From 52e378e690a0ef1f9407e4030eea0aa6ff748a91 Mon Sep 17 00:00:00 2001 From: Guy Afik <53861351+GuyAfik@users.noreply.github.com> Date: Mon, 8 Jan 2024 14:31:56 +0200 Subject: [PATCH 1/5] [sdk-nightly] - use only sanity playbook without integrations (#31998) * [sdk-nightly] - use only sanity playbook without integrations * remove comments / update docstrings * do not collect expanse anything * add sanity_tests property to SDKCollector * pre-commit --- Tests/scripts/collect_tests/collect_tests.py | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/Tests/scripts/collect_tests/collect_tests.py b/Tests/scripts/collect_tests/collect_tests.py index 39cee1f1885a..4a3d87a095e1 100644 --- a/Tests/scripts/collect_tests/collect_tests.py +++ b/Tests/scripts/collect_tests/collect_tests.py @@ -1407,7 +1407,24 @@ def get_e2e_packs(self) -> set[str]: class SDKNightlyTestCollector(TestCollector): + @property + def sanity_tests(self) -> CollectionResult: + return CollectionResult( + test="Sanity Test - Playbook with no integration", + modeling_rule_to_test=None, + pack="HelloWorld", + reason=CollectionReason.SANITY_TESTS, + version_range=None, + reason_description='Demisto-SDK Sanity Test for test-content command', + conf=self.conf, + id_set=self.id_set, + is_sanity=True, + only_to_install=True, + ) + def _collect(self) -> CollectionResult | None: + if self.marketplace == MarketplaceVersions.XPANSE: + return None return self.sanity_tests From ad9655e0810ae57605f53bef2c16dad5b5d1e084 Mon Sep 17 00:00:00 2001 From: OmriItzhak <115150792+OmriItzhak@users.noreply.github.com> Date: Mon, 8 Jan 2024 15:25:53 +0200 Subject: [PATCH 2/5] Inputs groups playbooks improvement xsoar (#31890) * Inputs groups for xsaor playbboks * RN - Inputs groups for xsaor playbboks * RN - Inputs groups for xsaor playbboks * update png path * removed the input section incident data * fix - RN conflict * Bump pack from version CommonPlaybooks to 2.5.5. * Update Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_IAM_User_Access_Investigation.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * fix - after doc review * change inputs locations according sections * Bump pack from version CommonPlaybooks to 2.5.6. * Bump pack from version CommonPlaybooks to 2.5.7. --------- Co-authored-by: Content Bot Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> --- ...aybook-Cortex_XDR_-_Cloud_Cryptomining.yml | 175 +++++++++++------- ...-Cortex_XDR_-_Cloud_Cryptomining_README.md | 34 ++-- ..._-_Cloud_IAM_User_Access_Investigation.yml | 65 +++++-- ...ud_IAM_User_Access_Investigation_README.md | 10 +- .../ReleaseNotes/1_0_11.md | 10 + .../CloudIncidentResponse/pack_metadata.json | 2 +- ...ook-Cloud_User_Investigation_-_Generic.yml | 75 +++++++- ...oud_User_Investigation_-_Generic_README.md | 6 +- Packs/CommonPlaybooks/ReleaseNotes/2_5_7.md | 6 + Packs/CommonPlaybooks/pack_metadata.json | 2 +- .../Cortex_XDR_incident_handling_v3_6_5.yml | 119 +++++++----- ...tex_XDR_incident_handling_v3_6_5_README.md | 22 +-- ...ok-Cortex_XDR_Lite_-_Incident_Handling.yml | 137 ++++++++------ ...tex_XDR_Lite_-_Incident_Handling_README.md | 16 +- Packs/CortexXDR/ReleaseNotes/6_1_2.md | 10 + Packs/CortexXDR/pack_metadata.json | 2 +- ...tigation_and_Response_Incident_Handler.yml | 159 +++++++++------- ...on_and_Response_Incident_Handler_README.md | 36 ++-- .../ReleaseNotes/2_0_12.md | 6 + .../pack_metadata.json | 2 +- 20 files changed, 571 insertions(+), 323 deletions(-) create mode 100644 Packs/CloudIncidentResponse/ReleaseNotes/1_0_11.md create mode 100644 Packs/CommonPlaybooks/ReleaseNotes/2_5_7.md create mode 100644 Packs/CortexXDR/ReleaseNotes/6_1_2.md create mode 100644 Packs/MalwareInvestigationAndResponse/ReleaseNotes/2_0_12.md diff --git a/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_Cryptomining.yml b/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_Cryptomining.yml index 3c3a5b022dc5..3577282c2318 100644 --- a/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_Cryptomining.yml +++ b/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_Cryptomining.yml @@ -1010,19 +1010,8 @@ view: |- } } inputs: -- key: incident_id - value: {} - required: false - description: The incident ID. - playbookInputQuery: -- key: alert_id - value: {} - required: false - description: The alert ID. - playbookInputQuery: - key: SOCEmailAddress - value: - simple: + value: {} required: false description: The SOC email address to use for the alert status notification. playbookInputQuery: @@ -1032,6 +1021,16 @@ inputs: required: false description: Whether to require an analyst review after the alert remediation. playbookInputQuery: +- key: incident_id + value: {} + required: false + description: The incident ID. + playbookInputQuery: +- key: alert_id + value: {} + required: false + description: The alert ID. + playbookInputQuery: - key: cloudProvider value: complex: @@ -1040,46 +1039,36 @@ inputs: required: false description: The cloud service provider involved. playbookInputQuery: -- key: autoResourceRemediation +- key: ResolveIP value: - simple: "False" + simple: "True" required: false - description: Whether to execute the resource remediation flow automatically. + description: Determines whether to convert the IP address to a hostname using a DNS query (True/ False). playbookInputQuery: -- key: AWS-resourceRemediationType +- key: InternalRange + value: {} + required: false + description: "A list of internal IP ranges to check IP addresses against. \nFor IP Enrichment - Generic v2 playbook." + playbookInputQuery: +- key: autoBlockIndicators value: - simple: Stop + simple: "False" required: false - description: |- - Choose the remediation type for the instances created. - - AWS available types: - Stop - for stopping the instances. - Terminate - for terminating the instances. + description: Whether to block the indicators automatically. playbookInputQuery: -- key: Azure-resourceRemediationType +- key: autoAccessKeyRemediation value: - simple: Poweroff + simple: "False" required: false - description: |- - Choose the remediation type for the instances created. - - Azure available types: - Poweroff - for shutting down the instances. - Delete - for deleting the instances. + description: Whether to execute the user remediation flow automatically. playbookInputQuery: -- key: GCP-resourceRemediationType +- key: autoResourceRemediation value: - simple: Stop + simple: "False" required: false - description: |- - Choose the remediation type for the instances created. - - GCP available types: - Stop - For stopping the instances. - Delete - For deleting the instances. + description: Whether to execute the resource remediation flow automatically. playbookInputQuery: -- key: autoAccessKeyRemediation +- key: autoUserRemediation value: simple: "False" required: false @@ -1096,22 +1085,16 @@ inputs: Disable - for disabling the user's access key. Delete - for the user's access key deletion. playbookInputQuery: -- key: GCP-accessKeyRemediationType +- key: AWS-resourceRemediationType value: - simple: Disable + simple: Stop required: false description: |- - Choose the remediation type for the user's access key. + Choose the remediation type for the instances created. - GCP available types: - Disable - For disabling the user's access key. - Delete - For the deleting user's access key. - playbookInputQuery: -- key: autoUserRemediation - value: - simple: "False" - required: false - description: Whether to execute the user remediation flow automatically. + AWS available types: + Stop - for stopping the instances. + Terminate - for terminating the instances. playbookInputQuery: - key: AWS-userRemediationType value: @@ -1124,6 +1107,17 @@ inputs: Delete - for the user deletion. Revoke - for revoking the user's credentials. playbookInputQuery: +- key: Azure-resourceRemediationType + value: + simple: Poweroff + required: false + description: |- + Choose the remediation type for the instances created. + + Azure available types: + Poweroff - for shutting down the instances. + Delete - for deleting the instances. + playbookInputQuery: - key: Azure-userRemediationType value: simple: Disable @@ -1135,34 +1129,81 @@ inputs: Disable - for disabling the user. Delete - for deleting the user. playbookInputQuery: -- key: GCP-userRemediationType +- key: GCP-accessKeyRemediationType value: simple: Disable required: false description: |- - Choose the remediation type for the user involved. + Choose the remediation type for the user's access key. GCP available types: - Delete - For deleting the user. - Disable - For disabling the user. + Disable - For disabling the user's access key. + Delete - For the deleting user's access key. playbookInputQuery: -- key: autoBlockIndicators +- key: GCP-resourceRemediationType value: - simple: "False" - required: false - description: Whether to block the indicators automatically. - playbookInputQuery: -- key: InternalRange - value: {} + simple: Stop required: false - description: "A list of internal IP ranges to check IP addresses against. \nFor IP Enrichment - Generic v2 playbook." + description: |- + Choose the remediation type for the instances created. + + GCP available types: + Stop - For stopping the instances. + Delete - For deleting the instances. playbookInputQuery: -- key: ResolveIP +- key: GCP-userRemediationType value: - simple: "True" + simple: Disable required: false - description: Determines whether to convert the IP address to a hostname using a DNS query (True/ False). + description: |- + Choose the remediation type for the user involved. + + GCP available types: + Delete - For deleting the user. + Disable - For disabling the user. playbookInputQuery: +inputSections: +- inputs: + - SOCEmailAddress + - requireAnalystReview + - incident_id + - alert_id + - cloudProvider + name: Incident Management + description: Incident management settings and data, including escalation processes, user engagements, and ticketing methods. +- inputs: + - ResolveIP + - InternalRange + name: Enrichment + description: Enrichment settings and data, including assets and indicators enrichment using third-party enrichers. +- inputs: + - autoBlockIndicators + - autoAccessKeyRemediation + - autoResourceRemediation + - autoUserRemediation + name: Remediation + description: Remediation settings and data, including containment, eradication, and recovery. +- inputs: + - AWS-accessKeyRemediationType + - AWS-resourceRemediationType + - AWS-userRemediationType + name: AWS Remediation + description: AWS Remediation settings and data, including containment, eradication, and recovery. +- inputs: + - Azure-resourceRemediationType + - Azure-userRemediationType + name: Azure Remediation + description: Azure Remediation settings and data, including containment, eradication, and recovery. +- inputs: + - GCP-accessKeyRemediationType + - GCP-resourceRemediationType + - GCP-userRemediationType + name: GCP Remediation + description: GCP Remediation settings and data, including containment, eradication, and recovery. +outputSections: +- outputs: [] + name: General (Outputs group) + description: Generic group for outputs outputs: [] tests: - No tests (auto formatted) diff --git a/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_Cryptomining_README.md b/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_Cryptomining_README.md index b498f828c96e..22e959ff7671 100644 --- a/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_Cryptomining_README.md +++ b/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_Cryptomining_README.md @@ -19,12 +19,12 @@ This playbook uses the following sub-playbooks, integrations, and scripts. ### Sub-playbooks * Cortex XDR - XCloud Cryptojacking - Set Verdict -* Cortex XDR - Cloud Enrichment * Cloud Response - Generic +* Cortex XDR - Cloud Enrichment ### Integrations -* CortexXDRIR +This playbook does not use any integrations. ### Scripts @@ -33,12 +33,12 @@ This playbook uses the following sub-playbooks, integrations, and scripts. ### Commands -* xdr-get-incident-extra-data -* setIncident -* closeInvestigation -* xdr-get-cloud-original-alerts * xdr-update-incident +* closeInvestigation +* xdr-get-incident-extra-data * send-mail +* xdr-get-cloud-original-alerts +* setIncident ## Playbook Inputs @@ -46,25 +46,25 @@ This playbook uses the following sub-playbooks, integrations, and scripts. | **Name** | **Description** | **Default Value** | **Required** | | --- | --- | --- | --- | +| SOCEmailAddress | The SOC email address to use for the alert status notification. | | Optional | +| requireAnalystReview | Whether to require an analyst review after the alert remediation. | True | Optional | | incident_id | The incident ID. | | Optional | | alert_id | The alert ID. | | Optional | -| SOCEmailAddress | The SOC email address to use for the alert status notification. | None | Optional | -| requireAnalystReview | Whether to require an analyst review after the alert remediation. | True | Optional | | cloudProvider | The cloud service provider involved. | PaloAltoNetworksXDR.OriginalAlert.event.cloud_provider | Optional | -| autoResourceRemediation | Whether to execute the resource remediation flow automatically. | False | Optional | -| AWS-resourceRemediationType | Choose the remediation type for the instances created.

AWS available types:
Stop - for stopping the instances.
Terminate - for terminating the instances. | Stop | Optional | -| Azure-resourceRemediationType | Choose the remediation type for the instances created.

Azure available types:
Poweroff - for shutting down the instances.
Delete - for deleting the instances. | Poweroff | Optional | -| GCP-resourceRemediationType | Choose the remediation type for the instances created.

GCP available types:
Stop - For stopping the instances.
Delete - For deleting the instances. | Stop | Optional | +| ResolveIP | Determines whether to convert the IP address to a hostname using a DNS query \(True/ False\). | True | Optional | +| InternalRange | A list of internal IP ranges to check IP addresses against.
For IP Enrichment - Generic v2 playbook. | | Optional | +| autoBlockIndicators | Whether to block the indicators automatically. | False | Optional | | autoAccessKeyRemediation | Whether to execute the user remediation flow automatically. | False | Optional | -| AWS-accessKeyRemediationType | Choose the remediation type for the user's access key.

AWS available types:
Disable - for disabling the user's access key.
Delete - for the user's access key deletion. | Disable | Optional | -| GCP-accessKeyRemediationType | Choose the remediation type for the user's access key.

GCP available types:
Disable - For disabling the user's access key.
Delete - For the deleting user's access key. | Disable | Optional | +| autoResourceRemediation | Whether to execute the resource remediation flow automatically. | False | Optional | | autoUserRemediation | Whether to execute the user remediation flow automatically. | False | Optional | +| AWS-accessKeyRemediationType | Choose the remediation type for the user's access key.

AWS available types:
Disable - for disabling the user's access key.
Delete - for the user's access key deletion. | Disable | Optional | +| AWS-resourceRemediationType | Choose the remediation type for the instances created.

AWS available types:
Stop - for stopping the instances.
Terminate - for terminating the instances. | Stop | Optional | | AWS-userRemediationType | Choose the remediation type for the user involved.

AWS available types:
Delete - for the user deletion.
Revoke - for revoking the user's credentials. | Revoke | Optional | +| Azure-resourceRemediationType | Choose the remediation type for the instances created.

Azure available types:
Poweroff - for shutting down the instances.
Delete - for deleting the instances. | Poweroff | Optional | | Azure-userRemediationType | Choose the remediation type for the user involved.

Azure available types:
Disable - for disabling the user.
Delete - for deleting the user. | Disable | Optional | +| GCP-accessKeyRemediationType | Choose the remediation type for the user's access key.

GCP available types:
Disable - For disabling the user's access key.
Delete - For the deleting user's access key. | Disable | Optional | +| GCP-resourceRemediationType | Choose the remediation type for the instances created.

GCP available types:
Stop - For stopping the instances.
Delete - For deleting the instances. | Stop | Optional | | GCP-userRemediationType | Choose the remediation type for the user involved.

GCP available types:
Delete - For deleting the user.
Disable - For disabling the user. | Disable | Optional | -| autoBlockIndicators | Whether to block the indicators automatically. | False | Optional | -| InternalRange | A list of internal IP ranges to check IP addresses against.
For IP Enrichment - Generic v2 playbook. | | Optional | -| ResolveIP | Determines whether to convert the IP address to a hostname using a DNS query \(True/ False\). | True | Optional | ## Playbook Outputs diff --git a/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_IAM_User_Access_Investigation.yml b/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_IAM_User_Access_Investigation.yml index a8b4ee4b8a3e..45b00d7dae79 100644 --- a/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_IAM_User_Access_Investigation.yml +++ b/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_IAM_User_Access_Investigation.yml @@ -741,13 +741,19 @@ inputs: required: false description: The alert ID. playbookInputQuery: +- key: autoAccessKeyRemediation + value: + simple: "False" + required: false + description: Whether to execute the user remediation flow automatically. + playbookInputQuery: - key: autoBlockIndicators value: simple: "False" required: false description: Whether to block the indicators automatically. playbookInputQuery: -- key: autoAccessKeyRemediation +- key: autoUserRemediation value: simple: "False" required: false @@ -764,23 +770,6 @@ inputs: Disable - for disabling the user's access key. Delete - for deleting the user's access key. playbookInputQuery: -- key: GCP-accessKeyRemediationType - value: - simple: Disable - required: false - description: |- - Choose the remediation type for the user's access key. - - GCP available types: - Disable - For disabling the user's access key. - Delete - For deleting the user's access key. - playbookInputQuery: -- key: autoUserRemediation - value: - simple: "False" - required: false - description: Whether to execute the user remediation flow automatically. - playbookInputQuery: - key: AWS-userRemediationType value: simple: Revoke @@ -803,6 +792,17 @@ inputs: Disable - for disabling the user. Delete - for deleting the user. playbookInputQuery: +- key: GCP-accessKeyRemediationType + value: + simple: Disable + required: false + description: |- + Choose the remediation type for the user's access key. + + GCP available types: + Disable - For disabling the user's access key. + Delete - For deleting the user's access key. + playbookInputQuery: - key: GCP-userRemediationType value: simple: Disable @@ -814,6 +814,35 @@ inputs: Delete - For deleting the user. Disable - For disabling the user. playbookInputQuery: +inputSections: +- inputs: + - alert_id + name: Incident Management + description: Incident management settings and data, including escalation processes, user engagements, and ticketing methods. +- inputs: + - autoAccessKeyRemediation + - autoBlockIndicators + - autoUserRemediation + name: Remediation + description: Remediation settings and data, including containment, eradication, and recovery. +- inputs: + - AWS-accessKeyRemediationType + - AWS-userRemediationType + name: AWS Remediation + description: AWS Remediation settings and data, including containment, eradication, and recovery. +- inputs: + - Azure-userRemediationType + name: Azure Remediation + description: Azure Remediation settings and data, including containment, eradication, and recovery. +- inputs: + - GCP-accessKeyRemediationType + - GCP-userRemediationType + name: GCP Remediation + description: GCP Remediation settings and data, including containment, eradication, and recovery. +outputSections: +- outputs: [] + name: General (Outputs group) + description: Generic group for outputs outputs: [] quiet: true tests: diff --git a/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_IAM_User_Access_Investigation_README.md b/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_IAM_User_Access_Investigation_README.md index 867070936804..9cd8ddea15ed 100644 --- a/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_IAM_User_Access_Investigation_README.md +++ b/Packs/CloudIncidentResponse/Playbooks/playbook-Cortex_XDR_-_Cloud_IAM_User_Access_Investigation_README.md @@ -12,13 +12,13 @@ This playbook uses the following sub-playbooks, integrations, and scripts. ### Sub-playbooks -* Account Enrichment - Generic v2.1 * Cloud IAM Enrichment - Generic * Cloud Response - Generic +* Account Enrichment - Generic v2.1 ### Integrations -* CortexXDRIR +This playbook does not use any integrations. ### Scripts @@ -37,13 +37,13 @@ This playbook uses the following sub-playbooks, integrations, and scripts. | **Name** | **Description** | **Default Value** | **Required** | | --- | --- | --- | --- | | alert_id | The alert ID. | | Optional | -| autoBlockIndicators | Whether to block the indicators automatically. | False | Optional | | autoAccessKeyRemediation | Whether to execute the user remediation flow automatically. | False | Optional | -| AWS-accessKeyRemediationType | Choose the remediation type for the user's access key.

AWS available types:
Disable - for disabling the user's access key.
Delete - for deleting the user's access key. | Disable | Optional | -| GCP-accessKeyRemediationType | Choose the remediation type for the user's access key.

GCP available types:
Disable - For disabling the user's access key.
Delete - For deleting the user's access key. | Disable | Optional | +| autoBlockIndicators | Whether to block the indicators automatically. | False | Optional | | autoUserRemediation | Whether to execute the user remediation flow automatically. | False | Optional | +| AWS-accessKeyRemediationType | Choose the remediation type for the user's access key.

AWS available types:
Disable - for disabling the user's access key.
Delete - for deleting the user's access key. | Disable | Optional | | AWS-userRemediationType | Choose the remediation type for the user involved.

AWS available types:
Delete - for the user deletion.
Revoke - for revoking the user's credentials. | Revoke | Optional | | Azure-userRemediationType | Choose the remediation type for the user involved.

Azure available types:
Disable - for disabling the user.
Delete - for deleting the user. | Disable | Optional | +| GCP-accessKeyRemediationType | Choose the remediation type for the user's access key.

GCP available types:
Disable - For disabling the user's access key.
Delete - For deleting the user's access key. | Disable | Optional | | GCP-userRemediationType | Choose the remediation type for the user involved.

GCP available types:
Delete - For deleting the user.
Disable - For disabling the user. | Disable | Optional | ## Playbook Outputs diff --git a/Packs/CloudIncidentResponse/ReleaseNotes/1_0_11.md b/Packs/CloudIncidentResponse/ReleaseNotes/1_0_11.md new file mode 100644 index 000000000000..32c6ff4f0e9c --- /dev/null +++ b/Packs/CloudIncidentResponse/ReleaseNotes/1_0_11.md @@ -0,0 +1,10 @@ + +#### Playbooks + +##### Cortex XDR - XCloud Cryptojacking + +Added playbook input sections to organize the inputs into related categories, which simplifies the playbook input visibility. (Available from Cortex XSOAR 8.5.0). + +##### Cortex XDR - Cloud IAM User Access Investigation + +Added playbook input sections to organize the inputs into related categories, which simplifies the playbook input visibility. (Available from Cortex XSOAR 8.5.0). \ No newline at end of file diff --git a/Packs/CloudIncidentResponse/pack_metadata.json b/Packs/CloudIncidentResponse/pack_metadata.json index a5009ba0f288..8ff44b1c8b58 100644 --- a/Packs/CloudIncidentResponse/pack_metadata.json +++ b/Packs/CloudIncidentResponse/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Cloud Incident Response", "description": "This content Pack helps you automate collection, investigation, and remediation of incidents related to cloud infrastructure activities in AWS, Azure, and GCP.", "support": "xsoar", - "currentVersion": "1.0.10", + "currentVersion": "1.0.11", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/CommonPlaybooks/Playbooks/playbook-Cloud_User_Investigation_-_Generic.yml b/Packs/CommonPlaybooks/Playbooks/playbook-Cloud_User_Investigation_-_Generic.yml index 602a41bf3bce..bb54ec4c4a6a 100644 --- a/Packs/CommonPlaybooks/Playbooks/playbook-Cloud_User_Investigation_-_Generic.yml +++ b/Packs/CommonPlaybooks/Playbooks/playbook-Cloud_User_Investigation_-_Generic.yml @@ -489,6 +489,11 @@ inputs: required: false description: The username to investigate. playbookInputQuery: +- key: cloudProvider + value: {} + required: false + description: The cloud service provider involved. + playbookInputQuery: - key: AzureSearchTime value: simple: ago(1d) @@ -513,22 +518,78 @@ inputs: required: false description: "The Search Time for the `GetTime` task used by the Aws Cloud Trail search query. \nThis value represents the number of days to include in the search.\nDefault value: 1. (1 Day)" playbookInputQuery: -- key: GcpProjectName - value: {} - required: false - description: The GCP project name. This is a mandatory field for GCP queries. - playbookInputQuery: - key: GcpTimeSearchFrom value: simple: "1" required: false description: "The Search Time for the `GetTime` task used by the GCP Logging search query. \nThis value represents the number of days to include in the search.\nDefault value: 1. (1 Day)" playbookInputQuery: -- key: cloudProvider +- key: GcpProjectName value: {} required: false - description: The cloud service provider involved. + description: The GCP project name. This is a mandatory field for GCP queries. playbookInputQuery: +inputSections: +- inputs: + - Username + - cloudProvider + name: Incident Management + description: Incident management settings and data, including escalation processes, user engagements, and ticketing methods. +- inputs: + - AzureSearchTime + - failedLogonThreshold + - MfaAttemptThreshold + name: Azure Investigation + description: Azure Investigation settings and data, including any deep dive incident investigation and verdict determination. +- inputs: + - AwsTimeSearchFrom + name: AWS Investigation + description: AWS Investigation settings and data, including any deep dive incident investigation and verdict determination. +- inputs: + - GcpTimeSearchFrom + - GcpProjectName + name: GCP Investigation + description: GCP Investigation settings and data, including any deep dive incident investigation and verdict determination. +outputSections: +- outputs: + - AwsMFAConfigCount + - AwsUserRoleChangesCount + - AwsSuspiciousActivitiesCount + - AwsScriptBasedUserAgentCount + - AwsAccessKeyActivitiesCount + - AwsSecurityChangesCount + - AwsAdminActivitiesCount + - AwsApiAccessDeniedCount + - AwsFailedLogonCount + - GcpAnomalousNetworkTraffic + - GcpSuspiciousApiUsage + - GcpFailLogonCount + - GsuiteFailLogonCount + - GsuiteUnusualLoginAllowedCount + - GsuiteUnusualLoginBlockedCount + - GsuiteSuspiciousLoginCount + - GsuiteUserPasswordLeaked + - AzureScriptBasedUserAgentEvents + - AzureAdminActivitiesEvents + - AzureSecurityRulesChangeEvents + - AzureUnsuccessSecurityRulesChangeEvents + - AzureFailLoginCount + - AzureFailLoginMFACount + - AzureAnomaliesEvents + - AzureRiskyUserCount + - AzureUncommonCountryLogonEvents + - AzureUncommonVolumeEvents + - AzureUncommonActivitiesEvents + - CountAzureEvents.AzureScriptBasedUserAgentCount + - CountAzureEvents.AzureAdminActivitiesCount + - CountAzureEvents.AzureSecurityRulesChangeCount + - CountAzureEvents.AzureUnsuccessSecurityRulesChangeCount + - CountAzureEvents.AzureAnomaliesCount + - CountAzureEvents.AzureUncommonCountryLogonCount + - CountAzureEvents.AzureUncommonVolumeCount + - CountAzureEvents.AzureUncommonActivitiesCount + name: General (Outputs group) + description: Generic group for outputs outputs: - contextPath: AwsMFAConfigCount description: The number of MFA configurations performed by the user in the AWS environment. diff --git a/Packs/CommonPlaybooks/Playbooks/playbook-Cloud_User_Investigation_-_Generic_README.md b/Packs/CommonPlaybooks/Playbooks/playbook-Cloud_User_Investigation_-_Generic_README.md index a1582c24e7c4..6b6c110ddc23 100644 --- a/Packs/CommonPlaybooks/Playbooks/playbook-Cloud_User_Investigation_-_Generic_README.md +++ b/Packs/CommonPlaybooks/Playbooks/playbook-Cloud_User_Investigation_-_Generic_README.md @@ -7,9 +7,9 @@ This playbook uses the following sub-playbooks, integrations, and scripts. ### Sub-playbooks -* AWS - User Investigation * Azure - User Investigation * GCP - User Investigation +* AWS - User Investigation ### Integrations @@ -30,13 +30,13 @@ This playbook does not use any commands. | **Name** | **Description** | **Default Value** | **Required** | | --- | --- | --- | --- | | Username | The username to investigate. | | Optional | +| cloudProvider | The cloud service provider involved. | | Optional | | AzureSearchTime | The Search Time for the Azure Log Analytics search query. Default value: ago\(1d\) | ago(1d) | Optional | | failedLogonThreshold | The threshold number of failed logons by the user. Required to determine how many failed logon events count as suspicious events. | 20 | Optional | | MfaAttemptThreshold | The threshold number of MFA failed logon by the user. Required to determine how many MFA failed logon events count as suspicious events. | 10 | Optional | | AwsTimeSearchFrom | The Search Time for the \`GetTime\` task used by the Aws Cloud Trail search query.
This value represents the number of days to include in the search.
Default value: 1. \(1 Day\) | 1 | Optional | -| GcpProjectName | The GCP project name. This is a mandatory field for GCP queries. | | Optional | | GcpTimeSearchFrom | The Search Time for the \`GetTime\` task used by the GCP Logging search query.
This value represents the number of days to include in the search.
Default value: 1. \(1 Day\) | 1 | Optional | -| cloudProvider | The cloud service provider involved. | | Optional | +| GcpProjectName | The GCP project name. This is a mandatory field for GCP queries. | | Optional | ## Playbook Outputs diff --git a/Packs/CommonPlaybooks/ReleaseNotes/2_5_7.md b/Packs/CommonPlaybooks/ReleaseNotes/2_5_7.md new file mode 100644 index 000000000000..8583fa3b19b2 --- /dev/null +++ b/Packs/CommonPlaybooks/ReleaseNotes/2_5_7.md @@ -0,0 +1,6 @@ + +#### Playbooks + +##### Cloud User Investigation - Generic + +Added playbook input sections to organize the inputs into related categories, which simplifies the playbook input visibility. (Available from Cortex XSOAR 8.5.0 and Cortex XSIAM 2.0). \ No newline at end of file diff --git a/Packs/CommonPlaybooks/pack_metadata.json b/Packs/CommonPlaybooks/pack_metadata.json index af6d1f811cdf..4706ce8ef7da 100644 --- a/Packs/CommonPlaybooks/pack_metadata.json +++ b/Packs/CommonPlaybooks/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Common Playbooks", "description": "Frequently used playbooks pack.", "support": "xsoar", - "currentVersion": "2.5.6", + "currentVersion": "2.5.7", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/CortexXDR/Playbooks/Cortex_XDR_incident_handling_v3_6_5.yml b/Packs/CortexXDR/Playbooks/Cortex_XDR_incident_handling_v3_6_5.yml index 16b28eada7ef..89322d9bd8d8 100644 --- a/Packs/CortexXDR/Playbooks/Cortex_XDR_incident_handling_v3_6_5.yml +++ b/Packs/CortexXDR/Playbooks/Cortex_XDR_incident_handling_v3_6_5.yml @@ -1995,6 +1995,30 @@ view: |- } } inputs: +- key: LinkSimilarIncidents + value: + simple: "Yes" + required: false + description: This input indicates whether the playbook will link similar incidents. To link similar incidents, specify Yes/No. + playbookInputQuery: +- key: CriticalUsernames + value: + simple: admin,administrator + required: false + description: |- + A comma-separated list of names of critical users in the organization. + This will affect the calculated severity of the incident. + playbookInputQuery: +- key: CriticalHostnames + value: {} + required: false + description: A comma-separated list of names of critical endpoints in the organization. This will affect the calculated severity of the incident. + playbookInputQuery: +- key: CriticalADGroups + value: {} + required: false + description: A comma-separated list of DN names of critical Active Directory groups. This will affect the severity calculated for this incident. + playbookInputQuery: - key: incident_id value: complex: @@ -2003,17 +2027,22 @@ inputs: required: false description: Incident ID. playbookInputQuery: -- key: LinkSimilarIncidents - value: - simple: "Yes" - required: false - description: This input indicates whether the playbook will link similar incidents. To link similar incidents, specify Yes/No. - playbookInputQuery: -- key: Hunting +- key: XDRDomain value: - simple: "Yes" + complex: + root: incident + accessor: xdrurl + transformers: + - operator: Cut + args: + delimiter: + value: + simple: / + fields: + value: + simple: "3" required: false - description: This input indicates whether the playbook will hunt for related IOCs. Specify Yes/No. + description: XDR instance domain playbookInputQuery: - key: InternalRange value: @@ -2034,33 +2063,21 @@ inputs: required: false description: "A comma-separated list of internal IP ranges to check IP addresses against. The list should be provided in CIDR notation. An example of a list \n\"172.16.0.0/12,10.0.0.0/8,192.168.0.0/16\" (without quotes). \nIf a list is not provided, will use the default list provided in the IsIPInRanges." playbookInputQuery: -- key: CriticalUsernames - value: - simple: admin,administrator - required: false - description: |- - A comma-separated list of names of critical users in the organization. - This will affect the calculated severity of the incident. - playbookInputQuery: -- key: CriticalHostnames - value: {} - required: false - description: A comma-separated list of names of critical endpoints in the organization. This will affect the calculated severity of the incident. - playbookInputQuery: -- key: CriticalADGroups +- key: InternalDomainName value: {} required: false - description: A comma-separated list of DN names of critical Active Directory groups. This will affect the severity calculated for this incident. + description: The organizations internal domain name. This is provided for the IsInternalHostName script that checks if the detected host names are internal or external if the hosts contain the internal domains suffix. For example, paloaltonetworks.com. If there is more than one domain, use the | character to separate values such as (paloaltonetworks.com|test.com). playbookInputQuery: - key: InternalHostRegex value: {} required: false description: This is provided for the IsInternalHostName script that checks if the detected host names are internal or external if the hosts match the organization's naming convention. For example, the host testpc1 will have the following regex \w{6}\d{1}. playbookInputQuery: -- key: InternalDomainName - value: {} +- key: Hunting + value: + simple: "Yes" required: false - description: The organizations internal domain name. This is provided for the IsInternalHostName script that checks if the detected host names are internal or external if the hosts contain the internal domains suffix. For example, paloaltonetworks.com. If there is more than one domain, use the | character to separate values such as (paloaltonetworks.com|test.com). + description: This input indicates whether the playbook will hunt for related IOCs. Specify Yes/No. playbookInputQuery: - key: TimeStamp value: @@ -2074,23 +2091,6 @@ inputs: required: false description: Whether remediation will be run automatically or manually. If set to "True" - remediation will be automatic. playbookInputQuery: -- key: XDRDomain - value: - complex: - root: incident - accessor: xdrurl - transformers: - - operator: Cut - args: - delimiter: - value: - simple: / - fields: - value: - simple: "3" - required: false - description: XDR instance domain - playbookInputQuery: - key: AutoBlockIndicators value: simple: "True" @@ -2108,6 +2108,37 @@ inputs: required: false description: "Possible values: True/False.\nWhether to provide user verification for blocking IPs. \n\nFalse - No prompt will be displayed to the user.\nTrue - The server will ask the user for blocking verification and will display the blocking list." playbookInputQuery: +inputSections: +- inputs: + - LinkSimilarIncidents + - CriticalUsernames + - CriticalHostnames + - CriticalADGroups + - incident_id + - XDRDomain + name: Incident Management + description: Incident management settings and data, including escalation processes, user engagements and ticketing methods +- inputs: + - InternalRange + - InternalDomainName + - InternalHostRegex + name: Enrichment + description: Enrichment settings and data, including assets and indicators enrichment using third-party enrichers. +- inputs: + - Hunting + - TimeStamp + name: Investigation + description: Investigation settings and data, including any deep dive incident investigation and verdict determination. +- inputs: + - AutoRemediation + - AutoBlockIndicators + - UserVerification + name: Remediation + description: Remediation settings and data, including containment, eradication, and recovery. +outputSections: +- outputs: [] + name: General (Outputs group) + description: Generic group for outputs outputs: [] tests: - Test XDR Playbook diff --git a/Packs/CortexXDR/Playbooks/Cortex_XDR_incident_handling_v3_6_5_README.md b/Packs/CortexXDR/Playbooks/Cortex_XDR_incident_handling_v3_6_5_README.md index cd9bdfe330f2..3c8b97ebbe7b 100644 --- a/Packs/CortexXDR/Playbooks/Cortex_XDR_incident_handling_v3_6_5_README.md +++ b/Packs/CortexXDR/Playbooks/Cortex_XDR_incident_handling_v3_6_5_README.md @@ -10,31 +10,31 @@ This playbook uses the following sub-playbooks, integrations, and scripts. ### Sub-playbooks -* Cortex XDR device control violations * Calculate Severity - Generic v2 * Cortex XDR - Display Risky Assets -* Block Indicators - Generic v3 +* Palo Alto Networks - Hunting And Threat Detection * Cortex XDR Alerts Handling v2 * Entity Enrichment - Generic v3 -* Palo Alto Networks - Hunting And Threat Detection +* Cortex XDR device control violations +* Block Indicators - Generic v3 ### Integrations -* Cortex XDR - IR * CortexXDRIR +* Cortex XDR - IR ### Scripts +* Set * DBotFindSimilarIncidents * SetGridField -* Set ### Commands +* closeInvestigation * xdr-get-incident-extra-data * linkIncidents * xdr-update-incident -* closeInvestigation ## Playbook Inputs @@ -42,18 +42,18 @@ This playbook uses the following sub-playbooks, integrations, and scripts. | **Name** | **Description** | **Default Value** | **Required** | | --- | --- | --- | --- | -| incident_id | Incident ID. | incident.xdrincidentid | Optional | | LinkSimilarIncidents | This input indicates whether the playbook will link similar incidents. To link similar incidents, specify Yes/No. | Yes | Optional | -| Hunting | This input indicates whether the playbook will hunt for related IOCs. Specify Yes/No. | Yes | Optional | -| InternalRange | A comma-separated list of internal IP ranges to check IP addresses against. The list should be provided in CIDR notation. An example of a list
"172.16.0.0/12,10.0.0.0/8,192.168.0.0/16" \(without quotes\).
If a list is not provided, will use the default list provided in the IsIPInRanges. | | Optional | | CriticalUsernames | A comma-separated list of names of critical users in the organization.
This will affect the calculated severity of the incident. | admin,administrator | Optional | | CriticalHostnames | A comma-separated list of names of critical endpoints in the organization. This will affect the calculated severity of the incident. | | Optional | | CriticalADGroups | A comma-separated list of DN names of critical Active Directory groups. This will affect the severity calculated for this incident. | | Optional | -| InternalHostRegex | This is provided for the IsInternalHostName script that checks if the detected host names are internal or external if the hosts match the organization's naming convention. For example, the host testpc1 will have the following regex \\w\{6\}\\d\{1\}. | | Optional | +| incident_id | Incident ID. | incident.xdrincidentid | Optional | +| XDRDomain | XDR instance domain | incident.xdrurl | Optional | +| InternalRange | A comma-separated list of internal IP ranges to check IP addresses against. The list should be provided in CIDR notation. An example of a list
"172.16.0.0/12,10.0.0.0/8,192.168.0.0/16" \(without quotes\).
If a list is not provided, will use the default list provided in the IsIPInRanges. | lists.PrivateIPs | Optional | | InternalDomainName | The organizations internal domain name. This is provided for the IsInternalHostName script that checks if the detected host names are internal or external if the hosts contain the internal domains suffix. For example, paloaltonetworks.com. If there is more than one domain, use the \| character to separate values such as \(paloaltonetworks.com\|test.com\). | | Optional | +| InternalHostRegex | This is provided for the IsInternalHostName script that checks if the detected host names are internal or external if the hosts match the organization's naming convention. For example, the host testpc1 will have the following regex \\w\{6\}\\d\{1\}. | | Optional | +| Hunting | This input indicates whether the playbook will hunt for related IOCs. Specify Yes/No. | Yes | Optional | | TimeStamp | Timestamp in relative date format for query device control events from Cortex XDR. | 10 days | Optional | | AutoRemediation | Whether remediation will be run automatically or manually. If set to "True" - remediation will be automatic. | False | Optional | -| XDRDomain | XDR instance domain | incident.xdrurl | Optional | | AutoBlockIndicators | Possible values: True/False. Default: True.
Should the given indicators be automatically blocked, or should the user be given the option to choose?

If set to False - no prompt will appear, and all provided indicators will be blocked automatically.
If set to True - the user will be prompted to select which indicators to block. | True | Optional | | UserVerification | Possible values: True/False.
Whether to provide user verification for blocking IPs.

False - No prompt will be displayed to the user.
True - The server will ask the user for blocking verification and will display the blocking list. | False | Optional | diff --git a/Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_Lite_-_Incident_Handling.yml b/Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_Lite_-_Incident_Handling.yml index 9b1d495ab045..9741a052f019 100644 --- a/Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_Lite_-_Incident_Handling.yml +++ b/Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_Lite_-_Incident_Handling.yml @@ -2070,6 +2070,25 @@ view: |- } } inputs: +- key: Username + value: + complex: + root: PaloAltoNetworksXDR.Incident.alerts.user_name + filters: + - - operator: notContainsString + left: + value: + simple: PaloAltoNetworksXDR.Incident.alerts.user_name + iscontext: true + right: + value: + simple: ',' + ignorecase: true + transformers: + - operator: uniq + required: false + description: Username. + playbookInputQuery: - key: incident_id value: complex: @@ -2078,50 +2097,59 @@ inputs: required: false description: Incident ID. playbookInputQuery: -- key: EndpointID +- key: Hostname value: complex: root: PaloAltoNetworksXDR.Incident.alerts - accessor: endpoint_id + accessor: host_name transformers: - operator: uniq required: false - description: XDR endpoint ID. + description: Hostname. playbookInputQuery: -- key: Hostname +- key: EndpointID value: complex: root: PaloAltoNetworksXDR.Incident.alerts - accessor: host_name + accessor: endpoint_id transformers: - operator: uniq required: false - description: Hostname. + description: XDR endpoint ID. playbookInputQuery: -- key: Username +- key: XDRDomain value: complex: - root: PaloAltoNetworksXDR.Incident.alerts.user_name - filters: - - - operator: notContainsString - left: + root: incident + accessor: xdrurl + transformers: + - operator: Cut + args: + delimiter: value: - simple: PaloAltoNetworksXDR.Incident.alerts.user_name - iscontext: true - right: + simple: / + fields: value: - simple: ',' - ignorecase: true - transformers: - - operator: uniq + simple: "3" required: false - description: Username. + description: XDR instance domain. playbookInputQuery: -- key: AutoIsolateEndpoint +- key: InternalRange value: - simple: "False" + simple: 172.16.0.0/12,10.0.0.0/8,192.168.0.0/16 required: false - description: Whether to isolate the endpoint automatically. + description: |- + This input is used in the "Entity Enrichment - Generic v3" playbook. + A list of internal IP ranges to check IP addresses against. The list should be provided in CIDR notation, separated by commas. An example of a list of ranges is: "172.16.0.0/12,10.0.0.0/8,192.168.0.0/16" (without quotes). If a list is not provided, uses the default list provided in the IsIPInRanges script (the known IPv4 private address ranges). + playbookInputQuery: +- key: XDRRelatedAlertsThreshold + value: + simple: "5" + required: false + description: |- + This is the minimum threshold for XDR-related alerts of medium severity or higher, based on MITRE tactics used to identify malicious activity on the endpoint and by the user. + Example: If this input is set to '5' and it detects '6' XDR-related alerts, it will classify this check as indicating malicious activity. + The default value is '5'. playbookInputQuery: - key: AutoBlockIndicators value: @@ -2134,46 +2162,45 @@ inputs: If set to False - no prompt will appear, and all provided indicators will be blocked automatically. If set to True - the user will be prompted to select which indicators to block. playbookInputQuery: -- key: UserVerification +- key: AutoIsolateEndpoint value: simple: "False" required: false - description: "Possible values: True/False. Default: False.\nWhether to provide user verification for blocking IPs. \n\nFalse - No prompt will be displayed to the user.\nTrue - The server will ask the user for blocking verification and will display the blocking list." - playbookInputQuery: -- key: XDRRelatedAlertsThreshold - value: - simple: "5" - required: false - description: |- - This is the minimum threshold for XDR-related alerts of medium severity or higher, based on MITRE tactics used to identify malicious activity on the endpoint and by the user. - Example: If this input is set to '5' and it detects '6' XDR-related alerts, it will classify this check as indicating malicious activity. - The default value is '5'. - playbookInputQuery: -- key: InternalRange - value: - simple: "172.16.0.0/12,10.0.0.0/8,192.168.0.0/16" - required: false - description: |- - This input is used in the "Entity Enrichment - Generic v3" playbook. - A list of internal IP ranges to check IP addresses against. The list should be provided in CIDR notation, separated by commas. An example of a list of ranges is: "172.16.0.0/12,10.0.0.0/8,192.168.0.0/16" (without quotes). If a list is not provided, uses the default list provided in the IsIPInRanges script (the known IPv4 private address ranges). + description: Whether to isolate the endpoint automatically. playbookInputQuery: -- key: XDRDomain +- key: UserVerification value: - complex: - root: incident - accessor: xdrurl - transformers: - - operator: Cut - args: - delimiter: - value: - simple: / - fields: - value: - simple: "3" + simple: "False" required: false - description: XDR instance domain. + description: "Possible values: True/False. Default: False.\nWhether to provide user verification for blocking IPs. \n\nFalse - No prompt will be displayed to the user.\nTrue - The server will ask the user for blocking verification and will display the blocking list." playbookInputQuery: +inputSections: +- inputs: + - Username + - incident_id + - Hostname + - EndpointID + - XDRDomain + name: Incident Management + description: Incident management settings and data, including escalation processes, user engagements, and ticketing methods. +- inputs: + - InternalRange + name: Enrichment + description: Enrichment settings and data, including assets and indicators enrichment using third-party enrichers. +- inputs: + - XDRRelatedAlertsThreshold + name: Investigation + description: Investigation settings and data, including any deep dive incident investigation and verdict determination. +- inputs: + - AutoBlockIndicators + - AutoIsolateEndpoint + - UserVerification + name: Remediation + description: Remediation settings and data, including containment, eradication, and recovery. +outputSections: +- outputs: [] + name: General (Outputs group) + description: Generic group for outputs outputs: [] tests: - No tests (auto formatted) diff --git a/Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_Lite_-_Incident_Handling_README.md b/Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_Lite_-_Incident_Handling_README.md index 55b2f45f651b..6500ad56d63c 100644 --- a/Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_Lite_-_Incident_Handling_README.md +++ b/Packs/CortexXDR/Playbooks/playbook-Cortex_XDR_Lite_-_Incident_Handling_README.md @@ -20,10 +20,10 @@ This playbook uses the following sub-playbooks, integrations, and scripts. ### Sub-playbooks -* Cortex XDR - Isolate Endpoint * Entity Enrichment - Generic v3 * Command-Line Analysis * Block Indicators - Generic v3 +* Cortex XDR - Isolate Endpoint * Cortex XDR - Get entity alerts by MITRE tactics ### Integrations @@ -33,8 +33,8 @@ This playbook uses the following sub-playbooks, integrations, and scripts. ### Scripts -* Set * SetAndHandleEmpty +* Set ### Commands @@ -47,16 +47,16 @@ This playbook uses the following sub-playbooks, integrations, and scripts. | **Name** | **Description** | **Default Value** | **Required** | | --- | --- | --- | --- | +| Username | Username. | PaloAltoNetworksXDR.Incident.alerts.user_name | Optional | | incident_id | Incident ID. | incident.xdrincidentid | Optional | -| EndpointID | XDR endpoint ID. | PaloAltoNetworksXDR.Incident.alerts.endpoint_id | Optional | | Hostname | Hostname. | PaloAltoNetworksXDR.Incident.alerts.host_name | Optional | -| Username | Username. | PaloAltoNetworksXDR.Incident.alerts.user_name | Optional | -| AutoIsolateEndpoint | Whether to isolate the endpoint automatically. | False | Optional | +| EndpointID | XDR endpoint ID. | PaloAltoNetworksXDR.Incident.alerts.endpoint_id | Optional | +| XDRDomain | XDR instance domain. | incident.xdrurl | Optional | +| InternalRange | This input is used in the "Entity Enrichment - Generic v3" playbook.
A list of internal IP ranges to check IP addresses against. The list should be provided in CIDR notation, separated by commas. An example of a list of ranges is: "172.16.0.0/12,10.0.0.0/8,192.168.0.0/16" \(without quotes\). If a list is not provided, uses the default list provided in the IsIPInRanges script \(the known IPv4 private address ranges\). | 172.16.0.0/12,10.0.0.0/8,192.168.0.0/16 | Optional | +| XDRRelatedAlertsThreshold | This is the minimum threshold for XDR-related alerts of medium severity or higher, based on MITRE tactics used to identify malicious activity on the endpoint and by the user.
Example: If this input is set to '5' and it detects '6' XDR-related alerts, it will classify this check as indicating malicious activity.
The default value is '5'. | 5 | Optional | | AutoBlockIndicators | Possible values: True/False. Default: True.
Should the given indicators be automatically blocked, or should the user be given the option to choose?

If set to False - no prompt will appear, and all provided indicators will be blocked automatically.
If set to True - the user will be prompted to select which indicators to block. | False | Optional | +| AutoIsolateEndpoint | Whether to isolate the endpoint automatically. | False | Optional | | UserVerification | Possible values: True/False. Default: False.
Whether to provide user verification for blocking IPs.

