcL7T=&Gr|86Nz;gMXGy%@7Ldn?nI5%y0ZJm53(;!?yu|PR?JeX1=Cc~Z=rPjp#I>u z%1Kgxuz0|;{;*b`Ns|>UEDw?9nC>>3PA>pv!KpDngKb$A44nUDPwmf4U9NbOv=@?f zEA!90<0T5QQ#^5PcMZJb2l)-Eqd6`TuqjwERXuv9$meo_LMYtZ&zKdTdSZ(gxL(F`|Mh!Z zNtsr592*9s`^i0F#bNC0e8Z2A7rG0%qDSEOp5OHAvbN%gnrVleCN&oPz5_Hnp3A+v z?=?H`Pi)0$3rDifGHFc4tYt?LW%9_|PZ3#tO6yFHuXT`!^|{9r57?Qn8!zwNTd~cE zJ$$Pg$t#{>c^x$bNiEJa1jB4ua%UI&yw-V+v6X7A#vVq+C_k8{*vZf}nV*9wYvU*{ zn!FdI6~w=&l9pKH@19l#ErqvZYvez3@5oReru(GHKhIrCu`+mLY@@y0eG@oA0}YP5 zE!V5`DPR)%TK6AmvH!16hZr9Jp^MfqoyE7`+JXbReR6FwSZH|51(%!4e9ih;P9mc$ z<}e{H@;BDmdTQ!tAsLDe{&o2JS-nm*37NZA+vVfgHmSV7lzxB`H9auqlen(qg5Tfy zZSLCQpyA34-XY&6z7sfPugF?Dcje;}i}C`mR7)!!3?vM6#S$3cU8uNs9%3l#Lm6^y zJG+(-T^!giGETyqdzSN5`df^rb84I9Om!nD)xHM3ZJ&PxtgeuE44m|qGhKjV>KQGW1KW6$o!W*YZL#}~pnVX_qaz^Oz5kICjeYo4%x zI5m#T@k@crky!0Qz^7X;QI1QTUS{i&4&oOk(OxHokbO&84au%bErOXQJGt5(1LGE% zfb_ao)QbVdCW-~VR4&Vj%%QCp+!6gSwA&gW8e4t;zHQl2Pb^_?$&^O6*E+ybcfVM4 z#(8>dy^^lVAVcV@^<^H^n5mDJyK}$g6z!m(e9Q#>mIgND&!PVJE+f;LaZX;omWnCK zV@_?*t%d{3#n|Nn5Ft+J`EMxkf{Qr;+=Sx(e(&1F`b^(Yib(JHPRuMTjo5e&)Vu0%N7j+%F|tULVFOfo=FKjw3=yQ_W~&(O@4@i&s^3d&`T@Tzgd z!ozJU`3qL8?E_y})NJYnqVUrvn7|WwV}4$C=!f%W08IiLP4j%UpvPNpriC|`QyS#7 zH@ofu=q8!>0%f~QOvs(g7Ea%4CazerrtqzcdhFA>8o-ZBm67!}`l4dU*?~^(x6pA@ zM#c540~3n@$3!)&f@+AbjpuYhNYQC>u&^$l9ys<{-V@FICuA1KqI_Nav+s$#BOCtj z=^+$ot|uOcqLjPe&B8vWNleEY}xdo{EyoUv;8x6GGn%lH=Vng z%ZfSkbJESgb>1@c=-Q9=t=DSlYQODS+a}bfum2>SG*?|8iTY9g^?KdiZ}q#O&+nq{ezAOg z*Nrp6YvJfCryl3aN~#C{x+RtB$Cor;;z(5Cg5hUPRH2VA*j_Q=sm`9A9|ln!y*ZKl zQ{3ay!KdT(UzfHn|AJrGPhMVA-x>dT`Tw5oI1ubq3NmP;5O7e~b9en`xrx(%=gNwUNLe5sSITL@rK>p99i0~=qAGwmT5}PvE+1F!8A&t z?T)5wW^dI&WE?CtaF04 z!s9l5a9vF(eTG|l>$liOQV!(PC5<(?t(JAhLfI)|5eE87`&y4bo#P>EiOJgssuN6G zNMTC0i>ziQjzzhqYQCl!h1nwRv9g#6X5z_scsZ?u=>~j74`96^IdO(x z{9+puR%q#)#?9Lm11l(S)}=6`W5C(5rO~DM@2bA*c9|v|F~3@EKl=|D5=DT$Mk|2m z(sEdZ7*MM?l_Ja4pac}HdHJv<0>&Ar?jiDy``McYT793*`|ZP4p|s}v1SM59BZr8g z-#TZwwW=`o-n)*Dbr{v{4D}y(3ji%Kd*)SpfX1{RLjjsf!k|DUaP`=~12!oK`dwW5 zo=3_YH=Nzlog941Qok$wCK~*MM_g?$W4f$L)_R3;X*d1B>}}6L`TPZocj3>S#Vy$j z9==)UlK=Tnae*7X3y0GpsegXnt)E)FN0{ZzkRNjRe?skwG{t7{tbA?9#BeYF=t)3b z1dFLS{yX~nY`8EeZM!TtBPaY2lbepht&V0On?ATt5h?cP6{}`jCINC|Cw3M1{4q!~ z?b4{lmIqfQM}Xz8Z}wU?k@beE*?tKk$Fdio!_GU6A}7x)c>v#v^ZS*w68c{;HhZ^X zd;Vk=>FRv}EvYq1DfD${ue9|hH63*L_|BUB=pI>V&k-Xp?GT{$PrehFlt(djORVI+ zPJ#VI6@~!=OpKB3&!d?HF2?~Hb3ANI8|?J<1jKM9)`)OuZ?C;KV%5i2Nu_z1 zxwLep*sfUMcNEY%rK=*rqMyLA4k#8+=ql~xf(CmAamNiS+zYmY-hcs2j_qDaj1ifU zMZ$kkAray2c6}|RZT#5?VyU#CvT@bD6jf9jvMnWP62d;ybbcG5=;oYh%;bQ7oy2%>v+v{R3GE6k15eh;ofgdO$}_w>d%fd?3!XjBo6!FfaNtL zGj3E_?<4gv+n~<%<9MS#D99kWmRks*pH!h8LLkzQKS_!wx08DsgG-g`cC`F{q#7)U zqZPHFn1Hztp_F7XA?6?1|5l`@+{+NV-|*nDb}A*~5t-Lg`_S0InRkG1R3NU$6OyO@ zahZag z^%>=5O-%ZI07;sfh79JmtHCRsmhrgJh+lbH*cTXezV^U$;ckXF&-vS1?nRV@G#-=! zz&Gf#&+<#I;;(h=MR{~1ma{rkV(ivIq>PvBYY2v)hOSvBZpb9PBc~KbrWh&=%eq;5Ibfv|k$nW-lW8q{!>gWCo z7Vb9dsYA#~$KMQL3!^+0&SbD6}{bckbp{Rhp(00ZsPY=j11E_N)OAstDK!V zDGEOu*Tc6fj9vycJw8t_#G8LS0~R|a_~sibnV-;eB>gL9u-s)+e=W1dQ|ye+2slDa zD8_2;xQgXcOYW#Ok3Kb~e~9_4JWf)`H~4oi2U^8>O? z`?Pp-F|KY{oTMteEs{&p4puATUGzSv#v;sM zh(0Uj9`TLGwjnQW&sy2fqXa=5?3?1e@8(kA+*cMBPVasPMx;&ei;j^P8RN5N>%0$1 zbaUDqZ)ukY_Aiqed5rxJWJVFC`1<{w7F-287F*s_&etSD_QTbx+8-0(6gx#2de15= zjqBlth;ZetGLdroHQ}WY!gc`A7Xb&_>(fa&3ro|y-=*r5;ICI_nB~SWD!gkq;(}vM&1@F6>P6C2 z`Rp`Md~n77ETP|^^LUVh*(aAV(-EMhxg0W9h#ws?Nt8q%69Q5&n!tnP^HI|=qR})= z;RirJ;}e(_>vKi}6Rs?JAN}h~&Sql9_Jt#(-OGvkS=R-_G}mM{JO9Y;gIuu^=wi^t zMOuRIxwGt{`RjOJk;xnH)HLaka_)wf|!9;2*!Fb>XH#dXEzXEV;`eCM|2=j3~B%*=+8n2L}( zIY6px8e4h=y80T2KuX7^^hn`#66G8HExj0t#x?!T2GSOO-B;btGJvQV^h{^9+%ZHo z2{wuGwHPxeSNn>oXDjuTx1g2Q1saq-=O==5Qb1%I6SLIzKEf?act@GOjK16`ok}kG zG>U)Xv(g4p!@I=1`CE!2-nO1yhsXqf7qlBWY@+E~rVp?}?itm5UxgPjDOQQe6m4QRMX$LZ0GxE0>h(V=#NArQL}$Y zY2aIY`vcB&(I0tjD1o#vQ=&HtcH%SF8ymh{@m~Ld-K9#uCMh+H$C_t#_XcO!^*+01@*mpQ{~oZh!NLkD{_rs3>S?=9W&>i6RqZrq zTzybYO3fFtqx1?^1g5ETd;AY~c+QCF^xCF-+vR)aJ=0l*66$+ujG+{mFDgUSbVN(% zeX&Xl+)JuN?JKpB=Gao1izr4-u6GCHkNhn5BfW~oY*cj2r~TR35>Gt~!=qseeOha) z;6dE~VDCMnnp)e1UDmQwRC?D%?DxRZ4&aLQf!} zxD*HwdMAV;y`xf9)OGUi{hcxP_`ZGqz2l5M#yNj7l4oX)IWsfoGw1W%_kCSowK{Zd zCN1PY)Q-+8_ES=iViYzDvRP5Wz!HSf%sZ%ap*YPzYCMtWhse@KmBsfLWO*CCe&sD@ zA?FuLcakz^2{Lr0Z)!cL(xI&P6sq7{qJ`}cTQBl%X{RKsN7_S-TFxy zkgTwc0~z@?nb`?NA{yYIV|nyaLGSF70z*4w-+UXWQhiuJPb#+`Q++E$eOu(NP!p(7 z>d}+pbx&DDmc^+s@vcaCh(A)b6>sI|xNi|uFiW(r3v%}n4>inhdFBS!wODFwT1K&^ z1@$&H@H7kPFAtFbj~oBum^aZ57Ba90BN=K9c(E9zItk zX$b;mF;{)Y24OF>Z|v%OYxngbWBXTE&HA!&5}W`Ns}$r#!Jgy>w8WZ|>0qS|`OUb4 zQ&xBRg8AB1t_v<|R9^KTCQllG?nq?Ii6EX{@deB-msd+})HY64ho;@SCtPBc=&6S^ zdv?n?RYEy;HN$#6FsTvZkgB`8x@0pAt*~2&vd%$~yji<4-TFtpf#g|D)7)aQtq>j% zJ0d_|A_XbBVJ=zYXoa+E`7KT=?RW%Mt0>1-rp%hbf0*>c>mwvX%%SG_{|ah?r)O>7 zUd{5DIWYA&DekEseZA|M>0&ayOJCW;{t&>wIS{<8I6W~a#r3M(Q9$0WDYZ5t>1sy~ z(uN*BE#!zAftt`4J~=MbA74fLCHVPfs6vs1Eiq>Sl295neVAcY7A-e)l>YJy<;3dP zaRTZntSc3Zc|BNOnL@yI8<#>=;eKiylTMYSRNh)1Tj{TVExspl-e z{>FKoYi=p0As?DE(dsXXSEdPYd~V2b9#ScEH~^!O)63l7Z`qu359LZ$7nPHZe)w9R zBSl!%Qb}4 zFCb`o*S4FJOY|$L5aob6AG2y|ZEqv>;A_0MvOh(yz~x#)e~sPJAN{oo*!-<18AP8a zOkQ~h>vkbA5r|6^sNC^&s>UX4o{&^Z^N1yfK;RDn&`_cynUo+Q^p%w6w;t@2m}+Ux zJ2vzR?CzA8BeC*`=f1I58M|6SPgy%6K(oojqZ5h3u?N@6=Gd$PueRW(+wsvMPN!9j zhx?*KZ=+$Bo8D8IR!|*@zO5T>%W{dJ)Sp$PGDlaCmAK7bsSw`S=giZ<)okGMoD2%F zRx1U{EdH@L!7?tPL=u7YB0Z@Za|MMrT!6m=)JvBPt%ZFJPVCbyL!dvmtv@{t(=XHA zasy)B3(sJqtDk#9G)Y%Kt^OyF<9{8xe^0{N6PH#)r0etzz?rr?uU6^7`VW?Enfu{S zO+FjySZ}B|_Buh=?G;wJ#Z{{~dUlEU7?c5ex{hty89~5Bf4{ZXirz+sm6RWOrd2`x zOt9_|6MgxkGXCF1Qj2=3rPq)@*7~;@kG?Zu0YBu2*IoZ%66D#VAh4vjC)x9(md%!f z|1i~s3e$flseI4*hl$b|l<(*7^Q)9BbF%gQ{mIqN)@P&M&y*RWx*2~Jg!#ZfOif{i zy7PC{e|PemNgDU~`gv2nC($b)#Mlbys%qey8W+&Mj+>9Lj}1m!CUk6jI&-DUOAeUY zXAWL9gn2iP%&Zqi)}(MV%n+sNfRj*#zBkjSKEC-M39?zd*~}$*G$6)=j0M}-L*G|s z`yqjK0V1*aTZ_jzwguvF7Q&t4q^(j^!Svx)C6 zJ2iL(BHhXCUn}$h!CAM^1iY~qFbf2gtv<5MBgb$|qW%jZ(PPdW~{q1&Qv*2Y>clLVwNB+m-9zrcy zQEH-`JzrAz`tn-sx@~xhwVL?W8z6p>jyK;zZeBz=ha(5P_YQNo#0rm9x$nDYa4&6;%Wo__}0#S$f#XcM8~# zwJh?iuG@es`e6Png<;Wyheq#@tqsMm!2{RU z#;fu(4STV^id6+FPnVkNmlzZD*Zvm3+>~KKKH`e{Q+lN=yO>OLnH@T`X>fcaqNK-Q zLE;foSbGMEkyKi#<{qO?n?P6XkM|kZ1`@&Pu{l{^dNcfvQW4w#`OR>LxPye9bt>(Sc z7~zGs&fr~&+W!%aSK)#c9QZQqKJRv)Ol$lvaLJ|W5L_eNA8~JWYM?{^ujKCQ?d=P0 z@M=E{^5V>vW$Lkb3{ZBa-&T>VJ4RJLOOkEEwBK+D$uNkO8mbPa3k5_FI!L_~jUNgG zE7ii%5;RT%_v+6MsnmK(?R~B&9W7*%zT_EpRDZ5&>-xbOFb)rEr(|px)Z{8Fz>zv~n zg=Npu1Mf`4D`vgmYvyvf^YIM*z0IaOOka?5s+$url2TA!vgXKXO5ISjmD&9L*Lzu| z3(JH?wRCGjN-CdS{LH7A1kXUqgn?0gN^g98e3c)~5Bp9VH9fmkk}_kBdt+Ra20I#N zV6V+rXAz@VBGn_O`gsxh=1_5$d=I;EG{g}RyEsK*m;pC~@suPH=D7#QIgu)K9$@s2 z&|Q}Ppc9|i6-oQHAO78ftqKpd>YuEBj|eN!zx6EJusZqeUnEn^TL*{tHS!OlWTw2i ztZ;x>;WmGJe*p)ng|WG2jBrQ;X)m?JpfH1|z}p;1>?@v|teh@&SZ~)X|u55qK z!~o66Q;z9{Be-29PIfI)&|S@{CITmyuA&i4VuurKW#80@xA}g4a^EomtP;$Kuw@tl zx(tm-RIHz*0o1If(F?Mco{~JAe<}JnNeO0sRkd#i$yzFDTB3Q@T>GGH4&ok^#FpcM zJ+BK@L72vYy|fXU@%`1=_dP+@x2ttTP~@{~SOZjKIa^IDRtjI-hAS&UAUL{(L5^Zm zyy7F&%JuG1QU*XRg*ss?s-=vnbh?d4EL!}aI{b(mm4HgFQe#W!Nm{5xi-h_kzdk_$ z${rWgAk+)=fO1{fc{oqFvqR6Hnh`$uV7)G8FxbY+-ZRpQeW$!SB@M<`YY=MKo8T5@ z75&B+f96~@GaXRZ#E`O2aS%rxB6bsrl3PCIsI7HyXH6fL2YD+J<;UoAR#9kar_glM4bm{)2Yv?myKqvG5N#n+` zse{s#m5;7PO?L6^tv`UvW0@(${uCw6ixm@_HBVGC;P}%M-Q!S4FFA+#KHz~jFOSa0 zH|bk!G@I@!r_qj?Rp)&6T7&U=<(k;^+90DUrKxKvlf0AXvG?W<;P5+1@Y5JfiJ>>m~G8grYgv&l& zn;uyEj0n!E_Z**gAL>G^*#|r1pe|RdQ4Sv!(W^z9&Vkey6VZL2Qq?rmYVC$XXXY{K z;r?|?=A$XtM17|k`F>v>x(NM#fRdFcb4DaMW;j z^4_ND2~BS@9rOeL+=SH@bu@;`+4<7un*pj@8|`ICC~d)#g!t>hMuz3+;*leai-Ud*aeEee+{D^arR>gir)ch| zS#~AlvGO-P?R;+^s7A6>*Xc^w#c1)%%4{UAX^_aN9`9`#g&@TV`>Bhi%HwzdW*&q) z&-Im!<{R-;rhORbB=dIl)y`C}*8Xaq_gkJdTfHw+5z)j?yDEy5u`3!%>N{@yK=Bt^ zTd8or$x)h~eNfx=uqp8^|IUv$oA93d;btC&R`+YQ0iWA;UG3gNa z=96HM>GanOJ(lM#&DZSfRqS?$LwN6Zw+i{5AXU<@?wa5<&KzNKu)Sf8v6Mep-<=aY zQdXHL-%onyFNx@G9mfd)zLgI(zU5$zAsl)}+^^#p5K}UI@nyZ5S|@}%_o7kmV}iV{ zer+G0^PK0ktJ|~Ok`C{7AdNB}(i65h;gmV1!2%_~71FgU<~&1m_55@(FvD@y5`OY5 zSEa*LMB_7)(Zlz^&SZF9vr6(1ctL_lP&iA7A)s*g)&(xN80Z$_fWNi zjy*WP8tHfbMr0o+@+Q+zI72itmTFE67B-^2%WbcfY`vE>#m}PO5W9Z4$i(lFM-{az z^%f+oUHJg9>&wGEIq^r+uyr*-WLZCk|6OEvb)Q=I)AGBXS8OuIW&{^{ylicAt;v@| zd-a7`Y~Zs4%5U-{^&F$+@ZKcw1%m~LP8*)!M}p3Ip_a~Sgktjjdizu6PXJz&dZ};Z zpoRrYl7KLG&cu%rn+=)%9S$`de0vHx13h)NKxz1nzB`w5L}XascU8P0+S`bI5@u;YD$KpF%Zs@7m1Dou3f2uz2-z##QL>PPA zXHcxu&Fg1{qdy3wR}BMa>?FJhUhqln0DrZUZ(X^hrG)L7BW}W)SB#uVu>vH^yqrGR z^2g2{DSt(WIpJFmLi>6-O^7{?hehy7^U^?(gjBid@PMm>=+fQnua9>?=d}1!zvLL9 zE^*{C>&e@OpV&D!HD^2zKtt$J)*p~9Kd%9H7uuI-19h!e6FZg5ANBB^*h+|Z`rY^L zS!tk&>38;d-$cNPt6jOkMGIiaJ$?>$w34^EGXO^Ue(UBcue`6E_4(etk%TOyP3z4e zb_pQK697+->5GUj!;5m46~K^ZCU*A5_EFtq^gaB&o=3z*$Xr9;8@5*OCP+a zETV&aOE&h>%Vw&XKoy~Mab-8R7$L(GXM`04ujMsSYsA1Z=PEw?aJ{dwT@C0cqf`F zq0v0=;NX1xj{R-taLPhMfRXF0nNhRkj*Uvj@?dLk#0vhaCtWUWEm#Nl;(oP!EPN%! z{whGT!&bO=`gJiZ2rg5Y&XrNn&nv$jb~BK}O^1$u&>b$EcGdG2V?Tm&JWt9x)DkyH z6@r}y+Ogd~+dYDXZs<$+XSO;tXP(Md0KHg$U6VfN_Wb|2ss2a9|9Ft^)$*;pWY=31 zS`0@p*B!UE;xuGB4=3ux6%t7Eu&(-Q8>~oNv6e~Ysw++UwqFT7bsWUQfXrId7tI73 zG(^Wrtg0N%-Ry5NH}&Juu^)pK%W;^Xb~3AgD(B0Emv`B!Ma@+O=uMMvY$s5Y8p&Wn ziqq!Ct|(UJiCy8kMrMFoN(0;FLCQz9MRr8w$F{1=-PYJ(W$nqj$7%c@0}C=($#>$r zK0^~fN`N!dT;9-e*{0d%pd{sHn@!)C+s;vp%#34|{buLAO5;A(<3NKoxXPmr8L{-< zll?qJ0|G8_l7N(TRM34q|2Xs?rj(pQVT2xdqH9YGp_=BIVhEcX6!&9LZr`D*(xKq) zdK15AwVd+s&J4?sc0_ngzxXPEH~OL7=j+~l$rrD`F!mZDwbkF$excniYO;_ntK#$; z1L*ee5wgb=IWsFMgeum5sU5oL{ACUb;poWDAewIA-+3MYOjTE4ryA^uv!SySVKt!{ zM;fe|f;+Iwu6@RAljczxN24ZbMI{M)Xh`JfR|=K|${Pf-o0gRz)_687`2U?5eh^&^ z{D&z|$sd%~p{(PcAQb(eifw(P`t3zT3MPXe&@;+?yQS4e>#2XHOy+`h@%C$)Z3+GL z$e}MHyEsfpIBsh{Sw?3*!aPjj(+Q-cD?2B0sdBy)=I#(j+7b7!hzxnd7&{Hk)kY}z z3r9fNZl39yw?^~1W@hM|uBk^iGMt+N&wItNvR)_aoC+hdr&Hi%D z1nJ33W#cK(zqL(+e_MJ#>l(YvIpybLnaSFzX#>2%tOn=kiId#5%!c5|6TmS|$=9Na zs}zn1y&-`bV&bpF@|}-wN{&+k&$jvEXSQkD50q|__LJUi^a!T}XOrz6CZWMr3i{VR zWPNi#dr!9(k~3-?77Cs)W&V4QUuZI-s?1Ne6e(9wi8nNW60TEc&IPLV7}9X6k5pD1(8AFVf`*(Jby5H&_Phk0&&*h+y$=p6e4&D^RB zOWH{JiL+K&4xLM-9+95zqH^Ad8UrV6No5fJ?J#+xee{ltVaT-flw}Y!tv28zUa2cfenntGNpMBxlSGafG z8yD)*58P`RkS)RR{xa!#Y?d6vIcicNCl7jDmyc+?9>=>p8)5nSQGjeWc{jv7p+Sdl zT?49Wg`P=4${uM{JF+POcv@s{sa5T3hQp>Hkj!BJ{DQbJ`>vt9aa!{6UJerNs&+R;n#__(3!v~Ao;V^Dh*`wki-d(< zC4I#^P#zXsG&+UoeKu#Z@guTy(QgAv9Ea~H4aBiGtS2C1_ev@-h};fF<8%eq&8OigOpSIdpxmp9C#Yx_@s!udSSVk;}-bS=y(bo{OQ2fyu~9kt)Qtf-_p*Ind|D5%#t!Z&^6+ByiE zN~B=@BW_S;Pn&K+nmxY@f1UaM{J;Fy?Aqu%C!1oM_Ex%f?UC-ns?M zI&;BIREK6-A*JZ{^-WJ|CXnNjNs}a7$&~k=(~kd8qF++6qdd0^|KzT z=Spz5p3aH5vwgUSHIP>(W-;*US+ycDQ$HhEje{YJ7M))$hO=gq(rpcKtJG>^e2Tq5 zE;OEOf?n+qln5^Vo57}xNKK(tp5{Th2Xud) z9s7IR<=sMM8B(PJ!8-muD=1pO(ZaAiD0W3^O9d*Ra)ntHo4;srn4n7!2qXpQNOSv^ zYfVI7;Blw?5xFjA-^&>ee_FUChSWr-4;qe^`>j^KmE1u~h6n(EY3Fuycxr$q#(dnb zoX^v1>bd0O_5DiT;l$f#5=1(JNOAy&U=xUA@#3v;@o0Ec!yd68LCpQdP16qpHzX!r zF2$q})v$7KgDpJNX}ijg@h{?V{(|Ve)-QXL7y6KDzBS}fF|m}a&jx-{B@E0zz9zT; zx1j+Yf+BIXe7nHAp8%Fp1B;Muo0Xe&KF$H!KxDLK`5u>cP+v?_5uHjMITuiImz ziC+da=F01*h8Jdvn^vi&?E+AsSxafJW)uDxqtM*GIaQE7jgsepig~6a(s}nr>4GLW z@D$WyhTBm*ky!q?VDPOc-r$I6SrK;8Of0c%R^;WOb_WYr?&|lxT#@d5m~5(wj_w#f z+ycR?m+~j3a;Vf#6=CL??SA=-0*Zt{FEprz9^bIw5Sd7k-!5X}m96AhH#QPcJyp=#L`NAqH|O%9ivT$18hK!s619uuMcvMm6P1Q^KH(#}WJK3{zdkbw^*g^Q@97RpuMGVxjJ{c9s>X=>0JXn29MyVR{n4%w?eU@)p zp9fv>QsaSkAuVQ!lS6hj281C}*s87?gw@wn~}{&9QI9iT8T*jq~n#?l4gfI4&3L zojmFhESk)Yc1Sc9cTN#wndUpDIMvCXqHhO!MtO{RFtJAv9T#=myU>U)_ znXjD7TS;(*H8`sB+quXs?5K9SG{VgJ$e@Tm(2CxXZ)jU^`Rr($ImrgPLLb3T_X~oO zl@u-d-guu&RvI$<`%3{vu&)xJcj+}3)!EBz)Y#^v`!?Wllh?=Fuu=~y!3RR$nz|&8 zvt};N8P9#=G83^>PIkkSZZRkBd^Gefkkgl!rjSyD3o_*yQ9Y*=uM~?UkSR}Bf9i-U zZ`tI*xJ$_EvC(?rQcath}O0iD#YOne)3>l;vJb=!OPIeENo70+&oIs zp(DNS_9X3KNTh_kOURrw>WQL~RHw%fRa<-@BSOZ7B-Jw~H)Z)}SDhvOyGD6s9CGe- zDj!dSyx6*_7{elhyUL_2E}UgHW3S_kYVX;Yyg+U56YG)4xB0Xuh9nqf2s!!ja*`#OlOUPt(5M~AT{ye!kptD=R2 z#%#Y<5_QNc1Ga+Wzh2c5ER^JXYJ(`fjyj&ImMC!eyJd=&z^B8DC`BHwh|YM6xnHOg zn`Ng&{KkU?D=04252wK^TA+cCgr*tT;Or_%R#u^073C_~a7rG6t3Q@_R=#ata>bgh zo20uYJJqm$*$WQF#L$ZFeM%8XP;q)uERyI@kSdRfJw7*5%dnVHxI?lhUFx@Q@e9V* zZgC&y$+ZC2HjCoX)d9{qB@8p$8d9_rk4oJ1sa3E9J70g#@AfD|>%FN~`Nax-0TSHQ z!{E5SDw}=REE#GHpg5$w2ItUSUw%4coF;7FG921Uo>+v>rALT%*Y*<5LZ%p`b1tF->`zdVEf$J>8{7mcBTa@oJj zMp+Jd0=V;>n2o@xM#hJ7xaznDU6`LD|HJgQ(AwSU;~Ro^F#KL{J=LBQ?VB@e*t`g; z#Y{VTF|mhd2f|Jkzf`VZyDr|HtnLkO4XTJ#syT#6jPwL3De@|}{1ju=CIdQ~06%j6S@-Z(iGqG;ZP4?is!g^F2 z{r-T!oaS7aYWTq5V5OZ>8=Fj=h+hxb&*3xaW72?WmaJQrhxRlSANhj##35=d~I8gHkgl&6y zjp0l!r>FhB=tclByAOs?!HQCR#?^AB+&!`6*)xnoGJPRU;dS9IbtU{toQNO#Q_8WSJ40AKuxVx#1CMc z=E3^#}*hCeU7j$j`St%8F{C;S7?gA z(L#Vt%975(s56F+hJQP4l{Eg#S|Mv(OPMwL=JgjV{8NBlrHxB{y5ikq`41$La7lM& z-Q@y`bLhy)S0d7^*%^dWhXW~;R0?e|F!Xx<{ex?ljOE*Y4;?2zY~bq}d%8!^5LQ6K z=pHWxh<)b=yWcect3E~#y7)!H8_K7s;ODG^;s}55{i?c5eZBMM<_b<%xrhV;5hKD9 z3_}Vx^(9#SbuU52OVTJoz#T7NlEeUmHq1IAWPprSJw8@k{KP2ho%2^XGjFr&I9CV= zX8Sw@o~RB_4TeX(m1u$$)w_4GZ3Suau>xGu$8>HGLxVFXxwXX&%!jrGC#5BKr18#I z{~WNJ=2_8JxpqG-=%V&3_g)t8bPrF9k!E83#}f0T)!`a&f&k^)Y7h%dQ{q;GaSUv7 z!3r>`*DYE2>`wna`JK(R1Rh(O&<^F$I>@GSdzNibD)y@2YlNg#w_^AYshavS(p$GN z>FDJ(utrydhN4;Ix^|+tq39z$AWMqwhL|G$B+H&Scd2^mEgGQmM-XL>RgI9>_11iE zIV{ejH7KcGnRSbI<}sf3@*>)kS1O;cH(k0-gLt|d-$}C<>kO|XZwU(~kauwRv40Ei zGdaAk&Y#ESvy-*5UnzN0_9*>(Mx712em}o5r+UdqDwdv`eSCJ~eWRl?EQrj`o1lk# zb+oscXb2u>pu&Mt7Re<{$xatudpS6NyhMJ8noy_x5w=t#7M{lHmTPTRPcarvbr%$`GcW`9fb0TdYp9Nk6G64&b7CY+m;uiq&uU0 zE+(`;6fS%Dl{rbnOZ!=d0Lbrk=LtK`y{BU2ds&8i`#fV-HEZnN>(fXGzZ=fit)S@~ zNo)!X&?2*sJn`zNm;P;$XYh^HoxdjRxm@7azQhfUSvx7kDBq%mTl41I?&LgDTE81(Ec%A7 zsQgK{qm3+xGWvZt|k+yQ@o%e>tk@+u=hb8M4oYyau-xU1Pvo44os!)o;> zIoE@V=ypSruNRZu)OFpz(a%SJv@89#H(QNzz2e~|`C}$s%q=0_90AkYC1x|ZBci)| zADhCxR}t&Sj}|x=6}V@eN#4V0kqw^63(7QemBzn%MZR9Xp;YJre|aPDN#?Sdvkc)+ zJ91@XO1UWU2Y(b}K&Hp>yt(8;@BH=BV1F=h>Xa*CTEy;6zqtiopaK3M+w>yMVb)FR zwHE_FqRCBcsyx^Kzu)Ws^Yj1sl9VsPf|+fAJ56%fER)R`M)(N~lh zpx~A$P-A0di(SvvtNk_fdfa~I>d%&-3y4jsJ?}LLq)*;jNp;1jcP&DVN)J;*;3iB} zp;kl;HtR%%XD&(2X{PF0HFQRq>@#R-Yj$F3v93ei;V{V_^iRYQdt`6vkq+}a3lBRq zK70-48dOFrQ8;A8JYxV_&}^4IpA?NgdOluBp{iQJLH)v@iLE>cxx=yOdt~85aYjrM zOIbQwLXWz*<7b&Q$z;2t?m`(FM$99)ftK!&3Nd~pm(g#n2r_qj;>x9NsGIF$yhlO)zno@P`HE!p$naG)u{F-^kW023m@5#vbg~ zpAhja&CF#xfU;A&qE2`leG~S@;yM|-+7=*J!S^AQGGVK+SLUY%opRWywz0$E4M3cV zRJuEK%>9YJtBUky)t6O58nhno5M%2}?DEs4gS(-Q!Egz5jr`m`)0tZ9wph}^zU6eM zWh$R@vwF|XL!l_5!K-MeUcFc&k5@=L3^aKn9PG~7SIh#gRE|TJbneR2mEugXJzAjP zt|^+&l60h1q!El?*>|o`!qx`qtoF%+7y;r(rMb6}p4-0u3})W8=H2Z*_22|L;Bb!z z9#Q~&437$n8PqzU=@q6Z0{5nJoE1`RwUPJBLJb*XOKnB7=8?X~SP(1QEuO$;{Hf3qe^JS303x2HW70&`Vv7g%o&8mRHp zQpW8e9F}w*PAnd&|CU5dUu4Dpmj@c=mQsyiTN z@U}P1GyFWEQMl#zf$M4Vu2TNQPy+$`OxU8Z{qt!}T&&=qym>|C+Gnm5uZx*G4)zYy zM}&&s0gFj(icNJB%Kh-wq2MlW8zQ*veKAItyW=0Gaz%MaT~lu^vS^=rF#hS;N8LVO zvv96j1r6ho?=^;Z?|u3&JO6K?E{rX2W*rMKY<%M61qa@?M_A|tzNuK;HQhrRuiQj# z!cX8BOO!;K?hl^C|Q?_%v-#}D2$eRk^WrC9`M^#xyE5a{kI z_;AxBzmKZCB5@F0vfCs>DE_0?Y)ZjkCIE^fpmTjaN0O4hZO@=q-S3R^Xzq6iqvlo9 z+HS=XYM)qbg|KgyZ0Yo-*4s=N0s3twphFX(=OR4}Nveuf=sXzp7sUSNdDu7Uben0N z-kwboO_kprw=T(=6B9GUmoH<+80DVNh<%41}tPPN37b$uX>q z&0CM5p4*b(5;@*Nq_Y>cNts8GT`?4vFE&e^%Fhi@rKnc#;RJ5Vp zkwLKFj(cy02q?}*GDWST2{?yS8|sZ>fZ{#q znm|-Jw|>qWuUAie!)$SLj)@Z8|1kZ0dyNQ$I)ZWGeCy;~6-|H-vAEw)4GwX4*xky& zlRvbpVg6xSacD!V8H(8&9pdtI`i|HPZTc*E3gfpoa2j|B6fT`4X)C4wDuGs=X;!j= zwprz?YCNPF5$~#yD6ZTFZ$)vOv#-8^l0)$!25^g$e(9nF>>#-xfjL>!$Lbpae<}ni zbPeeCsAUD=G*bOHGa3vW!8U!R{#%%A=f+%XW04|L+)vpSpu8X(x0!kfb6TPikTPMY zsh9^D-ZAgz)o30d=!iLt|%USvlgL!-;7!zD6H2=M z6Xi8ch(K&Mlv{8FU-hc-3M`mo(@n_Dn(K~{lm>x2#)BSj|v1fhhtme!`4VZV=$uu~kfd#2ecfqU} zMJGDXYz%*j@ceK%JN_%`)M&3~AnZ=nob9jAW(9{W4p}_T4s$i)C=Csba&;3dLarZp zh@Eg`ZbcU`;Mr0J$c*~CTpgLDo~tjYxjc{~?)RO(^?4tQ+jen@V-pmhX7Xol>GIXj ztMbq=M>;4$a%~F%ijr4s=0_38vxjiJZ+~B}VzYKK%1_k)5m_!*D6wrWhIkM&fPvZq zv3?P2eibv+DDbx%l_Xmhyc^&QK_rf=R$vs?R@X~s;0+o5Rs9arg{W6x!s#(r*vCf; zV5zxZXo4kSia1gq?tii`@x+nk`G59>_pYIY_qhVp&s3gi>qIeuDGbxzBJTWEU=6W5s2)@|md0jrwez6#*mKVQ}#I&EwU{l`w+ z%*Ol+jQcO>bvDMgA2`;|Jl0gJ*Mw)({!r4)XDBR!JHdv?7A*3k6^waa=`_|wW3y%-)^v=b?f|OiZl z^js073teHL_5x~Rdkc942Mh|TJ(wS|bn;l2O^kQ5VDd~J8WRmoy%V_#N2_MKJ#8r1 zk_HXcsR=*Dr0SZ^JEEi^d2sh@W|PGJKSrrmDmUiFvZe<`M*fq>>#; zF=_uHmg>6_4SI*_DY+$gJku!E6Y;XAC#qn_y!mQRr>^n`po_XWG8W5;uQf)C`|Oq?h{Dpdf~hoSLOp&|p#7nOHTHbGCZ-+J$LT zpO9fuB_f?cOhMIi!_B_4+xl|D^+Z&WtrudNkIw|%tCJV&6&*8mhHw9jyIeS*pp+F= z;fb0O?boz_ZSVa?pvO!{Im7dgD8H3|;;en{HD}MqiHZb=EQmve3iiXP;h?ig^YN$E z7CGNSdFb`OPw$$h*=VFiJNNBDBApURImHmDp`(@uEb+7x(ln{AyW}$4apNW1|dM$xkIFV%5_q1pUb_(5JFUeh@LWRO+-?PI6OtT5+cD5MrG+zpPpq%X)$wlsv=3*e!U z&5rePpY4dq`J5DQk&dn9^1R)5*uwZeb)%|gogpn-L!ySOL<&d+LtK?iq$3&_L2bsg zQWK-X4(xp0w6po&bN7}^FZ&KU zq~wWOO)9@SfyBUqLXD6e3D;Y06rrVE?WUjsUK-@iTgASh5F{2wTvI>XmXWO}#w8MS zL;OV2YyI{#aEVESdKn$Dd56V$`_+EB8IKDE>BMP*!|J+hy400?$((NYgQn0qu&HWz zo?ce#R@j}U&*o(soL&O?d8U<_vHuTK+pnD3w$5e9s3c7#43(c>i)nHi8X*;uys=cI8rVP4AD7S4Q00JhW+Jo?lYDcZ>zOik)9B4c+U0UzdFppbLq$j&yWb;}P8nuBqE$ z>TkXD_YUXo#o_MI{rtu*EoN^MNx_td@p9-(1COJ57MXhn*u;q~A_=o!YsV@c{~(p% zZjknms+bkr32|d%RLiK#O>B)*MK|$wS49dQ^52B3YlXSx?gMDovW(Tk^f8k4I4iDtT=f} z;jc2gWLvJK783X8r)K*|gBVhWPvWP35pDvc>IT_lFd}79&PrNu_UC<;eY2o7@b(K5 zWXZ7RC^N7n`|;tRaQc!&s;g3J3+GDWwJB?xD;LFj-gvpU&AR4J+orc>^HM6WNmDq* zJZIa+KetpRv@|fEyS0BKc3GJAdfPKcw)emw>S_KSK!sl5Zln7+Sxr2Ofrv!)uMA{< zTn+qgKNJ`f=iEzB2~U9yG@o&NgpD#i7Eq}eawr?ELtdF%x@a|+Z`knN(gV40FThP% zJK_F8&!7DD18nJkV)m0VyT7`~yZLw+y5VkZ@VzUXhA6Q zCyk=JOOM9+KepPwXs|g7Vx?{B&MsXEy@+;gNl6S!_v{ov`o7jy-?|;<1oSI?x;NT$YJmr{NeqoNU3BbEQH0U zKB638LpirFTQLyyr~9-!N0d`$&&8WBJ`P~_Qr^YYYJ5Z~ z4{F@&!vDTqDx~2N>GRoM^t%e(?KO3P$5VfCF|DqfsLK_-dPFSrn$)1oU2NZtyZ9?` z=Bay#_%}DJUA}!vl_i3beTF8i%p3b^4eu`REZB zc~(EOue($Z%L5d*$;wJ%`70x-j`co%_ErKaP1FBIkHM-vhgbG#u(*-3q|<9pTa!lo zpvq;(S8SS%mu8i}hU} zAeHg|X|LIpHnX&Rd(>n0|6=bg!`kZBbz%Bes8Cwm3ba_!P$*Kgh7>OnBtcpr6as z^hFarx23sLc&e_NSam_y%VpPi*n(lQ-$l^T(rq`J81Ib-#&YKJ7{YX_KTnS3)y=sl zKV7X-shGSp|C*wY_GT)_xPye8i&-#9PT;0S@koB-Wr84L&|L9{hHCru?&sq+5xLr~ zyW)Kr-Rg3GU^LXTk0Y~ePy!%&2lzWQ!Ob> z>*(kA>K@HHmqhXdR1d=68|Moy!@Da`gA|H!mF%`Xu5DUHRlQb{3!>kd00t(B>0h**stA<5uL}LoqVap3N$De>wQD$xN?%Y)BSSb>=!Uu(YF=}tBNM% z;!eq^z{+=a>-1Tiw+>~&j+^)C>`Q1_WVs#8q7A8-x-#Y(MLXt)#R))9OL`ODou?ss zJRL?5L6Yu{EoNWe(0+e{-#)(E*|hXk3>;V@=O+1#svDLF^xMk^>l4b8MwBBY(2m;{ z)w>n065s0yc85;_xzpbE7;mHnbS!;R90frVjaShT_6kY2B&+a>716JP**H}~u?v>B zi0Bw8irz{;`owOUIR`+TPREoZYQ~e5^;CT_`>AuP{v?ps2GyS162av2;>7j6t&xc@ z9=F-3?pms%rYjUWkt-wcoitq>&9YZ;j#%>iMvHD-@&8UfVUXG^;J0g{6ipbwItfov zA*3RqLQ%GTcz_8V_<4trbQV4wa3z)GWJ8JKGw~~ZRpm<<8s~Rv8-Oi`TG2u0CwkGY zvx%n%u!KM5NoWeCo&)|q5;fjpCEtFVki*8 zK=fLc8rMnIogxTv99sia-ml9(b@s_{nd_b(Gbl5n?+4?vO(ML7GBR zV~emebp|L&66-RlY?)iQGlh(B0i<+j;;&4gE^+l=A$GENsR)Bib6Qk zOCY`+KopwACFtL7HhfPzxDPxAa&2gV2w+Zgn5e`^%iVFT&?r`2>7=P*o-1!Xc|KDm zB@K(liKOI+;6zaSyol8?yPK_@jKAM!|G2I|&K~7h5v=v;eEsIi8SruE*J&s)E zPlIdyN2~rzI|_N9ul*#O)-!v(-nMmp1xT~7He0{JG-4qMPw3c+H#O^bk@BzgK1=BR zW}F92ifgMTdG8Sx0&Ql>h;*ibxkZ2TMVIF3i^LuatV(*UU0a*&X53uSqK#>K9m!QB zSjJ`$G?7$~SK(urBV+-s=V&tkhdJv%z{N8rB0jL_CldsOjuo z)<@lsAp+`AaV7{1@8VJsC@H}(AD!n+ugnQEz*yL_KrykLpy1#TbB?hp0uW{ZyeP!q z4%VXO1M1AWL>ll*bu@j2)n1*o1qFw|Lg04T4$S)vqWYlQJ>Aea4NHDzy*rw1dWeHe zorN|I)P_3bWu6sZdYdc%z06r022^KidAElfO-Be!oy z7t00;>ZvY~Qboq>a%TzTaS3h}N;G8;El=s_j#(zHsQenVY{O=Ag*>0C3IN?zV8(}X z!d5<`q?8-OB@z!2SieaDYgbAr6~vfxfU3#EhTH1nMEw)iw%Viy!Zu^JAMW?;sU0Nw zmy89OahyGGKeMRlylvBb(C(RjJl*b3qqQgVd}Y?GgXv+H+o9$42lY(C_kWW47zt0? zoV7yb-m0xQy6NTG+zHrn0{b%Rr1l`O^TYe9wNu~~)qyNh*2x@e-&z^xT-mz+es63v zY%%LC!+QQtvOss~gQ@RQ!qH9X`pVKOtH>q){T@NB<}U+3$<|q}=i6#Y@@8>hOmFbd z=jz%EIg9F9I(MkK;>?C69`K10*D@+}5dD*CRbCuR&iJt=jk`rps>Xs-Cb)TpFXcKD zvuO0Eu&$V{zNgE+pZjZSgs@S_({!nUjIT>}erCDzgW6MO`Pn-xYs^5Chad0v`Byj! zP7fJB`m?+L4XqG;nXl0xYwuePV&cZy)_6|Qb<;HG=(n`F z^UhwZtZU}Ej=E9AP01Su^%O5}Sn|bN7#H{J^qY9Z;1K*{P}Rg2KElo;Q7{G7#hp~< ztUe|#2X7#qv;dWpP*C0&yoO&Sp6yll zd|RI}GiWQBAYEYVL2%c{79K~&fLJnT-lfI3lq!{$VyO=4L{ImKc3`mrTo)oyd_3W3 z@tqgAjK=hy?jSNoJo@vXo1%JKPk1XlAVo8$ybXuCy>LDKC^Ls9&f*Vt5>QT5V;SF2&EcY*^sTnxWd7iG|rFtzB^9 z=l7Zg!_*INkUx06`GtA-{TxYBmT^NgryZBo;GEO^eJ5cTKw=}(h|&IrS~Y3c^|DS~ zg150*ejQe{8{|__^K9lT?eAO;hy?>if*93;*|5Vy^hVH8YAkmQXy00#%C6^>l^%^L zH^{&d^eXs_Jci6=j;gTnEdptUIV}}gsz4HVvUWsC?RAVpfdUW+?7`T%C1cj2n8h(8 zXHu!RURE^j3L6u16Vjyh6uM~TG9kb=e`sze$`uYpYcOXq;;&`q<)M%k@XHpQPPjnr@*bqj6N#5f z8s&UZClfDNhw!UV@TR zKeJ{dl2hDro)Mw^1!(kYj#0>Nkkd2>aSzmXF<(FC}IEfo}A+o3k zM}fc&qo`Xz(>~6HFRQrT z3ll1^FFixK+JHt?$aQcC@SjNn#4;REq1&h1lIpHRQQM0qMu~0?2!1^ ze3LSTI3n6)tlQHSKccHX0A2mi(C5T8;@u=hPd~PiWsRoww#Co zo36DBi!WBoPvvC3-!D!>JCiKgBN==}bZ%ore24R|sjz#xQ6DG=W&5Gtxe`fvFjV4#S@ zn|u1hNK=x7_Inf>~&9M^225W)9v#6FD14g zwEifpo6}!)@Dp#np;#u@3mRvH)?U49hh8&4b#gt*4iQ!@31Awu*VC@A)MgbzVuN&7 zcp~}ZhjG*Rcv|eb0$N|@NfU7K7%>>;UXeM0+gh|^Yt>$1yJC}Bn_X4d+zg07W2LWs zLg$4Rt?TK9xseWXI~(c>_*`sX_3acIGJ54pWsh*Ap}=4v*p`{i;8pVlqH91AiRp5( z@abJ=91){g^;$3c%;9Njd;8;}jV@(Bb5Pw{Jrsh<8|gO<$g8F>H*AqS6olU8ZQ4ja zJ8Tj+8TA=d(UxzC*%8vn5f`+ji5payW6C$W_UNBA`mg;L9yuQDvv_zpV-XfAUEZY&Y(KeN%_T|My49|3Li(8QwQNMbG)y{&(f%^O1%VrU(LLx ziBvm^)>vU_s~G^4t_a>u2Mu-jtw8$c6~HZWH8`iC=Cl!ICj4OsJOjL(!nB*X>xPVETTdrttCYg{?W_>h1aRRVH*q&P1=|J!8m8T<(LO4Bzp%CEZkKq;31- zhVMz(o*K#-b=Zk#A~t{_@5;*oP26CvoLS8iOSxeyFcqGzQD)T<{47R|Pcd5tCqtbdw&HNF|3>Mt02qM7 zHVeP9F%>Pq%_+=_)2v#F%9P;6)U^~n3xV8Z;LyMI=QnK2GUL3H4trK-9$rUeNXp97 zjMwoQ^b*I{t*I9%JZ0SX<5)wo|7fW*n5+{)t@cX5V{^60r61f+;L3{VW^Gs9zpZ-qf8|+P*a!-DXjwzNNQBU4QQx(~xeGw{ym2 zHQdZqeDehpSWc{O;E2f{*dYwD)Ff$HA-7B2`BWmbFbrN~n}E)DCJA|=F%VqlSYBQp zI*j|E-tp~w-5-;N?o=kW-Y=@BRo%N;cntaZ=H6?t$jRh8-4*xXu^)m*cAHy{N*P5^F<(=fRDmU3!1OU^9u&r7Jy&uc1B^88Hb*_Y2cLT*o~tq8l~?z& zus|P^>Nbe6ad_58J`&gq19diXdDRfZT2=O3&2{!Me1&{oMV@}v-sT^ zMakPP1&UV|GR@nfl4$RZCOyzapp>FB*HmFwGQ+})B;W;#IK1Iz6T0xUmSmXqfumXtWU6 zO~bgYkJ+4wuXsF*?HlVk_{Rv&w|z_cS7OU#5COjNj3K~9gcQOxo4<5ysIy86fRsLe z55M9E&Q@K?G_e@$!@%x|WR?RGoU>I`~V11aq8%3By2bVTrR)Xf;oR zxs<`Rt#949g)k2wf4koExzYC}Z1OF6w}-jV+sl1Qg9BWYT6?_MGL*K4hV%;5Um8bZ zQGaeBNnpbb{qXuemB#04I6;d_azzkn)Ktv%OS=VJ?9_+AakVCJ={i-3lag&$+cguR zmIpC1LW_3FnRucgj?kNYr=sPhJWIBP&NhFFFmka(q`<{Xm`k{M#OMP5d~$dt=9a8u z!HYYEA?nf{qcFn#n3Xe$6zn1et0QH(&JH+s?%J-y2fxq;IGq{*G4xK(#3B0?gFbbm z3WydQzBC0)%6qNQli1AxvzLDK@T)3!C?8#wlQ?B_fJTPobPKkyop7 z3cOyafnxGsbH?6B0!J00d?nL^>*SSVV=123CzPQaNG`D-YKA*K2rP4c0Ns6QMUyx^ zMadwQooM?qX-y~fGYDPcT>i&a<_Lgd#Ad!3)ii|-Risqg?3GU=rPmpi;>tDnxu}t< z!v(sgRW3jnT7x%hLw@G9tV1LXZR^D;MT$NXy?(jHrG=QxOdGZ#5lEU59nd&DqQF9z zlf_mWm^Y{?T)n)2SVcB^n7)m-XUz18isUIM^q$i*Xy*=&P!>XD84fC8QsGWUx8Iv4 z6#w?7{eATU*}nGVccpFrGRf`6;jb5ku_zPR=Le#bARl|S7Q{f7=@xyj*1(nb0qIt^ z{zRD#^oBb!1B7cy+~_Evn|t!}uV`$6l>O4y){gIHJ(|f!_}4tX@B-U(FEn5{Kt%taSNzv6|Iy=Im34|ah+WjJ7zH21 zRg$+$3s;g*;^g9(xwV<~Ul{Sv?cY}qBu;b!{VBg-_{)SddPP_6YWBW$IC)+(u<8V3 zoY05N5=Eb|ulkYi;;xl@hTTf5oXtJ}9Z#$&syWlz_ju~>pf=pIsz~s|=YPQu|1$Ak zqA+miikpHBnZZcn;#k~@JrY3r%H)=`!$wS;|%(X$(YF4e-H7bL4aR=`*q&w_}8CJw#I%7HqeMhcki zFxT^M5m2WdGZy{F?t|5#q9KQ{IxKRC7-^>ArP=Jn&odu#Ru&$(>dpE`mK~P$vQpPyhi4!P=HXH+7taEQ73`0~5Zfp)M$N|6`cnVj`|W?hYicE}UjbIt z!Tza-kV0AzJo!}Jv3Z^5dg_>j&*(BIr-;vw-;@ftNx5|hulY$@bVI}w;P+dB>RX%2 z?zp|o>q?`8%TAUEpzC#1s8^I;Sq!rO$fPHSMy+6+#UPUJ9^HWSkeN6o{MMqK%f0pI z?f0X%h!!a*<_aY_IR;P^Dd` zvGAmFT~I?at}--+KW{Ac8e*uUw-Sz%tA+-zFhFP%Ky@?Gk${BED%UJ6dcj8ZlDy?0 zdxLNxVqk4>>BCVeEFXVcUc>}rqDnx+xVhu`{=NC`{o%?mn(yV$M(q7RJc;SO4Gk+@ z{{&Y+OH4-$dEVfUE8y!^^X_wJhDagkUOky$@n5z-`4rOsO|9cqKM|_a&fmC@%O4aih(1+nEgZs#k#uY zHrV6is~9Vas`MazgoXNhCK1POv|Ew<%nsv%39(51(_k2#!l?bLr!k^fD)j9JN>ZxD zpnB$*a~>oG%lIDfFc~(n8{`LktP=u#-mkud9)@$4BN!!)#KF2Y8o}M*?}G9ZMAlBN zi;4&&tC*vjUQI5(Ih3_7LVs{f_x_^?kS9|qhVw+YoIBC8k!}thslX)^a>t7p5rHJs z1#eE0MNBHlmWBb2a;2UkG3%x#hy)vbCU5}a$B?TFRlDN*Pmlpc9_6-SL3pgwJjS=w zsgEh+Qxz5PM*hg!K8%0Dg9jmyv{I(14+zav_(|sZ9F?7HJ+ecEMhBxmBuQ3Cmfuzy z8Vq2uuy8V`B5meyQ(xd6V6fqf;Z#a$7(lA0VEFz5JN(KTj{7vEqr%lMZDd>s?;vp! zq0yLBpaDO66`epEBX5u&Q)R-5AOOKYpfegh2Q(?`Vx@dTMrNLmP2M!U3W0r`3-Nkj zd%qgV1U3*-S}wqSshMR= z3;E)NmTC6E=e;JE*51CLr3=FyZ9cIcete#&UUs1Ay@yK6Ub}Z&$Z?!G@_ykDpYhb` zKb=i(+*Iq<^f*FqzCDuE9Y)FDlPh5r+1`11^jLhWl>Kk!w-OA(Z}j2QYE?Ght_3ee zrDxsfzfuJMc*yhPL}yz!O&(qI!Y^WQcUdd^hMlsy&nctdM-89+pmxci>G-6S&3|3x zB`j`P=IMh&Gm~eAle0yXIpNgfyGj*-<(=zFFkO@gU6jTenl493v4VjRRyvJ_#1qvp zuJJl?&QG~+jL)gDB{MyIGjLFL+5FaZ-}WF84QZXJ*H{b}I9o?5$tHWytLcz=SOCbH zIj77CM58RC4N`AJN02%Z8QFhicgh_)UQxgPfp5zE7Hp5PZ=B(P*Rt{~U)|q<%@%l12KXPE`H3zv2nC+kNfeqL5iK*>odcwk&zA2`Z(b#) zOGWANxR3_A5=X|YO+7c8l3+4OY-yX4_c_F*plwI=kD^hDgQxHnCxGI z*!@-2|KjI=KEjCXe9n6Oy9c^u&S`v;^lAIvj|roZYdvO(fQsOAmaSa_3%9h$n3ZzG@SRVo7M_Mm4_5U!JQ`p_xHa zFHxZ=N;|KqHx!S`ddhko_2;-M(#LoeM!;`3?Hhp$Q8|dqX1TK7nRYzzkfm9$uST`j zhs{n-7jwVBu~F!ekxq|#6IkjsG`3b)e|fXSp{FO3d=ljyi(r3kS__S}?Gbr`4K4LV z)22ZtSc>XMx>a7T3@y|2SgL}zRH)*}pJWq4YR&?PVKr#cmj8a#wJ`(N?W5N_ak~5J zw@zk$k~yE%pDnev)o=I{ev(bH^;Z|A4+LdrrsH4u{O#ApLx$6hqx$1koW-{_k#OlO z--y)|g#6AVEccT;q$v_+ZykxN!6m_+1T&w+P$0dD_DE#|^GmgO;kR^{;zFz(YP3Qo z0j~kq9?$tnwn6O~{O!<|{hq!Id@ISWxJu|Mw)Byo{ASplOsLMXUT$?TTt35-#8fs$ z?~3YA1?gZVwhOCM)mYU(s-8aJG#r44mB;qCA$-%H;Tzg5?8A!&OsWOVwD`v$(VD(d zq`22mJQzfD#Uf#NcmXK~tERj_Kr=!>^^GLQLww@7k}6S#z{@*tcA9CmEH|p0y$E`M zNm#2;#@$1|GJ2?O$!nkH$gPWl2P{Hy}J5eI# zZBpX^NQq$vS*m*H7XIwh|H1p2yB_coCGonYQk0d!xM8xW%Yh|dAGJ#mWx4#s_;C_} zoa-sL$eEP8XFrEhQIS}&>8ryTZSF)fASCfW=+9@=ZCEdJ1y$X)1=HI578xd+OHG!F znL#*{!V>XnAKzEhHX8&x?k+u5S{(aH76%0a*A+@6UybFZRdpn5D9()}s?mL$c-mt4 zqCC<)H@gR_b#JVLorVs4Gp{16=Y@4aE7E4(q_2EzaL#3}XnlNa+lB)Bwus_oq|2h= z?x)6etV|k%P!V)h1E8z|edX|!d3I4qO(Qqx-o^IU0#M`0rJ7j4;*Ms3|3n$TWL%ZW z2}YDD9`LBUy>j>L=F@1{rCMMnt}-cUE+BW+V#T6)e0Jzo+Ke=|U>A_iuBkfF**7~| z$c-_6$#$+~&=6{l=Mj}WxuXcTB=p+T2RioDs2H{4nx{<>S<2RZP+%jh(^#ZmR zU7!c2tz|l&U{7Eb`$_elTNFpeFw~ z{kz86r7(YnqgMZU$K4>efiZB7rv5-|>lSGmvMZlecO)o3Wn5k1arXc$^Z19Uuz2zk zgP}W2rmpOj@Z2&x=dwJ8(yuDs{)g5NoZI^%!gQIh`3mJ)){x!YN$t~FUuD9Jqj{6+ zFAp0=$H)nj|NUQc&UJc}pXlt2b!E)PV^Tni3pTTvwbzkgAe4HSIo=B{URQ%U9Iq)~ z+H$&b4lQT%rNA4JbC{dyOJjqsptHzU0d`iE9O-8|C&mBigrzDh=OzMC!+s6B7@~Ugx^aixK_T@!irR0tI;7gxwV& z$xlEMcgKejF|eVbRAznnlHQA>7HlQQre06n%5wQ=QW{Xh%D5x(xTKEI-2337nP&>i zflmTt*v$9f3i^1XZh69YfBb|*lU0ac9>U^RFs7iPTIRvWNT3rY1y|*aTIxVo0eis4 z*>#bB!Rao0&PeWsG}nbGo(8D|{3N^Kr}yhgM|(G<7;_w|VI;ZG^N-5F){%k;l} z{&>72pvsC1wV4UkNwu}24=Um)4N{Xv>mmUXI-yqsi}~k$99zL^_OE5}TUlzpQh@TA z-~yNda(aw+hsk_UN|a|<$p1a;Sw+jMaB<3<;{A35fvjXh;HI#13r>nJ%QOI*1FNDE z&8BcN5)7_lz2!uoXY~piB_>`hBFSlOY3ZQU|8;OYB|De}%rbz8zIs7L1=kRZe3pPw z19bj^K#%F9p8Fux;|*UY%?rlR9tCD*V6R~f&q(X)Gl@i4k3(6Q^Nn#h|Av_K0flAZ+Yz0BPK00k07&_8QU{mj}H09=PL37 zey;^&wS+(P)4NdJOMCP86aK|ZYjS#Fr_PX9ljo|~yN5Z+1m2IU?Y&!bpYqEZv|u0u zc>Q&~fP%TT>EWnPBk=?;5byknjIXfXPE^>9)#k9{`Q5X2Bu|_^oBcnt4R}8+-TwaY z5Cy{m9f$d{L7VmQyaVut>_OXMcYMv#DLOh_qA%m0oh@y@#*q0gS9Mu*0AiyL;ih5P=qH@(B;&_t4gZR=7tQlbo>W^cciBvI-Rv@@Uf=RI%pn(mQC_2@2 zPl@17U~W%Ywbh?OlPz`&R|UgIKNLQwmiNsTg!# zithq7DwI@czB+ApNgN`aGJMW*V@0p0-uS9M>$YEya{AP{_&SZwHOT-nS)bfE$O!bE z^T16ohYWo6uA1lZ=o)=f4VZ`cz+WkCT#=3gPY&0)eCp)=VSm#(R&}}BVB1joJ!N5? zLtsS)2Bo!NMqu>ZmbU6AStSBdlV<6_0p)5TxnVlHMCiWw<-y(3 zrnw|D`Ht=D03xd0wY)%liqYrJhr(`^De-;Su)FSXOPrUeq6USNq-q_!u+N(@QVoPA zlsI953>+vI0_@aJ-j4 zv~xFa`N_3R-jRPp`ID?Q|Mrcv`KZ03X{`*+DTu?g&Np_h#k%hk(X+RPisCDx@b`;b z9M0bjD*Hy{cgMAj-?ao(yo@81NZ0FPDUEoZ6 zm$hILA^CZe$ryjVVx*X8V=QZTL9GdO(|$||btKGI(^JXFT>_gc%x(MVQc<0arnK?P zz|w~uj2K`00-6LUgQdb&e+^N!cn3AK4J%q2Gy@IPZalihwMNIYvZ5pEiHvX8RHFeEn$A&FQ67G67!)WmigsX-86N%l!mC=TZP5_n*7H$q`SKuKQ@4X zQxhqhX%DOdnZ|}2ju^GOoj9;=vxuv%O8g%&LzkB*%fas66hez>AyiMGzG zIYspj^|SL+SK{0T9Zw3ix2**Djkw#|QEqCX{;jkUFZ$`GX;i^lcC*g>g@s(;OG%^) z^tqFT1K?N~39qRx%vB=drPY8*bv1=1E+&SytP>H2Tp)~jUPR0nQPG%;w)rK_OnBZr zwhfg{QVO4Svg|G?r$L{ zePU1h{go`?~l>>nF$MPW_I=*SoDhu9^-isyHHq)rSk_ek9_{J~G6K zn!pxkRS13**q>x|xuo&>MOA2{KEhMR(dUnNENxhXNJM=>(Zc{OLYktepXw~>5M!xc zwL?SF@br=Mm%sw~$Z<0=}~?TA~9(1FFZ=3mCid(8;#)tu2iv=cRDZKG+GO{I7=ClUYPw%(SJ zYBV557V|6{9pef$T8b087aLY!qZvRN@tw=xZN;o!bX{&ZssVJyEan!4Mi{qqWaUOG z$*5F;_LL%_TYcK*ie~zc*DzM)Q63Rd*|q53 zyAhj$smW>`Mk5imA?5ziPjalXYJtq(u_CDA(|P61l^^f#=3c0O^Xs8Oc4r}cYV0ok zkr2ZkD-Xko+@bDi@4@pl|LUJ)J;2>*@gHcX%J%>{$e#!Q`6W@Njn#jN_2iQ^$_!y;wJF9!pEfG1&)J* z2M9C{4uR_}@0UslOy&)V)BPGmD)gYMFDLUGIJj2U)s1g$Mu^MlNbDiD^>Eem5I&kJ zA&=)K6AH(U+g|;Vq$!b^#0tzsM|**P!FhmQ5l8=NLuHq#sbxczS46X7srEB-74&9GUt%{>L}4}bc0(eVf*8P=u%@wjvg^ybr#UOEQH6_m1h`Kp>+qZm7yop z?8=fMh~b!DGch@PLE*q3wfx#I@mHmFdnin;=2T>*R(}JX|gVd72Sdnqjc=~SvqIeez4crz{ zH;lw0uIf@qVi0nNvyo4GH`KjnGL6yJ5Y$rZ$Q8Inn#NW5_2=H(eNQRX9+W2tJc(p$ z88E%CgyMYd06GrOGk?WlC;qq(NIni#+#|w?718?TJajvpsn$PC$KKycK`h@ER=oDG%3dE1%}4 zEZsa!n-6J^nwsHcD|2p_($ay0QKhTUF9DfLo!U+O*wplvB^e9?H)zl=q9U zT$eOTfQZk{h9WW-?%Dn%TRbD*QF3@({31TGJ&5gud+O502|BzXZ1~QH;iG}856_~$ z`72ntuw1(4aWp4k5$NxLxOVENwaeP}6yylsrttBO817 z_CMSU|6Aa0{ojGRYX3XnE=3w!?|X-4-d8_XnM*OEN4K^Cr7o*y@n^iIHhWSM;r66` zvfEsD&RW0ugI`oDCzQ0WM5<~96xB`+>Q#s+tuDYFRMYmoWYWcZT+e;}%^bJ&rGxVU zG8H1|g#Q>)!4KX!M{sj@mAKlv{F*Vs$0JlRZrIvf5D-hpdE+T8ivDiGdMBFbiN zB?6R&&}xBc6M{0P6GD2@27%1Jze+vy+W;ozWgMU zn_&mxev+|NU6*RwX!9Ou>HPL1nI@beuH1y=#-@L&a{(`QlhjcE4v4X7x>i2(;;b0x zb2fg@*V2>9)4lYlK*B1wW^VlSUj^cuQ5kPFAs_IsClfcUwCI5 zC}!1CES3_Y4IXxIfL;X*+o-?U>clpmej`eGE(48CgaqqABZ+bWF=pHW#K&(5Ks6)L zZh&i7^5tZe_D)&8p~x~v0M5}@3D8vPd!*PGNRM9E`zmhmD_&F<4#h)n0k2zQEBrklk0d=3w4L)^nPE=r+O{#0cKP9V zCkqhtf`lRw=IMiv)rk22QP2IU<|)Zpq3)J7RK)Wo`lG+?DJ*^HT8dGvXeVF$wI6l+ zzK``2L&bak3K+Wm-+sHH(u5W)5v6JmQw|vGf+IDXur-NG z#ehgbd`)UvM7}a5+!n-mB8i-uk3(qyv$-wLTiv!C7Wz|Ca=7tFTjLM{b=mWS9MvPK zVuA&HKu1!O+xR%NAkra&g&;U5$DGIlu+7=0g3^gGwpJ8O@&4(-pT2B8M^5A*0qIKe8q}pWUtpKv-IG~ zccV9N31pdujK%T*QlQf*cHW*F(|w!!sl%+=U;( zWN$V z-zL@O--AK}!3;JnUrt}34^Jy!9JOt6Y;8bxL3Z6*o}E?4n|}s=&L2nA$kmcDKa4W_ zz$Ev8`{d8&ICn$V>a6cUMW1zj@zTBe?;9QI>;4TNwoj+doQjI5iUM@uO-zm}ynh}{ zMs}<2;(3JSQn=s6OI9TPZ2q_hF(W-g2t@yO980I`JV~k7@QH%T<-Ey)9_v1^WQzD;Y*YjY7=t{se@d{g8SLAW(W=Zw`Z&mA zYmV140;g18#0R**2W$$T#SZ24I}g7~@PHMix|?~eHuuy*UA{Hyq356XqsO9^aA3~W z5?0xc;3ZZ>PoM<4BtjP!a4zf7->OP>n;ajxe^oO1G_gL7t?muq)53?=#@vgF5p|8A z3ssG5niHpgVs%Q2;QK}4Q1AQQNXw;xF9(6)c-HrSpu1|4l? zj75QJk}oO!4Lu2PwA$$;2?Yr^98c_C1X=M8OU(`-wcb7+IV^PE`JK3eWYPacoNq|` zL$fWems|haAN2P>>Tk>c9^(9>-T~o3fdQ^$@NT;A5_56QvpBv(&#N2+9h=f-1|mdW zA}7U@uweF`lmZMZ@FdBf?luN@i``uI%JCQr5v!PcQtM`*bX7mcBwL{^F&bzfjUw~t z?G{XG47`iZcbxc`rTbC{;cBJj$FWL1TLyqUUaK& zck>tMYX!l&<@dhk`zlQIW=m&#-Z4Hxy1?IGc7@L|qSp}_Vn3U^4i$Fct6N#>R2_n& zfi2*#vqi1$uRAHEF-vvARfkC!V6tS%*mEz#dn9RwqntNOb2=0{Js4feuZ zcfEnBGhI^0f|3>$p59KwhSS{nG~~(SL?WC%!aSKGyfrO^qn|bvRuedGLMZUGQSFE4 zB~}zlH6$n*W;6jKa$>A738C$*B)Vn(9ST9LpLn53CEl1VL3ZqsU!iiN!AE+#cB*wyP9%0MC+y)7t1_wgE3ZpTlJo>5aOrwW=#zGA#7 zl%`yuo^#CSdsQ9Xe@Ivu`Yc)T2In&_l>Z$Yvghn(wfMi-dkd(xx^-=vx8 zf_ss+xNEQwC=w`MBsk@5DPEvRf+nn!@TUdVAnLel5SESy7G4@(Ek(lTBu z&C}7-(}o_#jE!~E3G%kBbTUu9w|Lm1FSg@~AaLRH3RZxbOiTsnz&t?`B?vZ*aRFzE zpxMOpI^jAmH|>D5c#kc1Se0J2!R4mR0JAbmT3!&Cr*P=c3pgf9wa83jSs=*7X2k)B>0v{TTa(moB0bE%$~Ybz-RI{I`b=6?FPNl=h}`=f%C(4+@@pPg_qKC4$aj$~T{lr|PRZ#z*djN9H~Yjx_o zW*xe;oAkWzEr9IHUz`8WE!-oTZ{0R@<~si*!hBY<_~P0tpU~G|pqTTWVej|mU$6B) z{e6G;v32!zMtg^}555(v$kELPJE7LoqW8?cCzSg8&NNO4W)Frn_kQ{ZZM&W0?7G$F z{q6JHi}`F-sPfr8M&I7`jFoh1MzOM!RB5a>U(lrBqkmBQhT1gG)mOPzD-t?&Aj$3H zfWmTme98o7zJ2RT3)N0qm|tKO$rDa#&iHBit+=C^or||5&equH8%+s?L`0XXjh#y` zFYfn9rw#z>+H&wja9Gg}3YMR-vutG*NfpSc|$} zWUay4?`QkNg9+TMIeDr@P*EY?zx5$AV|LR7?k{7>#O{a=&vhDlLaWLE1w);;2Rrf- zX_mzXTb)2#zIiEm-!ESY&ahPYe;&Lr`aT78e)zng$#k!5h3X_s8U#e3oLDmwVmp{} z@ZH_8LSw`ria;;HHKcz1ApTo5OWH+#V_Nvs;qJB?G?1|R29a8dfV|$y0fiNiRz&1z z7_S&LymcLU{rR@WPok_-#sM<*fEPoR|IAhH#|OmQJwp6du_3}-lU91&I`X(7;%wE6 zs)}POxkQU=#`xPGX1q{_4wcjHLhuj>OckwKgQ6Zl;|7s$+|)@RXQaInl)RJ#BOq#F z(tx8;+1~Utc0USHp{jK}XN4pDkq`FSv1X;sRonZxm=**E_sO!f$Q(7-lN# z#5+_Dhd-sF-v$Vem3vk?y1hB;Pr=>bin0$9dFnL{epb5H#6k$>vau;R9IfQoMK!iD zw;w(6cP)q?a#}=XANB2ARyzmWZ&K-}H}19^4P7_uxpajsuW2`p=dF1j77J`r z;|sg;&^{cOuVdx`blx>CI77K&Nct}z~yv{*q3eV zgHjxO646m8u{#kJ2b`ZQbUd>z7AT9p&=yqxcAA}X82o@CyYaJ(^4wrDwkj&~0iVhb)9wk@~C$5At)Tk56tqeV^>VoHj z;s_!gWg@X-*f`f6jB^ZYlKpn-YG`fsdz6V z;_2Q%JHzr(rrMi}mtCx@$r$JJ%2QU@)y>9d9(3F2*Y#MJSsC~m<}~+}icyJmSaL#= zG>x2>AuxpC1_%5^J8pF}j>!4KE`=9k{q`(xZnH7GtbqV4BsjeuwYHU?rmPc)oL0FY zNYqavwE+)nMS=~{8x97|%MVsIqNI&FSaa=TzPcPhPRLGEIaTa6{EUhCx zzum0DXC>k2<(a-%HIy5fR_fQj>z=UjHa9pfhh}O#@p1rp3W0|X|ER!ow@=u6qJ?@# zTqc!YxN6=vl>|RkTbw{kf||HVUdz040gYh#a)MM{x)I6FFZ2k}zS3SLk*8=O;4(Tt zD4b|xJ3JiFN2KQY`>o-BSML6H<<3NX6)!6JBGu$`89-03vKe|XVV?_d<1=K9gE}wv z!byOKL53bu@hr=u1cw|W=!}b-BL2nv}YfipJz_^>j7`X62RdFIL}QLZJN-J5ErAoVu$BU zK!~{k&JqkRYwff*mUZ68;BazRk>w_^(aD@+tQt?}kSn@!VXN-IAWEY4F4}7<5aPj~ zQh~!33;NNT%;IcwKjID|5U+mhPSNWyiIAD$yCNlPY~~6N`IRTRka&l1TY#<{xMW-r zIr_pdVl*cBk+2YFRrj4tB{5qIkI@71Ym-L7F0qfqE1_Q&xi&VG4>>!#)lF-GA7A%| zcX$3IvYueM{$Rm6&)#HN=Gqy>HM^l*_@*BqiepGIwcB=++1e%fa;h@?9XaapVu7k( z953QlZ^=G!Sv_Z$U@eBLn{##$`!P>WPDO|B@fvW=ZY>ca!{w^gHSEd~(QzzUnAqzI zHd=%R%IWIVU3+$}thYXhw;@nMQ5?!TNG#f$9L4cVHvFckfXS#joPKv=fY#a7!riC4 zXKD($ACvoRe%q!{<^@-w5-!feSvfCRRYky^=^TwhT1F7inFo6|=D! z+u_(iNKLrcUp)tUiL@=e&s-4igu~tdK~3cQhK5?SWqMt$7vzq%57R9-@fjij&FW3>hL^Lx)&PSIzdiuNQL z$P^8~$Tt01VE)Id|CI8jk8}q0-Q29{p4S)sMU3AQVMv^LChuTp{k}zMy*DPR{*$Kb zGG%3aWw?n{fVnAn?PXT-?$%+w&Y%>RG{J^^Cwc4~5SOH7;8pbxnsiCGkK3=R-_(HD zG(|TwJm2(j)=px*uEfCt^NO&^LGE#ZJTG4U-9M;J)WLJQHeHega$17RKtRIlWY$bA z$D>_Ple{!UZ2{hiCx{1GPi%yDxSrZnv(!Ac^nALqK8`9=(kRK!o*xLzeAyW*r`Hc* zVuH!q&E%paUP!yYt`^dFt)#PE(V+Y)GQ{tJlCZ^hMMp-IJ#o*nt+tLp7B~(^Mt4QH z#S9IVv{`Fc4P|7 z7n4XBH~0BgE#Iey^XDUNpscoseyjMVNEJ7|>01`M12NR30%h_*ES|$wtRT`3%r~VU z#NA`@N_P%Ffg9B2@75XP>qNxxxzn{Xi3wA7Q;rs74n27Zm*KK~x2LM`xPs1=AA8%5 zIQ65lM}$|FnTR&7z+T@Z-&~(xxuLJtN%%*Ng5U6p_Ixq>kYv?}d}T>cWy!fyiim)A zb%c}Kpk!z5kmT!;tqzQN0r!f4&U0CUuD9b@r02q`a8ssmV`2<`K!X-YseQjCH+ zk9DUDwMwzAQ3ZF~fido75jihf&-fT8vmSn9X!_BHS0Kzky-dANyK>7Vj=G7@q@T^a zIu=e9V`i7*bEPhRAcXs}5zdb;THE11(Rba=@-I*wo8Fn-1Kne6l07J||ap>s?>ITawk&UXh4dT$JB)W=2tN^`C-hcoAm)Dex*3J=C- zY)o>hl82AW)>2kzWbes3i(7GDqnYsi5rW)y;DTf|BI8+!-A21*bJXhxI{_X)!188t z8y}kNzS{&c{v=Y^mCh6pzZY<=&d(*8uUWdX``V92wr`P(kI|xCXCaM}w|Ta1Ki?_P z5Q}%p()t>UTwzd({ZJ$gFU*IJH;@h1Wp)g?oHb-wz6^45?t?vhUG{hmHLBF|-w zahC~9_#*>7!_=b{wnP<@=QYmZ3`xew1w%36n6&MWk&4?B4`QhLRbllGMz2>0hQYW? z1nldk5a%pL6t_95#yy5FeO}aFLoNB~Tk2?^A&@}1DFeZS>A^RQmmIY_EhR}|%dR`1 zYzDtEQBQdkIamobBDiIt9cz9)skDEgN=yPdl!>({^ji8Tv>uG~xFOA~DGgf^ z%}}(k9C8~Eh?fnD)_CV=NF+atfK_dDRpY0+~5Y8O_FH zLUbc?wy3=PM9mHQ-{aFvSEAah@GWd#F3p}Ey}NWUHSlBPLg|nLzlpw3Homf$N;UPQ zOd=p@grEXFk#~RC`_*#y*q8P-hm3UaixGrj{FjwPcxJ38l9{^NI0Spir{#`tb|rOoo#PWu$sPjxp^;It+M$VL0-sRkE0`_9sVD94f(SRsA zsLEx3IghMsd7;2YmeQRKiJIzn1VBcowLb4+uu7W z+-D5Mjkbw+0ja$J+$JL~7IgS25Qmv%@<_~sYeD?)7KnCR=CTrT;q>#qT4940XnTzq z1n%kAXalBO+bU|;6(=I`mXz`knmg{UvAxsxg(d8gxJRU;?lyd0;9E>=nzUs4ulKUfGuRWK;Wu)YtXxYfcSSI!LVY9oVwZ5x_-pH*MLl#^~SYOU|90ktwHconcm;5xzS4c~e9ThE6 z8NiEa6IcdtSoMBNrAsk8`x2!1gRxn4Q+@lxjliutMXY7tlKeD`TmqsXes``=d+>0IJ(0BrDgd?-~W5mHw>;is1@pflsL{rbWQ>+IS` z^kcz^#OdkvsD-h)>l*5}{Qq=5!1$WNttVqn4F>7jYp2!F^dOI^pG3FGj~K9$4?>?G zY7-JRK0Kz@XSN6w=6Kg*%6x&xG%SXKhnKT3jm^gSiLe4AJw5E|k9D~V#Oh(YyW;8S zC@>@CMLo=78anFXc)PyPaZNC~&t98*i7Cfn^oGqde!y^Py_oz@BJ;jS*!*|Gu<#zsZk|~Uqx5Nz6{7o_i_8y zpyI1Kcq{1=1)!wcL9+2tZKWuRedaTwTZTrNzuQsQp+X1FuJ&&D9J=G36Xi090jr1V zSj45&*B4D37>o8hSJXH`-c&K`!fWe90>#BKHG;n0ydB6BF7cP0w4C^}=hbL~@!F_4 zdccxdMtGXtA4k^z3>9##eh|-B{lyBZ5Z7ElXXLQ=2!Z6n|7WqTD?zMF;EVo4vF_hA zhKG*w+=i{;H~w^8RRh7a28j zfoc#0tZxBjrQ(hwTu3hr3WipGHD zT#X5#eF}d1bo;`WzMG}FA9{k9HlJidvzK`!zWJ%bA2;fcHM2`GNtU5A4$9inWcV55 zOSVJZV-xE3j`)UyzMGof{dgL3+=UD7>!$I#+wt0@xrTL8-Ta_^xLup}$j_HQV4fKd zoMe2$WwR*o_{@iRHQq)nyq{5rUeRgfXt#?bBukVAc5z=E?sA|dAc5OK)B0dm zu8L6Rlt^D4vC(P=U2IG#4$vl}WYIXC*lJB{y4~ossTKOMj-KoxI&8n@;WQ;vmcG0S zM!~3-6J<5{_&15}`Shm9bP?h28q{pWRRp>WIlX!A!gbmoI#Zfb@#g&-D)HwZz2aM? z1L>t49loW}i4&yyo|^Em^!FtDY4dLmYbpJWj2ow~^fYi>u&*7sIt}m6jWM1#1r+IC zyzq}ZAtynNmwy{v`mxFY+tZj+&`3^xog4fwySj3bTlLY8yET0@p6BH00Z*9!ZE@cz z{E>txy#2@S#|;YUhm1>-tyk9Exqehs``6q^^wl}l8d_eS&7W(=NS_4WFvvgs^pl8V zo1Iam)cOe3{r$@yj*6JxnczyxF5arqcH>OL`RO-kxHOvEborc;m%(fgFxGKs+%a^yCoQjR8YQ%bVcY7fGdug-p0_}X}C=T z*Vk#j!)#lSS%8g@$AYy8B!yppWH$HPU2nR14F}#CnbCP3vj*95Eknhb@_;y0kW_x7 z5BxZd2rf)`Kf=Q5^w&wzI|ipsbNOLwAMN7<$wo*kx*~n*ZyJZJl-iHWx{?74g%wHL zc0v^>zdKBUzkO~k*M2djr9qaBya@d=)a+>Kw?rNpmX=?zB&%QjWkk%)U@}hSVZC2# zDu?Qg7KXT*c->vJG_aW01O!91m{XFt^=kp6;LbG$hi7!JK6PYz zE0Gz5ME!CsVGUW7>k3)y3aNHk;;xZm8zwxduiRd_=h>W0{V-dH_t_*WkL<{2QlDN% zOS(NSucC$qBl+m5xrbH2`+U~nZe`&>_6+w)c#xs`%f43(WzLwQ9aF?E)OQ$8T*_i@ zuxe!sv9JnUE$s-kT`f$`?gkqy*K)i!FQN@9MUix##vsK*AdUgZ(M}o+JW_uA7&wj` z$BDNnFvmV76_~kx|Hid2@&(mBU|4odE{%+C+oLf-bfq4Cn*&6jWMZZtBX<{#J5q^d zfZ=qI6%E@dUCmRkohbxC;pArDl&fP}3^@u|awf6(l;{yAG!h+h%!F|uXHMN|RbNR` zkXooO;8^I&>&&qK@z$nv*B}LJhwR0QRCD`9w>*xnDwN@rBUi9^Uql~kV2+BDLf;Eb zE-0!99HB=U!*yKO2swBvUS6Dii>vKkyZ5GjXA%1K#zT&9A^zTv!*=%53@fXJ@yd8m zDVP+r^k6$?K_zqRZQ#CR~vErIAdVUst(?F>u-6`aX*<;o~$Aahu{ z#K?aN<`dJtB#&Zoal=+ZL0d28|nK*}u5+M^^PsJ9YjBbDsX^;pfjk z)UL<&!SJiYo-9iQF_GmWU!;9YDcxDne&5}6RJ9u||AJv3XCg~k-4MCl{#95X`-PVN z>)$perz24DZk!HNh+O&KNP=W%p=EAVFj!LBe1~~a_k-RY?^BF;Wc)+(y133KI*}1C z6*^TgBAD#XnrJYJvmZ5#7V~<_=u|H^<~f>eyWFrrCqJ)Y{#i8W#(SNr2MQ2(XG?YQ zH|Tj~FUcqRN;68D^EuensSLHFV)>6G=}ztus2OV?{Wl&#-2KDMwX|0RC@ot%i0u0HLWx<5X+tx%_7bJRrX zRtQEMNn`%r?9G6vFtWO?Yp{}uwVzehk^@Wyb67tSh;~j{r_>j`^>86DnqS5(m}J4y z(dnMS=Y6gtCX?s~fgChT+V7&|G9@{&w;P(EHZ)Gy$JsG3?uzjE(I4s%G+L5vo;s+c zRc+eO+$%H4USC6>oXa&D6O(pB7NekG3t`y)K7esCz$m&olu}Sq@8vZVSJ`pnV>nnM z=aH%VVl)L2NL_Cstz*mAi__O+jUx;}eR;3aZk{m$#<&)_4767ixHJqdPq-|%-k`Bl zwbe^{+VrOMb7dja8ML1MpsJ94{}!r}D?=|C&YkIKWa@c5mjX=$dUo zeUefd@N2GR?hr$p@;EWNS)09|xvoKC{kd{JPTL`J3cpjkZzi%0FOf3{7; zoNkcZN8u1p8zlB^f&PgWr!=*cSr*6U@2OIJdXH{C(BY24I07rsOeKZaYu=l-g zVU_@)!4thrP37*rYueNSw>(m7I1BwDliziQr#-C1#B4N$@t&v78#CVlt&v`8?pp2C z7FQKhPzIc4yH~$E0{ac%TU$U&jrM1`FSW%eQ_0rdlvYb=TEex`UCfKCFkbG^rxKDD zbEnhj)iM_kbi)if8xl89{;sBGE6tyo6G{U^K?`*rl^%B(OHok3#m53bl4kednwX|g ztX$h9IPN1g+4G7*%2!*%n>x7$T0e;%Df1y2_YM|pPB_Hd8CLA-zVNHIb4VP+``9Sn zwGSUvytOZit9KlYPk3KeMDRjzSWdWJKlhsap$gQ4joFcbxEBI`AJ!vw*#f!WR@hdC zH!})|cBwlSJYa}j^pfW=ykq!C3t*JLj2YF9-`9Syj^GQ7w&Cbz`c3)a?@I{(`SIZY zTFF%Uj_bu0JJ5zRb3c{b`6c())U&P^>^j5V!-vYOcLo#*C+(71!}YpHBik)o3~eho zfshe8$Dc$!%3T$;VHo!$!CA;oXeRnD*T$phqd4Hoi0|Yirt#R;d$=2s6808X?CiMQ z-&8zKU=zGNZ>3CH<3URWC`L0o$VXRKGg;nSCA%Mbn_QM0LBnFBT=Fje0V`8ehiW3< zHM|+@chm0*LeNIjAgo!Nx-!ey?aOH6ZRjR$nh6IRyYpl$AI z3b}{6RacG%G{+r;01nh}xVt&VwEi-#{144~FVXg{@an6msgiF)_E}T(H)m_7+Kp7N($5*)W)8 zOMiO#wH`YV|Yi^M10&-*J%5&B91+D1#U|TzAL`rT@bK+I@nbfPvdZe z!a?98sOw6SaQbO=EPTHVXl3n+ASFvKtG$^Bc6l7~%-w{l72gLVP4j*4zf>hon+ zC$<8J83KqK-QcRh;t(ekTXL^86}+a`FtpTO{p$^8TEND9Ij7FV+o zrfkY#b8`tTevMRlG^H+;7(TVJp`L2X@`L7cg3nED56SM!{Bp7iUE5)XQd`FmtG;kI zgYd*WPmyAE0rABJ>em;=MH`bwVeE^p`Kx9)+J>0vFmGKKEM4fAqQN38k1dmmz^07! z-+&IE8TEH9ohbOg*rxxrDGMp*qwiD!-$_BMcasQ{mgJvA$Ng(THh*G_yh|s9<99p) z1V4@+{ywJ(|1*Qc?w`*fQNX9)j-+>b^3Y^TY@Pd&VHwM!d*{xFe^oD5DLlM#qE3S|^I#Qy@ z`Av;0%Jp<+p)`iMN6Zy;EC8EMy9<4Ahnv)+Mh)+fWk8+uT?j7L7#{3`EBo%&0lCjV_YAmZ>FU+v@L4QQ3JT0xE?Jfq(G;Xwpe_SGO3LPOTp;(Rf)WLk z>4_5QDh@kQk#Jlf8Ez$~S52VbCiw-!k?F~tdwG6;?e&3BK{%n)dsZLM|`-$0fQV63)i zmK{?B9gef&;WVo(4uAh_u828k*N--jcZ5YZuHQYj!VS@{+YxqBZ+tSISdoG=!Wr5o z`kDpF|9U9?7X>74uQ6-a>KyZl^E+w!y;?l|MsCXLR8E*U)=4EuQFyRRgPg2&m)n{X$kLW=LKoyZ^+nNe z(U{cj#WK952wNb8WbV_Wf{PbW1*v{VXjVPeQ?nZ(OEn7|Jh$=V7`e$??yywS&0Rz+ zsmNyeFE_k@U80!V&R@Fwo{rdk2{mG4qp!9|GfNdg>gRy!)36b?CRHPmRpW$nItR8h z5#Q!ib{R`ZTPHLg`;okJtfGMQ>xE#b7MxXERVRv!9k7mvgh@)s-c4#5I`12X)+B}c31(q{fCzdbzzII*USlu%ImyKXTS&z%}KUo#zm`Av#sfp{J zlG8^etw=xpO7!1tq<6J?_x+r+$o!LJ0-}ImDv4bX5gtiQdaZ_F8Tqb_Fp8pSj%=7; zEih$MS9|H)de9Af<_AtyPW1j|s9XS1?@6>Y?z~_d6&=~Qh+Pwi;@jjTduDFXPbZIm zyerCl#nOcJp*3(Gl4y`Ph>W;Qe#n17ERY`q6x0yVNaGQ9XdeCpqAcGlH)Xh!TBi)KrZJG=*!#NFL zPL|#Ckf)!;jNx9o*hC}Oo9@EvNlD)ZNA!)=yh~|ZY1h9O+wFwEK`JL&2Ifb*g9mb& zwo3VVCYL&P469O|SMxK|V!=k+h11+CFI#1NRJX$@I>y&F7CkVbe)e!DC_6$6NVggf z5BemC<|eocRn*|~m46AC2ro+nQMDVV@)sMj@fKZOEPrPDN0+}`k$)d3K1jm+Bzm?- zOxmhB&J1Tuyj4g+NDua|*H9pf5N8Py%GFLBfz_*7)GPwg%LxcJ{yrm9*t#k z4Tha+M;dY3`uYJc{z%Fiytc3yvn^1}wOY#+TP=`TPr=2^Z~OYV#j{|yZpZqBwU>2H zb9urd2N5oSpa?}2*~J1Sk1;UCsga8JbfwAruN{0gmlY7je!R)Wg|61(p$`qi8#A;M zC&=K!hl1!h6c0Zh=sXpdUped1eow=9_Jn}Ply)BJK!6Mq}Y z))W|=X3_;*&U<=)RO(y$j|7q$yXNbL8=T%lPt4To43EN3yDN*8Ce@Ebdu(}Fr8lRV z2Y<-(oxP&lU3mLF(8QWq8u zJoKe2b7l?#A;|>pV~K}>SsD|KXg$RHlt<&%?nMPVU%Sp$ljsZ0XVO+&VY0~-8ZGS_ z!IBy$4grkY(pty04?pW~R(YQqAR7RseN$5ySd^_K4u~yG)SgQ0>EH?C|4V25^?tSP z6=W+r?Hf^-pBCSXLGRQ3=gDna$24!1_8yS5@ErVkP@uy=Z;+5rO*BUYvgX_oJ# z$1g}W?5SQJP>M-9cPi~-2@K3IAlHqGDm`aU_Sq$2NlcRDee=U z-Blz<=YmvLly51xoIhd82fR}jVE4pkb7^p13&AQsADm)7_5jpy-8@AS9K=(NNs5C~ zis^~);M)pnNHpa5L5V40$v5&7Xeqxe*bAunYZcgZv?v)QE+pn9XHi)*m*HlOTkUWv z-|xD0|MrJN{`=zD#EFW8Oy-n4E|&CF&*%h`O(fYE^rC6iYl;nRf+nGU6i4|N zC>e@2Pvl+B;FWq7-R)Egdyr`*qNC=PRTmq^V_!>6#a30>JVZ62@Fu|>?dGGHB2?f5 zC1KsNFz#+IP)XS)E)K=<1;x&q%_Wbe87|F3GC4fHY|F4xZRuT@wuB{kqha8tvYng9 z`>sAS=@&0+KBse=w`x~&{qm!NVOOX+mG?cR8@`yBsUi5j1@;rjNCctS9j8x~^9I~} zlr{(7tRMf0c%$uq>8~t80;K%EB#W@H60Se#ftmF!l|l{exztME-KqXT&ap0O>&^Ng za5bCg-um2D2DMX&$){4YBFAUFd=(y9-d$%Pq3G|5 zE1`Ej4_CD3+h??tg%(z%$=AfQ8)V`poTSz%!GZS;VXXMI&C4_w9U=si`B)`!+JnOkU)k`eH>va)K~G6xf$GeRfz zbCMh0YOHcgIs!{b!(TQWic79DC!m5Au`Y}Y1`GyEdVV8+aY?d{x3X>_0yb*ja^N*K z`#gD%yt-FznbrueZu9VL&TJV9$?rjdtoXO%*$nr867|~WAVvXqWfkUW^N|3r@z7pG z{sh@~Y0KQ=l;>4bDqL|jp`$S6>TXL9NlOeEnln8l*&WXsD!bHc?Fu=)o_!F(?Y;Y# zEBs##`+nFBt16@&o!kR?+wD~f)Dka*Yxfe2s}c!pD$0T3TK?piVVA4N)5_WvTI$6r z9KBrg)n2mi!>>(Mh2Q(q;O+>XZoU>%*5dIsc_UU}XrS9l)`j$Pmce+`%>~XrprMFQ z`4TYsMKsvZYV+KUO2Y0$@?N#^7%4oxqMQE(O@W7-?cT&?_Abr*sh0u6xLmI8?UE$L z`+D)1NJbNaX=(f5B7*;$fl+{C-f&ga71IQli5#mf52i&#NWt*rkm{zXLI&1efumvf zb@{74o`Ia)*y^UD<|zYalyw&Fe4O^K`Fv`1)T9d^iy#*Och;J}X z_k}>+CBw3Z_aka%M~MZiN{{B;p;Qral2;)?0W|rU)4-P|8z8y96<{$)ZCfG3$kSRN zy?B?l+Qx|oC^yYuLKxpkpDdUu6xKb+M{ea1)PKW+cCLm>NvB22mHCo;-dA$4mB^Z- zsEwaQU&GJW{SWrEld3-*zefN1Y&O(sgMW5RC}s2rkhphm=(|;GjaPiG=lMOE`Iuv% z#g7(gEI`lbkUqBSJ`(=@`GFoSOnj~M)4t;puJIvE{$5cLMWEw*GKlAN1+NT*VIlK4 zb23S%Wu%^g4*~)rH7M%=)ZKkU+@1;$#B=J(f9~^ zM+0=dyIBapC{Ss2l#Nfh;9;t^j??330PRptWfLu&-sJhWdk#`nLNGOfwUvgKcnL?s zIuq1Ztk693P;5ZE*<7Z;!D9G%R|t1l<@4jLq`ZhyqeU!*I4BOHK|2;&Wa7I!n*=_6 z?^|Ux;`n{Q6*`=*ep4v1ZX~7cNahdQMgOun^1t&|dAlIBd9MdjNboH`8J0+lkQN7h za&g09a8l^APzpm>n*nsBDv%WlnrH?vXHPogD;2)QfATp;=1HxoNv_yfZ>L26)EaXj~J)D zrK#A7s~Vf`+ekGUw0rUcm6%KAk-EZOKWIWTq9XF7Vcj@cpu-#a&rwu{ot9UCkv11f+x+B1)Ati%REUlHBZXfRZ zTP;uPN>VISIh;UL zy6dtWD!O0U!`^NenaY09`@W5N;vr@fn%xQwJXVDw3sBVqS}w^V`bKSyLVliT@MJ#d zDvsrgnErEF)vhq)s$#nBp`0#OORE=Kh!hHlSfRnt_BcGup3a5y^9&jw5WVkmhBq{Dv3Knsfx=z{7{&Yf+U~wk~@$!Z4`oqbK8Ka)z@q6T%@k* z<5x?iPQxp|6gY?}RR+Nae%qtFX9&d07+TBGD`&g&5Oj;3o!Eh_qAs+f`O`bw?K3se z`W$oArLyVTn^p7OU0uEG<#rB0SRkF%6%8-cgg*#WgPMTks}sgu2tK(gr{R7%{ZY$x z)h#~thsI+OH=3B%`@2po3(>n%tnPsH8^BbJ@VCLHA9fnOM&SA4vFRzN4z4ETlCQao zRxio|-PU#!#%=vku2OSm`>aPh;utKOw(CJWu~Q(GX?Ou6QoC?ZbyFm#I{j728S%H1 zRDGk^d`7WX%colK)0&Jk7_gDNui4u!@#GH4hn?cz_YwWS)&GZ|x~wvPckPwu#063h ze26k&xB2rGrFqy@pRIc#)~}{~EV^1Uy!6nCwbIlEFbyL__PEhvSl?hjpT0u0(r{GD zxU=-ZZH7iFU3tKqbNd2)OY|E&*}}L5Bk}a>*jN{8?S%5I?`P3xp=v<}4H9b~rnzhq z3_@)!(5R(SetGd_Jdb)lw6j+*X)#{CxRiB;$*}}2B-M>lqtJMkRt z#OEs2+eLb@qig0E19m!7-P z(~7s4irR=}?G3F;Kz{sDnF^RTEu9vWHAh}g4 z`q@iGZbo{~Qs|LN*0Wy^{J;7@0W7nj!cFK@S!z|)duAaR^})B5vliYo+LKdeV`*OFn+FYEg44-n!ePsN50Q_% zEAQB6(xgYI$5bB`wk#cwfKHF8okuEG+FiO)P9_b580_7#jQ5Tdp+9uoj0kk#~k6JWoUZ(X<1C^ zP){gQiIhsI;)_va>KY7(0~9DR-ww0ndc)lnt3>%MwJzTu(Pezs#luynQze36GQ%E2 z77GKhGLdtHm%Lk~Qc-^Nc9XkHo8X|Pe4B;_f{PKS0Wfo9IYh`F={peIU4BjKbq@UA z?;)8-iP_O@1~vId2|>Gwuq1u^g7FADEq;DsA)1Z_TV{(0w1pPUuuRbHa)K`HO3kws zfGC0^Qb_#WGSchD2iOwbvsP1?+oG{5=t`uG2cF=U`YQ`v?4>9{a*yq_(-)_oM;fr& z?~3&#Mk)yPf)#{1aG9Ao1T;lnK7tBJ**G^+sXOsrM~}mHL$$kVLi~C)Tn&v&2iWq~ z#PkYrPiiA)T%$Cr5QpU-jRrUTg}X@r12lXyRA-G|+r#LeL`(471-&^>wz3Y(D;)~0 zz;e8*y4BE80sK5a>z)e$=9UEPdZz(-0v_dyX?quPmptj| z@4b?U=-kVhW!91kTcXjz8JSrjVYvoogsgl{0&Ld7?oR=&_c#^>KzPh3 zI_HM=ijZ4UL8P3Voa$;de@6c!ErVf>RC32hEhE%XnPQ#K0rIl4!dNDui8-C-2(6DQ zW;QWMRIgXNUegw?%NRy5^LD$|w4H_e7+6uEMG#pPB4}FVv4SZWcu3-dF(5iLmg8mp z&h3rCjFGXpK@EdNTd^IN>TP+xhtq7J0-O-~mm8*P4(!jQY@TR>)XC~^q)uNPdJD^;JsD%rN$Nssg5m8B=R>4~nnkN#3}H8KiSM`W*eb&-9vbuEbl^iBc_R zS0C>WIHzA*atUt?UxgaepHJ)WZ~sm~l6#axH{U63PG~K?=Mi~ckwRh?4jk}%_&CV-JLr2nii;1 ze#5KTA3usV2H`S28;t&sA2-NTOFaMUcEz)1|MPF<#Y!V2f2i+^Z*JJl+#rQBuiPUz zi?8?9v*}9om7eTBpj|YJZFzj)M10;9UL;3&RuWJkjfLWeshS7k?Xw+9~EU1tP3*bZvm z3(Hz>(2PK5Pg+BTf!t{c~o#KIrQ{J$GXmIV5j!GH?Z^_pgh7GqC1)5}VM4 z+fG->*6e04jii7jc?2?f^NXaJVFwh?-AMJn@X?N5@4eyrEs`fWv3qb?VTyZ4a*r95 z)t&%C+RVf$#qJfYBsjpQjnCa4NBdpXA(gaq_mxf`cE0{h0GUc`3G3TFnZ3{71+w@G zFwFIZuC4a;c?Ihm>-Qj6wfhx+F;V1h}5Bi$5& z#kE-J^r$p*p(+SzJ&r#N<)7>!+EQ#3T)}qmE%HiNkjv2F{gv?AS%N{fo6*!r0M}3> zCi~Eqc_jhve!I08{H3;#>PzU)`sVhs;F1`LuVCvIcPsK(2)TxI+% zoh_&HNuX%Ww5D4dm8>lv{ttU^9o5#lu8&fsg%(z!xE0rg;tp-G;u3;Oafc$oDJ`_P z6ffT5NeE7WU@h(*99kTLyVIMlz0cWeowN72`#0{m=j`!2Cx6T_XOd4|nR9;fzRzPK zTDeMzb-^6{hXEy9R(8ifaYkqN+zgZZX2Cwa38{}{#poChIiZ~)@-fn#}Wo-le*Db5&zjq|HX1Q{+(TU zF-2A17ZdPRw0LNim)hUf5Tl)*!RYJvCYC24~&Try;_uT9NqfM36UAh-gjM2`bFb=`kf7i}xh+ZcEtzh0)NP=R&IFtaIsEkhz1(vSpPI$o7 zvX4iW`YrAvubo-j52Xx-t|!mmxrU4JC3&xad5LbL^BhW;edi9oT*YNU$=Ifnl58yu z3%C_cm;r09?(AxpS^mQ$kt*4<44K1I?$Gb9gynR1dObtTS8#Ct)xgI&wr0V{85`B# zxzwQUmxjdyEn?dNAMku)^fSZcFI}RoMSQ%8+sXTZTl`t7S-;6GxLEODxvuQ*FG21r zCQ2k5nab)Zj#a0+R42V~b*ve2F0BKil9NS>>}q?=)$?S)2E-zVne(j8EBGxT_a~GR zqj)nucJ{4lTN#Fbf)lb!9FK*^Ef#84#A6e?XoVrR1E|W<4$EW1(hUb>7$~m;1~XE> zDjeYrAk5a0r{s}JczO4$bq#5axlVebl+ozm=W0YM1&A^;hBtX+v$0T@d?eGVF$Sm7n!=QD z>O~57TY44pS9aAN@Qlv74DpAq`SG)6@MM0Ms{O`xo^B9!JH|R?rG2TODCHv=Lvatib_eg!Z7}ZF9u=8}0(>@d?Mgsi(m2AtN_Red;p53seZm@W#t(Wxi`LqGIk{?_Kel4;D#PaJ}n`KyBdF zUxWhD_wB3!AAqXQtMa_l13N;ubzSZZ0j2?=C(K2zS4CkPMwj?j9 z`?GG5pO-BT6+>!Qj(4xkn@t6`KVNRmN@aM_JYN%5@%XqHQ2Zd`*!7gXN@R(I8>KR7 ztnCtV05#a=pMCc}HY(fpw?Dqo{(mCBv2Bm>FI<|7^w!z@G@o}wvgEH54Zq+`3o>fd z26<(MlzypMbf@&gdAjZ26I$xTl59~GTE}LNC)0)$fEeeQe^A?%Pg78u&Y z*#CIAT30rC78@F@nb;x_6#3-qC%FpZ-aho`ri_KhWC4~wAPQFZaM+bI5ujxzqCukB z!u{1t)xkM@{pk$%Oqv+l_yRB(6{XX;q>^k?rGZ68>mCKm7$_d~oTyo`09VE65-qq$ zQy^E*^PdDn<-eCT($^kc%6G(AvsE^#Dw5~63@ojG*H{Jb70+6K7l?+(9YYIb!R4Zm z8AdxtMm;kGc499v?F1U+%mIm3)vi-1(4f`S3sWo#Ri@;DQ}8XBYTMAUErI)Yhg8rh zOZUBn-MB@PE>||A^md^xt;}*uKJBg5Tp${+Z2t9O1ZE2wB_axk+Fq%rMer6FIwk^T zFl0t2WAu#%K|GOA4KN>dB^ocv9^LB{*TNFcXk`DW-+ZiNT|j@?rvWy5qXeLAIDTia zrsZC1DM;oxPv%~++oKYXa3$I}c$zsH;Y&0&vE-%^+QFFjRcW8)EzXSsO1ddb&(U(6 zWWUMX)Ypi;3{@qVfRY?s_W7@8rhdjrQ`7$KcM&IN&?B>Vu8;0x1 zGvpf<5bMrb+IDqWD>W8in$+1ch;$9jQ#3qOpXTNFz&&5|XZUVk?`)gJ4rV8A78(e8 zOYouR2COkYZ!QXku9t`DNZtXKvph!Y%;PsRid#s&>zyTC7P`z_riXfNC+`PPoK3ja zZAkHcPb3h!ExcXe`iF1s{s^HN-Bw$q3E^z4H~^ffJKYn5&SbTV5$O0^uNdrqp83ra zR4WzfL0x=4&|AIyyynTT3dlD_jE=HWoV$ZwKc7`yy5{+}7ViECLS=ManwKtnj=iyL z;&}KC7a|sa+F{zgQ*_z$MvE$t0OQHJ7u}NhmtG3p{;z0$V2Y2#c>h=br8B-Ra~RfV z9cO4+12cfuYDZEW1gk2UYNe!kSh2lj`6heL2?Kh%x`s8 zH=TewlSJ&~s;Y&UG#kFX8OWCTfXDDqtIV!Vx8LW5Rv1yNX$Vv^_u%({yN#VjjAjDD z4k+ZLV00qY9Mb%2joE4&H~oqF+9icxvvrb8gkTRt>5PU-ID%PE7f8CTaW{p)v9TqA ziPwD>oP^$MEe<0!nphf#P=QnH@+^%vxB9XI)he(c??b&BHY{=H3!ddHFG9^eX@$_M z8OL=jxVV$mh}FUn-g(Ibr3vftiH;n0RU7D3z5AiSWXdnkv9K&v*lsnj+1QnE)U4Tj zDuKq12@r3>wiuXUu-ZqDz^>%m{Ow-$IyL&$6bt8tYr9*wIhlr=OaXFL2$}9PCLg45 zjvePxY@hif!=)G5zClR7hb3LsU9%j}?B698QWV@$FwNhMj#R!}3Vck~duKAe>{$6Ig4!%gnz zesR7#%U+ttfD%JRD18Ye@tkLp0o%j!vGjgnPFAhxnd~TH&309J^}jv~xtf~E#7)GT z2WnilthEDL2?WWz(2kF2~D1G*DpVl3h>BuCJ13-!9mm9$Vb=fWwX~eR}fzOrb-ss=$UAyaI{6d;{?G z`*nVMD><2S58V_%vIczMo-;q9@ir>avDJAOnz#P*NBUd}Nnl{~X7IXjoG%Dzz z+Wi{x1A_Z`USLW(>bi!Pd$Q+8{^;sQt;TgBOK-h)y8b-pnh}q?L~?>*xzGOiUP+F| z_pglq{)|Em#==FZWC(v|jD6dK_ah>= zi_%>_M`G@xrwl4Ojh@he!Tl4I!6#G(h`jX5k<`8X&(Lo!f=70u7{_(F3IUVaoE*Ja z7&@M1C0d8k@B;K4R$RqZIh~qRSe)NZB)Z{>Jb+BQ%MznLleU=gV zOL7y)3F&k5FZY>&-t!U030&`mo?$dxJjs`WLBSubvI*#+-zfSm_3c<+rl>4u&c9Fv zjoM^mNCxuQEf=U|F2bqC4E;UlJ0usPcgmjl@u_(r_hnzsp?&nnM{*vGFdAOb2n-I( z$U%V?mM4I5(mTbi4=sX`Puy>k$!bL{rx?D$sCh6vD=q?MZZ_H0O;xjNve)srAO? z)O?sIXIpHKq(W}EKvu0qnv-l)S*>AVw1>RJBg_(4y@Z(f6n5uGm0zj~oxIV*<=@^PFS7LUT%Ln&Id&=E zo7y8#N)-@kH8Nr1Y3&)2YF$+AJz*B^Q;QhxsPZHzOfJkUB1XfJh)KgX|G=Sy z?WW<^N8l*0q1TtaR9}x;nkbhQ_?v7NZIaWeZrdSq3v0H(==||;8YS+eR31jQk$QM3>ISp8p zrwS)n)4~ROm0oU2NGa|9#Ay#+7|C46j#&v>Mh=?@FKwIvG{f6!3p61G>u=~z2WRxf zup`G-F+#QBOR2ptHI<%9wNjxTv{`xB>ZDz4wv$~0e*0TpL$ko8Yx)VFH_7uqaiSi! z<)DnZE~QHkuee)&;!sjW$h+6YpN5#OpPPhS^9zwi|M#{`V-$Mw{g=!yLudx;vsyhJ z?DC|fyNpBRlP_Owew@zYX&!ZTrQf{ol*c)|cG5(6WWE_YQR_yBt71pH^gba^)QI3@ ze*aCVf9f=zr-EH3mhxLw^(W3XU7%!Vn%Es))JP99Jw4&1@!ocbbc3QRL5Hk?+8{Q~ z<`xGQeHhtGyf$z0MBFaQ+dH?Zu5E5I-wm$D4QxDD(@<`!ky@=c-_ZWP=t*B7oN-3z z<2C6=OKj#6xSteJAF$AA_bgd1@RwKrI|sLl@H>xm2f8u5lC0@q!lD=kZs4&AIKOxF zB)u-HiE7Kx@Zhaf&2-E3;EkNqqtoZ{BY`Ggf7O6P-sl_bQmh`gFllkj6|8*lVTE;x z+QB?gMS#o6!3{sxCWVL1#u5rf3GqvCR55oLy{c}k`(fe?Po@{>?XpKxIe!x zj7ao&@OE=^qIvXJIsqd{OqAsJbOHb`%kdJE@n6yj@;;{Ux)%RRCt$|{)Z2-Kv$MpO zHly83T(RsGV6efXM}lZYvG%>sDB#(S!LZHxcDIcQS9#}>J!7;WJoBX1RRCefnGTPA z1mH+(s;gPA1Sz&HaA*seve}0nMm<3Vvj`fmsi>;>O)g6uKlaafEqkIrmw<7LV`;25 zatxt%tc?4_dQU!tT`V8^XuKY=HZB=xJu_8bg48GyvyCQ!b<{GIf9D0?IUOz_A zkUG-m>K;5F^;|NPb3&61pFaTeVum-ks`wkkT&j&ABJ7sQprk47YS4p@aeZSit1piL zskdj-u0x7f$_(FEEyxyGV^$-SKcv zQ8KTjx&i%S2e3=Z0l~_XQYxDe)78re?2I5+-aOr z*!ldR08LE#khLU+iM`&E&a{vzi=;`IB$G9{*%n{)-Y2zZe=PJ5&joVac>Qwl?VQ?| zLlwG4lwFP~J9$5qSJ`%Jr#yI9ELeXWax0F`af!3+<~gaSCT}9woV6gv&0Zb1kI0fg zc}YQRbj+9aO^VWzeYESFc!gQ*hQ_)Q$@)dGut-h%7yX>#b=U9y*q92<^n^S%oW&=< z_k=Ke9M5=!IshxV%h_b5t-q`{9e5FT-JAbo+&M8}j`hnX+sobAyID97S!XLK^Iz9E z-C%|s_g2W9GYt1f(Q9*P&$SO;ei&0>*G|n(G|-=z1{q{s)%gdN3q?%^{cKa^y>1b0ecH8d$ zQf$8wX`>#48~r=D*`ce12C*$~G1!j#4Q&S!YKHg}IW_~jD^2CB`pvL=%s&Q+ddj4# zFB2kLW*OyJNR=zV&<%0wq%rqT*2YXIB;)}~d{aXVhKzV#owT_RK3AcX-H#`OjD!_N z*?oHvTNatxx>l{j#D?9W=rZH(KS7{ns&i|~;*6_CMmx(dGY@AfnO))O@nh=^1L5d3 zPnIHB5@Y5JEY`F}A7fQy@xWi;y)a6oT>O(#x4d=4Z|D~yn~vYaB0hvX9tia$LWotT60& z%SnzXLQAy8snQ9*d8KhNoMS@6+}#CU1mWt{=FzZln^_g?;MoS7RJxVdr*HBl^qLQ1ql-So7eUZg38vaoEY4(O_eLuRzN94O>jS!9Tt0A{;N2=YsZ{DKO@3=^oi)zU^3tL$7K92Ei&G zG;WAa-vUN)>)NI#uBKbgQh5Ul>3~=0?lTjJAf1zNU>a?l(arSD*(+}@R8L{xgE|h1 zk4w5@G;BuFK4rlBJjEP_84uYFHtak&H~bIlQU-2q;3H;K8D0DD?ar}k7CbJ-n4#P+ z;>sVA>Od2YQuZD=F0e{P>6r>Kq84*0QlFI7GAE6uX1E5{R#j&yzU3&Jv9e!0Hk-`& zu|Oa1to{>+-pXDrLXWBV{gJ`kzNAweTUUzR3x&(>$Dl=fchj1R5@cmv;mgSCxTNpK z>XN~4|K79Xe^;UZ#_A%yb^EJ`lYHT+##JiocoabqFno}6^ANi>sODb&T#;gwr2b=W zvHrC2hhqcJMygdj^K>kR%HwLtBDi);u5H+9m9MC(-__E=$!-cQ+X?RzINE7#ibPiI z+;GKE)e3s)ih} zt2%T4#8G}^j{ba>^00pvX*mUxK05*!W(U61KP`^gz%KThH$A*3U#Li`+y0hfUc>elOJlwoCiv1c3 zBRl-?4Ul@b10J<^MGLQ_Av>|%oBX$bN%{4!NMUif&!3mHwPcbXxim`Upgn?O_J5xXnG0o-6k^J2R=35>4q?M&wktP>{BOd1YoRR`>NxZ%9+c`)iXIp&xiZ5lh1S}Q?nl7YlktTg z^D#P9i@(%Hx185uy{2vHM(>pyYM7GWD9+84h>w-pOWD#0o*;Jg8=JP-Sb74SM=z&dGh*2oPs zu>Ok-`y`}e`2xh5Zf6YtY;Ap@IsS!g|1`m&a($8OskNm|{m%vun~mBDWJGZAl}Tg)vrJrB(~ zdT8mO+aX`0bgs6wZE_HD*N-BRvm||vNtXOcDB*JZfe19BqTSzplaJ>==RjyIof~>C zUJq)ZqRXr2mal4T*k8x=1l06mT`ge8?@>2PHw}rSSY>tn=PlD_M2Ks`5>0eCGUM5==!<`?JsO;wWL_WH zrt3$GX4r#E$DRohRZ~76?&9DNQ>b7Ni}%KhXH-IKJ%)8w5CyIqczahG!ZI|Gqvc_! ztBSY32psZue8FFn(;Cc4baqsFVYOT%uI|uyQADP(%UoJya3zce)~7oku{>4#t`A}a zB5zgdwt^du@s2ab#o;nTQ&+!tK0osGrQ_ z>a3+N!_UJz%7L$yD4Ph|Ay8O0fJj{7D)0moCke?iJK$5L7DDZoWtB+y97)`%wN3|S z69?zCgyqhnk(t^`R70^-WRAVzM;0Q)P)tTFs_y$0SM_AdP0#uNYN+9}}z z{Wjc>8wW4fcX?vqv=Wr72AR&zge&4K#7-E({@IbU@pq%NLGQ4i|6va&VE32d7<_ zD4Y5^kq&3o%A|hv;fFW{Te=BYcp%HN3KqK6CY-JU3`8^ z7tbhiY%Fudnkl*V1b3;k-#b?|D44?r%E67-S;$UV0?*WLZ_oFX*p{mzPJ$J_cd_M((VJ$p%z&pApbo}F zv~NUdK)KVktiGMd8cV!|AHg>O1Ezpz&ec%`71t6kskjckc3N-gBSj7FeCUyPpH@Iyos1gdU7M=KMYGjG@V|X0<{*sKW z(S02TC;QwDPr)xwA?tADqVm&?{+;LYll@u((W03LbE(mf`eKD zAdV*o8fpE!{ketZSd4@fx30$Y>2<~ZX?@Q`I&WLpD|4nyp>h$TF?cHWi5y`M)@)NE z;mxZZaX90(v2;rzp2BjvxH4qJfQI2=DXu{OJn^Aj$9!m_#bj~bQAt#pYiVbUB(@my2dnMmEH2tuoWvBM!yNdNY-?Tef zYfw{B8I7@Le0p|P{uAe2f>*9s%5|r|hk);)aY24QM!qWcli%fJz}IeZO`6`HI2Mw1 zlnv+Hpb-#+@eef;tOS(P8ATaikwMp?sMswFD>^AblU?4J$02S~lZ3_XC2t}|4@YNT z9+&eGW~FhTQpkr(*Jf>ojGOB;$zpu$oN|5jC_)DMk}n_Rw9(HD97}JM!M|r8NeBpO zN)$!5tgiH2-_=<7xNUtwe>8#K8S=?YO@q>o$(bG;SYl^sYFinY< z6lG7_?m%6_Dx|_N!FtaCYR6p)3CuzG!F_*i0HLqE{6eXQVktN z4iWX0e^y4qpaLz+y zh{_%n7YtVI!5DE0|Nnh=g^19mq5uJOun;>+n^k@t= zp`9IP%c7O&>1o?grBT&Wz*$rlg(Zc&72 zHb)}wvn-2?HlnsHnSSClC`HcLp!iQsehARfh-^508z4FGfpTFJ3zt`fpap8slWmf# zr!}%ramveW#0Fx^GBaSVr9GH`&33osD~F`G+wI9rV@Uc&x7G4VXH1@`_V{&*@uiNC zhAz8XV_k7Y73ui(aX){b0Z|s7-_4xGjv8(*MJ&yglHJ+I9qeXAf5)uA!$1-Ve@`Q8 zJ4yVD8R1cbGeP3hJ8B*MSG>8YmCG2%0N#v+F9SF=jFaO>V;(u#*C#*$wx;-bskd5} zepd%t@o$c?Wa4ui1UFtwRg`QLZOPNEEVmcTO{o1Kk)orui*ufvy0#Q+d;S%OdkndP zWE2LZB~xbkn*LsaH%y_)*ZwSFhXfa=hVJ(!zFa#Q+WBw2zrF$5+gpLMTy2%CfaU#gY~316Pan|9l<|wcBSjJu@;E=cMBB$)dC@@xj85KC0GmSzQzxf_}u~` zKXHVB{MRSV0XWdp-2<(JH-~7fi~Ow->C2fKY`WO}%bNv@Eq$6A7b7~o1zttMcfQf~ zH(}kD@W6FZZO4yw7cVP@P(VR`N5ur|g{42pZu^Q}qxwgs`g)?I8g{e3a=Z~2M>Eqk z2>5k-hPS*me6+c7z9EKP^Z)1D@Aw$Q+7+Xn5Yg?hLY*5}vXUp5?4~R@4O|(6!4-Al z8g9sX+X>wnHX1?8oNtY>86P6G_3ZUwNmm;Jg%+o*Cy2d_R`UL}8vFI#a`kaz_sV@6 z^-;!Zk%DNUHP|=@W2GUIBRd-qVV3z5=c#6ua$DC0HYF}Lk35;oxyRYWHE3G#W!Cp+ zNYnHi-%qN|K0mbB6}e$Y;OM&(dh_oTd)}55@vHpZaC~*litkSx>^j=Ll^z2Am^nur z{Q~tR%wHa*6gs$9$X8kNcxN{jwd{NPn6Ku5$9;Sm`rh7VK!? zf7Zueum1Ct9JkWJ&&RT6BPElD(n&)Jpy6g7SV=}_3qj>gK{V6BDtU>G^$B&!@k#X= zPjRdF&V;Y^x-VnJPD^qAiSrwWyz`otE9*t~Mx5(g9vH8f22((s>w9)oXCWuw{n3bV z69{@4VLybBOCHsUJu((8+3a?D=y9f}vfxA8{5~pb(DvZPX{1HoF2KvMcii!~s7o#M z3u{sNwWS7MYNB}y+I9q!ESzlz<19jmaA?9edK9Nsjc&Bd6OWo+8FtCO439Tc zO|-7SHEa9Tb9f08<b-@(CbW+t6PCEd^@M*Vn+M`7L8h{H$} z-z}nlaytDMw-X*gcyBf^#wEYsXEkVdX}$kpDHSu-M>7Tc2X~d>R6LcNizEDbjNT=P z$P>QG4ws@p2WTF+ox(Ego*fnve?>D`i?GOvx-C|mB6QE`@jH4zIbo>F3^#epbT_a$ zLY6#Gp2}=f0l|gR>=BJH*V7)4Z}@y`*`!r0Fw??uv4mr^S1+vmP7SBIpfMq9pjyuE z*^N?RW43{PmUaH59qJ=T?ZLV65WD@|8EYNk78?*NH+`~+BloTK#qvG&bWaUlLq@|v z_E&N3dnQpc?gOM>T7?C9OTWkkmBuQ8X2Bms6N%+qt)_^LYqF#BUck{JRaAT+kg2Xf zo{Lgc9COQkFZsG{q?3Xpl(H{xa2t^Pe0bfRDpgGFOJ#Fa6wL+jZUbWr$6@1G>_yUt zy8QN3c`KtK^IW`?}$2w&Z4jzu5 zAm2O+@-RAcvd|G|p325`j(@_JBm@7(f;~jTYf;RL-RQHVXax*onA72~c_t=GaN9Y* z%(1LU9zNF};xb~NsK0FYElNgx!F|k;aeGCJmo4)UZa_VT1d!Px?KOLghlcFSw^KPn zqh++J2lqZ6{@Nh;51)TBr1U?O`orZ7t$v_?&47vSQQgBIBx{ z@j<~cOz!El-1|S2_|xfnUEYuA$D1>&;hrA~8s-Ke9_Dp!X#z94SD(ECuMURPN~>?I zT3Ro=UgR{CXVzhvJ3l_(<~lAk@&b`qRXYK1I!r~WP0~1du#1GbMgP`S^EHP=J1OBq zzxi(-R+gTX(?yN%*)6@bUX-h>jO9_wRu3m4KI4tPn%#((t4knumB5GOzwSs~WgXPE zneEysLfo}x@ySu;@qIyh!S2$}-4{lyM~&d`5bjrMfzY*F&&^{L?`X(P~Q|7ic%Fb)=AR;@n06-nsf#16C ze(7s}JvDD$sKn~iQ)?hqMm6MQJ`3%&*F0K(qZwe>#GyoCsolK-v^O#>E%Zk&ro2}G zBzX9+YgQDY-s>6oq-ek6I^SrMzq2LyV8X8=l*hQYb}2(geW54aef{LoB>9Z6!z80( za`2{~6`OBdu7wF_0<#<>3aol+Zr663T7_iF6jxuDQX$s&i=SIa=AMNwaJO|~FJjis zNzSab2FkUgUz+PaIVKaEHkxWS)J(d01T!)m*d5oE4c6}Q=JaF*)PGjUF+MXRbD}4b zq+-uWVdz~YN5=^+`xPB~wbi6=I^{4vU8JIT)R_E~_m#z5%svqT%zh%``IyJ|0AsCg zeehSxlb+w|T<*p0PO4CMky;D47sXa{E?ZZ$16o(jArurLaR3I%D6 z3^hSILhP0wpGsD62_R*OlAadjk(71i6k8a-$Oa;oXS-~3Ke@Uo3V(eD30yNZ(yqo4 z>e2MdZO!u|HuF>Djd;gN!{brA+H3L|*gSu*SnaLLaXB(opqmQ2d< zF@w5P-U`R;kfq-*_hqYATdFZ|IHIyp2^F?r6XcljdzwbrxZFuByE3r>XoFEMA83a$ zxD!E&uQ&S$=!u_XiMUcH0>kUs=f=jio)RoGQpg)hfxWDCQ~ z&P1LRl{ScF^H-Tm1ib3D-@LKr5I1IJQE=T>6&=R0<@^0IaP$bQPomC<=Q2x!v0`rR z*J~28%X(B#5~*EDyAj5G7Ne8)L*pt$xGs)et|cTFc*fDWJS;ykzbcMoh%1UpT^S3L zUH5?^CsckYcy#aG`YKvQ+CorKUd~_cT?XrP{OUzU^vtN-!?Q;fZK1^IE=~MSu2@5n zDWbdxAYGS@wwW~GYV5BuuvB3QzR_G|5*AG~x!DFBtETqOJPNX&kG<_p;!*2pCF#&! zE3rcbH1XBYBOrA5(Gd+AShzpSwPDGTVw?=7IMGCtlIRcKC`QS4h=ESuE4}8I*5^^3 z>K?TU7HQc;zO*7z&7sAtzuqW!ag6d+i(_=VPfbPnlK1&Um27M-+ju>@iH;R4&CZvM z4Dwld7YFBGi4EaTZyX#PLV=3QTr5+NNVhdU{G4<3~X}PK0MW)7ehje%3eAbD4rBxbG*@U)ASj z@6er=Q+{L~`urAKp_r%p<&EZy=}#l7PmBtvaE}7vtH<*}8;qS1Jq^id+X?}RRp9DQ z`-Kjf_z%Ku!QJCS9Gh#2H@{gN{z%5!;U9ng&oRyvyG9Cv_8wBWi`~5gPVp9uEJn{q zoRa*anxbCsDmSm9t@0Lp5cyZ?M8k!?^&~yjmnI)h>M(efy&A=C&%N@FLsr$^Mf&UR zt&NM$9Qb+#@XS9=^HhK1v7OalPw@GW`VW}gkEhc2@sej*HcL2#Th2xiCzMWKn_spM z@rV9VDx$q_&d505wOi~*GHpQ$8;f0d&J^+!cK2D^ocr%shb`}>zUU8RAs+l=p?`S( zkZD0>3b)3@cSZSv(h%pY?63d)XCi?e=RA74N`obIL_{T#>i)$=y(&eaNxAkL<2vZJ z&(dbq;K~LuGa$^mBMTDjX5Xdi==Skga}Uju;wAbwNtLRU{FEM>f{51EeF{Utr7_Qs!uj=q19G%6lFtd6OVG^gO4f zAE1+yiuPD4H<*gY0_CMWI+V+XG&NP%X>OOea$;Cw^<%p@7#JTtA{DS~zz6eZR5)#! z&u{5z%FDvRamc;6FLZifFuu9N5DzS}AS`q_PIwFK1A|G>Sj#LKk^WE?Dv#UJ>LSCm z`(cXrSXggI4(grVPLqv_Bp@SuIoaI_4e@xvVkhmeGTc+5iH1B-)6X!~PEu|9=F`_G zpc1A77X5~_&(4(VP|^-XDTf_9aV%B2ucKi}y0B9c8albL9KDQ18iQHUk(Mw7HLitF zH7L@(+OzhlRbJqhk415;k!yl5|4W)2&c~9? z)3CMH`s0qYNAN^}W0|C7Tc;|c5X!d|BBR`kCBS6ON<<tX z(kI72($nKGIk~nI@n=>%8<-5L4S_P&@w=p=HGCi_>`6R15mSLSBC-6y*1xK85zrK8 zh%xvLdGO8sgxPP?gBg{isQ5{{y@$@N`!stbhB20urDI6XtWE)-!x)-Z%=vEI<7r`| z%`4y6TPv|>PywMgh zQ@)^g^43ZI0Mhvt@5c$z)#o~+lkbH`;jIOuWxZb6-*n`w6JVS43|2N#a8iC9 z*2@{4bH4h1dGedsHroeiOlt}dVps*T>re_+wv{CXv&mwf4XF~=4w&r55YtMEv}w=v zyCF*#XY>jygc_>)cJ>N79Kwg9%SNH$8c#v=9fJ=31X+T-id06Q7VRe{y<_eXvu2Bp zlV^uNewSY3yGdK?bUcdMdq3xxIM!=ZR&_gwdUp)X6;?VCTf3w8S}dwVNNNST1a@ex z(>unOh*gRN8*J7}y9pdWLPs+!F@L#5ZyAY*5}-r9v+SOx7Y{e>H7Pe_)G>Piie25Y zVfZK?nMOLPyVQmuZ#2AgbGs!yth@9KP2DnT;E2`_MHzv>kBy!!px|ZXZk89&^q)Aw z-$21d$+u#5{S0EDl97hy?`f6j!yWtSfiEp6b-{^d>80g$Ts)<#f;s5wAv9iVQie;H zD)KAuPaId9cX*O`x->6jY>5ipyDsiE^d7EvJy|7bTkhgBwI@pjC(V@^MIpLI23t5G zhfe}~^1PD_6mKk@@Q>-HJ#dk=S8;?+Q+T0w@Iiboq=UH+0q^BYU2>}hnSeOo{$J2_a zjb6_x+v5Ta$gz6-O9Z=8?YQ<=dJwZ|m@Dm*vx~Pxf}XyR1J~2|d1Izk)@(OKB-?O^ z?)zk+E$SOQ=mLG7viOXraBBZN_6!Z0?rp(^&YJ0+<(qP@!7d*$CRDUsDR%U?6k?ZR zRq=j{`WU{LZ=klh+4dc`YffKZ*I6<8J-p#&2mThbZJ3hQ=L862;qaopE!mBGmug6W zFLvySK{qZW6|5Aa8&Ev0nfLLkcCr%#X7>9w)SC|B-s zfyDEp$~uCY8-Uqic_JFT0cz3%Wmde+H+20Y4l5q_JlmDYk?Ji{aXiTOify*!PAfMS zL5O13o*R`fmFebck(X-V{u~XlfQgb8{L3>!a4W$il4+r$C0;^BNcP~_Q{apFnhL|R z;vo>_ym-XDkWCS{rT7#J4x9NbdXOI^Qqy9_p|-d=3+vC0CzX&gyG=Ep4d5+LNVTp@ zlHLM$@w624qTx^z)eQuBi@-2*Xm%e;v$?^FxwDsaaXk*IWK}Mo!@aSf?Aqlkx}e3) zv=2fhWH#?qz^RnJ&d+uk5c8?siR5S~D!wwvd# z{5qR!w(oHoe2lcDBwi&pTYz^0RvW8mq%uBp;`9_^v;!ug4tuWI?af?8za3^i^C_-Y z!or8!2cFDa7?z=aX+O)wX0`+XiLIPQ4Sk*Zm_n-;)Y#IK9bw;TibtbNZ%!l@ULdy- z4L0={De&Ze#x5}ZZdTkqd3fCLND~m{=+9NT?$pf{9vy~sfal7nRHP!57v;X5!&BHw z>~x3GkcY}(e5>Z1M+TgT3Ar+`N2GLv!^D-gV7P;Ud9JKs3wb9ad>$VRE;|bMNL0e` z5rjfnru*5CSOtR-93PAzOX~64$h>Lqe1i~sOawtsu&qF>5`bzatvH)(xOR%DO>0~c zt?!AAC}~7t!9c($ZY}Mc^rapMm0mzwD5lCAL}CDp=+CqotwOmdDPo7{@!3nd85`yv zaahvu(86W8Di>)_BJmVP=P$AT>hWTQJOcS~wJ7-~zRsuwsNoU6@@zC$ed{-7x*&nfFXFsmi@ zVbw7hsndZ2bW`q+A6bT%@Lm8`4IGt#_1!i-KXItdwq7l!a(~*~ zq1@iZkegz-Ql+CP4}&omrUKSf#$8_3v%lR1uS?z=LNvTl%h0y)wMx}Nverf-#iQ(M ziRAt;pgtDs}}xV_Bs6Z+YR^;1SCzRI%#H@W^I#DVe^X zPfJhT7o}pZ3O2pOa>$~JnbCxzZZS-krM}EarS8K+iT{Vaw}5JEYuAO@yDjXN7B*I# zwzyNgcm;|CLXluWiffSI-cq2&i#rr23BeN}Sc|)RkOIN2xYIxToU=c<=lkyX|9_lu z?>YC}jEtpObFMkxwPxmgpLae_bYfSw6Z6WfnOZ7CL?zNbwsbf+MN0QHlsg(cP-x@0 zEudz#1J;ORFDs7{a;z+EgJ@4FO2AjK5fvU(-Iez{A}oYKW*W){&n`}WyODmM%ZUYJ zGs2#RFNi0bfX9?Gr&+h;Dy{`eZ8xOC zkomCIja?2zA14n2kWYv@=txj}5%N=y{4u`pVF8grJLj&ewMoy5atCUU`chHf7~HOS z5(T2*o;qbKUWFf7tw+t+=Kc2`1l`xux!+=8xgvG@HB)==T0tz&TOMH-y$e=jW6&Lx z1~DWA)~zF=Y2~Lf9;PB0Rl^6Dq%*2m5-XItO#%VguEtE~azl(TiJe9-OG-uaaDml_;bAR|la ziQoSi@U)7mo!@7)?VD;MOQ5G=jLZ?6U+)QW>^Mt=bzEvCt7IvJq#Nivb-HnN5z+gO zUIXIwW%!j5n61YG+-*5O7;?<#$vdJaEI#o|=MumDy>17w%*~e~|K$W#kSApyW60u= zYlfMsyvWRW_qNQ=GbDLwbcpopf>FTQ;|JM&Gso}HlFyPD%ctZ>*FJ?)ok-?HSUK1d z_mH(YT4DhJ7nM$NOFsu-Q?G6Js}k-|&CK;%g>0qxsFh!mt1M{P@3)r2wmoT+L(C7o zl7vDO*|zl@U~Hqz6+9w|nX&Y}R>J%y{zeef$6Iv8D+aI}MuUbQM3}ZSr{BLT0X#&$ zr6A}R{hWsi+RcG-Z9i-}B!f{1PXpKZ%EI-08DwS{d9orEJEw-XJlJI|)%|p0s}yN> zi*B*uRVca2km)ukYX9Y3+}tVq0GYX-h}pe3>o~SMkJ;5eTiWLCKrFfn510)`rs}3G ziv)D-%!+MmhUz5e3s`j*sQN;%M;~6{axThlFGv3s*jM~S#RblQc94~}Qd5Xd zlA&hN{Y6=(5mT8zRG>*-Vr&iy-+ASOwefG)p3(eH6#kmNjjOVy?|q>wCS#6?md%i-+bbsg&q?t9zyo<#L|5(>duw@A0y?Vv@BhvBiY+fLuE1kY={( z+)*Q~*W+o*Tw-PpfHImesQ`T-03&{&)NRxANiWSqS-pQ_0&89XN22uaWU9CW_%QD* z-KRKyljwJeR)My9!CF~N#fl1fMdgfQn7LPLW22S2-R$K1BP|uHX)b@Y3ye0>Ifl)| zD5>OwV1!r~6FP!J%M_>I2d$0?9?>Vb@9I=E*%U+bd}I zZAD|SW8~HVcSe&kt5PB`%+)iZ)iA|;;6SVZFg9PiTJR9zys8264mGy?qH8W}leFM+ zt227WFFshd!Z~7cb}PZ9EzjLG*qYB?`X>SVN~CYJb?kP!AAqrZOGKg0J_D{G5cWlA zGE6cb9d9dwY&)29=e$#}no>oBOL^H~87tUF;vY3j#s)EoDUAK?s_=JI9jWFP>%FCz zsI3(3T*WcoO$FnuE#g&he}M!iLB}&K^f zjsWj`3GSc{y%(p@$r;ULSvb39cx-->$bnyc`O z!|~y@;20Ycj2X?yOcYmmvg5F=lz@2#6MPxb!;FoQ#$y9`RuTI*LeKx>h9$o)oaJ~I zP2pw)F(tj-=>I=r(*J{V?Y|*>BJV49y<%x-e?U#5_*(kyM}k%_C|Rw1zau1$z2~9D zy*17NQSGTU77ZZ`wZrXC%NHS3?2(pyC{U6Ks8IzQUQ5DLknz%W?{{QvpMcNG?;Q`W z_?%4#yuPuw_2yA1@}{CBRuWn@yZ0tLDP3!~6_SZtbTVzZAL&#!X$;{S)!4@1d5#XZ zbi5*VO{n#R>=~(urtG+6(H2(!7^!rjrh*>-1 z3qgw_4g{CvR$a)nWzxX`SVb%D9f{T7KL-DoRq^lZ21A?vA;??nB7 zLRJ0`Yc)?&@Nt$G%P|A}d4Nrxu8T58-4jc3!g{}w!hIQ1)0c{&c-p(I%+wi^&zyFC z_KrUGx|RT)ne7na@H+~VIhtcEdK%pWmDOb`TlO#1bQKl7v@mf^oNEO>daFtkjnQfa z_OTjT!!L8=DocYr#^3a^imHMQ&SqC75a?*T+}w+M_T7^1$h-MnE3gWdU#;DUyWEsi zEMs8HxH7ds?I#M%to8a7O$Bo*I!UwP=p(M7^*8o~cGfy%#*t0TbsJcHhEFGXM%*uB z9JP(tl*zN%N7}79rvxT$DlO_w+`4_WCF7LFqd^V;ZWNT;af@y+8NynVpD#q-muVcY9u*FYbNG9vv0?M{oXeO+F*41QA*2?T#gU*2iNXAzwzs7dW%BbaNh^FTcy5^^@r^b%R zfHYv`9qZ^>G&rHGed?0Z+?&N6uf$oT{-8cX)!sZTyl$MPOT%YkXrVT<2gw-eT0^5X6I1P{`5W5)*Nw73e2SuEE??AR8iUpjnjOnzu?`; zf;Sbe;jWziWK1r)+PTD-UT!tpaW3~cfm^i`E}awXq8++fgkO(Q)MCHZ!&eG^5+wPw zYZ$B>S9J4^cI=3R?Aa%An!D0e@OWDIUPG#M3<_%{CU4u1vm4nad1-N$#5>3)W9M}< zdtVSbUMYTZOz##zz?;x%XNoLwUPVa~vE8Xy1Vao;j9O((T;$aM4oD8F{q252lKz)f z(Y`8s1r5ysP;j{2Nslys2x%S}gf1mf=@E)erM*f*=t0fkkiOkXEQI$>?$OGe%RPSF z)7}zf@&ulwC~uO9jlrdYP`KH2oDj7sReF{geJ=UKKa9653civL*Opgib%VI(WKPKJ z+I4bwvqri+M16zX(dUMpmEBjY(-hRgJXSXtgHB^QQfJ1XxiVp~WNv9u_MiusOvPmR zf3{wKyB;FpHC{<3A8fb3}@ z_o>&Yn9VkIyKF93oj|10XIn}(U zDHrUnUAu2wU0>HZt&stlMnB#YmRwPM-S;g7oSZ)Po6n)R39rNsy@uGFojH?*SBuZc z{!2h*@^J)n1j5*sA>myLdOL2l4K?W&X0@hy%>-t^Xp|MU+g(`0z3yFpBzxOic^1;O zGZ8JruN`S8q_fgH)HNwSQr-NnGZOD8{-1qHsNHK&WEoT~X7-^EoSA1o)OZs;TB>zb z%d~TiGXK%-N~qVRDWy@2K{e(y7BZyfyg1Rb#Bm2I_pdJa7wX+nLT%C^9+^g3k~;G* z8KyGdx4^{uX997%n_9!Ja69bi3UH|yD`DSlaOjO+gt>+mn|RD>Cup+8brNfISFZpJ zv*Huqyn8lq7=6}ue44=HKt9%}SMQ)OY<2;W*Ro25;A$}kM_W$qoR-epG@?LD99C$V zPp)Ee0jwTNJVs9_p_?|K7SEbn)&W)@(`>#s>=q$tku1^G{R4GcKNDWK%9)vQfZWiU z-&1s5tsD4)=Ry2upZ|tEL`~vwLIgx-%jL(kjLq2gZ0oyxZ>b=6g9F3vY2k`e^^`_2 zZwC`c@o0W)385qwA)tmDwUw`tmIQ1`W$v6<)6zl3i(>NYppD>($8fRZW4m@MeH@D^wJ$QHs%d*SMp7e&`4EHTZ#yVpKzL4(%Z4#JpWot+r2#st(csWIcOF+d6P} z?No8$%CXYvFl)&9_P)iyEy)O}k@0Ce^QZkJQe)F)MHZn^r(Of+mSx=Sm0JPQ`(Nic ztmG$!Ul4|x>nH}V#K~JCQS^3%LP%gXjL9f`=a$J6a84;W{aaZ`)gFZs(>I4w=ybAo zJiGY#_OHvI^((W!TV&i{iFZD%zlxT-leWxm-KE*p<5oGjJU>UDr<_m<%pZ8kU;Tk# zQJO0`)OlQ?qFO9--SA-P7@FDqakXx|ZRf~$;nVxb;CH6G3>l{7 z>_4ox)2v`WPUeg-qp$rYHbhfmQ|VBPw>}t>(9+u{w?Du*`OQyGUJjSfzuQU}2E=J| zl~m^{m;XXPol{Dme|{M1v0|h9z`uEM`hG9{Y1tH=Z_**q!;X!Aaw%h6nQ@Q?%e{42 z+Pcbs)wny|{IkxrK0v<~*C|>< z+ED>uWm?NGDHuA`l`2OHf_k;t0cMpujrYIZrRFFfk#jB6Di|+PRa6!Hcs%-ni<>_^ zEuFOAv)f2R%1C6KzGxv|cM9{s9?F)^lom%sZi30|pn7AR+^BH*z?bvO`~Gk`f6|7I zD3r)-X%Bk)Ldkls=cVGB85ZZg-21)jvfgBVzm?IaEW>=Ry|^r330MUfWc5|`+%v1G zyvx<)rT%E~sD$h;WT?iT;~v{KKee>Mz|=W7j>E~_j}zx_u?>*{^@72W*dOextW{OXqv5Yzr|UD@Y7w^Es=)(Y2^Nm{FZK<@@db9e~`m+6?pk7 zY@&=celL;8)BbY)nRyxL@S}?z&q8f{$;e@+RZZtP1=3iVV}YAwck;BsxziZ2MzS=f z+w8)jU$7S4?-X;uVbBn#-lWYqSGMQ17~QBl!1$NykT@w>rZr}6jr;*a^;0X2%Bajy zd)(FE0`uiTa42H)VL)v}egx4NpMIMXqL03s4bXHrY{bSV z_FZld#`5ZlB2v2{uzp_2p|(jKz77f#UH+W|*PQoJa|Tg?^SKuGb}SjG*qS~uRtG%M z%|^SujmQpy2|nKUt!iIYF5WVl%=!pY^i*w)%0_j*w#Y(!kiKI1ewc-64z8YW%awXY z&E9>53*Fnzf4MXGwD3;*=@oyYqrqK{97|Y10fWs-UvYbE->CNVFuIr55dEY|l&7>o zqWIcs#O(5f4Iad46*a7AwHYR2*X9e-&?p6HP3q^5yF%na+EGaIuYF-+%v6cyw9Q7s z3H0>nzBT*kHrfDjHh*AUDESRW3=mA!Q8Ie6yz8B7UWPt_k5%^8XM%0_k2+9!TK;yI zw-#vPPU^RwoJ;P&V3kV7QGu>)=O84M88xx4m&T2TPbJ0o>PtHvtCc>`)qUGX4FZvH zH7)>DrmVy0aM1=SnmKMueih8DQn_wWQJpa`wO}PXt#{45ZL*PfsL3B1Vcw2Sms@|( zzD(xfmkp>#v9y+P-bNw=x+uKCpcv zRGScaC&NA}{nrFM3_poa9$#aOsE5= z3NKEA!&#sgTf9B$Pp=i29RE=p@}DLe%-q&sbbfDLlD~USh>Q9%^`omFJ&&3H>F7sK zuld2Psw(g%z&!ZaTAv4Sca2NUM+a-`qA9AZ$*Udm?aRRc*LAFZ7k(B1q(bmQ9PD*3 z_d2RJXw9tYC?rkjb=WX~&Qih7p)sjcbO5Dnla;NeEbp0_NMog92FDt`ZNl?7mS~DHw%Im> zHuV^My}m?W)5rj%*}_-$?3Y8QDZbn(5)o{Y@uq_m)sO>eG_vla;SXd4sbM=)^kWxM zD5Y|=ge1U%XIzTf?wn#em|_}qLYa`eBcGDrE#^`7BX}|qERc4>Z4@gx!CbUxoLZum zBnpMEg48H$a;pILU_HuH(c39Lo3V_319P-gh%=hmRESX+Q-ryelm@8RY#oc@ELk5- z%FeBdFS@V``@KJxMFnR1S$`X8Z~f}1de8SDq~&&R5AQJ`Rx943_dZ(pbF+Wn-enKf zUdZbGFx%*Heq*41-0wdL%!{^ce-gyMt!oQO^1Dgh>)!C4yH?P0eWFx1$UUDZvwP$z z3&_~K_3ocn=pk6HN9`xU@mMwoufbmP*tq|efVoTNX3c;j!~PCYNSl>(<4*!H^P8Jy zoUOd$(#|<#Yxj+>t-7O}KWRM8t>!()_UCW+xzum{(>(4YKHOlRs^^9Hz1xS2uB^u0 z>{0t#r4Asa8!(p}G77>EzyBo2+K)kk1EXd`GnPDYG8@a5KfKh!I*5A=`1gMjL_C50 zYDD)NK8IU1p6Xv2xaR7jM3(N%xReL#aW@4z(#Tdye`=_o_SZ=l)|!Xz23$FzTwJ3G z6e$AHS`wl9(2-Bg6baHwjwxdgK0T{jRad<5*w3)nk2zfD)zjUVo%Gd)+7&Vn5 z)(DU9f@b~F&9VIQN#RO-PZ~o;38S`{%wibcsb5jx1idGqnQO!5U5>5n{pMBI<3$^SCha z=@Vr5!(#U*?yDsRwuKC4h}|ztBn{3nUA5Vtf?dNNn#|J<;3dP|bJfbc`R*@}D=h8^ zG$tpYo6F1Eiyx09bv4nyYa0=n($}b*o=@O2M!E(SX=#_#rx12JPb?npc*~zu3ar+x zHg9Fj&92ok`Y#iA5Jkp_g-)?}rVfI=j?%qW_EF0`+0y~V3zM0y-4pWevRVYAbU$d@ zp*!wNu}JR-F(vk)8#bxTcu(Hsl>8?m_Y~h3P;kYop0GT!dxJI-Q;@|_Fq^B7Phbc--p#Ahg)y)v8a@g*5ollM%DRQ&o5?wnN*-ViAi>rk9qI0S*ZP`lGH;V z$+y$KU@)>00l-Q>-132Xa~W&#IXOtr931$W>Jo67mKLM{@3s`sQ1LD6h$xL;cbxvXXOlR)~= zCiP!g>-g}jb(?>%)+N!wx?TKF*#ZDBygp9S?5HJiL#>3kNp}K~RTtk}Bg6~!EhU}= zP|xobbB_wXuKO=R051|BCT_#D=)adLylv}zYqjmqH=E$swd;O$yF#za@BPQmf(dw` zf1V*#V}?qk$zJ@(2UR`95?U@?w2cMrI>1Y6(ZcDe|JMW+(|A@N(HyabHC{@S*oE#)DE#- zaB4C}p6K1E8U(@d2Jx2Ha{>6!2}kq0^&9-~-yCNMS>2ppPYA-wCkn#WOM6P)!5}D% z0nU*G_Z$PlH?meh#s+c3EfHjEVT2=Jt4jHe7k&xa+Kz3qOgy-1L*<*VU&&V2QHE1~ zhnkhjDl&HsxA&xxRWPp!IOp~vfca{n#XKfk21l*si;{@wD>H3nub1n2MUD~KEQvx= z3Q!gnD9h|Adyu}_26rBw{pRokDNBXSq8207=!?^C>sU~Uxz>*6K-h@fgpioQX`Kcg zp1Fq|N7MV1-=O{$aAq!%R|lp{gVwcm-VUDE=y9q|Itg~piLGnOQ zJlVZ3&K;I-T~?#AgZJoW0r142vsQ97){v(^tsBaQosQi2gL*)zMZFvV$ zLxiL|V`q()m z1pT~bQqHS1&$v=+zQkXpxb4;yQ6wTj06_CsE-jKb{tle=_*my7+umQE&KDgghF5I+ zRAF{~a2Z~b7fV66X|Q)dNoW~lSKLC6+o^UR#Yny&MTuXa^w>_&y!ie z1sK$ht5Mw8YaWnW2HHZtHw#NfrO9yG8&1zFiUE{jz#O^bJfHNLdh2BeEQvu+ID43) zX2?EJ>jO)N37fL%3SS!m4ENo6w38|0Lec`8W_6$CnUV-3OF2n44jfFVsVXIk!skO- z!Bk^MHmiBL?;rMa@Wl<_Mw1olGX%XKbSOr-@0F<3Id_o89!(jD^MH1Y!|^=YZm}RL z-RVMkU?^{zW-r=*(DBAHEa5`2aN1GlTrxVD$V9Yt56?kp%#>^WnyRMAKiFWsa(NOK zRcZ~*&1a*703daDRwz{T{Q3BGb)SzpZjV(!dIv@4^D0nlx?pz7MmE18M;=xZJfDC6 z9eFp8Qji%6V#hr-MB2T`RGq8YR~*ocS(OtluSJ1{7oUp!)~A zB@`H>MeJ`v|C#wo`+boko^F-x85fTXwbKL$dSr_qi7I%`z;RIijLnw?O7wj%{VJc} zQR4e=Jk#`_<%s+iRvr^vm5|&u?wWmnCWWW(7XOgaHr!Kb*S5BWT^p^4aS}~32jKEEswZ^=vR)L zH={4jjzrASu}(_q7$rhWr_c7nUUO99s6+z(5WG^~bB}-nKwb#hp`6 zKQ2aCqSKA}h1~VN@qi#C@J9W@P$YwMy0cH0-1sEA<1E)vs%kWla8O`8+d1$^kd-#cqPf3s`7JHDLZ8~Dw`RE4m@8kThD zwIW8T%UoeN(GY%aVFCH0m5aTfPPp}oe2a)&%k)0|N2{_n_i$Y3Z<|_b7x&%Dw9&Wa zU%&2b?16uZvV(0nw$DE2#cT;I!D_`!EXUE8{9Sc$ED|$wU<8?%l+r}cL2SDXbn}I} zj$e1@IaC;{xdG+1wS&gAwNX@5>=hbX+}sx0f;C&$Wfz8V^? zIistl%?nXrr)$9~^|>j}@9#Z3FGw$!%O)Pwk6!3rKRbN7u-AdCxk;HW+TCXOogeSm zdhwIMPqrK~pFPsN(U}_hlORA8(tOm>FX#F8-!5M~{@{3YllYSWDBUN1xsSlh02GSZ zUe*)cCdRX;2QHA7(Ep1WT>dWeXOE5cZ$8|d`MpMytwVteWvCP&Nva|1J3(O;j9 z%yX*xn4z>75TC^;~`&K z3FZWa*zzv~nVs}<`xLqMHzjVO%XG@)ZH)mDWxlan%b~1K1sLk z?(!gtBKCno<=f=?9!VN()DS*2KBf(V#&i61iSfFKM!gm!qYE=*X8ZIhHI~Bk!7JXq z*v)f>(%4=*I1(?}3IgeJ!%N*IG)3H3YT_1#!Sim?qJf&+Q!PQtBtAoN)tG@0NsrUS z4QS#;tjqh5tU}d@ZnPzPoCKG(_o9!4#hYL57k$`*jYPC-L`u{|~K%`0PW95S^-mbH8jfp~b z-{0cfe0Dc=s^#r3h0rb3nn_rH?=E#M+v+ncMocTm_;a<1r>j#$R^gV0d=tl9RH$+a6|P&iHZT=m+=*qd8O%QN zeGDX{y6^t1o+)W@x?y+#4w zwZ|=0)m@p!2cqrZ+&(HF5eZadHJOy+QN$xE5=#z|P%Bp^yjRSJv$&u(L_+7!Vah*P z-(iy~hjiF~e(v5Hf_~}&+(EJ^`bM80wvBWIDEpzlPNqwW zrDQS~FRK*<7jrN3@Nd%YNv;=jjZ7ED(q$lYxy!i7$Bpt8G#7l0wI@ZVWj1usTHh$L z>K{&}(q+`}McFyPbAPX)wo&>zG}N|Wt@XTTDx~19U(#qwR2^IKsD3wu3nCF550RuS zxZRrnKH-PrZDk9M3c9Qhnr)ZAd2e}Xck61gS!_8}cCFQUJA!q$Vac>5IHc4-cJuY= zLPQ^z-IO^B5Fejl>4EWc2{=8OA#USx)M6^`b;2{MgRl6Se_aTBTPLqybVKnudC`CO zA_yk;F3)f^XdkdcI*@&f=AvSGxD-{ldh+AOyv0;(_siAJoLr_C zp_uY9a`o_qjC+F=y^A6tnYUFrzWnV)|8$#9xh=h#)Vb-jFZD#E_LoC50*8S5P5ur@ z&@>>R(VWOIsgg1gX7MGoMh|P$e>eMq;VX?IBW54#@=adR@(b`wxFuxMeN8i?dgYeQ zbrC;XR=d7+T%YyIEWt@eZIUmQWfnj%JK6cx40K6<8by5SrTZT|lFg6rE}4C3K}D3^N3#wZZ< z8j){T*VUm&uQiELW|$Bfw_~moDY4^;zDhEsS0{^Fym~>R82*&u-eq6tvQ+_=Qu0NYJa}1yv*LnRZd?i2< zy;Xw2ZsU7Lm7Dn9(8M2qYLiL$&QV5U!5C7))_`QX|9Lo4+f}EN-BK*Ab9T7)*)37q z)H}Y=dRf|<%DC7G+f#{5 ztS*gvZ;?3QYR8qfVRQ=z8qu>ZvY)9(%yvzPv1k;R@&qPT1E5bK_oXytz!=~#)qk*brSg(`3`LOmkVU2y6Qo90}*_uKhtVfuB zkkG6?ZM>oMqIg*yJv-jFF`Ykn96{zOYbaaUM(*@@wxpfXD@X_tT=&xX$U`a0UL^dL zK3zvUY5b^u5_zWCvqcEs`0F|ElaXi{AKMk|SUBsb4Wh_C9%?p&URk4`)Hq{0%qP?uwk)oNq;7A2#*%vXcTVgv5uYOOM8gv_}o z-ZHri3m7sgz1$n~i8T9uXYlzyZT5im^$JKM0>R$L&m$hEUG(8e$YkGfdHszwQ;qC3i zfJagmMgsCRx_SY@n%q7dzdAc2?L9jVt{`)30vsLSi}#QuSq;xn3+ywM6Zpa0e&)5b zz!rYU8czF!|MM980*A=5wTNy~Gp)f-0>IwZb(bcFYKA9OGu=XUTV+f|)eZ5+v+;u6Yjj2tFV1_fccrbhsLkyH_@BMZ13Xwfr`Pb66lae- zO;0_ATk62`QeP17_<|gEVOgCOtOa&i>j66?0t;g02^Yt0L;3*=8W>_!nUlhU`APqS z9I|eEBYhrTv*~kbRbPe@7?g${@}r+w%Y-Sic-_#$&Kpjtr|g!)cVMiNv7}&Ynf#`n zVP{3#M1Vu`B2z^(px!s`q-#q|~W zlGZD@3|Dkj^OdicX5Ja;+6#)Ne*7}@?OB#?<9b^~!f70HQ?7I>T_P7m+v8&G6kzaa z>hoAY+rs5sU~ySbC;T#OO~CDsO7~#@Nie^4tq`C?|7kZEi(8HU^GB^Nj6?X!AD&A8 zN#I*{Om(j3$bzA8icgcG2;6hO$!+F&(B}CPa^R|H=5)Q=Jf^#1S{uEt)&#WK#$#NK zlNaGvCE{drcWb))8N-@SG5F|Plf=*^sXt7W_gC8~{%^dEBIrc;5f7MW{zw9KmZ>C8 z5mLNz;HoZ?ly(Ta%-*(N(7jCAo$_#yb%f!|W!t4Gs*_N&ET;fWY=)Pe3W6BeC=;as z-Te{>usZ~qO*?{YWO7oxG})AV*~Gccr_~QZIBI3ru&$2GOl0mz4ID1ZX^l|Rq?_8L z0e}W6O^`!|s(IA( zu{-kLc#*vlir&Bb`;`B>M+m|*6GKushFhARdyUf_94ZHTMl@EbuIXeM8~Gn)<)%hB z2M&65P9U2*c3%Nqqz;&l_AAe%+1r-ytng8L{Um7rJocVH>NY;fU$FH>-$^KUM_XkR zkvt~vuYWl-?DD72YI!F7nr+JOZiNQZV?Vi-!ml3TzdFgBe?ovuExSvSYldO{#1ZBN ze3o8<(@BjMOY`Vz;8Gg)KL5eP&-$V3QPy@NfCEL7Q(~hqwTeaZ`Fdrxcgb)0nGKZEbm>oTQGd!?m zt^}=mZ=T>LIA{QT>b)asIwon|uAvoFcQoIpFK0o>qe639&gPAA$Nf2rOMn?LH z9EgC_u_ichnQn|!{WtaT=ePcky^@JInSP$^fs*z!?j=50$LBPx<5To(9lf`aJHJrN zhWt+Crmh4JCfNjNKnXf7XsFRiKqn#zJ|NF_G47#sV>{tzRxP;8knH)E*D+j*WZaN=!ZF-eLWgiZReP=grkcxPIwp2#`L@%}UVg?D_i3&b|xp z;ZnGdhWR5N0-~DswyME!t__7qzY+qb1#0p^S*uD-wMXn)khlVqh|={^Km8MkkU&g1Ij2!OxiaFGgCq02@HaY&Ft`Ao|Un!OOI) zan=3PZ|R#ZzY*x+{?d*U=Iv=enea#GtK~#~07;6~pn8;4)EW*c3&Uk<C#*Vgl%UH0RhYQ4SP;CaSkOVNE|Tvs~?((D#KcF7$Yv&{Gr;UZSJmquS#>TjW; z_$EpfzB;PfoiDGtSs%}YlVwi|9v`>K5-ft z?#=LhwToClY!_m0npi2HdugvS(ok^VhS12Z?OqZ{H%M#dnc1PuRA5yzO7QE~%hO)T zj}vOq+y`KM5qh9x?C74S`><46z2?CB##9DEpB1q|OZuy_5R8_Ng0_>~Tgxsv?A1%( zwA4AnZU^lwM7M}wS)>% zb>@P)Z%qq3y!%Uq|8?Vkb4VM(FQe{~42?g&Z>J8@^m^NloXH6IcS-6)iaiyoxHc(c zRYv3RzHZ!2(E@42P_g;AFoUV4lp}J1c3$@=^HEe$6J@2MtqDVtLxzi%d$LYL!BtG& zBF6t-xOH2&PN!t9^|88=D+q=3zPEQCSb^6-@Z*|b($Rz^5?lFYr7nRA2j}Yozuq{X z?{e0Sj>(2;^d18}BlkBY^4nplKEXRXBF$ySI-Ht`dyVp-UDRzL5QxAE!zQf zA~_XMC&8t`@N9A`uK7(`OymAMQx2@5BCe{=vB!oBSL~K}{J`hs21{6sQO9ljO{xC+$yI* zcsSjh*3D*!_^5F>ua;^oEM*Kw=@3p%|Mnd(y ztvOT_#S)6do2~@_%L-tFkoz$`zPTj@d>g*IDhHlpk1SC4EWtXXUFhuJJmn>y?UDfh zQA_w|oA_UD+%oD3_{P9BT{lQG109{m?GY)+9}TRd`HJWab@_OJ*#aEu7wUdo`3fe_ zkzo@)>=;X4p74WI9sO9r*_YNXtYg9Oe6o{CYDxu@zBRr1RVX+Ed~WaV!%Ao5!$RG} z&y#x!5RkOt&<2nhcOc@2poMWhDxtQ{W|1#G&LW@_Vb0F0P)kQB83JB@>OMm#oVXq#k zap*YMh}M{}gwJv@T&DK?=O(~tD-h}tH)bA4!f?0KF z1$>_c_|KkQD_Gr_4BoyQRau|*qgh|Q^) z=BLit4XLBb<7omRhTcs=Zn5q}Yb77_{5A{%GE|z7ANv?M_SoG<+|BmE@UBh@D?KOd>SewOGDCQW&!KCilwzu9@O_R!B_gL#wazgvMx77dh3f>TY= zX0Huqjm9uDbZczVn2E%d0s+>w5BJ38Z?H%t&-@THh4d~8qQY*F-4h$of@%F|ug)X^ zA8)X%@JJ>1Pq2h-(6%r}d_TKp>w5fS3a261Fkfa)EX0l-o0vJk`n1Ls@*XFTpni1B z`OjaOtUIPR?K-Z#xb0kJ{h}D_PbH7?7p7_`yPP?TcW<<_F7~mSV_MT+XGVstGd~#& zf8og|E7r(=GIKh<;rF%{Ei{Dplai>+2W`%&9NGhc#s}4V0@u&sQQ_fldihmX6>Swq z&an0KhnH)c3IjCTyouyc*ZXnvSqaF@dq)!Xe+<0XcrG;D!|Ea!1_v5aqwOM_RJ6Wp zErCbY@2x_6E#STpfv>)kRx&$KZlw(Ib7khzPG0|y$lS@7h8?4SLFPKo{?j3IDvI}` zj7Kt4{d>DS1)F z5vtL=lpsh}x66B9v&@1I_IQ}%Kk$|G|I03&dy@fK3-= zByH(AY2_y)Tz^zdkDuN0x~p`7lR0fdMqbv7lPPtr%}~uPK1|}TzYQoT}OYaC*0pqpc$^Nxy4v%T+CY1fbDlBAbw zLSKQ~f|raWqITO}*OPqP8&nHDX5sCbu^dKrtUXakdov1r5ClKcMt_2;kF#NOv;8tb z`3`PUvhUMT4?Md^p%N=L3^7Uo^_0tj8Ps)78rhps)-s|zR?x;HVOt^gI%t_|S4Z=U zQbQQ=RHPX^&%$0rZ%#k*N8_~hM@csSd}d~>>8YM8A~>#7#W<@Mrjivxe9xMSXx0+7 z!rux{PpZZ>q21b-98BCg`Z-S(n{DZ>MRf)%YzudzInuCYC9_Tf@x``e6TC5*tSHz? zp9P<9(gI3xH?T)1p8B0TJ=OO}pOxR9AQ}1%i*uy|LBu9kZ`WP z&T!Dloe0;(K$%~*riL63My&9&63urS@HY7v9US;w9Rev((c{fxe=>-)D{+DCUK0mk;mBJN z1n{Rw0FxS;+37Z{tP}*W$!W{ljqb)lm}+q%Nc*8PfBx*v&Tey*dX;7Q4=2dRkt9`_ zfO_-F&AKcwichvbV;fXC<96{V{oq>%4pHt}|0vPE$Qx)v6o2znoF!@@$pKx?y5;Q< zv{I4I-526#?_Wo>P3j`>lWNW`dGlW^BgJCq8l1DQA=lBu3@5_J za->&pQ|RN!Ts>E!I|7Op@lMeP-GqC+jFH#scu0|kKJLLnk`(Pl_DB5vvC=p5di?7( zj!NPIdfV2U0gukU&VF{hs+bxayOP^~U-x+K+`J+ib{4pN3;Lq|pwnDV>&H)m4no|A z|G*rqcj&q1vEBHoI{$jNa=x@q0vx{Iugb;Q22Fc_o(>L0fcTsr0i>rddK4>jtffbW zw3;?_GWVLVy)GO*_=?&syG^&10V+^82?+_Q`E0=PtIa4`{?8|tiTwrAq(lWn8!@?T zsfXD_d`<6hnwcv^Za~`!EXkgdhvcI#&VPMU|J@c*+VqX4(@%oZ{BsGjN&lNd#Gbw{ zedHdf$<=u+#zvZ-MQ~;Byz0^E@lOI46&BCG2r~M*T(0}2d}YMLNgmv{h{9C7X#QQ| ze;%+jd~`A$SEUlltR>`R&#;FAgPT_Sl+>k#fE( zl;jGZF|8VAx!CUhXW<<_6Ey*AcyEbZ=?#w4gov}YU8}ddyZ14|F?Ot!W#&g3`oLYW zgjhu@KK_y&2yz0XtAAoS5wVJ{+U?lsR-PV9GN?;rgh_2&YUo~vYqPhk0uaXU{YfV# zS6=x!O6T$wXyP$8VAi*}%Y|*8gU_?xiZT=bg3C!Y`(B3xXwt`UdK&xz!@b?T-aDZ> zS8|ljnX~-^b^B0%+B~JZ@}&0QqkG{WSRcvW{7(W?lZ4Ra9>)Je(nuuyx3Y{joAcRT zm*sVLFG|gSJblvhsz(y}N7bo6O|mQQa?E&mp3eoDL2U zZz%H~`f+rvRBA5t#32r--xZ(SUm!J*=q+hdaM}WcnNg~PwGWX+iu3pv?U6X%5hz^! zO7bT`-v7hiTR_FtWNVX+b7$6F@7^~vYyI?EeKysncFC!#U1!(c-zHJx_u%NM<6mAT8FZ7OTA9R2 zE6P7FgDc?v2|z3zC$zh0kMu%S zI>K4LiG>9v00`O$|0(&mFDBo`$;(3X$X4VP;QJKa6-e0glSlH zt%P($(JsSFz+4ZG{BA;19zJKf_|2>P7Szb?h{9mQ`6)hC@`UD%6W>)rjTCcU=}I5x z624=Yoyiia6ROkX{l1p#3Tj&|p#=&DCz@_>rh{wacxq}fN51?|K>v%D2Z>Pq*27vW zI7HZrt$fE>f01z|(x9%Jm~zk1N+NEYnx38@zp3uvw1iwHe;2J^h!J_^Tf0o9)vW&$ zPzIedCA}ibF9elBX@3G{NM_f$akM5{ubm&t6SbacPAE=SAGZ?u+Tg>bu(uo zw)JXBXeUDP)v8XRt0l~6c4gvwgd*nmBPH01l*30xq$<~_9Gk<#yDcRA{qKw@0Njub z%;|&+)=f%YsTJ0(KLN_BSH&&iJ+6f-JoS#yYGRz%iDy^$bCLfM5cqXdXx(OAS;M=- zT!H$BAA&Lls4(M%Cafp^UAg?o|7}UErD%6H?Sc_lXK+0QGYQGkcg?zo$>zM(XJ`Az zITx6N+WwE8J%TmBM=l3^$KaKytNieU_Ek=5TxME}Cg>x>mmEYVi#NaVhpThu6?$f0 z;A)l5QtL3@9GCCD;>4?u>7>&dyi{a#7AcbnJA>I#YEHjRBSAX8Yd`U1{P7Yj*v)+w zhgHIKz2FO}`cdsMs^6}%`RF|)Jz1Z& zFG&cVC=|3F5dkkqsTZ0$gMU~`P5bezgEdP$Ax-p@B%f)SYfP!YSQ7b#b$c0U!EHZkeU2%@QcJnbeYr?n(4uNZkwGD0RL2A{UwjHIw@gRw4zn9!a z^+taCPQ><*WAwv+5j3rT5j3m+N`eO8Oh*}aI5C@awE+^5D_UtHxral}5w1z2hh**} zYV~}EvsfV>gs7(AZ#{Y391E;H3I~>bc!EL_TlUqrQyXzN6!$Lu}(G&wMS?o?|}bT^A#DG4>O%L*(Nt&ad%s)oSoI@bW!#ZOCK$p zWlOpa<|@@EA@LKC<$9H|*pCr=z@P% z8e;!vSv=`K0js_p*eIlfS3dzrkFUxtQU7#Xfd2sjZU zvP)g$S)WHk3L13xe6)c+JoxsG2Q76koGr{Oe!Uz|U-Y>pp?ZtpySx+*g7o-)WSd~ZF%Ceh9xwQG-e;(LaJd$m`dQ~kIBZ=v~9VJq}$ao z4R59Q9V}S%T0eM6#&#Zyofao11R-ScdrOtH=2)`2bZPV}7mXQHrc>ani|Z^7uxgrufoV$kwg=IbX@pcZo+PKZFvulor`WS+ksC}2}-F+lq$ve8oMaKq* zVOPaz?8n$kRhW#?sc4KSultcvS$5dzuo*t-9MG2Y5btYCkicM@UCj7EeNc2~zt~{x zOk`-cD`cv_@MUv=px}3ATud5E5*pgK@^k8!s|^l4d%PVmd)5B7I+Ou0*Z)}|G=9ta zh`+Vvx8mhmq1r26ypM~Z2AZWCbC*f%iRH5Qm&Q%T6>_0;rN#q{M11pJB!Rb?b9iRP zTf6f7l{~xxuvdo5hwIyHMYat=sXKY51xxu6qT;$yUZMryvGsQ!w}T)j)mdIBwUQ8b zo=cFq{tx3lXry@E^mfWZ=S?Ky=S3~Q^BSi|=kLx4B&!_r@53MKS()bszUNJDN2#># za+$ho_K*zc+SO0Ez@v+E2ImO>I?xg#ki4s7SA_B83#l0J<@Jd_D7*Cwb}C2;()-xc z^UE`T9>;ci{q`RQYWtPv|Ae+cz-D%U`BE%DX&@PzAqUX=FG^qf9lEagWKSC70GK@f z5i`1^?vXmY{e5_(^N?s3XZj6x?{lugz;rJYudRV)r^l%eJp>k`AO8^>007=|=J-5* z|1YawTh${vOo5bt2?XuyANidx1h;h*t^P0*==0s)$k<7P0e#WP2`$~-;qD#Z3z3+{ z1$wy(StC2I_wf;$!(+S({l`WA?K}SMRu%xj$LZU~Zb{447Ah91;)1y>u#8$Fhr9gH ziguwS?zokCI|2)Hqjc+3yRX|{_3(HDf9&M^Wjj91cr~3Mdx^%2QZl8mY;OORXZZGa z3l0B*iRI1vQ_3I87GGQn_BdfO0_VI_43$03nE+;j5_+?m0cp*UA6A5ZqpiM6&Vfo^j7|;ywf=EFJEK4 z)b78lxuxqP<}mD#84CREVfnXHSss-JaH|mBkvM>@`(OsaXzMg>#{3Q&I=QS7#@7_C zRdy(+)3(C{xe>CjFCzweiN;B#XI>)h2ZV%B4THXD0)@9 z&7Vt)O`)Wk4~y#~$)zXtxgW9hH&~V;m<>vNuC>%h{$E=Ks}}C!eP58W>1Q`AIn|!s z^OVnI2g&}(Bs^hQU>svlqA7{vUYgUf2=E|g2ZOJO2Y!=A#0I8@?8b#2#B_QT`9IHb z{$EY}=c_mVQX#hGHs91Tec}D{Tb4EGamz!-Ny4AEWb|SLsm}S<8}2lW%ZMdm+K0D^pEdr%`hQ6LTj9(8xouCI2>PTvZ9Ix# z+MEv@DO14)VY5F0BUmFxaf0YMqf;=?|HtMvG*I(B3KIIc<%*Xg)dxeX2q52a$kQpp zdDj)p=Y>2l9SseViX-e-1?++?nEK``qvBA$_o=W}c8c8H+Q%9R&a|uUC;vOye9n|U zGAjQ-{Zj*8+^;3glcxEOMHUeY;IC+>+u5OQ@l#=dtdNGMCT?avO%nQkp0Pyby8YhU zX3p%FqMZIt=`Lp}e$yP+mp8t3U3L~%5_g^|`qxMORF9kSa$MdUU@BOUSZ*ocgzb}B*t{Ro^l0@j_gg^V?4pP0OP?#Y2+<^-p` zuH(RkgDT27d}c4cWrGoM$Yp|HF$rM)gNy7syI+b#C`2k*QzafhY&N{0Hv zn7Dmq@(;nh20Y|fPSSY?^^de^O5cGeaaKiRERE7!FUgBTR-6+s8wJ6$??c(QNn@E9 zl_8^Z1ZlWS)7_(zc>P`!la|x8tiwSB=T-dTH9rCBlH>7bCKFy?I$Q5vf4OLS)_2N_ zn-e0S$>~%b`_)nNz5hWEB>=Zn}eMzic)%VFF`br45YFez?c9Pav`8ebcj=u@Xnx8#%pz7K~Is^d)!mWF?QqOpbuj zePH9Q4m@($l|*uIw7s%k_v(<*8eSTU1C??H8-+j0{(FgubM$%1EJ)4GrpVs=40&Bnp`)^o{yyE)VG@wS>X?C6^ue8Ke)dB!?`_P0?7t(n_lsoANl2o$k zZsZ5AR3K+{)7pVuMziffEk>_(?7F3=^?d^=(v&gy`Pnntj00nZjnSa<@mW{p#`!1w zbI_2UQVV5py1~*%a+=&|8!BX%c;oE?8JeU{k=*)u9+VF{=wUWxW+s6L!BH8xFYwo8 zWn@sdxVdSntC-}?X+NS4BdoKO-gufBdxXZ=M||G}+xPAeFP_ACI+d%wE%NacBg*Y* zoWT&t150Z!&E!i0<@RxqQq*T+A&7jH*l6bN0F0R_F8@dySHjmW6*e+e3%SQ2HkHWlIlEfp$*?e&R`c7ku(fUCcq z2p$dElTqn@bQ(ykLS02RrB!V>`m!Hf8N>%}K*W~B zIv|pb-zn-iL2jMb?>L`?F;Ay0^)^wKUl%qM^5oXXKFLWr6vZLP(~5@dNhXjz9~ylJ zTBA9iZ!K5#Xdseq0g0n0uOC%b18g5FZ182%yBHdriOEK|S!c|-E}gk2Oir@~Wx*PR z+M$ zBWm{{bD4_T-s(%{WMgZSG086!PG;b?`o3%n$CSP$I(1aY4%D zg|-P``KRw}RIbgIM`pSKmApyD+Hj6KN$q^8nena85h|5Z6cVlL?igK^t89*b9Vsfb zEY-(19JLG5rBA83=)Jk^K~E=ux_xt1#7FTQk9OT<*w$(YEMwdXGiU+Px>Y;dRp&FS*m;0IB1#*>Q!mEbl{&4 zc~(TS1Ue}f^HIlvhTT8v#=4PI)^%}Q3}Es0)_$5G9ja|&U^3{mEWdxE(r$H-XJ`@U z+<{p*Nhz+S`Vvh=O9@rc0K*-^uWgSyeSn#*oC+eIu! zEj23Z#EQ?djG)wp;)U}H!&c){jvl$wvCbHU5P+1yuk!O3njJ0_r@^$V>KL#XxwRkt z5v%=(^6s5W({Y>P9!uy)oPW5X#*$gvUI@Fm@PB^O{UNb2{tRF6CS~gVh#;$=qvmb8T3J;+xn(2X zXgfcX{~`Ai5RFMqa`f;J=Ir`N5?R^*zLhVd<_quXMp^`$KVp#B$N#3Ff0+Dl28H^2 zd+4j0Tlc97z3r{JiqPBfPGK*o^cjD8LCq}8nA`r-3o4L7hN2zm+wWQa=Jj8B%U0EB zBx(d=x%tBjaV|l(f3LyJ}_D19k!TMtEwi?d+^ok1N*Iab;7T%kwWB&}0=i z?w96Pmk47xqc6#FWk}*>mdjR8TNby9R@ctnD^aGim_&TIT>~=J=O7QtoaIJDSj*J* zPmc%D-R(=M$D{$Ci=L`C3@v#+z#zP2eH=9a31o?hy+>+R%kS9~X_&qdMCuI0o$Tv}kS4sN60oTWf!NjZrx~_36a=$cWR=BGb~%U#)iK zi;LXQcz;~YaJh`pxAw`Q*m_J!^CV-WcR-5Fx@=K@cQQ7NFdq40<485_w}BA1F!2n^P-bOMX`^m2Ztgsw zmOI6w)cdk(G`PqJo+J?2+@gDqj?jFxy1TRai><|lRJL=cfN4q{&Cd>C>Ztal3(_8? z9uFh1)a6u~B9bkOi! zHp^ZJSdTZmb|DNsuQQGoUbOE|&-9z74RJe@h?U}f<*JwxGjHswx1eWT5?o6Cs3=kh z05eGSb;Mv14jpH?UoFi>&ywzS&Yc-m1DE6s(SsURa42mv`C3sK^QlQ0To9eoH<^oD$ zZ$@o_AzdJDD{qJ_6VOpd6|55T^39aFqZG|L<5PpX9AZ)}>hfkhHXXPZ2WmtknrNKV z9q0$DINdSgI-v}fCV^(f+R>EfN$&{|OVMUal0x9eThOOQOgL2n212d5k|C-XiwL=E z+9~$a4W}MQ&W=pqnz$rD41CCkj1*_C;N`wb(YW4nJ_aS`x89o+XLGYgtXEyA(rMwj zIhB-B#-H*qwY0;kk+Zv-_zZ}CEXbkWR^{Po6K#9P`hi|_H5pT-eBWhbQkM91k^L&y zMLRx+jh3Itx{3kFA1#s>JD#ag!J!jr^`@wynnz&fQ}5eHqaI$NCHPZT)uyV%R_co* z!xp7@OIw=(rtlLlm#YZ-!PhF%j7GRWwnU7*B(sFU2A=NuwW^vDr7U^fu5+Nh{=Kgt z8F{XNBN8H_-33`GpLYz?4D=mchw4Lf$*-lFjSj{t2lDr~85v(Eh48w~CDRA2cR^wb z9ECH@wOk0RFPD_C=1qkIY0K^+W&_7wkHEaowc`NTj7MK*6G!a{7i%{dhCZaMi|w7V zbkPz-=ZSxllCAh=(GjJG*q zdX&>OsFZ6WwX7ns%KVfIo58%Z%JqBldM;N}*hp*Z6GMPN< z3w05p4O3ywwjQZpf?TCm5Sr;!bSn|;np%h*F-n!u-+>Q@VX4g|1~_l;=QdENk+>4%*d(H`_7NfC7 zRWwZ{C3JaO&X=@rQ9{-d3J-ZDI+;Jp6>?z5d@mSYoY{MRyz2Z4poA9wC4yy01jw9P*mJDapH=K+m4g-`l2w*$MQ` zQcD{s16jZZVOu#ViB(g+k2UtGlh%pi;wIE(WHEZiM6LHVMy8}Y&iSHsUTJUoE7E_l zhx$d>{-K@wr89mf|2?&Hd;>?7R{1mVRUQ=#uQNz))*2qh13Ofb@gWcCAcXp5ANcXE z4w+ZYzqj&lUn7Tqafv9o_#Lc_3;Un$5&=&#sCApb&#t@6~Ef&h=RR{zEllmO)@EEW;O(4%|7m6e}%ETCz zTH_y<&jEzc!3=D7uzSEwvhhy<3p3kK0IM&{3SPwsE9^s%&UQbj0|;COj>gZ$J87nTF|janL!jr7bAAkBOyQY)WUtC|?6zh?j?-5wJN7y5dfW%g5NydjnPCdQr60 zSLzdxO`Bz2>Fq|20gb?xnGeZ{TU1ekIJc zd7AMHl;s|sZ>}y75o5$4i-mJK=uX0P19fkPZr^G1qN7_p&6m5Ax$&#VfvNvVDHgQL zNQNtj#f7q4(vx|5b^uS9%%0yX1Nt(ap5*p3E5rB{A$?WIG@;e7m6dbfmlaUzeraP3 z92(n>V5mg)4K_u4Zet=8Yw$T(PAjZxKb_bnauZ$3Me0#e6DtXm`^#>HX=^4au(knQ z7^fy1sC@NX3~mYWbxS7mfo4NDi36GUuh}Ipw6#E`#~qIQ^9iXg;eN#atkxU;MBml} z*JoxnST&7B)5hF^S5f2RYw;{x(}e|+n2mc+=y3H_F9Nm8eA#p_pl}B7DJ2wTvhJCK zSdJK5KV;1>IOn%5Aw;t1oH*BM0xdlvAkOqsP96X>@5FNW7qdaDuMR(UB*yZJDi!Vj z7_;dPU!CLRPIKi1U#ucKs+rez#GeCmd2@4>9;KYV5kKODvP5uxrs&Z)Cj9oDd#MFI zZxZ(w=T&5P=8KdBXT28T7@D5tfB;s?G`+_{)!@VOVeiE~b?{eYGoMT=t5m{BjkvwX zrh@6(3oeFtWfH40R<@`jr8lgQ+`Z^EV{&!jSlU*j`YWpyWA8fE!Tl+R3(uq0uO?x+ z!KY>*Kf$%dnQ)dzgC3=b9=A=XrW65T?<+|hLt=srnWeO#0Rr9iqlcg1R5I%f=@@Uai<*w|57sZ)0(Qj&aO>&jMSf;f<00aaik>#Ru_}MIG;z5(ZfTw18 z-1pu!7;NNhMr0+V1dhteAlfLdHy>o<%CjVyItE~Pu+_OVfYmuRlr_R}Kh~+lQ#Gyu zM*D^oVu?V`jb3&m7eDH#bxuYmF8;9WxSGa%!z5^^gQ69VXl+~rB_^IocxA#;KZ2Ze zC$1+ubujs$MmGND=P0})CMmz%K6{PkLw?-Q zc(BYXomKRziM%>~mr)7$lCvMrmxdVL_}eU(k&)Ur7X;+Bu-)esL*z?Q&CrN7JYGuU zek8dHq?(GpD!v7QQj1~*)0c`O9uTM2J#A;6sZF?!$o;(5uB~YPXzX?kTaM^A8WmOW z@60RijSq^k*bZIF^dhKF);M69-6MD}TWSWHk zB+-<+h@j75nMRgEBGe)F9{=rmbVZ?LtY&e{k8;GOP^~0(9`=&ByRin1MF>Yx%nC?i z{A^!a81K#BmcoF4HYCP>R_jUn#ohg;$1Q?>##kh_koWNc%&x4hhxQ>w$7AO1YxCur z-AUoKH(sQJ{>=^bEwyiN2+VHV=dp+PcT2VvqLKMdBDXU+C|>*LF0ya`$@_ms{ku8E z|K2*Rxn+IlSXIIL|2QV)$jzeu2Z~PpDH;!5qh!#g407HIBW(uQ*Mw%?p=o(3nWw|J<>0Tx|?;e)N z+Loh<#kj_*R-ld;EV1{_Sw1s1xfIJ1eh4@%44Ry?jKwbKpsqREvx~3kNqCp7u8_F5 zpcHqs^>J!DS_yp~G^3&W%|T|R)&u5l#U=w6aZY&BTRdaoV2SJdTtZ2dT4`#c_@jfv z)Z&C)SixXW(1HU+pq4|Oy63{YB9@*%UeQ@r* z`+ku$dx|tEoBp;DgHYX{?9|<)dN69^^sSM%h0NL#qpY#BHh~@!_Z@QPbbc*(#f_j6 z&~p>YZ0z+U#DUXp5IsjBOfxt$hT&5bWzj@Eqf9$SNG+|K2k5|2gbOD@l_E>pS3x|O zHGTlKjX$M!0IO;iBW#wvz)Zm`25)HG4!i zjw}pur9Rl$cTdSX2XZwil4rp|MB?+_^pDSfIzC;&WyBuhMgm?k!^@pvYkuC9Bk>w? zZz#b=8FcGVkx@;@iOQE;Slw}f#|liQtVHMu(>u~KiY?7D!i-Zbl9x2x#B(DEE=oar zxd3$PSm27l-$X9wKa4QC;Uyd66dhk+vNZs6#_TP|h<^$``Y;&17`Hth2#)vY0Jg^G z=B>yD!NE*S&;Z+NUBfT5RJgyAPL0O*YZIVqq~;@F9;R8(k&k9I52zGTwv`3%T_pgg zOUZ$9JL0gT-|;3D zTl;uYM%PHkV4Eb&4&hjNMK{rF9c-nsAVy^?<(v;!b__J`LxkaUFG)}ieXyZ-Xk}GS zNd%~-*!~#?RqQ~!!OtzVc@8>*rFV0=C^8P5@fK+*m{bC+8(7|csMNF}rM{VxQv8eBHffU_%?!9tKpCru_3~LvhHn%$|5!@hSIy*Bs@-*qL-8X>UbbP^~?=djDXzo#Ro)XCK`EC`27s>29l=u_SR(6B0NKoJ8qwR4Q zM?9~*5V`VxqX%$&w@{&g%P*z;?c0A>FdQAs$Fz13V`o+W4Zl^myL(PsQ}^;*o@0?b zGgIrWyrN8Zz0h{E@xI#1x+`fuciIh_hufSNF@_Py?+hH;?7P-$C7dAc_Y41*2gl5f zeT5l1_(OYL<>Fqx+acRmQY45<7FPL}?p?&|?$-p;7>I90PJYSs*W}ZGU2|5f$u+%* z)5vG5!!QwATbE;@%{iZA z%0$Vsq;&RL3-lnqj|4H0k&~;Nab7~V9t0M4De-%EB1z=mJ+&;vc3l5*fV#|3NAx}! zt$~#qoz9fS*vhp_y2$W??92o5e002|@r32e!YTJ!U8fISdzEMYv(<>3Qc22JRQEL> z-@?lbT^$bd2aV(mDthKBHo(6VK*pdYLehCmk3f6{Rnqv{S)3^`3;x1bj!3e^Q-{f& z65FaiS)AE%h61VZQc>AcXI^x>>?@07ok}AZxbM-bl@B??)Its<$_kB%m!wLTMWYMI zaL-fgpBsA0!=W7#hz<*=h$yhPrklZ13aO#!iLy!J8s{^pU*PG?PKqH9)z0~$9AAkk z^kxgey(RI|=SMIlt}Oq&XYMt^fIIJB2>zUF4h5cHt=I&SHE}0uR z7A%&DO#4%iQtgl0O}nmrh|kP~0(eXYw~LYs&b|lm`ze&_wBm$iqdAg;8P#&20Ye8g z5v*}KUmG>-(G4!T$b-d`Y_YQqAITHzr1hNl-B}wv?m{YuGn&oTNGilZK8(y^xL@Sn zC)pLcJ0NBU{}7MXHd5qBxij4 zoF$?nAda+>w9t>|Lxl^Pt;v{PwyeFXKY=uo{k6k z-8@m}yLvD3`cg^liza*L<^q=p-~`dZf`3`1tXGVroo?|QsjtcEV2r7iYA^2Cf)u7l z)~=;#h8E6PQ$iG)bm!cN?ZP$X$q=>FTH;Gta9Yi_{```fO=_Mqeoxd6UgD-vT_30q z)QPcJsdF7Yg#XME|3yPa+4W zXOuEz?0C~uih!+a-@*=qB)eZe?k-^^%HD~fZ|+~4^~rSbpEs;@gWrs$^is+imM z(_|^D&G9}2)yj);(Q1rmvRiFn(Ji2l&g(l1C#GC3P-d@(f3Ehh4CUzdF1pr8syO2x zA9?1>#m2Uw>fR#(01JQDd_FDjjDO;o6wRtOJMO8wAFc|_OD)_RA3uQmB3bWm*Sc^B z-?N|pa!|U+=k1R@M;Fprl=8)y;`Am0o^2<@GDU`t*#x{*Q%3X~xGf)rFF=a*TIE?0}oxoh%D4t-6Rw#5#2HM zLk^ufwdzQg*fwEml{`%mCjK){P!>qNBIzd}U>oTY)#1mTP)#@iN_k1nxvZ?N)`VX5 z00z7yQG&i9%`17zoZ6^m_vYHxWm5KyO)IKNUb7Z2 z@$w?YS=*w+p%B(EtcuSu`_rN0?{nZ8Yr1|+R%a~|HKujPd(-KDbv7m@ZC2p+lQ{!$a-a2Bb$DHpgnTcY2JKH+3_2Rkr%zHLe z#tGPm({DR%rD6&_Jn314Qbz)|@SY;!=v&RG(HqM`iaeADD0}W8a>D!!OWjpAMBFh3 zjPzsoqydhpI96^zVJ>=1xk|q3)|cs+cYFh9E+gy=RqV#@Q8-(;V}V9>c*cC}x;o(< zN^76}X0Q|2d83Gr@lWB_BtoyeGXe$A)=OB#l56drm=307YwqiY4Viw2P>FVfpipQS zDAC{sYu81DX-gDkDF(!o`z_>>KLtphZq%p~^3SW zG1Gni(C~VMVQhKN0rmnp8t-u#qbc{fpdb2=D&BbiuQjb(ml0not9u zb?pfeW5^DL@iR-NF>Y&AxgeWKe_oFrR{R~{q3N)Ljw(Fw+r(NS=uuvgijJakiZw(& zk1I{CP_=diWS~L#*E@kfrTn2a`0I}OLu>Fa>jgm?8R-J()0_yD={trO*_cBzs3~Lk zK2*}KaIH3;?|zOTqFt_sL+hXpZ(DiYH%6xjyt{6Cbqme=F@Ji;>*Isac9Iu zh*jkjrz2XXS3KP}4hjF|Mi4-~vnZ%_=tITej6QeVVXc5cSA9}GyO@c_uvVY0!lXv) zlW(lg56)|Y=C5;yZ(ig>IoDOGTF@OPDf#!Oa4h5NUwoVukaOtgC(64fz_Djtn9`9V z$kK?0TDidd39KPXHl>Hrt2gM_r(m;d60Y9(VKyI6*FokXbJ7nJ$ZxuW$x8Q*b=)Oi ztr&inI>sJ^rd0`wPw4{UEX&Y&NYE_05HL4^3n^AdnPxhvrxm3o3>CYW8y*dO;d$_qv zI+>q5EhRHbg+ZZX#OVuGASz7@f;K1t%H}~$Y&}z1w?+|#Nf&Na7;)alVrm`9yPR|O z#BBm71w0XHFIzWDPaT=jt1sx*BU%Tm4o--`on&A&z+{3&gb%si; zvq@>ub}vnMkfXS4n2Bf0px65)Enh5?!rZp2w3I54encKmPM6*}VBYYfg>AP9e|En2 z=>59=GJBI}EfSnGwkQVp{O?(izlXn`qoPT5HRHf}V+ggWpy}o2qk*nR z9SBaZIu@miClt88$zlT9QFQC78d)<|-i=hwf5J%We0q4Uj}-CjWKOQ^kjiv&P~znm z@-@fYdczQ_zKU}fOt)#eKw_~Cjc|fyRuFrzD5Xgw30ZK8w8yE~>-n6@gUWnN1alng zQ+Y4zYtaLjq7$EfUW@|!#NkbGDz-Wloe0BV?aACN4rH~5;TBG{13z3YyyY$)7sR<2cD@UZBjFS`((w09J`I>P2V^|| zyh(wAs)<8;ApNZCz&W1fb2fT~TEPOzt1{0wxri~&ElN=i#@`lN=50oJ6M7c3xFZ;+ zmJ;S|kPka^VX+YN3aigi8@JpC=^5(G@NAVC4}Ss(*?3%lg;=B#lyV}fu1O%ulqtsg z`N_hwPYEO-K|Rl-_>-e^NQR1$}*C^ekgJSsqOFvtw7??k()NC{Bki! z8ZP+dpjnHn{(S0y?4C2zzFh(SVOgm*Z9AVyT^pfPb)Z#ko7Ckt?2L8CAZ#pmcK*RH z?VVXe01_e|9ENGC+VDn*?P&0q=-MBLrIY28Pz?!{Z6Z~Kizsa38HVvPLl#Us2ByxW z>?au%>g04V{8sqC@;HoW5?voe_tt*KHFvOqzjCH_EIgFZf++#SMP-?Z7_+fH=)0By#w>qlpW z@Z8PU0}G3aOeHpKR|ND50zfxgQ8!hP`)Kh+=Zpq*7;i&m{Z9as73W&_DF(KDAE?>B zq+MBN|FxN9Wq`zBylA3M{;$t?hKUO^obLlPa8f2No;`; zyEe^Kcqy!dDKh7mg~mZ!vORM`Sn|uq@e&#iixoB-#m=uP6AneP|c3w>*^{`^q#<6AW1fVbHDFr~5W5keK(y zx}4(SIaVyg^SavF@!-<6ed)u>@2t<@UfVBPhn06!jW`@P%JR`n&nmN@@dZ0Q-lu&g z%tzU6jE$+s?#k_FNNgC!JSa~Yl4>xj#$+03h_8JVIp#*BHlN0`vU zxRv=y3pRIC9b7*u>0$fxiMf!0G)nO*-Nnz>WXEeYI10ij6T2_$Yo1GSK_;6@TE999 zEOxqkXhMtpo{QhDDT(d5Cb2`5E^$$>1X7^+n?B>7_3pG0*nk&Z;4X++{e2N`M|^S zUFThG_a@gH#wig~+kh--F3Ae8}}x_ zU){g{^~MX9@>kYHDv#^=<~2p|J4YiDReGHUi-M2GHTlgoESn59PoT%BHWyvob0|dG z3#O5WNNTlHR_`VEHs?UPDoqF5jwK~D&zl~~OP*bVU@DPS=79UgkHoWTexBUbKLIBR z9gn)gXg2ik1X8tpuccRgnZ6>_Vtq{?W)!-oJZVc%fLnMuDsPUR@rZt{KTz=GFu;Pk zDir3+hUmq-ISIJzsK%JrWtit65UJn|o5y6PYxT*75*hj;2f)xvfKJ2hMbdt4y>imAo?Co;V!1t;PxL<4Fwb_}nDmJsW7dSX**rJ}$ zZoY?5N&;}dF+7&({SEneAdssgw5)pyEh(|nqm0>aWD-qB5O99hxttXB8*Xv}s$Bq% zerO>H8_SmqJ^kky1;q7UPqsG$Ti8fpsLR_-gexzZ+Hh0^&5Tj@np=^C6a?(A;YJ3~ zJj_I3n9ajFJgu0zK1>CFH2;sM|1U83QL?9GGQ+8r@i3gI$=;bUA(E?Vl_0BWwUcVZ z6A=;g7StLlySrG!k&eA2h&HE5JJ*`nU=-ok?b>Yb*F=mKgUb;I$*lSht=tvd$ z*dnDV@xnsN21WtxhjDe38>jtz^dS#L)d`UUrVBFzPbz*Dt8_BlE#@LO`P~EHBNbb+rY^MjGUTLg(F%ce!YvA?zH=cl`f>L6IB$Ig#|gwWIhGvnM2}%6y`1 zWw$IB#?Wl-{oiA**)qO!pKtW#J>m6_JV`zz?fD7N!NWP&JW;lC?4{FpN~vrvUPs$j zs#~;dfOXUF4(C4l5lE+_>^QSPdQK-uzDQKHbNel}pGO*gXvC^p%IxLZR zUnI&4|C;IV&~V>utZYn0m95zv;K6H5f@iNd$>l!1=7K0#)o@|P)0)20?Z+Z#t%wlSZmKFQOd`N-gM~*UL2oc?p zUy?k%aLez0!X4! ziUfxVe*$)0BbpTee`Ne$=^WByC%zPZ@}hx;V7rA1AN%8uFqP^aO;SP7BG@+=%y z8|v7o@}$Ttd93WQr>^yws#4EJ1p^1)Jb$;3k0wIzf#aq>>-U#CD=*Wdzck)X8KLZD z@5i87oMYYGn2?ZHjDQgU>f+ZbKf*|~ir=-Ucssm1BsOXjV({N^;W_*E=bZlgszF?Z zFsuxL>_PSI%_y%3sGtVn6J3H;xOw6(NKs6O7ThDm)CR$CSU6V?v_AY)^ofiemvi+P+H(1xE);P=ZV?D z|HqX6W7Ya&VgC1#J)~uX#Mu-*m&XECQN^1S-4$Jxtncy`OcUrSspNtwD>N@PPiu*^ zwIF&@PP8KhJvG!)^E#Gp-=Y+yne)O$G&?AEM zf<(>pF6nC_troT|633I(HuaSUiDKx2#1y%b(1%l!Z@Zor|Ah}B*WTSvK*2@goyBdA zmBcPF`85$UkiC=3P-daXod=b2)}o2R;~lwCr8IoB7?Emg`_@o^+UI6UV^6K+S>On0 zO0~ATV34M&zxED!%NaxR?cx>6nsy}4QfUhlBJp*$&*v}?a+7e!8l6dXCuW%v2fD0T z2(Vy7R-p8e!RZ2-|83|-NI z9UM+2=||Y(|KAI#^XIYjL^o~oN|Qr*-(Ryu1N>qn^8QrkargZyoh*vV;|RC^qMZ<& zrI8`k3%y?l-(S-b+nB>+$or3B-WsPn)3=M~o^HM@t8Y_674%$6GlrW{zpmd?HGKfJ z&A^M@@pxg*r=Gn`SfV;8qv!6tnJl@&xBb@fp=XRe=vUV0r|ovNF`hecv=^e?{*wFa zeJ}0sBxbD;sk`llpPL77o+OJ5`%z(x{+j9kU;1Sp$nmhpBH4H{KTk>P(L-NMM#W#+ z?#bq1f%fSgLX|jjx8rAQ5pc`}=ap(oLebawnhYPL6^NR*bz45KwF(~(S7E1!~A;!A~DiaWgtctzh=P?{~ z_yg9wZF{aSAKp=VL2mvZ_TDqBttCqv#m7EQU}H>!Ma>mC7kwh>-1POu3AP|_G z3>*hA851P3F&QL8mOvueCT9~Qfk-wvV=x(vKYF^qnbXtL&-8t!``*6uw0=mnOSRWp zyQ=oC+V!ql?`5I)X%6Y!JRD@E+-W_Lq(t!n=dseffz6J!_9{$rZ}jy?l|u zkadoCyH#JGIoMc;@(8Rz6OVn93B)m1LrIxfy$A`MOlfU8$dqW288QPpe6fq%Z_FtK zNnxO`V2-YAnKxkOq@rO55X2;wG3(J`iBk+s%Gv;W&AoWeVYG5Nq2kF1|scAtey1>j}EKR5KhHidUdp&LzGz_Y(qh+iX;}3$kYxr^zdi=+KUS0DT`2S zNGfN3Xr{*vVFV~g9cmS-<&CvDhaTDgq zq_w4x`9J2p_4AA!^~P#P&Nkg&?KVaO=X4;1T(2@ehoorVUI&0;dA#+Ou4qX7xB_yNKCF%aYWWss~Db zg)ly}Q&o`p{yHB)fl{PvRH!K3!z3(UyJGYPh7h_*Kr%e?qOKo_mp#FYR#uIyzAhx00AW&yG5=`y?j>V^6N?yB52EE2Z3?34=^|`eFj3nXG*~GxfncRu1sO zK-@?&8Txp2KgV>8KjTXkI!HwhR$K&Ce4Xc#C)UfOu9b!tb*1ac(1$!xRc-gSW78dU4H?S$bYYEw|q_#Dr) z-s_?FC~KXuz{j;$#zKUSmg0 z@CK>C5))!0Dw!7XtS`mLuT|5}B8 zzxdl<8594Bqw4(?i~l~^7fc4kLh1*t&F@=hnMB2uTHnpzN^dez{x-+6By07pcps&4 ze?sHc-=OUO!#LvC*Pp)K7@-(oR$5T4^0Accoz;T_!Dn|1KFv`tHh(^FR;F8sYD@of z;Nu^G@c2b*b3Y46P_v=i`$iKkAE?RnLX85bvkJ z@va7&!)RgCoj5%`(HqhT;;<|mi+M%jW*rLd75 zb&%F+u0k#ZCrY{}p?C@`8*X619dA=-%n+BhM=a}pR&uV48~@4p({LTBo!X1L9ApOM z%kXOISyJd7Qs_aJ@py9iy>%DcbqvVz5LDmhxDvjv_?xL#`14BV{Vxy%Rz8bghG6y;|`P2x4G;sD-R3w@DM z2oMk;BLi?y6Leu&5wiD^!N7#@J@`aANmO=_?CCL{ET~D^GRA$zwI#SdF>ihIblsT6 zA=XYFZn}#gjtf%2y;YwdyxHFANi1&hLw8)U6mTfys2ueGgjc6eond$D zs;aI0Djt@%pvIkfZI&&#$|KMvD@9ZTovIzZD6=6Xkt&w~sd^^6kqYne@xIK4Vx_ zgzg&YkxX|st52$uIq#b>^ixT>eD2yg`^7^e*{O>CeCBh$n=mmo#io54cAyLT#TcAo zQHPS8qqUbmSq5uf6sxXFGRlvuabL|hcYWo-NT@JVc-jsb@fn}A?@PuiSlm|EEw|+! zLv`d$WddJ&T5*;U2NYr5FFlk*y|_hEeD5LEAU~nRViUzHsubln>=OI2@u&&*FCJQ3 zit{lL=6sXFsue`PLdjH`)kHsDDqpyokBK3d=VcIDOypx<^+YMyr?iKkej?u%+wbG9 z?rj<4YDw&ghZO+;x+Nun5De6OR@Bf=CyOt1JtOdFZ^`tA zf2VQg*urHp$}GPtt2Iy%f^W=_vOccWvwaf9`H&0A+fZ9vRHL-Rzjj63&(0Vi8M2oM zE}0Vcb3|=Ne-Y6dMfs+xKok4j9T!d}Tl(>4+95A<5=~njaCQ8Yfu5W@GWUK^)!JVg ztJ>LdFBWoC(#2fU_9c;#Bb+9TR^ZUD&{2#+(PNErp^RF{^l`GeTy5AXVJoOpH{QV7 zsB}mx5l$^Zq7wzVn|#LM-2`u;a7svyHBl_fWM3Sfz%mwR>xSY(BTRb!)JU_Nc60yHHYd|pgQ&b$w!Uv&@=W3MX+UP* zH0%+Ix%It}c=+HF9bDc-tvofPyspvGkfpuLmer;#td7RWh1HmfwDMvWcJIK4-|%Z?q1%=X*`tq|jILxT#2! zGt`=#Vr=-OUXeOO>vryH`eGv2zH`gb{be6fU1WnE9LlZ|_2Iyw|K*-Uc;(rx1TVY? zFfU^lmCC>R?SIWd|vI*t0kod|?^J5sUPWlQ-#XRv)qE85j@8S98d$?ne zEuRcmF29hRoM9tONgzL?bVo`EANx{&;#Rn>4p__d#f=+nHE}i`8)w1mjOtFsgFkrA zJe`(#TDI#vZkHqtVI1nG|B?)FGtuPX^}?F*C-LE_r#YLR;41>qt9etUbk&j?++*eO z&N(z0!j$B`j^_(KTDX@FXuPj(VHcIY z-Dvt~>PA$@-QjC(x#gma8darqyb>~>z6p*-)i!81%(BnWR?jBfut_Ng^I?2}^Qg&; z6MyNrSUYZSN@QG}9>uiD4MImpCq{1Hddk<+`}$^~U8xd=NE@P~L3VNGb#t{~&l**S z6WoWfYqn#Nkx}Jfcs>1T_FGdsk=*DieYC1HxACpCK~J1CrOZNVRIkYIse8m{LscQwuE_98QlB29Lk(@X% znlf<}EFJOz_F7g96wahb1E+L8^}{^DsB3^|#U)Nympi_d$28bupb}^x z$nX0*UpWjkIQv)zxDXK`>-?D1z&?E>q66KPeKj+eLUAUKhb{O$vM6Lni~9J zhIU!7LF+TK$qDfoWybL%UFUw8Uw0|(~uDb#{@B9 z=@hgAtdpmvID(aGFP#=-jc^8M=h|R=WZ#0tz9~36D#))e8 z^4E+1WTpUdcK}r$g#CHj=5PIb*EM=djS5-)E>tsjaVNMTKf%fGx3JeKKd3&N$b(5Y z55penQ8cLt#nTnTXw~}<{_F-&`}Yp=?=mhoEQWG64TU0QMKW}sZvHZ@`>f3fVFU=; zDdl)!VjL8_2F~cGagCd8Oj|4%USF~xNyvp3S&QoNQ+8ea8)S&F&hvl@bK$$=njIv? z0pmOkZgElY`~nm8T1;q#2a9DY7zEv8@)7EW3LA!{jFSLfUWx103wPsWT>ZBlKfRe9 z9xzVf;qRoDt!}gyT4emi6=mn9g@w4(-pk~oB#AYYu)qtGauu>D_w)fCVyRs;cgmwaNp~5Lz&? zqu}k5+UfuxFy4o2jni@79Gz{IBi>{^8oR>f${4#-_8>JWWjUC5&`MBpJ3@=}1)4M? z4rR7fR&SCj3VfAP8VU`l`~Zq5x9kty{{=;FYOmnU!_80<%UWlWpZov~ z|6QiPLFFHd{M5i9(BQM5ycXoKS~^3 zuVjp$8F`!s94t6euqB6_6`{8*g4tuYK+WDymlB+n#dstZwvKA<9PFK=Njg0K%pScS z)?P0sbb>ukmY=1)=lnqx>?d^bN|a6j%kM0uzwrL#mkG|X{_r;bJ+I;UJ_v2kMmG3( zh;uNF^lKg?AC^&!fHQ>Q0!IKH;~sourlizwp|U3t5#$X@&7^NfB`n2@H($7Sl80s0 zPFhL*%9iZN`Z$FtyiyF&b59*6oqFQH<=sCI{T-2NNyMfF`B+ zObt%2(k6uFl(V_M|0=e1uerbTbz4-pgFF|h(6^4@yBngOCf-40RR-L=n#nC;sY z{o5jb$&3tL$tQ*skI2@C2DgEG(@g8vyID<@p#t(NICvBvU4-eb{?|J7+mhUZJnlj| z=C9ud{d~y^N~}#5ba#2a861C#dKmy3~?kJw)QTw;CxqBue-X^{h(qG@`mn6b}COvq4Xae-K!!X;QB>pzGB6SACKG@ zr{L*`%@)2@+)6_-Zz>{0&o0?Xg8?q>x09N0dhEKq5km~sCpM9P&3RRUDM9;9$7-c) zPxM&D8IM?N=xbETjQ#GW`(2V@YcuswMe2Mzd_weMdS~)n2$nQU+a36^OXnvDyg#if zGV=zqpZDrj2_@Kgvs^+-@Qb~ORL=y@YExbdvf1rd4Z`jxAFEd}@n7F14iVety)84T zdnW+8(J_gJAVx-pIxDi?Oz2b%RIW@fV=FtFTs4khc91pf!U5 z&nhLoJ&2-XGWCHQV1sjWQ<%#!zbHpyUPm2?Ap=;>;} zo$OC5w1o`}s)9y@nU9?}g)<*e1X>Y~2k^`|ne;r3{(0 zK5I|Z!IdVs$4^NsD?+8J^2syW7QS=37kLm485_k-cime}UpP2Csyi}>FN`eB2KO5C zm`tmx-el~z2nNdlh-XiGVc~Nqj)l4P>&={04+12cD-omHpP=p5U4XOKR46I8>_2zevn+|82h^sd za*prxZ|nK;49k?HmkoC(YrAztV*p-@FyV~o1$7V*&eKA*wU2{c7U?Q8wnQg84J~FZ zpWKNalyr9rN~=hf3d!L5ibC`_8(G*51VeKsS|anXjA-}?tBs>g)CyatZWKr-smxfW zEQ4>@8&u&6GHN%aknORe0GN;i>HBB{&Gz;5PD6ks?)~iw{ubM1eev-2nrH2CG%kAs z-1ZdqEQ_k>tC?pvEE3rH52`ul*Sv>|>*y!CO-6%Eq)|0n{<7ug9v=4f*(3U$xTGRK zlm@XFHuB)1%R;h&9`<%IfZm4=6%UVI7}l67Z~U3_OE_etE2vOLgD1Hp`2`Yr?XwsULRv9ie3Cd^N}-6)XBgo7s`?d#r}fu_F=O0i>RN7%>= zDD56KFtl7JJ>>Y(2jkVOIo2Vdj-SjxE;LlhK-Z69Q7((ci9K(sVog;7B0fF)TaRtrvZJi#$yEikB(pu@tJTEbvNM z+%UxPUOUIb>!czhLsNF5s3GVQy<5xEy_MH|(Za-7SEummwtbZ(Ovsy!|6JnQkIJt-y1punxdRZ&(Y1`27e(y}2 ziU5R{MXT!zQJCWJRdgrmfR{H;=X{R(vUU zO5R`(dzPpn)uH_Qi_>y!JHx~cdsZ=?UNuV*vCXB~3g^;=1uNb_-?yrU2();+j7)Nj&nA#?%XMA{e0^}| zQKo49$7n;1j>UU22u=8DV?m~xAb3w7Oma2qQQAztDMy+zgNjNeO1Wod0C{k=h~aWX zrl8}8Mqh-3=r-`FoXoi2h;cb-1;1G>MntVBih(UEwd+Y54ZnMm{w{fOq|0tSspCpl z83MyT>7_fcbSKQwlb?8Fb3Nf+g1fJ)O<3*1TT2o38Pe;tk`3R)U^V1r_A1NZ^W(amV&bbL{?YX~<|ijyK8Bxgj-|rwr8lwsSmFk{?EXBb0G3$B6uLD6MCFz)ky)*CpgcS#x3Bc4ML6@ktbhF+wa-C zTjB?u;6b2@=91&Q9L7HX*LI7)yYfFK|B2(?|Ano8*9?>sv+AT%MH!3ufRK9oXvLeM zgT84LSKxNyw@mTCkrNOP3q1eP-=LCp%erO2tm2*T(RY?@yMyVo!9(DwZO%Bh6B9vrgtucskMBhKx~?`0C?1m1PeEEe5I zB7cL@KNk7fPu{?9WkZ0pJ43X|(tzt9`39e)G~XI__6+}K{WQ3i>*`M1tnQmXqow+X z5OB%w=5|j-A=EQear;Y$UdZm=>%G*ab+-<#_y9zm2}lUUqe7uQ4P}ZWO_b{F3P1e# z;f9f@sG83^1e2V=jy=Gxh3J)J94*Edb7Sr7ivxsM=ddDD=hoj9#pC)VL|GT&r&Rb= zX$Z#D{q)NgD%gU@agzCpNQ?GcyN>Nn{v)ZI=3#D+6S#oGzhwLpQH2INL_>0Y%?ZR> zIRD8lB9we*w8Vi}60X;gI>4MrX7+^AW`u7&x8`FIN0`c?#F8hY7ofbBt9rn#i|>19 zi-b_<4#l)pF0u?lvMO?4!JHrhsKOiDNkmA_T%P6-`Ra6pv#g7Znj8yhbR`qDPcDp1t97G-TjgV@1eiDeWCaTyAgP=s1+mE05c;H}h_Z z;WF(-`KTLFwwV%%cGuFul(g~W&Z48llnA5-lQbPt*6(AcjZ4h0q<(go&UB)JNoB#Z zF~dVYilLu{UN|QgfjitKueA>1Lh1#lq-YUqWH6fJ$#(o|bU^Y2UW4c2YlBY{yUIO$ zLCbh!NxVoENS4tnag50PDZu@+TZ61XwwMQzG$sFD-kVD zrk*+~Hv9IQDbA;gZCzJ|tBc0+OSx=PXF`PyBd}H9qTe3J&pD{TdBAaS6=jL{i>M|L zS68ZcP!q?Zb}I0pA=5y(Ztu0ZK7m(@@m~pBCP+Ws3P5S%4nBy%HEljox=v0m*Ax?3 zvSf~%us7Oz1`E4oM7%OYHfwxo`TBtXx0clHjpy)$c}Ma^cv`lq%Nqkz;r3qhfgai& z1`n~@(q!&urLotNO|Y`~`r(v-;%lyI3?}baGoxIVS8^x6L}W0;vkX}-5jxP*CFNce zRC)CziBiw;bKtf+&#!RB5V%$6tnoa z$Fj125Ys5??C9u z<)o{=M(XjLIdk%hCY_RYUU$ne%rXM~4A9@avlrPV#o4E)Hv&|2yo90a*M@>`-_~!eYBAv|e4-Y{M-+Gnoz1d;k zS7k<$h}CV-bH5M_9@#5`>&n1HV?I!b&$pQ&d(~yZQJ1iAGpb3Y|D>tj#WL$gqHrdTU3qK3#_sCL%1VLP# zP>CBS2(M*Uk{Z z>(o$3p##P$JD*H%ZaM9%^EzNcTp^(kTD~(M3=-q!Xpo7>Ja*A}iX_A9 zea?tl9qi7Ze*5n=T@EI1eM77*bB2a#D4TyjXsJ0n_W)oi-iLdxS#Q4hHWAhG5&dP? zQKdUGJ^cq$CnqecTc;21IHbIO=KsKz#&@n;iNonK{jHe)Uge)kT!6;Y zPZ5H(_nPGP%$?{mjhmrXXA9!5q%$~do{=ZHHmTmw>Ch8OhKE zsMoZ~K|7hdHE`H~<5L$B+-)1ADpy!i>S{IW1&&4*nHan5WroVGJ!YqHR|bMbMqXPO z7ykN^cJb%y28Nu@Ko^JGQwh~~qet=X1&czthj zxR|vB$sPvk9;j?W*r~z56zeDkDKF^fA?2_-gHu(>QWtW5SbMtM?b(%T!HMctNXfLl zG0))b?AuSPSdnRuB->S7iu!Yl*DYD#Y`$9a(GVuvJ2(dcAV!DXcM4)M#E-Ip~ z(OE);tZ{sdJ`VY)Bs!G)d~-P~4#-AArwSF~_|<#xx89p4c*lhgKv})r^Y0 z1Y7T5zAP7A${yX*qSb${x8oe4ba#&vOiH(nHV2K?uBP_2%!!qBit|b7Q08_Jz6J&9MB+N?U>z|q^O&Np-K6&3 zWEG^?BhCBM%QiGCcZ1>{#pk?(+=-Fz%SH}t`~0BdlHh#;vm`wa%FJ1GqrouBzl8QQ z7kt`8k2>3AP22cSxno+Mp3jP3yI7b7@JZz-Ikt^P=dr%6@KWf?pi>#BGDIVLMXRJx ztQ-AN?i0rtXZQIM@GEyje1s`?Q8L6Uo%M%rW)%w4T?&yCp#2hDDzh3;E{QU|>e;PAxT7;;yJ-J!(86yVFjTfHHe0kqS!6OA{YVjmT~N zp$PkVksxWXTDBix2x;ARQ8At0&h42~vdn7yCDgKMQ=O>8Q~k|hWY8v|cZu~`+fBi% zs@Xv>Ni8F@P0Jm0f5p_{^lYoAY68_`USoW`9U4`ZgfZ;Gc(sk55LHT0+1C|7Xk@$U zUNA9U|vmwm}Z*kQ(Eb7Q{%GDkJx;o8!av+?N-E_rRcN%i1NY9?-+ zI+FajZGJblY}D5k-iR%JUDI^75(dl@zg4crRbuO~OA|Q}CMvqTGhAETCO#9Br4OpC z(M58+%h(yt`6=fUqf6$MTp1s|hEf4a!L_$wy#?M2rhQ%76$ky*w z96Su%Xq)*0`g$zIHQ(}W$6#0gd`MvsxU>2Fd#tbj*`0*y9<^qr9BhQ*_I!4{)XQs; zfZzU7$6v|$r&-ZHw=bwT!ZCH!|6PE)*8H1+@HS!YR?Ioea3INa)pRx%ha0XXP=;4c zQ!v84566>KWrpKGoIR3RJaL}x7n{aIKTmX&Z!}pr%?Qr>z~%vUfaREc9_EewM2=3r zl0}qIZZ&0#aNuOvPO&y!=mRMkTUOybApO{%Px(6>nhB7kpWD&lE)$joK_mvn}DuY_#u zE1PAtr@X2)^2f5f_HkNS7!%MGqqKCQW%`h;q1bQsQ?H+D3ePgXo$~$(ctbP@?$Fw) zV#jIs#Lxy;a+e3C4jUPe#BB6X7tRX@7`;6Mmf!mrC)7Bk^Zf}lElAD?w(~s2qq-ea zGL(T`Ne7`ysvg4ZO*@FXJ<-vi1`a5h!4>%2Ia6y*1dQKxM0+`6&x^FeoLuSr&SAi$ z5_@j;cssqvePImok8DL;mJu0J^bYO`mDu7!SAWA_hexx87;sQuSKrBA!2tpm6X*&a zbp=yadpipE>RweFm~m5si^qm$)CyHfCc zUy@mq|Ie^RTqXg5UQ3G@Zw*T8VBV1p!pXjf3Z(=a0Sx9pW^*ZNSf*!J){48rX7MtorO*9@_oK|o^*u|WV{YS>j#dM(<|pZsGt)aQ*Ft7>2o_! zRjWaj`pRQ3*~txLMmcVlzZ@nAECr9vg9RWSg~I2+ga)ixAcl~z~KH9|i%I^(w z`CFLoFbAXOO?#Th%{5b*8(Iw&Kd4CLu;2$1xxd6Q@4D!N$;DqE;7+y)xqTX|ujUt7 zU5Z-RJ=WHb_-4OdUo_?@Ir~`>2o04STnW8vyTarnQnQ{_8IMrCvUHuaxZCSp^A_GD ze#u{Laee9W{OW%m(CCiZrE1j_e^BM$F;xzdX|7YAp1#u;pvyly%AAcZ{#J3ZBy|SpCnPM$NhWJml~f!HVWPzQ}u)x zN<0}3I^21b*RG7vS=7u9_p7<@Gc8r|%3lQo3+Aeo+nOQYUl&%k| z7!$YN$lZxrK4p{Kn&XiCzjua&yJ_F8M&%D?c-u3z!Ca)YM1HAbV^e8$3P$GVHe|}1f>%!-A3Av6lr60;Qui_%YR_9m;pvrZ;y@yXG@iXz?c5cBB&}@ey%6xXcor3Wx&)mqBi~c@^#T{4wyMRVfOhHzY18&D_+CkI+a{i3804+n0j^`e9>WYcDqSNmtj|V#8rfw1vbK0*z+^k5A;~B!NcA| zQ#np=h}pr`0hNfG@RA)Dsp2?T(w7)sHhIVhfT1ms3N$G<|ET6`QVNZ z$~5jTYjFyr#NJ5o@kuzVT8IOLP9y?!2B9Y@gk;hyqVVM)EHAeTw*#WK;MtR>ce|?` zvSv-_{KE-3<5!g%O4aB~`8UHCW`G{mP1ir2?}tNg*nFOH`J!m)@f-Sc<5Qv?Jl>ov zl}y&;Vd`v`cKy`N5a$-_rzvwaE_m_)(HfxbJ3XYxHbxePVk;NRon*YRU8v~vlmk0y z(ck`9GdmKbJ9X~6A$xf7b<|@yT*(hAGt=OjkWyyfA5_Pbtu3b$AKnW&t&q>BY8q>= zB{+lvRX?P%p+8mUplec3`DV9o+Dr7rFwH#FO`7;3awvQHsGW4@vxu>iajL-A+V5~x zzC0{G`pS~>M3B|h&DY)I1G(L!f4mR>Ed9B%7L#AsolmRG}K1!lw?wA-gz*J$tIt zxJk3ap8b;*H}BQ13;)vhuloF7*k9zGyabtpI)Yg{mafU`7kckE-pTlSQ{>4rBwpC^ zGq#ylaq21}zDPhtCuNyQS>Orp0uw#hVsO4#14*H3__G*Ye|#SN3w-!HgAeD`y3$bi zIi6vCaw*zBytrxlldqp$gLnE8{?`bEdPZ$XeAVZ2Kn7WNNv2i$tgJCL2>)SOAicxW~s)Jar=@b}hbgK}zYE^Is zAHCPCW0cD3>1UlU|9)+b+B58Zl5OwFne8sZRESL$&&~%0AeZwNK1E2IJo{!|$}Xa= z*>yM<8jNnTo~E?5O!z?0Hw_fn@)V~Vky<(N`_gaMhpI=1{d_gB18$u5G|vUPt9^I6 zZBLMR(S|fbQ|~f$N_1~I%CV!3NI2&E6`4xT^bmC?te(IBTRM=T{!2<=woe_3GaWMW zGwh=nz}DmQ*jX^ZB`s9d$VdmOltUt~JO&Q(LKh?sBDR8?1V7fBE__H8F=K4Mt*OZd zM&Ye_Nd1DmzEK4S76@-{b5foR+vpcHYgX1IZpofxqYNm`_ttk{zKCfVO59VQzt&Rw(T1qdvJ<4ga`@-F3E9^`ay-QZBR(HF=lBN3sG_vq|YB%EE<@| z?42;c4P-MCEKFRzZ~tk8yeMefSaJ|Ey^Lk_Fz>70Sr4{v?4dlG6|LaA$&X#YD!mAH z1*gCTk2CRbj5F^KD#iin0CEh!3~+JL%=F1>r$k-cczmSu_Mu*KRJ2mONqmdsgXz_|w|gu2YjO{_-&T}|eThpp%3z5VLg zUiNR7f5fszJ5d*;dOVqWzB4jHNw1!D?)Q)!-g>LMW4pTUAvtP?G|1o2nY{mZ%$ctEyx!#VXdzuz+4F3FPxJi! zok{qYjb*B#)1XtT)c^a&@~2+(Klx$!xCv1TZOF4e$3(e;YPOtzT6*`F^8V$;rM=_T zUVidj&uqGSUygMe{cQ2eAlIh=OAWi;nQx8{w${!xQZzQjW{}g(3s-O{`*R1MjwF6l zI@@12xlDUI(s-Y%ZRI z!;&5<4;Rhyty~-|z&plB?22)osM*GWuMHYmacicgI%6@nI4N);Xl!gY3U$yFs0S08 zKM%*ls6)7ZyZIHn#HUv(b5pr>OZ33 zWo#tV`z|^Xm08;oUg9M*!Gpj+`xCLvIk1TfpH>fO0N%#=P^)>((Vp~$bmKe|P?Zns z8jmhgM$}~38}an((B=2%oP5%ca)cJ6=Y_;Ey^!^~Ikb*FR04qcJ)HRmByb-7O8=~x^D40rKb+0~$e zsIwmo1L^2)!tM`u{HeVzpTbi7e1@M-wGT{uQnR8KRI~k=#0o2n_aXEuiTsvXUWZ9! zN$MGMIDnjc7|e^|b|#$e9lSg+haFh47|k|SG4Z)B`>F(YbUUxWz`Jkrsu(ewtIkAY z&thLCQw84Ou*LNvAF%Fg-DvPp^Zlj}s0!!pg8KMuP_HKz}CvrJ-@Kd3I)Wh!RjAA}dL zxonFvV)`CGP*|K8{;KJtsz2a+Q~%u`6#wq?&+1C^(=DZf2cE(qXO$9L=y)+I`#}W|hAb__MJ*et%9S^RS7FR$m;tKV$JFKyVw zHwFsW#eV*1OZVh26#TUe;i`|pbp|e~bwy`rnpr8Be=mAwvhZs}vRbTo#>va6cV9J; z0=MnMKmT69KZ>|K*!c*+b=vi?eauBb376uc0Ri^j&u5~y37>Ho#nf4ZU@^ky?yowr z!OR9KVhl|}rEiy4?HW*)oiZQ}vMe*&l6W3Ssw6r(-Oy;nYulUP-tdDemj6x1E?KDRf6m&gcduT~KcfZMqPW>#la*Lk2#jEMFcrQ|F!1fS;6Ww zo2qoD^k;Xyh6`{eXin0vMm5+{&(R837_f})JH1VS9dxlLwC#r8VD;aQXZ<&pq6_7j z;+MKvC9kUs-^u7nd2RO7U~;LS=i?VevhPY^baeuGK0qOOG~eA`EH%SoCRxIKla zuMs!e2HFBjv9w875rPv8@Q@@`5<$~N1u1Od3QmWcq2^6<->Ft9pF{IHFTbl=@7)TF zI)gm3X}R-SmGwbex4~W}v9q#~&=*o4)b`EkyAbW}QP}9OKd3~T@6RN(=FsHK+O5f< z6Kn!~(@vi5MJ)~$*`z|vgvY_@CB0HMrV!Vu;ujdd}2tnjT~4zWwo7hibKe#>|&y?7kb#9Gx{~6 z(Li^MaDPM6s*lUVoty)h=WnR+(Y@PWIv?$$#82l*V-14v+j$C7SP)Yuw`lrxolQx_ zy0XF$#p)e^mp$}DI!8JfF94`wR)io#b$c8XVeyaW&jy)_o6*(H;NZ=dP-huJ=<22v z47qs-eV|%$m>B)^+w<>n{$MBggAka4+QDJnh(nH1=Ys`EhwBWB^%vru+wx!5E}pP$ z)(%iq{-Z?eDLSA(c#is1F@IL=bs6otD`7;*d9P%Fc4l@)4;cca-NDSsY{iOyT}_C( z$yNEFs(ej%BcGI?@*pfGMAl+YNR(h zxZ}HHeE_7Mz| z>RcdiJ!>;EavcZ^lA^{785uD$A@}v|C=7Jy$me-2tP3q^QL@Iyglgu%1S7}|3bYp* z4rpK&@S>9fwwDxr9!RDr$4w~Y4aUjK#@YLq&eSxJkqLK({CCP;%KtH+{*SEx-@6+7 zA6fr@hpgw1{SX>?TQW5bka+83Visi|^5Q`-i5sO)v;zs)15_(I2XF#A6W8|)Y2liMFf^OGvt*e7qckK-rRm4v-m zmCmL&Q1`$C>#&YtnsS{`a%7 z5Dk8na}n*a@ITec?OWb0o1?GT_<;Wnb)uR4+We9+fzIp2^$PQq!9>KdR%h7WKhWyFlG)-p}#wn_UBBjgY<&T&q z(|Y$1-(J2p@;%niem+suc7D?gUPE-Uw+22ft@5Gb1WgOqBROtV`c`xZftaNAq<}z) zX9Jq3qDMI$w%kZ*LXWsuGk7^Y5nxJm@EZc&_5dv{Cwb(z0_S;e5j zY9Ux0T7-4_d@mYwAggVG;H*<8f+4mL8{hu;yIOw{Fc$#9eH#dT*UfdGPv6(LqW2S4 zS!}bALaqI&>2o>)4V}={EAA4H4whz?IlA3>L29+_8N*qLg|Z3oh)uz2PWp2I$}m8#MEK2@JM)Z?&(XvzEy{4k|6QLR`%rN+DdZjN$($)y@Nn4KarR2zGhyG=EO^X2lny5@OvDkTmo3v~z#8K~CpeP59yagEf5dj|=6E>K?L_ zX3E6@Rfqd0WRx=ZpEJ65F5kNO%(yn$rH=kPxi!NYrmxN}=*;B)hzM=~4`j2?donan z2g}RXfH?MQk_vPvhFr4Y^g%ay6!0qzVlSLZAsm8(-ObQwv-W48`JxO6K6GsHY(Zi4 zbwznI^KB0Fdz=VN0c@g$s*Ds)0m0Rwp=R072NF+E6Hh+8B2T;czuSN5l3{GeP}1g6 zFlgj7qlKSkKtm z0A)hYsijBvtD*_CASf%k0K!S|GI)Z!**XZeIP!op+Z7VGF=l1n)4+x02DX%5WQs6M z$0FS_RzsImkhNsdJOEu|HB5f?$C8MODk#P~e0{v(ez2>~iD2@rb+pRxaL(Gallo-H zIlk^>^nCI=Z$@dmST6-0(fPW`|?h&=)kuSL2MKV z(<;ptlYAAbE9uDM6+V})-(sTW;_lxtOmqM5!Z1C&NPK!oS2MkO@!oOm%(pAQexuot z**e&xdU3Awic06`Z#DQI|6Qb66LpSSwfd!(jak9%-DB04x9@lOm)Vl(0TV>vJY&nt z8q`o|qg3ek;mADu-|e2#w&V*K&pF1Jcq20WWx%r{7s0iT+uWb)P4@e(dRFI5g__>K z*pbR)$>>jKnW0_w?%UQFS;a(EepPiazmOnvs@Ypsz)?Mr7{ zV|I3<7d)&kZT$Pp{&aoA##bc!BeY*^IwW4n{IL3h=hr{Q{w?_bQ+lv}UlAA9%!iYI zAH}*4H5TT(tCfy111w zP>NB>GM6W78BiUl0}=tMLu436Gg4cbt;)Sy-fr(7jplkx_+_lt3sOvwma{K&cri-g zc^lT83(aOd#LEI%%P7vDbwKhlsa%iizBc#l6OflD@T36>c^Tq9Eaa7m8;=ft#pDZf z&l0#A>-wIQCTk)Wc>4u-iex&qY&*7h(#8CP7E1)=^y+xz%VTYml4ANcrOCWRL@~9~ z`oQ;FQ0>ANm}2x!3eX83(oL#Tw{h;57#whgS8PT(qSH!>BpxGwd}Mm_vP@$nJzg4a z`dGWmIk}JHpR^+v?f#)1LH$SV$kn?U9sOTyDn~Oz>-T6`y7scYvu5Fo1<#y-D@9Z8 z*N3y+Yw&@}ZNbHK% zcavGi?5^@7Y2B%YR{a5MZKc)eDTTWEf(U$k+=_g7Rf*K;tD=^@>KKh+l*~l5|H6 zC$eHIxz_=&Y;Mt=o#!ctDr`;#n59dO@i=AyICFPBNEW6d6TRL+;bh+OBbhdwSpcKQ zq^nv^im4!05ly^?CXi&Mw}l!p_1ScNS>pju&RdRvP$^XI7Q!ARjxoS9dBO|yhOrc7*FJd?-8&@1zT zg9UMVG9mPBHh%k^`(atxzaZ)O!5ZyFZ5fPc!O(*zqY_tk1Yx3zGtt#uYrk}vT3GEk4tYklS) z9gEj)W6}yEaXRc3bG$O9MVMiWjS0(qsC=9IvUaQtx5WOHM<^eCs0eWi)%T&x;(5PAVtDBL;cXL<0g?zAAr$Y3ab^$qOxHzL7iQ*cYm)0j7TK_Kqi3D# zKRlIe-*_qp^4%GaOL}IOOd;nv+qhZD(DRduw*tUbBc1Se>XwPWE?^*0Z+WwJ1Kv9H zj_W?JuT{{4iUl*3yLd$x4P%(bN*?l+eXCyr%9Rh`1o(=(sbwUR-L!LY9E28dhoRu{ zSRMmOG_8qNZI#MR2JLciBYWu_PS5s%gV(7n{{>|Jzd{m6y^GGsL-@K0 zD%h3UpKCl0`~0=PPvE%&|8V6(EfI-|->$j+B5rD_9rzl2UNnXAXBO3QQsYhwJ|s2h zR=HC<#%`3}^pU_5viqTu)i%YNOY%!m8E&3?(D$vpI$qGieT{qvU=C~O%w*`wOIv3# z%VZq=S1W-6Z)kV=UZnx6*tAelLL^b*rUI*%!I!a0L1EX}E}rwR2;Bp}!c)ev^9?Rg zu+6e;4CU5@=?GhfFuU6fyUKsr_p&Iib0FZN^?Rle0?tTu z)RqPp!a`4=A4T2krhc(f+G@xp&Y7{#^0BaCZ2;lyKO+~MpM((Nkg zV03h3ZLYa#&$Rn@@{q(O6gK^xYL!yCC)eb?l1W(^S&Z=nQOG9kTd>t^ENoh|Y3w5r zQy#tlK>_wUkxx%htxdc<=}AOczjIDAh{Br1M)S5n;)>=W?Dkr(NFjTlF+keZMC(IS zz`n?t{&+b)8GG90Y^8tvrio^1yY;3q>(o%rU4pcA)P~UcVNr{K;)k!pO-9@=4=>vX zV#e80EP7;dM4cq<_DsHtT;ho_>-6xe8u81UrIyk`6E#o`b~9TqJacenx&{jzC@lcLFF;W3eD(j>3s%JV7xh_HN0IxhFa+ z5aTY&{JA#jBMr%#Ch`N>aOq_XYEDN07@|J#%Y7s6yLzH zMRe|_;HDcAV|(!Wy7j+oojO|3=#~i`EH)pC@NzW`KO$L5@AVIv0M+J#Og>A}X(3~m z6Smviq}M#`Jt>@^Mh41mnHl>{H4UJqS0-KB!A1t$^i5o#%BNELU~Pt2OKjl1C^F6i z*Iq&}T#K%7`H#~Lbm=4Qm`%Qjlzz!f6U&O}f=R<}||s1$lF z-&R4J!*+y(jlkFnmpzNSd2%b=J;;I2UL-=jJl;f#tjyWG_-wA~FrwKX_QLLRr76yw zmnXoHbzx;B&zP0Bv7}5Q)H(!|7n)jFaizgkC+7gMR_D53UL5KL_Cif$9P*WYb$ZHE zs@_gs=1oE5o7ybx~Q8tT1-7j)8tSoxc&aBKhPMT?`6=~DEClPJi&1+Az!fU zHBVW<+4gA2pC=dd#=p-lSzF>QRZF4P`@?RAN_oQRYunmKLb$Vur>ivD^*UR_M zCN71Y6DE;QC1C3N{S8W924kM483=g_F`rp_tASzlaTT_>)$Ac}CMdP4^!GkcP%?-g z(ec#q^jO=r@oJrL1?PNVf#>A1dh@>#ez3|5&pa)9WUl!7u1NQdyWHER;Y?Q#Le09w zECW5Oj0=oJwQS!0s;}>BWT-ck7dq{)0qO8gg~A;zzA?A{?cpSy0>{kN3H(dfj`?(HYe!@L-J{;-* zc#fV~N~l#KwFA$7XR~#n@6ml7P5{_;!*RydLks(y!ZNen)k$Lb&N1jdUfYtT>()%9 zeb`Ki`SeXA>qAsptfok$b75>O&ILj@4sL-6t3PZN8YVsZe5c7MN`Os=<7w8&`A;eX zt}LvYso4lJu+&M=VqVQj5XT7j;9T?Tq~`vYgY|DW{|_M9E<$75WBd{Iu1xi4Kmo3*amQ<)J|ZUXC!>~(LI{E@z*_@XIe*k_sRMZ24X1_nI!Op3Jg zNxBZl-RVJ5!;Fa60Mn=oi|+*q>A$(kGjB-P1NB$rqg8UF|u%vi0=6IL;)t3yB3u(696{)lQw4eD5wuBR;6dFGq8uKTzuJYya@bH?bJXOo8q+x5ogh5+-GO|i0Mj^JOh zVm_4ZL~EuwCH=8_cP6J$d%fR`5D!O7YF8a^=@DrA?xoxc3h%q0_?{r4ZsPS;Z<1En zT`CDI$I~Dk#s=W2OuZndM3$N9!DWWgxj^GM$R9d9_4mMBh?{u*i!C%SVHIHBGKUZpKq(KZ>g@BoN@<@AKes%VeZp)4OJ z)mj+PY40cbKH&Y;^VEswLWf)wZzg}I-R?jR#OTQmgARuP5(RrHS6VyU;buG?P|WDX zdCXrse*I$7p+>EGG%T>tiY4Pv$lcQ=Y@z;gDa#ixPl@@SGMxvK&<~@n*T)4x>*%jo zZLcU!g450N599vACRSG7_4uKiRlR$XMwM4Ej~$(JF1B8i?g$ca;izJ(ZepPmZ=vIN z5YMLH1F4u;`v0@4^OlK;^Gwg@oT3qQ3swfT3Bgb^GItW;4Cx z-EoOI1G5GGJ2r|TlA?!8g)f(527(zsEr8|D^^9vDw8^#6%1x+xCNiksXB?R~)&arm ze}l?;@6}w~%&E2KaPE8e;Bo6T|` zzy>7I<)-fj)OBxRxvcUy+zlst=O>k#p3ezu*RMAx{>9k-`>p>j{rch23Hu!TX0pu@ zGYzuB6_CpgqsJ%~P&Zqz?@px>pjJoDqN zNlELPs_GZdbURiH1CHC%GQ|Ss#+)n`1v%+HMleU+}Vj+PkorzDjTIplTvSBf~oFAHU<`Wq~ zfTzvKkwPD|`>V8``+EA3IGji^%JBVMY zQiiw5A}2Ei)Rh9v@q2xSZkA2LtQaL!u*O93a&o_H?oMc7Gooc}mF48*grs<)7);^J z4A{=bj#GsfO-)=EiLAzJfme3)n4AX7*;N44BN-Sy5ajlW4CQ(Ffi>KXN7WN$;W7U5#AL`o+prUDN>oUjinGhW z%a=KgkvWTi6z>D- z%kfg8a5E6ARuU`WSY)3axduI0%BeU&B7{I=CNT@e4@o>7MrHN%`mrs^M)}jp39?(; zIAI+U6W=%|PYTw_+}3p^7Toy*ms4Y$yG8wN_f-q~O5j%YqPnI+&Z!8ip#0F`_ZR&} zy~Q7IYDC3(D;-%#0X_4TY|;6|_rc2En4^JH%W` zDk=g)7*btqK8-4g8*oz_0>0C5uy@10fR1;sM6%N(-e-`Lvf-k|Jo9$};OgoDU8GB6 z_B@I7X8R^q&tfK9f0gNII7~YHW%D7ASMnfEq~D_gZr_j27s|`wvENc|9t_h^qHDWf z9&2fLDvwpX?(Ix-U8l}wbt*RH4tlh3$iwWYPz|KfMICYU9EQmgx;NYzPS+uM^I<>o zMkjHqQ)Ka>qgb9rzc#`&3ymkICReNPOk0KXxGs!aQ*)E=xC-Ie9dRd5!rb_$h;>9M zx0?%UI9f-}fEUJGiCx@fh)%DH_JiiC?k-V(3dI$AC`hN9vDias@L&EWA?1xLq}4Lw%Fd)W8H~e{p%yzN z+;aRV1^TJPq3D&IP$_7ZMiP&4l8&)6VkP0QY8tqbh*&4e0O#a1du7Czk&pHr1}O~y z+xI;wu0`d0DP*YfT@-d3&>siHRNx1tv)p$!K>X+3i;BPF^w-Pb zOYDE2v#DNztMMtsm4R_M(%E|$D*!M~o~L|Z0J< zLSS+E`5?AB=_ZPfJyaB{B;&x|aI_fRh`I62mQ8dzU-JHB`-~1Bn z2}}*{WHUFlKefx@+vuQUGhP#TimAkGen3yF0&2%mFF3%eN6DXt+1DeFF!Pb(NS1)= zt+V&!V4E((HqU5bbe@~PN2}l9C3~hJ4NK_3J!c5fVpnhRD|*_2=bPKBaCg?^=k*c0 zD7KJzI~F#deDUaoh;$pb+kI&&_TohPBv~S?!9B6vggaQeA$#Zq5E%W~xO{u6RIhak ztF#Y#!M+*^4tqb*ZI&{|3|=~KwXG!8&)oHhGRsPRTwaBdpN&)~gD4b&A*v-%F$rA$ z<&^4^5Kr{$-qDQ8w%uo$ljf#K-g{^uT+K06(}veJQ0^d!j3+JjgQqr@%K#^pRafm; z9+zL7>fZnvo>c{hstMU*_C+7Ra2DbG5o$n+p97^5$gHKQ5YE-ut; zr8^M3%)x3&mkkeR_P+rjB1qM9#OV;gK$6~l>I#XXlyyWLm}@o=OlqL82F_Vo+_QGB zGC3p_xfiB+G)xY9^iEE_u0S0UJ2lInaDhbB0)t)p$Ixy0i*{*?fv%JZbY{@-@6+Xf zI>#adYCD`7P@w8{pgggfCwRR=5f89Mbqm1p4AV4e_q*{pBx4FJRxpObI+cnDLk!g1 z4OVj@htYlw6c4@`!2F`kFtR2?-n3tb%VWLJ2L|HRWQuuJ9;atL<+hX-mk|r{tPv^- zRl1CS&Izl4fgr3Azh+1|O@O)GeofoQqzXJ_<#q(r?+Xs2Wd`VZ^|iffo8lE$*YRC& z3fa}lK=M+=TC1{Yp?f}2Q;?Gr1_HH5L{_2+k>0`;O>9N!?IUT!o>>@MPEHFn1!+TZ zv%bbG@%7AJ8)J4wiPka=Z7|oM4^1SEdWTJV<#mWl;gSp1iN{u9qSH27It$RD7^x}) zd@}0rdK+efznd$ZGe3cTUf|Uag~gNE1O+yq0v#5FJxEht$s-50>dc`XU-6cltZ$w0 z?W9N2Gk6)@z*=0HLTZ3_Mqq7^n`KofLQ67J&+cDJum7|;{z>GaPP+8Zb2H@SDh$5L z{bR!VBk+H~61vsDh~t%7Q@X=_gkBVNww?T(Lh}N}vPAiZqWN&*fNtfi7V?12V*~C8 zSwlKn-_lRJIQzr9#@w4^4JS>*hbc_3lzqN&Y&j1_RpBqBL-8K)g6j0I#dNzDR>g|p z?U?!@Ksv>}O(dg&%?DaLq_4QK#(}E6Rxt#vev34v52<>Id zv8>Y%R+r#uj5a#$HCjyF@;h%H6`2a8g zDTs`ZPmfQOwO`ghtyoH%I8hGYx+_xi#e55X6dGNs^2uzWw^-ERyW{a#kdC^uCj(8d zKYp*Cc9JHkD*I{DUv)r#ZH+(9nu`p*{nV@HF~MfrOQhq8-9Wz(@$Zi^qYbTm%5r<_ zZ@-^C<*n0l|46=~ej*>lFqXA*BXyE@tz1a1>BkWEkk$3m7p>NQsfa)2NkzB)*$tl< zxO7oqU#;bh_UdfM4Y#|RBTm=(THJasJ4DWJWvKSP=B57^IHSL1^Y->K%>-aNq?9^v zWj6Y^yBB{`sU2?`|9YX|X#ePf*tb8w?VrN8sAgI=%-w}gKFM=2l&v^=2a z_1$Mb{(#2a+xk-9tufuI2ZHqJGW2wI*WF`o8|m7n6V_@c#w=TR16B8LEg}FJ^u~Ji zZ$$7bq%PF2B8=B(Kux(kT?J`Bso32XlI^e0wM;U+;=2BJUH@iE7gB6P(;}UaD9>h_ zUG5*``_d@*=0gc%J-P8!9XK9W{@|B{fKv_Zmffs(gBeZKz1wY~l$93UFhLXIx$wLx zp}zQbObs@-8}<@bDBo^3kb)K8h3s&>^)Mtb%VMp@=+f#l=^#$Y-z(vvr7KD_Xf>37t#xx3A&Tv+1%l%`lhUrF&--OT#rQra0)`!aPH5gLd=e$j*x^WPmS~@+tDwT>kbaYqAj`~8SLP5OwR!|~s`a(?YKnJ%FOR=CpJn|7a zvJ$Tme&T%d*HEFvUuYUy2%lNw(CVl%efLkMCd82$$nU-gZ|q1an7h5|iXf?tJ=L5P z5T5Le7kD@C67`zF_Qj?yX8{?7W)Z znsChiUNTxsUrr~KSEvVupc1i@$_?HDKJQOO8V z&%CI2SjYOEbuDiMe}zP}p1v7fLYdnHtHY1u54W^*ni`!e%yuN^lhCP9&Z8@u@~_)Q ztzo-6 znIE@8-5*70kHBlj%~L94q=j|8^x;^m};I=6gf@WwR1WHX`ubeRVZH2O_l#3YlRvPAwJEGFIMiTk@gC_$(XKX;azT0dJ@! zx=bu|MM%$;Q(3LXV_6AlJ}ICFwsWRs4hEcovTK~hzjm=kL>FRKq-Ui&e4$=uVppC{ zq%kc;dlW`X=B9uF>4@gRoV=A~?f@j70B)u%ehTVA?8~{bfqK{hBvGL6_CQ2nY34g>AQk}u#J4#%!j05sU zwDf}LGBve%l)W7X*MJNsW}+k_G8^Q<$(OHjo1nTsPPLBbYb&x>I(O(Lh;b-BXX@Z> zf|;9?(!9)ye;>b<&_j*#XmUCv~?6J(9&5^jfuR!{eLTJ_7oJND!Af1!YA8f*6;(z3U#8&Zj))W> zbIsJOI+NV)#u6X4T7iP_(V-wW2X73(@fL`*bOuG$2V=`F*lEEa4(UIV+BOddjxA^;YPAF=alSyy!*YM$Z8^g7&b<()*?;#1cVAqsnB~&0!k5AH z{VF&oKw^lK3m$twr@sDjB4<*@8Q%D%lb6(tYUi%(;Oue?SBj5aWskrnpi4>!jEoY3 zVj|Q=YhG?Kx{3Gmym|Fn4StW)IG$m{7joJ-z z7J0Rol+3B?U|WL8Hmkjl2Yxs4u^quu_)?-1wi`aWv=ylv=m`VW0fx`B%$0_^aeSZd zb^z3NSXzXwX*2J)PqZXI6YP~LIqgZFf4;9wP^@(232SK5 zl755%B?ODRMZYk(Rx)!xP4Qjb)GypVGS{hU6VG>Q6D@Z@<6D+Vg zH0h(yDh-P?u=z>loy(FDBNRNm9nw0W%&y`uoRSKx62!|1jtqN)c#{UzW6+Ux^;%_i zY>E=nv^&Fjv6ZiEqjkAEX$%CO5%TJCLW`!lWp}LfQeUlAC6xupiYQD43v~d#63yWO zGLbDO4M$az^`_DnH9e;VZc3-WTC!s9s?I30-*lMbhaX7Yk$>pHNr*Pa8CQ70)U-m{ z!mWMFSsJ{Dr&3KEe9Ft<3PLF2ZH-2z$D6|l^Ht1qr_N!Zb7Ho@Y=EN%em3{tI)d8r z-&-{Nzqe`rtDUc{7Vs^>{W4k&CDB~8OH52I8hQUlK6L_mraMzsU-u)-9OB$z6*`1f z@Vf7#!yY>r+rA*$3Db9C7nptbphz<1kZLcDN8*(qv^S6 zJou(8)wn@0j)X0~3KGRC{iOQLKK8OC+#_ZF{oD%5=I>5wE>sXCVc>_HfxKhVJYQ?x4YvsO< z?XWA?PD52j!`Lhlf`Z)<>vD5ZbK1sFD}vbHzM!ps`i$j3#OC^)_W%=51`94mCnS>Pm>^qTu`=s>oTKJtXgcM)?uCcN~|5n*NP3FXp2Rj&K1J6KX+1xl++Nd5bZ9Y z?5lGjNJE;I!u`4Uf?$NT-4piAwzEJdG8U$XLoKCcI8<6kiEaW-4FQ{WF5`BUM#cgK z9L!?k{R{wY*#x41w2`i!^I-C%x(ULwzU8|b2Hc+^;aU6DAtF5`i4#6js zj}V|EX|tuUqK7-P=`H3wgg~@L`eGOadZrWrNY&)Brss~+8iul0G>ABl%xj==9z|fB z5#?Z{{`{`ktV!g%<=c#hsncREehzpcFAS6?79)XqJXE^Z9dqleG#1vtKK#xKnx&;R z3~%;!tv93qk83=j03m!BgoIaM1=(tIma8ptnGLC#%5QqiIkOCz%9~0W0Sn*fWo(zi z7;ZEttPrf`oGmCE)AGHRvCbAzi=tmRQ5PlU;@CgY!GG_~m^-YYd=|ROJp<%JZVHlv z-*$?oUpdif)nUz%tpA;>x%FuRQjMpNxXk758q$DQvvl94Y!~kg3W+FO=9w0Y5fdT% zv;++d512wFItaoagb@-z*PKNz-Z%kP^tfdU*lZymOX2BA4J6;z_BB)wGyx8RClj>^ zrSD4rk`%FU(8X>n4Z;)9*oyY(bR)x$n2W1wd65X+PqnEUcjh7xM8$OlXm-+3Y0J$~gmUxL0x zTTI6?oLg_HqbkAm$?F>WPN=_Nz(FN36j$H8+^+EJil`V=3F)p}f)i7#esf34 zJ%l{#0eGnXWAuhFrnmi3vj(e?CWtF0JH5f3L8eQ$8mE;~DgdxU!H4E6PaM4kxr6n- z`}XUvIH4o#vZGTd07DZ8LBa79iDLepa{857_Gc&O<L9-E zgj)+RTTnt{0~y(efk1^*a)oJ*mCB9-$MJh*YZ1%ylcLp_m1yRk?x&lqy;Xe1ihoLQ z|L^hP|5rr2-(AbRXkTktaKD?+Z+k%ek^ReOflq^a<>9S)?gjy#ZVx)kiKyXX?9ih( z@M5{7Qv8X(C_aV3G}elv;l=YhXD5MNZAGUx-j(i>xhh`EsPujxrWVy%FTN1kT20Y8FDGk>#(G(PQ;DxCJEu)?&$2iWJ+*=P?FhV^4pnhlK_6c0P>-DH4 zW9;Y^)frRk7TB#KP%u5eHY-dH8AZ{i3`J|dL^Xdvu zno`#K(>J=c=|Z)a*@~(=G@@25=ka1&iz` za1t(8w*v)x@h?6P1i9Q=Xo#xc+5SnDB)2(yfm_*vaCWFizB_#9aAD!$VXT9B66&7w z2&PZ${twBxGea6gSxE4pcdPf)|L;dDR-3D^6ZmmlUdIgI(8pjruezWeFn$DCZOw^P3A>ffqPY)V4s4aqC~ z_HSS6SM?^vF1;*%zNlzYFQT+@@CH-GF`m_@^uIMGTlp7MJ3EI{QyeGqF|tC>ZC>iR z_DZC&xx%u_fB)FDeeX$vCi{Z{S){}Z@18yp@qKJpz+3ot0Zm|m8@{QlvDXUXL^ZT& z?lW^j?_)i{CEyRDQi6>~uj!43XvHAsfmHjcu3{Ckurp4H)D**uBxr48^JMB?M5h(# zSDJr%Oq(}uxwTV$*2J9toVY0CpjneF!p-B;yjy*vWTHC`O>Bq+X?7Z#JAo9Ta93hh z>OQN77r|Nnr~qiwt>R_PJb&nCXgoAL^px5q!!JKc^@{vPfb@nF=H7CD2`T|fSM+&~ z;s=AZptZJ*&Zb@(7aT&OVLrd!0(;;%{HW zRqWZ(hJZ;v39J5n=kA2?fnLY`JIb%V!Hl?~779cQ@D3kB<#3rS3LnmIY&R+!U?=N5lxY=aET1$Ly z5w&`-Z0{pDl497<^*oqKd?T=Q%o*fSH0n#h-7FhFNAYiz@mv>zWqT7)DA89z$+KhE`FL{j*vy{i^_0xed++~5Fs2E^{afYnf0ihl5I>2Sw zT%)SQ;}W}P8XdB6jv;PZ1UZ*0we%JT+J`MiuBTwQz$7B^xnS#owDHtJXrFy_0kP|S ze30mkEwl-*;bKnLYaA-8$|#tDsaT2z9lsp-&jK0LnqSM}BZ><0Wd z>;_PWAjDnhZG;-_6qb7o}wsk@5qPb4n6ck+qau628V&i}Q4)bE7& z_RK5P0u*^%teB)DG4A&M&YK^iiZ_(rs2rwGsGL5bl8B?<@bQy(F0yQspT4zx7_)|n zgsmlY2Mg|hTIUXLJuOrCP;T{>3=bSsabT|cm_QXkAAZBi^z79M8{uh9crpZ3$ za&JJ%k$gWOYD8DV4sky}GSRR}2yn+jNGmT0 zVccmBfc(mHM(-m+j?uIWyvc3N^u1L4!sAjFJH2amACB%Rzph9NF|U@8=F^=TX#LbY zZdLT;@`yQ%xdX01bz{Eo!=?wa8NTk*r_X(ST{yXpzmNzOsImh)Ghjb|h8M}@Q0$K% z=%zour6S<%vFfP{^hz&6GfbH`Skz29X8rc-M>sFv!5ijy;>LKPDlZmk>7%otv~ku=E-5Vc4@8y%*jLkO7aMAy<3Jo@FK z58H34*OZXy3ij-61!e@7j_uaPaPnHve!_>>#bi6UOjP#$n_uW%ywbn71TRiF6$~L9 z(edRVh1DLU*!#POMz!W!hy7QF2YU2|b#20n^mU!Mgd9X7bGSVR3(!M(X1M6Kq0uQF zQGvYAcD8mv-U@hOiL|`wT{xK;_Tp-8hM$Auy{7dr)+zR;P(|N$rp6jIR`=TmyINiD zKdD$nwgiGQ{OJv51;v!?+u|pqQo1cub|=QbQz4f7Txc7fWaw{hFE6TjHHG;kZ0-AW zmuG~8Dz<0)TyGU#PX+lG!U%_Pi`OjDGuk`j@{$&-fNM&zChwpd3o>R=O~lQ2W7evX zdC%-)Q3FbV$)h)3%q}ml$o3|XK!RY+waf~$yaiD#Jd}X|1OVSQOQhwe%+tc6#9S>9 z6w~2HS zbq^k6Y1EX6cEa<4Irpwo6Jcv_ZAXzCflI*x?%vh;sAp_h|F#7941un-9+Y{bRCpe)`7O9hetBR zf<;wm*mw*a2K6SoS%H{Sly5~=d%XDCV-b^0|2UI?nQ=}Xacn&lbg5IFXb&$rHHXy| z%#gXs)OxQQb+x6H7CHH*1wkL$lz5Y{AT6%gW06?l=PU66yqP)WxNi|*pM>C2@>M+U zjx)*|=SH_*i0glJ)TpL~@8_kc4t=NZhFpI1yskuE$k5ys=D;+#DOOTgmz3#^x9(l3 zIeUmOlr$#hY9SM^LlkuigxKTM$AA!{U>?o`ohIhntIu^`jP4Vr z6|@*0gJ~k~<`$*4mp{Jo%|CgYi@ir!T^Bp)8M?jHMNR0i<(yr=)l-s9ou4Rzq;T)4 zd=zh%4dw7$+87JancCApTCOLWV)|kBm9FjtFI#Pxoi(rNI4sg8(<*H&XDh72QFO_% zT&IOr@VQIkV}k;ha;;g9rRGGfX3rhsM28I%+Aq5ywOT1QdV&4b=Mq`%sGe?%jnnzU zlusRAN<8F-hHv#KT5sKQ5oj}Xik=z5(I^uX-!?}0f?>*kiEBKTzvcaYT*^gmlbxs(k@*-q-c=wX31KXKh6B{HH_mhg+{>5v}j#oCL z6V`9@;!%W9Ejt(bc^$^N(B-&1jr2fOmYA3GVTN5!0Pp2Q{^Ex%j9oZs8zUiQ^VdkD zqhL{|NGDDouvSGrw+v*}UfXiAr=y=2A_J1qFDp*?DD>2@2NpOlg6iJXEZE-Jd zm7Vwd);j0?##(EPv(MUlkMrZqAIT({^L{4Jcydp<@9Vl^X%I^=eqTS196IMJ2=C~w z+_83qP{4&z_^l&uwo+2tzkEQ^4Dos!y_^0*Me)ubD(@c`{!e`ypuMF~13)U^t|3F> zavsZnX*J}Pc@nEovbjPIa!HSYH1)08rny<0`oR?z9XdpehHFLtN|V(`YIGO5sO;2o zb(l9Y^W;sSR)nU0CN|M=_kup}FTDBH)#Y3KFMof&)lL3(_a}1tmVx%e=}?Li%HJCQ z&wP0?ggB|kG~lFVy;Se7@=lec%3 zcPdo5J^!`M%&X);daEj>Sg~+%`KwbkoF$wFn&k_f!cRtdo-RGn>g)kM<(JvZl{}3XF~l2@@FY5qo|0^QBE>J@GA|7oLo=Ha0dIAGH{f!Y6LR5$3$_7y6g5rgmq{ z!Y(!icN#qF$Y?wezmqs@-ojI{;jcl-ZWa~?HKyVirSi}m%w$IsX`IuMNr4iscY&WejT0D)6R-UGM zYgtxO8H1&u7xGrj=f4-{XWjT&r7`1?^24*xI%dQvoGh;*#@CO*G4rI;e#_wMykRYd zL070rdThWOTshu%V{5hSYU`b}mKK(sT!&_04O)x-w?@0qKpeyzy-0Cy?# zF^SD4c18^HDPRI}B`i(+|V?)Gi@>d@5UE8I7~Gd>6TpK7rwj+SHj^duYK z?}2gIK0`^%71E<^v+Rh{XQ`c8Vvq1`HoCe#$_f1X%Y2HDwVW+|Z+G~a5N8OHd{Bal zqg9>ya-AUWcMDNtDb1;++DtEisCg~c)O4yF``|In=q3G2VIm^p=xUd2_hrq6P~F8O zO>MFn)+H-NDj(Jx_f~f~WT%W~n&w{1glgaRSH3M+S7CM9Vq+0W6Jii({j?_Tz|Y)z1QLpukEn1vK;^A;AozWObSNhEvX zd!iDi*pkuzDf2dp<>0u5N$)fX#dBC?GNqNbA zME&g0ka@h@o1ij0UL#%My}dqxcO4x9Kg|8wB(xo8-g%N2Q5tMbp<*r#;mX*z?NTgp zj*For_fHgcE;Sa_Y%7%M`d93#qw6F9)`zteTzb#OUyU5{CTba(g~WsZP_-^IJQJWn z)NRD3NDG*dCob;9dA-~1sf^ajpu09N)Xin82q-8Uok#X@rWOeth%+}}KBe+ZeW{nI znaT-ouHff{PV~W-KE`d=0iRYiVh}pHCw?-tHYes|U{-fYN_s#6g;$KX0PCw_jkX1ij=B>WiIh;BfTk}sVy-YUq0>YWx34A&o@wa4~B*)K^y z)`Exid#Jv=L9&j#+}S?5S+v8Hr?MXAMkUKRtJJF6QRJa6x$x{R#@G+~cjKMJ_=3oHn^0d&2pM*#we z6li2RPWFuvzX4~P&#d{w+p1fz-Copi)1?fccCsDbTr#<$Z&(~Yg)Z#vlI}5j@$E!{ znmb(e)izwiAofQoddkV?S0yeHnq*VrK83E;%R0H+z#ah$Ik&oTavk#VMm4&Duklz{`SBk2Z$I374ss&P*|9B2Bj85*YS)TiszEnTo&C)b?H@@6I z3_V3qg=>3Vo?Ec}92}w=2B3P#C;!H4SK^t9$_G{COKv!O3*m&hoGW+egYoBE|HrS$ zm83Bp@*_0ZL-B&USayuCd`^Ez($Ye&&FF5bo8KBg;I6ShxR#IsSS8Zg?T~I5@5RXPr|Te`=oO|hkt#NfoS)T3!{ zJ-56O>e5f@JO(wrdz!##?@sHVwO&|a( z-O=>)Z=u{{3B%m(6X0mgpv7Wj$Xw))2xHYmXw$15U(tO-De`K-(r!R=wz8mz2e%Cx_FxB zIq`C$t#^I2Q&uHo86DiXdwG6Gh5L;r=%-_p?LT%-?k+Q)3|I8*y{BKnzh%f7GQaBv zGjBvGx+XLj!6w?T)O-{=oMdPcQZJ}0(#(t97A_(KyX(j&X{gY%jsc%ByOg@jv>hpP zf^Js{d<@@FrGXuA2WBZ2AGBcg9-@HotlQs%MMltTDAcsf%KU5nUJZxFSn*Ax%W>L? z;jalgV(xh>Xo9Y)O4Fw59%1s~-Q(u1b}55f5@nqu`y>99%D*BG6dT`XecgXJ%S+xG z-Bu1u+2xM^z45qZ@!)vMHq(Hl+I*Tl+pqs4n0uRc^T_Qer>W=UR>vPI|2toIPk%xr z^aa7(cE1d~Tm+6)ZXLxOo>iX>&N=;z{{Dxm{`QNYuyDEb!W3L`+3zCxD*8~a=(F}M z`mX$^V;n{o=Rv6r^Zn)U(gHPRW5RpqvC2L->m?=Qw7PYaLGmMo2Tgc>Bw?#y)0MjG z50%Mt1cn@IBuC1Pq*Y-AcD75&Dh#asa?>SU%H70J-qPad2dzWacAbSs5xJ+hkF_rh zW12ZNM*F7p_#=XrJ`Q`F@G_Sz5dw}-XPX1=ln~o3l_2J>W+?5@#pC#$G0=m?g883A z&})q>&0i_4iVv4?5hqu28{+5Z>SF#cV_GM#tC5<)!-OMgupx z@860mHTVUg7O;Si0&SDE5UKfSV${7N z_d34UU^!O)_+Px1&I$oXN#0(~f*$g3(`UYni)EVmX)hH5rH&Ygaj{j93|jw9^|=IZ zL z#|l4~(*-Ch#qvq|(La6=RR2GS{h#;YKY9Is1!6x}!Vay@txoXhf&KE#GOP;A%9d+= zV815Lv-iA5j1z7TZw}lFi9i09c<`3XFyD$+_wS?YX1mGwqmFtb1xpWv+S+hwaDEygekV1lA&cER_zNl<~r0!{eW zPbqvz-G#9J56p7oPtx93w%7cjGN@t_NHm?N;ae}2V~sluX1%4zFTpcqt+C?C(%MDkET05e&OL}#F6Gs7O8LzO!F{QncSJO+!s zxerLrmsr|JtnDel;922Kp*^*!U!Xm%j%9y-N8^X=v5QTrP9S5`#YqD+j2k#wLihfx zc7H82jYAR7kIy^32tW5<#3ugtK)Wxv$k^Qh#u2K_oR?5fjam6N`>5-SDto6hjBPr& z?bw|1;!(e%zPs{QgPeoh09cGznMCIod$!(s^TW>pIm$*%+8=eJu)Si+u&pYuZQv)> znp8U-pr51OCEn~xod6TtcQ}hr?qBpO#?XS5p-{=ZjS@#g2b+|;PFKzEz1FJ?*GZ{r zt=M`H-!$N|dvd<@i)1Gc4ACKRYa83Af80K>35gk?fE)UHoGJRo;4imrU`W}6KU93% zxh+eO(aC|}x9e|}89fe1#Cva__z&txg(QJO+C^)MI2{^9ypN5~t2vZSqY%cyR>h=|G-MH&)8zSgn{RJ(APetN?%B#eKTm=gQ zs)?F2q*f1uZG~~Oa`7(6TQ#=k8G7#^;jiXUaWvd|l>X z`vXO5A8_e<{yj(`$ZLj!f?;*4xS6S_|6(F+E+7(ueZS$?$KX{M`?q${fue6=Xgf*W*aTh&j8%DlQZqql-GuKA?ik;7>hcsvon0p!a z(`1HlnT&L*_l!U=tRD<5LR;dh-grF>7we8h|BNdHRvIj11`0ruMj{hK<6?8zy7KZd z`fq#dnXno-Ji?=j$@rOb=c1yA-fvAxQhP>mzg5y1jcHW_BG;=ZujzX&<>?R-UbIq!BhA8;uK?_9> zEfuy5#@kij;y2S002S+$q#6(395D^$Pb2ydW^tGibsq|7&m3oAujiXpiZ%KkR(MS6 zeM;I4ZJq3T&ez?)L{y5DrU%{+fA|zy$ZQSmbF7Qz9W^GS!aOU_P86>fm)0^bG+Nrp z!x!K`Fok&z8+lqt6JbH20ZpC_7yXo=>GfStY#F%4M+anKsM#^8o-`F}^2I!#HjHnQ zZvjjXdikHsWE2kgsKZ-S4*G?yle~7))w0;I*xhPSC%;sJQW_xMbhe>++Cp9!pW`!h z#|dZ;0CJevSa*(JTtFMxyQYE;U+uB9OpwApvLgvUC3b;zMU_AFIzp@Hny^UZ`=i9U zGPhvI!0LLy+BIx?Tj34E03M!(_IT4Wih3JhtKjWeA#a*-K8?Y;BRJqWW&&Wu=kAkc zGtMJ0n7M(XJMR8^OzS3@BVtt9_-jbzgGZh4ifuzR*tWxGgAX$CL~TT2uU6?nGj)1f z_(yH?K2KwQ9hzu1=9QKzs8hjE-KX0dZbdh~2< zU$X6Ub0u_KXofTS{a^RyoOAA#lk?*?d%G$n%NbXyHI5`t*Yu>PK+MgD+Yfv;dKk+ej#diP`tQSh(Yd3u z<9!v7o)?be!lH!577Y{OLeEugAfuWJlMY+np6}E%@f9_PcPSXL%)5!eks*IW_l3ZL z1HQ|vyrGXXC137%x_4D^6v3pbPew*FyggMTcplCh(PysTkPN9J06!X3JQiT|d@s3Y zlx-bY)m%*kMB^r2L1{j9s3~Cw>ZI6oX1s=;?A*VzB%O_h_a)-f{jZPQtRs8YWE%f= z3(cE+|IK)MiM7MTzjWpU2XxP!M+kT1_Yq?j@kV9dD%)4kQMCScvRQ5CBmDV4RQ%CX z!*@#ET87VeY3pGX5+`HnQm=O#23!lME+wC`s=9LN1T^vi~U+g_6I&p8Ig*{K) z`B0<*pQXQu^rSH4?{0EyDUC)UqeQ=M*CkH0oZkeeJ9AFI={Z=JTGm<$6SqM3c!fU% zA~T|Z_d7;h&CyyEK#bOOrps!|Jr$`)A$oB^6diiEjEAr(Djo1;?k^{ho3!A(F(81^ z*8ro|lmtaG_hYxUrxP_ad2o!P>LV+a*lS@#B1oPr!e87l^Jty3rcDpt0h2L9AL49@ zX8IzGMn3zB(!eI=)OjBc>kksPa1FM&EEYR)Q-s6kCTYIst{!?Q>-F6HLFd%3B$Sd< zz?`=x8F12&wyoJzQs?d_;c7Ew1TcpeJg-pUbIeA^WZv?6vS4P~8|4k{B{aO~(e0rf zMN^K$OSr*^b}d<-JaTzq$_t9_AHjfEQByN>zlsyq&Fbh>$k4QR12vf85_-5rDne&L zqH>7e`Q*$Aqz|07)+4wgesCt(Hn1rO038*p4uCvh@ZQb3s1Hs_bBfz@082gp4ejwC z#Z;$<-X769y5CMh2OC4q;y1aC}dB?-=Y=X<8wZJCsGZJG5l?oNx473r9~D6 zK83CA2kOvfU)bu;!cVWkg4Z7>ya)r09Il$-Wf7MqJ$CX+M9&&3>Q5y62co%jmjNZC zD?e|INBGh^S6N4AZolr2=GU(Jplg!;E#$1(#NgOW?n#t(DbO&KLcP;;%kcC=sIcX_ zt_4n11)1(Mnm)U&#Jd(3-C}Sc()W1!1Z@dD_xUf+@mKj@lHc_fFMp{+&gA;gkJ7GG zL`J<(OiC?6#})l7RNKvfc9o8&AA_GoC9Voxhg9W2Xg)#3*Y+f8EN0T*j)VN5UxJTk zAX#o1)=hENADminDKEEjT%N_ZU7S;);rF{f7R)1(mxfM`a>-lvGnOq=$H~AL(Rf8& z>cxIDnO0U|=Qt^P(8lhu@>HRPU%D@rj~t6BQnS^T&_YmygqXIN|{h9hPAq&HY8#e@JlvhioQ>8b zV=&_ZY2`N9sjw0K$=QmGTFP$6B|@|9S|_2)`{~cD>yu_rGd%F5E=YWa$v9d>w898j z81FFQdiNdMzlFsW6X@>@N+u-UsOReaaCcX8eX~}ip8C}a!=6xB`fP@lab2X?lQ0h? zjRCaqHnf?|IUQ*I#n}AI@T|-_07TDUTCdVjhI$^@!YT3v5Re4KP=Z(bm z`pTb?5Rb84C3!0feI7|HIgw;}Je!ob`lS)8VJbS>HWZS52&2b8>=q5+rOfzGa!B1) zz$9@=5vK}Wm-Xzi3A6NqB<<%Y9X~}0rLi?Iv=fO$kb^FEHTb^aZA*qgsWppgqrXRf^M!&J8M=oc^;_H8? z4sdg`Lx(Hc7am3tT8^U<$8S0)nC^zX5t9v%J~#}8e+!Iu9G0v-47>GJ3h4E=>MMDN zn%OeqWyL^_fz5~3(Szz^L>y`99(VR0WHpetj$6=GDO&L9U)TM6Ngfo+$zvV=#d2CP zKa4r3T{`^n+p*PNp6O%5Cg@>KAm`(*V}1X3^AXq^@rORgLO8_*Mu|H8Nn3O8=sgs0 zOJ?TPTUcVA+wH#_<)42&2jM&Va@k}pHvV$Tco&>uRw}uCjLtA_F8lfrecv~k$efFM zf*=3h>F@P(S2;(xYtksn$d)We#4ctksVh_w-h^nv#|v6J>p#xheg1pv|6bjMy4GX! zbSpOe>}Sy0P~%7H+?W5s;CWQG&6#&@Q~9%I1r$BAag&vf&B%~~#c07@ntN6MI_WzK+zQ>ASDCw)OhTF(3ej~jMsuRPZ?uVJm%guJedt#s9z;av^& zD%`e4x^l0vow2M8(~4Q}$LALWPj6OE%*7Z;#`g+X7rb^BNVq@9`^B`3C9vUxZf|ZS z)58RPo~@|okPO9kMYh;d#mE{N$vm_Z>COIFr{Cz4Jqq8@Y4^m<4SQZfk;*63;x?lY3l(#aHVB&TqYXabUphKju5u^AoY1kKDF&Y&nCcf9L?i4QR0B+g~`A>dfdgo zt>hZVt@k76Z|mccr}~%eTPN1El6M?pR2!@2SK35#4<%Ur9W_O1=acU|o|8Xv6ci=&6xx=p^=hqrlek-&cHf|T-8{)(k`Me9r73bGtHUxQS3<$=NRh93)9Xmn_F?C(B4Xd>52h@k~$%|r}z_e_8WKRxu#wO4jh*+gKDY0O`y zr<>4si*fVx{KOe^xHTs8l7aCS#?Z*@rqb*;DA+Iw-}rFY>a=+*)|CT~x*+g&d9(M# z%}X<9dj+#{91$u`tKuO>uZ8zn(DFqYBq|RcekeX_#l^cbtpXi#f7Jc-YNkXK-fYDg zV|}~v4b{h-=k`^>*=zsEv$*E|H3!xg?Li9Y1n5^Zrr-P4c?13=O^brDa|%q-47orA zG@WhYgyTAWt~(l1;w3D)x*%Y)??Pe1_y7qPaOu)2o13A&`HC5>)QUm7Zy3X9q>)@2 z$tv|gK7Mn5TB`%S?YN=yWAVi52_6gTM6ug;VMmR2b=V;TAMsAc@&ujBcPBY>ztdDI zsee&G-~RCDp;jVLwfh%5;$4CPpi7< z^{2V%PuKoXU8y{4aEUu8BKUy)9CLO}G!JGhCt)s{3vdPEAXv&8<(>~icX^7^bFnmf zF}DPdeOWE=@bexpopRBR=QY;QF@lVE1RFRAVoeEonkAs=$Q__-OE0v@`r7BKjtnN3 zJKseGj>;#I4y)ZQ6mk;m`xCWjnS-6)A_G%85j>9ot@HOD>jW=$=*qaHmQUL;*cjA% zb2`uXYCRZtf{Htd`*Ic>x(Q2~d{T#^;}U)N;Z_A>6#%g_aqhw<;jgvs-*Z=zg6I@w zrWSnJYWHCtK0INSmPr6k7$ePX*u2LJy*j}vmad!p;{*?jcL()+x<1p=92!4D7c0hv zJW4ztOt9RbnW1j`6lBfh$=)|~6O;o-AY1W-X`{D%kF1@#Hhu!%Y;j2X8_mh*`Dvj8cBW5JHs<7XeYUM2Fa!*R(*+dUm>*P5k5c`NBr_DgKK_;y{y2R&Kwp$6@(qwXzJUGwjyHpTJp&g_`YKs~{Re&#DjW)I@Jo@0v9S@&wiH1tsJJQKAPO7F{O_%ry_-lZ&5 z0{-Z}P!9`L>1y_U^lQ@@JMFwbnDo`Gi4&LzJ)*Uyo#Un{Z25XM z?WncX63_mezorbFq{u=(I*e_k$3*+E=S!FQSm@P7a~vG6iA~5#*-W(H#jL;&LZ9h& zmoFTwnz!dFe6`Bp%5r{%^B8%x>H8kmjTaWFX6zofj4wbSlE@0BqZd||B0k7&s=k;2 z>>-4m+G-}_d4=M+rb42^!;_w5&N(8>I~=$88f-fR6k4~XPRA-m!p5r5#{vb6In6V=D=WXd z#5vuZVC4#w2lnWaaLCK~jo^hwFWsyWuQt;$9g#*>t}?qyq}U>me=%^(R_ZrXUO;zK z{500CvPgyD(!VUn|8KX=NJ$|Y;WueD=JI*lGo*NV!JhbBUjaTKNmsJ7<)#*#nmz{^ z7cdIuFQNx-U`h6zLQYaNkxVp9d zb=ySs)x7lIwz6htny1n46s(k9~dU_%vP7R4i#IjHcTJ1Q;(GL3o zTF$|;sKw*0^v>P=jqS)#aJqoQq=-jfrH?U%yOM&`R{MUv5WT@5p;wgQ6{;E&IvsFD z@X^2jH#f8DY_EPZ7#IvJ3bYQH*}P)mqD)ZC4T0U9GEnA9t`Q{C`?p{2MjM4IkB&RdsvoEzv`N#7PNT@2)aG{64eMwCJn&a73>+ z{$}9#j^8)iMLp2l?_O8sL(O^V+P9|s(df^MKw5z$B2<~^0R&N3sw5}n-lSQdvcR}Q z)iD*r71oF&f$@u7ytcEAtmB22vF@^ROrLnFV4**< z@VH6H(_I5q+v1!DJAeM%ibOK(qmd$-HyA1A<6 zREk*TE?-fMl>N&`Eap1=J{pKTFjxa30zEQMYgiOEXu{u)ZKP$g@rk?wvKQ*9oWD^= zhF~=K!@~F{wNKZU3;c$W=#n*o-oMymdP`t8@-KaDFf4swsPm>A%7>eXsxx&ml9WO( zQ$X+)rHP3ep>P%J?ul`gEzLZXXQL8Pp|kjV`>;AQzkinMK^0aFfzZ0&MX1-Ui~OV& zb~vm7TVgk8NY$9>u^ySH9OCLd=)KxVNj=r%Z$Kaq@rj56y+biFD3P+>JiV52``4Wv z*Y8I!c7ljM1A}3X#T{nBQnRu#WTv2DrtS%JrjDUOlJ6b&$(-F1quoZDYL*_J&wo9f zw_r)-zv=_>w=q2t&c?4AaayN!RWn(e+Vy3WsOWe^$V2j{J2!r_&0YD@|*@M}J-SZ{_?$g+l)rSG#@3wXS4M0%ph&`Z|GO( z74C1cQ)-F7YosJ5`@R;AEx$8uT9tPWvg+g>M0(YX`d_Bgl#4BR^f#ka=}FXK)hTn2 zSPjtvqHKnCT-qjqy{c_bbyP*dUx+*~lz2PBo0W@q0<^=wo1gu9<~V1; zVMEo;aqd^=EZ6Ky8t$&L&(|XUezE^v{eKf-l;0eLK!&CRA%}AiNL}A1@(=_WTfh(| zZ6irDy1V8%n^&$QkdY$`jq5Ld?de2-uwNRUqw|Vm$;N8DP7bFA?m|vC*%az+XRHhY6#*^9&F^hmQQkKNPx`Ch znLf2mO+856RY~+um6eopGKC_9-5S>r6h7mgCa!WCzC)3(bAaxnm`>_egNJkRZDkL0 z!9y8=h9M{=a!`ACiGI;FMl`^HChHD5HkBhc4(@I%A&;5PGq|~Gr0o=d ztyvTjGX%yiO@!%TbSmZuay(6wj4C^ETkgkfi#~3%w|pIeqWB&j_o;>MxG|ePNQPM5 zj78dzzv3QfoMsUq0;BbFV~g9zlf@jzd0c^JisrESMr+OwKC0sH^Tt5Zy@7c9hn^`N z%lNuyt8K=v6Qvukvyd+L-={Xj`LT|5Qm4rw^L?b@?=pf2P~_og@ud@ghX-l^Lyb^} z5JVn4izIu1g83O0FIMtdG_oPwn#L_l(uK*Hvvs6)i$xjJfDV-t6&bnbvSX_h+J8Sp z7f<7qqD(FpidgK$uM=)zS(M$P*`3N&a*01CKFKisOD4njJ`OLGhu~pdd5-r|WBrs0ODIczcNzf3613EI~cdY^2fG?K#fOByY&I z^8@|3-FWp=vAK|*K++g4?x^K(x0c=y*87JF2*&uP=orzOw;I(Lmn#*GvY2b92&@Mc zw(CjxclEF9&OyQjY%38EAp;qEk`+aN|&6~Bl2g1IteO{7(39r7Q+R9pDn zAMWafJkWPc!MbIEt$f=zfUrd?G@_w}E$r5)(N(yTY|G1+|AiY0T~+=>FKpo_ zAG2K)grvO{RiZT7{Ba29f_FHD{#I{H>?|2qa&!NUc{tlL`QE{$gGiANwY%Ir_t2c* z)L7`UV5D@$W2B){>hao9^vSQ|ns#*4tLHhz zJ_ScU6rtDyp|88Z5k`njnZu0p+9A7{aII`A+dQBH=qP+VqB&Sh_vLtAHB_?=40qBf98 z=ni#&4M}{2iE!}JO|Zi5@~N#>gC>vQHHAM^;Sx6+eh1YzIe$~xDp-dsvluFZRT1_I zdupeiTyK}+b8?>#`QD^yDMzJ7qNhHY6Dqe>K(@SmNEf8>0b7<^A&592KI_U)tV{o? z61TJXhsyZW)xr6rrWUfu!a`Kf-&CKe1jtiTNx_%F7$IWvjV+Pl@7bk24c11&lM+>w zxfZ%h3KlG+Iu|O*7Q%&UmO*vi#~E^tKeRiV{e}^Ls7{7P>x)i%^Q&3@Q2n8b|Hagx zdW9Ln({|OpI;X^Dy294s3&+CuCjE*t=^RsytQYk&EcwjN3G1-JFEVu}JaB2mJ*^{@{OR+4gp5CUy7JB^`$zW4UG;VoSaY##j!KZeH zO(aE!5z>wSRF0)_w0&>18P1;9BxJ_p;V+dYV-yqXC}Xn-Nvxoi5<~cjR6ap`d6E6y zZ6xMVfG`eILjgq;Yqmm~1%_EW}e7Lk@sTT2~NvCsS?#Ad8n)m6LNgjwnE1JR*ZDzIkwE?H(ueo>d2_WQv9!eLx` z8d7QK^F;ROt9^5M=w~YIm>49~t9&$P#KmL9ypj7PHll>yGm^3=8UEE4rZxZ^lsM^W zB+gFsCtfeH_3E-{+>U7aU2OX?DABabC0wsl%TuXg>%&TOzH2kHC1M8NBkjX6z&}l) zCY&>FKA}*MRRj49O%D;2j(@1~yH$&eT6{T&CszJ_eE&-_zp1D$KJcddW=1y^SL>Yp z#8K~->O^i~?XW&UAkLXhfM=vzpBEkCwecXcH6Hm^2?6?LKJ^soZ|7yAq6&_x@Eg}i zh2nbxfGLw&N6HYgXQ$t!MpT1iV9^ZQxRtm6Ez9S!FB5Tx`}ZxLBV$smJeQStc;x)t zSNRh%7-j4@&7JB_QoR?xOuGt$9Kt~fa(k1DB&qC};(qDEQ!kb$TjDBoC3 z=B0|UAplnl3T#(^z&ZF>mcr0W-Em3D`gpXHe_^UN-(~O5r|Ss0CpI=}Or5669H0){{nL`%BuN%^$aq9w!7Yn)A3qIJp9IQ@Ok@G;fr*o^zv~8hIMNSA!9rHX#}+2V4ruxGe9l*o3F-Dh zq_M*NpAlz+C47DLEOmpCr_QJI*ZH{t!|>f$yRdSDzU1`BhaL z1Se`vx|1mnAXAgbdy#m|XVhcoaHW!1c3@y5UUAhE@y&o};mI%njsF;r6v-U#Ulwun z2+5R`GW_RbdZoL|GJK|f_=vR7T#0%#JC*+nWVJPLSOB6Vm9B%E8$WD*d3QO2#_P=v z4Lg>j{RL{_?6S4{uUqRIC;Y8DH@hf_8ylzGpPle?*IZi&-p(eHdA^ z?zSVwi0Oa&P;rSo@+P%vN2)Wt^UF_UUv17 zJAbzf=(^N2rL+Cz3D}%gOWOUoSSl{Cng7UcHdnXOes{L-*_Gc#rrY z z9$UYgys*BT$yUc1)r}|#@(8v(p7~iQEFqf8RyGeR)wi4ZVIOjkdYpXj5vd|ombBW! zZp41p2zx_&Iqzpqph4frRLiQx_d)4R~drs zf=nyNw%+n7)Xf3PD#^jTmb34hS#9LwJ*OZ0%`h033^O{_e;lqH(+IIiH18f8@^D`O zMXIJRp^Mron=%hiT-XZp(6U71!kpZeDeIdWHktZ91jMteOZR(eGpHG0T%UHhY_O`k zq{B4&!5^AA){Mn&Hcxix>Tu{>n~WaZW7Mks0;?{<+pMk+)nlEIhd!(mUM)a|9YtpL zIQlXIq1xj-ij0ib3sIz6v2IivvoPB(b<>ZcoD}>b1Z;Nx)f(bCAblEi59lW?mKi#AfZtQTA>`?ge0)r08J*(UBGs}RDBmu6bi z8!NMC^|3-TyBcQzyCAEhx%opbYPUen)69|)6-jBQa{1qbi%xI& zG|s*;GVL(rP(ubGCrzcJ2d_p8F-#zjBYkJF1E!0YS0SG<}i6%6_k+FDbq|1po!n0`DDC=jhCE(gy%gmb@wHbfj z1VqbktB7%)?NIkIk?H|+#b<3pKrFDHj1h5-?xjzs<87F2xjH!mg*PtgGw(yytJD4a zDMWrhp(W)VNZ$m5oMvvE&|Q-Mry6oCzNQJ)Ky)@n+%tsY>c}1X;wCI6R@zi+A+l5acjP=chfs{$rp^Jwjxb5+_{}_aDm=ZtcJ()rdFAX zk~A#eWKK@rgD<4dpGni5t)0`6IWSnxb(hX4|ETs39tao=Q8&6uCT9)9?D=l%BN&X# zfe`%2l<^xYeHkLXYTl8h^v-}#O*Yy0qdkJ2qk#3DZi1ILY0s`A`=wMh$PKg;ek+sadjOT zrAtwKzT%=XOd$uT=&5w70kAlPUWs@d`yoN`|OC< z;+<{2!ysl{-+3`OlEHY47h(aF=8ES*Ti04w%3{=U-BE|0SkD^)S^|>9Uwiz&UNjon ztg)f2_!MbrtA>RO_O~j;%oQ`}^MJJarGs^W@hnz!@+@5eJr9fXPZt!k$B>vwwRA2y9clTFAo4YA6fkvc9v$OM_HK;8%#aA*bqp5Xew3=db%$Rq2_F$kAop#Lq2i~Z6~ zO$Bh?_!azOUwlfjhjDp-NtNY1Z?Rg46{@x3$O?kRm2 z=1`8cqhH&h={Vn-q`nn=?W@K}fZu; zz-O=DCR2odKMCw@-hqz^Vhm*JZ-}pbPb3b^2U+m3SO;#4RPbo^m?wrZe8Hx`2H-lw zF>xdu7v373v|?n&NYnUwi^DA8Yv>NB%2X}sU+Fx(!hQm&Rrjq>Rk(X8E?>}8`_Heb*DiWHV(kGW}+yB@1F4j5A=Z~_bj z3jI*tTM(OX7x8F~cKN-C$#!hqtEAtic+WH@anmpAiK}3ceXb`9H8np@O6)95ev{WM zDVEXz;h8c~Yx0;jNiW{MN@+FU`WNQbO_RWQ`spr7ZMbcweXdk>WZPXAp#U4xdc^Fq zL`c(FR@{r4*Qa&-_1YnC*Oky)E4S(*t{K!O{n()FC;wUIcYD+rxWxD~do701(zl-lrD{*F zy^vU>eq-8X6lgD8`7wEM$vWyOOwvy=BXH2XOPOAj#wD5TIf#Vhzdz~ zr6Q4n%TPB1(lSzBL2u1O#80o+lYYEj|LC%6XClp$h|hD=;e{nYu%_-5@nc+X3}T9M zIQ+xjx5h;$0pI_OE=uPuXrhj7_JrG8Z()`~$6ZM8-BZ?FEMf?qZi|sZa6C@ML;)dV z7@@t74fnis%}FyOT`Ihzyb}vP5)@fP3b%3^g<(bLuwg4}a2^{*4t*>p8wz&J;5EY< zfZ}tQl@!ImDZ;{qCNR!#ZrcIXj0XKi^8eF;L@KHq{8_m1n;Yuk-G`Qu1noY6TVre> zA$N}dnao;fP$~SP1>Hgvc^gT1uP;$6d1U2feym<$intnu=i9t!uvtpNoiabo*lAEZp2(V6bU;W9= zy|OE!Fz%-nWU4-3*%_vsCXALNndwg$SGWp-zkavPpCd6t*~bu5=m%yDuo zlWFWaN}G-AI^{7Py#+ug51LF#)@6Elh2M8JD*>o@w~AJ_wzKM%HLy4KwDpG53vq%4 zJpJ9rJ`vk!iF*_K%*4@PS*C4Nlo=?hR;E$zbYXw^>V-s{28PB)cco&WC3q$QTsk9I z2rF0g^<%tBe63F4ujpPN@E7tkOM@s7k&20CBRoJdH@BOKD^uaF5i}KdGF;j{=0f%? z;~zg>fDuveXOUiAAbVF^FG1ZYQZ>>;KIvYKc!3!P9a(0G(-@7=?gI?~Xvi-EYrtJr z@QNBW8ru|O731Dm2W$8L!QNX(we_v-qV!jxEmn#ZDHL~i2^1*B-7OR^fdqG{;qER) zf&_vmK#&%9cY+jmDDL!T?{DvY_W8#7#+7l;xaW*<^GBA=wbqn1*P8Qv-{*OZ$;2*H z)z<%-NzYVE(0lIX0?A()pAz0N!RYwo_~LCO!8?oic?+MWPQE%)Jz+L^rp*xX3>0x_7!rI zlQV8P&=k~^-EExRasExqX}pe}xCMcna(xOgVA;(LZd#?xdv2ihGq zf>tke{R>%N%{YBsF6|D;R%|2>fZ z#p@dD|AGhd5r^aXPa6m8te5g{3}4EUTDD-*xHMOlt>CD-oT+hlvgjJCyy-`kKnuB& zD!7&Ao{O&enpx^~RGub;2bUn6quk9HF`lS!rQJbp!&OBFdG=aLs^?Q{E>?1`NdOXo zi0P1;Y`+uk^mwmWKTkW4i3BPAD8)OM=`LX>I(qs`~S zSgx~`4vR?OOUPzd=lfjGk!R6~l zm0b|p=7Uw5E_ri`oQBQ?Q`zNq^!3)o(KoH&D$>IyBLtx!#=|PjR(_}gSN0SLe-~D6 z${5zCaQ=8TA7Rhm#WjLGGxfSJLoQqE(^*X4%lNgCr_-7$I=Qaxg&O8TRSmUb^8=Ga zdU?laRddu0Cs!L>%l+(oRQ=K;P#pmf?yhU?Pi#-URa@2FSO(YC+iK-c?nxqP@N{=E zXdp9Z-hfx#7Yia>q=>bu&l+gdg*G+c7SF+jw*=3%bgfizsKTIHU1Del5M%Nnv1{ypPWF_Cf~GREknAAaySsT3_tV3C**1LP|#-_$%u$MVATx7cB;Th)RN zM443Y?zsHjy{T+9a(-)O6vYk_oO)?8Ha5{V^Cc;&syQvKg!U;Vg^?x`!~ram+Nh)w z_SYlp_#}#V>&D6s9F3e9N(>C)?f0qpevV_5-Tdaj8HNxEvrTkA|$_cM%% z*=26_{f$ovGs|>^VdjyhN!l|6X(NAs`lj&uhH=g+Ok9LatluULz3YgoLh(iU2d6H% zeN{MJq5OD7?|d?K!!;V(-_U%dUMBsLh5W9rRh08SJ+M?BVBIe?yzj1ho&zV*ZHj{c^d zXsQ-uXQUsC&mq&>Bz&H3hVUXW$)GKgRh(cms(x|5Gm~1&vNly@XY1t{J6RvWp)k{6 zWDChFh-Z~y^CqLv4I%{>r1VZ|buv7{|7YjD8t{BabNI~SQ&S=3$%ZTWBK#I!bQ9)F z8D&;3^#;^DM%~x`5NX=$E{X~9Qvdae5to4>i_gfqP<`Z5>L~9>JtHC65@9Tn@m}R) zh0M|yrCYk7DXJa=7(dL#A#;J#+s^UJ5hvLbuuFtV+8zI_@%V4-NrH%)*R8$((S(@J zoMGvU(taUEr}Qgw*BeizEPj~jz{pe$Xr8>FWCmsjDwp)Si}#JVOgBW2S-`{-&3;cY zbr{H;N8h(iPU`!gJU=DU?!#yt8*@SuFqWsiA&a?bCV9F-*_px>-keL*mEI?MT@8=# zPF~1NcI}*f-LN7De9KH%^f)dCDW^HY&hjRP|`QCr(16o z)R&k(XDJBSCjBbrV`a}KCQ44hhPGrJ)kj-}HW0e$61;U6?n*B;6bVjwY#*=}j6^{z z-UDkD`i#2DGHS@b+#Ei=<>}+kZ3AHVVvRmZ_ZThm!)j^9w8rt>uspOk9u({ z>aW&?^kyQ{aC!*!(zNLZ%-3BQc$*~q87(|nm3)d-tm0rNEQZjj8*aiw&&g=AKUk^X z6^|aTH5epRO-xi7C%shIH)Qg473EaOO73Kg-Y+c^y|^aMzHK67e`&)B5b#x`=lo}a zN=H4^$Mbsozmg6wR|xc}qOY{05;sgfuT}e|GAd1?2c2{dCE|c3lK`p)R^4Z@?(y`F zP_7b*gV4?+Qjw0-TzFAa(P*QgO^}4DLdi^68YK}2XlswXHZ!fZj2C_LYUwfx{VdG>-mDXj)tqvJ0N^e4m+V7TNxi*9r6ZJs0%Uy}7ErbhYGpUuJI78~b|$p!sF4 z#;MuT5-$uc(*q4*9`YuPu=3+@AL9Rdr&zB`kl+Frg%%r z>?nwK)x zKR8=k&;ME!&-vwcSLO%zx!K4sm&ykC8#nBA&Be44ab7|22`WjCF!78Ji}o$o?WdOn zUpwEPWLc^)-o8EJ*bt6gMkiJ4_0S#IWxa@_9dOjU-`bS-mA^tk$mr zgoHoj6E?hy8vMf6XcE@249{xS5<21L+sW5(29@|<#DVLs>R|o`^ZG46Ks=1s5!x;b zNlAmQWCC~H^sAP@l01xNy5R6TwJ<_M3;Jq^^7Rd@s4cRY)#rKIYM7>f^j0XWB!`U- z#x%A*BkA$HZrGc&M57A00k#NI8WvSbda@^E(lkCnZQYgWoT6ve?;M=w4}ts6P54+1 zn(o{S(UUvRZ*}F-F*}c2y&K5+CQ!Y2Q4KHE)pSHjWqbU075}>aUrm?!ucq-<@LcuD zAc<|Rb3+a``)IR(bc;QNc?$GW=d@~b16kF1IaXAl?7*lxt^9&?)Z}TI!FqkU?fa4> z((p7*e`13&?Zg&t8#o+RB6lHwCeL*~B$5!o6SaKH;X0kNEZ_RRG$6`^X7V(v;M%V_ z!1uhOLUEG7VKq#6_30u_TQ|Tv0ROq5@hRxneMP}O{rc|762jj{t@!%+g|PT&c3p%# z25LjeB;+5jtoHWoT5e&EG#Fy4Z~j7Yy`f0Z%Azum`Z7J9UeE z1>Lx6YsqQLe;rbqj}kpc<0URB<1unVm%v0B{vaX>?2Q{^IsmoU-1*&(V(p`S#HSwob-?QxyD; z8K_gVbBfK|ssFl|$g%-`$4muE4p{<-u=M~)Q`(cBSRYfhfZPyVFPtSUO#Z)|c}*2H zcjk1qJmU-MQ(bi)$5@FcTiOro?PTilI&;C{z zn*XC-u+QR7dj zRYM|8-GP%6&O*V-$A#%~N}(pjJsXyb#i3`qI`+C4la)!2e#YayVC(5;%+U^tg3i$t z{_DE4$=9QP7BY&uMRcB9$1TNk%W6ga)**WRx`fK5TB;a4cp#|#GVivX#B|bCZ7a#& z)wSz%&X+9Lw7^&(VPBVwmG21ntX*U-q~4i?of$;8B{kJgQ9j_p7!8?&!ln%{9yBWs zxl$9uDtt=>iaGtcbg&EgBrPjMDJjiEFc#L*Z|5AEqi3pZVUrF{(T8Vomylw_qY-vp zrh^5kZDOkpj!{qOsg5z-oA&9%vs;?^9wgH{MXFMBTnukKS)^ic(na(u{Y6hc zBiMxcRqFVaW}#x-%b{?FF%wvoV2PaspvMr(GJ7Cq8*69#!o&M#VZ5{coca4i8<~aD zet~=r_|z-IWK$)yJG+q{Molfspt)zy&_@&&KG_7)B@qg^J+}V!q#+f5&2m(8+f6es zZ%s$1D0)JN`w8zj*FQ&#m?eJ3US&U5^$mtBc^}ok*D_~neQv5WwhKYl!nu$;`th|D zGPRG4`3hY_1S>#QTj8C`BxG!VQ;p=s4FUdUsBFhiSmscs)o|2-?_@hqNOziv%$b5W z4B*<*FlDh?)DIf)L`%}vSX18i<12qHXyRFt3dli7KhKqLiem0+VyKvxXo2%C$Z6eS z2su6IG1_yZFP6Xbyn&1x<6}|TLT0kSg(m+}W!V)(6HFaPR-!*T5Pm)`b@tTS{b+}s z$MY@X-^bH#k1bZ3lu9h7Ck=iaQsrQ*-A9%yN5oM{_3U`;>BS}B$Kvr5#x95fy#}Gt z9*o$Erbh3mpLpo^4N^CDQp?aUP*dKzVs%BV*$*Hns*5(pRY^ zmPxuCvzUpHmGfJhU;nN49~{NS>}QKk1HR5DdpB}Sj;ci1^5v(qufPYCLs`WP3({zl z*%}rVx~xM?tmlzq{f8{f0lfIwzeS7W1HLYe;hkn)c39j}S?u{C*gxQpl+Hs@d z$%V5hdpi)M#LhDMY34MfJPrmcM{tZpt0aSA5aJ>c-k0?!EV1u8Af<_bOrGoTo#AYpA(fE6`(L5Elk} za%|eXF6ZX6)iyY+?&TJHemu@hhU;|W07IenLyBg5JjCvZX zY`3^h;n{`)cr6QU7B#sBa8WNB7p(Nh(4?1d?ILJM0NW;@vkxe(q|bYgeWM@JN>W{JdBno(2W502(>^eufYV~I-^&EhP$t?kh(t%?EVurj+vptSpm+%!-3 zKr@?p@Cvmc60ON9QfZNYV{s6AUnKDrdZF0JJ}CbGF;3&L|7E5}ckZcRsS z*1*Xoc4TMbrONQFvCsHK^y6wGBTTx-nd)6OBw0-RkLIf~NcMui*ssx(s!R|nr5e+p zEx9qP0i23UpBWY7EwuZ(!zhUl?r5eL zvZgaJ&|VT`UGFTJq% zl!PTtm>AlJc#2tU_h-UwYaJ>Bqehy%x$u43k2+c_OgzyV_+ij%nt~}#m^~Mv)Es(M zkd#>Dru0$uPG#bZum38=MXxCd%cf@{U6}vF$E5Z(T$lRVFMoOJk#pG1KHPnXwrFIr z&?gN^Mm*2RjAiAjt*;5=J3g$-SDO0#eE$f(qSPPZ8j$k)vg@WjQt-KA^%Zz8s%DtA z`aO?L&vkRf?_ytpk)cMXw0btXHkbK1ozH=Bp4}ZDMxGi%Yi=#IsNJ{ir~s5V{MN0i zuyAGJ1dZ1+zPH;}IM`>WUvkz5KTkw>IioBCS{m=cmkcoo8r-q(Fhxd@u(x;gtHWKZ=w0VU`Iwvoo#Se zihFGdX`0dk*lry9ma4@!+X=$fZFhXHF))))xnk|fJCnkq?!q8L6FsrStRZ7CS+X%k z7Q8h&t)R=sQY(N^1(mgP)|UH2plsMRz2v?`=E$v^E@0oQLlOaH#yx{;j_r7+s$zb( zWM7tMY3I~;{%%==aQ=Z7IUiZD%v|~^X=#c6NZ#SbbS!?_hIxk+bu@{oEfzt2bgGpPc2#6g1%DlHbpIWwb z?Lph_Kns(Jo#kUr9VOXA-iF0~rRpr5Jgn3K<9eUCOz5G=#d9!M!v^`OXL*y8^brKo z<^2TMIVC)=wK&j~r{(EcI8?*e4;L||6q3jf;VrlgQ%x5#+AUd%kw74$TY(nruL z+c+q=u%%rrZt4Nlusy7xGvTwnCn1%`v7+G;^Nt<^KP5W?CbyY-@H75kXZzlf6kN%#LSv?zVm+i*wJ{+wV^v6E(`goc zAG89~oL=3MlEwr0qa%}L$oG|mq80V;A=%!^FQp$Ha5bhocT>7^aO6eQ&@FfellxCV zkz+}4d!Q1Q&_HBwsLpy&DhY-@e}_NAk8VEw2QHy#BxUl8RbPxBf3F8aI}S-vA(G+# zWFkW$4vd~4F>nt&1D5zBCmxU|yeR3%;bC(qjhe6(x|C}W40uK7`bwCCw(Fu18Z#TK zXPLLamC6(dysr-w@MwNr%vQPkY^Pc423$(ip7Q zVREknAn$*7+;^-*EhKG2J4He01qxH+A&sEU1{ZBGPeL!>aTM2%DR>fUr-4n=LbQ@Zm^95(<(Q#wrRBtS*Mq{zK*5e z?or3pdqF&e#d@Y}&zWvN9-{fbG~1pgCn>Li0jD^=9nk+jD(i>89p4WUopk);*R0`m@?lhlu+HPU)xEVY=JVi<6>qOt6jr@j6RE& z6U{}L&)U;OPIE^8oV~5D>SRh-3Ov3C^daSmS&Bry(v*MgF@t{;+4T`J$S+xN7t<+z zDDnBf&3OK8?SBrH?%!^JKk4IsDM&^0ZU9tR{|Bqdwyl5b(a9cx#M6?B99EW_UU81V z%@xF&|MDv19xshzYyLBle`M^D!;#%SO)rg!$nM^HB)+z&#!>71Y=M|1lIvq!gYa&P ziNTjvHuoMq<{$t?mXV;NGSa^ zL0t`KJ{Pv(elwiS_y9y;NWFMNSwj|UJN)u90=q26(LZW7qKAJo?5)waDfzmVuD#AR z@{^A5oU#V$Z`O)3)1>v|b43eZcrzIrd=|vI#_C6d1fAT=X~{0_aOFM z?-gNP`_019SB>_}z?$oE&KfuP?@z08i#fc}6PrNQe5P72v<5pndix;w-3%_SN6J{T-^TS#`p^hQdmw!9vk%NaI=p{mp@qV1Ik{V z+Jhn9Efs%fIivpGv}bCTdHGuUQ#nz~dJ3LY(?iuiSQ+J_FN#kCmwx~KI@m*wsG|$T z%9KSwR5K81;N#lSI0*g}v-w+zNO70`Y|V6Qv6uDHjBiNr=^im&4a=`Pm0?5U*8o=6 z_v39=15bpkHAa(n<-#L<-*EM;UBCP z$d34s00_luYe_xfLZ1$sW@EDx)YJx(j=wBya0K;e<;ADly)kxhHG)Oh$n|9?S^dER zQHC>DQiA-MHl(!Wih{GW?&urtiO6(x{Lnw{HZ{k@GXcdAmh7M4lGBXTJ5_uNcjeRQ z%}W(ijjOs(H$(Xao+7>)^O}IqXzgub-s^NKft{4?*TcV4QMo6OKUf!8@(Kse1!+>G zYksT}aTa?G&*E1jBM7z9sIp0T?DV=B%yp{%lGiC&FiIiSs9@Nqi^|rV_tK)Q7EjuH%?E~(ghInP8U>al1AE1mp5A-9t6wF_A$&-*Xri;*tC!D zRLv~eB15jU-|x1>`(XdxIHL}W0i2277?~~dv@|ivf>*fT*!lNm%+V^`J}yD?BA&1H z2>y6%b-Rdsl~!d{#U&6b-cJz2=p$&y$@aS6P9<+mP9%LUZw&GyK4l_fTOCIe;7rZi zRxcf=7|#7%>FK6EgS|vl6g9lcBx+2jPL3*hHhn@+_w|CA7kh>*ZhWajog9fnogflC z<4}RX>m-`NLr5mL(v;+rEEnngP&oJ$*f~k^2TKTpQt_T}i{2#o_ePQZZ*3w8Ub;Ui z-hMqqJt0i2{y}KsT6G|xFa%EwdM)pI%fwauuQsz!{xrdvH>pkmY>;@IU9?ol&!?Q+vnO*}HaO3RI`2~~84%KMRVe1mdJm5FX3u~W# zwxZ=b1|+HCByqP2U*Dfxar+%MSW{{?seRFX->wV}{pj%FZ~fyxhc0Tb2_mPFD@^8AD;{gat4!s5-15uHXdqeYQkvKsvUn-8{0X-?j@qS7B_**nY9d8 zXK%^C7QnmD*}}+QFIyU2(D|=q@Ns7FqyZ{IAekjlHV>N3(?3{u->unw$E6g7>rQLQ z3=p+zI$KPZuR+f z=6)D+He$lWOZGcas(!ns4Hagi#rIsk#$HBSQQo3XX6gxlu;w5ZH@O5Ak9?XJ|6pzJ z_&WbK4Y0TM{~?!u*|2b4b}Bo>erIbVg?h316#zW^bb1D;-)=uZ)}c?0q#|NK!|xk>}O7skf>*PJw+-3Z$}YG<=uao)R;Z~r>q=>`rzzax!VS)HpHB@n4N z%Syf9l5VB0@ceP@lRYouKQ(m|5Fvl$yl=P_lBs_^H1Nso&94~!#-%%eI)qAc*Z%L> ztN-`hImwqU9NuRa)#1~)BU+a7MsH1g^?YbIN$zWEXcnG|&`%ykzto5Ld~f7OS*EQLdh#s)tIWWT ze4-tbt9RY3I|9yb)q$$`Sr}%@N3RVFH+eO$S8mmZjoCLMM+mEC5I}lKiB{YL3z?-k~VdgEi z3t$I!hGLo2#ejFmyFsv&Z?Cpf{{B(?um1deE0K&{hLqxvx!$#x+*~>fwX*=W#{~P& zsG<}yXZJ6LZAk1lv<9i5C1P)EgNp%e&%|OiNw>!tn9^Zp&sgHhkcb;%z~G&_9v!RnFrEi zuth08PVl04`K)yjDq3gFhswu@ z>7*k~PF3Gg!ZC$)*GY=dC^?t)p3uzw+zJ+g}6+Lch;X zu|D1d0(FmWOz)}A_+!X%p9fm6`ff0t9EM9h53L%hrxr_UKB&CwSO__NHyxu_{PC}@-RWF= znX17-i}xE-YvE+|BHS8E0xU1`na-Y1abTh&$Ds;IqMktWlm&3IAsB+Hg|cfrW~j^_ z*@5w2E;vpB+nB%}c}IV(ki)JMN<`jFc_qy2JJ#quhs5SbvPISnt2>0iLRD=hluqsQ z!)zF;C`A!X2++&aSYXx ze3o%cDv!wGS3)WG+|jHp;1&SmE@MNr7!M3=7EAriRokK{L8-Y@4u+Q-Vk*nM{?Ob* z`HdxB?o!!q>2*dsj+!Tp)mag-c`oeH-D}S)Q{VuDEO2LwP?e&dJ zv1zLCW*(j7=k$}#5oi}R(!?I@XZxlH5O1fwI!LTuj=N{BX6kBz@4q0E>@uB*@3u?x zASJW*ssv7xW7n$l`Gm><;rSDAMK5RBUS#BcK_SHMqa8%W@L9qOL#tRt zk6CLZ8qE5ZmjDX@n%ZBPG7Vh78));&x45ABAXM{#+=Erm=Uc~dN5so1PC7Oz>gn^q zn)fMM=5Z_q3I*X$9TjAhbdow}-Pxp{DKp?XPXScaD`%uoTFcC#k-RrLylOxty<|i& zhOUCDE3Mj)B5^(CR*<0i=O)qIN@|M8Px>jN$kMCrVV&>50ji|rz zUQp_M<7k7l{d)QHhR8G_v8aD_IB`}-Q|3cgITX9Kj&uEw#X;lVpNG`h7vR5V)qsz7Y9c2Zr?{5vj_AMvak>F0rM!r;D_{r3cv7& zB2t9vfv5}oZZqf1`{GYJ42K-$7@QZ~;+93p3woS8%0H0~ zvn=m%q>+5B1GdNJ^D?FZK*ul2IhE~(KE|^)mF_6IePr$89g8Hi|5jz z#bqpk;+W{RP-PWP5s%tzFdY*K)ya?X8G>ZAFwfS@^f@wX;8Z2n6@8|T6H$IHG z(4Ohby6{B*ntGKG@^sK4?u^SbN#>w_Vtexb;7N>=O81xu!OIpgBlC1#$!eJ@1m{F# z9M9Ci6W5MityR8AXs8L*M$pf67X~^UwGLH7Q$mybFDl*?T6zU}bPf%4d=MV|GFsSN zZ|BV?4O=Qzcq$Rq@5<$)cv9MKg3FWVmY1qG7j>Gj#k46y-%}5fv1(bk0l@l{^%-ND zuSw9@+&s8nLE?1qyThLLz3hV7+G6t`thjUAuWa}o?$ft9)y>L~qYK?VN8Jtg3++9v za!;*I7x${BA2Ww*4{IK4W!~=+@Fz;IWr8H1ffbWUHId{#x@6#N7DKz|4%IvJ($fq& znzhvj$}q#^h2B9_QZa?+eDm*%vH8|ENxZ}pNS%eswpc$A)hKmb%SOF~D;xDBVU$&v zj(a)DQzU5aw+Shu(oF8pQ&k;hixl@AJxb#tK6KebH}Nz%2req7VTLC}STJ>0*Q?-w z6lE?{r@NCmA;-(1(qzYC5ov%h45spCS==a>*ZM)J<`RC&g0&*P`yvAT!|hr7A1oCi zXXvAG?GF_8iRX(n!RwvLtC9SA{e&1Er{X1%&~oTNLVs1kv(F&~p;N>Kc@Dg)DJd?x zpgsv)k`}R~GO_jU-OuymW=DEb?PDs9bn^_}e7uo{hP0Si6y71Kh@wCxowuus#s;wp z$#ERcGSI1xDHd0yxx{ZOd{f882IMk+bu`Wl1C2|s$A*ZnpJmdIL^g9wn?e`v=3{Gq z8g0%tzLs9qw2QQ)GK>BlU^l@1cy$IEwZPFQ}4ai0W-1c z@i$rA71wVIhHvT%otdm1eN(0BSw%uEy}sIPm4yuiLE^^xzGWKYeGKfFXinl~<%V_| z_G)m{G`!?|HhTA>ozM^%WubyLt?a#S4><}hly;70ilUw6O#395dqMm?C3a)%E4>ch z@X@YLnWq=6-LpO9m?O(|NtNi&cj6NSQoH)ETkwc_A<(V!X!tA>ytPw{${$*jvMn2U zNZswMOf*{Ni!c33|7q)VeP_XNFBuOU#5p#p^b}5P28Q>7d2mYpyAjR5Hvac94p+V7 zj{%C5xa|IWP9JlYy3BJWd-l`mtJhI86!yzf8D zxNyH!KC*b0rTxD~^YYO>os!OJIK9M<=U+aKYVNODBmK zwmx;o$eaVlJ&0gH{p}ang@P|T?o;&g-N9umi}{d@;hkM_8cOePn1RD5maj|B<}>q| z1^(Bz5*LecF5n;J5Hvf6g3c+rC>ohQ%Pd$|;6bj$NRk$9o)Zrglxw9ZQ&G`1l#}+^ zJrWTkHz($7Dupv8kKI(Dl3E%HE4^wzs9ITs9f7a(edWB>dgeA-ImIpCg+)an84{~e zllGc=)8)nvReYrAA_`!NAkIft%OW>UT^)VFor5r4eg3($>5u5czM~b@O~(Ail9Gk62_)uR&W{SvP^e-tIMp+3>KDEt3N*4T?!+r_0)BX&^We^Lx&=@Sqdcw zoI`Q7&KO_$SdFpn)!C)dfrspg;?2WGbWQb3D;syDpSarheq9aVrZPpiEA?fXeOl6q z;B3tFMF=D)+Q{k2zJ9pos;NsjJURk`*@<#;rPy$FUbIi9_%jNmi%!dJO`Muk=h5vm zBFo!eYVQUel-zyI6unJp{Ip618qP4$Xo+13KrS7O-7KJ5FQ8Kc(~5=m1_OdyR7#3Pwg9b3oaAROI&e-Yr@aIBC19p{~bv z!EmH8!*9JGXOF+|G&8+KaT{H6%`u6VxlPodLa=RsCWobqVNH@#fB&P!Yh1bBgm#ms7B3Rzz27qpIc0%lL)@ z)hzhKF6wUH%e^DfmvzEcRfuyz)OVq_0Y=qxR*cy~w`FcDj~ldVm@12Z^tHL_Y**vl zJRH?Hq_Cz?;F^TsZ~hJInkpSvgoPKwP33wL07*Y1g>Y&?-K zHKSP%wzYM-@-gz~Q@f8}F0SU8o&GrNaT*4UtCNF)J>{t>=7JBkkEq|-R_0H3F?oIZ zKuMArcoT_WuhGKD*+m_e*@JZNAkEME2#YtSpc(G0nvIo*Bmj8}bXCd_MayA0y6Wns z0_@{_Xh~MN+VYs?xOL3?1|dyco0``vKF_Aok?GkOaP~kPK;Y&;XHEx!D|iKzP;6SO z^&LY4KCKv-1wiNE7k7WKrne>Ow0_401h6GQ6OeJH9sLnqy+^ty#Aj`7JbuChG=ubA zA*ll(U+TS>^pHrd;mft7!}w!npnFc*99PXQux7_!=e}gpyYmdt41+71gEc%q4Z;1|6ui~NJ*nxTsTxIxPQuD;GGeO9Mbe{TwrLv`IVW2ioPAGlJ)SXHk&ce@a4;g z+~-^~;xsXSElt?Vydr46dEgSmM;fN??YQOlKtr3$vPl%fb?_fQ=UF%1Xm_H7HioU8 zRf^Q^?7V8yYZi_8($qChn9=LFQ7wK2y>yrc2j5V!?m4-wcrv;K(|W4L^6Fli{nC01 zY=$dtj>@{6mUD0yqhvOta11#%n*&Lm`?9{<;tOCc{z!RYT71_op_^4y&$$@J?KHC{ zSEZ@x%Em@b%!ZBI6_-5Y_7_k8i-_7;tr6bJH?$28s1Cx4bn-arN@1G*qFtHRjsm;8 z#uXT5YonN~#|yIVT0+4G;UcW$X_4 zFtYd$mcE{EjeiN5`yZ_9xx+)-8#jgrIqk;3Ze`!^hVW9cc}un?r~i<>zL8XPYLczm zN}a!v4EasYS=VOx8+;iQQ6}}%U}LC=OMThydd^Q-&fb-nV8|PJ+C;cOkWiB)`)~U1 z|2a4R*nWA`>WGZ@-FnD+_OA1r;_hnib4POd8PGH4PRF6gwqfhP(`AOfG7&CiQ&*$7jj4pTFRTUc({=(=To zdF|LazTkY>-lTBm;aFn0uuCiN+;lX=aIkd}0W^5URIJ~&2Cpu(G|DVEvdbX%m>eua zy|&x$<7~pXt60JI%EeCt#eUOu%#t8f)U7TK!>8sfro|I5;?BXYEt?$NWJ+;~V0=Ki zUVF%QktnyQDzHO!N+R5_mOHIaRSC7b>qHq zgy=e)u`$IFbO~)*C6_?F0KZz_w?&n;tlP#{R5+Rxu6wY+zS(&ZA2N&aHv-r&P3nFo$n={Cu$;PvB zEGe(e^BMasMCo*?Vb0k+!{LeOuz|xSqvE=~?mQT3_;#p`9Xg3blUa;@!(>&QMFHnz zVi3>Be1BlBp#UwPoSVpDwB)Wb-Pq^VhRttXKQ{bxllIr7gb$cXHmLGnN6GQ`HNP7! zEr#=n=Im zU9jZea7(WWpKwBaM*I&ic$fNIt!k)$ZaH zFF66<2dl-HW1`-?3>szWDUVrO!-+l<@J|rL_*ZWEi9>$^e>Tw!U|}>Zz|C7yHHYFf z#sa@xBXgERzZbL}xcKUjD3doYr5>%#1|1DWTK5r1oIRm*$sdyZEu5nvFb+J`$Iow_ zTY8S7#X}s;nZ7aEIM`-R9cI>|3~f=A>>(msS2nY*Av+-=o5mrbbO&?f^|Fm6Bx>qC z2s+gd2G%(p#W~C;V7-pT*Q~v=hUlfzX8zySNx8xSYuHfE zVlt|Y%KXd;AgHE-Zx@E`DC1>m?})F@8SgUPe*9O&xi43Pb%TrDD*EA=0fsG^Ax33p zn98V|IFhPABKJU>*)n~kym`?1y-0D>ddQ;nG?tLr$Fmg@QLz z=gipPX>2aS|LT_j3v<6VCAS%6ho;D_8WFoLePmsigF{bL@_Q}rs>u?5u!2hstcWGU z8|OQPW4IUD&M7_Jipdv@s^Z>(i>j};EW>oBZG$ms1+Rq)ErV^I#p?0XcO+CmrXbe| zJ2shKM~xfb-Y{j37O;0GiTh`WB`|n}G@JINBtvh3H{IGXy;63CM1WR zXKj~yw2F*?>x0Q+#nH+$SjLiy^pvNWt>H-D9QZq==PzMiZX7(zcB*$sg0M1)+aQmh zdx4LsB~!Z>fR@jlRotK1IiqY-wj`VxL~)byG&z5eA}KaXwEK4Ph0X*ys^OBmAF*Az zeDfGYpfx6sw@^$i2tE|&~3{?q5F;{-(ZQ=bz z^17|^X*pYmguY0RrHVZ^h&7t_aUd9fNF_h9SrXG`tN@oUU$Koclfn^bOvG&kviY5%kpXm|Su{Dr=PNJ!xt*1-hddd#Z<2 zRpZtA-zm7X3z>NJUol=?^ZOl0r;&)fM;k`yTlRUpi|d*w))pj^!QmU>KO_L-bw~)F zxsaEL@X5zBdadA|@%h>L^b-(<%vJ}vhRJ4D&D4>x_(?wP09hSy6&hp*2_?7(8iTp( z`%8>>9x4b3zt|G+{a|U}BOlKYDkN)%;XxR}>s2QV2?86^^U#KUPvDcojc8x)$PJ`r zqDn5-=HPTWF6UW zn%v9C*-!(pNp6CQ_bTRmIC#M{qbBF%^VKMg8W1GZ%#9K0Bxd5uEE0bFT*rNIL+>+w z8regzy2oHcDf@eut`!Rd(t-Z@qDD?ws=cMzQA>qwgI{0`PFl0oE9Hlp{K~jFq~Fmr z&pyTpGP*GA_VSeH1B>4B1+XqZEKY3D=GJ8|YkZ@jjCdTZ301eyzAkN6BOt9bAVWU-cSQ1Yb1+1}U*oH#lTbR>c8E z?V_LfHWLZNAD8p1`236)d}Q|3MZ)G85#1XV&9a2zLzI#DU%CI9fw zF~WhXc0aLH3X<$Rt7;yvu()cNBDpD4R>YA}{iBO2ulHzeqNx6H8K=m(NZMJa5d$HE zrX{ztGeD_5iCk;PfJoqfFtow!`k%*VBCfkV{cFO>pNJQhzIuO@gTwuuXt+}1H(g`fA{eG4PUmfuD4^}~o_D$O7DtV-Qd&01c)HZkG{l*6l&HcFFYbPTy*UIZs4XHT9 zzE*ys5~uX{@mJ~xHh*fyo4dC5baTxg7b|FD=lH)3z+^IutZ2UCL~&I z#5{A{#f+A5YDHr!C;kui-a0O>Z_5*f5G+6l?hxD|6z)lI3U@7n2Y1)t?yd<0cPktc ztZ;(67w+z4>UXXC&h0zX{bt_hP0#D|N7bo)YOTFbojSW#t-ZeAujdwYk-t_H?avGq z_|2R-6Mv?G)c-3DB#ggmv9)OJHSY0JkCy}R2!GUIcWgS4JldvWjCcAs+_1YG-R2ZQ zc4XN_EPxYv% zI(vLZ{b(U<;@cM4PBKr+)I>X9^#ftIrsu&l=OGtFN}O9kEKd?%3*{e7Wk`06Y<)$a zkkBfoH3xF6RMPsft-MR4dKgION3~JuQ1g+-B8sb3df$YWp$gET82o9Ix&mzn&v?Kr z;jl<@pox2bT4V4Aob%F49WSn{kG17hj8iVjr+7{)2CDl^(ToFioM3rzF~x&4u+fAO9$7Qzk7?1 z<`qGkU*QS`35D>PR7YoiWJB!W`%Te9n4&{#U&&K9!hUCQ`{onR>FwOzNrdp#6RCc= zuL?2@+hC^ow8E`;O!zOIK*qe4PpWn|j?9~4Z)Ckq(sLHc^uXV8bb?>hPBBGGbHgZ@ zCjr7Z=Is0k>1TSXMDa;+C*$fQ0b+aiIII+}a+n2TbCA37e%+clYQ>tGS~iz~rxNlc zb#e!d6O&xc_g0y0-qOeS`z$U@cBgfgx#1C4A=?`et6*;_2 zmbCgolF;hM1P$&HWu$_kN{!t-1bzz};gJ{AY9%F1EH)(&LPujOt&uVYJ7MXw_(YA% zWNgJy=I_#aF=`EmDHtm$QdC+~8T97jhfh0w86PXUWxaQFCb6i?s1xNoK?_GMy_GnW3A5NQ7YJRtx_#_QaM z)s>x@b*6Ayf780~x^mdf)=B7wimX1%RhYsarXF+@h7l!H*)C+PI-lcNRJQuoRupIa zmdkXtkI(e4^VwgfwZDI&pe8eXa6OS))lGOFEI{zGjJclZNx)#S9eayo?K z3eS>!LcS(=Ydo%LxaSz4erMUGGW<6`9T=GR@a+X znz6IYe0z7$?VBk4Jm>w8y!hF+s>&C8g#=P1HcCFt^WkDPM1(W?J(U(A4!LfY1e(hhKG#oX} z4I_ZMN;fmDIsI$W!u>>>?<=LL`a_ci{0xGS7d7`98AbYfR_~tc8@x0F8Q3xgbxOlO zIm*z)H=;m7?hg7n z|G+Q4Zsc?Hn1wtE0CJb#A(jePjFRTKoWWN8ql#|i;4NeS-nu~MJ7Xf1pSNVpf>tzj zcZNxd%EL%Oc$kidxULv_%foO%fwrtuWlIAL=U%*atgRVjX~cQR#De1D>S!tT zHz9Kom>31}Lzh#M zCfy>lz%KAN95LIe8OK7d{=gu>Nh+xE3jFvncmYN;Whv}A6MXz%ph z*q14S`*p!%ZTrcGA6%<6GR2K&M+``kIo|Y_)VK~%$1cxZ47qEyYfNec@(E~rKU33 zM#6m~eUP$V$AbzjP?dm5$s_q)cV!cN3&}wV3O7Ok1Q$isxBIBFFPVO3c$Tq4v9bAB zrkYcO`5=aAa*nVkK`vVWtkucg5h2jiqSn#MH|gQgrv{(eK<(I&Dt*g$`g4#(CME5R zh2uho3rt3?16`(y6O<{4&-HE(SAQyWV3N_KA;LEtWiN(!eIxlGXTUAm*eZ>%vsuTAyrym zYL%V+hp<55VtZ0ar4O<&?a7t}HI%t*H%UHBTnDeA`^;p3s@NtWwu zI8#1fSUKz3UrT<-C3%acliZYZdGbo>_REVNSz1KGpt>Vv#~g4TNy|ckvPz^K!o(pa zeg|1gbAkZ}o!xx#u!0x%A!h7MVSk}?4zJOJ$@QFx?_(dJOwoxkBo2$# zHOGEVk2a`f@z-Qb3yeS;bT$}Ttf83HO`$2$!uIKF8p~AM8O7k>*?xW4j)N1SSvC5X z*UdkAC3s2_Hm!4sf}uzn5LKmIONj^)H0ja}yKj;Px@=Gc!um7s^&fY9{+syi`4Of4 zcVdQgI(3L&+@}X<CMt{KoQB@#-vUDv@q%mXC(!NyarO z%AY)s~wo<9!U-cgRKczbW+ z_BU-9=>kkqRdT6JVomv+X(x0EXs-5-n#aEvj7%K_lub9I*EYhxef!6}Dj_04I8%}0v}y}sZx2fOO@;@I4>Y$GcR$L{ggS7fwSS3s zdH!3*e`MfcUO8WpuT2 zH}#|wl2iV$0N4CCsi}YQ#gyJV)<|@4fP{7t5zpbm4CV5<;4KZ!@iy_^9$ImJo|f(- z`TWcOUkv`(L$+)ecqER&%roOw)$?27TsOUZ;c<Kxu|1%<5Y&T2etth%_Ga(aHC z9skTNbehh1-^F0f{G zj^~yk2@@~s=Gc|NSRPN)h{1o1AoNhhg!^rju0QO zos$hxHKFSbvHM9Zw|0ugVxE;cQFy5vN6#oqw}9VpgiFZX?1bBCJfCKY9=Ep=iyZEZ z1?vRT3=wN6KgXtxdO1ubQK|XNmWVu;C=}>u4@~Yx?^Vf58?jn}rU-%uJRxqqG77g# zvovLemA(o5yxijb>3}T`Z}#xwV+PugLS(r;@`#8Geik6hpgh5rp#{apb>`!0xX5=5 zf-3H6hx2#Cz9??IVp@G9!EsRGgS{5eovAttkG6Q_a#Siwb>{rQMTj{tnNatdp@ zI_ZsW;&Hq%)nH5R^X`hxegE8;Cd3fmA@(Ty!zwNaX_CLSZ3%dT?JB_#CXCAc7S0Dv zF!p&uIOAa-^NI$7Fk&mP0$K*qE23mAEi^o-i+cMVa)IYULi+ynMPdqEPVh>=s_I0* zcnaKxL$sm%4F{#8_UWC)&Qv_)^s(^W!G$nP?`>xDAJlVP?cXJ){37{@hnt+d29i*^-`n zDq*WRYhT@v35T-?JO!@E`&edb%Ti|BaleFA(#2cF_^E>H*!{9f$B@ru)1uK$?ligy zLVKuaz87L2NJl+8+#nb{j&K9zUS;fFw8gCLdi>!h@UkG0cXH+Hy`bEx<8ftI^V z@of<4*MrwQ@1INb(fKMz1$1Nx5;dlH(mmhsWH2}|c$Jf88chPFyvAN8y{y+NeNbK6 zchI$oO(IscDV!Osd{;}HY~WJhR0hN$(YZwHs7Gjq308RihGX|Tm9Tzxb8mz1eMn2L zZX~l=a7jn$zsnLETRQqu`5R7s@bYFW5@4EmlduWxFYS2P!vC2F)-trdPSX>Dg zep-q6ffHY+vs%)c8H+x1lnZem%Nq>X==K^Z zVLBcDMwOIOQ9=e9QfwLe5nxMNp&E^~NtSu5vOc_*cugWr%#|lx7gZxv@UD)!pR1dW zZJ>C)B2AxWOGe#Ij3i!6k#QXDMK`O!6k0qZLn{ncDEnj57xiqEHr-G5B1wu&(OuVl zH^tg@rq)h@YpxBkCh_sv)jn;DXb2>3F=tv`kr>R?vP>DHR)3U2{3|6XcHyJ$eN7Jo z-wz&NWTyFJY%TVn-*Cv%FH;S!NgO$+I!%b|pL@+raPXJVLTdVWYL!Jnr{BI2_ay8^ zjZ_lEp+~<1G`2Q^3Ks>2dl9ic5E&4N_RrB*W4(%J`wOk+^~9>@H59wTwVS`}pc<;p zk%fq~m9I=45I{JkT>v4v_8zHy#$h_C1)iX_OMDvtbz2_)m`&PfCk$d zpGuARhju)FAqCoZpULHp1Nq?l%;M7yCm7Vsy}$3xgOsSoP?QE2v zE6Z=p9#q(1g^^bct1DyIyV3}vA&oz8L!xJ28}X@~`vkIb`-Wa!dnc^BhZ>J_G++B* zt^suIg6h^5&(H|8{QPT1vK91lyC$#dZ&M;>wizh0E^PMPsaq)M%>_dLmc97v%=Zt^ zw3`8|HZ(WCkW}}>BasqkAqluEfY|COY{iJxtXE?=L+f0@*)Qejzy5>eUmD<1$R;S7 zl3{5nEy9~=2mu@b8P3n4F|_e3g4Ef;=?jA&|IG3~-mZ$)Y<+Zp9Paz@=&?W6{uM39 z{~w&ZD9O@$aLDPX{?y4=f|Dzxt9}-* z-P0MXb3>jsMeq&Y)8~HjSd)W4H)G^!BUHc8! z7uiM>aeVo`&ZJOeIjTzs9@To9j|6dqFaxSmfjc%N;X zpda%maQuG!>EtN*I}RYrbX^AS*F0CA^M-q4*eBc#&!V|M8RY59V`t;t^1WyZG+(xI z-@<`TTHikC?wZeb_&!tiijCRQh*oeAc#S`J2HG5Op5pqs(HD1x1^!A@`IBpc)+rbh zgyeG3?;>Ut~#ODh6KEe3Qb|aY` zyKNOtQILYIjm~pvZinbKv97h4nDL)H<9#?D5FS98UHuaB{PP0t1vm~SUyFnJ%k?BH z5=S!f6zdNq+fhNtc{5DNc3y5`VBKQvQB~p`eVbi#;2OPnd>sbLe-8h6g8Hcx`amxt zcH;X(FMl{VPjyB2o&rt{cPQ=TwPMooTvS^2&;)%8FQPsQj>KOC%C#ID`U>m9h>J8cXK@Rb7F+PX z5RSye60AgfYIQQGv45{^SIvls@XRht*Ji6amg)mHLNmlK7ZHd{_L!Im;t0pn{o&wo zNzi^Ghlot>WQEpwbb@HGt=E$)BDCYo(FKX>(-!Vnp^x zW0U9n^4DOps@zVNVIc@fzSo=Kk`vA9+HJbcBZPva8Z^wqVm1=jxU^oanv8?ra2P6u zmq%wPI9RJatd^)f1=6JE%yhA7*-y8l>?DV~nNJMC4?DzfHPlxf7Pz9wG$eD3?J~M$ z{9=;(mRI&nmq#d?TWrHb%(0uMp^lBKOpMf6GVRJ$e39&FvZ#v5z9;EquDwhz-{JQCY}%IYfGf@b)(70^oxJ9_qL@A zl_~PGGOhL}LOWc0=5^7a^C)wU&31t>-jQ|oURg@~etKR#dR;2EC1zaI z@I^!KBK_?_X8NqV2@JAy+GH1%Z_>Eg#a|0n8+@Qrm5*uI_mM62jGj%kC+@6WB5Sg? znNbzwGuPLP?l8UjUZ`-BK#3z)6ugbyg_RT)R4|%znsq?VlCzM_>1bqqI5KpHDktOn zChw^Jb$R#C&5#*Sh?Xke7KUzATMu_1voi^@a*A=%+uCxg*DVDzyTf*r?~6F10>rqd znUYJ81PBe-*~K<1w_sB3l3|u~;SvVx_t^m(gdSj>4Y9U?@p4Er?u_krN(4i+^A5E< z+4poL%K|(N3I_s#=CTrk5`m4oMpD>`>$#EytfEI34pkBDaPAM0RO%%xB@I|F;KXy1 zlR0E&Mb$&&3f)sNOr#O?_6(F{wcRp~KTg5~uC;w;b$`K`4EJ`Oe7M-|*of90T$q2I zV2F-mrQZZ%iC-|qckfj*Q_vB|gWMre(tR4h0v4ww9P$)r50qxgvX`li7MXLs9z|TY z`nu4b^i8`A&g#1xfhh_SZ=#VIqqVJaT!mH(0l<$*k%8%Rv~#;LNG4IZot|bAicLjk zaA4^uo40@~qoIXlH&Y=wTk*kSaM<%Gwrz~K&ebmK&{Yw*S!u_5HkMwiVutIaovN8N zU@}PL#gzdFS%L7b#Fy|YZBcTlw+*f!RUI}W+mevDB#n*|&1zEHrTbVgCbmPv#3vco zJ%Xx(OsOduor>D%1t5|1;3B!Dv`j%x$LEi#*akritu_eEkS1q~Bn6KWegJnc7C^3E zg@_;0@_lWYvwttnNZM8=f+=u#E*@f?Ho?uLaD=a831s(?+;tStACvc>TeP`EpxKI+ zoGo9^bm=xaj}d{5nVS+q)oQf_f#@x#4nK9X002^sFJei?=b7a+H0Q5B?*lwyKkJnP zr#$wGYxw`FuCu(smbnORVEQquHFDbn-VOXKcqG(oNqZdskVe+CEc!V3TsdlRni|=|9|vJ#0s0^Ufd4xFk^etG{(&zeO7!GP z)Tiy;d>+bpAAr_0bYPP*Q;%Tt+JDYa&GU~?ZQP0RQf@o;z;!CVi$1DP zc+sLkF|xRZ#*TNQHBB_GrrxHm(z4e@ zA#Q5O3?HF0(BKc|^hz?RNe-HeKB*cD6AhC=VZvYk2RCuR=q^e4qiD!VFw|>-rg&(6 zBrv+ahOSW@7WCW^m_t7cV$cra=g|z7%RwTvmhBuG^m|v*Af=6zoq4s%MGO&TM&^9# zk_Bb)Z@&3vZb+m#A@y#Kp%y2|UK*7+e-q_NNlRZopD0zK#VxS<4aaP4CL2$=Oj0r} z-I~z0@`2G_Vu*GibfX}hr8Hhc2FGG-4y3CSZFxQ}EnGe%E}@hu#iFx4gs zJWJ0wrrF+BMB6OC@VO2~>zkD=5_@al%h?~TtJKWTFR5)&)TjFg#>Bm?D-%gjspDHh z#v^O)3s})ib8j{p%L6?Nb-|jieTA)^T%#cWw(i8Kl(UHKsLSiW)#?4y4+{uE>{yUF z`HEgNjf0OtUlmKk*k(#$SWJ_P*U5*ML!a7ZfhK^GruhD!d3f4B|qSQfMrYpfjs!za^p4N(c!2yeWyg|OT(OHqyy zcJ(?7PNebEKkMS(+y0-W7WA)0CU9sx|9dGP1-gvwYF(V)|Cp+oRu5ir0MjxxYGp+V zRPlezKi-au7jD>9>$a^O)tSg@YxvrG_T0ejQYskC!B$%pL6WoWToJ)LC6l*T;CT6N zvS*pGlumCC7i)m30dGNoRUMe}dU{k~#^$mS3BG0j1UOw&9&3%>P$N0DTaY6$9)Xew z7~-5KX3BT2P?OlU`OA_Ei3VxE<-)(`@B6h0r$C9V%5nOOV2tAE`rwFxy3&-Chw}ZD zX$h7ckc>;?rJG8M<0Zd`Cjw}dcy=0w08RBRw>#Jli6jS2jpjtec0(I>5yI)_ z!uX0%;MZlYdz>l#$y21Cs;~a5It3;k^#3Yq5sr+zh*bnuV&wz@WYyomG9>=q*JIxT zISWYwcFLW9!$s9nYntSb1kzFS{`0Dr@wS5|z@?i|Y z=xh&2Z<{I~#av}vK+%(h@jL+jN=2P(w(gAPR32wFjncd=cU2tFoaBATQ?tph@^B|M z4dJqbd@mb$I(`6?iJC6yv=p^oTB@vjnuFw8Mo^S=1S#m@bH2djSkzBF{Fb-Lduj0T|@zRv2>`jZK!dOSKXSG!=7piknld%=!oVfelScZ4mv^2Kmt*iqypG%>N zTYV|bFpg%d;rRwmnu{Ozhh18=*>SV7LoN3;SmSa~E7GH;0$oC=`tU5XK}}xsjN{tV z{0)W_4L<$A9JP~!cMU)O^m8ww7ytQsvemqkm7UQ4YBOMxWT=YooAWL`3W&PQ{SF9 zc#v4Z2>U({FCPEGshPFJZIF<4dwH5oWI=bhr6uC9jh&H~357NthW53r$cf0)3LjDz zXH8AMa9%oNxv7xjI?K}?Z?90l#L}2$o1kKPd3wtuUf)t2X~C;{3nApg~q*(6(8XOFlUucpCTqsDh$ z-#9Cs#ZtEb9M)f9HSxFtx<3fJh}w9 zKupuLa_nL%H0f2POTD_L>EZtp-hdjB#I>CKim#T%mXgC+XNb+bhVu$Y$8;GQ9 zVuVKL>;^gO&(s|mASa$G3&dBBdqWKZlOu2t3J zPbJwV&E{ZxaqD<_1lTFgVSvP*x_;cP}<%<0kA&lR#~ zac|P~)Lzr4Cw$+9t`Ke+Cw^S~RmzQ!fKxKUsB7E`3~<6J|5%=fPpzciOR8+9>r(%s zM$fk?{*y*_!9)zn9h$Idn|#pLo&JVtkAwn!sCnUl@*GGIK31-#gT*FgQ(F1l!`Y65 zU%Ha^unEwJj5M{!DDh+ktN@?#btD=_Ys@I@vLki#`9ZQBYzwXZ5DQ1j=w7cpq^d%8 zR2Z+_e5J?+98p}g+*IkU650GYxsuh6WmMS2rjDy8P*oix^j_}33YrKFe`o`=k)V#T-)%aa zwW75t*w3V@Y^nofBOr;_Cb#|=vrk+zzW_zwebti6sHWaf@SZrikKWVxQH0OWd}%FD z2~3{=dh4|0P1(>%mJ7j(aWOoD@kaNLW6KoaTmuzEKo2okwXL1y@@#ULm0ndQefsv~Kb9kXv zES?0X+Fp(lgqOYCVQNFI5C_NE#9o3xYns#3D>0v&LoTYQNklbWl}*Y*F9eR4nnIB( zT>%kg;1@4w^yfL(M{c1I;j73*b2FoaYZDcegDPW?a-(3QtHigS#Fl`1C?kFDFjp&k z!OX8$-u7%0Lg77{p|9x{D*QJB`|#KlGlm?8s0a8S!eY#0B#xwB^-mC%2`kq(!6@MZ zE3K`Viu4^b_dMDfRZ=F}k`Sz#rZxi{UgYeg63}OuSVxH?N2SE{M&y|81sr}!q6Kpa ztJ79Z&bMXtD5o^)pN0u*%Ll55ts1fvn$ri7rvVW^1Mv1 zdt+-yHB)IrS@pK(VpL8@yQ>)=y3u`9u1zKID;ya6JI-wj*s8>m&`*$-Dl`UkR?Jqr zIFH}?&Tx%4mRN;Y(UpMM~{5T|@gsBb^ z@McgLDmitMT#se|osu+KIBepsCVRNyYJ~`97%v zLI46;q-d&4t%2r|X zq>0^3&I}Eit|mHRFLO(gX_*xDu=5ib6G4HMkH20GS0$j5NgNt_9r>-)cuRI5X=N=f z1udVRSLaywX|#w?2av%u?SiW=akHTQ{n5t?==l~U$9!|Ai|A?FzJI*s)U4PX)GU8z6QT*roUI|`_B@n5mT0~M(;AqRlF@h&KFTIwr zXDi7vqlQU@ICp@4^xC|oV9K_BVi;%hPk=F}*d=0LUpljw-q%oVW3PKADhqB@JET%o zBTL$YjH@?DqSGDJ#0D+c;aNC(b&+bbZ#TE0RgRCgPk6Z-OG%TYdY&fz1@#bZOM1kN zCNaF6X6^!^g7;qfR~nfadF_r;Y6yDfSx&cVo05z;k3%+Ti-Qp+)~ONSSr|BC?Bhol zP3Jt;Y5Zsi&3K}X>Ai!j1>RlP*N4aetvh%;9uH7JHZumm_nTgOy*HqSoe=R(ziM(V z$el#3Ia$0^gR6K7eY~TYV9pMj(IoF~506nKDUHGdw(Yl5b8P+B9%?_*>n|JRYIM{I zQcc$!D{+LB?Q^k~J^NneJ6!?VV z<^^qCX@$>jc$2_I46R2Z=jb$(aH~Fnb4vuJe3cTJU|vS?ch^i2R|T<7GWprjBPLAt zB2yI=VME}_RKa!urjB6Rk5P#;On|nDh>m0b7bT?1d~p_%k6Q{T&kgANc>RPkj=zRa7}dn&!X-tAuo$>jZd)?~*ck=C+1$XE${K3B%Y691q8=^0=4j)& zoTcfvf9|m!G7+Thp5Um;=%Kz{1(?!HQxP!}IlAH{4sPhV2mq0#_eceLw+Ii71lgo~ ziX5*5OI+SVygxS8uC?p07qG3eFef=210}d4JGd;{k~{bXhxj1W+r~zT{4ZrWXj<`- z)eq6l$PgWA2Xr&Gx#S12LCHEjrMA_r{*V@;z7u&K0_n86W6e1vt+ugOR<3PhZtBlc z;TQM}khBw8=-dSk^*!Ii;W5exL24u4R-gtCIF;Dmo8_QN(E^FYaBr9kBXLH7y^Wt2 zlO;RA9%;B{pbqa1tFs*h&`+n?gI&UGsFD`R`I9jhlCAVyt7cs72U37~UUm-9(^lQIgNA~)pK7E58` zIhZO}c4K8!Rp@xQgVD*Ks|0qnnO8;|S=njTFZ`HUzS8wJKram*O>xtiGcu|0geboJ zJZG^XS1E0=86!-qNzIj2+R?dgqxQ*1drc<_r%bRk;h<$%o>_%20Rm*s*Pz}>-`_J& zcH}nAk?NGd!dqY!mnX5E9nQ;H{A|S}Xa%&8Jr`=wpD4&aFMUqQzl6!#o_yMnU1aTX z3%!!qIWxZK<~^R?bi7ix>6UmhcYFK<-K+MMWLr?VPO68(s(^RvY`liNwnT0`PcZ_LlyU9AE_?nu)$kD#De?Js~i3>`4C?k3K@3H{m8M6?#J5O)e}U_tAf?DFWc;Kq5%_6T(EBa z{*@=gXKio0n?Dcl#|1$@#ZL?04Bp$Xq9eKC$P>Ws`@DfdlI9lQ@e#hxr+XYLUR z#ayfJlqY#qqSzkm3EZPye^T~%)bdL)AbDE*_FUik{LZ{w49hDVEJW)gtKx*uO0!{I z^Wl|ETN%z&>w$}O+mOxeaVV`+q+dHuG*U6&@BzZB4KjHUH{KM1`ndATlZ2GQ`0?TU zq~x%v;uv1RZ$Rgah_GhX`m5X<7YEmwSb|}ka5iBprJqu|9w2*pG$Lh0SrIzbayv~H z%=n7klo0~0(oB4EnlZF@omcARE;V0fj&;inCC(cdJM(p}Oi~=xS!ZVxvd%qNizFLr z_oocpOP{Z8oc0Zxt8*GBtgXt54~;}DSUMPu`@@@NM5fA&ab#48ml?@^)g;GBPJJBj zle#gt%+(bh4|mb4F=TOl0F_4w+P0)_sV`e-8%;DH7_ro6u-J*;Obp*J#g+8-!Q_ju zCP<<2dw5Wl`%RHX4FkR@roHXXSZ19J|5KQ%1PDbfsorjG8{GZV`G(3crETJX9E&AlvH9dv;_x^eWX= zMs6Oz%)T^c{&Q(!leuFBw=6f|l_ir!Ukd>8Ji!A6-)GVL46zaWxg%x%hU3+9<>hv*|9O3?>7QA|K+Gvta^xGYpRApbULpuSD*+Y`s#Yxl7Ys zlBFSEzg4 zT4J=V*Q{7c-g~1z4y!&b&5@zA$|{9QGO<>w%k4*|%aA>mv5|;$39UmpU);G9cklaE zus*lm9~oG(XHn|;UZobqmh$nsezAUjv_TMN`qmasZ z)ryERt*{eaWCW1Yp0PpffgHZ9l*cue{napk)gWS%P|*Ggw`wr1F2`q^3B0fKbz%q# zZYKwQ*nZt!z3lsLljV`qWq8o5tA=4SMyf2n+;O7DM%{=x9$-yX(rVveqUnn!JHJpB zB0R2+J*3Vnu{bcoeQ;jhWc`405gIp)wzX!`srqDLceOfe`JgP-g$Fs&_SCx1L*-j{ zu$>X1bFgtUo*l*$>@MTLd6sfXVoV1ZZwKTi%8`8AT?qT&OnV2NJb7>J{t%THL10tQ zvtnwcvphh_jaZVUSz6jUnvV^_y&A5FLF$VaG5^eB8?RT^QUlg4O!>T+$@VjBqfP3A zF9d;M-5W^UtSLjBvPW%wRobdc8}#t63jbelpUs?K@1F^{i*K9%&n0~{CMcdi8s5KN zzKA#aJns8Kw8^g61LFRy$=lMp$e5um#41D)@wwweR`33u$j@YAAyL>AJkFrM&Vr|x zYqHbtb25jPow#jw)QF@-HB{{;Nou!V~^Y0GZ+yRe+f%?F=dl2k_DbA$i8-!IE}a za?&#vL`|!xvY&!CEs&}~^=vL$vN$v_Ff^b5imOwblww+>);ZuA#~-yM!XPvGMZfah z%cgdbw8Yl?nlVPRYxA+uQEGl~yg~p&y2ZQkH{1m%4J;Cp%f2!{QN-6S;W1wb9U+4f0t4WiMTHm-9zt^Wewi zp6ZBV$L88kKC@;sImP^jV^pttun=%_8qFm}7yZF%AUl4WCK!=>X1%AH<#ZlxzWIG` zd5oNk(9d6|BRT)%oiG)g7i_m6SzOu#*jV(Lz=iX!FfG37oX68#e`i!~OaV z=l%4)shcb~FVD&bx&Y91v|I#Qj6C7BZ}};@0XHRP=^;kWkNme=^PlbfpS1A)YUM`Dcf+>( zp2`YRrp5*T3B4@EAqE3-?p>C)GtOchy&fGwPRr@hdf@HI)4!C~8ujjKG{(G0-gNfD zqaamwYBH*Vg>A8_WziB5U{8M8Yz4&$$0P(t;YY}g_cn%&HXM+L^;`f_rC*ZE4n<@X z#iPqq^DA2xN;TLIyQvO1yQ;Vpj7yAS5YW*~EkXBpk=ZwL23iSET-- zSw=L>c}g^FKz6Oe>+^3!wy*9`6fJ;gLZ{rC&2IK;Ad!tCY{hsZZCO_Qjm}zJn2hq0 zO9y4tRu3PqxU4Eq->+-PfS9ug1`lg_D1Kj3WenpR8iB4sB_DnWF_Pj&=kdH7A1EwK zLRiB7D?E%@2L=gx^Be9|!s*$~<2^j&AuVwOVkt5 z)Q%@o^N$va8er22si!pRxZF_H=#vWM9$%>sA{Fo2)`&H7=eC&7u+YwR)w>CrPgjpv zD^t{lpB-onv-BkxUj)UVieKZ9oq@ZPRm76NH()Fq&lLBA2bD!twqRUmL1vneO>8R# z_&671ivl6a^A_u{k{^+(bMrlROvUN@A`C4G9~WicXMDh;*MmA5EHkB6FzgIw-2Yn0 zNW+*|Z_Uhc2ivVgTANfCRH6&<-dci%pt^br9EwJ_0f(E1xhT->t8ldpk8Jx%v@S*S zi)78JN#>>wmwIUZCS1A#4+v_9mD`TP?Gwu9{}wY0>j~%|3Wr_G%~qIIl5y(6?s)J=q z#%jsOTm_LWIdUm@Rm*E`lE(I8@=6*tk72&6?OrQ|Y7BD7MG(YsWTB*U4spV=UnA?o zgNYJ2A`Ef`75ciWl@)^m`)jm7%^P!1?o3~ogWy~&hUb=TB7FDmyI1NJnVRLO%Z3rN z0K?shojYa`_bx>mPzF-PG?>XJJWK0Dvdc0LyFl(^Ae*Y=8@^Dd8=v595g`WjmWf%s zzD~Q;jF^WKquRLU{sS+^Zk%NuG9xK8oOBiR3P!{F+WkeHbImvu?_Qvjpc}mJp1c_X z$8eUvCLZfXUU&M5nr=8>(=3KQy8ieSf7ZrsvnM_F zkKCU|q+2k|TIWO7+`3LemnNw(?g=v!F_aq3q=1Q^C1VC6LCf*D;8jwVu@L4^wy&w`nG$ILh$A`6Z4^A%GY za5nKTc=?f+6O|mTB;A1m0(F_)Sg%<(ZZ|Vro!AMg$1%!0$3p2A#F4(gZyDf1((1;v zlAFe4M95O<>3_{wR)*`-c46DmfDkq6Dr$Is;wVw$zTB3own$P)hm)r(JDSvuH;~UE z?>C~vkhP4JEjO6q;d-!9xIux*Gs)77IO=wOK0j^qLg%)a;n&pDXpT{(KqX0Gd1i^+ z-j(bmS_~Ok$0sL%)w^g)iDc8QSz2A@eN7eU)ZrIfp3=7aMVC_BuUL__RYazZnhyy8 z;{+B&%wEZjVabLCbuiX|NturJwM?f3hf7PjnXFmZNXHYsEHhaJS%SLYRuDr= z;Tzci`4@T%^_XGLk{g1Bg0pq}ixRr(`;Tti#y25k#$9)l6tZ=6fT4KKOvRw#Wq_~g zAnFS7*9lAf^I>Jz0>)RpOrtF!X@=?y=S5w<(=v^v)G*Q$LKb`DD+hBKy1 zw?|09)Q|**a&4WVJ(pQPZHEbOfdq~M(6cVQQGfJyq=$|kbVji5}?xMd`rC*c`^AK_zvu>&1~^?kr4AKN*C$V{z988(h<_f-z8WZ`l3 z%wI>6^aA}eL4z5?k|`uv*Ycz4+CF=)AX3(?Ag0f)I@VdlN1z|$Hg&zIhbF9=JfSY; zXubj~eq68dmQi#=Y?nIVd5g=5ThXQPg|!=UlH03B*oFaROp?qr6$SHdW^KkKypq#H zs*E%3akWWo?W(2zJOGlW%h`8i*`1c6LU*7nXIWpTnb1J`*~`>VPKC;Y_9^+g z1pw!!rKs4Tx4*Kq=78Ks{aNG$ZHz9I;81$L1hlqDxZu|mKy|(wK0Ti_rC}{cAy1;( zHYq|%M|VzQGZg0f_fhm=v}BoIBuVsE<0ZdgT7gp9sKjNrzURq-!3$p(S-&N}&=>X_ zxySpV87v}W1UWtI78=%K4&|va+`U}+Fh{Dknr_Y~!eC6A$v8N{Eowj-YMdMwTsE6& z$ivWJ^kP!WQFXZf+&}i1@i4O{=0@|2P`(|{g@z-!Qv8|JEVwv@V0OgLrN{0KLr{ww ze#{o_FcGm;);Z`yhA};EWPBYPrLioDg0QSHyFf_l$Kw}!Z~s-$_aaSy$lPw$8F;h0 zIi}%r1gCfTua5p@7f)_uXEEyPDiHCmS30dF`J7nfE^}IJOavg}WO^dtXZhV2qyF>z zzc)l^0A>4PNFk4N5|>npo)DeZ-opz$AdJ0Wvf3Gx6**TJqU67=@St#aAMiq#ny~-e zrSKOA@FYSyUQ*{$v#$jn_>B>gM%Dfsb#EOI*ORS_5|WURAR)NByE`OkaDqF*rLo4H zB)A862-0}tbmK{|#tCkXyEX2Cy#CG18M$Zfd-u(I=iIsd$L{XhyH?fOt9HrStG-Xn z#p|!a>z)5^@E&(X^Pk}#ivN5dcLNxJ8+)+QI+F`cLf@7V(5V~1w}Cdr8nT<&3J_h8 zMxekLm}E~A`@Ug)kWFVChyn?XyKfnQ}`aFAbpk>zIs z#lj0X15S?0`%P#~^kW>q+W|$%4fO!l6QX8n`vq)sEP?jDcxVu(=mDJp+wqXp?wVklNm zp<7hKR{Yu#E>?(S1oPE3e7jo3GDRUa6<13=g=pmP-Os#7G!-V2gxRvL` zPDBgf+n-LQ?$|Bh;Z?I<`b~m*LL?5(6JF2 z`i}7yTH^%wvHkXrkm52MFu;-ZryWZU$@nNDublD^3UzluTpN8y0;-3Gv{Fe4x4^Rp zer0XBDR|!0*o6(fS}xC{WRR2k%-F`R0HJCQ`@QKme8>BrWXdz*1k``zVKTiNYnl<{ zH-_CCQ|kCkZxe3<#?ymOvqFxp zE=NH<4{*u;yU4V*TI`FW_R9SSJ240G8zeNFuKZNIAo}vrVV+X-eN#}<6)vZbIpw~B zpWbg2zFYx{U&z{56z;+PxtyR(HB#)rKNV#$-05|9XETnZ&~u{PxbGfZ(nC6)O{OJ> z8Dqo0aY*j%+}3Wbir(MX?*fCM*r$POR!3||w=O4uax1B~YdMYb!aYDg2gug5_hBAU zw$nY68EHp{tF>W}J5T6?&x7z__OSEtS=>2+US*wVPf6lu`-C1}mQhzneZFk5Da~QA zH`drp6$y#Ve6dx~$frA9>@nb5d)MyWx6d2niP5dQRbO0?2svn53Bxb>)NuH28MW__ z&c0mOJxOFs8kVu8ckWhRU ztMSzq-&fuHf(2No4Xu9o)+NdA+?J+oD)vn|{zgg84~)*Yn9spfaoSiUth4=45v%>u zi{2Yyygs+sE;8$7q(00ekuCM_u~DKYt~iT>@&^iDRYTznzcO+4u-FVXe`xvh8emOS(lEe3f5V{ z9o(6hEzUWXCM>s1sUW)@=JU1IUEL-YlB&-c;|iAXO72?;r^@^8Ix0^9hW-!#NH$Nh zliZ7p9Q{)tCgBz^6W^i|(s6R&xOY+4HIYld1OWUBlKiZmsisd^O>-o7si4Lg+VHLU zyWNDCZ+Jw(yXICM&GU!dc7#i8m!H0l1w*`?R7+tP^#{|Z0`oEmh2a7VC!RqcCNJuS zmf&sh00$qgMP>%SPk!FIfD}ITIV${u|{@h_62I)oC$*b$^@JeTuwkbE}!pVxv{VNNP#8 z=-(8WR@%zi)8`Ls3GT$4XkI1AO< zw$>FrD^n@IVR&4TIe&+H&BM(~$7509dV2im{jz3KvQK0+gL#?vP>UFjy?GBpVzbuV z9??E9$fln{qnvtsA(vH;!T!=kgMHh^CE!eLhEuwQvv#LBLq+-QEkf|y&Z~GO4jKxr zUaM1Q^4};{?`IHBvxZPdeMeqU+4d{h-d^b+?RV3ohl-3Av|#_aw&goa;@OC8(Tbbo zn-q`HtOX@g6F1+Oq>S0zAkEFzs^+$hUv-4)=krG;H@ack362P-_3^~Wo7Tb>HiW#$ z(6M2QzVo~_Fw#72H4Q;2$kt!dqL;{6^Ya%C<7vIG-_xYlzjx5G1OMuv1^#b$(4vUy zY9{^IB-cVjdD{>Usw!&!IPx1wd*kkEn0(9cU{pe8kd&u*E<%oVcF`^wTkX$WWId*j zmr5oK@Dgb(;Z0k2DhWM0gkGSAo){Rdy9mU+^2T9)^A*3RY4Qq@n$~I5k zR3+T#eWt24kA9=PJ=(t?EM{JO##HI3qx>s-qPsb+@nNQa>00fCws@sgevIWt7;onQ zdr#8hfezTjF*fRP>dJIL_^1DZPv^;Jv;4EiW;rJVVZYuvy=)Mz6}S;DtT8RUkH7u` zC$#l4cRY2I|M2bo9pwpi6UR?P_rk_j+>gM*OUX597vucJNNE2s`R9B2gP`uPl~(Ci zT<4@r(WkfZv%gUyF@Jc5donCD@_D|zpsYnQXpw$C#5z#vP__NvS%H0I1?=ts_;#iT zLH|*y{f!OHzS`7wZ1}A)Hu~6ZkS}>+Ub4GEl_?|Nm4ZG%@$^iRXL$x0tnP}B@e!0* zzNB`iYVxT%tN*0o*XYb|6gT|ZE;GkeKUM1lMuA+yc4*tZ_9AC2{*YB@odUZsiFq@7 ziFC(x>K)=snLVDGry;h5qlnf~^Rp@J#4XXT+P``F|J1|%vqM_k%YcTYk`E;xE#kPk|=%07LsHeqF73xvyS9FL#+mY$!9E8Y-v(_70;d^;N<6B}&2kZCZ|J8~#c6#rF$ za*sl=DsFz%&%Uo<_Q;TM_JTc}RwFz^^{bixM@+I$$NZ~?F@3$$osI0Vpb4C<7>gRc z+Yg>9!=u9F(adHkYJ;`WWzFJe48oT3O>kL<472|AIIO63-At>r%#VYSG@wsef{(+n zqK=9R9t+K9KVMAPCi?Mux=DGl3Yc`_KMYFwex}V5SC+CS+<^7whPYWHIIgkwhg8wi z?63O=3=1Oy&`&!MK*%UIX7?aic-y=&kyT zYu|ssJjl{nDNn1qml=7`kZYp>Szto*mzmrlA#sqm#PeNiIp1#==L;?e%%B*S z&Y!PCFz!0*DLotu%sSEbqgB;TW&}CGT>ax$3aek1iDeZWVBu#VXGQHxndz)WyD5I`*_M zs;kNdbyh9qHaF0yp*hMc|a4>t6t;^d}gA~9P=sv^y; z=ub~)t)Q-2k9rpx(@>#+V6+0`7+PoF1(NQBw%2nJo0}Ecz17_(M6Lb;;#l4-mf)Ll zxr7d($?Ui$pn93z48F9A$XT;;DG31li^$u2Pevx8QxLG-rrCiDsXOROYZ&S1`NUJ$k1l~MCQz0L&MvFK_ z&79>|HSe93?Ojqr#y>ip*`qoO4aSPBCDP2HYNi2;mkq1H>>#I>MzAjx=AOrDYcXf~ zon|dygi2@k`Pf0pvti$k=~gCdd{%CV8tmnyh_scWCBw$cqNKA--EywMB!yJ50&T-) zyw{G*it1S8^+pWd-cAh0cB7*Bl?nQnM)p<;q#_QfN?*Q?y!KurJ!mHLqXxm;o@eQ( znW^gQ;F}ARcxg?lSrwg$q(J80i1vG{yIe>|K(HSbOzS1Gu{JcLx3X9dnZ!v;D7{Qj z&4@AMPuLRbmT73v>r17jIh>M;Vh6DLvg9+CzB1K>e!&)e-=x1I5v`cFJ^!QXz=bW8 z(e|Y6EWs3X!^mc-S=gwqSWjEVI2UIlna&5BWLAD3PW`SSq{QT{Hdkx;d;gzeEiOOC zG@#FB4uVkyc^rY!4sI^}V`aT+(S?Ct93rcDjR@^H+Is6DZH~YL-29Cxw=9xIFC!c6 zvJ{cjj5jeTDtBZb;pEskUsb`DA%4 zJe>V)z7%xU8hsfHOK56rZ2+mu_HfNf#VBh#f<$uKKEBiG1}xFe!`Z*^Z;SQf4|Ahw z*wTOY!INjrkWvk@LK0;_Eu51qZk`wzEhR|xu9YIW*%D^x-1-D_--Z!-6O&Nm#=S8I zdb5d_@nR?vl3Pahq>oL`7g@*2lWOwT@zWzov;s5*1!$SFgs&EZ1O{BE8+ShPzaG|` z0UN|SP1|dQ7K!IPjL0qRxUd@vE`tMI+ogVBlqBNqX7Hb)76whSqpMOi;`xJX29TJWm zK+~5pC^A-k^_EAx_DZin-)&ldgjja2is#17195=iwb_;;N*|ivc^T5kEyDVorIBXf z)b;11+S{qp`HNC^Vf}dH+N+Fp9jD>5oVfm7e~;nK4&gHaMdi*o0MFi823v+Sr*)E? z`oiqi-8etP9$66s3pB&<`*~CNy9>aRqB)%dn~3?$Oz2CN4gZaiwxpXU`DKmedKqs+nQWZsN!g2*fmTIzgB6Z%Rx@q7l2n8Oa1+M&uqb(7Q4PM- zBOG3M*>_{^^0Q{P_B53333r2K8N9!a01o#b9@y95!GothG;g%Emg;NOVD#7deyd&x zj?8nh9yX6iwd~QLO{fG$3?^i{x@Kn~Ixe@1z3Ai%eB<7cmOGxSuE0SoYwSF?1da{J z{uh%5)`rt$WZpfyQz}tf+t6g5eHH~V$6?V;bW;wdq8dtnv-=`O{oyc?&WC;}fIYrb zEv3mMQ2?>g!E2bTQ!JP<%$fPDc^FPCWZ_`#=`p7aD^oACHcyz(or?*H32b(lf$Y51{sqCRzV>vu^+?(D<1ty?c0NBq(=-nK`}L$gbC9&6SsC zrf%tNl&~Y1Mc?SVxEA)O>KAZpIROZMnS&!odOV*6`DfU~<2olNpS}ZqC5-Yw;}~O= z{-X@;K^pPiHCD?(EHyG0cU_XU3AVOLG$RFkHuOKERQ+Y5`R|GNk14d=#?3nFTb6VJ zCyHWEE2WOT|5OD{)HczPEy9f7s>ie2!c(w^k5Ta@Uv%8D?MGLFW;Euf8<6AxdC@f; z<_>zGb{L*zGHXJ%xrgo4kD}elVzG(}yO3N3uxI-FRAW`e@dl8skZ3Mr28Z@peV>Fh zU6AG*Y#yVEZJRItVecM_KT=pW>yC_4-C!i#tDuPWyH@AqzC9(Tz0E}NN!&CQ6${?r zk-y+WIinxw@br1sXBod|`}i_Fp4HgE(22WG*Vw~O$+3t-!C<xr^6>oD;2Fcm21k~ z_6-cI(lk9dat!4>y;hr|jcAK*DbPZD&I%+EPV0+e; zL_y)QubVn7jn3Yr1|mPER8H^CbfIA58B;a@S!+_qm6&~0R*np(ytJ67@HCI@(sZ+X zX2gc9s?mR7$~93Bg%$m;00Cn=WLzxb+C$uQ-SZyUQ1s+SOnk9%z;-&aDwxZ9`5zi4+ypQp*YX-8H)a-E@ytRgPN<;28^>tZZ5}?v+B!Xl;Z3_ zFC08K*P}AGyR@(Q)#;65Xw)beGTl(q%F&vbvV$$g-6Jc`NEXGCSyIR1sU}n929E`3 zHj^SLY9k_d%AiiY5-P@uy)?~xb8Iq7+JV=tPZ{qWvgi-|MktccmP=8+{r5W;Hobn) zP*hH}|1T=Ghfw;8+vZm+N;M}LGWZptfx+_Ci8ntm8v?RkaqCB|BTf4Y($9KA_}6VYS2ljY7?J|IF#8 zua?jD+apT2;H21kTM%p3qVZw!Fk3D`E_M%}Dbal4k&ZNN&=38Ldm>@VIGW(Cs>;XttMzYtX9$e$gYpUrb&?h@y=L>REfQrK@Xo z1aMKI|Ce;l>97M~QLeyc6f&kih6p z&&Ve${D%7G)r?6WM&6KY;#S=W;>{bH3P+-Oa&{2mvc|!c|IZ-%C@B9OPOK+-PHIm%h>hO3t~ne+4aT+_k%3KfUlleb99kbe z-UABVZif?uRsC3JtH6jeosKq5S)M}3YcqJ5C=InNIDo#|hi^0;GhJf*Mp?3P`Hgb& z1SL=@9yR{M=>3)#@`-u%=Gp&ve)e8%MYFSBzTUyvg5OK0ZHSjmwnJuyBK-#HU^!E} zLmvYubl&h@>htk6#MhlUsFKGW5l4rnjBckHVt}CP=+1wAX#T|?kCZt!>!JHC^mj)m z+Z7U*A36RBQ^AX3pxa@u@9mGzzt)PBjTLV&DgB4{^0)JdDTV8Dm5T6<2 zKMMFC{{0_LM}*V{x$W}rX@<~ey2CGuX^wm)oz?9Rtpicx5gQjo(#vSxFjV;={N!Yy zjwS^yH*TsjBe}r|$2`%=MQ<+ey5O8f(g$d9-^r%;ZhP02Y^o77Ej7DcF?2ku-h|)Z zjQIqU*5gegxUa!;xRCtugx8|wTm>LE&+lj7QusteZ%wzi?0F&w^%x>&BEQi}HC$Gb zpfuxfG&x<37qRa5koWw2c#V3q#!fQ1>FACmuGY=7o*wRD1sTaK$rT%IjXk>cr=1Xt z2v7Zfql65#t}Wds6a~QVa35K6!OIOUVpezT_u2-#WAaPNgo0 z*ys8f#qnaaaipJBaj10`Z6zJ=&L-E_(GMNnv`ESFn8p)}hpA8LkM)m8z3t$ybiN-Z zzbx3;sAfd^A}Vty-EZehyQZ9`Z^bzqD(lD@G-|yt2gIY~8l$g<#i~>|6}!;851NQ| zNzC>|v)pzn^$82cO?z3Y0KAr*xbS|z_*v}zbur&sQR8h-_q`?Dg}9)sFma^7R{| zrM)AEVmr&@hT}lyf*Uk9!U`mgqn7RQZ12Rnu1vqCBghY5693-Q*562i`L{idT8qCC9KA5zTQs zn_`-;7fc_o+&zSck@E?t?ozMA<8rRLst?0utxDWeGzBb5D#1q`oQE*uek?C-5s`t8 zE5<{ZXqKwi`)Tc~W=SW~EV;cur*^s7F3RicE^XX5IXRM+?z7y%^Prf+g&yQqrhZA6 ztIZ8gg_RXYu7Pktf!IlplmLX2k-x(+7Fxp;; zHjd%o__fD<6P;~1X?f1w>odUk##O~_{vwgPJ~m6IurRA?e7k9&Xrbq5W(ORWqQtBg zta`OndT4$tui32Rt9>kQDP3OmvQYli7%r{=HplMvKn1Z8ycsxeYB3fZrM8(hy2)Oi3Sb`Wj&9uvCiYO*cur<&Tz;3SWP zOr{;i$kI%9``OZ}Mn_1G3^$xT+zGH2r*Oo)j0aAW#i_P%RKYWJa5HM2@{yV5zY-+F zCY_oGnH*YOb=p~7YCkTX*t=ooXt{MYaGa?#oA!X8-g=&rEBW1O*+w>v0dD1N>sAY5 z7aYG$F-dj8ljxifEbE%Bp;sc zl;_0m87sQq>b*~nLf_n79tSEovYOh--Q!D^&lS1-Ol&J`1IhLf%`!k=*Zai5c272q z&~Vo4q z3SP6ZoWX*X-A5H5tk~cAisjc+AG3CXl{oWo~66hnX~U$R_(}9X8YqG`NB;{QG`>kma)F&qWl+R|CTFM>-l3! z3DEzutDeV|7m~om&Dg6Kb#?nemjquFJyXx z753NrUpN!X&)TCi_Bf9`wTaw3&XgMY%z*pze<~ydYZn`?xExf8;kUOQ{gL?bN6Dsz zu7#hE3a>A&A91eyPc#0%KJo8}Qu$Ancs63ug50(1t%Q5O$+euvn?7>kyy++jSDJ;} z-ve(RYa_l~>JZ^TyY3cGKC5?Sht%Iru=BcukAv1_moR!oHTRo^sC} zA7bwHxOb-K;b#G+zhEJqPU3HUW?Q}qAB!N#u#En3BQN#)UG#5%GZwSW;+FvMIq&|m zWYDX%e39$F5q=u~6T;5`X}=6k;N7Epf17w6=8vZqvCg@zu=ZUs657BIY7F_vu&dU{ zTb#bXP3Hca`JMi$o&L4N|CR}mU6l_!eFQBl<+)dw#5WfH$j66-f}GCExuKlu&Eg?i zjRKP+rN(^#gBg&4@mut!AHdnpU#7ryF8UK!-6eeIuTd2qVS0MQ#HOq`nVc%D@6ENf zhf~n0%X2vhml|tYYsHs+G{)b|mr?yp6eioZ0FYHRHnSP?)$(p|K_OOXXLYFof;RVG z$G&YPee8%rdTpMUY?E^CDMfjm9_?$o!T#==piEWNTUNhcG_;hBMu1uR>$U{xKj$nN3ajz;sXp_ z!*SW$iY|XHlsiW5I|_?vSIamq%AFi``kqXSQ&e$Ogq`GrE26xL#)n_dPJSjFDg~R{ zaU^mZq*`kad@vYV>j~VOc&=rByFZ>-oSAdNZxJUxxT%)y%$JO zI1wA?(8R-H#dFXKCftmW#hq=It(al17^NPlm^@&r5i{W<(-c@han^yXh)eaCeI**i z64|eW`4Zqfh2f^S5#;30?ntoodh5TA{G}*UKusfpHA?GW9yYNs%KxGhv7b1^_65yy z(FoQ}%MAS1Yb3_+3TRHn9TOY23=iAHI2ZHU>qfQ4PO{xZs!;y-UwGNH=$=np6lvUNhWwmY(D{Q zL~}T83kD4j9kn(0jB&Gu9>WGj{mPoK)VrRKWWBArHn3x6t1rYMtIs^C5>9^CFZ2MR znTAr#@2>F6gQk=D|ML@nyRTqUNQvBVOv;bCIz&0>-TcqdoKFBR& zA9?knOJljd9^F?)h8IJBAU)}X-n>MIYE>JX#KMK0hPMlW)KZ67mTdeK%{~Gn4)L7} zEB;EdKSHaNw;P}(E7;|fgw~?LNniim4S6Dvvw%=hC^rRM<4(3d?UwiA1FX;x;5K{_ zbVh-T-gNPF+kEfW_V>M)_bxeCY)y9eDjGY;yZp@DeO54R>Htj2Lq)j)}Eh!zs zqJRQK{)uL-y&XsXeUUU1T1u$xq)t)d=6-w$5OBo4L!-k8h+P{K-=0QC8m|vN?*KS} zif6uq7!GhrHpX|^ocQfrt>k?2{~8k=8ekVdkEE=vWVr*%pJKv}SXApNHN-0eNhPC~ z<-a{Sc)9sRNOwAI-0(NbZD%zU`-_vLkA_G3ZNj0&@!T(yTk&hg52j4iogEDwiOauH zrtt%s{DXma14)&z$#?)|*y!5T*wGJB)SI_h_!pq_)ZZu%H5G?l8>I0|S~=DdMSgm} z1cC@V;seoV2?w6LRD(H-kZ=qap{7ohRPeylqJ8cQhA|5=wP>zv@oyAnl>n6PFG!}e zazL;Jk%Q+`Y)6f~nr%W^%#-vAH%%5^cs3r9&sC}{lnj_=8UXN^0s~p+uiKCIW=y;` zwN)H9&Sl)|2X2a7`EkIqiSoh&vGz1HEE_U1%AuVve0}v2N%ZE(m@~lk{AEtseG!o< zs)6h!vwv;?$S~4U@j1q3YLdHSuH{*Y4=De|h#CJ;?Eeqn|1B>qh=KTbL51hyaY4j= z@}GXAw3S>&1pgA2pWDaQ@Xql8CG}pA$7TOq-CkuyssuO2JWLG_Ku^1m5soaoLvq;J zv!=BjQ9jC!GXnSzn24V!ta9U?N=k1hZe<-+ovsFw-Hvh1!yn?Dz7b22n>&o`0vAZ# zqjc=&vST~ghV9Wxbo(k2HtTMPU9P~vTtM4QgY_{-C_AIQjz`Jn`S z3(}j!@f>!EvO;SF%Zd{ft%GT6ZDmQOb0n|l27yt|PGwpfTjPx#`wmU$?%!|DFdZ%# z!?sm|`o^-WBW(_6T4YLa=-YjN?qsJh<{RYRDYJ!wtH7$vDvHf7>LLt2nK8WjS`f!^ z$Nre(BllaM1&o}`qv+zAdRgV%7TI^|7WG<2yQH@= zGOQZ~kxD??;7c1K3xWq4NY#HMhcE zDCfMleVBMA?2Z}Fzo)c#YkdL3(<{8o%spO`H4!R=Z?0%i2bqn6E_$%>RaBwczxksT zx{y^QnWgIzTE_GzEP_A4no=Kg_1D7|`uSyJYWm20dbOE6n?AF*tsgpB*o*DWS+ROd z)+Z)|?NQ=#$+E8MM9;spwcX`A&(D?e&QjMe`i!`NKYtqJAuw{(xSkCY)g5|79Fu$& zGp3M^t+SV65DrDHR!%RU8?Du6_(-pgtO1Ei*Mfg7_Ul-qFh>YRoMl9@PT1lCzys;0Vq2VFN-t@quPN57S_jfpp3x=OL zgn%`zI00Smy>)lY0g)G3Sa-v-g0Km~G!EPh_XZN323=iN{muW%%4MlDA*yyxPt zFS^PqjOM4L752RJ9jCz4vuG(R4?98R2M`gv!OY(%o!c=SX1&7FXLE{g=PnVfd!LT6x_TBSK>JU;rBZ8n4pAOg|pIDnRGZH zEnU6mG=$>H5>(#8FCGUGdq+BFg{l3mj8$22(<<4q5mdaa8iC3Iaf=er33Fl%i`ZpI zdIt^vaPq)mIn=z9R9}f}#63+KqB!*`lOodn(u*>gF=3PrRLcGqV*{i%@a1%*AR64L zYw(Gytm?h1D~H~DI@YGdDlI9CBdzQd{JQzv_b+0VW2Wd*o!QxV))ZUr>=dU50Va+p zM@W-D#>tFG25(%)|XO9+KSG_6+(gEVV&-#-zCvk8;%0#%RD`v3uAcwL^ zqKszz@QQX3&CxB7*H|5YdWev6Pz9TkPtY#g3VchL&S=j}FGidY7!!fDCwJ?Qd*!pF z9S&i`q*eY_!)>nD^Cu}o2lATE`yc)E^a|BSrl2nb?)vU2iHzSg>OmJ{pcb z_0;Ng^+yaR=${OPUQ;J>;`_Rq>-Dhq3p5h~#Ci-Mtq5lN(h;gwRR#OtK7QZVlb@QX z{v_y+!@r%Q<&oiB_1(;M_-~ZYta)dx11RXQ`DShxu*n>8LWLg@a;{-b%v~k!=sE&R z?TV*Ug@X4*H7lA;4Ga>CJw))Vl()`&(p*oqUbq6tKD5)%RBc&A>>G#4QN!e&#*B-M zO79}&DqbP7+N!K#HpY7fuoz;GV*=83$^y%ZiDfo&+Xbbw6!l$*vg{Tp8T|>Mu;{kQ zNN%3R@inE7mrf*&JRYg-T^FXP4qAZ6_6t&jQ<~KxSz2O^zSL z=mbmRE`|;56M-bXww|n37avc(1?Cv46sOoe{)lz`G|lfAXQAY7yNee`DCXS4v8&5M z0_K19vr9!;#nv&ouA%AW)7_<|9=zEwV_(_H&3K0Tp?LJA_37da-p^Wi8n( zj}yfcsjLUo+$}h4;`3%8;#3w{JqTmjVODIp%H+X5ron!J1pso51Sxab^PZ~w>Zxqp z%^68C`o-ONo>v*r*nIgivDQbhrQAW=AvyiP4f8vkJ(+(D0;1E@o?<65tW#<^3q_mV_Uyn%sEKER0|UwwYXSZV8Lok;pCaMtDoLGIR76c(vf zngabSrP_6U>;6clWeMZOh^kWKZxnI|3Kr9+a=q923ROy(v@FKT?d?G8$y8IQ+`uQMvfd}1&9W0i=Jor=4_yz_2$upQLYE3#3q{*ztj@$`IC5> zsyB-Cojd`W6B97L&Qx;y&$B)FYdof(rq*YP_k9r36_K(&j{$e4{Tv_E@-h zyZg|;;*wdza0Hf4kdP3WP0EdQ52WB4nk$kx&Uo-B){S^fRWq{NqilTqWbmPvtb6i)Ij9kTaLFtF6^0-weX%D~$eQM84?< z`L?xt{V|GSId~G{`1uNBMmtMOp~n5bTML@SO_`r!&BaW3u%JhAIcBcj-}kEtG2TNA zF)60ABhkXll(}PVn$YAEaw6l_VO z6E`}&l4Dmo)X=fp8y2`j9?Id98Fx?~AT_s-kjdj4!7dzSY-D`Mo$8gr%3r)5qB?xi;a z21vvfPQ$!Y1ihVBPaJP$AVocya~WjTgevAZVZ*_~4}x1gT3vzj)+>vYi561L|} z>$+hARocDK&$s?wt>bLUaz-hRbt*yB1W&u_X*{$aUWU~2XOO5)8|63M@ruNJGrzMn z_ff%n^+Rf3?!iXuTQX*d?T2)kyOMwp(U#1&+0_!UE?CwdvaRS7AWTRsX)fzI_~%82 zyz&Uy0UBOBO>SRhzt}_Yv|cFYfW4HTt#+#VBZNnm5KwF#ZzfG3TnB1R+_j)K>qa2m zecL%oK8;~o=YuU;v#!g+T{T23_cj%d$IB&esdh=GC)mmHY=%vsSglLm{>89c`z8G(T51$CX&fv}D&6+aM?>}l-sC?{l`Pl39Qhy17bGusH%+)s{ zHhV3z;N_`(!l&_=S$tWo;LG({oOm3Qh$@V|MPxC(xQ>*B)6I&XGzxIjs0<8mx9d}rb(A5#?UnP*^1$B~$&x-c@ z!m_r43M)`T0GrsJ*7KT9L)K;^9wDKfjg8pow=KeXzO|#6i*~E9sySLr3xCZgGm*V! z-Jt9-qQDe$a|0eU(@-v1g0G7CKMqw0vq7QwDe7;l$}v%F+Uo{?845|Q>*<_21nz(L z+SXs6Bc~$;)6mHy0 z45acCPh04q7Z!{uN(vW9vLSPhJ?Y+-;vV^tkhJX$Ax|{qzrf_NXce2_l_3(Pn7m4% zKW!!Cl3&nUGVymxk|#|wGET!WDSsLZJmaepMGcYPPLkxa>%x=b8|LjZ5i~TXkfe8v z=}UN59LP5pD_+34o(~UB^Ax7PDwdtPjnvf{WG_W+&*|T8%BrS_$im*6;z4m;62(at zc4Kp~n+YFxGR7T%E7P)W4l_(9stfm;ds{GnO(@~l<=T|x6yWDE(g3j6frx=K9*PV7 zR&Pjn%NNeX#{$trtHVIige`|@FX1JrLS7a{pfQzG=AkuN4mIqF8zaXY<`*eVd}QG? z0(wh1;;g=@J7c{XYthv@4OqHAw)NS6KCm@EQ;U&x9CvXq;_s0c2|N zT0>%gPG$3bmTH7C4-m9L@gEIfms+!@$>(74T0xu&KVhM| z=ZeTdNfYl`N1UdUq!pL3L@3AhgJ@t)k*5N6RT6?^09$w#V~ z1k>O(T_nwVv?i(7>qu$kY9iyWr!hxD^;#Emc6Xwv-rd|8Yycur`6=G1wAXauoviN` z<4!8xxf*GUT;G*fuYV-<`YKA>ljM&KKk)uqdKpBq#%?yo!R9kVDbY9c!N^Cr-=`I= zlV{N0b}2`0KsAo3|50qs`fO4HR{f?WShw5~%E0mP=QY+Ic`GP;xU#@F zaeih%(aqtNc2-@qM4QEZ;-DXXZtb1#!3Kk7_Np1t*7pT_u<|I}DR_jkhz4q^&)FxM_)QM46Yl+ooxCo%)0F%0kSR$~e=4 z(%O~`efGhK-Alt4P3Kd4p7Q|;HCR|@DNUQ=E-g_f7Iuq6oan9*dwy7O)(KLNAYz3R z#QQFsUmt>LMT9K<*T7O@AD5H1XHRG%c@k;*En?ppY0rqhwNIL2PZA@0hVUiW`>`D4~GYh)5$QMM~}j&RhB2#vN^yohV6J5nHcqiISQGrNq7xcw>@1kk1hQD93OLq_vRo_S)F{Mz2 zdOVfj#?7VJy8`8+h&sJ>4MKd+dXTbg=*1MuJh)(OE`4LZy|W)HrN?Z@&#M=0_N~xI zc&-#|M*<}}<8kyzeU-u&KKe$UjGkE^vNG-`bR}G&9z5k0_R;8#uWM+|Vy2NTB!u)@ z7j_x%W@h*!tVqn5Z)#+BJ-6itKa9;{sAFs^Cg-!r&%wyW(U5_YkP$k><=6dGy24he zOZRDy`GQnasgKZyA8HIj^{871IdLmU-KZ?Gr4wzw7@3dgZ;M*m#YhodP{q8N?^jYR z=kGPST$1)7NK?!Jma~J}Dc(E{@P2dPIeX+Y8*HBAJ+g|?;=5HeewevB{Av=;isjSU zE5cPu4XrC|Ks(#5Kic!&1^9w`VK||e_ojCkp$qc<)Kq42|=%AfvZ_L-? zMVZ1!WOzS}(AIJFeNX;x6p90i=edVhm`1IYE=|2F`&rgvxvP~&QD;lvEsBY()c_G9 zNncJ1{mwIAx`!s5ph_FPr*feh94C6aIj8X^ZKq8wdSgNH@<>3^k&lM6&S(EctraHo z_v^vO>q$iC2(6!E>{*R#Gclh;?6Y(7mg}PA1&Dq{x=rwF@Uci0ZMp8t5)gkN=@(ol zl<-FcQu!T4P9+w))bo)%t0ub7cuD5d)0@@KmWlg0Pe~fnOV$DTZlXRJYh1?B37sXP z_Z(#C^X!WiC=*StXMwxrCk3DHx2|>WgGU)6PlM2|F9U`nhhTbte8kO$z5qQ1S3&dK>scQw|j4gf*woT2pvjzrD z!N@k^A9s363OF!yeovs)OdjLnvywjQRj)Kd_V6JMdzCWHfJnJiA9+*r5xHYw)eEQI z@5j4c26h!U*udk*OYp->+>jnvx=r0Q>SH8t{6|T22WYpMzvSLBe#EQ!}b{0PGU0t5mBG(ouDF1f+;Hb1$&w?-67uumwh%r&)*4x%xb3Jr42vyKzTWuUL(<6Nt z@6;jzQ*pyR4|4!asT;9VfpVfdlnUZp&baFi20})mU8XpUe%2 z(aGo8ALf`$#R<~*N^xazZL<#T1nJgZ8HrX^`HP_jn zGKbYz9XQ7mNLc9j6hVAFPG!f%*hTz}e%({0lly%NsZ@=*(`4K#uDj!G`z}DJ)}Sz< zL6<~K8g_CtGP}TG@up8J$i>Z4nptj5Tc%@krcFA_f~cB;X!g1zCI4A2u-pzvFuvdj zX$0Fpqk@ZLc8k_iPxf;_`&LiuvsYhY zwIgYhcbV!^XC?*H`OxUbQH^Rc_NG zxxDb4Y;I!O(_iQncGEp%>d+6cRDq04{uBL7;R`a(#0{p7cl3+XvUCcXIXX>6291uY zJbPJoDWJdKxkl@}p1b250!5a6bfyOmxf@|`7oqf-F z`<^$>9^;<(_B-R;_fGw>pnKI?RkNzsT(fG<`F$$s)f&)&@&%dnO3SB-L8bd44aR5I zG*+2v!{x%&0(?8J{axrLB2=ScJsPmC_Nla%r8err+;jhd$B0*g;OxcmR+;HD0P+W`(zXqDz44oxnQ=2?bhM*cjrmr{hG_^{Wk}TK$qLV^epr zRn!J<*0oTJ_Upz#LwzImhDj5n1gtY*$oewg&Bl+G41XSatp5+h%Kc4_e|sn;@=!Ta zR_wgP7rP)z!6K{2Y+c8uy#LhXw`q_j{1$_lNwY@>S(Z&2J*vDIvW9EoY2vJ>@yFT- z_;hMkTPem6{gORXrSJki)MuXuoY4DT+~1=Rq|1Ua)icDJ;VT(W#z}_Pgo865sIhnnIhtU@IN(|GfXU3zO&b$XMb1%J*MH7TNvKXR9B6aQ@20#7h!t zUHJ6OWU-stSsr&NSriG2dta$ys*6#`` !$XQ`X8wt(r-~af!5We+8647PDoJ_qU zm>lD$?WOkmE@t9-v*k(Vg!PvL@-x@gQKOx*pHQf%Wg^h^cF~8yuapr#uT(rlJxYb1 z!#L36mO3IIASn;&H?&X6e=~$0ZER?*FL=2=rQWcSp15%|aUkC85lTy5u% zWxiEua?3;o{D|J;8RjODW4hhqw)cekWUK+O!-q-pV_q8T(=EC|VcUt3Tk855Fl{|Z zVWkr7{1xOF-2UhxwtW(QBJ>2JeX8oGtg{X z%`KXlC(~Jn#t0QAzt_~w&-%oCBHL=!NfEW*c;$d$1WLIi@mE2HRG`Uk{2x#q+Ig0g4R^D z$_oNdu#jPLttdfUvGIoN2u5OvrmG`Ss(wSv)=DdDAc}a(Ws2mO9U>d#8Z;%G?C8;Q z#wUK3KK;_YFE*w)t-j6F@VqdlUxT5&d8eaE>)44GhVcq9mTE)>M?UC;bgGOMmKVB@ zH)C`tH%$kvD2Rh;leodiXA9~(m^Vme;{?FvslVc!@me2EV07R5f&WG}!QSg}x1~m6 zi;c>s!`tsy-~#XYqBqXz#PYR4sk&8lKLn6Lr&Lc{Op}XGXC~75Yxh5@iqM!D`+m8D zv~wI^f{?RxXqhzMEs0{4w z5l}+i5_py43Vj7{u+Tp%rRrtYcza4NHEi8J*>+q z4sQ86WM-(W=V^Y>Fn2`*_=f`h?UC`MO%esW+$uf|Elm+pw-mJDXJaROp9WgX%63g) zYZNYaoU72<*9M>T1h-E4#j6v`6I!Ln9AnwDWuQu=wy|Hbn(LVA;PlnmL~foS=e=l0)LUsQ`ojRoQ__(MUvtC38v5T*iTv^WwKKH4}|*oqtCyD>7ycMYkiHGVQ@ z5Her2d&kN0UiJ+ekkI^1ZeNoSe9|d@B3<{~XwKwi`j>~Vz2wRI--hr-Z1~H3SgjHm z9&-h-DZiI+pZw}0PxNxj@&tOx&nln>gp%9@p+pl8<@j1lt8$VJ!6iV=lW~}xKMYR(su<4&MOUzfSzU>? z3nh_={7hxelkZ3f5mP|L&*ikJM1>;FW}ln;YG6YvkhBM*OZRBncqzMj8lnxm!$%#H ztiaYk*N0WICJ))uxD-j=*>7HI&U`p;efJ6oDzt6LUC18PlZMDgG(WCb!`G*JPua>J zb#{&MFcj2Cno9=Gn5c7~W(IT!F2 zcyl}~{F(TbMYHBLwMFtVaXW4T3y+n!n(N+fyFN=fVr-ihmW-Gg%XySd9G~$@)X;zE z&08Oz+22l0`sqe9k8@^tF$ok`fDiOX_rgjcdIjhAzU^x@Qh=cJ-(8rIn2s0$O3hPIlq3kI0x6hHv>9ZRGZw<<$fT+eZP3t$&g z(9?w0@YI(W@Mx%_W1Nfhtw;r$)E&KMr1r~?^BF1EnpAl&5=S`^T_XA1sPc6xfOR5# zCZa+c=N@x#=k`~-Y-+X1^!ek(@y`gdNXylk^r!3B%>LEw7LYkLcjViEcDHfimx76N}z7n;l+8>LqhTtMeOLj(o5{nEamCv zF|aN{$6z8G1!?&H3`mnIVcl|G8oRDv#tEXQl3GN(p^t}l*_S}e?~gY&-0v|$#tDIR zdj)nIzd5x2(jVfpU&ioWMSCmaq*C;2Gk6+=Wg3ND2m{mrQ#;$WPr!0hDONg0{!auu zw9zFm8O0pji|k&oKg+1=#RduQ;6NTDXdsaSx?)!6O{{9ig#try#z}$mWby)Ix;^vQ zFT_d_pqh$+Vpi-n?Y1y&$mi>eR2V;3$;W|t8+<3iN!M@d&mzluEU4@}{70??{UdA0 zX@a(;@Wf&_6X?DmFt5gp8$uL@_R6Y0p}AOD)rxTVS-f5c1Uf8%acn%YIj^*FvE`rD z+n~X?&>R*%o>zLOd2NUKcXU|OS^gGi_x4&lmA!rUVg6UbL6zBGSWV|E;P(eu(Yr2q zQPY}VGAN*Yr0)Wi#KT>)B6~98%rf%0Z3Q1nJH~fe#EzT>XB1TNS1QNEqi9taU_)Df7&iy;cK&!XF@Fxuisfg(9}ws%=#4JwtE8tIz!HLo35DzWrFKXafiBq zlh`q~gUMN95on$@vCoY?+z`oco^ScXd1~G-Shc(1g^OQk>JL`z}lC@6Y+T0;`ycCSiAQXa$+06CZOct#g}qL zR5pXrPP)hsDa!{HTb9Ghkl{pNjMdeVnwvRLn>5oTf`m<3JyR{Ksjcecj^tzsxU7wG zT1iYR+307M_=-B~u(!1}x~QdyO-YFG`M_K#54(O$(N)bp1`sJHGD#rSqF<5ywKE0F zfiLhIJ9|Yx*bZp>sK;)4Y*ekbTLJJXu<`k1%E5a{26vStyXu9nNo*7&gKCi>q8#aL z&q6pLiZf^0eZj>r-PNGYSu&u{$k216xd(4tL~|h2>%~>iy4j_;USxgVu~mH6cWTwH z@zg1rdaw@Pc@zuwx@Fgz+@)WQ05JK>cR_K=(a|x^D6WOEAVJ zkitG~m9uK$45wrB^uC#UMHhbTpWFP~@_z$)%E)>byov#!k7%cg^e93>p^+K?3jX8~ zDo9QpW89u@BdWCK^izg4ceNYE=C%Ny{)xfcji`J6ZSY_61SLJ)@9uSHqElj=IsJ3z zhksGsR9j3|G_-8re7%mr4O;XGJgtGfcUy%${N1c^3pW=2{gXiKw{!ERT;3GPhpsHHVH{oVu{g zzCC=10(Rb*)S9?eOk>hoH=6#f9VnTxh<{w4s^Q}N%5AB6dr-Q%tc|G8!)pCu$cw#x zJ2tIe%6T_aan}ay>F|O9nkr=7rC{LBl2L%j^(UwZo@v%Zf87z%!Gkca<-Ezl z;`$T7g4Xt84F#V)%QQy{Ckj^Sqd;gQOnh%!wyK{C2ew2}g5svH+TFMY1j*+2_sd&LeqD3^d;>2F=ILeE5A4W8+iPt&q#&>2N*+|o%1D3P zl9Q)Ohc}VO)emEgwtPBQY&$Otl{&|9eI3=hvF{F*x2oBKAT`~-YKi)A@?>J3ATm~I zQYiIeA(r=X5xW;GOkK5lm>U|j4P|))?U_z#c|%oUeYETAq1*IO+-bR*aTL`OJ7`U7 zm<>@iF7X{o63tVac9xbgv~1lG!Q;;XvFFN^c_$UrH#X_V-ir{=-S$ha%#di(lw50J zk31*~gN<`&3Y?Wy9}v^ioHQTUIee0=dbh=^8HX^f1L-xLKP;Xp6iSFcIckD`eB3#8 z=)ZnlE74PemSx-s2G}%7uR1=<$`;sjrl(dc!82(A()B?}GG2sHxz6r9HYT#E$`v zH?29VYzmToTX8kHc{DVnXXdLN8Z+igxJZYM1N}8)X5tQ^NJ-9xG17P?I><5Dh8<< zXJ$R0Ep)PXa8}eql$oxt)=z0Oy-tkaYwuC-MDx@pRUivEuzH$(ZO)6#Vqy!rB#Ax= z#izulPYzA59W>k<4DHv0!*opHa%y}pFD$syNx|Ct=4li#{vxr2x+P&tvyRkN?vm|d!heA&C8p0np|J50TkxpxmfxURf8 zjXu7sbb)y`>Im0*8F|T)PWpWUL?BQ6KXD0reZUZ4VFFE?UD;lmkqRi780N) zQ9gFy^KI;`jC*lT+L4gxtL}`yu$Z>8luV@*8EkOoF1>zy2$=Dx)%rW;n%DnS zg_ho8X`|yej@ANVtev-0|3f$99wL%+{DjYN6SmQ7_U%G?S#o6+_PqS>*P}CO!-k9+ zMVT6=gnutYHnvz5a+{8t!V4SL;4r)|H)ZYahJc&C zX_Lu@`s)SYH*yub!l=(>3KC4*%f0qSrJv!Idf=xqezsM&;a_$1gGC6OSdiS(yphqi z%UiXDB4BD1S4CJ7)Kbnv>1$Eamwz}%|7$1y>p_Ry56R#a{t?*O&9`nPv@VV=#}o3k zA@3N8REQe&#eUD31P+gT9%EuK>=KPmWE2L|=eO*h6!7lrNaUtv>Fc!>pW@vgtQ)Oc z`}!?i1I9N1hT3)}SuTB!bjV`<&^8>tqw-iUtM!#z$@ZY1qIbT2iVS@F=2%5-(MLFCa^IM0b~ViaFRKG z6U>f!2XGDD;-nbQYfZW#8J|9INE;St$&|i;O`Y#Q6-)4LG=!XW?ipcK1zmbDNQN#E zy2|k;Qyx6R8Kmrf*87kR_$^&JJOje^HYni*lCvyBWbGUL{Kq6B<)DVdye(F|uC;|p z^vos+0?$whUU-;xX?H83P`_`N-`b0Eo9(T3I5P3-=2c+f{bqFVW$A&RJ|1I3^+~ka z-Ve9q*XL>SPJ3KQZ)!2Lot=9VPiB5XCztVWZ>uEsYhp@C4_uxWyLpHWpyfpdZ;9Yb z9w5mYNS}J8H$kU2p6kFCCp#5yYQFJe7!$m-wyl~9%$HM`;@^dbbtwCchr7(1jw~=T z)Oz&Oyi^#4M`kaq$xz^1i!5*H$6BtImTq4LPK$a|f|wj#uOfrk9TqD~j)xF(%&ezwNrc=`l22IlKQ@*28Ega_;LT(-5BJq^ z4CDR^gec!QkOZ6+WWG0P-#^5T-a}Dl`Y$nC7VU#b(HZGv;rpy@)EfyjuDR~wNxFeo zGmo^?K~_V2(+^&Fj#k%@zhX$Ru+yiW%LKcHDM=*jTI=4cSxEhQbJ~1kLcPLcz5R>+ z8~-Hk$mrPa9$Uzu7fiWW9F!AZN zO37aSg#~bBAFFFuZ~NJ@?K$MD7hBINfqY|23S-8w%S1Ay4|%YOP>jSh6^8=BPKtiu z@(MSD8eYu?6+3hWDRDjSi^Wckw4H+M`?#N$H&Va8yRc!aElqp{bI`4Eh_)LidUM8A zC0A?PC>(`B)=_1U>mK1l;UE-ycVG`GNFZ=lJqUyM&m&e!_g}`tZEn?+Z5H*PC{{0p zjCMxTlfwD>gmOm?)J#TO)Xaqk{=yP%gvP(Fe1}Q7+P1>0g8Fq{%v_{Y=i%1lyM&6j zu9hcdKtNan&5|xKL7Qsj=b-&hh4ZT`f&Wroc2?^BGn^xKxqCAti%kzLjyxIP6${s8?3 zP5+&B4nkxxEl)%8q(0$+jFCTdOUM+%fm{N_cNkamMTkCpRFZ^frt zI1^*d%><9u^veNFzTzau%4>^*NtCV!SpuD4`SPpa$$%3*o_?=m37*enc)f!e2PWX{?Wru z-rfktl^_Vg>78A_1uU0x-OWQZ#N-9ySTv=OMgvI^G*~*UUz`uCksRut&VA{P8&;z= zJ8#9|bk_X12`P1*-cZy$k!hvwXLN>$OBkqi6mLm{Y3I9Ci#IBv%iakYx(NnRkZ(pI zAAtTOqL5IkjE0jMv?fo5ISf54KPL*lBv7LXss_J*HcJ43*Yz0*jJ^6~-DIqPFU1m& zpH$k9>kby>9IV2x)D8tiB(y=<^P@e=cM2rBC8qKdRmjP40{Vv+qt=BkbFHhYcb-0Q z|5>}{c(Yq@2XO0X*Yv6oWr55R$PK%Hivn{-C%j`j+dI~fPMIcYl8fxxX)o&8#S^OD zY*;+>DWh`AA=B64M1G`OCi{K<+w?E2)$sYdqhqi8JYF`6qB?H%JAiG#j#0Wea5ekdhNA;zo~9sEW$p+WEi#+2jLZk#ELTQGb`0qM}KmZl50KdO`Rl=E}V z9a}gI%w!hdX6>1J6=P8;9*xxy{^&0(2Gr+~;OisGi9#6%Ka-`yyWwOW?Vwsh?b^Kz zD-@Nf>;2i)Kac8v1H%0O6A|xzk`&dK4A%U^MNR!5iDIF~q5LHMM6hQF^1~5dBa_-! z28*=B;nrqreK9Sw zJ(Pz+%Qs)$ZQiLPR`gW^Lip!ql7mL8HDEr`uJ3B!GS0engrx>yXum)~7a}9O(We@g zdyZh^RnaV9FKK8Tn(7kp=sP%Sag1@#`)0c2H~6N!XWQ!0N^$;;Zxkpu`PIM&D3WR< zs`W`W>kFhKNP#6v1Yp$gt%iDwUC7{PR;eS~IUMau9zJyamiApcL~wZC#}W}!1DCPT zV@XqI32z;Y7VnQpNAdA-c{k0}0xK@is$eIS32dfu0n|`{MfPl?c)!P9C;A=Dhn}Jr z?-cG#mxMg1l!~XEIES7Vl@DfaO)Vx&}AmnA2P@V329KP@z62rdxLFm_<{J#AXqkL zYjO@e^OoPJ0ZF3`t0*%Cy61$#a~l~7zPLpel{MEcD)hU#r;ArKLCD62o5c>c?+=wv z2DMhs&Xa{onD3q;D3lAzTf3*arsA#=7+jRoX82X?gOz8vno8fAJ)G)dqYua<5%vtC zAne6g|D2}9fy}VH@zH%ip7P1miog_LsbNiS!rQo2rHx|+Bu#xAE%NGe#gi8W`toG- zz^6UE_*(Y!&OIr$)V?pvoRaDxf{#+g!R(Ti@86! z@mY7y2F zW*LJ@BCH}`^ho)&&}xgHZ!DhS&@TDZ|9YR3+ow2H3NOl8h5muV;H{C8J+H4$yZ)`I=wcSypireFx^rp7uk!q{>n);zwCCt4Yv-$89YVw!a( zB9VmsIXh5*@O0e0;{EHR&vPEdcaYlV1Y40|a>Ry|%$g3TDX6~}Fkmn#%F^>D#neEm zXMLw7aeMNE#8g;G2p3R3-Vnm@PI^0I{XOj%O<89E5B zdz%MteRcSGp~r;^NgM2~>6pM7)^xdf%c^Q6`(j4UbGOf}fVAbjEG^G--AgFi$=mMb z-(YM1w}wc*XIf6b_|u}p4xug{^Y$ta65KQQEeu?`ZA&LJeuDTjXy~TE9V2u z-n&F2ECer|0$^g)#EqugNu7de#rRf&l6GvMBTR&%8&5SpzvOB}C9!nK2pBKggUGuf z_AvUrgnrFjsD7gv`l(sQ4zE#?w!WS5T5zpIt3lxFOZ$x~P)XQfN)Le)dKc_0zL$c- z+3iQ&kPJSLv1ky&wya3+rTl6kYO-Nh1?^9@qa|Wovzv|xk#Kd4TD?9{Wg5Ar``A|! zK0p0M@z{57cq-luNLE&lzJ56%;nux@vwLBjabNbGs>(+qyQ0HWg2cjZ0S{B*QFus-c)J9q;FtZX*od9*yfy5Br63 zOOV+B32hTx#8d>1elkNFk+f4&lya8MJS3nxU^I9?Oc1Fl;!&IbH9j_3w7r|c3bO> zvs2HfG!(9b-$pi->Jr#?OFa{K)I7L~S~EedTVZ!M&sz5geX@7+SZd~({r+pRMFQ8t zQn?vjFVO9^5px7}u5M5(v$TIxrDj&ZRlP^+B8AJdAng_G)YxjBX*qBdA7Vh~fe?(e z;PVWsuyaZldjX`;u!rc=n%)euSSuf?y6tP@>js#KuBd|6tBPJ?Qu6knD8Q=jz5C@J z*sT0KM;wP}LyeQr9nR%!!UYXqZwB*_ORcdQkInQ>)V{3A`J6zWmh?oppR@HgoFSdt z&Lbco?M&=x{qf_tV>Wf>L5dxKOnF@K@Oo&wB46+3hWj;DD7(Q$)aPbzxBJ`YA7Y-W z>n`7z6V|ofN{oeork$|gu(uPxU@mkRN=4i|xVX06U-n2&kF9eTQuE*x<>;rB|1*yHm$)f%e4duM62 zjh$F4ue5qu=W2Uu@OiY$SurIm*X^3nW7 z9K1~YO>gi*!!LCC*T)v6RJ_+k?M-JgSjC*l0?V}7FaDU`|K#$Y0+9Gm>hpifHt*CU z+&pW-jl6Do!NGA>e3Mfq@3@rB)<)8WV0WZ%mPCV5fg)XEetw=-3UQiUKb717-*O3z zuMu5QZi3npLi@b|@wTP!X7!#K{9?T&W)y8Mo9(|1Ja3EBfrZxsD4Yi^Kt%7*Vwm1(-~QG%geMiH^~$> zo;GA`bOkEgl#m@N*yR!o1!}GzKS9FP{G*}i z&}6-+Yd#!&O$t81(}Bl&ot47L@Uy{1RROb0BN(6f(BdQIVM>>$JI%mo;W4i=n(au} zqk_ z=z(vHEJZ-ZEItBg<&r5yb%PY4qyV3w8Nsj^FjcasWNj%xnxHM!f71k(v3CN>Xuxv) zTv@!gNCsjvc|1GvkkI7gVTxhktb*&dWDHmLtfi>s(s%L$rdyHrxn-{K2y=k4aB+p ztvydfhs!&MW|Ot+i?L0PK}oxvxT$;t&GOpk=>(e;f-}Th5`6~rTN|yNDRh~te*7O{>9Y4sc|NK`6a|n=Fobv$OHHdHlusmJ zjmPfkN6kE!&l%~ad8Y>M?**5hCkeERNtJ7qFl{1YzXaPDSS1@_He&Gma6fg|u z3ZDnNE+(+|xH(1;Z?GSXN2g^O)LfYO1oUMJ`aO$QOfu)h6BhMrDZVx~E4d~K3;WbI39)}$M_dcQ76VbWES3qNT2FJ6Z=8kNxu zEmP0Re47~pr<1TlI;zi__!t2m&oTH(3vY->_*O^Qs|8#ruXl*dN6=69+bFKahnsI$ zLac<^|RFLYug*A60t0JV0jYipV_u87lB1- zbrH3%hSUw5Um=Wc!_0)-^swka0kKIaDYEm7fwUGLFAaiODFlmJptCTn`Jy$(#Sv>lTZPWEf z>-o)l?T;=%L)|s5kW}pro~s1Lh>5VA!SUSqK@TvcXDX-%L*+V`(K~obWA}&x7*!E6 zRo`0Q+GJ?mg-qm6CR4n)nOln+{?6?#te@trw@CU^^H^dWE*TNz+*)<(t@+>(Saz zPH^1*zH0<_;m2??M|{FFP93*#(d?qvmEjxl#9@E=r~g=3hfA1%ktd$c7TT9FGLcR3sQ?ihL4PWTh%_WISp)>P`ebNt-7d z9#TsMzPl6!ds3ohp82%uxRt_4Oq|1+k>#-nyTle<|6zh0#U7mceeMCP!4&~%1KKBo z@N*gHC)@%Dh}g+1p&4SYuD^-!?;q}|WE~`%Q?nR+RrB)b)n|X3aH;`O$gm zg*)4Jotq8%(s2x)XPzE_zli;h7v7*v&H_nZ#h&Xnqq|waJv_bnyV^K!B)HJ{g6;^D zi-LWm!)MVhi6OoE=a>H!JHnzx!>IpfvZP@F^ddwI7@ycU1B?`%E={~0<;mLxKIzQp z!FVlo@@}Xj^qj8Um!>_X9S@?NNWtW2N3f&uVgaXhWq#579jPdXgT}rE@s&zuT<=Y# z4?P^m;`!I8Q2$E`5pM)y3*2@*Lf0J0x)b;OFD(4L-nG*z!rLQ0`_s^&CeMu&X$U27 zoJsOGl~P#Gj_LEuMPuX+QIhiy#EZ+x_P$7~qh0|;>&S7wy>hAE@6Xa;h;(yvmpA^i zQzwp1vAMw3y)z$OGU4Q3<8LK&v}Tl8_985_(V*T257C%>ku$drrVzzeg*kavycUE1 zhZFVxa`fB-m=1;z>CyVL%9yr?L3VzRk;*4ye17V20;T;(iX52qQgPX#(ZKSiR#5TF zno(X`dmX&a;R=Wu_-R*r z{pWoF5MTBxSTe7L7%s}}b7}aX7ws88v(KqJ?qcpd;tHBB&Oj)am-o(QY^Ma?ltUIbo^jL$83$<3fwo(sLDFP& z5$3s@y1HZG={EU1zAWY{)OmSOrrg|x@Q5TbGC?jbYi&Ozo$7x)9g3l(%Nz^m-AzWD zEp;zCMOw%88(NvWDODs}Efds+CD^)gUyqH&cNiLRv}rf=(%qbDt7*&xHngQd6G&L! z;EYxo#ct823yh!>s#U98$9(kw?*~qVqJTbhwXc}Hzzm%;QK+{t>Nl-b;BmF+q~`jH zlF4Knv2<8{Y-@c_tx2+Pm1<*|{a&1~mRlps5d4rEm3#KAO*Dr@WHchT^M|#uJCV{G zEw0@b!Mttb=o$}g;qO}h@n0nj3eOr0CkuQ`WJ1|5zcn%q*c#3Z9WDrxq^K&d1^f1PpuU4a9%oSRjDa{w6x3h{2Hw47B=vC-tj@O_u-}xsLvi0 z$6&SRuA3CR&Q}9%z$ffy?I5I10ZM})?e z3a|gdvMx)i96`I24^vlWOC-)N(XqBM_K4jLi~zBpMPlLxN-UrvTKZC>z-Nbg`ZA-F zjSFX1*Jp1dVu+5IARw^{hdD1`MhBA9y4ehn-loegsR(jY%`Lnve|NOzus*ECArXZ9 zR#vMvL{Q)}Z+CHGVj`{#ReAZ3ejOfT;`v+D-rMk34=B75w6F`f7Au95%Zq8X&c-=I zt9hqCD6^cZI`A)#$=7X`h+Xg2R)}Nk8Z4W~MjR`OHQ1P|u1u9zICPXYIJLFV3GDdp zUXd1xi9^nO=PaedsNsRuWEN+g;b9FeGEnbOscUHzP@jqMHOIoQaC8)WU{Ov?y{DFH zoa?z!pZRP7prwqa_olzU(8F4kS(md@bas@sc6NL75v6%;^9Q5^w(T1^Nn??vn4b9Uc8z}p3 ztwjc+_1TmFBns}@C}(Cne`@G-a?$Yg_pA4@i;%c=n8J|dg#)*SledI%$6r{NTCf1} zVNoD~_SW!V$`G#yDEZ7=O6=>8;mhtHki)IgV0FJuu^v{C#NG z?~k`dKNI&;eh?!5&Q$h871v$m z$5Ndn%7zoKyZ;@IxqoTwX}}WWZ5a5+c|eT6F~k*{!4>C{#>>|SOZWrbS1i^$Otoj6 zZL-dB?musR9e|Y%Xq{uMcbx4m&>xn#m7aW9zMUXy2-&Ak$-97m#z-z>n zJ+b;%Z`Ner_S!GY@mI^a3DjcqSsBbsmWwW*%_DZaZ5X-*{GONh2DOaTvQ&hSkvao> z0w;4g{X$ebYI3L|$kNRejLc?ddiV+&PnL|{+^cva!|W$5m=Q)RPw5hpy6J5Z7977q z5pekES@J+~1_U0jqCC$$9ZJEfNDaG~cWNYqIb)1+2@x#kcYl)=8~1>3;9ZnvU(9ur z#Yw&-p?UM@po(YeXeQ9nsmA`)C&Eqpeu-V#@>|+5%;GoT85cPxCShFRtr6%WfzC`N zuaxvK1Mw+grp0>-Y#K5)f;$H!+tV zZfeCj_FX>~m-0^+?#*i#NC@wg8+dbSv$7z$k~l@XNeVR-lBvCSvYciURalaooH1zl zK&Qr}3Wou#iBXgFfZX(wq@61;$ZY|CT%uo{kZ5XueL^kQn6waHRQUPiJnpXc7{{TH z#6j8Xy{f)Q+;0DEv6V~X0^Bg!;L+X3zln~47o{JD_VavHUVXZ|3`G1a@zD1%q3x?N z#B7z*#BG+~nLlX-yy&7_HjZlaiC%bE<4T(eh2=g=*{pID z3bJ|jB~`rCF1Vrm6-$!Zb|r_Sy3bkci1!1_#PNbcF{AqEmIF8YH1?7$OdhNbu%HXd z`)1L^d71WIk)ZuHP(2Z{jtefQnp_{48KYet6|i_cwfTd}Kf?0yrnXV<*>b=+Rbgxm zE*sc9f_rch%W(iBgm~hS|HHoOU2^%sI%PQE<7*lsU$}-1RMaa-f^P(#SXyL9n)b4$ zBPp&%gs({VP5w!EU2+}_i*7gWFimx2nmJlhR2GqqekxrfQ_HWqH*z+zmsl|BJj(Z3 zT^cXJBA(;`AQ9-&o)_MUK4@*6#l))oPd4bIrgi@oRQX!EhpdT!$E)MG6+wtGD-2N4GGE9Y@W3CbRCUyn6oB78;Ij`?Y*(y0s03`IiDaYyV0bM~uC@&}v`BK*S_63^eu zk)~q^C_nzW$-k5*W}dv6Uri?YS3bl@8(!AmbDQ|rQ-A-fClrzGEQFfHr`RE5GT+l5 zu)W=O(Ib+&8n_-!Zr}Y?8W$-#ne+GhfBTORIkQ>S^V}rmhRp)S*%Y5m(fRA~wJhg( zWYprX{Jud!9p}FNLLl5hbOfPqbTOI$=_xCB?28EotCD|jQFF4;K}+t=u0T9nzG#`D z=B&=&XqTR7r-jn&HSYJ;wjSp|wO0s-c9_7l5lzh6eM|d?^&gYo;=?BEE4E-(+#BIZ9QCC$8$LD3^d=;4OGj*8pF42QOWAg|0;tSy zG(obzwBMNc93zoi#4@TaoL0K$3G%EZ-&;io=>>iVB;g-rHzSjVk>VbE$o7o(uNOfl z9ek#@0R2vKB=Wa_vk#So?M>}j+8lDf&J^OF;8EAt)*87XZxgb%QzrZu)=$iu=S(QH z^SO+f`R4fR-)S=CM`_btcxfjQ`N<8LRYUO`fU6Fe#r8qKr3hZs%SJocX7$>6$;!5`hT&Bl9~m?`XU zu%>j+CDDYXqx`*YGSztBVHv%cB~hE#|0x13$13mNgpBzgGB*4V8HrL-nwGWQC(kW{ zX&-iKxyN7BTx%QK$Wky5{!!TgB5J`b;=Af4J|^hN3H{!!ymk!FWX zm4M^Xq>;&Jn~R@qMlZB2C0rZn;Brs9PKDc3|CU^VtMtaczd>4zkyPnjMqOs@O=iM! z`wI7h+ICZgGp}RIphLc0Y(CpE^wB1+K6ysOd|IU7ew-Ma;=)8iwm*-OCof;&P>)f4 zew(F})6eZ0JrO5GCcaH18Vv2wF`sepSZE=gHb5Akqk8$8~`J_d9V|b8A{irg+E4yf3CZFlk6a^z2U0E&i1r!`(#VvWu2;zD+3{)!Ffj_V)&Y-H?X0 z7-wa$+Rf*Ey9GFtZiA&RX5rz562uS>6@aRKZ!NHiA0n02jPb1m^ zV}77%N-#(GRAPaIE@i~I7^F!=@9mlYt87F+JBh3`8O|AI!&K?}ee*IS9rFve`Xc!} zA^xvbexFvJc-jYUYyM^{yOH@)ZbM1?dh;$i^u~0~OUzbF6xGOX)}D%9$M7vz79Uyu zg|%+~b!LyKifAr$*&Xy3mL!@m+rUg_pd$Fh&gQccEwSmss%V)l05t#eD z_vul&P;lf=07}XI{XDJAI=}bi2Ot`!TsYej)O{^n*UR{gb@WGC)wx7K&k@sQCIzO; z|9vfHEdPs-)iH(ZRg5&NK&?Wi(Da62diefq!PE?wc3J(Wh&Sr^tZovUO~%@R<$^=Y zdUxo<0y_;O?fR|O{1)EtrCiANf+*Rws$!VOR{^dDcaHB`X!88hj8UYtu8=eP3_g7* zoZTZrzTAXa-4h^{rS=82lZZM46k>1*JenHlod9-7ZFYvCsfGgQ3NFFn^oM4*@YiYa z1YC)u%qaE2@8GzyVSA<&HpW>E?%tXT={4>0To13@*HIBeu!#J#E$J~0t-7F`HhAJT zs^bUuplSBrBhcIk*;LLDI(9axsQ>bp#QU%3_iIHBz}xAzgHE^(8ZP~qsPZZopY#Wt3OAdL8yjMQR z$NFm#1#U~`)%-j5-~Yw3`;UM8-)w=I)NzDab}ogUy+*}=if!*}2>ykI+eu9|_2@Dh zN*BJjkaD^wpFmwH68z)TWWqO2eth+_;I`o@R7Xg#9XkkW(}K6u3B5{j!*;; zmK-3JuFxQP8Ch`n^q0|E(0PMj%8{5be3af}1#iDm+B)_tZ)~nk)Q0m(zjsiy1-E$_ z0fDX)_0uM}T>a&ue}`_XDUR^k^w(HZCIimDuz31bb)@8l`ctiaKMEC64CpyaSbTQ# z5Rkqnq%2gs{VCeXlb4Ebkd)0p@5$ca%)I;)hFf)pFWkonp%+dqcZOclW&_J`1-B59 zsBOpblovdT3bjwK++^mgB0qfo;%v_so97wW9v3*XpO+DPPB3iZWE+M$>uLOs9_|)IadqxYNj1FxR!wlYI5(d*<+ST(ffUr7-F1DwlVOPT7WBHNKWRx`2zs&1c|-i*y>F#L2l|vb(>IJ!#Fg$}d(` zrqT>crp$QTQ-^PVVFip@a+~%TQ$zFHTE?hoL{vq;6TM=*=H{}w-BVMv^d08o52X%J z4Ow`aTv@uV*8s{|0R4OfT`*;M@J=1Rc3gIKNtruF;(tDnpxAgGbxoPl_FlY4ypt{* z7GGy&A5AY@YZ(?TwXXFU+?uC_A>L|SSk-6ez{WW~90Kf+x|X03ez*}TgLs=>E}XAw z-H`KubgJ?m1E@~8P4RY1YIf}bQUAEf`u0K;)w44(28f=%LyeBw! zy{*p_Ajd*7V3RtscEL#Pow~6?`+uaEBm+yG!7A+57E%?>+mR{XXyW+4A1GpSS*5vsQOk*Xrr6 zRjaz{TdFm8Xjty`f|kmb8bj34oiB!24lDM2di>}T(S)2^)cU1&X`p}JGtN?3sYT8n zm$}`9jNHDMrsOSt2To|>s%voyp#IY44!;VoNbQhDs*9N*(k#Y^ z5_)NW&cxGe&YSU+Ze$3YpD5}>ngFS0*Cp1VCP}fmD;-0>wk??UJEVg;d527=-l@v>8%OdfL zU0I&ubBUA6q;!yWZi)W#G-IT+u9hfKRpCBsO`+GKjmc()^(Dm;`o&N>sflo)8X02$ zW$PXomsWuB$F?VM>Ns#2p*mlkG|Hgll1R=dR96~C5hDGAh?}ZCQ>~g9`H`tTEQqLg zVr&inb%UX`hoDdaXo0rgjG3z4$B*iJ))X}^I=(-OO=77}7adhyO0T5g_?Eoz4TfK$ zuU%26zj5_MvF8I>6OEhKoN=+EL24cCmqPWac_q}qX)9^Yk>{}4F3`6>!Xj!8IMMs& z>~)U{cijFkGx0#`)LhGw-#vTO*=)cQ!A?eIY&)d9i+7~OTpUNZ1NYM>I0Mp4cJ$Wl zy+;x~-+>q1{I1>+uacUP<`b-9GCx!q8s8uSDDbtm(m%c4v!b+MWhfJFwwz9%;7txaYM;YhA|%ap zFCewhqMJYcmjO{aAECv$F^929cW zn$21`!yZg5sAy%MeS}XHu4vwnDDv7{nZQQ&UgyhoqGBV<$Ps##1aevOi8}t}#JNWn zByLvynlaEH6qOy?(u}^uJTrXMGafbGagr-Hne8Y7a39d)DUZd@**)sW)cd`-qb11V z7jP9H+~~$1eVT^R?Aeb