False - No prompt will be displayed to the user.
True - The server will ask the user for blocking verification and will display the blocking list. | False | Optional | -| XDRRelatedAlertsThreshold | This is the minimum threshold for XDR-related alerts of medium severity or higher, based on MITRE tactics used to identify malicious activity on the endpoint and by the user.
Example: If this input is set to '5' and it detects '6' XDR-related alerts, it will classify this check as indicating malicious activity.
The default value is '5'. | 5 | Optional | -| InternalRange | This input is used in the "Entity Enrichment - Generic v3" playbook.
A list of internal IP ranges to check IP addresses against. The list should be provided in CIDR notation, separated by commas. An example of a list of ranges is: "172.16.0.0/12,10.0.0.0/8,192.168.0.0/16" \(without quotes\). If a list is not provided, uses the default list provided in the IsIPInRanges script \(the known IPv4 private address ranges\). | 172.16.0.0/12,10.0.0.0/8,192.168.0.0/16 | Optional | -| XDRDomain | XDR instance domain. | incident.xdrurl | Optional | ## Playbook Outputs diff --git a/Packs/CortexXDR/ReleaseNotes/6_1_2.md b/Packs/CortexXDR/ReleaseNotes/6_1_2.md new file mode 100644 index 000000000000..2e24394332b3 --- /dev/null +++ b/Packs/CortexXDR/ReleaseNotes/6_1_2.md @@ -0,0 +1,10 @@ + +#### Playbooks + +##### Cortex XDR incident handling v3 + +Added playbook input sections to organize the inputs into related categories, which simplifies the playbook input visibility. (Available from Cortex XSOAR 8.5.0). + +##### Cortex XDR Lite - Incident Handling + +Added playbook input sections to organize the inputs into related categories, which simplifies the playbook input visibility. (Available from Cortex XSOAR 8.5.0). diff --git a/Packs/CortexXDR/pack_metadata.json b/Packs/CortexXDR/pack_metadata.json index 957daa92bd7f..518c89cdfbe6 100644 --- a/Packs/CortexXDR/pack_metadata.json +++ b/Packs/CortexXDR/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Cortex XDR by Palo Alto Networks", "description": "Automates Cortex XDR incident response, and includes custom Cortex XDR incident views and layouts to aid analyst investigations.", "support": "xsoar", - "currentVersion": "6.1.1", + "currentVersion": "6.1.2", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "", diff --git a/Packs/MalwareInvestigationAndResponse/Playbooks/playbook-Malware_Investigation_and_Response_Incident_Handler.yml b/Packs/MalwareInvestigationAndResponse/Playbooks/playbook-Malware_Investigation_and_Response_Incident_Handler.yml index 7cb38b0ffc6c..ce81bb76df63 100644 --- a/Packs/MalwareInvestigationAndResponse/Playbooks/playbook-Malware_Investigation_and_Response_Incident_Handler.yml +++ b/Packs/MalwareInvestigationAndResponse/Playbooks/playbook-Malware_Investigation_and_Response_Incident_Handler.yml @@ -858,62 +858,63 @@ view: |- } } inputs: -- key: RetrieveFile - value: - simple: 'True' - required: false - description: "Whether file retrieval from the endpoint is allowed." - playbookInputQuery: -- key: DetonateFile +- key: OnCall value: - simple: 'True' + simple: "False" required: false description: |- - Whether file detonation is allowed on the sandbox. + Define whether to assign OnCall to this flow. + Possible values: True/False. + Leave it empty if you do want not to assign an analyst to the incident. playbookInputQuery: - key: EnableDeduplication value: - simple: 'False' - required: false - description: |- - Whether the deduplication playbook will be used. - playbookInputQuery: -- key: TicketingSystemToUse - value: {} + simple: "False" required: false - description: The name of the ticketing system to use, for example Jira or ServiceNow. + description: Whether the deduplication playbook will be used. playbookInputQuery: -- key: MaliciousTagName +- key: DedupLimit value: - simple: Bad_Indicator + simple: "200" required: false - description: The tag to assign for indicators to block. + description: The maximum number of incidents to query and set to context data. playbookInputQuery: -- key: AutoIsolation +- key: DedupCloseSimilar value: - simple: 'False' + simple: "0.9" required: false description: |- - Whether host isolation is allowed. + "Defines the threshold of similarity to close a similar incident. All similar incidents with similarity above this value will be closed. + For example, if CloseSimilar is set to .8 and an incident has a similarity score of .9, the incident will be closed. + The value should be between 0 and 1 [0=low similarity , 1=identical]." playbookInputQuery: -- key: AutoUnisolation +- key: DedupHandleSimilar value: - simple: 'False' + simple: Link required: false - description: |- - Whether automatic un-isolation is allowed. + description: "\"This input defines how to handle Similar incidents. \nYou may choose between: \"\"Link\"\", \"\"Close\"\", \"\"Link and Close\"\".\nNote: that closing incidents will require you to define \"\"CloseSimilar\"\" input as well.\nAlso, note that the closer will apply on at least one of the options (indicators or fields) which will match the \"\"closer percentage\"\" criteria.\nDefault: Link \"" playbookInputQuery: -- key: BenignTagName +- key: SIEMEDRProductToUse + value: {} + required: false + description: 'For EDR alerts routed through a SIEM, provide the supported originating EDR. Possible values: CrowdStrike, XDR, or Microsoft Defender.' + playbookInputQuery: +- key: EnableClosureSteps value: - simple: Good_Indicator + simple: "True" required: false - description: The name of the tag to apply for allowed indicators. + description: When closing an incident, whether to use closure steps to close automatically. playbookInputQuery: -- key: SIEMincidentFieldForType +- key: TicketProjectName + value: {} + required: false + description: For ticketing systems such as Jira a project name is required. + playbookInputQuery: +- key: OverrideSIEMSeverity value: - simple: ${incident.externalcategoryname} + simple: "False" required: false - description: The name of the field that specifies the type of the alert. For example in CrowdStrike this field specifies a detection or incident. + description: Whether to set the severity according to the ScaleToSetSeverity and SeverityValuesMapping settings (True) or keep the original severity as mapped by the SIEM (False). playbookInputQuery: - key: SIEMincidentFieldForID value: @@ -921,66 +922,92 @@ inputs: required: false description: The name of the field that provides the external ID of the alert or incident in the EDR. playbookInputQuery: -- key: OverrideSIEMSeverity +- key: SIEMincidentFieldForType value: - simple: 'False' + simple: ${incident.externalcategoryname} required: false - description: "Whether to set the severity according to the ScaleToSetSeverity and SeverityValuesMapping settings (True) or keep the original severity as mapped by the SIEM (False)." + description: The name of the field that specifies the type of the alert. For example in CrowdStrike this field specifies a detection or incident. playbookInputQuery: -- key: TicketProjectName +- key: TicketingSystemToUse value: {} required: false - description: For ticketing systems such as Jira a project name is required. + description: The name of the ticketing system to use, for example Jira or ServiceNow. playbookInputQuery: -- key: EnableClosureSteps +- key: AdvancedHunting value: - simple: 'True' + simple: "True" required: false - description: |- - When closing an incident, whether to use closure steps to close automatically. + description: 'Choose True to run Advance Hunting queries through your relevant integrations. Note: It may take some time.' playbookInputQuery: -- key: AdvancedHunting +- key: BenignTagName value: - simple: 'True' + simple: Good_Indicator required: false - description: "Choose True to run Advance Hunting queries through your relevant integrations. Note: It may take some time." + description: The name of the tag to apply for allowed indicators. playbookInputQuery: -- key: DedupHandleSimilar +- key: MaliciousTagName value: - simple: Link + simple: Bad_Indicator required: false - description: "\"This input defines how to handle Similar incidents. \nYou may choose between: \"\"Link\"\", \"\"Close\"\", \"\"Link and Close\"\".\nNote: that closing incidents will require you to define \"\"CloseSimilar\"\" input as well.\nAlso, note that the closer will apply on at least one of the options (indicators or fields) which will match the \"\"closer percentage\"\" criteria.\nDefault: Link \"" + description: The tag to assign for indicators to block. playbookInputQuery: -- key: DedupCloseSimilar +- key: RetrieveFile value: - simple: '0.9' + simple: "True" required: false - description: |- - "Defines the threshold of similarity to close a similar incident. All similar incidents with similarity above this value will be closed. - For example, if CloseSimilar is set to .8 and an incident has a similarity score of .9, the incident will be closed. - The value should be between 0 and 1 [0=low similarity , 1=identical]." + description: Whether file retrieval from the endpoint is allowed. playbookInputQuery: -- key: DedupLimit +- key: DetonateFile value: - simple: '200' + simple: "True" required: false - description: |- - The maximum number of incidents to query and set to context data. + description: Whether file detonation is allowed on the sandbox. playbookInputQuery: -- key: SIEMEDRProductToUse - value: {} +- key: AutoIsolation + value: + simple: "False" required: false - description: "For EDR alerts routed through a SIEM, provide the supported originating EDR. Possible values: CrowdStrike, XDR, or Microsoft Defender." + description: Whether host isolation is allowed. playbookInputQuery: -- key: OnCall +- key: AutoUnisolation value: simple: "False" required: false - description: |- - Define whether to assign OnCall to this flow. - Possible values: True/False. - Leave it empty if you do want not to assign an analyst to the incident. + description: Whether automatic un-isolation is allowed. playbookInputQuery: +inputSections: +- inputs: + - OnCall + - EnableDeduplication + - DedupLimit + - DedupCloseSimilar + - DedupHandleSimilar + - SIEMEDRProductToUse + - EnableClosureSteps + - TicketProjectName + - OverrideSIEMSeverity + - SIEMincidentFieldForID + - SIEMincidentFieldForType + - TicketingSystemToUse + name: Incident Management + description: Incident management settings and data, including escalation processes, user engagements and ticketing methods +- inputs: + - AdvancedHunting + - BenignTagName + - MaliciousTagName + - RetrieveFile + - DetonateFile + name: Investigation + description: Investigation settings and data, including any deep dive incident investigation and verdict determination. +- inputs: + - AutoIsolation + - AutoUnisolation + name: Remediation + description: Remediation settings and data, including containment, eradication, and recovery. +outputSections: +- outputs: [] + name: General (Outputs group) + description: Generic group for outputs outputs: [] tests: - No tests (auto formatted) diff --git a/Packs/MalwareInvestigationAndResponse/Playbooks/playbook-Malware_Investigation_and_Response_Incident_Handler_README.md b/Packs/MalwareInvestigationAndResponse/Playbooks/playbook-Malware_Investigation_and_Response_Incident_Handler_README.md index edca499d23bb..b89132af3c7e 100644 --- a/Packs/MalwareInvestigationAndResponse/Playbooks/playbook-Malware_Investigation_and_Response_Incident_Handler_README.md +++ b/Packs/MalwareInvestigationAndResponse/Playbooks/playbook-Malware_Investigation_and_Response_Incident_Handler_README.md @@ -9,10 +9,10 @@ This playbook uses the following sub-playbooks, integrations, and scripts. ### Sub-playbooks -* CrowdStrike Falcon Malware - Investigation and Response +* Cortex XDR Malware - Investigation And Response * MDE Malware - Investigation and Response * Malware SIEM Ingestion - Get Incident Data -* Cortex XDR Malware - Investigation And Response +* CrowdStrike Falcon Malware - Investigation and Response ### Integrations @@ -20,9 +20,9 @@ This playbook does not use any integrations. ### Scripts -* AssignAnalystToIncident -* Set * SetMultipleValues +* Set +* AssignAnalystToIncident ### Commands @@ -34,25 +34,25 @@ This playbook does not use any commands. | **Name** | **Description** | **Default Value** | **Required** | | --- | --- | --- | --- | -| RetrieveFile | Whether file retrieval from the endpoint is allowed. | True | Optional | -| DetonateFile | Whether file detonation is allowed on the sandbox. | True | Optional | +| OnCall | Define whether to assign OnCall to this flow.
Possible values: True/False.
Leave it empty if you do want not to assign an analyst to the incident. | False | Optional | | EnableDeduplication | Whether the deduplication playbook will be used. | False | Optional | +| DedupLimit | The maximum number of incidents to query and set to context data. | 200 | Optional | +| DedupCloseSimilar | "Defines the threshold of similarity to close a similar incident. All similar incidents with similarity above this value will be closed.
For example, if CloseSimilar is set to .8 and an incident has a similarity score of .9, the incident will be closed.
The value should be between 0 and 1 \[0=low similarity , 1=identical\]." | 0.9 | Optional | +| DedupHandleSimilar | "This input defines how to handle Similar incidents.
You may choose between: ""Link"", ""Close"", ""Link and Close"".
Note: that closing incidents will require you to define ""CloseSimilar"" input as well.
Also, note that the closer will apply on at least one of the options \(indicators or fields\) which will match the ""closer percentage"" criteria.
Default: Link " | Link | Optional | +| SIEMEDRProductToUse | For EDR alerts routed through a SIEM, provide the supported originating EDR. Possible values: CrowdStrike, XDR, or Microsoft Defender. | | Optional | +| EnableClosureSteps | When closing an incident, whether to use closure steps to close automatically. | True | Optional | +| TicketProjectName | For ticketing systems such as Jira a project name is required. | | Optional | +| OverrideSIEMSeverity | Whether to set the severity according to the ScaleToSetSeverity and SeverityValuesMapping settings \(True\) or keep the original severity as mapped by the SIEM \(False\). | False | Optional | +| SIEMincidentFieldForID | The name of the field that provides the external ID of the alert or incident in the EDR. | ${incident.externalsystemid} | Optional | +| SIEMincidentFieldForType | The name of the field that specifies the type of the alert. For example in CrowdStrike this field specifies a detection or incident. | ${incident.externalcategoryname} | Optional | | TicketingSystemToUse | The name of the ticketing system to use, for example Jira or ServiceNow. | | Optional | +| AdvancedHunting | Choose True to run Advance Hunting queries through your relevant integrations. Note: It may take some time. | True | Optional | +| BenignTagName | The name of the tag to apply for allowed indicators. | Good_Indicator | Optional | | MaliciousTagName | The tag to assign for indicators to block. | Bad_Indicator | Optional | +| RetrieveFile | Whether file retrieval from the endpoint is allowed. | True | Optional | +| DetonateFile | Whether file detonation is allowed on the sandbox. | True | Optional | | AutoIsolation | Whether host isolation is allowed. | False | Optional | | AutoUnisolation | Whether automatic un-isolation is allowed. | False | Optional | -| BenignTagName | The name of the tag to apply for allowed indicators. | Good_Indicator | Optional | -| SIEMincidentFieldForType | The name of the field that specifies the type of the alert. For example in CrowdStrike this field specifies a detection or incident. | ${incident.externalcategoryname} | Optional | -| SIEMincidentFieldForID | The name of the field that provides the external ID of the alert or incident in the EDR. | ${incident.externalsystemid} | Optional | -| OverrideSIEMSeverity | Whether to set the severity according to the ScaleToSetSeverity and SeverityValuesMapping settings \(True\) or keep the original severity as mapped by the SIEM \(False\). | False | Optional | -| TicketProjectName | For ticketing systems such as Jira a project name is required. | | Optional | -| EnableClosureSteps | When closing an incident, whether to use closure steps to close automatically. | True | Optional | -| AdvancedHunting | Choose True to run Advance Hunting queries through your relevant integrations. Note: It may take some time. | True | Optional | -| DedupHandleSimilar | "This input defines how to handle Similar incidents.
You may choose between: ""Link"", ""Close"", ""Link and Close"".
Note: that closing incidents will require you to define ""CloseSimilar"" input as well.
Also, note that the closer will apply on at least one of the options \(indicators or fields\) which will match the ""closer percentage"" criteria.
Default: Link " | Link | Optional | -| DedupCloseSimilar | "Defines the threshold of similarity to close a similar incident. All similar incidents with similarity above this value will be closed.
For example, if CloseSimilar is set to .8 and an incident has a similarity score of .9, the incident will be closed.
The value should be between 0 and 1 \[0=low similarity , 1=identical\]." | 0.9 | Optional | -| DedupLimit | The maximum number of incidents to query and set to context data. | 200 | Optional | -| SIEMEDRProductToUse | For EDR alerts routed through a SIEM, provide the supported originating EDR. Possible values: CrowdStrike, XDR, or Microsoft Defender. | | Optional | -| OnCall | Define whether to assign OnCall to this flow.
Possible values: True/False.
Leave it empty if you do want not to assign an analyst to the incident. | False | Optional | ## Playbook Outputs diff --git a/Packs/MalwareInvestigationAndResponse/ReleaseNotes/2_0_12.md b/Packs/MalwareInvestigationAndResponse/ReleaseNotes/2_0_12.md new file mode 100644 index 000000000000..f3a2d1302b3e --- /dev/null +++ b/Packs/MalwareInvestigationAndResponse/ReleaseNotes/2_0_12.md @@ -0,0 +1,6 @@ + +#### Playbooks + +##### Malware Investigation & Response Incident Handler + +Added playbook input sections to organize the inputs into related categories, which simplifies the playbook input visibility. (Available from Cortex XSOAR 8.5.0). diff --git a/Packs/MalwareInvestigationAndResponse/pack_metadata.json b/Packs/MalwareInvestigationAndResponse/pack_metadata.json index aa0bf343d20a..618dcc93deb9 100644 --- a/Packs/MalwareInvestigationAndResponse/pack_metadata.json +++ b/Packs/MalwareInvestigationAndResponse/pack_metadata.json @@ -5,7 +5,7 @@ "videos": [ "https://www.youtube.com/watch?v=DtGIefyoTao" ], - "currentVersion": "2.0.11", + "currentVersion": "2.0.12", "serverMinVersion": "6.5.0", "author": "Cortex XSOAR", "hidden": false, From 6ed630ca0a21d1b8682e9be9586dd85943966bf8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Jan 2024 14:16:08 +0000 Subject: [PATCH 3/5] Bump pycryptodomex from 3.19.0 to 3.19.1 (#31990) --- poetry.lock | 66 ++++++++++++++++++++++++++--------------------------- 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/poetry.lock b/poetry.lock index 1b9f094be274..de995e711a8a 100644 --- a/poetry.lock +++ b/poetry.lock @@ -4421,43 +4421,43 @@ files = [ [[package]] name = "pycryptodomex" -version = "3.19.0" +version = "3.19.1" description = "Cryptographic library for Python" optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*" files = [ - {file = "pycryptodomex-3.19.0-cp27-cp27m-macosx_10_9_x86_64.whl", hash = "sha256:ff64fd720def623bf64d8776f8d0deada1cc1bf1ec3c1f9d6f5bb5bd098d034f"}, - {file = "pycryptodomex-3.19.0-cp27-cp27m-manylinux2010_i686.whl", hash = "sha256:61056a1fd3254f6f863de94c233b30dd33bc02f8c935b2000269705f1eeeffa4"}, - {file = "pycryptodomex-3.19.0-cp27-cp27m-manylinux2010_x86_64.whl", hash = "sha256:258c4233a3fe5a6341780306a36c6fb072ef38ce676a6d41eec3e591347919e8"}, - {file = "pycryptodomex-3.19.0-cp27-cp27m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:6e45bb4635b3c4e0a00ca9df75ef6295838c85c2ac44ad882410cb631ed1eeaa"}, - {file = "pycryptodomex-3.19.0-cp27-cp27m-musllinux_1_1_aarch64.whl", hash = "sha256:a12144d785518f6491ad334c75ccdc6ad52ea49230b4237f319dbb7cef26f464"}, - {file = "pycryptodomex-3.19.0-cp27-cp27m-win32.whl", hash = "sha256:1789d89f61f70a4cd5483d4dfa8df7032efab1118f8b9894faae03c967707865"}, - {file = "pycryptodomex-3.19.0-cp27-cp27m-win_amd64.whl", hash = "sha256:eb2fc0ec241bf5e5ef56c8fbec4a2634d631e4c4f616a59b567947a0f35ad83c"}, - {file = "pycryptodomex-3.19.0-cp27-cp27mu-manylinux2010_i686.whl", hash = "sha256:c9a68a2f7bd091ccea54ad3be3e9d65eded813e6d79fdf4cc3604e26cdd6384f"}, - {file = "pycryptodomex-3.19.0-cp27-cp27mu-manylinux2010_x86_64.whl", hash = "sha256:8df69e41f7e7015a90b94d1096ec3d8e0182e73449487306709ec27379fff761"}, - {file = "pycryptodomex-3.19.0-cp27-cp27mu-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:917033016ecc23c8933205585a0ab73e20020fdf671b7cd1be788a5c4039840b"}, - {file = "pycryptodomex-3.19.0-cp27-cp27mu-musllinux_1_1_aarch64.whl", hash = "sha256:e8e5ecbd4da4157889fce8ba49da74764dd86c891410bfd6b24969fa46edda51"}, - {file = "pycryptodomex-3.19.0-cp35-abi3-macosx_10_9_universal2.whl", hash = "sha256:a77b79852175064c822b047fee7cf5a1f434f06ad075cc9986aa1c19a0c53eb0"}, - {file = "pycryptodomex-3.19.0-cp35-abi3-macosx_10_9_x86_64.whl", hash = "sha256:5b883e1439ab63af976656446fb4839d566bb096f15fc3c06b5a99cde4927188"}, - {file = "pycryptodomex-3.19.0-cp35-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a3866d68e2fc345162b1b9b83ef80686acfe5cec0d134337f3b03950a0a8bf56"}, - {file = "pycryptodomex-3.19.0-cp35-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:c74eb1f73f788facece7979ce91594dc177e1a9b5d5e3e64697dd58299e5cb4d"}, - {file = "pycryptodomex-3.19.0-cp35-abi3-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:7cb51096a6a8d400724104db8a7e4f2206041a1f23e58924aa3d8d96bcb48338"}, - {file = "pycryptodomex-3.19.0-cp35-abi3-musllinux_1_1_aarch64.whl", hash = "sha256:a588a1cb7781da9d5e1c84affd98c32aff9c89771eac8eaa659d2760666f7139"}, - {file = "pycryptodomex-3.19.0-cp35-abi3-musllinux_1_1_i686.whl", hash = "sha256:d4dd3b381ff5a5907a3eb98f5f6d32c64d319a840278ceea1dcfcc65063856f3"}, - {file = "pycryptodomex-3.19.0-cp35-abi3-musllinux_1_1_x86_64.whl", hash = "sha256:263de9a96d2fcbc9f5bd3a279f14ea0d5f072adb68ebd324987576ec25da084d"}, - {file = "pycryptodomex-3.19.0-cp35-abi3-win32.whl", hash = "sha256:67c8eb79ab33d0fbcb56842992298ddb56eb6505a72369c20f60bc1d2b6fb002"}, - {file = "pycryptodomex-3.19.0-cp35-abi3-win_amd64.whl", hash = "sha256:09c9401dc06fb3d94cb1ec23b4ea067a25d1f4c6b7b118ff5631d0b5daaab3cc"}, - {file = "pycryptodomex-3.19.0-pp27-pypy_73-manylinux2010_x86_64.whl", hash = "sha256:edbe083c299835de7e02c8aa0885cb904a75087d35e7bab75ebe5ed336e8c3e2"}, - {file = "pycryptodomex-3.19.0-pp27-pypy_73-win32.whl", hash = "sha256:136b284e9246b4ccf4f752d435c80f2c44fc2321c198505de1d43a95a3453b3c"}, - {file = "pycryptodomex-3.19.0-pp310-pypy310_pp73-macosx_10_9_x86_64.whl", hash = "sha256:5d73e9fa3fe830e7b6b42afc49d8329b07a049a47d12e0ef9225f2fd220f19b2"}, - {file = "pycryptodomex-3.19.0-pp310-pypy310_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:0b2f1982c5bc311f0aab8c293524b861b485d76f7c9ab2c3ac9a25b6f7655975"}, - {file = "pycryptodomex-3.19.0-pp310-pypy310_pp73-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:bfb040b5dda1dff1e197d2ef71927bd6b8bfcb9793bc4dfe0bb6df1e691eaacb"}, - {file = "pycryptodomex-3.19.0-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:800a2b05cfb83654df80266692f7092eeefe2a314fa7901dcefab255934faeec"}, - {file = "pycryptodomex-3.19.0-pp39-pypy39_pp73-macosx_10_9_x86_64.whl", hash = "sha256:c01678aee8ac0c1a461cbc38ad496f953f9efcb1fa19f5637cbeba7544792a53"}, - {file = "pycryptodomex-3.19.0-pp39-pypy39_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:2126bc54beccbede6eade00e647106b4f4c21e5201d2b0a73e9e816a01c50905"}, - {file = "pycryptodomex-3.19.0-pp39-pypy39_pp73-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:b801216c48c0886742abf286a9a6b117e248ca144d8ceec1f931ce2dd0c9cb40"}, - {file = "pycryptodomex-3.19.0-pp39-pypy39_pp73-win_amd64.whl", hash = "sha256:50cb18d4dd87571006fd2447ccec85e6cec0136632a550aa29226ba075c80644"}, - {file = "pycryptodomex-3.19.0.tar.gz", hash = "sha256:af83a554b3f077564229865c45af0791be008ac6469ef0098152139e6bd4b5b6"}, + {file = "pycryptodomex-3.19.1-cp27-cp27m-macosx_10_9_x86_64.whl", hash = "sha256:b5c336dc698650283ad06f8c0237a984087d0af9f403ff21d633507335628156"}, + {file = "pycryptodomex-3.19.1-cp27-cp27m-manylinux2010_i686.whl", hash = "sha256:c9cb88ed323be1aa642b3c17cd5caa1a03c3a8fbad092d48ecefe88e328ffae3"}, + {file = "pycryptodomex-3.19.1-cp27-cp27m-manylinux2010_x86_64.whl", hash = "sha256:0b42e2743893f386dfb58fe24a4c8be5305c3d1c825d5f23d9e63fd0700d1110"}, + {file = "pycryptodomex-3.19.1-cp27-cp27m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:10c2eed4efdfa084b602ab922e699a0a2ba82053baebfc8afcaf27489def7955"}, + {file = "pycryptodomex-3.19.1-cp27-cp27m-musllinux_1_1_aarch64.whl", hash = "sha256:e94a7e986b117b72e9472f8eafdd81748dafff30815401f9760f759f1debe9ef"}, + {file = "pycryptodomex-3.19.1-cp27-cp27m-win32.whl", hash = "sha256:23707238b024b36c35dd3428f5af6c1f0c5ef54c21e387a2063633717699b8b2"}, + {file = "pycryptodomex-3.19.1-cp27-cp27m-win_amd64.whl", hash = "sha256:c1ae2fb8d5d6771670436dcc889b293e363c97647a6d31c21eebc12b7b760010"}, + {file = "pycryptodomex-3.19.1-cp27-cp27mu-manylinux2010_i686.whl", hash = "sha256:d7a77391fd351ff1bdf8475558ddc6e92950218cb905419ee14aa02f370f1054"}, + {file = "pycryptodomex-3.19.1-cp27-cp27mu-manylinux2010_x86_64.whl", hash = "sha256:c9332b04bf3f838327087b028f690f4ddb9341eb014a0221e79b9c19a77f7555"}, + {file = "pycryptodomex-3.19.1-cp27-cp27mu-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:beb5f0664f49b6093da179ee8e27c1d670779f50b9ece0886ce491bb8bd63728"}, + {file = "pycryptodomex-3.19.1-cp27-cp27mu-musllinux_1_1_aarch64.whl", hash = "sha256:d45d0d35a238d838b872598fa865bbfb31aaef9aeeda77c68b04ef79f9a469dc"}, + {file = "pycryptodomex-3.19.1-cp35-abi3-macosx_10_9_universal2.whl", hash = "sha256:ed3bdda44cc05dd13eee697ab9bea6928531bb7b218e68e66d0d3eb2ebab043e"}, + {file = "pycryptodomex-3.19.1-cp35-abi3-macosx_10_9_x86_64.whl", hash = "sha256:ae75eea2e908383fd4c659fdcfe9621a72869e3e3ee73904227e93b7f7b80b54"}, + {file = "pycryptodomex-3.19.1-cp35-abi3-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:371bbe0be17b4dd8cc0c2f378d75ea33f00d5a39884c09a672016ac40145a5fa"}, + {file = "pycryptodomex-3.19.1-cp35-abi3-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:96000b837bcd8e3bf86b419924a056c978e45027281e4318650c81c25a3ef6cc"}, + {file = "pycryptodomex-3.19.1-cp35-abi3-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:011e859026ecbd15b8e720e8992361186e582cf726c50bde6ff8c0c05e820ddf"}, + {file = "pycryptodomex-3.19.1-cp35-abi3-musllinux_1_1_aarch64.whl", hash = "sha256:76414d39df6b45bcc4f38cf1ba2031e0f4b8e99d1ba3c2eee31ffe1b9f039733"}, + {file = "pycryptodomex-3.19.1-cp35-abi3-musllinux_1_1_i686.whl", hash = "sha256:1c04cfff163c05d033bf28e3c4429d8222796738c7b6c1638b9d7090b904611e"}, + {file = "pycryptodomex-3.19.1-cp35-abi3-musllinux_1_1_x86_64.whl", hash = "sha256:de5a43901e47e7a6938490fc5de3074f6e35c8b481a75b227c0d24d6099bd41d"}, + {file = "pycryptodomex-3.19.1-cp35-abi3-win32.whl", hash = "sha256:f24f49fc6bd706d87048654d6be6c7c967d6836d4879e3a7c439275fab9948ad"}, + {file = "pycryptodomex-3.19.1-cp35-abi3-win_amd64.whl", hash = "sha256:f8b3d9e7c17c1ffc1fa5b11c0bbab8a5df3de8596bb32ad30281b21e5ede4bf5"}, + {file = "pycryptodomex-3.19.1-pp27-pypy_73-manylinux2010_x86_64.whl", hash = "sha256:ac562e239d98cfef763866c0aee4586affb0d58c592202f06c87241af99db241"}, + {file = "pycryptodomex-3.19.1-pp27-pypy_73-win32.whl", hash = "sha256:39eb1f82ac3ba3e39d866f38e480e8fa53fcdd22260340f05f54a8188d47d510"}, + {file = "pycryptodomex-3.19.1-pp310-pypy310_pp73-macosx_10_9_x86_64.whl", hash = "sha256:0bc4b7bfaac56e6dfd62044847443a3d110c7abea7fcb0d68c1aea64ed3a6697"}, + {file = "pycryptodomex-3.19.1-pp310-pypy310_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:8dffe067d5fff14dba4d18ff7d459cc2a47576d82dafbff13a8f1199c3353e41"}, + {file = "pycryptodomex-3.19.1-pp310-pypy310_pp73-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:aab7941c2ff53eb63cb26252770e4f14386d79ce07baeffbf98a1323c1646545"}, + {file = "pycryptodomex-3.19.1-pp310-pypy310_pp73-win_amd64.whl", hash = "sha256:3f3c58971784fba0e014bc3f8aed1197b86719631e1b597d36d7354be5598312"}, + {file = "pycryptodomex-3.19.1-pp39-pypy39_pp73-macosx_10_9_x86_64.whl", hash = "sha256:5ca98de2e5ac100e57a7116309723360e8f799f722509e376dc396cdf65eec9c"}, + {file = "pycryptodomex-3.19.1-pp39-pypy39_pp73-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:f8a97b1acd36e9ce9d4067d94a8be99c458f0eb8070828639302a95cfcf0770b"}, + {file = "pycryptodomex-3.19.1-pp39-pypy39_pp73-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:62f51a63d73153482729904381dd2de86800b0733a8814ee8f072fa73e5c92fb"}, + {file = "pycryptodomex-3.19.1-pp39-pypy39_pp73-win_amd64.whl", hash = "sha256:9919a1edd2a83c4dfb69f1d8a4c0c5efde7147ef15b07775633372b80c90b5d8"}, + {file = "pycryptodomex-3.19.1.tar.gz", hash = "sha256:0b7154aff2272962355f8941fd514104a88cb29db2d8f43a29af900d6398eb1c"}, ] [[package]] From 60a9393197da60176432c452015c687df669eb67 Mon Sep 17 00:00:00 2001 From: tkatzir Date: Mon, 8 Jan 2024 16:21:34 +0200 Subject: [PATCH 4/5] Sanitize Curl Logs (#31702) --- Packs/Base/ReleaseNotes/1_33_15.md | 6 ++++++ .../Scripts/CommonServerPython/CommonServerPython.py | 8 +++++++- .../CommonServerPython/CommonServerPython_test.py | 10 +++++----- Packs/Base/pack_metadata.json | 2 +- 4 files changed, 19 insertions(+), 7 deletions(-) create mode 100644 Packs/Base/ReleaseNotes/1_33_15.md diff --git a/Packs/Base/ReleaseNotes/1_33_15.md b/Packs/Base/ReleaseNotes/1_33_15.md new file mode 100644 index 000000000000..89c425edaac6 --- /dev/null +++ b/Packs/Base/ReleaseNotes/1_33_15.md @@ -0,0 +1,6 @@ + +#### Scripts + +##### CommonServerPython + +- Fixed an issue where logging curl calls could expose sensitive values. diff --git a/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py b/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py index 2e8dfc7fa376..6b4cc487b396 100644 --- a/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py +++ b/Packs/Base/Scripts/CommonServerPython/CommonServerPython.py @@ -49,6 +49,8 @@ def __line__(): EVENTS = "events" DATA_TYPES = [EVENTS, ASSETS] +SECRET_REPLACEMENT_STRING = '' + def register_module_line(module_name, start_end, line, wrapper=0): """ @@ -1591,7 +1593,7 @@ def encode(self, message): else: res = "Failed encoding message with error: {}".format(exception) for s in self.replace_strs: - res = res.replace(s, '') + res = res.replace(s, SECRET_REPLACEMENT_STRING) return res def __call__(self, message): @@ -1670,6 +1672,7 @@ def build_curl(self, text): url = '' headers = [] headers_to_skip = ['Content-Length', 'User-Agent', 'Accept-Encoding', 'Connection'] + headers_to_sanitize = ['Authorization', 'Cookie'] request_parts = repr(data).split('\\\\r\\\\n') # splitting lines on repr since data is a bytes-string for line, part in enumerate(request_parts): if line == 0: @@ -1681,6 +1684,9 @@ def build_curl(self, text): else: if any(header_to_skip in part for header_to_skip in headers_to_skip): continue + if any(header_to_sanitize in part for header_to_sanitize in headers_to_sanitize): + headers.append(part.split(' ')[0] + " " + SECRET_REPLACEMENT_STRING) + continue headers.append(part) curl_headers = '' for header in headers: diff --git a/Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py b/Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py index e67aa720d3ad..6339e9d88d8c 100644 --- a/Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py +++ b/Packs/Base/Scripts/CommonServerPython/CommonServerPython_test.py @@ -1452,7 +1452,7 @@ def test_build_curl_post_noproxy(): "Content-Type: application/json\\r\\n\\r\\n'") ilog.build_curl("send: b'{\"data\": \"value\"}'") assert ilog.curl == [ - 'curl -X POST https://demisto.com/api -H "Authorization: TOKEN" -H "Content-Type: application/json" ' + 'curl -X POST https://demisto.com/api -H "Authorization: " -H "Content-Type: application/json" ' '--noproxy "*" -d \'{"data": "value"}\'' ] @@ -1479,7 +1479,7 @@ def test_build_curl_post_xml(): "Content-Type: application/json\\r\\n\\r\\n'") ilog.build_curl("send: b''") assert ilog.curl == [ - 'curl -X POST https://demisto.com/api -H "Authorization: TOKEN" -H "Content-Type: application/json" ' + 'curl -X POST https://demisto.com/api -H "Authorization: " -H "Content-Type: application/json" ' '--noproxy "*" -d \'\'' ] @@ -1511,7 +1511,7 @@ def test_build_curl_get_withproxy(mocker): "Content-Type: application/json\\r\\n\\r\\n'") ilog.build_curl("send: b'{\"data\": \"value\"}'") assert ilog.curl == [ - 'curl -X GET https://demisto.com/api -H "Authorization: TOKEN" -H "Content-Type: application/json" ' + 'curl -X GET https://demisto.com/api -H "Authorization: " -H "Content-Type: application/json" ' '--proxy http://proxy -k -d \'{"data": "value"}\'' ] @@ -1548,9 +1548,9 @@ def test_build_curl_multiple_queries(): "Content-Type: application/json\\r\\n\\r\\n'") ilog.build_curl("send: b'{\"getdata\": \"value\"}'") assert ilog.curl == [ - 'curl -X POST https://demisto.com/api/post -H "Authorization: TOKEN" -H "Content-Type: application/json" ' + 'curl -X POST https://demisto.com/api/post -H "Authorization: " -H "Content-Type: application/json" ' '--noproxy "*" -d \'{"postdata": "value"}\'', - 'curl -X GET https://demisto.com/api/get -H "Authorization: TOKEN" -H "Content-Type: application/json" ' + 'curl -X GET https://demisto.com/api/get -H "Authorization: " -H "Content-Type: application/json" ' '--noproxy "*" -d \'{"getdata": "value"}\'' ] diff --git a/Packs/Base/pack_metadata.json b/Packs/Base/pack_metadata.json index adba655ed110..d9782725df89 100644 --- a/Packs/Base/pack_metadata.json +++ b/Packs/Base/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Base", "description": "The base pack for Cortex XSOAR.", "support": "xsoar", - "currentVersion": "1.33.14", + "currentVersion": "1.33.15", "author": "Cortex XSOAR", "serverMinVersion": "6.0.0", "url": "https://www.paloaltonetworks.com/cortex", From 9542df6be95cc4c5e309e6cd5b2c208521ee0576 Mon Sep 17 00:00:00 2001 From: Moshe Eichler <78307768+MosheEichler@users.noreply.github.com> Date: Mon, 8 Jan 2024 20:58:56 +0200 Subject: [PATCH 5/5] CiscoWebex event collector (#31706) * initial commit * add UT * add pic * add fields * fix UT * update readme * pre-commit fixes * pre-commit fixes * pre-commit fixes * pre-commit fixes * docstring * pre-commit fixes * flake8 errors * doc review fixes * space * UT * Added modeling rules * Modified modeling rules * Modified modeling rules * Modified modeling rules * fix the cisco-webex-oath-complete command output * remade * docs fixes * demo fixes * moved pack * fi UT * MR * Added release note. * Update Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/CiscoWebexEventCollector.yml Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/CiscoWebexEventCollector_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/CiscoWebexEventCollector_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/CiscoWebexEventCollector_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/CiscoWebexEventCollector_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/CiscoWebexEventCollector_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/CiscoWebexEventCollector_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/CiscoWebexEventCollector_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/CiscoWebexEventCollector_description.