    D~&ko~h&*X3_Oym+LLqyyVCf@^$D@_tPPaS|WGz6P^e zc9k^|H5c&+{!UkR8c~m=>MDAs@tPt#sd^K5%uCNg4dahC0gsnG&k+WblAC*-_9ykq z^+Lw_D}3pp1o4*MNXwYsYH)k`6U&~46?W-avUE(pC$~vvNah%WM@ban^icCmG3y($ zCiMomW8e{b*$3D30<1{u9jI30kEZDql328L!{v_{&%k91`100@!a*t2Z|&hXJLVV; z6?yvcy{-|o$~J|8hl4HQqXdS*st=W&Rl7v|H!OKfAQF)PO^pJ)?j6M41Gp0LXfg!iZ@(ff2}6wXG9rQrm-QltAo z-NZB-%xv6U)7bb;z0AJ%v!$bWlkAyLJ5Mz!x}exZci9^r2y%h!02W3OF`AZ~as?-9 zPi(ac)=U&9j5Rp!A=C5UnkjHNjT$1jG#f-f$v@xeFO2Y7`u-J z@{26;C?-l*dor#Nc0BbGNi3@xjdF;SUuqC>AAO>f-LBKXEjhBG1t`!r53yI_NGxkc z?;^iC0h*$nJI#MfcB9C{LI!QSDW0yWxJzB8jjzo)-C>P+MZ;q4Ue;hT!%8$KJoZ!$ zmS^WiDvhK>EP_YfrMa3`S7YQM@CpH&IYI;o&W%!~yx^tDGsJ@z8Pz&9cGw z*ATJ7p?HLQVSlfPYB?u#lgvKUG4O-?q`%T}iW`Z#M_haCXTJGj0z1MeKaP|E`WbSG zzGOBB)+aWL%HPs5na@Oub_Vzj@;DGz5Z)yt`>>He7PF5zT3zr+l zwFdduM}jt;jZZsy#Lm z%PH+1PI!x?mES(@!pU1ytQVuG^Y7YOMu$qyHgXe_xD8+0yxTR&fv9AES`Da=h=>iZ zvr{>{nj!nbN%_WY+;v)IB;BNhEGoHYAbi_JDA(jXH8G2JH;X%lR5-t?W{9&$(1jkV z1QzSl&OhKdpXV{9)WkI!La529HYXQ-TfG2WNWt!+yREd*^{`*D8~*c|TU1%^{ycZE z3+pgnsq&^gxr;c(Zq<&DAIV-n`gs!ByRHrUrJMEq=k?NoFEB*Kxt6t^>ZR_UiJ_0( z&;7RsSD)T9c%}+lRja*dDTOSAWVTUWnFa)%^StK}lbvCU67&%%A^;2lC)&stZ^K$H z_TtW7%We3`{t!);8R{L7(2O3hYq70CD!J56B4LJ8OP!UbUFgbf7rX(KO??Wa2C&1i+YS*0&-f+#B$uQNpMqMw z)YS9?Nx>HUkRTNP?xz60)vbcsx6J&j#lSl&`iiJgTkiSfA6Ot_jxcVP+{7ZLKsCF; z*?5qT2fS<`58F8`8f%e^vU>v`I+nwgH826l{d zF@Ht`n;w^)zwS2$97oz(skvQj)^JkqWK>2Yr1MTfCT3Mi0HQ}*#_z(S!=5c0=Vyw0 zLcy-(t13Ct$wcTqZg>`@JChqF@J_h?w zhuy^%s2L=rlY_yc2}s^#Avzl!^HHszM?KyWzSW`liYB354X4X@v!V(uy^9Mc|R9EaEHKxw|J2YpFBJ z+Le?fdL2n|SmfsD_eJd|hrs7-LCJeDf|{H@cNN?N)pG>;V>!zkMI0im zUKnpZse%rwOOM@4_De+~AvpLPWznt%XY5w=k@)8BG0SsxEtl<_7E>0h&TlZ!qAW4I zlhgd)WiT1ycC6H@Uam%K7LlN<&G&t_PN&$MhoYINCo4H{T?S!-K@!h6!>(N&D0v_8sPA$3>GRAffOs$AXN<=>h>V>qHDk2+h`TZ2L+&Cujer0oxCcp4E zj&K(vNbB#lZu@@tWuJrzz3*znzez<`ap^(wPQc@-&e&MGyBL0bGBl}J`0?!$VdYUa zgRGis>ok7@EY@{+=`#63xDhE1)6I*hZI$aWV5h;PL!aO}Dg#B^1xAU!4HE~1GVuo+ zi?G=hk~(d^8}!F6P4Qf}Beg02;^d~zv1D3!&`K0BEKw+m5Hnv+=kjn4%+}9Uoy-7N zTrd!@#Q-bk;Py5dsXk!I(Y<0q!~Y17z~zMhbby@jlj;4eFF*8;6rm>k_a5Qm&8PiR zX!LEAu*w95xjr-O4wms18-!UBgm#^0S4jD>n5_woyIDfa3Jt8j`3|x+zjr02h!L+1 zUB~A)ApCH=Fubb5Fdy$+LDK7H9V7AO2X7fY{QxhHXHcfx3eQF4)XlJSM_P19-*fFr z<{8z=kt5Mxcwf6zN@m31(O*Wj#~U?+Kh^m>m1hp-0PX~Acvg}khda#&3ruxDx*6M7 z)f2N;Dkb$NtjeYD9zxy`x9q7)bj*97$V>(4mc-wGIOCuD+)L;<~(ewz*k98nx-HtfeDegg``aTGBjS7I3bF$g9JxoV(a(9 z@EzNWfxD3)ne%YL!R?)V!|mLNH#8cyy<|48Ff8U94`7xD=TlH48fN^CF|fv}c1Z_G*YVMg%Q(Dg+1wr;2Hp>ouJ|^vXSe*;oFQ@Fm$7!ns8xvxwLms2J-{?xI z%c7BDs8?Yky-R8ZxqKy*_LeL=HT9+*b>-h2D_=O4Vh#EmG^P1>M;6GSt1DFe7kdjR zG|~y7?miEU|G;|i>m0|+{Y49%lZTShsyxsN!lI^Fhui{{f5m<+)wa-vUi|&i@NL!t zHyJw>kZxuJ4Ta|rXN6786(Z|Ty3Uin0aDTA}QF_E9FtqyN+ zMpZb@k!g!WYxDMU6EFZhyY$N~LV&wL7H{l3WR|DLUffd`CzOpr;aZ{rrU;wj0M)_! zJL+3bD_u*4bnlr%7^GN_m2LYPaduHTn-#dsI2(^nJjf9}cujstKPfqRcN38Lm-^$mEG-KRgHg%MYDh-jLjC(7#*kz)$i1}sN4AH| zls8dJIUl`!OhpESw~gxaUph~qoh)bsa=ssSy$JiT${UqnkynT!;UjFAOG$_e;O!`W z8DHE1A1-X3<=V2DQlP~98njR5c6uVV)bxAG{1<+|;(JB0Qvd$qt9iR84Yau$9up*H zlQWuPZqX{d$VAmpDyOlUnIl81dSee?BA7i^4B247L~-o-mV4_xgH*Frv?sQ+d7(=j zKKwf$yGf}<86^)ZDAa4f{dYj}t8!J};rM)}8FlRzn3*Mo6|4ONgj!+*$vx{>4iQ5; z*C70svc4HTQd92fVrvoBZgK(s?p}yEU5iYHU3K3i>19&%A-9@_#g+OemcbGQh2yK>M^Cc{nomFC{c)4mh5{WJo8-!Q^Ya9 zwd*$V_=R2H8ZUoBmmp4;Risv_QTEyLMuLDY$;0%*M+EtejqP{YI1N^5zd!Wppiw=` zQ0#!#i%1>~u%OvJLP@MrwUF~lcTNI6wpe>E>(^aW_gnBU5`qND-(l<5c{v{pJuHVV z>%hgO$NLWuvy`ouVPHhg+eQncVBz2$Ysn$2&QU=b`Wlr0id10{%kaqXT^0oVNVLe3 zq=W^&;DkUP@OoiKC+73Gne2V6sh+xiZN8dLpxFM|f;JRmdwR(68AAQ)2dbqH|CBM3 zg@63e1N7MU3pZmuN3Pmq?MjXmD}usyrK)G0-CpKL5aOQ3hXff`D%)kvLhiA0eKAl> zo#=*93YSzE(I~!)=9k0c=rw{Lhx{D}Wg*-eU&Hi5;mHkSR?x9n`f>;RczXG;8e{$6 z`NCBBss^B5;4$}-ha?kgvLKFLH9jWXbg>KtkNG?NtuV65aAcoW*tNe zJ+S$#0jUS)q(1OC>|h7U3XJN&uaf!a+t~!wQe`EA%cl*M8eL#}X9Xkx6I}o-Nr?^4 z6HPU+(jELMg>TJJ%T<@8V(b(;Z|7y~fpu2QXZk>;GQz)4&@cQgS#v-X)c*^;RqI%}V(7m;&FVa*Cs!4N;=7&}XbOg>;6)m}k~6i(?=PUChQL^IBFZk~~L zuU0lb3~9<~sNm~H1RD8`&Uj~Ho39@<499Zgmgh}A3Zg8>Kyo!R!)Wh9BZK6wi?J}x zAggkU-Hu0}3J)=P3;8pMas#MSzQH0VT}+Q}# zYd!;2n0Tt;DvHP-ej?tL?3Ur^UI&s~4h;U*q_Kq@h@^9BoerriGR5i$o z=Ivy`TEM`Px*VvWLdNH|Kp}-LC2?*Nn=jx6vCrJjSOv z=`MZ2s7sL-yYt+uw|qra7_W&yt2Q<&=f@sdz%A&y~q1M0Co^%d$c z_SV{C&PxsF$6_UOIbCA-dI2_ThDTrLUU+HWG37~BaW&Lmk9ptl>fh0Q;BY4V9P+0J z#`}h0%WTd$%V`Py3y14}8kY4&)85}Uz7wA})nYhq;`$mbYNQ}pB)RDN-p%X*vG)P^ zAzAyIK{}&1{Q-tgf!eLP=-xlD?0OUG4U`N`l*JZOSg$I_o)$05NQD}t05BUPhAxbD z%6}hCTl4%B=S&^saC3hd4YAJ8aH%}faYvd=W+c-5R!|q_DBNmF3f~$Yt zVE=V4iRlzEpFGl$3`b_a#2k&ne*Wn@6>L--K!)Vf9%fNhE&+mkd`)3D>Vd4;KT6`N zR{CDd8u~L!!)_{Do9-N(x^h00S;C_-Pr?KZfRo90R<85Pp#2cBJPff)mgkN3H&n$S z@D{T$d0sh4D-f2FG$Prn(G*xRtXt~$qgD2@JqDe!MFmrvxhhgOFS%Z9XFm?3jAI|8 zY;?NHuLj)gFQr_5Z#Zgs-&D8=7b8|*xFt8u{6D-x;4nO=#h5^O*FZajifH);)xkMMe-#le*1GMvBk02-lv9X8=I3Z;}U(=*LUenNQeKx zTKxk{XFqJZnrT?&GR1v%D>H%)Xm|&qeJda274RM~L8PTf{PgWVN}zwr)q`eN!`*`HE3Cc%O`Z=Uz86PQ z&@Rn0iqDFNhR2@_mVNx0;%mP~d^!2My}ib6ls+e@U);u~xoTMch4b#$^F6_XvlA@a zTZup{<%_$9blRSQa}lkzHs`|$o@+Anohv+D?n{HTHUtKRJ37Fi~Km)ifr9Q}9s`Y#Lqbp~!MF)!_;?^LYw zB%@t#8g;X;m%(?zI`YY2K>e^7-IQ;85(pKrcYP|oyq1@O=d<sV_IpV1wTx=XyIrw|0dqw_{q8BmN&u>$i9qoY#?^elkCp zQRjZLdl9rEPZ^27>Fyph73fKm1G~E+?PfOwZc4fcGuyl}4ZGzRB8lC+6W{plqbF_8 zf7?29QjhGZFH?sVZ3fa_{G0=d!RB&0#Gb2<{C<0w+fe6q_d*H(pQLQ}Qr&}I>`1&- zKDYzU4_zLf=UTmeJ>?siy7UKD3|?n`qjB$V>8g_(?mJ8l3d$(?e{aw7IusJ;f9^Sw z%1dhJ4r9Aw09fKh<6g4Zxa zku(fFjM+Rox-AQU(!MDI!%>3ju3CXEK0p7!+Py6fm>I}R9|5V0H{HdXE%|fBsd&lM zGW8zmAe_Xboc0}l1$ys=gLS4vyO}lqI^Ul6jV9x3I*JL@rxvNjZxuH^0(HKL)J@s& z7H`8|jE#ic`Nx$Fddo4w{05JciVlJRlJ*@n?OTZ;b(|BTat9N&IQh2oo9FnV9Da|+ z838BwlNP)Ct<*uzqRvWQ^OrWx#hjRfoSMqrZn0Dj=ln9x8|IzTYu7oHg$K2n%jR1v z)7elAnzDEsH%RfC?RHLxOMhNo-|$L(TJLNL<=(X=`eShn|2oYAkL*UDDz^a&e8@XI&ZAOAXG{`UOfm6t-`vhMZG2a82LDkH2Os(UwG3p5KK@o2j% zzdZ@MtB)g=ylmtm2tussy|DEMBUly6fep3Jq7e$sqfhBls%BaHxsEH!MQQVj5xR3; zsw+ZZ-EX~2!!igbWCyZi2(1ONr%(#pOX`}GL~|PF$6U=Hq-HgH{eBup^i(|~&1)e6 zM4Ig%sMOR(@O|6shl%Im;sKku2CcxG{T8}4ZgKwX7xG=_yen*%Al&qqSlS5(g(c{ZnUU~WSyoe_T*Aki~F_- z4ssOM1$xfoF9JtfFFbClRzMi4y(lDjoElNdy?#5zPqgmwRcB=>HxwBrgGlLb&!0+;Lu0Vs1=oFki$q4cyHFwJ}t~{Apk3ji*f2R%x9_ ztlHQA^=IC@1ZuUs5ka=+Lrp&mSMAzU6C+bLV~ZhFS;Sl^n_$*`zr)VV{G_7d(FM%! zgW6<}eQdr<&|#1`C@+jcNi^oJ&(7Zm!|x07i)R;qn-1X-{kOUM=O?NbjCImJ3(?AA zyI#x?u1$7xDl+9=xL%q(?q*3B`LGQ`P~}kp!;Cp$5*Mpma1Z?def0j;hs&`E4R^8Ps0jMpO3L%2xYek%(u0A#o5uR&70b|xp z1+&gO@7c%xtD0#SVG3n^&RKI+VkPtrw)j-l?6AR_(ffKL_P$rU&?yk@%JT&Ioo=W@% zLRPwV{6={3&7flVx?uLWQ`dhfxxE;L_gCx_RATo`k&>(0^NSo+Wl(9 ze*as0v+veb=Y^GN3&pMuvF9~KX<3@6I~%(cZym2h0#7q6!|qYa*ZgE(by}d-St=j^ zFt$dP^GdpN)fRw zE=Ju!y>QA(6IA4uHL9xo}9TjmB6O;1hRR4`>CLkiJ#PoIketHW){CI_aUC`vX=nO9R zW>)SF9OA$2@$YdgG3MZ3p!3O{BoWN8nvtypNhMh`gU{z>paRh4zNAX!@R?*{AW7xR z6(P!}+VqmCMutr=7#-I_fzB4rSb@y=d>?v3S<-Le#jM)+kgUoH02s#9Dbs5&mA+zC zse{lg?1jmE^OAO9CA`aY!Jdc2sqj_uf<=iXnfoM;MetQaTHN9Mt5Cd-bDUq%$(xn> zlhkW?WmAt!{oE3p#mZk!L36z;y1}v~Q4Ia$?5|a-Tgf}RTXI{+S)uc^ecmmt$y!?2 zPn$EKrNlaY749>b!NPhSJvJ2DA^AJ(P<5)VZ=A(@$);LJJ_1%q47T`Cw{&FgCZLr) zdpTU>KTm9ym#DE|mr7!|)V!ixm$%24GgKcO?B*dBbb9Pcg^5q&ji?YGXxMEbL@G{- z&%e}*sr^Ep)vL1swN$1nRX3XC2oYhc2`NhG%A}=_#A_Wvo4O&^u-?d&C3$2YLF zX+msogVGY6O{`R{=B>&^Dm2QH6?xITS|wxg%g-RIc8aTZyT~6i)GnNMUK;r>YJypG zh1Fcv^X`>@U}YNL*B zW=nUr1UOPx$%#`A(1jy|24UfUZ1MbS6|#Sfw|`@6#+A>DP7LQi zakRH0qHvNXyAz2Pc;l+Z2-G7NGoKC-qL=tXvL2`~fBkzr-Fr+uLfepXXYJP~J0I^R z#o~R0735YQR{s@S{&4%?zUeot2OdtkTG>|3p-FNcT{1`s$>iGnfT`cD-#rjI75Wkj z^+Z;NR3i0-@6+8Q4OQeR)lJ;%>?#C?(sV)+3+JOkoEvfT_B=&8+>lC-v&-{~0`2=C z*9?Po2b{6#0S;M~y71Br)EY&TZAIh5F1_EjS1b$Vuus!)I3+TD;<0YGQY!*&=?RA; z{Ehpvg$_2BhT@4G06Hn3u4$$7gdGg?&WW@_^FV@DQ2955RJun}KgP*l)u0St*P~jD zf^;-6PQ(;GDQ`yc$aJ=S^%lLNClTxPu*$5hbCjo!=Sx0%O%4YjgdP|^kw-^I7PIc7 zyGVSr;1wOkd6(Hy0$o#zs0xoT7br0oD2|blk&(jUQ4v%uo)#loPM&q18GoE^Wn(+c zGmT%_#I0OI&SMDhR82Rn@$44uQ}syRRoPNzM*UdVouo5(F>!4eV*g_PO6Y9t$c<7$>Bylf-Fl*#Ft#;v7}c;g%Yuh}Kz`Ic=6id#L+BH@MNA@in8 z$1U9xXAD>747f|o-p~rA{N$kz(jnsm3RQ1SKdV0=I(U^zkgXd7{PqZc?Czo-t-W;;vpnzeUP$ zX&GQ6fy14h+Tw~}ThP0!|6&Z9^3^eI#lPt3t7F3~twdCwDqebxegI*GoX4}*N~F48 z6k69@800qhDv6SPMkHI>HY?4>R-Ug!oc+`qs?=VDn2(JO7-_J%#avKqrNcf?t>P>% zFknbEDc~e4tI`*h^7!{R-gJ_53{sU9tv2Y~U~c2yX2A3zo=wEb`CV)~G5h%R$`*WL zdHqGQ;KT+zL}((;5jM=@HLT@8sAp+c^t)Pq zF+6kP`4!$?#tc7IzKdwE{41HiQ2T#)(#AzO?q2Oh1YZC4*&1s3iu+#}6z`X08eO|( zw^n^<6D}bn)oPWNU*z*G_F360qDiTbQ1^R*Qa|)-o%wn zuV!4r=5*01&VBMDauF65p$cRed!~i$M!O0<_VN)!t&Sl?1RtiQq@J;6!>}>sq)eu| zy5jZ0Ut=aNPocq$qY1>=6pdL6fzE{viRk(97u67DcoaiwA zp$g?U>xb)zW`AG3KNLgLtU20#;nz`a=2ftb<6Zq9T_fUvYOX}|D?jl3dIxyCj5 zM444IgUu{@P*gpPOrfL3;yJ8~JOI8I6vA3EG2h=h>ND2(V_PZJnZ!J-X*nG7#xur7 zR(%K3++1H>pn* zMJmxZaZRM7BXg4UdawK2McO&%qK|hGQ=0LlzE#?pT|nxzhf^zhHwI_lookJ zwrGQbT47Xtl>8oa#vEK2^2*kvw<@H|(|v)sO&)Lka@WoxX5mO7CAXyzDt1znEI8hsR_X zf7AFCs8iTj>-(AqtQUznm+Hx+EX)$#pH` z*)G3KJFHRzgPoql&K66+Wm62zeW{%1d7q|h^ zCE&_6U#-N0=dm^mJPDi)JG^s1$jJw9WLNl}A)WzMSZmzj%oWRnsl;Y{t(SBNm! zbnt662f?@&#Th^fzKhCS1=n0eo@7OZ{i2G!%1<8wwYncfx*>pPvL%`NRVE|r%o3&n z?M*txejE_8Kn1h!hR{&Q_N2^Du_G*;lwT&PSnZQlmyVfqJ3|355(bYu2z-J7dwBug zs7UO4gx!^TmfEUO9T!O^^>Jpkkg6R)o5`}IV1a8aK@3&2!NvQVJhq!u#T}aWhfwNv z_g>0`jeLg!muG7GN*R;M+D_cc0SIhwuzWaItK0Lg#LS4#(V5jE7A5E|9&{R%OL}~z zzc=hohqBXq?5r4Eu7Nz$^Lx^mI;#a>Q}wVl0|=GIf6e^m092 z5bZ{d=DjdR!RTdcNax5a(?0V;Y;tOhR11%BRaXw5nSFx-xwYMNHEJdn6bo1w5Q-m9 zS;aEdh@3e>=93Qw6^2BNr5yGX90Sd#`fuomj?(X?8aW-Ui>x@ySyp48!kxEZ!zen2 zkaRTgCE6#Y8Lx7di@|p|k3hw^Qb_7p&~XT43o~-lEwndbH%J8;hKk2%t@#yTI+Gfz z<(K0_OQCxz!1XY>)h->8I<^&-%&X)_DTV$T0xMvf;P4kUxe4+|7Kk1E(stPgI7V>FLpF8^8V z8a_!#uTRHjl*{80NE|S;=&b4elFv>kkWpDZGs z$ni-3XaTjikc@fO1?uAjiE0^SKfB>W z0yOSsc~y(GBHDo|tl{FDQ{C%|h7u)#+!h$ddIEb}1}wvg9BS(%bz-L0yc?Q%s1$j? z?kanc5;92fxfWPM9u-UB34gh6rNjp^Q<8JptD>ALD8BQ=jn*<>O-whPr)fg2H>p15 z5uoh>!88j*UOT_vnZt*r-w{pc?;J7rJ0hh*>fqGh=lj!90%Cip<5z;93d+q=G1Zcu zdJ7T^PTuKqb-GNUI&az?^k9yWJLIv}DD#H9s9sd>Vd2W79sAgxpVwQmA;jZ-{9|22 zZXfL|)nl39ZIVmliT?5p!ol|)WjYhFKMUdVY_CL9>bZmAz=GAEGAvB;ZDr{l8kSr| zW@WLww#Ss_CtV(X0FA_C69uYDd+$N}z+6ZFO6?Lly8UUd6Kuk^+OT;s4TN+OH_l1zMYplv73J= z;E7PXj|jePr|Yw-S%Mx7!QUaI_9=Oxm~g+?x4k@dgPY|5mfo4N zOqKmhC)M9-a-OrJc<|1p!ND!c&dEpQ4m#w;A6Um6&)pU_hwt=YeqOGLwUgpcqVv)T zgm%rfB5gtI2OdMdg$Aq>d6BX+a|=m7vKaPcFhY=b&j~o83A_6QR0bg{LXJ4%-)7=c ztS)>~xqcCQ+rbqRJ$0Q(Vr6-ELwk9Dx1b#O>7OE$AIFw3u~Yje6iaAdo>L`INbU1I zEo`cM+QV2<@Y&9;WERFg)h$wu0Ex;A5R*kAF)}<9zE8J`t%_lx2CToFlVdHY*1E>~ zE8XexwIO$&#S^eqiO36iX!-PE|LS$=>W=tT!Sc^}1O%u~MgnU_2xVzPV{QJT6P(}o!kYde{oZ9L`yox>!;8L5m4=tv8WhmzA>`t6NcNpmZ-L4D{mQ+y6nUMIPV z4s@kDl^Ogq7sqzbI;CCxOiJGl#+UAO<;+V|54hBNt4Z^kimgglcr^PClbx3l}{Dk2ZGlR#RFpb0&Suw+e|}fk(s4-OFYuD)qc{QiGFv8`!CG)NQLg^))g^{?cNFE1z>0Yh47CLtCC*WV z9L~CME;)>aqaiQ6LYdA{&bVt<<2XY z=nK_J;+5f6aoMr9_{Iz;h;AxqL$dy1ukR9B<;?cpqtQvNd3HkJ^~;{CbtH}mZ{@W> zy1P|1u_s<{>Gt40990>u?$y^@^0jFZn`W_VT%yXd-imCK^rx)xXYJ4uo_AQ?K7PBZ z$rAW$Z5C=Do_ZfVUwU479rNRnb`43p_04>yMf9h&B}GYC;cPR4V2lwWE12_!=Y=Af z8r9a12m+hD{5rs@rZNYo#piMR3S?N8;Vw2v7%AsAk-QgnUm_`4dM1}jsP34-hDuS? zK1Oycj?AIIhiK8%eb_c3BYUCZq&sDAjVUD@ zUO21iZB4E^a&CV9_Mx?rD$Mw29MP3?#}RwDu@^0&y-K%g&6<&?^wZCMZgQ;Mv6^M& zade|7^72F7ZX!P17eGI&tq2jj9j_eaXRX`L&G=#^sN=^waUMKXK9r`Iei4!fdXFDg zW7mkkt7r;QWB9p?XfJbT7WV%x!f)N7dv)jYXy0_cbvf7kT)KKr&4;=#TqXzp@4fW>z%%zfa3rDWTK9_O-FjUfb7BaV0 zTbDDpx_xCaGaIXR6ML>+8!;f0_JgJo*}dbSI1gbvf*Z!^*ehr`G$OdynYn&!AKt-q z-lscJ4mxHkbv5{<`nmenEX;mXaLZctN9Q!94{x$rs0-0VI7EE9?8oXvN=vKnY7!M= z=1>Kwx+O*?8BwO7CB)u*GG5iB!tku7XC*qxOYZk;{pzBZWxXAWOGJ;nUaW4;tvQ6O zYozhz4e0gkhrfz1!FkX*bw-ek@zmEY&3}TXAx4axjaKH_v$7R^VvrbuKVV!76d$z8 zSF}hR6u1ujWEc|Bi*PUC96=~i4j1b=C2RP~Jf$W!QS>r4eA=Q|Z>R)7Z)=EW6O!mB z#c+ecGl{cW^`yxcL84QiBfvMt=Pa>utah>0VbjKfg$#FXKE<_IwcIPxqCep^))gBehi9Q@alGx*Ih*>mkYW?qQy9z;?9%Q5gX-< zLnyqZY=OxA*yV||CP||oRrF;VYtEa->V}5hTN7EG12xSL z7iO)h3P8G#3fL7r*xw2|3%Yd(h? zqFlY46Sg^iiY1ccZu{w}3?0ZqwQ)>& z@958Vc8`-+pV2TMh@sLwN}wODr{6EPc@CMpU8Om0=Y>JGfy1d4QHOy%CP^^NsJ&3b>(j9=8<+|K8T`GQ0*mFRDooz`(Qb{#R*keo1um_g} zxw^3ip%!i5%su*z$o%kflhCipxJusNd1Eey5Y`*6buLxjj9`G+34O|^dS~MHBcS(J zVpdcXQfFB<%}5w-k3Bb#&QJ+7se-(XZL@?xwhMOpDMlk#%F|F2jsf^`b7QSC@JYcu zy|LtOlKA$B`zCeIZ&vUnTf_W?f}qcg?k#&Ug}=!E1^YC{AeX=vrjk74iFsb z&snTg>-QOsalWN}S8!D++52Ln=}rx3Sm?LV73wGuqGu~);n7ik)fB@!1Hh~B|K#uo z7NNwO(B-nE`Bw-ffqmh;juOg){4VaL@1aElHM$0tI*T;laLr>@#Dh{_gFK&%vitH< zCKyEkq3ApZM-jHjDO*Y#>?k41d7!fGjhVY%xcmc%9*)hqWe3@+%;$N?r;dr9(Rrul zG3N>u7xXC9$3Lf`T)5HS>GUi1q#Hr__8RSUdC7c$`0{=j7}t;9`<7xJ(O^Tb>PECp zvL2#ePbt*0v{u#`%#0s0K*7*=2(8A$b5W6j>jPzVJw+JN8>JQRQU^((2FXIfVP{oN z);3+1%i`(jU)e0R!j%{X!!tNU9^}2Ja!!$dDN(Gy6U&%Dp02Hs@kAq66DBB{-~^!U z9k0X=diVDg?SEbH*x&E-|AQsU-49!56!*VAD;g&x!DFtBV_A(RC zr?D|31W74Sh^q4OP-EV&B|3!haMWs?COEwaH_so{x+P2yBQr$Sz}!~8+ai0$QI5Oj zZVcRs=9xQ(;I`~#3FPOA&t|sgE1%&87{}X| zTd{vF521E~AdJ=78v7errqe2F%}TQz>0rm72j|{?HA()x8=XPax+Y$lX%)G`$MLnt zsLv@0RG~8U0KQtx`WTQ9Fm+{`LiNN#a8_A38A&)^Av{vXI~V(_^Qx)+9DMHo(&R|g zx<4jir*JgNE5aLCjBzJE5x(?RQ;bN-#i! zVXFp~%gT2r$!@IL=NqMKf~%w7equV4-{j@o2j#`BqLo0>RxyJ$`XK|)YMAUC&2_u& zqV@Y`TIu6EF?z4xth2EL4XhSD!bUKUCbp;;!x0`K?3QJYUgcU6WvWl;i{$e2Q<8Yj zYQTX>rj*1S?o9IZ2|e3{g)|*$$N0LO#sUJpVn$=KmV!4zgAjy!mh?((m00;r8;9G1YB>a6vc58brH(z%lIz zi_h9UToptb2S;w!g0YY}e~VM#~Xhr4R%AHH_%#+=$Vj(9p2*^_K?(K;3>I+i-} z8`awHAqE97)lTn)n#DFY3zkjGA`fM>{5sHYIsclTd(Mp{y#7m3?_JMg~wLd8QYE zGrm!W$R{aR^1tjemB_SY)>>OkClGKzrmy@)BXh7)nH2o6dQ5NZM>6oCYU5RgzrB362@p*u)T zAs{Uj5tW{RbV3yb0!r^lQRXtA?p^P?Gt2wsuJ^8+^YNU$&pzvS_SyT{`#jI{-?hFf zu>87Zo8*ol;N!|q!jS$A4Kr!>MtG3Bf0^5#Oq-u<0gYr#|E_Q2BA;p^-didF_n>I7 z5l})60EL>ZAQPa|_)(>}HMa@PL;|((SglH|{cR(1Z;>CtCcvU@5Cr2lz_M zv$+klkTxhFMp~p=xR4rB&!n&i(;N}IwDA?vU#aPt?mvP>Zn&O*4sf23hy@&7X)}LJ z*&A!OA@d8guN$nnP6~*aYCex>8HWn52&N_6B-#;418Ku&Ir;p*&$2cyKIQV)Eg>74wjBs#e_!sQ-}=i0ivDu_CF}bZql{LE;2rW7KA1*3Bm%cRm^QaS zbx0ZoP@|_T#XOz8&vy@oNjAnP&g|(~x*&bz`MLT=PfVO1fr zHULw5xhwoL)wchL?*;w(Zrh$rlCb^+fx0@d18o zmyr;Oi}OZ{kP;#~VQ|Drw=czo(Oe@IFc~YnZClo{l;B}0^RrMBgrIs@XL4Nm1kYfsWeC3Y ztWzeX%!f0bhhjdWWan~rHjGpC?!o}@)S0^4++Ez5wohL&msk}p$IFeNUMpg3E~)%lC( z2f93s4qYt$nu!`>5(@Ob_`YaVSoA|VL?x8|sI5r7QV#xGHXlGR3!!^|+X&_itk5Cl zkocFUjcw~b0t1#NdcbHl4qhjviUHX|Eeg{)6>u{#ynmq@ZSjd?z(0d;t{Pqcm}v7l zGqSo{Np^Z^+go@vZ^I>1Err@^&@BBe#9+ zD>}vNFEPP6CcjQ9iK5PT+0jM6yDJ?B=UTq<7G=5&l4$0^Ft;SXzaMbDt=5$#VV0vH zbS7QeQLrTmr#vpLxV_Qw!t$n?IIk0=e`!T54T9}YExYsde2Hn;#`#}DYFvzYqskk( z+t0DsK@?}do1Ths!5Kko{EO9YN_s_UkByEbO8EI$IEQkl=+<0*nC2MlRli8f^_z_W zgukBQ^>r0$A_X=|CxN-E{e3+w^%4Q$<>UY6aKA z7ii{o#mu23v=Kq=J{}a5kM3Xo1*5N6B+L_Y$2s!}(I)~fE_}n42d<}CHj;q_TV%<`UBY(C|bt4=0@Ac5ZK)=XECEE@K_qi3KrPQ(%`!aywH z2IA~XSir;vCmh7-%}f)VWR zkZ$jkKh}Tl;%Jh7a_7#X;$#J#!^R}sUlxz3F=Mq&tjaf0VBL_l>I_OQ$uJUsRj2f| z;+Ed~+EQ-~{UCXYs3--oc`rXZRFh(8Y#&N%T9swRsY!W`Nd-I2QDjSp1oZLF4PLQWJ;PYl?aYiCzZe(EPYFoxe^v6x z2S^7~$2lOBFc6n`_QrjqLfb6Z?GI3ML_yO_Qt(_RuxU1OTxFA*I9Q zA!V=$8u4L3uuVqqA-pnVGPu!}##IMb+*6PSPC#%-cP&~h^J3=~Z|QY=DD;xJ30eu8 zf|m(}+Ru%`9!jJeM#?U8MTXM@svd@|u2h=D-A04C#jnLq>NS1uPC8KQjqX}p09DM88dD18NHvzy4b!dN`H91t z#}XyOx@;;Y!Jj~}>LOtM{LAeGTU10GD5~{_y2OnGD}Wr2Y_S;(*?+U*ZJAxPYgApS zhYT43DK#?rayNASMa~T)M8L6~!4*9l@^KZ77t?7PkiOhBVpO5 zj2Fc&4lvAKgaJo^Q*JlyhapROYcE-BkwiKHk1p_hUY;t8CU*w$Jv>hH2Fy{k`km32vLlZpBKESp5adqJZt}Gk;MuMV}NBA&ys^j0EEKa(l1mVfgdHq^>D1?(3dad!BtE-j|KLc{2YyrQ-s!hx%f}gM>-`sAeVgq#;A*Kv7((a%96S7pwSaUR=Ya(UjLhHiu!Qmsrk2>?7WntM zAZccV^hqGscv?9Fp^;Z?IxHDjG0G!<_QV&yjzf@^yB3M33mM? zla&aEsD$c7%kluuZZKA7tQt2$IxN^;z9?)i|Mc%r{HC><@S}zF?cjZTW2tKGi3C;V z!`KGRw@iG$$2&e{JNm00v!OgW%xR&4)Gp;Be#W)REp_PiR;Ac4{sn;PeRDCsT%x=P zuqpo8+^IPh<3cdU?pVQAXR&;E8Yor)L%i(Bp%`0Vrri2)LZ%~S$K(^=pxqx2lSN)j zij!=P-Of7mikt#mV6?c@8pO;<+1b=O6_%9aLLa{sAF*-jbd|ro#4Q_@-oK@aD>rMf zNmR!7c-h#?Xp?0LqJ2W6e3qYlSU#pLi(aFz#2?76Tb~{MfJLh`Uk_6%?>ur<~nL1Q>iYp=jKPuG`cwmibuWLrg(& zn;ClPVSs~es=?cqO4OG=gxA+7$>rccQH9km1y*a#?(b35V3{$Uu}nO*(x?hw&?X7* zm5>5dqb(a(n|oXR?M*vMo_`uzINE(h`zZdZfJT7#s&tQ|D#lUdF&L_HG+${BF=}GndBlqv#@z0+BDMP9l(?il-IdvkjX*|+&b|s_}u{UQs zbe&*fHh6otFLy}H0bG!uM1C2>zuI`fVIIyEy!{5(|3Y{(t>ZO=DG7OE?Q z`CTklAX;Xz=SK?<1ho~1g;KKwVFK)#i5TA~_BG>jwwB^?C(4kh8JNb47%cqDGZ2c7 zY-R1Ux-%9bF#LWuKXaahngwr}B#d2D95R!vR;o*l zIzFOPIo3}P?mhikfd6jg1fEN9CUnEQ%)Vw>)KH`|hS;U}@30-@6|RC#kL1Xs7oh#) z?mlV#$5}H`uiv=CN{@fWAb}oKDzY&NxHwE!H%KqVq{%C>4LKevl)|ZyPs72e6~}X< z5A+s@#fc@cvD8vuY>Unj=kfFmHosU$D@1MuRD4eNk~Vfm#9!}Fns;5rj^ix5DD&j& z7#sWHam2icAGStXibm8On)UkqsB%Ocgt0T+57BD1KN^v zT(t)U?LLp(xO}Owd4p(gHE7+v-L?Nm>Z(bVaf~xT=qrFcS2cPqDx>4?;QvG%%->c0 zAD{mjryC}wXqm6mHTg zSK^!yW9D<8Ku#?yKOB}oM3(9rljY$-JLPRo^%UAb(gF$0o zwafYcxL>bsXYTCo4v)%fDOWMN1WvMb7Qsb(2q~@D#i2aqOF5~vceLOxQn%q3i!ok} zA<*TxxAAD{`YkUD>SpE~>srKuznXf5cDEEZwfH7BH8)j7^M~&Y3!GTDD1>|ArW+)- znLSkAi@Yq#+D|cF+$f+3>EeWe@8WwVw=YVm`x*cc3Rg)J25O5XhN_8 z-e(-XZiUR_)+YxA{XS+;-36#4$!sbuU!+lc`Z67f%5RJP1FSsYYo0!$A7ypNfJCXG z-xNEgIw_rB$!Um-MtUo)uUhdFr~6@!1TKm^K@4usJo!GY#V0)Wb$GraF>bk9(7zHCj6%Z`9j!Zwqlx zejxjmt%~z~?49shoDRPF&R*4ksMmJVt*YI*){Au~sF`+=@-v`{W?=o|cyLvHYVOI^ zyZ_w)al!b9U_3Q*u$;=1Q4m9v07~6^?5VR(BVdQIV-nsz*Y0R9pn~j{q&kjcCc%on zqPimSQ33P50wi=0%aAU}-N;r~H*lanX+2D0!9FJmQ09CfgO-#l3L`e&az%YTeI|f6xX>lBKC$9CFxd9u{B8ADixv zS9QH0q7W~0qA5;uidWs>jm>9mFsA2%-5=!m|8n=!EUMog!54&9T%Mf+uW4waACGC4 z3SQp|ySu5ay4fpmefHBvazS);9HVIla7H&{d|Zqng)xx+=j6ngJ{XfG!&G1xNDPaV zVTUtTAB;5@W2MPhUmx#T{9iH)-8*LMxr-D1l?k516OVJ3SYMI*ew?gxQfy4Es5;hB z0%9AANL6^hy-7Ef;@+>rSS-#y}P~|t#=NBq+wxI!Vv^>;tIp4a}?0=a3^zz`^S-IBY+$+x->wk1>UGR7inl>}g zd*S_*{o^lJPgmb;>fCVudit|>={w&9=CPb<#9q}l^Sa8gV_nCI70`OccWBUwJ^rP# z2|CkmaiHyE8BM0|=XQoy(M%Z22I+TPFP}a>b+GhJjfv4P12v;_{ln+PeD{V!u}53k z-oj2567+8AU3^?q;Lg_B=D;Pk!1ayF(I@;b)gRr}7d}$e@ZS6ENYi{UR6kIb;xFqB rQOG{^mox+8U=UysU=UysU=UysU=UysU=UysU=Uys_*Vj_{~Y}ff)G%@ literal 929763 zcmeFa2e=!>xj(GqZZO4|V!AP%<#@HKD;pbDeI>2Ru2w4v2yB&hS6XdTS!FHlmtV-fWJAC8^mx)?)^Xa|9#)t=dqYGJM+%WZ{B(5Ei=oi z=T^Pu+B_A<@xnb9S`}cH~S4DdcC)Q+b;oJ{zTRL}+ zEG(SM_z5?mN5s0E?3*Ih&ldT<%7=ux`!CvPzux>_Q*VkkJEzxdXx9AR!np(D^Fewn z8=gC7P{dXj&c()Bol_?Ab0RHMoD-UdjPh=`XHGCQj}5Q^Zz!Oh@*BlQz&p&4`M%IK@ z*V=nMTB~b(ix|-oWXbt`J3mN?e1znMFR=GYo-$b+S-v!*4EF~q{TYdB)<+Fna(^$d)y!TDWTut(I$)!KSvkPk}KMY&eD7a?wRU9Hu5-&aj)nN8MSl*-2v>*}q}{Jwf}ldXx1 z;E)3QFswkS)f8F7!dNYaQCJwquqYfXU>2RIcZ5W!&n7}$JW8|)4D%J#MiztI*x(6c zp#0bq!}i#Ez``)(!=h?jUm)gn@ndaYVd0q6|MU9z*Kbl7x!a6UF5 zh~$dyYMF^QSO)0{@H z78FtaRH>nhm1cE7(BQO`N7VdjMNczLJs|6b(Y8!B&}oqvhJ)eb(QpBYl9)DlxjR73#t&Oy{M7vcb%F(An1nj{d$U0ZK6o~^JGJ)FeRNU z#}ToNkd10nXt9iLatWl(dH$>64+uihMv7q?e!1Gz+q_l{NUD)jb(YnPbki^bj%^xH z2WA1I0XD%Ru`w2lqF9Lb8NqnDvi{G2;J5PrTYnA+ezT4L2ECd;G$6>j*+{8X4MJYI zQ4I2&(=sz?w@3@T-Y^KhNH$_gZ{1dE4i%SEc*x0+Zj~&PwLlJYEZvAi+mQ%ihdX?B z$To2<-ig#b>2|O5JwJxf#VUa$A6LUk+ewfOr%L*DtgR;^9Gx+OvY77H=;4qfjaDwH zXCiRCmWUuy(?DTPZ)WN~y&6gT5e6xB${y5<_fdk7;u4++1q0=fmI}kDSw>a38_kqc zu#;-Q{sBR~&r2%b;R9ueM)OjrF2Ig0IYqdO*}Mkh%`)87lBm)MHsD4+>V+$1X-Emh z)>6`YFzy$J1SNm58-hJ?FPui;R3646h$EqLRf1Sva&qPNztPa3hu_uOf6~x^;D(1) zLd$*~qVyE4!~;&liAVEs+>mv>O|`q-WC4s14^mwfg{^AEOgr@ko>of(g5iV@&s7v{ z%`9g^WyI;aRVG-rbJjD;*Mf#ZbC#+X#f!Xl2;rBFBG?I$@VVFZu? z!MKrY^i7_XWrJ-O%9x!wYQl%7e8zxqR zpjc3dsj;-ya-<+E1y$IucY#tSDk-=Vg4;#FRS87*j=dfb9F*xsSe|1xSm=A+(@Kh9 z)ewahYiR~8QPO~5KVzglgdkTrl&x|_Z(c9QeLa~@cUn|C>}Vxl&k^DYpW}@uf}Rc+ z$|wOP)kUhlLb2}&Dqf4TYysg)QpPUNLTCZJg=~M!vX(-VsWs;cBcCw)k9ui;$O|o)F3d(~X=55l- zhNAgYfRFn*$DuQPtkvfWg$Nslnm&i(6tATC2^J`WrwIvK7>*d zig`nXl&E_Zzg=~E3R2gBNZOD4agWbQ(`-Y`U^O?SrARgEWNp4hDg6P#c!pPdf^1r) z!H-mIt1!wNeYhJTVr4iM)(C&z$ah4fCsBD`Rg=v?sEI@S`(#j+e?FtI>~hU}HmB)Dx&e zQphhBdrU)XSq;)QNp1&=0@x)`zPAd-vdgilM_ zR)j-gcZcev6ZI||uk-_D&dI039Mw{bl!Yp2$@bOK9emKke!J%hsD3=6B{e*$rl~xN zW#Mv4AW+keCbQEjDi7<$dbeN9rrNU9P5UF|jtciDhMzrkisgpTwmPAjYRe-91 zdyq62N(=~Q!T|!(qy%je0mDq=fiR`?&<>3oakh|kXgyFugxe$b)(Y@ z0X!AMWJyy5tJ`k73Bjoi2)0WaOLPJ{9r38KBI=K4Kzr3rowl7y2@m`1f*++VUWp+U zxY%}gRbWgsLv5-Oa*CverMy|JhXwpJQ=x`@*sq#)uf^282_QF%5SYruXe?#8 z6(mw~`%pQDr^39UrI1DhPnjXJ8p$>rg#fGv90sKuJ+50Uv#p_SV{_$Lr&Y9oi%bhP z$&wmQd3QEK!h)G2Y4cP>9OK)Rque$wD%Vl`5K8&kLlll4ij!8FCMo z9%ST^N+TV_%!HK7BL2P|<;sa#AuknVQYu><>$Novr*n+I2sH3YucahwfcN`Rsb?5w zpDVcGtP|;#iySw=(D4dvxurAZ2G`4QR-jKSX-lz9ltx*oZPjrS%A{GIwaSi%VQHNw z{g5vk%Vs07TqG;!J9)2{LoyD+2A}~!yC;=J!;Z+_Ow`RWIYhC&f)c3e**W@xs1t5tvgkAJ0$$?{LV)Kqqbi-3G2mU5LqWxv)=x ztb9D*XY)Y&#z`w*kOMIA4+axWu2V>cJZQ(GD|to86$16T7K6NAh49LPFqDTR+G*wy z-S(H<%^p(hM=MOORnU2cM-4q238e{JEM=9l(F#;$)+wMwC}=@WPgPV8?i1U-pi29I^=3u2#vW@K%IlXhLkTRHhgbt6H_^%@}RO7nAcD6G^IQ z$k%L0J|%1Ra!L-bm2I?()LA!#S|VKyQ9v#YCWQ_a+laeE`ch)NBQ?UgWC}04p@^l( z8e``mHkdN}1+^eJp`sj2_ShDgz!LpXrw>=OnC2H)A=P49fu7#(3~qEZ(xq za#U37YPArgl9HT{;$*Opt;Mp871DHH7;u!)(V==B%N8Ozh$H=WDCy0V9jI7kta#NN zYOq4C;*rg=TCInnAf^|kMln~_LS!iD@g$^ZB4q^h3=E9TVij%IfUlN?DN?O?u{K1u z*ho#z)ES}@&pLT~I4QkmI#bP;NhIa-`QR|-@kwqt8PX^Z?GMYrI74KhO0Hh!EtQe` zJwP2Zv%DGeCv~@nPWp=NpcEmxp^~8tH+rLmmb@V?02S4MR8&$zvt9PUU{_K6ikpGm z5EH0(a4{Ch;D+TZ8B_rWTZ7$#8>Zf2V;(#JQLC>h{j zUJ-~kp7NU^Un<@x2D)K~taZ&mj6p~+tAcE3JeDA^V9l!Gp?0BH?fT&?p3e^Ll$=3& z;!d;HXBvt@!>wAeOj8a?+rk zKp!R`2cd@A7X=}C5^SpFOqq!56}VJQ1Er6&LwvJD(hXTm<-JH)tvcDJL)R*`tN|gK zV5yZx38Ar0py$V;e4>!B`P6VviI9Y(Kz4`b+KEKmEvaQy;adhCY|3&y->tbZf0Xwr zO+-`CF6#3VMBd*Gl=*f>t`t1B9m$jf8sGPLi9R*J(5e>m$plJpHA+$XDpSWY9M5A- zEXwgj)5Kx~T~EgIfg0xxa2zM)rAo3I$QzBm5OLc<$1P?{N~Y*!(n@|nu&=~o3SaWI zwQ#$f^mSy9k>-$aGG(agY^olIg%oTkAtqH4YQVhIQx%BsWZErW(Gj=pQ+dOKD&1hc zS~iD{AjYJ$qUm!28228v}LYIS1y zz5x4+=_0Iz<50`r$%bJ8j{7CM3_%c9DL2^x!2m*ZGEKb)RPBal#B8Z(`>|lWS{nXg%vz3xO=!@%gQ&Tc}1G8Ly;A z8hkE5B2=wn8AHuMEhT$I*d0zPGD8$XF(4Xk3Mr!+=eX@EOlt99px;mRD3vafom9v| zCCiZPM3XI+ByX>Sa`~d50n?@K9_}fc9QO4DEGcPTOSOEVY8_5{%Vq+y8dky%<=Q=# zO7*H`GAK9+DBkqPk_IK9h7-vraxqWO-Lw!Z|Cb?UXul|vDmRtwT2o< zNyB_Klu08x?KX>9IN4~U{+#KN=rM&EOQtOtTCFf=hYGVZrZ5jMUwVc-ZZUU{yIkExv-wxYxVASvFG&v{8mxV@HWGK3wQaG|f#;KviE|KmGU(0%`5b0DJqSNj63 zZ~u@)CY5@oS%IWJ3YM%s8zrWI-QiUXn>1`)TqU0Eta&#l*zSvq!B^NOeRnHidiAW zXA^P3lkEV@Jr(Hds}U@mN-}L&x1oG?I4Ny1<&&dct^{*IcVETq zELCf^&7KmeR8@ZwQsuCWl9*xW?SdZkr_yPd@-!sWwvxb4mMubUFf6#wc7pMtiy#+M zQanijCo@+^@IbPg16pNFOrVHIk7-#H>v{uTRtiEON`gyBKkKUng7rM_=L{sJ2iy`I zjzVoxQ?a-;z_8_Wip6FpQ_vtt(LE5T)Gf54O{+_ZMYcS);m~TyqnBk9Yu186DW9s< zYZW!!8i+EV*6P=tMzG_qlkEXPDQHP(6^Egs>}x2=W|L+*0XVGFkjjLRgpg{t%Sf}= z&WPT2rJ5^X6~aRK8lKH*MS{!dcrmLr{mp3EPYms4F~&E+jtf;Qp-j_lcsqEeSk!&> zaFzpRFv~biJSxXvzDKH=UMe2;I58oLB|J`6R>54^I=7z$dNeWV?3AI8g z*yk^4Fh*4H4unT@tRn&IFr>+lD*EHqaC5cSnkG=7NpwD%|=N{Wz(^$hWpaFVm3|##ITT6$f{}~*dG%@Nhy=`7g#~} zv{_aOaLG`~jSO`gfwMh!yVMKN4IF8g7F+Mt`fSR$J+)_meBx|E&DCW zpLhE-Uroz9@t~9f_FlUlsImbe$rT1YWQA(4%XI5?S&^}7oXN&$yq*@aZQN8-Kq*T` zdkLBK0z;@@%;m{Yri4YS-FVv{N@e@rU^Riah)BuSIS)Ftm-TYGK&E2#dM#CoN90b9 zF0}}?9?!xZz)3AQfb^=-KoQD?NZ?|QxRs*K5GO z8ebw~YXtyh1Tmv1R)iD^LJJ0y>jX+%pp%S{`6TBpH8Z_fwN2H#2}Laxt*(jmN_Z>p z_~Gj`Nh@0bU780=~agnNJLD zy*ivskbc4{fRIxz7{aS5Kah+dFcBylO`y&-gLFID2;|rt2t9}ePY@`LlI~=>sz2R{ zw+lvxhrDGn)CyQbRV0inasz2a`oUVLs)L9Gir0ERNwOKQeT4OXYYHuSvV zB>J`ve4T1L-cT}`M7b!iitX-$_(f>ws$w-l@;37+IoQr+BL&p1Lpih93=(cTStF`3 zE?I8~$-Y-)JZN35Q-xr>7U2W#WYy0UTATTIVw`14TBiy)F28?I$=oS>U* z*_^~taVnVV=PfTI+eEj>*kPLJq5VP$_dBtoN5}(%53U5TXq+wzWm>Q+QMzu_#l9jE zPCv&|BLz&a4DvEGn3)9&~UJv`)8ZW}n@SZ5DOPMUNkJ?PtpLug*IHHvI81rR zk_<~0%>Z8`f#O#xLkTTaa1f|ODvsY)sWgPclq%MhK5ko$ps5W~ERU+)Tb+DuG=uQK;v`VGx7BI+735f?20TaCzNC#ZX?NwNN&dqZ&+Fic~zL zL3ER3(};Gw2@rN347p&HJ80g@1+iM4GsXm|V|syYlYx7f&yev>P|t^Gpvg8$o-nN= zQQBwc+CkZ;%8e%7V;mkYMYAP6RcGo0g1D#0h4Qr=Q;tN!K~G++!a2mwCQ~gCWDzTs zl<7&6aRhLj9OB%`sMu^Vq_0t`CRh{iW4&6$jHOHdOre_?>e!^-$u#`YxB#(mUbMZj zDA_88b&pvrh^p;m>}Z;dxp^f{;Z=q-8fmjv<|{_X1`Zo4WVJY;{l}?lq06wtEr9Z> zNyv^8akT*TBki=wWne6+cYy0&$pPWuRODXCXG7drdQ2!LBAF1`7uhHjgfjg+3-Wjm z%3;-seT(rn_`((FROa+u4L074?8xNR6Cx#%CcGH6}Qli2{W18OS3mH#^Z|Cuf zn@p7RT%)8*ChYHlWuf_%veamL+zO@H8IJB(Ji&a0_ZPWLCcqIxRYal_p}036wVPEr zNc5bpf>Rv9`9qQ#Oo$b<3OpaG<~KYJaCIBLx@C&#H0E(fo7rf9Mde6DOasSCKN8Fj z12jbp3Lz5ft|)k(ZzdbSO(?+N*g`N^IHnRH z7L!k<5_O8Kr_gj3%rNUQh?PewD}?o`9-KyibzDU7q@vb_R)8vak*E&h%3#Um$J_~E z$yNJIF`xv!7Fu>IUfje9@8I}B%?sxWcCX5G8j|Bff)xj*gKiK`L5xxdSQmpH8s1p9 z?X&&BmeAEk0R)d^5JP|vlngUYf}snAsGVt|vb#e|PS@gsMJ{B=RS+%*`8?$iEM4|-JucqB~9rwwtU?f{ZN+mIZ1=F3b zT*ENJ58{$awcA(2RzF(ExG6T=GNU0lXJy+K$`S*DX3lIz6do!H3S$dst?JI!rFNwm z?nu>mK(8>2-t^ce5ER$}@-;4GN(5J8)k=jYl{5nnow~SXd!kXF zYFJUP#UoD0G($$--ShjwQD29)gp7}=`iq#@NK0<9k&u)g#dNwj@W5$#6{6gFT?El7 zR?DH~;gE}cUgbnHn~6ttf_4Mtk0ezyQMEG-p5`jhn1oR3bmZF z)^tQKO)`GV)POw{uvZ5PK|}<&0Rp@lXt0fPwv_0ClMf|^V@03Hgao$EG)v&j9qlG! zq_0C?X1&pjZ}wZ^~oS z4Yx_s~?R0CDkr z%F|*z8dM2ofz!6=HraHEX{uQY%g5Y(o;71Bpd5OWnUKUmZot{g4S9Pvv0`0}N#8@umzJU9ycfNYnZBytg;X_@3a4--1uW$NktP%>S0IBm z4Oha^c9aNcxa0$C$S~@qcs$WfFm@^%CQavK7Fr}qMy{Sq$q~`45ISbmv_wrTg$Q>VXP}0M&uVO= zkE47xURK9W=d|R^P`7E=eHp`g8sX?!y`iQQmcSYbqtF8fBvjzqPDT>pN)YT=b+Mc$ zLVeDgXa`EH7qwdv+p2a|O-HiDuD_S<4SipQv>OfAh=PZ7Vi6;fK~0esVkj7N$kyXZ z7_5doo=Vh!&YsJ)=xCz{PKA~Oxdsu(GU=+?^df9p$NdpKH53lfc9;gi%&=3kg&bs( zrEng1gGDAd>9LqaE^AU|jk0AJIGhm@G9#sOC0^nDL3gm97gaJ4HZmYy1Gf|6kPk`9 z!2`J4o66Btj;&d3FJG-H1lg~Wc%+ie_-jyGPdD{Uh-R{G(IZi2qgi#FMkXeI3TK3=@I_qz=l0BY;Eg3k84VlKt|U zvK-vi{5l-45OBvtDN3jtkW*kS>Nla11NW;EZc9FJ!VT0bH9HcdvV#MK;5_qilk!Pf z$?=pSE&~)WI3hI_*yxvmMHO2|4NG-_71Q85;LMVf>7Xfyl^_!gA_Qg=&gSwUc;g2} z2Et*zau^_|4ap4$tE?Vt$6wCC*#;^H$65qRX?kt{v32C&#(*Gb78@(uE;@?e5Rd|! z7i(4lV}Pe7UbNd(3xlfNBwZQwfz){&u7l!`%thipF5#)G9x<1S@li<_>W5g44-p=! zY_=k;S{fp&xz(pbi!3<5k&$8%u@i4H9nK=_c04PUT5ud#S!xCN9?D~f<`6dD19;yrK+A;c(X8OCy?0)kd!$LPMdBK94121EY77B^h6L4zZL(N?Y*&a6H;wdM@f zfZ(_C{!CysV(M&sTd$gXI0tdt( zzL0OCCfb3UieFO^!(FBmie_`bfe>UV&!C5LEp5g!HaMyvH{v1*j?HkU$3zm%Zm3m_ z5R0zX3EKy zSWgWIhAKX&-sKQc$mJtik2iwAvCyRq8!D!Oe+tA@rE~{Q8xl$u;8q9enE7nSEd*dw zDs^a}%hm&+uWdUGlbr#laD^WqymnVUA2QJWvm@{D60HFwAwzavs-~OJX z%Y!4YV1Wz>!Xb6xx;q}j3mo6R;;|n*ytwks3oXOkZ{BkmP@2ENi!u9wOJDQzW=m-E zqPhAGP#)ZaYsj3*n$8>~IB)D4(Kkx1>&SirKY#TFltCY1MHg%P!RvCrS=5%n*88pQ zj*a1)y&c|{S#v7~+>@K%U^Q^ttv4!&65DRra~B=S%A*MHVOgI~7!9&wXw(<-_(wU8 zWkpyC&IAv_@HANsPJ?UvL!lNS;xTPw?`-AQ$wZYe}zH{a;AuOc`9`WE&gk zJu32UE)?{Svfcprk$k>U&K(Gjihh9$a3M70M}#%K-vF6^X^IpzK_0t98ELSVwP^L+ zuc7d*xBpT*Dw=Xf6yj#9`2#O@?Kik9IA2}|Ub_vDlR_R|6eYlBA&wjM`Mkm?$_0F* zAw=-99z^nidD;*Dm%8gZGg!eC5cSr7cWQ>6+yI#kwFZuDZg6&nM85TQ9f38|x8C%uClAIh$N}C?$`&~K z>#X-;48t)&L5apUbJx81cdzdau5-?3`7!=lWU+u##!v=VJlEu{>+(<>4QFwzz&Wk>GrHV7|}0=2qvB)S%RN6R}#7-DOP?s{t|d z1Fm-tiGH)zcT?x32esS;Di5{FbXA_9nl=sTH(Zhi#`5Jb>iFHyx!!kt-D^{_=JuDwpznmyI6m~ z%K!htgnr*%@$D^PSa!WnrwpXPFc*B71$-0+Ui(#;e-RLCdG>!Yu>sEhpCmt|HQva- zh3Pn4<8b|32>e@x$GK}9u73-Gf2;5~cm0pSwb8oo$^k#r!ns}W)woq}%qZiL$RT+$ z7soR(@R2%~Yeq67Ypn^JyIf7pHpxVIPPtN@Gxbr|1lM%e6c^%hvAm@dRJ=I$c{@B7 znPY)MW9fCzr_X>d-ht=I(PVzkoOSs>C^eJUO&feNFAqw41#nmdq>l#aM%UKI@;?IU zEje{8Jz>&V+5{a0>DgoH+Aux#t-US5MfS1$1IE%qQxiaXtk1g86voo`g7hysZ4sm= zW+-m>U9Ovc?sCn3VO`#Czj3)XJKE*C@v-&Bv-KFitoM;XS>)%90lN12FAJveJXQG zfXig92Bv$pH+YV$eb)^Cht<~W!&q|2*B~+L(yv`x9x~6h`D0tUCN6)(HEGtyu89X- z0N#wOowv;Nl51?`F+0CC|??+3r%_?d7L_;Z3K*XE36gZl$>__o;@OM^8r_A}YF zk!v&8mac7GJGpjs?d2MEd0au)0@neqm@DPVxr(le>qjo$Rd+RArmO2Z-1QUJF|OlX zzjmGOI>&XP>r&TZ*VV3TT{pRIcirv!lj~vEUtCYSUUa?YTIPDs^^xmS*UFKRk*On_ zjLaI@c4X&~-AAAi&j>oQXe2h086ih1BZrREMzoRk$l)VD8##XDl#z2rE*e=p@`sUI zM(!SYaOClk=SN;2d1vJBBVSCIIAO+wEhp?aVUG#$1aty6Aw8iu;ou3i3C4u}grg^% zIN_`b7f<-@gc~Q^J>lUAPfvJl!g~`|Omt1$c;eO*cbPak5uF&Bn44IgC`~jc9y#&2 ziDyi_c;eL)Z=HDm#3v`dHu3$5pHG@HY1X7UlSU^kn3SAEPvR#Tla8Ep!lZL1T{-E- zN%u~Aa?cXkHsq9pH>M>K#p8DIV zOQ$|Db=lN^PTP3e&eJ^8;?t_rv}r$`cE+@;rrkO1iD_?5TRDC6>AO##KRq{HnC?tJ zY5JwpZ=L?w^kvgmZZvbFJvUmoQE?+>qn~Va)<#!vbl*lVZS;?gH{N*e#-WW18_OI2 zc;mA+{{6-eZ2bDhpU>E0#y&G5GY*>3o^j%gD`wm^4^%vXhxDB?AxXmxOxq6!?w)t%K_OlO|EzUk} z_BFGgp8dtPbGD6bt8RPpwl{72@^+K9+h@DNcHQkR*zUgV-rs)9?H6p%Z-3nO*KYs9 z4ik3RX9seJ!*;l2hevi;vExoVCU(?!JbTAK?)d&rTkmwhPRdTF?R4i(@9aEl=S4fq zJD;}m(w*O(v(+4IPGinlbMBq<(JnjelH8@e%SF39y35MBd(Nfj{&em&b6?(dqg~Nm zrCm?k^`2cn+HL3Eh}{m~ZOLvg>^^;Wbocu1XYPLg?w{?k=N`-+$L?{{9&hhCdry4N z{+>(rd}*&u_S%0hW3P+%dTQ?}d!u`+d!N7eU-p@>kAI)~KIiW97&HM2Kr(bb^!UD$ z_YLi+U<8Y+?TpvM797| zLVt?fiu~QPkB9f1>v_t%i8t;&%6qf-V;|%beHZwi^Uv}V{$u_3_`eDS17_grz&pX+ zf`mkbkT1Xy|(`@`?LFBy#E^q?0SH3z~u+Lh3$R_>MS_FUCJg z1ye_)?oH1~Q|WWkZ)En#n3-FN2}FuGm3S$;dsfTdlyl|q+^M;j^Lv61?c7$FQpgw1 zE&Po{$ivC|saez^)K%1{#c=VY;*0cNbeq1Xv{~t((&Ex*Oq4l=d94hWk0?J}*{&j2 zZmv$Pma3OmR~#5S@bm+h9ppdgn1h}Q zz{`wKv5f>dfawK=;JxA?&)X_&R`*GsOSN>$9pQu0i^H1GBJ>{pL{EYe8tw-;8 z^pB5z^XG}5FF9t@W6WcoJ$Avd7ye?>FXUf5`b+OG&;I4t#|g(hbiDicGmiiA1pb7F zeuez%tY577VlEsl=%_o;K&S<4*hJ^g~X6 z@C@G>7oNG%ne8)QJ1cY6&1dg+_OH+W@|^lPPoEn;_nPx|IPaI|eRjTZ{u37*aKY6V z?s(zx7k=>@`8Us9l(^`|i}$$rj7z3m(z)bsmzFNQ|1$Kl#g}h)`SF*3b%l1tYgdw2 z-n%%sc=1&`Ty@ft2}{~b-udl8zx~VaqQATO>d~t&x@PNZj{m*u_wC=m`-emS@XWR8 zYwx)Zz3%GkcfbC;8)n^b+>IkQIyZiFQ~jpbZm!(?_${eh?zwfrtvB2@@3t#$-{tmm z@7U^&lkVK;&ZF;KwY0x<#a;Sc@84a!`^|d}x#z_{mjC$Fy@h)py)S*=1AmJD>5ung z_b+{5;RClnIRC+09zq|w>EXb`H$LKjXe+m8N*2njI{LUx# zf8y>Zqfh?nDg3F2pUyu0_%rk~&pmt4v#&iTJoonVjpsjpq4UDZ7k~WHXD&bQgS|eu{=)-4eB`6@N6S7oKVJ3s6aKO7Kd$)1_sKmg z@+)5XwE5}E&yM@&w*S2HbM*83zhJ(2Yi0M#sb8M;)!tv-`gQv2msT}bty=YgYtzBk zab3b)Ko=NU^`h%&U|#&-XTrK?;@W3*ZSdV~@D}`A`{IWtR^8>AIc@q^n_V|?WTtDv z%#n#RM^@cCGJovz+!H5{89!^DjiyYSK5^3IsT+f~z{^P!*MB)}WWuDW6Q@j{ywT?1 zBjA%qCQO{P{p^irOrAEfm22W8kTYfKw3*Yln6=R^$d)KpU{9Xw33K;sb;H)BGoIOo z>7IGhv$M;+ZA04`Ke^}+cR&6*Y5w%$H>~TQqT5dgIyatmbLEt4pV&2W>gmB>T=|@r z;-B2DXrFfM{mJ>)`LB2Y|LA9z{L#1j9>>Hklm4`4;;p(M{ye@{_2}r^^4TBPZkY-C zI)=*Bt)_$SOdpv(_UFt=led^Mbr)nB=*p~9>1~Xkoc#D)(1vy0lUoAPPqnuW1ZV%@ zZVyRazg21aMPYMSukYx4{V{Y~?vmY3zu}{wUL5)3rI$VZ`WyVuqPv6U-V~PYA>GsY znCY&1!8K#z2mo^8OxOOd3-4Nk-uQpV5g12c9D#8J#t|4tU>t#Q1jZ2t#Q1jZ2FVf$xx>kF4#yg82`t#He7oYId1@tQq zZhO)EckbCDj2zAH`0JAne&x@9dqC@aD0R=IE?)7-iKTOttIsVE%pUt(ea@~DboFtP zaTW5XEB|``k_X=3{&%;Xz5Ih`|Ni1_mp`kV@PTsG;)|DDS1imTwqh1gg#YOsPJ47V zwcpLXC0l<=*(+b$ANl7Y*B-I?uQvJgcdx&C^9@(OdB#6q>>Y9DO{-ilpR<4akuUS> zmpb-^n~pv5jc0B<@xV80&mVTwSI=Ma*+Gxpx0x8s-8u0eJO6y;o{vvEVo9(2!Kixk zvO5FgRK{@`=a=zy^u3ayV7<_PYT3^h$GegDwm!N01bO{=Pn`3Vc-!p4Sy$eAx_#lk zFG%@Io_+7y#k-yIXpZS1*5w3+%Z=r+*gz)H8=4@cIR}{qeBp58Q6qOP9Uy5Bphq$BUPo9*x~{ z`JU>H)fq}hh4IHF#xW17zyCiX`NxU=w-Fdk9CYwLxBTn_|Mq{s_Qy(g!4Z_Y z=o0lG$B!<)8~)wsu1{axzwepZKK}A06nW;tcOthgd3KY@cie!nbp3{<+cma6xYnM2 z_M_*X`2JaUo_gFF$>y58nGL=9n*}^n%OE55IcL*-PoIVlUr5ckfHo+0R{d_We8Ex$n;p+p2fi zgR^%3`q5`UUX;A%+RooTdzf0~D!iZk>eEYK`TDbWmcIAZX`k-%(PyXZk^buZYu-5g zh*NJ0-dVlyi<7uTPo4YfD_;e_I_laB?)%YBe~&(R)O9y}nLBA6iNp)19=7t;%U8Ls z`ILHY$sb=yo(+H6S^CS5Kh3`M%IC^a?=JksO0sp-VV}IZ;_HXj@5Z7BUp)8K(cD*w zKkTd!AAWe`xnD1RKF3|NnKM^d`uq!D?|J|83#`MIEneli^3z?H<9B@Z;gd%_yK?XM z>DNEpEpz6|1&7@G&y{;>t;28Ff5lGs91-gK_>>*crI`H$Z|^&)fSX^Sh&9v9tr^aD?CL+^gtIWzX& z_a$TTJ>Y*Jle=!o(S&&4ofEaUHoIxj9dADAJ^RJaud=rO-TN;uKX5kVowbO2*?R)} z;6u;v0KIwQN39P&ef+jBPNep%jnc=TzWl)D=awIziR`4@ddc+r&pi311Ftx0>OT&7 z`P^OKgHHS4h?%Qg*R6Q0^w1aEe{kUw*Q|`hR_yTD#n(Q(*nRTY{q*tY|3U;dEgq#R{wn_EZ-2AhsVBZ#eBrSxU-h(J>Is21RrM<@%yZ`vRn;C!ezlgwyGXITt=tp)ou6*_M($~T8<0-EYPuy4h(!Bo2+w{Z-r|wTbd&J5!KOtY;afc(X8$ImNRj!MU#XdOy z%bovxRHt#$Z?C2fu@hfE_Uys~p|@MNy_H(Je3NaSvKAfp@Vra!iH3#A}>aKXJdk@X4h=`}~>@{(SO^(;rel z_{A#M^IyERL_A`X&klcw`RbyJzc{h>ctw2btmGNr*~<8f|5XGgU-{ngmoe@m{&dNa zrTixN{jIB-wWpd#8sZJ;?kg_4w12~6f?tV|6=*wJKvi5iaGeR4-R=eeYkCW z@yHDyF8KPG9jD&f{pcwFSI=L&=-OL|BOc#*<^Bh)Xk2sAogbdR&nnmTzC#L+d;#ry z>#5VXxa+%{8GrM?iNFmz8unFx+wA72S`R%mvKU>yg81zhzq;npeQ&&C(w)~|e^Tj| z_qHi7e;NPswPi=$`vQEJb@KfeAM(WLA+MCaYVR_?c+{ctkG{O+y~b;^E}On?ibu2; ze*V;>^PfEZ&R?aL>o=rcyXw;0o43tB-9wes)UMA-2ji!mv{m}jxxZy6pTFeBiu3zy zta$XS6K{S4-ZI!a=GJ!T{2yI)^}9jtux#~}9k2cC{UzhC7r&I-o!RHFCzdaVmOS$4 zJ+FVZN%#0)oOATDPtK8Vy5fbimOp>o$ICl!^iMu^w7bXtQ(oThy2px-=gv7{&t*rv zcI(j(e6Yhsk!v12q51jWE+~DnWDl=@@!hjO`ptQdesKCl{$|2_Fz~>mFLdPif?X$F zcETKN`SN!*yZ7K_x6s?}aIf6A-~9RQH=TXWrk6kc`PTvE{l^3Ey!-w=^$)Ib^^Usj z#&@n+z_k~K-G93Mv2!lj>FPiK;_G>Pzt3#5&%4dk)Yc_E;9C8=r9&g2IKUnq`tma$%PrWC72UhQ$M#v+b0krlhF9+dkG*Q6>5HxlxlUXCxw%tsKq`+TN3UOX%_9xewe< zmD%@-lHwOp3W`wyS?1N~LbWk+Wp|{#QzsjZ46Z|}o)I^aU-f5(C|sFX&9M-;IMh)a z%hTO<8)J~(LowQuL@LvZI2%EUlKW+eYbmRpXVVgU6j*osw-OwsPNVbi88>Mdeo!qd z3o6kKQI@j;OnepKlb4^Gm*OXA;n{#Tr&N4iR#0<6p68UpG0FvrrG7^iy+cN>np z8T-CC->$C)ka76p8DiiY(f1K3mH{R%gwVrta_|;NyL!QRQhZ4SY|g@-TQin0*3i~K z^(HVt*t$TfG6Mkv*x%j;Nt7;Xu{?O(tD=`NrLJSHq zv%vl=JpR|bW6ubd$Wv#s&)bJj?FDca<5>wEMa175F}?yxqg@81r;QOgltzr`IH5#e zpl`I(;vaM6X<3t%qg`vCZPnX(&q%ozJ`}0;gf0{I zP1mU&ILuhrzBfwASn0DQ#IyN|raeNs?_$`1q>%s<*)^u^Sa^1D${`M&MW!r1UWeF#h+ zVH7nZ)!Nf&*n`5nw}U0>V^Up^WV#3!lp%xil}9)u4kLby&asS!7pY{r*kmJAU_?E& zELxw012LsfqB#gDVFh^jvM}bqj=vBp3JBCKC|FEMFX?bmsC9*Q`PKn7DCO-yG2u@f zRh4mOKXk06Ljn@`OK(w~8<6Mz)HY_)IHF;z1Sg@C!&0m1R)?tMx%r%>5_OX<)K=EV zUh<^!#03?rF%~d;i=LjI82~_m1vbkBbnBIN=e?Prua48G0!WVl-eX~5fdv2gFYyOD zPjer|>k9rVj|yS;p69BRT%VvUTB<^<4Zltf#Sh?jQ-kRoKU}AlK~JIEk2XGic}Myh zUpT0b4lcTKi&1yWq*m=MU8rxY11>>3dypgP0(^{5WmshPL)RU(!LXIH;bA-v5Li}e zsL%J~fQ;^nV`y`H)>FA=UA&LjT1Y}lH0zGZSt-11*3B>gBtboRoo1_qzHWuycYK+v zFxkb1Td|v)=r;CXbFK#&+z#JgpM+W6_bjqWQ2IR_T3%k8#p{`a<(c}(T@8#~lMR>l zV6>jpbQ>S5c0i}b#tW%?o34>7GnP?si_agF;&j_h3?&Wk6)jFe9j}j#H@UdbS9kWq zs^-FchTH3u2n8bh4jm)=@;=w8|E<&xOp%u?q;21F`JzQJhY0mL2EVc%o|c>sMUuqhaICoqNZ#vuQ& zCN*7cY1^~aI-F@1$HFR^#T6vGVIN<5qfF@mq^-+ukzC4OYb^=q|ESC3=@lWEPeP~* z-lA+oaGFC_wtO5zeL_^JtqG5fB}aG6G^D>c-~ zvb)+>LMkmUWhe34N=^gGx!v2a`^#9&^X;Mq7GS#RwzSL z1=~>oOIaX;jgaO`vRKf%pmsX8VdQYb)z;rH^#o+>TuYzjwX!>MM3%k`#}Ju~XMwqS zr$&n5B3j$UAqSd895hw^-Lk*8!W{r?AD`9z^PuSu!qr49WK9FT(B^cnPJ5DTX@p&I zRilTEV02S(t77`cqH1`Rda@u-$rWN*c2GFK%*g3%Tt3ix5kv{l#q zMNWTvx$YB&RhUDac!Kwb1c#cJZkpyf+-T*c|>E`3E4T-fN) zmawi4DUm)cEwCJ?D3j1iIMK=oBC1a>vq*vS*t8059)ItNm+PgVv2?yA4Br<-RHqBU z;J#|Gm()%Lga=&E7RyC^4?&;kfn%o-bg=?kR|PvwA`z zii$U|Cdd)L9Kwy=3fma*Vw*!Rfo@&?u5*IE_~p<5Pp}aCTz26uqt)xo`Yq>b>s#;b zGQ+RS^t^{l)6t{XsVfArK)h?C9V)JY!7w7xsP#9IMKA2c0LCWzgI~Ir! zrh^L7Lj!jSc^gfTeg9>Lo*IVX@dXa_>YSHA-!LY)c$DEnA0j%@q->)Q@Z4XH4N+!d zhKPY}H``C=*{IAwH!Ieutg4N5u* zm?aj-E8c61LFZ(?99q0xR4ACjEv05Gr4X3;E>ZG$L9s8bzoAHIN#NKC=DtwqKIj) zx)4r%6WHKhW-s7`J9m2b1i3LMP(kEvg z7|a?+5=8|RWd?ZI%b|${{Z<$CK9l{OGK~G^m>xF!T(R4{Tdp@vdBl;y1|IKziWqw_ zL2##*RO3QyN75X?HfAjA(CDP;JL&JkhXzU}scX4qWB5ix^}-;ow*Vnz5=4A9+#@C3 zmNF#(Lj;m0oS#U9BH_u-2|*xznD)5QP(&$jW<-bbp>&P(QV)=RkE1r&o984A1Id^K zQrGPMdZ^B6O`MKB=1E{UY3gPf|H6D5NHmt+XprasO*fPPsHK}-N z=XTgg@oQ0`adjb^o1g2kA51dcsdOt=#Oa65gJ!LKUtfFLJ0<$t-__AU{^jqI_&1*a z75SGHGl3Rsrh$ENtJ^Gl&UDMIlz5sb9){`7K`60Z;K5&=N zyl&9Z%jSX2AmGOaNf&go^YxaWPo2qnpWV_Zn7aFJI7H|**<=ug(zbLXkg_eA1L(Rt zf^nt9G@K?qji^h)tP3)1D4Ka*l=y6%ChvE-e;Q zr1<4b+B!D_GEUy?t@xb2vG;I-+ft;VXJY=W%G}c$-7^B12uF;Oy@*PQUkSw)E2dWv zg@}n;ZECQXI&~p9yGXzw>cQ=I3md`abb)#Dr=6(p9$?DH>2b=a0xB^fedg)v%F~>M z2hsgBSw-pB4YF|Jym6^Z;jBC`Pa(wcB{ON;?r3ohC_mI-`_y9jG7(#q!?-}7f3tu= ze3q`Sg<(=QgXq93k^Hxx>~0K3!53@m_iEmET{%*Z5LiaeBJ5i~ugJPH`mx7~Z{~a3 zvO?5--5(qwZ!v^-t*FJRI=|0I0ljUnYKt_CXnZ=t(s`D6eZcMY96TxODJk^#Jk8C3 zpFAF9^@9_5l<72OP(BC2!>tgyJqz%@la^8X171<`2D3t#Jd7n%mVMN;xz}X9J<6+V zZK@g-6WX|+Gr+L~oK1}cCruJ4O1LG8YA}~;@6dxZRL)np@T-shA1dl4bq(xBeIM%@ zn%=M0-}Ns8h=I+4%^`Os`U4z8FPv)5c{|!I5p()si{RerMP>6A#Zw<0Kn{Ez4A`Yu>B-wMgU2?~tl{o;yz?jt(Zh`p3dz9I)|I zMM+V|_h1pHgHo&JhtkJxJ0;~+y69$IheB$4=-HupHrSR25T8>eB9Bk^raU6qq`iRS z(Lrw9$LHF5ufOSoSi8h2mPJ-f_JlJte20*jMwljGZn`)x0nle2Xzc+QALD#C#*2aB zW@oW7{);Z`mBvHAtPPdvBdvZDc-B2rA8bDJoF!UizzibIlwX9KfbiR@5NGoF2=u+& zCey}Zr?xcyc;Rz9Q%svMnMlP2af0U&-o<-k2{}TdCOH^b7)(S3(aldx@n9JCCts$_ zxw7u-uq#@8zbLH?q# zqoy?_LIkQ-^w)WneBboSecW%wE}FlU^iLdF1KJE_W*j-g&}#7G!ybM5-tbbwR%VD> zQ-IBgI@MrxnhTYolPg`qT_JqXl@w1t2Gp$dERFWaGMNTkt` z=#M=!ENB5SI6b7cdu8pGb>obn{FCN$S7qz|@-+I>1@bgR9Aaj{-;5=T4bQi2@IG_e zqw5|fSBK7*YldND80*1}Ro95<%eg-M*)bD7DtiN|iHeT%bN|_2*#!IsFDemHO8oE& zDo5wq73J+-tpkk8$i=sxambCiFQX>923WE|)Wig618~?KXuLp2dl%|*?GXz_BhIr6 zuOd2BT-G-jDgpZBg(`h-FgiHB($!dJ0jNrY!rkzZ95{c$%Y(_2AA5%yV%GqHrI&re z^xaI+JH89W&J}8;#i;Vq^YczT%kI+CnOhA&^hHNpxJGsOA6b&>m#1hQ&yO!n!Es7!*3Qo;qL5Ru1odRAQ_yF5Bo{h`iFW_HE;T65Q`&Iwn~*7ftM$EL1S zn9>Ic4kap19uD(S;AKH*&IHiK#ZZa)?tSUR*B`Xypf%v`r+41EPfeJlFHZ~Q1s$B) z6@e$m!HkvP=rRoHa7DeHoG5smK4xVUW~Ff!0>SKRU% z7Zdwie%o{S{Ov+hy@B3w(m&tXN9pF@Z+bBQ z_mY52F;gek^Tpn|wD)d5=&LF|r?DS9vER4l4ZX@A&dU^ynES3M*3+&ODpb8AS+1io zMsMvtSTgpzrkN$Gwi$0uYEI{yhZTMm{lw@W3zN&9GN&yJ(XUmSyJcK-XWg_R;WKYs zy$uyYl>#ZB(wK#V)(=#ys$ST{dX7ehK2vX({IPY?^Xjr@o2Hw6k*CQ(NJ{S%F2LB+ zaSQuiliHeC7S%HnRT+LPF2V0j_o?&-Fqg>Vx1L0$;EM=!y=ePH^{6~zRo@4hj{-={ z8q!rYB#qH9fC9P72i3GZ5scfZxV-jT+o;laGd8gFsJ0=qg6EHxrniwiwjt=+?2Y2X zl0?ARsg{#1FBC@@*xLbRucLA-P}^`sLA`y4E65bihsVtJg;2^1<9w0T=d$q=JcrHA z@2-%$T*0~BuHw1^Cv!Uh3jyzQNAGqmi_=PusCfQG^elgM-_yOxHgCQItyrbEPJ8N6 z=PUDJTb<{O8j3H~D9P18OIp%-etKLr8c!V>?wR{L$0Bkm072Y?aiHUTBf|dQE5DPBs`Wa@#TlB)tlvlo|+#m0>-K>%JKrEl>geP z9cA6S_PLtSzjF>7HD~9w?Rca}pz3m*92evtj%AhAO8pgff1)dF? z9atHExe(Z{6fsUIf6Wv|%FTF5TkzpgNV(P?d;9kf8umG~wY>TQ;V18+!Zq&(AaWyw z8W+U1=#?Ar0!zcp-Z_Zb$UxHXM{oTH#hq9~97NOqp(g)*Fa8D5^ux5^Ip=7e@!SLY z$$-%H?>z@isW)@{pJ~|1)~ISJx=ufl+bAo!q2g^RmH#fL%to>1#q~a5>D)JxdJP6b zI?I4c+cOd}uzoos!pp&7$dU^9y;wQeDnYrHT$aW)wUtF-n4;}D`kQ{eJ-uxd4GDTqkyQ?bYM=+H7E@En3k^Fk*TWz ztAS`47u{U=`3hXR1{iDnEcr*B6V;I#S=Xi{Hnu^nt80x7@@)v$+B>C7jRnMyLkr;} z@DV7Du!y4q>-pWLMovlCmvoh~vz!kdCppf&_kV*yD?JQ@L+58Rz-JR6Few2>$(UMD zKpDbV4eKM#nL&ip&8L$tNL>BT;o-}xrx(Q6#=jC*kFesj8BZ)q@E7xzDQx`PGBhyh_xyCm#LG?RmQbV|426%|M}GYQ zw&v%j-^2VcuhybXE~}j`$oQ}i|8htczKeECE7&=kGr82+xJ@32G9{6!6xwZ>LKHAj zq=Q&kPH(Gcu`gGiZgY~%%1x|0KJiZtvi!N^GU`+Mf zk+URLT(trFX#I)r@sjSh--I7Ue*f+-ZD%LbUVZv2W3mOSFP|xG-$$sv7eP&(Y{-Oq z=6I7G!7R^SnT?{O9q4mb@0YHWK^V8!b*@hGK!AlRw+wwRW`n>{8(W;u3v&Xb_4r=v zD0aO3!+-6+g8=ZquOj-#%KrHQV51Lgm!hksLyVZ%Wd1TFKB249X`k@ydFbMS{>J*%~;A}-407bIEAi!9T+m0+r(`{SB(@<#RdUSBnJ3g$~#`|tf|Ef!f zrVw`2FUhwsT_)G2&;;MmDby=B%`p$B$PJpRCt>e;Q+ zU1*OauC$Qn5sn6c^S^CuW41gV)s5Xft}WFYtd3is%=j>|V-Y6ExC}^gvN9Wj*+l_Pt?N zH$K#jK&4URsKhm1cP6M$`sxa_R`56R&$$GJ&PH!LoOxd1*Pk2Q^_DBztxY(g>aau! zD<3GywBe@MzHc^{s1RN~r7GejwkZyj-QAPF@*Ce_7|VcRI=nB9Z(}#e)S-?LdZJ8S z(e^{qh|5Aa)7q0>Sy*J4;Ptt7l)IpVRP-t+dX~{n$+;Pj6}?!bf03XsNeoiWibHB` zIcg!b1|7BflLmQO{bO?0Bnh&U016j~^IOsuGa$3gOHN9@{`W9AFV?Dk4t`^qLq)bUnvdA%%s-#XW#Aw-k9rs`R;s99t4+ZgWd-1OT)*|_F zKo?@`3um{SJ;@91UAZ@JJT1E-Q;{c7ejc_dNM^gs!E3DIH&JXsDiG zA}tFxoA6x8A^N253+fy9r+z%_$w&R$RrcjBnTe6@ZpgEMr)vFa&W(EXh?3m%$z|-K zuNUw>?3j`~c@*(XyW|ExMsphaj{o)~fuV`{=$cR|qb;rqi#;nsT7vBz=MeUoo>u$L zS%bGu+==|hBUnlyuO18~^H#{d!vH~Z9fg+BMy0(@CZxdav})|Mvc!KjT7TB#9`zRw zHE#ZS@)wT!NQ8Yb)eFY}YwEf!Vj%#$Q4eKA$eBpL! z<=&ZYt(0h$F2;l4WTirqpQVhe(zm}tjY3~h3JYIe)%|(lTg6z|!s9dG;ZQ#7*WMn~ zo1LfO_Pj^{4**@Nhk}Nv>aUaYOFo{N$|y23>-4U78BS1@%&i|8X91+_`&@!q1|ot; z0Pd}gx?#YtsXlU}YNjGB#4iLBNBJNur`A7oa`C%S;hdLrgW=@G(*ll;(;S^FsHFQ4 z7`~tE-Jw4wlU0F+<|?J$ z#98?ZS5B|0IZDZ90Z1uWf%h3ZRk>BD8!*po)M6*~+Av1Gt$3cz(`jsY7|b(NBeyxF zOAgZs?ZjfTMoP;3qrCCq406AIXnQJcpqkw6MHfbnQRC*SpiU3qeJ+HQbQ{Dsf;;~S z);@4P|83RW|6bTX-}(H?B%!q?iTl?ZY}@0qy6&lXTIHMJeuub#tMNmuJ|}MB)zf&S za!#Qr>;7YsJKb7H8 zZSu{xs{!l$hp{lOaZ0-=Tt8UK|~ZB7wm#lzJoh zzDCXmHR#tRV@C&F8aimw!xI4zIDCf zm6mLVBz6^yxVb%GNyCE*qi@-m@7B}TrR9rqs=ge`Ti%4m`d&#SFbm`2vt=p~Qtb)? zSB$EH@(J>p%(FlJDcmEfvGkiZjWyLz?a+7=jh`c)*J@~VN<<8mP1?ihx`f+rCR(c# zuDZAxPXJ>T>#;3<*2~EHx6}P^d5av!P3|3@Tl|7atv5BK_E#vb>26roOS?)$VXh@;wRs{YWUseV$Fv6D~gxrK1oYJ~zEx zDsYa?1QQjvuFy3ZweGV|+So`>#5ZCWSdl&i$0K`xHj38>zZ+L+Xv#IFQ$xD?o`zcN zXnWGt8|`Cg)Hi%j%spvQHQ7&l`AS{1e~d!jd;g&1GVuA4rbjOG&xn->^LRQ(+UcV_ zWJcg$lArwBpF%iv=)h$9PdWTMkN*Ob$%JI=Z|g1H=9+FzkC0mXCEqM4v@FAbcI&Pg zUJdfn?r5pAo+x_68pP5Abmf5y&um+QD$s~I zw(3&sMmI+6xUg=-!OH91K}E5-$5L|@O)(X5+w_?(J`@sP(7J^*B=!Vs$AYH>PF zi@~JL6U76aUdGb5@7eV(^T&+cNq3oY)UB37is-e!~Q1 zihFWuoP8<7ycZWlc)ds{AP_`7Jv-ix;ini;UL&kJ-WWlg`0=V2YSPQa-{t^Nyq=s+ zVO{3W{q*PicpNw-?*QG+!5k;NGt)4)eOX@GoCmhXyX^cnsQd>W_~+uM zB0W84T7q&XeN-7j3mzJv=NTC?Q3jP;w?|al(c}y+t|AiV$aXOD<`5`%u6GN$-E#vH zQ{ajxn5HBRfS%v z{7CV=_yt(%SxqSk?gO@65MD`c${+;*k|KzoOH5Ah} z$SAlx=hURBcBEvEBQRiz44RB;#tYAU7#uWrU####a$;1s@8^CwBpKMa+G~A2CGk2t zG0tOWC~4X0)6b;|TZ@&fpB!>j|4R-?&G@LY&cCf(sFSQz{wB`q@i&v6z+Y_3(<-Cs zJn5nQ-`j6?;K}fX^iHbdgBnm4Ajx~#D;8um`#Nku-^#nuC9T4k>f8373cN!|Cdc6u z6FODubjGW__XE(bQoIk4y4}ddWYVq@EqO}`WlV_>ZM`DrtyxK%M9r%ZqsN+1YjGFH zTF6#wlI}r%GgfCdsCm#|C*-aLeO1E=swQ&ol@q9`IRY`_Qu0h8fdNa@#22y&sNyk5AsI4G$NEE zCJp@0+hA4CoA~L-#JnpT-Ip@3yN3UCzZ&~p?##LGO7bvz4eGp6Ld%44A^Ulmjx4SI z(IpzPv%7P+t--|f^&+_KMClU#ZdHDdr)Ucq%(%G~&s1nAY`g>LF&mFp`pX^pdi7&) zHo~tV3jxfVrcAM8kQaSkWa?MiRvwYmd}{NwOgaS9EU$bCiEo&qnDUDsI#l$@=o!*F zPBh|qoh_9HI_~qY7uw&%a3khL4q3~`NoCs2ldHtvJ3tBAXwXXA2c0c!1jqcI{hgbc zW6O5E2R_gLWM%OG^z8q1pXVdqN5Tq(7blfKcyTlLqzgRpQN4XZ;s^UyD{zkmvQy#B z3DJFRKgC;%Qo84ro!yIaEtnPU=|cK)nO&7j;8L9fJHbT*^P>%r0xQ97)siJ0GOpPj zmdx{aO;SGetgLart=)XT?9u*XQ0%qp0%DkW*IQ2H&6aZsTu-DTJ;P9D@obr|0WF2z zAjx{@QTAIzDn?_Px0=GP^sbinBvMfIE^AP5xHdZ7aZYm^?CB#N*2{xQ4d8mgE@TY( zFO1sK*S24uGoaZ)-X{D~(1dlFN2Y#$lYNd7RCd(caIt(W2oQC#I`4MbA7mTq;Qo3` z<;u)12G88`-_`cYm|b@=#iD)sq(%VegH37?;`ss0p@$ECW(ZC;t!m=hZhJH)qUX7v z^#qaC@l$4egd}(&faV28NE)>w*ph&P$|IuT2brtKj(pdsp$5Z1X;7<-tAxSoEW7dP zQvFwYZdvrJXL#PFu>N1rB%T?<+oBHWAf;4W-ZOP*GvPu*-Q`$*)6=Fhk5_#MHKz}TNQgdLgcIm0pW6V_66#IeWDOXL*< z9Wi}TpdYMwgmMZM$g4$o2VHbh&z*f$sG0@78W{3ieVx7b9ojqK_SVz#MlywgU3Kyv zZXLmtQ-O_ylrd@%ovIW>{C#Y^Oaa-n(H#{QzVOa}F9D3HH`Z8Y*0Tp5PKw)J(|yy* z3&!c#pp*i-dPfKmzgO4i3G(mtf;z0t;TGWwaF-(KYL< z&SaKEZI`9bZKTE+CDMd~T6G?RRPP(w7siD~NMO(L8t`WVf6dLMNoV`v#}9CsS$PlGDuI{ikj?NL>Cu z>B#??AO0sNE{~Xk&u=N%r0E=Mq=ocr5`dg**v8Aht&vxA&kX18BY>8CgPo2u@bl(H zj1*v23;<~wSA3FIUSeDlG3}7G|D^uhgH>hQ?&+cJVNIeY9Y>}@#Ww9j!K*FacgEtb+(q8xo(`oi>pK}Y-MQ~~v)jZ8 zPv6MK_ox3dmMWLsJ1DcpJ>VCrpfCB+^of3Mk3#8bk^t@%(LC=Cr3E z?XR(DC~vw8p+6FJjFvj`JJHuyBe^IQ&U1po0Bn7M5fo(4Tb?g;3t9*{Ri9C15D{Zj zX^20ADZF_9gE>?Us&B%vbq_)<#pmj``j}-dbec6>9LkF>BinGWduVFr^SUF**ciG& zP3-b(y6yzW^WNc!s3B&`e0oW{IDKh}fSDj;42uzytJwCY;t>{!<*McQYLb$8N*F1i zJbO*9a1bN&5D)<%>gBHDSke~aUROo=Y!PNGm-*LV(%DIHQQR4#b#(A2l~xvTMoQzv zq9s3W<}5tVZGNIA(CYLSD=zxvt;jtR=*c3A;ZC;wEHz@!Gn#qevNl1sNoE$2avU$V z+DF-&n+b)nw$spw>Po*^5)qB*1zS2v`=moA*`AnIo^+U#cFN?5nYo-8z7`X~iG|PE>Nf zI%QAAfW_~GdR;FA4^b0$Hy?n%9P$8w5M7i$={j>k{wk^EnT&|ur|pVy>PDEmF|-Br zE4$z{r!R-Z?XID9n4ODTnip}ZW^`alO)oJEdh|8fX69%q*`^flF9w9AkBZx!{83OV z&Jef3d!S&s)(%MXMT9*c40Qs*9V8`(?n>VfH+jOYn|MnszxXB6{ix-z-P6-anXsP+ zKzW%_CbK>|qmcu7Cn;s$kZO)@)H{q?pUR0fFbY8zRT%8p0UjEKCCc8bFuig=T@fFj za(sY1InwHp8#>3LP8CLUd^@Mb&p=V>I}yrQ0$aQ5WoAepC&NT4<3{Y1b8 zWS?81Xtx8pJzJ44+n3Kd>pPDP$8;x7)}~(VFEL|!N_V8_mGQ?^^ym&0)>TQZ+WsWJ zP+n~&E>)|<-$tsG7`Kr0JKnLZIB=Z2A;L!AJ6>9IN6K4+z1}GQOWUiF=)Af zNH0hx+z}#g@}m_EcB>dul=jEIDfBu~p^}nG<_JBGMg5a z+E2XrVw8Tx2wj&PmFd&kdHvz$fc(IfD&Wwh`mx_@MS6aUu#Cpm1jxz_<--J^m5;QZy2C++g|TL@xp@ zP;~2_EbbY=7}FUNjNtOuMHRZ+Mm-to-y)q$VH%*>-KMgdg!39^7oXOJW^K+E%kkvO z*bXg<)eGlyUa$8CsE2@!kQkvpCMu5Z8)vG}kYU2Y-mN6o=i?(d78VHBDT`lWXC3H z9TsAm^s1!uYM{;8`J@S>8xuqE@=JBSmDCkMkemH5ig;;WiN+4D&$QmyoLa}+DoD06;WhlNY{tg`5)aai7 zqALDcv+B3|`^6s(wck9V*4y2q+5dH+BmJXO2BCg>s?zS&NaKYW$w!|)4Sbf*+r7s3 zDs6&O|FVtjxTn_9BV1p1DcuN}`gJ3v<@4vIFNaQcCtUbHp9Q&q-rHk1ztdm8e%oT^ z%b~>R#E0{ZzrGy_3KyvVbZ2yP8VA}oOxPFD?ws2zF;j~8a;T~9N(*M{Wqe32N0jr& z<wmKcMo1xVIX}(sR(3m1qSCec78eZV~p9= z$#Wu{+6W|0+=)23*Pn_CAS#&#m_F5>sN>g<_w4eys}oOh3QtMaW7*J3c0N8&vaC50 zikVl7cufR6G9*c?UN#6(DeQC|-+qc7;|?>4<&TxhQ?OcjrDee``{<&A>H_u%$4kE> z+rCFbS^6KeKmTpZ#sAsp11pHivS*;`w4RTq!FdO0Wp8T+=r z(5t$>ek7lh$oA}+Ah{}Oa17rJU?P}=*L0;oh6Ei5EH9HI2NWyZ8eyB>QEO_Duevu+ z9t+pT=y(vQ&#L3=Bh#dD4t3D~ zP~-|Cj8V^c6qlWD`Y|L1jip7M)V#q2_VjFd^lVwc6a$;&oJ2Vj&C0>FzXkpjG~A1R zW8ZSy8(X@X#tdK}mJ60OBiqV9O>S#!J^-@L)yHV>$Pz(C?sv^?Jz3zS0sPCCCCgXM z;3+m2*OxfY-Fw+3i<|&BlQHIHpw;VL#|@?kd&eY$0~nT)7SLy8F#v_C>Z?XA_;C;! z4M~$nbcUZNSsJiR@KdR8#r4y!+PmD;YDL=>+=7lzC%hE_V(UZQ98@qmKOOo@s!(Kj zSX#@}XPgcvc1K?64AnW3a}OLMD6b{CuZcN)Z`hvB_zNReK&3@c@kTI4jaS3jXP{f9 z_lh%%qadGvj9RPGC^%)uU~?N5EX21-k35=fa}6vzyGZ1Mnj^A{WFa3{6J{O@)H$w8 zEAe42bnYWUYW}5BCJyv5h$@WnQ5bO4k!v@t9Of-X{ZuvN)iuV`?scg&T(X4a-c&c+ z^~zPb>Z)E|2t%+Qij*%M0TBVOc;Y5%8HOZEX&p0S{|4nP%*DCV{dH&$65s2g&B5FI zfIyITg$91-$n5eJ3@PFLugoEVLvWGCt zpB5`j4Et+0#TvX>a}lA#a5ej^%<3F!RWrSSz=c~wT(MmGe5B%aIyaeob1~%8+_d)6 z)XG5O?QPCB0`^W!Wh4bNccTaa&^lB+3km}BG>xXTe_|@I#l7%*yUUC#Cf^P45V2BL z>h`P;l~o=#g~5Cfx{#&y;fZaO9l9paPJ(9wzVt^@SA-wQ?rrAGZgJy2Cx5us4&g0; z)G_VHsUYTjYPDnNSn@o*KE{JmPBlgmxDWMxB%hg>g|9uXBefI^ut_;%e0`0;WG;LL zDqAUTi4Yu+MbxC$EfdSKG;pBiLX=6=b>athkW1rn$pC8y?Yg4h#~Pb{e6GNWU~A9o zC)I$<_~>L6r3`h1ZM?JXBg>vbp1{FDGG&nLR_0o|kx(L&oikXoU)+={$m973r5dnc zk_IA52G~+|BZV%EwvyWIOrg+`^4XS7`iMy*&L3egecJR?V+Xac*8>a}*5{=pGl`;Y z#7KaGIuo~e?x~V*9V&t&%?C-%(+M!@FztTTZ1ArjQ&srnuvY7$8*V(q|B3s z=^A6*G5+ae0a-z%M1`fSJxyZQV$ItCJy-3iE>Eh4n6VwVL?Yv5)&)}R#Bc%$>rmEJvliSA$v8DC_>U)pei6%#VxEOYG{$guu^9S99txC6<9paO@U!K}<`e$D|3%m3##ZW2g z%|Sj&hF_(7cvS*3jpvSDQ2wj|NNTvan0M1QL>TqJgHXxWPjJ`c5FmyeMn~lFf+(aU;JyLTf9lCE+wnsa z?&79FMgiY9;IuPCB8C7_{w|L-&625U=hkpx7g6(FtgzfhOBs?fghs8|-bVhm$GX4Y zQvX&^$WNSjJ03|Osu$E-M9m?dd-`5Em%^xm@Q)&%-Ti*gE?!jZIDF;3H_HV8z?74u z1!e_K3E3!AVgiO}JS%2AcKad82XX;YEpEOjW?4@9lU4ZPs1@Lmo-Y2R)pYfr=E;>G z{)NBkKjYT_WJ2w~{B-98UJteD-pC8xD0@=-a?E7QX(eb*YVKN?a0S&zEjo(4B{0X6C4Jdso{ITiJ7U9-5$H%Gp-MdBtH$uFoYt zTo_gFbv`VpE*}`*XsVKr3wZprFPKnvR5U>)E>_9Q&7Amn{{Htj51rI^wu#RDF*@7r zaQ1)DV#96VIeGs{i~W)kY$Nw4Eq1eR`pdi#OIbBitdf}jx}cz-9jKZm=D?nf|Gf?; z;=o-kc=~*!){cu}kW}jq5b(z^HJ|)S{!_5ejs(!SAa&XOjER)7ae;KZ*vD zHqpg8QhX4>t2&}rp)Ar#cMBm;s~i%P{7NixjlQoD;(r!mdAkkIo1lzYz;VB3 z9qX+<8uy37^I0b@WFb~V$FiH<@pN|8$?HQn-##ui*AfB~qo~qo6kH%Nm`G9LR!SMI zB;H+_R__ka88BFNx-1~Uc`_Q+h+B`uaA~d>NA+1xlS!W~$DvRKPZF#)gZ_3%CWvMp zG-viTZ|5wD%3<375>+zTTUwuKLDMM)j>*>3B`j^!UaB-F2~YCkYn3k@HufWGbe7&G zwXcrO?2rhW`UB*tJ3#gB0l2*fgJz7Ilj8vTsy~)`7Qm!>C($|z5dm?rTRUgFhXh%| z3g6%!R|iQ9x#A`zf|PAGk=V)aPJ@A}K`WhcI-A}3Y3?7M)4K!=fj^c9!BTnmA#;XT zooP@b*!A|jcAIDFDwj-2kO5*`89Cf!?{VBt<;HMT$oS53W4ZU^Geq@_7aTM>SdC(= zPBjIC#VvDvwJ3!L888v1q6~BL2H{ zyues0*XSDZ-q~YycEXvo?wfuKJ)5U4!Pv%kK%<{Nq81*5^nD(-4;#+<7QE)v76=t8 zBb9`cQIS}~BVh=Z>}E^&UUn|7VXD_?_00?l861ZWt)Iqz6&qb}zTO(~J1{?3~=yT>W6g1+9x?s+KQ$5+EqkbxUGQ^5pSt^7toN;}4%I*%`0i z@MW=}FNYYb&t@K}hNd>UDP;BT z^@rCxb<_XUwf`4{>8V(+FNekh6K^DbIdpw!{L3Mh^8U98pZ3Z=Ooho`3GUndJip)P zywgJ}b9DB$`RSjbW&h{h<1aaBfOWO!(OV1I88ulu9^1#Rs_UT(x7&6E8U0DXT$Ql= zQ!Wnr$Ih7g99B6m_-RVI`fUPw}A^$F>&h2A2qqRMdH@;X^cn#8$JX0SjbP}!+#4q{(Q8l z5~s3=a#`L}tc>Ij(491+*}v7RzR6Fzt)Xhr8346d%nOpXjq^uH`~NTY-aMSmwCx`^ z&rD~!chp`j(^6_}BlcLPt))sR5o+y}ii&+-%S@|P1hq>-w3d*BC=nsCOsz#iiBL@A7-!-|;@j_kE7<%zHe~^G^QAaU}P3pZ9g2xpLj-b)KK=^FgXz&I*TR z@k@cy7>ji@7aZhAKPM(E zdjE)9+Fc`HJNU(X9weHCdX`^jUlV#e0Y6agF`Q8D)vjjf z5659$q_SYh4NLysXQ%t>#LSXoqJru%C93WDp?5053|up^z=uf|0Cw_Qha)jq&DXB9 zJ&mb)sTaQIlEG08r%kiQ+zbjGt(X(m$k&KW6N#n=`|_^tDXF&$wUy=`zczm`lNjA0 zc3(p9hZy6$UAAufxFXj*LK*4;w1ay)G*m)^`kwkjgIIz*RWjSB0%SqDQ3tA73-Tld zo!$Uidih{|k8G$huY|^qLj`MZ1g5xC_7Utu@+se5XdG zM~|RP`8v_%>5$QF9QoD_kBho;-PLdtu&UNOUoVlFf+qmC!;$-CGn_VJO z3h;cvJ@)N3-1{9AJ)OFDsrKG2=1{7+ORk`EIwbA9w|sTCmm8wO!(t}YL+f?y7tv1j zVHwojt%gGK`< ziPRlkpD1#>pwKb+G#=Y)l_B0LM&r7x~;0YSb zLrFG1ZE9va(`WlD;W={F&Hk$y?N4DS+B@~UMrXkj$iy&wZha>fDOa4If6PtK$G6yL z-zmOCHno4nfWFQ$+?|uc9rE2XbG=}Pg2|SjDa>4Gs8gSl)yNy*(hUL(Z63yBD)zyU z*sV+Q@yYe&(-%E`t&kU}bop?hm2cDPD^qVf<*>@jGS)3lAFood#LDCaH_LaQN|zy! z1rX{jPZ-JUzhR2~wNLS@3qgHigzRz&D zF^t3T-j=ZoX4o1caapz1AmrkRv1f2_)4aEtOM`BIQD~HnjC1YQ(F!9{>1)FkhHZMB z${iEe{7*!3PHOC z0D?Wt(_-RxBQja1Vj6`Nifz0j3?a`R3qR9Gj^g*P7cu>;?Wd?|CWM~YEJIC&Hoc$k ze^a=(nSO&Gb*&{_v%7U%9xkb|ZN*w9ny*T`t)rn%L`>Ou6F=BN(_F~w6Tv}0PM{|T zL~E81|JZSHH#EX$m;qY}=y6pe@${%Th6DjM2pQpOu3N($`d}8QEc+LqcJo_Rb!ta! z7oJMBQlIJ8++%$6O7-1j&&XUIdfC#0Cs<=`gw}aIdDDwH7pDS}jN2EH!#*7N93KfM z-fqCTG@3IsRy!28uxQ}<`pO8`)QZs6q6Uc2;^;5#FpT{pN(9Eab(o}+I+RdhupR&| z#n?EOX57{#-zvGIwCj3K>FkR>VO1WPNR`?9Yp~eYslqD`7Zu~BGtye}jt1`3umAKQ zKuZ@W>ubR*cc@Gy8CV)pP;b2_%trO(&o^c|aNS%Z8SU@pw zB#|nRdum{qEr9A>TnNj(o@mGyWv8y|-$yRX?I0&B|Zd@7~4~ zFCjI|F-7(1|JV=zKdyJ*nuq!?{lZ08Jo`L%$cHPdInxM_FTR6puEdx{`s*TP7MxE` z>V(J|*edA>FlZD91#ZDB(*X2|k92_Dm*92q#Y zArK2q0xdn(v8C1SlC@E&f&Kg2%Y%5jSl3 z+mQH&ef{2rGrkiSx<(tTchd1^Jd@;ty&|2X%eYRUstXi%v!F$jSE@_36#OZ9!PqeW zQL&eO>bY8lVps%^^Y(&JL&Js7p$%dQ8-w1?O!A3zAk+?CfRe{YkYH3#is)9PqeFYR zd$yPln>GFEkdNErjL00VA)idDeU8m#0HHz53%6*7){dACFLaKvbU=X8@hSFoTXQ$T z>J25WvD8sP)R;{oDynli4RqOZU!4qjJSI0e{Bi{RB1IddMGdrCNX^B<%BAedj=^#b z*?5GG{Q}Kdr@`s@nwD0`Tz)@6&e~9$m=X}rVZry+rl%lI)N3;w@7~1j&H;;{@bY?o zoh==2`%>$X8gz=K88pgToL=CEaF0Fjkg2@43in4nT+S05p~mtQq|!|p+K;%W{JZ_& zxr56Sbs;PuqUWZXqwD!EHJ&SKw!_#fb%?F$%u%nkn8&m&{;YA3`ic|&+Vftw(p*_| z+SY{{6i5gh6vlkJd@`m!?%H%jtdj1JuB;`ln4v00CrQ^qc*pIkwi{m1-7Kw$CqN^6 z-~1?~P_!L@ytR?sLStX1bcc{63pC?OpgDC${7?shOa^3_SI}&u&X?sl;H#m5Fm9_WwJhTO_@ZY);o&d9OEaTv$uvciik2m04cZlZM-r~M_9B5`%p zQ{B7Hz6$w6L?%>S$*#`ueZt3PWhdT9yFxKor<=7w>0Zn|4({#b>USE2k>oB#c(`Ma z@lCQdGdPJI(4IU z?ApU8?rNENR}!|gi|wY5N4iOtu{~Z131vV16{WLau(1@Xp%JCAtrau($%-4P2DXHb z6gP)cUaq(VkYd(Gvf&;6{ph+R3e)oGud$fEvO$Ko# z`)IqaA=|5yck2v7v|OlPqRq{_6MApwN$|qjhy6fR$UzcEVJ%!HL2vcyeHP{PvXepo zgFJgf;|px7o4&$NRVGVcN2*>_lzPvsxU*I8y z{Ywr#-h_DJ@(Hko-|UlN>j$fdC!yZ?R_w--datrh3q@HIyV*(J8Y|`a-R5(k@X&kC z>{C|d;$iD7w_y2)2{keg3FqJ)$8q=sJWp~}27tvOTwF1isg%(0Al+rAt1WxEO)F0u zkIk!1z%}Fj+L2hQ2N8*I@x$lj%E+SbU%Vj6v1#kddB!Tyt6dbNaTqTl<$L%zNU7RS zpTbKK%%3uU?UTJ-ERxYhuvx#V9e=~)d;9Qy^aHnN69%;!t?ch2H9&G%O-PcbbEn$^ zDVi0`G=z-c5-x24tlL>4a?kOwTo)A9Blp_u#vxx~y~dD+LnO&AQOt8FNN3K4R-uuW22N-Qt7mhT#v8LUM|^vhT9?PbSOm+&nB`)OH^35s}@aFtF+5lx%6_Q(y8-WwE#Plm$_1J z($02Q-331y99tO~YtY~HS#eWxtJ-)r(CQj6)3Hi)%=ILOe;h%!pmLti+)SDqUzwUX z$*W#om|{56ClDbn?#Go{4?eMLn-iqa7jh8coc3_1j1YH+{~6Q#SrYx7V!Mpfi+L7x z-C;>waT*??(|Bz(1iZk#P%b1fSlNOs7>U<$)d};I^QcRw&dS89-x`G7LAdHLjQ~=J z(PHz&atQH3=`eGH3A8o{fJAF~u7Mte*DkR}wNsC6^)X`z6VedZTTNbj5i2Fl0{*v# zJiwAYgWV-I@jE3GyT5qBe(Yn33>F#cj6s=zW!Uc@eMEMfc9>~ zb6D9?Vb=q<&cvprk4pv`HLIJ*39vfKYbi^Gnp8TEcdd5H-x-|p<}H{yDiVu4_DUR^ z3$jD%$VcQ<%0uAI*Fe85U zeHYypFqlNx00RN64a*B2p^hE5X^`xE_yXC;$2Hv-C}3dWeuBpj8eHF_8}?x1)P08& z-`FvhY2TtjHdX|YV0rX#zrRDpfP3s^t77}8v{SP|b1FB^nkZJuq{%g(m6c9wxi6=o z5TFs`7i1pOu zJYxt#5DsKxtHdCB4?P&htJIc=;bGxURUz}%yd^km%eXkw)T(CGKtg-9F7lnULu12O zqEA9%&=BglW+7|%jkVOBLXg#6aFsw8Avh+=+&dMj7HljOW>Mr1GAl@A?KwDgw|+vj zLddZeilcSr0E!Q8c0Qq$z<}tGA2ML0y9lTUnwmTAY2a6_nJs}_P#`WCGTB-R9bp>6@Qii zE0z?fX&L8&Fs27NO@YgLJu02iA??7YZyTHdaaJ%?xuGR+@HycahaOPue6OhKGi_Qi73Zl{i?WmB;}#zI?bX1c*-aH(U6>}G&d98@1U8K z%UB1=f>%u1EWhm~UU^y5nPwEixRd3fj=S_Otmu4yfbR93Z)iNoi;D3*1O&YZi!nL zp7vcu6eBK*@=$yxQ!-D@KXQ`;FAJ`~yhqVB)cvXfuqFR6UcGcpA**XrViQVrIOHqg zsM)IWw9XSn>cVAMiwQFDWlL*jXj_56)gMUAcmL21`h81N|M9KUpe^OvOWZ@57mwrJ~Wt3V9gqYX~VxJxaPol0q1e>J4~G6Qfl_zMS*SDd{XZ z7SUEWQf|*(T%@)ICXMwNwRJVcL8-9X*(E3fo45< z`u6s0uY)^Z-WBt|-RVDr`@ij*zw5|XfF!n0c6b5(TT-TGn{0Vntr#;nOwO=1c|b*PfURkjKS2DDzZUeS2X9 ztG0lx|J1r|DcHPfGY-<#^ZZAt^09^D8r*w`I98b-=SqR;8QGU(Oo z;ZI4mmVGp?=vVc{;2x_=s5Q{rRWn?bGM>qH-Z?kZw1sQjIe&2cbK5w>qBmx#HcHkn zz0uw`?~rdmSAp8FuGSf|1bMVB@qb!i1Zqttlr(w{`8X2)#>SZ=Q7)^nlKG~s-eY6Z zt6Avzn5{FnxfM}K0rz$XCZggVHv&RQkd2Am`B?7R&~ETX({5aGsBNQB-PL`#Z{y83 z_e5#KxSiGgz~<0npjqtB#Qx2G8eu}pG5dh5F>&!j1;S~0;LG+w-6SYBZ=D&ndhlw| ziM5(aG(F_AN3Xv4Xxpy*2_7AJ$mjSmui1RZqmj3&yt7HE`?^r;yN z8iF8TO;><`8BcS7ZmcZYt7>`;)VQU8zT7>GH6DDF@S^N?RNjzo2;~%G_+g>WbB%D- zjgHs`nGWw5BpsTT-=^w^?3 zfwb^fgP|=En+=`pv7R-~*8R*%nN?aJE{1q2Lhmm`F4{z*NsF?UW2*NDzm%2 z&Fo1&m##f;mn&e^q8{=9?d`Y{F?8lm#r5Em^Cv!EsQm;KXQAINqA6MUM7{S6FQ$gC zBNAiR3@5I1CJ=_Pvd3L;&l7{pdm*2f)Ia)d?AR3Uk?Qx6+TiH2B_3Ep!RZlUSK)xX zpif&iPA2(&cSb)Gu1}MMnWx_)XwRohbp3h!_wo;zmWwot$hZ?8TDl_2I98CDy=r?K zXgUl_fVYQhT5a(U(>1x9&Wj2Wd5NPH<+jH5<;avvK36II%z{}|&GKqUoZ+J|R6$fu z&7xWMT`Y8{2n>!$?7U+#LogI&NGQvjkE`79u4*COxVzO+#OAAYYLyW45NEi?1eFbD zM`|HEp|Gol0F6s*u^ggDGrs9tPpoWPT(*9-YoepZ6p=(lCSO<*1KanQD&%9oyhmY` zpaF9>-fa%n%x-H->kj=7-DPKPjC=n4`#u~0iL4!a?lZY~<<|*6Wy$WumruS}?najG z7E6%57qh?7!*9k|)-7$@)&_mc`lq=ktS?A!ylKULD?6B(h99L|R%=tnw>`Y+k~C&Y zhYG11!B)=^6!9;s(Sn8^(pI;4o90BL8hnkIlsFUmLsUa8tpw%`7Lmi0S=h+ppunfr z(DT(Serq!`gT|~R0_WVfI9I!VBDnmfQUDL`$}tO;(XM8RGNHguD3B+DX4b4GcAEZn z1lYUKZ5A=vV8z0f_}Ph^w?Y|Fl&a@~`+TUKHy@)I6Ql$>Txn9Y`^XPf4z9|bg>y!0 z3$)HR&KDtK_M8%p44O#Q(CZD2G8V#s9%yE3&LRv1x>AgQqGr2>wB2^@S|Sfo!w_U; zGVIZIXw4mh2Cf-)DSXO<09(QDe0)zhn(HF1{{(oMoVP~)?xF*vD}($ERhV)sp}&kX zUTgn0SH9XfHC7r0RJRE;Pe?bBl^8b2ihZ4V>&Hz`zip=3#L95@sxT73AE53t+HtOI zyyWySoap-oV-IstUqE?2e~y=kT5X@_I3(4FZpT=~BPk#r68fozH#E7eE9x$9*S9nV9uLc?N>-~XIuh_)g|aC&nX+vcr?=} z^;JkWx+#-3QZ={`k0OcS^Wqx>4a`{3&gMkbNuc2USO~Ohav}7)u+WUj#%0GrwN8qs zBYkA04xLGdm^(876k#kCD~Cn1aja z{M^FM*%XafA|uUvu3M((fs|N^>+Yq^(8^yKt%z|7Jbp^K+)xBaUWck*nJ1?el(wsT zyOJY3a+U9)>RCY!B-PJuOi)pyYs!}!xtJ#*Gk)DhM4H`kEe}Ln;GEAq(Nfc#wXE)C z=$}+p4-r>&tc#E@F!6f!@}K6f`-gTk=NVTb4RLDwFOy$tsYmtOBul6%c*`Z5airf( zPKEK7IHoB$GVVw3JAY^|eoy1V*=0%^l>>S}zkbY4w1__QtIX0I#6(90u33P6%)YRwRrhA%lTFr_{Ar4vSA9TLo@PWMW9_E}+dThPg zIeJ-Ymi(=Z2T#Y&O{oVy1C81k+pc6h)I#T#X!w-opw*Z*bm!sugykMUz_s>=sKR6T zE6w-UBIAb5rMcx=Y+09vz^lF#Hy;Q95R!l!L4zEbhVPpn=K3W}A=~9pm1zR*O5;2Q zal^i#zJ56^_+nL+GP^r?CezyX`U5OdE!9rzl`6?pw41k~`2K~s;w<85gAaNTj-{zF zg&o>n%_GI=l;+pkN!EM^^f>UC@xEc438ms4RT zXSGfIZ8xKBh!P7L`lA(n0=Y!wECpWLu4upmt+WdSmcw1*J8GaLc`E2*%jga&bkC7; z&<4XH@`Q{h$4b(C=@zTrJpkW|0GZMja{EB|I&`SbM2-69-h^NlKVCsPyh@h0XBzQJ zG!SbeE(57)Kf49|ag6;HRpa0V!?Htnv%9yt%ob2&Uw1xRnF&&xpF_@LS$9XfU3t6t zh1k#I$#5KEq8d_k$hR<7+{5Ri4%2PQp_nacl=mvppaxK*d?91CP~31G>iHZ=eVI;o zYB1Ej6fw8<;`bcx|HQUrF4E$P3cr5zYi*3O^5ZjW#*5rSPDTWaf_40Um(aIwG+)7X zo_r_HE9n2TyiTgDUSyuRsZ4xThKl-uO<%EpFyhKvmX~T{RMbkwtz>f5{hYxn-udm{ z$F0^|^~JgrY%~i6Wlj3RiD5~vMi1n1*xVJt4mHP&K4i1Lcv@o9qL*#Anj>CD!&pxy zq)RGpgw;DOmw@javfkkB)SX?+Z<{3!?SiZW3{|a`boG{YKFR+&WcZ6;O`t=)5LlF3UP~zO z*l-9bBtQ@OeyvzjI8b+Kz!v~q(^Za`CJ`K2)P$`>;!O0`Zm*Hr;}7zKJ;8$=zNIEkdzvJt}XN3aUdqo-A3396LnDDt2b>2=QSJBq}qaG-q{6df6M^Yvv z->b#5UVShIA*fB&f$Wo0kQf9xpTRT)2r~J3=#(=IECCPKo-4^2BqweMYS;MehgLY( zS+fFGM#!oitYX|d!R0?&|Jfw~lMU$Mr3AypGyGA^~duBsJ%cH<=dHvBK zZLpTq!uSi0f?=s_-Afs_8)>r9^;iKoLUa?bx!Q!k)P|dlHasNmoRh>rq+C*^w{9>1)4drBcFAeE`XpxtO*`-X zQXg!wfyT}+b1;vwIU;|BIkAD=wamF!rk?{H3$i7H%C ztBsyv?PcAYHm1hB(?}Jr`0~SKit*a+RlrbTXa1Evu#aS&TJ&u8=RR)!=BXJ&!Xe*L zP1n9J(TVing?0BXy+8Z#`}@IMkI)5YFFF+uJj~3MBiQF%BDS$raOROI*YL{|%!!L2 zcLe(fY&0TKBY)ht?z#RwV`4x5I%&G%EVSylqrOL-+@$mSPV+jQ? z8SU3^yEco)=*jT$P}%H3Z`kq>ILH=UUk?Qb(V<{#I;=82{&^0DCRz&b1`i9zr&nQ= zN}W{|9o(#)l#69AGfOkjpW;oOv}}vjaLiJX%S_XdLRJQ{Q0Pu{h4Gc#i=r~s?zb&e zKF7bgFvX6(^nPsr9K#Ml#D$)J8buPa1kNoG%e3UX*FOzoJpD!7j}p>Z&S!(FCn?{5 z)-PSVd56wQD-2z^j~k&0LPA)Ul5MtzR8OLOiI$$bk{}BdiY4&REoA8sl_IA>&q^Dv zw>7;ePSbB7-=xw4RBAk>T?PB&4*7(Z5o7Nesu9R((XF`3FDD6cj%Oyhkbocuu~8&G zCW$czf|e50&_uaJ3KkR%us~wjcmPk@+|rBzHH1Px^h$nitFMomG7pSV>s+zB-4x&H zR)fU{AhqT3-gfaV#|R8)z*d+Mo5O|jgLzM{kIs2z&<`;`9P(Xuz{oS+Os0qEU(Dag zYRD_rB?MMT(q<+8ZG(S9a=Y47WROh^49&! zY=!%u=VIjl8~6&8C;%IU0JdW$T=M-YSL@ie#-UODsG%h81Wozbg7XrGWiI(Om8==1 z_bsDpdD1(%XOucRi}m&O-52-Sml%3KvQphA`iW7m9^zSXUS0OQALo7wBzYEJK1q&K zs7)T3`h&xYe^B%P0=4avV!r1mUX>&Xf{0V~4~K~{15mxwc6#K}%m?pY1K3vPfO^Zf zLxGywh%M~tVg&RRq!_w+DWel)ldsx|Q;&AI7;wmkCeTOshu3tPsQu>+rk}0)I0Y|8 zcp1fnd9=$Uz?)h4x~Akh(VbFEq_wN9bX%aWXoiYfa6QRRdl;vOR-fG+^XgFWPXb)d zAQAKhm}gV(Di4d=ZO#W?zGs*A8eti3Z;!J~<3}{`i-pIHkTOXwI<4Wv`t{x~^#)qw zMB9jAzhbTP@m-U@ahF2 z?pfEe2IgFT{`Xzs`|1Vw*dgCGvBx!E!oE!UG-RDt>i9lO&bqQu1Fwd8_{#sH z7}khnYxGdg+)AL@Ta`F#XESk6Ds`lJYhi|CJdt0YpyM%ZNYCr0MYO z4lkES8Tv?Mu6vf-y5RqPIH??arGLPQ`I36bHyqxmDZ4+vFL}U@L+`JqY$K0o&`$o} zP5dji_@-6EZ!_a3-&&C~vu*FLA6(hj9e8AwVqde_{a6wjpXie76+fGx(bv$|(D33b17`T$9 z0+p1W`rgV2U!opje07vNZMz<{-s@g|3eev3gKZs%wBoJZkQbv*_8I8VrCyS%8DH~A zC_rhmSV949z%!tyS$54`wSM?SUaqE$x@4h3P^=;u1q(q+Z}uK$7uGm z|Adu)!6tuk5wDH7eNAKRMBMt+0&g857>(iR;f%{2BHZ4b!8b?__(bfpxEH=6|M+*@ zz1``0wK~|tz_XQ&OV&YGO}iF}QoeUJ=S-9Gs0TBC2!UWf8{wcr?S|{cb)HO_EO(!G zKXFVXv>&j{<*!0)oL6fjQ}ZVB?8}}e%(dTUHP9$EGPMO-r6ngl;)&FzZ;?bEFF3XE zLi{tr)P#^~k05vDTqAq{M%HP2Ps#2M>GEa;xMs};YT8;mkS&ygnLf1%OJtvrNG~Wq zvTl29slDm0Kcv`6l=JpMmG_J}y9Ur8#=cPWw(!zzd3Gejl==Z_4CxjUd|Z*4CBP6h zIVL@#<|R4B`6@!NU%dz57_m1_#oqpLk|pg;Cx`J z0C%}Y@l-PC6EzY5XkfQ`oWt8^+Ih5NqBrtCJ=FMRN8Z8N?ej+KTIz>;apN;I_G(0k z0{+b$EHdQw@dVxV=k*tQy$OmBmS+Cj~}nL ztOhu7w;QxRVWvf*6r)70F1wSi*PrRM8ritofsu{-C0a5vZ8fxEvA23#ls4)5p)ST% z7j^1G^zE!6WVFtjj?RgXdt=#=4XfslN^09CPDmc<-VnZNDjsbHG(%XSlCF02YPSueU&l--FM9m8(6bmx~ zrZVOq@7j=s14|(Bei_A|#Sa3d(-(KT>rT#s#AqULij(GFX&Atk2(#8nYcp2?fUZeS zgcufXr{oUq=InYuqL?%8QX*JkP;)k|+As)8vW8fDL#)k(44|Tu0D-qSGg#mS@fJ#~ z9qRmRBz7D#zRsX9k0boc5qOg6ZBGS5e)!aSlQ4WzgsybXg{vQNUGy!tdQlEV$vbvA zWGA_Oa^g%NZ6hBK$9pYg$tSZzx0%U6;T40{)-k+PmiswxCMcN46k+L{Ijteao7)!! znTCRMloAa?=fO(goYcunzPy^VJeC2}$zVPWU5cj|^zjF*l%0*#*KS)^XBx*Y7cac^ zjo}03aq}#wcRy1v?^k@z=3Y2aJJ+cF?;7dwaYL!WdW)`8^E@`z_~^-Zv}Die64FN5 zJt=S1F!L^F#FJl7&qtO(xLJD2kN%adFy^?r(;=Vg%4rFSPLxH>Lq65JC$IEyJuRPx z7*{XhlNU)a-wGPw$$<=YFgCOE*t?LnTLU2MlbT~?`>ot`jQ7RX=<_fQaiGtBV&g`W?S3kBvwSu@DNX9An(+=P zYtT=!Rs4L&w<{5_mLEo|X^C zvZ3U_ff|!zGuK;C2ApO9_=n7jhGZ!%aO4SGm z$AiGb&*u|leW(hURz`hzp;)sFFw-7t_0$^2qvjpjj9^^Y>w-F`LSa++*2PdcuHeH1 zwAD{5s!o;BZ6m;*-?ErdGwzpGd2ti~KpE$r1764lUplSw_ z0Dw*0Q~ajB|^;pI|y>zhyT;^+EP^ zvL)>OHrA*%XGHYVJL*+hRf$5~Voe+RM}p(F&<&$gBBgqHNy5+jwoJy#a?~t?T~Ltg zst{Cojj5vRNk?wv9ehj`mjoJKRfT3I#>9_g<+1E6Nk0}B9kUetY~dZs+|XaP0Cwx|Cs)uddS zFdd1k>VI4G0&`b!xci%24V&-LmA8tjdZoj8M4Yid1yd<|0UmgdJll&13#%;w2{Utn zsSYU`q*>z1keRJ`6X8A}McIDY;;OSuP7a1ARuXLA_~L?hL>4dwx$@?dn8i`?^a;n5 z;KFXF4>1Y%2)h+;xDk;4ugfc}+Wj|lYxPh(GEx+C^f=PJ>d+Bb{&?sM^O6aI_De6j8i+9O+v?vlXKC(D4zuLB~NQn}UP z?!O$!MOSc|zN=fbxOKXw!Bnh+{^`Ts$*>>CFuOC6LEKpw&{h*G>&3I+v)~3fn6P7ft% zbFU5uy3rnPWY|K6L9G{UW|@8t12ShVG}KSwtZzGnl$!RW3c6*TfBQWsLD>85#EN;M zYMUzfGvVkL_(B1dM@Wpv;+E+22Con5o&faZ>8GJUC+HZW*xGQny{0N>w|~~ZNz#`a+d|NKB(e|r?7}5qlpO@;{j@NC zrF2>5Zn}asvbvO6nRO$^B6|3{vU@63Tw}9wQcy-BIi#;&koA4QaMy8DZMcbQzlHQW zgp{bk4vVu3rOvVGgU;v-IxmJVkde{iK|=lGpL(QEf98XrW^=c%E-Mm_)|AZW%-k-GM)mCvWpS$`T<03sw`sa#%DXq)?*YOEW}1#>Ta3Tj^)%jgcA)kx zru?TbAN*=_;#98FuWZda*}=ZBoyGekWB|Q?Bad`N#WLV-P z&6Sj6lhf{^z23o?lk0NxnZvih*i=GpxYThM_pFHAUMUV6R_t#B-#+5jUqKKWLGLo4 z>r5jzj5XdTGh(NoWQN}%|m9OO8C6C<~8w_KI9yf9mLCH=qm7z}Y1u>C2m`leuQ{DwcIPVM( ztY@?dxvy6`y-hA34F(I`b6{9jrZ|`4akID!PZkQ_@f}|hxeHY!qyxsU7S_9&6J`=Q zeXnuQ~)}Y zuWq(Te>gERaroDc(s(X(chyC=8$;Z`WAAqWlKK2t@_(7nhbgVBKFd3xy-x|4Cp1|L=jtbS zHvSN|=%Aly%MEw`^Wy)F-G2G8@3FBR^mfoRNa2dxNpwO*g5laDllzdxPiM1(wq!Ep zR(2UJ-=$pi8x68)IPz^ZRC@Wid5M@#LmcdVi`3QJLZCI%z|71@hZxs-n%^@@hv~(M zz_=?!GxqlJmxjFBWnJ)Vc~m*XHLPozf7|m7B^+=5{IfLvw;mOLL}~mR4=sb3k1_i{ z=#Qmd-UY=(#TXn^J#hja@_q3=6wZ>bi)A5?HbR$L(~aEm*z1i7zRH1Np-n)S zO_sUo#gI8?Rs$|4dB~9&P_HEgUkO?E-Uwhlh1L-x8$akMl8JAeX1W>uLQ@MpJA!N>nYryX@z#kB~_To`=ZqbMKr zkP*J#yuX!Ar$qZ)FNRF00lm zl)G;wbteRFd9yO;LoNwCVnT1GA#cmN8GTyyQ)fZ$wdVyWsgo|Ss5gr@Y3IyW{PjHh zudLW?olmM~cU_W8kZW)n{X{_fgH8^G*zK^$Ot7`MnZr;278>{mo$fIgY0hh#^=1WAxBSsWgbrs*5j`QuG zrhh3398_7=jJUV&HWPh=v@;m|q%f?Y@ZA$bwyeGRR`pLQ+N0JR6OZ(AI1_Sn4bhaU z^VfE(*%L3SBvB)db%Rbbzqw7P|BNX{9GF-uULqpBJ91T0S5f^TSO3xJ?x+&qLEtgl zzOR?A>aGi|_EedK^B-II_#gWE@BH$sfpf73Kat`xzcu}mSS~VpV3j{<%#KR>aPX!# zvS+(|VBG`c+2!|FtADYHLOJ=qe?Q)ku6jRpsceO;LLOjVo}_GP90L}!R^Q%1I)pyW zEud=tqn~kUeSVWPqa|7hRmq;r!-zZ9 z+88)cd=TkZs+P)%`mt$pvWhU2N8vHIES}Q$YdNTOA1{;lSAh7sfkCj_yjv5*{u8W< zj4DZTf)>9?xaM7&r9dVoMD%MFk3);#Tk@>=5UcYgV$49JK-(CFZ#`vI-_kt6;4Xhe z;;+l$Cxq-Oc}b_!xQ?#ym5vLWovX>b^yE5qYA!RCJaUDo78ag|f@#TP zpX0UU?*}nFUh)YMRh#5Llces7X-{~A!|!#7kO|RuMrAu)^#nx@s3?KvWL<8JA-oJIeu_QYIc3{6R;*n5^f)RoZ z{e^fFd@J2Z)6D!l^Zer1dnNl(JNzDBH=lOjjL{2SsBdy^lF`BL?}2^i>r|6xbAH2o zZ*9yN7M(e&mH!*$yL)SC-Ss!f_YM~x{(n_7bJ7qG^lGq0d4pVdn>X(~?3 zo%X)hZ8Fh6qk}T1-O_a2zva*JLNuBW+T-x?c$n*HN1f83M|)G_>;5OqNmx%C74@>a zO`{%YK_@JZ0K;EH)tD3{vZVc{uiny9 zd!MB@#6`yl`}pc8)IW}b?!Fmlu;D?;wz3OX2e@$@kr>VTx7RBiQom;(^66^Ujt=&@ zhcCizIDhQ>E|lLxD!U-wCL|!r6y8!gGR;t1Yzo>A zPI^+QmLJp~+^sP&QVK5nVza!DY6rfvQjfN06;qBq&gnY0cE+6{TZo9m7x9eVpgKA#XOn@F42y z*JDPjq5IPc%RNJ%(mzy0H*t}NdqM>%^YA8niN zZS#J%HVfF9P-DE*K_@W()r*h1tv=f^<0_5xM@63%CMx!@F;gX^?`VZA{zJY8$liBv z!z89OBAZsl?!ol>ql8w6_L=%?kbl<~oiqO84HMgl3X-IU-tq0FgT?&MxaBw8g)M`a zVVS^96^ZX^lg3x~+HHqZs`HOTZXNOk^?reV=i*;q>Mr7^VXkblRqd=7ao4MFEPD4s z){gl^8SHFD!FPkskuwStc@NUoFA4O0;0+tQ26nweDC3u)F?HP?B17CxqrA|rbTr#3 zKNKE$%pnw9>DR}WZ!f=5>%Gh1c9k2J{SWru1FETQZ5zejWh=caQlz)go1lP{fRqpt znsgGHw9o{$3L;&)geDyliqrt1CmFk1?)GHmY>=e>&JmS7=7^o6H4kOyxr=yL8i5s(eld&+029V)8jAz2Mk% z0~>8#)w{2}DPGWlh8?~qwzm42?Q@>TRR~;XF-SszzT|# z{3i)#%gaKmq=027W9TMo7~Vj5R;Zm`JM)YFJNpq({*S!WokxQ8fA2;72mkZDoT>PM ze|lbtj10!UszPQXiqAjL-8X;Wt@z1(a;IU{Qx2&;x}Ex$>IPM8QuyQEt`xipq6S*i zsi?<7Xkw96IVg<|hTmC3?XcUyf93P;-V=GpRwwsA4Qn~k?H@z2Mcax*o0^{4jc z#VaFWK+*Y9mpR5qn}?I*(`z?%+*qjlgTz`{eQm1m zb3ZBiMvsJ;yrZ*hvUwa7i4hGV!6E@+f&{kX&g^QPP>}nb!FQg9`CetKV_<5s%$fAk z#BY%_uIK8u577vQM+-pFpiBl(zRA^5N1iIpk|enYl-ux%{BO!I3jpWzW0+@Ao>@0h zR|mP;%QwFvN#nKQ#}A4lR1n%S!18DVJUlGRH=*?o4Oqu=9;9XwWyM+Y`9B}#KYghG z`PlpmeW;ks%i(p}m1(Q?Usye>3l|%Y{6z?j`Z(WH7i%dC5)9jP-&#?;vevx_`|a;_ z;QW2;nXjuWrZ}r-XP`T%;Rj{kT5qS9yp`ZiNG=&&&rEHOPchBTNJcV@_n)!7{rHzg zU68`Qs&jSIDbCv38ECPMn%(bP!*n7}t%MW&e^DsknYwRwvdWPZ^GkX(xxj_ajl?TC z?H`1Eq0m=(`e^@c&$xH|sdy(%v%wl(_tLAS z{YhH35qM2G?0JV&q$wm5E#E6+?6F-44D?+dihDL-bI=*5;i&;rHovUV868mwSL(LY z&eU`Lm6z6iza%EzI? zUUsUYIiPv2ilh?X2a?Ys2Dl%1E~cr^X+!dU^^UbV-rH&g6Jz2hf68tEFD4TS(r? ztt~v2{$cub^d{?oljCuSNS@6{T~xT3t6`R2xoL`OJ*02-`X`XBZjr8TkrKLwQ*Jfg~TeuCjs8vr?Ce^+Qt>GmGM=4Iy_#FO-v)Fs=5yEZeWn2NOe>Z zBbaCmA4BC-KA-xy-g9#kDb~UN_(FY{0FS00oD2xiR;oWHr2hFka;ha!5i!(Rl0yb# z>;YA+ilY+;>gbX_E)!M-zqZ|md0u=rEfapD=cx|$0QmJMU)8@Sl>gv=w?7VY?_5fi zD-boGGqrD=+K&H8ab00`&gIJ9ZNEvc2Iu@Z^)WO3U;mNnzHtTpq&Oz?QEijMLTnZe zeq`)t>;@hqSY7rT6(_B!C)b4kk!t?^?)hin0h|Y8k&`Q~ZzH*s?s2QU0Y95@-D5lipyTiw9`Zn?m1WGOFCFklIw?1m&RMnXAwH zH)a_2Kd@YK^5o;b)#-Q9Q(d*;3%>`ylkg?B?6!E*YS9wLOv*_W2B|OV6lm3VQg=S4 z8Z^t)QX;DQJd3frf#!XdNL47;7ttSX+|qWsI^cP-myp=COt9G==^83T7EdDcQoMMx zl2Mi?PY5D+BECMc!rkf4Fiz<=4;gEzV>E0^>u~@qij6uOi?|^L=d<3GkdT5PY88kE zD$Ejl%2kpf~^z1ur>i4 ze{++ZqDypbWzS;Z?3IxVZ`0R@{i?w;YM*XpmvW?O9=NtPzOicAJ2+0!TK75=_W%FA zlBaKDNsCl}=yP)ZL29`GH>TUKat#O6D>TRz#4#_R-HHuLnhIs$q_?a+J+PYet*pM~ z1JrWZAURS9pj&?RZxc%j)uG+JfrET*zI zJH^+6a|A`X*IgVHP1Cwua99MdQFd<+1XCN-?hU zO~@h)T^oqA-hR7##y&6X?!}cuHfXs`Dh67ECu(FXZxFLze)0KkiU$elvlQDpbQ9=yRN~+ zBU8h7XCL~rRi#7Z#B*&NI?J9EasxJa2RnOspkG|%KoRBl_EPI()vsOqJNhdM`2vIQz0CFdzwTva~j zNey?%#E^v@`0{gcp&XarOeC0Zknj=wU8H)3E1{%Nrw&TOqGoZoB@1q8rAwFIjR1mKw~K>FmRT9l}~sPebU_a8F_{cYL* zcy(C`!2OeAf*eF1t9UFV*?y61z5Gd${gYzs(@tQ+*4fUzynTz`KRExfV89N=nV}#oWsYFr3t=Hy}qrKcV z)G*@6zhITXY;D!82eG1mw4TgL>vEQ9DJJbNN|IQx6~=whSXD_qwze8AAHO_h zyvNgkSWw1wW;0}AFdF?T) z?Dij^WJ2AT0X}i3AE+PL`VM8khLcyt;yiF?dJ&21X8>bV{YH2N2(jFG5C@_jU&Yg$ z9db4UxF7yL)93z>qos60pBS)=*|J^OX~urzZZ$7r(InWD&@K>Pg;VXNfK0EQ@a`Z+ zQtcn`2`wpQt;ZE}`;H2$r8%K|HX1XuJYC{<%$kfxZqxfioj1NgC~;1LCaZ$mzqObZ zb|ts>R&wk3Eqr*azY|?_dLk3Ri>)!lrcocW$`FKJdPPb~KfJ!b2;r!I7qsh5EpT6Ckl^CHp<40RIT%Lvt zROvu7ptUY5;;zkLrw`lWpp>kmIfufRN$$@E+>cvqesP?<+XmyD&8K{P%fz{(x?EyD z;!WK#Yu?dfaDMg}_^w6L?G*r4ggBfie5uxH+*=uoFi5V}h-zt)FmE@oBOLxneOD9H zQlP`|JO}^iUU0|FAyQK=E^xm4aqNb4F|$(PEopN?SXa_JVU6#(Q&8J1!<}G>gZkB; zMRjAuScPydH@jBp@*E*nw{{CqoAB#NO@ZOBXbMmG63zO?;K55%@$TEzt$|vp)PGPcnqEDK3IkuWK>vQxVG0c?|C?XSG+Rj8S$_ai;+}q+mGB|8b?H@%+GJUo zIrQb5W<^Tb)2tIofwlaIHjC|t9cFi&qZ_O&8!Hd51O>2q9jhET8;|HPM6}H5#@4e> zu=%#N`op#b7Sr+2q48+$~;H0{#ykObeV&UBYcG^SAR2@qgV5 zNAOU_z0K$rGKr0S)2%K)o>`F(FT+H^LB`n|M&C<|6_oz$-=FjMr+ofbfB%XjHEFGn z#IAre+N7Fz4BFIH?5Y?OGGCNEC*yDY5>}E{m(MX#_bj3>3C;p-k&0|udO!Af(NLyf>-HqULzH^*1xH)JO<`W-pM zQl8JhugL!|r$0k~{{8^{cMAQv6t|EzGYY`>JSv>&Za_kz!$g`~fqAn@7aQx8T)3rp z-c=ARR?*LHgm7d9c3zH(alOcGcH_&XI6c^X-dI&`ehEuF#Hw#@y}Bv3E4u@sJkmy8>AParMpEb9=c z3fp-RF|Af(F~cF8L3bM!{YdLXllzk)g3mmAq(+bQ`Sh_@Une9YLtV;04obOg<}FF= z6Su5Qwq11>fc?~S(hW(D()n&3n-BaeB-lwS+tPk8f?GKmsmMi2YrEg zkb)LSz@QfS@i;_}*@VQ()&r4%)=8b+V*K}3hkc=k&Z7=yD9MUSv`NX>HEE=VfZ2T4 znt;sC-it(|&IY~l+}V_YjHm7lv-B#|sM4IE`&YMO#>!c;1^Q>jOvB(k@M_{ho*V&S zvoJ3r4|hP3YEiOcDhdxW?doi;ofg)0^VUztMy{f}!Cun9lmz`@)C7aWZom9HtVv)_ z)e-qqPc#$)1ynVJ?(S=5J)DOud#vE79t@+3M%onXKc1Dha~enTYU?K@i*|g1acnJo zk@jh~ujnTuNbyu@{g(0zo{<~GgOIS~)mAav+IMR}kazhKq~wE~5;=nqA}_0oNkHaX zBA2?yOOU=XAddy7R{h}*m?t_j&0FQ`HC2*aOZ7^HC^OZKrerr&P;Iea>`K;{M2dgn zC}t0qdH-n+K2?|HQ}({OYW0VEZ`zhS^x`sY3u@}vCTROSpjVca4hrpZE?J!`#UneGYi~eM+>8#{ zLbk}l^agSLCt5nToHxbBA5Bf@^SJ8_RyCN5yvJ(e5bKL%48>s`D2lHZKwt?C4N+$E zAACeXv5S%G_ly0@8t_Ciuvc49f>a5a^o6`nsy}zcl6)T1N-A>W! z71b@3C#(Ag$L4iTCy?6u&64eFTj13zdL$^B%yh^sx=Fu|t-$nTX6OFp2InV_y-s## zW?hU`(iU@*ulapu%N)swU-xY@U8E#42^Q5ye=`h}>G|a0LT#X-uamM~nIF2z^-C*; zR&nsb*c-+fW{2lsGhHXG7Yh;V6}BVs#)!Oy*y%l^e0j4E*inz2`!cvbL+fmQJ8kuB z1`AqD$ZMuyw8J40Ebswe*tOuERD!25X`oS&B&VH;7^sB4L$O=Yhkj^B+NCLABy-g$ zF@7F^;tR5IL+~DJkMU}=c>`z{kjgZLyhXJ~R(KEq)0UUjvH2!`TxP?y^TgwCZt^}i#pbb`Mvf0`?XCJraZA3X zWS_aTUB_-w%}jMPX)`U{pW(`{EL;29$rC~+CjXjhbZ>F4_Hem+UGSKh%P>}%UCe!p zV`<;W9C3*!9<^EU9^Lb|S!`5pI2=+JV!toX`kTa1-V4x=iuLEgPJ7-b!)ZW4(S@P* zzSU)!@(A(vDmGRXUblHD`iyO3*C&02akM^*5JC3T%PZVEU~AC&z=H4a!GpX^m=>J0 z2uW-*--sStTHm0p9T-|wWw3c z#^LWjP#SH@!S_ipv#QKn#G}ujoSv*oq$R}&uB_QC*9zk7In!0PSV4GVmMjdT~R zUpFNFY@HlbMMu=z`O6OB+2nX%exh`1@+h9#Ov)j?Ro`XN%X1?)c>>=Q%} zREp!b)$lu!w}N`{mpsod=rC?4tPT}*WzHwUOveUrfbFi^=U*+`q2x{<4J=S}jI7M% z)|TjR&0pd!E&$S{A*)tSEemz3i5k?TYYYZ?In~9cG>J}zetkXnI%sUocz7<(av&71 z9=H~4xrZ|9+^)n9+U&@rTf$HzT^f}X3F2^|2;w2KfS3U78pXP$7<&Lm3&UMa#S8~M z%(z@8)!zDr7P|Cg!_kK?gWsV9^ku~m#LlG(%b{_7v#%x%ZWA;n-%G3T2EzaX^|T26 zp0nra)P7S)AeOFiACbm33!b%sdo?d<3%#1)M#x{A&6qI1QMP%!?cs9cC&i4Ee9&I> z+O7VUg^eYh{?U+S1$^1j34{n_Ox#Opg2(0JYq*uoBq_XtOSuUyd*lQ>0 z&crjGvKKzX2-e-Kx@3gsLQ7~Osa*ZgywDZ zq&cId{guBGBvz79PNo=B!_v_)r2Sa9SMhjO3YoI46Baguv@Ckibjxjnyi)!{$NAB! z(1CVxI0RMdsdx7*_9XQnvbTSBwE}Ubo8M;`-I(ZWwHcjgnm<|Letvj6{-6{pwMde# zpJHEVfam1v{kk+1&b=$cCn3PB~TJK_52-;kHHE}TAu3O6*MLo z!~}P!q!*w=D@&t;e>2E7*4`<|K?^6YqT747t;fb`(JjdhY->qa_0$!kx4L60rZpX* zWfindR%u9_tby+5KDuyDm>&eRu>N|b|CHy$s_vXlV)T@)Y0JJ@>4X~@bzQ#u@~iqJ z&%o*9o4yp31IbZUtWOT@Mv`8f4x{%?np$=Kx{eFGc~-@0F$$19n{h?YmD6FNE&cJ& z_DmgK;4`*Q?H?)r_apq1y(lMqn>@Qt4EBW?FK?R?eo}<2i7ZhlYS_vQ`cTbh{Mm#* zN8wLd`16hU_g)u3ajR5_%jYK=W<6(Fyljrq?I}%O0nse*(gcktr?N{W@0Lo~Xrt*`H|=IQB+t2n#T0Y>to4}`2n+3KVpKN?c_r$lXrH(Hk$9pc{eXyQiR$(ZdTyqc+A?98z{ay{kkVKXUwwDysE7?DpVQmxI< zcqMqt&Pe=H`WT(K;ab7t@Z5ZkPo=76;$}Cc&L!V^_Jc3bz~~0|a|dMBOeFA|$HniG zB@!xN_%nxHWXg@O!BU)#%Bdh6Ma`ENg&Qr(ny-)6Q?=&OQ#Xj{`(Dp6qmbLI{a{({ z$w0Awpm?6GZCx=)M9ZwgEo^OppNONAHJRv|z&fX3X>cf1cnnZq>&dP&=epqIP`~g( zXN6q1-&JjWI(DwYDn!^a)^fcYq&g05aGvlq9?KIX8%W5!$DI$(nlCrXy}&Mb^|hbw z)k$W)MAW-Etsk&Z_W9FHM0>upi^@=TotisgJvIqs!Oa|$PU+YyOr+$r ztB3(ndyyN?PEL+%h;BtSqQ%12-dK$GeD0*2%qzQuuU5 z)MT5KL$1rbQm)2~=_|NJLyq9z0z#GbaVBsdJuP#_%>I;ny5-9ie&7 z6D4&eQ`ib|a2cJ8Nv)dzkw80Bkj48Uk8?`3&g=a@xLTicf_`1L>LvrQ_5{@1x=x&F zzf@gZ+9Hi$10Uj-_|&E}!6*IA zZ8tA&wEv_CCNpXbpDkZw>)$_~Iuatq%Pm`-emRvrN;${z{_&^3De*t%;=fOH{#99* zH+!w5J7*novm!B4HS#3){J^ItD?6Q0v4N)0;a#0>(IWd4k?cnlcBTBsN=KI4TcwA~ zE7W~Ro#BPT4MusZhe@)nXTR*SB{&Co7JPc>Qu$l*$d%mMh4AseNbtWpnJLR1`E)=v zejUiO96M7}*^ys&`o$bSNmmSZs45bQ;;ljwY|&8y7=la{H1BB4l&G4o>s!AnScmUH zb@l>wa17b>@2&hWSl{ij;llay(e!K=As5|lJP@$pLI%0R`_|+k$@T>H5AS|IBJQv3 z->&g&S=*{kcV@}h+!jAsm9?oP2D!vn83E%*Mhwxs(lW>PYZ z{Gs5PKfF%R5{k4F<$4cN7gyWtSf=I{zd8p*vzew~wj&i@SNiW(;Msy+mJ=07DIaK? z;`3X5``Z-@aSMlZ;;SG|8Gp(DZ{!u9wNC;M%zsii1+Kr3Ib{oM_(_pP#sqxalc+e( zhHonTbXWbN>>uvSzeR!nPN|n~st*($&2`z<;(EjwsKVb&fn~gQqkBr_3YNJ^gyO&_ zCoQ~fp%sh(ip##+y_IZvLPCr`Dbmw3f!A_Q1K{af*+ZhC?)B!=luCz&i;K|k^KXxz zJSR`1uW`D4L&sm{^Ix6yB>%?{7cSuL?bc3L{GoiEKPw37Gp7=6FFGY!%UAZIm zbnXVlWOPZOmASG{FSJp7Ql3@xOv3!MSoWBVaX7!#+HG`9b;jV;-*}wAp3yXgU?b_1 z_v>a4_DdwAv>pQcW!wD|1Q?BvYPM3g-mUMQH1TIJZ7?e`p9OEk7-*zSWCS!GeBX&) z?~Rz=k{{~$x;E0r(|cad+t|-}(+`ut37NpXfM3AgVgz(aZ;!Zy$iZL4X$ywhz!V=? zV{MY6sQ4Ync!3i(L?!$E2xKiy;!I6~o$j@KjpxY!t!hzE%=$p-*9kQ)^{+gQ5#llS z18n1Trt{vzJO~`x@fnZPqL+U0xa2Juo>zr7MjM{mSu)?*!5-$;23rWaPycG5&X%x% z^h|mBIjCV} zrvPJuj?%p4ObuFyJAu|?PhecmqsW^lU*g-^)kL%Laz`%@Q_`5bDpNIy4+ZzU)_X~# zL1W!1%3M0H*)t{)bHn*-JHuYCPQE|>I%_U>h zsWf0iS{#3idUoNQ?AA|;>A+L6v#(BBZP)*7|1A8}hEm4pC&i0E?X$ek>KwnU{U(Y3 z^NxQCYgZ)q!{{^0pA6&xGXc^ zRh)g%XJ|A({djq|-SALHe3jJjemaDZw|)}*{$yxizNdWS-ft6gURq{*cpbT!jxH|| zY1;REzDD#imfylwcVb@eQ75qwCVC_*)-SVs?}C0A4%TMr$Mb%}>(0Uj6}|1auY||F zj*pdmv46qGvjN`;_YK%uEN9Scz}U9dV9Qi-tMS@Q(kUK?s6yo8^#_TC?F{oD^jmv` zofTGHZ#?VsjO-eya#C%#AHz+iHaTK3i4|^X#r2UZP2qWUPHmFBI{;OBRqEEvV_vAt zsqU!#PYP&j)5ynl*6aK2B&`0n(1~a9SsydtC&j6IrjNAwNm&OTlV=}nCX02#*ZEm} znK@#sTQG_$Y$Hx@)q6epA)|Qb^N7%uH*GJf+g+|$OPPSBAWe5dV3RoIl18x)`QKW^ z4Hat^E85p-2+`G2KH0jsw>W8;t<~A63{@5_>8&-3u4nlD%=JB8ST4%Bx+P-l3r{wC z<+0e+!Ng=|=JyHG?_DE!M4!f6NAyQ*>e)972T6&H(YLTJ-lz$_b7Hu=$W`Qv5feEs z3n;Cft#I60ed7swYxTmT)4nA=MVc|6?XFv;oBQ_ctY^84`H*1PL%*gMd5CXNh!uD-5Cj?Qfwp8lZ%|9&=m){3i`LPl9<6;b2&8N?Rk|WVB36>wALzf9aKf?Sk_zK?Nj9M+n(R|=-VueO=Nn@&0@Zh-oI+l_f3a3h2N@~s+j!h{bGr5ltJF7 z!_0bOM;NK%|FSNyuNUq$d5j%Yxcf|-&QZ;j4&BaOsq`gaiW=Ag@;wxvVGmmulyCWtzxxAd*}M1p zz0`-|8l31K^i&h%_NR36WH6mRrRK$JAvYC@CB5eOLl&x&1U-{{erqu$;LX6|+wPh5 z%ge1D3f1B5y_&a>ve8qI%cpq8ND4UFh$=NwJ;XkQM13sOo~J)cNS4#-TrI-+pFxIJ=!$aA)(2XBe=d z%c#MDbd)O-qMW(l1To|Tp<0FpJAtfmT771ge!3_SuMkKjO(9LkHe#iuuHsv)x;i=f z{F(**tNYBSol_H6-ju=<;vUuRlw{fE7)+}dm>ON7*IgOXD&a`CPM69X_Ypj7#jVR& z(bz<=uP5;hl~|M`P*U2$>G$J{rK6Eu_wyiiRPQmiHc_TvMcEILj5J5(5NXibpN%`qjd`M+6f z$KXcPJ{jqvk`k0-zaYNxPfq5KiyuSZt!D$)b0f;73o12)gAj$cZTqTm!^eHXw0kC( zyjFy?6W=~BUrP}Z25;u-B_Wq+O=~@+>WaIB*rs$))O!+wkG|~&JCR@vEMYL-?77tL zdCvLdYt{+kG&kZ1J^79T^f0t2Jmukl;L)DKmp!Yog|+PO{0|A5otf&-vDUOMF8b?? zr^Qdabdg?qZ4l-`C?`1z%OFI|-q?2abcz0kpWt~ci7sFBu`mPyO!~lgpjW7g^SB{6 zUYBZWIG+@~kx#hp$3%C}+E=;ys4^m|6_B92t!?WTyWJgBu7L~-QJ)1KFv@>B{vv(> z8-u$cWTjP`hxTHhNM_=)k?>9&`uqvw8U~=-=Y%HtVY)~TZ&jaVnOqyR*2`4M?+mA1 zr}m`X(tthsbaT3Mcj8Wn8`aqLDgT1*lYundNRd6|F9+o#e$o1-oHi<>Yp7aT4$C6~ zB9-tIS4NOY-@=AkM-Uew(s9TaxXW)OW9>J548;mahS) z&sP_Yvg6K=7sxurLxnmW12{Xk4Hy1 zqnVO~&k5$t3c3bymS~tUZ_q#~VCNxHNz#$nD655hIZ+#q$(lq6dKLb-iBV|J>sP;+Y_k*dqly=%7zlJ=h7l`Omy_E9015sfXf|8l8(B)a28AN)- zUDxz(+k7d4Wzr%p@>mKhdK%NtkHy3oJQK*sfMQjVt2J?_mjQ*Cnf7y zIx3)UjJnN22RS(MoZ%85w5Gy4F|JIz>_zT{d(eX}VXwoDD&T#Ot!D@8~Vm3UO(29g=|E25wuPd1>m|^lQI* zt$dheq>w6bnNKT!o z37(weqpHZejcz5m&MCH84eWCnS`xqp-_c!UHYiVN4B*l=bJ$ib-qlyp^?fL75Dv^_ zDOY;h%Rit&2f=0ps;-+Zg1IAyE_7fnk%3(E1dLqXxck=+v&|u^;V4|56^X6ETM^xPO6NI?kB;v3kMEiI z@KIYvG$E!C3jA$gT%n6}ZxX2^N)Rl88yX$|AYINDC+j>ZtNn$a%^b%1K7~hUjn~fBqHD9j4z5%Qh-)X^}6QT-A91!Z;Pe)i8G0` zem{(qQRyo!*%O2dOw)c!wBgbcy@1^}lX~nUk>nT&Sti|ROOD=vr;R-hu8rXtWRyR3 z0P}Yx<~o7w_no*#YF(}~U0GFm?UK?tnX>|dZ7`u3a+9BSJoJ*tsW_7x$fM{+#&zA! zsA{K|Wu8bD-B{10jY3EB(5BrdK%gr19mgxiyulqNy7fiNxCFOJHK8Q+hlL#6(~tO5 zJWKZEs2Z?L*7cbDm!Ja2Knp9Tp^Rv=VfQL@6fsCJyclk{ZF(7}9 zxNi>0=TLJ-YRZ`3B`wDK-va`bAK2kPBKk&JbmL3l(O;EbVeIZH;mgpAmNJ zAaqVbgV_hm^9m%=#G#qSX#G^I5`|&g%>X+ z5_I(UR0{1Np74|!^~(iyjcd#yam6>(%U6KZKUV6uV+XElen~b`wLY-mWZ;fb=hT(X zO_QEa^x=-R2Xbr!uLAi8aQs%koe<5!3#t?rlp5n7S+2k%fv{R#=7#(f@FOBpX7JW= z0g6kyx@bXN9xLd_c}+mAW}nA;G_9G`+5txqux3F@`2E|+kNuLj=@RHKSz)aL1S7rB zHmQWr%Cg5j@>Fk#bu`1q4WcSBj-#|rc(oc{lMX4!Dth{6EOF zcaH*V*)?|&X9s7Yr#6@C?8y5CvQq!zEGv?Mv(M=d=BHBJBQ{cw(G98{bL>R4J(>Bj zPv}WIeXxV><&{xC^>i@rR}}6n%W`asq&SyqvO&DFgdG<04A6yt?H{EaZmin2VSRHi z!EfyB?!Ni_SYs_(__u&u>mji0hAU?pAV z8T~KWA1~YGDPBFa8TDV46cz~N(Fr4EM+NGq;I;)FhEN(FM=t+&diQgS4Ec(OVQ<`4U9LG_*wKSgGXm<>4Ed@$;-P{d60{~TtB|XLkY6KmeRj2uZsxFDRd@WXk=V28|ua1X=#QmfI`CrRR z#;@Q*HdqP)c>batRgnw5b}xrgMz>!|w!qvWz8seOY%|QU`BB6RjCvW;%5Q*v4kot* z8kD9Ptt)sgJ&4?pRsLZID5il1yoqf@U3KM=aQJ-f(*~|&U_GtVceA#@IoD66X7`J3 zN&jTW)vgD1rl!za%IPa)JXWrt5=N<5Z)LfOmV@a`M$@DlW9=ZwhOA_++6iLzWluva1 z?37$)IYApSDygyH&i+&aKKZ0iiF*ERhjpxx=2iEPm%g}}_-94l{7Ipnfv0@-$U}{< zbkzPEtJwkDc4i;TMu+QO7(nclD^N>b>0HJSkOau$;vL0AjBBtU$pl>aJlz+6yfdd;L0ZTz|gB;{?wnh??_E zYS(9u(Av0oue{Ths_Gi{^-2?1FBsO3qCtG`$u-uPDJ%E8&h%8acu+)sCL3-%oM3p9 z%!YuvvG=YC-XTp;g1;7+5Pavs&6i}3NssloVE>#S;woKLPFq!S9L)wo0~X^%i^ZEI z#97nyyCRowa0;=;CQ)It-aPS=DL8<3q4_H0 z<@FZEmJuc(rzxF)z7N1Q)=Z8=seVURpY*t+xA!O}H>*FJf9IovqL8|dbt!W&r(+12 zzfr$V=sI6*ns`ApZx{e1J(z5epbF!Tz76>`tdw)Z(@=U6;ymuNW5T~8odiV6plZL= zIe#V~t90{ZGVV=~BuDbOhf1IzPG1jraly(IfN(_XnXip1)=+2DK-=DW_D(zh;ri^r zX@924#zzy2&^2bhpdAVMZ-_dHYK7|WW7YGeo|Ew;0}FqA!S0|njMME6g1x6C^~9tv zc?>WsSJC2Fb~R*Mvg!_EdabntH=O+1rhqOu^M!oZ9wAe|0LZb+x6cgjZ;^S8NvSe~ zjn)))*C&p~0PC&6;kmVjqJP72w!$cnzdwNoVR9o3}QtpR@S20D0pI;_qy@xL)j?7_CecQq6@Tm^f=nP zyeKd0>Y%u88ZZCdtUkeOCKx5p(P!ns`%kN<`8&8!@kem=HY4rJ?1zF-I((x}JHrj% zg&IEZ4e^yg1)J26n~0wjk_JS-;MRQg>|wBl@7!D=oop`CV|MeTlLXa?@7e=5@XM8l z*49~W@}3-DVkdPaUIQdirxT2CJNJlu7mbhJ<5k6KcLIdIRcoRzhj?T2tTf;l5b-%- zygyaM4>5+3kI^h(A4S%$DqYVpmU7}S)Co6`y%77Q2;Bt67VsM~u>Np&Hy^e5mSl)T zfl%m?N$|>0aiMBe=}qVDLfMcTb*3^l;V;Xx?#R!)mJR({2lF z)W!7Q@+H*~i-jhjzjn#IA~;9GhrWCu*9RD)$l4BwhUBXzc=_5VJz*K)%OL_RyXns`E_eZl*R?j!vVw7LeFa^u1o4D^PXlJf znsr!;43c-NcS6d{(>7v92hbm3Nf%G?XDHKus>S|$hBDE~9zXFFBy~-g$3x2ih&QB- z;+M&4AHQ*$k+I2x8io%M8zu1W-;n;v19NWK*(YnC<1a(>r{VnXh{`|1a9#uNnaf?D zoDUvh*yln;)`o2(blQip#(4!fP(1zjqvX%g0FsZHC%4doE?1?j#!re86Dk=fWFdxY zu$4P0JVL6nWk5oGjvVEx4YSksu}N2-LsF^B#VJ#10xC4=yT~V&PZ82FzuvK)_k+W` zz8dGP%iYjL3r8NK`SZiqx}c*=iKpX2&X!{<<2bPYP#nW-KULq7kRu!<-?{zR(itsa z9f9EcbOSrr|AQ|?CndQuToqgByfmz;k!LR5maXGEf3$g(p)%?+%t_ z?Sh|0ka>(|tGlXAoAm%1m80c($++FrxuNyQJeW@5E>Jy}C7b z3ylhU0mb@F0v324yIi+1(d7Sxv~M;F$$iA?RbR;;)GGb6uq19c|B0I4YcvI zeP3CE@}F37-fgY6m8~}I;OJLMGb>uX^ROJahy)#k6bQ(DQunY+-BD%M&ncqN}_vs6rTUxl1 zYMZUN=!~gv*sVIcZutwBMPt`!Ii#C@{6%U zhN_nzj)-@Tse%ok4H|OfLa5dAg9z70_r4Ows(+YX-X`i9Qiq8P!jjB{XW~HCR7l}8 z>uF(AJI?mehkd=f$*01kip)m2_TO){aIsa8k_a;N`L!W zrjGs8GsqQ5!zJ-ftwCDRN-O>m!Dfdi1%`|rSMTdb`gE^u=6N*s)t{MYOJm0Y6Vpk* z09VnMV;6O$778lwD|!wxHBM{Z9Ur7#jObF4lE*%*#;J;K>L=QFsH6k~`hwoa3r1gY zQ{I<{Q{9>wUyk(TF4Z8uNpfTYvqM3uKJLJte%HrX`|edOn>5=aqqK*zj&Y4V9*1!p zb?zO2`+%~b3zes>+N(m`xWL20<>6!AS1|%BjDF>Sl#XS><>WH-YHa@VACa_GtjULovF&lL;!2 zch|@szv;r0qvtG0a~&o2G)q69zvGJCie*sVK@_M>`tz2uaS{-VDWvB1xx~Y1nEA+^ zS$MugwTX%Fee>R^N{N%Q8FdO{4l+#h5=8&NH2hU-H^b_@oK;E_=Q?mm_J)XLDH}Ah zj8(O0U_{v)r(4O-Oo%SgY*70p!8&J&4>4&yQ(k)ey5=>WvIx%UP1|_(uA0)gFIY+6 z#y7<{N;5_W9bZB3Hc#ao^H5ctG2EmzCg6IV5t$4bG~vE@&*IZawU6C%2B+_XrGo3}M3 zF=X^c_s$34sl2@O&%5pv|Hrj5>YdfP!Q9%kG>t_}Vej1^Taj#rg~iPI%^}y#7;iJ@ z6{S8@bChUFxsaGbhmJ%&M8Q_SYE@qjZ4ThskVsQ4!}?X#Gro=SVhKNVl9dd=d23Tu zAPC4M^tHKE-c;^bW3tnINa&5GP74d$T65!2cYt=2tb+ck_tn{u6y69@A+P})wbv1$aeHO<`<`0lTG{DnOp8nr0^dD_|0~;V_`pI zkwcl2wL`UEqoe}zT+EO2pB>ar9kp)4U~BZiEG(LRr>=-u=Oakd#=T(P~mktzVT<6VSjst1u4*4-G3sabL?TAk$cL34cg8 zN>}&4@^3)I_1_6~Q~4*wOD@K)&7qQy<>Ri}>Th{mC3s>Qfsv6Ok6BA)qym}yX=9iM z0FB4+?gSXBXd$S?ioujyRQGh-sOwth7owfoVM6{g>sVJnV$@V*`k0ziggYH-9#e%m z5Tgm8{L!r=)~y}uS5co%?U^=v%9eiE0Im|oA;KGnQ$>B?+&7L{P%lcjLU+uAsdVJD zM1FCabEP*Z3U}7l}OCUr^kirwx!lfg% zqs-c9bc~ZI@4OcC%Q7Nsv+@GH0JFJYf7fgO0E*;4hgppEk43VbTX^qlvN`g{QtBuu zuEQ7Vi#0_u5On{Gz4riXYHia--A%EfNJp@N^dh~>RtZW82q6hwX@LX?Jv70+1x5O% z1(Fby00|@{NC_>JEeJ>n2q7R<={2BKL1droZ)VPX*PJsm-^_K+KlATlByS4Ph&NE*dL+;)T(>Q@~IUP#V^rEwzp)qLBD;Xw@vp9j5Bj)3kDy;Cdg4bmm4 zOwc7*?iyQ__xWSWnpl^8hRJm4(6r(JTK-in`IEWtRh|yD-u)_3QqEJ6R_?iZIxf2Q za^sW|Akv0OwBF(So|VywIpba+L`{^MZ=vhv?^vZSGRvpR&mY$tfl0upp+AQ4sSEgx zWLJ5KEYQA{JzfI4Trzr4o(zEcA?}=ZHYX0gc*MdQK*D7t5i=^@{1!z6TtTZ;c@9<$ z43O+a+Y4g3Wb?d_P!fy5kq@`IDQl*vgiJ&wO7ql8qT3WIX;c(T3?Sx~Ya-cLGC4vn zQ5meR&i8ESLsRoGrO8_0I2ZsSKhOP3>yVb#<-Xk9 zGhE9N-1!pAoiPakx%uJw)y+vmf4Nluraz953O&0mqnY3r<)V3Ek27EJ)gKr{qmUoE zH4aVz$1`qfuXFB3zC!I}1}GOvHh zGmnk%7`t38Cl>K$BaoL^fv+3WV&kGF>Se5QCeYxsSt;5O;warP+NkdeB6Z-Mva`jlKSYB)Ty@%b|rp0PLz~aGW z>V0=hA}jYL4q_pqhQI+IS9qp@--8`Cra!^*qY+Gxy1S6!WREzNFVR z*cC6o5DB?kr!ilOJ#O(vvzy7twX5&wazEW|;qEgpWB(mnt~&%#1a;>Y+z|=|rO}~w z3`|4mPi;nYU5|!y-^NG z8O~lt4s-O0&o<>>7sDp%mTBHQ4WN>j1cldhlibg?ULUO#4@GAyZ=`9QGi*RlOYDCw z+VP3;{MMT@uP!~aI_b52a7WI6P2YcHp|fu#?Xr!p?`WDPpH1!Ordd#RCibLO*$w;g z1Y*AO`0f14o-4n(oNcR@e3ZI55s{@v`|=H7L+dHL{IGXcIlbB^8DV#TM`{mg_Q$XL zgk7A1jyFEOo|XXbQ;Hhh5(Z|i4-*;efkfpM#pS#p?ofuJL}C_*@UQiavoV@OEqKOluD|5ohB^UT~|DO@SUmj zbNBMo$c(9T@Sq}!eh2cb(cXi?yAfVDotRsfQ)@1Sby%x7%gp)0eVaZvd1g4xn?_YN zQJA8E!S_E_8u*KsB@`&Gbn`>L7t|$%p#OsJHE!$K(dT1CuGs_KcoZL0Jk*xd6&+!(HB@q_5yh@03CytTRx?ld| z{OR-)$aOLN$kV|p@~0xHeSCQ|yUd^~Xe@`G5?N>*s1TWnP|H3}F8$pUfRLs8HvX!4 zY5}JZ**v*u!8+b31|sL|!dZfuZYwcbcb+Aea@5b7yeRtI|oXyXFt z^0*K&ZF|vu0UFB^{`G(ZY#cl_b+DeDJkfAoLWU%zz*5f<7}xum1JE8XGq9_(aj-9W>g zYk7K`f*PXfvD<7z#rzhNgD%S4E4+J4-thH3#ANx;^3~#0y$s1KZu?M!8pJolM=nk0 zesDOHvhgOym>wlwDA7yrzf&79ecX0s2d0R=rCn93mtfBv$}I3olt@c_QV^zJpsO3U zi`g+=4DZ`?`Z8|YFch#`5ahs-%Z|!lru*XhTFhM1ZJO7Urat+Z(LAE2Ufc;&7jv^F zRTsUR<|&!t%>pK_wcTXA4v~lrOJC-qg9nK*p4J&|c=&sxYsZisD-xh+W*BPrGYJAlhQrs!mlH+P$rzjrF}IX$N=b z;#BCWP^Oiim? z?#nzF{zl*Mp5nP|x*-E7N@fgzoLy6gWB`1=jq$w0fcT z>8GDa7PP(KB>#*5fXU0W^?ygv2hQP7x8dbL)^bB9FMlU7WkXxd%W3>@dw1ue<*>f_ zhOLgI+&lk9D}TAbF`=lQ{D}r>GiJ9|khbAIxRzt)epdiWRp`Do2}l-p7zbz!;Z2Kf zJzRDH9$#?=daL!YV_t?%BdGqX{I>N#QA)|Mf7C_kiF@yb4j(vCoWT0St@Y)nuI=>V zek<22Tp`#Pfx)go55lJ>_-FSsLs>rKwM`X)qhZlP_#lU{=;P%+lR_Lh=luP`)F2hz*=vX)m{^M9P zw+bO^UCdee)l`~7XBvDs^v&=$BIL93gO}rZk)l~DKhvaft zEuP=mT$pEA=&W0p@3Q(RXhqZD2d78LZpj&YAD2#9+Vl;*XG$%1AWuZ^7qr?;!qE=+2#D!iosNBrVCrsRW1$)=C$txr3|3k(Y1FBOgv__ zx&fLu)%XMb(yd~pzLyz~)i(7%F#y^7hFHl2IXwPc{aV+bAE7teS=-N@%^Mk?ARCib z)4d7s%8jbDO&~jbkU_7aLN|0ehj!lF25tFAl`{a%sd}rc?1cx+k7D(pDS@O$PmzEV(lBBMRl$CjAoKMq+K_G8j$UgP@TC&Lq z%-r+mYdbf$ud4u3Q}@^PHeMjva9Tfab;EM~ibldIXtjz#+4s719Y!kz=i3z8H zKoHoDDbJgo}l9G`5TlAh0#wSR=4*l5V;A7H-!* z89t$o=NoH3zz&;zz8A8=+jwu!vpjZmJGEsR_x#cdeL^Yn&U^XE`nfxy`&5r|f!Mb4 z3x=aUA9tg#{|*3-HCmqra!xk$*51-rOhwXq{;f=2GnxGJPCo-D(%o!O|@GDbTC}!CS_ngB(weL z_|RG<^4A2qPmo1rmO1*_3Vf)5OweT(5ql3i4PbD--Y=cZj$wF=`83xZKyQ^5F9$Wr8SqL7Ke7ajxN=u9L6o8{~VGRdo;drnL6-sU(d_lGNuo^6h(8JSI2dB8aFvprL9C zD|c{9cynao2A1kXo&-twdgtcpi!?*Z3%qf!(aHHunca&)>5w7oTsm@x&o-E=`#~hT zMd`TFC!R85Z;xu?byK>CXTZSQ=y|9gsk0goDA^9Smz6Zg7E6^2^&FDt6i8{kO`=0h zOuq_Lwj$wU8b?z8!x(3%+87Z@CMV0(usP2^6Aqmcy{asX`!)J_pO$?xk2~OymApbE zZYCaE+8 zG%7W>ORPYv0c}1Hdu9^Nlbtj12Wz45`l%Q9GRAh9y)=KHGy0*qB(FCd zey zqFFaIQe_s^99MHc_}!619Qmud)7e}~9ectJBAZWD6R^^9e8`-|WC5u0U0OK}${5lQBWjTO2)F zhEAK_%<1M>p$y9=vqREU?hFmL#MBT#W?z^poHy~&$hdb~jVksem?_f1XXcD^uiccm zQhgc?qk^vHRXx6RkFK==ihqD;D6_C~cY9>(&pwdwkIw4_y<8bXddXGwK-_Tqh#6WL zKxm1{Qa#G?P2k2%gcyFE-qWBa%E$xfMdFmxlr|y=OIcU zE)9c7$l=_4B}TkCve($cxdK}OtnbXfrmi`^J}b^jDM_vF4Whcty+hHJ95^g&YGJ_t!cG>2G0nv7pL9#9Fo48Q|`cP|+TR4ZI>WBGGX#`&Lp`+L#3+cv- zX#2T*yB>|JA|@vgwLwYMAQamgOeRQ6%ZPBp=efCaxw-QRsbN1i!MMDr5ET|!c!>-r zV+n5DSbHm+8*5KUNS2mCbF&n;_b&c-Vg&16s_X2E`L^`MsqODv{q`pl43{+N+H#)9=RU-YS@?FazP4go*OVOnl7JzwA z2SDXpbr)gJF|Dfec{k!=Y&!Mwt?sDDPR#jAdx;WK%>xDi7X?Zc;7pLQfq61KouaJ) z!CCSg-X+2y(i~Q0R!1G%(Z##Ob0vEmz)N&2@YYF*8>NGYterg764nbX2$;`aPzGqb z5I4vaG2zoudEb)V|lZVAk zb#`^uR1=K%pwHfmP}+ICZC-7OtsmLhEO}t|E>F9rqvZlGC|_UN@}i^&%<(O3oka)o zSBzGvU?or{PV?3zwkOZ{F&%obq~l9LwGxh71|mEOsJ-}gz1_jlVmN+7^F&F9eNo8%8?AOm zc*prsUQNr_zo*+t4(=6CL4S?VnV9TN(ruPmSmQ*LYx-EyZ6lKQN?P6KSM#deRn+<7 zP^%x>cNt+vX{YL-VbLlvX!b4#IZ6IBH%I(FXO})Sp?0_Y zQy;6Btkx%VFh*9fE4dvoInpIFC025~&{Cq`IH`94sPX2uH#`!8Bg~bss&PV_`|^?* ziPx?f*sm}_Y;qvEbRL5VhSytIp>#U-d?vc!j`7-lM zCF^d(o|<3sgstT9)w{mZXnvDZ=1O|H+`{D(-)mmfgTXi)XuKelFX}3)p6olIzCiQv zp?Ot1k&*DvH@1S)tQz%NE~us$ju9X_(a=X&DO8`YG2w8>Fh*r5v)hk@q+ImJX?Pk>KDH6Ok(Op2udI z4zp@IO^nL@ruN!5nEtP<3*X0d!Kk}4apz)@ zL2rOn#Ep$mm&CXNtD?_8{>`WUD?^c!AJVwv%ava!|2BBRsBmMiW&6RZY{X#a*Vu!w z9j)(8uf#w6EBk+Y^AvKe0getmJCC9mgg>kFHT`i`<VyObS2XNIlCc#r3DE~h@JN_@yMAz4xc zm(3Jf>S$O_=poKCr?L&=gKvyX5xj%8rG#UtdiH`EG8jz(-y)B@at7XwS5I<7{XJ@s z!$flt+KjwyxY}ziGfF}D_?t*Il){AJhx$X04pBx{zlPN}V~bF){B`kxr;T1>GlseB zwe^0US{bF+NQsV)I|}}1Cf6-TBj=rJVe{5}bkvRuV!MM6z+ECgC*Tu3bpVhecv&TI z5FE+|{&?Op6m1Wm2TIvk+Vv60r3Rkq8mtVv4tSx+?eovx|C*RQ-=Yx0B~WiJnm_yK z<4O7Lc8RN?Lih26BLo%XtOoGJtCb9VYErmjn>%#j3BRe(O7XSNP`CSNd7xs&Y5CG1 zYS`6^N7IGQ_g%nQd{}!>DJx{LL@JjN*VSd)8!+mKx2FmeK8wa$6;%k@CRJh z^fx*VhmF3*+PzW!<(LS43d5**N-NVHKr>Jp(Z;h{{s_DL<$MqOFjW3qMsy18E~_^y z{pExi=_H0$wz&tk`KXftzi&Nbsg-kDCn0wN=;f}d31!q{p10gpT-&*}!}n!7=0I}a zOqJ-4kj0`@c=u+ggG1z=#lo8P1^-@{Qm>z}@h0jmF)#t^7C_FER<=%2=T|jmolkxo zGSYCfK2=RZs{lE-dg0|kY|y(^pe>1A6k!rltoIT(Y~FK?xl+COyj>X10$E zL74K0m5d8FD~v6yu(hy)NSxDbO%+*KgXT0b4m7NTFbP;Sl+sAt7E@bk02snmXyJN( ziwOzNx@_mefB0|zPVmI(r>FXJDt^`pUthi5kpf|*{t=i4^-Uh=eQ9<*3&U}SiZ%` zRxT!i;x;ef#|8+PZD{k%=cNIM4ELU5hE~Di&|r6;XNP4D-_AeD(vSJ{lD)P9I?a(1 ze_6TaVn8xn$B*2Wjk~;kN2lS*9E8%lPy8{g?$M%DH(}CfZY}6`o9^@mE zCwyYNh;x7PK(fv+Swe^lM{w10s1` zj_1?MLV2@+qF4ERaqc{=Fbhzcn*O;SD^rPO{N`-muFqF%XY5WRlM-q?D`?+6!g1v1 z@9Bpz`MY#N>-jq4$9&=XnZhro3R#amkvi%WaWK#B$P7Dw?3l{9vAsl(8OL38 zNStY?M`lNIzPk=fo;(Nk{PAm*_ZVNAYx*}M#FqJ}t58L$F3U+Z&v;i=yGJ{I9qsm zq-G;(W^bYPz1+Z}#e&FTkk3wG)v5l?ikT+B^0^(E#uqZ+r6sfT2Uh2Q`J2!5&xYUq zg8#xL7HT;f<6;u8N*-{LjZuFb0~}Sx;}sv*8Ic}?9!h2Kp#FJ>e`m{YlHvQB5?>BA zrI8SH>Yo#)Z zcJNPL4`p7P0n4Y%N+xzM-AyG8lF~(`Z?z2x#{*_!xTIRsM@gbeH{tk|K5N5rY!pzO z6xksE|DTL{R`2$Iy((S}3G2rziJ!fS!ldgvYlC%KXT&^CE

    hTB(pj}+nZS! zQVf*JL~{u*?93If^4$JWygq1tHJj^8vr(lOaw&$}I$*GfKVM#G&v)xiG*0NBy+MC= zb#TA?r%pUPa(P7gg*Ixrb$4jDXgyRGa-D!xT&^~=5HV;95}dSt^6KU6VZ`mn_lrpZ zE`sxX`Erti1Gg9+5Y#ekZCocHJBjaf=`3f4u`f}a8`__t!W3TLsS_}x#8<1t`y^Vc zDB`@7)U0GjEdA5i5D0wXV-K$Y%S3gd239uF8ILO{j?1bQ^qs-;c>OC;Tfg# za}KeJzy2bp4M|X+tT{kTreH!|2Y}b^qT7GZt5^~)bvPsM=eIx|lhbhj<5>N)@#EK6 zwYQ&jeBVnX72rQPRJ=nMeBRxV*bdbL58Ua>{*l@wzadael01F)Dp1(lW@(rf_@F>k zoit3Ss-a3i^2|nelm<&m?P6N+(5{Jzr3KY?Z!lUn9$L z*V{kUN1(_3#<0`4eXo6T6wcyH^yf>iG9lf|jOF=E1p(hAeSC4Dl%)cyk9z&!k7Kee z5Yfn$d~mK^L?9l(hkp!eBo=!seJ$%Zy~shafyz6r!Boy zQu$KF(<6sf0bc{ZXinQc7ItnR)7&+#_AcZyFF%txCE?xfjM2HjY9ig6CmUMG53>}| z8%U`7v*XQZ=2PBkH{Y(-cn4K2kLf#95u92;!EiG0f9oA`mcixk{++q>zpDH1h~DvE z4iV3PfS3*+v+}}c57?5Vt(`A8b?c`5w}&e(l)F^N$ew|{m9RTIr(5z|Jg$sT-~I<& z_q5w*g+uUg{o#Qp2CIIc{^;!kcgiCYcIRN~Z9v-!D=g;r+ZZ3Xe`NJ!AW_2gL&za6 z#{AK!@R-J18=ny&Me?}q31}OnwA$YovUz*D8rcEX!#8wQJ5)zz0H-Ya;1}z_A!3!l za@R>^Ie(Ky4|$fF1mWm5VvLZqJ>ukm=|FIT0X@M$&0Y@JqL)Qav2E7`JF!{e3BMb* z%|Oac7?iL63KT$7QjS{oSgrQVwQC7Y!irNwGL>~v1Ih;sHf|SWI}33@{uR|JFO~GX z=}n#;*9(RbVNc%-YIHB$YhF>LjP$ICU+y4eH^+`eD<_x`tgna4gUX)jCh6S7Q{Yp8 z)|B7yM!2SNZly=mGFV_`PnINuM3q({q;b{|5x?F)DbelR<3_-a`e49CRj{>@PrSk9 z37YT#s%esrS}2ae<1n}#P|!EXZVh1q3>2^ih)k;k86l`HLPC8lSir)ibP#9!pW+KV z&bwC*=hyerUzC`8bjMS-xwQJUD5om$M)8n0b!Dg>3&pcBIwm+!scJMd<0anJ)Kx)a z#9F5|jo0or-2HM@@j{tBffD8ggO$0zjTC;@mNKC?J+;1qqck5p6+`)}mkh+ThsiR) zjC3&8Z^UAv7TKW0^j0{ zZaV7Pm>>#xWx=#4{*-;@w7Eu8B44sDX_CNUq^C3xO4ck@%)_D{X$S^UWXRGL*)@?NA)zRH`A&HncYm21&8lZ^Hrs5L!Yaq(NFIb+?Pv*jVh*F=2+D! z_heVYk|&m5K2`SKy2^8>bfw`0e{IIp(mIONxEFwPaKYgE!2DhOqCSF?^Z7-t#xuV( z8PMf-oF9Z}f8QSCqn_IoIdABMgnB8tl~4BGnFiZBgM}awSzu2YFjzWulw@sMXt2e+ zM1&KQ-T61YV!ll<6~8H#b3qX{^HrN4bgNynV`}u>`oc77vM6CGr*uIhKjUHnw#N_E zy%VX}*MGAEmV}AQ*J>ZDX&GpL7hZ@i)NK0(VfSjeD`;-+aM-}^M~~pi`a0_2F#AdK1Xdit_dt{5rfaf=xQDej6U_+ zxBKiu*p5HQoU+O!Z--pxiI#c(^S^rJf9g14ymHPue8d9nsrIcKN#-aWH1%~4z>0-3 zsIEiooNY4OvoTQfAbQty^6=C~|J>%}m;tfs>%C7soAv#%?D_nj{M4Aq2UC0xqB9Ks$)J!U*{0IH zc=H?-9re#gxc5n+#VE5U%zHDfI_*r0Lf#ic7yGsPr9}?=+qB@`sO0ao!y_xD$-?fN zg9d7cwBV0B5nh#xg)eHMdvVYY9%@2*YJyeV}S}_=Ihqp>ve9PV8?bT|8n%Afgw)k;`Q;-l+ISa?h$RH?f7M~AB&SZ zP*LFoJ$!*2>*V!sBk{JV*k20Yd6P0ab8e{|m+e9s%OB(5D<=lx{dSu>M0#fr@pe1) zdTXGIDSy$y{imDo-+br2eD2{yO1aX{jtB5JndH7P_& zCA2bXsm9BnOn5u>{NL=tMA|hpN`!#vW|nwMf0ggU(k8g*8Tst7o>C7>%~PC60+}|Y zgFT-}6U5$#t6W2$mvkA?l$c|e`#4a$>hUcu>W24H5pbej7E1(V5qjJPeQSyqzAP6*-1S#=V3QO9tpZ_C!aXvAq&5y{F6y>#|chxV}BHlzc%3QW0?|_M*ND-ICO&hf{g1$Oy%%?pR#HxQwj_t}b9og!L>-?RW|ObcyJ?)aMl|aQUm_C4K-YajWnFnrU@7Q@BAHyMu&Z)ua1QlEk$h6N z`nQwkHiJUjvNw;;^@{z(&bIN2Y@2)?UfU)dYVvYyl_E@wnB2Jggc*Eu(XS^klgLqMj!uC1RFfg{ihaxuts z;agA_`h29<%XutkGN~nchsvVqf#liO--uVlBvY;x>1Or}StbtpC4-!Qx+*GzHW-D) zJ@oUb2E*!WgKm&7$#2xm`wO4bCh68QM!2g|+MGX-k!7W%&L++`yn0S!cf%BFor0hM zYun&@_cVlrtpb1IuYXHcM``ToE&6vghE8U0W{Bs%jbEY}Mu2#(Uh>ycJ!NroT0^pT z;c4B&1NoQ#=EU${)cN-$e)unk=>LEU%!gJ{efwfD&xW4yyzZ5)eO64dwUy8IV&{g0 zmdAVV*k-u=cEqqSH73%WcZjFjnKyBI34|wnrsE}+iO*jyh6R+zu{ZK!aKi}N@cMvL zyQV`dRD* zU>_l1(z%}rqGIh%#mTKR|!V={p734&Fn}6WDN|qkd9-{t@mqKGFK$uBqSaMERcaS;DAzLQj15@L&jkK^30 zhgHW=H=$kI<&O_+ZsDz3G(l;jXp*lMji zqLf4*2_lo|V_eZc0AHN(W{{uT(*7J?cL8V$OE;Cqn*NFKGsx`u3pI_#Rc?Co#;C|$ z9M6kP9D3cMo}0~NYQr(ybSAg8ax$9w_$l#BRJbQiz>N>hN@ZSK4(gm8{TV{LV5) z?Oy-NiCf4-{qd3wlblYa4dTKJ21ak;=!IKJ>rrGw2^kl*AajzQP4Yn|l2gh$_$sX6 zWM!~uIH#TY1K?d1qZY<#paDf-daKaWE3?8}(KA`{ zvX@V-bLl8e`Z}+M;mm+`rUHk_ug-G!MUQ(Jpam(|LW^ES_hWdjMF^_!&{7Q*xE;O=ht3{oCQDKw`;^sW=Hf)>Vfu)|4x@RPXB0 z#p?iEHpt1!VoEH!y29(s|}^uew`px_oqZkzDu#HI#8o{>c~IeKU$Mq zRjXCP;>-e*g1>gFF6QZKt+pZR=T|`d8m!a%dZ&vj*i9`Uy2QnG)^JRrH~1u6+c`Ft z_6#Kffe&Q}^rpuEh&ml~o^>=k58cQdOp+vx?WJ&1;_?d;M(5;H>|$5eky$ zE$A_7?FXov$*NT6CKHlI zaoe7i+e|L{T7YF?q7DXI^6^R7V{)ITGBTLB`lKPxHIU{9S_u*Brpkp71U!Gf(%U9HVRujo>;$!MIWO8lMDEs*CAc~2IGU=;-Sm?2& zOgUw9u?5%`!53F0j}07;xGB26=Zn{NoU(Xk9uCK2%TNt8Yh*LL*2TTXkuJ!(39BO^ zLb67WhhMXcpJAeZ<$LK-hPU;_YQ;nH!I zNliEsWgS`Jl2!)dLrEeMm*)wbdQ74ZAwrcHklX4ejY%N7NlU0l?0MNv8bYWFVB)no z6Sg3$2hc4elDNdJ2nxuZ=gxU?zX@SE!j9?^;A-5yePETAz z{%S@tY`KdUK#X`Y9m$GM#rms78iJC%TOw|@yC`E%-Yfcy`*mE~Kh$T$Z*oYz9;X-c zs~Z_!k7-I~39^$}h)IE2@OTxUrZ0$T0R&r^i0npxm?ZDu!qi85+w)Qr+)9WGZtLn6 zP^gmD67hv*(A*oKqreu39}E)DeUDU{a!#$}eW|RZZy`Z&JME0u#`cJs}0;BY*Xa03VLcR-XC3#z6XF*SEWQ-Z*NE9_^xN;QX zM%m?zWvTA0HmkXzB5)58*UAx!ckIRgC~ z45txi5ck5!h->>N3TVw@RiOfdXe$Fa- ziXz#`TG@`oMT{H57VeqY&p%19x^!j}D4)>JVUaA ziH6~#(lH&IoQ`I3k;mDDp zYr9c&dG@4^$A~{ghqxV{2f+vh$!AHtBd-=pmF%rnUzrz>Kc8WLWv6J#AYE6d@4D`6 zo#S%mjPkFdb?*zq)dmDU)Jnt@hjbeG)WuQR8M7z-`r<0P*jIm zp(L-fxw)iqRG}D2$+q8Sjswl6mA0}u6fjr->Ku4idRo&X-8L)RHai1w0jxWZ*W}N) zv$~eh&!x7AkU`%_{*%@LC7PSi>YhEz>#l(5eo(G}BQWeKU^XBGYQb_AWT^vf*%ohr znp`w0Se;Lm+mbetS7Cn~>-ms17SG$8=jEvVVAEviqFNx{ck*%9#rwWp9idgBe;kwY zyHzD4I?Nn7Os60JAG`mGarv+x^_gy3r9u;ktlOCtvEDm5J-pSjxndlgHYKk2;jn4n zNh9gdhbJs9Y3dkf)mMw^ze{xhsO@LKxN9&Odr9{MN(!8F!&oBRP zzrodkmY|JVq_gj!?2uXVW!ulYXDgIWH&u%@`HLC8*_~BmMZg({+>5+R%Q4!aw3+c+VA6G4;qZrX!hfKIP5I0d&$>A;X*Xji2Uf%%?pg-Biq z{Ys85pVT^1oR|uSM*R4NvJ+bxNxek(TUELHp>*=xkn&Mr#BZ@Kwb!mPjv@mCYpI03 zt-;>7rjO^|t@U?@8M-TP#TRqg$XxEuDH!3s?DVt~<^O*d5)IG>cUo0(qB1y?c2hWn ze!L=ZXaS&`?I3V)-LM_FW@B~_sF!%F%Dzsml`q-7_t$=O&jfS9Z{F{*0;<6~O{nyF z+GKW)G6*pVMI4I3F)uDi3TF$!d!VTBo`}op57NA%!{)|2nj%KP7%Su{_7;Q z#H|v7MuT~%6koVzsDj{$oU$Qzx`Ytz{|mZ>uT~|ODt=eLRp&ZYAQ$zzf@99(z@=gscEQ`! zs;|BMgmVl@zV!g@vL-)r9c)KrVuvE#g!T&4nYBb#T3DN^zZj8F1&GorAE&KPj>*)?Uz}f`R-R1A=TzO>3|!9{>bax76T( z!8*NwBwILLOn*dRtm;HocM{-QCQ;uL7q!9r}r7m zEs>lt_jojXhpQow5BKf(WCfkT!bmoiTQp-mNp-VoB%@QxhY4k zn-y{GnqZ)ZL;^MwcZvoegwZt#W~1HMkyY zhEVT~wZAGlp}hEBu?8~bk|)>Zb8g=_v|tXx4M+2XKRjAshK~;Tu~R6jHsk|RB33tHO*_S3eVt-G7h* zwlRNFl%7n{wz;5#Bq-YeJoagh1P(voQC|fE*U1%;r1(PykwD?4+%Zy)+q}-^fYaS+ z5EM$`e`?zc=2KlZBu;$xT8aA6ZEfF`De9MpN2u00s#!;f*Aa%o&0f{{k^1<7Qs`2L z5q_DF5s;~(RMNAmPZ2oYmY{@Mrva#eSjepY$}9F`iVxr?f&x$%ki=&Ja8sY3nqwei1QW zOA+4EYdZC@06bd8UX{65G*8JQnc82^w=ez$bkrlXsxoZ<@?5{9W%Kjj4be)&56Y^3 zzMOA@kLLR&O3|^b#UA#HkwJ>yf#k7WyIT90O6IYc2(i#@lke6lkd@y&vBwTKHCC6B ze;9R}^gQU%_-=m=J~AM3qO!fAX9w;5!`53?IpM}R&!o_tRmFEF7Sl-&j2~Y5pVR)Q z2Kgt~hyIr*r?WQ{qQqw=BfZ@oUFs{R;UWp_HYx>NeSo&}?Ae zGS0xlt$m-6P3+x8?s#1LY4QJd2YxD9jW34Yi0&jDLGJS^eCRTN6ykocJGt@5<#71x zPkIK+d2N?dficx6SNkJ~0kov)>QT{N=G;n?#L3&2O=q~+wHnqCi=nLksW=%#!sZx{^g&9hX1+7+tj5!C?wHhc>81s(0V1^ z)5NR2)F7!j{~lAZCqT>h)=Ae^thlTRvPVTr+61bio5TQwA^l{`=jIA_$^bd(~` z0l%O4c2l;g`?-vfqVWmn=JvZ>XrZWvg3sga8HDKl44FhdB%0b*!zh%=cDaG^wDZ_%6@> z)K0#UA1X}jrLup!G82-S4G=&ME>_CjNWPwK|Ah@2m5QkN1%)nF-GP)A8&FdM>3T7# zIRdsE?qautAK;}}8j^7S_Aec#t|BFj6~}wkCYD~j5%W2|S{(hDkBgfQumd>en~7Uq zcG-MAxpaZ3+NzLWZLKb7v2#rog@4;Ox6N5+Rn_k&2BEi53uF>D-|1TE8b}AMKJ>g@ z#BTw&7phvS^aG^U9aODE3+cV0P5g1pxE_%cS{rEhWonl0GqhO4c|O+Wk%9{z zkr?wkPc}QCHE2+idXp=jyp{h@?O)5QU9Qk9+SrW$jkyqHpUe#Nb)q8~S=`FXV6e`J z1yEI^-5MAL60z{J!sKGsqNeLE_MoTA*vZe#)pNTa^g@G}s3r2erXzPqEj3yEd>U`2 zU4}aNFM<|e(ouV%5^StSTk-HP{^mr~Z^2srRg zDT$vt02N?@eRTdxBt|#LuhpKxK9{oIr(wE=Va@-QCgC=V*0+h;n^U zSpI-MYUFMig1?$F`ZK*$dHfm`K+$z3Q2i>E^RHykh4`u0egl>kq9^(c-7hhUoi<=S zVunLMFkNgkKF+Gu)_+#_y`J@o6e9!C9PxL8X#QSoHb;EFvp2lcsiuhlfO{NBp?&tH z3d2^zKCQ8Ht_HaAp9d%(EYCZ!Lgb@hpO&#jAL?P4tuUpD+6p?*s5#H*1jUd{hIf=c z$9ENZvo{``=2C7b8CE&6c0^m8$&Y#G8Ckxw|7_{bjb{9Q{jLteF|uQ)x3KK`rxeFC z{W;@~sGnY>UT~>w?8P`{DY*1i$?+?9=DFGpc4nqqNAoMOUqgd$DArKfr0!bhUAp{8E2oj_Ogb;dQ=+Zlg zfWDc1?%w;J&-{gz4}cZY|7i1;SfpJ|jwX8J8}ZM_N)Q3bfo+=U z$vb_bVab24M7tsK^V>AGQrV7R?$ke7o-l4So5b)xvpm@tPugv??aRN23H*v2`EW*o z0B^FTp*!9lI&pQ;RUtm!clTQY>rsjO1=ly-6L&rkKVRxGv@v~9hHu`fDCRU4WjnOH zjS}r5jA}P>_Ew@XM7!a=#xKeVZB0@L87eAZoZ{?SsUdwxHc&BAxV0XXuq@h;^#Qc?w3k%b8Sc6Dhv$ERY0hn|DJ4y8c!*ug#@k=~5j zu~b8r0G_w7&GFHm=NlJMJG~>05fKND`Gg%jGuMg_?pjlybee=R`%SR;V3W81fBofWM(-gO-L z^C$iC(-+#n%{L3mtZr@6+CsZUm#0>XljZ+ZfuFYeTiKAap72{c{r{-IKU&})E%1*P z`2XDk8c5Wq7^j-C0jt?2T1T1n*E5l}7S|>unnkPTSOy&?r;D+d!e}>IgWYPqf>nd< z<`AFlPjtOUdX85i^O5M~`O~SM>ug?9pNQiZ^U#Y9d65Ns{b`Hq>>V&q+T2)&{Es-f zjO1MG!zzX&dgKywbcj$dPT_m61DJ+MLE-b@wa83%H2C__*4o4O>uXK^*GY9uo>jq% zumL8X9%>1gg*Z*!k(!Jk7F6!pGT1{T*1FX`JAudCm8B*Y&Fx4W0exyAR&!>T?rRYeQeB3o?ZnkCy|wtF@0c&<(7kRAEmi;Q%dz%u&tYJg!w zMozdkIf`gOmL)fxTe%sfc|&1O_s5M1C>h%UHrLcu*t&Dqu@ao<9AL+_?!dxWzgJAi zCYjw?uo8}}`E=vQO0%l5Rh6I1HLs@qe)Juo`_;R4ICs0Js`hl`4o9c1SXzaVzpBV= z!_L9EW!Q~?0z#UaH;g3eIrd-BF8`mHcr&7e6?OEC`Eg2d^O9uvp)qSZIg8I}~q z!aTJ4n61B(;%%+KHTlLGg}IwpNsvdkgcPWyG)a2(4~G|rfY=g`Gz)tYd&sG}ibWLU z;PIGzd}1jrzoY`sfv!kE<^~|-?_Lt!zBb^qWOE#^B<6c{stQNs@zlio7nwPWWA3FS_ zlz+6#{~gy0l)UuD(>~mwc_-;!`HV=QRZywz2Wn*xXT#^2aue2|IiGQX@3Sc9oL9@O z#_GRS>qGd_7i2(IiAX(|WOrA9bdYjmqQ5giC!ZoPhgukSO`zRgC{SH@m|sekOSM^` z0TO;6`fR&xp_@sN%PuwPa>lz|91c2^Z8YcR2ACm~78N2ZQu4>i&>0{J#Ehqj5@2|G zmo34;n%Az}xj}AUZ6CiLR(HyTlk6&)jH3}SGxpJp!X7Xf_;*FP=s;&308{C)(=Gnk_2)aTR)3sR8mf95wm;-;rgw_v1jg@o;8~pMZE@JyZK|+5)Rd>5i;+u3CF`=}whe z_`LkH#rj;u(A>yBt$9~Kj|Z2Y_RemcUGC_*Q=in?Z+aQ6l{S5^c3Ng)Ke-LI_tWQ| z{)bPZcPlfT^!1{&zhS%VoP4I6_S~f^Ij0A>5+g>{y8|2u-i!bc4+tm?%_x>>=oT z64VzReB*-%xmeocbBj*6YSlAvpll*GnL8Vi-k{iozE79qFyVNQ-wjjoM2#CbNDmw? z#fA8FFk&bb7QX$~+~d9wb?Y#}bEWcwcr9=SXn);33Y@V$2MciD;tlEhYRR zTWi&2QDXeXj4m;h`Dj>tk+^EVjqlsugt7fwC)q_d*hBzL23tHeAXK|7R&xVD};W)%&DAPuo&Ko9|K)G%bSYjdX+HGNS&h+(Ma8V$~xW&N}$uVQ0I zPV?_x;I$^sey*~Bb%uqQOe8GM$deICR*&(1ciTQByYMbqlt{99HHoHbpwE$Xpm;H5 zd>6iq7rULXn71vZ;r4EE?WWV>wr=dHJHj5mLWQAI& zPBJJ0eRNCh%KR~{cEDK&_r6i)9c52&q-;>V-YHpF>tRRT3SAKDXn0MAZHl@nQ8PpT zfI{Ae$3|JTUH$b&18Jc8nS(8(rL zb96~1_wi$lF3|3}YmzV%ysiX<(uUn+$l-E9flDn})u<*{ae`63?9v$ac{s0yY5nP; zLCR{mL&Dwn@bO)62P6ys+P2%&ROzyz@i5xZ@Ih1|B3_I&YsNGb>5xwD%+U5c&8K#h zvRW#(;vN*T@^&rDSGd8I?}CpCG#V0p9cclHV*7#-iEeZ!Vx%XND71%Tfwve{OTcjD z!yQ;qw7;Z-BRNf4vd2<|&6tb*oQK9I%&&(uG34B4hdQBWLxrI?P!R~ zT1cWkB{|akvEoHR5kXK;|WS zBEE#N!B%;x(UGx!IJ~$(vDzm~q|3{yn4l%mFb`|N8%pp9w1H-L^7etoE7_8;SS`w= z60OIqR3%v=X{8{~RKl4lqUTvXl;OlPSb{z;zU)^3vMomx#a8Z5!8XG_tqL#T%;TWd z7ol@}Rgh17xco(|CP}yT&&zoDIW~_JoXbNx^G9j?D8u%d~F(|~g;Uc#~5rvRUAv!->B0{0ienjI#Qb*nQS}B5N{C z!IQ`^+Cn73`b1NjR<^f2E89>n*xVeS@ZUZ<+gpe2tk3d0;!3L^lLzE}VvN0mDznGm zdshKo!GHN%a&gcPCMgathrR2Q(4lr|@Nx}syQjjCB|8Sub{_4Ghd0dWJ_%hHbW$@l63b=;qZ{%-ideIh+0tKip{6+`8WX(_dX--yk(- zmSMd&0zbaV&iXF#aK~y|RNzYsC3>3wjY{iV^E6G*+nsZn&Q+p$@VM+W-W8?$aX6j% zBh6|fy$8<*BjW#B(7*idDjXwi!g{iB>J!OY0EPwJSdR6apD1d{HSEhOwm#C$QHb>` zFua}P#rH3l@o#MTt~B@+5`p5KU)UfrOtEni%r0|u-tQKxn)C8OS|LR?*;vH4MT+78%jMjjmQNriG`9=KmE+0D( zlMDDMyf$3S8!JvYF*spD`T-<*d~fH=vodd%8}0es9=az@~-4gGRWS~NpF;fKGf}FHa?7atX49(dokdd-u$+z3`iLz`t1GG%u^Oc|LLAz3_gNqHT8gHb=&QFBh z$qYG%sio<5hTuN(EaZeIRVDu#JY1o=uXCMODk&JIAQb9IKpb;fab>fq+Zo;wF~S;o zy`Cx@B-@_sDY^p*R>b28HYr-F{<;mc!=aiL((mldK4llM)ERLjOgX;}r>S;}y| zTsDV@i$NH3`d$-)AjNxO+5bhl8oU7(8?V?*dS%D-$x6XF2s?KQL4LCd{<)X`SxxP5 z?@_oVZee`9zC-Tjv?<&N$^q8=y=(|mIjbW1s;FeW2d)fqoyh>i-S%{0;*yk~ZpB26 zg*3;R_B2H8&a*t#!wL%x05fe zbHkY+uwn4$JFXk{Y8FzgCT#w~QbK!%cTts!8#nW5EQYXRr-&##$c|l4o(wX8!a#kZ zHia6qQFVO)9UBKs%A>u=Uy-}8ZKpe#0!~VnDR+LuY~QV{X+o3WHfD9ngz)b-tvoH9 zA|)Svqy)=Lr+o|DnmKPMn&dp~xH;w9qT%ST69>p*bJMixAh)4>>~ky{tCB-R^ONME|J0FQeX9&bt+!`X1W7W|Ngi<6kc%ax9#ZI zl(gz5`*(0KG(Dvt#}`S5g&-c&=);LQ$JQ0Wh~mdInzFHGMwfh4oSIhEtL>MC33r?a zRMV8ZGkfv*_e?co-e(fDYjQ%RTWS7NGpA7gcR5qF`BHm-U`-iMakkdsX&Lxgl#ESlBI52d&hMCN6ge8 zC})LF8YvJJUf9SOdU4(&4MlG#p82__xJHW|&f@*?yInO#^~)|1yGsYs;kL0=I%i@L zpF{UFzF9Nhs6DldI&(tbTm2aH-6)0~3{$uF%~8Sf$cOoJ|Lo}ZS6stGb5|H2&Mo?v zJKuY8{oTf@60`ibE4|a^t84m;ruC@n_Bq>Ui6DDFh=vU$S?o+ zxBn+MvSs+4#mj>u{`%oQ)Mth%nv%so;ilazJ}q|rQF^@O=0C0cPBN>6d$&vE$A^P+oTWN067Wty1sC=)-{}yQ}vi$1cim?M9Sn#}T zbGC0y5)A$_&}MC-WGYkyny+5`_#{L6s{UM(h5jMR+|tZYo?iw>Ot&xw*c%#}-+>NJ_Y<_xJRVQQc{ z8N*PtEZbBGb!JGp%Cx96gGRQ>b5NF|4uQnHMRbW+7IHT28_+tENe>QMAIKSYmBQEV z&43F&1sy$~XU89|xIAepzg$s*z%LqQHSH@mf?aG%p<_&M6*w3V>c(hM4sw`kB8@@pbdC>f#It@Dpa1w9WWj+fma4+wWzTrI+0*)DGqWJ}<6WmF zH$pjgCwH|6QN{EJp#CEH%a*ak2C#)J7ye0#K(f1g4mY!ZLvF8JYT7Q+=9rtAYS>KB z(;-x>wBCIPlS32=?Ns%x{b}8|-Mm;|+G$JDaYD=*xQG@YRz9ai5A*AHcVRVNR?8NC z)YJWLo3taXiZ*l4_dM8(QoE|K;BpW&Lm8 z{GS-#uRv3mcFzJ%8-T0 zF+Yk>AGLO9v0xgA4D;mI*3>0agQ&t-%Bkj7)-!Z|9Ap-9*v1 zu+&Te28GAhAcP4u_1t>=ELr}7#J8OV2+b)Nq19>Lb zgM;hoO&?3}2$Q4l0{fB_9YXq;wL;E$K1vhzN(TIwCEHgyk zAt5oaB$3FBK40jAZ7SuN8`hNBdZSaqC|`yy?r2s~BMgyB)?w7_jz+BP8{|A4jYDrW z1|{(tPnwsNg#(3#O?f&1$JT(K)XiWEXV># zUw1R@^NOnX(H|0%>7U=_mv?-ghZkGGuTUHeEV}@_kUw|RmJwIj{rf5X=KoZUVgu>_njc8a|2vMe=Xx7tMbh}~3iX}WfeHbZ0zs?K8H*K?n@PzukEN>W|!g1)+`WY`oe zAyS{-wpuMAF@3IqoWW2IL1FhClWcv0pE{jF7QL~aM{=a&aaTl`Trtor5{*TBW9?R> z)tn9xYb$6!Eo<2?R?nC6Pmoc&I(BY3o;iU093G1QMj_p9xl82&3eLM`{OdL=Hp<-b zJrnOf)I>7Lyzt}9=@U<@RWIp*kzUK>*TKqNW`oZ&YKa@%7QirK{ns;B)r(6voG@l= zLa0iWGllHRj^ze&ck!cOW;^z)E?U-7s$TPn_;Q?A0X3iL54Nr$rBifi*4lY4Js_Hn zgU0qeR>Kp=Ej~%9@CBFm+I8Ny<1K}(Y1{i!HtJ{JC^YmwF<-8DD=0Xe<6#${Fyx~m z)J%W1L7TBPWF%_2130Gj9@SrA3pn-o106 z=(d(Lpb;7~qZ3;JF+k{N=XNa`fFv_iZL?>G(5CY|Mc$gV^Q(SPrDa@Nb~Tw{mNjf> zh*$SiPS4?JaJ) zh&K5`d{j{Ron-SNh9gj9dpwvM1_1UrQnRc-sfz`;*V&x?l5K(;L1v9h@)aFa*;c;s zG(K+o(YsPd+@u`<0#Hwf^%oZofNcT{rz&R676I*Vg|$bFeI1sgI=7zs*3*dquaEuh{HLw)E{Xm z({Kv$+q5ash%27I{p}F4XuuwR@k+y@*pUaIfz&y9@ zuIk~`-hYz9;D4n%RJ8LDV_o|4*1ctIy}uRoFMa@AZp|!1we5T%H*f6ZQ`N8Ry#em{ z^*i;HdYV`ePKtZ@-l)<`1x!H~|HUHytqtE8x@&@b4h-m~=`wt_QKs3#Qm^3b~bH&-yT`w~H$G6nj4K#he8z##2$t*Q;Nl=G%O zj>2hPv5>@fzR@Ja^%X(fyy}Bvml~(G;E18Oi@XOKcox2T9+Fe8kpjyIJ*&V-BBO6H zN`EWYV>6SLzA694T<5-_dArhCEw^4dfw``}S2NF)fRFVK-($d5Cn+T`D>KkHUry?cyia8*$6FPqmweYT5~+nilAf zeCtlXQ@lAG_C7g)d{84z!uR*ya@VP0tA zSzA^?6CW;i@S_lKrbAQ-w!Uex#ZTw<K~JreT_Q|>Le0X=I8bNGOFbxMteYv{_CjstYjE{ z5ed0aPP!O9au(>HSqH?QI2)GVmD#+kiipzr<}o5ulE)`)`?Rg)tox{`*8L8sPmO`O z6i~VyEh1QYxkh~v;hBr+66wQFCbfzi)#t2W_-rEWZ(83PJ16W~2FUI(_WYR@8e(%# zlw~c7xtCe`5y~sm)6qdTbZ-`yXIQ+2i?}mn+R$1z!arHGP7J&nAKvqAAvDE|;brjt zcG$oYd<9+#%~terWgD`@1=`#)TpfYd)9Yg&cK4Uj*{fNI^|d)JR8uJ(!fVLQ(`zBo z3EG_#*_Pp1Zih64!})Zq#a!fm-S0$NqA0_TclY%k+fv{rGv!vdLOcB=Jsc1n<2Yk* z!??u{9vL!pHupiiEywE~(cgU8r=Xz1vTXGLM=oqcC^EPlRcIYBYkhN&S?7!;)Fo9r zZ{Ou0MB$IY!%P`?v@y}A$1=#Tmo3z_Sb|38wN)f6;x!_3&xDqb2ks-QG@r1$3)zi9 z7voaM6cd@2oBZ=**-(wz)G4Z+a+~*WnTYpv?TMQLYgzMT89>fKmVbWws`kw|6 z&ALx|hWt^gj-?i*Ml4hA6S%2l@}FDDM(KRW_D>Ei`iak1KK%Y~{hG4<)%o*mq7B%X zEz_~^7p@IhVh4P_hpkBt62DM}=3;Yg@&&$G8tAs1pBq=@EsOT&WbLPAQf@&x*Ay}4 z%QSlVZ%-(9DGTXzJu-UR;D@>{)4Qb)7IT1;s>eJfT?CDiQ#9DVKCJMqFlM-^C&t5} z7sPsj-^C#u(>yJNhKd#1pHzqGSOE`5A0@7%O%#S_{ZcY>w0V%h?6l4=&{u>0id>uY z-ls^+$Pl4ZJgRzDHvfzH{MR$goi7LTUoM3z1{)RRKkw?C60~C~t8BKWpu{0Pj4uo@ z;G_y4w;HJ%ht%bWi$Q95eriZa*Yj6h8!z`hvWT2822h^K^3xkv)e^K8ccF^`k(g&w zVS}fw=Ei|cpX;Sz1t}!c(a)`nVWaxo4o7QIXpqa*>HBr!=ff2J)hZ5KT)KFVI0Z`r z*C^h&zBNZ@%gv~^Plb_irbPzJR9CBjeu(jJR!Rt<1Fub*s!lzOq(&CDZ5S_D9)5GJ zbb~uIP|+SR9FuMLZ=a_By?bz9Wwj4l{@VJ7gKjSW-E*Hx_YN)hO>~eG48`*?u#aC# zgGV;113q5H|2wMnEvT?W_ml3I7dJNUXPk<@Y1J)>v%O2q|9a*NTP8qF@dit)q0k^OmYZGB-hc~ zytL7mi(ZP+5tfxb@3$$2vwTY@2dwcrLU^=!5Nosri96vO1FJB2CflT{5^=sYsAXuk1aorLMan2{^;U}3W zpQJkD9&!IyA5zNQ9l|eXrmu`ytz%y&<{apj*l5U(#RbFoY^CV7w3!xpv}B{f&&jKS znc4F+L?i)6(g%F>}r=8@^av5u+2gbSYWHHqfJ1lbI5A6rTY zq}p~n;rj+06!z}2iFaP!dYw@^a?&DQJ7d4N^i;+2?K-DiLc&2y*TVdKVaGDt)-5Ha zxvgG%)@N~6UoEcRTv2tu&UPxw_C;>v2o1pV{QKRtP=n)Zbm*W#60n=BB%@N?l`cCH4KE-z4(Y^;~UL zPyPTkb4BC*I;T5PHogOsv7beAj?AYk5!b3q&J8<7&&y3?+%tB>xCj0?a|XcG0s%Ow zmT~^xQBU_U(GmLW5jeDIY%9|Nl^y!*hSoyDWDMrx3H7gtwS9;{36gK9pkxN>t;7zF zb*Lupy5G~-GqmnN0d)xM>i4PlC()nTp40T)oN6gq9!D%L^DolwSy5saeOv>G3w$eN zFf|y^1IFbys=Tw<&NBcmdgEo^+SXhTWLN(?W#L8_FvP;HJXacG?-=29DGcu0-F`OP zMAZBIIPY@xXSc-QBWbTMysNQ1i`_TxjPb@x=G+qTxo8ae!dY zEi4O-Sfs1>M&j7xgVZX>;}088h8Bsar#qIouV;j*z}Q|0vLc}b1uiHWo6l=QP-921 z6^m_oG!6JbgcmSqBQ`s7e4H{|fRf&d*Hj%KI%M%M;9kD*T@Yk?mkldEfv%={jjU(< z@=C0sC~MiJEyV|sOpE%WcQW%tgUSn;pCnEA8Hz>`@5L=eM7ObZWJ>63DMu?4M10&w z=7gUS=1KXqcA?$nsif}K>`)BC2^?B1cYDhVoS{xM1KLA5!=LRW+YEM^iL_PEqYF*6c@JL9-$S1oy+FzdvB2fH& zaNDFZj-Gw>4aIA{V;zRlkszO4;L-E0I!+lL`>>HF%$d}6y0eiBJ z(}>v|&>B(?Q=j<+8c?4rczl`i3;VSGi_7g_yYC%jkT*a5n)dJ{FyOjZ!6ThUg{i3q z4&8{*KXi(I`RkGYU7%~{dIx*7Nygf*+1X!gTA!DmH~YmmnWU%X!q$CV{9TC>#Lf_B zk)e#RKe2snu5Rp&l5YJZ7D6G@-?;)5<%m=zTMzuZAvIz`s1lGkw$!n#yvB zOx%7#vZ7We(f$bJ+Z&g>mXj+`Ta#l94cgx&yNQSSPGAX?KBh4>gy{%neDA}Nw%Sti5>_!;deS{H@!YED>3MK;Ogb7PR((|r>X zmYnDVaxx=9k;sa~=kJu5qBIST#x|TgeciruQyAli;fB9LaAcD$lEuj|E)PQ-bYov; z?YCtEDTD7>f%lC;5;-FD8cxlc#_#S-q?FsA^M5!3##!Yc`XyYl6`vi2^~XIxln|s< z;KNTw5QC28+8&0+2wQ%Di7j+Owzj{c$0k43W=Tpca!65kr0+E)+;igI<;|E<`|vQ0 zE&`?Y^>9nzkureN}yRuu9ul`d`v!$-;MR$)hG=bF?aR1G`Rp!v)TbVeF-7@|68^a~;N zQPu5wf3yU*m0TAnxh$-1LVBjVTp1-QiOQrLg1XtCp?)I@Q-1azb%u^I>P3=FNI}Ept&;qUQd7&U|!lqm_LqR2Q2ar z@#U*rd9=Qk;#5zTd7%-a!}2}mLRFxJmj&Y6|F=jCo>(XVcUr%w|9ftWEgI1ZPOC} zF#phy$kGQRd*i`?;0)BU9g|gf`#H90b)j73A$!U=qaJMXfGx=V@acM`g<&viwio9&o2p_gh^HX^%{5=m$eY6!zt3F4To(gdv5PKUd{FuzY1bkDiE(Ukk0 zI<9g$dAJ7Cv$zWy;4ug%SrgflwcZW@ENmqYD}~33ivaSAB6ID!0*wMe6A(A^9;cpB zbUn5pj6KL=4|`P1AP$D=`i9z{^o=ah5B*{-m5a1q*M^eB=hvH4JjO>BS}~U2j}Oh4 zIPR&c{UBwM1ho#y^c;L$QT{__HcT=d{5qbYC+zl;?5G7OUCGBttC2J+tB!Mg#tOYB z*hma`Z?Ar@n;HA61Pnc8zW0=0(Gb>r>U@15mdP(eyNy9FCzc80wWF@vtA4>DY`d?zli+9eAp_Epz%nN+te zi_M!oo12wKO9TR!|UYe3yi7Qjv)Nur+5O^7gqD~}MhNy*| z{PamV!sl$$Uwfi|?R|pk#XPo_cUDF1Ck?NHBIx5XjmULE)}jGBv~V~l#2VEEq_LT; zTshuu?4SGipSC|PoI_1yhH-8uwT{rBBVh;M_4=jv3xzm76B=u&zE=fvln$8t>@&oJ zM)b@ck7ed0Gv>sWWkGw)p|lGTVBrcPHI$v}0-D6KL5Bf<3c4qxdZ)gsY(%jpLhYz# zFl0quULNgF(eOX@EH$L0F_~2oOIL0bewVr7Vhc_lUOi@KJq0HHDzr@berI{Bn2~X?W**Nf^jJospJQ{p3e(#yG9Rz zO)6aM=$1uRQQSPykj0g}yY_C)?2C$W;}GUv{%Gdf>y?-#lor%_R#Rf2hZ%H1W6kP7 z;)vz!mxj`CZFb`{x(p58ZIp2EOKu)h4UQ^~o=CMr+lYV1_*yN1P_72}rz?FF0<@7#Q7A;l?}ESzVAmlJ498(a`7 z>$&mrr+@9t{U>bukC0it6z6~SL)mu@4GEa$6vvAYIk){4a<64rOE%1_VhHbNFK$Ct zth4`ZdA>fIrJzztbf`1;tP~;pE^CNj6Dys3IYl?8+yco_BwkCkkivHmFk6QU0tRZS zDfIRl`BGAB3?L*&6_`F92z4m62rP~tyCb);pdpJgbdCrLcI+)%sX>de1Kp_Bu42e_ zwR*2ae2Ek_)Y9O6;w-w#A?e*j(P5IFSDR2|{0FvPBUsVyZL{FZ^K0=RX570FW7q4i zCfsViy|vV;d-$;b^>1c-zH{cfqtl1YX|&>^_QmZu$eYuuKl=3tW}ZFM+5UQly4Vtb ztQtsYeskFTjF#rI8}SA={bhK|v&3twy}gL7NXXiCYKtjQXHGdEPu-g{dVSRFJhb`s zj86n`02JXe)BiAT2W>)?i3(q{}?cH94K zlvLU!ZH>*e(`l78=`m7@N$Q{C618VtBh*lrm2csK|8oV?VG zG3X}qFzMl;f2bVU-?`V^iLebFIDxIqRu!tgE(lvqc0(4rBBXPqFG-2+2CI9tp4=tp zQJVxcgR?x4C5m6q+{hurxPxTT0POy1s2Pj|=hX)TK}>-;?u)7a>?C3Q|K7kCssDYi znCt%w?jrM^cM}==Zyrv`S2SK5st>@Fay|{UX(8GV_cW_xZ{s0$P@xA3&EY|lOwA6u zBw&1FoD!)cTR8Vp%GmC)_mT|{RU7At&aJ5=+zbjwq)aw zfeKhFls05$j~5F#rcwud5}WGF&8_WvMhEvcjEScc2TCsHECAG=%$6U=Z>-T_17LPK ziaj^jx~i9v+#zqOI88e+C`etG!q<>}<=|7b>p5~w0Y`|i)2jQP_exc4SIK-~+wi?b znJ#5~zjC6Xh)k&f4RCWRPAhMSG(r}c?67U_7~il4aB-=OK$*}Pk@V!=9V3a*>)GC# zP8Rxuwd0Byvw`yYor5(yEP`#28ZS{8;D)lZ!2X2j0)hR&L_FZe-K(sxXLQsXCWZ$* zBbO0+PFv?bhIuY%71iWMwhw+iv#KP%!&}@(suUIO;JqF%q`0g(7+zKSedO?XdC~Fm zUMKv>LS=Qo<;Bc1CU)cG$%~WW!G*rs%^%q}*EfqVq8zry3LSrEsW(aw4@4X-yO4|m zk3WXlFKETq`Jy^DG{f}$a|@$i&YWpGI5c$}>TRZh+!--@a$X?TDeUNF*Y48w&#}D(|c46gvPE}u;Ra6?kIIa ztHnj!Di>)1qI*W*B23sg(Jp~NNQOkYN*5py09rsBZn`LzUCZx)>No*6$Fb0rLUk}+ z5VeJ?i06x!%(r!#Ojhu`)+ND8OLCg59Vs#=atF+ey4Bx)gO%EjO`IWCp%P1!7G-)C zZmk_m)QtpbJ2597S_rOK7^cYW-T20DiOmyf!bSt)atS9M8eZGj4jPp4m` z05I`6Hqg?qaO-m&t~`4!2%Hz+d?71?n-c2$^Vp85c~&A$9F~WFm1KC0UL%7|r9W+( zQJGvQx`o=0ypY%XCBLgvqSp;<{Sn)c|2#htk${&glm3xK03(0r6qtTc5C(bXq~?u`riW$ zc832-)5_N~PerB*QWzKmTg%{<^iVe>DPe}(w1EUg5<;FPfP0^gsD(Z=&hQSSd3)M% z8(z)1t$BmLZhG*9P2CfKMN3Ap*rJDAyuPqID*TET30K^s)P10vZ}czP3g%bqP@^!b z+-Y~X!hk&eTi!iOVKPPczbJYyVIdwr&hc`7d7!W!;X`#C*PiTgfjQLBF4(WE%Gs=_ zRzPukE9=F++5`}-Ve!p_lD4SFe4Nt*@Wc=Kl7r?i11z0-B;X!WzjsuR-NYeomJ+J-4SC>k|*6B=^JSEg5`qbXy+ z7}a`2Dm}c#!pt>d%}M?@3kk;0Y5oQUnLg*22>za)h}#PU(Yzw#LTA^MsgVuuU4mr> z-8`2o%`XW?Zx%1AYQbRgR+y<=+L`KQFn>uWyz9!q9HFT|EyCBcPGL*xSq#rxR z#|Qy!@FqXkI?hiSo6^Q&gz9~67E;QXPx+Cgpn_oTr`&AQu{ta*zc7G+Q$FTDjCSsx z7l-!Fli+(RuiMt)ghVN6bQreqc44Hnh%_#7KODSyIrqZM!)GNaF2jmOkv;kv@VVc+ zVR?gv)-JZ4JpAUiHk?Bhci&|ar!bNV`>I9d-~B=sd@OlWGZU=6eLPXz-ZDE~5WeBX zczrPBDP!GxV9iWGibOE=gfRyK`6DHq$)j4<0kNzS@QX#`C zbh}_hw_)al>l6ip-Mk5h71?7_o@B`Gg`+;^sD+!#XEBFAZpmE(52PVED6^kZv(~zT ztdK+aQ`vmSm(b;Xyd<)yyUMU~(5b#+5I=-Za-V{%gmgbv;q&@ZbXqbfo7iQci7eNa z$^qouelGG07uVEu@u4!JFx!^0d{pnNM69%SNKDveLbnmF(;qz(9ynb?yC^~u{xIB3@oEoIW(y4T^Ov#+XHQ{|A}C) z{6OSE2D-3NNj6FgdDXkVsOqkYXzlEn7V?q3T<~FdoZ4c+^l!mrX0Q@yo#BLRl6_7P zMVClLvISF;-Oz3q+66kx{P}8{sMV@(Ocrq1q|r4dI1yPc6hM=5)nJb~FD#{^yxTzs zsYfXnV6yOzOy8mEMaYn|rJql1;ZxO63oIyq?&%O3A^|bzts1S-la(s0?U9!-R`-op zz2|ZWZ04AiEU+dWH7PR4`uv4Q6l0GhYE-MwVYd#M37o zZN;*xE!Bjkzy&UCzaD(nnO_?p4%Jzp$Emz`mliy+ZPbETC-K-eUYF>1QHl`ECi}pL z)E)y*CL}WoJ+~2!HB4i__`&2JA$31zmpVQ5M`t$X{EST;E)%cEmR| z+x=xNEHC-zzx9Cs%7?3;77CY%xfyCi64%m3OBvBE~Y-UZg4C*`)}NqqmDnlwkgx)NF&{u~+e~ zMRd%cMh|5fT#BQBn|4Fv(~X;>T09s6?ua-U%m&)xJBi6|x%|qknCA0-ndDGimEpoY zW^z!CPw9oCa9MVyyyRjJ#ozi$&SAL%a9&+Dq2rDD?Uk9arZ*8mM&gNqIUB}J&wa-P z3e(lw6Dq~?V!DQoHxnH%%Kq1L@&88zvj6S+IV+|%zRYPOBjR;fexgJ|xKte(N@|EXuOnmKP;K9gRag%QcE#VqdIEx4 z@)8QNn0#8`kU2A#XhFQIs@#(!&~?{;s-ob;q-d@STNGV#_T0W5_)d22b|o3 zRRw*fsoYt+HPo$@XYn@Y{Ft>$_kJ57N88o!rY?t*ocp+V8rrD-&_|)tzNCpbzpJHU z7JFH>8uA1NV>6I!vC=pd7v_8p<|-v^FYLsVg4*v1@z|G7WdQ(-8_wNKvH{4#wPTVV zYA8};s7~vbr<{MW2mM>q{d@GU|D(wiY;mgQmE7}cL!5j~HG4I8W%s(u9Y{ruXk{_l zdTBSlt}z>at^Zwpg%rLrxA-y09kp!y@;v?g4T#Z@v|0ZEdSU$`)5s}*X-8v@bd}lc zKC?iS4)}UTi^@eZF9Yz`l9^pR2tPN~?IH&mq7(tv$Nhv~HZR$g%e-m;Im~j!`H$c> za4LAYLugYKUKA1xP&aN7#;Prk??5!53R^3Liz~Tz=F-lJGtczFaK>#;t(W6u6H@f` zV!g=NL#rv?A8@=)F*q$xQ{q@W%n88(^HI4_Zf6WNR{XxkDk7i^?XUJ3F;6LoICN9c zS{?T25IcN2{)itKASv5{L=vCiomUe z+ByvwW^C98{o$FX9HS5=j7FMkE!vU4Z@^cIQvHD*iX03B)qeBGh#nbnM0bzebAp;E zi2ITEHmRr7`OH4%2AuLv;jjh{-$x@4is17u;ix7={+p=$1q#WG38seXJ4_UfK`nVK zDXj45do9Q{&)uxG-q;_2{mEZGyWvI?7CLh?&v(kYFNgp1w>#?p>w~~g3pbCA?G8_V z>THcwZ@2;i|F=#?KXVQ?W&L>4AS1vqtju5tnO7`pN6|a4x@gcJ5{i%M7XuVUycKk< z8xklL^jzcUuJb7HZEicx7gC7NC85v0%Dg zgc%I-+*`FJK>Pn-)Tk^3^XiAL9Q4@>roDUiGDQ*FMlmagdz)uQn-X4oLa@z7Pdc=I zK5atfH<><@CvE#s;I<1B=Z)MWUu(}$kqb#=TdJ^{7v4K>)y$mxI;fu96FSBg)T?>Y zjm-NW>t0&?;s^^~Ji#1|KYc}v_Zh9ywtUqbv=Gt%fjtXk5>%*x0CVdLTj_V@I?vUH zti~5YFyTP6LeE@ZbBDr(W%_vGyxD@-f>xl&uHlfM%h*`wIVrfWA#!rD#8ZJ^X5#r0 zIxwYDOWl<={8|N|XwWf!f3Q`10N+rpIg^~TgR8*Y*Q~I=-B=64e3;@vo@RY{k)*$4 z@HWg@Z9NEMZ|k{(6Y}YHy;WzcZyoskqM?!DbYc0`QYQwfZfXYWnmVQeUeT#Cv?uS_ zB>~|)Va;NV|V^z1hLIPPL&kdB;8p0_RzC z;WB_iNThhWWlBg#_maZmVg0RlHp)vqV_M=at77|DrPNBkPtm-PU8mTg|A)NqfNCqr zwsp7L-Oe^9o74saCg+^mHo*jeL5LihBtU>LNq{i8ZG$mFfB_REl1-LGFbI)EXp@t` z0z?ibi6}5RY^;R^TL_-KirmqZ?l;KCcUu4$heAn;`GGlNVLOJlEP7#`0;l zr59JU+t_q0S$B`hr+i0>i|=vy)z9>C{%m9OY?8FUL7hn55f70o=w zge{~!=qmu04FU70o`&7mR?dGrp=6l&M7Dh0din;5VgLXmqfD3PSRAT+DbFHQ_H;^js8kOY>XC!^O z#EJSu8(o(iXCnx{0wmE;}Lalb+iXi%YD z$02 zzWQX*e*xn%lcBpYIF*Ag(Z9h{{_AbFmI|>uV=#}92fvK@cb9R$FImM?%PF(3y3gIo{&smdlk zmaV5d4bZSDfVvdk=a%jgp!;!P6!xP)qgU|o5-60}Bt=po6N&2&Fmg%weY*UyMWA?6`avgTeY9%M!v z_D#h`gC^R9&{To+rxbc3DNqIpFq5i246Z5AO$ctOoyZrJbM*%skHK60=V~d#VHWwRAGUZgT6~2mi zS9`hhQf{V26P?3|?_!grqQ_MIQjO+#4aRjPo1P8uTQX|YJY8q?&=LM&b#O_Ui&@Lx zxjf#+P)Z6sVPN2AVA!W}VJs(WfTuA;m(BN9*ZSyyZJI$xzz#T)i(h#;U#eQ>TM4sd z)rhN84 zip30(AehPM^9Gbe($f-hPK&&B=Wf47rpyCLq!XKdx#TDpG5V#sK!&S=cOuxgOkK_81fQ;yxfP5|H01L`MU+>}=Zj`Umjxtd@ zz#A3iXwKMu-JKcsgYL~ zK4`zI|Dpu82<@-#8Xn~PP_K)$%Cq_TKbv*_Uo1;~wa%S@yte=C%t>|aMU7UTg4#H& z@v7Mr>dC{EQk`9n%*KF_$e+9(|DT+rX8W@?JH6#W0fA;uF6)idSykU7I;zyrE?{*K z*DOS_#+g*D-_zUFCjA(Zt(>bXaHcib|i^FO9x?Ql)phCCdWSX31$xucDb|FM2rb`06 z8ik$gwS3(~Le_T)jUqk}iAUbV8^XYg}eBhio8EL!?Us zuxgb(9Jlm*Hzo7%^8TXb-MZJ|J3;h)SiZrLE?bR7BKC{3m+3q=iTCfm#a08{9z*9j z_=UyL6U(vy&?opPJ3rv|3!%aajQ)3n0C#?U#9A%)rd|J+?&+wSg!VL?5jY*50e4O0 zwrEaa>ueW~y{*8MU;O#gYSo+RpnP5^h>@P{M`!+2dYv!eSnJ4(_8tI$TBVrG0sgHV zY@A*2pq>MVSz5V(diA{+1{3FjQh{E0(ub{^aSj<7orX(TWpd`DCaAcGUd0>q%}iaV z9(i>m(+=0=sIJL;Z0*R5X;4L<#Ja;!FrmRlZ2I)qMo`9b|F&faQ!fKtC=CTC%1&1i zAU;SzSBNk@s{!pA-`^HuPxNN{Ih}~&$!_NuQMlI4i*4l>E|f+U*Y(mf$c!c<+Rnt> z=vj1pJ)jmmfXy?RAx@Hx`&8nLP_e{SkVo2Y7qrlk;2nXXeKQRw8|&co$`yB1(WHzS zqwl@ZG97#9X^6brrf`WsFg@_iK1|+waZiz<`|0yH83UzPF)eLOOR{ zSX|xj&gNNzlyXEj1_9i{y4h%umyf)D z!QXu#$Q>55IEA3O?)SMK)Tg4#-nL0*QV0y7?g7q3xO)Luz`e>K7`xihNl7TKiqFv; z2K9Sc=P$cG0Ht@l@D(rm@Odo>l$U&2=;9NH9;8$6^JYW4R#r%(7L(Rd&C2W7*r%4w z?9|u*UbG`Dn-60B67}yt=l^}v{pG)ZxxDjp*DHFMV%L30z2VHWU~oGzSP&U+!Wj5C zH|bJ8vb;Isx|+bY?xmVH$ubY5s1GD#&GZ_E>2#Y?+ZMs9sRtvoZzrz?HUvJ*HGFB? zwI^+r6zG54xEunRG#x2uC$-syC^}H|G>mQpT)|CJl&#DGmNBusT{{ppyqo!kaC9v) zQN*ytWFlw?Zve+#26%12m|O25vvgh|f6OflKM_mRZ+bm8Ov)h5w&Au*`OHFeO0et3 zkko=Ncn($!R*DX1evQQjA1Zw?f-0<2t2}}Ot|{qD0zO>E7p?h?@q9R0TjJL{o&? zFu+37VUR_Rux?ub7|H*9Pi&*_ycYljBw9wH3)tJiC3Y>K)YN_}~ zw*^50(usYVHpDVDJF5^o&Xc-{)vykmOwuD4*$-n1L+(ukl6&IiM?BGPI#ke+jP}y!s zM%hYnH(p^PUT#|uG}T+Ar&--k@oA&EaNZ4`0;iLa*fHp zYAy@IHbdWkAY20y*LU9{RwoBNUQEB2!3<~P+df1WBzeRxlt?Hi`Xm@he+YL8|CGr< z9@;f>UmaY9dog$rTzOBi%5OaAQA}SvFW9Gy zqakCN?hDv-SJW^ZIq6-ZGK-H+qZaE-q~xdiuPwmWxvJLJK8)Gex^+G(sLuURT{zO& z9b5_$zpVC+5E(*NB)atnwc^aBE78HO)3V;K7oi@5o3|F~A53j(?v0iE4;Vqxdvvzq zZGa5n!_@qeQA3Iy6z3xYl4)?C%48lc9%wYb*JnMP9pbzol&@k#l{`@_1@m3Pk({c2 zGsQ}w^1bxU*=c(T{_pdVtqzll5NcmdJ1=E(tLl5ZcjGlf@i{crx$qg6(WKgv8yK0| zd+rop=AohYw?p-2tFQ)(?hk!FT@!$p_rB-e_0rpG#8C+o^O|6p;OG=EA3CEpzc_Ub z7|ReR&M@o_a01pBL25GSxm~Py1ze33Cs~dn=fL&4{o>jK)Ta`Rc&N4OQ(8g&eJV}D zb{H!EYk+7*L5z)~{&{xy42rp$b>M~Esor0iFBEY+W16cgc-&=L8$HA{qHk0@0cjIml&O;{<5d;52>uV+8~{Ff7m|Mc@; zrg*jNKNf1G+Qe|B!RGky^o@Q!w+yNu(j0%vlP=dYT(3d9=O+HkT4K+BQ=}?RK+Rln6xx#FKvT2#jI(e7+B-!0PT$?annlByj&F4D zs(DU2#6ugv%w3YL#&~N_#x)Iz!INPN7qa5#CL){T;^VB;EEz&TC~=D2)R5t-@*I1L zZ1_ospNhTthH^7nxHSf(=)1?64fK=uq}j7A#KP2U>Wb&nH=b?&XfK6mAN7rKERpj36k#=<UFxK*b|!g@5I78vi)Ipuiyh_*SotYm;fwcGsX*&F?fUsC%Grsy8(^!=P&!2 z;kDJST$WpJd)Mpyp8Z|=lC}jv_RhujKCw0O*K-bDQW>Q9O@bAl4wKv?=D0Y{`PERw+Zr)Y$yiBdD=dcldx5a=YZ} zYVZ8-4fyTfF`Tk<|>yy8q<&mi(LBrXPfEjOh(G&VH}9 zz1jL}a5nVf-h5RE{PVrjnc-jd;D6rnit+Fby^^1gg)X-PW4$Cq+S}#_)%yx*LL>6u9!OaP`ENAOGy>Z@oExb9`CZY)wL9 z)w-8XAB6wq>pA^x4S|W>wOV=q+@r?MlQNHO&oQZR{7)bLmXE(*E^EWb_m&l!dxvRQ zOVgE(9_eq>az@i}_+?Z&O^AX#*Q3zT=^=btRjG4ev|(z@!#ins6hVf>Dr%EYW7OEj zyz&iJMu`QcN<2x`~o?LtT!|lfITpVrv4ibv|(#dl~CoC*&H; zM&e5Byr^9g54W)%t~iAuU~Z&&YSbAsx~wfkh1D(YR%T26#GFROE3LzTNLc_+>M&@j z5gpouzT10P9MuV)hSqDPrVC)RrBjox1L5ilv?2K-OX45^lGg7H-7kGbX;RPL!$%Nttz>CP`MB~ltN<5$GBwJnC-;de$0WCw_;;^sBDIG;^g8_!n>{#oMx}5J-@1mVu z9<@}FSA*mop%ApD`A~Fc6hU+G$&Sx?#kIORe5tK%^Hzk+;%#S7Hrw@4KnZtXXQ$Ai497aOYKTm zS=gNQ3!K=OJ*JT0@|)p8{z3_}E-(Dlqw@U>95DkK#=MWbU^{2hkB9B&6wePgcUUhWeS7&F8iS0_jQh> zL}QCK$u#Hd9--X3UH1?gddoKP2m5M#u_fZ}eu~ErH5T1=R*k2g!=;D0qr9)lI;Fe5 z^$O`K2)1C2D6{G?u&b?HHuNH9rc=vbMpmF!nWJuHjv60%xg=$m_fmuJs4|9c3ukdn z#f5y7in*O1FSiG^dA;R0xU0ey+npRMzRWgbrt=sP!ep%R^_)%UV5HB`fxk41K=&8y z%<b+tnZkexgNv(W+Op+2EMtJs{hrxVV08KC);5B|9H^`6e=<8FlsP z{&#+8aaSYk*)t(@j$Glw)~+=j-3#;ud*IkJt>}!M`N6zT0u66(c*UGei)OBkc2Y%K zk1OUtK@Mf(_Yh^TSAnJ!)jF~`F!2;2P$tVKc0{|_l#}M0w*h}dvuG1%es7J%x0?

    okZ_M_n$Z0J3Bpo5OpTOmqhTso=*vyLT$pJ#*8Q2 z4ML3V*Nn!A%QRuvgSt$s$vWjUkQ2$_n!Z)!uTlX9fpY^|rSpH_mgMVY=SOmEvXPq|s z?B&YQD7@+6z`Z!%Od~F1d0-iT&!481&g8zUBI*4Yl+kH7YU|X9wEGIg>>zcOqhjtB z)>7!tg)YoaFTY)LK;(EUNGYz-YocGR4bC&m9(VvxiLO}G(-QmhxS3>gK|LG6a`hUzw;0`e|H|Koluhq}Q z#b4am)LCB7S$Rv>ZOXT~d4waMYA=>f+Rc38`1drqKYnUg9lfQ7X&E^^mZtdS8&eH^ zhYxzH$L5p)7ZwC`DoyR~=3UD-uI1e`-yXO(sIXd8FQzmqad}cZJx5ouA~9$=zi%e< zv#UZoC`Sp7cAq>cUJ=*@wOZITlK=?GW(XZ~DUwl0Gc{-Km5~M7y`C#zlbyP~#40;M z2rzG8KPm3$B15tAMPAx1;1ZgbCs_+9XBCxQGVMEQHh0;*#&_b!&W5duf2+@VC1Qm_ zg~9-TvAcV>g0&t`sNDzM_2IXS zb`?KB33Gn$2_!!?m=Uw?L)X{A`6n~LUfPrB#_vx}HGzgCKQk5_&A*j_kr9eP$mdVV zO`vRl?Twd(3Op36QK2|Op(G^)(GDD|xAoQ*i(MTj02mc$dn?rW9uR9`J}ylvvu|B6(Ir@fOF>n&t-?_rP7~8f2gzI z5nMa1YoK*}Jy*P^;CSq?t^wb*=aX1#ul;Vo{!N?DnRwIY&+2{S-Rl!^N7GK~BO!59 z_2wPj$5Q{%%MJYA)^QczS=C5iCHLHZDQHXjtS96hK<@CWE6?nj1k3qeC$+v8{|oiynS^%^O8^`yJ+u%ANf4nu0mM{(cqz-uC;ON{_<&&Fbkax>6fivEt`R zj8Al`_=)4g-{@>yuloW2>CYalVyodGzaJ*x5(_TpX6sMhR<&zulzL6=w{DQUKLB%j zQ9V)z^TVq;VCJj^r&f4$KhKI$u(~0R{ORqToyO#in2~y6C7NYIbz+@yp`ob@N)5qWa;(Sa?a3Bz^(lspaGH|V1$CEJe z61Ja|WR^X!;vb#y(nVQZbj5$MzmrwE={+;2-b`A)+$BM?V4#U)#v`NWrR!AMMl#A< zZ%PG3q4P3T`O;aA3sLiJsMvM^W-Zeh2BfbxcitC?ytqq*;*aEN<2Dba7!A2Rm*NHA zqX-qy0yWyS6{q3{6`&!q2dxQa6ylJeBh=isx=HBG_iy*<8WFMe@*NblQj>vKTABWq zO4Z;8@2y*nGL0@d$Gc?u$k?)&auq8`DbUi(J+mCm-hZS+!>8-hznQuwF5C;P?+V~j zS8|NilV}ObdhT~|Wk8l4+`D^it8 z7gR?tqape50fQC;BS(j*7;SHv-qeS3_NgTlI{Y))m)7XoSb)!;_XukYlFgaCq?Qd7 z?y7a1N(+a+(iNaIAC3dQo306W)s{j!u(jz1s;_>@39Nc~zuSYIw9x5{S6IeE%4}Kk zaY5!FMFUD&m1-G-xfs)yQJiwA%{0ya5yjhmG?Y~ag@+WrCeoKK<>m|wr5GHm=TXfG z80uz*;9ARy`L2zt#5LCaJzw>&=YBaIJoO$p&d7>wFp9VqvKykXxc<~)&oMycs6-~^ zRrK+((v5G9F-Ow{`zjh-s`osmaifhIezWa(MvOhhC%sPAetNVc=*Fbc(5Xhv=)v;L zL%UNu(&2Fyi;Z1UU<|naAr%+MJOyX!vQVBb{!neF+%c>MTMO06717F8$H_rv>dmi? z_7s>D&Eys*BK!K0f+h^%g0Y=^l>PRIvG3R16atX1Hl25`l4=WImqDX_K-QpE87Wz6 zNgpa|EK5o?esD3AG&!ANZcXu89xdjPdW*LK$-ruHX!p^4`ejOE(h+TApyp)Zdb-*3 z(|$a6?y3c3=^+?2xAqg2lnc4D~oM;x316l}#^yr5C2(=lZv_ zgGD(_7;Q=EotGN<^Vxy7GY}nZoY;@0ry$R|kHyv#gS>`2Ns2(tGgW!R)hDI!s!X9C zt->yMeD}DwlcCgbHd20do|?`Zbpn$r(KioK-&gh=v@Va*A=|~31Xxx3Jt&b5%78Ct z6W~L6MwYu`E1u=dCo^(D-6l@YWK#8!CBKP-Qv9d`2IyTB$aj9-t5;2Wf5KcE;fW^jVYb z5ia$06qY_+O~uy4TH+khLQ$EvX!lsR$Yd@7KX&4T3q_3TQDd7XzxCD%fyKIKPb`Q| zpuJjpnaBzrH8ul=OnY6cxNBG}s&%x&is|>p{o!45q-j__vLa7T_q(*}R~a8>-Sd$S zvWb#ZB29IzV)h zqY778V400j8s$lQVE&1w`4Ow&E1qcf5FgF$KGA{jK5%djTKw%w@7cc{{2NBY$6RT? z(u2wD9pdg~hJ7_p;PPH9Wn=@_Bzm83UzG%1%x^_NT`_Vo@+oiJFMkBZ11=niOXnyj z^44MW)#FAd2qAP`mt`F1Leb6yHeE0wy0Umc%VH*+27=5xFv@VyhY8ua#Yh7+88wg4 z9TK=!a=?4p7>w8~Ala6s*4vK39AP>1;03D99RV3{LZR}j3%&&(Yd-$dIerfh)<}+M z**B>{pL!W0Dw7B=%_>9!!VoTZi=ZM?XLt|!dS%hKeqvfJkheXd7G{@okxMzBe3C5Z zQJOBm2ma4{T?!|Qk{@6{kS6=Iy4;(B-RN1Ga=nTU9CEf*Yz8g8!*>ldXT;&$?lt4Y zZOqEvQoCVUE(yKbmL=nR=178JM%y8<HgI0RQp#EBJS}f4MC4 z|2y*j+&Q2Ee}D}1pTteZ4N7@%lW$|}6D@SNw&k4Z8J8K^>q@}UDWZoi;y=P3O z99If*fDA(W?vw}lwXXAhNi)vSeVJ z$e@&4M&(Y6t7F&KykFUmjd#DT@~uV+(NS2wai1p&E-xd4VLoW^v&*Q+?2w3otjM&} z6#To*jYkFig$_*GIf?nTYwbs%@hF^}qcWZa+cN;Np)V+IX$Mx6c3o&^-c22;{q#YY z?ZIxsJvl2ngO5-WVoIqHC%cs=)0I(Mpfd#vPb8@-O6m|R2lPd|3~Hs<-o~knlDAE} zXs&_EC$7Fv@ncYctX*uY+?I9C++Gd!b$)Qa^v2bS)4BfTDLa-G6u>)hy-k)x99qRH zNsUIoHS)j~p6<%Qu*+F8vQCJflDY4fNhcK>)Nc~zyzG-h-NluYe8)i8(6HA>k346( zBD7Oyy4{ns-M*L_%G}p17#IB#{t0>UIBQ`0$PQ8zn+K*L7Z@W$z}+TjiU&<%yGm)CEF z5k|N7)MU(`9?bp_Bpy88V7wN!p>b-Zps>ZQcRZ!a_9St)q%W&%IWCLyr;Q7JDuG>U z@oI}-&*8MGXAe8=L)!oBL~48PHP`2wMd+daB3V37&Nx%plA$tJ_9JkBc*QZpTbYn$ zIx?~5Tr**sZpK)oVCWG=^j}=hV|iqxz|7Wm)4t44{`U5>Ds#Vm*pONM5M^m_-40t_ z!$hi~`4|B4>W*|ySg;a&B6hmgYJJl~!JAy-zUz$178*ez=Ad9mo9bYIWGs}J7vR(o z^2o}~|E!O&D!zLy`AsGaux4Yhkf)6t!ZY*VzwFZa=FSiPmmTpnGk39~cX5LpIEf3| z32l<6z1i?PFZ`q^NGk767qRz`{ldO6-@LT z!=oF=WLFwjJm<6+xgd*N#EjGuOaZq=K0B`*@!j9;TD z1~2HXujjnLp{rldxj)qM*^-*9%WBLSDv|jxraGc?!n3aXgOS9WC`!8kSBm;Lo_|}d zNkB_ARdU@=uh2>M&UZDZr8TJJLq{IvHQyfW%F|D$E2`5oD(P3dZBidDPOV_`2b!ew z`qn0U)!b1Ae)@~UeZo-%$~>l#KGOFx3tXc7vfBJ!Z#O)fW0&=lEb%+&eP9^ac+f7U z+IzcZJiCnT-oNHt@jNrJUBP+0b~gEC*tj`Tit1HPD;S~(mx3UBWv)|ZD>qBb+*l%d zI*B!0){k9blmd|Q_;9Mb3rT~~H5XE+x!z^DK*Uo#eb_xQxIek;!jn=AaKm%(C>WfZu7n}EfnzbiZ zh||yq@&D0iZFI`Ld@8{^XfhpHR%olcul>%ds8-=Dws%3N(0?4$`5fqVJ7h z3yGR(g%wtERoc1Zl{5j=PgP4yZA@0omk}R}g=4gGOwhS)DBauvwp_YChje=9C5HRo zImh2MNwB<|e5>guAOG<_J;AJp>Vc&?E&%DEY?m)NiaiuMN7!#KWC7S*B)Mau zc)r|>HrhE_1z@3(4UDyzj2Qs3#sDd%0f6jpQ0^AZ-(C+B71KZeTYt#qm*m4O+sgv5 z=5oOaM}%1>Re%7rTXp?cIug3%p7iQv2(1A5Ox_J!^3onv6qZ>M_aK0_AIl*R7#}Vz zTQwBCUvwMvkKUI)91~2y3SKvGgh65<7}V>r>_RjoRxjHrelzf8psd(R|GFEoH3^?K zAl}kyYJ+@&ii*JsBZaGcQ&IGo8y0G;T0s{lE0cNxWg~lmt3cR+l5~16`=L<%2`vxr zJh=jvD$nh$`K@-&&C7NglThQ==~wFHVAC$>8`QX%DpyvhCH1Z{tg#DgWHGM!=DmaCG=ufPGs(8&AD;|Nj%~oYP9E)j zQxPzqh^x`A4}jU(3nIDZKM$cJttUOQ^%rgp@=sbdbXg};+SGw zJd5~3U(pH);(3+&}u+RlJMzA5a|1*s+TFf=@NX}OA5*E zkMA?hQ{YqexDD>G05RxkFmi2xiDt;a08kyIYpMX4fOJj+fD|L0ny-xll=)G?+P})r zw*u|2Hq>R^x%_q*6e3Fk0YH>jlz?GdkWGzE3(%0#g{3odAb1@SLa%Af^D1nAaAtAt zoAB!@S*V~Qlsb&@6872y{Q5Hd>$%Ve?(fTm<$dltKcQGO69i@Po-2m>flx~vWTHo( zxGs20Vf7Wf#Um{WL#>#6$TpS+3XYCvr1Jujj6t|Tr|vQsV!1u#s_D86269Ee%GA4F zh^kV+V_H3G9tsU~x!@*O100ntT9tKOsw0%VN^?oRbqC~Jl<>qsfxRi5@2Zy*VDfaS z>sUXy9ENB4&?KC??Z4+EycHIREBFIFrL!9E%LnXFexEBtxjldUL*ULzDH?l_)YsvuweJh+-~y~xM5xnxPT8kLQEk6kH?nL zuGj0FIzcjnSgEKL10r+4C&-K54ADd|DZx1KI;)B1WBL$=Kopf@wN3kV?=B$e!;ixy z2f9Emk1`ta8#OEn>w1x{G`0HhTRPh-!aWL2*D;O7U56J=yXJ}B+?|Yx0u@3cC41JH z5MJ*QLrc+yR$~JnS$ZJB*W{CKJJnEpxWz9Sa|}&vjx%P+&at)Gw%67%PSwL-_d&>p zDLFF)Q1@m8DRlvr-%AJ7`_93<+BnOk$Hoaw*Qi5dwAIwu+)jLr#56OwSI=zFj>66x ziBwZczBEQkl@W)W%%^T^tkMHg2*_${kGxPbX6zm+bz9CRYQd#jH?6!PGAGKC;*+eb zSN|q0Hyz>f^i_^W`5B@-@4FZ)wL0etnCFkV0wV?2Z$2;FuZkj0H&~1f zZp(NZq0S!k%F~|pzD8lGT!y2dpa4n8>EbN+&W4@*E@ull9(ATYBufutGP3 z$>BL%i7u17eJhfpg39p5NMyj21VH+BzV-??##>0)!Mr@mi>g>~8TEn2jQZUIHPthf z>+^H-N)-a(Fu!AsHfhZKD}Ep3+=#D*Z-y}{LAH$(%bF)mg>@RM}$*Gu5n0Yu`vcTgpe!(j+vq`;v?^9?99oQm4J)) z(!r6JnDfR*Toa`GM1#rC16V}}Dln>JNi!ardFX97yUMbA+B+x%hn9JxY0*j6SSL;} zU40h3Q2SxqY!y+6RT9p32#*}^lh%G2keKLY6Jl3iRGMM;Jmv&=?OI5~VnF&H z9QDZ*JH4JXGsOOd`&|`_!fp3VKBxcqw()Y{MmRA-$9qCFd~p{$3zo2rj%O)rPlTSp zI!39Z1T7WQb~G_g#Hsh_NwY78HlCP}zFul3!wPNfhz^?TB*0ai9Y_(iLSwJD&7~H= zK;2`aY*vo;BcaGLyq3430*bhXf%i@=cLuPVCJ0Gfv@yJ`@ZiPdSjdlfD;0CaIa7p2cDJ6u|m`18k>VecmA@dbm z(}KtlaVi!7B*}54<|dg%`b-mKV8E$+0%;p>Yvf! z9Sv%y9G%BUY7ly!*HIj%xjNzdOn<}D4ea;$2aNoEYxPY6ATDiwpFUwsIIQ*FDX<15 z>(@+|EtNg!`WO!LF+Oadx{gyLNyP43ShS8OMyG0D5#{gqkUBY!+Em}lcOQMWoplQ+ zoEfxf0Xkij4wv^ltbY1XfQ@1(ZuW1nr5-pvwzOMXqns7GsVRop1G)Y2s{T({{xd}W z{=3inUyZ2ixAqIu$>0gTS>#uNkZ{9HgemD#&6GY(PTe2CXMR1$CbrQLV)OFk@lkN$ zQ64wJYdP?{Gn{{%an0(!-MB^CA+9ace9wD+L3RmHxb_cSj=vm|o~<=8`J!~R(BwnW@B?X9r0IIHU3#IT%|C+l~g7i2Kvj@JXKz(&-Na09H;OpG5I z-~AU^$cSk-v>sZkvU zO=sD=Gr0L?T>vE2J@>(bx|u$vdhm2Y{Z70-OK^JbZ`i0Ec}@$74B z;2QSdbIbmr8vkzmgQfH8sS0mAuV>!NZgeSI#k&FL1d+m=C~A^A!npQX!##vdA6=pK z4gth>=}sTgA?a;5>}azzfuu?>QV>KWp0XUNxgKmZkPY9nihlWe4uDNVM;x?e6fWk7 zKuWvqn_$?eGl4;K*waDl?7EN39!RWr`&0&+u^s63>^8q{pA8hijaE)> z9S!JB*VqFW(w*aO|8Bzxx-;M?+=Q5Q zN1;8&^J|r!PO8Wd45jEiSf8gk>&=K#8k0tgnVXf*{H%o(&A(3;)i z7QxZ|<2f-;S*PF%i2-idjVl4siDoAA2E&GCG-CxpLE9eJ+c2M+q!P>+(NO?}U4TJ{ z)e0ToAN+og{Fk=hI&xIQ^&}N0u0(FlF8%oR98*~4iaJK8*c$Hg@dmb@XAlZMrL1#( zL-^^xbe#Xv&VMz%phi{mjVDafR)5LakF+~Ky7XuFVmdZz!Zk0~)mXR6fAO(9)3ct- z;Tf*n2$|idR*eXe7Y(RvC%zuLIrz(cTV=ELTFW-3RTdk!eyj$BX(zn0j}-sJLGIa~1^}zoMWP zwmR;?_)IQnpzDlulAfP&iNN*CA3EN@8U5wJE)g@_*t`DIRyA-d^A|6>|F~Ybxv?~5 zG)<->b^E;sLk)j>_}$J9coy1Qxz>5o_arJwM^%bGo)i^4JOA}u`Z^fE`Q>oq3Usr zhld6V2U+NhqFH({^}r@b%W)s8AOafwB{kWUYAmfw2q&7B5*PyVjTto>?#-qhf^+e~ zWGnx2ERBj{HCkR5NUAjQG4d02iQt{K)6J_o7OzO%%BVViAxO3WE1~nEnCOs zNjVcbFAi^%aQYz&V}7<@lO)=ri6Pvf{6|Fn+O|&l?P0ZBDQN5kDveWZ-30 z;tF}4jfom5iH-;K)c0sa*BfXvGBOxm^Rym9g?{1~ve3RHcI~xkDnM1xD*edPf%$Q! z${qIpH1A9N@(&mb*mRr)X7okldR$h!ZPEh#0t8EM@Epv2%$WZSJEbaU*hLW&)1l7W z#s&l43dyL{Y?@Rz-X`qAszuK@kuK8Y4`3B3>izzY;iCTP$Nd)t|4d-dUmWWH_~XAG zC(&UR6CTTtWX0PUlgZDeze^Pz#U%zx} zw#@yT>U(`goe=4|6=bwpqlK$ zd|%Yhf(R;As)Z(9dbc1Q0zycDP?Syrgc>?l1nJTx6sds(0zwEa6b0#o76L*DNbewB zK=kCBnKNhZnRDl?bJxtecg>xwtd(~q`+Zl|&d%QNexCpH`(Gf>NF9v2Otl=O$UWuz z9XEe^%7^#P7CO}#nVHl(XRIP@emJ=X@B7$ycqzlow~cE_4$~9xYW53c zsFQ7HPWr&1tirU(uB7k(nDHsJ8UOJAtr`Cue1+r>NDtg_q~KvmF?BYUd3Rj%Q!2By zgpq1p2I8M4z;|HT$ROvZkM)P~5&^*8+L@6f0V$H~UemhE zrEM0Zx#~rwdaM`i#6H+bCmWIxmxl}pZ4DCt4!b&FTgit*EE`@FM^HUyv3i3(ec zTayhfMNjjvmR0KO8xa5dx!YSXS?{yoL-VSD5o~CF^ZkD(>}e)Ye?PIk7Ajvpb1{GB z=qN&nh00b|rpETOh*u8+$j_H68UXO+^_V-6op)vznk3CHwF?<0#VV|4I~8kHiIt~w zebvTH#7v)Q-au4{DGJ%Bq7}WzlEEQoQlmP9-F%59jXyHpc7q$BTPtj(!3kc{GwUWX z$69wJtc68A+`1nZIA2cY+X<|7p6D?Kb$vJ#gmLZoV-iFUJD`2$YpV5ya94#~SLH;l2fv3q6Da$=!%*C3)D3iwP;R9t~Du*-aJPsLkOB)b?wn z&XmYIE9_ikaqp|)?k8J|awCBgsT*%^lFdQ;&heSH3`?x_qk#*V=SeL}{ zo0o;}R2d~z>E`R}$-smPKjml%(0o{fgp*vgEenwr>wohgE`RMalJ34&X83iEXW8Bp zJg9E0G48LD+{${sn51BW^;0Lg4U-Zc*`L%DV&Xx$ericyM8nV!h!aOHmhoNH)7WBS zd-vd=x4e?hSA9j2!4UyFnUGZvQENx|PS^5e2JXXw-5d@%C9O;18|&*E%T(TTg=CX$smy#PM0K)WIZ(+=i+)eAj5{us@%2w9)?fI6TY%`64#hP z9G;483bF~|4=y#wl1DJg7?eX&gBZ%5fFQ{NdPGqT&QOeCH+#eP|C8zT|E}%7YXaoP z)K|h}ZLo`kt*r`U2junUE*Q)f!cXBa;xCzvopvQS*nBPji0@)ONcUKX^EkOsQ^W*w zcq^C@2kP;(5|oWdmJC<=ETeJZ9zL)6sejFuVe!LO_$aW^8IaN~5CdH@g$hOtN*vzadPgNhRTCoc znMnwFU7XxXiOw47Q~R1tXMI?a=Phya?r})_^0yA9WA_R{>F5!%u+3UDm-wKEiX zKXhB9>4c6op*_z>f#ZI{5BJWhxoB@UU6*2M$8bdE#+e-l%6S)OLjt~Tf7(9k^rM_K zUwj__J9|Imlg~CS335!>oUoblR;RB`*u;Nic#DgPAXYLE{&|Ek@$FeltP3nn?_fiWgQx7%eL7XmjH^=@d~vJ0W= z!0+z+z5sjBf-{NVCs^(W{ zplUr{@>o{vH5GG6qv{)#k_eTBW+qne{HYi3{`h&hSl|cJ;=JwOUs8uV*z+#Sx8bqh zS$@(h`rE5}pT7mZKG+`GKH9F^Dw@M0tJrUD;+l`8yloTM(4a$gSF1S>tNpQ&(dNY^ILFA zHPy7LeI#$);8pl89~q4nNWKVI-nE7R#}>uCk$!J8?kX4XRMzE8fb@w%>AsZI%YuDh zGPz=qylpVsJu&C4TFkv-5VumIVjp+A^I8`slty(QVkrOTPNyAM$a4ovzTD(>7&&|~ zgqL@CK&IYt!A{NWWl&9(H%BwHy}igDH33OAJAs?Ufy1sucCXFoiE_MU**kPcZ4xaU zrt$mX8CT>X*|_k94p#)ZIMkSj7DjdtFm0i!oR_!Kr%M|S#VLot>C)y63iT%MP)OkK zHCwMhRi(NO3LTEvlR0|&L0$amMEdsIJ;Gt<$a&K1lZC+LpBsnJX%}Am(m!-9#?K#c zmpKjEaL;89W}h2m@D4lQv8Op1!2aIpe-}Xd|6i2|-I*gkzp#0Y%KqWIP5H&%KNo~E zES4Sz1YI=h5Bc@1w&nJQ&(-b6D~tcgKq#7IImQmF|II)M@v!$?tl$cII^L3;LdsJp z`1CJ_%Kz^8U&XinkJD%MqtuKC8JpK-N|qwz`=Owet?w^(v-`RWa&D^pL+-38L0#(O zrn5(L!J_q2DtMrZfA__4S4PcI-tN|O)}J4POcj=T_jLnUBomrHS7dhhmh8^#di{)4 z7l$tTB>khl0R8W*FSvL<>QjyGn0BtmhP2(jGgK!-m+X_e%kRWzie)fGF3^jCkg+Rw zQ=)6^WV&nN)3L?{t1kpS0t9o{FAfzM~I(8{4d?go2s}pui+hh2iwAiO>y7k2aH<3i>$URF)p@T>4;E! zH{TEW;&a`Y;kS5VYaKF5g1N71B}vAOein&WX@8`l1&V{DwggK4fAPYdht?Z!s`S;u#sz^qJAR{#LFNqU`L#nKNDP798kGAK+6dT zrdd38ci?lp73$LcP*&Zg5z#DVrCb3~`Oqk`$Jno04!=zO7T&m+I-%(rC-426f zVRMRnYEb#AhvmFQc~7=@rPt}39!3cvOv&%EH!sTt7cPGDHA(MQ@ZZ7)Oa=q<8?p=H zw1>8@yt9xfVQpV{c2Gmqg1>vgV{fgbQ601X80unp zJ+QiIyJ?ZylY$}mZ+=sC-+ohM0dgfH0a_QxqVn+fr}RT!k!h3e zf;fWE^zoc4=?kqvqXs=cLlPvQi;WF>ouKWJZ)Jf1lJ3Mt)eG?H#5d&PyuP zMI>0hxF8BDHCGu~0#er9%oedDrP>l!;#E?ZOZ_bN)N_s6(^Elt)wsxIjQW zj{Kn&T4dBq95ofE*qY5l&?=>sh1T?{ZZ<`?%2vhWgvv&>Tr!|$=Y$_VITGU@SAPD5 zARVDoJ8q+(zO5PLIa$pWj?*F>yNxT!wt`rYS`!3#p`axp9F^$bTYLu%5KS_WldYy2 zs1_`(uOdBqur6ihY(r+gUpqGqjpe@1v9L%>OUqs%K6ug(wWL7eHR@}#Xw}?WCIc)t z>!sC5EZx$wEG*2gn@jx&Vep9&u|{)5U5UAu(Ic;8!aEt3>b$?6niTmY>DQD|#Y2^wdpTm>3w@(7CWj`;+%@qY!Jl^1UWdRkUqH?kiw{yr8d@YPt#t%4pi z*{?=6k(CEZK2HqgCN=19a)k2|D*-%KLuKyNN==_7aT1H!x3(O&U!psRzJA%-bd0mJ zXzi!hNyJM4aheT^28)4QW%w{re2`{}QW@^AeLXxV@&1w`e+P2I8gES@umF0T?f>E7 z^?_!%LGyl%T73Q^Z#1PH-j{V3QNZGC#HunBg%iHa>-u#(`7Kkmy?b|SBt%-lapp1h zMy8Bc-e@c!L+Qzyw$Oi~6P{{;U;dk`#u;hGNp-;++?(gyj=cS@y@-BbjQGbyfXw$u zvTefOiGbBZrk4}B|K?@>=|i9ZK9IVG^D3B3${1a}%SMwKGc zB7F7tSy#!Jj*shW8k;4>3gg++f!TuF@;?`X{5wRHy#vOj%yNwUaK?R$?q@|CtFLtW z%xA?A1_DOa!^x^SyXEFMUhVP39-jg8dQX)#apCaWqTV?cx8?SkPO;zf-+w2v9T?p3 z5}x3EIhEZY>n{l&0>9o{!}3~9a7h=q9*-2+$1Ipr{Es zgH+Sg&PO(7$Ti}H~Oo1!MoQTUp# z@kH`x%i)>MU4^96JiE!x_#F@DuI#zuK8Qhp>3V5=%`qi|v}%%;uqC-Aewvu}<-Mo{~N z$KLOe7H!VoG#N1N3xtkkHRlFNq>7fXgpC4Ni&777Ov1cgmP{cDREY`72_*$Na5|^a zD3PBSpGn~Eu1V?qyuaY)w1@>mao236(qQAM#VNiy_c{;7IQQA&|5#x3@&T#Zw7Ik{soD}WN`Ai^IB?jPN`K{<2Q%MH@k`BBkraIH;xGc%s zYyvAEAbwK;3FW_Jl$2~h^HQ05#+f_GzoE3bw@;vCFOxs_^1^DhYgXhh@3(ww6$9Rf+E)cv9JF}mwDvT^Sn$FuXb<0@Ul>;}E^ z>-6ym5Q` z`ai*+cGf#JVP(@fx=8Ix0d!i zG069Z-5TO+ukKV+O2r!R=8$=I_4Sx26O2tN>@l0O=SBLCK>b1oVI~`bLYu3%MS@9i z*vL5!HZ{gA~2X!!3;y$Hvd+I@LlJf*C&cES6Mmmq8K)z#9 zwlVkai@>$$7?D2YGZ8g0w7Lq+XsV1l;Wtocet*J$0}NyP;yYtqY`>ry{MI@#29~u4 zBf>h$$Dq|cWz}Qv>S7S&MAuto(O!YF1~(!hrt*h*D!(75vkW58g_tQ|_N0YgoCsHZ z8(#dC>avI^&AbHJzXO@gm}JYb46IX_`B8AmopMcbQUQwd5ATnqv$JIa} z$>0)E?r*KSIE}EX&_S~?po0)3{9Pl8!gM%*_{1XfBbm#OZp@(|5ntgIB@!Gg)vrye zpAbgsZWY=H%UJV8QaTJcgMNJbi?JSffBN_4gS&CJej}0L=LUBL949>^#gV@addDwx zwFl0QxWDNwzU3HG{>EWkfuds!Awe1{r~#_SHkaeaiCU`?r0mv}UX?XH+TD9`+V#r; zTuXgy8Qa4dFRnUg0aCX`)v4a~I$ZN^_m4aE0w~d+>gswY#>&VNXw|%EmOc2`y=B|K zCOt1YK3rqau~8A|;`sWrqis|&b;~^^v!;)=vnD=ITCh7*_h>!KLBV&z&#ivrxjB4( zT~C<(m;7yF+V!)mbZ6W%3?RpHUuv1b@$TfBjC=dva5a6`Yh==b+XIhhLA%{{s@hN! zIHf$%)P#cO$IE?BamnEsx4Wj=Piz)1i-Uh6RBlYWP5WnqEtiTW4?Mo;HAqaPL=ibz zGv319ZS2d>R~cVwl?GVmUD~Cq-k1x1L9#{58I-88l&)>0Ns_X6U8Uo7yAce-lbs&k ztL*JV4;!(BiICwRsRl-`i?BgfBTLyz)t5?N&I*|FLBX*Zlc*M)P zl|02?C5xt&R@Z71{Wj#m^1?6CDzRny6TwDj(9UZ9o$_RXARWkzi@YjZL)~z5PS5H~ zs!n&i5Q~Ptk6|?dm?ryBVZ78F@`U6N9ipxU3ouqguHJF@g?0ySx!Z+~kMs4F_R8&*Hni23)P_|8 zlWej?(EBGr8`>!cmVr+wtYqZ1iHi?m)8JsQ;i(5D1KImxZ>qPSHo33ARgj8!+NW^g zE_#YB#5Q_V{)Pp5YK-xGd&lpW2Q7f*clTcJ)|l+N8q?cXS>Fm*6c`BNjr6op?UIU{ zY1qSIPx^nS>sDEgIalEyKQ6Eii1yz>=7X2CX(oAu8LW0=+Z-?9Xp{ zox-j3KW0O_-}zFLjk*J6Mdw0?;zc)M;w#GMSf&*^w5nk7D_6lNGLlqIxR18TQ};C} zsWBl$G224l+b9>(h!WyiK^?5 zbOh-rJMg@C4~HSzEy6slwl>ye)*D0=d7-KPErverNNlDEe{mdHOQ|p4x0kM-PUS4F zlvms;BR>^&5@|Z|A`fyVZIjK8wD8R*vlauL zib+la6aoHgs=pWz1#ai`0{Ea|C`yPK1W~>!^kK8Cwdm#Ycr6!57NEX=0f~2RARdT2 z_)3LV2WS=4noz1o9K<&=^<*#_mV&W^SLo(!NSWDK?4cqPc0=6*0>VN^e44d-q03=4 z`S;#Xq7y%Es<8D2IL1VWx_$}58KgjfFgDdx{X11{x$JW`cgsfRbIJEwn)ZWd+k%}2 zn?Jc1;t?_T_{w0xz^*Z8CY)LS!E@OWHlyMvMb>^+8Vl|IJ!1gw+bz#`7V`*hh9PhB;O0=;YEzw5<0JmO? zeV8nyKE@aAv+x5Y-OlxSc*>|-PeRtodsBUcNvKIGeA3_!#_)AocCG(N>5hc>J7YP= znCGmw1%}4^-f`&u+gpqOSxEGs-OBgx-uTa|5Uy|-_*)^I=~;4=uDk%kt-t#<{kuxY zquDj|WcuxW;VHAY`khl6{j0ZN>ysEw9K8CE;@|-TuKy@;@ajqB{z9M)xZ~JC6JwdHZaP*GX{S_BMyr)?o3w^BIdR2WO@tHPmT6o!pvpd=$*03Vc)MA`{JgqbcV zR8Kas*dRc}w`$D~Aa|sZDEkjl8OF^KVLUsTbJ?Y_p*lDKkHWAUvTDyZK{}^zA_s!X zNSKqUhZS6&qt8G6C9_Sr6Wd;w(Z8vFalC=)%N6%DA5y6@c=HX{Z^!0|A~~13a>w^z zM%U_2F;r%~2g4&_{Tft(9J&=+Y%|i`g~R7QD(Bx?^nD?}io?(?7gm9>?f1Gk zE2x|il244vXl0O8;nLU)7>K>_>0v6e^Mb<|k*BPuuxFN->L2(!&$6J|Q^l8xK_DYm zlA(@xU*A_v9q|DHW$|&s2Ld35m27jo8V&ush!R69n|wzLgl4qfQFgYfO$$}jWqi&^&>S3K(3Wp0!s#l10mo&uD(YODqyO(r5NoIq> z`JCRf!$m^TLtEcBr9(FTpq;l_cpLVvBO102vbH0C!IgQv2=(O*s)x%YXQHGtd7I;@ zEI;v@4qEd5LUnDWuMf9*Z?X+aV>9(zV#>!u4hP$;W11Gu^B{^$%^v(g;&FNi(n z)53?g)M2G9iDlr^!)E2WCHw|q?(TP$xyHBA6vs>_On`cU8R!zwnhH)KDZS7`f2m5k zQ~fMy)7f#GpyLe?z9bJZ&TGn2oXRHl4rP-)C>2Kas?x#4u&SxCS+bHQNp@rcb*D^7 zB;!Mt?BPc*#bm#AldKUerQ)`aS4<6NBkiDt-Q^O}1&gP#(4<+E42o;@$YBDML;PI6 za}U2>+r(^}86$jF^dhH>`$|3gE1Mww=9Ljq$M=A^`y31tMH3C5G;|FH6?O#*`m`+! z2B{+VzSBWaIJvkueCg|Qcdjma3TjH2O532ORSUkQMwWW~g z5+tWzvtzzOV^?Beix^}<`ek$$v|Rc_hjbLug*|#Do#tj@JSunG@c2jT=u~RPZg7ol zw7n?a$K^7vQcLX{dC|AJ^ZQtYy#l&?-|v7PP!fb>EIC`LRKoUeuj`l307}fbpPYkT z-2Arhz1H(}7In=d!JMxV9sa;hq5t`}w?Zld<+P}6bf(OyDE^;m)BpOa|Gq)YTliim zi4Yl>pxMxxdus!$!!utx_SYmnIMgNaYupYmWAo!r*5WfF-w7hF2tyak*9-<<(iqHY z0E$c^8n=Zrg`a}w;)eZy?{F1F#G^O-lqf(@M@8MeRIBpDcdCbDSPl_fMoQ_(Ofb$i zQ3ilYx=e^X!%1LGJbNePmE2WtScs3pPs8lMJb5?awNdMAC(Hc?q)cPU*jgRqAjjf=!U!jdN+zkdh)5`AN$> zwjILJ^vwsYRyfQYJ35<0R09CSu_szys^?oxuTQJXNGbWx)rn-wviOh1f@{x1Pd!>hibS12#n4dIQVf{T5TnXsR{0 zok>ECXH}-<5Q!r5%RkJ*keVZbW0(596WC(*A|kdn zU0xZv?CL1i+K+M!UO;PhFnM0s9p!$q#)k1cyU|ny6nNT&MV!=jlnp8d+ z6gHMW)XGRv3(Qv5T=n)Z5Q<09_rb-nrXEebT$k(I$QM$gc`q8KG>~DKQz&;O$`tB0 z_S6h^mB;vo?i+2xL7J*DL58-Ma_B$Hcd+1QW?go=p#1ozneX|nx3zZAngZ?!_M*bZ zJ{7Ld5Wq%Nk%(4P&JByBkIpZ*#y`pUOL1jqK0_h;s6`9r{N^UxemlA#Rt)Tr0KVSqe zR8g$fwOTl0Pd&bp1o9wetW2G+tM(>E(AO}$$`F}oG6)Ds zal_F2Ve1dg16a6{Qr2*i5JtZlr|ru^$>|{R?*|47i-{Q0fdJ2^j&iq(qHHDaDnFrd zep)_l=Phc-th#>1oO;I1se#yH0y!YFjfJhsR2UV@FRvw1^M@@gmHHzA9+wLEn>RMZ z1XY^UFB$VOr>^9279j(BZ)tn_qB6vvn>x41XO>_WIsJbTvgU$8dH&-!E=;xXP=@Pj zq)y7W-22DzQ-Z?&qrZ7u_l{ZgeTa8=?s+ZjBQjH|`VBGd-wXnDLbD{!EK5PyC2@Ow zCo)!SYeHi!8y!DeSDIOx$~d#0vLalW%`H?hK<38G2Zg3L8@1`x&}NX*j>19~J-=IJ zGaoRNIG#>I?|%q7M=J#?u@O-0=f)@gBkNj=Fv4m=O+@-)3B zTGT3pOKO7R%xw{Zr>i2$M%UI&`!2XQQJRy(G#lRi*o}M9@k)wnx>p60?ctX^nx4EB zUgF(PemQ9UmtE2?lnLZAR~;<#8@eTG~wpG&OlT#bA1xHq3zGNcwV#Qj@t7`41m?Im@8YMjGS+h!S2)Z z-csuBO`Bls6k}uB=gG%;z2npj_mNEoNJl>crUl*LOw(*BcMIcQT|iCCV?_1IDQ!QE z`HVUCk#2Csf~U1%ViEmjjzs0hLTSSMr3m?}SF0;MF==^HlQ~7~U~=sDF~NYrvcu2< zEugP?O_{dYM0TW3vCy`ye5vq;7)#L|A6;DJgJz@L$L4_w8S+y3)E_EOhT-`;r`_4h zb$rVtL=j3n&;OC`=-Px$nM=>Y;j>Er(o|}5hMVmgVe_&nnx?RIA9E}KdwKgz-BXQ;xM_)EKe>!lT-aK;qAir~sBE%!KQAf^Uo;h*(0`;+ zHoNZm5Cakw8G$Ccy#Ybbi3-Nh(VVeL`c8> zwu5~m=-H%*QTS-nSkhWjz2(Ushlh!sF(B)jiSpC_!dKQSVu@S1VmeocQbynUimmdS z1jyf!S4;LCl5z6ys>GhOmS@Fd0PdH=nx`_YOXUg(wAH`FJo^C{RW0nR>c1l!S90F(hV)xn!XM*!|?R`{30KF3~Fxy{?7d=8zddTwbKEQflz z3O|axo?|$v)e^=E!CY?TcBo?6oxLDY&vu`j7P|k3ZsEbun11fF-4xyo-?Xy}{0?e) zD6q%~p5CC{LTIv09Hh-udz$4UdCH=_YTuQr* z>~rhBNUAZz<;>GUzgV*K^HGH-+9Ao}j%%iW=xR##^g%P04(DxUa}W2bd>EgvAgQ5^ zUA?9l^$f0XY;ul%h(H1R;1#wN`Ou^8w&^uj*CKbUb&DL~;|}}XD!81r5Ki>MhK{L|Y^ir|%L# zs#vht?;xr+H#j&(&RRZGZpfS)2Cb$l}dkwUT0IniU-TU&Z7!l!GfGzb(#<+;_}{;D3cL zekbsPpXx78AzrA27-V$vh2!CGG-SMiozI>bc-4GYKflF4*yiEwrm)-7@Q!%Yd&>zG zpz56A|2gxe*D2+a@Xly;&u?}~TKddIF1V*DZY$)?nJIHY5#{ek$zmCeM^Y@!mTS;k zvsn|=I;=s285kKTEY?uvqalMh0N#))UI@FYz_ zyDNUZ|DoG0<4DwHwA_jw0wuQ=j}8g2GrX3H>Ad6F^{m ztggE7`^Ia#!3kd)3aMdc=a4M5ERy~*k>hSLqC8Gsum}KjBZ<=nrmyLQ?@-)|Zo6U# z_wVhz;k&WYtLcl6@WWxQ!>|nx%w*qY%xG@)uBv-kuWlK7;6}H=`YZOj&34B> z9&rwA+Wsw-Cu}EWj&3c`a&w={l;S0cz6Tc>q2*kU%d&>=`8S~JQRla}GUq=%>y8CFPxV0FV8vJGcJz&iP-w^ItOE|B~tc2g-EMjMej< zI@t{_1t^|xx7nh{vu88n?ygJ@j-MA!v%%?;o2OW}SA&w;Dgoz&#nMZqeVvu>#s{rw zXzxM4U%+-Y9Tgj9)Td8Q#tsFT^pSX~AsN}3>?nKaK?lv#%VRFq3MJMAlGkdAp8r^n z^FP^8r(A}ms{@6sOoD7vRik0vCiS2 zK1^iYz@@Z&+1`bJcouOegMRwG#A{Z56C+NESrR;v zX2{hlG`P3y*6cT&qydx|=|qMaW3Ebaj4^62(LjO2h1wsQ?tc`;0dDla_F9pjKYXJ* zrQ8kVSe`Oa&i)YXPw@1Jt{2Kkke4;vAxZxXcq zfa)-6KxLuuni#i(!UN4??#lWQ+33dEf%6FsxKADZZi_kXfA0 zRQ}cE+qZ9RiIqx2aI)%&Nc$1Cz%aCzZX#VGDQ^6shh=h{i^LDh~UUgc`>`JWb1KMr=|_)OTpKTRLKSq71}8vat8AI$`lcM+SA zU(3ty9-dGIxZE>E1G5{RAOmzOABV4+9Z*7Xs%Fnux+SAJRF|u9xnX*%z7nen)7|)W zr>qhSgtc9&_d?e2Hp1hHM~qfalqCqFkB4~Z$LUv$iAf3~{rF`rnOl^-S=Oy~L;^^S zNSmN|X7~ZNXbzn1ya~(d1IDvX)d%#A`KX-80j`6rhvYPk*tAux0{wc^1MTuwA`k#=Q_kdBWsaK` ziSReJ%O{8PoYSD(qb3mw=GXPhj14#k47uw=8% zLg;><$K1r6EY6HHu{|I2@r^8NhpG+6CEev_X&Vd&+Kl)?8F5BaOS;CS@$p}s6=28^ zTeZv=w01ii{`EOFS&s5$(Xn0%ClVdUNEf#2X$QT^Qo4uwJKZM}UC#QzD`AenNiS3) z2R+uL7w=S*7Pz5jCSaoMlEWLRA%}$BqB|4Sw3b=Fg8cp!J$b;dZPsL9j|r)*>uEWk zh#K%GF=y+)nRKv08?z?85zWkD9!X~y5J>4Mn^Y2w36Qc!jnC*@FWRVYZ6STYfVcVc`8SBdN>P-2K4LS6nBAIU~H zCJm%;H8JBNb}7kn(3_^PuKJNDF68e_{*WI#1;)S~;UqQ_kSrTe+RTB4g(sPXr@GI_ zQ0?c6+fZvWlc$90P=g;}io=aVs0{1Z_Ya5}`F>N(k#|0{qY;ZRB=$jbzOB7SJ#po~bG%TXx#9^G~&6|yX#uwm0~)Rjv{|GK0BT}+)HG`bFa{nx#` z#z)R-@3rf$7tzvIol^2qPloh~Bwx97mJl|BxG>u$6FoEUi~3fjkp9A4tsuu3*Bb9Z z>m%oHEbWsgsGEAD>)GtjE}G4+nDbV=kx-33b>N3bWYidTLnV@Z3_vvrVov4P zWIYuV7*z>+yjrI8dbpR9C5=bKDcV=(nT=->F_H3|}>-|Nh>0vi5ljmHBv9>Z2;?VRHG( zG_2SEW7#?FKXe7<%4e^Krg?hOq614Q+7>fch(%&OXa|G2y7@@YPYsmfG%7!^5Km zU!|m1%{K#@NQn;OUZp&Y5m{ynp;^Kx4Sn{Ks%#zMb_;FI?}a!Be8oDn()8Z!jFgNG z!TG8VD_E;lL@%Wd!xf4w{)T2dBW)#^vq)8m(m7Aj2EkRe{`xE}8R`O+&N@~F1W z=+85aJ;mqAV^h+Wa{OwaEH$5yn$ZF_mMpP>zNpwumT-~=w_xl}t2&ZfW6RIBf30N4 z^6tn96A0CO6OJBOU+=c!7fWZcfmbp;(V(VY*uAv~8jZ8{3uM-kzb!|({UsCL6(LlA zHMLjSP`H8u#l#7=j610bT9+5l+lei>uVxp8eyScp26nF3(BI^=VS_LYO+a0@Lw`u zE07yP>gv3`>lm4qfHL3TkcApR4uVBx8>&}6U~WvzVuzQqv6iXDY2W0r6a=0skZ?5* z>-L9^PySKaq+hb4uPsu>K#@~z_@c4TTYR36+u9>;q+fkFOyZ*>c6m(UMh_XutDvhv zUmtgN7!R!}^7zXM0ybOm)dnF&^|Kt>>+vIzS6`+~-dj8}gQx@bCTyusOBoeEAyW%J%fTF&n>%uK=$@Psm7V z)65>VcS4CYfl*DjmX!XDS{~V>iamKGh;uXWz45))2w5z4Lus=}Y<2BT(P(1hlSE}2 zeV|oL<4Lyd?e+uIwXfe=7{0lmlvh?Vsa92nWf*@il6p9ib{=ntmlzFYWznJ!W>3)5 z1|;c;zyH2_`;sr+y9?X427)^$Pt3Jz6}4cX-zl<9&fn`Q4!_~4y@6xC@& zBO1s;_CYbluXi&pWKwQ~ItNpqeo~ny7?UclmMFeqX|l=X^Q6QtWTZHFW<9#B^j?y7>sA4;0jkSE_(Lic=YS%`B@2j=E>E|2$cS z86X#>!QA@=DIH$bcN4Nx!Vlf)`;qD)eL1a-Ro-g_In)H|e?0qeFW@ZauNr+~e#90)f->OjF};H>>(O$iq&d!UcvrhB z=}1>Lp&r=~1Uw|1=V(}~5VIj8^+KjiT9TaYV&d_{N57uJRLeuhae28ykUX=gKCe&q zL+r$`A+kg(<^dJ+WW!7RJG4=@t@%5A`mpY-U(obL`%{CN z#?+U-AWY9eyCrDVdJsOT|PA){dkwvBn$R7AEY{p{1d=EUsRJ}aX1NOROk zZ{d=dvyl<}fN`|8X{kh_8`;$a4^d$du|l13#f;eMmWd~UFq5hs9m!SA&GDr8zVETmTMF$_KqGEPb!|Hz_K>qKI}=8 z6J41=grF3X$vnzc6{`A6HktY-my9m}D}ZpE++dOuM2=qRRg}jum)YJtylB++rX9ej zH~?4)dMx4awT}C#_DO3zazT{)vi^JctRqZOuBK|l)jj-^iD*(3Q7y?>ZYLa~i154* zWcC5rfiY#gOk<5`20`du!cF{ZrvMPTJvkYFnF;8-+nQm9IYTVb|$2Tv;)`gOdU^$n7Sq zn89yr&fp=)D!q0zCpbl7YIN#lLu33JHpNZN*{s&Kk(yS$++x|d3xr=L=@@SAxwP=phs23GVcnRMdwFWL{)UC7g5n3rWx{*2LnXWiGmgZlg2o(_me)a zXFHuHJ@+DS^4HYC6Wry&4BDb!z`GjvlCHh>`OA8bX2GV4Xj|CAJRJl|osnfcupNPK ze}o9Ze#Mu(3b)lV#yfpfe{p2IhZrv5jQqD|nkzJ^p8Y{tZCdbW`NU(D`DgrWUGG)^ zqhsZFI(G58^bP<02JCAK5@MXUV zkz#MCLl*}RqH8EspY85n8x-$RYga*rMqzu|(RcT|9nM<^TsOck{mg;P+d(tw0Z_ zYN7EMbn<$*1F<3daW?Nq*V!;`b-t>A7fq6#zh^%>g%T)apRrRz<6kQ~DU_xKLLz zNr}3Ud#PN{nWn;aj=BBa|In>Dt6S1e1&}shgiR$ZkDSOZOwBIZkNu%Lr%6MmxD1Qb zhRjN8PfC0cio8#3JlX%HOnGoTng9;twz;~umYA?Y**<0e=n_hpbSFYO8ShWd(6V|T z9e`4bq{$8cb<*jDutX%!Gwk)YOdrl23-a|J1^hh8!kv!8UmWg- zaIMK{HQM4!v+BJaMB_z^zAZo5Ua&n%D(_hjumSZ{_a+VH_8Mg%_qZIRP}S*bJ?*+8 zH(Kwu+Fl8?vcvowAEF4h0)~6HB%gu^Ipx3eJS8SpD*+|%%KPm%r$%flIO9pIGm%>~ z5Ip_HFV)!^hvx`NgZgADC(L6(tO-xEgU&!LU=+NNB1;<|<`RHclr4?!P<&thFXslj z|7aHU|M!&MCVQD_3GsNX!u4zf35tl3B=yw*OY`13mFiTllx%EHoNFjtlYeoiY_>3^ za111}ly*W z#+Y-=Io~pJBGOVhl_|gM)2Oh8fD%(TXB)3DL4pimcC&F0Tbx^@6r<}Ver?06`^^`i$7xM@2 z?BFAk!5@a8-OD@rjC*quW%|Wr;MjSj{0F8^Li#;e6|ry%U)|Y_N&=qk0uXiBRVzob zT8-sAl#v8{ARf}Gd~Uq+WXq^^aMkAtB-aVTt- zeR29+R8*{e&??j>Gtc*yZjIf0*nXUMBnSe|(Tf*P^ArA%RiXkam2NmiCoO-wblO$F zs^gR9>W9KQl}5;1{BUMYuON9kwocouYI*l8xnd1fV(c-WCB{<=taISaQn&4unlYAy zjm^OKt%yWOU3lPPfx{S=MGkW~%f5yj>!6Wc=6u52(g7Wlg&ONyRxxbR+f94JUB-vv z^j7J-k@zX-I3#S7cI6hs>!hUADHAr9LYW(Tg1uMcK^onRL)CazAzM;REf!1_P!9KV zdX_0gYr3XX$m;HBHJ*TNb#l%L+0n9N=lP2coMMRo{mg-FbH$4%orDEhh@!a-D3+n{ zgH1~KR?@Ar@7}!&gD5IGJ1|vTbHTj20ed`_nAJt*0Usi~!w+ZMSKP zAVnQ^GdcE14`%k!5cv^&BGZOzwk$+2vubS==h?)I;YrVk*F(WDu)EO}?_y_d=pcd#%#ZKF8J`YCeN=0l2j~tUh%bJI$18g0x^_<%U9a`4 zsOjUAdu!9S+a7S8I5AaTH$tMeiMdOcRVHE?Czp<@z)>*gGP1KvvtADN3~05QZEf-g zDC0$pGBRR6J~PNK##hZPt|8`&TkT=3xaBNSuO?S#A)73Fk+_^E4%k&eP3SF??)gPn ze8%oJrW?z;!4r9(eWQJ4GO~5U3Y;s9S(032G`8`rzq(3kqE3Kr1|geQ)nF^32B-&xqfiEy!c%!S{|9H%5f^+-K zgo6$%p+@H0LU3t_rBs0I)KH-B#FTD||J(%iyL;)z`M|ducfaj_wAt?2w>&0(3cXD2 zLhql~C}@z`o!oZ!2mp282#oBl-`dFWrwq;ITsZKXuu-ltnG^ixPhcgQy9PJrJU{Bz ze6^AGa=U)8LF((XCc@TIePhC%e|;8q+Z!*b3)$BVt@vZ=P$-R5KV^LP)%*?3{jQIJ z6D!YB|2Yi*9EN{B4gVj$6yhyr-h10wh|XZtaw)8Tuu$<$xn*hKSna8zOG46=4X&BN z+F~Z-p?H-Gt|In$1Y{Igo74rcdsY8^(!kFhgk6wZ9Y+J z{#aw7Rlxv&5G>Q5(fsy8;$08KLDd<5{Z2HjsRB|OZ%Z>VkCKTY`1(vuV6}R(b)1d6 z{X`j~c+8ER;`%XFbxww^yXVJC^=yx>2|h`@R!(U-hjcygmQa;B zr(y4HtxjbRG8?(ecWo$#KAmm+xPTY6N|!^R9Pl<#C|na>0gkUQ)S`h5ABmJ(^4kql za*^Lo(?=uXhw=FCftiA>$wynK`zj3fExl z^RUfqDr;wj+<80MTIcy~hwc#uYctYB2i=z-d*_5D5*OXPoAL>JE{~Wg1ceXZd^_c?`Dz=vDz-KP=GZivH zDOjT{66#I0_8Qu-;$c9N1V(bnA$(op*J}{Hfn6r z0T=Zx|u@v7ilN9_zqo~#0u-#gKlSO~oQG6__eBp2%#YtM6ej=F!rQ9;=;BP zh7Ke7gDr!XZ(&vnKh-}dT$Cty@l0mv>Yql@-;7b!%$c|~K~4{e&k;WL@;SlU4-zi`;GWN%=FGMdizG?Gl5FgL9BIIll8Q#OEh1 zN~l2>inatOus^48_Y2U#vm_Q4oUtE5HZwz>mhoNDeZF=|M0-qoHr%v^wyi7>tcoW7;ouNLZ6%qW2s9A;vf4qtB~k8)Bd5=R9ih z)YsyG3=oaqyTja)wZ)xH#c6<>Qbz$Czn%@09gNo-`nV-1#bn{pVFwL~STu1A=3K{V`J^GBf&9oM8x>t03Y*t8@tLV=jkrLk=omQ>6!Ix$jM>>A^Lx(qPT zpCN6z{PFHd2tF=jM`N8EB=wZt<9!7Tc#v*5C!X^xm3n&FFhvyf&O$Fhq0t3%_xG~o zpPVPv4k!FE)&(gjf2h;?$3AM85#uGLQ>MikG@*JvCSnnTsH^A{k=(J`WZ`;Q3eimpo_c2MRpx*X9p-+;4x~Fn)$eF{G!+cVtOU1 z@`zt(gT#@&{51&ylC*{pMsBv1@=l#SmAhno%2hYy`>}vx{e96TqwRjgd%%pBeQ-Yw z|7>S@PNaot^e1vb87)RG#g*Epxl1R*skt|SlA}$d4z^2Bzz7(YzkDb2#YAMD%D;;* zy_T7YHz6fZIP_{S0R3flz3KYpP_wHzE6mNyTRS;Si;|M9c81=1r%r@+UzOE1~JD#iz9#C{JBnr-Sh9LUQ zo;2`|$l_hb6Qo-=Rx?Qy@PcCNPNzHH`ASiF-P(n-PKAeMHs90 z6vObi%xcUN`4hZdAp=?|LiVy8X!WJ$ykiiD47AUUmoUc6N#{o2vU@jrx6HWTj1pQe z?N0knvdW*B$Q86-iLSp#vZ=E!5_Ze#g-Ry4etS5eeYpMUsj2;7aa|?ioGq|%M&#lp z54BH})vEos@ZCYtE&Xiam|`Z2fJ{udp@sAIEEEP^;G5|#igl-+xt7OMA2ON?A{Wa} z&wm&-H(KzxuGhWUxGQp_R3+$_jrF}O|L{ZRy5p@U=fj#H>+1beoov zlM55PA8W%%>S0n`%SM$VuY(-auLw-|Uaa@1EbNz2V{$1g?LE(^?9DV?29WQVGCa&< zc)Ik1(jCV@*0}mdD`y18E!~)|9|ZNQ2M`Z1nw1j%E#47DYrgi8iV;tWz&0ZYQH`Q; zc0WH5qgclYso#aZB<_Q`6+R++u0Z$!(gJPEVl zBQuL_)=F{84>nyJiP!J4St#vo_x0ngeP-msw(C!S0ZKSaIFJ2cW46t)7v7+Qp8OFc zXC@9f+!e(>!YeOQAh4{xWK-8xLZlXbSsLlI*&sBcWqqqn$r2g>?Y+IVHYQ~!nD|Rq z+wYVd#&r>ld}AQ2mUioifX(SX}#(kkX$_KW%ri$Of)=dKA?v<(X-|MvYxW+}iD8bW4?l&8g! zpN|DrE>(C0H!dZ$lNn`7Mfb{Ab^W+y-#;fJBp~UvHpu zld5bs+;9&@50W8zAO@Bm?WLaI2!xr%~zpa%i`Qu7e4cT{!u@|p?W`k;a(#`S5UjDmKfM7OnFK+DBv5A9`|#T>r5K<2h`bv zJeSTwCp8|{ni~0LKhCdGg5{l3!8$#;=k2mrPyM}G9AP6AV`K;IbCD_yvZ2I)XY?H5 zbnKGp(>_zDLNOh{{LX;mLohnbaXRl4i)DV+E3xVoa_wYpfA34D+7(NC{>dOAwU2AF z{T6iRl#2mdOv>;WxiZci*v8uejgh!%4$*Va=+JL<5$n5ZYVkpc!YLsrJe=28iVw*d zO@2Vef|muarSup{7bzv`ImMiJzlRHU_|uJ+8OV{uN@KFHW7Aml{kK6xjT4Wh6L&M0 zF$f>jX|8||ji9evxA^kK?2eNi^lLq=_{a~dC9iNnNg-i{)>rsdO`jTQ5ZhB6QF?Q+ zFVZzu$l4pO17c#OEN=I_IQvCoCG#Yz!Y^5`J^I8uja_U~tdSRB$uGv=7l>JW7$_Z2 zbhfRMlz2})UnFw;Isl#~SPkSyT6tGdw`Te?{O<%V{>AP1_wkE-_}RT#a&XX>J10{^ zf9wVQ)jPRhGIT|s@cbx2`?%zTfO$hw>cL{$?izLCp#EFw-g)0Zx@yFI0n~}hY9sNu zB%sVB=+TMZhFAw9NbOpfW^(gye{JdS6@IxowxnjZDl5BU)w3aU z(!s+0FnT!#({r!c4Uo_Tlr(2{wGFO3 z_6Xz|{SMo0Cf`;rE=BYa4YTW6_;W2#y}HbV%aRpFS!r%=Q?^S$vB-(%f3WqhNR+AF zSGd0xPeU#w@D38Q`d27rs>Xr$*Lpr7S?_+D#UL>>aLCWr_XnGt@>+aT%5p&Yip57f z0av$p)bWGO{g?8&pmagS$vrQCg-=0CL6p_b!_zWUc^=ie0mgWP@V%H)FoZ-Lh0-;94(Dmxci zP1IziWme_oAMEdVh;1zH;$xSTmo+h$ryuhL_Ng^|T(CmC`0iYz)mf0kGo)H%25NZy zgRRG3K{P(#<;pRAMq*E6=VNGXM)hGrhEEQ}O0zwIg(hARc4Fx`_tqbPreDoH9?O+w z+#ENgXdeCi(Sx_Apf{4%G%c`GfywC9>)B_?BFtklKAEfg+LHFgKpP+Lgp)KoOaIMv z{P#A_7&_yW5yP8@TQ}v`?+`{9NwJ9|YI^O3mg=T=N2+~ioz?@t9gyKaq*^3y-C$k=~wNE0%CqF_j*6E)Y<)%O?`RP;?Box%X^F^j7Y< z?2j>(1GPhXDE}@F%G=TKxp%9WwDVi7>}d@?du2;^sU)h{6a(d%ql(N+& zwPP3uncDO*0En619lJ3p@{1JN;rxYBaHn-Vr-z<>At8$QMKG zgj43=2txAPFto`X9XZb>i&>P#46lfh%Ohv09swi^TM#xm^TCW6{Kh9OtpuUxdEBn=LIzta{#wYL6%&sA7@d%2k87-_B+m75d)>CAKHP+broT|`C-lMB zKWWjNkS%9qHgWXIL$?~x5@bSP%0LVFX9nhgMVl^S+=J3SvX0Tfg#bltbtUTNIr9g~ zilZ}VZ`J3SD2dD9m)Rtnce4elMV?M?byEd9-mV_n!{I}|p<9MX`4M>VjzfP1g6o3L=JY7*jSe= zhY~cq08-~#%lh}1K9h9cK@2w51VSH^NQ{$(*~f@;4Qlg?-5K6kk%2&-wrC^6i<1w4 z8ctI>3hwa}Znr*Z5Mz+P#ohGywI89?k4X18{Eh|e>X+Fb1~u-xBal|z2lI(mMP>vk zFL%cBKqpPOzy>`a4heeoVDw!rY>MbNR(89iILW7r_vVQAQQAk5RP6brH@>79;? zUhJG?8DX4UG!};vl|VbBii+Ahq~74(+ge|@T{BbQi_nkRfdCjl^ED7eftB#U0X8%= zzTLdlc;ZG~Z|hLnHXsX5m=&GC?nC-7!d+#i3vHCPThePxG6yWpialM+n>k=qGR5hFj z-M3dz<*(jw#0W@|A&PVrBaU!zck`4+a#x2$Nz)6;hU^P&o-~fxRV?_856Fw4S+}vU zB?;(97Z^Nb7LQ-%$bqV}q=>)=UBkiGl{09X@rjsm2FZ7dXLo~dQq>+Va}zv_Kw4dPyl(M2=_BzlSgnGJznZ(!4>m!C z!IcR^LPA=j{5Pp=IpU3a+-&#M_)>N6rw=Ht|HQ`f3^IBam}7iXMFW=09FJ=vYQ4aY zu`hk3FSu6&y5h`JA%+O7dH_Ep`8cQ%MfH~z1fGl;v`L&0`F`Q%%<6dbJeFuQ2YV#Sh1hb-q_p%U z`s+pT0&do!78*AeYs!=$%h#2JY_y;QnNh3eSZkF*4&a|2@&-B=?v+?9wz}x!Rcl%@ zZk;uxmt#J6uGMG`07d#%qU5{IED!;ai@ZnN@r+n zCaP-xghdv=7DIYkuMM`%$D(o0EXQ2zTvQYb+A*7+1ND}#2}7*q;@0l7cv%8e5bBqj z1q_5(laEI?#?!Q)mJFxEpO@Sk{dlHbrd2Eh-rc6|#R?<1CzvpFXRd2~nL&BYyFLKc zE$#}Mx65oxii+}mj=e?9q>a!dBcHzFidr^Si_>$s^ghxQ;?@S)fw=sgN8leCJ@`9) z{IBYNw+ilU@f_)nX|>1qsoLRTEsxxQv% zJ(Pp%2BJhWeTRU6y{=SoD#XX8INGIF(QRn#F6s`>!D3^B%m0~|JY)#fVE?^>!>Gqh z#?HGGH;+Oi?oa{RazGyih>AO?A{GKsX;XM&)$b>sMYqj03`xCF(1O?o7+)VxTl<+L zX=a>DfyL<%CRVgdANa8c3d6xj)U`6s+o)?|XCFQdvTMqT8kZgC!*niva!8S zJ8elM2qy^K2lw8FuyYtPv=zK-3*f~lTpMpVb*im?e}dvfi=F{?Iq(FVt=lsLKoAf+ z#0w#eO;3+T-@&*#i3;a9-IKg7-R31#5c8(Nia@~8RUknvkX@jofU!KWhZ23yCUC(r za41I(CCB>m(gf>SkWTMr=V#-IMovB> z<7*&W@7*y{_lyFI=~O|Zu7;t|)umCNVX%+TKU-SF|L}rvQhB7W`foUI@w4u&d#9Q2 zQS2k+7iu%DGAX-5y4Q(Bt#0GZI(p;}HvY_@`+sJnPwhRsa*{hg;x{**UfEVl4=XDM z40i5G6NXKf&emmy;aq`@o+Q=gzA<^PeL9VSdIX#(^)bZr^Tv=&4oE}Z(E0TF=$W#k z#6dWag1(!9jGezEJ0y*O4N7$^lOb}ad&V0)xJ#%N&r$Ge(|Hmu8i_O`Ikyt0%y+KC z0a$eG&2!ZTb>#ceyn?33FLsMbDKrQKKv##jK@>O=r09UYE*>4mOR9+gQJ_Ix*$JBu z!=xqJBb&M1@aP^B2sL6^>TSddM$O>2O8pi^6AO`>tngFHR;xu3>S}C7M0+Ovmd$k+ z^cpt0l))}1r}CGNzMNc#oLm=&z&bvQ1*;4Enq~zFq#rj=R;!D$2!5JMoel{U980rZ z?4;^)6LMK?&;#{S*9LMwVxRa@)u;)%5NSc%webNj;5Wn$OtWJo2mDGV?fEe$)q4DMI~=dD=Ji1M?^}ORjyL5V@TfVxg3M|@ ztN4ZvtXBDHXHsFyX7X9r?d8DK^xyxs)%*A6?HPYrX!iK)IZw>oJ+{$0k?*73M?>HH zBVuMI`|5HV3I+)Zg_FgHS?W>0K^L@^zaM40k0gJ~nc|R$4{)%aM_L$tKl6i4b-Wv; zI<;N4Z5)dq-tPbQecowoS<|s65aMPZ>w;BX7Z9Hh?3&W^~o`!(bw+I9y$hY*jydhB+en%>1XF+ zC?nd@n+ZIFOllDKF-H6o>S~5KSB)gY_kexAOP<4zJ?tiD&;zJk(qxdIgs{3#^<#$_R-L-u&G{qp9gtMZ?BsdyG>^u zaU^EzG=%drg!DA9orQfCDmoC+*z#5RuB+m%#8ci;o7;CFOO*V+@8!^{NGOA=?Ru-G zL)3B__-dl~Y=PdrM28tmK)X?uSeTmVwB1<*?=)eeNo0Tl*lJTtX4hCh`7FA9sOjG` zWR~G)5w&9Zc!=v`(+5ktn8sJB^$ZV_&(Z7F_L5QErLzQr)lyNnUJjF{GLfrraBoJM5&mPnA?$V^Ub)SY6^Gj zls-2Qi)fV_0~B6k3q;GMzHx8vm!-5*c9!$ljDX1rtM>M^)MAUTO}m? zwUOr@)tDs7y(@#b%oLs19tuce!8bx*hMh!kOB|0IcKM!mV`9T3__8Tj#KZ?F<^4g$ z4)9^BetU`q!;(qG5mwvQuvM5!`WVSS4!85P_1wd2Uj5j!5BV?c){c#}X0?X9N>jk* z>3x+A&2+#>g>6r_)+!L9GbjfHPbF+Psl|cnf*YEwEKB`Khgf3q{xHZNV=A@J_ z?AhofmWjWXTz!u5an)Vf0j4R^Oo?b4kQ54AC+uYcgT1YhZD(r;;Bm&XLazzF8u86V z>f31YLk@8sy|b$k?GLYNa&N+)arW-bsq5C}GqQPc zvQIh4i^`>P(p2w3J{{YOG#P<#iIK~*utF8kLkV&jQ|3j^-S`f4n8W24M&xF9^PRyH z7%I$&!I4Rbb}rK{k?PaD$7#B9bb<{@o4jXmk0Xu)^_M-svgzVnA=J$vjK1IBSw;Nc z_V_2Z%Mh8VBUqHj1b-hO_(g$MM)J~%T3d@5@$xCfelBMynvm}vB&m8+M3o*C^Ui-; zyDm$=qxAehzlc1snCC?-kE(sHL-X zrHP7|SKihmvvWa!ycB5cE#6sjXiG*Tvtzl}HA@aP?^7oEF{DL}(6>|g2DQ1I?`E~q z{V;W1_l-oGIU08Px(iYHt-`qspGZ8`PJo*4>~x8ybPZYrn=~`mg+;d_Q$7* zL*X|(qn^&2V9&1Y7nyYjUdhM*{=didUzZFY`Crk~Ieqln^SiapuQ#R>=*<5aJ20%d zxoci<_?Os0ebWb};(z_8|I4x;ckrJF7|^iK%`X?{VEYHnftE}k=;UCUf0_u1x%<=T zyOOC$|G{wk$y)47`*(UmiphgrP0sQG59NNr_(DFEiow@fkjLT$C7_x6v4q&ykWR>$ zYeSD-yP)8!!L=?kI(8_yw$nUr%~NSHGo+)4ya={I_ZWpwwWr|jlq{c`{Nw-X%>Vs_ z$0hU4y;|vsiJJ5G1N^?+%lT`oKM(jd_2bhuXZk`V@0{V9qRge*bZA2l-yGOkB3OX4zJ#l;!c5QmmcSXQ}_Zt^d;z#|dhhTQ{FBKsjyu{xSZX zr4mum>i2%9o5hn|7%c)bnc=>yUEv6p=mL!oWtmARd>Z(=$c;P`H%80{;VwU~>d=p+ zS4F?n6zJ~~Z2Kg{4%2u(sUA#)d(7Sc=jn8_YNHmhs3sa(|8dmMrC?iGk->_Q-h@G3E#rC0G zj{KE}9N<-Y>{P-t-Y1yJmmki>ueU6jR)rpa zTJU(DBkqemWcGw^gx;go-}z$B*t7b<=KrnQ=6#ZiGXIno-9okBOpi;?LKLVqkZM6U zQJsq=c4)9D7+6SzR+ix2rNq~kFkEy#Mby4H%ibZ$-U0uMz$od@Yf7+<+ZNrNNW7WH zgbiR%3fiHp16^*fS?|AAwWzG%o`kOIGH#LOHFZDR3#e>VxTX+BWzmVt^ihLa+Sf?t zKqW~WZr=HV55JHrOmz`09>@BY)xL|$(X}0v2UV!Xm~^nKTQfsKnK=y#*BSp3(~7$P zmzdV#KVw?|e~W3cU5r`3-0oSS_!@hBb*eL|yu*x3S-Ahhd_b23DU+`*rN07}wK=Aa zEUuNFP6kS;^MMaqUG{jNLkaJLoXN`Oz#;K>V_i-#l9`}BoZfry9gZe9jQS=t_kzTl zZ^c`sHJE_MX;vLpofG&Rr!}0IbO;VZOz(vBs?0o#PQ|iYZk{7NNp}xVj)5o8>{nT9i%A!1Ox7qD@8e&ZLSMcL%C+mk0$*ATGLtJT=1YIz&;gYb0=B=r_rKzs{07 zEp&7=9^S$-k47}V7KN~FBaVSAv9$8#SF`H9ey)BtblI^6SVp5$bbfJElYpp0vVf}RilN^i z=0hphI@KXX%m;f3v@{j~-;``wz42^UATCX6wTe-+{N}D@nd^*ouw}`8%n+uUJ1q*? z)aoHYJ3Oy&8>yrx=91R_>esl^7~!r;z6arHE|z;SyrzlgEUY-s1Ai)HH}c~I@+cJn zTw<>QwJ|7*0QH-^1w1|uSMPL(|KVw5<+PrQ^sE-^aC`PC(6*|ff?42C_B*3ttflQs zIIsOsThvmT9@`hI)GFR3^s;=IU1~@Z>FZczIQS9H%*_TY$oQ47-_htks>Q3u$2=nu zfugZX=E{PJE*3Px0DRf(_poc8xv$J*pJ1`V6-nWzWs~6}3lpD}3j&m%$(gzSPGfdX z5bombU(!qlM)QkN5>32KtZ@o-IMd0fx+i8$PB}1#gAUG z5-mQk)TtcEqU5f-od#X9nrj34NUp63t>^vEN2qcS&&u;_%|N*uvBFwY8Z|7%>85<= zeV=d&D~AiVthAM?z%Qq+$Rw~%5p%AVreZ8>AJn}v%J;e7oh6FeS28AMq7uDCS-+k{ zUqtL)-pdC|Fr4Wf8e4$p9aQX~cU`|2OLww77V%J&(z7o5ZK>8EWA%GlHZhrG#PAz} zQJ`qGZ3P}J^?36jvWI#)Mlz+>k>KQ-C63Na>F(am7Y=;-Vls8fx;KLy;zG&7MK?)0 zajr|2=6j*^Q03Sm=~aLDz?4R`o(9LmTii7X5;9s5@-~Ch?JyIBQ8PK!XKGOh5ua!I4D7LNn;sJ;MOF#EdplAs;nIqet;yk) zMZ!PW8X5X;qKiwNImegi8{^*L+B;4;T#lKeyS~M{e!;gQO9eXsNqe`ave7W!ILRkO ztfTYAmYAv`;~2x4ustzWmI}w+Z>Sz5a>zHUCoU(}I|HvchOgjaEr5PU-VZn2Zf-X8 zZq!k7pEInNHh^swNT5=JD<|@;2auw%D*7PTfx%rJg|-(*N{3Q?diUIhIjrUfn?4hy{fv4IpX}E=!a38k{AvTP zuv8{QoFDQKq9XOW?Hd15eNbOBJL(B!XSB2zPRotZk}I305i_Y`Je~|44#uaB!jfBO zeH_O=MS?ce=&7hIF3|KgxdYoX-!)>lsYXu{X@N-hdyQ3U^kAmbzVEikg^|9P$<5y| z-Tq=-9f%4yyZ`&&ymS9pv6{cx#sBNdpTaJi-l#&Bg*IOdUYLpbV_R#SeXRq&xBI8b zQB&DZt2=+~fxCbpgtY#&FBJ35;&+v@P!Z|PzJ!%A|N70~ZL3wz#cj0D#Sm4+!@iMl z=WkCpZS!{`50fX1lW{w~B4=NTz5D&IE&aX1>6_$!-_l{*XM^PI36Qe$Pv6t#Ls)3n z5ns0@z1`5{Z}vm;BUKLPoL)cwdrkb8>d(vu_U$L0Z&QDqzZad|Hj|R$=#YJhIV-5H zy0Q6Y;y9Aje!t}k29k zYP*gzH)WcW_jL2Qr!1M89CIX%??##Y9XZ|ecq#-jow?I@J)fpDkIlf_J4kD{vlf+N zn^$M%m$&hSLc7*O%7nRE*^yhyXnBIC$ zV)QoKuWkPJJ6Oy6-=A-j%Z)iH;1l@5{r!fV`H2)y$>k&IA8gd)F`0Hf0sh!uqRRT7 zj{EA@|IG58#CLJ7qgKskNebu!f7$@NM3m)kpwvY`ZYr#lx?8j`7V24ki+Ai05!4eZ z4W_3Py-`c)v*{=&QMD6zRhzAdW2ZP3j`!Q5gAI-2|BU}ov7P1qo^bwroS4(6CJM>u zO-hHCsm>pzK_xwDYFA^@K;08}Dn_JOvgollX^|k_m8O#~M6rMd9mqUoIWCgpb&LvD$v32>pQh z!FKNHMFNKL)UDL2s>dxgJ0|2~1_nxiN8#e`t!ed@^B9_V3+gGv22 zbrWycv4r>!HarOth(k4;L1nCV`yHuDs;+(1()YA-lDr326@K!m6WkMmzW}zC8d?9$6j``o+r~?7%(^>Ha|+!LY&fppEL%5=d!|WB ziVvN%IA}_2Q`_&UJj0=ps$*$oI4a(xhMme%hRT!43!uZdCUay*Sx_A`Smb z#^`SybiV6x#+6osK&8a3Yh}XW@@v#lv~zB$7wvYr@=uv@|l2IdiVOfvqxt+7ISu~W!Q_F2ylB?AMqsH>^hvXgx(c`t#2cGlFv zS%9OFF0l1n6CaFl%UK9L^krtC?fP@3VXA@2gmuItlPq~MiBzUyjR@w%QW84_GF_0y_f_J33a z*CL$ug_w~CU8d3=wL&;vX5F6O=&MKNG!(;?j-l1Cafa-3-$I>8o$Y0{`CuRaHe;gMl8H7GHQmBpGMt|~i>vTPiL*G!o16vU zAUTqPVINrjT-JVto+A-$6Jr|`LU)obEq&tQY!eiTWA4U~MS(iL`12&Q_SWHvG@JG- z(oS3ej0@?31b?fzT5=R*^zv^7(3?y@!*QIHAp|DD3haw26$t4y<;X2G6~{p6+KMzl z4?|8NY$`%-AWJQMH-$v6>)D~~Y}TQ>*X!p%0rO*bZ=;*C&MFyw&f#Q%h1(%Pa?9jY;=tqm& z8Z}=QJNH8AOj2FhMXSt8xb=wdwEkQ}{K))h(UD$9EL5>O(fgT%34ZSld&hu2m;Huk zQMd;3d`$CuKVVUPsy3f`*yjwTBcixZ;C`mR;+kX>pC45fcwY=L7qe|Ig~%MxTD2lV zHtezdbDc+ zPpfFGS1c5V!xGZ{(KD~EE`fws9A17;C+0}H`<6y1D!a^CgPHtYH%H%No(2xOMM6x| zN3xMVmaAMIkBUCKnCdttp#ppjD?0!$!VoU?qtl`X>k&rv_x*j6(>lhf$`TloMQxl9 z5I}p%BwM$#G)wI`*gLx4jSeoX&wrg4r>*e9Spq+C@9^+79u~1oWI7=|$0B1cDhHCe z6r*?O#0V+b?_1_B6>;T&#(%2uRtoowYjUB5~1K9}zDK$Mg>Dy3bA4BbaMCbAe3wai3GHcz#BX^__f_3p!dn))~vr z)6D>Hb$=XOhfi4D0+wFz_ue*kr-pMcp>QZX!T$bv3fjrZGuEj@SXecmOABy=a)WDd zXD!lOCy~U38J!72mL_i6=53ua-Duq>XeY(kk|&M*tx0=BEYEweo(6(3&q(AM!LxtX z{hFOsWr0b25sY~w=q!hMMqA=Nk$uuT2hE_Sc1^COEsY%CdB>8JLdHDaUCQMeLe zMDH7><@bks&IUb8BdhC{8JV@g*Qt)no_{&i6X#H&0+Ex`Vkv-je8-p-nOJro5Wx!!7hK@pNUc=5WXD9>F_FcXQwu5s%=*tBQbbUG=9mmiQRcr7G8Q|EDhN{a6!; zRXmp^@K55ephA`B6h-a#HH#jj8imDgMZ{2-GgY+_eZz&(dVq4&^-;3TO3Ema1Ja3R zjfsI%A#J}}k;t|>Si%$ zX4X?GeJ7*3K^+{d*Mvv=WrYBdb4G6d5dWGPo(H@=^=d~gfq9bXWbr5lV6Y z%IKbU`yDe&i1a?7^V0aB{%(QKSn_x|1#CLw%@R`g;VJmtMyy4wI#5h^+=Q#>xE!M*_LU^&B;THBF~3YI7?q*DTu zmYOk)i}g&O#|wxF+-)^IXw59IQjXl{auA&$~y8+Nw^kE0)_3LHC+NE;~Q%IXD1@dgE1H zR_&hINaEW3Yp$~&sK%Kq&rB(vbe1~KRD|33#=o2X{QPfy&i`%Q73B%5oa-1X3bs$@ z179VQx?1tZTSyv9(HC#eeqeax6-Y)0R}%X^jQ;Tf!51l>mg`2(6Bb|lQXnOAL4mp9 zFYUE-{c6b))Y(T5WA08;89~SP-}115i~9bq0#bH(JIC%;BaoZw6)g2OCB)pzZ{+k-tqu z+@{21CiZ3;K(>NTC4@<<>q>9y>ttXy80>z1%{;m;s9V1@fM7$7qpDUS9{b%_7>f^* z+*Hlt>f`YX9B=YNvI{<<2=iTOyO^*ZRo-!oQD~c=xZ} zOM2I)^Ui<{(Km)_v^}u?&bz5jJF$GixMeqHxoYswR#kp#EW~fnymdEPe!vjpILR6D zt^hHSVi~rdE%c0oK%(lzUM%uyIhcq8d@KZ1RvV29sdW~?rAfhYmP}ghgs!d)S zz$ur;y&U2JErU$lEwz6hN7oXb8uY;=g*%eXI;6IsFOuJ$)w#*Enk2n``Z;7R&KefN zGADU2_%B>nE1bp=Bfy;{;0es8?3pkkpny+Mj}fzX=` zkdjbB=%7*pp-Kr=;8p>p_ZFIz5J)J}ODKX;Lug4r2t`ULp@V>c;K|<4`|f8y`#Jl( zX^e za_jG$e-Y1e>qrPB&QC-1#so+FHH{gWuNhs_jPD;eK^v+$-N^F;!7l|~-SZSkbVF$m z95WVcux88sVkTM0To|JZAEQjK2Yo(7Y-N&2Ma3VJgRx)eg|fGlMcHb*8Vw6g52Bhb zig~|rinbSl%4^+k3S3GxLVVAGVe%*pMns^7kY$>Ba{okPFbad?6ls~q( zn;M{-lwQSXmMPcr*2jxnh;LseLrauU1}-&5TUnWYEY5h+)es8Ov;=OyzIJIA)1D|_ zmR)5?bxX7{>#yZ~U>35=^J444u&EG%(OGSg$Wto|zhFRjJk} zI>woC{MsZ=1SXrQfst>RM>7kX#t^@ivyd#{+#>8&qjEu%xV30~vlHV$AL7MK_*_f= zY-Jlfq}*Y1y-wuD3B~46Lb)-J?~SLeNU+2E$I~Xsi}nkN$+3wF!h#b*X-?taCViia zS6HGa5mcQ2zOIes+gRD&?38J8LT=zS5%EH^B(th+Bh@eh_-F5vNCd;idSV!vE|K-W z(4Fu63%*$Q@7bA^auD@)@2GFCj9RfYm@5hO;zf(M&*EBJ4(%_PxQQZO)k$l$C>WhV zkgK>2X3eV&adi*(Fl7 z+eMizkVCKf-0aFsL-BB9PRn7NR1dwq9=Yp(cF3o)YY$s_JjM5T!Y;dcJj8JpcQjuj z&X|sXR4j$5fdiimN^G&R$a6u}ALkab(%$Jcxe%i@su{+Z?}Z<$P|D@+H$|x0}OjQD?SJoK0TFG)lg8XM>0=w>NadStN}FX)b}{ z`OT|bv)(hyGXTYmWA+AaU--w?b?wfYX-M3ak@{^nNq2JS`|65^gBI!SfIZjxrf*7h z;#1ZR@!06GtRQ&)o5N2dJh4)7;?>{c|Zv*y- zS?$q=mjR&`GkyVj)7h7gpJ&nx(kdNBYLG&tGkr?*^DO8{i~!=|U;p+R|8EBFCN68u zJQd~M;ESFV@w*#m6p$L{Bkz~sv%cKkeKlzJ&iJ1+j=Nf}vs$TExn-brhdO%t9??DU zbi95{@XUD!m3o?WqzF`Ea#sGoUheWmZ&RlFm3SAO!V&uF75CdJ_Iv3mQhly&a^GeN-CRDNR}RLg&MOJ;#a-rZe&VRa56TlzQ`y^BB#>k~S z)M9N5lHcBs-=Ul#Xx+)@;79YeZy)#!9AkQ4x7+RM?YX`>zuM-wh;3_6 z(Fb#LlJjd_m)7|+iqx-CY;_4Pp>#&q( znC_EPMTHs&u0+KBG`8%1+c}2>j_9#@bq$WmGXJJ~t)X!{FOQ#~%dW|5b&iYYkh?%c zVp)ao{y`F_>5twib1k;E{#4UD>OiT>!3>fi%{j=2TFt9c62`%1n>+ihMp^Mj%s-M> zKn$KX?(!cPYo^Bgp#@t|64FwqPW4YzG4-uN$adctWwN-?!og`O)$%dciDt8w@21fC zt=uPDA>T?;#QOHThA6=tX@8AcFakbI4?I^~-6yXN8HWIFK2jVrcR-~A615fWl%mi@ zJ84e|AZ`mwU=k)sn&(-m0LM#w;S#&_}zX;7>p#H9x9P*g!WWB z1tHwq-A#Cr>YQIU&b*s40p4GhpD*Qcm{u(#_f7}!4aC>D>|ON4!P5|r-*o0oaL{d?ao%C%@EgmX{~-L%Yc=<~HI<`?s-Agm1WZc*9eyQzb8`%sgF#uSvf|s3Ubj>$Z4Topn-T*c3}b zNmnzL)(bR$&{N%c$z3zc&mEH13L;_ZsReeWG+{!#tsVQ$%)7I}^3_89`HJ$UOmyL- z(pao<7nAz?P+>1b35v1uM0K4w$ldsKUn(Q>05-rm((A7aGIxAj4+UWFrL6b69R}35 z&k&N_bPA{C>S~_X8zJwXt=GRO7`735HcIcZyGsG~Cc1msJ(|V7ljP zCmQHxktJn}hZtJ>SWR|L59$dQ+hyejkds5J$qNNk78th5xofH`2ES$+1Hj%jS?(!Fju@sKxO_R5v_P0>e;r`>fyQ7B&j^QQkb=J624hbh%rb>{-0K521WlwRsN=O%X9^y*>qw z87;=pe7y_lm%eM7^}wdR$&^mKu1*eO7@-D$_pyVhI%A@%tPN=j5(t=y`)B#A@}|JJT7LDxwSn}u zKWn(gK3)2w9zb!L{Bc5HfUGOk#k-7c1;uhAaqiEZZC<<0LMrST-l5`!*TBh!Uxy(8 zBO~~-Wg#eWWWiZ5N8haYLwrY+BmMfIqIMqNOA>5oCqx+GD1g!%GI5Tv>m7I+@L=YJ zb$9a*!WdKACs~@TCFt!?FUMp~iE|;j{x{v1H4~UTNsa910_y&zIRSSeGjoAZI({71 zgpuM-NI{bH_V=VKC?N?;(8@__6Y#{MqK+dPPQy{(g2>Vw$6|o8hN;E2wgI*Q^8v^{ zO-#3?eCdEgb>>z1k_?1%L5rYBWVcA!W&JDL{r&-Fw z5Zf7%u}zrt^t{xklL+0J@O=EkwYvf3S9$C-{kjc0fCBj1wWOb)(2dirsCQzMG7)SS zIm5;_?OqXFuDRhZDzau_H7qe=Yg!+|_HcllI|o@KyHOI>H6_mbQ{QqBf|(x>1&WHn zPgoFPnCEva=;LC>l*_l0js?AZa7(anq+|UErLMbxg z=+#NYyzo-7OF^!cNCj*n+fOhuc?#G&=HZd6YhIN>n4caTNo`P=&1_-{Z~l*yBP*f; zUZGoaGJ9giHuEJ1#EnPwCay9X!VOExoz2-KG{5@)rW1E?sbP6>O+8W=60kuQE~u&% zO%s6bw0LB$Y)%Vyg%dQQ1)XZ&_7SPFus=s7t!Q@|SQF^F*SIk$%v)0??#h1PvMUxc z@L&?{c!Sl`Q^^D`?_RW%+mvhfTKBrR15ns9t^Bf~{}&F5#o3FF0C_fO?$$a(mktr` zrPLzInmS@@Y`IfmPTUlI3r8sB_)@F9wY`$#k@?H3!|;K$24=jEgN&~S@NO(?1=xy! z8=vUND{#JrbWsEvHT$mOpyk#Rzud>IW#<;=-qlv0iU#J^RQV?SKziHtTTR*!NF7cN z++et+S@F`xaft>uPvnTL8Pjv~wtV0A?zj!ki|-O=d!qoy!NPkHYmbEbn!K`E!qRaL zjee=K>I~+=->X1bkp4ZjvG`@{dWx(YdBgtzABjez7{~F-?CVGMr&VcFdKCvlx7OFv z?099zLnmo2s`_qCEN+HX@vajHbl!|Ns9Rah4L%_^4b~1?JW`imth6(<$oH_%VY6m= zO7Il5sAgEOuu-bFr2uYb4veZ)P{#EQQh}v{HBS2KZ1m7vsV_Ff(lPkdW))DGd1=qD zQbRqO%^hMh6kGT1;aXt0QhiMp35K%G9(3OLhT5^Ez)j!B#?gOP_MLcVDw$i6Y~q?# zwn0WNr}A^jxo6`fn)~(Hbr8>x{7{5bk3H{o6s{nu!j##NNtPsa>(-Er%E*lzpscB} z;ZwbF8Jc_p8j#PU+NEc;bPZWK?MO1p(XKvlGGSf>-3+)g6|Xpy{<_`rO8OUJDoCnHI^|n0-%=Tp3ePYVk@C z(m51Ck;BBbF%z64cb%~D&zWPdEDitlZ~yoIF>vMF?y~we_AE>NQ0x3P%X-uAFzKFT z*Mtd+)~21MJ$LHYfR=B!3&Tk-o0@3f_(|*i{sfO$qTN@$DH{Atz;4XR{ubMVb?ZpA z!oQ{SCZwK!AV3UN(^cM;XRA2}|2@ao`?nmQ#Y#`b@}vT}CQIn>{@;>(F;OBty)UN< zyOxcwr!93ph{^JAq#Ym2WUdm8E83qT!{yd#tuwq+fdoMW>IO%&wbV(4AxA#DF0Guu z12S9c4wz!Gi{sHeRXDK0WbNqAJ6^tSwGoWfEpX&!4(?P|%z=4L#9<83pZ~Gie-7wB zxX-QL|2+Fj;w~=w$UAjztLYci&_6;Ao7N6Z8+|U3{&~{>DrQZs1S&U> zDx&JZ#mIzIKXcT1dop7uy^czbf^xpvX?Q>1wmG5u$E>}C2=n%CEi zE{8+du!$7oCM9Fp;wxaNu=VCQw9fGfNg^NBZ2VCsSDPxU#3)u=)8JI=C#_+o(}(Ox zsBRV3B#4T&-fR`|7gGCb`WO2~y=R@ekGe>W*3bSJtcaR8{@XoZqd5BZBVV6myvPqi z>pk6Cn>U6|Vl6>+#5;UW$IpbnWNL94A)GW-gdamsrs~A6|G7CdR`D@0NL;DL;k!#` zDzq(gVB=3R-{RARZnF_Hv22AI=B7V(i`Ubh;gk|5_-nK|@&SJ+S;fVwVBR%&QXS11 zH$+--KFb4n=8q>nT8e?;KGxs1KyuR>u?&gse$d@4eNU@O`z*xDi?`g);!D;S{KvWM zI4mOyum1|#mrdvhI`o~P^cj7*isL(|ct}iY2sf--(}8IA11b!1_5D}dCQ1tSld572 zi-@95`6}DL=|oKE@tv2_n+%%Yb~V@50pM*x8tZ_UJ~J4D(sk+b#=(Qya+jBs-r6#8 z>M6;=o}v6ZHs+-z`mv936U>ikETxH%6$gBp?1g=i%(~Np!DI^*s`MoP5O`lcb%e$` zb{}@vFj=Pr;sf8n58WP%tgqtyhEX1?Y_5r(M{%lV zcQ9ORz@TvxA`Kc^Z?jmPb?>1b7%C=%U@RcmTVu<`hA1l7cWhmgv$aZ0PupM!?~xEE@_)zM$ctE-4tb$ENuFpZq=p*oiy(Ykxvo;% zzSV9hdsa(Us$?a)G!Jxu#IyYzz*7|?7|h$+RPoWBOa~*^k!UT(^xUTgMoyP(y(@)p zgq*1tDiFce_&b2W$Bz_6aVC4LcZigb22f2-alwzt=`Sg(buk{UmbJ@3Wa=~HoXOQs z2nJL~%nP((HvjXcyw@`~XD^3WxHJ#e=ghm3qpU}Tn+mUxFiuvwWY5Z?-5}rfItf6A zkzli{OOmr)(Xh9&oI3*RT;q2|_sX9&2?L*Q7R^99W^nz05zwZEJ=Mx0aG2+k(t9FS zGpcy^0}|Iop1A$JaNNiR(5HYhHos>(3DyTpc?+fATdWt7zY)fU?_WDWNMBBGyZo!f z=W@`lRd7Kp%|lE(k8s1_q2teMPyY+)^yNY#c*ERr==mA=l*b2sam7P@R=5l(LCvXn z?<0#<7NhPdwRf8ogAu2e*oi72>$jF!D`J#5#KJB4S*g08MpA>5aYj>+Y1!lkA+Wc6K#Z>oa6U0*f(%JH>X#1qLTP|s?gd$999H*7{*Gyi=JCB3iXEwSg zE=43OZoUro2RPS6^qSspz4LbTeo}HnUzS8>ZkYPIbO7KI~k)>i4W4W1n*| za-?B|CN<_6cYw(1H;E(~b+MI`T?`hzKM;Crbz1BDf1pR5e9Sk=<#o$BEA>fuw8Zke z@HOLRaDb3CbJ{ytey6eWyOg>T;D(%>@SsAdUbFt!2~j`NPJuJI9OSqbTlWZm8nc$# zJf>f;m?np(&_@`65l>gcg?(CtAGV6) zAYB-D+icNbsS;!MS@ZMvNTfy<%%Wc(8tswfCS#wFW-O2kVK$a94Kz7)6LQb!0t6iz zq&l~T{A?>m1HLwby0x>`BNJzh_&qqY>PywU#$*MiX@j$7b2fTRfj!>2CMHV9lp&4Oy+iuq=gM~ftUBCVBPUS?+9oWdeXj3Q|+ zln#rp4Tg)ATGp=*n02%o&C$zHCM-W&g57IX?vKL;HtBp zIgL2ym^?*gxjcnx4|GILf_|wPg4F6vh$jA1@p>hzsny~V7O~R31r!${$zj*H_u3SV zQ@3#2{l0Xd64cdrVa$KG*M1sdq%RY;n5Mm)AmZxX{{{=UY!!XNX*GJWGGcaB9ZXd5 zR(pn~h_W7;8nQ1PVuXXm6V|V^)z^qCbs$MAS1jFbxuR2|vi!SxH2Rdg`|~^L-IoRk z(LYurt1o%uO=Csx&X-xc65UUhw#)Tu*$th1zW#I(|5~U0WqivD1Nb28G$D|q;)8bj z6A>-UpL{|6HigZ@WE?pj+BntM+*fSTsc`T;ciK|Q`MSu-()jsOfka}Y*xh1l0|+7>4lTm8SrhZMpFPW zM{v_7JO$=j)3_0|i?T#pvLfdUbn{_sOjqB|AsYkBO3ImUrJ8zO3X#us_TXE=Jq$#W zBm{~lATiPJcHWUU$B_0G8opQu<2*3hr#8*umC**KV4$MOi4q-dpC*oWa|D|87TKv( zcPVyCH@;7ehFeXFeI5c6xZLzTREG}bK!uip=7fvb*Wj{dflJ@87-mt>TEzn!Y{u?W zs!3_tivmDIF!MoCp}e!Evp0wr{>P-Gnz7B%b82q}mE|@z+lhVd4@lA>9a0k4z5hIW z>Ztwgjw7~H_HrxYZ1z#%z!!Av{rMQn7QvBbK*sX9)w40DQ?cL>lXBOY&ANBy<5`v2 zTaM26f)-&!l-hS|<2I&%m-LQ~cW39B@~1s9u{6{O)@Vx%PibcOjBq0q`1h}t19~$i z^B^vs;)xj~@gngoU-%tr^n*f9I0$i2fc~^uY+fi6ASaP02RR=;d!zqKgC88~a#b_X z`?KtZjZ3J2e0>ghC!AvgnA7Sg5YQT}ES+fvnkgE0k8bREsk@89K5p5?q1h>FrhufO|ePYIG=EgDA-2wIpnLe=--p(}hr9?$k8k2V+ zheOOu;*;#l|5?WSHxE1i$0d|SIlf0&rN2js3)`#Y>pi>h|Hmctj}N`XL%6P7bw`wl zf=@gAmyxg_8m-?2F)LTU2(UNQZWKnb_t@X7zDXWb+uVSPQDm_k(fb;5rQ~j?EuU0_ zv6k3?mdgIDq(zO_S*9qYF1o1 zow1w2M4E0wN2hhY6BnE{;dvLb4t{UaKA#7-RBmoCiRcxLt#+*Y>(!F+;PdcN-s_*ad%P7&N@GKnh{SRUtqXVXhBT5eky1Ofjv}g{dX`-Qu zjfwHD{Y%SzKL>;_Hzo&%RprGKyE9SiQxX?w^Ai3xkHq?9?b~p(CWwo(JNAy&naR)b zyriNhOxvZ#DvZvaz*e9*_EPJ#@x~Ezn(U>N!An`< zux2Uaqa@c785+U&s-()sNmaqlaW_rP*uq(#?Dwd6UnV5l-?zVfVX2fREJ&N&19Q)I z8~(aaYm-<1g7|TA@Z(pmZ>)|}Mgzoby(?Hd?*QGTz66<k7{lKX%s)srBU}GuhMg*u{LB53ntO-7nOG z`x=jFGIih9nFB1vyzC&;9Z=5Suso@QUFUSq9lKK9ujpE#_taCx}JRny$hCfk+DqrPM z@SlVU7|~Fu?yNxf=r~wPqPByFE7{P`z(VDs;9FpE41cb&z=xoZWL6TxKz;d|+IVq8 z0a*^onCxa*>zl0>UNl^y$2GdjJT~P@6&_xPZGd$^%miQu4FJ!+_i*{2_iFZs6y6hU zi^E?Jd)h)28gEF(j<*kPKHO~t@8g(Th-ZF0c zccqtA(DlKIce8%ejXlLT;As|p+o-Q6{fP}~&(TjBGkt;&F20_T$Iv?@Fu7CWyu^Fudv-hf~Gb8sjbLVO{b)=sa&3&Oh>EqO7OT+ip1!g7Fc$>z0b7R!A1^5ronZBu9CHMMm zydf}3Hb~ALA`=F7l#c_Qg4I_h+O2Km=)s#0aYhv2j6!MD=Eu#-NKAT~K-tihFU~Rs z7$z&ZHFG4Hy^pnCgQSz3H5A4xuf#9E5R!Z>`XQisHAZY{r6DBmh`4U5raCE_UY>0` z`kPL3YX;gFBMvS3k0FwpYQLz%XQG?UISu=mcP_R;m$v%Sv82-a@MsU>W>DgZF98hD)~9tlhS@r<2132fiDfXQU@03vDc>xgrvqRn2slhr zM(P%hl-UuPH%R$0l{$6i4yE~02{sq=IWoXvps(W0cX(sBpz(gQNl5&Xb;2)wF8$By zw_AH$=2(N33w}bT+I_4xO;v^0M>bD(jhk9<)psN3zTb_sS*Y8NR?FVTG=;1*O;rR! zlDGJ0x{zg98u7urG5Va1pDZa;dInL$DAGe@H)peMlA)eySBtV5frYFq0r{iCA~haX zh5>BmqXr=Rd=7u`D|-Ykn_=FX8R(hVVEolv)3#e?-p=dZp{Ze)YCpQ9*jx6izKNT4 zr;646G{pv*6%}YQU|1r38-h#0E-Z?QUY`_~R0?DjST#2yw>tMdrnCynl!L05^NBpw zm5`hUh!69t7;2{jzjcq4gH*})bfzV~_7U$Isdx!HQKp5jv)wA%l(i=Gy!*meyxI&U z{xtUJH(hn7b$hxj4Ed|e-pXwC4B9jbv#1vV$W~;HW+r29I?s^>G8>G>YRlJv<$`G= z)ya>8;~G~B`2%QP}+i*INrE~!SctVb8>p-Qo9 z_a@o83u-AY^W;%vOrAlt=Ii=8dbmx7c!eBvZ0r>d1eDUq3ohxnI!UyTg4fFm)}n(w z=jd?ynH`-*|F7N0FPhfOA?P$4ruRM0IA*MsF=~=4xov$;tZg(BT73@_UorYy^ zp#tMXK7m_T_pg%mS(k!8Rw4|0H#RXae5hf{dV{?=M5hZnQ0u-d4l4zhLik~NL~~ZD zsG7mK&gJtzk$`mqa_=|Y2?)G!!BgF{b@~h?wXO}a+pt>oX18Egfol(#0)8OG|A>Bs zno2`T3K=<=xAJ5`>HXGfUD7aU2>7sm8^Hv~q~(Em0sh|If_krXBS+kYPucLdxSL{7 z;NNs1^V?ZXTxKUhry#p;Y3EwVvfmUfmZz&yKfx#4EP6Th#}8QXrqaTb`_Vw0iiewt zo$plo1;TWSlK6G|(z>gUQ)Zxjpqg|h4FBlIqCZiWBP!@Ul|(+|NZ5*Gt7khnG7ijz zyowvx4OvLb72JGEP~Z4ApsC(F8-I_>Fy`R)V`9V)ae4a!( zR@U8yy%DK!oS$65SK#q#MnP$(V3eSsBV!22q-Ty1`*CaO*P>6W2*ngSeJn8*S%9{) zox=AQ;-A_vG3$Z2TPi+J6-Gh3vap{z;}BiQ=YmRDuR4ooeH^y64ZvWsuG`qRZmC?x zvM5;*e=U2(WY^^0tYMI1hm z_=L|*nrb@vZtBuDj@z%OA&zCzrP(SGJU*x6(lg2qN$RrOONy{;Gt#bZ63E@2w+8dm zQxUfO3WDpO?wfeIb;hmxiPB}a$^A3v8ynLANo3)FzW9uY%{xgk*AM@g`_3y_v6`P%E|muImkY|Ip3ge?I-cA3Z;G+4sb3bCKdfjn+#ZtZTP*HmS@lw+v4H z(3{Gk93*KVY|-8&HXN1Q#ZqjidJ9RPwEJr6k;9S)d#8xxeKsD9In#`6{|15as;2## z{};dMd^>AXyMUj%h6#Y$jcZ9VCQx!jc^qi{U zcJ#Ex(aI*<%Jdh=R*l^!jhqB63=9_*;BRYy$2Kc}iD5 z=805v2$K^YpjX=LAN_@RFnwBNEq#B~1d)$V)KmyQg)kclX7wr90g|G5)uu|YBK#udc+4E<{O6OaTB-BPUBSMRY zR^ONWsdO)Od;?&AL-O^FBZC#j!^OrE4Ni`;WcA`ZAOHH$E+h~7*{+WZTYL(7w!1a{T~C_sP`1jjvYQv#2Xw5ua~*12*rA+{r0g%$x-f;1V=tAdVzTg>4hp*YQfbgdVbm2_Czs!n~P-!$LeR;WzTVP(SqER-;*3b(tl$lxG!Z`8B(=urz= zj>V|x(9BduDOhRSQ8PEUnM!b`=TD9-&aB?;6b5m`&rWYBY+c>QP6e-w()}yfoO|v3 z^FY9`_{YgJ(pYHEPoq>*Ao0GK%jUFkrDd~)RdU&esM_cHOp{97myZe?QJpy;xCm1@ zzfeq-kLa}G#sKwcwN4NZE#X-bmcf0c-lYYcpc``&Z-{jNoy-fc)<3uE985MJ> zRIhn`7eG~R70qKuZ34PQ69=vp0#X*#L}m1JC(Qu zjLP@U`#}CrH?&#tSvBtOk%WKWQovJj4pfT?z#eqmxxx&R@8m z*WyBQr&)daRkfsPO$q}Is%lAHwbgPjpSi)G4>>qZ3p;3Iot|YU(dt2A=fz&v^B7F| zN@Uh17m~n32~(;>23d}>0$m{ zsW|~LKDJv0j0SDr@wZmhFTlJxp=*Qj9=6f$i~@NCjTWI^&v2nh z%f1!6#T({W>CNJ>PifC|`Sag~faCVBk7o^RS7b@J-Ltoh+9Y9M>lmZSE4Sb z8N1uI5d#af@wn5?Bys$s%zR8|Jm^d&-czZ!ttn909+m4Z^%Ru`n-kkXm|X%KF(JIW z)_-K8RV}*z>KlVL$#Osl0}_7X$>yhAoZtL=ZrQ``*E)i`9oXv|-CffPNE}RI3ErG8 z3PT)?nY{O(>4${etg4w=nf}g-Kh$+Fbg^HJ7Kfg|zNBe4duz76Qq3{NrG*=%)e?$Y zRo7iu!(xrig((Pe?y{6^Ljh*(ho67b@p+vzigGfMY*b6sUQuVOW%a@Xr`_k=m2{jN zy2Wco%K;8zyBeBhsh+T+g{ZU;p#nCDwtX6$CG+8@>$IQN-t*16-LKPy$JWHpKOUYR z{PKD~wzPbNeCnq9qwi(Z(nlW}tV;Z9z7j4n7wBQ&9QR3w)3voqfaHhN!^l@jj1lcg zr521cfM_*w9P{wIx(pT2!<5a<5ChhY4GP>sP5tYUW?_sB-n^ZCmTp6FH8 z9{$mAP$BSYh_}@bTIn|3lu@tSAK4dm9Lv8`Su9NiUq@-jhmCSx7 z@-o5R7S|i&UC0G^V?8i{0Fj+6C`H(o1;{OxWJYFm3t?h3O1J_l|Dx0L^Oe*|E&NTl zbVE7l!j3Lde{9p6mV`grbX(Q>qph-f_M{zOy&jg>(fIlAMeH06p;Q3jzZ9{D{<(NGQVA7O_4#QS3?my5a5RRoAu)wUf!pKy5ok zqI#lG>6>ECn8Em#yn|u+2-A|4%r@8#58U{SYX-kfQD!vF<#CiJ!SUeS%9gx29bd6Z z!?BvzXSx;CoXTbFn{Qq%BMVA{-nrJErpx#}?=#}MISBP(O>rhvAVn2-Doay@{IRz8 zwd=x*)y#d4lB*`^2_E0m!J1{oXth6BZ1f zEE~NDH0>YWyCaalgtIm4bbt|YSVpTWWZ7D#Bw&>jb-CWlDoUhm_^mhYiOw@T{m&*S z{gekI@hiYHKgWa`z`taHiFieW=lMJ3Ca8Io2uR8#8d+oU4xLOOKuNa+UIGVJaO@R$dMy)j`C7^LmSWIVA(pr)+_mI-& zTJOYwGss|0zgsatENQzDyzxiDj9Y&5*`_LtlEXU%U))4Bj^wI@#P+6aEP*OUe|6W# zp7K@q&lrDCe^l;OGA51ZPu3LwX-V^Jg}ocYcwH))bzy_cMahJ_X+=+iKAmuT2C0?+ zRkmE%>Th8nuka)<1tS=LqJ~62{zJLxC$}V<*zbFkm_KiMP@0_M3dUj!PT59TeNyEr zj(3P%KeJyHxLKEL0=uQURtt)-{GKxI8x?(1LV%zPP!BnLRoDymkwp)fXWWY!$ZKcT z#wbyvADLk;q_q(9f=ReTA4jl874n=}gJoD5-mr?tnyJf}GMSudKn5rnggqe||MTwn z-?m1|PV?c>bnhKgh7j=Zbxh~;jk2NE(2e^}ZK|hSeJ97N&I?MwY1Cjq)V0~WCvl8l&$ZfdpQGrg}HZ?e$xSd_P55XO6F}s-P#J5td>(vhN|!F zg&y~2)*t2XZG|xZ%nLA*TgL4_^J9{TZ~I)C)$LufH@Eld=X+H#*pgS0H|=hzTd{QM z6=ZOltvtAoc(N76>!x4*?{MG$ytscGpWl5DHXKv)n284RqM7gVvTNRo=(>GEltBAML$UWyPBNwbiv%yi816@72X*1R( z3zUMebSqoR68cQ%^adb68%Jl);)-WM>CN1xb3)qXLLiiAnI%CX$3s{Hn<>_fZ(hTO z0sGy+CIe8XtSpEnM$(!F%Q2g((_7Hf!Dwgo{YWe;##`8y#m%G!qf?mSk-Hbl#Z?l< zoOHh!nfSnSn^DvByn?+Ytt`{p%~tmxX)hvFZVPUCTyJRbc1G-5)s81bF1EXHr8#zC zt{|kS8vRb0)TdvTJ=AX;7Wz;Tbt)~Sq{ziq7tRg+Xp>t2Up@*zZ=dgFh}ILI;yd1& zKgDlavVp)I0gs3K()EK~5IbFm6#6BFI(KEw#-*t;WAUsvQ8Cm*D=rf!eeNm~Go85> z0dw{*5!rIxW**lszvcQ(m({m;`2JaYN)5T(f<^_AoGPH)vIa~Qcoxq9#&1del%LM^-H%4(wGMsApE>hlgQx&9sD2e86N-!QVehKl1=nd$rc=f1=OHN#$YNg88hXMvT z4g#irad^(QH-ye8w(G2gsy3R=U_;O2jvTAGnu3TPu4k|enf0CTxVY0(?AZ?f7`)uT za5C=kJs?!<;EA7PVC+U7UglD8uF8L2<@Leb^T3T?HzX+)emWeE@Q7+J0Y~=5-TSLME@*<*KPn}s~P zJeO_*#>HaE-K#;8097^#m4#Ts4Xr(6^a$)P-7BmDwikm>r-+Syt%}qir}DbEu48dv zAGzPGSk4v=%Qc&%bT=-3$zpvJEPznh7lh>v+++QjDvKJzA8n15Z@2VRD_7!y<6G`e zz8?hhu8NKHl*;Ixy<~6rT5@#Mu6j&rW6L;rvQ)fw*uc9Tq?Yg_&1r#{SseNx#&X{H z^{?67Q|H;M13|odVE73+;iqcevp`*dCsmK2o}nqeBcc}KF%(kg5x%6Fa8%lSy3zak z&QOs#6fFrHu}~^*21~!h3!{7m-*fh`O`3@^S#!u?RC@cdK7_gq^5~Gpqe-xvHpScm zuI9g|#CL1r%Aqx>t{b@1bgR&r^D9L#z+(!(biYR5==Ie2Qn6AkIf_;g)F3ywyz|+z z?u`|C+81Pb$C5o{s{0gSVZ!rNZDw>ODB zsu^MDDKiQb&CTa+3$Op~c;8U<{;y9;-)&bapHzugf3F>rzI$UE<+HLVbycT)J~ zUF!CjhRjeky{2hh@*9M!4>N!LFt9nsO}g{HDVPrsi4XhxAJREgODN z88pUq8-a*JL+-(Sw@+yKadp`-4&w(dF%OIfAT-$MZD$;9=h;yt&pgo)j0eLM%V<~57s z3JCk2!28ypD1err1j9ly8?TVV`}Uun5|JHWPu{EDIk-5YP^yAAT4w*p0{=O<@KyfR zkCYc4jchk4UBi#g?w_g>gN@=X>VM$g-h~9JmrU)SV5XGLJOB01v;J4{&8rlt;oOzV zU_t6Bg;`h`m2cwQNQvD5o7x&X!c~+79H+UqI^EW5fvlJqJ72Y= zXI;@j*F1}Ql@^?ks4&Q3O?d(vC(t)l8o6`ikFc>`DESr`)xaP1TG4)|y)h9v6O9K5 zUHo!V8-XmZcB@ zv{sK@(yG@mwO_Es{zd0zM1xdJz=v- z#?!4xw`1FIB=WE4F*0(cm1W_nPDgS(y{sFo$CdL!W8p_81(RbeW#OG;1(SoBrxAn6 zuPP`7&)R}y{cLe1F&~N(EZW5_4Kp68h!*8=lhZXWjzJrCG1)zqJ!8jZ#-?`{oS`Ze z6KT5*_b!3Iw9SS%rmM6P>T?wN=E_w&lW-zl+8mt*Ty48c3ZJtwYIzaTr_;|q?Zin< zR~3=_e`41vl6&Up7?mWwn>C+(S?wqm zTd&HgcO^$8Fn4{IQf3GfU^n?F%smb<6No+4WRSy|QoUm*2N|s3=q?XXffgi>u1XKY z#J#-W^vPKD?tNns@yaKKmU7dAIgc9LCLv1U5AzKt8c;?~wH8kRupelkMD7RxQH26$ zGys`zfy}|$!UAb#w5Afec$A1AlU1gv*BH{I4k2t199<#yB+dESO~g&>AouY;xs$8N z$yb?*ML9~>Tdlpp7PoQ~I-=LTFf(T|pYfFWJokNFzZT;rkK5o&qSJ?t$$=j; zw4nu~EotdBKK+b@fLLL{5JU96+jduD>8NPfbDZFsSHJL_Xn3#oXxROJ+>&Tz|_ zdu%K*PLdzdrR$>nwr|?E`7sV}I_C;ZvZa`yi(%bauh;KkI#hJ&Yv5t|x2hlJlrCK9Y>%0*>W zfTOxE{(ag*yj?pjMNUeuO}CrH@Sg-r(4Tb%!=>ErAh9wqm+N8ESck6z_IJ#$U{UoVFEI3FxqwvK6p9)-bP&$xzuwOt<%dhyB>?#VRB71M{30T9`~W98dyfJqV^< zgr4>gcpKcrPeGgzA`ZeyZc$hF z-V#*{nr%Q?rdBK_3S^Rki^6?Y-qQmCkE}~$lS#dZ2O~>Ob`!}X$rS)mw!ZSjwhg2$S#>Z#(8yXsLIVlD%q-&3ULr%HaG zDrqBHAf!jhi(LJD3!DdqMYok>2Nn(8h$c}5o5roXv?mr46mDv1-(ZiW{TJ`&u?y)o z994Cu9X*EWQ&)GgZ?*edM#n}O+Qn$dvLUkCW&Aqa)6Rio z`nPv=Q*y@5)zlLbL6Kf&v{9dm zUqk2l9I`-Of|WP*iWe)tZg?9dAHT6ma(dt%^s(P;)b8og+~l0XBH~)&;}_sF!C>*J z*ya*LmHvlZ*}os*v7ACjmNPy%>mq6o$Qsam^UV1&Jba^egBYoPHawa0MMV!Ga{&(2 zfmlqW1y9QtS7hkO>}{-)Ml-v}&E*@PXlo|m{GOf?JVBcrq1QV&>q>nsxmK0RYG?p| zT#?Yrpbn5p%uWq*F-#372XLR)DF;Gch3(z@IK1=6F(`bMgY?>MVpPqc+H(?4y9Qy` zO7^7&FI>a&XkLha@CQwSrw)?%Kv~bgHQm51<|b3ek|1ibW~i|381+qU#e$&)^L5^@ zz{A7eDyDr?oBuFc9Wi}_gyBa6tuFkfo8 z>yQnn=#+=m7F-BTayP?V^dW>R10-Z8EI~J^fpWwn!DZ+~rq!!56PG*nXLk%UQ?AX4 zFn{r=-0wM*(fel9bC^&A+urz{taPrWCQmU)3xkf2}j=C1j3@Q9E_uG=_rOMhAF+l5Ip9)oJCx`7_1jQRjU58W3jQX zvmG><*gSl+6ns1=eACo<(b+3W&Y_}yy+gMb4+tUyB2g|7gg63Rjs-i*MuI%*)r4L& zpzA<&ThzA*kH=}Y*81+3*vlpnHAg-4c=H-z#MvE>h@p)Ajf9-ylS)8&is5qZs+GkzA4U+?GdOlMTEZzJalK7NL$B1U$06oau@dee6Dy7KXiM01bH+Nc!oUl1$wfUddA4_Ot(Mv3!3ITT>eT?$5wV<#y>l@rNL$zeC;Y1`Ymj0 zbLhd?E=;AaJi}_mc|q=42pCFB{k)Zntv*vaNgdlhLDB+;b^EYQUQj}q zU_uU}7+YsNFbp%*Icydb)BUpN$?&fGuLKvQs?2SI3YDtG>l*qi3&??{;>ov7!3*gU z)v#506wcHPl$C`3Eis6B$H7tZt8jqVr%4ju;mKDo8$#ABfZ@ygTXGqUbVw^A;$9d)tGK z8i94g1@6-MRceErmZ3ZDAUAgySsx8EXhGT3XV>aEcFF+|f(TEfYB9oDP*DBawHQTY zFd75KG(qygPqM8k3`#`C>Et(!XgEab$e`8`2((ija5~wId&=-8Pi+EDG z31BEPf?s*m3QoE`s`A1+bUsbDen5y!Xi>!Fg;&`IF~4S8+(=XDx(cfy-46S>0i?tP z+O&x3H4QK5s=1ZM*_Y12UM`HR3ITkR<#{ewJJ2oAy|+gC7Fw!xh?y0_w~pMNW5UhX zXALC(U`<;H@+zJvfmXfyh~l0aSe4q_dtze+ka`~?kJ5biXZ3<~Y<7|5M`Y&qU`dEo ztYu$JsGWK4IrD!0Y8cbIR3VuMr|N3Q{kD~rBdj6bp2}AmkyMj0qiVVSi3!8ll6#Lw zg0AN(s=yxU5l0-a>s=6*uM^^Gx7j!5l<9XJ(T+TRS4#4=+l>`Q%_nJnB6k_0m5u)F z~x|Jj$8xS(G zg};}$_Y1P?H**>Mv7n~oL!}j{UBGtKyq*~MiK88rlYUvqA`NlxliG{^y!v)}yeg?J zbP(@97Tzdc3zGciLyEGtRs*@2S+O-=9FlfT8sagfbs7+PkqX4mQFlDufYv1CI|gBI zO)}DmWz27;>C{cLEW{IBCE(E_q{Z^(Hm{rMm{_~Hg2!HFaQ> zvjF}Ls!oYFp{ZDstE4VuiGY06wv7x|>dg`^-&EyCX|NjvaiP=kNcvP}>d=ESBjwHbyg!b!GKpX?6fQ^*Sk!pS z<}OgNF_j_}7&ylO#Ek^_5qb9luIw9+4nq(dCL$bQ2&~mv#BTyg>bF`Hf)EvUi1^+j~JB_L|)`;eEB`Rt3f9_DNuwG1ELgv>iHDPe)9e;v z1C4cjTJRth!+wEZglev(^zau2)ID6ns!F-(TF(dVeE|MEWH9 z;^erNR_mBnsUZ&a4c`b+7sws7JK74g@ocs%fviN|v{U>QG1%+Ae}YX|9%2U5p>@@A|RrhvQean@r@Jh z-j;Ras!M8Dn&hKbPt*k`Z;uOTjk8xpI9PuhX~u~JD@GOhj`B{M4Ga6zNqPl}y2803 z1|Uos+bu)Ki&Ltld9i~rP9(*+(=SKnv-`d>8KaxlEdg>+%u1eJsE)biAS)iA(JCUn zMTnrKPp`L34H{CY788|XIaLf087xc*Y%hWf$ykxlOXjcd3*)YLJT+j>bWiXWh$Z;T z*9(bW;uaWr7)*=BJWp`qLVm7U&42a=?jfqNbN@MSh*2Ds+6wBlwY2r# zG-oeaj<0-YDn|->BCB?Bbnh;H#~J%MzB+1mS~w4IDy{7J@?pzKE-DP8(S^;SU^qpL z81xZjeOYEwyo@KDH5;TxEp^MG=+jacn-{-U?<(T6E- z`taI*&%^Uwxbu40Gcx8o{7!kkn_50Ss|-1{^^Wkj%(e^WcM@CYmZp}9*az!U z4^*Da_^YnuTjPZa?ME~Yqar@%k5*%kIrf21G#Q+`g#M#(7Hgcwdo#z7HtE=`fY!wS z{LcUFwCtbarS>9=QSQ;q$y=Gz6tjO*Rk7ZiW%vol<+m)Q5;uRB;& zi?OzsZR8;q4AgU5=!P@a)-!q)zPt#oTyB|c7+aO%wnG44yL$Scn3nBC&8rXH?sqOr zo(s3f7dTqihiDcSP@b3=BjVjhRuodMXSvrl#;RRt7cqP zS$1pLDxrLLz=89u2<9^pn1ehQCwQ+1INM0?TX^SpYg;w%_JOZy)Zm0cqW?RNG+n~l zzUrq6w?7}`DLZM{lphe9I=EmZ)hk9Z|>7W!A*_LR-t%pQ;Xchu*qDbwY zjo_`Ca-u7pEnnGGF#{NO?SL>UtXJb2d*Y+JG4e6OMbke#M_uW%8ZL z$&l*0lMM0gMYw{7jQ8xo^GD6-43!MYI;8b_1-7y($P}|Dkr=elcI|HaP@Y=osr=p1 z?b|g}7masUjaPc=-qx=-nYQhgR9?iEt!ceB4Loesu5kIKmbc%n_N&o33w6U&&#W!Y zwTOgDjVbUJ7KNm6jj=w-AN(RQjiC^eIg zJlLZ_tLtkPp5{C(vsKwn3b0mK1vQ*5b{m6&C)uINPd?kYhwhDtiA+8mfUh~Q;D~nj zJ{sv7y6NoL=eQYXa~z5oUHA4;e4C=%pS@^>(8V!V89%+?pBcM}p19`;NxB=x+gJ4~ zBVAPZqU%P@{K*lIEkjEl+;pPUs_B@+dqrkKOL1CuTA6>hIjGiBbAW&1V1H|=O}%v^ zzV$}Xlu6JTS;4So9G!k z@{K5vOw^i2Ky%oJC`^=XQ@GCz=luIU-qR7}DK;o3)%3>h$TsXTPhJWIo>$I6->^y+8y9q&TdP_vk_ zw_VZ)K2wf;@MP&rLSMH-J3=C&tV8fASCW@fqVFB_U>IE9+E!F_epvT`d)H%?jrG#c z!9Jfymww{BU?PaR`N5OEqM-SOvw$O$oV;x7BWghD3(~|35K^p`gT41)Nv@$wEWpxZ zZm0IbP?CVR%T?7Ie$V02_DG%Map^~N_%GFpCdI0I@)zO|M-D~7) zGjk6)fq|QAa}IL`v`10iL5UTYztIjf{QQ0Ob~%%?b$3JbOS%Gm**|P=X*j=jRv!wJ zMc9v@hL%H!tc!L#dbVkejt#hJ&N$76j}H3|6QOdjjM^UGigK%UTZ+(cz+y4ujn_t1 zvT3UcciYQ5=hxIM#FE9f9llWFGuNj`Rmo1PtYNXVWQY{z>**+ILwvVF)c{i;`h0Qk z!a}_NqX{rEaQ6=V`p3@Ba6|b76@Lxq4TG{QS;D3Mqm;#|gO`dv0U!1>QoQSe^fulG zXC=a!-4k8AcU%(349o2jUfcO*R;_rIP-e8W>i50NF2rdX>e zij!cIrM{x{J0pJIMNb}G>|8eyzlKb@%1`ST6UtP?=?!VDbJbzZj*VC=$pf`q$7ZUwqs7pcP5@c2?40+M?9N6z}2H2mkQ7yA!D0Ob4eND z%CDNe2{I)FO#%6m(8~DiggJJW_-SUM{sTMGmb|wC_M+cR0gk!9FF8KSu8O$fy6$Ej zg*e}evBrl>(ZozP-YKE)QaK+qmuY`CTSj7a*&2W1F;u>FcBx|zks&3w`J7>n*TtS) z39p!7^AdP11+Ewle5hvuv69vrw8l(7IruZv4HV>axL^sq*lf`((7`=LlORZU(6rqb zA&OPy#xv!1C0bKs^>b;J_Job6XRkI%83uvj$+qJqWY0cJ&mpf0?A3H6POsX^w1cZY zCPU~K)Z7{AxB47;y~k#?tyzO#B|EY8caq|)7WDRN12;v^!6#5uu@S$T#(q}Qv0g8* z9UPJ#+6PbK{9wZy27`cQ!y~C3x8=UZ{jpbLUKR`2HxjCJyRdh*Z%;CJ{(5im zpb{!S4BsdC{9K>QW1lmmY7^Lbdn`DzbGTH#<@#%5Ol5lArdp(9{%LBI4XFsHwyYQ= zZo*Yw-0};(f=~6?ySQVwUe+vbPlng2ncY~uSHW(tPPB<-0m=xPVc9uWlL@)sQD82$ zv}P4>*#U3<2Lh08V6ZYO4jJi}1pCN)eq|NmihTP~=HghB6UV;92z%Ls`d!AOZPMa% zU3cBO5)BWI`}~s2gr`o9KK!kS@U`wFed&oLGnz&)W(cBal~yph-Q)l&yP|KOmF#!w z@&>wYmE}zhx#^Ph?fJt78FlgXvU;3dw(!s8Fw%_KYF#%PL+cO9$V10pFqmatfYlnE ze=7*c3A@4b#3w^MO#hzk_dR9WW|HGm2i4KmjA!Sg zwS(PFEbTcQs@|}Pok<+o*hyFhF!?9uU>8yO2O)(DS_+y6>SYaOcp`eEw)_6=5Z_@90rk}7 zxaP~four9B7x8V-dt{NXyui+shmDoZM!D5yK}w-Ziq^@VS!#J|mppZ*K;CQZ6WA?d z8J4^5D~4OY{5G33W+IFT9vlILyl7&HoH}R(&(lB%X;{l+uQ{pJf-)Wfi?Z1!ch z%sy}e6-u)r(f&7$9p!-;T^k=vEl|uZ2DcJ=#Xb8a6M7|U3~r?}1ZL^hjF}}vW5)c~ zuI6g|ovUY-|J7viuVerH*wWYv?e<9-O7=I>yUMTCdlBewSpqFS@@?*n8U2)RG`MYc zqLb9}$6)Dna4J=hPAJF~E{)lyuZqCs7JD^XbVj;Z?`bT*j4+}wutKW9*QGN}*@LDe z5UZSKPGOnFkY#QH(k0#5>08CjpumPc>jCt1*^kAj7jlHpNmX`{hvsFv+<5N5ss*7; zs?w+HL7YC6#qvr-u`pR#Knf%+M^6Wi&$!DC|#L$Mtj}mNDYU^0iJ=c~$|TF3nFgT6ExEMc2lr zo{=)j>(D3zx^E{BA#&2K_;#o2{SjWp5$rlahk5r4wr&4Cupg#N*fB{60OV#09(zTC zp5q%{3v^JlN;1fOa0&2T|LADj;K$qMlp~ zL%<^kGw#?IJ;zVAtfJ;wp^-%MA$A>xDMU5QL{wW`eUe5K-zebOw&?$gG z5Wtk(9HeM2&-%A5rh`GgDAql0WdJ}bS|N$_nPRXwgTIR?c7B|blauhbEyV!F7xwb= ze<9{Lc9V&Eo%uo0YaQ+}-pvm13F=1oi$ zEpmpe93slCd56OBIT+jo^Q$aJicRK&(F^bSz;go(^ZYz z@?HEyg{{1u%V*lm0KC)-ZY(=&4mCHKKTRuhXc5HWWlnn4W>*oxUfN|QYVrXnLr-wr zM|}^@YgmVX`4b0c`gP~EJ*%sw9<_i=bt{m5^@##ytOClFrLP{)NWK?#Q&F?sdVx|4 z9n2Idv`KGBH{%nyarUQ`)Lz38?Xv7ZxI!z|B32APR#M7IUyE2q*l*$&%iy;HRD{CNNhbRGmt+VeALfTQ6m#j zm{q%&UCC~zR**3nDI_;(>hhq;Go_R&A6}pJWTbo#zH>j1`{U!A0^L`o&W<%m9Mlg% zZQx~Ml;9O2b~MR(vRDpoGd(7;_w9K&h$nN%ye@q0S8@ ze);8Y9!g4<`q)=f`PW(E8D7j@UA}!5hJ=S!yZKLH`p+9(h7qJy9Y*c-uEJTRS3}$X za$i#~KI-AnlWl--7TzZ;Te{(l;MT2`_8^YYE@mL|qu{izy@{xfW{`%;?N|AtHlF)N zw`u`gzaQDP5fS@)s|~vVY9CmBvVLMmsbUxu#Bewq(D64n(F9Rq6}qL&uk{@g8mh}Y zYr0BAOE%tIlSw z0&KGbCs`?l0Bw#uaf!UH=fAtzK50Jg7=~c_u#>_$6M5v}H5fI!6jbHQ@jSP_bQnkp zk(#Q`NeY~WQG)a9sT5nJ&=*V-K!Hrj3B<7^<*QBu?kV7eK(ztd7PA0$a`52Pj;;b= zEqJ98y=tyAFk~hi(v|D|_&=U;{##CEX@LU zH|UCBoE>Z!OVPOr%VyApt_lm(H%Of9iJLh-V2QK0)S9 z@bZ@!6`cz1E7;|%4fiVAuX~#-%=LmSc8D8mk7vR|YCKyqY9|93;jb!2sE)x`xStMT zkoE55q67>ua4|~19WA8nHQO5;rZB#)%`WC8{17|3x@(77EmnoS$qkRB(Om2nmjLgr zhwhkD>sEEetlM4rH1m8fsM{(OUVGe75rnO+^wqtwXFm|6shOpi{MFu&(&ap+I` zYVl#huj~skZqEfvJCSb=jHZy;D7x(WjxaEd%S79!k}&rL{W?m`aH_U6QfY8xwbf&I zG{xpwdP`XNLb#V92Mcer=G_g1>mc_Ri@?9$5^)t67p z8L)8fgw32cV0kDTNkIBy-JG3hRG z!znA)r~EVa=!=crT$>y2qZQvMESvW{^y7!<+H4;!1}_=ee?sR4w-s#Y>B>JpyJTus z&B&mL)Z>5KkMHm02Qzd;6jbhX~XS6w5BG zYXuEH5+15g`Dn01>sdmE!wlyxGNNcJj3`u^W4NKL@)S$__UGllh?`M`tA8hMy1l!CX}R$iag(ya|5N?% z|Dt^U%ZIMjO(&qHAHstCQ_4adR|Bq@#0+=sm!)cD`Hp8IrN%K27aPUv^J4c{Z`x*g zM_6E{6cZ=YNj9FguPuckNgM%N$&>FMoK@XS43V5MgZEF}H^=XiN(mr`jxow3*^dXU zJg=q(J^9Wn`}y5zr1KsrPFrF_zT_o8NAQc}+250$O!Uxqt-gqbDo@F$ggl^*#~HTD zfOE;#VUS#!;&-Mjs$6*AL>*mM{JbUKN9$Rft>>E28}t~Wcoka+dyh_>{@QYg+YOgZx$B--)0vbe&UT;(w#@PquT2b4G`mZ#BkQ^r zCyG~{FT1ssNDL+oEON1ds_j9V`jz&^G|8@$4GuJc+i28!U}?J+l9$y%0kF!m!a6l- z`3m%GTe9+_=S~0OZw+fdc8h=%*1eMXct0ZI1Qo(NZL?l6$8hIJ>OO=f96hCD!bc)w zl<{qoA$~0jg?)qC+qave;mbvh0+T45=#R60l*W&`@!zPWR8%=2>hVFoFX&Ug&`CwC zE}d0qL?#FVLJd4pbigT15SQhv0U~$$Dk|A6=hGel1l}{7A^5(&-E7vF$ww}%Sp^wW zlCtSjeH1Tn?u#5mrCk-Dd&b4vIa`ypNkz5yqe4@O!3rAi9ZyxShT73b2yFkNctWC& zBfd6PK1E*H*>AC3IDrvkQcI-D`kz^frUNhCW1RD6?uiD9AipJg)6Z zDcPrGZ?PQv{o~p<=1Cnx;{cXVO>L4}CFLi0x8r-?nfM}K??Mm2%_rx6eDjae{!znz zw5lIH$&cRi@1xO=5##^RQ8K`CLpeehC&x(Ef)ISz%)-(E>}7?az-Q=t*GUSYvJ>n| z1@2E8$z_{LbnvbOHzS>+DN*bN2D6-#j996H3uPZPDx>s@CZgN&S>{qUw_GfzlZCWV z%M(fC64mZ9ImHV-O<8T(FOZleu!zVyNM%pZrGQ!*8lm#j+i@v^ZhI=bnV00Mk))f! zWCUw)9Ib6?EJlc{|9rRaStwgts@6FOEpm5S>cc=Vo#&VghIA1@VOY?2rV9!4-IoEF zV6PX8m}>{Anp`UKBiec=+#Mtl3LQvmDv>F-X&-!@)yh{ikHml0He(^@SZpHfe40pw#sHswvGP_q^k}t!dM*{i+<5p@>^e3X%;5|&m z^mFjeQi6s{(9+b%H%z#ETGTl#4cJeuny)x^&TQOIqCP&x%8+wO(kl3QB+G*^}1 z7EaR;*;svYmRBUE;@jm6<#Wdv(CgEOS#pHo3AT)QCCw6CLU4T3H<7Gs4p{4%V;^i$ zQoO>r9HmI~4PBXT3Xv`IVRsCS0!LGMW_hXN@0Wb5;fpgPo5{0c zl{xy7Ns~;Xk3dRA{z_T-zV!RLD{j9DZnYd(*l^4bj7#T?1S#?gxP&J+Sp-k!%(k;S z%19fX?I&=N{Ca;?xtxYC1Qi6{vF~U!Y!53#gs~zXS%q_bDG9D4_4I9-5!9o$A;Ft= zNX%!^$gX8}V!09`RcnQQD1AX_RNNw*a`W@X{NNx3Z$Pt8WJx9^6L> zUZPaqZMz4eDczNsrZ$9`dKaTnm!17hn8TmH6Oh=bH1Su-z(J7(@@m0G4~ft*d3g)l zZU{}05$UlQ1}RXiES=pkdv=farn+{Z(7Y;lK_S)LK2wJQq4S6@?M*LIJTT?CFIIIv zZDu@D_xO9y`}1Is5ta~~Q#4U=!+Hq%mA1YHB%79nT~Od^PpMbsE-eJ1gSe{L=N>Y2 zgL=R#=g`!F&%|J-l&rt8JH3~cdgWrXalYeZO6`-#XM4V5_HA#mUwi+TW2rv+)|#b5+iSY-6*-DMPm{#0EL$z0!+^7$KjE}qwCGuh*##)a z)DZOU3{;3xxs2W=QBB9R-i71Wq#u0(9lNmu#G&?0b+cjiRz_3bneGwDm3H!W+jqQD zA#Ax+6Gh7+(`7W=k{&Id{>8crcu^Rx4yNLB-_VIgtsMAAnjxzGomRyQIGA8L>WU)3 zdahQ}{qE;0>mSDsW{hi5lhad`jy{j*dFH68svB}36(?@O<6}v`?((+4IvaBn_wP*J zXRl4jocj{ip;pD9!0yF$q$n)79JMY5rMf`G+gyQL4AnvYd>bt!N^PdBBr)9&&S+9x z-On!-?VWkyv#zc+nP1&CRS_LxzcIWHWt<_s1>$;g*c(mQI1U<68gaYZcE)FY5PFW~ zJJYN2xM@ztYoFiJ;}qM_g{*|`-Jn6bKv!4O(G7e`W6^h}lp6cC6Y0(F{5~G1C#h$? zGr<@bi`nSiJ0GZc-|tMBE|mP;tr;(^_{8EHJWA>rLizfE*X7& zODIS&?TKD8^EHC{({LO7Z7}Mk+b=6 z_Cem>cP63J72?*xsO-^;=-pNARo0VCtzlKIy}w;2}pLlqr>v}{9A(Geie|+FaIqd(a4}Wht|6i5E zhEgpoyVPuYbP-$HTrr$DtY;a3V!wI5osY|eleOJ38pKN9nBluaWEiT{87i#7F$1(j z!KM~=U6qbOmEgwiysAq!T{9ClRbO0Uc{bT<)t53xB|UO^Y8Bm9$WU9%x;aQ;UAK48 zK2apNy2}HbmrLo|54-cvY0bZUbERjeWK)nmB{-KKVGoYhdu{!pwfjaf^Uz!`a zY}X~d2U_&7Ugp!bCO2#M;y%j()}Xl&5YGZjDTH7I=o+8XA{~uzv7Z71BTxVWKc0es^6y-dR|1 z-`e53=FBd+xXxg7A(G3*Ih6yvH|Y)+RLx6I3^jS*NX4{~^WGV|aCwhIb5{dgz^MXI z8ZyjTC^z?#Ff?d*15U&>&P*0+g*gx6>+M zWO8V;wsX9|(L~IsZS$SG-MI0w60==ZhVKWAm7K!1*{%!IWV{8yqH)w+pZ{1xp-r zwL{)#Uvz(^i69n@p4{EJUmlu%rxiMUXtUGy%})EcMIm|&HuTnm@%%=aIz_EsLGa)2 zczHNO6I^7ekAG0+I`Xs6` zB7CcMh+U;9t9;(u^>MK@AOwYuO`OfsMYN9P@^F|*6 zE&SDI7ufw}BYfe3TbBtcx5&J9%|ZruzPtL#W~b7xQUEiQ7uV?_Db;f|%A>z5)(qvw z-^>;LH2(1&9FTQRD{}b=^9~l4{{Hx4%Ue=O)yF4m)dwIuY4YCfkTYrtT|ymCRu7jt zEqqja8BehOs^v@0_Dk7HscMf3zajzJ&)!#k$=f|LY5R(j*|awwoMK1i>XkNcMmeyE zFGaHd=QP@XI|}fhW%ciS^KZ)F3G|D7YStHWf=#`>X-&q2xS6V%i`L(6e15k7HUe{3 z-xQJ*&u8&lX2h)w{R*u}1%{J%w?@menaK5CsPxJbo@j~>-Z#4G3?0{PDIgS!2wez9 zBK#Is2k!sY+6i^uzTZ{UG2L8Bc@n2Ykd0I6ep^f9)^n__~jC z2-Tw5t8ePn&%3qc?@I)5rVA*X-dWz#(!^RhUcp;kJ{rb_ar?S!CQfzE$0uvU2pT4T zUGh1d^1gM~%Tdp6V#paU7j|>bWKKGjb#Agg=+loc`%#QPD#-uc?QD#MX%U$YH|oyx zP7b#Z?(8+fIR>r?6L}pW6+HX*A|&V&3yR6Te3Aa+?>VAi$(Xe_}JNh5B+Edc=L|ufcL+ zH9aI`@^$4ueumai1ZiU`J|pDg&`#Q?N2{&-VLZ{@Cj11M$w`zwc|C1EV%j%&UL&uy zD>^^*XT}oML2VEDR4tS~95qH!TP$)-{pWqiAJ2z!eyeIJ)GOK|cSDo*8_?qlN4Fvi z5AtYDS41|ei^@HYVdQX^gB(HKL1?8MdW?R4wq;y`hR_o9)ckV5#28~TRBdzt~Nz@k#?rkp_#32+TIOUW&S zc&6Y$#^(GsfrY>M3Hhmjh*tRbF9?+;`ZOZzHPCTqPjN2B58*>a!HMIL_F&0LB(Z*0 zPWSqXU52>IBbXNy#nBt!maN;6-Z}7PNl)rSUaa8NR8xgxu?GDDNduXtX68P(2Kl2| zd&jmR?g)l~rlwhAJ7%d0psp}?Bi7#Ny<>)UeMxB0!~nENZ>rwbF->LIvN{hBu<1|h zXI0g}nL1S9A)@P*VA-ZCo|_5oOQo zAi%Z~auQPINOZ80rV)eDl?&8t@mvfsTLJ@NP`Mx&G{XZjQwjevaDAz*izQ-PVEpC{ zHmyR)-=$dh-)UoLLVroI#v8^&P9a;UtdqP$Re%~RME!qV+2|V6KbHF+?7atEQ`x#V z%#3620t(V>fOH`g>5fvQ3n3tV5C~0r4FO_7=`eH&O$h`DO=<{LsZv6u3n3si^cGqu z@!QUvneoibIdkrN=eytieXo>c?X~w_&nkPbwVw8Ws_K|?Nefcf3YHKLrex>s`)57p z5XhkoUjIocJ=7p-8M==fUfb&eENM_<)1T<3CM&0bpq?FsU5lbA*hI5OGFh~8DYp|m zqP6Sx+6o3-(eIHrI^sdnPm%A?*tK{)C6&rA)$fFv#}rD*0d_gJ79>qk`A}+BqemZj z+X*hw5DVmZdnAuS2E;UdYS$3Ycs>-@C>!D_RKY5YXI<*jVF009Ic#3C6XwxmmL`EG z?1GD|q*AZukzsrB_qK%A`zKFdKVC?nXE^&5ZQW;jXKI%NX`N*8h(m)S&q>sAHk z800#ZEqhQe8WR@O7SrM~R&V=?|7~da`@Pt_>rTa3kk?^Q^=Uy5_F9&(-y?64_)UPt*{ zp_Yy?@mlx8<7tzdYlt<+ndHRmyw=pU=bUY@1J^&4KNo2!aMAIy#4o}nFYdPIUcPMT zV|q+(mPyhZ50rK#fEhy-n@J6#eoY+ZzSBi#SGuF5ZPp34dT*YOz8{S zL4w)qL;Xuq6O~YzsuiiAs0oY_#^@Nmx3GJtRYv@|&gfvJW2^7lmLh66OOmg2Kwdcs zFo$hUkkWb3p>A3ZZ4ky`oCJT59$tb6XELfZ+K3+Et(|Fs3@l3+5?fZw@U^;2=BNEgtR-P;aa0gXekHj z&njUd=;4z~Mo&;0nwDr2=?6)gj$_G%tgWKmcTpQgcf-t?$B{{#8Y&(&`x4t0=$SGS z>9_$&&8%Q}GuLA<>AX#WOTE*8iMAdd6wqOS#^px8z$8O47MsiKR-+H6Gc{^H77E04 z=M;#~qbE&p5SbTE7~A0RoatbkXp;b~fIxVL}XSQefEj|7YHo!mIKlukTn$Zx;Mnx*%EI!xfoyP3%!JENFv zew0&*f%;0~cv}7Qh9`?TxaaiGkE(PLBX{Hvx*8Vf>-JD2hsutZ^P(N}6OKSXQ(N!;HFG2BUrWeGxFBy4j2Hwu^~M{wRo!~UMD?-C2?1R#2rd-@mOi{8$Qpd;Y#*MUxJSA2Mrh(>TZgvc`lJbo# z?}!t20EBMy2TEL7GOd4!P5BdD(7f5vHmb(BPeXZc*z0F0#(~FJ5SyEmIG{HePipXbV? zj-=Za0rkz#_;FXvGd}IvS0SJr*X8KME@_@{pG5ES-vo+-dwo=WSIz<#=?zXiqfq z6Wz%Hf5y1Aq(P9CpkLDU$gy&1`OWA1)&~6vEz0-@h-%jnS1bp$&6%(PGWlE?NAnl6 zMS=V3yZh#K&4Lk;h8;kGQ@&I7+?(wyo$`C1uL8H(c`x_)_tem2PlxF*Q1Z4~_{f4B zWT6J3UcA?sffmoki5d-n_?@4wkRwPDd|hi@$76P(H?25m%msUVJX7+%UOaVn?4Rh^ z1Dp9az5C%4ag+oGK>Cr&?4LPbcdQMj95E%acxQCt{dU8`>Mt}v0F9c@G_J1>qxZAn zdp;aYeyL)q+dv%~_NKk9b`pLno?SY2wCpq@^3KHRlID_8*23fpL^9z-ozBMSGb^CCr&tt>k6JdM|_M0N1w&;*?Ydat)P~znNra;-7!XZS3 zulsm&c)cID$A<6oS9v2i$Iz`3W}ii35)6(DM&_i8qqzh$gah>+z~WBMZu1!fc9LnE zYixI(BedM>{FH}df1D-I&SJMF`BHJVc9y&T-+#H0{nzPlsO;{3leddHy9G?Uz&X^k z2=Ix^_sI{;d;?WYB-(xO%jcFw2Uuv&yOxQjPv#WdZFZUpCy66Ct5i7!3DwRD-@4V& zl%6NoxVxQR{z~RsP9k2)tHgR&f`WP-v4KKBiJ$0FW-#z)??2J)NjWY9K$F|49_Hj8 zl^=e+>6e75W2k7L>s-~9wtAaNl!df`r;`X{e{A$hmt7v^`Uok#N%Kv9gK^Z+DNTo% zcU{-jE2Hsmqd5KjQE8~F*6i>;{}X=H1?45m)lYPHHKlD?=}B4+O3fC&pwa;)WdTsD zn1TYte~Go|K}Uy%c9_P{Ypg=En7%^E!o1vI%VyazAf&{?%=wx!4JVcKZYJ)ga?94z zYG%#=3+7k@4``S!1j3aF=}Wa@K-x|tZPtwv_^OPDaW@A*VeJiz2-ChTltIVxsk#?9 zWWQSirpj~CEgUkSFaO}m)nm5k7a=z2E64{tK|wic9G8A+Gu@GI*2wZJRkS4eE#(6T zc58j^^N&_;1x{(`Mh}bca03AIvaT5-6Wl!=gq%SDV7?z%0Bg2BE1tE4L((0XHsv0| zwZIf5D>gm0&UB3VkUvVuS;T>|O-Mr|wdkqCwR+8mPwYsd8hwewBT~86L;jhk#-T>L zgha1pjCj-_uM4#>P?(@BeXceadD}+moZGH`lSs~F7*kn`prE2)&oYgtT?_OaMtqWM z_!$M`zLCE44Cei>E%+kw_XpVhqVT^d`F~#!vu_Jt1JMj@>h#R!B@R`MxAZM#&FT7V zly>f?rcH3W)a)Za(FIyxP!a70LYfgo0UXS$K+r}eHU8py77NiHWy{M)?xZpOc$-wY zG;ls2EM|-WqDToRCQb(hO(mvg$Q$CSN5GfkaH#|m)`Alnl8bYl(pF^9R=0q74CpqA z_NXi1ArRrSXTv&AAU3O&n<`Z8o@iWHDfs z%rfeBlO=bK$hlNwb3xP06WhQ*Z zH=^lV9;m3XJAK1o6>v^Tv-tjZbRH%zlGBXY z%uU32yDgSIRRsLA+O$N9I-f7Cok~gG+J5Wge`jctV?3}2uiSTiBiBi-f_uX#!zY|z zR=GLUIEptFU8^fWaPwr{c2NG|i9oGMA0tDMdu=#OZvWJ;gc&z?7^MQ{#yXbwKhO0_=6`m+&gx1-}%;AP}C_8oe#{`T2EHh*2SyzQUq>1 z`l9t;B>#VgS9YwjVNW1^-vE&}d~rFHL%%XDM|-}%M|#r-5th=twP{adOZM9MZ7*>4 z>MwhNgc)p>{I=5Q=#K?HQ<*t2i&P+*-GB0P_|HQ91)HqN@{|$;h!WLmZ+c{$c370_ z9DI%k(|4ifPmx=(HLmS4)j^JNDb7^HM4fcjcXzd7M{oT~?mIOs(tR09*mNQ*o3qU; z(eT($bkbeATgP7kdjNOR=q$kR$;>qn(9v&xz3CqbugxUUdEYsEuI?hzi!h^COlaCX zF5$M7ZG3oXQb4qyA)KFE>D2l7W4D#^&1GULT|{&0Z8^tsxCGrK?75+i!{j+-J?s1_ zf_C0bT$97_M;du#B>!WsBUym?VYTK3kU=mS8mjB6+2Ly8I@#D%31F9DJZ&*1+h(Wk zZ?mwy7fzK!*Qb5|>J?LVanuAaBQiHgO-!{)-;KR-E(dH1NGsf~MVlV8ZNH+!eXZuS zFtFs;NECF6X)P%m$|yfG{(f|EVjQ{wATIj|d6Kk1`qz{>&*%3<+Lzd+jS#U~oWcZ9 zxCb862LTTS9>{$3YX|(ZE!rE}a%%i>iKUt`Dj0GNd$Kn81C5RF86T^4odTNk^s{@m zp4Gd%9P;p(;VbR(MTGQlSesNHUy7n$L+So)(~p)!@@g7@WF--i$4trGiIomcQ5N-% zOmRzUf#l)3_mxaPLW#SC1bC`1Fy`G z5Z9iLmfVyILG2tN>CvFCn}DWeywhtisxz@eczbeSUKz@mHf7P|6WYx&rv;PK%i>%X-$QiB|*EwIFSc` zdrtmkVgKsHfkfMZ# z{o+=d7f6b+Dhis{sI58N+zUSI8iIBX2Ha__k2DJ>OIoBvrMoe@?oLEiu+l{8CV?F^7?c}F_My3{{S3|Tv0<(T!H5h`d7X>Ccf&T&kf zt`7>cSV0$fw#;($XhpDbQoKZ}h}oKVTy`xX_IFz~^on&CIyC70g%=asOFI-zNQT^!XzAnbnry0kI1EA6P z&6_Rj&+H|{n%9)@+5y~gD6W+SE#5wT5w1L@ZXSm*kxqT&*(bK`Y(It(IU^Z&H`g}N z8-w*hpXlPx4kkcGO(>)#j-^g}xJ3G%)w*vc4#2@3DkvN=#Hx2VkZ^ho#B^>vM7aHI zSYxGVAzGSS?Iu1Y>S0@oQuS_dwwXjo{*)5RQ-AE*O32)uhZM04u$7_ZebIofxJrOc zu{KbQ(|<)S!Gf?=4!*H1q8_OB`SyC6=xV5UMOWfg?i0ztq#*fTky-pIvjAma!Ex zIakAW^frge_?cfz`d5i>f*jUU_&hHpY~+)@V)27-5Si4p7)PH?6Ba2QKeI{N{W5B~ z0}!?M<^6wE#DA3ko8awwO?sBg_7r#GeexYI*kR31_}&lLy332Mr&sUHPNU{xefqGO z!}L4(-LgvLLK58Jfzx#1MVQ%OT}*7xD{<88FX)|cutYSlRIMUwMjFypm&luf;F0ng z#{|bLYJQ8XaF;z1*Ql}#Y> z&$mi^B{du3$bkj`yXdA%&Ryo-)=3HdiCvVBp05NV8Z3SEWGxi^%yyC!j3HEt@9-zO zGU@X`xl)~8X{}bLT|d!jINn-&RJpe*{5_Kt)DJQ#XI4Z-!^&@dvpx!1GZ{5&zcvSp ze{t)J)_;+_@wn~IW^~!|_Txz3Jr`$oGnPU`3cy`DXHCh{4OMf}hB|f!Xx-04Cq}!f z)9O(D1)z-4?44xk;7hh-g*n=8io;+GHFb=hH^SS(cskBNlXe(T5Da%9CC4a*6s@q_ z50q{yZ5m3Ple6lCK_2d2k(c;HmlvGmgyfLh8q*5iio5FQTc;c7A~LhPaEw}QEfp!p zA#pm$t-CqZnul9@bk72rYJJdnvCC&*I7O>=JNFYDUf+q${;ZIBuZsO+(Tx87pX2N zNK3rXIXMAcICuGq2?w~Bmtaz#Y$2p2>ahzN+>M&3R-NVOKA6172FKUq|Z)csvuq;d>bErIT&XSOm!m0y!OQrOA&_-Z~3mj zHUJ!vPJebps`xWUq)fT2QD5*6I(^5&vG&xFNvL+8x$zutIa}7;xvc|Sqw-y>)-_xOHnMkn2sf&z_vp)7|B~jqTosssI^g%F0wE~)^+O_FE{*u@csK4!Y1j7EKXo#q~e&ox5r1>)JMP6>Dyk9 zhVI-KauZz$zUzk>mnSo8rG)q4j$5@t{`P)PQrO))%_Cd5>I|iC$!Ue-qc;pJ#5d4OF zMDZ|l{`dUY-J5xbX;?(5C6qud6TYRZcwDEi?tg$tvtZMN@|v_E`7?T~n}{8%_?8*jR7-o@$V zwtInR*~k>Dh6V5S59ENiE_au)<2m3Gi=E_z=}4*v$7x`y6yju3N8u!dOcKA{ts1m5 zEp3hK^Cn5~iGzBJCQCrJ#s#uDSXVaPB0f0sTpd)WP~xuDHE-t#{~UZVy#vsH#jvW&r*gHTH>~?g z-h?|=%Tx3HeF%+aS7@|Jo3!azLbzE8Mnr%(_aap>FBZeVr z_cW3%L|L@1stbSbCK{q4DqgSbFg@6rdf1J`er#@tYsGRScPGy4;Z$Ldt4;F&GN>gc zhEsvc*dzPG!w-QFfh~&AZinTI4p%wahP*C}VJ{TeLA9cNmDDkN)LKWxP;?1^C3R6q znlM=$h(n;UmteO{{Jmei3}XYyVb(Z=KJ4|#5LxMVoD!*m%Y{?X9y0Cfm%ezczDP3N zn!3EJVz{+;tEJZeX2oft@PWF{rCVzi;I-684yNaTNHI{qc>w3=j^gU_%!t-#*StP+ zw^Og5CR^i=qLg$GgkNX*LhByEIXF&PM!3LDH7^SRAgd%VK{Z%cr~}ljX2=3;*7p;g z8^~dULxe1YDff%wNcu$AuYkwmPp83GvKn{WqOfvim^&4T?tYsGeMdkk%4w&Q0vjb~ zEwn(fF)7P5VZ0XTNrC4~js21)Fdu6lxATkpbJt9||4bXhw(sMAY(V~f)_!%s-LbSD zlF+F37Uzz@e^=T2#h&wlzHg+e1E}2-Q1z~e5`Izjjw`I&>@?uk9F~oX2|`y`GOdl} z%(j<1XWyQqpOW}Z?f1>O#px93!4klLvg?DgPgh+D@N9OjLuBh`5HvOkuN}mmmegy? zY{r+{R64o?+SlStbl-n3cHY41nhJwXv=!s$wL2J%biEDg%%C)%0it?03rD;=<*y2O>`KN zgX5TQH0QT*4*3E2fReV;7JZ$=7q0gvq%1cI{BH|g@MRDFb^5>&)(m-DK2yMqjA@I| za^ail;EJonXwu^RBh*%)>4CxDV)O|p8_V+Io-WB=SSxTZ4r4%f{=LtE)e%Yr1}%x+B{&&yetJ6Jf}@_0av-E zXq^Y5bM<-j>8EhO62kw;3yH#!d^L+}~#}b4lUaSMD7fRym+0#jU?JJnz_%*0FUYQP-{EB3TsE=CvYE z?VPskBAiY^AbqV&TT&AUTOjdKZHk~yf53m zzro>ZmOhgFiEfMq;eQ)9A0Lm_!cLy~qTGLzi&sL2ehEhC$?5fO9o-{? zeK@izbU=NzZpMLqzidYEnwC;zo^%@5$VNN=+S=txJ&y(efh=NgDf#SWIk4YvRL%;H z*!I*U$q&}0umyPKv+RnG?ky{VhXn(HO7?gmvH+|yO73Ynq}p%yd`^KTs`zf-`yqv1 z2lqUZW}27XyULcSt$P10@)-A(eAkl(r9Jqvp|zay=qJT@g5%G46@xm4EO%;4awa0Q zgk;ic0sJ*Ipec(QfW`D2&d4ga>u?TrF5y_{0y%*@h-vj0t_OK>m9O`h8urnZ)_B4y z(?Zjnedpu;RL4jERFzAI+kp;7yrRX;!qfPRySVPtU}pwztUKw;`}y^x2}TD_c0hcs#t%#>w{_Z%+4 z7SP~5PEsE69ir}ee3cv8kFFkIr*4mbl=&(*{6CZ%o?qCHA^^P%hMd3(f zgz?q5^{YA^ij@x36r^oXgl2~KoP&d~g~vp>$C8cPu7GxiyzU#klg3t~!Np}&E9eBNdz-~GJh!RD*ilne z_bfEfOwk+GJR;mj#uKqm4b4yadTxl?Y;c*d+KwJaJk?ag^(}<)AvN{LV-8gL9oE}B zXX-V@S0k2FA6`AOV&6OCb`>c56qiY@v{PB#Th!Iz+)X_;{7_GUKf^GkYwD)Qmd{6P z7VnmXPjupE1I;UJUz1y$z)p?r*zVH^0ouun2-m{F`}z_>cdNF+aDsBC^Ze3KPkY1# zrmd@<0zlAF0YTRN6cZeKb_XgW@=QK(hZi@kxejV>JU0E*Z3WW-+wr>^Xy!pnGIp+L zp@NDWh;J)-Zjcw|7GG>AnXqwJL^-Y4^hiG=e7?nV(Rh!y#MD3S?)U|g3i>dMciVID z^x^{6g#9y_e1HtLyD+#P@D~|L7#4&}A0r>$(p(;cBrV16vIM$RUR90oT#aKb!G~FV zaNOaSEPCFF?g>tG%4}f-T2sUQaZ5JkncEYVM6Z?H&MiaPaMF(Rd%08Hq%FO7FS-n)HDN9((w#@W6=#Vz{mhdWTIx_Rd4zJlv9(H__Qp-GbGLdrgZuWkq=+Tl6xn(%2G5M!E+%lw)?+g6yWpN0o_f#Q+PwiMv)jh9Tt;o^FCGO6ey7)tt$Gu z66jh|FxR$JZPucXwZH>Je`Z2~4{_jM^2dNn9*3g={xghH zcl*(=58mg*f7N)mI}N;C%k!GY?wJy?Y;V~Wbbao1fd`|}sh*9a@W(MuY0bX7dm~Z> zR-cV@e^wCIBG~kc$toMn@W&}m%W_sruvN%$$5w8FuVh$={4u7u4dZslE+CFw>vJ(j z?O&{Q*$X^B;(mgOy6j-QoSu8@pQ`?cv1$5L`FH_;ha{yN@iyoGqM*Mx z?XL_lOlR`kN<)Nfa)$jSRi^bM-;+kZ?>q{yid>uVW3(%k^+veOm1L0lSriU3<{7 z*{CZqZ?Ln-ptiQZg)J$2)yv;hUj#3j2?m8Mv6Pd zz*Jo!HhNyJ&_iAaHIR??S^!)Sn5Dy)7Y6pEZ!XXGtmxrr&*T>;uPC3OrOx{AMB;?H zoHP+D;dOPFjW^oWz}&>O|3HraxhwySU6(#rHR%JkO*JZa@=kb+_8wgqkMti}zi^Hl zrQFX(h;j0niig3@kocs=);`g-_B_R+6Hb0on@ban)vwlLZmQ7_#ezMteo z^GeTIx^U+c-O6lLT@Mha64n=(ros8!J#=)3Zi~{VBg?ae?i+i7tz#GXtaVxN?z*p9 zM0Mt~TaVmS?RZ%kZ(t#k+j|F-h@qvF&+-BP~;Q$Z$zMID_jnZ-izG)PKv= z*WGYdtoy>%w>2aC^yveR%V$b9F`G5Dswe?R-;U{JaDQ+!zqYQq=cJ}Eq{{1D7NDQg z+qjZ&>lHY$`+BS@TuS3goTg)p62p*{Y^4L!Ys)@nOO-0U@aQ&XGCKCsV()|{?KTs{tYnKr}hV7E(Xu!?KT~1(@ONIJr z67uiW#_j;Cvc_XIU0!igAsHT(s0?}LmW}z~nU<|Kd?Lx01|pA6ulBk9jM*n1SxqgY zY|qssNNHua51*Jvz$ij)gph0_PZc@%Scj$d_PxeJ%(RhbWa^TVx^S**uxA=#Rnrjm zV#5u4uuY7U3|~EN_Z7S^fAg3-tVi;>JS%eFW}&`hFVDMB+vm={$})FrpO4hJ0J)gP zOTQc3KOP=9L!6b;TM!bOH|kvGNh*2tiB63o&o#WUP$}-7u~XN&S7c9lI3yfUa_gTZ z(SI!J-{<_PUi`mp#sBYV0%!l=uhKr@u}rD@QKo=lFY6_Xen1`3APoRs7`oTx3*V85 z*;@DMYj#iC-~b1@TstWyd_<#WHMW9k|i4nWnrfjd6trc??U?#AS7jWXOGO0)WN9WfnUZk~MokWgR34*qSy zcF_hrXD5!m#sO4koweOM?1X^UjSaRSOw*o}5!QJ=(K%f{chh=(OKq#yuhl=)2XHG6 zaM-6FBNrGNCd!Tecm}bL_yB)N`@83}1_P%PXwsBQXN3T&#`(p{8VwQ+5Gv7k=E>~XeyP2^V3c9POWMh8b;$QoFR;}!VN{Ac@yxp|?7_%m1#N?J zQJcJ3UXp!u2`?|#+v@j`$6!!BZx&ipddXmOTnYx zI_#&^BMw1e5Rcc*mH@c_&Nt+%$eB;@yM^BVx_v4F4NmEv@_}vxymtge{A4M2NhW$IlXYk&l6Wrjef|@N-+I z9u2+xUBmwe4}UM+rYH=bU2JvS+<2qC+few;!fy}pc~k*=oblT&_E4(9t(%1iPJz{~ z$a$hy%_^K?w7@V!LA#ysmlWIS8hmC=y}xRjz8<&}GolrPS$F3=;>R6y>n~e%=rXq3 zJ^zELSwA*q1T10w4J~2XUjsKk=>Bk4WdjjIeK0URSZZ+;`uK;xEbHH0@TXoZ|IHv+ z|Bl{2&YigA`s02^KAd*RVpN{h_;5n={3zM$63m!~s&z}e@F=3ZL=FgGQTi%tX?U%`)#cgb0>-r zh;JBYT`$T?Y*Xpn0{DjMti-qa((a~ZTigH>di`0MTwDI1x9%JL`-o?yX1PKeNl#5y zE#|hs8@#eUL)QKTt<{){5gH!RP!d6_kw0jkHUp-O+`i^am|aR(&fbmQKfg}?M0bR^ zyT(W`E-e%BtGo2*&uRQV_s`5ziuh`kGsP39s-RoJ-WRRI0YC$rt;NFcU9R|u`k4^1-9H8&T}%2+5l9#8NzqJM7zC7HGYeO1Y(@vmfo0E!H+9Ti z9x$6rs@j*Qai`pet#^N6(aF~O*x8Dbog8rPA1b4Hgg>tSJ(~&C*LL2GCD?B`%0uv zcj|OJBw{t$N`!r~6R{6^wPZayw1hr(sY6_GA=fbvOfUMqiRVfd&Sbgx!9iTiN=UJP z-tnBKVOfu}Akwwhe&d-XvB7oDa*Wq@F)Tdk9g=4uO7aJHnSQ$^*Y%Mqf=pL$(7f_q zmC&&YR3m9>ymM<>q6+4SU~~0+IEc0`v&sX5iU6`=q7xv`{)0?`{&yzxMPlUr{u`#?BgN}6=p?+UDb9z zvKaAw+cgz0i-4jsNa4XAB~`5c^VT&t<)@ z`6nf%BM-q>J;6#aaP(;bqssdl%o9g$JBl5n4**A>jT8sr`7aa5Zd#d(RUF~FF;fx+ zMrdngqgB}w6CBi~;njLXS2LfmI9@D&Xf~?u)F)X_`slcTKj_GqV@|1Am6Vr}rn+P++f|v$O zS>w!V0wA6R#xnRys7-p@(2J9-f0!%2O7H*BC4Y0qSLyv%>HYuR()-h5r|umtpUBnP zJiP-lk9j?bK=w@R5B@Mh(?Lx2n!jmxp`%++^AfaT(a@VC;ts83zRfF&I{!|84t(Q@ z%b5RqrkM4yo&nXfsi4~`-N^eIA6}h&9iTQ_P>DDMl~M6BA&o1a@lw5#@?k*i;j`?t zH$_QxcEcOKeU1p?x1TK5yw!@jS%1H6%ya2lMlVY{ zzXg-V6<1u6wp2CT-agUORotP^q&=>W0YJr3 z=!1CleFnwR5C%cO04NR!^h8(cyDk9qelpb<-FgkG!az>Tm_x=H5K{_9xeOC07YL^Ql&0F4nkyjR2LpBA z&oB;`HB>(vOk&U!?X+94&?;Z*5vFHq#ET2`wL1nQF+l}W?mbagC(~d4ao+#R1^%&5 z{_dQwT;Sh@h4hyr^OXzy-^&HUvRxm^V%ZE4uMu5ICsG2h?)9f}EVUonT8sINt$pf{ zQPAh{mA69LLIb*+MezLQq9tlf^}vy5{f#im*I`!}jrC;u^z2*Cet*pG!+70YC1K*7 zs>`w-VcmEcYotPQK}MOU>k5jg{)nWeNzrsYw^(%(5%E+e#TKwaP6!)KmYEf6Hodr6 zT?@F_;%7EjBJHeQ@b?F^Sg)fT;T}jym%(;Y3BAmA@xd^U*@%L~B(T$tTkauDo~5SP zDb@|R6$Fa3^#;o*GK}_QroC?2>g7_AEgIu1X1z`}>g>|zd{>Wfk*l!oX?Naw?l3#7 z*kbY6(JhRguSuN#}Z}C0eic$%gX(r8I zxL##f(Q;AN4@)cYzLPGySAA{O56DEZ#F5O4EZ1`6>4jKF<+%5AX7V^tp6~tTk&Q+eb0~< z!}Nzr%)3bKelfXGP+XCG<4^uIMvalA)P~lA1U61NpXsHQb{D6KN@n;AYY+pZHKj(; ztd$7VD=!n1&TWs}{}6&=ao2`)yiNP&z^y;N(%;ch-O{#A00;53UDV^p`=he_=bcFK zhBY)s#gWC2zGzQ66{o}O5;Hq(-Mg^UcYIdsvnKKbL)mSV!w}62#~kZ%UtcODKhSn3 zpyo|0mHhw^@}%s_H|jC54=%Zd;zcVXy`>z`$e6lts)3JVyR#v^VmRNQ3^m-j=&4FOrjSeb9aGZ)%T?I5u+^BbfY*ck-IOb4ifxOXqMGNH z0pC&5?pSK(#ezw|qAi??;i}}xwZjif-l%y{lPh6y%5hK;tR)MgKP!CGq4lC(4Jcl| z%;RxRm}mC~H2=8r2WXea!B_`Btm1c2`*>ba-Xz<8G!a~t3d?rrHGrjd#&XW zL1V;Fu!B^!XRHnuCURYmc{OmR`VUVpknvTI|7X4O_vU@ob)` z+?%3n`WZKdIEdq=hyDrJG~^d#Pdl{er7du*LmRlw0gQ05td`y4w>5h}fSva2hR5;aKaZ`*Y^9J#&3v_&ShHP6 zoSKEki#C)x?8Wlrx$)TSjtn2+R8Z*!ZG|6dNN!?EHvE;o4`cPf>pE-Au%S!y7sL{? zgp|1jTBjpxr?8IpY3rsjOceIP`^cu!qSTw^v+;g`5AN~A*JM7_?oPbuasHXIU6S|- zqqi!(2ATp4V+|04UIVMEA|Zg>Ttn1n1EK-^y7uvZ2nwo~jEhpdb>l#Fq_?7qVSC=m zM}k?U83H@e!tV^u59aW#Wt{-)Dn0G#`Q!;pk;~l zcG%v7H5f7S=7M$!s9dfS7dh<&R6RyoBtz z{pIh@85osmyH;&tLQp($HICVsB+uNSP5clSZ^5E0Ix*DUc(HFO1e+s_<3^1yYRXyP zEy!Wu>1D++pS4iT%@J=*DzEL*JX)5n%aCUII){@#OqY11BC76?Rb2hZ63akB$OhX; zZ~;M9PjW7+P<*FMd53-)wN;{bQ`u<-yZgN>a>~Hr?F61^;9%)v>tBt+|DYOiQ48e*LiZ|m1%7ess&nx zzIZmDab5JXtoCG$mhs?Pkw1@`l}h{S6Jv7zZ27KXapJc^V~5pT%6MZ2x^;*y z^MZNrk(RHT-o>UoVe%ClA?d?GhT;24HfVf7*ZIXBCa?m8STwcAi}ti_hWaE&oqe~% zYB|hy+<8q($>?rq+_ccHos&sHo*hmUZe|^Q1C6vL=0cGcNZ;N*nY?_FpMCc#9QG&S zUr}4WqPF}WqqhA175&5U?~N_KLS_B;;v)TxP+8Nj+UPciJ#1-jKhY^Y6!Bz@q!{`l zs`yz(+qCv7!)`J=Uiv(o-}u36L{BD2JfHhE^!aM#v2KBKdQgE?So~~sgw6f##+ku0 ze)m0&sE0sUp1y@@xs(MErrn z)iG&~Z^n##)O;F?a-vHenia+7Hg<|vCvx>o@b{vwSwL_FQeizf@47=OS2Fg#%TQrH zr>a@yI;C%qoZsWI?okIbDT8W58R;5Q*YGg4P@Xu}gMstLtcixU-#I0vznH$E_am=(zL)M-+Sn!u;n)Fx9@Yhra0-M0DViBd{dY3UcUD3 zY%m$CPMyO^ra$n-&vtb$-9-FY_jc*x^y|^;zG@IP7veg*$%jS+V@<>qx>9P?8yDTC z7CL(sOmL35+7)3Iq86fEK*UHuks(ZEYL@xXEF38=9Hz0evI&K{q#7iAWHx+{Ufm5n zkgwW=d)&T@I>}qCKI>tyy|r~-{7JjYHAV~ebD@0>44g>Y_^gE#=vqTSPjOS_(10)Y zSaTVpos=%v2@=$7JB?lr?M36}Ab6QRe^H+cU3}=JvU)z8-X>YY#oh)a+=%Ff6Z5bg+tx#b^8_sZFR~N}>ab?j1e4>K+f^tV@>Tem8zMN&FW%P(eNcYhSac zHbr@sYKi#*iqYDtCMU~Vu$-=z+xNz287!eQaZ@2x*Aijd9LXsHsQok^L6PNw!lLt-HX3hIjb+#N&|d%g$Znyc$V zvsj1!Ns$Jnm)IaH{>-k;CCSh{Ba3{-d#OHdHP}ptJkQo6z4Q6oY(43v$sfwinYj|4 ziN;iz-nr|m^>cXVb0mRRS3VdVPPgYS<7RZ zfgRU&2=_jV+qN4=xErf;aLDy|8DQO>M#6wUG7_W#JXJlw2N5vSU@Hpi3iE6h7EA8v zn2=d)KYJE<8*V1OsH?P-pB6s7SPZN4W+7k@N&sfEqG^op5cfJ^E^p%>>;4sB-B_)NJUf|PwWYW$Gj4Nn+oK!j8KsQ&syEI^LC`4Ipldb z00_y=?ZXlW6m+#q4rVx9DKfA@2ZZok(m~4g7rfY@1jZ1Ms%-+r)7(1K1qMZxXUYmg zg>?ntt|!QO-RwrVbAzRh@q&h&+Kw4lN*E>~j2YUJSz z&TH}BO%Ks&_F#mlOz;PzlcSqK8UW&QfOz8x3!8S|+C_(t)CV8m4t?KSqFxj05XxH^ z#V6iaQ7G{t8Ip9n(5N4;SKNk;amh?{?3=PTsQkd)2=c5-oHPrMl8n-TTsx8aIKuuD z9b9g?!#uCb%?m%9R#n)yKWJF&FvrD~^`Lsd6=zr!W&1EU{;BdnN@4i?&ACug+_{XW zeY)`fhrRcVYGd2-ec9VNfK4{hHaXkm4BMDsg1`g;BH9K-7CDHxZIa0*8;M||Kp-$d zh$OJVWJD4o3rx;na>h@4pYDCn>DxVC_kDNtxNqE3AEZ?prB$m|t*Tmc)||h;F(ipA z>Y1%RTh{m|28MsR^ZhC{(X;rgpYBo3>X{d!fWPBL$H+OJJZXM)es4y<2~((WUNFuw zemr*EYlfZn!EN>A)@GdxoK<{x3$QY8wEk7?5s6tz1*@DXsBd@p7&Fy-pYO zv%wmdgN9}S%F{atd>K;K(QDnmZbD_`EA$R$W8O@ zHllORUEE9j5)!R3`2c(ya6QC*cw^z|VQ@16F}USjrH~`Ei;i&vEJGySFOol-kQYL4 z=&{Qs^<`8RbAa#WOpJ(3*)&B{_xVTe)bVBT8HM$+7KR{m6V!2t`j}6}B zv1^jQVCp(Mm3Nqz0i4Dcx7H?J&+^nR->w@WrYojzQHm5Thl}^w1CzJE2k&L}cI9O~ zl=(>}cHE7Pmw%GI1$J)ATQXZtG3>8o-wQtNOs_e~+1n1HInIXaNi6pqyzrqGif{T- z4sZ7;+MC^TJ&uqUuwQad^uUsohoy^`T!DQ=dQ@Q79|B2_opmbzeF_R08F1v`tTX*u z&jtAVXn^r4cKAXg-l8UbrV4*-@cR#}m2WDWP8iF@ zc5J`2;~0MVOT_K7e%pG>L;Z2Ck)x!|ud{ybI|6b%+uH#UXpcp^@BLXz=*E%eWw$@a z#Pn`pt=tpiY0ikhYUux!nSWb8Yc+UW#~N-rt%JD{w$AkJ^N+k{>`vXXpg+U+=V5`% zRm3M}yno*YRvMq9CP}%)ax1x;uH}t~{slkDY~&N2U7!k6tn{TWRIM#>mq+c(8R!k$ zw-mHTS^b{P8;D8(YMXm9q~#!X&e&IXX8L$)FBKc}<8e#V-uPD9Me?CK8oO}j>T6Na zsCnSE^X@B{lpJbI;T@skaY{b%N!8 zxQ9Eke|EFca-}+||IdSnpEE=J)sKW9oGpF(AktB!oUkmIOvWoJm{I;DTReOCt@iIa zQ!^}c<&VzfFBNGo7iY;pg>FotlKC*Pl_|Of_A;8?z?v=whZtRNVqUGFdM=)*>Zu!0 z`Z?70dq)H=)cd(@*N7w@dT^d^?G;1x*-bD5R*4N#qA7)`W5vGhD)$>9&l<3;vE4+i z^ELnG517<`KwYk5VFOybO`lpg%!|NWrR62Opi}bq372bITYsN$`Ja7JV@8oy-I0cV z3m53U6^d$u+?m)3F$t7wOhg#=QZF(nC~ z%%QC8PQoWY-Lm7#%0!FTv75_@dTbnWIt5FQs z#p2Ab!il_sV%>m2$qx6*$qok(sFUD2jsB9uQgj0I@aPe5Nmf=FDbGni*F|%4_B%zf z>c;jBr~V%Z@nDC8IFqu4welZ(402$S)M(VU&2q0r3pi`kySS`acarq{f=&)QRuW1o z%T0aArBNo)#t6Y{;|BKqdMV((mwHU>U$fNfD%X+Nz`DD2zSna>e7aHUHTnH4JQ^e6&arN^tCAg(X}G0QlEi~GUH z$jAs8*QU?^cyIs5h_rjriiRhmckPFIK5uBMw~?D99+|9KclQXzAj;__Y4yCACY*t) zekR+ic(r$xak&_JId+PO@vnN$kqI;MMoPqJM(=E}Gfv;#KTtPDTb$4Zc{-ksC=s^` zy*z@MMC;G?g*Be7!UzXWz2=2eCXwBPhB)1@`ls+JY77mbUrWC#Cg>+w*2hZIsKr{L zwbse-RTNN&aZyEE{J`+@LEE#l^pl~TIOe|Ggam1CO^(kooQcLtpw}eSnGBt+czWMV zi733zythq1hG5X!d%X9PjK^6nRgJrFvAAnN(6lN!_i14iZ=8pJ)?(E}oZNL<>qMC_(knddp8H^24uP4|sF&a<2K4~b-{Sfrzb z8ofdU9^dk~IJ@~gvtnL|M30@)%zN*@&ODK7)fLa{^dl)8-=DW|9)%UvGxuMoGtXdo zX8B{hZ)_(`|0mfNX8_xFb3m1X7F08U(scy7@06Wcf){^WjU)6ji-`RcOrJ@R!GgJ3CdbiC{{z6`q_NFhr~V{hWK3&wpe~a z|Mu_v`@iX@|7nK$PxJG?YJSqClmlcjgt92Keqq6f6dw@ciuEK#7(*V148>;YL<+}7 zJ<`n(N;zLN>J*cSXpNzs&7+`yJ#kgOj&gkUo7-jmeu4>blG{7*B3_ixtl}B7($62= z9z|lWE!Y^StJ?re>iufBCe=YSpSxWa?Nrmr9RJeJfT2WMx{OLeytnf z!%_U4g=EtnU#uHv?qM27gMpiFo?*E%l1g2GE3~p22A#dSkY#rxGkpFqEoh6l;h$g0 zvU})2a%-NyTm+idg(iwvj0_82WO$y%*;h7d*!76@xtLN+mpZ|oW{T4%s?XkHzxhqx z_RHSqDc?c!MY95w{rY7ApLoNKI|h4ksujpM-})%3Ja@%x9hu+)B{`?gqRm2P-T8cG zO@UP|6dN`7Ev_hi4c52PqEF}K_@AY&_NHqx&zZjQ`ZS>#&t-9li+Gm)&5GkuDB8ae zp@HbFev^-VciXjrMml3aChxwZqpC@0Y5UX{lR7+|Ywha}=TCEYPogT#!7LOpWz5b6 z<38s0N89Afp?ilEtsJk#yp?2ss~ZrwGX92WbJ`>J%gKWM=-`7JB*$gXL8{%Ay-s|2 z?o;|}E^7^%K48YuHKCE=tY7OqPavB5S+jj3msTBK8RE|p-`6`kiW<5H%FKIM4=v_P znR^E;Z?VfYD3#`dmab}0<-WetzCkkaQIhw2duiCXr< z$kug-9M>^4a`SQKm%aq^H>-vkg8a#oa?e2dq0!u8UyWzRueY>GIJYLa$8OtMIR)C` zlS|Fh2p8^yrDqaj`FUcAf(Eq^|FBJ&NEHO9Ok#`8R9T{4yPcA#$E#~B|2vwnJl5QGpvN-#Ee(C&*dk2O#D%h0J1Z3;_C4BjKTcg{}BtgNUS89*82dH{Sr4d+&3p6v} zQP95A!yu*Zn$sHI7yOi>^RtM8T=yYX;kXU6n4VaQ#4r(oGq22PWZOrJcc|OM8_H`1 zM+uCYeVi{`!E+<<5RxbNli@3}-QtXA|CLWbIcOJ2e4)-DeU2GvNaJ z))%!=$Bh#&M(p9WsP2<>naZ18PgvKWS?VJ0?aGUZFJTBSQ&3ih{Ln{A86rp~RRyo6 zy6SzAYIEG-o)Bn z)WAgMc|r zHNRrQG*{NXJvNd4+}A7Zt$;*%GK{YVL6k}ov*z>4ua?r}$Q>J{oA+19Y)Jr0Xv{JB zK83yLWv#3Kwf^j4<+%!dhblsEdoe#&k{CFa8}Xd&Cs{KcbCtsdV-kdyH3BfI>Xz8` zCF$+08rRoVuUO`jL@C%?su>^|UC9-FoHg7g{H$rQG|6VB{CLGh^nV+rTT>w%T-+4c$ZG_R5D zpdZt|I*PA0L{zEOtl6vYWM27%0vOpt&U;2BvYnjOzw`IYgY*c?jh|zSKkg9Q(onpD zM*s$+!nz6++dLFHV3R8s^zI4UYT`>LWLG!hy8U9PQf7BOaWLp+{lMqF@Us1{;pGvc z5(((^6pt<5jx^KA>F(s-MI~ZGS+~47D6_jUL4zvqLGi7{@0*ikLTqncUkcR=N-UsD zJfl;IrPb;etk~a*MM`xYN)5w@E%Y6d7c(jX28}&zbUC>bA-Rv-h0HKuqE9@%N{MO_ zauJW<>kRS64J6tang5ZcpP)ih5QFa*do57eA{^uW3;2M1ezLKcUaLml$ihUp(4wj| z&tBj(yy&w(f1&Lyo>|V9sWTn{1%~O?1iR8I^{c*my%|4ZBzjoh`s~-EMCt%mpxj|& zLta|d_lku;dl#l*UNoIhQVO{LL6coB&b-<+`A51qHO!tn^=SJB|EKcqA}7>8V7Q#GB*#>HI;{?yU-gGV7})`X-(*FV4~dVE1|h zfP*@QE6e^h?uti*N6r0Vl^o_U#70+CRYAz@k_j4@7}*b-%y2uUIzU1tno$g5%2#fh z+ft$fm=hJ6iJwnQ0kMmH4jtOO-M-a`x*H4`-df*XtJ#2SN5w0T2>I97Y1V8`X!_y= zK3E`3O6zR^ui`1}o`)kVHEW)R4+tL7IKq|3=hh6{zD~3b^?|Vivu=mpJi~OHooRY< zH&M5aC;bK*N@zWgg(3Ou=m$uC;2cbnIVl@QU-5c=wxldhy~JleDE7=AS%x*TpYHti;{i zd*N0OVlG28o{-DRt4?blIuL2`G5A<bN2>s);&^48Xq6dIYgS$(_l@7@3M$@>qB4kjLTV>&fN0f)$#o6!+ZWS zm(8LZ9TC%lK9iU0Nyl{?pq1yH{FnHuhq?Fv$1a3tkD|>FNfg$FOCf(czx%tlNf@+^ zj+Ib3${$B0C++&4Lht|28nNBERW%S!3aUGdUXx4uH;2poSBEyqN1NX~xkjRLLag?c zc)uq_V7GsgS*9P_Tt1Yl`dg=N@*bJ4XfSUuRHb81aJ}Xvs{96}9LMa|LlU_5kFHT8 zZ5n@wxftc%@s^WJT`AX^2*&p?EmK-)pBib5GfsReHrQSa9<4P%h6ydW@033?8wEOK zQb>buc0^o#mETC7h`Xt3rv`GuF`#&v9MH>=U6jc-is6OZKoFk>Ii&u zpN+SvJ7#GkKb;}pEmxnGJE{>o?lP~V@y@_DO9H%exg7{dzJ(}660IBB*WH>^PfibIX$)*#PnBWQT7kIT=CR3SN zN~Di<@^`aqjSzdymSVfBwPSCcN^Xi?A1}p$qE1KVVI=97s6GsYCw@QOQP}Kvy6948 z(1eLjd$gI$_mPSqqeTy$jvA-+UKkpQbVpoU)2S`C1){OfQ=o?4<*#SkMILhu=-RVW z4AwVP!KR&+ME0#zHDb6ndlj$C42~kp?BeNc6FHe>wDzNjeQ{^ehM0^^Xy#U*isAl7 zGC^2!tDT7?M@=oZxS^tJK2axu029Pje0V>;ulcRHY$^|GCV6oH^02Jmih76UYt!xJ zNVOTwqUwab$W1Q(GzeFwPN2E30it@wz^ScnLn7Ey1+yo1ua0YoNXxLrpzB==*-=Me zFcfT?YMW{azu1`}pP#u{?%R$#Tq@~vp$OV1V!cb*9FVSmU^}Dia--hxU?3l(cydYX zP_~cnb=ytCe|U5DG$%0Gy4*LUVpf z_zq|FL|G~Kb|I=%o5ghTgTr%(GdB2%^hT_(b_FC$8{u522sPMq4&u~5XINM)^zsy6 zb9+xrvJR!TsvaIs7rpH|TeFXm4R&61vD*XtFt>83Iq;(lr2*+<yG zqfHIa6(g_;=sZdNkS=hjquZmK*=dgP=QXnecmiql6*#{2x_juDK)F*|GVT@{V=PwB z?%9I&LPc;N+IPcHLK3l8@+?O{KIV*5F4LP*O>2Axmy)?>#V(kb*&n_|uHMdZ#I_da z$wA3?9wdP$k^PxX`8+EIq=a{a_vm*5^O@M*d~duQbcSV-C^gjN0xs$Cx0;l%0>k(w z#txg>WjzVuOkN(Z`+J6MF3Ps$8H;cE`bvaJ4CjaiA04drZ^%vC^o+ofag1AXd#i^h z&8*u9)%8a3oU_~ndOEmk?2ub5d<#Xd!;t{LI$-tS2MIyBeKuJX<5!YhD!nqBI@dcZ z6WFZiGyZ_!hKSt3l~`!Bo}iTe#-V3Sk&Bh?lK)a7Z?=(ldNA{QNLoPteymX+updKCsZkfcPoGUsPyBn zr_cW={L@kSe~GH0+=isjW3J6#wJT?&|q`1Cai z#qx4R#?;;v5VI#?SQRbULv`L7k4O~;sMx^r;)QG-yGzd<_R1OZB=5w)9`k3;oi1a9 zQjKf zh5EXOGn_D(SjO=aiK*g(23GujOC_Sw3q{+HMwFL}thDZrAH=%=L~C2_NT<}Olv>rT%FClp9megPN&o~ z@T4%S%1<%3wt@G6et#)B&3li}RI;n;-5r%?Wu6DNGcH{@Lw#}kZv)m5J}LeJvu5yu zMII0r#$Kk2{u&NYYLa}q$dIW$TeYQ;8)Zpnb7IXmXM(r22hu!KhLt53zo_oy`|zSX zX|&vb&o^~L?%BuP3kTCQ@v*dPGa>F5xa+HEz2yes^;FHlGM~=JY|gW0wL6Pnp9kt^ z@>;8yz_z%xl^0+J3wM-`*x)d^_`PO$+u$M3{mU8hPvkQ-klG!(^~}LzIGZ&J2z2Q- zFG($%m^P|)iK4x}gL*6%D=aSzTj^2-7Zhk)_~GVFEbJ!-n9xytTFINpr^=kO#kiTn z!i_SmLgapm^OTSaV?j<~N%veQ28ORqL60XxP6=#P0V8&$%ucba<6A`Inu6-@UzLk- zgY!$ey@sIQR^n82&^Fof!6!QVUPDC;5i`V1sqH%l4O4+DLu9QTY>0`<{;cM6#Hq}x z!QC6~AIeHmZ+7E8J8!?^=`9nOwdKy$EFm{N;M$c%7`dad{*R41JZ(3Do?VgxNFRR* zJHCt_c7a`;2ddD=tTb2T4xe@F90k)%tD-Qlf1 z)=W~KIO}$*K@6^Yd-}J`FHtFscO3N%4htahraE~^WkWnGR%Xxia#4~hK?fSHIMDG& zXSkI*hvr+Z=`S?>Ttf$?Tf`YadEk%_@maUw$ZzGA$&Jp8NefouCVO~-_H3OKW9#)k zDvjXFF<4O9@LG>{vOY-tL3N4&_`4F%buTE;q%STR^U@lAdj{Ft%C>g-z0kgim{6JM z`Nq)PtEwSHxEXk>Fx7_lo^TsE@!Ge6Nt%)JoZh9qUuBs3_QjUf%#zK29ZLb<8rZ#N zX?UEipYBx>%9g2uTZI2O{FLURQq-CKN)>H8VFaX#X&P&1;;9H9Yk&HlT6qfX(eDFE zB6a{XTZ9Vj^D@Yto+(pBiD+^rz0xiHHi_eSeX|W5Iq)bk$pfLMUKk+ zBe&@|#<;#7Clk}_S(;#xKkQ^ilX76w*r)%<>I^1?TCV^dwr07JXU0!gOTnby(omI_A%H3HpZ z`Vg+;N1VDUPohQ6D{0*X?W?MhQIB!~Mj8hBCf2ksIE=d1N3kc3n%=CBdZ9sR!5-L# z=DY2$bwNuZo)g6$#E%C(oGYWU3-=Qwew3N{?taf{D(*|JWJ3Xbs1YP{jnDn+BXI`k zI$eCX^~j;XfLH5`sGdnq7sear?6|8I_fe{2_->esaSH#^h22j6l+_K1upGz6z#EC3 z$o*B_==Py~Q%`oX1Wg51?T~e;uDyVqVyx+mUrc!=RJUHV8p9dWoub$Luy_!%b#-Ua zp|5TRrQ-RM%&Cu2vDR|f>;+pu++qcB|5_)_R#z-bG} zWq+N}0%CSkQJ){M7_4ONyPA?H$YQW)jq~kc$9__s z@!0038lPr)Z-3V5Q)69K&fZ5fD6bgi-VEm8QX34c@Wx>VCZm0ZiUzaUihbNWrmS@rfG zpBNg6@m-;TZ}+lpPd_XTG_eWDMxD~GWw|yxcUyXy3$wi0G{W+oBdpmpOJI50Uwb@9y>j+_jv0e9`IzQ2Fon}%Ul|v53}q1lk6EU zn!0PT=wEE2e^(tN(tKB*x4K_&QnFF=3trCUlu51G+3!vy^)s>R_#Tpy z>3R}8-zkD2cVln)uxy3cd+!J_*jviEl0a#PBjA^M2Y@zaWmN|gzB=61ZbLIp zGbx#%l044lp?t>38ksqIa9iv=8CtxEEIw!Cjq^ipsOd>BxxQaaEuNQr;G_0-G7>g} z+O7+?7BcznnfX2mh*ur zA{88byB?8+Y!F>geofhR|9s3XB-(Vc9eaw~UOFaD^n@T<1cf!VbPW););Q#m58ir=HeD2Pg|O_NJxAHvv~hC8;4-(Tvn?-a+k ztmAw7spFCIWT%F}hPw0SUu#215<$no;yzaDy=K`>ZmrL0(@Gx~0 z`xE8dGzLiu@R}Qn7Ir@>Qm67p--wTk+B82)oY)I2aPEZ*~8#+lTe%aG9W6fclZ%h-Q7gwuN6Yls(k^IpDAxVNkl^*$!4 zAxo@1fT=Hh2*g%;F)_f@_JVNV`H6^-v0DO+svSC@WMM6)u;Jm;6{K<0&g^*Gc#7C}IrGM@O7<{vbV#1r9vJ$8 z{)W6upu5~<`!7i)sT~Dn%W4K4Ne0(bNqN4#T)9lS06q2N@mT*!HV|AU#nK)eW)gjF z*?zGy&84VD(qDmP7mw{5fdcuPtM)Aodrz5osi|Jy`SOqF`_Hw1^78&~;N|TtFTNNs zx5EUmZkR6`a1iml@pK(qTRx=&<}LRig8Vk8EdAyytBim_ew;=7$?a@y-SXEVH8F_9 z7XVhtS3X(!oI1Wg$@rTAwK;k1Y1$8oKgnX9W~ zQsPM1@W0#5&L04DGoy@3bc*>9vY}H_T5hW8d#qdQd#BJ>$*-^G2u!{4_#%JD2fB(*joxQ3Fc;^8 zJNTFKzY~y!?3jj*({<0NzceL~BEXVu^%BkJ1X#SgE$SP-7`t906p98F$!oeS4I3I2%xkeEY&%YBA6`)NRgB@y3G2P@RObPm%AlrV+OZ^KLPvo`p-7v{- zx){S%c@sm~;?Mpio6nw>nbfj|wWD3JAKJKf(REeML0Q!$t@Y7d_w=Aoq&OSs zeJ7>tRI$;ibOlZwfQFU?i?(SA<`M|t2y00Zgg>>OK7&QJZU@Yc&5*213pRn3v=*@^ z?_H_G7muX5q1R;sOsil#rD%ZobHTGyT~J^jyp`h_Cta4gG?5>`rl*xZpwiH78gaWF z^!UM7vHKeK%kWHr#CGBFo2rjqS0!lgPB`aN^~#d_CaVJxsHeGI zLz_8bhU!&q#akR2(1K8;*1Hd>!ZArsciXo2Ks1t)+qW~l^i|cXkIYp;ge-%_s6M`Z z)y<($eEa>V=(5sE^(PAUOQDZzghR<%m;ce}qr6Shn}@sjET=VXC@R8@@2NeNo0ryC zn7Q0iCD8(FnuzsKV1M4yQ-(_Ytn3}_q8tZDdmEI3i4`lY9iwMUnBIZLFAExAjuGk4CH z)Z>vlVpg~-S23(7*tLeG1OMde=sG?vkKdmP@uUx9YRW3frNiD-9*%6CI8e(jI)t@B z%=af{68!qQAZNpVz^2PZ*O;jK^dYLk@@Ll=8lStjA579KnUoH*7GU-q`1yx+3Mo2| z(3=SVpvdI0xtKhcA?HPh6i3$DN|R9ZX6+C^zPn0&(aR1Cfd}37jVyribkoOn79W;Y zEtmf!s}O)A!z{$`6M zVxH-@34@^~(R^^M>l*9F_8gl5#}$LMkuAj>GYsE|3f#!wagbSm4TG8tFxScw$<<5p zB}fT$du6mK9~W*Z^=-=Ir}8d9dW_Q(jWedM_N*vxHnhsLFdq18Zo?U6!vYwDYFsr_ zbhBTYOhf=O#Y~Gu`LNm`k^}TcpTTTz(W@Ts_A6bCmWv+qX5?w;d;V*!?DHk%GWtT9 zN(-UuT^8fQL^Yp2y>fBnD86nxAi+EZCy@zM&B|6boWXq)O|stY`KtX}=ZuhoW|`Da zGN0QqizX6sm^j2jEg}`<$7)*UCv*qan*yqF{Zzdlx<06Ve@PW&JK6U;HRk|9X#lyB zr*?N^$z(~>uEJ-@5ftNJne3CYPt1y>g%L_m*kdXc?}Na0$n zXNo$gPh8K9DyPHCg6)x|k$tP*>Kneqb3Ln0!re+UF^mNoifGo@ab@70zV|%%^7N#h zFUNDJj$LN72$YCo3Tt{e{gAF3t*dMyW+R{E#%WSi0iq{QRk;v}kWIU(opEj*%_(3L zidUlg_Oz$#a;W|M?oPo*v)dMW6q2>y6;*Vym8aZ!yvM0nglf0Byd1dp>*vu zvHJnlUj8zYg0XO7KZe%Fx+j6gL24-{G1Gug@{Qz{V7nl!D8z9{xp+@9<$Uj%&r2B3 zb6e&I%rhEonffX4PcR#m$|v>*%;OD$(Mu5h6vM6YhCc5eA3&OhuPTtz{2Esx)T%e8 zB8F@~=+BARKS{O!YouDx(hrIx`R7nexzmfcL%#9*O!`OF7h_IY_b$LI)8~kR;i&dV zKgj;2uzu7rzg*>SJcd!QEs+mu6~dLu5zQ`?Ywo3XlI85Gs#aA9Cb=%~A6Acq zIGPI32I~baK{;V|nq#Jw)-iZZ*@;Y*Z$qC5jc@~VFV4gls`j72)*=ij9Z6L+PUX?` zIzvjzvnqMJ_lxOE?-$byW&#h1SuBt;pMaxgaTo4}lRKjBo85)dt_y`x>wzA^|##3WVC-+t8(i}07Tu9VN9lstM zEae7OyB$ETl9R(XSuYjztbP)mLPRNujC?MUw4nB0HbmAB62=gzq#3Mjs?7;@m3xQ@ z>i67*i2FVaUb6J6tTM;Sa>l3kjHRE;%yHS5hz9W%mbP`Kx4(gV_B&u8Z1}$3_`jX& z8^cMx8AJUXcoNP_3Cf))oNCWS3a_owB;~U8h>_kfs4|Z!=YP|BE!T|)8USerMQN4i zshN|gS&TLOz56OIgdeOq`3C|yErqT8+;0sVxg$=@SM51+wTefrrQBk+_ym@9xl+_? za1UzJ#g}4axTt!VC4Z861wXUBz$PKc`GpN;DRGb{XkG<%50E9s{$hRq&VWaLe|Tnh zX7BXWH=}PjiZ)?)Bm%eW?k23#IP*l%h$lUF!~qJ10O-M1m<@c=a|?v)zl_~KzkVT8 zFk8N)560VGu6%zL?9;D#4SrGE1l}E1s=6Y zToZg*H0j-(xut5uVo2MUTk?7$DCdc*i1XfYe|9juL(uVhPYr}WYaQbpB~CSmP007z zLJp1PwzYjLpb)26n<9LgHW>0fDCOIF+<_A?%mU2{>;Z0Zgq9X&CUh@BmPJO2FzLN2 z@|DOpY>s0cBw3g&D+efanH97U!<$7o&^pv^&(3W2-qPe3KZKEzB%|FtY#}@ysW96& z*(Aydm+B(aJ~l zOqsmIJ=o)N+q8aHW(BsqhiJu^-bxr3N&39iewIIMrj=2V&dcknXV)Er{C3xCSF!@N zn7)k--lp%4)&w<_9UY$m4vAkyy?kB6B;Y#DmEtTnw0#fsUUjEVw5ikBSonUG*xhOH z9*AxQzkB z1(Tyn#_cFy{#cQ4Zmgqcf%Bb$Fx8|FNIM10)Udq^T*@yaZunV`G`xu6G z;B-){$@M{2eLOgE=v&(6SrOJ`O&VxVF4S;^Wdi8*Zk@vF`p5zAh46(t=??3}uH_@n zx%p)cT)wE@eV0)nulQZvLbAiJo%ouC%^_f&C>t;r9EP*fK$Dke}99 zBa_{s0uQd)9pmTq^N<56CSsWTi{f?P(4BURbNMa*)ek$_UVH7-5|Sa9`W`x z3t4;Z3HI^M_gn5!guTp?4!jp@yUtLN;)gN+n;KQ$d+DMZ!0g} zuzxPCE3BPR2Dk^=Zk2N3b+{vFeK!Q?V_EJXv(QpIU6GUrPLzW z9JPrrG{s(5+I5LN9=G}|%=C{rWb({k_F@*b&VtWs&vV5>P8}TXlWcY}=%Kqj@o|FJ z8CFMxlan0kC>HfR|DkXMi`@M#>B5tGUm7)!&ic&3hOh>KH6{Mmm?-D@2RaPCdRIeF z0F2^prRGEFdJk1)Y?&jaGS`i-oR()Nu}~&#i%C( zPK$dt1Xk&6cuS`FsI?1d7n1mp38wEDk{8uXe$-)@*X5PRN>47TYqB9x0Y$uW3C@h( zg|6!k4T~J9P!14XDt;N?FEIJ~=JT+dt_8^y*$ZDEO+MKoZyl>a=;>l5^Sn%>GV2Pu zuJVb6(+9ok@u?U1t4WsdNS?Tlz7d_-rY;z^t*37A0P8Skl$6I`nDNT|y3C>* zP@MgRZLDWzeS^VxwBZ4GNH@Qo21#mWykNuE4)Tni(I`t# zA|-+OMPu7#5;fiKmF5THjSn>Wbm)|{rEZnFG!g@Krm;Ca*TWc<&?hxXrcZ6|tv3KFtR{2B#4g`La%7oc#QF0Tvo2`sZV|Gf& zXC?{iph-8(z4^JO1r&cSqdN)$k8uwhd1-y_jErC=ov&m7M^q5rnj`B4P0nrBOhN z?1AdSe&;(%0l8R1UOXPDo8+bw6^GQ9U%CGNdO#ibVG7^IREVQVS{S(uy4Ziw{Kd<) zeOR6syLK%KMrc9(THU1%{{D<8y=zWIFz#YWh^gwTAqfut_S8}tzja`tnN_|gq=^Ur zQinz~M2HY<3{ij@(b_c+HQrB0);>H3gvl-wFdJ5$^cE;^YiXH{pdLCyP2 z-GTQ&58QDUX$seMe3If9U4$-RiA=ZpJ|$!T1{?Doqk=qNpe(7s;)F@yiN z`ao&z>odzfkDz9}Cpy1Ll-~-jsZux~W%=af9v|(yaBr_1l*Ft`t|=fW=3X#D2W6U@ zmQB5_FKug;yYsRhj7k?6>NmgrN!I5h$`$7uuzrr8=R1_!ZwjtUuQ`oR_s9a8Ds;x< zNck{q;K`+ke(bUST;Sr1$?PYD$5UGM3TMAIxiIwQ^+(`Z=a}~^5b6KtiX_~ToBn0U zw#bElIotBHj1J{xh(pj}b_015i3wUtWSU7nWlS(0d;*xxkgIiq95E)`bG?Mw2VJ07 zW>@afG?jTZC%K&70u*KG2>$lRnIJ9yo^a8I#&*Igpb!cf$Ie+?PoEDSn2LJ4LI{{|-tTw9B>FJxy(Pj6vkFAJd;O%1@lE& z`o8|dFaxhQk55)s!-n#7=MN8pLWt{WPOc)>n?JC(Iy>h5~iQ{qQ!<6 z4Rc3In%p0kt1NC!6e$)+(%kcMe!^e6dgM8^UDaUe${vaGNf>H0oK_i#R>qr)5vV0w>n!lNjyuSpZ@({`-SxVk9jx$=V`*_DmLt&Oqd?kHCzlNwC3MC zQrjk1iso^5#GHeK?#Qk0Sv9}N&ONQM9Tll(=ZsK0YwYJB{tPtjD%~lK9sM zpuhh3-&pv!uH!+;tN!k$Sgb2e(2w;m{_=k{eHY!r%a z#O(l!^O3V_GIFaKtqLDk-`L6?SdMn%}im-$CY3u{=GTS^br=kEVi(|=U><-PNM zCcig*+5u|WCmA>XCAi=uI|<@~7ihU~X^cLpaemMO`eghcRq>zt{oi%cKKFs% z(C+g;e}!p&yy<>#=lSYV-deIB0aGwVeTo{AS6wbA`a8dISt@6QT8=j-CF64>@;?8+ z?T;dyK#?yT{=swaqquZ>b~D0CfZNKjyrS3IxT`Yx z##E9fb+aWU(-J|X3xCpa7fEv(Xn0mkaOpN>grAnaS64-#^SasuwsUEK?=^iq4WrhW zuozE!e+~M(!;3C4P-}VQLWdaorT3sy=7+8ShrRazYbsmYhM93j#eyP5iohUEx*_yx z3rGn_36Vau00BY?H8e+2qz|2hrgRdD5IO{u-U3nr(nSa*H0d4xc+Qz}-tWx!&w2m< z{jT?Vzv0ToUc0Pkuf3kN)?WKr&vW0#^Qw(0ul1>5RZv?{4I+fV*5+@$q! z^C-?I8=8~_lLP55G_T^vLgzMz{-KF8n~IA^9nY=PvUUAH+W#Q>Z7DwBj32X0Tuqtc z`{a_TMOXy<%P6%>te5%Ga-Te2##k>Mt|7LJ8>&Qe=t!h=tO3J08L!y?(g!d&2kj6<*@pfJd#m2I?7m#dWIh7 z!J^4_dkV_>7!skTE$I8jth=xJMU9!5KUCUpccaFu1SKh#8}DS6I%{P;T8#IyA6$|| zfu%6^_`E^ELiXIS^L)Ia+3~U6BHSX}XFm4y^aA@trVwf(j{;S{E@s;|8U2lX^){7t z^}dreOFR1fy>HZ$U$*()q|cwyFQLU>Han$lN$@>}uTp{;>WcX#0`nOGIwbJp5ue|sdDx^reF03g$2Sai8{J7>4jnyNv)WOrlr9=C zHGBL_I*$12m!3rfyj%;_r#xomp2|SfMhuLO-W@VG!prIJg^7Vcw7dxz(_2jjCR390 zpIum-qeh6BZr(RxSTF~)Wpy%Q_nuTwh03atebYQwLq)VoIKqzWBT--R{dUzZa$}9q zJMEXsKE=MpjxU)Q?*!}5JHZVG=}TEoFUyU4wAL)NozxQ~Tfkjp-q|~Z_Fv0HP5hgn z=HfZZdDH&-KkAV#L{>Q-OwGY`NtUJ*p-PTC%C)^S{L?BC2YUzgo~GU9CmI}YiCOE) z&i<$JCAPhB6p6hv^3zlP-4k1%u+(Tro%DSqD`OxdK$udKIGMFj7ZZ00K9OmbH+`(1 zm=04iU47^N@^pQ0!NFx}etqwr8r{z-lUxIhIQ}ajx`3d=D?9CHs{20Ubc4e8rwQyW z?TcS%j<@u86gb0{#dExO1H&n!8TV~(T4{0rDf&f@_vXJ)D-*cY@*$ ztVZTX%dKf)KmGVeBL39zf9YvW7fCK0wk$gS{B$E0*ayK+X}-k(HCu+Q-Q41UI^-+_HqpMOIZ%AgEO-6FcGyz;`6^TfXDX3m zw`b+*XY$c_+$8C&Wq4#5;+nOqmA|J6EUtzDJOGAQ25=mCOmu|dvUo!2&9A0k(@}hb zp&ymBBuX7QDg3`aWZoK1o7Aw{MNIP>H#{NRPdHuAF_o?$spgqVlTpd@<`*%Zun?%z zCfeY~Pv$m@#qmphbpAKba!POsSi3i97ZF`eG2gT@j%*nW;y?|G)e=!WnI3u?HO2-x zm2RLD+i~|n9)*I}z*~~fu#TP*2lR0my#Qf^`UPi9@l z^$gt4v|V(XbwEgPbW|Yr4Pz87t6t4M3O8r8<`j3bzAEnjtA1{qbv?#OWUk#AiR*eA z$NO|RkvBU}vY@xnYL}27arb_%0IPnY!)qauP?(-7qMMgLVo>#Ju+_Qbz~yqL6yZ6w z+pz$Uh@a2}!Af>MNNcB>E-TOF`de+j>^huYz0K>FOPY*fo)N?#LPRAe*kfjoFVkla z0;n4m;`bj~aNEcv`J8;Pqrzqn)o3%KDX5nh04;7ubd)l z(2~gJ1&jF%*2jPlz*p33&jx${@t9sLdiOyfHJICoL1J1`*>k-qgJE6B@J)mdfFj#L zMZQKK6<#=~x08)l=90Pc5;@S8ZYL<9Fnw%|Nw@pnbhRHfGLfd!u%F31bR<;%YrXta z;(Ig8Q|A7_!p335W$#uh^SRDY{?4*P+L4kr8nV_jw@n5!j(J?xJD^JL14Es=$4~!B@_*P7+44E3p8mSNBt0PT?UJI};pKv( zvA`8+opYyn50^mwML5X%0YL`kx;ax?Hvxa3)O_fWbF@2>74k|^@33b06x_JTC!Oi5 zSn-SC<7j#1P434F4vgmgzi{4_3OA_bNTbPhu)RE2UT%#yb69|= zFGQOc*A_#hMr27Mi(jeJ(h`mH&(iLtId(B_FW1^NC%gn54v1=YS9!|Wt6qAfryl1W zy+mh|cpLp`Q|BE{EOokGvm%v;iQi4gBq<~%X`DZDhGf4*-)$92>C;=)9gd!QuyuM} zx>s3!dvnQ~RUYV1JCkmAgRBcFvX(;x#pPOG*j|=WTc?CJ%ebSr=%Y+HY6#4qμm zKK`OC8k#BnX+n;QtwFAWYf}!`YxG2E3uJe9P@r%)rdiE7QClKE{Kayf$R=3Ck`)%r z^KI8+<|+eX4rE9P4Go=7PFD|I(UPD7bPT7ZPysp+P&*|nvWzGd>m0LK9F~a{&dn!> z6<}{VB$Gp5CTmqaWP9RJ;B?W>hVU}WwI?ibb@LtFB?e2>qrtmuJq%QUlo;j;bta8h zld`UvDbUbvmNxqbVG4tpkh(+Cq)MWbbp`dakaEn$Dd&Ku5P{-@8LGVi^8Qj22QaXn zDBm+E=X6r*TeRQ=lALPdiNzpV`je}4#E7^deIW2!4ZcL??QhRc^Zy}uK}dSCWWg^6 ztp<6H%*TH4%E;H8xRm053S5|;-yk8y26t|GpOKEPKd9K+rx23lb@IC>E-eT7ZiyrN z!tzbL)Rp~adTey}AGMTV=S{q#)7MnB066zhuZ*A#ZDZf$9c0z_T|7sPI%zqLekqNU zv^V7Me4+6O(l{+lR$`Q+T5=avMsCo}sx%dWPQ_;fw_O;xs0=<^M4h1(lyG4~!u05& zI1UzYIX*P>_VeE<{MX0-u0_UmJN`$P>g!j?t?#Ks>L*J7AX4vs$^}8Gd?ixHO~{{t zKlwGw|MA4xt8xzm2Mno*R96A(8Bt<1vH=2oWvkk#dfZ*%6GDvraTULP4=~ z=-r}>+GV}eJ-S<+*7KW2-NSDvEl@z9KnuD~))Np)X(1TN@KL@^DJU9Zqw5lZ(+;KQ zG3?LB*+}5@fuKmiszY2xxp4(o3C66lB<_ z&3~cUiIG^{x<5a;@O7#{Wn!YjC2jCYI4o>@klOO;b>Q?@MsQv2$_W?K)AnxMZx>bU zy-+irxl>XjpAoR}K(t^NV*jsO&V}0MW6{hLqoBeGw)Jo>Xl+J;?(*=U!Y(Q(BCTz2 z*YT7i)q7`YU)b~u&Ap7>O?sXe|Mz-Kh70%8g_oVy<4=lyayvtJu{M4aBCbIAL~r<0 zl#^izTUCj9#r_8I6%KBN$VoU`CU|q_9GrKQYnmz8l8D-27A1Oqp*gj6W+ZxAUeQ+K zTw=en7=C7q<=jQx+HWVS=+Tp~$~A+9>XMY2P5ZqdKQkAbM0!8dqH5L0ZC5{pt9E9S z>I*9GGG;F)Ax2O&#SKB#y}8Mmx1Ybi;rIlgUhi#||IzqNs!AB8vk$!nySC?OXoH2T zv5oijXB;)5&OL8=nSAH1v&!KnyUz{LC;Nmfo-bs3ZndW;X?^hdwWJ zZ$~{0c?K0TCAj0N;Fw|(@b7;SJw2OWe|;j|TG+S0YrWlw#nn6DXr!&?Whhsxun9mi zxIFZ_p^?S!As2u!QM9`eXeK<1ek(Yod28gL9GUx9J!A=?ox z`=qhSp<5M}P%CNjV&BTASq>9)tHLpWfunt!x2IqF0ErTatfjhCr!P19N5jBa|t7XXzQFZbVb zm#~a9iPtPYqT=4U5B9X<(yGODxh4<&S4EE|CQlb1&J3J8$~uJZ*t}bO-A9dAxO-at z(VO*@2`;`7#J-p1lYGKOr^e3%L2rdv=3gbNnY0XMd33-_#1Vw^@1qqwWT{ z#zdosP&{siPc{&aBlrxAmo#K$A2fRv=m^2ZQjF}&b!qI@XJK2O+~7C zm!Y(cPgq5Ety-m=Co$Mu;#g6uK4Z%akg=urMvO#~0-?X#yCPt8aA##6hsGNs`K-3v zT8l7n0z4&73#`x50@kOG7HJU-vYEYo@V#zhbggo$GIT83zpmN3vvJ8nf2F^cq`c8qy&Yc^p86%sJ9sPx5i{l{pdIwV$LrHQy9LS&z#0 zDBm@3nO%!6Rr|I4I(XGZ@6Ej!>p{-WHp|TmSwUPL0b$BRe&i{3PB0apD*z*NzcHyk zoHKb>8+hes2>bp~){5?K*0k8?51THBe?9&`wBMaEz>F75dpIov$}umq_o_8KDN;hI zF}9Pgi!r(JS*2-(Lt_0z%JO*m{HUaa3fC_@zB6XZF>8oxA^1sUQCQhojU^7$>li=~ z5)j}XCJhsskCpkZ5mKt86_HKFPkZ)S=Dsc!jQU|aJGZ)}z(Hq~kK zj2Xj!%3^)p^C6ZFss{)z>#?7bS!A-?7M3T6xe;QEt?E_ykmu1WDkR6Y~3U*TrGo5D-`~VPLj>tNsML0xKO|e;8Q9g`>n-+H2DR|t+O;_Ih*^hr#+tlm6 znIm;!rtYhan13GeX=ItWHS$?GVyU8D#=&5z_lNm#5Ar$B2d4Ag1F`jWdhV?nCxQtL zlODOc__pCsi19uNZCea?Y5%E^3H^`Z%G3GMX*tct>Lv{fch$LXb_^qE9~m1Wc!Q-o z=9APxI1o2W`(E3|{L1Kg4YSUEO22ntukoDIyklsMyL>6cN1I_ZH#rx*(nPl*;3GH% zUhP>BAyvdx0ANGyB4Fl?$ov(k>4>S9kl8bPWCPXT$eYb~Y_qW;AJe4BTNAUA26YNe zP}2>ufVM&|SrRoDP8sLH4L(0ke>J_`KD|htEKl?t`M*D?s>y*!E%0px^zxhCpzg{o zv=|imiJu}rY1r!baSC5(te-b&QtY+yQfHQRg+T9#4WBP+kiHk8yH^v=5?#?DS?%f3IMl8dpRf`G`P z&a{f-(p=`oPoL_;1>(9N{iEev>DbCzzsVHk6$4sjQiyIBRP1V3xK=lZ(sxKVsdVv4 z`YG3EdRsa=aBTbfHGwR(VUE5y7Zf?s*Z1nAu>8#C7n=4!Z|(CxX9zYt`L!`#kzf71 zFMNw)5eN%tVu26)`q-HMWb~F1{ylfLEUh~0Ht|J*pCL{O!*NCZl`czeR@J&;M82eb zSXhB1U!uTt7ZhBdKsAHuvz&}tnuTIlTBvcAi&{rsiEH&1b#XMe+oa=(#ilXt+Z^6N zvLL2+^5n>yH}*Z4KU7pcY*6%~t$>DPHXzvYyZ)KtLVmBAF06kevEZ09+Y@b| z%cx4<+kuX%|F%VnRCIwZzVMc0R(?}Sa`AjvxAnN@XH!0~GwTqdg6t+0W0RmA{LUaR zhE}@Cu9y5Nd*zy}F6Tl`U7nvWvJUE1Fi@nkk)v!;wt-h;;Qvl!BSERXAxpG^gEd1aY`y zzF0%)!&NZ_zM|la3JoT-mrgV?cZ`xeRtG4mz*|_X4$ID?5Q(eQ1;=Z!)^Ir!N!zmR zLC{w&r(B-%FQe>V26{;mT%c263t-9eX!t0>Q4Uo%vTlZTtnnfvr66XWIwCziCyPxt z1bYsC{8epKL|{yn7+Y(O>-%C{0Hu6vr{Zz$NPfk4*5^gqa1VXL5BRc`8B zuJ2fpMKX)R3ZaRO^pKQzu#}p)Pz1lCPts7oRGOx@RBG;L`w@64ZVoApXBN}%L#$$! zY7o^cgJu9_31=S@0X@93K>Mghcxy-3Ud57UX9|Bd({uS(wO6%E)%1K}=|-u#@FlT+ zvzVw>dJMbO1F(s9T{gvgdweZ%a& zh2}!V_5H@kqyBoW-vO(Z9YTZb78{Dt+tPacyiM1C>z=^_Eu@&q4KSlc=ySZ}Or#w}v5uKW)p=m(w5*IPpX5HHZf~20TsU^ysyWZs%__R=8bA z#jM~I9y0&=3yq#%=ccE5RPgI7*&FA75%tI07U@Ingu08}hr?TSU9gppDg(!TomEPH zVv%Wr$|ajYBF4w#(h-&-??wJt#-BO!>lzDliG9IDplrIWb()qLGx^$j70xTCTif|@ zRk1Nh^|@(|V(bN}`~i3oqt!`VD9>oDJIOaYTE9%O*C7Pc^`VzsY_nz1>g!kz0eSRE z8IV}Cbi%Lob}S%`5njWuV~TM``E>= z=cu(-6S;QIz0LDcqOf9>S;1KyD*LVk>I+SN-I4sqKU3F#zvg~(Ji6<0#r98D)2OTc zCm$nSpx%?;lPVJ2`AT)~!caC9!bR0#IZAACKB8ARmtREGh5`{0oz<1^&6&Qp15L0B z$ll?(&*p+mTyNW3?P{{0#nB&%k!I&k=I3h0-4G7t4|38UchvFgx2cKO#A&uRJ+Qtq zU9GpG%!MEr_hzw0Au>*llCT0vn7Wv5Fh_Ef25!YtXT3&BfN5_ma&kauK!Um`xK%jG zKp&!1ryl_^-NE7#QvyugaC_C-L9xM>cr<7CMktq-rR?kDKH(Hc0eQvAdQ*ky$H;+} znmrPOJyI{kIb@X%g^G|rxCsHWT9=Cc9PPLUv(2AJ`yUNPbd^}1U(sOaITkaLbOwf_sB?{A=aYjA3&qC9Xyxgj@BHg~ z{O#!X=`J)&z#*B0t-g{E90D(?mX!(>Kb^@Jogcr@3?m}fy8B$41eR>1PN!VA&xKh)<)=HVPQJ?>(h*2}^^g1fD_g!7pLfT0?x13o)6|Ce8Lf@R zMQ2W`Gr1VAj%swFLI(fTPPfSBCU>o&XEXT=P1NyPDm}Nde!y=fXD*7|_6u<<&fU3! z!+7%4X-($WtYAFfd6KT(g?hCnSX+0~wOCq>;i;?VdG9GvD+X8+?dwvz5(8}r3@sgL ztCNVUAR$up_Zd$P(CvGMtpFylnUR@#OEr}U8CtL`tnuO9>JE|${NlL{$^9^l(&kfr z?PYp{7M4(pbhQiD0Lz2;%#NzNSxsJFj&1Uc2k|M;ts>TtzEUimdd-n0H& zQm~4ZozdbNa@egrOt`cII(-C2lGTMzXsry=NA%1BM__(APkyU)YKqsc1_x+sjBq&? z(D#&FFWvDJE*=Nl!Z3hJvHb#3^*Bi{RobfTi9!R{La%0cf<01hLsEumySP9918KEA zxly$>s5uK`hleoGbA)k@2KEH<_m)2Gk*tmqJP9|J$tJE#zJS85L_yih|)J2C+*f-B3Z~0ltKRd#w`EQP2jSkNEq~Jra zFgV_g@A*`+??(l+(j8O*7GT^F+{wQwhnhNbk-c8t9=|u?i0h-n+*6LSFs^H+T&H@G zzXqc2o;c)G=ciI~QWvj19g5PmYB(A%de$Q1e z|CzJz&M%q2fy>VP>U7oD!=1rmr_jHN4Y~mbbgzJ{xCI#F1h z8brz4I)oi-W}%#QB7o}EkeeS$T?0veJMB{iNvXmo6va3lVb|Ne&2r2lO&IM`?ewv_ z*WAlP3o|aH8QWw!>QOWYNxB5ppVt7hCiz&6hclQry7s;VleEIML}WRf(b*QB@o8P3 zVQe}2`d)?SA}&#GmdzC#aA5+$y+(!0blAWQAV91Xhp6$SVk@yRDn;|rA%D%;Wtvx~mV4vWed zzgR;Zx`Oj{**nj-P@;B|5NR@nh$&L|1;3u}i_DZPt_a2E08Mn;9%LDznIDUvv|Rx_ zKP)PVali|+s9t+V6us4EugWgnbo+@#x0h0{TJ;`(C(BD~UtO(ca1>0~pi6A%x8!oT^U0#OE zw-8QcqqCb}m9q-mtgl&C&M+HiPbbyJJruF%OY|&wL8)S(yQcq`C9IJj(ZQhnQAgfj zA+bR)am5=^?e=y>2r{eVEPml}Zy}Y6sf8O%;7K^h*rC^``8>7mC|{FPXkiGRy!kq1 zEy-i#Fs#Pm;;On)QKClzoVk*9v2Cz7o`Ux_DHQl%=%{N|D6K)CFxVF7E}i8#XbyG6 z5ZPLT^pN@`(@dd>NYgq_Syx2ANf$l&^L@}JS*orFKuVM-gnJ|Fj!%zFDeO>T8ak31=#G{_eNk; z1|ur#4ykh=prD&^QH)q6auFVFH)hasYj@}S)WU-D-Om__>{R}+Fd-}!EZ=J;XYQL| z1mQ=664D(OBB<{zUN1H7gu$|S8+QW`tE0z^mfCSC8cjy08==wZ1}Y>^#kJD3ngX~K zv4>3A#bQzTp|3WHh?_U%Zr;4fbKbB(v&v4U{McHaCuS2nM@E8eNAW4gHxxpN53J_^ zxK#gyJ7d}{@m{;>xJtDmiTpgwV{f6k1idDUwMXM8TQz9I1J{tgI#L1jc9MlCi6u*n%)?SeWznQKa-gH=A#Q z{P3Hp`_0hDJAA2H&$)QIsJzLByut5-uSXJv^v4TUQr@)LPca^P$cI(~BDniTIpbP5 zq@_4U8UZYm-7~0+gN)}?R}8oo=hM_XC9btUhBY!x4#zRFB{i?Pa9We8RxwUfNh#d!@6;5e2Ul8F*;7!h*F3xH5B%d zeQTVrA3OHhp2oviK}}+s`V28xx{d3K&tCY$Nig$iW3gGdJiR}cp>V|o zRQs>oJSwK^$b?XLSiJ4XEGf!7G&v+rdJZ7c)3cBu`b03}AOi%VBdKN)6Rg-+-!5*Z zGbPa~D!4y3{xpoAxVgdtE#8Zq<-Ej%`jneO;ZwGad+~vHw7iR3vOoBSAd9Br554=_ z>C+r00JF%!%qeuPH2|y+x{hR0GcPC>s!#?`-|dLt@KnT3~>!BTnS6kzNCMJ@5Oadt zIElFe#o_!6p2nZs`A~?obuLr`?|r`Sa?Hp4)Xz~JO$?fxHkMSdX94q!e47f>$RbVc zI?&4VBaab8tsNUYGrx^r0MDt2)DgO7w<$*ySMb&z5+zYRXy^LPm{ghcA;934b}N5} zg(x*K7~ty|@YiR>f5B&kMqp6GKDo39=TzdbNA)x zBW2jJO@RTDU#E5=W}cPL)DOebV;mTpps75(Tk0%blM$PrsSJdimo}9#>NAx$I+_5% zsAsduQK+0c~dietIZ&J2ygsAx|ax}of(389Ncho^Fa1`ZmLD46?2lPKX16>_u>mp45#rrEqkQOl&=fFe_ngeb-jlB zRUwCXi?a3}0%h+ql@>%1-y}V|*C#sH7k|8+1=sIDt$(30blf%4L8lCI9W#Bsq{5#E zq2gaQrFEc|!>$*2eL}@>sbf~nHk8(pK4qil;B>DV6Go(S;?=dO^vdt%wA|e^m6$T^X|J^EHILq24$Er` z_Y11Ky=e^r z*m5Gjbe5-Wuy4V*dhyzoT~+(0+o-zu+|l#z1g)IR7+#Etr5Kp^QOV^1`~AGBys2*zsbS^Ri1V_u?YY!>{jJQKf-jqH%4N#GAG$6! z;$BnZ4#QH=Xml!-2YTKP2P7r#KB#QRdvZWc=*s7s&oSu-%Sq}j+=J0K9_rg z2@)cVb`+4lG5ztdxYE3QA(v%OXl`TT$U)(n|I{GKt79h@1c5YSMEoudotycrAGQ# z)gE)CSzrC&uAJ)0k z@ff>vG$L@pJ~Nq|UPv~5kNKqj4HsLy`jTs*j30Td> z#x~ic2ufZvpDXH0T6Z+{EFVa;<*xK)&3SiMF85QdtFT3Z^y*hMU@U{2zo&XhWKTu-h5 zQRGk!uxc^|Yt6CuMZU^bsEbl?9 zJ; z3%0JXccL1&FV-3@?|mW&c&?HFNf-pISWO&*<0QdRQ!oW@i_f)bM$h}L@8KokDc$bL zDI1Xbikjoc&6SfY2L-F<-ngOWf=dI(G-sXmOvodie(qb%Qg#~RQUwy;o;gDJ&!3*t z6;ectFQD{RLKsPr&NeqR=~|ogUggPO4d#)p6>@pLGM|z*Q8|*SKx9d!*02l{rQ`1&4+3C9OM~c&x;<8ni%~legixmMn{b1z&9e8J z<+@+%_>u_X^HOHtv|DkBqP)ZTL%9I>`jvc(b z_);`yv=KoKg2GGl{$H0Zxq^+#YAQ1FzuFXXbe~d8^#;7mU7%mz;GeLr$bQ*RGpYAo z&ZKNkwzOey+xE*^<&C@;<=%Rm zjd(x)kAs@=0mGiPpEntgf-B!WbghFz#%G3;D|Gw1dNY0V-h7N&$j`hI#_B}cGWaH&4wxzhRY7U%qO8@lXYg&tK(GpF5+IcD}phGAY zi%rf=4n-%w(AE)783KB3vR;IWFO-<(hI_3JLcGPG2Cb6)AjTFF1ftbKeMtg=0D6{^ z!Hf3kIHPdQ5Rv>(p&HT5wanq_9}}FnV?GLs2-9Upyw8$JH*c1ZaQ5aX4Ymp%Xm*J( z6H#&GUtPqhV&Y(1FXwLvjB@egmFQ1L_xX0 z!{sEUc6ZY&a&2}J>Or9Ma;(ZR#@Q*L1_ zq;XVMP)P(t(#5_|hV>I9Qc2RQgNu$YJ{j81N5lj#SGxfTSV0w9_4$ws4!IH549)fy7*tbBzEYKORnWj`v)R>dHD3RD@ zEH>8=`8WOR=)3w(mb)p{ee{p{>3{6@^zP@F)s=^z1GkM-}MDg>&)g(m6>Z5FEtEqH^ViWS%tUTDim7_c44hU87t*pS+em(V?k` z^cASNRbf&kkhBRxdRxQNizElfC{0vu&_ZA9^Dkevvm^~5vjTUwBf4$2*-a)7FS>6| zx0!bK=V`-`a>?jXLg3!grAiX>Qj^H&s);02Y66R;U=++%2*Ff1O4`07syos88}A@$ zfXs=)Nf6cY8lpnhr8lKr0&GN^g3L3?;wM(zPLa&VYjj0a(M@3x<+Qu`aYI zL9;ii49+j6E=d_yJGs*?@#wQbf<_Do0tE5UwJKVcccKs}2dOjv6-ys46C}v?I7gOMe@1|N8R#Z~5hC zr3u~N9cYm9vsLJfhT4V~uBy~DtUs(UQs-368j}Id&yYmpUpgb(NfrjlRTx@VLtQ@p zr}}pvYO*}w1gx#a6mNv{c>6A6rzmq(D5OyuIt^PyUZ00y1z&DGp1{@_X!kOKfq)0C zkF_*8>0QniWxB>GIC|yh5*B(LHxj#7A2w>QfM;1DSW%B1^+(Ijf z8jov{jkj%i9$`GP#O-BXPj);WNy{h8p+!>7D$#uz} zbHiS?U0YV>UsRMH*`w>D_i=$0rq!`_bj`c(sP?pxfDkE&>SRaQCoflQSS}T&$t?}b z&tv_0*7Otq^TzAdK`jbH^J^Ae+IHfB=&{hzm;YDJ&oRvPs%8G`(Y> zF~Tsle7~6*-SuobliX0;mC$G}<*1$ub<{HIpCIJjilj}j?Bw!SJR!y+D7_gfRyb26~vOp0jUb}WgX9yq| zZ1CQAs^T_z^2bjnU`vc2oJp8_h$6k({Lop)MeS(<%)Zu0M%=z<9-Sav-3d1-=WM;z zlajxosVRA6g>5_&h0-Q3vp43r-FGhZ?b6f2b!M8`mJrf6+gtj9(Yu*G)BYhq% z6WA**qLqc`Hn+7_<~I*gAU-iL+;M$lBrLsATp!03l&!2f{pub$Avy6x~Tgn>gxiXB$WKMVCA@$AAXhe zM~O36$Cu;{SH#7aO?uY_Q}9o|&}eR{@K5Zl)Jl6~A2xO#mpX1ajRAu3ci#Mwj6Zk$ zZ0f`p8h<_LV9$QEH2vQ5xZav9NuJ9o4|;i`4e3M9O&{M6v%apVEynG@^TBr#hg+6! zjw)#F(|qd2>vMI%%ic4aju{<}Tem}@#8C6i*%vOC=IPR$?W2r5#fpC&; zKFUTlOb)YDs7=C5GOF`NTvXO$#>HXL`do#`jQam2jy%3s$ODc(O6T}Ox-fbb0x<}e)FQcVj zeS%TQR6#F#sDS)HPxqaT{bm?AUlv_U&3kN#=O4PEHEBxl54=4Z2j^%Fd!uxeIN4mw zEK&BFw}kO@4e(RonH*3x;4{zxVy-aqWR>OsDlYxbW zO26@xC9mNrlZRbk8Q@5!uV6752+)R#1EV(%LNhU$m`_BRV*Rmsb=QlT?M#RF;eaho z!Bw-NDkSVQ4;_}@IhK4ZbPGp|1EP4Yd~yOIwMbf%DF%=#R_zv)|C`clv^BXEYm^1F z@);Z!8>T-b-N$QVByW6sCP&RdQ2=w}yDTRDSVbmAeVdzsPV$eo=VvW6L{@uVe1-)* zaHWV@+o^Sqn8`T_Vudmb$(^GmN~ko99by}V6%H+KGjAJeIqL3T&%Ay?Udh(J*S=Ck zeZ8mu`J}!Sh#`nIG;FD>zgtzC^q9oXoQr@wSeYXDolipj+$qG;G2&-d74UMNw#g{I zl5!sOxXJ#W54Zj-pEiTjD5sE^HAm{c>*3(G&JoiVWMT$(IHzC(X0CcB?0&0Fv1hW& ziTD`VHVvnu7zWDlAT&73UaapyC!>5z;ne&;HRU*d?6*vu)ykpy2zv=XE%9 z|5jTXai;h6R0p?w%RD)>P*Y=2D?_52s1LWIJet})tngZ$QY}@2GU*IzDdGyaXeiyA zxerM>-Vi&N{lkSV$ie5tuIG6Ry=;9{p{*z=_h!}1 z0wVL+R=20QMz*Cp{ocbBowU)~>BPMkAjS91IP5%q;_XqoX)1iFnz-=OJpNR<6#1G4 zKieX-&IYy1;8-`7hnYllewe=6UMG3s zrwE~vTQ1%trK1X7>mItVRLX0E zx8y68u0HY0jQr*#XGj1|DqRddGs$RwWmW98VsBCOgC95-v+e{rc+$>$I-$5}_CRcB zjx_UifH>>^^XF=Bz2_P;yXTu`!uj%!Qorhx(*X)Y59P!5y>HgSB+u<8JxaGTY|p%U z<&ST6ZhpNd{7w&BbE5<)kMFL6$*plT`^|B6(l~E#VcNI5wTo4vY#J#KZYY3??rC^} zWkpiMa3W!@Il)`^*sag+tDo{zg_Cx4`W&=+sZM<%gy|g);FdgkmKw44gxX%u@>hJJ zaqky#B7{?_fOgue3hUSB6diqYG{7vwF;#HwQB~s{F*{(_Br5W3fgb3{#vq~qoAo$P za^T%Vq6lb-wqVXfbYlRI%8?q$w%ab8(gZSpQgAXV#`;gPo5q=8mvdJcd+81O@j!Y* zfUpm3?t&+we`vGT*`Oag=c$;B6qoARt*HY^`G$Qahl%xr3~^Wh#)^<1ig8WR8ca+E zig}f9xNWt+nccU9dWr{~53yEGEnUe;_VU^g?=%&0X5EhP(tXgCcBRllE?9}HuhD(=d_nL<%L(QZnFHxtrKtskE7@FZ` z9hAem{^oGBan({a8AUcxCxrp8@FwP5JpgABdk_X2w-|wwufIRj! zR~Fs(#5S8tTmXq(R~<{(b*1thHUXaHm$a&yk2HVW^2+f33F@cAED7JObZc}^b!+}y zXqI>7;KRxcshtitvr#$XJcFR>XPDWU^n%J{a0IcY!u4HpqgaN4+w-F(zqasy&)51) z&-M6>f=IIQ)hT?EQ-o15(PCDM8|}0bl&=M_9<41Vp6?eOx7yBAs1R4Zd<%@2?me#Q^^J8UN&tIc4^2J~6<27&tcT%X1U%!31K>jeSUb_rzQ~Z;M!!QzTBqujITA5L!~|O*|v&2 zP#D;l_h_rZER1mCHq)frx~09etKF0)^XtnJB|27|Q<~B|A*JL#_~4pBzWRqG)TQ`b zLf)$Z!=Ll2(^%=B`thC_4QnH;ilA*q4>;dd3ntly{y*%!cT`(Rwk}S$bHc`8f=RZ? z+2jn}w#f(#LgZkQ$Y2mTcH7uwFc~C*O%g~1lYVBqV~!$v^eX+_`ht zyFKsDTJOHK-tV^l&^o8;)Cs$G?Q?3^x4->C$R+f!s+{scY%xM|(IgbqRG6h-;hOmz zUhb3%mESY}SRk8RP*92gsa=_m!FP5iOtQaXamA`dawy%p@84C|*G zqLXx>`h#pyzfrW}pZqReXDLv260rPE70Gxw)Wh(@YE%OUE@_rX_$B`^!t&D8`rjK1 zshKPCH@+n)GVE6U;%RxIX||NlK2f(7w0O8$Kgl<;roGB|=H;@VUww0Ew{o#XW#jHX zPjfC0XnkGt-ihwLU;cikKiatc+@oN_>~nKlnTLFHk^A7KbCH2F7-XVqeQGor|DB3w zx2pnO?bv-E{o`+cbdLX8`Cljwu2>hCw!oG3D42Qmc982>lIYYRK9tAUvm%Nh(`ASI zviiK_DBHRxTuuH-W;%V-)7THI8dIOfd=d%NH}cH)jKcTL1yZCsz`gRypmD%B%LB{= zp{f{}&erh@C0t_mgDzzjoB$LRgE~&N5{%;TQS&HVPX_NCs=D`V?%hSb{Kqz9>9lb@QH-h z4@CpM4~VUNf7^5IdG%l3;XkO^fXmbG*u~+zXXsGrQJIn);87M;9YRX%NG6|qz|v)_ z*D2rBY`vEOd=2vcSo>J}i0HN&W%$IyBk{7i1?fBWelKS!A&w)=Uveq|dayi>n`p$5ng}w$7_4W?V`$TmERJ!8 z!Chz0Q^?ybO+wQMz8)OII<%}?b+Xc48$6c_0At@?by9z;s{KI&Y52AGP7>!^Z~H{f z&VWH7Kl zH|Jz(nEuIW+&hFp$d<2QrK}5O=!z@CA`O7O0D9uc@7T1lqKwG*o5u+se@L+Ks?0QM zzz&Wr2@>6F9t-09UuIr$Tj5TykCg&kyEnDkt)f=TZ{TW-QoHCIp>!I zg9MAc2$Y%Vr2h^s82FI`%P|r1Xe$28pF98OWneT`TIYu2SM(dbld;K%3pOlZ>M4Hn z@^D_$$e~l;z0+s$YOu?7ujMGH*l7qxEoz{<(Tc|?d*I_lCC`8^co13FQpW)L@6x#wA%P@K0E**IHf+f!LP#`RhCl5@-8EKmQ|WQ9u6VQq zle=d3{n|qj;8x5hO$y7+9~jjijEuwH)mR}#_F-==c5Ly7zEzihPexL zSVwjIMT_zkm)v#W#oRN_*Fzhm^sVC4q;vYcweM8dai_ZvhRkbf#X{O1{qhGF`Mvo6 zm29W~vrbCTj5Hn0#b|1Ss<^D~yDgn~3vUV3Dh*P4h_o3iH%8 zJ+EWJJB~@9j)^^>n*I*$WHPu6qk%NwO63G5%G#&>@blk${qom(;S2gDT{D14Gm0)e znDaXo4Xz7+0$-~sa(EEdF}HORpLv|EAwcVS`!`CfOLxus-4MjXj-sShLa|<+?U&8W zo3V~Fufs>Sm+M$Wf9^?o-L6m0cP~sFu6M8;_X#}JNp(Lk6=;-M(BbrFL(fazD>NoKF#xYgy}fag>a?0V2R!l|juSCq!8~ zQ=rSUPeDd3OCg+7?&K?k>z*DSS8&4ptfm`iiH*Ty%pnAG`Z<+vIkrkCuZ)RLVzi4Z zOI5*OvT2@K{NZX~+4KUnYKw#UDpFKbVtG?dkh0KbFjD`X@dXxyf`~Iem^r)AJJKMX zKH_Dt#ZE6?o%98W<|Xd{YPa{@5#k~+NMZR_X<=jn+U?K#hC#vLJ99bEx7No{(&k`2e z4RTP$pw=bpqc|A97}2dt(mg1tO@7N{+wQ0Pret$XEdsszkQuT+1e3?YJuWXv*pbu9 zu{1*xKy!e1&vx-NyvO4XaU|4})cxs`mr6i$A=x`w5+~+ zYp;L#S0}eW(y-Ls;p^VPu%-AUK7$XI8C|z`iMeS7)Gv#&kn^-z?R)5Vr}6cyk(QGj zH_Y9Hq3-EB$v48jb#ba>=#2qr|7%0)`ek+eNSxL~7l!AczU(`-HlxjME&8_3b|ik< zS?Mb`4+=&r!LLA^bg_G#Zb3JZV3WkO8#~T>ZleX@@NFo~2a%<;$4Ds|E#E5~ItKV` zYKEdJ2y3B}(6bQ9XPTRnusdUXQ=z9Qp~mShsSi1EVZ)nE&nIP|P7V&9x`HKW#_i<0 zvhw*VOkUXGG>!=ZUeVoLIZg6$TFti+95Ns_b&YXS`?0`OiL}`MtFL9*PPA>` z9-23gNvgu0Z4pbeI{fGFl~se!YkRo)J8Kyx1HV+0Kx~>&VPJt}+U&eJTzk&Akls&$ zdjTzhdG<2(8^vn=v)}*7HQnDc1m3J!y7R88m4{*QtIyMEvm*t39l4jyLH_p%tVVl4 zYSfoXJtaReOZcMCyA0Vn*p=kXr>k0jo6O1N9!330(wg{*s>3uSLyr zB)<0hQZI0|XT^GVUd$8gkzD+>Xq6Gtuwvrt z-kz>U!D&yv#;Wn?p&8_w%ihF(nneAmsOEH-{dox%%8@2Kq$D=2(+^{7Pmo6tlwMW2 z4a)4kT8U}SHa8WuW=~ZsKY0eDQB=3U1snDJbTAfXyZ5dI*=ba#YpL@qvG}5AL zPR7=u^!h8s6{>@Pfi6_K$ZQ@Z?fvE$IsodDiF6iRwH0L+^=hh?ax=?Fa5|y)K3vp& za5$m!ZSCG(2DUa9&A^>)BtU1}=pG}5M_J4qSl#p@YpckM`*u#QKzURW^1- zf2t~0hw4OM<9+{rK?4=+KuRJEc3r*6Kz3}^H9<;TI_1#s;4!#DwXrk!olKDBD)2?4 z5sxqy1uc|VP*iUx`u7+mm+tf&G#S^PuzQMECwSzGBlQ?{xzT+Rctp3{5e|L>@3lY9 zI{fnZ1*P{R*4b;15@_YU_m|gsgY%RtPkx?0dtOgbhc^+FjAQHttQDPqR{l2$LEx{V zwraVA(>qTXrN%A_;CL!{{yHw-*7`@d<}|l{>_DWlp*C)IHN^YB(+o2wF z%ATvW5U8Db@w+no6(#*KDeh^%dw&kfSH@ZPFkgGhi@m&frUH`47b4BFPjb{QWBcad zJo4Z{^iEUzx+nJOY`^eVh_BnUmo3Yn^ptTdowL>*m}XgK*WMqcvZ8w66LDmwa#BUf ztl1zrPp?$rqpY7lQC8%)xkn*cl8@WkoH&!0*&<-J4I3}sDHE5UsNKH!|8Y+3fA(_z zz3$PqehRv~ee1;aJJl@9?YpGojaSv7ggN$9Nqw!?xb^IWg_-@n5B;&Zy5dT3hw)-7 z%@9i7(W2i95f7N%C&(>d2l5f^jbk8JdEGHC(p5lf7!!Gm?2m6ucRERt{}rY-7d(A@ z=408P%`;|Cy6V%`e4O66)@2}s;>=atUKQg#@nR z$-8;H3dj2@J{Y&s+}b>6z*Z~0?|adi@of7)k;IQS%ngB>Po-yWMeHuFKl)BZ7n*}t zDp4yl3$*`o7tz8#<{o&CC9(cc`_q5Y`hQz=>4w5b50~<#-N~-mjn*Hpef)ciAMMQ2 z!)|%P%Zk$HETW$&-4BZ-F7Af_$&>wmcE=RpU`_9Bmi1IbCn)q$c%Zf| zg%XNOqH|#P`GY3?5{u~)EC5|%mL0w6b{nGY_fwVeP^D^0kEH4rqdqThiBvDEoc#-g zV({^c1-45)eCR3-1D$(OXIujW7URWkm#C(~rn2=DH$<6zNsg%_VntHVeN0yp1awB# zyAMFj%QKgwOTr5li_A0@JZ^c-NMi(wTCDU?fEl!2FUWgD0_(Neqe%IW@h$5ldoPZJ;JBLnlb^pTwR({A)L(C7!y zu4+i29#=i{(7joIDVUsCyhROjJ_vo57pN+vU|2Ps+B5Jkqz}1T zG*E7MVwt6jz%*BndhswG%^hq17U~Ad8?el8kC4)UyEhMq53lyKxypW)-B*<7LvBpP z2`KB#sfmM8Mtp=3ugs$2Oce!Ricnn2X)c}dX>(XtGw)4vsn?#F9OTQE3kcWod zt@&c`SX#8nGd25R13XrZx|Yyf8E5hkpG%L}#V7%MJ@Ib1s0*DGs||(@L2m!IpK!}r z9P%oni$GNyj<0znRtxC%g?^DuFEsM^5!&9pMGX}^KYWNMcNBd{$WI?H-#(%6?G5p2 z&wU6pe0U9Md^TF=)Z6g>C(6-1-TN(EfbzJRrZ1xye*OJ^IQK%#yI?2vXLZ?)0%zz~ zh#_uk`YohDSaMB1I^A`eN9||hFI*;H48~%sbR}M~nFVLvF;N^#Xr@u(bm2l@b42}s>?Q}5C`NYJfI$KZncGDzd@8_r#JWF8g?^uP)SoH|X8|qg3 z?%mYMDyik)bZud_#;FeJhaUt6rm(YS_2|M^Z;^;~d87RDQzoC0;})!Y<=o-B&GkHK z1}ot*nwRr^+M3vM-MwtMhEM3RKWeuW03>lINp=Mc(! zj@v<4A;SB)S~myrJxR^Qmd(<9NsSY9o$NcMfi!;2Jl^fZ>$6)7Lq_k(=lHA(U#xAkFx^z4+;64iF7^QT^q20cmUSx{Dh2d<1ovu2dHRyAM^_*Q}J zde`1f>>JWUYuf9#CfDluW~AxSEoxhH>7Pr-VAU?5a-e8!wp#V{1oAp&R3)Vry67D# zA3#@-rjb>qFueBb-0%HQMMWoM#JeQ-;Ab>ux3pRd(X@a{(FtWK?}6 zx#^8C1y7%n=J?FXnz3JkV=(q6z@Ue7z=p_lr)S;*$fp{nJ+iMosJg5@;x(>+-tY55 zyAv%r;_ifaVq^0e-7e>e_9Vp-Q%YsEca~ z-1e7VRDa%a7xRf`eRFvIk&>-k?r{(HUm4E@Re50(vEwi%v@VdUx$*uH#=cKQqjtER&v^e^ShOUD3 z4g1(vxcmw>jeplOp6v3aU{+`)=>UCgF8zSLPf9V{-9Zzex_}Zs3-dKIMBmKidRUjW zg_Oi&xl)DG1~tagj1f&$8rRX+-B#n8~H zFDVs~L#U@zwit8WNXaqbijK)!p#z44V;?h(n`qckK0Jz`_adaYS#wu7x&oC)??;nf z0|WT#X+c)`E?G}RmnqI`hvX6(T5(17sLbW?yt@V4XMeT!|Lp(&Rx%!{ON)+bx#M&e z_m6lRcO*DiVUMwCqewRilrQA**uF~j{U)CBsli-vn4s*rgQ;FG?OVINm&Y1G(jXCv zXIVC{)VilMmV?^H>%bjhNuh>_TKj?qgrq;r_uqusc#%&^!&v)*Fg()Sq+_DXgS{NVeQ(7!9hQKj76JHfNl@5@tK;kG$MYL%l7+Y+Nh z3SY=f=2Vezx|U%+$HNq+#en4RRBAhYuDZs=n*EE7VMy3tOL|;#DsfJPbIixp3o_3| z!czQ%qHP^!;uQWf`g~RQoV|y&Jg~V%8E0dmlRAm>ibuJL>*uKS zgL)62*8|SXv~kitu3c^7?ytM~590M(A~Uj_TA%~d`+t| zf#~$Dkm<0~)d6Sdwj~lq0xf>=B@H3vT;xX`e=#aaO*m8UYv)t-J|$HSLp~1kI9KpEW=@b-bKE&EVyJu zQhuz<*lVy`O%Hh!?AZ<#T+7SRcCJtqr_siF8`6JT?=&T?l=r%9TXQdk3+rg9cIf}y zAo=rF{?T+u@%&ZTKBs@NN$G#FNt=JMNo$8zRW&eJEz|G)=BjI=fnwFjoel9845L^$ zjh()O#+PfO6Mdy0RSU0p5YFBw~jqqB=>ORETEz%fpIyklc{By}lNjwqZYohS zXywfc$P%~Wkx$g%^=11a0vyvC&#I(FV_##9gk|b`;Zwd^)bQd6Q!fnT^Y;kY6zA&m z&mFnrKK4g4MZsx{Cbk2yj|Xt$44qzrF41b6j~U4^Dcz3|pzc3<uh+ws zk5uR9Ka>Zq6qY0tk1zkxMSd?gS>2{iR(u{{rEqfo>!^Ri9y9Q;=6upM=k7UpeeMiC zJQm#@73jXVu+m}c*Dw|t6tRcVIwV%8-TleGa34~31`8Y3bbGNI;QY6%{BX?X9kTqa za&VNlB@ga-w8E2Vyk=t*oS^9@-tUXvy1y+k#C-97WD95cX7R`o>z`N zK0I#rG4HQA*JS+-oxi2z7JMOBVLzCR7dyNpH$NBLKSN$b(9b66<{Uwo=tAj41@Mh& zv-xYN#N^w~GkF&9`7>Zz4p`Bg_{A&oVhgk8qOgNZ85U z{hmt=L)%Ebu$ZIy7Us^L_3uSmp zhL55JZEt*HRHd1`T2UZw-kQ&9bm2Y~*6Dv&9o!hADpzqfOIaC++-CcL_Bx66u{uWC zQy@X#6dyxZ_8IYQWZ(V^j^6^GOZMYMv0wv&-5u6u%L+tj5CueR zbf!qj*;Blcn>m*BgY>-titHF4%>7WT*=pJw^$qzLlw~^Z<8$-*_-0DDt*;#~a`+Yx z+wIXWs$&c~Pr5FzPEp6a=~ESd#;0n0X_O%{6HS_noDsU|jMV4_Kbh6j{!S$`Xj>^d zRfGjjmlTB&r0^?ou{<7BM`0 zopvvLbjA(a=Wa+LI)L!eeW$9PDiQ|KM7Xwy#^I8&WS@ZnTeJ=x`NiY8lPx8eV82}1 zX4w+tdEP$IJu@rFqBu*)EFPYb_k@Q!pu0RE-8s7w`wNvdJkavdVwQ^04ML->GUQy91M}Rqz~aH3vj9}~ zFoi}kU?AJa6g^!|VNS@TG@g zB!LFjAjucI+S=Nko#b}FiPjji&~qE8Py2#luVsxecT_0w-Z!4h0vcS5`5^aci$u-L z*V4&(G*i@O>a+9k1S5ZJz z*J46XvxS8|wQNGWI}O_bM4VfWJtU)2!c9}0@GQ#1IN(#Qy!hn7IW*--7Og|9sihe1 zgV$i_le@(+KMP;B`=-ud(TI9zg~Lf7*=9ASI962%LG+ABtv*+7sYcBfrn**Exld$9 zl{L4}ZzGImq`LfsE&M!8#2#(*@8f_3$HERnC;wN0+uipl6#EocwRP1~O5}Zbz;>)$ z#*4f3Ze~-B9uUiY3*b^PmwvG^gAR4G_?$w=;Uz@VgVUV2x3#QM?gS$?^IfA2NcFnQ z@pu;bx%9fCZnUR%nE-!flFEnJ54YNv>o$HaFRAZ%1%2n6u3BaSwX82cH?r`?S5L%_ zXRb=UXuIYpJP^yNWqoXef^qCK;m8!ZfQ_1XX*EPxKJx9dan)0mB8 zkZhJC;=N9!G`svN%n{r+G2Sn*2Ah}%Mg|Lvz~32PeYAlpk|0r9cFLEka-96dp~Z${ zYqP6-%_8c^kCKGg@0skuY(aiZ|ww(ccb)qi~bD>S6ujffw$l4r`XV zmr`MGqY*M%lb_axW)yi_BeqH^Ji6=aA!*`>}JcV6p)Q>?h# zegJnSn)&bgwz+RE^yB2BsFqF-hWiXvN)k68;)3G)Th=A|p_Ap38W?Z9fiucrPRtVQ zG3=!GYAss-e(6*nZI3{B9A8*331p9n8A1%~ zNkl!1Qv;BWER5U_0KMqp?A+~sp=EnMbA%ifXi!g6{NLVp?>YICy;+Q z9kZlQ!SOwjVs$Z#`)H ztctd9Qu23C50TgkpW0iCoBL_|mj97)+4&nOXMzT~!yB~$59S_%E4c4o`^BuMy~|^h zrrO9pKq`3MCn>W-uuS>hm-ippa^p{tat^nxtG>s{E zQq}wYf*g!J)*(&K#Kc|&qFc8jem1t}Mt!F(G!!HIzxn;&i)f^xazbB!4sMTG^bAg0h!9)N8ih1GJ#3y&py}n8 zB5Pdl$R67dbLNDx;54S8!Pk`V)GSWzNAlffOUf!{)BWapxC_h^l*|t*KTakL~ z;hNJpZ1t@*VWYc~wJLBcCp_Y?EkA)2ebD*^$5ZajsoZkT66P&$^@^B0A$OmB?jl~f ziM8UhZ!aPH#@($jHTGHRiAj08eeAn;c4dJU2Cxv$wL}K3FPd+50jyyl z8toS*TmGPcL_;Tgy!zp2Zah?1b?%DGjPY2IMZjj7q1&?SghFPv>UXLg6M4oLUBDM} z2w|(KZiLvumU+ibu4Xye*FnIgdB#12_$vg!7!t#BCUVq3~3mPQj~GrMPEB-3m7zS8}JE1ckOky@)tQ&NnZ^Kd<%JJswhK zlyiR`a)j=L$%R^a;G3V%h1l>#BeLAV)l+9ZLO$5{G}0pGPy)h+uZSA~ziIRO+-i-C z%5RVRg34*5ubJ(cCGtDBXSB~*@g!IGs?fxX)0x)Ojpz!2v{gi7`xy>XJ!h97Ad>Vb z;EJX?83&$pq^OR&+lVZ}5fNE&9T&|H1tVfZ)BqX%)n` zwIilZ*L+<)Ea*h$V%_&&)VaaGDQkqwCPjDGo;^REAL%)KUVA`6Cqq6xKHpkjI{h?# zdhK@||8Q}*=XpL%40-!M{(_-j(&oIv)b=`TIEpFbxGnJ38Nas+uN*JTD^3r&dMD*e>&M^ImPN*|IBUGGfZW#Yedc3!LwW5A#SP zyiF?BbMeEqqIu2Gk`~3|8ruZAUlgTIfct=rEp$GMf58tM^`p5658Y5V#-*-DcLA*_ z=fJ=qvSSY$A61~+9vlzD%)?Y=cGRzmOF)bYW*(lQ_wjdha?L)C&w!&_9#*RdP8Vt* zN1aV>#Ps>-Wa@zt1M`^qYEu79UeIK)ptZ%)Cs zer13= ze=ZDv>hMv4Lh3Bwd_UC(bPq(l#3C@i+I-%P<+5z!N2rdwiIMvXctTskY-f`p4jM_# zlYlDDd+WzdvT?*kp)xZ`?FslsG7(ujBrNTjGomA&0E4x4dyz5Dt;SijVF_kfTOa>0 zKdpWcox?ukK`p{I`IfPoM;6Cjar(BH5 z`DP2yr7|#KNpMh6otT1oVBKFW&T8bfa6mR{VqSq0cEsrgSDy$UxK6AJce9!heL$iK z++#2HX#hDIm>lo1B)c&kr-B@fmDuWDh054!4a!0_t(HXfb31D`*Czp@Ac|8GW1tP9 z4eum(w&+Af=kXWWIAtuSjyY~A$ow{y6lEB=Yv&64WO#ty3n!zm_KvcN2$ms}HQK*@ zaq-;TZCuy}=YIND<+ZtF;}&{*YajjFycSdc{^oi>NeokQj$^&SF|1VxS|reOBRj6i zc6+)$<}}75^ib|VAI(TGF@{Y!;n97zXww}LAgwB6r`sk-`Au?gwU$EF5a;L+=We?b zC0RVwq!7w%4>kEzMu(_!Aq*E^wR#`BMw^)6Gl0# z65$~%t+jp;VpCnb$-dQ}!F;J5?t{(#qyikWGcxEwtn~q%hs5^|T6jZ#z^4z@Z z7#abexfNuGc!%;_=p##y`<#AoHYP<_1}UnZ)l|KxQ3bZC@P6$ZNaV!oYuE$swY92| zNM~OPnlB+0h{b1$sh{7!LYtV5c1tMu!9-R3nC2u(ts}~u%2g-gn99~P3oJ%Q#8_w3 zti&OlUpYrWZmM{#2e!gfKWZ|6c?!UlSg<jrlQgyDxkzkW*eEb#Dx)4E9!hdX${S!U z9sn|1ri+^RDa2q=<(X3%ma_Rc@BigH;U5bA1uCO|X!XaN|JSfsRM(a%Q=ImOZx{-q zDnR9E@l2?L+TM!gMqtHT_IQ0yd>miFRGqvmEU+y}DnRx@w<#^x^=^54yf67e!?m+K z8VckX+Ef^V5<)iI2Sjl3aQSE8Z5-paY_8;9$881`;8N?8@D}Y{74~=&i6wrbwpY#K z9CJVtM9F0%+EsJCk<}!)t4&PtZSk>35#RLb&4aImnxn|Gijm+X6y1JYYd;|}qVJrc zm#>o5UJ6fW4SZ;oa>9GDUfu`uVZ9^L7eW{2Ed^+bf1kdh6s_FE%ss32Tx*wdz1cg- z?uB@#-LLQNhcB-CM=-o>uuqjTS8`n+(Sy?RNJ#a#woJ-IFfl@k5+#)M0q{A`-7`E2juxw!VPi<2kBNwX+ z+e6~rAxo8&%{UA|!tNkXs?5m{Kb=>M#}IKlI7C!8f3*XjS0-71sg}myTT-?xtyg_# zUxxdlf{ACU3o~LU>NxI}h^xgEG(etbGHRws5yRJl&*MUv_~!syV{!lwmB?)7=ZMwk z>d_m^jl~wVY&bM9K~dJcY_d|t7$9kZHqU^%+ZT?0r*iI5S09$P;utyf^RPxb@2L6# zp$^+(h9uqEDy%hjU{wf>UrIu_t*l2y<(&-4{Y{?dY_83WxZ-uEP~dw0>8C2UF>i@B zzCFG3;VCKnza8ZIUyynJr@~|1yadww-g>>^(KGmn+TnA%|3N3#EtU?K9sP@1isA+8 zjVzAo6>K-L>v!jx-|pPfPdCfO&t)jr|fznQp8s&I`%u_@Pmhl z9uGxoD!%sMnIX{r)$Ig1-MkZc}ik(M_UtcT=BcJNZn_g8_-p%^A(iqTpBV2DRbk z99DfeO97qYzf<49FkYih)s>&iL}#jn7n~|kWt{MIXQAQLF5wAq{Z(4EvqBJCL$++b zp#9>@TsvzDqJe@WXxYO!JZ@w%J(~puxrovzj4+PaWM0sr`&M~wOF1HMbaQjfs}L~= zxQerT5V8RP(a!GN-gO3`8mOC_T1gMd+S+Rw>#=r;+<>Y(Ul*V^y2ZI?%XB`Lflzh_U$d+^>~g-y zJh$_In(lDZEsOV9zUz+McycGeg~R5FAh39j;^E4J5@3niUTR#ThODtqy93t7avnM} z_yB$zA=j^h_f11G5Dq!cd69X}IVNjR&&?$?%g6})gT(LUbaF%Mc4q|n^ZJg~$a=kRRN5Si4Ep<5xe0q{1mZ3*=%_&kmh8VjEn zYPQMASB7DFr9V+w+xkTS=tEEAd;%6Q>S`nX1S9{DXWyyTQn)?Tm63NYVM{}u%p{g) zo4p@FhgPJoXT4RX9Z=re*}q$P zA`<`m!AMsZouH=Gq7l0!e`%1V(#O(fUQfE!Q#xPxt!zQE#w2HKK$hKZM+t|Amb=nM z%R`wP6`n@YQuuMPzdu{Y`<5G7v z^ZR4RatYMosc$Gz;XsW3X@w+&eGUs^G^rNvl_pIWh28kz;O?|{QNi+zji@J#Yh;?KjFNbmyJrb*4Az_h91;51@p}aj-!eXn%}RGF494Ld6AJtgGPJ~ zNwWyiSTM|61!cIDhNyFdGiAJ&b9e5C<+T9IThiQ>@>YF5=H7Jr_~w55jaoO(0GOTY zw1!=T(G6en5U%1!8D-SW( z&~kw2s?Fo$+e;#J`*RYW%BG9H+XLO7kPa>=`h&W>uE_Q|Ga>CEMN0NV`b~@inN9`R zFD`s5Dt*Ov&x!@-uVqa1)#0{EO&AIG42M}H|E89Pfz&(gze`6K?s-7vWlO^dvdWvIa4;+|hlM_CB&4Mk>DDjb`{T<{{onxmO-_6N&Pp(u zaBxjyQF+)+cMfxCUFEO556chQ&3&#f@Q`Z*g^5VN6F0Y{|Cq#%0f@}kwXi7uu$Yb= ztlxF}PW3ZiEp6{g@!u}{j;^}K`V?4G5R9DCdBD2rW1zM3H+oOH9+Zx{uS z6K1tGx4>Ibv?KWh>b2hb7O#GV=1BL{?AOO(OKtM-%j&u*^FRILjSK4fcW(!aqL{U@ zaUchz1J7*3L6q;bp-Yq0lf3Cv0$MYB`CQXS$ajx0xcAu+^7&`GB?el6UZRHmYA@%` z>JNtN0;Ubs{%OgTI+d>rFFi6n>VN8YyjA7l`7IB=#Xjs&oIzTg9-gQf9bEIrE*j}-2}vgATEL25{9_`*wYgM2Ow8_ElVZ13eniK6LhOq;FAkft1kTD z{ccVv$Wu6Dtt@%)md7PDIt2Fkq2t#($NA6S*8&6BI5p7};mZqhG-16V1x}&IM@;^&|4^9gT$4$LUN;Ip7eT zp|Y2)DJQuhJAhxc4EUvHE7pP%Gu1%vAjODD-`rxYncJ}73-Pu2)g3HE7_-mocS$Ot z`M8#Rgl|cg(=G0wxlITQAd5hTqKnOZHI#xD2JG~XUUpU>R?U19a!9J$q7+5(%?;bp zF%8Jrhtyx8uoJcEW*4>v!P;hTu*m&H0WpSYUX*4i(#h^qg4L8KSg4nj+sjlgM3zGL zJZRbTDY-Dwx?`Jx0;R2~^HV1xNN~uVl&Gku@4o%}Gyi?-a;Nm`y_8oT4Geczx`uzg z;5}Cy3(-$7t=sE=!ww2mE}q#xMb5}wa{lG-P5yzbnwzlbS*eUcVS+E;{ps&* z|3#+DShgDWregftr{%;o)xp%hWKPhVjfPYyS3bINS7@&s5WxA_5z9pT&DV)Tkb+x= z(kRp}fo(_*(Sc|`BrXH3A}Z6l0H9wlf_ld5Qar0NkZwj@VG->kNt#bT9NPyog!tD#*^D|l4++{Q{6M4!@$S>v zet|kZvtzH+r%-E7z7F^t9uV@2DceF6$N~!RQ(roWI!WH5V3TI%hM`i96>AjLcYxBKiQD zZ2~b8OXCDvmI^%?i{!?{h4Hv_RIK?qJGdljIfIzeHNY*m^T2w7u-kNfV(=s>=a+TD z$R0fQ)XeRoeG`q0J)5!h43hW>pjIU_a^dJbyju5o2=ZTqDcp* z8M>y;U9(y8v@d`L{uR=Z0Vh&uYh&#q2Z%%XqF5=?S6J1xblm5Z|eGU~RRs9^R zgvlvM61x@wc+9RQQf9HRPf6*T^D?vL(Z&DA-gibdwXJKrw_CSe5s;2Ys`L_iQ;~p_ zfFXq%kQN|7=pdl5w*u0YPC`>kfP^A7KnN&RNX@jSim`1WtK|I6zCIYG5QeeTzpmJ*Q{^rC03uVFVxY)hY# z(ppb zo;~5d;M;U|{>;q7k}tQ}fBl)q{lk|JR+85$XMt~xJn9Xl3oUPU%HGK064Fe_=#PG? z-!pM7Hv4F0V+kb8HuT|pP4Gx#qIa8yocT;R-8$+>%nNOzZRP@F#}y$?KhBV^L33$cWuy8Rd~H4B z_YvXJ@80L#KN;i2t9yFJXuOjGq*qB`o@;U`he7`eB84$=|B-+9Z}RUhw0YH^;9`DX z-1_~;8Bv~}EOtG2aVj4tGwC8o?mGW|S8j(`w@gzjMarT_U9`D63H|uMv(T|xG`emf z9+o^8Zzv67$piaeYKJBy_zEXH3PmwH7F~l+?IqtP2yR6xB32En0Z<%9o5J&19Gf_5 z)TWRktCFuWgba3j7!N$uJ1HsA)7C|14!90%eo|-g6cXxC;^#1}b!ReXvAE1(r;ki_ z98-ASIG_#1Ui~>{T)P-U)H7_&iBEY{Ska~JJ1M2MMo?QbQtQ7!pAS+^?7aHbgchHHAL6^itLFh_oV-nUQ^K?w0J@K5*w)@us!dfWek;Aff#}!DxObB zv=?$onpju$zfmJ^-&=h6R>9)80~=h)ZLh$6#l-3d88VGm%a^>1YQzZv*Om)D=UNo$ z7xUaN;sjM1AWVlPu{})bF)N}j{)V-MpnGf|Qk*`>o((XDKDfdriKy6cv1+96?&+mFbEsQM!mwsH85FR0ZuDHZ#f2|f zQEimdKB{*!MonLtbIG~*wqaOMdnsk6Q&!&hBH!3<+CZxoQ+YUiAW) zsITxf0U*KW7T83e@=HRBuj&Pku%DZE!uMitAQ9FJ82nX_8O@3}2?O(1ccZA=Soai{>{$0^3Ql zss%K?Cp;#0*kH>+^plRSm0Uv^#ch{~Jd;W5acNVyVXdS9ZT!cC!MYriv`@22wNDNd zwr+&(?nLT0hkxGSS~@NFd|qVMB#T&ewj=RQIs?9i?=_-T)bmk~O}phPdUh*4O{O5L zEHw#?o@ZqL!q7)@47Y-*t9WvTInhdwa;z6^r~>%LRkI zrQ)fvg&3?Bzke(tue?0*Azp_nd==X%H^E=Qgk_5Sy$Drr^*SYEvkX(7+}S$Iz&qzq znbffatn@gmjGA^J?6XFrn?wgp5Qd!div&D8P178 zQs=d&L7NgA0@b6(qe!sW!e%tEGa_moC(PyPj?QclDvF2^()1Yl&7!*q_4PUAnb+wc z?VEgCR|zeRPCRsECyviC9N$GTk{}9ZtX(7$)2`ChMyqy5uwTkLTz_u))=@t;^hnC@ zb!J^w_QQb3uYeFYJnbd}ShlJ+Ap77rT}56vN`wQ6HTy#n&HBMgUjeE?gBSv@3z2HV zqlp zh!;s3-n8qhevNv)utsEQZ3RIrEpBBTNIhSf`(9hFVURauZ3YtCG_$OkOw?6394>y8 z<1FQ2!CWF2q2_c@RUszJt;|K%7Aa2J)m9Uf_rF@3UAAp!-Lo0DZ&v56l`8{NEbfr- zlhkSjturezD394;a`P;R0%ScZG6OZ1p*33*)_(P}6gjBckH$#}c#5ZNO<5B|d(6q< z01&iShSf&if`E!DN{bQcL&QHDH{%`0(GJxEvppx0?Q7e8MZFs2=H*C#sC2w&bdg*3 z*>LcOO5Z$?y<@0DmKieiiP6b*tNx=@gX-cHv*>_Kg?&4ak0B$y*e<~tk6B<~P(*P7 zq7g|dffaPMAJI9ZIN~<4ibTi_C7t0uS&Nh z{UzLGf}~hn=e1y#5Hxinc~E=Ekf)M8vSk~`&+BCCB06SN-usBWVVjw12iCEN+Q)B07Jt=i5#Bo<-#gHX#N=B6l8hl=ciPtebfj=Gdar{sMJK%r>EXcTLGD@PK-A>*J=@G%8SHk0LvCfhBqKL>8zcK=YfEp8GN<|Mk8g@@$ zH%*jwAv_W7NTf%Ua|8xo6lE)fypu(q#Awbm$Vhne((Zx;Ev^lxkJFPd7r6)$=f)+4 zaf4Yx8GkkqkcJY8Z1l z5PZ9l2xGg8SsP@riv^RK>3|K9cRFrj+u%kQtBefRX>bxMDsUMDd%ReR~)Q{Nf& ztl$1>>wjDMKbdp%$Irh0sl^E{{Oj_09%lpA@ze!}C2xfnf_oL}(7+iIyMhk>wdIv3 zf3!|KWM0|_79M*bsv2kWXluM$raY2`$w^f5>;D(*(hf}LbL5*0XC|zYp_x+xgTlUKs%O+ zBuJ!^L+4*S+&7sC_RbULszURCK_PF~N%TzZMWxoU!HPXl0JbJKC91S_Fs0H&9Qf_9 ze4#B^{@0$nEU8i%?b=mq5alGSnP6xI?xoM6P?YRLdww~a3%UaDm)oU7uebXxY=$52 zltl(y?fq=KncHO1frp^53?*(nDXnJ`TWU@A^2}r;sca!7sc{sR5wD_VA!|bB=2Yy! z?CtB7Bx(t$A#T}8#n(hMicbVbiy_xW`?-PHwTD_ENJ?!BsxBug0D0$i(2I)Axe}<0 zk>Ae2uYfWRg?4AKK8Ek=LQFt8sN!Z<2D!%cHgW2rN4mcfTXXE?(1{|WA7_O6<-P?x zEklanPo~WGIIwfdd`m7eh{?7dWra=HE1?_TU+nltVz=18Bp2@h0z`kDS*maJBMoW; zpk~BQU<{dAtVVnu0I~1mu9#e|vv<{152Pe*oQyF%c^p zclyL@_2u^NyU#a7I#qUuPQ50N3J^cfT5$0}_DgaCeHTMqgucFmtN|?86f`NErCn@R zTsUhO16!Rn@QIi{#Zo)Ku41f8#{L*SSL#8m*KDU zu+x-VB%&+cqzzy!x8^HkS+g!M%qef99=KF?FO&QreRZNHxvg<6orSB)Wj`L5>$!>F;F8Y20ah&a*K6?sPIeS$ty`(Fx1yK)et8biQyR_ur@@3IA zHc}2!z)AC~Hf)1uV*5m_QVqe4o1!2-l<^VQx0iC3zOC4*mBR8LX9Uds2h?KBgpICX z-E$X)oV=x0`6V1;IcCx!hAP+=1)jDy8;7Qtgnce4G1*FIeG^pe)WZ8W{(|L#@VUIf z5zS->@}*(~l|@?;iXgHlJq%w6-MaP3yu5!CIxuWsx270&l&eBbHY(plty8T=L`@Y1 z0JT9&7JXLrQLj;5c3lS;h;71Nk(|YV#+UJRsH6v7foosMo3&))w=@j zxF2VjtvKKJq?TT8C|fhY`@6W$n&m3k+3?(u1 zigz`+9WObA9aK%e?Zq^QQTC47n#)ydPi z`%4P#l+ELt?|RN*Y~G^8Qpv2`BtC1x4-;3Sh^F`ss;A+Z2Ce3-PTeI~$A{$&s6Ev^ zwgeyQcnOS|5t+}45>jP0AdPO7#(p3HZwVks|;5V=Y_qXG(-@I|nQ0l0Z5dg) z8ElxSRgSOW7~nlYf9{9ZR9)Pq_1_63Ym<>FUiOV_#TSx`}4Bv74Um_gI^Af_l|@(T(zzk%BMY&$Qib z7rC34sFQWYy`5aIx|-0nnml5anN1lh4{is@Sw>e6qQ#;DJnGzCP*HOVbwZfTD178} z!;?w!^}r)lWz0|^F7_dRGAWSqollIYu!3F6EH!W&sjNf*l)T!&T+l%oq1+)h>~CkJ zUp8oL=Z;i!Mclnb2Im{jR}SFh2sNl2eSN(WXsKVH$j}IiqWJLBx2Oali=GqR5GXLa zF?+*04_%qqwIVX~tx!F)JVR~<-G-Wyd+f;!@3Q-5HGCVnxwMPT z|AdnSVM{h9$8e0)dmPDk))K-pSZy%K%+$@$OV!!D$9+WdtP1quE@>!rF(Ar=YRRA= z_#qyP!=iHP)mo|YurM&RwNIecOYA#GUIw6GaR_hb<4C>y4%r1T->RGHgq8X5m8Xc- zIJ0ocI2RCn59cc$0)#fqnLrZB8PaB8JNzY9tkSB%83r>(h-K(%%UnZ(ZK zSdPG7R9{R?CA;a-A!ipSqDki!9R%^O!3CnZYx#yzc(Eciu0C+y9TOkwH<4xFVCdk> z(6@O-1)}kL{CE`Y_Lpe9NvQ*X&Hq=^9{OM!(SXWgKt=fBgd8uHPFj}ICLnSnmRgnt zC=s0Kv>8oNZ@%gJewUmjHQM4JZ}CvH+^Z1h5`l|i_=vpP*o0`T<8@3h76VFs4Z|6b zQ93^vZ@1{;Ts{4|RDn&tanXTG?`sS^0lCGLtUO|SlAf2|Sa1(0pNF+)1IgP6>{33? zFc|kF{QU!}Buoc&Z^BUHv$5)f-SWe#P?b-CK)9gnY$$oTy-Uz zHTm%P296+%n`T<%7y~4XY3IYEa7gSbCNct#!Foow(SN!0Oi&F=R%1g#DjyX@9kBb2jM}UC?EE=Pd8nFLN_$ z{ffT?d0CLj9xTDz>mP#t3_<-@Z}ZQU?BUb814NsE5c4Vj00UaaugBJyuL{d$4*iw+ z!qiiv#c1nvWPgkx_S|p(mD~N7udz~KsaDM+@|*jlp3n90U`qh#kM`$x65l3zh-I%(Rx5Zv31PeQkGzo9sh%%w4lI+StS_V6c-aK z12vc+xhTpRQdT?m6Te9x-|M)dB%@|HQtav;ceG)hi^^7X)X%-`JP~8Z`MgrzBm?i9 zA!$*U5|xV@ve8>6l>L@2_8^BGX(gF&GSiWfQK|Em)2Px_l{2BuIX~`G%ZrSFeu38; zmMbIll85lshYept=DcW?`u%>Z%Or%%vA(Ldl2KYUjDyQWq#aB03!I#V)x0<<{vLAJ zsBf@BCyo3#6WilQ)`yQ}x%f~uK6jaf%Peg|;9iTYHZXO9uw?*txIH*Li{roD*Z;5- z|E8tLWe5sR_Ss9UyT=~YM)s7?G$Z;x8HBj`UZI&A-&E~_=oX5%M2l>d>czZyxrp}> zyE%Z9!PO=NuoirLAxgx^=gpsqyA@v%4qYH_rIM@4vRtaW8bjr|Ps7J3YbS)H!UJxE z1wq{{vijD?3S%ILWQ^fSOTGFet(aw2KBb6HS1D7)b^E&B8Vrs>;2;Daz35AAobNwo z!sAWy)!ZNBV9v?sS4lSDf_qLml-ttJ`kh&U_5~Pu2$qpF-z*)$>mA6TBhRd#-94g8 zt%#)l)_3&hrZ7)ir%kD`=tRsux;g!^>&{|1Y$)^EjBDt3L1%e?&H{>}sN7M)#;aS4 zdRLn}hwe~L7JK5??)S!7d{QVCY*SVgopz~mvA0tT3bg0y>^|ViX(JPm7QSL}vxvFg zA7?s^onra0Rb2*UTV4!}Lp1WU+UeJu@M_K2z%7*uEWx}45hC@lpY+}r z{wX!+0QoGZLYSkZi?v*~_nmm+j)KJGpa-<>BkxW znoHP>l1_{EB5Dx_C&39(y+&90kg!@fAy4qyt>3)`!j1c~i5lBk=1)ME3@n9JT*Sl! zbF3AQnXLG#Av|g8 zgLqgH64M&HDYQ=DOXw6$C=!QeNb$!*=w^<6)~ApY9v}R9J|Bk6xT-g|!uJ zm5=ikYReW&jsU7;rfyb>cY8~@drTz~ zzNHFU53K>)JZE|=p6&}Wb14?dJ?J`g_d5zj2QdU-qfJmmpYhiyK)!5%?0Y>afpPr1 z+muI}Qy(pg>$E4{?{^dsh@w+|{IS~T!%j4+E{g0pX%c91bp(&{Re9Tfy*QeSw|_97 zub1YgauH+{wcC@ogE3pgn(FZu{l%jG4|D7PWpm2_MH}aEF*|l?ri>(9rL&cY9aP)L zyoa%h8I4WCP|t)IkuDQv3k4VF!5BMsO-I@G8w~Q$hzx78d(f8=l4?AI4iJ6ELi`)RK6;~$E zS?(*qIK3~C)lY;9`^lOZsQp?d_z7La1aV|_yeqvtt1e? zwpbuzD;g119zjNuu{hCEWMospTJ`>Kv&kny8EpaT8(kot8mtS}&8n0SIZ4aO(k%~m z#-uePspB#@A*`)fH&7L#;*XbgJ!$l4yPLBratkCH`_0wZim}WzJLxTDLW`<``^{{4 z5+C8cjKl-t!v_$HweMPDs8Qax4roGHv52&&JwFL5`>8zZ2*{_;N;D!3c%|d&)3D?w zSTt6MAU_CTmUD2o#Cfcn09heWUmPYa8DKrEkVdach8;Ro(spF~*bDA^Ev>*Fb+)`Z zCnC{a{isN;-%yPw;}bp9ZzG2PHm1-sJ8awmU}b0CITEgxg2#XFW#0p0(RP&1dEeRn zUGCd+R=H4!olY zlOjPiy2~|%mck-cVBH}8f<&O1V2qz4=#jo!`CvrmT}kAIr^&tHQ($Uq3@?5Ox4QWNH(BkFfhQCg4G=R#{NeDY^_7P8gLQ7Y<_<|%r#@bm zL2cCl+>2RccF@x=*}02b6chAFVSnHP6##>^VKUk}@s1oAe7Y})f&XO?k-!h;{DOP8 zwkP0CNRet(tOiL=OA7)5`0=&X;`kHzFm(nHCU!5aCrOyK%AQ}D5M`g~f%@YI-KMz5 zcaw%{kHf4gzE&$>J9$|I=Xunh;wAc10F;Y1%~&pm7R)u*CpOCmSHhE%${r7GnRhR^ zY0FR6!Q{XOzH5vyXB<&{Z&!9#`O0BIdhQ+E7%8oHGUF~0jVY}!C;>6#4iCQarzc0N z-*>5@eR5q-(?4r^U6yXOh1#8f=ReL>33%wqj}g-Ky{j-834)i2hrYpRrJBPd-sUBg zTo4mz7|n0hP+ui=AW!Gf=d-QKGkU==Oex71hVrWuax;sdry}_|aP>JfxgMY=(LnIp z%r@XL?c1>8NO0x8GlxMwbSmm@9Y~S?nrSo<$6&k0Gz(#oi!dz;udRbeJ<|s^zw>R$ z@T1Aj>bfnxHUG2tpRe8Y$!w%>dixoq)gvzS()8*xE-rhr6o5r+SQbL<e9=15<`XrZITq=9vLywaZQ8h9_G<0+v_a z86(DwO0Q%#py6Gx_&*Z5NpuK+tC^r*@i^%;tDT1N$7e5dHK;gM9!KA=WaKsZ1eWr|7(r^UETRR!~vg@Q7h|VV&)V?(ebC#)TLlh-TIi1>#FWSNa9!9 zk)^RJyNk%*pZvSF|BVxudOubtkxG#)jaT{|1ZW&kW7CbfRmyUL*u$`Eu9dY|XX6y< zi3*21ygqzdr&t=l7Z2O9hKm}Io-!XKWpNl6k1C9$*JmN4=2|!U1fdQ^xFxRxKq$;n z3c;l63t<*K7VzLw9T1M=gwMH}s8*wz(5O_A1-f~#RlU%@n~sG1G@cM(0b!>oy7xod zDe?x^66SgBQ@IUAbu&5bDZRdS0&h|tc`zm1%%O1vBsBX9%@hbUNwDAl?!7(Y;olVZ z3_4I7@)p!H{KcJ@08Fd%LX`$N94`^RrXP4w<;-(ykN`Gej%Xjt(t!Nq{OOYe8v2^Y zwDI(F^xbZB%}X5B&nZVFM?t)wWvqLwAR(=E5mDL}#eV_2o)fWbw_9iGZ%r5ylfsQJ zy6Y*tq#=~KyM6x{H1>5eoWV@i% zGl<6QDHL0Dq*gm@45Hf#GmsJ!IYLM~HWt^^2mg)1{!`O`Fv|TqM!BDOvY>u9dyZew z6rb6}T#nccMt?Hg)4qkTdcVW^(sv=9LXl1OthFivySt1fVX2--mLX*5=B?xlIEILd zn#~#2+{9OryII#JJ91quusgW>EngKz_FMcHJIwSbwL2$A=p%o8!=fjcM6N=2x$({9 z`MbMQ$2DB~uMVz+qZ7;xZ=!VN9!5OC12MZ%r*IA|6}Pr#nf$!x5&_MNV}CO%kYFk4`AYfJ6iUKd;7 z{xJ~s4vZg~N1G1m9UwSi$~jCJe?5LN9~@R!D2usBpz{1xIrTjHSFRKf1+G37?&jo7 zvnM=yHtA=DP(hkwe(5Gvd)Lkli4in2hPOgA-)E^*ZK=4yT2cxXW(PT;qL-?)ub_sC zmYy`{o|#zdQ}c@VpE0j=TI;1z{TYfCgKb|9lBHx#c9U-%w?j-;V(~rM#j*48yEM+e zGI9r<6&Y130#9xrYZCn>9od`uYCm;_uB0TGnpDWBqvSs*rcT zrTzNa@!NN3niL2BIe35`(K+eXr-9Y0OK^u9_QOEo7)#Nry-=m9gM6Mt?)0k&N5|tQ z{nUwu>-roi=7Jo9lg`doialOD1t=InYKQXtfQ_ZVy3rF2sqC+tuJEUY-Fl}RdYioR zR7KOC2gi0$ltMc7pIt4JnD5EW_wh$MpAU<3S3R9A&yub~$Lgi&&6YvtY@hcYq;J<$N{O9f z9`v$j9ksD?9u#@aa$iQjCwvwep>c*m2(o%*c1=Ks1kJk)MUd``OWCi)e~)RnoLhnb ze|^GAGl1=v7p}oGZc#Yj;PVSPzNBa@OAr{iFYD43JV{Dd#LQn&&ZxrEk|~8( z6)GB>;yeMz`6}V1CLM~=ctKE$i&eG7)AsPLy-NJP^Q1hA?pHX3ZS)qnwGxWWsWrcL zZd$Ahn9x<@b6_$V`KIF9+md6TMt`cBy~{lr+YLLfA?J_oaku zqGg;``&~h=md(i+xNL%*#) z8IxuQU%W}z_;F?~qiRoPZ5e$zN#`gyTU9^!NHL`TrjpO^rz@w)CuY)tcfHqtocSD5 zs>IVC5@sI#-Mal`WlHFt4uie{n_V=zZ({abtf_L}8s2lvCBl5u=JJO>|K9&xz8Ha? zUA_BZ+C%bocl6tr-@(U0g~$24)o!b)zi8n1L%? zZaX%A+?NZyzx`{Ii}7g0cZv3_8mx7IpU8zTx~KfaXzGDcpR++P0}%C!Jbl0e*i%V> zGae~_Gwscn1G+Ek=U+*7n}WIeCZsFahPqt6k@XH#*r%IvbC8=6Q%_n8Q@~M01oU)3 z8Jaf>1j?fz6v@$*V4-b*;WP!FxiknMR?(IjvgkDsW&|sx=>y(YG^bt+$0riCQkK9c z!+;T6G=+b68B)BhPw+e7&MeXKW0(_kUjs0LE94au0OVr=gv3ICK3+Y2=@F^-^I!VE znXfgH&&|3^Bx!#`x{g;`XVpFS$#|1;18Bd?Q%bLACN#&~Dc`rb@X-C5>Bd-D(WGI* zL|x3v@kz`9HspMIDw6K2Vu#b+Ug62 zHch&Q(m#HTs4jtKqV%kh^$W!Off9n}gycPvBeQ2EuX^{9ba}{Y*DSM%(RK{p2`7ZY72>q^pG`iu@ZMEE*_w(V z@TWF0XuoNbZWM)*o)N_Q5cQQy+@sO)=0cnpgAg2#!B0xie_qR(O@Tdgn|(5Fzvg#F@J4lGbQy{`!qxfOGa?Pix)S+fs2!NoE}l4 zX*rnh`Q9KNXUsy{z4}SP>5{dflXrIfA!5j=ZBmd7ngpja!g4VqO!BbXkyT~!xbJT{B2Qu>W%xD^X8<+Vt zeH!#(2AK)pL_a44W_<;!Do5`zvCt2K+`5pCmmIgf4)JLP7o#>I-kkW(O@WU}#9#Zr z6?Q1(a>}jqCBRe$-mFYS5m{=qFTvIgmD~~ftbTpJ*vQ2uV4Ze!JFnS@DBklRLOi{K z2WbuYBmhi?buwE%aFfR()sX`0?q->1fdEwH2Du|B(f6LW*Eejh=JBsA9uOKd-i7RSF)QZX zriTB%HhfR61nY&q^X5;R%};xB44#_7KDi2AfpV-fE=DlL%prUXhjrQr6%4&YiFEVr zM@QCq*{1un_Vn~JF>zM{0G&)seWHxS4VFQ6swl^laXa*2i9sFAHyV@CNerjaXzn#u zh(wUUQ(cM2@w$FS;x?358ce?z?|pZhX-~#vWEGJo%2OzVeL$KCKe~1?Z4pP>fqJ!e zD5@Fw@SyZa$05#7$_$=whNOxcC1W1V$3&3niqXRJ;j)534=oynl#jhHnsYX7)6 zK~q&hJ7Bcd%FKqBMft>R?8y7Mzv44DSdfqJa{#Q8k$i8aMvbA!@C2kQibX8P1(TN6 zI5o=hs4S>D%U<)krRW+05ikezX~|SoUH;cC_&+ZEf6U+XXJ6>2fT!j|n^9w7W&_VS zV_VutuP<>4Yo`kcZIUI?v<#oh9!B7NChz@g1<3BJZ{{j`PaRgzssU&l9j=pzc6#02 zF#@L)s+w{yuguH)FshIkj}wg?Et3eY7e;=cKQ=kRJUg=u`FLUOTAiKUGh#>e(lScA zbU0lLM!#&?K&!{D_rhdksts)^^6k{L=IA~X>(e$TImkDfUfIXjk7J)Y(6Q^+5KMVML6lA5CD zJ@;n)BfLYOJ#BwnbCO+*^<77O6>oQqvtWvvwGGy(*-4)Xa-jTAOVXds)Bm){`|Nw2 zMO50-A}!ZBk9esP_-<`(E_gaLbqm^^d755S6;>+^7kl{H*GWCqbwFSIX=4jRgZ*=o z^h?s$bKn7bR8E42y)U>SRZ~sGu3b=K*3yOJP@laW5nYpoNOXN|GtnEv&mq$ih$`@@ z*i#!sjJ;;AF}dw0ctxoVA@9D47Fotc%VXCS5>1S!Oioa#t@FZt-YsfZ7~Ylehl^RR~~?srPoY*?p``^1dhY(qKCDZ zl+(Q>#J9D`VuenDI}?rE?ZDe%SM-ic9UAzrogaNh^pdrSwcMRq82E?%^B4BdnV)cY zUCD$($%H>@h~`y@c8W%dCM2{2Z^D#kIaolt{Ollc8-^b0*v;{koJD5z0+10IWM*b> zZDlA)8mSq<*}w?+TGR>#SMSK4wvd*##E1npQ_JYg&INpuq_r%Cg2!ud!Wf{apG#^A z14pdZp9zE7=$c*P4@=2Xbp*rlMsocze)JeS9-{{CYqN1XlLQ&;pu{MJszeDu;mei! z)F`)>7|dvJ6cGUEj&^oZbDlHYvcR=l7}te}8Q8EO`OfY9!Xe%$J>;H*3hgLrcY^yf$5EJWwPy??JLeE@lw&vg2ceNs5(yW%otg zEX4b%U@cdCb^&}~cSH(R6?|^8?Rf>^={&O>gbBn#4V|qnCo*-iY6GH!YP*|)R^v0J zAUzhl_FZ zBQMW;NxS<_xYPjW!$l16v7^*6bys>Uh~UeHbrzZtnnN^jz(X@bhbDnD!>gWriyU+# zqC<7Mk1OySzyK!K4q%zYF(7aCwn(J#g;M35+JgA1FClI8wb{k`U2}I-k29Otcsg4S zG7aw$iKjs+@(e7amVuodgGm6;wWfw3`JW$UZ8u?kPH&5!hFCsY%~V;yW=xGIHv@Je z#MfetoUqC4`EqyIakI@ONn;g0xKKZyd%l5kXrV2~m7(fOdn(D_U_fYpkZrmWBlH8S z7l|yp-d0*)m{r2e9XHW%!ml`O{b{7Y{%-f`up~r|ipZ=Zhqg1bOqLc!$*lJSz1rVAHB*H(NMo5;+GXGv z=cPQJQv5M=C$ec)sXS-d%+?F+FVWQsVobgEf+Hw5U1ro)F|E zM?w1gPVxR(ZPSSX)jZsaPXG#4*+ z82OkFzvT4EVTqv31s;lWg+SXn3$T*b_=62)p@j}U6uM>xU9)0_i{+QlsmYN}KjIT3 zn^+<1UIUoFQ~_B+a@KNnRMUMr_r_iFtRYz{PYxQk!K4~PR@Can+1^aH3x?Ptqidz6 z%|htRqBV03zp4B@q|~A>7t9UpN9iiD%qbopBfi^1y zAp-;OIOA+>?b^cVvl7-OPI03X7~QVwiRWg6uF0SCD#a{wx92}5qcV0io!1TQV{BTm z($RH-6N(oRZw&TRbKQ;T%e3NC3m>J4K(di98V0KO70p5QF3M!^HMF)GEQ@yt(IAY( zX9dDUQtx8bP%h?UP1~6@Ri6Z@zUf=2Hb~CY2a#Q5 z3Xl>IFY1IZ1VKt!$NkCigv1u&F;NVFMjGRl!NhqIJ?27P++%^c%b<%G%SI%lPWWPE zBm=v#kd|edGSlt(pFS`AsiOH;k?Z4nBTaMX)%SMVJ_O{TFB~oqg92ynp3IK?cF0hi z`Fmb6R~r-a(apQ3)eW1w7?RTU{U*S!Tc1^TuA`n2;d^%XttJIZF1xWDCjaRb2Zt{n7E7RhbwvTjXvzEr9xhiw)B^+EKp+Fb}ogqr{vgH#c2a^dS zn>MlCBVu)Md6?|?=bp?VimxKS?csNR4cw&AXQ+EbfFi!#BeD)IH$h|u$c{38Z`aac>V;u;vgaL-ed>#1{ z;rko>4SvUiVV#eGVNJ!{nujkR%%_0r^%r9_2;Yu-AHd+oT2Cc63fL^{?UxEGN3ISg zx;oBK&QGP2f%pIBVExMl0gAij)z11u?T0Sy&DE$#n1qDTJi)~1qG(qD%$|JMc7QtW zjM8U7BAkX+*c=N1%nKbpV#FhfrP^s*Xe7w4Bxv9;HD=PdybI6vohL-m~P#Epv^ zACg479*2HTaf_r{NnCIX<*(o#)f6Do8e&$lw@mm=1iSs5$4^<>sn+|r$6U{<^?XZ~ z`%r$%TqfS~8%9=9j>yQJ6&%mzE7aHNsOQHBz5GYRkNh-3oHr3Rn1|Qu+Mv?mz1Q!3 zi&6bO(LKBUi8X_CGMabrfZhMBMw~mxp1b$cwenQw<0REcjQf^`+oz6BsGD-<_aA3k z(v}M{BfS&Z6ke-XXMMqe?!9O!+fLvAX4LehK+el}F3WGG*ia07GF{L+FioaRZ-&OH z{~@IQUVaGNfH#W!_{W+3+v{<^dS=hUa~J|MJ57O#k+1uIocX#`u;!=EI&7`CwQ<5m zt<(tb(rQi9{Ew(Nf41eS4b+oXoV@&McW&hmKhCfOXRT=z>6BOmI()p2C*K}I2cA$j zd48(?uMg$F3@PLN>_xS=?k=VCyQ6Ki)yAKHefzI3SDCl z0@E*h<>4QxZV@!|ga%39vf$C5DlQG#XXVf;FTxWi-y6<$3kn>^NdZLMQH(jf>jhV#+v6|z@pqYxI8T_S=D-QG6g&= zU!2TYXPVzHGEAPgY7p5Ue>v>BK9u642<>v=Z1L;TqkU625_C)0{nSvYdvTDVUGEmJ z5nLqKZtNL>!9>J$NF`q=8?=zgTYSozQFbr2Jm@hgqid|&1i?aur6*hA7Q5&$s2dmt zmq6qoBO{xU!il%Ee6Mj5o0cfX+f^0Z&3EF$5W5A$m zoybhxf@KPOc3NCY`XXjJ_{~IrA&m^%C^do9#h1rIB>gsOMF=Okz18aOr69~3MoqhIw)tNHae&SFTymYB z60|%Y{o9__Bon<8eR%Kz{H>+zr;Yu8+u*Ms+j2b@)}w_jp11_i76E=9w^xH57bddE zsoK3s*(P7_rAP$3rE5#4INkc|_xby3t-?90RktQ?LNoF|6j^dxP@g^?Q!%(B9#r-) zo$~6U@?3EsRY9jBJ5g$!GyrLFe-xA+M*12zR%;PI;dQG9)lQ>p>Tfyx?sSWDPuP=DdTTFw{9WK*|EqcI2IylU)g2~|Yb$NF;7ks@;5$a{A zoR(ADK4f#>F}>oF=)h-W>F6DnHP*OaLc*}1Vn!a3qrKtN61nn;3)_jWHGUaAi9X>d zwf8xJgOV<$t^WJ_LIYeaI>u+W%5Bf9u zoM}9Y=u?H=YKtNHSj>+zCHNRG4!ydjpJ~3x&3;vA53LKvZi2Rzs6C?2{n!0+|7nN+ zub>652}rGit_3^Jr*zD8mG_QHFyt8Rhf>TIvL1D+C3atAs06;_Kr+-FLv7?LHC6c; zJi0%3Mx-?dWRwF8=D8CuyjuIYyECZ4m!RF~DG#H+gOy9IU334y=E5NqBNAy`Dk63` zAPaQndrAF2?7atATgjF+>TY*CU>lnT44B|+lT5bAnYK+ZNf?9>nFfIXfyjsq-8PsE zwuutSCJ2xS2ALp4XcJ8k7=%bdU~&|goatYE@0x>)5-_p7g}$-5u|7#d%r(7<^ZGQ2BEW)kDoV3Ox+*p2 zG!HX(4Ac~6V8@ozi37c>{$SS935@t6G=;NCQ(Mk{gve=KdOAVh_vWDsS6$+xx*ykXudfBVM zH(?T0DE7Z=<$qD&pdWT=H{_zfe1eoJ#Uwx%3tJqnu2Wai1dvMj6eO5G%cI<p&y&`FE0 zk-_~`?nLo*vY2@F+XZo~Er)WP=v*|X0alt|!VQ)DbfDJp89uT{^|eu)uioL1Gy=T| z?YO(Mn&jCLS6nh`4V;Qo@I-o$J<8<7Ck=7NlmsZ#+SUV1&~X}xh4R!@5kcK-77;E< z@_UfkK~l)@yy?zA5%PM#03e2%2j3`+R17^QPd2oPW}AciIYrH$trInxp44+82}i*L zc_Ev)OAnK}m0q9ENqNa2I%Ve6{imC;sMd#HcKFYFc-u+EX#V#{dpiuuZnSU8(fPdZ zvv$IOB!bVcMQzIf9r1m%-HgJ@{_mXKc2o7mIrU;j(lO_oDsKVuJy|US2}IpbY*b{(cW%Oy>4q(@?>r)r}ojh`$J4>@D6Cv zN_gWug*B=-y>z@awi8*kIGttb9AsSISL+OG0@=0b7BVcj;mH6SatG z2&k$3qSw;GOUI^En)>0*zHpB9JWc+PFkE23hJ;)FLbLpkh7pHa^J&*ic=zt(yYMOAlX%MwCC|jXe|*gU zxqV~xk`BiOZ{*{(5QPjbfGXEf(Q=Tl_!~vTrpHHxD%x7}x>_k|t{}@>=pP1T-)DJz z>f|9?`Z^a-%hI>$JjiaOk#IcEU0;ahZY0te^1=P=zZCE_8LJndRCj-XE-+Bsd zIt3V6&`w9(B%Ez3!TAgFID$uf24d79PK549F@^YuU}=Ht?Hw`zO6hYvU5(9I#;2w% zN*!O4-SzD84{{&Yd)UjyCqJjN7&GCqX=J-cg7VtZj~bBiT&dJ*mN|iB1xKXc*}=#* zvFR<$zij=t3sv*gb$A6OubtZx6rT#)VpQw`L!fEXoPhr1(LCz}@7xd22myfAT)Vkcl-&xkYcO``rY5_}@@ z45VT<;wuwOtP@>hu%lI!Zmpuyg={+-%j2X+px5LXjQ`MbwsuXO*EdREE;5#djeg@0 zv-qs4lgQ!OFB=s__sreV(j{q5@eR%#vem5!qO-raeJ%GrMkHc=y!Hp^yQ!9tfMDGX zj0Y)%ZF+!`hRb!p`XW6R_F?yh@5=e05`ylRU`jLFI7dUxKMm&1Y!t&wI$f$bpjGlX z%pzb8q_{W7xr%oPf0Y~luiVc6>aG6)UQhOY`5GvaCXOo0cE;e7k?iK3yw4@L2P8YU zl2zO~FliE5$geQ83(|yb_iRN_N82{(PVL@G!0gERYSpofPE4KxFhE8taIrKgFd;F{ zV==!pHs8|<4{ucQSL_XsoctD7D9rbPG%@T>BK4A;cVCvu@HzOPf>+w4WJpOqduG*S z7J#)S0lA>KUuxSCUOhz19~P6`f7GN@w&rz@Q=i@RWjA*%P<0tN6I2AWEpY#=asTx8 z3~C)ces5!cetR&ytYyUGMnFe0j%GAm zvbW}%bE2lv37iW#k^AiebHB>*?kRgk#5<#tpewK2G>RMSnhQ4ccdf{Ir~ICqpCD>J zL&M$sr_cYba}eJNysVr1uCX#VEd19MRh{D-r6&{N>+(jI&+&eq44qTB7F4rIA=qns zriwTT*Hmjeb}c&DA1z?$aF`quM$QdemIdYWgH&t&sg=`YW%ccQ=1Z=(2c-Y39+ciC zi=()wMk3o#!=dKsN=irR;PM8=$iK}+5fO}QtY;-_{pxn6s?!kUJPljAn0z~;NYP@*N|{E=d<_sf(p zBDkw)2Vqw)VhpOEZ}W0pz9^y4E~Y>RF8sA5Hd_oMoKkCrLghQ>3Sj{;6|jd{M9(1k z@_+~M&N}4yu0@8+3@knT?e0lX8BxVq$cpVirUCxE@{ZmjT%z}B+H4Y?8kLRv*l4Y- z%8_~iv}}kvewmj&w38uw_LyddPsfg9(S+IX`Svbx29%Dm0i<+f%OOT1yC;?vX~_8F zFh)2{3=<@zzHR_y#I9Jta++jQ&Gt4*M!=>08(f>(oe%6RUAx7H8%0w0E2Jf_6Eo~J z`|6ukhl;;vA(V5fdKDb=^s~)UAtG_=`Hi`(LMbH`=ubs2kFTfv{7)A6H~(G-dOn(# zD&VD~>dD1;tUf@*6op zH~uc^o)NF@tWh9g&#hSplHwFv+HUF*TrF*B-oiOC)PS&e5Dy-tMw95rJW0bgj+t`c zp-MQ#Ii-JLEln7#TLirFHr*qq*jdhcf$MrAt1WDPhGk@}Z@?sT36<*-O0$EIch%Gv zOG_u?gH%lCWK?(5^jwq5!A61r9=!OwmFe%OW0(1)@hdWV$7M55O)H4cMIH&R)liHL z<PgAg(wf% zZFnuNuZK>LbFp>t|1iI^H#zih{r$_S;#m~i4gkK?(QH(5!0_wNpRL6OQJ;U;zPP_&DTt&FH6ESjQV_c^689iP+U29yMI;6?oHz5`Q20 zCqMV;>xW@^B-((pA3}Mo6HP+OUB^zkYurXdVb!49eF;eTYLer#@ugl%s>eP6ibSEI*;83ka zWMD=ors-su*c5K@*N3!y)VZP3feGcCP7O4kl?vaJ+_Xy%WH7i+3+m6c-FR~9_0_ly zxaFF6xo&}vEiit%NuM~nP#J(+eA-eCZ15vFOpk_r478||*Ml0?BeI@j7K^pY$iv0M zra3uUFHlR5$U((Gb4Gp|CnEClKcCKnuLbS4XR9_-EfT6X^*XavBfX2Glp$kt|JvyU zo5{}1^Czl`3^jN0F)6xENyvQJKP_lYW(hec4G2EP4^t8ts@!c}lwof{D0zpM#NvdpKj}T7okIDtpz$?s#ppbmp?H*g=!O=aJpKjrtlAZv4Od ze8rp`{VGZJYq8!5PvC=@;=m6BFR0teOsZO&Q$@73?ScRPodECYY0Jd%Xas=YSM3$M znC8hOs?AZu<9ad|dLNXfWY$=ib?Yj}crWW}TvF|4d!PI)tm&rDfe{kVzIYG;>~Y*t zcrb>=nXTkwOFM-b*lh+CMQmH;t;1smR2R54Rv=ah=W3j?jN4zq(0g!k@Kz}NKFljy z2+H??_+Y)i_QFN3kWT?`XAm?bSUDsuA9YP;${-^k`QhFj%v8>^5`Zo^%gCQb0kec~ zn{;cf1yOs}-euPZuj;;rKYy<~lvpcu^UxEwx#3gN+h;x`-ls*~)9lmSSvNKkqV)+0 zJ9Ealw!*OhjOgK=jjv9AD#lcPPdU>d^nEYXIz>${ICJLrRO)U;ZOLDH%tz&vcS}aa z(wXxr#MIxevI;`ADMXQn`BmvIou&^mWW_sWNkGJI3WnnZ@srlulYZOiDcw0H!`T)%4+r(4K3Q=xU3tet-&dkagm{OCRk{r`u z$$Ta;jT-oQ+HB&A?If0{cSVi3)mIy}yWs>|1kUJH$2es5qx)UjqJDkUO93SypG0$d z6%5u$CWmySc9vfT;lq=P6kIEY4|ARCKr*xI?fcvXzQM*@{Jymh2K^JEf-nX<6-=}V z%GXk}X)v+vlE<5w!|NFK!$P9eDsS^9oH{{Lw-^nHuuMz!gav3-fh(z3YdrOB%D0Eu z1FqYBevs5~ReMd{Wo9_(2g7#qr^3?KsSIjzJA(hY3b}xsh8o!kY01WrWWk2U!J}@O z3|upUj668N;abbM#{y=AMmmY`J`i0oRryOuXBo*O`QBWghy zcRfF-f?FbXg~6}q$`El=oFE+i1pJXPm$0!-2l%&n+sV5BjCahmKtfkm)0k*_YRrRe z7(av@H#yf8iq8$10{|3_1l}@G1itd6Eg2PA>7oe^SePgVTFJS@8OEO7O~Y}<#^zIcb~r>b z<4T%P1bA79jr5wq7P2D%fw%;J66@TdfzvkMcZTb7;$7uGwPn8WR~&ywigYNj&k7Xo9X$wDdM;^@@nJ3uKwatB~AB3Mxu? zog4TT%VZ?GwM?9=KUP0jn9ZIyY&>I$A`Z7B$dvKS#fpR=q;nS6I2s1CdJ^4eFvWa# zaTN#5Y$~$G3T@aDa!0Lq5FkJTl@O_^<<~wJspU7yax2;9w+k2v2N#D^%!1gR(om}k zx^PeP2YmC5ddWL-dOsI_!cI9i(X4=+HpnNX6N+)7eJ!^VP93|SRu6TmI81GO{dOVn z07j?;z&suK(R(H6lD4x4r=l85n%b(bO)>k6TXwz&LvaYl9hM9VOv&c}^MH_S8H*Yt z@*KJwFxI4|j0;RkA=s%5zGs(CbBDbgi-wqy6l8z&(k7HIOQhWXJy{~FbF~!$^9RY~KP2Ezen< zcvA#MsM=d~20!^Ail8`DXG&5-=L94>Jlwa-Qz|El$Yuqm_xK!>CH99oL>Rs~ix~!Y z)FpOzgzPGV!aPi0z>cC)>hH;ft-;kvE%cOo)cM%loHDvPHB#(r>o>dF1g~IdH2;wQ zS_^#dqjBHs#hl(plL%jHw1*ZelwV^nKvsk5}yL zuvworbPn0c9UI2R^bRJw)c^q=lSY+Jzqdmvj^xW2GV-teBCz`8ec9@x6V zP~b#C0lTWUY3VaGgDo$Xr%5!bcWgK5ko=3)055J6+P();BnQTtAtgr@AA0i5&Yx&FK44EJRC4ON{LX7eHXT>0wrWl^iGh_8MHOa``9{2m zHr`Ql&GJy6`*y)PS0&f&#;cSi;_DPc)dc0Gbn8~N;^|XRdS)vR`}wsnfyQO}>QPSU zwW|4#t(0HTB9^XLDe_y_V-=FE9 zyHnLeFung?Y zZi?SQh*$%$CGGR}Yi@Z&I~Z_slG5u#SR;XZm6f)$zboB!t{lk?)D{1n^mfi;b3v~BQ&Tn(Oblv_++XvD0Dx+G^!C1;$>OiB z2{2shAPXnacFDP7K@KeeVh6)d-N7uJ`>wc~yUw}6seL^l^HKiD;mwfGw zwUpm>K^dw%BUu#$l~d#WsTGWbK-nX-TRyy1(y+%t6f1(lilXyfV_IQjF_zRX7bKzV z_M$3TK1G?n;P9NJ_eI!`9Z0;FwZG8*iOz2A4;?zdbZoOtwQNY3i2cdh_+q5#`C`&| z0Xu7+4Qs<~H*07MG(7MZt<&V|u2|7J9SN>PqpPRaWD>w`VuweWiP$;rpa?lRTYSDE zzB5tEyE>!#4uUG@W@;?svjF17i2-?PtWi61)=5Q#Y>`v3>`Y_pAcca>cpO}p0UZd2 zEU$YP#W|*YUZrR!7QeGbB^Cq~raMm6MzRJV=Ef;NmjXj7KlY8UcMa#0gk@Q^Ia zU;s#`*CqJ2S*Ov{9!m@@>$Yp0gk^p%+!gaMiQypY`}20V))6iP&!T6yq>wjl&Nz?+ z2DKK7PAJU{!a6hVpl~Ijl2gT)9ky|gO^NxV${&w}GLNIp%5288%T2Vo_;09}iWgm~ zH1sNaqftIlo+Bos0zYy|Q0&}%_S}bnQZf$s{#o*+yFTZ(@w?mGkm0-|e_jsnfZr}a zCd(hA*C{r%``DJmDw#!i>=HI6S5Hz$70d~Z)G{C1{jrnq!{^@2yc4IgxX`fkBKKMH>{a zmr&%}+*9fv2L;yR{aKbf=EPsWq%~T@5|rAx&fet+%oP}EpMh+Kr1mTR!vC-Y99o50G-f=|DX@b$VPZM`s?FjYVup4mSTXvr;CK_Td4zW~Wb)R^;^G+q2 zwO2qnM%$z0G~=sqq)J!Ul+?1S04+O0Z!I|LHk=qq;R<0%?3;quFQKIgaLGln1aEAX zuL0DwUBgh-X*TJ_M<9orwc!+xhV}}VXa(7m6XR){EwNBNY$OZG?1R8NSYNV{yk)vs z#Y0W)8n7)vCc%YZ#azoR~p_S@dPVkTVmf( z-DSTrZ7ZaodsITM<+LiBp-C+dim@tR@Ao#nP?C04dHGXv#ag`M>>}VfUZg`9qVKUyxl~ zI+=aboa@{kGosL9TFQ<A+B_A_1XX4O4$&TxG62qYbmQaXlU$4J!xxRqwO+%DOz)i_h6(`m31+cPEv3{|L z8)cHD>Wp^cq0k|0mMKxlE_{C(`AJDExyG=U7G_pjsq&^uK`020$sIL4tg%AF^KLu6 z{{ZCQY>v{B-=*ox8KNB?Vj74DmRVz@7>2)!<@xApR@H|>ELn7d*03_pQtekbXtum!Bg1#;bYgMC6{zq{!q^wrfpr=9<>T`?E>s1DhSGuJC&xASs}F zZ@|`lF!_uVqv35(Ps=LW-T&&Eku7h;6;$V2zoWu&$o#$o7Zp;(Givuwld5SD{`9h?_rSFP6OE9F2BXx)Bt_3@vqh`=uJo}| zVu;}nUu!|0%&>vqF6hzxRWyF(3BPs#x%;t&Cfwr->ZBcIc6mxn7W5)8v@T4kJ?DW< zz>a*xvFY0BBloXu{@$n8&W1vZwmM0NsJ1^J=o-Q^;dWvba0vH57bs*L(sG*-smc?H zc$sr}im@W-q#x}o?T+s^Y)1cfK~9l?VwN2|$#g8qKJtx*$ z+CY_C7yqf)c&0M!w+nZFKO42AF!{3z;_093t8#AC%}z5qg6|*I|Iu~-7&iasePwFt z>6JUz{&}vs$vO}@t$MB9TUeK|l!6ee_aZWqWmm#HE<`g*H zcqA*$o{U60trYwktrAp~=Ax};q`0nhW0ZC#?a-KRLgL^@moie=wiwB|CEGUo z;OVfnky7kbQEs0#9-_u#*15aJ?!1@PYqbnGsa& z5;L%EiH6(2!m8K5>>$q%uJ|@Pc4Gkc5XB=&`>V*#r}QI_f+-Z6|Gh+CoFw>xd*u6r z7PiHhg^!7*+X_QS^AH9p%n$UmHw+N+7&zIZPSs$j3vT6{Rc}NWv3mcZjU$OZm$+sQs=MPtK z>5|sc!8D{NR|Ot|;JsfEAYol+;+Wwv^S#q+Q;tU#{Nme&R}95JGg#)dFBdbG!hRio z28O?fy~GWSWZU;%_c%Csv@_#X^rLAt}S_^ zAONnR)7}U z4#mbC$ij=tzApro;eSPfTcCXidN5o~5DTvbYE{$Ud2{A!nth*Kv0C3@IjJalMyK!2 zaEr^;dl8Nqi7mnT^0t0cwV0=!lB1R*c&>7;+X#KVpu1)a@;IZ^G$qTP1f?mPrBTIq zB^{?zBUb+Fqlq|x>JF(!CK553Igc*x8)Ri<=+zk7*u|?tX;W8R(_9*)-~-+q0JpC} z%f0Q}WShg-&di00I@rUC4HmGkA*&%sXO=W~C#kC@TC#%s7oNN)CBu-2XYXvU_I4J? z)Uj5qTHbJa?xLQrJ9hZsUKNr7h7dITAo#Lv$yvclk7N~x08Myk+Orxlf{Wd1sCm?C z&%F(2y$Ugp=5XQ!2A%^25|M5d{ct5HycA6|oVYJm!&7gplZE$q7>Cf*zBXGcV;jHs zq~jeVVT@I%IkGC(^7*=mX$D1b?kZFa-X{PYE!S6xEs8$U^BdiOp;ft%^w{s}r$4hs zh8ob1i<&fcfm_yS?EVIdZ32zUwJGZaU9Ae>+JT71i4Y-@3M;6Nm5A?JTrS0zbmT~> zEfK;M3B-=G0QQ!mN6Fr>JX)IVjO-|w-seD=5`SthuI?kjVcF~=mN^qv~; ztET64pi|`?{#|DcLLa_5TReAa1Am+Lh)E3z;pKvO6~dyF@D0*eBuq;iODnHBL7&3k zRNgJ+O%eW%!G1HH!*a|7t64+Y3V2tFfSc~#@o?PD`an{U;q)N~XlNO;dUVN|Iu$c* z`cB6&NZdFgthR~^FQqgzAfbZ!u#!5%dbFqWeeXEHZx?XA>vM9nT=NNxFf2%7&JLX~ zn$>$y?j#X3={sJ#>M!nuaYLNqEe;99(jNkRfSryDPJZ)gB0CHP3k5NB6XBJlm_%^KTK zak{vQHyCw(f+3(0eRJUMF23<#hBJ9U9Mo&bYXI*oZ71YXzOc5_`HbAN}5E9pLgS$nWgKm zLCyU&Tg;-w@;ioUk4o*WjeMJm0XT<~JBy)NarBR_!(!}L)5;(`rB^d7gNo7v^{=#A z*k8FM)kHZzu`~7m<%sxY^VS!&f9(DL)DwQpB}WW%`oI1~S`sa@=!vgLc#`J&VZw0j z5oX5P$X%_Zy3m>}J|_;bR(n=#R0dkqt9s&I2z%rzgtp)pfO5gmEX>V+ILs>tAr_%% zb-Vgnz5XxY@{h_dmPt3_1X71O#qStiSx;zu5_AaC=R~Aw2}c`W+`e%FR5qAgxi%!D zROk|vOKl7LjNL#LcgV1M&{y4JhJ8QuLD@r~G9D6E6=+O6%DUFF!9fUHb*3FY08CEx zQuz7E#>l*CqV6PEq^`snQ_{MC1A}B<_kdX=$rIub1xaH7yD_Q{_8{8A!39 zsHkMnrUVoy1rO!i5e~18nEzym&-+|%I-^r3M(GKLo^T$^osLh285Lr7oc8^5B0TRE z(#gHrIS%U~ZUCU_6eD;aZ#p2*(U?s!AaNXp9-o!*L>#p>--)=O5Pq%FDGHv+iSJA?geS}{9XqH2*~k8S&-gr3Cu^PGFc$&&kxJi7Ui2169do35| z6JO09Pye#5{mDDb^VcJO$3IZT@Q)HzSQN=qH^diZvtz@1BF;2V-o(S9Y zP(pfnfqmaEeSU&RN~O`&56YEFi{in+Fsxc$RcNL0j*Tly>$>P#7qgZ&iLZC8<$1L0 zQSOH&Og1M3eu7P`4$H_o<@xiH46D9#sinEZs<--woro71C2NAx%M0`C4{=LdllVYH zWS-h&l6lcbQ-bVFU!?qA#BE^#AHeED`r@te8&QM3qU!GkqMLpR{uk>l-v3k9Ti;w# zJIX5GG+@uzw6U_snZ2|5l?zyX{Pok7K`w(?&fxR%rZl(baJ<>h1DuuUdKociP54c* zn6{+#gKnUZg{4+d&c`Hy`Mq+{{g8g|`cZR~LnK@1x!>aJ2GCbFv|(`*b*8|>HcdIV%9eBP zHoZ%tx27G6*9@B|W^#><#X>o|%3Upio{+vyD-k0YmJxnUY8;qM3R)FB(s=?rDe=BY zlV8!oa}(9gsNF(#q&;ofJ&!9R^FWVlaXl*nGgl{v8bmBaZXfIQx5i$@7d3NQB_zFv48(45m<5t#$=ZMfhcFy+xkl5fj>WJ6dL?E)CT8^ssc}C+7l1 z-P_YM(>#H(ZC15(7s6VGpB_B1Ea!-xE|l$!c46o`_YKThpoRIuN;-v-7OsztrrUKK zJCEG>#eZ^C=%QtsTB$YuE#1Go_s&W^yJgXnM)o3wIqqs40KHQNu**`_7ljj_COl2PX@xYm1YI3%&AD{GxnTy8%EGwz z+o3B*4R**1!hP*sCJvLvHLN7FhdqxH#(uqU;U@*N#w>}khLK^QA%)qe2G4(5p1zve z&@sC~?M-tFj=@i;5wvSihDHSn#bxnq3x%JpT3wycs)F}qX(iWu5AG4OLcd?VNSYuV zlwBs=n52G@ddBBL8EE=R?UTpi^f$pj?;tC}*1p+z5+HwgZTNCljqj%UO&@MT-LJN9 zRcW}q;9o;t(MZkT?tQaJw>}xUIQen|@s*?GrUHCv>OJ4Qg0JV#O+N+^A?kZS|D&5&ep!i>20)w2Q{!R2M@V4HEj%XlWfJ#02^w@F9@cdd5AHXkaNlYbwXFRkQ? zUEsJcg!Tn5Jg8)*a+1`4X}XJ@+vKa}vaym<2)Owe?avE@7jyd$!t3{&O-eJzQT?#{ zXwfdS>oxxGyY4z8bS0keSttP{)V4a%Ym7JAoc zicqQ+@GP*<47u0ZpDo50x+YoJBf^`bsR;7D*B_}Ay>ZPqK(20kDlTPMq{iJY`i#=YhL@%9G>(|&Wr=NC5rxT=3h!geSxZ?jok z6UYxMtXlMK$cyp*vXEr!%u`mCd>PhXJj)})skGvS>*j0gr`y@BP}K=UUs!lHtyl5LA`y5p4>E7@V(3#}yo~t)=%Mva*C3 zH2`$lht3LATNjL4!T-ryzb?=5bX>&<#D}lV+%r}r%+5n8-fr@Fj+5icNf54Wf&5Q= zWRSv!c3;KB%j72ml+;5cu}yQS6nwYihmRl@&h=)b1xC~4K%oW720bClC=8C8H~ ze*y$EMbF-Og-{>!bzEvIO@{0U4r=XY>^3>P0_vW77STDE z%yL1E1WZ%SmAicEp}2MH;(u+CJx55=MyMTeWcK5(yK|^r9hU2He3NLoTEM{aj z66P)k%TZ`PyPYV&>MiK~6xaFjDgBM@b$ikTXYhqfkLo}n4rtx&vEl%f>BYfMfBU?- z!Eu91^dRcE++V>Jf;|@Sk%bn-mutGxZhvYJ)t83nV|}$PiqI_Su24>GZYDC=6wD5i zVb`2v<=IjTG;t7mmI!zSKgHO8)WkpC!gbLYoMz(E&j6CD!g93Oa$P!I3phIgNn<(3 z_wPSUa?YTP+Dt4ibfYW4GBPrXeSO;u6t(#8KRX{s$BF#;auPg2IRNJ($1pSrA-r`TioZLINID-&5V=H=m2#yLveGv=BCa!>(O?D(~H( z^1erXjYGff0+nJf!$!peDd0X3tLY4I1i&H#0J3m4-CB-9^=&HLtU3EU#S{Wtb*i+= zVn_s;Qo^&+rt)JKS|uoO+N#$AgWeL`iX;Heg0>_4a#CS7Bk6Kw`$=?jEi+{LQz!Uz zlCy<*tH=jb@U=!?FB1zdOhRdYIbi#Jq@s*>N~>!kl$dQkX|pn3{FvgmPFa1w!)BK+ zxxE90mBv>k!!j4ng{p`Is!dCKa z)nZMG;@uXm>+l}qjDD-+ZtFOB8{TlNu6HaJR~0X$Qls!4#d~1^;cVz(=xHiC(pw9r zKKW))^hSlUmF1e!mzgvj;mPY5lW53B4nx{BO$d$aWM)g(%~l3;J{U9z?F<%;%^#56 z3&nh#`R&5@l8!RSy_`+DzfBzg%ms&u#$c5kJi&aha@0cH19T~>4PKhyiZZ$@$Ir0z z-{1cD0LgDc%`wB9mGIi-$U}DJmT!xm%{+04-Ku`_?v7zy7V}F_PDDnDiR(aDGF@av zWIuj|za%`e54pkT(K(fYai=5_o3MoaMW1Zdz7tOwc6aOKwx02xxnBJ}mCu)d=KEIh z@|!a$XpLw8mOI??<*>caw0piNoEzsbrViU$|>gFa3a)TRv zPt$q9*IK0O$IwjCQ;}~~yEF(asF9H6C#CLL?aS=C9p$x^>l7ll7xn{Q1l3ks!f1+M zH@#lkx%!^s41m7A(D*QOq2>+VCl)OQR7adsrZi4hrW=#L2?#$Qi6)*XH9dial1O@I zEwcz9XZwkfm@kh*kmTY9wL-pJoA*M9*ES>G_y5B7$Ie65;O~zC7jwExq-`lSL$CNh z{KZ*ZlxiqR%ibu?HLGa-(0?OgWrrvQ+EQ+dE9vNE|7nh0$N93mV6q0o|8L)64ek4c zsbud^@~mYUzj|+Mf2Y~4HkxuUTh*%P z8`Rkkvt6F9IyscEd+yZCHOY8dsGZt3)MsbOL(HRUQ6Zs7;Lr4u@UE51Zn+<+bJc#A z5l{9to~l^yGf(rTyj6kUtvY@*vGg8!xSsRR)n3$fIW99#M6ZXxLK4<_n^lB=L=I~} zcVE;D{6yaxSH4*L?&NMEZ$-#uPsY@rx8~;9*`MgXV=Dh>?7zMnGuAmfxmB1{)RulX zFvC(#rI&1UzL#VS38LxFwm5xC%+gG)hL;#zSt!X+dl6A^&g1$>G)xEtEbP}I>S{d`Zo}lh-ytI!<-@@ehw5 zzTwqrTw@OAXSP@a;BXyFKC!}mkt#QxqTAP);ZSTBw#;gHe*B7WLvBFJ8na%|3A1Q% z2~Gcsd$ddzNlf)nBCM4=C~A;bOR)5c`!7D-*~TZ+3>nR9c68#|AWKUj$AQjn2tmRa=7MFyaL(xznh!ezWp;!2kk?ziz5n^miJFigLEo+RG zu>l|~YcW$J8YhnDSJ5r;dHhtj56z_GseA$Y^98O;G(&ovt8lMF&Xm)$n>v5`7tbX7 zyCLP@yNYq@Eu|@8JXW)UKSL~8a-|FL9A-VIu@EepG4R=Mc zD>W`ZzPDR9B{F#ETn_dqlN?R0OT#FiPY?__`0FPtoU3jEkHuXz-qqiY0Ao?{4Y}{a z>vNmf_8ZGIk@s;B1}_gp$^>v2*htmSCg(bK?=PBlnkt8_`ImcwD{*?UCbgzzEkU|r zK)A$DE-(yDG=bCjY5yNaS3*-y>g*tuYIFW#@is%ARm;#0Pxgyr1{-T6XVpz~VH^ zL51WB+Jj_njW=Y7-BIzwI|d;p9o~iwD+>h*nLYj7Dj?R3{RqF{T-7bAScEyAs&ErY zv@Iw>Xv^AQ84|!_+y4H-RD}{W4pX65Jt6~08evfgK~6rf9NE*WZMo!%e#a@N?Xtcc zjqQqeiI!G<(5p;-5{1uVa32Q0*j^b-{sleobVG5Ohkr=L>9)T(BjmRSNUo{A4Xs`B z0E!w^MuEMVzFOH{KYYgKy=B4pmR&ordN*&yOq54;q=}mcptGizHFt3ygnn^uxfzC8dl$mcW_u|Ms{4+m6(Kkb?Q5_KmUhK z`fnV_?jL<91i@Fj|fYSl|8a0+&kS=KAQVisI%P`KuY>JW7K; ze_!YNdG1R1aWX+_&=VN(HL<1Tp7ma@K1i6ledXV1=mMVfg;yx}<#uz>-pR$nt-H(e z#hb1t@5fc|9+L)}j*Q-wvM2tqOIvB{ec8F`U3%-_<_acblWLp9_w$zi>XOxwJcHIP zbs~0td-$K5xf%PeE^CC%hIKgfcArDjmMjtJKK@O@4eT5Gc>iknJ@-zYwUu0=y=<1e z*E{i`6Q!(h9%kiIpV@KIWOWt6aW2BE@y+12IG3(B4}HjxxY-fUI!}N)iI4F(CnvdN zs6x7bclt7>kteFbj0ZRHYC(Dsify!;=alq@B;WhzX{YiSlAMIt-s4H7wN;E6^ycv~ zsVHTW@}63N8`l-C?6ORz#N66uZ%|dRzdv$6lZ;5c5fT0`7x2U<@ zpKWRwbDc|FF^B=jWyy&Qo81@CcKM}hKMsU`#qp!6S#IBP`h{My$1n!}d*t$Z z^OsI;`!SZK)5@VMbuuGX)KIezWk_vqCvDX+|GQ6ZCT5j;Ve5Mfgcp3y(x&#C&953B zbY*>?62eRjj8`X(nf!U;2-K~MmS?_GaaewgAe=?17nB?{eQ1HUdm|1j!19ylt$D`7 zAyX5+>-yZD9X<~V`XlcN@L#<*9Mb=OKJMW{HV+swyF*|jFFn4M&Jy{a%A31WrsP`G zCKDf;N|Z;8kB0+#S(5qV2=g9=8998geovW7v2LCm2=}u})mb^gXl21(Sa5PRj^*fI zn@7g}G3Sy0d^@@D?@qTYrU+hEjr3n|sc2SUd}H}#UEA9DAi-q5vporXAzaoJDsC^k zI`W`D!;o!mOgP}XKr8vjE@8B(VOMgEs2f4iyh2`dU314M5x}_*a7lU{s?^e+bZ1f8 z62TpOu3b-BC`}4pt1~pVDOn>?!4N|LNkPR{b*$YMlg>yw)m=dA&ZDJC3{(SNU$$yo z7O&6yI`T6ETFD}Rpwbl-i-DmFmzMAx0((}Nf0Qxd`;*|Z7 z#r>XAwTA5`lfuRXr^pzwI}1aFpWh%-NHXT@>v%rb-MNv?e!7$F3BYt=$Fd1bvDRE) zU!X$_+4^?0hbQCmh0~FMq^B8GR<8@JX}LEy7Ncy~jf16cdst(jS26Sn75@n#UHU=szs(7`)w#t_XBmJ!Fe`V?a`@ffNDLoAz zGHYTWF#(%-Ns<>ytX?{Gf<)@*H#(cljsJ_i_ke0@>H5a;+OVNW2f;#<-a>DR6zNhz zFVcea9;66Y0i^_x79cbs5Fnulp;rX~A%qq}4@j>8=~DgTectwzd!OgN>-(?u`TpOt zSgbiSb0%lz>@(*#d-neAi|D?;zvd5e&V;+{WblCLl6Q+2eG{>xAA<7^vJzbV_sp53 zbYED`of=ghRJqW%7{4?6gI4}j5nXSTi`HQkN->@NL*d{zQSRi+Ow^i6xyj)UVw28| z641_}tKX8ZCJ1?W(f#ZPImr9*qy_x4OAnQh+yKU~jKoZ=xz=M%@Thc4$kuk4 zRQvT$4eIYz{)uDTkdfVvTU41mZ$(n=Ehbv_9P_2Da^qm;^j; z>%Zzz)W>tb9#uR@AGPXTl^W=R7u9hlzaK4tPI||09~S!KBCXB(4LPNs=G=hTQ1F{K z+~2*qo0ldMBXTR|acM$EWk!Qd)h)9|6%pGED?9zI*^qeH;nrxun5)}{?(S`_A)mZ@ z`VJ8&zp@PRe$|@HVD9(^+X{vQA{8~$Wa0NQTg0ec=2PCHk8Yp`_3kuy3S`NANqoOh zE@UD`dD)zM)3x4`@k z{?V9RuIf=}Lvd}~$%3n=P4q9D29f(Q}tsvC*LuV1uRLYwE5ZU`4x*vad)*_zxU&n3Y^du^u-jjmw zXPUtcZhfZX&GcQ;xt(#?{Pj1gDN3fpf2W$tplWXZ3$L}_(eLqEqooXk?U$O0Q+LF4 zIoMk0{?SB7b%W44p!2fni=cxYzJ{sr%A3kU~lvP)Dtwc@b+VqGp^qDW@efI_jRjh+%a^mBuwgS=xx zF3#|!ttKY}TVxBBGsLRu*5{X<0k8}MKk4O-Z)>qL^cQOjNu26UncvA`KA+zG_5bs- ztIt-qedTlrtA_2~&S`;0;>ZJqG_S$s%OeRBB6-?sLq1B5n^MU^m)RMg-=FcH@lcO^ z^>&nP;(lvth0qGw)eu+2UK=1`zD#RFxZooE?cWZUHJwR)BViJ6Qeyg%H%(!_prBIW zYsax8Z-1$*t_b%+y>m%jM1_lymyC@F)KLSbg@EX5IT%3nOzW4JdbKPfJxw6JjxlOZ zizIml;#-SlwH)T=!$k%z=A4{N_e@O%F^$7_Do0`4#=O=kjb>Z;009vpO>xIeQz#PV zP%AO4*w*b(8!APhsB{6c^sRF%X@!{N^U>~J*0hR3x~Rr)twD6aZ8MK+U32d;*Kj!ZdFNTLbu4l!#-tU?ecB0*%XbLc`RsxbDurDBBToK5^%nC(}@S!MS zSU(@QbfEV{f6$~o1?`_#1~F5jQ@_88BosBrS z8PAw5cMx{1z zID{kIQ!raty*I9-k&cxXw#Y$$&7jPMIP*LlNz|gzAEJhy&Jpy(a=C43`7d+`~E)xkkY0%Y}K<=Cxm?OkL;bxZ4cn*QD5OX5yA#c>6S6~*A_t$5Le=2Y!S+Wy zhBDeNjf#^ckvR?}?Iyca-=5S~$tD0e%R zHahLxJWTfC0d%SOgNtcyK63@d&1FJ4Bql(VPGoo~#;hvC=Gz4E7{rlM!iy7IbFtF& zOM|-DM7y7md&kWxr+#3$Mxv1FT{Fz+oJT-1VEG9`nT^L5x;>Oa`Z#eAPa`^7-zbOJ zEtq3;>OO7nO6NVV3U!~iGvg;Qvr3`(WV*O>H&;NJesKETGI`fSmWbT-o`?hj_N;&# zSGL1}sj+iqlt);-7_TWwE2^)e8wFlQMA{TmUjM9IhFS^uh+3#5I_~;q*vqEYr!@Q5 zw%1pe8UiuZJekG7VIUAFYn=Kl3%LE@uY~Qtd-8MZLP?lDl(qNrtRN1;O5vyUZRX!l zy%zX$z@%G8#N+uzMyk&0RCHQ3YQNDz72zNGX?NT&p4g~uxTOxd+gVBP=~aajCq>0d z$fDmXMewD}S<(PF-FhKxEA@sXPrEew?QMa`!<4Oxd*g0$+Bt_-fKLj1?FXJ34%3Fha2b$wH1c^$rz=#Q^PnB6!;^`9s&mJ%$c`n-0>$Pqk2;1r^0wIXB>ROJj9Dvi*W!*X^MU#u0d3UsY=>Hz$h(9mpyf2Dnp{0 z5L85+*XCN975O&V!pVTa>xRfm%W0+?{!(Q7swRwE-1y*7=Z8y6X9?`joIay~r<7$E z;qR_{CuNu3D>nS5{D~#zSK0pymz{Y<{96C%E8?qq!nq+qY-wUKbfo1?5YB1Kc7;7( z*?eqY{m2+E=Py%Lyy4F=O|6&1b3Ug6JIf172)Q&(-~OcaKAG^fy0mfX0c~iTbVJuW zmYBbr`G5JfsZ0ydiOqF*TO_TurO7svV8?%%SuSTYF+urRN8RFTw#bTiKV%!sMy=)A z#^NT%p=Bza)}=LMFb`flVMvMCw1EZs8coV#2+SL3T3@(kr~NWQ5aBkOGq105NP}nc z_Uh%M(UUMrRqk9e%}ScZ)$OmdEHAa@laeW@ybv?rbX!x& zTW+;3AI}ZVWMobm-2Mo^&1p}IM!^lwaW{@HK0sH$rdK+i(8EZao&(*31V~GK@>Kk? z5k+;wdg5t(#Oy?{gYh;W8c^Za>RnK-z9&P+K!Uk_L5v%@bti% zmo(FYtYscA#4?oox_MNKdo97lE!98IfeKoXMWZ>9E3rH4iY~+7$)pOwLXpJ38@<03 z?Vp|V^9;GN5DCSSta?8y+!|>YB5i!E*xVdj%^^^E&b0ybs7Qvrii(~j!(M=jfuWuz z5KpZ`CE7hrc?&Hf(@%*{wFC)QN-vvW8B4N$L3}5(Qz)!rj#0VNDL^~)Y}Ya3?u@gPG|3rWErMRb!_fu*60K7CJ15WCVyBdi(-W= zD_1b%r3d$0cRl)i;or$dw|^ZAdV?~GGTla56*#7Jq``%PU;!2eg^RHcBT-;(1cw80 zGiYAEOFer#dYn+~!sC*YX4Hp(^vv>tKQ{u6?~-1TN2x3?m0kInH8?XK`>0ghF57_L z`Z^q%nkl;>8=fDq-$ek}<{;fm1>nZDBCgim zH_v}^1V$#$O0JSg({Ul)ir%YBpo4DOmEMc{;7cp=o1NrShxW%E1*A`)SCFcO>ZS(h zHl-G`hGgdc9CW&?WUy7uHk-NeP3nftW|yYOEPrGjx(632tKWQaE-?i{r{sZmXk&qg zd<|07Ofhuyn?Cr|Iv*4@mpGa`UNB>|)vUCojO8F`N2C#BZCB(>mm{YsyNe8E4SOGf zdr3&`RlWUR5-+Q~#hniY5cEv{KhJO*5g(;jc}W5of*iFgq7o^ArTu~NX@KIt8qX2d zK?RF^)B!vA=~yOeBZ5eJ9!cThV#_Z+-hY%K@bQ4%nzNwX@pT2&8*y8?>mA{(=j-(Z zYB=eAZeN^Bp4Q-kV03S`+DfKR`Rg&PT+eAh_sC^mYnYiABAMpNE}4qV$wd~Eo%tW7 z^7}6@|CzTggOekO_`oVI!UB+N$Me6G{fVU2*~B+QcBiS$vn&VSX1>Vui=PYdG;M5j zrw;nM`XPX%X8bb;{p%^!fodziV3SE-KMg|q#Y4-~1F^+YyMA;YC;n7>KFTr;)DK~Y zo&WXEH2eE?!9C2C(wpX7O`cg4sSjq56cSIy@0CjEtk+ifhku1?ako>3S~2KCSbJqU zPmt#9GUvU$n(G)Z*i?F)eNpe41|9vOI*_J3)E2#kV-n-nNz6flcyjhU31jl{>9Utj z(k95hc6LNb_ZJ%x)8gu6OXX9>AkXU4$FllI9Tp?ncWFRQ2y2HD62_@(PK3B3cWZSk zh;`AR=NOs+^@yj56Z0!qh;hgOY5nrvk;OOiQSr}qFD?w{sE~>B#~%mwJqIR5B`zJL zceo9@>GUS!JaKd)zGAh7B}lB-_A`{>=wt;4-CLtBZjpsEYN?rka zSq=)!DjQ7R+SSv1KG{f#q2)72%AbFFr3jS-b+1bx*-sUeclEMRuW%P_W+-vS>H)T~ z^zE`{+T*X|a+m8Ul9Kv%oM^Yku>MTR&;Gq4 z3sSxjE5j3WJvF;$^p~g{|BdJjD-D`Y^orL%x4OwxC(~G_U-B;vx!K$}e_II3B>8sX zXlrC~o-y!RBSQXM{bdcigAc^AZ>*Pr?OGRIVn5RB+Hjt&>i80!qUZQq29uzR>Tfkb z*9s+=tK`o)f2{ns8e+L$z$3?$=nI4C6yvvFi9H=lcsXwKRk@o<*In8Dl`s)Rc z(y%Xq9R9sE3O5#MOd*(^`=t2pLB1>B$y$bweuP9-bXz|EmyoE|-dd;M$xcH~JhazE zj=2XdXHLa8lsAPA<-e2344!Cp@ykyIM|>1x2@Y}BvYia!-|+X>Vd0lSGI#{&98%Q3vH z3<#LeD7nH7lD;mY!+*D^5m`Eggz@TV;DJC5Qao2m2wuO3l9H0XyO&Lcx0cVOK8Psh zj05_jkX#6uH3*4JZMk<(5(M(Q#|pIzl9(BU_E#~K={{D-*|0e*n!q;FH^jRua}tC)3u7A3l8I9gg>Hz3YjrrqWEsdHV}xWIdZ-H+*eRp)H=#2<*n| z3DMw`Fb0mPQ2@+tY+p0{Br|5>3eMM1+LbjB{mp(??LFj0ZBV38S*$<`DHzA3iC`)M zNt~$HP$VE}chgEnhIqEdi8RxCOO%kP7NZv7VuMVkTUh$mtUga=@)pVkj12WkuV=8W zfU;>I-N=iFn2|F!9Q}=k6I6w0HLiMLg zequ7Xzx4AMA{J)t9^`H{l=#uSFwi*`c%z=m*1ur4P4H9u?KD=rBBC=~%<75rhpTt4 zB>wT(@U`Ax5-bpVDi+X>zHEIm%7T>jFoIlt`ddPe{>4|TAqXu|m0aPxernqe^^eBL zk2mn&$-+wa2&YToQv+9y;D?60wx5z55GMjw@-aK%5@{cb5r+H{Tzoo6T5*K-WcXorLfEW{f{xr~HG)DW~T~7&Bb(gMn zHv7vquwn+TIbWJ8BBYaPk*mA<+8FZpBX z#4q}8GnWSYPF2nEIpf1HQa%9Op}G*gXFCCvXuFiD+93+;;$#welk=Snt@kSn-Sb7a z7e4jOXwUsem5Z)F95H&adWUiy0&Hs&ISm9I482`WRk+M{F96)`kPj1r z*sug@k8@XKwI}3_Rwv_xtDd1j_&Vz}FwqoozuGm@h8z)jAHns5dzkbcyd4KQ z4Uk0Impb~Bc-D5WwvDY5YDodqCu%(lOX^mUevZgGgd-^e6bNMZ6(sZzc=-Gf+UFFT1-#E^Q5_)g#QIsl}TWq-UoixQR}Ky z|I13w3(U_x{ExUGdF}3dWP(Jq!mt1K41Qh<`9Bb%KT-5^qwOFJFAmEauMQwhDeUp8 zRwS_P053PTgEHBWh#I9yi?N1lM1lI&w|)h zEyCyNDJ5H17G9liheW0s-iw&eX_)u&k_M;FBNnV(W&!joGnysjt5=IA zjxACIJ303!Ah;u7{3hL45j5DG-@j*D@J|TgA6EV8(fA+s?jIHY%xdO;)So|}NB>~{ z?vbj={_%s3rXY!$>j2GGIn^gj4gOXqDVqrN{oiV8=Zhz)9 zc_B!%c6HR-d0BNgIN`v0cww}{<`U@T(?8Yj?^M3%X%(O*Iv!8+M%BHr>R8WfBzwf5 z5L?Bo`+5@Fw+ZFZr1yfey^R&N>5?DoA8?Gh_Vs27jqAFNP4NCqRH~(roNIf67G;4& zy8Oj)z_6BbIFi*h>HxNca{ScDb&~pmWp$>S(I$eC7~R-8aag<%IOvx)mSNPRJZRH9 z#sNbob!)5{g4#seu}fx^-^qMbpP33E-$Kg#bMN#()5qll3nZY=*u^ghLO9|o;=7Cb zR_wF{7uzo`?q`duT%A(mf9o$#;i~5;u7=gi#INIGH~n1=kQ}?xIzj+LSP9CQ2iPu6 z=LIlJfjuiE_Ntf2&ihM!mDiuD_tBBYf>}8crl{+)A_tL{?$GFeA}6uBIaE zR!cxg6tb|LG}j|Qg{kc%Ot@uR_ThJ)+n>(EKD(tTHwU}Wp(sJz{sn#k9rEnpHU`S+PIO3jA zYD%~zKFnFw!Ib(?-!2)>%BeIsm~8vJDikb}O4)EwOCHR*O=eS{6{J2s+gA z4jYz8(Ddc>S*|DYaS)6;9C5;xKrIWfJv0(cB`%WuEFJ6ya@C_k-#BsKQU79L2=6`X z{o(^MlJz;Vn%JmT=bkxQ0CGT}P8}t=5ucP8Oo7Tw21TYw8-^q_D6O=990q_Q-3y2I z=?8An6XP5cHaci%ODk3fqpQM|d zUgu}tc&Aux0VneKp2H72v^&0NrpBv>QG93wYL+<&h%rZAV~6sn*n%-KRO8(dbG}5M zWpPXLZ>(-1X=Oq8r(E_C#5A17K|@ol8+ngmryR&D38<_VT`*c}U9{fa2F|g;^^U&m zU&-Y3@L!}6f89M?$CM4MugWRdrrR}5>Cq*5wdy1yU}&GU9)LwYS0$6UU|PiIYK^L- zqQiITU!m`2n9ryur?x~53u7+)*=Gjz@Ayp z9K5$|Bq!QLmBg(%Gli=PYhmdmHb=B(?R*I>0|2KD!1a>;Wcp!#3lI=#_Kg`uz@8CF z^EEvYV$&=Ctk${8k~6tFvCA}P$N*2>Pugq$@$VC9$DM?a^fZMisd1zYCejv@JV)}z z6qdwW0xS8k#Ki)K^|3#exY0nM{_Kw>?r+DeOlfOs%Rd*of3e2@uHU?a)lQ32{@?Ws zG>u*?GQT$qsdoEvH4OPeV#IHf80<7qY{uocc-78nz8;nz(5#kZhbumIGpik$6iwdu z(eY!_?RV}};-=tC0^G^n3?-}iLgsyfEigN8XM6PMl7(^W^)chDyMWY_knnZqWV=4k z7hl_z@Gc@4g^$P~7{QlE)ht`eLnlFLE_91TRrnr4w*H?IH3D?3=%NvZn-&im=`0O` zuX9)WHv(t1{3!x3~L1K7h3UkxTV9#1^Kpwm&S${_PB(L)J zU0jUIw^V$}f}vd%7&3l$y_Z$1Dg1+lvUq3Bl+Y;PYI3;ewYVgqwxLm9Xw`%Eee(<7 z%3YPCE$R?;J`d`MZ+6vatk8~8>}iG4K7&xD{>;biRH}eGG&Q8#JQL2m8nCicR=eF! zhZA_Z^2@iKPtTY3yEdaL%kWr&Wi)5>aFE=I?02%Q65%EO=uNCupX{an2K$?{(KFAv zHnWqME^HxeO=&To0gAUP;g;Z}T0dPTpss6}W~J~V99{fgAty>j8+Px6Ha0iOLD$%J zUY9Zy-Fq!Tk^48WaIt&)b9%!4+=0*O@z@_Kb&~#zJ@m)?0274%rU9ehzDp(*OSy98 zmz6U~AN4*Q)ZbX>a>+9>n5aY2$Fhy4-c3TgXVcuNyzs>rG=#dZgL>S?FfC#z!qLz` zPE1a{A^rS69|+kQ+`d@0J55po@hZEY{Z)AfP+;hQ{T>BtZMk{!!_NIy20CCxFW;35 zC=(~2iDGuo(B(E|O}cohP7>Qsi{RNBvNNv!wS&Yk_%%_Grk)+6(v(HVh+KC-AR#f} zd>CV)pFS5ao%1U!apgs;Wo1Fkiip;V5r!2Or3fciaeTYra>bbt+<5kko81S)pq!oM zXP_(mo#or-gD(TQ{7PQhjVJ3xAt%Z=Pj(KowQa2DuEst#m@yA4gLNoe!cVOJpa45cpA%^VC9Sea5h6)O3is%aY)rYv4DeEMYP^-e5I>Ws41!asYAo!ZR&c$i#tA(_a~5ZuDiaCsJyXK`ZPw6 zfg_wpt9z^8dhTQED2vfSSG~|SqKXjp za4O1Ck_R!^Cg~*VsWDRK#A0Spo60|8W(XKui2S;oNFf@p0~Pwhdn%$pbMeLsM<|l> zTwbgg<*UH^UL5ku^5t1@zMk_tf$$*TWWKTIAx#97ygzq15eit!vDd@^@d(FC&xZLf z`^$x;qO>JAnvoWn+b6k%J4>^-Z}ChJr${{Ox4i>g)dq2L)_eYru>%a@D?sXr97u5; zoY66#Pu!&&7r?N>I>?#v^!LQ>Pv@U8Gzt!@utW*$riGYq+N|vB?Q+ZdkJ$(HYHudg zOrBzcThTG6jq>N6vX=BtCl%P-dzaUfHwup8PiS`*zmt)VA8pa}npIQ^zi7Vm>mU65 z6`9F11NH@OJd0VD@1?XUPeUAo_Oj})C4Br&RzzT$N<3tYGwK)6oJ^OgadzEjjJxiB z3UdfLsa%>~x=!6x;?tbqc6dp%AXA&~!5{q0zf#1y{hze&7Yc|Yk)_B)9w|1n_R%7y;Mq73tt$$=Z| zH)J~eM2^ySq8m$b#mfc3$tmAH_?t=3JjYvjJE=r(;x`XAdI|gBp(GsP&Dr+JjJ^g- z$~G6%u-56;UvIwKXF7rhO*w90VLdzSzbKkW4?qR__F$U^N$z#Sk04fW3Tf2Xb1Rn( zoXqQ}?G0;r4E1X8E8Px>piyfCk=@J|-LdtaIV^4(u?K8Q%QZ=iv>n`=#%ngAyHBg(}%3e3Uil=52QYh%XV zqS5trCXYFecs`y%eI6=FP!THyUyH706%*Nqy=g)VKDvkIL}ijrD=(oZX>Dc_S6Mh% z@7WRXbZjs{x4m$9MISkDm87s#n-1hZL?$ig&CJ8}xl|wOiHDzA1z9S=pm$RFn zG{$bgPWX(U6!xvH!b-JFyc0|mEpg9EEh-Fbfl%+HByn;KJqEza+xPl&>r=`LbEzAY zLor`5`F`i8iky$Y3w0UE{BgGBDfltds*_^7PVYh_JHM(64?i|%92#9O3Klyem&t&$ zCHnBtel>9T5*c_S_22hvDV>K6Id+H2_iJphbDvix(N-n^OxlIXk~~+Zp2-E~ZJPvCCk$(`*rL7sirf0C&p;N6tO0Ik#hkdc3I`2K}sR9`1@Yk8WzY&iSm9oms7o^yr@7%Q`3G z&|E*}F-f=TTXWQ(d*)4yl6IwCmTd5W_Kwd$!OfHZ5ZK>O{M7DD(j6DaGR6&)YRoxX zY#xsGP26{hGeHh?M2uFaia&(Y7qTFXXVSG<z)UgItt~iqx@5e z5;mQN6>C`I$oJa@8-|G}G=kHSD@W~0($Rb4-d)#WFl0k@cI;$2GaQn(4hZg!W9 zwAx=bwu=SHs4boEuWL#$XC?VV;dwO)Edz@?nPnm@)FPC+6`OAK#)0;Gx+A*EdRF+p+_Mlpr6;H`2@}j);&2|mvD?%j%&>ROB zdJ@zXz@Q2m%?4Am+ya=a_7H|iFy}utaBJpaG1wZ>9U-BP7b*ftW&$XZ&>4f0so(u z{F9W-tT^U78MeB98#4vIorNvB2u~sVyUYtgk`~v}N^8r%0lg`W4gB`cNrG|;ALkOy zG%X9zsbE|$FDVK%ObU3vm%lRymY`l80Ey?x?(^P!q`;J%Sj+LCE=T5sT`t=u`0;7rnH-~ z1B}~q)9f*oA9Dz9mdP=^UUB!q*jdBue&q9+ViyZhT35>_DRvs*uu(sw(ML>#?f&#C z9mml3Zmg+&pn7A3@%h0^C$6J{s zJos8zDnn&Sm#x92I!f>9jF7RKH5L!SeSEAfsKBWeyj^W3XK|Q!a$fi=OUzThc8A_m z@ah}Plz#I&gvD8r^umn3Bw5QZjzRT+sRseeWdlCv9g|wR2Arr%ii$&)Vt}QCjCw;h z!ZhN(O{~5&tKN@U0X+r|(tF{b(Mb%dcg#xWT@Ie34AaWoq8~WA9_5*&x;+9buI>77 zZs+O;19MCb#$jQlFe9AqEA@s=0z$_uHw|F>3Pa$X5_V1;Xe(u;zd=yVm&xyT}R@(8Jcv}(9x<82M2tVC5^5l-#XJrV_T)mjY01c z(YfV57YFXKyuR}{V5j#$kcm*?P*;unxLi{s&_x&9oR{Bz)TH@FzwwZ#y_KYpZ?*)# z7(!_C{TO7I*Ii?;c<-5`}`;x4; z80KY%nQGlCytg@wI<-XB;gwI3y+(r`9Gv+k;KnFE+QH%{%c~RK>hT*W;dn(GE#pSb zv88uWz8Z}Cp!Fx6lU0)UP2LT}uzWV@9jN-cmX*3o^~S}2UA=a6kk2%kX0Eom`)-tEI32K4OW29^{rTk%U<1VpqG_bvzPIFZU@1^HA1grZ=Q?Dq`!?p(v z5?1zn?iIeh-Nv>$DotzIjVgP;?vxO6PZ(Ir$gb9h)N?G=g^Eb1Df2Tc+q)(KpJw~1 zAFX=sy(%=SR)Pt*=PQh>`YdtgA}T3 z5xO0g1kLs1L-JDj!;LMn{Mb^x1dR>B{c7Qo=2J zDI;{6l&@G9}RZf%J7T?w?|J21R~T`N+yO$qNs1p7U|5C z(_=iJgf}VZ0ZM4*d68c@Tanc{Fl4antm3k=7%=qpntD}@myb}=_OmZ_k4RkLjVOCV z$}rIA3rpn{<8}FtD4?!q)F7V;U&Slx*W0Sxk!;IKCKXpK@gUjB>`sgBky2r+V%I9qxMd#W)@#w+?jKd=xKl-p0@%lqyl(`uqH~&_;Y!X zKGjvAZK%!1v2(J1SA)Oh1S_~5O`Or#`ryfEr2V{VHE=Ra9Bw&-0ZCHWj;Uc8qcwTG z(uw1>Nn(bsm@{}!Za6C!hZ4wzMN~UWzx8mr&MzfYGXV0 z?W4a$2iVSJty0KUw5CRs$w2+paIn7-xVYZJ>tTo;D=(2pw7TGaBwp&3>%2~mRm6hd zMa$zP**S@;@rcuzF3UaJMB%1q3|WjBh{id$ybNG zF6?xuqZksN!Ah9*rrbF%CA%RemVd3Tojrc&Kd(`ru%@{4(cYd1@zIc~rhGz=|3LT! z9Sc6A(A2|Ye3-h#h?SqmhBl!*gI+5w&xRp?EZvTrVar#X{fqf#Q2KS2V{~#^a2{^p zJK2;?JJLy*dGh)Cx4nHI!hX;yXy!W^O2(PdTj0^A{E@zPQP?+&F4{l2U$X zd9TbbEJx+y!7IUuy_$m@Xy0F*wnd+8hBYT6>0>5ZjmqCe0-!!aRe8UBD-fz$8(T$& zg~fOfY9BXqMUUhr-974R*_O$`M3}L`-#ok@Jx~wbidmJJO6I?=UFAH8$Z`wxYHEe&BX;3_6Tl z`DW;pcQ0%SmViTC804#^?aQ{mB^_Ok72-g4Bl%3`nB-!8NJ?hyqcx=7tbXL>$A~s6 z9SMxgT>vZj#iY|RpGv6fi!BDd7tE6$O#DPaw4z+H=G(d+s~m`p4V+%!k0%}R{jaPz47JeVH*q!8}8zg*4J)ke!b^V&1J z4=tYdYTor0DE92HH+bgOUDZF-&zwlG$R5}Wkd{O0`FY>TnmVHOhis)uxMP#JzFNP2 zGK3{LK^Z(B0W4X(nF-zttLeG@^h;>ZZrVGDPrXXQ%VN!YGpMfJX6JgkOY=yg+`?y} zY~`irGl$K#^+@uD=vvjBf#*;+Zd`8cnFh3nZfh6=Vw^ryPyEabaS^sL;HpbFfJ255 zQGi5H3FI~?U?oJsp-=%W#V@yZdnXnBSD*kG$z-?az*SQ956fjBrM z-{f6+NvQu^D=pPbI3K=x)K+0v3dxUiOo=<8{etOr(8okwpFh0DOmMlZC@^OJ(Z!Z2 zPkQT(W`Lm^pLOPz!M1pQ_jLERq}zGiWA^FJ(@7goH)X1*B<-Cj+*q{^EcP-T@U>U$absytsZQ*x zI4+*(0iATV5YlM*@ZjCC#X_ZeZ@jtQV0iLC|4y{_bJ4((kety{k)lPkSot1rKm9Ox zcV(HRKc~ba>sAmj8S)`-UH*&OTTsbba8yqc#4Lo=uE)d<2SD4Qb>4b#1O+|tn(y^;} zm1%i%0)qs5{!ZYRs_0g;QYVx?W`sDpTH$5cJJr&F?{<$sMmn`%Q;}kD0Y|*ZHy&Ng zzO$=ohJj0B=uX{L;8R=(b2;x~7%w+PHWtF#&YMmJ62d~2xoY{{Lk5^fRf72Y^_9FqB8J6yh-v=y-tS~Yy5%c| zOcKk%zTT$&Uhex^sM@QD?pdX^9=uQ%R)zP|9%g8{%oS;GUC-cT$TeSUAp6AMX#4n| zi{HOo<9~#!#=qR#-zxr84tHmJL;{kUuOaA(IdG<$1!$g4Xb%DU^ z2TztLHs`9uTwl*LQgXi{&q1|S3eL|&u;25l^WZPp9+x!ql8JAz8%l!f$A@maz%J$U z);||+xp6&HA1)T-OY7ud&u1!OlDVjPou0ey5;uy@Yi0KA`wW~YHPj(ZG9zTZ53;3f zoD+%btPYXs3-``vGq+2cz{c3>0IB1eym}v3$NMd0>Qlmqs-HSpdHW$ZwRlQpHlgNk zr+Wb;P1b|hbrQ4QqH9fHyIZYm`XO$4j5fCF2zEd%VM7Iie=F}bA8TH z2zRAWr0B!C)r&~*@)+ptvS~fwT}&92mbtKGo4)-X<0=PUI*zC`w@%Y!F?SyT>3qIa z(=@BQfgx8GjIX{ZtXd{%8+!I0+25?2Piq;+vWaD}@nqZ_bjs-E_P7_%UEaXz$ znC+SlP7WFYvfqwYeMvq|{1itg-=sI*FRh2p_zS!<-E81zmm}BQAITut9aij|IY?U` z?wg}n>J`gCSv^}7F{Xp`O5jG(Bgc@@sz4EmFi-Y<0QPw{&BYH z4)-H~Nx3baI!)9$F@l|~T%Gqlxtb?~sd#Gp_I|=0NKc=N685c+u&z=IA3+!nBmSEs0*v(kxAtxUTz%%i4t>bd} zKu^@`9?DDy&Uil?-mP{)(yH#|qR{78#tuGwC5SC#?hV5W*7!sPD(pFZ<12^gdzX9C zSwCbb+Pdem!vx29Ibk=}`p1}F_&%(h$B4C5TrElPDH;!!T*}LfjMlmlB|4w~rQ0dM zBtrGxHh+8r$S$a%u=5fd)aQr-TL#&_2(MuYKCZ3MNpczPVON#lNBR#cDNVDzH&%R- zriy--xT0`N5~u8YS=pErbG6+MPJw0477{oXmVXy}GWF{l&bzSmk0vqO$U4Zlw!Sq+ zxnjZRQhYrBxFAvhX)nt0On}}aqAGAEX2{1j6s#@cJ*1y=xR^V`RSK>Tf4{Fr;@A){Ng`}%al~}t&UIa z2N)gPyB6Q_{v&-D)~a>aUOA(0AC$l4!^-(^3|R!%Ph)lH<4WKGkb(`{ra5nGQ(P^- z2=~9AL!eHpRt4O6C`tM7oNW@DjuMyEJqNb*w@^i#ma5eyI}%fZ0@Iyy-n9mU^$$%gmbhp0ch=pGjv>5-+@l@s z9QE_4n;ReOE77QMNL;lv<6T?guITFItCjU)9b{G;dt6e)#5z^GYakSVGmpHGA^%Ie zh_YWR{qbx0V;%Wy@soA3r5MvGjmg(CIl^w4=LN4T4`I{Lt|4O2?&0D3y3Tl%ZSKQ* z(2^?m<2$b|sdGQhiPZgJEqeoMY(=_zvR^OqJEW;HuYU|?H5ich95-H@XiPen2cCx0 zcq7mpsM^r?#s=L(1rixt95CU0;T2^g1rcloM@B5vxIL8j4FwG;$nk(uMfqy6Ojl8P z*L1sH0TQYGW51pgCIox-o4)*x!s=U+{wk7lhvPe0;|HpaPNVg1%(s=(PopfM1Irz? z3SD(&gaha1$oDoL#>thJPAa{hWGbD%X>yHwM+!z9{G!P_ah|nYFcv_5ZqhVmf7Vr^ zOY(|{>vPO*@uTIj8UHZr={DZ9aUaxPo>IPq52Ft!+ZXAw2AA$+6S%N%pC$_G++Q=K zX}9<=PgF8L@hZVpaQ+&uI(;%(EMb=`lEGoyRN^$mq`2{&j$KjtdtoPO)kDB|zqDhR zPmM3wNWAgg@~5(37k%@=Dd-&50Fw6GnrZ_vR zxLwc27;A#JkK01AfJrQ!7xff-u%%CzFN8IvB1w6jPB|0`&dyE00cmh@RLh8=LKF?0 zFPzrIU*`^dThs_NnedwJh(iHi%z5kAUE}oO7<7Jinx>w^0ZBllC5;+-V?l#c<(lUu zJbBzTW!~$G6uipzs_NN^fX)REdn)ek3u3^h90lvs7Pc1m7IHJXwn~O62B@{NWwxc< zfa;n)3rWjKnU|!Mj5MhcB&CC2E7wHQ3Hu}Uqa63$UIT<$%RV01>FsE}kYTXhwdKe@ zPAk?fpiGe*N@tR?N;|p}nR5wq>4~Oe&Ne5nHOZBhvUN(}JDJ$zMz6q&k)U9)_bg!t z0SAaK7DM0CIlKlr>lXcYvQ5R)(5d~JU!IH~HRdx<2UQ2eHZne-_ngzKa^qhue$bF~ z&JNtv0(`FCUJzwx!6)pgECf|e$`lM`1&lwEPa9{bcu`mF zrz>Dm^&A2t$FFwY^nRsvGmaonW_xjsSq)a+%Ufd9>pz7* zKXVWm>G2CD8KXnPwaj@fc8^YoS(lk?4Ui4#o!QmSXm2V9xQtaV)Q1Wp*+B{*P$iO^ zA2LZf_w9VWUv%{9)b&}faT+W0jN1a9Vuk5~KccM^L;<>OG{M3LW+deh=#3+>x(As&&9dC5puJXL7F|Ecc0NVM>VbDGaSuF^vCq1JiL z(=i_bTd+23*jyUKM?jCnn@FWizBbw#`aV`>Gk?$D+c`6yzy@f%XjmrxJUB%FjD%P>JM~!4-|ke$H>EcO#l#+;8}!NG-*=jNVaY75(c)eL zX*=X5ro#Noi0YJ{yP{Try>Df%rSo^K15cf`N1YY*C`neU8Y*n^TvQ??6ICsdyTE@c z690OI|K0p+u9MFTHqiKgcJmMGr@#>3kIU!E*DwkBdcDHinJWJjF zb_R}&0JDgGt{!vTcr&V3IlK76=YqPM+!c0E5-79*{GuSY7UJzT#%z878J&!JU@XhB%s*YVp^8oY7VycBN==K$|sLS&|WNEb^(_{ojLQm%(}j+x@4QwV{W zQgxx|-hzE3&Uk;hZI{aktJ_K&b_tg_7)eK)#jSO-h_&4#JRi)x=MpLYMg2z0(6o!K zT}F3(hY0OFv!{W6-t7Nj@4cg%>e_u#)K|rVmEL@%N|%ll5tQDfgkGct5(pha$3l@V zB>_THS|AXR8XyD|q!U^Q2q7RP^deoVhi~tF?%8|nZ+z$MyZ5B=CGrsk0fNPSTOL&|r0p#bI2fm2@vhSjM~6v_q_yCR3R|_4{4P)V_*AdB~%0yAx@e>F2m%hh6hq(hVXlJS}iUyY(fPw zb>X0xf^MEZ7?e5a9O+`%6+xVn`NeIDIjlZJ9llRjv+g)(`a9^-O-rFK5UBEsX5G7BUP<&EiEUWOv?CW z(1oyy@x6CLV18g@mZ)koD(pDzUB0SW;Y`lZcYS01l{Pl#!^U*ERhqS%{%qQ)d7%X$ zz^K$hW+BZ1ko6LhVU%+xw4o-+$os!zaqy!`O#lGmK6rKHBV1i?dB(a1ni1(5y zG`+d#7H=Uu8(Rf7I0*TqtWT;ARPr}NbOGBGTw|I`=$2?UlhxKP+-%b#be_WdR)ez#&CgxJ@*A> zqO@X&((HCD7c&8&*ei+b0tOX|o`TzzOABij&v-Dl%VMpAbt@|g$(|^be9ce4WHBow zx1-;7jjzw7fGGyxwvV%s&{5HM(r*?4*Q%CNXcuBMg!cou)*ipU%QY|hn`$=t^jgcN z$N4%rbp+fMrQA&k{>k?`@X4Ehy=_pZTCYYb?dgZl@inJvk3QG?kmHNp0Zy_SSdBsp z#v#)u`lwir879`Q*ywyNC*1&BiHCKjZ5elVJSJ_Lbcg2;U3e{z?53_JdW95p9GiDm zm&c$hKw1`PbLi;pvgs6aUnlyVo_Ov(J@#q8I-St1Ld{I^@8wy2^eWtl`q=QdL7JPk z1j^UO*}bWT7|8L_Z>q1Utlp{anZ~0bs`1DmtIe&#Lm#{EgY*taXvo1`w9S5F{E?&v zt0wX72dJ!}vT4B;!Le1UylNXHY*d`a7R-!DiTi}hfG{2SVozZyG-F6OeW^WvKX;JoO`4--x8d{ z4C#eB$m^N3)@X5vj29HL&o_f_3ad$5eS>|y`zO${-o5M&!+6FEb6Y-kCzQCI{`18e zenU1Z*1v1l4EM@r zQSA-ZR`NWpuB2&r`>1Y?YYTvmUuH~B0SR%@B6$;w{n~;gBkECJUuATAv^>k=i^3lY zkIR0PkKL4io>{g=P6?2&F*W(vN|_?r0$h&@P(E6|B&fdsjI0U;0AZT=O|`L7Cygy; zVC~W4D)A9eN6kgY22kxSca92G$F2!*GL0L}FYUX@)d-c+4;SQL<5o>`oiG9#U8i}% zXP6}MBaHi7y^Un2pMm?3aU-+dVJ7k@L%}+ zcmvlU7uZHjxL`f+8!c9z5MRYNM$ur;{J$gt_0V)hQKkElZ**#oZ&leK2Fjpo-N`CcQL&Lq# zaZm#MM@hZ%a=SLf_nK!v>yg=}O5c_g%J}5txeP=zuz!3|zWbw4@Zn+59FlI&T5?Mb zFnbFrNpO)41@)Sjp5^np^f{J&Q_F}hntU;d2oS&ldQ*BWab+{`*?E7@h9_(z-LCjv z`bwN-*yw`5j!C)K_6)#V^o5>~)NIU?l5lZom&-+n(aOSXfd#<1`P(mHku6x1fbVRf zR4L%q{^J&Ro}X~gpt0m}e3QkWGf(m|W2~MaK8&A7H#eY4Q`gk4{t|)puha!uAG+V_ z2$GJowZi%m&br}$V?(k-H!h(#oLfRq#qqbr1GPLk&OO8LF;(L%nL)UMbw^iQ8G@A$ z@oXqiHiaatikDR5Hbzh6lvPS-rw06oM*fdZ3{Xh+h~-OlNtL*kW|Mwomuu98X7#2_ zWZ%jU#7h$KTV@kK3Oq?8>$D}TmK3@sKRlN$szz7qpWrqQ49=>}$R)!LSgw^k`$uyB z%9j4`4nKPV{3J}Nk!6H?zFcJhAvT=g(Ir4g9~x_}I?JxSrPTy47^WC#Itp3j>{PD; zYWYT%=@8Tp>1LB3BOWK4Lf*4kt?6!5otg(yo#1y@m%OgJ%;0V~r|716Wn9uj$PPDO zYoRMpzz}htr*gJ<9%EBK8o`|x@?RLtS3#KBfPv2sXm@GNYK&v}``>!&2-B|4{CP)nejz4cl*!Pomd6U0Y3JD9NS*w9wgMq6(kO-ZtAr=+YwrFELV zr^}QNf=J`EODu|8AI+dHjvFFz+1`=2*|rx7`+AbtQ4rnNX}`8 zrHjIb$WEb_zNuv-?>|k`7<^zcA?>Og`$Jg1+Mv)1vdUL==fjE@(uSX=BsD-X{JdO) zG?5&wruKSu_Q9TSJlP+&%IxJI>>0z^IX*+QAwa1TBH-uP#D0H%VYL{}`8YtglL~qhltWT-@Pc7;`sSOzX3->kYd; zbM7H{p72qq(#Vyhn)a;C2^GHV>#(2&!K*P@X`|eTW%j*H^9G4eJaAW#L685ki}s$DFtpMT`5@~&po`S9IBtZs5wDOWctYY6VF zdN+>hJdf56>YKJg7`(dRjYg==`n$8)>7KFe2VpiFrjgB;8{7|mY_?3l`Azj~*M@B{n{_Vc z$5xNWyOu8))`$6Mj^$*e6?z$?#q3F-0GD2k!n^@LBX4(@<{&){nPf6Z{Jy@YQLZo9 zh~Fik@;wEy(IYyNoJ@t`oNOO0J?L{y28|U(zhHZIv0|F*4s3{Ge0uycq|HA*ISPt9uy! zz~B1g$%pS(UB8>ovD;yNai8J@<-}RdA+#AlI4;6vaP8Q)icl0Ij+%;g7eyNC8~9it zxqz@os$$)OPX;5ulrM;Q&Z>AnH1wCu31}Q2B)381{opv`iz1hl;Wlm#14geX>u3?S4+le#<_QTRU){ z_HNM&zTq{!`E@$1<Y*75*BfN#N*JDK05s z=jVEMOPh**VfB1IhGbGk2xK7;exbl2u)mP!W40|Ta89~gA4ys=*M4xG!d%DO!X4N_ zbj=o}d-aZB{g-T^}He)zY>M=Vd;yvd#<(w@L=?u$ zOlM3Dhq(|TmSX`wP8@w4u|TAQqGqY%2;?NmvhIPkgwuY!{x#O&QP(|5z6~ze3y!Rx z;m_)S2>qrK1)Z;j?}Kzoz?XDn!}@)h#Xy{DVdOY_|XXOkD2 zJxHPbA!!e3WlX4!;TMu{LYU$iztPmu5=Ji)tV&;2`YgZud3K=+Ja(zHs>I1w8{{~P zH7@jhiZm$REH{t9*$p`xMWtQpQMnciur7}4H*&@QQIsRbkyRD-$_k!c8ajayiVd+a zK3#U0f}a8jO|Gj|@w)Zv7FERh<$mV_np!UsF>-*9jueVj_pdf7%jPI`(t%}jJ0LWQ z;15S-o@-CI6NGp$&j^0G9+A1uCXy=G+q+d-8S~oOX*1uJ5o?&FP{zxnY*$|Qm+HIq zvl_TmaKv<_*@h3MrC){qBMtwb&$)t)dLWLmF^+aQ9i=)@!75qg2tqozy)T)Mqe^oo zzksL&ax~TehV#H5hYyAa{Ja>yRn#7;dahfwLK+TguEt9VY)f>W-G>a|KFWhCZIX%< ze`dOctY4VZi8+Zs_h5ySyf>Y1GrOA1gAz}8NV!4J{0Vj~oZ4YCQj^CMmpU@(4w>zL zQ(dcDoEl`8_+HUPc<@UH^K}39UvmEHxBv2aaD@xgI~NSqAzXfslWnb9ULD9m`#71w z(9gkT-8zY0aXZ{%??rV3QV>3rILA0YRk2nDrA8SB@OjQhpP?TDjNJ9@Znfh*!-|Zl zv8Rkxm`<{0`w5_87ENmz3F7yoYO5{NJN22)j*KhbWQH9wXYY#&;E*XNuogMJ)VE;; zzPEd)cJ>0CLIg~{;9E}Ob&nZ?^mq>iLj7_dopKh3S|8+=_MS8LHD7`JrkV#szqd^U zD0W-y)EufUvpwHFXgakvo7N=$6nFnk#c9~w!A|Ht)11ym_9&{aJV?VWu59=JFVT