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CiscoSpark/ReleaseNotes/1_0_5.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * Update Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/README.md Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> * CR fixes * Update .secrets-ignore --------- Co-authored-by: Yehonatan Asta Co-authored-by: yasta5 <112320333+yasta5@users.noreply.github.com> Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com> --- Packs/CiscoSpark/.secrets-ignore | 4 +- .../CiscoWebexEventCollector.py | 542 ++++++++++++++++++ .../CiscoWebexEventCollector.yml | 159 +++++ .../CiscoWebexEventCollector_description.md | 48 ++ .../CiscoWebexEventCollector_image.png | Bin 0 -> 8307 bytes .../CiscoWebexEventCollector_test.py | 308 ++++++++++ .../CiscoWebexEventCollector/README.md | 173 ++++++ .../CiscoWebexEventCollector/command_examples | 0 .../test_data/admin_audits.json | 32 ++ .../test_data/events.json | 112 ++++ .../test_data/no_events.json | 3 + .../test_data/security_audits.json | 92 +++ .../ModelingRules/CiscoWebex/CiscoWebex.xif | 45 ++ .../ModelingRules/CiscoWebex/CiscoWebex.yml | 6 + .../CiscoWebex/CiscoWebex_schema.json | 28 + Packs/CiscoSpark/ReleaseNotes/1_0_5.md | 7 + .../doc_files/get_organization_id.png | Bin 0 -> 233843 bytes Packs/CiscoSpark/pack_metadata.json | 2 +- 18 files changed, 1559 insertions(+), 2 deletions(-) create mode 100644 Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/CiscoWebexEventCollector.py create mode 100644 Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/CiscoWebexEventCollector.yml create mode 100644 Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/CiscoWebexEventCollector_description.md create mode 100644 Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/CiscoWebexEventCollector_image.png create mode 100644 Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/CiscoWebexEventCollector_test.py create mode 100644 Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/README.md create mode 100644 Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/command_examples create mode 100644 Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/test_data/admin_audits.json create mode 100644 Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/test_data/events.json create mode 100644 Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/test_data/no_events.json create mode 100644 Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/test_data/security_audits.json create mode 100644 Packs/CiscoSpark/ModelingRules/CiscoWebex/CiscoWebex.xif create mode 100644 Packs/CiscoSpark/ModelingRules/CiscoWebex/CiscoWebex.yml create mode 100644 Packs/CiscoSpark/ModelingRules/CiscoWebex/CiscoWebex_schema.json create mode 100644 Packs/CiscoSpark/ReleaseNotes/1_0_5.md create mode 100644 Packs/CiscoSpark/doc_files/get_organization_id.png diff --git a/Packs/CiscoSpark/.secrets-ignore b/Packs/CiscoSpark/.secrets-ignore index a44323fc45fa..6c3c81aae67e 100644 --- a/Packs/CiscoSpark/.secrets-ignore +++ b/Packs/CiscoSpark/.secrets-ignore @@ -1 +1,3 @@ -https://webexapis.com \ No newline at end of file +https://webexapis.com +https://developer.webex.com +https://redirect.com diff --git a/Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/CiscoWebexEventCollector.py b/Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/CiscoWebexEventCollector.py new file mode 100644 index 000000000000..26b08518ae3d --- /dev/null +++ b/Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/CiscoWebexEventCollector.py @@ -0,0 +1,542 @@ +import demistomock as demisto # noqa: F401 +from CommonServerPython import * # noqa: F401 +from CommonServerUserPython import * # noqa +from dateutil import parser +from typing import Callable + +''' CONSTANTS ''' + +VENDOR = 'cisco' +PRODUCT = 'webex' +SCOPE = { + 'admin': 'audit:events_read spark:kms', + 'compliance_officer': 'spark-compliance:events_read spark:kms', +} +COMMAND_FUNCTION_TO_EVENT_TYPE = { + 'get_admin_audits': 'Admin Audit Events', + 'get_security_audits': 'Security Audit Events', + 'get_compliance_officer_events': 'Events', +} +DEFAULT_MAX_FETCH = 200 + +''' HELPER FUNCTIONS ''' + + +def date_time_to_iso_format(date_time: datetime) -> str: + """ + Gets a datetime object and returns s string represents a datetime is ISO format. + Args: + date_time: A datetime object. + + Returns: + A string represents a datetime is ISO format. + """ + return f'{date_time.isoformat(timespec="milliseconds")}Z' + + +def create_last_run() -> dict: + """ + Creates a dict fetch data (last event datetime, next link) for each event type. + Returns: + A dict used in the fetch events command for the first fetch. + """ + start_fetch = datetime.utcnow() - timedelta(weeks=1) + return { + 'admin_audits': {'since_datetime': date_time_to_iso_format(start_fetch), 'next_url': ''}, + 'security_audits': {'since_datetime': date_time_to_iso_format(start_fetch), 'next_url': ''}, + 'compliance_officer_events': {'since_datetime': date_time_to_iso_format(start_fetch), 'next_url': ''}, + } + + +def add_fields_to_events(events: list[dict], evnet_type: str | None): + """ + Gets a list of events of a specific event type and adds the `_time` & `source_log_type` fields to the event. + Args: + events: A list of events. + evnet_type: The event type. + """ + for event in events: + event['_time'] = event.get('created') + event['source_log_type'] = evnet_type + + +def increase_datetime_for_next_fetch(events: list, latest_datetime_previous_fetch: str) -> str: + """ + Gets a list of events and a string represents a datetime from the previous fetch + and returns the latest event create time + a timedelta of a millisecond using for the next fetch. + Args: + events: A list of events. + latest_datetime_previous_fetch: A string represents a datetime in ISO format saved from the previous fetch. + + Returns: + A string represents a datetime is ISO format. + """ + latest_event = max(events, key=lambda event: parser.parse(event['created'])) + latest_date_time = max( + parser.parse(latest_event.get('created'), ignoretz=True), + parser.parse(latest_datetime_previous_fetch, ignoretz=True) + ) + return date_time_to_iso_format(latest_date_time + timedelta(milliseconds=1)) + + +''' CLIENT CLASS ''' + + +class Client(BaseClient): + """Client class to interact with the service API""" + + def __init__(self, url: str, verify: bool, proxy: bool, client_id: str, client_secret: str, redirect_uri: str, + scope: str | None, user: str): + super().__init__(base_url=url, verify=verify, proxy=proxy) + self.client_id = client_id + self.client_secret = client_secret + self.redirect_uri = redirect_uri + self.scope = scope + self.user = user + + def create_access_token(self, grant_type: str, code: str | None = None, refresh_token: str | None = None) -> dict: + """ + Generates a refresh & and access tokens. + Args: + grant_type: the grant_type could be either `authorization_code` or `refresh_token`. + refresh_token: the `refresh_token` to generate the `access_token` when expires. + code: string returns as a query parameter from the `!cisco-webex-oauth-start` command. + """ + headers = { + 'Content-Type': 'application/x-www-form-urlencoded' + } + params = assign_params( + grant_type=grant_type, + code=code, + refresh_token=refresh_token, + client_id=self.client_id, + client_secret=self.client_secret, + redirect_uri=self.redirect_uri, + ) + return self._http_request(method='POST', url_suffix='access_token', headers=headers, params=params) + + def save_tokens_to_integration_context(self, result: dict): + """ + Saves the access & refresh tokens in the integration context. + Args: + result: The API json response from the `create_access_token` method. + """ + now = datetime.utcnow() + context = assign_params( + access_token=result.get('access_token'), + access_token_expires_in=date_time_to_iso_format(now + timedelta(seconds=result.get('expires_in', 0))), + refresh_token=result.get('refresh_token'), + refresh_token_expires_in=date_time_to_iso_format( + now + timedelta(seconds=result.get('refresh_token_expires_in', 0)) + ), + ) + integration_context = get_integration_context() + integration_context[self.user] = context + set_integration_context(integration_context) + + def get_access_token(self) -> str | None: + """ + Returns the access token from the integration context or generates a new one using the refresh_token. + Returns: + The access token or None if the integration context is not set yet. + """ + if user_integration_context := get_integration_context().get(self.user): + if datetime.utcnow() > parser.parse(user_integration_context.get('refresh_token_expires_in'), ignoretz=True): + # In case the refresh token expired we should generate a new one using the !cisco-webex-oauth-start command. + raise DemistoException('The `refresh token` expired, please re-run the `!cisco-webex-oauth-start` command ' + f'with the `user` argument set to {self.user}.') + + if datetime.utcnow() > parser.parse(user_integration_context.get('access_token_expires_in'), ignoretz=True): + # In case the access token expired we create a new access token using the refresh token. + result = self.create_access_token('refresh_token', refresh_token=user_integration_context.get('refresh_token')) + self.save_tokens_to_integration_context(result) + return result.get('access_token') # Return the new access token from the API response. + + return user_integration_context.get('access_token') # Return the access token from the integration context. + + return None + + def oauth_start(self) -> tuple[str, str]: + """returns a URL as a string to use in the oauth start command.""" + params = assign_params( + response_type='code', + scope=self.scope, + client_id=self.client_id, + redirect_uri=self.redirect_uri, + ) + return f'{urljoin(self._base_url, "authorize?")}{urllib.parse.urlencode(params, quote_via=urllib.parse.quote)}', self.user + + def oauth_complete(self, code: str | None): + """ + Completes the authentication process. + It gets a code returned from the `oauth_start` command and sets the access & refresh token. + Args: + code: The code return from the `oauth_start` command as a query parameter. + """ + result = self.create_access_token('authorization_code', code=code) + self.save_tokens_to_integration_context(result) + + @abstractmethod + def oauth_test(self) -> str: + """ + Abstract function to test the client connection with the API. + """ + + +class AdminClient(Client): + def __init__(self, url: str, verify: bool, proxy: bool, client_id: str, client_secret: str, redirect_uri: str, + scope: str | None, + org_id: str): + super().__init__(url, verify, proxy, client_id, client_secret, redirect_uri, scope, user='admin') + self.org_id = org_id + self._headers = { + 'Authorization': f'Bearer {self.get_access_token()}' + } + + def oauth_test(self): + """Runs the `get_admin_audits` method in order to tes the connection.""" + self.get_admin_audits(date_time_to_iso_format(datetime.utcnow() - timedelta(hours=3))) + + def get_admin_audits(self, from_date: str, limit: int = DEFAULT_MAX_FETCH, next_url: str = '') -> requests.Response: + """ + Returns admin audit events either with a `next_url` or according to filter parameters. + Args: + from_date: A string represents a datetime is ISO format from when to get the events. + limit: A number of how mny events to return. + next_url: A URL (returned from the previous run) to get the events (using for pagination). + + Returns: + A response object with the events returned dform the API. + """ + if next_url: + return self._http_request(method='GET', full_url=next_url, resp_type='response') + params = { + 'orgId': self.org_id, + 'from': from_date, + 'to': date_time_to_iso_format(datetime.utcnow()), + 'max': min(limit, DEFAULT_MAX_FETCH), + } + return self._http_request(method='GET', url_suffix='adminAudit/events', params=params, resp_type='response') + + def get_security_audits(self, from_date: str, limit: int = DEFAULT_MAX_FETCH, next_url: str = '') -> requests.Response: + """ + Returns admin security events either with a `next_url` or according to filter parameters. + Args: + from_date: A string represents a datetime is ISO format from when to get the events. + limit: A number of how mny events to return. + next_url: A URL (returned from the previous run) to get the events (using for pagination). + + Returns: + A response object with the events returned dform the API. + """ + if next_url: + return self._http_request(method='GET', full_url=next_url, resp_type='response') + params = { + 'orgId': self.org_id, + 'startTime': from_date, + 'endTime': date_time_to_iso_format(datetime.utcnow()), + 'max': min(limit, 1000), + } + return self._http_request(method='GET', url_suffix='admin/securityAudit/events', params=params, resp_type='response') + + +class ComplianceOfficerClient(Client): + def __init__(self, url: str, verify: bool, proxy: bool, client_id: str, client_secret: str, redirect_uri: str, + scope: str | None): + super().__init__(url, verify, proxy, client_id, client_secret, redirect_uri, scope, user='compliance_officer') + self._headers = { + 'Authorization': f'Bearer {self.get_access_token()}' + } + + def oauth_test(self): + """Runs the `get_compliance_officer_events` method in order to tes the connection.""" + self.get_compliance_officer_events(date_time_to_iso_format(datetime.utcnow() - timedelta(hours=3))) + + def get_compliance_officer_events(self, from_date: str, limit: int = DEFAULT_MAX_FETCH, + next_url: str = '') -> requests.Response: + """ + Returns events either with a `next_url` or according to filter parameters. + Args: + from_date: A string represents a datetime is ISO format from when to get the events. + limit: A number of how mny events to return. + next_url: A URL (returned from the previous run) to get the events (using for pagination). + + Returns: + A response object with the events returned dform the API. + """ + if next_url: + return self._http_request(method='GET', full_url=next_url, resp_type='response') + params = { + 'from': from_date, + 'to': date_time_to_iso_format(datetime.utcnow()), + 'max': min(limit, 1000), + } + return self._http_request(method='GET', url_suffix='events', params=params, resp_type='response') + + +''' COMMAND FUNCTIONS ''' + + +def test_module(): + """Raises an exception with the message to run the `!cisco-webex-oauth-start` command.""" + raise DemistoException( + 'In order to authorize the instance, first run the command `!cisco-webex-oauth-start`, ' + 'and complete the process in the URL that is returned. You will then be redirected ' + 'to the callback URL. Copy the authorization code found in the query parameter ' + '`code`, and paste that value in the command `!cisco-webex-oauth-complete` as an argument to finish ' + 'the process. Then you can test it bu running the `!cisco-webex-oauth-test` command.' + ) + + +def oauth_start(client: Client) -> CommandResults: + """ + Runs the client `oauth_start` method in order to create a URL to start the authenticate process. + Args: + client: A client object either an AdminClient or a ComplianceOfficerClient. + + Returns: + A CommandResult with a URL generated according to the client attributes to start the authentication. + """ + url, user = client.oauth_start() + message = f""" +>### Authorization instructions +>1. Click on the [login URL]({url}) to sign in and grant Cortex XSOAR permissions for your Cisco Webex {user} application. +You will be automatically redirected to a link with the following structure: +```REDIRECT_URI?code=AUTH_CODE``` +>2. Copy the `AUTH_CODE` (without the `code=` prefix) +and use it in **!cisco-webex-oauth-complete** command as a value fot the **code** argument. +""" + return CommandResults(readable_output=message) + + +def oauth_complete(client: Client, args: dict) -> CommandResults: + """ + Gets a code returned from the `oath_start` command as a query parameter and creates an access & refresh token to save them in + the integration_context. + Args: + client: A client object either an AdminClient or a ComplianceOfficerClient. + args: An authorization code provided as a query parameter called `code` returned from the `oauth_start` command. + + Returns: + A CommandResult with a message that the tokens was created and saved successfully. + """ + code = args.get('code') + client.oauth_complete(code) + return CommandResults( + readable_output='Authorization completed successfully.' + ) + + +def oauth_test(client: Client) -> CommandResults: + """ + Runs the `oauth_test` command in order to test the connection. + Args: + client: A client object either an AdminClient or a ComplianceOfficerClient. + + Returns: + A CommandResult with a message that the Test succeeded. + """ + client.oauth_test() + return CommandResults(readable_output='```✅ Success!```') + + +def get_events_with_pagination(client_function: Callable, from_date: str, limit: int, next_url: str = '') -> tuple[list, str]: + """ + Returns events with pagination mechanism. + Args: + client_function: The function used to return the events (for each event type). + from_date: A string represents a datetime is ISO format from when to get the events. + limit: A number of how mny events to return. + next_url: A URL (returned from the previous run) to get the events (using for pagination). + + Returns: + A list of events and a string of the next_url (a URL to return events). + """ + events: list[dict] = [] + + response = client_function(from_date, limit, next_url) + response_json = response.json() + events.extend(response_json.get('items', [])) + + while (next_url := demisto.get(response.links, 'next.url', '')) and len(events) < limit: + response = client_function(from_date, limit, next_url) + response_json = response.json() + events.extend(response_json.get('items', [])) + + add_fields_to_events(events, evnet_type=COMMAND_FUNCTION_TO_EVENT_TYPE.get(client_function.__name__)) + + return events, next_url + + +def get_events_command(command_function: Callable, args: dict) -> tuple[CommandResults, list]: + """ + Returns a list of events + Args: + command_function: The function used to return the events (for each event type). + args: A dict with fetch data. + + Returns: + A CommandResult with a readable output of the events and a list of the events. + """ + from_date = args.get('since_datetime', date_time_to_iso_format(datetime.utcnow() - timedelta(hours=3))) + limit = arg_to_number(args.get('limit', 5)) or DEFAULT_MAX_FETCH + + events, _ = get_events_with_pagination(command_function, from_date=from_date, limit=limit) + + command_results = CommandResults( + readable_output=tableToMarkdown(COMMAND_FUNCTION_TO_EVENT_TYPE.get(command_function.__name__), events) + ) + return command_results, events + + +def fetch_events(admin_client: AdminClient, co_client: ComplianceOfficerClient, last_run: dict, + max_fetch: int, fetch_security_audits: bool = False) -> tuple[list, dict]: + """ + Fetches three types of events (Admin Audits, Security Audits, Events), + It fetches from the latest event `create` date or with a `next_url` returned form the previous fetch, + And saves the latest evnet create date and the `next_url` from the current fetch to use in the next fetch. + Args: + admin_client: An instance of the AdminClient. + co_client: An instance of the ComplianceOfficesClient. + last_run: A dict with the latest fetch data. + max_fetch: A number of how many events to return per fetch. + fetch_security_audits: A boolean that defines whether to return security_audits or not. (since it needs more permissions). + + Returns: + A list of events and a dict with fetch info to use in the next fetch. + """ + all_events = [] + + if not last_run: + last_run = create_last_run() + + demisto.debug(f'start fetching events with last_run: {last_run}') + + event_type_to_client_function = { + 'admin_audits': admin_client.get_admin_audits, + 'compliance_officer_events': co_client.get_compliance_officer_events, + } + if fetch_security_audits: + event_type_to_client_function['security_audits'] = admin_client.get_security_audits + + for event_type, client_function in event_type_to_client_function.items(): + since_datetime = demisto.get(last_run, f'{event_type}.since_datetime') + next_url = demisto.get(last_run, f'{event_type}.next_url', '') + events, next_url = get_events_with_pagination(client_function, since_datetime, max_fetch, next_url) + last_run[event_type]['next_url'] = next_url + if events: + last_run[event_type]['since_datetime'] = increase_datetime_for_next_fetch(events, since_datetime) + all_events.extend(events) + + demisto.debug(f'finished fetching {len(all_events)} events, last_run will be set to: {last_run}') + + return all_events, last_run + + +''' MAIN FUNCTION ''' + + +def main() -> None: # pragma: no cover + """main function, parses params and runs command functions""" + + params = demisto.params() + args = demisto.args() + command = demisto.command() + + # parse parameters + base_url = urljoin(params.get('base_url', 'https://webexapis.com'), '/v1/') + admin_client_id = demisto.get(params, 'admin_credentials.identifier', '') + admin_client_secret = demisto.get(params, 'admin_credentials.password', '') + admin_redirect_uri = params.get('admin_app_redirect_uri') + admin_org_id = params.get('admin_org_id') + compliance_officer_client_id = demisto.get(params, 'compliance_officer_credentials.identifier', '') + compliance_officer_client_secret = demisto.get(params, 'compliance_officer_credentials.password', '') + compliance_officer_redirect_uri = params.get('compliance_officer_redirect_uri') + fetch_security_audits = argToBoolean(params.get("fetch_security_audit_events", False)) + verify_certificate = argToBoolean(not params.get("insecure", False)) + proxy = argToBoolean(params.get("proxy", False)) + max_fetch = arg_to_number(params.get('max_fetch', DEFAULT_MAX_FETCH)) or DEFAULT_MAX_FETCH + if not 0 < max_fetch <= 2000: + max_fetch = DEFAULT_MAX_FETCH + + demisto.debug(f'Command being called is {demisto.command()}') + + try: + admin_client = AdminClient( + url=base_url, + verify=verify_certificate, + proxy=proxy, + client_id=admin_client_id, + client_secret=admin_client_secret, + redirect_uri=admin_redirect_uri, + org_id=admin_org_id, + scope=SCOPE.get('admin'), + ) + + compliance_officer_client = ComplianceOfficerClient( + url=base_url, + verify=verify_certificate, + proxy=proxy, + client_id=compliance_officer_client_id, + client_secret=compliance_officer_client_secret, + redirect_uri=compliance_officer_redirect_uri, + scope=SCOPE.get('compliance_officer'), + ) + + if demisto.command() == 'test-module': + test_module() + + elif demisto.command() == 'cisco-webex-oauth-start': + client = admin_client if args.get('user') == 'admin' else compliance_officer_client + result = oauth_start(client) + return_results(result) + + elif demisto.command() == 'cisco-webex-oauth-complete': + client = admin_client if args.get('user') == 'admin' else compliance_officer_client + result = oauth_complete(client, args) + return_results(result) + + elif demisto.command() == 'cisco-webex-oauth-test': + client = admin_client if args.get('user') == 'admin' else compliance_officer_client + result = oauth_test(client) + return_results(result) + + elif command == 'cisco-webex-get-admin-audit-events': + command_results, events = get_events_command(admin_client.get_admin_audits, args) + if argToBoolean(args.get('should_push_events', False)): + demisto.debug(f'Sending to XSIAM {len(events)} events of type admin_audits') + send_events_to_xsiam(events, vendor=VENDOR, product=PRODUCT) + return_results(command_results) + + elif command == 'cisco-webex-get-security-audit-events': + command_results, events = get_events_command(admin_client.get_security_audits, args) + if argToBoolean(args.get('should_push_events', False)): + demisto.debug(f'Sending to XSIAM {len(events)} events of type security_audits') + send_events_to_xsiam(events, vendor=VENDOR, product=PRODUCT) + return_results(command_results) + + elif command == 'cisco-webex-get-compliance-officer-events': + command_results, events = get_events_command(compliance_officer_client.get_compliance_officer_events, args) + if argToBoolean(args.get('should_push_events', False)): + demisto.debug(f'Sending to XSIAM {len(events)} events of type events') + send_events_to_xsiam(events, vendor=VENDOR, product=PRODUCT) + return_results(command_results) + + elif command == 'fetch-events': + last_run = demisto.getLastRun() + events, next_run = fetch_events(admin_client, compliance_officer_client, last_run, max_fetch, fetch_security_audits) + send_events_to_xsiam(events, vendor=VENDOR, product=PRODUCT) + demisto.setLastRun(next_run) + + else: + raise NotImplementedError(f'Command "{command}" was not implemented.') + + # Log exceptions and return errors + except Exception as e: + return_error(f'Failed to execute {demisto.command()} command.\nError:\n{str(e)}') + + +''' ENTRY POINT ''' + +if __name__ in ('__main__', '__builtin__', 'builtins'): + main() diff --git a/Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/CiscoWebexEventCollector.yml b/Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/CiscoWebexEventCollector.yml new file mode 100644 index 000000000000..59bd9b7a52b2 --- /dev/null +++ b/Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/CiscoWebexEventCollector.yml @@ -0,0 +1,159 @@ +category: Analytics & SIEM +sectionOrder: +- Connect +- Collect +commonfields: + id: CiscoWebexEventCollector + version: -1 +configuration: +- display: URL + name: base_url + defaultvalue: 'https://webexapis.com' + required: true + type: 0 + section: Connect +- name: admin_credentials + display: Admin APP Client ID + required: true + type: 9 + additionalinfo: Admin APP Client ID and Secret. + displaypassword: Admin APP Client Secret +- display: Admin APP Redirect URI + name: admin_app_redirect_uri + required: true + type: 0 + section: Connect +- display: Admin Org Id + name: admin_org_id + required: true + type: 0 + section: Connect +- name: compliance_officer_credentials + display: Compliance Officer Client ID + required: true + type: 9 + additionalinfo: Compliance Officer Client ID and Secret. + displaypassword: Compliance Officer Client Secret +- display: Compliance Officer Redirect URI + name: compliance_officer_redirect_uri + required: true + type: 0 + section: Connect +- display: Trust any certificate (not secure) + name: insecure + required: false + type: 8 + section: Connect + advanced: true +- display: Use system proxy settings + name: proxy + required: false + type: 8 + section: Connect + advanced: true +- display: Fetch security audit events + additionalinfo: In order to fetch security audit events, pro pack needs to be installed on the Webex instance. + name: fetch_security_audit_events + required: false + type: 8 + section: Collect +- defaultvalue: 200 + display: Maximum number of events per fetch + name: max_fetch + required: false + type: 0 + section: Collect + advanced: true +description: Cisco Webex Event Collector fetches Events and Admin Audit Events and Security Audit Events. +display: Cisco Webex Event Collector +name: CiscoWebexEventCollector +script: + commands: + - arguments: + - auto: PREDEFINED + description: The user to start authorization. + name: user + predefined: + - 'admin' + - 'compliance_officer' + required: true + description: Use this command to start the authorization process. In order to authorize the instance, first run the command, and complete the process in the URL that is returned. You will then be redirected to the callback URL where you will copy the authorization code found in the query parameter `code`, and paste that value in the command `!cisco-webex-oauth-complete` as an argument to finish the process. + name: cisco-webex-oauth-start + - arguments: + - auto: PREDEFINED + description: The user to complete authorization. + name: user + predefined: + - 'admin' + - 'compliance_officer' + required: true + - description: The authorization code retrieved from the callback URL according to the documentation. + name: code + required: true + description: Use this command to complete the authorization process. After copying the authorization code found in the query parameter `code` of the callback URL, paste the value in the command as an argument to finish the process. + name: cisco-webex-oauth-complete + - arguments: + - auto: PREDEFINED + description: The user to complete authorization. + name: user + predefined: + - 'admin' + - 'compliance_officer' + required: true + description: Use this command to complete the authorization process. After copying the authorization code found in the query parameter `code` of the callback URL, paste the value in the command as an argument to finish the process. + name: cisco-webex-oauth-test + - arguments: + - auto: PREDEFINED + defaultValue: 'false' + description: If true, the command will create events, otherwise it will only display them. + name: should_push_events + predefined: + - 'true' + - 'false' + required: true + - description: Maximum number of events to return. + name: limit + - description: Date in ISO format (2023-10-01T20:33:22.123Z) to return events from. + name: since_datetime + description: Gets admin audit events from Cisco Webex. + name: cisco-webex-get-admin-audit-events + - arguments: + - auto: PREDEFINED + defaultValue: 'false' + description: If true, the command will create events, otherwise it will only display them. + name: should_push_events + predefined: + - 'true' + - 'false' + required: true + - description: Maximum number of events to return. + name: limit + - description: Date in ISO format (2023-10-01T20:33:22.123Z) to return events from. + name: since_datetime + description: Gets security audit events from Cisco Webex. + name: cisco-webex-get-security-audit-events + - arguments: + - auto: PREDEFINED + defaultValue: 'false' + description: If true, the command will create events, otherwise it will only display them. + name: should_push_events + predefined: + - 'true' + - 'false' + required: true + - description: Maximum number of events to return. + name: limit + - description: Date in ISO format (2023-10-01T20:33:22.123Z) to return events from. + name: since_datetime + description: Gets events from Cisco Webex. + name: cisco-webex-get-compliance-officer-events + dockerimage: demisto/python3:3.10.13.83255 + isfetchevents: true + runonce: false + script: '' + subtype: python3 + type: python +"marketplaces": ["marketplacev2"] +fromversion: 6.12.0 +tests: +- No tests (auto formatted) diff --git a/Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/CiscoWebexEventCollector_description.md b/Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/CiscoWebexEventCollector_description.md new file mode 100644 index 000000000000..c3ebe41834b8 --- /dev/null +++ b/Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/CiscoWebexEventCollector_description.md @@ -0,0 +1,48 @@ +## Cisco Webex Event Collector Help + + +### Cisco Webex Event Collector collects three types of events. +* Admin Audit Events. +* Security Audit Events (user sign-in and sign-out data). See [Fetch security audits](#Fetch-security-audit) more information about these events. +* Events. + +### Users and Clients +In order to fetch all types of events 2 users and 2 applications must be created where each application is associated with one user. +In addition, each application should be defined with a specific scope as follows. + +#### Create two users +1. Admin user +2. Compliance officer user + +Click [here](https://developer.webex.com/) to create and manage the users. + +#### Create two clients +1. Admin client (for `Admin Audit Events` and `Security Audit Events`) associated with the admin user defined and the `audit:events_read` scope. +2. Compliance Officer client (for `Events`) associated with the compliance officer user defined and the `spark-compliance:events_read` scope. + +Click [here](https://developer.webex.com/my-apps) to create and manage the applications. + + +### Each client needs three parameters: +* client ID. +* client secret. +* client redirect URI. + +_Note: The Admin client needs a fourth parameter: `organization ID`._\ +Run [this](https://developer.webex.com/docs/api/v1/organizations/list-organizations) HTTP request (login with admin credentials) to get the organization ID. + +![get_organization_id](../../doc_files/get_organization_id.png) + +### Authentication flow (Oauth) + +Each application (admin and compliance officer) should be authenticated with the following 3 commands. +Each command (of the following three commands) has an argument called **user**, which can be set to `admin` or `compliance officer`. +In order to receive all events, You must run all three commands twice, once with `admin` as your **user** argument value and once with `compliance officer` as your **user** argument value. + +1. Run the ***cisco-webex-oauth-start*** command with the **user** argument - you will be prompted to sign in to Cisco Webex with your username and password. (make sure you sign in with the same user as you defined in the user argument `admin` or `compliance officer`). You will then be redirected to the `redirect URI` you defined in the application. The URL will contain a query parameter called `code`. The value of this query parameter will be used in the next command. +2. Run the ***cisco-webex-oauth-complete*** command with the **user** and **code** arguments The **user** argument should be set to the same value as in the previous command (`admin` or `compliance officer`). The **code** argument should be set to the value returned in the code query parameter from the previous command. +3. Run the ***cisco-webex-oauth-test*** command with the **user** argument. The **user** argument should be set to the same value as in the previous command (`admin` or `compliance officer`) to ensure connectivity to Cisco Webex. + +### Fetch security audits +This API requires Full Admin Permission. +In order to fetch security audit events, pro pack needs to be installed on the Webex instance. diff --git a/Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/CiscoWebexEventCollector_image.png b/Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/CiscoWebexEventCollector_image.png new file mode 100644 index 0000000000000000000000000000000000000000..74f6e9586a9f7b8b68fb1b609b62698471baf7ee GIT binary patch literal 8307 zcmZ{J1yohv_U@sPE~UG>8)>8kq@=sMJ3JzB5GesEk&u?