    Un}-sAE|#*3I6}`T^_sq zdMl(6?W@%)MW$;?Wy*sIwMxJrm5{5tJMIg{lwjb_+TCSaiDHlAc#YLtg!Uq{5OCs5*=n^j=g6{N2cmgoQ(J&|E`Esi+qW4&Tse^JS?wpfhujDJ zlvZfYQttO`3*cA}!eEo6#6&HL64oP|Lkp$vvp^^@GjLH!bQ}nm(K}h>hwf*%mb%dm zu`nCy;`@pM*eb|oQma*V%T~F1ZLn$oIn*>1$BB<(VtUB#pvT?f#H*@#r0Ek&*q#`* z7V(&d@?%O?2uAj9>sY`Xtc!TR+XPchOK_twe(N`gBl`3c>!Wu&k!k9h{ujQ)ZP;tH zNMVkxV|Gu)fgTNR*wnBZC%!g#F6cYTC9jExQ{37dk$-(FF8JVIDQAh_{~z@%7jE;H zg7%kA`j;C1m*w%7vGtdI`G0CsD|ebZ|4A}#jCC77&pA>Pv0l!5d#x*(k5>pX!mT5b z5?*y49a~hs6aJ@?&QTFUy4SEM{e6)*#^e3M$&Nmhm<+ef)g^K>!tM3+SSN}yWnxAAhFo;f)Z{nsU0c2{NS6P(xm~r z3O(fP=fTiiQB^~zL>cU43cMHg&P5~*10ap@mPSbE8_h8G&4j<`U3Z(>bYUSkJz*n~ zSLqgf*R`ab1k!5tX3qC_QKZoNY}(-R;y9;d(T)J7KWZWS`?!mlFWkQ(ZjyR0kHT4G zA5J92luxR;+kLN&UWhwSM@n;OT6z%GpUeswlYOyOVKcjr#i#_9`<3*LqdfP^HAhs= zaq=GT$c*>uyCGJP)D6%&tMrKmW5v(H7d>LtewbX7&}CR6(GiL$e6a_hIEBj0263o# zdRFi#gZr2lilYn|8$>_r=Nyqkaj9rg8Cm=^GDF~Fm4zt2V=F0XA7GD#is-XPds43< zSa&HOPIb@lZt-DGy7A+;2?3#mZwiawiINH^j|P{zp>r=OF%gjnb}Y)qdjDc79WQ&r zAL`KjwG>+w4=hAPglO4l7Irf-U@j~c+Xza>(?sG>DJMD-5f2V6Nh|)|da5J); zZ{s-h^tlrjqp0Wmz$kwdjT8G3MYK*_kyZ#@Ik@$D;^W_`{NJ_co79mm411&ZXmkhL z16=!|ID9hDjZp{^j?d?=brExpmw>fw5 z^j<*tH*LY!r*9O6Uj2u9`NB0Th!1&1u{ZK?({tz&bZ5D!WRujKU|r~eSy_B>DAoBf zyyPHkH)DCR=P-9{vpb+I@#BOOE`OtUVB>KJaP{d)>ELjaI9BrWKa%@b0^on|1VBco zX2K)TJR zpxr+rHrNG6g(d~F^kb?E<=>D<*^8fTDXi0vBvm`07{4dw6-q1qEEp{cLP4>a;MY{nm_SsMBhE#L278_fih$VvN ziyc??k`gN-e|0h|=Bx#z<(OJcOpOWI!c<-mFb~@bi)LRG=z=(!-Uxj7mlxzu$?k?x z;qvO75kdlZ=69vw z)gEY}F3qyGi#CXk1gv;jpf9u!kR{ABD>_q*C29+G%y{ECsX9liplBC@8cXcs{w=vh zre!>v&HQbqp7ybLl(Dd`OB5Q#4k~|IGPrcQn~WEq?%M!!zuiY;O;hYq_?uOnBY9sKd7CWylJBr2wm2r(3<>HoE#@vL}~7AV=6iclw(f|hrq zeChEkdW9Z~2C*1-aaB#-0$u}+`DC$mglX&D*Z1_NZ9lkA8a5_cnK3X}AB0MENhMHM zj0(xEd~I-%3Zb|HlESo-maU$Vkz8 z6Db5NA_Kg68f4(xk_?fxnnP?`EyILS5LD+SQ2FPM3FM?S5sWo)a<48Ovys(EcF`P{ z7GW?pdnntZ^H|g8Zv(z6KagJ8oKq?FqTeiXK^Nbio-*(Md|SO|#wdVet0dQeQ;-Xgs5jLHvPu+0bYp!|S3zLp)g)D=v~*SM{HyYd-n zC>>)mfhJ*`3LJoZMWy?FY}yn_N^F1wT!r>__M$l!E5Y;; zrv+YU@6d8Q#$5Z3cVlLY;JDWIrDHKxavk}JGl*BnVQIoJrWC^4IhBshlT%_T`AH3}MQi_=9Ck>l6 zaJV34TF8reS)nKwV5vQqO?rix`S3$OU9+Zn9?;60p@iq++Gs zP>c;9m|eLxaE<#dDAMt71NBe8ON@=#Q-_~UxmU24mfk&@hFakCR(N*W_Cq4#&@2}z zW$iT?Z4V#Dt;Ob1u;iLT)6`5qmjqv+uOLiv#ktNkFS*)4R1@%=_u0QR_+R>G#}dM; zNsgeLx&)9Z;(i_vmP4K9NjbPQ)&A66lS4(gP$(o*^)cL;{y!=9LgTA$yvC|#ki={? zru;6L{K$LJ%$Hk72D0+7H8Ydl=OJEp^w8b!O}$)U$!5o%4N?FbsH%GAE$LV8;wQGh zg7qqst*+KyBe2#2A|&R-@2s(uV40_mHl=bKjxoTpjuw=YAjNAxKL7Oh`QXgb8uZaUyH9}b`g-^=P=e)Q4kB#mf*yxzfRQ^f5d(Hvd9qF*A z2yo6Rc8RiLawD|dM=!-SkXkeMJgZ0}CnvZf<23XnElcKzrYLCQ=~~m-+|^OH>dhV; zjX;}RwZ%Ua{1*(|jpO_ylRbxTOWCKtsZOsR&E`%z{Q?xXw4b<7#n0OBhMfhJ9Azh} z_+|`aj}=w+Tn9c?C5iIfY5IHpnjX2qo*YMWaB=3OzL8q7{QZgdHM{E zo+#YyYqZ&J5iLtbM1Qg8afz2ctKR=2QV4cDG} zecIhYs&mEje8nRiTK%64C(9_C8f96_T2w(6Z#()@OMn38Sd_LxYqrjZ4F6JzLAYa` z@~fU0-DR<Fuvm z1uBfeIwl9yX*^buPAYs|BIB;g+&6|k!MEOXaM^4Ih!tlm?1f@@LCa#g%VPjzQM`j8t&Qs#2ee+Z~+dgxnjgI1{ zpG%SqZb-vTG(L@zOSmws{TJOH9^C+Q9hVbHYL)8(MZA{ z-R5-t3=vilXmE9R+I<1km!M#y9}}8Zu@;SFlK=KxjhogRLd{U&f#Wl`?%C?Dtp2-Z z4)=`2-!!?KFaX1MoznLJ_OD!G4WYV%Teyvis}sIGum&3(_LySvfEBlN9nap?wMQSa zzdRO5^!0BP=oh_mA1QrbkRbd)C7dfWXWgpdKY_KuE=`Unf%4vA$L7%et@h2@Ip6fETf8S?oB4K7PjY9l z?waCC5$^VorP^kb3G2s~nPg1DFUVUHnnG;q zQ65&UtM%UKYTNe!ILQ*q-4VyeOoV-SY;5(Wrcgfdz$yAV*2BBWbf z<+GA=%18Uw#k1>)3RRcKoswy&ENMuZlRxYxsg?V+g9AE$5Dtq<$`ai`y(hW3uChJgyL zL4#!%LW7r!J4u3&e4bEs4)=B^vg^WhaM}as{O5|pPP=U*cbLvD-Ie<{*joPcM#six zJ7d48Qh!saS@FO5z_!Ht$x6bFh}V{=D!Mm9pTDPOUbmE{!oo1SsxJ$nF%RiVAvzn> zH?4Z>ZWPsO8ejiu`>epEz9d;+vcAwTTjmP?lvm5fO%0#nB;whUf)S{ceH09;L0Z)c zOywQT1@}9$wX4w{D{}u><5n+L)G0MB8SFLzh7ZBiJ+b#^wC@cLZxnm@RX+y2DL#EN zZL}5@?WMynDd*SR0kDu!@>@mqR47##WUIrJ-+5aQRadHuAA57SG0Un3@TO%@e-kal z1%*x}V6-b-Ob=CR7t?$%g&HJPOqepzVhZaU2z6N_tcJ{1&_dwnJs3|v1`N0&%pw{$ z2-Po^QT3MwqBMl79!6Wp!9L@Jk1C6qVPw&=xT{X{rHCju(*qZ1ua%@$f=fvoya9X47O5@k|oMH?eUixZ04a7F24O?+Mu7DnkYP8FwCYrggBnt7GL z{sXehoIxh!m!*V%?q6wIE!VPM8o|w_PE)e%{cLvmFXL>`vy;*w*-p2Kb3TAR9}532 z!uP{yL0-zpp!p->FkHw1ZboOx8Z~aK7qeq>|s4P@jM` zOT&av@k*1sQ)d$%!{ll>dgYRuS8;ZwQMGHYrgo%qF?%q_^uy`R8SF*#U!EZMWHr1vdT6LX^NwOS9$?;=y7Pi7!iOwHOoUi6WG{N?L*$eRc_SNgc}w*xu1j^NSoa|_ zw0`O6s&8Nn{=31lQ60^QSzAQv-*OGlxkT@T+x?;CEiGU}H{t~$#bf-Jcnz>^^Oad! zbjP#Z@qw*1Q_`_860Ze@X|NJ#*PMp2>YMVH@-@yID)N*_@wgxN;cd$0!3_dM6l8DJ z&>opm&Cb!y%t^FzTzgcvAl9pASUz!JMg9Y6W^p|#_&~*pSaQ&0sOgNcxB93r`&2ZE z9woSL#_~d(tzsQeKe!R^d#%*C{*<-2{OV`R=@fh7#^D;DFnkRxu~5M`OzxgYYZ?K3 z9GYK2D*C!nvR_bioizlv44!?}xeBw-=a<@?G%JgnNfZ`fcnoxjL9T;*hlF{@2g$>X3K}%T#Bk+Y$QAI zs@xDKIpa8|brT%4P;`!|*UYuzZ{j$_En&C4U$zT4^2 z+D3SW(>#TnI=tgVeRSus0&^Z9P%;yea0G+fn41+*@mu@+mlK={~7+*>Rl^4X=Lo4`UPm z2lsO0{g?eLHhHLDlNMNzQ=Hl47HfA-2^Yuu2-Yub4Zrx-t22|j-K;S~?|PW)qDIU? zkgrdF9JVwA;i~{fNV3`6m79Cfmuovz!L;p9R>j@Q+IxcWK0~S12~ySf@2{n;pcoVZ~|AxD)%Mw;_p2*9^~DGM2>&1F#*%is|H?s0T_l13_x! zwA{&8NBGf@Lz7R1{!V@_ul`lD|L*Yr8Y4Pem|>6qS;8S+D&Jd7X;qRVHkDgrE`b{q zBx_haUe)ax-I*cLBvjRz!Il)+#uJwVY_w~1&L|32Jtp_ZP6khr?+Y~rURif?cOJ*; zd*ORZdneZ6E0m%}XIvmTh^~W9-?$&|(+AMTi{F=fz;5aE1C2Z?G+ev4>Adip>Ry<4 zZ^%I9qJ|>TavItl?65`Y2)#ZLh5|hO%07fY<2qY}ha}2soS_zuo3-Y66NSZp8WT

    dg9IW zD3RSs{4TrT_H&mxN^CG~*xtR_<3Xz5&nQaI$daVt zFPW#z7iH}d#Yf*qXDqzW@QXDOnyOQpQyKOm4)c|hTkrSe3FMW1&gM2SQ139C&(ZkA zsLI;)r7ax+1eGQitLkX!j7UIK&r(WFv2dc;m`kl6u?H9n-_SQASkV!TUJwA1FTQ>2 z5PdxM=4*+=+nu4b z*+c6`-UmhP60{E1E7Wd3^Do@^Y3wvT`2<|u2zQE|Gsgm`*+A~!}@QUe^@G}F(_UAmA`wSzo)4HCJ}_GLjX%>`QBq2 z6&_18sJ~P9?-vD3Z#XJJ$ic;@prvS)pyJ9M?`-99daDZ#Mb5*t4KRCD6W2~`@{7C4 zd2RO$S;dthAC%0%{7O$`G&w&D%LRCYq+_;AeVFq1hqbIaWyLUCl%154Wc+0i9y~fL zDP&{~8l}zVOJ2H>M}{~Jrm5=E+Mzz{MRBBb#$4BfUj~jzY?eaCGP~Bm=Z??2bH_0* zI;Un;)#6_9?QgtPFxjHwPsrVZ1fKj(6S{U;e&xFv!jT9?{>y9IO}=63MQ*URI=Uzm z9lWANh7*&~%kW-Le!$PuB&A4KgMwsgv;?asG{r(0RG3J^_h&P?Nrv~1ctrz2%Q{8j z`-JG1TgxTGOAF#d8%Q2V-b^E1t>mhJz9(Ib0qjX z@Rz9Vg&Jwl##k--#3og|JiR9O*~j5zO+s57cr^Z#A@U`uM#sn=GJ8XTaZ=2n07Cmq zyr!_7vBQUQ?rzyue)UF?A8JJ^mHZi*>D3XvT61z0tqdDFws$P~qg(J$ zVTb}HGu~{5TDLHW(@snEXK9JVL)j1Egb{)3stPe~?uP9Cv^-mopcyoYS+Co?7%#$Y zo&kD{$aWZqJtPNZHo2W==glqj*FZXa zCTTA}cynM%Y`O)4*6O;IMzBgW1D{y{e{}5!?HYa>T?b3*0EQuvK0AMK+bSt*z?0Vd z!h29c-+{OP4Zp>~eEqQsGt*g$ViEht*GmZ|HZ?;ZgmH zX`iJBzP-qh8MiAJQA=#;G=LX<6hb*3#Ctf}7%|6$CAeMbHWJc)V^*_w!POMr-U1zF z{S&LXSJ(5STW6)5Z{y)$V!jUSsu*g@_ob17e3dZWw+wgMNk(yQ`&ikXwlSUZLYP$t zvFH9(sdprEzn4g)N^<-k4$j^AJjogY)*MDikeHWtc=rHTiYB|ie1>W*o^|tRjQzdP z%FaZ&ToIwxB%D8f)Yvi8m|qs$Pm^xO@GhfXkjDVknx=x1(lARNZ#QOD=F?)D5wl%F zr+5kFzZY#*>NPn9$kIi{mc>?ZOc858F(u`jOX*xb?ezix;CI7;y1A-Ff;EFHwtwDb zns2m^#Q>Pz`NNNzdNng}JEd_$KC^48DXD|u`}?AWqswCvbJ~S^{D%Ft&BR&b_IkXo zbX47tIl#aB9MyzDzh`wHA$B#b`RYlr&mYhO)ul_RCYjJc&;jp~RscQImq4S2Cf^em zQOWV7ZNQZlFjOmZ8-NS;3E`P0@F*8ZY#eY7yU=mfBii~!uO{nB)5#P5Ob0&KCe;SK z+~+BfI1UD13WQU4`7`73zw%b`b(bITQNR)Ahu{464wXvhGoQj+^Us;ja*p!7&B~^# zl;~Cj?*af6IP{SgW9cKHVi>e$u1REc)AJx-{nBmLm|Sr0)4=mwPOPWo0qq$1yYc6Lj*K-hA3tIE)_3lFkIZyn}le zz$))m7X5R?K=kH?O^#```sezx#v`}jUT0NX#?PEmws149LkN=pn1rJ$Ep{dFQu~?< zD$&D!&BAY(&$rZi`JGxBSWE`4y72)n|I}gln`mxVXzu|V^xX0Ahk{pCUAbtFzZ~D- z9fN=(4Ya+adBeT2hCiq7^GP%C<3C%;g8qi9*h-T6-r>A<SZYY9Y<~JpN~a;d(hBA>R~F_( zU>QQY2={&>pnJh@v_M>3N-*I>O*dk!ghRMg$2|>dyo9|32^eR8r_=yA#Bj?hk65Lf zv!%dD;ku{O)*PA4C%ptKgkKl=#>?2tdtLNLFWZN4DrqXagZ#!4 zXiEuY7PC>lg^6y6mXLij@hc^oMRlmfpB$q`(2*r{Fv+_E>arN_poiK8_E69Ss32yMm2R4I;P7`mBaf5>CZJxG+Ukt$wM?^clKu3hKba z8hMC&->470&^vV-3NI{B{#PN~!Z75UU)3O%*2vuYXN zoR^4nkFL<-mfAfEUs2DObYn6IcY-^7e6N1&FC65Jvevm`ITG?bHo{)UZS!+g$hR1w z*&+HgojI_XZ)wR}bx)cUm~6)C-4?%n8~ts?FOkDPFbyo+h<=%rTKF zcPwni)V`7Pxb?tFvd~vvQLkprLyd_1Q~2O1+t6 zXHGndZ|abDzoO{{b(GCF2+y+Qd51vls0Pf)R~0c%Oo#oZk~~|r5!9JbEF^2+enBNa ziK(%o!%dtN%Lg^xHmz@5=wmjkFO@mqw0DYIisyHoG*6Yk(s>INpEp{JwXl0~iE6%X zsQzW4_Ih>NjT-xx#=xDCdDClMAO`=U%~OhTEX-#hM-=F-QLX9gH{Suc=7^lva^#_- z*Zpo(-lq~&SvchbPo3C)w5y;5hCb`tVgkC(XcWR87+AuEp#tFO)Nq8TH;TzGw3E$Ly{BWl~aO9j|zkdAZl9g@~JCh}XKl zwvJ)=+K{fCi9n9#qaxJGe397|jB~sYicL0V%;~Nkgx_0$QQ7*5^SVAEV+P~E<1rh6 zOw^~w6CXq+$ZkOcWPVe1&_HA5x@%>d8;VW*GWEqRO)DAAdmM%O8HuVELMmmr`;n3= z^%)%{8M)tiul%z8=%E#XkiNM~lRkWY^HM7fqO|*~g!sOGVEsZ&HNy%vw7&B?u;G1c zdIWsFx4Ol5aC!K;D%hS8YNHi7)h6!abWZ<4tt=< zujyRs#2_~<_zt+1==cz~3oVD>`Epcx>KA}|DQb=me|RK4S&wN2KKGU1(@0#`?aL=T z=nMW#%zKKYYljgZK1v9->}zx%`Wl`9tWXZfLgqh1%3SFSq(jCCUtRhC}tZTmP6!iYe!#)fBuoRYxWkRi}g zmDbBo7esg*Gd#|fWo(0w;;c4{M|5SjFTR^-mnE(xt?;pgp;Y5vhScD#lYjG|9cM+ zW}n|3E-$d2WSs^kc_vB5N|`!jF3a5X;P$UKQ0~6^ zvEw#h*PR;{ZrY83gC?0}+fp%@+b2@FJ028}Xb<Hf6f7jP1*E55n;c#nJC74_)HXP2Wza&?SD);px*lGwL; zg5RA0rI|z<4GG@j2bN290h|&oNJo5Ipf+GNd_JI5x}u}j+yx3|KhawY4&IaisqrQ) zQ?t@$P(S8EQ1wM+Uy;$y!FFAJSzvf`JUe^m9SOy0Nuh%ZP2)Q}C;_!G(mH1WRn(~^TcYoZ1mu)Y;7}ftFM}d5>rC1A&#n5pcur(v4 zWJnT`M{vg@r_Y}*2!^2*ZD08H-u=HWo707X>@@6%M%LHCn(=E=ul_o9kEkDQ#d^{E z<*!qt@Z?R(W3C5PzS)>fOHn6vjp*bDFPonLRNG@1yFt5W6I{XCpL?55e#MMfNul2S zyDRa(^ONWBGoF24a9t;#4DtLgPtiGBv?(o|^6tgq{pebaKWxxujByH4S4nTJp*Q#% zbENi+nMVqOB=asdUE*~1`-3iyl90h}i>b#MgB%%O9-Mx^|Qg^wSK_o4Ls>Ah{W5mLPR=S*M{kMVXirY6~<434^@TT{=p3e#)=}EficH z)G0u$4_bNVF@B(TByW$LmQj?26d1)R*S%A3m4Y{f8(kiU2q~7F_!{d-0W#g{RDw>u zO4bl-{mfU90`Pt{NkXqSD%~jvNKkk1oQ4!xCToaz<;}3D{?{AA6Lw626<@B24NrC< zd9CCsT8*L8+K+^=9K)Ntqf@4zxL2zUeDYQ6GS?ap-n~%h$-WtHRwYl`uxzQ^?<0@e zTXB@3O8p%Nu4`ifs`XgTs^kbne-Y;?lfI0+mRpAC&Y`{b)+de)YQ)q+;`t|Dutb!Q z!$vb)C+g#7UOHTdzaLKF4GS%eavk$n^@8;^fet_Se&UyWZS?EHbX9XGSne}Gr+v2= z0}!)!2%;5czdZvb*Q>cSk_1DzXZ@pJZ(IfVdK^)OaVzr#hQPY=EZ(t_6?SAxhAHxA z%`O=|2u^rYHvH?K8m>;4<*Y&rH;!>jRX_!%_XLYpmiKI?SuQXSC_N&}F9Hz!Q3|dC z;jAtjmEXy=z&2VV&*OC~%Q7agFwS4D@N)!j7`_Ly!USIJ8Z0}m?}TxVKRS+2k5CZUohQU*2kWL+b~XWw zd}1pfl%$_M+p9oDSz1i?#nrZvZG4GztZs7tcH_NrvklXg3$jh&F0J(er)SpO(dLbA zHpHC_$V2c!Ckj-zmGxi%U5OD`?Yll=DPP;<=ctXuPc|&?{6J9mPkU4AMBe$RMZbHY zZBy++s_|*)MLqAVMo0Gw(W1nkzAxCjCnLdpZ>M~E58?E4gxt6D_6`0%c=Tsn1~ zjW4*m^NN13T#0@AcN^Hrp}!gRZRy{7yjb`|avE~8T)#LDP==*+sUtPPcO#uqD?|{!xv;sxs_aGFP$4l{5y+7 zMDAD1i0iiFGu5xcgkG&(r6tRS+^j#=zrhS$P0u)6{muC-$W46C)+NmeOV#y;os=!< z`ssU^LL?WSE?9b zn~#UeetMbm|Hxqp8kNmO2`stTz5D$g@!aCOaKV8{yrNT9^#0q4(26yAJ>OwmHmfDN zDW=LjNg)p`>y$ihC)y{J<{776dTz@*P_^!5d7_WPl*YYTwV}|VVHqv9mu{URt1oOW z%l68>P)x2w8bqd8HKR|kj}4`CyY`3Qsh`hWtq(Ar1kY28sSM3`UU-eLlTh;l0vVDp zOj*G@)!2S^OFI1^_J(d9Rn4a6A!%0G+?aPeT@C1?40$8u&~r7tU~tzd(ru_t{p!0- z`8d;hg($BBWc|QlO#1L@YtF-QB1zG>0r$8M;ARovR9!}{6nQg2lBQJMOw*ExmH5M* z8Ivtpe~;wOYC)^Xl{kSTCRzf2)o(y>MZpN5k6?1tzMOGGR{Lvc-7tKG?v08aad3_? zTicMx;-524DNC0Tv{E*E;eMzf+_gIf&+N3LB5D-OZ$Qmj9BF_FF~XIC%}{{^e|&TC z3eC&5omnX85U5M0^JY?QdT9E&UWCsrVattc2M#Tt6oYLX)mvVpJ@xKD zQa2<#JhUbd*7+@B1W{kuoj3RSBGLx4Y8ef*567@_C8Pyr7 zkw;DT3E~=tXKV9U#@G)EUNMEOgypR4Z(z&D4S^PzZFXg!?8W7aib;?5j8k}%mNWxY z6C||bsq$aX7`6mP@NQPwNAZnxi52dxXSq*8GPpk90-A+6d|K7wD2NZAo##(@064Qu zAAY;qD_w#!ml90iHRZm%%@9%@8l8q)P7zi6UWDnr+6}ZIOyq`l7qd7HAUMG9+Q~nY zrqKvz^#BKZ*u`Y8AV@YZ9Gc3k1WLssajti13eNNZ;W`0zYVcet?o}BT>Jhq zfJQL05N(J>-fUN$BujYaq0bihNLz(2$WCTNEkAM5Y1|2a z@MoA#(JecLmB(=s>(+#kVCwXP5>2u+@w;D$T^2H2uU??MKFkVFlOy=?%AHOFfU@Ar z##D^|8ooZvCHeJ9j1yj%mfr4a* zEAFX@^WS_HEt%wT?rHGd|4wxKkGA=zsYIMl`EwL2JUu_TuK4Fz64oZ-;bODRgV2yl z^|jQ^2ZO(sC#iSndTuRJA{35&NoFxgpBe~BI`ugpv?})7tRUm~JOy~m$@R>d3m)HA zcR~3rhSMM=6a_3egv@5#no#@m;;`^Q`SA4!e~+w>>&r)$BOwcl)}m8X>lD84AoMb2 z$kqb@e4=6{Vb`J~qU8MeAizto5%?5Xv)!=&U2v^H@{u6Yec|fThi6G!W^BoQLCY#} z?%<#QI^~5lZs%r+%Lj(HXRo*FPZrWEy~8WJS!)}UKawbex|a0gu!U7j1zN5?qXpJJ z?;%ur{2=15Q(yf4IB0S;YG)jLjwXBGzg4dZ_LHi=UZ$c%RjT(UAx1!a{MJY{_`H7a zfPh_0lWWeO|EQ<_gR*~dw99F}CoUta+@FK(Bi}>%nGefp-yZQ_e}}g3QY{`t8}hAD z2J3V=Zj4Zc+(aKWx>R+IH(6=eMSWtm{_-VdYn%DRA5O^NhYYRzvj!Kox|0YFvK_b< z56&8=`O;f{h2%n5b)Kzri}9l-Iru^)B;e8*cS!|pF#A@wEa?M^=vF4-@Mpc;g_)#4 za6rC+myk1imX0X3GP{I=g$YD-LouMWWn$8#|BR7v+{9${=N2}tw+i&adtRkCd|u^y zrbP&|$=1X6D;S|ACiV*57WP@s@h&Ui7r71>QD&(EN!yte0J>}?L8-|1&c*3p{MHY5 zY0;#vegy%kM5m;4b0Z1Y#pfmiU-~nqjQWr#*@@dHjZ@qkBD24-E}N?l7dPgb+N4Dh zyMo%VHqhmYhMit{kb}$RuLkx3Np7cZ-#}{t^YUsXg8kf|7Stpi2Wy0!0n&m*#oFNA z__l;k#%y19^t_ihWb9X4W=EP?m=S}ouOAgb9lyJ@gs2a-Yxs?*e?NK@*3bV^up4hV z{NuJ=5zt59J>cQ*IL51cAfZ-c<%&$2>CK^ZU$(ro?w=YKhmOof`&(iV6OPr*U&YFX zw_LrbT8<41ZQNCtpCez#m1b>9g{X(l3k_M`HdE=xh1`G6;nwksOq9uI6A~LZ5|$8# z$LhJcAE%t)woQS-)w6m?-noR*iJ=0o%Eptdtff(}sPzbnEq0cSH9E5CyXh1ARZ7t6 z5=HQo(qE@qJ?@RVv~B^J*Zw*cHlmA#-aCor`aJNdP{k3cT}{jC60Vr8gXy6M$aAm^ z7~00H=9fPbTX;d?uPFZ9S2q`sL3@ml(R~6G{1&SOliFJ9NyoWI>Ugz!x?--=uNRCCwqW?j6L;Y0{z6q9LP#byO+N0Wzh?$|f#^VCIF`E*F(TeOC|;D6`S} zvPsNFZcd3D1{e9Zh?UaN*$GfHq$%+U-dMCKOwj@iQhNly1;WtZg7IMf&rROC-6l%m z!HfitE#-*>Ot{B6OxJgR3u}HzF~f)Rr$5-YhtoUYiD=S z?{-C_K?&V>2x%EJ1-;_+5X%1>?!2j>MS7jNs@7X2l?fe(7iJsAKSm&JaGWH&c_p$* zN*E86Y)VAVLcT;%`O1~u0^@FM)RzG1II&n1< z((l*}U025hOs1+JSS~(=2{Rt`f}pDz+$j~F`SEt1GkKu)8nXhenP4L(XB^Ebs(08r zN&IrY8sgCKiltJl_}(HLyhB%>{--5FQP5#Qp}`K?wZmJBMmXw=8T{BV`Z zYKqG3mc`IXu=v%^E+wTqVp;Bo>q@h*IJH?^^uC|ubl!p@zwdTwEGD*Bae~5!sXH&F zs@|tsZ{TZEz{kt#L*WxqI5Zrn+1c4|VdWyJ*jt8&Py-!rfyem4OI5GAs+!^;s zNvUet&pm#!k&>R*xslgDi|g+W)NE7@hSkvSfT^s{2i#W8%-yQajn|#Ia*Cb~gpl@I zatr0DN>SSw=EzaOP_Pzea)N6X0!rr;BhL%BdHLE*QkFg0u)c3i7PI5!S*8Hy`vMW$ z(J<|U=hp2xcngXpl?OywKyO-vVS;j+EY>Yz)NDh#rN@SEMKtJ54h3vr(ohuZs>NB@ zysbkMze8W=bgz=7Dm|(hEt7LHuc3u;w=t0TnfGtQ@4x@~*Gj+r8gqC*uUPrT!DE%_ zq$f`aRo0#h`5I{PC>!{NUJz*sm6-H62tqvK`U=Ma>#F>Iykpc@S4-TDNaV_-GL0-kmT)c7 zQNXL?P+f3ks8q6*9a^SIwLXfcl)YVwdw!Et`n~}GSjImT4sHIzBv~xKK)6W6)K>s5 z=SsYmU+Jomu!PV|z4BVh6@Xb3IVpL&d!FUicY5S&f0hyXqecBFll8PJ4+|2m{zwXL zFSh!CRESHEu{T@k1*;jPB3;7rV$9~L4x7iXlyDc)0=#Liz)wqF`2*N+SkN5X$w-OA zeD$JfPM{ORpTe*k%=8JXa?K9dT_W~EQ_9_(O7*cL5O4q<$E=Wko|)r>%A%SReZg!3rc-@&dF~&R7sz zNShIM5tGRBS|k$i>!^LPk{J30>QL|iv7NlZ{Q-|id( zECxDki~*(?wL%*hBC27E@U7ZI+A`JWWaF+68BZyWz5?n!Vrdg-!M7%m1=Rg7O`@fBEtL zH?!Ktb9wU1!l_sVms0qG$pPWlH||uU%A1!RCO?8jR)yl))BP@YVago`UI#cdYs<`D zk*UMB1nTz6qXAjz5YKbgmA&Ru(WR50!&yu`GTZT6-gW1%#)S*T;dAn|=XIW=`S@MX z9Y$;V2b9_|)U&d}T+>dv+2wMlt%IqPB)#fuw{6F&;*?pT!AD_pItZ)_Ti$qkknh7( z?rT`HI4Iii+i`Mx3EdxX?>Uq>QGRNVqba{L0#V(we6=xhcF%>REb|_^6jC!TJCU4! ze=V?}$3I`dVm9usmgawU>Om@+eZYBr1LMbWM8wz{46Sum+p`~QQkeFTTy@ObuAJ;U z*12xrR5#ifz#hybC2wSR%M`W2SFmoQm)QE$ zvU2Xkz`eizuFG7xbMv#0O+s&d;1KSiNEHWs7hhC~vXodQK)W}#?o|A{Kaf1IRWtHV zm{Dur4Nqsy(I8|0UWe}1YDdd{a$SIl0&N)`+Z&cg=`;B9W=!cc*+=z>Mfr%QWu+YK zYr{}5N4Wt~*?_N88rFTeKkuWK)reC;x{~OFriNe=^BQ*68Sz4NgoI{e?fpjzmABK)FXfyQ4F8NJ&#G){ec~D_cRC;9ao+rf z-Hx4VE7}gR4qJUQ5l@q6Q0T%X+_LIk*-yYXV@R?FT=S>`?GQkJVdM?!&$qsLWUwe6 zG>mHF*3`MFqUTDAvi0QVO?+yVo;BUD9yV_AT&1nOdYDMD(2p#wZkBREJK9$$( zQM4`8OYrUF9@-Z;1pjr40KWDENh1H~|I-ZYM0(Iq!m%QAb_0ybYs+5=4{6Eb{DY5N z!j6OfHX2%ds=?CAa`pQ$$ZE#>pL&_rRKna9v=Wzn$vQ^VQYsvk4^d&!9&^hekGlgz9pC z9G_V$t-l0%Miu#T$E%*7RV}-)RXu{PcPl-)>!Kk6|3O+$Ox|1fbF7%lD?}!`Aiavx zg4gdXG)vniy&&%`R)2E-v|`~TzdquoZ%}haCJvm0^2=Xp0L5H;;8~eNxr@h4|T{H6D@wg z<6`AAO{4utOd)&{T5%AOyXp*GUJ zw2FocEYHbwW@A?4P^no0il&kACaHQc_U5$AZO7`O-mKAuI+a3gs?Itx@yN$llS%>7 z-Zn}Uu0#jgRo3g8VXd2lSxsDRiOUf?&s`o(+*}zdVZ5#wndp^8wEC9#%D=LZ-Ru%P zI_w-X=4uW=BgS!CJz=fZPW6y-&M*n5$3c#k0h|SO^fS7Kf!A{}#SSRjhMLEgQ&GmXTUkSB<@3iW z*}kqq;fXMZ27I5`WEQ7$TL_Cw(0T0IwRwZcISeU`BmYBezDLvVj!&epVLu+T)Jnb= zU;##~Z!x=VH2|xrTtc>ON7nK1EYXqCBr4OfyX=M= zK^)~S&;@JN=M4ufaO>gjgGA0L57bq=V3dDPQjt)0CgeHf={UE0+J6g5SoZV0Izf0?4lh-YJlMw1R+69q*9$t>zo81Qm zw+?Df=3%btCkErqIWa#HWA*!__lz>upo3EG3x6})=1H5|-2jipEUvw;?9Rn1Ecb{* zKWI7Za#ZZDxkh zJb!6A7}yEDz47&!kyhz{KRt7JsxDxE7qd|pp#EZ}1~#|9&j=_Zia!BD)wCtxSxCmP zvJq!MpQVdW^#oRoTcj=R%tK#+i#{7B^B3pM!vpkJn2$p^y|W9%3R;3qE`jTe4s&Yc zcp-1-Cuiyrli!#;PC$jAp|V6aaoTCGO#C$VdF&MS1K?ptV`1py7h6~4US5Kln+9B` zz6|~P#A7t+O6ZOQ%TBTO&dUn0rE?W43v{!z-eC?u=b#5Q!}Z>rXoU@AX5k|YJRJ@7 zME34uu8LRX^Sy3hRpi}xaj!F1JxxJ!p{cN<9yDiNUnZ-XFwa{t99r~g!#w=$(Akki zDmE=V zHGa2u{r~B@l{#W|WZRXiy5ifk?TP1OGNOIfZ~IKj_<$69KmzL3>MN8S%vx>0N*v`V z)r>%&V6Ls~jo3!v?QUJgFdz%2r?Ih>{et0hD;vopFP8dmR3!OTiZIW)&?lR+0>}$Y zWUQk3&Rkht+0eR>G`HjESi4fAS_Gq1r#Hg%<1=oX1gG&zc~&gfiywgZp~;)PGn2%m z9omKKxC<)x!+bsw%+s?TR@pbvpUqTlOnbqc`K)c@-ut&V5*(gqk5KTJ3xgjILU80^>bXTitE|;UAnDefq;fo5p1Y&B1f&+YQsz2qHPla4#9@2KJ z8}#_~x+CvIVV3b5hHZj!=!(KG8W4?}jqBwB4Zg!AvpYG(4y)S zN>)bDK=*Qbwm+?>q3>Kzg|-Ht=1cM;$?5(2&bCc50~u&Y+w|U~3kCqxebFVX=GPLfV>D4vXnZf5*-ice$KZ2HHl<2va_O(8L>{wi4s#3;#SXFe>cc-wU+ zvWuWKJON*5=Jncv|5`zlk(&ur&}=JkeGO3_Sv7%0#qw;MX zbi2rGfeqQ+7ozqc+!mkL~;T68iLLXX*M-y~0ppX=7ST3scp) z-64*r!jFGi1X$ERWI>I`<1Nib94SB^9X=3lgT@15EIhg8tkQh)q)h)>nBEG-1=mLX zNY}b1o8p|)JC3VJ9I~>hVokK<;=I*M6s_Uj?sTQgGRi}S|M6h?&)5EIgB)jJd)}92 zJs53(NJpjLV^^E)d_UyMw=Um|_23p}%X66DY(2yz-5ANXHUi5fNYCTECYp3YHJ(2~ z7D==mS7+nZYJ4`0$aZWiLj@3Bcf_&D0)&_kS@3NFfY>LLvabQ~6)mo|s4K+P7yR@9 zN)xgxiF@ut|AY<~(%vk)#WC!S<1}Z3VhkA3H?QEW#?xYcm~jp?J*3p^tPT zDJ49oV;%{^a^iam6WsL^DU7*wyV@509x$jcLjnb13x#;0c>CmU$k+9qV_S2_swo-WdK&Azb~Lnt2;yt!eM&JMV@lC)H~F)=$>f zO+hK5-8tx_M8n)rfjf28t2W#Z%{cs%??tKUm7+`Iyp17rNdHPz-P`F(Ra&=-p-u#s z#3v()oH`=GQl#0`kPQo%1Mv^pJ;31PZk9==8D^%l9h&P6ZYPP?{pR5V$}3gn!&B}z z)J*dEL9R4xC+tqPyr|5~_sFPJ6AJI*OrkSm(0S*xjA;NtOmaXupen;8?$=^n3G`0^ zXuBzuDrd^!2NCF%$ZnHLm^pG3RCB`%y66HLZ@1a$;Fl=Xwv86oq04f<3tE`+OhEM4 zn2`gFs@0B2-ewvD@HW%gR<#*)XGOPl4~p-WbJ%99ql=4ObygvgS-OdGxi!sIJYc5&(cKfP@35nP7EcEJ1rt2;lE01ZQ@`(eM zjzFq@Ya-p1@ojXR(;d|&E5a+zA{H>8G$7a9;gyB7nKtE+Oh}vv1Q(X%N7$IlNw^xruTI*& z9e(7)x;T8K8z^9wA9giMrRk+!xKekG=t%$A)hTay$iSua$5#*jI<@d)3q;aRj(`eh z1v6?Fn$R6$MZC9YJn+bEf`VIYfY~iifYooDv%((aQU%xj6t%i>fDP#u+fbeBM#Bw# ze%Vd_SX^ra8{;7`!tjIoAeMbU{PElqYZH*(Cs=gfjHVJbQ0im;5lGByM@VCIROp37 z)owMAo|(IMyGyPsmUFv3fM-+VH zWhSdlxH~yLb;f^)M}Ep*g}P& ztEhF_kL1gSK)ylE04w=^a`em5N7r9Ju5u3aoZc%sJ9hz)@%J@K>Xz3bTQPS#Co~`X zyg&Sf?|+|S*SC58;r_pNUo64j{m&=Se=9lneUtvzskoYb){muEpNIdKmP-7eHs)^? zehttlfn`5g$lgOFZx^?Tc(mF3!kq$PHdiOAhp|ptKSiH#5IBjfV9SmvvO*Hk5Jy^C z=og_pm)+x3ka;!uYkI`8y@lZ7I}PeidVO2nfiQFsapx{=!xE>79?O&S?7J?mSNd?} z(YfCiTKup%()MH#HA|y~XUVSgDLdcvzH{5@&Ds8UTa*9Hd$sf8d0>7Xp)G7`z0QUF zHP0`(ezcmvf6K0UG&g#b))Gjne*Z{wx?{gjW6w)Q5~m-aoHS7^`|8c~XCwIv-n{=; zE&lIS`lrdX{5Y-@>WWf2jv?O8)0_8=$AhO znI^+P#srsC$^M$ReoFs-8_;1KkEZimElp-cc!7;*bcn2SreJFYkX-PUVY%KG2^0&qFB=2%lH;@k_Cv=mQ!B$E^gTiW=}`T)JXk!l*r;zVa9!Z-zScG814O z^Z74$*1vc2^zk^8Dk;{w8N?hMNlFA5mvgtk!Qz#?vFTp<=EHcaZ<-9|0op0zd zV&VU<+Y|kZtj5o?f0&>VZzjU+PdQh zCAKvRGOCFn&SKy8*UWUtl*-qN{)kbtlR#O9Izsv5)E5#w&d#9L$|m&NKr$Z4mm7hc zGK1cK;!GHBjT+OiZJI5EKb`bXO(HhDWjGGgky7fUnsobMGtruqJM zU-jyy9Q!5G!2YzqYR6P=YmMV%Qe`S*gr`Q!f5U_e^jOHTrp^{Z#5E^;RKEa%A!^z< znT>+Wi;+{md=MTOHpb!w_NA&lxkMb1aVAnY}XdFE!@CCtF;1dwqls8Q}y)-g9f zw=^mInRLgSbo{-HKd6C{V|GIK+KMV3(@1Y>+7)!t4u`2>7YGRFLA*rNda zh2OS)E@rxU-_WsJZ=NW79vxnDKaeA$GwT)a(^J1%BB>j@xM`h%;u;05Aqmu{>XC0J z_r^!MzdORX;DmK8fsYpG#&q893G!z-d15?Ujkmk1ELCEbFSH8M=fW8*n(QcNJR8V0 zxZf8#o!MghCk&#a4tkQ13_hm z4#IGggKA8{fliAxR=wH;J|n#q;&7m+yiuY;u*sTk43q5QMJsoCr+CI{?!&!MN?#OX zhbBZze2w|;``5;LkZ&;wUA@GRLj7>gtj@#C@}6uT5#+2%#y!Yz zT-!rL*;Pkcb0MF(&Zc|p=c45RQ8r+ zq;F3RJQx${9UcxV>WFgd(EDEc1Zgl3vuAzeb1N>Ns++Sh4k*tmhAtGuTLPy}Lh! zn3{%Wv1QN4(eMR~R60IGkU`W8Q=sXD^{9@4uBL$+!#U2xzxmH*p3Av^at0W@Vf?{R zFE-g2-wR%)%*Mxxc+h)lWZf=S0Qwi!&wF2Ql@5E;;c8^}$A7k)zpwvS6F~Zhjrpe( zUbr7vw(R(}wY@q}rxgPq_~qnQ|M$F*vAU&+;f$5PPD$-_)llnwyLqWU|M~yrfX+%8 zmyrl`dmAD1jxctL)UzcmsV-=CoL=Ok&hcBmxbF6f1WHNmfd5+-`O&rMMq(G&W((s0 zd7rkiK$uqI2Q!v`C{kM^B{$sHhTN(8@5qRRD8lv!%j>J(Z9lJzzjUlIo+4NIRL@r< zENI4)hh*Y(pFovk!lpC+pm7ODDE)0D!BHeCg_1eUTSCbhw)H~8FT76TL#fD5LtE0{ z8)YU@WHf-PL-F5`GpRht_7q(k`nS~9Jtt})dB^EI{EECEX5PxULKKWmf6YC>m&1M-&!;Hv+~|+Z@&PU0A1dq=c4}gT7^&)nrG3X%x&a) zE%$TQ)twVTl8$fdoqlFX!B)TZ`iToED7VIj3N!*&FjCBxDUO&?GnREMI8Xu5ua3uG z@4INht?RnX)f336Q1{Xxi55K#vv@xjf55C)7;QED!-8+i7-QqA>DRd^YCf zLX`fT>f<|wX;&ZCGj>~>^4Lb>GV!?iU`=2lT6XcPi;p;8EZs#bXQCwUiflf2(r$8c z1L#?GzFbQB^WNP1M41#je$B^Z3?S44oYaHl7lsAun~*3AuHDl-Z1<*27$fkIX6XSwh6yDSk+K_^nIFd zA%Gd*oo6@WlsXivR@mUy{qL*?y2GgD$B6kOfEf(XdqKgb8YB6-Gk4k+{hE*1zOF8nTGB~h89g*%Z3=|jLJ<}$?YG9a2R_ud~ z0iJAdI)NC@yhbgp*QYR*+5xf!iMjnus&;6mWe{K7TYNLL}_nkR4HABA)$BL@7Qz_i_HbbCF zgul(eLG}t@F{m|m1t3fek5I+Z(55;)84v36fTlv&R3xiyoc6Va^Wb@8NJtv14_VR= z0<@6B_m;8n07l8}R2366VIEj-soKpCur~?(q!A*X*9#^Do`E5vxURU5fB<}mb!NQ? z5KiZbjYR9x!{|DyvlebDc09@Xfoo7%Ja`%uuS^M(ts@D#$9Ak zBW9$EQ937kQBFawQE%R)S|w<>-SSbXtygF)*i_5b#`~m4?E`gmtikaJ%dIAI*uP=P zmQr=xHM&A}is296!o0%!Y`e?G_nfN<^hO_h`vhwQIt&NG9G@4p6 zpObW(UH4+wE1c9-v9>le3|q(L0uV#ILPBAp+1B7JL$h9jQVaifU0Ts1jV%3FjW2lkC5D5vi5nrJ)^<0P2(_Zhr$+i_00a;w)E{Gop zQc(h_0X4grY*6WN`V>HT=y1WxJKr4f8VV z>Y8mO3|v+9az{@4HAm2()V5Iks{|}t52U>wAtsH(!9)GP)FO2@iE{4WBtTUGx%H<>dx|<)X;oY9|boz@o^a{Yr2? zC|OKJP7YjipfT`!+aUmFFQOb=;Q#qBdYgErKi|hu!*$1aSn;bdbul8=P|$T-Fqs#o1h{C?zNM5VvVzWgS?#S*5t=o=I)#T)weT>IE0g79aXjR z{akV;T8B@Kt?r7nDOhJQ*2b~dz_*h7_~_^oU3xq3ylz221;!_r_)Vuh3@&iM>|elt zxKEw-QMvX2f(Q@tewb>Y-^!1gQXlJFDdP;rH5l`qe+YTs-btci* zaYVEqcObdxWS5Vd-DV?QN@hZxQd-02LF=8x};Sx*J?Vz?fdKtUOT`UZdeqoDC$ ziz)DrTJldS`zLwnI(46Em_4UMo|5QCa{`yXONUH%d>Ogc`*nC*xo73I{vFrG=Vf$q z7PR1s23RH8ZiQI6n#ZS`q1xpDH*3}UP6ZZ{4R;W8aKqWe$y*Z|Lp$Wqm22V}DczUZ zfO>rsMoI)@VsK$;6+shXX9FCy40nF7QUNeo{4FdMkfxf*3y`C+GPN#LCOzo)L;E#m zo#G8$o)@eng>V=r~FI4z)5|(?1 z_;}bPP9u zziDloTfS=jnG#Hn30%}jAwehg&g5x)-Cg&mKWPN?)}rF$<4agmwD3Tu_;@xms}h4# z1RI6+iH9z1ybzY|T$zgGC^f^B*L{$rUx;_Gfx6!E9vaKlSgR$96{}K$%Drbj5O1}N*74C+RyZiDsvIa#xv-uU0$3@nzlxf9aweq=JF0+KxHRQgms zv+izIKlE_uHl@MA-6(@|>eY7s;LKHc{*-aGi2O{R>_z*Bd6W`s-yzwgs^114tfd>i zsS@YNnBXX1C%?qc?Oxla5g+|^>Z_a<+Ph``tLlI%HNr%G&4U;lGW~*&s#l8Gvmhk4 zMREc4z7G$$=Mo|xQB{)J0d1d-=DHjG!v!g{JES!_YG8LAuzYWSjq>hFcW6>X$!Ik` z#)}y#ThR16@Vt%?c!@5DptQ<>xjq#rQmSZv0$-(_%+#Pa>G9*;=Wf#L2o8g_8u;f- zCVI;6;2`jpWyt*jXWU8Rh*J~e*qPBdBa6e$ZiTnQ#(QU$gd(FqV}J< zt2n5`=BDbS@=*Ia&b^FRI2!F@b8|8-c)sHR`8&hm1#RG$w?T?Z*lL?WVN8fS zBnJa)O)xbpW(sggzAYF+kvM2xCCTrq_U37x)1i{-^1gjKg+{#a{KV<)RJDwc_Cp%C z6rz&4%ga15tmDj`PNy1TC$p#M+q*Fpp5t+XSP&j2o|u5Fi!|3ZUS^PuzHek@^iI1RWRsC4UcgJ>1{wiOuYpR9vIwk?W0mu<{3q#E>>V7gd;1yA36i4d!j08LWq! z<6c@dLwBY2ehoDDTH$MbL;r-xOurGPX#nziR_jj~u^CSDE{tk{!Q?@9X*=8-C-ZFE z7r%|sz)G&4R+(4qiSikezYYLoM^*!Wa|}%&isd1UZ{^&AulHJ1qe2kG)$#fGQ zkeTv&I>ZnJc{ShEYn|%+Y0PfB%^#|wIJO6h4_3=Ux^5ALmj61XH>3NS(PG{tK=zlV z(XS8X(xvxaSjn4LMlvOLa_W1tyi2w!>t;YRm>|?43n2UXlBQ!w*luN$$OLAE-&>jp zvIc;w!Nyca6-^UG6~2*#>LGrBl9PETd_ODjaYTsA1~emZQSrWxoqJ*!=rWZVMyt2$ zAK;;PMA5AcL8@Ir9d;Ul1cjx%{=jv6A06d1pSk{lsVu)@KL`K(;q^Ym)BB~40#uzh zmFA;(H37S@R9{D#s&%^2Op2)P$&P(R!}gcQKZG{k)qH5}4vA@^OwNV2HrkLwhn%gi z+?pgn(Y}~hxpM{i;(moK7e6xM5pI0WFQ^Ej`pqJv7% z?mp>39qKJBXm2rhG$!|_oj+VE6W?|xs|5gN9}7s!5-`tGGF`p&D45quEZwXm#9TL{Pkx6@c}1Jfp)a8!U!K`~G}q9LENVbSaJ^AYCA#gELBzE+vE(99nHIT@)Eza=M|>6JFQJ}`#Sl6ssbU2I)A!ILU#)Ua}u z*T~Dd^3o3vj6`amJlC!v=G@XwF9EDl4no*kda@^&RN)O=_w=QrqvS0qAiiEn09bI` z23eBk>Ysf)Ek-Vd9}s-NDstWAV}1EiM{KfJxhK&0z@=*%(qr| z-zbLK+JCGPasrSKL4O-RP{S)X5vz;oS&^g>WY1-*Ow0)hzn@5|l2J$t%t`NY4>cKR zU7AC0R&*Y#KW|cT#gJ^Qu_P3R=uLzbB(N<|OLuKR5S4*GNK-*6Et{5K+;jH5|3ESp zqU}))KLb1A6XiV#B#7!)-*LbwPoQLCLD^(I0WTY$&aZ`$A++U-9WuL^Mw#O`0v&rAVS>(RE*vI*^F&(9evvCrN3Wps%+MyymAC z*C5lWE>RImP2_JJ_qw8ZSW&XQFE(~goU#I|Xje%VTQB*bapBx4VPa$2+TfCnD;^I{xw_EdTr?bSc{G%QR$Prb0>&?)RF_+if+O2Gzdh zIz~;TA3Sa>&mO4e26$`UQomcX;k9apdcaGJG$1aAY+9u$JsTE4j~o6Sd$IU4pz@B7 zgTh|EwrO3Xy_Nb{LY)W0H8P{911b{dK2~OjC zbZdQV1d_W?`xS85dlzY~XAQ^Xzc0v+U&i7qw-4Nqh%=Y?6RF7)aDH?r>L^OVq!GNH zQg-0|kM7f9cb`r+gYChU?Rx*>emmddzaA1tD~WrOT6zf6iTSr5lFCV6{?e$h{G{e4 zG*2{2w~$eKz(Y%>wjaF^|D5l*?X0ba$XZxx&WQRDi48@5IZj0tezbt9v4@!{nA#Ef zzmMTRFXCTj^FMpypFQ!XzmC9({QTVPqV&rZq{^;u_=A#`r%R;)Lh76WSi@R3 z9jLb()NL!()8Uq%#m87+9PsN{c0z^XxTiLxJ<)_R|Bw6lLpLGMJa3oY# zpa@i*tOh2`QHN^r6<2mLT z4lfHv(0$~}k-SIKbq|r+5@-*zX*O#AR!1gxmb+PBA%Z`tMF`>Nb(9pcfkb&ytW&L; zq%M`_bz5H8XmKoT!Ik73q3?v7U*q62 zQ(eZ*XAmAi`3{E~3MWon3_e?1B`J~!JZAy1MmT`^?!o-uQcskZvrSg+{?#L7>d@(v zFAm>0{N^^}lTUwYZ@OO`ZEI?tFgN#&VIu=0MV$=O>oO5v9k)Vs(D2S?6?# zd(oDStV3`^@OkRLbMAlDqW>J_&foe+RyJAt;gLeGo1G>^@UxG4xX}a?K&XkL_ASZ+ zu28Puf>b-eMr>B&0ueoHG)3`LbdL{-jJif7e%td9qt&Ss=ZuZ_sX`esQgg#-lj|v65PPDhbk0iGzJDE)! zvO*=9K~E1;L5)#Oe&Zl(&^l#!Vco8f0;)Cu*bPjVh~k3jWOmH->PN{XcnZruJ+3K= zxq=fi8y^XtmKz5JnJJl-x3;T=?>~LLF%=80n#oZuBQ~w&Ks{WiHimWRK@&3Xu<++G zrx#7r{N63BZs4&t;_p*cjk3^CTQ4LJLGWgcd2FuePOjjwj#rLqWl}&ZaQa}gA}~j) zel3jXU8W>#*$2@G_a>*;Il0t%%EJk45z+F);u296$gPIuvaNmKlvbnJFwFZk2#spJ zFAuW$n2T91DBA@xE5`>&sMCH||9H!ya)bYS>%I%dEFb)q<(ZS(a70SHaC^QP&?1Vl z7q~AQ+YZ*0>Z{i|Ct=b2jiYGTLKi%E)*fXtBocXkTxa7Z$~ijVIZMs{aM}4q#(XZV z;_rX;Gm&9k{al~4?{P-*_i2-hbY6=pHmq_q-J-3YDTfHp(W<_n0_LVl{-_8#y%bIV zpqC3n&!EDYqj(Oqes0WR#%uKumdFk5!YUumIpstMbwhVq&kydW9?MNd5 z^g>}Q%_!4%0Tjx~&XyQ6>n>#{)Lk!9-N;nR!d=)^^>mjeqn7O>YBwC3;Y6rrIy+rQ zS1wTJyVG186=Ak8S<*;rDo}QqO?KwB*xFk5!7p9zVL^hNgXys}Mea1kz6ee7#d2#ePu9}0y4Bb*_#$1I zmXui{R^?Oa-P_wKMz)uzi_~qE0u8Q)DA5Pz8sPzJ>mb15;(QY6YWC6Z-12h=2SUQ( z=JQX_&4vkNW@VFR-;~v^3}MIpw~MueW+r0|jTsgiv8`NfiyK8ct+>{QRZ&|P+Fr&5Al0;WS_0u#TSA;!A# zD>`2*BJGCT!+UeE0`vxgxT#quSOX(+$33_+x!ppjb{73X(1Z;wn`du;Wh!^N9PT)F zwm8780yRV*YGw5esnf|(8@z$Li~2x)?N(=V@I?QXSo_O?A&XnNL-y?YQTTrU-JGy( zJhmXuxk^e_G$fBeaL}K$b(%OmLX1=jWE+MIMYJmA<_)zAjw@WAy5Tq#yE5DB7YJ}Y zy5ZQ*k^%lwu=&`RX&bMVSZ(h0;GQPqL#Gmt`Ve40d<(yJqn(vg|-< z2%k)96jf{{(@Yo4#amkhtMHJ{CobSy#jf14`0fF}4s4=d^K2^Zz=MCRU8$Rm_p;-3 zdMrDfZ6&SdVIO;O2YDQLtr8HX7hso+C|tIelBQ^v$qM?1TKD{LbomHf2@kS2$&!Ck z;ObqOh{qE0T0o{3Aa4X)8< zCgENuVvO)*Mm|qH$W}~6>V75cxOQB#-bV$4jsB5M?qP~aGC(eiN&)Q-G>`NU6Icz* zX|+98^7*e%czffAN1D@XB?({#fciU!4N?rW) zYuDnyMJ+Gu+ntIlsfPBhmrWNm)J!y^+CMpmeahA6ZBf!G_Lo&A-A%is4_AIGcJrc! zWDMO!$Rp+BgJ)}h=lJekrs~~pt=~hYVT-+Fp~aJ_=bwRpFHQ!=X2=bM-2RBDO!~z{ zxAQ^1U2P>37!g&dqSYb5XIXCRTO{1)J)$mE;@v_^Ha=C8O=;x;fft^7;RltE*3CC-P94HIPAGe zH&+Me%-iCA`e(EM#X9->D#S*=aAA$f4+Jv*Cgheiu5uC@MEG@HR*|ix7@(K_ASb*RF;1bnFA$k%*}NHyeC zs(%|0`3ocB`jZ)pi%99cW}>ZMn*Ji5vQU^5-ZGl;i@{EhhyBp(y*%FyEvw;Gp(d4M zkLh*hN}e$xN2)8YsB7Pwow&P{o&A*Z#9*xMBsScc_A(>*olBB$o4yxZwi~Z79lb4MWEMPYf5Q>ODcLum-EYNX<#h-SGR~32z)-Xz z2YX3S3te3Ef-(GNz7TWOb=*r;uaXP8I@YjIXvMzkL>OV&_2e3PEWTkEF+RFdwCe!Z^j2cQ3)HokKeZU{HNr#5prZf9ZTr*9m* zQF&{+1j7o)aF6#_iLEy$;Nhp#P0_#A{rvBo{a>``Kgoy5>FmeaH(0L9!-QURK+pK< zHLS>oTX#mDe@fek2_wo%@yNN<+>1$kn5%R|KP53FS;MRw2z|tha5A&C^^jmkm<-Ad*vjD^JHJHb>YB|p*Xsjf zh`*_u4PnozEvBR&E5?VFz3$;Bp*H49&X8Js!>NIcpvBgJMKR2=TGTFZT+o5yNDj|G znpg+v>h#Ozi)L9{0{zeF0IO{+RCn?}BS{tkqqV0u;Ge1>b*LHNaU=a!<;dYMdfgA9 zbw#=7vZA5OYgbgo&rRk%+Q>C3%1U~zO!fzPPiShbb=#u)s!Iw-FPW~QlG74j=Gi++ z{4gi;+-3?gIQA(2QW%N=co(O7PgZ1!pqU%E6XDmGdDJjfyKeJVlQeA;61|ML1BUlx zICLoYFMB(&y*~K;7SFv#)7>tZUFcd$h~EVSQl|n2k+7xMS8MkzGOm0wtCgx7EvC`9 z{yx89BEW_;W;YcA$rHxTTdzKt&RVbe5o>YPs;fVdJnyROKk|EJGimJc%64FKp(!9? zH+Vln2f^(Cb@gAfu>7?tbWC-HQ)LN1#jGS7Jpq`K9}pU%X5T&}%-NI8fY_O}Upg`p z&86D|wZ9z6gb$c$3y&?zcba$uT+X>8*)A}Y%v6{qSz;~w#l0%%on2(slS>twJs5L`S5C;6>l0~- zXlbNWj)%u{k6WCrlM|jV`ePDI6whB&?GcFWAO3$7B?Cf0P}a>cNq8+8?M7k7v*vY(h+MAJ``9^DJ>ByND4CTw&@Na0U_)ZyK<=;Y@LyowEXJ#;4f1S z4U>(pw>`Ly-Z<`EW|pMRs(j$>|3Rjv0-Eu2JzR>*QH>1uA-vw}qe0A;(!ypQm4jYA z(pNXR2+c1=v@OA!V~O<9{Ul5T28Rhp=+THx1RAmVwVvq|d}hN9UhW2UyO`n>5WlWf z-Ezdq`T#Cnop3Jb7QoMRf56L3CwdW~x3Mhry-Ll7#Z)QhwV|AKSm5U-Xb|r?4x%;N%W@}wosurd zW>F!QrcvuP${3%0>?50w10W_j>am-6Pht zH-7VH;eXt4P)v6z8axi7)TDdPg>d>cGK1*H$gm>#elB!FqA$1S( z){I0{?Ip%v89nTK9@WFlNoZWO+Dl5mF;NL)zTU|VqlB1;St;ZkE|X+~D<#W!1)Qmw z@-%$^DQRN54!CBS#)owX)VBEhyc7i+=+KPno<@8m5*00NKxQ_BUE@k@jB&4=sfC=W zdez5jY_+qaioTlip)?kTFHIy6*%{&Z(i~S;_HJ{YQ7p?#*!JDTruZ|m@N1raRkoo8 zm=&C^f7j;A9tfKhqUwu&XLf$-5@*J<8WXuR{C*P~a83w_fGTp4hd((drNCT)zV*D$ zsXaZ~ln?RD#04qArH&?8$L)Jz%iU+9LkkH0A!AJL_i8*riYh8v>ZX1)OkNmSMbJV4 z0MZ+zIGTKZHK%nrBTHrv#xrHn8b=}^%Ynf; ze2d$~h?~|st%w%I#KkL0%K;!mMU_x&Gkd*DrA7?BYm;H^HZXHE8gVq2^KQ9f zLICL6jEOcXNc^+zFMT}hKjmMiVqC-mjFy-;AERA{6s@l~yhMu+$&jwxeEajC4*EX@ zXMfr?e^T+EBRKoppyM7G%r@}V_q;l{#^wHiXB|COkfn;8vA7WAigTC17&Y~|!iH40 zJwwz5I+EEopHntbFGc}hF$sk*Y2xXuvGNg2GVC_fM+s8i+7hO^X`L#m{PE=Wd|qph zuEffW3Zs<0*WJ{HN>Xy>0jc`!Ohqd>8OqTIKH`_ZW(Tf2mT@@=eeXUR+x`en5&Pc3 zPXbNo@Ls%NoDPlO$o24~T`+)Od6gGdIGpma>*N;%bQe)2+>oC;n+&dB)B4(S+zpmY z3Qz&9PX-?FuhR;JvPIS6aw}%#hRp)*ss{S@j&+Gw@f5Hxk3*tIkZBi0wDHOUQH zzOHuW271&S1fT<=EH!NcdNsxbl8=YEeTWSstmX|rO@>_;ZM}`xa4x7;~x4JTTje3D)D3g-MG658e#+u{)Pmy zg~bpaB^z@kr9LGk>I=I@ZJ|r5`@3ZfO`Sa3oj1oH`!g$4FZF1jH=DKbGs&3t_QTp0 zku+nQFPL#%8S8YHq_g2vE6%UNJ^lKDz{N0Dn)L{5SEyQEs@7D97)%&Wkj(&iWaW3MY!UWn@7LkFxC4eM1{ZaM&O zFOZ3^kC(q|H+6A%J4sNyR%*r8<&@dvTg$xe-LL_btwsKlwj-0+M^T2AXiH`)#kgEg zY`k|5S1$UwDR6ue<@VxTMO7LwnrN`5TMsuCE|CrEURuV+8-!8}n<_QK5tw@o(tPLe zW+)rxet0^cOLq%A=GFy+m9jyKa=lxYV6gm;4mj4Pz))F3L{Rf(-4SAk=dQz%qt%yV z%wu@X?k^f50KXs`C4GamdHriv9yrr}zqDZ~m$YkX-s!dzfxG+E_>M4*4DpKj2xfIZ zOlyFiZQCq;Ej=YLPh`7DCm8udUb_pqeUKMc=Ae z%`=Xv!ISD_d`z*HnMQ@2zcn=1nIAx9#-*w2tF#Z<8>mf6aQ95uflNXos=$AjM+@YZ ztfX!(Y7&kljL41WmYFx^47g|^>4{Lkc}g7*kL}ZTjqTj{bE_y|~!2ONGew;YE|8z1P5Sz zPGWsPN>}}4ZcehHMRlpQ>8ROPfK#GpUT%|XxfDroUMC}dE3*G{S40a^$V$JL$GWuw z6$Vus_w=Fg`eKZ$4e7240PS#50{ zg=HJ$FmA_hdypFJ@lmhmT4Ec~ezZollIm%1>}vjf-rgjI5G23Ub`E17?-KxJT(xQ_ zzq8|Ks}daonzSj^`M~+>8YHb-?aIpGW!urTdog|eF?Vp)CW6@~U~0SR_K((sU5oHp zx7zW^jxK#dXEo3gWVavCqamVgI`NIe1Tj>YozTN*KE>zN^SjEMizW~;c|+_k z-QGpJro!7fxGU54UZ!`0yiJ<0dVp5@Rp44J=jy;5_Fey6S?vtVcP2X?bH*6~41J|U z_0d&;*9lKG9JSN|Hau%4hFpiAz$Z*8N+((o!9nxMmO6SwYouVu&9=UYePv`(Kfbb3 zQ42bQ#O;X~`nI>3kgA`SI8KU8Q2U1ds7wia-+!lte&=*YSoL5o^DuTBEc=2eesO6z z&`4fzechkd5!b&T2e7bz57?jY!{ZsbiK4i27MFu(dd7Q@b_->lw5tWsICY6q(7-Ff zm(Ut5vtmeg9{S_b=BD|7YcYPK;L}>-*_kE(&9M zLvb$O|D#odKeL}AaeqLhkL-KDU!?EcJbS%y4!?HF?4kiInBFrAD{(*=U-^=ouiAJ`w(4i!=4ih3K~g zsAvlF>UXHR!ekR`&jPXwl=nb_ATtfe(E~D&lnfDs~L~VzQ{~mZH^{MQ3mh(he#a>Z1{M?WPB4rKPfIRmpOy zU07KNs}D@|jh@Eze&hIYMymS##`&|Jy)CFNjg})@S8PwzLj5DMJ1}bQob!}20D!Kp z$zM3tZ`b^n_1FJ7Fn?b10PF}+3s2pdZ;O}-{+V%d%+^UCY!zk^oaB!iM|I7rS8mBf z&YenzhwZd^?tk5J_Fr64#cX+ft=avGzG>ey+%B^RsJgOA`Ag!~-@ta!v9(Xi6!&q@ zA=_?iht~TtI^olvQNtG7=?$}Il;}=U%316EAAIsxtj}g2-0>e?-OSo5{hD^lzxU}I z#|8S=9ll|w+B)UP_MiU#FW*Lsg?jPJ3&GipcoAvk^1B*6v__>!zc3J8ytl4NC5~5e z#KirUpnTZ$gobCjuc|?mGB?`geX8NY5boIR1?B@xxB&Jv;~+=fYXX-c>A9fzTr0?aoK8bwEMCjQ>y!~2oVMCSI!hJ!uB ztH1P_`i~}GiqC41x4Y>QtjyECXd9+;0@^QPi2k71Fd3Tg$oKdqHo5p|wQVt}8Mn*5_3_zHAQnd8h8`6EAn~NzVZLafr<7H2v59cdZ)9DY>^ES<36Z-YnLz zw8F`o#q!1UTNo!Rx!+j?ZP|YDY|jdg9-rJB>{?AXn6b#FWAF9CO;O`FW)Q zk(5t}INWN8@hQ+CKPvdB5GFOaK~Z^7B?YGn#Kzzm$9i}?A+6$lw-aLP0?Py->vRtdUciS zQQ5Eq6}C;6EH}`cqD{IR0>M>oGd4-0J41QuK{+w?T5I6}E5ck~Lcylh?vDuc11M zfvVTgeT5G#pI!IOxa)VU^;@UBNxUryxEfYohr>9OCayM<(cK@)prtf?Y3B`@1ZF4K zfGGm{)t&rcIWcHbai-t|1fU43yBQ2km{TnWn1p=Mp)Hw zX9RC)4Y9Gelx{Hm{_!d@ywa?%-*yEkFf8A9_h3V4Hw)-x(pfy_y)`3VJ&}yh5{M3s z%$YxPQ%s*A+4~#~cJnw{`XFw2CD0Oy*wvEH#DqluUQujy=Y`&Uq*}9lYdxG9XshTj zFin)kR{9<rhCO%bC`;~T>G)0Y+p9&j1TA-_zC_H<0N|FI>b2B+T)$q3M3~R& zG+(y6Fqb{u_yQ>#IQ3a4QVU9(%KNE@_x1FzzVXTS?yCszLvdCmy{U}6>xLxXwCY+~r3>Ih2#R}tVLire zQ0pM55WnYMlNFSuLc2(YF+hWc@E%tzln~!DcV9}Ju-wr7mKnsqGvN^w0P0`GOGdCG z8>WVexb>!z=w%ck+8W?d~VJHu&aC7T!BDA@6&dKE}}gvw7@NBEIdd5IL7!??8E=&$cv zs#8_(>6e8`#I=YsT~BAI$Gd7J!c($XVqPoAbZ|ITc{FRwY0$Y!DLkM#kU%7`DAwrV zbOopRfPcA1{Q0Yxz6inWzSZ70jyAW)sTK9|D|^~3#A4)waas*V`qy07!}_tpIgs=p z=umI%%B2Bgk`*|vCbV=@1;vJ?S*q}$g9vOtM79#`_D9r#?Qyqy&z^sQwMMh=AG^^@!?$x!RXTo30Rx^l^jr_J z{mBui{PuwMY?}!d3Oxn0>V4b_~ljQFbjbsCv^<g_vWtv52YKL(xM(HzgzaLafPzO$pYLm?wnf4pPPB~)^L!M;$mcs$k8ZM^~3 znR_+tyE3WVzsQRC{~h!8&nM6SCpE6Zky6Ht*yU57FvhY9%KzqSl;;vXuQkhH=yg8$ z=zgYrlpoH3eV63_e{b$b4Zp{b8EQY0J6{RR7FuMW#Q_x~Y220rn0cqK?j7VKH9oE8Op{9zu~5vl1nGf`8og?gKfzjrWMnBCFB zSocrB-fofmIK6ALTuv(>U`hm*hKt&T>&#!~cucBiA)bZi*xa_*_ zBBNrUSI~OB+Pu+WyWiyFDAsfG*n0q=YVvi-MGSFn`5?E|`W9|<%Y{EE%qR0xRctUt z?7oEc{hh4hc2Z%eJab=XV?GZ~*wD<&LICwlkFXJDpyjGT!$q(;d`LT|8m2k?P*W6& z2^jSj;N%-atn9BrbV)`}(Ws&wjEz?klPe94GLUY7wWJSB>g_%|#Wng+m$&rB!x?OJ z&Lk1j;ntJw$C`wDY=K?(d>I7%@E6Jz>G z{*v=EuZo7_z0_0zRfR%J&xqvbQi4OXRw@zz=re+appinKi*2m>D0#rWXiUXs*Ykpo+8xnU(mUwbnJweqkKr=rCh(*__4XzCf z)t2_Dz@M96GI4qlX8?|dEx<9A%hEH0U1qFt(7G%ZRuC{iMR2lhg*%}#*~D3HZbRP! zrF5G7jhym zWpSoNZp@8v&d2sk7E>g9KWpbhGCvHuys$bBj~5I1n0}WY?G9A$pWgE^Fe89LKE4ebg#$0SNh5GJ5F>vtlIdZ2OJ*<#XuF9?X zA~r$wS-SDE*O+&fEGA=}r@zQ{ojYdtuHHF2#~!K1l^f6IOxnnfG$kS^Le|JnXl1R( ziybOdmolETAs@aDzYVZ|i4~Va?CkAaN znB!N*$PZuKNT~}6*kmFdwFdO3%dN93ah9&j$C7MYFmOBFLq{?FJ|JS-tmnplc0%xi*WzxY{!;SdV4(>nBQLin8y#6#vC#HU9NBJGEaC+Aorce@7 z{Rde;Y=%P0&iVD%=}JW~|HjS?(LbIwxO;E4fVh?@jfP=5wC(K`yeUo3YHK~6ry{@S z_m0er+mQqXK_{y>!c#$EFSiT?&aA+fY!sc6O<@_DlgP{8IBv@_A{gl!p=eP&>9v#U ztB`whwQvj0;9U6Z;+CYRbuz0`-Wu{X0H$2O^`rp1G0Lq3>cgw9BoN&$VlWu8;QA&} z?S9-evDK z;BizjJ`y1`^$Lsrww3y+`4bdc{fEcmPPZxXthjAEsh*SPupH{Cfr@Mm21 zBi0MnnO+t`Nd7%9jpV7>E0e!rh_cO@&43LqB7G-AjUXO5?%BM+iRV!~dA(xRc6G8uZCGlFc8lvzlM2CW* zlC1Srs90!|FGW|f8#jKl1H(j66glVqh(c&kvL|*`%>HM!pBcNlj3g$ve_c~N>6gF% z$-3g-6l=fNfXz+qN?=x57g!+?vyqt9GAEHG$4^&mG2)9P`YS~ZVwkZdQi z_6)(yJiVg5y#T!VjY9-B^NnM8^H{@)<#}&iG(nd-aWVzh@&NAai(YEdIGSOFICag} z=~B2#$S0$(%$#Nh9X57{WeU6&eQ#0Hzm|X}P3UN>)J=)lz!c{yl{{av^0gRuCV_e~ z?BH&#-KKTDfwiC0FM|@?^;jSM@|a~BPqd?23pQ$qb0Jhk4XwA#!RHp`_g>M+@S(zm ztVIP$f?bZ`Of`Lwbve@%`NZSTG0W$oLfBN`j;XKkZydpTh}9oXM^9ysYg~iP&%SY- zJwFYw*i<=@nRv2rrnY6Ut#o|<8;AD9sd;Zf)8H!PG{4}u-gAWZC_DXv^S|lMe|>BE zFyyL{!TGPh`JXvK&fQ!{9cLJ_u_k2*(}r97;KJkN;U`V4oo`f2|MiUj`frpt+tQ2S z9Xn@rEt@--X7#Ik?J7Hd!_EVRp2iksC;0>X?W&YQHaPY2|ND3OZta~uVdV8;h+}QN zqSd@I-v2G-)iass*HsF$A^MsY&$*_vKuSk-r=(m7-5^8{X0!?wBsre*adjfK?sDuo z?A>mzJv&WtObXCW=k*9kz$ylAk#eUP9^9Ax3R(o}hUdim-D-jfk1QyeTH+UrSEiIZ z9vS8W5(pP|hjPD)u*3cj7nnh*&Ho7dn+>1IN|4O~&XX$qpP;3^H(&=ZY#Uo`%=s*% zmC~B^7EPPM8&-?oI0oT@9--22p3r6?t7j@|Bz3TlarF~yLg&R2dSjw1RYh+ z8t^?B9UiCew*9|!>wjnQD94XZ9{o;rPlJ$Z*s!G}nD4$3G)?4g59~pj%@^($9}a%_ zX;QgIM^BtwsvL-1hn5n>g{C|EmcFiPjj$pLgO2q!H(fV^3@q+vSKSJ{FHFx|BSG_H zL9WrvqC>n7S4oQ@QY>o&ig~fpRY!+paLtrM4w^%*%90dgCmI6^03~B@o!-in*AcB% zQ*CTLc}z<#8GXuBF%!FDGPQ5w1YDRTH= zJafB*4zb_1hl6~E5V~&*X@gGvmd3r_w%{Ts)l zIuS5rdb*{pq6BOP>3$!i@x~255hB1BHZyL%NrpJ&M%PSQ!<{jiALZbZFfU3Vr$^s$%sl zDnF^=gooL@kJ}}!6S?M>Htfj32h&;3C9;Rw2QZ?dmxcd=gAObL*J1gdBxf;+QE zsFrKj<=OnN(r$YRwu|?*gw&7}2c6^9#t7tI6RY6qAQfObPF=zb>;xIAWX@f#6SiS{ zSkLSOsKeZK+`0+^jZZ@;t$kDPHtx%TZVJ8p}C@! z9)coXoy-lB4C?6t;nAOI05@(Qc2kMO${vlFuG$T9cX&T+(?3*m-66R z%&qUmJDCsn5f;09Cy?$x@_}>ZbGi8*)=8UOh1HEqeQ;#@)7qBOJ-(IIr61N+D>lO+ z)ps^$n~IH)gqKCc>Nov`#gmp76lFtA3(|WaBs0O!!=k~2R-pt&vI?EsoZA-Qr-!U> ztx6Fg^`&q~{Wn)m!ywAK6+kL~$u6}M z5@w4rlI6p>R{v7BJ|$0t1#B*_)a9xWWQxYhTYe=G4$5?gpoz(jDhT^ijm(bOz?>;W zAs5UiDYu3_LCox27S#AN0uNH19X72R4|;6{GFf%C3`i^&CkPJCi#}TNj(n(-JwckPyE3zgX-Ac13_BCou*43{SLhu> zOJlDH@P7H}%iYO))V!*i^U>qGIlnw9@%qLA(tJslo)iq0CPWxWT#c-;RQCx(l*%-6uzwtRGPpOuQQ^6Af)6|I0- z6Z_w4IyvxA?(@mjd~g(bJmcqZ01iLI8MH@42G&}}qRQ|%fl7yy%UQQ!33ykx8*X(@ zv?V;0=#3W-8Sl#N8)o_<__w{mm0M8`*n31q06%;R@mT@PW8=cM5Q!ED;(CN3O5?@J z{`(A9#WKArIlFQRAydiUsBHCmjw#=;*e=r zPmw+e{ksFAiY*RIL>O{#s5vjuO$E~o95e(fQP}kP4y>zmLY{qm57d*tc&aXE=rcTtB!YT zK^-!t#btrBd}W!i;6#e{xQT=+og`0i4m_3`eBmb3a;=CJSPwgANFm$xjG8RDs8hGk>VZdwg19A_>0^0_k%o{ z6&v_J?%SQ0JH1_J^P_{ejyF5ml{4m+qRI`2mM?}IRyy8_hnj?=suFf~Kn;EG-tJa> zaMxCS*%qrU1*}Z*UgSMWJ7_D=X|B+M@L8z5W#Gm69x%My!U-Fqy& z21phNrCspN!j@~c(I+tg(EX;)MpMI=rPBnlPR^HSt6Wv}`*;YC%F;Wy<;{jqqj}nb zyUldGuiy+8NVIup~Ktnxfs4z;1-?LYV{LqPA>x_!m_b9}KfOc>vv z=hys`mire|;oqzJPoU-g@C%H-sgQW88b22+=d7N2xk65LPfKr}57Lk_+gT^MVK(PvSqGyjKtNk8j!g~@M25<{*Nnz&xJ0Nxn&2RF75J2I zvl0o8|Kks-3&<3$fFQm3sARIfLni$8>9pHTpJn+j28AglNb8{{$`a$tE>tqRTTo@O zXOg+PzZqp{gw_W)X>sD*2F;o!9|b|N+F#xS(%E|ji^HGt6Uq;QqC%-%1DKg!I5jk> zRdYy%o13m;e{$xQhILE34R>zl9W`|^Q&KW@F*UeZiOvHDeKG1>Q_j?~#Wmm>i{=M( z*}LI=cFRP>l(sWx3yb*f78bH)@;5^BADTU;n>15KHI;hMGO$G*i2 z4qW(veut)Oq+1B#*DR)c4a9!%Y8C!+^UddU!zAR~c+D%@z*BB^ha9$}hoF+s+l0g| zs*OY9Hj$C&=gq}qR_7?ia6i=Ofqgl=Y%)6gP3^-^rp4tvG;pWy-0@&j* zjevQ+S>ncwQl$;8-Qn@SH#z>Jvj5(j1)RXN4EGF!&o4T^RVE zspYxXj>8oyaz=n?d~*q?y40PdS~Xp^4Y#kvy|zdODakPcgKPBqT~3X>PgzS0oo*py z^2gp-?VVvA$FzI3^23*3zcOkr3s?6{3c#cQ$^X&rQ^!Vy@)kTDNvi zpD=fKF^4K2*j#XI&B6g-`4#Ugrs>;#*MiTv0nX5W<(0$pO8<6Y?46jGF*Ov`kGr=7 zcezXe)`9!{ETVJ)u|P6>R3&COd8lR?WC7ZsYSl$F@BwYi!qw{&>|x_Q_3RiAJc?;Mw!%@2_&*cMAT-aX;hB z==|lU?cks&)HjZIcYX6)f^`|MA{tQA|Wy`_}v<52;Nv7<8gt{*A*SwfR!-wZj21 z$jp$-iSXI)-RFNRhd@_C9;xpdt$Haw7Lv%#5I%raEVYRb@;6NxlPQP6&X*Nh`7Yn6 zX7~Yj|Jk4ig{tt~WCb?6kmt zXl6Zq7^GEA!yjnRv`mTw0|cQnV=D$lFOT|wqp zz14y0T{}j3pJ-hs6A&Z8^vmSdIJy4$(^b4?lrACT%RpSm`7eumAsTU?5nsQ*bhx>y zjZ3eophi#aVOorP-#BM(IP^EmJKdn)SqwQ$esNsTU)0mlT6u|i?E_!{JMt^(+?z6c z!iB-zL}L#d^hz-xhxcpd})-H}R)dm%cbIAX}-g|&Gm91^V&NwPI z6zL)`O7A7~BBN4N+E79-14se^LhlGVq9|2CN@t;bH4YK_d5T7zW;mw%YAW$m9}?Q*=w!mexB#P8EWiue=Zi@loe>vmWD_2mxS?7 zk&PlfQ!<&3)Jj_t7((X`2pO$k6px=GVt6(O;PRD)X6mWLil2q8`mMx7Mc;D8u+MSj zBpD^=nvP4a`zjIj}F`54{UZ9|L*m31kRpjDx}^?}3qP-{{aZ|9z#F!ds&w(A{Tvt)@b z_E@p3(0JCivfNog|+Ak`0U7o zeQMxM?!C4k@NGbUCAJr*c5DFkS>e;>XHlx#A1r z6^559^u|Nfqhs>&N6WAJbF4%{(w2{csPzxL&+b|wS_U3AV`K(ep;gqGW^)MQKFLg8AdxnQ7 z;105XKPA97aBap<=UbNF$c>^OQ z`siAnNZSj>3o~c8>s_5_b`f=w&vCx;7mEL8rN70Z{LQBMt8e@th(-B+d0oG#M-FeU zTUjlM9oPuH`oFym-C)DiLtb_|w+N{wLCuuTpJXO7=K=3VetWLIy^oGPopdNL~8 zYQQr@@u*=!+-T)YWGfzIs-xyJ(r!u6Br6iaxAI3XJQlcUnM33OPl-hxajYOjtsd$; z$#A;-Cen^z2(`ZDdsnS3)_!QRH-)q}ZReW@*>avP85j@2v@eZ%$0_1M2Xf)Fnlr50 zIwFB?DKe-NHz}W2BNa-I!m04rZ{bl_Hfzs~FCVJ5)*2Z&X;j>X4Ip5%E7lp(X&Lj7 ziEjSQ;f~3i>R}?si0c6)JnYF|?V5k^;`i5TMwW>E5viBACT4QZt}RgXO(yY=Z;&2N zc~ZMxZF(f!Id1~!KP`bM-N{=TrIU$UQM`95yF+!xQ?ti@IUo-_-Zy`r9|R3>`{nOl z>OxK9kwnh1Wkm7V^|csY^P21;qvZjL>TXCxY-Y>euG z5n92Ug-N+9F4GcdN$;R6GhOnbS9=R{|5&P z$B%vYO~lAOM(o^!;522e@$aWlqD!^t=1ij;`gEyNtOIwt(hj%coeA#SawXI4qn)$U z5Z4iaS-^YCl*-K7YsUP7%Bnf_X*=R+rd*)8{@AhN^D$T-6hu7mkCxpJJF!z(wZg#_ zB(#<}C^i9@AZz+?$l;@2eHjH923AB4NF)5Tj=G(1aebj#N*tZlG*XnhL1gzVG*ALP zObt+E)X0MR3)1rvExL#`Ts3c5&EOa0w)0+ma*?1d?$}W5LVbLVLMAnEYkFFC0_+44 z1Wij(B$r`o5;;@hd_cw3rYZuEALxk>pxQaR<4zi@gJ^`>f(&E^ zQNieV9FRf3BM?j1hE)VVe}*jWxW};A^(?W>ndw;l;@vL+4YQWbzmY=(WM*0~6t-`p z{WWzY&;==J zujUX7uE)MXdxrw(i4Ip4F#9%5G%hBI)ydSosdLljqbC|P>zTuCd!z-GT{>jH^U z9kxatN;-<*lzVzrKb>N{U1FC1vunaKxIOcBoOZsP?Xf|LS;$DH9;(beqn!|PeAvtc zBj@_%$5IOOHrx0=0O0;lvp5+2uyVLeA3OmhM5EFWXh?9*EoBI_=xQAmlZrKgkmbz- zie5&$0@@{6E-&LP5j0Kdgrdj$L2M1xVX*BIR~r>#r$4)>(IQ!#g_ryb**c5)evGz! z3(G+!?8x_gmB=kQHUp%J0kf{yENZ?nV72?S|H_H|Hg?AjpXbuwLNy6+s#@8ZM<88s z+z--mfRtLt$UN7xz-q-3sC#(ggmu+6Nf3y;WNNYS$CO7O{$F(sSM3v|-GXrW;tje@V{Q&_u#!Q!UFA76A&z3)G2wSZV> z*X-{V(RNvVMRwPNvl|+V_TxX0bHbMwY~vqfHRS1(x6bFTzjLOT^PR;8-i{1dKM9=9 zSZ~5g`z!^NKHe~JaT=p38vEZqoKEeZfwAkz###8jU;ELfJb3bNb4}~tNqER@u zbBGyJISqUA=kNUAUOIhsbVmE#uEaf$JOnv}SZO=;L@y5uZ6GO-OJZ+2hfGxo+=_q5D z+ex*4y){Z+s`k_Kr6bEE)a<-$3M@mtBAcX+5lC$i6h*@A(XWVdGhiaiIPnGBTuqJI zx-WQUki*Y_V=2_ns(U`i*Ssk9acLs%2m(Z3NFiS3kma?i0Z?$qj6M_RRbPa1xSQYN zvf;k;_5~1k=gaKg7JXy!UOLZ(`vq&kQPVG)Gk0d#nTpCh@wD1|6OSRcWafzJ-89bl z;H>+jr0`Xc+S?{-0{^|8=8)CJ^-?by$+vQe7)PuzQ+Eq?Ptk6b^X(#I6xLtPAsQJi zlb?*6pN`3?H!i83(q)eqjAkHnlNfuI?g++BReYd7s7-8eX++44LKd2iaekhk;{zR&1BE$>s{ll zFiS!@8#?20>03OLn@DP`5R}VII0reOaf_H9C_RET-LJhK_D}WX|6~$3pu*lbD|ON8 zz5v!}UzK#_-4JMy!UfS4jnQf!LM14{sy-UJkD`nAvW+hE77&E_4kjb*D zuu8Y|_l1z{ajSSYLMUzo?ZlCZtb*LC5p+~2#ERx%VMS^F$N8Slm)HaD-C9Z&vmMG> z*S5QIHo-cqjX2+v9vde={i!p@U-Z$|J!Idzm=>D;@b29+{ui&Ck=`Ej)+$>o7w7GW zp@hyax0)gA`%tcFG$|A`chH6U-rSj+ zM>=%^zQhJ!c~l%ASGW_26Kozd6AJt}HC8JFBq{4iPTEO~R3c1{Daf%t94{_vA)jIQ z)(mJdO?=U`L^CXBcF9~?+)pCY7Xta@Sq#Mw?T$Jr(?)?Q=#XA^5e(-7;cCi=!m8J3 z^nriK@2AfAk6}ZaW#WQi%VW{!M2Io|_M9)-cfpwfqaU~N2_)rjC-%TP=Dm3+S;g-BZHy{E8$QZaH zq7*Z1=TICehrz#!_=yhKd)@=Tdz!XzogZWtdg&L&?-Y*N=>3QV!lRS zz*c5t+GZM=NWY&_T-(2}l)Y~@zHOywzPK7cu|}<>N3gkRz`di!5LW~fAgU*xlbfs* zjm;9`Vx@+TU%*~?$%5OLGJ2QvVbaan-j&t}^5Mzd8t4fa|ClZ6&*xAlwD9^oQbVdE z0z=F{)r{rg+7%_&RTNm7cI64$@B2MskdxICG!KEwU#5#LBFMdF#(SkQs1J~dOEb5y zf*$;QYU9yxKNW*7OSKvVGZTr%P{h%EINiUwT`Y%y4i=$%!?UQGRFJAglZPR{&piU% zUv;k#f_276Nw`&kE7)Aixctpc=^ol-`9VXn5(mg^v;G#@l8-Z~0Oa1*@N?`^e-M{og4_7&Ss31DGJkIn zuCEvb^o7RxGmVIC(p9)LbHUAEkgEL1&FdK{@FG z8_QI{IBQebu%D;Dv%09DZ5@(0we!>s zi}clH5tUb76&^n+Pq|99Lo+2k z7l^mK{74AMPWCw9_z7UlPx$>*EbhVYr*=mHx3FNBN0}jF^Y{~;#n7mC)lf|oQafAc zNoe|%3m7AIzIq9Q9r z##gFsy&kr3|KT3gcT?@uc*mhi9Z_GIWZ;@D?`eqhJH+p2_B3Z?(shk43Jk1=~{(?EHB%2OR$&kxm5&Y1nBe`x{`$r9 zbMsDOX<2r?0Wj>~EB!FM$Cr%&m7%+itMlfOH(c7NMeA-h9bMtVql7mku<1DNNK8>< zM8bqMIBU2fglh7IwUhr@fy6IML^Fl$)U)T>cbn;Qaqs4fJOpWS#EFSin2(4=qcb%h z>SLUw@Bd>4yAl4bl$=5iI&lRlQyR3V5v*t^Lw_7963{BiGWdcDxNDyJWVm3GQW-J} zkGC~9Rp9kC#E(S9Lv36N0h-ECddY)&#PxPY%Qoy*KrV(!aCQuG>Wkf1mM5dkZXV%%g~g{%)_vr$>ES-!%HYE*?97Q{7;T5LDP+z&KY6tEjEUT=QO!PW%z`66Yz``|EiD zAg3^QFDY~{A=LNw@L+|xRHuPlZ#=n1<0(8txF9JJ!Uv0Z3{opmEnPDp)$S*_y9KAG zqJ*xywqEp$_#A3=zzzn_SX#34N4(JsA7~=QP=zuR%VNJ zZu3nDQQnCof|so*zU1fC5Z)_+twD~+?Xl-e9aN6y_8FXY+H!NCU>aKE8BX2BPawj) zpM_5)fLvr!q)$#Umyhx&dT>{o?t^!eFakeHFkZy9RAR{n3~T)210!(5I0DL!A<{Rn}$8LpG-k_g?Vuh60*y#5}EK zG`&?5k3o;69Jo#ydcu2+Pp-T#>QMC-*Juzk3RvQtALR+Vmck9ya5tDJ9eLlUV@)uH zpV$Xhx|gnn8W_(Vmhmo`r`H3Sqr)gN(+eJG7W9`#N|y=2R*t^@3n2NO0IU|vmtJ@@ zgs&ML20pu|HrKj=6q}&3e6e;YOM*G8T#a=8yvwsZR28dmuV{fjzqOBw9;gZMs~AK< zRqK$?YrRiAph9mOIU18j2yRL~zJ|ANyK!U9VI5wWsNwrB@hHm-4IWIYx=&60Tw7;B zN;^U#r~x#&7h9IXb+c*AAF@8b75o8C7uM&gQg!sZwD3?e(UO)!96hXKA}znsxO z5R~J+w?2O(7@kDpmrcz%E;*SL!OF~*TJ}qtba43e`pSTrhguK~!A{9mdt5%NCKYB$ zsHve2OH^1|j?kXXjQC87g|@}}Ff*3Vz7D;l^Tv^(yjRNZ<_z}>t=LQ85uFRZjLW%x zV@uZW!TOdGd(>s5GO26?W^vtQXnn3@l`3A*3K=IV+?82y zpXb8+|9%R_{!roqT0_sa2Z!;F1k-DuE15d&WBl*_XmJl^kdON#52(-9E6jaqrV{xjZ2WOYS8SUuS zD}P-yE1#WCzOCQkYp33>78qvDNnsy15sVRgpL;I)E*Hn3KvsPH1({({AJN_OIJ}Z(gMaRbk)kq;yp;q_vZoa;09T;xI-1Q?pOX# zfc*2Cd9N+IOH36?6mP28)HL&TJ!Za<1c-OZbS*M7>yhQPS?_I=e)@|I)44Pu2_Wj@ zx9|^_EDy9`g^a)UP3m^BZW8`v^jPO_LvOBGhrhTAil{@-zVf5y`$+I{7i~F>oUpXI z;QRg3Gx~}~v{jkrTPqq*5(U9(Jq=jpBQ4Vw>4dWyQ~9fBZHs0b%l8L!Q(Md~<>H_1 zSOlI{nG{Og$LC(TX;O8vz?+`X@V4Vs^D}dm+t9m*6|hHrKzJ_yO{ zGko-6p%rm@!#Zy%eYwSeZ>VoGlW024xV6lrsc#b3*%hjhHiw{CFwcfi!|VmdA`WJ^LzYx;Aw-z_%KE! zch(gju%g{L?+fk(VtLW=VZNNm)$s=JAr#sr0i<_tle3ja+|9;ox(eTP90<$kD#}0; z15n3{JrDEx$3x_=eB!(FwjO@tG>wiI`)l64 zrvtZ^P(^D14q}(@g{LiO?klvui!9oU*hVZZwC`sRuC)a>CcGPgl5$r&x>uziLzZtJ zVS4&%K}7k#>oGZF>u|!>8(v&L0KXjAoPZfO>@VC|cFjCg*Jv@A2|bkm{S;%D>cRFA zD>mZ2;bAbtn?{X-8vDB3Ro!iCO7;<-=h`Q8b)UZew%wy&|5%MH2*Sis9=0G8W$eV- zrM?X5zG{i7T2yhby@e!?3wH<2SlTRllfz#bS1;rBV!-Yl z=zN$>3I%!=1lOQ z?SpGtEJ-OKVKlmk^O3%?03cKf=@_*@#_0RTb$EP$8mE>8vZ4#XHoZsfhV(T93Zbry(_PU_)`;YV5S3UXL3>l$Z;)e1;TZaZp_Zo{x@7K#G zyXZ@~*F!yO<_A(?Sa+y=1vt1^S@dOlFF5^8tTyZwoJ{!~u;HevToO{+yMKOe7_CrB z5$2vFgmuLCsTOpYTm)4~y(e z*J@8@uIR149&=A8=+6(9&hGiFbOU}vN?F^S0`vqsYmLD}Txe72q=?k>vC^^pW~*L< zzI%=$gg5ObzN&`D{wtC;t)*N>6`BW`aw>T-j9>o!Zv4*PO8NFd*;@mJxu$)LrQnpl zu3dOsUJ*m9`#LgX^#U$Y^d5qflA?99U!P&+Rh^POjuLNdkD&@*#TV78zNr}nf=kodMzBY%o0ToiL(37I2CN3$ zFqG?ZQ^T6Ox`h!;M(g>Z{_3m#F-|@!)I(y;-K16o=a_5)*Ut{(PMdFh8BsDR=Ss#d z9HZ0IYr(@k)yoCp&-!V@1>5lklJ=j#=5o|PDb?WOVkdH$89b}R1fHftqJ0+3Pl~Px z#e|NU@o~}>635K><}YmvO>H*DdX`UhsJ~v>mL#wPdG(Wo?W_1>liLs2ujYwHyRfvibR3Pj~Em>QM zA|pp-l9BE~jJ*id@1!R7OW2g9=Xjw3Wf)ijo8Yam2eejk#f5RlznBW84Xp50=}(S- z;i%Y-rvA)*CciGVSZvPMJuu~!c%bfL*S(3V<4Zq6en0gXL{&cw?0qsdYf znD_CP=hm0@_xMK%aKjA=60})XIM&;-fBsth1bf{V)IBz*v&Vme zyptRHPk-A0{;}u&-zop=H-Ld@w<*sBBlDZ+k{1tF6cl26R$Tf_vSB~Jm~bauudIC( z@+vP`DLXY{^jx1~oq%_I>-UOoAo*3hd1^dd7;{}}S<$6og&HMb*HdQW?Al7UuJ={d z+^W}#D5vDoZ)i+`S7n#?A7`#iR5wZhM$T}b$6#DxY_RJtodyM&-AEPheTyla29XDQ zR)$CPS%xsHXYOJE^=UI#5uRrr3gi#JpAz=TFpX7y6L~GQFl~6UEF#x_X?&TgqVK6- z&#kCUN5T{Eh60w$12dz;XqkqH;c~o4hmom=k*#INMw@NCe(<3sz-w^86;QdF5K4-; zd=EU-O-l!L7#L97cC)OCWfFE{$u$+M6s516#vp*x*xE`%$MDQ=|6C{jk0urPTIDcu z*WR3fzZzYdP-RlIUwCBPPDnNB`mN>Y%EwIgaOv6bE&BIr-T)YbprsyPuB=`xIXbl5 zxq;8AO&8)<9PubW_Tn5RwOd}N2nc=tddB}exY<*8&L@1BmQ}>ot+vegiu!`8Tr2Ka zMX}^LoVPQDq=5PJKSc83U*z4&Nu*CFnE^T)oCkOO3a9FI=n9yS=I%b#Wm^*Fx^48d z)L_Er!SH!jljI7Gw*+Qequ60wh-+G0di4$A3G7YV^cs&kN^UQRbsnzGwvjMl9shu6 zZ*sv4UvK-AXt5Nse$;FHZu&uf{O|yP z@4;CFB44jaA8l?&FS)j0Ut1-2Vh^BVpWw-g3MH<}mgoV4I79;y+oEboEQ{>4s|S;j zC@e)EE#xQ=zqCFRh`*JYk(o&{cKV!Bz=6vMdspG|b? z6e}+I_3Bvo$(0ghIawepSSZlYSjH~(=g1GkzlAgeZHTr$<>)wb^P|~)ZME}r33B5% zIF?Q~$A7n6R=b=03k#BFFPR&^ zJUKB|iu11}DGJ_ljCnH;A8o~Gd3W5XtDg^$0V~|rx54tJ zp;zht8GSoHr~5&uu4_rH>1S!~R$KuOSRKS6>U)a>%GQgF$FX%ZPes`HgvcP1o-=&# zq$9Hw3B8$CddUs#mDX-IT+d~#Pyk{v_rDgn7Kxl#@>tkZwIrWa4t16}at73PMtZsL zALT3cw#8XbhIq8LBE{w*djr>>D+r@mjWDLAcO|29l^ zKx&Zp*Vo(}K{t#1B4-Q|8pHAx`5ur$@icaqSHGWvQdackAy|EzelQrsCQemLN+UrK zM*?5e0uAv?7i;Z*9Y}xRB%Aaw<0b?DaE>+q15Skoru3)$0*Q7g)tjd`qH5AB>c-&H z0lNO%@xz5{CtI}bQ4}Uwj~c3&L5d439ei%WLLUS#??D8GbHoVd0nKFI;XEG8Y&tvjtY{yt_jFh2d4 ziaikKhu!sezg`_mhxD}~s;#k1UGfXJB@t^kuW z5uFfG1OZ7lXNqT?uaFPb!uwdw1G~i5L>Xq%Ql7+B5D2pVe~-92~{J< zCI?T66jVs1^X9g7h2B=@SAe;*+5|5D*~sqHg^AsrOZ>+^qH4Zntw&w#}0s&AvF)ud>IURt+TR@>xB~ zJNjc2efLXE+`wt;hk?7d#k~gdeG6Ev%p?oF4VF?iKSY`sl}O(IsJ)}o4)U1lRy(=Av$u10*8Zo<;5#nLQiqUWn6 z*QBYbV|BAWXK=EYEt0-4!$s!CR2aK#TxgJvlj!0r7|GY)ApPP)|90#|s_(_#I7EgBR=J=(LnUdr z0eZ=nOEr=7hBQ*D!w*oO$hA5((OT7ll9<)XHiv%sb60+MC{EFp10<$WT%EqUA%K8T zIld}Dhl~tpP92D0sQ}*|Sy2QKL(dQtRCaU(L=uEj1eIUCL<=HwIg+QRN*+|BItPY6 zVUq*(hxtMtcNLt6#wxhKk#m!YI&U7Q;QQlDnRrI129OTwsvf==c&LNBJVr>KD!A`X z9h+En&@aYT*eQZI;V@Txp`k=@42O@l8yO;@7s1V5LRA#kvEy5J>W@4a5~2y_AMV79mh* zh@haOk=-0I1rCPM3)_bBRLQ_fhhGI(gxLLEyhG&hS|w*F)C zeaaW!^r+*T2pu_TxNrLhr>@kmRyMe_ZXdsY1hiPbq68i#GmM(JZ;?}OM z*XfV-=dj-Pc4cLx^vN=xu6`h(3|y2AYjPsfYvyam0TxsrvgL!ck*b0U@?cXH)TPp7 zuhr&4ob@vvU%!QfpK#fbq40y+H)bw6j~trYc>G#6k7G#J0lCHHn$idK`Hq<+3K4?H z^`LyQOs~{gx-`x)rO`CETp$9kZb24+09Xs#Etq*+TpMxBo9jyAQ4BfZEZ%K-k8$r- zup9TK-zW)k;%%A8DWkT>ZVAcKj5avz6;Ul`Qr zDLAf;yg!vq8JC(g+7mdCSn57u!tc$BWf5Fqj}F7{{P9ZXI>*++jm=HEC>PV6RkD!@ z&Egn@zuL+r&)<$XDT6bN_t$Rs@U`-4AYHSHB6>!3&T*R+}QkR}bX z%KrQga$9#r3OIDnqq0ARBW>kDJVWI5h-bq!bQ4(33e74Ri9!PNs4F34uCZ0 zK`fp6Cd{z@W+rf;pvDhMyq>t>N%idtR(&JZIUih$43k>r1W9jGuhT(+-p#MgYR+Y0 zVxVw^KZ)Vg*@H}@KwZD|7MM4ztuvO7tZzEQ;nioQ|6wZsc9*;I`oC#t@-cGlhbm*h z7M&)n!vMud#9XYQ6`)idBZ{2*3 zhjW#XNQ!{mXb|YGN8);)$)g~Udz6aw!f(`&frP+^od#X%pf4!)HEC}WS* zyb0h-j9$oI7t2t9MtmzuG((yLfHTc#U9T9LiFnWE5y@ zW=k|Kz{gfdmAm*lX9kf)jdcn$@9Sh}#UnCrZK|`^Xe_Jgqdf*|DVmSAG4fN->4qSE z)42^)uvo4X%UG9PZW6r3jxHl(+Mu)j^Ji_}JaaC;EFKCgg}7lej}xn$i7U~NlA}gk z$W1}6>GdX8*h`X^cWG%zM{}xCc*A6#O8CsL6WI@)Rm$Ed>5B7fm4`Cl;Z#msM}2P4 zoQt~c(r{ISOZ63jxX{Wdyfm8pez$Y?a80sA3+YAxgY^Tq%)NyT}zYHqR$+3SqBc~U~CX9BvP--)WJ%P+>b_R?MI1&jl)j;fRKuKD(*UO_P8}_fP zn_GDJU`M(WHM=;Hy|OJW2T1rZYSYRf5gLSW&MOpnb8&E}ZA}0Q%9+JKOb+^Ihuya& z{BJDb;ukHh$7l7sFR)p3e<7y4o47XapAw^e(RzD9#4A6q(nzV{k()dVG_qZUVLe?D z$#t_uM7%9HjzY|TPHu0T_}t3qtExJV#J$Kz;!K+@#n?q!WCs8~f(+_`peVLF!`&in zIDR+;xzY|lwH}@6v%|GkTUFLeH$Nf63TNwm5GQ7ZS)pe0f+7W%ByHmDL7Egh5knSA zEYQ_l2ObZoBGZOeh98ZTR*)9-Xg2|l#uw3j4boFWYB$LX+DyY=m9Y6Pg$-DB`7~R) zZQx*qKy2u&F0XttE~7$0N(YfuY9>@9Gn{bD9IMw@x5R3;^Fl=3qsl^mi1ndM1L$4t zhe%Uxmqy6Ml?zOf0r#GZJ8-`q{m_rh$_&-(B*&D2bkybjMdNE9f1$~*`il4pguB}= z#9L(5`U{=dP-2xq3o<|bVOX9SUK*6w_aJ&Yj!Vu=25*kpUOw2Or@TD&=i`aA3eK&1 zXgvo_Q1m==CKvyRKPxzY$8$G$n@ngdv6lL6RcLsprg@d{GuB z`x{ECD!Vr|`?8D>L*__lT6nHgiszOmG8rd}D@teJXFX1ugzcCYCnp{JL z6x72HL~NYk-9p`ABJtfiYAVhV&qUu8tZOJ)InO89PsyWT-4(BHq zHjIsc>e|G)bGueLeu6j*Sod3Zi6zwEQ`y*A(iQ}@bp zbq$~Q7~k_$%?UD*;Lb!^=8cly9u=JoN+xEp2kjW1#|O%cD)MIJQEe zu-ZAm=CmaeTmVZ|L~kqLuIcc|C2G|9`vpeDUV;lk;sKQ5qH>uR!wZpSNQ;$NC6U(5 zYY)SlC*oKqyJ4Ba_yP$T$0pmpZS@*2K>Ng@2@J+afyg{nLdb`$SrmUli`Tgn{Np(Wa9jr79_1PfW;Xs_9jkI+2b`J)*$~+ zclx*W>aVX?+}{<}_E9cb#PnMij$7B@TPY>iLwbIFow>rFlmo-$lBYi8@>ik_8Fo4Q z5pua4-suh;HD-Rl0&GQ7II_7I7`?Y(G+KtTz@&1O0ZgXy6lz5>3hjm!N+c#*Re-qh z93x@;Q`D1Np6bfFWwt7e))x_&H*L>3y2xl~k?rs+lu9Lqb&yGw!{8E)^&Aem21^#w ztt;%eRSG*^&KI=oz{gWF10~JPf?Ax}Y+YyMC_3pJO-Iu-WL9no%`y&ZPVxnz=hp^9 zc1Dx+%_YYPrh`6n{)Q4@b5kHsXS1`jqi+ReF7c*)wC&L%YQUKM6-aJjp=imlQ1oSP zykP>40ryU}pS}(*(*Uwhh`?R2P%K5(`{M(ePm6kzdk~`lAk!`gu7t!oTuz6ifOHue zpI7mMz!Y&B!m`Xaan`5TTnd3H0=-abHFi2bJ3rUpG!H{CbUUMvUi9rvih5SbZ2_C{ zR}H~lA18rm^UV&mr2BbE9pan98GT(Dn}!Vf{F{d2PU66W1F!-ET=n#)g=?0CR3bR0 z_xXruTH3-~e5a3L%#Eb(%Mmg%N_u+W8yjj#%mZKXP+C*HfxsW{jkEVFDT($IW*zAv z6=DUfy2jdtLf}jRQ>`5d7ehXg8^q7ew^yw0aI|q4au}3*r387Qeti?Q*s<%e9X}Y< z*y!GRWv?NFdOSC7C2m!q4rZl#f)WX=CaI{MBf$iZA-XTTkYH+450RLNAGK9RF1^Tb z9qYudx|zZb{6=&6vXSU?BN=9`p$0dk%L3isiB+5FIjfT)z>gs~f91i5>A(Nj|H2}D z$JH}``NF=mrbE-zxST=G*fA zVvMNtz3tHz!TEFB*Zki{qqH)ZFTxyl)r@BUk?JgcSJTF<*bw(uXz z|8vCGRqPdL_YAMQyfcQAbfCpj1&3B7i|3?!1YfvO*@pi2IQtkOu<*}I^69I@I|Zh0 zOa(Hwt@m!_Eqe=hYn*$=-}}T`r@XnQV<*Ms^wuXzX^!+2=NSLgW$~VK3vUYSHGkph zU|W_NuzYu=o6n%`OP`=7;74(2V z@h%8RKxeos^OF6Kv4nrzQvl`fUV3b2iUj~sm?aB=Z^^^IMda^iC&5E@ZMjs8AKTBK zSm5@nJUALG-&y=`-~8`AHLE@tK(5wsm7YJx7n)e(ld?q2BsFaSwiEFYq3P z?(E^j#A-gWbRxUcsVunaxH1^NV_!$~si`S#9lZACY3YVZ1TOs6npSAYYFQQmLF@qO zbNS9o7$t~XmBEE8VA&I+ImnQB=^@GZ|6Ygw*H3*5qx$P%R9w(fD-%m%VZB$9wm6sM z&P+Zk@@16^Rb%5|pm4Zl$$ppBMuReI;riSENs_EdSXN()N)fEzJj&i6SReH7(} zttlwdmusS$?%Wcz8FnWfO*l@NNa%y-;e$ZV(v1o*SPuwP@`pei`O1Im3hpqhV7rI5 zspzWlQ=sVU;fmT@WIx7TuH3qFMo`z?fv-LK4WcpL-RTU==eug>`6D&t#s#V;3pW;` zEyw8uaC@LnXP3P}nK{2@yES46?b_l+4EL@NO@WA&Itn?CGx21v*L%y3X^g90SC`SF z`M0`vjwMV^04`V|j8=8S_>BojX0ZYq4bA^_GW6t6Bjuc@MRHw?tNP8(^_UmeyyFD3 zg1l0kIj6*pqAplyyN-ycDFle*vY;YwiVGOXs08e}X4Z7V26Df2c(aVp#anqt1KD)S z5JXx|Sbrx)VH)WujJ5^Yf7*@d&A{*_c3?PWc0cww@fk$s^kmH3v?|;)o#KM}Rn-+>aR)-<<9{ zs{(#8-9v+*-POemk?0L#;dt(aEfydjz|8<>#$7jO!mKx$z3Zj~2I%hRm{JMFid)et zg7YJ#VlY>-+ZGRm3~JNtmN!Qy{PuET_(+8y{qhxZhCd}g|4w;fNuk0r%g_f825pbm zkzL%?v5EIFgP4`bE<35;qAmpO{2Y1nyaU6%ZSRIU7P!<|MMa6~4E0Z=Z7!BBuQH_5 z@vCGxik%b4mmz&PhA4yg!RDE0G3nR1GSO1n z)C_=lBM`{fL#1Cq`me_~XgNHFHk^IW`Ie*J&A;ZP`cCHZn7RN5*Xo(ZeQ&?35z!ik z{=BBS10^Kc&rwvn1e&6HIBk#d$;i7uwddb|xY{sR>G$iB&S3atmy__*Du-ZHUw<%f`;wwy^MhMz*eUG7_Bej6&^ZiH{M%C|Z5zpe;RpB7K%9ld`~ z@>A{0a`A@Mw0#K`oe7a2nQp_VVMp54iVIwAV`uJTH1dsj)U;V@4z6aoj^uKJBl{Yd zB5%sw8+-D%7twz?v3G5!jH~ujk3AS&^321})0yP+?}vH{9x!ZwFSD@jSX|LrIkvcB zY@yBNtN{><;u7-6bqd~xA6r)DL*bv{Iv#BlIlW!tLB7Aq^|&wdBQf&U_&0bEGn1L! zP6t@Owgq%xeT+Ef6`SJy;Us+Ra{OT3=;TO+zn0Pb%2Ge&c29-cAt(U3+-1%r17fFJ z6ZFjg7klpk)>O8yjWgqniUmcwAS%6M2))Rt6zM|=9UNL9q1VtE6_t*Fl!T^~gaimu zLV!?a=q(^6ASECz)PRB%Y5uq8e&?P!=brN~_uTW``~RLV&y!@Wowe6q*{kfee(U$X zuj}~&aK}_Fv^GpmMVigHOv{R7=D?LDlXsOykFH#xMTY=1_Dn^Yvz1Q^1tzPp0qB`* z=EUwMv|EaudQ)s%AkQv~Y7RlWM$$rmfm>-!EI|mFRexl8c)z2so+(MCJ}h+>J{lN; zj*0-uIm-mj_4Vi<1<~cSc-@8VzzGm$Pwf@PdBuNRC;tz>{O=EZP5Ms(Un}i=m+X(^ zO?kX^{eLT)`O2^)7bz7HM<7^MF!7{$BnTUkaB)9tS+;pp7d(v>dLg@m*h};+rM{jI{>T!}Ka2Q#B zzHU)2eu-n#XjhcZ9ry#Tvg@fkaxVia}chVtLi}eoXobPgqRqLAe6O@RsaxYdk zWVjpUM^+t5hMeaL;dvfrN;Xaz@u2p*dKt3X5Hu~saiOC_0MgCKkq_`Jgm=`FB5`g6 zo*lDxjo@n4mz&}i3@#VZ0kqT^>*#^VD~u;yZABP?YHg(Kb+MdXIR~zgw+S%@=i9Kf z-!hM-S6GI<<2XFWT@hPup=!ZSNXlN7tSO87Gj?%w*^=*bISs&;rQgYtjKbUq#D8-2 z{VWC*Bafi^yS8Kw?2vi2)A}|^L`h$@Bpo}#WAsJk_qi7m2gf7Jy#`aQM!+_An>){L3V*f_v3`rX}x$x&g|Lynp>MFZYbM7a^ zs0KcT&reQQPSa1UK+3{VQC}JEoz`LYxlY;O(x0NZ_X~rwP5|2KJa{C=X~+&5fIl4^ zim(B%cogaDL`(l|zTe_Pw@ELG3eQCRRu?5D_2kMY?bXe~wO64OBHH%qVd>C`)^Y{a ze(oLjpLfFlULJow_C2R+z7z^(DKut6aLG; zw||%&|H^RZZfSVSNAKJW-ZSGH|M;5!^sL~5R%N8s*irY$x&j;M>8f*z&LpmxGLrt# zGgSo}D3 zko(0zGWeMt9!JZnXQi+hK#U3c5H?dVLBHMCUWIe{_dwx;j;IcfBO|$kbQSFhiz4;4 zjM8P1&&x@jN+0cXPC<`8J(vusXfHVu`~2d>gc82QoAc>?*WHU)^-l3qk+5&)-E^^k z`IP}@U6E5blJ}QPufS+6*9tdEhi~rcL3Un+`gb|;97q*?W#FthctckmpErw04}EZo zg*W>p8wPJU<^MREzrgmDfmIEII@V3Ds(2Vhk+c{vULCxV;Qyf^?bxwp{zc8sqgdlT z$m*5DV%(QrHRZZrPSTCDL!T)PU$Ig#yigl3p##x$UZ~{}6;1`{F#*3$hrw?IhuLR% zaqt2xx}>!PW`MXqhH$m$cjInLZ%G}iA_~Qic^k{x63zVP0Pujm6AKFq83G1wlYaZa zM&aVGf2X>+@xO+>vzxeA7&CIn2hHXF!7ScVIYl-d+1S@=F9msx0z^v_f;w4lz!7}` z*qPZZ2t0&y*4u3;cQ1OD$W`BKTOUMLLiz1jc;ecrm7%kqXk>vn5#Zucbb8MpsDMJa zE*C3D`XL@nrMsw+*u4zR!Dcpupt2^5`Mhz16=EnQ0*?d!P+eARf{kfa!(l_0dCj=z zaA#go3My|#?WS3F_U})HcJ#PX5<+80<}i~Nrc69eqgQ7!Q4f#oxRjOFx#=k+18#aA z=5tVrkZ%zqgwk3xoP&Vzb#LQ}g zY4Twuie%TYwv@T19y@)H+RXHE%6y*pIj1PQ2dAU9qI3IX!6Z||} zmD?ei@=U^5|??O|ai$yB1}N;%V1p&pA!93mlX*IS%u^7#Vmf z)*+r(ZOJNqn7`AG{`$}b zD8M~CHr!3Duz-E;x`^o#c$)s^$7Q`|T#7Sd4-Jd1C2V(I1?ZdkIkm1XYb+5Rci(qX z!Jy0O^*lG`lds7j0&jG_+r6x3ROwF`4K}^3J3@{W{C_tV**3p-4VwPOzA;{6Gg^s&>A_yKlq5 zvevoFLF+{Gj_xdM$v)Aai1C%f?IXhdxN=o&hz4>7*`E#AJjOXk%mT&GB{Uoo1$A`d zadcFY>9YRoI%4=g`%8a+e~IWon5?ks>nJmG;Lzd5HCAgmN3}ZUed5-Z5yX7gz`>0su!HML; z!8Pb+_}Q-F2%`((+FLWl)Xfmr1SXbkiOOSX03UhnZhr)Cl&OOM2YEHoIir}9qft`R zpv0%gt&y4;>d*FW&TIc66IIbqH(Nq85%o)XcNC4ftGYfmw;ew`0(}lS(Wegn`u;QK z*>xQv^AgkXdjCR%d=WI z6MY;n5p{7xy*;`5rgr`)dHUdTvTm^Hyn5uW)Rupr>MuU|DK5!#5ibr>_MBFB4w0n% z?6w{&&EB+jd;Lo2$wQ2ms~D^`gl6KVBf&BuA!HIvzLBf%#9P$f z9{^dI%En7U5jTUpESRGWtS+*EIQ!@NwB^Czg-S19j>ye%1u6K%A>K%py!I(iUnwMX zhnl@rrkQBDkWA6&{_;W`2$jzqQpB;ZL1xk@!^5amrBcy%-cV z-!&m!D7_}M{*{5Wefsj_)0P{%g9!L>^&hjj>D-*qQj%S9y4831pq1$uF|I}}-5$Iy z@#w>au~Ti=Q;CSwLz&Y8ua=`0>D4ReRX)wy?gv%$sk&80{VHzrvc_op=C5d!CH0l)oWfGJP?e?v?4&QFeK2ML1Cz?D2mU+k<*}u3rABul= z@1CLWDO?Gl(Kthzq=kc2?XojUF}#L4ZJcXH5_Oy2n@4sS$0nPf+bScM)JX=$cV#Lt z!=kdU=F`QHhG;?F(11Myq%g17j7MUsq2-Q2{cEqhwawz#KCfmZX0;x+TqvGdorw;& z_88JIdbvK)^guno)LSib_waCE99O>$NBRl>;_&NV#?OBNITCNcT|gDb#rkL~J1V~u zk`S_eVr~BcI(4*_>yHZ8w4ANdrY(Fd2D{P1r*ckZ-lSoHRZ|a<0``t1loATg{o*GUQ7Z8T=svwsh4}QJ zGFSdmFaP2Y?@!r>Um0lUDBhW;mv^e#ehWSML!AV0o+6hsbeWD9)v~5VU^>CGGkTY z6pYOYS3Ot0`>K_#8;;I8WZ_-GYZVK~tq?|@vwF-CR3QER2ArWCjnfYjsX4VP9|t^F zk4lRt5}Hb?4Ok3}H2|M}Pt8XiL(I>>2ao|uAjEvsA?2pSe$X-&PWd>IdTeujz3tpJ zm32h@#GZorM{GOO7rPxm{%!9j!YeeR{Ly8kbjRC|zqcnHQa6Jl68=XeNbD(XFh!Vs z)(+s3B{(Q}(9>w3(6qjS(5aA{-8FHFFgt)qqU`A?UnBIMn`GO4H@)8y-ey=nh*KoA zTefh;Qv6xWAS}R*9N_db0BM+l6#Y6mjigjJ73U*QHCI}c)4$+^gfEFq05mrGrmX#j zJe4n`Epo3l8Nl!-)UJ}yB=+W2JFh1H+GF zzvyr`)QWFR3uH&5%Oa1T^z`Dy1ghDGKe`$`)X&)_cW8U?pWjI)0~2bpdl+f>rXQkI zqyJG4oPFQsAb}iDuxjz5Cu+;tQ%D(W=%t1d`lx~22nZx+*uQXXe}7MB>2o6DaTt{p z+7z$Um`GkYRqj|1pjP`)Hj=CpQS|A!@^OO*TnP?U;B-F0iShY1{r4Jc4A1tYHLLcB z4`xO1woFYrCh7f0mkb`k_xE9igK5um-qLh)m@0-c_u743Uqn)xt1b>?!L^gYI`2GPtRTWkOx(G6e>PhF&Wrl z5s*z809PA;2vPiO5Y=i|q9svZQ@$#owYVcgrq+e49WGN$rRcPeG{u?rmcD zP*pp^sWMsszG9#q-Mwd`emcyQHHpw;5?h2#+aQyFXgI5jl3@;tE1PaYl8xb;Vc;OL zZH)z62bZoW5~pHsQ){f=1-U%+PPm{ps!;oKb-H&ViI*j?adA91J8&c@-YUEaA-TA{ zw>i>d2i6!z;+z<#`hyw@4{$DHT(pfi{B>&yN;3Nl5D=Olo}S^NLCfL5oe(ByDkfPCsjc8Ew6w42JVw za$m%c3)bcBHro8h7WOwsSQF{NBNA~JQ54-^Et%8pj-2ZI7u6$xuE5^isygF+7Hp)T ztRt8Z`ZQbGv9Y6@sGY3l<~hLV6Bc|xZ9#hWzvJ_q$Y1ccicN6qU4muBXX0p`c*_C` zXO{;F!n$AphL|ml2b!591MfSEVX3r^RI;tXt@~^gd1;Ps*wGhhxz&JUx(X0p^f* zgl>>Q)vRQRrlTt)qMDw0#q<8m`S&9;oQf&4HcbPAl?}vahPM#CTRDUc*SAL`|4{<` zz@sNp^2Ku|0mRsrfAxmz|EL6BUfB))2#6@-6k#||8KOi%x{*!nSIR0FX(>wlj5i>g z90R6$PjcjiB|fGyPjNo*7|~MYP^@gXA$US?G)JGdR1vgloLkJNFVhN&xhR$u~GIN3C?uQLFP+-V(3k%mYfZ#JqCe@4DQYTgym%P^pA)Hoq~*xIkU1 zeKn#_))Y$Ewbp-|@3G1JC^o%OewM`Z;N6iq999^z{i@v#ld9tEuQ}=T$^GOrz~8m) zXDYjp+{wfVix8{xCZ@;BE4CF_qpJ3WFF1j;)y&27yJxd@!0O~3P6!KoDPAhj)b+fo z*VEckp}Fc;rgjZ0gFjxgVk>$QE0(j}DKp5IY5g?9|=@l~1jqhduFixV7JUc-+Ks5h<{ zlZxR8{M5i?RvebD;F`w=kcI*DX~0WKNRUv&bkX~CXO%sW%pvW#mmP^ji6wMo(U9np zEYv&<7=~dufMC_p(d=ARU%^d*_^17AUyeG%XD@|4+bqrP+$xGluI^$}>u{ZuS5pRA z=QK<9XO?&jzLY!%Zy{{)BnC{&o-3{K>u@#06&oY;$BnbwhXTd|nN64z;&ddocM8vI z#Hozu_pXup@FaWV>Kv+PkO_n)atHXDA$&Ijvf_T>+QczhB z`b*;Npd^>*xIW%%{$y!|yoV9}^UrB3N9C!*J73~oElW(qxyKOvN@6=hEA`uVb_JOa z;(zDm^JY3)vz|$RMX=9D_LGCwviD#}v?D(k8aMBhjdJkK>ywHJPnEg?E?wT@nm7h+ zax~x(+|4P&&4WB<`)v8q??0~}RpAfSzB0H?A)19O zc?Lft3zHWbyC`a>bgyxc*OJp(%Tv(G$}~RHzpzA*l2UawJG#gvHRO#1f0bodmY;Qj zlpUH1G1ZiVFcZvGWET{j6g38z2Z0ZsA#nFxza6e4Zp&B`0WXNfi40T?dVBWDNBYj|Z|U#XHf z?BEJm|0@H1=h3y0T?@MC2NyO2wpH#aHjO!ulHFZkmYMdIfqb)>oRQwh0KW)`H+?o2 z-&2`)CDlmLvky}9X%@fXKW};e9`Kdn_}!jIP5Fm2KijkU4i>yUy7382o#Y52A3yxc zAk+LK0uvT_5d*9eUsSskdox^r^0722g6+lot=PQHccfbHdF?OhAH|zgras!Ke`SzW z%a#-mW*FsoX6wIFcDE~Be?RCMwL0pWdVj@ZyVaT5C#zo>zP#C(fZ6Jolo%W&_Q!w4w;6=@;#VqXS=6X+5FWGb$vfg7EJ6{)4-HYL zZejA)<{!T+k-kv3JY*S>bb#EXUnD_K1)`9Tz9)?|wfs2pm0?HQbs~GZ#wkcD9-ccG z@?K0@HdRM%*?H74x_VF`?LH*eT8vtr-N(3`kdmvjWN1~K;3O+BAsaeVG2|5AV8`Mw znbGTt#Y}&R1GOp-MM~&z`^_2;>w6Zi^j$xb902ew{9+7@=sr>nzkH1AZ+0Tg0JSiaUaVvXZ9$_xqIP?3$zON zHjp6thSefn&L!cSj*k=rfo>zJJ$3f`- z@NVsT48EyK0SR6GUrsK6ygLjGSJBt>7Ue0W@1{XgJlr7=ze82%+MYwR)_ut4s);8 zcxS=nea&%`I~kUNB&VvY2@XAQ3Iea$pnkz_>v^N{jJ?=ao}TZ%;kXB-I`htCjw3ZY zV4K>J0M8hPRu+rKi1 zhw||`am6bI6QRgfeyH^i58*)rg~ovCb_+*w?OzROuu+h^o~~Q4#BO#NsFn(@5B{># z1umi%$|nvZH6bQ2XG0w)*`es$oR6O+-uH{!SAf-47}r)vx?3W0NA!)I*ZdVdh5PuO6x;5+&T2EmYGIslz zYI=Kh50`_J{~*qrWN=ZrCHSr}hUb;Zlo%*KA=%|aE9^Dbz2UJhx#OsT(qVe8s=MB0 zDk9ytJ)tD%$3c@)$AnnB2-T0e=ByXbNSR2uH#cvCyRx!{4EbeMSV=Cl$7wzc)@O;I zy^{ieeg{tTh7uOed23rA+WrfE;Tm44GOcOzLS3IZ82WW-;{LeBWDAPu|IWZ?V-zW7xfty zZLIY>>jF|h*klWx^P?~}YZI($aYJ;~?;~u^G(Fkd60Xlp)iK^o>8`;w)<@9%tU~u{ z7Bc8hJ_}9;0lQ+c+V)5)Z_QCXZ1r5*#jvpYyxb-uX|Mc6X$y0fY&6PuqM+fp6P|on z3JBgUKorEYBVHNPe)~HkK!cr{DCdZmS?vSoWbE2~HGM}MlVF0{qGDFy^775SrA0Sl zOQZVeJYZsRJ50x7u*|NYbi9xXc#0-`026+5EJ>NhLn43+t=$%(^4w^5LkrMOOck+=b2A9-8+!7y_~G zkK)Sebs`(oV?d5sah{Wf((tU9T3tHPrZ%@D7oIa0M}p2To7l4;uJu)W&~1BK@3rU5 zcsQd}l!hjF9S+$(%<>*Q=sKCigx2Zc7XuR&pm|f8xIKR*IF3fl?wyYF=W@?Ud!|r6 zL|`UpQCQfFo*zR#5Lp!k8`->OS!z6J=_O7U?zklttMCrlo$-wRAp)>Gm2iTTrh5z` zE1)GPr)c>ji@#H2e>`-?#kfSKs1jjPQfE-eE+Vot^3179BgN2?EIYK^>DHBd{(%QT z>H;8f6K$s3_+Jk8R>!o;X zoa7Ljg`L@ue!rdhdhYqr-F>7}9+-_eXws@3f@MbAYz^g!xVSgvtg74}$$$v1AlQ#2 zW0mUCH-0u&O2J?l>y|Rz@xj&YVhT5PPR z7%{M)+=MQy!~Xa(`V=9F`5d2mzF?%#OO}h{&om^xf7(Zn1%T(gB3ua?T*K} zqpU@Wr~)tV3B0@a!=fguajMy{rod8kY*DJ;eXDOCg3$n{P4w;a9*-H(P%H|U1J4U_ zhaquL9Oim)iLn+R0o0Nlkd#`=#_c5S?#)^eY?9$K@Wyq%N6KT#*A$oNSXOFW>UoEH z_KUX%B^4slqbvup>=50%_pqmy`vET#z~O>r^~0GbUa^?CfnrWb65G?tzcrsjwFl{# zYI<#L>4hA^%U-=Sx756{>Hom1r_SUzIZnU2eWTtvfr{&1<)6|J7Yfp>6ZbJ4FQMzv zMS=l^!8VA%-d!u$uz|$-{qr9WSROo<*wKD+_I|)ZOMZYkPHeQ)pVd8{xwfHHR~BYS zkjanq;I<1h5Bn|s`VCMs^tEOAIwdy8sJ%N;$s#9ySvAwiE!C0e1k2*c)#FL8D)9{uB^d7_grhsPn>GLO8u-8{(6yHraE;c09J{MRw`GV z$(LPAU+7z*t2vIbQ0yRU;_34 zX2hLaTTIC2L$;>*Vc`qtJ0x!&IMI(!zNEC;NY#*;sL^3O__QdX?t>Q4yT?kC!@-p| zm8xo^zTiz_5=ndIrrZ|uqA`>GOC`w)2~JtP9df21JDeNI4CyWSSA*sy(XFS$Mc#ei z=VQ5*bJ@HaoqMez$J7Gm+|W){tI=MCvO%$*k(w6OVutA4hpqN5YQt-ysx0mjmzg`8 z-ktDcOq;l_`wqB>PBby|5Uh}kr5yyb1@#q(S^u1dAcxk>Ev=L?i~8%i!LToDwc9)3 z9xX@yj3j%vCVdU<)8RN+Oy^?ZUCn?chVLR(8fB~RmiW`f^6i{d5*(6W4{!Bc805>n z@Fh-)|AJtlOqCwvFHKaF`=Um|mz9nxG$&)pZMs*J+5oqwfxWF8>^rOrMN4n%BSX`e z??Pwe{YqM$ICEq0P8rwJ5~jW~a6fC{kaiJ|8L!To=+hRGrGRK#4r72I4`9aez)``R zW?8K;bR4W8&QBoKL>HwaEKwzd^3!Adlm4M#s*WJg{qA$${@$})6BO;Ip-RC4FE|bg zM|MI(XpdaXfBoZ7_Sa#yz!wKLnuk?Dhp&^HWxrbysBTg?UXDg=eE!P7rINU{F@CI~ zxV1j=(Y*fjnL2%uPy5no-fHAwa=rABw_()B#Fm!Zw!3|LrovO(=l_y7Q#WBFz$+|b zq&-)Etmv6eP>+GCq9;UGt1LZT&N+j}(RZ#~!70L&u+|X%vBuVa3TmLCk{*@=!8kPm&LnwzcQV#V75Y5^)dpTa4BvJ!L0OG? z447niT`QkeY;p(dF~0e2fy;J4b*OwQG`5{%9f zE9PS{fg9&4-oI)Xl2?@n0$|G_B$o});|&0`9EZR>o0O{XgO+vGV5|KA@Nsqvj4|@+TbaQBX_q`Zq>yb?p*wS_Jb{+$cLyak#HJn3xjkYQxz_*{Lx;e!vN|Rd zOv4cvUqZG`Tm9j4cLRX4%|OA!76&Y~lgO5aY(uIP8@yNnz-o`pLPjUa3O3!(%~}hv zy;q`WDp{6koGTVl83|6g;8Gf{p8X^(6k?apq#;SFJU+Vhf~_j=1Xh6Zt2GySP0T-b zUm41xN;J{erwu2vs8haj_I(hr-A0q@jvbpnwbE#-wk45hgu;25676`~18i0Y)8>T` zl5LxkdkKIad=@cd(3o|qciEkWrc8q3{JxZ?9dN6+Kf*)f_{jcVl>T=qmsbw{((4#P zp7>FkYNpSvGj!w^nd5$4k(B)0yM*@*v z>K9DqlU&L508JW~GN6g2pB-T?Y3RU9*=iOgUxMevMF1}L81Ul~Gk9C>m5}dCg>w&C z|4{6|3jPp@So_M*I)3E!l_5aGd-cbYp%d}LD#rlB)2|GtPfvV}Ho?bYqmSlK6}GfK zfer!FmFnn;VOK#z|Ek?de!*d_>${1ES!w6(|0>)6714iyxT2$V_UN(Csjb})H|LW_ zsM-{f-BNG;y4$-Jg@=iQj~bfVUdxyKy_5gu*bjH=J#XAHlTX?-m(bDo%fiF#i(uVOB*#^<2gKe|)X8w~506_(-1aU7>j)HpFhAOG?nGdZKMcfaR@`XmKGAKcEP_>TpUWyt-Vg;^v6l6m=v+;qKPLjg*p z0Obe;9#W1dSPT;Ioeg^aMAqGBOL*|DNzF6E_~HZ=Q@5jA79$IjqCw3lkX2&ZegE@% z=f}OwQWI=NavbD@(q#LLxGb!2?tx7FTa+YTw=ks;bQ6s{0)i&#yibCWY$GLaHpLz* ze?+VHTY%`UXAd3~e>R`1c{FGW-RC6qft2Eo$&q7)c`~0NoL#WK{x9`tC|D`0>w39O zAz?shhPV=xem36Sh7}d@{S;Bu?2zsI7dr6x>vp_}I&Nv#J!Nvpja9cOY3yzfQ+0aI z>j|W`UVYwu)dG~&lHG3s$X-GE$-Ok(8qOE^qdCCiI0Op3T=8p&tr_y83UC$_nPc4;|V%-=+6vFRs^t zHG(^<)?yJZBw&?VN0jy$@exb)jgmCr`q_@dhzon}Az9{ChFJ|n=jdgh(1mwr<7z0{ zPTH*vPHh>^mbcGtkI%W7xbKrDZnsWc@A%5#f7`05)W7Y8d^f2?lFLEXL8{xIp^-se zPT5YTrlUiq($L8qP0G-*GhOrKZgHfUji$f^eTIhNL~AQHL#sE8#YsKI(IFpy<(wNG zTd|ut#1)uX&RY9bmi6T>rsU=sv<1Ko#kxl`KPG(AEy?v7!^k_>2Sh_qGR4-eX0Du_ z%t)?6iON@!XD+$7*c?Sy1;)n8b-diNbKNX!krK-Ae1Yw46H9N)uBlnw;=1m_djwG& zUAGX#cO`s4*w3{M$Y+g-{fxe6zVj}fv3iO_u0C|id>0U4F4>0^2EAKVkSq6}q6nqO z{n+JYk)?opw?3-eq~>}_tR}PrG-=4KbWdl;vL;{a(h4J1i^Mf z!qU_`C)Ox-q*S`v+qJpzteE8JW`5bA9sYii2EIE>kv@f#<692rE~q_fJ$v=PB~o9m zT*|q>sS7(D66NzvrpB7(T|4b$PHt4cJ4>_>+;zYjd+$D{BKYoV;3#YmDjco;0z?T5 zJL2964t~%L@oz+k6y8iOrO(jOl@kJ~WYsC9m-50F4-DEPWw$&NJLkNTbH|AJpy%vK)fY#i6ra99oTtirBP!ZI_Hxetu%Y;e@K(#@p z_Hi+}@$zo)rUV1$s7nXwa(XlYg8tf&L&q$g_W<&sln=60;cQtZ$*&yOM1Yc%7ER zS3+WSo`>QhDk5RTNOkoS5U^MK{7qM)xI!D#4Om8%Du`sOIo%mVE}ht*wYQHzSS>gt z7e(SKQP9zGRMte^EL05N|2g?v15gVLc^u6nvKw`t^ImJR#mE2Z$lWFR=k}V1f^-MRAz?J4XQDZ^L(255*f0z60|0g**$Zz-tF_10kJ;j zpDnj$!3XP`L@wbQl|XA9tfy?fg{ZuTxwr!1_X7zzY~2AN)3Ev4Q;4N2K`QUESqT(;LpcIff-+S2@SIq}I_te@BN*0`L7 z*)B9Rg=a`#i`f9wV*mo6n^${AcU3p5^GVn>1)O;suaSA9^)x=hIrr@5V+TvzRDgKUkiR60+WO^mr6aV|S|*#L zh6Q|V)aO;2&}tDR#1j;FUhXM;p>w?v%5`%jX+!cX%sfrsAx5?*9%U|?ijgJKsh)3J zwoNf6S~{aagrkr`>w0eehV6R~UsHnmNAg`+=onNZZ2x@lqB>Bd{Wu$ zHhk)@lv}iOPlwrWu1yC6tcXqfYAv73(JvKO@ETHrvi*$l$LaW!chzP?4j~JAl_T(h zz+t=F(@sOQU8hx4Vt_cie90KAulPTaWSc) z)Ijb&fuk$Wk4|!@)%?H#bc-VUEDQ*)9-*b0KEgw-ngPoWnu7|UeAuk5u*c04O}%4I zU~b4N!UuiQ(uu*^fyhKH#St~jPGnYGWsJ+ju1e=ngO|t6Osw3+M`8=O!lTd%o${Uz zGdA;=McqpGUco{9n1(3a>+x8}4<4}NN8`Y(-eUoTe9w?Uh^ zQJx#X15hN6fZk%cZN_?+pE2rQg%)M@^5#~lK9ngJsDX}9vs%Ltul1e{DccY8QSy%3tK?T%Mk|$?nFt}QfzEY7Vvq0 z$L6|Q3CvZ^_Wh~GbSZSSaJG;K!ZA0IHuZU7dBc1yzlgri{f&`u1(@x&m-3;8Vj0sAsF{dLcF;EznsU`-pcziAy}ee z@_ejUD7g#NinU-~1Jwo?e*81%3{E7CmKujrsK9Vk| zNrIAxG6FMw8b(?H(o1F(tnmDO<^;Wx0#bSh$yd%6=g7wgLLwJqVv+!ixto>W5=nlI z6oi8j48U>_@HZrSfB&F>hPFiiwuX?yo68`%;ej(mxe73X(-Pta)yO}4 z

    lA&07vKzPIkbl`SwQFr*u3Y8B#ez5=9J7uN8~D{0fFXFBFY5OL7A^Od0{>-bXW z*un)TCY>x?$+2h%vZMT{zGZ4Q%$Q(y`l2#1r(AWm!xT*WcqE2U{VCc)qXR*%&?&T? zY(PgKx2jjQE2B0rTIKX$B|;~l(fn0v8X-e36jSPXPPI*YhjK^oQ!TIXAasLR95$a< zxss9;oTsxCT-=oXrb#8X0&v3)|9ni#Y_zhbW!Hz3aU0Zv&>c-*7TG~HxlY+}!#_c< z>z4i`GbjV61^)9Q!dFz9O__}H4rd%ptBV7b6F=6nc4S<#zGtcb)Ph1Ic;M$OZwmyA z*87d{*Uph;6?;Zf6tzI9R<{|Fv;H#W>U;idz0}NC(mbg~V8V+^IZJmE;6LAytC@Zm zb6&g__D1Gq=vwS|iasnJuliq7FzW@*c8twWHs=e*~hM=B1ukzN&@KG=UwR6F_ zw`OZQPqCP9Gu}3m7Kl^mNQjH6dP?k*lwE7Algzxx_p}(Ao#6MRyHw%wLq(Ij?g7XT zCyBk3lG)2t0;|{9n;=-dS5{1+G%^cS3yWDqQ&!?|1zC#)ICp?W)~$F``ksAiNVCW$ zec<{Q+Rd`x@^r zIRtM{h3^i31G%oU;a)3W)Qga|wCJV1-;%s$xtTeX^P7gqwY;UU|y;FW; zJAA)2YvZ$j8`|PP275i~%nmS*EdqiOngp=Vo?t>nn00a>vX6p!c~UW;WbZXciK0nx#z$1CU`4u4DM}O#uU8 z{|7kR^|#9pW`4r;EdPhe_`f%l?{4NEwtOUc>R^Z z*7PXhE5ii>$3aWt(NLp)Wb#*rK{<8P$`yRIvPG2ZN^?2#v%HCrKr6?u|DNYx0xVal zZNtWon?Km9XL8&-cTo6w-*{J74L&s@bv^>Ja$4v=zFFb3avArRQ~qJ-yGv3w+7G2( zMIh+MG?|zikGrvZW!1}o*0JbmQUm1sN3Z|kssGhKgnaJ}fYY*WLYf~PC=B#n`EGsh zA7A31s z0X8j5MTOq`Bs2JxL9xaC2EVwigB=MWnw!(#@o4u83L2&@#O^l&Sw*2YG?9a=7(>fG zT}${tD<>+A>RAq}iY{&T|G~AKDz|?pMR$qnucjmL=I1)`!P{)+dDpsAO?tTe-;Tg+VenT&f++i3b1Oh2JSt#4vxq24|1mtL^lPi}Fm&7$cSBs&6ELyvrV@!O-317!oK z?R-eJE!Av4VocWqvl&mipe74G--aGWg!mkY! z%FXdx7ZP-@DfV4jB_DwGm*SNaNl4kH1Uy$Oo9Js)%w4+>mEU;C}n-%~@uI1^9P7zcI&tl)5)zX&vV%PVndP9MSY= zsq~BcSf5d`Pvj>6d?}_H4l>=1SYpSI1ZcjjfQbroiA=&fBs^?YFdE{8Q3j=|ILP>W zL<<|t2mtkaS=%J$P?=k&enU}+~KKlwK;>75I3+P3> zw(yamDRZIaK-5_tHH*yE?qxTPLk{fD4$^?b&cVEj+j=pWk*j|k9Cdi8rT7l1ahoz?C0253W^-JX-6 zltXjjtKtbFhjZFx;&It`PNJtmj=oR3;X3v{(8cVpX9MSK?xLM}CQ{1P8%EsAi zrkhyI`gcQ9Si81xI3F}BWDVzdd*v&`{nKPC?%IXqV*?`lzNrz;eZ*rL^M!om9}Pt# zljXd~-4lJLJVbvGp~s*kzS`|wUIOU!#T~hG*CwwKannh4xJ~`$f=M$t2YF+TQ6R$D z1eBR{Kh_}Q#zj3CXXj-kM*3oOLp-jGdA8~EsKT;+ed#i&P!gaKFY}EzpAX@$hCF&^ z_ox{catAFMlS*1`s;6&{l~TZ#Bbmuy=!|Lxy?t97ie1Lz%T34P9HnJflZu{?9eSkr zY~7vFj!}?*uW-X8A8nvIToQ_!;Q+Rj`v=0FzY(bEMJu%7;f#g}z54MN=pe5b={ieK z`<`2T(h6L;_VN31u66N{pf}q;er0%0w1o*@p7WGn4Vn*(UP#@wc-TZo<@y1HXwCZ*;Usf}~hu$)gGI5v$sk@}Ry8jJ{f=$GCY2FY`_ zs29D~jw8GNf^(j#v)8kG`o_yk z9E6#>!U~uH1$%*7))k?TN3qxVj6D0aB%S?Ey-Js;Pdmikk$%xHq509U<&E;sERW+t z64s)4;>dTv!<;Fqp^v6V-4Y1w4dBqqYDSiZE+#!+$kzeuPob4FZ}sYCJ9OT4IXevb z$^L_z|Bi8tK(}eXluN?c%bb&KR!%2K`J9;}t5w|#ZcRLvky6q1 z{K4d-^brF`9|QAdL+d9xD`^Od{ozNNi|JwG^j@!B;`Os*XV>=s_-qJEDA3xdYpu4g03e* z?xfFtOb0+V?GwwldQC|$oIbnTw0YuU+P_fg%YHy-4p3k|y;q{;Y`N{Z5fP49vo-)Z z{_WuSjUx>ph!lK4DLgu=>h88)%$0a3>aZ7hvQg4mkrX{y^b8+Y;}jRPu48zXUk)x- zcuCB-9H%StIlz5NXY;M{%i62GXHe_s*Q1u)E&LNz^_4HAnOVjp=xj`33{I9s#PfIX zg%!6L{fg1oU)1pU-_x(WXlhu1SbeuO)@2{@Zr9F(!KUuFh+Ea?YB5m#wq^e&@j?B6 za&!K-OZorf?f+lb{$4}qHwz(LcjzT;(8D$bhdc@ZE4Ku znhL0L!LouM{BCKXs$COa#7;aq|0>`lJ$Q9&;&s}S;uOo9QTpjCOGx=pCNtDjMggp_ zR1e1!0DfQ4H7N$fS6{AON?!f5v41?d_~bF=V7qs-t?d)zos8e;I%lXLdwANyLl4I4 z-r; zTla=H`CZ54DGX-pKbc(Vz1M#EqSb>vIC09U|N30uhq2w@J14sXVX^^Z7B=(e!z{3c&c3=4hDkxsdsva`VAOVIStedhbR1ezQiHODE5JEgSrwo-tuU|dM zgs>EwhtXv9Rj)Mr_}en}A-GjyPoiGWZ$Z5p zSm%i*QLFdJMztP-2?|Qc|eaAG#VK(v*@_);Xc3GN#%k;@!+s;Mj z!5qDsPT6jQ)qT50p|f8w!5Rg_QjQs}QTG}rMXV%3#fKvekBmSUNAOKF%BNo_7CN3(J z#Z%L({p~<=Ell%RWF|)0{!1q)Cs0{g+1faaek?vm1N)F0?1Ew02Whb-m-IXglk3&> zW;&G2>LYCD>z%kp<~nYuO=$f3ukG+h<&cDJSP

    7~muXGRryMdi`a2ESt~+^ASd z=~&4zTREzD&1wBB>7a=5vjE!}AcTG?_ua+*PLG}iByUA_tS8NJIaWM>!n%ZJUJu|t zSE0tc(;~_^OPQzR8UsoO@0zZM*X$Gc?X869Sog?EIIkTcRlQrE2IbI_ zx}8Hhy}De^ZM@WD6lhRd<8~ZZBQo`3Df^v+C!-VmHcLhKMG;9?0LQ9k+idsQ;yBQ) z6|8aSN0W!D?J)GFKzA}TGc%TE#IRip)wQI0m8JUBCKPs&m}h}3r~^Fdq67{o2sE6& zI_>cHA^4~8`G21}%`jhVKC&{vkN{Kb{xUxW|-8khgo7pI?#oHXzMwre@}mE~#3 z>Z?xz&5!@_cXCBeYWGuY1H&yQ`~&rvIj0Y7vi21gDjoYs#iEQ8gSj}HY(yVM82i(& z|CdTmn@y0ZID!QQbXTV6UV|)7qqLe*f#u-lYQXEQSI?VVm_uSxbl-$*Ix5}LbnX%i z7A)V4sCHK_BS@rmjSrA{mdGWJi`W%nSxaWDJ$GABAK$Tck$0!>j`HH9eRM;GmErV7 zyz^98qPJ@-sy(w8Ar)8=gR?)kRVyOs!=^+>H{~>HcqvYgw<#i=PYr(vyQ~?#rQ_$S zVAFq_h~TBwR9F1893!OGExF9w(GLk2O;6>+V_CBu;3_bG=mTpN?P6buNe&$EKR)U?WNO@YDw(ZL&;lMwsbKC)(_J&&7Zo}Sq9kg<>Z zP=x)zmQfazr@oMCHw*0JzrCagwG!MFeP*ovHPQ5*b~h16U+tRUq*U);Zt&YJFs zzz>v_DI`DAiYQucG4ru!5zMdCWmRh9t*biGZM^0?BeaZMYTlJdmDU+eHu$B&xH9Ol zHuW5RIrdc=EUDDY_niF_&Ionk8oKe*$XkrPg$o`?{j@`r

    - -***Troubleshooting*** - -Should problems arise during the reinstallation of Winlogbeat, the relevant logs can be found in ```%programdata%/winlogbeat/``` which may help identify any issues. - ## Using Your Own Certificates It is possible to use certificates signed by an existing root CA as part of the LME install by generating certificates manually with the correct settings and placing these within the required directory inside the LME folder. **NOTE: The default supported method of LME installation is to use the automatically created self-signed certificates, and we will be unable to support any problems that arise from generating the certificates manually incorrectly.** -### Certificate Creation - -The exact method for generating and configuring these certificates will vary dependent upon the method you have used to create your root CA and currently manage certificates in your enterprise. However you choose to generate these, you will need the following certificates to successfully deploy LME (further information on the exact requirements can be found by inspecting the certificate generation methods within the [deploy script](/Chapter%203%20Files/deploy.sh) in Chapter 3 if required): - -***Elasticsearch*** - -This certificate must only be created to peform server authentication and not signing. The certificate must have ```elasticsearch``` as the CommonName and the DNS name ```elasticsearch``` and the IP address ```127.0.0.1``` within its SubjectAltName. If there is a requirement to access Elasticsearch directly from an external perspective the certificate may also have an additional SubjectAltName containing the DNS name of the LME host and its IP address. - -***Kibana*** - -This certificate must only be created to peform server authentication and not signing. The certificate should have a CommonName of ```kibana``` and must have the FQDN of the LME server set as the SubjectAltName. If desired, the server's IP address, the IP address ```127.0.0.1``` or the DNS name ```kibana``` can be set in the SubjectAltName. - -***Logstash*** - -This certificate must only be created to peform server authentication and not signing. The certificate's CommonName must have the FQDN of the LME server set. If desired, the server's DNS name and IP address can be set in the SubjectAltName. -***Winlogbeat*** - -This certificate must only be created to perform client authentication and not signing. The certificate enables authentication between the Winlogbeat client and the Logstash endpoint. It should be set with the CommonName ```wlbclient```, a SubjectAltName is not required. - -### Certificate Locations - -Once you have successfully created the required certificates they must be placed in the following locations: - -***CA Certificate*** - -``` -/opt/lme/Chapter\ 3\ Files/certs/root-ca.crt -``` - -***Logstash Certificate*** -``` -/opt/lme/Chapter\ 3\ Files/certs/logstash.key -/opt/lme/Chapter\ 3\ Files/certs/logstash.crt -``` - -***Elasticsearch Certificate*** -``` -/opt/lme/Chapter\ 3\ Files/certs/elasticsearch.key -/opt/lme/Chapter\ 3\ Files/certs/elasticsearch.crt +### Certificate Creation +If you create certificates ensure their subject alt names allow for the ips/dns entries listed below, but as well as the ips/domains you'll be connecting to the service as: +```bash +root@ubuntu:~# cat /opt/lme/config/setup/instances.yml | head -n 30 +# Add host IP address / domain names as needed. + +instances: + - name: "elasticsearch" + dns: + - "lme-elasticsearch" + - "localhost" + ip: + - "127.0.0.1" + + - name: "kibana" + dns: + - "lme-kibana" + - "localhost" + ip: + - "127.0.0.1" + + - name: "fleet-server" + dns: + - "lme-fleet-server" + - "localhost" + ip: + - "127.0.0.1" + + - name: "wazuh-manager" + dns: + - "lme-wazuh-manager" + - "localhost" + ip: + - "127.0.0.1" +``` + +For example, the new kibana cert would need to support the above alternative names... you can also ensure its setup properly by viewing the current cert (assuming you've already mounted the `lme_certs` podman volume. +```bash +root@ubuntu:~$ cat /var/lib/containers/storage/volumes/lme_certs/_data/kibana/kibana.crt | openssl x509 -text | grep -i Alternative -A 1 + X509v3 Subject Alternative Name: + DNS:lme-kibana, IP Address:127.0.0.1, DNS:localhost ``` -***Kibana Certificate*** -``` -/opt/lme/Chapter\ 3\ Files/certs/kibana.key -/opt/lme/Chapter\ 3\ Files/certs/kibana.crt -``` -***Winlogbeat Client Certificate*** +### Certificate Locations +All the certs are stored in the lme_certs volume. Here is how to list/change/modify the contents: -In order for the Winlogbeat client certificate to be included in the ```files_for_windows.zip``` file generated by the installer, please ensure they are present as below: -``` -/opt/lme/Chapter\ 3\ Files/certs/wlbclient.key -/opt/lme/Chapter\ 3\ Files/certs/wlbclient.crt +```bash +root@ubuntu:$ podman volume mount lme_certs +/var/lib/containers/storage/volumes/lme_certs/_data +root@ubuntu:$ cd /var/lib/containers/storage/volumes/lme_certs/_data/ +root@ubuntu:/var/lib/containers/storage/volumes/lme_certs/_data$ tree +. +โ”œโ”€โ”€ ACCOUNTS_CREATED +โ”œโ”€โ”€ ca +โ”‚ย ย  โ”œโ”€โ”€ ca.crt +โ”‚ย ย  โ””โ”€โ”€ ca.key +โ”œโ”€โ”€ ca.zip +โ”œโ”€โ”€ caddy +โ”‚ย ย  โ”œโ”€โ”€ caddy.crt +โ”‚ย ย  โ””โ”€โ”€ caddy.key +โ”œโ”€โ”€ certs.zip +โ”œโ”€โ”€ curator +โ”‚ย ย  โ”œโ”€โ”€ curator.crt +โ”‚ย ย  โ””โ”€โ”€ curator.key +โ”œโ”€โ”€ elasticsearch +โ”‚ย ย  โ”œโ”€โ”€ elasticsearch.chain.pem +โ”‚ย ย  โ”œโ”€โ”€ elasticsearch.crt +โ”‚ย ย  โ””โ”€โ”€ elasticsearch.key +โ”œโ”€โ”€ fleet-server +โ”‚ย ย  โ”œโ”€โ”€ fleet-server.crt +โ”‚ย ย  โ””โ”€โ”€ fleet-server.key +โ”œโ”€โ”€ kibana +โ”‚ย ย  โ”œโ”€โ”€ kibana.crt +โ”‚ย ย  โ””โ”€โ”€ kibana.key +โ”œโ”€โ”€ logstash +โ”‚ย ย  โ”œโ”€โ”€ logstash.crt +โ”‚ย ย  โ””โ”€โ”€ logstash.key +โ””โ”€โ”€ wazuh-manager + โ”œโ”€โ”€ wazuh-manager.crt + โ””โ”€โ”€ wazuh-manager.key +``` + +To edit the certs/replace the certs, copy the new desired certificate and key to the above location on the disk: +``` +cp ~/new_kibana_cert.crt /var/lib/containers/storage/volumes/lme_certs/_data/kibana.crt +cp ~/new_kibana_key.key /var/lib/containers/storage/volumes/lme_certs/_data/kibana.key ``` -Alternatively these files can be transfered to the Windows Event Collector server separately if desired. - -### Installation - -Once the certificates have been generated as required and copied into the correct location, simply run the installer as instructed in [Chapter 3](/docs/markdown/chapter3/chapter3.md), selecting "No" when prompted to generate self-signed certificates. The installer should then ensure that the files are in the correct location and proceed as normal, making use of the manually created certificates instead. ## Migrating from Self-Signed Certificates -It is possible to migrate from the default self-signed certificates to manually generated certificates at a later date, for example to move to enterprise certificates post-installation after an initial testing period. This can be done by taking advantage of the "renew" functionality within the deploy script to replace the certificates once they are in the correct place. +It is possible to migrate from the default self-signed certificates to manually generated certificates at a later date, for example to move to enterprise certificates post-installation after an initial testing period. **NOTE: The default supported method of LME installation is to use the automatically created self-signed certificates, and we will be unable to support any problems that arise from generating the certificates manually incorrectly.** -To begin this process you will need to generate the required certificates that you intend to use as part of the LME installation going forward. The certificates must meet the requirements set out above under [Certificate Creation](#certificate-creation). - -Once the required certificates have been created they must be copied into the correct location, as described in the [Certificate Location](#certificate-locations) section above. If you have an existing installation with self-signed certificates then files will already exist in these locations, and will need to be overwritten with the newly created certificate files. - -Once the certificate files have been copied into the correct locations calling the deploy script's "renew" function and prompting it **not** to regenerate any of the certificates will cause it to replace the currently in-use certificates with the newly copied files: - -``` -cd /opt/lme/Chapter\ 3\ Files/ -sudo ./deploy.sh renew -``` - -```bash -Do you want to regenerate the root Certificate Authority (warning - this will invalidate all current certificates in use) ([y]es/[n]o): n -Do you want to regenerate the Logstash certificate ([y]es/[n]o): n -Do you want to regenerate the Elasticsearch certificate ([y]es/[n]o): n -Do you want to regenerate the Kibana certificate ([y]es/[n]o): n -Do you want to regenerate the Winlogbeat client certificate (warning - you will need to re-install Winlogbeat with the new certificate on the WEC server if you do this) ([y]es/[n]o): n -``` - -Once this is done Winlogbeat will need to be modified to use the newly created client certificate, as detailed in the [Re-configure Winlogbeat](#re-configure-winlogbeat) section above, substituting your manually created client certificate and key for those stored in the ```new_client_certificates.zip``` file. - - +Simply replace the certs above within the given container for the given service that you would like LME to use. If the certs are self signed, ensure you also include the root ca in the appropriate location as well diff --git a/docs/markdown/maintenance/painless-reindex.txt b/docs/markdown/maintenance/painless-reindex.txt deleted file mode 100644 index 3092e357..00000000 --- a/docs/markdown/maintenance/painless-reindex.txt +++ /dev/null @@ -1,13 +0,0 @@ -POST _reindex?wait_for_completion=false -{ - "source": { - "index": "winlogbeat-*" - }, - "dest": { - "index": "winlogbeat" - }, - "script": { - "lang": "painless", - "source": "ctx._index = 'winlogbeat-' + (ctx._index.substring('winlogbeat-'.length(), ctx._index.length())) + '-1'" - } -} \ No newline at end of file diff --git a/docs/markdown/maintenance/upgrading.md b/docs/markdown/maintenance/upgrading.md index bb947a0e..7ff1f50d 100644 --- a/docs/markdown/maintenance/upgrading.md +++ b/docs/markdown/maintenance/upgrading.md @@ -1,6 +1,11 @@ -# Upgrading - +# Upgrading This page serves as a landing page for future upgrading when we release new versions. +## Upgrading for Existing LME 1.4 Users: Currently the only upgrade path is from 1.4 -> 2.0 [HERE](/scripts/upgrade/README.md). +### Other LME 1.X versions: +We highly recommend upgrading to 1.4 before upgrading as that is the only supported upgrade path. + + + diff --git a/docs/markdown/maintenance/wazuh-configuration.md b/docs/markdown/maintenance/wazuh-configuration.md new file mode 100644 index 00000000..8b09c2a6 --- /dev/null +++ b/docs/markdown/maintenance/wazuh-configuration.md @@ -0,0 +1,64 @@ +# Wazuh Configuration Management + +## Managing Wazuh Configuration File + +The Wazuh manager configuration file in the LME setup is located at: + +``` +/opt/lme/config/wazuh_cluster/wazuh_manager.conf +``` + +This file is mounted into the Wazuh manager container running in Podman. Here's how to manage this configuration: + +### Editing the Configuration File + +1. Open the file with your preferred text editor (you may need sudo privileges): + ``` + sudo nano /opt/lme/config/wazuh_cluster/wazuh_manager.conf + ``` + +2. Make the necessary changes to the configuration file. Some important sections you might want to modify include: + - ``: Global settings for Wazuh + - ``: Define rules and decoders + - ``: File integrity monitoring settings + - ``: Rootkit detection settings + - ``: Wazuh modules configuration + +3. Save the changes and exit the editor. + +### Applying Configuration Changes + +After modifying the configuration file, you need to restart the Wazuh manager service for the changes to take effect: + +1. Restart the Wazuh manager container: + ``` + podman restart lme-wazuh-manager + ``` + + or with systemctl + + ``` + sudo systemctl restart lme-wazuh-manager.service + ``` + +2. Check the status of the Wazuh manager to ensure it started successfully: + ``` + podman logs lme-wazuh-manager + ``` + +This command will validate your configuration and report any errors. + +### Best Practices + +1. Always backup the configuration file before making changes: + ``` + sudo cp /opt/lme/config/wazuh_cluster/wazuh_manager.conf /opt/lme/config/wazuh_cluster/wazuh_manager.conf.bak + ``` + +2. Use comments in the configuration file to document your changes. + +3. Test configuration changes in a non-production environment before applying them to your production setup. + +4. Regularly review and update your Wazuh configuration to ensure it aligns with your current security needs and policies. + +Remember to consult the [official Wazuh documentation](https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/index.html) for detailed information on all available configuration options. \ No newline at end of file diff --git a/docs/markdown/reference/faq.md b/docs/markdown/reference/faq.md index 68745224..3edc7d7c 100644 --- a/docs/markdown/reference/faq.md +++ b/docs/markdown/reference/faq.md @@ -1,28 +1,46 @@ # FAQ +1. IS LME 2.0 A FULL REINSTALL OR AN UPDATE? + +LME has an upgrade process from 1.4 -> 2.0. the upgrade uninstalls 1.4 and installs 2.0, and will re integrate old dashboards and data into the new 2.0 deployment. This link will eventually work when lme 2.0 is merged: https://github.com/cisagov/LME/blob/main/docs/markdown/maintenance/upgrading.md + +2. IN LIGHT OF VERSION 2.0, WILL OLDER VERSIONS OF LME STOP WORKING? + +Older versions will continue to run, but we wonโ€™t actively maintain any older versions, and help/assistance will be even more limited. + +3. HOW DO I TRANSITION/MIGRATE FROM OLDER VERSIONS TO LME 2.0 WHILE RETAINING MY LOG HISTORY? + +We will have documentation in place that covers transition from 1.X to 2.0 + +4. CAN I TRANSFER MY CUSTOMIZED DASHBOARDS? IF SO, HOW? + +Yes, you can import your dashboards on Elastic from Stack Management > Kibana > Saved Objects and click import and select the custom dashboard ndjson file to import it into your Elastic instance. + +5. ARE THERE NEW, UPDATED SYSTEM REQUIREMENTS FOR LME 2.0? + +Requirements are basically the same, but those are minimal and really should be upgraded if the user wants to run 100s of agents + +6. WHERE CAN I RECEIVE FURTHER SUPPORT? + +For support on LME-related issues, users can submit an issue in Github. Users can also create a discussion if the issue is something with their setup rather than a bug in the software + + +# Other Questions: + ## Basic Troubleshooting You can find basic troubleshooting steps in the [Troubleshooting Guide](troubleshooting.md). ## Finding your LME version (and the components versions) When reporting an issue or suggesting improvements, it is important to include the versions of all the components, where possible. This ensures that the issue has not already been fixed! -### Windows Server -* Operating System: Press "Windows Key"+R and type ```winver``` -* WEC Config: Open EventViewer > Subscriptions > "LME" > Description should contain version number -* Winlogbeat Config: At the top of the file C:\Program Files\lme\winlogbeat.yml there should be a version number. -* Winlogbeat.exe version: Press "Windows Key"+R and type ```"C:\Program Files\lme\winlogbeat.exe" version``` -* Sysmon config: From either the top of the file or look at the status dashboard -* Sysmon executable: Either run sysmon.exe or look at the status dashboard - - ### Linux Server * Podman: on the Linux server type ```podman --version``` * Linux: on the Linux server type ```cat /etc/os-release``` * LME: show the contents of ```/opt/lme/config```, please redact private data - ## Reporting a bug To report an issue with LME please use the GitHub 'issues' tab at the top of the (GitHub) page or click [GitHub Issues](https://github.com/cisagov/lme/issues). ## Questions about individual installations Please visit [GitHub Discussions](https://github.com/cisagov/lme/discussions) to see if your issue has been addressed before. + diff --git a/docs/markdown/reference/troubleshooting.md b/docs/markdown/reference/troubleshooting.md index bb7f943e..eaf57594 100644 --- a/docs/markdown/reference/troubleshooting.md +++ b/docs/markdown/reference/troubleshooting.md @@ -19,30 +19,6 @@ Figure 1: Troubleshooting overview diagram | c | Outbound TCP 5044.

    Lumberjack protocol using TLS mutual authentication. Certificates generated as part of the install, and downloaded as a ZIP from the Linux server. | On the Windows Event Collector, Press Windows key + R. Then type 'services.msc' to access services on this machine. You should have:

    โ€˜winlogbeatโ€™.

    It should be set to automatically start and is running. | %programdata%\winlogbeat\logs\winlogbeat | TBC | | d | Inbound TCP 5044.

    Lumberjack protocol using TLS mutual authentication. Certificates generated as part of the install. | On the Linux server type โ€˜sudo docker stack ps lmeโ€™, and check that lme_logstash, lme_kibana and lme_elasticsearch all have a **current status** of running. | On the Linux server type:

    โ€˜sudo docker service logs -f lme_logstashโ€™ | TBC | -## Sysmon/Auditd installation: - -If you are having trouble not seeing Sysmon logs in the client's Event Viewer or not seeing forwarded logs on the WEC, first try restarting all of your systems and running `gpupdate /force` on the domain controller and clients. - -### No Logs Forwarded from Clients TODO update for new sysmon instructions - -When diagnosing issues in installing Sysmon on the clients using Group Policy, the first place to check is `Task Scheduler` on one of the clients. Look for `LME-Sysmon-Task` listed under "Active Tasks." Based on whether or not the task is listed, different troubleshooting steps will prove useful: - -- If the task isn't listed either the GPO hasn't been applied or the Task isn't properly configured. See both [Step 1](#1-the-gpo-hasnt-applied) and [Step 2](#2-the-task-is-improperly-configured). -- If the task *is* listed, the GPO has been applied, but either the Task has yet to run or it isn't properly configured. See [Step 2](#2-the-task-is-improperly-configured) and [Step 3](#3-the-task-runs-but-sysmon-is-not-installed). - -#### 1. The GPO hasn't applied - -By default, Windows will update group policy settings only every 90 minutes. You can manually trigger a group policy update by running `gpupdate /force` in a Command Prompt window on the Domain Controller and the client. - -If after ensuring that group policy is updated on the client the client is still missing `LME-Sysmon-Task`, continue to [Step 2](#2-the-task-is-improperly-configured). - -#### 2. The task is improperly configured - -Windows Tasks are a fickle beast. In order for a task to trigger for the first time, **the trigger time must be set at some time in the future**, even if the Task is set to run repeatedly at a given interval. - -#### 3. The task runs, but Sysmon is not installed - -If you don't see `sysmon64` listed in `services.msc`, it's likely the install script failed somehow. ## Logging Issues @@ -68,29 +44,6 @@ sudo -i podman logs -f $CONTAINER_NAME ``` Hopefully that is enough to determine the issue, but below we have some common issues you could encounter: -#### Directory Permission issues TODO redo this for podman -If you encounter errors like [this](https://github.com/cisagov/LME/issues/15) in the container logs, probably your host ownership or permissions for mounted files, don't match what the container expects them to be. In this case the `/usr/share/elasticsearch/backups` which is mapped from `/opt/lme/backups` on the host. -You can see this in the [docker-compose-stack.yml](https://github.com/cisagov/LME/blob/main/Chapter%203%20Files/docker-compose-stack.yml) file: -``` -โ•ฐโ”€$ cat Chapter\ 3\ Files/docker-compose-stack.yml | grep -i volume -A 5 - volumes: - - type: volume - source: esdata - target: /usr/share/elasticsearch/data - - type: bind - source: /opt/lme/backups - target: /usr/share/elasticsearch/backups -``` - -To fix this you can change the permissions to what the container expects: -``` -sudo chown -R 1000:1000 /opt/lme/backups -``` -The user id in the container is 1000, so by setting the proper owner we fix the directory permission issue. -We know this by investigating the backing docker container image for elasticsearch [LINK](https://github.com/elastic/elasticsearch/blob/61d59b31a27448e3d7d28907717b1b8c23f52f3e/distribution/docker/src/docker/Dockerfile#L185) [GITHUB](https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile) - - - ## Container Troubleshooting: ### "dependent containers which must be removed" @@ -127,29 +80,51 @@ systemctl restart lme.service ### Memory in containers (need more ram//less ram usage) -If you're on a resource constrained host and need to limit/edit the memory used by the containers add the following into the quadlet file. The following is a git diff showing adding memory into the elasticsearch container. This can be done for any other quadlet as well. +If you're on a resource constrained host and need to limit/edit the memory used by the containers add the following into the quadlet file. + +You don't need to run the commands, but simply change the quadlet file you want to update. If this is before you've installed LME, you can edit the quadlet in the directory you've cloned: `~/LME/quadlet/lme-elasticsearch.container` + +If this is after installation you can edit the quadlet file in `/etc/containers/systemd/lme-elasticsearch.container` + +`quadlet/lme-elasticsearch.container` and add the line `--memory Xgb`, with the nubmer of Gigabytes you want to limit for the container. ```bash -diff --git a/quadlet/lme-elasticsearch.container b/quadlet/lme-elasticsearch.container -index da3091a..fad3e8b 100644 ---- a/quadlet/lme-elasticsearch.container -+++ b/quadlet/lme-elasticsearch.container -@@ -22,7 +22,7 @@ Secret=kibana_system,type=env,target=KIBANA_PASSWORD +.... EnvironmentFile=/opt/lme/lme-environment.env Image=localhost/elasticsearch:LME_LATEST Network=lme --PodmanArgs=--memory 8gb --network-alias lme-elasticsearch --health-interval=2s -+PodmanArgs= --network-alias lme-elasticsearch --health-interval=2s + PodmanArgs=--memory 8gb --network-alias lme-elasticsearch --health-interval=2s PublishPort=9200:9200 Ulimit=memlock=-1:-1 Volume=lme_certs:/usr/share/elasticsearch/config/certs + .... ``` -### JVM heap size TODO finish +You can repeat this for any containers you for which you want to limit the memory. + +### JVM heap size It may be that you have alot of ram to work with and want your container to consume that RAM (especially in the case of elasticsearch running under the Java Virtual Machine. Elasticsearch is written in Java). So you'll want to edit the JVM options: [ELASTIC_DOCS_JVM](https://www.elastic.co/guide/en/elasticsearch/reference/current/advanced-configuration.html) -To do that in the container, you'll want to.... + +By default elastic only goes up to 31GB of memory usage if you don't set the appropriate variable. If you have a server that has 128 GB and you want to use 64 (the recommendation is half of your total memory) you need to set the ES_JAVA_OPTS variable. To do that you can edit the .container and restart your lme.service like so: + +``` +sudo nano /opt/lme/quadlet/lme-elasticsearch.container +``` + +add to the file something like this: + +``` +Environment=ES_JAVA_OPTS=-Xms64g -Xmx64g +``` + +restart LME + +``` +systemctl --user daemon-reload +systemctl --user restart lme.service +``` ## Elastic troubleshooting steps @@ -226,6 +201,8 @@ PUT _settings Further information on this and general advice on troubleshooting an unhealthy cluster status can be found [here](https://www.elastic.co/guide/en/elasticsearch/reference/master/red-yellow-cluster-status.html), if the above solution was unable to resolve your issue. +## Start/Stop LME: + ### Re-Indexing Errors For errors encountered when re-indexing existing data as part of an an LME version upgrade please review the Elastic re-indexing documentation for help, available [here](https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-reindex.html). @@ -265,7 +242,6 @@ If you are on Windows 2016 or higher and are getting error code 2150859027, or m * ### Start/Stop LME: -LME currently runs using the docker stack deployment architecture. To Stop LME: ``` @@ -290,67 +266,13 @@ sudo curl -X POST "https://127.0.0.1:9200/_security/user/elastic/_password" -H " { "password" : "newpassword" }' --cacert /opt/lme/Chapter\ 3\ Files/certs/root-ca.crt -u elastic:currentpassword +>>>>>>> release-2.0.0 ``` -Replace 'currentpassword' with your current password and 'newpassword' with the password you would like to change it to. - -Utilize environment variables in place of currentpassword and newpassword to avoid saving your password to console history. If not we recommend you clear your history after changing the password with ```history -c``` - -## Index Management - -If you are having issues with your hard disk filling up too fast you can use these steps to delete logs earlier than your current settings. - -1. **Log in to Elastic** - - Access the Elastic platform and log in with your credentials. - -2. **Navigate to Management Section** - - In the main menu, scroll down to "Management." - -3. **Access Stack Management** - - Within the Management section, select "Stack Management." - -4. **Select Index Lifecycle Policies** - - In Stack Management, find and choose "Index Lifecycle Policies." +## Issues installing Elastic Agent -5. **Choose the Relevant ILM Policy** - - From the list, select `lme_ilm_policy` for editing. +If you have the error "Elastic Agent is installed but broken" when trying to install the elastic agent add the following flag to your install command: -6. **Adjust the Hot Phase Settings** - - Navigate to the 'Hot Phase' section. - - Expand 'Advanced settings'. - - Uncheck "Use recommended defaults." - - Change the "Maximum age" setting to match your desired delete phase duration. - - > **Note:** Aligning the maximum age in the hot phase with the delete phase ensures consistency in data retention. - -7. **Adjust the Delete Phase Settings** - - Scroll to the 'Delete Phase' section. - - Find and adjust the "Move data into phase when:" setting. - - Ensure the delete phase duration matches the maximum age set in the hot phase. - - > **Note:** This setting determines the deletion timing of your logs. Ensure to back up necessary data before changes. - -8. **Save Changes** - - Save the adjustments you've made. - -9. **Verify the Changes** - - Review and ensure that the changes are functioning as intended. Indices may not delete immediately - allow time for job to run. - -10. **Document the Changes** - - Record the modifications for future reference. - -You can also manually delete an index from the GUI under Management > Index Managment or by using the following command: - -``` -curl -X DELETE "https://127.0.0.1:9200/your_index_name" -H "Content-Type: application/json" --cacert /opt/lme/Chapter\ 3\ Files/certs/root-ca.crt -u elastic:yourpassword ``` -> **Note:** Ensure this is not your current winlogbeat index in use. You should only delete indices that have already rolled over. i.e. if you have index winlogbeat-00001 and winlogbeat-00002 do NOT delete winlogbeat-00002. - -If you only have one index you can manually force a rollover with the following command: - +--force ``` -curl -X POST "https://127.0.0.1:9200/winlogbeat-alias/_rollover" -H "Content-Type: application/json" --cacert /opt/lme/Chapter\ 3\ Files/certs/root-ca.crt -u elastic:yourpassword -``` - -This will rollover winlogbeat-00001 and create winlogbeat-00002. You can now manually delete 00001. - diff --git a/quadlet/lme-backups.volume b/quadlet/lme-backups.volume new file mode 100644 index 00000000..f95a28db --- /dev/null +++ b/quadlet/lme-backups.volume @@ -0,0 +1,12 @@ +[Unit] +PartOf=lme.service +After=lme.service + +[Service] + + +[Volume] +VolumeName=lme_backups +User=165536 +Group=165536 +Driver=local diff --git a/quadlet/lme-elastalert.container b/quadlet/lme-elastalert.container new file mode 100644 index 00000000..98309f7f --- /dev/null +++ b/quadlet/lme-elastalert.container @@ -0,0 +1,32 @@ +# lme-elastalert.container +[Unit] +Description=Elastalert Service +After=lme-elasticsearch.service +Requires=lme-elasticsearch.service +PartOf=lme.service + +[Service] +Restart=always +LimitNOFILE=655360 +Environment=ANSIBLE_VAULT_PASSWORD_FILE=/etc/lme/pass.sh + +[Install] +WantedBy=default.target lme.service + +[Container] +ContainerName=lme-elastalert2 +Environment=ES_HOST=lme-elasticsearch ES_PORT=9200 ES_USERNAME=elastic +EnvironmentFile=/opt/lme/lme-environment.env +Secret=elastic,type=env,target=ES_PASSWORD +HostName=elastalert2 +Image=localhost/elastalert2:LME_LATEST +Network=lme +PodmanArgs=--network-alias lme-elastalert2 +Volume=lme_elastalert2_logs:/opt/elastalert/logs +Volume=/opt/lme/config/elastalert2/rules:/opt/elastalert/rules:ro +Volume=/opt/lme/config/elastalert2/config.yaml:/opt/elastalert/config.yaml:ro +Volume=lme_certs:/etc/wazuh-manager/certs:ro +Volume=/etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro +UserNS=auto:uidmapping=0:177728:3048,gidmapping=0:177728:3048 +#TODO: add a health check command +#HealthCmd=CMD-SHELL curl -I -s --cacert config/certs/ca/ca.crt https://localhost:5601 | grep -q 'HTTP/1.1 302 Found' diff --git a/quadlet/lme-elasticsearch.container b/quadlet/lme-elasticsearch.container index fad3e8bb..a4bd8330 100644 --- a/quadlet/lme-elasticsearch.container +++ b/quadlet/lme-elasticsearch.container @@ -27,6 +27,8 @@ PublishPort=9200:9200 Ulimit=memlock=-1:-1 Volume=lme_certs:/usr/share/elasticsearch/config/certs Volume=lme_esdata01:/usr/share/elasticsearch/data +Volume=lme_backups:/usr/share/elasticsearch/backups +Volume=/opt/lme/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro Notify=healthy HealthCmd=CMD-SHELL curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials' User=elasticsearch diff --git a/quadlet/lme-fleet-server.container b/quadlet/lme-fleet-server.container index 654385e1..c4a18833 100644 --- a/quadlet/lme-fleet-server.container +++ b/quadlet/lme-fleet-server.container @@ -1,7 +1,7 @@ # lme-fleet-server.container -[Unit] +[Unit] Description=Fleet Container Service -Requires=lme-elasticsearch.service +Requires=lme-elasticsearch.service After=lme-elasticsearch.service lme-kibana.service PartOf=lme.service @@ -14,7 +14,7 @@ WantedBy=default.target lme.service [Container] ContainerName=lme-fleet-server -Environment=FLEET_ENROLL=1 FLEET_SERVER_POLICY_ID=fleet-server-policy FLEET_SERVER_ENABLE=1 KIBANA_FLEET_SETUP=1 KIBANA_HOST=https://lme-kibana:5601 FLEET_URL=https://lme-fleet-server:8220 FLEET_SERVER_ELASTICSEARCH_HOST=https://lme-elasticsearch:9200 FLEET_CA=/certs/ca/ca.crt FLEET_SERVER_CERT=/certs/fleet-server/fleet-server.crt FLEET_SERVER_CERT_KEY=/certs/fleet-server/fleet-server.key FLEET_SERVER_ELASTICSEARCH_CA=/certs/ca/ca.crt KIBANA_FLEET_CA=/certs/ca/ca.crt NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-certificates.crt +Environment=FLEET_ENROLL=1 FLEET_SERVER_POLICY_ID=fleet-server-policy FLEET_SERVER_ENABLE=1 KIBANA_FLEET_SETUP=1 KIBANA_HOST=https://lme-kibana:5601 FLEET_URL=https://lme-fleet-server:8220 FLEET_SERVER_ELASTICSEARCH_HOST=https://lme-elasticsearch:9200 FLEET_CA=/certs/ca/ca.crt FLEET_SERVER_CERT=/certs/fleet-server/fleet-server.crt FLEET_SERVER_CERT_KEY=/certs/fleet-server/fleet-server.key FLEET_SERVER_ELASTICSEARCH_CA=/certs/ca/ca.crt KIBANA_FLEET_CA=/certs/ca/ca.crt NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-certificates.crt EnvironmentFile=/opt/lme/lme-environment.env Secret=elastic,type=env,target=KIBANA_FLEET_PASSWORD Image=localhost/elastic-agent:LME_LATEST @@ -25,5 +25,5 @@ PublishPort=8220:8220 Volume=lme_certs:/certs:ro Volume=lme_fleet_data:/usr/share/elastic-agent UserNS=auto:uidmapping=0:171632:3048,gidmapping=0:171632:3048 -#TODO: add a healthcheck -#HealthCmd=CMD-SHELL curl -I -s --cacert config/certs/ca/ca.crt https://localhost:5601 | grep -q 'HTTP/1.1 302 Found' +HealthCmd=CMD-SHELL curl -s --cacert /certs/ca/ca.crt https://localhost:8220/api/status | grep '"status":"HEALTHY"' +Notify=healthy diff --git a/quadlet/lme-wazuh-manager.container b/quadlet/lme-wazuh-manager.container index b03d5ce0..22671290 100644 --- a/quadlet/lme-wazuh-manager.container +++ b/quadlet/lme-wazuh-manager.container @@ -23,7 +23,7 @@ Secret=elastic,type=env,target=INDEXER_PASSWORD HostName=wazuh-manager Image=localhost/wazuh-manager:LME_LATEST Network=lme -PodmanArgs=--network-alias lme-wazuh-manager +PodmanArgs=--network-alias lme-wazuh-manager --health-interval=30s --health-timeout=10s --health-retries=5 --health-start-period=120s PublishPort=1514:1514 PublishPort=1515:1515 PublishPort=514:514/udp @@ -47,6 +47,6 @@ Volume=/opt/lme/config/wazuh_cluster/wazuh_manager.conf:/wazuh-config-mount/etc/ Volume=lme_certs:/etc/wazuh-manager/certs:ro Volume=/etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro UserNS=auto:uidmapping=0:174680:3048,gidmapping=0:174680:3048 -#TODO: add a health check command -#HealthCmd=CMD-SHELL curl -I -s --cacert config/certs/ca/ca.crt https://localhost:5601 | grep -q 'HTTP/1.1 302 Found' +HealthCmd=CMD-SHELL curl -k -s -o /dev/null -w "%{http_code}" https://localhost:55000 | grep 401 +Notify=healhy From 31039b651f59c47613814009e76c55d4ca41036a Mon Sep 17 00:00:00 2001 From: Clint Baxley Date: Thu, 24 Oct 2024 12:07:04 -0400 Subject: [PATCH 14/19] Make the pipeline use the post install script (#481) merging post install into the pipeline --- testing/v2/installers/install_v2/install.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/testing/v2/installers/install_v2/install.sh b/testing/v2/installers/install_v2/install.sh index d8183c03..abda85b4 100755 --- a/testing/v2/installers/install_v2/install.sh +++ b/testing/v2/installers/install_v2/install.sh @@ -94,8 +94,11 @@ fi echo "Running check-fleet script" ssh -o StrictHostKeyChecking=no $user@$hostname "sudo -E bash -c 'source /opt/lme/lme-environment.env && su $user -c \". ~/.bashrc && cd ~/LME && ./testing/v2/installers/lib/check_fleet.sh\"'" -echo "Running set-fleet script" -ssh -o StrictHostKeyChecking=no $user@$hostname "sudo -E bash -c 'cd ~/LME/ansible && ansible-playbook set_fleet.yml -e \"debug_mode=true\"'" +#echo "Running set-fleet script" +#ssh -o StrictHostKeyChecking=no $user@$hostname "sudo -E bash -c 'cd ~/LME/ansible && ansible-playbook set_fleet.yml -e \"debug_mode=true\"'" + +echo "Running post install script" +ssh -o StrictHostKeyChecking=no $user@$hostname "sudo -E bash -c 'cd ~/LME/ansible && ansible-playbook post_install_local.yml -e \"debug_mode=true\"'" echo "Installation and configuration completed successfully." From 4339de8e867e71d491e0862b8819c28172d0f8e2 Mon Sep 17 00:00:00 2001 From: ddiabe <133152385+ddiabe@users.noreply.github.com> Date: Fri, 25 Oct 2024 08:20:44 -0400 Subject: [PATCH 15/19] Ddiabe refactored dashboards 2.0 (#486) * folder for refactored dashboards to be filled in * Added clause on MANAGER_IP in README * Command to check linux wazuh agent error * Refactored User Security * refactored dashboards * changes to dashboard panel --------- Co-authored-by: Brown Co-authored-by: Diabe Co-authored-by: Clint Baxley --- README.md | 10 + dashboard_refactor/export_dashboards.py | 171 ++++++++++++++++++ .../needs_refactoring/Readme.md | 64 +++++++ .../alerting_dashboard.ndjson | 18 ++ .../computer_software_overview.ndjson | 12 ++ .../credential_access_logs_dashboard.ndjson | 5 + .../healthcheck_dashboard_overview.ndjson | 9 + .../identity_access_management.ndjson | 7 + .../policy_changes_and_system_activity.ndjson | 11 ++ .../privileged_activity_log_dashboards.ndjson | 7 + .../needs_refactoring/process_explorer.ndjson | 10 + .../security_dashboard_security_log.ndjson | 27 +++ .../needs_refactoring/sysmon_summary.ndjson | 11 ++ .../needs_refactoring/user_hr.ndjson | 10 + .../user_security_logs_test.ndjson | 39 ++++ .../refactored/Alerting Dashboard 2.0.ndjson | 22 +++ .../Computer Software Overview 2.0.ndjson | 14 ++ ...redential Access Logs Dashboard 2.0.ndjson | 20 ++ .../HealthCheck Dashboard 2.0.ndjson | 11 ++ .../Identity Access Managment 2.0.ndjson | 9 + ...icy Changes and System Activity 2.0.ndjson | 14 ++ ...vileged Activity Log Dashboards 2.0.ndjson | 9 + .../refactored/Process Explorer 2.0.ndjson | 12 ++ ...curity Dashboard -Security Logs 2.0.ndjson | 28 +++ .../refactored/Sysmon Summary 2.0.ndjson | 11 ++ .../refactored/User HR 2.0.ndjson | 14 ++ .../refactored/User Security 2.0.ndjson | 43 +++++ dashboard_refactor/requirements.txt | 2 + 28 files changed, 620 insertions(+) create mode 100644 dashboard_refactor/export_dashboards.py create mode 100644 dashboard_refactor/needs_refactoring/Readme.md create mode 100644 dashboard_refactor/needs_refactoring/alerting_dashboard.ndjson create mode 100644 dashboard_refactor/needs_refactoring/computer_software_overview.ndjson create mode 100644 dashboard_refactor/needs_refactoring/credential_access_logs_dashboard.ndjson create mode 100644 dashboard_refactor/needs_refactoring/healthcheck_dashboard_overview.ndjson create mode 100644 dashboard_refactor/needs_refactoring/identity_access_management.ndjson create mode 100644 dashboard_refactor/needs_refactoring/policy_changes_and_system_activity.ndjson create mode 100644 dashboard_refactor/needs_refactoring/privileged_activity_log_dashboards.ndjson create mode 100644 dashboard_refactor/needs_refactoring/process_explorer.ndjson create mode 100644 dashboard_refactor/needs_refactoring/security_dashboard_security_log.ndjson create mode 100644 dashboard_refactor/needs_refactoring/sysmon_summary.ndjson create mode 100644 dashboard_refactor/needs_refactoring/user_hr.ndjson create mode 100644 dashboard_refactor/needs_refactoring/user_security_logs_test.ndjson create mode 100644 dashboard_refactor/refactored/Alerting Dashboard 2.0.ndjson create mode 100644 dashboard_refactor/refactored/Computer Software Overview 2.0.ndjson create mode 100644 dashboard_refactor/refactored/Credential Access Logs Dashboard 2.0.ndjson create mode 100644 dashboard_refactor/refactored/HealthCheck Dashboard 2.0.ndjson create mode 100644 dashboard_refactor/refactored/Identity Access Managment 2.0.ndjson create mode 100644 dashboard_refactor/refactored/Policy Changes and System Activity 2.0.ndjson create mode 100644 dashboard_refactor/refactored/Privileged Activity Log Dashboards 2.0.ndjson create mode 100644 dashboard_refactor/refactored/Process Explorer 2.0.ndjson create mode 100644 dashboard_refactor/refactored/Security Dashboard -Security Logs 2.0.ndjson create mode 100644 dashboard_refactor/refactored/Sysmon Summary 2.0.ndjson create mode 100644 dashboard_refactor/refactored/User HR 2.0.ndjson create mode 100644 dashboard_refactor/refactored/User Security 2.0.ndjson create mode 100644 dashboard_refactor/requirements.txt diff --git a/README.md b/README.md index 7476adeb..6cfa1a6c 100644 --- a/README.md +++ b/README.md @@ -336,10 +336,20 @@ root@ubuntu:~# ls -al /opt/lme/dashboards/wazuh/INSTALLED -rw-r--r-- 1 root root 0 Oct 21 19:01 /opt/lme/dashboards/wazuh/INSTALLED ``` + +If your linux wazuh agent doesn't start check the error with + +systemctl status wazuh-agent.service + +If the Wazuh agent did not start becasue the "MANAGER_IP" is invalid, set it to the same IP address as your wazuh manager. Or edit the server address manually at /var/ossec/etc/ossec.conf. + + +### Deploy Wazuh Agent On client Machine (Windows) ## Deploying Agents: We have seperate guides on deploying Wazuh and Elastic in seperate docs, please see links below: Eventually these steps will be more automated in a future release. + ##### - [Deploy Wazuh Agent](/docs/markdown/agents/wazuh-agent-mangement.md) ##### - [Deploying Elastic-Agent](/docs/markdown/agents/elastic-agent-mangement.md) diff --git a/dashboard_refactor/export_dashboards.py b/dashboard_refactor/export_dashboards.py new file mode 100644 index 00000000..0c98119f --- /dev/null +++ b/dashboard_refactor/export_dashboards.py @@ -0,0 +1,171 @@ +#!/usr/bin/env python3 +import argparse +import base64 +import json +import os +import re +import requests +from pathlib import Path +from urllib3.exceptions import InsecureRequestWarning + +# Suppress the InsecureRequestWarning (We are using a self-signed cert) +requests.packages.urllib3.disable_warnings(InsecureRequestWarning) + +ALL = 'all' + + +class Api: + def __init__(self, args): + self.ids = None + self.basic_auth = self.get_basic_auth(args.user, args.password) + self.root_url = f'https://{args.host}:{args.port}' + + def export_dashboards(self): + self.set_ids() + self.export_selected_dashboard(self.select_dashboard()) + + @staticmethod + def get_basic_auth(username, password): + return base64.b64encode(f"{username}:{password}".encode()).decode() + + def get_ids(self): + url = f'{self.root_url}/api/kibana/management/saved_objects/_find?perPage=500&page=1&type=dashboard&sortField=updated_at&sortOrder=desc' + + try: + response = requests.get(url, headers={'Authorization': f'Basic {self.basic_auth}'}, verify=False) + + if response.status_code == 200: + data = response.json() + #ids = {item['id']: item['meta']['title'] for item in data.get('saved_objects', [])} + #return ids + ids = { + item['id']: item['meta']['title'] + for item in data.get('saved_objects', []) + if '[' not in item['meta']['title'] and ']' not in item['meta']['title'] + } + return ids + else: + print(f"HTTP request failed with status code: {response.status_code}") + print(response.text) + return {} + except Exception as e: + print(f"An error occurred: {str(e)}") + return {} + + def set_ids(self, ids=None): + if ids is None: + ids = self.get_ids() + self.ids = ids + + def select_dashboard(self): + print("Please select a dashboard ID:") + item = 1 + choices = {} + + # Iterate through ids and display them with corresponding numbers + for this_id, title in self.ids.items(): + print(item, this_id, title) + choices[item] = this_id + item += 1 + + if item == 1: + print("I could not find any dashboards") + return + + choices[item] = ALL + print(item, "Select all dashboards") + + # Ask the user to select a number + while True: + try: + choice = int(input("Select a number: ")) + if choice in choices: + selected_id = choices[choice] + if selected_id == ALL: + return ALL # Return 'all' if the user selects all dashboards + else: + return selected_id # Return the selected dashboard ID + else: + print("Invalid choice. Please select a valid number.") + except ValueError: + print("Invalid input. Please enter a number.") + + def export_selected_dashboard(self, selected_dashboard): + if selected_dashboard == ALL: + print("You selected to export all dashboards") + self.dump_all_dashboards() + else: + print(f"You selected dashboard ID: {selected_dashboard}") + self.dump_dashboard(selected_dashboard) + + def dump_dashboard(self, selected_id): + print(f"Dumping dashboard: {selected_id}: {self.ids[selected_id]}...") + # Dumping dashboard: e5f203f0-6182-11ee-b035-d5f231e90733: User Security + + dashboard_json = self.get_dashboard_json(selected_id) + + if dashboard_json is not None: + script_dir = os.path.dirname(os.path.abspath(__file__)) + export_path = Path(script_dir) / 'exported' + os.makedirs(export_path, exist_ok=True) + + filename = re.sub(r"\W+", "_", self.ids[selected_id].lower()) + ".dumped.ndjson" + + print(f"Writing to file {filename}") + export_path = export_path / filename + + Api.write_to_file(export_path, dashboard_json) + return + + print("There was a problem dumping the dashboard") + + def dump_all_dashboards(self): + for this_id in self.ids: + self.dump_dashboard(this_id) + + def get_dashboard_json(self, selected_id): + url = f'{self.root_url}/api/saved_objects/_export' + data = { + "objects": [{"id": selected_id, "type": "dashboard"}], + "includeReferencesDeep": True + } + headers = { + "kbn-xsrf": "true", + 'Authorization': f'Basic {self.basic_auth}' + } + try: + response = requests.post(url, headers=headers, json=data, verify=False) + + if response.status_code == 200: + return response.text + else: + print(f"HTTP request failed with status code: {response.status_code}") + print(response.text) + return None + + except Exception as e: + print(f"An error occurred: {str(e)}") + return None + + @staticmethod + def write_to_file(filename, content): + with open(filename, 'wb') as file: + file.write(content.encode('utf-8')) + + +def main(): + # Define command-line arguments with defaults + parser = argparse.ArgumentParser(description='Retrieve IDs from Elasticsearch') + parser.add_argument('-u', '--user', required=True, help='Elasticsearch username') + parser.add_argument('-p', '--password', required=True, help='Elasticsearch password') + parser.add_argument('--host', default='localhost', help='Elasticsearch host (default: localhost)') + parser.add_argument('--port', default='443', help='Elasticsearch port (default: 443)') + args = parser.parse_args() + + api = Api(args) + + api.export_dashboards() + + +if __name__ == '__main__': + main() diff --git a/dashboard_refactor/needs_refactoring/Readme.md b/dashboard_refactor/needs_refactoring/Readme.md new file mode 100644 index 00000000..afdcc412 --- /dev/null +++ b/dashboard_refactor/needs_refactoring/Readme.md @@ -0,0 +1,64 @@ +# Folder for all the dashboards + + +## How to update dashboards +To update the dashboards, run the following command from the Linux server: +``` +sudo /opt/lme/dashboard_update.sh +``` + +Note that there is also a `dashboard_update.sh` script within the Chapter 3 Files folder. That is a generic version of the script that is used to contruct the `dashboard_update.sh` script inside the /opt/lme folder. The version inside the Chapter 3 Files folder does **not** have the information needed to update the dashboards. Only the version inside the /opt/lme folder, which is customized to your specific installation of LME, should be run. + +### Updating to new dashboards and removing old ones (Starting with 1.1.0) +Browse to `Kibana->Stack Management` then select `Saved Objects`. +On the Saved Objects page, you can filter by dashboards. + +Select the filter `Type` and select `dashboard`. + +* It is suggested that you export the dashboards first (readme below) so you have a backup. +You can delete all of the dashboards before importing the new ones. + +After having backed up the dashboards and deleting them, you can then run +`dashboard_update.sh` in the `/opt/lme` directory. + + +### Exporting dashboards: +It is recommended that you export your dashboards before updating them, especially if you have customized them or created new ones. +To export the dashboards use the `export_dashboards.py` file in the Chapter 4 directory. +It is easiest to export them from the ubuntu machine where you have installed the ELK stack because the +default port and hostname are in the script. You will need the user and password for elastic that were printed +on your initial install. + +##### The files will be exported to `Chapter 4 Files/exported` + +#### Running on Ubuntu +Change to the `Chapter 4 Files` directory and run: +``` +./export_dashboards.py -u elastic -p YOURUNIQUEPASS +``` +The modules should already be installed on Ubuntu, but If the script complains about missing modules: +``` +pip install -r requirements.txt +``` + +#### Running on Windows +You must have python and the modules installed. (You can install python 3 from the Microsoft Store) Then make +sure you are in the `Chapter 4 Files` directory and install the requirements. +``` +pip install -r requirements.txt +``` + +You will probably have to pass the host that you connect to for kibana when running on windows. +``` +python .\export_dashboards.py -u elastic -p YOURUNIQUEPASS --host x.x.x.x +``` + +## Customizing dashboards: +When customizing dashboards keep in mind to be sure the name of the file does not conflict with one on git. In future iterations of LME, updates will overwrite any dashboard file that you have customized or named the same as an original file that appears in this directory. + +In addition, any other dashboards you want to save in git and track in this repository can maintained safely (assuming the new files do not overlap in name with any original file in LME) by doing the following: + 1. Creating your own local branch in this LME repo + 2. Commiting any changes + 3. pulling in changes from `main` to your local repo + + diff --git a/dashboard_refactor/needs_refactoring/alerting_dashboard.ndjson b/dashboard_refactor/needs_refactoring/alerting_dashboard.ndjson new file mode 100644 index 00000000..65049038 --- /dev/null +++ b/dashboard_refactor/needs_refactoring/alerting_dashboard.ndjson @@ -0,0 +1,18 @@ +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n| [ Credential Access logs](#/dashboard/403259b0-42ff-11ef-ad69-a315bc8e9abb)\\n| [ Privilege Access logs](#/dashboard/ff4536e0-439c-11ef-bb7f-8131442929d4)\\n| [ Policy Changes & System Activity](#/dashboard/b9590350-4ad6-11ef-b548-fb0fe2537bf7)\\n| [ Identity access Management](#/dashboard/99145260-4618-11ef-af9e-99159f20f35b)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T12:04:55.244Z","version":"WzMwMSwxXQ=="} +{"attributes":{"fieldAttrs":"{}","fieldFormatMap":"{\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable.text\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name.text\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","runtimeFieldMap":"{\"Column1\":{\"type\":\"keyword\",\"script\":{\"source\":\"if(doc['signal.status'].size() != 0) { if(doc['signal.status'].value.equals(\\\"open\\\")) { if(doc['event.code'].size() != 0) { if(doc['event.code'].value.equals(Integer.toString(1))) { if (doc['process.pid'].size() != 0) { emit (doc['process.pid'].value.toString()) } } else if(doc['event.code'].value.equals(Integer.toString(3))) { if (doc['destination.address'].size() != 0) { emit (doc['destination.address'].value.toString()) } } } emit (\\\"No Data\\\") } } emit (\\\"Signal Closed\\\")\"}},\"Column2\":{\"type\":\"keyword\",\"script\":{\"source\":\"if(doc['signal.status'].size() != 0) { if(doc['signal.status'].value.equals(\\\"open\\\")) { if(doc['event.code'].size() != 0) { if(doc['event.code'].value.equals(Integer.toString(1))) { def args = \\\"\\\"; if (doc['process.args'].size() != 0) { for(int i=0; i winlog.computer_name:(\\\\S+) > .*\\\").legend(position=ne)\",\"interval\":\"auto\"},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:14.768Z","id":"e48bf6f0-e90f-11e9-9070-f78ae052729a","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:14.768Z","version":"WzIyNywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_security_4625_failed_logon_types_label","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_security_4625_failed_logon_types_label\",\"type\":\"markdown\",\"params\":{\"markdown\":\"|Logon Type|Logon Title|Description|\\n| :-: | :- | :- |\\n| 2 | Interactive | A user logged on to this computer. |\\n| 3 | Network | A user or computer logged on to this computer from the network. |\\n| 4 | Batch | Batch logon type is used by batch servers, where processes may be executing on behalf of a user without their direct intervention. |\\n| 5 | Service | A service was started by the Service Control Manager. |\\n| 7 | Unlock | This workstation was unlocked. |\\n| 8 | NetworkCleartext | A user logged on to this computer from the network. The user's password was passed to the authentication package in its unhashed form. The built-in authentication packages all hash credentials before sending them across the network. The credentials do not traverse the network in plaintext (also called cleartext). |\\n| 9 | NewCredentials | A caller cloned its current token and specified new credentials for outbound connections. The new logon session has the same local identity, but uses different credentials for other network connections. |\\n| 10 | RemoteInteractive | A user logged on to this computer remotely using Terminal Services or Remote Desktop. |\\n| 11 | CachedInteractive | A user logged on to this computer with network credentials that were stored locally on the computer. The domain controller was not contacted to verify the credentials. |\\n\\nFor more information see *https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4625*\",\"openLinksInNewTab\":false,\"fontSize\":10},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:14.768Z","id":"846ca470-e9ac-11e9-92c4-d918939a618e","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:14.768Z","version":"WzIyOCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_4625_failed_logon_status_codes_pie","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"vis_sd_security_4625_failed_logon_status_codes_pie\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.LogonType\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.Status\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"segment\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.SubStatus\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:14.768Z","id":"43ef93b0-e9a9-11e9-92c4-d918939a618e","managed":false,"references":[{"id":"0b549610-e902-11e9-9070-f78ae052729a","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:14.768Z","version":"WzIyOSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_security_4625_failed_logon_status_label","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_security_4625_failed_logon_status_label\",\"type\":\"markdown\",\"params\":{\"markdown\":\"| Code | Description |\\n| :- | :- |\\n| 0XC000005E | There are currently no logon servers available to service the logon request. |\\n| 0xC0000064 | User logon with misspelled or bad user account |\\n| 0xC000006A | User logon with misspelled or bad password |\\n| 0XC000006D | This is either due to a bad username or authentication information |\\n| 0XC000006E | Unknown user name or bad password. |\\n| 0xC000006F | User logon outside authorized hours |\\n| 0xC0000070 | User logon from unauthorized workstation |\\n| 0xC0000071 | User logon with expired password |\\n| 0xC0000072 | User logon to account disabled by administrator |\\n| 0XC00000DC | Indicates the Sam Server was in the wrong state to perform the desired operation. |\\n| 0XC0000133 | Clocks between DC and other computer too far out of sync |\\n| 0XC000015B | The user has not been granted the requested logon type (aka logon right) at this machine |\\n| 0XC000018C | The logon request failed because the trust relationship between the primary domain and the trusted domain failed. |\\n| 0XC0000192 | An attempt was made to logon, but the Netlogon service was not started. |\\n| 0xC0000193 | User logon with expired account |\\n| 0XC0000224 | User is required to change password at next logon |\\n| 0XC0000225 | Evidently a bug in Windows and not a risk |\\n| 0xC0000234 | User logon with account locked |\\n| 0XC00002EE | Failure Reason: An Error occurred during Logon |\\n| 0XC0000413 | Logon Failure: The machine you are logging onto is protected by an authentication firewall. The specified account is not allowed to authenticate to the machine. |\\n| 0x0 | Status OK. |\\n\\nFor more information see *https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4625*\",\"openLinksInNewTab\":false,\"fontSize\":10},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:14.768Z","id":"3690c770-e9ae-11e9-92c4-d918939a618e","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:14.768Z","version":"WzIzMCwxXQ=="} +{"attributes":{"columns":["host.name","winlog.event_data.SubjectUserName","winlog.event_data.TargetUserName","winlog.event_data.TargetServerName","winlog.event_data.SubjectDomainName","winlog.event_data.TargetDomainName","winlog.event_data.ProcessId","winlog.event_data.ProcessName"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.channel:Security and winlog.event_id:4648 \",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"custom\",\"disabled\":false,\"negate\":false,\"alias\":null,\"key\":\"query\",\"value\":\"{\\\"bool\\\":{\\\"must\\\":[{\\\"script\\\":{\\\"script\\\":\\\"doc['winlog.event_data.SubjectUserName'].value != doc['winlog.event_data.TargetUserName'].value\\\"}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"must\":[{\"script\":{\"script\":\"doc['winlog.event_data.SubjectUserName'].value != doc['winlog.event_data.TargetUserName'].value\"}}]}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"alias\":null,\"negate\":true,\"disabled\":false,\"type\":\"phrase\",\"key\":\"winlog.event_data.TargetDomainName\",\"params\":{\"query\":\"Window Manager\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"winlog.event_data.TargetDomainName\":\"Window Manager\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"alias\":null,\"negate\":true,\"disabled\":false,\"type\":\"phrase\",\"key\":\"winlog.event_data.TargetDomainName\",\"params\":{\"query\":\"Font Driver Host\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"winlog.event_data.TargetDomainName\":\"Font Driver Host\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"timeRestore":false,"title":"srch_sd_security_4648_logon_explicit_creds_running_as_different_user","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:14.768Z","id":"103ccef0-ea73-11e9-be68-7f08998695a8","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:14.768Z","version":"WzIzMSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_logs_computernames_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Logged events\"}},{\"id\":\"2\",\"enabled\":false,\"type\":\"filters\",\"schema\":\"bucket\",\"params\":{\"filters\":[{\"input\":{\"query\":\"winlog.event_id : 4624\",\"language\":\"kuery\"},\"label\":\"EventID 4624\"}]}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1000,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Computername\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{},\"params\":{},\"aggType\":\"filters\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"vis_sd_security_logs_computernames_datatable\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:14.768Z","id":"1c4214a0-f0cf-11e9-a5fc-65ed253cef03","managed":false,"references":[{"id":"e30872f0-e698-11e9-8be5-cd86dcca33f3","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:14.768Z","version":"WzIzMiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n| [ Credential Access logs](#/dashboard/403259b0-42ff-11ef-ad69-a315bc8e9abb)\\n| [ Privilege Access logs](#/dashboard/ff4536e0-439c-11ef-bb7f-8131442929d4)\\n| [ Policy Changes & System Activity](#/dashboard/b9590350-4ad6-11ef-b548-fb0fe2537bf7)\\n| [ Identity access Management](#/dashboard/99145260-4618-11ef-af9e-99159f20f35b)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T12:04:55.244Z","version":"WzMwMSwxXQ=="} +{"attributes":{"description":"Security log related events","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":24,\"h\":15,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security logs events\",\"panelRefName\":\"panel_1\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":134,\"w\":48,\"h\":17,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - Process creation - event ID 4688\",\"panelRefName\":\"panel_2\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":109,\"w\":48,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Log Cleared - event ID 1102 or 104\",\"panelRefName\":\"panel_3\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":151,\"w\":48,\"h\":18,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - Logon created - Logon type 2\",\"panelRefName\":\"panel_6\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":3,\"w\":24,\"h\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Select a computer to filter the below results. Leave blank for all\",\"panelRefName\":\"panel_7\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":169,\"w\":48,\"h\":15,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - network logon created - Logon type 3\",\"panelRefName\":\"panel_8\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":117,\"w\":48,\"h\":17,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log events - Detail\",\"panelRefName\":\"panel_9\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":184,\"w\":48,\"h\":17,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - logon as a service - Logon type 5\",\"panelRefName\":\"panel_10\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":201,\"w\":48,\"h\":15,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - Credential sent as clear text - Logon type 8\",\"panelRefName\":\"panel_11\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":18,\"w\":24,\"h\":15,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed logon attempts\",\"panelRefName\":\"panel_15\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":216,\"w\":48,\"h\":18,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - Logons with special privileges assigned - event ID 4672\",\"panelRefName\":\"panel_19\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":18,\"w\":24,\"h\":15,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Computers showing failed login attempts - 10 maximum shown\",\"panelRefName\":\"panel_20\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":33,\"w\":48,\"h\":18,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed logon type codes\",\"panelRefName\":\"panel_21\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":51,\"w\":48,\"h\":16,\"i\":\"22\"},\"panelIndex\":\"22\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed logon and reason (status code)\",\"panelRefName\":\"panel_22\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":83,\"w\":48,\"h\":26,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed logon status codes\",\"panelRefName\":\"panel_23\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":234,\"w\":48,\"h\":15,\"i\":\"28\"},\"panelIndex\":\"28\",\"embeddableConfig\":{\"enhancements\":{},\"sort\":[]},\"title\":\"Security log - Process started with different credentials- event ID 4648 [could be RUNAS, scheduled tasks]\",\"panelRefName\":\"panel_28\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":11,\"w\":24,\"h\":7,\"i\":\"30\"},\"panelIndex\":\"30\",\"embeddableConfig\":{\"enhancements\":{},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"title\":\"Select a computername to filter\",\"panelRefName\":\"panel_30\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"b71dba65-ed1c-4917-9fc7-54923511ad2d\"},\"panelIndex\":\"b71dba65-ed1c-4917-9fc7-54923511ad2d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b71dba65-ed1c-4917-9fc7-54923511ad2d\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":67,\"w\":48,\"h\":16,\"i\":\"96010259-5ae8-4632-bcce-34078573b1cd\"},\"panelIndex\":\"96010259-5ae8-4632-bcce-34078573b1cd\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed Logons\",\"panelRefName\":\"panel_96010259-5ae8-4632-bcce-34078573b1cd\"}]","timeRestore":false,"title":"Security Dashboard - Security Log","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:14.768Z","id":"51186cd0-e8e9-11e9-9070-f78ae052729a","managed":false,"references":[{"id":"e5245110-e8e8-11e9-9070-f78ae052729a","name":"1:panel_1","type":"visualization"},{"id":"781b09e0-e8ea-11e9-9070-f78ae052729a","name":"2:panel_2","type":"search"},{"id":"8c100710-e8eb-11e9-9070-f78ae052729a","name":"3:panel_3","type":"search"},{"id":"0222a210-e8f0-11e9-9070-f78ae052729a","name":"6:panel_6","type":"visualization"},{"id":"5c6f40d0-e8f4-11e9-9070-f78ae052729a","name":"7:panel_7","type":"visualization"},{"id":"666027c0-e8f5-11e9-9070-f78ae052729a","name":"8:panel_8","type":"visualization"},{"id":"e30872f0-e698-11e9-8be5-cd86dcca33f3","name":"9:panel_9","type":"search"},{"id":"d99cb4d0-e8f8-11e9-9070-f78ae052729a","name":"10:panel_10","type":"visualization"},{"id":"80125e30-e900-11e9-9070-f78ae052729a","name":"11:panel_11","type":"visualization"},{"id":"fefc2830-e904-11e9-9070-f78ae052729a","name":"15:panel_15","type":"visualization"},{"id":"379f1cb0-e90a-11e9-9070-f78ae052729a","name":"19:panel_19","type":"visualization"},{"id":"e48bf6f0-e90f-11e9-9070-f78ae052729a","name":"20:panel_20","type":"visualization"},{"id":"846ca470-e9ac-11e9-92c4-d918939a618e","name":"21:panel_21","type":"visualization"},{"id":"43ef93b0-e9a9-11e9-92c4-d918939a618e","name":"22:panel_22","type":"visualization"},{"id":"3690c770-e9ae-11e9-92c4-d918939a618e","name":"23:panel_23","type":"visualization"},{"id":"103ccef0-ea73-11e9-be68-7f08998695a8","name":"28:panel_28","type":"search"},{"id":"1c4214a0-f0cf-11e9-a5fc-65ed253cef03","name":"30:panel_30","type":"visualization"},{"id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","name":"b71dba65-ed1c-4917-9fc7-54923511ad2d:panel_b71dba65-ed1c-4917-9fc7-54923511ad2d","type":"visualization"},{"id":"0b549610-e902-11e9-9070-f78ae052729a","name":"96010259-5ae8-4632-bcce-34078573b1cd:panel_96010259-5ae8-4632-bcce-34078573b1cd","type":"search"}],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-08-13T11:59:14.768Z","version":"WzIzNCwxXQ=="} +{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":26,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file diff --git a/dashboard_refactor/needs_refactoring/sysmon_summary.ndjson b/dashboard_refactor/needs_refactoring/sysmon_summary.ndjson new file mode 100644 index 00000000..f1018c68 --- /dev/null +++ b/dashboard_refactor/needs_refactoring/sysmon_summary.ndjson @@ -0,0 +1,11 @@ +{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":10},\"source.ip\":{\"count\":3},\"source.port\":{\"count\":3},\"winlog.event_data.IpAddress\":{\"count\":6},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":5},\"winlog.event_data.TargetDomainName\":{\"count\":9},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.event_data.ProcessID\":{\"count\":1},\"process.executable\":{\"count\":2},\"destination.ip\":{\"count\":1},\"destination.port\":{\"count\":1},\"network.transport\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.DestinationIp\":{\"count\":5},\"winlog.event_data.DestinationPort\":{\"count\":1},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.SourceIp\":{\"count\":3},\"winlog.event_data.SourcePort\":{\"count\":3},\"winlog.event_data.SourcePortName\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":1},\"winlog.event_data.SubjectUserName\":{\"count\":2},\"winlog.event_data.TargetUser\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"winlogbeat-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"winlogbeat-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"68a051a0-1d7f-11e9-9fc5-a91039822035","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI1NSwxXQ=="} +{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.channel:\\\"Microsoft-Windows-Sysmon/Operational\\\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_sysmon_all_events","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:15.791Z","id":"8b6d5950-e5c8-11e9-8f1d-73a2ea4cc3ed","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:15.791Z","version":"WzIzNiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_sysmon_all_events_count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_all_events_count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:15.791Z","id":"6bae6b40-e5cd-11e9-8f1d-73a2ea4cc3ed","managed":false,"references":[{"id":"8b6d5950-e5c8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:15.791Z","version":"WzIzNywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_sysmon_all_events_pie","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_all_events_pie\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":23,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Event code\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":false,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":0},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:15.791Z","id":"8fcbbf80-e5ca-11e9-8f1d-73a2ea4cc3ed","managed":false,"references":[{"id":"8b6d5950-e5c8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:15.791Z","version":"WzIzOCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_sysmon_all_events_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_all_events_datatable\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"winlog.event_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":23,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Event code\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:15.791Z","id":"fb34c760-e5cc-11e9-8f1d-73a2ea4cc3ed","managed":false,"references":[{"id":"8b6d5950-e5c8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:15.791Z","version":"WzIzOSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_sysmon_all_host_events_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_all_host_events_datatable\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":23,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Event code\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Missing computer name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Computer name\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"split\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Missing computer name\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}],\"splitRow\":[{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"row\":true,\"percentageCol\":\"\",\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:15.791Z","id":"4ff18f60-e5d0-11e9-8f1d-73a2ea4cc3ed","managed":false,"references":[{"id":"8b6d5950-e5c8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:15.791Z","version":"WzI0MCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_sysmon_event_code_reference","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"markdown\",\"aggs\":[],\"params\":{\"markdown\":\"| \\tEvent ID\\t | \\tEvent\\t | \\tDescription\\t |\\n| \\t:-:\\t | \\t:-\\t | \\t-\\t |\\n| \\t1\\t | \\tProcess creation\\t | \\tThe process creation event provides extended information about a newly created process. The full command line provides context on the process execution. The ProcessGUID field is a unique value for this process across a domain to make event correlation easier. The hash is a full hash of the file with the algorithms in the HashType field.\\t |\\n| \\t2\\t | \\tA process changed a file creation time\\t | \\tThe change file creation time event is registered when a file creation time is explicitly modified by a process. This event helps tracking the real creation time of a file. Attackers may change the file creation time of a backdoor to make it look like it was installed with the operating system. Note that many processes legitimately change the creation time of a file; it does not necessarily indicate malicious activity.\\t |\\n| \\t3\\t | \\tNetwork connection\\t | \\tThe network connection event logs TCP/UDP connections on the machine. It is disabled by default. Each connection is linked to a process through the ProcessId and ProcessGUID fields. The event also contains the source and destination host names IP addresses, port numbers and IPv6 status.\\t |\\n| \\t4\\t | \\tSysmon service state changed\\t | \\tThe service state change event reports the state of the Sysmon service (started or stopped).\\t |\\n| \\t5\\t | \\tProcess terminated\\t | \\tThe process terminate event reports when a process terminates. It provides the UtcTime, ProcessGuid and ProcessId of the process.\\t |\\n| \\t6\\t | \\tDriver loaded\\t | \\tThe driver loaded events provides information about a driver being loaded on the system. The configured hashes are provided as well as signature information. The signature is created asynchronously for performance reasons and indicates if the file was removed after loading.\\t |\\n| \\t7\\t | \\tImage loaded\\t | \\tThe image loaded event logs when a module is loaded in a specific process. This event is disabled by default and needs to be configured with the ๏ฟฝl option. It indicates the process in which the module is loaded, hashes and signature information. The signature is created asynchronously for performance reasons and indicates if the file was removed after loading. This event should be configured carefully, as monitoring all image load events will generate a large number of events.\\t |\\n| \\t8\\t | \\tCreateRemoteThread\\t | \\tThe CreateRemoteThread event detects when a process creates a thread in another process. This technique is used by malware to inject code and hide in other processes. The event indicates the source and target process. It gives information on the code that will be run in the new thread: StartAddress, StartModule and StartFunction. Note that StartModule and StartFunction fields are inferred, they might be empty if the starting address is outside loaded modules or known exported functions.\\t |\\n| \\t9\\t | \\tRawAccessRead\\t | \\tThe RawAccessRead event detects when a process conducts reading operations from the drive using the \\\\\\\\\\\\\\\\.\\\\ denotation. This technique is often used by malware for data exfiltration of files that are locked for reading, as well as to avoid file access auditing tools. The event indicates the source process and target device.\\t |\\n| \\t10\\t | \\tProcessAccess\\t | \\tThe process accessed event reports when a process opens another process, an operation that๏ฟฝs often followed by information queries or reading and writing the address space of the target process. This enables detection of hacking tools that read the memory contents of processes like Local Security Authority (Lsass.exe) in order to steal credentials for use in Pass-the-Hash attacks. Enabling it can generate significant amounts of logging if there are diagnostic utilities active that repeatedly open processes to query their state, so it generally should only be done so with filters that remove expected accesses.\\t |\\n| \\t11\\t | \\tFileCreate\\t | \\tFile create operations are logged when a file is created or overwritten. This event is useful for monitoring autostart locations, like the Startup folder, as well as temporary and download directories, which are common places malware drops during initial infection.\\t |\\n| \\t12\\t | \\tRegistryEvent (Object create and delete)\\t | \\tRegistry key and value create and delete operations map to this event type, which can be useful for monitoring for changes to Registry autostart locations, or specific malware registry modifications. Sysmon uses abbreviated versions of Registry root key names, with the following mappings: |\\n|||**Key name**                                                                                          **Abbreviation**|\\n|||HKEY_LOCAL_MACHINE                                                                  HKLM|\\n|||HKEY_USERS                                                                                     HKU|\\n|||HKEY_LOCAL_MACHINE\\\\System\\\\ControlSet00x                          HKLM\\\\System\\\\CurrentControlSet|\\n|||HKEY_LOCAL_MACHINE\\\\Classes                                                    HKCR|\\n| \\t13\\t | \\tRegistryEvent (Value Set)\\t | \\tThis Registry event type identifies Registry value modifications. The event records the value written for Registry values of type DWORD and QWORD.\\t |\\n| \\t14\\t | \\tRegistryEvent (Key and Value Rename)\\t | \\tRegistry key and value rename operations map to this event type, recording the new name of the key or value that was renamed.\\t |\\n| \\t15\\t | \\tFileCreateStreamHash\\t | \\tThis event logs when a named file stream is created, and it generates events that log the hash of the contents of the file to which the stream is assigned (the unnamed stream), as well as the contents of the named stream. There are malware variants that drop their executables or configuration settings via browser downloads, and this event is aimed at capturing that based on the browser attaching a Zone.Identifier ๏ฟฝmark of the web๏ฟฝ stream.\\t |\\n| \\t16\\t | \\tServiceConfigurationChange\\t | \\tThis event logs changes in the Sysmon configuration - for example when the filtering rules are updated.\\t |\\n| \\t17\\t | \\tPipeEvent (Pipe Created)\\t | \\tThis event generates when a named pipe is created. Malware often uses named pipes for interprocess communication.\\t |\\n| \\t18\\t | \\tPipeEvent (Pipe Connected)\\t | \\tThis event logs when a named pipe connection is made between a client and a server.\\t |\\n| \\t19\\t | \\tWmiEvent (WmiEventFilter activity detected)\\t | \\tWhen a WMI event filter is registered, which is a method used by malware to execute, this event logs the WMI namespace, filter name and filter expression.\\t |\\n| \\t20\\t | \\tWmiEvent (WmiEventConsumer activity detected)\\t | \\tThis event logs the registration of WMI consumers, recording the consumer name, log, and destination.\\t |\\n| \\t21\\t | \\tWmiEvent (WmiEventConsumerToFilter activity detected)\\t | \\tWhen a consumer binds to a filter, this event logs the consumer name and filter path.\\t |\\n| \\t22\\t | \\tDNSEvent (DNS query)\\t | \\tThis event generates when a process executes a DNS query, whether the result is successful or fails, cached or not. The telemetry for this event was added for Windows 8.1 so it is not available on Windows 7 and earlier.\\t |\\n| \\t23\\t | \\tFileDelete (A file delete was detected)\\t | \\tA file was deleted.\\t |\\n| \\t24\\t | \\tClipboardChange (New content in the clipboard)\\t | \\tThis event is generated when the system clipboard contents change.\\t |\\n| \\t25\\t | \\tProcessTampering (Process image change)\\t | \\tThis event is generated when a process image is changed from an external source, such as a different process.\\t |\\n| \\t255\\t | \\tError\\t | \\tThis event is generated when an error occurred within Sysmon. They can happen if the system is under heavy load and certain tasked could not be performed or a bug exists in the Sysmon service. You can report any bugs on the Sysinternals forum or over Twitter (@markrussinovich).\\t |\\n\\nFor more information see *https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon*\",\"openLinksInNewTab\":false,\"fontSize\":10},\"title\":\"vis_sd_sysmon_event_code_reference\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:15.791Z","id":"7d3955e0-e9b6-11e9-92c4-d918939a618e","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:15.791Z","version":"WzI0MSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_sysmon_events_by_computer_timelion","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_events_by_computer_timelion\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(q=winlog.provider_name:Microsoft-Windows-Sysmon, index=winlogbeat-*, split=winlog.computer_name:40).label(\\\"$1\\\",\\\"^.* > winlog.computer_name:(\\\\S+) > .*\\\").title(\\\"Sysmon events by computer\\\").legend(position=nw).yaxis(label=\\\"Number of events\\\")\",\"interval\":\"auto\"},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:15.791Z","id":"35500920-eb66-11e9-875d-ef4cb6c5875d","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:15.791Z","version":"WzI0MiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n| [ Credential Access logs](#/dashboard/403259b0-42ff-11ef-ad69-a315bc8e9abb)\\n| [ Privilege Access logs](#/dashboard/ff4536e0-439c-11ef-bb7f-8131442929d4)\\n| [ Policy Changes & System Activity](#/dashboard/b9590350-4ad6-11ef-b548-fb0fe2537bf7)\\n| [ Identity access Management](#/dashboard/99145260-4618-11ef-af9e-99159f20f35b)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T12:04:55.244Z","version":"WzMwMSwxXQ=="} +{"attributes":{"description":"Summarizes collected Sysmon event data","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":24,\"h\":13,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Total number of Sysmon events found\",\"panelRefName\":\"panel_2\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":3,\"w\":24,\"h\":13,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{},\"vis\":{\"legendOpen\":true}},\"title\":\"Percentage of Sysmon events by event code\",\"panelRefName\":\"panel_3\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":16,\"w\":24,\"h\":18,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Count of Sysmon events by event code\",\"panelRefName\":\"panel_4\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":16,\"w\":24,\"h\":18,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}}},\"enhancements\":{}},\"title\":\"Top 10 hosts generating the most Sysmon data\",\"panelRefName\":\"panel_5\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":34,\"w\":48,\"h\":21,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Sysmon event code reference\",\"panelRefName\":\"panel_7\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":55,\"w\":48,\"h\":15,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Sysmon events\",\"panelRefName\":\"panel_8\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"76bd58e2-b637-4a48-ae79-4ca8abeab308\"},\"panelIndex\":\"76bd58e2-b637-4a48-ae79-4ca8abeab308\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_76bd58e2-b637-4a48-ae79-4ca8abeab308\"}]","timeRestore":false,"title":"Sysmon Summary","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:15.791Z","id":"d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed","managed":false,"references":[{"id":"6bae6b40-e5cd-11e9-8f1d-73a2ea4cc3ed","name":"2:panel_2","type":"visualization"},{"id":"8fcbbf80-e5ca-11e9-8f1d-73a2ea4cc3ed","name":"3:panel_3","type":"visualization"},{"id":"fb34c760-e5cc-11e9-8f1d-73a2ea4cc3ed","name":"4:panel_4","type":"visualization"},{"id":"4ff18f60-e5d0-11e9-8f1d-73a2ea4cc3ed","name":"5:panel_5","type":"visualization"},{"id":"7d3955e0-e9b6-11e9-92c4-d918939a618e","name":"7:panel_7","type":"visualization"},{"id":"35500920-eb66-11e9-875d-ef4cb6c5875d","name":"8:panel_8","type":"visualization"},{"id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","name":"76bd58e2-b637-4a48-ae79-4ca8abeab308:panel_76bd58e2-b637-4a48-ae79-4ca8abeab308","type":"visualization"}],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-08-13T11:59:15.791Z","version":"WzI0NCwxXQ=="} +{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":10,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file diff --git a/dashboard_refactor/needs_refactoring/user_hr.ndjson b/dashboard_refactor/needs_refactoring/user_hr.ndjson new file mode 100644 index 00000000..0fa94ad2 --- /dev/null +++ b/dashboard_refactor/needs_refactoring/user_hr.ndjson @@ -0,0 +1,10 @@ +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n| [ Credential Access logs](#/dashboard/403259b0-42ff-11ef-ad69-a315bc8e9abb)\\n| [ Privilege Access logs](#/dashboard/ff4536e0-439c-11ef-bb7f-8131442929d4)\\n| [ Policy Changes & System Activity](#/dashboard/b9590350-4ad6-11ef-b548-fb0fe2537bf7)\\n| [ Identity access Management](#/dashboard/99145260-4618-11ef-af9e-99159f20f35b)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T12:04:55.244Z","version":"WzMwMSwxXQ=="} +{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":10},\"source.ip\":{\"count\":3},\"source.port\":{\"count\":3},\"winlog.event_data.IpAddress\":{\"count\":6},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":5},\"winlog.event_data.TargetDomainName\":{\"count\":9},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.event_data.ProcessID\":{\"count\":1},\"process.executable\":{\"count\":2},\"destination.ip\":{\"count\":1},\"destination.port\":{\"count\":1},\"network.transport\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.DestinationIp\":{\"count\":5},\"winlog.event_data.DestinationPort\":{\"count\":1},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.SourceIp\":{\"count\":3},\"winlog.event_data.SourcePort\":{\"count\":3},\"winlog.event_data.SourcePortName\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":1},\"winlog.event_data.SubjectUserName\":{\"count\":2},\"winlog.event_data.TargetUser\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"winlogbeat-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"winlogbeat-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"68a051a0-1d7f-11e9-9fc5-a91039822035","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI1NSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}"},"title":"Security - Select User","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Select User\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1587572089136\",\"label\":\"Domain(s)\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\",\"fieldName\":\"winlog.event_data.TargetDomainName\",\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1587713561601\",\"fieldName\":\"winlog.event_data.TargetUserName\",\"parent\":\"\",\"label\":\"Username(s)\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"a64ec020-84b4-11ea-b7fb-01bea49d9239","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_0_index_pattern","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_1_index_pattern","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI1NiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"HR - User activity title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HR - User activity title\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"## All user activity\"},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:16.817Z","id":"eafe31b0-8a22-11ea-9ff6-ed89e356f0e4","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:16.817Z","version":"WzI0OCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"HR - Logon title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HR - Logon title\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"## Logon / Logoff events\"},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:16.817Z","id":"20387200-8a23-11ea-9ff6-ed89e356f0e4","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:16.817Z","version":"WzI0OSwxXQ=="} +{"attributes":{"columns":["winlog.event_data.SubjectDomainName","winlog.event_data.TargetUserName","host.name","winlog.event_data.TargetLogonId"],"description":"","grid":{"columns":{"user.name":{"width":193},"winlog.event_data.SubjectDomainName":{"width":193}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code:\\\"4624\\\" and not user.name:*$\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"winlog.event_data.LogonType\",\"value\":[\"2\",\"10\",\"11\",\"7\"],\"params\":[\"2\",\"10\",\"11\",\"7\"],\"alias\":null,\"negate\":false,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"winlog.event_data.LogonType\":\"2\"}},{\"match_phrase\":{\"winlog.event_data.LogonType\":\"10\"}},{\"match_phrase\":{\"winlog.event_data.LogonType\":\"11\"}},{\"match_phrase\":{\"winlog.event_data.LogonType\":\"7\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Interactive Logon search","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:16.817Z","id":"2fa5fa00-8a1e-11ea-9ff6-ed89e356f0e4","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:16.817Z","version":"WzI1MCwxXQ=="} +{"attributes":{"columns":["winlog.event_data.TargetUserName","winlog.event_data.TargetDomainName","host.name","winlog.event_data.TargetLogonId"],"description":"","grid":{"columns":{"winlog.event_data.TargetDomainName":{"width":241},"winlog.event_data.TargetUserName":{"width":241}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(event.code:\\\"4634\\\" OR event.code:\\\"4647\\\" ) and not user.name:*$\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Logoff events","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:16.817Z","id":"e02eb1f0-8a1e-11ea-9ff6-ed89e356f0e4","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:16.817Z","version":"WzI1MSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HR - Interactive v Remote pie","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HR - Interactive v Remote pie\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{},\"params\":{},\"label\":\"filters\",\"aggType\":\"filters\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"filters\",\"schema\":\"segment\",\"params\":{\"filters\":[{\"input\":{\"query\":\"winlog.event_data.LogonType:2\",\"language\":\"lucene\"},\"label\":\"Interactive\"},{\"input\":{\"query\":\"winlog.event_data.LogonType:10\",\"language\":\"lucene\"},\"label\":\"RemoteInteractive\"}]}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:16.817Z","id":"b4cccab0-8a23-11ea-9ff6-ed89e356f0e4","managed":false,"references":[{"id":"2fa5fa00-8a1e-11ea-9ff6-ed89e356f0e4","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:16.817Z","version":"WzI1MiwxXQ=="} +{"attributes":{"description":"Overview of user activity for Human Resources\n","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"46f5e2d0-544b-4159-bf78-a44737a093cb\"},\"panelIndex\":\"46f5e2d0-544b-4159-bf78-a44737a093cb\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_46f5e2d0-544b-4159-bf78-a44737a093cb\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":16,\"h\":12,\"i\":\"bf3efd15-6e7c-4a6e-bb30-e7b759306282\"},\"panelIndex\":\"bf3efd15-6e7c-4a6e-bb30-e7b759306282\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Select domain(s) and username(s)\",\"panelRefName\":\"panel_bf3efd15-6e7c-4a6e-bb30-e7b759306282\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":3,\"w\":15,\"h\":12,\"i\":\"9401acd4-64d2-484d-a0dc-2647cc626e56\"},\"panelIndex\":\"9401acd4-64d2-484d-a0dc-2647cc626e56\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"68a051a0-1d7f-11e9-9fc5-a91039822035\",\"name\":\"indexpattern-datasource-layer-23f1f6ab-b8b6-47e2-a508-4b3f368cb093\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"23f1f6ab-b8b6-47e2-a508-4b3f368cb093\",\"accessors\":[\"5a238afa-9ffa-4568-8a43-6167c0a76b67\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"cd51b883-1c2b-42c5-95e4-d1ef8aa38fc7\",\"splitAccessor\":\"fc23a029-309e-40a7-aeca-309fd8423ced\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"23f1f6ab-b8b6-47e2-a508-4b3f368cb093\":{\"columns\":{\"cd51b883-1c2b-42c5-95e4-d1ef8aa38fc7\":{\"label\":\"Top 5 values of winlog.event_data.SubjectDomainName\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectDomainName\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5a238afa-9ffa-4568-8a43-6167c0a76b67\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"fc23a029-309e-40a7-aeca-309fd8423ced\":{\"label\":\"Top 3 values of winlog.event_data.TargetUserName\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.TargetUserName\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5a238afa-9ffa-4568-8a43-6167c0a76b67\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"5a238afa-9ffa-4568-8a43-6167c0a76b67\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"cd51b883-1c2b-42c5-95e4-d1ef8aa38fc7\",\"fc23a029-309e-40a7-aeca-309fd8423ced\",\"5a238afa-9ffa-4568-8a43-6167c0a76b67\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Filter Users\"},{\"type\":\"lens\",\"gridData\":{\"x\":31,\"y\":3,\"w\":17,\"h\":12,\"i\":\"84db1c16-9a85-4d7a-a4bb-7ee0eaa25c5c\"},\"panelIndex\":\"84db1c16-9a85-4d7a-a4bb-7ee0eaa25c5c\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"68a051a0-1d7f-11e9-9fc5-a91039822035\",\"name\":\"indexpattern-datasource-layer-f67bbe9f-ae2f-4601-8fec-3a935e9f9ff2\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar\",\"layers\":[{\"layerId\":\"f67bbe9f-ae2f-4601-8fec-3a935e9f9ff2\",\"accessors\":[\"5d3a9e33-d23b-4f5d-b02c-260e5016d278\"],\"position\":\"top\",\"seriesType\":\"bar\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"22b4e313-2858-411e-a90b-911198fa34fe\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f67bbe9f-ae2f-4601-8fec-3a935e9f9ff2\":{\"columns\":{\"22b4e313-2858-411e-a90b-911198fa34fe\":{\"label\":\"Top 5 values of winlog.computer_name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"winlog.computer_name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5d3a9e33-d23b-4f5d-b02c-260e5016d278\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"5d3a9e33-d23b-4f5d-b02c-260e5016d278\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"22b4e313-2858-411e-a90b-911198fa34fe\",\"5d3a9e33-d23b-4f5d-b02c-260e5016d278\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Filter Computers\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":15,\"w\":48,\"h\":4,\"i\":\"04b8ad89-b259-4d40-a6f7-40bd85498ee5\"},\"panelIndex\":\"04b8ad89-b259-4d40-a6f7-40bd85498ee5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_04b8ad89-b259-4d40-a6f7-40bd85498ee5\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":19,\"w\":24,\"h\":15,\"i\":\"bf9f9a7e-eced-42ad-9d72-193778290f71\"},\"panelIndex\":\"bf9f9a7e-eced-42ad-9d72-193778290f71\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"68a051a0-1d7f-11e9-9fc5-a91039822035\",\"name\":\"indexpattern-datasource-layer-6bfbd839-8497-464d-a473-26c01d5ba342\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"6bfbd839-8497-464d-a473-26c01d5ba342\",\"accessors\":[\"71b8b420-12e4-4dc5-bf20-933b0f4eb4e9\",\"bca165fa-40a3-4e7a-86bd-24ac4bbf6474\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"ded5443c-8b2d-4ea7-b640-b3a6a2212559\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"6bfbd839-8497-464d-a473-26c01d5ba342\":{\"columns\":{\"ded5443c-8b2d-4ea7-b640-b3a6a2212559\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"71b8b420-12e4-4dc5-bf20-933b0f4eb4e9\":{\"label\":\"Median of day_of_week\",\"dataType\":\"number\",\"operationType\":\"median\",\"sourceField\":\"day_of_week\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true}},\"bca165fa-40a3-4e7a-86bd-24ac4bbf6474\":{\"label\":\"Median of hour_of_day\",\"dataType\":\"number\",\"operationType\":\"median\",\"sourceField\":\"hour_of_day\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"ded5443c-8b2d-4ea7-b640-b3a6a2212559\",\"71b8b420-12e4-4dc5-bf20-933b0f4eb4e9\",\"bca165fa-40a3-4e7a-86bd-24ac4bbf6474\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"All User Events by Day of Week, Hour of Day\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":19,\"w\":24,\"h\":15,\"i\":\"cbb939c6-5de5-478a-813f-fa5aabff530a\"},\"panelIndex\":\"cbb939c6-5de5-478a-813f-fa5aabff530a\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"68a051a0-1d7f-11e9-9fc5-a91039822035\",\"name\":\"indexpattern-datasource-layer-f46d1729-4bd5-4219-9973-01913c208fef\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"f46d1729-4bd5-4219-9973-01913c208fef\",\"accessors\":[\"800c3857-3c9c-4fc5-a403-3fcbede05599\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"1e026cf2-cc40-41b2-a12f-c75d0058eac7\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f46d1729-4bd5-4219-9973-01913c208fef\":{\"columns\":{\"1e026cf2-cc40-41b2-a12f-c75d0058eac7\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"800c3857-3c9c-4fc5-a403-3fcbede05599\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"1e026cf2-cc40-41b2-a12f-c75d0058eac7\",\"800c3857-3c9c-4fc5-a403-3fcbede05599\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Timestamps by Count\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":34,\"w\":48,\"h\":4,\"i\":\"110dc89e-1139-438c-88a9-1914a7b12725\"},\"panelIndex\":\"110dc89e-1139-438c-88a9-1914a7b12725\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_110dc89e-1139-438c-88a9-1914a7b12725\"},{\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":38,\"w\":24,\"h\":15,\"i\":\"c28b411d-3dc3-472a-acd9-05ad0a1964b7\"},\"panelIndex\":\"c28b411d-3dc3-472a-acd9-05ad0a1964b7\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"User logon events (filter by LogonId)\",\"panelRefName\":\"panel_c28b411d-3dc3-472a-acd9-05ad0a1964b7\"},{\"type\":\"search\",\"gridData\":{\"x\":24,\"y\":38,\"w\":24,\"h\":15,\"i\":\"c3bc3c62-3c16-482c-b377-ecc40a21bc0a\"},\"panelIndex\":\"c3bc3c62-3c16-482c-b377-ecc40a21bc0a\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"User logoff events (correlate to logon events)\",\"panelRefName\":\"panel_c3bc3c62-3c16-482c-b377-ecc40a21bc0a\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":53,\"w\":24,\"h\":15,\"i\":\"d40424ec-2e13-4d8c-a942-95652715c75f\"},\"panelIndex\":\"d40424ec-2e13-4d8c-a942-95652715c75f\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"In person vs Remote logons\",\"panelRefName\":\"panel_d40424ec-2e13-4d8c-a942-95652715c75f\"}]","timeRestore":false,"title":"User HR","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T12:06:59.480Z","id":"618bc5d0-84f8-11ee-9838-ff0db128d8b2","managed":false,"references":[{"id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","name":"46f5e2d0-544b-4159-bf78-a44737a093cb:panel_46f5e2d0-544b-4159-bf78-a44737a093cb","type":"visualization"},{"id":"a64ec020-84b4-11ea-b7fb-01bea49d9239","name":"bf3efd15-6e7c-4a6e-bb30-e7b759306282:panel_bf3efd15-6e7c-4a6e-bb30-e7b759306282","type":"visualization"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"9401acd4-64d2-484d-a0dc-2647cc626e56:indexpattern-datasource-layer-23f1f6ab-b8b6-47e2-a508-4b3f368cb093","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"84db1c16-9a85-4d7a-a4bb-7ee0eaa25c5c:indexpattern-datasource-layer-f67bbe9f-ae2f-4601-8fec-3a935e9f9ff2","type":"index-pattern"},{"id":"eafe31b0-8a22-11ea-9ff6-ed89e356f0e4","name":"04b8ad89-b259-4d40-a6f7-40bd85498ee5:panel_04b8ad89-b259-4d40-a6f7-40bd85498ee5","type":"visualization"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"bf9f9a7e-eced-42ad-9d72-193778290f71:indexpattern-datasource-layer-6bfbd839-8497-464d-a473-26c01d5ba342","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"cbb939c6-5de5-478a-813f-fa5aabff530a:indexpattern-datasource-layer-f46d1729-4bd5-4219-9973-01913c208fef","type":"index-pattern"},{"id":"20387200-8a23-11ea-9ff6-ed89e356f0e4","name":"110dc89e-1139-438c-88a9-1914a7b12725:panel_110dc89e-1139-438c-88a9-1914a7b12725","type":"visualization"},{"id":"2fa5fa00-8a1e-11ea-9ff6-ed89e356f0e4","name":"c28b411d-3dc3-472a-acd9-05ad0a1964b7:panel_c28b411d-3dc3-472a-acd9-05ad0a1964b7","type":"search"},{"id":"e02eb1f0-8a1e-11ea-9ff6-ed89e356f0e4","name":"c3bc3c62-3c16-482c-b377-ecc40a21bc0a:panel_c3bc3c62-3c16-482c-b377-ecc40a21bc0a","type":"search"},{"id":"b4cccab0-8a23-11ea-9ff6-ed89e356f0e4","name":"d40424ec-2e13-4d8c-a942-95652715c75f:panel_d40424ec-2e13-4d8c-a942-95652715c75f","type":"visualization"}],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-08-13T12:06:59.480Z","version":"WzMxMSwxXQ=="} +{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":9,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file diff --git a/dashboard_refactor/needs_refactoring/user_security_logs_test.ndjson b/dashboard_refactor/needs_refactoring/user_security_logs_test.ndjson new file mode 100644 index 00000000..bdee3273 --- /dev/null +++ b/dashboard_refactor/needs_refactoring/user_security_logs_test.ndjson @@ -0,0 +1,39 @@ +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n| [ Credential Access logs](#/dashboard/403259b0-42ff-11ef-ad69-a315bc8e9abb)\\n| [ Privilege Access logs](#/dashboard/ff4536e0-439c-11ef-bb7f-8131442929d4)\\n| [ Policy Changes & System Activity](#/dashboard/b9590350-4ad6-11ef-b548-fb0fe2537bf7)\\n| [ Identity access Management](#/dashboard/99145260-4618-11ef-af9e-99159f20f35b)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T12:04:55.244Z","version":"WzMwMSwxXQ=="} +{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":10},\"source.ip\":{\"count\":3},\"source.port\":{\"count\":3},\"winlog.event_data.IpAddress\":{\"count\":6},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":5},\"winlog.event_data.TargetDomainName\":{\"count\":9},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.event_data.ProcessID\":{\"count\":1},\"process.executable\":{\"count\":2},\"destination.ip\":{\"count\":1},\"destination.port\":{\"count\":1},\"network.transport\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.DestinationIp\":{\"count\":5},\"winlog.event_data.DestinationPort\":{\"count\":1},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.SourceIp\":{\"count\":3},\"winlog.event_data.SourcePort\":{\"count\":3},\"winlog.event_data.SourcePortName\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":1},\"winlog.event_data.SubjectUserName\":{\"count\":2},\"winlog.event_data.TargetUser\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"logs-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"68a051a0-1d7f-11e9-9fc5-a91039822035","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI1NSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}"},"title":"Security - Select User","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Select User\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1587572089136\",\"label\":\"Domain(s)\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\",\"fieldName\":\"winlog.event_data.TargetDomainName\",\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1587713561601\",\"fieldName\":\"winlog.event_data.TargetUserName\",\"parent\":\"\",\"label\":\"Username(s)\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"a64ec020-84b4-11ea-b7fb-01bea49d9239","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_0_index_pattern","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_1_index_pattern","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI1NiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security - Filter Hosts","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security - Filter Hosts\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Event count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host name\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"8b7ff050-8ed4-11ea-904c-391ecaa2f2f4","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI1NywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Security - Select Host","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Select Host\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1588685297382\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Host\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"53b65290-8ed4-11ea-904c-391ecaa2f2f4","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_0_index_pattern","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI1OCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Logons Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logons Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Logons\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"d58b0380-8540-11ea-b6c5-5d9149593ce4","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI1OSwxXQ=="} +{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(event.code:4624 OR event.code:4625) and not user.name:*$\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":\"NT AUTHORITY, Window Manager, Font Driver Host\",\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"},"sort":[["@timestamp","desc"]],"title":"Human User Logon Events","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI2MCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Logon attempts","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logon attempts\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Login attempts\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"22170f50-853c-11ea-b6c5-5d9149593ce4","managed":false,"references":[{"id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI2MSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Logon events over time","uiStateJSON":"{\"vis\":{\"colors\":{\"Failed attempts\":\"#BF1B00\",\"Successful atempts\":\"#629E51\"}}}","version":1,"visState":"{\"title\":\"Security - Logon events over time\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":1,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm:ss\"}},\"params\":{\"date\":true,\"interval\":\"PT30S\",\"format\":\"HH:mm:ss\",\"bounds\":{\"min\":\"2020-04-23T08:41:59.000Z\",\"max\":\"2020-04-23T08:56:59.000Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":0,\"format\":{},\"params\":{},\"aggType\":\"filters\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"filters\",\"schema\":\"group\",\"params\":{\"filters\":[{\"input\":{\"query\":\"event.code:4625\",\"language\":\"lucene\"},\"label\":\"Failed attempts\"},{\"input\":{\"query\":\"event.code:4624\",\"language\":\"lucene\"},\"label\":\"Successful atempts\"}]}},{\"id\":\"3\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"c0c8b560-84a9-11ea-b7fb-01bea49d9239","managed":false,"references":[{"id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI2MiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"event.code\",\"value\":\"4,624, 4,625\",\"params\":[\"4624\",\"4625\"],\"alias\":null,\"negate\":false,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"event.code\":\"4624\"}},{\"match_phrase\":{\"event.code\":\"4625\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"},"savedSearchRefName":"search_0","title":"Security - Logon hosts pie","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logon hosts pie\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Computers\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Computer\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"489f7350-853d-11ea-b6c5-5d9149593ce4","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI2MywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Logon hosts","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logon hosts\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"host.name\",\"customLabel\":\"Hosts\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"a179afa0-853c-11ea-b6c5-5d9149593ce4","managed":false,"references":[{"id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI2NCwxXQ=="} +{"attributes":{"columns":["event.code","host.name","winlog.event_data.TargetDomainName","winlog.event_data.TargetUserName","winlog.event_data.IpAddress","event.action","event.outcome","winlog.event_data.LogonType"],"description":"","grid":{"columns":{"user.domain":{"width":119},"user.name":{"width":134}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(event.code:4624 OR event.code:4625) and not user.name:*$\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Human Logon & Logoff events","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"2325be20-8616-11ea-a720-c7a0431f179d","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI2NSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Network Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Network Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Network Connections\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"a1229110-860f-11ea-a720-c7a0431f179d","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI2NiwxXQ=="} +{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id : \\\"3\\\" and event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"All network activity ","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"d1a74ce0-8641-11ea-907a-33d103156187","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI2NywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Network Activity Line","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Network Activity Line\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Connections\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15y\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"extendToTimeRange\":false,\"scaleMetricValues\":false,\"interval\":\"auto\",\"used_interval\":\"30d\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Connections\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Connections\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm:ss\"}},\"params\":{\"date\":true,\"interval\":\"PT30S\",\"format\":\"HH:mm:ss\",\"bounds\":{\"min\":\"2020-04-24T15:29:10.918Z\",\"max\":\"2020-04-24T15:44:10.918Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\",\"truncateLegend\":true,\"maxLegendLines\":1,\"radiusRatio\":9}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"ec7ad2d0-8641-11ea-907a-33d103156187","managed":false,"references":[{"id":"d1a74ce0-8641-11ea-907a-33d103156187","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI2OCwxXQ=="} +{"attributes":{"columns":["winlog.event_data.DestinationHostname","destination.ip","winlog.event_data.DestinationIsIpv6","network.","process.executable","winlog.event_data.DestinationPort","winlog.event_data.Protocol","winlog.user.name","winlog.user.type","source.ip","winlog.event_data.SourceIsIpv6","source.port","network.protocol"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id:3 AND NOT (destination.ip:\\\"10.0.0.0/8\\\" OR destination.ip:\\\"172.16.0.0/16\\\" OR destination.ip:\\\"192.168.0.0/16\\\" OR destionation.ip:\\\"224.0.0.0/24\\\" OR destination.ip:\\\"169.254.0.0/16\\\" OR destination.ip:\\\"127.0.0.1\\\" OR destination.ip:\\\"fe80::/10\\\" OR destination.ip:\\\"fc00::/7\\\") AND NOT (process.name:iexplore.exe OR process.name:chrome.exe OR process.name:firefox.exe OR process.name:opera.exe) AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_non_browsers_connection","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"a0f75d50-e5e8-11e9-8f1d-73a2ea4cc3ed","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI2OSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Network Process List","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security - Network Process List\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.DestinationIp\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":false,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.TargetUserName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Logged on user\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Computer\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.ProcessId\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":4,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"date\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"percentageCol\":\"\",\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"31a7d490-e677-11e9-8be5-cd86dcca33f3","managed":false,"references":[{"id":"a0f75d50-e5e8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI3MCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Network connections area ","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Network connections area \",\"type\":\"area\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":false,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"group\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.ProcessId\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"group\"}],\"params\":{\"type\":\"area\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"labels\":{},\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\",\"truncateLegend\":true,\"maxLegendLines\":1,\"radiusRatio\":9}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"3fb9dfd0-8887-11ea-99ef-bd4d29afe41e","managed":false,"references":[{"id":"a0f75d50-e5e8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI3MSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Overview - Processes with unusual network activity","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Overview - Processes with unusual network activity\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"significant_terms\",\"params\":{\"field\":\"winlog.event_data.ProcessId\",\"size\":10,\"include\":\"\",\"json\":\"\",\"customLabel\":\"Process\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"string\"},\"params\":{},\"label\":\"Process\",\"aggType\":\"significant_terms\"}]},\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"245778d0-8641-11ea-907a-33d103156187","managed":false,"references":[{"id":"a0f75d50-e5e8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI3MiwxXQ=="} +{"attributes":{"columns":["host.name","winlog.event_data.TargetUserName","winlog.event_data.TargetDomainName","winlog.event_data.SourceIp","winlog.event_data.SourcePort","winlog.event_data.DestinationIp","winlog.event_data.DestinationPort","winlog.event_data.ProcessId","winlog.event_data.ProcessName"],"description":"","grid":{"columns":{"winlog.event_data.SubjectDomainName":{"width":216}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id:3 AND NOT (destination.ip:\\\"10.0.0.0/8\\\" OR destination.ip:\\\"172.16.0.0/16\\\" OR destination.ip:\\\"192.168.0.0/16\\\" OR destionation.ip:\\\"224.0.0.0/24\\\" OR destination.ip:\\\"169.254.0.0/16\\\" OR destination.ip:\\\"127.0.0.1\\\" OR destination.ip:\\\"fe80::/10\\\" OR destination.ip:\\\"fc00::/7\\\") and event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"srch_uds_non_private_network","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"027102a0-e69f-11e9-8be5-cd86dcca33f3","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI3MywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Processes Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Processes Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Processes & Powershell\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"813d18f0-8869-11ea-99ef-bd4d29afe41e","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI3NCwxXQ=="} +{"attributes":{"columns":["host.name","winlog.event_data.TargetDomainName","winlog.event_data.User","winlog.event_data.ProcessId","winlog.event_data.ProcessName","winlog.event_data.Hashes","process.args"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code:\\\"1\\\" AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Process Spawns","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"ca56a030-8899-11ea-99ef-bd4d29afe41e","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI3NSwxXQ=="} +{"attributes":{"columns":["user.domain","user.name","host.name","process.executable","process.command_line","process.parent.executable","process.parent.command_line","file.path","event.code"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"process.parent.name:\\\"powershell.exe\\\" OR process.name:\\\"powershell.exe\\\" OR winlog.event_data.OriginalFileName:\\\"PowerShell.EXE\\\" OR process.command_line.text:\\\"powershell\\\" OR parent.process.command_line.text:\\\"powershell\\\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_powershell_run","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"2e276480-ec16-11e9-befc-81397a291157","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI3NiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Powershell Run Count","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Security - Powershell Run Count\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"60553d40-ec18-11e9-befc-81397a291157","managed":false,"references":[{"id":"2e276480-ec16-11e9-befc-81397a291157","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI3NywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Powershell runs over time","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now/w\",\"to\":\"now/w\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":0,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"grid\":{\"categoryLines\":false},\"labels\":{},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#34130C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\"},\"title\":\"Security - Powershell runs over time\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"bc2e06f0-8930-11ea-9bd8-f3fed1ec2140","managed":false,"references":[{"id":"2e276480-ec16-11e9-befc-81397a291157","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI3OCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Power shell hosts pie","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"host.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addTooltip\":true,\"dimensions\":{\"metric\":{\"accessor\":0,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}},\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Security - Power shell hosts pie\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"2b71e9f0-8931-11ea-9bd8-f3fed1ec2140","managed":false,"references":[{"id":"2e276480-ec16-11e9-befc-81397a291157","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI3OSwxXQ=="} +{"attributes":{"columns":["user.domain","user.name","host.name","process.executable","process.args","process.parent.executable","process.parent.args"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(process.parent.name:\\\"powershell.exe\\\" OR process.name:\\\"powershell.exe\\\" OR winlog.event_data.OriginalFileName:\\\"PowerShell.EXE\\\") AND process.command_line.text:(\\\"invoke\\\" or \\\"bypass\\\" or \\\"iex\\\" or \\\"ex\\\" or \\\"icm\\\" or \\\"new-object\\\" or \\\"set\\\" or \\\"get\\\" or \\\"write\\\" or \\\"out\\\" or \\\"download\\\" or \\\"encoded\\\")\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"Potentially Suspicious Powershell","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"ff5a53b0-ebf7-11e9-befc-81397a291157","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI4MCwxXQ=="} +{"attributes":{"columns":["user.domain","user.name","host.name","destination.domain","destination.ip"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id:3 AND (process.parent.name:\\\"powershell.exe\\\" OR process.name:\\\"powershell.exe\\\" OR winlog.event_data.OriginalFileName:\\\"PowerShell.EXE\\\") AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_uds_powershell_network","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"c97a71f0-8952-11ea-9bd8-f3fed1ec2140","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI4MSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Files title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Files title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Files\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"404f6e60-895e-11ea-9bd8-f3fed1ec2140","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI4MiwxXQ=="} +{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"file.path.text: \\\"tmp\\\" OR file.path.text:\\\"temp\\\"\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"exists\",\"key\":\"file.path\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"exists\":{\"field\":\"file.path\"},\"$state\":{\"store\":\"appState\"}}]}"},"sort":[["@timestamp","desc"]],"title":"TEMP & %TEMP%","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"fbbf01c0-e697-11e9-8be5-cd86dcca33f3","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI4MywxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"TEMP & %TEMP%","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Target File\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":30,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hostname\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"TEMP & %TEMP%\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"1a0c4520-e698-11e9-8be5-cd86dcca33f3","managed":false,"references":[{"id":"fbbf01c0-e697-11e9-8be5-cd86dcca33f3","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI4NCwxXQ=="} +{"attributes":{"columns":["@timestamp","user.domain","user.name","host.name","process.executable","winlog.event_data.ProcessId"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id: \\\"9\\\" AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"Raw Access Events","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"6b97d600-8960-11ea-9bd8-f3fed1ec2140","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI4NSwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Windows Defender Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Windows Defender Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Windows Defender\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"ebbab910-8960-11ea-9bd8-f3fed1ec2140","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI4NiwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"winlog.event_id:(1006 or 1007 or 1008 or 1009 or 1116 or 1117 or 1118 or 1119)\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security - AV Events Count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - AV Events Count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Windows AV Events\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"4d08ec30-e5c1-11e9-ac01-d5832a8a14d8","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI4NywxXQ=="} +{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"winlog.event_id\",\"value\":\"1,006, 1,007, 1,008, 1,009, 1,116, 1,117, 1,118, 1,119\",\"params\":[\"1006\",\"1007\",\"1008\",\"1009\",\"1116\",\"1117\",\"1118\",\"1119\"],\"negate\":false,\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"winlog.event_id\":\"1006\"}},{\"match_phrase\":{\"winlog.event_id\":\"1007\"}},{\"match_phrase\":{\"winlog.event_id\":\"1008\"}},{\"match_phrase\":{\"winlog.event_id\":\"1009\"}},{\"match_phrase\":{\"winlog.event_id\":\"1116\"}},{\"match_phrase\":{\"winlog.event_id\":\"1117\"}},{\"match_phrase\":{\"winlog.event_id\":\"1118\"}},{\"match_phrase\":{\"winlog.event_id\":\"1119\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"AV Detection event","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"3c3bc850-7bc7-11e9-b45c-ad49d0e60b5a","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI4OCwxXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"AV Hits (Count)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"AV Hits (Count)\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"AV Detection hits\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"45277cd0-7bdf-11e9-b45c-ad49d0e60b5a","managed":false,"references":[{"id":"3c3bc850-7bc7-11e9-b45c-ad49d0e60b5a","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI4OSwxXQ=="} +{"attributes":{"columns":["winlog.event_data.Detection User","host.name","winlog.event_data.Path","winlog.event_data.FWLink"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id: 1116\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[{\"meta\":{\"negate\":false,\"type\":\"phrase\",\"key\":\"event.provider\",\"params\":{\"query\":\"Microsoft-Windows-Windows Defender\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.provider\":{\"query\":\"Microsoft-Windows-Windows Defender\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"},"sort":[["@timestamp","desc"]],"title":"Defender AV Detections","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"854e4470-8966-11ea-9bd8-f3fed1ec2140","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI5MCwxXQ=="} +{"attributes":{"description":"User Security overview, filtered by Domain / Username or hostname","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"cb956d23-9d5b-4af8-becf-a2d2d108b5f7\"},\"panelIndex\":\"cb956d23-9d5b-4af8-becf-a2d2d108b5f7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_cb956d23-9d5b-4af8-becf-a2d2d108b5f7\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":23,\"h\":7,\"i\":\"d962c0d4-f80a-426c-9a1b-43e2fb6296f2\"},\"panelIndex\":\"d962c0d4-f80a-426c-9a1b-43e2fb6296f2\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Search users\",\"panelRefName\":\"panel_d962c0d4-f80a-426c-9a1b-43e2fb6296f2\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":23,\"y\":3,\"w\":25,\"h\":7,\"i\":\"b5483ec3-77b5-4e4c-b532-32ce796aa1de\"},\"panelIndex\":\"b5483ec3-77b5-4e4c-b532-32ce796aa1de\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Filter hosts\",\"panelRefName\":\"panel_b5483ec3-77b5-4e4c-b532-32ce796aa1de\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":10,\"w\":23,\"h\":7,\"i\":\"669e458b-ac6a-41d1-b3e2-945a0c8571bd\"},\"panelIndex\":\"669e458b-ac6a-41d1-b3e2-945a0c8571bd\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Search hosts\",\"panelRefName\":\"panel_669e458b-ac6a-41d1-b3e2-945a0c8571bd\"},{\"version\":\"8.9.0\",\"type\":\"lens\",\"gridData\":{\"x\":23,\"y\":10,\"w\":25,\"h\":7,\"i\":\"b693e539-d72a-496c-bbaf-31c22eeb78c2\"},\"panelIndex\":\"b693e539-d72a-496c-bbaf-31c22eeb78c2\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"68a051a0-1d7f-11e9-9fc5-a91039822035\",\"name\":\"indexpattern-datasource-layer-d123adeb-fd39-4176-b3c9-69c88d2852d5\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"6f33ff19-9959-4c43-b791-939582a0b3d2\",\"isTransposed\":false},{\"columnId\":\"26752485-2aa5-4908-b400-504d6e7ef451\",\"isTransposed\":false}],\"layerId\":\"d123adeb-fd39-4176-b3c9-69c88d2852d5\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"d123adeb-fd39-4176-b3c9-69c88d2852d5\":{\"columns\":{\"6f33ff19-9959-4c43-b791-939582a0b3d2\":{\"label\":\"Event Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"26752485-2aa5-4908-b400-504d6e7ef451\":{\"label\":\"winlog.event_data.TargetUserName\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.TargetUserName\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6f33ff19-9959-4c43-b791-939582a0b3d2\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"26752485-2aa5-4908-b400-504d6e7ef451\",\"6f33ff19-9959-4c43-b791-939582a0b3d2\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Filter users\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":17,\"w\":48,\"h\":4,\"i\":\"0eb6fcd2-cd91-4c3e-b652-4f06922da3ae\"},\"panelIndex\":\"0eb6fcd2-cd91-4c3e-b652-4f06922da3ae\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0eb6fcd2-cd91-4c3e-b652-4f06922da3ae\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":21,\"w\":9,\"h\":7,\"i\":\"2281ee7a-a6bd-4d4e-8ced-3c594acfdd3f\"},\"panelIndex\":\"2281ee7a-a6bd-4d4e-8ced-3c594acfdd3f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2281ee7a-a6bd-4d4e-8ced-3c594acfdd3f\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":21,\"w\":20,\"h\":14,\"i\":\"13240516-125d-434d-8929-d9a334308aa6\"},\"panelIndex\":\"13240516-125d-434d-8929-d9a334308aa6\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Logon attempts\",\"panelRefName\":\"panel_13240516-125d-434d-8929-d9a334308aa6\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":21,\"w\":19,\"h\":14,\"i\":\"4b488bfa-a881-46c9-933b-ed762dfb6884\"},\"panelIndex\":\"4b488bfa-a881-46c9-933b-ed762dfb6884\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Logged on computers\",\"panelRefName\":\"panel_4b488bfa-a881-46c9-933b-ed762dfb6884\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":28,\"w\":9,\"h\":7,\"i\":\"1d6bc214-21e6-4f94-b4df-94585768f0d1\"},\"panelIndex\":\"1d6bc214-21e6-4f94-b4df-94585768f0d1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1d6bc214-21e6-4f94-b4df-94585768f0d1\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":35,\"w\":48,\"h\":17,\"i\":\"5db1345f-28a0-43fd-9cd2-d51e9349cfad\"},\"panelIndex\":\"5db1345f-28a0-43fd-9cd2-d51e9349cfad\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"User Logon & Logoff Events\",\"panelRefName\":\"panel_5db1345f-28a0-43fd-9cd2-d51e9349cfad\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":52,\"w\":48,\"h\":4,\"i\":\"dc8de60f-b44b-4e88-9f4c-603ebc8be78b\"},\"panelIndex\":\"dc8de60f-b44b-4e88-9f4c-603ebc8be78b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_dc8de60f-b44b-4e88-9f4c-603ebc8be78b\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":56,\"w\":48,\"h\":14,\"i\":\"3b38696a-cc17-47fb-91f4-96884a7262de\"},\"panelIndex\":\"3b38696a-cc17-47fb-91f4-96884a7262de\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"All network connections\",\"panelRefName\":\"panel_3b38696a-cc17-47fb-91f4-96884a7262de\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":70,\"w\":24,\"h\":15,\"i\":\"85d08841-be8d-45e6-8d57-e79d3e63b315\"},\"panelIndex\":\"85d08841-be8d-45e6-8d57-e79d3e63b315\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"title\":\"Network connections from non-browser processes\",\"panelRefName\":\"panel_85d08841-be8d-45e6-8d57-e79d3e63b315\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":70,\"w\":24,\"h\":15,\"i\":\"8053a0e5-33e4-46d0-adcc-5baa505a07e4\"},\"panelIndex\":\"8053a0e5-33e4-46d0-adcc-5baa505a07e4\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Network connection by protocol\",\"panelRefName\":\"panel_8053a0e5-33e4-46d0-adcc-5baa505a07e4\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":85,\"w\":48,\"h\":15,\"i\":\"d6e81b2b-664b-480d-9e79-0146110b5b40\"},\"panelIndex\":\"d6e81b2b-664b-480d-9e79-0146110b5b40\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Unusual network connections from non-browser processes\",\"panelRefName\":\"panel_d6e81b2b-664b-480d-9e79-0146110b5b40\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":100,\"w\":48,\"h\":10,\"i\":\"cf6d87aa-3642-443d-8535-ffc445bb0de8\"},\"panelIndex\":\"cf6d87aa-3642-443d-8535-ffc445bb0de8\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Network Connection Events (Sysmon ID 3)\",\"panelRefName\":\"panel_cf6d87aa-3642-443d-8535-ffc445bb0de8\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":110,\"w\":48,\"h\":4,\"i\":\"e7d0f621-25db-4fc2-b342-de3356d27d22\"},\"panelIndex\":\"e7d0f621-25db-4fc2-b342-de3356d27d22\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e7d0f621-25db-4fc2-b342-de3356d27d22\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":114,\"w\":48,\"h\":14,\"i\":\"8dba12cb-b13b-4885-be71-4f0b80b741a1\"},\"panelIndex\":\"8dba12cb-b13b-4885-be71-4f0b80b741a1\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Spawned Processes\",\"panelRefName\":\"panel_8dba12cb-b13b-4885-be71-4f0b80b741a1\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":128,\"w\":10,\"h\":15,\"i\":\"d91877f5-6b32-4f10-b31c-a7dfc609b37e\"},\"panelIndex\":\"d91877f5-6b32-4f10-b31c-a7dfc609b37e\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell Events\",\"panelRefName\":\"panel_d91877f5-6b32-4f10-b31c-a7dfc609b37e\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":128,\"w\":20,\"h\":15,\"i\":\"57e03c45-07da-4b09-84ad-8f536cbdbb58\"},\"panelIndex\":\"57e03c45-07da-4b09-84ad-8f536cbdbb58\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell events over time\",\"panelRefName\":\"panel_57e03c45-07da-4b09-84ad-8f536cbdbb58\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":128,\"w\":18,\"h\":15,\"i\":\"6286154f-2b14-43a6-a3a5-9e85cf465162\"},\"panelIndex\":\"6286154f-2b14-43a6-a3a5-9e85cf465162\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell events by computer\",\"panelRefName\":\"panel_6286154f-2b14-43a6-a3a5-9e85cf465162\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":143,\"w\":25,\"h\":16,\"i\":\"376ac409-1f80-4cc4-a94f-71431233ffc1\"},\"panelIndex\":\"376ac409-1f80-4cc4-a94f-71431233ffc1\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Potentially suspicious powershell\",\"panelRefName\":\"panel_376ac409-1f80-4cc4-a94f-71431233ffc1\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":25,\"y\":143,\"w\":23,\"h\":16,\"i\":\"570dff9d-ac96-4d3b-a4f3-a81e09fce159\"},\"panelIndex\":\"570dff9d-ac96-4d3b-a4f3-a81e09fce159\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell network connections\",\"panelRefName\":\"panel_570dff9d-ac96-4d3b-a4f3-a81e09fce159\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":159,\"w\":48,\"h\":4,\"i\":\"fb24e6b0-f665-4798-8540-31d38b4b78cb\"},\"panelIndex\":\"fb24e6b0-f665-4798-8540-31d38b4b78cb\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_fb24e6b0-f665-4798-8540-31d38b4b78cb\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":163,\"w\":24,\"h\":15,\"i\":\"f0f11bc0-5607-4a3b-b4a4-4d8500c62c0a\"},\"panelIndex\":\"f0f11bc0-5607-4a3b-b4a4-4d8500c62c0a\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"References to temporary files\",\"panelRefName\":\"panel_f0f11bc0-5607-4a3b-b4a4-4d8500c62c0a\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":24,\"y\":163,\"w\":24,\"h\":15,\"i\":\"5b06e280-9804-408b-b8c5-c75f21bb7d00\"},\"panelIndex\":\"5b06e280-9804-408b-b8c5-c75f21bb7d00\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"RawAccessRead (Sysmon Event 9)\",\"panelRefName\":\"panel_5b06e280-9804-408b-b8c5-c75f21bb7d00\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":178,\"w\":48,\"h\":4,\"i\":\"05382728-1306-4e59-b08e-d899afdf22b3\"},\"panelIndex\":\"05382728-1306-4e59-b08e-d899afdf22b3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_05382728-1306-4e59-b08e-d899afdf22b3\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":182,\"w\":12,\"h\":14,\"i\":\"ba231616-e45f-4299-87a6-56f785c53354\"},\"panelIndex\":\"ba231616-e45f-4299-87a6-56f785c53354\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Defender event count\",\"panelRefName\":\"panel_ba231616-e45f-4299-87a6-56f785c53354\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":182,\"w\":12,\"h\":14,\"i\":\"9d149e7a-8cd7-4a4e-bbed-e4d2ca6e2931\"},\"panelIndex\":\"9d149e7a-8cd7-4a4e-bbed-e4d2ca6e2931\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9d149e7a-8cd7-4a4e-bbed-e4d2ca6e2931\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":24,\"y\":182,\"w\":24,\"h\":14,\"i\":\"af3a8a33-8efa-422f-b024-f2c4a158586f\"},\"panelIndex\":\"af3a8a33-8efa-422f-b024-f2c4a158586f\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"AV Detections (Event 1116)\",\"panelRefName\":\"panel_af3a8a33-8efa-422f-b024-f2c4a158586f\"}]","timeRestore":false,"title":"User Security","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"e5f203f0-6182-11ee-b035-d5f231e90733","managed":false,"references":[{"id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","name":"cb956d23-9d5b-4af8-becf-a2d2d108b5f7:panel_cb956d23-9d5b-4af8-becf-a2d2d108b5f7","type":"visualization"},{"id":"a64ec020-84b4-11ea-b7fb-01bea49d9239","name":"d962c0d4-f80a-426c-9a1b-43e2fb6296f2:panel_d962c0d4-f80a-426c-9a1b-43e2fb6296f2","type":"visualization"},{"id":"8b7ff050-8ed4-11ea-904c-391ecaa2f2f4","name":"b5483ec3-77b5-4e4c-b532-32ce796aa1de:panel_b5483ec3-77b5-4e4c-b532-32ce796aa1de","type":"visualization"},{"id":"53b65290-8ed4-11ea-904c-391ecaa2f2f4","name":"669e458b-ac6a-41d1-b3e2-945a0c8571bd:panel_669e458b-ac6a-41d1-b3e2-945a0c8571bd","type":"visualization"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"b693e539-d72a-496c-bbaf-31c22eeb78c2:indexpattern-datasource-layer-d123adeb-fd39-4176-b3c9-69c88d2852d5","type":"index-pattern"},{"id":"d58b0380-8540-11ea-b6c5-5d9149593ce4","name":"0eb6fcd2-cd91-4c3e-b652-4f06922da3ae:panel_0eb6fcd2-cd91-4c3e-b652-4f06922da3ae","type":"visualization"},{"id":"22170f50-853c-11ea-b6c5-5d9149593ce4","name":"2281ee7a-a6bd-4d4e-8ced-3c594acfdd3f:panel_2281ee7a-a6bd-4d4e-8ced-3c594acfdd3f","type":"visualization"},{"id":"c0c8b560-84a9-11ea-b7fb-01bea49d9239","name":"13240516-125d-434d-8929-d9a334308aa6:panel_13240516-125d-434d-8929-d9a334308aa6","type":"visualization"},{"id":"489f7350-853d-11ea-b6c5-5d9149593ce4","name":"4b488bfa-a881-46c9-933b-ed762dfb6884:panel_4b488bfa-a881-46c9-933b-ed762dfb6884","type":"visualization"},{"id":"a179afa0-853c-11ea-b6c5-5d9149593ce4","name":"1d6bc214-21e6-4f94-b4df-94585768f0d1:panel_1d6bc214-21e6-4f94-b4df-94585768f0d1","type":"visualization"},{"id":"2325be20-8616-11ea-a720-c7a0431f179d","name":"5db1345f-28a0-43fd-9cd2-d51e9349cfad:panel_5db1345f-28a0-43fd-9cd2-d51e9349cfad","type":"search"},{"id":"a1229110-860f-11ea-a720-c7a0431f179d","name":"dc8de60f-b44b-4e88-9f4c-603ebc8be78b:panel_dc8de60f-b44b-4e88-9f4c-603ebc8be78b","type":"visualization"},{"id":"ec7ad2d0-8641-11ea-907a-33d103156187","name":"3b38696a-cc17-47fb-91f4-96884a7262de:panel_3b38696a-cc17-47fb-91f4-96884a7262de","type":"visualization"},{"id":"31a7d490-e677-11e9-8be5-cd86dcca33f3","name":"85d08841-be8d-45e6-8d57-e79d3e63b315:panel_85d08841-be8d-45e6-8d57-e79d3e63b315","type":"visualization"},{"id":"3fb9dfd0-8887-11ea-99ef-bd4d29afe41e","name":"8053a0e5-33e4-46d0-adcc-5baa505a07e4:panel_8053a0e5-33e4-46d0-adcc-5baa505a07e4","type":"visualization"},{"id":"245778d0-8641-11ea-907a-33d103156187","name":"d6e81b2b-664b-480d-9e79-0146110b5b40:panel_d6e81b2b-664b-480d-9e79-0146110b5b40","type":"visualization"},{"id":"027102a0-e69f-11e9-8be5-cd86dcca33f3","name":"cf6d87aa-3642-443d-8535-ffc445bb0de8:panel_cf6d87aa-3642-443d-8535-ffc445bb0de8","type":"search"},{"id":"813d18f0-8869-11ea-99ef-bd4d29afe41e","name":"e7d0f621-25db-4fc2-b342-de3356d27d22:panel_e7d0f621-25db-4fc2-b342-de3356d27d22","type":"visualization"},{"id":"ca56a030-8899-11ea-99ef-bd4d29afe41e","name":"8dba12cb-b13b-4885-be71-4f0b80b741a1:panel_8dba12cb-b13b-4885-be71-4f0b80b741a1","type":"search"},{"id":"60553d40-ec18-11e9-befc-81397a291157","name":"d91877f5-6b32-4f10-b31c-a7dfc609b37e:panel_d91877f5-6b32-4f10-b31c-a7dfc609b37e","type":"visualization"},{"id":"bc2e06f0-8930-11ea-9bd8-f3fed1ec2140","name":"57e03c45-07da-4b09-84ad-8f536cbdbb58:panel_57e03c45-07da-4b09-84ad-8f536cbdbb58","type":"visualization"},{"id":"2b71e9f0-8931-11ea-9bd8-f3fed1ec2140","name":"6286154f-2b14-43a6-a3a5-9e85cf465162:panel_6286154f-2b14-43a6-a3a5-9e85cf465162","type":"visualization"},{"id":"ff5a53b0-ebf7-11e9-befc-81397a291157","name":"376ac409-1f80-4cc4-a94f-71431233ffc1:panel_376ac409-1f80-4cc4-a94f-71431233ffc1","type":"search"},{"id":"c97a71f0-8952-11ea-9bd8-f3fed1ec2140","name":"570dff9d-ac96-4d3b-a4f3-a81e09fce159:panel_570dff9d-ac96-4d3b-a4f3-a81e09fce159","type":"search"},{"id":"404f6e60-895e-11ea-9bd8-f3fed1ec2140","name":"fb24e6b0-f665-4798-8540-31d38b4b78cb:panel_fb24e6b0-f665-4798-8540-31d38b4b78cb","type":"visualization"},{"id":"1a0c4520-e698-11e9-8be5-cd86dcca33f3","name":"f0f11bc0-5607-4a3b-b4a4-4d8500c62c0a:panel_f0f11bc0-5607-4a3b-b4a4-4d8500c62c0a","type":"visualization"},{"id":"6b97d600-8960-11ea-9bd8-f3fed1ec2140","name":"5b06e280-9804-408b-b8c5-c75f21bb7d00:panel_5b06e280-9804-408b-b8c5-c75f21bb7d00","type":"search"},{"id":"ebbab910-8960-11ea-9bd8-f3fed1ec2140","name":"05382728-1306-4e59-b08e-d899afdf22b3:panel_05382728-1306-4e59-b08e-d899afdf22b3","type":"visualization"},{"id":"4d08ec30-e5c1-11e9-ac01-d5832a8a14d8","name":"ba231616-e45f-4299-87a6-56f785c53354:panel_ba231616-e45f-4299-87a6-56f785c53354","type":"visualization"},{"id":"45277cd0-7bdf-11e9-b45c-ad49d0e60b5a","name":"9d149e7a-8cd7-4a4e-bbed-e4d2ca6e2931:panel_9d149e7a-8cd7-4a4e-bbed-e4d2ca6e2931","type":"visualization"},{"id":"854e4470-8966-11ea-9bd8-f3fed1ec2140","name":"af3a8a33-8efa-422f-b024-f2c4a158586f:panel_af3a8a33-8efa-422f-b024-f2c4a158586f","type":"search"}],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI5MSwxXQ=="} +{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":38,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file diff --git a/dashboard_refactor/refactored/Alerting Dashboard 2.0.ndjson b/dashboard_refactor/refactored/Alerting Dashboard 2.0.ndjson new file mode 100644 index 00000000..58f3d83a --- /dev/null +++ b/dashboard_refactor/refactored/Alerting Dashboard 2.0.ndjson @@ -0,0 +1,22 @@ +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n| [ Credential Access logs](#/dashboard/403259b0-42ff-11ef-ad69-a315bc8e9abb)\\n| [ Privilege Access logs](#/dashboard/ff4536e0-439c-11ef-bb7f-8131442929d4)\\n| [ Policy Changes & System Activity](#/dashboard/b9590350-4ad6-11ef-b548-fb0fe2537bf7)\\n| [ Identity access Management](#/dashboard/99145260-4618-11ef-af9e-99159f20f35b)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T15:11:26.658Z","id":"5eea1399-b3f9-4413-9790-7bd5f75ed5f1","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-23T15:11:26.658Z","version":"WzI0ODgsMV0="} +{"attributes":{"allowHidden":false,"allowNoIndex":true,"fieldAttrs":"{}","fieldFormatMap":"{}","fields":"[]","name":"logs-*","runtimeFieldMap":"{}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-*"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T15:11:26.658Z","id":"c25323e4-7499-4278-b64f-842597921b1e","managed":true,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-23T15:11:26.658Z","version":"WzI0ODksMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Alerting - Tags Controls","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Alerting - Tags Controls\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1588260438304\",\"fieldName\":\"\",\"parent\":\"\",\"label\":\"Tags\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T15:11:26.658Z","id":"52e59d99-4f20-4784-8bcc-00eee6b867f5","managed":false,"references":[{"id":"c25323e4-7499-4278-b64f-842597921b1e","name":"control_0_index_pattern","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-23T15:11:26.658Z","version":"WzI0OTAsMV0="} +{"attributes":{"fieldAttrs":"{}","fieldFormatMap":"{\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable.text\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name.text\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","runtimeFieldMap":"{\"Column1\":{\"type\":\"keyword\",\"script\":{\"source\":\"if(doc['signal.status'].size() != 0) { if(doc['signal.status'].value.equals(\\\"open\\\")) { if(doc['event.code'].size() != 0) { if(doc['event.code'].value.equals(Integer.toString(1))) { if (doc['process.pid'].size() != 0) { emit (doc['process.pid'].value.toString()) } } else if(doc['event.code'].value.equals(Integer.toString(3))) { if (doc['destination.address'].size() != 0) { emit (doc['destination.address'].value.toString()) } } } emit (\\\"No Data\\\") } } emit (\\\"Signal Closed\\\")\"}},\"Column2\":{\"type\":\"keyword\",\"script\":{\"source\":\"if(doc['signal.status'].size() != 0) { if(doc['signal.status'].value.equals(\\\"open\\\")) { if(doc['event.code'].size() != 0) { if(doc['event.code'].value.equals(Integer.toString(1))) { def args = \\\"\\\"; if (doc['process.args'].size() != 0) { for(int i=0; i winlog.computer_name:(\\\\S+) > .*\\\").title(\\\"Sysmon events by computer\\\").legend(position=nw).yaxis(label=\\\"Number of events\\\")\",\"interval\":\"auto\"},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-21T22:21:37.974Z","id":"c1138577-9732-431b-8584-fbf5a7e333cf","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-21T22:21:37.974Z","version":"WzE1NDksMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n| [ Credential Access logs](#/dashboard/403259b0-42ff-11ef-ad69-a315bc8e9abb)\\n| [ Privilege Access logs](#/dashboard/ff4536e0-439c-11ef-bb7f-8131442929d4)\\n| [ Policy Changes & System Activity](#/dashboard/b9590350-4ad6-11ef-b548-fb0fe2537bf7)\\n| [ Identity access Management](#/dashboard/99145260-4618-11ef-af9e-99159f20f35b)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-21T22:21:37.974Z","id":"21ac13ec-ac49-42f0-94ab-1075ca23e3e5","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-21T22:21:37.974Z","version":"WzE1NTAsMV0="} +{"attributes":{"description":"Summarizes collected Sysmon event data","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":24,\"h\":13,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Total number of Sysmon events found\",\"panelRefName\":\"panel_2\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":3,\"w\":24,\"h\":13,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{},\"vis\":{\"legendOpen\":true}},\"title\":\"Percentage of Sysmon events by event code\",\"panelRefName\":\"panel_3\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":16,\"w\":24,\"h\":18,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Count of Sysmon events by event code\",\"panelRefName\":\"panel_4\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":16,\"w\":24,\"h\":18,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}}},\"enhancements\":{}},\"title\":\"Top 10 hosts generating the most Sysmon data\",\"panelRefName\":\"panel_5\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":34,\"w\":48,\"h\":21,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Sysmon event code reference\",\"panelRefName\":\"panel_7\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":55,\"w\":48,\"h\":15,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Sysmon events\",\"panelRefName\":\"panel_8\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"76bd58e2-b637-4a48-ae79-4ca8abeab308\"},\"panelIndex\":\"76bd58e2-b637-4a48-ae79-4ca8abeab308\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_76bd58e2-b637-4a48-ae79-4ca8abeab308\"}]","timeRestore":false,"title":"Sysmon Summary","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-21T22:21:37.974Z","id":"newdashboard","managed":false,"references":[{"id":"b7fe57cb-6119-4ba8-b169-63cdf51d8d31","name":"2:panel_2","type":"visualization"},{"id":"7c60b9ca-af8f-4563-8719-099c16c0020a","name":"3:panel_3","type":"visualization"},{"id":"875432d0-510b-4d4c-a77d-563e1bd70a62","name":"4:panel_4","type":"visualization"},{"id":"34250ab9-39e2-4601-8aa5-3d047b43c632","name":"5:panel_5","type":"visualization"},{"id":"2f1ca8e2-75c0-4f84-b0f1-192d2bff49c0","name":"7:panel_7","type":"visualization"},{"id":"c1138577-9732-431b-8584-fbf5a7e333cf","name":"8:panel_8","type":"visualization"},{"id":"21ac13ec-ac49-42f0-94ab-1075ca23e3e5","name":"76bd58e2-b637-4a48-ae79-4ca8abeab308:panel_76bd58e2-b637-4a48-ae79-4ca8abeab308","type":"visualization"}],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-10-21T22:21:37.974Z","version":"WzE1NTEsMV0="} +{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":10,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file diff --git a/dashboard_refactor/refactored/User HR 2.0.ndjson b/dashboard_refactor/refactored/User HR 2.0.ndjson new file mode 100644 index 00000000..1da0f9c7 --- /dev/null +++ b/dashboard_refactor/refactored/User HR 2.0.ndjson @@ -0,0 +1,14 @@ +{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":10},\"source.ip\":{\"count\":3},\"source.port\":{\"count\":3},\"winlog.event_data.IpAddress\":{\"count\":6},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":5},\"winlog.event_data.TargetDomainName\":{\"count\":9},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.event_data.ProcessID\":{\"count\":1},\"process.executable\":{\"count\":2},\"destination.ip\":{\"count\":1},\"destination.port\":{\"count\":1},\"network.transport\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.DestinationIp\":{\"count\":5},\"winlog.event_data.DestinationPort\":{\"count\":1},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.SourceIp\":{\"count\":3},\"winlog.event_data.SourcePort\":{\"count\":3},\"winlog.event_data.SourcePortName\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":1},\"winlog.event_data.SubjectUserName\":{\"count\":2},\"winlog.event_data.TargetUser\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"logs-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-24T14:22:55.477Z","id":"72f39161-3f69-49a4-b39a-b0168b88856a","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-24T14:22:55.477Z","version":"WzMyMiwyXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n| [ Credential Access logs](#/dashboard/403259b0-42ff-11ef-ad69-a315bc8e9abb)\\n| [ Privilege Access logs](#/dashboard/ff4536e0-439c-11ef-bb7f-8131442929d4)\\n| [ Policy Changes & System Activity](#/dashboard/b9590350-4ad6-11ef-b548-fb0fe2537bf7)\\n| [ Identity access Management](#/dashboard/99145260-4618-11ef-af9e-99159f20f35b)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-24T14:22:55.477Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-24T14:22:55.477Z","version":"WzMyMSwyXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}"},"title":"Security - Select User","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Select User\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1587572089136\",\"label\":\"Domain(s)\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\",\"fieldName\":\"\",\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1587713561601\",\"fieldName\":\"user.name\",\"parent\":\"\",\"label\":\"Username(s)\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-24T14:22:55.477Z","id":"a64ec020-84b4-11ea-b7fb-01bea49d9239","managed":false,"references":[{"id":"72f39161-3f69-49a4-b39a-b0168b88856a","name":"control_0_index_pattern","type":"index-pattern"},{"id":"72f39161-3f69-49a4-b39a-b0168b88856a","name":"control_1_index_pattern","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-24T18:06:06.245Z","version":"WzQ4MSwyXQ=="} +{"attributes":{"allowHidden":false,"allowNoIndex":true,"fieldAttrs":"{}","fieldFormatMap":"{}","fields":"[]","name":"logs-*","runtimeFieldMap":"{}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-*"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-24T14:22:55.477Z","id":"252e4f32-a2c6-483d-a289-5d658410df17","managed":true,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-24T14:22:55.477Z","version":"WzMyNCwyXQ=="} +{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":10},\"source.ip\":{\"count\":3},\"source.port\":{\"count\":3},\"winlog.event_data.IpAddress\":{\"count\":6},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":5},\"winlog.event_data.TargetDomainName\":{\"count\":9},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.event_data.ProcessID\":{\"count\":1},\"process.executable\":{\"count\":2},\"destination.ip\":{\"count\":1},\"destination.port\":{\"count\":1},\"network.transport\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.DestinationIp\":{\"count\":5},\"winlog.event_data.DestinationPort\":{\"count\":1},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.SourceIp\":{\"count\":3},\"winlog.event_data.SourcePort\":{\"count\":3},\"winlog.event_data.SourcePortName\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":1},\"winlog.event_data.SubjectUserName\":{\"count\":2},\"winlog.event_data.TargetUser\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"logs-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-24T14:22:55.477Z","id":"e3f24157-721c-4741-ac8f-8be48c22d612","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-24T14:22:55.477Z","version":"WzMyNSwyXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"HR - User activity title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HR - User activity title\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"## All user activity\"},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-24T14:22:55.477Z","id":"eafe31b0-8a22-11ea-9ff6-ed89e356f0e4","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-24T14:22:55.477Z","version":"WzMyNiwyXQ=="} +{"attributes":{"allowHidden":false,"allowNoIndex":true,"fieldAttrs":"{}","fieldFormatMap":"{}","fields":"[]","name":"logs-*","runtimeFieldMap":"{}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-*"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-24T14:22:55.477Z","id":"logs-*","managed":true,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-24T14:22:55.477Z","version":"WzMyNywyXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"HR - Logon title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HR - Logon title\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"## Logon / Logoff events\"},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-24T14:22:55.477Z","id":"20387200-8a23-11ea-9ff6-ed89e356f0e4","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-24T14:22:55.477Z","version":"WzMyOCwyXQ=="} +{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":10},\"source.ip\":{\"count\":3},\"source.port\":{\"count\":3},\"winlog.event_data.IpAddress\":{\"count\":6},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":5},\"winlog.event_data.TargetDomainName\":{\"count\":9},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.event_data.ProcessID\":{\"count\":1},\"process.executable\":{\"count\":2},\"destination.ip\":{\"count\":1},\"destination.port\":{\"count\":1},\"network.transport\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.DestinationIp\":{\"count\":5},\"winlog.event_data.DestinationPort\":{\"count\":1},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.SourceIp\":{\"count\":3},\"winlog.event_data.SourcePort\":{\"count\":3},\"winlog.event_data.SourcePortName\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":1},\"winlog.event_data.SubjectUserName\":{\"count\":2},\"winlog.event_data.TargetUser\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"winlogbeat-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"winlogbeat-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-24T14:22:55.477Z","id":"68a051a0-1d7f-11e9-9fc5-a91039822035","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-24T14:22:55.477Z","version":"WzMyOSwyXQ=="} +{"attributes":{"columns":["winlog.event_data.SubjectDomainName","winlog.event_data.TargetUserName","host.name","winlog.event_data.TargetLogonId"],"description":"","grid":{"columns":{"user.name":{"width":193},"winlog.event_data.SubjectDomainName":{"width":193}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code:\\\"4624\\\" and not user.name:*$\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"winlog.event_data.LogonType\",\"value\":[\"2\",\"10\",\"11\",\"7\"],\"params\":[\"2\",\"10\",\"11\",\"7\"],\"alias\":null,\"negate\":false,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"winlog.event_data.LogonType\":\"2\"}},{\"match_phrase\":{\"winlog.event_data.LogonType\":\"10\"}},{\"match_phrase\":{\"winlog.event_data.LogonType\":\"11\"}},{\"match_phrase\":{\"winlog.event_data.LogonType\":\"7\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Interactive Logon search","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-24T14:22:55.477Z","id":"2fa5fa00-8a1e-11ea-9ff6-ed89e356f0e4","managed":false,"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-24T14:22:55.477Z","version":"WzMzMCwyXQ=="} +{"attributes":{"columns":[],"description":"","grid":{"columns":{"winlog.event_data.TargetDomainName":{"width":241},"winlog.event_data.TargetUserName":{"width":241}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(event.code:\\\"4634\\\" OR event.code:\\\"4647\\\" ) and not user.name:*$\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Logoff events","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-24T14:22:55.477Z","id":"e02eb1f0-8a1e-11ea-9ff6-ed89e356f0e4","managed":false,"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-24T14:22:55.477Z","version":"WzMzMSwyXQ=="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HR - Interactive v Remote pie","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HR - Interactive v Remote pie\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{},\"params\":{},\"label\":\"filters\",\"aggType\":\"filters\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"filters\",\"schema\":\"segment\",\"params\":{\"filters\":[{\"input\":{\"query\":\"winlog.event_data.LogonType:2\",\"language\":\"lucene\"},\"label\":\"Interactive\"},{\"input\":{\"query\":\"winlog.event_data.LogonType:10\",\"language\":\"lucene\"},\"label\":\"RemoteInteractive\"}]}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-24T14:22:55.477Z","id":"b4cccab0-8a23-11ea-9ff6-ed89e356f0e4","managed":false,"references":[{"id":"2fa5fa00-8a1e-11ea-9ff6-ed89e356f0e4","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-24T14:22:55.477Z","version":"WzMzMiwyXQ=="} +{"attributes":{"description":"Overview of user activity for Human Resources\n","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[{\"meta\":{\"key\":\"user.name\",\"controlledBy\":\"1587713561601\",\"type\":\"phrase\",\"params\":{\"query\":\"lme-user\"},\"disabled\":false,\"negate\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"user.name\":\"lme-user\"}},\"$state\":{\"store\":\"appState\"}}]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"a6335da9-2093-46ac-bd39-f1c5e5fe8825\"},\"panelIndex\":\"a6335da9-2093-46ac-bd39-f1c5e5fe8825\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a6335da9-2093-46ac-bd39-f1c5e5fe8825\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":16,\"h\":12,\"i\":\"ab726ae4-6c98-4f26-8cd3-07bf2808b704\"},\"panelIndex\":\"ab726ae4-6c98-4f26-8cd3-07bf2808b704\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Select domain(s) and username(s)\",\"panelRefName\":\"panel_ab726ae4-6c98-4f26-8cd3-07bf2808b704\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":3,\"w\":15,\"h\":12,\"i\":\"c8d3e871-1f5d-40bd-a0f9-5441a58cad32\"},\"panelIndex\":\"c8d3e871-1f5d-40bd-a0f9-5441a58cad32\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"252e4f32-a2c6-483d-a289-5d658410df17\",\"name\":\"indexpattern-datasource-layer-23f1f6ab-b8b6-47e2-a508-4b3f368cb093\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"23f1f6ab-b8b6-47e2-a508-4b3f368cb093\",\"accessors\":[\"5a238afa-9ffa-4568-8a43-6167c0a76b67\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"cd51b883-1c2b-42c5-95e4-d1ef8aa38fc7\",\"splitAccessor\":\"fc23a029-309e-40a7-aeca-309fd8423ced\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"23f1f6ab-b8b6-47e2-a508-4b3f368cb093\":{\"columns\":{\"cd51b883-1c2b-42c5-95e4-d1ef8aa38fc7\":{\"label\":\"Top 5 values of winlog.event_data.SubjectDomainName\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectDomainName\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5a238afa-9ffa-4568-8a43-6167c0a76b67\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"fc23a029-309e-40a7-aeca-309fd8423ced\":{\"label\":\"Top 3 values of winlog.event_data.TargetUserName\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.TargetUserName\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5a238afa-9ffa-4568-8a43-6167c0a76b67\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"5a238afa-9ffa-4568-8a43-6167c0a76b67\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"cd51b883-1c2b-42c5-95e4-d1ef8aa38fc7\",\"fc23a029-309e-40a7-aeca-309fd8423ced\",\"5a238afa-9ffa-4568-8a43-6167c0a76b67\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Filter Users\"},{\"type\":\"lens\",\"gridData\":{\"x\":31,\"y\":3,\"w\":17,\"h\":12,\"i\":\"69771c75-8536-49b2-a835-c134ada8cd8d\"},\"panelIndex\":\"69771c75-8536-49b2-a835-c134ada8cd8d\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"e3f24157-721c-4741-ac8f-8be48c22d612\",\"name\":\"indexpattern-datasource-layer-f67bbe9f-ae2f-4601-8fec-3a935e9f9ff2\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar\",\"layers\":[{\"layerId\":\"f67bbe9f-ae2f-4601-8fec-3a935e9f9ff2\",\"accessors\":[\"5d3a9e33-d23b-4f5d-b02c-260e5016d278\"],\"position\":\"top\",\"seriesType\":\"bar\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"22b4e313-2858-411e-a90b-911198fa34fe\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f67bbe9f-ae2f-4601-8fec-3a935e9f9ff2\":{\"columns\":{\"22b4e313-2858-411e-a90b-911198fa34fe\":{\"label\":\"Top 5 values of winlog.computer_name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"winlog.computer_name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5d3a9e33-d23b-4f5d-b02c-260e5016d278\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"5d3a9e33-d23b-4f5d-b02c-260e5016d278\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"22b4e313-2858-411e-a90b-911198fa34fe\",\"5d3a9e33-d23b-4f5d-b02c-260e5016d278\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Filter Computers\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":15,\"w\":48,\"h\":4,\"i\":\"f2f654b0-42ef-403c-bee2-7e26499f809a\"},\"panelIndex\":\"f2f654b0-42ef-403c-bee2-7e26499f809a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f2f654b0-42ef-403c-bee2-7e26499f809a\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":19,\"w\":24,\"h\":15,\"i\":\"4b306ffa-7af9-461d-b7aa-966f67b4ed57\"},\"panelIndex\":\"4b306ffa-7af9-461d-b7aa-966f67b4ed57\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-6bfbd839-8497-464d-a473-26c01d5ba342\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"6bfbd839-8497-464d-a473-26c01d5ba342\",\"accessors\":[\"959a5347-48f5-488a-96c4-381f5a7474d4\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"ded5443c-8b2d-4ea7-b640-b3a6a2212559\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"6bfbd839-8497-464d-a473-26c01d5ba342\":{\"columns\":{\"ded5443c-8b2d-4ea7-b640-b3a6a2212559\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"959a5347-48f5-488a-96c4-381f5a7474d4\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}}}}},\"columnOrder\":[\"ded5443c-8b2d-4ea7-b640-b3a6a2212559\",\"959a5347-48f5-488a-96c4-381f5a7474d4\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"logs-*\"}},\"currentIndexPatternId\":\"logs-*\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"All User Events by Day of Week, Hour of Day\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":19,\"w\":24,\"h\":15,\"i\":\"e40e6077-f799-4c66-9bf8-1664121d8069\"},\"panelIndex\":\"e40e6077-f799-4c66-9bf8-1664121d8069\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-f46d1729-4bd5-4219-9973-01913c208fef\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"f46d1729-4bd5-4219-9973-01913c208fef\",\"accessors\":[\"800c3857-3c9c-4fc5-a403-3fcbede05599\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"1e026cf2-cc40-41b2-a12f-c75d0058eac7\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f46d1729-4bd5-4219-9973-01913c208fef\":{\"columns\":{\"1e026cf2-cc40-41b2-a12f-c75d0058eac7\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"800c3857-3c9c-4fc5-a403-3fcbede05599\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"1e026cf2-cc40-41b2-a12f-c75d0058eac7\",\"800c3857-3c9c-4fc5-a403-3fcbede05599\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"logs-*\"}},\"currentIndexPatternId\":\"logs-*\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Timestamps by Count\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":34,\"w\":48,\"h\":4,\"i\":\"8fc3d2d7-94e5-468d-9fa1-6ee2901ceb2e\"},\"panelIndex\":\"8fc3d2d7-94e5-468d-9fa1-6ee2901ceb2e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8fc3d2d7-94e5-468d-9fa1-6ee2901ceb2e\"},{\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":38,\"w\":24,\"h\":15,\"i\":\"755f30aa-d6ad-46d9-b2c3-7425c02ed03e\"},\"panelIndex\":\"755f30aa-d6ad-46d9-b2c3-7425c02ed03e\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"User logon events (filter by LogonId)\",\"panelRefName\":\"panel_755f30aa-d6ad-46d9-b2c3-7425c02ed03e\"},{\"type\":\"search\",\"gridData\":{\"x\":24,\"y\":38,\"w\":24,\"h\":15,\"i\":\"bb42b25e-f934-485b-854c-440cc1b3ebee\"},\"panelIndex\":\"bb42b25e-f934-485b-854c-440cc1b3ebee\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"User logoff events (correlate to logon events)\",\"panelRefName\":\"panel_bb42b25e-f934-485b-854c-440cc1b3ebee\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":53,\"w\":24,\"h\":15,\"i\":\"9cdb2eb7-3c55-4e81-ba4b-9b4f1b31c59f\"},\"panelIndex\":\"9cdb2eb7-3c55-4e81-ba4b-9b4f1b31c59f\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"In person vs Remote logons\",\"panelRefName\":\"panel_9cdb2eb7-3c55-4e81-ba4b-9b4f1b31c59f\"}]","timeRestore":false,"title":"User HR 2.0","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-24T18:06:50.721Z","id":"ff0170e5-e0ef-4ca1-8188-c7bb9d736898","managed":false,"references":[{"id":"72f39161-3f69-49a4-b39a-b0168b88856a","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","name":"a6335da9-2093-46ac-bd39-f1c5e5fe8825:panel_a6335da9-2093-46ac-bd39-f1c5e5fe8825","type":"visualization"},{"id":"a64ec020-84b4-11ea-b7fb-01bea49d9239","name":"ab726ae4-6c98-4f26-8cd3-07bf2808b704:panel_ab726ae4-6c98-4f26-8cd3-07bf2808b704","type":"visualization"},{"id":"252e4f32-a2c6-483d-a289-5d658410df17","name":"c8d3e871-1f5d-40bd-a0f9-5441a58cad32:indexpattern-datasource-layer-23f1f6ab-b8b6-47e2-a508-4b3f368cb093","type":"index-pattern"},{"id":"e3f24157-721c-4741-ac8f-8be48c22d612","name":"69771c75-8536-49b2-a835-c134ada8cd8d:indexpattern-datasource-layer-f67bbe9f-ae2f-4601-8fec-3a935e9f9ff2","type":"index-pattern"},{"id":"eafe31b0-8a22-11ea-9ff6-ed89e356f0e4","name":"f2f654b0-42ef-403c-bee2-7e26499f809a:panel_f2f654b0-42ef-403c-bee2-7e26499f809a","type":"visualization"},{"id":"logs-*","name":"4b306ffa-7af9-461d-b7aa-966f67b4ed57:indexpattern-datasource-layer-6bfbd839-8497-464d-a473-26c01d5ba342","type":"index-pattern"},{"id":"logs-*","name":"e40e6077-f799-4c66-9bf8-1664121d8069:indexpattern-datasource-layer-f46d1729-4bd5-4219-9973-01913c208fef","type":"index-pattern"},{"id":"20387200-8a23-11ea-9ff6-ed89e356f0e4","name":"8fc3d2d7-94e5-468d-9fa1-6ee2901ceb2e:panel_8fc3d2d7-94e5-468d-9fa1-6ee2901ceb2e","type":"visualization"},{"id":"2fa5fa00-8a1e-11ea-9ff6-ed89e356f0e4","name":"755f30aa-d6ad-46d9-b2c3-7425c02ed03e:panel_755f30aa-d6ad-46d9-b2c3-7425c02ed03e","type":"search"},{"id":"e02eb1f0-8a1e-11ea-9ff6-ed89e356f0e4","name":"bb42b25e-f934-485b-854c-440cc1b3ebee:panel_bb42b25e-f934-485b-854c-440cc1b3ebee","type":"search"},{"id":"b4cccab0-8a23-11ea-9ff6-ed89e356f0e4","name":"9cdb2eb7-3c55-4e81-ba4b-9b4f1b31c59f:panel_9cdb2eb7-3c55-4e81-ba4b-9b4f1b31c59f","type":"visualization"}],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-10-24T18:06:50.721Z","version":"WzQ4NywyXQ=="} +{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":13,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file diff --git a/dashboard_refactor/refactored/User Security 2.0.ndjson b/dashboard_refactor/refactored/User Security 2.0.ndjson new file mode 100644 index 00000000..ce1e6e72 --- /dev/null +++ b/dashboard_refactor/refactored/User Security 2.0.ndjson @@ -0,0 +1,43 @@ +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n| [ Credential Access logs](#/dashboard/403259b0-42ff-11ef-ad69-a315bc8e9abb)\\n| [ Privilege Access logs](#/dashboard/ff4536e0-439c-11ef-bb7f-8131442929d4)\\n| [ Policy Changes & System Activity](#/dashboard/b9590350-4ad6-11ef-b548-fb0fe2537bf7)\\n| [ Identity access Management](#/dashboard/99145260-4618-11ef-af9e-99159f20f35b)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"dec45d9f-11a2-4e39-ae58-4fc7885ce7dd","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMDksMV0="} +{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":10},\"source.ip\":{\"count\":3},\"source.port\":{\"count\":3},\"winlog.event_data.IpAddress\":{\"count\":6},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":5},\"winlog.event_data.TargetDomainName\":{\"count\":9},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.event_data.ProcessID\":{\"count\":1},\"process.executable\":{\"count\":2},\"destination.ip\":{\"count\":1},\"destination.port\":{\"count\":1},\"network.transport\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.DestinationIp\":{\"count\":5},\"winlog.event_data.DestinationPort\":{\"count\":1},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.SourceIp\":{\"count\":3},\"winlog.event_data.SourcePort\":{\"count\":3},\"winlog.event_data.SourcePortName\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":1},\"winlog.event_data.SubjectUserName\":{\"count\":2},\"winlog.event_data.TargetUser\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"logs-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"3b4066b6-77d5-404c-a7f7-b30ed6cb5ab0","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMTAsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}"},"title":"Security - Select User","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Select User\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1587572089136\",\"label\":\"Domain(s)\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\",\"fieldName\":\"\",\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1587713561601\",\"fieldName\":\"\",\"parent\":\"\",\"label\":\"Username(s)\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"4a675166-ce19-4836-9567-eda4ab46b3d5","managed":false,"references":[{"id":"3b4066b6-77d5-404c-a7f7-b30ed6cb5ab0","name":"control_0_index_pattern","type":"index-pattern"},{"id":"3b4066b6-77d5-404c-a7f7-b30ed6cb5ab0","name":"control_1_index_pattern","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMTEsMV0="} +{"attributes":{"allowHidden":false,"allowNoIndex":true,"fieldAttrs":"{}","fieldFormatMap":"{}","fields":"[]","name":"logs-*","runtimeFieldMap":"{}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-*"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"25aa14ff-d525-4751-a29d-290859861006","managed":true,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMTIsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security - Filter Hosts","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security - Filter Hosts\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Event count\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Host name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"8d476795-134d-4689-9050-a24b57adaa90","managed":false,"references":[{"id":"25aa14ff-d525-4751-a29d-290859861006","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMTMsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Security - Select Host","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Select Host\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1588685297382\",\"fieldName\":\"\",\"parent\":\"\",\"label\":\"Host\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"5c4b0b82-4972-40fe-b2ee-86c366342a98","managed":false,"references":[{"id":"3b4066b6-77d5-404c-a7f7-b30ed6cb5ab0","name":"control_0_index_pattern","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMTQsMV0="} +{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":10},\"source.ip\":{\"count\":3},\"source.port\":{\"count\":3},\"winlog.event_data.IpAddress\":{\"count\":6},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":5},\"winlog.event_data.TargetDomainName\":{\"count\":9},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.event_data.ProcessID\":{\"count\":1},\"process.executable\":{\"count\":2},\"destination.ip\":{\"count\":1},\"destination.port\":{\"count\":1},\"network.transport\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.DestinationIp\":{\"count\":5},\"winlog.event_data.DestinationPort\":{\"count\":1},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.SourceIp\":{\"count\":3},\"winlog.event_data.SourcePort\":{\"count\":3},\"winlog.event_data.SourcePortName\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":1},\"winlog.event_data.SubjectUserName\":{\"count\":2},\"winlog.event_data.TargetUser\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"logs-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:34:04.109Z","id":"e3f24157-721c-4741-ac8f-8be48c22d612","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:34:04.109Z","version":"WzIwNjksMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Logons Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logons Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Logons\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"4eccff45-c97a-480f-b593-4744922893e5","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMTYsMV0="} +{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":10},\"source.ip\":{\"count\":3},\"source.port\":{\"count\":3},\"winlog.event_data.IpAddress\":{\"count\":6},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":5},\"winlog.event_data.TargetDomainName\":{\"count\":9},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.event_data.ProcessID\":{\"count\":1},\"process.executable\":{\"count\":2},\"destination.ip\":{\"count\":1},\"destination.port\":{\"count\":1},\"network.transport\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.DestinationIp\":{\"count\":5},\"winlog.event_data.DestinationPort\":{\"count\":1},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.SourceIp\":{\"count\":3},\"winlog.event_data.SourcePort\":{\"count\":3},\"winlog.event_data.SourcePortName\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":1},\"winlog.event_data.SubjectUserName\":{\"count\":2},\"winlog.event_data.TargetUser\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"logs-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"64c636e6-00f6-469a-9315-1b8ae52c344f","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMTcsMV0="} +{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":10},\"source.ip\":{\"count\":3},\"source.port\":{\"count\":3},\"winlog.event_data.IpAddress\":{\"count\":6},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":5},\"winlog.event_data.TargetDomainName\":{\"count\":9},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.event_data.ProcessID\":{\"count\":1},\"process.executable\":{\"count\":2},\"destination.ip\":{\"count\":1},\"destination.port\":{\"count\":1},\"network.transport\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.DestinationIp\":{\"count\":5},\"winlog.event_data.DestinationPort\":{\"count\":1},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.SourceIp\":{\"count\":3},\"winlog.event_data.SourcePort\":{\"count\":3},\"winlog.event_data.SourcePortName\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":1},\"winlog.event_data.SubjectUserName\":{\"count\":2},\"winlog.event_data.TargetUser\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"winlogbeat-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"winlogbeat-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"04bfaff0-0ab7-4110-83cd-4e3a46766985","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMTgsMV0="} +{"attributes":{"columns":[],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(event.code:4624 OR event.code:4625) and not user.name:*$\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Human User Logon Events","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"ca236bdc-289e-4f9d-8f5e-05d0c3da14f7","managed":false,"references":[{"id":"64c636e6-00f6-469a-9315-1b8ae52c344f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"04bfaff0-0ab7-4110-83cd-4e3a46766985","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMTksMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Logon attempts","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logon attempts\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Login attempts\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"3f7d1f53-6b70-4235-879a-f149d98c9063","managed":false,"references":[{"id":"ca236bdc-289e-4f9d-8f5e-05d0c3da14f7","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMjAsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Logon events over time","uiStateJSON":"{\"vis\":{\"colors\":{\"Failed attempts\":\"#BF1B00\",\"Successful atempts\":\"#629E51\"}}}","version":1,"visState":"{\"title\":\"Security - Logon events over time\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":1,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm:ss\"}},\"params\":{\"date\":true,\"interval\":\"PT30S\",\"format\":\"HH:mm:ss\",\"bounds\":{\"min\":\"2020-04-23T08:41:59.000Z\",\"max\":\"2020-04-23T08:56:59.000Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":0,\"format\":{},\"params\":{},\"aggType\":\"filters\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"filters\",\"schema\":\"group\",\"params\":{\"filters\":[{\"input\":{\"query\":\"event.code:4625\",\"language\":\"lucene\"},\"label\":\"Failed attempts\"},{\"input\":{\"query\":\"event.code:4624\",\"language\":\"lucene\"},\"label\":\"Successful atempts\"}]}},{\"id\":\"3\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"42ae3f23-386c-4ceb-bb84-98879107338b","managed":false,"references":[{"id":"ca236bdc-289e-4f9d-8f5e-05d0c3da14f7","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMjEsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"event.code\",\"value\":\"4,624, 4,625\",\"params\":[\"4624\",\"4625\"],\"alias\":null,\"negate\":false,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"event.code\":\"4624\"}},{\"match_phrase\":{\"event.code\":\"4625\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"},"savedSearchRefName":"search_0","title":"Security - Logon hosts pie","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logon hosts pie\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Computers\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.TargetUserName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Computer\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"1e3228b7-ae0f-4e37-8586-558d4eb63d23","managed":false,"references":[{"id":"04bfaff0-0ab7-4110-83cd-4e3a46766985","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"ca236bdc-289e-4f9d-8f5e-05d0c3da14f7","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMjIsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Logon hosts","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logon hosts\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"host.name\",\"customLabel\":\"Hosts\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"b019f88f-c449-4d6f-b812-78ed5a9248a9","managed":false,"references":[{"id":"ca236bdc-289e-4f9d-8f5e-05d0c3da14f7","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMjMsMV0="} +{"attributes":{"columns":["event.code","host.name","winlog.event_data.TargetDomainName","winlog.event_data.TargetUserName","winlog.event_data.IpAddress","event.action","event.outcome","winlog.event_data.LogonType"],"description":"","grid":{"columns":{"user.domain":{"width":119},"user.name":{"width":134}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(event.code:4624 OR event.code:4625) and not user.name:*$\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Human Logon & Logoff events","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"e077e6a8-f42a-4444-bcb4-19b8916163fe","managed":false,"references":[{"id":"64c636e6-00f6-469a-9315-1b8ae52c344f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMjQsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Network Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Network Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Network Connections\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"80b03097-c117-44d0-8413-3c932d0886a2","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMjUsMV0="} +{"attributes":{"columns":[],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id : \\\"3\\\" and event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"All network activity ","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"f02a3c3d-eb39-4347-91f7-d62bece13128","managed":false,"references":[{"id":"64c636e6-00f6-469a-9315-1b8ae52c344f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMjYsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Network Activity Line","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Network Activity Line\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Connections\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15y\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"extendToTimeRange\":false,\"scaleMetricValues\":false,\"interval\":\"auto\",\"used_interval\":\"30d\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Connections\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Connections\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm:ss\"}},\"params\":{\"date\":true,\"interval\":\"PT30S\",\"format\":\"HH:mm:ss\",\"bounds\":{\"min\":\"2020-04-24T15:29:10.918Z\",\"max\":\"2020-04-24T15:44:10.918Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\",\"truncateLegend\":true,\"maxLegendLines\":1,\"radiusRatio\":9}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"aa741894-2140-4529-a488-6d34ed57abef","managed":false,"references":[{"id":"f02a3c3d-eb39-4347-91f7-d62bece13128","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMjcsMV0="} +{"attributes":{"columns":["winlog.event_data.DestinationHostname","destination.ip","winlog.event_data.DestinationIsIpv6","network.","process.executable","winlog.event_data.DestinationPort","winlog.event_data.Protocol","winlog.user.name","winlog.user.type","source.ip","winlog.event_data.SourceIsIpv6","source.port","network.protocol"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id:3 AND NOT (destination.ip:\\\"10.0.0.0/8\\\" OR destination.ip:\\\"172.16.0.0/16\\\" OR destination.ip:\\\"192.168.0.0/16\\\" OR destionation.ip:\\\"224.0.0.0/24\\\" OR destination.ip:\\\"169.254.0.0/16\\\" OR destination.ip:\\\"127.0.0.1\\\" OR destination.ip:\\\"fe80::/10\\\" OR destination.ip:\\\"fc00::/7\\\") AND NOT (process.name:iexplore.exe OR process.name:chrome.exe OR process.name:firefox.exe OR process.name:opera.exe) AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"srch_sd_non_browsers_connection","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"50b150ad-5aff-4706-9229-d9bcb38255ef","managed":false,"references":[{"id":"64c636e6-00f6-469a-9315-1b8ae52c344f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-23T15:24:04.448Z","version":"WzI1MzksMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Network Process List","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security - Network Process List\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.DestinationIp\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":false,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.TargetUserName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Logged on user\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Computer\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.ProcessId\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":4,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"date\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"percentageCol\":\"\",\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"e45875a5-d1ae-4c92-9683-86392f740aae","managed":false,"references":[{"id":"50b150ad-5aff-4706-9229-d9bcb38255ef","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMjksMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Network connections area ","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Network connections area \",\"type\":\"area\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":false,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"group\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.ProcessId\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"group\"}],\"params\":{\"type\":\"area\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"labels\":{},\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\",\"truncateLegend\":true,\"maxLegendLines\":1,\"radiusRatio\":9}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"48405764-dc21-463c-bef1-3c0da9a0e42a","managed":false,"references":[{"id":"50b150ad-5aff-4706-9229-d9bcb38255ef","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMzAsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Overview - Processes with unusual network activity","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Overview - Processes with unusual network activity\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"significant_terms\",\"params\":{\"field\":\"winlog.event_data.ProcessId\",\"size\":10,\"include\":\"\",\"json\":\"\",\"customLabel\":\"Process\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"string\"},\"params\":{},\"label\":\"Process\",\"aggType\":\"significant_terms\"}]},\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"5e7314fa-49ae-4328-b799-017c6a3c4fbb","managed":false,"references":[{"id":"50b150ad-5aff-4706-9229-d9bcb38255ef","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMzEsMV0="} +{"attributes":{"columns":["host.name","winlog.event_data.TargetUserName","winlog.event_data.TargetDomainName","winlog.event_data.SourceIp","winlog.event_data.SourcePort","winlog.event_data.DestinationIp","winlog.event_data.DestinationPort","winlog.event_data.ProcessId","winlog.event_data.ProcessName"],"description":"","grid":{"columns":{"winlog.event_data.SubjectDomainName":{"width":216}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id:3 AND NOT (destination.ip:\\\"10.0.0.0/8\\\" OR destination.ip:\\\"172.16.0.0/16\\\" OR destination.ip:\\\"192.168.0.0/16\\\" OR destionation.ip:\\\"224.0.0.0/24\\\" OR destination.ip:\\\"169.254.0.0/16\\\" OR destination.ip:\\\"127.0.0.1\\\" OR destination.ip:\\\"fe80::/10\\\" OR destination.ip:\\\"fc00::/7\\\") and event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"srch_uds_non_private_network","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"e35a92e5-1ca7-4c49-8f92-bba46bb6b8f4","managed":false,"references":[{"id":"25aa14ff-d525-4751-a29d-290859861006","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMzIsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Processes Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Processes Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Processes & Powershell\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"b54164ff-6ee5-47d6-a42b-8ac2cec9cad9","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMzMsMV0="} +{"attributes":{"columns":["host.name","winlog.event_data.TargetDomainName","winlog.event_data.User","winlog.event_data.ProcessId","winlog.event_data.ProcessName","winlog.event_data.Hashes","process.args"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code:\\\"1\\\" AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Process Spawns","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"826cccdc-b0be-4819-aab4-4082eb2ea6b5","managed":false,"references":[{"id":"64c636e6-00f6-469a-9315-1b8ae52c344f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMzQsMV0="} +{"attributes":{"columns":["user.domain","user.name","host.name","process.executable","process.command_line","process.parent.executable","process.parent.command_line","file.path","event.code"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"process.parent.name:\\\"powershell.exe\\\" OR process.name:\\\"powershell.exe\\\" OR winlog.event_data.OriginalFileName:\\\"PowerShell.EXE\\\" OR process.command_line.text:\\\"powershell\\\" OR parent.process.command_line.text:\\\"powershell\\\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"srch_sd_powershell_run","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"dd7d1b84-be2f-4dd5-bff9-5dc3d41cca62","managed":false,"references":[{"id":"64c636e6-00f6-469a-9315-1b8ae52c344f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMzUsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Powershell Run Count","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Security - Powershell Run Count\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"bf65ea9e-3cf4-4394-ace6-e45968bdfaf6","managed":false,"references":[{"id":"dd7d1b84-be2f-4dd5-bff9-5dc3d41cca62","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMzYsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Powershell runs over time","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now/w\",\"to\":\"now/w\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":0,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"grid\":{\"categoryLines\":false},\"labels\":{},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#34130C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\"},\"title\":\"Security - Powershell runs over time\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"28a2a074-23e1-4739-a9c0-1f04e4416aab","managed":false,"references":[{"id":"dd7d1b84-be2f-4dd5-bff9-5dc3d41cca62","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMzcsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Power shell hosts pie","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"host.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addTooltip\":true,\"dimensions\":{\"metric\":{\"accessor\":0,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}},\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Security - Power shell hosts pie\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"04061d59-6e1f-46f4-887b-e1877e32a7fc","managed":false,"references":[{"id":"dd7d1b84-be2f-4dd5-bff9-5dc3d41cca62","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMzgsMV0="} +{"attributes":{"columns":["user.domain","user.name","host.name","process.executable","process.args","process.parent.executable","process.parent.args"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(process.parent.name:\\\"powershell.exe\\\" OR process.name:\\\"powershell.exe\\\" OR winlog.event_data.OriginalFileName:\\\"PowerShell.EXE\\\") AND process.command_line.text:(\\\"invoke\\\" or \\\"bypass\\\" or \\\"iex\\\" or \\\"ex\\\" or \\\"icm\\\" or \\\"new-object\\\" or \\\"set\\\" or \\\"get\\\" or \\\"write\\\" or \\\"out\\\" or \\\"download\\\" or \\\"encoded\\\")\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Potentially Suspicious Powershell","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"3617dcd4-57c2-404c-a865-74ef3cddf9cb","managed":false,"references":[{"id":"64c636e6-00f6-469a-9315-1b8ae52c344f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMzksMV0="} +{"attributes":{"columns":["user.domain","user.name","host.name","destination.domain","destination.ip"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id:3 AND (process.parent.name:\\\"powershell.exe\\\" OR process.name:\\\"powershell.exe\\\" OR winlog.event_data.OriginalFileName:\\\"PowerShell.EXE\\\") AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"srch_uds_powershell_network","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"04c60a34-98a9-4073-8538-97996e80855f","managed":false,"references":[{"id":"64c636e6-00f6-469a-9315-1b8ae52c344f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwNDAsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Files title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Files title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Files\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"77c2b538-1477-4bf8-bdde-6dcf0605b596","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwNDEsMV0="} +{"attributes":{"columns":[],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"file.path.text: \\\"tmp\\\" OR file.path.text:\\\"temp\\\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"exists\",\"key\":\"file.path\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"},\"query\":{\"exists\":{\"field\":\"file.path\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"TEMP & %TEMP%","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"d3792434-6184-44ed-bad4-830249085d68","managed":false,"references":[{"id":"64c636e6-00f6-469a-9315-1b8ae52c344f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"04bfaff0-0ab7-4110-83cd-4e3a46766985","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwNDIsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"TEMP & %TEMP%","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Target File\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":30,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hostname\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"TEMP & %TEMP%\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"45809ac4-b7f7-47b9-87c4-2317cfda1493","managed":false,"references":[{"id":"d3792434-6184-44ed-bad4-830249085d68","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwNDMsMV0="} +{"attributes":{"columns":["@timestamp","user.domain","user.name","host.name","process.executable","winlog.event_data.ProcessId"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id: \\\"9\\\" AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Raw Access Events","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"bcf814ff-fe22-40ed-882d-2c77f3c3e7d5","managed":false,"references":[{"id":"64c636e6-00f6-469a-9315-1b8ae52c344f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwNDQsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Windows Defender Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Windows Defender Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Windows Defender\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"a2cdbce1-9070-4851-909f-774a80d2875a","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwNDUsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"winlog.event_id:(1006 or 1007 or 1008 or 1009 or 1116 or 1117 or 1118 or 1119)\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security - AV Events Count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - AV Events Count\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Windows AV Events\",\"emptyAsNull\":false},\"schema\":\"metric\"}],\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"6ac9a9da-1772-483c-8c32-b049f0273186","managed":false,"references":[{"id":"64c636e6-00f6-469a-9315-1b8ae52c344f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwNDYsMV0="} +{"attributes":{"columns":[],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"winlog.event_id\",\"value\":[\"1006\",\"1007\",\"1008\",\"1009\",\"1116\",\"1117\",\"1118\",\"1119\"],\"params\":[\"1006\",\"1007\",\"1008\",\"1009\",\"1116\",\"1117\",\"1118\",\"1119\"],\"negate\":false,\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"winlog.event_id\":\"1006\"}},{\"match_phrase\":{\"winlog.event_id\":\"1007\"}},{\"match_phrase\":{\"winlog.event_id\":\"1008\"}},{\"match_phrase\":{\"winlog.event_id\":\"1009\"}},{\"match_phrase\":{\"winlog.event_id\":\"1116\"}},{\"match_phrase\":{\"winlog.event_id\":\"1117\"}},{\"match_phrase\":{\"winlog.event_id\":\"1118\"}},{\"match_phrase\":{\"winlog.event_id\":\"1119\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"AV Detection event","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"60f38e0b-274f-44d6-9b66-fa83080c88bb","managed":false,"references":[{"id":"64c636e6-00f6-469a-9315-1b8ae52c344f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"04bfaff0-0ab7-4110-83cd-4e3a46766985","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwNDcsMV0="} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"AV Hits (Count)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"AV Hits (Count)\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"AV Detection hits\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"fe86395f-474e-43a1-a772-34d1306373e0","managed":false,"references":[{"id":"60f38e0b-274f-44d6-9b66-fa83080c88bb","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwNDgsMV0="} +{"attributes":{"columns":["winlog.event_data.Detection User","host.name","winlog.event_data.Path","winlog.event_data.FWLink"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id: 1116\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"negate\":false,\"type\":\"phrase\",\"key\":\"event.provider\",\"params\":{\"query\":\"Microsoft-Windows-Windows Defender\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"},\"query\":{\"match_phrase\":{\"event.provider\":{\"query\":\"Microsoft-Windows-Windows Defender\"}}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Defender AV Detections","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"1344681a-24b5-4829-b4d6-ec18d2de5ba5","managed":false,"references":[{"id":"64c636e6-00f6-469a-9315-1b8ae52c344f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"04bfaff0-0ab7-4110-83cd-4e3a46766985","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwNDksMV0="} +{"attributes":{"description":"User Security overview, filtered by Domain / Username or hostname","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"bd9e6265-dae7-493b-88b0-e3dee8508541\"},\"panelIndex\":\"bd9e6265-dae7-493b-88b0-e3dee8508541\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_bd9e6265-dae7-493b-88b0-e3dee8508541\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":23,\"h\":7,\"i\":\"956d6ef1-5d6b-4ccc-a123-fa66805c15db\"},\"panelIndex\":\"956d6ef1-5d6b-4ccc-a123-fa66805c15db\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Search users\",\"panelRefName\":\"panel_956d6ef1-5d6b-4ccc-a123-fa66805c15db\"},{\"type\":\"visualization\",\"gridData\":{\"x\":23,\"y\":3,\"w\":25,\"h\":7,\"i\":\"62ea04ec-0776-46c0-9b8c-cf2915600337\"},\"panelIndex\":\"62ea04ec-0776-46c0-9b8c-cf2915600337\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Filter hosts\",\"panelRefName\":\"panel_62ea04ec-0776-46c0-9b8c-cf2915600337\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":10,\"w\":23,\"h\":7,\"i\":\"45ac8571-ae44-4bb5-a237-cd230ede51d5\"},\"panelIndex\":\"45ac8571-ae44-4bb5-a237-cd230ede51d5\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Search hosts\",\"panelRefName\":\"panel_45ac8571-ae44-4bb5-a237-cd230ede51d5\"},{\"type\":\"lens\",\"gridData\":{\"x\":23,\"y\":10,\"w\":25,\"h\":7,\"i\":\"1324f39e-f215-45e9-b679-05b06e4fcb9d\"},\"panelIndex\":\"1324f39e-f215-45e9-b679-05b06e4fcb9d\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"id\":\"e3f24157-721c-4741-ac8f-8be48c22d612\",\"name\":\"indexpattern-datasource-layer-d123adeb-fd39-4176-b3c9-69c88d2852d5\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"6f33ff19-9959-4c43-b791-939582a0b3d2\",\"isTransposed\":false},{\"columnId\":\"26752485-2aa5-4908-b400-504d6e7ef451\",\"isTransposed\":false},{\"columnId\":\"cc4e45f6-be3a-4de0-a416-e21043b601bb\",\"isTransposed\":false,\"isMetric\":false}],\"layerId\":\"d123adeb-fd39-4176-b3c9-69c88d2852d5\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"d123adeb-fd39-4176-b3c9-69c88d2852d5\":{\"columns\":{\"6f33ff19-9959-4c43-b791-939582a0b3d2\":{\"label\":\"Event Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"26752485-2aa5-4908-b400-504d6e7ef451\":{\"label\":\"Filters\",\"dataType\":\"string\",\"operationType\":\"filters\",\"scale\":\"ordinal\",\"isBucketed\":true,\"params\":{\"filters\":[{\"label\":\"\",\"input\":{\"query\":\"\\\"log\\\" : *\",\"language\":\"kuery\"}}]}},\"cc4e45f6-be3a-4de0-a416-e21043b601bb\":{\"label\":\"Top 3 values of user.domain\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.domain\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6f33ff19-9959-4c43-b791-939582a0b3d2\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}}},\"columnOrder\":[\"26752485-2aa5-4908-b400-504d6e7ef451\",\"cc4e45f6-be3a-4de0-a416-e21043b601bb\",\"6f33ff19-9959-4c43-b791-939582a0b3d2\"],\"sampling\":1,\"indexPatternId\":\"a2ce5204-8ea0-4af2-a2d7-daf564ce2841\",\"incompleteColumns\":{}}},\"currentIndexPatternId\":\"a2ce5204-8ea0-4af2-a2d7-daf564ce2841\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Filter users\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":17,\"w\":48,\"h\":4,\"i\":\"b453a1df-c025-430b-84e3-d6dc7a8c48f1\"},\"panelIndex\":\"b453a1df-c025-430b-84e3-d6dc7a8c48f1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b453a1df-c025-430b-84e3-d6dc7a8c48f1\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":21,\"w\":9,\"h\":7,\"i\":\"e5de9fc4-5863-470c-8246-0a86f5af897e\"},\"panelIndex\":\"e5de9fc4-5863-470c-8246-0a86f5af897e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e5de9fc4-5863-470c-8246-0a86f5af897e\"},{\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":21,\"w\":20,\"h\":14,\"i\":\"8f7f6de1-8c0f-4a35-8d03-1c4e01e72c48\"},\"panelIndex\":\"8f7f6de1-8c0f-4a35-8d03-1c4e01e72c48\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Logon attempts\",\"panelRefName\":\"panel_8f7f6de1-8c0f-4a35-8d03-1c4e01e72c48\"},{\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":21,\"w\":19,\"h\":14,\"i\":\"c53cdf71-278e-4972-9e0d-cd9b3b75c2e2\"},\"panelIndex\":\"c53cdf71-278e-4972-9e0d-cd9b3b75c2e2\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Logged on computers\",\"panelRefName\":\"panel_c53cdf71-278e-4972-9e0d-cd9b3b75c2e2\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":28,\"w\":9,\"h\":7,\"i\":\"0d1c0533-598a-4304-80be-c22047edcbe1\"},\"panelIndex\":\"0d1c0533-598a-4304-80be-c22047edcbe1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0d1c0533-598a-4304-80be-c22047edcbe1\"},{\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":35,\"w\":48,\"h\":17,\"i\":\"1a7e0e6d-e2dd-4bb3-8d5e-432d9ac12396\"},\"panelIndex\":\"1a7e0e6d-e2dd-4bb3-8d5e-432d9ac12396\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"User Logon & Logoff Events\",\"panelRefName\":\"panel_1a7e0e6d-e2dd-4bb3-8d5e-432d9ac12396\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":52,\"w\":48,\"h\":4,\"i\":\"0fab3d76-5411-46e4-982f-4d4626c977b8\"},\"panelIndex\":\"0fab3d76-5411-46e4-982f-4d4626c977b8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0fab3d76-5411-46e4-982f-4d4626c977b8\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":56,\"w\":48,\"h\":14,\"i\":\"b0ec1bf9-7f59-4cc9-9f9c-40aba7375305\"},\"panelIndex\":\"b0ec1bf9-7f59-4cc9-9f9c-40aba7375305\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"All network connections\",\"panelRefName\":\"panel_b0ec1bf9-7f59-4cc9-9f9c-40aba7375305\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":70,\"w\":24,\"h\":15,\"i\":\"f068f3e0-1c90-4f9d-93ca-a7e7c96df39c\"},\"panelIndex\":\"f068f3e0-1c90-4f9d-93ca-a7e7c96df39c\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"title\":\"Network connections from non-browser processes\",\"panelRefName\":\"panel_f068f3e0-1c90-4f9d-93ca-a7e7c96df39c\"},{\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":70,\"w\":24,\"h\":15,\"i\":\"6da7d5e7-a679-42d4-b2f7-bb3c958ab16b\"},\"panelIndex\":\"6da7d5e7-a679-42d4-b2f7-bb3c958ab16b\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Network connection by protocol\",\"panelRefName\":\"panel_6da7d5e7-a679-42d4-b2f7-bb3c958ab16b\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":85,\"w\":48,\"h\":15,\"i\":\"6d5d4b74-133b-4fef-8ae5-14d2e7037a78\"},\"panelIndex\":\"6d5d4b74-133b-4fef-8ae5-14d2e7037a78\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Unusual network connections from non-browser processes\",\"panelRefName\":\"panel_6d5d4b74-133b-4fef-8ae5-14d2e7037a78\"},{\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":100,\"w\":48,\"h\":10,\"i\":\"ea6ad677-7322-4c5c-8946-cac4dd983b26\"},\"panelIndex\":\"ea6ad677-7322-4c5c-8946-cac4dd983b26\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Network Connection Events (Sysmon ID 3)\",\"panelRefName\":\"panel_ea6ad677-7322-4c5c-8946-cac4dd983b26\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":110,\"w\":48,\"h\":4,\"i\":\"43b61744-5553-4fd1-894c-6e91a799f4a2\"},\"panelIndex\":\"43b61744-5553-4fd1-894c-6e91a799f4a2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_43b61744-5553-4fd1-894c-6e91a799f4a2\"},{\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":114,\"w\":48,\"h\":14,\"i\":\"9a522603-8d31-4ad6-ac4f-130a814f54fa\"},\"panelIndex\":\"9a522603-8d31-4ad6-ac4f-130a814f54fa\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Spawned Processes\",\"panelRefName\":\"panel_9a522603-8d31-4ad6-ac4f-130a814f54fa\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":128,\"w\":10,\"h\":15,\"i\":\"fad5ef2b-1cc8-47bd-832b-48aeb713f6e6\"},\"panelIndex\":\"fad5ef2b-1cc8-47bd-832b-48aeb713f6e6\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell Events\",\"panelRefName\":\"panel_fad5ef2b-1cc8-47bd-832b-48aeb713f6e6\"},{\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":128,\"w\":20,\"h\":15,\"i\":\"68d75f76-3806-4d15-81e9-d0dcfa34c9b9\"},\"panelIndex\":\"68d75f76-3806-4d15-81e9-d0dcfa34c9b9\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell events over time\",\"panelRefName\":\"panel_68d75f76-3806-4d15-81e9-d0dcfa34c9b9\"},{\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":128,\"w\":18,\"h\":15,\"i\":\"ed7a59ea-caa7-4396-89b7-90c6b8363800\"},\"panelIndex\":\"ed7a59ea-caa7-4396-89b7-90c6b8363800\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell events by computer\",\"panelRefName\":\"panel_ed7a59ea-caa7-4396-89b7-90c6b8363800\"},{\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":143,\"w\":25,\"h\":16,\"i\":\"cfe390f9-80a7-4a11-9a8c-7d599e41e38a\"},\"panelIndex\":\"cfe390f9-80a7-4a11-9a8c-7d599e41e38a\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Potentially suspicious powershell\",\"panelRefName\":\"panel_cfe390f9-80a7-4a11-9a8c-7d599e41e38a\"},{\"type\":\"search\",\"gridData\":{\"x\":25,\"y\":143,\"w\":23,\"h\":16,\"i\":\"9587ef7f-3554-4886-be6a-fae4648e87dd\"},\"panelIndex\":\"9587ef7f-3554-4886-be6a-fae4648e87dd\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell network connections\",\"panelRefName\":\"panel_9587ef7f-3554-4886-be6a-fae4648e87dd\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":159,\"w\":48,\"h\":4,\"i\":\"7cfff19f-bf9d-4101-be63-4d9b8ea78e26\"},\"panelIndex\":\"7cfff19f-bf9d-4101-be63-4d9b8ea78e26\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7cfff19f-bf9d-4101-be63-4d9b8ea78e26\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":163,\"w\":24,\"h\":15,\"i\":\"4988f659-a275-4317-b071-8a350087a4e6\"},\"panelIndex\":\"4988f659-a275-4317-b071-8a350087a4e6\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"References to temporary files\",\"panelRefName\":\"panel_4988f659-a275-4317-b071-8a350087a4e6\"},{\"type\":\"search\",\"gridData\":{\"x\":24,\"y\":163,\"w\":24,\"h\":15,\"i\":\"bfae12f4-b2fd-471f-a111-daf49cd25ed3\"},\"panelIndex\":\"bfae12f4-b2fd-471f-a111-daf49cd25ed3\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"RawAccessRead (Sysmon Event 9)\",\"panelRefName\":\"panel_bfae12f4-b2fd-471f-a111-daf49cd25ed3\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":178,\"w\":48,\"h\":4,\"i\":\"a4f5d22b-fe87-4488-8d26-d0d9cdd10d6b\"},\"panelIndex\":\"a4f5d22b-fe87-4488-8d26-d0d9cdd10d6b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a4f5d22b-fe87-4488-8d26-d0d9cdd10d6b\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":182,\"w\":12,\"h\":14,\"i\":\"e8c5ac63-42b4-4081-85e3-378c85c0b4cb\"},\"panelIndex\":\"e8c5ac63-42b4-4081-85e3-378c85c0b4cb\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Defender event count\",\"panelRefName\":\"panel_e8c5ac63-42b4-4081-85e3-378c85c0b4cb\"},{\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":182,\"w\":12,\"h\":14,\"i\":\"30454a55-0210-43d2-af3d-822c5b519033\"},\"panelIndex\":\"30454a55-0210-43d2-af3d-822c5b519033\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_30454a55-0210-43d2-af3d-822c5b519033\"},{\"type\":\"search\",\"gridData\":{\"x\":24,\"y\":182,\"w\":24,\"h\":14,\"i\":\"6ff4d4db-16b6-4c80-8bb6-95e009803d1d\"},\"panelIndex\":\"6ff4d4db-16b6-4c80-8bb6-95e009803d1d\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"AV Detections (Event 1116)\",\"panelRefName\":\"panel_6ff4d4db-16b6-4c80-8bb6-95e009803d1d\"}]","timeRestore":false,"title":"User Security 2.0","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T15:24:54.858Z","id":"2fc36188-8461-4927-932e-0e452b7dc3ac","managed":false,"references":[{"id":"dec45d9f-11a2-4e39-ae58-4fc7885ce7dd","name":"bd9e6265-dae7-493b-88b0-e3dee8508541:panel_bd9e6265-dae7-493b-88b0-e3dee8508541","type":"visualization"},{"id":"4a675166-ce19-4836-9567-eda4ab46b3d5","name":"956d6ef1-5d6b-4ccc-a123-fa66805c15db:panel_956d6ef1-5d6b-4ccc-a123-fa66805c15db","type":"visualization"},{"id":"8d476795-134d-4689-9050-a24b57adaa90","name":"62ea04ec-0776-46c0-9b8c-cf2915600337:panel_62ea04ec-0776-46c0-9b8c-cf2915600337","type":"visualization"},{"id":"5c4b0b82-4972-40fe-b2ee-86c366342a98","name":"45ac8571-ae44-4bb5-a237-cd230ede51d5:panel_45ac8571-ae44-4bb5-a237-cd230ede51d5","type":"visualization"},{"id":"e3f24157-721c-4741-ac8f-8be48c22d612","name":"1324f39e-f215-45e9-b679-05b06e4fcb9d:indexpattern-datasource-layer-d123adeb-fd39-4176-b3c9-69c88d2852d5","type":"index-pattern"},{"id":"4eccff45-c97a-480f-b593-4744922893e5","name":"b453a1df-c025-430b-84e3-d6dc7a8c48f1:panel_b453a1df-c025-430b-84e3-d6dc7a8c48f1","type":"visualization"},{"id":"3f7d1f53-6b70-4235-879a-f149d98c9063","name":"e5de9fc4-5863-470c-8246-0a86f5af897e:panel_e5de9fc4-5863-470c-8246-0a86f5af897e","type":"visualization"},{"id":"42ae3f23-386c-4ceb-bb84-98879107338b","name":"8f7f6de1-8c0f-4a35-8d03-1c4e01e72c48:panel_8f7f6de1-8c0f-4a35-8d03-1c4e01e72c48","type":"visualization"},{"id":"1e3228b7-ae0f-4e37-8586-558d4eb63d23","name":"c53cdf71-278e-4972-9e0d-cd9b3b75c2e2:panel_c53cdf71-278e-4972-9e0d-cd9b3b75c2e2","type":"visualization"},{"id":"b019f88f-c449-4d6f-b812-78ed5a9248a9","name":"0d1c0533-598a-4304-80be-c22047edcbe1:panel_0d1c0533-598a-4304-80be-c22047edcbe1","type":"visualization"},{"id":"e077e6a8-f42a-4444-bcb4-19b8916163fe","name":"1a7e0e6d-e2dd-4bb3-8d5e-432d9ac12396:panel_1a7e0e6d-e2dd-4bb3-8d5e-432d9ac12396","type":"search"},{"id":"80b03097-c117-44d0-8413-3c932d0886a2","name":"0fab3d76-5411-46e4-982f-4d4626c977b8:panel_0fab3d76-5411-46e4-982f-4d4626c977b8","type":"visualization"},{"id":"aa741894-2140-4529-a488-6d34ed57abef","name":"b0ec1bf9-7f59-4cc9-9f9c-40aba7375305:panel_b0ec1bf9-7f59-4cc9-9f9c-40aba7375305","type":"visualization"},{"id":"e45875a5-d1ae-4c92-9683-86392f740aae","name":"f068f3e0-1c90-4f9d-93ca-a7e7c96df39c:panel_f068f3e0-1c90-4f9d-93ca-a7e7c96df39c","type":"visualization"},{"id":"48405764-dc21-463c-bef1-3c0da9a0e42a","name":"6da7d5e7-a679-42d4-b2f7-bb3c958ab16b:panel_6da7d5e7-a679-42d4-b2f7-bb3c958ab16b","type":"visualization"},{"id":"5e7314fa-49ae-4328-b799-017c6a3c4fbb","name":"6d5d4b74-133b-4fef-8ae5-14d2e7037a78:panel_6d5d4b74-133b-4fef-8ae5-14d2e7037a78","type":"visualization"},{"id":"e35a92e5-1ca7-4c49-8f92-bba46bb6b8f4","name":"ea6ad677-7322-4c5c-8946-cac4dd983b26:panel_ea6ad677-7322-4c5c-8946-cac4dd983b26","type":"search"},{"id":"b54164ff-6ee5-47d6-a42b-8ac2cec9cad9","name":"43b61744-5553-4fd1-894c-6e91a799f4a2:panel_43b61744-5553-4fd1-894c-6e91a799f4a2","type":"visualization"},{"id":"826cccdc-b0be-4819-aab4-4082eb2ea6b5","name":"9a522603-8d31-4ad6-ac4f-130a814f54fa:panel_9a522603-8d31-4ad6-ac4f-130a814f54fa","type":"search"},{"id":"bf65ea9e-3cf4-4394-ace6-e45968bdfaf6","name":"fad5ef2b-1cc8-47bd-832b-48aeb713f6e6:panel_fad5ef2b-1cc8-47bd-832b-48aeb713f6e6","type":"visualization"},{"id":"28a2a074-23e1-4739-a9c0-1f04e4416aab","name":"68d75f76-3806-4d15-81e9-d0dcfa34c9b9:panel_68d75f76-3806-4d15-81e9-d0dcfa34c9b9","type":"visualization"},{"id":"04061d59-6e1f-46f4-887b-e1877e32a7fc","name":"ed7a59ea-caa7-4396-89b7-90c6b8363800:panel_ed7a59ea-caa7-4396-89b7-90c6b8363800","type":"visualization"},{"id":"3617dcd4-57c2-404c-a865-74ef3cddf9cb","name":"cfe390f9-80a7-4a11-9a8c-7d599e41e38a:panel_cfe390f9-80a7-4a11-9a8c-7d599e41e38a","type":"search"},{"id":"04c60a34-98a9-4073-8538-97996e80855f","name":"9587ef7f-3554-4886-be6a-fae4648e87dd:panel_9587ef7f-3554-4886-be6a-fae4648e87dd","type":"search"},{"id":"77c2b538-1477-4bf8-bdde-6dcf0605b596","name":"7cfff19f-bf9d-4101-be63-4d9b8ea78e26:panel_7cfff19f-bf9d-4101-be63-4d9b8ea78e26","type":"visualization"},{"id":"45809ac4-b7f7-47b9-87c4-2317cfda1493","name":"4988f659-a275-4317-b071-8a350087a4e6:panel_4988f659-a275-4317-b071-8a350087a4e6","type":"visualization"},{"id":"bcf814ff-fe22-40ed-882d-2c77f3c3e7d5","name":"bfae12f4-b2fd-471f-a111-daf49cd25ed3:panel_bfae12f4-b2fd-471f-a111-daf49cd25ed3","type":"search"},{"id":"a2cdbce1-9070-4851-909f-774a80d2875a","name":"a4f5d22b-fe87-4488-8d26-d0d9cdd10d6b:panel_a4f5d22b-fe87-4488-8d26-d0d9cdd10d6b","type":"visualization"},{"id":"6ac9a9da-1772-483c-8c32-b049f0273186","name":"e8c5ac63-42b4-4081-85e3-378c85c0b4cb:panel_e8c5ac63-42b4-4081-85e3-378c85c0b4cb","type":"visualization"},{"id":"fe86395f-474e-43a1-a772-34d1306373e0","name":"30454a55-0210-43d2-af3d-822c5b519033:panel_30454a55-0210-43d2-af3d-822c5b519033","type":"visualization"},{"id":"1344681a-24b5-4829-b4d6-ec18d2de5ba5","name":"6ff4d4db-16b6-4c80-8bb6-95e009803d1d:panel_6ff4d4db-16b6-4c80-8bb6-95e009803d1d","type":"search"}],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-10-23T15:24:54.858Z","version":"WzI1NDIsMV0="} +{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":42,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file diff --git a/dashboard_refactor/requirements.txt b/dashboard_refactor/requirements.txt new file mode 100644 index 00000000..345bc273 --- /dev/null +++ b/dashboard_refactor/requirements.txt @@ -0,0 +1,2 @@ +requests +urllib3 \ No newline at end of file From 0d1d9db131dd779f531e2d811f6b806735c3b175 Mon Sep 17 00:00:00 2001 From: Clint Baxley Date: Fri, 25 Oct 2024 13:14:02 -0400 Subject: [PATCH 16/19] Updates some obscure bugs on install (#487) --- .gitignore | 1 + README.md | 2 +- ansible/install_lme_local.yml | 3 ++- testing/v2/development/docker-compose.yml | 7 ++++++- 4 files changed, 10 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 4837f322..8c441cc5 100644 --- a/.gitignore +++ b/.gitignore @@ -32,4 +32,5 @@ testing/tests/assets/style.css **.swp *.vim* **/quadlet/output +**/lme-environment.env diff --git a/README.md b/README.md index 6cfa1a6c..f1f18433 100644 --- a/README.md +++ b/README.md @@ -43,7 +43,7 @@ LME is suited for for: - Organizations that that require gathering logs and monitoring IT ## Table of Contents: -- [Pre-Requisites:](#architecture) +- [Pre-Requisites:](#pre-requisites) - [Architecture:](#architecture) - [Installation:](#installing-lme) - [Deploying Agents:](#deploying-agents) diff --git a/ansible/install_lme_local.yml b/ansible/install_lme_local.yml index d6e849c9..5d5f5177 100644 --- a/ansible/install_lme_local.yml +++ b/ansible/install_lme_local.yml @@ -39,7 +39,7 @@ - (not optenv_file.stat.exists) and (not env_file.stat.exists) - name: Copy lme-environment.env to /opt/lme (only if it doesn't exist) - command: "cp {{ clone_directory }}/config/lme-environment.env /opt/lme/lme-environment.env" + command: "mv {{ clone_directory }}/config/lme-environment.env /opt/lme/lme-environment.env" become: yes when: not optenv_file.stat.exists @@ -218,6 +218,7 @@ - uidmap - nix-bin - nix-setup-systemd + - python3-pexpect state: present become: yes diff --git a/testing/v2/development/docker-compose.yml b/testing/v2/development/docker-compose.yml index e07b80e3..8e965f9f 100644 --- a/testing/v2/development/docker-compose.yml +++ b/testing/v2/development/docker-compose.yml @@ -32,6 +32,11 @@ services: - LANGUAGE=en_US:en - LC_ALL=en_US.UTF-8 command: ["/lib/systemd/systemd"] + ports: + - "5601:5601" + - "443:443" + - "8220:8220" + - "9200:9200" pipeline: build: @@ -47,4 +52,4 @@ services: - ../../../../LME:/home/lme-user/LME environment: - HOME=/home/lme-user - command: sleep infinity \ No newline at end of file + command: sleep infinity From 587014c1f3f50c287790f4c90e62d37bcf325ca0 Mon Sep 17 00:00:00 2001 From: Andrew Arz <149685528+aarz-snl@users.noreply.github.com> Date: Mon, 28 Oct 2024 12:59:22 -0400 Subject: [PATCH 17/19] Remove breaking health check for fleet server --- quadlet/lme-fleet-server.container | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/quadlet/lme-fleet-server.container b/quadlet/lme-fleet-server.container index c4a18833..320dc012 100644 --- a/quadlet/lme-fleet-server.container +++ b/quadlet/lme-fleet-server.container @@ -25,5 +25,4 @@ PublishPort=8220:8220 Volume=lme_certs:/certs:ro Volume=lme_fleet_data:/usr/share/elastic-agent UserNS=auto:uidmapping=0:171632:3048,gidmapping=0:171632:3048 -HealthCmd=CMD-SHELL curl -s --cacert /certs/ca/ca.crt https://localhost:8220/api/status | grep '"status":"HEALTHY"' -Notify=healthy +#TODO: add a healthcheck From 981c0b16d8371a5064764e5642932b072383df34 Mon Sep 17 00:00:00 2001 From: Clint Baxley Date: Tue, 29 Oct 2024 11:14:23 -0400 Subject: [PATCH 18/19] Harden the pipline steps (#493) * Updates some obscure bugs on install * Adds waiting before retrying to check if the agent is reporting * Increment the counter before retrying to check if the agent is reporting * Fail if the elastic agent enrollment fails --- testing/v2/installers/install_v2/install.sh | 6 +- .../installers/lib/check_agent_reporting.sh | 124 +++++++++++------- .../v2/installers/lib/install_agent_linux.sh | 13 +- 3 files changed, 87 insertions(+), 56 deletions(-) diff --git a/testing/v2/installers/install_v2/install.sh b/testing/v2/installers/install_v2/install.sh index abda85b4..4a4a0742 100755 --- a/testing/v2/installers/install_v2/install.sh +++ b/testing/v2/installers/install_v2/install.sh @@ -47,7 +47,7 @@ ssh -o StrictHostKeyChecking=no $user@$hostname "cd ~/LME && ansible-playbook an echo "Waiting for Kibana and Elasticsearch to start..." # Wait for services to start -max_attempts=30 +max_attempts=120 attempt=0 while [ $attempt -lt $max_attempts ]; do if ssh -o StrictHostKeyChecking=no $user@$hostname bash << EOF @@ -82,8 +82,8 @@ EOF break fi attempt=$((attempt+1)) - echo "Attempt $attempt/$max_attempts: Services not ready yet. Waiting 10 seconds..." - sleep 10 + echo "Attempt $attempt/$max_attempts: Services not ready yet. Waiting 15 seconds..." + sleep 15 done if [ $attempt -eq $max_attempts ]; then diff --git a/testing/v2/installers/lib/check_agent_reporting.sh b/testing/v2/installers/lib/check_agent_reporting.sh index a4b45a77..369a3de2 100755 --- a/testing/v2/installers/lib/check_agent_reporting.sh +++ b/testing/v2/installers/lib/check_agent_reporting.sh @@ -11,61 +11,83 @@ if [ -z "$ES_PASSWORD" ]; then handle_error "ES_PASSWORD environment variable is not set" fi -# Run the curl command and capture the output -output=$(curl -k -s -X GET "https://localhost:9200/.ds-metrics-system.cpu-default-*/_search" \ - -H 'Content-Type: application/json' \ - -H "kbn-xsrf: true" \ - -u "elastic:$ES_PASSWORD" \ - -d '{ - "query": { - "bool": { - "must": [ - { - "term": { - "host.name": "ubuntu-vm" - } - }, - { - "term": { - "event.module": "system" - } - }, +# Initialize retry variables +MAX_ATTEMPTS=100 +ATTEMPT=1 +WAIT_TIME=15 + +while [ $ATTEMPT -le $MAX_ATTEMPTS ]; do + echo "Attempt $ATTEMPT of $MAX_ATTEMPTS to check agent reporting..." + + if [ $ATTEMPT -gt 1 ]; then + echo "Waiting before next attempt..." + sleep $WAIT_TIME + ATTEMPT=$((ATTEMPT + 1)) + fi + + # Run the curl command and capture the output + output=$(curl -k -s -X GET "https://localhost:9200/.ds-metrics-system.cpu-default-*/_search" \ + -H 'Content-Type: application/json' \ + -H "kbn-xsrf: true" \ + -u "elastic:$ES_PASSWORD" \ + -d '{ + "query": { + "bool": { + "must": [ + { + "term": { + "host.name": "ubuntu-vm" + } + }, + { + "term": { + "event.module": "system" + } + }, + { + "term": { + "event.dataset": "system.cpu" + } + } + ] + } + }, + "sort": [ { - "term": { - "event.dataset": "system.cpu" + "@timestamp": { + "order": "desc" } } - ] - } - }, - "sort": [ - { - "@timestamp": { - "order": "desc" - } - } - ], - "size": 1 -}') || handle_error "Failed to connect to Elasticsearch" + ], + "size": 1 + }') || { echo "Failed to connect to Elasticsearch, retrying..."; continue; } -# Check if the output is valid JSON -if ! echo "$output" | jq . >/dev/null 2>&1; then - handle_error "Invalid JSON response from Elasticsearch" -fi + # Check if the output is valid JSON + if ! echo "$output" | jq . >/dev/null 2>&1; then + echo "Invalid JSON response from Elasticsearch, retrying..." + continue + fi -# Extract the hit count -hit_count=$(echo "$output" | jq '.hits.total.value') + # Extract the hit count + hit_count=$(echo "$output" | jq '.hits.total.value') -# Check if hit_count is a number -if ! [[ "$hit_count" =~ ^[0-9]+$ ]]; then - handle_error "Unexpected response format" -fi + # Check if hit_count is a number + if ! [[ "$hit_count" =~ ^[0-9]+$ ]]; then + echo "Unexpected response format, retrying..." + continue + fi -# Check the hit count and exit accordingly -if [ "$hit_count" -gt 0 ]; then - echo "ubuntu-vm is reporting" - exit 0 -else - echo "No recent data from ubuntu-vm" - exit 1 -fi \ No newline at end of file + echo "Hit count: $output" + echo "Hit count: $hit_count" + + # Check the hit count and exit if successful + if [ "$hit_count" -gt 0 ]; then + echo "ubuntu-vm is reporting" + exit 0 + fi + + echo "No recent data from ubuntu-vm, retrying..." +done + +echo "No recent data from ubuntu-vm after $MAX_ATTEMPTS attempts" +exit 1 \ No newline at end of file diff --git a/testing/v2/installers/lib/install_agent_linux.sh b/testing/v2/installers/lib/install_agent_linux.sh index 081abf10..3a733d18 100755 --- a/testing/v2/installers/lib/install_agent_linux.sh +++ b/testing/v2/installers/lib/install_agent_linux.sh @@ -49,8 +49,17 @@ cd "elastic-agent-${VERSION}-${ARCHITECTURE}" # Install Elastic Agent with automatic "yes" response sudo ./elastic-agent install --non-interactive -# Enroll the Elastic Agent. The previous install wasn't setting the variables right. -sudo /opt/Elastic/Agent/elastic-agent enroll -f --insecure --url=https://${IP}:$PORT --enrollment-token="${ENROLLMENT_TOKEN}" +# Enroll the Elastic Agent and capture the output +enrollment_output=$(sudo /opt/Elastic/Agent/elastic-agent enroll -f --insecure --url=https://${IP}:$PORT --enrollment-token="${ENROLLMENT_TOKEN}" 2>&1) + +# Check if enrollment was successful +if echo "$enrollment_output" | grep -q "Successfully enrolled"; then + echo "Agent enrollment successful" +else + echo "Agent enrollment failed" + echo "Enrollment output: $enrollment_output" + exit 1 +fi # Restart the agent service sudo service elastic-agent restart From e96a52c0d71eb940314a732222af888086be1f4a Mon Sep 17 00:00:00 2001 From: ddiabe <133152385+ddiabe@users.noreply.github.com> Date: Wed, 30 Oct 2024 14:03:30 -0400 Subject: [PATCH 19/19] Delete dashboard_refactor directory Deleting the dashboard refractor directory from the release-2.0.0 branch... --- dashboard_refactor/export_dashboards.py | 171 ------------------ .../needs_refactoring/Readme.md | 64 ------- .../alerting_dashboard.ndjson | 18 -- .../computer_software_overview.ndjson | 12 -- .../credential_access_logs_dashboard.ndjson | 5 - .../healthcheck_dashboard_overview.ndjson | 9 - .../identity_access_management.ndjson | 7 - .../policy_changes_and_system_activity.ndjson | 11 -- .../privileged_activity_log_dashboards.ndjson | 7 - .../needs_refactoring/process_explorer.ndjson | 10 - .../security_dashboard_security_log.ndjson | 27 --- .../needs_refactoring/sysmon_summary.ndjson | 11 -- .../needs_refactoring/user_hr.ndjson | 10 - .../user_security_logs_test.ndjson | 39 ---- .../refactored/Alerting Dashboard 2.0.ndjson | 22 --- .../Computer Software Overview 2.0.ndjson | 14 -- ...redential Access Logs Dashboard 2.0.ndjson | 20 -- .../HealthCheck Dashboard 2.0.ndjson | 11 -- .../Identity Access Managment 2.0.ndjson | 9 - ...icy Changes and System Activity 2.0.ndjson | 14 -- ...vileged Activity Log Dashboards 2.0.ndjson | 9 - .../refactored/Process Explorer 2.0.ndjson | 12 -- ...curity Dashboard -Security Logs 2.0.ndjson | 28 --- .../refactored/Sysmon Summary 2.0.ndjson | 11 -- .../refactored/User HR 2.0.ndjson | 14 -- .../refactored/User Security 2.0.ndjson | 43 ----- dashboard_refactor/requirements.txt | 2 - 27 files changed, 610 deletions(-) delete mode 100644 dashboard_refactor/export_dashboards.py delete mode 100644 dashboard_refactor/needs_refactoring/Readme.md delete mode 100644 dashboard_refactor/needs_refactoring/alerting_dashboard.ndjson delete mode 100644 dashboard_refactor/needs_refactoring/computer_software_overview.ndjson delete mode 100644 dashboard_refactor/needs_refactoring/credential_access_logs_dashboard.ndjson delete mode 100644 dashboard_refactor/needs_refactoring/healthcheck_dashboard_overview.ndjson delete mode 100644 dashboard_refactor/needs_refactoring/identity_access_management.ndjson delete mode 100644 dashboard_refactor/needs_refactoring/policy_changes_and_system_activity.ndjson delete mode 100644 dashboard_refactor/needs_refactoring/privileged_activity_log_dashboards.ndjson delete mode 100644 dashboard_refactor/needs_refactoring/process_explorer.ndjson delete mode 100644 dashboard_refactor/needs_refactoring/security_dashboard_security_log.ndjson delete mode 100644 dashboard_refactor/needs_refactoring/sysmon_summary.ndjson delete mode 100644 dashboard_refactor/needs_refactoring/user_hr.ndjson delete mode 100644 dashboard_refactor/needs_refactoring/user_security_logs_test.ndjson delete mode 100644 dashboard_refactor/refactored/Alerting Dashboard 2.0.ndjson delete mode 100644 dashboard_refactor/refactored/Computer Software Overview 2.0.ndjson delete mode 100644 dashboard_refactor/refactored/Credential Access Logs Dashboard 2.0.ndjson delete mode 100644 dashboard_refactor/refactored/HealthCheck Dashboard 2.0.ndjson delete mode 100644 dashboard_refactor/refactored/Identity Access Managment 2.0.ndjson delete mode 100644 dashboard_refactor/refactored/Policy Changes and System Activity 2.0.ndjson delete mode 100644 dashboard_refactor/refactored/Privileged Activity Log Dashboards 2.0.ndjson delete mode 100644 dashboard_refactor/refactored/Process Explorer 2.0.ndjson delete mode 100644 dashboard_refactor/refactored/Security Dashboard -Security Logs 2.0.ndjson delete mode 100644 dashboard_refactor/refactored/Sysmon Summary 2.0.ndjson delete mode 100644 dashboard_refactor/refactored/User HR 2.0.ndjson delete mode 100644 dashboard_refactor/refactored/User Security 2.0.ndjson delete mode 100644 dashboard_refactor/requirements.txt diff --git a/dashboard_refactor/export_dashboards.py b/dashboard_refactor/export_dashboards.py deleted file mode 100644 index 0c98119f..00000000 --- a/dashboard_refactor/export_dashboards.py +++ /dev/null @@ -1,171 +0,0 @@ -#!/usr/bin/env python3 -import argparse -import base64 -import json -import os -import re -import requests -from pathlib import Path -from urllib3.exceptions import InsecureRequestWarning - -# Suppress the InsecureRequestWarning (We are using a self-signed cert) -requests.packages.urllib3.disable_warnings(InsecureRequestWarning) - -ALL = 'all' - - -class Api: - def __init__(self, args): - self.ids = None - self.basic_auth = self.get_basic_auth(args.user, args.password) - self.root_url = f'https://{args.host}:{args.port}' - - def export_dashboards(self): - self.set_ids() - self.export_selected_dashboard(self.select_dashboard()) - - @staticmethod - def get_basic_auth(username, password): - return base64.b64encode(f"{username}:{password}".encode()).decode() - - def get_ids(self): - url = f'{self.root_url}/api/kibana/management/saved_objects/_find?perPage=500&page=1&type=dashboard&sortField=updated_at&sortOrder=desc' - - try: - response = requests.get(url, headers={'Authorization': f'Basic {self.basic_auth}'}, verify=False) - - if response.status_code == 200: - data = response.json() - #ids = {item['id']: item['meta']['title'] for item in data.get('saved_objects', [])} - #return ids - ids = { - item['id']: item['meta']['title'] - for item in data.get('saved_objects', []) - if '[' not in item['meta']['title'] and ']' not in item['meta']['title'] - } - return ids - else: - print(f"HTTP request failed with status code: {response.status_code}") - print(response.text) - return {} - except Exception as e: - print(f"An error occurred: {str(e)}") - return {} - - def set_ids(self, ids=None): - if ids is None: - ids = self.get_ids() - self.ids = ids - - def select_dashboard(self): - print("Please select a dashboard ID:") - item = 1 - choices = {} - - # Iterate through ids and display them with corresponding numbers - for this_id, title in self.ids.items(): - print(item, this_id, title) - choices[item] = this_id - item += 1 - - if item == 1: - print("I could not find any dashboards") - return - - choices[item] = ALL - print(item, "Select all dashboards") - - # Ask the user to select a number - while True: - try: - choice = int(input("Select a number: ")) - if choice in choices: - selected_id = choices[choice] - if selected_id == ALL: - return ALL # Return 'all' if the user selects all dashboards - else: - return selected_id # Return the selected dashboard ID - else: - print("Invalid choice. Please select a valid number.") - except ValueError: - print("Invalid input. Please enter a number.") - - def export_selected_dashboard(self, selected_dashboard): - if selected_dashboard == ALL: - print("You selected to export all dashboards") - self.dump_all_dashboards() - else: - print(f"You selected dashboard ID: {selected_dashboard}") - self.dump_dashboard(selected_dashboard) - - def dump_dashboard(self, selected_id): - print(f"Dumping dashboard: {selected_id}: {self.ids[selected_id]}...") - # Dumping dashboard: e5f203f0-6182-11ee-b035-d5f231e90733: User Security - - dashboard_json = self.get_dashboard_json(selected_id) - - if dashboard_json is not None: - script_dir = os.path.dirname(os.path.abspath(__file__)) - export_path = Path(script_dir) / 'exported' - os.makedirs(export_path, exist_ok=True) - - filename = re.sub(r"\W+", "_", self.ids[selected_id].lower()) + ".dumped.ndjson" - - print(f"Writing to file {filename}") - export_path = export_path / filename - - Api.write_to_file(export_path, dashboard_json) - return - - print("There was a problem dumping the dashboard") - - def dump_all_dashboards(self): - for this_id in self.ids: - self.dump_dashboard(this_id) - - def get_dashboard_json(self, selected_id): - url = f'{self.root_url}/api/saved_objects/_export' - data = { - "objects": [{"id": selected_id, "type": "dashboard"}], - "includeReferencesDeep": True - } - headers = { - "kbn-xsrf": "true", - 'Authorization': f'Basic {self.basic_auth}' - } - try: - response = requests.post(url, headers=headers, json=data, verify=False) - - if response.status_code == 200: - return response.text - else: - print(f"HTTP request failed with status code: {response.status_code}") - print(response.text) - return None - - except Exception as e: - print(f"An error occurred: {str(e)}") - return None - - @staticmethod - def write_to_file(filename, content): - with open(filename, 'wb') as file: - file.write(content.encode('utf-8')) - - -def main(): - # Define command-line arguments with defaults - parser = argparse.ArgumentParser(description='Retrieve IDs from Elasticsearch') - parser.add_argument('-u', '--user', required=True, help='Elasticsearch username') - parser.add_argument('-p', '--password', required=True, help='Elasticsearch password') - parser.add_argument('--host', default='localhost', help='Elasticsearch host (default: localhost)') - parser.add_argument('--port', default='443', help='Elasticsearch port (default: 443)') - args = parser.parse_args() - - api = Api(args) - - api.export_dashboards() - - -if __name__ == '__main__': - main() diff --git a/dashboard_refactor/needs_refactoring/Readme.md b/dashboard_refactor/needs_refactoring/Readme.md deleted file mode 100644 index afdcc412..00000000 --- a/dashboard_refactor/needs_refactoring/Readme.md +++ /dev/null @@ -1,64 +0,0 @@ -# Folder for all the dashboards - - -## How to update dashboards -To update the dashboards, run the following command from the Linux server: -``` -sudo /opt/lme/dashboard_update.sh -``` - -Note that there is also a `dashboard_update.sh` script within the Chapter 3 Files folder. That is a generic version of the script that is used to contruct the `dashboard_update.sh` script inside the /opt/lme folder. The version inside the Chapter 3 Files folder does **not** have the information needed to update the dashboards. Only the version inside the /opt/lme folder, which is customized to your specific installation of LME, should be run. - -### Updating to new dashboards and removing old ones (Starting with 1.1.0) -Browse to `Kibana->Stack Management` then select `Saved Objects`. -On the Saved Objects page, you can filter by dashboards. - -Select the filter `Type` and select `dashboard`. - -* It is suggested that you export the dashboards first (readme below) so you have a backup. -You can delete all of the dashboards before importing the new ones. - -After having backed up the dashboards and deleting them, you can then run -`dashboard_update.sh` in the `/opt/lme` directory. - - -### Exporting dashboards: -It is recommended that you export your dashboards before updating them, especially if you have customized them or created new ones. -To export the dashboards use the `export_dashboards.py` file in the Chapter 4 directory. -It is easiest to export them from the ubuntu machine where you have installed the ELK stack because the -default port and hostname are in the script. You will need the user and password for elastic that were printed -on your initial install. - -##### The files will be exported to `Chapter 4 Files/exported` - -#### Running on Ubuntu -Change to the `Chapter 4 Files` directory and run: -``` -./export_dashboards.py -u elastic -p YOURUNIQUEPASS -``` -The modules should already be installed on Ubuntu, but If the script complains about missing modules: -``` -pip install -r requirements.txt -``` - -#### Running on Windows -You must have python and the modules installed. (You can install python 3 from the Microsoft Store) Then make -sure you are in the `Chapter 4 Files` directory and install the requirements. -``` -pip install -r requirements.txt -``` - -You will probably have to pass the host that you connect to for kibana when running on windows. -``` -python .\export_dashboards.py -u elastic -p YOURUNIQUEPASS --host x.x.x.x -``` - -## Customizing dashboards: -When customizing dashboards keep in mind to be sure the name of the file does not conflict with one on git. In future iterations of LME, updates will overwrite any dashboard file that you have customized or named the same as an original file that appears in this directory. - -In addition, any other dashboards you want to save in git and track in this repository can maintained safely (assuming the new files do not overlap in name with any original file in LME) by doing the following: - 1. Creating your own local branch in this LME repo - 2. Commiting any changes - 3. pulling in changes from `main` to your local repo - - diff --git a/dashboard_refactor/needs_refactoring/alerting_dashboard.ndjson b/dashboard_refactor/needs_refactoring/alerting_dashboard.ndjson deleted file mode 100644 index 65049038..00000000 --- a/dashboard_refactor/needs_refactoring/alerting_dashboard.ndjson +++ /dev/null @@ -1,18 +0,0 @@ -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n| [ Credential Access logs](#/dashboard/403259b0-42ff-11ef-ad69-a315bc8e9abb)\\n| [ Privilege Access logs](#/dashboard/ff4536e0-439c-11ef-bb7f-8131442929d4)\\n| [ Policy Changes & System Activity](#/dashboard/b9590350-4ad6-11ef-b548-fb0fe2537bf7)\\n| [ Identity access Management](#/dashboard/99145260-4618-11ef-af9e-99159f20f35b)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T12:04:55.244Z","version":"WzMwMSwxXQ=="} -{"attributes":{"fieldAttrs":"{}","fieldFormatMap":"{\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable.text\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name.text\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","runtimeFieldMap":"{\"Column1\":{\"type\":\"keyword\",\"script\":{\"source\":\"if(doc['signal.status'].size() != 0) { if(doc['signal.status'].value.equals(\\\"open\\\")) { if(doc['event.code'].size() != 0) { if(doc['event.code'].value.equals(Integer.toString(1))) { if (doc['process.pid'].size() != 0) { emit (doc['process.pid'].value.toString()) } } else if(doc['event.code'].value.equals(Integer.toString(3))) { if (doc['destination.address'].size() != 0) { emit (doc['destination.address'].value.toString()) } } } emit (\\\"No Data\\\") } } emit (\\\"Signal Closed\\\")\"}},\"Column2\":{\"type\":\"keyword\",\"script\":{\"source\":\"if(doc['signal.status'].size() != 0) { if(doc['signal.status'].value.equals(\\\"open\\\")) { if(doc['event.code'].size() != 0) { if(doc['event.code'].value.equals(Integer.toString(1))) { def args = \\\"\\\"; if (doc['process.args'].size() != 0) { for(int i=0; i winlog.computer_name:(\\\\S+) > .*\\\").legend(position=ne)\",\"interval\":\"auto\"},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:14.768Z","id":"e48bf6f0-e90f-11e9-9070-f78ae052729a","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:14.768Z","version":"WzIyNywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_security_4625_failed_logon_types_label","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_security_4625_failed_logon_types_label\",\"type\":\"markdown\",\"params\":{\"markdown\":\"|Logon Type|Logon Title|Description|\\n| :-: | :- | :- |\\n| 2 | Interactive | A user logged on to this computer. |\\n| 3 | Network | A user or computer logged on to this computer from the network. |\\n| 4 | Batch | Batch logon type is used by batch servers, where processes may be executing on behalf of a user without their direct intervention. |\\n| 5 | Service | A service was started by the Service Control Manager. |\\n| 7 | Unlock | This workstation was unlocked. |\\n| 8 | NetworkCleartext | A user logged on to this computer from the network. The user's password was passed to the authentication package in its unhashed form. The built-in authentication packages all hash credentials before sending them across the network. The credentials do not traverse the network in plaintext (also called cleartext). |\\n| 9 | NewCredentials | A caller cloned its current token and specified new credentials for outbound connections. The new logon session has the same local identity, but uses different credentials for other network connections. |\\n| 10 | RemoteInteractive | A user logged on to this computer remotely using Terminal Services or Remote Desktop. |\\n| 11 | CachedInteractive | A user logged on to this computer with network credentials that were stored locally on the computer. The domain controller was not contacted to verify the credentials. |\\n\\nFor more information see *https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4625*\",\"openLinksInNewTab\":false,\"fontSize\":10},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:14.768Z","id":"846ca470-e9ac-11e9-92c4-d918939a618e","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:14.768Z","version":"WzIyOCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_4625_failed_logon_status_codes_pie","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"vis_sd_security_4625_failed_logon_status_codes_pie\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.LogonType\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.Status\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"segment\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.SubStatus\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:14.768Z","id":"43ef93b0-e9a9-11e9-92c4-d918939a618e","managed":false,"references":[{"id":"0b549610-e902-11e9-9070-f78ae052729a","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:14.768Z","version":"WzIyOSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_security_4625_failed_logon_status_label","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_security_4625_failed_logon_status_label\",\"type\":\"markdown\",\"params\":{\"markdown\":\"| Code | Description |\\n| :- | :- |\\n| 0XC000005E | There are currently no logon servers available to service the logon request. |\\n| 0xC0000064 | User logon with misspelled or bad user account |\\n| 0xC000006A | User logon with misspelled or bad password |\\n| 0XC000006D | This is either due to a bad username or authentication information |\\n| 0XC000006E | Unknown user name or bad password. |\\n| 0xC000006F | User logon outside authorized hours |\\n| 0xC0000070 | User logon from unauthorized workstation |\\n| 0xC0000071 | User logon with expired password |\\n| 0xC0000072 | User logon to account disabled by administrator |\\n| 0XC00000DC | Indicates the Sam Server was in the wrong state to perform the desired operation. |\\n| 0XC0000133 | Clocks between DC and other computer too far out of sync |\\n| 0XC000015B | The user has not been granted the requested logon type (aka logon right) at this machine |\\n| 0XC000018C | The logon request failed because the trust relationship between the primary domain and the trusted domain failed. |\\n| 0XC0000192 | An attempt was made to logon, but the Netlogon service was not started. |\\n| 0xC0000193 | User logon with expired account |\\n| 0XC0000224 | User is required to change password at next logon |\\n| 0XC0000225 | Evidently a bug in Windows and not a risk |\\n| 0xC0000234 | User logon with account locked |\\n| 0XC00002EE | Failure Reason: An Error occurred during Logon |\\n| 0XC0000413 | Logon Failure: The machine you are logging onto is protected by an authentication firewall. The specified account is not allowed to authenticate to the machine. |\\n| 0x0 | Status OK. |\\n\\nFor more information see *https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4625*\",\"openLinksInNewTab\":false,\"fontSize\":10},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:14.768Z","id":"3690c770-e9ae-11e9-92c4-d918939a618e","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:14.768Z","version":"WzIzMCwxXQ=="} -{"attributes":{"columns":["host.name","winlog.event_data.SubjectUserName","winlog.event_data.TargetUserName","winlog.event_data.TargetServerName","winlog.event_data.SubjectDomainName","winlog.event_data.TargetDomainName","winlog.event_data.ProcessId","winlog.event_data.ProcessName"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.channel:Security and winlog.event_id:4648 \",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"custom\",\"disabled\":false,\"negate\":false,\"alias\":null,\"key\":\"query\",\"value\":\"{\\\"bool\\\":{\\\"must\\\":[{\\\"script\\\":{\\\"script\\\":\\\"doc['winlog.event_data.SubjectUserName'].value != doc['winlog.event_data.TargetUserName'].value\\\"}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"must\":[{\"script\":{\"script\":\"doc['winlog.event_data.SubjectUserName'].value != doc['winlog.event_data.TargetUserName'].value\"}}]}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"alias\":null,\"negate\":true,\"disabled\":false,\"type\":\"phrase\",\"key\":\"winlog.event_data.TargetDomainName\",\"params\":{\"query\":\"Window Manager\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"winlog.event_data.TargetDomainName\":\"Window Manager\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"alias\":null,\"negate\":true,\"disabled\":false,\"type\":\"phrase\",\"key\":\"winlog.event_data.TargetDomainName\",\"params\":{\"query\":\"Font Driver Host\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"winlog.event_data.TargetDomainName\":\"Font Driver Host\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"timeRestore":false,"title":"srch_sd_security_4648_logon_explicit_creds_running_as_different_user","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:14.768Z","id":"103ccef0-ea73-11e9-be68-7f08998695a8","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:14.768Z","version":"WzIzMSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_security_logs_computernames_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Logged events\"}},{\"id\":\"2\",\"enabled\":false,\"type\":\"filters\",\"schema\":\"bucket\",\"params\":{\"filters\":[{\"input\":{\"query\":\"winlog.event_id : 4624\",\"language\":\"kuery\"},\"label\":\"EventID 4624\"}]}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1000,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Computername\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{},\"params\":{},\"aggType\":\"filters\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"vis_sd_security_logs_computernames_datatable\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:14.768Z","id":"1c4214a0-f0cf-11e9-a5fc-65ed253cef03","managed":false,"references":[{"id":"e30872f0-e698-11e9-8be5-cd86dcca33f3","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:14.768Z","version":"WzIzMiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n| [ Credential Access logs](#/dashboard/403259b0-42ff-11ef-ad69-a315bc8e9abb)\\n| [ Privilege Access logs](#/dashboard/ff4536e0-439c-11ef-bb7f-8131442929d4)\\n| [ Policy Changes & System Activity](#/dashboard/b9590350-4ad6-11ef-b548-fb0fe2537bf7)\\n| [ Identity access Management](#/dashboard/99145260-4618-11ef-af9e-99159f20f35b)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T12:04:55.244Z","version":"WzMwMSwxXQ=="} -{"attributes":{"description":"Security log related events","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":24,\"h\":15,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security logs events\",\"panelRefName\":\"panel_1\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":134,\"w\":48,\"h\":17,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - Process creation - event ID 4688\",\"panelRefName\":\"panel_2\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":109,\"w\":48,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Log Cleared - event ID 1102 or 104\",\"panelRefName\":\"panel_3\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":151,\"w\":48,\"h\":18,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - Logon created - Logon type 2\",\"panelRefName\":\"panel_6\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":3,\"w\":24,\"h\":8,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Select a computer to filter the below results. Leave blank for all\",\"panelRefName\":\"panel_7\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":169,\"w\":48,\"h\":15,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - network logon created - Logon type 3\",\"panelRefName\":\"panel_8\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":117,\"w\":48,\"h\":17,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log events - Detail\",\"panelRefName\":\"panel_9\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":184,\"w\":48,\"h\":17,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - logon as a service - Logon type 5\",\"panelRefName\":\"panel_10\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":201,\"w\":48,\"h\":15,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - Credential sent as clear text - Logon type 8\",\"panelRefName\":\"panel_11\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":18,\"w\":24,\"h\":15,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed logon attempts\",\"panelRefName\":\"panel_15\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":216,\"w\":48,\"h\":18,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Security log - Logons with special privileges assigned - event ID 4672\",\"panelRefName\":\"panel_19\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":18,\"w\":24,\"h\":15,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Computers showing failed login attempts - 10 maximum shown\",\"panelRefName\":\"panel_20\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":33,\"w\":48,\"h\":18,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed logon type codes\",\"panelRefName\":\"panel_21\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":51,\"w\":48,\"h\":16,\"i\":\"22\"},\"panelIndex\":\"22\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed logon and reason (status code)\",\"panelRefName\":\"panel_22\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":83,\"w\":48,\"h\":26,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed logon status codes\",\"panelRefName\":\"panel_23\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":234,\"w\":48,\"h\":15,\"i\":\"28\"},\"panelIndex\":\"28\",\"embeddableConfig\":{\"enhancements\":{},\"sort\":[]},\"title\":\"Security log - Process started with different credentials- event ID 4648 [could be RUNAS, scheduled tasks]\",\"panelRefName\":\"panel_28\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":11,\"w\":24,\"h\":7,\"i\":\"30\"},\"panelIndex\":\"30\",\"embeddableConfig\":{\"enhancements\":{},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"title\":\"Select a computername to filter\",\"panelRefName\":\"panel_30\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"b71dba65-ed1c-4917-9fc7-54923511ad2d\"},\"panelIndex\":\"b71dba65-ed1c-4917-9fc7-54923511ad2d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b71dba65-ed1c-4917-9fc7-54923511ad2d\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":67,\"w\":48,\"h\":16,\"i\":\"96010259-5ae8-4632-bcce-34078573b1cd\"},\"panelIndex\":\"96010259-5ae8-4632-bcce-34078573b1cd\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Failed Logons\",\"panelRefName\":\"panel_96010259-5ae8-4632-bcce-34078573b1cd\"}]","timeRestore":false,"title":"Security Dashboard - Security Log","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:14.768Z","id":"51186cd0-e8e9-11e9-9070-f78ae052729a","managed":false,"references":[{"id":"e5245110-e8e8-11e9-9070-f78ae052729a","name":"1:panel_1","type":"visualization"},{"id":"781b09e0-e8ea-11e9-9070-f78ae052729a","name":"2:panel_2","type":"search"},{"id":"8c100710-e8eb-11e9-9070-f78ae052729a","name":"3:panel_3","type":"search"},{"id":"0222a210-e8f0-11e9-9070-f78ae052729a","name":"6:panel_6","type":"visualization"},{"id":"5c6f40d0-e8f4-11e9-9070-f78ae052729a","name":"7:panel_7","type":"visualization"},{"id":"666027c0-e8f5-11e9-9070-f78ae052729a","name":"8:panel_8","type":"visualization"},{"id":"e30872f0-e698-11e9-8be5-cd86dcca33f3","name":"9:panel_9","type":"search"},{"id":"d99cb4d0-e8f8-11e9-9070-f78ae052729a","name":"10:panel_10","type":"visualization"},{"id":"80125e30-e900-11e9-9070-f78ae052729a","name":"11:panel_11","type":"visualization"},{"id":"fefc2830-e904-11e9-9070-f78ae052729a","name":"15:panel_15","type":"visualization"},{"id":"379f1cb0-e90a-11e9-9070-f78ae052729a","name":"19:panel_19","type":"visualization"},{"id":"e48bf6f0-e90f-11e9-9070-f78ae052729a","name":"20:panel_20","type":"visualization"},{"id":"846ca470-e9ac-11e9-92c4-d918939a618e","name":"21:panel_21","type":"visualization"},{"id":"43ef93b0-e9a9-11e9-92c4-d918939a618e","name":"22:panel_22","type":"visualization"},{"id":"3690c770-e9ae-11e9-92c4-d918939a618e","name":"23:panel_23","type":"visualization"},{"id":"103ccef0-ea73-11e9-be68-7f08998695a8","name":"28:panel_28","type":"search"},{"id":"1c4214a0-f0cf-11e9-a5fc-65ed253cef03","name":"30:panel_30","type":"visualization"},{"id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","name":"b71dba65-ed1c-4917-9fc7-54923511ad2d:panel_b71dba65-ed1c-4917-9fc7-54923511ad2d","type":"visualization"},{"id":"0b549610-e902-11e9-9070-f78ae052729a","name":"96010259-5ae8-4632-bcce-34078573b1cd:panel_96010259-5ae8-4632-bcce-34078573b1cd","type":"search"}],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-08-13T11:59:14.768Z","version":"WzIzNCwxXQ=="} -{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":26,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file diff --git a/dashboard_refactor/needs_refactoring/sysmon_summary.ndjson b/dashboard_refactor/needs_refactoring/sysmon_summary.ndjson deleted file mode 100644 index f1018c68..00000000 --- a/dashboard_refactor/needs_refactoring/sysmon_summary.ndjson +++ /dev/null @@ -1,11 +0,0 @@ -{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":10},\"source.ip\":{\"count\":3},\"source.port\":{\"count\":3},\"winlog.event_data.IpAddress\":{\"count\":6},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":5},\"winlog.event_data.TargetDomainName\":{\"count\":9},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.event_data.ProcessID\":{\"count\":1},\"process.executable\":{\"count\":2},\"destination.ip\":{\"count\":1},\"destination.port\":{\"count\":1},\"network.transport\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.DestinationIp\":{\"count\":5},\"winlog.event_data.DestinationPort\":{\"count\":1},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.SourceIp\":{\"count\":3},\"winlog.event_data.SourcePort\":{\"count\":3},\"winlog.event_data.SourcePortName\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":1},\"winlog.event_data.SubjectUserName\":{\"count\":2},\"winlog.event_data.TargetUser\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"winlogbeat-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"winlogbeat-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"68a051a0-1d7f-11e9-9fc5-a91039822035","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI1NSwxXQ=="} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.channel:\\\"Microsoft-Windows-Sysmon/Operational\\\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_sysmon_all_events","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:15.791Z","id":"8b6d5950-e5c8-11e9-8f1d-73a2ea4cc3ed","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:15.791Z","version":"WzIzNiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_sysmon_all_events_count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_all_events_count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:15.791Z","id":"6bae6b40-e5cd-11e9-8f1d-73a2ea4cc3ed","managed":false,"references":[{"id":"8b6d5950-e5c8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:15.791Z","version":"WzIzNywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_sysmon_all_events_pie","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_all_events_pie\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":23,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Event code\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":false,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":0},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:15.791Z","id":"8fcbbf80-e5ca-11e9-8f1d-73a2ea4cc3ed","managed":false,"references":[{"id":"8b6d5950-e5c8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:15.791Z","version":"WzIzOCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_sysmon_all_events_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_all_events_datatable\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"winlog.event_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":23,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Event code\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:15.791Z","id":"fb34c760-e5cc-11e9-8f1d-73a2ea4cc3ed","managed":false,"references":[{"id":"8b6d5950-e5c8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:15.791Z","version":"WzIzOSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"vis_sd_sysmon_all_host_events_datatable","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_all_host_events_datatable\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":23,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Event code\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Missing computer name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Computer name\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"split\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Missing computer name\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}],\"splitRow\":[{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"row\":true,\"percentageCol\":\"\",\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:15.791Z","id":"4ff18f60-e5d0-11e9-8f1d-73a2ea4cc3ed","managed":false,"references":[{"id":"8b6d5950-e5c8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:15.791Z","version":"WzI0MCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_sysmon_event_code_reference","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"markdown\",\"aggs\":[],\"params\":{\"markdown\":\"| \\tEvent ID\\t | \\tEvent\\t | \\tDescription\\t |\\n| \\t:-:\\t | \\t:-\\t | \\t-\\t |\\n| \\t1\\t | \\tProcess creation\\t | \\tThe process creation event provides extended information about a newly created process. The full command line provides context on the process execution. The ProcessGUID field is a unique value for this process across a domain to make event correlation easier. The hash is a full hash of the file with the algorithms in the HashType field.\\t |\\n| \\t2\\t | \\tA process changed a file creation time\\t | \\tThe change file creation time event is registered when a file creation time is explicitly modified by a process. This event helps tracking the real creation time of a file. Attackers may change the file creation time of a backdoor to make it look like it was installed with the operating system. Note that many processes legitimately change the creation time of a file; it does not necessarily indicate malicious activity.\\t |\\n| \\t3\\t | \\tNetwork connection\\t | \\tThe network connection event logs TCP/UDP connections on the machine. It is disabled by default. Each connection is linked to a process through the ProcessId and ProcessGUID fields. The event also contains the source and destination host names IP addresses, port numbers and IPv6 status.\\t |\\n| \\t4\\t | \\tSysmon service state changed\\t | \\tThe service state change event reports the state of the Sysmon service (started or stopped).\\t |\\n| \\t5\\t | \\tProcess terminated\\t | \\tThe process terminate event reports when a process terminates. It provides the UtcTime, ProcessGuid and ProcessId of the process.\\t |\\n| \\t6\\t | \\tDriver loaded\\t | \\tThe driver loaded events provides information about a driver being loaded on the system. The configured hashes are provided as well as signature information. The signature is created asynchronously for performance reasons and indicates if the file was removed after loading.\\t |\\n| \\t7\\t | \\tImage loaded\\t | \\tThe image loaded event logs when a module is loaded in a specific process. This event is disabled by default and needs to be configured with the ๏ฟฝl option. It indicates the process in which the module is loaded, hashes and signature information. The signature is created asynchronously for performance reasons and indicates if the file was removed after loading. This event should be configured carefully, as monitoring all image load events will generate a large number of events.\\t |\\n| \\t8\\t | \\tCreateRemoteThread\\t | \\tThe CreateRemoteThread event detects when a process creates a thread in another process. This technique is used by malware to inject code and hide in other processes. The event indicates the source and target process. It gives information on the code that will be run in the new thread: StartAddress, StartModule and StartFunction. Note that StartModule and StartFunction fields are inferred, they might be empty if the starting address is outside loaded modules or known exported functions.\\t |\\n| \\t9\\t | \\tRawAccessRead\\t | \\tThe RawAccessRead event detects when a process conducts reading operations from the drive using the \\\\\\\\\\\\\\\\.\\\\ denotation. This technique is often used by malware for data exfiltration of files that are locked for reading, as well as to avoid file access auditing tools. The event indicates the source process and target device.\\t |\\n| \\t10\\t | \\tProcessAccess\\t | \\tThe process accessed event reports when a process opens another process, an operation that๏ฟฝs often followed by information queries or reading and writing the address space of the target process. This enables detection of hacking tools that read the memory contents of processes like Local Security Authority (Lsass.exe) in order to steal credentials for use in Pass-the-Hash attacks. Enabling it can generate significant amounts of logging if there are diagnostic utilities active that repeatedly open processes to query their state, so it generally should only be done so with filters that remove expected accesses.\\t |\\n| \\t11\\t | \\tFileCreate\\t | \\tFile create operations are logged when a file is created or overwritten. This event is useful for monitoring autostart locations, like the Startup folder, as well as temporary and download directories, which are common places malware drops during initial infection.\\t |\\n| \\t12\\t | \\tRegistryEvent (Object create and delete)\\t | \\tRegistry key and value create and delete operations map to this event type, which can be useful for monitoring for changes to Registry autostart locations, or specific malware registry modifications. Sysmon uses abbreviated versions of Registry root key names, with the following mappings: |\\n|||**Key name**                                                                                          **Abbreviation**|\\n|||HKEY_LOCAL_MACHINE                                                                  HKLM|\\n|||HKEY_USERS                                                                                     HKU|\\n|||HKEY_LOCAL_MACHINE\\\\System\\\\ControlSet00x                          HKLM\\\\System\\\\CurrentControlSet|\\n|||HKEY_LOCAL_MACHINE\\\\Classes                                                    HKCR|\\n| \\t13\\t | \\tRegistryEvent (Value Set)\\t | \\tThis Registry event type identifies Registry value modifications. The event records the value written for Registry values of type DWORD and QWORD.\\t |\\n| \\t14\\t | \\tRegistryEvent (Key and Value Rename)\\t | \\tRegistry key and value rename operations map to this event type, recording the new name of the key or value that was renamed.\\t |\\n| \\t15\\t | \\tFileCreateStreamHash\\t | \\tThis event logs when a named file stream is created, and it generates events that log the hash of the contents of the file to which the stream is assigned (the unnamed stream), as well as the contents of the named stream. There are malware variants that drop their executables or configuration settings via browser downloads, and this event is aimed at capturing that based on the browser attaching a Zone.Identifier ๏ฟฝmark of the web๏ฟฝ stream.\\t |\\n| \\t16\\t | \\tServiceConfigurationChange\\t | \\tThis event logs changes in the Sysmon configuration - for example when the filtering rules are updated.\\t |\\n| \\t17\\t | \\tPipeEvent (Pipe Created)\\t | \\tThis event generates when a named pipe is created. Malware often uses named pipes for interprocess communication.\\t |\\n| \\t18\\t | \\tPipeEvent (Pipe Connected)\\t | \\tThis event logs when a named pipe connection is made between a client and a server.\\t |\\n| \\t19\\t | \\tWmiEvent (WmiEventFilter activity detected)\\t | \\tWhen a WMI event filter is registered, which is a method used by malware to execute, this event logs the WMI namespace, filter name and filter expression.\\t |\\n| \\t20\\t | \\tWmiEvent (WmiEventConsumer activity detected)\\t | \\tThis event logs the registration of WMI consumers, recording the consumer name, log, and destination.\\t |\\n| \\t21\\t | \\tWmiEvent (WmiEventConsumerToFilter activity detected)\\t | \\tWhen a consumer binds to a filter, this event logs the consumer name and filter path.\\t |\\n| \\t22\\t | \\tDNSEvent (DNS query)\\t | \\tThis event generates when a process executes a DNS query, whether the result is successful or fails, cached or not. The telemetry for this event was added for Windows 8.1 so it is not available on Windows 7 and earlier.\\t |\\n| \\t23\\t | \\tFileDelete (A file delete was detected)\\t | \\tA file was deleted.\\t |\\n| \\t24\\t | \\tClipboardChange (New content in the clipboard)\\t | \\tThis event is generated when the system clipboard contents change.\\t |\\n| \\t25\\t | \\tProcessTampering (Process image change)\\t | \\tThis event is generated when a process image is changed from an external source, such as a different process.\\t |\\n| \\t255\\t | \\tError\\t | \\tThis event is generated when an error occurred within Sysmon. They can happen if the system is under heavy load and certain tasked could not be performed or a bug exists in the Sysmon service. You can report any bugs on the Sysinternals forum or over Twitter (@markrussinovich).\\t |\\n\\nFor more information see *https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon*\",\"openLinksInNewTab\":false,\"fontSize\":10},\"title\":\"vis_sd_sysmon_event_code_reference\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:15.791Z","id":"7d3955e0-e9b6-11e9-92c4-d918939a618e","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:15.791Z","version":"WzI0MSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"vis_sd_sysmon_events_by_computer_timelion","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"vis_sd_sysmon_events_by_computer_timelion\",\"type\":\"timelion\",\"params\":{\"expression\":\".es(q=winlog.provider_name:Microsoft-Windows-Sysmon, index=winlogbeat-*, split=winlog.computer_name:40).label(\\\"$1\\\",\\\"^.* > winlog.computer_name:(\\\\S+) > .*\\\").title(\\\"Sysmon events by computer\\\").legend(position=nw).yaxis(label=\\\"Number of events\\\")\",\"interval\":\"auto\"},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:15.791Z","id":"35500920-eb66-11e9-875d-ef4cb6c5875d","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:15.791Z","version":"WzI0MiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n| [ Credential Access logs](#/dashboard/403259b0-42ff-11ef-ad69-a315bc8e9abb)\\n| [ Privilege Access logs](#/dashboard/ff4536e0-439c-11ef-bb7f-8131442929d4)\\n| [ Policy Changes & System Activity](#/dashboard/b9590350-4ad6-11ef-b548-fb0fe2537bf7)\\n| [ Identity access Management](#/dashboard/99145260-4618-11ef-af9e-99159f20f35b)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T12:04:55.244Z","version":"WzMwMSwxXQ=="} -{"attributes":{"description":"Summarizes collected Sysmon event data","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":24,\"h\":13,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Total number of Sysmon events found\",\"panelRefName\":\"panel_2\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":3,\"w\":24,\"h\":13,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{},\"vis\":{\"legendOpen\":true}},\"title\":\"Percentage of Sysmon events by event code\",\"panelRefName\":\"panel_3\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":16,\"w\":24,\"h\":18,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Count of Sysmon events by event code\",\"panelRefName\":\"panel_4\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":16,\"w\":24,\"h\":18,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}}},\"enhancements\":{}},\"title\":\"Top 10 hosts generating the most Sysmon data\",\"panelRefName\":\"panel_5\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":34,\"w\":48,\"h\":21,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Sysmon event code reference\",\"panelRefName\":\"panel_7\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":55,\"w\":48,\"h\":15,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Sysmon events\",\"panelRefName\":\"panel_8\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"76bd58e2-b637-4a48-ae79-4ca8abeab308\"},\"panelIndex\":\"76bd58e2-b637-4a48-ae79-4ca8abeab308\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_76bd58e2-b637-4a48-ae79-4ca8abeab308\"}]","timeRestore":false,"title":"Sysmon Summary","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:15.791Z","id":"d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed","managed":false,"references":[{"id":"6bae6b40-e5cd-11e9-8f1d-73a2ea4cc3ed","name":"2:panel_2","type":"visualization"},{"id":"8fcbbf80-e5ca-11e9-8f1d-73a2ea4cc3ed","name":"3:panel_3","type":"visualization"},{"id":"fb34c760-e5cc-11e9-8f1d-73a2ea4cc3ed","name":"4:panel_4","type":"visualization"},{"id":"4ff18f60-e5d0-11e9-8f1d-73a2ea4cc3ed","name":"5:panel_5","type":"visualization"},{"id":"7d3955e0-e9b6-11e9-92c4-d918939a618e","name":"7:panel_7","type":"visualization"},{"id":"35500920-eb66-11e9-875d-ef4cb6c5875d","name":"8:panel_8","type":"visualization"},{"id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","name":"76bd58e2-b637-4a48-ae79-4ca8abeab308:panel_76bd58e2-b637-4a48-ae79-4ca8abeab308","type":"visualization"}],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-08-13T11:59:15.791Z","version":"WzI0NCwxXQ=="} -{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":10,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file diff --git a/dashboard_refactor/needs_refactoring/user_hr.ndjson b/dashboard_refactor/needs_refactoring/user_hr.ndjson deleted file mode 100644 index 0fa94ad2..00000000 --- a/dashboard_refactor/needs_refactoring/user_hr.ndjson +++ /dev/null @@ -1,10 +0,0 @@ -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n| [ Credential Access logs](#/dashboard/403259b0-42ff-11ef-ad69-a315bc8e9abb)\\n| [ Privilege Access logs](#/dashboard/ff4536e0-439c-11ef-bb7f-8131442929d4)\\n| [ Policy Changes & System Activity](#/dashboard/b9590350-4ad6-11ef-b548-fb0fe2537bf7)\\n| [ Identity access Management](#/dashboard/99145260-4618-11ef-af9e-99159f20f35b)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T12:04:55.244Z","version":"WzMwMSwxXQ=="} -{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":10},\"source.ip\":{\"count\":3},\"source.port\":{\"count\":3},\"winlog.event_data.IpAddress\":{\"count\":6},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":5},\"winlog.event_data.TargetDomainName\":{\"count\":9},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.event_data.ProcessID\":{\"count\":1},\"process.executable\":{\"count\":2},\"destination.ip\":{\"count\":1},\"destination.port\":{\"count\":1},\"network.transport\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.DestinationIp\":{\"count\":5},\"winlog.event_data.DestinationPort\":{\"count\":1},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.SourceIp\":{\"count\":3},\"winlog.event_data.SourcePort\":{\"count\":3},\"winlog.event_data.SourcePortName\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":1},\"winlog.event_data.SubjectUserName\":{\"count\":2},\"winlog.event_data.TargetUser\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"winlogbeat-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"winlogbeat-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"68a051a0-1d7f-11e9-9fc5-a91039822035","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI1NSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}"},"title":"Security - Select User","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Select User\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1587572089136\",\"label\":\"Domain(s)\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\",\"fieldName\":\"winlog.event_data.TargetDomainName\",\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1587713561601\",\"fieldName\":\"winlog.event_data.TargetUserName\",\"parent\":\"\",\"label\":\"Username(s)\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"a64ec020-84b4-11ea-b7fb-01bea49d9239","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_0_index_pattern","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_1_index_pattern","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI1NiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"HR - User activity title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HR - User activity title\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"## All user activity\"},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:16.817Z","id":"eafe31b0-8a22-11ea-9ff6-ed89e356f0e4","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:16.817Z","version":"WzI0OCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"HR - Logon title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HR - Logon title\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"## Logon / Logoff events\"},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:16.817Z","id":"20387200-8a23-11ea-9ff6-ed89e356f0e4","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:16.817Z","version":"WzI0OSwxXQ=="} -{"attributes":{"columns":["winlog.event_data.SubjectDomainName","winlog.event_data.TargetUserName","host.name","winlog.event_data.TargetLogonId"],"description":"","grid":{"columns":{"user.name":{"width":193},"winlog.event_data.SubjectDomainName":{"width":193}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code:\\\"4624\\\" and not user.name:*$\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"winlog.event_data.LogonType\",\"value\":[\"2\",\"10\",\"11\",\"7\"],\"params\":[\"2\",\"10\",\"11\",\"7\"],\"alias\":null,\"negate\":false,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"winlog.event_data.LogonType\":\"2\"}},{\"match_phrase\":{\"winlog.event_data.LogonType\":\"10\"}},{\"match_phrase\":{\"winlog.event_data.LogonType\":\"11\"}},{\"match_phrase\":{\"winlog.event_data.LogonType\":\"7\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Interactive Logon search","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:16.817Z","id":"2fa5fa00-8a1e-11ea-9ff6-ed89e356f0e4","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:16.817Z","version":"WzI1MCwxXQ=="} -{"attributes":{"columns":["winlog.event_data.TargetUserName","winlog.event_data.TargetDomainName","host.name","winlog.event_data.TargetLogonId"],"description":"","grid":{"columns":{"winlog.event_data.TargetDomainName":{"width":241},"winlog.event_data.TargetUserName":{"width":241}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(event.code:\\\"4634\\\" OR event.code:\\\"4647\\\" ) and not user.name:*$\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Logoff events","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:16.817Z","id":"e02eb1f0-8a1e-11ea-9ff6-ed89e356f0e4","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:16.817Z","version":"WzI1MSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HR - Interactive v Remote pie","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HR - Interactive v Remote pie\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{},\"params\":{},\"label\":\"filters\",\"aggType\":\"filters\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"filters\",\"schema\":\"segment\",\"params\":{\"filters\":[{\"input\":{\"query\":\"winlog.event_data.LogonType:2\",\"language\":\"lucene\"},\"label\":\"Interactive\"},{\"input\":{\"query\":\"winlog.event_data.LogonType:10\",\"language\":\"lucene\"},\"label\":\"RemoteInteractive\"}]}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:16.817Z","id":"b4cccab0-8a23-11ea-9ff6-ed89e356f0e4","managed":false,"references":[{"id":"2fa5fa00-8a1e-11ea-9ff6-ed89e356f0e4","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:16.817Z","version":"WzI1MiwxXQ=="} -{"attributes":{"description":"Overview of user activity for Human Resources\n","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"46f5e2d0-544b-4159-bf78-a44737a093cb\"},\"panelIndex\":\"46f5e2d0-544b-4159-bf78-a44737a093cb\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_46f5e2d0-544b-4159-bf78-a44737a093cb\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":16,\"h\":12,\"i\":\"bf3efd15-6e7c-4a6e-bb30-e7b759306282\"},\"panelIndex\":\"bf3efd15-6e7c-4a6e-bb30-e7b759306282\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Select domain(s) and username(s)\",\"panelRefName\":\"panel_bf3efd15-6e7c-4a6e-bb30-e7b759306282\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":3,\"w\":15,\"h\":12,\"i\":\"9401acd4-64d2-484d-a0dc-2647cc626e56\"},\"panelIndex\":\"9401acd4-64d2-484d-a0dc-2647cc626e56\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"68a051a0-1d7f-11e9-9fc5-a91039822035\",\"name\":\"indexpattern-datasource-layer-23f1f6ab-b8b6-47e2-a508-4b3f368cb093\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"23f1f6ab-b8b6-47e2-a508-4b3f368cb093\",\"accessors\":[\"5a238afa-9ffa-4568-8a43-6167c0a76b67\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"cd51b883-1c2b-42c5-95e4-d1ef8aa38fc7\",\"splitAccessor\":\"fc23a029-309e-40a7-aeca-309fd8423ced\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"23f1f6ab-b8b6-47e2-a508-4b3f368cb093\":{\"columns\":{\"cd51b883-1c2b-42c5-95e4-d1ef8aa38fc7\":{\"label\":\"Top 5 values of winlog.event_data.SubjectDomainName\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectDomainName\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5a238afa-9ffa-4568-8a43-6167c0a76b67\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"fc23a029-309e-40a7-aeca-309fd8423ced\":{\"label\":\"Top 3 values of winlog.event_data.TargetUserName\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.TargetUserName\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5a238afa-9ffa-4568-8a43-6167c0a76b67\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"5a238afa-9ffa-4568-8a43-6167c0a76b67\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"cd51b883-1c2b-42c5-95e4-d1ef8aa38fc7\",\"fc23a029-309e-40a7-aeca-309fd8423ced\",\"5a238afa-9ffa-4568-8a43-6167c0a76b67\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Filter Users\"},{\"type\":\"lens\",\"gridData\":{\"x\":31,\"y\":3,\"w\":17,\"h\":12,\"i\":\"84db1c16-9a85-4d7a-a4bb-7ee0eaa25c5c\"},\"panelIndex\":\"84db1c16-9a85-4d7a-a4bb-7ee0eaa25c5c\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"68a051a0-1d7f-11e9-9fc5-a91039822035\",\"name\":\"indexpattern-datasource-layer-f67bbe9f-ae2f-4601-8fec-3a935e9f9ff2\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar\",\"layers\":[{\"layerId\":\"f67bbe9f-ae2f-4601-8fec-3a935e9f9ff2\",\"accessors\":[\"5d3a9e33-d23b-4f5d-b02c-260e5016d278\"],\"position\":\"top\",\"seriesType\":\"bar\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"22b4e313-2858-411e-a90b-911198fa34fe\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f67bbe9f-ae2f-4601-8fec-3a935e9f9ff2\":{\"columns\":{\"22b4e313-2858-411e-a90b-911198fa34fe\":{\"label\":\"Top 5 values of winlog.computer_name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"winlog.computer_name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5d3a9e33-d23b-4f5d-b02c-260e5016d278\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"5d3a9e33-d23b-4f5d-b02c-260e5016d278\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"22b4e313-2858-411e-a90b-911198fa34fe\",\"5d3a9e33-d23b-4f5d-b02c-260e5016d278\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Filter Computers\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":15,\"w\":48,\"h\":4,\"i\":\"04b8ad89-b259-4d40-a6f7-40bd85498ee5\"},\"panelIndex\":\"04b8ad89-b259-4d40-a6f7-40bd85498ee5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_04b8ad89-b259-4d40-a6f7-40bd85498ee5\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":19,\"w\":24,\"h\":15,\"i\":\"bf9f9a7e-eced-42ad-9d72-193778290f71\"},\"panelIndex\":\"bf9f9a7e-eced-42ad-9d72-193778290f71\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"68a051a0-1d7f-11e9-9fc5-a91039822035\",\"name\":\"indexpattern-datasource-layer-6bfbd839-8497-464d-a473-26c01d5ba342\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"6bfbd839-8497-464d-a473-26c01d5ba342\",\"accessors\":[\"71b8b420-12e4-4dc5-bf20-933b0f4eb4e9\",\"bca165fa-40a3-4e7a-86bd-24ac4bbf6474\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"ded5443c-8b2d-4ea7-b640-b3a6a2212559\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"6bfbd839-8497-464d-a473-26c01d5ba342\":{\"columns\":{\"ded5443c-8b2d-4ea7-b640-b3a6a2212559\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"71b8b420-12e4-4dc5-bf20-933b0f4eb4e9\":{\"label\":\"Median of day_of_week\",\"dataType\":\"number\",\"operationType\":\"median\",\"sourceField\":\"day_of_week\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true}},\"bca165fa-40a3-4e7a-86bd-24ac4bbf6474\":{\"label\":\"Median of hour_of_day\",\"dataType\":\"number\",\"operationType\":\"median\",\"sourceField\":\"hour_of_day\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"ded5443c-8b2d-4ea7-b640-b3a6a2212559\",\"71b8b420-12e4-4dc5-bf20-933b0f4eb4e9\",\"bca165fa-40a3-4e7a-86bd-24ac4bbf6474\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"All User Events by Day of Week, Hour of Day\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":19,\"w\":24,\"h\":15,\"i\":\"cbb939c6-5de5-478a-813f-fa5aabff530a\"},\"panelIndex\":\"cbb939c6-5de5-478a-813f-fa5aabff530a\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"68a051a0-1d7f-11e9-9fc5-a91039822035\",\"name\":\"indexpattern-datasource-layer-f46d1729-4bd5-4219-9973-01913c208fef\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"f46d1729-4bd5-4219-9973-01913c208fef\",\"accessors\":[\"800c3857-3c9c-4fc5-a403-3fcbede05599\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"1e026cf2-cc40-41b2-a12f-c75d0058eac7\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f46d1729-4bd5-4219-9973-01913c208fef\":{\"columns\":{\"1e026cf2-cc40-41b2-a12f-c75d0058eac7\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"800c3857-3c9c-4fc5-a403-3fcbede05599\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"1e026cf2-cc40-41b2-a12f-c75d0058eac7\",\"800c3857-3c9c-4fc5-a403-3fcbede05599\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Timestamps by Count\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":34,\"w\":48,\"h\":4,\"i\":\"110dc89e-1139-438c-88a9-1914a7b12725\"},\"panelIndex\":\"110dc89e-1139-438c-88a9-1914a7b12725\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_110dc89e-1139-438c-88a9-1914a7b12725\"},{\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":38,\"w\":24,\"h\":15,\"i\":\"c28b411d-3dc3-472a-acd9-05ad0a1964b7\"},\"panelIndex\":\"c28b411d-3dc3-472a-acd9-05ad0a1964b7\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"User logon events (filter by LogonId)\",\"panelRefName\":\"panel_c28b411d-3dc3-472a-acd9-05ad0a1964b7\"},{\"type\":\"search\",\"gridData\":{\"x\":24,\"y\":38,\"w\":24,\"h\":15,\"i\":\"c3bc3c62-3c16-482c-b377-ecc40a21bc0a\"},\"panelIndex\":\"c3bc3c62-3c16-482c-b377-ecc40a21bc0a\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"User logoff events (correlate to logon events)\",\"panelRefName\":\"panel_c3bc3c62-3c16-482c-b377-ecc40a21bc0a\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":53,\"w\":24,\"h\":15,\"i\":\"d40424ec-2e13-4d8c-a942-95652715c75f\"},\"panelIndex\":\"d40424ec-2e13-4d8c-a942-95652715c75f\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"In person vs Remote logons\",\"panelRefName\":\"panel_d40424ec-2e13-4d8c-a942-95652715c75f\"}]","timeRestore":false,"title":"User HR","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T12:06:59.480Z","id":"618bc5d0-84f8-11ee-9838-ff0db128d8b2","managed":false,"references":[{"id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","name":"46f5e2d0-544b-4159-bf78-a44737a093cb:panel_46f5e2d0-544b-4159-bf78-a44737a093cb","type":"visualization"},{"id":"a64ec020-84b4-11ea-b7fb-01bea49d9239","name":"bf3efd15-6e7c-4a6e-bb30-e7b759306282:panel_bf3efd15-6e7c-4a6e-bb30-e7b759306282","type":"visualization"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"9401acd4-64d2-484d-a0dc-2647cc626e56:indexpattern-datasource-layer-23f1f6ab-b8b6-47e2-a508-4b3f368cb093","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"84db1c16-9a85-4d7a-a4bb-7ee0eaa25c5c:indexpattern-datasource-layer-f67bbe9f-ae2f-4601-8fec-3a935e9f9ff2","type":"index-pattern"},{"id":"eafe31b0-8a22-11ea-9ff6-ed89e356f0e4","name":"04b8ad89-b259-4d40-a6f7-40bd85498ee5:panel_04b8ad89-b259-4d40-a6f7-40bd85498ee5","type":"visualization"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"bf9f9a7e-eced-42ad-9d72-193778290f71:indexpattern-datasource-layer-6bfbd839-8497-464d-a473-26c01d5ba342","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"cbb939c6-5de5-478a-813f-fa5aabff530a:indexpattern-datasource-layer-f46d1729-4bd5-4219-9973-01913c208fef","type":"index-pattern"},{"id":"20387200-8a23-11ea-9ff6-ed89e356f0e4","name":"110dc89e-1139-438c-88a9-1914a7b12725:panel_110dc89e-1139-438c-88a9-1914a7b12725","type":"visualization"},{"id":"2fa5fa00-8a1e-11ea-9ff6-ed89e356f0e4","name":"c28b411d-3dc3-472a-acd9-05ad0a1964b7:panel_c28b411d-3dc3-472a-acd9-05ad0a1964b7","type":"search"},{"id":"e02eb1f0-8a1e-11ea-9ff6-ed89e356f0e4","name":"c3bc3c62-3c16-482c-b377-ecc40a21bc0a:panel_c3bc3c62-3c16-482c-b377-ecc40a21bc0a","type":"search"},{"id":"b4cccab0-8a23-11ea-9ff6-ed89e356f0e4","name":"d40424ec-2e13-4d8c-a942-95652715c75f:panel_d40424ec-2e13-4d8c-a942-95652715c75f","type":"visualization"}],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-08-13T12:06:59.480Z","version":"WzMxMSwxXQ=="} -{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":9,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file diff --git a/dashboard_refactor/needs_refactoring/user_security_logs_test.ndjson b/dashboard_refactor/needs_refactoring/user_security_logs_test.ndjson deleted file mode 100644 index bdee3273..00000000 --- a/dashboard_refactor/needs_refactoring/user_security_logs_test.ndjson +++ /dev/null @@ -1,39 +0,0 @@ -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n| [ Credential Access logs](#/dashboard/403259b0-42ff-11ef-ad69-a315bc8e9abb)\\n| [ Privilege Access logs](#/dashboard/ff4536e0-439c-11ef-bb7f-8131442929d4)\\n| [ Policy Changes & System Activity](#/dashboard/b9590350-4ad6-11ef-b548-fb0fe2537bf7)\\n| [ Identity access Management](#/dashboard/99145260-4618-11ef-af9e-99159f20f35b)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T12:04:55.244Z","version":"WzMwMSwxXQ=="} -{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":10},\"source.ip\":{\"count\":3},\"source.port\":{\"count\":3},\"winlog.event_data.IpAddress\":{\"count\":6},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":5},\"winlog.event_data.TargetDomainName\":{\"count\":9},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.event_data.ProcessID\":{\"count\":1},\"process.executable\":{\"count\":2},\"destination.ip\":{\"count\":1},\"destination.port\":{\"count\":1},\"network.transport\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.DestinationIp\":{\"count\":5},\"winlog.event_data.DestinationPort\":{\"count\":1},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.SourceIp\":{\"count\":3},\"winlog.event_data.SourcePort\":{\"count\":3},\"winlog.event_data.SourcePortName\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":1},\"winlog.event_data.SubjectUserName\":{\"count\":2},\"winlog.event_data.TargetUser\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"logs-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"68a051a0-1d7f-11e9-9fc5-a91039822035","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI1NSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}"},"title":"Security - Select User","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Select User\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1587572089136\",\"label\":\"Domain(s)\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\",\"fieldName\":\"winlog.event_data.TargetDomainName\",\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1587713561601\",\"fieldName\":\"winlog.event_data.TargetUserName\",\"parent\":\"\",\"label\":\"Username(s)\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"a64ec020-84b4-11ea-b7fb-01bea49d9239","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_0_index_pattern","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_1_index_pattern","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI1NiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security - Filter Hosts","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security - Filter Hosts\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Event count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host name\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"8b7ff050-8ed4-11ea-904c-391ecaa2f2f4","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI1NywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Security - Select Host","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Select Host\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1588685297382\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Host\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"53b65290-8ed4-11ea-904c-391ecaa2f2f4","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"control_0_index_pattern","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI1OCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Logons Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logons Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Logons\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"d58b0380-8540-11ea-b6c5-5d9149593ce4","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI1OSwxXQ=="} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(event.code:4624 OR event.code:4625) and not user.name:*$\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":\"NT AUTHORITY, Window Manager, Font Driver Host\",\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"},"sort":[["@timestamp","desc"]],"title":"Human User Logon Events","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI2MCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Logon attempts","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logon attempts\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Login attempts\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"22170f50-853c-11ea-b6c5-5d9149593ce4","managed":false,"references":[{"id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI2MSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Logon events over time","uiStateJSON":"{\"vis\":{\"colors\":{\"Failed attempts\":\"#BF1B00\",\"Successful atempts\":\"#629E51\"}}}","version":1,"visState":"{\"title\":\"Security - Logon events over time\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":1,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm:ss\"}},\"params\":{\"date\":true,\"interval\":\"PT30S\",\"format\":\"HH:mm:ss\",\"bounds\":{\"min\":\"2020-04-23T08:41:59.000Z\",\"max\":\"2020-04-23T08:56:59.000Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":0,\"format\":{},\"params\":{},\"aggType\":\"filters\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"filters\",\"schema\":\"group\",\"params\":{\"filters\":[{\"input\":{\"query\":\"event.code:4625\",\"language\":\"lucene\"},\"label\":\"Failed attempts\"},{\"input\":{\"query\":\"event.code:4624\",\"language\":\"lucene\"},\"label\":\"Successful atempts\"}]}},{\"id\":\"3\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"c0c8b560-84a9-11ea-b7fb-01bea49d9239","managed":false,"references":[{"id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI2MiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"event.code\",\"value\":\"4,624, 4,625\",\"params\":[\"4624\",\"4625\"],\"alias\":null,\"negate\":false,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"event.code\":\"4624\"}},{\"match_phrase\":{\"event.code\":\"4625\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"},"savedSearchRefName":"search_0","title":"Security - Logon hosts pie","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logon hosts pie\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Computers\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Computer\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"489f7350-853d-11ea-b6c5-5d9149593ce4","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI2MywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Logon hosts","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logon hosts\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"host.name\",\"customLabel\":\"Hosts\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"a179afa0-853c-11ea-b6c5-5d9149593ce4","managed":false,"references":[{"id":"dc42fc40-84a1-11ea-b7fb-01bea49d9239","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI2NCwxXQ=="} -{"attributes":{"columns":["event.code","host.name","winlog.event_data.TargetDomainName","winlog.event_data.TargetUserName","winlog.event_data.IpAddress","event.action","event.outcome","winlog.event_data.LogonType"],"description":"","grid":{"columns":{"user.domain":{"width":119},"user.name":{"width":134}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(event.code:4624 OR event.code:4625) and not user.name:*$\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Human Logon & Logoff events","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"2325be20-8616-11ea-a720-c7a0431f179d","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI2NSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Network Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Network Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Network Connections\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"a1229110-860f-11ea-a720-c7a0431f179d","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI2NiwxXQ=="} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id : \\\"3\\\" and event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"All network activity ","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"d1a74ce0-8641-11ea-907a-33d103156187","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI2NywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Network Activity Line","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Network Activity Line\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Connections\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15y\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"extendToTimeRange\":false,\"scaleMetricValues\":false,\"interval\":\"auto\",\"used_interval\":\"30d\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Connections\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Connections\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm:ss\"}},\"params\":{\"date\":true,\"interval\":\"PT30S\",\"format\":\"HH:mm:ss\",\"bounds\":{\"min\":\"2020-04-24T15:29:10.918Z\",\"max\":\"2020-04-24T15:44:10.918Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\",\"truncateLegend\":true,\"maxLegendLines\":1,\"radiusRatio\":9}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"ec7ad2d0-8641-11ea-907a-33d103156187","managed":false,"references":[{"id":"d1a74ce0-8641-11ea-907a-33d103156187","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI2OCwxXQ=="} -{"attributes":{"columns":["winlog.event_data.DestinationHostname","destination.ip","winlog.event_data.DestinationIsIpv6","network.","process.executable","winlog.event_data.DestinationPort","winlog.event_data.Protocol","winlog.user.name","winlog.user.type","source.ip","winlog.event_data.SourceIsIpv6","source.port","network.protocol"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id:3 AND NOT (destination.ip:\\\"10.0.0.0/8\\\" OR destination.ip:\\\"172.16.0.0/16\\\" OR destination.ip:\\\"192.168.0.0/16\\\" OR destionation.ip:\\\"224.0.0.0/24\\\" OR destination.ip:\\\"169.254.0.0/16\\\" OR destination.ip:\\\"127.0.0.1\\\" OR destination.ip:\\\"fe80::/10\\\" OR destination.ip:\\\"fc00::/7\\\") AND NOT (process.name:iexplore.exe OR process.name:chrome.exe OR process.name:firefox.exe OR process.name:opera.exe) AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_non_browsers_connection","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"a0f75d50-e5e8-11e9-8f1d-73a2ea4cc3ed","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI2OSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Network Process List","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security - Network Process List\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.DestinationIp\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":false,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.TargetUserName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Logged on user\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Computer\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.ProcessId\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":4,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"date\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"percentageCol\":\"\",\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"31a7d490-e677-11e9-8be5-cd86dcca33f3","managed":false,"references":[{"id":"a0f75d50-e5e8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI3MCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Network connections area ","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Network connections area \",\"type\":\"area\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":false,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"group\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.ProcessId\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"group\"}],\"params\":{\"type\":\"area\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"labels\":{},\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\",\"truncateLegend\":true,\"maxLegendLines\":1,\"radiusRatio\":9}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"3fb9dfd0-8887-11ea-99ef-bd4d29afe41e","managed":false,"references":[{"id":"a0f75d50-e5e8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI3MSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Overview - Processes with unusual network activity","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Overview - Processes with unusual network activity\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"significant_terms\",\"params\":{\"field\":\"winlog.event_data.ProcessId\",\"size\":10,\"include\":\"\",\"json\":\"\",\"customLabel\":\"Process\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"string\"},\"params\":{},\"label\":\"Process\",\"aggType\":\"significant_terms\"}]},\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"245778d0-8641-11ea-907a-33d103156187","managed":false,"references":[{"id":"a0f75d50-e5e8-11e9-8f1d-73a2ea4cc3ed","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI3MiwxXQ=="} -{"attributes":{"columns":["host.name","winlog.event_data.TargetUserName","winlog.event_data.TargetDomainName","winlog.event_data.SourceIp","winlog.event_data.SourcePort","winlog.event_data.DestinationIp","winlog.event_data.DestinationPort","winlog.event_data.ProcessId","winlog.event_data.ProcessName"],"description":"","grid":{"columns":{"winlog.event_data.SubjectDomainName":{"width":216}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id:3 AND NOT (destination.ip:\\\"10.0.0.0/8\\\" OR destination.ip:\\\"172.16.0.0/16\\\" OR destination.ip:\\\"192.168.0.0/16\\\" OR destionation.ip:\\\"224.0.0.0/24\\\" OR destination.ip:\\\"169.254.0.0/16\\\" OR destination.ip:\\\"127.0.0.1\\\" OR destination.ip:\\\"fe80::/10\\\" OR destination.ip:\\\"fc00::/7\\\") and event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"srch_uds_non_private_network","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"027102a0-e69f-11e9-8be5-cd86dcca33f3","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI3MywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Processes Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Processes Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Processes & Powershell\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"813d18f0-8869-11ea-99ef-bd4d29afe41e","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI3NCwxXQ=="} -{"attributes":{"columns":["host.name","winlog.event_data.TargetDomainName","winlog.event_data.User","winlog.event_data.ProcessId","winlog.event_data.ProcessName","winlog.event_data.Hashes","process.args"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code:\\\"1\\\" AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Process Spawns","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"ca56a030-8899-11ea-99ef-bd4d29afe41e","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI3NSwxXQ=="} -{"attributes":{"columns":["user.domain","user.name","host.name","process.executable","process.command_line","process.parent.executable","process.parent.command_line","file.path","event.code"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"process.parent.name:\\\"powershell.exe\\\" OR process.name:\\\"powershell.exe\\\" OR winlog.event_data.OriginalFileName:\\\"PowerShell.EXE\\\" OR process.command_line.text:\\\"powershell\\\" OR parent.process.command_line.text:\\\"powershell\\\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_sd_powershell_run","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"2e276480-ec16-11e9-befc-81397a291157","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI3NiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Powershell Run Count","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Security - Powershell Run Count\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"60553d40-ec18-11e9-befc-81397a291157","managed":false,"references":[{"id":"2e276480-ec16-11e9-befc-81397a291157","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI3NywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Powershell runs over time","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now/w\",\"to\":\"now/w\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":0,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"grid\":{\"categoryLines\":false},\"labels\":{},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#34130C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\"},\"title\":\"Security - Powershell runs over time\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"bc2e06f0-8930-11ea-9bd8-f3fed1ec2140","managed":false,"references":[{"id":"2e276480-ec16-11e9-befc-81397a291157","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI3OCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Power shell hosts pie","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"host.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addTooltip\":true,\"dimensions\":{\"metric\":{\"accessor\":0,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}},\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Security - Power shell hosts pie\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"2b71e9f0-8931-11ea-9bd8-f3fed1ec2140","managed":false,"references":[{"id":"2e276480-ec16-11e9-befc-81397a291157","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI3OSwxXQ=="} -{"attributes":{"columns":["user.domain","user.name","host.name","process.executable","process.args","process.parent.executable","process.parent.args"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(process.parent.name:\\\"powershell.exe\\\" OR process.name:\\\"powershell.exe\\\" OR winlog.event_data.OriginalFileName:\\\"PowerShell.EXE\\\") AND process.command_line.text:(\\\"invoke\\\" or \\\"bypass\\\" or \\\"iex\\\" or \\\"ex\\\" or \\\"icm\\\" or \\\"new-object\\\" or \\\"set\\\" or \\\"get\\\" or \\\"write\\\" or \\\"out\\\" or \\\"download\\\" or \\\"encoded\\\")\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"Potentially Suspicious Powershell","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"ff5a53b0-ebf7-11e9-befc-81397a291157","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI4MCwxXQ=="} -{"attributes":{"columns":["user.domain","user.name","host.name","destination.domain","destination.ip"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id:3 AND (process.parent.name:\\\"powershell.exe\\\" OR process.name:\\\"powershell.exe\\\" OR winlog.event_data.OriginalFileName:\\\"PowerShell.EXE\\\") AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"srch_uds_powershell_network","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"c97a71f0-8952-11ea-9bd8-f3fed1ec2140","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI4MSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Files title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Files title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Files\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"404f6e60-895e-11ea-9bd8-f3fed1ec2140","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI4MiwxXQ=="} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"file.path.text: \\\"tmp\\\" OR file.path.text:\\\"temp\\\"\",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"exists\",\"key\":\"file.path\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"exists\":{\"field\":\"file.path\"},\"$state\":{\"store\":\"appState\"}}]}"},"sort":[["@timestamp","desc"]],"title":"TEMP & %TEMP%","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"fbbf01c0-e697-11e9-8be5-cd86dcca33f3","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI4MywxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"TEMP & %TEMP%","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Target File\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":30,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hostname\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"TEMP & %TEMP%\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"1a0c4520-e698-11e9-8be5-cd86dcca33f3","managed":false,"references":[{"id":"fbbf01c0-e697-11e9-8be5-cd86dcca33f3","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI4NCwxXQ=="} -{"attributes":{"columns":["@timestamp","user.domain","user.name","host.name","process.executable","winlog.event_data.ProcessId"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id: \\\"9\\\" AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[["@timestamp","desc"]],"title":"Raw Access Events","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"6b97d600-8960-11ea-9bd8-f3fed1ec2140","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI4NSwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Windows Defender Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Windows Defender Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Windows Defender\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"ebbab910-8960-11ea-9bd8-f3fed1ec2140","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI4NiwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"winlog.event_id:(1006 or 1007 or 1008 or 1009 or 1116 or 1117 or 1118 or 1119)\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security - AV Events Count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - AV Events Count\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Windows AV Events\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"4d08ec30-e5c1-11e9-ac01-d5832a8a14d8","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI4NywxXQ=="} -{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"winlog.event_id\",\"value\":\"1,006, 1,007, 1,008, 1,009, 1,116, 1,117, 1,118, 1,119\",\"params\":[\"1006\",\"1007\",\"1008\",\"1009\",\"1116\",\"1117\",\"1118\",\"1119\"],\"negate\":false,\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"winlog.event_id\":\"1006\"}},{\"match_phrase\":{\"winlog.event_id\":\"1007\"}},{\"match_phrase\":{\"winlog.event_id\":\"1008\"}},{\"match_phrase\":{\"winlog.event_id\":\"1009\"}},{\"match_phrase\":{\"winlog.event_id\":\"1116\"}},{\"match_phrase\":{\"winlog.event_id\":\"1117\"}},{\"match_phrase\":{\"winlog.event_id\":\"1118\"}},{\"match_phrase\":{\"winlog.event_id\":\"1119\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"AV Detection event","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"3c3bc850-7bc7-11e9-b45c-ad49d0e60b5a","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI4OCwxXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"AV Hits (Count)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"AV Hits (Count)\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"AV Detection hits\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"45277cd0-7bdf-11e9-b45c-ad49d0e60b5a","managed":false,"references":[{"id":"3c3bc850-7bc7-11e9-b45c-ad49d0e60b5a","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI4OSwxXQ=="} -{"attributes":{"columns":["winlog.event_data.Detection User","host.name","winlog.event_data.Path","winlog.event_data.FWLink"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id: 1116\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[{\"meta\":{\"negate\":false,\"type\":\"phrase\",\"key\":\"event.provider\",\"params\":{\"query\":\"Microsoft-Windows-Windows Defender\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.provider\":{\"query\":\"Microsoft-Windows-Windows Defender\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}]}"},"sort":[["@timestamp","desc"]],"title":"Defender AV Detections","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"854e4470-8966-11ea-9bd8-f3fed1ec2140","managed":false,"references":[{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI5MCwxXQ=="} -{"attributes":{"description":"User Security overview, filtered by Domain / Username or hostname","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"cb956d23-9d5b-4af8-becf-a2d2d108b5f7\"},\"panelIndex\":\"cb956d23-9d5b-4af8-becf-a2d2d108b5f7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_cb956d23-9d5b-4af8-becf-a2d2d108b5f7\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":23,\"h\":7,\"i\":\"d962c0d4-f80a-426c-9a1b-43e2fb6296f2\"},\"panelIndex\":\"d962c0d4-f80a-426c-9a1b-43e2fb6296f2\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Search users\",\"panelRefName\":\"panel_d962c0d4-f80a-426c-9a1b-43e2fb6296f2\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":23,\"y\":3,\"w\":25,\"h\":7,\"i\":\"b5483ec3-77b5-4e4c-b532-32ce796aa1de\"},\"panelIndex\":\"b5483ec3-77b5-4e4c-b532-32ce796aa1de\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Filter hosts\",\"panelRefName\":\"panel_b5483ec3-77b5-4e4c-b532-32ce796aa1de\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":10,\"w\":23,\"h\":7,\"i\":\"669e458b-ac6a-41d1-b3e2-945a0c8571bd\"},\"panelIndex\":\"669e458b-ac6a-41d1-b3e2-945a0c8571bd\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Search hosts\",\"panelRefName\":\"panel_669e458b-ac6a-41d1-b3e2-945a0c8571bd\"},{\"version\":\"8.9.0\",\"type\":\"lens\",\"gridData\":{\"x\":23,\"y\":10,\"w\":25,\"h\":7,\"i\":\"b693e539-d72a-496c-bbaf-31c22eeb78c2\"},\"panelIndex\":\"b693e539-d72a-496c-bbaf-31c22eeb78c2\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"68a051a0-1d7f-11e9-9fc5-a91039822035\",\"name\":\"indexpattern-datasource-layer-d123adeb-fd39-4176-b3c9-69c88d2852d5\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"6f33ff19-9959-4c43-b791-939582a0b3d2\",\"isTransposed\":false},{\"columnId\":\"26752485-2aa5-4908-b400-504d6e7ef451\",\"isTransposed\":false}],\"layerId\":\"d123adeb-fd39-4176-b3c9-69c88d2852d5\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"d123adeb-fd39-4176-b3c9-69c88d2852d5\":{\"columns\":{\"6f33ff19-9959-4c43-b791-939582a0b3d2\":{\"label\":\"Event Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"26752485-2aa5-4908-b400-504d6e7ef451\":{\"label\":\"winlog.event_data.TargetUserName\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.TargetUserName\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6f33ff19-9959-4c43-b791-939582a0b3d2\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"26752485-2aa5-4908-b400-504d6e7ef451\",\"6f33ff19-9959-4c43-b791-939582a0b3d2\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{},\"type\":\"lens\"},\"title\":\"Filter users\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":17,\"w\":48,\"h\":4,\"i\":\"0eb6fcd2-cd91-4c3e-b652-4f06922da3ae\"},\"panelIndex\":\"0eb6fcd2-cd91-4c3e-b652-4f06922da3ae\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0eb6fcd2-cd91-4c3e-b652-4f06922da3ae\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":21,\"w\":9,\"h\":7,\"i\":\"2281ee7a-a6bd-4d4e-8ced-3c594acfdd3f\"},\"panelIndex\":\"2281ee7a-a6bd-4d4e-8ced-3c594acfdd3f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2281ee7a-a6bd-4d4e-8ced-3c594acfdd3f\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":21,\"w\":20,\"h\":14,\"i\":\"13240516-125d-434d-8929-d9a334308aa6\"},\"panelIndex\":\"13240516-125d-434d-8929-d9a334308aa6\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Logon attempts\",\"panelRefName\":\"panel_13240516-125d-434d-8929-d9a334308aa6\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":21,\"w\":19,\"h\":14,\"i\":\"4b488bfa-a881-46c9-933b-ed762dfb6884\"},\"panelIndex\":\"4b488bfa-a881-46c9-933b-ed762dfb6884\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Logged on computers\",\"panelRefName\":\"panel_4b488bfa-a881-46c9-933b-ed762dfb6884\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":28,\"w\":9,\"h\":7,\"i\":\"1d6bc214-21e6-4f94-b4df-94585768f0d1\"},\"panelIndex\":\"1d6bc214-21e6-4f94-b4df-94585768f0d1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1d6bc214-21e6-4f94-b4df-94585768f0d1\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":35,\"w\":48,\"h\":17,\"i\":\"5db1345f-28a0-43fd-9cd2-d51e9349cfad\"},\"panelIndex\":\"5db1345f-28a0-43fd-9cd2-d51e9349cfad\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"User Logon & Logoff Events\",\"panelRefName\":\"panel_5db1345f-28a0-43fd-9cd2-d51e9349cfad\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":52,\"w\":48,\"h\":4,\"i\":\"dc8de60f-b44b-4e88-9f4c-603ebc8be78b\"},\"panelIndex\":\"dc8de60f-b44b-4e88-9f4c-603ebc8be78b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_dc8de60f-b44b-4e88-9f4c-603ebc8be78b\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":56,\"w\":48,\"h\":14,\"i\":\"3b38696a-cc17-47fb-91f4-96884a7262de\"},\"panelIndex\":\"3b38696a-cc17-47fb-91f4-96884a7262de\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"All network connections\",\"panelRefName\":\"panel_3b38696a-cc17-47fb-91f4-96884a7262de\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":70,\"w\":24,\"h\":15,\"i\":\"85d08841-be8d-45e6-8d57-e79d3e63b315\"},\"panelIndex\":\"85d08841-be8d-45e6-8d57-e79d3e63b315\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"title\":\"Network connections from non-browser processes\",\"panelRefName\":\"panel_85d08841-be8d-45e6-8d57-e79d3e63b315\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":70,\"w\":24,\"h\":15,\"i\":\"8053a0e5-33e4-46d0-adcc-5baa505a07e4\"},\"panelIndex\":\"8053a0e5-33e4-46d0-adcc-5baa505a07e4\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Network connection by protocol\",\"panelRefName\":\"panel_8053a0e5-33e4-46d0-adcc-5baa505a07e4\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":85,\"w\":48,\"h\":15,\"i\":\"d6e81b2b-664b-480d-9e79-0146110b5b40\"},\"panelIndex\":\"d6e81b2b-664b-480d-9e79-0146110b5b40\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Unusual network connections from non-browser processes\",\"panelRefName\":\"panel_d6e81b2b-664b-480d-9e79-0146110b5b40\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":100,\"w\":48,\"h\":10,\"i\":\"cf6d87aa-3642-443d-8535-ffc445bb0de8\"},\"panelIndex\":\"cf6d87aa-3642-443d-8535-ffc445bb0de8\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Network Connection Events (Sysmon ID 3)\",\"panelRefName\":\"panel_cf6d87aa-3642-443d-8535-ffc445bb0de8\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":110,\"w\":48,\"h\":4,\"i\":\"e7d0f621-25db-4fc2-b342-de3356d27d22\"},\"panelIndex\":\"e7d0f621-25db-4fc2-b342-de3356d27d22\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e7d0f621-25db-4fc2-b342-de3356d27d22\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":114,\"w\":48,\"h\":14,\"i\":\"8dba12cb-b13b-4885-be71-4f0b80b741a1\"},\"panelIndex\":\"8dba12cb-b13b-4885-be71-4f0b80b741a1\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Spawned Processes\",\"panelRefName\":\"panel_8dba12cb-b13b-4885-be71-4f0b80b741a1\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":128,\"w\":10,\"h\":15,\"i\":\"d91877f5-6b32-4f10-b31c-a7dfc609b37e\"},\"panelIndex\":\"d91877f5-6b32-4f10-b31c-a7dfc609b37e\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell Events\",\"panelRefName\":\"panel_d91877f5-6b32-4f10-b31c-a7dfc609b37e\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":128,\"w\":20,\"h\":15,\"i\":\"57e03c45-07da-4b09-84ad-8f536cbdbb58\"},\"panelIndex\":\"57e03c45-07da-4b09-84ad-8f536cbdbb58\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell events over time\",\"panelRefName\":\"panel_57e03c45-07da-4b09-84ad-8f536cbdbb58\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":128,\"w\":18,\"h\":15,\"i\":\"6286154f-2b14-43a6-a3a5-9e85cf465162\"},\"panelIndex\":\"6286154f-2b14-43a6-a3a5-9e85cf465162\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell events by computer\",\"panelRefName\":\"panel_6286154f-2b14-43a6-a3a5-9e85cf465162\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":143,\"w\":25,\"h\":16,\"i\":\"376ac409-1f80-4cc4-a94f-71431233ffc1\"},\"panelIndex\":\"376ac409-1f80-4cc4-a94f-71431233ffc1\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Potentially suspicious powershell\",\"panelRefName\":\"panel_376ac409-1f80-4cc4-a94f-71431233ffc1\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":25,\"y\":143,\"w\":23,\"h\":16,\"i\":\"570dff9d-ac96-4d3b-a4f3-a81e09fce159\"},\"panelIndex\":\"570dff9d-ac96-4d3b-a4f3-a81e09fce159\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell network connections\",\"panelRefName\":\"panel_570dff9d-ac96-4d3b-a4f3-a81e09fce159\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":159,\"w\":48,\"h\":4,\"i\":\"fb24e6b0-f665-4798-8540-31d38b4b78cb\"},\"panelIndex\":\"fb24e6b0-f665-4798-8540-31d38b4b78cb\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_fb24e6b0-f665-4798-8540-31d38b4b78cb\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":163,\"w\":24,\"h\":15,\"i\":\"f0f11bc0-5607-4a3b-b4a4-4d8500c62c0a\"},\"panelIndex\":\"f0f11bc0-5607-4a3b-b4a4-4d8500c62c0a\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"References to temporary files\",\"panelRefName\":\"panel_f0f11bc0-5607-4a3b-b4a4-4d8500c62c0a\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":24,\"y\":163,\"w\":24,\"h\":15,\"i\":\"5b06e280-9804-408b-b8c5-c75f21bb7d00\"},\"panelIndex\":\"5b06e280-9804-408b-b8c5-c75f21bb7d00\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"RawAccessRead (Sysmon Event 9)\",\"panelRefName\":\"panel_5b06e280-9804-408b-b8c5-c75f21bb7d00\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":178,\"w\":48,\"h\":4,\"i\":\"05382728-1306-4e59-b08e-d899afdf22b3\"},\"panelIndex\":\"05382728-1306-4e59-b08e-d899afdf22b3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_05382728-1306-4e59-b08e-d899afdf22b3\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":182,\"w\":12,\"h\":14,\"i\":\"ba231616-e45f-4299-87a6-56f785c53354\"},\"panelIndex\":\"ba231616-e45f-4299-87a6-56f785c53354\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Defender event count\",\"panelRefName\":\"panel_ba231616-e45f-4299-87a6-56f785c53354\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":182,\"w\":12,\"h\":14,\"i\":\"9d149e7a-8cd7-4a4e-bbed-e4d2ca6e2931\"},\"panelIndex\":\"9d149e7a-8cd7-4a4e-bbed-e4d2ca6e2931\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9d149e7a-8cd7-4a4e-bbed-e4d2ca6e2931\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":24,\"y\":182,\"w\":24,\"h\":14,\"i\":\"af3a8a33-8efa-422f-b024-f2c4a158586f\"},\"panelIndex\":\"af3a8a33-8efa-422f-b024-f2c4a158586f\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"AV Detections (Event 1116)\",\"panelRefName\":\"panel_af3a8a33-8efa-422f-b024-f2c4a158586f\"}]","timeRestore":false,"title":"User Security","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-08-13T11:59:17.815Z","id":"e5f203f0-6182-11ee-b035-d5f231e90733","managed":false,"references":[{"id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","name":"cb956d23-9d5b-4af8-becf-a2d2d108b5f7:panel_cb956d23-9d5b-4af8-becf-a2d2d108b5f7","type":"visualization"},{"id":"a64ec020-84b4-11ea-b7fb-01bea49d9239","name":"d962c0d4-f80a-426c-9a1b-43e2fb6296f2:panel_d962c0d4-f80a-426c-9a1b-43e2fb6296f2","type":"visualization"},{"id":"8b7ff050-8ed4-11ea-904c-391ecaa2f2f4","name":"b5483ec3-77b5-4e4c-b532-32ce796aa1de:panel_b5483ec3-77b5-4e4c-b532-32ce796aa1de","type":"visualization"},{"id":"53b65290-8ed4-11ea-904c-391ecaa2f2f4","name":"669e458b-ac6a-41d1-b3e2-945a0c8571bd:panel_669e458b-ac6a-41d1-b3e2-945a0c8571bd","type":"visualization"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"b693e539-d72a-496c-bbaf-31c22eeb78c2:indexpattern-datasource-layer-d123adeb-fd39-4176-b3c9-69c88d2852d5","type":"index-pattern"},{"id":"d58b0380-8540-11ea-b6c5-5d9149593ce4","name":"0eb6fcd2-cd91-4c3e-b652-4f06922da3ae:panel_0eb6fcd2-cd91-4c3e-b652-4f06922da3ae","type":"visualization"},{"id":"22170f50-853c-11ea-b6c5-5d9149593ce4","name":"2281ee7a-a6bd-4d4e-8ced-3c594acfdd3f:panel_2281ee7a-a6bd-4d4e-8ced-3c594acfdd3f","type":"visualization"},{"id":"c0c8b560-84a9-11ea-b7fb-01bea49d9239","name":"13240516-125d-434d-8929-d9a334308aa6:panel_13240516-125d-434d-8929-d9a334308aa6","type":"visualization"},{"id":"489f7350-853d-11ea-b6c5-5d9149593ce4","name":"4b488bfa-a881-46c9-933b-ed762dfb6884:panel_4b488bfa-a881-46c9-933b-ed762dfb6884","type":"visualization"},{"id":"a179afa0-853c-11ea-b6c5-5d9149593ce4","name":"1d6bc214-21e6-4f94-b4df-94585768f0d1:panel_1d6bc214-21e6-4f94-b4df-94585768f0d1","type":"visualization"},{"id":"2325be20-8616-11ea-a720-c7a0431f179d","name":"5db1345f-28a0-43fd-9cd2-d51e9349cfad:panel_5db1345f-28a0-43fd-9cd2-d51e9349cfad","type":"search"},{"id":"a1229110-860f-11ea-a720-c7a0431f179d","name":"dc8de60f-b44b-4e88-9f4c-603ebc8be78b:panel_dc8de60f-b44b-4e88-9f4c-603ebc8be78b","type":"visualization"},{"id":"ec7ad2d0-8641-11ea-907a-33d103156187","name":"3b38696a-cc17-47fb-91f4-96884a7262de:panel_3b38696a-cc17-47fb-91f4-96884a7262de","type":"visualization"},{"id":"31a7d490-e677-11e9-8be5-cd86dcca33f3","name":"85d08841-be8d-45e6-8d57-e79d3e63b315:panel_85d08841-be8d-45e6-8d57-e79d3e63b315","type":"visualization"},{"id":"3fb9dfd0-8887-11ea-99ef-bd4d29afe41e","name":"8053a0e5-33e4-46d0-adcc-5baa505a07e4:panel_8053a0e5-33e4-46d0-adcc-5baa505a07e4","type":"visualization"},{"id":"245778d0-8641-11ea-907a-33d103156187","name":"d6e81b2b-664b-480d-9e79-0146110b5b40:panel_d6e81b2b-664b-480d-9e79-0146110b5b40","type":"visualization"},{"id":"027102a0-e69f-11e9-8be5-cd86dcca33f3","name":"cf6d87aa-3642-443d-8535-ffc445bb0de8:panel_cf6d87aa-3642-443d-8535-ffc445bb0de8","type":"search"},{"id":"813d18f0-8869-11ea-99ef-bd4d29afe41e","name":"e7d0f621-25db-4fc2-b342-de3356d27d22:panel_e7d0f621-25db-4fc2-b342-de3356d27d22","type":"visualization"},{"id":"ca56a030-8899-11ea-99ef-bd4d29afe41e","name":"8dba12cb-b13b-4885-be71-4f0b80b741a1:panel_8dba12cb-b13b-4885-be71-4f0b80b741a1","type":"search"},{"id":"60553d40-ec18-11e9-befc-81397a291157","name":"d91877f5-6b32-4f10-b31c-a7dfc609b37e:panel_d91877f5-6b32-4f10-b31c-a7dfc609b37e","type":"visualization"},{"id":"bc2e06f0-8930-11ea-9bd8-f3fed1ec2140","name":"57e03c45-07da-4b09-84ad-8f536cbdbb58:panel_57e03c45-07da-4b09-84ad-8f536cbdbb58","type":"visualization"},{"id":"2b71e9f0-8931-11ea-9bd8-f3fed1ec2140","name":"6286154f-2b14-43a6-a3a5-9e85cf465162:panel_6286154f-2b14-43a6-a3a5-9e85cf465162","type":"visualization"},{"id":"ff5a53b0-ebf7-11e9-befc-81397a291157","name":"376ac409-1f80-4cc4-a94f-71431233ffc1:panel_376ac409-1f80-4cc4-a94f-71431233ffc1","type":"search"},{"id":"c97a71f0-8952-11ea-9bd8-f3fed1ec2140","name":"570dff9d-ac96-4d3b-a4f3-a81e09fce159:panel_570dff9d-ac96-4d3b-a4f3-a81e09fce159","type":"search"},{"id":"404f6e60-895e-11ea-9bd8-f3fed1ec2140","name":"fb24e6b0-f665-4798-8540-31d38b4b78cb:panel_fb24e6b0-f665-4798-8540-31d38b4b78cb","type":"visualization"},{"id":"1a0c4520-e698-11e9-8be5-cd86dcca33f3","name":"f0f11bc0-5607-4a3b-b4a4-4d8500c62c0a:panel_f0f11bc0-5607-4a3b-b4a4-4d8500c62c0a","type":"visualization"},{"id":"6b97d600-8960-11ea-9bd8-f3fed1ec2140","name":"5b06e280-9804-408b-b8c5-c75f21bb7d00:panel_5b06e280-9804-408b-b8c5-c75f21bb7d00","type":"search"},{"id":"ebbab910-8960-11ea-9bd8-f3fed1ec2140","name":"05382728-1306-4e59-b08e-d899afdf22b3:panel_05382728-1306-4e59-b08e-d899afdf22b3","type":"visualization"},{"id":"4d08ec30-e5c1-11e9-ac01-d5832a8a14d8","name":"ba231616-e45f-4299-87a6-56f785c53354:panel_ba231616-e45f-4299-87a6-56f785c53354","type":"visualization"},{"id":"45277cd0-7bdf-11e9-b45c-ad49d0e60b5a","name":"9d149e7a-8cd7-4a4e-bbed-e4d2ca6e2931:panel_9d149e7a-8cd7-4a4e-bbed-e4d2ca6e2931","type":"visualization"},{"id":"854e4470-8966-11ea-9bd8-f3fed1ec2140","name":"af3a8a33-8efa-422f-b024-f2c4a158586f:panel_af3a8a33-8efa-422f-b024-f2c4a158586f","type":"search"}],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-08-13T11:59:17.815Z","version":"WzI5MSwxXQ=="} -{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":38,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file diff --git a/dashboard_refactor/refactored/Alerting Dashboard 2.0.ndjson b/dashboard_refactor/refactored/Alerting Dashboard 2.0.ndjson deleted file mode 100644 index 58f3d83a..00000000 --- a/dashboard_refactor/refactored/Alerting Dashboard 2.0.ndjson +++ /dev/null @@ -1,22 +0,0 @@ -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n| [ Credential Access logs](#/dashboard/403259b0-42ff-11ef-ad69-a315bc8e9abb)\\n| [ Privilege Access logs](#/dashboard/ff4536e0-439c-11ef-bb7f-8131442929d4)\\n| [ Policy Changes & System Activity](#/dashboard/b9590350-4ad6-11ef-b548-fb0fe2537bf7)\\n| [ Identity access Management](#/dashboard/99145260-4618-11ef-af9e-99159f20f35b)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T15:11:26.658Z","id":"5eea1399-b3f9-4413-9790-7bd5f75ed5f1","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-23T15:11:26.658Z","version":"WzI0ODgsMV0="} -{"attributes":{"allowHidden":false,"allowNoIndex":true,"fieldAttrs":"{}","fieldFormatMap":"{}","fields":"[]","name":"logs-*","runtimeFieldMap":"{}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-*"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T15:11:26.658Z","id":"c25323e4-7499-4278-b64f-842597921b1e","managed":true,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-23T15:11:26.658Z","version":"WzI0ODksMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Alerting - Tags Controls","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Alerting - Tags Controls\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1588260438304\",\"fieldName\":\"\",\"parent\":\"\",\"label\":\"Tags\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T15:11:26.658Z","id":"52e59d99-4f20-4784-8bcc-00eee6b867f5","managed":false,"references":[{"id":"c25323e4-7499-4278-b64f-842597921b1e","name":"control_0_index_pattern","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-23T15:11:26.658Z","version":"WzI0OTAsMV0="} -{"attributes":{"fieldAttrs":"{}","fieldFormatMap":"{\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable.text\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name.text\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","runtimeFieldMap":"{\"Column1\":{\"type\":\"keyword\",\"script\":{\"source\":\"if(doc['signal.status'].size() != 0) { if(doc['signal.status'].value.equals(\\\"open\\\")) { if(doc['event.code'].size() != 0) { if(doc['event.code'].value.equals(Integer.toString(1))) { if (doc['process.pid'].size() != 0) { emit (doc['process.pid'].value.toString()) } } else if(doc['event.code'].value.equals(Integer.toString(3))) { if (doc['destination.address'].size() != 0) { emit (doc['destination.address'].value.toString()) } } } emit (\\\"No Data\\\") } } emit (\\\"Signal Closed\\\")\"}},\"Column2\":{\"type\":\"keyword\",\"script\":{\"source\":\"if(doc['signal.status'].size() != 0) { if(doc['signal.status'].value.equals(\\\"open\\\")) { if(doc['event.code'].size() != 0) { if(doc['event.code'].value.equals(Integer.toString(1))) { def args = \\\"\\\"; if (doc['process.args'].size() != 0) { for(int i=0; i winlog.computer_name:(\\\\S+) > .*\\\").title(\\\"Sysmon events by computer\\\").legend(position=nw).yaxis(label=\\\"Number of events\\\")\",\"interval\":\"auto\"},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-21T22:21:37.974Z","id":"c1138577-9732-431b-8584-fbf5a7e333cf","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-21T22:21:37.974Z","version":"WzE1NDksMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n| [ Credential Access logs](#/dashboard/403259b0-42ff-11ef-ad69-a315bc8e9abb)\\n| [ Privilege Access logs](#/dashboard/ff4536e0-439c-11ef-bb7f-8131442929d4)\\n| [ Policy Changes & System Activity](#/dashboard/b9590350-4ad6-11ef-b548-fb0fe2537bf7)\\n| [ Identity access Management](#/dashboard/99145260-4618-11ef-af9e-99159f20f35b)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-21T22:21:37.974Z","id":"21ac13ec-ac49-42f0-94ab-1075ca23e3e5","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-21T22:21:37.974Z","version":"WzE1NTAsMV0="} -{"attributes":{"description":"Summarizes collected Sysmon event data","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":24,\"h\":13,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Total number of Sysmon events found\",\"panelRefName\":\"panel_2\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":3,\"w\":24,\"h\":13,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{},\"vis\":{\"legendOpen\":true}},\"title\":\"Percentage of Sysmon events by event code\",\"panelRefName\":\"panel_3\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":16,\"w\":24,\"h\":18,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Count of Sysmon events by event code\",\"panelRefName\":\"panel_4\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":16,\"w\":24,\"h\":18,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}}},\"enhancements\":{}},\"title\":\"Top 10 hosts generating the most Sysmon data\",\"panelRefName\":\"panel_5\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":34,\"w\":48,\"h\":21,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Sysmon event code reference\",\"panelRefName\":\"panel_7\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":55,\"w\":48,\"h\":15,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Sysmon events\",\"panelRefName\":\"panel_8\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"76bd58e2-b637-4a48-ae79-4ca8abeab308\"},\"panelIndex\":\"76bd58e2-b637-4a48-ae79-4ca8abeab308\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_76bd58e2-b637-4a48-ae79-4ca8abeab308\"}]","timeRestore":false,"title":"Sysmon Summary","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-21T22:21:37.974Z","id":"newdashboard","managed":false,"references":[{"id":"b7fe57cb-6119-4ba8-b169-63cdf51d8d31","name":"2:panel_2","type":"visualization"},{"id":"7c60b9ca-af8f-4563-8719-099c16c0020a","name":"3:panel_3","type":"visualization"},{"id":"875432d0-510b-4d4c-a77d-563e1bd70a62","name":"4:panel_4","type":"visualization"},{"id":"34250ab9-39e2-4601-8aa5-3d047b43c632","name":"5:panel_5","type":"visualization"},{"id":"2f1ca8e2-75c0-4f84-b0f1-192d2bff49c0","name":"7:panel_7","type":"visualization"},{"id":"c1138577-9732-431b-8584-fbf5a7e333cf","name":"8:panel_8","type":"visualization"},{"id":"21ac13ec-ac49-42f0-94ab-1075ca23e3e5","name":"76bd58e2-b637-4a48-ae79-4ca8abeab308:panel_76bd58e2-b637-4a48-ae79-4ca8abeab308","type":"visualization"}],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-10-21T22:21:37.974Z","version":"WzE1NTEsMV0="} -{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":10,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file diff --git a/dashboard_refactor/refactored/User HR 2.0.ndjson b/dashboard_refactor/refactored/User HR 2.0.ndjson deleted file mode 100644 index 1da0f9c7..00000000 --- a/dashboard_refactor/refactored/User HR 2.0.ndjson +++ /dev/null @@ -1,14 +0,0 @@ -{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":10},\"source.ip\":{\"count\":3},\"source.port\":{\"count\":3},\"winlog.event_data.IpAddress\":{\"count\":6},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":5},\"winlog.event_data.TargetDomainName\":{\"count\":9},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.event_data.ProcessID\":{\"count\":1},\"process.executable\":{\"count\":2},\"destination.ip\":{\"count\":1},\"destination.port\":{\"count\":1},\"network.transport\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.DestinationIp\":{\"count\":5},\"winlog.event_data.DestinationPort\":{\"count\":1},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.SourceIp\":{\"count\":3},\"winlog.event_data.SourcePort\":{\"count\":3},\"winlog.event_data.SourcePortName\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":1},\"winlog.event_data.SubjectUserName\":{\"count\":2},\"winlog.event_data.TargetUser\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"logs-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-24T14:22:55.477Z","id":"72f39161-3f69-49a4-b39a-b0168b88856a","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-24T14:22:55.477Z","version":"WzMyMiwyXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n| [ Credential Access logs](#/dashboard/403259b0-42ff-11ef-ad69-a315bc8e9abb)\\n| [ Privilege Access logs](#/dashboard/ff4536e0-439c-11ef-bb7f-8131442929d4)\\n| [ Policy Changes & System Activity](#/dashboard/b9590350-4ad6-11ef-b548-fb0fe2537bf7)\\n| [ Identity access Management](#/dashboard/99145260-4618-11ef-af9e-99159f20f35b)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-24T14:22:55.477Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-24T14:22:55.477Z","version":"WzMyMSwyXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}"},"title":"Security - Select User","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Select User\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1587572089136\",\"label\":\"Domain(s)\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\",\"fieldName\":\"\",\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1587713561601\",\"fieldName\":\"user.name\",\"parent\":\"\",\"label\":\"Username(s)\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-24T14:22:55.477Z","id":"a64ec020-84b4-11ea-b7fb-01bea49d9239","managed":false,"references":[{"id":"72f39161-3f69-49a4-b39a-b0168b88856a","name":"control_0_index_pattern","type":"index-pattern"},{"id":"72f39161-3f69-49a4-b39a-b0168b88856a","name":"control_1_index_pattern","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-24T18:06:06.245Z","version":"WzQ4MSwyXQ=="} -{"attributes":{"allowHidden":false,"allowNoIndex":true,"fieldAttrs":"{}","fieldFormatMap":"{}","fields":"[]","name":"logs-*","runtimeFieldMap":"{}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-*"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-24T14:22:55.477Z","id":"252e4f32-a2c6-483d-a289-5d658410df17","managed":true,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-24T14:22:55.477Z","version":"WzMyNCwyXQ=="} -{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":10},\"source.ip\":{\"count\":3},\"source.port\":{\"count\":3},\"winlog.event_data.IpAddress\":{\"count\":6},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":5},\"winlog.event_data.TargetDomainName\":{\"count\":9},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.event_data.ProcessID\":{\"count\":1},\"process.executable\":{\"count\":2},\"destination.ip\":{\"count\":1},\"destination.port\":{\"count\":1},\"network.transport\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.DestinationIp\":{\"count\":5},\"winlog.event_data.DestinationPort\":{\"count\":1},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.SourceIp\":{\"count\":3},\"winlog.event_data.SourcePort\":{\"count\":3},\"winlog.event_data.SourcePortName\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":1},\"winlog.event_data.SubjectUserName\":{\"count\":2},\"winlog.event_data.TargetUser\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"logs-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-24T14:22:55.477Z","id":"e3f24157-721c-4741-ac8f-8be48c22d612","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-24T14:22:55.477Z","version":"WzMyNSwyXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"HR - User activity title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HR - User activity title\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"## All user activity\"},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-24T14:22:55.477Z","id":"eafe31b0-8a22-11ea-9ff6-ed89e356f0e4","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-24T14:22:55.477Z","version":"WzMyNiwyXQ=="} -{"attributes":{"allowHidden":false,"allowNoIndex":true,"fieldAttrs":"{}","fieldFormatMap":"{}","fields":"[]","name":"logs-*","runtimeFieldMap":"{}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-*"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-24T14:22:55.477Z","id":"logs-*","managed":true,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-24T14:22:55.477Z","version":"WzMyNywyXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"HR - Logon title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HR - Logon title\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"## Logon / Logoff events\"},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-24T14:22:55.477Z","id":"20387200-8a23-11ea-9ff6-ed89e356f0e4","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-24T14:22:55.477Z","version":"WzMyOCwyXQ=="} -{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":10},\"source.ip\":{\"count\":3},\"source.port\":{\"count\":3},\"winlog.event_data.IpAddress\":{\"count\":6},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":5},\"winlog.event_data.TargetDomainName\":{\"count\":9},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.event_data.ProcessID\":{\"count\":1},\"process.executable\":{\"count\":2},\"destination.ip\":{\"count\":1},\"destination.port\":{\"count\":1},\"network.transport\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.DestinationIp\":{\"count\":5},\"winlog.event_data.DestinationPort\":{\"count\":1},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.SourceIp\":{\"count\":3},\"winlog.event_data.SourcePort\":{\"count\":3},\"winlog.event_data.SourcePortName\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":1},\"winlog.event_data.SubjectUserName\":{\"count\":2},\"winlog.event_data.TargetUser\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"winlogbeat-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"winlogbeat-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-24T14:22:55.477Z","id":"68a051a0-1d7f-11e9-9fc5-a91039822035","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-24T14:22:55.477Z","version":"WzMyOSwyXQ=="} -{"attributes":{"columns":["winlog.event_data.SubjectDomainName","winlog.event_data.TargetUserName","host.name","winlog.event_data.TargetLogonId"],"description":"","grid":{"columns":{"user.name":{"width":193},"winlog.event_data.SubjectDomainName":{"width":193}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code:\\\"4624\\\" and not user.name:*$\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"winlog.event_data.LogonType\",\"value\":[\"2\",\"10\",\"11\",\"7\"],\"params\":[\"2\",\"10\",\"11\",\"7\"],\"alias\":null,\"negate\":false,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"winlog.event_data.LogonType\":\"2\"}},{\"match_phrase\":{\"winlog.event_data.LogonType\":\"10\"}},{\"match_phrase\":{\"winlog.event_data.LogonType\":\"11\"}},{\"match_phrase\":{\"winlog.event_data.LogonType\":\"7\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Interactive Logon search","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-24T14:22:55.477Z","id":"2fa5fa00-8a1e-11ea-9ff6-ed89e356f0e4","managed":false,"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-24T14:22:55.477Z","version":"WzMzMCwyXQ=="} -{"attributes":{"columns":[],"description":"","grid":{"columns":{"winlog.event_data.TargetDomainName":{"width":241},"winlog.event_data.TargetUserName":{"width":241}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(event.code:\\\"4634\\\" OR event.code:\\\"4647\\\" ) and not user.name:*$\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Logoff events","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-24T14:22:55.477Z","id":"e02eb1f0-8a1e-11ea-9ff6-ed89e356f0e4","managed":false,"references":[{"id":"logs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"68a051a0-1d7f-11e9-9fc5-a91039822035","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-24T14:22:55.477Z","version":"WzMzMSwyXQ=="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"HR - Interactive v Remote pie","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HR - Interactive v Remote pie\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{},\"params\":{},\"label\":\"filters\",\"aggType\":\"filters\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"filters\",\"schema\":\"segment\",\"params\":{\"filters\":[{\"input\":{\"query\":\"winlog.event_data.LogonType:2\",\"language\":\"lucene\"},\"label\":\"Interactive\"},{\"input\":{\"query\":\"winlog.event_data.LogonType:10\",\"language\":\"lucene\"},\"label\":\"RemoteInteractive\"}]}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-24T14:22:55.477Z","id":"b4cccab0-8a23-11ea-9ff6-ed89e356f0e4","managed":false,"references":[{"id":"2fa5fa00-8a1e-11ea-9ff6-ed89e356f0e4","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-24T14:22:55.477Z","version":"WzMzMiwyXQ=="} -{"attributes":{"description":"Overview of user activity for Human Resources\n","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[{\"meta\":{\"key\":\"user.name\",\"controlledBy\":\"1587713561601\",\"type\":\"phrase\",\"params\":{\"query\":\"lme-user\"},\"disabled\":false,\"negate\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"user.name\":\"lme-user\"}},\"$state\":{\"store\":\"appState\"}}]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"a6335da9-2093-46ac-bd39-f1c5e5fe8825\"},\"panelIndex\":\"a6335da9-2093-46ac-bd39-f1c5e5fe8825\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a6335da9-2093-46ac-bd39-f1c5e5fe8825\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":16,\"h\":12,\"i\":\"ab726ae4-6c98-4f26-8cd3-07bf2808b704\"},\"panelIndex\":\"ab726ae4-6c98-4f26-8cd3-07bf2808b704\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Select domain(s) and username(s)\",\"panelRefName\":\"panel_ab726ae4-6c98-4f26-8cd3-07bf2808b704\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":3,\"w\":15,\"h\":12,\"i\":\"c8d3e871-1f5d-40bd-a0f9-5441a58cad32\"},\"panelIndex\":\"c8d3e871-1f5d-40bd-a0f9-5441a58cad32\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"252e4f32-a2c6-483d-a289-5d658410df17\",\"name\":\"indexpattern-datasource-layer-23f1f6ab-b8b6-47e2-a508-4b3f368cb093\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"23f1f6ab-b8b6-47e2-a508-4b3f368cb093\",\"accessors\":[\"5a238afa-9ffa-4568-8a43-6167c0a76b67\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"cd51b883-1c2b-42c5-95e4-d1ef8aa38fc7\",\"splitAccessor\":\"fc23a029-309e-40a7-aeca-309fd8423ced\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"23f1f6ab-b8b6-47e2-a508-4b3f368cb093\":{\"columns\":{\"cd51b883-1c2b-42c5-95e4-d1ef8aa38fc7\":{\"label\":\"Top 5 values of winlog.event_data.SubjectDomainName\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.SubjectDomainName\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5a238afa-9ffa-4568-8a43-6167c0a76b67\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"fc23a029-309e-40a7-aeca-309fd8423ced\":{\"label\":\"Top 3 values of winlog.event_data.TargetUserName\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"winlog.event_data.TargetUserName\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5a238afa-9ffa-4568-8a43-6167c0a76b67\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"5a238afa-9ffa-4568-8a43-6167c0a76b67\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"cd51b883-1c2b-42c5-95e4-d1ef8aa38fc7\",\"fc23a029-309e-40a7-aeca-309fd8423ced\",\"5a238afa-9ffa-4568-8a43-6167c0a76b67\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Filter Users\"},{\"type\":\"lens\",\"gridData\":{\"x\":31,\"y\":3,\"w\":17,\"h\":12,\"i\":\"69771c75-8536-49b2-a835-c134ada8cd8d\"},\"panelIndex\":\"69771c75-8536-49b2-a835-c134ada8cd8d\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"e3f24157-721c-4741-ac8f-8be48c22d612\",\"name\":\"indexpattern-datasource-layer-f67bbe9f-ae2f-4601-8fec-3a935e9f9ff2\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar\",\"layers\":[{\"layerId\":\"f67bbe9f-ae2f-4601-8fec-3a935e9f9ff2\",\"accessors\":[\"5d3a9e33-d23b-4f5d-b02c-260e5016d278\"],\"position\":\"top\",\"seriesType\":\"bar\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"22b4e313-2858-411e-a90b-911198fa34fe\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f67bbe9f-ae2f-4601-8fec-3a935e9f9ff2\":{\"columns\":{\"22b4e313-2858-411e-a90b-911198fa34fe\":{\"label\":\"Top 5 values of winlog.computer_name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"winlog.computer_name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5d3a9e33-d23b-4f5d-b02c-260e5016d278\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"5d3a9e33-d23b-4f5d-b02c-260e5016d278\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"22b4e313-2858-411e-a90b-911198fa34fe\",\"5d3a9e33-d23b-4f5d-b02c-260e5016d278\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Filter Computers\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":15,\"w\":48,\"h\":4,\"i\":\"f2f654b0-42ef-403c-bee2-7e26499f809a\"},\"panelIndex\":\"f2f654b0-42ef-403c-bee2-7e26499f809a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f2f654b0-42ef-403c-bee2-7e26499f809a\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":19,\"w\":24,\"h\":15,\"i\":\"4b306ffa-7af9-461d-b7aa-966f67b4ed57\"},\"panelIndex\":\"4b306ffa-7af9-461d-b7aa-966f67b4ed57\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-6bfbd839-8497-464d-a473-26c01d5ba342\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"6bfbd839-8497-464d-a473-26c01d5ba342\",\"accessors\":[\"959a5347-48f5-488a-96c4-381f5a7474d4\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"ded5443c-8b2d-4ea7-b640-b3a6a2212559\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"6bfbd839-8497-464d-a473-26c01d5ba342\":{\"columns\":{\"ded5443c-8b2d-4ea7-b640-b3a6a2212559\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"959a5347-48f5-488a-96c4-381f5a7474d4\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}}}}},\"columnOrder\":[\"ded5443c-8b2d-4ea7-b640-b3a6a2212559\",\"959a5347-48f5-488a-96c4-381f5a7474d4\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"logs-*\"}},\"currentIndexPatternId\":\"logs-*\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"All User Events by Day of Week, Hour of Day\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":19,\"w\":24,\"h\":15,\"i\":\"e40e6077-f799-4c66-9bf8-1664121d8069\"},\"panelIndex\":\"e40e6077-f799-4c66-9bf8-1664121d8069\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"logs-*\",\"name\":\"indexpattern-datasource-layer-f46d1729-4bd5-4219-9973-01913c208fef\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"f46d1729-4bd5-4219-9973-01913c208fef\",\"accessors\":[\"800c3857-3c9c-4fc5-a403-3fcbede05599\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"1e026cf2-cc40-41b2-a12f-c75d0058eac7\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f46d1729-4bd5-4219-9973-01913c208fef\":{\"columns\":{\"1e026cf2-cc40-41b2-a12f-c75d0058eac7\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"800c3857-3c9c-4fc5-a403-3fcbede05599\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"1e026cf2-cc40-41b2-a12f-c75d0058eac7\",\"800c3857-3c9c-4fc5-a403-3fcbede05599\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"logs-*\"}},\"currentIndexPatternId\":\"logs-*\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Timestamps by Count\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":34,\"w\":48,\"h\":4,\"i\":\"8fc3d2d7-94e5-468d-9fa1-6ee2901ceb2e\"},\"panelIndex\":\"8fc3d2d7-94e5-468d-9fa1-6ee2901ceb2e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8fc3d2d7-94e5-468d-9fa1-6ee2901ceb2e\"},{\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":38,\"w\":24,\"h\":15,\"i\":\"755f30aa-d6ad-46d9-b2c3-7425c02ed03e\"},\"panelIndex\":\"755f30aa-d6ad-46d9-b2c3-7425c02ed03e\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"User logon events (filter by LogonId)\",\"panelRefName\":\"panel_755f30aa-d6ad-46d9-b2c3-7425c02ed03e\"},{\"type\":\"search\",\"gridData\":{\"x\":24,\"y\":38,\"w\":24,\"h\":15,\"i\":\"bb42b25e-f934-485b-854c-440cc1b3ebee\"},\"panelIndex\":\"bb42b25e-f934-485b-854c-440cc1b3ebee\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"User logoff events (correlate to logon events)\",\"panelRefName\":\"panel_bb42b25e-f934-485b-854c-440cc1b3ebee\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":53,\"w\":24,\"h\":15,\"i\":\"9cdb2eb7-3c55-4e81-ba4b-9b4f1b31c59f\"},\"panelIndex\":\"9cdb2eb7-3c55-4e81-ba4b-9b4f1b31c59f\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"In person vs Remote logons\",\"panelRefName\":\"panel_9cdb2eb7-3c55-4e81-ba4b-9b4f1b31c59f\"}]","timeRestore":false,"title":"User HR 2.0","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-24T18:06:50.721Z","id":"ff0170e5-e0ef-4ca1-8188-c7bb9d736898","managed":false,"references":[{"id":"72f39161-3f69-49a4-b39a-b0168b88856a","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","name":"a6335da9-2093-46ac-bd39-f1c5e5fe8825:panel_a6335da9-2093-46ac-bd39-f1c5e5fe8825","type":"visualization"},{"id":"a64ec020-84b4-11ea-b7fb-01bea49d9239","name":"ab726ae4-6c98-4f26-8cd3-07bf2808b704:panel_ab726ae4-6c98-4f26-8cd3-07bf2808b704","type":"visualization"},{"id":"252e4f32-a2c6-483d-a289-5d658410df17","name":"c8d3e871-1f5d-40bd-a0f9-5441a58cad32:indexpattern-datasource-layer-23f1f6ab-b8b6-47e2-a508-4b3f368cb093","type":"index-pattern"},{"id":"e3f24157-721c-4741-ac8f-8be48c22d612","name":"69771c75-8536-49b2-a835-c134ada8cd8d:indexpattern-datasource-layer-f67bbe9f-ae2f-4601-8fec-3a935e9f9ff2","type":"index-pattern"},{"id":"eafe31b0-8a22-11ea-9ff6-ed89e356f0e4","name":"f2f654b0-42ef-403c-bee2-7e26499f809a:panel_f2f654b0-42ef-403c-bee2-7e26499f809a","type":"visualization"},{"id":"logs-*","name":"4b306ffa-7af9-461d-b7aa-966f67b4ed57:indexpattern-datasource-layer-6bfbd839-8497-464d-a473-26c01d5ba342","type":"index-pattern"},{"id":"logs-*","name":"e40e6077-f799-4c66-9bf8-1664121d8069:indexpattern-datasource-layer-f46d1729-4bd5-4219-9973-01913c208fef","type":"index-pattern"},{"id":"20387200-8a23-11ea-9ff6-ed89e356f0e4","name":"8fc3d2d7-94e5-468d-9fa1-6ee2901ceb2e:panel_8fc3d2d7-94e5-468d-9fa1-6ee2901ceb2e","type":"visualization"},{"id":"2fa5fa00-8a1e-11ea-9ff6-ed89e356f0e4","name":"755f30aa-d6ad-46d9-b2c3-7425c02ed03e:panel_755f30aa-d6ad-46d9-b2c3-7425c02ed03e","type":"search"},{"id":"e02eb1f0-8a1e-11ea-9ff6-ed89e356f0e4","name":"bb42b25e-f934-485b-854c-440cc1b3ebee:panel_bb42b25e-f934-485b-854c-440cc1b3ebee","type":"search"},{"id":"b4cccab0-8a23-11ea-9ff6-ed89e356f0e4","name":"9cdb2eb7-3c55-4e81-ba4b-9b4f1b31c59f:panel_9cdb2eb7-3c55-4e81-ba4b-9b4f1b31c59f","type":"visualization"}],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-10-24T18:06:50.721Z","version":"WzQ4NywyXQ=="} -{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":13,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file diff --git a/dashboard_refactor/refactored/User Security 2.0.ndjson b/dashboard_refactor/refactored/User Security 2.0.ndjson deleted file mode 100644 index ce1e6e72..00000000 --- a/dashboard_refactor/refactored/User Security 2.0.ndjson +++ /dev/null @@ -1,43 +0,0 @@ -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n| [ Credential Access logs](#/dashboard/403259b0-42ff-11ef-ad69-a315bc8e9abb)\\n| [ Privilege Access logs](#/dashboard/ff4536e0-439c-11ef-bb7f-8131442929d4)\\n| [ Policy Changes & System Activity](#/dashboard/b9590350-4ad6-11ef-b548-fb0fe2537bf7)\\n| [ Identity access Management](#/dashboard/99145260-4618-11ef-af9e-99159f20f35b)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"dec45d9f-11a2-4e39-ae58-4fc7885ce7dd","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMDksMV0="} -{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":10},\"source.ip\":{\"count\":3},\"source.port\":{\"count\":3},\"winlog.event_data.IpAddress\":{\"count\":6},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":5},\"winlog.event_data.TargetDomainName\":{\"count\":9},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.event_data.ProcessID\":{\"count\":1},\"process.executable\":{\"count\":2},\"destination.ip\":{\"count\":1},\"destination.port\":{\"count\":1},\"network.transport\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.DestinationIp\":{\"count\":5},\"winlog.event_data.DestinationPort\":{\"count\":1},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.SourceIp\":{\"count\":3},\"winlog.event_data.SourcePort\":{\"count\":3},\"winlog.event_data.SourcePortName\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":1},\"winlog.event_data.SubjectUserName\":{\"count\":2},\"winlog.event_data.TargetUser\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"logs-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"3b4066b6-77d5-404c-a7f7-b30ed6cb5ab0","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMTAsMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}"},"title":"Security - Select User","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Select User\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1587572089136\",\"label\":\"Domain(s)\",\"options\":{\"dynamicOptions\":true,\"multiselect\":true,\"order\":\"desc\",\"size\":5,\"type\":\"terms\"},\"parent\":\"\",\"type\":\"list\",\"fieldName\":\"\",\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1587713561601\",\"fieldName\":\"\",\"parent\":\"\",\"label\":\"Username(s)\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"}],\"pinFilters\":false,\"updateFiltersOnChange\":false,\"useTimeFilter\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"4a675166-ce19-4836-9567-eda4ab46b3d5","managed":false,"references":[{"id":"3b4066b6-77d5-404c-a7f7-b30ed6cb5ab0","name":"control_0_index_pattern","type":"index-pattern"},{"id":"3b4066b6-77d5-404c-a7f7-b30ed6cb5ab0","name":"control_1_index_pattern","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMTEsMV0="} -{"attributes":{"allowHidden":false,"allowNoIndex":true,"fieldAttrs":"{}","fieldFormatMap":"{}","fields":"[]","name":"logs-*","runtimeFieldMap":"{}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-*"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"25aa14ff-d525-4751-a29d-290859861006","managed":true,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMTIsMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security - Filter Hosts","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security - Filter Hosts\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Event count\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Host name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]},\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"8d476795-134d-4689-9050-a24b57adaa90","managed":false,"references":[{"id":"25aa14ff-d525-4751-a29d-290859861006","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMTMsMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Security - Select Host","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Select Host\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1588685297382\",\"fieldName\":\"\",\"parent\":\"\",\"label\":\"Host\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"5c4b0b82-4972-40fe-b2ee-86c366342a98","managed":false,"references":[{"id":"3b4066b6-77d5-404c-a7f7-b30ed6cb5ab0","name":"control_0_index_pattern","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMTQsMV0="} -{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":10},\"source.ip\":{\"count\":3},\"source.port\":{\"count\":3},\"winlog.event_data.IpAddress\":{\"count\":6},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":5},\"winlog.event_data.TargetDomainName\":{\"count\":9},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.event_data.ProcessID\":{\"count\":1},\"process.executable\":{\"count\":2},\"destination.ip\":{\"count\":1},\"destination.port\":{\"count\":1},\"network.transport\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.DestinationIp\":{\"count\":5},\"winlog.event_data.DestinationPort\":{\"count\":1},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.SourceIp\":{\"count\":3},\"winlog.event_data.SourcePort\":{\"count\":3},\"winlog.event_data.SourcePortName\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":1},\"winlog.event_data.SubjectUserName\":{\"count\":2},\"winlog.event_data.TargetUser\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"logs-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:34:04.109Z","id":"e3f24157-721c-4741-ac8f-8be48c22d612","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:34:04.109Z","version":"WzIwNjksMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Logons Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logons Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Logons\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"4eccff45-c97a-480f-b593-4744922893e5","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMTYsMV0="} -{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":10},\"source.ip\":{\"count\":3},\"source.port\":{\"count\":3},\"winlog.event_data.IpAddress\":{\"count\":6},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":5},\"winlog.event_data.TargetDomainName\":{\"count\":9},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.event_data.ProcessID\":{\"count\":1},\"process.executable\":{\"count\":2},\"destination.ip\":{\"count\":1},\"destination.port\":{\"count\":1},\"network.transport\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.DestinationIp\":{\"count\":5},\"winlog.event_data.DestinationPort\":{\"count\":1},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.SourceIp\":{\"count\":3},\"winlog.event_data.SourcePort\":{\"count\":3},\"winlog.event_data.SourcePortName\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":1},\"winlog.event_data.SubjectUserName\":{\"count\":2},\"winlog.event_data.TargetUser\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"logs-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"64c636e6-00f6-469a-9315-1b8ae52c344f","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMTcsMV0="} -{"attributes":{"fieldAttrs":"{\"host.name\":{\"count\":7},\"process.name\":{\"count\":6},\"winlog.computer_name\":{\"count\":5},\"winlog.event_data.ProcessName\":{\"count\":10},\"source.ip\":{\"count\":3},\"source.port\":{\"count\":3},\"winlog.event_data.IpAddress\":{\"count\":6},\"winlog.event_data.IpPort\":{\"count\":2},\"winlog.event_data.LogonProcessName\":{\"count\":2},\"process.pid\":{\"count\":1},\"winlog.event_data.ProcessId\":{\"count\":5},\"winlog.event_data.TargetDomainName\":{\"count\":9},\"client.user.domain\":{\"count\":1},\"client.user.name\":{\"count\":1},\"group.domain\":{\"count\":1},\"host.user.domain\":{\"count\":1},\"server.user.domain\":{\"count\":1},\"user.domain\":{\"count\":2},\"winlog.event_data.LogonType\":{\"count\":2},\"winlog.event_data.Status\":{\"count\":1},\"winlog.event_data.SubStatus\":{\"count\":1},\"winlog.event_data.TargetUserName\":{\"count\":3},\"winlog.event_data.WorkstationName\":{\"count\":1},\"winlog.logon.failure.status\":{\"count\":1},\"event.id\":{\"count\":1},\"winlog.event_data.ProcessID\":{\"count\":1},\"process.executable\":{\"count\":2},\"destination.ip\":{\"count\":1},\"destination.port\":{\"count\":1},\"network.transport\":{\"count\":1},\"user.name\":{\"count\":1},\"winlog.event_data.DestinationIp\":{\"count\":5},\"winlog.event_data.DestinationPort\":{\"count\":1},\"winlog.event_data.Path\":{\"count\":1},\"winlog.event_data.SourceIp\":{\"count\":3},\"winlog.event_data.SourcePort\":{\"count\":3},\"winlog.event_data.SourcePortName\":{\"count\":1},\"winlog.event_data.SubjectDomainName\":{\"count\":1},\"winlog.event_data.SubjectUserName\":{\"count\":2},\"winlog.event_data.TargetUser\":{\"count\":2}}","fieldFormatMap":"{\"winver\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","name":"winlogbeat-*","runtimeFieldMap":"{\"day_of_week\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['@timestamp'].value.dayOfWeekEnum.getValue())\"}},\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit (doc['@timestamp'].value.getHour())\"}}}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"winlogbeat-*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"04bfaff0-0ab7-4110-83cd-4e3a46766985","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMTgsMV0="} -{"attributes":{"columns":[],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(event.code:4624 OR event.code:4625) and not user.name:*$\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"user.domain\",\"value\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"params\":[\"NT AUTHORITY\",\"Window Manager\",\"Font Driver Host\"],\"alias\":null,\"negate\":true,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"user.domain\":\"NT AUTHORITY\"}},{\"match_phrase\":{\"user.domain\":\"Window Manager\"}},{\"match_phrase\":{\"user.domain\":\"Font Driver Host\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Human User Logon Events","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"ca236bdc-289e-4f9d-8f5e-05d0c3da14f7","managed":false,"references":[{"id":"64c636e6-00f6-469a-9315-1b8ae52c344f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"04bfaff0-0ab7-4110-83cd-4e3a46766985","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMTksMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Logon attempts","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logon attempts\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Login attempts\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"3f7d1f53-6b70-4235-879a-f149d98c9063","managed":false,"references":[{"id":"ca236bdc-289e-4f9d-8f5e-05d0c3da14f7","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMjAsMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Logon events over time","uiStateJSON":"{\"vis\":{\"colors\":{\"Failed attempts\":\"#BF1B00\",\"Successful atempts\":\"#629E51\"}}}","version":1,"visState":"{\"title\":\"Security - Logon events over time\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":1,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm:ss\"}},\"params\":{\"date\":true,\"interval\":\"PT30S\",\"format\":\"HH:mm:ss\",\"bounds\":{\"min\":\"2020-04-23T08:41:59.000Z\",\"max\":\"2020-04-23T08:56:59.000Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":0,\"format\":{},\"params\":{},\"aggType\":\"filters\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"filters\",\"schema\":\"group\",\"params\":{\"filters\":[{\"input\":{\"query\":\"event.code:4625\",\"language\":\"lucene\"},\"label\":\"Failed attempts\"},{\"input\":{\"query\":\"event.code:4624\",\"language\":\"lucene\"},\"label\":\"Successful atempts\"}]}},{\"id\":\"3\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15m\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"42ae3f23-386c-4ceb-bb84-98879107338b","managed":false,"references":[{"id":"ca236bdc-289e-4f9d-8f5e-05d0c3da14f7","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMjEsMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"event.code\",\"value\":\"4,624, 4,625\",\"params\":[\"4624\",\"4625\"],\"alias\":null,\"negate\":false,\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"event.code\":\"4624\"}},{\"match_phrase\":{\"event.code\":\"4625\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}]}"},"savedSearchRefName":"search_0","title":"Security - Logon hosts pie","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logon hosts pie\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Computers\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.TargetUserName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Computer\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"1e3228b7-ae0f-4e37-8586-558d4eb63d23","managed":false,"references":[{"id":"04bfaff0-0ab7-4110-83cd-4e3a46766985","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"ca236bdc-289e-4f9d-8f5e-05d0c3da14f7","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMjIsMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Logon hosts","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Logon hosts\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"host.name\",\"customLabel\":\"Hosts\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"b019f88f-c449-4d6f-b812-78ed5a9248a9","managed":false,"references":[{"id":"ca236bdc-289e-4f9d-8f5e-05d0c3da14f7","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMjMsMV0="} -{"attributes":{"columns":["event.code","host.name","winlog.event_data.TargetDomainName","winlog.event_data.TargetUserName","winlog.event_data.IpAddress","event.action","event.outcome","winlog.event_data.LogonType"],"description":"","grid":{"columns":{"user.domain":{"width":119},"user.name":{"width":134}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(event.code:4624 OR event.code:4625) and not user.name:*$\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Human Logon & Logoff events","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"e077e6a8-f42a-4444-bcb4-19b8916163fe","managed":false,"references":[{"id":"64c636e6-00f6-469a-9315-1b8ae52c344f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMjQsMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Network Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Network Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Network Connections\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"80b03097-c117-44d0-8413-3c932d0886a2","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMjUsMV0="} -{"attributes":{"columns":[],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id : \\\"3\\\" and event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"All network activity ","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"f02a3c3d-eb39-4347-91f7-d62bece13128","managed":false,"references":[{"id":"64c636e6-00f6-469a-9315-1b8ae52c344f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMjYsMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Network Activity Line","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Network Activity Line\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Connections\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-15y\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"extendToTimeRange\":false,\"scaleMetricValues\":false,\"interval\":\"auto\",\"used_interval\":\"30d\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"}],\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Connections\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Connections\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm:ss\"}},\"params\":{\"date\":true,\"interval\":\"PT30S\",\"format\":\"HH:mm:ss\",\"bounds\":{\"min\":\"2020-04-24T15:29:10.918Z\",\"max\":\"2020-04-24T15:44:10.918Z\"}},\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\",\"truncateLegend\":true,\"maxLegendLines\":1,\"radiusRatio\":9}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"aa741894-2140-4529-a488-6d34ed57abef","managed":false,"references":[{"id":"f02a3c3d-eb39-4347-91f7-d62bece13128","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMjcsMV0="} -{"attributes":{"columns":["winlog.event_data.DestinationHostname","destination.ip","winlog.event_data.DestinationIsIpv6","network.","process.executable","winlog.event_data.DestinationPort","winlog.event_data.Protocol","winlog.user.name","winlog.user.type","source.ip","winlog.event_data.SourceIsIpv6","source.port","network.protocol"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id:3 AND NOT (destination.ip:\\\"10.0.0.0/8\\\" OR destination.ip:\\\"172.16.0.0/16\\\" OR destination.ip:\\\"192.168.0.0/16\\\" OR destionation.ip:\\\"224.0.0.0/24\\\" OR destination.ip:\\\"169.254.0.0/16\\\" OR destination.ip:\\\"127.0.0.1\\\" OR destination.ip:\\\"fe80::/10\\\" OR destination.ip:\\\"fc00::/7\\\") AND NOT (process.name:iexplore.exe OR process.name:chrome.exe OR process.name:firefox.exe OR process.name:opera.exe) AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"srch_sd_non_browsers_connection","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"50b150ad-5aff-4706-9229-d9bcb38255ef","managed":false,"references":[{"id":"64c636e6-00f6-469a-9315-1b8ae52c344f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-23T15:24:04.448Z","version":"WzI1MzksMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Network Process List","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Security - Network Process List\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.DestinationIp\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Destination IP\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":false,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.TargetUserName\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Logged on user\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Computer\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.ProcessId\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":4,\"direction\":\"asc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"},{\"accessor\":4,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"date\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"percentageCol\":\"\",\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"e45875a5-d1ae-4c92-9683-86392f740aae","managed":false,"references":[{"id":"50b150ad-5aff-4706-9229-d9bcb38255ef","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMjksMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Network connections area ","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Network connections area \",\"type\":\"area\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":false,\"type\":\"terms\",\"params\":{\"field\":\"network.protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"group\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"winlog.event_data.ProcessId\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"group\"}],\"params\":{\"type\":\"area\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#34130C\"},\"labels\":{},\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"series\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\",\"truncateLegend\":true,\"maxLegendLines\":1,\"radiusRatio\":9}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"48405764-dc21-463c-bef1-3c0da9a0e42a","managed":false,"references":[{"id":"50b150ad-5aff-4706-9229-d9bcb38255ef","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMzAsMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Overview - Processes with unusual network activity","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Overview - Processes with unusual network activity\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"significant_terms\",\"params\":{\"field\":\"winlog.event_data.ProcessId\",\"size\":10,\"include\":\"\",\"json\":\"\",\"customLabel\":\"Process\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"string\"},\"params\":{},\"label\":\"Process\",\"aggType\":\"significant_terms\"}]},\"showToolbar\":true,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"5e7314fa-49ae-4328-b799-017c6a3c4fbb","managed":false,"references":[{"id":"50b150ad-5aff-4706-9229-d9bcb38255ef","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMzEsMV0="} -{"attributes":{"columns":["host.name","winlog.event_data.TargetUserName","winlog.event_data.TargetDomainName","winlog.event_data.SourceIp","winlog.event_data.SourcePort","winlog.event_data.DestinationIp","winlog.event_data.DestinationPort","winlog.event_data.ProcessId","winlog.event_data.ProcessName"],"description":"","grid":{"columns":{"winlog.event_data.SubjectDomainName":{"width":216}}},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id:3 AND NOT (destination.ip:\\\"10.0.0.0/8\\\" OR destination.ip:\\\"172.16.0.0/16\\\" OR destination.ip:\\\"192.168.0.0/16\\\" OR destionation.ip:\\\"224.0.0.0/24\\\" OR destination.ip:\\\"169.254.0.0/16\\\" OR destination.ip:\\\"127.0.0.1\\\" OR destination.ip:\\\"fe80::/10\\\" OR destination.ip:\\\"fc00::/7\\\") and event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"srch_uds_non_private_network","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"e35a92e5-1ca7-4c49-8f92-bba46bb6b8f4","managed":false,"references":[{"id":"25aa14ff-d525-4751-a29d-290859861006","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMzIsMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Processes Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Processes Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Processes & Powershell\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"b54164ff-6ee5-47d6-a42b-8ac2cec9cad9","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMzMsMV0="} -{"attributes":{"columns":["host.name","winlog.event_data.TargetDomainName","winlog.event_data.User","winlog.event_data.ProcessId","winlog.event_data.ProcessName","winlog.event_data.Hashes","process.args"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"event.code:\\\"1\\\" AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Process Spawns","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"826cccdc-b0be-4819-aab4-4082eb2ea6b5","managed":false,"references":[{"id":"64c636e6-00f6-469a-9315-1b8ae52c344f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMzQsMV0="} -{"attributes":{"columns":["user.domain","user.name","host.name","process.executable","process.command_line","process.parent.executable","process.parent.command_line","file.path","event.code"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"process.parent.name:\\\"powershell.exe\\\" OR process.name:\\\"powershell.exe\\\" OR winlog.event_data.OriginalFileName:\\\"PowerShell.EXE\\\" OR process.command_line.text:\\\"powershell\\\" OR parent.process.command_line.text:\\\"powershell\\\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"srch_sd_powershell_run","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"dd7d1b84-be2f-4dd5-bff9-5dc3d41cca62","managed":false,"references":[{"id":"64c636e6-00f6-469a-9315-1b8ae52c344f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMzUsMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Powershell Run Count","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"}],\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":60,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"title\":\"Security - Powershell Run Count\",\"type\":\"metric\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"bf65ea9e-3cf4-4394-ace6-e45968bdfaf6","managed":false,"references":[{"id":"dd7d1b84-be2f-4dd5-bff9-5dc3d41cca62","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMzYsMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Powershell runs over time","uiStateJSON":"{}","version":1,"visState":"{\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now/w\",\"to\":\"now/w\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"dimensions\":{\"x\":null,\"y\":[{\"accessor\":0,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}]},\"grid\":{\"categoryLines\":false},\"labels\":{},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"thresholdLine\":{\"color\":\"#34130C\",\"show\":false,\"style\":\"full\",\"value\":10,\"width\":1},\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"fittingFunction\":\"zero\",\"legendSize\":\"auto\"},\"title\":\"Security - Powershell runs over time\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"28a2a074-23e1-4739-a9c0-1f04e4416aab","managed":false,"references":[{"id":"dd7d1b84-be2f-4dd5-bff9-5dc3d41cca62","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMzcsMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Security - Power shell hosts pie","uiStateJSON":"{}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"host.name\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"addTooltip\":true,\"dimensions\":{\"metric\":{\"accessor\":0,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"params\":{}}},\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"title\":\"Security - Power shell hosts pie\",\"type\":\"pie\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"04061d59-6e1f-46f4-887b-e1877e32a7fc","managed":false,"references":[{"id":"dd7d1b84-be2f-4dd5-bff9-5dc3d41cca62","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMzgsMV0="} -{"attributes":{"columns":["user.domain","user.name","host.name","process.executable","process.args","process.parent.executable","process.parent.args"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(process.parent.name:\\\"powershell.exe\\\" OR process.name:\\\"powershell.exe\\\" OR winlog.event_data.OriginalFileName:\\\"PowerShell.EXE\\\") AND process.command_line.text:(\\\"invoke\\\" or \\\"bypass\\\" or \\\"iex\\\" or \\\"ex\\\" or \\\"icm\\\" or \\\"new-object\\\" or \\\"set\\\" or \\\"get\\\" or \\\"write\\\" or \\\"out\\\" or \\\"download\\\" or \\\"encoded\\\")\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Potentially Suspicious Powershell","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"3617dcd4-57c2-404c-a865-74ef3cddf9cb","managed":false,"references":[{"id":"64c636e6-00f6-469a-9315-1b8ae52c344f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwMzksMV0="} -{"attributes":{"columns":["user.domain","user.name","host.name","destination.domain","destination.ip"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id:3 AND (process.parent.name:\\\"powershell.exe\\\" OR process.name:\\\"powershell.exe\\\" OR winlog.event_data.OriginalFileName:\\\"PowerShell.EXE\\\") AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"srch_uds_powershell_network","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"04c60a34-98a9-4073-8538-97996e80855f","managed":false,"references":[{"id":"64c636e6-00f6-469a-9315-1b8ae52c344f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwNDAsMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Files title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Files title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Files\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"77c2b538-1477-4bf8-bdde-6dcf0605b596","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwNDEsMV0="} -{"attributes":{"columns":[],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"file.path.text: \\\"tmp\\\" OR file.path.text:\\\"temp\\\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"exists\",\"key\":\"file.path\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"},\"query\":{\"exists\":{\"field\":\"file.path\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"TEMP & %TEMP%","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"d3792434-6184-44ed-bad4-830249085d68","managed":false,"references":[{"id":"64c636e6-00f6-469a-9315-1b8ae52c344f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"04bfaff0-0ab7-4110-83cd-4e3a46766985","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwNDIsMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"TEMP & %TEMP%","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"file.path\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Target File\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":30,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Hostname\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"aggType\":\"terms\"}]},\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"TEMP & %TEMP%\"}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"45809ac4-b7f7-47b9-87c4-2317cfda1493","managed":false,"references":[{"id":"d3792434-6184-44ed-bad4-830249085d68","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwNDMsMV0="} -{"attributes":{"columns":["@timestamp","user.domain","user.name","host.name","process.executable","winlog.event_data.ProcessId"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id: \\\"9\\\" AND event.provider : \\\"Microsoft-Windows-Sysmon\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Raw Access Events","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"bcf814ff-fe22-40ed-882d-2c77f3c3e7d5","managed":false,"references":[{"id":"64c636e6-00f6-469a-9315-1b8ae52c344f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwNDQsMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"title":"Security - Windows Defender Title","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - Windows Defender Title\",\"type\":\"markdown\",\"params\":{\"markdown\":\"## Windows Defender\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"a2cdbce1-9070-4851-909f-774a80d2875a","managed":false,"references":[],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwNDUsMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"winlog.event_id:(1006 or 1007 or 1008 or 1009 or 1116 or 1117 or 1118 or 1119)\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Security - AV Events Count","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Security - AV Events Count\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Windows AV Events\",\"emptyAsNull\":false},\"schema\":\"metric\"}],\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"}}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"6ac9a9da-1772-483c-8c32-b049f0273186","managed":false,"references":[{"id":"64c636e6-00f6-469a-9315-1b8ae52c344f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwNDYsMV0="} -{"attributes":{"columns":[],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"type\":\"phrases\",\"key\":\"winlog.event_id\",\"value\":[\"1006\",\"1007\",\"1008\",\"1009\",\"1116\",\"1117\",\"1118\",\"1119\"],\"params\":[\"1006\",\"1007\",\"1008\",\"1009\",\"1116\",\"1117\",\"1118\",\"1119\"],\"negate\":false,\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"should\":[{\"match_phrase\":{\"winlog.event_id\":\"1006\"}},{\"match_phrase\":{\"winlog.event_id\":\"1007\"}},{\"match_phrase\":{\"winlog.event_id\":\"1008\"}},{\"match_phrase\":{\"winlog.event_id\":\"1009\"}},{\"match_phrase\":{\"winlog.event_id\":\"1116\"}},{\"match_phrase\":{\"winlog.event_id\":\"1117\"}},{\"match_phrase\":{\"winlog.event_id\":\"1118\"}},{\"match_phrase\":{\"winlog.event_id\":\"1119\"}}],\"minimum_should_match\":1}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"AV Detection event","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"60f38e0b-274f-44d6-9b66-fa83080c88bb","managed":false,"references":[{"id":"64c636e6-00f6-469a-9315-1b8ae52c344f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"04bfaff0-0ab7-4110-83cd-4e3a46766985","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwNDcsMV0="} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"AV Hits (Count)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"AV Hits (Count)\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":60}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"AV Detection hits\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"fe86395f-474e-43a1-a772-34d1306373e0","managed":false,"references":[{"id":"60f38e0b-274f-44d6-9b66-fa83080c88bb","name":"search_0","type":"search"}],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwNDgsMV0="} -{"attributes":{"columns":["winlog.event_data.Detection User","host.name","winlog.event_data.Path","winlog.event_data.FWLink"],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"winlog.event_id: 1116\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"negate\":false,\"type\":\"phrase\",\"key\":\"event.provider\",\"params\":{\"query\":\"Microsoft-Windows-Windows Defender\"},\"disabled\":false,\"alias\":null,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"},\"query\":{\"match_phrase\":{\"event.provider\":{\"query\":\"Microsoft-Windows-Windows Defender\"}}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Defender AV Detections","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-22T21:22:39.376Z","id":"1344681a-24b5-4829-b4d6-ec18d2de5ba5","managed":false,"references":[{"id":"64c636e6-00f6-469a-9315-1b8ae52c344f","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"04bfaff0-0ab7-4110-83cd-4e3a46766985","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","typeMigrationVersion":"8.0.0","updated_at":"2024-10-22T21:22:39.376Z","version":"WzIwNDksMV0="} -{"attributes":{"description":"User Security overview, filtered by Domain / Username or hostname","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"bd9e6265-dae7-493b-88b0-e3dee8508541\"},\"panelIndex\":\"bd9e6265-dae7-493b-88b0-e3dee8508541\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_bd9e6265-dae7-493b-88b0-e3dee8508541\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":23,\"h\":7,\"i\":\"956d6ef1-5d6b-4ccc-a123-fa66805c15db\"},\"panelIndex\":\"956d6ef1-5d6b-4ccc-a123-fa66805c15db\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Search users\",\"panelRefName\":\"panel_956d6ef1-5d6b-4ccc-a123-fa66805c15db\"},{\"type\":\"visualization\",\"gridData\":{\"x\":23,\"y\":3,\"w\":25,\"h\":7,\"i\":\"62ea04ec-0776-46c0-9b8c-cf2915600337\"},\"panelIndex\":\"62ea04ec-0776-46c0-9b8c-cf2915600337\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Filter hosts\",\"panelRefName\":\"panel_62ea04ec-0776-46c0-9b8c-cf2915600337\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":10,\"w\":23,\"h\":7,\"i\":\"45ac8571-ae44-4bb5-a237-cd230ede51d5\"},\"panelIndex\":\"45ac8571-ae44-4bb5-a237-cd230ede51d5\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Search hosts\",\"panelRefName\":\"panel_45ac8571-ae44-4bb5-a237-cd230ede51d5\"},{\"type\":\"lens\",\"gridData\":{\"x\":23,\"y\":10,\"w\":25,\"h\":7,\"i\":\"1324f39e-f215-45e9-b679-05b06e4fcb9d\"},\"panelIndex\":\"1324f39e-f215-45e9-b679-05b06e4fcb9d\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"id\":\"e3f24157-721c-4741-ac8f-8be48c22d612\",\"name\":\"indexpattern-datasource-layer-d123adeb-fd39-4176-b3c9-69c88d2852d5\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"6f33ff19-9959-4c43-b791-939582a0b3d2\",\"isTransposed\":false},{\"columnId\":\"26752485-2aa5-4908-b400-504d6e7ef451\",\"isTransposed\":false},{\"columnId\":\"cc4e45f6-be3a-4de0-a416-e21043b601bb\",\"isTransposed\":false,\"isMetric\":false}],\"layerId\":\"d123adeb-fd39-4176-b3c9-69c88d2852d5\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"d123adeb-fd39-4176-b3c9-69c88d2852d5\":{\"columns\":{\"6f33ff19-9959-4c43-b791-939582a0b3d2\":{\"label\":\"Event Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"26752485-2aa5-4908-b400-504d6e7ef451\":{\"label\":\"Filters\",\"dataType\":\"string\",\"operationType\":\"filters\",\"scale\":\"ordinal\",\"isBucketed\":true,\"params\":{\"filters\":[{\"label\":\"\",\"input\":{\"query\":\"\\\"log\\\" : *\",\"language\":\"kuery\"}}]}},\"cc4e45f6-be3a-4de0-a416-e21043b601bb\":{\"label\":\"Top 3 values of user.domain\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.domain\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6f33ff19-9959-4c43-b791-939582a0b3d2\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}}},\"columnOrder\":[\"26752485-2aa5-4908-b400-504d6e7ef451\",\"cc4e45f6-be3a-4de0-a416-e21043b601bb\",\"6f33ff19-9959-4c43-b791-939582a0b3d2\"],\"sampling\":1,\"indexPatternId\":\"a2ce5204-8ea0-4af2-a2d7-daf564ce2841\",\"incompleteColumns\":{}}},\"currentIndexPatternId\":\"a2ce5204-8ea0-4af2-a2d7-daf564ce2841\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Filter users\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":17,\"w\":48,\"h\":4,\"i\":\"b453a1df-c025-430b-84e3-d6dc7a8c48f1\"},\"panelIndex\":\"b453a1df-c025-430b-84e3-d6dc7a8c48f1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b453a1df-c025-430b-84e3-d6dc7a8c48f1\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":21,\"w\":9,\"h\":7,\"i\":\"e5de9fc4-5863-470c-8246-0a86f5af897e\"},\"panelIndex\":\"e5de9fc4-5863-470c-8246-0a86f5af897e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e5de9fc4-5863-470c-8246-0a86f5af897e\"},{\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":21,\"w\":20,\"h\":14,\"i\":\"8f7f6de1-8c0f-4a35-8d03-1c4e01e72c48\"},\"panelIndex\":\"8f7f6de1-8c0f-4a35-8d03-1c4e01e72c48\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Logon attempts\",\"panelRefName\":\"panel_8f7f6de1-8c0f-4a35-8d03-1c4e01e72c48\"},{\"type\":\"visualization\",\"gridData\":{\"x\":29,\"y\":21,\"w\":19,\"h\":14,\"i\":\"c53cdf71-278e-4972-9e0d-cd9b3b75c2e2\"},\"panelIndex\":\"c53cdf71-278e-4972-9e0d-cd9b3b75c2e2\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Logged on computers\",\"panelRefName\":\"panel_c53cdf71-278e-4972-9e0d-cd9b3b75c2e2\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":28,\"w\":9,\"h\":7,\"i\":\"0d1c0533-598a-4304-80be-c22047edcbe1\"},\"panelIndex\":\"0d1c0533-598a-4304-80be-c22047edcbe1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0d1c0533-598a-4304-80be-c22047edcbe1\"},{\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":35,\"w\":48,\"h\":17,\"i\":\"1a7e0e6d-e2dd-4bb3-8d5e-432d9ac12396\"},\"panelIndex\":\"1a7e0e6d-e2dd-4bb3-8d5e-432d9ac12396\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"User Logon & Logoff Events\",\"panelRefName\":\"panel_1a7e0e6d-e2dd-4bb3-8d5e-432d9ac12396\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":52,\"w\":48,\"h\":4,\"i\":\"0fab3d76-5411-46e4-982f-4d4626c977b8\"},\"panelIndex\":\"0fab3d76-5411-46e4-982f-4d4626c977b8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0fab3d76-5411-46e4-982f-4d4626c977b8\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":56,\"w\":48,\"h\":14,\"i\":\"b0ec1bf9-7f59-4cc9-9f9c-40aba7375305\"},\"panelIndex\":\"b0ec1bf9-7f59-4cc9-9f9c-40aba7375305\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"All network connections\",\"panelRefName\":\"panel_b0ec1bf9-7f59-4cc9-9f9c-40aba7375305\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":70,\"w\":24,\"h\":15,\"i\":\"f068f3e0-1c90-4f9d-93ca-a7e7c96df39c\"},\"panelIndex\":\"f068f3e0-1c90-4f9d-93ca-a7e7c96df39c\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}},\"enhancements\":{}},\"title\":\"Network connections from non-browser processes\",\"panelRefName\":\"panel_f068f3e0-1c90-4f9d-93ca-a7e7c96df39c\"},{\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":70,\"w\":24,\"h\":15,\"i\":\"6da7d5e7-a679-42d4-b2f7-bb3c958ab16b\"},\"panelIndex\":\"6da7d5e7-a679-42d4-b2f7-bb3c958ab16b\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Network connection by protocol\",\"panelRefName\":\"panel_6da7d5e7-a679-42d4-b2f7-bb3c958ab16b\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":85,\"w\":48,\"h\":15,\"i\":\"6d5d4b74-133b-4fef-8ae5-14d2e7037a78\"},\"panelIndex\":\"6d5d4b74-133b-4fef-8ae5-14d2e7037a78\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Unusual network connections from non-browser processes\",\"panelRefName\":\"panel_6d5d4b74-133b-4fef-8ae5-14d2e7037a78\"},{\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":100,\"w\":48,\"h\":10,\"i\":\"ea6ad677-7322-4c5c-8946-cac4dd983b26\"},\"panelIndex\":\"ea6ad677-7322-4c5c-8946-cac4dd983b26\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Network Connection Events (Sysmon ID 3)\",\"panelRefName\":\"panel_ea6ad677-7322-4c5c-8946-cac4dd983b26\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":110,\"w\":48,\"h\":4,\"i\":\"43b61744-5553-4fd1-894c-6e91a799f4a2\"},\"panelIndex\":\"43b61744-5553-4fd1-894c-6e91a799f4a2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_43b61744-5553-4fd1-894c-6e91a799f4a2\"},{\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":114,\"w\":48,\"h\":14,\"i\":\"9a522603-8d31-4ad6-ac4f-130a814f54fa\"},\"panelIndex\":\"9a522603-8d31-4ad6-ac4f-130a814f54fa\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Spawned Processes\",\"panelRefName\":\"panel_9a522603-8d31-4ad6-ac4f-130a814f54fa\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":128,\"w\":10,\"h\":15,\"i\":\"fad5ef2b-1cc8-47bd-832b-48aeb713f6e6\"},\"panelIndex\":\"fad5ef2b-1cc8-47bd-832b-48aeb713f6e6\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell Events\",\"panelRefName\":\"panel_fad5ef2b-1cc8-47bd-832b-48aeb713f6e6\"},{\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":128,\"w\":20,\"h\":15,\"i\":\"68d75f76-3806-4d15-81e9-d0dcfa34c9b9\"},\"panelIndex\":\"68d75f76-3806-4d15-81e9-d0dcfa34c9b9\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell events over time\",\"panelRefName\":\"panel_68d75f76-3806-4d15-81e9-d0dcfa34c9b9\"},{\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":128,\"w\":18,\"h\":15,\"i\":\"ed7a59ea-caa7-4396-89b7-90c6b8363800\"},\"panelIndex\":\"ed7a59ea-caa7-4396-89b7-90c6b8363800\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell events by computer\",\"panelRefName\":\"panel_ed7a59ea-caa7-4396-89b7-90c6b8363800\"},{\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":143,\"w\":25,\"h\":16,\"i\":\"cfe390f9-80a7-4a11-9a8c-7d599e41e38a\"},\"panelIndex\":\"cfe390f9-80a7-4a11-9a8c-7d599e41e38a\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Potentially suspicious powershell\",\"panelRefName\":\"panel_cfe390f9-80a7-4a11-9a8c-7d599e41e38a\"},{\"type\":\"search\",\"gridData\":{\"x\":25,\"y\":143,\"w\":23,\"h\":16,\"i\":\"9587ef7f-3554-4886-be6a-fae4648e87dd\"},\"panelIndex\":\"9587ef7f-3554-4886-be6a-fae4648e87dd\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Powershell network connections\",\"panelRefName\":\"panel_9587ef7f-3554-4886-be6a-fae4648e87dd\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":159,\"w\":48,\"h\":4,\"i\":\"7cfff19f-bf9d-4101-be63-4d9b8ea78e26\"},\"panelIndex\":\"7cfff19f-bf9d-4101-be63-4d9b8ea78e26\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7cfff19f-bf9d-4101-be63-4d9b8ea78e26\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":163,\"w\":24,\"h\":15,\"i\":\"4988f659-a275-4317-b071-8a350087a4e6\"},\"panelIndex\":\"4988f659-a275-4317-b071-8a350087a4e6\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"References to temporary files\",\"panelRefName\":\"panel_4988f659-a275-4317-b071-8a350087a4e6\"},{\"type\":\"search\",\"gridData\":{\"x\":24,\"y\":163,\"w\":24,\"h\":15,\"i\":\"bfae12f4-b2fd-471f-a111-daf49cd25ed3\"},\"panelIndex\":\"bfae12f4-b2fd-471f-a111-daf49cd25ed3\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"RawAccessRead (Sysmon Event 9)\",\"panelRefName\":\"panel_bfae12f4-b2fd-471f-a111-daf49cd25ed3\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":178,\"w\":48,\"h\":4,\"i\":\"a4f5d22b-fe87-4488-8d26-d0d9cdd10d6b\"},\"panelIndex\":\"a4f5d22b-fe87-4488-8d26-d0d9cdd10d6b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a4f5d22b-fe87-4488-8d26-d0d9cdd10d6b\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":182,\"w\":12,\"h\":14,\"i\":\"e8c5ac63-42b4-4081-85e3-378c85c0b4cb\"},\"panelIndex\":\"e8c5ac63-42b4-4081-85e3-378c85c0b4cb\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Defender event count\",\"panelRefName\":\"panel_e8c5ac63-42b4-4081-85e3-378c85c0b4cb\"},{\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":182,\"w\":12,\"h\":14,\"i\":\"30454a55-0210-43d2-af3d-822c5b519033\"},\"panelIndex\":\"30454a55-0210-43d2-af3d-822c5b519033\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_30454a55-0210-43d2-af3d-822c5b519033\"},{\"type\":\"search\",\"gridData\":{\"x\":24,\"y\":182,\"w\":24,\"h\":14,\"i\":\"6ff4d4db-16b6-4c80-8bb6-95e009803d1d\"},\"panelIndex\":\"6ff4d4db-16b6-4c80-8bb6-95e009803d1d\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"AV Detections (Event 1116)\",\"panelRefName\":\"panel_6ff4d4db-16b6-4c80-8bb6-95e009803d1d\"}]","timeRestore":false,"title":"User Security 2.0","version":1},"coreMigrationVersion":"8.8.0","created_at":"2024-10-23T15:24:54.858Z","id":"2fc36188-8461-4927-932e-0e452b7dc3ac","managed":false,"references":[{"id":"dec45d9f-11a2-4e39-ae58-4fc7885ce7dd","name":"bd9e6265-dae7-493b-88b0-e3dee8508541:panel_bd9e6265-dae7-493b-88b0-e3dee8508541","type":"visualization"},{"id":"4a675166-ce19-4836-9567-eda4ab46b3d5","name":"956d6ef1-5d6b-4ccc-a123-fa66805c15db:panel_956d6ef1-5d6b-4ccc-a123-fa66805c15db","type":"visualization"},{"id":"8d476795-134d-4689-9050-a24b57adaa90","name":"62ea04ec-0776-46c0-9b8c-cf2915600337:panel_62ea04ec-0776-46c0-9b8c-cf2915600337","type":"visualization"},{"id":"5c4b0b82-4972-40fe-b2ee-86c366342a98","name":"45ac8571-ae44-4bb5-a237-cd230ede51d5:panel_45ac8571-ae44-4bb5-a237-cd230ede51d5","type":"visualization"},{"id":"e3f24157-721c-4741-ac8f-8be48c22d612","name":"1324f39e-f215-45e9-b679-05b06e4fcb9d:indexpattern-datasource-layer-d123adeb-fd39-4176-b3c9-69c88d2852d5","type":"index-pattern"},{"id":"4eccff45-c97a-480f-b593-4744922893e5","name":"b453a1df-c025-430b-84e3-d6dc7a8c48f1:panel_b453a1df-c025-430b-84e3-d6dc7a8c48f1","type":"visualization"},{"id":"3f7d1f53-6b70-4235-879a-f149d98c9063","name":"e5de9fc4-5863-470c-8246-0a86f5af897e:panel_e5de9fc4-5863-470c-8246-0a86f5af897e","type":"visualization"},{"id":"42ae3f23-386c-4ceb-bb84-98879107338b","name":"8f7f6de1-8c0f-4a35-8d03-1c4e01e72c48:panel_8f7f6de1-8c0f-4a35-8d03-1c4e01e72c48","type":"visualization"},{"id":"1e3228b7-ae0f-4e37-8586-558d4eb63d23","name":"c53cdf71-278e-4972-9e0d-cd9b3b75c2e2:panel_c53cdf71-278e-4972-9e0d-cd9b3b75c2e2","type":"visualization"},{"id":"b019f88f-c449-4d6f-b812-78ed5a9248a9","name":"0d1c0533-598a-4304-80be-c22047edcbe1:panel_0d1c0533-598a-4304-80be-c22047edcbe1","type":"visualization"},{"id":"e077e6a8-f42a-4444-bcb4-19b8916163fe","name":"1a7e0e6d-e2dd-4bb3-8d5e-432d9ac12396:panel_1a7e0e6d-e2dd-4bb3-8d5e-432d9ac12396","type":"search"},{"id":"80b03097-c117-44d0-8413-3c932d0886a2","name":"0fab3d76-5411-46e4-982f-4d4626c977b8:panel_0fab3d76-5411-46e4-982f-4d4626c977b8","type":"visualization"},{"id":"aa741894-2140-4529-a488-6d34ed57abef","name":"b0ec1bf9-7f59-4cc9-9f9c-40aba7375305:panel_b0ec1bf9-7f59-4cc9-9f9c-40aba7375305","type":"visualization"},{"id":"e45875a5-d1ae-4c92-9683-86392f740aae","name":"f068f3e0-1c90-4f9d-93ca-a7e7c96df39c:panel_f068f3e0-1c90-4f9d-93ca-a7e7c96df39c","type":"visualization"},{"id":"48405764-dc21-463c-bef1-3c0da9a0e42a","name":"6da7d5e7-a679-42d4-b2f7-bb3c958ab16b:panel_6da7d5e7-a679-42d4-b2f7-bb3c958ab16b","type":"visualization"},{"id":"5e7314fa-49ae-4328-b799-017c6a3c4fbb","name":"6d5d4b74-133b-4fef-8ae5-14d2e7037a78:panel_6d5d4b74-133b-4fef-8ae5-14d2e7037a78","type":"visualization"},{"id":"e35a92e5-1ca7-4c49-8f92-bba46bb6b8f4","name":"ea6ad677-7322-4c5c-8946-cac4dd983b26:panel_ea6ad677-7322-4c5c-8946-cac4dd983b26","type":"search"},{"id":"b54164ff-6ee5-47d6-a42b-8ac2cec9cad9","name":"43b61744-5553-4fd1-894c-6e91a799f4a2:panel_43b61744-5553-4fd1-894c-6e91a799f4a2","type":"visualization"},{"id":"826cccdc-b0be-4819-aab4-4082eb2ea6b5","name":"9a522603-8d31-4ad6-ac4f-130a814f54fa:panel_9a522603-8d31-4ad6-ac4f-130a814f54fa","type":"search"},{"id":"bf65ea9e-3cf4-4394-ace6-e45968bdfaf6","name":"fad5ef2b-1cc8-47bd-832b-48aeb713f6e6:panel_fad5ef2b-1cc8-47bd-832b-48aeb713f6e6","type":"visualization"},{"id":"28a2a074-23e1-4739-a9c0-1f04e4416aab","name":"68d75f76-3806-4d15-81e9-d0dcfa34c9b9:panel_68d75f76-3806-4d15-81e9-d0dcfa34c9b9","type":"visualization"},{"id":"04061d59-6e1f-46f4-887b-e1877e32a7fc","name":"ed7a59ea-caa7-4396-89b7-90c6b8363800:panel_ed7a59ea-caa7-4396-89b7-90c6b8363800","type":"visualization"},{"id":"3617dcd4-57c2-404c-a865-74ef3cddf9cb","name":"cfe390f9-80a7-4a11-9a8c-7d599e41e38a:panel_cfe390f9-80a7-4a11-9a8c-7d599e41e38a","type":"search"},{"id":"04c60a34-98a9-4073-8538-97996e80855f","name":"9587ef7f-3554-4886-be6a-fae4648e87dd:panel_9587ef7f-3554-4886-be6a-fae4648e87dd","type":"search"},{"id":"77c2b538-1477-4bf8-bdde-6dcf0605b596","name":"7cfff19f-bf9d-4101-be63-4d9b8ea78e26:panel_7cfff19f-bf9d-4101-be63-4d9b8ea78e26","type":"visualization"},{"id":"45809ac4-b7f7-47b9-87c4-2317cfda1493","name":"4988f659-a275-4317-b071-8a350087a4e6:panel_4988f659-a275-4317-b071-8a350087a4e6","type":"visualization"},{"id":"bcf814ff-fe22-40ed-882d-2c77f3c3e7d5","name":"bfae12f4-b2fd-471f-a111-daf49cd25ed3:panel_bfae12f4-b2fd-471f-a111-daf49cd25ed3","type":"search"},{"id":"a2cdbce1-9070-4851-909f-774a80d2875a","name":"a4f5d22b-fe87-4488-8d26-d0d9cdd10d6b:panel_a4f5d22b-fe87-4488-8d26-d0d9cdd10d6b","type":"visualization"},{"id":"6ac9a9da-1772-483c-8c32-b049f0273186","name":"e8c5ac63-42b4-4081-85e3-378c85c0b4cb:panel_e8c5ac63-42b4-4081-85e3-378c85c0b4cb","type":"visualization"},{"id":"fe86395f-474e-43a1-a772-34d1306373e0","name":"30454a55-0210-43d2-af3d-822c5b519033:panel_30454a55-0210-43d2-af3d-822c5b519033","type":"visualization"},{"id":"1344681a-24b5-4829-b4d6-ec18d2de5ba5","name":"6ff4d4db-16b6-4c80-8bb6-95e009803d1d:panel_6ff4d4db-16b6-4c80-8bb6-95e009803d1d","type":"search"}],"type":"dashboard","typeMigrationVersion":"8.9.0","updated_at":"2024-10-23T15:24:54.858Z","version":"WzI1NDIsMV0="} -{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":42,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file diff --git a/dashboard_refactor/requirements.txt b/dashboard_refactor/requirements.txt deleted file mode 100644 index 345bc273..00000000 --- a/dashboard_refactor/requirements.txt +++ /dev/null @@ -1,2 +0,0 @@ -requests -urllib3 \ No newline at end of file