|loF)7Q>42~@Gb6t{O*1C zjsF{refDOrwf5R;t~uxTeRD^tzm&&BBSC{eAef2@vai6|7aTmO$ly1nfN~ZBfzz~; zkx{p^uz*0AM&8A#DZ^_J^u$^z2&hNLK~a4)UT-rU4CTNVNku>G{}|&NJ>h>TJDQ`N zMRf}=b&k0xD_dgwR2KQ0{#3E{Dua`V8Y?^WaNRwG?67swClpJLkmd+koy&=pTXe(3 z$lxmAbG9kY(s4%#DLw8~jgY~ycF2ob_>|K6b@!RdOL6b3S0xyRl!mG=!cWwECsGqS z^eu|RD;&Q+rE?Iii)&FktoJ3jQFpKVS&*QqD(-O3MsNO`)IBSHV&b>FJJnRa%|b)m zih#IF+zczRhw#r`3oJ7d-pI3?_%IkMZ?8X*~+@U2P70y)Q`=WFiD+sO|Hr6s!@PGM6F zS0CS$(f0anh>tL-xBFz&SFKN~g$|>v=G?-CJ+X-GB3pk8tW0I0@JbZ|@n?WQLc<`C zTW~9M8v^m-fh5A~=V(Rc>E~)i^{)*S8i>&}aPH-abx;MvBEfgbj#)gpN=odXzd;Vu#)9_VA+S-{nZM&P?*$~5zx7PF# z3^c9@Bxcu^{(K2eyF2V(8f)nU=?tsT`@80-h2$;X3L;_*Exe$k@V5a`eJM?y-RHB8}d`jr-CyuHNU?L?`P$&B6x2~N*ve#-(eRFbN`{cCJU z*Rw2UQR5fz7y3#&%gp0`AEG?#OZ3w4MUKoc)LR(UXM==)q-hfOnNkPB#XkIo&z8FX z4faO=f885jC)a-km!_h77Z*nJ+0!8Cpmy*F2gUl~^Vu!Jnk6AOo+AD^1t>)7U2t35 z4lU(Ws$~p|vX+ZROXIuSZu*eB-RE>3!gl(sdZ}g)^dK) zLVnW>8}(nB?^vxRpx_Y=89lSme${?_^m9^O#tp`{N>=%N5kYQI5VlI4IOyjaM_`6X zbmZg$Rf{5aq84STr|UZ}+9+0-ijg+N`BXn<-7uPc%oNIr;Vcx7X4Wl}dxxJioNa0( zS3+pvly++;*w!WC(nt1*%xPYQY-Ic|asw`#&X<;^8~f_~;C*&Qcf3;$BgF8=QpT`_Sjy&$P;F&M7XBD#G>Ab+Y*mLQ6asd~D^LVVOJc?vR6I$1j|Z8`{Z7 zQq~`=vuc0j6^{IV7JNHn6&?)dI6lpeYREhWfe`a3%1UYZ&L3p>1!`&69kp*|knj>D z3Cnfjz$=6zcHqRlKty0a_^v&Axi%~GWyafg7IqL&&Z)HUD>M}07rtN2@+EWOs=O<_ zC2F`vTo_ka9G6UAMx2(th|Q7&jEosSu5IRSEdM4*d@E7wa{g|=H6-9$>x_PLPGqDj zE+N}wRx<+O$x3uIqRDE5!ZFf^e=e{FVxRclSKL*+w95QaG}@IrUR@2F?id%^b;)nI zpd0d4tQ6kfQlQs}xo_;fPRy>VO6csA_B85UKRGTjxkuB!x7zCyezM#m*iAYB?>J|( zdhsR)^`sKbg0uSg`-MOg!#k9%DVdfaM?sg*e?GY9;&qLw7`~5H7VU9Y+fQ1w{rj|z z(nPu4H}Go7XEFHh;5tyeto2eqnN1HmWPR7z?DaCkYdXaRi|fFMv)2KGPgP1oOY&>6 z)awSG?`2&gyhk1hn`3_NS1&fnnWgJ*saPV-xB2#h>+T$czfkf+;98Jil}LRpw5}S^VerXg`$tY-LC( zwYp5?kmQV%C%Smoh(X(kqR!&t2GN;E>{S*PLxA@G#R022+VS;xvO*E!N4q)jVurT)N2| zoN;Xo87bVjHvz}Z#n+}z=vmIrz!x6W;Ls(daO@G_#SsEUd}RIVB=z?&Gu=@wB>HT)Z!W?e@YqPr ze-?RYie-HECW|!r`1l|=PoK(3OG}Fq<7VgQBWI1ENP2qmot&JIV^!tnhfhx*Lt)X; zv%r)Wm0IX2u}q3H$s!;9>iBQLz#iQC>sCr>ZI*j4rC@&oeVJ z$QGTiVy9i4oW2$oMkXZS>Fet&sHrh>a>jBPHGSgAR*x($X7Myap<-YNZ)j-1+RANe zB57a24xQMceEio^v1k`R`x;$U|9;(l3Rf zrWbyr(6Q~w_!ZWOf)L&}jA#;;GDA|(CnVGbFu4gSUiAP<={c@2&2Pv})VB5kysiEh z_7nm8+|UjxnFuVawa$04a&mHgd;$VIcH?y3hl^2>T;|=V%fWX}WLWZHh8`ZgS1TbB z2KCN8Ypz@_%VMWzXK+l+%xiNtSynx;r;{@?2w#}cmYRLGuG;@T#}+$=jE#-i&|e*| zb%|XqdaxNaeGCsrmJKT`Wa4Pv=lL9Xs#w;znO2=}cTm5=WAOu{?cvsegp{;v-nw$M z*~cYcCAHJYXX)LPJv|WykJCI~+wCqZfgCj>V?_JIML8V-L zU{#)XA8W7JUMn@uIIXy4fCW1+`KwyfdzjE3M4D_=V-r0~_)s$2?k9Pkt zL>rBoy%pWvs~`!<$qZIjR@V2xGpZl3DYdmXq8LBpw6D0-UEFMCMGslyONL_*)3o0V zxeV(|0Owu~x>~~O)m2xg0$V2HVAQXg2w=15V7Xb{L*k9;N{Gv*@t z_%o3){Q?D>f~_}}k`Nd7DU}`^yX-X+xmKry*XRLs!OE($oEL68W1Fhnh0nh)nh361 z4VImal(U_R;g)<6GcrjnamWl_vhlUJ@u zd$8y3L4~7!Dvd^j*1?26*NVTh!uwEj16>s7wndb>l36f< zgBzk$^VZjGYU-+bGEC%r=tew^Lu8DwjSaZ9=eB#( z-wrGVoaPBmgo!Y!+}3}1yQd4f2was@%Y>U&&s}fl#=dU#=f_!|`0TeyJY8lqFkkDS z*W}3zq7CW$))}|Yq2ccC?tCpN+B+QFs_JULjU?UcU(uYeYix1x8DDlg*CV+8xpo5^ zt4f8#wby!g*u3eRkeHatYl8(Qw*WQ`JnlfTw6Q@L9Uc9?SKj{8!GRTo0hrnSCw&S; zT}S7~VxtEx?#oP(o>IMP72c5b7(w^@i-U`jE3nIb zo6|p{3p9fr(@U5M!e+U7%dYb(YNhctPa=AP26%4j%ai5%rf<_W=GBZ7KgAv<=WVnn zPHyE#*>sBR_;118RE)B2b^hv!?lG@KrMkJf`E?P@X`-vk*x1+zuV8Oq+}+!YPDLyK z;p66}wPsmkqh49dsS;fGnrk1SNg#D_yUCCD#1?7Q%$oV1@+&ZbL7&C;;%gj5Fp$Ja zy+!_6X4FixdmAY3clwi2PJ;lBPF&o$&T($MY^AukA1rY`=B}i?4X=KIJru-Ws+XMX za^RV&$4fjsyu6AE^<}>;@=E=0o6l;T4CqW)B%#G|#Vn?foKSPP9vC}w_?x$4xU7QD z=cK9(x<(O9!z3jMIu9gE9=rK-DPa7`h9aPzuE6ik?AB4%UKKt)7-(DV&p7=B`4X?*aIA0c(m3@Fh z;j2TO?tk|8oB!&LI+!Qtw;Ok0UL_;4qOJsY|2g&FEk- ztE&;Ke{xWp_f{duk0 zvXT;!ptE7K4=W7MEwrS#nCE^#;CyGIKqjOH69E~6YbhgFJ{AuZQOJA$lU`f!z5kC7 zY?o;D?_@*&AIl$wo^GqMy3*hgwNMbPS-hvs~VR??U&iu{4z_Wb<}VRw#QsJlKb z!EK&_>u34o1Mt*d=lb=lyPL}emy^5unwpwVBx3-4o4gNT0~<8JS5Hsf>ztRA0Q{%r zS2`^SPzA=>^QN-1vs>SJd3kM`3lj#4Q#O^QlVGlTH;<&Ee~6CmvaSY}JMnKtgntw1 zlO^VtkO;ixs(ArbM?2|cy_YxSA#j4k($dluq&)A}D|8LzGW1hr?z1+b-t#I3js#O# z<^ihsw9n0|kB2&FYwT6K3$wWziI|uQi<2@p*eCgsBabX|^Ou!7re$hWqjH$O6wa1D zL$=H?!K!sxY4a7Mz@iZATW$>ycKd}mH8rKBr3HygPghn^!N7`m3x|NL4nowH|NEpX>AWnvzv^$iSE_sl9^kMgnq zT6$T)OOxYW=2IV!ZYF5=Gl8C=5dwmHy?R6(9YtXHg)3o6=T{Au2sLJ0>)Vee*I)L9 zXrG^G3Dm3mZWHCyhUFS|+UY7vO_c6S%y%anUA!kx?wn_rpEb}RG~R%r!NQrICHx}$ zZ7C!~>3O)A`fz{eal9(U!pb_=8XyROy`ZuZS9O9&!10stn@9Er-e7WavI6iBLk>c1 zZEeX}!#cU(goFfj?WbK_eM3VVwKK+GTWWceY-j`o1fXQ0T@l#pXE*b5!}IDI8fF~O zygWKGEEGjWMe7?7$bN^7Tj~TG8AsmDOSbb@TS-8Lf$W)ynkq^4owdB>G1zH4GjI_X z2>N`A0`+qrcdkTd)G<)Y4Z0SkK~`97X`+p33kSVqaBMqFMb| zrld@io3wjdb(oHxS5vo`u)?HAK0hB~-|CLS_uLup!6?nZZZYPpwjRm>v>)~E0tJig zOK~wQCx>R)e~iI8eca-@A7_)1Jv zCss8{jj>X!X+nOFs~S~;6#i_z{k6#)d-*Z4Su&0HKUKS(pa11si=&nq6gp2a3H~X# z5@_*qKDFBrfc54UNbJ05K#DLTV^cWxTUlF==gQA!iuxX}>d|V`NXyB+v$GC~?C)3F z9LaJ)))?*vkFa~u=qQlx*MGE7&k4*TDbxwDunKDd>zy>2kn5LB>kt5wfe$xZ5RfrW zcT39Mf#^-&K!3)@H9}5~7Z_!<#*%XRyrURNi*z>UST6^4KIc0zlExU~x<0of+()j~ zFl-GS0%g8nTC^#=m>gjZHY}|Ye6}%9b<9w_4t9}e=;0{%N)+JfCow-BJw3hr!3<#!8X6niG303YdU{*7Z#u`w zkRiNj^AdcrN~-J%wWp5s1PBlL3~W<}6L%FEm)Qq}0)oi!_N*{?SPxnqQ5of7wgK$^ zh^AqPASF3D4d1L*f5_FGluy-Sdo=rzgW=*Qr>8G)#Q1Jy`c&DD(O{7YNm^Oa1J#2K zz&TGXOPr6NztV1k0Z7O(uS{K&pd=*pXP?%3dDkxd{Weo=9@%2w;Nb7;lXU_@!gOYp zlBxdts}+~Szs1GwBhRlY9Orldm@>1nS^(Jpy|tAXA1|eMi1zc@XW|6UTksI`mV z=1d@7j-O11yUdBZ%uKL+Yv_9)WH$U4f3uCXE=8Ph#0e$uEKFwHPrA|f#}WPrW;5Nz z?LmUOYBpW$z5c7R8~ucG&Nwsdq`rrB@tYCT%l$drx#aV6PhM6}1`xqRrRW8`oalrc z`xQg)&&&2*P% zStE=<2E>8q!O2eWrHcAE%LV}4;jy1&s$PDoYe>z{&%YAEG7_fw?r)|wJ?{%l8$!MT zJ58s1j+Vbx6s2YZB&lpp=#z$`~#;&XDvgXrja)fhbY==HWDoKimM& zE3Ah|K+ypQ*Z*=~(b?HqRJe<4w#Bd7Z``}l5Q9>@MdoZi{QmB$I`GCFZghq|HRARze6EG#qxXz{73KO5ZE8+MCJg3pIN z6&0ThB(nqFOU@@KxbEG&v(hdBL;wZ}A8K?DbY{d$uHp|4yFa-z}Ql+FIrc{D>DZWfOCmv==66%jtNPnd9G?#o^i@weNec4oJi zP&jzxkF{Y!zc5WTF?n*GJY%ZHa7~P}I>vUXRN1Kw$4HDc9fcg*_shKvx34vzoWCeZ z38(hpd*z^3?3TFXe?qj*~iHV5_VVozN26gX2BL5LXYSW|woZEDxKMBAY_+MU0 z2{zXlea#6>`;#_Sj0T8oG0vOEuqk+%i5R!P?`UUh8|Tt?^8#SIC9oz9&7<6d4Ou4w z|MCN=UXG5evS}wjeK2w=nzN0Gh6YH*#P{zp&W>gbJz}(UbYPKva+nWKDna=tnZu~R zJmlU1NCb-5h`~XX>2C(|-rfSB>Xjkn22C;cj{+k>9R@mOA9I}fR4)7L*LSrJGwwZ4 zb-8SY$#|3RcM7sjK>>){s-NJosN;XW{buE8tB24euc#=B(Af9Q`1q@59EN?sWBjhy zA~@5wv*2Mlk9rjtsPE^`wHU$W$ASTHez2nJ<1XwW^sq-J1*%4a>4LEf&do!PGQ-C@ zf&2vd?dDYO?Cfhmu*9>lySO;;{%A_c(mb@vym)~O zDmnm@U_iw1Y9z$Rzgal2?tmiYef^rfCj!i9*L(?9_X!C1p`jsAJ6yZEBNlR{QcmI6 zXuVpd6%jo;nR%1O;_TNJuP!9qBu@piZ5D}W^P`h|_a0G7TuXC2P&W%Fwn!cJ7?bNJSH^2 z2Y#%dfSRDLp&L@}ix}w{FCZ0kjl7;lMMaT``NpX;b$iW#(tfPOhlPWD&4QO83t-@a zjGhF_De(Z|fG>jjDyS@i$mx1d%sYsVOK34B!Hv-+sjUqNx!=Wu;NFFK7KmfR}JU_}ZJ`(vco z=*n$$vcGT!ni#6gbSehmlcJ8*Yej2SRR{~XMuosd*g+7%6&yH7zyX0EB!ojyz!?u5 zvR~l;X+^B~g7D8Z-22ClQkpV~ir}ni;cjK+>|yKT`J_L+2i&0dlzZ)IY36Aq0$RWc z!o$VG%g)Wi&cm<8B`CtnFTyXx%EcwZ#dWr!-v3_%oLnsJto{D~1E3At-e3UJzi05Y zbF%XAGy`AQ{+~&Nz&!smNyHwDF&KmQIL6A?&RRqc{HR%5dsulwcmy;_bF4rs@xNQu z?R>2qU(15$I(yi;I77I3xVXAW=ypLTqW|us_n%I@!UC&A4o^TI+JE=a_ONo70i|&( zXV3q!6$b~$e{99tm-cA9f2{<3ycMx{ literal 0 HcmV?d00001 diff --git a/Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/CiscoWebexEventCollector_test.py b/Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/CiscoWebexEventCollector_test.py new file mode 100644 index 000000000000..a8d0ac53be1b --- /dev/null +++ b/Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/CiscoWebexEventCollector_test.py @@ -0,0 +1,308 @@ +import json +import datetime +import pytest +import requests_mock +from freezegun import freeze_time + +""" UTILS """ + + +def util_load_json(path: str) -> dict: + with open(path) as f: + return json.load(f) + + +def util_load_text(path: str) -> str: + with open(path) as f: + return f.read() + + +def mock_get_access_token(): + return { + "access_token": "123456", + "expires_in": 1111, + "refresh_token": "123456", + "refresh_token_expires_in": 2222, + } + + +def mocked_admin_client(): + from CiscoWebexEventCollector import AdminClient + + class MockAdminClient(AdminClient): + def get_access_token(self): + return '' + + return MockAdminClient( + 'https://url.com', + False, + False, + '1', + '1', + 'https://redirect.com', + 'admin_scope', + '1', + ) + + +def mocked_compliance_officer_client(): + from CiscoWebexEventCollector import ComplianceOfficerClient + + class MockComplianceOfficerClient(ComplianceOfficerClient): + def get_access_token(self): + return '' + + return MockComplianceOfficerClient( + 'https://url.com', + False, + False, + '1', + '1', + 'https://redirect.com', + 'co_scope', + ) + + +""" TEST HELPER FUNCTION """ + + +@freeze_time("2023-12-20 13:40:00 UTC") +def test_create_last_run(): + """ + Given: + - An expected `last_run` dict. + When: + - create_last_run function is running. + Then: + - Validates that the function creates a dict with the expected items. + """ + from CiscoWebexEventCollector import create_last_run + + expected_result = { + 'admin_audits': {'since_datetime': '2023-12-13T13:40:00.000Z', 'next_url': ''}, + 'security_audits': {'since_datetime': '2023-12-13T13:40:00.000Z', 'next_url': ''}, + 'compliance_officer_events': {'since_datetime': '2023-12-13T13:40:00.000Z', 'next_url': ''}, + } + + assert create_last_run() == expected_result + + +@freeze_time("2023-12-20 13:40:00 UTC") +def test_date_time_to_iso_format(): + """ + Given: + - A datetime object with freeze time set to '2023-12-20 13:40:00'. + When: + - date_time_to_iso_format function is running. + Then: + - Validates that the function returns a string is ISO format as expected. + """ + from CiscoWebexEventCollector import date_time_to_iso_format + assert date_time_to_iso_format(datetime.datetime.utcnow()) == '2023-12-20T13:40:00.000Z' + + +def test_add_fields_to_events(): + """ + Given: + - lists of events of the following types. + 1. Admin Audit Events. + 2. Admin Audit Events. + 3. Events. + When: + - add_fields_to_events function is running. + Then: + - Validates that the function adds the fields as expected. + """ + from CiscoWebexEventCollector import add_fields_to_events, COMMAND_FUNCTION_TO_EVENT_TYPE + + admin_audits = util_load_json('test_data/admin_audits.json').get('items') + security_audits = util_load_json('test_data/security_audits.json').get('items') + compliance_officer_events = util_load_json('test_data/events.json').get('items') + + assert not any(key in admin_audits[0] for key in ('_time', 'source_log_type')) + assert not any(key in security_audits[0] for key in ('_time', 'source_log_type')) + assert not any(key in compliance_officer_events[0] for key in ('_time', 'source_log_type')) + + add_fields_to_events(admin_audits, 'Admin Audit Events') + add_fields_to_events(security_audits, 'Security Audit Events') + add_fields_to_events(compliance_officer_events, 'Events') + + assert admin_audits[0]['_time'] == admin_audits[0]['created'] + assert admin_audits[0]['source_log_type'] == COMMAND_FUNCTION_TO_EVENT_TYPE.get('get_admin_audits') + assert security_audits[0]['_time'] == security_audits[0]['created'] + assert security_audits[0]['source_log_type'] == COMMAND_FUNCTION_TO_EVENT_TYPE.get('get_security_audits') + assert compliance_officer_events[0]['_time'] == compliance_officer_events[0]['created'] + assert compliance_officer_events[0]['source_log_type'] == COMMAND_FUNCTION_TO_EVENT_TYPE.get('get_compliance_officer_events') + + +@pytest.mark.parametrize('latest_datetime_previous_fetch, expected_datetime', [ + ('2023-12-04T07:40:06.680Z', '2023-12-04T07:40:06.691Z'), + ('2023-12-04T07:40:06.695Z', '2023-12-04T07:40:06.696Z'), +]) +def test_increase_datetime_for_next_fetch(latest_datetime_previous_fetch, expected_datetime): + """ + Given: + - A list of events and a string represents a datetime from the previous fetch. + 1. the datetime from the previous fetch is earlier than the latest event in the list of events. + 2. the datetime from the previous fetch is later than the latest event in the list of events. + When: + - increase_datetime_for_next_fetch function is running. + Then: + - Validates that the function returns the latest event time + a timedelta of 1 millisecond. + """ + from CiscoWebexEventCollector import increase_datetime_for_next_fetch + events = util_load_json('test_data/events.json').get('items') + assert increase_datetime_for_next_fetch(events, latest_datetime_previous_fetch) == expected_datetime + + +""" TEST COMMAND FUNCTION """ + + +@pytest.mark.parametrize('client, expected_url', [ + (mocked_admin_client(), + 'https://url.com/authorize?response_type=code&scope=admin_scope&client_id=1' + '&redirect_uri=https%3A%2F%2Fredirect.com'), + (mocked_compliance_officer_client(), + 'https://url.com/authorize?response_type=code&scope=co_scope&client_id=1&redirect_uri=https%3A%2F%2Fredirect.com'), +]) +def test_oauth_start(client, expected_url): + """ + Given: + - An AdminClient and a ComplianceOfficerClient. + When: + - oauth_start function is running. + Then: + - Validates that the expected URL is in the result. + """ + from CiscoWebexEventCollector import oauth_start + results = oauth_start(client) + assert expected_url in results.readable_output + + +@pytest.mark.parametrize('client', [mocked_admin_client(), mocked_compliance_officer_client()]) +def test_oauth_complete(client): + """ + Given: + - An AdminClient and a ComplianceOfficerClient. + When: + - oauth_complete function is running. + Then: + - Validates that the expected text (`Logged in successfully.`) is in the result. + """ + from CiscoWebexEventCollector import oauth_complete + + with requests_mock.Mocker() as m: + m.post( + 'https://url.com/access_token?grant_type=authorization_code&code=123456&client_id=1&client_secret=1' + '&redirect_uri=https%3A%2F%2Fredirect.com', + json=mock_get_access_token() + ) + results = oauth_complete(client, {'code': '123456'}) + + assert 'Authorization completed successfully.' in results.readable_output + + +@pytest.mark.parametrize('client', [mocked_admin_client(), mocked_compliance_officer_client()]) +def test_oauth_test(client): + """ + Given: + - An AdminClient and a ComplianceOfficerClient. + When: + - oauth_test function is running. + Then: + - Validates that the expected text (`### Test succeeded!`) is in the result. + """ + from CiscoWebexEventCollector import oauth_test + + with requests_mock.Mocker() as m: + m.get('https://url.com/adminAudit/events', text=util_load_text('test_data/admin_audits.json')) + m.get('https://url.com/events', text=util_load_text('test_data/events.json')) + result = oauth_test(client) + + assert result.readable_output == '```✅ Success!```' + + +@pytest.mark.parametrize('command_function, args', [ + (mocked_admin_client().get_admin_audits, {}), + (mocked_admin_client().get_security_audits, {}), + (mocked_compliance_officer_client().get_compliance_officer_events, {}), +]) +def test_get_events_command(command_function, args): + """ + Given: + - Three types of events to fetch. + When: + - get_events_command function is running. + 1. with event type `Admin audits` + 2. with event type `Security audits` + 3. with event type `Events` + Then: + - Validates that the function works as expected. + """ + from CiscoWebexEventCollector import get_events_command, COMMAND_FUNCTION_TO_EVENT_TYPE + + with requests_mock.Mocker() as m: + m.get('https://url.com/adminAudit/events', text=util_load_text('test_data/admin_audits.json')) + m.get('https://url.com/admin/securityAudit/events', text=util_load_text('test_data/security_audits.json')) + m.get('https://url.com/events', text=util_load_text('test_data/events.json')) + command_results, events = get_events_command(command_function, args) + + assert len(events) > 0 + assert COMMAND_FUNCTION_TO_EVENT_TYPE.get(command_function.__name__) in command_results.readable_output + + +@freeze_time("2023-12-20 13:40:00 UTC") +def test_fetch_events(): + """ + Given: + - An AdminClient and a ComplianceOfficerClient. + When: + - fetch_events function is running. + Then: + - Validates that the function returns + 1. A list of events and a dict with fetch data including a `next_url` link. + 2. The second interval of fetch_events uses the `next_url` link from the previous fetch, + and returns an empty list of events and a dict with fetch data including a `next_url` link set to an empty string. + """ + from CiscoWebexEventCollector import create_last_run, fetch_events + + with requests_mock.Mocker() as m: + m.get( + 'https://url.com/adminAudit/events?orgId=1&from=2023-12-13T13%3A40%3A00.000Z&to=2023-12-20T13%3A40%3A00.000Z&max=1', + text=util_load_text('test_data/admin_audits.json'), + headers={'Link': '; rel="next"'} + ) + m.get( + 'https://url.com/admin/securityAudit/events?orgId=1&startTime=2023-12-13T13%3A40%3A00.000Z&' + 'endTime=2023-12-20T13%3A40%3A00.000Z&max=1', + text=util_load_text('test_data/security_audits.json'), + headers={'Link': '; rel="next"'} + ) + m.get( + 'https://url.com/events?from=2023-12-13T13%3A40%3A00.000Z&to=2023-12-20T13%3A40%3A00.000Z&max=1', + text=util_load_text('test_data/events.json'), + headers={'Link': '; rel="next"'} + ) + events, next_run = fetch_events(mocked_admin_client(), mocked_compliance_officer_client(), create_last_run(), 1, True) + + assert len(events) > 0 + assert next_run == {'admin_audits': {'next_url': 'https://url.com/adminAudit/events?nexturl=true', + 'since_datetime': '2023-12-20T09:33:26.409Z'}, + 'compliance_officer_events': {'next_url': 'https://url.com/events?nexturl=true', + 'since_datetime': '2023-12-13T13:40:00.001Z'}, + 'security_audits': {'next_url': 'https://url.com/securityAudit/events?nexturl=true', + 'since_datetime': '2023-12-19T07:01:26.487Z'}} + + with requests_mock.Mocker() as m: + m.get('https://url.com/adminAudit/events?nexturl=true', text=util_load_text('test_data/no_events.json')) + m.get('https://url.com/securityAudit/events?nexturl=true', text=util_load_text('test_data/no_events.json')) + m.get('https://url.com/events?nexturl=true', text=util_load_text('test_data/no_events.json')) + + events, next_run = fetch_events(mocked_admin_client(), mocked_compliance_officer_client(), next_run, 1, True) + + assert len(events) == 0 + assert next_run == { + 'admin_audits': {'next_url': '', 'since_datetime': '2023-12-20T09:33:26.409Z'}, + 'compliance_officer_events': {'next_url': '', 'since_datetime': '2023-12-13T13:40:00.001Z'}, + 'security_audits': {'next_url': '', 'since_datetime': '2023-12-19T07:01:26.487Z'} + } diff --git a/Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/README.md b/Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/README.md new file mode 100644 index 000000000000..3461a305e21e --- /dev/null +++ b/Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/README.md @@ -0,0 +1,173 @@ +Cisco Webex Event Collector fetches Events and Admin Audit Events and Security Audit Events. +This integration was integrated and tested with version 1 of CiscoWebex API. + +## Configure Cisco Webex Event Collector on Cortex XSOAR + +1. Navigate to **Settings** > **Automation & Feed Integrations**. +2. Search for Cisco Webex Event Collector. +3. Click **Add instance** to create and configure a new integration instance. + + | **Parameter** | **Description** | **Required** | + | --- | --- | --- | + | URL | | True | + | Admin APP Client ID | Admin APP Client ID and Secret. | True | + | Admin APP Client Secret | | True | + | Admin APP Redirect URI | | True | + | Admin Org Id | | True | + | Compliance Officer Client ID | Compliance Officer Client ID and Secret. | True | + | Compliance Officer Client Secret | | True | + | Compliance Officer Redirect URI | | True | + | Trust any certificate (not secure) | | False | + | Use system proxy settings | | False | + | Fetch security audit events | In order to fetch security audit events, pro pack needs to be installed on the Webex instance. | False | + | Maximum number of events per fetch | | False | + +4. + 1. Run the ***cisco-webex-oauth-start*** command with the **user** argument - you will be prompted to sign in to Cisco Webex with your username and password. (make sure you sign in with the same user as you defined in the user argument `admin` or `compliance officer`). You will then be redirected to the `redirect URI` you defined in the application. The URL will contain a query parameter called `code`. The value of this query parameter will be used in the next command. + 2. Run the ***cisco-webex-oauth-complete*** command with the **user** and **code** arguments The **user** argument should be set to the same value as in the previous command (`admin` or `compliance officer`). The **code** argument should be set to the value returned in the code query parameter from the previous command. + 3. Run the ***cisco-webex-oauth-test*** command with the **user** argument. The **user** argument should be set to the same value as in the previous command (`admin` or `compliance officer`) to ensure connectivity to Cisco Webex. + +## Commands + +You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. +After you successfully execute a command, a DBot message appears in the War Room with the command details. + +### cisco-webex-oauth-start + +*** +Use this command to start the authorization process. In order to authorize the instance, first run the command, and complete the process in the URL that is returned. You will then be redirected to the callback URL where you will copy the authorization code found in the query parameter `code`, and paste that value in the command `!cisco-webex-oauth-complete` as an argument to finish the process. + +#### Base Command + +`cisco-webex-oauth-start` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| user | The user to start authorization. Possible values are: admin, compliance_officer. | Required | + +#### Context Output + +There is no context output for this command. +### cisco-webex-oauth-complete + +*** +Use this command to complete the authorization process. After copying the authorization code found in the query parameter `code` of the callback URL, paste the value in the command as an argument to finish the process. + +#### Base Command + +`cisco-webex-oauth-complete` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| user | The user to complete authorization. Possible values are: admin, compliance_officer. | Required | +| code | The authorization code retrieved from the callback URL according to the documentation. | Required | + +#### Context Output + +There is no context output for this command. +### cisco-webex-oauth-test + +*** +Use this command to complete the authorization process. After copying the authorization code found in the query parameter `code` of the callback URL, paste the value in the command as an argument to finish the process. + +#### Base Command + +`cisco-webex-oauth-test` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| user | The user to complete authorization. Possible values are: admin, compliance_officer. | Required | + +#### Context Output + +There is no context output for this command. +### cisco-webex-get-admin-audit-events + +*** +Gets admin audit events from Cisco Webex. + +#### Base Command + +`cisco-webex-get-admin-audit-events` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| should_push_events | If true, the command will create events, otherwise it will only display them. Possible values are: true, false. Default is false. | Required | +| limit | Maximum number of events to return. | Optional | +| since_datetime | Date in ISO format (2023-10-01T20:33:22.123Z) to return events from. | Optional | + +#### Human Readable Output + +### Admin Audit Events + +|_time|actorId|actorOrgId|created|data|id|source_log_type| +|---|---|---|---|---|---|---| +| 2023-11-02T09:33:26.408Z | 444444 | 222222 | 2023-11-02T09:33:26.408Z | actorOrgName: panw
targetName: panw
operationType: CREATE
eventDescription: An org setting was created or updated.
actorName: admin@example.com
actorEmail: admin@example.com
settingKey: release_migration
settingName: release_migration
settingValue: "MIGRATED"
trackingId: 111111
previousValue: Null
targetType: ORG
targetId: 222222
actorUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/2.2.2.2 Safari/537.36
eventCategory: ORG_SETTINGS
actorIp: 1.1.1.1
targetOrgId: 222222
actionText: admin@example.com has modified the value of setting release_migration for ORG "panw". New value = "MIGRATED", Previous value = Null.
entityType: ORG
targetOrgName: panw | 333333 | Admin Audit Events | + +#### Context Output + +There is no context output for this command. +### cisco-webex-get-security-audit-events + +*** +Gets security audit events from Cisco Webex. + +#### Base Command + +`cisco-webex-get-security-audit-events` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| should_push_events | If true, the command will create events, otherwise it will only display them. Possible values are: true, false. Default is false. | Required | +| limit | Maximum number of events to return. | Optional | +| since_datetime | Date in ISO format (2023-10-01T20:33:22.123Z) to return events from. | Optional | + +#### Human Readable Output + +### Security Audit Events + +|_time|actorId|actorOrgId|created|data|id|source_log_type| +|---|---|---|---|---|---|---| +| 2023-12-19T07:01:26.486Z | 444444 | 222222 | 2023-12-19T07:01:26.486Z | actorOrgName: panw
eventDescription: A user attempted logging in
actorName: admin@example.com
actorEmail: admin@example.com
authenticationMethod: Non-Interactive
trackingId: 123456
eventStatus: SUCCESS
actorOauthClient: 111111
actorUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
eventCategory: LOGINS
actorIp: 1.1.1.1
actorClientName: Developer Portal
actionText: admin@example.com attempted logging into panw using client (Developer Portal) and Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36. Login status: SUCCESS.
failedReason: | 333333 | Security Audit Events | + +#### Context Output + +There is no context output for this command. +### cisco-webex-get-compliance-officer-events + +*** +Gets events from Cisco Webex. + +#### Base Command + +`cisco-webex-get-compliance-officer-events` + +#### Input + +| **Argument Name** | **Description** | **Required** | +| --- | --- | --- | +| should_push_events | If true, the command will create events, otherwise it will only display them. Possible values are: true, false. Default is false. | Required | +| limit | Maximum number of events to return. | Optional | +| since_datetime | Date in ISO format (2023-10-01T20:33:22.123Z) to return events from. | Optional | + +#### Human Readable Output + +### Events + +|_time|actorId|created|data|id|resource|source_log_type|type| +|---|---|---|---|---|---|---|---| +| 2023-11-05T13:33:46.417Z | 222222 | 2023-11-05T13:33:46.417Z | id: 333333
roomId: 444444
roomType: group
personId: 222222
personEmail: ksolberg@paloaltonetworks.com
personDisplayName: Kfir Solberg
personOrgId: 555555
isModerator: false
isMonitor: false
isRoomHidden: false