    JpIaQpa>oGtO5ZJhf zm6c(Y?$3xU+&uZQp8PbSrfzw@pCg^QW=+UMozLamMYiVal^Q_s4k{)J1&d^@p za(4V~Zv5fFh!sqM4AH?Bces}r>DN4Em(Z@ajxsGWz2eqK_WsSvtxr3cOorE7u z5lvA#ozZ>nmOA4OO$(~EuW$F}lFhtpYiP|5_Q{|k3G$|_k*d6g29gG%H(~ld1^e%(~|U$c;D>D^~$AtjSK7R_935WVqeSOA2c)KFXm|-bONTf#K@4 z>7wr+O;vZ$YR&2Sr5J^^Z+JQ22)&9SJ-D6lzD1;!h+TsztYE}r0$w(bRS{9>Pl!F6 zK-oRnhI!3nlS&JsvI{YZJ(w`2xco1_xAlXh6N^`~?SX#M0`Mo3HtB6Uh2B&N5=0AqEN` z#kVl=62!WKN{w(Q1OB@3-!E=YG%Zc*hmQtv(3m)>F>>kD~2u9Kj_}=A|%-AVUhfoQ0z&l*bj>fWowul*NC$p+q6Y9@?yOra)w)+ z%erHd`YwNd>=|5GNv3p#3%2cfp(bd)^D?7fSsuS1ZxOM-ky0-Yg?EY{@vS4oo8#ri zt2{)(Ft)e-QJ%}&&jKk{cmRUPs)w^fb|B<(UHh< z_6U`%Zy!Xwpl4TfS1|keM@{<{2=*3z**i`r)Aqg55u=$K@fsLYQ9sR|BN_FNQqXAtAKx{ZcS8Tkf=ryg_7&vXxR)j`g(qMr1LM zW{Pp!s-r|^;U(8SA+But^*FvNq-X{LQQzV^QqtcexRC%gCHAbYGuR#X6d|~56REN2 z0;VAfPy#Rp=vF5bi)m0A z^_(LJUun~5Eemie#F>;DsP#n%30$c9{>oS+u53X<(L(iIrAeIV^W90pYF4NoA@kFM zeZrarY2TgKz0qE!TCjh-4i&p{ldcn(oJ93?h_G*c``95^WFb_CTDA4sgf5UJ&Yg1k zBSSiU@3T&zr<{v0s?d%CYu(guO}{7)tHfY(%fx-&Q}I524Ps+{*N9zchqH`6pwTsb*tZQTX<8j!6SfZAcLV-vrkTh6U!YAagbXZ7LR^@b^ zgd3G7cz}@7eF$cDhAYr7@f_B8EHYN4ZVorWW();*#@duL&c3La&ZNLO$1*tkrJVhJ zc)Zi=5~0)6c}jg$A?xAt1k* zAo57OIt9(8t7yxlO>}#3qN(gw1#LPsJaMwwM_>rSxc&@o36j_A?uKfxzhl7tpn5*t z?c*PORS(ut1c2Nwr#RaW-W1e`mK-g~Yj_otm6a9ig3AQZLUuv~P<+TGAz0|m!|P!D#Sb` zP575w_w46WgVP(r_4GZ10M)Q98V7{a!*QhwGJ+F9yI^0nAcU@iVI9$PSkE?l+gZwG zANfO{Bxbx1#p6dh7!VkeAVE6*Dk`8u)YForM=Dur9v!5npXB*IZ7jKEudlt3pjp=A2v)wp=uYsCp=6V+`rzPRh;a`a+q8jYa!^c* z1w~3=yH={JWx`+LFl_Zj-?|0wl7gpz;Y!WtT^;*+w5GGCm8{>*PxI|rY#f+{U%zAH z-x_ONu9N*7PHa;7<%U#}b(w}6ka=iiNfUBKlTH0@^4Y{=Z%FoQyD}>WBE+8q*qD5i zJT0RZhjD`s)niW@wF=ETp@8+{bKJmGazw$@$bEX@!r*(&lHgDy2%b@hPTVgBycJ)X?hK%t1G@~ zFA7avTEL=ewm*&5rC)in#;<+0u(i(Po~*NvEteY*a4>5DF%{RwtGwN<66LQ`N1`wx zI#aK=JxfAJ*-1^cRBJ+NWis9?+jI@qQJqT1@VAMdUIt^M@B|CJhkr|JrIf{C z!w%iDise#QP)ELvam=0er2ESK#UJQNfdp9tu1Coia6XdBZ$y05V;Z%lPCR6qKHF=M z6HH;$c|oD>z91*w)E>UnzOFI5zyg4rt0l%j;Ify^4eZp3oqxh-Zsxi6O)~5*a@|_! zyu2nj-d|a;yIqoD{jPfr9ue)SaGebB4#l{Y>pFKy4iI#bvtg4xIWa0k6FvjghPlw4 zY6zDvaGGu)(4>bub3~tbyCrMeo&`}Gq@m~?R~`kOdod(UwmTNfc@`^qG?-qmJ)cnW zjSK$NK=9#Iqj|;jKywZPWzRl?F;w?9MCI=|7YJsqOkuXVss8_Bv!<-M>k{4md+gBv z!ifFPThPq`!+zfXVz*cSY0Klf`J60ezS-~Dw+|vdVU()?b6?0syQKW^$@3@`*>A<| zV`SPvggDBp-6Gk z>2D#Yi@UM~^U3>78aWPWT`st+TV*#zlUZ|>>51natwsc2*t}~}U+6%I(rGG0f{bS? z-)R`?t@f}Q!?+Bf>6vZ@9(IoFavpJNvFQew&jw~I_>=NmCxJ<`9wPs&yzhb9;5Ap0|jk46sw?a5vk=a$g=c{&V{o3p{d^Du+Xz;-5ko4dy z3wjLDo$_NG?`9n2vnY0*K6ibd(!apOUOTLvEK&0z zR&JCx56m8a_{3XhlS1=%*-HFBstZNOo_*s@rQNAr#YX1kNgB6=WjKUPkX>iG z&a}IY%g@gzt;DI86`{g5N9c0S_4+1_Y1f=kWq9;5z;iK|hhv9!OgE(*=iT|aF0Nne z$tdni}g8Yy64fr;$<~b)d9+&fW}0tyl3s%(JqC^ zvKWBfD=PkuNVuzJR6&ouZ;*nc^8oqLD8+=7Los%gVkEGc=!%)py1Uz@TUUFLq;CK? zumZj7rywzKW=Rn|tOe6w)t8V-wcT zFB+y~bo9|6tPy~u<1Xxu1wIQOIFGRA_gG+6T!^*o3J+0=!Y}y6&vqMRH)qu=ipP3o z#i5su&YP6B0fcqNeaP{^Y+tDUmERFZm*3>x3A;TDFm(K&?zO#-%UaGjzF6~YvEt~^ ze3y?>(3mZHQ*qS2`q-0utf|wShb}Do@lSVjAlUT)KhZ=yb{*n=U+pfTLK%1l!=oIN zwa!vX=T$qVugVDONTvc?$A^ed>4C)&V`zZH_BWS5pJ!qD9)Oyh!at{0pSz8{t*z^w zUcTj{pjRL-e^cLi8}OaL7NUBuuDopRoCzmO7~X4T6f(g4SRdtpn9YK+Eo-k6`guZyNjOKxLKk0)cq7Z{hYoe!i1mI}dlY4*DCN=H5vn zHU#uM{hPU?kXk3c_@!WNY9~P@xl1Lsj7MMupp@^Gv*#zdPieIi<(5)i_)LbX(bHlD ze!LlWLRi6*Yry(kpz3tfPblTgd{}CO%nHRnv2bE>*&mN3w#C`K>z={%7>P=N!5}v9 zof7V>cJ8@0uQt^0gBQ2{Y!1smB~D}rh|r6`Y2@~^kAL;b-!FcAr|7wp`q-oH+U2>{ z5BE=Q9p4!UHA=Lo-RXLA9Ts%2bbR-aFs||g^4GsV^AE57e<*Qs?)nYu?o|n|R+mmM z&uKqlM?EJXDQfveHBvt{rMFtm;_Um>PBBHpn^h4CG_D6~`)*C<*;S~#M+;di4}*66 zKN4TIhut(AKfLB7Q#e9aF5g{zi<~fGq8BU4?`GJ7=1gyqks>03_(Mly8t2L*AD>g} zignoNgzDWNv}5b(qW!qwgtcXo^NzJlm21U~vq++4eY!ZkQulRg&CS@5*0R)?Vs|+Q z*xMRtT#m~$M5V{h|K5E7P>?i7Xxa7c6+W!#{rIl^4%IJ!F&JbXOd<3XfmT!tXBO=b*+@#_xYljMw|_x_~j-BAwQsawY`I_3?xx3Q zlS)>&^-k=v2r~9ynsda8!DMfsNYxR%c*Zge+TPTjNQY^)u+pfsM`Job!;3~u*P4U1~Z`9OD{|ohDkjY@2oKP3g0- zvSIWz^A^&TgEbq%Lv4(HU0-@#xnnkkfjE_%mf>M?>#tD{xBRVJPsMc?yWs92H$~P3 zCtuZt8)@LhwSNKvO9H|p@rot|4`q0p>UjXY=WAk>)?|3so>)vQ6~aOD;hYZ)oNrVXJ&P5wPeC||29X>6(d&D4 zt2o{<@30rUPUYQ+E~NJmUvddfUWaN4Fy1xeYjCfU*6udhei$h@AZU4yY8zG>6&v|3 zWKp?4q?^Vrnvuv|-Uy^iNKj|6PL_x7{3i@PL4XO6fh-sL*HVMm2UosqUv|R7+xip3 zq+E>fX@}`CObi93{}i`qwAiI&VZIWr^h`w~$KQC%n2(}QLI|Z}>VW<6wiB9_8aZtGT8j^qkpa$ zwxDD9oRzBlOS`^TIK{Tw{=|tooiPXU&gVFHA1jK6Q+23;NnI9!2Pfz<0?2FQGYP6u zyjhJr0^5d-7RT9H7q1%>%=x3>+pHjkl>)I6g0WtYyq-Fp#KtuP1IeD641Tuay>4IG zKNv98x>llNowNR#tm(QMcy2Ap%lxx^Sasill~KjGe8D)!HKX!Whx}J){%nX$77;BWB$PHPz zvZKlVkb&8C#hU4$YoMtdn>0&bm1N1ums=c352;Dh96IWBn1FQUr3?LCk|f>g+YvXq z?>?NPX0otz8n!7YIJaknNpzsMCGf4UOA|`337PHtSz zJGEcBuV1@7wf|O5%ENoQ1KXq0g-$TKG|cs$T^%vDuncsV!p7BV+$(I{4XEXSFEAAi zdtA5=Ezk9G0g4A8knA>mQsTv$#bWT!#^r9RDO=g%4%Nn} z@xRT}Don-{x@viP>Ld)O9u|tR&!kjP*mOqTA{O5`=_}n%)=onAc$>He&HG1Fe>3^A zUhDl?%Z4rmQwCgnfMXOFi)h#v4CfS?!|pG~6JUA_0Vh|F^^cy1@rPv7E0s$@p|nl< zs@pu(5id?807^PIK!=70h==1>VM_Zs?go;9Ip6uuPEbxlvrKHUKEo`ia2glsnr zHcN4ZT>G@r*x=zwnd9GAtoX`;T?uZU~QM+(^=fj}e&78ZH+Yrmr?x2GlpeJ7?oI#oA4EC9mz!Hs8XZ}u`n4ko4d z7lJFo%s;-33Z0_|KWo0V(c0vCM7Mm+zI}Sac6%j+x{$k0-gkO>iGMExvd(!__|G={ zvmgFBAO6pLFLK1!nEM=xosJm-FN%@%+lai$y8PD|RKSfJ5 z;tgiMsqgZ#`fA(l*YPKlx_<7^vIWrUIJWS8j%~aDvk>Jb&DJ34eD<#_g-EPZN6Fda zp*xQ~9uLZ=H}H=$2L~UO6w9IMmB9~EBoX=nZQw3uaZxV8Jok~NbDMUWXXPo?8(f-? z9zd&I8to=S;tj_(ENGUA6HJOh0cCV~6O^^3%&%&;xce4j6!W>(;zV=j8GQ2t(Ja%QoBNu<>FG}ZleP(J)`#?@Bf$!=n?tmf&&=7 zbFkAu_)I0b4pr^*z(q9Kxl67p!j?aBni3ROJH1whBlu~8KuYi4Z3C2CdIoR-53~9V zDlB_|p|LCiFnj=cPCz1woo8ldo_5S!C0WXd2z;Js2E}SE`RWTTvuX16*m{qH zLR(aAYw#np8Gq#Ie>+cppWlGe2`#=~YP#%|CuJsl_Dj*rGv!l`qG=*)NfCV!jdm*r zlCLoKXC9&ef+e@u zwgF4BhMxv2NS?u}0VW&EZq~c{=V~5RRt*gnI(wPGIG;8tkH|-Ew^n->%O)45@`*+9O(7HSoc3*;GNQ z;ji{SA$KjHr%|sazDwp+TYp`w*N?M*@xkVe%P+a{yu_+I3$3+hD_YC^Z zov>=#N-BS}t@IU;Ghjn?_Q7#j{)^X!Wk=rYzGR=%bP;fz6L2g!LVA~0{^XK3(Wx0) z6>+50{!EhOp8j17wJStq6F$V%EV)SKa;fd=+*KN?Eb^K+EUzQH^qj`Gt{8^x&xNj~ z>3IlUNOB((31`wc-t};aFglkXtvg+;i`;r|eG?T{{MvuZa-+UhqGzdowHV+Vn8e~~ zW4^7t9MFUTbttP|uOt*M@2+RBuR0XIXZp)T*9hbjQ&oN*;F&OC$kRP&Fyvf=U3^vv zAHcsNmNf^6DAnRX7`OA@8o5a|!LIQA4M8KMi(!Sfbk-cD*z1kEG1a3%USyn9)sDVc z>^nv^U4af%G^Ht3NQg)&brd~0;^t_bxDdbA`VkP3X`05`2gvhlf;p?d&|xO-bar)y z3D@e(=)CCJw_myi6$)me%->s&pKyju3?Z<7-6vr(V^tU!EZeu0RbHQKD&gI`DW!1k zC^eIw^)lBWojyiN>~`(Jcyku2yfEJqhPohA;KurhAZGY-Y~bCn^s#s@h|np7yz?Me z*z2i=;CjWw?1F(@?wo;ijn4SORZHv z#@f~8BR0Xj*s8iuMtA!4rU=?mTqjmpQEC%ug|ZTSa;w6K@-vko>=sunntSOk$u1$t zD+UC^X7{M{(G_&7hsOt~2y$7)r3pXX`3&Q*wijFPI_nOWDcHWHj8HFe6HEQ6;QOlT>fMl4{<&oW)fl1BX5XqZv>*`%I)786w}U zH3ii$aPbMQ3PD!ou`Cq3sk z5v)$)MxVa)@T{~edVev0J>tIA2_Nvz@DAilN5u_!41pkZ1vD?XCC3cNiow20mvdLw zd&hVNGH#b%@|+CbIvh!>&+i=XoZSk~zg>v;-DW+MaP1V}I?JNg7nN!Xq*q zN?&jl_1?=Qlo>-Ia_(AoWhF=e0$?v-667yDSHF#3f=pgp?(|xprJs^}wJdFiUD98# zh+ew=j_e<&vryGNHK+d`1{2M&(-Bic=wH#7{e1~l(5b|tgkL)s=W8hbnc1#WGUR@6 z4BF+X*C5E^C$X&h)X8H7On6*9thAZS7LcUSgIx1$2^R`Ji@8;aXxh#F zuxFnbT*0xtua*Wl3;Ne=A*OC)M3iA~1Q5OFT<=xW5+;mSJ>!_N@;biByLIQ0Y?#~*rTG+T>GGqKqeP=iyOXysT7OBo{#RqKgDF}~79MZP4<7d4YZe-K+T`E; zgX!y=?LCm`y)b_&5TX8OL;hipB)uR$qf8PD9ZmZNcOBCl8hgx3iFv!;1@U}6BX5;+ z6!L;K!9O?B`0=Su84i6A^SQA%*xT`>M$0$G?-+SKdUU1s%^|?|g|Vl3>$8ET_1a;6 zs)Y@y8peG%mrWpF)R5a1gt6zay=$Kiip~)wu&Qld4F7jyDZSs(XuZ+17yLTQKA1HFXt%zRFfvY5?jv-*lR<8EvGmGXs4 zY4oW2@^|eq#)cePibl5et*WE)wvUzE;>S!W-pq?)b>dajMNAnZKoO%{Emv0&acliR zkZt=hVPH}#n@iK|?bA2wqxZNK+aY+do*`G&jD+G&LF}tlQg5SCpG)!y5aipXqR-YOot2(a%#|hVy)c5 zB)3dXI1R|6C^E10%jroI^JWP3>8s4NFpW_r`29`p=4 zNbyM)&#Tb`ka1$Ek0)QB-ayQbRo>In3|B8q_b`uXi(X-pl^E)N%Q3|0grI4sQxA%b zoZseN3b)*(C6T3+Nvs{0iL!T$?_O?~2FPv7#7SBnve!?~WJqSdsT5BFs3CznTxD|V zcc_M3S{=+PQvr>9I#-QElB?V_%p##pmt3=-ft8Q6~!lW3eZPU&=q_YAZmcO09RkMd( zA8SStkgZkzPo1CaG*#+8iFX+p^ee$1UG!p_Ix@TlEDhIIkfW5+z3t8>^hY9NLXeRn zQi`9Wr#WbgiR8IBMq7XRYfAm67ysKND3$@rv^t*b7?HU6TX6Zx4Lrkwme|080*lfhq`$&nV z_F)DU95_DC4bTTEd_rIl5%yfCn-8=W@9YljyvIoOWfSp26{y+IU0w?kC9Mnk%rE_4 zSsr?z3ro~(Q5c4go?mJGo$AB`4x`2&N*YRkG}(vAh%~+;u7%3qXqnmlsd1a7pI=+j zUXs7B%r~xq>D%HbSSZ(@hJ1a$gwXP|7XRSZ!>4M(m~9>IAJJ=sQ=N@LbEo2e$%rIH ziNB8()2+SQ0xktKj^QNDE0M$7_WVx-osyM%Q2wyNs<3n)p6Ws3(a#CqO%CbkvuedN zCi2f*-rwMQ#Awo4EQdZv6}s48;%gKhye}p)a#qO@%eva2zvFQ?DkG;hr4+GM?~;R- zViK`ld4aKZ079|+o&6ot5jv$Lpe7ic-tRL);10||yN?4UmV3JO)b(}|LfjS_y}ssk zi2gk`V#XOR#-gRS zxIf{Xcx6m2KGu*bVjL~w4E^L^@T<;RWhbD{N5&Zzb=h<&m?*w3Gl6JQOmK3ACK3a# zMwO53&*sTG$$oMx5{$JBs9r5T+;`hScxOnEGbs_RzIs5e{6Hoi02Qvjo1P z+kbNqu*2fzp~k@7ApmP?7Yve^!r8$UY@Rli&`ARGYxWF=`IQn%yLs;6S<3nTYV`EdA@lkF*bm;Zr2YA=A+AXPl5Th za}X*yTL%r1yBh+P85kTPk2cx)ZiWOOT`u98&x*;4$z0Z(0S#ETZCWC7GyMZy?~WBo zk5)2qSTGoC`k+^QOTvb-szYmi;BoI1C`&lF9;Y~V=53S+lPbjjJkcUEGe-@NAvS?>^4kgHHyAmATzq96UA0Q^TX(ZbbCC=fdj=h4FsK*Gq3Mc;fQs&&1^s5i9 zq(gGfIuoQ{uzbg-wkwL$4X@4J1XN|0NBdtZ7EPG)Ty2j}&-d(K++8ixFZI0fW_XH* zTqIl4E^&4UC$nt>^gft`4^H!wEM$J2K(GoCLGU%Oj>Y2uJDI&NELdr3#DmEh=J84E zUVfflTX80y$u@+;mytlz8gkb8_A)6D{EM& z1;lp(zH7;urq$v6rn}FuB{iqgwd6rZ>gn@k0_@9G1O+3P`YJ3ag5{a?&bk&Pti517 zE8lN-&HBCZsHG_bTbs7kWcXxn@=9`?ig_(xhc>wwN{o5#R#aB|a;V?^mn@NOO$*YV z4sP@YN4%u#L%GG|!!o<0IQ531szraHLjY9vb}v}v8RtqndDPF)#GkLm0v0HecHU^I z$e7LAw5H_h&#~(_)Z*SJA6_%CM=7$(-|1`Cx7cBXKg3tcBc0MQPU!^by{D#XG_}+r zMvEt2{xn;FM#093MfqHGp+w^VeO~6B?X}w&!MM%q&kSy=n??+wZjZEOVnqxy4+Tff zb!e20L(cMvCZyHQ&a!b(p>wY!;f5L_Nj?3(F&$pm7T2L7@uIvM|D+#sbF0P0{){eD z(WnEt&l{AUZ)MfNEJ0!m3H+H0F)?i-qUj>QuRyq~ige)%q<>AQ1=GauJO@plen)#5 zh@?QkTo8G606qKeUAIpC6DH;3(NnPd)-*2ll9t;MBp+KD@<; z@0G?0A<<1q^_IV&x8-5lC)V$kPIJq~xhy12)3szqv%XtVXoSwkiSaxW|J{>mJe$Bguiai^DlINnq?au+;P^fq5o zIQi;Zw;N}^dqo^+Ky<&-*Gt0uLfgeYAW;g8meAiT+K&bywOfn=B|Nx%!6pgpMyk-H zfwHxf$fBxM*1IQ(jl6GPxSvG!%zLMfAKjvO;{}N|-Rj>~vCKB*e5l@pl!y9g{B_05 zE{$+t?gLpl6<}5n8)zWU?>RC#$z>)auE6p^VS=*~<*X(4RjXfiEIs1$jAn&9gUAz{ zksvW3fj(1%d(?Ce8PVBOWaS%}J5xiPdJ|LDT~vlI zYDi$%AGfGii1p1+@+7)+Dqvi=gU^ob>K5P={K&3p=s{Vt!FoSKqE`H2X<3CN`O^0l zWxE==bis)dOsoBdrb(OKM3y&%$WvgpaLReeuT>jI@c!W^*|ee!@N7;>WZA9R&zXaf zHS1=KO{U2Dvu0+nWqL8hQQJkZQzcnmG5UVoc#7*ih6V5o}@h zxdP<2;V|LaIL#w$$EiB+LobrMt6mHv5=$JC>-NLP5NKLakO3O zbu#L_exVAuyX4B~Y@u4Q)af%FD$;DDPwNZcU;qybK>fxCm=$0H)sH}AR^@WCOHf0d zzx?#djU9IFlPk1_sMbnsnc_J~Ynf!ExyIW^5DDX}*}vj|=rA{j-%SMe-s=`sBc0eH zfM}Za?ZhM(@`nKZwPS&j6R7UShe-X`VoM$3)eRJB-qxpDq`I_6-Kj9#Xg~u+E?M)+ zh(u{y07SCiEouDbSC%i~QPhstY#sh&NE~#K80Q0uit|1$cRCi(Cxm?hShJJXrJI|e z9X@1Qw$C6j``dl^N|=@iUzq@F>x*Ci^Udlz49ykg&unk}KHFla-6fcx;Stn{LTt`e zyFfMvT^)`CG;a;eBv<@c=KoWmrnFGINI&V0ezt5LKH}J4wMByj#?0{^;kRR> z+9}U?%y~ zFs7;1Xj}q)deFLZjZ*0&*~%R&=-Tb*j1ePdVvzNAne#+t1i`Sw%Da!%%5CUpC8aUS ztI%ux$q&TeT$%^=jd4D=vEjRMOF9~6Wpefm*G?j{DGJd;ndKvyT)LCKuA$txUP#!> zwKdCebhM%ciq3C0BvelLJsU2^2J*%rMrb3wzjd(1C0Kk|cyRZ~HtN=~1Rq{rc;Vq! z7U`mThwax-{{3KGGCwzGNCxRVbV4fHQJ?Vu!l}mS=}TU_)#W@I1hjw?Lbc*JLGux)P>8)a?Vp zzEdWyPYx@~5xx`G7j`8^R+%|9pR=^y#c?V4I! z`&IO*+z?vN-kdP-7T&I}g_iA?9vOAkXFz*?Z~Hgsitp9_j;^Ttuc0fQI zduIh(^?hZ5d(VX&eP!9@8@9b;?cCngJL*qp&FyDGPVbH6YAI(fDkW{C+Z;$LMhxw;)MeG4jXO~4{{UBU1eK}G{Hu0ar(>}F(1fHHq5{Z zGNA|43DRdXI4i{2T|Doe(1RY%6I}@++QSD)*m>9eK_7Yaaj1>*6}y^I?;2ibjHtIY6g8DtHtGAKul#@d0I8iGZ2g?{{NMNxaBjGP!n{jmG1 zU2nex>~FrDfZFM+$~0QlgvHG&rc9yo<)E>h+rMQW@AMk)txal3VBAM$_cxw_Miv*M z^eR6&8p)lUo}c>4@(5u_yTF^XRnE2ja@X1a2l1iFkg=l^*>d~djOG5l9~34hLsoL= z)8cK%$@dhmKNHK=0?&^xY^Ghv1tdvvkkBm$&VS zYWxkB(sO+7uU7wui|_BL?uJjf9#g^_1QmCloGhNC9h-wxM8m_svfMwZE7{{d;Xul4 zhV$+f24o&z|H_hw3@fqkgCl&2C%t{4mf%IVB0cR0ng3AjA0I_-P@{?pe+d1(?tifN z-ce0$d*82nyDiv}UR6MlZs;9FigY1_(1M#5AVBCK)x8x&LX!@mDUbjO0U?AI5T&=! zLTI5#uL0>z^vyZ%dCob{d7ks!`_FyHy<=R)V2riqTyvGVM&_F9x4ys6_oalytDD<8 ztD6ODDZ!K)w9Ty(?BJR9a`}|)>;RY9f7ke5%6?_Hsg8dKd2q5tJ??e7rF=dSNV9bA zfBpk_#^Z) z9#8>U0eippcA%)67TjIOFXk(7-Bh#7D152-L62D z)&(+1csDNC;qTqEc4FHRgHi0LvA95ZAGFJ^60nr$Rw$Rw0okg+S|!Z+)+s@q%ONF5 zp|j_(khqR(IeFQc9-hJgTVwU4{Ms@_`w}{kN(jpY_b_--ddztp^#`ANlTnF;)eKK9 z+34Cqzv`dhVL9}sW?|w5J5j6q5>wa-NgKmvtsa3awPuQDVODJF{ZwBD2R?k4z#mQw z&AMWUXo-k;Q>4YW0TUTYqQ#R6ji>1HE#JSqiv(poDzt`Ja?tLPnMKMfP;m?(%hpPR zajw*W$}V?so76HEsTex`^PCM~)6vhgry+BvpV<OISbv9ev8^03TYt4T&2VjkI7Q8vBbF`t7ZMN3vbv_k zt@J*BFn4jY>c#XACxTpLtdg_fOvcQ&i-4BeR(=^30j>)~CZs zjeaKY-PgkxV2v8!GBG75N{|DO@JCG9oQ~?4&B(gwpKV`sQG)pP5`_j6R zLy20ICYI*KcxZ9}U2$oup=p}|vpPaX`$k9boQ`sD>)_ONWrl-c6MmrN%{ z&&MpaeC;NNz)RPdKpgi4_$3()u%ZHBTkUsLF&sDTmCB9Z-p#W0wjLvoMNIh|(sC_) zWU=t%5Q|iLilm|yMDU>6joGSzgNmjMiA(5NBYao6??&u2>p*U7!kHDGA(?#n*>!R{ zRL=ajdz(jvd_#;b4xwpoV7>9aoaCjZs$HaXW5o7V^AQxNM2t$QyspnzJfZ`-icZ-S z6#{>Pd|S+^RN<(9d*HIs*f*=a>)D=eTb@6f5{qNQ5CA@lW^`vKLl$EJYs|yudarDV z=!?Tc&8g6RrSKvnIxra~p*g4}3&cx<=>FU)wPb~z``|)|*K8b&T#m@)bqkU8NXQ+? z0DlM?7&BqX35mQ?@P^S&^vV?U2Gc9Q$QPY-%M!5{%J+CG#&-@!qfRzwAw3hLB0VHa zq#IHhKF#_oj}a}Edq-77m@ z&8pp$l75spY1{H>@;Y_$BuJtyqcI?t;Af2%bUp%0LRwn0tq&0vE?J4hQ>^j*P68FK zV^#0bYS8};OZ2^Y+f;===JCIbhyQi;a_&yD{55LuL2HfRN54i#e34rq6Lps&x~CtI zCn5?9xii4o9+;L2DtKCSY22QQx-XTssKJ2QEJWTakZgZiaKUx<7t&ZTE-b1tSi$OB zcqw4y8J4d-JFCq(mCN{^LTv16f@$j0Z&p=x%&BrW?|*IP4tydiVM7NZw#j{hV-nkoa`29#m=2Hwi&hmhNIySh=C%buhi-0&F<(XFTyVu93E7>6+FfbtNkkuH{vc`yOg zqzk8?X<5@zbTli=}z|2F_Me53#6T$QV5O<=epi8LY+h3pCCLBcpUWpe|PQ8%!O24L8Bl$ zmE^w)yySXh@ETGiv4I4she*b8Mp6&=roMdH;wCw~4XCw7Hvq#3F(C52qoe5&D~H=X z{X$?qLmh9dhr%Z$bf9Jv>-NA}OvuW0t{^xi^{U*eKLZQWvX-GHpZcBUp4f|V^QbEi z$Azw_@5Pbjmi4AN6$9u55t~^G+J2F7ffATp5+wxMlDxIA9I{%Mg=@`j&@{oU%E3WV zThM)M5W;0)jVv!g1`H#iN=LfGvDcM;Vcs;On9DB~)z>`j6csD;=V~Zm8oqPyv#$)d z)xp(EX^p{>_R~R&$aig_pGnkAdql;=wC-YTgN>bnqphn`u4Q4arE^k{gV>JYW%>&& z>3XuhOa+wzMZbD>o!kq8&C8u78U;_QhT~PLolKxxn0PL!+`>(BvQZLZ(85rRwpwB+ zQ1P`s)=p+f+j1d6+OCJmPzB#(+Gn|DcU7-1qkWX5Fuhd;di`kyBdY&fd0df-5iawV89hUC(?rZ=}~&F5+}CCTT?wW5*;w@$ds#J>`>1 zeDUh;g*?pM`}rFZAkW^(Scmc(?trC$i^Y5XUEhZx!3maR!3f#&&$|tUhbQb=B`y_D zu?I4P9Z?_C(haiikrRt2%Sv{-lY>};ccP4o8jDFHF%2&-Ea$u!tzt@7GrD6W;6V{4h3ug30ip{o!R0ee!O3^6Isfb?pHTS(}xBN2OEOajT0R;PW-ry=z)ZZ&Yi!4SClm@2NAu zJXCkS%cnS*i6)}0!lRI|qI_7!zET5$(&T~9JG$35>sawvRmp2@I zJjxrpdrxLvi>DzpSxbF-IKHzlx2sx%@y|A}z-+wed=@YC(jm{*mFAFo3DO$pt!2l1I!e_}!(Q?fEC!dzUK}VMtayFlU0Tp+k}zrPg|v5KUK1RA zL-y>fCZq1dXleqC#ApL4!#E#xVxjhYh>GYjEUxE9NdtAUa1#~aLJ@9K{Um~fBJ7KI zxs**5D8^zQI!P%b$@1~5hn6)tUH0~@mW%}WNVOml<~uDnC4p#%nGvk~d8G)DxHbzD za2OlVNab>uSi=qG7uI%_id@UhQ;U-ZkvJV|tf*qhC=sHHsmJ8tkeJ2jd^(Xe*CyyB zo`*VvV+-~LO9eYVj~SuS`lbK|cCo-N0LZ4cSMuxVjfG#hA*wp$drcjtbx$0*saDn< z6l>lYTi0akdTLsh)(3mNR5jhjG!+&eikrOsWZ$)}9)@HjAbzS+`Nhj0Twi%JQM*vO zMS;9qyaz@QgJ&&Hu!A)jzLnV1fsGR*;$%BnCAL7GlVyvRXzt9 zpT@daF*aGbx#`Iz`9TDi^b6`kUne{;bdKaVK8BaGOv@U@P8cy)m4XwYhOQ-V^)Jij zQ*N6?Bx>Oi4z3#0^3P!*ZbRZ7^k+A8egw`N};BV z3;?xN&Cg_y&!R9i+rv^txoj>84c+6v1#!A+2%U3CFHc}zPA^UMdBge*J?G*%OxnKU z@nj#Fa@zN?u>~*;cZw$^j{iKD){-PtTxsxf~9w}?#Fm>k2GN<9)kASB0-<*w~$13tSoIXn64*lVZ4o1yQ)j~@1OR0;oSK)zN(RpI?k(tFJ zm;UVqn2%4J?gs{zjw)qAbfJBr+_&sWIem)5Wo=hG7P%*m%GW-;{`&XR`z6)mx1l1> z1WC?T+FV{hU}!1X*2T+ymJ@U@<=a<}G{zhO^Ah39hL_uIxuH>NjH*{wTnkBYlo8pk zrQT)Q*pVu(;pLWsufI@QaIQ=^*<-dyw&|2mpV*%`xCJdbfjbcFNL>I9?x16|B7YL} zlp$sJKXf(c6{)#?X$N14>6H8H1}0pvq0RP~m}db=U4elC3fjS8uoVraZ$MxD8sYU) z5=X5x8ud76UTmni?_sRus$CnGB9BNe=gJ|UKleym?*bX1TGnbrAxcvabUNT9Mo~~4 z$Ow>`jw+hL_xur*WBo#8K7Pj%>F1$NhnEV|(S-r9;;cZt%zOmMO%jfwnJ5^_J})bY zM(pgyzPqV5-Tsfec)ph@4M#(NRkye(cE(3AyY$%A6SaQj*oMlpn6J+>bRzxk5ZCnN zGDp*l!M<_$)Sf9F)t76Wdj#akjep_S{qx*K5Wn%)aQL0QH%{CGU+Vfrz9cB!F^}?+ z!i61@n)>HO+EtFjagtur9%qMrbtE;uQqOVzUGF2)%qm|skG_{2&$@phg8yc)GLw{rLAIp*-(HMJ5QoOQ6%mz$WzJHzncGs-5< zFN8;bZ}aaL?nU;vtX>#OC_8J)ZZ|pqQISQBk`_uwL@lZhj_SSF-~0DX|GDP(OQ}3G zX1A;p>F|u;uwU6G<9?p==x$us?43zdNVy68?=Ivo?SB~!3OPo1^MV7*7bpfdnQ`P# z6L6aP^B?r~PfL9+)pY*zQU3k%|1ovVFE6RlQojMF>j>u~DLL9^p-r)5qHx@D?(M=K z3l%V$$Oe;^V)bKJlMlB31S!(ci;%Tbv&42 ztKC^Gc<-YpH!69vnr}2ZnYKs#k=VthRJn~YyhhMcf*fGH z(n8y%nenDd$U$;x*!Pew$?J2$W{q38o2wcF?X!XOstM=y# z`}AT_%qBWlDjr*N7MOVQ*OJ7{UZ?jv$L@Ulpd#0P&SQ-`M^(<0+P8jtt;3c*X*tOf z?Pl}AnNz=gw?5g?vK;7eKhdCAIW=N1S6FZARIw>6&wY?8c_E&=B_A%<*Z}r*+J!-o zO$`|O$M*q^@=QyF^MPN`gtNh|oS;1}sbX8^MV?QA=DJSkxqO`NzKPJbiC`Cqqb&bg zYT58Cei(SUgE@6WbhEFU6;zVAO=~kCmbxv?py)xler?+uuKv{UY7%Fp1iH&3iNp+% zv9}^Q>NpvgSh3o?BursWwZ39jZesYKG$4VYd}w|Z)tvN!~6@{l$C8= z5vfP%wZ>?97n_Y(Pm+~==AGIo1~`qW8g3J$w}}okK&44x#kKvi4b?jJW$eVDg_Jl2 zV|AOi&ED}&Hr0EO)c_4&$>hL$i))c;md<{}NnrLWcu|-5Ku9G?V0x??fE!xFoH*<5 z0#m!CzX;db*aSR@f-Sy*hfkBxjl65?FVJeko0;W3YS9>#S)KkD&TLM~w+9Pm6ehOo za;D0Bw9-LNVeLuDmTrKuA*MpX6q8Kzz2YDH9K#XOhhZH|T*xuHZeTM=^{9FtUj8*Yv5JV2jvpi8f8}-gIElSfnRN` zhoJzU$K(aASJ`S0u=lMmGu2X8Cwnwe5nW_W@Z!2+CV1py)+ZU&@2-sl9`T}jwoy;xG^q7 z50713EsK%QhYDk_7dMv_r88tK$Jb|$NPy$751~K!bW13)7C73AF5w=5qm-=SCB>2) zR!_Z44rGEwmI4MPxQPxzH{I{Cx7hX6O&G6|*2quHVM>iNxa0TZ>uKnmB)0W z;L|qV^x)t-I4!z87Hvx@YnNsU2z@#K@Go_;f~l~(|9+_cTg~|{>C~IVA6XwDOX;%f zajRhivuD;rqr+P9L)j4=KwQXXfwfw4MO*B7T1*8CYA4%D_>h&7}jz2iw0wy zJv0+hk}VQX=cu@rWulAet`ZE1NgsWBEDC>n0}GsWqv?*lf>H7+;fFJ`}NB5ogxh zVQ;t8f2#&AZyoA;B3s)c4&S4|)DOUX64tT7L>Uls@BUm+UAja}F6l4PlC2Qe30ExJ zQ_PH0w_uI>$9;%#CKU4l=nqW4;zCWuZjhb2+J&2 zCkCf(G+OM=8ct8?#A#bA8!`?z&zRc-ZSU@0CxjlS0+PE^b?2?ZlyWI8%Ud%Fx&?w_ z$otAs#=J`2N-lD+@!ytmw1kkB0!bF_fQY-7@@_QZFTSri^W>H}xrZC%s%5H&Pegcct}K1LNh)w4|Y=7)M{o0W{ z_!hn}gk4j&M(z(^I4DduG^xcZqHugE*fx|W+fCtNWMfnC=$H|vq<;*AQ%++bF*sZ% zi3z=Rt6f-h6;5enbATB`G7i4#F~;bf5py3vSOf;fm2_)U`xH&ItU4DJSz@C_rk?g? z6Pe$9R${tmW!)e6s6?yxsuMOVC_JK62skXog9?9-QF_(F+PYKtdc8Z@BG9CCxa=Y; z)#%z8qw?tRQkP)iIluzDBsWZiFZBH-a zW1>(gB~gnLgmG8;8VCx@sn18$eauuj4*T_o9 z^09_#>mpy6SG3CzCbU<({Eso zKE_|WCklAs0dlvdiDjWED~}hep1!t4m@1LhV$}V?w9VFS9=*=}S4fdf9e z7RM!*`?LvMU(fSrpu}0PiIqi-Cp#gN9t5+5W>skGg8}^oVKjDUeXiMkV3xmiVJI%5 zV&vmD${*eMXlX)%X5p0i8~8^j!h^k##467NKRMHh^y`2)xOAiWwRz?42)X9l`j>U^ zaJ1Erm!Kj;e2Fz#+0Tv&x2c0qQtrGq^tX;~;dW-AC&~sb0YVLf_e;?lzBN)HXX0~- zHs(QyH&ee18LUP(e>E1{=kwAtpPWh0r-J-ptnryrJk^WyF7lT9b?){ErOix|O3W7) z8?uD<{9?TE^WWHaVZ7*7vQ3hCVr!aAo`zX~f z>gva>(50X9!l!(@lw~Z@p}Nh*PW?JaJYF^{I(u>bHnolh<9DmCa5gp|I-&GInfolM z_jWc>k-P;!*8xP4Mbd2#U{rIOM`bgY+-lg-WbcnTH$Xm2-hH~)5CNxIPmDL0VE9xh zGJR@L?}e7k%0q`BDIyu&SCmXoS1Klg*uifU$jtOw=)+xzf9uq!s$gf;W=P+s2F?K- zS1`eMB*&0l!+aQdL6&5m-!K?!clj}^hY+2SklliHlB)5oBU*|zIE3$ayP%c!!2koD zN%!xHjesWl6cs6uZ)=j*4RT-C-ci{d;Ly#X=1Ay~|0JIR! z6)Zl!HG$lCxt(L0bimH;kN%`C2gVUWNSTfr?^9$#ea zC_Y`1V+CU&#y$QY=^+=9MF*Rrl(s{|>_h!`5m=iW0l|(Ddm2E-DJRrPPAF zp8!(#Z%PX9q3bt4;iuW`=joE0!ujfl^jBHtg?K9)V3)WzclPT|Cf^Sq>)bm)2cX~o zb3b3|o!kmH1q1uYSF@ay@{kE_V%SW7m5pnjpTBdEN9S)m-BKIi@3^Cmbj>Y!IY8Bq zN6hpS@=SVyMZ4(M?qO)Euy z2_`67r&{LcvE8`dx(dVUI;E*1q>7BaVjCW`t0=TYUVj&R@1|w25`5pfu~}RsrfOpe zp90P*$8#W-h@cn8;p7E%hg&Aj5Fm59J53+P>p(hm(oSplTXy5c3NX1@{%0jdZg zx-he$VVvuW(>-+-uA{-Bo0_xJwwqDJeXG8$!d7wx6TwYX`c721LvHOdy43)rvQJ_r zDFb~AEjMhW$W1rj#MNT~)|_SJm{ME~8|S!JX~~pi>+VqPil)j8#tz0h zENP=kocCkTXh1U}bAg9{tB{KKK9UY5jjNPwU#bor1>vINz7rp5&Xx z?=?;nn`m|5MwiU2osQdouF-$QJVM1Jt=SwwJDWd?A&+MKV(FZZ)a!ct;Vm4qhN9-0K2(!l<|F}}_e9+^@L9H!yBIPrCM?Y|79hO%@Y zK1S9>FZu?jbQU90U00dow5H*<8oHb!DP8wpKTuQ!uZlB2i*<6$X}ln4B}Ec3F%NRM zwMm-cE>#U(RTismIqfR(&v{~x(P~{A@4Px`E-TSYVHNNqX|XrzR#{2mOGbgn>)K3x zC#gPCaUho-=ECCYuX@=}hJ0@=_Il@TheaX*7p9&z0pg7at8A$WfdkooT2e$$^9eL9 zrpkf+Dc&EI6fPdHu9x)&OPBHM@>LoOd}!*j6#3GU@nfgE&UEwrn8G|Sm7rg_->@0{ zN~Zoo4cx@4_@D@cQS+85$)Cde74V{imd3^2AzeRQj>>+s$7{ihl0wb+&ht>kI9z|8 zy9TsvKuPtDLJ0bGzTsN%h~0a#!BHA@NHdz4HGFs>cF=v?oP~3X<+t=q>IJk3^09p_ zU0Wu4RZ{AS${5?l11r*X=u^t7r;W{V@Du^NH)>*9I8p$25JjN0Ys$KP>jWndu@5$f zKo7bE5@QpSo=Jg-QK|B{MzQ63wY0;w33*wc{zzE5^Arc?VOx*As`l?u#@vPDgh0M= z58S$)@(2YbZ>5WQfP3oU-961jOzc@KT+#Vuh~s&RZexB?M_=D^d=VMH(;OxefckF4v@6%nip6yZ2 z7w&TuH%J%uioTP*TFkYX7!MGX`cPs^l)&`vZW|8HoBnkGj6i(C*|1DxMOXq$Xh6{X zVNc;JhCWPE&#m2zks6VjAl~Yoy(9Gi*(jgivn1xQ<&Qe{h@4-X(g~KyLuWf?qk+6@ z5^E65=KEIJ$GHa z^t9why!KsU3EL8&Yow8Hr(*MjDgG@Q?6F2Qo2m$ibzoqHS5+Ffl})(?QV}~ij6D*6!jcY;HT3o(-*7E+i zXQuBXr$iVLy=EpH%$b@?NkR8yew8^*4AMOw-;|tY%$6^MS*jG+|9* z$=|0br$eh{3rf=18=oCw#j<@S)@#e1ua{JA%L-2lwq5jXnCFz%I{EA%X~LZ!cf{4} z1ERRO@OJgG=W)seR8`pk3pPx=7PG5HVrPYRfIKsqdXdmc`R+y^|f)aDGR;n zo4ijV@;^{UI8|_wD=|w%%Y(x!k@xm+cLb*wa7&!|$v@jlo5W>L%ETn|7UYStUa<%fvhSIw(ei1I zG3>Y4$B9f-6IaDn=Ps86J@gAy3%XQn8WY!~jj&z_=<1Azd_W!@<*fblT%oz*dFsMH z<_7=c(#~%)qd(6*RKtcgee=vo<2^sR@$a`ke~Y@RWWFIOxo+LJC7gx-hdu|8*}*e$;o1U$UC_UZ#Qkuu5+0Kk^dF*kH|!zjsH5 z^eufZRk3v;^%~;%P9V+i#@Tx=e#?ET{o>BeFqy7V`Ag;gAZdA#!PEJq?cFv1$ zjm{I67nnLp=svkJIUX;;8QCynA-|s8RZ@@Q3mPi`Pey`Bxpy6*vm)%3Q3NZE$en9Rr~1EkCv&NRPm~z8e!31iObuA9 zNo6*lQZweW`NSlr)dxdqzmxXX0V_h@c|`Vr6ZuP_ zo383bE@WRIYJ=vn;XC+7*;{9p#O_0DQ&#Yqe_chc1lPPfmR!CJ}M=)SfCl`g+DdGR3D zUbr$cK~*Gb3Kg6O)cP$ogn12wMCb{NnIiT&pW)-=+wb zi4o2$B23i9_mULm=@LBlomuQ*LGTV&Q5qp@*aIqIL9`iUf+2;je4KcTh1Dz030(s$ zp;)tQLTdl9I@kHtt&XdN#?RdrBsa_KNZ*V)nL#b&CdFo>T^1A>;6cV4$+Y&3 zC{T*P&0 z#~LMADn)y{u#n$J)_V*~aQ@cj7w!mJu%7MvtNU^#O;>JV5j*H9@;C_=Es;df(~{j8 z)hK?j1_En~Q{_g=Rx;Ecc8##QbW{hJw~eYQ?RKP}U5F&PK$tVi2V{}rx(~!CL#|3% z_;yS)V=RJhLaG3-!V8op2@4E;7X8S#`-#a`IbRBAe=ww0P#W8o?xQUhsgYySTOZO< zJr!Po7OkfH&~AZqPs^tRf_F)eu(h7z_GuI)96(2RkE<$wUqblq7O6A4fEdu(2BLAf z@y&Lg#5F#Q9eUBcCd5nT1Ys2O&g-_;phUxklFLrjz8dY}L6)rBpm4xRZ(1UL7!_g| zusGv48P_o!xciKVT2+iiWz&cdJoF4KOhpR{W9?lCz8q+1w!K%j5PLgcsnW>qmbS6K zPl_}Cz?V&mGFlObalt}M1s&XA^$!srvjypJD25jH4rSZ^&3KhKf55CV>xopB^2St? z+WJsPnZsOJ;%pw>s4I0LA;bN zW%(7%SS;y-2|<`diAe6}K>IV;H77}Hv#VSfbOy9?;^plHbJQh+8-la^?d~V2c@d;0xYY2IiSK=s-=BpEA`I1e`fK1vhT71++@ zi3g-H=(uP-@$(;9oW9Y7OC7fLqfI8^+f9}v86mKM!YEso|1 z_VH6mU24~sMam!bE{b$qwJgcl(DDOzEs&+>k8e>6ZS%Am*SnTi-bObjB48UNV(L!+ z_lc7Dm(#ocJ6~gJ10-NMI>4d+AHXSP(U5MSOL~ULw>HWGpPcKenIVy$WW=DKI zCYv9oXQ@p~@O0F04}%Wb2_`)~Z`kY5J#=k4KHzB}Z&fGaLmY&OS3g7Rsg9!}@x{ZV z9M^v1=OwRMi|IpIa$csSddX3vYp6cLbpgH*>%i{ofY0h(?|Zr!#l53%QTkvwJ!h-C zd7^Gc%lvO$tW>|&XgfPu^oMktxYlB^eQY^wvMWEf0x9v~365Mw_v&#Uy07F`^w@-B zC|8ArY~>2wP~lsj2;=Na&K;D{3}~1(U#!bq^B~J;9#Jh?_XPpV!QQ7z`xCOtA+ycj zDK7?dI;}_(`OZl>ISpmd+W3Zp??qz1?j3e34o1aNSl}4NwT~ HOGLD%x-w$E{ zx$LC-F2-6_kM^~#?qHRM?e*;QMjBEHXf2iV7Eg6l-C zxE@}!!c11f1v{#f(JP-mjAvRUd(J$tPN_93*>o^?L432*w_O@N%&YbDoR&eC8Wj!a zJzD2Ay#-$ltHM~fV5ymDj0 zDym8dMF%;uoLs{$2@_(oinn4S#3y`qq}@a_6OBlNQ`dFq>F!f!YKt+P5rYsD>QcRH zW=#)B&3>vozZ8%ym=P`Vq(RbVv$1XdChQIo z#u5s>KEAUlJT_a+%}U{)4{>L%^BW1)oyk&hm)NMIvJ&GC8f6Qd&9DMb0v7kQ5hH6^ zB36_XST5k60tR700!C8(GWaL8o>7+qV|-*_ghpq1bf2vRP)o+TE*K7m0J{tsK?vc@ zw+Ku&ELIrpoaPn19ztw|+zHx$K$e;OYBH1h;#Ur=rE#|kCf+G%R=qBU3 z+POXCZcov)Fd*=dgx+oti-;VJ-$rmNidVuR*J^1R&POF19s2EN_ZC zh;z-MIY4~RNp5SL7#=oScxcnnW_8%2w*KRZ`m)%mai5(=QA+XVC7y@b!2Wo1P04f!+0)ZD@DjKaRh0CQtGsm?S=|~eU z6V{ci6gm>OUD=yX_HLK%qtVDm`3fO{eVH^0b(=*L(e}mw)9xy0=x?*Agrb}Lxn43g zu5{&=DzLe3MYjZHOuMYX_-0J=sKJ8LWZ-=X*h{A8B)_a8k2JRdU|t)BW*~5U_Z+eG`~+2cg6+75TQjX#zba-q6_)S<@y1TpK> z;hr{18`O$23dnL4MC`-3L|zRdZ<)T(0GPA}G&3eN3aKS$Vdc?_yP)|RpSJqtHq6`1 z({jN6WF%)eKC6@ZmKNX(_UMS#@(13jyFt>Lo@O0SO;FCe6GBbEvdoW$UcvR-k?yWB z=BiMX#e#FId1@EX4MLcXvKb*0QjINlpZi%7PX|t_xJ+54SBci|kkk9VlppVW)$`Xo zOgJgw%v`9f*{n)qpkT`6xC46!v~SKwb6=^9vmW<7*&{;EBT9WPJEdRZ24?|gvZpVq z>Bwo!XO3`qBUE+cYDzA&1kC=QyYK&*k46_oYT8}o)}~nsqK*Q&%H5=TSo<_8cjOd8 zUNreXeXkEhN$kwjPMEn}69yG+BnCR#P!x(7xJpFInKUeqq<$RV)ohylvL$dDgiesX zT0Ss*sqXc(?!m4hFO2Q^hvJ*Qml~33OGuSriKZvdc$aPl2~kNhLB){pH}6$@d3TI! zkS@E=>d&q}3dvAi$n%sLT>9XD!uiMH!;mhuY1aah#`>P@FPpy~CWSSSb&!#xE3otb zw+|;TcKpz~T}iw=fMrUdyCwhG%4((~HB~1GKku}XQI#0#mBdu{N<~6~i6oYo2OVqX zCa00)FpXOBYe+GY2@8lZwoPHDR|kA~u?6#$1P-6JS`4z{TY@4*=w^!J2+Z3YB(w~Y zk=ZO5oH5s9ZP-&!aHQY``@gMuOvr0t7@Bu+8n^kT6ixM>YOsdhyR0wpE=uZBVbG1# z(0gPlIlsx&9P`**TM8?UJRyFJ6ely2jd#xU?C;IpC_h!J*IBQxcC)5PTQ>#*`=Aof z8*P@h93WHz#b*)t26$5z0#sA>-jH6~qNVYETejZjbvi3k03WMbe?2(M+5LI0C%y3I zVol&|`lkmW*G`D1PEietBj0rr2pv~`o)f}`^3LG%7JG&+?NEu|dS;ka--JQVDqE(x z*TeZcCgvkwCR0A$^c?TsSzJAT>@juZw1wbpQ7ii~Znt&Azlm|4=H1-XwKj99W@Gu- zXYbGN)tld?4%=?p<$+(ie>{v*nt8i@P&@m4Vc+vL^}zRgUGSqH)`8(1A#+h5`>{>c z79lM;o~@j$ z)YGPB-q;=$RBVts>xK$vFVEDuv01q@&n=mUxL(aaz{sb$c;s4UsH4UWm@O4{<@64u zbQb%XuzQ`84UKhYmr!e#*zI_pdiTYZyyM}~3=Ch0-1dfY{APIX<^yL*;4b$0zz&CQ z3r7zyvk!t+svU%s=G0}ZYpq6qhZ=ljU5k5Y=j^_IctPqzCVV9MX(i}dl&BEvyu9f* zIZ>m^iMu(Ru68on!gkN%^!%0+uIMh(mHVUNN`~9~AvADe=VVQxtN)InBBYpT=8x?K zN&8l)VhNfZ0mViJ7*zuYDia;q zwTLcWXt_V6%jctq^yv{u(icn875JE@D?mqYSvsXzXx#1*yH|NDO6nGWLoY=d1dKC9 z%8(72+n6=A0PLDN0-8FeceGgkX^^@3(8#K$I_r;qitm$) z%PQE5Dl1`DJfFJ>hcj|N&#A{^*>@LDsv19&Y7S?VmSv6*6-|x_q>foV=wR=0jpBEw zCqlrjPr}Kbn6{E${)tAqzWhTRFwwZ=FWL59vRC3Pd_Qd61v&0E{cD=TKdvL8@9g;z z-D}8WX7g>_+1;jkb<|691Ec7f8M-v~Wts3<`^!kHnD5Wq&sL@d)pdTJTSn%UjO~Ff zb3~i)d(X{#Pq>7cZrfe`{EuD!eTm^Me0KH0=NT`FJ3TS)Uw=0_2`N57@e({%(|=RL z?7cLpTR#NX`dy^_y~Y2q@PZjd<|GmqYW$=LNGsixbK^+}0rlN(*|I0@J!d5p)?L*&qzz)(a}?h?3|4^RGO}woj7& zEP(BLKlM0%kLSarXI>dqBYWLE7+3iqNa=f{NNkp*m&MWaHni_+$Jm=GUm1{Tq@FXp zw6DNgS53U7dp=dbUn;uNG0Q6{<5t{a5`3cr3`cH|=Bo{B4Dz93`oZHzP0}N)G)5?n zZi-#*&-UI*Ry5Jk?lMK<>ct}@vN^YEXPXR!tqbH=7#5fn-cU}oE~Uo*Jog!yIe2~E zJkZ4R54gUk#2kmMxYTx$#W5t9dUbQ8sHd&xVhZBI{$uSDfn-A&XMdmCSUG)(&P&!i zgYvIz0&v7v@?P`nkuV3bgr~{Rlp;Khf}~(0I6YANT6C0qcXshEbDQ!l-}*NR0DVVfI^|NWgEk9FkxnaEqlb{yGDEc7EXRa zFN7IYw^aU2xXf)6AgjCfERm$w-Ia4enqdMf6%8nsh7wv#Y*OkT}bhfHVD z4JJRT_CMMMFD7nXuiJrQ+~cOIox-RF;3BT@i7v%}_`wd=>6N~^+kZ|iR;JoqArg?zI&$NqyYLi{vgLJB7j0g6Qy6! zl0C=|GGlH}SBFdX?$?KCT4G<$xlL)Uu*T^vSh8!#>c9H(Nf7<92&dBEH#||_^`I0; zPqaH9zhJ&DH{bM45bgKm1tn+L`YTrwwWszCIL4sCbwmwpTitw0DB0Qe`GVs6GwhiO zMpuAr$T4M8#(zDjr}CE!+kgID+?0wVb265Bij2Z<44n_2vZYpRW&PPUnl8bqx%!ww zjM?57M0riK1l(5AB{N9q$ON$z4vs>I5s4U(2_m{Tw!7!nfj#*R(#t5(`$Ey5RWq@; zY(s=QTDR)ML|TjPke-v%8{WhDb z?)+I3vzm9;6|ZVFj3G#@6qto9*#h4w{vNx=LfIO0}S%2 z5oNDh4p2(wB!4aZXqjA3Fn{{GTwsm${DOp$w8x0`=?KFX?gf7^}GK z6PQ2@$&UlO6mLp5{=YtvX7G5wAotkAtrUXk+OK$y0!`FvFzGcQdP{pvGcS;1@dQgY z39`B6!Nx>xU#L^8bQLYL*ATOcC@zaedoQ(Ib7o&_oqfZTa(I@jJZ_ZG9y+}Sb^CeF zVN@n$WVN8g)`4z5h!A}FI=x7~>qmOBI!)biX&igOuD4;tagNTQl#|_|(>oQu5V1%) zaUoACm%%+zc1+bTUqttM_5~&+80) zGMqalCo|Jt{(Jp6`wg{M-Ufg8y*)W7WD&UGKEFQL}dS2&0ot_ki9a=4j4s4<*uG~Y%-ktO+1mu&SoObJFfR>I(Y z&kARCN%<;qwO%Q*ULG#CSVATrteNWJx&v0XS0(&T~i4? zKNRo)vtV5W7`H&b4g>D>xR^XtWyl%Km9}-rO*O4gBhZ%j^H< zN>2n7eByi)qKAZaPBuv!klBG|t(qV+|GD}(OvTxO!oCeWQ$ETmJAYl?`Y8S@MeEXi zyHcxpA*abpSd4UVTz3nT%Ku{TJ)@f3)_!l-a@nxbL5fSNbRqQSQYlgbQW82y3qABM zuw9}E1dtXWp-4+0G$B9;p)9FF2nZqc1nCf(bZPo#pZ%Qu>~r38o^w9E<2`3Q`81Q< zxyQU`#+dV(^Sb{3U*&VjIBpvr2bQswiZ%qfsm9Z~dde7BWHfo@nYzA$PMXH5W(|6# zHe*!o7`6eNdBe#td*-vQ>NZj6avn!>1(P(Ft;ZrrGfO<-`o1O#I*}2Vt4{Q~e$;!v2JU`;_g= z>{IEz>~27(`F9jz)W>`+Q-pG4iu4fbltXcHdg;0-~$_~g=usxBrZk-CJ=kIkB z7C23Yn6HI=vfPMQ9gCC+wI5swimFh#j<29tC-|eUgKRMvv5tow0(se;<$p@9H!K3C z+Mqv-sIq8Vl3g_gz?(4)3TE)-_Z$toLfCtvU9~B?VhOwGCO7?LWolN5nrWU^@y8c` z2FdT)d!QfU;TXabJz=K?aO6{o8i9%q*?9{b0{z#YWkc!(;!EpC%WA>F8PxTlOkW8t^8_`tD4tinkG{VZvd1uPQ=634RY%m-v(frQveE>;s3kX__r`z(po#|3YnN z+Qhj{c@@R>k5ZzWM;lY;g}`#%xyTv`eB|pQhLS>QPovCg40{|Q)8)E~n+iDGT9`VG z0+H=NAZ2H8w=9;(%B5wY<|fr_lUickw}cy4$;Vc#c$-8BbjycSaBMkGod*B?a>KbK z8)hDLGMCQieDh}YiyM698lNLO_SfPzUUE9gQ{<);hrm9iTBU#ngiTJ}hn)t!Qd2OH z#|$%K=6)nRYvWy!Auu;%kE-7Rn!CbUMWaG(RGJ9HP#w(1IGeV@6v0S-bE;YvRVffI znvW0Vhuh9q+umKhji5hol%UqV%i@-hk!;Le_+*Rq!)m_z%q zFR$4=`Yc~lYlPiAJ6ftfK54<39HK0C!Dk!c&klT_r)oUjmZ1_#vE*ev_`&+6i2wtu40Nu`(Fg zrp-QchQ0P8%TBO}JtMANA<>&L$G2}QoUfkoWSUI*3|V8`J93h{X4;Jt<>yA9Z6r%w z{`W1`|Fo4jBr#WPp_U8H%vFRo4=6DINv#FBn1OVR&}HMvgFED|^*gdztgFu^yyMv*`XYgFH{1p8{>@Q-K-%3{UU=@w9fZ4qq#!@qMYTBU zn^QTgI$FhV6W+GeWwFMs1)Y0~C-wsz4j)9}bN?6s)utj;+fSEd?;Dnk2iEsW*vFQ^ab&p!$#3aSfU3qLpRUN>@IURrUc zu%44Xzb3KxGWLWFvEbpG7UA$gel+wrKi29yZLX zRqL#Lv({>0Kr0N6R;uF+_nSH-VT!snH9cYNq82vL&LlgB0;Fp}fHxN>~C)3X^PRFqy{cHg{KDhmlpRS}L& z`VIifeT;3rIRe*ckuaT{z2?m4y?T;`y3VmjP>4zwAxLT%&2rixw2kjh-LkZ*Cx)M6 z^?Y5x7Hym#5jM>5j6c~iF76avrh%f{tT57O8X|hbE0X$QRkina1C!j*{#m8#9>=K< z7}Y(22L;m*9=%?Tn-qnvUS!dO4vF||)MJ;>Pzzcfrxqpjo`!bfByYWCyKf^9j}4K) zG;fh)lQpoOkQQeWnQacoDr;*h}>X4V8D_ZH6 zW787aimT$@^L2%3&jO<=5dG??I9Y$bLie@e=XMjf_jzo0RmO9@M)#=>F*P&8TQ+zg zfuo8>(BV;%F)?B{G&Jnm=pnJj?gCl42DzFYI1X+COlA$n>!(%;Y*sjJVumBb8(yrV zJU%`YL2ZiVfr&QW{dcY+6 zbHdbA)~^ll;3D|hiiLoY?&vwo41ePx+X6R594ChASb&G!CXz;=G zxDHf4f-I2VjotA0fuLyjkg?HZkRGzdY+U`i{k1srv^zm(;KbMM3X_F(LY2}yA z$g|amG=ZY$a|4oXi8Wp)w3IeNI>rXqthhVr37y^~Ypd9Vh@oUGt4EDUCh}xuvT`_{ zVfW&MOc#?{J)vPM*CMBzRg(yjHP9Y=WJbs&Dz}xx1Kl`@p{Xe_{J>yF{GM)JOimK{ z-#;ss4xy5~b^`#KPtk*8>&9~9`xWm^Y78g4Hr%b2x;gsls!l2`^!isjW^n<+R+pZe zT7B`os;z?Z{R>9cZTp=be)DN`FrV?$YK_uB06;q^JR1|@gjh#8-_l>7s<=0+ZFykL z6SEfqsc4;g>kFKyF(PE=pqvCD#WaAgAf+Ug(R}ers(x z zU0RJfm#c?^212zz&QCUM6DX}5L@(_k^$)}Lpo~9W_?S^h($QnUk48CffXNd^tT%5H+0P-EwkzlDM^sNP+Rk z{ht?79t_eIOU5+V@4AXl;l^aRKzeap<;(R@%=n~h|nY%DoI<^dQ|qejW~ z-ubm{ld#RE(U9ftmMVEeGBlwm2OmvVBB%Wr-Sk} zuVraGMC(Umhcbgoqp}SIV3COo!d}13M4TOyR#ERX8BujxVCLF%z~CEQSgH_fz+lj* zo~7}lo>}S;I#9u|Wo@#+d-ZsrRRz|t$}psdw)s>(+%xG@?qU9Wp#>|z@TJ``l}D{6 zAL}a-0f*WOf8W;53XB}Ml6#rnq z|A6~MUfk9+O0QDxNug0lMg%JY35N>h+t)dxB4ad;z1pH{q=q%hGtV;H)%eYRjXcNH z)G%F6tdDa0qZ5*TLH~G?HW+q40ZoEg6r}_rsUOET{We*7Eg#4A)iXy;Es)dZ5dUyl@w%z%CafIR&1+$fl{;zW-uT`#YhGDNCUU z8yTpaSOvG!xUQ&K-g89<=%6|f%sNh zq%bJ(ABA33`Juz05C0sVzc+5@;Av+i)#yAFr(%EbBZYejRu*#f@CmNjSKk5XnjYR% zTGR*KWX%|PvWDr;3x$nYeC+K7UYf=5eT#IL#kZ%xMu+N)YN2=oL2H+iv;XGa|IwTO z^dtJe)sJXLV^%i`6d--rx`4X`aTN(S9@BYQYr;U*)PE^;+IVBr6C~!S3Pc!)2Rz^8 z_?Gspk2^h$0s0w5Fq^(0X5NcLi_>4}m3}GvMj{=9HV?s_ySbUlW`k3ZI*8vdj-h)|Gm zqi+j4N@mWwF={+FUQU5SL+$ozco;S}xJTcU|007bLdb+_f)DuC&kKF`3VZ!|OZBuT_(%Y|Y-yD_d&XzyV^}nTxS?$>@B3bo)uiow5_bgr0^!s$Xs@eI68nR`D#OQ>w{xIxCPPduouJm-RHZ|4EpEK@@tx zClw6Wdy(d^W4~3ilKQnrTt^lLne#@l^z$c1zTG&{PQg!yW^%my(`T}k990-5iO}0I zC0TqnF!x=56-Mkd^Gx;{2V{yOeVy~eNOe3Rf5^>TxP3!vHct~FctBml4#9~RXZCNi zQujkC76RK|G&Mgk#MCY0+{KN^&V|8v0hz$kpFu5dPvER2lO=U%;akJL*MwlH48{00 zNS2o z&7RGf@BMPm?*WlO@aav$}l=V^c7&P~<}GODV0SzoRdn;u42?}AzS><%MO zChdDkrEa0Yv#L9|n$y6a7v62$RItYRs5P%QQeJGIrJnGHGIvXK>IAdq%9VcpM&_^h zmi&$SWX9^X@nr9v1xz&zIweWTElAjwjM2f^r?1?&b25#37!~@woH@qq&CN_#OCg%a zoVebQ-21p~|6hS;W!vt>wzI>?{Z8`gowh~aQz&TLS_E=d+w~!$;BObZu1Cy2z|m4$ z@(4lckAG7*sx*K8m|Iwn&BVZjn?q|vPvyR3JSsP>gN1nY$(>lmKW=;FK0PBlF$8=B ziCxd^D~WB4Ww)cCoT)bbISb?A54A|Pn#g;$TTUyV^uD2x!K@kSiw8nuUZbxZ3G`%K&spsGnKNLlnJ?_i4N68#-VQfR623*xC?X z8(y~9W8AKyWg^;!b8-rv69Q|;7oP!wG2`&+&}VwFk}#70+>JLc>>FObn3lBWn;HtS zCb?&wx56ia1mtbtr1Bk*n&uq*O^42hDa!^#7?3?o9IgIh-p7iMG=JuG@>XZ85H(xN zxgrzj)-Z$E7|+UuRD^o$DT!^i)Pt6b9(HnNAK*%)HzC#ABEC}Z2W0E{kT*0HvGbejQr3zmX1#sHPZXYU5_9ryi(cD=42@91J@2aL2lqzpZ8 zt(w+c`fJehki@iGQUCZ2c)jE~%}v{*emxo0SEQ#LkrtqACtm^&Uye=d;I&Z3HHC^z z=Jk)v%k~b8Lkg&9VV1V!d%hri52L4shaPwf>Hu+zxH#X?%jvouZK>K3453X*lQ0XF z@gX*rs)f2uzAZ7frfF5s9s+$JuvrEw@#JIaC77L=-C%_hGbDv8cg8%Io!5FsRUAMHyp^XnJs|dc~BIdZN zDNjG0ygv#jID=#A;p6LG}CvH>Rj)FFCr| za{zd=Y0R=SKJZJTaIbKqRbz+jD_2|l8EZ_!3giFu=)ECc%S;@9_jyhO=Hy40PUhbR z%9CVU@EfA%JXlTnK`*YIkKOO0i10VTK=L3T!~pPDWak5J4WPl z0|A?=bt8*v^YzS-^09LEh=^fN>^N%)?47V``i`8|$kbMG7NsGV;a5Vm>07F?!!%1y zPbNs20s6Gnpb(l9pi^#pUnwOGgbGWN0~ioxWSY`vC$y}n~Gwj z5g^qFsTuR{X8LqFJ^2wLVc{LG@;KJYhfZr%QUiZ?Ei3kv1o9Qj28{7lH}6#EEM~); zoYS%sM4)6t)AxY(T+K0nO4K6lJ?Tt)2Kr@ zaXc!U=^*Og6~fCwIodW7i!C8}TnAn$Thmw`-&3Qugp(Er$!xR%YL8eiS5bn~1DuYsjv518 zqh_h2>>TU-8ssZY$fnta0;(ZSVuWmb1C}+JB+CqBTj)zBv5}3G|9+X%n%&KHD7GNj z-)oHsMofS3GqJa(5-_C!jDRJ37}Zc( zu9Io%`#f04Qd@_$a(r%FTcL+_@VjM=)8LotLIvMN46jq`x^Xxcw5o^R=;bud= zXL-!u@B~Aqv*4S3`kjK+yoAWJM#Gq4JLS&@AfC?|!+G)}@vQ+id!6UYBLVFG7w_lc zt3BWzSl~blxi-7O_uB&kyMQtIFP#+ELX*eFYNP*CWQudur|eI(ECWoLLRujJRo` z6lL+dndFsVjI&UdsZP>b#_8eBX`&L}UoJFO zmh;~)6ZLwxJr-`pkYE%V&pUMrIZsQUJ9F&7AvOLTC&chm7tl{o>)=t7p{g0rNT2#0o*;er5T50LIzG zqo$QEhxI&r@-T(Timw&0=lkleP7(<*T4NT`v_5P;o*iGn%ELS#@SSiJF1ml^(tfKb zQnt)4u_44g2lGQyQPH_;>Djkrso(yioz%a52fHmnobqYa@Z%C~?f-B`jw)Rugxm90 zHp%jV^sM;&ydZ}^DUS3D@FTi0BoSU)w%S|ocaj734E?nkbD%hzOSfky)6p7Qdu@xF&W7_J5xAHnl?m;uLoymiM^u-gVd}R z>g>{WPcu}r56RN;>j&AKf?F67vd`B&XIx^O#k3*D6Q&Mf4>}*0r@8yNO!NCX(NFNn z)}kCz{>p>5^d4-+w$R*^=5t5)n#5CtThr@0XU~*#b91+pW>mf%eH1qam{-95@vOh# zf~ZP9xe8z_H@*JrN?@y{xjs2BQMo{(I?}NNE=S_h;R*l9+^5_&w&j&WnxOH%-CdiA zeow|W0u*bPH{sIc5LhIS`BQ*Ryu{IEyMJ*wk-nI*2FAc)F#8gg71WP9KpBkfX4 z=b+wQ{?MJNAA8^iCe1-cJ$>dAQC>ScahHOMxkb{{cSd>~^k#kTMasCY4Y)w3ai9>d zPRLP1b$9S|&0Vi|37a!T3AL!Q&Lc*?ZOfNGpiyBez^1d<9vKdF*83rH&byPO2Hqma zb}g_u;27sufjX?b^!(x`=ik9{^qe0xEllSXZVEnZ8BtyS>( zV5eH4W$}pJRAv@qt-)EzXS!?#L1N9U^dNQll3RT2n>|ZwOUUFJ?0p|_> zrIjTI@K;|u^NqpX6~7G=TVscOfbx%R=Nu|W+rn9=^RP?fM%99f_!pdMo-6AI>+kcc zxYhEqIgc4-Q++$p=RmGL)h$Nl$--}kB=up0nlm3--v70K(Zi(v5hr!q_AXodTe#u_ zV36x;0$G1=CR2v-8E9rv`P`Z0dwYy?@_y6KDV_$oXkVaUxKN4 z;5Btr$~z)u`@1xgYC%g+XV+RfY+oUu=epqi>A!uezUBdEsEx$O?VtWWQakpz-1Ng# zYnZ)nwxCw^H0ZLJ!EklR=h!_W+wb+Cdrh~Y`1drafaP-3qNE32e62`~I5ja*49Skq zb;o(;ATaS5Hz(1oTeh;^H)luotTnTAbkz`qya6)EObP1a14=TJ<@Y3{GaEWG^O%uR zM3lvW{?N4k$&tcnvbU7(=q8_%D-TU+OZO9KU^{yLEYy#B3sZmkrb`-m`7PnpSVYd% z0sZXw&wjbIQbQPvcH0D69P2#*Kl%3aLRkIFWSe)~yh{;{IS{109TBMPfYtqKLr4k& zacOA<4oOq|1CsEiZM)M8P0h5-G~)K4u@V@Ko=h~iC6XTXS{HwNfKM`K^o@B)odD7f z+9XLZEEue(49Sg^Py^Gwp7FOO549RIGmE{SzBCnM$AC@x4l1^WOP3Q5N4u3IlnxIK zF$*3Xi(mbHQuij`r?@BO)kk}gP~VJtM46lEP|KrBPw9I=KD z=eKEZxQ*g5c#imj@mYz|viWr0v1AB1G}EWL*}iMt*+D+R)@B>TPUc^(S2 z6}g=&qeJ>mOQpUc{NeYb@F_4tisC(^xVT>W#dt&yJdihlVD;mz5>k@h_RU|SPgi78 zp})HVvP2E5+r4IqK((mq=0*(8mQih>D`W=Kwj=`|yMRD3IWie05v%})LR0o*F;B+eBpzXeIvO{EpWQzwr zyni*Ew?XA)LwT-OVo)G35O!P+6TF&};KZOQ=6dGi+tntsXu0Pp!(*aS#V))16U6D9 zo-&-VJOfF@FezpRFf%j51_5%fs8`a>2Y9NKq8tXnIV7FZ5^r|BD%E`Pp3p4z!jx6G zPtPt?q4)t2(7gFeM=IP(Ah#Cjl3p$(Y#RNywHr_fSEuRA4>v>|e_q%O8BF(oqq*|+{(ZwS(%l6$IGKK|SGuhCWu)T{L-#805|YB8oQ>f+648`rN&2w#hz7bx4mb+D3dW_xjVJdB0BCBe1tWKUO_znmr?$9(7EZ!j2= zIzsd9Qt*#j_UzlOzkYGRMjtDA&>`zaeLy252){0_NPG%QaYokZE;Zu~n>}Hc!NbY{ z9i{H|t#P%zrx}_yjR$YF0UAcw%bOa>m{NBXH80`OOd*94PvqpPLvHpvS5X2#1J4K5 zoF^SAXXUAe3w;zP5Tmm53({M7lIyU#rb=aPd84)>*}n6=ae++xceIe9WB*)!$X5cF z_5WMx{BMDiCS)aYH?288B-?gcZ1ik2TFlj!SibVYIr_@i!Tffv0NwDzSNzJyXJo?z zgCB3FY=gi*qAE|4ZHDcE>1jNhij&bzH#TWYl1UzE>EHetsl70c3Iu8|=<6tr^0Se+ zQJwXv`QD*v4>&lC+N3-$iVlMP&9TxsWg!QyiNC?ihSa7a#{>0bn8LXjUI89oy*0Y? z019?grAJQP#MwBlacBa{8G-T7&RJZ{PMOocuusEwB~A3LwLG0k^0guFzbo)qk#Ys# zD>%wA<%r#JMrJW%nAMgZK3~2B0A$6x#!UsmEjo`;nteFzwC8|VpIM|$*^#~B>MGmRBz@M z_*`rb4U4HFkbdkBMXIa~jNQiIOrxPWPrIL;Unx3Gk(jAEG3zwu`gy@76nVaue;7#4 zsk{e*mYh-L;u2E-*<z0EGT&!4!ZUK4;@Grp#k~W&V<`9`Htk@4eLFbZkgRSJi_MZl3tut1dA@OWvH8{e2I{0 z+HLKhEmi-Qfr%zowmJgk>xdYVK1qH!wvH$r*w2jcDCT?5P|B=MbM>gN-u~w=1(VcW zaypc-;kCzR8XN1GxC0GLkNjI8{VrmZwfCa|EC8EJO0@tpRmp?$q!l9*07C+@1+Q<` z!a|;6miba7nollq2uLpm1O|k=@hGkoloO53w&q7p7!Lk4<>dy0Ocy0`#A@HL8k@K0 z@rjdDenboDd#`6DL?k=}f^b9d4xuW{`O9w{EPs06V#57M@hEhLTYAoGq)le(c1lbQ z&+L!m(P+5{&xXhJ_e1vH+}FGB9ODRWU;9F@+h?3U-q}7_i2QkBRyC!^7zi%YFy&q+ zy}ln-bnl-xDsb1-_|f7UbGl;ky>AUexq^AB5&qFdhVAJxZR_;4@QhT1+2)nr_VFYJ z{pBV75x0hd^@oFJZZ(QG-ps#yIZd7Qb0NH`(U1D@{pe(;_2-4{JlzG+f9>^cWF%qh zMwVa0nsNO-{+}1@mDc5@5N{P z2XUlU>d|F`ChL9lzYfr%$5a~yC}vqXZ4zE;wICPhUABm<`v@OJ!A3f+g6JvlV{2iN zY|3h)adPfDyq(F*>rm?Fj>@;Dg0-FrQ8%6{36B_;@D~I&PR#nOVJe+sV557X#cBR2 z0EUI@OUq6sMmsLjDsreH-K{K_v(K{Jmw% zOe#e5h9G>C5E94=)0NqwhQk;f8b)P4$BDQ>sg2oQ{sVu#*t2UE&9cQ4qt^N*Bj21= z;h9}aoJmukOYU={j4*4@^td({Ak0|NwY%tR)nwK{-GOe0RXdpI5Sh#Hd%adj1o`&c zpBEag8x7bN3wP&HYh+ksK?t(MW`@>4;Gi)8q(C+_mL#bV8oUSQw9WXvq`${$%$@CN zAzI^Wrr766+%7qLV1ox^I6c_Tq);X@q9|Q;Nx)+{HjM8MRap${or>TkThI~G6-Bg7 z)x3mFkUCkto^p1#_^#&;%8%YEFxSrc-K(1_9vsc*#SJu;GSu}hN{$nk(gsRC(f0^wPzb7VUjwCKJf&dnS+!d&)F7TERNj)aJ8Bzm z;3(Xl?qmHrXMr7DK9%!px+z*YAL^OV2>S+eMKHg!f6p*lb=&QcU$^cijI82^n)^!X z4<5g&l!(vsR~**H63OfWD2e8>z?ysK)oAU;2jGQFNSvI`f#UAL1%ryThDsg_GaHmY zzoJf+k(r2xK(Wmym0N!%zI#$Mn4IZU9x&g0Qolw928n?POqEoG^nLa_0YB1CSd2UM z%+sz3{sL8PAAOTka#MOG&&c86GTXYtwT0`|r-2GO;`>&ftkj1tq^>^J}WEaLwkhV*|;#R+@u>vTvCg)=g|2dO98E-y5y{BQ38 z6VIwQYWgrQ_%&yW)Nh)Sw~qPzZMMbs0H{Sn^uivLkl75J8uP%9BpUW*-hHk7VY0}p z|IN6+d5$#tSHQqd(TvJyKC75=MAB9u#Rpq?K6O`fkmFn%OGm;0?v_?J>%{fg%Z|-B zM{F#)SrBV2LO`9DYKU38X%Epf%d$`8VAm-`8t|dZ=j)mbp1hijKH@&b=tJEl?NY_* z9!s^~!S{z#Q!ZEeYkX)foD9Kwyuk4K811ysGfoWT=Zl`3Oph+XcAv;1epyIq4xI*4 z(d$1i47abbC;xGH{Li`UKW?bMQabo~Vc<4qR_2Un#Wn742dDqR54sdjj4}z=i6>)w zgnr1z*GD5~Lwz`nNa>_JG0mFY7)k51X+@Z$I@nEFzir-I+@(2+&WA1frK8#P8W3LWLE(4$&%eC#k)t6CU*S{2K18y!v3)s zklCvIuM00a)@gHP#E@0I)S(R)VCSF5)NWZ^U!{QeE$0FAn2Aes-#7Oau#ODNcxTS? zgsJZu7;I^vu4pW;#^xeo{O5EHqThO8hBokqkR?SnA6DF0Fr*k7l9gAS;kkbK&z6_p z77pyl*w$v_osupp*~wdgWX&xCnHUA^jQACj9~~XOV|xY5TJAvc&ux)+n4SFG_w8PD zLDfl2Aa-Z`_M4lL2a!rETQ4mSoq{D!ssUMV6HiZ7ZvS#xelm+bQhUUw{=jRtVzT{F z;QYXS=t2oyP>ZWm!RjbF1F&q|jD?i!Mi)v;Xv9O$qK z0qBH_rmCRr-HAd3XB<=VwbhA1+JOh-4CXB>l)-}^+S!Rcn3sLGP86>ep{pZRISSQt zo4QS651bw)8 z?h+(e1iz&*iD44u5&nK9`TA;Dz&1D?FhAY77k4|h%J|*}@0l(GR`2K-_+0hEXO-8Q zRY>nMwdymLI#P9l{J{<7ymP0;%Z=Knz{-)`OK&r0GE+ck32)mCsOoFCYePn{7HHKR zWU|WDp-ZxBU*E<7&1736j0OfD9lZQ`;c7sb5k;l_kCmSn)=saZw)jTi_4TL_c)q{% zZbjtHp2hm@NWyj6(PqSHcNQ3keIV@~WcbP&=WTm0X}Tg*-ores=vJ{hr`r{xz?2K3 zT#nUFon=@=eehsS`R9eL9}mNT6t&KRpBK;@l2daw>r!8HeZ4J1PzegREw)PQ(r4^W zYP+LxzSPXDglc***gE#G%c1$rvfsQMF7MJjHe?M|z^y*g6JFEsNrQ>XtUFjGdUa#^ zdq;m$76zpJEMYAdNuJm2cV_T{m3XO+KXYdQf2C%d8lyL z$1}+yKSv>VxF0q}DSuF|7DO@j{s>d-EpObuB=3QOB+*C2@yva!iu3B>iFimohiX^>Ez30kfPbF_(iB9_dpXctTnedF}%PBYN*W%P<8K9kZ$z7;yiM&U-#^BDP~n8c+7H@^I^Q)GFY>fqkCv_1Yg4h zaf0M}Amw`z7=c{H1$g)hBD5uc{YfpT6OlEVN0!{1Io?*o>n$vmB4L=uda?d-TM&yW z0C)}A)Lf?xk}iTOw48=?zGhtuiXF6Ss9ZxfWd87a|5=CmJ2oK1set1F7Wz^zx!-DM zNP!{CMsNMFIc_u%=F*)f1!9@!yBSVtEROeCH0odc>&*2(ZvXmFy++2PasS}27x_ox zfBPdVm~AKR6{1lWGS!_r>a!w;Z~lA$+55_<*2VrK%L0bk-52Ct&Z1kKv!fiRYbFne zc3aWQ&7C1+3#+^9$=>XO!Or~rlWi7d$JHPEP|g^JYGTp65}Z8g$c@i6R87fVztPOd zvlM6^Xhb(xK`J9}JN;nd(;YZ?YsZ@M{`kl#CfKy0psv^Vn;%`%trGB{^N5R6ASRg9 zh>(rVrMWrLHQhg>ufA1?vXF*FN@{F(t2jAd)?ic#MhQ9A-JyrKv$bd4>WnXEc*d*+ z>8DX*L-rEkf&b3Cq0OM*JHtX@vlGKZ93x2u{=y#CPvtWb0tn4M!dx`qthUO+Co4TM z^TfnAlJ~ir^n1c|SUTKwLH=amxnL7Vu(&L8^2U;y*;vsA5TBv}su8?}oz~=CXKjyS z!P(ej{0GgUK#pR8Mu013nwj6ijRgvQXf@_L%iYm`gsIndb zu^b1dU?WLseakY_2^g#$2dW|v)-y1$yqX)XT5mS55Q6REb2gyJcpS9$hfAaTdJy@AGu;e>2^O-KH9k zoj<})eqWn=YJYA|IzBDnaCA2C^fb8ai4F@Xt3DT6Nkr9Fzns(U+bCm0vYh)UsyFzQ z)`V9j${yGqr`z4hf@J_Xd>NAL7-xAwVpXwjCB;86WVYT z_G7&X8iXLj9rx3I1shm-lop)hok9BlgR8HqRWp)eT0M z!{vE@UO0c`=p<@sE!(G>O$xF1tNW(d_|R_K8Ei>y>|Rf{bWsZxu~w>MMm;GEvO4P4 z9GWx1fUL^AbN#=#aRT`Z<;tW)xw&0?^RK$+)p;eYkND+>{g7FZHon%Jt8?!Iqx@_C z{Ec@eb$HCSaS2NO6gC|JtS>$3NHrb>vdr}jR!6F-K1mI(h>*(?o(4nmBy}_2ex_di zFek*PW~v2-AY+S=6NYppb=H*K zddlecuzXdJ+m^36;udy&>E;#LluK5d&g?I(AUj8yh{ z&%%(=9a~Z)>$uUaqv!6` z``&7Nn3YqsNv<-uQcf0_1AR##KUU{6cs+F)S-2dmM~hND43){mhe%E*28Z-l4TJol z39Sw6hU2nW)~RLxf=~GnBZGI%jiKh))Ff6FU#W<5Hemm9(*&xyD5n||sl#Q)+8~RI z6P?plBj8kYd$(=WdK=&+zt1Bb+H9RqSqiz+tzD(Ol6Na?P05S)dLhP4u2@%_0Fr!d zEaqD&;?D9@w~2*&3^wpg-t^4GA|BdhN8qJF6N846@2yz`9KA#EGLD}Yk%b?ixdFCC z19td(Yr{~4Y$w)^*e0N>_+J>!(-XqLS&;emD(xF0b8bnO_Rg?8VXr--48F z6dh+AZw09)iYJb-{Jan%;v6b}rqSs&E_N>N(F-LFI zgQN>>17DQeNHsh=lpf|UuF9&EE6caH$6j6nU>7iN^?kl>q$nlCne6d7=4jhNu`ASf z=M?jisP|b&(tPRkz;XUZVo_zd+U>l6oSv5;Em~BIt>R&JFdvr2ZSL47DLx zhOMVQJ$%YB&>L;GXY#!?Gf*0x_bTc8z1OM{XO4Y*D^tIPEv)PT0Th`N9uNOvo8v<) zUBy>BT+!&6Z~e6E$yWd_GNVobrO&W_`M1|EV^#&M)>h-}vtbFx9#`P4=e`;rMjfvS zvO*vAMA|uP>c2$T|(NJ2bjItfhoMG{^qY)2tie#am zt~aad{D7ij0uQDX_p6>tfiNdn!yze7v0enhLI4S0DYs)AGPwX-ij%qd$hBhownI|H z-KAQu!Llt-nqH|F$o1Cs1np>K=SJX2HPe$-4Il1C<1QH)CKgf$oJI70UTxXp=1Ra` zQboqXyfIi5%L+4w+$#W{&XC;V2-JcZYIIVb@%?NJ)$HEufc(f%_ui}qDo%c;nBNXj z%oX1wh`G^g`j1CfmKvBSyT4m!L-_pj>cmFAn@zs37yTGCPJ zV!_Rifcmp`XlsMTZcxAwBqH_b>{%y<+Sa!8x2@zFHwUWs zmY4C^?twG(hy7AW^{__5YId$D0^>G7;my?Q`Z{EvjH{_{ni<&{L}#FfJ&D~S^00c+ zZ{_>C>pd)=(=13D($}peGSSPSFUGVcePGI?&*4_^WH_z*E+`9C`D1I-!c)Z)3rI4d z2M(FX6l;1_DFi$nZ-f23Q2$7(YL>WV%#Xolj(T+@sXCi%*M(umxcopq-`YA-)^x0gE$}Su`|TjX-qgQV@@i60w>ia-;cN=v>gr;cV)aTgJPiXn&5IdFGXLfE zp9+Nk3lsH#gDP1WZVq<$6kC_4H(w_qGK zCJHK37+D?1)BCMyO_@jZ+Ve>K(9a8{vj+?y`mydWTPu%#WW|g#BKIZU8`WFBOAjNZ zBJeS#F?z6)6cK7u*t`6~a=u5p z+>|zhE)vk;n)ezM1W}%>5sfwS+mFjk$XIfsVoD(Vp4CDEnQ$}l$Wu{=GY@GQw2bye zVd{j|i|=74*{O;-4`Y`Zz&S+6OnD@&DSk6{;r>^8-tyd-)yUTKe5{kjrrKuQQ<`CGApwL}sV@y>)Y8MP?v`j6M;GaCMno0-d| z4>lMjnAXn@p=`Xuy49Arya?+=AxPFo$)yGjZDE)on``pq3qA*=iicXWcYp9>Nx?rA zo+6`*0FtD~kZF0&872U-sU+E|G4stIGa zz*wO&3Dq0Y)&{!!`_crxJyd#Au`Qd$2v9~LB5+ltDD}B8!71RYzg(lK_#*YbZ{0MzeG z8@n}^#rj_-B))+C*d8nZGM{YiPp%MMUu{MF20jK7(zfyzzekUbCg+p^=~FG_*2{&u zMnguDQyPPoQEtf+MjMJU)Urt~`w$;TG9s@Hf%%+X4T~Ofu?U)S>0m{c9?g4Q4=CM^ zm=|qig~h$bgd*dt+zjwfB1rKL_1lenH+5>j8&lYRv;H=@&#dw&k^YjzX0IM-sdsL5 zPPdDR)g6Si^iuNHhnCI5p_-FhXupH*%d0xYzT>q%cQ-u*C!3!8W%A>lXu)fqlBo#$ zzp(Jp12*_Wm4w^-b*E0YgjSLZy%GdQf~R+Q&-E(N~=sN)eW56bGTGduK;q9;#>KY9+yO0Le;xSt4}u3r zRXthkYa;!t_o>X<$bPwIBddRaNovx41H@ocDH@cwkQEq| zs^2oUsiD1~UHoA(U3!BPSRBqjDyld7>1`CJWzfd8wiUgJPvnENlDR0lr9fw(c~z4$ z=QVQeVAZBgxZ8o7_lrD5iDy$O?7RvZdR~r5|BKE(p(Ep#Y=P&%4fKnlG zB|Z?$lV3=~giQ-KpnGyF5@MbT<(a@n?n}ItNe`Jk5UKpMSovjv+x%{mJLVl)eOgec z_6>d`IjPzMTkLz;9yXWoRvWgDhjJCCF?^Jud3Zv<090^CRW{Q zq#AOhBona&286t%5}6}5Lm^1GhzADafe%?S2_a1owAsDQJXZwetzDLWHTOAUtGI5b zTzK$naffzEzz+c0s7j^(c^v!Q%x*{VIgf?k79>Rj=x=uhFhKPeNgB!q*PIKLDvD=p z6ZWQ45echH1zxlHmK!D^g15S~`<-u9^{p83JqlD3jaLQP5I-gPieWqo+OSHGU^oDg z4Fod_pfDn0Uw|joGJs^pnxHiis5aO7cy3Mo4 z#XchRt6I(HmtYY0uRmY++-ZQ6;9Go&m_yjbip}ich`Pi(9c1* zRgX0{CRVsx<@C{yBk?c0f+bMSysGs>3MM}?0SwnGk*b5psuqRp{7Gd|?SsnM7x(`t zG`E?Bd1N6=ctPS<#Y^>bF1h<~IC7U``Xp;(MdqIR%1=gS;niMOuLjY1x@&C62V!_T zMiqSnD;rr8QYn%B|FHKSP)%j)-!O9>9kAdaAVtbZm8uYW9hD*_ASI!Lv;YA@F9C#6 zL8K3zBot|ZBorwjbQA@o1cXqe1OzD(n)Hs}nLBsxom>9z_pWz+-@DfPegCtvl9O}x z+1c6WtiAX1Jiq7n%aa*C?rokNFNUY44esE#k+%v^amlQG`U5J+thdP?x$kqg0kBh{ zU&PJ%%9bV1ulDVRqfKhzUD&Xzd0anloF7mQ>QPNr1q^+H*5cXyZoAN~XN=dviR0UQ zs#4pZUvPhFSVA0XR|_`-fhX6gnfFMsjo^ROq88?Ju9;0`ZAN6Wp3Um`^_Gx**Peml z2S^0xM>fI7oB@=_4Mlb@Zh9Cm-3?&D;fXpa9?a>o%o#R-8ha?yrhHQLi7b!+-=AN! z!Cf|844)c7^g&>-1@kUcJF4sbW7Qj>K@?TIMGu@)78#b_^R;50;&+k1vX>nx-pwgh z`!gNgyUt2d_cELA_OPd=M0nU?CTD-4#^$0}cz?cO2}Cg7Bsqr~-YeD{_(Y{b5XFii zMj4b+%{`3LZgOMCsf<@P0(UhP38Sa^MTWN#ZOqIvyK58k6|DeIL*1>c#qt`GRpc?H zIoSZV%QG~zlvy_o&}^&>dZpkS6dha~ViMsWzdp9#2%fI!Hm%$*tCcMlOBTU2)Gm2i z7E#%vs?T&%yi->KLBzI=$XqE)E(h75>uYTf?}c;f81^T=D^zdiVKrkep+K8j0!!E% z5@d}K^^5JTR?t_uZX~vfL8-_-Wh%$?^{+$q*=dln4cUfHu}*Yp0Z^#I3i>r`9?iEl z;gSO5SRD#SueR_#5<5p{ZU_&6Ux^P_70PV2Sbh##KWN0-Xw2?^0^R=|JC9jr?PN&Er#ptB z=|BIZ+=vbCy-VhzV&Hp*M&Ib>%x;@|@%-4&;j#a9?QzdwX3=Fw%+RU9H@bq_-jx8M z)lkQ+77gVfa|9X|@?zG8srzY(M_DMZ!=Y^<;Ea}x>3HHRoNQcetQzfvZ2sNrOz?~T z^-Yt$p}LJ(Rj$;h?T9CT^=RZE!apxgC0eXF;L%!ApH6kT-}M%RfBws=_Ikr;)!EWW zpya%hiAua)^1zs%YbST~QmY8r5OlrOL#cc<`y+trH_6Yh(5xqfl?hbvQh z((Zf<)fB$6WCM_%yr936U&DA4stR^t3>ENXJ2m){bvqEGKvm4w> zA`-1T4c$f!8a91NHk_cJy2U#ZM9SQPSYAa|m#`5hjUkg3`!bL`IDSCS_SZuH;-vFv zn$|V6a!81}8;S<+UpH{6od!nYX%s%`T3i;mM`@6?<2`DrA}fUH<+6(C=L;C6vGcoq z#N$DO5u_Ng&z4AzH-p#5le1!SvhWLyYh&uqf?U%1JymEmhG;x-Ht>^2p{HG+kq)b9 zZKtG*v;SmGd0+A+^bii)|M{hu%&~KdBt{55$f(kNgrwrt?{_IFQlvIele ze1TXFDyE&k@7;FSZPD(Qe;RfBPd~kl%qtHJJ5AE3MW`t}nZA@8xRDmh7YZ13&;;^H zbV}=f(giMoQ}>#s)ey&}t{;`(`1Mn_lAH{Y-{@$A4Q;<}nN4s0qn5CPxgUZhk&~?^ zc|`dqUSef7*Qr7cO)2vQgYfhtRi#Sv+_>bTlvKS?Bg90$Nv`w9yByAs1}#S7UE&2J z1s1n2dn{cEhByib?%9QSTDNI7;;}hRJn&L1Ok|$GW6`e2HSW1H)7uaiSnJaH4@poobJ1Kd@zV`tkkfV zoubWF=~I#fAtwDBla+66Xwx|CI`rK~3Vva2tg0X;v4!dRNPlMs$Ur64)UV1k(P(m3};SiEWi zCc=jf?zi`ejvx#gS^%zY+MEbJRxGiFolFQeVDFfym`ZBLCb}kMDtTQB_KLDh?;Z_G zNjj<@#{)`9gYlE3$X&@1-+4cZ9;orspkTtwW?nh&8iX$K%T|^Duvc8qR=KpNzMr=Z ztEeYWd_kGp6(~~hTKrJzU3hAsk1tJxEE=m{woOoR#LDkK-kv61#zEI8 zAX6hvS%{g036Lo^Vq+p}Z=jMKsd3+UqvF6NXw3Xn3_}8=Z;`IAO=4jVXg)Y01NRmV zplMMA`mU5aFJ9PI4dnn6=>OgJ-9k*Sz}}R^faL|wle*s5K1u<`UhG^q>9upBH`5e9 zd}Y&IVL&!9tIJFCY*nq80!xJ%U5B7HNLQ;xrCquAm8HqIlf3CPHTN=QZjh>(VMVU9 z{>0;PoZ13{_0ya-GN#0$8YnlhW=$&7=?#){&O$VgdrGK1ga( zeehxd)y^jbyXilys}~|DRj$~qeDPZNq1re$mN4)!!%_-^A!_oouP)yE5qL%4SyK#U zSy|?Q<+hzPCR{3`Wd0aznfS|FvWS&g-%e2^@vXrK$ zF(j1YLx^JGK8xp5|^#+va9Hiyt>6u9>fA4rWKUcpkC;Og=ku!H4c`6r^{` zt!{ur&Lm5l7`hSbcb~I_FYh-g zfxb_0R?b&T_osixcQ1uU{i$RBY4b zNPRnG^rZEZwR$Go-5(ALclM2TbyeY$6iNEWkS}M2eq-yE-e0cZ|HHNadg!~$l2+Oe zB-0)Tt(`1Nzu>vG*|vcClDUZ{mw`C>tK$?(&e8+Gr2o>^7B?e zW$J6+pPQ;*zqNb$8=XZCkRRjv6VF1Ik9MicQQykdj)KaDabAw*X$aItS*rn##* zWnM&FyfX`~y;JDtD;;EDhJVbf`yM@3jrQp!Pz7r;t4tbQzH?y~#~|dkUXwgsV&K`q zX`ctfoJ=D5RVcW+;Hb9_k~*D>`Zf?ZvkLpNLUi^WAF(=e^*X$H%D8@KB;83#GAS{m zOQwL%BNhu@QmyswsZ|GQaLna_<{f|PZUSKgyC`TF?UUSTdP7L4(X z=46a<`hpHj<~cbv)T~sK1LnUOE=9r3wnKCl7oSW%vXaBrIu~=pCd$QIOx?CwUEt@X zG|dVGlO;H95ID~U+iN|uRGiPP_)J#pZjbL*R!j669xu$^Ei;$_{5pr+zEGj>l`3Dc z02BWku8O#_!gLpR?}dc>HltHQ{&Qx!Z^V>Vdx?a*-!B+HxT`4ODE^{^C^IYS6JK>X z+8Mt0J+-%xt1DUD>Kx~6wk-BUJ!1a3oMy7SQCX;9nWwVbseQ3vRFgZXm>74Qh#kBh zgQcp)hAblmQX|W@)~@o~y!{BT%-(;4IIJyQ%dJ$c!QEh!9u{`WyP7Y;&M<_kE?St{ z_5fe7x%#L>RtSA(vh$u!;DAi^JJo{M|G&H4U|N!1mawIQ&>=;uc-4!mOfaQsb$_?I zY1>xrpIMLUJ+10;r~#AkS3zeFP8pS7%%#s3D#i3)w<&zwqg)*nvCy&Inp`{hSufqj zk`;3$l+cy=kZp-^xZc(n&KhFokCYd)4V-Vez8*Omu6Fs;f|{69te!Zf{ZY>^ba$R* zC@O?zZ6}&^BP&H*C)>2ZeH?$;>an=Ku=5sP5i=8e{GN?lceRPoLa}P-N%k62Ce@3s zbNP#1Pp}|;R-iBXO^@cBY;6cw?HRxZwJdRTEnTxjx`<-ANdOe0j{KZZHC|l}MlP3p zB$6|1Ia3EzCgsTNT^>Kr|NJ(*ai0OvKF#K<{@&uPA$hH=1z=XhkEdRS<~mHCH8*}R zOAHOvis8%1*@hUq%_nJ_i9m$6deTyKYjOA7gf7EAsw5-~K?B~UBjy^3G3huQPGB35 zfpmPeJWAW@DPg>YUt+Uw_6)o$E4a!OpRObPX&W0!eZj!G?4osKJt(P^%HpQ?gSmoQ zXYBi?QWNnWeWTJT$b~N*)v}@OOQqsxv=;Z6x>MR!{Dy7wTt0(B|K*$X7gSpY43;){ zEA=;unE|GUq{RKCu80U;s^K>}CF;qEcj#`=#3pSc|G@6d?1SpqzSRla{Y~|jC+Pn; zIRE>>bMKiW>`q=Em2Z8cd(#?d9(>jA&x?eAx#04BucBqESIuqZUdqi_ME|+d+kGb( zzp?5s<3p)5K>TT|qmo?X+Ifxqm)HMt>2F^d)k<`*P_#j3rJ;*4ti;7*x6#0O)+7F= zO0}5yhh&|=J&ycpH%D@${WY3c1=Y$_zr!YahFVUWwjqzWj>#LUV<-Wk5zj&;0-I!K zN3ie$2Y5l*9eiw6LFqhRNRd0h!xF`O$@agwyZ1PB0ccdbP^i0BCHieKYh81R5=~NlfHpauyg*b(l z?`JCwS5K#kTP8l&rMg%S314(k&McrdlcmTcKM7?y$uZs}SXsGgm$-?I^DA78+B(<6yz)XF?JsADs(TwPe7A!%wHO>}M`8Mbub45jo+#S-liUkDIV{6_G zVkm?AhW#BD)c1WI_`}o65cqGdfo77(iiUOUCTgML=4~0(OV7D%D74W7v5EyhE13>6 z=}a-a1q$2R}Z109h0iR!X@BR{S*S#d@Q+x^BN!N^(uM$0Er+Fzh zN;;e8QfS6->HD6Ax|}@)5Ae2z5Ssa(n>`0CLn@*1Y-Q!R5}lpflHQcrlq4|1K4=Du zOHN?zf}x8)5L>3kUWUoC^hNF8#6 z4ZP!N+F#?%MPWsFTrO=c`niY6p8r_xMHYMLVy)z zr41oD#;+5A? z@%>}nBs4d#y1DFCAvM0R*}07n-&~Co*PS7+-d(0gGrPLcd+GnEMC0&n$MnvEO3cB~ z+KwBVlrVo8<2@7*R}$|YUG>n2SVv`uAdug&&Zi#LImX6!xzoEsQ zgkc0&+6Pk&RJB<93yPiD-#)839#(#m>7JQa_PS|*B$WMkH-YUZ7t360r7X38nO6Kb zS>7J_!SjrSI#k-Wijm|J{2_H>nI8dN~gDLX$!Uk&b+8IeeJsD*%%Sp0BK?M5V>a{#xw_1Vq&D zgIp~vq8-&eE1ekGQR#OS#(yNhsVi(^#6YUiF-_74pvc{Guph2=ILg8J-f6p&v*J4! zN=t0h9CE+j;ajO=fyvU2dh2M4Rk~NBgAU$vEh=078hV-eqtkRt=D-5}J#Ewz<_qa$ zHL;NyVde(lLD;b1P0CnQj@tf!R+YiVX0)I?l7uLYg}1Owka7xgy<~4lWs)^Cd^LMK zZSXL7rIcxPSBb>YMA{nz5ombz<~%Cp{XG%T=5Wo8JNffkYqK)Ao@LsDj`XD9{uJq6 z@fWvpu52a8o7(i$bYY5v3V#W0E7L@h2ig?HSGV>ssj}m!6^$(_X$;l5CPfA_F<=@= z^{ef|sw0>sro#Vyrb(_=%i>hd z67>?5VB0fAM7Uf;XrqaCUlAq=3bVa6AXaT?RzS|&)ae}6omy$xYlfKWXPHWpg;#!> zD&h2@t@d>ojbPa<1GFt3Jtg2y_e&w74~%zAB5h2V!Z$_z(kKpdq%i+Bg%FFbR0e^#hXQ^d{t-`lzEk|eBh2?X+nDIt0Ku!Y0^;3vi zUzG2CDz$1kFWu1o)qwjWHNjlQ#8a_rLyvqqa9oz-7aHXEtl`RZA8g;uydOrSDciw` z)}0;ZQw3sOrzvBfCegGcc|&n+b(zzgnbF`l%*g7(?wYcMqb|V<(dZC}Ymdcdt0z_F z)?s3wHl!9xlzR?O8dif0+5G}-pa<&h-P`6X$0J_2ML0>* zXQ^yrVP)@l7{aa9j!$I$IuSOiG`%%Aye(^0P`c%51)N-|HMB@3^R7Q0;zSyKpmQX&5~{>Ds8lLf$U zFCkQ6Kmk%i9Ls%|X2-e**eM!k0!oa#J|-bSdG5C-RdK}w!T`|FKx(w2?QLaht_qp? z;MX1$eq#9FM%({z;9n8JuiYkG-+njCoeU)W+>Jk~{4UMGX1$;HZyws0*N;wbkEj`w zLw4Pty2~i@e0*EGduOf70c)ew9D+wR+rLec<4#d$G!cr)Hkap5?SkkFCD~8%xG)35 zE63@oMc|R`Ej%w&)#|3p9r!3_6NV)mRFuhOCR2@ZC@NW zC|NAr)DvB_F;qTxsP5|S2-YG|xB2N`i%2oE8;a}x zbUZ-{tt@dL9}VeX@j4qsUZ|AW#Y0qiE-Ezc;>1{4iu=?B(c7W$I4u8&e>&Ys=a0e1@QsK!_FsGfS7-T9%D+4>QpC@94FpB5%@nN+rI( z#|1EUFWvi*=J=x|?WiYn)vBU0JEof z;2VK?2r^#=r=`JyAHkQ+JuA6sizV_%5oC=oy@2{j}dTbuC7R2CO#HNk{OXaHXbFdhQgyn64=I8+TQJP&^DRg_eqU*mD6zC}vg4qVVp0 z)_6D`w}i^I$XsR)B1LFX!IwmutXeWjX&<%}L&VK%0Diruz-1t|tyI&^RRfZRD2$l) z_4T||;C=MBPWf-V?f;Q@+dm%Z?-Fb_EElYT)Hb-aX%z{a(qpG6xD07iP_8+0z%5;+ zCVbRw&of4>#}dJL+q}exz>0z=p|N-qF@r~+tGem6T)(%MDeiS`PY;ohOf65~pLge> z89>WL&9G?v@TIc>T!S(FgSpBXHUVon*$!6|W@vyA3Lij7co(BX-&0USe*KFRwT$(3%@JFo>}Xr!fOlVYFrZ)@EwEbf?p- z%vR*R{gJJN?TS57kc8r#)n7_V)v^tOFFCV__ z3Z(iNl0>$|r&;NBXL~d8MFaVN(LG6P=|Ku>*WPHdZLF@!`8fVo((+;To#&ti)UDC= z&ftQgzkQ|#AZyJf{FYxmfE}^v*kOc@y>Z0q#u46a$OQ^ z3vb%hlW6puX(_c9T1dz*5A&|GtaZu}!Y#Nnr1M3G%jy33>5WV6JQiyn6u${pxCg|} z&rd0s7*rF$)h4=L+H|!Nmgt&LRMuXuS6;0Rnoy%AXbWEhNJl0@lEHUSRz&R!_2a3h z{BPF0Zfg;$WX*nUGaU?>=8YmcwC%GtimF1s-&;T5iSr%AH1(*P_)sFjn72u6vX!QGBR=QXZp!!`ulMg z+Vo7-=>NW8Z~Fv5Ib13M^PRU9D>zJw_9sOLZ0zN@O91AKH@2;v1g!eCWCrXmJCxGi zNxDtem2ozN9rgz5TgY2Xb|sF2YoG~M!qWX*4c@gwe9!!uQa}SLn*hrZFo#C|6o9@} zvEYN40z-iKA`?3hPu0+dy5JaFz_MnhMjHBKphykh-;X*!zhboUn!?CQxSjabO0<&z zIv347JX9L|=7EHRo~?z26|qFI^;a*WsK@Oz9DPwvYk!q!%{>u)JZPJww&HysxeL&s zt`LoiT{mw)AQ36+?|l0@a9JN;(8v?zvja?bCanOi_qmaBtq2RW3|W*Pj<1XmsTlxW z-%Q9_`D>ZT_I~D}#NE@yBmn|^Lx51Esx+b?*8N<<$*jaoj3wan`JXz@)SS%{blUMc z;wI40{$dc;UF)Kt0ZQR3RTjD$s2_v02M90bQ7a zaO_!2ZJv^zUEn4JRBz%}hPMKb4&AV&w2tu-`jsx%LV(r>DAXsE7Ub>5uT2jMjqynp z4w|^~)A%T~Wl?wK{RY2GDs~n+QsPN*@p!+fcp!FD%N^`d`zrd1V&N5R?sO~vM&Kbt z27ZVyya|doC!W}3tvKo%$j%O9(#=c*1o0$H#C~C@C|XwkU8k-KdyQA0Wn!JoyU(`V zIt{XY0fLXUHT_@zeQZ(a89^j?4vCtbe+wyjSZWG0fI~va_A78t$xH)ST5r?ihvAzV zmNl;99Q-mg5t(WoaensBAJ1Li#~xm}X_-!v39;m``bi#M5Tn)RJRxIoE6yNoilLD+ zv~#sqRIh}i?yG5fC7a64I*USad-f_bm}zE>XR#sw>D>dzM zT%sy#r%+!mxh`ELY4?X&6Rr@kcrZ#8<0*>drCn{uD(slCW28gnCQP@~hk2v)eZEvk z$vN$L*5c+PO4ToBeIB%S@aSHhbTfJXjqYJMt5jD({k!qh@w%asT#;ryw~6T<9oUmcDqE_IlCDt4cIqw`h# zvg81`>g1A?>~asVVD+bOE5BlPj(;;^#KSMeA}60#{YS46-8mh9WAE5f$rSg3vQ#0w zn2u=7t?Uo+LdhCSkwb<89}?fU--+krg9)=QIn8e)o1ep{gZKj%vKR1kcu6a~YXu-? z<$xE(I^f|k3o*d9=uf@>BhlW%E%0;5t_$b1DT$j~r)-k-hvDw5mdF}CvFBnYQ^W{u zyJs@aPZO@|UejaWqhI^z+>gMF!h4q12D5t1*dbsaR*f!82M34JRefDQ?~;{%f4UrUt1JO|_W>`tz24otvQg?HkNhHtfJ33!k5HAOuDT2Zp*B+H$^ zsUK%>_N5^sJ!QGC>7q352JXUOv2_h8)8ngdZMX0S%kyshwRRN+IQP;g#PSB?v{zt- z0j9JcH1Tz!3UtDdgO^&F#Jgb?%Lk+ph`=px=A<-mnCu9@{&Zsj%zw2{lThC!zWNc5 zn|zUIN$9a@K}_j;nlQglkxUPYUIv-3SrtC7j#3Nlg#GG&%tq~QAMTc!zG!68m$MJQ z*r9Z!ZvrG98BLjH6|=W9*?HYbP#$?pUY(j)49G6GrF7A^c^&l12Jn-+J~<9!=Z#Fy z#1=Lr=e*Qt5D>u`zlT-Oq^VGGE6CClu8?HkTlfgpP!L!g;H;$Fvv7_C$n*>8^~7I2 z|45c`?2Ej~7-o<<(9N};2fVH7(~iS(ll?1IwMGiYmIhEhWi%N>9tYAYjpZo7*t|oL zgF3ca-Ar<2?wPYlwrDapr6r6!@8Gz{G~t=^;nVcKm#GQ5#cP67V{30^Qwn5gORdmd znO}$@{026jR1T;&Y*FrJS@bemlaNG)dVa}5CAM5Y6eXl)2nGIzSWZHguN4%@ zB~G{;#a!v7$=im)5&~(7#9%Nc*bqvUM^IGK^_9m+3KnnSuewc?MmGnK57F>~*urus zGdx~+Q>4ikHII7!aOYX$vj<9QDLK}4t0-wLBR4*{NP2aMI6^Fn@ctfCjyp6R z>kTvJppp!CJBMGRIrRay_T?= znM79qqUZcp8YD8=R z1F3A$tJbYHwaz(#eIsbt@_=gJ7b_R3A}jL7Xi0cyxo;NU!`We~BO4hg*5oS|m)<37 z#X`{lk{cjCQ6~6Z9s!7!gXeOf2;sK=EYXh(zS<%6oN2TZ=DqYHSCbI>>I&irRa<^m znW=isU}jHbO7duh$H49*uX;O_aCo`xR9*j{%4mNq@orivLn=l*QW1o={n`sergplT z=tehi7~L7#q2Hju;5x^>CXGq$={d_Hehb3TJ4uW)QW9>d>wRH5!v|AcLbP8ee>}2X`=y zt)G@EmexNOzzJgEu@1XF`i^F94PLO=66`$1Vo_GA+ItorOqZsRAgBLHsC z7nPIMg@FrmyZ};6guH2;TvgIe={o+Y7Ocz`tf|SS>AFZ$9n-W7W^4gmhaIqFdI6=_ zNJsj10p2V$%ndIj8nf`ce`z7nInL|SGwGE!$jYMLJHXp z?jT&RdVyZaib0`J?Xe=A_$ACm2R!bObCj6+VapFg?&}9d$#l&^%q-PT1_ZQS=(BvN z&98FInkt9Qs{An}=<{U-+nuSpP444D83I!qiafiBCuzp{>wlvw)HJoh^LJEWYZ~5_Yq_I{88z3Bl0l{eNm4Rh z>-RAGk2tBjAUCU1JIN3Ml$}FP`$k38{KDxIm&kInEsltz@T`9-l2m0d3jk-ge9vA7 z>yAX+%mg@+mecXpuTJ&v3Vfr4SMeu&jP2Nwh(VcPBukD=$*ATEce>>^dfNyuln(M(W$n%@>}ZhnZV z-{{P1c+VAnzSJyax6jQz^!Vm_*OpnST-WyF$|KgKD#pyCj;sT2UUrqgo#)Rk*y>(4 zRT6Gv+z8<|iF&ug>))6gad%EZ#Y@BAQ2UWyQo#YW+FL=zknIh|>uMAuqw3kSam!bG zbz4(~dE8}@W=U3;LH_n5U3om6TqKislgS6jTY1;kdG~yi`&U{vIUS}^p4P5&JMLLa zAai{q{LF#cKBQouTk`4hoCha$v;&dH;1*PzUAUX-QBx#%m%^qigy}4Qxsbi?c=dX{ zU`sYX*^&UoAj_{xnNnP2-PsH9b5fWfkvv)WI+Ls>C_$FOEMo>G`)CJ!kjLC?W`S^o zxsr|8M-Uaki5?C}dsH@Q250nY1<$SW5^gylyQ*c`C6>8#0UtU{wxo2X#5w zkMnXsNb^W^qb4)FPvs<*SE z*DmADA=`Snp6r42o{M`x%8C{3&bpsox?b(^H@a9qN`EH-^}7fKD3#IL+N<7gcH@z0 zE(~YJ{@1DUkGFG+h@dtRG2D_{6uCObkgPoiXvhL&(ih}Eg9sU5P`c2vz6kRx$;Xtb=~;=C`tsNto-}NLSBMRj9;VFd$>WBetQpB%xYn}>@|pDlgNmyc~IaJpX!;cv6yUH5-FVG=8|EN-|KL?N~HN+ z7e(JTl9G}dV7{7J?%D|5TvklDWL@PYTLfDjf$!o!bGjGQx8q$1+%dmt!2*kC2f<6= zxu%x&Qw}@)=$9)rdB*Pm?)7``nwDmjeSY?@W%0YjvuPufnoJBxF*dxOC=`h^ohV^7 ziDymjx#gugKCP#;Xh)pNDlsZhp{hpgEUy|u)k9TMyCVl;TKJEYSGZWmmQ+h9exSFj z3*&ng4q?L+cpt(@ohv zGP_&Hv5skyAtkt(pU265zyM&@K&#%}^W_lfygi+CP3`1#L$I7gLN1RJbSd~wmy`t` zax^s7Wl%rjhstQ5Jm){sjQ-lo=eyk^^bW6@9$sn5bSA}d-e)Hvk<(r`O3SZ*D8LsD zbx=xsrM;1+$nTeu<2Z!V&EUN}a93<~cfje~w0Pp$yo)?08__R?m@-6HRMZ9(s6RH7 z(YA&01x0_Sz|flWQ_xVtC>5>@#kj+o*8>}29!{(Jvm{$~Pip1Gf{qt>u_kLniR)jQ z0;lR<*)qQJ-%h-h)yqx6x@Z;aNpILS#==L|IVmWo_0BfyAU?M@RPf32TMv72TtQkj zAMir^>ahppI4V~xtqg;99Rn*Kyg1=>ON6^67HOw~0IGV>?ZGjIV55c;wyF4vIRpen z!aC2vD;9#mtK_3sYpA&0cUsiRRHj5GmO*_J1XaeWAXa4k+(O;MKOV!YcML2^b(mjH zAF$>JJk!{f$QU+XxZ;j%ug^$HpK1Euq=AZUQ96e z%is73;S?}mf z5fxh8p>OF1gXY+f+{<}~L|0h>6=!KlCL_f{de7)Pm(ML#=*ca5EI}UIx|O)c{V+&f@$9oKV;##jjI z?~leCJ{lBl_j;H~?+JU|*RsgvTcpR%O}vKgcC!F7=9qTSuuxu%v1_L*fdP^x4J=c* zyKlVOVKytWnLrK||Jo%u7%cj#7s=4!BIYzIOYid#U4FNrnpNu)y0;W3dM5+)(73pp z!BIvq^@{LY!TU}^scePQ@zv!r~`=rW!+ham1vgYUi0%FPO=XbiPV`m6LEHpCyYSENt z>`irA1Us=AXeL8-0B9tO&I7Q(mNqWZo}C_r^}%{)z_itKhqg0zxutifTJvG`c0b@ZjE?*1Y7OYNDf)wr`AeOa54VXIXL zqso+)7Fjd|MhTTbiEv+1G=tNkfC5w zNyWME_Zv+A@|Q^hkjuwK-nZ>J>Yta7ppU>TwE-Gp(D>7z)N__|OCkm>okwo1&H_m@ zh!CS5M^=qV;>m_D=oanOdH|~xBW0H%^hv5$UT4_x$+S|H<3xBN<0qFvG7taa^y21- zqZ(!RRuHrF%yd|9+hZfy#BSy!a+qR#tRnomATX&;yLLV4U$c4No%rBQoVD-Ve9D>{ zko25gyR9I)gt(Lj*X!S(yFSu?BwG9Te{uEwcHsseYhqxs=Gyt<3|FxDP`eu}MVc)B zA<`Lb4mcER?x_HN#iiFp+lmrX6(c=}34nnC46Kb1ySjpOn|NVQ#wz z zJmn7qK~~Ue22ClRTkp)un%0WRC&hJFJt+( z+*E^XroNvJ=_NDujoui1XR|!rh$rQ?$yEc;cq4aCiP=%S)I`HKIyHO~)8)uNAupx) z+d}5cCoqKpZ%s+GOBCM54*y=yAc@6KrN!5_+E!QYEtHUXiZ2oyYywBj14JZblv4ft zLwY{;`{eyhL}A5996f{=d7VVqT90rC7D!rCzO#a%+63*P5LczwntTnC>E( zUNBKUR}ib^ES%@zl8Y?lSlrA@QnEGCnmcPteotX>ZfTL{%Zld{+GVlD^C=d{RX`%O zg}4Tp-X~)S;fszz)tQJs@?*l~h-W}_bN(K`O6AJga;bX~IEy#}hKOUdb!Ar0qO{_B zd@iqN$7NO*HwBt5q(-yUPoxX885skN-9jHnZ#c4hL<&XRE0-7c@|FeL#`1yoiLqs4 zW>C-ZUgs5(;mJe|o6DJ>wU5wl57C_inKy^)?J(j-6Dowlf(!C)UQ2Nz{;?vt;Eq(@ z_w0guMGOgKoIOF%F_ybDeNY&u|z#tNr6PXtLW1ny@_RDqaG zN0`TB3MzC?yEpA=waD*(ee}m|_+K(C!$^tKy#4$9RS#+Do$R84c~qgp7iSYDlI*P8 z!L&C?Zb$JgultDmdD2UO4cU^ZWcOD)GXlBo6%Yn77^@N7=580VQTcGVyBlVv5E%#- z2zQ^==ph~4>8#9TyAvM>;I?LBeSfnnQ*JCPi>rR4dmHoq^Y0n8MccBv^?!ek{`yCF zL4GZVIskY}U(z#;77kZusjhGy-hL(3cJ8Z-ph8X>hw*5$z7V+Ko1syx^~xP^Ha)2cVogQhnp%sG%WXv z$WENMZ>}&mWp7B4?$6%plrD|!?s8fd&mIzgTHR9sC@WTz89iDZ_Mp3p@hv8rG-39v zrI>GYnI>pt@m2u!lJ>MGztqc>LwAc7URi`EmFO#1T7hnu3#pPC0LD~^tOi6MAj4rg zKh4(Ic|1husW9lcHG2D0O|;fp@<{sbE+zhDnSE9IJVwLhOV9VLn5WaP(8h(5FZMy_?j)=W5BdMz}GPr-?VKG(;#KC>fzi z`flY?zefettCI}M;#Es)Ny=+ZJEz%_i~N~5!^{PwYJy{P)68UGHK(S@#37-H+qOj} zP-)k1U<0W#VpIG0dE=jM4jtRGq89e~Q?scP&F{`jG>7U2h??1I;Xn{wu>3Po_<&v! zfBXHW$pll=3~5;dq_eI?aSn1QMYrft82GA#Qc#pmxtC56$N+ z7^39=XlDA?qkXr*FWHHU&g=G=;fg^JY?NJpqK2I^xea1w29%@tva;}Nfy-!^v-2}= zr~;+qnL$@@f5Js)j-qX)@ZEPq3gy}` zuZSe{F2_?M4(?!WmaKwMUU8&lJm{DCp$>2zaOv28B(^H0x_sc7Oi(7)uSF+0e{qI= z7Vu*j{#Zt7XL&=`>~Sk$NQA^3qq*1G%HW;bkA~Y~jGnGfYMbxNC{IS1k0dO#WKRKk zmBwb2zJnwswJmk}0)p(=zE0=MlS=Ao`0HgZ?IUJf=tTIcoZSzt)jM9{+WENS_gTxw zBSB@S19@5!KlM_gi$DFT{dC{^?|(UCT^`sB6$mPJVM!l;CCc{a^K@)6P5ULv2508_ ztySR+i{J-;2u}ZA>VFAtqj8k?coRIJtB9AQRxX7mqqHGWex>-2fqA8R0L~`t474-@ zSisNJ{M(E(>rumg+Aj{r)Q-xX`%`Js`{(2UlelSWdk%k{nqruH;K#ud&LSm7YsjD$ zE;S{mUWQK<*!-52m5~cmwO)JUo1lZ7KDjs1Frx|m<&XdN-64%$eDe4NS)P(>5!|w){hGk05S%h zJj&IF8ew{J5r41s9Agup0#LH%87^Sn8kY5mO63Y~+~EzgIhi;v+ejKL8~ZA<yySf9Br#zu0^4u%^;=eHh2FD+~iDolyh?1fAQa4JEXIfHP7A zDbhPAC6rJEq?afiLWq=rw9o^D5+HO4e#_aj-Lv;M=lae$-#Pnt{r0u_gRGV7Ezf$^ zyWXt#d7t~fk1UE$^3!&SQ=7jpfOC?@R9UxtQunenc3>ZJExo9tQf)D)!`VT1Hub`#8sJ z4@qHkX<6PNmmMJd2w)J~7u@A%v0=@>=)%+TO@IDo`_}`S)O!3$URgmV;)X=8mx4G) zgpr{L5&oHR`j-RIg7Qw*SbV@6m1y}Ou_2Hyut8aq%*KGqc9PFc+A)l`SqMGWtg$FN zE9+CQ&S`9uck;)!&*aQD`nZfbu6%D=?GaHrS>u-QO44o0fg1=;DyiCO>VviH(PC8( zfmn+5#Wu^QKyWfzH6&SJq8W-bbU+}%dct5)S|EZF+}^&e0nl!1-)@y3Uz@DH-&9b# z2)dQiI^1B8sup5#MH+lwBEa2?K6t~R!jYO@^U8yrtu*+owy`imo3T}q+xGUmxPaKk z#x0NGq4<#kN359HVp`EDD*(&nSW$HG+RO6se7+2h#kmlCP%mm$Dv-01{DX7$IT&L7 z(s<%1nBI0Z%jlIj?mD+y1Yd=QqSmFi;l)qOssVP7aR%KeKV5@Y%s6?Jw!3DL9$NuM zr}nx{YITad8GOBF&nqxENt|3*Z-mTwJs>d2CWx z);OzXdt9WLJ!ar@=|ZG?C13yGZar<-IV0P;QMG%z*nFY8mUow1LE~5<>Zczw0DOM6 z^3Il!Kzu}{2}%r)fobCXJ%i3G1Q|j$rBPRs*fTv{C|M?L&0e4Jr_y@r`3QUAKMz`^7?SEK6tlJRSTV>R|Jw{2B(bW(FV zvpU|#MoxZjl6$vub6D5DKW}S7rdU&q+zDK`buLW0q|=*XR5Imd+Gi+*1M5Zh9iU*P ztg+pDu0B4n2U7w!gc{Q;63`1`ck}CVFt5av03=FuzSt0ur92M?Yl(yPF<=dxsHhGr z&EMjKRR7-E`oDW?>u(RzfBEQN^Hs(>pZ~nw__}zMU3i#Brd6z-bNslAL1IkVc!d!3>kByKuXjMkdTj3aB2A8$`!5RP%=TAJ5e*ll^>)bu=zWVb{qvM5cA>qRm zJPLj$l0Dhw{^2=-f+))<=_lbAgX@JHKQ(m`toz>4u6PgAyf(Kc3pWRDpJfCIj{mZKr7zG5dT;#v^Z$ddaWKKJ8yROM zVww)C$p=IrPN@AgPPhuh358(Th(Z%@RbXqp&qn9qNqc!Q!NfZzYeQK>80iu2ogK8L zWeiW*h1H(x73W&=-@4+s6u@BoZERmyfDi1)Uha~8oU<2^*)^Y#Wow;c2W&}!nC>m&FwsKt$qsF@*z8IRJAB5S6O^07#Q6C6%?wH44K#9N+mzs^{(@w zwK;i5cpfjlirLD4;Wh0v@I#^2ti%=YV0Do=n72q?C#N!3#h84$PNCF43@{+-9tt3LsW*@3jBuJ6iLg@36ImsR5FU9Kg7b{3M)y^sU zKA03dwf{nO6@7g3hzGncVO>AE$R2A3^^5k>Ic#1;{m9u$J?leOIk2-BqZyDXudib3 zN8S0me%OETxq?blXcIZ@4h+WyU{W@`4ps6DO|o(`^#fhuuI(>3U(}hM44g70?>*Yl zLT)&B!OD9h0nvy;sX)LCH|St?utbEM-C(q) zD|v$nMYlUt9Ms--xB7AcXsHQKF$qd0zs0BOai?;{{zcIQlavTT$EuH2Dw6e9Q7za+ zY8G&^loo5B)1m2zft9GlhDj=69O2MKT_eoc@ZqTcfBfCNEb1EdDtPc>gHtX=r`~z- z_9%4rn!;kpYqN8CzlPt9C>qz}E>t|b%~Nuh($Inl z(b2JP2~Ti56wB1LW<=ZF+m$&%)c)~4guDK?+#K_`tQMpqQ+R^ko(`v-z2Me(n0q2B zv=+9UX*f9+y=0N#r{q;nl*XwL_LEK?$6S;RnZ|I;rUuz4{BsALx~bW@@v5D;0TfZ}gy7Gya!BdqmbS9;dv{2t zqYEZiU8uV-@ymeFde(Wqk;RilzR+)5C>-)Fu55;tORBp7j3n8WByY9>Wac?hKSSw+xrw?^maxqjfXlQw zRVZbHR+N_z)?bdCt8bUyKG|;#k5`##V{SpFs8piK)6_iTa%+AQ-?mTY{ts-Q03N#H zjXg4G^-IcC*X)&uqv3Ng(Hf8O9pu(ZhJU)9=3DeJfAqGJQGv@jPNoKiL8uV`dJyZz zusiH~YA)dR14+(9Wql^8oyB~MwT7>>Evo1kyp0Vb%{Y7wyEH{a0Di;*9Ulc~IHKRX zucKtcoZJ1B??g{jY(8=i`F^TOR0;=$Bt9>Fw2{@H(yX#OsV-KZ)29;c&S`AStG9hl zyrdEGt5#{q^;DUoa5R%mlA|%Q&fH!Z8lq-yBWWJej$zS>a3%(=rPeQW!d*1>_$j25 zgO@R#$uUj#l*~!vNoJDcq)ZAv>T`i(Va~8p^FtghIs|TnyxQKyB`j@RW?C0XB8C81YUX`5~}}15mFP06VD{AN~;fxjnB>(OM2& znA4cp(daI2S_~|Pgi})&UcQVrO3kvjk<^~366Z`OSR0h;$k{uGiE`)dGn`_E)Y_8b zAJQo~vLzpPc)t}}!QNfbT7APTblbaojz?)!D&&p*u|dh`ddWiI-emg_-DzUKv2|4_ zP6wASdLa2pJ(?AqZX8{da9G<=-KRnDy3C)mtFKKev1!5_rvRD|n$u2WWvQL%gV_GG z9o}C&du}nPn+N9)1op<9>3r0<=%iC#Ahzvh7#AG*l1r-w(E4()JRjaWXM>pGt8A1= z)Ap4_8{?VM;c3U_>g?+J*7RSf`iY|otr^0LFT>tVUR{oFW&d7JIp}^bI2(UZaJib5 zfaz=3=t_G<-y!VEud&^=rQgwm@P?Yz_cv7)-(LRqzyk;5?-!B&4s|pmXI?2hE(M?Y zWNfnH*V+)=gTmY@Qeri4Mx<3Tco30I@FB7hX#4okbcR_Nq*hEkt6CV#9 zaHNM(Zl^EI0%5O-pa60iO#3C0W$*FHWFS4l zg%z6)%kI<{@sdBDOO-e(G0tcOApthlG)9~>{nrqh7Ub-cLR^>(`}R2lZP^_lH}uc{ zE}oEZU#LRL_ohylUrrBRInF&Y+_h<6&ZGd*stZSR*^`h1a3QMW#1$VkXT1}23NJd! zj8XDR9c(;SP}+6IzO9TE=Ki7S&st9j-C&Q4yte<{>`7h2MTHKIf`*u4omB&Ts@o%C zxymj}7Rt*%?7qvBKdbx?-(9ry7?*kAnY)T|T@p^XzecU3U2U5U3Odx@@fs}rk@644 z|MyP+shohoWjJ84`yE^Xa@dzZeh%km1Yea|kY|P?O)q77bd5T;J?O1Wa&y5(o9(9m zs*v*jf**5sQ+RZCv!Ne$@^Hs$@M^P^pZVXpLq$6&{E{6 zNt-NI8kVT=EPcgvzZcJS;WK9%^DtILdz z7_i?V3A#flobX0vZYbNb836QLNXzlSw?b|rF60Ajc2Ig3xbJr~r97E1ik&asGhLDY z8bvInEcG=5QN*_{W4D2@pm40p?4uuBkf|=?fG8x>z0T5JuJM2`R2|X|1Z!OXWH8p5FVjr}QfmTS1)rxscf87*zib zRu8pYiU?A&ATW<2ZJVzxz1ipL8o%=iyOT<}xBI(28rB_Qm z(buL1x>m~{>~~CK${YF*D9o6k@3K|YdoS)WvFiyhJe#aptdHHrf!Zu`KG}HL{OrJt zH7c&i?P&A1@idoN;0vrP6^R(T_s#g~%@d zwFH`$vpZTve|f!^4T$N=?Rn89%Y1nA=_$({j%OE^Gxh%Ry6An(5u*}+A=+Df`(ee2 z#1r`gU}aJ8mzBl(o&tLeHx28W(?W>#f%BVyO<+Nw{g(y7#9APTUE`-V^!a)hbPVUR zfxjP0sr>OsH&#R@D++9_pZLCaw8B$2vAxgG{9<1TU7AR%ONQW8Z&=KIKe|Pjk(rRM zHIPACpV6szt=KNZEms&5sVtz`j!ZBN;;j&t(t)M96F-HzOO1CBkL%8k2M!3$DeW%x z#A4a~R06zK@dwq1)xn{Yq+BD58SpYuF*$L5J>F92>7E4nXt+Y;=th9S(y0aN5TR7& z8%wEo!Y3Rp4jW$b9wj-SSf7l~Pq+JPH(iF$;7ch*srwyR6<%%Y!^;Z4aJZXtfO>x$ zigFqvuH@L)L2MiS``KCBD+*(9SO1BfA70%65=hDqVEaZolV{gIEGKWx9g;JY_oYY%ea zO{U5I3LY7Q<$cZaLD%kQ3w}k4RENo16t)4_kyG;0*DOW7-{bcQvM-X+!ufPV+W8zofA zUCqmb9!yQ*D-sbAq{VfYc5rmxtZZ@X^G^F)>XVAN?rhWg#M16Sm>(Ws)HlUDgd zTkaXelo8V~B$AWKMDw;3M1P8!7rL>twg?5UgUsQw;GRgnY)WGPGej59jN_)NmSy9zB0puZnu#nS zw0dU>xLUJB-DqLAW7B?!w2id9mTjUw>J`A;+$<{WF>D<EOjHy|}6FDLFpd%)k? zBCrTTwu5Lmiwx?>9Zs4kGaBm62n9iv&*Y7c@#N1;1s^VZ| z$*TOiLuRqvGu0gSfUO&Q78_-O#pDb@{MC_6Z}${5WWCd|Ulap~4w)f#i#f~9nlQew zz6xAy?a!-cIW!tdozF8}P6-}*D6RpwuzWgy^J3R8^o3s1g|)g(Ht!<+&t7^fBxBzy z9Ev}DJ;%KY$+?BxeOeDve~(ev$#sl5dJJxv`p!>n!v#EvUf%O6387QyTp4@iQ?Y7k zMY6~AgCd(|aVZ(XRVJwGHj~eaUrwiN98?agiF{OrB6S<@&ulKu4W);Ge;zT)18dn- z0rceqOUgV>y+mVgKj9vWDnFhrenfe_NTh#H8|8R%BGClDe#2mJwcu(%Z2~HJDTDLS z#8a70E>>=6xZ^=;Sq>G|Ic*ms$;@TK)sj`^rABt;K*4JQ#petf2z<^-au;u^+pj#u zR@%cPTnHaJ`ye8zYTjfYm+{q@fYpe1n2)lz|56^v#EM8VdOc8-QHW z^$n%AySUlFcczES%PEP^ZP1>#ec=PU z@&X>3%<_iGMP`6r+R>ftV@34r(pp0+65hf`5)|8ZS$yAUN_p9DS41FcA72+mhdk+x zzCN&#dG9JqU6)jU=wJ)}@gr0SRCPnP1-|zvQiqvh2Z64um0Z_t!Jk(#{{WWw_hRDTi;4eTf^lHN|0gXb&MUc(?6??Ot^PRJ zC6RC3tu|h1Pd@<-j$ai{9}OSk)y%W+R}ox--R-}gNI%<}buZX1MvOO@U%`&XXd1dj z3YJi?jnqs5rGOv-ja@B2e5ND`OZ>d|^KRxIiT&V__1@F=u@_@6Mtmlk{AaJlj9Js! z(fo6&hKll6ht)DbE8O%ET8>fP$R{NVsq`~(dZ404qt&7~HQGozE&g)J^8m=M?{eK6 zAvzzDmUrgKyVL-y6S}^%*uRIvM$+)3$6cC1Zj3z5y>EWFK4k$=^AKDc_6$dSZZ;k~ zI++HY$Xa;3hpe3WJ>O(VFnkwS^QUJe!1P@jEr1kkk!a-QB^~g)b%iGYa985+1cF5Y z@j-%F0rAPkc^3{i*=cDD2LOAszXE$lPRRuGrEG>LHEVIt_S;grb2s0H1KAWc>l~oT z$P{aX#UKBQ6%i)>XRsm+vN2t}a=l$Lvi_TZSc~WS0V?)*psE|)HNE5qDVp9f7*fb7 zCtq{IRpLX*pZw$I*XivcM;fOoe!p_g8CCr)lY-G}`U};%f|JwMtq$@+*ZGa*`Q6bs z$8#jY=oI8xV3Zx|7wz2q#qa&E#{2|~YY8lZ}iRjXiPKN>aq`7bL zzD#?!s?|?7oTNnQI;{=RlQ94w?dYt~&Wd9v=ncQ>7*3%zQtiwr_@u?+G&>*kcZJ&4 zOY6*tBXW_bs;p~X7U;zLKIMIC9-N^c7XZi7o5PYe1H~LumztV{Qr+s?| z^UVRl(D#&lo!IPbJq~nM_e0=S05PbsOF4G;QWsKOu3gb? z%y*FRJjUsPCp`N!hN9`B^yE_7wZXwt`^RCs49!=-2gmYrcRz->Q)=xU2*Yh8`!O~X zg4%rA;@R7_=>r(e5`lEJrnZLs6r1xss%^&Lx&`pWZLS$jiNhI=$1Y>D5=(YIFykHw zSsHni+1CfQu69;p_>3NpfYg}gc;`6dM1w7Zy9A|XaX#gqu!hrIWtf0Bj$Y61PHSn2 zdjt~6{y0lp{HmmX3a(E+@mIs zF+@Yr7+hTq&h3q{HBh@If7o4v>84CV4Cty0dSG*%5~%O=^W*M;F-B!$h)Ah>!SB*s z3lKYfv!RY_##meN$P$fHHiMGM9L{o3xv-?nNx}rOW3g3A$Zg4_Rttwr_0N1+T$s(m zd~e&1@hVO^eAh6?q~{8qe#*n$c7{<3gE%e5E7x$Z`cphpTq1EVVC%k*VU^$llSYG^ zxuetmlZSlj=cI&zSNc~|*G?uWl zR7xiFZN4Kj7(Y~KT!w>TV#K~soiFT6-9i|=_a4OpPvvSzs-FWIyf(rOrNMxO|g#H>7Dz(HW19S!FT~JMj`}Iv;`oH5(YytcU?koNTSh;2$=!n>#Fj^bp zU>Em{fJC!)LP2JXNdS*+80x@XnpOKhU^J-0%&>9$g>JXNcaP8JZE-A16p$Q_-;K#} z9AO5U54GPGUGY^G>7-L>o-2N9?)>=~)h>eFy}fTagX=^di0QlBwHB_aee|l~ zbYpE{_bzN)-^0?(qH};_*)+rb<%#iDv<7dQ^!SaSgR>2d6XHZ>F+GG+wa2;%LRP6~ z=~Sf8l2-I!kC58wU5r@RzU@-bY%oL7`jq>$L-GY=_j>o^YDWz60UvlBx_R(JjQ8Hr ztK!;64^(Gwv(;px&(R0lYQpF5T3(WEG?{(lYHm@xyg!GmV8l6=i+ab*>O@O0=EMU#;<>84jCW*m5dqi`a{6|*J6V$0X_uAbKJMAFD-_9<@;Z;L>G&8F13H| zpO1K*by>ODavb*(d+w)tCo|cr*kq zwB-;_1ZR^rt!4H$mW@_2-1j;k@%pp6b+L~*mbi~a`W>hkvw4$L()9h_8=7dmUjgbu9q6>TFokmR*<1)6SSgpXOLu=-8$^JN>ng8b$MujB<@pd zHd*>PVzaH!Va&vHJ17^RA2>L$1{tKuNDjX8iZ|DkwOlDsgF}+QC9(m%!f8*}gXy8O zafJdrhIh9ycl}ZrGFS1&xtFknciEJDo#P6rx^+*RWwPC(r2S;+cv?}0wbRYyVriKj zoZ^taH#avA@-i{}`8&;OIr`drWn6Ex?+$5ST27hk&)2?0h>T6M*XWE4wiFvsd)g^? zuxW|A-`ZTdD*dwc)K%OxDBruGWnFi@!SF(z>RWJa4zy;&W;MKvg&C?gJTK)j55<7& zw>eAJmDeZUD@m+BQL6H^ow@zOGf#;=e`!-sRoXUA)w?V6;=>CVAW1K?7-3gLL|YmG z8Gw%I(tf--7~x<&4JEO5uN=;cF-#>o-G8~;fBSzSg-5_-Li0o5yQ@Y=N{)rpzYb2T zk1%Z4*T|w3lVtOEAU8=SfuTQ$2DPLTvnY+r`R-ATa@n9wge-`4b0zWgYO!+mhm%Q# zm8-qdZ(qQ&z%ST6kge=|S0@;7Is3#n^ntZsM4f2}^sX^mMvXg)qOFFKSPC zHj!~E@;3e}Mf$ zm8HP)6M>)_(!Qed>1&HAjzJWXn@5oZWT7l8jMAUZE3}p>oeIqd?zqx%&5YjH-T0(gEy^xu|Z}qpc@7pEab`pMet-C?9*zxJX=^YAaI6ybXxMm0a zD+kz5p>T5d7&$3(*75nDRQ|`W9$iTq7`&3tVRjrO9hr0CXAiyr zlmBkp>>n%tkDjyNPd@@OpD*BClTWXaE89N!QJ(+D9aymh@Tg6NEK;1{Q;VYBZX7Ft zkcEk?=49pmglxk@g(QJMmvrTON%q(Oyp6M3(4ZDx{uRPAl}rveN3ae!ZS^>B{z;(W z#wqG&&uC7{rQzmv1#cFi7t=<5k|@qk!;}RLPYSVdByb6vd;PWTO55P(AKU&;#(yX1 z^3KvhbDZp8RfHPxDZ`cLw?87HMrCw*Wdhsa*H`n*S50ecWUDufi6yR*C8vot00)vy&1f80OIJ*^OVxPRE>Wr}_eD0hFr zsS(B(xz?&Ai%e;dkqlbnnw~kYuCF(~*N!qmGo;<8PGt2MzUz3y*Sf)wSmih+%yc|L zY%L}`yyZ?Cf@?;_I2rs~4X{3TOTW)UneHU7%fS7F zy@tiKN?2GxQ^!d~?TG(9lZ8xP|8;qmH(-cw;$`*3)nv(Q{navx^o4I7jNVHmI(2TC zXQU?}+_{8b6n*-&QrTC%E!kOON}vNzIqt_5Y(!_LVD0SNT&-^1sb#RPk`x>j8?R-s zl+yG9)+=FRH4<-&9gfTj8w<^HaCDd$xmj$8aFkw{6;~9>^OyP;xI~J%xY07B3rFP_ zDmK|J0Dw1iDsd15+P9dpAZ{EpZM>Ge=U0hBb|OJ%FN_66XU>12Y5~HKEb{&vs0I{n zYEN|PC+N?+wn2tb27c#h{@Bd3{iz_YAY|hjq~ZSLM`G`3IdjR*RSw%z8K0Qb-3v%QSivhC zZ)9&(Ew!v3BPnLn)}X=j1R4XwU0)pJ&Cka|TSHAj`%?<@5NyEczTr`0OQ(O{wLbQe za^hAo_Ws8`i}?cIFI1$4piXSoars91u1`SZ{$rLDkdXy$9-Q^di#1f2))pYg?D>T% zD*LbQV5taQ{)Lhd1x)Zay{{ zPnp1&zA~uNcfrox6H>`WMX=~!{BoiXZ1=cVz)Wi~7Hio}8)o0pE9P_K^mM)I8 zcAV;kBWn#94V82Naxlhr`A&b%gyHRKThRn1Z~hq0Qelv4bY2&KuajTd26DpNu2it( zf?2?mhP%x1VnWXRvF0L)d9INzPt9627y`b(9h;D>^qx|=)6k&$P*p~_#86Asq|TM8 z`T6VxIuBOxB+ z;^NEfkfJR5;Dcf8bhN`-r`*t07Z#<>4^&irS~DEb3yP?i8`z8uWwGSPq#{j!{2ogB z-P%OvPBQUy0?*88jChc3y_KO`2FyF4^X!Zg|s@EKHk z`kRNS)bi>|)iBq&bBTm$yJ}eSt@gd=HgYhoNutwcd?>0}!{gVpMF$s=RyX2jFj~Lv zGNdFm5uTZLi#HPTRnmRD?a3@Pfe1eyk9Le~C%|qX>&$uz0%wpq}foOTY)sNUBZ;+iJAqnvc}>XVH&r9a;YHtaW)kzbvwVP5~oE zzyLkL=u8+}o9~;r_=PIND~u<^Y~#eAtzWK|epA#9l7)9_)J~Y@X{G@eInRLCqHW$K zu{d|S6COdnP(^x$-FAmO<0X^}P3EHAa38cdz*txDsp9SQh1z0AoIu9qj;Oxm7nsUa zmDIj3R9ji^TBMp=^vQ zQK_%iBSyex$7{BPJl^jE6rD5M81GKDxoPrFIvu{pNnP-T3a_3U#X{oPO@%J98;>n7 zwy7>vXKd`kH6Ob^8!?rBT?$M_7oFvM`Dc-V3cN{xxuwTaZrE+3ev)AVWzWJZd5^?# z@W^uS@g@$%k%0EOvyH6^13+wCUt7_hwmmk=hHmW#OK{lITr(jbYSg;N2xwRNTt#tZ z94MLVtf8Dl*YWb3p>1n#fi8l8E`%4e?KYSK)ulHhnsUbiM<5eT0khY_#vZj9oSfq-hpud_Y8yVT0J9rI`X-#wOe zLvI^lgTagJ=)EfWsd>`ZOJrxRUD{5C&a)fsL1&W}s+@7O1%>E^rRJHC$7*}b-nk#NXZW2i-3|Fc`=clIo* zQvnD00uFitI7k6-5F_BAf0fIBvmHtf(6c=W^0HR%EwwFo!s}Px+0853gGtcn+vF7S ziQIkYD;W) zF(P_gPh;f!K;gL=i^i*wKR(zsf1DL5t00Fyj$Q59aM;+On zm^2?(hS9f_3fwO0)G-Na5VtK~C;Gqe5HMfL$R9`8XQ3P#4MbI}UZv~zVYd?$75P9r z)oCtWKRYC$RNO_2H63#U!MtS<=wjXmV@sY_?j+ja zpKaYoC?zB5c?4%I2`JdF7;-7n%Ap#dSW@ib(Y4|!YhC`Bgo?xMPG;Fjz^)gf2lTD! zLi9%ixrGsSJeQ(3?HNT&{uu9dDoo7(|JR*@_k`Tcr zop>uexiW-3Ueh^V#!E0UXv*`*3zYNY12N-Do57M-cBQd#EL^eDwnXLDJtpE(vF0E?1PrA5=e%r7>D{R^%2Ch;*~b7h4&GHsB2hNR@}pg;l771X(k73SB& z-fwNkK4O{D%rZVZ_ugodP|2=g;m_!Iu*hUVPqXg(G_H*FFG8KkE6k9O&i*XMX6lX- z=ICs)P196!7~k|0!tS%)eYpn70{DEo4))|0slY@ws$LJ9yAt$$#hQzQmu!)$zu;R~ z!q@V5r{8@o|Ak7fydSd??V|qVK#8PP<3r=Vl&w72aw&OFqC{N1s1A0su#a@nE7j+x zN3*6})3UYYEq*bru6|yqdy+rGcQiR?;6c`oevZ43sJ-)G)9KWYwiFE{QU2EH`on>A z{zFAGU#Q#~d-9&q2(7u+IimF6Ejj8bJi^<_h0~mN_nvIxH;#x3mzq~b4nULaTfk4y zS+qaP>X2>mOIWo~;l-dD(^qqmWp}vcH?v4#l)2xU z5gl?U&erdI^K7hAGU5Rl?SH&l^o)DIK#mRA3TiS|_)v-O^m7r{Bc=?~q)RAoJ(h>N z1_gKt1><*?UbJxRzfw84Zt@wci6{=xWB!F~*Nx}BfED;=u20+Pmi_Oxy#G^MvZxP& z@B$n&My}Q%iL|0!4aW+5 z{fj?bv+V2_D&O}(zt}cM?uUO(H$pB@n{01sm?JX0WDkJ-FiTalHn zsegnJKTE*GHtEu2nM_Zcsn1F_OV9kedjS-XYk8f;5z469=GGfhAuUT8)dnK{9zBXS~JHArj1aU0Q zaBp*TTS{{9VLD}S6xs@6+0XS&AN^a4M@_p7$TT|QPr$gF| z793{#yU=V;qq;dPk!`{-0v@e_qzpdRiSvUE$!*4ay-q$rxh+mq}N z$x-}ImOPaMZ@*C8PJhuyI67{>dV9}UOkpA34W2P=;rmN)7Fs#%Bo0a=n!ZZ<;a>ch zJs>k0r}>cp3kaAy|Koq5Q^n(-aGys>tN3OOUE8AS#+F6oP*SEiZKi=Z-_U3jeJX=( zqCP^WVX#vKb5ZlIb>+Qr9lx0Gwj=|0mK>(hmy$<>KFakJF}Oefwt%Oiy7*zcsTnab zGea?De$I?DJche|C`|_Uny&DK3#I4Hy_ZeJMoC`D}m+K zqG&b?w5DGjax}BZMK%TeRg%d?^oS3j9Uf^m5m}*s z*JjUznSG%;9onlw{dm_xUc(K#5v^e6N7EvB>Jl*G)3rR}bU=S3WBx?tUH3K>)df-L z0Isg=GFwYTPpxtNQ-sc-TS=8h+~r~Xn;!9mB&`k+2aP7~$eWnRpWFzpohAY>QGJae zXhdRNk0M_ogN_i6-ZmK|r0zmZj+yOZUlZS)pbbf=na>Z>(>J@#?Wg&`$g#tCoR zOCgPlPTx-;B7StIANTO+{89C8qa`5o(|Owcs74DM^I#TRp9dlBpe*^97fA_#&_u{nZIrknTu1AS4(f z$(NI|NERCsrKP3AU?R!zqEu_K@$%r`Z^W5p>mJa^sapRL9OGxuD?XlyV-t|;+Pw;P zGcc1b)K9ZI2@dK1$nqTo*`YfB_?^>r(*ZW2n~^G@fbNKj-M0PelN;wSi=`XL0AaeP0`VwuwuHi zS+Xy-;<;?saR^&7jH7cP$VyIaxfrrwz%Kv0B*`LBj(tzsp(WT``xg{&gHv{iFDDOr(0_{8{|xMpkq2|ELVKUu4ssc6a z8RNVx&4gLN1Dbll&RVpQ+a5XnTki4x@0)`_2-~8bV+)~-X2(pVm&V#eJ(zwTR4JTs zOE`lwxo~aA$Ht*E@W!P*HG=b4iOu?DW`+X=@kmzN%cP72bZ6tcI$ z$NX7N4SMSQ&a=ZFC~+yxzDD~`gguVaYR*1Fs+gOrr{fY*8gr-?5cLX{rv+#ZF?KKq zDJ(ec8A^mMYx45a&x)%Ec=LL9*-k5kIZVu`BcP^~VOp`d z7gZYN+GhL1=HyTxya|EwJ`DqFPJu&m$|qUrlTd$AB1@WBR1L>5_8$3!>C=fy%$bSQ zgG2nPN<|Tf+c)YEBw07PXIJnJo2Ol46xNnW(+;;dGm-q4BBjTg?krosnaAEHA1gm* z$3g9>Ks*1zd-3$Qo*?5+FQ>y1`^=P-J*J)TJ@mZ;*xQ2`_OrD@TfbQ>KV+(WqA6K7 zy4LlFE_^rH>Vsl3H{Sa*?WN60&N(!9qU=DS0k;Aw`{Y@d139~%ucJ?%k-Tz0W8aU` zqUba?#E*s7L|5q6lPouv9&NG9U4UB5FZq|UcLpHpq7Kqr-OI;fEVCbHJ6F+!$#A^f znvwPRLd79FWxpr7F5d3iKI9)2*yn%sNb%S<<(c$f9P#^AW;>K|26CrQI_+71h79sd z-2IC`eW@o=UBGPuMgEIdd+UPUXH>7Zg7*^_g|TgGv~4vrI7m9j>g z+et)d@jOJvmibEOjfsuLM!s|V6?{k1%x_Bd4(4u!gSP76wldr*uc)9})jxU_D!Aq9 z^_jv1fpF1<7?xRU7P~D)m2f*DDa^NuqRVJ|M;o`=DFc%%bVm^3+Cq%fKvH#x53wuF zF2m{$B8YuqNMlx517~=b7EGiydF)NZGU_QD%RYNQ@VVHo zc)mzq`{tw8$|U#F~6T7hFj(B7yU0+~YA6s9*xX=CQLW{4;K0ih$q z@eQHlBKTiH=zRMf_{W1YgiC0Hy&*S_lC#$XV~vZy>w3RZkiq2s^O~k)XAFRKK$!OuCNLn-$Z;Xd7iVbP@=A=19Aa32d1;53%Hm&aGk>()v zRGUS`^$K)CH?b;HQs>i>Wv*wfm0Q=%#0}3wts?U;RIVj@l%lMS>O*KiO`_PCBtz@R z&%G{Ht+W#ky4E$Upp5D5z`~va*uJs#u>$Yp%65v^)`dV$R&moWRNm!i@YS7og!C*m z`^Ao-z~hTBm&=Oq%&=5I9*ta&&}_y`sV)s|1EALUg5GDxlZw*~ka$BZInWp-pj$O~ zK4~ekN$zX}g0lAmVQko!EK4K$h01OTrqLkD?^%$o)k8j2%jSIn3umFwN;xryNiHI{ zaeT~@gBgR$!b5oONMD_$F;Dy5ABYo7o*VK@eI6_I@{8IDAIifs9)vH9c(Ic#l9p}{ zgvMLfLNm8GbbtgM%^Rh_Mv-0?eje&MADtSvp?|31SeMx@PjNKEqXc@na++^K z{wlW-5UUtt2vGDFh(Wmt`&C?%h1(en?vGw(9t}4(2bu(NhwntOHG0m6&G!RhTI}H? zU#Jd>&}15z>?qJKTubP(sWJ(lKef6&9T?|w>nP*iey|_M=Uf6i!KeIdYcbynjK3a` zi1mK-g$mb318X|_}1lcLjm#^;7i>C%U!aX$ym_Vp9B*@lDAdxxI3{?kp(3WS??0=yrqRu9PL|;;=%6 zN*@SKGFPwHS!AcLi<)j$Zya6BiZi?A_tjFz-z;6+{|8I4e`8pj1yyVAO z1y@0{%wcrvh)vZP=T!TDCZ8W~hZz&P-mKzp++h)BncQ*6ep%fx;i|+2kt*tTxL4qH83nPf8#Vf2W)1ntlMdfjHT6|$l)D-*>%+|+Eh40&aiD{ zzY6Y?^vcueaBalnm8htqSv}YvV360-8t!MDWjuJjZoMY+cUf(JT?qvK`U#eqX4zvzJ%%pKu-hNuB?luP(giK1Ch=vTFh$I9@zkd$-As`uRWZi7|9q zb+FbF9%PL7fon`=gTit550u^wWmVSGy5avQKar2aRoRXn}T22ZgxF+ zxg(Fs&u!=L2|J>*C>*WL(x*Z;(K{t`aSci59?o1jeCGpk+~+njsCn@IE+5OW`S#nP z4ZgEDQX}Zs{vxpQwv1gv3EqI#bHwYnO-$9h+vMDfioB70Br6kBcICbOG=Zr7O~#LF z>P|1Z@p!UQMawBbY!~k024|VT+t)}=f3Ut#Ay7uc>FW>SquJD}C z(?I~2UVBZQT+}*A%!GwBBmClX(&&ZQ=4Qex>wuH<_xyhxpV^kIZ5nWPMFCuT|M@Pj zdW{s(6f#6qpD#=(94<`c8IFh$xsx_{`zUS206LgxgUIBv)oc}g_*>5Y%^KRzK#=X< zd>8)8krsLF(s$+0mgwsraa6h`LSJ#z?tAM|~_bC8hA=KMx;7502w=KQ0wvP_J% zA5r|$QmqgB+~)D}^{{PuZL+_87c$6^5U>Rs=*30j4`+UVVCd8r+=8Tyw@*|)n2{DA zUf#ixK|trt-upsMT3`p)PuHCzx0?b=Gq_e~JMnG}N#ZdNNu_tcP;~<&3$ooU zqdzLVTle3{HfbQIgQOe)OGWAajuwpTU!NB2T$U@%`In z>`ae9qe#60*B<|3l_42V4jIJvbw~g-zIBGd#dk*H#%Z0jUBo8Yqf5c2{rJR31rGz; zZqVF#z|LwZbR`5pVU(+U+I0z%WMX6QKp&;y+ZRyy5S&G?2H9rtE*HE! z=!!_xjw6OVtV5>TIE7bAv{62M#I*rUuq8T_miN4a1q>H%y>H}8RLdFSoVuj(qFtDB z%jeQlvBbBR7!sK$>K9#g8b_6$dfz?}NKvsF)Jjj~Y>kYaqQ10p6xiwS#}_#Qy_Zs@ zC2W_v3YJSWO<9Gf$;30L@Ugi9EZzbp1`|V)w<0QyE_LznBu@k*P_F3&CAj>xFfTTF^s3;h$ zK?dk}`}(j3cJ4`kkxWen_sth%{t|V-@j}M$#IlENY5aTN`6aTZC{E~z#ld~RNT2lve;T#w{=F04W=% z!JZO<`}NCHJF+E6Nu}J7G#~4L@tuOE?=2)fM*`)u4)t?ewOn3j35RyK(uT1S5$P~7 zG5`;SwnR@jNKM5+JEl7+6-Ik`B08q ztM$hCORvn}wBye~4w;9KKgfFF>-TJC42gRtjdsl$JDZLLJ-=3+L^%e`ur-iOk44=0 zcl`yXs?7WS{?HxuluubesuaUfbJE6GIRqrfT(tdj37}SNob7u7+BhoTmvNb5j`ndL zt;))}rhjfbc6`o+PigtrKG0 zF_CFXz{{vss{G>?ftT{RtqNa^J$wpsCNnmmr)y1y-c^hX6Bo(IV6L-k+oc%FPF|BusFej)B|UfR2&bsse0j;MHT1o!J%NKel~_4RoXs z;s-l1?_pap>frLadpYC-9c+L{jXk}o;I8>*8iSGCYVPH4b$&57IrXY^O=4I%RMow+ z5DhW^#Wx-02YXLi3`Vcsn8~skj;QE~v-dvlKF`_b+~4os``r7Sv-u-g$(n1dIm4Q3 z&Nb#3pRfGuJAX+yPxJmm>~?xL50du>W0OAF$Iw7J3KNwrGbV!jetf12k7E@ZdKx zDjX~=-ay9PG*8DI)N;251sVio|E=aBzh?y9E%B;~5_Eu1he#q`wz%|#yS!rai%&FySsaoQAf<<>rfYMwq2kROGK;%TVy6_rOoCjj<2L?eWEX2YEcz6m zo`R}QX5YMVoSX2^3Y^}(hbupAde|0UzuzzWKm`(34vcOiW*a~J zaU_qy=P@JCivNIA@#@P2uDtzAEz|`QzMbNndbS>30JVUx^9~1|2!evQGIr^G2j{c4 zkNSU_oK#ncbZ_m~xTlszGWfTy8;;7|Xs)XKjqH)dDe>`%>Fe{hYGQq`>qejR?tB5s z?*E2(byyYtwAE6Ohtd9sUXi^IAI$V4u)7nf^HyeUw*_#dDz<@bnExZm$CpPMRZLP9 zc@XNIzRY?8RI3d-CMEfp_hfR8*b=Uqk4JEAAQ6Xv?AtV3 z*S_k7K^{ssmqxAJT_HhMDLB+0hTn8NMp-iV2=)g_W{m8VZ@A@emXR)z+nlVQ4sHj@ zZBiulV*fr_i760Vo{9dlg~P_U9wCIMB*4;Ch%q05BwMY_7*n(-f|>RaaLAHJF$=1IaWP z_gR<^`^q(?l)A>&Lg16FRvcCwLT#k9)SLcWaf%;!+YbB5jboil4D7U>8$3#{I#lMP zV;G-$kXy1@=<~R8n!`=tnrtlO84X6Z%PDsw>?f|jpjmss0nT1pWXU%~Tk|rhSf|*R z0(4^m*mJP1$b>~BLl=suk)sc9q%W>3!CN$={JG=XbHB7kac}4$g=%w?p;4pbD4ej{6w zm+g5n-*TFKIOp>?fb%SL_2F>K{KR)BP3XS!zf>DTSa)0gjg0qPa!}@bMsN4|&BIdR zW6&A@K!`@u#z6N(a@f!Ruz~+8JO69?W^NO69qn~!FwE(0CIRm-qh}XmFcdz_k*~TB za2)X}uxbr*F-!HrvQi0~_H>(q2zY*SVi#K(sRxs_GQtYS03mSX^P|e8P^!1Bchpgc zGhO5G9s3{W+!rF4)6D?Kh1J)V`x8!eE?t)suP@$Hcf5niVm-{idN;tu$6y^Y@-Y3W z($?#nk9H^5OR-`_^5Q}93!mwpuT^6$5KdYl&PNa1A3X^lc0#o1jb@)tY|BSIv%L2I z<+R?sXxH`IGx8y8ZDakWeE5wqCobF++Ep*j{&uFMF>usW}$i2wKJ5j>Hg56oqIS5TQ8Z%*^nyo@`IOysNsY4-9f;VpU6MN=T^j_yo=-7HeY zeY8LW;2W*ZSNteHs*4Vv;_#|t!5m#gn7dP*8LEupU-y@jKAQrl3+d^aQK{?o4(q9l zSqfo*t_`aQNHl(EsN@WP_bn^yMZxH!WAmXkF8{@G`s&h!qetvCKT`^ZI$ zAW|T~<(|O%-lyMZN`H*a@a}fjB~G6$T?_JWv=gMcgg5DEKE$1qr|h#XbKpZ1o7XG~ z<$6v6zF^fWeWe*)^#SS_Jf2pC%9|}o0ZHpbKoCy(Z(DMEl=9t~+qubw}=x>!a zONG9(ZTfihslg(lwBBGX-iy8N*xx$oP;YT;cvEacxD z=;4dUGrEq9#O3|scwCPRs*DS=Z&){QG;(4$?fr5kgp&Xtl>x9W2p;I zFA_s}?iv&x?3)u#7Nu5&@p*0XxSg!8=mRGkdlFjJd0x=sw)oEbk@AuN+F+pl`LmXz zS%v-DgtJJeIq&0{v5bkeHWd=)<9|b3l_qfND5BL|PqKeoI7T&d@>u5c0XW{cfDAOe z7E-*O;xtwaYI7aiY5K9L=VPY7qOB)-z9!MDv_F*QezZr@J^rhHNkgdrHj$)XQf%mj zJC2bFOD6?M1{2(v0Aib6L7ncO(lkY%`UG20_p$V+l5pT^5c#Wg*gex$xfBwH#zP9e zVm&&iJYh*ZXVg%-PhdO@9H-_?LjXGdejq$b&m?xMtp9T=HAl7lK}exY}W4HfrAq3SM1qNhm&0<=DOEyVueBVGu%PViynqrs?6R zkK(3>vWnWpl%6xWC+D!HbQj{PHpBt!up12|xd~@1 z3Ps9D&ncnyU02mj?HwoHnNZa>8gtb{HWcFBGZmMLE3-{TMw1zYqb*9CKn6&?yRKO@ zliZxb8DjS8-1a(J3st%$vht;wqSj4@KP6}GFR0}c&fOdY{Ri)(1!x@>8^L~7lMM%Y zdUGR%Rzo=!6=tYD3hpb*Ho3Y82oFYD_{zxdo%L?yXvdNILi%^mXH%0R37%18hT$-y zzU!2i&^iP)o22boHNIaMdxO)g1VsV9y=iT2#UT9CgP*_Q7$9{P(4?J44&Qj4o_|-5 zKgsXII|;mN^ALyL7*aRH*Q3W_p}l-4wL>a)0}?<%l6#~V=xL`4Iod3hY2K_fQyDD{ zeuP_a9D;jt&CoB$)0MELu&|zMe5k0VM9qwUIgoXXI@V;v6$mS8S2)rp^EcRydKu&y z?TviVT7m2GQz%e`%PG*PcsQbx^k5d@#5%Hw&6Q-_K~h2(vcPU?wT^Rpe{xgRc2V+*1`suBkKeBu81aXcP6ztREu*sWsMNVK!sQ2dm-U9wTplor8F{ z#P6O28y)eon$xv#s%LC&g1t1A>g;NaX8dMNEU{rJLJ+DWNAHFJ-0JsPm2IEgiR*b( z*^mJ(5vg3vt1@gyf_FcB`FfeXfd9Agey$O2@2=!b@YNR3q+WeB#<_snR964K3GMwz zy(3(jZ6R23_=QM6oqH~gL<^@s`(S;`GujlG5Qe6$&U2?XEKcYHD_YozXHTP}#0+HX z=?M1V*%KeHb3O^%_C9rT8Jo>cH%>CDXGeHxit0pctI@P~P0Za-k!X6uc;dT$5&K=- z+@{sYH^Egp*V0jJ#%(fc(W$%7Qm?|12n4mCB{-Fp%GNo69#bHBmnMtC_1-{)`yW?o z(C;_7-3Vo#K)amzj@-|mtdXlUZxnFMotp;MoK>oTj7vtSr|4cr+pF8;CVBY}h0zOW zK0UtW>h`wl0TN-?s|ySAfBVFYX8;InZr@K)&9|Ut7-JbLCh&L5xi*1t8u4v$kMXFqI0n15E zqDo@1M1mLz7qi19nJFC|kEtJ!%h2$Ozudh5Bah6eBsmrl7Cf9cEsXsu@ zfFees!2U7;sTx(QSVK`SxyNxh*N;V9T``|k!=<5~8W?ZOgyOX>NWVEv=epK~&Nve!z-|8e1~Ea)L`RUv+BE7B|@wf{ulNSIslz1pm%7E38H7SE)v5^aN`Y zuVg-|AWW`l{d+OlejpV6$#0Ske5ay~#;`S|BtC@M5Y$nIyzy z{W!k$1ADN6@KjaMfv2!#tVyzJ)yZ#UQJ%xSoyD280@`pvnYoW91~RLNfxop({&zS1 zM}4VD1==b-f;?mX4lm;>p4fKEJ&ayBS0XC*vkE>8&0K@RLI+LM&ZAm-#Y**i0vP(A z6IA1?v~#l7M2;=jug8C~>;Knq9LurL-^i-YkfqN$Cov)`Ban4?|=ogNaX`h`DVx_BRm%$UVo;&Ew}gX9De^x7cMm zBF)TXART)nj`#ar33Bc82Lt?fmV&aD_Xp$k&#}EH3oCi47Hd7yGn1D6lF`~Ux1^_w zXKO7UnHVvT7R=yz-0+~i9{v3H`q0tl?r4K-K&DQL`|Mp~MWQiMG$Dpv|MiaLE;9fa@DB~>kW$OnhEK>+E&-Y((Qb&^^|HzyNPSWe<^gG zMDctqW)%9=A=GN+zQu7*`oLVKt1+TVZrKIeQdLeD(mu_95YjTUoka<9BY&{6Q~~u} zseo>D`b&IHiEPAFj_s#Bv?9=)v{(?1G(SS`iS>8c%HsQN<;LQ+-B|eV_@~>K;`yHb zs~K4~r>w+o|0!s9U@6nm>CZJTDTbD)j0Iqt3dt%`L=e6Y;A&0_u0POdQ%$QFt5J``u( zUayZ9ngtNk<~~%$ZpNTrH_;z-{17jEoqwRNUAOao{-xU>b&p(yhUBqV9D_18MT1{C zUteRcHkb~5BQkv~dF~diMDfhXb}-s1{lIh27&>K#i>iU6!D!QYh3>)(UKm9#hewQ6 zNJw$>B&zgt9n8)Jw^r$8PhSXGC>7BI(5X!$q}F2mITPOMC`tzagW~S2@S0nEJiO6# zTJ+pJeQqMKff%!r-BS}!f{~>5gXeJuea7Ly?8Xp0&AM z^z$R>gVLA0b~@MIlI_Icnsza(*4?ZeM?ZDRcD*jaMW9#OjMLi3^r`#DM~8YOQTvv1 z(zuFJX&o`+m%Dk_w{9myoYLymH%S?OvvZr|3SSmr2ivXZmn8O+?PLwAkmjjV$&pMn zPa2B>{QT?sClwwSfd;c%Yo>=Sa#GGHC~9)$<>T3Oc4D+AlVvsgnRO0B&-XmTckZr( zn_F)+1pUwVVntok+fq8-jJ%iNoWA8Ym4MHDGg(_Rps|27O%>tM0fWB?0!je(1as$umP-I?^0HDKkuxkPf+ljU}fcR}2(&(e_+jcXEtBwV`%#2;>e>>2vzrD+Xz zM?F(a*ZeVlhS4{m%-5TiDA05CuHVaXSL+JdSno~MrY=-?l>%-^#=3q{ybm^MoRZS> z*e^yq3uZH-I>`rIVv&Zrw_?z_mEK;; zu%FKj+cUx(PqHMA*5?#V>P3l#rq*>?+7MLv7A$VgJMFlwN!XTSq$TjkUN-$Rj~P}M zf5vIk{W9bj8whWw4&kUd_^_OjKfEQy#WEniWaQyg zjRInSrvX=2>VG#e!6|phb&b1sx?fwL-)bANkld<}!xvSO7{$r5AW z>&Wf`=tgZ0E9mL#iM+kab5P-Sr#HR!*Q`W0oyjXH2{W;&4UX1U#NwufX}yD()6*md z;}-XW?INk_C+D_))zWvkx+;EhwIfWO;MSeLaxSmjk;wek&?{2-cJB&2s6S?xJ^3JP zF3tB_;Q*oV%R-%x*2cbypdb)ckL)z`cbGTrp0`T{*j~m#6&RkV@Urj?==k-JKe~T& z?i#}Bz_>9b_?4p*CvcWH6uXsp3Y2O1DuGk1)UV$ZIBNL5l_Fnw;G|W{r)F>9F;|%2 zh(@w>YSX(j=;@|tNWWH@*TO?z!>R`3Pn&i+aWA!mZ5!JH&!Y}>jYLf%bwNk~j_6n8 zxx#G8=%H!rh3mmpDsVo>=x06m*UQr>67R9+?oHlvY+Lt{w#`qw3unwIZZuTu#z();GQxZ1sj*w)Ah+;@ih;}XrvVmL1< zFjOB@JM;%YWf0~8Z%Fi&)v5%TX5tg`_r_tuh zfal({D!@b|>O{zWW!dtWN>w^V%JIuKm8smI`}1If1H_#>C$3}p(k8|90Tdhzb(4#$V{7Ae%@3SM`30sUb?w?SWcJhrpO+4L z_LW}y_=WA&wahtQC;zJ+T_dUuAe@DQloHK+uMEQ3)>qpn!2mUL+oQ(av!C3&|86;# zx6)z2T#ZqaHvYH)Ztvua1xz_3Prh49Cpa@r)D?&HAv_c_MepaP+k4q%mpYqvJG(>< zW92CDKYE>McW-o@CcL*6R91wosZ_ciXsZ#wE@UsiHm%G>-_5rVU4XKS+-1L4(DtRjwSHxu&@#v-0dc90<$Iv(3PHgo_BD5BD549QbbXetj zp>=NSny)Ey40DP~P8?bg3nnQg(>IB5zpR$gOzfDyZ&xuN)3=d~JBLle>OBo-SWQM^8LlP@k%<cG>;N&2^!P*|%j2+57^7{3_qPIm zA)pfHNLglkf*3c#MSgtpy{ek;2Su2w^7k6#(Q6|-C1XO`oKb}eRwaFxQz0hS1-yQn zfnB89sOE)lxhMVFfFdGT_JQPZA5vz)Z`|*6vEJou?ox|VsK#;AxRl>qJ@m}%z(s&4 z35}TQJTUHm-#XFWW;gyp#9s~Kw)?}?1?%Lib}WEvrP?4Z%J!Zrz4E4wrS@skIr9IO zqKwrH{{)@p-b(B+7mS%#XBN2M%HrCXaQ3PTf_^?>xQEj)s6G?2y9xhbo{j3V$a#eT zq?4F;0846)Oy7IDp5DFb{NGZ{Z;&T^7|#>6qT9fkPmA&EI5BwFY}^0n*<-5 zkBr7sse4c0Zk#8Dm!J74v#EHGi{=i)4-kk39l#@qPQNG%8ywztyI@-MNbb&dEV^)2 zfIlI}NXqiu3Sqr2ZK})7_CcnLS^7&@)J?zF1=3tUPooWV57MmZE!kMv%2Y%;v_7YD zbLv#ArFub8h~7D_?&aPT46pir$tS*aALdfXdXX_Y9H<9%(7eq{({JHH$H}*YxhyI7 zfif!bN}i|w?r&s@LjubI<^fHHNHw@4#cFpwq+v#^unA=_wYXufz!xot5MAe`1*<@K zCJvVahOhG5_%8St>%LI-+bdLjhMsBx_W&)h8}HJy&Bl+vj~3h>_o4yIlq2qx@Yv|R z!{ER}YRwcqivoiuv=}PA1sW_3`fhl1r~qX&-5&CH6Xg4AL(~?3I<%PRH_h`Q^*Rg_nECW zGZ%>3iFqEehWXwj+LKS|aA5kN;_PL>#~s%$i}8rtWld7RIzfg}LzA>SUQIieregXZ zTM7nB)%6YVju_?WRMm3Vt@i?TdA@>BQL`O@cEYPAh%#0K$U=wVvm{F#-7#AgW12c? zT6?fsyoMvZE|v?7gjcJv>-^|hl#accmptSqGJ1z_V7TzhGkr>-d-yRzMQbS2e>jHY z9p%*ZYd)^EWAYW+IkNOfiw8vdQ092Xx%1J?vqq0Vyx)u+U-&1INPNTUc;+<7WA1*# zonv_E%UuJ?6C!md7Zt~W%VKl8YplR6Q$Nh%$$>(Mp|57_LEOXGNCnUVf>)i;-(nHu z9Qhq&)c)%bx?#Uqv$=SGCCrTQ|No?SZ%p4o@KNW5ERz!Lj86vct`#4-E)B z8MN;81jY?}&09dd2e()fHF#2QVa$toS?#FyfqZLI@7WWTSurt}_$O#n(9!r4__a|Q zg4&GNPgpg;P*=EVCzb2VY>U1dpP2{ma0w(t{@|0P~jiUYV6@}FL&roW)YQ~{dx~HbJ8fNHq}#g@_NMli$JGO zv02+5@}vS=Yb=p(aoD$GH&a>vJ~ea-GdrSFV89^em$+6G9;s$tZ6tBaR3K&>e)nxB zkAZ)UCss8e?lTcjh6|RqMhZJwaOpU^sGHN?n$xMMCYxhcPV|UnE&vW~7%H~q=ngg& z>4JW`Tm{|o)SG-6#zwgR8yWW{&cJf1=h9!Z=kc?Um-cnKIzAab3LW)o!+~b%;!WE@ zDFEYcnDPEqp_ei&s;aO1R&|VtMXy_bCN!cckdKD^lqq7mej`i%F0#?&6g-;>Qss@s zJGa@`#T2B7unWU zaF2(xu?YKh_1h9NkePxA9Mh#Apj|l+QShxt}?OY*xF{#IDhvi!@H4oe4R% zbNf4>YAQIO17prs@Aznbm=>w8-ezzkPZse?FzC;Zwg1kx|3xXASZYHlUZR#F!1(b}L_!?Spl$GQfuy4j7trKjqbZ%IERO3R|YLspG z?;E)#Rd;@vUkXdxV)hPR3ZYcccPb?$#Xdi>XgEF#8z{33Un35l@(yP$?7t?e^pQL&Z}bHIyr1l!%3lAc zl)Vh-dX9c{&c*F#1@_*&WpW}YLJWkyGp&(N%{%lsFrQcnSJv3d88gsWE^qRA5V14W z5bxm^ynEy2(L>IorYdV}OSRY2!@52JH8A$&S)}I0g+c{SP+(K;$ z#AXp_xWJ^W$hn2o>5Wj|8byEer=xxM_I@q8Nt&rX=*$6)ri3otAgNz3SvY-qIPTkY zpoyIE$3Qbgv&qQlKmDByZ{nY1c+>xD%J7nr-ASvPJ5$goYf_o0Te6&<=B4Z!B-t!|I8m>$KwXjn)v2-? z+vNXM{O#H$@97a$p7B~DZyM1jWv1YH@$}dgrJT%0Li4BRuv!Eby2~WjfF>MMhAU7l z3@9rk|NLc>2qdMO@&&$R7~JJ-%c=DnyP>X5TM>lz6 zymg{%%Pm&JrSu@sq_=vxrbFCzZg#u_TjHfg>@p2VWVG&X@HYBY>k4}=spxlA>Dgb* z{##JTrR*y7(BAtXluO+9AbZ?eF#V6f(Yc(6n{&j%09cFbF}JC;Yd;C6#vRwMBr9zj z8qSjd`z0@N=lG>?oWq;x74VzR%sa)TWhedSljXUUEwD9nP>ViE-mm8TWW{tji&9@= zGvTQAlv{05DocDtKBma#cXf4Pmp#L3sfa*>=0ljM5WJqdF^H#NKba3OwpMhVNcSL~)%%d%&XcO2VqQQy>-E&kWI zf&a+fdD4LM>^zecb>GKo9CT3m=8w`>-9Wmb5=RzW9iL{|mhB9F*|+N43K$)`G#NR+uYl&Es$y|9(_Efu3GEG z8+FKw<;gBG4{+8os5^}5cCZj_E`YB-_2BF5v7&+I)xHgUhD1$qaBLnShdCL2L-yi`c08y%+n2glT=@} zW_e21)iWtF9cFh;jBzGbI%;@&pKggZ!mu*;)R~%Ofk`Vm|_N zsa)z$w7o|nS;5vP_qj|ooO{8xlWA86{I$^tBEQqF->f1vs&p? zcXrHRN*VwyBqzQDA7svbr$xfjn^C2t80AM^WR#M8e#sG4Qsuq^7RqtEKQk{;*z zFQsu0L4?)$Y-8SBgPezyuT6dQ*OC+pmaHVchs7$I8v535JQzyJtZvf$HksbYyx8nbWgPU_nn?AESD$MTa&_17A%v^umMZef|wu2uA_De zC~-piec7Xt@=4Ic| z>QJBh$kR2vrCV+7M1ys@E7O`dW{E&}UP40p7=k|u7@C2L9Sdm6yUwk$tE%4!ls z*@G<1QANLtXR3^(XPctC9O6$~Zv`LP-78l2nd7bt_Hz^zsP3S_xE9Om!=F|Q1=^yV zx))um*e7J1I$7q{YkWj^6qIL7()~z%Tdhbv=6V>3l3vVrjdaIp&&op~-u6D7e+cXZ z!H~1lL`BqPX))SYUM+XPl7%Td3@c*6Pk^2WO4I^z7tVlj;$$xIgO`aE_PSAOfu!zPbNnNw>TS*V)?n+pIb2p%-fhT*RN2P#6-Hcq zE?eA_3l1d6mY64VkLY{?;mpL%sC;PNX&DCqLW*aqpZdIc*LU|_k|>DH?kBfwy8p2H zZRZ!`bsP=VW$%u8^4)G>eAz3%i1hi@qMS_VW{w`jb!>S>mo?vm*S3nv`1YvGClNLZC6!TjVE9Ucm&NdF8Cm#O0f@ z0%dx9;Rra@hNOq*yF-#-Bnxw6Z9b|O-77)j((45erWrm=tIO0=`7D`L#R$qtElrM6 zcXjIy=nJ=Viut&8t1+^{$Xx}#WY|WOsT+Qmu~1XbpB3ufABl5{NgOLTCkC2tpt*S6 zvytotJyHAtA<(p8J7e#fdJto~|1|oNfM6IOC+rsv>VNNSSGqDt7W!F0uZGy)&a8vg++OzU3ng-t%GUP)i=}p%>>wJAS?h zl=g3<>B}hNpdLQ^0s&5b(WEw{L(DCFPNtJ!3@G@qoI&hjCJs0ezA5$~d%+>-bvjgWl#GDid;KM~OlN<=4nyo9)7*~33 z9r36j`bnLI7;9Ou13psqLUT6L4sA8^b654@Q=(Jwyu0}^!-ip^k zSf%bJJL&h-zh4PhOjntz*RB+pv{@U@9?HfIyAo()65A#FsoDnmUrg9FL3fq&O4hvL z!sw?CL(R}_Oh?JD2u_`*gmU&gKfnm&ZszM3z;){Ptjz5a67YCgiu-;wO}|F*v7Adt zJ-gIIq*~P%b&U$=ntn>4c{e>z(M)emhz$C138Lf9M(O96KE~%_Hn8CY&n;!EB>%6G z`ahc}mNEF_!Di43k=|{tX0%}Gn(7*=v!ptdztY_%Q0|y}V8gfi0V%FfyiMBw-MzBx z9JZd<`^ztE0s6M^_(z)}*Sa_MA;Q;Eo3EV~d0z|MHVw{=B@Ix@S;Kd8KShMch)5@07S? zgPx`>AvYD7!1poWfe zy-A-~-k#|{zfm}*(~Vkm#F2-mKgT0wxO9heyA=)J$UbS9|%Qzx7Vj+~)>Zs^(%D z*h;#b7m9DQP!+`dN_(;!dx>FcPRz(+kOP0q+R<*nFH`)Wv-bVT%}{{8H!dYM!IR%A zK6-1<^!!d???tdi?L@7e|EUH|Dac<$Frb$=&&z!*`VIT zoTEXYR^0+&GzzZM%pIw?viQnN=iRV)qbJj%yQI}IjIQWh-#aZ)*=8tUU+DsWlh4T&jGp_kD`A>tfi01Co2l?e1(UtKL5O0tMmCdHbb~wgidFj?p=bH>a!kya%4$+ z$CDhh9+Sa_MU`fh)ICUVp=tD#X!GXdq{6O-v}gxj`r7>cs}HLmwnTbR)f5mvR-&ri z71hg2Da3U8n((UT*dKMrBXvb$`58Lv$!HZT8H(S?^04r}ftX(qZvgbQD!pEc-wR=l z%ce(6{x4!3-MD8dVK@kqrH#mOp05R?!Zy1}|hSxWx zrcd+A#!a9>*EPuv5~P-XJ`f7*3|!#SyMM(5efSlp!df!gr~bevS+CtotzwH@|fm zd&}y+ZZ_6?U}89SZw@}K0?3-9>BdYqn6MX3@@GeEckwFQFS1gz^5vw(yW>B#7>2w$ zok5l=WV2&^tvU`xK;WK;iBbJph~*63sE4&lSdSEUA1`ui|Be@s#mF3*6bXD{TnK)A zqb~+g%%iJGZz((QVLU?A|7Pf6Zs-fQlj#fpg2%tC3Q{8Gj|wz{hBoY#{9X6}&T9u6 zbUnHvhADBf6*IbyVCj8M>}?W&4LRm(mdX^cQp-b)ItE>NahuYvlES#SF-;>Pg*)f+ zJB_3BA59gm*D-!`4=m!g%$0sfCb1dO{YJ)Frr~2@9X+{GSuDz+b8469@h+;Ninny2 zh?B2z0_Jx8CFHXEk)%xa-by{80C5a0t-O`yK2`T2&zap}(dqVCeZ?(yEXEZppaec` z(ed}tD!Ns)$52phD|+u85Tg^4N)ZrK)EDmm_+Bc>FDW1EM!Ya9*W412qB!%sAy9N= z7YlQiH)wV#Nl$W-#)S+Pn^t9L8n`*(GBQJE#St#0e&a*tnl{;5_;uX~di`8n2@wWW zN=W+x+CeFtNvr6g)p-Lryj-%tt{IL-VxwHo9RUi{pWK%djjf$)hjtxjK|k_DE4e+S z(xmQhR${)z8mpE_&hM(biud`9IDkHD;_gKTThJ}ZlIOa=1qC|bi+GJ zPyV{|-%53@^7HRDSz7R>TQ^oITi07CdNS{!S1m6|oUB3N#Hr>e1G=foE)uZ9x^l4p zcACY{?tI|s9ZcK#=iWRBorDz5P-x}l`T*f7ptSi2eROJT*qJ4WEg)QVX=y$hlY)H* z#GbH)xXM%LipSYw>iQRX=%urQx75;u_4zd{nXx1l3CvB$jHqBul6z4ktVqw1L>u?N zSj?GuO!e0~|4+W(zdO@5q#f4$(^Ni{_W8BLyxjxsJry~}sbPWZ!GP8CJg+fAsr%|J z#Q%i73pWK!lwJ!Y2ZQjZ%fcU-!hXQ_ODb1NNlSX?arJKKNlBr{l;p)SFb}h;hb~dBIb^Ty^UISG+kMJc*FJ&M9sS;oeDryrW@4vW) zqJ`Rki>jk?+!>4H^p;~4-FOGjR|4I50PZQ!3R?qB@68627uih$2|i{4?|aB6Z*ClX z|0L@$+hn=W<3kfaCE_8A%+u1IMD)-nxJg^GH%WK~9z0(w9Lk>Z4!%D>U8kQfobUj= zRn%aYo{5UiIW^&$!J1dhJ+47cB260>3$t?8MmqTJW`zrLaniHLTx5oDyd*2fr3|kg zn`bYYSYI>ox6nz6O?R{0@SLsMLNZ}BWfqbO zf?-KjqRYG{-(zY6_QX;(xU0}$wD_HL8J}lG>-q`C&#$mZS9L=skr?dKm&O#v5mUG# zvdW9x8WSbJmYyj}_Wgh_+E3r>tK_f-M67kptUaEqKBmA%bxdqV9IJq%DfgV9sf?no ze$^4XKC+kK!{1;LY!b3iJ8P7`nx8JJ=+OHv8YXEQ{~{gZ0(2WZ+ZcwqKD-Oxh(dK}lWRNpvAbIEFLPKvf1RQY@)($=^1$ zAjq~mduAirJ2n0Zinp@7BOl~xVt|hg+mw-Dny8XRH0L`Qu=_N<2)EMVsv<|BPQb@X zO1zf~J^1{t^NUg`3cqGf`#n1N@0R_ON_k`^xyB@R?arR;9$$OqsUTMv6N)23<#`^2 zG4^T1;#FrXTa*9+mq!?qoqe{w(Ws2gdZe#ml_D%*GyOcvXTJ7Dc70OzYyy~%t_hl) zn?wrWZ!8+t(GbyCc&)|^CiAa!qp62a%}D7Q1HVfLnN^?Jtc`AblXS&5776z?U35~_ zq`$h_{~)529bmVtY${xpHH}^85y;K+o*ns87;Vc5w(Bmre>~cpv3lGv#F4+-Wui_G zS-C0r*<(uL23%T4hj8QFbjT#OR3$%2^_%fb-SMsCAOWfjYoMPeMqt8<+15C4_LBF{ zryAnFFt-e7jN`#$qs_A4s312!B_}S|xHxYq6`M`moApppd7{lh`QZy{{{~!?BgH_h zZV2)O!qv(m!^mHs8~bcpMtR2H=*?uR*9_ztYI4kR*aO(5Hlm?WpeHQm`cvBhBlrsD zyuveWDiJm89Brq}Dc;5M?d`MW%+d|S1~54T{t%v)K>5)d~pkeOPCM zT33Oqd4E%|!k7G5VYpZ_IP7hc0^khfD^GFgZM0%em_mwX#6^MvfV`^1Rq9|6-TaiV z$rf88n4Ys+0`$tl2=G0zhc8J%g8soWLY>Wi5=Kk!ryVn8b>%GVu7EMR+V<^P=waoq z4_1pla+(z{N!Z700*GP9?=ScW%ib8Won)LfE=`QsSo(4b?LC{P_6b}rTOG|)Hu~whl#5bteO}$x zqLeeFNr4>uj@LK^Dwm7p=~jF#Q9z>qck*7L^oCr>Xa=}sw>@+f@VC@iNi()hNUZ8~ z&`pL?yzrqj(Ok+Cg*xz5f-Oby6RLE-l671fj|$_(S-dm;MA^Dae@=ES)2=`eVZI90 z=U>SxcG0$u6zLFa_A+y+KLJ)Wqdf~RG+KMhuCCq9;^pD#@J`I+YUNcF z`6{gXW9l2YT@+iQ?z42c!2h$DOHo0Q@)#3aGLa{RAn2r3I$G?U9C@1$Vk*VUJ*w@Q zT%O3wucTqiA_~u;yGGrkJ-pactXOY|M&v3E^&bOU4$+{#^DZ$a)l*F|48G0E{o+;b`1k zg6`Ydet0dRV7HT}>fz=%rhUCIS45R3k!uiGurLH;PwXcg?)x-Me=6N zLGuUx&Q!KfDkXgN1dTfQeow=wp(c5LN}jVx-$QAbx@aYgq9oSOvp0)^OsOX+y-x5I zl~{E=wE9M2;z|RCmbqDKX z%mc(a4mC-G7hWtjfzS9H>oqtEP=gm&6<&KpW#XD=%8V6vBKbrmA*x31Y_JU_~Mjnb`SyloB>0CA9%acz1pI=J{IkNRM(-*W+cd zqRI`8*}L|JQDLjFC=a`*-wub`+QxIS1x9pZ^pjPp9Gz7~AD>qXgt?gXQWg%uF*Z}8 zJ6rspQ$HY*G!Wg2wp0+{GQ=Sw)ZbvA{ab*mVZRT>C0c5755lW&1~Wc1A9r7@nc%m5 zD8_?MJ|+6`)9m6<5vd-siSX}ebp`tf`0L!nYuCE?F)12q(>?FYn;LW+s{3 z=LISR<@K99XkYWjN|!4On^q9j8cUt(?Ia^DgM;rWfQnz>*L@IpAa+R4NXx&((yuyyt<;8ZBw#6?37oX;chdt=g@X z-N}jlqQ4T~d?Vo{84SK09}aRD4OVvVvBX(?OMAD}Mb)Ei5Iay}DjClyoXr$6~u_S zgndVjij#EAYVr?B=hpD zL~o*yw!uBVd${(7IJDH-WZ$Za>pRg(yOB2=uj(+@Wk^KT@^v;sfmx{;eT^#S z6;*<`kQqo@oBnQ6Ohluxt~%G1dATKEr# z`149{!g}|M>D)@^t^($Fu~o%DqiSWUB-hz{oP4BFg#E28Yf3L>`j~7e@905YX1I%$ zupMr*h*w0BFlT9ss^loHizrv%6r_aJW^!{t?sM}{C>ko>Q!iuFuIDIKLlWRKW!s5I z)z1;qltVr&fJyij9SzvCZ@ywzt2%%M%g-^wmFi{{Lpw`G+y(LCWG@!|_g}W4zi-EQ z5Z0UvQU#{f^GtyW3FRDB4q)h7x~W+7Lkesq`-zW~-8%1}If;mq`wd&^(&QZuHLrD)_?wXf=QJ?Qyrb zxeW;oLP&3nEk6XG<%bj+dCxs#^ zpOyXlRvvhHooy*wXo@VzuAcljeH>LXW--J0Abh(8w0CkT-{aw`Mgb9cQZ^C9eB3kG zbj17tMtp1yBLZeC51t0oRfP*`FsHu#vu(=Zxx7OIn0)(Y!YnvL$3W+6k?EiJll>E) z{!e`Re>Z$O8QDV-ucjkqGff#a0hi?U5J!2c3Y6{0PMJ{4rC;`%7BNz+jVI6I8H3J& zg#iV>k-c;gkme12IvT9Rzgo)C)pct>-MPi|sxQ$qMX{<&`SAB1b>U;?+3axKuNIT0 z&e_;U*E>D6(U8@LiVO`q0s>fZ_?G^iA7Xe18`a}@;GCGfGY|HLI6S;+!%de!vzq;F zBuO`O6z>=fqJ zBh8z&_u1#}{f+aTv&Z=E8Q;Bk>^TM@BYEdD-fqgIB~K2};N*Sb{Cw%bnAMZIEehgKb#m5|f^g%YJQSA%IwYl#E5 zq|B{#(CB<33Efdf6itBHFpf*3CpcOQ*J@M?w2CnPr925BnuXDrOI(y`^FA|QpeS4K z*IZx>l5k*Ed|AZ4;zn_Xwj&hN2UZ&`a?jOj%$h1Sfb^0YSEVxp{A4ddVu>Ti9h2oG z?!X7?g!cS~XT$}{o;TNu%O;6tSKAi%Mcw501OXni-v{EFeIAtq9GzVCO;s2- zmM?~{AU5$ybTgA^L%9T3TtCttc6i9uB%&1S(mQx-CcVcz80%+$qYUE$c5Z;flSgYG zT-gI~3i5Kmf)Gccu8hWtW4>v{O4N-)LTh$Pwn8?B^uqBdR?enmB)0sy-Sc%>wuOzh z3>&0bhUk~Z?1GPCLT|F$*6*y7?F}h6w-YH2bDYChKj}s7JCxp*8sW0HGP zChcuYU5y*7NNbvPf`kVKd8&wbPrF9j@iF@X=FBI&V}Yl=KdBg%c1jRJ>H3$S%CaJA zRhlL=Ge(3d)3SDl@yKkK`qm;92BRDt(zrZQUc6&Wx5U_8D9&|wFlReoNBxtOA0biL z9k##n!PqgQ&l%)C%pa~&9#kXaSNoLuCr786UhB&~&78&tk!gx6bjL70RwF9HOf7v}jl<`DKLH_T+~proBfj;P_uiO6)G@{V&C7iq!a zl0_VS{7Y=L*Dd93tiW|H_o`n1!wsL9_@Lq^808{;@5@7OS?2O)&zrKh(|N>oA_wi=Y*q-E`tE`@x1!_Mu+uDK3U=@8ri{vH;J~Wv*O%t z7Ati%DSs5EH3ErHPttMOG1cKj@pK`Xu4w#_30jrV+qaZYsZvHT12fn0y4THntQi3k z$pb{!)Y53AHc2@tKptcIiI9R1_~I(FyXk&~z=}oeMAum1H1}0wGb0rP08`Tg3i2~r zxbZTGi>raD#x+HFgzpMkpTS`|&&kXrCB(OXYt+V->E-{di12SOj_sC~>A4hzT@T5Dqa$77(dcu<{^YrQzte?9?2w1#e zKWoiwb{;t6-iVR)9izpf;*GNv+!StcFFuo;Z3zl)%53;ab=};E=!X#!a7mLn@|(S7 z2k*nimIaD%z7aA;|4`&C)6Eu)57uU#iiT`CZ;iX{)*Wc(M|Bs5VMW5O$>~34D?VSA zao{slh?|KBSmpiNqnlxssxH`x(dlEKNshKH9j3odC+L54MX^%^3f30SsHK6LR5VuX zcn`8fc{PN8HnL56G%Z0dH}>e`b=b1$V+hmju^F3}tyZ(ViCdw+r%= zMr=MA;O^mjmlzrB8DIo(g8FL1uq&xdE0+41#ZHoTF1u1Ae;cdq6%%q3%Wg3&huFI= zT2qSG@gtS_b7ETGOJ&$QOk>`;_oZ~wysqx3>;7x+TYR=;+ zflvt=9sQ3ATt4bQpbK!78T&yW$PsIPLxL6Q=s@VsR9e&7NrqLo+^N9KEwkp&+boM< z=i)tnJIkI&wmFlD7#IY$%&g#I^nY#0v_aQ&2f+fcuox+B+7g+rQl!NAU{Q~9ZMug6ojbl~b z{HPBdW={5gdSyikeMMIK^}v2FHWFpvLn^CE_-ABM$k5Rr0!W;M((WzhIDTZ(zumZW^z)~r}>ikxd!G5mgXWc zXCmynp&DIghcvf2HK8qr>slw3`4*p_iV(=YK((A4I})ofGY{6IR{*$>%PgzDAv^Oh zBLsE>LC*}Wh9o4Z&@s`v{We?U9}F<=J??cbPD8J{!$&J-D<%gDIt_GspX;WlOKP-| zlX%flik4|f?m^869qf7yCtOFefVi(lqb9eb$CDG__>AX6aj@8PcJ>z=HovUpGFr$* z(@s$%udAWmu;w(S2mQ3GCrf^%=P*oP{xVuOxkd?PoP{e<%rRASK*T(#d|1_T&y!ba zW|sBN!>M3d2mv8pa!%YtRwukXgiM6Gog8~a| zXVbQgQ7%{Tz_PWR_0~z6ZFBf63%)XE+C;6-Tf{P+-l`b5WahlU^^7|ey!TtyL41+! zi}G6!mxKA2pRK>_GOHeV>0-h@#P|f`^?r@76b;@QR5csEJ=tT45e)a zx{q?l<^JP+Zi8~wPH$>#!{v9mQT?2a%CM?h(l$;hP5-6Hw zFspBG7c2IKS+>qeI+GKdB9_(QX14X^Nwl_ac|>2dFfl58Dq2tb+DN)&3sKfS(TJP$ z%syQ10U~tQ*yBvA%xWg^O&N}cphz&8^Wc%kJ5PusIFyFa!hw!HhjP@MkAk$rmBs^ZmIXn zjStp9Q@^Ti_h5Mdv3j#O4)9EcmHOFdrm+IZ_1c%hNL`Ynwr(L8W!0KJ>Op$;9*baa z&}XdMx{8LWQA_;RtITvI$I~qnuN3e?zG=)WkG*lxUQiC%#V;EjWO)n6J6mm)KascQ zUhhGtt#w?xoNe4*24iqP?mw-nz2v%P^2qXQ+g7)+Zb~AV&o@iW9JeuUo7~r19jl%i z78twY@Kw5J_EXf$un!P~W>$?icaFdJ<5j?}WiCLT{32MrUy9g^K-{vNl8Tg4;PtNK zAF6jwgIWT|(a_%OV3jsQF z$m|D)I0bKT#%y5VnCKA!za>=o^zp*q;}!y zQ%czdjCsw@N2JWA#I85n@u3UDpA?cj`|Kyy$#qhJ81?s)iz&BH{OF5&#th39s~Jn~ zN2lE^3O4jV=%v=%+W26BNvMa^UVAosmU?q2fSg;pp)G$$|KS(R5PFIiSstTXG?Fys zfcyLcsKHH=fghSPVFr}Lw2KXbjBIm%UD2blAoCgWW5FTeA9*)_<0hBu=s7oF2SL)A zdOa+m&`-o@lfzk#F{^in0n!YK11RUY$n) zV*S9vj0fZ5W%2b%ta#ZKTxY4=(DF#B*h}Ux3QInnE zjLQ`SnH7%X*{?!l5%F~S6{|h8Y^wr6r!A4ZB0q* zg205g#N6vX$(LAxtJjG)_m3iEhs{Q_rGZ~{9v8HfSY^cJCYA;Hws0h|_-1vya_}D) zVTggFsVy+Y)|&~g+&ln*q6DeKE5@>_UVc75@SMlNNZp8p?OP_U%8ju>`Fjpa+OaI} z9FVXcr3u^d%jJg^-k=vgCMP0&fw4V6WFxZ0t-891i*6dP_Pl{~64WfIyq8TyVgdbu zm3dfOP4B^Dr_)p9C^}w_yOo|TK`1RVMBSe+fSAD!yfilQ3-8aEIgcQurh8Tr*}fJ;U{5+c_yI9?1!=Q0%$Esa8Qm2w`xd^{?o;aNXL`4|;?7C1$ak5_>NZbr@{Bl7+T&5=n5>iR=d)>c zR{&sM5cS+yNW)X8LrTr})Tb2nm3kW>BuexC5)+TMo)eO~IHvOE>Bb$cbPvlZx85o6 zV6vlcsZAPme-+c?99Q(hvOonfYGwjOqlhK^Vae&1sVM|)XCqtG2jOtGy2KmYC~-r9 zHV!$DBy5Y#V+^|Z4^m&#I|eiJ0NnOfkYh4_O*hOj<-vTM_Wk!~5u zxpl6L)VEqJOHB2>pH;2-5ggdCSg>;I$r{CIz&#eCgTA$5GN9fCLPr~!7vgpu%3?)? z&D?+$>SLwAI01$xAt95D5k_yX8o1W1lvQ)pI{?o9c*hy0^ zN#`S02>N>Kh#%7^bkMlbE0&Rd_NzCwEj$8YiP_T0kB$=6+4(#HSn)95o&XRS(xcY{ z?|ift$gfZ>Wil96{w8YV9<~{HC^xM99dLb)Rdubt7%yt>TVvid+gLF%-+_^qJ%Atd zhZRdschuIm>x|i^3ye)%N3A=zWm#RAXX$s`RO|J+eec z4$NO~P50T@T+5PotaPu_xNSppMmtBfn?+{~WTNDj%%d#2Zu8h(xm*h+v!Iq);pb4rAui%QUdgAtcdR;;f#3WLSPgzm!cP*6nW; zWX)Q3!9=y&Q4Yr@=&vY@*Tkj^T>h$peLq4YC&2(;dP>tG5$iP3c5Av9Bh9b9L@!4x zz<0$zk^?KY%{ex{oxO5WJzfXx#=XReLtvc^GlW_vrt0k;Oye6p%}6g z`nTO!=1NC*v)e-flIG|R+Q57XK29V+p(nhW>O=Eu80E6Bjo2H#THmCV<=;wp7YV<>(eBBIYHCj%@^j;I3sI0&LGes-O2dqs`l~WTDP<= z$lvlN&`2a}=AbV%IyNEYEwC%fm%^X-OJRu8i}w=&!UK$N#7rkOs2BxR9h6nD?Il+{ zQl2(VGD3rCI;7kTU)q#!pZaC6)mSx_07N&u<~wApYSdD7Af<3^J^;#?)_qM>Kv`TQ z`msRM&RLf90jXr20l#loBBt$Ez1C}Sd)s`Y`E0W+dVH=b1Bgr&eT=XgfBL~g$uU6$ z4tjvrLfvFFrtv3bI<+!v6y|SV`n0*#X|aXTYpvs-K{PXOwH8y4JV_zHuWbU>Pn$?A z;bxvC!AJ09?HQ3aO2RCZZYg^hV-6h=9MZ3njjCyFdqPq~Vy{B7CoPD+PtdLsRS5Ht zXo*hwzOPuC`BTVVU&?fg?G$5E}%a%rv#b$ z2(b(F+ZKM&q@poVoLp_y4y+n00j(Yl$aRnUT?5}+Xv}rxF;pkw>{PwhqJ!RMFo0k& zg2KF><1n9z0a~?ohh?p{C+xRo6r-@qPOhTQU1f5c?%nIlbJNP)WP9U9@%h>5ch9nB z+Ko+Mwwk=bVYI39j!nnItakIAw${8TytbaR69%FmGtyd#*(+fLHLD~=HsdkusuLkG zzL(eZ#;xRaUXc2%V6)jNRe{qol7hYx9o=*rxbBxCD>1t~HQI&J&eBi9T;A%l)88tcz7=Bj449e&d1SfO>J_UMFmt9l)iA3De*L!-`{l=l$?)LWo6x<+=&hGrr?)4X*ADO%@--uo z6!-T_;)<_>>)B~8lx&o}8<>WzxSETk$w5Yk8I*OXqf)?`BL2x z)-&U)n{yBR@^E6Q&idD!5$qmycw@=S+(iebG)2rl>;YMb1EWnvMhu^uED29kfXR`h zij|;*uO;iavVr^(=ksBY^!TkJiMhRv<(;u0QJ-8xid%!<#op4)N-jOPa;5Kp33f?_ zG8#^&XB1GblZij#=4d5yoL;S;Gz(=t&83h9`7@+KZi=JV8^VKxTONI%_XZAhl{F_- zx6hu*WySGL%YQ$r6x5eAM#ubn&;NY#%bu*_Y;wxzUTxd*q#k0qU`I!AnUa&d#QI(3 ziqFAud!piC?X{h*!DYB3%4T0?cp)FVx8*qMH50Y#mi2MgxvuZv4@dVS0ee^7liaVb%5RAxdtw2+qG767@~5w5K@vLwI~sU)+4W!Qes0_`Soo zmmZ!Jt=W${CaYWRwbVZjn|KgUS>w}R1^lE6dd-b)3JQr#kku=2pZxKlh?wq68$7}~ zE(~~N_uJ&4k5WP7tL6001^fm^V5!Kgj(C#9lPQxU@d&A8t=U>bzeq_T-qbgeE!)jJ zUIEVW6;_Up zV;)lw6@2cZuGPy0G%CM9$1gT{Q-@N=8@)a0M?e8UP%(8`cuu08YP-*1Z`oL6l0@uP zUEz4`(4lVKVu!GT|05Gki`J(cZMT~funGK4f_qy?i*%`}VymkQe%rxYT*J)RWAMXCv^ z5nj!JuG}`%bN*J_C&XTr^|-P`Vr`BPA(NVsO$gH$~Qz64?wrCK)4(WlgLmFWrT( zxlA5DD{?-p@*68>h0MibyC&@P+9&qLmb>eCj%S{6Nej}mq*&EpwK&7+U$jN1U*7Nn zVH+H_z8zl@Svv(zc%Qw=^{K<;@1`ZW*6bW9>wPw9feEh;Y-3L$Mh*U7$A|$C{dHGW zwb|NW{cNZ5?c3A*cRe~3R!8d|Ez!AdnAXcaGvo4Su*2-ep+)dd=@zEg&n<8-4G;Hn?=qJ_W ztDBD7+gRB|$c#~{>7or*-}$@U?+7= z&T4>${||zAY!__81=y!u1H~Tj>c~Kq?1PN_8xz7HLOq-)Zl;_<4~r$)bs2cdWKmQ1 z*LF5@U%wCI{95afBba8XzJ{4GLe&@89gwN5pCi0fP@A9ZfXI`mZga5L6KH$*QT$Sm z4ALG6nX|d0fP)4Gz(8LHyM(wBKXs)8&;dW_4#GmGUJ#axOo-^EAdHPDEEeW@nkZaxJ!`PF<{8#4^aq zh=nuBZ?q3W$g9GZxEVa5wpZhx8gcH?x~6kYm6d9*amHEy1uDm6oBEF*3DhXlE)M%L zwy&cokrxi^6nE96n>J4C^n|7>aSF_INJiOGC$09PX!E z{65jSDWQ25F5eJ!Xaje)4!qGjiz20@7-yqGPz|)ct%y>?`qh)D1ey0)iTnypb^7Cu z=4++dANq95UF|H8ri3kUPJarOTX4kiW7-n93}zx9DP zt^3=B7iQ@={xyEKH=KU0={ybJd^`|%6YunW@W-o_?;__@lgvy0rxtQL6Ya5$bH2i^ z91*kT6#no>u?tv2a5;DAi>V`$GS+uRCeU;EH5CIWS-(Mh>rw|7A znSY<;iBfLs@qbS8#@T*^6x{v>A)XHA24!}E06`Kq;?tZEAmL87jY)_1d+((m!n=v+ijS^9u4f=f^0EQYKB zNr|jmGLs?oH@9Y%gkzl(lfM5M_|jd)(M{As^?Fp_~q)L??<7qIW(<)YXGLF?u3MJ+usR`;yb(X_X|rMZ(E<3pzPKBl^elqOxb zqc@uzSl0t3NHdnB_0=kD!%sosB?EW07ZIb?An#DomU6Zp+tHm!(}w*a)D1M(0*W9} zq=qz;EgC`-WGxx#tJl*^0fGerB?sDx?{zqLTlIeX7~{7!^;@4bV{;AcO2PqUHgBFf zdgG>iDytpQgj2o9kBDWAomI6OaIFSzbzwVrvyF?sxJT~e1br_XAzP!(GDcZm-exfO zy{pNk*qc6+fFm1E-Om4ZlP`TI2O-U}Cp?*EErFUZ7u|zKnHsT$?qC87f~%p@9I4p^ zC@v@Ax*g0#;Z;orUBvUjskXP?W)PE(knLmYDCFC-c7~6MV77; z8y(`kKtpIYt%VP!STqXgM7N2|7M?zc62o-}#tc`PK%uh?=XrVwveev5SE|R2%s@O) z&T?+*dHqs$Nmmm!7G%!}s2`l_-gP+ei12m2!Otv8#rk9CLE*fByLoJj1o>-K)b`Yu z?J4h!Vr|+YX7-+He*$$L|1;T-T@>~f-#+h8s-{2K;sx#x2Z5lZhM)S9IEGWsiwhlf{6!&QLVyw*G}N|gSc-!<(k9<>6! zzN7%unU>o`^|F7hR0ez~zbcJuzVz!B0j*VJ>5Tmb0#{ex80D>TCmJp+f^u?|?(rCh zIVY{wK~poMFL6(SXAqyP+?S$%Qr&RYH%u*dYknD#K77#xtX)e}N)m3klk)_% z&7Lz_u6lGie|9P*(zI@d(1$8u& zjZzBz4dIWgwl!{VPuC!(d2)QqGRmS3;*}9Z)4I63b?7a+BIEV+oB^XM8{{IEu48!> z>4aTswRDSRaiqo?swYQSAq30rNt=6i<={*q9Qs#&QlSQR!A!XIZWghz144+UEL4>U zWi~9q5VjW^ymQ3#O4p|7T--G=UOJ-Z$qaYWoCZpI7%1AcM9p2lH^QaB-aFF^X>P@7 z7(T0G2tf^^r4RshaEZ`hw60BAQTH_|#@C5y`#w0GDC5(!U&#pPkTvpu8U@mFOmu#` zC>7oG^a*aar$LNnja7N520Hm3Iwd_ABH(U;ja8UM7;TKnO2J?4qvMvaB|gz;*Se~= zC?il{SO|-!p%x^^%=UNf31#gfCyx|_?ij;&9l!FQRQj6sXr24!Ceq+H#`XNyY}X^H zc5od5*C&c45XS7|rq4HHg&gC)AY`njQ!IQ3>ELm8!p7A8F87jMaT=Fx1B;(xF*eWF zf88)jU}WHBZ51WW25_9$XFm`gwJ_tQ>lCc1$sWx@bGnFGfpem*JE#xQ)P`A{DLwi~ zd(`rURj8$WVh3{JW|j9^fiWXkqYDIg(2h2$_RuLXfxFj>3OS64R>DE*K*RMEp5If| zmfmJjKVaG-)>8a7Maab-PdN;kWe0yvzgm#~JKd6rQ;?w?s|ozoEU*YgI|XOz(KT79 z0Tvi$fkB-C`qxMX74xM<{u0i&#e;4y78Z8C-*R{$1dcWwQfsT+Zl!)qIE;|j!&gY# zd=P;jS`IQqCP|u0fh87Sfil?}FwRowSediysB!RS>(M9Q1RL#gr*dpp9R3eyx zP(AYUxqX3l=BU)2ayD$poCx1K?*!p!S+XX>2A0SWA-EcGCD&c0wBX4TlJXkb0GWEw zBjL*@pxG!8XZ-}rmdj2zU-&Wo0avrl1+-~4$NIGL>;n4yFCw)i-P6$1`m=nguoD-T z-~Ziyf#Z1=#sez*%gG<&j%)O&PYO45g2hZtdY8YFMQBX7(}uF%H9=399uqE398p1s zlZw&;1Zw7ohsa1TF;!19YUW77( z#VLz|&Ov{|qnmvPoOkH$LVE6H#;1dX~zSr!$XHJu4v*e|MAc&piF@v#jTS@^g=R#yd+LU!Gj>pFbK6Hi|c| z+wXgO4-}|UGJSB0o>sWz^7@~M_Vh;T(D03-dse5R@-g{WpL+=gqlJG^j1zl93(8X- zr>*`a#^s_7c(iG~PffDZ{&j#}12|xoFHgY7?>5Sp(dteDlu>72kylG}Dda&lEmGx* z>31N-{I~k|7(JmONf%rBAIcjcKF>#Mx47a0Ir7jD;U%BbkZB^`4+kY8T=fYfdSku> zsSymwP}fd87I>Gf=GyLYKja=~Ov)U?>go7%H?Q zMo!Ybz|M|f=iNKk&XmZ9(ch=B)j5*P@45?k{MB&E2eDBnBa0k&j{|1680Q*19F!oE zcM{aKzeoE7Z?MuIAi9;fzVEe6iM4yp^!oqZ5oLrn^gsG*%&mmh+C(ljCGVv7E2}XJ zwTTQJmHye8``_c+2YymHwcP3p5?ByVe-$NR5^hmIHvL*rru<~?-n;CJp%B*8Ltv-f z!yk0^71yvDGgVbK=C8uqRPHFA=by=nY?k(Hch;7pwL5yYw$YHeI!i^o(}tAlxBStP zJ_R)erCmL=4@x9cui8kTJppd2{(JnxzP@K2k})rO_i~FnTk>2_NAj(|)HLXBWd;U+ zMWGqXW}+Y-&pv}>)=``gd0Rf})}$I9>VIY!{1YSPKWOr=gw%gmLJH<&E|cBmD~L0` zu7itVmdGAi8cw8^64FpiD4EPh=EFClw)@@8i*d^W*&BaNlCTEO z&bXlezop3B)2m+^1`gy5XbNtf7H`6fm>2b~%lVYPf52^Qw7?T{!J zlr10Gy>81@ai#IZZ)JO{q@|IiE>tY3mk3|QGD9wkE7Dh1bI=sexioTkR{Z7X6kw;e66@7-N7Sukqo;7 zdwa1?9>~lZ#>R_@6D59Rg3KH4s)QM<8M1;m;><;X7&V_c5IsoubDj8##>}&=?JBk{ z&gdyY*u6NTfRs2NzoWSex;5fXDA!SeV?tVd%fS91uw}LEUy{auNgDsBr196gbT<9FJbPQ zwcjR}UGHe|HahP3JyFS(uPiNc!2Wxcq-*>zZ>)Gl1Nwt-kUM&`4!&-h$+6&E&2@5{bC#i(u zD$Z@bG~FGtY1wHsQZn_6EA^2q1o)WK^|6AdLc0P6X7l8Iwx?s~w2kOb&H8@a)y{7! z@;72L+CDYZPJ||=^g9p2_jQq4m*or+t=_ntm`;b`GSw#9*)kAN#sv%DgJFh@v0o4I zf)j^!I1yNl7Ttnjt&myq_ip_ymRwq?o>qc{U)=q~q#o*H+Cl2Dx|iUMrt5R;*7jxo z^P9{fNYr$T$gHS(ucm!zi&5fY#1DgFQ2AHni}8w+RH@Cwwhhc+ozY(GneVB>P&kiX}K`b2F}tN9z7$*`rtS@u-MJ!pCO2p9 z1L{wMZnp0jnL5R97mTPch>R#aYjh5{@tadTy+H-)#;Bm*7AZ)%SyHXlZ453pBqGFs z0m@i4+#=POK^o;W8(&Dm_&3A3b4;H;XMS;s2d8+hlXXmgQi+n1&5ik` zh;teyp!kn>^LWwkZmqi598b;FRLJ^(MXgHFkZ5H?yn_kYr!dihFQ)bDiTfAckG1dK zkZ(z>wOlu#=ww@FN%R&2U3n8?SBIy4Ee0kECt=dyqL(J+3Yf2DdT3VzGl`7P_gd|T z-EtYFl60tFfASH>EvN=z&U}J-OeH&Qx(b^0<7|FXxlMN@1nnM^VB6%(vrT(eGA?B8 z^n5II{UTyDF6#UzRqTAieB1fGN;_lQ-3%aPxByU6>)Dp4A3|b`v8nQp*&@~W4}Ff3 z^%)xR!toSmqsAK7s(>*%La>dZ=nI#J@+q!MZFtO+P zy#uJj0jB0sRtING!FlJ@M952kbDf$NvHHA%BQp3@rC4ZO-8%DanwtSk3+J8qrqtk%y_*R zZ-%S!i>!2L^|O3sKXIAl`eoe|wOuY}NIlhmQQe{LsJV14-u(y@y73 z0dl=`sh6e|ag4f0w?sETPu*>IvaFRZ@>MTel&`o+GAL{Uz(fs7MzSCqhzI?>#bYpU z-RR_F(YxOezpbQF^H5(B8P?+T(uRBWaeC)kZP*>=Yw1LgZ^-; z0tsH3u7JS)@`bDlTeC^Yd!$?UI~S|S8!oZ1DbS%83cg!cYJt6^5W!m*6J5la*jp{x z2I5Y2a)bXKbLkfLDsP{cG{IZTZ`6n0UItZM2udkyN%AHk+&Y~RIsR=yf@8h=uF}Sb zNcKeCHVIYM2iM$Ee}8Q+sbhY5$o+%a7|YsI-E`RHhVp6;K)vgsNT#ksz;yC>R4-lu zN(jaQNGmT#G8)oi)vgXsb0?1I7FM?fEW;l(jm1U!d?=4r&9HMJ>K~KkiTiw_*~ElK z0d3V5SNTv*0b`TeitA6KtY%#Vi~!X}4YBfj)*n&??jx?#=v0c>=&*i-0iAHic1coO z`Dd;!_6n*a3ZJYe9Lz8JVQS@v&YW2;G7+v)GtAWI1;BYohMat{-q2?nqkso0zXr@b z^cxT)!SXD*(ETYDY*t}B7-@^NCHzwNq}I)pv~?rPk1c|9y%-|Bu)^3+Dx=QiNwl<} zqQgqGf~0?Oeh@GwOW^p4{zj-zDmivx;!$*ftD^peQW~%Hr_rrU!GeXd%$F-Zwc3Oy zf@NB1Pv%RL>>ifv>+CxKWBd{~v}(eHcl+w7?0s$(9Nu(^u?7mdO&L357~+_W1<1tw zo#;ccyV>|U4;Hxu^=-IdNZ&4x zIiN2a)T$@lC~j$!&dhAgda|8yEX=J;D8dpTF|0cvP$tuj6rN`GyF9Zd={FwkBfMT= zJPb+Qk)f-1-7j*Y$M;Ts(mlLD5&N3$jIBwbA4U13(PIQ0MlXG=f0H+q!CTHPDnU=O zhG(e}zLgtHNe%Tyq&mx!g5jnxl9xf`6 zJR+7$XoZL@J!lh?Q@Uy-nq|lRlYz125SqYO8|GZ~&w*DEv*SaVu@gWf%c8vJKL{_VYMFTAD{p7<1Ow0NwD zCqLf2t)`E0$bA(0Lx10QxP<2Xp9t~4rpcvl+EAObKTgVae^RwJ`7Z~60h zH=lYGu31zzwv>4&HWs@NTsjx)Kg;x@)5VkLiCZ_Kb863&gx?CT|buOP9E2pbmwXb`Q}_flHRhhVIiK5b!RoWVqKe-GRHb zLO-cKpFH(1j1^**@9$5HG6IO8b*;5>0Jjo5X~taM6BGb>{hL~{F?*eNFE+Tp#N43^ zGzghEm(SteaGD*9jiV%=RU>?WY{D|iC7f-L5BcJ@x}+i-6RfaHiJNvri2$7Q`Lc(AwT#C|cs~$ieAwqt0J~dMTrW7V>Ad~h_lkJdCPnP$ zEiSPV2jqt>*~+g32UPCtQjOFLKZ5CJfboclYeP8DFKVqb1G6!B9lTm;w$()MT080Q z-O*V66b~6zWeuXCQKe}PmnRy&yR9-aciZ_yU=?v{DW}mf=;|KN=G?dK{*!8gZipF< z&iyipPm&AB>hP9!KG0Vh%0{^X@0~e-bPc{|7Uph#o`>C34B7V#M4wJHNC7|t)^M)< za`X2wug0P{1qPpaLmdR7$MkxHuR7>0 zTHKMvD3=eEzhY0g%ZE1GKQ}w394+YRwhG%)jw73Q0k-ANcZA+-^pAT@tV%JB!56UN zK#FGizsIUQ@rduL-*Vznlr^qAf4#h;%zFRK%+=PsC^d!U7+;D+4vOM1$HR365m1FD z9_{dQgFKn=>I&v1{WnZ~)slcZq5V(uaX&o!9u&+@pLH}g^)GF9$oiF8;4utqHBxg# z0rX8?Ttj6ShqYtibnG3y@$zMXQGWOu7C@^<50JBywj+qgOYzuj+hbJ%ewpR)V2qx#Sjbc?r2bwYveo|@oj7C{;Y&Ez|h>)*K<9*F*Pr?s$%!_nN zMBf@)41dZp$kr^7>g`i^8$#l&mO6oo1q^5Z3ehz;U3 zUU1}xDa^BlyYakCa}tvZ#YqX{UOOp+BhqHY^(anW=RHGOwjFV$F&(CmWgYLMkL)|k zJL!$4tae)#oz2Hf7u2bTe62q|;B68ra3*W<-aHMb-M5eT{QIqiuTEiOgLnGQXhk+P z`TJJ0{_J5{!IpP<;)rJOjzIXvt55A~e;4xx=C_2e5m z{5FRjw@~QPHSlQQtx0eZkhNs(^SYc@zA#)%n6g-j$azSVvSaGxLn&NwzX(0ucvCuTO+R0eq(IOK(CT`8eUswxqskQmi$j%<-MT) z`+1cXO3|4P3c2v(rN5NFUkloTriqF3GB?tu2Ee~ah(Kn%nIZ44sEMLqYKJ)^^rPTT zZIAXH!};d=sO{Jj!iV5&?9^RZMWEG5w#|^sjRa%;i`^Kz@fGxuQEvWtNVG*4a;@f_ zTT^2GV(50c+n}h*sncS6P0u^wYI&x~x7mU2oxSPBj{Ha8+HlCG1aL0*T7R`)&eLi) zA=E5NMEE_Igx9F3fKb_D_zu`(m%r;>^}|HX=1eWv>%U##{>%TnAD3P&t%vB&-t{!s zwdUP^bs3?{_ul1qZF|R*BGm$(kxXMp<^;EJ+k8#Pvjru-?0}^lr#|MnYfre_Q~&Uh zE^8F|z^~^3*D&t)b*u~G-XSvI)A6Xz*!;LD(Mi+2?K~&UMJe}wa4m5I=5^rU!q39Nh!X`)=-K2fkkW!MxH0C$li+( z$k32nv81%P?iu5^`403C?(>8H?mjQ{f13OJfBD7!FKF;DB(qT86twA)Clg;&@2B4x zNLJT6BQjoGQx}i5?FoNy+s%%tra?xPk_DoLdB)jh)rFuC*KP4OUh|SW7rfqZOATQH z{vvAl*>R}m(e~q2^9}-M-6K>jx48-Zl|A()Bh`mNs!w}ZE(#GD#MaR13kTTCgg2`0~g0OCQ1 z_`5nw=GB9?xJ%CW@{eJ~7FC%I&w!!wup14V1592s{km!vlHwQ!s9I?gy)FSSWhZy| z+;G1bH4><+tinDc~r&HPY>SyhzZTC*3-%i%Iz8JFs|ZQ_W~g< z1RTURJu}VCMD4D$-rc*>pt~{s&%6h@I0&`m6x#4c1ui)^JsL{=SFn*C;oa4Yei%o| zIe6&Q?8xnDt(g?oRwxxoz=s}T zWR%XEfH}3x@l$}K04A|QyAtu*P1?p%)TmRjMzUaU;NXJV*-Fu=W%)ecn--k-xqeab8_+5K_(n*z6Wd0N z&RlP3io52LjZB7rHp zGj0d75;}b~?qpc!@cq2d8wFe)#lUB86tUSk7uUFQ&X-5d`9o7IG|zvrFZJ&x`{CT> z?2@99I5kSGIU*!ig$61c3F7Q0B zW0&mROI`AhiUS{o3|EAwpS?39PXWfqcE=Ej#)ND3casnX(BjF$C41>2JFkQL@I`Q- zLoP4UE7GoMHPSI+0&aEBwpQxyiCmN328hXDDF_j++%xe(EM|GArV+L>;w6q#wcyLD z3fcEmVOVNfO7~k$Elh>MQ`=J0QeV!nK`$vcf zD^?q_13zq@Yo5YAXIf#JTs6@+}>^#Lqae5_~Md&{JxDD7A z?R)*;l(MY*hy`7c?=UbhG!Yvtixk&IEt*seKFj5_K{cA!8HJ6gbEmb%6*k%@KjG<1 zxvW`}O{=vX{zAr{(F=dIz96$TvFNVZL`k~7uECgVkOP+ugu*q={ua8^iu!`VDAkMP<_ zXT zW8CKS`joe+I;(`}?JnowiyLk%b2n4XkvrI!pE73){_?}QTF<$=E91U9$#kGaFi_gK zYH~*I7rTGy7!*rQ9pvh^ddGsCPp9L%*CMlyh9$ztdA0 zJbG+Qi5LIdya|YBREU!6Y&j-zHe*maxKg%)xFFjLh2xS~bZygy;?kSY-8sD8A!NEK z9mZYTq^Q%&vu;XJ5JDOOr6vyHvFb|q7Nwsogu!9OC}Z`+1hW4YYY z;`6kIy^dX*3gIFL0uvEg;3%I?VNraBa7rV}&)vLYuZz}9&w!PGuD9zWo7+X@);NZN zj15)F8{x@j2>>#E&?^0QT{d$M%6BS*`bGydj}CkF+qn1&Lz|*bYB0&Fy()g>3jMyQ zmUP-?Da6Zce{@@wv!4{q(hccFmp}Vnc4e;>c%&)5hC|N&gxB}um8mH8E`~FO`lK(h zpEznY1RYcG`sSES?h)IK3udj&NB)#uNnn}u&Y3C&z>gqjE085);jjan7V8G(z9JZ# zOiN`X@dgn?k=Eh@u)VnIbX;M{ilHF3r7}i#tJd7}*WZ#Us`T9K5#;MZ^6OU;`*45e z9iXBL!uFFFIeq0wA`^|!`d(i}@$FvVA@6X1H6hq?>^4#ZZ!laamPSIW7ZgE^i}RCi zdDVIKdkQ#RHR5K4^kM}rYSH2u)tvKkw;7a6&8JS6v~jXV@cU8q^I3LC@47HQr$XLb z#W4KTchkm_Ca+~eaze^8k}-)^>wU8{ZhJ1S!13IYLJAiDi^0=)*WjVO@@B!R!qS5( z0Y0X+NJ8#B+&Y}^Nz{egt9_7X@Yy<+`}uZwfuZR})A|qU(o$%8 z^1t=Ve{`_gyqLDVk+C(cJ78p0pV=7Wu^;YZ<2+p>$C0V(w^;DR*Qn%CqT`5$&}!^c zM>?ZAO5g`VgDcV_dKYskJW>JBgJ{`4`v|5Lod%3(AWE*TcrQSnXYy|QB$wK?mdTX+ zPueXx(ni*v@ODu+(UR=(A`!J3hFz4MJ4Ji{+NQcpXQ3iJR=dUSiFI8aSVhpfHVe2- zrUHp-BHTeD(@^G(ZAb%q>l&|0Q8&53rHsJA=>3})ocXICNpq&$)Z}32uf|-`{QO@V z#T!j=3qQWG^bjgGOB3e(9ZOFd+zxCzApUB+h#Iz`Cf`DV5pihbJ90>{v%1@dpK%1X z3uZZ3j>(pt=e-=^ru?%n^7`ru#WbKOOT=jVMD z{H`HXQ1ChRw%W=@-fB`H4pC@&`3_irV?WHhahePee2cysco z&-RAwSMhozBl`i1bG&2a^2oJ47Soo=`OJ zZL2kR_YZ>V_)-31pKHNM6*dX9Vh!^QbVLe!uSj9iT~?lsH!u-ZIlSE~ytUolmLm5M z?aRQi>!MB5bw5sEK~BL{MHcBmpfI3Mz|J+~f;*r7?4%bCD{QKk*63Eo7aLLH=`H?V zn`7BzKY7Tf+-k|3a7ennChV0O0UwnVAuE0>kX9&60xd_@a|Pk(hhszqqcw~B{8NTi zGNtz%K*~LBd=t2Wn<{&~kImrz`b#t~jC&tMb454n|E-xL{EAN^ku8fgQU0sLwL#cE z31r%Ho;r&YpH;1VQ;19pbWGb-n5qk#?w(4;M3&e`))tTwu0RjQSvEo{)B5fme%vte8cH*w8En`KCE}%eC0MG!7^uhY# zYP5hr6R}~@m%`%OjLKR&GO=1`5p?)>NC{H-6}FRCOW`82(#;cMGS&WS>y0a8a+5KX zMbrkx@8$BU=0y3Jd3d0O?NA%>i7EvlLXo>M*ACggC=?%5D0I3d8iauVF%NEzWI*BFQt>vJVYShU#4YM73pc z>g?aTYumac{QLv=b6w(gnU`&k7k{bA z!R>Hnbf#zM{yil5ZD?|w4%>*%&*drh`R7E39zoA(D?%5; zV_mlXwK&W9_Shhre_fdMDY}XAyfJiEhInomur;6kwZ++!inDdLMeAYoKJ6zeCc@_F z_$MmijaP~l7KhptChQbeIVs|M21<+!Un}I|k>TFtxel2?FvHb5#`0>Nh_V$}uBJn-;)!Z%3gj`is0s{bNo9-*sbzS??A;Hxiy2 zagts&yq0TzyCwt5R=~0>9s~x?)7HF#dWHLiIpO^MIVzQ z7WismYFcdDcN3Q1U+Dno(G4@=c(o|5{vBl*tHZt&LUY18PX+)DjHXbo_}I_t-BEjS z+4^F|EPqc!n6;QCUHoj9-0gxa9<<$zejw*LMnP`7R621+;X8=4XM?ZSM60`SNJJ43 zs|*xZUhvWbGI*UPspv25W)`MKrBvFM+w)9B27O!+JyAUrZZoZL_93%RoXocZRWOqL zMisonUb{7PefFZB0E5jPoER>p*Kf7Zl~9-3NSW0*y{^J}1ZUXtj4D6sEw6wdv9_~gxYKLNI!=6n!QKKN#E!tT z&eBUv1;+GInOZ%b781Mmq)Ij41O3MPqIfCdUEUSH)yb&N4(2DLMx0sNUk`VQJ~q?o zR1kI>xKw?_-?d{nFq0>5*6Vs=90lwH6z4ikk`U{&vhx#dIc;tvLA-5bQuXOj-MKhBt*R_G0w9&oDI@2LC7PLf^A%^|Q_ zjZzs-v~npDP@&d8+^Ab8QHWdJk&HK!yqC1rpCBCe1_tJgo|M2|^42ol)M{b0^8!^L z>@e+7yqP{-5+bSAKv9~w6PF#YogK}DvFpA~f_kQe-dTF(bNc@La* zQE-k`PSAw`<_MgHX^!?O>U1$?Y*N`jdSnOfnshcBctfi}wa7FlM~tpp(_GW$Vns)v z8PYB@CS6>)4=5Tvyky5^C!2M!oQ8q`@+hoA1WCtM`o1wynlL>xMO0x4nklbjY*FRn zRJc3Wj_U_9Ogr!#%h7S-u!Wdn`b6c?8w9R6y|b2`+zVdI>VUiFC}KR);#$`IRU?Q`%OXd38nN9gyD~< z%x}zfdF!qy)iL$ulajmvel?s#cbSrVWy{)d;pljnI#)DO0&{8ivMUs&YA>W}H7%^t z%L5lCwiQQ2gO9*qu^l2wV0yL|Px@pUnUn?G^V10nCg=)5y2^o5S&sPZhggU7E^LxxHZ;D(3`48kC3JMl zQ9o7{3ukgtRKi25-a|C9o)n2OX=U7m+1@F?ZCObtsj#%ZR%f>}VwtzJ3M2KYankDu z_#qj!=9PUNQeSsDmQpJpvUl*AtTgS}cth{`hu>9^*ytF5H7bMC{qtCZi(}FgF)zE* zGVV2b?o}+DZ#KV06#earxoi*On_DwutjzUBVtuzX5_7ac+#gonIBU9RtQ$N?zOd;i zzHhIITymxGq)h=|=5h3JV6h6mb%{Rt4}a^%|KMQPdr{YYq+XnVf0{(NYp%7Sb=Phx z#z_X&o3b`8n`^7}gA>r!SE(~4>R>xcrd|<^>*5*V6{jN_T|t2_4An))lvEl2$f!*q z6ph^izTFfiXz9Cpny=g1I@Nk*a2jXZ>4*sCJ&UeUidJ_{9(tz3!G1~g+6@h`b(Lez zH41O#L@9exsY$<{a9W?<%Z98#S1;|cDANwD&^#K&7L{1h%@`(1pw7hbT4c2mh5W3~ z8wg2}2pqnZYsY;i1CKamwAsE4u14EHK%Eku!q=!RB;-Ld{eUVRw{gFa#nIbzs*J*d zT08s6vPPDd*az0P&YHDgo(q+qCN2++#vsu?7sk)|9QYAp(&ChA6_80!ke^n9~OZXi{#2r^vKUrUySBT z0CR=0Uuu)Jr1dnbvKO^$uD6SHv)$1993%HRSWdZ9AEz}>tJTq`Mfs=v63reUv~tsZRYqua1tL4m7_Gzt9UBr;V-Jk1tt|lRJqIHF!AL7wJqVM zT%TUXYa$*CWPoR%^TMonZ2Y>r4PGf1V1Tu20`MnoM)wvgrnz$4z_WcCKfX8rHl?QP zLG<0*1s`>4ToM7-9goQK7HZRidyr{$LM)#HK2uUuA2;DXJ1LR|cRV`>iK~7NsO-Q2 z#QiVUWebL)ViG)PG?h8I`A#h$ulC-4(=yt zDeBg=va9X3aLQ77)(H=`YQ!Dt?iU~}gjPOLW#av=bDWtuf1oyz1J0i-lf&NKgSvb&!2#qea<811Cn&Z^VX&OSCM(Ltoi#HY}N+s>+` zYPLk9E*>G5fcQ<5lnp#DSo~7ormMcSy+$v9p=M0D$SI;xbwn?@&OlfgA_{DBiiYT$!6gjx zz_ySC(!6nZnIoO!;WK~Z9`ziN6|}qXNyB3mGmjirmp5S%YKs!PIzu283q0bTcJy}2 zv|PWrWL~6Sz4IAQcAeHRw2{$k%{;nlKULjz3=!*NY zgi!y+*4&2Jd2EjX5`2&2j3GrcE=DK^;Y^sVp)?udYf! z5MvNyO&BY~F{Bh2pZc2s+6*%9l@%x$bc0M(ji6x(CGF9ileg{g^v6#VFmb4G7N|7Mf34Bx%KGK7ftQRY)Vmdw>E+mU`Q*A7AKzP$T(PQbR3SSppu`Ba{ zRV_udXWgtM1CZIx*+Ov-f;#8qUbEQ>ij$E-Tg`~-dWHei#A#h{f2#(hkT5W<14XAQ zSZ%W^^qM+v`dQ3^-EApTwz0+14c}wXUG+u&jmUBwPpwl(016ihDi$pi)(B#N4kfF_ zO>yC>y?G0AcpWh^y_ic_G0RJ?ldP7VkX$qqWlefUkQKVMToK4b2M2-{hReC7w=C2(QjeG-d~x z?s?T&BU%D}88crG9Wk@@8#K4lY%xHNo<2uOwpNqor5&NE0v@aoXjV>PNx$*PSOEI; z8DD<}O^QuHg6Lz%g)mElIggV-srb^V4`hu_hJ8LGr%D_EbiawDPWDR z6vz*|5jVLp^L=c>0darmR*H+sc?U<9IpgbdBA3*ZPeX(4vhsU}SI1OB3OkJwGkKEj z&dW%j<9XF>b)}0`jI1e;D6Ut8_*cWYzL)TI8-7D1qiHUdZXk-TLuaE_ej*oH2h~Yc0rjP69PEJ>7e3F&v#@OIgcyn1G?*3OT*_!(nNj2sula@Pv zt(hBYR(bGMgiK^k5m~*(O0hl(6FyK$VLn@L912!7|7c5LLW4rGf`G>D*+L_hQ&%TL z!MmH@0jnjIcA87FVOqW5oZZsZ!wS#qK@`g4T${ne2VIr$C7Si>Q*wI*R!5e#{#YAB z9lAB=C6(<#Y@dEtB8Poe@!+?be?GXlU|GvY`$FRb>rxt7v^7fLiWi#fOMs$SxvBwLT3TWGbYK5;0|JXv zKQeb}yx%x&AxRufI{Y zsl9RMo!4r-NL10io!-ITW$kLQSehH8IH&ruV@nIUU*!gHv#u+SMAy zBHZk^+>|XbH2Qi5VjZ&xBd_;w{j_o>$FsqmyrwKkOt}*&S$X^rzezmL( zqk~db!mSF{j$nxN~cEQVCf1+ob@B4d?P7R*ihSpXe!c=f9k=1Ct;{sMb2?x zdpM#IqoaSE)plb)vyfxu{ER;1hi8Dcr~)Bnj81X_vrA1y zwYqE87eqpfVzOC=Z_T5o+Lc@x6?~z*_}DO5rCA8Qe_?(9i&TNdSsB6m6*Es+k(QAz zO>MLutivVltoly(AKz~%eh=G7M{JZ_YBhjEDJ^)*-k(Du^4p@HHQR^rbeqzyQb88bEh|&ewxj zc_?=*8X@JrQ$%Mm%!B^(vne#$&`FTt@F=7_mWo1ku! zpnjLXTAibM%QivXHjI;kkA2nsn7RAmjDCl*vKq%@evlbZt8b?dljP2S_cA+{WY)b< zlo_W#M@++9>Qv0$P*q`hVr`ZotY2>Xs-y8NiwzNxtR|)q+>>FeUzKv>V|)791k1ZV z1Y=)7*&UPxjUgr4Zrac9?`Z8!WEvheRFGFB`i|*8*H;PdB|p z?nao-zDU(DRC_tFs=zbAT;|j~APW9T7BE;_BFD%3J}z8_b>|xlcjhtOzth$K-q*A@ z2<=0xJ8Im#<{wER&CDt{!M{Zj7s^HoW6LqO-&aCA=>vz5lC23J}@Xac)gP0!!m*5B2+oh3iywd(4`ua+`v%K9nV&P!<-);glq~ zclCMiO?hv%Ks*YqsYHf;%iE)zxG|KH#7@VptKJB&53`B33zJIY46~E7oFlJCW=_ss zNbU%UY23i)F8XE^+MP#bBTsEh4R#GSOb=d#EOeL^MzZ&f_hTjR!MN;YLl*TX154W3 zCOnxA7M)BY&}CU&_>OzB_Z>`d(byE6!k$$YgC0*-OMS#w1Cz_Jjhs^BV3$ zmu5By>Xrz}&b&4O$u7e`{L-b@-Npl_Grdf37ZW?VqAA*g70F?VC3KT@Ap~FIb4QFw zVwZA$v>)ZRkXM#~h2{&cIwOzX2^>zjj@8_bSsL|MH0oXy0Qi_hHI_|hrePLISWF!S zm6b0GeAsiqO`; zhFpTUX@vtq1?Zv+0ODTJ4U20jH3;#~>y>zxx#}n7i^Sr&N(A1+ikq94DZx$A%WqR$ zt6q((`brOm4XLGq9S8Le`q)4x+nOw{CWl2n1MFZn^3~-zv0ZDXj(|YL@X*G`a&o zZ_zhPHZ2=#4ZYub1-(iOE}t^7Eh1_ z4A;6U^e5)quG@;0)xllyHFlA%#&vG5@wo(~kBXSCidct=*f0%1n1+Uin!D!sRVZ-4 zY-C@PTqBcWwFnXR-dvy%irZ=UM6j} zpYjYN=FZhNRR`FG*g}66Nioqnk8JG|uQb2}-Whnbp&3`Jo0GjFdThCRDK5fpVC%PW z{TCPUucr8C=OU(ZRQo*3#z&jR_YG%fZk}^!`T;#x+tcI%rx#2_N4$pRKFm#N*3+Wh zd-vHyJjSG?mse$u$+fOgb2FvJh~x{2-jm5boUVGgqvMETy(~_~9#M5t&sZr>=Nj!yo@^~cj6PAJlGjE;0}EKlN=K7Mkd0k5$yoD)rKmm z*SggC+ba3gNG^CDx{&+rjEv5$fZ#G+dc%=*;|lOfYfMDMnie6_G5e?v$O83{7*joN za<Q*Kb8UTjx< zuK7uGbEcyyg32KKm{mf=VvOe9@D_nUzkJ`_mNw=y$4$*})QDRd1=59&(D`6YY}gI% zA{Ky%sw96j`&N{B<~B=+dwIB`@#N6mO<%TBp<7COtcVS{F|WoI;L!lm8(VAxK~-v> z#n(h@*&e?pWiJaI&SAW%#hpYSLjL*end)XnALy|2r(vcgdQ2)A>IGc;X zYNgJBLPYjb>RZ-(Ts0e7V_ua*+0v5!gd@RC=V8|F>&I~hqk9(pYLv)S^fJJHDy?GC zqCmmRZ4yUPrwhK8bA2IUqrp9}4dAgJk!$0m^|L{&@n6j7u1-ux9d)m^ccz|Q zE;~sSpDLx;13(~${A+s%AJZC{Ff^B{i%Z}+m&?4e2Q(W=RAsg60XjAcOVXY0|Nn;U6(0=6bu2{f>EL+a7H?R8X{2sPU z|4>0FwVKux7xxn|-D_={N1{xs>>?Wdb-Ra^eK#lerfSAxjeI*3f5bkS*|a)FDLdNM z1vYP(jk-s+1vAg86s3XqbhL^91{Lsa^`+=ZQ;ul5EH{^}r7jkz_H6&IJv;*Glu=i5 zw%?n}-9KDspun%}XC?`nJ6K%t=`%!`d!2?HU`2)J$ILq!LodJ!W%^P+5-wPoYS-|d zb+-3NMj3WjQ<&(*;(ydL(_{qjj-)$XX>><(ib?dA*0J#Le+XOI_9VKR&CD*v`YLB2R5#ba(G6&;mk%6oEF4)GxB(O4AKbkd zagUUjWdEus@tL}Pid^@*Tr$%iP5wn@@E}YKHPYQzCm$~`c0kH=8RES;|23b0o!!oQ zr71u2(5(i1l{Yt=I8rSK>HT$v4o5W*%!*c@Zd`C>1MfN$e^*Z&J>Ok2r>G}BtzSmc}wxI5&5MbS-kM)aJ zA<@gmp?Tzb(K51-Kf?67F~7m|h81%wcdt3)s;6J=et;y*ljt1mkG0NI1D~_c8P%Nr zRw|<}CF+@^=wYkxF3qFQ%(S5vogefq@ubV@h1Y2gx?87SknKu5{OVS=@QY? z9eD}TFz;Q|Cn~f68u~@;GxK&azfV+)wbiCc{c^F=9TFHh1^d}vPaI=o@dEVgRlr-l z^c|F1-+s|IKD*WBxW1yPo@(A*h*n@Mep5?hWiiFIsWEA|<3v*O@curV_-N`F&q?&8 zcU(dNp$Hpib$&%&4eMJ--y1T&JaMubYy+W_WpE7F9YvQ5!($E1#J!|cOx8ahC{)&- z^iO#Lq^hl&17mrV!Gx&NRe7SZ2Ubd?KHZ@JQ5Qs=;JIEI@g9-J>H=ZVW6fKLh*g;k zRvVz5Y`NGY@E(vCL7Mq$A^O^1pZ~TUiq>g9XC%K~G~j#RkSy>fEWk`zCN9COIv*Dm z2r~(gkD|!D4g^}FI>eu87y^AIP)T#?d^hQ4F5!r{95qB_;Pp)bRAcjXM$IwT zn)mNcX~EgqIA3@LqFz4y)z=bF_jWDA7Td$En2z&hC6|lvyy65(-hC-FpOAt`b-yx-dx6Y*a@*fX`tfkHP!z*;^81aQv9|@e zSU;egM|E&=6i+5j(*t+EHeiq5>d5 z$`}7{C9kfyrA(iNAzG~a5b;|nqP?m8(C|$S&O}q|q=nl2V*OS63FiILjg_ah6|ynS zM!C~ZdK6h?ytj^qx|lzRjQ)Ln@_%yHKR>@DRnA6+b&PxXB_zs|6c-@l&O!SKJM8#D z@Zu%z>$f@vjmvfXa=nyZvf5OINmqTDw1;#&=@z;UPQ_b*zijAP@f#+;F=yTtu5Q`+ z>bAV#M99v!?OApbpy`L!+y#?5(~knY`?`8hy06;&@yaivv!Jeu;BRIJMDOrzekYtb zL@L_+u337?+BSIMf=HlQ?b!lDxLlu0W%Ku4I-2#_&Cj=pX)(#+zZ8Z#{rL|0Yi9O` znHjVAd$&olEz3UA_i6E%c&i>j46ZNxJhit*t(YUBr%_#Uq&M=qkt{&+Qg{B_XX-hZ z7s5VJs34_x@MZnlXVMv&y(Bw_Y*90MfVdhLbF!YWaE~Z+VqbmJ{YI@puX}LrEH2@Q z?Shf>6ak6AthfGY;xEbHpD4;o7PSP1w+RLMN!E%e#@7*fcH%T|rOWFW%J#w9PTnc_ zx$6Y&Q-_)F5&u#7un5O&?Mu9{?v<0v_o{iHz%>dYU6gU^`b%Le#ju2@mSU0Wl z8VZ*(UFPa^WUgcBvjMCqa}_CSI@7|z#yW+60)0q#q)k%zif3M_q9PM(9k?ofnTYUb zo!dHDz7@WsptB2cK$nI(Ed_6T5BA0nUr4X^s}${$9gbykR)ZvpywoVrsAHO<_i+&O z%^WJGcaEQ81404%M%)4-kWPfA6%{kE7r_16ps5Wyjqo^Ph~LUiupajTb32J$umjk+`@|{T#Ovck!h2u)g^e ztk!5hjsB=~@u*fegiKvGa8XgHIOtZTR)FHPP-h)+zE>WjaG>}lqarppirf%f5g>gO ztn{%i(E9!Pc8EZwBCGBntI?Jh9-$uxw-@Y0dYYTV9btuBV5hW&SZzN+3ZENRk;mL$7|>AVmSKNo&Yqg) zg?Fe7?C&GLkmhUYs1~6YzansEH-YG6DP4falt>1no-{g^uRcL|4KhVub=I1$Q{MrY zmt~Y{a?mA<7p2hP#XdxT(c^UcOk#azxN;gZ1M{<^D66RGY4vFhi++xa?$Bl)@6ge$ z+rZZaW~Pq}n@P>T)TL$IKQi-Nu^P57S-S{MG_(kyF4?UKgb<5^?vaZ;AWG~6<)cxM1x2N|L_x<+gl{haR1-v8&e% z+8~&zN(ZQ~?*fl@@>!L&FQ?OO8ZHvk%QEazpXUe1M_<3%zwLg(tJBD32_o$;UOdgqkf7Llm-v7M=5EaB@YKU;YzSdqnqKaCg^ z5-3{AHr>x0jXTH&PsZ|u%S*~$7qBBhtM-G7rv2ul>~E<^%3jMiA(29r_R!3FFH-p0 zi-$5RMQipI`8FY*>iLmJp6~N+oyb~zI1>iE95k0#%~qnU6LXHO(pi$vYTo)tx*xL@ z-eF0G*#B+WZDvnVOG1|0Wu4{PvBk{i=Q@rT;>kqjC%N5Y|o_Z#h-u4vI;NzSKZjKp0j!Rxsa9D_xX4bQy z>>0cEC03mx9FHodyasi2-+K``cBJde4^*|$JA|Soq-Q)pUX|W=K8`)pEu1XaIgv8~ z2}OzAFG`CtGd;hT?+_=#5_PCuS_Ul_DMu45O)E>r^{*x1YpOyoU(Z_#9OljPqxX(` zL!?Q3i%y@&8}WU!rX7%RHwGk|qOBb&315}pH1_(4o^UUKx=p)bUv5iD8842+m4MF= zn{MIyMtI-;{;>G_j{fg+>%XJsm7TahCb?&K_F(V$;+tRCN~qOZlqEI#8-iN5XEKMs z=Q{rT>i>Uo*8hT~(f?bs|C;^(VfO#Cp{SWye0?^Y?~Lgd>&PP;$PD2#4{H_UcS6%A zRpm`iK%$#bS+OAcMzoX_O440msKOPCcp-c7*0`iC{wZ?f_yup>qfGitrQ7Cv63!L< z;W}_2C^@iPx9P!ife{!j&!w&#DKybC19$eWSp-Uf${b{_Mb^l)*kKzGZd@?ClEO3i z(miLGV>C~peTsE@1(uL8ZNXl#xN8K@jYiRHi(;g#0lFg;imX6Rh~h~$%EUk|%(Q3O z1Dtu_Id2i*%`zsiP8!}t`=M}ZnUzCX1Lwp|16=$pgGeAVbxj=8Nqg!>qr1IAz{Xfp z@owF*9-e|bJzJfqmb{HudscCBxG=$Mx<6=}Q0c2nblxk2 zY?{m{BJU`=t>WsLI+&_zD_zpwRH;0ksc}`6c%^H#(P(H~qG2X+U$$(#cESX_q~5&i zkz&RpOD%_&WBq7PPxg*zl4vYn9xHP+a#;ZRElgDjs|ZsV={qHz;9xuHT-$9#c%T^b zQbbzsVh!C`2r@vA5rmOKo2Q0n=&r1(|6OYI!_9L0uK(ikO3klr#9cq@7Wm=8*kZl; zms!Jz-OFLk#h%#3SMlAP~^cMLoua2mGY4o2T z8(%HC`M2`$l@J|M21E{$hS2G(cGy-r?{^b?{Op(OAKw9I-y;TGW?beUKe~ z{p~!=bgxh8wGm6Rf=yIK8+XB4hh;J3CP+Y%DUe!zzEK|W_7Yuz{ zFtX3OTc07W8*YSE=?mNtHu(KZ6Gq=OF*733We#KSs9ACRxPNR;`rd)Oe@9>aK~m!x zXz13u*FJqz72cr_<1TVDuP+X`_rkuzVloJXey9dlqg;|MJPxWqEc!Y1sD|amUx|Mz z8&u*AyJ(hr<7DB-l-_$O>mE6poYL?9ji5iJtF1dsB(1AQC#C72%O+3YaIm*0E^Pme} z#@XG&0dC&No7;c6H3zpuCYF$A=oT{Wc8&1U@V*kcUEHefCo z5@>G;RPd+y500!7Q zjID1sAH5S81-z4A8o4CZUyuFLF{4N%qO)$y%c>Vpu`O*2CHD-1~JT|e-t%eYAuaAX-Nai)d}&1;=SyJTR)g{}ZUQAO>@e^W4E zW9}o>5W_o{BR~7T?h#bwN8CunfQYx|Z6H9L17?U3dmGJ8CHvhkHM#0(l0NAlWY#q4 ziG|1*8G4GpdNowA!hCdd_7-!6Nc+KY4f&#*ZuNNPaf^u z-6u)!<9`j(|Fv;{`V{Vbp#kpor-ROs)K7ntY(-pCLeA@B3_mD zmq#aHT2TWr#SKeEGj0t%`chrK{+F6RZcX$zd4_FYjs5;lh5nxSXAkuFy(Ry~(U%Y8 zDuo>D_x9iYEsMF$tBLzF z$D>=IE>^dm6e>Fv-78bZm#JdVUVHY~{G-hzaXXt5@*o*on&y{XLcwO$1{1NB*}vf} z?M+Sw(*BEB4Js-{_Wro$*9OuPDh&U)*#DpH^LJ76n$Rm`J}s4doULKCQ}onZY^dH^ z#|ep!w5ZUMD`V%5opP#6gY9FHQ>5XCZv2u zKymg~u*{}|eJi_vKX8#R`$+{tUQMR>bb4ndf|hvrXiD(h;S<$W%n3VmPrG!(1?^qg z>m^n`)3jTGd~t;a-gE;{BxuS=#m#n7e8Lo)zubWQG-?Fo26V0eH1&e|7t$VPs z^09_qddQ}I&uE)n1^K4DjSguGt2=?*#dm-T*8XwR!{O~ZmqQKrLc=EZFfFcY=ktBw z-sZx|`x|M~iZ6w6xRmPpH(sQuSpG<5+*&=U^4UsxiO&_~$a_hfaN&gF(y(Xoz=f0t zA5|SxUE_ZUN$k>QSewYqyrVW+Z4{#?Y~D%HGSbJHnKmaKWpKj+;dYY#CcWdOqNy0u z+)j!{K!+s_e$l!a?;Z)WV1IGcI|iLo_;NFp_Xentd|Ldt7bT-?omhafv^ zZ|&mh-~D-1|8v8nsi@zH%@4$(1iaKl=N?R6dRH%vbI=h|V8%8NyylICS4l}Y_0)?h z*`U;PH)Yy-V%0dbcK4YBi+Al~dn8;|k?ze>h3x6@rNRm~|65IW{B}9k<0*SohLq_) zb3%7+D??^`*{E=wv;qbPnV#^(X$#9u^+mc_j(IwZu0LJp@iX*gae+9-Nt~*xe4hJ@ z|6%SAp^>+jmkcs!^OFmhH7oVKsy<-sx+*myrD z{VH#eYQ~_%M@ow{XK_Pxq>y`=O@TW;bPBp`<7eNILheo$RdWB5dwpz<<*&^Dj~e0Z z1*2MR-U(Yi-$d0KAA?z`aFa^aPQ@y6NHgR^6eU;q-q`YlGVR=Kl_2jty8tDgsdR@3rAdLKd(;7 z^~_0wJtLlg{z|??x6vCPm7Zr!cmA|gC_(g$c$hX0^e@J{UwZt+Lyx%s^vFF;+A6k) zofTe0p{2`>#lFFF+lNy|ReKi9V@-IqlGPA>kvG!hZjB8pecm@*;K4_DvHL=zjZAE4 zN4TMvvTuf-Fz)ldFCqQ9wwwP&S>qewx?eUYKk94 zyjd`IH2Qzod&{sk+IC%-J{8(hsNh!G;!bg|0!0!$5UizmfZ#3_C@o$jxI+jeBxnc_ zq|icf3&BF5xCV+BD0K6@>;2YVYwvY@Ywtgw9DC(YW^&A2bI*0%lesTD&#BYtspC~* zpXVPcbz6>yjklcR!2LtJS17aEe&0p}u#+PM!|D7E{x79)<VOR#G#dkz-Z-2~>DLL5L-QsZRc3=M_ZdO=|zf2G~ z)e$gkJJh|~o%k+!S{Em9hkeMPeveQZ?Md#)Aa)or`*Ez2Iu#1dSTWs&cn2NylVG$TPLpibQ24bap$?BCpAKh)HQhDd908dCn3!^8C+Hon4#w(k^nL`4Dae?%Z!zA z&F~>M%;+?rMr7<0ta^^Dr~N&AMjV+=Wk(Cz*)W2 zO>K?)v~aOfAsXnXR%EH;KS?1N758?XTFx6=i>#;(d)40P_Wb0h1sx~&E(7%KU1$p} z_#>-o1v4)JUfa?aKS)+*-3EdRc9j+|<+OXE^Tp?PpCK&s$}MyZ4LD&9WAOc}6}zjPKfBI6ZH?CKAfl!FJHYboZB$yNzr|S5JP>sjU?ZF z^)A!{fv*wtH@=zXa{dT5kNa87jhz6SwlIKGmQ*W56$7`ju{eq_FnKikDZKL-NjWtu zC^QRF;MFI5r@O0Y7>-;kDcc>8@V)oI#^($V(2c456sCYPG7JG?h9BrL@J{J8;=p_GFEsa1SV3@|wtGtf+oNoRP7d z=fI_c&)P4pM$D1BGP_;H^kB1%1#=^mb4nB)m<}v-CQ>Ew2yfhJJf-11w8>^!SS&Zb z+rZ2vDp$FHtN5=vK%Zf8J}Uy&tJKc5fm!uz`hz>4|8?4jetvY|DCLHX~! z*0{8Xy(=mSVH0chk!&AScRh5yuC@=0ul$P3_Go_U`*Xg?eL}uR@+H~!s{H0N%!100 z`PAND%hD|wzJB)#>Zje6*19UoOm`b$&$nNBhu2{!H9_%6Ev-v=TxBB~T51wJ)7F2Yyh7L|jWslaXVCkfhg9KF#SqCMA%*2TiFvUmJhU zt(Odn9=oE|qGaQWc4@<0DvAeJ1$p{1wNwfr6%HacUoD~Bv6gBk*=qbZs^6YJ)$)CP zT)VDY7k3V)1D1Ea->ocBQL!Y?yuobL`0kTAAOyml*AsoJH;yCv#}?7{iQaCB3c`&jZZuvwfgAf*5k27F=Xf zb!O_9!(r*ecDV(BEvZx=8p*M)a7|&Deh% zsk49k^_%T_K0)4b^GSKN0A4n`*#m(vkY}!Ek_*%qQm}l?y{xg`t=?MDN`?5tyIHF>yxB7*Zm4lf@k2)P&CW4 zT%m_YGev^cbK=pJBklQ2!Q%%E_1kNz$$+weit~g|dCvQf-G93XBIj;i6TVtJt%}qS zyNh3?cFt+53@VS_&9fnLkA>W$c#WIjzS|uQ-aaz=hY$H%P08CA`1T(@!#|wD!Yc1e zp~n9>b(@aNnUu%9Q?ftvLh0ov-<6H*3tX`CG}DvG-_LLwwkubEBhUTPe>jgy{Esyj z_1Bv}`?lPo3{5Eh^++h*axV<~>mxL->z`NSEdTaj7yI8*W9Z(Ez@l?Iabkk5AFOP& zyy|gKHL}@i{#<@;*Q6kH^m<6=?5TsbEw7x)WzM{4P7#d!j$VIW;BI+QyO)tC)hQ*Z42+tG8=-wJXH*6;cF zpnsw(Uf4g{GVAW^pz{{fCJI7C|J?l}T1gQ-HP6X`tiJM*n~W4&{9iKYKH`o-9%rF< zoSvokrdIn{?UpG#c(~{Ruv9;lJ|d@92SY0sKDiSm$=YI_UU@HX&1F~7f2rFm(ck`74(57=rZxsL%YHT$Ywhe9k5X{FlE%d#nW6VK&|pj z*2i&d?S)m13C>P&wMf>n|3^_iFo4@U6c5feLm9IcB!8;6di=$BwGNT|P~~=T!qb`A z>caCi`t*e5nZNMOBBMQH{$ zAN858ajPtgjbcvDN%T5xmwrzZW zhA_fC1lb~m0bU+Mo1;vSqrb*q9dFv{6zV2cVl1i$!=g9=$G0)Kk_H#@H=75$1z-5~ zt_U4gIR+VLY<%^fxw|TEsUY{nFFQBMI$)}vo_VxN$2i(|ajxv|w;Hxxz4!)a zY}sT$O94P@H)G?D04|PZOE~Y2p#soETS1F{fTf40+E*aF-LG|ZOvXtmaiApTLP>}Q z`54zLdoz|l^z`XV7)@2F&jQ`4(zk8cy4xY-yzWn2DL?c$rKzL)(?>Or8 z7QW8s*_zLqYi5Gvag7=8IJPvv zSkPe1a{Sj$l2^fIyZur(ZX}FUynx}^%vJ-)38-BH+2f0zl_5z)BzEhEo@t8 z2qRV)f9YoftG1lvH%98xE>X2Wb~gOc=SpjR;}JgSgodoPJw)T35Grrlsra)}n1}CK zw)T>Wz6Ghwufz->l5I1wZsB{H^qEs%Fa_}X2rnWlCd90+)S1%6$|K6KWh`KH$Y=(z zisXg>&e=P)5;+tyF+UY)U`=TS2lVNgf^MxYJ7QhLxo4m9rfjT_#9NSwZQ>)Gx0G)R|%xev|8Wre;2T_IdQ$ zVdLPtUrHvnCrWzDXRd+ib(7#Zp)Q(6%Pc!R1RE!hm@1iMW}nJcZ$JFdL0(J#UWEgz z_lQ>8JYT*Eu-YgkkNLR`ZQx5+#5V9XD@96}P5h@7O#I5URDJ_ZeoOGYzXcujYf^Q_ zCDs5{#X{o24taa>aAd!yv`HPb=k_VfHe*S#RaXjR@FuL3&P(RR3@4$6=X>bo(G_28 z_qbh_=sIc8ku83uc!=4P_rc(7Cq3d~KOWYVPXXB|T6&o=k2ZKhbqVJ@b%VLb+r9TnTKgJ z$Nqz=s4~j#Tbi}n-CR02$11u|Jfp$?0}OWJDZ4EH38IEO+ulA#O37D|t; zx(l+47nF%YO380k2Mb5Sun)6k>~Cj0&(hYag|a!T)ww%KuJ#B;QD4JLg@T&*^2-~n zREmVmO z_XLI3DygxO#1Perp=HBe%ERj33mJNGzM^ASPSD%(+PZ8{$UX^@t}uty7JzAJbXly! zw1QBjtyKWM-abi8gIP(aHUuRO>LU2*RSh{N1u`&{tCr-g6;Z(B?NO1J7I8sy zH|YbzOd5`6Oc@((o@Zobt#p8kfPLvTvg&sVrI742s?+5a{iSqlMV{%FoW75kaz*zn2a}Hwfwdl3!2kz_IcNLoVA9Ct z4ekB+SaUO!uU^G2ii?XRx<1;ce?3+qI?xy*I$7t&sL0vv0l1X_jH~Hu+*X-PKLG?T z5PO6+tHmej@+*r)NBX65Kb1U34;}$Rd~b-CDOg2>tep?4Dugf&KDJkSk&MH_taPLS(Gdhzo8% z2%uFs`MM%uUvad7(!e&6Bs5k^??H?7Q4^9@@{scs=YBru!5#7WM$YO>Z_Meb$eOb* zvyWTwBB?Z6*8E6yro@57E(j`LBhPru%jz;9P0*9v$_+CzhHG9H3HoNvAM#C$j7+P{ zXdZfIhMR9+5dKN^_$Ev$h|IP%?T0V-wh}F^pTBR0MafNV=q1<+nsnr2qC#-GrN#?6 zQYbFA-vHNg%N!?L7|*x~V}@fXi@O0`-(s|5X;Tt{_WBy>1|f?C*h5=66@Nqy7AlIP zNp~tWY%IR|DBR7zH2SK$yKM1TK0KAD(}ie^$;mYqc&g z{O8rLtL&P=MdU4CUM{nAjR5jdzOqw-kvgTVmiN=~Va0MC+K#>Nx~R_$?Z`C{r(lX4 zQWhpaV6GGL5rSDazCJQy)HLG6)0j>dV#r4)<=&?uE6m`d?uBNd`T%G3-C?GmjTZte z(nt^bUR1bs)BKK(U&j%1XRfSzS7(M85ke=94M$n~cdh|95deR(eZEv*7jxf!lAoUA z%X5?#MMOZ`G9gCBh^2+TgGf+1@>{Z z*=bE3F(W6I*^QGjCm);?B^^o(ldW!qp?x&)C&_jVct*>>@wOAvPBYet<-_~b=~v&5 z*zk#N&q?D9S5d|dDDNzv46!V@qXiS0E=g#excCaqgq%*xT9=*$#x$C07JA*?6E+WG ziWZH1E>l1d=|w_sY z)=sO|2kX)rxYi*gfvn@e;WpVq3uU63P=#F8$M}p@;2ksatpEUf&eA$89G<>%&Uqm_7#m=9+w)88^g84 zEBu*C%JMGTPno3%~+-7Q)RcZ5&J}m{nL5e z%rjkI&e;-0%hLFhbqD24I}1*tMCERKx^w;vW(9Y5bZo`U8A_j#m?YRC%E*|d!a&Jz zUK7Q+4XydepnQY?bV+~`kVS9JrqEVe1(Zkz1Wbv{e(QPUp4>gaI+Ekxr|fU2u4Hp- znd)6__2J;wgXzr1>v+7BrC(1f}2L;2oNIGP*TrBzqmRT$SJ#Xm$LuH{Mfp zU$>>yWytrS1u`D0NK`7v%Q?#eZ#njbp#XE4Hr$Mc9+wPEC0e=~`k*p`-E#eG(E+Xi zJN!V&y0c6}HNsEjX%L{ps0q}ZT3Z~7ve#IX=T$C6mvY?*`hEHaAa`W8d#C46$D4;l>J2WohF9y&Ub3z8FBpYW)M|a?W z0zGI@goT55MRk>!WT(+d0A7gJV7Dg6h~5u~l2E@xbaGV8?sWiP<7lLjSp;pKjS6#w zASr?PX-3%0>K&}NQ%9!G;2rD+Tvnt&RVzFCp(jjsM8?xBtwRmgvMMH4(yrv8aI7#z z=y0r$>F1*{nL4Wf7_eF9=j}A}XmviszEC>hWBC?m^D$dc#TM<8VT#V18FPgNlF*OM z(hu=DB0ZLLr+#X62emCv3FhuuBgyH&hmIv>v*NU?pooLDxLgT)1+w{P4cfI`VhRG8G@&z!QlS-WV8Jf#l`8TaKTn^HG%3ak8KWb|wYROk8sB7A% zLYz8dKEL&y;eQ#tROWL#XE$Yoc0tt02c=Baz5B*(K?^1u`J{f6)gybjt-rIb=e{9j zX`@6&yMH)94?tEdYh}?khUcyMJzmwblL)Ci|IV1j?ecA5g+x?UO zo593;jJ3$1$bT&4O4igL zs$c^XLhrA5Mb({0R|`-wV~3g@dB4lar=ed~IW&&xOM@muH)LN@H&^Ysg=*xNo^+2Mc5ymdO51K+=xZq0sL$yz5e^PE2;^4{N z68@-fcjhbhP*^?mGgtrKfMLrDT5{zdd~Efr8Zzo6>^Vt*l)zdA#)r|Ijo?ALTPbrKjoXZ%q3(=VQJY$s}8Gpwnh56d*+UPQh-Iyzj&wSg$r<|JfVOoXj zN5C5!`?C~c2qA3~cI1FSndh9tork)oyS2Oj45_o6A3CE>J&@X~MQvt%_b%^IQ8Am^ zw}BMyhWCUDe+;9vZQYIksoYYT3&+0nUQ&XGg8$uRl)0eH{(EoUEuO}liXu-C56Qwi z1G*rbis@v@?^(&2sM#MU?)dM8zi*0fIIOywkQL%qU#0{GV(ZsBh#Je+QhuA<{O<#O zqz!3a?e)|8T}>dO2SBpONAfzjxjKKSpvB zwlE0tQC}{$)XG`vI;GObz7gh5A{I;a@$5>W^dW~*4X$csgf5ZS8C|+OHdi$qB)Ymb zK})Mg8B+DM{5q9cIQb#ZX;3>OK_w7UJY}qN@cK2#Vg$=R0>IZt@0+JBMq)}Mw_iJ4 zGq0RT(}eHHKgvP}gmV87JKV{?9O(AOZgZsktF@}|f2ipAxg!thf>k!IC-oAA=KuZp&&yJP67jMs>ci1;8-eA4e2P;&1*J=_$=bCCIpx#)2##-B#|~waz_@XZie3MQ6MctG zPA)?W3bOU)FK{sdJ0Z*jCcs0Een9QC{os;o(n{e;VVvXl42}dZI+U}NyoSTp8;!ko z`%mj)(bZ#4I-?IKDjyXb+eBjz{&9$IUQ25T7aDdu@0-^DowR#)GB$LoV8KX97=yGH-M<=oI1=1)j)l-RQ9l9E8db8s zE56b&kfHD(uC1$n0&45r`*ACH+6{8pREOzj6s2Tk{f-@Wt#u*sn@l!sK@}e40DIz` z7r)ZAD5l1$uMV$2%1!@%z4^j)gvF*GwRvaXT?{NW8Ui!>A0LwcbpOIb+9?%Y7WU1{ zUynSzZ@r0nr0c_FR5*%mlKk`kqMRlufvBvxTs>WF8Ouvo5 zyK#=FTu6^<;2)};+?92>-anTt7vA1A@~hFuxUKXZTd(fjyr=gsqVL8Be}clY-H+bP zw8DgrAG7VIBsgUFz6zo#0FVk;I>_dQ=Cw;_ zMV7KrJmFr`)y8J8%T%l@ok5)wd~l6~B8Wa58+wrWqR@OV04X|mR;uSst`0CxdH(B= zzKHy|^)k8{l}uBnWx(7KCdaGiXxh98_}cT=&yn_Ry;uDU1!{t0#TEia&=Zn&jn)Un zB4Xp3rW8L7*1(QOlUZB+PJhX(uRf<^$h8(>`|dJlZdNdhuptgURwA?8A=JJ#F;b?* z>AD%Q z|68!oi+pTbW7Fw4_g7}M1v1)!XvhSB3;qPRvIhxvPCd`m`Qh!i_Z539(W}hPWNfRR ztFD>9nq5YfOQM&^YTH#!$;5DHk<)Wh^;w_ZM4Z)zXwQC7E?v_bHdlD646Q%j8fuxO zRb*DO&z2O`%=DcChwOuGJ(GkpFwv&G%EmroXQkFJ1+`3!h)*?r_JkZo~3}fh;9wQ0yhp25ml7QH|K{0 ziMTkuu&om2DdLpLjmnm}lN%d_5w!R)oPsAi>Xvu)aAr7Z5?>emHK~cux^rvlE$5vWC@Is@` z1lw>)M=BzU4JkMzBnfEe=KK>unPN1zW!>H~zkmgI`a-C(<4~>H6E5uSx8=MJdneEtr;RDXT#aO)+ajo*N*2 zjAyhE>AFh0jjn!`lssVJYiI)8S1%K}ll2dnpdLCiK+X@TCW;S1gymmb$crim#R&wZG=fuS+u$M#(A@ip^!!sr&%uh8T#E>bgF)rgyj zwvn7K=!wR@g?7$<(OR#AnFn*Q*VKdV`8JkC??ul{$CB(jeXqlgJw3Y~J>6rY*JRC$ zVYoOnbyGRiyf5Bua-z^r))j}?MDbZNsppAIVj*eePe2I;uaydKS;}6FDZU5Oqg{?6}4&yDivFkI^m8RwI1FqMG^`C(&2l6hie-FYXfF1TkU>v%xG?1?pF-lUO^UT1K`;fU(f=IIAfnrLu+ zslxL8*S_M}D4wd4S@i=esUmEOREJ}CW`NyC$y;ylC{R(SKn);{;q@fiM`5ZewE1%U~{Z&bahXW+3K4S>fY+}pH>+@ z+-`)jpUt0JMCoj{0W%rzE9W|LI&);c|10NFl=j=0NW{Iz;=nh%I15#)WBBQ1$)EJ_ zvC!tdK780;MC@&(Inf!^?RY9g+oDluIB(J9cG5(Wi!U9ui*!Y0Tb?&Nd}qPJPA;2f&d_j}Y;%5qs`BXD!^K6JF{@beEB{bCh8kPl;?nKPdI z+NdB51uBiTSi76h1_(?bP{ z9XYG1Dnj3SeC?LideUU~Fa@jTzL}rVYj&RR;deG;A5t^=n=$*Ky^L5Cvm2vz`nqFt z_moQ0UyvVvTDm&D*c_d-4YfHHbfX_~)ev7bXZKcl7qhj@$*kt3TkQmCg|WSh!LmDH z8$5j0)$$FBVP+w8HQkVP-vnr%3B#Tpfaj_ENz38;)#?CfjzC5dfwupw+M%fwUkeR_ z&cBYmd)#r@{;-gl=*)JKpSM#mo#`%NXXG*m&aC(DB54TJxioYNKS;O=aBKNPbxvvO zQ=Y;{;Tqm7rY@km>yhDg4#nIsyK_hsUlB}w+o)CGyfGwZVeU$ zC)ROts789?V+JAFK_n4j?59^*Ld;m~s4+BlVtC^{cFsZrOb*|Dq9Hbt>*D{|%AHES zn+!>E9YT)L2IdVXJj)|+jiQWA)?bigC6lxvsI}N9^O5t{ZaH>k(3cc#FKP2s#squ` zkXscG;IqfLAx5BwN*YgDt6%Eke=RcC^2Wx4ngpX>N3h<>I$@t(#;J6%`Pb@fG7U>ihvLnZ>f>p+MaP`&n;-A6Tqv4gs1u4K_z%^#|gLn1QB@AgMpKA2nz=`vFy zN7u4rvdzT3%M(s=qGJ`0cwbNT$`*b|C)b_$s+!cfQm;Iv*9GD;$H#_!u|OyPrCl{P zyAb>J($*aCubQPF2cn<<;^D{*nLC~vl>Mu}bd}!Q-eb&CN@(eN@L{ui2UD>#TEFz> zMzmPGC_O_7nH6#c}X%>Vh0yCl_0-$tyz+dagcjnm5y8sLt zQbUuNV321b2z8+ad#h;0o7!R(i(5m*bp%VlHQLU3FaPKhnPM%hlK8~n#~lw;940Vo zSRJImy@@4&N8@8*qRJK^Z>eVXF4J^2@|gNd2}9w^>ici>C?mpJe!BWjI`OMft{1={BSSgb4XzEziQls}V?FdI z8=pc48}0x`F03+8XP((2B&&{G_98~BZC5&#NBFLlG-#G_vx0)&IHuk;E~l3A7y>EV z1;Ra=!LFIIz&Yqm>hubpknXPsNj^6hBN6ecC~3NH3w0-IY^-NVkBaZ+y&d?;^r4aM z4^_Q~`g@tC&E@1KU)?rgx^yhQ59^WD(M& z+_RAaHp$3}8}DPtZ@o5sVQIHsFyZ zyYuwUy`dy&9)QCA-V{yit6pz2e0TdOidy6+QBDf<1~QY2TFXuL$eMQ3z^|`I(Fs)m zt$6MiBZbC>`UEWwN4>33i^5k{#(-E$Q0wX@V1jb7;JbTH{Ni5M5@in^09} z?%g@>%o3J+SRB#wolm6J(_e%33rJcT=Bd)UfLB&*Y0W}6Sf`R-z!mp;K3tET33Bp{ z)I%6$;IcLOY-fFuIz^EWRvp{G#2YNomWF*xlSP*a<5*i8VeZQi-@S(YE6x7xrcEb` zu*hfVrom}Ioq2U(v(0DEY7GGL)5BsSD9Z1$`Yr#mpR-+60>yW;zWk3);eWxL{hvcW z@h`UjUxGOUmH8eH{9kkB|J26!b4Uw?S(9(p)zb`?^b5_}_R6ql`Bom)@S7rENYwrrs%cAzTEQry8~YA6 zHn`OGzS?uAdz+|$a&O;EJ{C_jH+)&Z&2~NZ_?8i3u?0$;xK4nmqA4inA9snOa65iAM zHUB!N5;r0L>38|iv-#Mlz>XQ)IqsbnwVQFWg6r%dN&j`q|C<_v>`AK{t~941{$bF6 zXWgxF*@$VET(!M+UtZuuyfpS+`1zrQ+uiL_QRGsHR*ZFZ#jZk=ZkO0ZOn^}a;s)Ce zyg!~AwHB)Bt?{`E5+jl0TSmX^rI=H`0Goi}Ez)EbQ;{E~+~hJWZ-@JWbmoXZz9N6w zq-YFTJY42#WZ8dtwH_)#{NG0frTYJTV|dJB(_Y_-O*c2+(GNqaw3+JE2AT%UW=MjH z$Q~DS$F{0M4Tj>c?7&#vAbz|XGwbEgdGqV}YB%eyBMWGnzk7VxUb#kSyxg~1JKCfn zr_pz^mbYX0E54K^Zm7q7Wc1KA{=**p8PKI7O zHX4@F9E8$=m+d5Pm^)dvH3n#u;U~*B6OtdI4N+|`TTtQD7f|#-5>~n&W>XN}6TdR$ zjKzBQqwc`kLWt*F%z|4>;Q4@GhRBYpfsd?7KYH$I0~Z%>LLF)pf%M$a2WcYOMxG4`tf4HqhFDUTrqHmmkvyX1~ z*tfvUmWRBgaHfI7EB@WSR*#xip{pkJ%9Rwd;zmtP^$M z-ram@gP1(+ndJFMXk$ygi75j~H0(Tz)9DtqgNo9=BGl};Gx0qj@Oz!OgZb^8>$0wH zVAnN9W8x3NYx>s8+}Et7jXpoT(A7K>f=|-LqdinpeWXfA&n_%ls#r_}X6;0WKCCCf zeMt(`qSFD;NN_Gk!W9;Ffa5`3+yVqz#C% zJ0b^NHc!t~GET)gCf$6O42wH9$RE5a ztck$eAA^2oXGHT#S3ke6j}(QJH_9c4;7veG{UR+7r!O}8Smry+0hlkJK#fG#A}rhG zNgxK4>w&IgW{D0FWZW1l>cf-tG+@b*eChMc_e*N8s7veq4!GaSmI_?n`P54Dd0BwzrmQrO4M~LaspGqux~8nb)pr$=evW zDZE~G2(*wtc&BgJukq)Mv|dW=qm)!e1ljfgi1O*h&sylYvUug1Z><7^a_XOwiB^iS{w{R_BCz7LB z*Y_tDFtFp8Zw~)^%bVP3{A%S>C1$W9I1ow`zNG2>ps3O1OW^vesb@}3Cp52h=&fa7 zu%w7ebbPd{>@ZwN*%EJUZbY(5=+NY`4`<4b71KsQF~o zm(Z5q;A6$Lk{e$)Zy#j&1qPBS{d6&0gZ~G%# z3%gdNX?Esn`Myt#F-&9CMfseZMbkwCo1VhmMy%AGOiD&LJq$$PvH|wjG;QegmzJhr zA19Wm6^AN3+HMzd8(`+k65HnU>`<-?h6WDFyxY54Dh4>uk#Uij)eguFtbKIHonEq? zt-eC>)eno4{ZAG_ZaLp+ABsl%lTMnw2V?Jy*SR5y_XBlUtdYjO=z-5-fxExFpGpVk z=Hyb~<|C2D*CnN#j7f*m&&Z6X8*f{(xtzCNm>t({vA4VcV?JhzqW-FDBjMLZgg9r_ z+|)2e;{YQ&pqY8|6b|HG)yq5Yn=e$=BVyea!_D&a{w1=)AF6(``%%zZ>K;SS7r!mh zoiBZE3xg3lkhXd~0iY_8~=<$0e~VnhsAv;rUC^Q8E(7vJ}I2I z7u#g$H;Tthl+p67`F8Z;CRz4J4NJhud?oW6DiMKz=zqCaOyTz#=RaOS)Iv1i7pC9l}(FSXx@zDZVk|G2lNM0evxEGgF;8(7zK zV3!MYmg)(+2i6r37YI;n#SQ{*gWEe#!&!_cWP$W3J&$Jzi3U3Oy(Y+N zDw|`H|A&p*9M7{X^fB~)<&Nv@6O49zd0B|9RAQLJ5EO}3fvYWk{9Km7E2(98wt363 zbcmZbO<;g-XjA5nu}XsG$nB*bmbQD|H+cp$1__`wb8R6L!Nlqo znRmfc;QkV1Wsdkz#l(PUWYj8TBjx$M*7g=xw3X{Me=m3FwK^}#Ddk>L+Fi)614*d) zqOGwjcrLd5ozKJM8FSkC?{#kK5%))vdoeU>89Qtw!}flXdMEhFJ&J(0Mi|Dmb8gQRkLhBBm2W%x5n3P-~G+i zS1rK∋-*MuD|2M{H{s?UUlgVxL=%iakfnq3-thn5t)O&qDwo)tflf=K5?C5pt|b z0JQm&uNA4F)f;jy5dNeic;BPxAv0|y`IYxSzR4NH=3|FJn=kUoqak+o*|7rMlF=;6rY}__*g`C+!wZkg&dMRG)9W+tkR? z?&OB#B44a-LObZ^*ZTLpaEZ*q(yNb34atV=g-T#V*o4`oZvL6`8V)5p_FC832579H z?~o5SSZp6w57)XQtZZl24a`sbpl)I$y_GU-Rt~dBB`hNU>ifSou5E=6Pd7 z0f`>$Cj~1tf@2m3lpcuALAj%mjZT^Nb=q0Yys0w%u-GJSW*1U_l~iY0)ldFJ$M74{ z%YUep&S9vwkS_-f#V@QZQD@l~K3az28k_d8$Jbxq;=SDM@eOD7atc*;-8H3^VurPq zYY#AP=M7_gsSw~Y-`Hd`#axa4G;o<+7FSlge;v8@lOepMBIkB^MTXD|mbVKtZq4K_ z1bMVBSGys7#5Moz4kicV(gX}pYhjt94C7t1!cw-BanBoEk#NP221UfAdC9-_7BhHo z8aT6T>9zYpLIuctIVyqPcx&@|!@Doj+P0vDcwO#^RJ9M@((1Mg;6A*+-i$f1b`@A9 zb~{0>6w7FrB85;s2gj`H;OP9A!L-o_vITp$9>?&ml#GYe9=8t6W z0hor+Q&H9`niCB2d_~Z8q55YSqY2`K1WC_LDShE|o5B|u*eV*UwUdQ2ux@-lxBE4n z*o@j~3Q3Oj0ABtod%7~W*DN-fm6-1~Bn(83qGWw(_!;@HcCKp0G>!9R5uTu!eLB z8ua(KROl`9M^mixf)oB{hj2XHLT8)zdtPwUyb3rpGo2SOHzq6TtX(3oTH|0p>mb!1 zKBOi2PCV2wj<;dwY|-+Sp-b&e2oZI^S-2Y`D8hm~>gjRdTwK5Vqbb`(-Ctk=+hm6; zF*Y%ITg0mt{xgO*e8}MOH)_6L&KvvE@jAq3aE5nD@Sy-I`ao=&z1tD2(K? zz<~=`Y~Urh8Vimn!uZN^SwAx)M22`9R2oKB5&GBkjTwz^1nd+M>MKT1C^T#4`Uj#8 z_gB^;pAcd}x$62cTdqpQ1K%bZN_`#5^pY|3n`rZlQr$O_1MCBB*&vyeVENwME8xG( z{KN%Sl_D!8shhf$B>6W&iR$cm>cKqX`ppL+* zQ#nbk%yx{6?P#i=KEbj7zp?k8VQp;LnlLs_H~=;#8*CFzHaUY6IhiC7(HI1XoO3WX zI1o(|Mj$XzAR#gc5CUTim>fkC0+X{aIpfhexBGPW^vs=}@0p(Y?!8?`vZs^k-0I#Rb$^#Q_uhF2 z#^*zyvWr^uP3j)|5}J3IndlO*XU;667i>9qW?Xex?ac5M_}TdH&i%dMhIH-OL2d~= zb(7UAcrN6o62P&9m>Bc;&=PZW8a5ymx5KTsUwJy})Ib#sTADnGd#b-5FFd%9*Z>}9 zDny$+PJvTteEG9%(~M$oSu6WyEnuR-m~y=DNZB4$1?!X~h_%T|8DU{~RpTQ5UPWL) zrrXH61AATcU>!u{`$BgAgReKobEVUs;3X|L9(^$#bEBOqz{;2~zV0k{s&BIVnyhZ& z_!;OkKQyy~=C2P8Rw&RP9jzs2AD~6!a&3HgauIO}o}x)95F5?}gCPSE1+pun;FM%> zOpd`gwyjRMQkaM=DvC-JQBt{$H;Pp+dw6=6aevd1fDF**#yR@R5`6V22;NYeq!lNd z9Nz3W3v@j2W&-H8CP&64XeS$i)=bJ!jQX+ku(>xpnL}5J$66*5k-G_bHmI#;&6po; zb>#{3%L~qx{T(R;Jd(w7lu7to%`AYjq$@1};n&gIxUwh6?E1mMb-5p@8Ph4?lbW%z zZxqa1;qa`p(!zwF2v;(gmGx(5%z9vV*+>RfT4|ME)Q)hb?uX^uB_|b>CR%<@Ilpeey6fL13|sdaF682 zt5=2Y$%h_7z$3?o=lFu;6AKv8H)kfg9V(H7>p``#PSG&u(i-M+uqEhGqcaqQQvsVg zY84n3b|cmcaW-=vP|EZiwt;R6T0P?@e($W$F`B>FDnk3)=jcmEsn_b?Se0q~SQ;~) zm*zd}ekRwnYbuhZul9y1x)YCMj?SC$|ETMegIb+?_JLMy5 z<4LF3>M7z?SL+IPbKGWf-__PJMT znb7YuRwvQ%)03W845|j#3FG}3-Jc}V@uy*U@xI{WQh0-$lMQyAqFhs8#5c%&4K2Xr zI763qc?fE~n$wWZ+KQd>PF8Pdsw)Y&o0Vw3LeVY91(edH_51T!CL{Y7L(ShY)Lels zxTv*eR7kw&ID8F9YIZ9Xf}E0rZJ-e>5s5ZZ)@s4Q=Cm4F1YszV?)7Tb3#^_^Vn#@t zSi%$Gg;tKXzB+4H!FSmR)8v3O}6kr)mtNF}|Mp#?)W_y(RLXB@i zx2=nqiZ$>U6IUEeospq+cNdntFZF3gU3}HJWW3a*@AFdsQK0KEv=HT*R1DuqQ}MxRq7Lq28*~Mr0iFR45UC z-+a6<&2R)T;vC8L(xh@=ZvI5P8(Q9;!Ep;ObWR71KMenBVIbAJB@(Rx8$Xi$xSt$nl1Jt{xEzAqf;f&K zeVbiIwz1#W47|+&i@FA4XUmdZDtiN|Zil(K)*jU6_90bAOu;+YlD6l5Z^~lBZB3}+B?jEC*;jdpWyXQKbm5}) z@RZt^)yCN!Z50~gorAzpTJBVYVe8*sJ}F1l<7artXjPF)308U;urBo_pSt!yA0nL` z;>Nksa6Lq7zBwsKS=&|QPH*7mjNZeQxLBd;le-CAY_zSG!s?_bhM(4(9afPTZ?T$U zJjpw!m1^Wb$@g0m37hdZk?W0@=VDSNvJSsB&xer2jV1f^a9JiFJvec%;2QhZNphmy zjg_#$OQnVwk^C~PU1@eSLL~nisb!+m4Cv4@JFbmc#5rBFk#9%$VAfWv;zP=ONTlK& zr}k=h5t2VnWtJrVUn2jyFGDuX(LYY&D|nqBxA;uG*;4LGdw%rV4d0#e<0Jtil0ST> zw}6}9f8d0HbQ9k3p!JCqzco|;_A-B{AurL!s+x4Ox1LS2^2TUiz#28hwej6)-lGne zZn0)X#Pz>A4#%2ZMWwDPbo}pwVv$fvUozJOs6UjPxb|*qX6fE9vfCjUD++}wDANE? z6BPn`cgQ8+6h~w^SM})cM(f`f+>hwAU%ogHSA5!--l|JpDov|^g9MTG(9SFNkEnmv zAnl?j9pq$kf4y6p_0i|wi^=3!52*=!GSgeX$l5}DwaL$J3QPR7%-qQ6($GhP!KWas#RgMLaQp6lf=tG*Ev3`HKp> zg6~CJ--}8!?4JquhSw^}rdRHM1cL5>vgBUCmNg3DCb*lK#g0Orz<@^Nl<2v;GV^YG4UDxxw1#0HC(!WVVTEtEVx>= zbEu|FJHo!UbXl+Pg`Vr4R6|x@byN$(y5}{!}_zH#fMV{|@45kBT?fJPy8 z;Nznm#}%lniC1a6g`T06jxU2XuCxeV*NxVHZzDy(EMj$!=8>&d|?6m+5*5ypUo;R=cjd?0I2T z<-(MV{SY>0HaWc9C^+M++9<@awTHOc;63YVxks|c+#IF9f%F-~6l0tLl)uQ@?`E~R z-_ffVv(uGs4jbT#@gihh7u6XgCY80tSlrJuLXL=DQ)vu7405N%z=ld3;{qGM?<-Av zBKv!6!Y9l&Y?TDkXcAOC$=24IBOab*@iX=C_0%*pbxBQ5CrbgGoDv;$h4{>m-v7+T z4OBWDb9d#1w5Zjz_HZT`;`y#Ob9c^q)Hd4DSy_gQaCn%I>^Mfp zSxZ8_z2@>MeH#Ij33E1GTi$VyrML|Me~$9f*QU{8Si>`f0m5QrViyS$-p*inz4RHh zFv{VSuR1vx4&nS>8-X#l5Hq!cWop&r#4y`%xbx%09z@?7&$Snxwa}nPxMg&UzJIGh z*4kp~MMn%ERwYcb8w`SkTT7qUJxD1B+M0bx!HYxI(av0SN^C!3#lRn*e@iqN$M1Z* zPs{!|8sN`i$^}pT&FVKk?%r^?G zZ9&H*x=AlNhU_6EmkePAJt2|PJxLv0Nz3otUuaTAdNscjULb3#E(r=!iF6(whP?s% z`g@pR`}&w3ly{H%2Kx>RUV|346x46dT3|iueYWkQ@00Nb_H5q6d>!Io`#^krHCxl~`5+9%>zPI`$Q+8GN`PA9x6La$fU$-aPc?ZPZ`r;o!QEUa-GXa2x9?w->_!3O`jU)IK-TKnlsgKQg(1eC|$9ul*CTWMrHTb4lL1& zwz>$alxG(cBGu%iUwMw34J=Uf`%sis_UA`2w~kO)TbvNKii%H0VrB_Kq0Ft*jYP#W z_C_KzV!dGB+J~S+g0W3*wEQr8kXv)*JJjQH=qvIIzM)*c9`c7i=JefT*%|9DX+1M2 zLW+R?;9aDx{Fo7uHxb$bB0uU4V@!ZS2_J$*&^NI!;Jh(G3U`Y*@B-J`pc*5FnkCf5C4sOBc64stObgXH9a$A11T5F4+bXg+jc-JwCaXCu znap~FTrK8Oq>3%p)}Y(fW@eRAY;nwOoNSJrY~>N_^JW@R+xd#MWy-c~!#?`0DQT3e zg2-EE=t5sDqy>n#U0RJdnXYsUPfsK6^V%^>&SsX{Ej{fwyj!hXYeY~^ute({7 zEkTwVU##<3G2}Hx3P-wMdo|Sh(W|it$=M)-lb~p=9q4Y&s$%K+~P{u zm9;37`!FKlkQT0&EPiJ&y~_Mq))%OKJ444MF{cczv$^_EU$wyJl~i$-!#1Hz(To-& zd(Q1X(Pl~@`bf{&leolU%nju`;?`Hhp=orb3DgM`KRF@Bm+S?Qw)pb(6@eT((;Zpu zq3Y%6CCGZ2v!3yD)XGJs^zaz)4pe{+LO@9*YrYth)>o>d;7U;IqyRyv!|z>ISqW6F zvm1_;%)Gghd3Dsk@viU7WDxAqes0s;j>-5H!G7NL3ZO%d`YzH!D=qKin-$0W;yM=4 zty!rmZpe%3ZU$mB0f!kssM)fJtL$~1#viR$tpKz_)}QQj&{sLH=NOgf3I-(Cq)o&J zS@1s0l_|y>?B9Hhrs3eSO}c+YgM*WNWrDzonHdotdp9Lk$yoJgBM>Ff_1Lf&a|5CuAs!VNv%6TR z#WcgbcZm2o3v680T=m1>8?l3NQqLmy7x+*>$zcBuH6#NUvJF`PX}9JWXa!o6<$BH6 zY>tW+e7HJWJ32V0#)x2{?Mu)sqMkX}t@(nvV;8d)Bpu6tMT{{^Tp^uB3W3<^YiN0_d^ z#tmf51k?p?_H-D}jM>=%jj)pZcGoS!CZe2sL(>{+YUcbh*?vyvoIUCy!uyX9@!SUk0ZK7l- zU9PU1qvXpS`I`MU2UOK4Z~&m~byX0hPRRVpRN&JG7EDwvEC(5wj0%}i;(Yrkbf~a4 zSVlW3fY|=cXgApk$LTLus%MYX1}L%14XU^@DqdmR@2L7dF7eI8XTWDkfO^!p?v3Ao zICZle!PxVBA5URxGeW%F)ydTEIng1wjANjty;i$0(OgK>$o!^-Ij@5tiyMtskMCn~ zXF@;-0<8bIPJR#;%+X)xMoi!2jQ9T@&D?aw(f}ivcx}b@^lBte*O&%YrGi_`N+eN@ zK}l^WLzL$s;3&1fHF-D1zN)NB=asvUclC0IAeOQEX%$ZuBBEw~==l=b2NmL#SRJMWSEySlxTZwsAmz@qrmHHjxh^;+%4z&! zjN|9i4SJ>sJqPicuNmzv76sXEy7(3j*kDy4Q-_Y6wb+v$=k5X11_1%*nn_Vt5}aM# zDF{YC|KuUvTQMrbbk)$_7>tc?e zpu-(q)5zK6c%=mx@C_T$RML;&<4UbGsG^D(8#Llk#rO)0B-o@p_M(N@K$L9qqbu6Q z*!c%qA4W@@dwVS{5nb!B-k5HKXb2P5lVpb%-!1Bxswq#-u~zC#&UGsxr#JE4rD4p* zMCr0E$-xP=ekh0U zVB5|CnBjg$-$^Wkz~cPM|H+63j350e}fW+61UbFGpW=g$BddhohGm1YNWz=aJQC z?g@ya3oWV>u^BZX6?`Ex9e|h^dO<+^*ZS+`;He=^+b9b_P z_P5zyZE&pVtlhyIy@PN*RMuG@*kncMi?rP;#yw7kq5{Uj=T7Mat?DoHrh+q zBm$x%d-)?fDHg(?-Z{`n+^+4^0bYdYwwlniQcNb*LA?6T(Zw zNO&q`9j+Xz<=X_zMj7YHirXZ3y-aU!XM8eStTn=P3sVJmcBL$NkwkE$?9)z2#-`wH zqOlrLx0e7>X_U#lkc(Wu$gHDQSgzUE>&A|VDdouMhTBc+@K-z%I{7#2!C(FUM|O0* z=Tfa$N30{ypt;{PJX&HrZ{Nx;Wu^BjBEi3U&IH%+OFgn-Mn=4nyMBK#0 zLZizoyb}MxHhJI%>prndz~Oelyxynm#Ld3KapQheNcA|6YVJ>Wtwbjdh$zoJ|6?$_ zW|hDtSM|9=*&4f0EsVFcBMI$Bm!4PPrf$V>-%u;UllGmhzQsMnKulPpDRS;}H zlqcJ!5l|R6k%9qU`4PkAZbDWYyW*|+3#3rxEe)~rL1%3XuTP%^JUhWZ9C=?Vn@IP< ziTMrlFmPHp` zxVA*d6Y_N5hXr@+y-iBjjPxctSwVeHKp7X1x?ISHBA2WX(Y^R`L@eC4DD`SETtx$9Yv=nf#Fk%{3&Y6Cm3MqRe=r5FIxa%-tsU-@kV z7LX1unQs3^`LKdwc|=b-&&l%ab-AG?vwfI6N#aP;O)x73UHt^S*rK z={Hjz0rk&40`mZ+z;-+%@{BjK_9`hgULMoBt9yu#@!QpL1OjHP4`CoUFISnrvN5L3Qo zhy=id16s;HE)7M{X;mgiHi$J8N;Evq*JE1--dxIC{(ycx_*km9Ihyl);czk53x+|{ zJr^Ze70}UVB6T7c`RMwJEe^)G?|FIeo1z7g<*84IX>?;FRbTMg&c|E@v)K^)G-(<7 zFq!g#Y`q7p9%=FWX-jZ5=5^oK4##?oO&U}>hpk;Wb8bc(ko%;0y+NG=BRjx2g%fyV zp=vFSavSCGQmZ^yeI%Ob=q(2gk~kwbvFk6a8H-Eg*?apWls2)$Mx?# zu7ByA|338}ACHTq(OqH4&4q1szF4YH&33Z(<}@QAPH~2}B4??-radg+y(^sJst8tX zy}Wpy#r4eM!214|cc#A~wlI8myFX0wSZqXo>ot&~UJbe2%9};1`>F7d@`B7%*ybxz z{Rvexc^D=7N6?EqSG*g^XUTp%MIGE_xJ;7u<>1S|optU%*h#EMABUjgNkp@sRv)qDbbh{+nd-{*Cw>0~I7h^%LJkuOAc* zul}w4f9LmNoGWD?CGDhTzGIyF*j`nFz)7&X5o#5tUd>lKZZe`FGmn_IOOm`*VwgRV z#FWETLi>79v_OAS9A+@6AN9JBTP}=A!Yn}!X8nC~E88YiLgpmNZyAc|AQ;U|aIgRkJl>(RuXxq&4`UkUZxm5bfVC%8+w z1=?l?&J&qXt{h)A8zUBF7m2yjvfcZ+JVO|$oKzP~yMS1wYhO9|pxwIK1#fV8f3yS=a$Po3N$7ER5$#+j*i6l2iG>ubKHF!TN&k(l>K# zW1sC<*K${GzZ3crMK?u${PXsGb|D}iNb9z(IU_+_+MrG>EdjFy6x+XA8$a$BCs|uG zLH&|YQMgEossU=pyYnvCu=BrvQar9ilK`HFy{KZ<#rmM@kwFgk#y&2fM3xeKSwfkTp?mI76Q%rr}#-Wi6&dqOqd?7nj{dq!ntkWeg-#OX1hRVoCJ zupXh+G_;7g=XDjSg&^zQfNrBAWmW}`Sksx1g;hNP)pPAJ70d0Jx`_4 zNOAc{6N^RE`ud^Q3cp5| zUxpGR9@2gGo~=(a##FjnJPnQfIayT2;%^a9jeSrw;A`R>E;gIAWjIaH(-SPWFCHlK znOLKFTtCpwR`p$<%R>HY+K1azN-R_^5W+@n-DKxjiq6ipg%J`qken#XFS3w1zR3Lo z0Dry9n`7)QXqN{J#TzUxsgC*bDW_<^Og|X|X#;&U$lm6MxkVgzq)*0Wip!&}L3eeO znOuNTn9ys3eBLsA0p>aWBYYoT-nr(|n2U*Lwl%4`HQ=p}|HZr~^oUFG~}>aa_kTIU#{Xsa6UyYjINySjZ-05Hb2WQy8Du2(}ym;(PbQ zsEosPy1e$$Nyl82;Sy7!&)7l3LGqqf8z9(r9)+8JT;q-kiBsz`HV@24$}3lS&YI@; zVZdrA0j=i6(`%+~ueS^N-y=Q;JOM>h=yXcBmVJbQKCKIs%NXS%o{k!wF-3l+G z^CHTsVv6X8DTT0WD@q|9m8`(=_GSnOu@Lq+ga8o3p^o*+i5bH-^Wh|L?Pv32{Qa+3 zBLln#e4t`6PDcFLhd;VNVe7I`EOYh`w0m%&MrEORRHWFR*Qa5`^<~w2QP4Q=${p%i z+i=^N1c-&#y^CM}m?18_@VBrSbY5P4)g(_eBzsl8@{8=~ooMh#c|%3*jj6A97Y;Y3 z$B&b96jiAf1MCW?b^xhfI)(dFwg5&i+%eIKmT#vAu6!D{?tXDm61aBg%cst zY6}4Ae*DzC1AVw_%Sqg1Oop6BhM9N+JoTrKd zc00{OH}Br+CWY4hqX(;Tdby7C*NNTFRwbQI^%v#gt_w62{?BI>zjp`=l3X9er;`AA zhoo~;I(bJW9l#O`)YJ`(WzRl)nJ&)T6sGii@Hlr$_%2=@)Vw&-J&V{gTUN*sauZoU zUF^j6D)6GLdQ(;&5-&NEU~l(p>%9#|Dmb@UzH))&`VMisK}J&V6i6G=bVck>7_5zO zo>%sOA%WB17T~Zr(_n7UyGGJpwL3aBp3@sI3^HsBjTrt%ijn`M>bWj6@JVny@eO6= z3ulc5k+ntV_W+Y({JKzTeuLK(|o#l9r5KG*aZXo_WA%ChncU{m_MO82<*mwP8LF7G4*!RM{qKd_m zUt~OIv2}*$EkFO>kglny`@R*{A6&r!R(Z}}d^MJ>1G{~^S5bxR#EZ{kW-Y6$RX^|C za4y&2?~JM~+SBK2g2=rjp)>kC@%wh2I`AW*yW#xqxrKGJ<6-iNw?yZk^aWIs4vUke ztaFl{uCK6<{4qufyRY`|W72{yu8?<+*X|cxuDvmV{~`38)dkm!eIftdWnt=Ez^iSa z;^5VD#HYRz2iJx!r&W1w7*lyL*P_2ze3m01GXuVKDiC4AbvguR(46Bn_1jT1@vb1* z>||fUhbj7;&h7ymRGiB}lxMWgZ>+K_t)tcNE9v!UB{tC~BKQyV*#E~S|Dn-{$ZyIX zW8o~*A?Uz3EYl+fzd3_r0C0PRL=^msOvRixOsG#drQ!9;Mp~Vb-?{~jSYnQtW9GVf z361$P>!}SEBd7PB93(7CRoM)B%5PlJ)*Ml-YVh!ZC*YS1#&a*9%fbnYi4OAg{VYej zm=wMfotxiwEx^E{I1)g;pjF44 zL#I<2N0HQz>Cerv005v{p|vMzY&$uzMRnJLlZ%cETy9kPF;H&8Lm;gtj**epgeIcZ z1MGBE-H6U~m7Ed{DGOPMdEQv;1bm&0P!r>LQLI$RZVY^5uMCE$!=oM=Vx0Q&lGSE~ z9*-=%y9A!5$i3z}4{6L~T{ZQQFo{Yv=6+gPa(Qcrft!|3fV*wXwyoCAlfPb*697mU z&Vv=zOXsw1!rq#fMo;s}pH2?O{%kbGwoS&|yDsO!8;s;XB*o=)gys|{KT09(dGv1u z|8=A*d4CrP7SRmi&ykjNuHF`$2LUHGnKZzpy7}1|xnnE6j?!%tgx`+YMtXJ&j(Yki zKU{o9fp?{-5Uh{;Z06AZ&-dqTyntXbuRRL+0*=aVXCNw;PPx%FM?XXqcXRpJ;jL}4lQ8uGmH6=_E z&F7_XtzcXK2?^TM3$PIW^U-z~T*0w0)}%`N$2Xd;tq<0VW6Tq~GIGy7dNT5%J5f4q zwc2(>;~KRJFSE(f(^GNdUPVelf_l*w@BcTe>whT?)$H1?)%HV|L3Lt?{f(M z^K|(`^0_&R#*(ua!GOciA5*gYa+ga+|ET-B#HIV_0WZ|3h2=0BHmNUZckV1@Aw;Wo zbg>Bf2zdQH$0Y@#yV~B%kv={ zt9zGKXB7Kj8k2+jR^PP)aX&cv<{Zrrc)wnW5gPa4-E zm^|7IPEGB)MPAwyOzhh}#c>#I$zR?5ZZs)t6*y+lrHvJ=O~9jE1|3{&eG(xZviV{z z6)86pp54}aemM8#g(em*Fd$X_rN^(6!)hXSk$2%Z78SeI@`kj|9Dg;C6QW?J2F-Dt zyv}1dWNKJAG&G3@0={>YQ*uUsgqkOIF^tWFiETrG!v29v$Q}0&BFYBc2h|ns)2rht z@0M^TxU-0OK(bREu-{MJ{#iAL36p1SM@yR-}f zuGSXln;x1}I3quaMsYt-pDe=j&x7ac_>!1*%DK`L4cD&9>>OLEWl>~($yU3fo!@h( z>23y)E_zoMK_MA10ks)ab{b;FvpVZO-?}g=dDC*tqQa%B_C9=Z&p=Rln6%>YR?n9O zgaMa;gvT5UfU94%Z(B=z>FwFOCd+Hv-N}?+v33#~U((h1(JP|`t9Ylc2>%+J#E16Q z&UCI1e4^Z%GdOAHQvAW(z0^EG3+@Ij*WtIp^ZQ)jkkoY~50zLJkev*0YnDwFr%gZw zj)<87t4@8n?MHyZC6y%;J_<5rEP5usxZLMFgrWP|t=#~fx6z&Moycmx&M%PX?QM0J z=kJ|m^M5#mIyRoz(_HDRw(L&bSN%jKvZ8n!(^T8ZX3Xy*m-2qfl-?P#^`(|Y)(^V3 zon~?j(`bmS04%{7;|o;c@RC;_hO=LJB>3gZjTh!D4l8k;WW_5lOY&k=^eTT;+Ydz; z3OpKe3(>L;H_SKk0wtjwIF;mz7Dm;-!6IHR6iC9wO{iwl-mT^nq`Hc>+Nm=iklhn+ zuk9Z$F10;A4Vq8KlSElf0R5(e_4QD9Qj&g#Xtj-=trSkk)HeAFoQFA28abD#qWR)h zA@lbMkD&r)h#ZI(z+6f*!L$2;PSTb8tETS6O|9{OW8{YTgimX7@N+>Zs?D^%abd)HtJUFAvYqHEL?PLI~pmO?Scy>md`G&*;Sh(z!9RdTAvdpK_@Q0ev{4zdc z8ZsBxhMi6bQ9@(fJ9^W5?C{obz9|C71xr9*l0Yts668gAoByM@- z#Yq~32ePiUzNzig0W%M^!qe_0y(5mRi4?NUcn#@FDTA#Tp4!vQpQjEghjBY(8nCwA z&CAh}c{QXG6sol!YROP98SgO_bapbCOgx4i1^zHixg30U!m>ZLL#4DSPv0jfRZM>i zeu0Z8|Hx1~0v>ej8EP=Ie^o3DSD2WHi`{ z5(*L$T7g+4h>7zTWwQE;_ttwb^A#bR*r__>Vu!XHc1Se;WO<)3F429?mT&xU;0JW? zyI;UTn;)S=nrXxrJXxwXe{-8|Mc*JECa-2^B2o|MqPap)K?K{8tTx(40Kf=qyn~ED z`?@D>vjgxTyY%a79?oI3Armyaf@L}=(BDvF9)Z>t5)4-cDX+elfQSsv#m!(uS)UkFMr&;2$VU2T(9&EAWIwaq4FfUIFG*n`jr8J`o&@25*+bD-Ic zZLH|f#t|Plv)}0OZPm({>r?+F`M<_ly1B_ecJ@bK{I3${=09|D>`e&tnp|Q!sqXxu zKkjp8^)MxwQuHJ`=hmW6L+qUVy!CM5BbJ>bOT>W+~x8rvTta}&L z795h@U;VFC`sdXD-**!JbM*LIsaqGONXzGk3do?wpRO8t~zFyC^kF_E?h(#{URHZP9tKIcVXXM&ZvKpN%n?P zj!d8!j~<2o$@KX*Gm0Zf}s{a%)q- zM@ghGT$Rb7@xzlp*uK0;X3rE7+n0d=h9gt{=Yq(ClLs$Jc1{6|O0O?F7Xz;L8Ahk^ z04^Zc6;O+RJ1#lMNA? z3)ykn64~58oJ?KuJ*BPeT|%BTo9sHFv+8$P{~G-K{Q-ou2lXF6w!Y0L1iH{IqR4NA zn1X)rtjmTz{G`$Gj`2)c_k$E5^KIO>^`480PXw%GX2kqC%By{8CU&VYyZn}GTi;8Q{Ro&&KCF~9Tt+3Mn~ z%vN}-S>P+T_Q|=X6r&IKNj!gMot3BRBwD|m4F%_*vp*(48PWvU`P&3YM@Z1gIPhe= z9dcWkZ>1JO$XUe1Cti1$$To*ho#;a{Y~{_?n>=FF{3lPIjMq*n0bc$2vdHXH7KFwdQ8yr|+Da(7xA)=0ml7$D)#=y!awp}8x27CCOWV|ZqT3aB>in+%}x zFbmF(x&DhxEpw3S`LiGmiO@ew{ZOnjA4~k+%1C+AT6IESyy!jQ?@yo;2NUixf)86b zaV7)B3ZD(k^hN>;R{~p>JL}=SA~cBCSG$rx(e3SG*8JzA_Z>)H@>iso>IER&a^2uk zh$MJ}qX{#(v$UZf5LD%Xg;`a6ACV9S#HT*+iNN}5Syu5>uLH8zCFrzvKQ8s>@=q>2 zxl%~~(*!)HN5jc+pWpU6tBd6n28o)%_wItS)A6yDvyL-eH)A}p^Y$Z~pqxbe)bly| ztxVx9pP;WI+6^%tryDMEFSaJIgrY4#Wxm6MT`@atuLOvf0fo))9msRF`f+Iiy&>}D zh-=`Js6b0~1Ko1|m8wqVe1cKrP=J;?7NCwpXUHp~+zK_a`ZMG``JMqHZ!qy!p4=YD z06!@qzs5u}HH+Ey%P-urjjvp`XxH}OQph*Mt#G#c0*5*TWjlxGvka`%ON=(PLNdJo zE8bi;@(VepIabyl6i-x43r6yCrEjYH%&g#1hdD>ecc`^`8fcIj6v6%Gey>j=c5BUY(bIZ4F68yHw;(Rdx0%-0s>2p@3 zTjm#;!)IxvC&aUEZ?VQ+V(>auiI?SsID&*iS0Wsek!YV-S24#Rp*!$?CI0JxM7-Ut zR=@A*+fR&DY|7$9?kA&;0-LrK)||-*Oo%VlJr6M+v^1R78sd4(g8eRayPxtzwu(^N z2*DYctp((Uhwl2cXRgDsl&SP&8w$G6e>iMT9ho0q3`4Lm5CTbQ-nTdS~op zz4OWqf<4J$Z3y?)1^cp;dE%3m#XAFL(a7lMh5e30OgLd*gYg!+GA*yfx5a6QY)Wc9 zLmDX9HvHwC@4pWcGP3^^9??JP@=yHxe*x0)PgLg*(Ny=ePD8iJSJ0im$Sxg@S^ba? z`SM5Q-z9`^G$iJ^eBC;$swZxxVx*{c8b!C9do4P1?9_FTCz+jejS}5C3>sqB{_fP@ z3(mnM6{l_|?`$iu_r%r5eSLuF_C6hOFHqzoE!|6HRBoPyuUPD5Vs4}~Z4_adr{b3! zLbkYMLUzqp6+IXGqf|w9rkDNxM)vtkj9@3=Yn6-X%2BQJv0!`o`ce0o-=ri79n!_5 z8isVyPahU!hRoMEQUV7a08X!d?6%Xfr~`6!n{vt^difK&#mI}?-sXEv6(Y1;8uQm5 zTitm490iTM9hguRE`oiRyex4F9JH5r)<6w8$?OKhc(bR|{f7E1yl^nV77A-2F-qd! zT+-iU{i8uu8h@rs;OQX*ENd1Gv8^E`EJ+Q?P2wncf8Y7jrun%xAjJ>T_3Y+r7)68^< zy7byxoq*#uwes_nx?cubG6SpUqg;9c0clS;HBlq^)A)#)P)C{W}>Jug@OY4CEh?f`MV!mv~jF z47Ek2Oka9|C(srZ;*0b?rTWCK^1-KXI4ZQd$f>I+_44O@jZLUK<*F3koiY1h5B!RHJR3#Xx%ESGeWM62P|62sOqxf}=XJRxs6BD4qEipmJ-M zRO@`QeZNq&zlR<%&3gr9Fk>k~{F*fVRSV%YLLI3Md4fa zc>q@D$;;cs8%nPcZ!k|Gb}m}rx$9?wbB<$1q4mmLlTRUi4fgsz{wE|qSFc-!t|Hyl!h7s-(zVZrm3M8jyr zS2Aw@oz>#t?p9Xc9V0HZ3RJZtFlom!#AaOp+{kB&!cZW@R4+j?EVtsP- z1FLF^uf5DMD%dwyg-hDMyHk0hVMC*?m7vC7dVQt3k1Kqv=JBjN?J^It8p$z_%pZ4e zE|7AXrkFRp*k{fsVW&2+p`Vp=*?cvf|if zq13voz-4jX@F-ZqsLvG9FDj~3jD{nKpspCVx8Z)Wa)Qs!SC z?EhbRu>BzpQ*5s4xL;%s5_Op|JDB=V{i8s~fQ9Hp^)|6@yD9}~qST{FUA}J|Y8|q) z?VPMTQ*D-tSoMn*?a@jRicw4GTdnpQ{B{}V;u}3TJ070~*3xWuj)We37Co%BevE1M z5_MQyQT}cR)}2lghIpjacino!W70fs zU*EoGb7*(!DP*?}f*cfHU~VOh!qwC6fgDp&YBnD9MfW#?lifSMLQJfShz$uYY zSm?S3^fb9KP{(lUm<>yXHwJ-ZsY(H!Scz3T9~JFTGRT?+E$uVM|zvz8nS>>*gdh+;@0-NcnGHQnd0HrVCo;V858xl#%kF2%O&erN-KmW zA%K?_QW)_ucL6N@#io|e_X1arJS_+HNX!bJ&Nv5eTZf^U8N-h=`M&owAN}dsyYiN3 z^i7V$TjL*+M}*BuLX?rqK3Pw{KN!-*iUiZGH}7ILPrFrpV-ZZ&GL8SmG=6R_3}X#6LHF(Lt$TuE80}}ahxeY> zm^wJJ8kH%<*w1wipj<}{oi$0}qWbrx@@9}e^EIY}g_1Y&H1d0-$8ZL7W?sAYqS2|6B+fB4!i|@GdfMw_R&&xPW;;4=b@O zJzkwRo$0EsQ+W3gEXIe83yFF{fDh{}RTsJ!7})3v-XbB!H(komkVO9?tM}|+H=4@N z&-jwY`g45*sx=wmXocqk00`ag;|JDU0trh=$9l`bb~42UTSLVrI8&KM)7*AWf4(PG zgdC%u-27U&V(L66{M^uo$2Jhk@LFlbv^1iV&mv>VXE{dI93gd+gqRR~9&SncW;CMO zyv`MG(-CaWx2cYFc^{b|W%0RkQx9mZNcHB*x!c`M$$_)pr1u81Vc>sb@4cg%>e{tm zY$#%vj;JU#G=TupR8%^I8X%!4ozQDS5qMNUrAkOZLN5UldI^DqqVfPzLJI*Q1Vowy z2ucwF(Zk#J`S!cd*<+7WzCHFBZ~n;2$Vz7BOxDV}=RL3ccVREKvkZ$)%=7MsPZ2yq z2=l2Yi8@MzCt=?l41z#N4h7dx@_XQmtvyU)nz1`JNSYEo^uP;Vq=fQ7fD6TkUaD@8~PvNm}zcYW%_{YsNqs%bwxe_~(QuhL>=< zsw*W7`+9lB4hJ4KH#pE1TsY1g_Wuk)=j;Vm1D%R*o1MRF6jo#`X&LqieD>NM>Y@Y! z+pwOU-(_^XHAl~aM{gh_Uy69$BFoUjXd3wDM(>UX8mt=Hio62?JAN!^IDfzOwuiGW z^iE{R=oYagTjdWtFV(AoeL#Xz4j8c&R-A_=j81_P>(^q^WHcNH zUtYL9Ump>@->p%o6uIXKTRqdYQL|I&dX{^6pARN(jIa;v8Q7~!Z)1IFt8}$jAgv|} z`vE3XEnzTlru6eYQ98290EJo{#C)AnE|o8Pce`-Gs;`6_#Jpoz^`b`hNH=k@sb)>e zLZG%yW)e(C3c4)O;u|%(XqfqzV^%dX^h>&lWl9;!OMF=dXoIRGt-hrmIW>9T2^*C^ z+$>J{Mlr}GNe^r>CDZ}5{4XAgaw|D_vZ42vDs+}85jo-@Ae-lj1K_R{DP z+kghAT+|6eqHRR^KCm0y`}g7e#TkZRuf(Wq%uYCL$DmPp*@%K8+wz32>{w^ZXp~0K zQJjb6SAIPZ{`GriWqXhhTZ@t3nJVFt@ z0<@St7wa=cL9MO^+4L#>Y&|SCYuZkt+4vYhnK%o8ns)uiQ33PEbBUSUo{1tB?(9;f z#F&%e8>EAh#HS1EPk*xkgpN$uVfLq|x}M~&iMu3p{%j!YUV}ngT3MLvujvXFm3q{bZ3VaO=CtE=^D6_I6?^_8x17;AiwhPB?=Cw35NnQQ% zO2+x2hJ?ghJ^|Zpi#hJDKOa2IrT17VMd_p(Bn25lwO8Y(gDi3kZzR-J_V1SO3Iod@ z!~(fcx6*nI`xTd&p1)8!6NZbudqmln6yua2 zV_m(;yM2Ro&$A)kQsLy@b6=-5S{RSY$4gy#d+j+Hp2ns*Q*LukEO`q*P7HhW--80S zf34L1@sn|NOucw>|B@KwSCl!-B_md2C`P$Ei*NOI z5PxEu`RJk|c-Xh|&>1j98`!0Ik*~l1p|j$}D=nKB<_Vr_`>CFtO4jhO!Z(?j9qIlr z7Zw)+7&E4A4D)CdvY!|^2^LAd{m+k`|2KR8=PspR_4(+w+$dcIMKgjN ztcBP|8kaL?EOI_h@hUmwX%$-RDL&+f<_;El(yY(&0lyGgBU*Rl^+P*RNPRd3D12c{ zU~6PKjmG~>V?5wDTl@ue0HwXcF2Trwm{M(MuwSGURVhhvpfr8i(Ud0`vmZhSLG}k1 z=N4bKYZuLfGxv6z*dV@7i8nq?{ zkrm8*UZWx(m_V>VDitZOwyrcSraCfDk>PxyZEr$wQOv6}dS67LreWV1$dL@x96X5N4I-e&A)Kfn1>2_$re9|~Ss+$Bp%1#r=$ z#v5@}02(F>SHOYFwd%(V@>_r)G^@zNq+|bLYGyi)pD%7JCN>%)-JakNfj+pSU1xGTbyld z+Fof#Xzdw{R$Z9>78?K$qfX<2lrm%0NoXB)-w;+$J}I{#E%&-&|7`1*$pM(B?U!LM z#If%+_Tt|em%_3@h5h!bkh( z-_u1z2@4te9a^bsAO(OOhg&o9=3<&u?jU?^%T*gb_v=Z7vy_J`u55L+6*9q<0H5;h0dzhfS%n?h?++hNS7?)G zDrF*lpjtVAnF@Mcxgt?gQUupvDkfTH8`tjfNqRP9675>Xt6lqI!@k33+!ly!574e2 z_9oE`QmnL+d}6KQw>?9&>%8>Rx~iZ!;A^xc3Z$riVe??P9dPoIA5b%7Vq1mj^&;$h z(CFF&9$3^n*B2FwmnYu5i&Llv&=SUQDK(<0&O4idXqpW~KvDdXUip%un!WX9MQqi? zy+P3Pm8tyx3^FlPQ`ZK)pKxv^R+%Q1@=%GFk8EUNVr-t~Iv8Rh!wyGd-KNqjq39s{ z;9UFI7=l$;T5I3^v3IRHS>+@FGgiI)HyAhvLKn7S8~c)l;HFX3Nc{N+2-~x z!}{EG@SkhDUp9tnbBf&Przy@3W0RXrfkpZbCY(<>#B%g6r*p(0Lu|{WtPKR*2ca3Q zPT6AvoPUl_o8W+E9>SVXultN>Yv+5O#qcgA!T90{p0h4-6R5z?`mQm~eD_X`ZrCf4 zTQ);!t++M)6=&0Omuyi_J1(OKFIKxgMxUD7Gsxs|5uDE04m4QQ=z=E={jyb?#F^PN zYISPUU4?BNT#GY<&CN}TYwxn?i03QT5x)q*L|o;)(1lOg`mYE=LC$o+u2K$2>&^!@MJ~yOu^o=j;vP2-0UMLW&f1X!G?M7$8U>ds z3|j_K!)=`8Cq?9P4#!9#SO7GOX`Go>P14S?MPi4zPr%lNXQ+z9Rl9-4APnnt$r_F5 zT4d;11j)k5J?sH;pQ&UmSfgrPn7`h2lRwxklL0V5k;fz1^~Ao%!?hJePOrEW?`EC; zVzc=gp3V?Y8P8U@0d0~cG--mfpnhI!dF?x^v#ES~CX#g!@3#8FW)mb3(Iv@LcLI812B@!BP zlV9u%mUVRoITPMmkG%EEue)LOW@XNu#?&XcWE{-ujqOfkQ<9l_U{MqlC5V)jRo60% zTCp+!2gV%q(Uw6|N|AlCt)jZT-r| zOWMvduCzu`v{!KE0q#KF-R>k=3h@Nh1#KQBDVr;4#4qOPSAr{=7U&G4kOb+hi`YmN zI9+gYqmtl&ki*Ml-+%MY4NpXZvkhjOOuy%eimePb#1Zdo8ZYmSjLI4|4MPsrbh;6v z6_opJTNu7j^jUp@bW`OiLGIhh>Wc$f?PtdW=YPc9{@sWq^0vAVMvH}jZj4mm7N-qHB?(GRSq9X4WHn>$w4inXJ|{d z>c7{oLJb?c4e)r+Dq*Tffa6?B#HI*`{RA2EZ?;GKm4w06yw8bXDM6wL4o_3|VJ8*>;Q@C=Yo(6w&8v)@xKH#5n zB|iGireSQ-cUdm_Hyg0pRPzGcX5zokiJkSe9#J~u-1-7h65Wz{7w4pWTm4FrjGE+@ zg+T0s^PUF#t$~JOM%gCnqIsl7KN7&Jk88F|UqNAz9~)DH(&Vn(fA$J)Dv@Da4|a5D zWI?r+KM_|@rIMN@Rvzedy-^q#8uX`F4zD*r`btS1;E)Sn81&vl=hn+BO>8&0dsn_= z6i#Neo%~rAd@^F=e^qDRbN_LwGw|PKk$eQ3$`C$%AEwD3%4&wH&G<=~X=qOZPg(!$ zf>~X25xAy&_+w)#8GWU_!i*%0=jahXtDT+>ah4vA89KGL5k=Hp(wq+updjGqrhBr0 zcUJfoKiFpYUg{jn*|#qNn^t{HCxE7U(ch?-xB+R6~$P- zKC`o*?h_up|4@LusoLL8uQ?Or>omm=o|;*%s-lP2Z@ssN#@4LTJ?S}iBDq&!&R}nc z-)w$-mUfbNtoj0~cU;ZMf?XFrPa2F^rRgX%%{d-_cHv4MV`3sJRLqbTC)O45XAt}P znY5Q*LN}Tn8s!iD3c=;71{tRh)_m;bn+0w8$4@nv7{6K>cA37UnvUfw_a8hJ40Op# z;ZXmlu5q?9_z9l#p+cJj*kleek@BV>-Xt zimFtP{$~5fwDDg#nE%=g`M)6t!;@Ea6+M-AXi?)33QxU23X6^vI;<~S%lnq3*&Z%; z5bhC8jh@|Ycw#bOIR3|9hjC0kqCWaao!^}6&6co1&%3U~AsOcGBe~s{mW5@)R_TM? zJL}aC#N2TndjGXy|37)v|KPL%q`6evram+Su%rHEMQMEFM0H|4JA#t4>($g)?rSF3 zct>T=o*aliR0HQscutS)`@U+DPJc=I5^q~2cvu1plF=^)-%71+!W}A{cMlcLN}7iX zXIE3j*264x$giUer9Y|;)L4JqR>=;y+jVZAd;3oAUT61@ z&#%#K=$lvM%|uX6<(YQ)7OEUDO$?)T(&s1N_mRGAoW0QJggsPJcxTT9C&E{=Rl?Ub z-EBL|V5<*h>pO>)linB<`7r9SEt;BpG5uCzeYf|Gli15{lnJ6%7Vx6yFkVvGlU8Sb zolzewf)=@;bsYOw$5cmYq~R$;>6#efvwwuO1g4d7^=tQP47nNB46%@3TPlsuFE9@v z4UZWeHRvS2OF(?FT$l;z2aY?^7NR;MOoO)9ld^5p( zI($1JQp?l*ykkP9j>S94j7GYd0*{A(&-k|^Ou(2q{TfH7FHJwN^W*hOEYY?WZ+0m-vYF~~IcVOnNL8612gRTl(nGW!zl z=}*5J%8O|8eAiH?vs^ic5*$bzX*R%q={DotWKX$_))!zjk$I;w#kwl6@6&yckWZ3Z-*%@^JH!sGS334J z(!6R>yEFk`a`DL`vg=v)z>U0hBrRLy`nO|jvsEcaD)8#m25P#SAsM|#7E$3K%thyj5ZXi|Q+44=K z>obA?X{{8#2K!;q988MG0eek=!)KH?p6+}*go{V~%JcV$eFgl@mK`u)*P)uqm@#SD z2)9`x!2&20m+`Xk&YE|&(B&pC1BWsi#TmF`=8XxmiGY$_jHqCWGmEN2?4Nf@8|2};fUDLTQYFZI%pV>Cus^ zhgK(ReSiLDt1^B#F6nb^#zyzh!2;n(h9~l3UQ*S;8#y}bIBFB64v4E5JWFuz?mH#J zo;)SWk&o%^yB!WZvZUf+5g8k0WjV@+lc_Jw@v*OdW8tjUHzG0A9o~uS{~q)Hw9zxm z#l~N%quavluM>ZI1>;6-bV4p=dA?$|Z*~@F4tPn7bdD68thQSJR?$xcm0IGAoHf>G zoU#=blftKPD%wPjslGcO1}k|+dQSPQ09>)3)R0s&{7o;VcKZzIg%0@5?ce#)8rPwVUzyG|+x zj7-Ec*49v=^$DF6*Sp>DL#@o8{%4^eLOtb)|g zii^qPobQG2CaS-ZzQPe7Fu>Ib-$vFCvNmu?Gp<$M#yVH^&+t~#MjG_H26?~GE1050D>0x1iCB8o5O^wv-HgY4 z3A`lH&onDnGbBh;pF2}q^vv+an;nRk@-~efvqSj8Gg7{A1zUpGe#%J~v<3e9No>7D zc(x&<3;0}tbDOyQZN2Wa8(;oQWFOyK{KR48As|imzTJm{|?-Yj{`SMesq!H;~30e=!ey zc=nKUba?w0LGXVe2x?RYr-8JUK;f!8*DIQ|tT~61a zhY7dR?v+jO(DH5(1lkHT#+ijq(@Ldhx0*G*@a&kGRH2>|kIDLfK1QfmzD#XUd=(A)*(5 zDo_Qma3`iB-Z_Gq6*wEwy0Dg5$GYPM4X5Oc5mbB26w8K(&Cg>Kc*>Qu#syYho-+~h zi(9zqDf@bmbIzxSb!*Y5Oc^;-u{5>dz3}r#t+TigYi)??kA($<;DZ@Oe zx2ui*c4FgMaOlL#A)glV6G=lf6}=oEtnunM+v~<$7y1#=wXfm%Gm6-sMWrir`1jXq ztyYhf;jN!?^L=!==6!7ot3znzT%opSVZqR|6Zd*hVU@inxJQz%Q3daoO0B^meWCp!B)qV^0>t!a-SF5ulrv}$+8Ko`t#``mCLK|eF zKl$*Qq^W%nix{t15tw#ZtDX!y-QR85uN!PT?jWDvRx-_N{5-wlv_rQ^SrBL?Il>ej zHX*~4Y!~yAsP0u7noL}Vj1j7Zj#)PVd%I08i@$u`?9-A0qiuL)WlFzN)`b}G82Oo0 zDfoC$?iFgQh6{ks!)wz+xH0y1G5)(MYKPp8Gc(cE+4XWG&)k9*c71FHoO$i)4<)L*S!Wc~+Lur|joq z9G3a6?j7%esQZA$)dh8>WVBo>V<)NwxS0~lbd!B_ZP>S>*}Sn5=OD@+oWLpK$g>mj ze)>Z?!eU?~GuXCw6!w8~9Er}-`Ra4s{TkxV*R}7HWLj&1{%FaH?ZyvG{iVybO(PbBd;Jk0E)p(2wr znDH(7mh8=*U9zw`g%64!>G;#?>^Ra-1=tJjnhnQlw^qBEdx1OOSeRihH$g3LU=+H& zzs0bzl0jF+dqdTOt|ry`dUa(UJ3mi=BhJlDO$ATy@%o9Ip**7squWJAKU zR7PvNwa0GtLlu)kev&@ywmwc|_{_`^pcav(v(&7X*L)*xY+|WWMuOIr7^?fr56cxulGB=~YfO)n z2=#dAM%$9inmQ^3ovM`3tko)|0h<%kj3Nw{ln$4UmUBfIFF*`Byq&}5dI?UGh}Ua| zpprcWdI;IAIA?@X!KDu~N4gu{<-`}Rf1240RKW~mHzE}_jbg@~RWg)1JU!1%c6*JA z=U8p1x{CHWnl7hNu?`BxK$qqWBu5``77t^q6Ep^$OAx46aM6H*qsSGUhQcg>`%S zY;kMUl=?@a$T-e$8W9`b9PWBn^&PEQw_Mzod~b?2qNA%>l;3FYkZ;6;b<SuS;De7_hCEjvQDoNRJ;z!*PG*(|jyrk}3xZ%U}m1es5CNunM!AD~EiV z2-)B~vy3Kw_^-`{>7_hwtD2?0ZN5Wb&0#hA{?xP@-fIH6n>>42A=l#xbFWP*`$3-E z;1h{VVAL7;a%OW(gmk;+*Uv!~1KpKvX>}blKW}Fzi%+S3-KhbXC|Z^${=MJ-n>R<~ z&rWHI@(Hp|bnFHMUx<#sYZ7wJvS_TbRpHYMnnMaxMKg-IbMBAH{QpA7F1%l82!6J# zJ03MN;4Ja<<9{%>`fD3UV0*L6_C3GZexjFNz%Fu@X8bUluKqRgn~jf3-zogfHeT}L zK;_r9EZskU&bR)(B2$r$EGh3y+$YiUl>Bu_97&Mc5VV;4D~4f4t<`^INFd_G8b>I zzkpJJyx8~!9Q@eT)BiE>EB4Wk_M1acyYJdd4-#IEQ~@qeUlFwAKMY;$^|Ch)V?wkg z)m$HY=s4O@(Fv`!w7g?;bva1)EQE4JHGQ|j{@6$F>5oCW0A6@npyT|k^U zpno{pxJ=2y<+e|*V!#cgu8VRX@Wx5NKXsXnO};Z=-RG}PylpJ6=cYn`b>basw4EIk z$o{(%?@dvgR{^XgMGkJG*PA6os#6IbtL?H%$OPSX4` zex2Q{>v$V}@W(&){l~47V5GPKBX;4yD~z$A2=~9X9OXVw&uz`n89?P(@7_(9iSo(P zxs~q0^B>>)muHTFe52bWrIr_;`~`D0he^}h5Z4=Boab;}r4HaflLEA@0uEfvJ-sy6c-KBo%1y(CqF%5u+zI9*=)es7DH zIW;1_Bp%lSJu-QlY#tswpd^63d3tF|DuX$yqi zwi|F|;y3W>W!gL=eFP6<3CBJpr7gqAA+1~mF;=3mT@YLEcD&M_E75XaatfHBHqqNO zu+$6~j}*(ePb#m1jlS}Wkgc{2Gc->oy;6l@(zv18qr)LLP1_F+Y^Sz5AAh0V{z5(K zqW-`jt#DM4_6c3tetiDWOsP*%!Lc=x#`+O(DKMKeV--L`JEJiS1x zdaO)u%mWDVGC?(^6D4Wx4SQL#iKh5wX9)+?%+U5sw}EGl;hP4DnVQ+EiP4rd$)faTasEj{0?$ z&#)eIQWNixZmbjb&~-+AKjxHXAm4AcZx4UP%C0Yfm5xo0}QPMuT#C$i_y zQHd>yL4cPs=)%jtqz3u_sotD7wNHLn%&d|c+}`s1;)rMU>$j^ppRe>l3wmb_DqraY z!G*&d6Bc2%eHs)AAbqS7>aw;v#czA3jJmM+Z8-61?!l<-=9XVe!m*DbFEXPAKIecM zh|B$oJZ!D9z2MRy^K~8LAs^dv8*i2_*Ti}Pd)>w@_`5X)*-sNEB^$&3B&S+p&lHY? z=$4c}m$dMYY%e>b=)VYU1=QM?e#WyK)|ZEIgbTF;EUZ@K8ze(sgv`S%2h{YWXCI2{ z=$FLQX2lBq5w_=mpeLJ%OGZmCRZxAW&IZ4#=niw3&D|+5a~KsAen}7vGY{14W&Y8d zXOin#`0=jtuz;vVF%S(!N%ULfh@f)lda{?7JJp6q#DeNDE_PbDmW!#G zgYE{VkJUlLweuj$1+rNd?p8cGSVbE3;XVR zPwHQhj`tbY0w0yItN!S_&0yFT)1#oLO!qe;}DiGL6${`P(RXZQb~ z10ZXh&(>u8g#f8AF86vj!mU=@fS-F*T1s!fwfNZyrP(>Uv1n2^_`FY`Z@4+p8rzE^jn+;#k}g)e>R~1 z|MngKQ^kJ^_1Le8_xwWVkk&7W1I^J$^Au>~R^PL0;PAU;Q``IHQ)*GrFv!%w^wi!mjS~2qO~>Vme9Hx|WXQnqCi~i~ zA>#1QpD;N}wU{pG5`T-sYT(}Mi{$DT&)wiz%2heHUdAZUkH}UrUzZ$cW+u5AYDWIb zl|p0I+To*;TifFZ9@G;rf4iN{<7x@%5Z9)d1i= z*+7QR5deNd)Hh%hq@pGqV;UfxY6Z54>FF29N>cK{gwRMcMx^plCAUFN28wGoHm|&xrEWIYQ1Q4 zX#=Ce@Z<%ourD>qu3dwXGD8@*H_w?@#S;`_?b>Re})O#r8&_lWSDV zlK!3p`#G?q^cU@spvE)3fiDpTz8|UZC1W!;@3TdA;;-r&C9{qjJGpS)n6i2mJaQAx zbUyQO=Zp|IOXGRgGbp+|@QynWV20oj2>_1V2MbGY#8Ni2HA@ns7uIv{0tB9loBr)E zW4k%n8#(51e>i!06%Fa+6{M>RFReaxTP}HyFt-QvHv3tuGhJyx4y>~Cre@+?dwo9< zjY%lugX0ol*9{KXKF(bw`RJ>TXJSo`h7z}Ynu&%xvL@E85zn1Zo&*ixIP%CW4V zYc?QR0|J0TlmUo}HJe~>T103S3!6t;n4McqgKz8fl;4o(h`W5|Pn$fUPfu)1dUJ?HKTT)yQ*dpgJ+giY!2Rn zU;oRv{-g3w^UB*J^Mk$4MADb8B36Re{s`J2re$Jcck_x82sMWTe4m@%ByIRcL;vs}c@SU9KKjLQIKZKO=I zq?}+&-8)!Nk+itEgbchbzt3JrkHSy7RF*ir`qowNyZ~iu;yY{la-}`Yt1gCwj=Vb| z5L2^7NLYD=w7PggdN|Hkj;S%&~$K22k(aD0oGyg_)QBOjC2!=~v6w0A%< zhsV;Yg6T#*>S@M&H(GD1(w=QLAZrtRpfQytP{<)+=ry{VUGYA|5$H&CQGFZs$ajlj z?dKOU-CZT4G}VkDJbweZn)&22dg4Jn-;6Bt+*+mngw-WD6P2;UU6%kK81C^@O?V@x zF=8|Vx!v?mk0PP>d`jKPZ|qv?T@^2{VGj;fRy+fJkD-bcpR^?^tUXe)m|lqJkfel; zt+87f{yAmekYI(x3UIk`uOxA#I?Gf`Z&VInz=T%v>F9^vN_-%Z|DY({x}qia>6Xc} zt?m?AmBt38*w=DayFzP{BNfb$DU-NmE5iNRI+Ey#%k}`Jp5U1+RlGtEU$BKvJ3YAe0}C9q2oPiF{$+UUAdbyU!zu*n9-1ay^fEdC_n~7 z@J_6|aVQaSN!J%a+8Bx)>OxN4XY>90sq>H+F1u&!w44{&_*})u@y}XtbBtn?@o;dn z8Z+9J)D)Nmf1VX`aV|O%npm!c*(6)N&<^vYmS~A)nPKrNX1(zxEXXI6IS1_T4YIMF z%yuifyW~r3Y2701op!o#c-a2iz7w(Q_oz|+w8f_cl@f-^f{6bBtWWtg&o(+*y$meL z^}Sa(aL9{$#jV<=pblpxv855~ZE=-8n5*PH3r}R?rEVA)i-^2*9#5+#`&p~k0fQoD zEA3p$;mm4Av+MSz^IYHk<%;P;OT9)gv24`ZG7jBKxbtR$mndrWrfBC33^!=($M>NE z51Q?GW5ECKgOmTc)(<+?HX10#^dTc@z=>vM*^e2>cadhmabfns-qEkWMgsavM`@3{ zauj&B)#j*#aXXLqr)rS5&=l>-YzfNMtCZJ&*t-9-;7I{X>JH#ZMQA^QJi5M2yunoa zUa=@>5bHKYsgGnNRv9=8xVGCkH1>pFQoee{B6K*v1g*W}MVG@SGT;iOP6n|iCI~Oi-oE>v^2g;*bcT{0E$|k_ zAe@xvrZ$fsKlVPH+I9J@q7^&0(q>bF9=Vh7G*+oHD^Rwm@=5748R-DGN#Gd>!WkfT zw~Q(uXVOwfITC?H!#{IQ&xIZ=bVrc2=P8~QR5PTMxR*$>s zHYuK^rfl$>=(T>n4H&PSE%B<0eQbyr%U1hBJmib#1W%0rQeA&{SX?0+?|s%M zK}K^2s9ZT2;Nk3lbuDKmc%Sh^GEvqr;l?~CV7WV_pO!8gT>YfDm(qgc99r4(0?(u3 zHH%#POiR_kO5?@D6V1VxRQ>k}H*0U7^kUUAxJ!kG;XL4OHNSSnoNs;$D{To8b{0#V zDc9`K0zPgpbj)L78cr&olka+^;eq*pm*6cg~g0G_c_*Tmf#n`(b=gaWH33Fv;YHp5cbSNLVOl4Yxs17de*hDQZZnp zo&ozQ&z2<35dvo}blIE*UQGKRPo+_hAf?z@V{ymf)?vn%PyNurf~0Kmxv-7^5Lowec6&VAmO0}Q%K z(iOcTgt3r{IgASw=7tOtORT?tEAjF10HwPhT0PYo;}EXxmb#~Vs7yv0h-KV?VZoq0HVP6c@At2iBdK^+vK2ZPvJd~DY!)pX*DzOS$csK*A&VW|^5r;!$u=(nPr znd)szy=FBYHI@`PX)Tmx9b^C|aVwAZ@bylqR7zCZZN`Ga|Nek`_s zVI_Q-R($2x8KA*^d#LZL5C`5~WzPOFY+Moc;+8PjR?z)Qw7)YQ=XtC#Q5ImUHm92E z<8Nz%=h`EvqA5O>t~v$AkUm`>cVz0j$2=YMgt)s;~ z`pbp{a;Xh}HT0w5;h)5p-mvMB58r(l_j(ak@YzhhJqplS9bzWQt5hFgam`GY6aJ~Bu41UX!86O1 ze-x(_udU4s+{;nOABK(Cla>dNI10a8xCNGMjvWn>ek86h2gl7+jCRGZeV>Hw79lLpGbdR z=FRK7D3zf!*}&YE9d8dzhnA077c`J$mcA1@Z@?+Jyo$nAGS>2ZSdFpnX$g4BY;vb|uRd;;gZ$#m}&} zfiAY>XV>Ijdappk=DF0+fzFNcXIfb+Qxo}&@pDysth8^mah*1WvnOI}pSW<+MI2Nr zI}e2@epvji5;@~&OPwC9*fjQ3b(aP1OolnE319+5_J|aW*mj29*(V{gTuQ_0HR=4I zQA!ABRF1c0UAl0Oi4195C+&fwjPkTT<0!Ml;m2M`nT+eF{E7yMyG3@3Rr-aPqhrB+ zJ<5#prBWklkyhUQJ-GPFBm16Mfef6{EA3_(9vYAD^@Tc`pq$_YU)>mKQXeQRy;^Pz zu-u-H>om2%98VWi_N9={Oynn6C7J2hTU8=c+1IiPL~z%iof4JC-H4Yo(Q1k1+1uh;OQ;J=ov>1=hx{w7e-SIh{hz}6-{q-2 z!Wm8(F;$EHe6o@kY4vwBebztF^qjsu;)73A6XWlm=0k7W_4y8OGCuUgDfyboQrCY; z_L(SNt%84Q)+ugTj}rE=TQ4lX_iy3V&lI&g8^ShAFfNB-i>9A}Y5f&JMf>eMe>AvI z(L>qz{+P7+$zwfpjS?btHFW@BkL$+~>3RhGVvsbe(D zwj;erMWSl%l>O4Z11`cJo zEbC^T>UOs>G8Us*0b2<1?WYr4N$#ETH?D?x?JQHg!un~~o(8Femwf{?TXr+x34gU^ z*xL$ubZN=V68LLbrC;~^NT&bp_Mt7qyA;@8JbL>HhaSC4haSDnC}n?V+FuPwmcHew zZEdRq3jUsbA{}O*%Kw#p`ftoWCH|AwBHQ6o-&O=TeRUe_@Mg0_+#{#p;h^eGQ25hk z9BSfomM&Mta>}{U& zK-EjCR?QyIuXKpxd|b&pqV+_S?X@{~tE8yn*cI&vxJ4D_fmje z$SRU-AQQa&E`Z1u2AUlgHfaLjAeVyQ+~n|VXb=J|DptfKJDk95lp~_OxRdYD;H~!S zr+e48UO`E~IpY!!4(NCDEFQCKqM*(<%?4SX0?jf;&Nq5zwla7vopPG853aCab3nT; z_sb{BSx=@qT6V0|Nx=2It#57hW*EJW@tx$E$g`Rs5pns;@RGahmDw9UXn%y|`|d#= z*Qys$4+eZbk$|jJffl(=6gQb-}X8LQq?^nF?E4-!g6gcZ#X$6mOfNQO8^#VKU z#j4%#BkMAF*S!`2$*@uJM#1qiu8cnGQuB%&u#$j$AkuqU15C0w9)yob+I=vg{5t(! zkKoV169sR$59=@SA8)_k98_)-_p`Lfr?J`)V<-IhhQ&(7)#TG*m+Rep&ZfqcQ2_O8 zr=^18c7$g4qNg40r{1;Jk(CWU9Ih!C264L?6gG^j2wh!sbgO!&%V05NHU?n`EgfgY0Ag3mM)bE~Cb%fXp0;H;6CFvUrxlK(A<_(+JRp!mkL(#UK&|HxtbGXmDVi1_wud4i_yrL@+TdSe~cj3M@4r{$$$)pd+XE|6Mlz7L=?Pw zJ)v-u#Ji63n({7t84T7RJV8)WwfH>z45lYk-^2ACBmbK%qb>Ajndb@oddf^^IhRtN zF5_nNFRE)WbD-3rWTN@9T)B3keF8KCZH|@+VWgx;s;J4XTKRgHN9t*kd<{N>mPakA zfib4qZeFB^YQ2@scTt$GA;cRP`CHZASb?oMxyFRE0979(tz{aXjU2Tus4Z{LJi$dOqVga zthx@T&jrEGEw8+Wk@tr|+vc$*0f$=dFG%I$v5A{NoNz}bY5iD!v+cxl+dcU{(luI1 zrjjAp(B2+*gc3Dxj8|#4ukB;X-u+z3FHC`L zi40lCU;^)PHDz7Of0^J? z)R9(08GNB|J*;l!WMoyX4CM#pq{Vl!s6lT;7>sP!R0P^_kScJK8p$i&j~{Bl;wCca zHgoZjy-5WDtvy@bk3#Kyrg26QQXwesI=V6tguQS<5ib_m2<`a z!QOcXHP!YFn#T%=AV_a2Rl0PkDpI6{8X$xsEkJ-!Llsntg(_XTlmJNx9YRMzY6vX^ zBoGkkUAl;cXqzE`^WC=%+B{u=1k7anUj-qpZh+)a$U>^@-D(Zl;5q&+Bcy6 zFM(^F*c7?n|Ad&+nR!`|5#sLS-=SWNL42kX^xQ9%eN;D_ZL)cZ5Lv{Od||jpnb6Yt zJ%}x6(L&_w-8e}h&EvSI+EJLjJQ>{?NvWaJkT}@eFGY*1<14oJO=Xx|`p|l?S`bw%~Zf*Go zpPV|yWshAw&NIYL*1Rpi`S_qo5~}qw0Zw<0U`@95_O}&#MCXS2WP{}}^P7vAPDH*Ew-+9;1x&^<+x2OBO(kxl|B{>jt^4d>rHE!on z3= zR^{&i;GhnP3HqC3cDcUVsH(o^2PO(ailw7|D-X-(PFQur;N)$xn#nQ%EN2@|9&`pwWciI7q&r2hqnvgB)^eCTYyJ0(xs_kssKKr^BU$ZKF|yBLt~{Ct${m3qgH zLAvYc?A`54T=wsamNIEKE@XcacI(pOHWzU6Qh7vekV0lK45(r)sWx?v)R{RyLMlX` zSVF@@$DqjZTEkOM+{=4EbD<(?d)-5RN)07w)BC69TGp6USEN0;C^N}d^-zL9HGM{e#ridmoU=F!=G$ieaPbeA3) z#!PC)Q8}vwi8-n)whsTaJStt*37|a*N2k=dS+@Mu)&HR=k2pJdHmSFr!o}vLs#N`I zR3(5x^tU;TGWV6V4ZQMWErJtL;S~O?k+^{Md!@h=k-c5=q| z=XPNx;R*h>A%Cb${oHTyKHc=^vm?3I%L-|G#K~L^f5xB6Il6u7>nUl(g}gP#RtMEE zvF%a6ZW=CEWfLeOY<}$pc_vorNho2`E-NSwS}Zkn50bd4xDR4nNza1l=dg_3S_maG zPE4LF7^+Vrl^uM>g|sZ73MoH)IcMIw#334ouA2HQ4ZtltY$D~Y^7a?Jx=bh#i_ifm~{`fOmKB?eMHkWB!M6L zg?KjLR)^;Z3r8%zmTl0;lJ7R^3T%8lI8?JNR0Gs@Avq8eyPlj_-_1O8xhU$>*tF_rlxkdxEzsDNSqKOf z18il&*;|l64*7_&`cIym4NW0Bzw$R*Ib3I3F|DbV!55C(LEv3cwtV0KMe-!?5!bTH zlI|OGq=~QKwEICm@6#>m1V*)n2UY`Fp@6uFsdUZTH{(8o$k#V=D%*ksC;+W$Lw_qy z+X0KCsCObPqVXr%7jTvmRe?^*2^M*vMwG%42pmVV45>sI&RjL%9^Od3Y;4lDm*IX9 zZy&6^yY2YZ>yT4*oZfbhCH-Kh#1B7KG6++dlpxp*8r9PCho{wrwaR=#jzXst^qY2j z(T?am5wwA0Z_{8vt`SF$0ofMyQkiFp3!xb2R$#g-D}=yJbm&j3l&k`-i!km)nl9UhuuBw=N;70v1oSgAJGjE;4X!VjHZ^is}m% zKW;<;Iu9T^7^NDy^SBKo?z+-hY^Xt~I>ygd>|T5WbA<|1o-zy-&LE?&3<|6;1GOXx z_`K6W)9x%T-`bVw3AkuN^Z6tFIOrvj{7 zk0>W(=tA(kQg-N4yyj}T5&v36{LB8eu+WJ8_Nkd6aq>jYlJ^QnS2x~hJ6oG}Vy1^N z2!CRboHq5S|{i8JXI0&A(k*G5c+Zzg)Ep%%zlY_h|EN%+KY>bg@^Ts?YZ8 zLtLjPYUiGsDsNI`Vc*M(Aebo93Px zP=w^T8OAA5xkFNu#c0WdU#+5GoN%B_Kib_9QK#*UYNIZ14ROuty2Gm`yy1EedXmmj zCca&6;GEAr!jgLu>nV;)7&Dv+kfHC5_?d zl^fbMa-+N4)s~D(dGJkac8K)RFxfh%H5Lc5r>uv~ z;?PK+-|OfoZkfO3^z2dDj9ymiQ7aOZTk}~VK{s`SDB6cDIu{G&pvQWRuNa<>m?38q z5v4O}Z_Txo)3xL$OkEhA(XM~Rae4bc5MeMr*5XouY#)OZ|8fPV_B-DFN~GTYgrA9+r&o046ta1Ft?2nD?(~%BzW5~tITtCSrZXO()(YK$&a(cq`&*fOE?T*K8?-Ny2YZ-*P(b*HNky0>rbZRD)1bj?jmXRlc)@^o@8 zYFA}HK{2&1w(tgzFgI~K=H9N>Usd;Bn;#3XA%;(7@g0r#Mt=W1G3($CVdJoCFKb!x z?eMa8VNvPYD__zFDo#gkJh!b>GzqZ2m&|D>`MyY^U<)a_n@HE}m$YT;=|mp4>Qh z3;qxpY>m0iHa&1S#bRmCRZ)MCRwb5#4s;pv8Tegr0F3A~v%vaH*7DxfjZqUz`Bu>y zuv2W=R0U=#)U50b*l|;`T{h8OUC?$Dxew|T?F?o)E0Q3m>FZNFw|26)wi~+S1oqTb z8NlI_p7AkIt7GxCCGO+^>nW|4pE))qB61UhT9*eCEDWt0n;@B=tvOt3i6{&vJIQ27I!eu(gz$=fDb2QT!wo&V2#O+c{of%Vody@X%>9P$2E$WUQ>) z5e<0ar~DILzBn}XYl#8o3CZw@((SgHaH!OM2;F&@DZDeqOWAfYd*60FT@vMm>bvM( zS=~!2n^h!2TP(Ep7%DO2Ydee$hY!;w9%7cdY{9Auv&ny*TvlguH0umeuvh)-b ztW2s&Sq;hzYRS?b>z3&P1c%~49u^5QQo9xD;TDWQWkDMG)N}ztGNIYr5R#A|6SLSp z`m6N1$(Tr1lG)7iE?#^-J^%VJj&V_?_tabPGKnB?gkUq<3`DA8w|)Zo>hnhTJI$&< ztjoI+J^mB+GU?sIMCDDPae|pi(SG^DEbht$_^o#D5Wo+f2>Y29ti)Ws&GpFdb);7A z=?Zv>Q8B8XqLYymi`;UBBXuzC^;Sr8W$zor9D*NQM*pW1qy9HHi$)dd(Gi9Pi%JTht0i&9q>x+ z{fAr0*&>Ag@s+B^?xUZu2LoA5H6gVnld#gp4GzAh1SV1`SlWXeZG#Qno){3L`EvP( zy9d0I(wiUzMgL_hZ@UXu1Frk`i6*VTZjfov-fr?%w3?)CtC*$RCeb^1r+(3u2f85v z$zNCf=9cH_;%_1&ey*ZY)7;^T|+Q_^b3lNm`@bel+R z8OvHdchpjGs&~4Od}#_@+#(_Sy^PWP^w{=O(T3|^CS=UD6(yZ_dZd46^q3i)-+k>f zdtEz0I6NRvduahOS?uVM-@sG*zUp`U$o!HOgMgGGL0a;Mz8@Y{nG+(=O$yFLOBNeBWB?PlXGVR8?zHEFe1TLE>HR%b>g(ck^XU+)Lu)-^Ivm4gE zrjCAsbpqqezT+2sqy*NxzIEo75Mrh+oV1F@a|RdGVf|fFWF>%VzYf$yfPq$q2p-*C zfi7(~XLZ*x6AYY|@Ft6VuX$zD=H@&b0dL=KE8Wl90@}idc>_fXcv7Pau`#M^S9C6^UP?XaMl3#Jmf&~{77S_R+pk}cH&Fw zdL|=9(gZ1`GXDl_sj`L|{pZDc@V6Q9 zjfE0P3r!LYx|L|g?O?U)^f+`_&^NU{)enfo6n(3S6$@xfqllUoBoRW{sV(v&;>^(w z%rmlBv`2>p;|%quG^HE|>TaO#b8WQ6EDnp&R@@H~>EsE|_AOmaU9SYec56t_sXdx#k-}m&l!5`82Gwvm^b+qpi&Qm5^Pz$WW!lX1H134 z_+-;4^*4PhkmnZy2TTM@gN~qUeYCQuE-nW?aSWTR|4KBq&*7uBp@06U|HZ~%lg*hD zUxFE!mfGgiJf6(FUuCkw0<_vUJ+uMWmA}-jjfge8rV%Q7`>4Az(nYnrn5Iy9Q`>xb zMsD;4uh2>2<5q0s?q3}Tf^#ELpb3lTt@}M=2GIvf9*-I~EhRK|%8j|ua@Eo9$K;9v z`1TzIJn};Y=z=QF21?AK;O{8iC4a|wJNWhD+#VM zH`z!(jeCB$5g$4hf5gPB(-5{Bs~`MOH1{CbYvI?fpNyN6<$X~|Z7;31^z=0UnY%%` zgC#}ry`on3k6Lhw3_17U8~TdPdPK3*zbL@*?IY@e^-N7LXQ7OIr#j4m4p9ZCt)~-whv!W%`aghwyYZzm?W@(r!DNAs6X9*zN)3#Nn1)v>3 z3KYuWS93@K=`B&r<9KP!zTYeb&dbJESGKPq%QOIKtNzt(NW*7GPzCFL!1 znO&Aop-Jnmm*kiz^G2%00a9QnSCXikmMmZ^!LF}d7#14)6g~<`Esfc%Reu@Fi zW!in18evDXb-J3?+=XLXxCXG-0t14E{OB#*)*DQ&$dOQEfUo6U3@rKFN(x%cUFNwJ z58M@ve_Le-A8gb;+ydw))teL+tjqp%*r29+@6l-=3L$@b2_?NDN^CTsUF0Itugn*Z zA@?fnu;+8zIeinGGQHRm+p55+%a0n=+!t6fpaZqKLv>};cLWCY7%S>dDA3WEDH%O- zST$CPxbsZ;=$CtAhRuZhx9ynbKts`FXz>ITAo>G*t1%r-bV(jGsD!piJWbmJPP97p zTnapx)SMFz@_UE%usiGbQMgOsEf-Uc9hHzLCr58G4-(Ply_IkVgT}j47qJr+_{b5aEgSqBkMber1mknr?_lw($68xWQdlMLp zJ_P6pn33H2e%qZc?iZFbo-e(ScgYVb@)$9j=DEzfjI04p!{v9DKidP@E$d#nyI6N_ z%8D;246{^}A{0Lm;hzUo%_8dSGyuvnpVfFi9z0*BH68nyTWWjNC0Ca(-tYQ8?r{ig zA%Py`{2bV^uKc#m7i>|P;+gYy4rx_WgSbP%ho!s=n2Zn&n9z%$`*c^*EFwKzZiezi zCc8+rs^E-xPL9-EeLw+@L%*Q8O?%w|1+3HECHLDDZJSj%ZLTLz_ZnVm`Y5glS2)o0 zEfXC7Hi09hc+7|Lf1WPBB$wryvM1~8p;ydlmwy*pUZz<-pvat?>>`^DLgc$UJfM+V z6fk>7ciS=V3yVi_iecVCk44Jzu}y0ORmXSQ3r7l-mKDMCjuRKoQ3h7rkJ~_mGX3?Fz0osn&_eT$>I3Oc7-ea&0VVr_40$mB9#Y86q&* z2dC`cWodacmTNLI8r9_@kS=(iSTe&`{!yhf z@`#Hzy8bECiURcIV;R;5a02JoM%@erAd&Zs8FYM9_fEYP)H*#N3A59Ua|JCGSpgu<7j;k~ z%CY^jwf5ULJMoVKzR(LiBWlhUAr!FbXsCiIV}=NlgW`U7;CY$ZVXoE(ZVS3>y0e+i z!etW#oG;l-{0ggOY5>ua{Uo4pbD$T0U<%emcqc8x`D==C%Dw52nUMa=U4ACgJxFJm z9>JF2ZN?>yfpEHfv&fxCX zpn9@IMd{_u@TT779Ax+EQZhqRnP)kf1 zLhe2Ca{YFuLG(6Gw{X`If~@^fGBm;nH*BCBXWA@mcZ*r(jSc7gILvzj0ubU9OEtq zML?IxFn*5C;0(qU?c2@;sf(0+2h5RtYMLyVoZfgde=a@_dD%7oIDI>i6e}h^y7Gu+ zqNq1ud9^=x9LMWP75RISqFPW1&iILsSTJ<_R=`W=;xWyM95fg6=p5GVJHHq{Chzpt zOW7r;H5VK_t#~p26?PX|91#N|#jmbaa<3Z{xdYxC5N4Zp?jF(op#tSO{GoEYE%S#8 zftP%m$M!Ub%aGHprp=2Y_t?eHiw^GMgXh%7PxjhiT)!9pP<>PRz0gugN(xl;nmC_7 z1t0y$e-KNt!oDrL9rWYI#pU7W3qj`!&vz0pEd(@-50pK)8?Uwc-21Q9^v)a}>*?p| zcS`8=pP412r$O4k$qR{9wEAhOpmx*A_F5t*sYwJ^R8d!gl5&@qPss-rQi>tny6%0s ziZD-klABVRTic(Tf)k)<8w68y1)~KsKrR_K{{G;)L+yWuO7$D|nY>H+oK;3SY^x$N zX`?AqZBv){ez^XdB05EWrZ;lWx?#8tA|U=DG@PiauiYTBlf#ji<@|Z ze_?ZY=Nsy@cRXjjjmQ=TE#e6eK@Cu%v|S{IU-NU2_U#tWt4!+9BJVNN9Pl8qflGuM z$2<`~2Jos*{D_+u~mZ(3Yxf=_uJe;V)f(B#)LaB_W26YgvR3 z9-r0KV`ki=?i=#@UB8)G|6F)y$lJ6 z&*gAn$H{I)4*Cc7L6cXurm3&c2F+96exJ8Y;cf;dtp}N19HXM*^?p`S(H>|Mwp`Eu zX8lWVU0!)p9Ge3;W#*$?23+{avnOI{>pVchzOVj@xe(iR+k;uelUmHi1?q+}rO@K{ z+UBEn(tszgjL*lke^MR`t~V_sZpho8XMX&+bIOfvp9)LgEcJ}sCP9OV+z}Q_|ftOi?9}_%`z#4O8w4;q>fR zOPrf$Z&LzhULJ!8VT0RB%oDn-ESd6eFlNpvdX>xO1n6-HAp?|V>ZW0vob7ht$a6km z|G~uVEFl1Hf*@E+hr@|S!uHKPih48{5JrJ0>DurP`5^liIS&DwG2rNOJ9y`o+g@^2 zH1efR1x$WYLc8=6TauS`M~>L>K}_&7WuQYZ(x<1g^>~(JIWy7prJuS7FSAf)oWG(h ztpB4jI_3W9O#6`4r>oZtP;x`l`CqD2-1Mmx+z{JpdI8Q~ag=WT0&`ZgoJJM%Bt=O7 zL;i*Sb0|U8`_a^^GCymx2e_IZHrw&&BNqtV#KmWoZnU@Iorh1}1QT4%4(Q%~rT9(R z<@;rux{6m5;_I#!_w#xyO~&bd*q^@Z=~jQ7*6Xn$21rNb$ZBgcT44O#uWUds-VwlPPP*M{j# z=5n)1BdQW9Nz@9lvdEH08q^8jOL3o3Hk5bSGJVLPI>W}XJG0bk+YD6Iee2HIH3}pK zXdE?f2B@fahB^iLKqKYcrBG-3YWpBXBes+93<-`2TlJ_M7oamN*Bte!E@X-3DJ)=q z46(gyp1qB59~HBDY{n|lDo6b8f4W2mCdG9`pvOE>zc1P_^x~wC(qL@v5^0U2YZO1HIC9&)?fGrtk z%VNS-oZne9w?4$#Beo{^dlrE;OQFI^xwcq57IPa?MP~Lc{X=!^D<8CQ5%`B{`Wc<< zGA=H(x8r2W?Up^zaJ1#~c-SxRw18q)ySl2E^0zGO>`cXN*7h-Wol@w@#U2G&vCzo& zw{VSg;35Pz)-II8V(u#-Z0dedybT+XMrQi?O{zcz_%L~LIo=oQh#${s#^4m*lT!82 zYr7YngSKb*Qka@r_K(#Hmp#6fRv`5SnEfr=s)UEl^Hp5);Z7XI?7h+#PW>x+>f{+> z{N^tASG3kt*QqPE`@+8t-^fg`nC-xj5*jSB>JOg#hQ=wU9ek)z0HlmlXf)B|UH7Pk z_6=)omy3D6s(cF4UvV{)t|~UGvYEtLCIH>y; z7P{8q7jy|=XNSHk`N!6#tzS>|NkH;4rB8q7+PK*@_ew`t+CWRmlb$Ph*~y}*MWP{2 zVR+}7R>Os%r0aqLfNG-LL`H)MYl&J?GUN z*HyYB{TeZN8>%VqcqhQ*wxPM>d-#=Dxxt_KDYGcmx;=ONr!Da9t9h2f^T8cW z_19n2p+Ysu9J%l*gTdy=0=3;-=@?}8raAQS86U0~r`aPl?_?wYZf$&GJMhFKyUi4| z4=d68mf}_@kXl+)m=BIhyV;?<@xfv{>~*RK+8T3Vsl>dTWe}Wm(ZZI&w0M$30)VWx zk0a1ReWf_==PCV=)mOaYwiVBJnWuk|kXT>eV=~o_K-$VfZyFuTf5jQGvEmZL&WK$lyKwo^;T|)sD`ii;hEh?daE%M^De(3L2 zsOB_`gkuxj4xRr2nJH{&t%?hLR$v0y#3@{Nx_LhfT~QV*i6hb{AqqWv@RATc25`p~FeXsjg5qn1L6@BfJZ{J&)IFugxw@tlYjnh_t39>-Gz^)=D_ z)LkkL?Anw?9^*@wXKkrNOJ%7UN@LV5_Dd2oTwQBQx488=;oUF%UCOeh4J;OOC{xh3 z@>kd38M(4lex4+^q;eLe0~WeLW1@HjR;Vy2d=4jX5eMMnL10 ze`s!v{4^he^A>-f5B1tjTwa3rqeStRkh|?T92@2|?)_0CDxvA^`L_9pC0kuan!Hr} zQBvuaG>T5m9Dq(daCxoWz9##qi=M|c{aISSrI+<*d}$uDq`u5I=uWb^1|x}7)Duwr zrQ|I!Z^7rq|03M>&)vM5&k&fe6Xy$H{4Q;vB&K)0D->GBU#9xxTe8Y)xz@^N&5HJ* zRBvlN8PNswkJ)L)v)C|U{PR%cm^(AEWI;owSJBK6NMts-DL=Hp$bBG-ztPyThSi*H zmNsm0gg`?0_>>@!&}7EpT^@BOdrol`hcC1mPaYJFj+-{f_-lj+HHo67tg3uiUdx+1 zqaRpnmL`2S#nC(8p=KHhtnVBp3E2Y*mL+BqsuqZ{zzBtjAswenwDW5ItGxRwN1?vk zim)M*jQ~v(?^L7;^XCzW%e-4)Ro;&>2gHP^xuJ8C(`sP;@+3#vz0F)7puwGK2O>ZH zSLc~{*WRc06kuE&FX3-KoO+@+$ALEm%}|r+{xePGWtOG``|&M>zbok9mMJ~R|KZPl z=wBo0kIQ+SM*+r}iRMFio<}b+ZL3oj+qpFZ`mrH1ku~=*Q2pVPWrzQ$L4tKe<~TOb zXy}*UmtPzfO0)77xm`7Ya9xz#qjQ<^0kU#Y&$th;Zj#|$UR`4%Q;sL<_CiaYu4>JS zwpH)d>oXR+Bouzb5e+2B5pUw9rK3L|3n>YvI-YMeY{)8wmc|`##3E5jLfOb%N5|0A zn~e9~G#WM5@otgbNhilb7@$PhYqt5cXALiQD=*=M_OlF8IFn+5eOYaDQSx8Rs|X8g zF=~N*U0}NAH}dDU`_dgVRnG&CHe28(mi4HtO1%HsroU=#yEXC`ZL4%5yMdbWLgm?V z&;h&xdT1zJPGIzw)r{Cbl3r<6PMi7>;D4H3-3QICKI$f`w4Km-TaG8x6x5(m;Y`0u zO1q{J{2t6_JMd`75FILN!&@SahI!b!uCAX=b!iN zf4*@wpFvDGJg+@fD7LmvygpswMt7va7LHi`qt6+zHa&ujdcl#)dYJ=gapKu4&dYRmK6~&GprE_mGUR2&Q zm-y!mEcf>fY`(pmM6bGoyY*Tm)kwS=jk>o-1hWTPJ%9PyM;5cM8Jv_C7~l7|X7_K>?f2Ou|Z6Y6nv}FI!ulWD1y%!w0nnLyNDb8Mdz5i|P_8%(di2Mz8 zN>&pb>hg&J)qZON7J5$H;rXlK;s3@d+=;=ttzRBbsyy$^?KQbrt;C{E%y@S6hidu3 z*p%J}{lkAb#s$Jr_jqgSAF5Na5&CgHHY2I;#qIXzb-$&{u)A7+sHzMZetQ3Uppf+T zbRhJ#hQB;Zf|8WBb+#IRUT(J+TmD0(n3>zI(2=(GT$p^c<~(#HK|@6q z((5<(6LKiM%$WM@yT}Uz?`a(QGTAany+1!Alp$_0xPY5v8Q8`v8#_&AI}hpgX>Ox` zz3@GZb(lepPR#q}vZuQ&uQiLOWh)5LgC-lP-pUQ}Akg(Tgwfa_XT+Mo>@9JNq2{125-x4%O1UWRjj>vT|}nWT_%$&l?Y6nkS| zzlc_cE;ipKND|7SBEK}~c{_3vfBH-g*<31JT$xSpKCxQ$ZJWYYgylT#6&5vA$+_;` zG1`G>xaBzM$D3H5#&e(Oe(1tJd`xKZ{AHMf%7ldW(C96wZxEYNX(tEbdu_i&h)y8a z?)ZW4F7E`({PtgCWl2^k95Bwc&%_o1H?@G_Vty#JQ`Kwx#+w-ZH%&o zu5mhNst}E0zMEFp8w5>S+MSoJI;!@{Wt63~n&JHWleo6My`0o+q%J7 zu_pxBBN)YEuN30B*w*ee%T|YZGjf?r0b9{{M2p(^&KzA{ozECuoh|x={l(I}cL#Z( zj6B&?px=@;;Z^uzzcRnlvmFqk)yY1)J>Ke-8j~+{Y%k@Ij0vpeS>kTI;Id;)G?TnTb-9ps^IauTq zsZaiV)fXpb{|+F&0c5rNpK3ZusnWh@f-mcYX>qRnj-M~(EqJ(=_@u0UEa_MKLErLY zWB#ZVWQc3(wNA&c69|27n<@1u`A5Lc=~~Q80D@Z@wZL8DU)L_l9rmysNrtz~h<^zqPvL!)son^;FL;xA?KGfOCu`k94(ZAAqEu`l3ir2|X%UPz1@o zxfhF8CHNG}Io;T|YnpQvyUMcMVU((iLOTb|%vaQJ*RweOHMjG>HnyFyd!h7`XXdICz{gk&|%QLVdFQuF%mfj>;Id+Xq0p4*rE3)JI`NK4;I zT?gM$8DitU2vT;C>BlL87YS~Lda_cQ>*cRl*J&-%Kw!1CcXJ7sH1@Y$Z||cON1R^0 z&**9MI-gf|(|+q|Ln$44d})*$ngEZC9nBGm>LI9rv5|exs$^S=TE~ zVX-)!lLmW>FOjRIqc=U=M=NP#VYbET`u0_PG*@^M_W$>Mw;%aYdn z#fo%8FM;aVltuvR_dG@=pYcnMHTQubJsm&$6-gz@#$LTSkv3Pe8H!sHSG@5fi0+%A z>X#An2pc|QkU?4=5s$XK{1*vXiq@$&FiapO@0(=C{GsY?g#h7vsJbigW}rF8CRgH- zt8w~Jxju9@+o$So+JM%R_T*lKv|7!TaU+_g$eT|P1ERBcDf&7ZZQC5k3>DeWatE-B z<#DG;8*f^~=uH-FH)Q%?dBz_6u08eZAUX51_d3rsI@sy9)#}vlNl(|>(NVoVUO4wy z_kVP@eez;?8|*@oWb0$&eL#dL7Lnx#4aY!kzmL%yGdFAwNf*4llvzHR7~)VY1*X22 zg|*G^h*1LT3v%Q7_Y9wtZ@~$A=8hI)BZCb*i?XIGp|>eGFB4xoYxXL-Kzbl79bj9+;hd zS^WXpo$Wd6j$r^+Tvf>xgo@!<=vr z+SuFyv(8&A(WyiVBua!B|Y+=c_Wof=Ek&}JBt<9Uzd$4^QVYx%Q^j_l6tmx zYCJ(bGz)*0G!Q*M{cO3l>J}Mm5!b-J%P0J#+&ITqhWs;hFjJoIFbq(iFU7ACQJ7MH z5{fMo*w3v14{wV;6O103AS6;1y1vEE6PMu zXTBnZ&y6lHa*;+95E!h*-h@^v8z&Uh0Cvn5#rLSK*B6C07>sSo&iSEbrdEx`F;x;4 zD`H$qpr&4|40)bprH4ooo7AQ+n{x3Pi+Vrd6juRt%=Jr{89JgN1br^P{5AgNM&MN~ zsJ}@t?g=RzM|wY$e)VwHB}N=dJ`0l2brsaE-zd=W<`^q6cHg)Ui93sI`yF6a{YdMb zu4UrQ47gc}biQ#POY-2g+35(Y@+I29j_N%6EESqt_Y3ECHjmW~2c@HDJyoHEwZo|zh$OBxGGn)h!SgBybC*AF5( z{;J+kT)FRW-KP%;$>#e*)so|V+iJ4gK*zLEN-v7WR>XspRYhAempE9~<0~?e8pK!7 zi6ZIT;cJ)kd#CttCuNiPCkgaU2^gF4FLM_lYz^_LgF$aH|vrul_nM z;McuFJ%ny;N|&tu0~t3xHkC5`UKkecP#zkXQ9p$|)0bP(OF;PA?VD7DN_^X&)0=Bp zf*?$S=Zz#L74-Y|pB#e_&SPh<+iX%tWK7EhAQu#W{m-%f)XINr$UOKlzxdd@!Cglrk#O(hO~TH z4Pe;|TOEO@3$~!_<*CM#Ut>lKOJoa($6QyPC@q4+K|&N0Se)q(w|H07?=$&fs_JJC zZ}yz?YKmrhW3C{F3SHZc5y0ZGU`s})+ zNZ{AD!gn0bw5cT^)fkL!=Z=b+!Sg&H%KNdoW9#k;7yqTnwN0J*e02T5|tzjWC1tDL)_?`4$ z-@O(lX5tl#4@~l&ome>_ZOJSPB^V|5SbXnpjvPYV%PB@uKR}w1&A5tHKxI+W)|Uo_ z=LednRb03ly%t(v2_k_MayUrxD7_h>$0VleVm%1RQ(Gbre|D;2Vb`m7;&7k|#EbK> zr50~P)(LjO?u{P;8X^o+e7Vkw*6Ky3Y>u~aP=n(tH*+V03Vqt^3%Va>D@>viQu*0D zXNGHK`zva{3#YifdLVsr*C~MKB+xmI@pr8_H#qRyR!rz(%ek1$9gE&=QNR{D5d#zP zC1KTk(=x(w9 z?WVgqXOdEjrz&+6!_~1a9bRA)j6~01H}%Y0b5Wq^>hF&Ok;wr1AB}pxch)=p5l6Y$ zfAhKhua7@56mi3+jzFtm2K(y&IKo2r*t=vMT;0}*@m6Uog$-Xkmm2z&<3ClqHa(t7 zv5pGw_f+BQ+`E&xhknD4wJ6y+Pn`OFl&C1hLMz z65Kmfi;2@@4F${E1_vNZ{px1at<)$`_gQL@xI5&ejT|pTx~oNDJCyi@AO`>1U1oG z2~+=2n(GI&EL`7}qTvwA9^qaT!^j!Oe8jg2RNF zyQN2R0Sn`_Rd0S+HM((Kbi#U>Vwz(+MD_5ZKDp9C&0A90Xe!8EqJWeEBk_Gh4kzl* zN)P}2EBLR!y}*@Qs`iH}V>rEreDdM?9lJFm9Q$NKuS2(BMz*>8}PHk7;zpA>Sr5Y>T_Yzf?WQOYm1TI=dd*8P|7m!k_JQ z&Z)Hb%ac#Kt3oc5J!o<+vvhcCNsQuS2thqa=>A$za%j{M8(r zO8JkH7p3=BwP@b^do4|O&(u+RfU5gT+0z&Mkuw@RNm=xSiDzTUbeun9)8kv6B=H5a z4zqMPo80zSm*+dsS&v<>{*7JsssvHUH@ow|_yu+it0VWvO zx@-hqU*(6XE!Wt@zs0Gd2E+%-_hT##l}w&Z%KDh6MwYa(jA`jATl|E*(s?GA)xUDD zSV>zR)cQ&m*4e3LLnIL6g;a@hL!SBEz86gwj$1kN&A76|heU=zeblWwP6gM}oEl)2 zC5r}&T0qUdRsd(#l+a4JW$`;{t-!(rKY1n)yG`Ks<07&9b+T5mO_2vCuvk4wPC}K3 zD2C&9k*L11k^As+WcgkE&l_2HT`_Cc`Ma*01UT5=TiQs`A{)5@q@0GCTJXxs``98! zH46QHbu6e=4_o18S#%8Oh(H7YiABq*hf_RO`MU9W~vt1NA}t@b8aBO26OiTAV`cteB235dy|-cZ-|Rl+@;($ zpOXFl6tllO_FlkFcPua-vfvX~cF{RTgd*)(2d?!qae?vxYBn=@|+VQP1d9^ zK484Jez|PEjCQ9<^0h=Jw4#PQLNYBejk?M0Ob6)MZRV2fC##tD%Mm|ONs{-!%oz5( zRo4wK8%Qv!0ZB{)Q|<-qa1$3Bn4P*7nRT3DfJO3Tr5SP~0MDr<8?U)dLPBJchc?RWw#a zEe|C!=QMhfl^9{<7MVwK#*dhn)8&$Nl^n!tasS=z8~v&%Tcq@E5#QZXK0dyCZ{DoD zNi5;hnrX19gxO@Fmd#{kW#flN#D|9VhlUPtxq4QQV;XO4C?|zFoA#o7&95W=B_X%u zY&O{4EZvXH8Q|p(A*Vc`H1Ak$^cHGGM#r-? z@VW16pG`WF`oRi0zski_G2>pAdXUQwql{akmBW;3%4$w`mOzBZ!jQAcaCfun_oeZF zjNplbnvE52m(|CAs3c2Tp3^w(aQ_JV!uDS<_5Y(V^=k6dozJ5Y9h(_mIP|s>DXX?U z2?^xn$pccXUDjePJbV>Uy;F38u&((5mkg^sp&;p!=U@-?#9`6W4yx9@X~u1`ISA$#6k&P^wk!Zaf>V6 z@L{?EWDx28%AEFZpZI~{q{piLMp^Cc^K!}Z=FvzA<2;f3(?4XoUq7Ihx=$ZF0eF9S zf_~=thw28@p213~j?0{<(8P42pY=?6krfU>R>mnWv%r_4&LX}#$03|GK74|Vm?VRi zlR*xuqi>uFX#66Al-xIO*ACvtX#{^#8P7BWH0Xvuw*ftnF)b$s?(l7=1KvVcRQAv7 z*GASWe~8He(adF#iWES+S(Xxo{0JXtS=6u$tl!2g5Vx3eFb*V|aZ_yVnP+k)($_JM zcFf;l9AWygWPZyx{BfZdTdXu`Tk{99AZI9RtdHB$-hBgSk z?OCjyF6Fs6Y5__Cv7}_nj0lWU1X1ji+RQ8Lk}$yBGP?1%Zwl(?rJg6ViTO}OJ+H=B*3wO=lsif=(4Nla#^ekAuV8de99pT#wmE3UV~G8ZdAL2^afiL7&X+SpSW7H z2r-Lg+r5Rw9n+6zFvi-j7qge$==Y)MrHZbPgF6&`W>1Ke5~&A2@UvN>Q3j3P)=7zt zUj5-@le@&r(E3T+tLc7*`(1gXBa;-^V$l-`^*K5MUb6o$e^T-I3e999O-H~OGK{NF zjK;b0OzqsW^4C;C9(n57X760*_Q-GkYDq4O?Xn=-KvD(IAF7lGj}yP$M+CbK7x}-w zSYpVz-m1Y4DJUb0I3;nmJ=UwTtc0*8MV#&b_$C&lg0!3BJ$atI6W6tBS)4mS)6_gS z6bn`m7I?Sv*YxyjT8DEDEBRc@Jm2uB_rC4jqCOR0riCVo>?~T37#FnA2sh%fQI_6$ zY^rZUuD$@e(c(s)$Ws1|?7!Z|8vQr+-a9VJq*)ZkbyY+K6;zP42!iCC(<(`_2ty8% z^;Bpp5K1=ocBHFe%F8I z>FKAR>h9{U>gukpDi&&2-}}4Tr`GQs9BW)GMaIW4WrjV*RSd!;l3~-wY@?MN%C1p16ZfZhMVCQh&>tp{ z<3lUMu)9x6hMwME$xmZW;T^B#{h{>oLnv)Ostz|Xr0xMZ6V$wqIo1KQov3ptM?-GF z${THJ+r*_(T@)S)eR@8p2e;9nd|dPVvw25j0=L$zWQz5jn+ca9LTgtzCka#bj~nHS z^1IC=US+vya9dRN0uH=t?K!cI6Dk~`avx}HhJMNlVJ@mcuD*T7CjW-AWaoLaX3)NE znhF&Q(Utf1I#2c0rXPnrq14o^E9iVfrGNB8d|aXSsDD~))bZ7mY=cBlfePXP66QqB z`~~uP1h|Of^to7EBkk;7TRLl;D(evG+;2(r6sy6c=DnBRfQ=6iqbRVYrQ%lyH+B~4 zy|dm6XjrC}Zyaxy7(Nix4AbzO?`ZN`^uRCmQ$8coK1h$ZTCmq{GFxC*8gJnU%TH^f zTdpb-yT!Ir<0z(F_>9yRy5?0kKzLN9=0fa{evP;=Zfm*cHqX4?!otQ2#Ps08wT3Gl zg*q1cmS0*UJgwMWyTW(X1-26$Y@IAZjYZNaRRv%y54AJ{gr41Py&XW*y>agYrH&fq zd35%2Fn$(X9Zlc z4UpDjrX$>@5U2bvhBk^_IwSKL;G>1Y{3i-6zDMTU1eED;zm1c3OXmZ*Oi12mF6;0~ z!zfERBNRo92ZU(3x;_uk9Ica^+vcd=7mh&O?PxkeE$SH^l~H##7@rGAwE0i^pDOrI z3WKm38y)zDOw?B*cE1+#&TU2KJJA9Qq+f}Mt`cvYt86TI@2od)r&h^HPD}}>w;Q0i z^b7K(wR^oQ%O*iAf}uU&<*b%LgL7Wzd3Jb32w~E;8{tUo0NMZDcm&Vb={h*hEtF?$`m> zE&=zoL~udY{9cygQwG1)P7T;IPwJZ%OImQ>ZOdZg2F?(BuubBXN4PvilCwkuBv+_@ zxFZR<0^bw#E>y&(^-c<3hpib!b9A*!0qu3uP^*l+;>e};y4MkgWs`0_&+I$SnqLi8 zL7Fx?8a9;npEo$&Nbxk0oG7@*KOU{d8})$cUHGf3+=&0uQGM8FdL@;jdv$~>!r+!x!dnGc&$Xi3~vf9IgKAzrr`qV$!hM2tP_ z_`yLWdxSywjoF&gl*jQ71_|KGo`xRB!S{olseb7LT+{9*vhRnmgGC$-eD7zm2foA~ zvTe7+;Mv{I9-93E1L0=(FC_!sy$^@)mu~MjRPJY<9M~1y*Qp3Zn=W$GI$(d^2t@`J zqaA%54w~gEVr=S`3T7PZx*i`QsE+&=sF!Q4&hC1{r@|t2;J?7j@1qQ~_Y&Fzwj}t2cH+L_y*XjId zY9wNQtj+ctWe(kJxRY$MoNcWbfR1JKAaZ5 z^_9p42>b@Dz0OlQU1PU6uG8WizBZW+9cVY_cjYYZg zJSGz`+QeJAVfkFCb>Xr79M<6!8RSQi5d;#*8Y<_~l0h(D#cUe@w5{2(^) zLAWnPklWm2(Uc>8#=506ekNtR3e~Wg?tvXWtN%*$5q71`ZmN1?4S@x{Y1vU&ahX)0 zD7!^9tmgd1EhNWC*hc2&(B4TNhs(UqTU!v0(Azq&Ipb$SBj>mbWuKUz-rSKK@G!*f zL6RASABc}fD_ebBh@tt7?d+*-84(UeGt5huTYfH$PMXeLe9$wYcNbe==+;3Hs$@$Q zL$h&fq@(XPb|{cMMeQpIdjznghG`p9z=A}}GrrLF9eaIJ*~#GjoX_Rtt!Y;^$_lzM z*A%mZ=Zeq?ZS)c(d0d+4l)5yOU0+Z}{G^XlH|MjGG6(vwJ}-giMs$~W`JQkhG%%8| z`_4Jo-K(bkR%u59oq_%lOC@+QlY2M{0)@y1b*emz7Z>MzD zRJK3tPBFf_`-~?-iYL50!6=Q2DIhDp@lt-N)auI*;4n9AkV`XJCpxY7q!|IQsr__b zysE5*W0O@GCu=dZIDXj%sRo*9N_P)yRrF}L8YdFBLOsixqR_8FLNtnW?xBneByvV= z?oB|%n(o&q79utBo+WDMY29(|$Wimb=*8+?iA{g3nZgI$ET{bKCf`Da8f;Oe)U_C9 zq<;+vT3OjYQuHKJq7ibH;l0XgE8w2leemNrU02OdgKRQM(>ELF^vtO&WA1kFyfxZL za5vsK7?5-n)=m@%3v{7f`>eJavhYx{Fy5RAnKx`19{*5NB?`)J+^jbUf9dchp-7AA z=|`p*5=8-~*w-`&B+}KU-(#`BVr&B4mLZW)D_WOnlmO=Lyumi#x4K4PbFkSo*>hxT z=CF&9i7b$3-BwF5y6!Dd`ONX-mA*M21G87_dJ#PNoLTOp9lHMX<8??{1EcW~cHaXB z6@N!fu(*8S6uSLI@#H-}9OtnN?2O_FTM#MI{II()cS!yAIuXZ={z*%9V526Dfk&zy zrAvZE1;+`x_UBq#rK$0&ZT|A8hXeLPd-3-Zg?LdMsQg!$nU(Yf$z`cs8a7QD$6kPi6<2 zXe&^z_aXEIYU|seB|K9vC-i&JQvfkZEF>ukHbSfK<>II6Dq8{tprJn2+wlYM*y@!~VE3ag z(aSky4O8`Y6Hu{DcTuJ7CdAb#a;I^D+B1@{>hZ46jiPtsm8LMLrTc2OWG+ePQ27GM3o}_dhFnUa$YAr-$ir8G3b5v{E zXg-IgUp7ww0g)t@pH4jJum@mgOJG)qMn zFbFIv(l5bOV4Rp<5!eWpi`t~{d-7w?4mus+q%%(%adqhy%VB}@9Yt+A6~DTrC`=W< z#}g|ZsXn%a+%pYr*NEHe&YP9Z5h=A$%6lvq<046y7qhXPNcwZ3M)vG=iWNb)X6@^k zR=;Z`)IT@h{{4LUzstZy6>u37VzG+=TLqZYS!=ySK!=uKHPcW0J*GD{6!zWonRR!?1 zWdgVLC0*zPQfNmA?1(s? zO6u0QBNvX*?fVGjoJmejf4h($mf0BosD+o>Z9`aXCs?qeAyA9wOe4GD_0TP`!dc-7 zSQi1FcfU9)F?o0wv+z-;ve%AaXfmw(pR8fI^{J8V6Q;!F1RO2@#T!K-B*}qM(%QrJK^E5Lvk1;b(F^|#Q9LQvS8^Yflo_5l>#;`dRc&9 zq#oMnC0UY{|3K~Vmsi)QwMzz8ZfX^c+Eq_*3R1;J+Xd?F>O&|B^b}vpgJ>H;6imq= ztANT@{%8EEl+S2B^ZFK@9RU7pf>r&Nxz|jt*CBY+9ULT#AdD$|j}X>DBfXd^UKJ$N z?p;n-4)OC+IU!Zc01rF%N6z6}#2}{^i+)S#PhV`PaH0_CdVzsR`|GH@5&o%#r4+<_ zM>gdEEr-hcVCJ{D0`Tm@WPS;+<$6tw}DM|+& zNCKbgW3(5F;d90eHk6^P=|f^QJ8&^L?0V`Yhe~GU=iBwoW<=w1#FYoMp^r; z&5Fe&)WkKrK%dq$qF#E{>?&wdEny5!KH|lp>!a_6;5ocyy($hL=T(zW?W^dUBR!CZ znkV?AR%?k`OpQ#njTXvoJhv+QvrQ?vsd8Sql2%H!L!9`{80A`ib%|Yh;AbFNjv~c& zImI?V-29Piy#bX(6O~~)1-8eafW$WP`P--?*M5n9j-6~~Z|Rg_h&%uITD%c@3T_97 z7f>Z<9+}>uiKdj5m1PUa8*jxDLuqyNEkBwaVN~jCcT~sr+ZMeLlaQgi9f-n(4;n%- zj-9fZ&xG*_Q~|@Js>3Jl;`FY3wvqC*UCV3raarRqXbZ)1 zL2{UmvBBO^Dxl(R7nSy!&4AVGdj?&EW-+?Kw(NUP|8KMI+Jfi6!LPcu9n_+WRlUuk z`kJl0O9W~uQ3v%$rSK-e@Z;HdxM9LE;;{|P*t*9@CdkZiuX_d(^h3MXn;LVQMRASv z-&&u;OZl=m%=(&~8Z-152KGpXJU$(#%sa$v0SD39jg_r(u^N(<3W&|C8#X6hvHJ;S zR;dX`Fzb{CmNGew9u>lIELuy&RXhl{8Prlg5xhz}(+jfNo4u!bsJ)?ihKD+bScT2yE4IHU48fcd4C)k+Z-8$Xttmih<| z1W?x7eH!3?&PqPbvU>s@?`nrSiru~1naMgS*jzt1d97g`kc z(26H%{bR3iWMZS&Riv!pAb-7KuZllrD!XWVHDn@WT}8HaJH<6ic(u}QJVk89MU0a= zdz^J@wexxZlv>L5?zmV{pOZ^~K=X01i@2|{`w2W2oZ^|E!W-^qju)oGiTkw_ryf_? z?4C&da-e}FoEgqwQWY}C_pUWW&XnPn&PygF&img>4#Up;b%Y641Izoqmo{>cYsd91 z#X?ciRV!pr+7=TG`b@9d^DOgc??U|XIl>8t&gox2zC5MiG)jQ@YlG?htv`RS?EgMA zKJlK9^KL$1D-UeZ9SxENGX^ArnRq*dTPbU+b7>T*wC3z7bMEUAR=7FJ0mF3ej>mKk z(FqcRI9qr_txZTuK@m;mg)OJbsH<5DV}_OU+wDbDkfBrQnejBaiQdx<+wM_0g3rxhFP*KzFxKdjPMEX zHaptU$Q$*gU31J0Z~j(1Gh0&%+pmY%^V=ETpV(eAb+Whe4;JXO^wVW=S536!>X`3= zUOl?{#ff563F{E^c3j1?}S`2-}Q$s%9nb1OSmC?jEK#lE4SJ%pJOxPIER%g*+no90C(->>(o#;HHf)_4_ z&ck+}=x(LDuj`9Nz`Mznud;5(I144FBZi+<~mx`K+^z}M7l zf+PWNx1~d=73+z>a)K=7vw3T#BMDW(h-^n=ImDT~$`azbvw1V*?@bhq1GautLh?qH zZPw(Z#kEukbLO9X)~XIb28!my%9JwJn=h6f@cBk{Y2K7lzFm=y-PvFcSY9n{KCMnS zRa__k)rC$jT6eJk(HI{fym*g_8i#&8aQ}UsZ#`Hzb!!fyz#{&-8MdVB5WqlxTA$}t zY~mc?8NH@F(p#fc^0zhRUz<>oaVJxhzk2ek^SPnXkMwg!jgF}5yvQ}OQunt zezs{RAMaimN3M2W4SE&=dv;x!BSh(_Uq-B8^rh1CXNs1ELeTcEUNt^QUsxkH1cmB9 zwesuha3@ub0YkP2Gdc!sL&uMioVLSJ7yavBipDI(wv(yIq$u30>4+h^(hlTIBWz~|i@&}b? zT9e$Bak~0YS^G2lnS>; zOsg`#5;cQOTH2*vZTk3cfsWSv(%l0kf7^^N6LlY(;T;evVz^cD5fqULyC~JdbAX!s zR!Da);Y~>@JzNZ@WnbaVZ_w1D38f=%dvY#l_1$#iCnO5Eo=DRI)Q!~Ic z==Lx{ho4_iO;FjB&42-&ScE%Q^wAt~QPq&Z@7P?(`536w0U+dNR7F}NmR~4W!RX_0 zzMJ}xA(e7mk`_2R*nC}@efV@#-(ujNYk6_mO;Hd#lWDDS+bM-uX40BUu}0544+6vA zj}9%dX7VQEKYRj}<{wF}*5qH1f==WdfW!sn$2>DX$P^uARQKc%?@&Il@`v`-Ch&ZL zh^B|tQ&H?3hKnsHcx@O_DwKB?E}d#7Fti!&yqZxY#s_#sI<<@PE_`Uk1WVEFm9i;o z-yZMd*6TYX`MWT7S8&&Wfrn|#1XC$Niv5)p3s;&4WQJ&5-ITETfT&QReIWdB`VJ8Yhw;ShwO~{5R47N zv`3J$*IN#*&=-CsT3Ir(K4c7aO?LDfm6!eyEGZTQNktlU9)di63W*_mBnFB zo9c;GQ{tFFo~8>7Md?41nvYzvJDU^-LqWkp{QL(7)4@^Qz7K{Te3`??j{0^7m{&P8 zsrUHARLD}h1WU8KFnT=WS*L~57EiKmS)alui@AlS%VUsC_4Valnb# zxwZ=fEAz%i+S#;6fqWAsUQ>&BGaVUYHobi&`Lr+h(bmA zYC}38D7?vT4mJVxAQL3tI7k`PQ{5Rg2T3#~GRKK?w;bkelXH>OPb``} zmM;NL?oIy9$^GA#q<=*!DQJT(Cj8dH53{Fr4aCyz^aTx3aE&$X>11aaT$uuaI->>Z z9sD!+#h+*lv8n5X*i*NhwHBvk-ngIFN#)dQEHfqjkJR^|gN1j`eh0AvR-IpqV*PS5 z(N;ZZQ}e-S6FKGOl&;iOGBsi}Owxl8?A<}L8Bl4)g`-Tz@&g!#qYv_gN!=5}B(9Bm z_}A}^mwD8X*}_sBC&RRttL;Qp&}jG)GwV4U8bXs+6#z9bcr8AaL1^Y$ z`c`3?L#-NGBDzhg)F?X0r5qPU2su9;APnAM1g>53mOvu_kMeLLBph2j3Q9CU}rGF#OeXVEFHIZ`?U%NDk2SMz3 zLXtapaAhiKHlP2*Jo`T^;`xKq+E=0^dQh{;p>SUh*`>Ape+=o;Tku{wJM2Lsp>)|j z4n6*xf8J4MtfSYy5w+M$Uy}vk;NhqiOxddUUiaSzLiPzb9eZ>y5*F=vhkZf`GP^0o zp=>4AT}QB7M=@YdpLH!lWC@cmy8vBb5A;H+WSdBk<0tWS+ussuTWrYm97)1_ta_4S zs@^Cs&RA(OYkna>o9n2XAbOF8P_b^kIdT|R+bM^)mbkmV>8Kjb6wDW1u|qLbdji`h zb)urf>>Aaz!=={5rc7K~MZx1I*Sh!1lJT9lw0e8kLXYYV#qj21Ilo=-Lvfcjkd!i8 zYFZjT9Gyek^d`9%Z=#CKa8Z>&=-WrOus^e^2o{yH>Q6W}6+qzARrGytVWq-W!-Oob zelE9<)U%Hs3t1Xk%rWd_%I(PaCUt$3S(FM}h)Cv*eH#og^Db&WbCx?~amU;-LKYor zkLX$VOqd+H!qa4>G*_CRkH=Dpy!9y<@QJQs=KCEUqm|14^WYLUWx#lPxxIFn#e^7j zEwCmM=WAitYZkz?>9MKE#inIP?lEyIN$n+hlqp&r$Z7Zl)qJ3-&KO#pq|Ss~trmbe!>=k@=cSh^eMAD0`%GgDm&%H z#WeRAnHa{r$+lkLO@NIUY~>`JJ-%Nj_1=pCD$@^G?yVO%bF9}8*W2O)dMUi_5nDt_ zs)#tlDUDcW@|p_Vc8!n(#T*#+czVWwgL|OT0uYTZ$sj=w*V(>>!JtpdWZv6qcAjGd zh%2%Zrt1xys^2|jO#arq1D+)>l?^5KPk{vEh*vOj7BaSWfU&Z(LJ*SdQakO?Fn!8Dpq4#*h}2 zMCqIN%2uu*To#>4vAc|8qKy{bI%wGZ!v^yMz1j_EL1Dg;&=Pt~Iw0x-BW5}(=W9Zt zCz5hfv$^J1q`mPPc;A+#aJ$0gwaS(HJHhNh&V%ACXPb-OCcXRfuN%Z^N_yNGi5Fdz zs-n!!HUUy{UIPeBz!f68THh1NncF*$4t}ubYmL6|;K`+1-_`dyIn9)Q!&jl_jMrfx zN<+7PG$BpDgZ{%V%m+C{f%gp@FjNO^e;zt57?3%T6JjYrIcC)V<*$sHSI3kjB&z@* z!r+adkA#Q@uVoo^fDXx~ZiTE-yAk?=G8d&n=^LoYM}$__(r-z3`%*}|0Z_n0qhb&J z|=S1~S*-ls9gf)4BS~?X}hH-{1cfS^QGoB}zDKSz+;P*^w)h2gfQb>Ul&RLe-f} z$DK}}c#vL)=;Y>`KoEGH$n7cdW0{}}8W$BeF>S~4;OgB{S|vD(2u8)z`|}wo;y1lE zAg=XGcyX!WbDf&gQAa-3oRU_=ve4Z^YN2(Pb=qvn;?hJUmB3I>cN?Nv4JwPFY_m2! zC#6;Iy%3Z??h=yR*^_rb)LJO+zh2f#QQ(dsN1cJ)o!m> z6-NDL`plpFIz|(kY1bp=^_6HRb7d{>#pB~Y0pq`>$hCLO=PgIS5)1(Mq;GuI%eUxS zUj1XpltD9!gGf_PfBk89PnD^(YsV(ZM?%YGmIGCJESPik#W0gptAX&xDOY~^_ko;7 ziAn7+=q}sd@7|Bw3ODbI5}%I?S%Xg$aa)d)mKCp&in?m_^v&N7@FwGvRM(&@uQa0> zu2Z<)GbW_GGi3r^Q?YGNl--@1r70lBV>$dA6pHa3f-cex-Pz7N6!X;#bPqNm3I}7S zNJn0HHcJN8Nbx#>0-L|JbbcT-%_q%`4cA{?cQxxnnpgwjGlc?7r8hOf>p;HOP>}7q z=qkc%2;=bv*p zZ(a`TTKn+1{G1>?aOzSqCT>Ca^7o>&m0nwJ9MVndd;T;IFw${J53&37(*?)UkwW6v z95NbdZ;)+jp3!$w)4r)yHzo}XJ}5emnvaP5fMqGW_N?t>7&zG5?&y5=y~h6rtj?Z% z#!A1=M5H;uZZ-D`GT9TaPsE)bLdgk%F!38!%{`E-<-ww?&A@=gqkNO>pU)(pb^G~) zq;*|26T74=!e#AF`AyKcnq+ae5MjSU5n$qzO&hvvX$KuL_7wpm_`g zk8P{Kt2qwsoYi#!1@AT-l_yFJ5X)G<3YYc{?tu+GdYh38rA%a7CxEEkvMP;Y6i(8l z4B)^m5|#r>Ahv=?Kd3K@`IB;`E`DxySONZPth}VL17&=#-&))=-Sxy|I?ON-X}##J zv&v3A)8dj$GJ1*NYpA9hsdGiMd$Ol5xP`u1{{%Qf-@k%W=hrF@{{!tynG-|IN3NLZ zTUOm}%Kvr~K!riO+e0C_H%fDxRG7n*i`Q11+cZiOLkNt$y_8?%!k$O^qmUvUnk)gA zZLXrs99r*b*(xS~C)gtDKy3=6;;cjKhhm;GZ01XMo2HoxL7xo*anQtdR?*Cl1oOh15V8hhdFt&9o0F7TRQvooAu zPGM%rni^Z-V%s%AVHQ$YpH(>)Ah@*xT+^z>z?f@$S6g}>|8sfiN$X{(65!IMpuB+# zW||}Z9K6IREe_W#U6b#HCc=8f$|3{45?z)yd_NXh*;MJZ{LKH?OvDQZ1zms^#mG-@ zp1Hm;6YF#UfRp~MfAonEV+p`7 z(yyOi^{ancL2F(MNMY(*{DkgXZ`S~3@x7M+GK`^K%D)>&%lr9j73hsbB(1Ru?wgje z>pr6gMxLN~>QdFyTk8nTf7n$M%zsdHbf$G?t#3jBqk$S`pgd9)O_65&1o|1V>FVYb zUYrQ7Ued$$`QPSP>6)6|leM;>#jb@#$Xns{nI_c>s7G9+SXysEr|_BE}nw{5%}FJ_Hr z4eqi%+2Gn%E@N#Qtg}RzJI6oX|643)B9?0uBZCprVEKzwfOWzHO}r;mR)o z)fd%nYdD+?>n4zt#D3alIznR#@H0!NqxDkoktUkBbM+%XYN~F9i%{)n1ZxC|JJ#Og&F0Jf3 zOz;L&{rnHyuhIWvi@p`j%0B1fcYpRqs^To2^@S9*dBcjaupyycQE1CE8t2EN>(Xns z6cXy0ru3<;eBZHP4jO#RFs;vvJ-L&HMkeU=+~O=lQUMJc3My=mmNRDI4|JZ%?9Hs| zEIdL?ID?eAruxZ~KZx2QolJF3a=oHb@cEo>=3PB~z1f=~y>kz&$MVM5uZOTiNB&1on-1)k8+FD~%+|&WvSr(Rv zRFhPBc*k;hOM4k=@?1}7YpLDGc>AG-DKeEx`z&gZVl1N?fgczRUWT64_@P#>ek9}q zf8R8mPqY~Ay)p9|gsrT7nDPgkAda6_NZN|KLBDLY)Rv9<{serP-XON+Zi3ZWYkudT zuCF#l>mgo-FDA@97h)-8ag1!F9o@$qZ{`Bq;#j1DG3nZg-I@C!uw_=n=9FFgUg7^3 zl%B+gn@(sipOyiGlaX5_oI~ni|1@EG5GlRr_pU^LZLZSsFv3&MA(#&YSmd(r1v7Wh zj1@g-I26531vw#UQqb7+Hucfq9Zry#?99BzmMZ0Ms#A!Q+yslRBIhcWHs3BqgR25- zNuaa}P51&q3Xc-6;>fln$C>or%u1QUql^iQAvHRg`->ig`pGp5b5b%s{|#rHlywOo zYY;7jzF|ot)`FoowNfT?v!N{^$sEJ8a5u4X_c$}u^`onZUE58s()D-al#qRhXOm|a znl_PQr$<+T`^iZHwP%y9>v%@aI{ddkFpP`s)7FJ&Im~8K5Akld>(8H4jA2vdoJnh3 zAs;%6n5WV{5v0jWM3#7$Awylg^B84^@+H;rtYK*M8YycCM3Xlx#OM~vGj`uUYJ>(f z5M`1cE$6G)c9TX7Z%W(PE-nGwIj&72XhgBFKT3@qbGac9)O8dJo`o8rmH_c+0as~L zkM5ltu|x)rfdDUFo>)@0LflUM+$Oh1C%n`8hD9-etwwzCO>8G(DgS_5^J<@!#34ZU zn_~S*9I222Prt@HRc|C9F0;kjNU3VwBrH=`Z+V=*)9* zolw~7I_)L0cmrV8O*CpE)nBbpLY4pW>S&$zGHH<`YW14kw%Uy3oA;&|PJqPm#;n-o za<`jec@3Mnw8ib>KKrD<25TV!&QRk~;FR&8Ss0&s`f!`eyyGr|V%6*U&Gnd}% zeeLHq_+P8)|6bMq2?AvnFUIi#w?kuMmupM^G9U%zXKzTIEdPpJb<=~ZyjarTkn4W$ zP&EpcPT=i_JG|qR&+e911(N1W!&+B>`?{gA-m!(#N}ZWw+Q3}P6=g*R8?|9wmOr$} zrJ1&3*~*t8iw8~B3!yw~bvV?VXuw1(HSDQcP9c!F94evB2|A3_V?GO&Xcy=3imaur zUdWC#E`Hds6`7Oplr~i~c3&-@ZnuQbwt&=1P&0}>LH_x!P%Ai%7z*TyW+zC3UM*MkoHF;n~+-{hPRaiGRY5@lVw9XNvr5Eoh0ZeVqJC zJ$HYWq&8H!Z#9;mR4YeYuW^hFauNZ5qqmxq@a~ERshC63{1M( zG^ob#B4hv(ODF$9-tfG&Ok>!)Z_EWv$DY6i^`sUZ1FqF|BQ+*`mmN4#eRbP=9(amH zJSqRi-2#PJibI=_AAR=7zyO_Ha8`Dd1$6f4vt-Q$leCZQ!ZMbTeX7L60b%DQxYHsv zgK_u$iCvTXVC3jr5tgOgjUKFnIM$dr)vN_Lt<*%B(Oyo?VSxj{Gkt4}QL75}+iK$g zqy6hQ>6PBsp6+A3HuGr9+QlvQN#9(+RuVS}g>|jdUc-Xcn&V(C6!_RNF|yj?QQs$c zKi2Qn{6|QWe%13=L_LsD*nA4Z0E-yl5TvrqA+k~0>)P)ORbyP-0{Z0*-2||x1$rCP zjHOqKZ4JNSO#7sSl!gOCkFfI019&QR+!#JV+)|%ry4YHSbj)Pp6clf?h!cLvzr26X zD>7$#e<&e^_jl$g`VevyO1Kbp^7e)#6C`yc6j&H_A)cXtovQ&B*tfRP!6bE9$`{@_ zRax`-bzN}jp+w7ekRM~hQ%-=H!qkcZVh|MgD9_v1fhh4wWJ>Ybu$W4mhX!*%M3@cg znZ~QErW$9$Mji~&)YUC{Mf5hV_%9B}FUQk62Lb1!Z*i;==;tz~u3c#+SwH`QIb7Nn zmY$)A-)kmOF)LQ{kQWz{xgg5HVz5BkhQH=lqC}BeQ(r+LO_tte)qY&_Q-=;NCA&0( zD=z|I`;KV(un`(fO3`eD0!@_-#GI7I`#~qZ;O3CXeD`vGa{&u~IH=4jvRw#|L%H`R zphY@CJ*s`iIaWEU1=@90c>Tu zE4<5ij>4XFR&$=v=dxDtk20^TYtyG+rjIw+mwtXhOrLdQO{@+!6q91b zlK9{jsJBz2MU@yLE^Hb6ag9{pJiZNN7;$X7n^o!9Ll!bZgSeh%0Qi0c$QC8V(#ZAJ zrI$b*V!5o4icIb0T3FIQVZZ#+*zHDwy7zGp% ztT%FBl{YMgEh(=iz409uomz-99f1vwXFnJ+tldS%@I(oHD~44TGN++Qb^W|zD^`De z=(nI+x4fuxA)k2u{vT-uD9D0)^$Y0o{hCcCHcFq?Z6fE#HFwy|^#e%iPvrl7yP-M4GOPtxGKH75DIY1G&_`M+i}lgfY10m83Yw(I+O%jDnMnI&r@Uv+ z@k{8@w)qD`vLej&K}P~iLDLRX7iCJgvuU8Cd^1dO<>Tlm%QdmS^2K~nLy#KJOu+@= z^lUe@#XMs8z#qlvd0{2qzx;DE;{%$0jWP}fKnsRGYnxOTW7qE2%IJ zdjCfrdhH86xr|k7*qn<`!Z{h=QutsiwGbGm)N7XW%+|E3XgN)j^g`ZI97+)PtXL+b zJLwwmMlr_Pnel=tYOEJEEE{Dl;1g%LUXNvhv!)UEJtXe=S zBW)FwRt0GNT-(F6R7lXR>Q6nj65|brK4$Tnl-!{OSJTi7;f(0ibbz9dVxz1c$U%As zRxFOcQ6=KWe%|i=K`4Z{pZzKL_|IvMoo%x10n*g%e{m6aWu#2J$?SJKH%PgLgSjk zEIav|XBNlP1@NQCRU;-fQH=It-mrbH0{B6btwjgd^Yo#k+)liVShL6thhXM+rwklt;E{+t>2knMskwN&c zL^6Brb?jL29}Qq%iL#DOU&m^5_XU2-Z@VHC`IppXn-$}kJ!uu5?>RDiZGQ$ES74b< zx3B>2gGl!K+V*du{6C-Z>K2gK!XB18)zW6J_$4*7ey|t~)+l=aA2Hal+VVO92XKT z7|=L|?Hk#=E-HkFJ3UpY$jl$AB;_6knu+D?8~aG_;BF-J^K1QYik1sD@$fOtuTEd! zLtmgRmlxtD9%?ENgO_D)E-^vDB+?gjU8pfr1@LdbC)_(hY3bbO{~08kJg=o z0#@_*9Ij1zYTZb>~K6Uw9^MSk&#*%%!cio9k3WZ`{dZN9Z6@_W{w#Dwk1kNcfgGr#UA zsWyt`53Rk$&&cd3IixDw!2-CCh_yXnqxNi+a`V$!NPJamj}sKhnA(z3^yR6tEn`YM zcLEK2Pgj?`tc9nPD?8a8(lga7rcsAjEbSgg7B9rV)dRN5woKptO+)j>Oesr}+e{=*@fjX&HDBwZ zG;3ffJe)fQW~H)K2B`mS9(sKSU@v1rTMHkK+F_f&?#Opq;M0Q_G?o-9pm%TpGtdF} zqJ+95FaZ%Hc$#mCSK#l@3xvD^OD#I}MUky|6`p=>yT{zfl3er+iAoMIEqwZ$P&|O# z2w;mZPFBY^gPYv#ows;VR>vR00lml_OM*tS`#3C7-eb7w!JdfwAHj5$!uj+ zdeJwEt_G9+IdZu#z@w21N? zA9x82`wLMCs@NG*chRU@Bek$IpSD3k0dU(ZI)0Xg!dt3iE za&Mv^%&6?hST|J}EL{YK5!t}87< z>-5_Zqoq;Kuitoy>i6gWH#`&!Gn6}&CbttfP_SK?11s+@C*Ne+M3pZ&I9+ELL0k#U zcFZ0m@g5|f3mm55zJMJ1HU1b}^Y7z&_`6*G0XFo73mC;Kk9f4$CAy^;xyJC=ts7>} zprhX|7y|XvKR&oZ+GW1+iA(JSK&t=c+d}-ai!U&&KYbhccfa!w(r*CT{`{rv0Y#M^{A3o z>xOf@+D)-SXxnwt-ygT$;j%^_C|Jr^0J)zp0Y$`Ch{j3bv~ENW!64EGA|V-gun`e8 z14ah%%eTTmU;PAqvG)G*|3x2&@Bp2pNXp1AxC-=dF6p_mDbO9t=MLk2V?5EvhVOZP zC47j|)w#kOJPmY?4f$Z@#lJTRE?uDThq|5}9&F#3hHeJx0?n@w!!(qHH<#_`ql5ZP zRTvCi{BHhq^)?a7FaI8hzvW#aG9}{q71$C|KIMON0Kh?zfS&@5;1S9?xEO`GVwYG8 zvG>x?{$ntIgZEEK{C5Z%my4=0z@7S#_6Paa-I$Ln_a(!gzbw{vKbhR5W2ahhQq9&# zVT0c;99_dajcYzc8}7o%3jri^%9QvZ6kA`R`7yE64r1# zxL4fAp4F8JDSwmU^;I!TYR?{wsS1>_SP&$sWP9;Gnw;b6D_;RSd#^J8CVkukspTml zGmgL)@|gvV+;7Vi+^)vV!}oTkSjbUKPm zgn57_gq7W^&!k^scJ}5|dzU!dAy|0ZL)N6$!X(_#JqK)oRiys@A_`hMJGJp}KVs~2 zr6{cos6wUBp4V>@Bw1U+o1Yx13zV%1q*x#7F`h)tk8xL=89W@`Rmk<7l_Cq4IPerO zp4TbxF}Ybky=P0?4Y(k=vM*h1uAgDE7uCqvmf_u)!tGK#ltBe)S{W3NH%{8WvF@+k zQ6n+1O7EfYHvkfR%iaUI?rcrG>kr1xOC#(&a|WfhqDVbAc5IqD%G5k8`wnuRZ-Bha z|JVXLn%${|0q+Row5^`>P5J0a_+DRJUuu=$wH$Vh{6aU&qA8h0!}K6{;S{07AdU;f zW!J?3_a*q9;!^S zf`uSePbeHfcI)R?G(no$z2;~`QwmJbuqwGWy@~uBU2s!<@)R0BR7nLE7glQ*E*Yo* zp<)m3se)A2J0vg)Uw$u36*&Ma<87|l0wI$ta9!2TbGLI%gj^8|5bbg&EAZ!+We&qj z39?ptq9R8RfVdxOI^o)iHp)y^DT)G1K#c9YdVTy9^^1@cbF_Ya5XDptzqsH~|41v` zB|RnEw!^sts&?R5o7M0Tjb@Rg9HO(E>gCB_tk2{(^rQq)_MtU+dxH33ESk`NA~FAq zjdy?NH-6vN3TGXv|Ha;W05!dR|Dv9TqM{;Qz;i@uC`#{mL;(Q}<<#I&(OUii;-DiLP|ER%(oqrr;m(8N&Kko8n3g#aV%Axe%q6z-@Cj08( z+x2&Ro&R`WKgBcSUl#mlH}D_-{L_C~Ubp|WqPJH^-u?H>^>6;onShvIlm2tgPvKX3 z^1Ii6S)4?conUWLeAcpm)*~FeuxQ*kwrvRFVEilNiW878DHSl$qaA$@6nc2&&n4?` zHsJlU+hJK}ceNb>FYo-{fjGxdi3NU4W{1G=7+A|{a#dHofix*z=C?ix*3D3E4Ews@ zqg=`^QA-`mH2_({+{}z!RYqfO31+jX0f+rQ_BaBWVSNTa|9D_vh?|?6uB_b0EmAAH z#UgK=@iISVgp?;FBy>YPGQ`9*q0n%#+xa5-l$N6#l`$HsC`i2uF$5?$NZGp8TBMZh zhMkg&gB3mkZ_YU^e1;Y`8Koy2F_^Qjom96QDJr?Du z{F8lMQ1uAtplfJZ|O5|exxZx^og%l(u`0&NxUwX%_5fTlt1v!C{gN{QFo51`t*|ZWjw2$ zX1PdP3*iqnx4I!jBl<>?uw#ei_>F8HW$^J8r7l41FruZc;+xOU%ki8>s`jt>6HNvE z7%0V76q^_e8iGsCX@0z2OKA3qLX=N5oqQR`Hf+~o2dH+=MvNi;B4Z_QpGl-i*0@CU z6G3C0l=3x=vNmuCVDRS=JSf|u)FVCLj1wysYHQiMYa8O~7n-(Y(V}T0SrG>%M=YSj zeQb61V;-K-zo@bjDmlqaqfHVr9$d z)qgZ+l?$3(Gd5Ft-fW4Kq;7NA8oYUKal>}2X<66o##K9Qly0o??P|kHaHaUFCZbdV zT$`0;Z0v4njE#$(I2breEpr+>lnu5Ywj+Czb3Y}%q49{+4FrIAcz6`=j-k^E^Tq-v zgV_3s)Vx}UaYyB0o?k;GHUD9XI(vhr{^Qp;1L((qMPni3(e(2`Mdt-kM_fd5t6;ktM^eXqxK+*qVsiio}jmZ5^I{D8f z`nP8oo?UXvZ4>t*>h{roG7d%xJ`pBh*sd#R?|#jaDO9r2g;1|&#aqSYxHUIifi*zh z-4a|l!7$9$SrgAUQQA4}7&%~fjXamy@eu|mrl@Sz?STT8Iyc!J;Uz=^yYM72MCaqd ziqPm~&y(mC&jN00K`L>-FP%OtVJn-Hr!cR>j)1=(8085NgZeC@b@*cZXY;CcGvgE; zxdB|6E~8^uOP1-+3tQ{E=ukebWygLPcJy%i6zJ}x>o4TYmq*fJ-MY|mZESj*TDEhO z^unIug~{DG+yd!7N`u32T3MrJyyK!KF1N~6Nv`)Q*Fz~$CXJPv5zWwubdgb@;sh?I z1MOPQeXaZE7u^-=%{Xrd_t*m#%yMtL_0ZQT>KQDOr^N;&lNEb|I?ooui`^0{f6NkH zj7z#7ECG5b{(M11u>7{o&WzgEJE+d+jG$j$`yrk@y$eqUK$>c2?`4Y3ZuEu|@7k0h zH~J|49maCldzZk$!sgBz1viuf1i;KyoOQ;w%rSz7+$%3*goSTA2q#re z+P@wHZdnX}!;+I3sRA|;pwc;$B`W#>X@(MhJ_mKTw~RK9 zQEqPO$S1L4hJKqMOd~LFe-Pie1_)?9q^PKCoEW%VtC>>Zk}_-4L|XA- z@L7SBW5%t`&SYU(VT!5k0o%_QN@2IfKwf-4v*`3jN9((1mdP%FxKtH&bQFXQz28t+ zF4^s!nX)Ejk+PdEb-95+@PAb{F($5u&!+nq2Dh2RCM=Au9k48flC8UMPEkY{7NX!! zXsv1+HGBrqa&|g3rH%g>5nK_gV%26J)sTEto}ycg&?MlrYKK*VT`GLc#aUTt>0l{N z@urKorb~FS-inmHvWz|%IVqrZR)+GUVz{x&ZMl&YXF((H3yX>>1LM}t)`9Qu4*-=_ z7=j=!{iOeG=I!5qQt`iSD*x~7_}^VRciDJHi+MU1n*%Box?DM8j5C z?@|7^gndwF&kMx2kyC8ZCLp$eJsoNWYM#_z8w5)rG((S(t4(m}8hLheypbV``YDLO z`<3_Ou#Tife@**)WXa98PSG!eJKYq`{t^nz#>JBkUP_=Mv}(Egs7~Cf1AzfnJhi|( z@on0R=s8iRK#-BwxLoIGHf4~1tH;JgQ*FINvO=>_=8f{>I}NL8sMzR&X&dzvuh-$Y z&k?cn5X!sm?bgsp&$QzbQ)9w}zobMbmxCqZIo4U3JicxXn|o?Yak6KHXB(SIj4?R& z{W9$D{!|2uEC_uxF0cBz+pr(zgsv@X&0VIK!-pa&#)2;{DmB@J`Zt&NnnyIh8zqu9 zlJDEpWpfpL#v%2RR(l+z03q6ug)N~$J7Y(6Gh6o1p-G=)b;(5hZgEIBY<(;Gib%u9 zZwCnSzC&+x78U;qFusycp5iB>LtY4r7Pg-OXJD>4SpL{kAD?;}@BX3XD}qRG^&$RF z`F8wN6|qxkTG(_0V($@p?CzW3!*1!ZT}9|_6v*r8c4Q8>$Fbubp8xXfmqM>d)3Eop zf{<>ysvG8;hzmS;Qop(8>T}GYPB^fI6mi}_zubArek^ela&z)+s9=i;2qOdNEv`#8 z*0Step)c18(GT1MP#d&da)nHB5|lv5T}guBB%vN8?qqbg(|7ox=5rF?%z&+i6;M$X zWIe26pva@Fn-Hh6c{+}vAT|r#XPabty{oSuC3`SiBYMJK+}7;1DR}o8^xniNK477_ z+H*EkcO>QLaIi-*<4{Aq6odj8!aSlld<9Q^AR(d2_luL!Oe0k!CBP3ytlua`;|njK zi^V*yI4Jg9aro8Tn!OcjaHi90u8g8O%s-x?g1D83V;*-JY6Q#=$17aU-3w5XA57gG z^w@6c%KbD!_RFTGn#&|}v1d~ST?69-G?Z~Y!CdgR`U54G-AwD! zbn&sILayBm%b(sIs^b2F5icu-IbS9{PTqj7dwe&2;`1}MVtVo?ut!0B2#btNH@3Hx zHd|S|j=q~K;g+&W0we$kfv2Zavq1BpL!#CS(q;%cvDf*XE698vLe{Edh-5Mn&r+-e zG1sl_qqef`A(EHfIAChPzQC@qot*m@0FXvfH4;DkCz>xyOaX3hOvF7N*LzlmpfPpr zdFIsYuVEewS^PyWGNo&NGc?JU-Fj9Fu5Hj@W6K*pcy#kwJeSHUGy~kR0Mor*P(+k-bp*MzPXj|a?m zHqhjOA(a8B#(3%zYLpX{v+lU`)a+9uKd>ps)I1y`FIH1lHm@?-W4E$M8$m<+^kp?q zPtp}Smts6Db>r*|&r&5xHd|g-wmXC~6?y9ccbwC`w7gpbb>-KkWpA)p*>cD0{aNUy zC-!D~MWFl0A=bMUG|%qH{j(*_etqFcbgUW=4aJ+$*ID;UWQV43+mjy$c>;0>fC8+t z2-4hA(nBzcJz1MR;47)$jgMbF*+;po+F{;o2fI#nIg$zIAYTsp0sK4~yeD^L83vt(eC zK=v0lS&#sm@_ix@4s|p z`&b81s$)mn0->%042q{9=I2F2;G9m;tfu}V$WG>bT7}IPTruC>RsDJ?nKwPme@~(^ zEZ5hZ?t4^@99>B0w?Y#$3fpnz37D)-BXI+D$%cfqNAE8z#hWZ}rNljrQkAtw47e>S z+i;tok$`fmpCu^8WEv@gM&iyf0S{hMg0)jCP1*I@osoM%Qpo*ey!?l;T|TGwOOFMafhFc;#GOZvd;_-(^={(>)TUlLT6-&J zeE#cXV0??EtA1{Yg}RZ`ZjF}L+C`Bp3cAYZ$-Z>6m$qTAFDLs{5#&~y+GA{-46@u_ zm6OLDeG20W&_iK{({3b}rEm z>hp^$WKLi$W0ANJ!J{Q=HnsCMb~L0em2$tAsvN0+TDEsAG-{DwS|i%LZHoI0#GCDQyt~ec(`Z#nDKDHz^*59 zMt+~xq*Xe20zHb)O-&ih?QkJT2~H<@WWaHfeu+zjTtZ?8pj+B!3cW;LcNuN+YYi@K ztf7SCV`=Lvk%l;?&6SPvafjn4u_x^n7zq9RQ06OD@waHVCsBgZ*}v4{s?uKYsNd+` z{3P#X&*%RlNL6qv*DGsC(M*w|h713C8&tDO*gx3N^CN zmF>=wD_%3&giL_-0>vm$yPcohkuWbglFXbwUI&Wo=K|Tri(3^KKd6@5wu_dky<^XZ zB;d3E54z@&sa{#L^9^gshS~7-@*;<({8KrD@ag@Q2 zHYbP)@@2+~P_61O_{(qZ_cz4-ea?+Whkm9mY^jJm9vmA0SWhF>a8s$!*G?r9kg};m z-ESeo;07}{rit-#%DJ7pXOsU?L#K=@V!bC6@zS5)Ym{lTTi8c6tlSiVI5tKux_ZAH zWlH#7`t+>^ufL6v0Z&p|S;dG;lBmVvbWcp5mcUD~8eDOWw2&lQxIn2MPld0}-TNd< zZ0mOD{{T%6c{=GE6vC#k52IMqNeaInKk&5J`UcJJmW+A3kgMb!qZTM0<9bc$pOO66 zSCAxD)d=5m(re^qImCA3QM{-=ZwtHM^>2yKEQBYQV<`=1Kx6vyP|C##_%*Ie<7o8uT*(#9( z`8nWU+->P8YVxr?`tMsei3L6+@4C+T#U>5*2Ih+ z1AWZC_9+ifh(I3J}8*P21*D;6{x* z(a9&>FG4HL_=83DmfOBg?1#Mgk(k-X+*9_wPZ~$qi{4l)(M(?!Ycs*yteK6ch+zmm zAoQJ_#tfxyn5)>9Ey~k7#koc@z0GCC{xsZcG>Ff=a2F#jOE4r=H|1^fJ zAgz6cigYxzHChEO!X#KaMH3(N82I^AU1tpEl6dL(ZrZJGl*(FJ%4&a~w&iFM>rwq` znA9&kNr5#;4deD0=bO-uY98g7z;b17!C~bJ_=(ggBY3P4T8Q%qCg$Gc>ey>Kl|o61 z&-a!(5NhcmZIF^_Mi@|MbkS8_K3qiRrgvudU6l6q9$t;t+2i*fLKuPEnNw3~CV)on z!5AmBSq)ua_w z^F1*8Iv&cm7W8EI%ClJ_k;}+AJN$cN=o1n|{Q@gzeWcqqT0QbP5Mq!4s(?k<5U=ysc2Hg`ZwJ`MYeLOJfz))7*8dBET&Q=9F!O7qP>oEUT86V>FvbfEQY}e2@ zwAY81C#iw_l&ry=aHg~`)MXh4G72pyls!N*T1op6Gjiph9qE!FO{TG?sIe6)FRv2n z9Fb`BL>2Rzik(9n4_oJ1VlFJn31Otz}bxWaT6Dlmq)DR>OMovUSwK4?{ahj4+f;ruik`ixae|?O8I<9MIifeDD@+&l~ z%gBwg-v{)8THYeh!;H1YSlOjswpKR0$4XKcq%)MMF?;*2|6G3Znw3ADlV7J>WlSm` z-&vN)$xpzso1m^}IF7+<5GZO)kaR8k*0gfEE*TF}vUiCIeB=ao( z-Wn8E$Y`^96Dt$ zf!-Q=eBoNelH%Xz77|Z6+jjhZ9uA%?u8^%fRdVN2@wjC6+V4pv23j*VMP|sz1Nc(> zpA#Pk#gfu1KGCt-O%j7%){OL^Y+tQFKo&2elIs_wnO|(1*j3G^rq-&HxSmROYj=g9 zOCAd`4k}Re@Nq&)*>a_ZYPpL`OaUg5{Dp?do{Nfc{WlygJbapP3N+6J&_}`)Z-q|swfRdLl%6C-!{Gq*@deewS64T{#=EQ1?+z3 zQazUua$$mlcjEiq`hCMfrKtSuYWL}+j;po-G{8G@to-=gD9;KX$-lnO2< zGxJTbR^VG&Lm~>rp2b<2<~k!N?gVbk;Bzu*#4heM(DjMe$sfa9A3(0gWl!y_c*hFu zfJhT}o{&QdMEt477}g1^0#>;Ca9l{wVBj_<%OI$P^UqExnb7c|WNP+y==*GDdd1X4YjxXB0T26o%-VdxYsnXv_g}!Zkg1z9(J6JTlj>B5 zZU)I7Z1_D21U4nV8QH=#diJrV*i>MX3AxlFOYWtao!X~HC2MamTr1aR@-_0>?uz*Z ziOXKRrJ=GgCw&xYso>eFdpcS{BF4u|i_=sPC{EZkyM>XvPHopSwz?5T_YHz(AS+inkX!aXL6{C8yCfSxd2z||aL54%n z|C1~$@bEBwq>6wf8Mtaaz;D8~0tz0yuSoB?X!dnt>)CR!+&AWKt4zv`Zm_juXqMVq zX~tW$;uIk7TqcMV#Io(8_|As7w;RypFV!SJZrF+}o++;-L5}&_?4hZK>5yX38ePNL z8VeHC07AF9ErU=d;ZT%k$K3?Mn#u2fam_#|2+mDWlNAP*embE{E{XMTAv(0}J%k1G zLj8fkR$ivw`4kx4%J+galdmaXNx>2gx<21`^O_*F=XrI@Xm-mClHzZv>Xj%1Xai=y zm`RM=5@05ImenMNx)Gl{B5Ob!w|`#FxCs3FT;rE7#ya;R=k;OkoO-Sf$T$06I@RY}kl-_o(tHoy{kqFd%4;lawjmXH?1y2N<`?=@B+zypKcvWI zx4tmV!Gx2w*;b(+rWmc!eVfv%ve3WJ`QGogXs`0|pE{&>VA#lkeYu)edwDIj{WwK4 z{+a!O?@GqvQYPUxKlUH`_E)m+lx`;5b*;_{`C1;!*PliJ2lh>m9ElOry!J#8@;>Y5 z9pc7si`sfCxpixs`S9D*C3e7@=Y@rq3&0P4qcy2_u4+f<>U}gf`D(mD+Z(~(vTMG( zt^cl}Mv2sD=+`9gMjG~Qa$HuMe^p>!AZaQv)1O$e9bd_iB>jn>mz1+esQ5HM1)_A%ESVXefQo zN|8WayRzA`JA1D$E8J%@-4#5=@lv*aXSrzhXpn!Sr2lK_XA5E<47p-Hb)V&ai!;;e z<@*eT_w5TW?Oy&W?;4OFYP!lis$A6Sc4!XVeo)75!Lj*=&~isp+@y=-j_~wAgTN?T z@+Db89pbw+%@IeM)?)6|+4F7Qt}#uR1`ys|reCKooTCoxF z9@~opj$>sXq-KWaRRSLuC2o4D^4B_M^JNj36q`|c<1bxai4CMaOosu4V$m^dFE$Ix z_80rz&S#R&&*nzBNyrf(T((cu_JV~z^vF%;K&Kwu9EeF8Dhw&FZVrgTW`4q(bKcUa zilvTnqdcPzsouX`=NU7r4q}m06dw#v+w}*DRHw+MIan3hl|K3!YZCA1Dt6J@C%Jx_ zq=I*_$saTWj#&}9-!W)u5^g9II2|M*bs=nzc-#ZaASI~UHgQvu^Oq*D)xm4s4d0KQ zKJ@H;Tt;g=5cssl;}L+*oM^KSyreaMzs^~=Ca-0RuJv5Hh|}RQKcle_`NKO$HmyEr zzNBI@f$}2AZRXx$`y7gv>@9K!QvGY#M~{ks(n&(z4SCKf#xgdDGEP#G&TGQlCW!aq!5yzn5hb7OgK7Us=VP+Wf z`iqmHFwhV$oheNOC=JWqGD>=j1Z!A!c$&+-{4MqR#+(VHQ}O3qnsK-jGP9x+p!{T; zzec6(37I9i2;>wYBAl2}{}rf`0aJ)?O&z|O*|$Q?P;gqrkmO2rJKTW zH+PiBuw8^1kLYEAtj#EImR*nFQZ|#cgBanhkbj!eC?)2a@PsGuQNCdgN0a@s;9DlP>=2%+oelrMqk7-k;QMqS%DLm%T3` zgwn7wS5Fv3OLwD}-*aSQc`<}y%RZe4f;WukzP%d+pJBh5ra#8uO>E+YCHFO*(76wI zJ}}|(P@00Q42T3Lm1GB8N}A;Hhh(b9BvIidu?2Mo%|wNThksPDDpB%HVl%xaVC(uD z-?bFy-!GO`L8nCttqamX&MR(l=A7VY7nk`r*!(e2dS@Ku$LhAAT2?D$RFU zqdE$@#2408XRT_w3fhV^;PtB?rSD%vUTNxn$Xmt|@S)hl%o<4A=sZj*9+Y~Y7%F1Y zCofkkMldlG_`!cBER z$z~WMkD8%)gVAkC5_eB$@ru;>b7dA25)DCOLe}iLmgD=Z5g3S}Ql70%X(34(TUTDb z7iB48_Z2>ktth^rUq``PS{Tb7t(!R(zhaokqVpAL$jtk;*X2qRJGFVjwm%PO(k=nb z4=wVyE)yeMn;bvE!B^M9Lf$}a5l4rYxd4=bkvb|=RL^*dMBRt~$l=|tOFuVm<8 zxH~w&U_v1Ld8Jt+Le?d%77>Gq{~3 zn1OR&jxUX~rmB&7WY^mhnZ3tM-R5k!uZDZQF=G}h1&a2MhUGH+R^BQX7Nth4VZxZ# z%%7mGn%Ajh&5RWSSk*|CrngqJUZ>ri(2cYtvVw28kDA~HXw1v9seHN6z$SMcvc$(b zI$=-#aQgjU%S!yP#MxH){aKXF*B2k>wB>ZpSAO^(H{`fQ9Sb6TaC*w5=FeKGd;IV{ zdnFp!xG@#vy=Hv)BJ-=u#It7uleocR(?jD9^ArEHlyMKwbt z!3!t?FOnMdRQV>hFp1^g=2}udrgo zXA1Ai6ksgR`%T_w%9iO?frH#wY6Dw`SN<5C88=i!hdXq@N`!EU2VvEv(Qyk`@Y%S# zlruysUpz@MT5NOvLlTit&@HGJ&lA)(s=Z%km(ancvzrR)1&S4hL=y;v^4%)8N0W%S z)H?vZul3hP`Sbkv=#C|$cI%l>wcNS|eoESycGr3X?3vJ7w!P&<1--W*Ho(lW)2IO- z8)fU8fQm%5^v+CKm9pK;etv57PCwiB&5SM{q?+tJL6H9hs4;xYb9!` zQ!9jP@@h5DqBC1#@c5LVH(D{JD#3~w@}*^_G1Wx=W;RL3E6{;Y0ES0Era075qCL!S z)Qc5)W(eS;* zeVSpvu!*XeT%CZ3Wk2k{{EZgS&R1x9qhsS9^5^Bi?)w_1H+6|KEX6lTwDhO2Z^l5C zNx-9GY$mzN*KP!!s9Ino~$sl zoc-FPAqP#E`3r9=Sx|($WvtC}hV>`>n8L*_8#JT;n`FxM0@$sqb7~!bVQB(^HYBLm zRydq&#WxwJtuoLFvJrL6>GoUySgYtbEobYP6tZK$qcWZ*40>qB{l-dYsjI-jyrLz- zDO{n8a)&)Da7CwPTeu+oQPUl~!1SAuy0SNpxLEyWqBLvpONcyX!QqWHYNBj%Y8 z+rvLBFnz36Xiz(R3tD?r!2r<|JvbX33{^&Xs2V=zk{YH@VYKm9aK&j}ec(fKwF*sB0-6=rDbe4~3B5#{o>rKtZ~p#!9UXDIi#^X(6}phSaY@hbllV(o=B% zTF_#et0H1f$_mkd^XN|OO3m-i8D+=Qj(Qu{$0{!#d9?=cJCdZgm4^=dk$}19>sFsk z%~f{oRZS!Mq1(pw`)>Xhda4aw-TmoSCHFcneTCRXK9z78a>~;zffh_z8-4a_1nJ2I zV}43O$7-^_v}9A_J^Q98E@$$Kk?s~ZC2RrsuDEAhdW?VE#cHbMK@D8F|F*){xtZU> z%K{+kb)LlF#eBb_3hjlB>an4y*$VjSAp4F9^Enb!KFXNht5T01!A;R_*)?Qp@?565xt>>CzM=LJ5Fw3U^4TeD( zq($^$izyzoDVtO%w5S|fM}f$ThtLHF^2Yn_-lzMke#@X5?(9zRuVT_RNDevb^0UW> zv5(A1Do_(s9JA)Bd)_6K%`=7y#%f!3PC&&l-4aQ-UR=Wn*|pR$6~{lmql^NRQt}^A z>)L5AxZ4P|X+;rIfaUdIQAB)H#0ZRP3VCqNP7!UqoIA*08>LLR7Z$UdVcDfP;ZMI+9Bkktr7mvtm@&D^<7SpBIt#81G9_Y7JiMo< zNVY@mos`$EOCk07xA?P6Km*B_ZZ?fo%s0s#I}6A&ES>Z&5vojO|J!8Nj~tNdI(hFM zfw_H>y!LW`K5PXeFLF%qG4`l0UUPEN^*=< z1Y)%mmJNeI1)y=xQD5Pi#dmDe)u#&c5oXz+p-PogAL6znUsig1C2!KMFLkMtDt)X8 zAy!FTP9Jbj=IGuX^$bpUR&L&-{<0x=9{X!(B|wh;`;7de$X~;l&w8&OB5Io%c&^!r zB+>SSgZbxL1=OTbx_v%rCe2|+Ro37yTP#TaU}`>_TxdCAA`eiNt_2P78uMLqkhs;) z&E_lF{6vFTOu>8p6eJ3G=*lh#S8BTE#ivwY%x|92Ao)vhdXe{P6jVw5K4PW?Bjt9y zCa-|y+Y1#H1?_y(9R?C9N%3}jXAwa#G?l@p;~Qo@$8dmUKbhQ?s>_aEe!pzd10n{{ z`}y}d9UG@h%f`H@3`b1J2pV>y8o}1okm-21boszder{T_A06*Yd|Zu7xtCG91?Z;k zo+{sVgP35#HHz$y@-0_M7PwMN1u#I3akF8RF>?amxS(uCC~=Z#N`oS%nqVCA)JE{P z994Pj<;B=qvKRZSi~FNRT8sC+KxQpR{-y}l#XUl|#ftD@SRPJfrKS5*E&0Bb$TkIK zw%^E9WgzM@CF}ll$xc@;BND!jk*k7+9m?CvM}oehb{T)4bC>)|kC%BObK_;vYyv}m z`XSLT!}$?v<^2vk>PnWglo7~*B;>3$4%BeDlojgobjl;kBhinkK%4!beiTSiDSGKc zYk!T+)hyB;GG7-&hDPyDg$!NyQ5Np9p8P1CH);m)Z}hR%ws%%+dQW ziYxS8_k!P0p*I~4XcYAH=Ux)G2I1S0@Wyb*YzBXeO{gji%(Q*S4Z2}@Rg@JRouX8yiy*@Muya^dBf-!vDygIM5-a?J{smKzBdl9JUdBlGT7YWksbnNFnVitNze=Xz237uQIxXwadtd$4`jP&=w_tTaDoj8$|G zc9Bp~a+`p3x+L9HE0(DueBK}+PhAC8qP`lh>}7S$#p{6({56ojzfr$3aB=+?g>fU< zMZhIg{}Nom#QC8M8`)<;C0$7*TEU4}RpX|tDf@$mH{?p+UMgK`+F*W}RM<2PCW9;5 z8unVVE7$Au$=U@Kgl)ocY~_6_iHH}TIaDVMR5-PnjW%5`Cf6hxjA!$LMC7kr|D6AO zY}%URFC*$%zNHi2b89H?{UmVoKnV|@NARCSM`anN;c~UVcZO3SW+SzPJ7qiNhvN2k zBHVFRjyCJPYy1Gs+~(DWh3rSVyn7)l?8$J*1(3=qWQ2(>ftIDkhiv5ThYQk7MzPyp0kiRz*$)kD!-iQX~qhIoKb7aze%cZ86*s;96$Q`)7P_ zB!3lg?LS&fy~ZG-M04#4w1fU2kO|3aWL@>Vj$viszMIyq#co+mNFpL7v9ANIBP1SE zwW5FRCnbB#Xb4I*_hFA(clq7eR17J_>VR}K~#;e!S8QpyRp*~bA(i4SsvTmvU8`1&6@mlfPfz{Hd0+5Z9 z@$1{o)aWes^^=7=h1#IsGs$anaC%5##ZQK3VKrIvr@>D_}phaoiPJtNg7L?2r32+G~E{93+Dyl>wRtV#vi*vfC}2Cw??Gp6;4!VI~1hs z?X$?A0-DB$1-P9+Hpt&&k0qQ|d#BasZj*IqRFhK&UFaFed~Zl%41a;)6{VG|y=k?4 zv3)qBsj_@kdS%LH-n)(mea-&LlQ*I&!g%rd7thHpkfjaOr_q8n2gN|Vk2S^FAEHin zNP$N&`ylTo_q3n8$8067k9FALq1H-VdX<)C`r-3pY0{~;2az)K*V6gp4&-T(_iu#N z9-Jn^w8G0v9u?L3M7znN9sI3ZYqppr#ykyoWVb06{uX7{j?DZn;|ve2b!D7NlJ|5k z#?8v?2d@0%Bk0YU_bnUx-?~-ATZ*268{tHU#+p|7PKt>R$}6crqfuVV#S}afH@{p)}q-Qc85Jma=th=isn)3W;Q{=AMX8q_bpd2nIsTDl?k_!0Lw2-T`FegvqlV(K|9H6T{) zzO1nE)2K{H+RTM)@#jsfDUI`tI2o4OGhil+~Rpy_kPgT7Sexk+Dx-O7&s@vr^@@XNK(WKI_y+UW z5`&_#iZ9hTQzz#DhF7o~rrNOt6Oz_ zt8n5_#?XRrY=*H!$~aKPS+0gIr#7fEZsaC$MxNm9decwvd{b~Nv1K{;=9l-Z+N_#t zL(HxtTi8n6_vhXN&K-VA@^li-<7!zGwC2;_=Vqvp{VJJsox}6h`6Z~0-cml7i~(kp zU2dAYq*ypRZa8oo)BsR&&~%N2?oBU`5Dl)CO;mF@mp)7KLP{m^=-brYkmvXW@6O9x zGgPWiS?{nL`~c0a_WLj-7|gfX^wdK5?conupS!l=#>`jGE283^!^3^iX1z98|Wz?k1s=~0sc zT8%Y*<%{1~HwMxDd7G_HxgnDTr@>GAVU01)R29(ETtfJI5)_u(4NG#p=;{Qg(ORVIH>Y@+AnDotf&-BBoS`_;E#{&r2`>O6nHl~e`08L<=-r9!NW2GO%d)O( zxzZL7A<0ik^Jdu%B=-j-)Zwfo0+qAVUsa)%1_kwn)eg^t=73LwD9;(m7%Yx~cVDF{ z2B3-PqxIZwKsTIt`F8p-)ysUAORsBM{k5i9z#*t})Y^)7vs+)^=9}&io{2`mFfDmiEQ!;8jOFH)Dp%p$SRCg@vsaV z6zo=<_KNyAvCgE-tW-K_tOVL3zN9+_S{tSEaC1*21aSpg5N(-(5m>v$oB@Z%MOz03 z_u|7&BWD)A_xV2+S3!p55nxrJW$x_fJKNWOyVN^2ww+5+8xB|1wzLmvw||YFPWEIE zl6y2BZva=-Z9Y<#RcU;2ZjS0kV_ zb@D!&7P5pfL-&=GIxBlv*<4GK^*8CQ;xm#1#6EqmJw%Q0`hmfBYBKB-w|T;I!6ao* zvE24xr%bk1YSOc;1#La@`fx4WJ^tb&Vh74V0^?S-(y4pNf9QUl5>v0bra+HW(^#RC z?g`0eXZu^B(nI)IHd`gNl}`WzOf%TH1w}vW^z3@)Z9(sx3oipc>~R&Dv)8bj)_e7R z!YA8I_p86Lm@{W3fJsL(Ttn5^upEVrZ2FfTESpECpBR^-|`x-v1Ys$e5M$`W6 zwT)1!_9*csj}y@2uU>7Y4*78KB=qB3sjt~>Xz!xs(1`Cq>px%JyY=P_H`#pktdJ-2 z4~cIr$zZAf4xF?d18!?L-D%w;>Y-m3ZphBWJ?_$4$A9+X0)Ef{-ly_yESh+8|ss zF2E}fwbh%W&f!Kc*k~6>Jy_`Jrn-+Tin#*~p%D+z59Ljv)pmh?6U#m7-72*i211bb zPz%dKj+#d?w>iZ#Q)1c^^d9{BUAk}t^Zod2mw$cnwf;CdJaYT}{#VK$2Z28gDI=B7 zI7zk__Y%ggu9cVlt}F6qv69cr`~6?$ep_G>4EXAmKHZ`}(&)L0ByIUKay{>Y4l;nXPsr@eF@?G^=Fo>8BR zdam87NlRZsc0uo#d0maGYx&AUX~q;2*s@_bK?NybV>4z(a9;Bj-;)t1NU7A~b!vvi z_kf(G1;$03STq=$;(qp#_Q6o3_s^^Ee(Rw}zqbW;y$TX2C?9ZatgALN9}?{U6!Z!J zh}FVkV6m6ec6fyeL3Wf4CRq^ocn5yygx%7OFQKo&{ zOuJZhKER1#5-7Nos=EZ#v*$e~H)Mx$?UV^a@rkR}O|sxy+GwOfR<{13>U9(22Ash+_~@McR$a4 zJ@<9}uHQAo&r{^_q3e%H4R`O9Ue?TQ2yeZj?Jwhs->_zG8#y)bl|zm3Nl)SFV(v3_ z6zW95uZp|8p(6aKTZ{I$glW5P;y*d1(nNjUrw ztek2t0M=Ey{%%?!-9;Tt(61p`NSDiGH4tVejhW zIAr%6X>GFWT>ZJaVlpHZg9l2Fhx(`V38uPr*3nID-1~~nhbi3)xeat37@}=r_Z(2Q>dj+-(Q4^Ub3Tia*w=h%r!&vnzLtyi%IKM8Y4mmu2sIa`$YmN?!B`%B?qt#cAlZUlCQ)!3IU2;t5@@tYqiry4-g<%WO6|}Ju zRd5Fm&w0e;;dF?5H+w-CczDXE+QyBq9IrIa!{!1OR9q~e=*8U8fTx_AabkME##lS$ zv(D;#D57NV?<5#PbDO=%dVyDVIzIPkrIZ{RhUF8Z_BFk)F$v2y@@oa&j#|%Ze}u38 zK4nvo6YxWM0z582<}G3~iaMtLgDbRX=CNmrF;z!{3!^x2QT`8$vh9oIl&>6@EnoRk z7;~*5ky+KgujI;gfRzZ|dwUfyvujEf)vrU|5*}6!GH7d)H=xV$6DYBB&UcgtWUK1POanSk;&Es+1`?)(&OsLoqT4+y z{4d=Z+V=}53PI4yf;X}BpaB~u$gjqV7f_FdKoI{^(=dde>F?8ZRzvkdYAzSe2p!;?(NIeWw%L_Ts62I}apN;D&Mb>> zzqNDp0ww_GaOhUHqfwVXB>%3wSX~Cwc#$W4=Jf-IvOa;%=L+e*3Xi8n_)U7@stGI& zMNmF$7$!=?_tAReclO8?HC6^wGFUG>8v7V2;ogYHXC~xQ8^aAV&{LDz{odxK#>30~ z5ssxAqm|*gqpFB*FLJa^ud4o#hM{n}F97(mw{5k;a=06@iE`VoKe23m$O}n}kQ;*GQWVkz zl!Ay4o*v7VVXA;MX#do9#zH5{zVK}f_y+$4_qmmED`&E@&NEN7kjzr+f#t*iVC+rv z%ejZ)(b9&)2)KMvbN6hD;s+DnI&BD2TqWGXPX^ryAv_|cf&A1V^(BP3f^#^Q!wk<# zp5o@dydqdu1HOSKr}hqj8ff^1xMjQ|E9>cTX6EX#X}=DQ}xp2-EsfMZ%0Zi8{6^Z)-EKu3B_Zwp>c95Rt9|Unc*XI8}bW|RKFj_sq`+y(pa? zk*CUIr_{yWrIX4Hur~)QkQ$C(lzG)Zf{@M-BaC~%aQGO7|7ILkQb+UCSGT#0#3^z zwAp{co@_SI<8%)8OFq^-<8;Wus z4$4w%%5`dll;h(kiaOx#_@@f>;R(LRcQqvgZSukKDMm0uxVhVw6i%Z z$K%G(=oOl(Gs!MqxMBGluEUZ)jW0{&exB&m_}CUo^hLRhPi4R*I!Ah&EtXKo<2U7_ zWke&pRKjv&E9R|Ax28)OIxi0UzBtJPLm7iEK_XDhg~L zV(ALOMLHV~pTHZHTs}8rp1gRvZ%NmCR&RIW_P&v8;9-M*gY}d>tDet~9~f?3t;6Sp zTAjjN7qVvzhF%suoT8oI+iauZ3rC*Tt?ZXw)8Ys8BIPA)PXb=ibbi&2rd3R;Us3f6 z=4DWFlgQ4+d%Ha0@h~wufNS=c3(+WY+vlL3%X%J{v4`$6_sT*PaS_v z=Q9=e0^+Q9%!I>|Zf=t!*Q4F7@!mIQOh#NoNHI@NbJkrh94J*J>#kprl<7s`FRtD6AT0%u%sdswsL13Sm6;^)3xMmhyU{4hy2 zAr^is5$^rISw=g!RJEE`7)}uBuMdD)mEG&}ckI+Ko#{Y0Ub-s#MO7P~npK*)FYAD# zIqO=r45Q9au*O@#X>rQ^dZHx(N27Dh4Q-lQ%C>wl37BRzdTQ5uuOeRVvl~*bbfUA$ zU;ccnc?Dl^{K!O=w0bGhAz{KfRn0MM6p#`$0S@vAlYy_fG+7PL$R-R3D9A2nAaWBG zIfIGAZvt4FE7hgViwu;Ma01Xh)bymcuN#ZQUY9=>H;wy6fF%Gw{Utdi@E z7>KB^lFR514L;{>a>ZZRbkpSBa*>AFzW5-FcP%XP!Lrp+i;46cYp!qxf=+<#_r3a(Nmbhg!%rZ72R3+#0Rqd%oEa&?9tb zxJItSb`%j5E*UAa@snG`$WXPH%hVL;oI$hkI^#oWt>1uU4hb@ioGHUYsVbi?NNhQW zgnNG%ayv!!JTf@_)e}#@_(iMKhbR(v^B09qmkGz@c7$&8xeA1R)ozp2h35T6k#3#) zF=xmp8!>I4Bv8;7g7qC!HyRcVwc9sz=O`(J<6AZR*Qe~-R-IZi4Bmn#LwL!yUBRbS zvs07i!D(Q#w$U01@(Mxnaf=bJR`9)4m9Fb)DJ5NvhCh=XA#r4b$>C+@r-hyD(wHFC z0_lQ@pz+enP;y(wgC24d1Nz`DHA~1TrJKA}bSoAqa< zo@;=UN4~82{MsNIi$`9rQGK&5)4(gN7gn17X8u_BegEYVVynTBYkGo$Hl`flaB@Yw zGNgT2Xz1D*s^Cuuu-+VLvEf`Q z$@G?c0DqFQ-(=9A;zbrJo`%2d0v*%@#hlmq@JXn%J~=A+Z0R@Wa=t_q*1lM^i}(^p zGQqm&9n62oHi@nN=rbp?*x_{6p>cl|!B@O3s!tIN8SfO7pf$i6X%3^n)7fC5h%~#8 z2Zf$iVLYaHFmE^%<(ixxTcG#r2Bk766Wy8OAiik6aJk}KIqK6QU+tH#GR{KyBJFCl zZY35i!-u8-D)trP?KB}95HQv@2x3+BtEjO5?_caj)?sGmW<}=XP?$33bp<_*!JG2|GIQio`M1UXl0)GRCVp#Oo zwHohr7*%5mtWsDhzf~LYKJx~}Pm27^Q8kv$qo|S>YQ|!|HX=B6#L(p#k5Fl?x?Rea39z0f2!jwylZS|{C(a& z(yM)n!JF@U&ud|+4pl7xp=cJ#XCZ!ScPxGyQ9nxdvYU_g*C;Y*HKy5HDa6}m&r=<2 z?}f+>=4gUUp}!ZtzTm>|Wt5&kIW<)Q1)8Qk`6l>-y82Vt$9%f_5BtyMr=G!WrMroy z6|U8nn^*Q~+zNpN4YlO%wB02!ui5PWWH$o6qhkT>53n zJQy&aym;=u4tEM_urIB|tR`iOOnL}%`e91*V((@66-QFn{Q`IG=9^V1t05N1ZRI6z z*J-41Pqv3^p4#ZyADWgrQV+`#rk##=rg6egA2G;ZIgHg*#cIBC+=L~bP{;hsY5tGO z%8RnTa$NPu8hq_;vw;p^aiV(oOEYjP(Q0K2aw8~*JdJVf%u_~(Ky9)rx*^cg(YdnP zBSt4oK06Ripj2%Y9n83wh0%4tEqY{W^oYf`2`JwL1M$MahKiPPu&Pz+I5y?--cQPv zlu5qnQ0+VQqAh6C=;?vZY9)njX6 z^(Cx4UD?0w(*Q_+0TmkM_A*)y}Y|D|&ydS)!Ci8=@irpKv znolAbveiC*rj(5aPg_s8Q^57Yv=NmMbj?bOpxShy^_5Mp0>fyJ`CD1v&l_YX`^k^L zxE`)SI<$7UZxd?$d8BcqX_J#8fE+7UF%S@@|0_#2X1cGmS)9t4x zK7`LB!5`@g&qPchGGC@x@(9}B&eWGnCn40*hu=;gitire>c!dpQXMDxlW%SNtlTQv zjMoi=T3#D}+Tp+Phzx;8<17Wyk z=WvQ}!hVY# zC2vIyiEbJ!H$yI4G)jzlf=no{HXoQo`uv*H+d=uA`SiV(OS${*h9O#8-6JbGeK)&G zL@plhQMW|`VB0g`<9p!KlhQvD%WBN((uo-XotwwCi8(j3pnQO=pL+%VnlFx>V)oZ? z`j58y+f&TGc`monemIG63U_U-!vDYqp2*NDM^&)!-wB<5hQ<966tGF%cDz)*SD@p*;G%7Z?|3)yyI)K`v9?jg9J^v5kt_|PAU7z)L5*aqt(Ld!yNMg0kV`5MTgn);*%9+ld~zQFNSL)tY&<3L}>{N zLnN6Ankr3oiinWP$0M-NVn}H+*A)!|dmuM5z!D@tLgt>h40}`ZJ#X3WjAO+x@&n2& z!FgW`CH;>Jm6`1jtxvTVvg)5X9bz1vZ=ryLsvEj|GKML$hE9_>$8CIjrEM&NYyU{MfZe%+GuX)mgc?CBb& zXOZHBBK*9$RcP&1eO!}cfjUV^K6l=pg6(xDV{g|;RY!6|(m+<2G#al>`t|G2@%Q|G z&0}z$ThWZ$4ogsW&Zc)S)URg0vvUd5IR-g5I``>DnyfWF?P=x<6pY(;pj%#J5f{)H zJlOzfL(|zcZ>vM+@pOU7p7Q7n-GlJV%bb zl%cA>#6uAHYR~Oje|?n2ic6Q+lZark?Bw*{7^3H)WK1C1SJ@d!ub-`#LB6vBkrRF6 z${G1!&W4`;M?`SEgL7L0!^o!7W7`%hfng5VfOw5mt(4&q$pa1fZ==bJ_Iu^%NPE6q z(?PikpSkWItj8KBAFK%x)q{_2xT5xu%oi(ZK0jQ=GcHKWbf+a--@0*&*em-66IO7Q zLfE_%9YIwA5$1xYdM0Dz)V7tC40W~vx5vg~bIm<3c%F%E7rVBj`s6FemEEJI3dhj^ za_(qikDZ~C!1fFmOibc25~7H1(G0s5FWgmh;SgIMxUNn=OuO|o`k9-~IjZ$x#g&P@ z1l8cH4rx=~Kle`GrM z$nK@sNmF1_c)e7Dbe<~6NrwcYQh9;bRC+`FgM|~*(F_@K1Gcgd2oP|r*eg!nqP0p#PP2U@ip}o?`FN|(tY7V$^86vbQ!bx?E^7+1vA8e0Z1hd;f zK%?2AUULiKRNEfI;aymJc=^+YqtU*L&(zBeLhjFTpVaQjmm&I=rU58EPA@chZiyqMqARD-~oW?J(ykZF0I_ zv`v-I^hcDUb|R&G9Uf1v-8T!WSlA{l5`$bR0lOlEESrgWY@AfK5?LqN#h+CHaBB-_ zj?e`=(nS=4D%RUqANDLt_d!Z10rL~uE^5oQRDjA*S3+PHFNiDJiko_%BxpI;<{BLF zBCsiMEj~Fc+xbBBc=*)$ihjMTvdeW<+rFRn(z+i_{S>uCHLoe{aqN=sTmuM(T18Ds zc?`=r;~txX^Y&+8r4l%SVY#Q0ACAEnoa95hAnWz3n0u8L9uTmww*xrPS-ueE>Lad;8Z1FV7EQzkFgl(3JzJI`96ij~NqSDxUT0}$>@{B%QfumxX*bCxP1!dKZqi7pYlne&z7wa)ui zz2!@mXibtsjw{Z-ZREujvTYJDLfLE~M&HAz!M*_l;sKq0Wj9_Sm}=+#CM66k+Iyzs zgC8S4Fl4{^!Qe_hUd{?bR@+1>kw8F}QEdQl3s-g?L@XBCz22~hu)w49>4KOAB=~|a z&4vaCS8$tm$Og#2U$J;IZj%2px;qxKDRx+2QGgZ@7QUmj4vcU@(8A{ z%VTmD@)L>P`0U!tCG}|J*1gD>oQBx;TP8P(F`Xuz?6;Z6 zc4v^9Y6uDc`H2-xai`e~SWA#|1$<(WxwrRt)o1Use@7`P2FO`j={hU721kYF3(2+z zG1gG%@Kmg(_K*9BEstvgvdG%+dK%Vomaqm1q-1g-^T2vrT;!!WeE*w##lyCeC!!ng zrj*P49X+qUKeS+dE^i$xdK@fPJNFUEaEakn=BZ)I^i{_rd=*ps-e&bU-N)}` z4R2ricPf?7Y^x^dK_eShzFKcw_~iy14dx%md7HIbtUbP*{g|O^bT%)Le!zNg9CEhX zxNS*sI-q9#L5bUqE-oY9r}AM_yhFrS9Wz^gg<1KXJg~QWAp;rC*Rd`38BdcWIky*? zra~QegMVVC8g`2d+F2Omw0?_vpG%|&e~-zp$PQ1s{_!(oL+_7%R`;!!-v85_$rdZU z%Nlpofo-AOECl~qEnqCMTgIo63E!H@-nkUU|59s!$Z5v z!1WhQL}ds}uRz5}xP8G;g=3=FBGIO6LQ3yiobH$(p4K zcP76~3+xpc#4{8kYU+=d8pne%dUc&TV2!+?V2q|LPkA0tV5v)iYWie(O;Sprmf;c zx~-RbvyK|T00M_fnn-K(Ely&;MDAH``GCXCeE~{r(pi zs-#kDXz&WiBHFq5R_TDZ&3-keQ36ZjuU;vV&mT7oJ{Np970m-@rjEp0q~N4v2U+RK zC@)qb8mE~ZE6xo#<^>t7NXM}_0+|?CEK65a)7?GH9gMp1w6s>%8M}+YW(|XQfi@Pb zB9usT^MH5nw%&E9yopZU*S4tyEgUPu$NEPhsa3ZI(A24j2RM+tvu03VnvF}N+_7iQ z3{~VzOBKEi=MQtfAOjE&Tq37}FJ%*EV-b`Ns{KOt? zYkgv6u%cs<8QUsqJc*T>`(j(v^=QpM*n6wgcY!YACrS8t;b#W5X!4S8wk6Xu3#7^_l;=F8>^vjlkm$5sr#)j>$>ZF=s1jE~;_1yDwP^$L zf|LWK?Mi<`G(U!%tJUlZ?hbmDcIu!k-}uX5r}VOA&ew zfjNB@NU5x(yBHkt=u$KM@Cn*G1Uw)zy8p43VWp-0S|c%j>Gs<0xzYT3{`{1W8p86Y z1?B14H+`wyn^yw2CtU}poQs&*YBe%(pE`t<#=9&8W;DS4QM=jv``V#ZbrGK7fqZ+F ztuS=4u;!-@Wq}zacovsr${BJJnxVet^p(SFTVb(j{VT_pX5w)(7x?qoh@KPS8TANw zt9q*S6&jeS9EkQO-K81=oHQcKcfC7HY47i!vK~`Mcx>bqJTFuckTQ%mUhs$=o z#ZZHs_iMvjMcTv6$>*s~Ioa`TCJ%Ckt4HAwKk1y3Y6jFoueu#i}~{HRKkZl-KuX-NwB0wZs$Seeso4wAW)XZwNpmM<35r=6+% zp!*ls2mT0w;J373LEH@)zyeT-fa?&*z7GT9?-RAW|MY>ISXb|LJDhecbld2KmV7o< zz)Ykc`#7>aHLciT)-`e@9osMKfW>?FOs(k~4(rcQqj?w=xzhP)-$w0dL{JY&tM*6Y zNOez)j$<6IROz9+m|DJMrGYwZ1)xHWsR^<2)CJm>jLU>e6v2J)^I2*5phlh9?zBCE zRLx$Oiq;RSD^6Ob%4DnhHwJ@g5OYyOscl%|Yf-LV^lVdf{fNv^s0((Y8>mFIg`a4L ztggKSsRn?l=Fa%~uxBX+XjU^w0tMkcbl_h+Nd+oJEmRoNSB{mq|7;~vg~!c*vB-sZ z`{yck9KhRaE3tCbUMRU3ShZEow_~*vrrl@@gAkdfV4c_&<(rh+e!BEb_e!tUy0eTH zzF#Y~S0#v0j9U@v3tuS4yAr-cu6=X~?o+kk;u5{i;x*~Ju}W97j*It8V46%P&A19B@KRfxKdbCQcU#717m;@8%C7qkMxTqw3J9y^q3x9Xb8Eq=lj zi)ZCzCDU5siiJMCn(H`Nk?=(AD6dXk9AF#+vu4&KZ}!a~=ZMNg=itZrxb`yftg9cP z?P2hiBgUk5lRC~3;k!hkJbV!3^YjKxMFq;=d+0e@R^%t;MYI)i-fOJ&AK$+r!nAOL zW_y^v8F83T=e(>KMeG+mvVCYZt9LdqWXm=Jo)e*5SxbWTcEk6|8`1fcH0S)1;u;VY zUZ(kERMt>P`RReL`9ise`j91=zl^!ph$jHenLbPa?*!o{nVV=S3$S+^o(D2oN7ns- zwI}6^miiyHTc7c0FMs7gbVqzwaG*Hl$0}b$=!uYi-la_pv2de;m>cPvIYo)SLeJcS z{awRWm7IogwiuH|6O24Q%%LF>&ly_xmapsasB2_Pb}B&NPXAD7ZM&|gs)dnBpDWAz zw~)^O%DC7Ee=1hc&<}<@ezk~x1zG+qO80eA7SvTXqh$7idI1zPrns#|zK=`9A=h{j z4K5ahC0%i>E#FO0|7odazBA+Lq?~-rQ%~=e%GAZyVbo4=ZmC(wsj$nNxsWb(6ruiA z1u)FdQY*VJ`l;l%_G=fxA*2K&@r>cRqlk+tospZJ5+zwLEw+FOuYMpOU==9zQ?^ElZ;nQH-0;fm_{$cL*)3G*)IG%F#h z>(7bYq1$AW8&<6{EMBi8@CMr#WISy0CNdE;E3X!5>-YW^rmvWgz#9UlWz`Usvy0Zo z1_o2DK0`a7H~522rn^TAA9q-giak720@bDB(Q%(ncHS}dEuCsWA*mQlc-}MhHsQn= zRH@kv;~wL_f=+5CnakzqSect7uuJi<3)93E<1jkG$jt?@>g5^<`6}NhPd%-#Bdb?o z@AH96DlfNtWmC##WtTgDO6hkoG&ZM1U%R#1UlS~e@oHBZJW4DsSvjmH9u*yvk@HV> zr|{nR2!Wpd>%pwzW13=OLaBNsp1bBW2fFDl^|1bMm4L(J*1#HDM%Lmfn)$qMpSS+6 zE80KwFLwRLe<+;)TW5cJ{l-5(!KuF27R9tNog$h&5jP|)m*MfC*yf7Z?u!LD5X~OeC`b~5y3JyfjfPe{B6%Pq_cQA&vmz2;-JEld}Wycmqw7MGM7vM`ZVX zzo{IBUycgD-X3v6| zoTXftW-MkQJZ(T*T@n&rXJ-@eg|~s1pgF~S&|RB)p}!$Rk6vHZx$F}#B>JYrhMBDn zlP(*SolUp!>4pIe3rv!`t#M*Jdo>?_5N}CGc(*7a9|y}TISp0?do`#Htu1T$YyrmO zynCEiLCV@zyl!0y!L9_&Wdcg{b(?oM+`3#c=J1LmBu^(5;V#qs&=KMZ6Ju?^@o?G! zX|VSO`jJE3!bFin=9l4G*(}4CjEi0)y~PH_PCG(Qp@z!-vQjEoradX;PtDg4CY(G2 zNN|l35}=UN@2M)>8%Dp!q#jaI6F`41R=72qO;3NyFuGyEPcO4nJ(m)&2P3!RSMe~s zCy|xKA^m$B_o>@(+Vagp=m%cB}8+X!72s zp`Pr1<(StS7&ZN!l_~Id9skbEP2Q&H8#aTzNm|gGg|9qIL7;^c6Kpz9!OxF&e!>&Y z&b(EbtsgWwTTmseIUjRdQQhua=~s-;@66wsFOQ08>vec6rnblC30|qU0)m`xcLS7^ zxyl^TYeuAPE97p0;Hyo@HG$`jzZ?HuU;qE~asEq;<9|LVr+<_9(tP;quG9Qiju%hX z-h2{m{`p@XRp32i6fWmHP}Fa2YTPfE7j7RSG%0~>_}}D zm%F3`1x&F*v#qbC?lFH!5}y<^Z_k%|P+i>C@1*nEQ2!?CqLv`v%ZegGSO+@p}FMk2!|63PKEjz2RLBaU%Jjy)9tnpjxmGb9;g&byN zAEnF!;*xwbxXn~Nq6SHILN(Tklk#IG<3)?D8}ORaqf4Pxj@5m9Yml4xiVxuE&dnuE zK}WFf{`;mt_{*Z--+@Dv)5ri(98uLVPiPLPYXJ{ky!Va%uz|^-t;rxrY5|}>jDqq2 zOjy!s5oF%epLC0*+?`HL?sn|*DDYH(&{cpUFt1nG%+363-Py8# zhB>*>6!P?amsffhEZ!PxslOo#3ZRY=dfm{wQL55TD{3ll| zJT6){yVF6_!xPO%b2I^;>ZFuvqs{8$ufLDF3@`~{`YzMK$x)bNbO)=-0X zF@!cz**}*r>zr8Dru5n6*>(vlNq3QeVfguv271%wKKHm1Ere_fR3W~sTJq%fT@fEI zva*tSpq0yoCs}gXJAWH4|3?q>ol;hA&}R}eQzmSp*3vox%&qL20hh18;?UH|&&?~; zex{^QEM>(BHB^MMw!f$RJ7pxU2)rOH2buIH9 zWhstjV(aGTO$f;2EZfqC+7ODm{_%YatQSdH6jIjK{dle;B?8291|^2W2z2M{SVb-a z?Y}f5_s^pS2G18=bvb^fiOgrI`A9!4l|5Yj%F+F-fRKJCW9e^0Tl7xW5leaIG|eyL z%f;=g)<42ee)(4hC;A3Jp)c{D(yfP~;*i60V>uC7LZA$c{&mCIyVc93_rq7b?nzk@ z5Lu2DH9Fs?&pHES2mE9!H*{_@j;m7l1=m z&h}qg+dLl(hmOox-xaA-iy_o6m!#b9wy(b()B&H1w7Osm`xk z@d8=)2L!M}np@hkDxPMb$IA$w;uvyDpB1Q#j#siJLlON{JI>3aFoDhwF z1(*Lmr+C*D+CviEo6C{jZq|#XbUP1#w69W`xXP;=Em7T+5*vP$ffi@F83dCkq99;s z<5Z-x8HMn<4X-GD6r`)RSBkT%OeGr9fVA8~AQugfYr%j^m47@IIu(uEP^-*%UmXz` z@}Orb4w_gP48a#?K;oog@%7CS=H|QHcZPB=)CA4PtgTskw-^l6j@>n-fnTMc<`?NX zQVe`pCqm`q`K!ZXI<$K;2W0LcSo8r2=*dbyJ7ar~z|dInEKh&^Z_}j8aQxNZ2U7 z?61uA_ljg+k)P_VcBgB%GrNC6oE9sdsOryc{#<;dwQO@X@|VBT$v>jazbksl!6EPq zLyy9EGW()|{!+?!j#@nuu)kLGAS&T=01oL?_`*|8GB;?lD|FD|_4h+FKI?BAs)_`E z&o^#)I@!Xw(Y`^m_?0lK_gbd(fRaj`kVdz=hd1JJ*`Axy?PZFXHwn&ie zKVIX)SrFjD&%Gm64U>~Qo2~m~^WBu-^%Q%b{Cg(f`nm|zK(yevk5JhjL2 zK0Eh&t^>WLU}!vkC0k5PZ@!C*s@%n;EX!0j?_bqCc67~vP>!OHW-&MOmGJoDbt79= z1Plp*h)G!2zL$ULHDO&XS+|ap+AX6aD$`|ht0yAk!9Ih_WTwl&SR|~BWyIwd$QSgY$r+byF;|w4C=o=Rhm^}ClVQ&pT`)|OHkFl^kM&O zK!eVZr*26be@KP0A-{K`qpww>5@dKrID06dVw!d}9w7S)(^mh>Uz)&|{Bi|_{HC`l zdtU+t_0Mz6HE(3niImzqq*SG4_&O0$lL-j|MV|FUm28K>(!P0O->HokM3JscZM_NBtU5!kB=d(HfR zu?S&ZevZSD0<^xvvgwju9fqrhhPULxXKherh3Iju3y%Kr94HG}Uc0)_Xk0?jXy&sr zHg-2ZxhnbTOg-de)hQ~({JiJ=uNu@-I;!y$A|EWpE+qJdzW<2(EHJ9JTsQBk1^MT3 z0kQF%RU;F9kCIPZDK@E*NZ=D>O4nJe%k{ZCCejL8DdSjAY( zGWMn+t2nHY<}&_Gk@n4TOZ&k^*C1#}y4X3;8fLBv*Vb92_TjGJ0~63|0l+E3JnYB> zf|9-_F?P8Wu}=-D#lLeIR2TxSDdB0Z5a!jEd{0r!_F`D<3h1U%la4ln-qzEb@S&S# z=<0b+VITn^AFw?XAbtk@*>pBOnOk5$puC64`P;vW)PIYUu4-99awQi5+K<+UNVJ+Y zgY=C2Edxe89#kO?^^D@jBnT#>ci*qu--CJp;$X!;AWW-Dr~>_*360M8>E%QDc;$@z z^#ZOg_o+5Jr4`?R8MwA;kA-k`8?bYHGNA>qHBC)(9;(^~8>8oY7_s>yA})!5QsPLw zzf#f-5KtJWv}~k5_ROT(;dn(QcfNVW_lCFs9DdvOWP12A=GIM;+HcSOL04eY=$6NM zudnp0tbDp2ADwNHol4~ip*|xuZa04!w}TCNl?usPDOZ~BO5?*;D>wnTg?0oKE8(Uc z8rD)iF*9QO%m_HS8@JrD0Gl)N!D}vH#8Gli9U1OubhbDgzmS>Ppj=S%^Iw~E#iVAv zpr>t3mn`k$&p3rO#Xrvh3-{!LTxZM2Dk?^H5nB%YE(LUHn+1N|vI5ooqAuyrPi(DS z&sk;sS_9|#Rv~g`NIJ4o_Ss?GRAl@I-Bzs4iM#z*j&1+C6aGIUV$5+z?<{T^H1y zS7vtg3tatb{=uck%jtUdD80{9a6N-hqU?vHYECNV-NC($xbI&;LB7(F03!sSmQCWOzbq|;ikfDZs1EFu5 zFa}Dn-4$h&I4&{=|7O<|f?0@ArP;k2q;w2y$7r1dKcvpDFOTEN{@pa5fh3$A@5HM$ zCoD4jV5>}Rb1L3HAK(4)^R9l0xC-L;_D$l$0h-|z@#6`ashm4Syo4Dg-kOflIms4< zjIB8*U9BSN8x|EiV+myw6khNw&_%^<*4Hv_SS!y!XIB;As8$K9*Ggklg1ALu332P- z*)^ls(G}iW*_CimT6)vnKe}I^U3e}n=Re1{YLUxmz4fXKncbPT8FSlSO6MBw-Eq+7 z$DkUpw_Hh^i}OvQ(%jy`@o%faJ5JMMcz5J_vI@9MIYfy&2BKT45vDv_-5A|y9jg1s zZJ_|k*KQ9lU3tCkYepVFXqm2>{!w?lVBfjF?UI|HP41<~mtJPaF4^noz+=cH`9;r< zr^o$XiLMPC6Fg^Q-qhkPPuHDpwb0*@6%|##KQ)mNNZfp}R{QP}!s}#IdGr356HW5P z)ORz*V&Qz3{-0sq?m5k#rl>@&q7PoL$*rWmUH|6OP_pj%(=iF}_tlD~);|AyEVua` z9itcA^ZCIZ->%7reU1ZYXKwV1*7l`{EbDbdq~cT5!LRGRSL+udZ$_LCFZ>ko%M+D3 z%X@EUJ_hOb;zG3b1a4EG+}VdD(F65(bpNOC`}3#GdeMbpN=_c~sz=jL5k#YPa$cNh z3j?Pk`r+zDP44$^LPP170%0zF{q2|7fUp5!Um@&UhP{Tc7ge^EVVhm{a|rvvjQym_ zesurmEfae$!`|Gncf0KEKieO|b`Y^WW^9ic+l9#Xsj{5vY$r3@>&^~Cu;Vi9KovW3 z#|~w(W4r8NH#_>zrbDp#A#B17n?b~;RQ+|1SppS66+-8Pc|1*41R@5arc@p6HumFL z!r`Ld-+Xu2?wbko&gD`>l52V0mg4_G5a?r7WIOQup*XXIhMdRpvE` z2zqMp8msDS0R%dvGOap{XEH1`4TPH_bqM1{JHS$y%*gJmv6TV$4%veYdAqKu#eK~H zt{8QnWrd6QzWkx9p&y*hvFZ8*+25D7N$>DoDm;KkOF&hyr~2dPzeRQ7bJReom>-dn zlNYhoqZ+uT@HG&up`TPm3LMBt92J#dC?nj%E7cWqiGk}K--QNJc!7}&vq|(s7y*J+ zu+TM$4+XOHmQfON23DgFVK)ou*MGZvec&$7oB@wjip`+O_4%mS!jyn}4%`6E8&Nk< zKSo_U2(S@gBfv(0jQ|?~HUew}*a)x@U?adrfQ + firewall-drop + firewall-drop + yes + + ``` + +3. **Set Up Active Response**: Looks for the section that says "active-reponse options here" in the .conf file. Copy and paste the entire configuration below that commented out line. You can continue to add more active reponse configs below that line. + ```xml + + firewall-drop + local + 5763 + 180 + + ``` + - This configures a local response, triggering on rule 5763 (SSH brute-force detection), with a 180-second block. + +4. **Restart Wazuh Manager**: + ```bash + podman restart lme-wazuh-manager + ``` + +## How It Works + +- When rule 5763 triggers (detecting SSH brute-force attempts), the `firewall-drop` script executes. +- The script uses iptables to block the attacker's IP address for the specified timeout period. +- Wazuh logs the action in `/var/ossec/logs/active-responses.log`. + +## Monitoring + +- Wazuh dashboard displays alerts when rule 5763 triggers and when an active response occurs. +- The active response alert is typically associated with rule ID 651. These alerts will be displayed in Kibana in the wazuh alerts dashboard. + +## Testing + +1. Use a tool like Hydra to simulate a brute-force attack, or you can just attemp to SSH into the machine multiple times until it triggers. You will need 8 failed SSH attemps in order to trigger Brute Force. (This can be adjusted in the ruleset manually) +2. Verify that the attacker's IP is blocked by attempting to ping the target machine. + +## Custom Responses + +- You can create custom scripts for different actions. +- For custom scripts, ensure you create corresponding rules to analyze the generated logs. + +This setup provides an automated defense against SSH brute-force attacks, enhancing the security of your Linux/Unix systems monitored by Wazuh. + +See a list of Wazuh Rules that trigger here: [Wazuh Ruleset](https://github.com/wazuh/wazuh/tree/master/ruleset/rules) + +Consult Wazuh Documentation for more on active response configuration. \ No newline at end of file diff --git a/docs/markdown/agents/wazuh-agent-mangement.md b/docs/markdown/agents/wazuh-agent-mangement.md new file mode 100644 index 00000000..bc912324 --- /dev/null +++ b/docs/markdown/agents/wazuh-agent-mangement.md @@ -0,0 +1,150 @@ +# LME Wazuh Agent Enrollment Guide + +- See Official Wazuh Doumentation [Wazuh agent install documentation](https://documentation.wazuh.com/4.7/installation-guide/wazuh-agent/index.html). + +This guide will walk you through the process of enrolling a Wazuh agent in the LME (Logging Made Easy) system. + +## Important Note + +Before proceeding, ensure that the Wazuh agent version you're installing is not newer than the version of the Wazuh manager you're running. Using an agent version that is more recent than the manager version can lead to compatibility issues. + +## Variables + +Throughout this guide, we'll use the following variables. Replace these with your specific values: + +- `{WAZUH_AGENT_VERSION}`: The version of the Wazuh agent you're installing (e.g., 4.9.0-1) +- `{WAZUH_MANAGER_IP}`: The IP address of your Wazuh manager (e.g., 10.0.0.2) + +You can get your wazuh version that you are running via the following command: +```bash +sudo -i podman exec -it lme-wazuh-manager /var/ossec/bin/wazuh-control -j info | jq +``` + +Output should look similar to this: +```json +{ + "error": 0, + "data": [ + { + "WAZUH_VERSION": "v4.7.5" + }, + { + "WAZUH_REVISION": "40720" + }, + { + "WAZUH_TYPE": "server" + } + ] +} +``` +drop the v, and use `4.7.5` + +## Steps to Enroll a Wazuh Agent (***Windows***) + +1. **Download the Wazuh Agent** + - Download the Wazuh agent MSI installer from the following URL: + ``` + https://packages.wazuh.com/4.x/windows/wazuh-agent-{WAZUH_AGENT_VERSION}.msi + ``` + - Replace `{WAZUH_AGENT_VERSION}` with the appropriate version number. + - You can also use the below powershell command: +```powershell +# Replace the values with the values you have above +# where {WAZUH_AGENT_VERSION}=4.7.5 +# where {WAZUH_MANAGER_IP}=10.1.0.5 +Invoke-WebRequest -Uri https://packages.wazuh.com/4.x/windows/wazuh-agent-4.7.5-1.msi -OutFile wazuh-agent-4.7.5-1.msi;` +Start-Process msiexec.exe -ArgumentList '/i wazuh-agent-4.7.5-1.msi /q WAZUH_MANAGER="10.1.0.5"' -Wait -NoNewWindow` +``` + +2. **Install the Wazuh Agent** + - Open a command prompt with administrator privileges. + - Navigate to the directory containing the downloaded MSI file. + - Run the following command to install the agent: + ```powershell + wazuh-agent-{WAZUH_AGENT_VERSION}.msi /q WAZUH_MANAGER="{WAZUH_MANAGER_IP}" + ``` + - Replace `{WAZUH_AGENT_VERSION}` with the version you downloaded. + - Replace `{WAZUH_MANAGER_IP}` with the IP address of your Wazuh manager. + +3. **Verify Installation** + - After installation, the Wazuh agent service should start automatically. + - You can verify the service status in the Windows Services manager. + - ensure the service starts if it doesn't start automatically. Run this in a powershell terminal: + ```powershell + NET START Wazuh + ``` + + +## Steps to Enroll a Wazuh Agent (***Debian-based Systems***) + +1. **Add Wazuh GPG key** + ```bash + curl -s https://packages.wazuh.com/key/GPG-KEY-WAZUH | gpg --no-default-keyring --keyring gnupg-ring:/usr/share/keyrings/wazuh.gpg --import && chmod 644 /usr/share/keyrings/wazuh.gpg + ``` + +2. **Add Wazuh repository** + ```bash + echo "deb [signed-by=/usr/share/keyrings/wazuh.gpg] https://packages.wazuh.com/4.x/apt/ stable main" | tee -a /etc/apt/sources.list.d/wazuh.list + ``` + +3. **Update package information** + ```bash + apt-get update + ``` + +4. **Install Wazuh agent** + ```bash + WAZUH_MANAGER="{WAZUH_MANAGER_IP}" apt-get install wazuh-agent={WAZUH_AGENT_VERSION} + ``` + +## Verifying Installation + +After installation, you can check the status of the Wazuh agent: + +```bash +systemctl status wazuh-agent +``` + +## Troubleshooting + +If it doesn't start attempt the following: +```bash +systemctl daemon-reload +systemctl enable wazuh-agent +systemctl start wazuh-agent +``` + +- If the agent fails to connect, check your firewall settings to ensure the necessary ports are open. [Wazuh Ports Documentation](https://documentation.wazuh.com/current/getting-started/architecture.html) +- Verify that the Wazuh manager IP address is correct and reachable from the agent. This is the IP address of your LME server running the containers. + +By following these steps, you should be able to successfully enroll Wazuh agents into your LME system. Remember to keep your agents updated, but always ensure compatibility with your Wazuh manager version. + + +# Verifying Wazuh Agent Status + +This guide provides steps to check the status of Wazuh agents in the LME setup. These commands can be run from the host system without needing to execute into the container. + +## Listing All Agents and Their Status + +To get an overview of all registered agents and their current status: + +```bash +podman exec lme-wazuh-manager /var/ossec/bin/agent_control -l +``` + +This command will display a list of all agents, including their ID, name, IP address, and current status (active, disconnected, never connected, etc.). + +## Checking Status of a Specific Agent + +To check the detailed status of a specific agent: + +```bash +podman exec lme-wazuh-manager /var/ossec/bin/agent_control -i [agent_id] +``` + +Replace `[agent_id]` with the ID of the agent you want to check. This will provide more detailed information about the agent, including its last keep alive time, version, and operating system. + + +This command gives you a quick overview of how many agents are active, disconnected, or never connected. + +See official Wazuh documentation for more steps on [agent_control](https://documentation.wazuh.com/current/user-manual/reference/tools/agent-control.html) diff --git a/docs/markdown/endpoint-tools/install-auditd.md b/docs/markdown/endpoint-tools/install-auditd.md new file mode 100644 index 00000000..f9443d31 --- /dev/null +++ b/docs/markdown/endpoint-tools/install-auditd.md @@ -0,0 +1,169 @@ +# Installing and Configuring Auditd on Linux Systems + +This guide will walk you through the process of installing auditd on Linux systems and configuring it with the rules provided by Neo23x0. + +## Prerequisites + +- Root or sudo access to the Linux system +- Internet connection to download necessary files + +## Step 1: Install Auditd + +The installation process may vary depending on your Linux distribution. Here are instructions for some common distributions: + +### For Ubuntu/Debian: + +```bash +sudo apt update +sudo apt install auditd audispd-plugins +``` + +### For CentOS/RHEL: + +```bash +sudo yum install audit audit-libs +``` + +### For Fedora: + +```bash +sudo dnf install audit +``` + +## Step 2: Download Neo23x0 Audit Rules (These are used as an example you can write your own rules) + +1. Open a terminal window. +2. Download the audit rules file: + ```bash + sudo curl -o /etc/audit/rules.d/audit.rules https://raw.githubusercontent.com/Neo23x0/auditd/master/audit.rules + ``` + +## Step 3: Configure Auditd + +1. Open the main auditd configuration file: + ```bash + sudo nano /etc/audit/auditd.conf + ``` + +2. Review and adjust the settings as needed. + +3. Save and close the file (in nano, press Ctrl+X, then Y, then Enter). + +## Step 4: Load the New Rules + +1. Load the new audit rules: + ```bash + sudo auditctl -R /etc/audit/rules.d/audit.rules + ``` + +2. Restart the auditd service: + ```bash + sudo service auditd restart + ``` + +## Step 5: Verify Installation and Rules + +1. Check if auditd is running: + ```bash + sudo systemctl status auditd + ``` + +2. Verify that the rules have been loaded: + ```bash + sudo auditctl -l + ``` + +## Step 6: Test Audit Logging + +1. Perform some actions that should trigger audit logs (e.g., accessing sensitive files, running specific commands). + +2. Check the audit log for new entries: + ```bash + sudo ausearch -ts recent + ``` + +## Updating Audit Rules + +To update the audit rules in the future: + +1. Download the latest `audit.rules` file from the Neo23x0 GitHub repository (or somewhere else). +2. Replace the existing file: + ```bash + sudo curl -o /etc/audit/rules.d/audit.rules https://raw.githubusercontent.com/Neo23x0/auditd/master/audit.rules + ``` +3. Reload the rules and restart auditd: + ```bash + sudo auditctl -R /etc/audit/rules.d/audit.rules + sudo service auditd restart + ``` + +Adjust rules as needed to meet compliance requirements. + +You can now install the auditd elastic integration to collect auditd logs. + +## Automated Installation Script + +For a more streamlined installation process, you can use the following bash script: + +```bash +#!/bin/bash + +set -e + +# Ensure the script is run as root +if [ "$EUID" -ne 0 ]; then + echo "Please run as root." + exit 1 +fi + +# Inform the user that auditd is being installed +echo "Installing and configuring auditd, please wait..." + +# Determine the OS ID +if [ -f /etc/os-release ]; then + . /etc/os-release + OS_ID="$ID" +else + echo "Cannot determine the operating system." + exit 1 +fi + +# Install auditd based on the OS +case "$OS_ID" in + ubuntu|debian) + apt update > /dev/null 2>&1 + apt install -y auditd audispd-plugins > /dev/null 2>&1 + ;; + centos|rhel) + yum install -y audit > /dev/null 2>&1 + ;; + fedora) + dnf install -y audit > /dev/null 2>&1 + ;; + *) + echo "Unsupported OS: $OS_ID" + exit 1 + ;; +esac + +# Create the rules directory if it doesn't exist +mkdir -p /etc/audit/rules.d > /dev/null 2>&1 + +# Download the audit rules +curl -o /etc/audit/rules.d/audit.rules https://raw.githubusercontent.com/Neo23x0/auditd/master/audit.rules > /dev/null 2>&1 + +# Load the audit rules, suppressing output and errors +augenrules --load > /dev/null 2>&1 + +# Restart the auditd service, suppressing output +systemctl restart auditd > /dev/null 2>&1 + +# Notify the user of successful completion +echo "auditd installed and rules applied successfully." +``` + +To use this script: + +1. Save it to a file, e.g., `install_auditd.sh` +2. Make it executable: `chmod +x install_auditd.sh` +3. Run it with sudo: `sudo ./install_auditd.sh` diff --git a/docs/markdown/endpoint-tools/install-sysmon.md b/docs/markdown/endpoint-tools/install-sysmon.md new file mode 100644 index 00000000..91710898 --- /dev/null +++ b/docs/markdown/endpoint-tools/install-sysmon.md @@ -0,0 +1,66 @@ +# Installing Sysmon on Windows Machines + +This guide will walk you through the process of installing Sysmon (System Monitor) on your Windows machines using the SwiftOnSecurity configuration. + +## Prerequisites + +- Administrative access to the Windows machine +- Internet connection to download necessary files + +## Step 1: Download Sysmon + +1. Visit the official Microsoft Sysinternals Sysmon page: https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon +2. Click on the "Download Sysmon" link to download the ZIP file. +3. Extract the contents of the ZIP file to a folder on your computer (e.g., `C:\Sysmon`). + +## Step 2: Download SwiftOnSecurity Configuration + +1. Open a web browser and go to: https://github.com/SwiftOnSecurity/sysmon-config/blob/master/sysmonconfig-export.xml +2. Click the button to download raw content. +3. Save the file into the Symon directory. + +## Step 3: Install Sysmon + +1. Open an elevated Command Prompt (Run as Administrator). +2. Navigate to the folder where you extracted Sysmon: + ``` + cd C:\Sysmon + ``` +3. Run the following command to install Sysmon with the SwiftOnSecurity configuration: + ``` + sysmon64.exe -accepteula -i sysmonconfig-export.xml + ``` + +## Step 4: Verify Installation + +1. Open Event Viewer (you can search for it in the Start menu). +2. Navigate to "Applications and Services Logs" > "Microsoft" > "Windows" > "Sysmon" > "Operational". +3. You should see events being logged by Sysmon. + +## Updating Sysmon Configuration + +To update the Sysmon configuration in the future: + +1. Download the latest `sysmonconfig-export.xml` from the SwiftOnSecurity GitHub repository. +2. Open an elevated Command Prompt. +3. Navigate to the Sysmon folder. +4. Run the following command: + ``` + sysmon64.exe -c sysmonconfig-export.xml + ``` + +## Uninstalling Sysmon + +If you need to uninstall Sysmon: + +1. Open an elevated Command Prompt. +2. Navigate to the Sysmon folder. +3. Run the following command: + ``` + sysmon64.exe -u + ``` + +## Additional Notes + +- You can now enable sysmon log collection from the Windows elastic agent integration. +- Use a shared folder, SCCM, GPO's, or other tools to install are large quantities of machines. \ No newline at end of file diff --git a/docs/markdown/logging-guidance/other-logging.md b/docs/markdown/logging-guidance/other-logging.md deleted file mode 100644 index 2cef8f6b..00000000 --- a/docs/markdown/logging-guidance/other-logging.md +++ /dev/null @@ -1,301 +0,0 @@ -# Additional Logging - -As of the release of LME v0.5, the Logstash configuration has been modified to remove the exposed Syslog port from the LME host itself. Instead, LME has been changed to support ingest from multiple Elastic Beats - to make it easier to customize LME installs to handle additional logging in a manner compliant with the Elastic Common Schema (ECS). - -As the logging and analysis of Windows Event Logs is the central goal of LME, this support for other log types is not provided out of the box on fresh installations. However it can be manually configured using the steps below. - -Note: We **do not** provide technical support for this process or any issues arising from it. This information is provided as an example solely to help you get started expanding LME to suit your own needs as required. This information also assumes a level of familiarity with the concepts involved, and is not intended to be an "out of the box" solution in the same way as LME's Windows logging capabilities. We are working to support other logging data in the future. - -## Identify a Beat to Use - -In order to ingest different log types, Elastic provides a variety of different "Beat" log shippers beyond just the Winlogbeat shipper used by LME. Each of these is aimed at a specific type of data and logging, and so the first step is to review the type of data that you wish to add to LME, and what your needs for this log are, to decide which Beat suits this need best. - -The following list provides links to Elastic's description of each Beat other than Winlogbeat, which can be used to evaluate their suitability, although generally speaking Filebeat would be used for most non-Windows operating system logging: - -* [Auditbeat](https://www.elastic.co/beats/auditbeat) - Lightweight shipper for audit data -* [Filebeat](https://www.elastic.co/beats/filebeat) - Lightweight shipper for logs and other data -* [Functionbeat](https://www.elastic.co/beats/functionbeat) - Serverless shipper for cloud data -* [Heartbeat](https://www.elastic.co/beats/heartbeat) - Lightweight shipper for uptime monitoring -* [Metricbeat](https://www.elastic.co/beats/metricbeat) - Lightweight shipper for metric data -* [Packetbeat](https://www.elastic.co/beats/packetbeat) - Lightweight shipper for network data - -Once you have identified the correct Beat to use for your logging requirements, review the Elastic installation and configuration instructions for this before proceeding to the next stage. - -### Identifying a module - -In the event you are using Filebeat, Auditbeat or Metricbeat, you will also have the option of using an additional "module" as part of your configuration to transform your data to comply with the Elastic Common Schema. In this instance, review the list of modules for the relevant Beat and decide if any of these are appropriate for the type of data you wish to ingest before proceeding: - -* [Auditbeat](https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-modules.html) -* [Filebeat](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-modules.html) -* [Metricbeat](https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-modules.html) - -## Configuring LME Permissions - -Once you have identified the Beat required, LME will require additional configuration in order to allow Logstash to correctly create and use the relevant indices. Specifically, Elasticsearch needs to be modified to allow the logstash_writer user to manage an index pattern associated with the Beat you have chosen. - -This can be done by accessing the `Roles` section under `Stack Management`: - -![Stack Management](/docs/imgs/extra_beats_pics/stack-management.png) - -![Roles](/docs/imgs/extra_beats_pics/roles.png) - -From here select the "logstash_writer" role: - -![Logstash Writer](/docs/imgs/extra_beats_pics/logstash-writer.png) - -Then modify the `Indices` section to include a pattern matching the Beat you are planning to use to gather your log data - making sure to leave the existing indices in place. For example, with Filebeat the index pattern would be `filebeat-*`, as shown below: - -![Adding filebeat](/docs/imgs/extra_beats_pics/filebeat.png) - -After this click `Update role`: - -![Update role](/docs/imgs/extra_beats_pics/update-role.png) - -## Beat Setup - -Once LME has been configured with the required permissions, you are able to proceed with the configuration of your chosen Beat. The steps for this will vary dependent upon the Beat you have selected and the logs you wish to collect. - -### Installation - -The installation will vary from Beat to Beat. In general it will likely involve either copying files in to Program Files and running a PowerShell script (similar to the LME Winlogbeat installation) if installing on Windows, or installing a package containing the Beat if installing on Linux or Mac OS. - -Note: It is also possible to install a second Beat alongside the host used to run Winlogbeat as part of the LME installation process. This may be desirable in order to simplify the configuration process and transferring of files, although in practice any host compatible with the relevant Elastic beat can be used. - -The Beat version used must match that officially supported by LME. Please check the corresponding document in [Chapter 3](/docs/markdown/chapter3/chapter3.md#331-files-required) - -The instructions for the installation of each Beat available can be found by following **step 1** available here: -[Current Beats](https://www.elastic.co/guide/en/beats/libbeat/current/beats-reference.html) - -#### Enable Modules (Optional) - -If using a "module" as part of the Beat set up, this can be enabled now. In order to enable a specific module please refer to the documentation for the relevant Beat, as listed here. - -Generally, modules can be listed by running the Beat directly with the command `modules list`, and then enabled by running `modules enable [module]`. For example to enable the Cisco module in Filebeat on Windows you would run the following commands from an administrative PowerShell window within the Filebeat directory: - -``` -PS > .\filebeat.exe modules list -PS > .\filebeat.exe modules enable cisco -``` - -### Configuration - -#### Log Collection - -Once installed, configuring the Beat will depend largely on what log sources you wish to collect, how you wish to ingest them, and which Beat you have chosen to do this. Please see the standard Elastic documentation for specifics on how to ingest the log set which is relevant to you. - -If using a module to collect logs, the log input should be configured in the `modules.d` folder within the Beat's installation directory. If not making use of a Beat which uses modules, it is instead configured in the Beat's base `yaml` file in the installation directory. - -For example, a Filebeat installation without a module used would have the log input configured within `filebeat.yml`, whereas a Filebeat installation that made use of the Cisco module to ingest Cisco logs would have its log input configured in `modules.d/cisco.yml`. - -A common requirement with this configuration may be to ingest Syslog data, as this capability was natively removed from LME's Logstash deployment in v0.5. This can be achieved by exposing Syslog as a file input within the Beat (or module) configuration, and then redirecting your existing Syslog infrastructure to this Beat, rather than directing it to Logstash directly. This has the added benefit of allowing the Beat (or module) to appropriately normalize the data, ensuring that it is in ECS format and allowing you to better take advantage of Elastic's built-in tooling. - -An example of how this input may be configured, using Syslog to ingest Cisco Meraki data into Filebeat with the Cisco module, is shown below. This is configured within the `modules.d/cisco.yml` file with the relevant options explained [here](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-cisco.html#_meraki_fileset_settings): - -``` -- module: cisco - meraki: - var.syslog_host: 0.0.0.0 - var.syslog_port: 12514 -``` - -From here, Meraki could be configured to point its Syslog output at the host running Filebeat, in a similar fashion to the previously exposed Syslog port within Logstash. - -**Note that this example is purely illustrative, has not been tested, and will likely require further configuration to work in a production setting depending on your logging requirements.** - -#### Asset Setup - -Once you have decided which Beat to used and configured log ingest appropriately, you will have to configure some additional settings within Elastic in order for the data to be ingested correctly and stored in an appropriate location. This should be done first before enabling the Beat's output, to ensure that Elastic is properly prepared to handle any incoming data. - -As with other steps in this process, the exact steps required for this will vary depending upon the Beat and module in use, but generally will require running the `setup` command for the Beat itself. - -As the Beat does not yet have its output configuration set up you will need to specify this on the command line, including the location of the LME host for both Elasticsearch and Kibana. This can be done with the following arguments: - -``` --E output.logstash.enabled=false --E 'output.elasticsearch.hosts=["https://*lme-hostname*:9200"]' --E setup.kibana.host=https://*lme-hostname*:443 -``` - -You will also need to provide the root Certificate Authority configured in [Step 3](/docs/markdown/chapter3/chapter3.md) of the LME installation process if you opted to use the default self-signed certificate. This can be done with the following arguments: - -``` --E output.elasticsearch.ssl.certificate_authorities='*Root CA location*\root-ca.crt' --E setup.kibana.ssl.certificate_authorities='*Root CA location*\root-ca.crt' -``` - -You will also need to include credentials for a user with permission to configure both Elasticsearch and Kibana, which in LME will likely either be the `elastic` user or a suitably configured alternative. It is advised that you do not include sensitive credentials on the commandline and instead make use of the Beat's secrets keystore in order to securely store the relevant value. This can be configured by running the installed Beat as follows, and then entering the password when prompted: - -``` -*beat keystore create -*beat keystore add ES_PWD -``` - -This can then be used with the following arguments on Windows: - -``` - -E output.elasticsearch.username=elastic - -E output.elasticsearch.password=$`{ES_PWD`} -``` - -On Linux or Mac OS hosts you will need to swap ``$`{ES_PWD`}`` with `\${ES_PWD}`. - -By putting all of these arguments together, you can build a command that will run the setup process of the installed Beat and configure both Elasticsearch and Kibana within LME for the logs you are going to be ingesting. An example of how this might look for Filebeat running on a Windows installation is shown below: - -``` -.\filebeat.exe setup -e ` - -E output.logstash.enabled=false ` - -E 'output.elasticsearch.hosts=["https://elastic-lme.lme.local:9200"]' ` - -E output.elasticsearch.ssl.certificate_authorities='C:\Program Files\lme\root-ca.crt' ` - -E output.elasticsearch.username=elastic ` - -E output.elasticsearch.password=$`{ES_PWD`} ` - -E setup.kibana.host=https://elastic-lme.lme.local:443 ` - -E setup.kibana.ssl.certificate_authorities='C:\Program Files\lme\root-ca.crt' -``` - -This will output the outcome of the setup process to the console, which should be reviewed to ensure they have completed succesfully. - -### Troubleshooting - -If there is a requirement to perform the setup manually or you are unable to use the generic `setup` command above, each step in the process can be performed individually by following the below three steps: - -1. Load the required index template -* [Auditbeat](https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-template.html#load-template-manually) -* [Filebeat](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-template.html#load-template-manually) -* [Functionbeat](https://www.elastic.co/guide/en/beats/functionbeat/current/functionbeat-template.html#load-template-manually) -* [Heartbeat](https://www.elastic.co/guide/en/beats/heartbeat/current/heartbeat-template.html#load-template-manually) -* [Metricbeat](https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-template.html#load-template-manually) -* [Packetbeat](https://www.elastic.co/guide/en/beats/packetbeat/current/packetbeat-template.html#load-template-manually) -2. Load Kibana dashboards *(optional)* -* [Auditbeat](https://www.elastic.co/guide/en/beats/auditbeat/current/load-kibana-dashboards.html) -* [Filebeat](https://www.elastic.co/guide/en/beats/filebeat/current/load-kibana-dashboards.html) -* [Metricbeat](https://www.elastic.co/guide/en/beats/metricbeat/current/load-kibana-dashboards.html) -* [Packetbeat](https://www.elastic.co/guide/en/beats/packetbeat/current/load-kibana-dashboards.html) -3. Load ingest pipelines -* [Auditbeat](https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-template.html#load-template-manually) -* [Filebeat](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-template.html#load-template-manually) -* [Functionbeat](https://www.elastic.co/guide/en/beats/functionbeat/current/functionbeat-template.html#load-template-manually) -* [Heartbeat](https://www.elastic.co/guide/en/beats/heartbeat/current/heartbeat-template.html#load-template-manually) -* [Metricbeat](https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-template.html#load-template-manually) -* [Packetbeat](https://www.elastic.co/guide/en/beats/packetbeat/current/packetbeat-template.html#load-template-manually) - -#### Retention Adjustments - -By default, Beats will not set a retention period for their log data. This means that they will continue to store data until the disk on the LME server is full and runs out of space. In order to change this navigate to `Index Lifecycle Policies` under `Stack Management`: - -![Stack Management](/docs/imgs/extra_beats_pics/stack-management.png) - -![Index Lifecycle Policies](/docs/imgs/extra_beats_pics/ilm.png) - -Select the Index Lifecycle Management (ILM) policy with the same name as the Beat you are using and then select `Delete data after this phase`: - -![Enable Deletion](/docs/imgs/extra_beats_pics/deletion-enable.png) - -This will enable a `Delete` phased, which can be updated to remove data that is the desired number of days old. The exact value to use here will depend on your average log volume and retention requirements: - -![Update Retention](/docs/imgs/extra_beats_pics/update-retention.png) - -You may also wish to adjust the default LME retention settings to adjust for the higher log storage associated with storing both Windows and additional logging data on the same LME host. This is done in the same way as above but editing the `lme_ilm_policy` ILM policy. For further information on this see [here](/docs/markdown/logging-guidance/retention.md). - -#### Elastic Connection - -Once the initial setup is complete and Elastic is correctly configured, you can configure the output for the relevant Beat in order for it to talk succesfully to LME's Logstash instance. - -As LME is already configured to allow Winlogbeat to make this connection, repurposing this to include additional Beats should be fairly straight forward, and can make use of some of the files already generated. - -First you will need to create a client certificate which can be used for the Beat to authenticate to Logstash. This can be done by executing the following script on the host running LME, which will output the required files in `/opt/lme/Chapter 3 Files/certs` - this script will need to be run with elevated privileges in order for it to access the required root CA: - -```bash -#!/bin/bash -cd "/opt/lme/Chapter 3 Files" -#make a new key for the client Beat -echo -e "\e[32m[X]\e[0m Making Beat client certificate" -openssl genrsa -out certs/beatclient.key 4096 - -#make a cert signing request for the client Beat -openssl req -new -key certs/beatclient.key -out certs/beatclient.csr -sha256 -subj '/C=US/ST=DC/L=Washington/O=CISA/CN=beatclient' - -#set openssl so that this cert can only perform auth and cannot sign certs -echo "[server]" >certs/beatclient.cnf -echo "authorityKeyIdentifier=keyid,issuer" >> certs/beatclient.cnf -echo "basicConstraints = critical,CA:FALSE" >> certs/beatclient.cnf -echo "extendedKeyUsage=clientAuth" >> certs/beatclient.cnf -echo "keyUsage = critical, digitalSignature, keyEncipherment" >> certs/beatclient.cnf -echo "subjectKeyIdentifier=hash" >> certs/beatclient.cnf - -#sign the Beat client cert -echo -e "\e[32m[X]\e[0m Signing beatclient cert" -openssl x509 -req -days 750 -in certs/beatclient.csr -sha256 -CA certs/root-ca.crt -CAkey certs/root-ca.key -CAcreateserial -out certs/beatclient.crt -extfile certs/beatclient.cnf -extensions server -``` - -Once completed the script will have created four additional files in the `certs` folder: - -``` --rw-r--r-- 1 root root 191 Sep 21 14:52 beatclient.cnf --rw-r--r-- 1 root root 2013 Sep 21 14:52 beatclient.crt --rw-r--r-- 1 root root 1667 Sep 21 14:52 beatclient.csr --rw------- 1 root root 3243 Sep 21 14:52 beatclient.key -``` - -You will need to copy `beatclient.key` and `beatclient.crt` on to the server running your intended Beat. You will also need a copy of of the `root-ca.crt` file from the same directory - although you may already have this file on the server if you are installing the Beat to the same location as you installed Winlogbeat, in which case it can be found in `C:\Program Files\lme\root-ca.crt`. - -Once these files are copied succesfully on to the server where your Beat is installed, they should be placed in a folder where they can be stored, for example in the same folder structure as the Beat installation for ease. - -After this, the Beat's configuration file, which matches the Beats name and ends in `.yml` within its installation directory, should be configured to include the output as follows, replacing the sections in asteriks with the correct information: - -``` -output.logstash: - hosts: ["*LME hostname*:5044"] - ssl.certificate_authorities: ["*Root CA folder*\root-ca.crt"] - ssl.certificate: "*Client certificate folder*\beatclient.crt" - ssl.key: "*Client certificate folder*\beatclient.key" -``` - -For example a Beat installation on the same Windows host running LME and pointing at an LME installation in the domain "lme.local" may look like the following: - -``` -output.logstash: - hosts: ["elastic-lme.lme.local:5044"] - ssl.certificate_authorities: ["C:\\Program Files\\lme\\root-ca.crt"] - ssl.certificate: "C:\\Program Files\\lme\\beatclient.crt" - ssl.key: "C:\\Program Files\\lme\\beatclient.key" -``` - -Once this file is succesfully configured you should be able to confirm everything is correctly configured by running the Beat with the `test` command. This can be used to confirm that both the configuration file is correct, and that the Beat is able to succesfully connect to the Logstash instance for its output using the following arguments respectively - -* [beatname] test config - Tests the configuration settings -* [beatname] test output - Tests that the Beat can connect to the output configured in its current settings - -If both of these tests pass succesfully you can move on to start the Beat and ingesting the additional data into your LME instance. - -### Running the Beat - -Once everything is succesfully configured the Beat can be run by simply starting the already installed service. The exact command to do this varies depending upon the type of operating system used on the server running the Beat, with more specific instructions available here: - -* [Auditbeat](https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-installation-configuration.html#start) -* [Filebeat](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-installation-configuration.html#start) -* [Functionbeat](https://www.elastic.co/guide/en/beats/functionbeat/current/functionbeat-installation-configuration.html#deploy-to-aws) -* [Heartbeat](https://www.elastic.co/guide/en/beats/heartbeat/current/heartbeat-installation-configuration.html#start) -* [Metricbeat](https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-installation-configuration.html#start) -* [Packetbeat](https://www.elastic.co/guide/en/beats/packetbeat/current/packetbeat-installation-configuration.html#start) - -After this is done and the service is started successfully you should be able to view data in Kibana as usual, by navigating to the index pattern that matches the Beat you are using in the left hand side of the "Discover" view: - -![Filebeat selection](/docs/imgs/extra_beats_pics/filebeat-selection.png) - -If you chose to install the built-in dashboards relevant to your Beat you should also be able to make use of these. - -Once you can view data in Kibana your setup is complete, and you will be able to continue to use LME to review the standard Windows logging data, alongside the additional logs you have configured above. - -## Troubleshooting - -No specific advice around troubleshooting a custom log setup is available, as the core function of LME is to provide an out of the box Windows logging environment and extending this to additional logs will vary entirely dependent upon your specific requirements and configuration. - -The generic troubleshooting steps listed [here](/docs/markdown/reference/troubleshooting.md) are still likely to be a good starting point if you do encounter any issues with this customisation, and should be reviewed if something goes wrong. - -One commonly observed flaw with some Beats is to default to a relication setting that is incompatible with LME's default single-node cluster, causing a yellow cluster health state and unassigned replica shards. This is likely to be fixed in a later release of Elastic, but in the meantime details on diagnosing and resolving it can be found here. If this re-occurs each time a new index is created for your additional logs, it can be resolved by editing the index template in `Stack Management` -> `Index Management` -> `Index Templates` -> `[beatname]-[beatversion]` to include the following settings: - -``` -{ - "index.number_of_replicas": 1 -} -``` diff --git a/docs/markdown/maintenance/backups.md b/docs/markdown/maintenance/backups.md index 43442ca1..9a48e993 100644 --- a/docs/markdown/maintenance/backups.md +++ b/docs/markdown/maintenance/backups.md @@ -17,23 +17,11 @@ consuming large amounts of disk space. ### Create a filesystem repository -The LME installation creates a bind mount in Docker that maps to the -`/opt/lme/backups` directory on the host system. +LME sets up a podman volume called `lme_backups` so that backups can be saved outside the container. -The LME log retention period is determined by the amount of disk space on the -host system. Therefore it is **strongly** recommended that an external drive be -mounted at the `/opt/lme/backups` location so that both disk space is conserved -and to ensure that backups exist on a separate drive. Backups use a large volume of disk space, and if the storage volume provided is not suitable to store these logs without running out of space backups may cease to function, or LME may stop working altogether if all available disk space on the primary host is consumed. +######NOTE: If backup storage becomes an issue, LME team will be adding documentation for how to manage the size and storage location of backups -Once the external drive has been mounted on the host, you will need to ensure the ownership of the `/opt/lme/backups` folder is correct, to ensure the elasticsearch user can write the backups correctly. By default this folder will likely be owned by the root user, and this will need to be changed so that it is owned by the user you created during the operating system's installation, typically Ubuntu or similar. This can be achieved using the following command: - -``` -sudo chown -R 1000 /opt/lme/backups/ -``` - -**This will allow the user you configured during the system's installation to write to this location, so ensure that this user is appropriately secured.** - -You will then need to create a repository for Elastic to use, which can be done through the Kibana interface. +You will need to create a repository for Elastic to use, which can be done through the Kibana interface. First navigate to the "Snapshot and Restore" page under the `Stack Management` tab: @@ -94,8 +82,30 @@ select the "Run now" option for the policy on the polices tab: ## Backup management -Snapshots will now be periodically written to the drive mounted at -`/opt/lme/backups`. It is recommended that these are managed in line with your +Snapshots will now be periodically written to the volume `lme_backups`. + +You can find the location on disk of these backups at: +```bash +sudo -i +podman volume mount lme_backups +cd /var/lib/containers/storage/volumes/lme_backups/_data +ls +``` + +it should look somehting like this: +```bash +root@ubuntu:/var/lib/containers/storage/volumes/lme_backups/_data# ls +index-0 index.latest indices meta-cuPUnpl1S0Sx8IkPIWLoEA.dat snap-cuPUnpl1S0Sx8IkPIWLoEA.dat +``` + +You can now save/backup/etc... however you would like + +**Make sure to unmount when done** +```bash +podman volume unmount lme_backups +``` + +It is recommended that these are managed in line with your current backup policies and processes. # Restoring a backup: diff --git a/docs/markdown/maintenance/certificates.md b/docs/markdown/maintenance/certificates.md index 5751dcdd..a45d6ddc 100644 --- a/docs/markdown/maintenance/certificates.md +++ b/docs/markdown/maintenance/certificates.md @@ -1,156 +1,114 @@ # Certificates -The LME installation makes use of a number of TLS certificates to protect communications between Winlogbeat and Logstash, as well as to secure connections to Elasticsearch and Kibana. These certificates can either be generated by the installation script, or imported from an existing trusted Certificate Authority if one is in use within the environment. +# +The LME installation makes use of a number of TLS certificates to protect communications between the server components and agents, as well as to secure connections to Elasticsearch and Kibana. +By default the installation will create certificates and this documentation describes how to modify and update the cert store. ## Regenerating Self-Signed Certificates -By default the installation script will generate a root Certificate Authority (CA) and then use this to generate certificates for Elasticsearch, Logstash and Kibana, as well as client certificates which will be used to authenticate the Winlogbeat client to Logstash. - -These self-signed certificates are only valid for two-years from the date of creation, and will need to be renewed periodically before they expire to ensure LME continues to function correctly. Note that the root self-signed CA has a validity of ten years by default and will not need to be regenerated regularly, unlike the others. - -Regenerating the relevant certificates can be done by calling the "renew" function within the deploy script as shown below (*NOTE: You will need to know the IP address and the Fully Qualified Domain Name for the server before doing this*): - - -``` -cd /opt/lme/Chapter\ 3\ Files/ -sudo ./deploy.sh renew -``` - -This will prompt you to select which certificates to regenerate, and can be used to individually recreate certificates as required or to replace the root CA and all other certificates entirely. When re-creating the certificates due to an imminent expiry the root CA can be left as is, with all of the certificates which are due to expire selected to be recreated: +The easiest way to do this is to delete the `lme_certs` volume, and restart lme.service: +Be advised this is destructive and not recommended, but there could be cases you would like to recreate the certificates. ```bash -Do you want to regenerate the root Certificate Authority (warning - this will invalidate all current certificates in use) ([y]es/[n]o): n -Do you want to regenerate the Logstash certificate ([y]es/[n]o): y -Do you want to regenerate the Elasticsearch certificate ([y]es/[n]o): y -Do you want to regenerate the Kibana certificate ([y]es/[n]o): y -Do you want to regenerate the Winlogbeat client certificate (warning - you will need to re-install Winlogbeat with the new certificate on the WEC server if you do this) ([y]es/[n]o): y -``` - -### Re-configure Winlogbeat - -If the Winlogbeat client certificate has been recreated this will need to be copied over to the Windows Event Collector (WEC) server and Winlogbeat will need to be modified to make use of the new certificate. - -The deploy script will automatically create the file ```/opt/lme/new_client_certificates.zip``` if the Winlogbeat client certificate is renewed, which will contain the newly generated certificates and should be copied over to the WEC server as described in [Chapter 3.2.4](/docs/markdown/chapter3/chapter3.md#324-download-files-for-windows-event-collector). - -The Winlogbeat service can then be stopped by opening an administrative PowerShell window and executing the following command: - -``` -Stop-Service winlogbeat +sudo -i podman volume rm lme_certs +sudo systemctl restart lme.service ``` -From here the service can now be modified to use the new certificates. Firstly within the ```new_client_certificates.zip``` archive copied to the WEC server, the following files should be extracted: -* root-ca.crt -* wlbclient.key -* wlbclient.crt - -These files should then be copied to the following folder, overwriting the existing files when prompted to do so by Windows: - -``` -C:\Program Files\lme -``` - -Then within the administrative PowerShell window opened earlier, restart the winlogbeat service by running: - -``` -Start-Service winlogbeat -``` - -Lastly, open ```services.msc``` as an administrator, and make sure the winlogbeat service is installed, is set to start automatically, and is running: - -![Winlogbeat Service Running](/docs/imgs/winlogbeat-running.png) -

    • JpIaQpa>oGtO5ZJhf zm6c(Y?$3xU+&uZQp8PbSrfzw@pCg^QW=+UMozLamMYiVal^Q_s4k{)J1&d^@p za(4V~Zv5fFh!sqM4AH?Bces}r>DN4Em(Z@ajxsGWz2eqK_WsSvtxr3cOorE7u z5lvA#ozZ>nmOA4OO$(~EuW$F}lFhtpYiP|5_Q{|k3G$|_k*d6g29gG%H(~ld1^e%(~|U$c;D>D^~$AtjSK7R_935WVqeSOA2c)KFXm|-bONTf#K@4 z>7wr+O;vZ$YR&2Sr5J^^Z+JQ22)&9SJ-D6lzD1;!h+TsztYE}r0$w(bRS{9>Pl!F6 zK-oRnhI!3nlS&JsvI{YZJ(w`2xco1_xAlXh6N^`~?SX#M0`Mo3HtB6Uh2B&N5=0AqEN` z#kVl=62!WKN{w(Q1OB@3-!E=YG%Zc*hmQtv(3m)>F>>kD~2u9Kj_}=A|%-AVUhfoQ0z&l*bj>fWowul*NC$p+q6Y9@?yOra)w)+ z%erHd`YwNd>=|5GNv3p#3%2cfp(bd)^D?7fSsuS1ZxOM-ky0-Yg?EY{@vS4oo8#ri zt2{)(Ft)e-QJ%}&&jKk{cmRUPs)w^fb|B<(UHh< z_6U`%Zy!Xwpl4TfS1|keM@{<{2=*3z**i`r)Aqg55u=$K@fsLYQ9sR|BN_FNQqXAtAKx{ZcS8Tkf=ryg_7&vXxR)j`g(qMr1LM zW{Pp!s-r|^;U(8SA+But^*FvNq-X{LQQzV^QqtcexRC%gCHAbYGuR#X6d|~56REN2 z0;VAfPy#Rp=vF5bi)m0A z^_(LJUun~5Eemie#F>;DsP#n%30$c9{>oS+u53X<(L(iIrAeIV^W90pYF4NoA@kFM zeZrarY2TgKz0qE!TCjh-4i&p{ldcn(oJ93?h_G*c``95^WFb_CTDA4sgf5UJ&Yg1k zBSSiU@3T&zr<{v0s?d%CYu(guO}{7)tHfY(%fx-&Q}I524Ps+{*N9zchqH`6pwTsb*tZQTX<8j!6SfZAcLV-vrkTh6U!YAagbXZ7LR^@b^ zgd3G7cz}@7eF$cDhAYr7@f_B8EHYN4ZVorWW();*#@duL&c3La&ZNLO$1*tkrJVhJ zc)Zi=5~0)6c}jg$A?xAt1k* zAo57OIt9(8t7yxlO>}#3qN(gw1#LPsJaMwwM_>rSxc&@o36j_A?uKfxzhl7tpn5*t z?c*PORS(ut1c2Nwr#RaW-W1e`mK-g~Yj_otm6a9ig3AQZLUuv~P<+TGAz0|m!|P!D#Sb` zP575w_w46WgVP(r_4GZ10M)Q98V7{a!*QhwGJ+F9yI^0nAcU@iVI9$PSkE?l+gZwG zANfO{Bxbx1#p6dh7!VkeAVE6*Dk`8u)YForM=Dur9v!5npXB*IZ7jKEudlt3pjp=A2v)wp=uYsCp=6V+`rzPRh;a`a+q8jYa!^c* z1w~3=yH={JWx`+LFl_Zj-?|0wl7gpz;Y!WtT^;*+w5GGCm8{>*PxI|rY#f+{U%zAH z-x_ONu9N*7PHa;7<%U#}b(w}6ka=iiNfUBKlTH0@^4Y{=Z%FoQyD}>WBE+8q*qD5i zJT0RZhjD`s)niW@wF=ETp@8+{bKJmGazw$@$bEX@!r*(&lHgDy2%b@hPTVgBycJ)X?hK%t1G@~ zFA7avTEL=ewm*&5rC)in#;<+0u(i(Po~*NvEteY*a4>5DF%{RwtGwN<66LQ`N1`wx zI#aK=JxfAJ*-1^cRBJ+NWis9?+jI@qQJqT1@VAMdUIt^M@B|CJhkr|JrIf{C z!w%iDise#QP)ELvam=0er2ESK#UJQNfdp9tu1Coia6XdBZ$y05V;Z%lPCR6qKHF=M z6HH;$c|oD>z91*w)E>UnzOFI5zyg4rt0l%j;Ify^4eZp3oqxh-Zsxi6O)~5*a@|_! zyu2nj-d|a;yIqoD{jPfr9ue)SaGebB4#l{Y>pFKy4iI#bvtg4xIWa0k6FvjghPlw4 zY6zDvaGGu)(4>bub3~tbyCrMeo&`}Gq@m~?R~`kOdod(UwmTNfc@`^qG?-qmJ)cnW zjSK$NK=9#Iqj|;jKywZPWzRl?F;w?9MCI=|7YJsqOkuXVss8_Bv!<-M>k{4md+gBv z!ifFPThPq`!+zfXVz*cSY0Klf`J60ezS-~Dw+|vdVU()?b6?0syQKW^$@3@`*>A<| zV`SPvggDBp-6Gk z>2D#Yi@UM~^U3>78aWPWT`st+TV*#zlUZ|>>51natwsc2*t}~}U+6%I(rGG0f{bS? z-)R`?t@f}Q!?+Bf>6vZ@9(IoFavpJNvFQew&jw~I_>=NmCxJ<`9wPs&yzhb9;5Ap0|jk46sw?a5vk=a$g=c{&V{o3p{d^Du+Xz;-5ko4dy z3wjLDo$_NG?`9n2vnY0*K6ibd(!apOUOTLvEK&0z zR&JCx56m8a_{3XhlS1=%*-HFBstZNOo_*s@rQNAr#YX1kNgB6=WjKUPkX>iG z&a}IY%g@gzt;DI86`{g5N9c0S_4+1_Y1f=kWq9;5z;iK|hhv9!OgE(*=iT|aF0Nne z$tdni}g8Yy64fr;$<~b)d9+&fW}0tyl3s%(JqC^ zvKWBfD=PkuNVuzJR6&ouZ;*nc^8oqLD8+=7Los%gVkEGc=!%)py1Uz@TUUFLq;CK? zumZj7rywzKW=Rn|tOe6w)t8V-wcT zFB+y~bo9|6tPy~u<1Xxu1wIQOIFGRA_gG+6T!^*o3J+0=!Y}y6&vqMRH)qu=ipP3o z#i5su&YP6B0fcqNeaP{^Y+tDUmERFZm*3>x3A;TDFm(K&?zO#-%UaGjzF6~YvEt~^ ze3y?>(3mZHQ*qS2`q-0utf|wShb}Do@lSVjAlUT)KhZ=yb{*n=U+pfTLK%1l!=oIN zwa!vX=T$qVugVDONTvc?$A^ed>4C)&V`zZH_BWS5pJ!qD9)Oyh!at{0pSz8{t*z^w zUcTj{pjRL-e^cLi8}OaL7NUBuuDopRoCzmO7~X4T6f(g4SRdtpn9YK+Eo-k6`guZyNjOKxLKk0)cq7Z{hYoe!i1mI}dlY4*DCN=H5vn zHU#uM{hPU?kXk3c_@!WNY9~P@xl1Lsj7MMupp@^Gv*#zdPieIi<(5)i_)LbX(bHlD ze!LlWLRi6*Yry(kpz3tfPblTgd{}CO%nHRnv2bE>*&mN3w#C`K>z={%7>P=N!5}v9 zof7V>cJ8@0uQt^0gBQ2{Y!1smB~D}rh|r6`Y2@~^kAL;b-!FcAr|7wp`q-oH+U2>{ z5BE=Q9p4!UHA=Lo-RXLA9Ts%2bbR-aFs||g^4GsV^AE57e<*Qs?)nYu?o|n|R+mmM z&uKqlM?EJXDQfveHBvt{rMFtm;_Um>PBBHpn^h4CG_D6~`)*C<*;S~#M+;di4}*66 zKN4TIhut(AKfLB7Q#e9aF5g{zi<~fGq8BU4?`GJ7=1gyqks>03_(Mly8t2L*AD>g} zignoNgzDWNv}5b(qW!qwgtcXo^NzJlm21U~vq++4eY!ZkQulRg&CS@5*0R)?Vs|+Q z*xMRtT#m~$M5V{h|K5E7P>?i7Xxa7c6+W!#{rIl^4%IJ!F&JbXOd<3XfmT!tXBO=b*+@#_xYljMw|_x_~j-BAwQsawY`I_3?xx3Q zlS)>&^-k=v2r~9ynsda8!DMfsNYxR%c*Zge+TPTjNQY^)u+pfsM`Job!;3~u*P4U1~Z`9OD{|ohDkjY@2oKP3g0- zvSIWz^A^&TgEbq%Lv4(HU0-@#xnnkkfjE_%mf>M?>#tD{xBRVJPsMc?yWs92H$~P3 zCtuZt8)@LhwSNKvO9H|p@rot|4`q0p>UjXY=WAk>)?|3so>)vQ6~aOD;hYZ)oNrVXJ&P5wPeC||29X>6(d&D4 zt2o{<@30rUPUYQ+E~NJmUvddfUWaN4Fy1xeYjCfU*6udhei$h@AZU4yY8zG>6&v|3 zWKp?4q?^Vrnvuv|-Uy^iNKj|6PL_x7{3i@PL4XO6fh-sL*HVMm2UosqUv|R7+xip3 zq+E>fX@}`CObi93{}i`qwAiI&VZIWr^h`w~$KQC%n2(}QLI|Z}>VW<6wiB9_8aZtGT8j^qkpa$ zwxDD9oRzBlOS`^TIK{Tw{=|tooiPXU&gVFHA1jK6Q+23;NnI9!2Pfz<0?2FQGYP6u zyjhJr0^5d-7RT9H7q1%>%=x3>+pHjkl>)I6g0WtYyq-Fp#KtuP1IeD641Tuay>4IG zKNv98x>llNowNR#tm(QMcy2Ap%lxx^Sasill~KjGe8D)!HKX!Whx}J){%nX$77;BWB$PHPz zvZKlVkb&8C#hU4$YoMtdn>0&bm1N1ums=c352;Dh96IWBn1FQUr3?LCk|f>g+YvXq z?>?NPX0otz8n!7YIJaknNpzsMCGf4UOA|`337PHtSz zJGEcBuV1@7wf|O5%ENoQ1KXq0g-$TKG|cs$T^%vDuncsV!p7BV+$(I{4XEXSFEAAi zdtA5=Ezk9G0g4A8knA>mQsTv$#bWT!#^r9RDO=g%4%Nn} z@xRT}Don-{x@viP>Ld)O9u|tR&!kjP*mOqTA{O5`=_}n%)=onAc$>He&HG1Fe>3^A zUhDl?%Z4rmQwCgnfMXOFi)h#v4CfS?!|pG~6JUA_0Vh|F^^cy1@rPv7E0s$@p|nl< zs@pu(5id?807^PIK!=70h==1>VM_Zs?go;9Ip6uuPEbxlvrKHUKEo`ia2glsnr zHcN4ZT>G@r*x=zwnd9GAtoX`;T?uZU~QM+(^=fj}e&78ZH+Yrmr?x2GlpeJ7?oI#oA4EC9mz!Hs8XZ}u`n4ko4d z7lJFo%s;-33Z0_|KWo0V(c0vCM7Mm+zI}Sac6%j+x{$k0-gkO>iGMExvd(!__|G={ zvmgFBAO6pLFLK1!nEM=xosJm-FN%@%+lai$y8PD|RKSfJ5 z;tgiMsqgZ#`fA(l*YPKlx_<7^vIWrUIJWS8j%~aDvk>Jb&DJ34eD<#_g-EPZN6Fda zp*xQ~9uLZ=H}H=$2L~UO6w9IMmB9~EBoX=nZQw3uaZxV8Jok~NbDMUWXXPo?8(f-? z9zd&I8to=S;tj_(ENGUA6HJOh0cCV~6O^^3%&%&;xce4j6!W>(;zV=j8GQ2t(Ja%QoBNu<>FG}ZleP(J)`#?@Bf$!=n?tmf&&=7 zbFkAu_)I0b4pr^*z(q9Kxl67p!j?aBni3ROJH1whBlu~8KuYi4Z3C2CdIoR-53~9V zDlB_|p|LCiFnj=cPCz1woo8ldo_5S!C0WXd2z;Js2E}SE`RWTTvuX16*m{qH zLR(aAYw#np8Gq#Ie>+cppWlGe2`#=~YP#%|CuJsl_Dj*rGv!l`qG=*)NfCV!jdm*r zlCLoKXC9&ef+e@u zwgF4BhMxv2NS?u}0VW&EZq~c{=V~5RRt*gnI(wPGIG;8tkH|-Ew^n->%O)45@`*+9O(7HSoc3*;GNQ z;ji{SA$KjHr%|sazDwp+TYp`w*N?M*@xkVe%P+a{yu_+I3$3+hD_YC^Z zov>=#N-BS}t@IU;Ghjn?_Q7#j{)^X!Wk=rYzGR=%bP;fz6L2g!LVA~0{^XK3(Wx0) z6>+50{!EhOp8j17wJStq6F$V%EV)SKa;fd=+*KN?Eb^K+EUzQH^qj`Gt{8^x&xNj~ z>3IlUNOB((31`wc-t};aFglkXtvg+;i`;r|eG?T{{MvuZa-+UhqGzdowHV+Vn8e~~ zW4^7t9MFUTbttP|uOt*M@2+RBuR0XIXZp)T*9hbjQ&oN*;F&OC$kRP&Fyvf=U3^vv zAHcsNmNf^6DAnRX7`OA@8o5a|!LIQA4M8KMi(!Sfbk-cD*z1kEG1a3%USyn9)sDVc z>^nv^U4af%G^Ht3NQg)&brd~0;^t_bxDdbA`VkP3X`05`2gvhlf;p?d&|xO-bar)y z3D@e(=)CCJw_myi6$)me%->s&pKyju3?Z<7-6vr(V^tU!EZeu0RbHQKD&gI`DW!1k zC^eIw^)lBWojyiN>~`(Jcyku2yfEJqhPohA;KurhAZGY-Y~bCn^s#s@h|np7yz?Me z*z2i=;CjWw?1F(@?wo;ijn4SORZHv z#@f~8BR0Xj*s8iuMtA!4rU=?mTqjmpQEC%ug|ZTSa;w6K@-vko>=sunntSOk$u1$t zD+UC^X7{M{(G_&7hsOt~2y$7)r3pXX`3&Q*wijFPI_nOWDcHWHj8HFe6HEQ6;QOlT>fMl4{<&oW)fl1BX5XqZv>*`%I)786w}U zH3ii$aPbMQ3PD!ou`Cq3sk z5v)$)MxVa)@T{~edVev0J>tIA2_Nvz@DAilN5u_!41pkZ1vD?XCC3cNiow20mvdLw zd&hVNGH#b%@|+CbIvh!>&+i=XoZSk~zg>v;-DW+MaP1V}I?JNg7nN!Xq*q zN?&jl_1?=Qlo>-Ia_(AoWhF=e0$?v-667yDSHF#3f=pgp?(|xprJs^}wJdFiUD98# zh+ew=j_e<&vryGNHK+d`1{2M&(-Bic=wH#7{e1~l(5b|tgkL)s=W8hbnc1#WGUR@6 z4BF+X*C5E^C$X&h)X8H7On6*9thAZS7LcUSgIx1$2^R`Ji@8;aXxh#F zuxFnbT*0xtua*Wl3;Ne=A*OC)M3iA~1Q5OFT<=xW5+;mSJ>!_N@;biByLIQ0Y?#~*rTG+T>GGqKqeP=iyOXysT7OBo{#RqKgDF}~79MZP4<7d4YZe-K+T`E; zgX!y=?LCm`y)b_&5TX8OL;hipB)uR$qf8PD9ZmZNcOBCl8hgx3iFv!;1@U}6BX5;+ z6!L;K!9O?B`0=Su84i6A^SQA%*xT`>M$0$G?-+SKdUU1s%^|?|g|Vl3>$8ET_1a;6 zs)Y@y8peG%mrWpF)R5a1gt6zay=$Kiip~)wu&Qld4F7jyDZSs(XuZ+17yLTQKA1HFXt%zRFfvY5?jv-*lR<8EvGmGXs4 zY4oW2@^|eq#)cePibl5et*WE)wvUzE;>S!W-pq?)b>dajMNAnZKoO%{Emv0&acliR zkZt=hVPH}#n@iK|?bA2wqxZNK+aY+do*`G&jD+G&LF}tlQg5SCpG)!y5aipXqR-YOot2(a%#|hVy)c5 zB)3dXI1R|6C^E10%jroI^JWP3>8s4NFpW_r`29`p=4 zNbyM)&#Tb`ka1$Ek0)QB-ayQbRo>In3|B8q_b`uXi(X-pl^E)N%Q3|0grI4sQxA%b zoZseN3b)*(C6T3+Nvs{0iL!T$?_O?~2FPv7#7SBnve!?~WJqSdsT5BFs3CznTxD|V zcc_M3S{=+PQvr>9I#-QElB?V_%p##pmt3=-ft8Q6~!lW3eZPU&=q_YAZmcO09RkMd( zA8SStkgZkzPo1CaG*#+8iFX+p^ee$1UG!p_Ix@TlEDhIIkfW5+z3t8>^hY9NLXeRn zQi`9Wr#WbgiR8IBMq7XRYfAm67ysKND3$@rv^t*b7?HU6TX6Zx4Lrkwme|080*lfhq`$&nV z_F)DU95_DC4bTTEd_rIl5%yfCn-8=W@9YljyvIoOWfSp26{y+IU0w?kC9Mnk%rE_4 zSsr?z3ro~(Q5c4go?mJGo$AB`4x`2&N*YRkG}(vAh%~+;u7%3qXqnmlsd1a7pI=+j zUXs7B%r~xq>D%HbSSZ(@hJ1a$gwXP|7XRSZ!>4M(m~9>IAJJ=sQ=N@LbEo2e$%rIH ziNB8()2+SQ0xktKj^QNDE0M$7_WVx-osyM%Q2wyNs<3n)p6Ws3(a#CqO%CbkvuedN zCi2f*-rwMQ#Awo4EQdZv6}s48;%gKhye}p)a#qO@%eva2zvFQ?DkG;hr4+GM?~;R- zViK`ld4aKZ079|+o&6ot5jv$Lpe7ic-tRL);10||yN?4UmV3JO)b(}|LfjS_y}ssk zi2gk`V#XOR#-gRS zxIf{Xcx6m2KGu*bVjL~w4E^L^@T<;RWhbD{N5&Zzb=h<&m?*w3Gl6JQOmK3ACK3a# zMwO53&*sTG$$oMx5{$JBs9r5T+;`hScxOnEGbs_RzIs5e{6Hoi02Qvjo1P z+kbNqu*2fzp~k@7ApmP?7Yve^!r8$UY@Rli&`ARGYxWF=`IQn%yLs;6S<3nTYV`EdA@lkF*bm;Zr2YA=A+AXPl5Th za}X*yTL%r1yBh+P85kTPk2cx)ZiWOOT`u98&x*;4$z0Z(0S#ETZCWC7GyMZy?~WBo zk5)2qSTGoC`k+^QOTvb-szYmi;BoI1C`&lF9;Y~V=53S+lPbjjJkcUEGe-@NAvS?>^4kgHHyAmATzq96UA0Q^TX(ZbbCC=fdj=h4FsK*Gq3Mc;fQs&&1^s5i9 zq(gGfIuoQ{uzbg-wkwL$4X@4J1XN|0NBdtZ7EPG)Ty2j}&-d(K++8ixFZI0fW_XH* zTqIl4E^&4UC$nt>^gft`4^H!wEM$J2K(GoCLGU%Oj>Y2uJDI&NELdr3#DmEh=J84E zUVfflTX80y$u@+;mytlz8gkb8_A)6D{EM& z1;lp(zH7;urq$v6rn}FuB{iqgwd6rZ>gn@k0_@9G1O+3P`YJ3ag5{a?&bk&Pti517 zE8lN-&HBCZsHG_bTbs7kWcXxn@=9`?ig_(xhc>wwN{o5#R#aB|a;V?^mn@NOO$*YV z4sP@YN4%u#L%GG|!!o<0IQ531szraHLjY9vb}v}v8RtqndDPF)#GkLm0v0HecHU^I z$e7LAw5H_h&#~(_)Z*SJA6_%CM=7$(-|1`Cx7cBXKg3tcBc0MQPU!^by{D#XG_}+r zMvEt2{xn;FM#093MfqHGp+w^VeO~6B?X}w&!MM%q&kSy=n??+wZjZEOVnqxy4+Tff zb!e20L(cMvCZyHQ&a!b(p>wY!;f5L_Nj?3(F&$pm7T2L7@uIvM|D+#sbF0P0{){eD z(WnEt&l{AUZ)MfNEJ0!m3H+H0F)?i-qUj>QuRyq~ige)%q<>AQ1=GauJO@plen)#5 zh@?QkTo8G606qKeUAIpC6DH;3(NnPd)-*2ll9t;MBp+KD@<; z@0G?0A<<1q^_IV&x8-5lC)V$kPIJq~xhy12)3szqv%XtVXoSwkiSaxW|J{>mJe$Bguiai^DlINnq?au+;P^fq5o zIQi;Zw;N}^dqo^+Ky<&-*Gt0uLfgeYAW;g8meAiT+K&bywOfn=B|Nx%!6pgpMyk-H zfwHxf$fBxM*1IQ(jl6GPxSvG!%zLMfAKjvO;{}N|-Rj>~vCKB*e5l@pl!y9g{B_05 zE{$+t?gLpl6<}5n8)zWU?>RC#$z>)auE6p^VS=*~<*X(4RjXfiEIs1$jAn&9gUAz{ zksvW3fj(1%d(?Ce8PVBOWaS%}J5xiPdJ|LDT~vlI zYDi$%AGfGii1p1+@+7)+Dqvi=gU^ob>K5P={K&3p=s{Vt!FoSKqE`H2X<3CN`O^0l zWxE==bis)dOsoBdrb(OKM3y&%$WvgpaLReeuT>jI@c!W^*|ee!@N7;>WZA9R&zXaf zHS1=KO{U2Dvu0+nWqL8hQQJkZQzcnmG5UVoc#7*ih6V5o}@h zxdP<2;V|LaIL#w$$EiB+LobrMt6mHv5=$JC>-NLP5NKLakO3O zbu#L_exVAuyX4B~Y@u4Q)af%FD$;DDPwNZcU;qybK>fxCm=$0H)sH}AR^@WCOHf0d zzx?#djU9IFlPk1_sMbnsnc_J~Ynf!ExyIW^5DDX}*}vj|=rA{j-%SMe-s=`sBc0eH zfM}Za?ZhM(@`nKZwPS&j6R7UShe-X`VoM$3)eRJB-qxpDq`I_6-Kj9#Xg~u+E?M)+ zh(u{y07SCiEouDbSC%i~QPhstY#sh&NE~#K80Q0uit|1$cRCi(Cxm?hShJJXrJI|e z9X@1Qw$C6j``dl^N|=@iUzq@F>x*Ci^Udlz49ykg&unk}KHFla-6fcx;Stn{LTt`e zyFfMvT^)`CG;a;eBv<@c=KoWmrnFGINI&V0ezt5LKH}J4wMByj#?0{^;kRR> z+9}U?%y~ zFs7;1Xj}q)deFLZjZ*0&*~%R&=-Tb*j1ePdVvzNAne#+t1i`Sw%Da!%%5CUpC8aUS ztI%ux$q&TeT$%^=jd4D=vEjRMOF9~6Wpefm*G?j{DGJd;ndKvyT)LCKuA$txUP#!> zwKdCebhM%ciq3C0BvelLJsU2^2J*%rMrb3wzjd(1C0Kk|cyRZ~HtN=~1Rq{rc;Vq! z7U`mThwax-{{3KGGCwzGNCxRVbV4fHQJ?Vu!l}mS=}TU_)#W@I1hjw?Lbc*JLGux)P>8)a?Vp zzEdWyPYx@~5xx`G7j`8^R+%|9pR=^y#c?V4I! z`&IO*+z?vN-kdP-7T&I}g_iA?9vOAkXFz*?Z~Hgsitp9_j;^Ttuc0fQI zduIh(^?hZ5d(VX&eP!9@8@9b;?cCngJL*qp&FyDGPVbH6YAI(fDkW{C+Z;$LMhxw;)MeG4jXO~4{{UBU1eK}G{Hu0ar(>}F(1fHHq5{Z zGNA|43DRdXI4i{2T|Doe(1RY%6I}@++QSD)*m>9eK_7Yaaj1>*6}y^I?;2ibjHtIY6g8DtHtGAKul#@d0I8iGZ2g?{{NMNxaBjGP!n{jmG1 zU2nex>~FrDfZFM+$~0QlgvHG&rc9yo<)E>h+rMQW@AMk)txal3VBAM$_cxw_Miv*M z^eR6&8p)lUo}c>4@(5u_yTF^XRnE2ja@X1a2l1iFkg=l^*>d~djOG5l9~34hLsoL= z)8cK%$@dhmKNHK=0?&^xY^Ghv1tdvvkkBm$&VS zYWxkB(sO+7uU7wui|_BL?uJjf9#g^_1QmCloGhNC9h-wxM8m_svfMwZE7{{d;Xul4 zhV$+f24o&z|H_hw3@fqkgCl&2C%t{4mf%IVB0cR0ng3AjA0I_-P@{?pe+d1(?tifN z-ce0$d*82nyDiv}UR6MlZs;9FigY1_(1M#5AVBCK)x8x&LX!@mDUbjO0U?AI5T&=! zLTI5#uL0>z^vyZ%dCob{d7ks!`_FyHy<=R)V2riqTyvGVM&_F9x4ys6_oalytDD<8 ztD6ODDZ!K)w9Ty(?BJR9a`}|)>;RY9f7ke5%6?_Hsg8dKd2q5tJ??e7rF=dSNV9bA zfBpk_#^Z) z9#8>U0eippcA%)67TjIOFXk(7-Bh#7D152-L62D z)&(+1csDNC;qTqEc4FHRgHi0LvA95ZAGFJ^60nr$Rw$Rw0okg+S|!Z+)+s@q%ONF5 zp|j_(khqR(IeFQc9-hJgTVwU4{Ms@_`w}{kN(jpY_b_--ddztp^#`ANlTnF;)eKK9 z+34Cqzv`dhVL9}sW?|w5J5j6q5>wa-NgKmvtsa3awPuQDVODJF{ZwBD2R?k4z#mQw z&AMWUXo-k;Q>4YW0TUTYqQ#R6ji>1HE#JSqiv(poDzt`Ja?tLPnMKMfP;m?(%hpPR zajw*W$}V?so76HEsTex`^PCM~)6vhgry+BvpV<OISbv9ev8^03TYt4T&2VjkI7Q8vBbF`t7ZMN3vbv_k zt@J*BFn4jY>c#XACxTpLtdg_fOvcQ&i-4BeR(=^30j>)~CZs zjeaKY-PgkxV2v8!GBG75N{|DO@JCG9oQ~?4&B(gwpKV`sQG)pP5`_j6R zLy20ICYI*KcxZ9}U2$oup=p}|vpPaX`$k9boQ`sD>)_ONWrl-c6MmrN%{ z&&MpaeC;NNz)RPdKpgi4_$3()u%ZHBTkUsLF&sDTmCB9Z-p#W0wjLvoMNIh|(sC_) zWU=t%5Q|iLilm|yMDU>6joGSzgNmjMiA(5NBYao6??&u2>p*U7!kHDGA(?#n*>!R{ zRL=ajdz(jvd_#;b4xwpoV7>9aoaCjZs$HaXW5o7V^AQxNM2t$QyspnzJfZ`-icZ-S z6#{>Pd|S+^RN<(9d*HIs*f*=a>)D=eTb@6f5{qNQ5CA@lW^`vKLl$EJYs|yudarDV z=!?Tc&8g6RrSKvnIxra~p*g4}3&cx<=>FU)wPb~z``|)|*K8b&T#m@)bqkU8NXQ+? z0DlM?7&BqX35mQ?@P^S&^vV?U2Gc9Q$QPY-%M!5{%J+CG#&-@!qfRzwAw3hLB0VHa zq#IHhKF#_oj}a}Edq-77m@ z&8pp$l75spY1{H>@;Y_$BuJtyqcI?t;Af2%bUp%0LRwn0tq&0vE?J4hQ>^j*P68FK zV^#0bYS8};OZ2^Y+f;===JCIbhyQi;a_&yD{55LuL2HfRN54i#e34rq6Lps&x~CtI zCn5?9xii4o9+;L2DtKCSY22QQx-XTssKJ2QEJWTakZgZiaKUx<7t&ZTE-b1tSi$OB zcqw4y8J4d-JFCq(mCN{^LTv16f@$j0Z&p=x%&BrW?|*IP4tydiVM7NZw#j{hV-nkoa`29#m=2Hwi&hmhNIySh=C%buhi-0&F<(XFTyVu93E7>6+FfbtNkkuH{vc`yOg zqzk8?X<5@zbTli=}z|2F_Me53#6T$QV5O<=epi8LY+h3pCCLBcpUWpe|PQ8%!O24L8Bl$ zmE^w)yySXh@ETGiv4I4she*b8Mp6&=roMdH;wCw~4XCw7Hvq#3F(C52qoe5&D~H=X z{X$?qLmh9dhr%Z$bf9Jv>-NA}OvuW0t{^xi^{U*eKLZQWvX-GHpZcBUp4f|V^QbEi z$Azw_@5Pbjmi4AN6$9u55t~^G+J2F7ffATp5+wxMlDxIA9I{%Mg=@`j&@{oU%E3WV zThM)M5W;0)jVv!g1`H#iN=LfGvDcM;Vcs;On9DB~)z>`j6csD;=V~Zm8oqPyv#$)d z)xp(EX^p{>_R~R&$aig_pGnkAdql;=wC-YTgN>bnqphn`u4Q4arE^k{gV>JYW%>&& z>3XuhOa+wzMZbD>o!kq8&C8u78U;_QhT~PLolKxxn0PL!+`>(BvQZLZ(85rRwpwB+ zQ1P`s)=p+f+j1d6+OCJmPzB#(+Gn|DcU7-1qkWX5Fuhd;di`kyBdY&fd0df-5iawV89hUC(?rZ=}~&F5+}CCTT?wW5*;w@$ds#J>`>1 zeDUh;g*?pM`}rFZAkW^(Scmc(?trC$i^Y5XUEhZx!3maR!3f#&&$|tUhbQb=B`y_D zu?I4P9Z?_C(haiikrRt2%Sv{-lY>};ccP4o8jDFHF%2&-Ea$u!tzt@7GrD6W;6V{4h3ug30ip{o!R0ee!O3^6Isfb?pHTS(}xBN2OEOajT0R;PW-ry=z)ZZ&Yi!4SClm@2NAu zJXCkS%cnS*i6)}0!lRI|qI_7!zET5$(&T~9JG$35>sawvRmp2@I zJjxrpdrxLvi>DzpSxbF-IKHzlx2sx%@y|A}z-+wed=@YC(jm{*mFAFo3DO$pt!2l1I!e_}!(Q?fEC!dzUK}VMtayFlU0Tp+k}zrPg|v5KUK1RA zL-y>fCZq1dXleqC#ApL4!#E#xVxjhYh>GYjEUxE9NdtAUa1#~aLJ@9K{Um~fBJ7KI zxs**5D8^zQI!P%b$@1~5hn6)tUH0~@mW%}WNVOml<~uDnC4p#%nGvk~d8G)DxHbzD za2OlVNab>uSi=qG7uI%_id@UhQ;U-ZkvJV|tf*qhC=sHHsmJ8tkeJ2jd^(Xe*CyyB zo`*VvV+-~LO9eYVj~SuS`lbK|cCo-N0LZ4cSMuxVjfG#hA*wp$drcjtbx$0*saDn< z6l>lYTi0akdTLsh)(3mNR5jhjG!+&eikrOsWZ$)}9)@HjAbzS+`Nhj0Twi%JQM*vO zMS;9qyaz@QgJ&&Hu!A)jzLnV1fsGR*;$%BnCAL7GlVyvRXzt9 zpT@daF*aGbx#`Iz`9TDi^b6`kUne{;bdKaVK8BaGOv@U@P8cy)m4XwYhOQ-V^)Jij zQ*N6?Bx>Oi4z3#0^3P!*ZbRZ7^k+A8egw`N};BV z3;?xN&Cg_y&!R9i+rv^txoj>84c+6v1#!A+2%U3CFHc}zPA^UMdBge*J?G*%OxnKU z@nj#Fa@zN?u>~*;cZw$^j{iKD){-PtTxsxf~9w}?#Fm>k2GN<9)kASB0-<*w~$13tSoIXn64*lVZ4o1yQ)j~@1OR0;oSK)zN(RpI?k(tFJ zm;UVqn2%4J?gs{zjw)qAbfJBr+_&sWIem)5Wo=hG7P%*m%GW-;{`&XR`z6)mx1l1> z1WC?T+FV{hU}!1X*2T+ymJ@U@<=a<}G{zhO^Ah39hL_uIxuH>NjH*{wTnkBYlo8pk zrQT)Q*pVu(;pLWsufI@QaIQ=^*<-dyw&|2mpV*%`xCJdbfjbcFNL>I9?x16|B7YL} zlp$sJKXf(c6{)#?X$N14>6H8H1}0pvq0RP~m}db=U4elC3fjS8uoVraZ$MxD8sYU) z5=X5x8ud76UTmni?_sRus$CnGB9BNe=gJ|UKleym?*bX1TGnbrAxcvabUNT9Mo~~4 z$Ow>`jw+hL_xur*WBo#8K7Pj%>F1$NhnEV|(S-r9;;cZt%zOmMO%jfwnJ5^_J})bY zM(pgyzPqV5-Tsfec)ph@4M#(NRkye(cE(3AyY$%A6SaQj*oMlpn6J+>bRzxk5ZCnN zGDp*l!M<_$)Sf9F)t76Wdj#akjep_S{qx*K5Wn%)aQL0QH%{CGU+Vfrz9cB!F^}?+ z!i61@n)>HO+EtFjagtur9%qMrbtE;uQqOVzUGF2)%qm|skG_{2&$@phg8yc)GLw{rLAIp*-(HMJ5QoOQ6%mz$WzJHzncGs-5< zFN8;bZ}aaL?nU;vtX>#OC_8J)ZZ|pqQISQBk`_uwL@lZhj_SSF-~0DX|GDP(OQ}3G zX1A;p>F|u;uwU6G<9?p==x$us?43zdNVy68?=Ivo?SB~!3OPo1^MV7*7bpfdnQ`P# z6L6aP^B?r~PfL9+)pY*zQU3k%|1ovVFE6RlQojMF>j>u~DLL9^p-r)5qHx@D?(M=K z3l%V$$Oe;^V)bKJlMlB31S!(ci;%Tbv&42 ztKC^Gc<-YpH!69vnr}2ZnYKs#k=VthRJn~YyhhMcf*fGH z(n8y%nenDd$U$;x*!Pew$?J2$W{q38o2wcF?X!XOstM=y# z`}AT_%qBWlDjr*N7MOVQ*OJ7{UZ?jv$L@Ulpd#0P&SQ-`M^(<0+P8jtt;3c*X*tOf z?Pl}AnNz=gw?5g?vK;7eKhdCAIW=N1S6FZARIw>6&wY?8c_E&=B_A%<*Z}r*+J!-o zO$`|O$M*q^@=QyF^MPN`gtNh|oS;1}sbX8^MV?QA=DJSkxqO`NzKPJbiC`Cqqb&bg zYT58Cei(SUgE@6WbhEFU6;zVAO=~kCmbxv?py)xler?+uuKv{UY7%Fp1iH&3iNp+% zv9}^Q>NpvgSh3o?BursWwZ39jZesYKG$4VYd}w|Z)tvN!~6@{l$C8= z5vfP%wZ>?97n_Y(Pm+~==AGIo1~`qW8g3J$w}}okK&44x#kKvi4b?jJW$eVDg_Jl2 zV|AOi&ED}&Hr0EO)c_4&$>hL$i))c;md<{}NnrLWcu|-5Ku9G?V0x??fE!xFoH*<5 z0#m!CzX;db*aSR@f-Sy*hfkBxjl65?FVJeko0;W3YS9>#S)KkD&TLM~w+9Pm6ehOo za;D0Bw9-LNVeLuDmTrKuA*MpX6q8Kzz2YDH9K#XOhhZH|T*xuHZeTM=^{9FtUj8*Yv5JV2jvpi8f8}-gIElSfnRN` zhoJzU$K(aASJ`S0u=lMmGu2X8Cwnwe5nW_W@Z!2+CV1py)+ZU&@2-sl9`T}jwoy;xG^q7 z50713EsK%QhYDk_7dMv_r88tK$Jb|$NPy$751~K!bW13)7C73AF5w=5qm-=SCB>2) zR!_Z44rGEwmI4MPxQPxzH{I{Cx7hX6O&G6|*2quHVM>iNxa0TZ>uKnmB)0W z;L|qV^x)t-I4!z87Hvx@YnNsU2z@#K@Go_;f~l~(|9+_cTg~|{>C~IVA6XwDOX;%f zajRhivuD;rqr+P9L)j4=KwQXXfwfw4MO*B7T1*8CYA4%D_>h&7}jz2iw0wy zJv0+hk}VQX=cu@rWulAet`ZE1NgsWBEDC>n0}GsWqv?*lf>H7+;fFJ`}NB5ogxh zVQ;t8f2#&AZyoA;B3s)c4&S4|)DOUX64tT7L>Uls@BUm+UAja}F6l4PlC2Qe30ExJ zQ_PH0w_uI>$9;%#CKU4l=nqW4;zCWuZjhb2+J&2 zCkCf(G+OM=8ct8?#A#bA8!`?z&zRc-ZSU@0CxjlS0+PE^b?2?ZlyWI8%Ud%Fx&?w_ z$otAs#=J`2N-lD+@!ytmw1kkB0!bF_fQY-7@@_QZFTSri^W>H}xrZC%s%5H&Pegcct}K1LNh)w4|Y=7)M{o0W{ z_!hn}gk4j&M(z(^I4DduG^xcZqHugE*fx|W+fCtNWMfnC=$H|vq<;*AQ%++bF*sZ% zi3z=Rt6f-h6;5enbATB`G7i4#F~;bf5py3vSOf;fm2_)U`xH&ItU4DJSz@C_rk?g? z6Pe$9R${tmW!)e6s6?yxsuMOVC_JK62skXog9?9-QF_(F+PYKtdc8Z@BG9CCxa=Y; z)#%z8qw?tRQkP)iIluzDBsWZiFZBH-a zW1>(gB~gnLgmG8;8VCx@sn18$eauuj4*T_o9 z^09_#>mpy6SG3CzCbU<({Eso zKE_|WCklAs0dlvdiDjWED~}hep1!t4m@1LhV$}V?w9VFS9=*=}S4fdf9e z7RM!*`?LvMU(fSrpu}0PiIqi-Cp#gN9t5+5W>skGg8}^oVKjDUeXiMkV3xmiVJI%5 zV&vmD${*eMXlX)%X5p0i8~8^j!h^k##467NKRMHh^y`2)xOAiWwRz?42)X9l`j>U^ zaJ1Erm!Kj;e2Fz#+0Tv&x2c0qQtrGq^tX;~;dW-AC&~sb0YVLf_e;?lzBN)HXX0~- zHs(QyH&ee18LUP(e>E1{=kwAtpPWh0r-J-ptnryrJk^WyF7lT9b?){ErOix|O3W7) z8?uD<{9?TE^WWHaVZ7*7vQ3hCVr!aAo`zX~f z>gva>(50X9!l!(@lw~Z@p}Nh*PW?JaJYF^{I(u>bHnolh<9DmCa5gp|I-&GInfolM z_jWc>k-P;!*8xP4Mbd2#U{rIOM`bgY+-lg-WbcnTH$Xm2-hH~)5CNxIPmDL0VE9xh zGJR@L?}e7k%0q`BDIyu&SCmXoS1Klg*uifU$jtOw=)+xzf9uq!s$gf;W=P+s2F?K- zS1`eMB*&0l!+aQdL6&5m-!K?!clj}^hY+2SklliHlB)5oBU*|zIE3$ayP%c!!2koD zN%!xHjesWl6cs6uZ)=j*4RT-C-ci{d;Ly#X=1Ay~|0JIR! z6)Zl!HG$lCxt(L0bimH;kN%`C2gVUWNSTfr?^9$#ea zC_Y`1V+CU&#y$QY=^+=9MF*Rrl(s{|>_h!`5m=iW0l|(Ddm2E-DJRrPPAF zp8!(#Z%PX9q3bt4;iuW`=joE0!ujfl^jBHtg?K9)V3)WzclPT|Cf^Sq>)bm)2cX~o zb3b3|o!kmH1q1uYSF@ay@{kE_V%SW7m5pnjpTBdEN9S)m-BKIi@3^Cmbj>Y!IY8Bq zN6hpS@=SVyMZ4(M?qO)Euy z2_`67r&{LcvE8`dx(dVUI;E*1q>7BaVjCW`t0=TYUVj&R@1|w25`5pfu~}RsrfOpe zp90P*$8#W-h@cn8;p7E%hg&Aj5Fm59J53+P>p(hm(oSplTXy5c3NX1@{%0jdZg zx-he$VVvuW(>-+-uA{-Bo0_xJwwqDJeXG8$!d7wx6TwYX`c721LvHOdy43)rvQJ_r zDFb~AEjMhW$W1rj#MNT~)|_SJm{ME~8|S!JX~~pi>+VqPil)j8#tz0h zENP=kocCkTXh1U}bAg9{tB{KKK9UY5jjNPwU#bor1>vINz7rp5&Xx z?=?;nn`m|5MwiU2osQdouF-$QJVM1Jt=SwwJDWd?A&+MKV(FZZ)a!ct;Vm4qhN9-0K2(!l<|F}}_e9+^@L9H!yBIPrCM?Y|79hO%@Y zK1S9>FZu?jbQU90U00dow5H*<8oHb!DP8wpKTuQ!uZlB2i*<6$X}ln4B}Ec3F%NRM zwMm-cE>#U(RTismIqfR(&v{~x(P~{A@4Px`E-TSYVHNNqX|XrzR#{2mOGbgn>)K3x zC#gPCaUho-=ECCYuX@=}hJ0@=_Il@TheaX*7p9&z0pg7at8A$WfdkooT2e$$^9eL9 zrpkf+Dc&EI6fPdHu9x)&OPBHM@>LoOd}!*j6#3GU@nfgE&UEwrn8G|Sm7rg_->@0{ zN~Zoo4cx@4_@D@cQS+85$)Cde74V{imd3^2AzeRQj>>+s$7{ihl0wb+&ht>kI9z|8 zy9TsvKuPtDLJ0bGzTsN%h~0a#!BHA@NHdz4HGFs>cF=v?oP~3X<+t=q>IJk3^09p_ zU0Wu4RZ{AS${5?l11r*X=u^t7r;W{V@Du^NH)>*9I8p$25JjN0Ys$KP>jWndu@5$f zKo7bE5@QpSo=Jg-QK|B{MzQ63wY0;w33*wc{zzE5^Arc?VOx*As`l?u#@vPDgh0M= z58S$)@(2YbZ>5WQfP3oU-961jOzc@KT+#Vuh~s&RZexB?M_=D^d=VMH(;OxefckF4v@6%nip6yZ2 z7w&TuH%J%uioTP*TFkYX7!MGX`cPs^l)&`vZW|8HoBnkGj6i(C*|1DxMOXq$Xh6{X zVNc;JhCWPE&#m2zks6VjAl~Yoy(9Gi*(jgivn1xQ<&Qe{h@4-X(g~KyLuWf?qk+6@ z5^E65=KEIJ$GHa z^t9why!KsU3EL8&Yow8Hr(*MjDgG@Q?6F2Qo2m$ibzoqHS5+Ffl})(?QV}~ij6D*6!jcY;HT3o(-*7E+i zXQuBXr$iVLy=EpH%$b@?NkR8yew8^*4AMOw-;|tY%$6^MS*jG+|9* z$=|0br$eh{3rf=18=oCw#j<@S)@#e1ua{JA%L-2lwq5jXnCFz%I{EA%X~LZ!cf{4} z1ERRO@OJgG=W)seR8`pk3pPx=7PG5HVrPYRfIKsqdXdmc`R+y^|f)aDGR;n zo4ijV@;^{UI8|_wD=|w%%Y(x!k@xm+cLb*wa7&!|$v@jlo5W>L%ETn|7UYStUa<%fvhSIw(ei1I zG3>Y4$B9f-6IaDn=Ps86J@gAy3%XQn8WY!~jj&z_=<1Azd_W!@<*fblT%oz*dFsMH z<_7=c(#~%)qd(6*RKtcgee=vo<2^sR@$a`ke~Y@RWWFIOxo+LJC7gx-hdu|8*}*e$;o1U$UC_UZ#Qkuu5+0Kk^dF*kH|!zjsH5 z^eufZRk3v;^%~;%P9V+i#@Tx=e#?ET{o>BeFqy7V`Ag;gAZdA#!PEJq?cFv1$ zjm{I67nnLp=svkJIUX;;8QCynA-|s8RZ@@Q3mPi`Pey`Bxpy6*vm)%3Q3NZE$en9Rr~1EkCv&NRPm~z8e!31iObuA9 zNo6*lQZweW`NSlr)dxdqzmxXX0V_h@c|`Vr6ZuP_ zo383bE@WRIYJ=vn;XC+7*;{9p#O_0DQ&#Yqe_chc1lPPfmR!CJ}M=)SfCl`g+DdGR3D zUbr$cK~*Gb3Kg6O)cP$ogn12wMCb{NnIiT&pW)-=+wb zi4o2$B23i9_mULm=@LBlomuQ*LGTV&Q5qp@*aIqIL9`iUf+2;je4KcTh1Dz030(s$ zp;)tQLTdl9I@kHtt&XdN#?RdrBsa_KNZ*V)nL#b&CdFo>T^1A>;6cV4$+Y&3 zC{T*P&0 z#~LMADn)y{u#n$J)_V*~aQ@cj7w!mJu%7MvtNU^#O;>JV5j*H9@;C_=Es;df(~{j8 z)hK?j1_En~Q{_g=Rx;Ecc8##QbW{hJw~eYQ?RKP}U5F&PK$tVi2V{}rx(~!CL#|3% z_;yS)V=RJhLaG3-!V8op2@4E;7X8S#`-#a`IbRBAe=ww0P#W8o?xQUhsgYySTOZO< zJr!Po7OkfH&~AZqPs^tRf_F)eu(h7z_GuI)96(2RkE<$wUqblq7O6A4fEdu(2BLAf z@y&Lg#5F#Q9eUBcCd5nT1Ys2O&g-_;phUxklFLrjz8dY}L6)rBpm4xRZ(1UL7!_g| zusGv48P_o!xciKVT2+iiWz&cdJoF4KOhpR{W9?lCz8q+1w!K%j5PLgcsnW>qmbS6K zPl_}Cz?V&mGFlObalt}M1s&XA^$!srvjypJD25jH4rSZ^&3KhKf55CV>xopB^2St? z+WJsPnZsOJ;%pw>s4I0LA;bN zW%(7%SS;y-2|<`diAe6}K>IV;H77}Hv#VSfbOy9?;^plHbJQh+8-la^?d~V2c@d;0xYY2IiSK=s-=BpEA`I1e`fK1vhT71++@ zi3g-H=(uP-@$(;9oW9Y7OC7fLqfI8^+f9}v86mKM!YEso|1 z_VH6mU24~sMam!bE{b$qwJgcl(DDOzEs&+>k8e>6ZS%Am*SnTi-bObjB48UNV(L!+ z_lc7Dm(#ocJ6~gJ10-NMI>4d+AHXSP(U5MSOL~ULw>HWGpPcKenIVy$WW=DKI zCYv9oXQ@p~@O0F04}%Wb2_`)~Z`kY5J#=k4KHzB}Z&fGaLmY&OS3g7Rsg9!}@x{ZV z9M^v1=OwRMi|IpIa$csSddX3vYp6cLbpgH*>%i{ofY0h(?|Zr!#l53%QTkvwJ!h-C zd7^Gc%lvO$tW>|&XgfPu^oMktxYlB^eQY^wvMWEf0x9v~365Mw_v&#Uy07F`^w@-B zC|8ArY~>2wP~lsj2;=Na&K;D{3}~1(U#!bq^B~J;9#Jh?_XPpV!QQ7z`xCOtA+ycj zDK7?dI;}_(`OZl>ISpmd+W3Zp??qz1?j3e34o1aNSl}4NwT~ HOGLD%x-w$E{ zx$LC-F2-6_kM^~#?qHRM?e*;QMjBEHXf2iV7Eg6l-C zxE@}!!c11f1v{#f(JP-mjAvRUd(J$tPN_93*>o^?L432*w_O@N%&YbDoR&eC8Wj!a zJzD2Ay#-$ltHM~fV5ymDj0 zDym8dMF%;uoLs{$2@_(oinn4S#3y`qq}@a_6OBlNQ`dFq>F!f!YKt+P5rYsD>QcRH zW=#)B&3>vozZ8%ym=P`Vq(RbVv$1XdChQIo z#u5s>KEAUlJT_a+%}U{)4{>L%^BW1)oyk&hm)NMIvJ&GC8f6Qd&9DMb0v7kQ5hH6^ zB36_XST5k60tR700!C8(GWaL8o>7+qV|-*_ghpq1bf2vRP)o+TE*K7m0J{tsK?vc@ zw+Ku&ELIrpoaPn19ztw|+zHx$K$e;OYBH1h;#Ur=rE#|kCf+G%R=qBU3 z+POXCZcov)Fd*=dgx+oti-;VJ-$rmNidVuR*J^1R&POF19s2EN_ZC zh;z-MIY4~RNp5SL7#=oScxcnnW_8%2w*KRZ`m)%mai5(=QA+XVC7y@b!2Wo1P04f!+0)ZD@DjKaRh0CQtGsm?S=|~eU z6V{ci6gm>OUD=yX_HLK%qtVDm`3fO{eVH^0b(=*L(e}mw)9xy0=x?*Agrb}Lxn43g zu5{&=DzLe3MYjZHOuMYX_-0J=sKJ8LWZ-=X*h{A8B)_a8k2JRdU|t)BW*~5U_Z+eG`~+2cg6+75TQjX#zba-q6_)S<@y1TpK> z;hr{18`O$23dnL4MC`-3L|zRdZ<)T(0GPA}G&3eN3aKS$Vdc?_yP)|RpSJqtHq6`1 z({jN6WF%)eKC6@ZmKNX(_UMS#@(13jyFt>Lo@O0SO;FCe6GBbEvdoW$UcvR-k?yWB z=BiMX#e#FId1@EX4MLcXvKb*0QjINlpZi%7PX|t_xJ+54SBci|kkk9VlppVW)$`Xo zOgJgw%v`9f*{n)qpkT`6xC46!v~SKwb6=^9vmW<7*&{;EBT9WPJEdRZ24?|gvZpVq z>Bwo!XO3`qBUE+cYDzA&1kC=QyYK&*k46_oYT8}o)}~nsqK*Q&%H5=TSo<_8cjOd8 zUNreXeXkEhN$kwjPMEn}69yG+BnCR#P!x(7xJpFInKUeqq<$RV)ohylvL$dDgiesX zT0Ss*sqXc(?!m4hFO2Q^hvJ*Qml~33OGuSriKZvdc$aPl2~kNhLB){pH}6$@d3TI! zkS@E=>d&q}3dvAi$n%sLT>9XD!uiMH!;mhuY1aah#`>P@FPpy~CWSSSb&!#xE3otb zw+|;TcKpz~T}iw=fMrUdyCwhG%4((~HB~1GKku}XQI#0#mBdu{N<~6~i6oYo2OVqX zCa00)FpXOBYe+GY2@8lZwoPHDR|kA~u?6#$1P-6JS`4z{TY@4*=w^!J2+Z3YB(w~Y zk=ZO5oH5s9ZP-&!aHQY``@gMuOvr0t7@Bu+8n^kT6ixM>YOsdhyR0wpE=uZBVbG1# z(0gPlIlsx&9P`**TM8?UJRyFJ6ely2jd#xU?C;IpC_h!J*IBQxcC)5PTQ>#*`=Aof z8*P@h93WHz#b*)t26$5z0#sA>-jH6~qNVYETejZjbvi3k03WMbe?2(M+5LI0C%y3I zVol&|`lkmW*G`D1PEietBj0rr2pv~`o)f}`^3LG%7JG&+?NEu|dS;ka--JQVDqE(x z*TeZcCgvkwCR0A$^c?TsSzJAT>@juZw1wbpQ7ii~Znt&Azlm|4=H1-XwKj99W@Gu- zXYbGN)tld?4%=?p<$+(ie>{v*nt8i@P&@m4Vc+vL^}zRgUGSqH)`8(1A#+h5`>{>c z79lM;o~@j$ z)YGPB-q;=$RBVts>xK$vFVEDuv01q@&n=mUxL(aaz{sb$c;s4UsH4UWm@O4{<@64u zbQb%XuzQ`84UKhYmr!e#*zI_pdiTYZyyM}~3=Ch0-1dfY{APIX<^yL*;4b$0zz&CQ z3r7zyvk!t+svU%s=G0}ZYpq6qhZ=ljU5k5Y=j^_IctPqzCVV9MX(i}dl&BEvyu9f* zIZ>m^iMu(Ru68on!gkN%^!%0+uIMh(mHVUNN`~9~AvADe=VVQxtN)InBBYpT=8x?K zN&8l)VhNfZ0mViJ7*zuYDia;q zwTLcWXt_V6%jctq^yv{u(icn875JE@D?mqYSvsXzXx#1*yH|NDO6nGWLoY=d1dKC9 z%8(72+n6=A0PLDN0-8FeceGgkX^^@3(8#K$I_r;qitm$) z%PQE5Dl1`DJfFJ>hcj|N&#A{^*>@LDsv19&Y7S?VmSv6*6-|x_q>foV=wR=0jpBEw zCqlrjPr}Kbn6{E${)tAqzWhTRFwwZ=FWL59vRC3Pd_Qd61v&0E{cD=TKdvL8@9g;z z-D}8WX7g>_+1;jkb<|691Ec7f8M-v~Wts3<`^!kHnD5Wq&sL@d)pdTJTSn%UjO~Ff zb3~i)d(X{#Pq>7cZrfe`{EuD!eTm^Me0KH0=NT`FJ3TS)Uw=0_2`N57@e({%(|=RL z?7cLpTR#NX`dy^_y~Y2q@PZjd<|GmqYW$=LNGsixbK^+}0rlN(*|I0@J!d5p)?L*&qzz)(a}?h?3|4^RGO}woj7& zEP(BLKlM0%kLSarXI>dqBYWLE7+3iqNa=f{NNkp*m&MWaHni_+$Jm=GUm1{Tq@FXp zw6DNgS53U7dp=dbUn;uNG0Q6{<5t{a5`3cr3`cH|=Bo{B4Dz93`oZHzP0}N)G)5?n zZi-#*&-UI*Ry5Jk?lMK<>ct}@vN^YEXPXR!tqbH=7#5fn-cU}oE~Uo*Jog!yIe2~E zJkZ4R54gUk#2kmMxYTx$#W5t9dUbQ8sHd&xVhZBI{$uSDfn-A&XMdmCSUG)(&P&!i zgYvIz0&v7v@?P`nkuV3bgr~{Rlp;Khf}~(0I6YANT6C0qcXshEbDQ!l-}*NR0DVVfI^|NWgEk9FkxnaEqlb{yGDEc7EXRa zFN7IYw^aU2xXf)6AgjCfERm$w-Ia4enqdMf6%8nsh7wv#Y*OkT}bhfHVD z4JJRT_CMMMFD7nXuiJrQ+~cOIox-RF;3BT@i7v%}_`wd=>6N~^+kZ|iR;JoqArg?zI&$NqyYLi{vgLJB7j0g6Qy6! zl0C=|GGlH}SBFdX?$?KCT4G<$xlL)Uu*T^vSh8!#>c9H(Nf7<92&dBEH#||_^`I0; zPqaH9zhJ&DH{bM45bgKm1tn+L`YTrwwWszCIL4sCbwmwpTitw0DB0Qe`GVs6GwhiO zMpuAr$T4M8#(zDjr}CE!+kgID+?0wVb265Bij2Z<44n_2vZYpRW&PPUnl8bqx%!ww zjM?57M0riK1l(5AB{N9q$ON$z4vs>I5s4U(2_m{Tw!7!nfj#*R(#t5(`$Ey5RWq@; zY(s=QTDR)ML|TjPke-v%8{WhDb z?)+I3vzm9;6|ZVFj3G#@6qto9*#h4w{vNx=LfIO0}S%2 z5oNDh4p2(wB!4aZXqjA3Fn{{GTwsm${DOp$w8x0`=?KFX?gf7^}GK z6PQ2@$&UlO6mLp5{=YtvX7G5wAotkAtrUXk+OK$y0!`FvFzGcQdP{pvGcS;1@dQgY z39`B6!Nx>xU#L^8bQLYL*ATOcC@zaedoQ(Ib7o&_oqfZTa(I@jJZ_ZG9y+}Sb^CeF zVN@n$WVN8g)`4z5h!A}FI=x7~>qmOBI!)biX&igOuD4;tagNTQl#|_|(>oQu5V1%) zaUoACm%%+zc1+bTUqttM_5~&+80) zGMqalCo|Jt{(Jp6`wg{M-Ufg8y*)W7WD&UGKEFQL}dS2&0ot_ki9a=4j4s4<*uG~Y%-ktO+1mu&SoObJFfR>I(Y z&kARCN%<;qwO%Q*ULG#CSVATrteNWJx&v0XS0(&T~i4? zKNRo)vtV5W7`H&b4g>D>xR^XtWyl%Km9}-rO*O4gBhZ%j^H< zN>2n7eByi)qKAZaPBuv!klBG|t(qV+|GD}(OvTxO!oCeWQ$ETmJAYl?`Y8S@MeEXi zyHcxpA*abpSd4UVTz3nT%Ku{TJ)@f3)_!l-a@nxbL5fSNbRqQSQYlgbQW82y3qABM zuw9}E1dtXWp-4+0G$B9;p)9FF2nZqc1nCf(bZPo#pZ%Qu>~r38o^w9E<2`3Q`81Q< zxyQU`#+dV(^Sb{3U*&VjIBpvr2bQswiZ%qfsm9Z~dde7BWHfo@nYzA$PMXH5W(|6# zHe*!o7`6eNdBe#td*-vQ>NZj6avn!>1(P(Ft;ZrrGfO<-`o1O#I*}2Vt4{Q~e$;!v2JU`;_g= z>{IEz>~27(`F9jz)W>`+Q-pG4iu4fbltXcHdg;0-~$_~g=usxBrZk-CJ=kIkB z7C23Yn6HI=vfPMQ9gCC+wI5swimFh#j<29tC-|eUgKRMvv5tow0(se;<$p@9H!K3C z+Mqv-sIq8Vl3g_gz?(4)3TE)-_Z$toLfCtvU9~B?VhOwGCO7?LWolN5nrWU^@y8c` z2FdT)d!QfU;TXabJz=K?aO6{o8i9%q*?9{b0{z#YWkc!(;!EpC%WA>F8PxTlOkW8t^8_`tD4tinkG{VZvd1uPQ=634RY%m-v(frQveE>;s3kX__r`z(po#|3YnN z+Qhj{c@@R>k5ZzWM;lY;g}`#%xyTv`eB|pQhLS>QPovCg40{|Q)8)E~n+iDGT9`VG z0+H=NAZ2H8w=9;(%B5wY<|fr_lUickw}cy4$;Vc#c$-8BbjycSaBMkGod*B?a>KbK z8)hDLGMCQieDh}YiyM698lNLO_SfPzUUE9gQ{<);hrm9iTBU#ngiTJ}hn)t!Qd2OH z#|$%K=6)nRYvWy!Auu;%kE-7Rn!CbUMWaG(RGJ9HP#w(1IGeV@6v0S-bE;YvRVffI znvW0Vhuh9q+umKhji5hol%UqV%i@-hk!;Le_+*Rq!)m_z%q zFR$4=`Yc~lYlPiAJ6ftfK54<39HK0C!Dk!c&klT_r)oUjmZ1_#vE*ev_`&+6i2wtu40Nu`(Fg zrp-QchQ0P8%TBO}JtMANA<>&L$G2}QoUfkoWSUI*3|V8`J93h{X4;Jt<>yA9Z6r%w z{`W1`|Fo4jBr#WPp_U8H%vFRo4=6DINv#FBn1OVR&}HMvgFED|^*gdztgFu^yyMv*`XYgFH{1p8{>@Q-K-%3{UU=@w9fZ4qq#!@qMYTBU zn^QTgI$FhV6W+GeWwFMs1)Y0~C-wsz4j)9}bN?6s)utj;+fSEd?;Dnk2iEsW*vFQ^ab&p!$#3aSfU3qLpRUN>@IURrUc zu%44Xzb3KxGWLWFvEbpG7UA$gel+wrKi29yZLX zRqL#Lv({>0Kr0N6R;uF+_nSH-VT!snH9cYNq82vL&LlgB0;Fp}fHxN>~C)3X^PRFqy{cHg{KDhmlpRS}L& z`VIifeT;3rIRe*ckuaT{z2?m4y?T;`y3VmjP>4zwAxLT%&2rixw2kjh-LkZ*Cx)M6 z^?Y5x7Hym#5jM>5j6c~iF76avrh%f{tT57O8X|hbE0X$QRkina1C!j*{#m8#9>=K< z7}Y(22L;m*9=%?Tn-qnvUS!dO4vF||)MJ;>Pzzcfrxqpjo`!bfByYWCyKf^9j}4K) zG;fh)lQpoOkQQeWnQacoDr;*h}>X4V8D_ZH6 zW787aimT$@^L2%3&jO<=5dG??I9Y$bLie@e=XMjf_jzo0RmO9@M)#=>F*P&8TQ+zg zfuo8>(BV;%F)?B{G&Jnm=pnJj?gCl42DzFYI1X+COlA$n>!(%;Y*sjJVumBb8(yrV zJU%`YL2ZiVfr&QW{dcY+6 zbHdbA)~^ll;3D|hiiLoY?&vwo41ePx+X6R594ChASb&G!CXz;=G zxDHf4f-I2VjotA0fuLyjkg?HZkRGzdY+U`i{k1srv^zm(;KbMM3X_F(LY2}yA z$g|amG=ZY$a|4oXi8Wp)w3IeNI>rXqthhVr37y^~Ypd9Vh@oUGt4EDUCh}xuvT`_{ zVfW&MOc#?{J)vPM*CMBzRg(yjHP9Y=WJbs&Dz}xx1Kl`@p{Xe_{J>yF{GM)JOimK{ z-#;ss4xy5~b^`#KPtk*8>&9~9`xWm^Y78g4Hr%b2x;gsls!l2`^!isjW^n<+R+pZe zT7B`os;z?Z{R>9cZTp=be)DN`FrV?$YK_uB06;q^JR1|@gjh#8-_l>7s<=0+ZFykL z6SEfqsc4;g>kFKyF(PE=pqvCD#WaAgAf+Ug(R}ers(x z zU0RJfm#c?^212zz&QCUM6DX}5L@(_k^$)}Lpo~9W_?S^h($QnUk48CffXNd^tT%5H+0P-EwkzlDM^sNP+Rk z{ht?79t_eIOU5+V@4AXl;l^aRKzeap<;(R@%=n~h|nY%DoI<^dQ|qejW~ z-ubm{ld#RE(U9ftmMVEeGBlwm2OmvVBB%Wr-Sk} zuVraGMC(Umhcbgoqp}SIV3COo!d}13M4TOyR#ERX8BujxVCLF%z~CEQSgH_fz+lj* zo~7}lo>}S;I#9u|Wo@#+d-ZsrRRz|t$}psdw)s>(+%xG@?qU9Wp#>|z@TJ``l}D{6 zAL}a-0f*WOf8W;53XB}Ml6#rnq z|A6~MUfk9+O0QDxNug0lMg%JY35N>h+t)dxB4ad;z1pH{q=q%hGtV;H)%eYRjXcNH z)G%F6tdDa0qZ5*TLH~G?HW+q40ZoEg6r}_rsUOET{We*7Eg#4A)iXy;Es)dZ5dUyl@w%z%CafIR&1+$fl{;zW-uT`#YhGDNCUU z8yTpaSOvG!xUQ&K-g89<=%6|f%sNh zq%bJ(ABA33`Juz05C0sVzc+5@;Av+i)#yAFr(%EbBZYejRu*#f@CmNjSKk5XnjYR% zTGR*KWX%|PvWDr;3x$nYeC+K7UYf=5eT#IL#kZ%xMu+N)YN2=oL2H+iv;XGa|IwTO z^dtJe)sJXLV^%i`6d--rx`4X`aTN(S9@BYQYr;U*)PE^;+IVBr6C~!S3Pc!)2Rz^8 z_?Gspk2^h$0s0w5Fq^(0X5NcLi_>4}m3}GvMj{=9HV?s_ySbUlW`k3ZI*8vdj-h)|Gm zqi+j4N@mWwF={+FUQU5SL+$ozco;S}xJTcU|007bLdb+_f)DuC&kKF`3VZ!|OZBuT_(%Y|Y-yD_d&XzyV^}nTxS?$>@B3bo)uiow5_bgr0^!s$Xs@eI68nR`D#OQ>w{xIxCPPduouJm-RHZ|4EpEK@@tx zClw6Wdy(d^W4~3ilKQnrTt^lLne#@l^z$c1zTG&{PQg!yW^%my(`T}k990-5iO}0I zC0TqnF!x=56-Mkd^Gx;{2V{yOeVy~eNOe3Rf5^>TxP3!vHct~FctBml4#9~RXZCNi zQujkC76RK|G&Mgk#MCY0+{KN^&V|8v0hz$kpFu5dPvER2lO=U%;akJL*MwlH48{00 zNS2o z&7RGf@BMPm?*WlO@aav$}l=V^c7&P~<}GODV0SzoRdn;u42?}AzS><%MO zChdDkrEa0Yv#L9|n$y6a7v62$RItYRs5P%QQeJGIrJnGHGIvXK>IAdq%9VcpM&_^h zmi&$SWX9^X@nr9v1xz&zIweWTElAjwjM2f^r?1?&b25#37!~@woH@qq&CN_#OCg%a zoVebQ-21p~|6hS;W!vt>wzI>?{Z8`gowh~aQz&TLS_E=d+w~!$;BObZu1Cy2z|m4$ z@(4lckAG7*sx*K8m|Iwn&BVZjn?q|vPvyR3JSsP>gN1nY$(>lmKW=;FK0PBlF$8=B ziCxd^D~WB4Ww)cCoT)bbISb?A54A|Pn#g;$TTUyV^uD2x!K@kSiw8nuUZbxZ3G`%K&spsGnKNLlnJ?_i4N68#-VQfR623*xC?X z8(y~9W8AKyWg^;!b8-rv69Q|;7oP!wG2`&+&}VwFk}#70+>JLc>>FObn3lBWn;HtS zCb?&wx56ia1mtbtr1Bk*n&uq*O^42hDa!^#7?3?o9IgIh-p7iMG=JuG@>XZ85H(xN zxgrzj)-Z$E7|+UuRD^o$DT!^i)Pt6b9(HnNAK*%)HzC#ABEC}Z2W0E{kT*0HvGbejQr3zmX1#sHPZXYU5_9ryi(cD=42@91J@2aL2lqzpZ8 zt(w+c`fJehki@iGQUCZ2c)jE~%}v{*emxo0SEQ#LkrtqACtm^&Uye=d;I&Z3HHC^z z=Jk)v%k~b8Lkg&9VV1V!d%hri52L4shaPwf>Hu+zxH#X?%jvouZK>K3453X*lQ0XF z@gX*rs)f2uzAZ7frfF5s9s+$JuvrEw@#JIaC77L=-C%_hGbDv8cg8%Io!5FsRUAMHyp^XnJs|dc~BIdZN zDNjG0ygv#jID=#A;p6LG}CvH>Rj)FFCr| za{zd=Y0R=SKJZJTaIbKqRbz+jD_2|l8EZ_!3giFu=)ECc%S;@9_jyhO=Hy40PUhbR z%9CVU@EfA%JXlTnK`*YIkKOO0i10VTK=L3T!~pPDWak5J4WPl z0|A?=bt8*v^YzS-^09LEh=^fN>^N%)?47V``i`8|$kbMG7NsGV;a5Vm>07F?!!%1y zPbNs20s6Gnpb(l9pi^#pUnwOGgbGWN0~ioxWSY`vC$y}n~Gwj z5g^qFsTuR{X8LqFJ^2wLVc{LG@;KJYhfZr%QUiZ?Ei3kv1o9Qj28{7lH}6#EEM~); zoYS%sM4)6t)AxY(T+K0nO4K6lJ?Tt)2Kr@ zaXc!U=^*Og6~fCwIodW7i!C8}TnAn$Thmw`-&3Qugp(Er$!xR%YL8eiS5bn~1DuYsjv518 zqh_h2>>TU-8ssZY$fnta0;(ZSVuWmb1C}+JB+CqBTj)zBv5}3G|9+X%n%&KHD7GNj z-)oHsMofS3GqJa(5-_C!jDRJ37}Zc( zu9Io%`#f04Qd@_$a(r%FTcL+_@VjM=)8LotLIvMN46jq`x^Xxcw5o^R=;bud= zXL-!u@B~Aqv*4S3`kjK+yoAWJM#Gq4JLS&@AfC?|!+G)}@vQ+id!6UYBLVFG7w_lc zt3BWzSl~blxi-7O_uB&kyMQtIFP#+ELX*eFYNP*CWQudur|eI(ECWoLLRujJRo` z6lL+dndFsVjI&UdsZP>b#_8eBX`&L}UoJFO zmh;~)6ZLwxJr-`pkYE%V&pUMrIZsQUJ9F&7AvOLTC&chm7tl{o>)=t7p{g0rNT2#0o*;er5T50LIzG zqo$QEhxI&r@-T(Timw&0=lkleP7(<*T4NT`v_5P;o*iGn%ELS#@SSiJF1ml^(tfKb zQnt)4u_44g2lGQyQPH_;>Djkrso(yioz%a52fHmnobqYa@Z%C~?f-B`jw)Rugxm90 zHp%jV^sM;&ydZ}^DUS3D@FTi0BoSU)w%S|ocaj734E?nkbD%hzOSfky)6p7Qdu@xF&W7_J5xAHnl?m;uLoymiM^u-gVd}R z>g>{WPcu}r56RN;>j&AKf?F67vd`B&XIx^O#k3*D6Q&Mf4>}*0r@8yNO!NCX(NFNn z)}kCz{>p>5^d4-+w$R*^=5t5)n#5CtThr@0XU~*#b91+pW>mf%eH1qam{-95@vOh# zf~ZP9xe8z_H@*JrN?@y{xjs2BQMo{(I?}NNE=S_h;R*l9+^5_&w&j&WnxOH%-CdiA zeow|W0u*bPH{sIc5LhIS`BQ*Ryu{IEyMJ*wk-nI*2FAc)F#8gg71WP9KpBkfX4 z=b+wQ{?MJNAA8^iCe1-cJ$>dAQC>ScahHOMxkb{{cSd>~^k#kTMasCY4Y)w3ai9>d zPRLP1b$9S|&0Vi|37a!T3AL!Q&Lc*?ZOfNGpiyBez^1d<9vKdF*83rH&byPO2Hqma zb}g_u;27sufjX?b^!(x`=ik9{^qe0xEllSXZVEnZ8BtyS>( zV5eH4W$}pJRAv@qt-)EzXS!?#L1N9U^dNQll3RT2n>|ZwOUUFJ?0p|_> zrIjTI@K;|u^NqpX6~7G=TVscOfbx%R=Nu|W+rn9=^RP?fM%99f_!pdMo-6AI>+kcc zxYhEqIgc4-Q++$p=RmGL)h$Nl$--}kB=up0nlm3--v70K(Zi(v5hr!q_AXodTe#u_ zV36x;0$G1=CR2v-8E9rv`P`Z0dwYy?@_y6KDV_$oXkVaUxKN4 z;5Btr$~z)u`@1xgYC%g+XV+RfY+oUu=epqi>A!uezUBdEsEx$O?VtWWQakpz-1Ng# zYnZ)nwxCw^H0ZLJ!EklR=h!_W+wb+Cdrh~Y`1drafaP-3qNE32e62`~I5ja*49Skq zb;o(;ATaS5Hz(1oTeh;^H)luotTnTAbkz`qya6)EObP1a14=TJ<@Y3{GaEWG^O%uR zM3lvW{?N4k$&tcnvbU7(=q8_%D-TU+OZO9KU^{yLEYy#B3sZmkrb`-m`7PnpSVYd% z0sZXw&wjbIQbQPvcH0D69P2#*Kl%3aLRkIFWSe)~yh{;{IS{109TBMPfYtqKLr4k& zacOA<4oOq|1CsEiZM)M8P0h5-G~)K4u@V@Ko=h~iC6XTXS{HwNfKM`K^o@B)odD7f z+9XLZEEue(49Sg^Py^Gwp7FOO549RIGmE{SzBCnM$AC@x4l1^WOP3Q5N4u3IlnxIK zF$*3Xi(mbHQuij`r?@BO)kk}gP~VJtM46lEP|KrBPw9I=KD z=eKEZxQ*g5c#imj@mYz|viWr0v1AB1G}EWL*}iMt*+D+R)@B>TPUc^(S2 z6}g=&qeJ>mOQpUc{NeYb@F_4tisC(^xVT>W#dt&yJdihlVD;mz5>k@h_RU|SPgi78 zp})HVvP2E5+r4IqK((mq=0*(8mQih>D`W=Kwj=`|yMRD3IWie05v%})LR0o*F;B+eBpzXeIvO{EpWQzwr zyni*Ew?XA)LwT-OVo)G35O!P+6TF&};KZOQ=6dGi+tntsXu0Pp!(*aS#V))16U6D9 zo-&-VJOfF@FezpRFf%j51_5%fs8`a>2Y9NKq8tXnIV7FZ5^r|BD%E`Pp3p4z!jx6G zPtPt?q4)t2(7gFeM=IP(Ah#Cjl3p$(Y#RNywHr_fSEuRA4>v>|e_q%O8BF(oqq*|+{(ZwS(%l6$IGKK|SGuhCWu)T{L-#805|YB8oQ>f+648`rN&2w#hz7bx4mb+D3dW_xjVJdB0BCBe1tWKUO_znmr?$9(7EZ!j2= zIzsd9Qt*#j_UzlOzkYGRMjtDA&>`zaeLy252){0_NPG%QaYokZE;Zu~n>}Hc!NbY{ z9i{H|t#P%zrx}_yjR$YF0UAcw%bOa>m{NBXH80`OOd*94PvqpPLvHpvS5X2#1J4K5 zoF^SAXXUAe3w;zP5Tmm53({M7lIyU#rb=aPd84)>*}n6=ae++xceIe9WB*)!$X5cF z_5WMx{BMDiCS)aYH?288B-?gcZ1ik2TFlj!SibVYIr_@i!Tffv0NwDzSNzJyXJo?z zgCB3FY=gi*qAE|4ZHDcE>1jNhij&bzH#TWYl1UzE>EHetsl70c3Iu8|=<6tr^0Se+ zQJwXv`QD*v4>&lC+N3-$iVlMP&9TxsWg!QyiNC?ihSa7a#{>0bn8LXjUI89oy*0Y? z019?grAJQP#MwBlacBa{8G-T7&RJZ{PMOocuusEwB~A3LwLG0k^0guFzbo)qk#Ys# zD>%wA<%r#JMrJW%nAMgZK3~2B0A$6x#!UsmEjo`;nteFzwC8|VpIM|$*^#~B>MGmRBz@M z_*`rb4U4HFkbdkBMXIa~jNQiIOrxPWPrIL;Unx3Gk(jAEG3zwu`gy@76nVaue;7#4 zsk{e*mYh-L;u2E-*<z0EGT&!4!ZUK4;@Grp#k~W&V<`9`Htk@4eLFbZkgRSJi_MZl3tut1dA@OWvH8{e2I{0 z+HLKhEmi-Qfr%zowmJgk>xdYVK1qH!wvH$r*w2jcDCT?5P|B=MbM>gN-u~w=1(VcW zaypc-;kCzR8XN1GxC0GLkNjI8{VrmZwfCa|EC8EJO0@tpRmp?$q!l9*07C+@1+Q<` z!a|;6miba7nollq2uLpm1O|k=@hGkoloO53w&q7p7!Lk4<>dy0Ocy0`#A@HL8k@K0 z@rjdDenboDd#`6DL?k=}f^b9d4xuW{`O9w{EPs06V#57M@hEhLTYAoGq)le(c1lbQ z&+L!m(P+5{&xXhJ_e1vH+}FGB9ODRWU;9F@+h?3U-q}7_i2QkBRyC!^7zi%YFy&q+ zy}ln-bnl-xDsb1-_|f7UbGl;ky>AUexq^AB5&qFdhVAJxZR_;4@QhT1+2)nr_VFYJ z{pBV75x0hd^@oFJZZ(QG-ps#yIZd7Qb0NH`(U1D@{pe(;_2-4{JlzG+f9>^cWF%qh zMwVa0nsNO-{+}1@mDc5@5N{P z2XUlU>d|F`ChL9lzYfr%$5a~yC}vqXZ4zE;wICPhUABm<`v@OJ!A3f+g6JvlV{2iN zY|3h)adPfDyq(F*>rm?Fj>@;Dg0-FrQ8%6{36B_;@D~I&PR#nOVJe+sV557X#cBR2 z0EUI@OUq6sMmsLjDsreH-K{K_v(K{Jmw% zOe#e5h9G>C5E94=)0NqwhQk;f8b)P4$BDQ>sg2oQ{sVu#*t2UE&9cQ4qt^N*Bj21= z;h9}aoJmukOYU={j4*4@^td({Ak0|NwY%tR)nwK{-GOe0RXdpI5Sh#Hd%adj1o`&c zpBEag8x7bN3wP&HYh+ksK?t(MW`@>4;Gi)8q(C+_mL#bV8oUSQw9WXvq`${$%$@CN zAzI^Wrr766+%7qLV1ox^I6c_Tq);X@q9|Q;Nx)+{HjM8MRap${or>TkThI~G6-Bg7 z)x3mFkUCkto^p1#_^#&;%8%YEFxSrc-K(1_9vsc*#SJu;GSu}hN{$nk(gsRC(f0^wPzb7VUjwCKJf&dnS+!d&)F7TERNj)aJ8Bzm z;3(Xl?qmHrXMr7DK9%!px+z*YAL^OV2>S+eMKHg!f6p*lb=&QcU$^cijI82^n)^!X z4<5g&l!(vsR~**H63OfWD2e8>z?ysK)oAU;2jGQFNSvI`f#UAL1%ryThDsg_GaHmY zzoJf+k(r2xK(Wmym0N!%zI#$Mn4IZU9x&g0Qolw928n?POqEoG^nLa_0YB1CSd2UM z%+sz3{sL8PAAOTka#MOG&&c86GTXYtwT0`|r-2GO;`>&ftkj1tq^>^J}WEaLwkhV*|;#R+@u>vTvCg)=g|2dO98E-y5y{BQ38 z6VIwQYWgrQ_%&yW)Nh)Sw~qPzZMMbs0H{Sn^uivLkl75J8uP%9BpUW*-hHk7VY0}p z|IN6+d5$#tSHQqd(TvJyKC75=MAB9u#Rpq?K6O`fkmFn%OGm;0?v_?J>%{fg%Z|-B zM{F#)SrBV2LO`9DYKU38X%Epf%d$`8VAm-`8t|dZ=j)mbp1hijKH@&b=tJEl?NY_* z9!s^~!S{z#Q!ZEeYkX)foD9Kwyuk4K811ysGfoWT=Zl`3Oph+XcAv;1epyIq4xI*4 z(d$1i47abbC;xGH{Li`UKW?bMQabo~Vc<4qR_2Un#Wn742dDqR54sdjj4}z=i6>)w zgnr1z*GD5~Lwz`nNa>_JG0mFY7)k51X+@Z$I@nEFzir-I+@(2+&WA1frK8#P8W3LWLE(4$&%eC#k)t6CU*S{2K18y!v3)s zklCvIuM00a)@gHP#E@0I)S(R)VCSF5)NWZ^U!{QeE$0FAn2Aes-#7Oau#ODNcxTS? zgsJZu7;I^vu4pW;#^xeo{O5EHqThO8hBokqkR?SnA6DF0Fr*k7l9gAS;kkbK&z6_p z77pyl*w$v_osupp*~wdgWX&xCnHUA^jQACj9~~XOV|xY5TJAvc&ux)+n4SFG_w8PD zLDfl2Aa-Z`_M4lL2a!rETQ4mSoq{D!ssUMV6HiZ7ZvS#xelm+bQhUUw{=jRtVzT{F z;QYXS=t2oyP>ZWm!RjbF1F&q|jD?i!Mi)v;Xv9O$qK z0qBH_rmCRr-HAd3XB<=VwbhA1+JOh-4CXB>l)-}^+S!Rcn3sLGP86>ep{pZRISSQt zo4QS651bw)8 z?h+(e1iz&*iD44u5&nK9`TA;Dz&1D?FhAY77k4|h%J|*}@0l(GR`2K-_+0hEXO-8Q zRY>nMwdymLI#P9l{J{<7ymP0;%Z=Knz{-)`OK&r0GE+ck32)mCsOoFCYePn{7HHKR zWU|WDp-ZxBU*E<7&1736j0OfD9lZQ`;c7sb5k;l_kCmSn)=saZw)jTi_4TL_c)q{% zZbjtHp2hm@NWyj6(PqSHcNQ3keIV@~WcbP&=WTm0X}Tg*-ores=vJ{hr`r{xz?2K3 zT#nUFon=@=eehsS`R9eL9}mNT6t&KRpBK;@l2daw>r!8HeZ4J1PzegREw)PQ(r4^W zYP+LxzSPXDglc***gE#G%c1$rvfsQMF7MJjHe?M|z^y*g6JFEsNrQ>XtUFjGdUa#^ zdq;m$76zpJEMYAdNuJm2cV_T{m3XO+KXYdQf2C%d8lyL z$1}+yKSv>VxF0q}DSuF|7DO@j{s>d-EpObuB=3QOB+*C2@yva!iu3B>iFimohiX^>Ez30kfPbF_(iB9_dpXctTnedF}%PBYN*W%P<8K9kZ$z7;yiM&U-#^BDP~n8c+7H@^I^Q)GFY>fqkCv_1Yg4h zaf0M}Amw`z7=c{H1$g)hBD5uc{YfpT6OlEVN0!{1Io?*o>n$vmB4L=uda?d-TM&yW z0C)}A)Lf?xk}iTOw48=?zGhtuiXF6Ss9ZxfWd87a|5=CmJ2oK1set1F7Wz^zx!-DM zNP!{CMsNMFIc_u%=F*)f1!9@!yBSVtEROeCH0odc>&*2(ZvXmFy++2PasS}27x_ox zfBPdVm~AKR6{1lWGS!_r>a!w;Z~lA$+55_<*2VrK%L0bk-52Ct&Z1kKv!fiRYbFne zc3aWQ&7C1+3#+^9$=>XO!Or~rlWi7d$JHPEP|g^JYGTp65}Z8g$c@i6R87fVztPOd zvlM6^Xhb(xK`J9}JN;nd(;YZ?YsZ@M{`kl#CfKy0psv^Vn;%`%trGB{^N5R6ASRg9 zh>(rVrMWrLHQhg>ufA1?vXF*FN@{F(t2jAd)?ic#MhQ9A-JyrKv$bd4>WnXEc*d*+ z>8DX*L-rEkf&b3Cq0OM*JHtX@vlGKZ93x2u{=y#CPvtWb0tn4M!dx`qthUO+Co4TM z^TfnAlJ~ir^n1c|SUTKwLH=amxnL7Vu(&L8^2U;y*;vsA5TBv}su8?}oz~=CXKjyS z!P(ej{0GgUK#pR8Mu013nwj6ijRgvQXf@_L%iYm`gsIndb zu^b1dU?WLseakY_2^g#$2dW|v)-y1$yqX)XT5mS55Q6REb2gyJcpS9$hfAaTdJy@AGu;e>2^O-KH9k zoj<})eqWn=YJYA|IzBDnaCA2C^fb8ai4F@Xt3DT6Nkr9Fzns(U+bCm0vYh)UsyFzQ z)`V9j${yGqr`z4hf@J_Xd>NAL7-xAwVpXwjCB;86WVYT z_G7&X8iXLj9rx3I1shm-lop)hok9BlgR8HqRWp)eT0M z!{vE@UO0c`=p<@sE!(G>O$xF1tNW(d_|R_K8Ei>y>|Rf{bWsZxu~w>MMm;GEvO4P4 z9GWx1fUL^AbN#=#aRT`Z<;tW)xw&0?^RK$+)p;eYkND+>{g7FZHon%Jt8?!Iqx@_C z{Ec@eb$HCSaS2NO6gC|JtS>$3NHrb>vdr}jR!6F-K1mI(h>*(?o(4nmBy}_2ex_di zFek*PW~v2-AY+S=6NYppb=H*K zddlecuzXdJ+m^36;udy&>E;#LluK5d&g?I(AUj8yh{ z&%%(=9a~Z)>$uUaqv!6` z``&7Nn3YqsNv<-uQcf0_1AR##KUU{6cs+F)S-2dmM~hND43){mhe%E*28Z-l4TJol z39Sw6hU2nW)~RLxf=~GnBZGI%jiKh))Ff6FU#W<5Hemm9(*&xyD5n||sl#Q)+8~RI z6P?plBj8kYd$(=WdK=&+zt1Bb+H9RqSqiz+tzD(Ol6Na?P05S)dLhP4u2@%_0Fr!d zEaqD&;?D9@w~2*&3^wpg-t^4GA|BdhN8qJF6N846@2yz`9KA#EGLD}Yk%b?ixdFCC z19td(Yr{~4Y$w)^*e0N>_+J>!(-XqLS&;emD(xF0b8bnO_Rg?8VXr--48F z6dh+AZw09)iYJb-{Jan%;v6b}rqSs&E_N>N(F-LFI zgQN>>17DQeNHsh=lpf|UuF9&EE6caH$6j6nU>7iN^?kl>q$nlCne6d7=4jhNu`ASf z=M?jisP|b&(tPRkz;XUZVo_zd+U>l6oSv5;Em~BIt>R&JFdvr2ZSL47DLx zhOMVQJ$%YB&>L;GXY#!?Gf*0x_bTc8z1OM{XO4Y*D^tIPEv)PT0Th`N9uNOvo8v<) zUBy>BT+!&6Z~e6E$yWd_GNVobrO&W_`M1|EV^#&M)>h-}vtbFx9#`P4=e`;rMjfvS zvO*vAMA|uP>c2$T|(NJ2bjItfhoMG{^qY)2tie#am zt~aad{D7ij0uQDX_p6>tfiNdn!yze7v0enhLI4S0DYs)AGPwX-ij%qd$hBhownI|H z-KAQu!Llt-nqH|F$o1Cs1np>K=SJX2HPe$-4Il1C<1QH)CKgf$oJI70UTxXp=1Ra` zQboqXyfIi5%L+4w+$#W{&XC;V2-JcZYIIVb@%?NJ)$HEufc(f%_ui}qDo%c;nBNXj z%oX1wh`G^g`j1CfmKvBSyT4m!L-_pj>cmFAn@zs37yTGCPJ zV!_Rifcmp`XlsMTZcxAwBqH_b>{%y<+Sa!8x2@zFHwUWs zmY4C^?twG(hy7AW^{__5YId$D0^>G7;my?Q`Z{EvjH{_{ni<&{L}#FfJ&D~S^00c+ zZ{_>C>pd)=(=13D($}peGSSPSFUGVcePGI?&*4_^WH_z*E+`9C`D1I-!c)Z)3rI4d z2M(FX6l;1_DFi$nZ-f23Q2$7(YL>WV%#Xolj(T+@sXCi%*M(umxcopq-`YA-)^x0gE$}Su`|TjX-qgQV@@i60w>ia-;cN=v>gr;cV)aTgJPiXn&5IdFGXLfE zp9+Nk3lsH#gDP1WZVq<$6kC_4H(w_qGK zCJHK37+D?1)BCMyO_@jZ+Ve>K(9a8{vj+?y`mydWTPu%#WW|g#BKIZU8`WFBOAjNZ zBJeS#F?z6)6cK7u*t`6~a=u5p z+>|zhE)vk;n)ezM1W}%>5sfwS+mFjk$XIfsVoD(Vp4CDEnQ$}l$Wu{=GY@GQw2bye zVd{j|i|=74*{O;-4`Y`Zz&S+6OnD@&DSk6{;r>^8-tyd-)yUTKe5{kjrrKuQQ<`CGApwL}sV@y>)Y8MP?v`j6M;GaCMno0-d| z4>lMjnAXn@p=`Xuy49Arya?+=AxPFo$)yGjZDE)on``pq3qA*=iicXWcYp9>Nx?rA zo+6`*0FtD~kZF0&872U-sU+E|G4stIGa zz*wO&3Dq0Y)&{!!`_crxJyd#Au`Qd$2v9~LB5+ltDD}B8!71RYzg(lK_#*YbZ{0MzeG z8@n}^#rj_-B))+C*d8nZGM{YiPp%MMUu{MF20jK7(zfyzzekUbCg+p^=~FG_*2{&u zMnguDQyPPoQEtf+MjMJU)Urt~`w$;TG9s@Hf%%+X4T~Ofu?U)S>0m{c9?g4Q4=CM^ zm=|qig~h$bgd*dt+zjwfB1rKL_1lenH+5>j8&lYRv;H=@&#dw&k^YjzX0IM-sdsL5 zPPdDR)g6Si^iuNHhnCI5p_-FhXupH*%d0xYzT>q%cQ-u*C!3!8W%A>lXu)fqlBo#$ zzp(Jp12*_Wm4w^-b*E0YgjSLZy%GdQf~R+Q&-E(N~=sN)eW56bGTGduK;q9;#>KY9+yO0Le;xSt4}u3r zRXthkYa;!t_o>X<$bPwIBddRaNovx41H@ocDH@cwkQEq| zs^2oUsiD1~UHoA(U3!BPSRBqjDyld7>1`CJWzfd8wiUgJPvnENlDR0lr9fw(c~z4$ z=QVQeVAZBgxZ8o7_lrD5iDy$O?7RvZdR~r5|BKE(p(Ep#Y=P&%4fKnlG zB|Z?$lV3=~giQ-KpnGyF5@MbT<(a@n?n}ItNe`Jk5UKpMSovjv+x%{mJLVl)eOgec z_6>d`IjPzMTkLz;9yXWoRvWgDhjJCCF?^Jud3Zv<090^CRW{Q zq#AOhBona&286t%5}6}5Lm^1GhzADafe%?S2_a1owAsDQJXZwetzDLWHTOAUtGI5b zTzK$naffzEzz+c0s7j^(c^v!Q%x*{VIgf?k79>Rj=x=uhFhKPeNgB!q*PIKLDvD=p z6ZWQ45echH1zxlHmK!D^g15S~`<-u9^{p83JqlD3jaLQP5I-gPieWqo+OSHGU^oDg z4Fod_pfDn0Uw|joGJs^pnxHiis5aO7cy3Mo4 z#XchRt6I(HmtYY0uRmY++-ZQ6;9Go&m_yjbip}ich`Pi(9c1* zRgX0{CRVsx<@C{yBk?c0f+bMSysGs>3MM}?0SwnGk*b5psuqRp{7Gd|?SsnM7x(`t zG`E?Bd1N6=ctPS<#Y^>bF1h<~IC7U``Xp;(MdqIR%1=gS;niMOuLjY1x@&C62V!_T zMiqSnD;rr8QYn%B|FHKSP)%j)-!O9>9kAdaAVtbZm8uYW9hD*_ASI!Lv;YA@F9C#6 zL8K3zBot|ZBorwjbQA@o1cXqe1OzD(n)Hs}nLBsxom>9z_pWz+-@DfPegCtvl9O}x z+1c6WtiAX1Jiq7n%aa*C?rokNFNUY44esE#k+%v^amlQG`U5J+thdP?x$kqg0kBh{ zU&PJ%%9bV1ulDVRqfKhzUD&Xzd0anloF7mQ>QPNr1q^+H*5cXyZoAN~XN=dviR0UQ zs#4pZUvPhFSVA0XR|_`-fhX6gnfFMsjo^ROq88?Ju9;0`ZAN6Wp3Um`^_Gx**Peml z2S^0xM>fI7oB@=_4Mlb@Zh9Cm-3?&D;fXpa9?a>o%o#R-8ha?yrhHQLi7b!+-=AN! z!Cf|844)c7^g&>-1@kUcJF4sbW7Qj>K@?TIMGu@)78#b_^R;50;&+k1vX>nx-pwgh z`!gNgyUt2d_cELA_OPd=M0nU?CTD-4#^$0}cz?cO2}Cg7Bsqr~-YeD{_(Y{b5XFii zMj4b+%{`3LZgOMCsf<@P0(UhP38Sa^MTWN#ZOqIvyK58k6|DeIL*1>c#qt`GRpc?H zIoSZV%QG~zlvy_o&}^&>dZpkS6dha~ViMsWzdp9#2%fI!Hm%$*tCcMlOBTU2)Gm2i z7E#%vs?T&%yi->KLBzI=$XqE)E(h75>uYTf?}c;f81^T=D^zdiVKrkep+K8j0!!E% z5@d}K^^5JTR?t_uZX~vfL8-_-Wh%$?^{+$q*=dln4cUfHu}*Yp0Z^#I3i>r`9?iEl z;gSO5SRD#SueR_#5<5p{ZU_&6Ux^P_70PV2Sbh##KWN0-Xw2?^0^R=|JC9jr?PN&Er#ptB z=|BIZ+=vbCy-VhzV&Hp*M&Ib>%x;@|@%-4&;j#a9?QzdwX3=Fw%+RU9H@bq_-jx8M z)lkQ+77gVfa|9X|@?zG8srzY(M_DMZ!=Y^<;Ea}x>3HHRoNQcetQzfvZ2sNrOz?~T z^-Yt$p}LJ(Rj$;h?T9CT^=RZE!apxgC0eXF;L%!ApH6kT-}M%RfBws=_Ikr;)!EWW zpya%hiAua)^1zs%YbST~QmY8r5OlrOL#cc<`y+trH_6Yh(5xqfl?hbvQh z((Zf<)fB$6WCM_%yr936U&DA4stR^t3>ENXJ2m){bvqEGKvm4w> zA`-1T4c$f!8a91NHk_cJy2U#ZM9SQPSYAa|m#`5hjUkg3`!bL`IDSCS_SZuH;-vFv zn$|V6a!81}8;S<+UpH{6od!nYX%s%`T3i;mM`@6?<2`DrA}fUH<+6(C=L;C6vGcoq z#N$DO5u_Ng&z4AzH-p#5le1!SvhWLyYh&uqf?U%1JymEmhG;x-Ht>^2p{HG+kq)b9 zZKtG*v;SmGd0+A+^bii)|M{hu%&~KdBt{55$f(kNgrwrt?{_IFQlvIele ze1TXFDyE&k@7;FSZPD(Qe;RfBPd~kl%qtHJJ5AE3MW`t}nZA@8xRDmh7YZ13&;;^H zbV}=f(giMoQ}>#s)ey&}t{;`(`1Mn_lAH{Y-{@$A4Q;<}nN4s0qn5CPxgUZhk&~?^ zc|`dqUSef7*Qr7cO)2vQgYfhtRi#Sv+_>bTlvKS?Bg90$Nv`w9yByAs1}#S7UE&2J z1s1n2dn{cEhByib?%9QSTDNI7;;}hRJn&L1Ok|$GW6`e2HSW1H)7uaiSnJaH4@poobJ1Kd@zV`tkkfV zoubWF=~I#fAtwDBla+66Xwx|CI`rK~3Vva2tg0X;v4!dRNPlMs$Ur64)UV1k(P(m3};SiEWi zCc=jf?zi`ejvx#gS^%zY+MEbJRxGiFolFQeVDFfym`ZBLCb}kMDtTQB_KLDh?;Z_G zNjj<@#{)`9gYlE3$X&@1-+4cZ9;orspkTtwW?nh&8iX$K%T|^Duvc8qR=KpNzMr=Z ztEeYWd_kGp6(~~hTKrJzU3hAsk1tJxEE=m{woOoR#LDkK-kv61#zEI8 zAX6hvS%{g036Lo^Vq+p}Z=jMKsd3+UqvF6NXw3Xn3_}8=Z;`IAO=4jVXg)Y01NRmV zplMMA`mU5aFJ9PI4dnn6=>OgJ-9k*Sz}}R^faL|wle*s5K1u<`UhG^q>9upBH`5e9 zd}Y&IVL&!9tIJFCY*nq80!xJ%U5B7HNLQ;xrCquAm8HqIlf3CPHTN=QZjh>(VMVU9 z{>0;PoZ13{_0ya-GN#0$8YnlhW=$&7=?#){&O$VgdrGK1ga( zeehxd)y^jbyXilys}~|DRj$~qeDPZNq1re$mN4)!!%_-^A!_oouP)yE5qL%4SyK#U zSy|?Q<+hzPCR{3`Wd0aznfS|FvWS&g-%e2^@vXrK$ zF(j1YLx^JGK8xp5|^#+va9Hiyt>6u9>fA4rWKUcpkC;Og=ku!H4c`6r^{` zt!{ur&Lm5l7`hSbcb~I_FYh-g zfxb_0R?b&T_osixcQ1uU{i$RBY4b zNPRnG^rZEZwR$Go-5(ALclM2TbyeY$6iNEWkS}M2eq-yE-e0cZ|HHNadg!~$l2+Oe zB-0)Tt(`1Nzu>vG*|vcClDUZ{mw`C>tK$?(&e8+Gr2o>^7B?e zW$J6+pPQ;*zqNb$8=XZCkRRjv6VF1Ik9MicQQykdj)KaDabAw*X$aItS*rn##* zWnM&FyfX`~y;JDtD;;EDhJVbf`yM@3jrQp!Pz7r;t4tbQzH?y~#~|dkUXwgsV&K`q zX`ctfoJ=D5RVcW+;Hb9_k~*D>`Zf?ZvkLpNLUi^WAF(=e^*X$H%D8@KB;83#GAS{m zOQwL%BNhu@QmyswsZ|GQaLna_<{f|PZUSKgyC`TF?UUSTdP7L4(X z=46a<`hpHj<~cbv)T~sK1LnUOE=9r3wnKCl7oSW%vXaBrIu~=pCd$QIOx?CwUEt@X zG|dVGlO;H95ID~U+iN|uRGiPP_)J#pZjbL*R!j669xu$^Ei;$_{5pr+zEGj>l`3Dc z02BWku8O#_!gLpR?}dc>HltHQ{&Qx!Z^V>Vdx?a*-!B+HxT`4ODE^{^C^IYS6JK>X z+8Mt0J+-%xt1DUD>Kx~6wk-BUJ!1a3oMy7SQCX;9nWwVbseQ3vRFgZXm>74Qh#kBh zgQcp)hAblmQX|W@)~@o~y!{BT%-(;4IIJyQ%dJ$c!QEh!9u{`WyP7Y;&M<_kE?St{ z_5fe7x%#L>RtSA(vh$u!;DAi^JJo{M|G&H4U|N!1mawIQ&>=;uc-4!mOfaQsb$_?I zY1>xrpIMLUJ+10;r~#AkS3zeFP8pS7%%#s3D#i3)w<&zwqg)*nvCy&Inp`{hSufqj zk`;3$l+cy=kZp-^xZc(n&KhFokCYd)4V-Vez8*Omu6Fs;f|{69te!Zf{ZY>^ba$R* zC@O?zZ6}&^BP&H*C)>2ZeH?$;>an=Ku=5sP5i=8e{GN?lceRPoLa}P-N%k62Ce@3s zbNP#1Pp}|;R-iBXO^@cBY;6cw?HRxZwJdRTEnTxjx`<-ANdOe0j{KZZHC|l}MlP3p zB$6|1Ia3EzCgsTNT^>Kr|NJ(*ai0OvKF#K<{@&uPA$hH=1z=XhkEdRS<~mHCH8*}R zOAHOvis8%1*@hUq%_nJ_i9m$6deTyKYjOA7gf7EAsw5-~K?B~UBjy^3G3huQPGB35 zfpmPeJWAW@DPg>YUt+Uw_6)o$E4a!OpRObPX&W0!eZj!G?4osKJt(P^%HpQ?gSmoQ zXYBi?QWNnWeWTJT$b~N*)v}@OOQqsxv=;Z6x>MR!{Dy7wTt0(B|K*$X7gSpY43;){ zEA=;unE|GUq{RKCu80U;s^K>}CF;qEcj#`=#3pSc|G@6d?1SpqzSRla{Y~|jC+Pn; zIRE>>bMKiW>`q=Em2Z8cd(#?d9(>jA&x?eAx#04BucBqESIuqZUdqi_ME|+d+kGb( zzp?5s<3p)5K>TT|qmo?X+Ifxqm)HMt>2F^d)k<`*P_#j3rJ;*4ti;7*x6#0O)+7F= zO0}5yhh&|=J&ycpH%D@${WY3c1=Y$_zr!YahFVUWwjqzWj>#LUV<-Wk5zj&;0-I!K zN3ie$2Y5l*9eiw6LFqhRNRd0h!xF`O$@agwyZ1PB0ccdbP^i0BCHieKYh81R5=~NlfHpauyg*b(l z?`JCwS5K#kTP8l&rMg%S314(k&McrdlcmTcKM7?y$uZs}SXsGgm$-?I^DA78+B(<6yz)XF?JsADs(TwPe7A!%wHO>}M`8Mbub45jo+#S-liUkDIV{6_G zVkm?AhW#BD)c1WI_`}o65cqGdfo77(iiUOUCTgML=4~0(OV7D%D74W7v5EyhE13>6 z=}a-a1q$2R}Z109h0iR!X@BR{S*S#d@Q+x^BN!N^(uM$0Er+Fzh zN;;e8QfS6->HD6Ax|}@)5Ae2z5Ssa(n>`0CLn@*1Y-Q!R5}lpflHQcrlq4|1K4=Du zOHN?zf}x8)5L>3kUWUoC^hNF8#6 z4ZP!N+F#?%MPWsFTrO=c`niY6p8r_xMHYMLVy)z zr41oD#;+5A? z@%>}nBs4d#y1DFCAvM0R*}07n-&~Co*PS7+-d(0gGrPLcd+GnEMC0&n$MnvEO3cB~ z+KwBVlrVo8<2@7*R}$|YUG>n2SVv`uAdug&&Zi#LImX6!xzoEsQ zgkc0&+6Pk&RJB<93yPiD-#)839#(#m>7JQa_PS|*B$WMkH-YUZ7t360r7X38nO6Kb zS>7J_!SjrSI#k-Wijm|J{2_H>nI8dN~gDLX$!Uk&b+8IeeJsD*%%Sp0BK?M5V>a{#xw_1Vq&D zgIp~vq8-&eE1ekGQR#OS#(yNhsVi(^#6YUiF-_74pvc{Guph2=ILg8J-f6p&v*J4! zN=t0h9CE+j;ajO=fyvU2dh2M4Rk~NBgAU$vEh=078hV-eqtkRt=D-5}J#Ewz<_qa$ zHL;NyVde(lLD;b1P0CnQj@tf!R+YiVX0)I?l7uLYg}1Owka7xgy<~4lWs)^Cd^LMK zZSXL7rIcxPSBb>YMA{nz5ombz<~%Cp{XG%T=5Wo8JNffkYqK)Ao@LsDj`XD9{uJq6 z@fWvpu52a8o7(i$bYY5v3V#W0E7L@h2ig?HSGV>ssj}m!6^$(_X$;l5CPfA_F<=@= z^{ef|sw0>sro#Vyrb(_=%i>hd z67>?5VB0fAM7Uf;XrqaCUlAq=3bVa6AXaT?RzS|&)ae}6omy$xYlfKWXPHWpg;#!> zD&h2@t@d>ojbPa<1GFt3Jtg2y_e&w74~%zAB5h2V!Z$_z(kKpdq%i+Bg%FFbR0e^#hXQ^d{t-`lzEk|eBh2?X+nDIt0Ku!Y0^;3vi zUzG2CDz$1kFWu1o)qwjWHNjlQ#8a_rLyvqqa9oz-7aHXEtl`RZA8g;uydOrSDciw` z)}0;ZQw3sOrzvBfCegGcc|&n+b(zzgnbF`l%*g7(?wYcMqb|V<(dZC}Ymdcdt0z_F z)?s3wHl!9xlzR?O8dif0+5G}-pa<&h-P`6X$0J_2ML0>* zXQ^yrVP)@l7{aa9j!$I$IuSOiG`%%Aye(^0P`c%51)N-|HMB@3^R7Q0;zSyKpmQX&5~{>Ds8lLf$U zFCkQ6Kmk%i9Ls%|X2-e**eM!k0!oa#J|-bSdG5C-RdK}w!T`|FKx(w2?QLaht_qp? z;MX1$eq#9FM%({z;9n8JuiYkG-+njCoeU)W+>Jk~{4UMGX1$;HZyws0*N;wbkEj`w zLw4Pty2~i@e0*EGduOf70c)ew9D+wR+rLec<4#d$G!cr)Hkap5?SkkFCD~8%xG)35 zE63@oMc|R`Ej%w&)#|3p9r!3_6NV)mRFuhOCR2@ZC@NW zC|NAr)DvB_F;qTxsP5|S2-YG|xB2N`i%2oE8;a}x zbUZ-{tt@dL9}VeX@j4qsUZ|AW#Y0qiE-Ezc;>1{4iu=?B(c7W$I4u8&e>&Ys=a0e1@QsK!_FsGfS7-T9%D+4>QpC@94FpB5%@nN+rI( z#|1EUFWvi*=J=x|?WiYn)vBU0JEof z;2VK?2r^#=r=`JyAHkQ+JuA6sizV_%5oC=oy@2{j}dTbuC7R2CO#HNk{OXaHXbFdhQgyn64=I8+TQJP&^DRg_eqU*mD6zC}vg4qVVp0 z)_6D`w}i^I$XsR)B1LFX!IwmutXeWjX&<%}L&VK%0Diruz-1t|tyI&^RRfZRD2$l) z_4T||;C=MBPWf-V?f;Q@+dm%Z?-Fb_EElYT)Hb-aX%z{a(qpG6xD07iP_8+0z%5;+ zCVbRw&of4>#}dJL+q}exz>0z=p|N-qF@r~+tGem6T)(%MDeiS`PY;ohOf65~pLge> z89>WL&9G?v@TIc>T!S(FgSpBXHUVon*$!6|W@vyA3Lij7co(BX-&0USe*KFRwT$(3%@JFo>}Xr!fOlVYFrZ)@EwEbf?p- z%vR*R{gJJN?TS57kc8r#)n7_V)v^tOFFCV__ z3Z(iNl0>$|r&;NBXL~d8MFaVN(LG6P=|Ku>*WPHdZLF@!`8fVo((+;To#&ti)UDC= z&ftQgzkQ|#AZyJf{FYxmfE}^v*kOc@y>Z0q#u46a$OQ^ z3vb%hlW6puX(_c9T1dz*5A&|GtaZu}!Y#Nnr1M3G%jy33>5WV6JQiyn6u${pxCg|} z&rd0s7*rF$)h4=L+H|!Nmgt&LRMuXuS6;0Rnoy%AXbWEhNJl0@lEHUSRz&R!_2a3h z{BPF0Zfg;$WX*nUGaU?>=8YmcwC%GtimF1s-&;T5iSr%AH1(*P_)sFjn72u6vX!QGBR=QXZp!!`ulMg z+Vo7-=>NW8Z~Fv5Ib13M^PRU9D>zJw_9sOLZ0zN@O91AKH@2;v1g!eCWCrXmJCxGi zNxDtem2ozN9rgz5TgY2Xb|sF2YoG~M!qWX*4c@gwe9!!uQa}SLn*hrZFo#C|6o9@} zvEYN40z-iKA`?3hPu0+dy5JaFz_MnhMjHBKphykh-;X*!zhboUn!?CQxSjabO0<&z zIv347JX9L|=7EHRo~?z26|qFI^;a*WsK@Oz9DPwvYk!q!%{>u)JZPJww&HysxeL&s zt`LoiT{mw)AQ36+?|l0@a9JN;(8v?zvja?bCanOi_qmaBtq2RW3|W*Pj<1XmsTlxW z-%Q9_`D>ZT_I~D}#NE@yBmn|^Lx51Esx+b?*8N<<$*jaoj3wan`JXz@)SS%{blUMc z;wI40{$dc;UF)Kt0ZQR3RTjD$s2_v02M90bQ7a zaO_!2ZJv^zUEn4JRBz%}hPMKb4&AV&w2tu-`jsx%LV(r>DAXsE7Ub>5uT2jMjqynp z4w|^~)A%T~Wl?wK{RY2GDs~n+QsPN*@p!+fcp!FD%N^`d`zrd1V&N5R?sO~vM&Kbt z27ZVyya|doC!W}3tvKo%$j%O9(#=c*1o0$H#C~C@C|XwkU8k-KdyQA0Wn!JoyU(`V zIt{XY0fLXUHT_@zeQZ(a89^j?4vCtbe+wyjSZWG0fI~va_A78t$xH)ST5r?ihvAzV zmNl;99Q-mg5t(WoaensBAJ1Li#~xm}X_-!v39;m``bi#M5Tn)RJRxIoE6yNoilLD+ zv~#sqRIh}i?yG5fC7a64I*USad-f_bm}zE>XR#sw>D>dzM zT%sy#r%+!mxh`ELY4?X&6Rr@kcrZ#8<0*>drCn{uD(slCW28gnCQP@~hk2v)eZEvk z$vN$L*5c+PO4ToBeIB%S@aSHhbTfJXjqYJMt5jD({k!qh@w%asT#;ryw~6T<9oUmcDqE_IlCDt4cIqw`h# zvg81`>g1A?>~asVVD+bOE5BlPj(;;^#KSMeA}60#{YS46-8mh9WAE5f$rSg3vQ#0w zn2u=7t?Uo+LdhCSkwb<89}?fU--+krg9)=QIn8e)o1ep{gZKj%vKR1kcu6a~YXu-? z<$xE(I^f|k3o*d9=uf@>BhlW%E%0;5t_$b1DT$j~r)-k-hvDw5mdF}CvFBnYQ^W{u zyJs@aPZO@|UejaWqhI^z+>gMF!h4q12D5t1*dbsaR*f!82M34JRefDQ?~;{%f4UrUt1JO|_W>`tz24otvQg?HkNhHtfJ33!k5HAOuDT2Zp*B+H$^ zsUK%>_N5^sJ!QGC>7q352JXUOv2_h8)8ngdZMX0S%kyshwRRN+IQP;g#PSB?v{zt- z0j9JcH1Tz!3UtDdgO^&F#Jgb?%Lk+ph`=px=A<-mnCu9@{&Zsj%zw2{lThC!zWNc5 zn|zUIN$9a@K}_j;nlQglkxUPYUIv-3SrtC7j#3Nlg#GG&%tq~QAMTc!zG!68m$MJQ z*r9Z!ZvrG98BLjH6|=W9*?HYbP#$?pUY(j)49G6GrF7A^c^&l12Jn-+J~<9!=Z#Fy z#1=Lr=e*Qt5D>u`zlT-Oq^VGGE6CClu8?HkTlfgpP!L!g;H;$Fvv7_C$n*>8^~7I2 z|45c`?2Ej~7-o<<(9N};2fVH7(~iS(ll?1IwMGiYmIhEhWi%N>9tYAYjpZo7*t|oL zgF3ca-Ar<2?wPYlwrDapr6r6!@8Gz{G~t=^;nVcKm#GQ5#cP67V{30^Qwn5gORdmd znO}$@{026jR1T;&Y*FrJS@bemlaNG)dVa}5CAM5Y6eXl)2nGIzSWZHguN4%@ zB~G{;#a!v7$=im)5&~(7#9%Nc*bqvUM^IGK^_9m+3KnnSuewc?MmGnK57F>~*urus zGdx~+Q>4ikHII7!aOYX$vj<9QDLK}4t0-wLBR4*{NP2aMI6^Fn@ctfCjyp6R z>kTvJppp!CJBMGRIrRay_T?= znM79qqUZcp8YD8=R z1F3A$tJbYHwaz(#eIsbt@_=gJ7b_R3A}jL7Xi0cyxo;NU!`We~BO4hg*5oS|m)<37 z#X`{lk{cjCQ6~6Z9s!7!gXeOf2;sK=EYXh(zS<%6oN2TZ=DqYHSCbI>>I&irRa<^m znW=isU}jHbO7duh$H49*uX;O_aCo`xR9*j{%4mNq@orivLn=l*QW1o={n`sergplT z=tehi7~L7#q2Hju;5x^>CXGq$={d_Hehb3TJ4uW)QW9>d>wRH5!v|AcLbP8ee>}2X`=y zt)G@EmexNOzzJgEu@1XF`i^F94PLO=66`$1Vo_GA+ItorOqZsRAgBLHsC z7nPIMg@FrmyZ};6guH2;TvgIe={o+Y7Ocz`tf|SS>AFZ$9n-W7W^4gmhaIqFdI6=_ zNJsj10p2V$%ndIj8nf`ce`z7nInL|SGwGE!$jYMLJHXp z?jT&RdVyZaib0`J?Xe=A_$ACm2R!bObCj6+VapFg?&}9d$#l&^%q-PT1_ZQS=(BvN z&98FInkt9Qs{An}=<{U-+nuSpP444D83I!qiafiBCuzp{>wlvw)HJoh^LJEWYZ~5_Yq_I{88z3Bl0l{eNm4Rh z>-RAGk2tBjAUCU1JIN3Ml$}FP`$k38{KDxIm&kInEsltz@T`9-l2m0d3jk-ge9vA7 z>yAX+%mg@+mecXpuTJ&v3Vfr4SMeu&jP2Nwh(VcPBukD=$*ATEce>>^dfNyuln(M(W$n%@>}ZhnZV z-{{P1c+VAnzSJyax6jQz^!Vm_*OpnST-WyF$|KgKD#pyCj;sT2UUrqgo#)Rk*y>(4 zRT6Gv+z8<|iF&ug>))6gad%EZ#Y@BAQ2UWyQo#YW+FL=zknIh|>uMAuqw3kSam!bG zbz4(~dE8}@W=U3;LH_n5U3om6TqKislgS6jTY1;kdG~yi`&U{vIUS}^p4P5&JMLLa zAai{q{LF#cKBQouTk`4hoCha$v;&dH;1*PzUAUX-QBx#%m%^qigy}4Qxsbi?c=dX{ zU`sYX*^&UoAj_{xnNnP2-PsH9b5fWfkvv)WI+Ls>C_$FOEMo>G`)CJ!kjLC?W`S^o zxsr|8M-Uaki5?C}dsH@Q250nY1<$SW5^gylyQ*c`C6>8#0UtU{wxo2X#5w zkMnXsNb^W^qb4)FPvs<*SE z*DmADA=`Snp6r42o{M`x%8C{3&bpsox?b(^H@a9qN`EH-^}7fKD3#IL+N<7gcH@z0 zE(~YJ{@1DUkGFG+h@dtRG2D_{6uCObkgPoiXvhL&(ih}Eg9sU5P`c2vz6kRx$;Xtb=~;=C`tsNto-}NLSBMRj9;VFd$>WBetQpB%xYn}>@|pDlgNmyc~IaJpX!;cv6yUH5-FVG=8|EN-|KL?N~HN+ z7e(JTl9G}dV7{7J?%D|5TvklDWL@PYTLfDjf$!o!bGjGQx8q$1+%dmt!2*kC2f<6= zxu%x&Qw}@)=$9)rdB*Pm?)7``nwDmjeSY?@W%0YjvuPufnoJBxF*dxOC=`h^ohV^7 ziDymjx#gugKCP#;Xh)pNDlsZhp{hpgEUy|u)k9TMyCVl;TKJEYSGZWmmQ+h9exSFj z3*&ng4q?L+cpt(@ohv zGP_&Hv5skyAtkt(pU265zyM&@K&#%}^W_lfygi+CP3`1#L$I7gLN1RJbSd~wmy`t` zax^s7Wl%rjhstQ5Jm){sjQ-lo=eyk^^bW6@9$sn5bSA}d-e)Hvk<(r`O3SZ*D8LsD zbx=xsrM;1+$nTeu<2Z!V&EUN}a93<~cfje~w0Pp$yo)?08__R?m@-6HRMZ9(s6RH7 z(YA&01x0_Sz|flWQ_xVtC>5>@#kj+o*8>}29!{(Jvm{$~Pip1Gf{qt>u_kLniR)jQ z0;lR<*)qQJ-%h-h)yqx6x@Z;aNpILS#==L|IVmWo_0BfyAU?M@RPf32TMv72TtQkj zAMir^>ahppI4V~xtqg;99Rn*Kyg1=>ON6^67HOw~0IGV>?ZGjIV55c;wyF4vIRpen z!aC2vD;9#mtK_3sYpA&0cUsiRRHj5GmO*_J1XaeWAXa4k+(O;MKOV!YcML2^b(mjH zAF$>JJk!{f$QU+XxZ;j%ug^$HpK1Euq=AZUQ96e z%is73;S?}mf z5fxh8p>OF1gXY+f+{<}~L|0h>6=!KlCL_f{de7)Pm(ML#=*ca5EI}UIx|O)c{V+&f@$9oKV;##jjI z?~leCJ{lBl_j;H~?+JU|*RsgvTcpR%O}vKgcC!F7=9qTSuuxu%v1_L*fdP^x4J=c* zyKlVOVKytWnLrK||Jo%u7%cj#7s=4!BIYzIOYid#U4FNrnpNu)y0;W3dM5+)(73pp z!BIvq^@{LY!TU}^scePQ@zv!r~`=rW!+ham1vgYUi0%FPO=XbiPV`m6LEHpCyYSENt z>`irA1Us=AXeL8-0B9tO&I7Q(mNqWZo}C_r^}%{)z_itKhqg0zxutifTJvG`c0b@ZjE?*1Y7OYNDf)wr`AeOa54VXIXL zqso+)7Fjd|MhTTbiEv+1G=tNkfC5w zNyWME_Zv+A@|Q^hkjuwK-nZ>J>Yta7ppU>TwE-Gp(D>7z)N__|OCkm>okwo1&H_m@ zh!CS5M^=qV;>m_D=oanOdH|~xBW0H%^hv5$UT4_x$+S|H<3xBN<0qFvG7taa^y21- zqZ(!RRuHrF%yd|9+hZfy#BSy!a+qR#tRnomATX&;yLLV4U$c4No%rBQoVD-Ve9D>{ zko25gyR9I)gt(Lj*X!S(yFSu?BwG9Te{uEwcHsseYhqxs=Gyt<3|FxDP`eu}MVc)B zA<`Lb4mcER?x_HN#iiFp+lmrX6(c=}34nnC46Kb1ySjpOn|NVQ#wz z zJmn7qK~~Ue22ClRTkp)un%0WRC&hJFJt+( z+*E^XroNvJ=_NDujoui1XR|!rh$rQ?$yEc;cq4aCiP=%S)I`HKIyHO~)8)uNAupx) z+d}5cCoqKpZ%s+GOBCM54*y=yAc@6KrN!5_+E!QYEtHUXiZ2oyYywBj14JZblv4ft zLwY{;`{eyhL}A5996f{=d7VVqT90rC7D!rCzO#a%+63*P5LczwntTnC>E( zUNBKUR}ib^ES%@zl8Y?lSlrA@QnEGCnmcPteotX>ZfTL{%Zld{+GVlD^C=d{RX`%O zg}4Tp-X~)S;fszz)tQJs@?*l~h-W}_bN(K`O6AJga;bX~IEy#}hKOUdb!Ar0qO{_B zd@iqN$7NO*HwBt5q(-yUPoxX885skN-9jHnZ#c4hL<&XRE0-7c@|FeL#`1yoiLqs4 zW>C-ZUgs5(;mJe|o6DJ>wU5wl57C_inKy^)?J(j-6Dowlf(!C)UQ2Nz{;?vt;Eq(@ z_w0guMGOgKoIOF%F_ybDeNY&u|z#tNr6PXtLW1ny@_RDqaG zN0`TB3MzC?yEpA=waD*(ee}m|_+K(C!$^tKy#4$9RS#+Do$R84c~qgp7iSYDlI*P8 z!L&C?Zb$JgultDmdD2UO4cU^ZWcOD)GXlBo6%Yn77^@N7=580VQTcGVyBlVv5E%#- z2zQ^==ph~4>8#9TyAvM>;I?LBeSfnnQ*JCPi>rR4dmHoq^Y0n8MccBv^?!ek{`yCF zL4GZVIskY}U(z#;77kZusjhGy-hL(3cJ8Z-ph8X>hw*5$z7V+Ko1syx^~xP^Ha)2cVogQhnp%sG%WXv z$WENMZ>}&mWp7B4?$6%plrD|!?s8fd&mIzgTHR9sC@WTz89iDZ_Mp3p@hv8rG-39v zrI>GYnI>pt@m2u!lJ>MGztqc>LwAc7URi`EmFO#1T7hnu3#pPC0LD~^tOi6MAj4rg zKh4(Ic|1husW9lcHG2D0O|;fp@<{sbE+zhDnSE9IJVwLhOV9VLn5WaP(8h(5FZMy_?j)=W5BdMz}GPr-?VKG(;#KC>fzi z`flY?zefettCI}M;#Es)Ny=+ZJEz%_i~N~5!^{PwYJy{P)68UGHK(S@#37-H+qOj} zP-)k1U<0W#VpIG0dE=jM4jtRGq89e~Q?scP&F{`jG>7U2h??1I;Xn{wu>3Po_<&v! zfBXHW$pll=3~5;dq_eI?aSn1QMYrft82GA#Qc#pmxtC56$N+ z7^39=XlDA?qkXr*FWHHU&g=G=;fg^JY?NJpqK2I^xea1w29%@tva;}Nfy-!^v-2}= zr~;+qnL$@@f5Js)j-qX)@ZEPq3gy}` zuZSe{F2_?M4(?!WmaKwMUU8&lJm{DCp$>2zaOv28B(^H0x_sc7Oi(7)uSF+0e{qI= z7Vu*j{#Zt7XL&=`>~Sk$NQA^3qq*1G%HW;bkA~Y~jGnGfYMbxNC{IS1k0dO#WKRKk zmBwb2zJnwswJmk}0)p(=zE0=MlS=Ao`0HgZ?IUJf=tTIcoZSzt)jM9{+WENS_gTxw zBSB@S19@5!KlM_gi$DFT{dC{^?|(UCT^`sB6$mPJVM!l;CCc{a^K@)6P5ULv2508_ ztySR+i{J-;2u}ZA>VFAtqj8k?coRIJtB9AQRxX7mqqHGWex>-2fqA8R0L~`t474-@ zSisNJ{M(E(>rumg+Aj{r)Q-xX`%`Js`{(2UlelSWdk%k{nqruH;K#ud&LSm7YsjD$ zE;S{mUWQK<*!-52m5~cmwO)JUo1lZ7KDjs1Frx|m<&XdN-64%$eDe4NS)P(>5!|w){hGk05S%h zJj&IF8ew{J5r41s9Agup0#LH%87^Sn8kY5mO63Y~+~EzgIhi;v+ejKL8~ZA<yySf9Br#zu0^4u%^;=eHh2FD+~iDolyh?1fAQa4JEXIfHP7A zDbhPAC6rJEq?afiLWq=rw9o^D5+HO4e#_aj-Lv;M=lae$-#Pnt{r0u_gRGV7Ezf$^ zyWXt#d7t~fk1UE$^3!&SQ=7jpfOC?@R9UxtQunenc3>ZJExo9tQf)D)!`VT1Hub`#8sJ z4@qHkX<6PNmmMJd2w)J~7u@A%v0=@>=)%+TO@IDo`_}`S)O!3$URgmV;)X=8mx4G) zgpr{L5&oHR`j-RIg7Qw*SbV@6m1y}Ou_2Hyut8aq%*KGqc9PFc+A)l`SqMGWtg$FN zE9+CQ&S`9uck;)!&*aQD`nZfbu6%D=?GaHrS>u-QO44o0fg1=;DyiCO>VviH(PC8( zfmn+5#Wu^QKyWfzH6&SJq8W-bbU+}%dct5)S|EZF+}^&e0nl!1-)@y3Uz@DH-&9b# z2)dQiI^1B8sup5#MH+lwBEa2?K6t~R!jYO@^U8yrtu*+owy`imo3T}q+xGUmxPaKk z#x0NGq4<#kN359HVp`EDD*(&nSW$HG+RO6se7+2h#kmlCP%mm$Dv-01{DX7$IT&L7 z(s<%1nBI0Z%jlIj?mD+y1Yd=QqSmFi;l)qOssVP7aR%KeKV5@Y%s6?Jw!3DL9$NuM zr}nx{YITad8GOBF&nqxENt|3*Z-mTwJs>d2CWx z);OzXdt9WLJ!ar@=|ZG?C13yGZar<-IV0P;QMG%z*nFY8mUow1LE~5<>Zczw0DOM6 z^3Il!Kzu}{2}%r)fobCXJ%i3G1Q|j$rBPRs*fTv{C|M?L&0e4Jr_y@r`3QUAKMz`^7?SEK6tlJRSTV>R|Jw{2B(bW(FV zvpU|#MoxZjl6$vub6D5DKW}S7rdU&q+zDK`buLW0q|=*XR5Imd+Gi+*1M5Zh9iU*P ztg+pDu0B4n2U7w!gc{Q;63`1`ck}CVFt5av03=FuzSt0ur92M?Yl(yPF<=dxsHhGr z&EMjKRR7-E`oDW?>u(RzfBEQN^Hs(>pZ~nw__}zMU3i#Brd6z-bNslAL1IkVc!d!3>kByKuXjMkdTj3aB2A8$`!5RP%=TAJ5e*ll^>)bu=zWVb{qvM5cA>qRm zJPLj$l0Dhw{^2=-f+))<=_lbAgX@JHKQ(m`toz>4u6PgAyf(Kc3pWRDpJfCIj{mZKr7zG5dT;#v^Z$ddaWKKJ8yROM zVww)C$p=IrPN@AgPPhuh358(Th(Z%@RbXqp&qn9qNqc!Q!NfZzYeQK>80iu2ogK8L zWeiW*h1H(x73W&=-@4+s6u@BoZERmyfDi1)Uha~8oU<2^*)^Y#Wow;c2W&}!nC>m&FwsKt$qsF@*z8IRJAB5S6O^07#Q6C6%?wH44K#9N+mzs^{(@w zwK;i5cpfjlirLD4;Wh0v@I#^2ti%=YV0Do=n72q?C#N!3#h84$PNCF43@{+-9tt3LsW*@3jBuJ6iLg@36ImsR5FU9Kg7b{3M)y^sU zKA03dwf{nO6@7g3hzGncVO>AE$R2A3^^5k>Ic#1;{m9u$J?leOIk2-BqZyDXudib3 zN8S0me%OETxq?blXcIZ@4h+WyU{W@`4ps6DO|o(`^#fhuuI(>3U(}hM44g70?>*Yl zLT)&B!OD9h0nvy;sX)LCH|St?utbEM-C(q) zD|v$nMYlUt9Ms--xB7AcXsHQKF$qd0zs0BOai?;{{zcIQlavTT$EuH2Dw6e9Q7za+ zY8G&^loo5B)1m2zft9GlhDj=69O2MKT_eoc@ZqTcfBfCNEb1EdDtPc>gHtX=r`~z- z_9%4rn!;kpYqN8CzlPt9C>qz}E>t|b%~Nuh($Inl z(b2JP2~Ti56wB1LW<=ZF+m$&%)c)~4guDK?+#K_`tQMpqQ+R^ko(`v-z2Me(n0q2B zv=+9UX*f9+y=0N#r{q;nl*XwL_LEK?$6S;RnZ|I;rUuz4{BsALx~bW@@v5D;0TfZ}gy7Gya!BdqmbS9;dv{2t zqYEZiU8uV-@ymeFde(Wqk;RilzR+)5C>-)Fu55;tORBp7j3n8WByY9>Wac?hKSSw+xrw?^maxqjfXlQw zRVZbHR+N_z)?bdCt8bUyKG|;#k5`##V{SpFs8piK)6_iTa%+AQ-?mTY{ts-Q03N#H zjXg4G^-IcC*X)&uqv3Ng(Hf8O9pu(ZhJU)9=3DeJfAqGJQGv@jPNoKiL8uV`dJyZz zusiH~YA)dR14+(9Wql^8oyB~MwT7>>Evo1kyp0Vb%{Y7wyEH{a0Di;*9Ulc~IHKRX zucKtcoZJ1B??g{jY(8=i`F^TOR0;=$Bt9>Fw2{@H(yX#OsV-KZ)29;c&S`AStG9hl zyrdEGt5#{q^;DUoa5R%mlA|%Q&fH!Z8lq-yBWWJej$zS>a3%(=rPeQW!d*1>_$j25 zgO@R#$uUj#l*~!vNoJDcq)ZAv>T`i(Va~8p^FtghIs|TnyxQKyB`j@RW?C0XB8C81YUX`5~}}15mFP06VD{AN~;fxjnB>(OM2& znA4cp(daI2S_~|Pgi})&UcQVrO3kvjk<^~366Z`OSR0h;$k{uGiE`)dGn`_E)Y_8b zAJQo~vLzpPc)t}}!QNfbT7APTblbaojz?)!D&&p*u|dh`ddWiI-emg_-DzUKv2|4_ zP6wASdLa2pJ(?AqZX8{da9G<=-KRnDy3C)mtFKKev1!5_rvRD|n$u2WWvQL%gV_GG z9o}C&du}nPn+N9)1op<9>3r0<=%iC#Ahzvh7#AG*l1r-w(E4()JRjaWXM>pGt8A1= z)Ap4_8{?VM;c3U_>g?+J*7RSf`iY|otr^0LFT>tVUR{oFW&d7JIp}^bI2(UZaJib5 zfaz=3=t_G<-y!VEud&^=rQgwm@P?Yz_cv7)-(LRqzyk;5?-!B&4s|pmXI?2hE(M?Y zWNfnH*V+)=gTmY@Qeri4Mx<3Tco30I@FB7hX#4okbcR_Nq*hEkt6CV#9 zaHNM(Zl^EI0%5O-pa60iO#3C0W$*FHWFS4l zg%z6)%kI<{@sdBDOO-e(G0tcOApthlG)9~>{nrqh7Ub-cLR^>(`}R2lZP^_lH}uc{ zE}oEZU#LRL_ohylUrrBRInF&Y+_h<6&ZGd*stZSR*^`h1a3QMW#1$VkXT1}23NJd! zj8XDR9c(;SP}+6IzO9TE=Ki7S&st9j-C&Q4yte<{>`7h2MTHKIf`*u4omB&Ts@o%C zxymj}7Rt*%?7qvBKdbx?-(9ry7?*kAnY)T|T@p^XzecU3U2U5U3Odx@@fs}rk@644 z|MyP+shohoWjJ84`yE^Xa@dzZeh%km1Yea|kY|P?O)q77bd5T;J?O1Wa&y5(o9(9m zs*v*jf**5sQ+RZCv!Ne$@^Hs$@M^P^pZVXpLq$6&{E{6 zNt-NI8kVT=EPcgvzZcJS;WK9%^DtILdz z7_i?V3A#flobX0vZYbNb836QLNXzlSw?b|rF60Ajc2Ig3xbJr~r97E1ik&asGhLDY z8bvInEcG=5QN*_{W4D2@pm40p?4uuBkf|=?fG8x>z0T5JuJM2`R2|X|1Z!OXWH8p5FVjr}QfmTS1)rxscf87*zib zRu8pYiU?A&ATW<2ZJVzxz1ipL8o%=iyOT<}xBI(28rB_Qm z(buL1x>m~{>~~CK${YF*D9o6k@3K|YdoS)WvFiyhJe#aptdHHrf!Zu`KG}HL{OrJt zH7c&i?P&A1@idoN;0vrP6^R(T_s#g~%@d zwFH`$vpZTve|f!^4T$N=?Rn89%Y1nA=_$({j%OE^Gxh%Ry6An(5u*}+A=+Df`(ee2 z#1r`gU}aJ8mzBl(o&tLeHx28W(?W>#f%BVyO<+Nw{g(y7#9APTUE`-V^!a)hbPVUR zfxjP0sr>OsH&#R@D++9_pZLCaw8B$2vAxgG{9<1TU7AR%ONQW8Z&=KIKe|Pjk(rRM zHIPACpV6szt=KNZEms&5sVtz`j!ZBN;;j&t(t)M96F-HzOO1CBkL%8k2M!3$DeW%x z#A4a~R06zK@dwq1)xn{Yq+BD58SpYuF*$L5J>F92>7E4nXt+Y;=th9S(y0aN5TR7& z8%wEo!Y3Rp4jW$b9wj-SSf7l~Pq+JPH(iF$;7ch*srwyR6<%%Y!^;Z4aJZXtfO>x$ zigFqvuH@L)L2MiS``KCBD+*(9SO1BfA70%65=hDqVEaZolV{gIEGKWx9g;JY_oYY%ea zO{U5I3LY7Q<$cZaLD%kQ3w}k4RENo16t)4_kyG;0*DOW7-{bcQvM-X+!ufPV+W8zofA zUCqmb9!yQ*D-sbAq{VfYc5rmxtZZ@X^G^F)>XVAN?rhWg#M16Sm>(Ws)HlUDgd zTkaXelo8V~B$AWKMDw;3M1P8!7rL>twg?5UgUsQw;GRgnY)WGPGej59jN_)NmSy9zB0puZnu#nS zw0dU>xLUJB-DqLAW7B?!w2id9mTjUw>J`A;+$<{WF>D<EOjHy|}6FDLFpd%)k? zBCrTTwu5Lmiwx?>9Zs4kGaBm62n9iv&*Y7c@#N1;1s^VZ| z$*TOiLuRqvGu0gSfUO&Q78_-O#pDb@{MC_6Z}${5WWCd|Ulap~4w)f#i#f~9nlQew zz6xAy?a!-cIW!tdozF8}P6-}*D6RpwuzWgy^J3R8^o3s1g|)g(Ht!<+&t7^fBxBzy z9Ev}DJ;%KY$+?BxeOeDve~(ev$#sl5dJJxv`p!>n!v#EvUf%O6387QyTp4@iQ?Y7k zMY6~AgCd(|aVZ(XRVJwGHj~eaUrwiN98?agiF{OrB6S<@&ulKu4W);Ge;zT)18dn- z0rceqOUgV>y+mVgKj9vWDnFhrenfe_NTh#H8|8R%BGClDe#2mJwcu(%Z2~HJDTDLS z#8a70E>>=6xZ^=;Sq>G|Ic*ms$;@TK)sj`^rABt;K*4JQ#petf2z<^-au;u^+pj#u zR@%cPTnHaJ`ye8zYTjfYm+{q@fYpe1n2)lz|56^v#EM8VdOc8-QHW z^$n%AySUlFcczES%PEP^ZP1>#ec=PU z@&X>3%<_iGMP`6r+R>ftV@34r(pp0+65hf`5)|8ZS$yAUN_p9DS41FcA72+mhdk+x zzCN&#dG9JqU6)jU=wJ)}@gr0SRCPnP1-|zvQiqvh2Z64um0Z_t!Jk(#{{WWw_hRDTi;4eTf^lHN|0gXb&MUc(?6??Ot^PRJ zC6RC3tu|h1Pd@<-j$ai{9}OSk)y%W+R}ox--R-}gNI%<}buZX1MvOO@U%`&XXd1dj z3YJi?jnqs5rGOv-ja@B2e5ND`OZ>d|^KRxIiT&V__1@F=u@_@6Mtmlk{AaJlj9Js! z(fo6&hKll6ht)DbE8O%ET8>fP$R{NVsq`~(dZ404qt&7~HQGozE&g)J^8m=M?{eK6 zAvzzDmUrgKyVL-y6S}^%*uRIvM$+)3$6cC1Zj3z5y>EWFK4k$=^AKDc_6$dSZZ;k~ zI++HY$Xa;3hpe3WJ>O(VFnkwS^QUJe!1P@jEr1kkk!a-QB^~g)b%iGYa985+1cF5Y z@j-%F0rAPkc^3{i*=cDD2LOAszXE$lPRRuGrEG>LHEVIt_S;grb2s0H1KAWc>l~oT z$P{aX#UKBQ6%i)>XRsm+vN2t}a=l$Lvi_TZSc~WS0V?)*psE|)HNE5qDVp9f7*fb7 zCtq{IRpLX*pZw$I*XivcM;fOoe!p_g8CCr)lY-G}`U};%f|JwMtq$@+*ZGa*`Q6bs z$8#jY=oI8xV3Zx|7wz2q#qa&E#{2|~YY8lZ}iRjXiPKN>aq`7bL zzD#?!s?|?7oTNnQI;{=RlQ94w?dYt~&Wd9v=ncQ>7*3%zQtiwr_@u?+G&>*kcZJ&4 zOY6*tBXW_bs;p~X7U;zLKIMIC9-N^c7XZi7o5PYe1H~LumztV{Qr+s?| z^UVRl(D#&lo!IPbJq~nM_e0=S05PbsOF4G;QWsKOu3gb? z%y*FRJjUsPCp`N!hN9`B^yE_7wZXwt`^RCs49!=-2gmYrcRz->Q)=xU2*Yh8`!O~X zg4%rA;@R7_=>r(e5`lEJrnZLs6r1xss%^&Lx&`pWZLS$jiNhI=$1Y>D5=(YIFykHw zSsHni+1CfQu69;p_>3NpfYg}gc;`6dM1w7Zy9A|XaX#gqu!hrIWtf0Bj$Y61PHSn2 zdjt~6{y0lp{HmmX3a(E+@mIs zF+@Yr7+hTq&h3q{HBh@If7o4v>84CV4Cty0dSG*%5~%O=^W*M;F-B!$h)Ah>!SB*s z3lKYfv!RY_##meN$P$fHHiMGM9L{o3xv-?nNx}rOW3g3A$Zg4_Rttwr_0N1+T$s(m zd~e&1@hVO^eAh6?q~{8qe#*n$c7{<3gE%e5E7x$Z`cphpTq1EVVC%k*VU^$llSYG^ zxuetmlZSlj=cI&zSNc~|*G?uWl zR7xiFZN4Kj7(Y~KT!w>TV#K~soiFT6-9i|=_a4OpPvvSzs-FWIyf(rOrNMxO|g#H>7Dz(HW19S!FT~JMj`}Iv;`oH5(YytcU?koNTSh;2$=!n>#Fj^bp zU>Em{fJC!)LP2JXNdS*+80x@XnpOKhU^J-0%&>9$g>JXNcaP8JZE-A16p$Q_-;K#} z9AO5U54GPGUGY^G>7-L>o-2N9?)>=~)h>eFy}fTagX=^di0QlBwHB_aee|l~ zbYpE{_bzN)-^0?(qH};_*)+rb<%#iDv<7dQ^!SaSgR>2d6XHZ>F+GG+wa2;%LRP6~ z=~Sf8l2-I!kC58wU5r@RzU@-bY%oL7`jq>$L-GY=_j>o^YDWz60UvlBx_R(JjQ8Hr ztK!;64^(Gwv(;px&(R0lYQpF5T3(WEG?{(lYHm@xyg!GmV8l6=i+ab*>O@O0=EMU#;<>84jCW*m5dqi`a{6|*J6V$0X_uAbKJMAFD-_9<@;Z;L>G&8F13H| zpO1K*by>ODavb*(d+w)tCo|cr*kq zwB-;_1ZR^rt!4H$mW@_2-1j;k@%pp6b+L~*mbi~a`W>hkvw4$L()9h_8=7dmUjgbu9q6>TFokmR*<1)6SSgpXOLu=-8$^JN>ng8b$MujB<@pd zHd*>PVzaH!Va&vHJ17^RA2>L$1{tKuNDjX8iZ|DkwOlDsgF}+QC9(m%!f8*}gXy8O zafJdrhIh9ycl}ZrGFS1&xtFknciEJDo#P6rx^+*RWwPC(r2S;+cv?}0wbRYyVriKj zoZ^taH#avA@-i{}`8&;OIr`drWn6Ex?+$5ST27hk&)2?0h>T6M*XWE4wiFvsd)g^? zuxW|A-`ZTdD*dwc)K%OxDBruGWnFi@!SF(z>RWJa4zy;&W;MKvg&C?gJTK)j55<7& zw>eAJmDeZUD@m+BQL6H^ow@zOGf#;=e`!-sRoXUA)w?V6;=>CVAW1K?7-3gLL|YmG z8Gw%I(tf--7~x<&4JEO5uN=;cF-#>o-G8~;fBSzSg-5_-Li0o5yQ@Y=N{)rpzYb2T zk1%Z4*T|w3lVtOEAU8=SfuTQ$2DPLTvnY+r`R-ATa@n9wge-`4b0zWgYO!+mhm%Q# zm8-qdZ(qQ&z%ST6kge=|S0@;7Is3#n^ntZsM4f2}^sX^mMvXg)qOFFKSPC zHj!~E@;3e}Mf$ zm8HP)6M>)_(!Qed>1&HAjzJWXn@5oZWT7l8jMAUZE3}p>oeIqd?zqx%&5YjH-T0(gEy^xu|Z}qpc@7pEab`pMet-C?9*zxJX=^YAaI6ybXxMm0a zD+kz5p>T5d7&$3(*75nDRQ|`W9$iTq7`&3tVRjrO9hr0CXAiyr zlmBkp>>n%tkDjyNPd@@OpD*BClTWXaE89N!QJ(+D9aymh@Tg6NEK;1{Q;VYBZX7Ft zkcEk?=49pmglxk@g(QJMmvrTON%q(Oyp6M3(4ZDx{uRPAl}rveN3ae!ZS^>B{z;(W z#wqG&&uC7{rQzmv1#cFi7t=<5k|@qk!;}RLPYSVdByb6vd;PWTO55P(AKU&;#(yX1 z^3KvhbDZp8RfHPxDZ`cLw?87HMrCw*Wdhsa*H`n*S50ecWUDufi6yR*C8vot00)vy&1f80OIJ*^OVxPRE>Wr}_eD0hFr zsS(B(xz?&Ai%e;dkqlbnnw~kYuCF(~*N!qmGo;<8PGt2MzUz3y*Sf)wSmih+%yc|L zY%L}`yyZ?Cf@?;_I2rs~4X{3TOTW)UneHU7%fS7F zy@tiKN?2GxQ^!d~?TG(9lZ8xP|8;qmH(-cw;$`*3)nv(Q{navx^o4I7jNVHmI(2TC zXQU?}+_{8b6n*-&QrTC%E!kOON}vNzIqt_5Y(!_LVD0SNT&-^1sb#RPk`x>j8?R-s zl+yG9)+=FRH4<-&9gfTj8w<^HaCDd$xmj$8aFkw{6;~9>^OyP;xI~J%xY07B3rFP_ zDmK|J0Dw1iDsd15+P9dpAZ{EpZM>Ge=U0hBb|OJ%FN_66XU>12Y5~HKEb{&vs0I{n zYEN|PC+N?+wn2tb27c#h{@Bd3{iz_YAY|hjq~ZSLM`G`3IdjR*RSw%z8K0Qb-3v%QSivhC zZ)9&(Ew!v3BPnLn)}X=j1R4XwU0)pJ&Cka|TSHAj`%?<@5NyEczTr`0OQ(O{wLbQe za^hAo_Ws8`i}?cIFI1$4piXSoars91u1`SZ{$rLDkdXy$9-Q^di#1f2))pYg?D>T% zD*LbQV5taQ{)Lhd1x)Zay{{ zPnp1&zA~uNcfrox6H>`WMX=~!{BoiXZ1=cVz)Wi~7Hio}8)o0pE9P_K^mM)I8 zcAV;kBWn#94V82Naxlhr`A&b%gyHRKThRn1Z~hq0Qelv4bY2&KuajTd26DpNu2it( zf?2?mhP%x1VnWXRvF0L)d9INzPt9627y`b(9h;D>^qx|=)6k&$P*p~_#86Asq|TM8 z`T6VxIuBOxB+ z;^NEfkfJR5;Dcf8bhN`-r`*t07Z#<>4^&irS~DEb3yP?i8`z8uWwGSPq#{j!{2ogB z-P%OvPBQUy0?*88jChc3y_KO`2FyF4^X!Zg|s@EKHk z`kRNS)bi>|)iBq&bBTm$yJ}eSt@gd=HgYhoNutwcd?>0}!{gVpMF$s=RyX2jFj~Lv zGNdFm5uTZLi#HPTRnmRD?a3@Pfe1eyk9Le~C%|qX>&$uz0%wpq}foOTY)sNUBZ;+iJAqnvc}>XVH&r9a;YHtaW)kzbvwVP5~oE zzyLkL=u8+}o9~;r_=PIND~u<^Y~#eAtzWK|epA#9l7)9_)J~Y@X{G@eInRLCqHW$K zu{d|S6COdnP(^x$-FAmO<0X^}P3EHAa38cdz*txDsp9SQh1z0AoIu9qj;Oxm7nsUa zmDIj3R9ji^TBMp=^vQ zQK_%iBSyex$7{BPJl^jE6rD5M81GKDxoPrFIvu{pNnP-T3a_3U#X{oPO@%J98;>n7 zwy7>vXKd`kH6Ob^8!?rBT?$M_7oFvM`Dc-V3cN{xxuwTaZrE+3ev)AVWzWJZd5^?# z@W^uS@g@$%k%0EOvyH6^13+wCUt7_hwmmk=hHmW#OK{lITr(jbYSg;N2xwRNTt#tZ z94MLVtf8Dl*YWb3p>1n#fi8l8E`%4e?KYSK)ulHhnsUbiM<5eT0khY_#vZj9oSfq-hpud_Y8yVT0J9rI`X-#wOe zLvI^lgTagJ=)EfWsd>`ZOJrxRUD{5C&a)fsL1&W}s+@7O1%>E^rRJHC$7*}b-nk#NXZW2i-3|Fc`=clIo* zQvnD00uFitI7k6-5F_BAf0fIBvmHtf(6c=W^0HR%EwwFo!s}Px+0853gGtcn+vF7S ziQIkYD;W) zF(P_gPh;f!K;gL=i^i*wKR(zsf1DL5t00Fyj$Q59aM;+On zm^2?(hS9f_3fwO0)G-Na5VtK~C;Gqe5HMfL$R9`8XQ3P#4MbI}UZv~zVYd?$75P9r z)oCtWKRYC$RNO_2H63#U!MtS<=wjXmV@sY_?j+ja zpKaYoC?zB5c?4%I2`JdF7;-7n%Ap#dSW@ib(Y4|!YhC`Bgo?xMPG;Fjz^)gf2lTD! zLi9%ixrGsSJeQ(3?HNT&{uu9dDoo7(|JR*@_k`Tcr zop>uexiW-3Ueh^V#!E0UXv*`*3zYNY12N-Do57M-cBQd#EL^eDwnXLDJtpE(vF0E?1PrA5=e%r7>D{R^%2Ch;*~b7h4&GHsB2hNR@}pg;l771X(k73SB& z-fwNkK4O{D%rZVZ_ugodP|2=g;m_!Iu*hUVPqXg(G_H*FFG8KkE6k9O&i*XMX6lX- z=ICs)P196!7~k|0!tS%)eYpn70{DEo4))|0slY@ws$LJ9yAt$$#hQzQmu!)$zu;R~ z!q@V5r{8@o|Ak7fydSd??V|qVK#8PP<3r=Vl&w72aw&OFqC{N1s1A0su#a@nE7j+x zN3*6})3UYYEq*bru6|yqdy+rGcQiR?;6c`oevZ43sJ-)G)9KWYwiFE{QU2EH`on>A z{zFAGU#Q#~d-9&q2(7u+IimF6Ejj8bJi^<_h0~mN_nvIxH;#x3mzq~b4nULaTfk4y zS+qaP>X2>mOIWo~;l-dD(^qqmWp}vcH?v4#l)2xU z5gl?U&erdI^K7hAGU5Rl?SH&l^o)DIK#mRA3TiS|_)v-O^m7r{Bc=?~q)RAoJ(h>N z1_gKt1><*?UbJxRzfw84Zt@wci6{=xWB!F~*Nx}BfED;=u20+Pmi_Oxy#G^MvZxP& z@B$n&My}Q%iL|0!4aW+5 z{fj?bv+V2_D&O}(zt}cM?uUO(H$pB@n{01sm?JX0WDkJ-FiTalHn zsegnJKTE*GHtEu2nM_Zcsn1F_OV9kedjS-XYk8f;5z469=GGfhAuUT8)dnK{9zBXS~JHArj1aU0Q zaBp*TTS{{9VLD}S6xs@6+0XS&AN^a4M@_p7$TT|QPr$gF| z793{#yU=V;qq;dPk!`{-0v@e_qzpdRiSvUE$!*4ay-q$rxh+mq}N z$x-}ImOPaMZ@*C8PJhuyI67{>dV9}UOkpA34W2P=;rmN)7Fs#%Bo0a=n!ZZ<;a>ch zJs>k0r}>cp3kaAy|Koq5Q^n(-aGys>tN3OOUE8AS#+F6oP*SEiZKi=Z-_U3jeJX=( zqCP^WVX#vKb5ZlIb>+Qr9lx0Gwj=|0mK>(hmy$<>KFakJF}Oefwt%Oiy7*zcsTnab zGea?De$I?DJche|C`|_Uny&DK3#I4Hy_ZeJMoC`D}m+K zqG&b?w5DGjax}BZMK%TeRg%d?^oS3j9Uf^m5m}*s z*JjUznSG%;9onlw{dm_xUc(K#5v^e6N7EvB>Jl*G)3rR}bU=S3WBx?tUH3K>)df-L z0Isg=GFwYTPpxtNQ-sc-TS=8h+~r~Xn;!9mB&`k+2aP7~$eWnRpWFzpohAY>QGJae zXhdRNk0M_ogN_i6-ZmK|r0zmZj+yOZUlZS)pbbf=na>Z>(>J@#?Wg&`$g#tCoR zOCgPlPTx-;B7StIANTO+{89C8qa`5o(|Owcs74DM^I#TRp9dlBpe*^97fA_#&_u{nZIrknTu1AS4(f z$(NI|NERCsrKP3AU?R!zqEu_K@$%r`Z^W5p>mJa^sapRL9OGxuD?XlyV-t|;+Pw;P zGcc1b)K9ZI2@dK1$nqTo*`YfB_?^>r(*ZW2n~^G@fbNKj-M0PelN;wSi=`XL0AaeP0`VwuwuHi zS+Xy-;<;?saR^&7jH7cP$VyIaxfrrwz%Kv0B*`LBj(tzsp(WT``xg{&gHv{iFDDOr(0_{8{|xMpkq2|ELVKUu4ssc6a z8RNVx&4gLN1Dbll&RVpQ+a5XnTki4x@0)`_2-~8bV+)~-X2(pVm&V#eJ(zwTR4JTs zOE`lwxo~aA$Ht*E@W!P*HG=b4iOu?DW`+X=@kmzN%cP72bZ6tcI$ z$NX7N4SMSQ&a=ZFC~+yxzDD~`gguVaYR*1Fs+gOrr{fY*8gr-?5cLX{rv+#ZF?KKq zDJ(ec8A^mMYx45a&x)%Ec=LL9*-k5kIZVu`BcP^~VOp`d z7gZYN+GhL1=HyTxya|EwJ`DqFPJu&m$|qUrlTd$AB1@WBR1L>5_8$3!>C=fy%$bSQ zgG2nPN<|Tf+c)YEBw07PXIJnJo2Ol46xNnW(+;;dGm-q4BBjTg?krosnaAEHA1gm* z$3g9>Ks*1zd-3$Qo*?5+FQ>y1`^=P-J*J)TJ@mZ;*xQ2`_OrD@TfbQ>KV+(WqA6K7 zy4LlFE_^rH>Vsl3H{Sa*?WN60&N(!9qU=DS0k;Aw`{Y@d139~%ucJ?%k-Tz0W8aU` zqUba?#E*s7L|5q6lPouv9&NG9U4UB5FZq|UcLpHpq7Kqr-OI;fEVCbHJ6F+!$#A^f znvwPRLd79FWxpr7F5d3iKI9)2*yn%sNb%S<<(c$f9P#^AW;>K|26CrQI_+71h79sd z-2IC`eW@o=UBGPuMgEIdd+UPUXH>7Zg7*^_g|TgGv~4vrI7m9j>g z+et)d@jOJvmibEOjfsuLM!s|V6?{k1%x_Bd4(4u!gSP76wldr*uc)9})jxU_D!Aq9 z^_jv1fpF1<7?xRU7P~D)m2f*DDa^NuqRVJ|M;o`=DFc%%bVm^3+Cq%fKvH#x53wuF zF2m{$B8YuqNMlx517~=b7EGiydF)NZGU_QD%RYNQ@VVHo zc)mzq`{tw8$|U#F~6T7hFj(B7yU0+~YA6s9*xX=CQLW{4;K0ih$q z@eQHlBKTiH=zRMf_{W1YgiC0Hy&*S_lC#$XV~vZy>w3RZkiq2s^O~k)XAFRKK$!OuCNLn-$Z;Xd7iVbP@=A=19Aa32d1;53%Hm&aGk>()v zRGUS`^$K)CH?b;HQs>i>Wv*wfm0Q=%#0}3wts?U;RIVj@l%lMS>O*KiO`_PCBtz@R z&%G{Ht+W#ky4E$Upp5D5z`~va*uJs#u>$Yp%65v^)`dV$R&moWRNm!i@YS7og!C*m z`^Ao-z~hTBm&=Oq%&=5I9*ta&&}_y`sV)s|1EALUg5GDxlZw*~ka$BZInWp-pj$O~ zK4~ekN$zX}g0lAmVQko!EK4K$h01OTrqLkD?^%$o)k8j2%jSIn3umFwN;xryNiHI{ zaeT~@gBgR$!b5oONMD_$F;Dy5ABYo7o*VK@eI6_I@{8IDAIifs9)vH9c(Ic#l9p}{ zgvMLfLNm8GbbtgM%^Rh_Mv-0?eje&MADtSvp?|31SeMx@PjNKEqXc@na++^K z{wlW-5UUtt2vGDFh(Wmt`&C?%h1(en?vGw(9t}4(2bu(NhwntOHG0m6&G!RhTI}H? zU#Jd>&}15z>?qJKTubP(sWJ(lKef6&9T?|w>nP*iey|_M=Uf6i!KeIdYcbynjK3a` zi1mK-g$mb318X|_}1lcLjm#^;7i>C%U!aX$ym_Vp9B*@lDAdxxI3{?kp(3WS??0=yrqRu9PL|;;=%6 zN*@SKGFPwHS!AcLi<)j$Zya6BiZi?A_tjFz-z;6+{|8I4e`8pj1yyVAO z1y@0{%wcrvh)vZP=T!TDCZ8W~hZz&P-mKzp++h)BncQ*6ep%fx;i|+2kt*tTxL4qH83nPf8#Vf2W)1ntlMdfjHT6|$l)D-*>%+|+Eh40&aiD{ zzY6Y?^vcueaBalnm8htqSv}YvV360-8t!MDWjuJjZoMY+cUf(JT?qvK`U#eqX4zvzJ%%pKu-hNuB?luP(giK1Ch=vTFh$I9@zkd$-As`uRWZi7|9q zb+FbF9%PL7fon`=gTit550u^wWmVSGy5avQKar2aRoRXn}T22ZgxF+ zxg(Fs&u!=L2|J>*C>*WL(x*Z;(K{t`aSci59?o1jeCGpk+~+njsCn@IE+5OW`S#nP z4ZgEDQX}Zs{vxpQwv1gv3EqI#bHwYnO-$9h+vMDfioB70Br6kBcICbOG=Zr7O~#LF z>P|1Z@p!UQMawBbY!~k024|VT+t)}=f3Ut#Ay7uc>FW>SquJD}C z(?I~2UVBZQT+}*A%!GwBBmClX(&&ZQ=4Qex>wuH<_xyhxpV^kIZ5nWPMFCuT|M@Pj zdW{s(6f#6qpD#=(94<`c8IFh$xsx_{`zUS206LgxgUIBv)oc}g_*>5Y%^KRzK#=X< zd>8)8krsLF(s$+0mgwsraa6h`LSJ#z?tAM|~_bC8hA=KMx;7502w=KQ0wvP_J% zA5r|$QmqgB+~)D}^{{PuZL+_87c$6^5U>Rs=*30j4`+UVVCd8r+=8Tyw@*|)n2{DA zUf#ixK|trt-upsMT3`p)PuHCzx0?b=Gq_e~JMnG}N#ZdNNu_tcP;~<&3$ooU zqdzLVTle3{HfbQIgQOe)OGWAajuwpTU!NB2T$U@%`In z>`ae9qe#60*B<|3l_42V4jIJvbw~g-zIBGd#dk*H#%Z0jUBo8Yqf5c2{rJR31rGz; zZqVF#z|LwZbR`5pVU(+U+I0z%WMX6QKp&;y+ZRyy5S&G?2H9rtE*HE! z=!!_xjw6OVtV5>TIE7bAv{62M#I*rUuq8T_miN4a1q>H%y>H}8RLdFSoVuj(qFtDB z%jeQlvBbBR7!sK$>K9#g8b_6$dfz?}NKvsF)Jjj~Y>kYaqQ10p6xiwS#}_#Qy_Zs@ zC2W_v3YJSWO<9Gf$;30L@Ugi9EZzbp1`|V)w<0QyE_LznBu@k*P_F3&CAj>xFfTTF^s3;h$ zK?dk}`}(j3cJ4`kkxWen_sth%{t|V-@j}M$#IlENY5aTN`6aTZC{E~z#ld~RNT2lve;T#w{=F04W=% z!JZO<`}NCHJF+E6Nu}J7G#~4L@tuOE?=2)fM*`)u4)t?ewOn3j35RyK(uT1S5$P~7 zG5`;SwnR@jNKM5+JEl7+6-Ik`B08q ztM$hCORvn}wBye~4w;9KKgfFF>-TJC42gRtjdsl$JDZLLJ-=3+L^%e`ur-iOk44=0 zcl`yXs?7WS{?HxuluubesuaUfbJE6GIRqrfT(tdj37}SNob7u7+BhoTmvNb5j`ndL zt;))}rhjfbc6`o+PigtrKG0 zF_CFXz{{vss{G>?ftT{RtqNa^J$wpsCNnmmr)y1y-c^hX6Bo(IV6L-k+oc%FPF|BusFej)B|UfR2&bsse0j;MHT1o!J%NKel~_4RoXs z;s-l1?_pap>frLadpYC-9c+L{jXk}o;I8>*8iSGCYVPH4b$&57IrXY^O=4I%RMow+ z5DhW^#Wx-02YXLi3`Vcsn8~skj;QE~v-dvlKF`_b+~4os``r7Sv-u-g$(n1dIm4Q3 z&Nb#3pRfGuJAX+yPxJmm>~?xL50du>W0OAF$Iw7J3KNwrGbV!jetf12k7E@ZdKx zDjX~=-ay9PG*8DI)N;251sVio|E=aBzh?y9E%B;~5_Eu1he#q`wz%|#yS!rai%&FySsaoQAf<<>rfYMwq2kROGK;%TVy6_rOoCjj<2L?eWEX2YEcz6m zo`R}QX5YMVoSX2^3Y^}(hbupAde|0UzuzzWKm`(34vcOiW*a~J zaU_qy=P@JCivNIA@#@P2uDtzAEz|`QzMbNndbS>30JVUx^9~1|2!evQGIr^G2j{c4 zkNSU_oK#ncbZ_m~xTlszGWfTy8;;7|Xs)XKjqH)dDe>`%>Fe{hYGQq`>qejR?tB5s z?*E2(byyYtwAE6Ohtd9sUXi^IAI$V4u)7nf^HyeUw*_#dDz<@bnExZm$CpPMRZLP9 zc@XNIzRY?8RI3d-CMEfp_hfR8*b=Uqk4JEAAQ6Xv?AtV3 z*S_k7K^{ssmqxAJT_HhMDLB+0hTn8NMp-iV2=)g_W{m8VZ@A@emXR)z+nlVQ4sHj@ zZBiulV*fr_i760Vo{9dlg~P_U9wCIMB*4;Ch%q05BwMY_7*n(-f|>RaaLAHJF$=1IaWP z_gR<^`^q(?l)A>&Lg16FRvcCwLT#k9)SLcWaf%;!+YbB5jboil4D7U>8$3#{I#lMP zV;G-$kXy1@=<~R8n!`=tnrtlO84X6Z%PDsw>?f|jpjmss0nT1pWXU%~Tk|rhSf|*R z0(4^m*mJP1$b>~BLl=suk)sc9q%W>3!CN$={JG=XbHB7kac}4$g=%w?p;4pbD4ej{6w zm+g5n-*TFKIOp>?fb%SL_2F>K{KR)BP3XS!zf>DTSa)0gjg0qPa!}@bMsN4|&BIdR zW6&A@K!`@u#z6N(a@f!Ruz~+8JO69?W^NO69qn~!FwE(0CIRm-qh}XmFcdz_k*~TB za2)X}uxbr*F-!HrvQi0~_H>(q2zY*SVi#K(sRxs_GQtYS03mSX^P|e8P^!1Bchpgc zGhO5G9s3{W+!rF4)6D?Kh1J)V`x8!eE?t)suP@$Hcf5niVm-{idN;tu$6y^Y@-Y3W z($?#nk9H^5OR-`_^5Q}93!mwpuT^6$5KdYl&PNa1A3X^lc0#o1jb@)tY|BSIv%L2I z<+R?sXxH`IGx8y8ZDakWeE5wqCobF++Ep*j{&uFMF>usW}$i2wKJ5j>Hg56oqIS5TQ8Z%*^nyo@`IOysNsY4-9f;VpU6MN=T^j_yo=-7HeY zeY8LW;2W*ZSNteHs*4Vv;_#|t!5m#gn7dP*8LEupU-y@jKAQrl3+d^aQK{?o4(q9l zSqfo*t_`aQNHl(EsN@WP_bn^yMZxH!WAmXkF8{@G`s&h!qetvCKT`^ZI$ zAW|T~<(|O%-lyMZN`H*a@a}fjB~G6$T?_JWv=gMcgg5DEKE$1qr|h#XbKpZ1o7XG~ z<$6v6zF^fWeWe*)^#SS_Jf2pC%9|}o0ZHpbKoCy(Z(DMEl=9t~+qubw}=x>!a zONG9(ZTfihslg(lwBBGX-iy8N*xx$oP;YT;cvEacxD z=;4dUGrEq9#O3|scwCPRs*DS=Z&){QG;(4$?fr5kgp&Xtl>x9W2p;I zFA_s}?iv&x?3)u#7Nu5&@p*0XxSg!8=mRGkdlFjJd0x=sw)oEbk@AuN+F+pl`LmXz zS%v-DgtJJeIq&0{v5bkeHWd=)<9|b3l_qfND5BL|PqKeoI7T&d@>u5c0XW{cfDAOe z7E-*O;xtwaYI7aiY5K9L=VPY7qOB)-z9!MDv_F*QezZr@J^rhHNkgdrHj$)XQf%mj zJC2bFOD6?M1{2(v0Aib6L7ncO(lkY%`UG20_p$V+l5pT^5c#Wg*gex$xfBwH#zP9e zVm&&iJYh*ZXVg%-PhdO@9H-_?LjXGdejq$b&m?xMtp9T=HAl7lK}exY}W4HfrAq3SM1qNhm&0<=DOEyVueBVGu%PViynqrs?6R zkK(3>vWnWpl%6xWC+D!HbQj{PHpBt!up12|xd~@1 z3Ps9D&ncnyU02mj?HwoHnNZa>8gtb{HWcFBGZmMLE3-{TMw1zYqb*9CKn6&?yRKO@ zliZxb8DjS8-1a(J3st%$vht;wqSj4@KP6}GFR0}c&fOdY{Ri)(1!x@>8^L~7lMM%Y zdUGR%Rzo=!6=tYD3hpb*Ho3Y82oFYD_{zxdo%L?yXvdNILi%^mXH%0R37%18hT$-y zzU!2i&^iP)o22boHNIaMdxO)g1VsV9y=iT2#UT9CgP*_Q7$9{P(4?J44&Qj4o_|-5 zKgsXII|;mN^ALyL7*aRH*Q3W_p}l-4wL>a)0}?<%l6#~V=xL`4Iod3hY2K_fQyDD{ zeuP_a9D;jt&CoB$)0MELu&|zMe5k0VM9qwUIgoXXI@V;v6$mS8S2)rp^EcRydKu&y z?TviVT7m2GQz%e`%PG*PcsQbx^k5d@#5%Hw&6Q-_K~h2(vcPU?wT^Rpe{xgRc2V+*1`suBkKeBu81aXcP6ztREu*sWsMNVK!sQ2dm-U9wTplor8F{ z#P6O28y)eon$xv#s%LC&g1t1A>g;NaX8dMNEU{rJLJ+DWNAHFJ-0JsPm2IEgiR*b( z*^mJ(5vg3vt1@gyf_FcB`FfeXfd9Agey$O2@2=!b@YNR3q+WeB#<_snR964K3GMwz zy(3(jZ6R23_=QM6oqH~gL<^@s`(S;`GujlG5Qe6$&U2?XEKcYHD_YozXHTP}#0+HX z=?M1V*%KeHb3O^%_C9rT8Jo>cH%>CDXGeHxit0pctI@P~P0Za-k!X6uc;dT$5&K=- z+@{sYH^Egp*V0jJ#%(fc(W$%7Qm?|12n4mCB{-Fp%GNo69#bHBmnMtC_1-{)`yW?o z(C;_7-3Vo#K)amzj@-|mtdXlUZxnFMotp;MoK>oTj7vtSr|4cr+pF8;CVBY}h0zOW zK0UtW>h`wl0TN-?s|ySAfBVFYX8;InZr@K)&9|Ut7-JbLCh&L5xi*1t8u4v$kMXFqI0n15E zqDo@1M1mLz7qi19nJFC|kEtJ!%h2$Ozudh5Bah6eBsmrl7Cf9cEsXsu@ zfFees!2U7;sTx(QSVK`SxyNxh*N;V9T``|k!=<5~8W?ZOgyOX>NWVEv=epK~&Nve!z-|8e1~Ea)L`RUv+BE7B|@wf{ulNSIslz1pm%7E38H7SE)v5^aN`Y zuVg-|AWW`l{d+OlejpV6$#0Ske5ay~#;`S|BtC@M5Y$nIyzy z{W!k$1ADN6@KjaMfv2!#tVyzJ)yZ#UQJ%xSoyD280@`pvnYoW91~RLNfxop({&zS1 zM}4VD1==b-f;?mX4lm;>p4fKEJ&ayBS0XC*vkE>8&0K@RLI+LM&ZAm-#Y**i0vP(A z6IA1?v~#l7M2;=jug8C~>;Knq9LurL-^i-YkfqN$Cov)`Ban4?|=ogNaX`h`DVx_BRm%$UVo;&Ew}gX9De^x7cMm zBF)TXART)nj`#ar33Bc82Lt?fmV&aD_Xp$k&#}EH3oCi47Hd7yGn1D6lF`~Ux1^_w zXKO7UnHVvT7R=yz-0+~i9{v3H`q0tl?r4K-K&DQL`|Mp~MWQiMG$Dpv|MiaLE;9fa@DB~>kW$OnhEK>+E&-Y((Qb&^^|HzyNPSWe<^gG zMDctqW)%9=A=GN+zQu7*`oLVKt1+TVZrKIeQdLeD(mu_95YjTUoka<9BY&{6Q~~u} zseo>D`b&IHiEPAFj_s#Bv?9=)v{(?1G(SS`iS>8c%HsQN<;LQ+-B|eV_@~>K;`yHb zs~K4~r>w+o|0!s9U@6nm>CZJTDTbD)j0Iqt3dt%`L=e6Y;A&0_u0POdQ%$QFt5J``u( zUayZ9ngtNk<~~%$ZpNTrH_;z-{17jEoqwRNUAOao{-xU>b&p(yhUBqV9D_18MT1{C zUteRcHkb~5BQkv~dF~diMDfhXb}-s1{lIh27&>K#i>iU6!D!QYh3>)(UKm9#hewQ6 zNJw$>B&zgt9n8)Jw^r$8PhSXGC>7BI(5X!$q}F2mITPOMC`tzagW~S2@S0nEJiO6# zTJ+pJeQqMKff%!r-BS}!f{~>5gXeJuea7Ly?8Xp0&AM z^z$R>gVLA0b~@MIlI_Icnsza(*4?ZeM?ZDRcD*jaMW9#OjMLi3^r`#DM~8YOQTvv1 z(zuFJX&o`+m%Dk_w{9myoYLymH%S?OvvZr|3SSmr2ivXZmn8O+?PLwAkmjjV$&pMn zPa2B>{QT?sClwwSfd;c%Yo>=Sa#GGHC~9)$<>T3Oc4D+AlVvsgnRO0B&-XmTckZr( zn_F)+1pUwVVntok+fq8-jJ%iNoWA8Ym4MHDGg(_Rps|27O%>tM0fWB?0!je(1as$umP-I?^0HDKkuxkPf+ljU}fcR}2(&(e_+jcXEtBwV`%#2;>e>>2vzrD+Xz zM?F(a*ZeVlhS4{m%-5TiDA05CuHVaXSL+JdSno~MrY=-?l>%-^#=3q{ybm^MoRZS> z*e^yq3uZH-I>`rIVv&Zrw_?z_mEK;; zu%FKj+cUx(PqHMA*5?#V>P3l#rq*>?+7MLv7A$VgJMFlwN!XTSq$TjkUN-$Rj~P}M zf5vIk{W9bj8whWw4&kUd_^_OjKfEQy#WEniWaQyg zjRInSrvX=2>VG#e!6|phb&b1sx?fwL-)bANkld<}!xvSO7{$r5AW z>&Wf`=tgZ0E9mL#iM+kab5P-Sr#HR!*Q`W0oyjXH2{W;&4UX1U#NwufX}yD()6*md z;}-XW?INk_C+D_))zWvkx+;EhwIfWO;MSeLaxSmjk;wek&?{2-cJB&2s6S?xJ^3JP zF3tB_;Q*oV%R-%x*2cbypdb)ckL)z`cbGTrp0`T{*j~m#6&RkV@Urj?==k-JKe~T& z?i#}Bz_>9b_?4p*CvcWH6uXsp3Y2O1DuGk1)UV$ZIBNL5l_Fnw;G|W{r)F>9F;|%2 zh(@w>YSX(j=;@|tNWWH@*TO?z!>R`3Pn&i+aWA!mZ5!JH&!Y}>jYLf%bwNk~j_6n8 zxx#G8=%H!rh3mmpDsVo>=x06m*UQr>67R9+?oHlvY+Lt{w#`qw3unwIZZuTu#z();GQxZ1sj*w)Ah+;@ih;}XrvVmL1< zFjOB@JM;%YWf0~8Z%Fi&)v5%TX5tg`_r_tuh zfal({D!@b|>O{zWW!dtWN>w^V%JIuKm8smI`}1If1H_#>C$3}p(k8|90Tdhzb(4#$V{7Ae%@3SM`30sUb?w?SWcJhrpO+4L z_LW}y_=WA&wahtQC;zJ+T_dUuAe@DQloHK+uMEQ3)>qpn!2mUL+oQ(av!C3&|86;# zx6)z2T#ZqaHvYH)Ztvua1xz_3Prh49Cpa@r)D?&HAv_c_MepaP+k4q%mpYqvJG(>< zW92CDKYE>McW-o@CcL*6R91wosZ_ciXsZ#wE@UsiHm%G>-_5rVU4XKS+-1L4(DtRjwSHxu&@#v-0dc90<$Iv(3PHgo_BD5BD549QbbXetj zp>=NSny)Ey40DP~P8?bg3nnQg(>IB5zpR$gOzfDyZ&xuN)3=d~JBLle>OBo-SWQM^8LlP@k%<cG>;N&2^!P*|%j2+57^7{3_qPIm zA)pfHNLglkf*3c#MSgtpy{ek;2Su2w^7k6#(Q6|-C1XO`oKb}eRwaFxQz0hS1-yQn zfnB89sOE)lxhMVFfFdGT_JQPZA5vz)Z`|*6vEJou?ox|VsK#;AxRl>qJ@m}%z(s&4 z35}TQJTUHm-#XFWW;gyp#9s~Kw)?}?1?%Lib}WEvrP?4Z%J!Zrz4E4wrS@skIr9IO zqKwrH{{)@p-b(B+7mS%#XBN2M%HrCXaQ3PTf_^?>xQEj)s6G?2y9xhbo{j3V$a#eT zq?4F;0846)Oy7IDp5DFb{NGZ{Z;&T^7|#>6qT9fkPmA&EI5BwFY}^0n*<-5 zkBr7sse4c0Zk#8Dm!J74v#EHGi{=i)4-kk39l#@qPQNG%8ywztyI@-MNbb&dEV^)2 zfIlI}NXqiu3Sqr2ZK})7_CcnLS^7&@)J?zF1=3tUPooWV57MmZE!kMv%2Y%;v_7YD zbLv#ArFub8h~7D_?&aPT46pir$tS*aALdfXdXX_Y9H<9%(7eq{({JHH$H}*YxhyI7 zfif!bN}i|w?r&s@LjubI<^fHHNHw@4#cFpwq+v#^unA=_wYXufz!xot5MAe`1*<@K zCJvVahOhG5_%8St>%LI-+bdLjhMsBx_W&)h8}HJy&Bl+vj~3h>_o4yIlq2qx@Yv|R z!{ER}YRwcqivoiuv=}PA1sW_3`fhl1r~qX&-5&CH6Xg4AL(~?3I<%PRH_h`Q^*Rg_nECW zGZ%>3iFqEehWXwj+LKS|aA5kN;_PL>#~s%$i}8rtWld7RIzfg}LzA>SUQIieregXZ zTM7nB)%6YVju_?WRMm3Vt@i?TdA@>BQL`O@cEYPAh%#0K$U=wVvm{F#-7#AgW12c? zT6?fsyoMvZE|v?7gjcJv>-^|hl#accmptSqGJ1z_V7TzhGkr>-d-yRzMQbS2e>jHY z9p%*ZYd)^EWAYW+IkNOfiw8vdQ092Xx%1J?vqq0Vyx)u+U-&1INPNTUc;+<7WA1*# zonv_E%UuJ?6C!md7Zt~W%VKl8YplR6Q$Nh%$$>(Mp|57_LEOXGNCnUVf>)i;-(nHu z9Qhq&)c)%bx?#Uqv$=SGCCrTQ|No?SZ%p4o@KNW5ERz!Lj86vct`#4-E)B z8MN;81jY?}&09dd2e()fHF#2QVa$toS?#FyfqZLI@7WWTSurt}_$O#n(9!r4__a|Q zg4&GNPgpg;P*=EVCzb2VY>U1dpP2{ma0w(t{@|0P~jiUYV6@}FL&roW)YQ~{dx~HbJ8fNHq}#g@_NMli$JGO zv02+5@}vS=Yb=p(aoD$GH&a>vJ~ea-GdrSFV89^em$+6G9;s$tZ6tBaR3K&>e)nxB zkAZ)UCss8e?lTcjh6|RqMhZJwaOpU^sGHN?n$xMMCYxhcPV|UnE&vW~7%H~q=ngg& z>4JW`Tm{|o)SG-6#zwgR8yWW{&cJf1=h9!Z=kc?Um-cnKIzAab3LW)o!+~b%;!WE@ zDFEYcnDPEqp_ei&s;aO1R&|VtMXy_bCN!cckdKD^lqq7mej`i%F0#?&6g-;>Qss@s zJGa@`#T2B7unWU zaF2(xu?YKh_1h9NkePxA9Mh#Apj|l+QShxt}?OY*xF{#IDhvi!@H4oe4R% zbNf4>YAQIO17prs@Aznbm=>w8-ezzkPZse?FzC;Zwg1kx|3xXASZYHlUZR#F!1(b}L_!?Spl$GQfuy4j7trKjqbZ%IERO3R|YLspG z?;E)#Rd;@vUkXdxV)hPR3ZYcccPb?$#Xdi>XgEF#8z{33Un35l@(yP$?7t?e^pQL&Z}bHIyr1l!%3lAc zl)Vh-dX9c{&c*F#1@_*&WpW}YLJWkyGp&(N%{%lsFrQcnSJv3d88gsWE^qRA5V14W z5bxm^ynEy2(L>IorYdV}OSRY2!@52JH8A$&S)}I0g+c{SP+(K;$ z#AXp_xWJ^W$hn2o>5Wj|8byEer=xxM_I@q8Nt&rX=*$6)ri3otAgNz3SvY-qIPTkY zpoyIE$3Qbgv&qQlKmDByZ{nY1c+>xD%J7nr-ASvPJ5$goYf_o0Te6&<=B4Z!B-t!|I8m>$KwXjn)v2-? z+vNXM{O#H$@97a$p7B~DZyM1jWv1YH@$}dgrJT%0Li4BRuv!Eby2~WjfF>MMhAU7l z3@9rk|NLc>2qdMO@&&$R7~JJ-%c=DnyP>X5TM>lz6 zymg{%%Pm&JrSu@sq_=vxrbFCzZg#u_TjHfg>@p2VWVG&X@HYBY>k4}=spxlA>Dgb* z{##JTrR*y7(BAtXluO+9AbZ?eF#V6f(Yc(6n{&j%09cFbF}JC;Yd;C6#vRwMBr9zj z8qSjd`z0@N=lG>?oWq;x74VzR%sa)TWhedSljXUUEwD9nP>ViE-mm8TWW{tji&9@= zGvTQAlv{05DocDtKBma#cXf4Pmp#L3sfa*>=0ljM5WJqdF^H#NKba3OwpMhVNcSL~)%%d%&XcO2VqQQy>-E&kWI zf&a+fdD4LM>^zecb>GKo9CT3m=8w`>-9Wmb5=RzW9iL{|mhB9F*|+N43K$)`G#NR+uYl&Es$y|9(_Efu3GEG z8+FKw<;gBG4{+8os5^}5cCZj_E`YB-_2BF5v7&+I)xHgUhD1$qaBLnShdCL2L-yi`c08y%+n2glT=@} zW_e21)iWtF9cFh;jBzGbI%;@&pKggZ!mu*;)R~%Ofk`Vm|_N zsa)z$w7o|nS;5vP_qj|ooO{8xlWA86{I$^tBEQqF->f1vs&p? zcXrHRN*VwyBqzQDA7svbr$xfjn^C2t80AM^WR#M8e#sG4Qsuq^7RqtEKQk{;*z zFQsu0L4?)$Y-8SBgPezyuT6dQ*OC+pmaHVchs7$I8v535JQzyJtZvf$HksbYyx8nbWgPU_nn?AESD$MTa&_17A%v^umMZef|wu2uA_De zC~-piec7Xt@=4Ic| z>QJBh$kR2vrCV+7M1ys@E7O`dW{E&}UP40p7=k|u7@C2L9Sdm6yUwk$tE%4!ls z*@G<1QANLtXR3^(XPctC9O6$~Zv`LP-78l2nd7bt_Hz^zsP3S_xE9Om!=F|Q1=^yV zx))um*e7J1I$7q{YkWj^6qIL7()~z%Tdhbv=6V>3l3vVrjdaIp&&op~-u6D7e+cXZ z!H~1lL`BqPX))SYUM+XPl7%Td3@c*6Pk^2WO4I^z7tVlj;$$xIgO`aE_PSAOfu!zPbNnNw>TS*V)?n+pIb2p%-fhT*RN2P#6-Hcq zE?eA_3l1d6mY64VkLY{?;mpL%sC;PNX&DCqLW*aqpZdIc*LU|_k|>DH?kBfwy8p2H zZRZ!`bsP=VW$%u8^4)G>eAz3%i1hi@qMS_VW{w`jb!>S>mo?vm*S3nv`1YvGClNLZC6!TjVE9Ucm&NdF8Cm#O0f@ z0%dx9;Rra@hNOq*yF-#-Bnxw6Z9b|O-77)j((45erWrm=tIO0=`7D`L#R$qtElrM6 zcXjIy=nJ=Viut&8t1+^{$Xx}#WY|WOsT+Qmu~1XbpB3ufABl5{NgOLTCkC2tpt*S6 zvytotJyHAtA<(p8J7e#fdJto~|1|oNfM6IOC+rsv>VNNSSGqDt7W!F0uZGy)&a8vg++OzU3ng-t%GUP)i=}p%>>wJAS?h zl=g3<>B}hNpdLQ^0s&5b(WEw{L(DCFPNtJ!3@G@qoI&hjCJs0ezA5$~d%+>-bvjgWl#GDid;KM~OlN<=4nyo9)7*~33 z9r36j`bnLI7;9Ou13psqLUT6L4sA8^b654@Q=(Jwyu0}^!-ip^k zSf%bJJL&h-zh4PhOjntz*RB+pv{@U@9?HfIyAo()65A#FsoDnmUrg9FL3fq&O4hvL z!sw?CL(R}_Oh?JD2u_`*gmU&gKfnm&ZszM3z;){Ptjz5a67YCgiu-;wO}|F*v7Adt zJ-gIIq*~P%b&U$=ntn>4c{e>z(M)emhz$C138Lf9M(O96KE~%_Hn8CY&n;!EB>%6G z`ahc}mNEF_!Di43k=|{tX0%}Gn(7*=v!ptdztY_%Q0|y}V8gfi0V%FfyiMBw-MzBx z9JZd<`^ztE0s6M^_(z)}*Sa_MA;Q;Eo3EV~d0z|MHVw{=B@Ix@S;Kd8KShMch)5@07S? zgPx`>AvYD7!1poWfe zy-A-~-k#|{zfm}*(~Vkm#F2-mKgT0wxO9heyA=)J$UbS9|%Qzx7Vj+~)>Zs^(%D z*h;#b7m9DQP!+`dN_(;!dx>FcPRz(+kOP0q+R<*nFH`)Wv-bVT%}{{8H!dYM!IR%A zK6-1<^!!d???tdi?L@7e|EUH|Dac<$Frb$=&&z!*`VIT zoTEXYR^0+&GzzZM%pIw?viQnN=iRV)qbJj%yQI}IjIQWh-#aZ)*=8tUU+DsWlh4T&jGp_kD`A>tfi01Co2l?e1(UtKL5O0tMmCdHbb~wgidFj?p=bH>a!kya%4$+ z$CDhh9+Sa_MU`fh)ICUVp=tD#X!GXdq{6O-v}gxj`r7>cs}HLmwnTbR)f5mvR-&ri z71hg2Da3U8n((UT*dKMrBXvb$`58Lv$!HZT8H(S?^04r}ftX(qZvgbQD!pEc-wR=l z%ce(6{x4!3-MD8dVK@kqrH#mOp05R?!Zy1}|hSxWx zrcd+A#!a9>*EPuv5~P-XJ`f7*3|!#SyMM(5efSlp!df!gr~bevS+CtotzwH@|fm zd&}y+ZZ_6?U}89SZw@}K0?3-9>BdYqn6MX3@@GeEckwFQFS1gz^5vw(yW>B#7>2w$ zok5l=WV2&^tvU`xK;WK;iBbJph~*63sE4&lSdSEUA1`ui|Be@s#mF3*6bXD{TnK)A zqb~+g%%iJGZz((QVLU?A|7Pf6Zs-fQlj#fpg2%tC3Q{8Gj|wz{hBoY#{9X6}&T9u6 zbUnHvhADBf6*IbyVCj8M>}?W&4LRm(mdX^cQp-b)ItE>NahuYvlES#SF-;>Pg*)f+ zJB_3BA59gm*D-!`4=m!g%$0sfCb1dO{YJ)Frr~2@9X+{GSuDz+b8469@h+;Ninny2 zh?B2z0_Jx8CFHXEk)%xa-by{80C5a0t-O`yK2`T2&zap}(dqVCeZ?(yEXEZppaec` z(ed}tD!Ns)$52phD|+u85Tg^4N)ZrK)EDmm_+Bc>FDW1EM!Ya9*W412qB!%sAy9N= z7YlQiH)wV#Nl$W-#)S+Pn^t9L8n`*(GBQJE#St#0e&a*tnl{;5_;uX~di`8n2@wWW zN=W+x+CeFtNvr6g)p-Lryj-%tt{IL-VxwHo9RUi{pWK%djjf$)hjtxjK|k_DE4e+S z(xmQhR${)z8mpE_&hM(biud`9IDkHD;_gKTThJ}ZlIOa=1qC|bi+GJ zPyV{|-%53@^7HRDSz7R>TQ^oITi07CdNS{!S1m6|oUB3N#Hr>e1G=foE)uZ9x^l4p zcACY{?tI|s9ZcK#=iWRBorDz5P-x}l`T*f7ptSi2eROJT*qJ4WEg)QVX=y$hlY)H* z#GbH)xXM%LipSYw>iQRX=%urQx75;u_4zd{nXx1l3CvB$jHqBul6z4ktVqw1L>u?N zSj?GuO!e0~|4+W(zdO@5q#f4$(^Ni{_W8BLyxjxsJry~}sbPWZ!GP8CJg+fAsr%|J z#Q%i73pWK!lwJ!Y2ZQjZ%fcU-!hXQ_ODb1NNlSX?arJKKNlBr{l;p)SFb}h;hb~dBIb^Ty^UISG+kMJc*FJ&M9sS;oeDryrW@4vW) zqJ`Rki>jk?+!>4H^p;~4-FOGjR|4I50PZQ!3R?qB@68627uih$2|i{4?|aB6Z*ClX z|0L@$+hn=W<3kfaCE_8A%+u1IMD)-nxJg^GH%WK~9z0(w9Lk>Z4!%D>U8kQfobUj= zRn%aYo{5UiIW^&$!J1dhJ+47cB260>3$t?8MmqTJW`zrLaniHLTx5oDyd*2fr3|kg zn`bYYSYI>ox6nz6O?R{0@SLsMLNZ}BWfqbO zf?-KjqRYG{-(zY6_QX;(xU0}$wD_HL8J}lG>-q`C&#$mZS9L=skr?dKm&O#v5mUG# zvdW9x8WSbJmYyj}_Wgh_+E3r>tK_f-M67kptUaEqKBmA%bxdqV9IJq%DfgV9sf?no ze$^4XKC+kK!{1;LY!b3iJ8P7`nx8JJ=+OHv8YXEQ{~{gZ0(2WZ+ZcwqKD-Oxh(dK}lWRNpvAbIEFLPKvf1RQY@)($=^1$ zAjq~mduAirJ2n0Zinp@7BOl~xVt|hg+mw-Dny8XRH0L`Qu=_N<2)EMVsv<|BPQb@X zO1zf~J^1{t^NUg`3cqGf`#n1N@0R_ON_k`^xyB@R?arR;9$$OqsUTMv6N)23<#`^2 zG4^T1;#FrXTa*9+mq!?qoqe{w(Ws2gdZe#ml_D%*GyOcvXTJ7Dc70OzYyy~%t_hl) zn?wrWZ!8+t(GbyCc&)|^CiAa!qp62a%}D7Q1HVfLnN^?Jtc`AblXS&5776z?U35~_ zq`$h_{~)529bmVtY${xpHH}^85y;K+o*ns87;Vc5w(Bmre>~cpv3lGv#F4+-Wui_G zS-C0r*<(uL23%T4hj8QFbjT#OR3$%2^_%fb-SMsCAOWfjYoMPeMqt8<+15C4_LBF{ zryAnFFt-e7jN`#$qs_A4s312!B_}S|xHxYq6`M`moApppd7{lh`QZy{{{~!?BgH_h zZV2)O!qv(m!^mHs8~bcpMtR2H=*?uR*9_ztYI4kR*aO(5Hlm?WpeHQm`cvBhBlrsD zyuveWDiJm89Brq}Dc;5M?d`MW%+d|S1~54T{t%v)K>5)d~pkeOPCM zT33Oqd4E%|!k7G5VYpZ_IP7hc0^khfD^GFgZM0%em_mwX#6^MvfV`^1Rq9|6-TaiV z$rf88n4Ys+0`$tl2=G0zhc8J%g8soWLY>Wi5=Kk!ryVn8b>%GVu7EMR+V<^P=waoq z4_1pla+(z{N!Z700*GP9?=ScW%ib8Won)LfE=`QsSo(4b?LC{P_6b}rTOG|)Hu~whl#5bteO}$x zqLeeFNr4>uj@LK^Dwm7p=~jF#Q9z>qck*7L^oCr>Xa=}sw>@+f@VC@iNi()hNUZ8~ z&`pL?yzrqj(Ok+Cg*xz5f-Oby6RLE-l671fj|$_(S-dm;MA^Dae@=ES)2=`eVZI90 z=U>SxcG0$u6zLFa_A+y+KLJ)Wqdf~RG+KMhuCCq9;^pD#@J`I+YUNcF z`6{gXW9l2YT@+iQ?z42c!2h$DOHo0Q@)#3aGLa{RAn2r3I$G?U9C@1$Vk*VUJ*w@Q zT%O3wucTqiA_~u;yGGrkJ-pactXOY|M&v3E^&bOU4$+{#^DZ$a)l*F|48G0E{o+;b`1k zg6`Ydet0dRV7HT}>fz=%rhUCIS45R3k!uiGurLH;PwXcg?)x-Me=6N zLGuUx&Q!KfDkXgN1dTfQeow=wp(c5LN}jVx-$QAbx@aYgq9oSOvp0)^OsOX+y-x5I zl~{E=wE9M2;z|RCmbqDKX z%mc(a4mC-G7hWtjfzS9H>oqtEP=gm&6<&KpW#XD=%8V6vBKbrmA*x31Y_JU_~Mjnb`SyloB>0CA9%acz1pI=J{IkNRM(-*W+cd zqRI`8*}L|JQDLjFC=a`*-wub`+QxIS1x9pZ^pjPp9Gz7~AD>qXgt?gXQWg%uF*Z}8 zJ6rspQ$HY*G!Wg2wp0+{GQ=Sw)ZbvA{ab*mVZRT>C0c5755lW&1~Wc1A9r7@nc%m5 zD8_?MJ|+6`)9m6<5vd-siSX}ebp`tf`0L!nYuCE?F)12q(>?FYn;LW+s{3 z=LISR<@K99XkYWjN|!4On^q9j8cUt(?Ia^DgM;rWfQnz>*L@IpAa+R4NXx&((yuyyt<;8ZBw#6?37oX;chdt=g@X z-N}jlqQ4T~d?Vo{84SK09}aRD4OVvVvBX(?OMAD}Mb)Ei5Iay}DjClyoXr$6~u_S zgndVjij#EAYVr?B=hpD zL~o*yw!uBVd${(7IJDH-WZ$Za>pRg(yOB2=uj(+@Wk^KT@^v;sfmx{;eT^#S z6;*<`kQqo@oBnQ6Ohluxt~%G1dATKEr# z`149{!g}|M>D)@^t^($Fu~o%DqiSWUB-hz{oP4BFg#E28Yf3L>`j~7e@905YX1I%$ zupMr*h*w0BFlT9ss^loHizrv%6r_aJW^!{t?sM}{C>ko>Q!iuFuIDIKLlWRKW!s5I z)z1;qltVr&fJyij9SzvCZ@ywzt2%%M%g-^wmFi{{Lpw`G+y(LCWG@!|_g}W4zi-EQ z5Z0UvQU#{f^GtyW3FRDB4q)h7x~W+7Lkesq`-zW~-8%1}If;mq`wd&^(&QZuHLrD)_?wXf=QJ?Qyrb zxeW;oLP&3nEk6XG<%bj+dCxs#^ zpOyXlRvvhHooy*wXo@VzuAcljeH>LXW--J0Abh(8w0CkT-{aw`Mgb9cQZ^C9eB3kG zbj17tMtp1yBLZeC51t0oRfP*`FsHu#vu(=Zxx7OIn0)(Y!YnvL$3W+6k?EiJll>E) z{!e`Re>Z$O8QDV-ucjkqGff#a0hi?U5J!2c3Y6{0PMJ{4rC;`%7BNz+jVI6I8H3J& zg#iV>k-c;gkme12IvT9Rzgo)C)pct>-MPi|sxQ$qMX{<&`SAB1b>U;?+3axKuNIT0 z&e_;U*E>D6(U8@LiVO`q0s>fZ_?G^iA7Xe18`a}@;GCGfGY|HLI6S;+!%de!vzq;F zBuO`O6z>=fqJ zBh8z&_u1#}{f+aTv&Z=E8Q;Bk>^TM@BYEdD-fqgIB~K2};N*Sb{Cw%bnAMZIEehgKb#m5|f^g%YJQSA%IwYl#E5 zq|B{#(CB<33Efdf6itBHFpf*3CpcOQ*J@M?w2CnPr925BnuXDrOI(y`^FA|QpeS4K z*IZx>l5k*Ed|AZ4;zn_Xwj&hN2UZ&`a?jOj%$h1Sfb^0YSEVxp{A4ddVu>Ti9h2oG z?!X7?g!cS~XT$}{o;TNu%O;6tSKAi%Mcw501OXni-v{EFeIAtq9GzVCO;s2- zmM?~{AU5$ybTgA^L%9T3TtCttc6i9uB%&1S(mQx-CcVcz80%+$qYUE$c5Z;flSgYG zT-gI~3i5Kmf)Gccu8hWtW4>v{O4N-)LTh$Pwn8?B^uqBdR?enmB)0sy-Sc%>wuOzh z3>&0bhUk~Z?1GPCLT|F$*6*y7?F}h6w-YH2bDYChKj}s7JCxp*8sW0HGP zChcuYU5y*7NNbvPf`kVKd8&wbPrF9j@iF@X=FBI&V}Yl=KdBg%c1jRJ>H3$S%CaJA zRhlL=Ge(3d)3SDl@yKkK`qm;92BRDt(zrZQUc6&Wx5U_8D9&|wFlReoNBxtOA0biL z9k##n!PqgQ&l%)C%pa~&9#kXaSNoLuCr786UhB&~&78&tk!gx6bjL70RwF9HOf7v}jl<`DKLH_T+~proBfj;P_uiO6)G@{V&C7iq!a zl0_VS{7Y=L*Dd93tiW|H_o`n1!wsL9_@Lq^808{;@5@7OS?2O)&zrKh(|N>oA_wi=Y*q-E`tE`@x1!_Mu+uDK3U=@8ri{vH;J~Wv*O%t z7Ati%DSs5EH3ErHPttMOG1cKj@pK`Xu4w#_30jrV+qaZYsZvHT12fn0y4THntQi3k z$pb{!)Y53AHc2@tKptcIiI9R1_~I(FyXk&~z=}oeMAum1H1}0wGb0rP08`Tg3i2~r zxbZTGi>raD#x+HFgzpMkpTS`|&&kXrCB(OXYt+V->E-{di12SOj_sC~>A4hzT@T5Dqa$77(dcu<{^YrQzte?9?2w1#e zKWoiwb{;t6-iVR)9izpf;*GNv+!StcFFuo;Z3zl)%53;ab=};E=!X#!a7mLn@|(S7 z2k*nimIaD%z7aA;|4`&C)6Eu)57uU#iiT`CZ;iX{)*Wc(M|Bs5VMW5O$>~34D?VSA zao{slh?|KBSmpiNqnlxssxH`x(dlEKNshKH9j3odC+L54MX^%^3f30SsHK6LR5VuX zcn`8fc{PN8HnL56G%Z0dH}>e`b=b1$V+hmju^F3}tyZ(ViCdw+r%= zMr=MA;O^mjmlzrB8DIo(g8FL1uq&xdE0+41#ZHoTF1u1Ae;cdq6%%q3%Wg3&huFI= zT2qSG@gtS_b7ETGOJ&$QOk>`;_oZ~wysqx3>;7x+TYR=;+ zflvt=9sQ3ATt4bQpbK!78T&yW$PsIPLxL6Q=s@VsR9e&7NrqLo+^N9KEwkp&+boM< z=i)tnJIkI&wmFlD7#IY$%&g#I^nY#0v_aQ&2f+fcuox+B+7g+rQl!NAU{Q~9ZMug6ojbl~b z{HPBdW={5gdSyikeMMIK^}v2FHWFpvLn^CE_-ABM$k5Rr0!W;M((WzhIDTZ(zumZW^z)~r}>ikxd!G5mgXWc zXCmynp&DIghcvf2HK8qr>slw3`4*p_iV(=YK((A4I})ofGY{6IR{*$>%PgzDAv^Oh zBLsE>LC*}Wh9o4Z&@s`v{We?U9}F<=J??cbPD8J{!$&J-D<%gDIt_GspX;WlOKP-| zlX%flik4|f?m^869qf7yCtOFefVi(lqb9eb$CDG__>AX6aj@8PcJ>z=HovUpGFr$* z(@s$%udAWmu;w(S2mQ3GCrf^%=P*oP{xVuOxkd?PoP{e<%rRASK*T(#d|1_T&y!ba zW|sBN!>M3d2mv8pa!%YtRwukXgiM6Gog8~a| zXVbQgQ7%{Tz_PWR_0~z6ZFBf63%)XE+C;6-Tf{P+-l`b5WahlU^^7|ey!TtyL41+! zi}G6!mxKA2pRK>_GOHeV>0-h@#P|f`^?r@76b;@QR5csEJ=tT45e)a zx{q?l<^JP+Zi8~wPH$>#!{v9mQT?2a%CM?h(l$;hP5-6Hw zFspBG7c2IKS+>qeI+GKdB9_(QX14X^Nwl_ac|>2dFfl58Dq2tb+DN)&3sKfS(TJP$ z%syQ10U~tQ*yBvA%xWg^O&N}cphz&8^Wc%kJ5PusIFyFa!hw!HhjP@MkAk$rmBs^ZmIXn zjStp9Q@^Ti_h5Mdv3j#O4)9EcmHOFdrm+IZ_1c%hNL`Ynwr(L8W!0KJ>Op$;9*baa z&}XdMx{8LWQA_;RtITvI$I~qnuN3e?zG=)WkG*lxUQiC%#V;EjWO)n6J6mm)KascQ zUhhGtt#w?xoNe4*24iqP?mw-nz2v%P^2qXQ+g7)+Zb~AV&o@iW9JeuUo7~r19jl%i z78twY@Kw5J_EXf$un!P~W>$?icaFdJ<5j?}WiCLT{32MrUy9g^K-{vNl8Tg4;PtNK zAF6jwgIWT|(a_%OV3jsQF z$m|D)I0bKT#%y5VnCKA!za>=o^zp*q;}!y zQ%czdjCsw@N2JWA#I85n@u3UDpA?cj`|Kyy$#qhJ81?s)iz&BH{OF5&#th39s~Jn~ zN2lE^3O4jV=%v=%+W26BNvMa^UVAosmU?q2fSg;pp)G$$|KS(R5PFIiSstTXG?Fys zfcyLcsKHH=fghSPVFr}Lw2KXbjBIm%UD2blAoCgWW5FTeA9*)_<0hBu=s7oF2SL)A zdOa+m&`-o@lfzk#F{^in0n!YK11RUY$n) zV*S9vj0fZ5W%2b%ta#ZKTxY4=(DF#B*h}Ux3QInnE zjLQ`SnH7%X*{?!l5%F~S6{|h8Y^wr6r!A4ZB0q* zg205g#N6vX$(LAxtJjG)_m3iEhs{Q_rGZ~{9v8HfSY^cJCYA;Hws0h|_-1vya_}D) zVTggFsVy+Y)|&~g+&ln*q6DeKE5@>_UVc75@SMlNNZp8p?OP_U%8ju>`Fjpa+OaI} z9FVXcr3u^d%jJg^-k=vgCMP0&fw4V6WFxZ0t-891i*6dP_Pl{~64WfIyq8TyVgdbu zm3dfOP4B^Dr_)p9C^}w_yOo|TK`1RVMBSe+fSAD!yfilQ3-8aEIgcQurh8Tr*}fJ;U{5+c_yI9?1!=Q0%$Esa8Qm2w`xd^{?o;aNXL`4|;?7C1$ak5_>NZbr@{Bl7+T&5=n5>iR=d)>c zR{&sM5cS+yNW)X8LrTr})Tb2nm3kW>BuexC5)+TMo)eO~IHvOE>Bb$cbPvlZx85o6 zV6vlcsZAPme-+c?99Q(hvOonfYGwjOqlhK^Vae&1sVM|)XCqtG2jOtGy2KmYC~-r9 zHV!$DBy5Y#V+^|Z4^m&#I|eiJ0NnOfkYh4_O*hOj<-vTM_Wk!~5u zxpl6L)VEqJOHB2>pH;2-5ggdCSg>;I$r{CIz&#eCgTA$5GN9fCLPr~!7vgpu%3?)? z&D?+$>SLwAI01$xAt95D5k_yX8o1W1lvQ)pI{?o9c*hy0^ zN#`S02>N>Kh#%7^bkMlbE0&Rd_NzCwEj$8YiP_T0kB$=6+4(#HSn)95o&XRS(xcY{ z?|ift$gfZ>Wil96{w8YV9<~{HC^xM99dLb)Rdubt7%yt>TVvid+gLF%-+_^qJ%Atd zhZRdschuIm>x|i^3ye)%N3A=zWm#RAXX$s`RO|J+eec z4$NO~P50T@T+5PotaPu_xNSppMmtBfn?+{~WTNDj%%d#2Zu8h(xm*h+v!Iq);pb4rAui%QUdgAtcdR;;f#3WLSPgzm!cP*6nW; zWX)Q3!9=y&Q4Yr@=&vY@*Tkj^T>h$peLq4YC&2(;dP>tG5$iP3c5Av9Bh9b9L@!4x zz<0$zk^?KY%{ex{oxO5WJzfXx#=XReLtvc^GlW_vrt0k;Oye6p%}6g z`nTO!=1NC*v)e-flIG|R+Q57XK29V+p(nhW>O=Eu80E6Bjo2H#THmCV<=;wp7YV<>(eBBIYHCj%@^j;I3sI0&LGes-O2dqs`l~WTDP<= z$lvlN&`2a}=AbV%IyNEYEwC%fm%^X-OJRu8i}w=&!UK$N#7rkOs2BxR9h6nD?Il+{ zQl2(VGD3rCI;7kTU)q#!pZaC6)mSx_07N&u<~wApYSdD7Af<3^J^;#?)_qM>Kv`TQ z`msRM&RLf90jXr20l#loBBt$Ez1C}Sd)s`Y`E0W+dVH=b1Bgr&eT=XgfBL~g$uU6$ z4tjvrLfvFFrtv3bI<+!v6y|SV`n0*#X|aXTYpvs-K{PXOwH8y4JV_zHuWbU>Pn$?A z;bxvC!AJ09?HQ3aO2RCZZYg^hV-6h=9MZ3njjCyFdqPq~Vy{B7CoPD+PtdLsRS5Ht zXo*hwzOPuC`BTVVU&?fg?G$5E}%a%rv#b$ z2(b(F+ZKM&q@poVoLp_y4y+n00j(Yl$aRnUT?5}+Xv}rxF;pkw>{PwhqJ!RMFo0k& zg2KF><1n9z0a~?ohh?p{C+xRo6r-@qPOhTQU1f5c?%nIlbJNP)WP9U9@%h>5ch9nB z+Ko+Mwwk=bVYI39j!nnItakIAw${8TytbaR69%FmGtyd#*(+fLHLD~=HsdkusuLkG zzL(eZ#;xRaUXc2%V6)jNRe{qol7hYx9o=*rxbBxCD>1t~HQI&J&eBi9T;A%l)88tcz7=Bj449e&d1SfO>J_UMFmt9l)iA3De*L!-`{l=l$?)LWo6x<+=&hGrr?)4X*ADO%@--uo z6!-T_;)<_>>)B~8lx&o}8<>WzxSETk$w5Yk8I*OXqf)?`BL2x z)-&U)n{yBR@^E6Q&idD!5$qmycw@=S+(iebG)2rl>;YMb1EWnvMhu^uED29kfXR`h zij|;*uO;iavVr^(=ksBY^!TkJiMhRv<(;u0QJ-8xid%!<#op4)N-jOPa;5Kp33f?_ zG8#^&XB1GblZij#=4d5yoL;S;Gz(=t&83h9`7@+KZi=JV8^VKxTONI%_XZAhl{F_- zx6hu*WySGL%YQ$r6x5eAM#ubn&;NY#%bu*_Y;wxzUTxd*q#k0qU`I!AnUa&d#QI(3 ziqFAud!piC?X{h*!DYB3%4T0?cp)FVx8*qMH50Y#mi2MgxvuZv4@dVS0ee^7liaVb%5RAxdtw2+qG767@~5w5K@vLwI~sU)+4W!Qes0_`Soo zmmZ!Jt=W${CaYWRwbVZjn|KgUS>w}R1^lE6dd-b)3JQr#kku=2pZxKlh?wq68$7}~ zE(~~N_uJ&4k5WP7tL6001^fm^V5!Kgj(C#9lPQxU@d&A8t=U>bzeq_T-qbgeE!)jJ zUIEVW6;_Up zV;)lw6@2cZuGPy0G%CM9$1gT{Q-@N=8@)a0M?e8UP%(8`cuu08YP-*1Z`oL6l0@uP zUEz4`(4lVKVu!GT|05Gki`J(cZMT~funGK4f_qy?i*%`}VymkQe%rxYT*J)RWAMXCv^ z5nj!JuG}`%bN*J_C&XTr^|-P`Vr`BPA(NVsO$gH$~Qz64?wrCK)4(WlgLmFWrT( zxlA5DD{?-p@*68>h0MibyC&@P+9&qLmb>eCj%S{6Nej}mq*&EpwK&7+U$jN1U*7Nn zVH+H_z8zl@Svv(zc%Qw=^{K<;@1`ZW*6bW9>wPw9feEh;Y-3L$Mh*U7$A|$C{dHGW zwb|NW{cNZ5?c3A*cRe~3R!8d|Ez!AdnAXcaGvo4Su*2-ep+)dd=@zEg&n<8-4G;Hn?=qJ_W ztDBD7+gRB|$c#~{>7or*-}$@U?+7= z&T4>${||zAY!__81=y!u1H~Tj>c~Kq?1PN_8xz7HLOq-)Zl;_<4~r$)bs2cdWKmQ1 z*LF5@U%wCI{95afBba8XzJ{4GLe&@89gwN5pCi0fP@A9ZfXI`mZga5L6KH$*QT$Sm z4ALG6nX|d0fP)4Gz(8LHyM(wBKXs)8&;dW_4#GmGUJ#axOo-^EAdHPDEEeW@nkZaxJ!`PF<{8#4^aq zh=nuBZ?q3W$g9GZxEVa5wpZhx8gcH?x~6kYm6d9*amHEy1uDm6oBEF*3DhXlE)M%L zwy&cokrxi^6nE96n>J4C^n|7>aSF_INJiOGC$09PX!E z{65jSDWQ25F5eJ!Xaje)4!qGjiz20@7-yqGPz|)ct%y>?`qh)D1ey0)iTnypb^7Cu z=4++dANq95UF|H8ri3kUPJarOTX4kiW7-n93}zx9DP zt^3=B7iQ@={xyEKH=KU0={ybJd^`|%6YunW@W-o_?;__@lgvy0rxtQL6Ya5$bH2i^ z91*kT6#no>u?tv2a5;DAi>V`$GS+uRCeU;EH5CIWS-(Mh>rw|7A znSY<;iBfLs@qbS8#@T*^6x{v>A)XHA24!}E06`Kq;?tZEAmL87jY)_1d+((m!n=v+ijS^9u4f=f^0EQYKB zNr|jmGLs?oH@9Y%gkzl(lfM5M_|jd)(M{As^?Fp_~q)L??<7qIW(<)YXGLF?u3MJ+usR`;yb(X_X|rMZ(E<3pzPKBl^elqOxb zqc@uzSl0t3NHdnB_0=kD!%sosB?EW07ZIb?An#DomU6Zp+tHm!(}w*a)D1M(0*W9} zq=qz;EgC`-WGxx#tJl*^0fGerB?sDx?{zqLTlIeX7~{7!^;@4bV{;AcO2PqUHgBFf zdgG>iDytpQgj2o9kBDWAomI6OaIFSzbzwVrvyF?sxJT~e1br_XAzP!(GDcZm-exfO zy{pNk*qc6+fFm1E-Om4ZlP`TI2O-U}Cp?*EErFUZ7u|zKnHsT$?qC87f~%p@9I4p^ zC@v@Ax*g0#;Z;orUBvUjskXP?W)PE(knLmYDCFC-c7~6MV77; z8y(`kKtpIYt%VP!STqXgM7N2|7M?zc62o-}#tc`PK%uh?=XrVwveev5SE|R2%s@O) z&T?+*dHqs$Nmmm!7G%!}s2`l_-gP+ei12m2!Otv8#rk9CLE*fByLoJj1o>-K)b`Yu z?J4h!Vr|+YX7-+He*$$L|1;T-T@>~f-#+h8s-{2K;sx#x2Z5lZhM)S9IEGWsiwhlf{6!&QLVyw*G}N|gSc-!<(k9<>6! zzN7%unU>o`^|F7hR0ez~zbcJuzVz!B0j*VJ>5Tmb0#{ex80D>TCmJp+f^u?|?(rCh zIVY{wK~poMFL6(SXAqyP+?S$%Qr&RYH%u*dYknD#K77#xtX)e}N)m3klk)_% z&7Lz_u6lGie|9P*(zI@d(1$8u& zjZzBz4dIWgwl!{VPuC!(d2)QqGRmS3;*}9Z)4I63b?7a+BIEV+oB^XM8{{IEu48!> z>4aTswRDSRaiqo?swYQSAq30rNt=6i<={*q9Qs#&QlSQR!A!XIZWghz144+UEL4>U zWi~9q5VjW^ymQ3#O4p|7T--G=UOJ-Z$qaYWoCZpI7%1AcM9p2lH^QaB-aFF^X>P@7 z7(T0G2tf^^r4RshaEZ`hw60BAQTH_|#@C5y`#w0GDC5(!U&#pPkTvpu8U@mFOmu#` zC>7oG^a*aar$LNnja7N520Hm3Iwd_ABH(U;ja8UM7;TKnO2J?4qvMvaB|gz;*Se~= zC?il{SO|-!p%x^^%=UNf31#gfCyx|_?ij;&9l!FQRQj6sXr24!Ceq+H#`XNyY}X^H zc5od5*C&c45XS7|rq4HHg&gC)AY`njQ!IQ3>ELm8!p7A8F87jMaT=Fx1B;(xF*eWF zf88)jU}WHBZ51WW25_9$XFm`gwJ_tQ>lCc1$sWx@bGnFGfpem*JE#xQ)P`A{DLwi~ zd(`rURj8$WVh3{JW|j9^fiWXkqYDIg(2h2$_RuLXfxFj>3OS64R>DE*K*RMEp5If| zmfmJjKVaG-)>8a7Maab-PdN;kWe0yvzgm#~JKd6rQ;?w?s|ozoEU*YgI|XOz(KT79 z0Tvi$fkB-C`qxMX74xM<{u0i&#e;4y78Z8C-*R{$1dcWwQfsT+Zl!)qIE;|j!&gY# zd=P;jS`IQqCP|u0fh87Sfil?}FwRowSediysB!RS>(M9Q1RL#gr*dpp9R3eyx zP(AYUxqX3l=BU)2ayD$poCx1K?*!p!S+XX>2A0SWA-EcGCD&c0wBX4TlJXkb0GWEw zBjL*@pxG!8XZ-}rmdj2zU-&Wo0avrl1+-~4$NIGL>;n4yFCw)i-P6$1`m=nguoD-T z-~Ziyf#Z1=#sez*%gG<&j%)O&PYO45g2hZtdY8YFMQBX7(}uF%H9=399uqE398p1s zlZw&;1Zw7ohsa1TF;!19YUW77( z#VLz|&Ov{|qnmvPoOkH$LVE6H#;1dX~zSr!$XHJu4v*e|MAc&piF@v#jTS@^g=R#yd+LU!Gj>pFbK6Hi|c| z+wXgO4-}|UGJSB0o>sWz^7@~M_Vh;T(D03-dse5R@-g{WpL+=gqlJG^j1zl93(8X- zr>*`a#^s_7c(iG~PffDZ{&j#}12|xoFHgY7?>5Sp(dteDlu>72kylG}Dda&lEmGx* z>31N-{I~k|7(JmONf%rBAIcjcKF>#Mx47a0Ir7jD;U%BbkZB^`4+kY8T=fYfdSku> zsSymwP}fd87I>Gf=GyLYKja=~Ov)U?>go7%H?Q zMo!Ybz|M|f=iNKk&XmZ9(ch=B)j5*P@45?k{MB&E2eDBnBa0k&j{|1680Q*19F!oE zcM{aKzeoE7Z?MuIAi9;fzVEe6iM4yp^!oqZ5oLrn^gsG*%&mmh+C(ljCGVv7E2}XJ zwTTQJmHye8``_c+2YymHwcP3p5?ByVe-$NR5^hmIHvL*rru<~?-n;CJp%B*8Ltv-f z!yk0^71yvDGgVbK=C8uqRPHFA=by=nY?k(Hch;7pwL5yYw$YHeI!i^o(}tAlxBStP zJ_R)erCmL=4@x9cui8kTJppd2{(JnxzP@K2k})rO_i~FnTk>2_NAj(|)HLXBWd;U+ zMWGqXW}+Y-&pv}>)=``gd0Rf})}$I9>VIY!{1YSPKWOr=gw%gmLJH<&E|cBmD~L0` zu7itVmdGAi8cw8^64FpiD4EPh=EFClw)@@8i*d^W*&BaNlCTEO z&bXlezop3B)2m+^1`gy5XbNtf7H`6fm>2b~%lVYPf52^Qw7?T{!J zlr10Gy>81@ai#IZZ)JO{q@|IiE>tY3mk3|QGD9wkE7Dh1bI=sexioTkR{Z7X6kw;e66@7-N7Sukqo;7 zdwa1?9>~lZ#>R_@6D59Rg3KH4s)QM<8M1;m;><;X7&V_c5IsoubDj8##>}&=?JBk{ z&gdyY*u6NTfRs2NzoWSex;5fXDA!SeV?tVd%fS91uw}LEUy{auNgDsBr196gbT<9FJbPQ zwcjR}UGHe|HahP3JyFS(uPiNc!2Wxcq-*>zZ>)Gl1Nwt-kUM&`4!&-h$+6&E&2@5{bC#i(u zD$Z@bG~FGtY1wHsQZn_6EA^2q1o)WK^|6AdLc0P6X7l8Iwx?s~w2kOb&H8@a)y{7! z@;72L+CDYZPJ||=^g9p2_jQq4m*or+t=_ntm`;b`GSw#9*)kAN#sv%DgJFh@v0o4I zf)j^!I1yNl7Ttnjt&myq_ip_ymRwq?o>qc{U)=q~q#o*H+Cl2Dx|iUMrt5R;*7jxo z^P9{fNYr$T$gHS(ucm!zi&5fY#1DgFQ2AHni}8w+RH@Cwwhhc+ozY(GneVB>P&kiX}K`b2F}tN9z7$*`rtS@u-MJ!pCO2p9 z1L{wMZnp0jnL5R97mTPch>R#aYjh5{@tadTy+H-)#;Bm*7AZ)%SyHXlZ453pBqGFs z0m@i4+#=POK^o;W8(&Dm_&3A3b4;H;XMS;s2d8+hlXXmgQi+n1&5ik` zh;teyp!kn>^LWwkZmqi598b;FRLJ^(MXgHFkZ5H?yn_kYr!dihFQ)bDiTfAckG1dK zkZ(z>wOlu#=ww@FN%R&2U3n8?SBIy4Ee0kECt=dyqL(J+3Yf2DdT3VzGl`7P_gd|T z-EtYFl60tFfASH>EvN=z&U}J-OeH&Qx(b^0<7|FXxlMN@1nnM^VB6%(vrT(eGA?B8 z^n5II{UTyDF6#UzRqTAieB1fGN;_lQ-3%aPxByU6>)Dp4A3|b`v8nQp*&@~W4}Ff3 z^%)xR!toSmqsAK7s(>*%La>dZ=nI#J@+q!MZFtO+P zy#uJj0jB0sRtING!FlJ@M952kbDf$NvHHA%BQp3@rC4ZO-8%DanwtSk3+J8qrqtk%y_*R zZ-%S!i>!2L^|O3sKXIAl`eoe|wOuY}NIlhmQQe{LsJV14-u(y@y73 z0dl=`sh6e|ag4f0w?sETPu*>IvaFRZ@>MTel&`o+GAL{Uz(fs7MzSCqhzI?>#bYpU z-RR_F(YxOezpbQF^H5(B8P?+T(uRBWaeC)kZP*>=Yw1LgZ^-; z0tsH3u7JS)@`bDlTeC^Yd!$?UI~S|S8!oZ1DbS%83cg!cYJt6^5W!m*6J5la*jp{x z2I5Y2a)bXKbLkfLDsP{cG{IZTZ`6n0UItZM2udkyN%AHk+&Y~RIsR=yf@8h=uF}Sb zNcKeCHVIYM2iM$Ee}8Q+sbhY5$o+%a7|YsI-E`RHhVp6;K)vgsNT#ksz;yC>R4-lu zN(jaQNGmT#G8)oi)vgXsb0?1I7FM?fEW;l(jm1U!d?=4r&9HMJ>K~KkiTiw_*~ElK z0d3V5SNTv*0b`TeitA6KtY%#Vi~!X}4YBfj)*n&??jx?#=v0c>=&*i-0iAHic1coO z`Dd;!_6n*a3ZJYe9Lz8JVQS@v&YW2;G7+v)GtAWI1;BYohMat{-q2?nqkso0zXr@b z^cxT)!SXD*(ETYDY*t}B7-@^NCHzwNq}I)pv~?rPk1c|9y%-|Bu)^3+Dx=QiNwl<} zqQgqGf~0?Oeh@GwOW^p4{zj-zDmivx;!$*ftD^peQW~%Hr_rrU!GeXd%$F-Zwc3Oy zf@NB1Pv%RL>>ifv>+CxKWBd{~v}(eHcl+w7?0s$(9Nu(^u?7mdO&L357~+_W1<1tw zo#;ccyV>|U4;Hxu^=-IdNZ&4x zIiN2a)T$@lC~j$!&dhAgda|8yEX=J;D8dpTF|0cvP$tuj6rN`GyF9Zd={FwkBfMT= zJPb+Qk)f-1-7j*Y$M;Ts(mlLD5&N3$jIBwbA4U13(PIQ0MlXG=f0H+q!CTHPDnU=O zhG(e}zLgtHNe%Tyq&mx!g5jnxl9xf`6 zJR+7$XoZL@J!lh?Q@Uy-nq|lRlYz125SqYO8|GZ~&w*DEv*SaVu@gWf%c8vJKL{_VYMFTAD{p7<1Ow0NwD zCqLf2t)`E0$bA(0Lx10QxP<2Xp9t~4rpcvl+EAObKTgVae^RwJ`7Z~60h zH=lYGu31zzwv>4&HWs@NTsjx)Kg;x@)5VkLiCZ_Kb863&gx?CT|buOP9E2pbmwXb`Q}_flHRhhVIiK5b!RoWVqKe-GRHb zLO-cKpFH(1j1^**@9$5HG6IO8b*;5>0Jjo5X~taM6BGb>{hL~{F?*eNFE+Tp#N43^ zGzghEm(SteaGD*9jiV%=RU>?WY{D|iC7f-L5BcJ@x}+i-6RfaHiJNvri2$7Q`Lc(AwT#C|cs~$ieAwqt0J~dMTrW7V>Ad~h_lkJdCPnP$ zEiSPV2jqt>*~+g32UPCtQjOFLKZ5CJfboclYeP8DFKVqb1G6!B9lTm;w$()MT080Q z-O*V66b~6zWeuXCQKe}PmnRy&yR9-aciZ_yU=?v{DW}mf=;|KN=G?dK{*!8gZipF< z&iyipPm&AB>hP9!KG0Vh%0{^X@0~e-bPc{|7Uph#o`>C34B7V#M4wJHNC7|t)^M)< za`X2wug0P{1qPpaLmdR7$MkxHuR7>0 zTHKMvD3=eEzhY0g%ZE1GKQ}w394+YRwhG%)jw73Q0k-ANcZA+-^pAT@tV%JB!56UN zK#FGizsIUQ@rduL-*Vznlr^qAf4#h;%zFRK%+=PsC^d!U7+;D+4vOM1$HR365m1FD z9_{dQgFKn=>I&v1{WnZ~)slcZq5V(uaX&o!9u&+@pLH}g^)GF9$oiF8;4utqHBxg# z0rX8?Ttj6ShqYtibnG3y@$zMXQGWOu7C@^<50JBywj+qgOYzuj+hbJ%ewpR)V2qx#Sjbc?r2bwYveo|@oj7C{;Y&Ez|h>)*K<9*F*Pr?s$%!_nN zMBf@)41dZp$kr^7>g`i^8$#l&mO6oo1q^5Z3ehz;U3 zUU1}xDa^BlyYakCa}tvZ#YqX{UOOp+BhqHY^(anW=RHGOwjFV$F&(CmWgYLMkL)|k zJL!$4tae)#oz2Hf7u2bTe62q|;B68ra3*W<-aHMb-M5eT{QIqiuTEiOgLnGQXhk+P z`TJJ0{_J5{!IpP<;)rJOjzIXvt55A~e;4xx=C_2e5m z{5FRjw@~QPHSlQQtx0eZkhNs(^SYc@zA#)%n6g-j$azSVvSaGxLn&NwzX(0ucvCuTO+R0eq(IOK(CT`8eUswxqskQmi$j%<-MT) z`+1cXO3|4P3c2v(rN5NFUkloTriqF3GB?tu2Ee~ah(Kn%nIZ44sEMLqYKJ)^^rPTT zZIAXH!};d=sO{Jj!iV5&?9^RZMWEG5w#|^sjRa%;i`^Kz@fGxuQEvWtNVG*4a;@f_ zTT^2GV(50c+n}h*sncS6P0u^wYI&x~x7mU2oxSPBj{Ha8+HlCG1aL0*T7R`)&eLi) zA=E5NMEE_Igx9F3fKb_D_zu`(m%r;>^}|HX=1eWv>%U##{>%TnAD3P&t%vB&-t{!s zwdUP^bs3?{_ul1qZF|R*BGm$(kxXMp<^;EJ+k8#Pvjru-?0}^lr#|MnYfre_Q~&Uh zE^8F|z^~^3*D&t)b*u~G-XSvI)A6Xz*!;LD(Mi+2?K~&UMJe}wa4m5I=5^rU!q39Nh!X`)=-K2fkkW!MxH0C$li+( z$k32nv81%P?iu5^`403C?(>8H?mjQ{f13OJfBD7!FKF;DB(qT86twA)Clg;&@2B4x zNLJT6BQjoGQx}i5?FoNy+s%%tra?xPk_DoLdB)jh)rFuC*KP4OUh|SW7rfqZOATQH z{vvAl*>R}m(e~q2^9}-M-6K>jx48-Zl|A()Bh`mNs!w}ZE(#GD#MaR13kTTCgg2`0~g0OCQ1 z_`5nw=GB9?xJ%CW@{eJ~7FC%I&w!!wup14V1592s{km!vlHwQ!s9I?gy)FSSWhZy| z+;G1bH4><+tinDc~r&HPY>SyhzZTC*3-%i%Iz8JFs|ZQ_W~g< z1RTURJu}VCMD4D$-rc*>pt~{s&%6h@I0&`m6x#4c1ui)^JsL{=SFn*C;oa4Yei%o| zIe6&Q?8xnDt(g?oRwxxoz=s}T zWR%XEfH}3x@l$}K04A|QyAtu*P1?p%)TmRjMzUaU;NXJV*-Fu=W%)ecn--k-xqeab8_+5K_(n*z6Wd0N z&RlP3io52LjZB7rHp zGj0d75;}b~?qpc!@cq2d8wFe)#lUB86tUSk7uUFQ&X-5d`9o7IG|zvrFZJ&x`{CT> z?2@99I5kSGIU*!ig$61c3F7Q0B zW0&mROI`AhiUS{o3|EAwpS?39PXWfqcE=Ej#)ND3casnX(BjF$C41>2JFkQL@I`Q- zLoP4UE7GoMHPSI+0&aEBwpQxyiCmN328hXDDF_j++%xe(EM|GArV+L>;w6q#wcyLD z3fcEmVOVNfO7~k$Elh>MQ`=J0QeV!nK`$vcf zD^?q_13zq@Yo5YAXIf#JTs6@+}>^#Lqae5_~Md&{JxDD7A z?R)*;l(MY*hy`7c?=UbhG!Yvtixk&IEt*seKFj5_K{cA!8HJ6gbEmb%6*k%@KjG<1 zxvW`}O{=vX{zAr{(F=dIz96$TvFNVZL`k~7uECgVkOP+ugu*q={ua8^iu!`VDAkMP<_ zXT zW8CKS`joe+I;(`}?JnowiyLk%b2n4XkvrI!pE73){_?}QTF<$=E91U9$#kGaFi_gK zYH~*I7rTGy7!*rQ9pvh^ddGsCPp9L%*CMlyh9$ztdA0 zJbG+Qi5LIdya|YBREU!6Y&j-zHe*maxKg%)xFFjLh2xS~bZygy;?kSY-8sD8A!NEK z9mZYTq^Q%&vu;XJ5JDOOr6vyHvFb|q7Nwsogu!9OC}Z`+1hW4YYY z;`6kIy^dX*3gIFL0uvEg;3%I?VNraBa7rV}&)vLYuZz}9&w!PGuD9zWo7+X@);NZN zj15)F8{x@j2>>#E&?^0QT{d$M%6BS*`bGydj}CkF+qn1&Lz|*bYB0&Fy()g>3jMyQ zmUP-?Da6Zce{@@wv!4{q(hccFmp}Vnc4e;>c%&)5hC|N&gxB}um8mH8E`~FO`lK(h zpEznY1RYcG`sSES?h)IK3udj&NB)#uNnn}u&Y3C&z>gqjE085);jjan7V8G(z9JZ# zOiN`X@dgn?k=Eh@u)VnIbX;M{ilHF3r7}i#tJd7}*WZ#Us`T9K5#;MZ^6OU;`*45e z9iXBL!uFFFIeq0wA`^|!`d(i}@$FvVA@6X1H6hq?>^4#ZZ!laamPSIW7ZgE^i}RCi zdDVIKdkQ#RHR5K4^kM}rYSH2u)tvKkw;7a6&8JS6v~jXV@cU8q^I3LC@47HQr$XLb z#W4KTchkm_Ca+~eaze^8k}-)^>wU8{ZhJ1S!13IYLJAiDi^0=)*WjVO@@B!R!qS5( z0Y0X+NJ8#B+&Y}^Nz{egt9_7X@Yy<+`}uZwfuZR})A|qU(o$%8 z^1t=Ve{`_gyqLDVk+C(cJ78p0pV=7Wu^;YZ<2+p>$C0V(w^;DR*Qn%CqT`5$&}!^c zM>?ZAO5g`VgDcV_dKYskJW>JBgJ{`4`v|5Lod%3(AWE*TcrQSnXYy|QB$wK?mdTX+ zPueXx(ni*v@ODu+(UR=(A`!J3hFz4MJ4Ji{+NQcpXQ3iJR=dUSiFI8aSVhpfHVe2- zrUHp-BHTeD(@^G(ZAb%q>l&|0Q8&53rHsJA=>3})ocXICNpq&$)Z}32uf|-`{QO@V z#T!j=3qQWG^bjgGOB3e(9ZOFd+zxCzApUB+h#Iz`Cf`DV5pihbJ90>{v%1@dpK%1X z3uZZ3j>(pt=e-=^ru?%n^7`ru#WbKOOT=jVMD z{H`HXQ1ChRw%W=@-fB`H4pC@&`3_irV?WHhahePee2cysco z&-RAwSMhozBl`i1bG&2a^2oJ47Soo=`OJ zZL2kR_YZ>V_)-31pKHNM6*dX9Vh!^QbVLe!uSj9iT~?lsH!u-ZIlSE~ytUolmLm5M z?aRQi>!MB5bw5sEK~BL{MHcBmpfI3Mz|J+~f;*r7?4%bCD{QKk*63Eo7aLLH=`H?V zn`7BzKY7Tf+-k|3a7ennChV0O0UwnVAuE0>kX9&60xd_@a|Pk(hhszqqcw~B{8NTi zGNtz%K*~LBd=t2Wn<{&~kImrz`b#t~jC&tMb454n|E-xL{EAN^ku8fgQU0sLwL#cE z31r%Ho;r&YpH;1VQ;19pbWGb-n5qk#?w(4;M3&e`))tTwu0RjQSvEo{)B5fme%vte8cH*w8En`KCE}%eC0MG!7^uhY# zYP5hr6R}~@m%`%OjLKR&GO=1`5p?)>NC{H-6}FRCOW`82(#;cMGS&WS>y0a8a+5KX zMbrkx@8$BU=0y3Jd3d0O?NA%>i7EvlLXo>M*ACggC=?%5D0I3d8iauVF%NEzWI*BFQt>vJVYShU#4YM73pc z>g?aTYumac{QLv=b6w(gnU`&k7k{bA z!R>Hnbf#zM{yil5ZD?|w4%>*%&*drh`R7E39zoA(D?%5; zV_mlXwK&W9_Shhre_fdMDY}XAyfJiEhInomur;6kwZ++!inDdLMeAYoKJ6zeCc@_F z_$MmijaP~l7KhptChQbeIVs|M21<+!Un}I|k>TFtxel2?FvHb5#`0>Nh_V$}uBJn-;)!Z%3gj`is0s{bNo9-*sbzS??A;Hxiy2 zagts&yq0TzyCwt5R=~0>9s~x?)7HF#dWHLiIpO^MIVzQ z7WismYFcdDcN3Q1U+Dno(G4@=c(o|5{vBl*tHZt&LUY18PX+)DjHXbo_}I_t-BEjS z+4^F|EPqc!n6;QCUHoj9-0gxa9<<$zejw*LMnP`7R621+;X8=4XM?ZSM60`SNJJ43 zs|*xZUhvWbGI*UPspv25W)`MKrBvFM+w)9B27O!+JyAUrZZoZL_93%RoXocZRWOqL zMisonUb{7PefFZB0E5jPoER>p*Kf7Zl~9-3NSW0*y{^J}1ZUXtj4D6sEw6wdv9_~gxYKLNI!=6n!QKKN#E!tT z&eBUv1;+GInOZ%b781Mmq)Ij41O3MPqIfCdUEUSH)yb&N4(2DLMx0sNUk`VQJ~q?o zR1kI>xKw?_-?d{nFq0>5*6Vs=90lwH6z4ikk`U{&vhx#dIc;tvLA-5bQuXOj-MKhBt*R_G0w9&oDI@2LC7PLf^A%^|Q_ zjZzs-v~npDP@&d8+^Ab8QHWdJk&HK!yqC1rpCBCe1_tJgo|M2|^42ol)M{b0^8!^L z>@e+7yqP{-5+bSAKv9~w6PF#YogK}DvFpA~f_kQe-dTF(bNc@La* zQE-k`PSAw`<_MgHX^!?O>U1$?Y*N`jdSnOfnshcBctfi}wa7FlM~tpp(_GW$Vns)v z8PYB@CS6>)4=5Tvyky5^C!2M!oQ8q`@+hoA1WCtM`o1wynlL>xMO0x4nklbjY*FRn zRJc3Wj_U_9Ogr!#%h7S-u!Wdn`b6c?8w9R6y|b2`+zVdI>VUiFC}KR);#$`IRU?Q`%OXd38nN9gyD~< z%x}zfdF!qy)iL$ulajmvel?s#cbSrVWy{)d;pljnI#)DO0&{8ivMUs&YA>W}H7%^t z%L5lCwiQQ2gO9*qu^l2wV0yL|Px@pUnUn?G^V10nCg=)5y2^o5S&sPZhggU7E^LxxHZ;D(3`48kC3JMl zQ9o7{3ukgtRKi25-a|C9o)n2OX=U7m+1@F?ZCObtsj#%ZR%f>}VwtzJ3M2KYankDu z_#qj!=9PUNQeSsDmQpJpvUl*AtTgS}cth{`hu>9^*ytF5H7bMC{qtCZi(}FgF)zE* zGVV2b?o}+DZ#KV06#earxoi*On_DwutjzUBVtuzX5_7ac+#gonIBU9RtQ$N?zOd;i zzHhIITymxGq)h=|=5h3JV6h6mb%{Rt4}a^%|KMQPdr{YYq+XnVf0{(NYp%7Sb=Phx z#z_X&o3b`8n`^7}gA>r!SE(~4>R>xcrd|<^>*5*V6{jN_T|t2_4An))lvEl2$f!*q z6ph^izTFfiXz9Cpny=g1I@Nk*a2jXZ>4*sCJ&UeUidJ_{9(tz3!G1~g+6@h`b(Lez zH41O#L@9exsY$<{a9W?<%Z98#S1;|cDANwD&^#K&7L{1h%@`(1pw7hbT4c2mh5W3~ z8wg2}2pqnZYsY;i1CKamwAsE4u14EHK%Eku!q=!RB;-Ld{eUVRw{gFa#nIbzs*J*d zT08s6vPPDd*az0P&YHDgo(q+qCN2++#vsu?7sk)|9QYAp(&ChA6_80!ke^n9~OZXi{#2r^vKUrUySBT z0CR=0Uuu)Jr1dnbvKO^$uD6SHv)$1993%HRSWdZ9AEz}>tJTq`Mfs=v63reUv~tsZRYqua1tL4m7_Gzt9UBr;V-Jk1tt|lRJqIHF!AL7wJqVM zT%TUXYa$*CWPoR%^TMonZ2Y>r4PGf1V1Tu20`MnoM)wvgrnz$4z_WcCKfX8rHl?QP zLG<0*1s`>4ToM7-9goQK7HZRidyr{$LM)#HK2uUuA2;DXJ1LR|cRV`>iK~7NsO-Q2 z#QiVUWebL)ViG)PG?h8I`A#h$ulC-4(=yt zDeBg=va9X3aLQ77)(H=`YQ!Dt?iU~}gjPOLW#av=bDWtuf1oyz1J0i-lf&NKgSvb&!2#qea<811Cn&Z^VX&OSCM(Ltoi#HY}N+s>+` zYPLk9E*>G5fcQ<5lnp#DSo~7ormMcSy+$v9p=M0D$SI;xbwn?@&OlfgA_{DBiiYT$!6gjx zz_ySC(!6nZnIoO!;WK~Z9`ziN6|}qXNyB3mGmjirmp5S%YKs!PIzu283q0bTcJy}2 zv|PWrWL~6Sz4IAQcAeHRw2{$k%{;nlKULjz3=!*NY zgi!y+*4&2Jd2EjX5`2&2j3GrcE=DK^;Y^sVp)?udYf! z5MvNyO&BY~F{Bh2pZc2s+6*%9l@%x$bc0M(ji6x(CGF9ileg{g^v6#VFmb4G7N|7Mf34Bx%KGK7ftQRY)Vmdw>E+mU`Q*A7AKzP$T(PQbR3SSppu`Ba{ zRV_udXWgtM1CZIx*+Ov-f;#8qUbEQ>ij$E-Tg`~-dWHei#A#h{f2#(hkT5W<14XAQ zSZ%W^^qM+v`dQ3^-EApTwz0+14c}wXUG+u&jmUBwPpwl(016ihDi$pi)(B#N4kfF_ zO>yC>y?G0AcpWh^y_ic_G0RJ?ldP7VkX$qqWlefUkQKVMToK4b2M2-{hReC7w=C2(QjeG-d~x z?s?T&BU%D}88crG9Wk@@8#K4lY%xHNo<2uOwpNqor5&NE0v@aoXjV>PNx$*PSOEI; z8DD<}O^QuHg6Lz%g)mElIggV-srb^V4`hu_hJ8LGr%D_EbiawDPWDR z6vz*|5jVLp^L=c>0darmR*H+sc?U<9IpgbdBA3*ZPeX(4vhsU}SI1OB3OkJwGkKEj z&dW%j<9XF>b)}0`jI1e;D6Ut8_*cWYzL)TI8-7D1qiHUdZXk-TLuaE_ej*oH2h~Yc0rjP69PEJ>7e3F&v#@OIgcyn1G?*3OT*_!(nNj2sula@Pv zt(hBYR(bGMgiK^k5m~*(O0hl(6FyK$VLn@L912!7|7c5LLW4rGf`G>D*+L_hQ&%TL z!MmH@0jnjIcA87FVOqW5oZZsZ!wS#qK@`g4T${ne2VIr$C7Si>Q*wI*R!5e#{#YAB z9lAB=C6(<#Y@dEtB8Poe@!+?be?GXlU|GvY`$FRb>rxt7v^7fLiWi#fOMs$SxvBwLT3TWGbYK5;0|JXv zKQeb}yx%x&AxRufI{Y zsl9RMo!4r-NL10io!-ITW$kLQSehH8IH&ruV@nIUU*!gHv#u+SMAy zBHZk^+>|XbH2Qi5VjZ&xBd_;w{j_o>$FsqmyrwKkOt}*&S$X^rzezmL( zqk~db!mSF{j$nxN~cEQVCf1+ob@B4d?P7R*ihSpXe!c=f9k=1Ct;{sMb2?x zdpM#IqoaSE)plb)vyfxu{ER;1hi8Dcr~)Bnj81X_vrA1y zwYqE87eqpfVzOC=Z_T5o+Lc@x6?~z*_}DO5rCA8Qe_?(9i&TNdSsB6m6*Es+k(QAz zO>MLutivVltoly(AKz~%eh=G7M{JZ_YBhjEDJ^)*-k(Du^4p@HHQR^rbeqzyQb88bEh|&ewxj zc_?=*8X@JrQ$%Mm%!B^(vne#$&`FTt@F=7_mWo1ku! zpnjLXTAibM%QivXHjI;kkA2nsn7RAmjDCl*vKq%@evlbZt8b?dljP2S_cA+{WY)b< zlo_W#M@++9>Qv0$P*q`hVr`ZotY2>Xs-y8NiwzNxtR|)q+>>FeUzKv>V|)791k1ZV z1Y=)7*&UPxjUgr4Zrac9?`Z8!WEvheRFGFB`i|*8*H;PdB|p z?nao-zDU(DRC_tFs=zbAT;|j~APW9T7BE;_BFD%3J}z8_b>|xlcjhtOzth$K-q*A@ z2<=0xJ8Im#<{wER&CDt{!M{Zj7s^HoW6LqO-&aCA=>vz5lC23J}@Xac)gP0!!m*5B2+oh3iywd(4`ua+`v%K9nV&P!<-);glq~ zclCMiO?hv%Ks*YqsYHf;%iE)zxG|KH#7@VptKJB&53`B33zJIY46~E7oFlJCW=_ss zNbU%UY23i)F8XE^+MP#bBTsEh4R#GSOb=d#EOeL^MzZ&f_hTjR!MN;YLl*TX154W3 zCOnxA7M)BY&}CU&_>OzB_Z>`d(byE6!k$$YgC0*-OMS#w1Cz_Jjhs^BV3$ zmu5By>Xrz}&b&4O$u7e`{L-b@-Npl_Grdf37ZW?VqAA*g70F?VC3KT@Ap~FIb4QFw zVwZA$v>)ZRkXM#~h2{&cIwOzX2^>zjj@8_bSsL|MH0oXy0Qi_hHI_|hrePLISWF!S zm6b0GeAsiqO`; zhFpTUX@vtq1?Zv+0ODTJ4U20jH3;#~>y>zxx#}n7i^Sr&N(A1+ikq94DZx$A%WqR$ zt6q((`brOm4XLGq9S8Le`q)4x+nOw{CWl2n1MFZn^3~-zv0ZDXj(|YL@X*G`a&o zZ_zhPHZ2=#4ZYub1-(iOE}t^7Eh1_ z4A;6U^e5)quG@;0)xllyHFlA%#&vG5@wo(~kBXSCidct=*f0%1n1+Uin!D!sRVZ-4 zY-C@PTqBcWwFnXR-dvy%irZ=UM6j} zpYjYN=FZhNRR`FG*g}66Nioqnk8JG|uQb2}-Whnbp&3`Jo0GjFdThCRDK5fpVC%PW z{TCPUucr8C=OU(ZRQo*3#z&jR_YG%fZk}^!`T;#x+tcI%rx#2_N4$pRKFm#N*3+Wh zd-vHyJjSG?mse$u$+fOgb2FvJh~x{2-jm5boUVGgqvMETy(~_~9#M5t&sZr>=Nj!yo@^~cj6PAJlGjE;0}EKlN=K7Mkd0k5$yoD)rKmm z*SggC+ba3gNG^CDx{&+rjEv5$fZ#G+dc%=*;|lOfYfMDMnie6_G5e?v$O83{7*joN za<Q*Kb8UTjx< zuK7uGbEcyyg32KKm{mf=VvOe9@D_nUzkJ`_mNw=y$4$*})QDRd1=59&(D`6YY}gI% zA{Ky%sw96j`&N{B<~B=+dwIB`@#N6mO<%TBp<7COtcVS{F|WoI;L!lm8(VAxK~-v> z#n(h@*&e?pWiJaI&SAW%#hpYSLjL*end)XnALy|2r(vcgdQ2)A>IGc;X zYNgJBLPYjb>RZ-(Ts0e7V_ua*+0v5!gd@RC=V8|F>&I~hqk9(pYLv)S^fJJHDy?GC zqCmmRZ4yUPrwhK8bA2IUqrp9}4dAgJk!$0m^|L{&@n6j7u1-ux9d)m^ccz|Q zE;~sSpDLx;13(~${A+s%AJZC{Ff^B{i%Z}+m&?4e2Q(W=RAsg60XjAcOVXY0|Nn;U6(0=6bu2{f>EL+a7H?R8X{2sPU z|4>0FwVKux7xxn|-D_={N1{xs>>?Wdb-Ra^eK#lerfSAxjeI*3f5bkS*|a)FDLdNM z1vYP(jk-s+1vAg86s3XqbhL^91{Lsa^`+=ZQ;ul5EH{^}r7jkz_H6&IJv;*Glu=i5 zw%?n}-9KDspun%}XC?`nJ6K%t=`%!`d!2?HU`2)J$ILq!LodJ!W%^P+5-wPoYS-|d zb+-3NMj3WjQ<&(*;(ydL(_{qjj-)$XX>><(ib?dA*0J#Le+XOI_9VKR&CD*v`YLB2R5#ba(G6&;mk%6oEF4)GxB(O4AKbkd zagUUjWdEus@tL}Pid^@*Tr$%iP5wn@@E}YKHPYQzCm$~`c0kH=8RES;|23b0o!!oQ zr71u2(5(i1l{Yt=I8rSK>HT$v4o5W*%!*c@Zd`C>1MfN$e^*Z&J>Ok2r>G}BtzSmc}wxI5&5MbS-kM)aJ zA<@gmp?Tzb(K51-Kf?67F~7m|h81%wcdt3)s;6J=et;y*ljt1mkG0NI1D~_c8P%Nr zRw|<}CF+@^=wYkxF3qFQ%(S5vogefq@ubV@h1Y2gx?87SknKu5{OVS=@QY? z9eD}TFz;Q|Cn~f68u~@;GxK&azfV+)wbiCc{c^F=9TFHh1^d}vPaI=o@dEVgRlr-l z^c|F1-+s|IKD*WBxW1yPo@(A*h*n@Mep5?hWiiFIsWEA|<3v*O@curV_-N`F&q?&8 zcU(dNp$Hpib$&%&4eMJ--y1T&JaMubYy+W_WpE7F9YvQ5!($E1#J!|cOx8ahC{)&- z^iO#Lq^hl&17mrV!Gx&NRe7SZ2Ubd?KHZ@JQ5Qs=;JIEI@g9-J>H=ZVW6fKLh*g;k zRvVz5Y`NGY@E(vCL7Mq$A^O^1pZ~TUiq>g9XC%K~G~j#RkSy>fEWk`zCN9COIv*Dm z2r~(gkD|!D4g^}FI>eu87y^AIP)T#?d^hQ4F5!r{95qB_;Pp)bRAcjXM$IwT zn)mNcX~EgqIA3@LqFz4y)z=bF_jWDA7Td$En2z&hC6|lvyy65(-hC-FpOAt`b-yx-dx6Y*a@*fX`tfkHP!z*;^81aQv9|@e zSU;egM|E&=6i+5j(*t+EHeiq5>d5 z$`}7{C9kfyrA(iNAzG~a5b;|nqP?m8(C|$S&O}q|q=nl2V*OS63FiILjg_ah6|ynS zM!C~ZdK6h?ytj^qx|lzRjQ)Ln@_%yHKR>@DRnA6+b&PxXB_zs|6c-@l&O!SKJM8#D z@Zu%z>$f@vjmvfXa=nyZvf5OINmqTDw1;#&=@z;UPQ_b*zijAP@f#+;F=yTtu5Q`+ z>bAV#M99v!?OApbpy`L!+y#?5(~knY`?`8hy06;&@yaivv!Jeu;BRIJMDOrzekYtb zL@L_+u337?+BSIMf=HlQ?b!lDxLlu0W%Ku4I-2#_&Cj=pX)(#+zZ8Z#{rL|0Yi9O` znHjVAd$&olEz3UA_i6E%c&i>j46ZNxJhit*t(YUBr%_#Uq&M=qkt{&+Qg{B_XX-hZ z7s5VJs34_x@MZnlXVMv&y(Bw_Y*90MfVdhLbF!YWaE~Z+VqbmJ{YI@puX}LrEH2@Q z?Shf>6ak6AthfGY;xEbHpD4;o7PSP1w+RLMN!E%e#@7*fcH%T|rOWFW%J#w9PTnc_ zx$6Y&Q-_)F5&u#7un5O&?Mu9{?v<0v_o{iHz%>dYU6gU^`b%Le#ju2@mSU0Wl z8VZ*(UFPa^WUgcBvjMCqa}_CSI@7|z#yW+60)0q#q)k%zif3M_q9PM(9k?ofnTYUb zo!dHDz7@WsptB2cK$nI(Ed_6T5BA0nUr4X^s}${$9gbykR)ZvpywoVrsAHO<_i+&O z%^WJGcaEQ81404%M%)4-kWPfA6%{kE7r_16ps5Wyjqo^Ph~LUiupajTb32J$umjk+`@|{T#Ovck!h2u)g^e ztk!5hjsB=~@u*fegiKvGa8XgHIOtZTR)FHPP-h)+zE>WjaG>}lqarppirf%f5g>gO ztn{%i(E9!Pc8EZwBCGBntI?Jh9-$uxw-@Y0dYYTV9btuBV5hW&SZzN+3ZENRk;mL$7|>AVmSKNo&Yqg) zg?Fe7?C&GLkmhUYs1~6YzansEH-YG6DP4falt>1no-{g^uRcL|4KhVub=I1$Q{MrY zmt~Y{a?mA<7p2hP#XdxT(c^UcOk#azxN;gZ1M{<^D66RGY4vFhi++xa?$Bl)@6ge$ z+rZZaW~Pq}n@P>T)TL$IKQi-Nu^P57S-S{MG_(kyF4?UKgb<5^?vaZ;AWG~6<)cxM1x2N|L_x<+gl{haR1-v8&e% z+8~&zN(ZQ~?*fl@@>!L&FQ?OO8ZHvk%QEazpXUe1M_<3%zwLg(tJBD32_o$;UOdgqkf7Llm-v7M=5EaB@YKU;YzSdqnqKaCg^ z5-3{AHr>x0jXTH&PsZ|u%S*~$7qBBhtM-G7rv2ul>~E<^%3jMiA(29r_R!3FFH-p0 zi-$5RMQipI`8FY*>iLmJp6~N+oyb~zI1>iE95k0#%~qnU6LXHO(pi$vYTo)tx*xL@ z-eF0G*#B+WZDvnVOG1|0Wu4{PvBk{i=Q@rT;>kqjC%N5Y|o_Z#h-u4vI;NzSKZjKp0j!Rxsa9D_xX4bQy z>>0cEC03mx9FHodyasi2-+K``cBJde4^*|$JA|Soq-Q)pUX|W=K8`)pEu1XaIgv8~ z2}OzAFG`CtGd;hT?+_=#5_PCuS_Ul_DMu45O)E>r^{*x1YpOyoU(Z_#9OljPqxX(` zL!?Q3i%y@&8}WU!rX7%RHwGk|qOBb&315}pH1_(4o^UUKx=p)bUv5iD8842+m4MF= zn{MIyMtI-;{;>G_j{fg+>%XJsm7TahCb?&K_F(V$;+tRCN~qOZlqEI#8-iN5XEKMs z=Q{rT>i>Uo*8hT~(f?bs|C;^(VfO#Cp{SWye0?^Y?~Lgd>&PP;$PD2#4{H_UcS6%A zRpm`iK%$#bS+OAcMzoX_O440msKOPCcp-c7*0`iC{wZ?f_yup>qfGitrQ7Cv63!L< z;W}_2C^@iPx9P!ife{!j&!w&#DKybC19$eWSp-Uf${b{_Mb^l)*kKzGZd@?ClEO3i z(miLGV>C~peTsE@1(uL8ZNXl#xN8K@jYiRHi(;g#0lFg;imX6Rh~h~$%EUk|%(Q3O z1Dtu_Id2i*%`zsiP8!}t`=M}ZnUzCX1Lwp|16=$pgGeAVbxj=8Nqg!>qr1IAz{Xfp z@owF*9-e|bJzJfqmb{HudscCBxG=$Mx<6=}Q0c2nblxk2 zY?{m{BJU`=t>WsLI+&_zD_zpwRH;0ksc}`6c%^H#(P(H~qG2X+U$$(#cESX_q~5&i zkz&RpOD%_&WBq7PPxg*zl4vYn9xHP+a#;ZRElgDjs|ZsV={qHz;9xuHT-$9#c%T^b zQbbzsVh!C`2r@vA5rmOKo2Q0n=&r1(|6OYI!_9L0uK(ikO3klr#9cq@7Wm=8*kZl; zms!Jz-OFLk#h%#3SMlAP~^cMLoua2mGY4o2T z8(%HC`M2`$l@J|M21E{$hS2G(cGy-r?{^b?{Op(OAKw9I-y;TGW?beUKe~ z{p~!=bgxh8wGm6Rf=yIK8+XB4hh;J3CP+Y%DUe!zzEK|W_7Yuz{ zFtX3OTc07W8*YSE=?mNtHu(KZ6Gq=OF*733We#KSs9ACRxPNR;`rd)Oe@9>aK~m!x zXz13u*FJqz72cr_<1TVDuP+X`_rkuzVloJXey9dlqg;|MJPxWqEc!Y1sD|amUx|Mz z8&u*AyJ(hr<7DB-l-_$O>mE6poYL?9ji5iJtF1dsB(1AQC#C72%O+3YaIm*0E^Pme} z#@XG&0dC&No7;c6H3zpuCYF$A=oT{Wc8&1U@V*kcUEHefCo z5@>G;RPd+y500!7Q zjID1sAH5S81-z4A8o4CZUyuFLF{4N%qO)$y%c>Vpu`O*2CHD-1~JT|e-t%eYAuaAX-Nai)d}&1;=SyJTR)g{}ZUQAO>@e^W4E zW9}o>5W_o{BR~7T?h#bwN8CunfQYx|Z6H9L17?U3dmGJ8CHvhkHM#0(l0NAlWY#q4 ziG|1*8G4GpdNowA!hCdd_7-!6Nc+KY4f&#*ZuNNPaf^u z-6u)!<9`j(|Fv;{`V{Vbp#kpor-ROs)K7ntY(-pCLeA@B3_mD zmq#aHT2TWr#SKeEGj0t%`chrK{+F6RZcX$zd4_FYjs5;lh5nxSXAkuFy(Ry~(U%Y8 zDuo>D_x9iYEsMF$tBLzF z$D>=IE>^dm6e>Fv-78bZm#JdVUVHY~{G-hzaXXt5@*o*on&y{XLcwO$1{1NB*}vf} z?M+Sw(*BEB4Js-{_Wro$*9OuPDh&U)*#DpH^LJ76n$Rm`J}s4doULKCQ}onZY^dH^ z#|ep!w5ZUMD`V%5opP#6gY9FHQ>5XCZv2u zKymg~u*{}|eJi_vKX8#R`$+{tUQMR>bb4ndf|hvrXiD(h;S<$W%n3VmPrG!(1?^qg z>m^n`)3jTGd~t;a-gE;{BxuS=#m#n7e8Lo)zubWQG-?Fo26V0eH1&e|7t$VPs z^09_qddQ}I&uE)n1^K4DjSguGt2=?*#dm-T*8XwR!{O~ZmqQKrLc=EZFfFcY=ktBw z-sZx|`x|M~iZ6w6xRmPpH(sQuSpG<5+*&=U^4UsxiO&_~$a_hfaN&gF(y(Xoz=f0t zA5|SxUE_ZUN$k>QSewYqyrVW+Z4{#?Y~D%HGSbJHnKmaKWpKj+;dYY#CcWdOqNy0u z+)j!{K!+s_e$l!a?;Z)WV1IGcI|iLo_;NFp_Xentd|Ldt7bT-?omhafv^ zZ|&mh-~D-1|8v8nsi@zH%@4$(1iaKl=N?R6dRH%vbI=h|V8%8NyylICS4l}Y_0)?h z*`U;PH)Yy-V%0dbcK4YBi+Al~dn8;|k?ze>h3x6@rNRm~|65IW{B}9k<0*SohLq_) zb3%7+D??^`*{E=wv;qbPnV#^(X$#9u^+mc_j(IwZu0LJp@iX*gae+9-Nt~*xe4hJ@ z|6%SAp^>+jmkcs!^OFmhH7oVKsy<-sx+*myrD z{VH#eYQ~_%M@ow{XK_Pxq>y`=O@TW;bPBp`<7eNILheo$RdWB5dwpz<<*&^Dj~e0Z z1*2MR-U(Yi-$d0KAA?z`aFa^aPQ@y6NHgR^6eU;q-q`YlGVR=Kl_2jty8tDgsdR@3rAdLKd(;7 z^~_0wJtLlg{z|??x6vCPm7Zr!cmA|gC_(g$c$hX0^e@J{UwZt+Lyx%s^vFF;+A6k) zofTe0p{2`>#lFFF+lNy|ReKi9V@-IqlGPA>kvG!hZjB8pecm@*;K4_DvHL=zjZAE4 zN4TMvvTuf-Fz)ldFCqQ9wwwP&S>qewx?eUYKk94 zyjd`IH2Qzod&{sk+IC%-J{8(hsNh!G;!bg|0!0!$5UizmfZ#3_C@o$jxI+jeBxnc_ zq|icf3&BF5xCV+BD0K6@>;2YVYwvY@Ywtgw9DC(YW^&A2bI*0%lesTD&#BYtspC~* zpXVPcbz6>yjklcR!2LtJS17aEe&0p}u#+PM!|D7E{x79)<VOR#G#dkz-Z-2~>DLL5L-QsZRc3=M_ZdO=|zf2G~ z)e$gkJJh|~o%k+!S{Em9hkeMPeveQZ?Md#)Aa)or`*Ez2Iu#1dSTWs&cn2NylVG$TPLpibQ24bap$?BCpAKh)HQhDd908dCn3!^8C+Hon4#w(k^nL`4Dae?%Z!zA z&F~>M%;+?rMr7<0ta^^Dr~N&AMjV+=Wk(Cz*)W2 zO>K?)v~aOfAsXnXR%EH;KS?1N758?XTFx6=i>#;(d)40P_Wb0h1sx~&E(7%KU1$p} z_#>-o1v4)JUfa?aKS)+*-3EdRc9j+|<+OXE^Tp?PpCK&s$}MyZ4LD&9WAOc}6}zjPKfBI6ZH?CKAfl!FJHYboZB$yNzr|S5JP>sjU?ZF z^)A!{fv*wtH@=zXa{dT5kNa87jhz6SwlIKGmQ*W56$7`ju{eq_FnKikDZKL-NjWtu zC^QRF;MFI5r@O0Y7>-;kDcc>8@V)oI#^($V(2c456sCYPG7JG?h9BrL@J{J8;=p_GFEsa1SV3@|wtGtf+oNoRP7d z=fI_c&)P4pM$D1BGP_;H^kB1%1#=^mb4nB)m<}v-CQ>Ew2yfhJJf-11w8>^!SS&Zb z+rZ2vDp$FHtN5=vK%Zf8J}Uy&tJKc5fm!uz`hz>4|8?4jetvY|DCLHX~! z*0{8Xy(=mSVH0chk!&AScRh5yuC@=0ul$P3_Go_U`*Xg?eL}uR@+H~!s{H0N%!100 z`PAND%hD|wzJB)#>Zje6*19UoOm`b$&$nNBhu2{!H9_%6Ev-v=TxBB~T51wJ)7F2Yyh7L|jWslaXVCkfhg9KF#SqCMA%*2TiFvUmJhU zt(Odn9=oE|qGaQWc4@<0DvAeJ1$p{1wNwfr6%HacUoD~Bv6gBk*=qbZs^6YJ)$)CP zT)VDY7k3V)1D1Ea->ocBQL!Y?yuobL`0kTAAOyml*AsoJH;yCv#}?7{iQaCB3c`&jZZuvwfgAf*5k27F=Xf zb!O_9!(r*ecDV(BEvZx=8p*M)a7|&Deh% zsk49k^_%T_K0)4b^GSKN0A4n`*#m(vkY}!Ek_*%qQm}l?y{xg`t=?MDN`?5tyIHF>yxB7*Zm4lf@k2)P&CW4 zT%m_YGev^cbK=pJBklQ2!Q%%E_1kNz$$+weit~g|dCvQf-G93XBIj;i6TVtJt%}qS zyNh3?cFt+53@VS_&9fnLkA>W$c#WIjzS|uQ-aaz=hY$H%P08CA`1T(@!#|wD!Yc1e zp~n9>b(@aNnUu%9Q?ftvLh0ov-<6H*3tX`CG}DvG-_LLwwkubEBhUTPe>jgy{Esyj z_1Bv}`?lPo3{5Eh^++h*axV<~>mxL->z`NSEdTaj7yI8*W9Z(Ez@l?Iabkk5AFOP& zyy|gKHL}@i{#<@;*Q6kH^m<6=?5TsbEw7x)WzM{4P7#d!j$VIW;BI+QyO)tC)hQ*Z42+tG8=-wJXH*6;cF zpnsw(Uf4g{GVAW^pz{{fCJI7C|J?l}T1gQ-HP6X`tiJM*n~W4&{9iKYKH`o-9%rF< zoSvokrdIn{?UpG#c(~{Ruv9;lJ|d@92SY0sKDiSm$=YI_UU@HX&1F~7f2rFm(ck`74(57=rZxsL%YHT$Ywhe9k5X{FlE%d#nW6VK&|pj z*2i&d?S)m13C>P&wMf>n|3^_iFo4@U6c5feLm9IcB!8;6di=$BwGNT|P~~=T!qb`A z>caCi`t*e5nZNMOBBMQH{$ zAN858ajPtgjbcvDN%T5xmwrzZW zhA_fC1lb~m0bU+Mo1;vSqrb*q9dFv{6zV2cVl1i$!=g9=$G0)Kk_H#@H=75$1z-5~ zt_U4gIR+VLY<%^fxw|TEsUY{nFFQBMI$)}vo_VxN$2i(|ajxv|w;Hxxz4!)a zY}sT$O94P@H)G?D04|PZOE~Y2p#soETS1F{fTf40+E*aF-LG|ZOvXtmaiApTLP>}Q z`54zLdoz|l^z`XV7)@2F&jQ`4(zk8cy4xY-yzWn2DL?c$rKzL)(?>Or8 z7QW8s*_zLqYi5Gvag7=8IJPvv zSkPe1a{Sj$l2^fIyZur(ZX}FUynx}^%vJ-)38-BH+2f0zl_5z)BzEhEo@t8 z2qRV)f9YoftG1lvH%98xE>X2Wb~gOc=SpjR;}JgSgodoPJw)T35Grrlsra)}n1}CK zw)T>Wz6Ghwufz->l5I1wZsB{H^qEs%Fa_}X2rnWlCd90+)S1%6$|K6KWh`KH$Y=(z zisXg>&e=P)5;+tyF+UY)U`=TS2lVNgf^MxYJ7QhLxo4m9rfjT_#9NSwZQ>)Gx0G)R|%xev|8Wre;2T_IdQ$ zVdLPtUrHvnCrWzDXRd+ib(7#Zp)Q(6%Pc!R1RE!hm@1iMW}nJcZ$JFdL0(J#UWEgz z_lQ>8JYT*Eu-YgkkNLR`ZQx5+#5V9XD@96}P5h@7O#I5URDJ_ZeoOGYzXcujYf^Q_ zCDs5{#X{o24taa>aAd!yv`HPb=k_VfHe*S#RaXjR@FuL3&P(RR3@4$6=X>bo(G_28 z_qbh_=sIc8ku83uc!=4P_rc(7Cq3d~KOWYVPXXB|T6&o=k2ZKhbqVJ@b%VLb+r9TnTKgJ z$Nqz=s4~j#Tbi}n-CR02$11u|Jfp$?0}OWJDZ4EH38IEO+ulA#O37D|t; zx(l+47nF%YO380k2Mb5Sun)6k>~Cj0&(hYag|a!T)ww%KuJ#B;QD4JLg@T&*^2-~n zREmVmO z_XLI3DygxO#1Perp=HBe%ERj33mJNGzM^ASPSD%(+PZ8{$UX^@t}uty7JzAJbXly! zw1QBjtyKWM-abi8gIP(aHUuRO>LU2*RSh{N1u`&{tCr-g6;Z(B?NO1J7I8sy zH|YbzOd5`6Oc@((o@Zobt#p8kfPLvTvg&sVrI742s?+5a{iSqlMV{%FoW75kaz*zn2a}Hwfwdl3!2kz_IcNLoVA9Ct z4ekB+SaUO!uU^G2ii?XRx<1;ce?3+qI?xy*I$7t&sL0vv0l1X_jH~Hu+*X-PKLG?T z5PO6+tHmej@+*r)NBX65Kb1U34;}$Rd~b-CDOg2>tep?4Dugf&KDJkSk&MH_taPLS(Gdhzo8% z2%uFs`MM%uUvad7(!e&6Bs5k^??H?7Q4^9@@{scs=YBru!5#7WM$YO>Z_Meb$eOb* zvyWTwBB?Z6*8E6yro@57E(j`LBhPru%jz;9P0*9v$_+CzhHG9H3HoNvAM#C$j7+P{ zXdZfIhMR9+5dKN^_$Ev$h|IP%?T0V-wh}F^pTBR0MafNV=q1<+nsnr2qC#-GrN#?6 zQYbFA-vHNg%N!?L7|*x~V}@fXi@O0`-(s|5X;Tt{_WBy>1|f?C*h5=66@Nqy7AlIP zNp~tWY%IR|DBR7zH2SK$yKM1TK0KAD(}ie^$;mYqc&g z{O8rLtL&P=MdU4CUM{nAjR5jdzOqw-kvgTVmiN=~Va0MC+K#>Nx~R_$?Z`C{r(lX4 zQWhpaV6GGL5rSDazCJQy)HLG6)0j>dV#r4)<=&?uE6m`d?uBNd`T%G3-C?GmjTZte z(nt^bUR1bs)BKK(U&j%1XRfSzS7(M85ke=94M$n~cdh|95deR(eZEv*7jxf!lAoUA z%X5?#MMOZ`G9gCBh^2+TgGf+1@>{Z z*=bE3F(W6I*^QGjCm);?B^^o(ldW!qp?x&)C&_jVct*>>@wOAvPBYet<-_~b=~v&5 z*zk#N&q?D9S5d|dDDNzv46!V@qXiS0E=g#excCaqgq%*xT9=*$#x$C07JA*?6E+WG ziWZH1E>l1d=|w_sY z)=sO|2kX)rxYi*gfvn@e;WpVq3uU63P=#F8$M}p@;2ksatpEUf&eA$89G<>%&Uqm_7#m=9+w)88^g84 zEBu*C%JMGTPno3%~+-7Q)RcZ5&J}m{nL5e z%rjkI&e;-0%hLFhbqD24I}1*tMCERKx^w;vW(9Y5bZo`U8A_j#m?YRC%E*|d!a&Jz zUK7Q+4XydepnQY?bV+~`kVS9JrqEVe1(Zkz1Wbv{e(QPUp4>gaI+Ekxr|fU2u4Hp- znd)6__2J;wgXzr1>v+7BrC(1f}2L;2oNIGP*TrBzqmRT$SJ#Xm$LuH{Mfp zU$>>yWytrS1u`D0NK`7v%Q?#eZ#njbp#XE4Hr$Mc9+wPEC0e=~`k*p`-E#eG(E+Xi zJN!V&y0c6}HNsEjX%L{ps0q}ZT3Z~7ve#IX=T$C6mvY?*`hEHaAa`W8d#C46$D4;l>J2WohF9y&Ub3z8FBpYW)M|a?W z0zGI@goT55MRk>!WT(+d0A7gJV7Dg6h~5u~l2E@xbaGV8?sWiP<7lLjSp;pKjS6#w zASr?PX-3%0>K&}NQ%9!G;2rD+Tvnt&RVzFCp(jjsM8?xBtwRmgvMMH4(yrv8aI7#z z=y0r$>F1*{nL4Wf7_eF9=j}A}XmviszEC>hWBC?m^D$dc#TM<8VT#V18FPgNlF*OM z(hu=DB0ZLLr+#X62emCv3FhuuBgyH&hmIv>v*NU?pooLDxLgT)1+w{P4cfI`VhRG8G@&z!QlS-WV8Jf#l`8TaKTn^HG%3ak8KWb|wYROk8sB7A% zLYz8dKEL&y;eQ#tROWL#XE$Yoc0tt02c=Baz5B*(K?^1u`J{f6)gybjt-rIb=e{9j zX`@6&yMH)94?tEdYh}?khUcyMJzmwblL)Ci|IV1j?ecA5g+x?UO zo593;jJ3$1$bT&4O4igL zs$c^XLhrA5Mb({0R|`-wV~3g@dB4lar=ed~IW&&xOM@muH)LN@H&^Ysg=*xNo^+2Mc5ymdO51K+=xZq0sL$yz5e^PE2;^4{N z68@-fcjhbhP*^?mGgtrKfMLrDT5{zdd~Efr8Zzo6>^Vt*l)zdA#)r|Ijo?ALTPbrKjoXZ%q3(=VQJY$s}8Gpwnh56d*+UPQh-Iyzj&wSg$r<|JfVOoXj zN5C5!`?C~c2qA3~cI1FSndh9tork)oyS2Oj45_o6A3CE>J&@X~MQvt%_b%^IQ8Am^ zw}BMyhWCUDe+;9vZQYIksoYYT3&+0nUQ&XGg8$uRl)0eH{(EoUEuO}liXu-C56Qwi z1G*rbis@v@?^(&2sM#MU?)dM8zi*0fIIOywkQL%qU#0{GV(ZsBh#Je+QhuA<{O<#O zqz!3a?e)|8T}>dO2SBpONAfzjxjKKSpvB zwlE0tQC}{$)XG`vI;GObz7gh5A{I;a@$5>W^dW~*4X$csgf5ZS8C|+OHdi$qB)Ymb zK})Mg8B+DM{5q9cIQb#ZX;3>OK_w7UJY}qN@cK2#Vg$=R0>IZt@0+JBMq)}Mw_iJ4 zGq0RT(}eHHKgvP}gmV87JKV{?9O(AOZgZsktF@}|f2ipAxg!thf>k!IC-oAA=KuZp&&yJP67jMs>ci1;8-eA4e2P;&1*J=_$=bCCIpx#)2##-B#|~waz_@XZie3MQ6MctG zPA)?W3bOU)FK{sdJ0Z*jCcs0Een9QC{os;o(n{e;VVvXl42}dZI+U}NyoSTp8;!ko z`%mj)(bZ#4I-?IKDjyXb+eBjz{&9$IUQ25T7aDdu@0-^DowR#)GB$LoV8KX97=yGH-M<=oI1=1)j)l-RQ9l9E8db8s zE56b&kfHD(uC1$n0&45r`*ACH+6{8pREOzj6s2Tk{f-@Wt#u*sn@l!sK@}e40DIz` z7r)ZAD5l1$uMV$2%1!@%z4^j)gvF*GwRvaXT?{NW8Ui!>A0LwcbpOIb+9?%Y7WU1{ zUynSzZ@r0nr0c_FR5*%mlKk`kqMRlufvBvxTs>WF8Ouvo5 zyK#=FTu6^<;2)};+?92>-anTt7vA1A@~hFuxUKXZTd(fjyr=gsqVL8Be}clY-H+bP zw8DgrAG7VIBsgUFz6zo#0FVk;I>_dQ=Cw;_ zMV7KrJmFr`)y8J8%T%l@ok5)wd~l6~B8Wa58+wrWqR@OV04X|mR;uSst`0CxdH(B= zzKHy|^)k8{l}uBnWx(7KCdaGiXxh98_}cT=&yn_Ry;uDU1!{t0#TEia&=Zn&jn)Un zB4Xp3rW8L7*1(QOlUZB+PJhX(uRf<^$h8(>`|dJlZdNdhuptgURwA?8A=JJ#F;b?* z>AD%Q z|68!oi+pTbW7Fw4_g7}M1v1)!XvhSB3;qPRvIhxvPCd`m`Qh!i_Z539(W}hPWNfRR ztFD>9nq5YfOQM&^YTH#!$;5DHk<)Wh^;w_ZM4Z)zXwQC7E?v_bHdlD646Q%j8fuxO zRb*DO&z2O`%=DcChwOuGJ(GkpFwv&G%EmroXQkFJ1+`3!h)*?r_JkZo~3}fh;9wQ0yhp25ml7QH|K{0 ziMTkuu&om2DdLpLjmnm}lN%d_5w!R)oPsAi>Xvu)aAr7Z5?>emHK~cux^rvlE$5vWC@Is@` z1lw>)M=BzU4JkMzBnfEe=KK>unPN1zW!>H~zkmgI`a-C(<4~>H6E5uSx8=MJdneEtr;RDXT#aO)+ajo*N*2 zjAyhE>AFh0jjn!`lssVJYiI)8S1%K}ll2dnpdLCiK+X@TCW;S1gymmb$crim#R&wZG=fuS+u$M#(A@ip^!!sr&%uh8T#E>bgF)rgyj zwvn7K=!wR@g?7$<(OR#AnFn*Q*VKdV`8JkC??ul{$CB(jeXqlgJw3Y~J>6rY*JRC$ zVYoOnbyGRiyf5Bua-z^r))j}?MDbZNsppAIVj*eePe2I;uaydKS;}6FDZU5Oqg{?6}4&yDivFkI^m8RwI1FqMG^`C(&2l6hie-FYXfF1TkU>v%xG?1?pF-lUO^UT1K`;fU(f=IIAfnrLu+ zslxL8*S_M}D4wd4S@i=esUmEOREJ}CW`NyC$y;ylC{R(SKn);{;q@fiM`5ZewE1%U~{Z&bahXW+3K4S>fY+}pH>+@ z+-`)jpUt0JMCoj{0W%rzE9W|LI&);c|10NFl=j=0NW{Iz;=nh%I15#)WBBQ1$)EJ_ zvC!tdK780;MC@&(Inf!^?RY9g+oDluIB(J9cG5(Wi!U9ui*!Y0Tb?&Nd}qPJPA;2f&d_j}Y;%5qs`BXD!^K6JF{@beEB{bCh8kPl;?nKPdI z+NdB51uBiTSi76h1_(?bP{ z9XYG1Dnj3SeC?LideUU~Fa@jTzL}rVYj&RR;deG;A5t^=n=$*Ky^L5Cvm2vz`nqFt z_moQ0UyvVvTDm&D*c_d-4YfHHbfX_~)ev7bXZKcl7qhj@$*kt3TkQmCg|WSh!LmDH z8$5j0)$$FBVP+w8HQkVP-vnr%3B#Tpfaj_ENz38;)#?CfjzC5dfwupw+M%fwUkeR_ z&cBYmd)#r@{;-gl=*)JKpSM#mo#`%NXXG*m&aC(DB54TJxioYNKS;O=aBKNPbxvvO zQ=Y;{;Tqm7rY@km>yhDg4#nIsyK_hsUlB}w+o)CGyfGwZVeU$ zC)ROts789?V+JAFK_n4j?59^*Ld;m~s4+BlVtC^{cFsZrOb*|Dq9Hbt>*D{|%AHES zn+!>E9YT)L2IdVXJj)|+jiQWA)?bigC6lxvsI}N9^O5t{ZaH>k(3cc#FKP2s#squ` zkXscG;IqfLAx5BwN*YgDt6%Eke=RcC^2Wx4ngpX>N3h<>I$@t(#;J6%`Pb@fG7U>ihvLnZ>f>p+MaP`&n;-A6Tqv4gs1u4K_z%^#|gLn1QB@AgMpKA2nz=`vFy zN7u4rvdzT3%M(s=qGJ`0cwbNT$`*b|C)b_$s+!cfQm;Iv*9GD;$H#_!u|OyPrCl{P zyAb>J($*aCubQPF2cn<<;^D{*nLC~vl>Mu}bd}!Q-eb&CN@(eN@L{ui2UD>#TEFz> zMzmPGC_O_7nH6#c}X%>Vh0yCl_0-$tyz+dagcjnm5y8sLt zQbUuNV321b2z8+ad#h;0o7!R(i(5m*bp%VlHQLU3FaPKhnPM%hlK8~n#~lw;940Vo zSRJImy@@4&N8@8*qRJK^Z>eVXF4J^2@|gNd2}9w^>ici>C?mpJe!BWjI`OMft{1={BSSgb4XzEziQls}V?FdI z8=pc48}0x`F03+8XP((2B&&{G_98~BZC5&#NBFLlG-#G_vx0)&IHuk;E~l3A7y>EV z1;Ra=!LFIIz&Yqm>hubpknXPsNj^6hBN6ecC~3NH3w0-IY^-NVkBaZ+y&d?;^r4aM z4^_Q~`g@tC&E@1KU)?rgx^yhQ59^WD(M& z+_RAaHp$3}8}DPtZ@o5sVQIHsFyZ zyYuwUy`dy&9)QCA-V{yit6pz2e0TdOidy6+QBDf<1~QY2TFXuL$eMQ3z^|`I(Fs)m zt$6MiBZbC>`UEWwN4>33i^5k{#(-E$Q0wX@V1jb7;JbTH{Ni5M5@in^09} z?%g@>%o3J+SRB#wolm6J(_e%33rJcT=Bd)UfLB&*Y0W}6Sf`R-z!mp;K3tET33Bp{ z)I%6$;IcLOY-fFuIz^EWRvp{G#2YNomWF*xlSP*a<5*i8VeZQi-@S(YE6x7xrcEb` zu*hfVrom}Ioq2U(v(0DEY7GGL)5BsSD9Z1$`Yr#mpR-+60>yW;zWk3);eWxL{hvcW z@h`UjUxGOUmH8eH{9kkB|J26!b4Uw?S(9(p)zb`?^b5_}_R6ql`Bom)@S7rENYwrrs%cAzTEQry8~YA6 zHn`OGzS?uAdz+|$a&O;EJ{C_jH+)&Z&2~NZ_?8i3u?0$;xK4nmqA4inA9snOa65iAM zHUB!N5;r0L>38|iv-#Mlz>XQ)IqsbnwVQFWg6r%dN&j`q|C<_v>`AK{t~941{$bF6 zXWgxF*@$VET(!M+UtZuuyfpS+`1zrQ+uiL_QRGsHR*ZFZ#jZk=ZkO0ZOn^}a;s)Ce zyg!~AwHB)Bt?{`E5+jl0TSmX^rI=H`0Goi}Ez)EbQ;{E~+~hJWZ-@JWbmoXZz9N6w zq-YFTJY42#WZ8dtwH_)#{NG0frTYJTV|dJB(_Y_-O*c2+(GNqaw3+JE2AT%UW=MjH z$Q~DS$F{0M4Tj>c?7&#vAbz|XGwbEgdGqV}YB%eyBMWGnzk7VxUb#kSyxg~1JKCfn zr_pz^mbYX0E54K^Zm7q7Wc1KA{=**p8PKI7O zHX4@F9E8$=m+d5Pm^)dvH3n#u;U~*B6OtdI4N+|`TTtQD7f|#-5>~n&W>XN}6TdR$ zjKzBQqwc`kLWt*F%z|4>;Q4@GhRBYpfsd?7KYH$I0~Z%>LLF)pf%M$a2WcYOMxG4`tf4HqhFDUTrqHmmkvyX1~ z*tfvUmWRBgaHfI7EB@WSR*#xip{pkJ%9Rwd;zmtP^$M z-ram@gP1(+ndJFMXk$ygi75j~H0(Tz)9DtqgNo9=BGl};Gx0qj@Oz!OgZb^8>$0wH zVAnN9W8x3NYx>s8+}Et7jXpoT(A7K>f=|-LqdinpeWXfA&n_%ls#r_}X6;0WKCCCf zeMt(`qSFD;NN_Gk!W9;Ffa5`3+yVqz#C% zJ0b^NHc!t~GET)gCf$6O42wH9$RE5a ztck$eAA^2oXGHT#S3ke6j}(QJH_9c4;7veG{UR+7r!O}8Smry+0hlkJK#fG#A}rhG zNgxK4>w&IgW{D0FWZW1l>cf-tG+@b*eChMc_e*N8s7veq4!GaSmI_?n`P54Dd0BwzrmQrO4M~LaspGqux~8nb)pr$=evW zDZE~G2(*wtc&BgJukq)Mv|dW=qm)!e1ljfgi1O*h&sylYvUug1Z><7^a_XOwiB^iS{w{R_BCz7LB z*Y_tDFtFp8Zw~)^%bVP3{A%S>C1$W9I1ow`zNG2>ps3O1OW^vesb@}3Cp52h=&fa7 zu%w7ebbPd{>@ZwN*%EJUZbY(5=+NY`4`<4b71KsQF~o zm(Z5q;A6$Lk{e$)Zy#j&1qPBS{d6&0gZ~G%# z3%gdNX?Esn`Myt#F-&9CMfseZMbkwCo1VhmMy%AGOiD&LJq$$PvH|wjG;QegmzJhr zA19Wm6^AN3+HMzd8(`+k65HnU>`<-?h6WDFyxY54Dh4>uk#Uij)eguFtbKIHonEq? zt-eC>)eno4{ZAG_ZaLp+ABsl%lTMnw2V?Jy*SR5y_XBlUtdYjO=z-5-fxExFpGpVk z=Hyb~<|C2D*CnN#j7f*m&&Z6X8*f{(xtzCNm>t({vA4VcV?JhzqW-FDBjMLZgg9r_ z+|)2e;{YQ&pqY8|6b|HG)yq5Yn=e$=BVyea!_D&a{w1=)AF6(``%%zZ>K;SS7r!mh zoiBZE3xg3lkhXd~0iY_8~=<$0e~VnhsAv;rUC^Q8E(7vJ}I2I z7u#g$H;Tthl+p67`F8Z;CRz4J4NJhud?oW6DiMKz=zqCaOyTz#=RaOS)Iv1i7pC9l}(FSXx@zDZVk|G2lNM0evxEGgF;8(7zK zV3!MYmg)(+2i6r37YI;n#SQ{*gWEe#!&!_cWP$W3J&$Jzi3U3Oy(Y+N zDw|`H|A&p*9M7{X^fB~)<&Nv@6O49zd0B|9RAQLJ5EO}3fvYWk{9Km7E2(98wt363 zbcmZbO<;g-XjA5nu}XsG$nB*bmbQD|H+cp$1__`wb8R6L!Nlqo znRmfc;QkV1Wsdkz#l(PUWYj8TBjx$M*7g=xw3X{Me=m3FwK^}#Ddk>L+Fi)614*d) zqOGwjcrLd5ozKJM8FSkC?{#kK5%))vdoeU>89Qtw!}flXdMEhFJ&J(0Mi|Dmb8gQRkLhBBm2W%x5n3P-~G+i zS1rK∋-*MuD|2M{H{s?UUlgVxL=%iakfnq3-thn5t)O&qDwo)tflf=K5?C5pt|b z0JQm&uNA4F)f;jy5dNeic;BPxAv0|y`IYxSzR4NH=3|FJn=kUoqak+o*|7rMlF=;6rY}__*g`C+!wZkg&dMRG)9W+tkR? z?&OB#B44a-LObZ^*ZTLpaEZ*q(yNb34atV=g-T#V*o4`oZvL6`8V)5p_FC832579H z?~o5SSZp6w57)XQtZZl24a`sbpl)I$y_GU-Rt~dBB`hNU>ifSou5E=6Pd7 z0f`>$Cj~1tf@2m3lpcuALAj%mjZT^Nb=q0Yys0w%u-GJSW*1U_l~iY0)ldFJ$M74{ z%YUep&S9vwkS_-f#V@QZQD@l~K3az28k_d8$Jbxq;=SDM@eOD7atc*;-8H3^VurPq zYY#AP=M7_gsSw~Y-`Hd`#axa4G;o<+7FSlge;v8@lOepMBIkB^MTXD|mbVKtZq4K_ z1bMVBSGys7#5Moz4kicV(gX}pYhjt94C7t1!cw-BanBoEk#NP221UfAdC9-_7BhHo z8aT6T>9zYpLIuctIVyqPcx&@|!@Doj+P0vDcwO#^RJ9M@((1Mg;6A*+-i$f1b`@A9 zb~{0>6w7FrB85;s2gj`H;OP9A!L-o_vITp$9>?&ml#GYe9=8t6W z0hor+Q&H9`niCB2d_~Z8q55YSqY2`K1WC_LDShE|o5B|u*eV*UwUdQ2ux@-lxBE4n z*o@j~3Q3Oj0ABtod%7~W*DN-fm6-1~Bn(83qGWw(_!;@HcCKp0G>!9R5uTu!eLB z8ua(KROl`9M^mixf)oB{hj2XHLT8)zdtPwUyb3rpGo2SOHzq6TtX(3oTH|0p>mb!1 zKBOi2PCV2wj<;dwY|-+Sp-b&e2oZI^S-2Y`D8hm~>gjRdTwK5Vqbb`(-Ctk=+hm6; zF*Y%ITg0mt{xgO*e8}MOH)_6L&KvvE@jAq3aE5nD@Sy-I`ao=&z1tD2(K? zz<~=`Y~Urh8Vimn!uZN^SwAx)M22`9R2oKB5&GBkjTwz^1nd+M>MKT1C^T#4`Uj#8 z_gB^;pAcd}x$62cTdqpQ1K%bZN_`#5^pY|3n`rZlQr$O_1MCBB*&vyeVENwME8xG( z{KN%Sl_D!8shhf$B>6W&iR$cm>cKqX`ppL+* zQ#nbk%yx{6?P#i=KEbj7zp?k8VQp;LnlLs_H~=;#8*CFzHaUY6IhiC7(HI1XoO3WX zI1o(|Mj$XzAR#gc5CUTim>fkC0+X{aIpfhexBGPW^vs=}@0p(Y?!8?`vZs^k-0I#Rb$^#Q_uhF2 z#^*zyvWr^uP3j)|5}J3IndlO*XU;667i>9qW?Xex?ac5M_}TdH&i%dMhIH-OL2d~= zb(7UAcrN6o62P&9m>Bc;&=PZW8a5ymx5KTsUwJy})Ib#sTADnGd#b-5FFd%9*Z>}9 zDny$+PJvTteEG9%(~M$oSu6WyEnuR-m~y=DNZB4$1?!X~h_%T|8DU{~RpTQ5UPWL) zrrXH61AATcU>!u{`$BgAgReKobEVUs;3X|L9(^$#bEBOqz{;2~zV0k{s&BIVnyhZ& z_!;OkKQyy~=C2P8Rw&RP9jzs2AD~6!a&3HgauIO}o}x)95F5?}gCPSE1+pun;FM%> zOpd`gwyjRMQkaM=DvC-JQBt{$H;Pp+dw6=6aevd1fDF**#yR@R5`6V22;NYeq!lNd z9Nz3W3v@j2W&-H8CP&64XeS$i)=bJ!jQX+ku(>xpnL}5J$66*5k-G_bHmI#;&6po; zb>#{3%L~qx{T(R;Jd(w7lu7to%`AYjq$@1};n&gIxUwh6?E1mMb-5p@8Ph4?lbW%z zZxqa1;qa`p(!zwF2v;(gmGx(5%z9vV*+>RfT4|ME)Q)hb?uX^uB_|b>CR%<@Ilpeey6fL13|sdaF682 zt5=2Y$%h_7z$3?o=lFu;6AKv8H)kfg9V(H7>p``#PSG&u(i-M+uqEhGqcaqQQvsVg zY84n3b|cmcaW-=vP|EZiwt;R6T0P?@e($W$F`B>FDnk3)=jcmEsn_b?Se0q~SQ;~) zm*zd}ekRwnYbuhZul9y1x)YCMj?SC$|ETMegIb+?_JLMy5 z<4LF3>M7z?SL+IPbKGWf-__PJMT znb7YuRwvQ%)03W845|j#3FG}3-Jc}V@uy*U@xI{WQh0-$lMQyAqFhs8#5c%&4K2Xr zI763qc?fE~n$wWZ+KQd>PF8Pdsw)Y&o0Vw3LeVY91(edH_51T!CL{Y7L(ShY)Lels zxTv*eR7kw&ID8F9YIZ9Xf}E0rZJ-e>5s5ZZ)@s4Q=Cm4F1YszV?)7Tb3#^_^Vn#@t zSi%$Gg;tKXzB+4H!FSmR)8v3O}6kr)mtNF}|Mp#?)W_y(RLXB@i zx2=nqiZ$>U6IUEeospq+cNdntFZF3gU3}HJWW3a*@AFdsQK0KEv=HT*R1DuqQ}MxRq7Lq28*~Mr0iFR45UC z-+a6<&2R)T;vC8L(xh@=ZvI5P8(Q9;!Ep;ObWR71KMenBVIbAJB@(Rx8$Xi$xSt$nl1Jt{xEzAqf;f&K zeVbiIwz1#W47|+&i@FA4XUmdZDtiN|Zil(K)*jU6_90bAOu;+YlD6l5Z^~lBZB3}+B?jEC*;jdpWyXQKbm5}) z@RZt^)yCN!Z50~gorAzpTJBVYVe8*sJ}F1l<7artXjPF)308U;urBo_pSt!yA0nL` z;>Nksa6Lq7zBwsKS=&|QPH*7mjNZeQxLBd;le-CAY_zSG!s?_bhM(4(9afPTZ?T$U zJjpw!m1^Wb$@g0m37hdZk?W0@=VDSNvJSsB&xer2jV1f^a9JiFJvec%;2QhZNphmy zjg_#$OQnVwk^C~PU1@eSLL~nisb!+m4Cv4@JFbmc#5rBFk#9%$VAfWv;zP=ONTlK& zr}k=h5t2VnWtJrVUn2jyFGDuX(LYY&D|nqBxA;uG*;4LGdw%rV4d0#e<0Jtil0ST> zw}6}9f8d0HbQ9k3p!JCqzco|;_A-B{AurL!s+x4Ox1LS2^2TUiz#28hwej6)-lGne zZn0)X#Pz>A4#%2ZMWwDPbo}pwVv$fvUozJOs6UjPxb|*qX6fE9vfCjUD++}wDANE? z6BPn`cgQ8+6h~w^SM})cM(f`f+>hwAU%ogHSA5!--l|JpDov|^g9MTG(9SFNkEnmv zAnl?j9pq$kf4y6p_0i|wi^=3!52*=!GSgeX$l5}DwaL$J3QPR7%-qQ6($GhP!KWas#RgMLaQp6lf=tG*Ev3`HKp> zg6~CJ--}8!?4JquhSw^}rdRHM1cL5>vgBUCmNg3DCb*lK#g0Orz<@^Nl<2v;GV^YG4UDxxw1#0HC(!WVVTEtEVx>= zbEu|FJHo!UbXl+Pg`Vr4R6|x@byN$(y5}{!}_zH#fMV{|@45kBT?fJPy8 z;Nznm#}%lniC1a6g`T06jxU2XuCxeV*NxVHZzDy(EMj$!=8>&d|?6m+5*5ypUo;R=cjd?0I2T z<-(MV{SY>0HaWc9C^+M++9<@awTHOc;63YVxks|c+#IF9f%F-~6l0tLl)uQ@?`E~R z-_ffVv(uGs4jbT#@gihh7u6XgCY80tSlrJuLXL=DQ)vu7405N%z=ld3;{qGM?<-Av zBKv!6!Y9l&Y?TDkXcAOC$=24IBOab*@iX=C_0%*pbxBQ5CrbgGoDv;$h4{>m-v7+T z4OBWDb9d#1w5Zjz_HZT`;`y#Ob9c^q)Hd4DSy_gQaCn%I>^Mfp zSxZ8_z2@>MeH#Ij33E1GTi$VyrML|Me~$9f*QU{8Si>`f0m5QrViyS$-p*inz4RHh zFv{VSuR1vx4&nS>8-X#l5Hq!cWop&r#4y`%xbx%09z@?7&$Snxwa}nPxMg&UzJIGh z*4kp~MMn%ERwYcb8w`SkTT7qUJxD1B+M0bx!HYxI(av0SN^C!3#lRn*e@iqN$M1Z* zPs{!|8sN`i$^}pT&FVKk?%r^?G zZ9&H*x=AlNhU_6EmkePAJt2|PJxLv0Nz3otUuaTAdNscjULb3#E(r=!iF6(whP?s% z`g@pR`}&w3ly{H%2Kx>RUV|346x46dT3|iueYWkQ@00Nb_H5q6d>!Io`#^krHCxl~`5+9%>zPI`$Q+8GN`PA9x6La$fU$-aPc?ZPZ`r;o!QEUa-GXa2x9?w->_!3O`jU)IK-TKnlsgKQg(1eC|$9ul*CTWMrHTb4lL1& zwz>$alxG(cBGu%iUwMw34J=Uf`%sis_UA`2w~kO)TbvNKii%H0VrB_Kq0Ft*jYP#W z_C_KzV!dGB+J~S+g0W3*wEQr8kXv)*JJjQH=qvIIzM)*c9`c7i=JefT*%|9DX+1M2 zLW+R?;9aDx{Fo7uHxb$bB0uU4V@!ZS2_J$*&^NI!;Jh(G3U`Y*@B-J`pc*5FnkCf5C4sOBc64stObgXH9a$A11T5F4+bXg+jc-JwCaXCu znap~FTrK8Oq>3%p)}Y(fW@eRAY;nwOoNSJrY~>N_^JW@R+xd#MWy-c~!#?`0DQT3e zg2-EE=t5sDqy>n#U0RJdnXYsUPfsK6^V%^>&SsX{Ej{fwyj!hXYeY~^ute({7 zEkTwVU##<3G2}Hx3P-wMdo|Sh(W|it$=M)-lb~p=9q4Y&s$%K+~P{u zm9;37`!FKlkQT0&EPiJ&y~_Mq))%OKJ444MF{cczv$^_EU$wyJl~i$-!#1Hz(To-& zd(Q1X(Pl~@`bf{&leolU%nju`;?`Hhp=orb3DgM`KRF@Bm+S?Qw)pb(6@eT((;Zpu zq3Y%6CCGZ2v!3yD)XGJs^zaz)4pe{+LO@9*YrYth)>o>d;7U;IqyRyv!|z>ISqW6F zvm1_;%)Gghd3Dsk@viU7WDxAqes0s;j>-5H!G7NL3ZO%d`YzH!D=qKin-$0W;yM=4 zty!rmZpe%3ZU$mB0f!kssM)fJtL$~1#viR$tpKz_)}QQj&{sLH=NOgf3I-(Cq)o&J zS@1s0l_|y>?B9Hhrs3eSO}c+YgM*WNWrDzonHdotdp9Lk$yoJgBM>Ff_1Lf&a|5CuAs!VNv%6TR z#WcgbcZm2o3v680T=m1>8?l3NQqLmy7x+*>$zcBuH6#NUvJF`PX}9JWXa!o6<$BH6 zY>tW+e7HJWJ32V0#)x2{?Mu)sqMkX}t@(nvV;8d)Bpu6tMT{{^Tp^uB3W3<^YiN0_d^ z#tmf51k?p?_H-D}jM>=%jj)pZcGoS!CZe2sL(>{+YUcbh*?vyvoIUCy!uyX9@!SUk0ZK7l- zU9PU1qvXpS`I`MU2UOK4Z~&m~byX0hPRRVpRN&JG7EDwvEC(5wj0%}i;(Yrkbf~a4 zSVlW3fY|=cXgApk$LTLus%MYX1}L%14XU^@DqdmR@2L7dF7eI8XTWDkfO^!p?v3Ao zICZle!PxVBA5URxGeW%F)ydTEIng1wjANjty;i$0(OgK>$o!^-Ij@5tiyMtskMCn~ zXF@;-0<8bIPJR#;%+X)xMoi!2jQ9T@&D?aw(f}ivcx}b@^lBte*O&%YrGi_`N+eN@ zK}l^WLzL$s;3&1fHF-D1zN)NB=asvUclC0IAeOQEX%$ZuBBEw~==l=b2NmL#SRJMWSEySlxTZwsAmz@qrmHHjxh^;+%4z&! zjN|9i4SJ>sJqPicuNmzv76sXEy7(3j*kDy4Q-_Y6wb+v$=k5X11_1%*nn_Vt5}aM# zDF{YC|KuUvTQMrbbk)$_7>tc?e zpu-(q)5zK6c%=mx@C_T$RML;&<4UbGsG^D(8#Llk#rO)0B-o@p_M(N@K$L9qqbu6Q z*!c%qA4W@@dwVS{5nb!B-k5HKXb2P5lVpb%-!1Bxswq#-u~zC#&UGsxr#JE4rD4p* zMCr0E$-xP=ekh0U zVB5|CnBjg$-$^Wkz~cPM|H+63j350e}fW+61UbFGpW=g$BddhohGm1YNWz=aJQC z?g@ya3oWV>u^BZX6?`Ex9e|h^dO<+^*ZS+`;He=^+b9b_P z_P5zyZE&pVtlhyIy@PN*RMuG@*kncMi?rP;#yw7kq5{Uj=T7Mat?DoHrh+q zBm$x%d-)?fDHg(?-Z{`n+^+4^0bYdYwwlniQcNb*LA?6T(Zw zNO&q`9j+Xz<=X_zMj7YHirXZ3y-aU!XM8eStTn=P3sVJmcBL$NkwkE$?9)z2#-`wH zqOlrLx0e7>X_U#lkc(Wu$gHDQSgzUE>&A|VDdouMhTBc+@K-z%I{7#2!C(FUM|O0* z=Tfa$N30{ypt;{PJX&HrZ{Nx;Wu^BjBEi3U&IH%+OFgn-Mn=4nyMBK#0 zLZizoyb}MxHhJI%>prndz~Oelyxynm#Ld3KapQheNcA|6YVJ>Wtwbjdh$zoJ|6?$_ zW|hDtSM|9=*&4f0EsVFcBMI$Bm!4PPrf$V>-%u;UllGmhzQsMnKulPpDRS;}H zlqcJ!5l|R6k%9qU`4PkAZbDWYyW*|+3#3rxEe)~rL1%3XuTP%^JUhWZ9C=?Vn@IP< ziTMrlFmPHp` zxVA*d6Y_N5hXr@+y-iBjjPxctSwVeHKp7X1x?ISHBA2WX(Y^R`L@eC4DD`SETtx$9Yv=nf#Fk%{3&Y6Cm3MqRe=r5FIxa%-tsU-@kV z7LX1unQs3^`LKdwc|=b-&&l%ab-AG?vwfI6N#aP;O)x73UHt^S*rK z={Hjz0rk&40`mZ+z;-+%@{BjK_9`hgULMoBt9yu#@!QpL1OjHP4`CoUFISnrvN5L3Qo zhy=id16s;HE)7M{X;mgiHi$J8N;Evq*JE1--dxIC{(ycx_*km9Ihyl);czk53x+|{ zJr^Ze70}UVB6T7c`RMwJEe^)G?|FIeo1z7g<*84IX>?;FRbTMg&c|E@v)K^)G-(<7 zFq!g#Y`q7p9%=FWX-jZ5=5^oK4##?oO&U}>hpk;Wb8bc(ko%;0y+NG=BRjx2g%fyV zp=vFSavSCGQmZ^yeI%Ob=q(2gk~kwbvFk6a8H-Eg*?apWls2)$Mx?# zu7ByA|338}ACHTq(OqH4&4q1szF4YH&33Z(<}@QAPH~2}B4??-radg+y(^sJst8tX zy}Wpy#r4eM!214|cc#A~wlI8myFX0wSZqXo>ot&~UJbe2%9};1`>F7d@`B7%*ybxz z{Rvexc^D=7N6?EqSG*g^XUTp%MIGE_xJ;7u<>1S|optU%*h#EMABUjgNkp@sRv)qDbbh{+nd-{*Cw>0~I7h^%LJkuOAc* zul}w4f9LmNoGWD?CGDhTzGIyF*j`nFz)7&X5o#5tUd>lKZZe`FGmn_IOOm`*VwgRV z#FWETLi>79v_OAS9A+@6AN9JBTP}=A!Yn}!X8nC~E88YiLgpmNZyAc|AQ;U|aIgRkJl>(RuXxq&4`UkUZxm5bfVC%8+w z1=?l?&J&qXt{h)A8zUBF7m2yjvfcZ+JVO|$oKzP~yMS1wYhO9|pxwIK1#fV8f3yS=a$Po3N$7ER5$#+j*i6l2iG>ubKHF!TN&k(l>K# zW1sC<*K${GzZ3crMK?u${PXsGb|D}iNb9z(IU_+_+MrG>EdjFy6x+XA8$a$BCs|uG zLH&|YQMgEossU=pyYnvCu=BrvQar9ilK`HFy{KZ<#rmM@kwFgk#y&2fM3xeKSwfkTp?mI76Q%rr}#-Wi6&dqOqd?7nj{dq!ntkWeg-#OX1hRVoCJ zupXh+G_;7g=XDjSg&^zQfNrBAWmW}`Sksx1g;hNP)pPAJ70d0Jx`_4 zNOAc{6N^RE`ud^Q3cp5| zUxpGR9@2gGo~=(a##FjnJPnQfIayT2;%^a9jeSrw;A`R>E;gIAWjIaH(-SPWFCHlK znOLKFTtCpwR`p$<%R>HY+K1azN-R_^5W+@n-DKxjiq6ipg%J`qken#XFS3w1zR3Lo z0Dry9n`7)QXqN{J#TzUxsgC*bDW_<^Og|X|X#;&U$lm6MxkVgzq)*0Wip!&}L3eeO znOuNTn9ys3eBLsA0p>aWBYYoT-nr(|n2U*Lwl%4`HQ=p}|HZr~^oUFG~}>aa_kTIU#{Xsa6UyYjINySjZ-05Hb2WQy8Du2(}ym;(PbQ zsEosPy1e$$Nyl82;Sy7!&)7l3LGqqf8z9(r9)+8JT;q-kiBsz`HV@24$}3lS&YI@; zVZdrA0j=i6(`%+~ueS^N-y=Q;JOM>h=yXcBmVJbQKCKIs%NXS%o{k!wF-3l+G z^CHTsVv6X8DTT0WD@q|9m8`(=_GSnOu@Lq+ga8o3p^o*+i5bH-^Wh|L?Pv32{Qa+3 zBLln#e4t`6PDcFLhd;VNVe7I`EOYh`w0m%&MrEORRHWFR*Qa5`^<~w2QP4Q=${p%i z+i=^N1c-&#y^CM}m?18_@VBrSbY5P4)g(_eBzsl8@{8=~ooMh#c|%3*jj6A97Y;Y3 z$B&b96jiAf1MCW?b^xhfI)(dFwg5&i+%eIKmT#vAu6!D{?tXDm61aBg%cst zY6}4Ae*DzC1AVw_%Sqg1Oop6BhM9N+JoTrKd zc00{OH}Br+CWY4hqX(;Tdby7C*NNTFRwbQI^%v#gt_w62{?BI>zjp`=l3X9er;`AA zhoo~;I(bJW9l#O`)YJ`(WzRl)nJ&)T6sGii@Hlr$_%2=@)Vw&-J&V{gTUN*sauZoU zUF^j6D)6GLdQ(;&5-&NEU~l(p>%9#|Dmb@UzH))&`VMisK}J&V6i6G=bVck>7_5zO zo>%sOA%WB17T~Zr(_n7UyGGJpwL3aBp3@sI3^HsBjTrt%ijn`M>bWj6@JVny@eO6= z3ulc5k+ntV_W+Y({JKzTeuLK(|o#l9r5KG*aZXo_WA%ChncU{m_MO82<*mwP8LF7G4*!RM{qKd_m zUt~OIv2}*$EkFO>kglny`@R*{A6&r!R(Z}}d^MJ>1G{~^S5bxR#EZ{kW-Y6$RX^|C za4y&2?~JM~+SBK2g2=rjp)>kC@%wh2I`AW*yW#xqxrKGJ<6-iNw?yZk^aWIs4vUke ztaFl{uCK6<{4qufyRY`|W72{yu8?<+*X|cxuDvmV{~`38)dkm!eIftdWnt=Ez^iSa z;^5VD#HYRz2iJx!r&W1w7*lyL*P_2ze3m01GXuVKDiC4AbvguR(46Bn_1jT1@vb1* z>||fUhbj7;&h7ymRGiB}lxMWgZ>+K_t)tcNE9v!UB{tC~BKQyV*#E~S|Dn-{$ZyIX zW8o~*A?Uz3EYl+fzd3_r0C0PRL=^msOvRixOsG#drQ!9;Mp~Vb-?{~jSYnQtW9GVf z361$P>!}SEBd7PB93(7CRoM)B%5PlJ)*Ml-YVh!ZC*YS1#&a*9%fbnYi4OAg{VYej zm=wMfotxiwEx^E{I1)g;pjF44 zL#I<2N0HQz>Cerv005v{p|vMzY&$uzMRnJLlZ%cETy9kPF;H&8Lm;gtj**epgeIcZ z1MGBE-H6U~m7Ed{DGOPMdEQv;1bm&0P!r>LQLI$RZVY^5uMCE$!=oM=Vx0Q&lGSE~ z9*-=%y9A!5$i3z}4{6L~T{ZQQFo{Yv=6+gPa(Qcrft!|3fV*wXwyoCAlfPb*697mU z&Vv=zOXsw1!rq#fMo;s}pH2?O{%kbGwoS&|yDsO!8;s;XB*o=)gys|{KT09(dGv1u z|8=A*d4CrP7SRmi&ykjNuHF`$2LUHGnKZzpy7}1|xnnE6j?!%tgx`+YMtXJ&j(Yki zKU{o9fp?{-5Uh{;Z06AZ&-dqTyntXbuRRL+0*=aVXCNw;PPx%FM?XXqcXRpJ;jL}4lQ8uGmH6=_E z&F7_XtzcXK2?^TM3$PIW^U-z~T*0w0)}%`N$2Xd;tq<0VW6Tq~GIGy7dNT5%J5f4q zwc2(>;~KRJFSE(f(^GNdUPVelf_l*w@BcTe>whT?)$H1?)%HV|L3Lt?{f(M z^K|(`^0_&R#*(ua!GOciA5*gYa+ga+|ET-B#HIV_0WZ|3h2=0BHmNUZckV1@Aw;Wo zbg>Bf2zdQH$0Y@#yV~B%kv={ zt9zGKXB7Kj8k2+jR^PP)aX&cv<{Zrrc)wnW5gPa4-E zm^|7IPEGB)MPAwyOzhh}#c>#I$zR?5ZZs)t6*y+lrHvJ=O~9jE1|3{&eG(xZviV{z z6)86pp54}aemM8#g(em*Fd$X_rN^(6!)hXSk$2%Z78SeI@`kj|9Dg;C6QW?J2F-Dt zyv}1dWNKJAG&G3@0={>YQ*uUsgqkOIF^tWFiETrG!v29v$Q}0&BFYBc2h|ns)2rht z@0M^TxU-0OK(bREu-{MJ{#iAL36p1SM@yR-}f zuGSXln;x1}I3quaMsYt-pDe=j&x7ac_>!1*%DK`L4cD&9>>OLEWl>~($yU3fo!@h( z>23y)E_zoMK_MA10ks)ab{b;FvpVZO-?}g=dDC*tqQa%B_C9=Z&p=Rln6%>YR?n9O zgaMa;gvT5UfU94%Z(B=z>FwFOCd+Hv-N}?+v33#~U((h1(JP|`t9Ylc2>%+J#E16Q z&UCI1e4^Z%GdOAHQvAW(z0^EG3+@Ij*WtIp^ZQ)jkkoY~50zLJkev*0YnDwFr%gZw zj)<87t4@8n?MHyZC6y%;J_<5rEP5usxZLMFgrWP|t=#~fx6z&Moycmx&M%PX?QM0J z=kJ|m^M5#mIyRoz(_HDRw(L&bSN%jKvZ8n!(^T8ZX3Xy*m-2qfl-?P#^`(|Y)(^V3 zon~?j(`bmS04%{7;|o;c@RC;_hO=LJB>3gZjTh!D4l8k;WW_5lOY&k=^eTT;+Ydz; z3OpKe3(>L;H_SKk0wtjwIF;mz7Dm;-!6IHR6iC9wO{iwl-mT^nq`Hc>+Nm=iklhn+ zuk9Z$F10;A4Vq8KlSElf0R5(e_4QD9Qj&g#Xtj-=trSkk)HeAFoQFA28abD#qWR)h zA@lbMkD&r)h#ZI(z+6f*!L$2;PSTb8tETS6O|9{OW8{YTgimX7@N+>Zs?D^%abd)HtJUFAvYqHEL?PLI~pmO?Scy>md`G&*;Sh(z!9RdTAvdpK_@Q0ev{4zdc z8ZsBxhMi6bQ9@(fJ9^W5?C{obz9|C71xr9*l0Yts668gAoByM@- z#Yq~32ePiUzNzig0W%M^!qe_0y(5mRi4?NUcn#@FDTA#Tp4!vQpQjEghjBY(8nCwA z&CAh}c{QXG6sol!YROP98SgO_bapbCOgx4i1^zHixg30U!m>ZLL#4DSPv0jfRZM>i zeu0Z8|Hx1~0v>ej8EP=Ie^o3DSD2WHi`{ z5(*L$T7g+4h>7zTWwQE;_ttwb^A#bR*r__>Vu!XHc1Se;WO<)3F429?mT&xU;0JW? zyI;UTn;)S=nrXxrJXxwXe{-8|Mc*JECa-2^B2o|MqPap)K?K{8tTx(40Kf=qyn~ED z`?@D>vjgxTyY%a79?oI3Armyaf@L}=(BDvF9)Z>t5)4-cDX+elfQSsv#m!(uS)UkFMr&;2$VU2T(9&EAWIwaq4FfUIFG*n`jr8J`o&@25*+bD-Ic zZLH|f#t|Plv)}0OZPm({>r?+F`M<_ly1B_ecJ@bK{I3${=09|D>`e&tnp|Q!sqXxu zKkjp8^)MxwQuHJ`=hmW6L+qUVy!CM5BbJ>bOT>W+~x8rvTta}&L z795h@U;VFC`sdXD-**!JbM*LIsaqGONXzGk3do?wpRO8t~zFyC^kF_E?h(#{URHZP9tKIcVXXM&ZvKpN%n?P zj!d8!j~<2o$@KX*Gm0Zf}s{a%)q- zM@ghGT$Rb7@xzlp*uK0;X3rE7+n0d=h9gt{=Yq(ClLs$Jc1{6|O0O?F7Xz;L8Ahk^ z04^Zc6;O+RJ1#lMNA? z3)ykn64~58oJ?KuJ*BPeT|%BTo9sHFv+8$P{~G-K{Q-ou2lXF6w!Y0L1iH{IqR4NA zn1X)rtjmTz{G`$Gj`2)c_k$E5^KIO>^`480PXw%GX2kqC%By{8CU&VYyZn}GTi;8Q{Ro&&KCF~9Tt+3Mn~ z%vN}-S>P+T_Q|=X6r&IKNj!gMot3BRBwD|m4F%_*vp*(48PWvU`P&3YM@Z1gIPhe= z9dcWkZ>1JO$XUe1Cti1$$To*ho#;a{Y~{_?n>=FF{3lPIjMq*n0bc$2vdHXH7KFwdQ8yr|+Da(7xA)=0ml7$D)#=y!awp}8x27CCOWV|ZqT3aB>in+%}x zFbmF(x&DhxEpw3S`LiGmiO@ew{ZOnjA4~k+%1C+AT6IESyy!jQ?@yo;2NUixf)86b zaV7)B3ZD(k^hN>;R{~p>JL}=SA~cBCSG$rx(e3SG*8JzA_Z>)H@>iso>IER&a^2uk zh$MJ}qX{#(v$UZf5LD%Xg;`a6ACV9S#HT*+iNN}5Syu5>uLH8zCFrzvKQ8s>@=q>2 zxl%~~(*!)HN5jc+pWpU6tBd6n28o)%_wItS)A6yDvyL-eH)A}p^Y$Z~pqxbe)bly| ztxVx9pP;WI+6^%tryDMEFSaJIgrY4#Wxm6MT`@atuLOvf0fo))9msRF`f+Iiy&>}D zh-=`Js6b0~1Ko1|m8wqVe1cKrP=J;?7NCwpXUHp~+zK_a`ZMG``JMqHZ!qy!p4=YD z06!@qzs5u}HH+Ey%P-urjjvp`XxH}OQph*Mt#G#c0*5*TWjlxGvka`%ON=(PLNdJo zE8bi;@(VepIabyl6i-x43r6yCrEjYH%&g#1hdD>ecc`^`8fcIj6v6%Gey>j=c5BUY(bIZ4F68yHw;(Rdx0%-0s>2p@3 zTjm#;!)IxvC&aUEZ?VQ+V(>auiI?SsID&*iS0Wsek!YV-S24#Rp*!$?CI0JxM7-Ut zR=@A*+fR&DY|7$9?kA&;0-LrK)||-*Oo%VlJr6M+v^1R78sd4(g8eRayPxtzwu(^N z2*DYctp((Uhwl2cXRgDsl&SP&8w$G6e>iMT9ho0q3`4Lm5CTbQ-nTdS~op zz4OWqf<4J$Z3y?)1^cp;dE%3m#XAFL(a7lMh5e30OgLd*gYg!+GA*yfx5a6QY)Wc9 zLmDX9HvHwC@4pWcGP3^^9??JP@=yHxe*x0)PgLg*(Ny=ePD8iJSJ0im$Sxg@S^ba? z`SM5Q-z9`^G$iJ^eBC;$swZxxVx*{c8b!C9do4P1?9_FTCz+jejS}5C3>sqB{_fP@ z3(mnM6{l_|?`$iu_r%r5eSLuF_C6hOFHqzoE!|6HRBoPyuUPD5Vs4}~Z4_adr{b3! zLbkYMLUzqp6+IXGqf|w9rkDNxM)vtkj9@3=Yn6-X%2BQJv0!`o`ce0o-=ri79n!_5 z8isVyPahU!hRoMEQUV7a08X!d?6%Xfr~`6!n{vt^difK&#mI}?-sXEv6(Y1;8uQm5 zTitm490iTM9hguRE`oiRyex4F9JH5r)<6w8$?OKhc(bR|{f7E1yl^nV77A-2F-qd! zT+-iU{i8uu8h@rs;OQX*ENd1Gv8^E`EJ+Q?P2wncf8Y7jrun%xAjJ>T_3Y+r7)68^< zy7byxoq*#uwes_nx?cubG6SpUqg;9c0clS;HBlq^)A)#)P)C{W}>Jug@OY4CEh?f`MV!mv~jF z47Ek2Oka9|C(srZ;*0b?rTWCK^1-KXI4ZQd$f>I+_44O@jZLUK<*F3koiY1h5B!RHJR3#Xx%ESGeWM62P|62sOqxf}=XJRxs6BD4qEipmJ-M zRO@`QeZNq&zlR<%&3gr9Fk>k~{F*fVRSV%YLLI3Md4fa zc>q@D$;;cs8%nPcZ!k|Gb}m}rx$9?wbB<$1q4mmLlTRUi4fgsz{wE|qSFc-!t|Hyl!h7s-(zVZrm3M8jyr zS2Aw@oz>#t?p9Xc9V0HZ3RJZtFlom!#AaOp+{kB&!cZW@R4+j?EVtsP- z1FLF^uf5DMD%dwyg-hDMyHk0hVMC*?m7vC7dVQt3k1Kqv=JBjN?J^It8p$z_%pZ4e zE|7AXrkFRp*k{fsVW&2+p`Vp=*?cvf|if zq13voz-4jX@F-ZqsLvG9FDj~3jD{nKpspCVx8Z)Wa)Qs!SC z?EhbRu>BzpQ*5s4xL;%s5_Op|JDB=V{i8s~fQ9Hp^)|6@yD9}~qST{FUA}J|Y8|q) z?VPMTQ*D-tSoMn*?a@jRicw4GTdnpQ{B{}V;u}3TJ070~*3xWuj)We37Co%BevE1M z5_MQyQT}cR)}2lghIpjacino!W70fs zU*EoGb7*(!DP*?}f*cfHU~VOh!qwC6fgDp&YBnD9MfW#?lifSMLQJfShz$uYY zSm?S3^fb9KP{(lUm<>yXHwJ-ZsY(H!Scz3T9~JFTGRT?+E$uVM|zvz8nS>>*gdh+;@0-NcnGHQnd0HrVCo;V858xl#%kF2%O&erN-KmW zA%K?_QW)_ucL6N@#io|e_X1arJS_+HNX!bJ&Nv5eTZf^U8N-h=`M&owAN}dsyYiN3 z^i7V$TjL*+M}*BuLX?rqK3Pw{KN!-*iUiZGH}7ILPrFrpV-ZZ&GL8SmG=6R_3}X#6LHF(Lt$TuE80}}ahxeY> zm^wJJ8kH%<*w1wipj<}{oi$0}qWbrx@@9}e^EIY}g_1Y&H1d0-$8ZL7W?sAYqS2|6B+fB4!i|@GdfMw_R&&xPW;;4=b@O zJzkwRo$0EsQ+W3gEXIe83yFF{fDh{}RTsJ!7})3v-XbB!H(komkVO9?tM}|+H=4@N z&-jwY`g45*sx=wmXocqk00`ag;|JDU0trh=$9l`bb~42UTSLVrI8&KM)7*AWf4(PG zgdC%u-27U&V(L66{M^uo$2Jhk@LFlbv^1iV&mv>VXE{dI93gd+gqRR~9&SncW;CMO zyv`MG(-CaWx2cYFc^{b|W%0RkQx9mZNcHB*x!c`M$$_)pr1u81Vc>sb@4cg%>e{tm zY$#%vj;JU#G=TupR8%^I8X%!4ozQDS5qMNUrAkOZLN5UldI^DqqVfPzLJI*Q1Vowy z2ucwF(Zk#J`S!cd*<+7WzCHFBZ~n;2$Vz7BOxDV}=RL3ccVREKvkZ$)%=7MsPZ2yq z2=l2Yi8@MzCt=?l41z#N4h7dx@_XQmtvyU)nz1`JNSYEo^uP;Vq=fQ7fD6TkUaD@8~PvNm}zcYW%_{YsNqs%bwxe_~(QuhL>=< zsw*W7`+9lB4hJ4KH#pE1TsY1g_Wuk)=j;Vm1D%R*o1MRF6jo#`X&LqieD>NM>Y@Y! z+pwOU-(_^XHAl~aM{gh_Uy69$BFoUjXd3wDM(>UX8mt=Hio62?JAN!^IDfzOwuiGW z^iE{R=oYagTjdWtFV(AoeL#Xz4j8c&R-A_=j81_P>(^q^WHcNH zUtYL9Ump>@->p%o6uIXKTRqdYQL|I&dX{^6pARN(jIa;v8Q7~!Z)1IFt8}$jAgv|} z`vE3XEnzTlru6eYQ98290EJo{#C)AnE|o8Pce`-Gs;`6_#Jpoz^`b`hNH=k@sb)>e zLZG%yW)e(C3c4)O;u|%(XqfqzV^%dX^h>&lWl9;!OMF=dXoIRGt-hrmIW>9T2^*C^ z+$>J{Mlr}GNe^r>CDZ}5{4XAgaw|D_vZ42vDs+}85jo-@Ae-lj1K_R{DP z+kghAT+|6eqHRR^KCm0y`}g7e#TkZRuf(Wq%uYCL$DmPp*@%K8+wz32>{w^ZXp~0K zQJjb6SAIPZ{`GriWqXhhTZ@t3nJVFt@ z0<@St7wa=cL9MO^+4L#>Y&|SCYuZkt+4vYhnK%o8ns)uiQ33PEbBUSUo{1tB?(9;f z#F&%e8>EAh#HS1EPk*xkgpN$uVfLq|x}M~&iMu3p{%j!YUV}ngT3MLvujvXFm3q{bZ3VaO=CtE=^D6_I6?^_8x17;AiwhPB?=Cw35NnQQ% zO2+x2hJ?ghJ^|Zpi#hJDKOa2IrT17VMd_p(Bn25lwO8Y(gDi3kZzR-J_V1SO3Iod@ z!~(fcx6*nI`xTd&p1)8!6NZbudqmln6yua2 zV_m(;yM2Ro&$A)kQsLy@b6=-5S{RSY$4gy#d+j+Hp2ns*Q*LukEO`q*P7HhW--80S zf34L1@sn|NOucw>|B@KwSCl!-B_md2C`P$Ei*NOI z5PxEu`RJk|c-Xh|&>1j98`!0Ik*~l1p|j$}D=nKB<_Vr_`>CFtO4jhO!Z(?j9qIlr z7Zw)+7&E4A4D)CdvY!|^2^LAd{m+k`|2KR8=PspR_4(+w+$dcIMKgjN ztcBP|8kaL?EOI_h@hUmwX%$-RDL&+f<_;El(yY(&0lyGgBU*Rl^+P*RNPRd3D12c{ zU~6PKjmG~>V?5wDTl@ue0HwXcF2Trwm{M(MuwSGURVhhvpfr8i(Ud0`vmZhSLG}k1 z=N4bKYZuLfGxv6z*dV@7i8nq?{ zkrm8*UZWx(m_V>VDitZOwyrcSraCfDk>PxyZEr$wQOv6}dS67LreWV1$dL@x96X5N4I-e&A)Kfn1>2_$re9|~Ss+$Bp%1#r=$ z#v5@}02(F>SHOYFwd%(V@>_r)G^@zNq+|bLYGyi)pD%7JCN>%)-JakNfj+pSU1xGTbyld z+Fof#Xzdw{R$Z9>78?K$qfX<2lrm%0NoXB)-w;+$J}I{#E%&-&|7`1*$pM(B?U!LM z#If%+_Tt|em%_3@h5h!bkh( z-_u1z2@4te9a^bsAO(OOhg&o9=3<&u?jU?^%T*gb_v=Z7vy_J`u55L+6*9q<0H5;h0dzhfS%n?h?++hNS7?)G zDrF*lpjtVAnF@Mcxgt?gQUupvDkfTH8`tjfNqRP9675>Xt6lqI!@k33+!ly!574e2 z_9oE`QmnL+d}6KQw>?9&>%8>Rx~iZ!;A^xc3Z$riVe??P9dPoIA5b%7Vq1mj^&;$h z(CFF&9$3^n*B2FwmnYu5i&Llv&=SUQDK(<0&O4idXqpW~KvDdXUip%un!WX9MQqi? zy+P3Pm8tyx3^FlPQ`ZK)pKxv^R+%Q1@=%GFk8EUNVr-t~Iv8Rh!wyGd-KNqjq39s{ z;9UFI7=l$;T5I3^v3IRHS>+@FGgiI)HyAhvLKn7S8~c)l;HFX3Nc{N+2-~x z!}{EG@SkhDUp9tnbBf&Przy@3W0RXrfkpZbCY(<>#B%g6r*p(0Lu|{WtPKR*2ca3Q zPT6AvoPUl_o8W+E9>SVXultN>Yv+5O#qcgA!T90{p0h4-6R5z?`mQm~eD_X`ZrCf4 zTQ);!t++M)6=&0Omuyi_J1(OKFIKxgMxUD7Gsxs|5uDE04m4QQ=z=E={jyb?#F^PN zYISPUU4?BNT#GY<&CN}TYwxn?i03QT5x)q*L|o;)(1lOg`mYE=LC$o+u2K$2>&^!@MJ~yOu^o=j;vP2-0UMLW&f1X!G?M7$8U>ds z3|j_K!)=`8Cq?9P4#!9#SO7GOX`Go>P14S?MPi4zPr%lNXQ+z9Rl9-4APnnt$r_F5 zT4d;11j)k5J?sH;pQ&UmSfgrPn7`h2lRwxklL0V5k;fz1^~Ao%!?hJePOrEW?`EC; zVzc=gp3V?Y8P8U@0d0~cG--mfpnhI!dF?x^v#ES~CX#g!@3#8FW)mb3(Iv@LcLI812B@!BP zlV9u%mUVRoITPMmkG%EEue)LOW@XNu#?&XcWE{-ujqOfkQ<9l_U{MqlC5V)jRo60% zTCp+!2gV%q(Uw6|N|AlCt)jZT-r| zOWMvduCzu`v{!KE0q#KF-R>k=3h@Nh1#KQBDVr;4#4qOPSAr{=7U&G4kOb+hi`YmN zI9+gYqmtl&ki*Ml-+%MY4NpXZvkhjOOuy%eimePb#1Zdo8ZYmSjLI4|4MPsrbh;6v z6_opJTNu7j^jUp@bW`OiLGIhh>Wc$f?PtdW=YPc9{@sWq^0vAVMvH}jZj4mm7N-qHB?(GRSq9X4WHn>$w4inXJ|{d z>c7{oLJb?c4e)r+Dq*Tffa6?B#HI*`{RA2EZ?;GKm4w06yw8bXDM6wL4o_3|VJ8*>;Q@C=Yo(6w&8v)@xKH#5n zB|iGireSQ-cUdm_Hyg0pRPzGcX5zokiJkSe9#J~u-1-7h65Wz{7w4pWTm4FrjGE+@ zg+T0s^PUF#t$~JOM%gCnqIsl7KN7&Jk88F|UqNAz9~)DH(&Vn(fA$J)Dv@Da4|a5D zWI?r+KM_|@rIMN@Rvzedy-^q#8uX`F4zD*r`btS1;E)Sn81&vl=hn+BO>8&0dsn_= z6i#Neo%~rAd@^F=e^qDRbN_LwGw|PKk$eQ3$`C$%AEwD3%4&wH&G<=~X=qOZPg(!$ zf>~X25xAy&_+w)#8GWU_!i*%0=jahXtDT+>ah4vA89KGL5k=Hp(wq+updjGqrhBr0 zcUJfoKiFpYUg{jn*|#qNn^t{HCxE7U(ch?-xB+R6~$P- zKC`o*?h_up|4@LusoLL8uQ?Or>omm=o|;*%s-lP2Z@ssN#@4LTJ?S}iBDq&!&R}nc z-)w$-mUfbNtoj0~cU;ZMf?XFrPa2F^rRgX%%{d-_cHv4MV`3sJRLqbTC)O45XAt}P znY5Q*LN}Tn8s!iD3c=;71{tRh)_m;bn+0w8$4@nv7{6K>cA37UnvUfw_a8hJ40Op# z;ZXmlu5q?9_z9l#p+cJj*kleek@BV>-Xt zimFtP{$~5fwDDg#nE%=g`M)6t!;@Ea6+M-AXi?)33QxU23X6^vI;<~S%lnq3*&Z%; z5bhC8jh@|Ycw#bOIR3|9hjC0kqCWaao!^}6&6co1&%3U~AsOcGBe~s{mW5@)R_TM? zJL}aC#N2TndjGXy|37)v|KPL%q`6evram+Su%rHEMQMEFM0H|4JA#t4>($g)?rSF3 zct>T=o*aliR0HQscutS)`@U+DPJc=I5^q~2cvu1plF=^)-%71+!W}A{cMlcLN}7iX zXIE3j*264x$giUer9Y|;)L4JqR>=;y+jVZAd;3oAUT61@ z&#%#K=$lvM%|uX6<(YQ)7OEUDO$?)T(&s1N_mRGAoW0QJggsPJcxTT9C&E{=Rl?Ub z-EBL|V5<*h>pO>)linB<`7r9SEt;BpG5uCzeYf|Gli15{lnJ6%7Vx6yFkVvGlU8Sb zolzewf)=@;bsYOw$5cmYq~R$;>6#efvwwuO1g4d7^=tQP47nNB46%@3TPlsuFE9@v z4UZWeHRvS2OF(?FT$l;z2aY?^7NR;MOoO)9ld^5p( zI($1JQp?l*ykkP9j>S94j7GYd0*{A(&-k|^Ou(2q{TfH7FHJwN^W*hOEYY?WZ+0m-vYF~~IcVOnNL8612gRTl(nGW!zl z=}*5J%8O|8eAiH?vs^ic5*$bzX*R%q={DotWKX$_))!zjk$I;w#kwl6@6&yckWZ3Z-*%@^JH!sGS334J z(!6R>yEFk`a`DL`vg=v)z>U0hBrRLy`nO|jvsEcaD)8#m25P#SAsM|#7E$3K%thyj5ZXi|Q+44=K z>obA?X{{8#2K!;q988MG0eek=!)KH?p6+}*go{V~%JcV$eFgl@mK`u)*P)uqm@#SD z2)9`x!2&20m+`Xk&YE|&(B&pC1BWsi#TmF`=8XxmiGY$_jHqCWGmEN2?4Nf@8|2};fUDLTQYFZI%pV>Cus^ zhgK(ReSiLDt1^B#F6nb^#zyzh!2;n(h9~l3UQ*S;8#y}bIBFB64v4E5JWFuz?mH#J zo;)SWk&o%^yB!WZvZUf+5g8k0WjV@+lc_Jw@v*OdW8tjUHzG0A9o~uS{~q)Hw9zxm z#l~N%quavluM>ZI1>;6-bV4p=dA?$|Z*~@F4tPn7bdD68thQSJR?$xcm0IGAoHf>G zoU#=blftKPD%wPjslGcO1}k|+dQSPQ09>)3)R0s&{7o;VcKZzIg%0@5?ce#)8rPwVUzyG|+x zj7-Ec*49v=^$DF6*Sp>DL#@o8{%4^eLOtb)|g zii^qPobQG2CaS-ZzQPe7Fu>Ib-$vFCvNmu?Gp<$M#yVH^&+t~#MjG_H26?~GE1050D>0x1iCB8o5O^wv-HgY4 z3A`lH&onDnGbBh;pF2}q^vv+an;nRk@-~efvqSj8Gg7{A1zUpGe#%J~v<3e9No>7D zc(x&<3;0}tbDOyQZN2Wa8(;oQWFOyK{KR48As|imzTJm{|?-Yj{`SMesq!H;~30e=!ey zc=nKUba?w0LGXVe2x?RYr-8JUK;f!8*DIQ|tT~61a zhY7dR?v+jO(DH5(1lkHT#+ijq(@Ldhx0*G*@a&kGRH2>|kIDLfK1QfmzD#XUd=(A)*(5 zDo_Qma3`iB-Z_Gq6*wEwy0Dg5$GYPM4X5Oc5mbB26w8K(&Cg>Kc*>Qu#syYho-+~h zi(9zqDf@bmbIzxSb!*Y5Oc^;-u{5>dz3}r#t+TigYi)??kA($<;DZ@Oe zx2ui*c4FgMaOlL#A)glV6G=lf6}=oEtnunM+v~<$7y1#=wXfm%Gm6-sMWrir`1jXq ztyYhf;jN!?^L=!==6!7ot3znzT%opSVZqR|6Zd*hVU@inxJQz%Q3daoO0B^meWCp!B)qV^0>t!a-SF5ulrv}$+8Ko`t#``mCLK|eF zKl$*Qq^W%nix{t15tw#ZtDX!y-QR85uN!PT?jWDvRx-_N{5-wlv_rQ^SrBL?Il>ej zHX*~4Y!~yAsP0u7noL}Vj1j7Zj#)PVd%I08i@$u`?9-A0qiuL)WlFzN)`b}G82Oo0 zDfoC$?iFgQh6{ks!)wz+xH0y1G5)(MYKPp8Gc(cE+4XWG&)k9*c71FHoO$i)4<)L*S!Wc~+Lur|joq z9G3a6?j7%esQZA$)dh8>WVBo>V<)NwxS0~lbd!B_ZP>S>*}Sn5=OD@+oWLpK$g>mj ze)>Z?!eU?~GuXCw6!w8~9Er}-`Ra4s{TkxV*R}7HWLj&1{%FaH?ZyvG{iVybO(PbBd;Jk0E)p(2wr znDH(7mh8=*U9zw`g%64!>G;#?>^Ra-1=tJjnhnQlw^qBEdx1OOSeRihH$g3LU=+H& zzs0bzl0jF+dqdTOt|ry`dUa(UJ3mi=BhJlDO$ATy@%o9Ip**7squWJAKU zR7PvNwa0GtLlu)kev&@ywmwc|_{_`^pcav(v(&7X*L)*xY+|WWMuOIr7^?fr56cxulGB=~YfO)n z2=#dAM%$9inmQ^3ovM`3tko)|0h<%kj3Nw{ln$4UmUBfIFF*`Byq&}5dI?UGh}Ua| zpprcWdI;IAIA?@X!KDu~N4gu{<-`}Rf1240RKW~mHzE}_jbg@~RWg)1JU!1%c6*JA z=U8p1x{CHWnl7hNu?`BxK$qqWBu5``77t^q6Ep^$OAx46aM6H*qsSGUhQcg>`%S zY;kMUl=?@a$T-e$8W9`b9PWBn^&PEQw_Mzod~b?2qNA%>l;3FYkZ;6;b<SuS;De7_hCEjvQDoNRJ;z!*PG*(|jyrk}3xZ%U}m1es5CNunM!AD~EiV z2-)B~vy3Kw_^-`{>7_hwtD2?0ZN5Wb&0#hA{?xP@-fIH6n>>42A=l#xbFWP*`$3-E z;1h{VVAL7;a%OW(gmk;+*Uv!~1KpKvX>}blKW}Fzi%+S3-KhbXC|Z^${=MJ-n>R<~ z&rWHI@(Hp|bnFHMUx<#sYZ7wJvS_TbRpHYMnnMaxMKg-IbMBAH{QpA7F1%l82!6J# zJ03MN;4Ja<<9{%>`fD3UV0*L6_C3GZexjFNz%Fu@X8bUluKqRgn~jf3-zogfHeT}L zK;_r9EZskU&bR)(B2$r$EGh3y+$YiUl>Bu_97&Mc5VV;4D~4f4t<`^INFd_G8b>I zzkpJJyx8~!9Q@eT)BiE>EB4Wk_M1acyYJdd4-#IEQ~@qeUlFwAKMY;$^|Ch)V?wkg z)m$HY=s4O@(Fv`!w7g?;bva1)EQE4JHGQ|j{@6$F>5oCW0A6@npyT|k^U zpno{pxJ=2y<+e|*V!#cgu8VRX@Wx5NKXsXnO};Z=-RG}PylpJ6=cYn`b>basw4EIk z$o{(%?@dvgR{^XgMGkJG*PA6os#6IbtL?H%$OPSX4` zex2Q{>v$V}@W(&){l~47V5GPKBX;4yD~z$A2=~9X9OXVw&uz`n89?P(@7_(9iSo(P zxs~q0^B>>)muHTFe52bWrIr_;`~`D0he^}h5Z4=Boab;}r4HaflLEA@0uEfvJ-sy6c-KBo%1y(CqF%5u+zI9*=)es7DH zIW;1_Bp%lSJu-QlY#tswpd^63d3tF|DuX$yqi zwi|F|;y3W>W!gL=eFP6<3CBJpr7gqAA+1~mF;=3mT@YLEcD&M_E75XaatfHBHqqNO zu+$6~j}*(ePb#m1jlS}Wkgc{2Gc->oy;6l@(zv18qr)LLP1_F+Y^Sz5AAh0V{z5(K zqW-`jt#DM4_6c3tetiDWOsP*%!Lc=x#`+O(DKMKeV--L`JEJiS1x zdaO)u%mWDVGC?(^6D4Wx4SQL#iKh5wX9)+?%+U5sw}EGl;hP4DnVQ+EiP4rd$)faTasEj{0?$ z&#)eIQWNixZmbjb&~-+AKjxHXAm4AcZx4UP%C0Yfm5xo0}QPMuT#C$i_y zQHd>yL4cPs=)%jtqz3u_sotD7wNHLn%&d|c+}`s1;)rMU>$j^ppRe>l3wmb_DqraY z!G*&d6Bc2%eHs)AAbqS7>aw;v#czA3jJmM+Z8-61?!l<-=9XVe!m*DbFEXPAKIecM zh|B$oJZ!D9z2MRy^K~8LAs^dv8*i2_*Ti}Pd)>w@_`5X)*-sNEB^$&3B&S+p&lHY? z=$4c}m$dMYY%e>b=)VYU1=QM?e#WyK)|ZEIgbTF;EUZ@K8ze(sgv`S%2h{YWXCI2{ z=$FLQX2lBq5w_=mpeLJ%OGZmCRZxAW&IZ4#=niw3&D|+5a~KsAen}7vGY{14W&Y8d zXOin#`0=jtuz;vVF%S(!N%ULfh@f)lda{?7JJp6q#DeNDE_PbDmW!#G zgYE{VkJUlLweuj$1+rNd?p8cGSVbE3;XVR zPwHQhj`tbY0w0yItN!S_&0yFT)1#oLO!qe;}DiGL6${`P(RXZQb~ z10ZXh&(>u8g#f8AF86vj!mU=@fS-F*T1s!fwfNZyrP(>Uv1n2^_`FY`Z@4+p8rzE^jn+;#k}g)e>R~1 z|MngKQ^kJ^_1Le8_xwWVkk&7W1I^J$^Au>~R^PL0;PAU;Q``IHQ)*GrFv!%w^wi!mjS~2qO~>Vme9Hx|WXQnqCi~i~ zA>#1QpD;N}wU{pG5`T-sYT(}Mi{$DT&)wiz%2heHUdAZUkH}UrUzZ$cW+u5AYDWIb zl|p0I+To*;TifFZ9@G;rf4iN{<7x@%5Z9)d1i= z*+7QR5deNd)Hh%hq@pGqV;UfxY6Z54>FF29N>cK{gwRMcMx^plCAUFN28wGoHm|&xrEWIYQ1Q4 zX#=Ce@Z<%ourD>qu3dwXGD8@*H_w?@#S;`_?b>Re})O#r8&_lWSDV zlK!3p`#G?q^cU@spvE)3fiDpTz8|UZC1W!;@3TdA;;-r&C9{qjJGpS)n6i2mJaQAx zbUyQO=Zp|IOXGRgGbp+|@QynWV20oj2>_1V2MbGY#8Ni2HA@ns7uIv{0tB9loBr)E zW4k%n8#(51e>i!06%Fa+6{M>RFReaxTP}HyFt-QvHv3tuGhJyx4y>~Cre@+?dwo9< zjY%lugX0ol*9{KXKF(bw`RJ>TXJSo`h7z}Ynu&%xvL@E85zn1Zo&*ixIP%CW4V zYc?QR0|J0TlmUo}HJe~>T103S3!6t;n4McqgKz8fl;4o(h`W5|Pn$fUPfu)1dUJ?HKTT)yQ*dpgJ+giY!2Rn zU;oRv{-g3w^UB*J^Mk$4MADb8B36Re{s`J2re$Jcck_x82sMWTe4m@%ByIRcL;vs}c@SU9KKjLQIKZKO=I zq?}+&-8)!Nk+itEgbchbzt3JrkHSy7RF*ir`qowNyZ~iu;yY{la-}`Yt1gCwj=Vb| z5L2^7NLYD=w7PggdN|Hkj;S%&~$K22k(aD0oGyg_)QBOjC2!=~v6w0A%< zhsV;Yg6T#*>S@M&H(GD1(w=QLAZrtRpfQytP{<)+=ry{VUGYA|5$H&CQGFZs$ajlj z?dKOU-CZT4G}VkDJbweZn)&22dg4Jn-;6Bt+*+mngw-WD6P2;UU6%kK81C^@O?V@x zF=8|Vx!v?mk0PP>d`jKPZ|qv?T@^2{VGj;fRy+fJkD-bcpR^?^tUXe)m|lqJkfel; zt+87f{yAmekYI(x3UIk`uOxA#I?Gf`Z&VInz=T%v>F9^vN_-%Z|DY({x}qia>6Xc} zt?m?AmBt38*w=DayFzP{BNfb$DU-NmE5iNRI+Ey#%k}`Jp5U1+RlGtEU$BKvJ3YAe0}C9q2oPiF{$+UUAdbyU!zu*n9-1ay^fEdC_n~7 z@J_6|aVQaSN!J%a+8Bx)>OxN4XY>90sq>H+F1u&!w44{&_*})u@y}XtbBtn?@o;dn z8Z+9J)D)Nmf1VX`aV|O%npm!c*(6)N&<^vYmS~A)nPKrNX1(zxEXXI6IS1_T4YIMF z%yuifyW~r3Y2701op!o#c-a2iz7w(Q_oz|+w8f_cl@f-^f{6bBtWWtg&o(+*y$meL z^}Sa(aL9{$#jV<=pblpxv855~ZE=-8n5*PH3r}R?rEVA)i-^2*9#5+#`&p~k0fQoD zEA3p$;mm4Av+MSz^IYHk<%;P;OT9)gv24`ZG7jBKxbtR$mndrWrfBC33^!=($M>NE z51Q?GW5ECKgOmTc)(<+?HX10#^dTc@z=>vM*^e2>cadhmabfns-qEkWMgsavM`@3{ zauj&B)#j*#aXXLqr)rS5&=l>-YzfNMtCZJ&*t-9-;7I{X>JH#ZMQA^QJi5M2yunoa zUa=@>5bHKYsgGnNRv9=8xVGCkH1>pFQoee{B6K*v1g*W}MVG@SGT;iOP6n|iCI~Oi-oE>v^2g;*bcT{0E$|k_ zAe@xvrZ$fsKlVPH+I9J@q7^&0(q>bF9=Vh7G*+oHD^Rwm@=5748R-DGN#Gd>!WkfT zw~Q(uXVOwfITC?H!#{IQ&xIZ=bVrc2=P8~QR5PTMxR*$>s zHYuK^rfl$>=(T>n4H&PSE%B<0eQbyr%U1hBJmib#1W%0rQeA&{SX?0+?|s%M zK}K^2s9ZT2;Nk3lbuDKmc%Sh^GEvqr;l?~CV7WV_pO!8gT>YfDm(qgc99r4(0?(u3 zHH%#POiR_kO5?@D6V1VxRQ>k}H*0U7^kUUAxJ!kG;XL4OHNSSnoNs;$D{To8b{0#V zDc9`K0zPgpbj)L78cr&olka+^;eq*pm*6cg~g0G_c_*Tmf#n`(b=gaWH33Fv;YHp5cbSNLVOl4Yxs17de*hDQZZnp zo&ozQ&z2<35dvo}blIE*UQGKRPo+_hAf?z@V{ymf)?vn%PyNurf~0Kmxv-7^5Lowec6&VAmO0}Q%K z(iOcTgt3r{IgASw=7tOtORT?tEAjF10HwPhT0PYo;}EXxmb#~Vs7yv0h-KV?VZoq0HVP6c@At2iBdK^+vK2ZPvJd~DY!)pX*DzOS$csK*A&VW|^5r;!$u=(nPr znd)szy=FBYHI@`PX)Tmx9b^C|aVwAZ@bylqR7zCZZN`Ga|Nek`_s zVI_Q-R($2x8KA*^d#LZL5C`5~WzPOFY+Moc;+8PjR?z)Qw7)YQ=XtC#Q5ImUHm92E z<8Nz%=h`EvqA5O>t~v$AkUm`>cVz0j$2=YMgt)s;~ z`pbp{a;Xh}HT0w5;h)5p-mvMB58r(l_j(ak@YzhhJqplS9bzWQt5hFgam`GY6aJ~Bu41UX!86O1 ze-x(_udU4s+{;nOABK(Cla>dNI10a8xCNGMjvWn>ek86h2gl7+jCRGZeV>Hw79lLpGbdR z=FRK7D3zf!*}&YE9d8dzhnA077c`J$mcA1@Z@?+Jyo$nAGS>2ZSdFpnX$g4BY;vb|uRd;;gZ$#m}&} zfiAY>XV>Ijdappk=DF0+fzFNcXIfb+Qxo}&@pDysth8^mah*1WvnOI}pSW<+MI2Nr zI}e2@epvji5;@~&OPwC9*fjQ3b(aP1OolnE319+5_J|aW*mj29*(V{gTuQ_0HR=4I zQA!ABRF1c0UAl0Oi4195C+&fwjPkTT<0!Ml;m2M`nT+eF{E7yMyG3@3Rr-aPqhrB+ zJ<5#prBWklkyhUQJ-GPFBm16Mfef6{EA3_(9vYAD^@Tc`pq$_YU)>mKQXeQRy;^Pz zu-u-H>om2%98VWi_N9={Oynn6C7J2hTU8=c+1IiPL~z%iof4JC-H4Yo(Q1k1+1uh;OQ;J=ov>1=hx{w7e-SIh{hz}6-{q-2 z!Wm8(F;$EHe6o@kY4vwBebztF^qjsu;)73A6XWlm=0k7W_4y8OGCuUgDfyboQrCY; z_L(SNt%84Q)+ugTj}rE=TQ4lX_iy3V&lI&g8^ShAFfNB-i>9A}Y5f&JMf>eMe>AvI z(L>qz{+P7+$zwfpjS?btHFW@BkL$+~>3RhGVvsbe(D zwj;erMWSl%l>O4Z11`cJo zEbC^T>UOs>G8Us*0b2<1?WYr4N$#ETH?D?x?JQHg!un~~o(8Femwf{?TXr+x34gU^ z*xL$ubZN=V68LLbrC;~^NT&bp_Mt7qyA;@8JbL>HhaSC4haSDnC}n?V+FuPwmcHew zZEdRq3jUsbA{}O*%Kw#p`ftoWCH|AwBHQ6o-&O=TeRUe_@Mg0_+#{#p;h^eGQ25hk z9BSfomM&Mta>}{U& zK-EjCR?QyIuXKpxd|b&pqV+_S?X@{~tE8yn*cI&vxJ4D_fmje z$SRU-AQQa&E`Z1u2AUlgHfaLjAeVyQ+~n|VXb=J|DptfKJDk95lp~_OxRdYD;H~!S zr+e48UO`E~IpY!!4(NCDEFQCKqM*(<%?4SX0?jf;&Nq5zwla7vopPG853aCab3nT; z_sb{BSx=@qT6V0|Nx=2It#57hW*EJW@tx$E$g`Rs5pns;@RGahmDw9UXn%y|`|d#= z*Qys$4+eZbk$|jJffl(=6gQb-}X8LQq?^nF?E4-!g6gcZ#X$6mOfNQO8^#VKU z#j4%#BkMAF*S!`2$*@uJM#1qiu8cnGQuB%&u#$j$AkuqU15C0w9)yob+I=vg{5t(! zkKoV169sR$59=@SA8)_k98_)-_p`Lfr?J`)V<-IhhQ&(7)#TG*m+Rep&ZfqcQ2_O8 zr=^18c7$g4qNg40r{1;Jk(CWU9Ih!C264L?6gG^j2wh!sbgO!&%V05NHU?n`EgfgY0Ag3mM)bE~Cb%fXp0;H;6CFvUrxlK(A<_(+JRp!mkL(#UK&|HxtbGXmDVi1_wud4i_yrL@+TdSe~cj3M@4r{$$$)pd+XE|6Mlz7L=?Pw zJ)v-u#Ji63n({7t84T7RJV8)WwfH>z45lYk-^2ACBmbK%qb>Ajndb@oddf^^IhRtN zF5_nNFRE)WbD-3rWTN@9T)B3keF8KCZH|@+VWgx;s;J4XTKRgHN9t*kd<{N>mPakA zfib4qZeFB^YQ2@scTt$GA;cRP`CHZASb?oMxyFRE0979(tz{aXjU2Tus4Z{LJi$dOqVga zthx@T&jrEGEw8+Wk@tr|+vc$*0f$=dFG%I$v5A{NoNz}bY5iD!v+cxl+dcU{(luI1 zrjjAp(B2+*gc3Dxj8|#4ukB;X-u+z3FHC`L zi40lCU;^)PHDz7Of0^J? z)R9(08GNB|J*;l!WMoyX4CM#pq{Vl!s6lT;7>sP!R0P^_kScJK8p$i&j~{Bl;wCca zHgoZjy-5WDtvy@bk3#Kyrg26QQXwesI=V6tguQS<5ib_m2<`a z!QOcXHP!YFn#T%=AV_a2Rl0PkDpI6{8X$xsEkJ-!Llsntg(_XTlmJNx9YRMzY6vX^ zBoGkkUAl;cXqzE`^WC=%+B{u=1k7anUj-qpZh+)a$U>^@-D(Zl;5q&+Bcy6 zFM(^F*c7?n|Ad&+nR!`|5#sLS-=SWNL42kX^xQ9%eN;D_ZL)cZ5Lv{Od||jpnb6Yt zJ%}x6(L&_w-8e}h&EvSI+EJLjJQ>{?NvWaJkT}@eFGY*1<14oJO=Xx|`p|l?S`bw%~Zf*Go zpPV|yWshAw&NIYL*1Rpi`S_qo5~}qw0Zw<0U`@95_O}&#MCXS2WP{}}^P7vAPDH*Ew-+9;1x&^<+x2OBO(kxl|B{>jt^4d>rHE!on z3= zR^{&i;GhnP3HqC3cDcUVsH(o^2PO(ailw7|D-X-(PFQur;N)$xn#nQ%EN2@|9&`pwWciI7q&r2hqnvgB)^eCTYyJ0(xs_kssKKr^BU$ZKF|yBLt~{Ct${m3qgH zLAvYc?A`54T=wsamNIEKE@XcacI(pOHWzU6Qh7vekV0lK45(r)sWx?v)R{RyLMlX` zSVF@@$DqjZTEkOM+{=4EbD<(?d)-5RN)07w)BC69TGp6USEN0;C^N}d^-zL9HGM{e#ridmoU=F!=G$ieaPbeA3) z#!PC)Q8}vwi8-n)whsTaJStt*37|a*N2k=dS+@Mu)&HR=k2pJdHmSFr!o}vLs#N`I zR3(5x^tU;TGWV6V4ZQMWErJtL;S~O?k+^{Md!@h=k-c5=q| z=XPNx;R*h>A%Cb${oHTyKHc=^vm?3I%L-|G#K~L^f5xB6Il6u7>nUl(g}gP#RtMEE zvF%a6ZW=CEWfLeOY<}$pc_vorNho2`E-NSwS}Zkn50bd4xDR4nNza1l=dg_3S_maG zPE4LF7^+Vrl^uM>g|sZ73MoH)IcMIw#334ouA2HQ4ZtltY$D~Y^7a?Jx=bh#i_ifm~{`fOmKB?eMHkWB!M6L zg?KjLR)^;Z3r8%zmTl0;lJ7R^3T%8lI8?JNR0Gs@Avq8eyPlj_-_1O8xhU$>*tF_rlxkdxEzsDNSqKOf z18il&*;|l64*7_&`cIym4NW0Bzw$R*Ib3I3F|DbV!55C(LEv3cwtV0KMe-!?5!bTH zlI|OGq=~QKwEICm@6#>m1V*)n2UY`Fp@6uFsdUZTH{(8o$k#V=D%*ksC;+W$Lw_qy z+X0KCsCObPqVXr%7jTvmRe?^*2^M*vMwG%42pmVV45>sI&RjL%9^Od3Y;4lDm*IX9 zZy&6^yY2YZ>yT4*oZfbhCH-Kh#1B7KG6++dlpxp*8r9PCho{wrwaR=#jzXst^qY2j z(T?am5wwA0Z_{8vt`SF$0ofMyQkiFp3!xb2R$#g-D}=yJbm&j3l&k`-i!km)nl9UhuuBw=N;70v1oSgAJGjE;4X!VjHZ^is}m% zKW;<;Iu9T^7^NDy^SBKo?z+-hY^Xt~I>ygd>|T5WbA<|1o-zy-&LE?&3<|6;1GOXx z_`K6W)9x%T-`bVw3AkuN^Z6tFIOrvj{7 zk0>W(=tA(kQg-N4yyj}T5&v36{LB8eu+WJ8_Nkd6aq>jYlJ^QnS2x~hJ6oG}Vy1^N z2!CRboHq5S|{i8JXI0&A(k*G5c+Zzg)Ep%%zlY_h|EN%+KY>bg@^Ts?YZ8 zLtLjPYUiGsDsNI`Vc*M(Aebo93Px zP=w^T8OAA5xkFNu#c0WdU#+5GoN%B_Kib_9QK#*UYNIZ14ROuty2Gm`yy1EedXmmj zCca&6;GEAr!jgLu>nV;)7&Dv+kfHC5_?d zl^fbMa-+N4)s~D(dGJkac8K)RFxfh%H5Lc5r>uv~ z;?PK+-|OfoZkfO3^z2dDj9ymiQ7aOZTk}~VK{s`SDB6cDIu{G&pvQWRuNa<>m?38q z5v4O}Z_Txo)3xL$OkEhA(XM~Rae4bc5MeMr*5XouY#)OZ|8fPV_B-DFN~GTYgrA9+r&o046ta1Ft?2nD?(~%BzW5~tITtCSrZXO()(YK$&a(cq`&*fOE?T*K8?-Ny2YZ-*P(b*HNky0>rbZRD)1bj?jmXRlc)@^o@8 zYFA}HK{2&1w(tgzFgI~K=H9N>Usd;Bn;#3XA%;(7@g0r#Mt=W1G3($CVdJoCFKb!x z?eMa8VNvPYD__zFDo#gkJh!b>GzqZ2m&|D>`MyY^U<)a_n@HE}m$YT;=|mp4>Qh z3;qxpY>m0iHa&1S#bRmCRZ)MCRwb5#4s;pv8Tegr0F3A~v%vaH*7DxfjZqUz`Bu>y zuv2W=R0U=#)U50b*l|;`T{h8OUC?$Dxew|T?F?o)E0Q3m>FZNFw|26)wi~+S1oqTb z8NlI_p7AkIt7GxCCGO+^>nW|4pE))qB61UhT9*eCEDWt0n;@B=tvOt3i6{&vJIQ27I!eu(gz$=fDb2QT!wo&V2#O+c{of%Vody@X%>9P$2E$WUQ>) z5e<0ar~DILzBn}XYl#8o3CZw@((SgHaH!OM2;F&@DZDeqOWAfYd*60FT@vMm>bvM( zS=~!2n^h!2TP(Ep7%DO2Ydee$hY!;w9%7cdY{9Auv&ny*TvlguH0umeuvh)-b ztW2s&Sq;hzYRS?b>z3&P1c%~49u^5QQo9xD;TDWQWkDMG)N}ztGNIYr5R#A|6SLSp z`m6N1$(Tr1lG)7iE?#^-J^%VJj&V_?_tabPGKnB?gkUq<3`DA8w|)Zo>hnhTJI$&< ztjoI+J^mB+GU?sIMCDDPae|pi(SG^DEbht$_^o#D5Wo+f2>Y29ti)Ws&GpFdb);7A z=?Zv>Q8B8XqLYymi`;UBBXuzC^;Sr8W$zor9D*NQM*pW1qy9HHi$)dd(Gi9Pi%JTht0i&9q>x+ z{fAr0*&>Ag@s+B^?xUZu2LoA5H6gVnld#gp4GzAh1SV1`SlWXeZG#Qno){3L`EvP( zy9d0I(wiUzMgL_hZ@UXu1Frk`i6*VTZjfov-fr?%w3?)CtC*$RCeb^1r+(3u2f85v z$zNCf=9cH_;%_1&ey*ZY)7;^T|+Q_^b3lNm`@bel+R z8OvHdchpjGs&~4Od}#_@+#(_Sy^PWP^w{=O(T3|^CS=UD6(yZ_dZd46^q3i)-+k>f zdtEz0I6NRvduahOS?uVM-@sG*zUp`U$o!HOgMgGGL0a;Mz8@Y{nG+(=O$yFLOBNeBWB?PlXGVR8?zHEFe1TLE>HR%b>g(ck^XU+)Lu)-^Ivm4gE zrjCAsbpqqezT+2sqy*NxzIEo75Mrh+oV1F@a|RdGVf|fFWF>%VzYf$yfPq$q2p-*C zfi7(~XLZ*x6AYY|@Ft6VuX$zD=H@&b0dL=KE8Wl90@}idc>_fXcv7Pau`#M^S9C6^UP?XaMl3#Jmf&~{77S_R+pk}cH&Fw zdL|=9(gZ1`GXDl_sj`L|{pZDc@V6Q9 zjfE0P3r!LYx|L|g?O?U)^f+`_&^NU{)enfo6n(3S6$@xfqllUoBoRW{sV(v&;>^(w z%rmlBv`2>p;|%quG^HE|>TaO#b8WQ6EDnp&R@@H~>EsE|_AOmaU9SYec56t_sXdx#k-}m&l!5`82Gwvm^b+qpi&Qm5^Pz$WW!lX1H134 z_+-;4^*4PhkmnZy2TTM@gN~qUeYCQuE-nW?aSWTR|4KBq&*7uBp@06U|HZ~%lg*hD zUxFE!mfGgiJf6(FUuCkw0<_vUJ+uMWmA}-jjfge8rV%Q7`>4Az(nYnrn5Iy9Q`>xb zMsD;4uh2>2<5q0s?q3}Tf^#ELpb3lTt@}M=2GIvf9*-I~EhRK|%8j|ua@Eo9$K;9v z`1TzIJn};Y=z=QF21?AK;O{8iC4a|wJNWhD+#VM zH`z!(jeCB$5g$4hf5gPB(-5{Bs~`MOH1{CbYvI?fpNyN6<$X~|Z7;31^z=0UnY%%` zgC#}ry`on3k6Lhw3_17U8~TdPdPK3*zbL@*?IY@e^-N7LXQ7OIr#j4m4p9ZCt)~-whv!W%`aghwyYZzm?W@(r!DNAs6X9*zN)3#Nn1)v>3 z3KYuWS93@K=`B&r<9KP!zTYeb&dbJESGKPq%QOIKtNzt(NW*7GPzCFL!1 znO&Aop-Jnmm*kiz^G2%00a9QnSCXikmMmZ^!LF}d7#14)6g~<`Esfc%Reu@Fi zW!in18evDXb-J3?+=XLXxCXG-0t14E{OB#*)*DQ&$dOQEfUo6U3@rKFN(x%cUFNwJ z58M@ve_Le-A8gb;+ydw))teL+tjqp%*r29+@6l-=3L$@b2_?NDN^CTsUF0Itugn*Z zA@?fnu;+8zIeinGGQHRm+p55+%a0n=+!t6fpaZqKLv>};cLWCY7%S>dDA3WEDH%O- zST$CPxbsZ;=$CtAhRuZhx9ynbKts`FXz>ITAo>G*t1%r-bV(jGsD!piJWbmJPP97p zTnapx)SMFz@_UE%usiGbQMgOsEf-Uc9hHzLCr58G4-(Ply_IkVgT}j47qJr+_{b5aEgSqBkMber1mknr?_lw($68xWQdlMLp zJ_P6pn33H2e%qZc?iZFbo-e(ScgYVb@)$9j=DEzfjI04p!{v9DKidP@E$d#nyI6N_ z%8D;246{^}A{0Lm;hzUo%_8dSGyuvnpVfFi9z0*BH68nyTWWjNC0Ca(-tYQ8?r{ig zA%Py`{2bV^uKc#m7i>|P;+gYy4rx_WgSbP%ho!s=n2Zn&n9z%$`*c^*EFwKzZiezi zCc8+rs^E-xPL9-EeLw+@L%*Q8O?%w|1+3HECHLDDZJSj%ZLTLz_ZnVm`Y5glS2)o0 zEfXC7Hi09hc+7|Lf1WPBB$wryvM1~8p;ydlmwy*pUZz<-pvat?>>`^DLgc$UJfM+V z6fk>7ciS=V3yVi_iecVCk44Jzu}y0ORmXSQ3r7l-mKDMCjuRKoQ3h7rkJ~_mGX3?Fz0osn&_eT$>I3Oc7-ea&0VVr_40$mB9#Y86q&* z2dC`cWodacmTNLI8r9_@kS=(iSTe&`{!yhf z@`#Hzy8bECiURcIV;R;5a02JoM%@erAd&Zs8FYM9_fEYP)H*#N3A59Ua|JCGSpgu<7j;k~ z%CY^jwf5ULJMoVKzR(LiBWlhUAr!FbXsCiIV}=NlgW`U7;CY$ZVXoE(ZVS3>y0e+i z!etW#oG;l-{0ggOY5>ua{Uo4pbD$T0U<%emcqc8x`D==C%Dw52nUMa=U4ACgJxFJm z9>JF2ZN?>yfpEHfv&fxCX zpn9@IMd{_u@TT779Ax+EQZhqRnP)kf1 zLhe2Ca{YFuLG(6Gw{X`If~@^fGBm;nH*BCBXWA@mcZ*r(jSc7gILvzj0ubU9OEtq zML?IxFn*5C;0(qU?c2@;sf(0+2h5RtYMLyVoZfgde=a@_dD%7oIDI>i6e}h^y7Gu+ zqNq1ud9^=x9LMWP75RISqFPW1&iILsSTJ<_R=`W=;xWyM95fg6=p5GVJHHq{Chzpt zOW7r;H5VK_t#~p26?PX|91#N|#jmbaa<3Z{xdYxC5N4Zp?jF(op#tSO{GoEYE%S#8 zftP%m$M!Ub%aGHprp=2Y_t?eHiw^GMgXh%7PxjhiT)!9pP<>PRz0gugN(xl;nmC_7 z1t0y$e-KNt!oDrL9rWYI#pU7W3qj`!&vz0pEd(@-50pK)8?Uwc-21Q9^v)a}>*?p| zcS`8=pP412r$O4k$qR{9wEAhOpmx*A_F5t*sYwJ^R8d!gl5&@qPss-rQi>tny6%0s ziZD-klABVRTic(Tf)k)<8w68y1)~KsKrR_K{{G;)L+yWuO7$D|nY>H+oK;3SY^x$N zX`?AqZBv){ez^XdB05EWrZ;lWx?#8tA|U=DG@PiauiYTBlf#ji<@|Z ze_?ZY=Nsy@cRXjjjmQ=TE#e6eK@Cu%v|S{IU-NU2_U#tWt4!+9BJVNN9Pl8qflGuM z$2<`~2Jos*{D_+u~mZ(3Yxf=_uJe;V)f(B#)LaB_W26YgvR3 z9-r0KV`ki=?i=#@UB8)G|6F)y$lJ6 z&*gAn$H{I)4*Cc7L6cXurm3&c2F+96exJ8Y;cf;dtp}N19HXM*^?p`S(H>|Mwp`Eu zX8lWVU0!)p9Ge3;W#*$?23+{avnOI{>pVchzOVj@xe(iR+k;uelUmHi1?q+}rO@K{ z+UBEn(tszgjL*lke^MR`t~V_sZpho8XMX&+bIOfvp9)LgEcJ}sCP9OV+z}Q_|ftOi?9}_%`z#4O8w4;q>fR zOPrf$Z&LzhULJ!8VT0RB%oDn-ESd6eFlNpvdX>xO1n6-HAp?|V>ZW0vob7ht$a6km z|G~uVEFl1Hf*@E+hr@|S!uHKPih48{5JrJ0>DurP`5^liIS&DwG2rNOJ9y`o+g@^2 zH1efR1x$WYLc8=6TauS`M~>L>K}_&7WuQYZ(x<1g^>~(JIWy7prJuS7FSAf)oWG(h ztpB4jI_3W9O#6`4r>oZtP;x`l`CqD2-1Mmx+z{JpdI8Q~ag=WT0&`ZgoJJM%Bt=O7 zL;i*Sb0|U8`_a^^GCymx2e_IZHrw&&BNqtV#KmWoZnU@Iorh1}1QT4%4(Q%~rT9(R z<@;rux{6m5;_I#!_w#xyO~&bd*q^@Z=~jQ7*6Xn$21rNb$ZBgcT44O#uWUds-VwlPPP*M{j# z=5n)1BdQW9Nz@9lvdEH08q^8jOL3o3Hk5bSGJVLPI>W}XJG0bk+YD6Iee2HIH3}pK zXdE?f2B@fahB^iLKqKYcrBG-3YWpBXBes+93<-`2TlJ_M7oamN*Bte!E@X-3DJ)=q z46(gyp1qB59~HBDY{n|lDo6b8f4W2mCdG9`pvOE>zc1P_^x~wC(qL@v5^0U2YZO1HIC9&)?fGrtk z%VNS-oZne9w?4$#Beo{^dlrE;OQFI^xwcq57IPa?MP~Lc{X=!^D<8CQ5%`B{`Wc<< zGA=H(x8r2W?Up^zaJ1#~c-SxRw18q)ySl2E^0zGO>`cXN*7h-Wol@w@#U2G&vCzo& zw{VSg;35Pz)-II8V(u#-Z0dedybT+XMrQi?O{zcz_%L~LIo=oQh#${s#^4m*lT!82 zYr7YngSKb*Qka@r_K(#Hmp#6fRv`5SnEfr=s)UEl^Hp5);Z7XI?7h+#PW>x+>f{+> z{N^tASG3kt*QqPE`@+8t-^fg`nC-xj5*jSB>JOg#hQ=wU9ek)z0HlmlXf)B|UH7Pk z_6=)omy3D6s(cF4UvV{)t|~UGvYEtLCIH>y; z7P{8q7jy|=XNSHk`N!6#tzS>|NkH;4rB8q7+PK*@_ew`t+CWRmlb$Ph*~y}*MWP{2 zVR+}7R>Os%r0aqLfNG-LL`H)MYl&J?GUN z*HyYB{TeZN8>%VqcqhQ*wxPM>d-#=Dxxt_KDYGcmx;=ONr!Da9t9h2f^T8cW z_19n2p+Ysu9J%l*gTdy=0=3;-=@?}8raAQS86U0~r`aPl?_?wYZf$&GJMhFKyUi4| z4=d68mf}_@kXl+)m=BIhyV;?<@xfv{>~*RK+8T3Vsl>dTWe}Wm(ZZI&w0M$30)VWx zk0a1ReWf_==PCV=)mOaYwiVBJnWuk|kXT>eV=~o_K-$VfZyFuTf5jQGvEmZL&WK$lyKwo^;T|)sD`ii;hEh?daE%M^De(3L2 zsOB_`gkuxj4xRr2nJH{&t%?hLR$v0y#3@{Nx_LhfT~QV*i6hb{AqqWv@RATc25`p~FeXsjg5qn1L6@BfJZ{J&)IFugxw@tlYjnh_t39>-Gz^)=D_ z)LkkL?Anw?9^*@wXKkrNOJ%7UN@LV5_Dd2oTwQBQx488=;oUF%UCOeh4J;OOC{xh3 z@>kd38M(4lex4+^q;eLe0~WeLW1@HjR;Vy2d=4jX5eMMnL10 ze`s!v{4^he^A>-f5B1tjTwa3rqeStRkh|?T92@2|?)_0CDxvA^`L_9pC0kuan!Hr} zQBvuaG>T5m9Dq(daCxoWz9##qi=M|c{aISSrI+<*d}$uDq`u5I=uWb^1|x}7)Duwr zrQ|I!Z^7rq|03M>&)vM5&k&fe6Xy$H{4Q;vB&K)0D->GBU#9xxTe8Y)xz@^N&5HJ* zRBvlN8PNswkJ)L)v)C|U{PR%cm^(AEWI;owSJBK6NMts-DL=Hp$bBG-ztPyThSi*H zmNsm0gg`?0_>>@!&}7EpT^@BOdrol`hcC1mPaYJFj+-{f_-lj+HHo67tg3uiUdx+1 zqaRpnmL`2S#nC(8p=KHhtnVBp3E2Y*mL+BqsuqZ{zzBtjAswenwDW5ItGxRwN1?vk zim)M*jQ~v(?^L7;^XCzW%e-4)Ro;&>2gHP^xuJ8C(`sP;@+3#vz0F)7puwGK2O>ZH zSLc~{*WRc06kuE&FX3-KoO+@+$ALEm%}|r+{xePGWtOG``|&M>zbok9mMJ~R|KZPl z=wBo0kIQ+SM*+r}iRMFio<}b+ZL3oj+qpFZ`mrH1ku~=*Q2pVPWrzQ$L4tKe<~TOb zXy}*UmtPzfO0)77xm`7Ya9xz#qjQ<^0kU#Y&$th;Zj#|$UR`4%Q;sL<_CiaYu4>JS zwpH)d>oXR+Bouzb5e+2B5pUw9rK3L|3n>YvI-YMeY{)8wmc|`##3E5jLfOb%N5|0A zn~e9~G#WM5@otgbNhilb7@$PhYqt5cXALiQD=*=M_OlF8IFn+5eOYaDQSx8Rs|X8g zF=~N*U0}NAH}dDU`_dgVRnG&CHe28(mi4HtO1%HsroU=#yEXC`ZL4%5yMdbWLgm?V z&;h&xdT1zJPGIzw)r{Cbl3r<6PMi7>;D4H3-3QICKI$f`w4Km-TaG8x6x5(m;Y`0u zO1q{J{2t6_JMd`75FILN!&@SahI!b!uCAX=b!iN zf4*@wpFvDGJg+@fD7LmvygpswMt7va7LHi`qt6+zHa&ujdcl#)dYJ=gapKu4&dYRmK6~&GprE_mGUR2&Q zm-y!mEcf>fY`(pmM6bGoyY*Tm)kwS=jk>o-1hWTPJ%9PyM;5cM8Jv_C7~l7|X7_K>?f2Ou|Z6Y6nv}FI!ulWD1y%!w0nnLyNDb8Mdz5i|P_8%(di2Mz8 zN>&pb>hg&J)qZON7J5$H;rXlK;s3@d+=;=ttzRBbsyy$^?KQbrt;C{E%y@S6hidu3 z*p%J}{lkAb#s$Jr_jqgSAF5Na5&CgHHY2I;#qIXzb-$&{u)A7+sHzMZetQ3Uppf+T zbRhJ#hQB;Zf|8WBb+#IRUT(J+TmD0(n3>zI(2=(GT$p^c<~(#HK|@6q z((5<(6LKiM%$WM@yT}Uz?`a(QGTAany+1!Alp$_0xPY5v8Q8`v8#_&AI}hpgX>Ox` zz3@GZb(lepPR#q}vZuQ&uQiLOWh)5LgC-lP-pUQ}Akg(Tgwfa_XT+Mo>@9JNq2{125-x4%O1UWRjj>vT|}nWT_%$&l?Y6nkS| zzlc_cE;ipKND|7SBEK}~c{_3vfBH-g*<31JT$xSpKCxQ$ZJWYYgylT#6&5vA$+_;` zG1`G>xaBzM$D3H5#&e(Oe(1tJd`xKZ{AHMf%7ldW(C96wZxEYNX(tEbdu_i&h)y8a z?)ZW4F7E`({PtgCWl2^k95Bwc&%_o1H?@G_Vty#JQ`Kwx#+w-ZH%&o zu5mhNst}E0zMEFp8w5>S+MSoJI;!@{Wt63~n&JHWleo6My`0o+q%J7 zu_pxBBN)YEuN30B*w*ee%T|YZGjf?r0b9{{M2p(^&KzA{ozECuoh|x={l(I}cL#Z( zj6B&?px=@;;Z^uzzcRnlvmFqk)yY1)J>Ke-8j~+{Y%k@Ij0vpeS>kTI;Id;)G?TnTb-9ps^IauTq zsZaiV)fXpb{|+F&0c5rNpK3ZusnWh@f-mcYX>qRnj-M~(EqJ(=_@u0UEa_MKLErLY zWB#ZVWQc3(wNA&c69|27n<@1u`A5Lc=~~Q80D@Z@wZL8DU)L_l9rmysNrtz~h<^zqPvL!)son^;FL;xA?KGfOCu`k94(ZAAqEu`l3ir2|X%UPz1@o zxfhF8CHNG}Io;T|YnpQvyUMcMVU((iLOTb|%vaQJ*RweOHMjG>HnyFyd!h7`XXdICz{gk&|%QLVdFQuF%mfj>;Id+Xq0p4*rE3)JI`NK4;I zT?gM$8DitU2vT;C>BlL87YS~Lda_cQ>*cRl*J&-%Kw!1CcXJ7sH1@Y$Z||cON1R^0 z&**9MI-gf|(|+q|Ln$44d})*$ngEZC9nBGm>LI9rv5|exs$^S=TE~ zVX-)!lLmW>FOjRIqc=U=M=NP#VYbET`u0_PG*@^M_W$>Mw;%aYdn z#fo%8FM;aVltuvR_dG@=pYcnMHTQubJsm&$6-gz@#$LTSkv3Pe8H!sHSG@5fi0+%A z>X#An2pc|QkU?4=5s$XK{1*vXiq@$&FiapO@0(=C{GsY?g#h7vsJbigW}rF8CRgH- zt8w~Jxju9@+o$So+JM%R_T*lKv|7!TaU+_g$eT|P1ERBcDf&7ZZQC5k3>DeWatE-B z<#DG;8*f^~=uH-FH)Q%?dBz_6u08eZAUX51_d3rsI@sy9)#}vlNl(|>(NVoVUO4wy z_kVP@eez;?8|*@oWb0$&eL#dL7Lnx#4aY!kzmL%yGdFAwNf*4llvzHR7~)VY1*X22 zg|*G^h*1LT3v%Q7_Y9wtZ@~$A=8hI)BZCb*i?XIGp|>eGFB4xoYxXL-Kzbl79bj9+;hd zS^WXpo$Wd6j$r^+Tvf>xgo@!<=vr z+SuFyv(8&A(WyiVBua!B|Y+=c_Wof=Ek&}JBt<9Uzd$4^QVYx%Q^j_l6tmx zYCJ(bGz)*0G!Q*M{cO3l>J}Mm5!b-J%P0J#+&ITqhWs;hFjJoIFbq(iFU7ACQJ7MH z5{fMo*w3v14{wV;6O103AS6;1y1vEE6PMu zXTBnZ&y6lHa*;+95E!h*-h@^v8z&Uh0Cvn5#rLSK*B6C07>sSo&iSEbrdEx`F;x;4 zD`H$qpr&4|40)bprH4ooo7AQ+n{x3Pi+Vrd6juRt%=Jr{89JgN1br^P{5AgNM&MN~ zsJ}@t?g=RzM|wY$e)VwHB}N=dJ`0l2brsaE-zd=W<`^q6cHg)Ui93sI`yF6a{YdMb zu4UrQ47gc}biQ#POY-2g+35(Y@+I29j_N%6EESqt_Y3ECHjmW~2c@HDJyoHEwZo|zh$OBxGGn)h!SgBybC*AF5( z{;J+kT)FRW-KP%;$>#e*)so|V+iJ4gK*zLEN-v7WR>XspRYhAempE9~<0~?e8pK!7 zi6ZIT;cJ)kd#CttCuNiPCkgaU2^gF4FLM_lYz^_LgF$aH|vrul_nM z;McuFJ%ny;N|&tu0~t3xHkC5`UKkecP#zkXQ9p$|)0bP(OF;PA?VD7DN_^X&)0=Bp zf*?$S=Zz#L74-Y|pB#e_&SPh<+iX%tWK7EhAQu#W{m-%f)XINr$UOKlzxdd@!Cglrk#O(hO~TH z4Pe;|TOEO@3$~!_<*CM#Ut>lKOJoa($6QyPC@q4+K|&N0Se)q(w|H07?=$&fs_JJC zZ}yz?YKmrhW3C{F3SHZc5y0ZGU`s})+ zNZ{AD!gn0bw5cT^)fkL!=Z=b+!Sg&H%KNdoW9#k;7yqTnwN0J*e02T5|tzjWC1tDL)_?`4$ z-@O(lX5tl#4@~l&ome>_ZOJSPB^V|5SbXnpjvPYV%PB@uKR}w1&A5tHKxI+W)|Uo_ z=LednRb03ly%t(v2_k_MayUrxD7_h>$0VleVm%1RQ(Gbre|D;2Vb`m7;&7k|#EbK> zr50~P)(LjO?u{P;8X^o+e7Vkw*6Ky3Y>u~aP=n(tH*+V03Vqt^3%Va>D@>viQu*0D zXNGHK`zva{3#YifdLVsr*C~MKB+xmI@pr8_H#qRyR!rz(%ek1$9gE&=QNR{D5d#zP zC1KTk(=x(w9 z?WVgqXOdEjrz&+6!_~1a9bRA)j6~01H}%Y0b5Wq^>hF&Ok;wr1AB}pxch)=p5l6Y$ zfAhKhua7@56mi3+jzFtm2K(y&IKo2r*t=vMT;0}*@m6Uog$-Xkmm2z&<3ClqHa(t7 zv5pGw_f+BQ+`E&xhknD4wJ6y+Pn`OFl&C1hLMz z65Kmfi;2@@4F${E1_vNZ{px1at<)$`_gQL@xI5&ejT|pTx~oNDJCyi@AO`>1U1oG z2~+=2n(GI&EL`7}qTvwA9^qaT!^j!Oe8jg2RNF zyQN2R0Sn`_Rd0S+HM((Kbi#U>Vwz(+MD_5ZKDp9C&0A90Xe!8EqJWeEBk_Gh4kzl* zN)P}2EBLR!y}*@Qs`iH}V>rEreDdM?9lJFm9Q$NKuS2(BMz*>8}PHk7;zpA>Sr5Y>T_Yzf?WQOYm1TI=dd*8P|7m!k_JQ z&Z)Hb%ac#Kt3oc5J!o<+vvhcCNsQuS2thqa=>A$za%j{M8(r zO8JkH7p3=BwP@b^do4|O&(u+RfU5gT+0z&Mkuw@RNm=xSiDzTUbeun9)8kv6B=H5a z4zqMPo80zSm*+dsS&v<>{*7JsssvHUH@ow|_yu+it0VWvO zx@-hqU*(6XE!Wt@zs0Gd2E+%-_hT##l}w&Z%KDh6MwYa(jA`jATl|E*(s?GA)xUDD zSV>zR)cQ&m*4e3LLnIL6g;a@hL!SBEz86gwj$1kN&A76|heU=zeblWwP6gM}oEl)2 zC5r}&T0qUdRsd(#l+a4JW$`;{t-!(rKY1n)yG`Ks<07&9b+T5mO_2vCuvk4wPC}K3 zD2C&9k*L11k^As+WcgkE&l_2HT`_Cc`Ma*01UT5=TiQs`A{)5@q@0GCTJXxs``98! zH46QHbu6e=4_o18S#%8Oh(H7YiABq*hf_RO`MU9W~vt1NA}t@b8aBO26OiTAV`cteB235dy|-cZ-|Rl+@;($ zpOXFl6tllO_FlkFcPua-vfvX~cF{RTgd*)(2d?!qae?vxYBn=@|+VQP1d9^ zK484Jez|PEjCQ9<^0h=Jw4#PQLNYBejk?M0Ob6)MZRV2fC##tD%Mm|ONs{-!%oz5( zRo4wK8%Qv!0ZB{)Q|<-qa1$3Bn4P*7nRT3DfJO3Tr5SP~0MDr<8?U)dLPBJchc?RWw#a zEe|C!=QMhfl^9{<7MVwK#*dhn)8&$Nl^n!tasS=z8~v&%Tcq@E5#QZXK0dyCZ{DoD zNi5;hnrX19gxO@Fmd#{kW#flN#D|9VhlUPtxq4QQV;XO4C?|zFoA#o7&95W=B_X%u zY&O{4EZvXH8Q|p(A*Vc`H1Ak$^cHGGM#r-? z@VW16pG`WF`oRi0zski_G2>pAdXUQwql{akmBW;3%4$w`mOzBZ!jQAcaCfun_oeZF zjNplbnvE52m(|CAs3c2Tp3^w(aQ_JV!uDS<_5Y(V^=k6dozJ5Y9h(_mIP|s>DXX?U z2?^xn$pccXUDjePJbV>Uy;F38u&((5mkg^sp&;p!=U@-?#9`6W4yx9@X~u1`ISA$#6k&P^wk!Zaf>V6 z@L{?EWDx28%AEFZpZI~{q{piLMp^Cc^K!}Z=FvzA<2;f3(?4XoUq7Ihx=$ZF0eF9S zf_~=thw28@p213~j?0{<(8P42pY=?6krfU>R>mnWv%r_4&LX}#$03|GK74|Vm?VRi zlR*xuqi>uFX#66Al-xIO*ACvtX#{^#8P7BWH0Xvuw*ftnF)b$s?(l7=1KvVcRQAv7 z*GASWe~8He(adF#iWES+S(Xxo{0JXtS=6u$tl!2g5Vx3eFb*V|aZ_yVnP+k)($_JM zcFf;l9AWygWPZyx{BfZdTdXu`Tk{99AZI9RtdHB$-hBgSk z?OCjyF6Fs6Y5__Cv7}_nj0lWU1X1ji+RQ8Lk}$yBGP?1%Zwl(?rJg6ViTO}OJ+H=B*3wO=lsif=(4Nla#^ekAuV8de99pT#wmE3UV~G8ZdAL2^afiL7&X+SpSW7H z2r-Lg+r5Rw9n+6zFvi-j7qge$==Y)MrHZbPgF6&`W>1Ke5~&A2@UvN>Q3j3P)=7zt zUj5-@le@&r(E3T+tLc7*`(1gXBa;-^V$l-`^*K5MUb6o$e^T-I3e999O-H~OGK{NF zjK;b0OzqsW^4C;C9(n57X760*_Q-GkYDq4O?Xn=-KvD(IAF7lGj}yP$M+CbK7x}-w zSYpVz-m1Y4DJUb0I3;nmJ=UwTtc0*8MV#&b_$C&lg0!3BJ$atI6W6tBS)4mS)6_gS z6bn`m7I?Sv*YxyjT8DEDEBRc@Jm2uB_rC4jqCOR0riCVo>?~T37#FnA2sh%fQI_6$ zY^rZUuD$@e(c(s)$Ws1|?7!Z|8vQr+-a9VJq*)ZkbyY+K6;zP42!iCC(<(`_2ty8% z^;Bpp5K1=ocBHFe%F8I z>FKAR>h9{U>gukpDi&&2-}}4Tr`GQs9BW)GMaIW4WrjV*RSd!;l3~-wY@?MN%C1p16ZfZhMVCQh&>tp{ z<3lUMu)9x6hMwME$xmZW;T^B#{h{>oLnv)Ostz|Xr0xMZ6V$wqIo1KQov3ptM?-GF z${THJ+r*_(T@)S)eR@8p2e;9nd|dPVvw25j0=L$zWQz5jn+ca9LTgtzCka#bj~nHS z^1IC=US+vya9dRN0uH=t?K!cI6Dk~`avx}HhJMNlVJ@mcuD*T7CjW-AWaoLaX3)NE znhF&Q(Utf1I#2c0rXPnrq14o^E9iVfrGNB8d|aXSsDD~))bZ7mY=cBlfePXP66QqB z`~~uP1h|Of^to7EBkk;7TRLl;D(evG+;2(r6sy6c=DnBRfQ=6iqbRVYrQ%lyH+B~4 zy|dm6XjrC}Zyaxy7(Nix4AbzO?`ZN`^uRCmQ$8coK1h$ZTCmq{GFxC*8gJnU%TH^f zTdpb-yT!Ir<0z(F_>9yRy5?0kKzLN9=0fa{evP;=Zfm*cHqX4?!otQ2#Ps08wT3Gl zg*q1cmS0*UJgwMWyTW(X1-26$Y@IAZjYZNaRRv%y54AJ{gr41Py&XW*y>agYrH&fq zd35%2Fn$(X9Zlc z4UpDjrX$>@5U2bvhBk^_IwSKL;G>1Y{3i-6zDMTU1eED;zm1c3OXmZ*Oi12mF6;0~ z!zfERBNRo92ZU(3x;_uk9Ica^+vcd=7mh&O?PxkeE$SH^l~H##7@rGAwE0i^pDOrI z3WKm38y)zDOw?B*cE1+#&TU2KJJA9Qq+f}Mt`cvYt86TI@2od)r&h^HPD}}>w;Q0i z^b7K(wR^oQ%O*iAf}uU&<*b%LgL7Wzd3Jb32w~E;8{tUo0NMZDcm&Vb={h*hEtF?$`m> zE&=zoL~udY{9cygQwG1)P7T;IPwJZ%OImQ>ZOdZg2F?(BuubBXN4PvilCwkuBv+_@ zxFZR<0^bw#E>y&(^-c<3hpib!b9A*!0qu3uP^*l+;>e};y4MkgWs`0_&+I$SnqLi8 zL7Fx?8a9;npEo$&Nbxk0oG7@*KOU{d8})$cUHGf3+=&0uQGM8FdL@;jdv$~>!r+!x!dnGc&$Xi3~vf9IgKAzrr`qV$!hM2tP_ z_`yLWdxSywjoF&gl*jQ71_|KGo`xRB!S{olseb7LT+{9*vhRnmgGC$-eD7zm2foA~ zvTe7+;Mv{I9-93E1L0=(FC_!sy$^@)mu~MjRPJY<9M~1y*Qp3Zn=W$GI$(d^2t@`J zqaA%54w~gEVr=S`3T7PZx*i`QsE+&=sF!Q4&hC1{r@|t2;J?7j@1qQ~_Y&Fzwj}t2cH+L_y*XjId zY9wNQtj+ctWe(kJxRY$MoNcWbfR1JKAaZ5 z^_9p42>b@Dz0OlQU1PU6uG8WizBZW+9cVY_cjYYZg zJSGz`+QeJAVfkFCb>Xr79M<6!8RSQi5d;#*8Y<_~l0h(D#cUe@w5{2(^) zLAWnPklWm2(Uc>8#=506ekNtR3e~Wg?tvXWtN%*$5q71`ZmN1?4S@x{Y1vU&ahX)0 zD7!^9tmgd1EhNWC*hc2&(B4TNhs(UqTU!v0(Azq&Ipb$SBj>mbWuKUz-rSKK@G!*f zL6RASABc}fD_ebBh@tt7?d+*-84(UeGt5huTYfH$PMXeLe9$wYcNbe==+;3Hs$@$Q zL$h&fq@(XPb|{cMMeQpIdjznghG`p9z=A}}GrrLF9eaIJ*~#GjoX_Rtt!Y;^$_lzM z*A%mZ=Zeq?ZS)c(d0d+4l)5yOU0+Z}{G^XlH|MjGG6(vwJ}-giMs$~W`JQkhG%%8| z`_4Jo-K(bkR%u59oq_%lOC@+QlY2M{0)@y1b*emz7Z>MzD zRJK3tPBFf_`-~?-iYL50!6=Q2DIhDp@lt-N)auI*;4n9AkV`XJCpxY7q!|IQsr__b zysE5*W0O@GCu=dZIDXj%sRo*9N_P)yRrF}L8YdFBLOsixqR_8FLNtnW?xBneByvV= z?oB|%n(o&q79utBo+WDMY29(|$Wimb=*8+?iA{g3nZgI$ET{bKCf`Da8f;Oe)U_C9 zq<;+vT3OjYQuHKJq7ibH;l0XgE8w2leemNrU02OdgKRQM(>ELF^vtO&WA1kFyfxZL za5vsK7?5-n)=m@%3v{7f`>eJavhYx{Fy5RAnKx`19{*5NB?`)J+^jbUf9dchp-7AA z=|`p*5=8-~*w-`&B+}KU-(#`BVr&B4mLZW)D_WOnlmO=Lyumi#x4K4PbFkSo*>hxT z=CF&9i7b$3-BwF5y6!Dd`ONX-mA*M21G87_dJ#PNoLTOp9lHMX<8??{1EcW~cHaXB z6@N!fu(*8S6uSLI@#H-}9OtnN?2O_FTM#MI{II()cS!yAIuXZ={z*%9V526Dfk&zy zrAvZE1;+`x_UBq#rK$0&ZT|A8hXeLPd-3-Zg?LdMsQg!$nU(Yf$z`cs8a7QD$6kPi6<2 zXe&^z_aXEIYU|seB|K9vC-i&JQvfkZEF>ukHbSfK<>II6Dq8{tprJn2+wlYM*y@!~VE3ag z(aSky4O8`Y6Hu{DcTuJ7CdAb#a;I^D+B1@{>hZ46jiPtsm8LMLrTc2OWG+ePQ27GM3o}_dhFnUa$YAr-$ir8G3b5v{E zXg-IgUp7ww0g)t@pH4jJum@mgOJG)qMn zFbFIv(l5bOV4Rp<5!eWpi`t~{d-7w?4mus+q%%(%adqhy%VB}@9Yt+A6~DTrC`=W< z#}g|ZsXn%a+%pYr*NEHe&YP9Z5h=A$%6lvq<046y7qhXPNcwZ3M)vG=iWNb)X6@^k zR=;Z`)IT@h{{4LUzstZy6>u37VzG+=TLqZYS!=ySK!=uKHPcW0J*GD{6!zWonRR!?1 zWdgVLC0*zPQfNmA?1(s? zO6u0QBNvX*?fVGjoJmejf4h($mf0BosD+o>Z9`aXCs?qeAyA9wOe4GD_0TP`!dc-7 zSQi1FcfU9)F?o0wv+z-;ve%AaXfmw(pR8fI^{J8V6Q;!F1RO2@#T!K-B*}qM(%QrJK^E5Lvk1;b(F^|#Q9LQvS8^Yflo_5l>#;`dRc&9 zq#oMnC0UY{|3K~Vmsi)QwMzz8ZfX^c+Eq_*3R1;J+Xd?F>O&|B^b}vpgJ>H;6imq= ztANT@{%8EEl+S2B^ZFK@9RU7pf>r&Nxz|jt*CBY+9ULT#AdD$|j}X>DBfXd^UKJ$N z?p;n-4)OC+IU!Zc01rF%N6z6}#2}{^i+)S#PhV`PaH0_CdVzsR`|GH@5&o%#r4+<_ zM>gdEEr-hcVCJ{D0`Tm@WPS;+<$6tw}DM|+& zNCKbgW3(5F;d90eHk6^P=|f^QJ8&^L?0V`Yhe~GU=iBwoW<=w1#FYoMp^r; z&5Fe&)WkKrK%dq$qF#E{>?&wdEny5!KH|lp>!a_6;5ocyy($hL=T(zW?W^dUBR!CZ znkV?AR%?k`OpQ#njTXvoJhv+QvrQ?vsd8Sql2%H!L!9`{80A`ib%|Yh;AbFNjv~c& zImI?V-29Piy#bX(6O~~)1-8eafW$WP`P--?*M5n9j-6~~Z|Rg_h&%uITD%c@3T_97 z7f>Z<9+}>uiKdj5m1PUa8*jxDLuqyNEkBwaVN~jCcT~sr+ZMeLlaQgi9f-n(4;n%- zj-9fZ&xG*_Q~|@Js>3Jl;`FY3wvqC*UCV3raarRqXbZ)1 zL2{UmvBBO^Dxl(R7nSy!&4AVGdj?&EW-+?Kw(NUP|8KMI+Jfi6!LPcu9n_+WRlUuk z`kJl0O9W~uQ3v%$rSK-e@Z;HdxM9LE;;{|P*t*9@CdkZiuX_d(^h3MXn;LVQMRASv z-&&u;OZl=m%=(&~8Z-152KGpXJU$(#%sa$v0SD39jg_r(u^N(<3W&|C8#X6hvHJ;S zR;dX`Fzb{CmNGew9u>lIELuy&RXhl{8Prlg5xhz}(+jfNo4u!bsJ)?ihKD+bScT2yE4IHU48fcd4C)k+Z-8$Xttmih<| z1W?x7eH!3?&PqPbvU>s@?`nrSiru~1naMgS*jzt1d97g`kc z(26H%{bR3iWMZS&Riv!pAb-7KuZllrD!XWVHDn@WT}8HaJH<6ic(u}QJVk89MU0a= zdz^J@wexxZlv>L5?zmV{pOZ^~K=X01i@2|{`w2W2oZ^|E!W-^qju)oGiTkw_ryf_? z?4C&da-e}FoEgqwQWY}C_pUWW&XnPn&PygF&img>4#Up;b%Y641Izoqmo{>cYsd91 z#X?ciRV!pr+7=TG`b@9d^DOgc??U|XIl>8t&gox2zC5MiG)jQ@YlG?htv`RS?EgMA zKJlK9^KL$1D-UeZ9SxENGX^ArnRq*dTPbU+b7>T*wC3z7bMEUAR=7FJ0mF3ej>mKk z(FqcRI9qr_txZTuK@m;mg)OJbsH<5DV}_OU+wDbDkfBrQnejBaiQdx<+wM_0g3rxhFP*KzFxKdjPMEX zHaptU$Q$*gU31J0Z~j(1Gh0&%+pmY%^V=ETpV(eAb+Whe4;JXO^wVW=S536!>X`3= zUOl?{#ff563F{E^c3j1?}S`2-}Q$s%9nb1OSmC?jEK#lE4SJ%pJOxPIER%g*+no90C(->>(o#;HHf)_4_ z&ck+}=x(LDuj`9Nz`Mznud;5(I144FBZi+<~mx`K+^z}M7l zf+PWNx1~d=73+z>a)K=7vw3T#BMDW(h-^n=ImDT~$`azbvw1V*?@bhq1GautLh?qH zZPw(Z#kEukbLO9X)~XIb28!my%9JwJn=h6f@cBk{Y2K7lzFm=y-PvFcSY9n{KCMnS zRa__k)rC$jT6eJk(HI{fym*g_8i#&8aQ}UsZ#`Hzb!!fyz#{&-8MdVB5WqlxTA$}t zY~mc?8NH@F(p#fc^0zhRUz<>oaVJxhzk2ek^SPnXkMwg!jgF}5yvQ}OQunt zezs{RAMaimN3M2W4SE&=dv;x!BSh(_Uq-B8^rh1CXNs1ELeTcEUNt^QUsxkH1cmB9 zwesuha3@ub0YkP2Gdc!sL&uMioVLSJ7yavBipDI(wv(yIq$u30>4+h^(hlTIBWz~|i@&}b? zT9e$Bak~0YS^G2lnS>; zOsg`#5;cQOTH2*vZTk3cfsWSv(%l0kf7^^N6LlY(;T;evVz^cD5fqULyC~JdbAX!s zR!Da);Y~>@JzNZ@WnbaVZ_w1D38f=%dvY#l_1$#iCnO5Eo=DRI)Q!~Ic z==Lx{ho4_iO;FjB&42-&ScE%Q^wAt~QPq&Z@7P?(`536w0U+dNR7F}NmR~4W!RX_0 zzMJ}xA(e7mk`_2R*nC}@efV@#-(ujNYk6_mO;Hd#lWDDS+bM-uX40BUu}0544+6vA zj}9%dX7VQEKYRj}<{wF}*5qH1f==WdfW!sn$2>DX$P^uARQKc%?@&Il@`v`-Ch&ZL zh^B|tQ&H?3hKnsHcx@O_DwKB?E}d#7Fti!&yqZxY#s_#sI<<@PE_`Uk1WVEFm9i;o z-yZMd*6TYX`MWT7S8&&Wfrn|#1XC$Niv5)p3s;&4WQJ&5-ITETfT&QReIWdB`VJ8Yhw;ShwO~{5R47N zv`3J$*IN#*&=-CsT3Ir(K4c7aO?LDfm6!eyEGZTQNktlU9)di63W*_mBnFB zo9c;GQ{tFFo~8>7Md?41nvYzvJDU^-LqWkp{QL(7)4@^Qz7K{Te3`??j{0^7m{&P8 zsrUHARLD}h1WU8KFnT=WS*L~57EiKmS)alui@AlS%VUsC_4Valnb# zxwZ=fEAz%i+S#;6fqWAsUQ>&BGaVUYHobi&`Lr+h(bmA zYC}38D7?vT4mJVxAQL3tI7k`PQ{5Rg2T3#~GRKK?w;bkelXH>OPb``} zmM;NL?oIy9$^GA#q<=*!DQJT(Cj8dH53{Fr4aCyz^aTx3aE&$X>11aaT$uuaI->>Z z9sD!+#h+*lv8n5X*i*NhwHBvk-ngIFN#)dQEHfqjkJR^|gN1j`eh0AvR-IpqV*PS5 z(N;ZZQ}e-S6FKGOl&;iOGBsi}Owxl8?A<}L8Bl4)g`-Tz@&g!#qYv_gN!=5}B(9Bm z_}A}^mwD8X*}_sBC&RRttL;Qp&}jG)GwV4U8bXs+6#z9bcr8AaL1^Y$ z`c`3?L#-NGBDzhg)F?X0r5qPU2su9;APnAM1g>53mOvu_kMeLLBph2j3Q9CU}rGF#OeXVEFHIZ`?U%NDk2SMz3 zLXtapaAhiKHlP2*Jo`T^;`xKq+E=0^dQh{;p>SUh*`>Ape+=o;Tku{wJM2Lsp>)|j z4n6*xf8J4MtfSYy5w+M$Uy}vk;NhqiOxddUUiaSzLiPzb9eZ>y5*F=vhkZf`GP^0o zp=>4AT}QB7M=@YdpLH!lWC@cmy8vBb5A;H+WSdBk<0tWS+ussuTWrYm97)1_ta_4S zs@^Cs&RA(OYkna>o9n2XAbOF8P_b^kIdT|R+bM^)mbkmV>8Kjb6wDW1u|qLbdji`h zb)urf>>Aaz!=={5rc7K~MZx1I*Sh!1lJT9lw0e8kLXYYV#qj21Ilo=-Lvfcjkd!i8 zYFZjT9Gyek^d`9%Z=#CKa8Z>&=-WrOus^e^2o{yH>Q6W}6+qzARrGytVWq-W!-Oob zelE9<)U%Hs3t1Xk%rWd_%I(PaCUt$3S(FM}h)Cv*eH#og^Db&WbCx?~amU;-LKYor zkLX$VOqd+H!qa4>G*_CRkH=Dpy!9y<@QJQs=KCEUqm|14^WYLUWx#lPxxIFn#e^7j zEwCmM=WAitYZkz?>9MKE#inIP?lEyIN$n+hlqp&r$Z7Zl)qJ3-&KO#pq|Ss~trmbe!>=k@=cSh^eMAD0`%GgDm&%H z#WeRAnHa{r$+lkLO@NIUY~>`JJ-%Nj_1=pCD$@^G?yVO%bF9}8*W2O)dMUi_5nDt_ zs)#tlDUDcW@|p_Vc8!n(#T*#+czVWwgL|OT0uYTZ$sj=w*V(>>!JtpdWZv6qcAjGd zh%2%Zrt1xys^2|jO#arq1D+)>l?^5KPk{vEh*vOj7BaSWfU&Z(LJ*SdQakO?Fn!8Dpq4#*h}2 zMCqIN%2uu*To#>4vAc|8qKy{bI%wGZ!v^yMz1j_EL1Dg;&=Pt~Iw0x-BW5}(=W9Zt zCz5hfv$^J1q`mPPc;A+#aJ$0gwaS(HJHhNh&V%ACXPb-OCcXRfuN%Z^N_yNGi5Fdz zs-n!!HUUy{UIPeBz!f68THh1NncF*$4t}ubYmL6|;K`+1-_`dyIn9)Q!&jl_jMrfx zN<+7PG$BpDgZ{%V%m+C{f%gp@FjNO^e;zt57?3%T6JjYrIcC)V<*$sHSI3kjB&z@* z!r+adkA#Q@uVoo^fDXx~ZiTE-yAk?=G8d&n=^LoYM}$__(r-z3`%*}|0Z_n0qhb&J z|=S1~S*-ls9gf)4BS~?X}hH-{1cfS^QGoB}zDKSz+;P*^w)h2gfQb>Ul&RLe-f} z$DK}}c#vL)=;Y>`KoEGH$n7cdW0{}}8W$BeF>S~4;OgB{S|vD(2u8)z`|}wo;y1lE zAg=XGcyX!WbDf&gQAa-3oRU_=ve4Z^YN2(Pb=qvn;?hJUmB3I>cN?Nv4JwPFY_m2! zC#6;Iy%3Z??h=yR*^_rb)LJO+zh2f#QQ(dsN1cJ)o!m> z6-NDL`plpFIz|(kY1bp=^_6HRb7d{>#pB~Y0pq`>$hCLO=PgIS5)1(Mq;GuI%eUxS zUj1XpltD9!gGf_PfBk89PnD^(YsV(ZM?%YGmIGCJESPik#W0gptAX&xDOY~^_ko;7 ziAn7+=q}sd@7|Bw3ODbI5}%I?S%Xg$aa)d)mKCp&in?m_^v&N7@FwGvRM(&@uQa0> zu2Z<)GbW_GGi3r^Q?YGNl--@1r70lBV>$dA6pHa3f-cex-Pz7N6!X;#bPqNm3I}7S zNJn0HHcJN8Nbx#>0-L|JbbcT-%_q%`4cA{?cQxxnnpgwjGlc?7r8hOf>p;HOP>}7q z=qkc%2;=bv*p zZ(a`TTKn+1{G1>?aOzSqCT>Ca^7o>&m0nwJ9MVndd;T;IFw${J53&37(*?)UkwW6v z95NbdZ;)+jp3!$w)4r)yHzo}XJ}5emnvaP5fMqGW_N?t>7&zG5?&y5=y~h6rtj?Z% z#!A1=M5H;uZZ-D`GT9TaPsE)bLdgk%F!38!%{`E-<-ww?&A@=gqkNO>pU)(pb^G~) zq;*|26T74=!e#AF`AyKcnq+ae5MjSU5n$qzO&hvvX$KuL_7wpm_`g zk8P{Kt2qwsoYi#!1@AT-l_yFJ5X)G<3YYc{?tu+GdYh38rA%a7CxEEkvMP;Y6i(8l z4B)^m5|#r>Ahv=?Kd3K@`IB;`E`DxySONZPth}VL17&=#-&))=-Sxy|I?ON-X}##J zv&v3A)8dj$GJ1*NYpA9hsdGiMd$Ol5xP`u1{{%Qf-@k%W=hrF@{{!tynG-|IN3NLZ zTUOm}%Kvr~K!riO+e0C_H%fDxRG7n*i`Q11+cZiOLkNt$y_8?%!k$O^qmUvUnk)gA zZLXrs99r*b*(xS~C)gtDKy3=6;;cjKhhm;GZ01XMo2HoxL7xo*anQtdR?*Cl1oOh15V8hhdFt&9o0F7TRQvooAu zPGM%rni^Z-V%s%AVHQ$YpH(>)Ah@*xT+^z>z?f@$S6g}>|8sfiN$X{(65!IMpuB+# zW||}Z9K6IREe_W#U6b#HCc=8f$|3{45?z)yd_NXh*;MJZ{LKH?OvDQZ1zms^#mG-@ zp1Hm;6YF#UfRp~MfAonEV+p`7 z(yyOi^{ancL2F(MNMY(*{DkgXZ`S~3@x7M+GK`^K%D)>&%lr9j73hsbB(1Ru?wgje z>pr6gMxLN~>QdFyTk8nTf7n$M%zsdHbf$G?t#3jBqk$S`pgd9)O_65&1o|1V>FVYb zUYrQ7Ued$$`QPSP>6)6|leM;>#jb@#$Xns{nI_c>s7G9+SXysEr|_BE}nw{5%}FJ_Hr z4eqi%+2Gn%E@N#Qtg}RzJI6oX|643)B9?0uBZCprVEKzwfOWzHO}r;mR)o z)fd%nYdD+?>n4zt#D3alIznR#@H0!NqxDkoktUkBbM+%XYN~F9i%{)n1ZxC|JJ#Og&F0Jf3 zOz;L&{rnHyuhIWvi@p`j%0B1fcYpRqs^To2^@S9*dBcjaupyycQE1CE8t2EN>(Xns z6cXy0ru3<;eBZHP4jO#RFs;vvJ-L&HMkeU=+~O=lQUMJc3My=mmNRDI4|JZ%?9Hs| zEIdL?ID?eAruxZ~KZx2QolJF3a=oHb@cEo>=3PB~z1f=~y>kz&$MVM5uZOTiNB&1on-1)k8+FD~%+|&WvSr(Rv zRFhPBc*k;hOM4k=@?1}7YpLDGc>AG-DKeEx`z&gZVl1N?fgczRUWT64_@P#>ek9}q zf8R8mPqY~Ay)p9|gsrT7nDPgkAda6_NZN|KLBDLY)Rv9<{serP-XON+Zi3ZWYkudT zuCF#l>mgo-FDA@97h)-8ag1!F9o@$qZ{`Bq;#j1DG3nZg-I@C!uw_=n=9FFgUg7^3 zl%B+gn@(sipOyiGlaX5_oI~ni|1@EG5GlRr_pU^LZLZSsFv3&MA(#&YSmd(r1v7Wh zj1@g-I26531vw#UQqb7+Hucfq9Zry#?99BzmMZ0Ms#A!Q+yslRBIhcWHs3BqgR25- zNuaa}P51&q3Xc-6;>fln$C>or%u1QUql^iQAvHRg`->ig`pGp5b5b%s{|#rHlywOo zYY;7jzF|ot)`FoowNfT?v!N{^$sEJ8a5u4X_c$}u^`onZUE58s()D-al#qRhXOm|a znl_PQr$<+T`^iZHwP%y9>v%@aI{ddkFpP`s)7FJ&Im~8K5Akld>(8H4jA2vdoJnh3 zAs;%6n5WV{5v0jWM3#7$Awylg^B84^@+H;rtYK*M8YycCM3Xlx#OM~vGj`uUYJ>(f z5M`1cE$6G)c9TX7Z%W(PE-nGwIj&72XhgBFKT3@qbGac9)O8dJo`o8rmH_c+0as~L zkM5ltu|x)rfdDUFo>)@0LflUM+$Oh1C%n`8hD9-etwwzCO>8G(DgS_5^J<@!#34ZU zn_~S*9I222Prt@HRc|C9F0;kjNU3VwBrH=`Z+V=*)9* zolw~7I_)L0cmrV8O*CpE)nBbpLY4pW>S&$zGHH<`YW14kw%Uy3oA;&|PJqPm#;n-o za<`jec@3Mnw8ib>KKrD<25TV!&QRk~;FR&8Ss0&s`f!`eyyGr|V%6*U&Gnd}% zeeLHq_+P8)|6bMq2?AvnFUIi#w?kuMmupM^G9U%zXKzTIEdPpJb<=~ZyjarTkn4W$ zP&EpcPT=i_JG|qR&+e911(N1W!&+B>`?{gA-m!(#N}ZWw+Q3}P6=g*R8?|9wmOr$} zrJ1&3*~*t8iw8~B3!yw~bvV?VXuw1(HSDQcP9c!F94evB2|A3_V?GO&Xcy=3imaur zUdWC#E`Hds6`7Oplr~i~c3&-@ZnuQbwt&=1P&0}>LH_x!P%Ai%7z*TyW+zC3UM*MkoHF;n~+-{hPRaiGRY5@lVw9XNvr5Eoh0ZeVqJC zJ$HYWq&8H!Z#9;mR4YeYuW^hFauNZ5qqmxq@a~ERshC63{1M( zG^ob#B4hv(ODF$9-tfG&Ok>!)Z_EWv$DY6i^`sUZ1FqF|BQ+*`mmN4#eRbP=9(amH zJSqRi-2#PJibI=_AAR=7zyO_Ha8`Dd1$6f4vt-Q$leCZQ!ZMbTeX7L60b%DQxYHsv zgK_u$iCvTXVC3jr5tgOgjUKFnIM$dr)vN_Lt<*%B(Oyo?VSxj{Gkt4}QL75}+iK$g zqy6hQ>6PBsp6+A3HuGr9+QlvQN#9(+RuVS}g>|jdUc-Xcn&V(C6!_RNF|yj?QQs$c zKi2Qn{6|QWe%13=L_LsD*nA4Z0E-yl5TvrqA+k~0>)P)ORbyP-0{Z0*-2||x1$rCP zjHOqKZ4JNSO#7sSl!gOCkFfI019&QR+!#JV+)|%ry4YHSbj)Pp6clf?h!cLvzr26X zD>7$#e<&e^_jl$g`VevyO1Kbp^7e)#6C`yc6j&H_A)cXtovQ&B*tfRP!6bE9$`{@_ zRax`-bzN}jp+w7ekRM~hQ%-=H!qkcZVh|MgD9_v1fhh4wWJ>Ybu$W4mhX!*%M3@cg znZ~QErW$9$Mji~&)YUC{Mf5hV_%9B}FUQk62Lb1!Z*i;==;tz~u3c#+SwH`QIb7Nn zmY$)A-)kmOF)LQ{kQWz{xgg5HVz5BkhQH=lqC}BeQ(r+LO_tte)qY&_Q-=;NCA&0( zD=z|I`;KV(un`(fO3`eD0!@_-#GI7I`#~qZ;O3CXeD`vGa{&u~IH=4jvRw#|L%H`R zphY@CJ*s`iIaWEU1=@90c>Tu zE4<5ij>4XFR&$=v=dxDtk20^TYtyG+rjIw+mwtXhOrLdQO{@+!6q91b zlK9{jsJBz2MU@yLE^Hb6ag9{pJiZNN7;$X7n^o!9Ll!bZgSeh%0Qi0c$QC8V(#ZAJ zrI$b*V!5o4icIb0T3FIQVZZ#+*zHDwy7zGp% ztT%FBl{YMgEh(=iz409uomz-99f1vwXFnJ+tldS%@I(oHD~44TGN++Qb^W|zD^`De z=(nI+x4fuxA)k2u{vT-uD9D0)^$Y0o{hCcCHcFq?Z6fE#HFwy|^#e%iPvrl7yP-M4GOPtxGKH75DIY1G&_`M+i}lgfY10m83Yw(I+O%jDnMnI&r@Uv+ z@k{8@w)qD`vLej&K}P~iLDLRX7iCJgvuU8Cd^1dO<>Tlm%QdmS^2K~nLy#KJOu+@= z^lUe@#XMs8z#qlvd0{2qzx;DE;{%$0jWP}fKnsRGYnxOTW7qE2%IJ zdjCfrdhH86xr|k7*qn<`!Z{h=QutsiwGbGm)N7XW%+|E3XgN)j^g`ZI97+)PtXL+b zJLwwmMlr_Pnel=tYOEJEEE{Dl;1g%LUXNvhv!)UEJtXe=S zBW)FwRt0GNT-(F6R7lXR>Q6nj65|brK4$Tnl-!{OSJTi7;f(0ibbz9dVxz1c$U%As zRxFOcQ6=KWe%|i=K`4Z{pZzKL_|IvMoo%x10n*g%e{m6aWu#2J$?SJKH%PgLgSjk zEIav|XBNlP1@NQCRU;-fQH=It-mrbH0{B6btwjgd^Yo#k+)liVShL6thhXM+rwklt;E{+t>2knMskwN&c zL^6Brb?jL29}Qq%iL#DOU&m^5_XU2-Z@VHC`IppXn-$}kJ!uu5?>RDiZGQ$ES74b< zx3B>2gGl!K+V*du{6C-Z>K2gK!XB18)zW6J_$4*7ey|t~)+l=aA2Hal+VVO92XKT z7|=L|?Hk#=E-HkFJ3UpY$jl$AB;_6knu+D?8~aG_;BF-J^K1QYik1sD@$fOtuTEd! zLtmgRmlxtD9%?ENgO_D)E-^vDB+?gjU8pfr1@LdbC)_(hY3bbO{~08kJg=o z0#@_*9Ij1zYTZb>~K6Uw9^MSk&#*%%!cio9k3WZ`{dZN9Z6@_W{w#Dwk1kNcfgGr#UA zsWyt`53Rk$&&cd3IixDw!2-CCh_yXnqxNi+a`V$!NPJamj}sKhnA(z3^yR6tEn`YM zcLEK2Pgj?`tc9nPD?8a8(lga7rcsAjEbSgg7B9rV)dRN5woKptO+)j>Oesr}+e{=*@fjX&HDBwZ zG;3ffJe)fQW~H)K2B`mS9(sKSU@v1rTMHkK+F_f&?#Opq;M0Q_G?o-9pm%TpGtdF} zqJ+95FaZ%Hc$#mCSK#l@3xvD^OD#I}MUky|6`p=>yT{zfl3er+iAoMIEqwZ$P&|O# z2w;mZPFBY^gPYv#ows;VR>vR00lml_OM*tS`#3C7-eb7w!JdfwAHj5$!uj+ zdeJwEt_G9+IdZu#z@w21N? zA9x82`wLMCs@NG*chRU@Bek$IpSD3k0dU(ZI)0Xg!dt3iE za&Mv^%&6?hST|J}EL{YK5!t}87< z>-5_Zqoq;Kuitoy>i6gWH#`&!Gn6}&CbttfP_SK?11s+@C*Ne+M3pZ&I9+ELL0k#U zcFZ0m@g5|f3mm55zJMJ1HU1b}^Y7z&_`6*G0XFo73mC;Kk9f4$CAy^;xyJC=ts7>} zprhX|7y|XvKR&oZ+GW1+iA(JSK&t=c+d}-ai!U&&KYbhccfa!w(r*CT{`{rv0Y#M^{A3o z>xOf@+D)-SXxnwt-ygT$;j%^_C|Jr^0J)zp0Y$`Ch{j3bv~ENW!64EGA|V-gun`e8 z14ah%%eTTmU;PAqvG)G*|3x2&@Bp2pNXp1AxC-=dF6p_mDbO9t=MLk2V?5EvhVOZP zC47j|)w#kOJPmY?4f$Z@#lJTRE?uDThq|5}9&F#3hHeJx0?n@w!!(qHH<#_`ql5ZP zRTvCi{BHhq^)?a7FaI8hzvW#aG9}{q71$C|KIMON0Kh?zfS&@5;1S9?xEO`GVwYG8 zvG>x?{$ntIgZEEK{C5Z%my4=0z@7S#_6Paa-I$Ln_a(!gzbw{vKbhR5W2ahhQq9&# zVT0c;99_dajcYzc8}7o%3jri^%9QvZ6kA`R`7yE64r1# zxL4fAp4F8JDSwmU^;I!TYR?{wsS1>_SP&$sWP9;Gnw;b6D_;RSd#^J8CVkukspTml zGmgL)@|gvV+;7Vi+^)vV!}oTkSjbUKPm zgn57_gq7W^&!k^scJ}5|dzU!dAy|0ZL)N6$!X(_#JqK)oRiys@A_`hMJGJp}KVs~2 zr6{cos6wUBp4V>@Bw1U+o1Yx13zV%1q*x#7F`h)tk8xL=89W@`Rmk<7l_Cq4IPerO zp4TbxF}Ybky=P0?4Y(k=vM*h1uAgDE7uCqvmf_u)!tGK#ltBe)S{W3NH%{8WvF@+k zQ6n+1O7EfYHvkfR%iaUI?rcrG>kr1xOC#(&a|WfhqDVbAc5IqD%G5k8`wnuRZ-Bha z|JVXLn%${|0q+Row5^`>P5J0a_+DRJUuu=$wH$Vh{6aU&qA8h0!}K6{;S{07AdU;f zW!J?3_a*q9;!^S zf`uSePbeHfcI)R?G(no$z2;~`QwmJbuqwGWy@~uBU2s!<@)R0BR7nLE7glQ*E*Yo* zp<)m3se)A2J0vg)Uw$u36*&Ma<87|l0wI$ta9!2TbGLI%gj^8|5bbg&EAZ!+We&qj z39?ptq9R8RfVdxOI^o)iHp)y^DT)G1K#c9YdVTy9^^1@cbF_Ya5XDptzqsH~|41v` zB|RnEw!^sts&?R5o7M0Tjb@Rg9HO(E>gCB_tk2{(^rQq)_MtU+dxH33ESk`NA~FAq zjdy?NH-6vN3TGXv|Ha;W05!dR|Dv9TqM{;Qz;i@uC`#{mL;(Q}<<#I&(OUii;-DiLP|ER%(oqrr;m(8N&Kko8n3g#aV%Axe%q6z-@Cj08( z+x2&Ro&R`WKgBcSUl#mlH}D_-{L_C~Ubp|WqPJH^-u?H>^>6;onShvIlm2tgPvKX3 z^1Ii6S)4?conUWLeAcpm)*~FeuxQ*kwrvRFVEilNiW878DHSl$qaA$@6nc2&&n4?` zHsJlU+hJK}ceNb>FYo-{fjGxdi3NU4W{1G=7+A|{a#dHofix*z=C?ix*3D3E4Ews@ zqg=`^QA-`mH2_({+{}z!RYqfO31+jX0f+rQ_BaBWVSNTa|9D_vh?|?6uB_b0EmAAH z#UgK=@iISVgp?;FBy>YPGQ`9*q0n%#+xa5-l$N6#l`$HsC`i2uF$5?$NZGp8TBMZh zhMkg&gB3mkZ_YU^e1;Y`8Koy2F_^Qjom96QDJr?Du z{F8lMQ1uAtplfJZ|O5|exxZx^og%l(u`0&NxUwX%_5fTlt1v!C{gN{QFo51`t*|ZWjw2$ zX1PdP3*iqnx4I!jBl<>?uw#ei_>F8HW$^J8r7l41FruZc;+xOU%ki8>s`jt>6HNvE z7%0V76q^_e8iGsCX@0z2OKA3qLX=N5oqQR`Hf+~o2dH+=MvNi;B4Z_QpGl-i*0@CU z6G3C0l=3x=vNmuCVDRS=JSf|u)FVCLj1wysYHQiMYa8O~7n-(Y(V}T0SrG>%M=YSj zeQb61V;-K-zo@bjDmlqaqfHVr9$d z)qgZ+l?$3(Gd5Ft-fW4Kq;7NA8oYUKal>}2X<66o##K9Qly0o??P|kHaHaUFCZbdV zT$`0;Z0v4njE#$(I2breEpr+>lnu5Ywj+Czb3Y}%q49{+4FrIAcz6`=j-k^E^Tq-v zgV_3s)Vx}UaYyB0o?k;GHUD9XI(vhr{^Qp;1L((qMPni3(e(2`Mdt-kM_fd5t6;ktM^eXqxK+*qVsiio}jmZ5^I{D8f z`nP8oo?UXvZ4>t*>h{roG7d%xJ`pBh*sd#R?|#jaDO9r2g;1|&#aqSYxHUIifi*zh z-4a|l!7$9$SrgAUQQA4}7&%~fjXamy@eu|mrl@Sz?STT8Iyc!J;Uz=^yYM72MCaqd ziqPm~&y(mC&jN00K`L>-FP%OtVJn-Hr!cR>j)1=(8085NgZeC@b@*cZXY;CcGvgE; zxdB|6E~8^uOP1-+3tQ{E=ukebWygLPcJy%i6zJ}x>o4TYmq*fJ-MY|mZESj*TDEhO z^unIug~{DG+yd!7N`u32T3MrJyyK!KF1N~6Nv`)Q*Fz~$CXJPv5zWwubdgb@;sh?I z1MOPQeXaZE7u^-=%{Xrd_t*m#%yMtL_0ZQT>KQDOr^N;&lNEb|I?ooui`^0{f6NkH zj7z#7ECG5b{(M11u>7{o&WzgEJE+d+jG$j$`yrk@y$eqUK$>c2?`4Y3ZuEu|@7k0h zH~J|49maCldzZk$!sgBz1viuf1i;KyoOQ;w%rSz7+$%3*goSTA2q#re z+P@wHZdnX}!;+I3sRA|;pwc;$B`W#>X@(MhJ_mKTw~RK9 zQEqPO$S1L4hJKqMOd~LFe-Pie1_)?9q^PKCoEW%VtC>>Zk}_-4L|XA- z@L7SBW5%t`&SYU(VT!5k0o%_QN@2IfKwf-4v*`3jN9((1mdP%FxKtH&bQFXQz28t+ zF4^s!nX)Ejk+PdEb-95+@PAb{F($5u&!+nq2Dh2RCM=Au9k48flC8UMPEkY{7NX!! zXsv1+HGBrqa&|g3rH%g>5nK_gV%26J)sTEto}ycg&?MlrYKK*VT`GLc#aUTt>0l{N z@urKorb~FS-inmHvWz|%IVqrZR)+GUVz{x&ZMl&YXF((H3yX>>1LM}t)`9Qu4*-=_ z7=j=!{iOeG=I!5qQt`iSD*x~7_}^VRciDJHi+MU1n*%Box?DM8j5C z?@|7^gndwF&kMx2kyC8ZCLp$eJsoNWYM#_z8w5)rG((S(t4(m}8hLheypbV``YDLO z`<3_Ou#Tife@**)WXa98PSG!eJKYq`{t^nz#>JBkUP_=Mv}(Egs7~Cf1AzfnJhi|( z@on0R=s8iRK#-BwxLoIGHf4~1tH;JgQ*FINvO=>_=8f{>I}NL8sMzR&X&dzvuh-$Y z&k?cn5X!sm?bgsp&$QzbQ)9w}zobMbmxCqZIo4U3JicxXn|o?Yak6KHXB(SIj4?R& z{W9$D{!|2uEC_uxF0cBz+pr(zgsv@X&0VIK!-pa&#)2;{DmB@J`Zt&NnnyIh8zqu9 zlJDEpWpfpL#v%2RR(l+z03q6ug)N~$J7Y(6Gh6o1p-G=)b;(5hZgEIBY<(;Gib%u9 zZwCnSzC&+x78U;qFusycp5iB>LtY4r7Pg-OXJD>4SpL{kAD?;}@BX3XD}qRG^&$RF z`F8wN6|qxkTG(_0V($@p?CzW3!*1!ZT}9|_6v*r8c4Q8>$Fbubp8xXfmqM>d)3Eop zf{<>ysvG8;hzmS;Qop(8>T}GYPB^fI6mi}_zubArek^ela&z)+s9=i;2qOdNEv`#8 z*0Step)c18(GT1MP#d&da)nHB5|lv5T}guBB%vN8?qqbg(|7ox=5rF?%z&+i6;M$X zWIe26pva@Fn-Hh6c{+}vAT|r#XPabty{oSuC3`SiBYMJK+}7;1DR}o8^xniNK477_ z+H*EkcO>QLaIi-*<4{Aq6odj8!aSlld<9Q^AR(d2_luL!Oe0k!CBP3ytlua`;|njK zi^V*yI4Jg9aro8Tn!OcjaHi90u8g8O%s-x?g1D83V;*-JY6Q#=$17aU-3w5XA57gG z^w@6c%KbD!_RFTGn#&|}v1d~ST?69-G?Z~Y!CdgR`U54G-AwD! zbn&sILayBm%b(sIs^b2F5icu-IbS9{PTqj7dwe&2;`1}MVtVo?ut!0B2#btNH@3Hx zHd|S|j=q~K;g+&W0we$kfv2Zavq1BpL!#CS(q;%cvDf*XE698vLe{Edh-5Mn&r+-e zG1sl_qqef`A(EHfIAChPzQC@qot*m@0FXvfH4;DkCz>xyOaX3hOvF7N*LzlmpfPpr zdFIsYuVEewS^PyWGNo&NGc?JU-Fj9Fu5Hj@W6K*pcy#kwJeSHUGy~kR0Mor*P(+k-bp*MzPXj|a?m zHqhjOA(a8B#(3%zYLpX{v+lU`)a+9uKd>ps)I1y`FIH1lHm@?-W4E$M8$m<+^kp?q zPtp}Smts6Db>r*|&r&5xHd|g-wmXC~6?y9ccbwC`w7gpbb>-KkWpA)p*>cD0{aNUy zC-!D~MWFl0A=bMUG|%qH{j(*_etqFcbgUW=4aJ+$*ID;UWQV43+mjy$c>;0>fC8+t z2-4hA(nBzcJz1MR;47)$jgMbF*+;po+F{;o2fI#nIg$zIAYTsp0sK4~yeD^L83vt(eC zK=v0lS&#sm@_ix@4s|p z`&b81s$)mn0->%042q{9=I2F2;G9m;tfu}V$WG>bT7}IPTruC>RsDJ?nKwPme@~(^ zEZ5hZ?t4^@99>B0w?Y#$3fpnz37D)-BXI+D$%cfqNAE8z#hWZ}rNljrQkAtw47e>S z+i;tok$`fmpCu^8WEv@gM&iyf0S{hMg0)jCP1*I@osoM%Qpo*ey!?l;T|TGwOOFMafhFc;#GOZvd;_-(^={(>)TUlLT6-&J zeE#cXV0??EtA1{Yg}RZ`ZjF}L+C`Bp3cAYZ$-Z>6m$qTAFDLs{5#&~y+GA{-46@u_ zm6OLDeG20W&_iK{({3b}rEm z>hp^$WKLi$W0ANJ!J{Q=HnsCMb~L0em2$tAsvN0+TDEsAG-{DwS|i%LZHoI0#GCDQyt~ec(`Z#nDKDHz^*59 zMt+~xq*Xe20zHb)O-&ih?QkJT2~H<@WWaHfeu+zjTtZ?8pj+B!3cW;LcNuN+YYi@K ztf7SCV`=Lvk%l;?&6SPvafjn4u_x^n7zq9RQ06OD@waHVCsBgZ*}v4{s?uKYsNd+` z{3P#X&*%RlNL6qv*DGsC(M*w|h713C8&tDO*gx3N^CN zmF>=wD_%3&giL_-0>vm$yPcohkuWbglFXbwUI&Wo=K|Tri(3^KKd6@5wu_dky<^XZ zB;d3E54z@&sa{#L^9^gshS~7-@*;<({8KrD@ag@Q2 zHYbP)@@2+~P_61O_{(qZ_cz4-ea?+Whkm9mY^jJm9vmA0SWhF>a8s$!*G?r9kg};m z-ESeo;07}{rit-#%DJ7pXOsU?L#K=@V!bC6@zS5)Ym{lTTi8c6tlSiVI5tKux_ZAH zWlH#7`t+>^ufL6v0Z&p|S;dG;lBmVvbWcp5mcUD~8eDOWw2&lQxIn2MPld0}-TNd< zZ0mOD{{T%6c{=GE6vC#k52IMqNeaInKk&5J`UcJJmW+A3kgMb!qZTM0<9bc$pOO66 zSCAxD)d=5m(re^qImCA3QM{-=ZwtHM^>2yKEQBYQV<`=1Kx6vyP|C##_%*Ie<7o8uT*(#9( z`8nWU+->P8YVxr?`tMsei3L6+@4C+T#U>5*2Ih+ z1AWZC_9+ifh(I3J}8*P21*D;6{x* z(a9&>FG4HL_=83DmfOBg?1#Mgk(k-X+*9_wPZ~$qi{4l)(M(?!Ycs*yteK6ch+zmm zAoQJ_#tfxyn5)>9Ey~k7#koc@z0GCC{xsZcG>Ff=a2F#jOE4r=H|1^fJ zAgz6cigYxzHChEO!X#KaMH3(N82I^AU1tpEl6dL(ZrZJGl*(FJ%4&a~w&iFM>rwq` znA9&kNr5#;4deD0=bO-uY98g7z;b17!C~bJ_=(ggBY3P4T8Q%qCg$Gc>ey>Kl|o61 z&-a!(5NhcmZIF^_Mi@|MbkS8_K3qiRrgvudU6l6q9$t;t+2i*fLKuPEnNw3~CV)on z!5AmBSq)ua_w z^F1*8Iv&cm7W8EI%ClJ_k;}+AJN$cN=o1n|{Q@gzeWcqqT0QbP5Mq!4s(?k<5U=ysc2Hg`ZwJ`MYeLOJfz))7*8dBET&Q=9F!O7qP>oEUT86V>FvbfEQY}e2@ zwAY81C#iw_l&ry=aHg~`)MXh4G72pyls!N*T1op6Gjiph9qE!FO{TG?sIe6)FRv2n z9Fb`BL>2Rzik(9n4_oJ1VlFJn31Otz}bxWaT6Dlmq)DR>OMovUSwK4?{ahj4+f;ruik`ixae|?O8I<9MIifeDD@+&l~ z%gBwg-v{)8THYeh!;H1YSlOjswpKR0$4XKcq%)MMF?;*2|6G3Znw3ADlV7J>WlSm` z-&vN)$xpzso1m^}IF7+<5GZO)kaR8k*0gfEE*TF}vUiCIeB=ao( z-Wn8E$Y`^96Dt$ zf!-Q=eBoNelH%Xz77|Z6+jjhZ9uA%?u8^%fRdVN2@wjC6+V4pv23j*VMP|sz1Nc(> zpA#Pk#gfu1KGCt-O%j7%){OL^Y+tQFKo&2elIs_wnO|(1*j3G^rq-&HxSmROYj=g9 zOCAd`4k}Re@Nq&)*>a_ZYPpL`OaUg5{Dp?do{Nfc{WlygJbapP3N+6J&_}`)Z-q|swfRdLl%6C-!{Gq*@deewS64T{#=EQ1?+z3 zQazUua$$mlcjEiq`hCMfrKtSuYWL}+j;po-G{8G@to-=gD9;KX$-lnO2< zGxJTbR^VG&Lm~>rp2b<2<~k!N?gVbk;Bzu*#4heM(DjMe$sfa9A3(0gWl!y_c*hFu zfJhT}o{&QdMEt477}g1^0#>;Ca9l{wVBj_<%OI$P^UqExnb7c|WNP+y==*GDdd1X4YjxXB0T26o%-VdxYsnXv_g}!Zkg1z9(J6JTlj>B5 zZU)I7Z1_D21U4nV8QH=#diJrV*i>MX3AxlFOYWtao!X~HC2MamTr1aR@-_0>?uz*Z ziOXKRrJ=GgCw&xYso>eFdpcS{BF4u|i_=sPC{EZkyM>XvPHopSwz?5T_YHz(AS+inkX!aXL6{C8yCfSxd2z||aL54%n z|C1~$@bEBwq>6wf8Mtaaz;D8~0tz0yuSoB?X!dnt>)CR!+&AWKt4zv`Zm_juXqMVq zX~tW$;uIk7TqcMV#Io(8_|As7w;RypFV!SJZrF+}o++;-L5}&_?4hZK>5yX38ePNL z8VeHC07AF9ErU=d;ZT%k$K3?Mn#u2fam_#|2+mDWlNAP*embE{E{XMTAv(0}J%k1G zLj8fkR$ivw`4kx4%J+galdmaXNx>2gx<21`^O_*F=XrI@Xm-mClHzZv>Xj%1Xai=y zm`RM=5@05ImenMNx)Gl{B5Ob!w|`#FxCs3FT;rE7#ya;R=k;OkoO-Sf$T$06I@RY}kl-_o(tHoy{kqFd%4;lawjmXH?1y2N<`?=@B+zypKcvWI zx4tmV!Gx2w*;b(+rWmc!eVfv%ve3WJ`QGogXs`0|pE{&>VA#lkeYu)edwDIj{WwK4 z{+a!O?@GqvQYPUxKlUH`_E)m+lx`;5b*;_{`C1;!*PliJ2lh>m9ElOry!J#8@;>Y5 z9pc7si`sfCxpixs`S9D*C3e7@=Y@rq3&0P4qcy2_u4+f<>U}gf`D(mD+Z(~(vTMG( zt^cl}Mv2sD=+`9gMjG~Qa$HuMe^p>!AZaQv)1O$e9bd_iB>jn>mz1+esQ5HM1)_A%ESVXefQo zN|8WayRzA`JA1D$E8J%@-4#5=@lv*aXSrzhXpn!Sr2lK_XA5E<47p-Hb)V&ai!;;e z<@*eT_w5TW?Oy&W?;4OFYP!lis$A6Sc4!XVeo)75!Lj*=&~isp+@y=-j_~wAgTN?T z@+Db89pbw+%@IeM)?)6|+4F7Qt}#uR1`ys|reCKooTCoxF z9@~opj$>sXq-KWaRRSLuC2o4D^4B_M^JNj36q`|c<1bxai4CMaOosu4V$m^dFE$Ix z_80rz&S#R&&*nzBNyrf(T((cu_JV~z^vF%;K&Kwu9EeF8Dhw&FZVrgTW`4q(bKcUa zilvTnqdcPzsouX`=NU7r4q}m06dw#v+w}*DRHw+MIan3hl|K3!YZCA1Dt6J@C%Jx_ zq=I*_$saTWj#&}9-!W)u5^g9II2|M*bs=nzc-#ZaASI~UHgQvu^Oq*D)xm4s4d0KQ zKJ@H;Tt;g=5cssl;}L+*oM^KSyreaMzs^~=Ca-0RuJv5Hh|}RQKcle_`NKO$HmyEr zzNBI@f$}2AZRXx$`y7gv>@9K!QvGY#M~{ks(n&(z4SCKf#xgdDGEP#G&TGQlCW!aq!5yzn5hb7OgK7Us=VP+Wf z`iqmHFwhV$oheNOC=JWqGD>=j1Z!A!c$&+-{4MqR#+(VHQ}O3qnsK-jGP9x+p!{T; zzec6(37I9i2;>wYBAl2}{}rf`0aJ)?O&z|O*|$Q?P;gqrkmO2rJKTW zH+PiBuw8^1kLYEAtj#EImR*nFQZ|#cgBanhkbj!eC?)2a@PsGuQNCdgN0a@s;9DlP>=2%+oelrMqk7-k;QMqS%DLm%T3` zgwn7wS5Fv3OLwD}-*aSQc`<}y%RZe4f;WukzP%d+pJBh5ra#8uO>E+YCHFO*(76wI zJ}}|(P@00Q42T3Lm1GB8N}A;Hhh(b9BvIidu?2Mo%|wNThksPDDpB%HVl%xaVC(uD z-?bFy-!GO`L8nCttqamX&MR(l=A7VY7nk`r*!(e2dS@Ku$LhAAT2?D$RFU zqdE$@#2408XRT_w3fhV^;PtB?rSD%vUTNxn$Xmt|@S)hl%o<4A=sZj*9+Y~Y7%F1Y zCofkkMldlG_`!cBER z$z~WMkD8%)gVAkC5_eB$@ru;>b7dA25)DCOLe}iLmgD=Z5g3S}Ql70%X(34(TUTDb z7iB48_Z2>ktth^rUq``PS{Tb7t(!R(zhaokqVpAL$jtk;*X2qRJGFVjwm%PO(k=nb z4=wVyE)yeMn;bvE!B^M9Lf$}a5l4rYxd4=bkvb|=RL^*dMBRt~$l=|tOFuVm<8 zxH~w&U_v1Ld8Jt+Le?d%77>Gq{~3 zn1OR&jxUX~rmB&7WY^mhnZ3tM-R5k!uZDZQF=G}h1&a2MhUGH+R^BQX7Nth4VZxZ# z%%7mGn%Ajh&5RWSSk*|CrngqJUZ>ri(2cYtvVw28kDA~HXw1v9seHN6z$SMcvc$(b zI$=-#aQgjU%S!yP#MxH){aKXF*B2k>wB>ZpSAO^(H{`fQ9Sb6TaC*w5=FeKGd;IV{ zdnFp!xG@#vy=Hv)BJ-=u#It7uleocR(?jD9^ArEHlyMKwbt z!3!t?FOnMdRQV>hFp1^g=2}udrgo zXA1Ai6ksgR`%T_w%9iO?frH#wY6Dw`SN<5C88=i!hdXq@N`!EU2VvEv(Qyk`@Y%S# zlruysUpz@MT5NOvLlTit&@HGJ&lA)(s=Z%km(ancvzrR)1&S4hL=y;v^4%)8N0W%S z)H?vZul3hP`Sbkv=#C|$cI%l>wcNS|eoESycGr3X?3vJ7w!P&<1--W*Ho(lW)2IO- z8)fU8fQm%5^v+CKm9pK;etv57PCwiB&5SM{q?+tJL6H9hs4;xYb9!` zQ!9jP@@h5DqBC1#@c5LVH(D{JD#3~w@}*^_G1Wx=W;RL3E6{;Y0ES0Era075qCL!S z)Qc5)W(eS;* zeVSpvu!*XeT%CZ3Wk2k{{EZgS&R1x9qhsS9^5^Bi?)w_1H+6|KEX6lTwDhO2Z^l5C zNx-9GY$mzN*KP!!s9Ino~$sl zoc-FPAqP#E`3r9=Sx|($WvtC}hV>`>n8L*_8#JT;n`FxM0@$sqb7~!bVQB(^HYBLm zRydq&#WxwJtuoLFvJrL6>GoUySgYtbEobYP6tZK$qcWZ*40>qB{l-dYsjI-jyrLz- zDO{n8a)&)Da7CwPTeu+oQPUl~!1SAuy0SNpxLEyWqBLvpONcyX!QqWHYNBj%Y8 z+rvLBFnz36Xiz(R3tD?r!2r<|JvbX33{^&Xs2V=zk{YH@VYKm9aK&j}ec(fKwF*sB0-6=rDbe4~3B5#{o>rKtZ~p#!9UXDIi#^X(6}phSaY@hbllV(o=B% zTF_#et0H1f$_mkd^XN|OO3m-i8D+=Qj(Qu{$0{!#d9?=cJCdZgm4^=dk$}19>sFsk z%~f{oRZS!Mq1(pw`)>Xhda4aw-TmoSCHFcneTCRXK9z78a>~;zffh_z8-4a_1nJ2I zV}43O$7-^_v}9A_J^Q98E@$$Kk?s~ZC2RrsuDEAhdW?VE#cHbMK@D8F|F*){xtZU> z%K{+kb)LlF#eBb_3hjlB>an4y*$VjSAp4F9^Enb!KFXNht5T01!A;R_*)?Qp@?565xt>>CzM=LJ5Fw3U^4TeD( zq($^$izyzoDVtO%w5S|fM}f$ThtLHF^2Yn_-lzMke#@X5?(9zRuVT_RNDevb^0UW> zv5(A1Do_(s9JA)Bd)_6K%`=7y#%f!3PC&&l-4aQ-UR=Wn*|pR$6~{lmql^NRQt}^A z>)L5AxZ4P|X+;rIfaUdIQAB)H#0ZRP3VCqNP7!UqoIA*08>LLR7Z$UdVcDfP;ZMI+9Bkktr7mvtm@&D^<7SpBIt#81G9_Y7JiMo< zNVY@mos`$EOCk07xA?P6Km*B_ZZ?fo%s0s#I}6A&ES>Z&5vojO|J!8Nj~tNdI(hFM zfw_H>y!LW`K5PXeFLF%qG4`l0UUPEN^*=< z1Y)%mmJNeI1)y=xQD5Pi#dmDe)u#&c5oXz+p-PogAL6znUsig1C2!KMFLkMtDt)X8 zAy!FTP9Jbj=IGuX^$bpUR&L&-{<0x=9{X!(B|wh;`;7de$X~;l&w8&OB5Io%c&^!r zB+>SSgZbxL1=OTbx_v%rCe2|+Ro37yTP#TaU}`>_TxdCAA`eiNt_2P78uMLqkhs;) z&E_lF{6vFTOu>8p6eJ3G=*lh#S8BTE#ivwY%x|92Ao)vhdXe{P6jVw5K4PW?Bjt9y zCa-|y+Y1#H1?_y(9R?C9N%3}jXAwa#G?l@p;~Qo@$8dmUKbhQ?s>_aEe!pzd10n{{ z`}y}d9UG@h%f`H@3`b1J2pV>y8o}1okm-21boszder{T_A06*Yd|Zu7xtCG91?Z;k zo+{sVgP35#HHz$y@-0_M7PwMN1u#I3akF8RF>?amxS(uCC~=Z#N`oS%nqVCA)JE{P z994Pj<;B=qvKRZSi~FNRT8sC+KxQpR{-y}l#XUl|#ftD@SRPJfrKS5*E&0Bb$TkIK zw%^E9WgzM@CF}ll$xc@;BND!jk*k7+9m?CvM}oehb{T)4bC>)|kC%BObK_;vYyv}m z`XSLT!}$?v<^2vk>PnWglo7~*B;>3$4%BeDlojgobjl;kBhinkK%4!beiTSiDSGKc zYk!T+)hyB;GG7-&hDPyDg$!NyQ5Np9p8P1CH);m)Z}hR%ws%%+dQW ziYxS8_k!P0p*I~4XcYAH=Ux)G2I1S0@Wyb*YzBXeO{gji%(Q*S4Z2}@Rg@JRouX8yiy*@Muya^dBf-!vDygIM5-a?J{smKzBdl9JUdBlGT7YWksbnNFnVitNze=Xz237uQIxXwadtd$4`jP&=w_tTaDoj8$|G zc9Bp~a+`p3x+L9HE0(DueBK}+PhAC8qP`lh>}7S$#p{6({56ojzfr$3aB=+?g>fU< zMZhIg{}Nom#QC8M8`)<;C0$7*TEU4}RpX|tDf@$mH{?p+UMgK`+F*W}RM<2PCW9;5 z8unVVE7$Au$=U@Kgl)ocY~_6_iHH}TIaDVMR5-PnjW%5`Cf6hxjA!$LMC7kr|D6AO zY}%URFC*$%zNHi2b89H?{UmVoKnV|@NARCSM`anN;c~UVcZO3SW+SzPJ7qiNhvN2k zBHVFRjyCJPYy1Gs+~(DWh3rSVyn7)l?8$J*1(3=qWQ2(>ftIDkhiv5ThYQk7MzPyp0kiRz*$)kD!-iQX~qhIoKb7aze%cZ86*s;96$Q`)7P_ zB!3lg?LS&fy~ZG-M04#4w1fU2kO|3aWL@>Vj$viszMIyq#co+mNFpL7v9ANIBP1SE zwW5FRCnbB#Xb4I*_hFA(clq7eR17J_>VR}K~#;e!S8QpyRp*~bA(i4SsvTmvU8`1&6@mlfPfz{Hd0+5Z9 z@$1{o)aWes^^=7=h1#IsGs$anaC%5##ZQK3VKrIvr@>D_}phaoiPJtNg7L?2r32+G~E{93+Dyl>wRtV#vi*vfC}2Cw??Gp6;4!VI~1hs z?X$?A0-DB$1-P9+Hpt&&k0qQ|d#BasZj*IqRFhK&UFaFed~Zl%41a;)6{VG|y=k?4 zv3)qBsj_@kdS%LH-n)(mea-&LlQ*I&!g%rd7thHpkfjaOr_q8n2gN|Vk2S^FAEHin zNP$N&`ylTo_q3n8$8067k9FALq1H-VdX<)C`r-3pY0{~;2az)K*V6gp4&-T(_iu#N z9-Jn^w8G0v9u?L3M7znN9sI3ZYqppr#ykyoWVb06{uX7{j?DZn;|ve2b!D7NlJ|5k z#?8v?2d@0%Bk0YU_bnUx-?~-ATZ*268{tHU#+p|7PKt>R$}6crqfuVV#S}afH@{p)}q-Qc85Jma=th=isn)3W;Q{=AMX8q_bpd2nIsTDl?k_!0Lw2-T`FegvqlV(K|9H6T{) zzO1nE)2K{H+RTM)@#jsfDUI`tI2o4OGhil+~Rpy_kPgT7Sexk+Dx-O7&s@vr^@@XNK(WKI_y+UW z5`&_#iZ9hTQzz#DhF7o~rrNOt6Oz_ zt8n5_#?XRrY=*H!$~aKPS+0gIr#7fEZsaC$MxNm9decwvd{b~Nv1K{;=9l-Z+N_#t zL(HxtTi8n6_vhXN&K-VA@^li-<7!zGwC2;_=Vqvp{VJJsox}6h`6Z~0-cml7i~(kp zU2dAYq*ypRZa8oo)BsR&&~%N2?oBU`5Dl)CO;mF@mp)7KLP{m^=-brYkmvXW@6O9x zGgPWiS?{nL`~c0a_WLj-7|gfX^wdK5?conupS!l=#>`jGE283^!^3^iX1z98|Wz?k1s=~0sc zT8%Y*<%{1~HwMxDd7G_HxgnDTr@>GAVU01)R29(ETtfJI5)_u(4NG#p=;{Qg(ORVIH>Y@+AnDotf&-BBoS`_;E#{&r2`>O6nHl~e`08L<=-r9!NW2GO%d)O( zxzZL7A<0ik^Jdu%B=-j-)Zwfo0+qAVUsa)%1_kwn)eg^t=73LwD9;(m7%Yx~cVDF{ z2B3-PqxIZwKsTIt`F8p-)ysUAORsBM{k5i9z#*t})Y^)7vs+)^=9}&io{2`mFfDmiEQ!;8jOFH)Dp%p$SRCg@vsaV z6zo=<_KNyAvCgE-tW-K_tOVL3zN9+_S{tSEaC1*21aSpg5N(-(5m>v$oB@Z%MOz03 z_u|7&BWD)A_xV2+S3!p55nxrJW$x_fJKNWOyVN^2ww+5+8xB|1wzLmvw||YFPWEIE zl6y2BZva=-Z9Y<#RcU;2ZjS0kV_ zb@D!&7P5pfL-&=GIxBlv*<4GK^*8CQ;xm#1#6EqmJw%Q0`hmfBYBKB-w|T;I!6ao* zvE24xr%bk1YSOc;1#La@`fx4WJ^tb&Vh74V0^?S-(y4pNf9QUl5>v0bra+HW(^#RC z?g`0eXZu^B(nI)IHd`gNl}`WzOf%TH1w}vW^z3@)Z9(sx3oipc>~R&Dv)8bj)_e7R z!YA8I_p86Lm@{W3fJsL(Ttn5^upEVrZ2FfTESpECpBR^-|`x-v1Ys$e5M$`W6 zwT)1!_9*csj}y@2uU>7Y4*78KB=qB3sjt~>Xz!xs(1`Cq>px%JyY=P_H`#pktdJ-2 z4~cIr$zZAf4xF?d18!?L-D%w;>Y-m3ZphBWJ?_$4$A9+X0)Ef{-ly_yESh+8|ss zF2E}fwbh%W&f!Kc*k~6>Jy_`Jrn-+Tin#*~p%D+z59Ljv)pmh?6U#m7-72*i211bb zPz%dKj+#d?w>iZ#Q)1c^^d9{BUAk}t^Zod2mw$cnwf;CdJaYT}{#VK$2Z28gDI=B7 zI7zk__Y%ggu9cVlt}F6qv69cr`~6?$ep_G>4EXAmKHZ`}(&)L0ByIUKay{>Y4l;nXPsr@eF@?G^=Fo>8BR zdam87NlRZsc0uo#d0maGYx&AUX~q;2*s@_bK?NybV>4z(a9;Bj-;)t1NU7A~b!vvi z_kf(G1;$03STq=$;(qp#_Q6o3_s^^Ee(Rw}zqbW;y$TX2C?9ZatgALN9}?{U6!Z!J zh}FVkV6m6ec6fyeL3Wf4CRq^ocn5yygx%7OFQKo&{ zOuJZhKER1#5-7Nos=EZ#v*$e~H)Mx$?UV^a@rkR}O|sxy+GwOfR<{13>U9(22Ash+_~@McR$a4 zJ@<9}uHQAo&r{^_q3e%H4R`O9Ue?TQ2yeZj?Jwhs->_zG8#y)bl|zm3Nl)SFV(v3_ z6zW95uZp|8p(6aKTZ{I$glW5P;y*d1(nNjUrw ztek2t0M=Ey{%%?!-9;Tt(61p`NSDiGH4tVejhW zIAr%6X>GFWT>ZJaVlpHZg9l2Fhx(`V38uPr*3nID-1~~nhbi3)xeat37@}=r_Z(2Q>dj+-(Q4^Ub3Tia*w=h%r!&vnzLtyi%IKM8Y4mmu2sIa`$YmN?!B`%B?qt#cAlZUlCQ)!3IU2;t5@@tYqiry4-g<%WO6|}Ju zRd5Fm&w0e;;dF?5H+w-CczDXE+QyBq9IrIa!{!1OR9q~e=*8U8fTx_AabkME##lS$ zv(D;#D57NV?<5#PbDO=%dVyDVIzIPkrIZ{RhUF8Z_BFk)F$v2y@@oa&j#|%Ze}u38 zK4nvo6YxWM0z582<}G3~iaMtLgDbRX=CNmrF;z!{3!^x2QT`8$vh9oIl&>6@EnoRk z7;~*5ky+KgujI;gfRzZ|dwUfyvujEf)vrU|5*}6!GH7d)H=xV$6DYBB&UcgtWUK1POanSk;&Es+1`?)(&OsLoqT4+y z{4d=Z+V=}53PI4yf;X}BpaB~u$gjqV7f_FdKoI{^(=dde>F?8ZRzvkdYAzSe2p!;?(NIeWw%L_Ts62I}apN;D&Mb>> zzqNDp0ww_GaOhUHqfwVXB>%3wSX~Cwc#$W4=Jf-IvOa;%=L+e*3Xi8n_)U7@stGI& zMNmF$7$!=?_tAReclO8?HC6^wGFUG>8v7V2;ogYHXC~xQ8^aAV&{LDz{odxK#>30~ z5ssxAqm|*gqpFB*FLJa^ud4o#hM{n}F97(mw{5k;a=06@iE`VoKe23m$O}n}kQ;*GQWVkz zl!Ay4o*v7VVXA;MX#do9#zH5{zVK}f_y+$4_qmmED`&E@&NEN7kjzr+f#t*iVC+rv z%ejZ)(b9&)2)KMvbN6hD;s+DnI&BD2TqWGXPX^ryAv_|cf&A1V^(BP3f^#^Q!wk<# zp5o@dydqdu1HOSKr}hqj8ff^1xMjQ|E9>cTX6EX#X}=DQ}xp2-EsfMZ%0Zi8{6^Z)-EKu3B_Zwp>c95Rt9|Unc*XI8}bW|RKFj_sq`+y(pa? zk*CUIr_{yWrIX4Hur~)QkQ$C(lzG)Zf{@M-BaC~%aQGO7|7ILkQb+UCSGT#0#3^z zwAp{co@_SI<8%)8OFq^-<8;Wus z4$4w%%5`dll;h(kiaOx#_@@f>;R(LRcQqvgZSukKDMm0uxVhVw6i%Z z$K%G(=oOl(Gs!MqxMBGluEUZ)jW0{&exB&m_}CUo^hLRhPi4R*I!Ah&EtXKo<2U7_ zWke&pRKjv&E9R|Ax28)OIxi0UzBtJPLm7iEK_XDhg~L zV(ALOMLHV~pTHZHTs}8rp1gRvZ%NmCR&RIW_P&v8;9-M*gY}d>tDet~9~f?3t;6Sp zTAjjN7qVvzhF%suoT8oI+iauZ3rC*Tt?ZXw)8Ys8BIPA)PXb=ibbi&2rd3R;Us3f6 z=4DWFlgQ4+d%Ha0@h~wufNS=c3(+WY+vlL3%X%J{v4`$6_sT*PaS_v z=Q9=e0^+Q9%!I>|Zf=t!*Q4F7@!mIQOh#NoNHI@NbJkrh94J*J>#kprl<7s`FRtD6AT0%u%sdswsL13Sm6;^)3xMmhyU{4hy2 zAr^is5$^rISw=g!RJEE`7)}uBuMdD)mEG&}ckI+Ko#{Y0Ub-s#MO7P~npK*)FYAD# zIqO=r45Q9au*O@#X>rQ^dZHx(N27Dh4Q-lQ%C>wl37BRzdTQ5uuOeRVvl~*bbfUA$ zU;ccnc?Dl^{K!O=w0bGhAz{KfRn0MM6p#`$0S@vAlYy_fG+7PL$R-R3D9A2nAaWBG zIfIGAZvt4FE7hgViwu;Ma01Xh)bymcuN#ZQUY9=>H;wy6fF%Gw{Utdi@E z7>KB^lFR514L;{>a>ZZRbkpSBa*>AFzW5-FcP%XP!Lrp+i;46cYp!qxf=+<#_r3a(Nmbhg!%rZ72R3+#0Rqd%oEa&?9tb zxJItSb`%j5E*UAa@snG`$WXPH%hVL;oI$hkI^#oWt>1uU4hb@ioGHUYsVbi?NNhQW zgnNG%ayv!!JTf@_)e}#@_(iMKhbR(v^B09qmkGz@c7$&8xeA1R)ozp2h35T6k#3#) zF=xmp8!>I4Bv8;7g7qC!HyRcVwc9sz=O`(J<6AZR*Qe~-R-IZi4Bmn#LwL!yUBRbS zvs07i!D(Q#w$U01@(Mxnaf=bJR`9)4m9Fb)DJ5NvhCh=XA#r4b$>C+@r-hyD(wHFC z0_lQ@pz+enP;y(wgC24d1Nz`DHA~1TrJKA}bSoAqa< zo@;=UN4~82{MsNIi$`9rQGK&5)4(gN7gn17X8u_BegEYVVynTBYkGo$Hl`flaB@Yw zGNgT2Xz1D*s^Cuuu-+VLvEf`Q z$@G?c0DqFQ-(=9A;zbrJo`%2d0v*%@#hlmq@JXn%J~=A+Z0R@Wa=t_q*1lM^i}(^p zGQqm&9n62oHi@nN=rbp?*x_{6p>cl|!B@O3s!tIN8SfO7pf$i6X%3^n)7fC5h%~#8 z2Zf$iVLYaHFmE^%<(ixxTcG#r2Bk766Wy8OAiik6aJk}KIqK6QU+tH#GR{KyBJFCl zZY35i!-u8-D)trP?KB}95HQv@2x3+BtEjO5?_caj)?sGmW<}=XP?$33bp<_*!JG2|GIQio`M1UXl0)GRCVp#Oo zwHohr7*%5mtWsDhzf~LYKJx~}Pm27^Q8kv$qo|S>YQ|!|HX=B6#L(p#k5Fl?x?Rea39z0f2!jwylZS|{C(a& z(yM)n!JF@U&ud|+4pl7xp=cJ#XCZ!ScPxGyQ9nxdvYU_g*C;Y*HKy5HDa6}m&r=<2 z?}f+>=4gUUp}!ZtzTm>|Wt5&kIW<)Q1)8Qk`6l>-y82Vt$9%f_5BtyMr=G!WrMroy z6|U8nn^*Q~+zNpN4YlO%wB02!ui5PWWH$o6qhkT>53n zJQy&aym;=u4tEM_urIB|tR`iOOnL}%`e91*V((@66-QFn{Q`IG=9^V1t05N1ZRI6z z*J-41Pqv3^p4#ZyADWgrQV+`#rk##=rg6egA2G;ZIgHg*#cIBC+=L~bP{;hsY5tGO z%8RnTa$NPu8hq_;vw;p^aiV(oOEYjP(Q0K2aw8~*JdJVf%u_~(Ky9)rx*^cg(YdnP zBSt4oK06Ripj2%Y9n83wh0%4tEqY{W^oYf`2`JwL1M$MahKiPPu&Pz+I5y?--cQPv zlu5qnQ0+VQqAh6C=;?vZY9)njX6 z^(Cx4UD?0w(*Q_+0TmkM_A*)y}Y|D|&ydS)!Ci8=@irpKv znolAbveiC*rj(5aPg_s8Q^57Yv=NmMbj?bOpxShy^_5Mp0>fyJ`CD1v&l_YX`^k^L zxE`)SI<$7UZxd?$d8BcqX_J#8fE+7UF%S@@|0_#2X1cGmS)9t4x zK7`LB!5`@g&qPchGGC@x@(9}B&eWGnCn40*hu=;gitire>c!dpQXMDxlW%SNtlTQv zjMoi=T3#D}+Tp+Phzx;8<17Wyk z=WvQ}!hVY# zC2vIyiEbJ!H$yI4G)jzlf=no{HXoQo`uv*H+d=uA`SiV(OS${*h9O#8-6JbGeK)&G zL@plhQMW|`VB0g`<9p!KlhQvD%WBN((uo-XotwwCi8(j3pnQO=pL+%VnlFx>V)oZ? z`j58y+f&TGc`monemIG63U_U-!vDYqp2*NDM^&)!-wB<5hQ<966tGF%cDz)*SD@p*;G%7Z?|3)yyI)K`v9?jg9J^v5kt_|PAU7z)L5*aqt(Ld!yNMg0kV`5MTgn);*%9+ld~zQFNSL)tY&<3L}>{N zLnN6Ankr3oiinWP$0M-NVn}H+*A)!|dmuM5z!D@tLgt>h40}`ZJ#X3WjAO+x@&n2& z!FgW`CH;>Jm6`1jtxvTVvg)5X9bz1vZ=ryLsvEj|GKML$hE9_>$8CIjrEM&NYyU{MfZe%+GuX)mgc?CBb& zXOZHBBK*9$RcP&1eO!}cfjUV^K6l=pg6(xDV{g|;RY!6|(m+<2G#al>`t|G2@%Q|G z&0}z$ThWZ$4ogsW&Zc)S)URg0vvUd5IR-g5I``>DnyfWF?P=x<6pY(;pj%#J5f{)H zJlOzfL(|zcZ>vM+@pOU7p7Q7n-GlJV%bb zl%cA>#6uAHYR~Oje|?n2ic6Q+lZark?Bw*{7^3H)WK1C1SJ@d!ub-`#LB6vBkrRF6 z${G1!&W4`;M?`SEgL7L0!^o!7W7`%hfng5VfOw5mt(4&q$pa1fZ==bJ_Iu^%NPE6q z(?PikpSkWItj8KBAFK%x)q{_2xT5xu%oi(ZK0jQ=GcHKWbf+a--@0*&*em-66IO7Q zLfE_%9YIwA5$1xYdM0Dz)V7tC40W~vx5vg~bIm<3c%F%E7rVBj`s6FemEEJI3dhj^ za_(qikDZ~C!1fFmOibc25~7H1(G0s5FWgmh;SgIMxUNn=OuO|o`k9-~IjZ$x#g&P@ z1l8cH4rx=~Kle`GrM z$nK@sNmF1_c)e7Dbe<~6NrwcYQh9;bRC+`FgM|~*(F_@K1Gcgd2oP|r*eg!nqP0p#PP2U@ip}o?`FN|(tY7V$^86vbQ!bx?E^7+1vA8e0Z1hd;f zK%?2AUULiKRNEfI;aymJc=^+YqtU*L&(zBeLhjFTpVaQjmm&I=rU58EPA@chZiyqMqARD-~oW?J(ykZF0I_ zv`v-I^hcDUb|R&G9Uf1v-8T!WSlA{l5`$bR0lOlEESrgWY@AfK5?LqN#h+CHaBB-_ zj?e`=(nS=4D%RUqANDLt_d!Z10rL~uE^5oQRDjA*S3+PHFNiDJiko_%BxpI;<{BLF zBCsiMEj~Fc+xbBBc=*)$ihjMTvdeW<+rFRn(z+i_{S>uCHLoe{aqN=sTmuM(T18Ds zc?`=r;~txX^Y&+8r4l%SVY#Q0ACAEnoa95hAnWz3n0u8L9uTmww*xrPS-ueE>Lad;8Z1FV7EQzkFgl(3JzJI`96ij~NqSDxUT0}$>@{B%QfumxX*bCxP1!dKZqi7pYlne&z7wa)ui zz2!@mXibtsjw{Z-ZREujvTYJDLfLE~M&HAz!M*_l;sKq0Wj9_Sm}=+#CM66k+Iyzs zgC8S4Fl4{^!Qe_hUd{?bR@+1>kw8F}QEdQl3s-g?L@XBCz22~hu)w49>4KOAB=~|a z&4vaCS8$tm$Og#2U$J;IZj%2px;qxKDRx+2QGgZ@7QUmj4vcU@(8A{ z%VTmD@)L>P`0U!tCG}|J*1gD>oQBx;TP8P(F`Xuz?6;Z6 zc4v^9Y6uDc`H2-xai`e~SWA#|1$<(WxwrRt)o1Use@7`P2FO`j={hU721kYF3(2+z zG1gG%@Kmg(_K*9BEstvgvdG%+dK%Vomaqm1q-1g-^T2vrT;!!WeE*w##lyCeC!!ng zrj*P49X+qUKeS+dE^i$xdK@fPJNFUEaEakn=BZ)I^i{_rd=*ps-e&bU-N)}` z4R2ricPf?7Y^x^dK_eShzFKcw_~iy14dx%md7HIbtUbP*{g|O^bT%)Le!zNg9CEhX zxNS*sI-q9#L5bUqE-oY9r}AM_yhFrS9Wz^gg<1KXJg~QWAp;rC*Rd`38BdcWIky*? zra~QegMVVC8g`2d+F2Omw0?_vpG%|&e~-zp$PQ1s{_!(oL+_7%R`;!!-v85_$rdZU z%Nlpofo-AOECl~qEnqCMTgIo63E!H@-nkUU|59s!$Z5v z!1WhQL}ds}uRz5}xP8G;g=3=FBGIO6LQ3yiobH$(p4K zcP76~3+xpc#4{8kYU+=d8pne%dUc&TV2!+?V2q|LPkA0tV5v)iYWie(O;Sprmf;c zx~-RbvyK|T00M_fnn-K(Ely&;MDAH``GCXCeE~{r(pi zs-#kDXz&WiBHFq5R_TDZ&3-keQ36ZjuU;vV&mT7oJ{Np970m-@rjEp0q~N4v2U+RK zC@)qb8mE~ZE6xo#<^>t7NXM}_0+|?CEK65a)7?GH9gMp1w6s>%8M}+YW(|XQfi@Pb zB9usT^MH5nw%&E9yopZU*S4tyEgUPu$NEPhsa3ZI(A24j2RM+tvu03VnvF}N+_7iQ z3{~VzOBKEi=MQtfAOjE&Tq37}FJ%*EV-b`Ns{KOt? zYkgv6u%cs<8QUsqJc*T>`(j(v^=QpM*n6wgcY!YACrS8t;b#W5X!4S8wk6Xu3#7^_l;=F8>^vjlkm$5sr#)j>$>ZF=s1jE~;_1yDwP^$L zf|LWK?Mi<`G(U!%tJUlZ?hbmDcIu!k-}uX5r}VOA&ew zfjNB@NU5x(yBHkt=u$KM@Cn*G1Uw)zy8p43VWp-0S|c%j>Gs<0xzYT3{`{1W8p86Y z1?B14H+`wyn^yw2CtU}poQs&*YBe%(pE`t<#=9&8W;DS4QM=jv``V#ZbrGK7fqZ+F ztuS=4u;!-@Wq}zacovsr${BJJnxVet^p(SFTVb(j{VT_pX5w)(7x?qoh@KPS8TANw zt9q*S6&jeS9EkQO-K81=oHQcKcfC7HY47i!vK~`Mcx>bqJTFuckTQ%mUhs$=o z#ZZHs_iMvjMcTv6$>*s~Ioa`TCJ%Ckt4HAwKk1y3Y6jFoueu#i}~{HRKkZl-KuX-NwB0wZs$Seeso4wAW)XZwNpmM<35r=6+% zp!*ls2mT0w;J373LEH@)zyeT-fa?&*z7GT9?-RAW|MY>ISXb|LJDhecbld2KmV7o< zz)Ykc`#7>aHLciT)-`e@9osMKfW>?FOs(k~4(rcQqj?w=xzhP)-$w0dL{JY&tM*6Y zNOez)j$<6IROz9+m|DJMrGYwZ1)xHWsR^<2)CJm>jLU>e6v2J)^I2*5phlh9?zBCE zRLx$Oiq;RSD^6Ob%4DnhHwJ@g5OYyOscl%|Yf-LV^lVdf{fNv^s0((Y8>mFIg`a4L ztggKSsRn?l=Fa%~uxBX+XjU^w0tMkcbl_h+Nd+oJEmRoNSB{mq|7;~vg~!c*vB-sZ z`{yck9KhRaE3tCbUMRU3ShZEow_~*vrrl@@gAkdfV4c_&<(rh+e!BEb_e!tUy0eTH zzF#Y~S0#v0j9U@v3tuS4yAr-cu6=X~?o+kk;u5{i;x*~Ju}W97j*It8V46%P&A19B@KRfxKdbCQcU#717m;@8%C7qkMxTqw3J9y^q3x9Xb8Eq=lj zi)ZCzCDU5siiJMCn(H`Nk?=(AD6dXk9AF#+vu4&KZ}!a~=ZMNg=itZrxb`yftg9cP z?P2hiBgUk5lRC~3;k!hkJbV!3^YjKxMFq;=d+0e@R^%t;MYI)i-fOJ&AK$+r!nAOL zW_y^v8F83T=e(>KMeG+mvVCYZt9LdqWXm=Jo)e*5SxbWTcEk6|8`1fcH0S)1;u;VY zUZ(kERMt>P`RReL`9ise`j91=zl^!ph$jHenLbPa?*!o{nVV=S3$S+^o(D2oN7ns- zwI}6^miiyHTc7c0FMs7gbVqzwaG*Hl$0}b$=!uYi-la_pv2de;m>cPvIYo)SLeJcS z{awRWm7IogwiuH|6O24Q%%LF>&ly_xmapsasB2_Pb}B&NPXAD7ZM&|gs)dnBpDWAz zw~)^O%DC7Ee=1hc&<}<@ezk~x1zG+qO80eA7SvTXqh$7idI1zPrns#|zK=`9A=h{j z4K5ahC0%i>E#FO0|7odazBA+Lq?~-rQ%~=e%GAZyVbo4=ZmC(wsj$nNxsWb(6ruiA z1u)FdQY*VJ`l;l%_G=fxA*2K&@r>cRqlk+tospZJ5+zwLEw+FOuYMpOU==9zQ?^ElZ;nQH-0;fm_{$cL*)3G*)IG%F#h z>(7bYq1$AW8&<6{EMBi8@CMr#WISy0CNdE;E3X!5>-YW^rmvWgz#9UlWz`Usvy0Zo z1_o2DK0`a7H~522rn^TAA9q-giak720@bDB(Q%(ncHS}dEuCsWA*mQlc-}MhHsQn= zRH@kv;~wL_f=+5CnakzqSect7uuJi<3)93E<1jkG$jt?@>g5^<`6}NhPd%-#Bdb?o z@AH96DlfNtWmC##WtTgDO6hkoG&ZM1U%R#1UlS~e@oHBZJW4DsSvjmH9u*yvk@HV> zr|{nR2!Wpd>%pwzW13=OLaBNsp1bBW2fFDl^|1bMm4L(J*1#HDM%Lmfn)$qMpSS+6 zE80KwFLwRLe<+;)TW5cJ{l-5(!KuF27R9tNog$h&5jP|)m*MfC*yf7Z?u!LD5X~OeC`b~5y3JyfjfPe{B6%Pq_cQA&vmz2;-JEld}Wycmqw7MGM7vM`ZVX zzo{IBUycgD-X3v6| zoTXftW-MkQJZ(T*T@n&rXJ-@eg|~s1pgF~S&|RB)p}!$Rk6vHZx$F}#B>JYrhMBDn zlP(*SolUp!>4pIe3rv!`t#M*Jdo>?_5N}CGc(*7a9|y}TISp0?do`#Htu1T$YyrmO zynCEiLCV@zyl!0y!L9_&Wdcg{b(?oM+`3#c=J1LmBu^(5;V#qs&=KMZ6Ju?^@o?G! zX|VSO`jJE3!bFin=9l4G*(}4CjEi0)y~PH_PCG(Qp@z!-vQjEoradX;PtDg4CY(G2 zNN|l35}=UN@2M)>8%Dp!q#jaI6F`41R=72qO;3NyFuGyEPcO4nJ(m)&2P3!RSMe~s zCy|xKA^m$B_o>@(+Vagp=m%cB}8+X!72s zp`Pr1<(StS7&ZN!l_~Id9skbEP2Q&H8#aTzNm|gGg|9qIL7;^c6Kpz9!OxF&e!>&Y z&b(EbtsgWwTTmseIUjRdQQhua=~s-;@66wsFOQ08>vec6rnblC30|qU0)m`xcLS7^ zxyl^TYeuAPE97p0;Hyo@HG$`jzZ?HuU;qE~asEq;<9|LVr+<_9(tP;quG9Qiju%hX z-h2{m{`p@XRp32i6fWmHP}Fa2YTPfE7j7RSG%0~>_}}D zm%F3`1x&F*v#qbC?lFH!5}y<^Z_k%|P+i>C@1*nEQ2!?CqLv`v%ZegGSO+@p}FMk2!|63PKEjz2RLBaU%Jjy)9tnpjxmGb9;g&byN zAEnF!;*xwbxXn~Nq6SHILN(Tklk#IG<3)?D8}ORaqf4Pxj@5m9Yml4xiVxuE&dnuE zK}WFf{`;mt_{*Z--+@Dv)5ri(98uLVPiPLPYXJ{ky!Va%uz|^-t;rxrY5|}>jDqq2 zOjy!s5oF%epLC0*+?`HL?sn|*DDYH(&{cpUFt1nG%+363-Py8# zhB>*>6!P?amsffhEZ!PxslOo#3ZRY=dfm{wQL55TD{3ll| zJT6){yVF6_!xPO%b2I^;>ZFuvqs{8$ufLDF3@`~{`YzMK$x)bNbO)=-0X zF@!cz**}*r>zr8Dru5n6*>(vlNq3QeVfguv271%wKKHm1Ere_fR3W~sTJq%fT@fEI zva*tSpq0yoCs}gXJAWH4|3?q>ol;hA&}R}eQzmSp*3vox%&qL20hh18;?UH|&&?~; zex{^QEM>(BHB^MMw!f$RJ7pxU2)rOH2buIH9 zWhstjV(aGTO$f;2EZfqC+7ODm{_%YatQSdH6jIjK{dle;B?8291|^2W2z2M{SVb-a z?Y}f5_s^pS2G18=bvb^fiOgrI`A9!4l|5Yj%F+F-fRKJCW9e^0Tl7xW5leaIG|eyL z%f;=g)<42ee)(4hC;A3Jp)c{D(yfP~;*i60V>uC7LZA$c{&mCIyVc93_rq7b?nzk@ z5Lu2DH9Fs?&pHES2mE9!H*{_@j;m7l1=m z&h}qg+dLl(hmOox-xaA-iy_o6m!#b9wy(b()B&H1w7Osm`xk z@d8=)2L!M}np@hkDxPMb$IA$w;uvyDpB1Q#j#siJLlON{JI>3aFoDhwF z1(*Lmr+C*D+CviEo6C{jZq|#XbUP1#w69W`xXP;=Em7T+5*vP$ffi@F83dCkq99;s z<5Z-x8HMn<4X-GD6r`)RSBkT%OeGr9fVA8~AQugfYr%j^m47@IIu(uEP^-*%UmXz` z@}Orb4w_gP48a#?K;oog@%7CS=H|QHcZPB=)CA4PtgTskw-^l6j@>n-fnTMc<`?NX zQVe`pCqm`q`K!ZXI<$K;2W0LcSo8r2=*dbyJ7ar~z|dInEKh&^Z_}j8aQxNZ2U7 z?61uA_ljg+k)P_VcBgB%GrNC6oE9sdsOryc{#<;dwQO@X@|VBT$v>jazbksl!6EPq zLyy9EGW()|{!+?!j#@nuu)kLGAS&T=01oL?_`*|8GB;?lD|FD|_4h+FKI?BAs)_`E z&o^#)I@!Xw(Y`^m_?0lK_gbd(fRaj`kVdz=hd1JJ*`Axy?PZFXHwn&ie zKVIX)SrFjD&%Gm64U>~Qo2~m~^WBu-^%Q%b{Cg(f`nm|zK(yevk5JhjL2 zK0Eh&t^>WLU}!vkC0k5PZ@!C*s@%n;EX!0j?_bqCc67~vP>!OHW-&MOmGJoDbt79= z1Plp*h)G!2zL$ULHDO&XS+|ap+AX6aD$`|ht0yAk!9Ih_WTwl&SR|~BWyIwd$QSgY$r+byF;|w4C=o=Rhm^}ClVQ&pT`)|OHkFl^kM&O zK!eVZr*26be@KP0A-{K`qpww>5@dKrID06dVw!d}9w7S)(^mh>Uz)&|{Bi|_{HC`l zdtU+t_0Mz6HE(3niImzqq*SG4_&O0$lL-j|MV|FUm28K>(!P0O->HokM3JscZM_NBtU5!kB=d(HfR zu?S&ZevZSD0<^xvvgwju9fqrhhPULxXKherh3Iju3y%Kr94HG}Uc0)_Xk0?jXy&sr zHg-2ZxhnbTOg-de)hQ~({JiJ=uNu@-I;!y$A|EWpE+qJdzW<2(EHJ9JTsQBk1^MT3 z0kQF%RU;F9kCIPZDK@E*NZ=D>O4nJe%k{ZCCejL8DdSjAY( zGWMn+t2nHY<}&_Gk@n4TOZ&k^*C1#}y4X3;8fLBv*Vb92_TjGJ0~63|0l+E3JnYB> zf|9-_F?P8Wu}=-D#lLeIR2TxSDdB0Z5a!jEd{0r!_F`D<3h1U%la4ln-qzEb@S&S# z=<0b+VITn^AFw?XAbtk@*>pBOnOk5$puC64`P;vW)PIYUu4-99awQi5+K<+UNVJ+Y zgY=C2Edxe89#kO?^^D@jBnT#>ci*qu--CJp;$X!;AWW-Dr~>_*360M8>E%QDc;$@z z^#ZOg_o+5Jr4`?R8MwA;kA-k`8?bYHGNA>qHBC)(9;(^~8>8oY7_s>yA})!5QsPLw zzf#f-5KtJWv}~k5_ROT(;dn(QcfNVW_lCFs9DdvOWP12A=GIM;+HcSOL04eY=$6NM zudnp0tbDp2ADwNHol4~ip*|xuZa04!w}TCNl?usPDOZ~BO5?*;D>wnTg?0oKE8(Uc z8rD)iF*9QO%m_HS8@JrD0Gl)N!D}vH#8Gli9U1OubhbDgzmS>Ppj=S%^Iw~E#iVAv zpr>t3mn`k$&p3rO#Xrvh3-{!LTxZM2Dk?^H5nB%YE(LUHn+1N|vI5ooqAuyrPi(DS z&sk;sS_9|#Rv~g`NIJ4o_Ss?GRAl@I-Bzs4iM#z*j&1+C6aGIUV$5+z?<{T^H1y zS7vtg3tatb{=uck%jtUdD80{9a6N-hqU?vHYECNV-NC($xbI&;LB7(F03!sSmQCWOzbq|;ikfDZs1EFu5 zFa}Dn-4$h&I4&{=|7O<|f?0@ArP;k2q;w2y$7r1dKcvpDFOTEN{@pa5fh3$A@5HM$ zCoD4jV5>}Rb1L3HAK(4)^R9l0xC-L;_D$l$0h-|z@#6`ashm4Syo4Dg-kOflIms4< zjIB8*U9BSN8x|EiV+myw6khNw&_%^<*4Hv_SS!y!XIB;As8$K9*Ggklg1ALu332P- z*)^ls(G}iW*_CimT6)vnKe}I^U3e}n=Re1{YLUxmz4fXKncbPT8FSlSO6MBw-Eq+7 z$DkUpw_Hh^i}OvQ(%jy`@o%faJ5JMMcz5J_vI@9MIYfy&2BKT45vDv_-5A|y9jg1s zZJ_|k*KQ9lU3tCkYepVFXqm2>{!w?lVBfjF?UI|HP41<~mtJPaF4^noz+=cH`9;r< zr^o$XiLMPC6Fg^Q-qhkPPuHDpwb0*@6%|##KQ)mNNZfp}R{QP}!s}#IdGr356HW5P z)ORz*V&Qz3{-0sq?m5k#rl>@&q7PoL$*rWmUH|6OP_pj%(=iF}_tlD~);|AyEVua` z9itcA^ZCIZ->%7reU1ZYXKwV1*7l`{EbDbdq~cT5!LRGRSL+udZ$_LCFZ>ko%M+D3 z%X@EUJ_hOb;zG3b1a4EG+}VdD(F65(bpNOC`}3#GdeMbpN=_c~sz=jL5k#YPa$cNh z3j?Pk`r+zDP44$^LPP170%0zF{q2|7fUp5!Um@&UhP{Tc7ge^EVVhm{a|rvvjQym_ zesurmEfae$!`|Gncf0KEKieO|b`Y^WW^9ic+l9#Xsj{5vY$r3@>&^~Cu;Vi9KovW3 z#|~w(W4r8NH#_>zrbDp#A#B17n?b~;RQ+|1SppS66+-8Pc|1*41R@5arc@p6HumFL z!r`Ld-+Xu2?wbko&gD`>l52V0mg4_G5a?r7WIOQup*XXIhMdRpvE` z2zqMp8msDS0R%dvGOap{XEH1`4TPH_bqM1{JHS$y%*gJmv6TV$4%veYdAqKu#eK~H zt{8QnWrd6QzWkx9p&y*hvFZ8*+25D7N$>DoDm;KkOF&hyr~2dPzeRQ7bJReom>-dn zlNYhoqZ+uT@HG&up`TPm3LMBt92J#dC?nj%E7cWqiGk}K--QNJc!7}&vq|(s7y*J+ zu+TM$4+XOHmQfON23DgFVK)ou*MGZvec&$7oB@wjip`+O_4%mS!jyn}4%`6E8&Nk< zKSo_U2(S@gBfv(0jQ|?~HUew}*a)x@U?adrfQ2)zhN2!sIAA@qcfz_FkZngIa`O+rryNGDVU z=}kI>-iv@BO+n?w^Z)l8|F!=AzW450_uc#6dOIum_MZ7>X3w7e?U~toz8sAlO#?1! zscEVKjvWI4j?q4VquFC4nkp(5_YL*cGk5O=u4idqP5=gA2v7&y``LdQO#?Rq03f#u0GxR7SDIBK08kME0I*a4O5=SE09<$q z0F?LqmG+lR+%3_Te^hsp_IupU4gmO^0|1;e0RUJ&008u+f8^1A{snK>X<3{!zT9XZ zdw?^*7H}P)32+5i14L<<1mG4x93XQv22cTEs(E&`6x z7(a399P^oTC+JR}JOem({KUyqr0%6pI^^(6S7ld&I}CpaNc@9k<-S5Bcss7!s9n)=A7NE-Wu6Yy2TP@ zl|n7;w0S>$8zLM5uv<4EQqQxHx|xW~Z8cZhie^gVU4{fS>IbG?X(Dd63$5Cvi<+$R zGd))kzDFqF&p{NZu9(LK%UVcGZLl%hCj2|842!)M4f=b@k%{VxQAW*S`2c!X#QF-nFkY6&xcs0?E%nlsZ-Wlne z(W_~50!QJHlXM`?L{N@_HwWp!d{B?uvj055?oI=XAw+eM(ra&UZ};2IH#_g-0qFW# z;r-6h3Po856DEPUjX^jAGbx0HOXy9%pX4iTy%j#;F)Pl;;#DyZ{CjVKX6Ie$KNVP& zB0PICt5qW&$`ur(=j*0mYjV^DY|XKhJxour#s~xf%2oy;Ep4qwW26V6sN7u24~gcQ zhnzw&yKKBOZP(SMJJCh!Mif#EAzKUU?o{lfj?$24<+KOcp{E2Sh6&Hw6frWe*Mk~w z5aB6#{xvIl_=F4wYiIcg2gABXkEryp;%Jn+f-H!8jUw0U8{D~%rE{uAuEj-EB7~MQ z@}jqFpMkB5=ey+k^T?u zIcpPzb%HKBL+}l9BJ?BL z@4Dz|em1cZnS)uqhtHUz#G5{Gna|gnXD>KklnxGftek;JTdYB4-#+%vx+P4Ksn?2( ztb{>#IL}^ONH1q(oh++lV!5v9O>%)PE@?Uv)be*@CC=_8@UP1oFv0x88XIa=6@Jei zR7DHL(VKLt^ z#_#7a3B3A!unD7s2S}yGgqF8Dh@chCz#~A_cRQY{QKNo4VSD{z;HrwcLD@Sseo+6s zyAYz$v$lLpnHPqBk3lWyNc+zq;A6>;cfLPy+}sfJ+8E^(dtFP}E-R8}Lnlg1aO5Uy z5Z5!;iC$-GPGG4lx0d)V#OV@37sx^g_%+pzwRfQ#MxLdbf=1d+fd^%R2*c8*$E4V? z=j?ZM0_Fm2B3FmY47xCIKCm7i_|El`_vUlLsZTxYrB|gIUp=!yjBq5qY_E^Ew?EJv zT$o!BV4oaik47zG?<>$BRNFes(qB%wwDU>5d1nS=V#x`dxZuTsdnN|chn{Jdn5YBHH5|(ONl2tyiG6%On!pv%WWZI)*(QO*~NOPwWH&Lkt9jN4s zV^#R;|59nAcPcV(!yaY58;SrvB^y89jo3P|2K_K0CV^OaFj77=tPJnEDy@A4V1Cr8 zmWdR_NkUZ(f8$P(*lGTt-+0jTW3V1@d+VdYx;!E66KL+o(|;he-X0g+ZXv6eE@Fdg zNYMuueZ6}(L{UUQl|49PD;+-qpCMyqdaExX z?jQEwo_zY-zZ{wWP=>hKO{>gzl^h=f>;kH-#szU#V>bFkJK$0?(=aMB;WnOf3D=Do zFARw5MlTXccw#&kqPjmx*QzleHX5VpWUH6$qH3-DGQ>x&cA`hPD{FGO-j0JCT>$(l zaAR!a_+38dy06ef10WoCOQ6f|H|3W*gFs9%K8B7T4|gt>qZVKia7=PA{Z3pPW7IQ; z@iz7aC;WUHBCi>n0+y;05qdERipz$4_I3~%W*|dul0Bt?am+!&Qdi zxVDDK9;J8z13B~@vMJ71#;Y*#Rao9TJ6UT)0WZoHwtTC+tYC$$7=gH!clik5RT&c& z*^LZM5r`v|pKki%#y*7nG~!?U7;lPvQ>-~R+VxRNE3(ZO(^g>dL8IzVJHyQwZgNgQ z9oBUr|8=|)nfz|YWu)Ww9!4i60kT!nK}w?oQMW=)zmcQg4dI9^on+;g-x3;J+Yxgb zHCooG=lY65gw2asDK<(@$uQpyjm}mO zaR>q^N|=&nGq7`foLyNd?ITM@qKixXegwsEYf|VGol?wAnu`>8zBof~h z=tVSuntDt}tIFaZp?_(m+2ZU$$>Rou(dra+2e_Xat`D z+v7^M47%r4bSF#mNBUOd5TG2oTREBmD|XJC5^4p0>3iaxOdgAeQetqs>YLBh{DE!Y z^d$go_5aU-NiWgg+CgCEyZsRWH5F!z_3Y@sa`(=Kk9Q7@z8w>y6^h=8%f1p6U9jgY z;M(A`W`W&e^kNyymyzk;R#{oulSPH`=Ebw$2niR~g}3owJR_Y9+9}tJE)DT8SeZt~ zG?|2KNk885sT_Ba9NXBzsqmE(v56pC=MCoq>sLkcQ8q8Cj1(P}nBC`35*e+UvaVj9 zO$sO&vDbKI_30jUWIc-by1IWrH7*)0{c?3r3F3uG9?FoU!l0^pET8=QSdTTnl!oi5 zMBVyc5cRC6e3ghDOTGm@Wr`n`IYZe{b;b@$8(?$SlEV||0XBdL)b5jaP&|G0$Frrf zj_wn9?2LsJ6PSfKkBu_1ip99DP$;<2ytNLV?xh9~i;v6GK zLS@xLBtY=C)WuQr!Zz%Bf^$Y3&>Jqw^TAv3?OMq0`DP<2tgNB*C({T;5icWTC$`#z zyQ6fXXM0;Wc^j~QH)2XEB?BpbM%v2khGmk@ZEE>MU)8$)2|qFu&~ZDUR~D)+`yoh{ z-rfDxV26IC%xEUwj7`_Ay3LbR-D{GOdXs=~p%N!dEw03k5fm-CD>|{c<9ibv+#nF; zwdMl={Skm%xY>0sc#B^D$9OHvX}V?JYcpqqO)X~d97llJOKIOJ{``zAA2gI2fWfm1 zd`AGD>wrsPzyEW+`j4i93QFRf3^Fww_e!*!oW&O!-x9xa*5~vJuszt6@=LFQXP%KE zp6#1*Qs-7KPbbCXz%g#eTkEq};_kOgH3en7ajX^HXSk|FrN4O{Zm74GDDb+AEes+B z>yiZPo#*5K&b6XXXMJE)+!8AvyNhmS+ukM$Pi<3>pP+lb76BNZ13Ul>90F){lyya%Gs)=2E1hjuAOE5 z+zR$vcA@ocsD&?i@0wB{+6LCF9sx2}tDC%FN~tNmx)9+A9~sreG9)oPrtpUI1<-9+ z$YQPwuUyQ~*U6p8BAH_8fK*b9G|TNl%yjGcx?*yP{e#AYuhY`I;n=d$1u3E;Gx@#z!J$LgzU8i?hqD z;nIDS_IZu*S|c8Vs|n1+&8>@codr?Cnc-e|P1fBgxI7HPkf-%P_5G{!8JPPy0#k*M z_Jm$`ni*g_;e?ohHCH+w0p14q-eH?`SNg2@J#s5c)%hW66j5MJoo_Q}#U|!3Z*38- zU6=MXusF^Qep-qaF@SI<**M%IeXsm?guc}DiEVxd<4hd=aOfs9bw}R&fZ=Xbel$ML+Yx} zmbiz$q6V9w1xgzs(n(qkk>?fd*Fv1-$f&IKRr6Z$UdQm@EXL@RIjz)U$hUH_8a=#7 z?|gaJRet6c87-4Ilr3&kyGRmv^-BR*rfIc} zuTgVFD{&Ka6$?7J5~lzgBRwEKYR`>P;a0-twKOE3(J3x4?>IA*GtC0en5war$!xiN}|Hc%C=!q3C8qe ziPv1G^&T;%eAM_rYt>o6E?9h*xwzhpl8Pz>Io##zzkRfoJm$PC}giW}v3 zdLK3jqb(%pj7s}6*Tkbf8Zw;b%+YOXI|7v1Mw&oC0;k)#ZI|U`w%2%c?|sa_BGIF3 zZqBXZe*}1@aA+W&W2AF>!DCnjMHT(z7wW{!5u6GN0D36KuG=Ewyq}os-kvFoc|7c1 zB5^ZyvBGtHSX6`JK}?xyxRCEw5HEI0a$Tr)rS-5Wpg(L-qVNcSNa3C`C!eu2?p}fn zyVpe(fH$e@E>A*OzFm1;T>q5Ic*;!JoZg;#=d5y3U6paorJhpqZ%*%jtZjIKeB~%y zM(@7KEDIOToEefG)@FO0xEK9POZPdp?o=zLs6PqE?K*Qcx;}3IaWT+3(6h)_FwNoH z^@HYv6{}5%a$ni8LYBi4%E14L3P=CjbNHVi!$g@7ugt#Yq_X%A8^9K?_|aTJ@pJ7n zR~&Pb7%J>$K9)KVb87@kguW<(Rr%I+zsn-{_q#v-ct^P`bZsCdQi+~ZqW}tPz-Gtp zM7vi=+tD`ku+yfepd4F?Vl{$6iK_)9MLeHaln zMtrrc80c$6zT9Q$hpIsIy9}FH24f&X=1n*v83&X!npfj+=v6DK3TzPX@NF#Jqd!>o zKwdJMbjuklHGmA6Btu<&)^(=<8w`ty&z&#hI3e4vX{xfQAY86f~ai zD;46;JwJ8#ZUky`aB)i8DyQI4ue#LsfCBqvg<9^>QCw&goSWNYo&i=7aQs*g9<5}2aIqsk?-O=#FPED38Zq|~cqnPru zfSZ$oAH36?ZW*x2RSK zD4LrfZ;GZZc#at!0X&^p&E6;?K$viErEh#g)yyoLA>Nq%!j(hgRBJjcb z8yS4eoVByF4vuwX@CYC+EVhy5nbvy*I09U}aRjh7)Aixt8$hrambg4W&RtfKTMF)g zeemyDzBZpPvNQ7NS4|UO6YN0xe=8C?3A~f+=4%Pp%Uvaq{ z-8K3fG;>(?<^M+e_Mc!q{=1v>|ChS#=(p?C*EOeECHlr|eTW^LsZVD^4gooXQe#}>l_kAB@HfB(db{~UxZ?6<$Q z^SAvB)XavR8YnWTLRnJ?u;nukFj*($9yqFyaVz0UElI<{DAxh*QhW9c_79tzN6PQc~ zc^3l`WZsgJ48|nZD{zo7MS&>Bhl6E`iu9Z}Kh+Hk<&vWLk(I@Xmra?~)PyyP*J=lu zqg0y`_;vgkE=S!8tk##o3;R4O5a;V-zpM>Wk?fU$IKpi^nup7f8^CF_Z30BDO82y* zkpSuHQ+}9!S8hn#l={3?IZ`FCF%CIuSq;0dQ{(y=<~nR?AP1C#Khk+u^{}s>BT@%J z;kHTq&=1-lQf3k1_)xU2?$h+TH42Z+QI{xnXuAM3MA%lAu+2+x^zB zc=pdYzOYtvv&#WR7UvKrdCpRNq8>P_;3N|7t?O1Sy_Jbml$(zm zb#dMlIPRQ*>4H2$&&_O1>&kv`*jINqUKS}RtX3fS0SjR^w+KXMQbJ_Mh~B})5s{!b z-R1s#>E{f%l?20?A2cCbLtpuKlv3K*H13rUxT~%J*{*^r-N}+f;`FLg4J2YqRI&iE z2KK_|jcMgan!PmO-erG3jS7wywNo-v=r@2uE23_u?o9WD0e!1-MplL^@T)FEcJqZ4 zBk%=!`&cILNs3n>156S1OqszNA*pK}hukOf!Rg7+Hn6dbCn@>8T2UxT^=+8y9qsz&bu#{7kmU?ee$#171A5{ z81Vwt4-Hm(!rZ-l7)VwtH$2Dk{4i40jU{X9LB;t)<;_U}?YeiaSN8(vTn{IW1GRc< z7oHE0`3{ooH=>t6=ziCjI77I51PC5S@%W~Q9-gZ78Qp)jrC_$l;Qp!P(-oh|&yA}_ zk)MQ>vmE|j=1$&~*E7%r1}TwXieaj{qLIk+YuFYpgR<_LEoM zulS6JG}iUhxJ(6fT*yPn*1S20%UE?utGbi%+mB4wC%xB?0QDQvOf`B5fse-(*A5&1 zWHGY(4+*I4$8#B$2I`jVtM52)4McwM=jGb}-b|4FQ*eJuVyhzXk6!%Iq3FEwpyeNt zCk}8`7gV48I094-sQuaLbAPfZ^XU(1UHL9kaG6uVa9>fg;lj>CFTohoV5j@A9q3Adjksy;Aw$1_;%(SPBv z@CL#?oub~jmicp2W*^GJ+_K`gJs-uiliO@ePxZD=o-*geFML1U`NwEwVlwlEoQqae z?s`G*OGgJOk|SaAYz$NI@2yC!@tT*(b}i5LK^62yFIR63gLl?l%=i+nwZDpgIs|rE zCAqC84WiTK0Oy|0{-Yxe$~7TcG*QGKvEyM|)T>-vm7&43alb?)$9Yt=8(A_v?F0+H ztJZ&40cn2e?cm1)ll{mSAKeE6^`4E?XlGt#IRb2T^rl%Nne6gQ-w6+N!G$2wt?v=C zN+PIQejZ9|?#p+&-}2TK$c=#_)Pz&^bzL!!&aGpHxJjQ#Feg);^Qu`K&vO5I`u@2R zy_)))7M))DFC4DFH0u99MKn|J-{mR#zkXPJ>z30rDy;^kH@=6UmUA8Vd`vQpoGTn# z2WF99V6D%1owv=t@i>;O&V`a39jT*N41ODct_`X>F%F1)lsT6m@!|o9C}iN?udtYH z{oxKc!BO7FTWDQ=#Kk&^sWU@Ji^sUEfmn8^buJ#I-PeC%|8}bMVrkbegw?F~xcQk? zM}m)rpR7jLv_pCxgYt5#g$^fP{G;{wH%gq{gHL5ED==1U za%Jdty^f2|VP|FJioc_I;D9n;h#I$u)2qj1x~p>c=VxdYqaob?R+8qi=$OXmI}rk2 z8db8IW~HoEoAweZ8y^;lp(!xqAvJ;*tQ9Jx)PAM5oFU>iounl6+wjk*d*{d#YBZ|M zKlgs5*mT>De3nAHsJ-!Sv70;~l4pSfxD$7~1hO(wsfW(<4 zoHr??-@O=)C`3z(=LwBRpeQ3R;>t`{9=Y%1Ex3+}J0527?f>|=`zrc`3YE3qVTlDg zxsiaNf0gq(5G0Z2=E%9iPOCS0mwZda0#(D2bk>oYX zJhny`Qam!`JYL(~{1V%wfyLcSbSLyD&w3B$2ugasu)m?i%AvqPoPV2VZuR1Xbf0L1 z(2nz}hG+#IM8v*_7lXXp@Zxg7_5zdu*J+bQOZ6N0xJW+W19cb9S0C2;V%_c2dHsAW zq&-A~+yNpTzXwX$yLp3Jw$0e{W8%BJZJvZ-QuSNVHl+6h(A6Lbv|yA~_59EmtFkfn z6;U7Hc-}~72^gl@Q%4c7FEtLd*l{1bdXDdO01>kI)us*o5KAEv#F)MA-2EVWy2W$g zQ?ROj(FOVdvsnEbJp~7&&iM&`Di#$i$3NNjwi`2Yxo#`>GHNA?wqM)Yek_IMZw`ys z2s~dyg5@;>0KfmKCI5(6bKLE1KGhcz`6^gL4%8U7zS$k;-e>OeW~h;Kd04u*ET*hW zJ;QuQo!dS(IdL;D_ILUYc<$ow3%L(*%W!}=vF4oXWrC{yx01PT@z-vS$)~na(QWa+ z1HJ4o*4``Jj&Qg_wLkWdn(^5>+4{H1emRE4L9SR407prvc{==Sv(&kD$=~Z-48Ds0 zL-BJa4ZHO9za&L@M4kxHnHEce2I-UnP~B{~uphr9Vg72z_Vo!P_kX|XkX2ytFWhj> zah%>ud}|?-`z_G{FqkZMzrYv+Av0SF4a(eTRFG^i3QystJjj1t)DP)l?S~bN;v&># zWhh<9gb*MkO!IS_>$b!*1?2XKPP8g>6*uK(rom0X|NH<%p~9iRi3gXL>5q!bM2r*1 zuT+v*(3IOLg@L^mOkoVpcmLbPceK5^Kf?0IQfzb0P~tBHr81?0?a=`qvH!14j(Kle z3oPI_&Yx;#m7^|pV-&r#|p!I6xqbHPRWa_8(z0u z7B_<}>U^zoK1KeCr4A`Jm5y-H56_}r8QEl7xq5IfRB0^n7>^%>;j^6vblO{B`Q|Tk zNM1U!{s@P-(X88^9zsm=l4zm&_wNuT<b5v!zxhwBTS_G}eud|}a(VXYyB-AG4N_R*8i;5&T%pX1wtqJO zH6Km6Y+|A>e+7YH#;@5vZl4mCqvg4K}RA!AePr7OMYi)0&ZwZ4`I%>4mo<=2W zQsw3Jc-J{!w*CI|=AS?t#zL@6q{stezM^>~HtSAMI&rjXVDM~s@y>!CXL1S@HaiV{ zaURG7;S+3n+PY@!!AwTdhiHiZjO0BlMO%WUvozsB?_^gtS#M_t@_Aj^mz&4=a;CNI zShS;ZW-Hqn^mA&DkL*xvV52U4i#TE_jBJM*oEr&V68BR`b{x&DF!rbm75(A0l|}9j zNfuWEB8N-DSOvC(0vKX)9?Zej(YXBOaE{|f91CAXZI{iTl#LG#y(_iMWdEoUM$Jo6 zfQVuw&!nK<%Y^r1UgtYa3`Pbr^hf8`W+}1gU|=M5zDpC-#ahrHk@X00x9T@nnFgkQ zBb{*1(hNtUfmu?fmB8zSAANS=-}wt4yl`?7bQ!>m3)wkK?er=*X8N$O55O=9Z$hzI zw|bT3kf$P6M7K5O)02MaB15s1h6SC87!MMRX}spLmnOzU_eOc@me1KP^u3t< zPMk*xOzP<*EkEUn+Ojp0Y4TxIH;h8Tv|ox-g83MH*}HXma}yVuDTUC@W81lTIhi4Y zKuGb;vF3dW6U$Csn>9F064+}cf?R-Epz=l@yn8N0_a;4yV?b5k>c-A(XYH`u&2>;6 zSQBKPR(mhJp*C(_uWiQM^J$Ed$QP?rEqvnD;!#;?DC|eL?|A)IgI$%#hb-z6Cj6q+ zkU}=OTfIqZcWlHwBhy^CKX+hS?|h&Anqm^ZoQDTNl?BbK?kzWG*SnetlX0hz1*GBt zpVC>CigaC0vqD+brje+Wo)Rj_Un(3f=iP{RUW9&n_R14qe+!=JIWYhv`1#XzCs771q^;SSkECB_hqPt-O=J)I-I>&yj zois?mmHp6Y;ri%jw?tR*RSWyFmW~7vPeGo3<#=1}S)GPFl~!`d13$R5-Rior6dn+3@;oD0b}# z@R(i3Bu`9R=gv4Sj*svEg-DQPDWBcE1JO2Lxxl~RyY~ZmZzPA=`*)g6JMsFOIL(iH zUV%ijaX%Nv%zeu7rCtPWq)+4xE26e43#k0GW*Kik(H5`H!esufMCUVDwM()!T>h}k zb`Jxe_OIuM)K45ElZZnSb*TiOI*_6*<9%`XV;SK9RM-)~al@j|X!;y+dw;cKZMN|3 zZjcVtq+DMK`V15D@?z zGZbeEWT7T{Y~qUqzH9ggAP#l6@`Xi|@~hXsyr?VjZg*3hfuN?3e=EA>A}Mm)_ZkA5 zYlW8st)vx6Y4f5M;>fOJOhEIA9BEiCmKd6cV>hr&c6<7@f>ZJsb^6&dRd)CuuIO8v z#>gnjlNEc!N3I)%`Y-NE(#q0YVy4kNlSj>P8I}1H_9NzMrttI*kt@Cbh zDHQ1QwKCC@nYy8F@bI{e_%q!7hQqDHO&kKOebRYVL@!p|EFGNh7r06C3sW_hUdzG> z0ylwR(1sYwCFX{fzKhR$WSCd1rO%gkbHw0IJ25wxWJDI!0vW&zD`|U;UdvizSLkP} ze0@#uwHa*~3&`pbT-y2y4=(S3Stp#;$oc+Psms}Rv-I>}Q>D>xp>&i0qZryX-;J5O zY&i;rcFtk4aoML=B%f32p1R+*LdJA9Fxo3{odf&y3x zD>qh)67QT-es7e;Mhydl_tHmhIrH`3p=sMpFdQQPDh+SD`4=(2s>k5u@9J zN{@5s^y!=1NQN0ndA6RBHtTJXBQwzMmYF*jmLj6KeyiC zZJ7o!?EQ+Jmc!Tx+#7m)bs2+LRgzvg)WlzD7~u~VFSXh09k#NEbGH~E3r7&%?U+-pLaB0elg@4CpVaTdf8JP)2@tPJ~gJ9aM1C+p{lIyyoU^2g@e-FCV?4~ z3MI8vdxw|kLi9~edO>4bZcCJLapEYP!)3m4Kslfy?{GnFUG{OdHdE@1a^|1w72e0P zSu0t7`}e=Zv(T0(>Ofe}Pux+GL*aS9Yd zA-$LHhr(U<#)~uBgRUIpTD7wBuT#3WS!#=EM*(QhjrldgmY0M~qcD>WHb$IH`CWFG z^_(*zpzox!4t`t(5t{aGnDbzDElkkCIr7v?xCl_fsw+13*ks-Fd7g>P@%Jysy_)%EV~`s*psFf_;m3=$Y3;c${S0pCR%Ms%>)!0rHQ~v&qGq@8nq`6~tY&7U1sOn$ zI~{yQ79hT0Y>M8h=y}wVa9+3x|EE3%*gy?|EMY{_N@SFa)_~8eAzVrnmB}JJDWh}9 zgV2C-mosx~`uE!-?m{}rur?nPR=?skZcy1B?O4%!8^%&F=hPTbSga#5G~2@EZMjpB z7S#xp1G~Rm>;trG7qOyP)b2qRYXx5AxK0K+3Z7%C{`jz-cUdSqqRg*i6xp`CzA+Ie zV*$HEz!~^{Hs{Z=WMW_l*_5tpVS#a@>P3N231h+QIVhQ%y-bQ{MyToKoM#>BPZ*GO zLQw`8;6(qXhy_dnC|R0}axRlld2vkVPnDSQO(=Dm9#Pm5a~OWtUGOsq&qZ_a_jxje z906L70R6jwW8Hec+u{{UI{e7hU|o~DV1rXd+hDkv=n_z2qe!~X#fFHDz+p)j!C zr7q?2b63nn`(aHYi&M^d*}1t{IZ*_49wJDP8XXs5L?G}Wa)}Gj8H|Bs&y!k0gd{Au zQq#$4G0SvbpO8(AJQNMH!U#N!Tu|F^MjZi6-ZeJyKA1Rbyq`}1NT!h@aA>1njxvmSdB0|Cnh=u_I601%;9-UD(9$QHoCch2=g>8JoR zNEnLh1u_|u+S1M$K!Sm&d&Y6&{XoJBh%yMS5raIt0jvA?T4u`--DZViM zOZ%Wa6v^db`(AK|^Oa2IhJh}>6dO$3IDKw4v;6YHe1LB+5Yl*y1qh!Kh3ffRu8?)s zYMCnXaBzI3!cE38uo9Q~*qtsN-mX$e@9uiZw}Gzlgs2B@g$>#KD-U5;{1iS^4y8?t z2fU;mAg%OVzw_2=U+{;z`?^rXTqxk@YmWe-?_;V5!hO$5zl=TX;;_^)U9CJO~`5?5Ca*h11}QWcYfD*8tC zgl)@A%>Txx(;s)*vHdB$JB8S??br+N9P`0(u2A!XWm13-yDI!H(m|va?&8tu!0lhk zssCExaVRa)Y?qu1e)vl{re7-r#7X`iV`M&`-TK0Vz;hq9BW^WE-jd;J80yGA+fWAS z9Tj=;;qBMHx^GQ!y$wTU=CpJ0$h=e?l>OTfd^XPZQM5UcMF_@piR=EcpD)b*dvLtw z^=W$83=V}88w+EhoV>7`k{4|MNSUVENs7Pt;LMsppg3tWY*15o`Ig*tI_lLr?r z_6dI&l5g~v?>lu`xT#Vi0ca{{of1P`HRWiLs1pz;=J6n>?k%XhSLAB>fA_a3yteep|*n@f9A7A5B&PFUQ*D|7y64&Sp%{+%JRCyBJQt=^b6(i_xir@+;} z7`{`O*(q=J_TWP4bX7az%jyC-(^k!zIpe~s!Bg~nCcd3 zY3aCbJLUF1WH+fC;x|Q~1XoCKO5uwihWixYcycmAw%Zq0rE`h(^WLq)oaTb1v8c3T z4@Tq3!)IK*;H;{%^gLZW3{2EV;>|&@~}HI^l>? zScITUFPKoHUUWCq*?G~ZdExs;0sjwPoIJWmhA4^*gzDYS?4vdt2hKM)B8URip1>cl zy`eHu5znxxXirswsPJ(8oW8B#J)R+p^NpTwMe2B67Q>~ruSKtJ7=pyR^v2?)j{wEi z2Zh#J_$t)53#Qz)rOt~~X&B6?xj+?{l8M3RjbftRj3e%%U9S=wWLD2E*y_?FL5uK$ z0S|Qu1KP44`ijErtahIT83~yUBnrsSn5<&tQeEXj$ zpC2O0Uooumb$t}a#P#I(P~M@RgY)MXUZzQ*BVU0q%BDfE51;mL4@R`JgOrW{4L=I9 z(Z3Q?e_yu|wVcJj&~3fx{_WIPD!Z;Nk-}h* zCHml)UB)G_@o5pZe+I|}!W_!HMZ8oGQI zv?I|5AgW%iS9wOjO1iDNJG7KBP?E zD6G#-d{)TRztf3Y6J}0mTxMWww$!<%Z?5{RDz*r)n2pm~ZMZH(@dPwh&%`iRWt7dmDa@ zMh&g-C+BXjRSzI9wS~?ZbtwFUx1W5PNz~&Lc7%_`;mmvj-(D zbNPN~5<%=dD!L1qn-{Y#FXtO0T-$G`VgS^wm2q^s;i76litD(BB4dCs7Nvx;*6=}9 zaOWF^W~(aux-|OYMzCif2cPGPfpF_G4l%DTT|_%z9-}A?L*gJ(I=vc3WRc+rS)d5n zUW>%(nrbH$*W1Mzz2h1Q%w1dqHDj?Pyo=%!zMfYTjHRsl%{HgBth2dle`q917BCKU zdIp@flFWQiry$}1|4~0n`tS-fEFW>X9P6)KTON#mrJ3ZAlksuP{%fArd=2JAU=UDL zG@;3$B9_b$>GPo3Y4bkk`zpKTeh2(UQxmNFRCbz18sL`Op*mAc z(WRMsU1gjy;K9^h6b~To_g@r=h8{E7vdCdQ+&se&Tw2)l;`I+YE(h|L!v65UFDF9k zsqop>`@tupOJTv|ZqAu394Wsa)A&^t|FN>aQU4XL3M2e4Q(F<@7lOtU%a2SYC30Z) zm!XTt{`KSpP5j8Ik1MJIJHZSh=e#xFKXuE{v3Q!#ZZ!BzG@;dHpPhX^KE5nE+fzbm z!~cB}>*VWGgY(8q*VL#wQYZ`=!@FFZ8aEw++^aXJls{YJTcorZ3Y~U{N}Vn*g%Z znj_3Zvw3@JAWt~1SXNz9g@K_+1|67AZdo&>qP0<{65XP6XcU(f?wN3YpubI#2ghD^ z-<3S7>a!%>P1U2Vt0Y!+^B3vIukxM4e!stiA__=04=uG8j3KMr?UIJ3JyYo}+Zn0o zOF&!HsELL+K0SeL<)J0KU45HGc^MfcO;%Oa!7<4(F}nHct@eZ;TMwa~=n-4Zizfx> zTzdB$h)%rrBX+=qUh*pQUMX?1myM74pwj92X)A^gdlJ=-vYH7Yh z_udcnTKC-!VSZP$fRo zSz~IMpHpG@&Yh@*&z-RrNaTprv{56-j|#9l;TJ}4ef#I`3&R6PF{=)O-_Na&Y`kGd zAiZVqYT6aX`4dciL9y<8Sa<5|?Yq?)F&Zx*khkOWskDKlEgQpPK(s%R;P!&^BC*`W zUIsr$hkjhr@e{BfbT5-cUczy*gm8)SOr*DD z7_=ii4Eo;H_>kQUWM&}!qxfo87f()HuXycKHDYiyU51&Tt@>1Ew(J+P2mh(B!WP8*c8YO^sot!SIkDFAQa;+Pl^-@XFUZb^aef??Ju4) z@nFKa6K0|Bb9n!mm*I-d?doQcf9YnRJ%v((`Dyy!Z#?8K*eZ|({W^I%4%?QcZ`P@2 z940;VQfv}ve(J2}pW-N_Y!>mg^LK!j>Mw>#&YW+Z_lh>oNTwW&7IXbR#fx8Ty`4n;0Zf)(kkyI!1@nI=c zwUnNeXO{O6H_ZX9+qnl4men=dTXWGxn-~mGl%<1)Gn zt#Ik3xFz-}xq5tcx!`^o@8g(A3RL=IswU4c@AD^o(6)^>17KdNV{g{`FOQ#vi40Wu zzgodZsi{Rz+x0D0-$}x6ZrTnm+#Z(iLDz1;0vZPLpshanQq+On}G_@LRCm8XJ z!AxUlfw7#ADRnu6uzIF?%Vl6}3H%3az16+T+^17-JnO}ug&zEgS(<(wTMdMnZe7_s z?|qO4Gy10X{YlN*#NY(wbfMCsfU9Av+d4taKE5a7)0@9A^0)O}Wg_`Y>NZP-ppEQaFI!26eY4Mq<$-k5D-8Qb@yvj1_UgMHS>ea0m$`&N z!~vWrdszGAwE{iVj~K2cx4d1L+k3YWTSUQwglQ#(73Ch@m|D9AW3?Q4CMI7ev98sC z$5dByy-SMA7hpaWM}QDtCOh*3Fp8TsG}No8c5-v^u~DvUY#`j_-Ci;_|2c#G6F((HK=K2I4bgG@sk{t1j7c0Yi`zhT)u3gyNyz=jb z+!-*XlLID%Mw+y&D^#8>zljx`sf9OBNjfZPVP!-+TMOdpN*+QAFyhGdgzUb>Gqo8h zH<04lxBBd^k+L$Q(oW7g2z#RMmX%4lm3}ai@3SK&Ir1SRr&V?1E1ujQLny6L8>b4bz)Sb?pXj}M zbtwEeb#=w?&|;C?jjB$8J=~28XLQg1tPA0dkzZ}K2AdTC!RW;WnE67uI=dL-^vxYh zn-Yx7Wh~Y-;HDn|zM#)7f32&x+eFTLqOlBb|MoS|P{gIQ;`wF}&wIy^Tio&1k~2`OIk>%S84O!CqKl_Tic`t|JF=U0`_bSI3;C92s~eP^PM}cMpX>- zqV^@Q&5V)bDp1)bW*)B*{@RZvd<`|P=Vf8IDw4yPi@qvdOtTsMsPcJ6Xzz5;1=MJf z&~jGgyRJb+{rD(69v^Q!KOw7Og9U-0)^iwSR9In;o2-~&tWh8%WJdh~wMNLmGaY}Z z8%DINGIJ7g0&Tq9i2N|n1CuI9h0A(`QIu9Ep78)>l+K=%v>!SGTs7YWw|_Y_Vk;RJ zF7;LfH=!Po^KFa?gyL+5NKWWLHD+LgG21EQv6Km~C)u@+TPUg{%3c=J`dI zCJsFB*%QCCmlGy1qzvM=%h=7bBB+Xx?K2&G*x?vHQ7Be8dF>nC%uwotwi^Wzdm7fI z?VVL+04pYZ_eiwC&c7U=Owvz5MkPArP3{xcNz|pqDBS8a|3$zlqdw6a#g^-CpS;+r zUrKq@17<>;GLbkm#iHa0AjR*mB)=S^;4S`TgNhAnNYXo`|CAGP^_tjF`R<8TzOWC| zj8c&!s>r1JD zpg2Wa+$qJ1x5d3cLU1+?!GjiUOR-=DidzYqK%h85i@UqKd(mROY4`rM-M@F_-t)Qd zoOADc{1L`T=9;$VT4T&H$M}vv8zZkiiAzQ)JgO@TtVz)kruuUAT25oM81n8jA2mN6XBT8Nd~UzJ#vu;hxZ8+=+VpR9fllX>p}H;$pCBK9_5 zU6DbPJC*Y=2#?$Y-<|ZDrT88GIAN+YpN9%(#a4uwHHL+uomdJ`JwpYr!cm;*5~m~K zR|=FK6vBy5F0x*&4lVGV>J&^3uh$2O;m92!Aidgi<~|FOm(4S%)~?>hfOCcNRXTa^ zX@b-1iQCi=-t6suuGcKJ1J7^#Rj^Taam9ST@iN2ff4!WjBH`Qo3bRGGs+oO-g6MKT zU#IvX>+JEV1f<;!VpTU{p`a$yk115i*9j-_xuVsH^-oN)7$8{;YO*o!+(I<1+yg7t zS{MPk7DKuguhX^Ltc-I8ZUNtH^PV^fdJbbsHCNm@G?m4FJ=x8)F|oHp3_}+?Ys` zU{KGAoI$TtFY9igOlezPaB<`|>r!AK0ukuH>NsLuattRh^xl3lC`L%Ksb~@G)A5R-i57pg$o{f3t3%lYn+tL8to@o{sN|5-W~Z030ySP(sf4>Bg&pUqO%f} zY>_ai{44s8O{AmTM(`93K^+D@F>feyggTS(o8Hcx*_LMKTXnNY_ttS64b;jCTQ{Gn zXa^(8g@%x2DLNnG;QoNDE4Bze{Nx*k3<#Tid3jdg>F%ziWUe})>f-?vNN7P(PS@&P zr7$YC#O4l!0GW$F1TqKK`;OVj{K||1(+1Obv`>*&a{@50igGW@d zuin?>9WY2O9R@DtqoMH2!)iJ0Gb z7Xb5)x(F+A%cjt1^ui99O4~@$pjgutTgC%y=C^pRJi}o4H6x^4r@zy%z@&P_3^nEZ?sxN4ZyvSpKNKPv`5B% zA0KhGZkAvBv3V1XmLataRWp4i6S3&1)B& zeRL#nWp&lx^A!(XcVKWFH#*NgJUVh=FxOW7>4G7l@@zKv;sI$4iIal%9;J2XU@SVoSJGKsCRLiilh#$)n* z2{RCv14=!U*S6=E+%atKt5Pm)}337R*dhAs?;)7xY<;vio~}?IbGYll)hmke8VVdvOq_JfynPr z+|=084IJuxJ5CxSEdH(-WT3O}<4gOcd0?D?xSkDf%JyyN_fdPDSU%DJb@|b!89zPa z3N(^Xe-caSTC}6&HvFwOLARclUGvqw;7$UKccq{D^;0=x*`)74_i?21Zvhlzu{2(U z87Co?qOGPAR+4lnP4@EERA2neqE)sdIV<~Gmsk-oFH7{4*E@nXM!8T`1(CS2Qw zmM1O~5VljsLi5 z;q_cL=*#!c;+pv)(~dA`IMM$<{^S`0M5NKC=)G!}~a3|L{`Z{l@dDmtMD`-dG71S9zk|6qdVT zV5{YPpO61ygMEaHpBAj0H^9y;ekCXPZl2?T@khC`{`07E_HrW7l~^x<%jsR2U+3M7 z{hYytx8k|Gal`kTO>1Ko_1iPTw7*ifsnUfG2wQ5lRt4q8DCytF7VYvurEQiTEKG~d zt%y(c9Zh`Qw@tO*6Tj7ybQ%4JL9B*%$M5vD-2<8(3-@i$({hyx!SEAaQI}dzo$M(Q zy!zs7aZ^pw<>Az#@ZadyASL>8OdhIPiu51`Z!-DvuQBVcN~OME1$P3&d#CMVKqq|e z_C_kcYF^-^yts4BXkixoBZ+$(k1GOFjg%f5T%O+=uHL@XGykOBiV+$ikMk68VtSp93eQoi3 zY`Q}m`%5S;)<=R1I)k{mq6n5} zXO9>EWrsV8n`l$G(tkr!IB}hRjo<A zFL!7H#Dx8_2$SY=Xm)|*_Q_0oQcVM<7^X7A zD!biLwq;LV-t+X>{$Ad|mTfMqJyd(b9-PTo``3G zV@P0NNew{vZc28*J9~e|)(ZcqyL0D!QX{*1m5zK2LbUCSjZ}1BdLu$0#}RUL$=F&x zmR-*;6UFxN-m>ZXJym`kbUA`3C~Qm3l=J=d>)z^%5rYZG`#xs9)e>`ttOgyg!cGQ{ z32zIL6kQF*`JVH8&G-1_)s?I~yy{MM3;5i?wJg%=v3`!*+%l_USpk^H2NbDms4AYh z2bw6R5`{oYyCKfR#Kfc}T9?n*m@-;Vw(B>h2cS1~V?za`SnDmE?_P<|oQKhnWwaSg zorFG87dm1oWz&fsQWbO?&T;8U&OW`TzbxLiLw3~Sauee^`qgohCTyLz@y%hq_kj1c z`U)9>iQO^%cGDQ_d`3hmKwafI$SJkVej!oZWX3>|KptXzyH!eqKi4>M(?#e z^8@eCbu$chXUu=QIJNrEuH23z=~d@h_*fedrz(5<_b#aZeld&qt2fq1JYuYPk2zAZ z%$uKk;XVFe9e|@1+#eQ*BoIUiZnnqDA}l^xMLD` zDpguF#aaUrbqtHg;5kTF)K2^Xl~Rj&$5)1otnrDJ<5Kca*QH^gn<}=dBy_@}->o0F z+C|4xS*9pC5I!bR9T@ukZ1;}n+LEMXlN3R~!|U<)e~6EN`XCO_vlXG3sPN9$TKKmW z2k3u$#o;|ehLwSanG3fo7PL3>pd$8V^Ho;SnV24|wNHP!H^I z=Cq8p#B4M4WHF~j3>|e6@*9KsPy(Ei+~V~Ix#c-rS46JU7^5kdm8QqzEn<}L^F{CJ zC+F6SG`N7v1H)9`Rgm3FgA3-}O7Yu0`7a)ug6ZBlbu4)@pb1;o!iAB zo`UKp-TvNq$$B-&1)&G<>BF-?7;r+9gUQ$1fDza2~W(anIWS^xp6n zoq&9^_>_`fl<+Wh$vM6G=|tII`@%1uW?#&oFuP~#x$vw$!MMiqbD7=<>3`Z~PG#{8 zT>{0e=jUUa7~FRkzjK|}c^opD0v&V!OEbJLjw z#!iqFWv?_tQIKj5`uGr?@gUYzrRDfc_!u)lg!J|_hwyecq`x9oe9v61(U*h*xG(mF zcHoGVoc3!gF?ohXkzCTT#R)bau^T@7;Tk$trO)$gzmvhXkKYBJ$_ZZnubL<(*LKH9 zDED+}oZ$J~j!xe&Fu8IG(6}}I;tpR{rTTqJuSoYq#iuCOD!Gp98m?|qaVzJ&jYb3 zBQi=~4C+V}7PQ}Hd1{ypIyChBXk)Z?j-5674db2qW#jbBtc>^PPpfa|&eMOj66;7Z zn9dz)%_{{~D{b9w(y2$W$SOl}H-QCHiZolEs9$5dEyNjoS+H04X8mgZ=wGZXCSj3O zKxI$&ubzg-{&vOAJeA(3Fq{fxBkug9Qa%XAFQcj|b0cL)x1U&ZsGDb5#Ov39Umd>G zJoL$^qEaSrJe~xPYTLe4>T)VOarc+G9DF4enIsp*3Q{PC>^wuB)#(Z{{rKzv+{YFKv%} zcUx+#9E%T_-*o%|uqcHL-=%!D+u+^7LBkQeOHH4^Q`mOoK3L8-FD^W$S))9Fe6*@Y zrsCS`O?a$o@zvVE?YGh-$0S_pC3c2JN5WG7)5TQZop_$ii<^>!$26Y=q+BpNmdbHR%62I-1@V-?6cywK8e=nocNNVyv-K+>8ssXBVqX1Z(^sQjSsYq1@2P zWn%5Vo`1KCevelFw~XW;v-cmVtii?^P&y%31?&ejtKJMIDAG&`H!cbaM6ueVEosy} zKj!j?y+Ul#B-S}IlpG;N94hq@md`W$Jw*An>VFG|)oXV;FT7j5F9*@CxNC|ag}8~$ z*Pn*V4$QMN62M&whQ)0YF@jyPY_?8^MJW7y@OFlypf+kL4DBDM*bjmGgpcjcR{9+4 z-CZ`G!Z#n_B+6?LXa~<{otqv z2+fPgcO33OUg$=S=W$|J)I*$NI+tNRogwAAa|L-dmOKwY3&MV0MKxnVy=h@Z#N{<#)Fdb!2Fl_KxxaKQgBz-> z=#Hb?P*fE8xn%B}*3NV#;h`*6wnQKuuP>`ge1zbFm%7xgL;PL{Q)AMnV1h~!Txk(-bFW&;@t)&AJhQl}JP)!~gLTelpDC_UnJ01ggrSDLsCg`_aj zZf%wBNO~kdN4Zkdx6Se@(q;5L3mM5Pwb^n$4QCVR=1h!bN;lfaz?fZ0`K2bhhl+%m ztPy-&-S{0yTP3-VTTC*sMy6e#C=FG~e3cfE;8#I> zRf<5zjCqX-mMx+Q$(E9`6|J>AKKtiVNIR|3fx^jxG;G%Cs$jZ}!ZK@4Fm@Uc~jT%oY-z=LBlE0$z z7d9Pt6TmTZa<*xSoU2Ums2$?7w27R1FZrQ6U)w219tduWqB|yrmlWDs9F2j}BeYXS zVtIwF1~F@~fvW_1+e1qJFmzgq7$L3o%}4R%Vb<@5C3rn-#-&V5T_`C6Wrt!C5yQ^=G&K%zYDii4R<78wN9T1Jd^@J=%OsiQKcg6I)k^dPcS=M`r|{1>79rG zhmTR6RJ@8o(B*C*d0FkG0PwKH>WA5)}f=prF#Cnw&#hPeC*I)v|CK+JJ!n5b}G4zi3RuQJwHx$N4n5 zF>ZN6n+|g`!;MFdEJoWakRujjOB-}jw6s|8K_5Bpg6|q{(j9S7%IiK?BAVwJbJ{)D zJF}dBSli5CTpvPwuM+ds=;T0W;5lOUsG?gvQS)~$X=3yE+>K=H;Z?M|)i_oFDj^sheq6U|EHBYl%E*U2&!dBO{rUn%nnl5b-O}VUg*>Js;g_w_9~>QOg_kavs4D zgppvizj#e(@X$6heJ(K&IDN~etb3DuT7`htxa&igq{sT)70PW7$0vf~C&kdc#jc-i zG1Jhz;S#Yc>+LG@MMl5w;>_nQ-K@&(qt4dXRu_RksUXhZ)EL(capCl@rV_xN3qC<8v6)CILW<+inEXk%SXdpbKQ^7VL zy2qiclkT)G^M0TUK;bFH^$E_h7y#f!n0uNRpK*~s<Ha-`q|AzbFp`j zVkdiszqsCV|0AEz#gLyG~=Mg4?T}!AI=1d)H}wtZm4Rb(nJJZBp^cP zq@S|MM>Ri9HJP%0Xia^8vc(czM2QA&7H>OLiRQ)03M%9Yf=3*&auPqD`w^1xkNb;` zH)ucymabC`FX;EbStK)Ua;>tx9>0lGw5*`6=KwH}0;*sy7{hhiMk`%x5c`G1@Y9VI zsk}M}g9X5U@+d9Lh+-T14Z{}R>Q+8iWm=w|;3z#Z*Q0Es8jZz>7aptvk7%*Fg zsfsooyr|^Mo@V44sSge|7!@$JoKhY8SCjKFL)NUza+^(} zZQ&Vdva>3R!%mSr&hfd}bdWQS>@s4RTzW^HgmkQl^j*8S4MuuN{V4>{2?PU%!HhCJ z9AgCT>U=VL49m^^42T{Bk!a~rhGioob|T|?o>q}g*a zaI#Z>d-)cP8FE|dM9%KftIqBVXj50xH;np+D@i%%&{DeX4SR!6isEx?wQDoknCCYe zuW*BRg4^^V2R^igJWS$yvVz&H_XeZyoVzEHZV}?03UO5m!0Wy1AAiH}g`LB`kS0~n zw&f|d_g)a-T6XyIF24}_RZ-}#+N=Fmxdgtj5k7JJhH=yPPmtyC@?SNj|EizsKh{xU zC1n97&!xcKG0tXx&Qtw)lSYkPFNp#c>P-dNwiKkc<*+tlNUHPAQ{g*uBZz?BTSG}E zv=UbMl*0%v>kX+e5GyQ;t{Q_m>hlnZ7yZ#qr(kvKDI7a(~pVsK`reU@MZnRaN082G|zcw#ncQ?D|PH| zUsU)NqIWPDXtaXc&qR#=F1K%EH$m*HpV9O(zPl84K|2DJ<2~T6cu5gh_-Ck;#>Pd8$4 zFw$H8oTeo-K<;PprXvC-7It?a1@oZ znjUM3$PBF>Tw9q`++fS{%X6t(mKb4m0Zy!GB!CL8iwVWDJ&F=A{b1|C0JwTV#>v({ zT{a*1c*^yH#ia4c_zrGGk-P#r1~(#dU}!+Fn2uFRux3G_Eb6ZHWC_hYnxx7 z|7fK!I;Q)s@Q~&k&NP&h4n8+1$$(dJZ7LR z`8^XWIYW|ixsnyEm!|QhCmW1|gMH0fn3++0AqXqh4HPWh$;8fsY}k=@Owv8S69VB= z_m8H)fueHd7rQ=uPRbnOhjHcw=EOM~cGu=qthw%!DpuloEbbQ(0K_BBEy4;h`4kR= zC0=&C(j&B>1J{rthV%xM@10iW$U4Z8OAdixoVuCCSDUWTyP+yM;uLv4DKn?j#uvvY z9VRMczw@8P|G2O%yz=l^bPhk5oW;2G-LGu@y1g4ZBHnA~dE*$bLymlpuHQ%Q481NN zZ`1nRX{fy_--u?aF}Zj%w@!E}O?+}x2Y`!iGA&{4j!jOoei%PVo_w_a8VmE;_qF{0 z>*e2P;ctKcReJefogj)*7K_K)*(o~>#8yeCe$za`+LGk;gm`+|X8%4(syu$1kCDK<~cB_l@}z@}Cv#V%YM+b21Xm9vH>=?Hc#*NT&l4Q_;l0r(LGQWbzRj z_s}?RxYTJ;yfM(2L>Ir>AkwF5ZW&Xg^yA~4?Cg6KXk{Ii{tv#Dlra)cZ%U;bIN^=f3&M=yv1Xm3x&oY%oTXbG=r7s)Ws&U zWO7%PyEkO7m~{oLGQMGaXjE*e6(d0~;XgkKZzu)M(iV8c}^;p;W5Rvl;$%>(JC9%Y{4JOPbP+MDo|c$>CF3Ta16+vY3-6eEZs z3mdUTWr{;xx0U#y?-N6ZJ||UTgL*oPgiU7-WvU2F89qOED_alVimJpyoK;Y@1ec*$ zA+QMKF10bUY9|R@z8x6I1BqoJalr3eC=0HAnNae8?IZ!AGpF87xVUBRIDmXRX%NJg zotcu>9m&*z7-ej%AjbALw&^5c2zcKBwP=`Frl-t!3f9NJ8d4=!ib!j)us^Z@M^?KDY|8Ykqzt^fuoBJQv z-~3QduKl#>FQ@#{dpb0$UM1DYYfk6@r;;s9Cw?h7c)v{jB*lrs<(+X96t1r^N?Bi{ zJAX~z`S`GCfpeq$(v}CXGQ#(r6Z?}}<*&S~oxyU3Z-=cKFwpMro<8z5O^7@!X}s)3 z=k7rA{Khys2-|YqIN~kcdH=;06mGZN!~sR0z}-Z{dK9zXgn| zSG-K?o8=dL6>jaJUo8$kKK6)uUP*X(GfMQE$#KewbqXgF3`ek8bv=>R~=7D%Z9oHdA0;+L9HiQh~mFPQt{5iQo*l6xwWvMi7J;*FI=a6Xx@Ty#v3 zsk`cUKg)cu_=~Vk0bx!ckVjO$QZ&dT5-)49X{1<&RDtnH6uG)uJ44Y{U_mspn>L=1 z!3xDQ2N13KSrFAL85`ulT2xXa&G*>6*2ZcZoml>>hP3Gb8bFEa0F_g+#x53R{Ymdr zvPr&??U1$BqAT#pqVlmRQL8JZCC&tb&HG6M;6vN)%v|o9O&-EC`AAxyH?AefAj|DI zcMpIXY*?e*aa?NNN(c>_0uTYcdyMpwEG?~YnH7}`PF#*mMyJLtLilGwUK&>dAq>a& zSmOjm(TTMMb1EEZlngSEvGQbU3Vx;xz!yWpwqOl}IT;8;4^a zD$nXR=PwjXXB?U{Qp!)&6sZ4pU^hYyg2lO#3|2#B=G_VYhG7?Zowff~k&yVHGGmLI z_`QJ{X4_MOxlQMZgjMA>-AKBm>560h?JTq5`MC{y0(f4s>7lPWJilCXmZra+-DR5j zkFTk>R%Tz6OBXvDW$6JNwd*qaaY8C5NJg@y$laUA>M-Y66VW$_6+RTb3A{lUW@ivck#t$vQcH(i!M^aKh1si>72M4Jl)Mj` zvkyRnebc;t4ypHnDj*(XEdmhh3ut~Pp9bTIZh@LvX|K*mCcrl-L}8WVev!8H6*hS1 z`0{rAcI@d*{pEW%WbI5oxWpE=tyH2A(BK4CTRWa}uDv@o9fVcJ&jLI#)MyPS{`LyH zQ9r=67s9r?=?z!&7*S~>o-Hgd1F{tF3YSR?Vh~}y{=V@4&pfgG`N*QTCz&&&5}qX^ z1Ud#C?dHYx2(BIK?fhZLQK|g$x@Do+fd7L}Bi1^b zJCGev5JwTMSc1zij8%C#bZs>Q=}|7}C?IVOFIU%1ts>5KO%IC|IUMB(a57>%>& zXls`+$eZG~Ijq;>x)K=lc_Jt&H%j&+pYPj}a_jnuhUP4jl3|UPgR_X8{r=oZ$^w(H z2<>JA$xs97`2FR^7G31sO|I;2*TZS>XHahLr&_2rIM(VivS(GgV?#D6ktmvv5--&? zLW?54q$SUaE+W2Ul)J)bYJPY}kJ_Tvf7vNbv!DXiKfNQY)V}`$`3)oLS@oS-e*v~( zM11LiZ1RgddeEG%+`DLdLw@3b9Uk5FM785w)%Ao&o5>0`bj)x%zo1AyeB5z4hdIU{ zPF=rE=TGwg8olsFOAEDKInJnp-v$No0CSACP0qw&MECp{!1Xpv5+F6#4kU_4)!C2jI+af{E#QX`#`E;WJ@&NlYiXHM= z9pF>S!_1Y6bBhgU_pQ}b?1)VeiF#(RPZ7CuIOPB=kLgr`wjL zE_Q9)hvh_-=7wW&aTF+%=p-4{x z2^+Z=GC~s=OyZrjbI~coKZX{>UDd2@9lAmjC$oY(sDwI0aXzR-CT!<5J6o7)KUi<| zKZnmgZ(d-|db3Gmkm<>#amEUjk$btU2__Gs6TMMEj1LrVsxd1(e4SJL2`JLEsp=>v zi%)npOMep^Ns{BnrY&cmbc)yp*?ALJFzD#1Q0SI&v%+dgZ5;R}MU@HMZ~0rlW5~Ng zoQi8r)98F6zFHK`5(er5d7}Y^e7&J$iL6aB_9nog zHpXZ&coz2c5)11eb@xa&ElKJ3USk;dc`dc`@^eY(1~`zrkNJ{eN>$`(C6sKL`Mii+v!~NWcWIQ zCq*Uv0LpwAefc;;{+E`c%G+u8l%)8~DC>bKR>0v-nvVsgW~2SEJ!?cycu+W)>-O$i za1z)yO3KZYnVAB_{z`N`6+gD!51ncf?Y}MhcABH7C;>|dT0U4f(0&sydaq@b)eLEj zU<4?`+IG|jpyZn55%ok4rBCtmz_d(mxjxeRFoHoGl~3Y=d~UJTY1)Supp(7~MejEU z)0DFv+#Z$<-U-JwJYd+z+iO2xqkkj*FEI)lk3~_T^M$fmY$9e=9ippVPUb9XAu^N! zq1DW@>%xp^)Y145C#f1RP)>Kr2-so5C?3S!L(+)#pbY8#S*T-FU_=}sjsI*w7(HT+tVTk^Im>ew^U4?2MI@$@I zs?IZHb2fH zsv#Q&fD}iXx-%6AzuE$%lo?kOo+dr!laf-pVFtf&Wdwtu^5mVXU`#slEVP%6os zi(<2BMGmW{LZP;u>f!XZS_KbGA8&EI2___@x4UL)AxInwHUTQbj)AcV1WHxRyyB+- z5c1DW^H4|l(^reAch_istSJmh0Tn(-(GiX6tu`pc#8gj9|HPjbSdFU%_lj_h@+0F;YKN;Dvc2XQoD+cRuYVv?3oU$>i6 znjc(NUiPn+lXwuBA8(#0CJAc~`kv4t97*;~=cLcK;m~;-UHcKDW+E~~$wsNv0^}Ji0~I5z48ASnp6;#x{Ss;X)}A)=y|-*YZP)d?Y;JMH0i27rq4YC24!dKZS-blKOTq{ zq0@{9Po<%ekGM$~ovHYMK`c6$FO+VfbcS?m{ zUk~CAu>6}P5%2cjEd?O&mYH!tR&VvrIG!TLOV%Hc_%Cz7|9QtCG=k<(q8?DXPZurd zev=n2&lbyo*9iTE?68Mb#KD2;r8IBOdwtYhKIxP&FTbbL6ivC2$I8C8xfeP89tsi1 zrXBGYc-=K6-Par3P4437e%MZZ08S5oLu%=9dmR{!kC5TIex#k9sMeh2&eto|&7=5^ zpDqSUy$lB8b|O-C^7Yd9tEiMliv;xB9pHWG-YzG$ebZGk>dsrCqeXn&-}(MC`G9P~ zu$awpiUJd`(ZylBW|E4^K)||T=xpt??N}~gwZf!C=d=gYhEQzNc9t*$y%YHYqb#cT zd9)4zgXjx7lTO|x{r+*Gyh!YK3WOD;p{k^Q!pzQTNM{Cv_#U*`01(u1PZ#GUB7Zp({Cb=J*Z4F4)jpQoKN~rSjsMw<$}^HR@}^!ngS&`=UY{WT zBgW_Whrhayf#C+aFgI)*$fN>FY_QEt=d4+3RSt;?1%FC~&aMk;&j1;XsqpQzqt$RB ze5?qMY(JkC7fMl9)nR}btY&*6%s)C2DKVH+b@vo`6%~zKRwv4@G1`(!WXw6Z?)Uu# zE;C#so-IJ+l{3h@A?t}euJS@KN!ewZ$kCN8LCgvwra_{eYe_pD2)GZHbevHEttAHy zUqqmHKFHHBNOLVC&xH!+b4g4%an_oBxB}2^&Fj^pMF;xb0r?Lz5S+@?02DMmROLOa4BKFa#Hxh_9| zok@Av8-ys|#xQ?{-IAezbnx?`Gl3BJ<>E{t9ZKIn8(B(9V#v^1DZa_OygfOg+Zf&P z<#9s-HT2HdMnytPHg2O%B-sp4qw6Ln;1ug^7)WztMIi}z2OdQ`(Iamw@(qKl=;|h5 z%)4Vhh5>1%&IqHWl0Ua5y=AS~1aWy;>L-jJ2I3??hHLGSA4+yfhBv~&{hL`HPdqk} zvwH77u-AoLO{6eJtj8<7H6XGG3^Mp`{VM-q{gT5U-HY(b{lWxR-Kf*b>ox3F5YA1Sj-`bVqRfnI@DI_zG|_UQASqQB;@@@X-di0Ak^HSIy?yp=3EdBsCf zeqn|dFRnT-kA*G6H4x6K$|mqgkWJeW2$D?oqk#E^bmj+eJnqU5!Lz ztLI<&3h@P9ckvaS%horHz@cVzd$AvEb32?)YQ%oa|{__Dq$Pv8sqrE!(p0$5F>ANfo zjK_?!Kb{ZtiA(5$=tILUKGhZLK?OZ0jr4e%k7nCyIo0wjFqri4hLDt%2mO{YjAN4k zA-~EO1Y(J#CjN%;V9fpyE(3gd20bYU3z2Ksmf|VHwwM;m&y+RFqZRpK`(X|gNu|RM z^Jlji<>a1S4#3;dIR#$AqdZhgiFpj9tFgTQP4S2Or}*nv>p##U3mB<93N9qEPDt;< zBK7H06Q$8Oyh@rBia*cWt??SxL}S|tcWa8uL04p zp_Bf}>;4TDe^ zNz4s;bY_IgvGb-@Qh^ zsXz#jN2%Ulx*q=+1H;JupHFO- zEoDxVnQBR9^BdgD3|gYfGM&c=y}YG($4Os_ndko{usVo1eJPj29k1FwLd0&8=^eOt~UO!EBa;G~!w*+g2bfT9izF`t)VhNheM?;RJ$R zGp19*rED0+4-2b|kE&;-O^=|V=-1wg#&=T>#aCu%JbtjNx*(YMfj|$I>2=R}C(CH4 zD1OH(6-yRg5`pTribgFVhJcFw*iK#q{%Z7?9=j19rfX?xdnuout^lgOUJP(-G@9hq z;~TRoEbFBVQ|^@~%o}S!BbgMp8(caoqQH*x!>~>jf#H$!OC5<6z(GE^e z{nyo1fC_RqOL+H+A`YF3<*>Dz6P`}=IP_c<=`JlS@6AyQk^U z$lyvJq_>w-WP?&9f!(_AkbcA!qnYxlQW-cLv)dKH$`!7%s@gj-HFw7yl)$edZgy36 z;wWucEVzq4fim$6;!h^F_-es)V5k08%SBSaPhoX@!Yav zNNu$vvBY6@tSk9Z|J9AGkML6Uxx||QVA;qx!ZO~*uTbgP^q^Vvmh{q^x=SMSFu%I9 z&uy6QC2JK!!rTTaXo4A`F)9RnnK!iMKF}57WJ#};{n7o2Ot~eBvvVp*K7(tZ^aTrN zIkc5ilz|~<5QmX_;E2DtgcMjlW?`>%{I-`t5ift?8wAXa_U8 z*`^$(mET#FposH}2Hk559e`3P;m*h`7_4-tS$Qp*;HK-<5TvHt3TT|ATL$b{`W&A( zlgfRIEUjW3JT*}z7QR+!YO2Q|nj(a?fd~R8mTH{)DdIwd1mlrC@dA<{l-03}z*!zrF8PLdnEw}RLKy};(f&TQV-WRKaIY;A?O8Jyg^lf3bM%cGl5imi^ zx=B*Gc?)xbbqeyuY9E)TxEK;mc2_ekn-Q{{w4S?E&z}Rnn!xQ~5!xF8g*owz$`C|V z-_{Db`W46E`R4N@{|6j6S;N*bMIJV2PgtE$8NLy*J315y^D$!qE#jO+yRk6-ZBDDA z7Bp%s*$6u2O0d(_S)Z5TyVBgK_f^I~xRmxHBL}$?7IlAIoJ*(>CZ0u?Vu?z1*88}S zf5$N){kvmAM#y>3_WQ%nnAbo45R5sZzIlrr2>|=iZU5smB;E&4wlX8zxLNH!wMwZ80M3Uqy zC%gD;Wz(F8fSk8d!notRDISB( z&`MUUcD$XptE+w+dh4&?vK2b{-C*#q^FK7O-~&|UvGnG+kVm9w}5s`rK%46k}AH^am zD__`b5Q;r%a{iK%%+Y}eodg`Pz0zq3KEv~#4YaiKSvo?R*ty6iYgBDrGE!8zytJME zKp)K92KRfs$`tTq&8?8&W_L^|i6;I4kH}OHpX8QTz)T8EC~iP@3LU1tM~3vpKj4{^ z(xJ6QXY?pQgHoe~*?7Jc62j3!d2*X;w@dN@Xt2z5e!fC2a{HO{ChA@WS$D`p$-Aui4y6r9 zP?Zo38SHi)`8Wd1784Y*bEB>CX*rHDo0RA|_6*z>K&&JqBZ4=fOe8f9ShR`~BSGP# z(SifB^PdwFv%b@Bm4FnkODS4p{?GW4od4xVg8G{uiAWwW@KHmY%Y5JlGXlI&{%m~- znoLoKROUOB4-5=SKp^&LStG1~Xebfzb0B%N`Y^Z0afJOewD34fPPAvOWn1X&H1#eI zAtz2Pk%`tmZQBYgF4R=xaWitFW?HS^HiAdNE6bcdlFvPI*d$zc5Kh1|Er{D)G;C9> z#_vBYfk}@8bZJtQhN0Z1P!5PApc@EblGc`P->fe=n4VPRIgo#giOY7TaZ%5)l`NNk zimiG_C;1x&YSL^XH$r@q6`~Y2BnwS;P?<(_f(r+c99jOX7E{X}$AtZ&oh_?^Zo11G z2m~Sp=S22cSbbK;ZlZFe5SUBM6J;2- z!rM-~d6Scd$?FmfR6prRowFpCca=+e0`vKLCzni4rs>AERlKO`z?<658hL;oC4b?F zFWzi!Zs;&|Z_5xdcB`-@O)E1eUc0#!dEIe>Y`W>w0T)NWciqy^248L9iGYUm?2Dv( zlI`~+IYxxAoh;fOT0xdxbg+LBxXH^I&l)%TE_AOf5N`Q^BA3oqN%k=VtVrQ$+P%6RPb6wsvqb*xUS|*Ag4I=Zv*Ure zTy3G&mB{QLKPf}wziK_84agIy_Wjve$cXx^xDD+Qv&)Mxh_q*Tt?tlL=?%4PL7$bwVNY=_+FUef% zopV0Vlg4`1X8rl#MR1z$Yo+_i@wXj53^@c*;)aIBJ~bNUOfB2(cY#>2B%s51&wpJ3 zn{QV@{^76kMO3M;CdpLdntQ#dC6USTJ>;(Z`b!$*AZ}?FSz4a)$o$YT={GwD%LNg# z#D6V@p(lpRyfHNiFgQ|)ohkGGweTXcp{zhX!+W}nK9S(}KLGdyKekfqus@Og0`a^v z)_hv=!tppyHvI=4KOp?CkN(_YuNAKJZSSvKZ=aqc;8FSgoBPyBd(psM6J3ih*f5B| ziB(4arHd_Ya;kon2K6<^jCLv2`(ECBK5muMz=Ow+xOOcX+o}EBGn~?x41a&2&f}XS znSxlHJaxHkh6gtM1Fy$O{F_(n(#Ggi0Z*a%243DSN&z5_LLbwGGF$N1>d}?80}Pj! zDf{`(Y({t|@OC_9Wu#$xP3Z!2Ts5}+XJBxA8$SMBtMeAHAtTL~LP zX2vX~#A0WP|Aob8^AA9*{iF1BN6;bhI{F zf$F~Rvj!y=jtw!ZAfDa6o$rAZ#|Ak5DSQ;=KkqAi+1dH_N{#sKaeVNi&Lf}|AN>FE zH~gOam;QhBn*aLW$kM)_9z^~)O=$jkn!x8JQsyO4hWRE=1z@+gBG$pDz>*uET|7e$ zJhsx)scVWTHsaMrtrT-K)IQ@OaC4~ev)jsD4*G;h@Q1+G!uDJeL5_Ic4HHKUc+5K1 z&Kbt7f=({9`!HL6_<-Y;E$_KSGjUG)*sEPx+bR%XKu1Truk&G;OuM2o6OMW$FKgbI zm|n0s*g#!7jRrE&ZBt6cTg+e0_LX1<5NrW@{#5T5P`@Q!UoU>Zq@Tt!p7vP3FhI%vOx0x1m;my4C9!T^mPgYa9@GiI5R;BJGY=Y}_(Q*Gh={v@BUmk6l)T*#cugUs% zt7SOz(;l0W)yTRY0+sjS1@3vcuv(A70Xv#(!qANLUKg`X->I!wKo_au=t~Ms*>r|q z>1V`cPJ85+37E;qUaL%qWhhZ3bEug(h2IB)I<(JubL1b%G*Q2qWlch z?cn;$ij0|fARgsQYsA|p$f;|1^7Z@ef}}un>aro6gj9n9!allF{yg;`IYrcZhm*hY zuP`J~t(|#fV}f?C4EH<5$n~3>o~wMe)K;3Rfe&#yzxhA}&&opDV3O^Au#w)6FAAvb z$TK39PPw~ox;rRM9a?vb#lB9&i-g3(1Ddekl|i`Ec~U|um7m0LCm?t0E|QLYq1W;? zZ#WOj!Y;_*7f?AYjVVSEk8P`G$1oNf2IYF(n_AZvD*!8+9zU15JGCrwsP#fSlRR;VoMn`W6xX8pjf{sqTM^Bu>k_&>q1;;hPQ6+1?zB^IH#{RQiXhMss8 zSO66bnDpDTN15gNUy{9D7j8iIa8k?rLV((dckfOSwWv*RoiDMNRna8&oM9-m5OPSO z1N+lFcC45>t5ZQviFLwkLf3KRkq}~Q|9t;cddTE#`6|rVO?>ol-0sX?#=U*(Km(Wz zOIDi&DI53mHSxu6(`?vsjW3@p@4v|2j3esu{urPh--K*AF?8$~TE;6sQp*+&Qi|8u zyL#}|4Lf>oIU=Gx`ux1D8s3P{`0<;RNkn&>9KSUvdmTf1kO^tPdc@>SWLSC;4+ibI z{(-`y7C)E|yMRymYvJ?l-k;k1J9lI_0w!cP<9NEfhn_I3qXrI-eWM1QsJ^R2W|v6c zFBzxnSmrxd%($bo6}7mZaDlh&+pB-QOfF*3w657^{m&r+k1T>hVu{YmvJ#=vL_R5i;>sOZm8R!^y`EUto0m{T%+XrxhHXUvH1mOK#-78+M1n4B7@pz z?}P|G*T@6@d;~b!0|aVaQFDz3)gxy76-#DFGXYrQ>Ekx@F{KWR7zc1+AZpzs)1zU$9s49#0U& zY{u-^HoJ~UV?el({y$@<)X{X)hlr@6&l49`2A1yaSuY2NK5Zd;7|q1;>)E3evf)(H z(tt%i-Uy#-R5sg`Zxq^N6MXr(K;v-1^m`VC$`86iZH61|aFk(T2>CvQ{1P6U@rL&| z0s=qO^DyKsj+MwVMJ`CRd8`nO(;~kBC%ZxLP$gx$N3j$a)s%Sh~k}?31aOz6<*jtS)_bR;LX|FHevB_cx{>R((s%atI`{| zW9dhOY=tLR4H6jXUokRTgu=VbK1ccBz_kilW}@FX&jiE>kUz`)Jig%8ye51z9}oE# zH4CeqI_YA97ny5S(c;h(0WfLd~|i#>OgKhTX!ZTzd>HD zpTzmBOi`Q}%2=|JX%uah=e5+0@oY%{kX$)BiUpN4dPFw7bDj-+e%|7@P2>A~zKO8; zB&t8L99F&X`vIk+_7^b2crQLF_C7~#9s4EC;h@4{`*qM4t{XEnt2UF9H;6uK->vuX zYfC{iQQY`G?6S{t_3|2{wT9Eurc+wBlRd4-ysq@8SqX)iF;S-v?_MmHuW(Nl;R*J> zk2-eclljC!Chi)*X7Iy^pwkKAJudUN?5iWnuyWfXhr1tcGA(ZP&o$VU=VZ{88rFU5O>R}A_o_T*C zwY6d#FsH@pwsNUa^}`6FA1jxTHp6z$hQ0niD!^Lc0MCjK7t9mccd!0o#E+%#jeozA z^xub_i{TS-Gr_$A2@$I>irF2W|~wFAg-*m zXb(RDCUXsjKCt{(f;*jg9vWJzgVdb!p~hk9LAp5K(}4QW6XUK*-M0glxEHlVJ~*Eo z3r(xox;i%Y>DajSKaO>3jYxC+!EPfp+g$^c`^O28Itb!h1$~ozRuFDBAw6J9Z*4U(Fm1Uu)-&P*_>z z#E6QAgrQ>?Q30~_9^1yb)?S%D=Nr4oX{b=3#em1{>gK>hr`KbXffHW|VDk2!w^Mr$ zdGZ3K=oA*OmMJ28gjbWIU|cu95;!3mZdt48 z0jF>6sBl(O=h|tw0e1W7phxZNGd8Qll|GAZyFz0k-x$-s@u}Z7vMLw3ez-2|L?~jp zc|Udi_tAb)cl0Pto_BVtIBqj?sD9}A6!wO}lirW+71UTON22vXN%rZ4LNiz7tKSAU zn9R&DoNTq~>3Tjwjz&uow)y_|jf;lPoi1*#_I^C75L@x`neYsa=_&`^@U2eF+RdqZ z2g5nAH}2;FWyM-Pb>JiOP8T;s{qHZ=1~_~r$n-l+r>{zz@BMUCu}frI{(`Q)Rg!r+ zxG>vy<5{2c7ycf%%SpVzS|3A@m}ACdz?zA)b#PIhm#d_dgG7tIJwDL&_*1M0eOcsg z!GCf7mJjM(}!V)itLu!L+FZcn zIDH7$@hF8l>(EDt&S>tn#$@G{81;}vGb`$ z>IpiFAyWPHByNBk?E}mBVHb&uTv`UHD%}IVyUcPf;$9-)@n$ogF<|_e_$0W3J zD>RJ*`;}m5w=Qz*`%bJL3wo@x>gn;Mj*VmRkL@s0%_MDlTufmrHBa?l<&~bE7Rxkc zur!`;X_d}DcFNc|$F6R->ThunCJ+^V1`Xi7P z?`BB-%Zw@f6o<}7WF=H630DE53GhUJ@W;H{P0i$=s*St2Z8nJoIvf&6jVT_+DB;#? zvjC3*$pA3ao>i(;R{KDred;xzMZ;T-#!Ag@!xoNmAL=?xRF5WI#<%#<#~V;g=D3SJ zzd)BS^w6*=dw8y2pyeZvRM~x;Kv&2cBl~oF?sca**;;!&==2D?5wX3zQqs<_Jw z(fy|R7h7_5Gd5CcZq2e`(;8Naf zISo0X)&ESdbpD@urLOy_RhOhT%_2*i7T&$B=a@CzrP;p6|i)inQ0-_E~jB=xjm zGBsp*!4pqXUK8$C7nGBi@5q)DDe}O>93^+D`Z;-L5UD&Vx6Go{5XPAMtU(_q@F!b$gST;BJujrMT2 z$f~OcurBSN-v&7Ad9Zn@SITk3pf98t|&_InJ?M5ZX~rPF|b*db!1ydpyK4E#+f;VqH4q5@{-& zOJ(Ju%<{_%{cxCZ!JA4-$v6e|Qiv(?23slY_%z8t>LHeYuuo30n6jiZ$kVirK8nAE zB2i)Ij4)8={g+uyVM9{EZ4K0md@p=NxaWhmqM2M!rF^To8B?Z|?qOEu)O64`zToQn zV!A*e<|c_0e2tzfzIM<0CwJxaxz}-a4_{&Pt&;B#kM_@EzMnnTSAvN4KPLOrtv$5q zAo^%#7wD8+(E|WT-b`Yen#yr)AY8#|WE*;ob*E3-wIZrERcR-n);Ts&{)5{VDTZ9* zSeYj*b7AbCq^~BQxR{^lnd`6X;pBQg@{3V`c%@ljtF3Z}+J36x=;gxSt2CdT6{MfC z*ikSlVq6Vp>Th-6Kvy~F%(3lJtAk|z-4JIT&Xuk~E7s>Z95&D3l_6WA?}pf%Ob5SJ zE>=4HUNgg~6*Df+qlW&HI3yX1&Cr`~MU$uE!Q?G1?Y2m=Z3Tnj z_3epZ#T#pV$%DgnW|mPZAzumn>g*4Y5slcgHK7vWX)jho76>- zXjVfmIJ&pDHR?iJ95+tJNW)xTFXmzVRE16NyxGf`=GxTR;fN6 z9xz7kcY=FAe9Pao&YsRLvOQ=(R;q6mLI>axq*S(q!|e1k_S$d~Y)PTq!e7)aP^HtR zdbTM26s7Q(?Bpd^!|-8O!x0P>;$Bihb=QlK*J$~McKNpxyE?TA3ul{cAI5#qi1PRE z#O_zb6(qOGGl?2-(Nv%g!SlZ9`33I_;QEKr1~vr_b+m&5Y0<8Xuhun2UAcEXfmm$c zORpw62nzjv+4w3=QDM__>muogQCaJ@;V-N2FZ6ktL;Z!eotCN2fR$8dl2BhagvTbX zR=is*6P<;QwvBewu!z9l3zBa==x7P1s|2Ggz+IDgaWPh&567Z_jPTbvx(N%?D2 zVd0(rol!xvULQcJIlLA^PzW|`gd+upluUPDWg;30X=LwS@4RtE7Z|X{A5k8|J_b{y3 zU|5a069*f(>vo@Uow!uy(%AgkSAtsEWzE!NWmITXj5^&SvpI?3vI=`z3>)=Q464MI z1dPsa#SR8)oCH|P%G`*xuLT-A43FAD>^So`8SOu*)0Er8F@kn*Zwm5*J&lJR3^~XG zu#V%A`fKh}eLOA6VcZ~UbHbE^(|A$fxqHzO7eu8i;Z!Nif2%$hZpB-zPWo}d*SvsYBf>|Se)H;QZ`i_|+JRauKH@F8kw$AXNoom_*Stz` ziV_dXwxqi3=ByNeENyuZ73*)94#qylNfiW2zzT{LF=HW>za4^)=e9rUT#S1wY}Mzq z>7g$wcZ{F6BAy}rZV3?~fHF_3%et&!9R8OK_ zL`t@uBbL>f&FlC$rYcN$DJ3FARP8q@yomZf-2enWWt-xZa+j z!#H>{fy&@4n5rH%#qya3<4aOXA*~sW{OI##p)|#61bPO)gFK~b6NPQQDUPl(9KT@C zh5FpmJMFqW+#mzADAjNgf=-iyIkJj;7|{=_0R@C&KE*yh^zCtI+AVk0YE5S`O4}&jF=aO8VZ(t|VBDG@FD^g)a z-!e0tE?Jok-D*Ak0+(0epj?rmM|o<$MzU{qV)N{S?f%H+x}AKxp<$Up8qB6)C(A?} zyMDSG`B$H9CM>>cS*u&(1vgHx6C*5|SPZ*-^RQ4MSBHcghOr4A_1KEh4j1wTc@_kd z8Z)}N-IFRCD((96s1uX5d>T@4=Bt-BbvsipMrkLpi-ZJS(M?$=RkBHoXE+(m$n^=X zj1+qNR$PtewLz`62)hZ0nsrrkSi2n2)jXy#;cR={Rx`@jqs#+wsbh4qT{*TthD2@T zc;{qUsEgnEaO(5H4Spc}u%w#FwcjOQ8{?|h6oV=D;~3sZEb3Q1t^(M8!l97!yxsOv zy}DT%crBf|rJlodZL$G3t*3|tupW!gwwTce6uKRS^nCJ$hx}#=f{O%%h9ip>ojFJI zCu~raPoUQf3q^Hv)G%fS51KCsMmdCfZ< zarSZ-H--^rMeI{I6;8xPa(_qWm>>!F@93Z)0!hm%U1^0z}zNEE$8D)ShIWq1|0~$Al{# zaAC!Ma3)tI3WhXkQV2_V5zLq!n~!lO&HRuhCIIe56AI21>E=WSjfE;cBAVQ@GjNV- z3t7vloXUk*upjnO7s3T~XHswN7{y{py!thE&8v;)>>(eE*XbQ!WdX*L(>9VE+8BLU zCCb8rY(w4!X5g_I%FbCqUd!qU0t!sYOG{v50YG6(P18Swb;eKZmaA=z;~=D$7xV#L zVLH4@!yEi-^&u;H|A>1n)LBEdRid~zdCQd2sP{wSv!k_AE4B~BVYllAX1TZJ6-Qdz zR%*2YqLjKrfDCDLww&i7RiHBAfNzxv`(kkwq(f4G)n)_Yw% zwL07HFZ#SJBL{kJ<9U0rFvdJnuY`P5aJ${rf?_V;7DQjg6a+HJZ9kERf-ScI3AwZ& zavC?RqBOGKzOhx1`;cMjBjMyq68L!KxgopiukQ=>Ronzl(<1X}tP7?oMNuBOLwEL6 z4SS3wb%}w$#?r*1V3krAnQfH3EEOf$ToHZX0i!S@1m*wRHGx0UFnDs9NW+gqRr+C} zdbB`*@kv8xq#aNY0x@QmW76L|6r9`?Y7XIGH2?&q>qkgA8O3)!L$yJ{OUrV~Rufb6 zP!y+t25lNwa_?(Zp76d%xg!TXcH2$%ypqrWQhi}?YbBA7yB>xKXV99T#A|~J54WRp zd8aie&gFi#G9f(0cU+mLLE$$zI9yikY6k+q(6)4IKne(n^3ayRDL)G3#7cNDn&MXj zosn%+vjcB8X|Y!=(1LPMo3BfQ9<{mws@6RiRIOVjTU0fQUH3yHGt*c+)a{Hafolk6 zXqL!;B17q$itLbgyl;7GgsZAHJzH>PZHinw34}gL>kM3rQ4g|wbM^B|t&-pkEOxOh z6N>!zBa`WCO$oVLPuvHj=J!louJ zI!}<~`h3-={arox!{DYSS@Ug%E1FgvI=V%B03nxvT8B2+Cas$4XXpln=8d|2SpI@JE?ny*9zA;-{Mjp9_$xeEYFC38N z{iSo+k&zJb_`zf2hq*q|v!OdK*$|kMP=i6s1%+YL`_mq~K}o}V3!xC1Tynch2WF;- z*taPV!+dsy=rUV;R=Ruvh0KNnJ*5&a!&nuYYq?N0O5;u<;>p#5FDY#ek2FT0Dtc^; zc%8G<#CP`^WbakjtY96$9&@9du*_}9{03nNDRU@w(Y#&CH;d$@o+*{UiXch@cN|U( zwh`xm;T~tC=9$s}4Hu}gbtjL_K_l`*tm6F%`KWbOrL$_Qsby$0aLvn$?)|cy20cJS zx+_sySSd*=KQ9{gAs!tLVMUsuj$oWmBi1yU%+NaGJhvES?X_nbNI(Mfk5%JK5`8lJ z+>4Kl6i}%|@S>z5lS@R;;bm+~hK^l|MRy80NU67pTE&{*b(<;SODE0UP1nF3pEWae zokC9xyTeGbP)_w|3;4Jy>qMg@rYeQmunJhLZBcNlqUU88?Wmp5yZsOoa%Kn-sGQ5(irBqDn$pm{k8)SCFIXZPheiw5*nQaITd zZJ1TBKapwn9##HaWy5g8U}C%&S6SKJN0q&-lm*@v8DMLd(lJY;p0i0)wsD|Vi3H=F z6LYjr^=mdMQNa_9-aRV$6Pj4KlSo*1eS*yFid$+usvbQnHK`q8KTJ3(P7cevOL%`g zY3;zkj1wbhvC{U@O~~ARgGJix=(@vRN0Hhsg3|R}KvDKlp_Q%En0dp=-d|xcUl}QWE$}nQ;5C9T~Ii z;XjoA1B%GM?NJZ!3Z!8zv{>!VVK8Wo;PD;PtWAf#saaX(k@E=KI7mg*)M}(47D#uB z#z9xYaq|2kv%6zvx$LEB*Qa^)gx8gCR|#TCXqc5NR!X>rg!i+bCHEm-pkn69veQ}d zF`nC;}xi%^nBNlCE8K!Uybd{IQR^?@DhBvAS ztWK{1Cygy}!<W{8f)3qYoHIt)<9Vyh^I3Txk2SfV!LL_PHoX z;CTIM7uJso;_U0|*L9cJ+>VuL;#It-tPZI)fJK&)V{xm{u?sdo2eZO$aHgMe@)43) z4mLa1_RxU~V+cFR*zGvdOTltUD@FJ?z_>9wfWjv~4>}&jf1M^F$;Dkp#9%c3M7kCKvkpiTe;1ZEdztc6HYgIO|gt~p|2;De_fyC9ht<^>fAPRqW}+y zK*ciQ^c{JeVxm-sbRU|5K%3l^#{>@v2(GrbdL;6V_#&bT1cT;PdAQS86u5N0kQYv< zy+1P@Y_q!CPN}NGqMjTy$-0j1wFly|r_LjMQ>-HmqqJK{vuoeg<)?=Y^_(ht^zxSc zVpL=}Dt)z8%OIxA7RpwQ%j#EJXYtM8S~NUSVs=eOSKwUnNOc$tFMSNCR0Pozj-*c+ z23i#v`0DctZ3mCXJ_7B{+#B3}Wo_F+Z#rgU)-3E(+kGY>zi|TvlCL-&6p=a=+q`N4 z?&GCG)5O?2NYK8fP|d7O33|{bED^bVf~v})x<#6<(_e*C99COf=%T6R(l17MQS7mH zGp=khz*?%#bOdN2EFKJ)VYQJ))XIi;(a~L>l3(2IUy|AOb&;?r&Fs)7=T)1h)6}cw zwuqA5H51K_jELIpUB7m_%n-5pY=yHA!&tJ*?F#|1xT=nQoG3&C#qv`(DvV)qqOLbl z(N=dpbM(bMeeh9%q1A)-M(8{B4^`#vB}KWf(kJTM;bpU~C_iF(r3ddzODoBks85(} zmY`g4Oi}n?GL!vCdnE}8uL~n%fX<_Kh5-Z}(L@UAEXsD1w*pg0l$q^7L??kLhN2&t zp;PO4!F@Vi2{ayF(IW`)yACIPGE|T3KNtBaWNX*#gXrasSp;HR8x)MI5^>JjiLN?c zz4qV5eQx(LwtV(rUu~tDd{HKrS`>MNPzx-9IincyK_$xXQb3WaF-mpjTAr0KBuWCJ1h)4=`A8c#1<%Es+Aaw-&OSSTQ_K(4ggVu_o4 z#22I}`|KA))V^k>8Mi?fdyPSnQl*dk0}C!sv(nvOm>u-^67C{E-m=)%vJ%L-T^_d9nPmgPK0$zJ@JIeKpF>`yIiELigWw$E+Owp(?p?i zu#JPuELX|MhOa%=Ji9QyAmZh=k5!v8g$IN}6vQ$wS#&65yB!?l$D?_I6|wcazmTe4 z;Q#Vdn*1ON$vRbBT1C~hX5j`Pl~oJRxUuWf(Cfrxn6K!FqtUIx=+-_i!irLe6{mDl z?w?R_zQYZHY}y)qwemv^M!D<)yHa9ub}O>9BZ3WY)~_43A9;Qp$g5&~@TpQ}R;tHx zV$>%)YS9{_HL9hazA7bzjTc!$g~ukN!eg@X9LPU{&ybsU)$bt4Y`QU}tvKJ&WZO~J zEGu;LBcA|R^aG>J0rvxHEVE;%uBBE4O#Q1wvE_#_nv*CXb2 zj9y&0PkvaaT3vUpviE9R$lIBoi4>|EDistH z_${7m;eN`DPe18?4jsI1O_^+mcki?%AU60c{sp;!Anl(`0TSsw0W*RtPw`IU?@Zc+ z-=hBb`GuocA^mg`;Mtb^EXQiyD=$ywHnSc5r1s*oy41TqoEC*pT;F?g%`()N8(!>W&3%@4fS}9T1Yqq;4LE0=m5m4og{io^m>@vC()f`< zPF~x1ziX!#-45og1646x71zRZ(~}cOz>Rk1Z1UEEhUR8FA2D?CeQTXV%qGk2q47?f zB80{TSKYkX81KZs{X8%%fV{5KhNTdcUKV)x&r9?_{JQ!V^(h!KxiWVBD?tw58^{cx zJFpW*hBj|`@|15~f&XQR-%S}>}Pk=jUU|M29^k2bXGM#P-++e6L40Qg8W`66`8 zDbx8pP72iB^5S;zROUvS`&fT!C&4c{zy6yA9IXFNaSw?UJ+t7dtDRhU$Ri!$bA!sJ zUq40v#x?P`?VbNDin(I(+mC6k1_MgeQbY31MYFHy@dE@}OytSy*;lqj0*f`+7>_8# z!&2ET=8}rFdGvEANVLM9R)W2H{*mJ>{a}x%AW8wV>+k+f5Vh=63}W=h|F6q-evwL1 z-@*C4w5}Wxwy;t<=Hz0I^rr7%6bm1NF~%4kz8fyp<01iiKa1Xz4lh_m8%)3Q=BXB5 zsvpp(lgMHtv(Vspa6x62n#6Z2CQv-OnTq~}6sAWsrlRF;;(n3^s;nP7CQuq*fH;Q@ zaZwDr<5gDW!a_PY@i9?BHtUYcR*NxLWpYH!6KLyjqnQ!XD1NA)br>X({}vk~0O<*~ zlp=N4527IEzyr!>9XcqFpK(Eo!WId|Y_0nv4O6+Un+!pmm=IofVO6h2{j%&ShKG+T z2JJhs6^hl;!VTzQ@S-9cp-WZ*|MN0&$kh7eUE@8+&geH48fNNt$%j}}STHk0*0nA1 zsr|ZT^0_s(ptoEJt)tS~Z`+F)FT7mdh?<*&?L8QwX*-q#YOEJQihLKq_MfCEVt-v$ zJ7$R-7Z>rM4MFk>q37n?lX^Y_C&{jZCJ89p%$r+dX6D18-JRMHlQRW$(@YR&H680w zO29Gkd23WYK5~(Ph)nY5B&+O99JtA&DZEhQ0V5^xVWkZr}@J8hn7-EBJf^% z`VboWa(Ec{VQJnDNCffUthBUj(!9@F^$G=rhP*2i7c+(H9`gbEKSXJe3x9x`pFFSi zoa=v8aD>5D%|D)0D@oqTW`I7AH#+2MEG8EXRyotHocB|Y-Xo{fT}-ZBteINHlO(Zn zAtJz#F2g!@^e_|y3M8SFtF<#nPetZew4k=zSM9-5iIty^F(t`D3)4*6ok{yy4bzp6 zvC1GR0E(~B^Dbo&O*XZZF()^IZ}4c8W^h`oKr1Pp6;#Nj`ECkvj;8Q9uKJw74JXbJ z;kzQVq^?)2U0RsMZCJO#QKjTJqo}> zdRwIG08~PM#I}kui%+8>pi8p?RSYqvFm6{c$eQN0q0tmY#meE%xY|THn@ChDM$U2N z)Hs}UyaRSeQLID(01~dma2bbJpz@O#;f(r~^cxEfJYNaSWtaNeLkkX#)Qec7lQJiR zm(n=LfcLZPoq@&E6u)1?gySy>$}s7f%}QIH!Z{lJK9A3MbZ zfnL5k@m~%fcA&2)C10_R+7`2=FvOr1dTL90SolPCbnyvar$#)!6t}=! zTPyy)DT}daq3D;OTPUX#k-RVAzKS1Dhc4wCve%q(!WQ_@dbI7`&o4t8Rtxv|1jy(I z8TPJ{`S$BA7=vGziM+VQ_@Zq_M$~EF`741|e^!u!dE$@uQ??mawOQ7T@Q$dQkTJ@h5gdBpL-Ns%BBv+)w+_Gp}3oz;7c#Ab;_ReOp5pk z9d7lUA=-*i%o%NBLatf$>--|Dz>;BPrI~|<8xRTAzoX+?#!^jgz!p_D9pYdhG)k?! z=p!vg!^xPF!mFNRU*t>T<>3l=5+1Pn5RWX`tIfWsU-T2_Un4ilLK_wk=}bJ)LiyBa zBsYe=5?48?+{fSOrw(^fcmpYPn76F*8l6KzTZ36B^o#IyZ$Ir!KlUhm>+dfPaWzW% zniv7SE!6pf&35vXA@CX4N=sVDLL z8HvFKeZgafgwitBo&gHNPgV@q{QJ1uMBk>6NDq+el^T_83K%Toh4%(9U9ws!q*-~3 zT!M4(g415C7|i(Uw#oC{0+d0~oic;s{9y$h5N~UE!a`0+Dru<<|5`y;%%>!2t^r&E zNoiS+8Xo2h`P5I1W(l25?Wkts_vHbDt|j~Fy;@cAy^u_>({}8xy^n)(Or$D(o(L=V zMK0|SQ)0Z-avlUJyicSOam-!kX8hGnQuJdNkNDFXUFvRbug-BY7+#nSFxB@ZHt;}% z?^NV27ourUgYj1+Is7*1Z4`z@Xw=UFp*%<6qv5hu8bp+0 zr4PPx9v?J>e##?F6Xh8#6aV(V4dZ5z)$lN}CJ?tj&#!{!`%U9 z<^`S=4;`lheaiOfC9!X^3&R~d&2GER8P`CYt|`_4*YkYsFMMtzuNBGfj~Ensh&j(d z`YYR`QTEE9XQB5mO|+zHoleEosC zXN|hiH9(_?maAFs5xkU75LM{woeeRpf8bp5fX9D1!fsXgf(_JvCGRUi!kfXJS1#o` z()lA8J}3TMu7=dkZdqMdFUaHJ@m!fDg9+*2zKngIZ3fwhg3^coeJl8r$GyASp+0*M zZl-yOKUklKt8dy=Zfw%pjtPN~yQgiXc)&PCz(pJKNJ#Ia(z(3VmTIF)P461PzpJ|c zG~?eng!|Jnh#QQEq%7=c2P*LeMIHpdn1mdf0Jsl~J~_A+0rpXtoyfXpy*ql0SQ^IV z=HxTx4NiK?YO-OLK5nUy?H;FEwP;-}fZJP*2sNDkMO+sQ>p>MrhN`z{7JA!4wvrEr zx6wfQeQ_j3P*x}k-TH?1i~DQd&rxU!odqtC0kw2IPNTeioheU|Q`}7s;^E2(@QVFd zCA8QtSrMUBiW+4Bid_W088U6jLS6&$Ki+bujh{rsQalX{RTdurOW3_ERVz{`HiAqW zkhxwaUq)FE7L!I6>suQ_r-u8jxcspF@1lJ5al7gC%pC(}5hxs-G+P8BanvL__R;MSyyO z97f11gqWUug8E+39>nb?z!>b{`C@k*IE4;@0jGL@lxPo&ICe05EPWOEV#C(Rp%Em{yf5|q zC8e9rr!7tZb!c0vqc{X>;1D*RRP$KB8*1w_Q7O}Zcib+%K8PNsf22p$2k8iOUg^t+ z3<7Zhd6zd%2AZC<^*Hi1pnP5k>8I6Eupt;XHqKJ2s;Rk?tJTJQl{Ug6R3=$y!FwP^ z{JmxB*wof^OJ(vA#hu0N>b~aiYaa(VJLb_}a0i){;;L3X%p#SY7?5y)S;1Rd3FUxV z8pZHZ^_1Jd16)!clF%#NAU>0?zE`tGjDrCUqOFjOA#3oV@sY%fW~V^+%g ziM@F0nsL->Baa+V``5M9&m%WeDw6h)4&aMx<1M1lR|jShh?oAmKd$0sr=+ zuLSq_Me2{zSyrB!Psm!Gll$*fsZ*Re`;sll+JclfNc*Y(e4r`&mK zR|vtao4@^CbF@FX4*~+2j7a-{)jMrp35W~oEm-#}o?W1s$leYVSIHa%nSCV)cAF6( z^QLB5<5IznCHN(LiTLvW1Gh>*z#tyx#kszmTM#6cnG_YJgg+COK#?jq`8j;GBAB0M zW8hxahPTrs3iT}XDqWx_-QWWILv1l|3THKMAXV$=w& z1#-4_AO28$^5YlVCMoMmWA;<|>f_8G&8!4J+5V5YE0tL929BJ!jupnX23$Oo$W`n! zW#SpVt!)5EvbNr;(g_cfl?rq~&>*hI@Dr)Zhz-BRlk&dw@mwuDMz=ArS6vSKO(Us; ziya3v*i6pbs*kfdtfuc^WBp>_6xGAUcih?{rE+hMklP&M9_agml%E7#OA89 z&L99P0OXw*jA#q`+?`(_|2{F{ZPsL}FNESzp17^xod@y&A|$&tG&q<$5v z`hYgO<{zdV{kQ?4>G zkzAn|UB~W^qy>S!PmY`GBK&%-=i&AK&a+GNm$@18cOp6-|Ji(_ zS+AD(8^PO<{|n^J@R`li&m$d|&b=m|c2e4(Ix)#LT(ix7@h@kz{>>Q)seaT(q?GcW z@|`~TOpvAa7ti%`=l>jqAKr@pP4?!W*MV>2)m~{+`R@JVo7KM%#c}78;bByqi%(AoM2a&G?{A8wkelBr?M$>J;Zd_l*Ody`qHm5U@t?;V4jJ^L*O))51}oydir zpsoTxdw3SNki5pUd}irFAz$d?wDSma<#bZb6G)}39_@Nf?{tj?Hmva#p3kp%0p^Uf z@d*TU)IQCvnA$TM8IRE8p=Zo*9`<)MC~+vATnRmdXgQWmQIBg!C9C)I)Kq1pjJ20! z^|o+UG=({e3%&zSRdn64gVro`i>;?bKzRg5h0}{gfQ3|wviNF`{IImWLboGsYazTE zwW|)JgE}~?+`;kMc2M9hs!4YZ`Y5Nk;n`3>P^+8WJU%zV4}p(OmjWnUbHOAP@G{ti`|IVAR<5X9kwvm z+V-P1kW;NI{KR-jjN7ncIa3vIrpDzpbp2*#gRD46*`c7791an%>>>q(4l)h&B>PaP zeSX&CkYHf66DEYTb#VS{8m=ntD~Ih$HTV%Sp&X!0xfzbWW)Rf4J7w- zd=(tJhI|D-QYA`?<69Y9@!h1}2=46owaD;9%VYMRMzHwo=9zcQ<_iS>ro)3a8_%WQpCp6>t7$NxJF8O(n(E`1a zI14%*Iaw(bw%i{Hj;{Fg32Ps^HS2ZWoKm@^)5LQp^T5X4L1inc9GQjdtS9N^t@WL1 zKP6_pZ&)~H?Ed{zlz%P--=O6q z>H4ro@K^UN_ZQc#lQeGBm@6tl zAo9qYY<_Arddv#NO1u2I_^see*Z#^2exI_gIqv`)p1MJql)+^6a6{&5@QUZQpkiqZ zK#z$8Yb*rDl7DHuY0+hJn=Tfn(mmkG4)Qk(u zyy#6PZv1uR@E2urEwr|7;*oh(O2x2I0xXX)(MfPU92c*7wdefTAC}XtGho-%nf_%r zOBkEdcp4eLVlmseNNs>Bl0{oxGbaFlWQ%l;nFb}zRviBO7oE`# z7p^KYDfJ?%s`lfAZzOj`Orb{-u(Rua5v)=>6G+8kSVNxVW?+Y|nmiHD$3^v{j8vb5 zUMs>1UWK(F4s7C^z$9&vX=yt=f~#%KH7b| z&-~Me{P)rBKRw!MP>^)RAZ=iT*JS4^z}=WaC6`{I23z9y1e*s$eELuRUvy+QX@RXt z{Q1FK|6OQA%SZZ~s85)vH>e&)AUeOS@d^Lf>m*nVMo6^a9~}>`M$vq&`uTke4b;MX1JA z!=!tvN~XnD?Kd(LPL`V>j*h#Wp27G>)DsS}ACnV*v*Dk17!C+x@iJbsZn+piHzb@s zHQyuSbJR8m-CCGV7gXLCp;MN#Hc_d=PdLx~{2z~gLX`ipFa2MmZv1UE#8e?m1oEOj zbPwkxUR;aqJEqHDA@l(4p#9QPd^zGr3_CH_T`dWmNjK6XAD)x9$cRE^%mhx^=Ma+` zX4Vrj^wuDMGtcl~1-p?`tjhj6hcI;|dlVjV!nT^NB;EG7zmGb4EcoZK{elHe{1Pp_ z8&16%d%XGm{Nir#?=X^#pI%1qBlLO;bmz-_{zXWSWFPWN>+ap}1Hsmb|H7%XemS(g zF@}6_+5$YkcQBB{V3ugTN~E}@pts^Kvcl%&ou+;oI)lf-wEhbR^Ix*+6CP;8_Aj7~ zj1={gV~!wy=VAX=$scb=690Yj@9PixV;SLX2MO6vLQmHQ@0O|w9t33{KlH9?!<10e_+y^~E{c-(2 zU&B@diXt!=kH@)91Ys{Wj=T{atiO_de`(&r0eU>>399f#oHcEZF?6IaN!uo~eCwi&dxgsD9h0!(dAynUYM8Y-d(&Z8y3YXVx->j%VVPD~9L)fJT&xytRabD#q?{Y=6ndbuUHl{fM z;#F5H>64Tq8XyV+zEC%Gq7G}84>@3-!&XMET< zeGb14+|u1O|5mjaI)QcA@N^T7%GdQ57O8rU$H)hk%x@Lr1FhKNS-(|qp2oT_2cHpYHKh&+-Zf4sFbIVY+tK(xz?$eVtRA$$H79hVl)}&hI*AufN6^kKSNaB zS@_u!T02~=5zlKqbaf7DH5eD0npF?TjiU;bT?<7O9uo7SrntKtiVp<~o+%YnIe~Az z*(PnQzO78*6hxnVp}cdz3Fw;51Rq|oGnS8ZJkN-0*;GxNbb={t5EjpbE|}iju8oed z<`C4?=Nc;iOhu7b;n!ef|Dr|-Q6K?{+w#fKtdJ_lRYxkf(qi4>m=OaDF}Yf`Zku;+ z<0?9mREzZT`l8%o#HJHL)?_k1L-mhi0cZ+EAPoI&%k{I=wrR^_i( zEo_Fka7TAbddBe!VBaQ{P_}L0d-N2m`lB-LY9?eUnOzXvilU_?M)x%_^!C-RvJC6V zy!k?+s1x&(Wo{T&zH=QkCX#VC4XCW1andrla4mJSYG-P8_DgT|{kWEdwHcSm9jr{mz| z1`q5u60DuB;wA*`^_v-+_DG*VKB~9@MlTH2Z9<80WP7=<)GTg>h)O*{j1bZ%KjuIx z!gAI;-O}3|syx6Kh1WJ&HTBDk?o`eVu7u_CmW;spoh2ZmvKJ&=x%BGwwm+$2m0{C1 z7oB5+SBC5DUQ!8G_4PuR7?-8=x;r{ol#7Bj9m;G&eBpgVq!u;i>j9(Dz}ZgOmZEhz z)Ap#*?r2GBM_Mr`6f&hzcF%guog&3sgi+*BPIF(hqP-nd=T>;d0@m4)+LzGP)zu-! z@_ANjYF}G@3KkmNhBvvfX>_fgR#IHvE(_mVy{0KE$pUJm3QRI0MgX2M;(mvIrYzI?gE*i}{4*!5i zk7nfK{KV1 z*)70)*}w;&Lm~`l_iG@=tMc9#k`XnWQjv8$m56@>(e2Y7hA504xJ^i1yI=6mFB5HW zjcBnXgxR${P8~8t)MAMdGBTu(i4mmq0K$SI9p|*S+5UZXNEH}EzO`AXnXLT@(&y7S z`-8BTpI;WheS1%JCO8@zDFQ&=E%3cAe-7uP75|fmdhg|6_pz)oE+WC+xVTc8YT7iS>vs!DP>OXnZV!QZ`4k2JKuJ|LeW;)S?w1sop48{2&S& zw)HK)Tg4Y}b?<&3ZFCa9dG^CpSn zDwlCTp#CF4G~#J!q}x;j1k+zIy0+)K2stEW{`Gn_V)JrGaV4p+z|h_)=UlOgAlo+>l-!{y54wE}F zY(89#`-syiRgu9ua*;zIt-89QnzITaE^(}E-AT#O{7>msSE;Tl`&x;)jCl9k5|fa= zI;`zSAJbcBy1_{Hsdk&=-l)%|HrNY)~h6FX%gDhB&Tj#>_7pNO!MZW7wYr*~* zog=)35(<1a!hkw*R-NuP37t~5mhb|~R$#FT;cYavZ16}0X zUcy~>t&{m_2?H4zXH?Ev2DNrF$>J~`NBjB}FUgXLgWN0wV=_y@N)ptj(f(H1UyEeez#r}OHX!7lD*K#mJsZ!PB1`A=XG(C^K zx!H)o{DM9A=HkK$P>RS(`c49UO?ASeWH-&Ephv~LCRA6oL`<7mEMrir`jdmBRby&> z(Gr77t-r8KZB6(z%+b|0cl?Li?M0c*9D--1pne&<2elSmuL>Dn{OsJ`l%&jp){7k%Ldd z(P4R{ZYtGa39X)(-?loa26+1y5}cW%+Ys;1<1^6$iYB^xN&Kj=$PuGBIvs_n#KpaZ z!1bpu>8{6}K}~=?D~KV4YHHNzR69Bz98zPzV1t(JTeD4%=|KxkO5G8>heN$Yf_(~5 zbq_I9o@o^udu?;s!p`@mV|rWxyOAWznr&41Z*z@45SYIL8^9IL`budhJ|gsMQ{ z8t%15eItnpOBJv0Xee0}R+}dYEczhQV%wQxmqYB9mGv=#G2uLzwd}LDNolhq_(jM< zQ|Y4hLp;_~ea>{Llvm^;+Yapq0|yP1N)HmWM9%@DeqU9+WFsM~x_sg15?Z@Kjg+NM z!<E%ULIe5JM{(?cj`iogEY%)T zLcLkZS0dngn~b6Tu5wUH1McebQT(h&&ZGtEC7dN=OjOD3^;>ZAG^YMux_GkTplnfsTx^a7 z2e!>ofTP44Y*$sqU>dSV6=EM}h>ZsV9Tx|fARYL+6olJs(<2t=nX&tA1$1&W(IltU z9~{}3@5}sAPkRf3pwU?u3o=WwZAZ%#O`>i` z_1v}{M5j@DXD4}6`tdbM1}-J-i%o>tc5snvg#|(3;V=4yMj{_ts>#|}3Sa~{xR(U- z+EIBeij15Uwsn1B_5$uWb8MxNiLxMjaMZrAqhg*Xtco9Hg-^MEA*Wi2G{$^ghW{)U=npDXvuc< zI~{(kZlWPLPP!VbUW&dOxaWop)xporC%WO;YtTbXmh& zDpjk_8riK1W3KY%v78r3B&Jz9r}k(g@Z=4t#=CVry0r3bRx^@JU3wOcIADq>S;f#5kks$AR~tbYdu<#qb8q?II#G>~FUgl#t-JzsTAvt&b+=1lcZoPza`Y!`OH4+*_y26eMFKA zC#{&1T0D$Lcqn40H$shD)8Mmn9spKC$jv5#Q8*~!S$F#(7U>g0TjypQN?_71(`i%- zc9_qyOu;jmq!FCiRWRq+s#etn!||51%n{&q31SM%(OL1_Xineq=y9S2eEd)o2y#x3 z2u7S$(mrj+d=DoEHwug9pgbi07*s_Y`g34Ki3b(F5r*GlQPkIGPLX;|JV@kvaDw0c zAI;C-8gTcI!u&h5U{}p}JPbId|AnNW$v$Pc=?~=WklD+T*IFfVxY0#Irm5T)lG8sr z6ziGBCkB=iRtqK3-x0!2ypD~N0qFSZURKSv)uqp6K{(C#NDg$UnH7SMaRjDXSNE z;4VCjNw*p2hZH?KrKd2UGyV(dgL{lv`(W>MHEB;M1~CBX6f=d$9sCK$$5$#OssP~> zIfTXsC~H$P0`JX;I5;j12HsYf*QKNedC>qS0U%c&aH`7%XUF!)M=@>j*M1)$)7+%9 zso9#$;Z*ccvUazbhXlO>CSL0OVb?(u?+X*NCB_Rc%3mw{=T<^Z?pmT#4WqeKaCBBV z{m>ax=Dkd;Me=V9CMSTWeAkHKPu<&O4qnYkp*V{HSWW#kL7|iCq<27Bi(o1S!#{l} zK|-3lv1J$r5HZ4VEQ|Bm#SQL@9>Y4X76t%SwLx;k*Kk9V60ozR8fl-trSpujz+yoB zQUN52h{|>6XmWj5{^nz)?2OOoI@Dn5ORZwALHh z6Yr^?ewEM1i%ia`T)_!_w%U)+{WIa6oElrB7>Py%q#-?6;R8?Wg6bjPdd%HTu0Wa= zl3Gt!8YQ-0NuSmt-)IHIT@tfO>2zX>#FS*-T+W@0F3p(!sL$XlClB5=UTXf8Bde=J zYG&kg5((XM7vG=py$2w!<}y;+dcalSS4QZYXZDK`?2)@)ySee3Xd+`Nx@3XB_R{}y zc-}F8bUs6cn7-`QEm+=@(C>51e;woTCYF2NE@VGdn{jP++H=(O+=3l^jGZuA$U4y; zYD`0%5a%17y>LI(#CzqhOxm-5NUk!YDGBH8Bf?ji{g77$N6LOI#mm#RYy`SFM`U|v z?z};Ub%U|Vu6_g8kdGgoPlhs$C0v|WRNvp64juu`I^>V#2{4fPfv&2D;Wq)@T&5It zsH~p|j#+15co0F3VI%JRDpuu9$axIbP%E7SYT!eTo2m(_U)I@F?R}lia-rTaD8?@E zG_Iw;lO>d&lDIGWal>o-P2fwObG!9wGZfhQ9NPW)u8{7>KQC#kge_mc_3YG{iHTc> zqls)E$a!O#_U9BvVorUY%3OO~y?&}&%bl^=-d95V-Z0r5z3}1Q#Vx|CFC@}-H(q>q z6U%YKi6MuoZT3Y*+z+!VGmpQz;&ImyVR8#WK zPPNIfw=@tmY|cyIQiirlQ_^bMq%175zK!YB7t-4lbS8S^wpR|7^h5u7{1>^JdG< zPOZ$mksSAaWcMDa1<_|bK}@Jj@xZ%*@RxeZ@rCspoU|A<@op-pvG6D)f^eCEnFRQI zdE|kDarDUujHLKvC)7{CxPEO`bmB?B={sjpei5nAcfp)d;z^Yh^FnYGVs22wOVKSF zQGli?unVH&zvc7l$7XC|!ptQf%B~Z^a_$Yae2-cZ-n)bpysWzRgYSr6V`=g2{;o$TR0YkkqqQSeV7$A^@e&(r@-reNMl~VTP<@EgkS6q)aQSb*-iDCS9e%OMTWTIh|ifM596|I(Ets$-O?FVh=RsbJVJ_eLkc zg-mo2&Akg?1-Lyhk2Db#X}hw -Figure 1: Finished state of Chapter 1 -