created: 2023-11-05T13:33:46.417Z | 111111 | memberships | Events | created | + +#### Context Output + +There is no context output for this command. diff --git a/Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/command_examples b/Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/command_examples new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/test_data/admin_audits.json b/Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/test_data/admin_audits.json new file mode 100644 index 000000000000..494ae8b0d279 --- /dev/null +++ b/Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/test_data/admin_audits.json @@ -0,0 +1,32 @@ +{ + "items": [ + { + "data": { + "actorOrgName": "panw", + "targetName": "panw", + "operationType": "CREATE", + "eventDescription": "An org setting was created or updated.", + "actorName": "admin@example.com", + "actorEmail": "admin@example.com", + "settingKey": "release_migration", + "settingName": "release_migration", + "settingValue": "\"MIGRATED\"", + "trackingId": "111111", + "previousValue": "Null", + "targetType": "ORG", + "targetId": "222222", + "actorUserAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/2.2.2.2 Safari/537.36", + "eventCategory": "ORG_SETTINGS", + "actorIp": "1.1.1.1", + "targetOrgId": "222222", + "actionText": "admin@example.com has modified the value of setting release_migration for ORG \"panw\". New value = \"MIGRATED\", Previous value = Null.", + "entityType": "ORG", + "targetOrgName": "panw" + }, + "created": "2023-12-20T09:33:26.408Z", + "actorOrgId": "222222", + "id": "333333", + "actorId": "444444" + } + ] +} \ No newline at end of file diff --git a/Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/test_data/events.json b/Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/test_data/events.json new file mode 100644 index 000000000000..f557f5983a63 --- /dev/null +++ b/Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/test_data/events.json @@ -0,0 +1,112 @@ +{ + "items": [ + { + "id": "111111", + "resource": "memberships", + "type": "created", + "actorId": "222222", + "created": "2023-11-05T13:33:46.417Z", + "data": { + "id": "333333", + "roomId": "444444", + "roomType": "group", + "personId": "222222", + "personEmail": "ksolberg@paloaltonetworks.com", + "personDisplayName": "Kfir Solberg", + "personOrgId": "555555", + "isModerator": false, + "isMonitor": false, + "isRoomHidden": false, + "created": "2023-11-05T13:33:46.417Z" + } + }, + { + "id": "666666", + "resource": "messages", + "type": "created", + "actorId": "222222", + "created": "2023-11-05T13:33:47.045Z", + "data": { + "id": "777777", + "roomId": "444444", + "roomType": "group", + "text": "👋 Welcome to Webex! But, more importantly, welcome to where you'll do the best work ever. In Spaces, you can send messages, share files, set up meetings, and even meet instantly with other people in the space. Pretty cool, right? Try sending a few practice messages, GIFs or files - you can even edit, react and reply to messages. Have some fun! If you’re looking for more, visit help.webex.com or join the Webex Community.", + "personId": "222222", + "personEmail": "ksolberg@paloaltonetworks.com", + "created": "2023-11-05T13:33:47.045Z" + } + }, + { + "id": "888888", + "resource": "memberships", + "type": "created", + "actorId": "999999", + "created": "2023-11-05T15:54:06.683Z", + "data": { + "id": "101010", + "roomId": "202020", + "roomType": "group", + "personId": "999999", + "personEmail": "n@paloaltonetworks.com", + "personDisplayName": "Meital A", + "personOrgId": "555555", + "isModerator": false, + "isMonitor": false, + "isRoomHidden": false, + "created": "2023-11-05T15:54:06.683Z" + } + }, + { + "id": "303030", + "resource": "messages", + "type": "created", + "actorId": "999999", + "created": "2023-11-05T15:54:07.336Z", + "data": { + "id": "404040", + "roomId": "202020", + "roomType": "group", + "text": "👋 Welcome to Webex! But, more importantly, welcome to where you'll do the best work ever. In Spaces, you can send messages, share files, set up meetings, and even meet instantly with other people in the space. Pretty cool, right? Try sending a few practice messages, GIFs or files - you can even edit, react and reply to messages. Have some fun! If you’re looking for more, visit help.webex.com or join the Webex Community.", + "personId": "999999", + "personEmail": "n@paloaltonetworks.com", + "created": "2023-11-05T15:54:07.336Z" + } + }, + { + "id": "505050", + "resource": "memberships", + "type": "created", + "actorId": "808080", + "created": "2023-12-04T07:40:06.015Z", + "data": { + "id": "606060", + "roomId": "707070", + "roomType": "group", + "personId": "808080", + "personEmail": "co@example.com", + "personDisplayName": "D Smith", + "personOrgId": "555555", + "isModerator": false, + "isMonitor": false, + "isRoomHidden": false, + "created": "2023-12-04T07:40:06.015Z" + } + }, + { + "id": "909090", + "resource": "messages", + "type": "created", + "actorId": "808080", + "created": "2023-12-04T07:40:06.690Z", + "data": { + "id": "121212", + "roomId": "707070", + "roomType": "group", + "text": "👋 Welcome to Webex! But, more importantly, welcome to where you'll do the best work ever. In Spaces, you can send messages, share files, set up meetings, and even meet instantly with other people in the space. Pretty cool, right? Try sending a few practice messages, GIFs or files - you can even edit, react and reply to messages. Have some fun! If you’re looking for more, visit help.webex.com or join the Webex Community.", + "personId": "808080", + "personEmail": "co@example.com", + "created": "2023-12-04T07:40:06.690Z" + } + } + ] +} \ No newline at end of file diff --git a/Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/test_data/no_events.json b/Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/test_data/no_events.json new file mode 100644 index 000000000000..3b9e47450238 --- /dev/null +++ b/Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/test_data/no_events.json @@ -0,0 +1,3 @@ +{ + "items": [] +} \ No newline at end of file diff --git a/Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/test_data/security_audits.json b/Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/test_data/security_audits.json new file mode 100644 index 000000000000..181f32f0eaa8 --- /dev/null +++ b/Packs/CiscoSpark/Integrations/CiscoWebexEventCollector/test_data/security_audits.json @@ -0,0 +1,92 @@ +{ + "items": [ + { + "data": { + "actorOrgName": "panw", + "eventDescription": "A user attempted logging in", + "actorName": "admin@example.com", + "actorEmail": "admin@example.com", + "authenticationMethod": "Non-Interactive", + "trackingId": "123456", + "eventStatus": "SUCCESS", + "actorOauthClient": "111111", + "actorUserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36", + "eventCategory": "LOGINS", + "actorIp": "1.1.1.1", + "actorClientName": "Developer Portal", + "actionText": "admin@example.com attempted logging into panw using client (Developer Portal) and Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36. Login status: SUCCESS. ", + "failedReason": " " + }, + "created": "2023-12-19T07:01:26.486Z", + "actorOrgId": "222222", + "id": "333333", + "actorId": "444444" + }, + { + "data": { + "actorOrgName": "panw", + "eventDescription": "A user attempted logging in", + "actorName": "admin@example.com", + "actorEmail": "admin@example.com", + "authenticationMethod": "Non-Interactive", + "trackingId": "123456", + "eventStatus": "SUCCESS", + "actorOauthClient": "111111", + "actorUserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36", + "eventCategory": "LOGINS", + "actorIp": "1.1.1.1", + "actorClientName": "Developer Portal", + "actionText": "admin@example.com attempted logging into panw using client (Developer Portal) and Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36. Login status: SUCCESS. ", + "failedReason": " " + }, + "created": "2023-12-19T06:49:44.950Z", + "actorOrgId": "222222", + "id": "555555", + "actorId": "444444" + }, + { + "data": { + "actorOrgName": "panw", + "eventDescription": "A user attempted logging in", + "actorName": "admin@example.com", + "actorEmail": "admin@example.com", + "authenticationMethod": "Password", + "trackingId": "123456", + "eventStatus": "SUCCESS", + "actorOauthClient": "C80fb9c7096bd8474627317ee1d7a817eff372ca9c9cee3ce43c3ea3e8d1511ec", + "actorUserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36", + "eventCategory": "LOGINS", + "actorIp": "1.1.1.1", + "actorClientName": "Webex Admin Portal", + "actionText": "admin@example.com attempted logging into panw using client (Webex Admin Portal) and Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36. Login status: SUCCESS. ", + "failedReason": " " + }, + "created": "2023-12-19T06:48:49.282Z", + "actorOrgId": "222222", + "id": "666666", + "actorId": "444444" + }, + { + "data": { + "actorOrgName": "panw", + "eventDescription": "A user attempted logging in", + "actorName": "admin@example.com", + "actorEmail": "admin@example.com", + "authenticationMethod": "Password", + "trackingId": "123456", + "eventStatus": "FAILURE", + "actorOauthClient": "NA", + "actorUserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36", + "eventCategory": "LOGINS", + "actorIp": "1.1.1.1", + "actorClientName": "NA", + "actionText": "admin@example.com attempted logging into panw using client (NA) and Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36. Login status: FAILURE. Invalid Password.", + "failedReason": "Invalid Password." + }, + "created": "2023-12-19T06:47:38.173Z", + "actorOrgId": "222222", + "id": "777777", + "actorId": "444444" + } + ] +} \ No newline at end of file diff --git a/Packs/CiscoSpark/ModelingRules/CiscoWebex/CiscoWebex.xif b/Packs/CiscoSpark/ModelingRules/CiscoWebex/CiscoWebex.xif new file mode 100644 index 000000000000..96c14bb31ed7 --- /dev/null +++ b/Packs/CiscoSpark/ModelingRules/CiscoWebex/CiscoWebex.xif @@ -0,0 +1,45 @@ +[MODEL: dataset = "cisco_webex_raw"] +// Events mapping +filter source_log_type = "Events" +| alter + xdm.event.type = source_log_type, + xdm.event.id = id, + xdm.event.description = data -> text, + xdm.source.user.identifier = actorId, + xdm.source.user.username = data -> personDisplayName, + xdm.source.user.upn= data -> personEmail, + xdm.source.user.ou = data -> personOrgId, + xdm.event.operation_sub_type = type, + xdm.target.resource.type = resource, + xdm.target.resource.id = data -> id, + xdm.target.resource.sub_type = concat(data -> roomType, data -> callType), + xdm.source.host.hostname = data -> host, + xdm.event.duration = to_integer(divide(to_integer(data -> callDurationSeconds), 1000)); +// Admin Audit and Security Audit Events mapping +filter source_log_type = "Admin Audit Events" or source_log_type = "Security Audit Events" +| alter + actorIp = data -> actorIp, + eventStatus = coalesce(data -> eventStatus, data -> status, data -> migrationResult, data -> success, data -> actionStatus), + result = if(data -> failedReason !~= "\s+" and data -> failedReason != null, data -> failedReason, data -> result != null, data -> result, null) +| alter + xdm.event.type = source_log_type, + xdm.event.original_event_type = data -> eventCategory, + xdm.event.description = concat(data -> eventDescription, " ", data -> actionText), + xdm.event.id = id, + xdm.event.outcome = if(eventStatus = "SUCCESS", XDM_CONST.OUTCOME_SUCCESS, eventStatus = "FAILURE", XDM_CONST.OUTCOME_FAILED, null), + xdm.event.outcome_reason = result, + xdm.source.user.identifier = actorId, + xdm.source.user.ou = data -> actorOrgName, + xdm.source.user.username = data -> actorName, + xdm.source.user.upn = data -> actorEmail, + xdm.source.user_agent = data -> actorUserAgent, + xdm.source.ipv4 = if(actorIp ~= "\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}", actorIp, null), + xdm.source.ipv6 = if(actorIp ~= "[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}[a-fA-F0-9\:]{1,5}", actorIp, null), + xdm.source.application.name = data -> actionClientName, + xdm.target.resource.name = data -> targetName, + xdm.target.resource.type = data -> targetType, + xdm.target.resource.id = data -> targetId, + xdm.auth.service = data -> actionClientName, + xdm.auth.auth_method = data -> authenticationMethod, + xdm.source.process.command_line = data -> commandKey, + xdm.network.rule = data -> ruleTitle; \ No newline at end of file diff --git a/Packs/CiscoSpark/ModelingRules/CiscoWebex/CiscoWebex.yml b/Packs/CiscoSpark/ModelingRules/CiscoWebex/CiscoWebex.yml new file mode 100644 index 000000000000..f5f718d00342 --- /dev/null +++ b/Packs/CiscoSpark/ModelingRules/CiscoWebex/CiscoWebex.yml @@ -0,0 +1,6 @@ +fromversion: 8.4.0 +id: Cisco Webex_ModelingRule +name: Cisco Webex Modeling Rule +rules: '' +schema: '' +tags: '' \ No newline at end of file diff --git a/Packs/CiscoSpark/ModelingRules/CiscoWebex/CiscoWebex_schema.json b/Packs/CiscoSpark/ModelingRules/CiscoWebex/CiscoWebex_schema.json new file mode 100644 index 000000000000..e4d4354f348b --- /dev/null +++ b/Packs/CiscoSpark/ModelingRules/CiscoWebex/CiscoWebex_schema.json @@ -0,0 +1,28 @@ +{ + "cisco_webex_raw": { + "source_log_type": { + "type": "string", + "is_array": false + }, + "id": { + "type": "string", + "is_array": false + }, + "actorId": { + "type": "string", + "is_array": false + }, + "data": { + "type": "string", + "is_array": false + }, + "type": { + "type": "string", + "is_array": false + }, + "resource": { + "type": "string", + "is_array": false + } + } +} \ No newline at end of file diff --git a/Packs/CiscoSpark/ReleaseNotes/1_0_5.md b/Packs/CiscoSpark/ReleaseNotes/1_0_5.md new file mode 100644 index 000000000000..e772bb6c10f5 --- /dev/null +++ b/Packs/CiscoSpark/ReleaseNotes/1_0_5.md @@ -0,0 +1,7 @@ +#### Integrations +##### New: Cisco Webex Event Collector +New: Cisco Webex Event Collector fetches Events and Admin Audit Events and Security Audit Events. (Available from Cortex XSIAM 1.4.0). + +#### Modeling Rules +##### New: Cisco Webex Modeling Rule +Added a modeling rule. diff --git a/Packs/CiscoSpark/doc_files/get_organization_id.png b/Packs/CiscoSpark/doc_files/get_organization_id.png new file mode 100644 index 0000000000000000000000000000000000000000..ee571c6adbdcf70036f228cd4cd616e3756d0e15 GIT binary patch literal 233843 zcmeFZWmH|uvNj9^S-1rV&ccJcyCg_(7Vb`PcL)S`2@;$@aCi6M?k>UI-QJbG&$)Mx zd$ye4-}qoMW;5HWtDf$zu9`JNN>FSb{@7EZPs?qM)`*eKh=-exD4tiJzJ%iM}~*bH5x?q z+|B9XNH114s5U%GY-&XxrqL3R>-~(ZX0c;Y`<}3)NQos!IBq}K7k2DirGFO-_mna*AHZRAN8COGG%Ho=hsd| zXGt1HU@7~)0I(SY9PRS=g@^8=@f#|?ysrzAky(Wkq4nR%HDQ3j2@|quD2SkbMDeO$ zz;68h!gWwsABL}A)4@-Xc`#?UQa{RyFhxYL)3V7`qm+4pUSI490 zv6`fbj0^+~I1PY+g2aG$1x`VNe<6a*A)tRtLqJf1?_deV213Ar?-<}e`An#P=fW0c zzWR6i)%CA}!b+l&lHj|Np}n!OwS$?BW95*|4Fm*~pt-V|qngYI9zz=|27MzN17ikP zE8AaHAoyH)z)34(M|~1kD@$t!9#?+S-%9X+)4v`wl9K#Z#LAp5|khbZtG}nV@>j_U3~)^Cr5r#(qA3@&(H648oQeR zZ%@_^{~8u}fQ-L#7?~NE82_xAqq)gnRQr|ld$r%j^?P@GzZ&C_H+MC*R2MV10&^8i zngBBsGaKJ;{rpGP|5EyURgi z`a{)UgW!>~HwSm8|BH(P%zTXh@$6sa`51q(_zx`qU7o)^1q)OFfsgTjz#)JzA?Z&K z0U-n-DJHD!3VE0Y=c+u79pK`Q+Hyll0?Gj(cX!5}*G0 z@)IIq19(+RV~{}p^Th;Bt#bD6zbOg8gA4@;i;hN0{ueZW8zuVh8udNRyc&x9EK4FN zsB3RuNkPS_dVU$7kwFD>_eMo{thWa;8Up?=ul5c}5;2jf2y!;I51pM|6i{Ws63clu z{T*&C+_XLb`Qr1S31JmjD3FOs?xv9`u@UQrAMN|OW&T=NzOSMopo?-22|~i6;_~x%U)jPE zu)u#whxk!A!OFY#F~>AV+Qj`HlG7R`>F@ASNaYLVBp?yr{OB1H5mJ&4023qr$zWR8 zyFnVGa7_vi7nfok9lfVyit=o57FF0Ed1$yl=J1fN$}2ki=jGorP71wT7Vx^baLRaH zkLDAYGK5bWpk%RK!3X_qB22NuH=s?j>~BkXLjq#7&7{iRp&=3RhsAXL@~HFxHMYMV zJD9h=1He!0D@@u&#uDuV>%%&JqF@Hv)~mXfp~WLOC?BnYlpU+PfBZP{`Ibb6R&y#P zEgfGxG-M!k{`#+x0|u243A|njCtouYj|$16u_n1Z2;i?0?`uooOA(!(o{NlqI7{7J zAVsUpjW4WSE&MlP217lc4hlxGep^%hse%|IUkmE8xKL{)enL}LwiXP$lUW?TLbQpp z=0J{f#PdCUkWO^592B|GUtG3h=(}^zXnS*6X`U=wVV_2jEn3wcB7%dF%$mgUX~&#a zks>Ow$oAfPIP%JToVB58Sg=WQcMkCPe@#!c)-siLK+c$F8Pn29`i-Jh_5vbGVki|6 z0fA7okzhd~5S3T*{_=<}VxNP}%WA$se0xZpI!^FT@%i2~h8tG4R<<232l*$Bo|qMx z{boERF9ncIx5u)Otj+kHWPW=8Y{p8e`lVhxySoa^-bA(ar0i)SVDJ(n7nQqkU_)Vx zh-yJ3C@U}~`CP1f7L`MJ^rg7iQF5V0=KR9m zciOVJvZ<9B6+pN!7PlCIH;9ZcuRu69?tX2Q&yp`=upE zGdLMsP_TRxdN(V<+>0>!TB3~qvvJ>u13AxXE_5MR7CK(8QeQEMOn85~z+A`4Vm8`V zu-d=;UPfcp&_q6xSTqnRo`a^jSfl0}K?!u}$1oF_?V(-@Zl@_AH ze(6NrZoh8zv7k@pjE^xzje|kNK|Jq{?{&ZC`Vg4r9Xj-Igeu4CYe{T1TcY%Sret-^ zyp6^x)v2do;yJpu@^W-I zC_QSP5fvc^m*IlC*q9CrveoZ&1wV1Y`vv__I&32)Xa)ohoG5&sh`2o&A`7)qRGT2>X zo!@a3CB$-7#-P+g%V-!Qgutt5^W`pkvj8rsX7`rInU&;ZjQ|Vx?Wh2=P9PDd{PR7B zs7|X>(FY%^x<>&r?dL~kZ4)`^SY1Ks7>z5^&3dIK2^a0Wr~5@>Xp1YzIuVeBhzLk* zvIjq4tDm`ohIAWSB4P~cj_Iv%CCHYb`pJ^pv=?iFwI!ugv!`$3b`?tCwJtKzL~aAp zp+{1+#j^53?Z?8CVRA|y#ahcnD=|LZ8|w!CA`)d}6<}^W0yF5xNAj8I?crp2u_C=U ze7Qv4o91L|SugRliGy{lxhY=de!(Dx<~7)T4p$-Z!sLV67}GQ$>JqyO&f;iv0dX@0 zTB($wSry+3NUe|m%pdrDukwR&3Y#@uFRFmbLbWw0_a08Zjb1KyMTC2k2llHL<*#3}SRA-c?p~d?5?@$CMmD;>p z8YimWyKom^2-sNW$!@nO2NTS-WpINQDpCvOwg@~fAr=oI@4U;k7hj!|+K&C_+8O^2 zLI;FpwKDT*aMILSCGafy<6Lo?rOrbc0>WKvLbImgwdE|+r@cyx2g;B#g+%~Je?8{i z*uW^`>gUDhaL&q&_1KFanz82{tg-iP(&YBt>=<_EW|9rhnb2q)78~r)04&;=K z89vKQ}6jrZI6fR%=37X}FkxfrC%4Pm{lng^SK$rNM^on&+EWb{hQ9wD85CTqWP{&Ba6* zrnEwpK^TKtwM3)yz7aI-Wp!;VKYUOA8<@{R?1nvwCisHoR$tvvU|q?mI9=MX$;fVS z3N5oFiM?pz1fG?}i|p)2%2}saO+(O258ZYi3dk57kCUyc(_&&;SM7*Me1$OEfBINq z*?T8lNoS@oICvZ_*2EL?Uh^L*YzJ2V^x7cC1Xwq@oOob#uU<#(E-Nv-jGFaNuKHZ) zM^Vucz?SjyRh%9y-9=`DEH0AqU+~Kz3A0ze1vy(X#tA%jS2s8^?d1~lf#Ew=;?5_LS=gU4!m-lReu&aHn$t+`3koZHYGVqR~3q*C7POjj@aEfXe&(a;tAv41gCvF zEQ%|dcnEbzT&k93@`EEq$SjXtIdchQf7?aqGFZ&6gBFa;8SlR(H`NxdHt2e zDv<6H12}-x94@G+=@`$i4JWx7=@eUU&}zBdDm!!XHhPAAI*e9i^Rf6{rQ6~gNqEUP zHRP8%ph23a`U&AAz6#QM1eO^hDyk}fZi%DWqDW?zq=c`LSs^Jw5YUl=tyX0?MdG7I zqyIk7R^YHE`;d`BZwgBoNX4<>qe%SMmS;eM9t;ChoqT}dH9;-yK)Kpc?J1x|x<$=Y z1{UsM!n~lB2jEXTCm42(T45sVdZ)iIa%$h{1PD9DB=(TdsIdgX>_6X5ho5Luu(fW7 zQ1ww{kEjZNOHfZuyBw!FA9)}ih&GH$ShQ(TuqJY;d%W(=$knOJmDwy&O;1!^an)S$ zdLiS^vBGb-iF}cYql}>7rIp?udeJ_vzwv##FNb^fm~`@kIhsp)Lx$3PxAMSpS7p9^ zX~n5y+Dy`#a+jU@%@6@JTJ3Z&Gw4(o9+%dHAjGi+Y1-7kgC%4g3&%xV*&y~%^nSUpaTs}q*f?HpOp104!)9bgyqsCC zu4iszI+z4=ntVTI-S;KXMNzc7mXI^DjnuP=HW zC*9N_$$GUyR9(xW=QETx5AjFnMD7bjZIyL+*ZzFO@K5n^aoMFc535S265JP4apcU* z!h)}>HtPgmViR?|CNG1C0aY$nTZvMi@2?^>kMEK3w>sWuOxYPF=Rq*N_s{(dr!OT{ z$oJGan9k&c=0lP`eD79kj(T%c!l^@sjL*SDT<@X$#_jej&nSE3soYwd9ckH^@ac`GV%jfG#3-^8HQ}pJwE~hrgEd6|%|dyg(zkt=e4d$ZRRmu}9{c31xv$>~o^MW8st6+LEr03VN{pPy6Ehe-SzJx# zyC^W#z2w9FX>|O$NPd7%# zRAx=dMo3p?zoI}+mhABBbgIu^Oi#=&39w*exxt6me2&^Q&cVX9$#fp!et4~IiV)AJ zvyu%JAIiUv1C>R?S|k)H$f*OXtE{xr_Rl zTvqeIx?R&{9S3z~Kl$Usy!VtkMw5AsR^1jNZrj8Az0^vDNW^8}YT>MAx|sAkwcO^F zOW-_V1t{g+Tzk7TC?*Eo-e^>IqS1}4s&=tP6w!;ME%0)0^8G@Mh3U+00;4X2!_G*& z>``*ElS;5!N*%|SjBN&a1=>N@BbETj;(d|$G(u=vK1toLKuGj$RH*dH?14zQozp^z zi*4^cTIJP;I6-z&ED=bNOurzk!|Mm4%lmT+G+V5Z9uoky7T=Qid{o(FqK~6akF{@K>0)M_CR|SIBG$}2h z4|56D%pMW!^(67WSpG2IY+Q7ydS)|qMBBm?oYvXN9zCKb11gwJj!etphBR~^Dv$jA2k+!s~?DBcO zp@`|3e&N>5d0mO)w%K?0)kR{5-RDT=PEPxK;Ly(ovJsXmyJegDZ3G#HWX2P((+YHb zRKenuXW3M}k&U3ZhMlz)?fqAP+vavHl~Roj>%zX)whM&qnx~C2nDm2C zZeiEnlb(I{gCQ*xe+x}$9+&?#`4mz>2Fpk%FmR?Tp%oN!VnG+k<#}5-7m~cwUv0JI z&dUd>xc*YX7gQ!j=qp7WK;OxaqPsP&!h4mo;3?43@rl%0 zYk_x35lpJ_9{fucmyTxvK1LR24yXDR2DKuKWXeBiqLt~c+u%7S&CC?*0=No}? zDo^qBUJp(Px6!1EE{4gkw190R4_W?5u2R--<}?#HB@!;nmA_6| zrdoz+6#W3@Ph1s;GWow)d_iEd`;}<7b!7b9qN#G9wlBM~ zX{wPAKXYdhf@4qJ^)~r|dIL{4LRL-8r(CX$eKB2IMIS7o)*Y0H((J2u8rkqNQju+zyPbnNWXRb^gyayL@D~VwvyuAR-TDoTHTp#|f z!q`@6i~GwRuQh=@#^vT~fhqz-PUy;{!&#QEb;8wWiC$1LFvH zw+7&NZ)Xi=m>KVo+H=;}F5gx60DXWNu%X_qs+UA zhJ{qOt6`VTA0cvYe2u$$WCAh8B7>%?0I+gAfY7`Q``9x|7PzZkvy!ME9|0t%o5@+< zVoO-ROH)lo(l3q!>j^v@eaO6pjH+&q*;OBVH$5x2M#oy$K+a+Ao8OCiu@A@LPSEM5 z+RjGExlP&?dJMNK^3vnma9+D}A`?3&Z*$NX&E$flH<(|Y5HH06vSwSgH78NL3C2A# zTmzq?1k)&+ZVnZM_1T?aR*d`NHrZSi_?geR9RPmFe8D8ap5?04&IwMnQGy60=Z=SC zD@vQE$IBl8BCefSrf4eryEq+kZLdQ)DC{b%gsCeGj!*UT@P*f(gNSa1PA0~2@{_cv zYrjPbUg$Pie@35{CrX#9*@Q?Z8-&PInk_>j&4voE?xAp~3xdwF27kZ$lg=FD#xc@kmLBLZ(79a87 z_QkOr&)_4W+N>y|?z+7>S5uEcaFVa(+qOckFFvBkPgFK?3_lzn^T9QLJCSLQZ-pQN zTE~N1__6T18pT!nXs)@Z*h{D!AxfSz8$#37ig5HtT}rd^X@ZopFirIZx?*$!P0Xx- zfxC3u)rSy%lcdceRjhOMfYDo_pS?chdk%=R_OG~e8rcs9{8m}m+`mXzVC6lhrM#6{ zcqip-;+u2aANRNfHD5(9M?8cQV-obPe?r%ZP;tKGg;R9lx{$apE2&n)n@z{rgYxLJ9HuDyga%-QjV|vj71!+KZi#n-g6%_#ri6YlLR%#MF zpDQ&}I08x|jcwM~isuX2>pj&EH#KO%CyPb*t9F`N1DMq6u&0$|hNx)c#e>PBy!pqU zMK*`PuXh`Aika(;#ZLQk9dv&yoF>vJ8P$tU zg$!CfJdoD1Ku0ic#kE1gVOe>sBG64O3!&HK`Le2i@s%&Kr~Z$KJ3A}|*lR&4(TA%< zupzSFMZkVjEzrTycLmQs$l<-NiSv35Y|8VMfVUYcvBt>Rb^#ZB76L3P{ah$0Km@f` zN%3k>f`6%axPCNgPyxyl3lwS;ju8%(8 zgP+`?QpqthT6P&8bY8scLmcG;9?aS>iEMMOK7CT^kzaK`U4z)>5)mhK9Uy5Y7t^R4 zo*9dtK^sB&05+kSqhh(a)S(JPuLP>Ct=4!%_1nOVSCWe!QwCExOb;TfVBjpSWZ-=p zPhKyX9YnC>5|F;*`a$Ef-DZE)dhoEbiWsgI;6bDlxq{@tFU?N_G3L#9R zqoVBS8Gy`B{%+QZFze~u`B+mBVZ2#G7BOPnE{B2_6~+?ZA&?88U^0?eF!9|cTuiJ$ zD2_}qTPLY|79q}j^d#n9rt7_?OC15xnmt9yyllQ(@YiFNY;8NVoy&_6kVR#;0L8@WMDRz z&Ghtg@YPPtOAp-o6s~SoeNrTJ>hrJ}w5Z<`I(=cYSy>9!aC2*j^sriGlA>3cKXv9< z(iZoSJ;E=%q4&S19VyIB3^7JkA-g8tZa{7o ze?Edc#>-1*2_Wq~x`|*UMVhPRAdX$Wxh5(Bj_Ik-Km3$4Sbee!GMr(BT)ZVI=Z-Wn zQ!B6F)Gjk<$JKZz$al5v<5R{d<*3XSic^3Hd_^QL@0f<2#muIETtV^{xP)4g_2hYx zqT&jj&R+fotI-yvRwe*#lhDs~sDZN^-PvyZ`Z|((s6Hj| zXg07U>;`xBg(PK48f6`2u`ttdh1+ycQZy>g!kX^2`oT;Ane5qKf6$9*DHb%HR-Q)k zBD_fU)M0p)HC;|E2ypZ4cVVLjHM1Y*}SLycYWq>RMi+112rBpg?)uDK5EYEVC#DvO4 zfI=hN!CeO7B3ij(th3YyEkAXth4POTQ#KRsZA&U!gsR7-N3l-}uP}Uii(>QAm9jpM za5NNlrqp4&DtCNyM~e2FB8NY6NYx8KNLR%jjbPn@dNS-iKAPB!?hKkxQab} z$)l=5-yge;_k41*S8#r_h!K>iIV{7{O)Q(iFB(2t2c3!~7Y z10Fx2kG%~!*17+zvUTzG-G%?^)>dO)*wlW$c8^47Dlxg;7BR-R{#wNpr!SivL6Rju z1Yz8{(yz<6{evzlN`sm~DV#POH&P`UHQ}}a>^4bP`JMM|lcA-XyrZwHtYEMKDu7pS zEIS5f<$=o6V~?WoZ1LNJ8QJudmg_nJ{$#E{^c1*c`0>zc84PXAIO#gc#MWL#@g1W(eB5Ug-RMDP z$5B)eCnOR=vqL$UnPwFWf90iF21spZMCj~z`enf+5b5dIJ`h+CTA|$(cE5Rw8nSzY zA{8UpUN6&sJdO5+2uh{b^?GPQC_ISRLA}>$wU0MPccjbzpWO`DLGWs@756U zY;IVM$wM}A;9D<P2|Z9Zh0;g)>1(uoN~8v^e$8*>7uC{Y-}F8pjrY3xh7E=$gF z@bNbX&3E?8Aj2u?0|{Yju{WJUe&d}#j1f8K>s%Nww(5mWAm?bd!XLFp(Cj%jv)*P3 z))wZ^D~k^4TRPhjIi32#=how_+XeE002OduPXV^pa)K|FXW`$3UHmLA&&0VzJ-!5>KHWgH&*hrzaQOBBZe&9-Y9Y0jMyKH?E75P*LEmA zbb3SD(U;<_j9_{m%3LZ`;=st4jqAX1a>p#>EE75 zR+T!UB3@QJ(^Q$eR$Egu7>|z!I@{-An-OCekDsChVkC)WIe@$wuA4sZB>dI3Opc2W zRs!MD%N~&QG4-z<&=%{rM_X@cIBu#chiKo-VrQu>noImh)bSW}62l2hVPtw;eDbAr}+eXBHQR&`UU2hev4} zwpqvu)m^-8)l?`y-BYX!^O0c08Eu5oqQf$T&@+MI9IJFuT+2R@i};RV?BX|{QXL}3fLycJw@}}w_gKM2x$a|9))W{ z`EZ%^KA{&S(5V~Dn2?cWJC@kLz|9YmgAE!g!3BkWASQnrTVLCoQ!+Wk`gS_1s%*hj z?zW{J%dh9nT^rid%ds1kKq8YOB*bG?CeE3PH|>{l}$#C^b{g}wj{B9SSuDaBx*^`YbadAH~b zYt}lE$3Cu{mp_i!A^>>1BwhAZi)B{F?W=k!vHbv(9Cs75Y755w4R5DERw}u-babj|KHN-moAE2W`-E}SAV zTnC%g3O=AzYBNKB+j3z2)p`U@#x%?tCvuy&mplF$(uQ`MzF~!7q#`QG5aiE^ zq#~Q>y$tVs?jJq+T2^k4l=rJg^8ogcnoNFCDAtfOY2=9p6UJB zJ_keD<(#_jB#F5jG7uWq1B><5k$`8ZeuHv&=O^UDTMj#ODG{!Un$ve3y-0KuZ2sBO z@6&90f<2&bZ1It4LzoQ9)dgQ@^30D*emP*o=ld~;aj3f3Hnq-mDo$!sO0iryTkf}; zDrJ8ZgMG?L9v>&SODGfZx{2{At#?MWbBDpcjXto$(aCI8WsPE|7Serq?X1pe5e3Uz zmh))%@yyhPc`y6h*D5bf2)FiA55J1mXXh+xlhHf(va;EuS+_Pf*~IQ2N@Eqw8%@MU zyV1h-mF@}1Jno;o(_cUBpSnCpQid)2C;1Xs)X(B`6x-;Y%w6wyO`KO<0~#!FQYjWZTEA< z0O-w~_iVOGbWPTtrUZ8hG|?K%+t)L$)E`>^s6-%H_JU zb{HW!m6nE5!c&X3_ltn2?3?)fZ#uzzcNrxURzl%ZHrNbux-Hrh(-$;Un(UttKT5bd zwl?29Pa(WPZ;nCOOiD8yfNvU&O#}8TNlOkc6{~ck1!cC zp)bBv#50vgU02S0;;IBk3WBR8bBfc@MSAcc?8Pt|HQ*3&J&DisK4@^5cVv-Ims$xO zJIf&cS>SbrC8*g@t06^xZ3-O+`|Zw>o6mXPz8kwruJ>sIHxeqXOBWp4}x5L0RgXKD-p`mg!_6=D4q^ zJ?y8PgsWXWWcVzKQl2O;a+I*|Od^dkhu;N+$R!a7qM4tDg*WS}j?ACuujy+?~=^k6tdgHU%C;u4>VYG&=ls#fcMXH&KbE>^5`b z`*wi@s&7W87+a^%%-S+(j}Gv<;Peml(0(3IJCh`LED?)sXVz_al;QfbnC`M_U2v|r z=`y@=tJU&ccgy8>_3dCCSW!abSyN}fo%6NdGR6U)$vr(RJF9Ye0sffj-a4gt4k6~R z;D9*-k7Da5+f|IsG<8d^5$MgfC_4T&Z8uqG_Mdk!MT9h>=$8@!JFp#xJr-q54drW3 zFm^-c^&@?I0jP#rMK=Psb6wrI&J)Y6Rt~yPO&8L@!;CyoMK3 z$`E#>e^%b8Vu@WS{sX8QY^|MYmntu;t@BwvvCj#FVezPgEMW49fOGfFRdi9=tY=1jMD0L#`-++d@vMF%!lzS#=AFpJ zp;KGA*5_*vn%5_zORrDQvg;p^Kw#TDKCVN*_&X99)9~fQcypb2Pb)iqJGst9jFq4n zwC(e|MBTE9zf=t<$0|g59r^+xyEVv=4C47sP@s3=X5POtk4PpPkjuA}M=um=F(eVO zTCCUjX1FoUOsaXox+ReYJ8X1w9r4c0Y_fm}L6M|)t*GR&r6J#*qxcIoR-v9-Q|&zs z(dh=_H2&^WRBnIYdR~7)qG{ik9i`2qm!qjmc_2o~`m=X(EX`d5jENvGt!^aW+jp?q zYD&cA88nF3xm$q4OoSX2*;m~94=}M9v6S#IA(hMq0nM|gxaP4$K&y|~eJR`_7_|EK zn!%;ti-h7!W~)ub{Iz1zs9at{s}!@KFFTgN9RvlV_$zZvwmm8mKkJ(E6*JvjHIB5| zj+1_dyeXAL{pQrEbw(%3bAz{OWmT#CXsO0as}o;n5A*unGx6NQ6+TU-(@Tn@yTZH% z08=eSAG6}L$H@eGZmG>BBO`NGM5vkXT#~#U z7?2mwXfaiub=K3-X=#qU{-Wn<&_*trR1Uk}QSBx@j#_tiv+~yK;W9Q`j%(Vryt`X0 zB~^K4A#B`Jo}GOvrwQ4{*ba%v8nCCT(v_5Qh^%ggbGK~e%WQu{qLsl(dz3UD2w#xv z)%4JP7Kn_0`+5(JfnLKw?aqO}IRdMfWNDfI82c+&tzdb%5xk)dv~@pq{CvAHxIa^3 z*v#P>V$_G2kat%y0aA9*Ohsr>;EB?1a`BLDIXka9Pl??6ilcKz&;=`y3Y4;5t}T&g zTkxpOSdmlB*K?kILN!;LK;EwaX%5~-svi_Rk*3{MIE>%zyphWvH!Ni~NNJLi)Uv!& zq1Wuozj!~8xaw&khDXqLe=Z%N<}g_AVKg|?xeC<1s5^o_U(RTaE+gJ4rnz|o+fFZ1gV#a*_wixM z!6B@j%4)9uXO*ELGGomuc9rJCirhICZRd_4%jF#ULB1Wbl#i=se;SgGk4r?T|Afcu6O{?i%(mZii zJ|UniQ8js)o|m+4;H%x9z0Czb%SRb2neUkN#Nx)%3EL6x*V=c>R~Z~Ra(z#z zaGL`wLhfF5#Ov(JtF<{7Nyr;^*yIw5DK|MW3Bzb{nt(95%9;{3Ow`LO;96q4!FRkA z7^Gq+0e!a*pm8b@Blud^+e#kL9Mx%PC@R3*K)R7;@0)qwppY* zX%h6hBRjqwY@c;qo~}0U!Z< znqK(gL8Cp5hj`BLxRg>tGO|$tN%xFo>cO3@zMd`IdkD`~Hfus!!iNID>x8_$ce#BV zn7Xl+-LI5m@=59F>C{)u+%p^{c(tBCJgQ%dS+aT!56GKhVddP5nGQPOGFS5G=ES?R z6cpx)!pAVu>hbY9wY)_6BuEE2(?>`IP#7&`1o$auIY8F3R!t5s6j&!;(5e_}SL`-g z3-J}vKyfY7@%j=xiA#((b6JN?z--soyWXs`9OZrgE|pN24VMk1l8ZXl-cnHAE&ps+ z3fGw$IWGUXPm^u0ORlin7D$ma5iPWeCef`CT6JMjNoxIt}CmGo+crRanU16~ZJFJOCRRNDjFYTZv{;t<-JQQ8; z@QtENXxJ>>>H( z3S#dQ845K`wx1QIsZ~I8TkzIhZ{PMmxT)%kF*8@_T&TvIRO9X&D`J-wPF!|W{)zhj zhxh0o0PRIIK%m_!q;*WYuo%hdvmYFK>MJ*ziV8cP$0v|=@Q2e-nxZU*fWpcN!#{)e z|JcH*5q;6#YF*GvYtI0E3*|^ixQhy(*@{*HU7ele3<9zfiZ?j9XswK#RK2e1;_vQu z(i2M>f=Cqa@UM&S(RafCE>I@Z0H9ZbW6{cn!KDU{D&bKpD;}Yxq0u-$zo1a+x^6)J zru6Y+sDA+j7B230W(l&Ppfs70#Ih@S*l#M%&e-BKoI=NOe-juZM1d9@8NqJR54i8=#4(fGLVHaqI z`==;9AD_s?pK5v9< ze}!`~_*~2WMHJ2-Ruyo&KMFs3-Eq79Gt~eFaG+er*67MVOC(bR6O4}%MnS5-2?qK% z866Zt6*Tpa^Su8o5oL>CsJPnN+5Bf3Na}x~B2m!ezd*&uU#O^QeN5&1XBwar!7N)l zH~ll)>%WKeFOkZZfF)5llb8|rU(m1yo>Ev^&xdJ$J;(nYpjgNbmc;b^xx@KCV+TzO z%rd{hjF$fbI5m_)6@?nQ-m>ZcOoN{^m}RziRWAPwocx(z%j^FS-v3X77l3Mg^LNZ!84-mt+X<*^Qq+ zhYdK zQ`BscsvImT5#1{|B)VxP@6@Yo&xfPBO0S1&#c9L!KP)Agp_sR~8&ThN+q_M_L= z@)DPm75lT@uvaWd!P>4Z*Y_4IHY?4as{7y3L_)Aqs1Rt@e)vlPfg&LS3Ta#VXDKY+ko0}xRQO0wdsP!*+8;C8Th}nf=?JiyMpe@Ft6X@ zllguQgb=_##Z{PxMc)%le9oI{D3D^6-E0vdeqAgjT4Fz__$vhV@XvhYzrR-MCjybx zdipH}4B1bNP#w3aZJk6*?S@|>d-eKjlS76BRPa|se*YGL-Iu$o zS>2XvtHHHpeiRRs4Y!{mRG}qNjhrj4*`v>C8;&;{=|M*~xhd8d&Bb>#rlTGnF0AHD z^%ZpnklfqpiB$?r-R!pZw&|!n*H(4Ql-cj25~LYhlyl`Wh{A#8a{qT%0RVjc{h`6L z5ne*m(jQs^tnPjqMesBsr=S4sih&`j4&*MB!eg^nqX$Fg`fy%JQ6ard3<~L$T1fdk z7FZH4P_lAF!Q3mwHmj}TD596Ay~U@#=V%q4)1TKiu&tJk43T6zhTK*{nPk`d+*)(4 z?N+!2m?{k4^KzY79gaK?kSb@%G|S`s%wU8Z<4zQ^T0Hwnc=3Zv>gVhH)_IiwJDHWK zpw`#dkzQ2O7`S$%pdd*;*?zh`%$LAt=5qz!`OUkCv+zeRmd-UD2~l=cfH!Alunfu7 zfjzBFye?rNuBb}cEX3ZWpU9CNOQe|l9bs_W#h>k4`NC2S9j*`ftQY+t43T$^>^#6E zyP+7QS>YQq*(?h5Y+v#@%!m@2rqpJ{u9R@?MyaYxTE%ZSmz^2NI_o5enlBiu|HfSK z$qxb;yijdU1}JN^TI6_3O`U)Lc^mLA&1wyTN= z$OtyC=6?7}y0^Cn$AyfN0WHz43w6tvpI;5Q+MmYUj7CVvvI*CJxIXH@gL-fRAJMj; zI<|f@&?AN*JIhFc19A`a4HOj64!=nhWqus0`}EfhyyiO?joOC+=#gk zvIX;OH;Llvo~?F8!aKNqF1IWfN9Nz|>v^v9Y!bMr*U@7Rbr1_9ZYj)gzf4?4xaUVX zFAsmTj%AFSZX%MXz(uBA>bU4C22DEnCJf3+&y|PgmLLaGOw!ZMWNl~e1*i#%d5#@ zy+mDQG8_w!N!d43qB+b>4&{B`PxamB<(aalF|QM{(r$>kw@(~Lo80UEG6s+RW0Hbs zu{(J2-1?rV^UZ8)$0IUq;(4+>%%*^au zHRs~_exnJzw+x@pn`ZQ&;4Lc9E;9FF%G?xjBYVkM1UO z>+BW`&EQCr*qb8G)&nlkdQ$lmus6D0i$57G3KP<@WTh%`b$FW(jm)|&%dhg=EK<%H z@~KQ!JzVpxq;1eydpkdmG#*>&S}r+RWxPS%{@H9|HmOb2>p48GjeUa`InU$T+Zy+o zyWu9Nsr7=Ojy6i@@lcN3ei`E}05P$7A%Z;H!DrrW{gvMaJnL#nv#)YRy0gx$V2Ju< zT=%n1BaE|4OLQt-$Xu;T=LE`7(#F9|Nt{J#Lys2WqiFDG#2`b{he*D230xMVU?XE= zPz9}O<2r%+Zq|7ZzD*z4U%1u!a2&Vl^P;U$Z3Z+=wF_MGx>;7Nv(|Q7^M#X|HN$%Q zw3nBGpkvc=rSd&;H;C9f+GW*C6|CUoc-$P@A6E1ZfQ8BsC2*gQ&Q9yZbQu2IMwuyv z`AZ*i?P0qqfG8g^2iUyU4*6O*doz`L9mhG5=W$KG$a;* zKsr(3vI~WD2CgPB2V4ay9ai=(ozz<0*j*Yv*k^PJ+*ccx8#>o*75V7)jx*dl)>=K3 zd-3dq8a^jA$t=S5Kstn~UccG)Z)K*cb4hBUtR?j6St|-RJ~RsQKI`OOqGjSG3dh>0 zxQV_JaHzE@3*tA~FU~1ClWFJo|w&xE@5Tvw5?s zvpHwYA|mL)K@ z-gcI!@;DW$8+``2K3&bGh>I;L{rj^K5Ri0i4~F3PGTRYC~|oes1b2jy4pn;7dCTo#3pJRaro2=$`5Px z?3%O3n(OVy5AH74HiK$0-Nz3XD8B9H&zDiH%TJ39n!f*!y|;|2W6Rn`fnWgwB)D5} zclQ8E(BSSG*tom9hTs|q5L|=1ySr`N-JM&cPru#o*XQfscZ_>~BxAD&RMnbm>NB6Y z3JT<##D8?q0R~NW-HawEz?XZhG*)`JMOYIuZgW?y4rTX&%Wr6c9Q7QfWZu4BZ>w!X zXIv26TQTa{FN$Jbs7^hvG@?gw@?eGU;YxL|LB0fOapI*qg}FH{Qkl;!*vxq>l+f=V zYCA=BEbCaxm?Ewl&>2Vn5>bw33;{RNBpo6rOg?qwTs2&yBQvl`jk{*h?Jh;dHR4{r z*A#{Aeqfa(whTEKIEsU498RT)!u72PwXJB_|6QIN7Y9ieCh^EFmh(3yn%u8B-MUeAv; zi*_UYP$V6=e80OR3Cz!Ah`0CzRLY(w6=ajjY~sqPp!E=@e~7|GsRnrPwZR|Ln1dFo z*|QJ@z!tM4siKLkfZ|J}d)}ETps$8RbCP{H&R{m^PQ+K;dF49;6cwiZ#0M+n37YzR z(@)ne&q>Fy7uS#1U_5b|5^|d&ot9?4`-4i`87-%z7JgV{d{YrNWL&mhzWm6MCE#$7 z0Z|lw!zUY#SHCuh;D11mAwZc7#M2L5i2`5ahU7R#gk#M$wD1I>o8rSr6GSxy8Q(%N-M#4-Otz=}fwioYd%SVdl$bbyD?COIe1vuZ6D6 zw|7AT@rCpT_g(BZ+E{LUsK?ce3pJI}UUyZg7LRN5mA*ge*AEaEu4+L8F3T!fRz^#W zsRs55HAWyDlZ@s5H9k+P)D~W4xC^N9q#UK+QtyWNUw!5|(*LCVmd3V& z<z*py&7}73cnqX-hg@M$g`0HJcW9(k}yBIBk@>odf(vwtF>fP%+!ymK)@g z@dxo~V(o|-B}2svlkoDND0TAdD&w)=QlCdJSFC@NFdCtr`KUV15%PH7&;&I`C99D8 zJcfevh1znMEkun;Vc}5URy-sWRMvQ-?(43_E6)E5SEIReD5IoZHT;0ku@c?%nZjvi zIogASJLz3~y@rTwB@EQWFygUFc~Mm7(`6ch>T!}m!*HF}XmzP8%<30o%iGt#5qk2C zoYK6a4DI>n!x>leqTUOZ zCissU)fUVsJdKZ63*thj@w{XL0?YmaMGAQ`F?wxouMt(JU9S$zIwRnS+($RA?oK*T zh8jmX&dgewIQ_d*m<OA{aPur#fOW1>BttUJ**;QN9(P-h6Cz(-3B{27He zCOEe>z62%Zk_ikHAHpzrMg;CH){S7wVT*`Ygc3!537Mk?p!UDkwuB#pzk+9+El{FW z=p+(&(&V&4B4PV&xilaA8K?mPb2tJ6U`AgDil9Z1X}{3q*NNPS#+$V;-~EVvB%5J| z^i;Q_I^)RN5#q0Ur|8_^R&Vi_N^~j>q8$`xc!R7~Wg4Rf!H`c!h$~dfXEHqWZEyCx zHz4343?A};&A+0ngL?WTlYp?b)oJ3T=<6YHN_F|zmEPlAE*EiLvuGQ(V)e=#b?M{; zs=4xbEXdg!8Krhb53R}p05?(=HFi48Zjd{jNcjd&v>O~j+h&%rLchsZMod1Mt#UnA zGlG^}&bO0V9#2~p4%L6d+;5hjh3D`+RvbM+e}1Z-Z$XZF=>Q1@ptkC_xCt+ZzSaSU|8CUYBWu1E~vlsC6$?H+a?D=P1#nKFn>evj*-5``W-(afst~mEaQ@h5a zLQXfnI#NysT6A9?f}C_+LD#z|wVT-Y!_G?w62-R?j_F>dNu{US$t+)3koo2LQ?@?0 zN5x7d9c%>^P|g4``CckZnUSfd-C>xQ(N&0LN|eTR&OLuMM_YRcHeH|`vXsF&V=DFR zy9u9-T^=q8gUe{ZyC&yq1f77s#&d(UoVHjjNmKDqvsbreEK`W|p3`t*^F_S`4}OLj zQsSD<{%t;a(G&Z2`qxvlxT&Mr8Qzaz7&PT|3j<@$1g#9#X=y@HWv> zHg~=>^vYG^n|bq6oVMLT))6*eiUQwb09CX4FoQv>oERXEFSzQD#<#4DY7;|=6@8f9?k#CCHrbfoG z4;j$)v8J1Q2N)#xYc8zSaw;nw(`kmxS%xAi9}jr68^7@s?uDxDCW6ZCP`4hUi6fgE znqv@OB1*T`{L>ht_Ou)ksO>~M*=CLd>hTEFY;@Q$JY`# zydOS|pNy)sAg%^^kq^DyF6ORD>#@eS>u794#y@zJUrYtzxud{BzB$ZGmynOn`*Fgv z10gc0@KxuCG@R-x%1X+#^#C(1LN#uwG1lKoWBYA^9EIl<-e+X)C?3;EnC%GMAGw+fbzwGAD;KfrZo&fR!CzNdb`GQ z=__9dv2NSR2;M=%aWm`j6~h%xU3i;@ z%TNPg=-^dRt&8RwWgLl?RZt60zO!SNJ*=AU52x|gz+1WTVIN~@*~h5;5(Q5;z^~z? zV+XYvyq5JRqYS>}=&*tJQ?>S1g)2u0b4TTPtA08mE6ASy6~5G@n9bcH4VbP%Vn(Km zTytv0J#uR-687)Vr@$mD7Eb&uBg1jcjQNfkCHNbW`-xBE^V7XC^E(k!Go(ZG>l)l< z*;A*y78Jp_T&s9;0KoMLeZTUceK9oxXmR*sY~RD%>$!CrdR1I7olaVCl1W7fU;NOjbU+@&=tV(dj#DWVYI95N)Qe`89ay92y}1+7>uY zPr)EPu+h0>imXT^VBA_K38kJPCHzA>h$oX9K}H>qhq73j_i~C?N%7rIuOG*lmZ>5-tg;V z-bu3W4?0`MHnd)93Jhw^eu9k@5mWxC!yyB-WbGXz!^mU)+-D5a=hLkKe1(&5wi?>{ zW6=y8K}veOZUGrhKcJQz4h3wbaxVG4*eMfGkkI%BSb=qAZy(e1e!N=^z)Vh3|0$z7 z?pTQu&xJzEB970*C-PH>KUIY0Q&BtVkV(ejrQrn03iaAsGV#Pbk5y?XS*koeNVsRk zx~OcV5BRAP45a(~0eOjOuqZ!uakfG=v7A>k27ros%2_l{xk%(AZ;kMYx5O8q!@-w# z@-t_Gc&9D;l{Pnba22W4~A^&{iVB~sG6X(iX z*i(colE&{VacpMe@9VCY-Cz(Mo)%3ajU^ZDS)iYj+0B!gyqjs()Yo9fkXo=TE6=^< zLgZxOT|yR(qWI2&-=wkzC z(8BRM9RmsM7Qn(1`q2jFFx$7+?C^fLo?65B)4IcvOky|YoDf8e)}P>32imL#93yYU z`&`pCdcTE50>j)iz-Mq8Bw1d)hcocy5(oMq zzi^?qMpCQ@bwz^Buth$R{iJ;2q$*TZVmI#o0vvKmvkV91bxNV$69)YVZ?H3K0w8Je zzbg(eQS>idl~F-5x4C9!N?)(}qoMAtMd^PpC-uXKu;8vbwCGq8+`C_BsRUJ-?XNCH z;ym(nEYI0|za%(s=WF_H)?=`(JuToqC3^47z5VsR-GYgU7i#ahZd(P&uYzFDEfx9l$wg%y? z_qLp4n9RFNt5yAa4Cym=HXT*vRbSS?6phj(9EV?9&Im)pZ0V|XZUM#e(h^ud2h4xW z;p~aUQ8G(<#^EYtT#cu?hQ@V7D?|eZyTu%tf35-E61ZJLdf$Fimq$ z#O+TyI55E4H+zVEf^3DeAyI$3m6B6?g15Z3p;5|g;-*^FzJ>|SY)(}JfWQsrnAK&k z#`<+4ugoNwifLd=c{WCU+uRUjzlr`7?iDN(7oeJ*EjNg`F?7TijP5}Qq+EP^g(8BI zZYVKJz5(yk3s=hKb;K%BDaO&H#Yri;n1^j1hKbBLL`rY^QMPHO{9|xAacB0z$p?O< zbKw%S#uK3S#2;Mry+TkEW?e%z>|mu30WZ|@U; zvfj`lXQtXMsEs73uF&~`G=@F!A8UIwrk|L_x4D>g^0>FHu)c(%v8FnNEmRkcQry+7 zA$Ah*5?#S__v87`sTs1?RhwzP0A80(1cw~?}45cy}F5a7YorL7oYBqtdU8~xrT z$$ykdxXBRYs7r5m0=+|1M%9*bYw|<&EL{wIVy9F#zF(Fn<7@YS5>0{ma)*ATC(0(Z zf)HZw5_o%L=cPxhuInf6cVfF-ZkfiY7h)}gsw9U zu0A4WMG>msdasSogV=N{Two*SlWmp5(lN$qR6_%b*VXCm6Ho^ayh7pAklUOK%rN}*SOToI<$`(iMT zt6_%FW^sDMM6He>E9d~nF$}?(2nUk>e3Xp5Pzfs}gSCsSqHZ6?oCxu<_cyfYFbzD{ zNpxE~pY4e=>wD-RlQ;gaHw;@RdYt>QpIb?)@Q@H$P-&vU@T)V;&rfcZHxrq{udJk% zXPLt>LIw{L%WwQ)$ly_5aLr{U)B@cbN_&9D;5!&m`ZC=UB z%cOFRsdWY`^|tx*i30=aEVl*3hASb~i3AEZ_+e~2vp%y>Hb^sw?KmIEQm)&-6v=bg zq>XTI&Cby&%4eiPUjVfjIo=+?pKr?aG18^D{U|j zY2Ma8sM#l40Vn=9&3+~rofLev-cP4mD?v~B3NS(a49PRrJ8a0+%_XF|k z0Lc(w0^~gMUoU?i%XTJ4SpNQm>ltHH zf2`R4Zcct%8#aWvou&K;;)}RwaZzA1UZo?G%fWZ^L6Gy19?tJ&NBp_*?-x<&to z5)INXw4N$fg{(t}BB*?|-{7KHwg=A1wlat!663?4c(0~%5yC$z8|-~}ExD{#kW1oD zUdUDR7@C(ez0t$=eogZQtF=>p6E{f~^y#Ba?(n0_C;q(y(!=_Fv0uHLRb}6`#c4n|QlCjyxD z#J$^(`$kHlS=#@((yN772fZD7-3pEm)tALN6ABE+QmwgmL{g8<{4Po`h>JX0&GbWkyW zEE`LQTf;G<1RA*f#@j2GPG<@{s&1OHOK9`d76Gk0V3v^T!P|Ng7-Hh$e#Nvni44Hs z7L0X1!>*$&^EQC7mh$=@c;b_}N>8UFw(g@Fh%bg(P{y^1UwVj#`1Rzw4=UtoC+K7i zIOQU*g~Xn?oaIcOM7xQ7qxnYA?HbZV%z;DqAqN3Imt)z-qE0F?1S_{Q>SWKH^WtA6C#atPDjlMvmL8j-GbBH6~1SJ+wpf+lP6Yy7SMQ} zE~<=b;2A^yVGGU4(8RCUWWZ=7j@x)Z@j{9N|1#D{Ec$0Y#*siz?D;D{`2Ztq&hQn} zd}3n<_W~Zvoaz+m^~h(>$GaT6tSn}++Qi@O@ou?k_=pUFwl-5)-cSfs zsMO{Sxl16W&F*cEHk!}Uuat{Au+z9-3u!hz3sH6Q$?O z%Yi4(+6qGVhT#g~N!8F_u7GYj1Z58?CDbAysr5?vat?D}UdSi#Z7<7Pye!B1!V>8k zkIT7u%5-;9%f{30yQ1;>Jz}|*mYls&R28L{zn9A-e{KEt1~BP@6Xd7(s?wt{CP`lh4da2o*OGw!I&E{B`Lkbt zJ=Gt%y{tE=72uN?bcf><8<;Ff!l3_(g~-5gH)gZPVKtW0Jg+gwb!BCp8sV6$&M|w9 zUG!DGr(^nG%l)@ca>r2iucYFCivc_G>$9%%RWCqkVFb`|fiFt2dmw=Y{gn7zO5L)8 zT>>AI=xlK#!{Ge+l^Cw)JJ5Ln6Av+}q(YX*}#<)$<<# zop6SPQUX|vmN##d$^(>?)yN&eplh1=f;o%sUlsc;$w}Clh|l4 zl-(e+g#GS#PK?It7KU7AIn2(T)xm6e#8P8k|Lk)t?3^Hu7voHTu=X@sub*1IFjD-7lU!X7Qh zqIHL=Q<{UheellNaf}3E2*6ODGUdmz)P(d?ir7D%{ySwsH&yhh1}%us)m|B^vG0Ac zUPl;Ihpfo&jv@lnbzAF)Hvu>Y;~nF)AS@C#Dk5W}^=KS*KnbECzy)xAe!Mp5gdexv&xl|lzKjzPL;DwdqJR6le`&=p2_FC;hK&MJQfT2K;Qb_XO1k`a>TytS=!LMn zCUT`E)x;HYr9%2*Df1*mt!C~peiaMd&zJ1D{vTWa*N>wtFpXtPEK!ASIWMNJ1bOa~ zvKLbhsMz0Z!e8GB(V{Y`P9Y#yH2nIPrvK+B;9`DC(wDun41cTEe=RQ)10FCz7`Qnt z#s5_Oe~BQuz`Ly=*VWJ>;V-ZBx6e0<0F9*l+t=@a;cvC`pG%Tf0vx;oKTEab-&@>2 zZfgnyY^8deup`#rD$ZYf;*(1QIDmXYoP`$w{_Rt}+_nk|5JvF|aYNYu{dZn`A_gE? z#i;N@`Tr&ibss<&%GS|KV*gdL`3Qhy3naQ7ssFj~zq@y_5FiX%uHK`p|MK`$qlz#{ z%Is5Q1`Yq(lmGnWqf8740|VdC>C1nWYylwI-ndi_|(HE zswrXd&-^3B`M+uSuUJ64c~0vp{+m8#3TXkRJ|#Bd@ZXFR5@zo`ppY`|B}ML2^5{%{eNeZ|N741 zEtBg1=S9~4deC&{$D$kfA3~Ok6S^ir{$a;rY4YVd9b-(G?Bf#% zdT~-*<0v+oR(gUh4}O_)8XJZ!lm-e=fpVooss$q=90lDm2%4X$cs%cn2RZbeMXjdq z{-{=RKA?`qt}7PR|9L;ALYUkkZmWmdX%1$aKK87ks(j{b(VoOH&uS4?b@j|pf)oyk z(u>67Nih1=1lAN<;&QQxRGM2G`sjn%P_e;5DN6WosUW6S;4|-h#8b6vT`~Q)|L2-UKf~nGjS2!qw2PFce#CpG zCWRSgnpMjgrOc%rtE`0%uP7IWMY7z>M9OCH`Qpk$#XojMx2)gp?@T)LXKSZVVb66# zI?hDH5U?8=*&8e}ikZ1khMGe*GXeR$twf$qu4=^gzmt_$&;F=By%bOw8@?D=1!}0262NR3!26smDFQ8S2{SrOZ)T7YQ_4d2(pbH}fpKeTnM4Cd;kqVfZBE5N-{w>#yf-YNd>ChUu7XZgl=>&g&fPy>$9Hshlmp? z=YKuqf$qY;d;S$HA2YjQJi*f15PSr-P@x*VnXX>H(#YY`H(`$1EuillwO?Kyt^}&( zcF1aNT#}JqZ3rOIV$EpUN%y%Fdt@y^R9~^SKB{CQ_zZD^`2>K{$@yh!i2k+I2!mS>24b8$EEeWAZZCc|D?h&Nu}|YuW=K1MXe|{h{difn|kfU~yQFcb8$pez0A2 z+v#|$#)DKAcJ2PJZ6?1+Nf&W%aO))n1f15jj4O( zeyD@xeo={Tl2QC8uZc4!)l-9#x~=4?q5SEq8$3awaRpUqXlEbfm z{P>Vkt0hFreoW;O!XPPReLLC2*42WQtWS_kn&)n1Dg(speqdqvo9ZG$!I_hQ*`@j_ z559+}?0hHrQ+HD5=_~=Am>Y0t3b|wJQG(j48O&LUUVzf)7SZkLH$V@5jLAVoqEYHa zciqd+8>g#3BFhw&3(Q2E=)>nZX??X0w3}oH@NGKZQu~Dq=dPILjyRQb$kVtgMSC?$N9irQIB zA992wndgUXL4%qlN6Bs}GODgbdFUjD+7&2@oc3z?z;b~cQrU`puI}%m$lUK8UVVy3 zhiqk^(PV{r3XOU*APZnE$bt_is=%bxcs>3#FvrB^2{8S8HOG;j75*)N`cP0ZZIs1kBDl0y8wQ|1RRSOf~LpCn8fK`VJR$R#+t~CHvq$+_^QkDoqo`} z0;+)wmaN1R!0{sOiQv?*t|W z(|kWed-Q%L+xdWrHz#jM_ttp;!9ZeclVs`0CpGFoL!9rzL`wu*smhA?cQ zajs1$kh6^H!+6%o&+9vl5GV-w+@Y!(#VP5RcVSA-2~JADzQIw-=`OqjCfXImQQMGN zvMPEiM+8#pIf;L@v!K_v3~ZgJ!svdDJycu-n+G8i$j75B+yatzL8w>n#j1xa8u3+V zb_e_`b!-@O75oMh#SFj`i_>}El$#!Svx0f8ci`YyPIGOw~q-ZHsc_YblkzMW*D(wA!7lu-uX> zAX*+)F+L1AjDMocNnr${?UKD6nE{r`rmWYU!d_My&(6}i&hwoLu8MPp$JHmVjF*9y zU8`yikmo1K_1us3CwVFuu7W>grZ=q`LlHn(K`49MRsyac`z(8lOw*F3j&Hi$n2nx1 z+10v?{*mL?z2x|w5TItL%Fo^h1;G437ZB;?XWXH)calqLQQ7pv$+~^?=N|l45Oe}7 zTgQPQuVd+1O}8{WW%7d`eLjQn(gO}pIM00!@F_3p#hWMMO!E)TCuoKRW~+#TOR(RP zE&-l2w3Zl?IHneid_@U%C9$s2C00#&meDQ^lg=y$`7<1F#KToG67y5-Y7|j7adwJu zy-^iaX6rLFwrO0?cWQ+v&T?NBU@+53y_&h+?+2|sgT=$`h?k63`FIX>Mz&!$$96kc z=ndHIxGAC<&pmzu_9(adANl#{cj(-aG4pu#ydH}~`OH1578*o(4`z;|XM3seBsO|S zJTBQEZw~vPJRctA&%1lpDKK(3buM-}H0U_58JEfgZ>Mgsx%ED~Kdo=nUdN6xJDxFe zK5r&ieJ$NZ$Y_bGl(@Ra70z^+R-?pDNo>FAba#3f@p_6~p70RxaVO16$~ z5^yxTi=6JT4Mj_nAHC5fOPC{HLwGqus*p|Os*F@D|*!Q zCj*D~IosSyKvqfxZ_)C2WdlTsT*eM)(prT=MI0{cpRXu3|9KXGE-qOpZ=vU9p$-P- z?LGK8y_uNRa>5((RTeNVO|4)K zm{$MB9uPkI)$32Y@yyi>rV7WFh`c_cZVbSI2|aIC3se}?eR=15E%cEJa^lr#_?KPx zi@$e$XbnBhp?WwKra%ios^-6%C36^%fYp#jG;rU1Wgf01rUndiPT1uebd;0PMl!s5 zjmi=@Ei3r={fUc|>Elc|kWmG<&$?*p_8!F-_XaQsQ_7~}8=4yX?1sh{m+rcIE&}?J zzdv#y$tG-9&zLjnK<#vYmNbcv$SK3*NrL6qy9WwyKPK{&wG|Eull&_|OAc+lh^*wm z3u#QZ)4rt{W^j|sP4Gaev&nuMGpN2Y@+r(O?