    hTB(pj}+nZS! zQVf*JL~{u*?93If^4$JWygq1tHJj^8vr(lOaw&$}I$*GfKVM#G&v)xiG*0NBy+MC= zb#TA?r%pUPa(P7gg*Ixrb$4jDXgyRGa-D!xT&^~=5HV;95}dSt^6KU6VZ`mn_lrpZ zE`sxX`Erti1Gg9+5Y#ekZCocHJBjaf=`3f4u`f}a8`__t!W3TLsS_}x#8<1t`y^Vc zDB`@7)U0GjEdA5i5D0wXV-K$Y%S3gd239uF8ILO{j?1bQ^qs-;c>OC;Tfg# za}KeJzy2bp4M|X+tT{kTreH!|2Y}b^qT7GZt5^~)bvPsM=eIx|lhbhj<5>N)@#EK6 zwYQ&jeBVnX72rQPRJ=nMeBRxV*bdbL58Ua>{*l@wzadael01F)Dp1(lW@(rf_@F>k zoit3Ss-a3i^2|nelm<&m?P6N+(5{Jzr3KY?Z!lUn9$L z*V{kUN1(_3#<0`4eXo6T6wcyH^yf>iG9lf|jOF=E1p(hAeSC4Dl%)cyk9z&!k7Kee z5Yfn$d~mK^L?9l(hkp!eBo=!seJ$%Zy~shafyz6r!Boy zQu$KF(<6sf0bc{ZXinQc7ItnR)7&+#_AcZyFF%txCE?xfjM2HjY9ig6CmUMG53>}| z8%U`7v*XQZ=2PBkH{Y(-cn4K2kLf#95u92;!EiG0f9oA`mcixk{++q>zpDH1h~DvE z4iV3PfS3*+v+}}c57?5Vt(`A8b?c`5w}&e(l)F^N$ew|{m9RTIr(5z|Jg$sT-~I<& z_q5w*g+uUg{o#Qp2CIIc{^;!kcgiCYcIRN~Z9v-!D=g;r+ZZ3Xe`NJ!AW_2gL&za6 z#{AK!@R-J18=ny&Me?}q31}OnwA$YovUz*D8rcEX!#8wQJ5)zz0H-Ya;1}z_A!3!l za@R>^Ie(Ky4|$fF1mWm5VvLZqJ>ukm=|FIT0X@M$&0Y@JqL)Qav2E7`JF!{e3BMb* z%|Oac7?iL63KT$7QjS{oSgrQVwQC7Y!irNwGL>~v1Ih;sHf|SWI}33@{uR|JFO~GX z=}n#;*9(RbVNc%-YIHB$YhF>LjP$ICU+y4eH^+`eD<_x`tgna4gUX)jCh6S7Q{Yp8 z)|B7yM!2SNZly=mGFV_`PnINuM3q({q;b{|5x?F)DbelR<3_-a`e49CRj{>@PrSk9 z37YT#s%esrS}2ae<1n}#P|!EXZVh1q3>2^ih)k;k86l`HLPC8lSir)ibP#9!pW+KV z&bwC*=hyerUzC`8bjMS-xwQJUD5om$M)8n0b!Dg>3&pcBIwm+!scJMd<0anJ)Kx)a z#9F5|jo0or-2HM@@j{tBffD8ggO$0zjTC;@mNKC?J+;1qqck5p6+`)}mkh+ThsiR) zjC3&8Z^UAv7TKW0^j0{ zZaV7Pm>>#xWx=#4{*-;@w7Eu8B44sDX_CNUq^C3xO4ck@%)_D{X$S^UWXRGL*)@?NA)zRH`A&HncYm21&8lZ^Hrs5L!Yaq(NFIb+?Pv*jVh*F=2+D! z_heVYk|&m5K2`SKy2^8>bfw`0e{IIp(mIONxEFwPaKYgE!2DhOqCSF?^Z7-t#xuV( z8PMf-oF9Z}f8QSCqn_IoIdABMgnB8tl~4BGnFiZBgM}awSzu2YFjzWulw@sMXt2e+ zM1&KQ-T61YV!ll<6~8H#b3qX{^HrN4bgNynV`}u>`oc77vM6CGr*uIhKjUHnw#N_E zy%VX}*MGAEmV}AQ*J>ZDX&GpL7hZ@i)NK0(VfSjeD`;-+aM-}^M~~pi`a0_2F#AdK1Xdit_dt{5rfaf=xQDej6U_+ zxBKiu*p5HQoU+O!Z--pxiI#c(^S^rJf9g14ymHPue8d9nsrIcKN#-aWH1%~4z>0-3 zsIEiooNY4OvoTQfAbQty^6=C~|J>%}m;tfs>%C7soAv#%?D_nj{M4Aq2UC0xqB9Ks$)J!U*{0IH zc=H?-9re#gxc5n+#VE5U%zHDfI_*r0Lf#ic7yGsPr9}?=+qB@`sO0ao!y_xD$-?fN zg9d7cwBV0B5nh#xg)eHMdvVYY9%@2*YJyeV}S}_=Ihqp>ve9PV8?bT|8n%Afgw)k;`Q;-l+ISa?h$RH?f7M~AB&SZ zP*LFoJ$!*2>*V!sBk{JV*k20Yd6P0ab8e{|m+e9s%OB(5D<=lx{dSu>M0#fr@pe1) zdTXGIDSy$y{imDo-+br2eD2{yO1aX{jtB5JndH7P_& zCA2bXsm9BnOn5u>{NL=tMA|hpN`!#vW|nwMf0ggU(k8g*8Tst7o>C7>%~PC60+}|Y zgFT-}6U5$#t6W2$mvkA?l$c|e`#4a$>hUcu>W24H5pbej7E1(V5qjJPeQSyqzAP6*-1S#=V3QO9tpZ_C!aXvAq&5y{F6y>#|chxV}BHlzc%3QW0?|_M*ND-ICO&hf{g1$Oy%%?pR#HxQwj_t}b9og!L>-?RW|ObcyJ?)aMl|aQUm_C4K-YajWnFnrU@7Q@BAHyMu&Z)ua1QlEk$h6N z`nQwkHiJUjvNw;;^@{z(&bIN2Y@2)?UfU)dYVvYyl_E@wnB2Jggc*Eu(XS^klgLqMj!uC1RFfg{ihaxuts z;agA_`h29<%XutkGN~nchsvVqf#liO--uVlBvY;x>1Or}StbtpC4-!Qx+*GzHW-D) zJ@oUb2E*!WgKm&7$#2xm`wO4bCh68QM!2g|+MGX-k!7W%&L++`yn0S!cf%BFor0hM zYun&@_cVlrtpb1IuYXHcM``ToE&6vghE8U0W{Bs%jbEY}Mu2#(Uh>ycJ!NroT0^pT z;c4B&1NoQ#=EU${)cN-$e)unk=>LEU%!gJ{efwfD&xW4yyzZ5)eO64dwUy8IV&{g0 zmdAVV*k-u=cEqqSH73%WcZjFjnKyBI34|wnrsE}+iO*jyh6R+zu{ZK!aKi}N@cMvL zyQV`dRD* zU>_l1(z%}rqGIh%#mTKR|!V={p734&Fn}6WDN|qkd9-{t@mqKGFK$uBqSaMERcaS;DAzLQj15@L&jkK^30 zhgHW=H=$kI<&O_+ZsDz3G(l;jXp*lMji zqLf4*2_lo|V_eZc0AHN(W{{uT(*7J?cL8V$OE;Cqn*NFKGsx`u3pI_#Rc?Co#;C|$ z9M6kP9D3cMo}0~NYQr(ybSAg8ax$9w_$l#BRJbQiz>N>hN@ZSK4(gm8{TV{LV5) z?Oy-NiCf4-{qd3wlblYa4dTKJ21ak;=!IKJ>rrGw2^kl*AajzQP4Yn|l2gh$_$sX6 zWM!~uIH#TY1K?d1qZY<#paDf-daKaWE3?8}(KA`{ zvX@V-bLl8e`Z}+M;mm+`rUHk_ug-G!MUQ(Jpam(|LW^ES_hWdjMF^_!&{7Q*xE;O=ht3{oCQDKw`;^sW=Hf)>Vfu)|4x@RPXB0 z#p?iEHpt1!VoEH!y29(s|}^uew`px_oqZkzDu#HI#8o{>c~IeKU$Mq zRjXCP;>-e*g1>gFF6QZKt+pZR=T|`d8m!a%dZ&vj*i9`Uy2QnG)^JRrH~1u6+c`Ft z_6#Kffe&Q}^rpuEh&ml~o^>=k58cQdOp+vx?WJ&1;_?d;M(5;H>|$5eky$ zE$A_7?FXov$*NT6CKHlI zaoe7i+e|L{T7YF?q7DXI^6^R7V{)ITGBTLB`lKPxHIU{9S_u*Brpkp71U!Gf(%U9HVRujo>;$!MIWO8lMDEs*CAc~2IGU=;-Sm?2& zOgUw9u?5%`!53F0j}07;xGB26=Zn{NoU(Xk9uCK2%TNt8Yh*LL*2TTXkuJ!(39BO^ zLb67WhhMXcpJAeZ<$LK-hPU;_YQ;nH!I zNliEsWgS`Jl2!)dLrEeMm*)wbdQ74ZAwrcHklX4ejY%N7NlU0l?0MNv8bYWFVB)no z6Sg3$2hc4elDNdJ2nxuZ=gxU?zX@SE!j9?^;A-5yePETAz z{%S@tY`KdUK#X`Y9m$GM#rms78iJC%TOw|@yC`E%-Yfcy`*mE~Kh$T$Z*oYz9;X-c zs~Z_!k7-I~39^$}h)IE2@OTxUrZ0$T0R&r^i0npxm?ZDu!qi85+w)Qr+)9WGZtLn6 zP^gmD67hv*(A*oKqreu39}E)DeUDU{a!#$}eW|RZZy`Z&JME0u#`cJs}0;BY*Xa03VLcR-XC3#z6XF*SEWQ-Z*NE9_^xN;QX zM%m?zWvTA0HmkXzB5)58*UAx!ckIRgC~ z45txi5ck5!h->>N3TVw@RiOfdXe$Fa- ziXz#`TG@`oMT{H57VeqY&p%19x^!j}D4)>JVUaA ziH6~#(lH&IoQ`I3k;mDDp zYr9c&dG@4^$A~{ghqxV{2f+vh$!AHtBd-=pmF%rnUzrz>Kc8WLWv6J#AYE6d@4D`6 zo#S%mjPkFdb?*zq)dmDU)Jnt@hjbeG)WuQR8M7z-`r<0P*jIm zp(L-fxw)iqRG}D2$+q8Sjswl6mA0}u6fjr->Ku4idRo&X-8L)RHai1w0jxWZ*W}N) zv$~eh&!x7AkU`%_{*%@LC7PSi>YhEz>#l(5eo(G}BQWeKU^XBGYQb_AWT^vf*%ohr znp`w0Se;Lm+mbetS7Cn~>-ms17SG$8=jEvVVAEviqFNx{ck*%9#rwWp9idgBe;kwY zyHzD4I?Nn7Os60JAG`mGarv+x^_gy3r9u;ktlOCtvEDm5J-pSjxndlgHYKk2;jn4n zNh9gdhbJs9Y3dkf)mMw^ze{xhsO@LKxN9&Odr9{MN(!8F!&oBRP zzrodkmY|JVq_gj!?2uXVW!ulYXDgIWH&u%@`HLC8*_~BmMZg({+>5+R%Q4!aw3+c+VA6G4;qZrX!hfKIP5I0d&$>A;X*Xji2Uf%%?pg-Biq z{Ys85pVT^1oR|uSM*R4NvJ+bxNxek(TUELHp>*=xkn&Mr#BZ@Kwb!mPjv@mCYpI03 zt-;>7rjO^|t@U?@8M-TP#TRqg$XxEuDH!3s?DVt~<^O*d5)IG>cUo0(qB1y?c2hWn ze!L=ZXaS&`?I3V)-LM_FW@B~_sF!%F%Dzsml`q-7_t$=O&jfS9Z{F{*0;<6~O{nyF z+GKW)G6*pVMI4I3F)uDi3TF$!d!VTBo`}op57NA%!{)|2nj%KP7%Su{_7;Q z#H|v7MuT~%6koVzsDj{$oU$Qzx`Ytz{|mZ>uT~|ODt=eLRp&ZYAQ$zzf@99(z@=gscEQ`! zs;|BMgmVl@zV!g@vL-)r9c)KrVuvE#g!T&4nYBb#T3DN^zZj8F1&GorAE&KPj>*)?Uz}f`R-R1A=TzO>3|!9{>bax76T( z!8*NwBwILLOn*dRtm;HocM{-QCQ;uL7q!9r}r7m zEs>lt_jojXhpQow5BKf(WCfkT!bmoiTQp-mNp-VoB%@QxhY4k zn-y{GnqZ)ZL;^MwcZvoegwZt#W~1HMkyY zhEVT~wZAGlp}hEBu?8~bk|)>Zb8g=_v|tXx4M+2XKRjAshK~;Tu~R6jHsk|RB33tHO*_S3eVt-G7h* zwlRNFl%7n{wz;5#Bq-YeJoagh1P(voQC|fE*U1%;r1(PykwD?4+%Zy)+q}-^fYaS+ z5EM$`e`?zc=2KlZBu;$xT8aA6ZEfF`De9MpN2u00s#!;f*Aa%o&0f{{k^1<7Qs`2L z5q_DF5s;~(RMNAmPZ2oYmY{@Mrva#eSjepY$}9F`iVxr?f&x$%ki=&Ja8sY3nqwei1QW zOA+4EYdZC@06bd8UX{65G*8JQnc82^w=ez$bkrlXsxoZ<@?5{9W%Kjj4be)&56Y^3 zzMOA@kLLR&O3|^b#UA#HkwJ>yf#k7WyIT90O6IYc2(i#@lke6lkd@y&vBwTKHCC6B ze;9R}^gQU%_-=m=J~AM3qO!fAX9w;5!`53?IpM}R&!o_tRmFEF7Sl-&j2~Y5pVR)Q z2Kgt~hyIr*r?WQ{qQqw=BfZ@oUFs{R;UWp_HYx>NeSo&}?Ae zGS0xlt$m-6P3+x8?s#1LY4QJd2YxD9jW34Yi0&jDLGJS^eCRTN6ykocJGt@5<#71x zPkIK+d2N?dficx6SNkJ~0kov)>QT{N=G;n?#L3&2O=q~+wHnqCi=nLksW=%#!sZx{^g&9hX1+7+tj5!C?wHhc>81s(0V1^ z)5NR2)F7!j{~lAZCqT>h)=Ae^thlTRvPVTr+61bio5TQwA^l{`=jIA_$^bd(~` z0l%O4c2l;g`?-vfqVWmn=JvZ>XrZWvg3sga8HDKl44FhdB%0b*!zh%=cDaG^wDZ_%6@> z)K0#UA1X}jrLup!G82-S4G=&ME>_CjNWPwK|Ah@2m5QkN1%)nF-GP)A8&FdM>3T7# zIRdsE?qautAK;}}8j^7S_Aec#t|BFj6~}wkCYD~j5%W2|S{(hDkBgfQumd>en~7Uq zcG-MAxpaZ3+NzLWZLKb7v2#rog@4;Ox6N5+Rn_k&2BEi53uF>D-|1TE8b}AMKJ>g@ z#BTw&7phvS^aG^U9aODE3+cV0P5g1pxE_%cS{rEhWonl0GqhO4c|O+Wk%9{z zkr?wkPc}QCHE2+idXp=jyp{h@?O)5QU9Qk9+SrW$jkyqHpUe#Nb)q8~S=`FXV6e`J z1yEI^-5MAL60z{J!sKGsqNeLE_MoTA*vZe#)pNTa^g@G}s3r2erXzPqEj3yEd>U`2 zU4}aNFM<|e(ouV%5^StSTk-HP{^mr~Z^2srRg zDT$vt02N?@eRTdxBt|#LuhpKxK9{oIr(wE=Va@-QCgC=V*0+h;n^U zSpI-MYUFMig1?$F`ZK*$dHfm`K+$z3Q2i>E^RHykh4`u0egl>kq9^(c-7hhUoi<=S zVunLMFkNgkKF+Gu)_+#_y`J@o6e9!C9PxL8X#QSoHb;EFvp2lcsiuhlfO{NBp?&tH z3d2^zKCQ8Ht_HaAp9d%(EYCZ!Lgb@hpO&#jAL?P4tuUpD+6p?*s5#H*1jUd{hIf=c z$9ENZvo{``=2C7b8CE&6c0^m8$&Y#G8Ckxw|7_{bjb{9Q{jLteF|uQ)x3KK`rxeFC z{W;@~sGnY>UT~>w?8P`{DY*1i$?+?9=DFGpc4nqqNAoMOUqgd$DArKfr0!bhUAp{8E2oj_Ogb;dQ=+Zlg zfWDc1?%w;J&-{gz4}cZY|7i1;SfpJ|jwX8J8}ZM_N)Q3bfo+=U z$vb_bVab24M7tsK^V>AGQrV7R?$ke7o-l4So5b)xvpm@tPugv??aRN23H*v2`EW*o z0B^FTp*!9lI&pQ;RUtm!clTQY>rsjO1=ly-6L&rkKVRxGv@v~9hHu`fDCRU4WjnOH zjS}r5jA}P>_Ew@XM7!a=#xKeVZB0@L87eAZoZ{?SsUdwxHc&BAxV0XXuq@h;^#Qc?w3k%b8Sc6Dhv$ERY0hn|DJ4y8c!*ug#@k=~5j zu~b8r0G_w7&GFHm=NlJMJG~>05fKND`Gg%jGuMg_?pjlybee=R`%SR;V3W81fBofWM(-gO-L z^C$iC(-+#n%{L3mtZr@6+CsZUm#0>XljZ+ZfuFYeTiKAap72{c{r{-IKU&})E%1*P z`2XDk8c5Wq7^j-C0jt?2T1T1n*E5l}7S|>unnkPTSOy&?r;D+d!e}>IgWYPqf>nd< z<`AFlPjtOUdX85i^O5M~`O~SM>ug?9pNQiZ^U#Y9d65Ns{b`Hq>>V&q+T2)&{Es-f zjO1MG!zzX&dgKywbcj$dPT_m61DJ+MLE-b@wa83%H2C__*4o4O>uXK^*GY9uo>jq% zumL8X9%>1gg*Z*!k(!Jk7F6!pGT1{T*1FX`JAudCm8B*Y&Fx4W0exyAR&!>T?rRYeQeB3o?ZnkCy|wtF@0c&<(7kRAEmi;Q%dz%u&tYJg!w zMozdkIf`gOmL)fxTe%sfc|&1O_s5M1C>h%UHrLcu*t&Dqu@ao<9AL+_?!dxWzgJAi zCYjw?uo8}}`E=vQO0%l5Rh6I1HLs@qe)Juo`_;R4ICs0Js`hl`4o9c1SXzaVzpBV= z!_L9EW!Q~?0z#UaH;g3eIrd-BF8`mHcr&7e6?OEC`Eg2d^O9uvp)qSZIg8I}~q z!aTJ4n61B(;%%+KHTlLGg}IwpNsvdkgcPWyG)a2(4~G|rfY=g`Gz)tYd&sG}ibWLU z;PIGzd}1jrzoY`sfv!kE<^~|-?_Lt!zBb^qWOE#^B<6c{stQNs@zlio7nwPWWA3FS_ zlz+6#{~gy0l)UuD(>~mwc_-;!`HV=QRZywz2Wn*xXT#^2aue2|IiGQX@3Sc9oL9@O z#_GRS>qGd_7i2(IiAX(|WOrA9bdYjmqQ5giC!ZoPhgukSO`zRgC{SH@m|sekOSM^` z0TO;6`fR&xp_@sN%PuwPa>lz|91c2^Z8YcR2ACm~78N2ZQu4>i&>0{J#Ehqj5@2|G zmo34;n%Az}xj}AUZ6CiLR(HyTlk6&)jH3}SGxpJp!X7Xf_;*FP=s;&308{C)(=Gnk_2)aTR)3sR8mf95wm;-;rgw_v1jg@o;8~pMZE@JyZK|+5)Rd>5i;+u3CF`=}whe z_`LkH#rj;u(A>yBt$9~Kj|Z2Y_RemcUGC_*Q=in?Z+aQ6l{S5^c3Ng)Ke-LI_tWQ| z{)bPZcPlfT^!1{&zhS%VoP4I6_S~f^Ij0A>5+g>{y8|2u-i!bc4+tm?%_x>>=oT z64VzReB*-%xmeocbBj*6YSlAvpll*GnL8Vi-k{iozE79qFyVNQ-wjjoM2#CbNDmw? z#fA8FFk&bb7QX$~+~d9wb?Y#}bEWcwcr9=SXn);33Y@V$2MciD;tlEhYRR zTWi&2QDXeXj4m;h`Dj>tk+^EVjqlsugt7fwC)q_d*hBzL23tHeAXK|7R&xVD};W)%&DAPuo&Ko9|K)G%bSYjdX+HGNS&h+(Ma8V$~xW&N}$uVQ0I zPV?_x;I$^sey*~Bb%uqQOe8GM$deICR*&(1ciTQByYMbqlt{99HHoHbpwE$Xpm;H5 zd>6iq7rULXn71vZ;r4EE?WWV>wr=dHJHj5mLWQAI& zPBJJ0eRNCh%KR~{cEDK&_r6i)9c52&q-;>V-YHpF>tRRT3SAKDXn0MAZHl@nQ8PpT zfI{Ae$3|JTUH$b&18Jc8nS(8(rL zb96~1_wi$lF3|3}YmzV%ysiX<(uUn+$l-E9flDn})u<*{ae`63?9v$ac{s0yY5nP; zLCR{mL&Dwn@bO)62P6ys+P2%&ROzyz@i5xZ@Ih1|B3_I&YsNGb>5xwD%+U5c&8K#h zvRW#(;vN*T@^&rDSGd8I?}CpCG#V0p9cclHV*7#-iEeZ!Vx%XND71%Tfwve{OTcjD z!yQ;qw7;Z-BRNf4vd2<|&6tb*oQK9I%&&(uG34B4hdQBWLxrI?P!R~ zT1cWkB{|akvEoHR5kXK;|WS zBEE#N!B%;x(UGx!IJ~$(vDzm~q|3{yn4l%mFb`|N8%pp9w1H-L^7etoE7_8;SS`w= z60OIqR3%v=X{8{~RKl4lqUTvXl;OlPSb{z;zU)^3vMomx#a8Z5!8XG_tqL#T%;TWd z7ol@}Rgh17xco(|CP}yT&&zoDIW~_JoXbNx^G9j?D8u%d~F(|~g;Uc#~5rvRUAv!->B0{0ienjI#Qb*nQS}B5N{C z!IQ`^+Cn73`b1NjR<^f2E89>n*xVeS@ZUZ<+gpe2tk3d0;!3L^lLzE}VvN0mDznGm zdshKo!GHN%a&gcPCMgathrR2Q(4lr|@Nx}syQjjCB|8Sub{_4Ghd0dWJ_%hHbW$@l63b=;qZ{%-ideIh+0tKip{6+`8WX(_dX--yk(- zmSMd&0zbaV&iXF#aK~y|RNzYsC3>3wjY{iV^E6G*+nsZn&Q+p$@VM+W-W8?$aX6j% zBh6|fy$8<*BjW#B(7*idDjXwi!g{iB>J!OY0EPwJSdR6apD1d{HSEhOwm#C$QHb>` zFua}P#rH3l@o#MTt~B@+5`p5KU)UfrOtEni%r0|u-tQKxn)C8OS|LR?*;vH4MT+78%jMjjmQNriG`9=KmE+0D( zlMDDMyf$3S8!JvYF*spD`T-<*d~fH=vodd%8}0es9=az@~-4gGRWS~NpF;fKGf}FHa?7atX49(dokdd-u$+z3`iLz`t1GG%u^Oc|LLAz3_gNqHT8gHb=&QFBh z$qYG%sio<5hTuN(EaZeIRVDu#JY1o=uXCMODk&JIAQb9IKpb;fab>fq+Zo;wF~S;o zy`Cx@B-@_sDY^p*R>b28HYr-F{<;mc!=aiL((mldK4llM)ERLjOgX;}r>S;}y| zTsDV@i$NH3`d$-)AjNxO+5bhl8oU7(8?V?*dS%D-$x6XF2s?KQL4LCd{<)X`SxxP5 z?@_oVZee`9zC-Tjv?<&N$^q8=y=(|mIjbW1s;FeW2d)fqoyh>i-S%{0;*yk~ZpB26 zg*3;R_B2H8&a*t#!wL%x05fe zbHkY+uwn4$JFXk{Y8FzgCT#w~QbK!%cTts!8#nW5EQYXRr-&##$c|l4o(wX8!a#kZ zHia6qQFVO)9UBKs%A>u=Uy-}8ZKpe#0!~VnDR+LuY~QV{X+o3WHfD9ngz)b-tvoH9 zA|)Svqy)=Lr+o|DnmKPMn&dp~xH;w9qT%ST69>p*bJMixAh)4>>~ky{tCB-R^ONME|J0FQeX9&bt+!`X1W7W|Ngi<6kc%ax9#ZI zl(gz5`*(0KG(Dvt#}`S5g&-c&=);LQ$JQ0Wh~mdInzFHGMwfh4oSIhEtL>MC33r?a zRMV8ZGkfv*_e?co-e(fDYjQ%RTWS7NGpA7gcR5qF`BHm-U`-iMakkdsX&Lxgl#ESlBI52d&hMCN6ge8 zC})LF8YvJJUf9SOdU4(&4MlG#p82__xJHW|&f@*?yInO#^~)|1yGsYs;kL0=I%i@L zpF{UFzF9Nhs6DldI&(tbTm2aH-6)0~3{$uF%~8Sf$cOoJ|Lo}ZS6stGb5|H2&Mo?v zJKuY8{oTf@60`ibE4|a^t84m;ruC@n_Bq>Ui6DDFh=vU$S?o+ zxBn+MvSs+4#mj>u{`%oQ)Mth%nv%so;ilazJ}q|rQF^@O=0C0cPBN>6d$&vE$A^P+oTWN067Wty1sC=)-{}yQ}vi$1cim?M9Sn#}T zbGC0y5)A$_&}MC-WGYkyny+5`_#{L6s{UM(h5jMR+|tZYo?iw>Ot&xw*c%#}-+>NJ_Y<_xJRVQQc{ z8N*PtEZbBGb!JGp%Cx96gGRQ>b5NF|4uQnHMRbW+7IHT28_+tENe>QMAIKSYmBQEV z&43F&1sy$~XU89|xIAepzg$s*z%LqQHSH@mf?aG%p<_&M6*w3V>c(hM4sw`kB8@@pbdC>f#It@Dpa1w9WWj+fma4+wWzTrI+0*)DGqWJ}<6WmF zH$pjgCwH|6QN{EJp#CEH%a*ak2C#)J7ye0#K(f1g4mY!ZLvF8JYT7Q+=9rtAYS>KB z(;-x>wBCIPlS32=?Ns%x{b}8|-Mm;|+G$JDaYD=*xQG@YRz9ai5A*AHcVRVNR?8NC z)YJWLo3taXiZ*l4_dM8(QoE|K;BpW&Lm8 z{GS-#uRv3mcFzJ%8-T0 zF+Yk>AGLO9v0xgA4D;mI*3>0agQ&t-%Bkj7)-!Z|9Ap-9*v1 zu+&Te28GAhAcP4u_1t>=ELr}7#J8OV2+b)Nq19>Lb zgM;hoO&?3}2$Q4l0{fB_9YXq;wL;E$K1vhzN(TIwCEHgyk zAt5oaB$3FBK40jAZ7SuN8`hNBdZSaqC|`yy?r2s~BMgyB)?w7_jz+BP8{|A4jYDrW z1|{(tPnwsNg#(3#O?f&1$JT(K)XiWEXV># zUw1R@^NOnX(H|0%>7U=_mv?-ghZkGGuTUHeEV}@_kUw|RmJwIj{rf5X=KoZUVgu>_njc8a|2vMe=Xx7tMbh}~3iX}WfeHbZ0zs?K8H*K?n@PzukEN>W|!g1)+`WY`oe zAyS{-wpuMAF@3IqoWW2IL1FhClWcv0pE{jF7QL~aM{=a&aaTl`Trtor5{*TBW9?R> z)tn9xYb$6!Eo<2?R?nC6Pmoc&I(BY3o;iU093G1QMj_p9xl82&3eLM`{OdL=Hp<-b zJrnOf)I>7Lyzt}9=@U<@RWIp*kzUK>*TKqNW`oZ&YKa@%7QirK{ns;B)r(6voG@l= zLa0iWGllHRj^ze&ck!cOW;^z)E?U-7s$TPn_;Q?A0X3iL54Nr$rBifi*4lY4Js_Hn zgU0qeR>Kp=Ej~%9@CBFm+I8Ny<1K}(Y1{i!HtJ{JC^YmwF<-8DD=0Xe<6#${Fyx~m z)J%W1L7TBPWF%_2130Gj9@SrA3pn-o106 z=(d(Lpb;7~qZ3;JF+k{N=XNa`fFv_iZL?>G(5CY|Mc$gV^Q(SPrDa@Nb~Tw{mNjf> zh*$SiPS4?JaJ) zh&K5`d{j{Ron-SNh9gj9dpwvM1_1UrQnRc-sfz`;*V&x?l5K(;L1v9h@)aFa*;c;s zG(K+o(YsPd+@u`<0#Hwf^%oZofNcT{rz&R676I*Vg|$bFeI1sgI=7zs*3*dquaEuh{HLw)E{Xm z({Kv$+q5ash%27I{p}F4XuuwR@k+y@*pUaIfz&y9@ zuIk~`-hYz9;D4n%RJ8LDV_o|4*1ctIy}uRoFMa@AZp|!1we5T%H*f6ZQ`N8Ry#em{ z^*i;HdYV`ePKtZ@-l)<`1x!H~|HUHytqtE8x@&@b4h-m~=`wt_QKs3#Qm^3b~bH&-yT`w~H$G6nj4K#he8z##2$t*Q;Nl=G%O zj>2hPv5>@fzR@Ja^%X(fyy}Bvml~(G;E18Oi@XOKcox2T9+Fe8kpjyIJ*&V-BBO6H zN`EWYV>6SLzA694T<5-_dArhCEw^4dfw``}S2NF)fRFVK-($d5Cn+T`D>KkHUry?cyia8*$6FPqmweYT5~+nilAf zeCtlXQ@lAG_C7g)d{84z!uR*ya@VP0tA zSzA^?6CW;i@S_lKrbAQ-w!Uex#ZTw<K~JreT_Q|>Le0X=I8bNGOFbxMteYv{_CjstYjE{ z5ed0aPP!O9au(>HSqH?QI2)GVmD#+kiipzr<}o5ulE)`)`?Rg)tox{`*8L8sPmO`O z6i~VyEh1QYxkh~v;hBr+66wQFCbfzi)#t2W_-rEWZ(83PJ16W~2FUI(_WYR@8e(%# zlw~c7xtCe`5y~sm)6qdTbZ-`yXIQ+2i?}mn+R$1z!arHGP7J&nAKvqAAvDE|;brjt zcG$oYd<9+#%~terWgD`@1=`#)TpfYd)9Yg&cK4Uj*{fNI^|d)JR8uJ(!fVLQ(`zBo z3EG_#*_Pp1Zih64!})Zq#a!fm-S0$NqA0_TclY%k+fv{rGv!vdLOcB=Jsc1n<2Yk* z!??u{9vL!pHupiiEywE~(cgU8r=Xz1vTXGLM=oqcC^EPlRcIYBYkhN&S?7!;)Fo9r zZ{Ou0MB$IY!%P`?v@y}A$1=#Tmo3z_Sb|38wN)f6;x!_3&xDqb2ks-QG@r1$3)zi9 z7voaM6cd@2oBZ=**-(wz)G4Z+a+~*WnTYpv?TMQLYgzMT89>fKmVbWws`kw|6 z&ALx|hWt^gj-?i*Ml4hA6S%2l@}FDDM(KRW_D>Ei`iak1KK%Y~{hG4<)%o*mq7B%X zEz_~^7p@IhVh4P_hpkBt62DM}=3;Yg@&&$G8tAs1pBq=@EsOT&WbLPAQf@&x*Ay}4 z%QSlVZ%-(9DGTXzJu-UR;D@>{)4Qb)7IT1;s>eJfT?CDiQ#9DVKCJMqFlM-^C&t5} z7sPsj-^C#u(>yJNhKd#1pHzqGSOE`5A0@7%O%#S_{ZcY>w0V%h?6l4=&{u>0id>uY z-ls^+$Pl4ZJgRzDHvfzH{MR$goi7LTUoM3z1{)RRKkw?C60~C~t8BKWpu{0Pj4uo@ z;G_y4w;HJ%ht%bWi$Q95eriZa*Yj6h8!z`hvWT2822h^K^3xkv)e^K8ccF^`k(g&w zVS}fw=Ei|cpX;Sz1t}!c(a)`nVWaxo4o7QIXpqa*>HBr!=ff2J)hZ5KT)KFVI0Z`r z*C^h&zBNZ@%gv~^Plb_irbPzJR9CBjeu(jJR!Rt<1Fub*s!lzOq(&CDZ5S_D9)5GJ zbb~uIP|+SR9FuMLZ=a_By?bz9Wwj4l{@VJ7gKjSW-E*Hx_YN)hO>~eG48`*?u#aC# zgGV;113q5H|2wMnEvT?W_ml3I7dJNUXPk<@Y1J)>v%O2q|9a*NTP8qF@dit)q0k^OmYZGB-hc~ zytL7mi(ZP+5tfxb@3$$2vwTY@2dwcrLU^=!5Nosri96vO1FJB2CflT{5^=sYsAXuk1aorLMan2{^;U}3W zpQJkD9&!IyA5zNQ9l|eXrmu`ytz%y&<{apj*l5U(#RbFoY^CV7w3!xpv}B{f&&jKS znc4F+L?i)6(g%F>}r=8@^av5u+2gbSYWHHqfJ1lbI5A6rTY zq}p~n;rj+06!z}2iFaP!dYw@^a?&DQJ7d4N^i;+2?K-DiLc&2y*TVdKVaGDt)-5Ha zxvgG%)@N~6UoEcRTv2tu&UPxw_C;>v2o1pV{QKRtP=n)Zbm*W#60n=BB%@N?l`cCH4KE-z4(Y^;~UL zPyPTkb4BC*I;T5PHogOsv7beAj?AYk5!b3q&J8<7&&y3?+%tB>xCj0?a|XcG0s%Ow zmT~^xQBU_U(GmLW5jeDIY%9|Nl^y!*hSoyDWDMrx3H7gtwS9;{36gK9pkxN>t;7zF zb*Lupy5G~-GqmnN0d)xM>i4PlC()nTp40T)oN6gq9!D%L^DolwSy5saeOv>G3w$eN zFf|y^1IFbys=Tw<&NBcmdgEo^+SXhTWLN(?W#L8_FvP;HJXacG?-=29DGcu0-F`OP zMAZBIIPY@xXSc-QBWbTMysNQ1i`_TxjPb@x=G+qTxo8ae!dY zEi4O-Sfs1>M&j7xgVZX>;}088h8Bsar#qIouV;j*z}Q|0vLc}b1uiHWo6l=QP-921 z6^m_oG!6JbgcmSqBQ`s7e4H{|fRf&d*Hj%KI%M%M;9kD*T@Yk?mkldEfv%={jjU(< z@=C0sC~MiJEyV|sOpE%WcQW%tgUSn;pCnEA8Hz>`@5L=eM7ObZWJ>63DMu?4M10&w z=7gUS=1KXqcA?$nsif}K>`)BC2^?B1cYDhVoS{xM1KLA5!=LRW+YEM^iL_PEqYF*6c@JL9-$S1oy+FzdvB2fH& zaNDFZj-Gw>4aIA{V;zRlkszO4;L-E0I!+lL`>>HF%$d}6y0eiBJ z(}>v|&>B(?Q=j<+8c?4rczl`i3;VSGi_7g_yYC%jkT*a5n)dJ{FyOjZ!6ThUg{i3q z4&8{*KXi(I`RkGYU7%~{dIx*7Nygf*+1X!gTA!DmH~YmmnWU%X!q$CV{9TC>#Lf_B zk)e#RKe2snu5Rp&l5YJZ7D6G@-?;)5<%m=zTMzuZAvIz`s1lGkw$!n#yvB zOx%7#vZ7We(f$bJ+Z&g>mXj+`Ta#l94cgx&yNQSSPGAX?KBh4>gy{%neDA}Nw%Sti5>_!;deS{H@!YED>3MK;Ogb7PR((|r>X zmYnDVaxx=9k;sa~=kJu5qBIST#x|TgeciruQyAli;fB9LaAcD$lEuj|E)PQ-bYov; z?YCtEDTD7>f%lC;5;-FD8cxlc#_#S-q?FsA^M5!3##!Yc`XyYl6`vi2^~XIxln|s< z;KNTw5QC28+8&0+2wQ%Di7j+Owzj{c$0k43W=Tpca!65kr0+E)+;igI<;|E<`|vQ0 zE&`?Y^>9nzkureN}yRuu9ul`d`v!$-;MR$)hG=bF?aR1G`Rp!v)TbVeF-7@|68^a~;N zQPu5wf3yU*m0TAnxh$-1LVBjVTp1-QiOQrLg1XtCp?)I@Q-1azb%u^I>P3=FNI}Ept&;qUQd7&U|!lqm_LqR2Q2ar z@#U*rd9=Qk;#5zTd7%-a!}2}mLRFxJmj&Y6|F=jCo>(XVcUr%w|9ftWEgI1ZPOC} zF#phy$kGQRd*i`?;0)BU9g|gf`#H90b)j73A$!U=qaJMXfGx=V@acM`g<&viwio9&o2p_gh^HX^%{5=m$eY6!zt3F4To(gdv5PKUd{FuzY1bkDiE(Ukk0 zI<9g$dAJ7Cv$zWy;4ug%SrgflwcZW@ENmqYD}~33ivaSAB6ID!0*wMe6A(A^9;cpB zbUn5pj6KL=4|`P1AP$D=`i9z{^o=ah5B*{-m5a1q*M^eB=hvH4JjO>BS}~U2j}Oh4 zIPR&c{UBwM1ho#y^c;L$QT{__HcT=d{5qbYC+zl;?5G7OUCGBttC2J+tB!Mg#tOYB z*hma`Z?Ar@n;HA61Pnc8zW0=0(Gb>r>U@15mdP(eyNy9FCzc80wWF@vtA4>DY`d?zli+9eAp_Epz%nN+te zi_M!oo12wKO9TR!|UYe3yi7Qjv)Nur+5O^7gqD~}MhNy*| z{PamV!sl$$Uwfi|?R|pk#XPo_cUDF1Ck?NHBIx5XjmULE)}jGBv~V~l#2VEEq_LT; zTshuu?4SGipSC|PoI_1yhH-8uwT{rBBVh;M_4=jv3xzm76B=u&zE=fvln$8t>@&oJ zM)b@ck7ed0Gv>sWWkGw)p|lGTVBrcPHI$v}0-D6KL5Bf<3c4qxdZ)gsY(%jpLhYz# zFl0quULNgF(eOX@EH$L0F_~2oOIL0bewVr7Vhc_lUOi@KJq0HHDzr@berI{Bn2~X?W**Nf^jJospJQ{p3e(#yG9Rz zO)6aM=$1uRQQSPykj0g}yY_C)?2C$W;}GUv{%Gdf>y?-#lor%_R#Rf2hZ%H1W6kP7 z;)vz!mxj`CZFb`{x(p58ZIp2EOKu)h4UQ^~o=CMr+lYV1_*yN1P_72}rz?FF0<@7#Q7A;l?}ESzVAmlJ498(a`7 z>$&mrr+@9t{U>bukC0it6z6~SL)mu@4GEa$6vvAYIk){4a<64rOE%1_VhHbNFK$Ct zth4`ZdA>fIrJzztbf`1;tP~;pE^CNj6Dys3IYl?8+yco_BwkCkkivHmFk6QU0tRZS zDfIRl`BGAB3?L*&6_`F92z4m62rP~tyCb);pdpJgbdCrLcI+)%sX>de1Kp_Bu42e_ zwR*2ae2Ek_)Y9O6;w-w#A?e*j(P5IFSDR2|{0FvPBUsVyZL{FZ^K0=RX570FW7q4i zCfsViy|vV;d-$;b^>1c-zH{cfqtl1YX|&>^_QmZu$eYuuKl=3tW}ZFM+5UQly4Vtb ztQtsYeskFTjF#rI8}SA={bhK|v&3twy}gL7NXXiCYKtjQXHGdEPu-g{dVSRFJhb`s zj86n`02JXe)BiAT2W>)?i3(q{}?cH94K zlvLU!ZH>*e(`l78=`m7@N$Q{C618VtBh*lrm2csK|8oV?VG zG3X}qFzMl;f2bVU-?`V^iLebFIDxIqRu!tgE(lvqc0(4rBBXPqFG-2+2CI9tp4=tp zQJVxcgR?x4C5m6q+{hurxPxTT0POy1s2Pj|=hX)TK}>-;?u)7a>?C3Q|K7kCssDYi znCt%w?jrM^cM}==Zyrv`S2SK5st>@Fay|{UX(8GV_cW_xZ{s0$P@xA3&EY|lOwA6u zBw&1FoD!)cTR8Vp%GmC)_mT|{RU7At&aJ5=+zbjwq)aw zfeKhFls05$j~5F#rcwud5}WGF&8_WvMhEvcjEScc2TCsHECAG=%$6U=Z>-T_17LPK ziaj^jx~i9v+#zqOI88e+C`etG!q<>}<=|7b>p5~w0Y`|i)2jQP_exc4SIK-~+wi?b znJ#5~zjC6Xh)k&f4RCWRPAhMSG(r}c?67U_7~il4aB-=OK$*}Pk@V!=9V3a*>)GC# zP8Rxuwd0Byvw`yYor5(yEP`#28ZS{8;D)lZ!2X2j0)hR&L_FZe-K(sxXLQsXCWZ$* zBbO0+PFv?bhIuY%71iWMwhw+iv#KP%!&}@(suUIO;JqF%q`0g(7+zKSedO?XdC~Fm zUMKv>LS=Qo<;Bc1CU)cG$%~WW!G*rs%^%q}*EfqVq8zry3LSrEsW(aw4@4X-yO4|m zk3WXlFKETq`Jy^DG{f}$a|@$i&YWpGI5c$}>TRZh+!--@a$X?TDeUNF*Y48w&#}D(|c46gvPE}u;Ra6?kIIa ztHnj!Di>)1qI*W*B23sg(Jp~NNQOkYN*5py09rsBZn`LzUCZx)>No*6$Fb0rLUk}+ z5VeJ?i06x!%(r!#Ojhu`)+ND8OLCg59Vs#=atF+ey4Bx)gO%EjO`IWCp%P1!7G-)C zZmk_m)QtpbJ2597S_rOK7^cYW-T20DiOmyf!bSt)atS9M8eZGj4jPp4m` z05I`6Hqg?qaO-m&t~`4!2%Hz+d?71?n-c2$^Vp85c~&A$9F~WFm1KC0UL%7|r9W+( zQJGvQx`o=0ypY%XCBLgvqSp;<{Sn)c|2#htk${&glm3xK03(0r6qtTc5C(bXq~?u`riW$ zc832-)5_N~PerB*QWzKmTg%{<^iVe>DPe}(w1EUg5<;FPfP0^gsD(Z=&hQSSd3)M% z8(z)1t$BmLZhG*9P2CfKMN3Ap*rJDAyuPqID*TET30K^s)P10vZ}czP3g%bqP@^!b z+-Y~X!hk&eTi!iOVKPPczbJYyVIdwr&hc`7d7!W!;X`#C*PiTgfjQLBF4(WE%Gs=_ zRzPukE9=F++5`}-Ve!p_lD4SFe4Nt*@Wc=Kl7r?i11z0-B;X!WzjsuR-NYeomJ+J-4SC>k|*6B=^JSEg5`qbXy+ z7}a`2Dm}c#!pt>d%}M?@3kk;0Y5oQUnLg*22>za)h}#PU(Yzw#LTA^MsgVuuU4mr> z-8`2o%`XW?Zx%1AYQbRgR+y<=+L`KQFn>uWyz9!q9HFT|EyCBcPGL*xSq#rxR z#|Qy!@FqXkI?hiSo6^Q&gz9~67E;QXPx+Cgpn_oTr`&AQu{ta*zc7G+Q$FTDjCSsx z7l-!Fli+(RuiMt)ghVN6bQreqc44Hnh%_#7KODSyIrqZM!)GNaF2jmOkv;kv@VVc+ zVR?gv)-JZ4JpAUiHk?Bhci&|ar!bNV`>I9d-~B=sd@OlWGZU=6eLPXz-ZDE~5WeBX zczrPBDP!GxV9iWGibOE=gfRyK`6DHq$)j4<0kNzS@QX#`C zbh}_hw_)al>l6ip-Mk5h71?7_o@B`Gg`+;^sD+!#XEBFAZpmE(52PVED6^kZv(~zT ztdK+aQ`vmSm(b;Xyd<)yyUMU~(5b#+5I=-Za-V{%gmgbv;q&@ZbXqbfo7iQci7eNa z$^qouelGG07uVEu@u4!JFx!^0d{pnNM69%SNKDveLbnmF(;qz(9ynb?yC^~u{xIB3@oEoIW(y4T^Ov#+XHQ{|A}C) z{6OSE2D-3NNj6FgdDXkVsOqkYXzlEn7V?q3T<~FdoZ4c+^l!mrX0Q@yo#BLRl6_7P zMVClLvISF;-Oz3q+66kx{P}8{sMV@(Ocrq1q|r4dI1yPc6hM=5)nJb~FD#{^yxTzs zsYfXnV6yOzOy8mEMaYn|rJql1;ZxO63oIyq?&%O3A^|bzts1S-la(s0?U9!-R`-op zz2|ZWZ04AiEU+dWH7PR4`uv4Q6l0GhYE-MwVYd#M37o zZN;*xE!Bjkzy&UCzaD(nnO_?p4%Jzp$Emz`mliy+ZPbETC-K-eUYF>1QHl`ECi}pL z)E)y*CL}WoJ+~2!HB4i__`&2JA$31zmpVQ5M`t$X{EST;E)%cEmR| z+x=xNEHC-zzx9Cs%7?3;77CY%xfyCi64%m3OBvBE~Y-UZg4C*`)}NqqmDnlwkgx)NF&{u~+e~ zMRd%cMh|5fT#BQBn|4Fv(~X;>T09s6?ua-U%m&)xJBi6|x%|qknCA0-ndDGimEpoY zW^z!CPw9oCa9MVyyyRjJ#ozi$&SAL%a9&+Dq2rDD?Uk9arZ*8mM&gNqIUB}J&wa-P z3e(lw6Dq~?V!DQoHxnH%%Kq1L@&88zvj6S+IV+|%zRYPOBjR;fexgJ|xKte(N@|EXuOnmKP;K9gRag%QcE#VqdIEx4 z@)8QNn0#8`kU2A#XhFQIs@#(!&~?{;s-ob;q-d@STNGV#_T0W5_)d22b|o3 zRRw*fsoYt+HPo$@XYn@Y{Ft>$_kJ57N88o!rY?t*ocp+V8rrD-&_|)tzNCpbzpJHU z7JFH>8uA1NV>6I!vC=pd7v_8p<|-v^FYLsVg4*v1@z|G7WdQ(-8_wNKvH{4#wPTVV zYA8};s7~vbr<{MW2mM>q{d@GU|D(wiY;mgQmE7}cL!5j~HG4I8W%s(u9Y{ruXk{_l zdTBSlt}z>at^Zwpg%rLrxA-y09kp!y@;v?g4T#Z@v|0ZEdSU$`)5s}*X-8v@bd}lc zKC?iS4)}UTi^@eZF9Yz`l9^pR2tPN~?IH&mq7(tv$Nhv~HZR$g%e-m;Im~j!`H$c> za4LAYLugYKUKA1xP&aN7#;Prk??5!53R^3Liz~Tz=F-lJGtczFaK>#;t(W6u6H@f` zV!g=NL#rv?A8@=)F*q$xQ{q@W%n88(^HI4_Zf6WNR{XxkDk7i^?XUJ3F;6LoICN9c zS{?T25IcN2{)itKASv5{L=vCiomUe z+ByvwW^C98{o$FX9HS5=j7FMkE!vU4Z@^cIQvHD*iX03B)qeBGh#nbnM0bzebAp;E zi2ITEHmRr7`OH4%2AuLv;jjh{-$x@4is17u;ix7={+p=$1q#WG38seXJ4_UfK`nVK zDXj45do9Q{&)uxG-q;_2{mEZGyWvI?7CLh?&v(kYFNgp1w>#?p>w~~g3pbCA?G8_V z>THcwZ@2;i|F=#?KXVQ?W&L>4AS1vqtju5tnO7`pN6|a4x@gcJ5{i%M7XuVUycKk< z8xklL^jzcUuJb7HZEicx7gC7NC85v0%Dg zgc%I-+*`FJK>Pn-)Tk^3^XiAL9Q4@>roDUiGDQ*FMlmagdz)uQn-X4oLa@z7Pdc=I zK5atfH<><@CvE#s;I<1B=Z)MWUu(}$kqb#=TdJ^{7v4K>)y$mxI;fu96FSBg)T?>Y zjm-NW>t0&?;s^^~Ji#1|KYc}v_Zh9ywtUqbv=Gt%fjtXk5>%*x0CVdLTj_V@I?vUH zti~5YFyTP6LeE@ZbBDr(W%_vGyxD@-f>xl&uHlfM%h*`wIVrfWA#!rD#8ZJ^X5#r0 zIxwYDOWl<={8|N|XwWf!f3Q`10N+rpIg^~TgR8*Y*Q~I=-B=64e3;@vo@RY{k)*$4 z@HWg@Z9NEMZ|k{(6Y}YHy;WzcZyoskqM?!DbYc0`QYQwfZfXYWnmVQeUeT#Cv?uS_ zB>~|)Va;NV|V^z1hLIPPL&kdB;8p0_RzC z;WB_iNThhWWlBg#_maZmVg0RlHp)vqV_M=at77|DrPNBkPtm-PU8mTg|A)NqfNCqr zwsp7L-Oe^9o74saCg+^mHo*jeL5LihBtU>LNq{i8ZG$mFfB_REl1-LGFbI)EXp@t` z0z?ibi6}5RY^;R^TL_-KirmqZ?l;KCcUu4$heAn;`GGlNVLOJlEP7#`0;l zr59JU+t_q0S$B`hr+i0>i|=vy)z9>C{%m9OY?8FUL7hn55f70o=w zge{~!=qmu04FU70o`&7mR?dGrp=6l&M7Dh0din;5VgLXmqfD3PSRAT+DbFHQ_H;^js8kOY>XC!^O z#EJSu8(o(iXCnx{0wmE;}Lalb+iXi%YD z$02 zzWQX*e*xn%lcBpYIF*Ag(Z9h{{_AbFmI|>uV=#}92fvK@cb9R$FImM?%PF(3y3gIo{&smdlk zmaV5d4bZSDfVvdk=a%jgp!;!P6!xP)qgU|o5-60}Bt=po6N&2&Fmg%weY*UyMWA?6`avgTeY9%M!v z_D#h`gC^R9&{To+rxbc3DNqIpFq5i246Z5AO$ctOoyZrJbM*%skHK60=V~d#VHWwRAGUZgT6~2mi zS9`hhQf{V26P?3|?_!grqQ_MIQjO+#4aRjPo1P8uTQX|YJY8q?&=LM&b#O_Ui&@Lx zxjf#+P)Z6sVPN2AVA!W}VJs(WfTuA;m(BN9*ZSyyZJI$xzz#T)i(h#;U#eQ>TM4sd z)rhN84 zip30(AehPM^9Gbe($f-hPK&&B=Wf47rpyCLq!XKdx#TDpG5V#sK!&S=cOuxgOkK_81fQ;yxfP5|H01L`MU+>}=Zj`Umjxtd@ zz#A3iXwKMu-JKcsgYL~ zK4`zI|Dpu82<@-#8Xn~PP_K)$%Cq_TKbv*_Uo1;~wa%S@yte=C%t>|aMU7UTg4#H& z@v7Mr>dC{EQk`9n%*KF_$e+9(|DT+rX8W@?JH6#W0fA;uF6)idSykU7I;zyrE?{*K z*DOS_#+g*D-_zUFCjA(Zt(>bXaHcib|i^FO9x?Ql)phCCdWSX31$xucDb|FM2rb`06 z8ik$gwS3(~Le_T)jUqk}iAUbV8^XYg}eBhio8EL!?Us zuxgb(9Jlm*Hzo7%^8TXb-MZJ|J3;h)SiZrLE?bR7BKC{3m+3q=iTCfm#a08{9z*9j z_=UyL6U(vy&?opPJ3rv|3!%aajQ)3n0C#?U#9A%)rd|J+?&+wSg!VL?5jY*50e4O0 zwrEaa>ueW~y{*8MU;O#gYSo+RpnP5^h>@P{M`!+2dYv!eSnJ4(_8tI$TBVrG0sgHV zY@A*2pq>MVSz5V(diA{+1{3FjQh{E0(ub{^aSj<7orX(TWpd`DCaAcGUd0>q%}iaV z9(i>m(+=0=sIJL;Z0*R5X;4L<#Ja;!FrmRlZ2I)qMo`9b|F&faQ!fKtC=CTC%1&1i zAU;SzSBNk@s{!pA-`^HuPxNN{Ih}~&$!_NuQMlI4i*4l>E|f+U*Y(mf$c!c<+Rnt> z=vj1pJ)jmmfXy?RAx@Hx`&8nLP_e{SkVo2Y7qrlk;2nXXeKQRw8|&co$`yB1(WHzS zqwl@ZG97#9X^6brrf`WsFg@_iK1|+waZiz<`|0yH83UzPF)eLOOR{ zSX|xj&gNNzlyXEj1_9i{y4h%umyf)D z!QXu#$Q>55IEA3O?)SMK)Tg4#-nL0*QV0y7?g7q3xO)Luz`e>K7`xihNl7TKiqFv; z2K9Sc=P$cG0Ht@l@D(rm@Odo>l$U&2=;9NH9;8$6^JYW4R#r%(7L(Rd&C2W7*r%4w z?9|u*UbG`Dn-60B67}yt=l^}v{pG)ZxxDjp*DHFMV%L30z2VHWU~oGzSP&U+!Wj5C zH|bJ8vb;Isx|+bY?xmVH$ubY5s1GD#&GZ_E>2#Y?+ZMs9sRtvoZzrz?HUvJ*HGFB? zwI^+r6zG54xEunRG#x2uC$-syC^}H|G>mQpT)|CJl&#DGmNBusT{{ppyqo!kaC9v) zQN*ytWFlw?Zve+#26%12m|O25vvgh|f6OflKM_mRZ+bm8Ov)h5w&Au*`OHFeO0et3 zkko=Ncn($!R*DX1evQQjA1Zw?f-0<2t2}}Ot|{qD0zO>E7p?h?@q9R0TjJL{o&? zFu+37VUR_Rux?ub7|H*9Pi&*_ycYljBw9wH3)tJiC3Y>K)YN_}~ zw*^50(usYVHpDVDJF5^o&Xc-{)vykmOwuD4*$-n1L+(ukl6&IiM?BGPI#ke+jP}y!s zM%hYnH(p^PUT#|uG}T+Ar&--k@oA&EaNZ4`0;iLa*fHp zYAy@IHbdWkAY20y*LU9{RwoBNUQEB2!3<~P+df1WBzeRxlt?Hi`Xm@he+YL8|CGr< z9@;f>UmaY9dog$rTzOBi%5OaAQA}SvFW9Gy zqakCN?hDv-SJW^ZIq6-ZGK-H+qZaE-q~xdiuPwmWxvJLJK8)Gex^+G(sLuURT{zO& z9b5_$zpVC+5E(*NB)atnwc^aBE78HO)3V;K7oi@5o3|F~A53j(?v0iE4;Vqxdvvzq zZGa5n!_@qeQA3Iy6z3xYl4)?C%48lc9%wYb*JnMP9pbzol&@k#l{`@_1@m3Pk({c2 zGsQ}w^1bxU*=c(T{_pdVtqzll5NcmdJ1=E(tLl5ZcjGlf@i{crx$qg6(WKgv8yK0| zd+rop=AohYw?p-2tFQ)(?hk!FT@!$p_rB-e_0rpG#8C+o^O|6p;OG=EA3CEpzc_Ub z7|ReR&M@o_a01pBL25GSxm~Py1ze33Cs~dn=fL&4{o>jK)Ta`Rc&N4OQ(8g&eJV}D zb{H!EYk+7*L5z)~{&{xy42rp$b>M~Esor0iFBEY+W16cgc-&=L8$HA{qHk0@0cjIml&O;{<5d;52>uV+8~{Ff7m|Mc@; zrg*jNKNf1G+Qe|B!RGky^o@Q!w+yNu(j0%vlP=dYT(3d9=O+HkT4K+BQ=}?RK+Rln6xx#FKvT2#jI(e7+B-!0PT$?annlByj&F4D zs(DU2#6ugv%w3YL#&~N_#x)Iz!INPN7qa5#CL){T;^VB;EEz&TC~=D2)R5t-@*I1L zZ1_ospNhTthH^7nxHSf(=)1?64fK=uq}j7A#KP2U>Wb&nH=b?&XfK6mAN7rKERpj36k#=<UFxK*b|!g@5I78vi)Ipuiyh_*SotYm;fwcGsX*&F?fUsC%Grsy8(^!=P&!2 z;kDJST$WpJd)Mpyp8Z|=lC}jv_RhujKCw0O*K-bDQW>Q9O@bAl4wKv?=D0Y{`PERw+Zr)Y$yiBdD=dcldx5a=YZ} zYVZ8-4fyTfF`Tk<|>yy8q<&mi(LBrXPfEjOh(G&VH}9 zz1jL}a5nVf-h5RE{PVrjnc-jd;D6rnit+Fby^^1gg)X-PW4$Cq+S}#_)%yx*LL>6u9!OaP`ENAOGy>Z@oExb9`CZY)wL9 z)w-8XAB6wq>pA^x4S|W>wOV=q+@r?MlQNHO&oQZR{7)bLmXE(*E^EWb_m&l!dxvRQ zOVgE(9_eq>az@i}_+?Z&O^AX#*Q3zT=^=btRjG4ev|(z@!#ins6hVf>Dr%EYW7OEj zyz&iJMu`QcN<2x`~o?LtT!|lfITpVrv4ibv|(#dl~CoC*&H; zM&e5Byr^9g54W)%t~iAuU~Z&&YSbAsx~wfkh1D(YR%T26#GFROE3LzTNLc_+>M&@j z5gpouzT10P9MuV)hSqDPrVC)RrBjox1L5ilv?2K-OX45^lGg7H-7kGbX;RPL!$%Nttz>CP`MB~ltN<5$GBwJnC-;de$0WCw_;;^sBDIG;^g8_!n>{#oMx}5J-@1mVu z9<@}FSA*mop%ApD`A~Fc6hU+G$&Sx?#kIORe5tK%^Hzk+;%#S7Hrw@4KnZtXXQ$Ai497aOYKTm zS=gNQ3!K=OJ*JT0@|)p8{z3_}E-(Dlqw@U>95DkK#=MWbU^{2hkB9B&6wePgcUUhWeS7&F8iS0_jQh> zL}QCK$u#Hd9--X3UH1?gddoKP2m5M#u_fZ}eu~ErH5T1=R*k2g!=;D0qr9)lI;Fe5 z^$O`K2)1C2D6{G?u&b?HHuNH9rc=vbMpmF!nWJuHjv60%xg=$m_fmuJs4|9c3ukdn z#f5y7in*O1FSiG^dA;R0xU0ey+npRMzRWgbrt=sP!ep%R^_)%UV5HB`fxk41K=&8y z%<b+tnZkexgNv(W+Op+2EMtJs{hrxVV08KC);5B|9H^`6e=<8FlsP z{&#+8aaSYk*)t(@j$Glw)~+=j-3#;ud*IkJt>}!M`N6zT0u66(c*UGei)OBkc2Y%K zk1OUtK@Mf(_Yh^TSAnJ!)jF~`F!2;2P$tVKc0{|_l#}M0w*h}dvuG1%es7J%x0?