{?QR7_P{i)*@2z&^xZb7Vo-x+z$O> z1X)v1(_vTJ4a1iO8#0wwX_F?7xLgt@*Y*3B_&*_sMW zH>~@k$pmLd3Gg_G%BGQthX(^GC$Ew$!6Myf-H?~8~30eI~u9l>s|ff4Uzucf!(A%dx8oOSCgwCI^0!h zFabQJJi-oLj+j#D#K-cy1gJfBfQV+egtCG8iLtIQY^6VhGCi?*^xel*L@u3hAWlzL z4FaAt)|U%93dq2!CZ`~Tkr_N$mN6XUZbXK-lr=}mSVJzqD!_k3MZe$IdB%mFs1+Ja z)R;@yo1avh;#o8k*9`*B$^-iDfMXM(A>^wma7`RZySDGM?s&rqy>#9LsElw~s3q2o zXh2voG(_D^T`y_a&-Km<`N-J!(&dwAqpP>UcP3MlsxZL zt=)vf0ELBvL@WGicY@O4)g4e7{Bg^=8q$~2eeRf^yStDWL^tK0fSdXC)c(d+NVU%H$9W)Fz4{9Hmp=&liJe&p=rQ@ zrde97S(O4u6a1vXUf`n5@OpA_y#>BEiuE;vPOT8(ym}~3iUVfOm>i5oz?qAQiHr}$ z18eJ%Q2Z@ve~v zu^M;U-e4e|Z&(9nKRpoanW7lS7B|_QPgdHqwo~n7`tL|sgX!p-70<~N8_Ig?`w_I3 zZNAv_IFsdy=rQk1ey7#d6J_X>6;IlLeYonk;`ZLpW|ZAy#8P&RxoPQuhcHX30JQ2{2d>Lh+hUkPbEb6VzTnXS#Qgr@OTjmaI@(hov*fb<4@179>Qqb2U zjsQ<;H!qceoNGCi%$`=56D{u2A)RBz3xP^b-up=Ds|LKX&DakLE%=us9E59F3~f%O zuvpYqE8T+#96x5{JP53aLqp9%52PskXmU3m4s8#>jTE+7^^JXLZ@xHAicw>AH6hcx zDmB6~SFb_FHVi%rsWd{T1fwsY^4?Tx)vj}LEBA@XUwg&;i<93_P&a8QsMta3bEj0a z4;~4O_A@=wVlQdoUTzZJ`?@w}oeGDf_{;Dwsi)tiO_G3F(HtS{Qfl|0pONxfZFU_) zfU0p#3?=&u0XSt$>zSndz;sB<5?0xT~)?-#(igESRI z@RJ)0T?tnY_ZE*u=C79Rda#_*jeKG)l7K-Inx^-y%4s4_zB$!hVj6^90W0_@-Jmt( zCpukGIci!JO&hVRij#01Pu`*)F$0!_UM4cP0_R3122#6iJS;JssGOTM8!;ISY09uj zoo0)uYR0Njk$@{BMj+pxcujY<;_KvSqE+2E0&JBXG2Y>mbg{7`Fx?VasEQ>;)?|=aG&i>+a0O@kCoV%KggS!&$8D_^ zsJ6!~SPXT5;Gk+Z#BQ+G8A6>B%~TNYvo0ZlATkphaqy>XLLC3s&jbFFoCke2o`tl0>2e!l(If2 zg9QzL8NHn8Ap_EP7xc_HO_Jo~QiH_@ZCw*{;>y8C+As%?I0;Nt9@?P6%=O=jsPJj- zw8a|Dafr{Ij>K;+t~ilm8lKwbv9<8lPPh~nS10dYLmMcMQVipDb9MTI%@;#JU;dOn z#Av3xE+SILlk9H1lIa7UO9`}`aYl+uWnZ3Et1ajXy0&)Eo!l=(>u!rT-!v&%$FB8J zX5cUGh$Ni3_pI_lalxUwt2?Bb;Ds`6B7 zmpq_V`KsADEx9=ZfMly4%`Bu<>|9$Ado)c7@L zH@*<%@GKPW%qnt1s1hAkA;YLwKtO^RV54FB1706l<}@T&Sc4egM>n@#N??|BcngKz z-mC!u1W2+9a_TskLU<%*aY(`YTju@oP_gG2J+ZP-;&-4m5m>F+vNT{Umk}g5Ks66Q z5DKHg5EvlJQBe}rmuXXAG<7k?SNY)8T&h}GC?bL3t|w5+o5Xw&d~w1?qfn#5+UR)yT~nuqU29W9MoA z5z^q^mD(R%@e-km;C_h?MH$0f@WMq+Tz2mI8{+f<9%JMKbMuXj?I|fnv&kGJKaW^X zHK>0tSWz|rk<$lfarRTf$Zfk5%~O1?xrZys>OIWTzFj3HXYxs!Pl{3Pk7zujor*dE zU*KJt2Xx(iYi_eZ?HOzN)aOK*_&b(i8wVVk&VC~x%FEDjP@&tX(9KX1#o}-Tlf8t} z;%-$Gbyp<%=lOOKt3Y?sRRJ%k^AgOCXB6X*J#TN?fhOutE357?nqm2Z`{`t>H-=wg za=N;tUI;z>kiNvw1@J3qOe9RFJK0g)Kt`AV_1;ibzSg-l02VwdGQsmdW({;}$_emyMVz0^d->I=p56526 zKW8Nx;n%(}-nShyumAN+~e)3hr&pWJMU?60~lZ zJ3^&0NLw>Vv`Q%bQ-i4|2=y?6qc|pVIrd~^lLW{tpHG5Ry?l;rB|Dz5`8|?=Ipby$Q31zxIRP%LZA^; z)?83Y_$MwJ6R%A58e2zO01fgv;{CH-=h@@h)SwSCjl- zGF=d&F+Qx4!lED;z*bhuQCx_b- zkvh3HnC}m446UP^v`HWB)nYN~iwxB2-N+@Wbb1X*sXFvHTaUg;ZSa?-Ljc ziz+_r%>&^sl_3i?G2fIf*h0%w!VpJBYF%VV%_J?(*9qEr=X10#_Y&^-lwLffxKJo> z)N8ge3WRfK!zCyNfN&YG9)n4B7q#BM)QjHzFyL!oIAIeL%v;o#S$}^7P{w0!r|RV5 zjNnlRABQwY5e?&A*&a`mP*!|My2_KFF*UBrz zp=sanId2Sf7~v>_7(5sR^H1)Mk0U~t;D*sSBX63SiYLR?)1UdA4L6glx+TE-Iw4O+ zb4o;!^v_GA8oAVbu|wK(P9;RrMxC3XY@01l8$TmpwDF>so1r#Ue+=DD>1!*z^H{DWLy&>7~@ z6ZBv0BvlzQ+NdxsWTyz#GYs|vV0&Vd)MYu6niL;)Y=L450iUamx>CsebvJ8)WJscspnmj>4?zV*?%%bfc3|A#2G!kevtk@>>3A5 z;>^xk8GEzOxo=Pq+6uq`$QFQG%V3p}yWp)}gly$%QL`}HV{gf)+0mc6rqaz;Z98#s=2 zqf=dOC=L5ng)y7Hnbp5^m27nPFwbCot+4yTb-1LUWM%K%F>D|F%)sDvzOYxaX6t~S z$*b30YeBQQ9mf#@^k=6PlMQ%Zw8IuEe58k~7dRcuxo)>{HFuo%n2pw+BJryXP*qA( zVf_z&o9x@lGC&tw?*g#Ltj4*-pp~&ZLWmKUW)90bkbi$QeyO3R|5WkyfrS?CM82R0<<(dpJHy52fALsK|@N_vO|1fj)0JG%yhxB7;noB zGAdUt*J&R|u((?6qTUdkJBq*X!Ydkl|3Z<4Mv;6(tSWw{DgGDpC-Vo)&RQh%)-VuH z*^bZ_8UV8}Z&G7%g>RK(08R({yiZaYTmiJhlTU**|J)-u9EHI@)Z$Dbic!nK znlYmrzp<%`B=hxw2-GrSx#kuR&G2`jDGn?cWSoa&ig8IFYz2E#7rAjF5 z-K1Mb*YNTnCi*gK%t)#LUV?zD{0G@1h zC98@)iu^*6Zq2Mh=slBE7++SP4{#x+wZpvpZh^Ft8c#Cp4Rgsv1n079F=*P5q#NRX zBID^h%K!tA`%`Ux@_?SE>hhuUb;_xS9E|*b`1%T{EVr#|L6BEa0cinAK{`~rLzIy2 zl)#LRIp@Fke0K~69+Yw3C-z=@t-0o$tMSe4h|oB% zN6I?3NbP(}CrxZheY{t$>kln+OGi5UvPMjpXK^=zkoZeoGYxt7yN*?^6BavU+pE!~ z0sXyZ!zXsu8wi&9_`+IEd-yFwl{o%+p)>uDCmd3*`#8ZgTCAS`pim}9Afv5PJ*$)2 znXVm-mP=DAgSwJDu8y%+0H|+C=J%Ng&PfaiY%Jr3sZGYV5+XO=oJ6VHE3fB;ipL&q z(OjOk9g9G2Fa&_dOr<33z!;P&6o=bz27CoY7eoefXFy)BW~A=x_pw$h4obDJyEy&A zmi{?Z@Cx7rw^$bq-Cipyn)OCWUz>41Gb6D7{<^U77CwUd9Mg!5)u`(jhn*7zXK)!> zO(g&q4YC4=2cSx*s2YZu2vAC@?4SjJj2)#hJuINPw>|KTSRL2=-!3XUkVC9-9R3hN@&>kcCm#R$-?hA{`@nx27TNN-q00FIF`UCpP#qg)M$d+lWWM{l`S zw;49}80rb~K`GrrEVuy})Z(v{q#1!9;e}2{g1zXD$v)ATX*?OoO2jJp9yeA(bbG{B zW7+(TYw)_n)a#yRi2p+e4K$rHj;ATXg!?6%sZ$j$BFV--@3plNIK&ghJ6xZAUL#cf z={a5Dc)2#CQ`Zq6to6r__!M6UO~?*5DG8J+=ci8?wJ(VTKNt=h9#x&PecNV5y6Bf2Ph~AHMCAS3q=j1psUjJ)h4b4-$SA$@I8a}Hk5cemcL4y7ZiG)g zx5tYyFYaMc)eFpU+GL0^C3xcf`XEB$c~qG0m-m@1ebg&=@yvhSkuqh21W8Y>xSDkj z?tYwLO3zQgGIATPZ;PF{9R6IppKux%OS@e(j22yR?#E=_K20Sxyf&rTx|Y*wOn)8Y z`r)Ct)!?&E|0{0&;k!)*ARK}=_Rs;r6w>mORNT~ecc{IYAzF!WHm5oiB>23rN%{$V z$K>SRPu>xE!j(Ha+H+{!jiRd7yNn{sYFz6)j%%h`F%iayB_eR7Su z8_I(!T4i|7-rzdJ$NZuKXg$Nv>7{Mps!k?AqvYFnDPS!64q^#_1{N07qI@73nD-NK zt)=z@)UWF*J}-Upel;I?yxodVXRUoS_d?1rTHAj1P8D_JE{|!+PoW-^u&)FrDUOr7 ztC$6@o(|;>9PHw+Yh*tAwRT{D+ebIgScP#N%8-YWK;Cy+T#~*A4-yk4aey_yn7ZtF z(#OSQ*q@Bqybf~66JNKCU&tm3rr~xY^}P=85y3>Gr)K@!T5(2t>Ng|xRC@p?4e?=a zj6;Xka5sg#1c{IF`Xoy0A|g&GNH;?>xm`q7Mu`IHzg`i7hO6rEdM^Y+V;TxW4`ray zUh(%s2?5vhPb!v_jaMXEPUp_S=S!N_&u}zti-_2vYc}14gPisuAxZW4AI|P{GK_3$ zmg93$j|bz8%^zleLKTlQl1kYby8!M?E(TpCA>6J7T@zVx09ec_Z24hF`k z`$kv5t5Y#JZNuSxr#nv|Z|Vl{>&ov*T3J`E{QTEbe}2w*q30Wre2MM2Z;K*=~W4S6T-Ti|*bAdcw=-evht zjIE^Ql|JM;!5oMPGL1kbg9N+z?EJc{!$?Vvwa?e6qYlJ019UR1=_hV$X;FFh>ODq{ z$|qyv-+7aYtu^BY*|k*vTn-RZi6px%n2zNBy*@BeOhHSfF_mKpc+v#{fM3pF0J~OP zqC3kQm)qGktS2l2_*Rj+j4dW+Pm}?7xHgbeOf8OE_~_?0fV_r)%UA|HxXPyae4vQ8 zUF|1PP&F%UDv3PRR&Xz4IqX}>nH-IDuB*`e^Oil~4=A@jX9mkC_TKv(;zSRJN(=+pmIlp5-4)LLnedzk5F?{0Dv2`ON z&gVNhniuPe{GLAM8OEyL=^IIypSmAa&$NL4isF}b;M)@dad}oBY>w7n+QoynYcvgD z6e5U8lvBN3RR|n=n@#d-v7uU`2IMEew{&fA0W=`Q&Kj9FcknH0q`w@2hH((Y)v7E& zt-si^@G-A03TJfz961^8=tZKhZ&4)!2bbm`cE?6;xyCqZ5%S{?l#;KyuE4sr0*6!E zHLIoAEWUVeDM~Zl?K5GVd6f|(FA-x-RxUw3#w#`wLdkK5g<#fOZIyEDN0T-S=lgvO ztbsZCyytVMMhUJH)SQYx^i*T`73Kq3E&PLmO^C}AlLeU|4eqvE>_A}hnNS(p65!T} zuiRaEH0B3!YEbeRYJLc)uxRckfgdaOI%x(!cdvj;4*^*Ud)asG!1EN}QCh_@r%ooQ zWBfs~tUd`idcMBMTE=+6u~W1E%}JPoppAWkm-^H8d@|X}8ipj-`?AKqMtMbbERUzdJ8C7(XPHZrUuhlZ6HaGSso<%4%K}T9`&%^jffH*Qc+buCT07nk_{a@m$)b zp2p3bQ@BL}h9}Q1;JN6=`R^{YW#rMExRMHn+Zc66Ga0$dukd{eFT%lcE8_utrL|~F z)1to0bLX)Quwc0oERtOJUb0ZJ%^c&MZ&&Xi54NjRgDT{kd&KDpEv-^V;O3L4zFG(z z8v%(z@-%3bV2xyL)?^uKqR`;fK0erwrxWN8TzGzK8lnvvTg>kFam;|{)xgiyp-fqbd|3#x z=*S^9V3WT9%t}RZlqK1hKF-2Z)jJG2i zt&_J~fe_lJX48WO!ixe6=bnDaJ5SNWXwW2awA&^Nn4aB5}XKqk)qwh0R;e+Q?Nf&!=*&?e>T-I1@^jc&p_*hc{Sblm3aZy zPz1`cw>fCZP|+_l>IW)1X%5u0pKBlBwc{NsG(eli$O<0e`2k01L*r>i05);Qq9 z7WaH~$y?{ryIOq^s`b#WP{NyTNHWv-5+Ld5fXP=sSZA4dpKH=?RQ&_zhE4bPQP;T& zJ^ttJ_h7iMzd8kcg`m$~3wM1;cv(Wt3w)FAb}Gt(+{5GC>NIBAfU91eI#fbgJ*v$bJOlHCJ>3= zH3zn7uz*%%uD2qe>6UBgf_1@V(6z683Sv`+PLsiHeops$w10w9d0K~g8v4kMHj6Q6%+nN z2?>oFT7!hyqWy+cNboDrXt9WDu=WC4e$Eg)I4)+<$27SmGR6$bQt_0-bn&PW zdIa)ziPm{$B?HfWlOXPH#tkffa(LW`9?IfSKCH3FK1isqBpxzq@geh}HIq#gaQM>G zcJz|YimA50BHi%2@gT+%D&ew<<)jKY4iwAotQco*jU1knG=Lq&nvsVDfK7RKdMFNO z=rd|yC-EXkAD=84cy8?%_pVTEkvvu&lvyv1=(|7u^`y z3TT$&pV#c}ix&heG^`-~^oxU!9^iCUCQFVwtFe)5HMQ&>Ze?FR3)@BjBX~g5-&aDGS6N;6$)Xsxl-2_r zF)%km6(+|NOf1NwBpen%d>d!!c6YxSu`hjbk(T^riaB;N=^(jFflS#?c6#5A<6i@6JS zK4A91D_X`k2W4E`57tOc&xb)k^Gsh#Z$;GoPM#^J+EAY+UwZblqNR$4-VN8+Gk}mE zPJd}Ixci9BlaL|}c?B7#qPWS5GFeC};DW^e`Huk4n{97)-!I48^qTHk_r)I}JOXj) zpktX#>iH)(1f)IR1p&X?EADn;mo;>yuk==^__^G9BGv83nzG{K;(b1Du4JT~Ac#|) zT+FWcakSHCnUhop>4?p(!~rr8P2>8A?BEjhgt=KCk+*cvd*Q~&WY!qx6F$xrv;*08 zT2iuL8{dYzyqd1&BO)YH9VcSgkG!ber(qm=BP|oN1|O4b;9uHCbXK--AoNGKo^(BR zPZYaw#U520K0B`zBTfk76xEj<-4CduK6C0V6O4S!pPhpiM%Ev7mD90&@(&dVAC=eD z1){QX-ryg+1!Swjo+zJe37}ZwAGWP*eiTX4!icTYZKycKilnUX)W8K+B z6t4hRR=e(nCc8Q`+%5xD^y79McsT^xRsFEQSl!#0QLg=|jvBizITgu0EFA)!%pR~j zM)&*tc;2M8UW(F3?^^8k9^NeS-1BvYJq%}mAJI83TCfh1gI73%x1}}#OuW=O)4ATB zSlJ*^5a33VEQppaS5TC`f^3Io+KqhXE1S97y;>Bc^E_SZkofG)ov2RuL^c1uDE8%O zvV=BWC8p3>RDMC^J_H>aYF!gXbM!_@cr|bcGUzH>sfi{;4Mp(MV+|)rFz{FuuZ`J& z_XzhCS=lR1RDOR9DMVz~9Swoz@`PI6gC)1fhCwx*B(XTDP{wZb@VtX4baVghth)WZ zJ@I83?3zcZA++>GPOu*X!c;o6!-^#PVdmIIIDJ9E!u@4(Bn5(=;rkId^7Hot4&@H_yP1~Hdx-EgJ_x`3@f(%>O)LVqg}h?t(w{fvrTn-d znoDhxT+q`>2KVbygrWwO?nC)uOm88;BI1=PgWJIPLVXWYUS5PHsW2HPj%grmHSo+s zI%a8~AB|p#IS)lyU76%KoPl-HQm}LR1e|&?Rh-!`Z%}DU9>#7WR+UwOT*&*zONELs ziHY|9IRO?tAuM&%-jNR8L3;Y9E5&x-8R7%)?rrGh<5j=)M42K9ClRs?$(vq{%}o*T zgDor-@FEz&G$N>PhPr3wegqS$u;`r%vw? z{##lX&4iWCUfH5q7;XWt@*F%*TV!{7)^af_0{Q+~qmytLJ7@X#&~u(2V-4)XLtNKkEZYR-P`CCi6bB^XRH4(! zvrQAQ@@%Z`f#?sXFtT!PH+$VYqbLcOM7Md0f8RXr$D&O_58BuJ zE0h8*1 z=+~`)_5Ci0dfg>7y0eVS_Z(Jbl|q|@WssF|bWzYPsfHskajH9L=SXSxZ__gMN|_;h zWkHf1bwj;LtnsE}Wi|gP?La!}oNy;yO+vu_Z;V#7?GW)3sOxvH`miv63Dg}jYZd$_ z2cor?pgfCctt6@TX0d^bL$WI-OuSvACCaKEW2S&(_Q+DE^TV$7YGhF1TktIihhD{o zKUzFB3)#+^OZhGFJ+n{v#jboA75BWK0%{`5`vaQwk(?}>vxHS-&iu8VmgEM%<$FFk zmWK*;A?GIEs$;m~Ck@#APrW5|NvwM@{1>>AIoVuq>;HhT1xlO9?3bg?%J|frlI#q) zWd3{zyaoiShY86YKme1_8`rtK@Ji99B-nhAjq+G|3C{z$EwSODdb4R4B8|g7f0;-7H%Kcq|Ux#e0oOPTmHFPmuHr7Cb!lNn&Ygv9grYguLthe*NtR{FWXB{bb$O>i!5y)Ys`P zpvRLZdL@-)+l1ZeTWuO60?%!;pIXi~ln~(XRKi5ddO%+-swjL9t3T~KaA}I8kG4jCe`Gsl zKcZ}~gp++}Qsh+udpU7JyPU#kHVN3rG&w%v^ktwnQEY<>cik6gBbX*xH1K51nHtc{=@f9T*tMcgbOz4i(hg!!H^s(S%3P$iZ6Y>`=)m& zN64bv>!c0r=#4)Je?|NO>UM5O3(%BqMM5k_F$Ie7c=!_A>gS#xz43s~Erjjpdr|=N z5OPGMqx7&-XWhWm48)0ne}s?}0vcGDk5j9%mTk;mi{9|l`Pz2|F*uu|^@G-0Dg&_^ zA5^``F{~-R-y_M7F+!OgM!#P`T+qNKICiX=Hj=$jGM>oWGND)Vn8$-zvr28z;4L4e z?`V{o^~+QCx%lPcTfDuav57Z9>A{{93Jx<{cRep1cXw)PglzM=lVxi>pZF+*ceiJE zl}G!1-SXFKs7v$H#^uNQo_ICd^s-YzTEm|S2}kGV^TpvwivM4-hh->xsCOAPVVhm; z*F^=%Y>A5lP$<+47rk%b+z7lXScXSem$7OL4?*OIX$B2m1r0q?Z>wDqw9a3t}ouclz&h^|bF6Qj^A>!&! za&z8nQ|@!}SwDtjW?_xk=JAg&r<9Bn=8Y=QxN=sbu^2R`j^q<)S`NbKn(M-`q=zdT zotoW0NUMK9>5r!wQeUUQ@P3QnwGFg{m}-yBHFsU$V-QG0r})0s?H4y3tDkHW6>~&O zV&7YNZ5E=eASu5>m2TT7a-%>l)0jtD*7m6Fq)qs0UVty?PEkN>8?{E=F?W*HP~cz= zZ7H`$z(ji=<#S!aNb2vqwIv@VCHlN%l5$VX3B}CnGhb!@dMAfz;Bbgs*^khfnyg3p zIDT{*|GZ)556+7Gn6a2|DqpEvEkhO@6o|L`w=g^!tgVVv0`r(VW}w%E-1bB@QfwMgHp%t+9s?a!4`aI6IkmyB)Yiv8H?lECVBoskC+ z$1EBP9znQ>Pcn1MYM`tr8OaMiGLsrtI%`{I@H@6LnLJ{a5*V8c@FL*!`$PGaem4M1 zVtLL^F2Wep;w@JBuqGBr?S;LlmofY^A4|2k!V`8=;z~~>Bhg0?J}HxplNqiA#FTrw zb#g0{T6o?n&u+^B!n#-*AZeKmrZLo;D5n=S?Km<|uR4d*7RmU!tsJ>z@?mv7Nm@{t z(1|oF&f3Qu41kv(k{)*TenId-#*2D{QZQeR*w1O03ISc;E;+z{`0$)+nzFYZ{2Hwo zS_Ns+uf24F_ht1vW_c-9?VlZ^InZZQMtgWGi}`NS-*BxlQr`&IVA|#dYX(yQ~MGsW=ii47fS5+cFjYFOQyL z(ktoXxK#XTFez(0rh$A_UwfWya>Fqd)l>+^>8&}F6KUzF+NKIw1|^Sxf;H-vA*Ab* zX$Ul94yH${T(|%|!XOFOsi%mwtA{Pui$;nQ&ijt7W^{1N*WlZ>67r+T{97suDiXr8 zpiTaw-at(6C06U?56(QbMIr+0puPJqwg1a8KHT5BJybA*kK5qteQ*Q=!k1N2zhrE$N>tu+M!mPY<9zZOoumKp zwEz6bcX1mye|SWWeC7+pg0yfl<(#&NFCwv&<#pwlG=_CTxfRUoLEv7%{7!ujp%6{| zj41@OOA1)tcK&=}VSTk!oM8Qd#;wD1=j0nO!ur_Q^7NKq1}3V04M+{r*Ty^misjG= zTQIk%LSHN#k`ZfhT1mhGjSJ_pXh6IE&$iF+#c=Q#bOpGzfqN32@_(qla0Rm<)z^<* z(351L>)IRhNk-TCsOyymdcgIJ461%B04w`kG0st&ajpK!uRT<`G;^+nB#U{sXTYZq znUPH0(_b*`DJl4?q5mJPEMQMU3$|PD8---P4KzsLt^@SqR1^Muy#Pp;wQhqzH|Cf` zfQw>wlP0$;0Pr^mG!JNUpJ+9B8UkWWSY|}eO3XGQUIukn4rzfr(Ib4yC6FuyLjF(G zcyR$NOVD5{Oi1M(E97YcG^>F+A?y?Y6|Q}Z^}REH<4=qHznX1cY#SZGQfdXLDIp};`S6N^N{{kjb$~1vv{UyHVpJeF zKi+=ai2uh1ATnH|__@Upp0>2g5@wYHbFBqSlu5rkI(#C>m~=sL3!GP(T>{=lAU<2< zl#ZzE0@-7fYJ}D#0N&%7vz~`OOz@V2_TPFPV^=SAxwpli((r#hTlDY1`runHv$_04 zSsE|T>ETu!^B345nyU&RQY?UG(mSXX0!9(5HE;m2hc=K_N-pr{0$8UIba9$NPb8_e zfOLbJ1~g*~Yk>P~;Wts5o~JwtW#V>;Yt}!2PhSA|TZZ7w1E^PE4oQZLBO6OQDB>V? z2;QishZ|_`P#TUx8Xd43@3j{Hw$1pLr8!i8?YncCUHTj}Zi!_aJTWN5{adhAa|A-b zz@}E9c|i-LuQG&O))uWlP)LZz$m=TGtq)}`GDk?918L#{7%1aHTine|l}fD|IXnFN zEg?2UP|5*HyRpTe=YU*;5Tm8cqEs1EC!Oqz!dRyU7-_~eQ2;W}9d>>;Ep;=mp~9)B zcJgw>VE3$A!$0GQkleUw-&27ucgtbrx(Q_G+yo}T{VM&A9xTM=ngot{qEvp zL#exSZ4)w0cL@icHbjC*W=E#|UMpr=)(k&Ts&nDm!+Bg6mExw%vQ;T)aG7Ho!c%rl z6920k0xjp*M7|5P7DMMVy+Ck{fV>CD&*p0GCrg%_D$L{yTVRJ3whX_i7d}5;n&QsUE(6 zG~))`9@9xIr)Y>;6c;+HMCdjWcTx_7`*m(JQ6W+c=t8# zoc)NyJy~d0O3m4*DZa&kvv0Q%Z|{B5#{JWn>u{i)$zUa#HA* zhl4vQ>Ju!5Yo(zr!g0AD$1mql7Z#4+Y6RlcAM-fd$Iz8MERiB8>@oDF;1HLib?)7izq@JzI#E)E4LCX; zAzg_cy!6heQ*5TWUWHfdH?@zWc$*U)xD=I)W{P&x9}?`!$5%9d+l``A2tlnQB3j`& zc=h^n+JT1%A<@0ODW&kJ^J1YBhu2>$(T$e}|4ddzfAVt&mH$(_Q--hMb==mb1dcmm zOtqUAV}g+kC<=A~WJHc>Qkr@bs z=us=PSwHSsQAP`kvRK&JaVJSUJFjNbOV!gp!a7Tvo#52lD)^TJBn_cEhdOQkFBN&R z7XpQN40e=hoi#1zRlE_3ZJ`Lo(D6&z6cc4e!`1m(os(&9oyx1;t9074^&yd&7hdVC zb$A$(Zp_T|6V?$$rs=+er?llAGeo&1rGee-E-G(*PY+ig_*}8j@;toI`I%5`k~T46 zzs6&=qMFpErZ*;wlv^k?-a5?ShBkA~MzTF)cM*M6Kc=B;uYS_x&sIWvLqsZor6@E< zQaR7mgN3H6``=sZv!2d_&_w?D&&8HdZIb;)+xs5l?fS0^?mRvn>7 z`rgZ~SJomUCwsIWk5H$xH8_^b&bj7ls$wXs^sHOfaB2_bC#@~IQnb=f?E_yItaRG( zViV_!j@2aX_W<|So7kBAr2e{gv!yz~l^e zKC4Mf5zFD~P+>t0!@q388o-&U@%tqlfcEw+?A4(>^>gN;K?ZzM|G_-doD7Rr$rl*7 zUF(~a(*XzA39KxeteQDRvuaifV`r{0Y<4Phbar-B=yKGwQitA58PwFnV;b&LNfeU7 zd3s}7V!cm9+^rwrWD8D|?Jj)IG`e#B7@QG-b!gGZUZrbsot^#1b#;RClDcgUA8dl_ zFqHfnu@3jhCM=;uD1X~XkiqT5O+1b%HAk#&OlPlT&1%hNr!B@ON>WFrumMYNYC})2 zpNsoj7w60+*X55H^Ap^`^;9DFZtTnf8~F(udF7;s#cfj-9`DCRjyykF>8azot7DtS zWz(9Nekw}FOx5ECaiXxL0ddf^wLHb8!4CUG^SM&&91sZp=NZEn!>5Y%_tgVhMT}%k z47|AQj>FhKnf6@K4YaA{_e?F(3Q19RH`(+~e>$EHO6%$HyGa>NCOfV8lj!NFBpeNK zTCHAu?P{%ZrempbRw~ISx5+B7eupD(7Ao)TuoGYPh`c~p$}FzP>Wluz3$lrg>Ldyf z5Gk5pvGNjT@E+=SqN%1z=0A-bme=EF@wVobjCruhu(90rk}?4kYQeaN|MiCdI^6;F z6flm`kfx`8x4ykv(N{-{Rc(!Cct$GD8Y@mtcb3QhA z-TJU*4v6$PqP}y@zF*=@zcc z%WX=lIh^xL3?8u7nkwxs`GrJ>I{!3=Dh7qhpI(NlBRw-tf{HIx*T3hPsns4BQ_Yt3 zMxY8`+3dW_9Mo^7xak~a0*xXh010BfReopB&)`24l)v6e3AGo?lTOj>aUBPR-}gz4 z^~Yx~f?n2m8OX{_N;NX89+-?nM!U9y23(i=Tx|0jj@tRb+CSfPtnnXtAh_)L(thr1 zJ;$`Ij7nmyH9c+VtHGg(2-Yc8P`-uXOMe(yGds=ZwxFjoigmV>oq4zsP!=WM;9B+I zb8e8B@F%*G_jxy}BM`>|P&65N@h)^?C8hpCi_^wBF)RBO3Anez@+oC;UvB7^NF;*wfwrZ|8R2L02)z2O9@ zfy1JMm>G{e^RbDa;;N^ShB{?vbLBE;VLeCxeV}8ugIJ|^pXV^q_x8CV?zAKj+!~b$fq5?SK5298{spJT&;5Q1xH?8{}M1KZ6MA zH&kl=CmQ|RC-QlTLj9G_1@Zs=TYi{;Bo|gS@(=gs-xbt9uIsTBWRxfB6#p-lb^o}+ z{xHxIcpx)c^^8x*};s3fgD3)b?Y>WBd zzjc=iym1n{TvY%FBs8oJq%Ht&gg`)?E2(mGc>8}mA+K>*Nq&!LUMheFG_P&zOslub zj6~j|5a~u>Fc^L?LoyWbKUx95 z43GEXr>qJ2i?hx0kbhd?MW`JE3cRRSR``<*BT~2|Q1e$wss7Xcjxo1Ta}%^MtN>ZD zb+*xG0TjQ%8Hvu+P-EQ@5V>_$`#*s{G@sgI#4R2&RRdz#wM!b{)jS0PSC7x0D?lhP zx;QRYHVMqQFd*9D2a~wF|M2Kdu0w#y(E;u|6DS`ae92;v+xS%qB_qR`-LyifSRoB4$5i>ZSuMNrFHf`1sitxD(TE3YIZ5R6J&Kh$iS#Hy>H$P5LrTg9a9bkKum)Q129z-6=4TAvQ~Yz90r_Cafh zNh=ZL?QXzjEd>5@tq_^%bFB>U_9^`s(R>E@jZ6?(Fd3x*LRe}k_=Gy9WqI*l{lf%L zmA>J*qMI#KTa7TbGPynQ;~MJCEgPo>C1T|IJg>$MXxn5?e1&MMkSs=vAS(cQ>S6$E z9w>6K0hpvy+2Rh|*4luy1{3L_qgL!CphISq;izr{5RVEY(6{Kq2|Q+Ppg;)VaXbBN zN(S!(oVf%GXwUq&fQVAwoXChZoig51AhvG`momXtrqf;L0e=bbwPHj3w#Sd7kpvnJ znG*sbEe}j`-ot-9N%&;WyvFuim!A-*Wiz({p)XGjU+JxuZ06d@sc5Y}AyI@; zqj7uCyhC~pu{KZBUMap0DDvnUNat|X``BrC(vEZ3%M z&%_&1ya7K7y}L6CAVf%bPXOgp5}5^^n6$mg*8~2>Z=1aI>OEKC$qlP(JJTafp>v8bDKNPvN?~MT$I@$if-9l;_pxM+>aR3ekfdFmgh6XHz2V!)m zY_&{HqW|m~={Q7E90#<^vu5CZqz&31r=XOq&NLu~>me-3t0@pp)D{*jRfl6zi$*@!3LW>_)c3I40$L z-XG|R<;CFbcfwM@H9<-i+8`@|JV9nDL>wYBW%I6#(Bpj93h*e~@_|Xvtm7=?kH!*A z7Fjw6gxjyWasgDi#%8xMLRZ_@%N|J<7`i(Si+2MKl9?tVy&f`!R9rUh!?rWuIxl}o z3$EiJ9|jI%cGf#0;<)R-?4L(e+25Hzq`O?L@&Uy&C0wijI6$anmyzLuflGhdX}k98 zp!9h|UN{nO8L&ibkW~s9aW10(=NmKVv`h0c9R3xs%rr%I<^o`9CeJ0AV}omvJxoao z2k!|&ce~*yG``33uxUmGOy5~SU|_iba5eF$ve?S2;MX6?k&8$cBDDH z%a6)z`?w_TP6F8d?1)<5np3V|n?C`tDq zJ3VzI+d5kyy21ryX^&V4fo=sJOfsI~4RQ+Y_sL$ooP95Vc3-4*t#h33j0fB!@eSoE zf#q?qa-x`vj(xi?WwLDO^(M4#bb{xQ(|^svhKP|LnfwU73Lv)+z4Z4~!k=hf!Ye_F zH00ia7F`8wHOofZdlJr3o~s8a zRaBqx`Mniw6JGS2f@6#SMrOKinVy48SfOw=>^}OJ6f|;jn}CHd29w-U1!TZKv$Lf9 z5ssJ@{YqcD?BM~LC#lpk_w!@SAJxDjV^AwZH*2X2BI4QxM@J-byQGU#z)L94Ju{;% z>s?++y6ulHN0!`rh?gI*TU*qiXxE#T!*j@_8fv7=`?`;bL=~8^>Vr#8YyAn)w@*5# z!jy-Z82(RGHhBbIUtu`57Yoaf8{U>oL~AiU&RkSk0Ys!lts3eg8Sbyft+jXXZdV`ehs(rUh8TO z1QUls?pk)i<)`b}2HEnb;>7+)I-KwCK96#=efA>C`xzC2cacDp4Hpc12?bBuaanAa z8KFj0qAOoy1bu21om@Al;L2c!Yc};u6_4wEft?p39N3=&F|i8z>6G|d6op#ozdJR0 z6KPp|Z@hP!qK!kFObny`w)GT*;*Zmuw`X`14H8UQI?OxMFHr0C3=GWU48nW5FJ^4+ zX@Katwa2r`FV2|n3jqpT#6ZdY(G0JM~PU|#x3?sucUW_BnnIFkjP59An)y!2toTEJGM!pg~a~u=(&J*VUe|$Cjd2(fI ze^sva=S!sYbimRO#Ah+J{B(kr+D?LH?En0YI2kIY-UWjYSu>)f5@}NSRYkcQU~Il+ ziOcK@Lee>R-(S()J0vSXW473xZ=p9Od5v_z9$aHR&DnNa9+$d+q?<&k(f?fC2#-C} zx)Zk4R=PM2@`BEhJoOE(fe?=MFPMU);yPbQn&w^#Kjy=27}{CFR++x4)U0>6-zpug zvV5~R-el9alZMsN7e1%s_oTwc?)E}T0!HNnxd9w2gmO~j~7Z%2P-GD3?(+Dr4ZlO~@{+UH#U zjmK9Sm?T||HCO5sI2Ac}-}GB1js`h!rS2q__W}ksZ`2hs$-7B8Fl|I^gxrm+f;ffP z5}ov(mCw0~KjY=Ogod!SvUCU!g?RMrmi-RwvE$vjLSL&_@#QPZtvmwM=93lgdk6|o z_E)MWWnm_2Izg7M@eGM_YswwrkJJshg(#YqNqVo(4r8j21-%21&mrvll3)w(6)!$R z5V20%E%tpxK~dH3;pj4_zPywwP_Q|e5vthZo4NQEqPkDwn3H9@V}C8pbwdnoK%Gz+ z^Isww{~3&8W+AiLyso|LyR{e)yg71(_;zp(FElm!IxnEX?|=Yc{ZL-D z%(M{H3*$dMqp%i!)D#PxWz>RUEB&QzK%2r*7;Fy+QgGEE7TmS?3`~uxjNcrRsZ9Y` zMBS+ua>hh8V@^*(w?gZ0S8X{V{Z2AMawuf{2A-VZI~akc_9{Eb@zGp@?~MQh99{+` za$d2#S>CHg7cj_jn+s$I&J&e38B^e#-8MYho>Iqc2R*hf&~;N@8DKRVe~Qm;{TYSV zUqoHSFWOg2_=Si&Hae#sX&5>@Ox~c^y@5yl%1zvtx;23DdHv5mHeFI;_<#8dQ-!_A z>7-K>SU~gQ;%nG{u{Ktmv9EBORk!9X+8s0(v?P@>QzMWJmyz7J1r&XyCD1vtN@)j5 zq#Phsc=dy%4b3SBO_Hk`9EzrMO}@Qdluvmh6)D0U1nxmvEqmbmRUNMa3XqWf#ZP%F z&wNDsff74DTCUpOjFrA7NCUJ!k{#qK>Jouu#=(7YZ+$pBYU5^Mz<%RICy|WBY=alQ z5b39*SxDi=iO#52UHH8X7abdiPG!;BZ0_WFBE6(mpzfUn4!a^|y-v0PCbhhx7vss@ zAh(}$e-7-sAAMb*`Ihu3pT4pTmzDi%JGY<6B)Fv*M? zEQlaP?14^<`VAakIlw+UGx0mv_GTx0OA7fK+&Ita)%XS0=6bxNrFqbn%TQGIL?^nA38WkC8|{{Xy5KPTE_z0boo#`E<0CyfLVc!r*QdtVJ(sQ13TA4T1% z1)u}R6iL`<*pEcVC(H72Y*r~VCM98g&gyL1fjvl3UGx{pO zuvZGK;x{)wbt=szY9ywF8K2_%@yW=9gJIJ&ZQQq-?nqQK^YgvF@dS<`AuEDX{b89< zs&%QUe)-$no$j{HuQMwupF9oZ^T#P4fcaghXA`kgag+ADZ%FNjbKWETcaE#7!VM&`(}PO(68*bR(bMVjigafLL*CW%Hp( zQSVRw>l21p9=b*92ZVpU!sEA|O*hs>uKyVs=2fKEg&p>!=WlU&#=}Ko^p)he zA(p^nn?^O?&~Pc%X~$GiAAc-{!cz8NFcew`1>i$uH=j_>OG45J&7_LpZCk0qP=W90Mv8|thezbH$&^aen+>AfcC0gr0vY>^a3J;=ut3~= zBR>9Ev#tgO-37osl~!xK{}lk>&|d_4HfNQru15d8oti!QBD9yh=T1c*VHOi!IdOj9 zC>Em}v$ILGONxuiH*tLJ#G*ZL933FLR$dQ+XB}A?Lcnhw5T4&+EIl_P3F zuvqO)`8pHG%wH}%2*rES`cAumUag`4BkvpM4A5auIv;MX0Y#yNBY;-MMsmki=2l)Q zT>Uy)7LnmqZ<;)gWDzgA8*y`b&R3iDv%ow3h>G7iHZh!CPdt7gAacDnrHCj@R#UM9iwmuVu#L~X+My9}ojqpV#O%zY3ffJb_>2PZTX+l7%>B*gZiaQJx>ri5#bSsqV z4QUe=>2#QZ$#QoLe<89Y^>{7#=p4}q>XCxif|Rp!V|L$PzeSvA9J~`+JamU77wB?d z4e@JL1K*{D7t0YxTy4vJNfvK3f40sgfbj&-H21p?p0?k%)u`=1DrwyXgg(4!MSnY( zEbg6ZyA6GSXFF)?kgo*d;65~UG=i!(b&SJ~UpdYmE8Lr`d`Z!O%oj`O!nkMIv4}!N zeq(peJ@dkGSM*w1#UGz^z9(voNrZFUpmq@64TseC<5sg&ttg( zmX&W{PBzZHfeo74{Uri`C_Oo{@x&PiFnxmK((q{Y^%m#5B=;1Nr>)IwlK$+`N`moc zVYN?yVlSdRKj}HcpU@nJ3gap>^u8EcFv6d#$lyNTKT}A5VO5>Nk7FXg3yZ5aa{6%x zrKLr+P(au_>BGH8W0#+YxE;I^i?w{XB>kD`R7zkI4^oif2f(7)0;u*gYk9q9v}TAh zmO>4WOtJ-Ac-!{gz%@^)Fy-Xyic?!tErvp9fm=qrbpU4&TB+$+k(PAR8o;9*o<9~~ zV8vYdNN7LX0Cxr`SsPq2=2dGHl-tCjB#9)kb4<@2Yrzw&-lmj@)zvVkw&03qbt+^w zcI-e836lzNOn+S>Vkl&-DQxVhR||@tUW~gtSpfALTq@WT5PUu!()oLT(!syE?79oE zviJB(hIf7~4P`OUFAszgAt7}Wy}#}N1-q+W3?*?P_5Ph<@4q9bZa~AlS-ol$)s;c2 zWKH931>t#&&A7W_rtJ>-%E9-q{35C=rm0%HiYxIw3Ry6aoQaAL2zNg@?9_k7@Z0eJ z;jsAL8T4?}+pDBdALoaxz%Aj3)aby--^}d4-P#W!=_F1JV?beA0qq^8rUi)ZN1v0V z7-H`^ChNnJ^8snB>8gUnuZ#|)*r3Hwf?{z6 z{2FwPKWV}7MXbpNp>XM5USKAzr4Rj;Q}DSH^O?tk_#*5^4JOfaN!5Pg>}*8_U`%`K zNDsAS71z{ZHWq_LHO5gTqvslSuaMWllx9c;3oi!1Dr4NvciTGNB=p}x6Giie>Q+kR zlTfmIAgk$ensz)x4{Rq{x~|Hjq`^d|8ugCp+c9r5?kzl)O%Fn;7P+Lb<|WB1NVyBw zZt)RHIX*aPkOYuezYom^ADt&iDJ&Lue^zzA!vT(Ci^cA@t|71IP}C z-;f}=j_I3AvPEJwC|hUk1v$sj>718vJKvpM6lqinnCn`w4@a?nkF@~C{C)PaA3Q!t zCnW_xd!r)!-Y|XM0jZ5DsNE(xNeNKxnXiu-FOS<#&BlMupjKK2)|(A{e`6zyTCYg` zDVp1QQqTV7MM#;`%)M;2ocQ321C(m3Z4`PD$|Ek5K9^_04jB@J=6$8Ly~YuDJa|<$ zYTXad@`9<>6As)*bgO1}GRi9`gejE^$f_s$yh*Zd|2o!);1cZ|6&5O~=ul~}x#`ub zhQOR3*(2ID6Vmk_%f4`F)^H>mP~ZFDNC^He(Y!Xv!EQTSeNL*Nr@7Oi8uC1c)B&S1 z7`7jk_+IgL{sV*{!!6+5VNEIqPPM_D07}${N-#FOwYHh#JoV~$Rbebz1L~8$Za;=CE5Q@A46@7H3rd%ix3RDj4B=6Q?e8%vaTY0H*l^UEVO$7e$Q z`bAhj)XrzsII|7hH#MPmWzeCS^Izm-q?^kc|E??$c5@y2MpvW9W~+O!0g^;TV9%ID+Y$j|8soxzFevf zs@#)MU5%@!RQ$lXF)MJb>k~@v{JPXfpOQX`&a^pPSpG?Ye@F0hGCc=9n+9MpvVSX4 zd*z2C^&e+AH@~U=9O%CK=+n~ZW6dM>QhD3obE~&*#;>f~>lRvj!NJDyH%kiNs;wIZ z3IyAueXti$(l8u12c88{H4cKy{77)ayl2fb@`Z*|*pMkw!V9Dn5`@~;QQpFBF&;Ty($|+FGmZB6gd@m@ z!^UcEc=3Vm#ug!k%K1?}nsmX2i$MxOaHO&p7ZG&g1i4!Du;a-%8h;?CH2JE!|I7GzPvDX5N0V&!$Vf z{uRUVt34s~ytMB1WTesBEW{BR*>A3wnV zb!&Uc8)eXI;o~L*%si`8x+2_G&sDwKiJ0rAhs>`m{iyNAP5Y zmf>UXnO`y5NcHLr9xgf}zInO-S3SD-{;qW&$9x)@;|Cwx&sG}GTuIkDB3YgGFx3dB z%XNM9z(<`qo>e9#8*I`hGzqEHx>-R2n-u7q2qe%KQocnIR}(bZ!WE7{db-#kF4PI! zB^owr*_={PrOf~c;Ou+1|I21JS(krUjK7aA&NhM*S6}zP3=i<4N%QMrbB{ zI;4o-K!>8gx(;I^ix4BaNunGJUi@3ld`f2}&;BB-&Nt|9Ow<$00Hl@0>k7^Qjl;rt zQ_M?dmE8>K4$tzMS~#UFdT!B|{jCQGVQk~^>T*q^kD?w@?9bFKcAnTP+c(!=oK5#a zREzK)UH;YyM^c0ayN28)I^D-S^@EXaY8Z#2D$s%8tClTtvY`Z zckeNfUG5V-d*o;7iy?`_Tte5UsSJmtSt-=>ax*NDDz%_P(cxDp8y{ZNU*sf~7TObQ zK8BQRp}58#%V;-;-DL@lzluBSs!*2D16%O8+mWqPlB7a)1(xB#rr4Hwcj@_%hT(`^ z=RJB}#ysYGbVfrHl9wIYDDCL2ZcXD|UP7qI&;FMQn3KfNT)qNtK!aO`~RT?ey| z@9EMk8EH7LC57CPV;hc6AfB${<5aMel9{9FLdMgc0V`0mcWdQ2_gI5E0u?s`?G*65 zs=Kp=u<0jF*p|Y&+7uJhV1**#=d4fIy5h^hgou9t>c9R8HCc4cOV^O~xQQ5ty6<&+ zSnowrK7?Q_@Jlo%49 zV$<`OQXl==3I6p2eWiy}>lccW9Ir&&(IRTpi&CTs9eZt5?dyAI~T{6yb@qPjF+_hqNqfBBqWOk@-}2}<6^oL;Z(h00TP zjbB0g@a|6+*NiOH{}UVh4~`vEgzStl#drSm_4wELKTi{-J?@uu@z)pq-!FW6U^&t2 z4o+SC9}c4GytGL)b-)=UiT?lkWugpB(M{KM5t^n`q)55O2X(O9aor;R=@Rh6vV%0; z<+}O1NAyK1nsWqDi_8RZMl?;CKeMvyOw*W+2Ost)R^@;NzdlKgotI9#e*3?FW0i_Y zv?m1|)_bmb5KIOfKjrxy2lzadTgKBlegi_uY1@GwUSJs8FHe5|Zzq7c2oUP~x@UfH zFS(Q+2-c;^2JTPsUI2HXYaPk*>eJo(^SLiR>H#Ro6r{1G_P>_>e|+)$99)Nk_O}&D z<*G8^q*g#%)&Dl`)O{kPWKuU<aE}zEVu-BvOAvimO#j5>%r>uP`Xb3 zi$a_JE-)*LJ8<2y5>5h`h11p_UW9)F=jWIQ4-W9Jf{?Tye$Vwm`{I4RRrt2P2v+fF z(C8Mbt4VZDb!XdwT)CL}lsV~FR~DE)Tm*{3R$#6z!VjL#1KdUU=oCcN)>hF`s>i}N z?(xlf7yvbEy$O(IVPBzjKcMXvc=~VsV0E}p5-&at*^C6R7DYfidC}PXE;oOHG{0U* zSFl5f9RjnYAe0%k545y?7&oBUw>Jol2bei#Xk~854ycb}=zwmAF$KabSX_?HAfXrS zhmOTQmT)WD$0S(Q5W#8{rn8UFa!ATAV8zG2cIXIa!JYu0(2q~h;M~4D7 zdmVJMff67YGgvwU+!X>fAD5II44^(dOPUGv!F$Az)F=)ljV(>@oWO}xv^v$gJ1ZtC z$_SQ2J_3h#mEN)dr?k!ZHD~aD=nJ9e^L6Sif#%1XP>CYF@ul`&P&2t)`q*FQl8tOp z0c-xQi8m%-H54I4g6i2XM`UA1upoXIdvhG(6}k4<9+tDWQ=dRtqe@x^ww|9Hws?MT zJpUeZ*2AS`JjL0cL_&=1qQ$IUfjVIZbV-zG>N2CGxW41ox43)ZM+u8F)jZvN>~4M-&7E+$HTn#b0FLT-*U1^i5p zY1_ev2jE6$WYMxzvPLqyWbI`LHR7Q~SU&yN1z){D1)(~*xN;ae?Hh39u0aSk+eL7_ z)lHTN($bqehls2JFQYA>mH#>2^O2E}cvJu*z||h+z`ibpJjb0ccqHZJnIrIKRDXFS zRG<$O+vcD~zi%o8)U`O|3HlyAfQY@DA6smQO*WqSmu=!-!y**(N|0H)eyh3B!+};N z!R;o#`vyAN5?h!eskI4Dm_Dk!-2r_tMS}gmA7<~;PA@f^Cry4mxA|md9 zwmU&+LJ3V~KLmNk-zv<1zw55Spfg*1-}zo!9utT{KZ+Fez?0OqP-OFB)0(uFfq*!| z(g_lm&-mkuSN*Tu<&ck`A0@}afI96wjv!Uy3hUY1M|Db(I!%CoM|JUvG5*t1pBK34 zglVPTwQI49PaFcT^%1$_giJ`DS^$;*>SzGzu&DM&x;_Hyq1s!#$HhU=pnmAHJL*DE z2lp1OXH1^P3Tb1v3F7ze!=?h2mbq=s76#%K5wMH;65!<$B|0ImUjJ z{oBJBp7XuNsE_IMdvS3!@N7a@F;q5i{8e$Hb=g7Q14=F8oy24s5k|{*n5_3gyz2-~5og$Z<)U{M+oO z{5SW10?u^C>f=$y*J!n4GW5uF4NXX)CKkp79^bWbyt*z?4^I}^ z!%$!vA{^gcOu+U+oBm7@%@z#II{8rC8p?YGou8oFuN}&a(FakxXnnBK`ni>3NJ#ds z+vV1!p**Fp%E4|GU;GhRDKi)lo7R&15rkhk+F%WD6oiGXq!1cldO$pIvnR*6^;D`} zsiW~%xw89$UJ#CRfS`Q}+Ya;NGd7RtoO!RN4&%A7)t_6RSOb@yP1g;it_jSf&t*}6 z_vp0x%snC6fH~N~>_^&>%?GIJ!f+OmYvp&AuVgZQ*-fZv%9giH2mM}uX7S)u4OPuP zSu_FWq{W}_1g4(qE`EgIHRVuDs_fdt~dKIQJ)b?htemsT*N5mwp%c-`Z;=4+dUR&@FHU zmbP>QLV6ZmJ)r?+bI~X(D%zJOpo`FMP3zwvW{PL?W$Tr=yt$MZuLqpB5NVD<`5orc zjFZ*?h6xkWQOkiEX;+&Y!kA4HykRwqun1d5g|muxJvkf?S8a+=CUeW|x-);;FT~?# zF6l`E=ujRI_ND%gW5-lyO4|(2|1SUHIK379&(q7$dxcV_)$gsj%*va}lf49(c#{E% zdo{<3uw^?&_bj4sUc$;y$zGzcfC{V-axwAjR9Y@2Jm0-3$*Fq+AvwOdTh|*bUjpa4 z0*y!7m7ZIAM{AylyPQ1}WJSCQV$gt>TAHrU{lCg?%3%)e_H?1S^6a#2#>p!JeV%#w z*!7v;xF|=IKB;yP_ums&#S574R5#u@_WfB=T&8Q9&2bt_QkpZ)*3LEQg1PUhjjDU6 z?vy@1`BC~{G`i>gDZKjoeG=s>FJ$hPsf`tSF_ z{NwP@vXD@kpmg>B+d=%ydyXI^p%}FX?LW4z|Mbrwb|_~!&JuUeE)Yr^6Nx>#-QTinn+Un zUk*YDVS55{I-`GctG{pX&ujbFJJODDKkhBH|I|$U*NlM)DUW1(rj&k$$^Wz({yKGx z7~GF$*U9_;%Rx}VWeZ`y>BRNV-Q_==Zd5$nk1_1G3;)YO1R#YXy6E-)vVs&<;eP!8 zXc_N)Tm>@A4B!^3wVo-2PlL^F?w1cQ87&223m`xFN;C5jLUcI;kkk*EQjA5(00@&C zmVc`}|Gui^)ZprUdwUf`us>JDNfivx2Nl~J)|+57a}x%|L7`;^_9{N0zZIyp`5YJm z^_rs|vITp{ZtMH8Je!zFf`fx? ztM`Pm^~C)B86MjQt9h}(>HX1PMeQQFPf3ZWIL!Z3AAMiqU|I&FuV=u5Cl@*eKR}iKfvWJ~r)Yq<&A|N#w0FM!L@f33jM7*d6NL>a!H z4a>xzZ`H~B6+!U=kIFuQDv&I4$rbeEU6o#5TAyLRDnKgM$PYuXb6cR4UnY9KE(ZX! zp#%$5wm;nnDC&%mQV=33-708u~kb=q@F5giITH$a&(2 zSC9q)9mRU6>{?H}p5)jBud(T{Q>{50%U@ZpS8T25YCYVUzsZR;h5dWLfl$gIU~mY# zUAeQ>h9n3qLMC`Rrp5@?udS}|r)oT+{^nB_!@0(=`GKv_S%sh&y-+BK-lnIy{CWL+ zsAyrPR|!%89^d5(3(^L7>IO+2;AI&FW*I_rjLg9GznM4Ym^wFZ8Zj?(<`N;O`*=9dJUHqadXNX}pX&NULu`4Ol&@W#F2ko4XAj^1bw0dc+M^`20@}a@kOX zx52tMSCd$NKxZ!+Y4qr9&rdG^OP)gXD|A)Ug1->=q73^Hq^6G*lofrAD8*dn1`(Y% z!hZKBKy8)2hoy#sL;DGI?l?oY;=zfwBA(Xj&(LFco1LupMI{0u6xn{7>O+8+X()#Z zAcboclG>PjmI+0CE6e`eEa_EC%mKyz8S=^; z@Pw+OU_5a%A+Qy&iO*Q~`ITy<_RlsIqni$ny%p;ix`MGt&yF{erkt7JZ01 z!CRKKPZq~cz?gIbzcgURI(Pw5*a9?QXG=n@#@S~~fBH{#99YpEx+toa0tI!K%_z}d zT2_Ma2$hXjlpW;G=AZCqulT;)ZMXtOFo<_L2Pz=(K0C)psA}q^Z%vJC@{6rA;~Y_k z8X^;t{^}8wBfv{3h|+Av4dzWuXXLj!jvNx#wh5mM6m$WB4B1zGu-5O&Hk4Y8>+H3c zYacl@|43%~^`D?cYvP$6IGoBRm9iH`WRL7Ei3szXYGs`_gN@z5`;K;eXqx7qPqL zDDG95Zm!O`@KwSpzs0y1>46tWreaf0U|+!{NaMDKzkJBMuFS|0CFqW$a3$IAgf2m+ zVP$h_)G6$Eu=lM#rV>eo=0uYz16J?xXs*{M05@Mc%BPie+k`&hB48PbG;bp8J#bb; z2Rx1AE3@W%C%!%Hr&*(R2z!UrO{i+{$i}K zeCo)f8Z`BpA7!2NZPIyB^SdPM_6R|od~y?=p*?V^=%&spXxW|3LUx6kl@t>_p98+t zsvcYUb%1ZWzgVE>3|sT}a!z-F@sjK+Wkleq%Agv%mmBQAUg>_5IXVO&l}Jy3*C=Sm za$(5EJJ+M90$`{`hieDYoR*~xD%U3#!j$+DYL4du#$LS%fd5q<`;F<1k-)~}SS{a< zmcxk98toOMrtJYu@-)D_ib5(fibBMO=e!0a+rjS+_!s`zU#e(~PWm@9-&`DP?s}S)NZ*7F97gWaHoGgQU=rvgD>1Hu8R$Iy4%q? zN1^X{KD#J~Aw0q^h3XGV&OLG0P}yLAboV@kKu+=Cot9uT91e>8H{VBJvbko9u70HI z2$&DR84!g6?ETipM6lJ^QLG?0+g5z}i?b1wC&Gfib6Ho?&#H*>rUkwA`6j zC29y~w^tRJhWAR(@?)D&`pdBO^bC~V3b*F^QSAhU?Mf)Y`*}b(3Y(ky7*?5!D<7$U zJ0wjAx&DRDDEAL`XNlTTv3LoH*v^33mdsaww=wl03)R*(tJxxPJq60&lzg-Huz@+BQ9!P6)fbAk7Hq3ZgX#HO7w`v%wqFB1NhFf(7 zMBDap5zTe&Bo*<5ZrV`V`9-Vtr#^g%U0yhxP<3715Fp(HLu9Q)7%k*{U+!Bq?<%P3 z>-LLJ3w9rvkY$~_Rk9MdOEyQT<@*Tzps~s&_BCj`Vm)5f@HM&B5HBPIB8UnPDlf%E5|)!4IZ6h{n69gL0>_aCjp>Z(!-Qa=HiWkGrz= zcvmT^*>KWz^+mnEKZ^eVhU^(=+7-9l5F5D$zT=~Fi~#nXKM=~KBU(d3wcYBFEn}cO z>#7Ml2W~5#QYm&h$JD@6>)fT((uc%1r}Jm3 zeD)|LTqMLm`@SlVS!uxbI(5<%?2&?mEC4S)OFg&wl`ZMX49_u#>78WShjdk~(in}i zn9!&9$%Hqn+NF3+3VHmHw!xZWcSKpNg7CbI0;c;U37wOj-ABqR(-##Q+*!+Ha8+eG z$CqiTB5@&pG0e2!d=?kC*;<7;2ie@QzKJLC%HNa^kG+s_=ipbn(_n@k`3R<(bEHCq zAnl~-ab0AL(?D#jT=Etm9%tu-T2CFf%lx*nPokBSeuCs7^!SIm9s)&F<0++r=}!dFWC@9{6Ztxo(TJ(fF+i z6aHA(rDCR}gQZ?XyCVjg+w#ZZJ8oaszU}97CZKx-LKY)|$5DJ|J<@I0-0S>ZDXvSO zvkbGlQh8 zq9T1hd8BLwN!;EoMeM2{Lno;7A2b>l8Y)b90-BuG(V)4@r06$@!NaT|onny4w_riP zp8Dte#W-bZ$?nXo4=u>Z1RaD%%f~nl#=YrJ7V>H=DcM8k@hDr=)v;<0H95_Gn1!w1 zBeyM?Q{tOj71$o)>329OQB(_mR@1;O$s4E+HpYW@HHdi3k?)v^_sQ~=@J4Hs?gxEc&#LuoSoDjN-$BopYj0xa?@kfxX78;EI${o{Rg$G6Q*gA52V z;hs7Lqs(pj*A9$ywEvK>Lzq(~aqtOTkuAMtc@QuHX;s>JM@{xt!K8)|cg-YM1nsPlz%dEqdw1y< zrg=IfsL$hlFlO{goaj(dRUD6ITfR~x)8}upUbsI5*+WYL?uOz;zn~1mXfB843g))d zaU@V;C*@9>v%Q%Nz4i4|S#fB-s=E_69-(5WLkHzChUltic=Aol@Xmt2WFBn9v&Bq9 z7eRdKY`lBjfam>t9?XDcU1If zDg-~SwWfH;?4-nuauld4NG*A^wH+V&5~P`sYe}*@YR;a!0h>T1_^#{v@We{FM0cxN z&3$Blp6KQH&hQNFAAEb(TVgLQaew;0{8u>eq68DFuYj;r)y$Y8 zR1)Vrs$*N_z55s`J2q?H-1Ke>(tb+FPL*XcW$?_w1-Kow6MDLOvz|n@jWWXGM9n@^ z>?YBn(5#tuHO~DyqFd`<*$HfhfTko8~CpAH2f364Z>iiwK$31+}Ee9Rg_(XB&kV+ZDys7E)feJt$+Q^tZw4 zt#}SLZLBxC)dzcm$%L72vbot;TOP%wnZ$X?b?~xELEg25;9A)6McKoHuR40;a=R{6 zy$x}xl!u$|}u8BQI=g9b{wVx>Oe4Dhn z{?^6ZibJ_%k+|YdS50uldAO!$mV5Lrt2SZU)Oiaf*EZ{YgFjN8JAUo*@$$2G1%v3H zeQed;{P{qfB1LJ1<)ZNu90`$vi&_h-y-Rg9EeA(Scn;<=wc8o!tT@dM^ag7TWZ$0d z=`egtZon^1lnj#R247moMjiB*Xs++sj8~%kur0sgaYqq=sY*9DEN^o}@u8wNO~Fvg zw*FuZJ>LwfMY`wJB~D>X`gGg@Gx;(Lyn0POMf#PLkkdEb*O6ZYM=6&ijEt-t_}wk%qHu0Wid-OeN56w_e^epvdn&w!VRPAL% zTT>=ThYvOJKP>QP_BzH*!jDe9R%m5=@JdAZUZMTe`W2hMQ+pjX?+M<7yQqnXRXR3x z{Dq12aEnt3<$}p(=-HSFEH)jCutpQew>WEbLo6DgW2+<&E4wIy9q>JnuulhdVV1Y1 z7LtX2iO0n8$n#8WJD$03h9Z9k99Ty@K5GMF{7BV+5uw45W79Xw=kMS&h?mDDaBGc9 zd9I{K7sY5^w7CKP(BdDu$Po!HzUi%xL&y%YY2$Xeaz)A3=Yy54sF2m02ggoKv+=dj zG~$Mb%Px>Ci|>Ay-X@;3+trfd$@4K{qut%GQj_|SR^2dr&9S4z>fk8v z_=kV$O&#fcfM^NW@@&0m8rG@3*6(vZbAtX*x@RYFxqsrA2M&;6ALc&2E4YaBr<;nb z_vOcot-qt}Zp>#f(7-;XIfI_N>8S00(0D{*j-SJ3zW94lzwIre=hpRdv_D`Ij&1kG zGC95pne@U`$1ehDzw-~QjI>z#Vw3-SL3vCUDIs11ON!wRXA-Ib<%1++gOA)Y0$qt^ z5F8C!c^y-RU6-L~I7p0?IWDY*s$t+GvVl!N_Zj2urY9rJBL@=Hj^yk>sr}?>{T}qV zD^b6mLPAC|=Nfe+kE8yAcbzQVCSWA-{Dv(sDtowZ!BJCQ+PQB) z1tOzQADkDJiCr`R--&z}Ia$Vwx)P)|7Bg}#1ymdggGV*T*&}Q|z3ybSIL#)eGoMhi zCv@N{h}zJNL6=q8j^lZ$b~oFN6^!hjq)%+@f>yy#X;NOLiVZ6LFxbMm6UQWj;Y?(3 z=p;XP^zYONf*|<#su&?Du5Z;xJa5lDwqc~90MGk|rXjKjbX-SUWYU4LQBEZZ`02&5 zC)ObTNrcx%3FG)^DyZ#}0YnI#@q~!1YIG0;1Q%lkt26P??-EOVcQs2-Oe-*6 z1ICyZ`|Kfmt>FShBPE4SM%}YR$p?t+XkT1UwO=S1ON411Hy|}b`VyM$5&$WJb4_-s z>7W-PeSzfbt*a3Y-4ND(BwWD_!3H$>s?TdU!!9xA-2FRZ`F9BQ z$7{1NX_v!rf>1crBa*O&WFEahcT)wuKL)BO`hpiVXvQr{pLn)KJve3e@%Ay>EYq zd49caVnS9blSn5Z?|@tona}|MG)7t7pdFbVEC)eZ26NF{#2o?jP0o-}{87*4b#7|Z z)qnVaRh`KBjH$u$vQGG7T3IKGp-Cq!omg4#B9{+^sOa+pN)rPefe zM|P)!zu?!>2x-q&o#?Md*3!S;a}9wa59?GatPKmw5`}qC2&(t-*Bt!pgF1)Z=Y3it z<@aYHPJE9(U)3a~pn?^&_w$vna=&0?6BU5B!+g@ke^n@0Sxl+&xdi5-KX?&n@eAEi z&{dU#pVSJtxs>Gi;I2fU(C^E7J;lrTMqrEKs?2X-{8#Py`vtUNK+leCjg=t;-}B@J zH+$dXj1e!A#qpMjN!-WM|4O3(i?h%yHT5UgGG<6Zo3=Pt*ctcNI+Ko}Q&f7p$ldw$ z-#$YcN3xhf(I)Tq>pXuP5rv=+#oTJ{^D7!RcZfEhz8aOD-5VRAs{hYZ$a@Hvb$UF# z>mNVA$mE01?{iXWQ!d%q8N8>vV>&-p?!fljLeDM}XNu z>u3LbK*o0YaCp5{>ahOa>ZEzInRGQz#^1(kocmmMx}2+i%5ciR$tckK;0AWIU-^e= zgO9t~)273>-b*&t?a@3k>`>oAVxSewwX=^A_w-KHSKcJ;zGbJY|2#=K3^ROMv;Cys zzg|CSAMU6JmblCErvA>E`6J3aCEY^?S{H4+-i_LLVa$w7O8Yv5Q}TYT!M|Qy!jRXo zQfT{NZ#^ma`GL~fB-ULSxzLX1FA>w#`onwUnoYw-4u%Qk z{<4_=#24v+^Ksf~R)TuNyB+np4!pD1O*;yD)K#P%O?WO5-};k=fm@pA18SJO-D!`0 zHE#TPP@!%0UdY4ZWIl`M2hv7H-X?3$X<1GfYPvV$R?i+V?Ad?ShV4K$ZA;hN{wU!) z|8~PT0MyDuJ%2>=^A`T~sZyjPF5j;&xD~&^CV5|SI+_$TliuG*V&#^zbZ77Hn04;g`da6`R!|l4U5Ib~5lh8Q()j)K zy!QsaroAQ7e7r&ffq4*RNnkG(UQQoCYF$R%t9bP&~ z|0{`a=W$KT{yF1~(EKNvS@{y-0w^}+p1hin?~?r?8F5>Y-5MtI+QKZsDc0ZVPUM8M zrZUXG=6$ZG)iJNGL(`Ord}0^hGlyUMz?d*BFfot4A1nV_5Mw71xUhF`hdtap$9U=Q z6*ijAi(bc#NAKmB_I~=t(cif^b)a!%WsVA`|Bf1`_s(HNvOzm@{|mip`Mn7`r>W)%&*xLcOL0tc)lH&h*K zkLmRngU0gPdT8fMZjqv&oa05?`Lizdj83cc5WXkc``m&ji1OY3>+N58(Hv1&t+BGR zmkM30zNRUrc}zi$CJid!TwWJ_>Trdh&(*(t%b%P~sV{^PJqKoC6x@^nMa+VC^!k(} z-$s8y&a-~4^d~c-uG(@Vcb8sYJGFW^J6(*S(&ARnnGgLJaMCrTcSbZ!zD#}5=x~4^ zK7>%;WW;pqpKH}e?;_mLtP1SG_`j}gT>^Yr&nc})cphDYs*;ZIo!%tpt1xr#Id?d< z?`@Hjd)0pWWArPywI_l6#`oL4TGb|px#>q|uB&CG7kRnq*E8-PN?C#BFor^Io3H*8 zc>QDV9@`C9bg@eQJ^HT&g^7WyUVpD>1Gd4YbW$ZxsRku?5$@@EYE4U{{?}Nm3-x?> ziG;z{5)W~b(yY&W30dZ3j`~EWLauUNas7JdM!{bpCTa%0^}4u;6I|UWHPo=a|HJ6LgiM)md-wj=5jl15Ps>ot zuZs;k6)rsVwxmaAc_!NUi=1dK>DDOiE2>mr={H=$iC;>2#d@z><3YDfy*y?K`NV{z zYri-6L}Wd+eND^%i(B`hLPQnDw~;7xX%~4^We8T2p~-?CPO*gyo1wszps91+VY7$~ z&xf4g>9&zo^N(NCVp&r?^&s|Q3|I%dXq7da)7aBk;Z6#JN0ri^i2c7->j6u+wiMsS zyPJRZ?S57uZNQgU6=YU{GJ4wbr@0n}iF%k}tnZTkoLKd$B*~;_Deb4>DLE`5tT{0LbfPl zGqduXi~jiISI)L)}DM#wmR=Gk9kRcgqypsQ_FD1;AYE7 z)u+&jg0#r>16^-JPEO8jH<|bd@t%aKJr)XOIyb<{{(d=(1lQ>`%gO9`cD|q0Wq{^; z#=c(<%QPoEKASyh*MGhP7AMhFVBM7gjF)lbsV^s87sqlM3qYigaiJB}Ua;)Hv(c18 z{5C?nsvCF1MJLx#vbC$4hyJ+f=9EhjD{DZ{i@{MFW$CKE&hID1FXblb=#52s;)2+- zq7zQn?01{M^6i{64jxg{9lZU68sJ_`n;tD3*V;`Wl=jQEy8c|$> zfKdnPwq)B$gr`TWd#CPnXljEN_g&m6o<6H%Z?w`i-!()Yw$n)a&cfgXGUFn%3mC1Z zDx@aTPXVP=Z69}OwL|FFeQemC%5-VlT8sD3FYH|$aC*;i=@QD!^M=Yf_LQaH8>J8b z5qscsU-tFE7;11m_y+zovJ8xj53O>)MZCOrnGBx8lX95co0;B$ACB^E_GZT9I9*>n zv!CnQmpE!NM-`jGPZu|jNX4)wl8k(;R%$Hio@IEbgM{?8NHNXZ?+&f99d7cVf8}t3 zphSwz-cNtRcr%@q1-jP>EiTbl^BkYQON~dFiTe<11N+~nD9?Zwgpq1GAKPva#zv&1V*M?@pvCN)tHdG>k0d zBw+iSA!HG90?1mrZzXqbAGDc~j+V|!$4QtdkY4f6i?4#dfa@Sm$p-;wNqp4pd65-TO%R#z@V*}+Q`D7iU?gvTv ztr`~7+C6iiBy}8|hBBXOJIp>({;)v#w|o7oV8zn|?HPv`)=K8AKD{nnQt;~rz0foS z7pLWA!xgmj^S)jpNq@hn`$u1u<%8OXR0LLW7TnptlX%>d8mD;_nhZCe za6LT1E+BF4wTwT-tVJc9ebJ2%+-@KMnE_8K$3n!55$T)Mhv8W#2HvD*dEp03KEBDIh%^?^6m9m;~hlWk6q2#<+F65?N7yesjt6R*n%Im zq#(oGLPjla-4iq$mGP^Oc8HFMxz3o{xdwY zhEAOtS+h`UPs%(P**XTff?(#; zb1LeySnZR!)h&-nlliH|5!=Kk4h_s_ytds%b}z!A_9AYUkEVtyD_KSDt8k(~+%V3- zs45|D&!*xkvq+1KlNKbAfhW1GVvmflUjbo!lq*SKNKBEt|O?RTW=I548 z#}m&DjH1_lyt_NI7`8}~ND`^XUOyU^A)8I_Zr;CFhFrmvT-URZRw_K-F>%n6en|8b zde%OO(uJwgO;-3_Y6c1@^!s=iA@b<4sQje`s=HHwoH>Yb?5tMqxRx!m?cPmDi~Xoi zz~v&uxaw__t1q3V&BuRgI;K$?l`3b($J3Q$evAkXfWky>|ld_ z0;ckEE~%Cs$8o|q6!ZZ}uI z#n9NaH{_|mWqtBfaMJ&9v4S%#*NE(Lup38Muod>3;D+(ZgQ2(G@rnE(`zj-oMI+Ao z`W{;kB}knQ_xGML*u2d^sj=IKHz#NGJtuX(OBtJS`bJTXUw4s{Kv8d_(3@$Sfx+cA zQ4?dF*y5=c38^9L!8SpX#hj|-(+tV%G4oVDPY)eVbet-NUS;PFc}6kz!wxY+mlNpc z`Rmr08*0%GvHs3@Oa|z4#2e=7fbF#f=d9Om3>R#$&{$<(+4z01ovrddf4r#!tAaS_ zz4Kt_ej9v#aBkn$qIiX62Zw0~s|oYOql5+hYL|~YTSGg&uv{ncNANepCbAKU%+Q5x z15D78hc`{u0XBPSy^%7X+?Vxq;B11X33nkV>U;}i&s$*K!zmN=zG6uC1O0oX)$(@nEM&4~61%xuwaKRwRhI4$lY%?z!9t=CX{;v`or_)FhS31bd=EF5zfL$q z0^wjwJBFaDd~tjlX=7}{GzHp3MKA1Ru1w$IuL;epb;sCV;I!rDO%eg1!&svZDIK-y zKPzdJQt4S0lBpQymt|>W*eiXsV&>(5>4SF{lzBB(G)#z;pA3wPG zh;s*>{0F6QY}A;3%$eQz7|_)JajO>nD3;uwJ4J%}S%Iz~Vn6c)T~Bg|q26e~&WQiT z0ztTBwfX}^wrHP)O#B4{Lfqv2dSR8=QKGkffRH5jC^ef(oNS~&mLS-gq!514cH|D= zleR+Ct2%T%s<#IjRE~V$5t9=WXn4ET4N-I&f3`blu2Qivu$c1xI8*<(X4l-~E!RlI z`>n3hl11Y!9*OMk=@r}61P@fb1QVtVx#I-NWC-8 znt0qFqK;cY&bu|-_PJ?=qvkYhp=;>ZYvql8&2;be>IHY$ZH3GUb?8{c@t{I?{`S}a zQ}%>U08_vOca7+f6iNw1b+-j77}3vg5lZ1arXy#E*X1jNrriaM!u3FB&OXN>>sk>ScNOc5gLUDUtHCF^IL+@^5OpxkO3`P_Ya|FM)PNJY$Oe7r^TpVdBbK8pE+-f+!1M1j0kYvse^o4ON$$t#vh9om{R z_6AzvBnf~1epnXeFW>cci^psj8yd>p-5Em{=z|Ph&rlYjMi_t$nBg0(ib1 z?H6ZzCw~7!0`%uJTwGg>`-A%_oU7sq?d7eo12RWzz6NeOCm);NS_NI4cy7W_KP16i zI{B}*+?O_ox7Zfky^ZiW{yly@6S&HP@>US4z+z@4Rf>G%9_0%NV~_i#N9yaam?NT#_;aWFxU>MT$IT8gxAiO zP~i0U;)PuG$G=6lKHkdT@Pt0ibGe+E`9|;W&#U?UvG1OCG(&2Y5H?6~$E;A~@>?M< zoQam;o1NIneHJQLN9)H$2xnvQD>8u&VdTVuFnc`zo9fyS>se+QF1jWach1`!Mg|8_ z7nokbUFEL4-mC0=NTXk^jN4kAT(9_LUuTGR>Y~eRU8eW2V{Lc(r;?D2Yq3d(H1Xke zpp%^-#1SN$SSH33YLufko$%U(hcM$)lhGs+80fnk@1#O^z4bjkH$guqg?|J#Kd*;M zt+PrS3May=cUqaS$~IV(hJ@S7?Ml0#%SlFU*7L zC}Tu({6ujtW7~XQO$)8v#V~nycj~GKOA`ZPc2qtgx0E7zNa&L&btVH}G8pe_KCiNN z72DO+CZ8%VCqihz{*gt8Fu_s0J`a49)sLs``CT!CI{;UepVA~>!9~(zCXM;LQRH!; zEGCtmjE6$?L_8_+7OuqPN?;BH_R`5Xy5NozGiWw^Fr$oi&g)n*O<+o;SI|8O2<9+i zlwa~7X`aGH|HimfX)A?|?h}b878>b3xrb8+dYoC^{B6E0+_Rb5@|m&pDw|1nOJn7| z!kcD5dq$v`R;t2$oJ2;y-oZyt%aE$jq=ow$Kxmf>pVjPryvuh_(j$)3H4+|>YTacJ zh#E)VM%Y!EaU%P0xkALDFLj3r?_*WWPcn7{UodPV45$uHSPsS2nUk<)Q?$*y8~KD! zuvc#vaC^`c#ttit-2p?9`_b~2&rTRnBl$JLppHLU*if32c)yU+9RU+|s#^Cml5QuM z6FsblCw$wzx<%S>_}x?Q6^x8NH$3$DFjg^0=@zJ1J9iDbo(5Lqc?zgN0qh#=DAneI zAz`d6#!o%lUs=gy5cPeVc3U|9u0`;rxS%sQb&epKlaWIME_|Dhk`^7imNi_4n!C`3%i>Vs zNZLewIIn8B?VMv7>9F`|7a0@A{)5*wEKRCWXdufL(f`fqVRxNNJ)o!Wuka{y>*8=v zGQ7Fk@EnxfKJ$nrenRLTIME}oxV)D zhe$F(YLL%wycANE!};xXU*(68tnW4Dv18&mZ9w`IbRW)5NsoI20`4PFe6piN4wFqM ziWu8&q3DWGlAfcd685MBw8e{ka5bLCR+$OV)q@~?mC>bCXu;fwq`PeOf+l8cPul~e z$)c>0S>jH?W8ubAe)F#1Xo7_t40zD0_AuRJwxTgzmPMuY)*N)_GOW!Lz9u#e6@0PF zjc;~bymN>BJ>g8AiMxUBoi}J>u zT9fv|w>{g>uBaX=O0@Hn$KljnFLMyk$q$UfP>zD*y%gEX0$%h(PGGeyRI!O}T$?q{ zqErs&Q6Z{Io~@Ip&?>QYw}>KRQsdhoZu(nGA9Y4zi5cLS@(mYK5Nw{Gj^XRv1cLK~; zx(O1w*%!wj6(Iy7#cpmF)V{k3>};cA_0Q3j))~9Lv6yJWQ1efrIDu={R<-NI&(PHCHM-ptFviAC}C z$ngyuLROlvQ?~x`?AvTt?}|9ACtiwne{7q$WaMZU=N7%@kg?R$XZWm;E^DP5 zHTIeUWd@doKGU34HNp%j{uCPDn#@j%na5Ur-u9h1z@3Ds$wlJc)-Y8XopxO`6LDxg zvUt3B;NI-hI1J(st*@gdY?_>K=%{kg;rz0fk<<{5AYmYw1GdUBlvruJ5c@Ar=|VZQ=zJJCf%nIq`>=W#Urm@1v&#D!=Dhf1rEK z+zpNmpZE@S+mCih!WA4N9U-YC+&%81Y@mj8`T_mawufxDU+hqZCpoD zC)z^_J&?MPQ@`gKV=`ZUf=0#}6MBt;&#M^}T8xp@nsf_GoGoRfu?L3DC9aM7@Nh0C z&+v%1EO~Pv8VDb4G=|Ecw|UQT&$iDGKGE~u?C&4?Qu8$h8%wr&pCIjTW297V$hVf`BJb}V#nY)*Jb{MxRY&SUI zpR}mgdczL-gA{7aG(WOO4WIM2=-A13VH>`D)sE3iq@3rQK? zb6e9G5Tz~)z#la9lxH49C~Dl9OL`&uX7+R0L_lypSMx0QW3&7T$+jHvQ!cXun~$6G z#3vF~Pcv%Q(oj(6Pe5AF1-)>N7rKHg48cO_^yAztP5eHiG7luV>4IYtqE1uYb2%Dq9({2nfFRb+ZzO3 z%kdkHM|6~`3L$HC0n7dOCGGkOE}+knkTBA&m~hiNmWc)i2)2f6y>0Td8Q`xWeitof zmrfdlT3J}&|B>|;P*H8~8!!wY11bz4AW{R;A%Y?xHFPNg(heOWl0!-lAs|SH0Z2+Z zv^0`ZN(rJ!cQ+y-eEWF4_xJz4Z>_m^;Vc&CoPG9w_q(6xd7rm6HqeCypNrJ`H=Rnv z>QH{xk0EjOQ-a4**1WO|!A+sgtk#%E=P9FrJxs$Wd(erk2hVbiHnzfkzV)+Q4N%P%=Mlgz%@J%esSRUtsEP&Fi)I36|3 z8GzGah!uX%>|rdxE)|bUkja~(s8q4xfh7`BQhE*-=yX?t`ezJl}!hmvwY?N@~e${^)FS$G_#ArmrC z{aE_*tb@RFw~~MqcQd#G#b7a)Bh&1eavp<{xg?uL$97e?1@FrK)SlN$e(s(vsLLmu zVI6f@^t=((%sU$5@)-8eK)w?7#o;0d_Ys;y& zAO+t!_3ul1hBS@FapcRH#I~7iCU4CRU#m3N?L(-!7g+w(+OSm%>p2aW#2e8WSNG~# zaWCw4bJGtY)vm$);BAjfo}We}uC8<{HnbJ_ne1Gp%0`ap2>iB9qh$k}D(wCfqg9?Dj7%Zck%c&WQf1U({80drgPKn~GuW)%2pYrixwY{j< ztR3~nh9(6yQ%M1>_Z|NE+S?|B#8Me(y-AgospPp|`K|4*hCUT$JirXHV~&fv-S(?7 zMn-JI3uBo^w$nhe#oy2$h988LW?CdmaG?3oqbT z`fek-{9C#InIC`Pw7v_LU>Ohz*T&{l-b@F`njqqwfHc+%+eCq_vJ+1o!HIn8r;$Od)CWUhKzkt6hKIQOaSCqh+<`@}#07zG%OZt40K@Z$%g3 z2lMq3PoagyLx6v~kf&A0lvx>x2X8VWawe+Dnz9MJOif3(Jm@l~4;4i*NO)?DDEL}@ z2ZkIp1x|=IfiP*rGpVDctBhohEx{x(ED6zJ)RbXh#Q9#H;AC&WFSzO7Uh@a!HqpNK z{z?v`zVfIzpbXb|_?$>t(CM-FyS|lLf4(yN&Tqe>uk+1*Xt#eQFcxDRMAWBo7^o0hE;)vP)Hf}IL0?fOE$@xrQJ4O3F^JjrAC4Vl0$swKMaGCf~+!LX{x!d3pb?-oTXjjJ93C0AdwEr$wHzS40g{|bwvLhJ3< zsp=m5nE%Gk+&R$mAtrKyid`>6>l3+$>oBc&qfZ@W{#UiNl>^tjrYmoZi{yw|gOT$5 ze|Ja_AZ%M_%2pA6k3)kyBln4|JZyFIe<;w~oVPz3yf^plqf0cPj_w0@Gu-i)Y!xa= z6`GprZ3d#6obg1UGti6)y^?Vp+v*LhyHz?d9>gZCCMkB54l*H26^VCMmrgJcV}lmj4GI8O$k&WM>O3HnT?Sq zRp%A0_+$mTpdLjqG)4kVzYP3STA2Q>nTlB6Xp6PoeP2vpk~plNMU%_T3nXg50IT?5foP_ zMreD*=1ycq6|28Y!Jw{Ea%8+7i*h#da8JY)7Q?c?F&-q7ic|8(J?vSNK`Yo1|HG@# zlVrdAR31$E!N%tnTFSj-vhM80R`*#U?rjSj6P=XO;JFW6oazmO-Xn>acMA5$29&2M znIO#PiSmvNuN<(ibt<-tN-v2~{nWbj@efx53NQnvh%5UX5Tro@Xh}*WS{pw z^Q!>m-j^RcK#1QBTm<&!(0A}Yw&_arHL;mWNE=kx#HOLvPEPP*ovv%r#QO-6Ty_(T zz0_w`a*;JDHmeqp%NSsF&;?pO>^;#KNhuutAyqB~z0Cx6{DmSOwO4i#gax8l(9c>o zCX4hiQFbe&_b$lu^J!wBjHqU#cGdMcP&;%3r-q_&`EMG9y8Mt=!93vC2hHO?TT?N3 z08+CD$Vc`C1?sl~Y0?q5$W6XpzX3PNL#Cxi(%n#W-x%Wt=Z`^?k5grV`c}P()YR1M zP&1b_-wN+!d*^?>0D!fc5qU>e1CS8pUT4eT^ko8$e`8Q8$`Vp)deSK#BH*`BuUYG& zeulg>b#k~n4_GdN6UwmJ=`z{Kd!pexF6}E zbGO!VjO)}IyM5bb{{#<>Q^J`Ae~$0#eH!O15Bk{aS7H@v3bo~v>0U=EC$rOA*=^o3 zW^~Z@Q(%m^#dceFhQ`Oi?&k`%rp@&lcR=ABJt0mbFop4@MWcdW0mF7b9G(YtnsYkD zXbgh7e94+iR6g5lgz>-a$zc$q&T8x(VK2+CwFu_FXcVO z0F{$9NG9y7q-#;ZrR&ux{ST!}t4Y+7nXhm!|ISr*$eKv>x{#RTLgSql%vl^8)}U7D zN&Tv}rwW(v!}dh@2iFDy=M`RQ%{v_BHPs~xV@EUvi+~V~9i$SSm}gLt-uyWz5=^sY zGgQD@Vwuy`^RP0Z)OXZtc!M`Wq_bN3eOMcZYD=G^+NW-lhT9Wpy1*eIhk2Lv3H@X~ zaS+rCNPhpCN05BU&x0igkK;p&Tgc`~wB*khxWJplh^noWc65v!y&0kNC*XR43*lKi zn+hV|Ya62G)qPP2O=l3g;rJc771V=7X$fFkE}-PPCXps+9o*8YrHvIQl~vKqsh(w7 zX`&7muz;(D(J8{+h%-pVs>dXY_Otsof=e@x^pbw?&eWSeZU12&d~NTi=vPjBN-l92 z@D>}6x-Y7_?U9m}b`2blo=%1GjAfp30V|sj>4b(y%rI)%GFdi8P?GYa@1f(Ug%M?* zE#Z!BW%5u)vFglNI3;FGQ@iRLhHd+Rm~A%lnC&=0M#p~1N-FIHF<)CSc~^kdL)m5l zKl~fPv~7Mcv;OjoDQ_9U;jQ^*>I zqg4_eKp9N!=s}|Oy&^X(SJ_P-LLWdoLI$#(78Yq z5qJJtH7fMzx~z-&IX27(7CUB4JIfrmU&?Lfpd;l-pKk8lrCKOqic)Z7BHvkY1D&Zg zoYa+-`!l4rU&293(r_r@6amakl5cM^v?R2o-ZpC?J`VR@#1s1 z=V9mlP^Y&}vMfcs82SlNP3^V7A?5L02y~lCy*^sQAN)Av^(Hvbj?@rQ{3N8J0Pt4E z55-0);GK?>4VG&c8%zBmN^YV8=1>WTaALx)adP$>9kQ;9@u=2{A8dZ7@#bQ&nL9U) z=BuM0w^Nq1564s43k;}XS8d%gJVVAz(~=PFQnsu2yeO)1ww1?yZaM^-=ay=B64+N` zL5vB=C7hx0%ja;;Ryop`FA%U-MrGfIM`&;4Azqg9-?ctDj*ql6x!3DBj;a+Y;J!#X z>ss|Q$EtfrQpvLSt*?;9I6n2yd-i&=IxT&hs-Ji!8FfCs*!ISYw~75gpK)}(i^l9H zg#&ZEEQm?@Unnl`Z!cv#QX%2wc?^fm=wm!N$Kx*JHHv;UI-psYAhr3FGJ zj6a`)wKGJBD5N{Ds;c_zI-gN~Y#DS;(?SH`5j7L__5r(G?a=+EMN0GDSz>m1<}hXW zydc2cjmV{iQlp#6zX4N;N2RvEkM=_X6KWp+njQs}P@wdd$y(psnxiH3Mc*!P=wFE` zLL?%inqP*Lxh`v^nrz|fHU`aPV`vM&+3HCD(>Hn9MPQ~XzxcH^`jK3^?1U^_?ZtSw zAo9bTy7$OPv*YI?6M22nB_U43vi)*?tw0mI$~^DXJwq&xImnpoU5tw0^$eK0Zi8(I=W0TvkQ4OxPu(da^k9 z;=XUHc1cyfAy&F{pC~YqT{isQim-&1wOyaale~l`i_cV=RC2B)Bs!T%7_I*I+yfZ1tg2Kw-C-HKg}M9keB;$DCRxHO zliwlrTq-C1VVPj~bJ@g~mnY*v_|pX|lV>&2>;t%??i9R`0wJaDb6^vzXT!r<0sbFK zuWa?GFv8R2Bpdk|a-l0Pqira!WiEVvz4~>WG3eWV=Uq3DM=dj_DHp7vk(b)r+C=T1 z;srAoDGK&lRQ+(9v1;oG)wl^9Yxyr^On|Cr-p+X1iLm~Ph2Co1+J>=^M8WA8l zb#L7FLx~!cmz7nt?t}KsgHKM!Dnl&$GBPp(5rGR^MWzH*db#SUt{&6!t;+MlN{|dUl3eP*%R~29A9j5&`StsDN7m&91#e;YEPYzBTN@`P#cq-T&I*>sOVGk6k>JW zFbzbt#wTBc5>xDHv(LiIhpIsB$aeLr+z1Idxquz9Z}av-;4P>j&ob~GBU1|VRj9O* z>h+A4dewdluBSM&7}slG(X2yd0Gdzqw5C3&x$L(MPG ztN){xEo>^!MJvBvd(b5XW3(>5Tx+~+VeL8uZmM=gaYQG- z_!2#|gIL25@1`)6eE8^?$6wJ~jN=A*LYp23Oq1;|%exur901go_lfZIwc&%8-d&AQ z!2IWf3ZQC=R1EG1>d+K-4(fy10Yv;W@pBsm0PQi3xaTA%mhAWYC_I*&^thjahw;i*`wfzBGxS_P zlT}B>`Z@<5FD&U*mz0dZro^1&VbHz;AaRa;^#+Ypk&dFSo^8>3|K!Vs)wutj2>gI* zqDn94nG#?j20+a}9|W8bF+&EUier`&-C?`=$hpIHbHWG_!NejpMjcF158S->52xOO ze!juKgXFr6WH$1Fzx>LH7MwS%?Gu-z*Io=T*iyB$%-$%^t;s<8Gz&iU(d7be*nDOD zb2Re$t-uHA?nt{dq68V&0RGx&B{e;Lp~XI}?i4-P;~7V}%14aMqwmCh8{VuzV1qc9 zLrddsEj>vU>B@nLB#>ZF`a4@n{A{k@w2ziwdr%;E?kOjbE#WYd;^b((uE%?n#|LK# zs|C8)SyC2)Rgc6IC+cU<{sYthKKo)8!{XeC&G4*(w~e?xZFo%CnIY z_Iwfu7}iS+YhCln1Uy?WicC3mef~`CV-;+wGpeQi04@+#;@|7r_N2VLoKcplc9kH- z09aBafo+Rq$EP#~RYDOqA^Kn@sWETIR`lr{A@KvWB)k4yst17{xHqO2OVQhgMPfX6 zrn+Ufd2U*KaLgqkiLbxSNGf;Eu#kFAc<-GclTIw*ZTB_(*xbb$2qXIElRik9uCMb* z;G+0HupA0TEf-*})9!SzP=qLkoQCOu<~!*AN;~avkgX2r^7vL3zvqj)^EgGV06V(^ zsJ!KFeR}araT=4!z`iaH%?<1&l7a1R4>)!3)QU?;gA^DGfrn-QD|4v5~EHMs5D%B?j-?;yhT6v<-Rud)JcL$oYIqZlGv;@hAae<_Is%v*yBGIEw zob1KM50ibz!10b0t;d_-se=%@esed#F|{987!@*;D4hS&aeXTf!vfL{^z~h~|1O5F z48{b{_@?{IzvFhI5@4Pvyh{Dpz?%<6HG}Q{Wm!Je>U!f8d@!N4_SC zbbV^4z$rb{f9Fv*HndQj*s#+>czk*j|9F?qp#7H)ICfgRUL?ocM1PMGdoq@m?{0 z5EV(NjQj=H#|W`)kDSGC$(_|Qo`kz6t6BGn4@pJ*_&uh72uCs-wBaYN+D;1bn}%4{ zI`=&pv|q24#qqYf4Yz?O%T0i8n-WP5j!A#UjWVwce53PStq1$}f&q@u4SamA1pOOj z#coQeMYC&UgK|rfOR)|IE*7SUk~u~JC!=+vf?cB!OU9l2S!gQhRoyr1L_ILKcr!XJ zg9Eo-BQ*U#CYKTqT(6$|?{W?xWB@Y>)6`52T|G~haEIODaFz1+=0k^$1Rw*+PTh^1 zQ{t!|?|Y6_Lh@PF(Y#~*d5s%Rv|PSgkT!QqYZ^ws7gz6P#ATZ_qYEMfsiy=uxc-e5 zs#M^c90391e=*hx@Ws634JH|AieTlD3vXURVRp>@d(x1$R-do>T509@#^T2&cGIq& zxUk)59XryK5d#Ax>MaYiLTbOn7lHoko01w);@_o=EixDWM~4yjz2zTR>|jzD|WTO1$tew z1aC(3yTR-z=+;ZN;1z(CmX;2t%MhsCxswnR6SH%hzfTStHNUH-RX^DI`R{H?aPac> zI4|*p~_3#Ecz{ zr+PRyJfnh(zu&j4Zpxwb^GppJR~kvAEJW~V)Ztd#wQz-DJnFc)>Aw>e}$0Rwb8Pia<-8yn|jia~jzf=Pm%LfUCeCWEpHjH#dL=xn~i z$j_^#gRM;qn4auNa`*k&dghgpU_SxE8+6peB8gnmLJ1?Yd;d-A|90YUPW@# z4Maap*&9E_(k2`dgQatot<_(p*oc2}W*!L)MES|5%-visrcIo?(-OrqGAu=XO(R@y zI&`G&v-bj7WP8&6rLQf156rK2*{25=D)Nlzq<&ed#SlOL0j`9GBlnp9N5Jst9a_)U;GhO$q@ZH_8%H#w zLr{%d@fyAG2aou7j0q87G2*+He$)9IPyY$(;Qw19_|^J@#CKwUwfCtFEr?yqjTk!& z4W6@B9u44Rla}~sB`p$z2M6I!8O%cAk4703eFw>Ntg%x7 ze||nC&Wk4aLeaPkTLO+Z8dXO5zqhT8fl`Y@BJ+d)rXh$i377gFChDbXx#KMZq5Ipxgucr@!y40SQ38wNh8X7af7GFANnJ7q)+bZW&L|$<+UQC*UXzyyyzb zEV`2ZyP>~7q^nYh4sIBhDzK}*tK7_Uo)?eg=W%;|^VOMu+2$U19PRxdX3ToZ>7uar zVV+$!u5XQ}N?IB&c{_y|XKGb>t<{oh;tH$hKI{eV&VLk%E2Yy7S>$QXW6A< zGgA`H%Qi)UuNG#h_c%W}%N`fkKjymr{+WvI42aaW<6kIaOO;Brf9$w{fco{(Sq(1p z@&9*fXhT~cHC}2i+rL}=-?@QBvBpen-6;*}Q29N7FQWa`Z2x}An#G_^^KTxusa8y; z*Mm@BGz-2XARF3$Kg|J5s*ZX5*;f{V>872VBZ=-tjQSkTwlZDejzwraqj}F%hi*hc;MKXYomBIJFok`!T zKwHG$j|L2Xj%f7DqTr(v%V)t0R=0=9z^3{%f}`tn#{+X}-HjA_wntMz3S223kqG9xSlPe186iFPMz5$G z=oxtpG?j^2TU#@w_p6CYHrJ_{S?E$mZo$9V-FgYkXng>YhaGwH^Tofp0mu;2?~qvP zIr4iS-A#NN!KwBw{3@CK13NJ-|L^gbl3jfjM~S9CQ;!e+jg^YMVZZ=dk_n$VU5wrh zJtJ zgmrM^y?u8xK>ooPaln9&cp|7f4I8#i1a{_y%Aq>O#%X*8W%7_kyV1xH;iMNx#uGOjfd7M zDk|JXE?ZMF(i-nAZ`tAQ?Bsl{rPI34&&Q@=OlTLY((OEKLgrfc;QhtlC^5V@Nfz&l6H>D8 zYt!;Ed9-HA8Y*ra-JhYAUQl#w=YQ(e5^0tlCA zJY1mXC#<2DkcvFma7!^bA4^Jd?m4+LTw~Jj_}%*!W1#Jfi;ur*;okUxHqsY zrh25kA7oXcwr2GKv@Ka~V9D^?yYwJk0M&#$!1s;RS`N4jD2=opm-k6MxX!x*n0&-H zN62$i3>58FT%=V&4AAb8*aK<6z4I1eki8U#+rp{bPQDl7YE>6I0a}bhx>T?DE)*_&3SISMOW&xX>UIm6hhvPa zTHPvTLoT2VVpdg2w9=AFEFKW4eHx8smu6K5;Pc}S9S5*4+j{=9FN3WR@lJ#F>ech! z&lbsnG(HwA$R1!NFkdz4M|CGgSQSv3IY8zDOe}Jjx+;M}x32f_`R}kh@i8&!Z@8yk zb^z`p_keoD8W7WayAf7BNhFzLQ*^`}$Nzx-B?xfv<h5*k^ zlo?&j&daMNo-|c0E9SMAm)1;J_#0FV=U0Vm4^&@x_( zg61rl4WPAC8K`*`1EPv~po1GZMk)>$86a>3CJca_#_;>d1PiGe8onw**Jxe2WtS(? zoD(9D167hurRbrZLncD2hauqYzYoCJnlGOR%pZ+Ff`2kZm zS6B;XF9o5UCfGMT(~a3CIR-jzJ(?zk=~}Lk4YT*j`Wawuuwxb_8k*i&y&I6l&|eBZ z|EX|1Ez?c`jZTXv^kEB_Jo~sCa7Ea5Nm&56tP4c$1j280+E)Uzd`QYyIZGOE%wh{n zEfk8Qfov@FC@?I9LEkefK&94mLIboT1kE?1_4#NFK=E{MxQ^CqPa3Q{BIF!Z;J8A{ zwsW-vIBf?I!U91e5m0?+jg3T`4;vGMU<4fry@3iRkWjfhf#XaW z$B}{dP|qs6v1(1A8ML!=&kK4E2@K4str=yCS{^4~GqMEjuR}WI<>i;Y-$9goGN*35 zdBx<8CS4StXeCrNQv+USWzSfc3y*-PdEDDQ(0`7BnFENnikle4qna7=7Lll!0Cn2JZ^bRTAT_cRmzxwG< z)!O#Y0tCr*AHzs<4;(P281b{ou5)~vc^L|}2dJaqb!xmcil)2!KqS5TRK#(jh=?a! zAV5FlDC}I&$wXKuq>fuJyS-lV#q}mFL-67sBZG<1eV~47{B}!|c!mZu-jp-{SZ419 z@Y=m2z1vidaCy*~;{p(FTh7a@1D79Bfwq46Z-UbME+?}jggkxP4QvDW0CCx`F0geS z<3&A8(|7OG%I)m%NTg{NmJD7+Q-k}O7)b&z7DQ}SP~Tw%x<>{g{2G&h|2H?Xg$9>+N2N}pQQ(M~t<0L)cg$UFBHAt$t9ztu}FILCE!yOL4h}fE+Tgg+n^8aB+rQrax~i9Q1~^gypO3KZ3shdQAC7^ZWSE;G zQgQp!Ja9jzh{TU|jpVxBIqTcQU$tZ#W@B-Obp!O@WZDIum(T1X7CFz#>dzv*6N{T6 zm~#vLI4Xfq^)4PDC?l4@%h}80pNr(_2`upiDH@j@<$KRdKGUtqioxVvhhHYIo<)`Vs)hkOSc9C*(hd6v6A4Fll0sFJRx@< zNY!5NQzg#Uy9(qO++uFf+c1z-Md?i@LCkjYONvNj=E#rIg8L~E>U=sOJ zSn#=cdJC#V<>L)_i z(?X^UNOoecDg@SCrV1Bi`Hm*I{PjY`=XnXQF%X#<_1>_*DYxfocGEb9-7iHU`j zzZ4P@a$S<$qovu;ByFK@$rlF2IFh`iH?poDFM)mWOL<&MJ1%o{+WmjWKe#*W(dVaO zMq))Pr@!m<*K~;)raQ=0XNeBFCMM$9IP+_uOc-Sa7}k95@BDpVBEH#E`YpYQ#}!&p zCe76BHpj(hFzPuOy{i$E`N~w*wJE+kWS*EvTx5R0XQgY^+Ikv;N@O)XSrFN=mdgv| zBA@`;11RQu=jq^Z9pG#!;<+i2~lcg4+?l)N+FOgc00AC!r4tr2r z@V*|HPuzZgV@9-9HF_=+6oL2YSw}X!t9ulCoT2HUTB1RKc4;H%QMOHBnUh9=nf=d{R96aCR)sFFNkhCu!K! zlFTbwj8uL35Dv9g-2rLLs{LhwMh&Rf>u9%QWNFD4A32y#3SMKF*qP}zXru7VSFAVw zeNQ17CC72O<->=^q$?XdLML+T+HLd`j7csYyr@HRhYjzDY*#U<1hAW@WQITCdj} z4Z-QgxwS?|NE4TwA{exy3TM-VX9p$0zG2E@+AF!f`amEF{yUkAa*oos5Hpe!zBXEgQ5Q z@v`$Iy9qMmajR^!%}`#fUs_PD@_Fo~3+ZK4RXxVKV9_6K_5CHhPe;f| zPYOFHqw@*{j5X9Gr6ly42;8!!MDRG~K>O#$EtZ>1x5%&DR0bV5)8Fu;BwFMRc(-=L8#z|=U?QBgE^ggp0rOQQcLSKqHb%9km}KI$?)DKDieSTNN@(& z+<(C*?eg}qpKewnFRog4r1{3D!Gy9XU7c5r35%td3cKTP^(nw)P^Q3S38r_h(Q-P% z(16y5B=}p%ul^U)vpCcDh%ud#rPoGg8!NXR<&Iwv5p~easFcT`u0sUSheGwzZhyP) zLeRN}9TDq>y29rr-xAG?SBd|YgCas~sT5&W9x8v$2$azCPF8Ni zCYpEcey&N4OBL8fKzOMCT3Po1Rm$VF;8%q*%ISPC3fKi7Y+g3)V%-RCxdzaj}inVgw)uwk~v!93pXyuWEE5g3iy?b z9c%SVt!@6lQf4bTq{#cUwdI2f$|4RG%a0Bnio5Gt5BFC`pSTt6Q%4LFjw8f&A~x~d1+w&2C$4BD){G~xFa>D_$3SaG51@b!hKF7binqF>Po9Dj9NaO zFGZ)_&9`$o)e`mPI$b{>`sfx}ynbR~cQWQqP0<2(6@amvOqxT$>8u%*UZ1Md+>~Ge zfU2!X2sA=^Fb+NiIdU~au#baU65oK>^i(z9U9-zggZ;Cm|D7^)p5nFhoEfP;(>b;1 zNdi+078KB)bag*jnzyv8XWU&hYv5(v*t~jIRf4bRqbklhMM@{uDaX?86mn4s`E0#b zCw}9L+A}&mE4D%8L}a{kRY$(LI#acVg*(QA;x**RC(0=3xP?d#PX+hJ#SQ>9;0xRO zAH-E~4t#T37j>!dq$7zR+L*}j&&!^@^D&_O`N`$Sa?xn&JgV=wovHgI!vWtp%Y-B$ zSASk2<|zqFNXszY^A@&`N+ZLuvxht#I%$-+q9b7dI6WLflbb?pm)8yP4Vx=kMLWz7-UB`tVM7Q|fe$ybN56h|5Kl9Dm$jDYs~` z&n^{yvItx)@W^ta^Axf)jj(O3!|5{p>T}!gGpogYN;#C;f^h8m#~+!%Q+VD3Fwns# zPr`pOUKBMO3al&IMDxTm(0doK98GK*zC9yaF5?%fQv04evUwlhp?U0j7jS~HgeNlT zWnntK7LS1mE1WvaNAF=CaAP%V1SLm4W7qtV=ybzVjT+n_=EZ9FOW_e-5ip2}$44a| z;9;$xyz{%0CGUSP8DAaT%-J<0c+;g;J>YAs8q#c}Sj%I7mG$sevJ5IO(3EHzNEHC- zYefy7Gg^at+)L!bmlTB2aLNA~_f^obz9yS)IfHBnRU2QQ2 zEN22gxC5)6_;-I9Q1BkP{=8TxD|THgYim_k*NWh$1-UwZ7OVylyp8>geLqQ>7l@g9 zY!IXf7JP~;F(HH}caexTo`>h|QpT>ThFq|t;qcYQ@tPRvg_f-e-K)dx%=H=Rs^qSA z(}Ab{znr}vC!)wa(eaDpiJzD!?0=~o5}OG}yACKorF^uN4;-a^ew9EdAMin9UtV5r z|2nS@{c@fS?4_GG7x8eGIeE0(vZ{^4)0^mDF>OqS^MLOI3tiql=lgtvuoz~2jqlO1 z*Q*O}61g3VyJOe6aSrV>p2JZWV|jllb?)t&Tm60)zVkV8TL`C=P*L38CD`sfEA{UU zVar%dyYzDGUYY;z_2^*nQo#~vCp3^+jMVXX3Gnne5mdED7C_s1dxMpqk93>Yo47*gs#}1U$pNXuOQv_nUSC|Gj1WPM-W*2agp@i_!Rr?MOAoCAATq;8ifu5jiW!2!^c zaC~Lw;21R0QH_#F0pTA*8Bj?2#--VCsfhF|Z=dtOqf0>uULEWXo!zx}4OD≪Qv7 z0)c=`)2LH0u2A(!GeQ0Rzr6A@U3@>r@6hx(gQK!l)zrSo>geiz^%oCZV@%bNac>qw z|2NB<*kckB*g&_?LFrGaN+9UaK!}oC=LewMSsk|@t%wCsn$e5Qp_eox(58b8kmOVR zx&M-F|J2WT=BI%3GG?Z?hVs>G7UJ5wF()xj$-l<{HZ~=OUybwof$yQ6c3T+`oeQz#};q>@696uYpWPQW2d!XO>MjtfHewTpTo!V#Hr8~ZE5-CCa~m4218=;IPfTJ{SUmedtaTY%=Er7 zQlzZ%FTJUs!gA~_$@R0u=I`CnW7qTDzc=zIO=zjPzEJ43iA3uW9pbKdPuCXEK8$^= z{=8o;jo;){3&$&pLp*c3YNXd_#K5HR7xdFfz{S4}HktdCtM5D6@*9_3k~5HZOtV7ByC){1mu_F9uEv6ircJ1> zzdN72{=^ILTnd#4x^xCTf<({ZLbK`)T;Y~R1gY@lx5=T$&(``-INm~cmu9!bL?xhG zympEFuXYEE$B8QCX%axz-TN1xL`V=uI{A4D(?qmq;sYCBg$Qk^Y+>xlVrm?y767=W z-B#1IGI+NI640|mBx#Ga1Bko~f_>3&SH^KnS`E?-+a2&BCFBbp3 zNl*!`Nq(E*!@Qonfajl}4v}?ORXNkiMqe#Z+f;lUWSQQ`u(%(7;@JcM<=@|Gm4Vp1 zZyoe4mxY>C$js=t$guumS4)D+^A5edZWhSK$*Beug^~0k>TmD9=Ey5|nwB-{@Zp1$ z$1x}*W!U6y?vT-8oc@jxv-N|lf_w?RXjOIDcof5xV>AhT>gm@5O*z?P^7}Hj;aR0E3K!XbQ)j!q0|3ut?KT;}qZ&0i1 zRoy53^|-(%%7{WFgOEvL?vOsDtLTS=jf#6e>24z8L6q9a`gCbo@rWEIQ&Aj<(NHjU zkWK4Qvh*EvT*2{D3n9RiBXbq7z!%hhh$$bZUiq1}TKN@X_U zO62~gFB+v#sunH%U-Htdf@HObzKNDFXi;Zy#*c9%i498KjM@80VD!_OfaH<_NPjdf zyWPFf!C(nq;&>=Ro_u<@h48S@hr5R7%2Hedc<{*t&&s>=U(EjzM}vWf-+}VQ-P+QT zzt^1-0biUveXlJBo|pHZ=f&Q|lhtW$k7r}GD1MFApL054*J@?J{PhlTG~6S@B)nfLk~{Vb!(2d96BB^RiC^I;LwV}VCDeA<^-ga zjTBq39u?zd5r&&ja^ezZS4hdZ0H$4X}_oe--Nv&OAB9c!VM(uS4ad)Q`O7MOS5j=L8NN2XB%;C zWu#ajKR>_rH&oN3F1~)VYLVyBEO4OZ2E|M4IxgQgSDmk2e0d8Px1fPT^F|B*{>pIt zix)3ioM|@TEh3<^N# zYpkIz=DJiUId<^SL=vhgCwAX$gdJ##6hO{k(K zB${<$N1{+4xk1n!h_?dj>9L`LW$Ucj4k0LW%Tx#PR-3aj_z8;(l zR9YDN1UQARFM#}SPYT@w405P9TAUGAfF;V+Z;O1F6crU$9!~;}pM>OaQ`1{zgv35m za*Vi_$hWm&Rei7d*EG82Nos^RSspomjog=#8wz9bzm5f~ zNGRL^qIq;_Nm^bUEqw_cZ`|Oe63ryZfD^+Bek6EmQ=A8oMmffNN72Wt|jwM<^V`}VCZqPAVLda9*w&8S`QqQYhjzZW z`i9$jUl}S?tZ|sTAA>>5=qHA8nS6sa4lgb|redjbi-=>|Z_PHWP|(tL#SPi@DO|tT z*WooUhez(e9dHWfi+}_Rle=7`&6l^&hw?P#6r-8m5%Gx@*SapV0!>Bo_wtA5ppryiI^d(+;VQ09UHa08xj41GClpe4 zrzeMoO*IRz9%qA`c$5V4TwV=b6SW4FBctJapef}t@$8bo5jOOhWK_%=zC_h88RSITQC-&%;k9TkL?&iS7mzp;jEP6HNW*tb3C=<{ol zRl%z%sh_Rm)dU)}&od!N257@B|6&Zgb#{8}2zhF|{rUhh=uY59!w=49Z%^+j$qrwBe3;rCXHy27rZU@)m(G(bvgy; zx88X|U_U$bJ4hezC$Qxm@>LW^Fuzq#Em)nF7%}#K$7fWlJvcZ>I6}6HFhE|PuDxbh zp}ZNix&R82zObJACu1(A%}w#aM*>>EWpf&5AZfL$Goe?-Cs|6EP>>^aw$j( z=!5oOEdwWH7Qp%@8`ZflOG$%nw}!|T$!K4QP6uc!bq~HQOK);=GG{dzpj*EjqAMh{1W|7r9HC$&JGcnx-2d@=xc*}Me#nqeQ3^xFhInMEG z>hhS&6q(?K18PE{F^k^zkq;*Kq{ye>K5L~NP*KWJ%{d%CPGrMiiy3rKm@*CuBa$IK z5coD*PAvNa_(kWPF@#7 zrCXYI6yb3dr0;>XIch70 zk^I}XDI@s{%}@K=C5)NFQj8G-Z|}Th1-`*X8J9zS zoi>5(f(-?{m&OHaiZ`8AJ-e08I3oj!dZaG-{wTAGkRl5_KXw&zw18v=ZwNL7gO3Pk zMZJ(M>83u2D5NsTXCDtVJEhCKkX@>L;83H$Obnb%Bk2rNT52@NS;^aI-~tFzQ+MEJ()?oer(bEM3!Yj2O-@k?$kJEzQ9+%=Sds($)5fOZ&d)@e2V2vvh8nH< zOi$)0d{eiW9N6K$oa!n4>JnRR`^~~1-9oEL&B$bF7+g1=9d7o0Ii0->ChG?1{>+aj z=lZc4nJ&BZ(KmD(YPtQY8CWOmNs=@lgQzk*-X{6fqUj3JV(agq+oIB^?qj}8%iSj( z;H1ez%m9>t|DH7e{Q+(VgMbl^QUwmx=NFmlF0lW@g!_FTS=2051Sv}2MG(!ga;D>E zuT7s=)hNqmEA(ocot?XRafDSn_5b1OEuf<8+O}aS8A2GkTj>q~=|(|9I;C4FLApy? z2?6O41ROvV>Fx$4q+uxO?)diL^Stl-|7*=+-QG)QnCsft-sgFoM@&NF&_~%>H09rR z;g%F^JmIL?csr`fza5nPKbK;vq9QQa}fi~{f}vFB#We5jssJc z*)>gRE`oVdFQXoh7&~t{u?xwl$xJgt%bi{U;}Q)i(x;FRXgXNB41mbUMp&#yvL^YG zu2)hqNHGGL2R~b!W$=e+SEdm!$J3C zakq1w0fu&S-|4!Ua)N-KaYn9lo`BNRiLxa%B{Sif&=@X*6e@&LlX^I!Qds`cm(Q~N^P5H87s=C@IJ{$#%^CISaYcDbh@oW>$P=db1m!eOZ=vB z_E}Ze268ux4`%G3ZhI!vP}O0+2rMU1m%7q&(yHQ8A5gRgtJBa!LdZhag5W5)vvejY zQ6to`JT#8=f`h@sF5OuuUD%lIXw|ZN*%X|#GS!mR+#w3yAZFZ6ETqMt!OLw?=5>Sm zHA)N0Af70DI5Ys61QV5hxly{M(K^#pzDe*l_(=y9x^uG)iW#YFJSb(g1Ot7;xWgZK zD8_|vF9bRHK&-7GBt`c13P$Es4$xw#FE?iEmQ;3NUY}Dt>E&=^4HYoPs=)P$4%!P_ zz;;GiT#GcbHl(S}j7DZ620QE7FuG6@v=eXQo>`JQ?N#%uP_)qK65t0&y!wD^IAX5F|JZeHO|R zuLHroq%)%>fo_oFHV$0#H*x(Hf>;T0$)Yc>1aKf=$3F&EwC`G%; zEVja(Oe0){ns}_zX^<&UF$tr|I4L4{h04@bcQtQKW^H~=hUv(pONuxxNy;LlRL94& z6$!a_{@{h-hJ*tSsqJR~IFGLJ!30rhBQ&5pw34JXolcIaWmFdy#tISD;AoZdyE(V! zNR!Uy>0A_*r;I{g#9zAKt`T7k?cZ{*8?+4bMqeUqMO`8~Ws(Jp9#s`m3EiOepxvTr zf0DQ))LZ~;Y;c5*2u{gbWxc#^^L%Frpg+}`F@1w|gLSH>onAJ7wVIKD2nv~ZVsk*2 z{N$u)7OPu*@j%MIvrBc{Z{2Ewp%z=!APfKegv zFQ5p?Tz>L-`pc7hY=0GJ-cefdAk985`!wHX6oftqxei5N?nbi+Dd5AM@ByZ}a3qlp zkthOPK|_5H$Lb_n;)NEW8BV8j+I|W{zHXV2-D3#f3Gfcu5-p5oS^4Sgl1c{}t z6tdna*>B8;L&YBmr#Xp39ON5W+mNgvqR@U&7c+r=V$5x^y@hAGib(k&AcgORa3Za^ zBqXp1i4l75y*XyiK4;^Z*|u!!+3H}1LB5bFj-z!n3hu>XXOJ%XDgH&Uy~Q#HYi!23 zevTMK1~PE}Eolf%1SZr+ZCD4Q2mR%QGlMl5X4dH5S-W@7h zMqN^#QnlxR`om~mCUfrAhUPUxgjE8Q>i9KU7U&tC^R-_?6!2zDIm?C?odg%Eyuk;Hw0`H(x> zUnEli8PZuCekFaembt_2lI^)a*Uhi?j~qT2t)&#i_{>VkXUH*s+z`^|z5hs`J8}8^ zGxG9jlIJo>B&d1J3HYcpuv#@t+)2$=?yQRLVMMsA2^jLq(W(iP2$kWy`9uq?(hd3) z(B!|l(88p&LLXn`Vw6!JjfUeu&Uig$KR{Ywb*=_LaLdKlC0A8>wDV(`Z+0mS#nV58 zCn6zLYb}(s40Yu}AH@IabvlvUYT0FuAPwW|BPDMf%8P^EtN&~Mv`eZwkUMzK@)1#W z%-(csjiV5bZ`-aUgJw<*M|Hqnf9u4&q!VXO7ARVOtvSEVh%~p}iP{%uVR>5jE&US9 zn6&U`6S^}M9b;gDAld{)P-2~Zq+hde*qYO-Su~OF8}Y%(wH@jp3JAPYd~K=cI~C^)GtZTr|ZgGV$AMr=5?5o0&)RzpB)5;UVQ~JG;oIV4s40szdHH39|265&^(z zV+C}2!B?5YRuHGKL;nzI$eiUSefBs#gP(_POe* zTbcBSl@#>4B`IvPRy%UW&e?vA?U zrY#C7Wp_;5@ndW}Tff3*Q6dAJX1dkEi=s^a& ze|bjnI6StSAS}+|%1v4uDMf`Vmwvwxn^3*Ckgh;(azIG`se*0af08C(pNzm%!!4RC zQi%SkO0-fXUpt8X`L#>d^OU(eZ;^Z4r|!4jVVLIpQEHnNqU=M(MFRM~>o6l1U;(W8 zr?C`*PW9)lhhgJX3X_7W2T4ki$d_2> zo!TCB2*7`dw|@_#Xrt+%GVo6ifAv8!n?RCYr(Ipa@EYJcFz$95vn>WnBuZ^3trme$ zDB5a}n~#c##7u=EZOmQ(q%B~`GZ7H!HmVm_;b(X5A;t7a_L>5Jex0(|mLEC46R(}K zj1Um)Pb^P=gP1b^7*bFQRVqP@3ZW6GFTNeFY{t}pxz`4NHB7USH3WNWIdqeiafUuv z1!DqB$U)o=@VmhjnseH^0OY|s;+*{1MTPDMgWU_L5}lqXI2k#{CZmcn?g1~k&HU7q zP)CT?YVdCDCMT5!Sw(ORuibCvR4}s_Jzq{31w_9ZV67NqG?f%Q?9*Mw|7Kk+gC8G* z9cZ>fTc0RyoCEVNJ05IY%OR0nQKO+EC$O?w+mjHGJMrKGp$DM(QZ60m(m+Smtol=O z;-qxh4qZSt7umpuMXp>1Nh~TQx(=BvQGIwHc83pj9uLENTY!9_N#hIAofoLbLyjWZ zV8iE4!{~bf2AHPRk!(OFLG(Qa{dbs}B`oe?QiJy?@!?0|cBIbp7RXwlH}as6Ys;}W zfMSl^A8yKuMdM8%qp4sSasfsfftlGnqJKM0defkWk%Q?hL5pDtpddGCHAp&hN5w2~ z(Q*%15OR`jRmoGmFu9RImQuXue~ZA&Y0pc}D<`6nkrOM`La!GW7xjx;y&>9XpTh1r zhP>@?f7@j$@=yILhkUZ9`)Atvo5k4nj=RUx={3cMrYsUAKPgg&pGnp4!Hp<_fNDX% z2KJd_Ao)zQ#g1pBr@av25o#^ zGWka{qJ#|Vtpo%kYLokcK)$v9b1l;wR?)L4z{n_H>$b@VU`K^T_iD#Is2d0>^sWWbyfxg` zMIuC<+-KkXdaiE)Qu88-eHI=|N=ZZqS)@ZvqJz*YA>Ks9+I#ytqn_$zz|97E4Vijx z$rm)DuLpgo9Rkz@&DtT`l3oB|v>eHmoBA7~6S5;i(bLnTpMuQvP^S@C+T9KPfl9y_ zumipr;mE%nC^HG*HEF(gxY~LOLBEflu1<>|$b*`Ra0spAoCEk#4G^fT3<%B>Mi?-6 z>jcjjBMjZFV(cSt5PVIj3$|}(iu%G#vv+#Q!`Icu%tC@LE3^;w03g58$JO+Ew*?N+ zRkuE3`f)&FFD(;3%f@wVI8Juomty9d8fRLNcnE!n8ozK122CSNJT6*N7V;?)50M`; z`FE@(7NR8}Lr-v}Ma4Bfvg_qC(Rp}@-f3{bj?j%8lXxvg6aS>d_F}7*v>=%&D$_gQYAl-+N z5dum|FgGY}V7W}09?~NAcbY6UDM%`C40E4Zf3`srVUCbiEOmm&%mP7ks@Jq|q_65E zumUtJ;`K2AiD6tI<#a+zqP;xisF~R118wdL1};9^TdsF{L03vFi{GYY`Q5sH$&{z{ zi0&jAJ7S}TRDP@W{e^c)MJP+Gj>eRI}ll>CNrR*M5ReY0%s89+#H z_kImX+4|z@2)m;A>x~>Lsj&O zUiR$czrPd&V|WN3Y13JdMD7>sM4qGLVC;oWS`(JGwIEnLff`t51emR18LorE@&Z!+ zPHjAv+}jvtR5AvRDPkaEegCE2lK_4$7V1^}fJqw-)n8eE)6akmh$3^{MWcmI$9K z1S)_70LU4?d|d|o{P9}c-|G)z%wi0t1CEJ(Jh15JKnWV1RE@g5ry zH57|dJ44H_BygbBA^;!uq_|$kZZKZq5oasCjDE)Zt`NqT8YKlzxZ~uQ7c$-P7W5MO|8bQ@ixcAbKmRBl(rMUST zc^?TmNgXOb2(2g|=+3c#FvyFELPI0WIlBu{O_5`fgq$MN7Bzqj?a*{;KLowHgD50J z=7ups(8((`s&EZJ4p)9)TPaEc`E%+9U_4U0sbt$`q! z2^C?Xvb_$n({^Bk8(B0k@DNa9_D*dfTAf97vNCT@sun8AvpPURRBHV}FWZG6Y1%cv*xnCEg?@CIFKIGKa&EO=?~iA;fvLI_~gqnV=*2-S92;f zb&Wj(GPL=Y{W@aL+`PQJf$~uEIwyxg6+a8AZq`b4)q+P{_$emoZ2P`=oLCqlQ(3lo z7WJ8NXq`9eF%vTVLK3Qj^E(pmL3S~*+2uG^zeP<^his~<*Ed(Wp7)mEaDa6;w!%m_ z4Q&oscqZ^&B_2I|XaWSzp(|YnfylV7jQeH@i)WN#^)mvTaw6nt;tF{SZBReAjo;3q zMms~;T?%Z2BRdho)*f_yS8Du&;dG=?pE9CKtJQSt=SE_U7CV_{Y%DPx3S!!@EaoJw z4Pfs`29F@{Q+bepyC9BywI~dRc-;A{Vx^R~zHjE4H=d%(N}|?>H|H=0L+5?jQ-+GG z(P*AZ&$RMn7bb!9FiBL_XS6J0G+CuXtsL|DdDnd`LT|NMGxajx30%5-?Iwhsl2Z`} z&?QfdC0NTYoT`uU>=xUI4hvF>QJ^tQj)myKaCHjoUX<2=6F~W990}!qieWe57h~Wu zK;RZIB7Mf4Otlg`qRaR^4K=LLdd@+f)QSHl*$S0-+9S&xcy%vaW30~lfiA&$%C;~y z{nu8TU$ZL^1j(aTPCH{8JT%w6>`7qy^aklfxQ=>0HTVRG17PQn03GvNCJfl#@Zh+?dt)id#7gP#?f3SXleZuyxq` zIhV%tLE9b_a6?)~a6Y^lyD z@73&FqTQ@kijHznbrK442dDxL$9ecnH|Ie#g19g=A%}?o@=hAtWxD4EN z>%odrf4(q=Ye~oPD3(ljXlST4f#5ekX<9+tGY;{t`p+Cl8?yJ8zFQ$iow~wh#Rfr% zCF3v^=vnPH;ewi#I5F?U*to-$#Y)}OC#wg`GM)41KJf`n!Yt5zK~5PY-it0UmbcM< zRuS=D3%F-mx0Bu6UqR7FNQb3@a7U+b4GvCO{9O-Ei!)xPofir-ij|Y@2g7;wF&dH( z$Ko#i^KcCSA_Xnm#FOUtMhxzV#8;j(uHBR^*X=$BTHSum^9UV zPN`gP@8*F9>7*+U(NQ=e*vTV4K(s^@qGJ>lAV{!)hMQHJBO=B%+<0}M#9cZagof20 zO3}f}$XgKbB6*)aCRYcL0`YW#GwTxuKQW-^?j)LjZ6BWL1={^`ke9i*WIjfjfzS7-_RASmW~Px?2`t92oCs|m&+q!=9#acpas(KuzOoZ>vx z`>7`bsl8iRWNn@|cll}NLzismRQuN3vGtD|4410CgJe$G|> zdL2x|XZaI=XVCvP-acE{n|@$NVHd24|GXABkrnI=1nDouBGdPB7YqORo4jTu=kz5V z5%G7QaN1BntTpVw_9Iar2T!BfBR6uDwA7$OE2_@QKECqD6(Eq5C%IeTyA~u@z8Ii|cdT5GipNrg*dH4A*y=npd;E^J!I7;y$EgWMr%HW)J$(F|jy{z;t0YCjXDgIB~tV)vC=c4gaD(xY@hsl`d^ zu9@2E9wCMa2`Vhc<`VlyeN3VbdS!vQ7T`i0l)8{SJ!U`_R}6T)4#*#Zsx%`4GmW&l z+=n3kJgv~#Q13C<-a5xINH-7kgppRB1KI`O>!T`Cxj5R|uNrEm^Y7ok?|kJCh;=Y* zbvvp^Dt_a2Ve+ivCA8cUxUuViz^Yji?BvbF8f6rPtLaExWDYthc|d337Z2w?rt;Xa zTK8=`vuB4aT(x`FmX@jUM$1q4_c|#Y*(rlm?bPGphAg@xXWz-V9s?KLz*aAq-vWUy zA#Q3y^m)GFV&}exX&=v@%udoN!W`1t=Ev3!e@#y}O3Kn`?ty9Ks+lhk<1#YV%&Pp~ z`~MULO^_?p1ShD zXzVL-L?F1)%~o{T6GUh%I@=HX;E`n_ULh1^C1}&G-2MiEzz&P+sMc)V?gr=cJsI=K zD?kxTDfbn%685j-w4*F zD~i7<+Ee1~y+E#C&k-cbYF_Mk5L!GM^6_|cLd57%2YIASY|sd(8Dn(YnZj&*FztZC zKz@0#g9QGlGR9m{%$Rx9t)cpl@rx7BE>CVlBfZt$Y6n%-Tp*5kaFm=2m35^I@7juT zE+G4vR%-XV$P_~qo@x~y z#xAZyb$1y43#ewouuvGUL@ntW_V_CUQJOP!DDwGzeJFrx5Tx~Dnk_2nuNvZMpHT|P z9aY%;)*mJOrS>s|cWEqpl}U57+0{`X3YRL$QFN7<=hd0#>Aj*6f)Y zGmYK%P>LIIt4teA9#2nC#(YsZ%CLL+d(uds*>`C%)vjg-iyqbAN(DxaSfx}(p3;$y zg{X_4(K6?yIXNV2$mXg;a}@}8(S|)}LPu=V$id?pjFT^`hvw4(cZ zgFrs%+kHA?anXL^1L}KyXXRY3F&gV;nQUDLfYAL3-AGuxgV{h9&Lby&un^Tbe|pkZ zCCbR;Ww%eKHf{r;u>C(@wHG(TjadiEVkXj@fB9V z$aJ41%fazB(m(E*mEWd{@9MLE$F-;&tzhYW_mhmsu)fdqykBSq-@$c%++2`KrS?ot z|FzoWIi>BQ_az1~ib!$L?w-D`gIVF#Shsb3mH_r`EYrlQR{r*!Fc2=9` zP5J^DM`5wYm7Hs5vaQyd>9!Wz5UQk5^x{+qS`ShlZBI`udst0+iR(VwW%lAGBC${Z z8ZJEq_Q;sGgbcyMlgWQE5Y9S=PAzDwfhu9uYi%j~tA(Gl`D})>TjRal8(A?WtJXez z+1f*I$YKuTNrS9C%bOrsYZgC`XU~gPQ(j7^_P=uGBT44bq(yreX-`;7?RT~)JrbLP zDlAcD{<2C^%TS1I&>SFYjBafY*|zU#(3Jb~ZPNW&>HBEj5lLj_haIEHGf3sx@jU!O z2C@8}(LqhF+g^()&>=~g?L;u#)g=l)En-1NvSR7j-qD^qOCqf8u29?@7INlZ@G z&ix1&sHunUH!O9?GBgMCWupf!e~u%Yei@X2>;d`wB@VOIcq>iH)mtkYxw{-nO-2wc zpY+tg9OT2NM6nt}Mi~@9f1oCSp;&q_(k{tI#j)^ng$kemIQX{YsjQfs+qtvd3RmrsJgQ<)OJBr$NGS6Fq6bmzw)&omR1l zDjkIEgz0K@J+xW;%AunHroG$O;e%er#>ShYLw@*@N7V&@p*n-}83{WeIH)Ja_iWGf zt$Ru1-7{;6j9+3XUl954{?aedAfDmZS&y_mW50TdKSsWK9TpN2@U%(HHc23sX(GE( zu9;EIypQs?(P5gK?g7p#cTJS74KcDm?~k`OyiW1K+tpj-@jw3wwK4HDdf-58=4l+7 zot3o7%KH16nHG|Wjkl2=&~j}HPx|LCH$@SxYd`<@OkYJyW@mlX=_5ic)&IPT=uwUR z&MgxXF94u)d=^dGl!Z~=bg{t}7pFA^(Afb#*U1WV1zRoUQ3uA&lSE;-6KI{_0MBUy zL~7duN{`3{xKO4(&86@4@dSd>sfwd+c|px%7V;Ff^A5xFo1<#~smD?3j9F1q-p1=? z^u!}&$kXSNGp!>Kk?-3c%FoU3?u`;E{)@x?n<;j~TP^ab0nrd8@#h^;O_pZnFJMaB z+s_2rP@L31sfkKdlaJ46Qq5z>bv87#juc37mlEoO)ZM!;qqV{AO5Yie?LVq zxc84|YFt|$j?DY-ik?P^bYVSsAP1aeMu7R~TXzFkV@i3NYeaNuz2RdE?^(AAqQOd` zaNwM_I3#h~4wAgM0keUSi_5_ynkF*NHF}oFRz*E@{*nK84HaQDpbZmVE#N!CJ9HCb zeDPLizDu-*b*^Qx^BQm79{C{X*{b=2L7|9hIb2$^+Y8o4%;&0zog-jt#)o|_HJBwT zcH#S5+`LWuaHrduH$FdwDQy41yq~G3KdJG9?))W-E#r!7%}Vw-4tiv!-k)3a=x(P0 z>9wN})Q{TPhyPhu|BB=V7UZUz3$_<8UU1uvK2%QOM!LN^#7*IA)*z;$iUFBTUd7%Y zFJ8?zik%fJD=8_-0CM?ae1|Zg*i)IBn#%KkXY&k7sC3@ik3G(q&r45FH{b4Lo1S-{ ze)T%_6iE7-KjzhxIChEq9=qz#CRCK{w%L3?qC>SL8aTvD$q4IIVx(V8yo}dxsw<-( zt_9!ICtmVuQMCTjI@vQ+H?H>7fzm7#8~btD_zxwo#N@DSZPW&sbbplRSHJm$;PdIy zk3_ujo@EC{6D`juq}LFT2zZYW$#}P5lMivFa((}^a-C3+7=M37Xc@eF`}<4P>RfP_ zTkb2vww}5YJ`fd-6+9YHdj*gV9%G54o1WfY>C>Hp`Ry z4@3>K%%mUk7??1lmVt*nm+4|_X!Zhd`r_l0fc^broh2tLiwZdJF`$RYQ_T|p+^#hBd?nDXjYn%Z$x&BP&rirqbj%Nqn(p(~5dix@S z72A!%+Ip9kx7V!OyEN06wJWl}<@K*Mpg*k9kX<8hnjX?hkc`xQq@6BK(8~)g%iFs+ z-k;}FCBNlJdKd5$FT49Y!y{Y?gY%*}{ftn(&C2p~6Hbpt(>JuzL57DZnB~P4ep%Hf zhGTTt6YiKY)04Cz=;$V@cGSFAhkpnhFQ3>nBA(X;9%M|Eb)N4Vx`^fdpI0+kpiDSU z>Zb$3RGY#Kck+~>FYLRd$vlbadD$t6i6NkJo<3^%w8CDf19hC?+x-QsuJ*wqBw<;b z2QRHX*||%`)TJ2-B@#WaJp>wnpE}e(M{lA%bKL-8}XB?06Sod}RhQ_Buu0 zN#lkJSSP2Y*-dE>=Bk_IsyWYjt}P}Tylz1Vl$L+z-jmDu3y3$!p=6Qhpx-qyJteed zPX1$t6v`W^z>oQiP+?totVD;4p>#66JFrz6ptN{|gciM@_-)ND7Rg_!SnL5_b&4Nz z?a|KcG{g&V)p*UFo)f-fu6Fx7+VN#!-GLI*f$(RFjQvctb2U(LJ(oE8RvBZDaOWxq zB3x{W$E6{p)TE>~s{?N%IYDMZ`KO>vL&8L$hPPZj0>h;MdfIIpd)BS?#Wp}IdL{cA zh<^Hfx|kowP>GC3Xq0yDPJschReK*$EKKYzoi2bYhTc?|j*do)nVtUen(7>w_6)p@ zSXu@SF=inum}XT;KblJ0Ttwc`$c=%kN8GsX-1+0a?%Vq;$_FC7yC|210mq=lCTF}F ze6v2>g54wby$$opiSPI8Z%sM{*VmO3@XcMl5$DMffATZqR`!Wf?3(w%D`VxB@}beagJR_?SMD-Hr7y2Mjf_Sg6LR6iw%2|tftQ%7 zSC=RVJsE%S?dDbs2Gi8LTQSY(5JJ(abrh@-{Qq4;;LU^Yg|f^^uEn^KcTi&r9w}E0 zX}x(w*eoAQX`80uloPPf&y3IGPt<`*-c_)c%+V@juW>a4#;z!lBnY($ORl2(--3_i zyPuUfYw|sg@w?L7$gI-?fi9#qQC+fnAqWd|Q=L7Vi2#j~H&ZjpQ$jn_r|qnK9eh9L(>wys8&Z_abO zjh8UI;z1zV?J|Qukf#gV>V7|`35MLxw$J6Be8Uk!KQVXR82?JaS+~XeO9yDZp1WbH z9i=UK+0MMgls`)Q)`0Z)N3Z!bGqtn-D@XoSCvzOmNM(23{?U_k|ljAGd$M!*X8^9FQX?>nJ)Y~w>QEk z+xA(m^kx;6^LdO9P0m`7d1jqsDmLe&)vS2&r(fDj%LDn>TZdiqD3+RHwf^?`}rZzU?84Bw5dx zhYsi?R)QfDC~4iai&_2)lOZ;k`^eZ*Tecf-p)ZKv@3dvaVELsh`oMr zCsH~Ni;&9<{+WAt;_0)X%6|~nvQ~o7ItP% z7BeUH{rqr^qN0OR*MB%60y&XGTNw6-n47eB;Kt!+Nw-K>j>&R$=koG0y=VDk8JyCP zEc|*@0#V8+|v`{L6bnualloX9oiXTp(MqMv`#c8G*=S&+(+iw!zd^uGVvP-wZ$h4#!V zUmdkzf_}T5K$U;~Bajl34sph|?WSHE@g?=1!EG)r%ch-SvHrJbvnNb_4`Ln*my)yl z6ONr+8=L(VxIJ&hFMUz|vv0c_7s9R%Be>h42TArB_%(F*{Z=-1e}3rTzN{y|2buCf`) zjku?w?~l!*$R>_{VvPl%49P$2gqu~7RddigePhAyb`!={`jks1jDFcrMdJDm zA``IFptQVIUA(&XW#$zpwPmChOo)pad%uA(`=-|#+F)<`?!05`3Ijm>5fUrn%LZbKJFu71~!iD03i&toVtHUj0I<@>dfVuTvn}FL4d}+Bj76b{!z^0?K&C>$*E&w*1^eU?->l%vlB&aLWo87`P<7T zzZ2V1d9Vg9{dAN|;^ zv(wo5pMbbEbS1WQ+CBJcwbui-^O4Q>TqENufcD{=I*J<8F?I7pokz*WuZGHO>OJV) z4RW=O6@TEbJfTBesYZDd?`PC=h8ecTrniT+xm{zlO7(W?l}G5$BVCIOIG}ARm;zj0 zMqg(V>_bXw48B!}KQ-3r@cesMu+)bJ*vDmh_1W>O{%vwoW6 z9;PfpVvTwen*Juaksy1x^=jEOWo7nKovHBQVKssSCqOV_v?iRs1&4O1>B3|z-54`I z_bJ}mGu$jd?rO)z^G>I!@3sm1!=^$t<~%1# zT&$~~as{b6xG)6`%gmXDbvhTwSr%$)8xLUbyayf|9`+`&#RQyz5t<3$kdcadIDOHu zAd{2xdcw0d_OQ=9Qur%n%%!yIlO2xJNgmm3b1@xpiPITZ#`Z;!-fD62kf4#-<3OaD zM~K+73HZCN&hC7~wk>de)8)6nI|{mm=Qb+dhPNKL&5bw=?|)a(3L5PTC{RuYREL^F z)77Cjl^!**cN1Y93=6Om9YuN#_qvX)eQjGmUZsn^{2PIB_)$GpiP+1?&5<;OM?15m zMn?{Qs?Ota(XWX8iYO?BdqVW5Pg2GBBg7q_lb6iYnyWHTEBoKx*n z*a&Gz0?6e$>)Hn=;JVI0=$Inx%E(!}PM<&%aZJL=PG;O!@!U3xC6?#mB1pA27gZ(= zdJV!K?wVNzA?Y!*bYy!Nmn28ZEm3&nXL`7mhQfRt~E_eNJ z?Omi|sKur{8bAg!h};PT56XKz%R+hmHP`Orr~dO zgT`#OcErf^)E`hiJ5om+=U3s)Rm-CF`wE{uM}T`*deUa^L9JPL^Qr*AQ;V%ZZTQ;L zXg?|8V_Xu(Q7tQwc@Flv{Rb2%szpUEr3u5_(sw&m;QKF7@QkUMX_F1#jQ!E00_km5 z-#|<3^+*L}vVl1LH-ONYH?AI0P5~p<4`SZ%i(^^-|_`~!Z$Kcd3Lzo+gzuPW7D_T1{tpzPPXDIWVak36b zq&9ZWT8c!U-t0j-JZ-(EQ@qBnYuIh&Z@71}f3T2*&R2T-C84XgL1q+kCEudwDZF+@ z*uEgzY}O`oT+zLIb07hafqrVcC)rymPDGWwN#V#QDmK>r33gKyp`215#Tx9|GS0K@GYOHd!n8#1TuZCpUcZkkGdd6as*jckvYid z0=QCToh{iZT6oh5Y1XZ1FY5KH8PLO%HjC*=$K(;WLR220kzK>Z=KtB{_EZ4)Ci>G6 z{OB5|65~@&<*VqW@-4x=edyFh^_Db_Jq$I!yF=|g=!ZLjcO)x&|2fmsd3`sF(JY(l zEj-lK{Exc2#!je9-l73VPpFg<|H`gF<8`%!(*+_Snu(ItL=45MhEf0@ud~x{Fe6i0 zcRRMfYBJWL05!%xkSh?bBxyFbzfv~x4;zuq?!}AOU8&)Cue%~#wX^OCnsr9U-vSec zaP3{XxBbt3J(vQ4!)c1B4)%6;c>rM4KCYP{jZ|HoM{WJ^Gkbru2hyv|i9|2KP3m1c z8{GE5`y=x&j3EN>rkbgxUBn(l`%nNW=A*K#;>Fwt4O~e3 zT&y5{!TG`m%O`Mk#I=po$%qP2z>q~n*EQC`CLzW4G7|U#aBg?liksz1ZQ4(P>E*g9 z<}$Xpolj3l5SZU5fcSk1x#P~?)KDVwY}PSk!=nZe)yjG54~ z)4ti)jqM~vd~6n?=wAD&i*@%WfW{qwyPzd*yz+&kqFD61rq11?94u+#PEO9@O^SC3 zrgBa$QLg1>ZHmnYRUbSv!S6l9Hx8k95{1Zyp=Ouu*J8HVCVLQ(XjJ%X{B`@0UISw< zV++H+@@{f5qKdozoq{;GpMn+XxKpBix2J>uLBt3Opw{)+DK)b(b-XV@h|T@%QDDG~ zGXK>!hNhD4;+yMmiqp1C*jqY@?4Z|3D&AvHt-+lV&dYVBU+_lNAG?^?EG}GeBYMHJ zjakQ0R&t(f(-9xowAC%8UsVtD*`3ZM0{2&w7yBA9q7vl91EZmivm=B0$w{h2! z)@Mrkacrv|%xUwU$QGCMDWxAVk(;{;sRv|B|)_*QC(k(3ly}xAtU-bSAGw{jg zoczG^EMX%R`GN7tS$kv`8T0hy&E*R4kKMMg$ATdqB7x&Sg1NgfiG+rMsSiIUtbAe& zwBU@Iv@-W^zVV^|J*Yi6DGOWW0-cj7VjW`Z&i;26`Sb4aqDuJR@9FbS5`128E|D5< zx~BFU^Q{d54B_`~KDIqtRvh>x#r@hg^z>?vAj6x*S-}%pZJ1t0mU>^lCWBKPn@n+k zBP;lzwiutH^eMQGnk?YsihsM?@PeC(csX6&O--o(&jN0gr?u+x`F-hoANfFOZn*zl zL1$-phw-h!XN_6AtMf zV6Uj3iDw2eHNo9QZf5UzGm3=3svxp1Oa>O4sJYT8!}ABVgh~g{(#GJMq%(3JQ~dsh%Y(hJ5l`KO-vJ9hG%lF{b=|lv1B<92uWe1XZX&HdRG48ccQ~oi*6N!oizLIa4eR+R$b@s*5Eu7G3OqgjTb0`XZI%D6uVNRSL|v`d7Iy#cfC(NLOi;xn zD@!|d2I7kzpaj`*Jm3AV7eM*XO)8<^9+Ke8GfRLkzheEF7`*i(4B2pD4~`8Oe?LCl{N1hxC{k=_z?_xHC0DW5vvGkRR0r`N5) zZouZ*s~~Bnb?%W=Sk+#9F#N*k-{GTxO!xP4*k(T%@?6PD^tx#XNpZ^q1*b}A;%TZ% zQg}e2|K=M&nGpS@j`#;ObWSfaX#3#Bv|vUEb~CvKSd|_fGFCn8TZM&AEO@M!FLNxx z`XdC7Wq~8uHY8I~L2DBX%oR)klG{DN;Sp2_2;yg;UW)?03us74M6UK+uEXZ+(J?V{ zr#rLzfSXTgu4*Y*R_ffF8Tw4F`5JKmWPO><`#(D}t28Y$Uk4_J5ZPkSr;NuE!xt|e z{;2D+R0B$Wr*(DBf0s*BPAz*lp|8pJizQ}}xNb+!HP zJ4m2`97nZNAbpfVi39B9(8Rl^P7p8NI!SOld6gA8NpYe3J;VBJonUKQ+de2n85kKq zcdr9wX9p;a_W)7}pKV6RHb|3_wJWv;p6ppAsRb!ezcAzy}dG^_Fu^hf%VuM1!gxwxK)qk;vUQI6^3)=ux3EyO{nEjznM)Vz-djp>WSh${ z)Iy#Kt%&FIOH8wb7ll~be7C?yb{)+~-ps!{{v^j9g6qfywiywBMTIpT+{OM=TzEx? z!k)bkr%PXspd2dt!ka$$#`{1#U3Xt>znaJQaWlwGTXDmB_p9t)H(G%c{9Y*1?~h>p zHM1Z@J}HO5N#OIZgYIs{H=E-Ru!z~2*VN_Ar>np27|e#~gsK;^n(|`$KnBv7 zjEzlE&rrt@NR#<2(&g+CBs~jyrQx!d5~5doZMyXyJYaf2b$A0NI4R;MTYt<$SX|6p zR)Ad+8IA7|9;{}S++n)v0UjRS8BhW_AwcG#$CzG#ZNV2bb8)=M0Km4Ee!<|||$#?v9+n$_d2 zNM+5!i6kOcr|hJ)$Qsy&Z0%0)@HZ=3{c-HJqJ%bZ-(I>8!;70Y?ZWF}#U~_El>|r< zfKt^P_t-#*DDVI}S?!#+U-T`M%=*zU9Xf>$X0Ogdjw!fQQ31t;;&Yjo1(9wcs(969p6ahn6F+ zo37oRsIj$dqO{z_8WCc0GE5~DYGVYoD}Lj)t8s??*sz}#oR6il<9Gt0r=EiC|cu5!BOClnEaDBSpEbK-%#BfNfzfv}6NLMUsv*Aj+dX3{J$byYs;M9L6sBF` zpFgUBxFI~#^{1B8Xe5Rv{`|YX7e`1kxG&O8t0lrZ@<@nc=*}nyDmcU{KmbGtAmxZ? zJ71(4s~jC%4Ef&#+m|(r|7IDgRuQ?L?*TCZ=)gKp2p-Lc*-)kX2AmY6T;&Mrw4!UI zO%;zI>3}f`nc7w@KnbH2h}w8~-_W;FxitKjO7I^-!Nd5OB}#y(p`Rl?G8YNWe?B%m@z1zW%GzLIwLc}C~oS8={ zW@HToy}V(I=9wH`b|b&~MhvMYDxU8T5hmJTBk9hhe6$07qMV8dtcCb;O8|JZnSs+k zj7^3z)90Xv@!`T~fl|~_4$6O?!+#f}9E0-p3~rtGb4g>h6yM@KF(E!O=cZ^G+0oio z*NcC}(}D=<2fl;-^G^1e6Qd_j8b1WJ&`@^5mH5he>Cin_hGFzF$WGdQP-P0jcP||y zT80>Mc`E!-F9a~8B6jF62TA1F@B&$%N#6Erj>L?7mtF86DDQZ*`q9M-TR~x{(0zM~ zh=r5-alG_{7`iP=4sr3hWwUQX6uKWd9i4SETQHs$Anv48n!Qt(3B1org2en>ydiTTp5+hFl z=k))v^%YQ6u3NOyDO~~r0wUerjY>;*hjf=T2-2XE(x4(8(%lUr-6h=(Qt#V{_j=!Z zV;uMJoU_N?|Ne5Vx#pb92gEhE(+LsRQau^k8of3;e284G4_iC&)mq^}KrRdZY@%hD z;}mH1%$*ecu##xvLtNLx+nadS{|c5ir3rWvHq9s;ZyV_5E_FmZ0Z}D^fQQpTCV3}L z*}6zOh7W|yPX7kj%Ap7y!5qC}IVNj8o;28Z+g0BIQ9~6F0$||a1OjY~Kv7XqqQ=Qt zTgtYC{PESE@0|W|G%aH>OW>0u7hL?4NBDF5AwfUl&@wV>?2N|NI5ha?J44T|&GK;6wQ4P+7%N~a@XxzqDeQh6*8J`R zfA%V0ub(?02YI>?$b-}#(9;;=$5lAM&$j|6%kPbtb8BN%Jn( z2~lJ`RmM()pqs2NM<8P`1ZIh=?W;Ix2?#x-_SL80s9y$g5PJr?brj1RTGUxr5OqSx z2^>qrLc^EghPq&+WK-#DcZcSV4iEc0(MbiZ2==Bc2i-Jc)DG;U#^QVK)1AAR^D0Uh zk~|i}<^k5slViIfyAeQUu2*5h_~?#^psDlA$L_l!WCQLSL8Br)j|nY$#xR&Sg$c!7 z{+bz{6TSI$zo-J+jPuZjc<)wdkrw@6-blVD{ZveVyH**Cj}|A^tKPNdl}@e9&tUSn zA^GDhSjfCCQ$VHnJkw?Z;}FPArg3Ja zt);1K{s2A=!%)|%N0!C*%uQ zetms1S0G@Qq^F76ZyBH&Qy@0v7M$j^nR&N6TMLmHNhXvGIwpg-4U(UHiSU{m-Ybl( zwVCC`CMhxPPx>s^ZK{$b`HvjswCW%*Us` zzCASquE@p7&n_^M?uM_OrofDD1B8?q&!(3lh8n!U>EctMl&6 z|0{f!(EyTVpY^K)D87g_sfs)K>`7*1i5+0oWh4k@)y8R#1%?{(&;NG;2tq3&_5N5Ge})kq zuajwD1F*OXQE1ZqtKicf&y&E$FqMXy zBF%V!z>HF05EJ+oJ_NWk0nDezpTrI^ zq|#WWFRsQsuHqmmh-X#V0%z0DviD*`6;%Yn?^c7{9JtfjFaC0a#oB7Dk!`u98C!4X4?UT`=X3qjd)8UC!hYFJ1p zWNilas9nz{V{O~6*5+c zvmps$^gT^lyhr7&aBd8u+dHt5(EU^@@7MK00ocCoHf!JoaJBE?P)s{?0It)spP$%^ z?`SN3Z*7hEZ74rp+vKU*V2+jNX|GmJ1*S%i90Lo-cNZ`ij z%o|cBa??xgugjmucf!wijbiYLcfZekl7E?hxH>yL1FrU~7~xj))f(iE^i?=rwNX*p zRcGg>!_v&k(YgYS)s)WI*9NNDtq&_zJ0m~xYu{+lo@T4=p2t?JMm&Z745?rcK1%tU zfD7GG<%yX73%0-Wy+mp&e1lTX>9zZPIXtPLxOP0C>tTew=5E0=fEjNMyq<#$-Ge}N zMT1id`sIZ>CE99zmJ;#+kWB^Rk1pZW`a`F}yy5%{Z##pJlN~z2hs@izuS%Zs z$WPNkdrN@v(6g?@yF+Zjr%8cI%jSAGt)`fvibVIfl)JOM>403}D2++MY)5Ns|7qI( zK&VBaPW>~AXQcxNNvYGFvFa->*_(F?p-3V>Nf3yquQpQ|>+Ai&LKCJpp8b$F%1*`pg$`4}YRIG8aUpezaJFrQkek8&&c?+BD8?I^n@}v7S5>Pb! zWdML zQo0I-ax5q&2vicrDXny`Bk=3FtIB-*r)Yq=&+qpRhG@tRNVj_A=vdUf?Fg3SA4Pok z(2@S=J`8z|?^;QDkg2Q+7S37uF_LEwBzO=Gibk2Cu3B{*%pon^IIck9s&#+!l=ygE zp-pkit$@{ADEj`1y><5uHy>-&*D6lBu%7;4&!$aCGTc!sL1Z`s;Pco^b-cY7hAQ^t zynlA>J|{G&wx2_%P6^7K@3+ero&d&FI+B8rZiFK87gm4M`mgUoFK&3^&?>KN18-J;^OWAYv@+Y{a zt$7wMcV=6|@Z;UDHiGD9PFgX4{o*+rp)D&xmPkhibtaX!TvAGZ2?@)PI?P(mKb2u} zg$r0{$H??QxO>OO0*$PE=iERgG}M^UvaaF1J_=3PZf2#GW^Q_is)Dvh^}HtaW=o#<)(lk7IgANQ&l8e78FjyZDlt&IwE&72ZD;d7wl%eY3vIt!J(n2Yro%rH1=%U*0)AKgBU(qu zxwhA1G@%qFJ0-Pi+`r(Yco~Xbg5y`^^Xw08$S-bsgT#!0+X~C7O(sy3q{2KtI)rFd z?4bAXmj2Kd0V1-zdoGSRLW?RUOjN64H=-qRb2(*uQHU|KxMs zZ41Sv6MoW-9haCG0w@PdpzFP;lN0+cs2fzG9c_F~Gi(V&T6owBAggo$aD#l^SHn_4 z0RuD(@dXA~HO?~5cO@TkyKPtt+w%wIw@EACv-&psOY+7ke+7-(Y3i!Tz0A+0<;!rt zdn8*-bAu3-08NEDWI*fKJ*kubEFy4^P0xP&ia9t*YXVLQ=`b#KQ{$yvTHb zhLiX?0-rMj;8ruy=pzK0-K(&5Y)_WicR!6^0BA6Mr9yl0yTXLL6YULY=etQEMcTG~ z19$3N*B$y${ZLg*y+@T@gB||K>o-@J5%;(M!W!(l$xr>xc_)f%)JY!IY(Zla5%Bs{>7(L4mpZDt99(Vk3<1BvI!s9FMtB_3#=%QRA` zLj-iO2`onNa{LG4fb%RQiMl!8C`9cxlt)8J*@mdM^6&%z(}Rn^Fh@dE6dF_z!hpjj zE>LB#9X(<*MTL|T7Z&u(Qb9pO`^`>yS5Hq1@S%Fkw_DZvYnm4zE+R~Mpb{{bAInn( zw8N@ZUyhHRfVme5kO@Ewp+916`@W)dK>TUTVzTrp@azi&)_S0>hj+eRHfRU>AS^?a zJlD~apeM5B*vrAn)17IeqC!wN`esM$^#`)FOA&Smd(!nVOyoLN{*$L_B!k#bER0G! zc9*kMSP#v=_7qK|NW|UUolJaXm_!$Qwx5hv6rQnSr0Eg9wQP`S{i!pzQ}5^#rJ((z zhsz`^E-rXB3#Mhi{R^>-UaE8c^seKMwBYV9N9hs&`vV8E2``Zpv>`?d5pGWX9OL>R zQpz~zeBykl^hJin02)~7ds9Ar`sC@;_K%_>u01`FZ;{#GUVv zBVgv`=rsxg<+fj5QNz@CpvEu)8kl;(vp@Ytz6YuGPz_sdZx&qysTIEIK&Df2_qHaoj6FA~U-0T1jCVhRp<7(c&${$(CF0^%ktTer1M%*hM5UvHGpflroO3WXRkT+d@EQ1G8IT0njZD z`}G-KqMYx^WyWIY>xtM@Cbh&etWO74B%QRJ zPK~hgt(YOD$edTO)KgXy#Ti}6sztgH;N-{UQ5%D5eekpFovtiuR3#`GP$;uRVLM7r zR@g5~eh})xv${E7M*pD|%9EvC0@Q{5zXl9c%Je-x`Mp&{1jfw%?c29J zsx()9)elMd2|#BSalp6icSqI(j{fg4ORA^{kL+WgX+LpvfrEuz00KDXIn^)N*LVDF z@B4aJD!EMSG93#>4LUGaAKgz!(i)BMu=aEQ&l?1xw%-_Z@gNJe3q8zAAx=GCet zboU}uP^}s4G!W-Y_m%1Ls9V;*31E@Jtq;E%t#V;iK%;A__o2HwA^Pkb=1Yo|E)~o5 zMu}&dwJ><=J>=trRVeKMTi7pSgStz>JW~o&AR&}U?0jVf_lkPatdrRf==qv~;fd{` z#?Ys4fXI-pZ}f(5(o1oKP{_LuDfSFtrl0ubfl!BL$=dkLGRlCo4Bdm71s$(GnYtLl z3f`^hx&)d+vzAkc07r6$_SL$busn6prIEliw^`6dRwaJtlQ2Nbo?&#^Na3l0)I}Y9 zN=OMEy#zo{7%KjB>6Dy5`rjr+q+fyKoFuA`%BQ#sh-z;hk6au%=k?VLQ~kZ_NuM$2 zw3oQ6d^TG%G7&|a)A;cAa_!4v_}OP5fp=qbn16U?>pR8-jZ4||!>7T#p@va!hOXcR>{Y}Au|?~-x<_EEq+zB{ zRoX@YMJEPOr_&HvL>Zh=i!&3Yl&v4Vufc`#wi9A0co3>ttS^!gKO%58V{|C~HaK`0 z=pnguwSii$2^`iU8R3$Od9HhNRGq5j7Nf|QS$6F1hsM~sQ5U%hgAlg18|dSL@|MFx zd=}_@AtVlF(>{U^mSGnKz#ze3xx^U+tB^)R9I3#)uAJ52;WL>8{f_0TYCB`HjRB2y1vd;WmD{*-* zwA5>~li9L!Mnx(qu8wF(-af!f;Cb9h6|i`O1n1eFO*_jR!F)69%5mKtq$9r zDFCdUf0c3g=g;si<25~6`QW;3X<1pgw@-prv&?ZYF%`4JKmfY{iWO{g$`Z)5c1oW z4-}oR(l|-8nN=`)Y`tDJU*1qOyxH=8-m4$J_gT9+(uasdH|eb{=NfnFVcy{F&Cjzu z6U!1XH7b5hkF5vW+vHkfVm?Jo6cf0@9pMdIl&SYDO>CK$`)G$eeR zINQWH)8)8P7se&=`esa?j(NA$7Q@^fd0Qws2=ByVdF2zMSQ=;l4sGn=ZjVP#((|PZ zW#y=FVRJhSJlmPjhUK)@=1NkL2nz|@p!m^XNGYI)N;so?2<6-Ml!Wv~M4PtacR=F7 zVfY@oE>UjOiAHgguU^vPCRh%HQ{n<@@*m^m=>!EyKph<{+l?oyxh%x`_F2VF`J%X& z#)6D$jt;nK0e3nJh>$Lt6eCbzc2~5}`C88r$Y%(DZqeFw2TaUviTn!s=zXo7nQ_lI zdFP9dv5t)&o}cWQKX+;CO|zQ#+tP=T^}6rd>I`-$jf>4hqo!DA=5ODaw*o6>pD8Yz z7>%uTgML*HQgAu@7-*_QOsK$ErgfW*A5l#y4DoH7bp=f?rH zr2y}<%ucQ|_1!)=`N(k1-~4marRmWUa=MJ<1z+j+^e*CfxZW(dF+0tp5H)gk(oAl= zb*5WxH9OOZQj#-&wW@GiX~m&?VNc`jz1}Fd)vtNQNAmj@f+yduq?6SY2F=E!bK?zC zZm+|zbCb=T^(pd!*L?EHP9_2-5!07`W(Pg}t#+E1*gq=l1^P(5U~=DX(Il28e3OCA z#e(t}1;+t0>MR#v?tHhN9t(WzbVdxEhl9Zxch(HO`pHm^{>~xf9RSl1g$;va;`CKu zO19=1O4j#bh%hV7QC&__VOMMK?iNU>SA+rZE>1a5ns(%!T{^nl3Erd**i5CzXJIO* zR__H#BI?4GVI?}rGgb7&(;Sd;or(Qt<%s@c8_W%aKey8)wTWv?u(um(5Q0nZN@AT@Z>!6o-ai~_daH5@LrHq*w?Id zL?5$~Z)!RDRI(RAGf}bkK(c`yh3;lDlChu2Xyj3S@%G+Mf_w=!JEIoJfL{q6OGRZUar zD!0E+c}J~$sxaE`wzeO1|C+?Y==1xrl{`P9M`p<_-KBH;M|mG=;`pPqgMRX|xQ=qm zg>RNj%$axyG?sD$RbwF`w5(i!bO?d!K+13cD#q1c%UC@OZs;5CQ-B-U1>r4epmgTl zygtCve~aMs{f8JI#@P`Nx3B?mi$oR!_t@}#B?@z&3i{Cv(PBXtr?c()8I zWf6iKG3hxmnMO;+%Q~d7OK0x$*$)z{uSU_jI`rCU2fgWXr{pXJAqSVgaLWGXg5~Qa zNjB1;1{4%z5j%Yh(>?9T0M#4X>6#IXkfUV}oQB-sI8-Q;aRHJ&%Zg5lQRIVo>lK;m zos&Vk`3snXPVBQqVT+oBI14j(d__tN)k-{)8c*iT*07Gbuhbvy_M?aGeCp+_f`nWt z6HK0xylibvyD=AV{}9D><5C0Hq?6EfU_y~#Y|VIv{mAI5>?_$k+7`(`S5t21 zUVA~D0>@RNYd`;Fw4=A-sl40uSg-x;>skAqBU1Hi9R3o6qGya1@LzOU+Uh!VJmER_ zWLcje^W4a?2|=w@>?RJGtJ8Jlf4Y8!5f+KqdID2$T{_mcADl(OkD^ZEtcB-5Y&I`VD#EWa!BJ$$ zStjKNyfwy~Np|+cDrkFjdhrO6O6akA8F>wpvV##`+Ml*7-gLCAVgP@{+~%-pq|&3`^9&m?EbmevYQl%-P0Bw=C`|(j{Vxs3ciYB~AF z9(k|Fe$?5J$w126qDHhG##g#3Xw>JPF7wV*sCrq7*eqQ=Tv*c@u?1KDv<=Gq6gPdDwJ6q46z<(!d^am=g9wK8skG<6jp7B~x9y#=v9 zu0VQEX#rlC4Z|`9mNK(XB;OCLac}i&H3K#?$6V_17P_^r9KX;tMin(Ils&*^uPEv#hx2h z3idwqFQKRy6!J)t0 zGNaiqKI}yxb|!1HhrVh}^&nbvwv5W=`sz;}N9WRmWKXq*Cs1aU<*UL^pQ*EYu8Ub1 zxpVTzLgJ2wBn}v7#;UfFkFQC@T*`e&yGqSS^jC7N_oqMPl$>Z?ew_OcX{qj`a5=_c zsER#yT*jmk(U8+mTUEryP7IvKVFE=u!F?$!XCrc2M|aI&bx6aCh#&dnQ@RPP z?~%ceyL&q3ezm?WGN#K;$-2gEM1Q=Oik50STa3oIHw|~GG%SM~G&1c)2Djas7*Q#@ z#1cH>?+jORPP5*3Zi>nIl+y69xGaT(MOV%&Z3aGT{t{X5rUuVwJ}p2#?nY5P{t5Kp z`UGKlR-QqHN`v$KO$)1ut_kN=mO^B>FyT&)wZ?|nSc5E{Hu5gHOBuV#piZEhb+-4rGSyV!V?&RRFW(dC4O zjvBn~&cr^b&&upp^0f8Ri~$Kb?$iCvFMF6K?cUehBPGwvX3Q+#N*b)r&o3@pOWbxI zSQOp*GfjU1F?^O7 zcB^_mrrCr@VhjGp>$gqu*CVYZvM+(-som~SJKYMMspHqS2@z{nO{i~`VjZe-dFaXE zlI>o(h3k{%KKz;BteMMg`^a6AtoEXBZld^2(KpW1mSOu(xbXWou8pOlNMn*|oO0gV z_drALk&LJ2U>?XqklB7j(k&Xtd=jo7c|cy-5xw_fDw3mCZuLL+BDNHE4hrj<5+?NKZnWWY@9$tg*VqqTB*mJ>iI5tU+RSB& zK3^0-EW{12DnW@p_F1-fn{3pbeQ0y>0IJ#GU7CG~)TyA6nwsDO3f{i z;#<70-@sl{_JY3X>Z};?QjyHzRW%feGgG$D2=#)8g-zF()igm?$?vQ{om~qpw@~Oj zRQ}!MX6)Q>W`FfK?Hvm~8m-mKy{GbsD#X5`AK5ZOO_CcSugxNUD|opRh3tj&fEXZz z{ajwY6IcT!lS9fStNnC7hw5KbHvT9>0C0%_eWA*|f4-X)^YfR}*DR^M8&F#n3~VC4 zt;<-(36=X#X%J(=5Q#O`$~yfna+CR-yiw% zs`2Y+DA775_ZTa!ibslNT#^X!qJ0>T2FGb%qH|?5v_k<0}j5xe`_zM&-;LQnA0zp1#JFz(J*M>IP3=t3 zOfkX8)Uig$XAqD`F6(s|xbB4jq6f{rJIdX@Qi*Ds%H~fV0_2nSeV+{?Z&8`OJo>?J zlU*|h2=CV#18dX-f`4btabmx?-nj);;^UrA$}|))5sgVL4}NbASk98$g~KwQzos?a zb0UdcCa4uG>>rHU@?(-Ca@Af-ZyGaLM1hI{^Fy*HV6*Zu3-fOjXEsw*b>K{5U4PNMM}<%zv?fMrIwz z8g8J>jgg)ULt{lZ!663j>IAY*3zkSeZ%h)=)|Vh|u)$iocF^sauzyJlv!0VNjuq_- zOG)N;g_(o39jP%p%)}5QWY+7Z%*CYV7W*wI&{3+{D$oCijTTM-%wjv6{%2NSxW#7* zj?uzTa0upeNRgHBUb(z;7pP+d)|1VmjlCDzY^ct0z`v+_~!S|(8Ft8bbic0_~-xX*DgUX#_$kE!M6kt~a1A22u`tip~ zA0Q72g@mK*SH@AJWvMLi&bacJ)Wl7SSY)N#Xz}rltw>74>QkuuAMOK<+F>P-=+-Up ze%T1a_17RYc24FC`-jR0!B4Im_Zcsu-cdn54&Lv}XA47}uklSX*)1gBm#*9&*OBPP zCqYKUpIV{X!9*ra@G+#c49LPVUzCM~AJo;?V*+ciFMav6rm}EwaG$GT_4M=rrFP;t zPx%{GBr%U6iMO{m6$~9EB`hcv$vTG5-OYwCEOMr>+X|6=b~`tv7Ro0+uEB)ioVs26 z^OTET_xL$!$drMfsn7(Aw^x1KoC_`Kzhslik%v4bpS?=qCra7W6!~%$Hex^e|n{xj|@;Eym)Oc$G* zpol?C91beHhCrpXFr~y}jcNr!y0t2-n!$fnDErcrzB;0C{S@*`7k+{^yn2xVTy^19 zO`#i9OL578ho5w%)>GeZoW2hD`z>%{`a8|yo@KReX4nUEKYa1p>#H@wY@Xq}!s;~s zebYDSV02PR(9`M_m+=v9nUjN~HfL}n^{iYfe`3)Z4`{Cf7hy{`ySDtHMh-#xw}g~b zz|#kgKhNcx+>cf>j5;Gt8R!}cRSS~F3VV<;e}kFEiWc_6*nfx8X(A*9Gw=9Ddtgmw zN03{^r?}T^fJjVCEQM=j;}US)S2o-TW$qUd4(!~{dH`Lo8_rwl?gI|68Qxtsg!LcT zOB_6ig`y92RT-ze-z~y1IQz%Pfkx?}_#3;ssmsE+QAVaJz<`DY_$Af>LzRVz2qLc4 zKl>XzOa|8TW3-M8)j^8fzF5XJox?qM>dFfSGL3n47o_Zn`vXOqp82MeyUcX>X=;ar zkihu2rSiPbh}2~-g^>Qd0}3e{Q^8b)Fp}TPF(XmMo%hj0s{2)E2yOEMNp+*~8zOJr z+)Av3vUy}ye+SuQ>-37Zjk2jq5c|}VKX2_)^ZV&-<96z?XZXROJsfNZIf=aelpO@= zL={dXfxmm|emUQ5FLSu}vjPSBBNW_f1!cXKi2T3lXs=l@cMoD1&n&b4PGh{BuLx0G zD;=7p`T?PP0kZPvYj>q$+JfM@7x(-0-_KNso0+j+>Um>dW8)LAw%}@kKwIR4oLaJ` zy*n=XXVdw@G8Q!b(p%ndo0=fkz>7Ayb+fLMEI)=$-Qao+SbqO}-2Gpv>!81G%>{|4 zVNqXpB8+LOym-yn_RNZu_LdtD>|JqB;kWFU$C7_0oXk&}srXc%{Jg3<=vmF^G4=6h zD2+qggH&<)=}&eW_9*+PIQg_qfDm=R?fz~o$d{41LenE8tUop$D_QbTjqIm8Bw*A# z<3`ir!z_6+O6WVR%L$Y%Z;~_((vJeb*pZkE%22&ZhTFt z(JL>}@oZUKnf0cmG^Zl%Ws9xUdpk1z9egw7v3!&PEASxPXQFH|f6ny(c@T8C0ll#v z*nHZX-_SGIhCjo%F&)uj#|1)K830degYM_{Fwx)fM2>tAAmG`@z^(LC=1@e~QgsC; zH|XR4`=ROjh~lx;SizbCwr~ah!?IlhPmp81-QoSDd}J%-iT)XR##CQ_75qU>v-kh+ zrz~J0wtdVA2^en-bZcbY7}$*?2o7zm508eS8{Qd)|NBtj;s~Qi*B@=SAJh2flmGs; zDiGS|PtMA7tb)4tA6NdI9|X zB1Y|nwh-)h5fSzKe(e6>U4Dl2(FKk#d;H`ysueXjP;q*s|k zBdhALTckX{UpZg_K>GKX11(4mq|#UR_6XvD3d~G7y|}EWj5~OMptB;9AwLD2VIeoy zmyl9lCon;cF6gCZe+?4U`{gQivUE+Th{kp{=+-t|1P0A zY=vUlJ$jD!fA<|Em_z0V3M%uT*+>wTxg@XWIWxpXJDi9M4YXeCA6kdhnT>cEG*z*`>B~1vlOpvR@y>-9 z9kZGCH32H(u+C+MSnxhrR^a}7Y^x#7wXNs4<~_^0lWR9~^TPW< z5ZveP_PDvZ`HL}WfT-temK3^UQ2uUfBAeO5%F5ffDENdZzmK=Z2Z?(xzXPfSKcGe| zoUp?5SKsN#blslpiG^+l8mf$8{~yLwV5Jd^JL_p2`TF+V>SNsn6EBa``>(v@}b9 zE5bm?G9me?Jq&*taQ0k@dHc8WS1pcG`Q1yAe(FHFy140%12gMB0sZLLH&+)40&f7; z%4d3NwkFt@#DOAodj*X2t11>K5Ei_a1|Jf^B!MDdsnFH+b-#e&LbQ-H@YsVY`_U0a ziVj~)aP=FUPm8;|Hl7#SWu~%@q}-{?6P`lOo64R*lS&}yS%u^Q7)4{Sd2Tya+i8>9 zvd^x`LA3wekFET2!EN~xiYvGHeCe-A@4TiA~pv0Raa694?S zPtd5u%wk<70>E}4M=>jC`3t{$fA}N#SO^!S!$?1{nbH)KMQP0sfkb$`P)9cIA&i(d zsRbY=QeAd(`hm8n&9DK4?B@FZ3fn$_4wf_v#NuBc?Lm5AB`TtNGGjP^&Phqv+Lob- z+O@8G@Z&-bHlWia*CR==Cpc;oBHFA9A;eXm+Z$72_!$CJgR%I$u?#T;>_DTYp0QvJ zO{?T*0d`iA;{!4*rdswp%y9(9MhkB>qypd{vTA6WX036N;q4w0FR3K~o3xuw$LHg;>xbF|#OzX=q0lSd8W_1VpT0^O%{Av1mn& zzX3wkq_nrMKEKQWzLDqiw>M_nz~|6tdm;@=Ov@$Z(R!oa&Gnfc^K$5xe~FM5;ApTI zcVWo|OvkVAZ|*Ip;hzdr3biL;bI%(*FAh!F0#qwHtSb%(hz*QZA42}c>apq5 zYGhTGoHpT5BO@1_vh)P^w(vZZ*L^jm9G#YHo>x~_`+#ga;R2d#9j!KRnem9O#f@rP zUq2pv&1OKAR4`hgg^!9isp+x@Q`S3C<$^z}5yX=Ul zl!ZZw3npm9rPJ7(*5NJq8NAIoF{*S4iNU1GBqtc9G9$7kFeya zwxCDo%%?Mj0TYh~A#Q3!b(Ju!Sy*m&#tpe?@4fTmHl1cpH?;IjQ~VLqX~#g{Y1-=) z8WG_~fqQ^6^NAdj5 z57m~m*SIiC4N+&Zlp33wE^6DQD2zwd11r6eOGaOn(xdb`zfS$ng`G}@l6}KeLpJ!z z@t-J%8V?$EMqE;Is)(c35B3s@$E~^i3xWDM=piO69I!Gy=e8U{93EX^`4$;h#y4=1 ze_Y2kWwM*4+9ozn=BZ1LdP%0n;Omhb#nWa8vkv>%0r$AXwWbL_c?+~Bmq8MbLpRRi zlg5~u<4YsYt4`%}9UyMe|5z~jl8<$|PnBwKp*f(VZR}amUMoaaT>4dg=?9C^9$?zS zOCxv##WB@o$eNj|jtfyy8WeM3WBboAtAm3BeVQ)dux{o`Z~}e{a)_{KcM|vb%Hu%K zGerIYQaQe@HaFO!l)!fh%;Mu)u`X%;=fh$dWkD90N;0AIHRuv(pfBsMv1 ze2^o?)6-L%WZ8luz#tgyF?4{@WcT)KfB~5fB)^8{((Viq!5;`{hU_$p>O{H#71S9P zvaTiyw%j-dtvIS_8m2v%9YD(0AKP3KFiDRtFz$Z;rR|BHqgJ)Uip)33LWEWI)R;5i zN4lQyxN})u?)_7kYC+ub*(J-u1C!o9qqKZNY5YSo|Ffy;D;TY1zdAjRwyrfs3V&t1N&^8OPn)8PYMiMN}a_($hHq? z%SmJ#hbz51(-;0i6sW&ga=1Wqc5F8z;cYn{&fIe%FD9 zlP2qC!dbKN?xnpxgRP6aPPK8kY4m}wTrYc9HTL^xxL;t_+ZvL2->0=*slK01WSc%N zT~2Nl=|ToDTzHT)-_}nHDm8P=L)j+M*2W_@M<=dO3YrJ2E8ked6b8i8ChD8?Wy{Dv z8-Qu+>Xy?$s=%kBW&F?08j+Dusp0HI`-Mu*_i$EM+nXvQ|3Erv}q z+Njwkw%q#g@uP8RUc&53GOqE~@>L%X>vG6if1$J7DmZ{ZaRI)iux69i@%OuTh}bxU zJPwpKu6s6Vue@gvE*H?45=vZeuG~K|XpI?IZc3X@9}Kd^z3j_5IAiUlDwUVC^fYnG zuK<7poE8~7`^XCHY(7&JTtOmYn$LLc45`)$RiK{Gfab)H-WBg@Nz=vLe{h6sd=T!} zhg5)@ZW3cZZK(3Ou?mkKtu(ac>`nQRX??tK2^M(AtxcuB%7s~83`*exX);EQ(zcH- z$ET+q0MC+151y2-e%OaQlQ-H2a={kHXvN|lZ8ZmSe{XNx1|KG8_e6W#B(l04l;@`o zDYCr*IQb4QzWz56d(fjejt-K|Xga?-&8(h>HaWla2>ntUs*|L2Nk5J{A85^ARrq+9 zV?UFd7$4~>ax~ZelO8p-<18ep)3@SdV+Y(jL76^eg3D!G)%j5ko`fIM?x^WvtAjju zXooTQNU-M7(>Njh0wd>v6>sZ*vh^7<3x{u++x5o)y@#>W z^9HNEp)3SoMW!WK5==n0a; zk92BiAlBw|nbcqkT*-+f6^aB~i4Q$xw>}GQJT;>iWY)tc_dr3Hwy()yVcp@&qprHI zr+3FNF?5XVp2&OK7qB;+{YiFHvAF#5JE9>b6qsZ7$XGBvxREG7>F?0WJ46r)L!mhL z!3?ad2z0xmzIp#?Rih2p_unq`EitOW-ZIwTc2_iV>i^9?IvQZH`GUoJ6h zN4_K^WkerXjsS*jIDjhSC_o$F3O3B_ zLXD1!Z+w&tyS-GKHaRFi=B!pp7yW0@d|_EJ6dpC9>VMaO#_H1Z!~cZZ5jby_AdEYR zlZX)@#pM;Mmf!bHVQ)nLh36~(Sa)1AA4+xSrPc!95&OLF@T4=On55P|gAMMp1kX2T zYqx0DI6K7s2EH>7o;|C2$1Gvb8y)(1VnxjF!Nq0PeDB_yuQ zq`EC3fuwx^Hn%D&@dfbg3Py^yC$0c#YmzTsfGKEg!Zi(vp0R%z7Kb}tg7%aUW^`Fp zBbYGRPnjUshft?uz*%-$f`c7khDvYWd`YA9W#SANf1na^*}%d$p>p#Gf@H}ya;<#E zW2?ZF1mfmZVLNYA!FKshLmA?74DnJiYDHyWD*7n#g=ZCj=7^@k;E3;;NPsEOOK5Mq z&;t}~^Vu2>JSJVM>DWcK0NJZAf&ni<-q#7TJlj1!uis8(B*H+jBdZVt)dWg5S)lFQ z7xW@a5b&=$OUiMgT&CaFL%7a1)hl?)<)!oRXvF5b1&*Zk03iB%A5i~>X5ru^%ijrm zUeO@4HZzkYr}0QNYr&a(Wxi+N@{Dei-$6M?3a%na6c^=5>dey8yf| z!2?JF)K>u@3-TvVpg_Ytj^^(ms$B*~Uo4ji?Hm9$$9}NXatiTO1Rit!f`#~pfJJ{N z9TTC4&rA5$*5Q?mUKTeI90jlt9H5JWk;XZ^;zwWW$S+04rA@fzcL5Z6D!MSJaz>q+ zgz^^^HnTlCR0<=YyM_{4jN{f+c^;Bmi8%Q*#DVBZfCc{zsC;mYo4S}T#{&pwfQ0=L zWI(b%Y=GjCimbzt`Q6&qRv3^QB@7V|8>chUJ=5f_1VYduSV{o#1wzzX;jd9(dCx}g zYebOw@yleuQ2Peg!do9{oR?qi=olst6}^Jqe7V3hP<#B(yfnQKZl-;PQ6CFnKfUzi z@>Lunw(JR;hWtl{Hfd%)#{~{4lLLAlx^pf0mhI&Q=hS;d7W1wpy2;%3&>|utt4^RR z?1G0%MJL41uEMdO20jWHtC+Fc{65>Wg_ZzIUIHYs0J*Xlvpqa`aaka(#oRVZegp*t zWqM6J?aZov3`An-V7&EJaRXTUejBE*Lf}gcg^C7LssfF&4r3vf=flMYV%RceJ7!c^ zWvwKQ+s9T^38JD^765Z%CmXL9`1m`*kL|~-?jm`PYp?K1Q-Pg5 z;3}A}>Sl@~VV^H?{D^v_W2G$}=2wxQtex_HD~iRpySyktLXt1C;J*3+36&K1;g)*Y zo2oy3ebU`1!~3AJO+C=_meTXgJN}=V7zn7ck{^yT+>+!DACenF;rnSWgr;>mEi;SEt5SR#t8}9R7NN{lmbnZ%ln^_i|4u zpMc#1m{J`8m&gDp*1|F%s$|eoE9OrvU@>pQaxWz8)MpM|LA72pO%HFT9f&ewoenj@ zV6*I-u=trBQvZJ#`|7AD*Dq>1M=9wJ=^DBOBt#_@K~PFk>5!Bf0Rc&+8&N^&P`Z&G zLXhqplm=-AzGuAR^?u*)k8ds3x~%K)&ig*^6X)!+&)#fIs)u8@w?8|~Ow(DXkR3oV z`QA!aNf99)cRMef`W}DhAj>SOuafgWnILSQ zCt53uyVuPV_bQ0-ql*0o74&Q#U?UGPCbRmorwZNwWQ_6{ZsAD+@Z#0DJI$b2!QJQ^~T=YLHaRIKw*4# zALxR8trw^fpgJ_|l(vij_RPI>ZJFOt#)h|PH)a}U*1CH=M9jrrn^no+6x&kUj8U_e z$--I6;_fb1-#5_ic4M^d12Tk~;!5_ZdIKm0*LDDQ^=GTomR(L*aD6Ww`lo0LCdd^+ z*tG`fV0B!O_Q;KM_`!~vHW%A)F(^1#XPBJpQIlX3JU`Ue)Hf&7e1kmmULdk%X<5E9Z7Fo9LqFPTZ&!bArrv->|moc zMpO3t=+IfRz6Si}e6<=tm0Li01Eu#ndQhgsg!vfmZK~A)9ktwy?IdIn25^$gCEisl z8w0YiRV$|+uK0RXl4FZn%yGMJ_HYH$Oq=cbR!hpV(n<}AZsO(auOVZmV4YUz3%{hc zFMl0gO9|9Y8^ONa({E6=T0UVfe9%j=Rn`N|(Wu3VS22$+1|VzpDT^wT^CjWGCK@_E z+fm@GLHh{Fedyjye+8A8ZpqQB; zusm~!#X@F!XF!^G6In-Ryl$LfDa&XiP2fE`4q{oT+n`l>1?5r|faKYUMNGfo37U`t zO*FtIL8*J~`*)x+%w#Q8h%lxgV+jn^fIDo53^?4gdFh4yZQq~U##m7hV+uenI~B0U zH<*2IDyl#3l9@P`loO7z8F+UKRjaWc&JV5Gs3t_!3#KZ4DG=QQFk6taiuH{lgH{F8 zu05l8s}dzf#L(_qNEN+0QBhRoiv#yM*tq29=XX*ZfJ=lkQf@l@mEL{w(aZ)w+))jf z`HZbdnRs>s1h;rZk_9Bb9*_iHu_BKA__GCZhOFm!U-0Fa9@f-n^MSb^11b^)6Jal}YtR#F)H+ zSuQ{!s9j4Otd=P-g(1VmP_27_#zIzG>S~HFgHuoSp|hKUg2J+}MTfcpw7xgCw6Lb3 z_hm#!qtQs=uI)J6mzQK^WiI=%|2}Y;G;c9 z3><-QB@e(ncluL?2O9tnI(FX6q4nX`+f18SJKTD4?!sL)uY?G7m!|ajz1iZCW=Zmv zo+We)n5OWyYARSJVMg5z&JIu{T$-7>1F}wA(b9i*2_^xo9TB~~nZVNu@0b2Fa;}nf zX&huu6VGp^hNwAL8PooWwB?;hK%hPEoa35C+F^z+XG8yS>a!Ol8Ay}2fx zlkDHR9IQae{ri>6OTofz?z~^ky@XnLcd@1J*`^+6Au$|-$Sdz&47EH)s}8_|=DiTEQ>2yhu|+!1m?h?I>+9QfDjUP z4>?K7-jQW+1p9|K9lgY}ecSrTqNa=SuM~v!_xBUhGKIaR6}2|^x+gFfDd~f8hf4zK z9zs@d7iM-}ciR3YqbX?M@y_ar3+=%QXCr>R++_ukZi$j*j@Y`l{HTrjWrJ zG_Gb##|7`*>d9M2Zp*v;xB7BL2Q^)Pqz$?Lz4(7qF0@RrBbC|SAnucldayMu(J?xF z54$CP*woXrWd9eIpo{`SSzM)Ep?|%bi(di4Ts&$%DJ6iBx8GWmx>L+9n>gIbXvFYR zuL^76#>Fdo84g~N^0Mv^g}?Tdi(ffyF`&ApL($524v#fQZ0_w9u156L;5PPYqvtid zIfxoxT%}Y16fE`&zG?rP!~Dx0S*(&*xGQwSk22^$yuF(4Bs(`faY7vJsyBJD^WO{D z3ycT>lJ6V#pF+r=jgC!g6#I1yEY#-h_USQILc+kO=NuH%G$8~qg8w`X!DrNjJKle? zb1@8mUF*tK*b`c_t*tH~H1NJ5cl^Cf@jE|a>lZ&3Qh!Q~gTmRb&&ofd=x?wm*aezj z7c=GGw~IoN%gWp5Hm<%3QCIVOLLM+#(m|jn%D?%_HwOi4{ho;m++aMI>ztCy|HK{t zUPSr6$ zzj)3O!>cc%F|^~SC_1ukQm{@1&1-m@f1aTF&kB4Q00yLWj(?Tr&t?A&g*am|q&3*H zPEzsK3Xtz$)eLeEu7wz)@mHGzV0P|GAB~Rqe#eDheDlhXIJ3p}fEWM3!=FQo3wMntZ z2U?XTH(4+nhoUF`^H#t_B+w-%93he#i$EJTC?Baca&oC9pr|RH4jt<;}k5Z(#wfk*W5AQUG8^Q2? z>b?XLPJfnNraXZMMTh>AyZ`Gd@)-Qsq%r=`yeubfZfYXErSsH>d0pv=?y5{Udir`f zZ)4KjtyYmBjwL20HaTu+v#S~lx>?C8YQFZz23c9i4+o2>c6^@~BecqOQ(YHTI<_>Q1b)1!?rr`-Nd68d%0`VqPP>2rXNvoNp*Q+lbDs|* zZyL0Yr%vwtcnjS+pQ#8DFs8TK@L;%A&(&0)ucAeC@j_$u-)H<8>A!DC>n67BBwg6x zom(Dt0dlo61Mz2h49TR$G{sD$e(9w@aF>hIWPNBrC0IXG{MpJ$ay3oI&U|K@J@l< z+#x#K)N@Z|*kPIH`PNufA2s(S@w<1adPA%pI9;R|L~Nyt}x)ej$@ z6Ao0p4<~W=#B|vJ|2G-&g>-4n?28`kb6G`1McX+Bd%y09^@(hKNWoXCoK4?L?Ti^g zgDu%i*=Md#_E#hRS&_2}*jMtawXV|({I7S;U(!f)Lgv^#@=Ag-2Atq)3onX}vEKN& z77->}gi-KC1HWYuh9^5wd0P)=UjnjLFWVWOK|r+Mj&c*0YX{=fPBT6SNwb51x}gQq zY?OizM6ks3*|P-z6W-9$ibf_nFLliUi{eiWeLv`URjB~m2iV~*fb^;fl5;;9CIlx@NX~5O&z*S|IUC8q{yhG{}eYg<0%r&>GU@n4fN#SE{78ewQ{b z?!v-JMv~a!=&u@yD))D367Q^^SYFBxNx{ih8zgwzdOz3Zxhex9lGWpT&6b4Al}Cmu zEQMX<*_sMT-A-Uq$Q2hEaaB+5Tf%9FM9 zGu7haA>RMsdU`#u*Xy#8%0Y5tB3~l8aeXp*2aQ!}yF!B(zO3K*3l|@T>js~1a4oFf z|9wI+;C+CYFfdu;{jcfm_z_!-UR^$_h()l*orxPOo6iSf1B10+brCQTTr((ac5%%hyZZ|Ddx-NbPA%O1;cYM{|0&aVA3Nf&a@ z2jCx|o-7VOis#jT4%jTh4-u9*YpHLQLP-ySvh+IaqtD5H)6~>dEEl*M{|gAU>2nJp zr{qxHmogaHsY`J$KQ1(OZ7#I($9V-zIdK+dm`4?0aCQ5O<8z%^!5Ugg0!8kwoXMQv5@hcu->=Q6bs zL$6RV@Z*`xY9=Y=ycz?4b}q(-6Q^X}ZG?B|i9UJu@EhFyL<-ACZVJ*VuYYg1aM`uA zr~$vw^Sp-4DEM5%ldhyo?(DuSv~-A1_el#Y-jQYQ_f2GBw~!XF;hHA$ZfZXZ?6O{tgYYb0Mi zvadg~)Yk3m>mveH0BBnTtyN^6c21kXCLegmJ8}Lrk%C1Fo8;U zmAv1laM9k=H-)Uc(3UVol<~H zYcd3G78HRApPyp;`sJ5kJVvPbMP}GyqtPS!gn~MmE!G#l2mSx-BLvZnbGx@z zpa_}zHR_PIrNKg-R`VqMk&`#E4YcVGDPz9p8$VkYjUjJUd;eZFA^EirpyIPLkyBBH znDabte(eu<2K!EjX8_nlKPZDvbd}IcI5JH%<>vP`q4pO;UV}VH({{}dvVWk+kJ!KnJ%7U^J!W67T`mKF8}!fwp(&? z;-4VuS9}0lBS;O^xG_`2nm^!&Uis$sag^T;v0ddSa_%yv+ytT2?Sk;{l^WzD&w)=+ z5?9^#DLP7n}B*4EZ)6+957yXN)H{LZ#S;gip(64)oZRU;=wAXyJg zBGho=3tE;Ea?EMBuVFq+N^6;!VFXB?I1=dl1p*l`20)4A+W-e@7)^d@Pg)<$2EkN) z-6nO@L;N<}hkD}?2W*jzOwAOnYnW73w^*nstDwUECZ`TM1EMeSwLdQ*l|4P}&?hns zztgVaDej|@E4~dy#Xs!NL=WKP;^XG-ip5`>s1N|f+5U37hrrLMr<_(ltz~d<5Gw~|UNiiW01rHXf#RoYNX;IaKPx4sW|^YalFr3_4tP$E*z;c-|Q3 zD2dxUEK?c3khU>AtsD@vL+PkL6k;<)Y@}^c zsLnH)qs5pN;I(jex~nOe*`}5c45iv2PHUr3l(ZvzhZv|5P81)Vt<{*-ajjEMKcND9 zFUhBQG7rX6G7!OqEkyO*P?~6B&s=gfk4jSQf7zE0zv`Fju_#RE_fu6+ki2w-kH;j| zHiM@uH?hF=G;~a2;{4X(!%bvGzQ~DBMUhJXf$_X|FtY@7nJ|?OS^A?&{W2ZG^71om`c%} zt7kI6(V!;R*&D=n>*V8 zJPR6}*P_#01aGztJnxM_Sk112s(Nn?|Bq*dd~sKZUq5;xyP>(i^Wxc;s&Ah9NxJRn z$K$bAeopPtlIHKgHeMlS8Dh?)9_^`*FX( zR4G$X8c?_|eK7L7G$^luRr+crEoSc9eK0O!7|MKkU2Y368(mBIPXXB9cn}ZjPgCxvtRr>JBkq+3r%iY{e+2hh9`T&B5-gM`gEnJ=0}V=j?H!Wi;u#Jp9D= z9g%tAG^#X~UT5K#zq$R63B^D((uMQ78hpJZF_jceRC1%9=7Qso0@*>=s0k?JF4G1k(OJ8doTG$y zLA-4_9yf#a)ZHD|rU3D&^~;ypR!ZY9fUgn)s!Yk}#HEmSV8rJ*W}z`HNiTzo)W2W< z59=iJqjW}qqWXRIQwBNT$!|@F7buqcjQ8#(P$kPrz5M>{zo~ajBcG$7`6fg}ReB3mQrMfxweajlI zH5;p##Ei00b>5mu&?P+_9~gC%%dNT4m0&rSa~2& zH^aWOduTC<7CKhMt2sw5|QpBq%z8y3H#TkQevCKIvvokJ#4 zfAzh9hrG#AZ0;`8od4P{@9@2~{k<${ z*-=5A2am*(2VKIHG~?w!{nf^;CW=Qx%jIjD@G*|mN4V{IVSioK^snrZ4NMXNy=y5e+E*KlE+_J94CP;?i5|} z9b<&k0WiahT$uj?&oxE$rBZCTR5DbFEZTo<@iZVG&lyc4O6k6C5bZl>1D+c_iG4nUT zvWO7iCO*l*cGs7R8qR1S??BEWrxVPYGTVzxRmyn6Pemy z0tJ9~Boe+@67D!33`AXBJ}1i$+GsPLjqyHfSL2&-x^I{!Wu#klJMPxC$o7PS=phpQ z4J))@!o7{rk`{AxsL3FR6ixvOQTaVP#j%^Og6XR=@dn^hV5?4T(*~iqnj7^e_9!Xh z?5EQxwNW4(J%`c&M)Z9s+Fg{uwKRwNFO2HljYfxVSV=q1qM?*_fh#Hrs`~~sOg(w7 z0nvqOQGlkJTQTfOLf)whpmoLx$nz%J%pc0cM_k3F6flC|lu_L@^$#C0ov3hK)!jV? zjX1)DoGv65$Bxo{O-yvEJhDK%n4PIregt%0p@EiTGQou=Ff|lG-lI-zvpHR7Sqr*F zlH`qmUKWadg@uD-y4dl`(%8~Pi2f(&FpSQ@fbb)9PC%jF3B}-_Iq($CZo6niVX}eA z<=^$2LMY9eRPHUw<}BNh7abPcpy7!9bQ^zL@$cAgV&B6N+*B9M!eX1f&BQ*=O-L16 zos&c^nCqha)decOKzpH9(}eNyWpX68|ZR&S5f4-EN{4 z)h=W*{O%SRnYSsml2@_Q6i+<*Q(I%-qpJ@-J%$0_+Qc4s$NaO%zWA@H9-5$S8dgg_ zyLksEg4(~nzs+Cr{InRmPT;A`A3#WcANx!)g|s+%hzHG8^&ts&@UlJ9Q5=uhqcS@y-PZ+BtuMCx4+Yyn+*~gk8ypTHJ zLS+PKF)e`Jz)i+6EV6Q?gtXF&lD(HNsae94>v zt#R;Eq2!o~iuy~|!h>a4wiu_#H9F$*_3mEbb6%5K$vhJsx84>x2QVSrukUvDrVgoG z0Q@5u?JTeRck}SnHmO7Mc(O0)ZHKfM?J7R;a|c+i9WtYFk81p)8VE}6N=&PoI0EKR z>3IMO;g4}CA59~5kFOS!>;2?Qf-b<(!;_Pf6S4l*f#pOM{z$(TPSZVpba6(1#D4#j(18im=`yv=DN2-_`=VDgegv(2QabDC0hsbu71=DYr|($J-8g z9KYlRAO}HEOB0l6mt6V;JpqCTh9Gn1JA{eQ_CbA5Jp{F1+Gs;l!dC4phNvEw6{NJ* zL!zOxZO;DIq@0&A&QE5}w}Ad?(u_7_;}huEQ@=r~8tjZL2igcpdy9#pM_`jp+DV4c zltC+dXATS;1SBM=z>&}jf^s#t4?WQ~D?Wf3DB<<Qj$28cN& zUYL4Y!EWzD06+R;<7>zVI_~28P-oSuDDg=a;{S|1)O+V=S}!rt-EXM6Xw$7c|2!fQ8UVLjtzy&78D{ihHQ$zqFu}MBCnX>xYysl0>SOhxWE@$5oiRJE#ye5r zedO#yHDXx}+TeP;R3jGznZB%_q9vF)^-%gYb~jSe%1KO@Sw(rK=@<`wZ!k`rdkRKr z;gt$QiIpBSdKVn+DR8dBjHO)YVT;R7zz;xRnk%f?5Mtyl6Bzl5lCH0ITelV}(i;}c zu>+YQ`Yc$G!mb;vzvW}9-1T|DTuH;G<}l->{=O9ftHZ;pIwK;r~ic&VXaK;x-T&&)FvYZQrp(Iu*400(Rz$hDi8q$kBf0-;R3 zxR~wbD6?U;bQx+m{1osl;N#AzxZRnhPTsu{e$!5}AUN_^D`~e4UIm%WKk$bt8*vQU z+`U3%abW-LgufCKsdQ{LuOF=)O7wk?qvuX9?RbdF5z~ z<>l^_f^+B-HMZCKQYFc}ix*J=ow^&QFzIL_U#l9nZ!~;X$J8`SpYr9>dMd44F};v^ z2z3~Gf~?PRV&O?|O;)i;aqmM%wPcY_tgu5XY(@jhNOZ2k zTdnzb3iI0KiuA0@0H<`h$%OJeoZGm*cKzqRRs10xsQ%d3Zr>=2XoAL*S%_JH#*M~s z-gx3uz;uKk0g-SEAssuv%cHmhfW!4GddK3gMpc*@^hkmRzjjtud~Bh_Jx}S3(2;>w zXrkfxl7*H*yNat<#BXx^CgNYYgD!4EkB;ol3Yj)AjK|v1ncdeok~+Og?|tL8+dcc` z#sN=AvS7&Tu?K>uZw~-ng?*yQ^V)mRADb%af&;2%BHA7KMR}4tm==}{(3s~I1j05D zwrjwA!~<9^_8ek^%oY#Yx&(=qhAxUuof z(_mqq0R1QBwy&Pjf0}!aby(KDp!@eJmqNP{Xz`cxkf}n5!jb zdRPXa>QS>9tnmD&_K+84vDuVm_vmT-7=>0^<%IP#V%vv7XnKi8L=d(KTpiv^7wVT; zvIlfa>b1(LR8laMDbkYF;EsIyu<@>K=E1;K$mB@E{En+4YRp42fPCz{d4 z1b@5v8$bzLD~G?IU+c9Q^NuZ z>1)K;bXt5vh5wT%x$Rk4?3y-C9Cg04{b?DynAosqS!XQwoh&Q{zf&hN1J#kH@kS&l zhTJL(ThhKrbx1k&FdWVW+PaEwH|MRN&dq&_Rw{VCp*JbekCjhV$*r+IdWhZn-MP%C zU@2ogZoU4;?;^7!h2wF~i(UI)rSE8%|AN$A>Ze?>DPcccEu4kZefIT%T}W>}ZOdm1 zVC?y7ov2=zTDJz(J3=u#?gH831sw(ESD~slz;XgO(SAaz!M{B99d&;oK=t7l8r#{< zs}?_R_EE0Ty2Z|~#JRoM z_xj_z*Jpw>ir(^FglmgR@)l?=S?}w?OU`YKwenYQcvmmLU6gD@D0BMsP8E$|FqZRG zzzVD~?H;~Pc^4;|!$dG?b+F_c!$_AIJDYG~VyFjD7I^x7pcO00HfHWv+hrMk9bln$ zDJZ|vL?)6l?v|F8JD_u`Om`ZHQmJJC1^>iZ^6t=5qJT#b8L0mrc!HFCPB#N!mB~ff z;fffoq!>aa&9|=$;fXoTD`~TXFrnlVS2t({hhl)nZlt8mXRrp6_IC72qhUoLuQUU_ zyej}ns^0qnM?e1E1no$I1)_el#pMLg`7j1_ynQFt5iV|7YDG#F(;ir?K*PJ$%wOcI zUwJVTApj0a(FW`RfdCWcGhDI65rIBGkl^1n8}hs%NneM|2s?L(`_N?way2>%MKxpG z2*Sye5VlluvXhC&Hs`9J6v3&9WVrScxVh{)isE#iJ6$RT1q%5q-9bWv%ac?g^HL^s z!7u?tn=Sta;x>)cuWgbzvAfl1KPjGb||n z%GuOtEgm4pt%>~R#mR#Qus{ksdWJ|_9$c3HO!~dygQ*T~+u`T0haRdV$9K(!*?wHa zQ}PUWK-mK~ga*Y<1X#LOEGm_4sQCykJZAk{xl7&%^`UF6C?sM?n)tq6l5XMnYD3%n zQpQ`u^#QRzw?2E9$!EH}+x{;;$KN%5CiK~R_k>Vn7)@NmqC0ygE{wGUy^I^*6Dmmm z?W1wz0z4K~ia%72e-4j}>vY_l^|lql;SFgly|&F?1F>C+Agab{oN(QV>o)rY{NVlx zAm&l38QXOS)y{uz?q5PCTeJkJULFV-m#4q*c~aYJaF|9{mU*`oPi3BE7e z4n@D-)X9(qi-C7O|?2Z3qvDWK6h-1r1-0!E&Y}(9V|KY_gTp>lV(mEpsME)gEl{Er= z!eZ+oZbZ+r53qXwnx#ybaPnu0fYF1%rmSA~yY73gNv6bZJWb!QPaL0SWKBMLH<9ya z_qZa5zFNckw;~I+p$XtB=#`iPnI)8ok$5KHF`(LYNN8!pz~=QvGeb5}(j|MWFFX&V znJgkAS3rMqJAkL~1q1}vrfMh)9#-4{RQ#T$jq%Tfpj-zMeF<=MgaUn!ry$_W)PC&y z=gC-LtcaNYDFVHo74m<|s}{&IoP~!cZ$33hryEj6EdIQu7qoI)ROez$`B9W3%B&o- zKV#9TOsZG?lnaF&h0}-^MNn$y-ot84i~2G?C8(dp#A<e2uTu|*^DE}jPjr+cXNb9?-^6mlEuu(H{2rk zE!?t#e-+%)Q4F!Zlft~;g}a-X(fIcY4X8oJ*WQ~Z4Sn3t6vIVMOpNB>-~b?_SCni4L{P9ELM5FHaDg^W2lZiMZF`Q)P#@qs53BQVs@f0DL z{>-B))Vlnziz%lS2=Ei`X7T$87riy|Ux`D)!Z5qhoYQha2Aur)ePu6zIB+ZbhHcTg zCQjh#NgrEF{ZQT9AjjMSYB%P?hA00%W;&juVXl)+7W4=~m9Su_{S|X&k|x9%{kWs+ zYP8sI2HMLH{%6YqS>n107lMTHUr9_p%2_JZ0d>g3*#IJ~91VIbT->)H-A2_pEBEhd z&|*FW9)azkK7d+5-$1WXj^c+us&b?qpBuj!n{AEeazj(}-Hff==wVrkZa%&C+QFt`de{-fJjdHEVp1XDj{cL3O2|(c9$tyZ|Bo&+p$rN{-I%KJ|^HS%Y8h3 z-!SfCZ@t(ter?Ah7`%HU3wd~S5Y5}-R`GbJnW|_wqCYh%{#6*`q(QC4h?5U_|IXvT zt`YQLHlqwkB1>cVrQdG25myuEC<+*#47TajZdPyV_0%sq?qDL|I`8NDX)oUIpRq*M z=3%N=9c6^@uN6S@W+LAa={aebJv^SPqDAKKi3r#9JBlFeIn^3U{Ocb6`n8G_ zFG~GJgD0Y7o)K`IFWIdH02XXZw<1ZN0s1NsnLwS<^5`foF52`J^;^FKf&ZMmSFB)( zSSBm;oZg>>d#@_?NlhnCv!b0D{mo96X9i+dxzSUC>Y$wX{|?L*Tv*^cbD2sOf=&CE zuAWum_qM-`_+XO!$n*b;etLxkbsT-|8Mt@Vkqg_@%xoKgWpltBF~ONes^b5CVOLmT zi{>T+QC~gW3`Gvds{l_Kri={Gg5G3wlAKuiEi0KRh`-{n)BLnT9j(4i9U zN)U*$DXhW)o8om8g%OCs=$+qj+?ESc6;wfJ$MYMG!^b?I88tNMAv#w*r6Wf`()4Z35WQHR+9%D2pT?DRZ_b$Cv`7TjJz0H4;M_w|*vwxk<2~%Yzrl*ep zwd5?Y4IBb|V{J@a)cTt|AW3SK+v?W>s9vwu0}76MH?Hi&IY~e8Fpz^Kw|3yh_$oSj z-%knL{$#H}MLW>R5bb#b8f;rY0n7fmj=jC7_5m_CuTTNB{H!CWMXj#@W=JG(OuK|S zhfpS9GYQ7O9zrUi4PabC6ndYn$&I|XTOrcla&-tnaYfkAQY}@21cVg5#hXDJvokJ+ zHEyk_mgqC1n*MG6p>6m*A7C0-{Pg?X!{cL18ydJ{fnkjp*u@eG&W^r50S2CymrteN ze5g3x0Wg+`echg}3^*3BH)c$gk?EGMK0vFD@o+N(csX(86^?`LeNn-rRc?Dld{ZX- z0HRc^IeuOiTRdEtJi&qHE)e>K=w$HhoR2bRfcatt87QG!=o%{7rrpK}x@FSz9DB6J zU7#(T+KlL)WbZi;%~JpprGnthJy}Nef}yI&C{dDoMMm^d*Y*>A7=_F9Zfv0lzgLfe zG*KYXe4&YKB8^X4zy-Jp&`_cVN^j^VW8;9P+k+bhkqHOsBqUYzaX%VpIkQeyW9kin ziIfA`5;$E85gR=tFa|5W6bA3@z8fqPsc#`8V7&Wal&;T=b`9m_3BW9^5>w?}X6!T| zd}dqIL}Y!`L>i!wih0eWjyDN03PjoL+7P&?M%~sFhx(-NUXN<0L9!}+88%jCm2%_@ zX62J|B033ThuZBIV{IqmAh6l>0s_Q|vOd+GJ!oulr_Q$eJ!2&fmPOZOWZ+1A0)l2h zg&lmFCg)e*xt6Q-<~bL2N5=bi@7{^{q|T(uc#?wCS^xmA!9ZYx=KeHKIedfh0I}>X zqX9CGjx>3cb>61mS<)T~wZE#wLAVkjHU zRgI- zIqQ56^y`V(3_}2rQ?iMur~%fVka$ls{~&Z8F<;d)fLw}P#nzYF0^9?6P##Aqs>#Zm zWq{_jOaMU6R-RJiCL|Urp3IJPtEf25k)9r*I&#@wdD(6{T1-Qt(4UYb3>WHCfX5>t|C3~Yw z-!+tN6F#ax*3$?;7SsWZ6heZ^IY7)diHR`aHc&^v-QS!+#hq&)aIctjCInIY6AUjD zZi8NxCha~CLMmZ|+u3_i4$uS4Jp5W{W2>0WFz*661A~2j<$5CwQ}5H`S3c?j>D_Mh zZ{EDY!^1NXcS)lgEP;M#m4pf|%2>7gj(PU%r0z_QBS zOt4L?{Ci#Nr$7xy&Ntq%T4YQ?@(P=8f};az=rHgDXZu58{R+4NA2)E!7N#x8^Aa2~ zpf0j$8UwfD7h`_yHD6 zjRTPC(DuEFwDgGHe)(yoxct=N4ojW#U*#^Db2*JTe{4(v@h$7Y5cIHr;ZfPVB8!7W6DeDa~^)zSQvWgYLhY6daCq&V26eCW|*S2w|v zIT?8YN>0Ijk$HMkb{jipH&c#O$LG6L@+CToiYyqQM zv8p0%M%V4hCfe{5PRt3vqi*9hAl2a*!|XBqYP!FytV9Yev;wLi8-wQo4fPlFl-{g$ zNfc(NMs4CXMZ2ltduzK%NsF`B67lnHp5V1~$;u=q5$|N2pSH*8=<9!H*EYAZszFft zpmwgwKy>!|jT!h%dM?LPTC|+O&!7#svmk!ylk&0alw2M|)q$(5=q<|1*-j6q{J-93 z|0sC0_%SElIYvNF@l~jJl*~>Di7ru;UEwA6Ta&&g>+$L7_8@n6i4pNgcfPchKQF^t z%Tm2lvz%Yn>pVT_VIzEpWydRGvBxXo8`%>NGGn(fi(cAF$q}Xok`E^!sCa6Zr6$w# z$X{H9Vawy=`HG61vrlAB!K-yZP^q93uFZVZCOKDuL1t5#E||EG)Z-pB!+qL2D?SFY z|L=vy?5`WC7Q~qwfg&hIeV7?CRT?iOX33fj4L&-gwrnC5vRKexr_h$Lz($ znQf7mW%AEF)ygAQf%pM|y`fvnq5ZJ5aHqXz(Z-huG5h$J|5$wh7OgDwNzHTNGBNND>(t~&Y zFDgivPtY*G@Z%WaJKdCMYq=~9w;P<%Ys=(LxAky*1fhTyFSM-9^(-Gm(MyZT%&xk% z9WhQjPG?Q59f%{+R)eGc4JfzFw(LP@;+{X-8ip=cs95{Wlp0P&Wtv9e2Qg&~s5?6j zbv0034bzF=2ga?RE}=KSW)Ty_>vchgwb2H2LA+cV%(ocd1Q0)m=(P*sbW)om#@ZUC z`YtiP=ts0qycVi*5Kh8)(}9>{2*agnZUsw?nnJEp#qZ}=l^Y&9fuFCc#*Yr&H(n3R zKbY2|H@{)RM8|@;{WDnXu(;rzi=Wv58U_t=HmN@v!F43baGg-`gMwP)hxTCXpSGUE zrM;IG7+f3Uo^ct$Ap@-P9yS^cwAPpwci0aO^?d9$B(r6dnAzQ!I+*8~c$syN9BY5Z z;fvx$g)pRQE5*^;S2l$b<7s_L=w$hsw2HmpWrBehqfr@2!Edl4lXGjq;1wlN&Wpm4 zo6{a7EP^|x3iy4j<3XZsK3}SFe5O3K%sd{mdI8tnQBRLuHH+pK=NpHo5ub<1e@^)Y za^LWOV*nvZ*n*$7HLlXKuJJeQRoag(SHpN_=-C&FWv@0w39>hDO)g66TuHT zHNd26abW6YP36h}+WpN3mtaHZVzxiVZPyIiOv6_^fh&Ba4IcVyd}xSONXqnK{npew z<4>5IF1=O2tUVKnm(Tz4GyXY$`2j_%(c2%CHSZ_rajhOW-#z(!OZ39V7f&QZ{`M}> zR}x_PVF*L>D{cVp;`aWqq^gqeq-+TBakR$bBjUC&J#Wj|%ew&<8;Vg~40IFmJuOVT40QBdkP+L%RK~d5~vdzCe5@am5bnYB;g~*EW+r;IjT> zEpjb@^2B?EM<#RYN>*B+#9~n67k{FFcbBNAbplzwm~^OlP#i3$i571y1BF`ZVLs^i z5?^(Xub;~__1c1z;^UnFsZ>9suWg?xx+Nm7S9geZc*`n?3uTgfUOWC2Ka7YPsR0H? z6J+wIDx6J+>8wH?W;^HyE;6!EC5#QH5JnGcC0a5j&IOPnIQKDZ3_%M{Im^AWq#>{aE%ht0%hc*%I)c)nD7+6RX2 zQ%kbDysg^HC`HB$&qzo0trT;>{jz6_;n5=^ZEB@;oi_|pHZGDS+6;L!O|0vYKA#lv z&(uV2;utev2#`q-3qgG`ftAEKGCRazL}X~nn?F$##axDwqn||^`pY0kw07abiW>^!oAw9ga5=RC&bZuL$awlVR%m^ zFpLbES%aHCK4yIi$lj0#N)Mi{u;Ta&T1p9rjnUdbj`XY6-tywmP{*2>_@hf$K0Il{ z^D|JLroL%18_|Sm*`wm+@maSHVr}a2N|^@p7UY4@vuepUCO!ciPLe^Ca2us_2T^(} zH(``mAcLg@tFGrJAI?+ip8=RzQAE^KdExux?edhcOY-3e+CEZ;$*{-4#&Z3eh->Lm zEGO$3Z)AkWvKh~g*1B7tWiyv_A)fq5E4B_HO{DyU7mSGT331g^Jznn)^>z4AgvZ!( ztzBlJxFb3=a`x= zP}s8SzG@QnARBr4KIbMHLT; z;GeYH-Vf!i78ht6RyGP7={YDb(bih6S`2{b4E@&+tmg*Pld_@wm*7Q^CZj#lNc`F( z&$LRSL|X=;e@Iy13yjJ{5db6R^8EpjF-?2uFkx3$9JX`U@{(2mfr4Y7l; zLs`?3e!ik`sJj%(P|u6=m?~O#$-4Uqno+(v^pg+0k!NY2ZHakI^<`YYkWTyPf1{ov zl1UI7Vp(0(4;O7~s6yI*@QD~|g7!$ZpLv^GSPXrO*pGC3xPRIcHZP}{c znvBy04$Prj;fJ$9vTjEb;F_=Ss^&8v2H1R1KhbDdi~4bB z9M{!}VM=U`aI@hargxWE@Uk$B?giRh|M`f-rkNGWQw}w24Awi#XM`2|b6hH0z-J67 zo{w;a3M$dykSD&6Oi=&SF}vG-q9MVAbC+0!%62a34!;f4mxlsA96uqLqL5T37G;`% z>w#}sc!}rfCLktE%h2KuDgAAlRl$BE%k^d|qEF%htuu4vh7RUQkp8)*Ab0WrC112~ z7`uXKGX=BY>t~DGwkOnZUWGm}W`D6E+0!jWam-}u706F0aX4Pj-O4kFm3h5~<4k%VnKfjYTPDgD@VvOiGFlvaU7DJJ~ z1K!A2mH^EKDsV0bZUxModCu+@N0OMzrsq>-`I)^~ffWaE;4?s}rWroHWiFas9wsrA zLz?t3GNwm8O;=ri!uQ?XWn$#DOL%eX(QMK}OUd>mbKo3kW2Ujim=7Q#U(1M6^WVBb zEu*Q|_j1dPih1^dwE?3VmMP1vryX7Db+RV%=d2k?28h$;CpYEoav4uwm^hQJiZFM8 zn5Y6zfxIE?u-8*lRHpUNeutKXIe0U`*d@Y6apvfnLWAcN02+E@UTs2SVp)2OF#|Jx zGRGeowgxhMDZMFh%g;c2#8S2Qs>Kd%xXWf85y`+I;Ny?qn%VlYAWqT7cGVZ5^sK5% z3CV#$ABg66f6EZDnYfHM8TzeG98(}K|LDkVxHzuKr`W!`ZU0vJeT`MSkzP7eo~|Fk zko=T~86eC@{ba7=3sT&Citj6Y68g~2*k*o+sW117G>7#oJT?fr<;Su!Ouzh8(8^)I zj;T;typOxef&8xN_cE^le$Vgw`-Dj^51Kro8au@ng3+|!E+aAiA1 zyJY+ zMk^YeZ%3OV2`rsh^-A!nGMJ~d^aC->k^BnCqojpXSZD%ySyl=GddDm^2AlUO4aub; z@=agMDAwtcNNh}f$h6=n!Qjmrz>hMNE#x~^Lpm-bZ~276`}T`XdU#|$=*c}#8i(XE zXR{OzP&$8VxpDujJl7bR-KyID&+(YAU0Dmc+sPu9jsB6C)nxr z9v(``M60d-5`CB18I@=bjAc|hRMKSr4`FWs6=nB+4GSU+(jYBeN+SZ&NC=9QG)Q+N zF_eG^(xsF%1~m-bodVJz-JpbYNJzeC6#W05`o6Vr*35u2cbs$OzV^<+MXOkfO#Mpf zI*U~OV?dS;C#QHyg~Itx+o4!}b_n{l$uIF&aM%0EJ>PoUZb{>;PpeoxtWTWqk4-Xa zqTA`B52brI0Z1ldT4qTdywwm)R90Q<6A??HcKL`qg<7|7&?~thVj`B9!TS7sACp&-?36L$F^T{( z(%HTdGKoR4AWU(AUqN@cdE>z69%3iD#pWVX+(U~UkGo+>;N0i3}s%aU&nT_o9CJT^fvuhLK}!k z&HFH)AsM6LyTzH=#Ag~cHsP!RHj?14rIvzDx@L(-AQaz?GNC#og>x%d~v6-4X6JVUW*cog~(6MlqjJgt#l} zbzJ9O&Fz`qLsd{4&`bPF?w83u~D@;={XaCLPt@^d^Ei< zF{nZzq9?KG%CsB$P51Ne8?P_&;=8=Ym><7dNLE)6PXlxvmPweEXp^|(@zfjMy9YOS z+bAeyAK&yrr=0g&s{QsxHfeM~ajC*oKPXbnTu_o^c=X5PQ$GsHhq})fpL;~S^X~{N zO|=?Uc;DzaMLxpRB(FRo{ey?3He(qu32Zij4iyD&FM;+SQi@1supT+UjefU9;&x}G{^WmQ8>-wnYy3>`YTTgao9KFzX z$kFE5VzMr#4)IF=n zZdN!s^6*kW$h>~7!V)H=lt!TtQuVc9qU&dhS;r+C!8ZnhQo9c?Lqi(++!lhc>i|uN zCInX=*W+#NO)EUmgNVEi3Ml5$SGZ5fuNw`I`c%Nnzg4t$SZ|j23pr}#P`Dy>XhmGn zy~(-I_FSm-$^k%%Pkp?~(JoCDV0Jx)T!j9qlfVp)I6AGXhtbY8(QNXa!>yku9?H&# z&#`Kcy}phO^@(}^D0GeD>Z9EJ7O?!)$kW!gUV8v_X2i9ZYyDe-7>S_+mZxpk+qDKQ zCD+{}tCuskT#=>ykDHbKcZY8-h7C<=NaF)< zG2gcP6PuXf=LoIZICQMR`a{^57y@xfObB^ss*N_pj?HbR_QF0CegANIaWRm*^6^cp zSQ1)bd9K4lW_adi$e0O}pr>S;j5PdYHbZvw#&8j>N(!g~P!~dE;Fi_9G=;GBQJ68F zIXaSf^<2N7G~ueqo!6)wBsH0|wbj~B%EE!B`tn{$A^f~BSHOtRmo7Sw(_xfEsaH2+LP3UH! zj1J>ylv~!L_0fRHMIdj^hpeLtA4pJLhX!TSf;StZma(&#Muk&W410+@k7oz~MdHjqc`7*`$WtHatHLke`E8m1 zJc`ZZ-O9lp3oAw)6U=cm;h^#1cvQ*K%tfTq6Ic=2E+gJ&PAYc z`3LxK#hh*05kBG6Of%wb?qs@jp$;+JE+(0_k(rTt{l-Q9qsExVlcPnN6%1Mo7dg>i zpU6B%hRgCi^U`C%6u+8s*VwrhHKK>DG_jSv#L5i2tdx*UJO@oi5PZD=p^vkhspEr@ zQCOYn(C1{B)t*4qQ=4J4^s#o$hq2{(x{r9uQ_34qAjUjYXQ;9Jo z4%4vAe&~EHr|vs&r_hkKDpFtT>7&q|FBW@}h{La=118YyAS2kh=sUOP%&D)xx-0?^ zv+(WP=#uV1F0knfg0s3HV2dbKqIA9l~nkcT&b|DHZ zMoe7*UDrDBWhu%5QVXpZe20LF>j9(1Ul+RotB-{buJc0ZJ7{-VNUn#aYO~Kv*-Kr=E+)FvO>8XqmVfj7083DKTXfw<&~%MN|O^@>E&GtI2bFPNF{+| zkieoSPv_p!c#P`p-xGCrIpkho)i}X> z7SowqQ8Y+7v-!rJii4E9aetK$)XMQk{iSDW5jSpsmwJ7gpJSW=W4bWg zs;-P2nQJwZ4#x`j;geg&0hr^T89Bn))aHhq_m(2Y;(lU0CA~(-z`LEJzVqKxQB5W}D*QOa$qDmW#{Y-$ZZM@UsAK+|m&`vZ(lf)!Nj??b zj0P_bDbqCleBV{<*MD>3MV5UuJX&&M*E}U)x=bn0+L3>&3?7ZS8r45l$E-ype_mxD zkJbBqQ^YQQD!*r3Sr6@}Mg%iM^vxcs%0lf;8~ClQ$pqDcTMp$D8!;(HSF8344%B*J zar=$1FgUSoeA3*sRv zgY;wF#c1Q?EY)q+jdislAmET?rOReCt%4$Kg_s$2fpYI0bX7icqBK=>qssRHU+szN z#`Mqpf})n4Cwzg&ALCS{KVC~wbX8c$F!A4&w!JB0PV7o<|UCPtELhpfvbxmdfzhTzpm~ggQ7Bdk*Md?Op0caLBriD9>H(9 z<>amGWs`#|%k-W^h#iluaD^kA7`vjwHgUT|xO!P)B$a33)kdv{-(hsrc(+<~E=Hz{ zLihE9JR-XF5I> zsV}NM3cbEL@?f3-w8IaVWY{iT=wIC>*q1U_kRzT?v{CBzwOJZTo|3=TvE&QWG4~uG z*WKkos!C%-Yz?tu2xixsMLxxIUpd{KLY?zZ^-XO=>M^8EeSt|nbDngLXk#zu2{*Wr z2LdMpOE!GhCiZ|>(%H(482UCJvrECL-Omzx&DZ2`1)ggCLJEG@k@hKDkMpyylL;EH z(IdQeGo}PiZ+nQ~j+UX1m)us<(z0Y=*b}beO@B;5o(Qh>=+hGQ|8T-$C@XlbPz#0Q z-5Mk{9q*bURF|9r?N+uDns~y!@Grlrr_1Ij8Z0YAVp$1ww(m|CqXMutvnB^0V_Z8g zXj`hcA&%g0b^mCB_U_POtxbEw3di$Q>)!fc?tZz_6k7F(D7l+P_W<%e3oN9F#5w*YpIo$X3bWxkFEmfucfK z9DE)9V~Hmr?EZhAh5(KapV}g-RWbdT-2?XGlB`mgd%Eg)w@<(jRx#>C()&wip4N#c zMlxP@jC;^=zU^NMd%?MuU7Qp*IFu@C+Pmgm>FL>ZHTLGCvg5@%b1Hbk`aR)t^WgOn zyHHQ}7M-#@!&=XH(V2}DVSYvlVr0&(Ny{!ujGFW}5)b$DPuUA$)JfD$WAkr#px?;( zP&RXnDBXvTz01_G>!!~f8-@^;dljBfxO-)N5{@EX>SHrZl;v<41^D>U78rlVU;Scc zbaNT-3Z(V#uU9Umu-B%grS&`uql``q%2Bfk^qo@c?(FTg%XzPwce#VaSa1Q|fHX_= zfIZ%XO}S2U5PD=0P-kZnV-Zjzc(4>Z9`k`nTkVltt$*Bz-`X(0@7kA>Fsrh`&W{uq zRnU|~#dFHxB-6dl_To1y4lFR%To;n}Pt+dyvvGu-9@twxDaz%aOXc18iIIFoE&m0H zAVf|>SI5GtBgF6{ulGp50w2W-TQJvOra0TZhtOrvXw>ysU)ZSu_$sW$ASMHV#Mm}o zb#hA(!AQ>QT#39q_{#|3w<7_M)&f47ucp>^zDwBHNS)3~eScUA{glP9Un}w|QTO$u zUk)FIvEaS6&f|B%jCA@u^eV4)b+nDNMQR(BLwdJI2i}zCGOB!1rg8)H<7R-$yzIvh zCng!1r&4vJqJUIBj$`^xOg_8Mk-|XL_aplMu#|`h=ZcS=?7;efg#;oI8f&nPaduz` zuw0MR=D-+s%`PL3Ez4cfO%C4swK5a#Q&$S$hP_FACdOi#i;i4h8XKS@n;T{%`tri}R{}20uI8lVDV}Gb`;szst=aCk- z_?yKH8Q?yyE9VZ#E!ns|w7=Xm?L6?~*Z1T5h^5AucB0XX%Z}G${Sc zt`!&hZ{oMci zqQ9Qm@+``uoTxQ_P2crX9)2zl2m5;D<8EGAHXe=MM~sM@5hPA+mpmq7$Dny`V!G}B zNjAEy{3FGW*L4GCN9?kg$UE>yp}T2ne-_N&o;V>R$AG-qv*(JSoomr)n%=2WpRhaO z1W$Izdd8S9{38%#5^TJ!PAr+Gj4M_$c6xOxO5oGywY22Ep^^IvNeO?t1An~c?Xc!`@3Y zCk$`Tt`qK1Z89mo8mHTj%9A5=VGNcvz}<3&@1_r51n>XYBp~ySidz^<*25}U8CR@T zJLt`_e>qgpRpf3lPIIxMb%KET&vPmpQpYn#^+E8sI5;{s1F9DHF>Jv#{mf)&0zkRt zkTN)j!oj$E>guY3*G?2FIVkiIR|`o~IIH-&MgQ#@{Ce4sGOd|x#Meb;Y%;WWEr-%# z2>PYs6E9==-6PIl?)lfUl>ix79RJWt7NjJ!;TrK%{qw^%(KTQi%7hOlzaT*W6QI4f z4%$B!nm$U>6b|h)`y=&dJeHe_$M@WJi~&vuHu7R+#nNLj-fU%kBwUUz(tOGLi~ENU zf6s=~43JavJBxBmF$>?rzPZQWiON||06TU=IAk^5;aR)jY>+N0I~*9 zeo%lpnFwM^F$aK`RK$R2EKpqH1G15f(N)`hfGfBUz_;t3wV6(Kbaj;s3_S4wqK>Pj z^Xug^Wq?6I)7{-2q#)+}K9U0GY@4sb{~jv%973L}PIj{=@(!xSWDW{avtbPIfu1F_1y6bu0G*6k)Zq3L zU=+y31W=hxBJjZgaw%OvZ8Jq^0g#y%bkC_4)&boOLY=U3=lLg>X}8QNFoCrX%vCk6 z|M6OJghKF7`TFIV`m?=!_wPXJD;f(38}4xlY;Sr40?}O=Kx(+Y4raB=LA%hNcP1R6 z7E$Wbmv%od0-@l24~JYXMj{0iHAlE^f>EgcR6u&$g^;FgOLDS9AVUdAfrz9f(5%i) zcI@GgO-bIZ&mhhUq+PeeVA;YGuFI#!t}?yyEmMt~BPrPwDVy#IJle+HoQ z*G8%A8<1Kn14}ZF9v>SfpSRyB`Nuv^e%&xXaJTv{E}SUl7d7-n=75WE-(7?+gL1IyNqD>5;S$|KeMt$vT$2il!c+-Ny)3i#7H7 zBh?D1P^QM!RX+mx0zhar?6u`frBQA>1=p+hVpo7d%O+Z_vf=QqEyJe7)#6@}V(@Pw zo#qN+PH659UWL5qsngPe^OW<*7^TOWf%nN*s&&w1b-M@15*(jGB>WPRl5S1_)Oxc; zA+Pwm$mHicpXG72YFwY)!|;5tC9qNPHB{&|6zpK~cldKYY5S*}-ZQldN%y#t!k{M$ z9Ny2?O{O^RA)x&GoqA_?l9*B)?x89HsT&?>zZ5Y)UhqLqUR4LWXI%jxb{a?53N$DQ z6KVVb0A^(!9gpI=9ZgT!#$5nORMlOLFe=e$k;B=mf?q?qF_kd!BCBfqH$cUB2tBI) zcxn?4SiAD$t#9cbHp2zxfQZOA}&#dm-9f4!r%HE=yg^U~*peez0P!pd4QIr%gsGl?a? zX5h(_CrRoFOYY+qnPUK)Pqx8ff>880iWd@tf{* zj4UjjZoEIg9*kRYFfG%ZDe5UNP+#%d`OMTK*oC1QUAmOw;V&hw$D0Hlw_swr_tVq$ z4o&c!0pV@6xyHqbz!73Yl6Pd=&zpe;=!Q6*7m&E!;C@HO)g(;o;MQz~wOI%ljs%q6 zoXYKuQRTS&<2u4nI;_O^tH*rTi0NV{ylOF44M=7(`-+rd>t*~`bKjdbw=}rNmq=XX zEdoeLL8{5K^e_zCzE~98WL!O5K@FY|7lb;0E*1L;w z9e63OgSPQ8;1L9>vvDGrG5awkZq5QS8Lc-DxH57++oaCT^ACBTX)q#kc4$-{ z^1KG}HK0wagbmQD^yJCRVcZWT*429*3+#_>@d}v8c=qu191-1a6D5uSJX=JXG82F; zE?3p>C(AGtn3cqSKt8I*eW@Y}QdecE33i{6p*mQWpKYG6 z5C&DuV{KBRyj>gxVa1N&o#cJ6CJJB`bbk6JQr8{&EiMl8e?uVL zL@^uO#m#(-Bdz&XDWmFg?X~Z${ z&msgMrAxK1Xp3nLYe7l}9aNGY%lF!2VN!X0hTwxYwQ>+lanLUXMB@{am5$9;Zc3c* z`vD_VlQXqSBbr?S@W`CxP4{RSk2t;Nt|nB@)efEk4-wG0c(b5x6yVI4n?zf+jb(ei zYZh2i|DKgO-9=Vl-!M7oS+(QwDOWAQ>Sit1ZeuI)Atmg8_~-giq<}~h+xz+u65ePH ziUzp_m0X~^Zce>hW`FnFH zBd9_(hQarUR5fxgspA&A>`9 zGGUgxFj{|77XbkuoDt&*=lkvTZ%C|E7BW=E!icYnuaPzQxnT4Qt?%YXmey*t*kD$~q8&cCIrF@jwS$DdxZR80D z%IJ1a2*_BL0K1lxuCZCtvj=aLK}3sjEbUqc#-8frr-p`x9+h?hW{?2P()=}h_%{IjcNyW(eUSFlM73IgTrrnS@vy0~o4{4xc!b zGp|%Lo3}Mqs2c7K3s1?M# zUDHuAnEO-H&{(b+Rm*#70cK7eYme|Eaj#5tfDIcuk};l(GKCY z!KmiNg&&!y3|m+}0)gzbY5W4c`dBB6`{2VbXcxBwRPSz}7JNwNDg`ybv`&2LZ_}VV zY78c2ei;%R??Z`W&^%g4WMyB&1@k%`l-mB0TyYaof_xNHf&{0Ub-w@)T2N;sirGU%~8&g`Zg0XQhgOJTJMd^FNpT_mkvQ zF)yhi9TCq!9e(#9n?!A`{AMO>O&bt~tToylq3)<==~n$olHL=5FL<9yQ>uVinTEJB za&j?>guWrre{5JY2E`}I)(ChORc?3q*r(>B{9-*c10-~uTNhcnPxu3noJtECS?2%U z;9c(eIC@1Tf+Foj%#smxXvEmLr#tbrY4s4c|ErTDZpM4W%v6@ygY|ze-}qq5qKIpM4{?1dRleAC_^*LIl@wyJ zjQaP(a}q=LV-?+QA;>K$8B~L7^dounJxe%ge<`wGKC4Pjw=xsBcBk5HO?)*2WSrH$2d@VE>{%A%+YZ-Z5fK5^?}T@VAfv@zN*!F}1Mp6f-k3vRx|4 z%0uZ54dn7uZx+Y(#WCO9_ZerLdif2-D;W*Vmd5fH$OmF_m-Uq5BLyy{fB#U#=Mv$z zx3}BVT+z1A!X86GR^BaMTOsw$t$=}G5c;T8N7VH7dbD~CI?uA=#c`QyBk!f^+i0gg z`g>w>dF0D}C|j^`kkQ(J6e+pDC1@snOzN^A`KY!vgK21-@I&0_fjjY_?C&Z$I7b;2 zaB=bHShKMHw#+YH_W7U}$Pc+KC7S{Ik0OvDr(ZqzXvF7f@UZF>IY`8oNC|F5_2i76cy!mFP0?@kukWy}uiS-(?{&G$uu5Wg|d6SAv*V-Up~@?CHet zsT0+OZ0Pqm2}Cp7odW&Z%b|Gfyb@*qJlOwyHb3IClYXcIeAqvVOyC_Sd}J_?U4)RH z21AyD4!VAXPywz)FnP?K|0=oNeei-O2L^+!0fPzB`zoGTRf~1Wv|(}RIp678 zkW{VV@IA)z7B4>2cMIuiZI2^LcSjqo*4mMNLKW+qG(L}CUW;xmjDd|6Ng&fc{XPNU%=#Gw(~=;F&unD{Y_8jUGNVs zeuihSaDJE|@TtFSo*}SXgdxHI2Sm6ynLi&b#>BX#`ph3ut;l6o$R3fE%$^BMK_W8hU5*QEIotTJAZP$1Vr`I(fsy*`jd87xv3X6H>cZyg4` zXO^?L(Yks@+n>>QQ{pP$;lx|K^RwQ311eTdM?_^=^tqJWO{Y2qdk)n`)vsdXv~)Ox z9ompQF?=1>W>%T+L?G~xh_g!L0+xvE!-u>7W{D9-6G~^le|T5WbLPeb%<*1LE4?=j-}!A1CKjwi-Qhv`_1>jmh$!>8C3=kfc7QBqW0HM(!F z5EVO*-44T0y$PtX2B2$7_`9xu@J6l>rx*OUww)y0{<24ZAKcxaBN;6D2yc%3%&)7^T$ zmIu0@VhLOg2(LB8{c56s%aecrzBvZnuK#xv94MBE`&OWS+!9$X^W*zrN{{+Fv%z+x zhx^4>m9OT*B5OrHbflb?Fi&C&<+eu17xw$Uftx|wu_wHm3)Ih!w2o(2!``jAU$Za^ zQz%{cr-luVo6QW5w(zmo=se6#F0+HJmq@)~~Ag8OMg5u5wqVj ziM0^A9A_*#&hyC}XI|^R{hAdwY(1TWuPne{m?S!+mg=VT&qBCmBA(ip%!qXP(-!ds zAM#;S(3Xf)MR~6(%gUhf)$(}(bO=M%qvV@C1>Nt|{}cLM+@Iwk%1Q_S9*cm1spN*2 zL#1W*-Ka`Sxntzl7-u5gSS;5z)LGU$rG|#fJ#>^9*cgmIp!&gG3e;3=AGDWYqcG@d zUo(v2+j%NV)7{~V>l-J>?2`XOe`Y~Cy|UnCuji8mp<=Zg!{eKJuo5Gvd?C+$l^Sm^ zMHA_@if26s-;dMBkM&e16c}U2_IhK<7ofe98WH)u2L?SmWFNZBbFgaOcZ3TJbR3LL zFt>$=$=e?EX4)2ZV6SNR&AX#t`x9Tr;*K6h+kEa9cyM87{<#argRWR*w8@vFqR3xy-1zWS%$5u^QpfK}s+?_mN|{wiA;(>;c%lD!lEeJ2HOBIRlh&B@1;u_CWa%mV(_GC*6mm7~7Z>=r-) zE%+iY*bRgmhD5^5GqpgGH_l#^?)YYiRLZxO%`f|Wwn@ZC z!`jj(QnZ-_BUpwo^WZlkL~N8hRO=betg5!I@C(#jU(%tEzdcr@9> z2Q#Idn9P^I&#MX*$xY2UY!|K@EEa^x+B;+ zD5fFS{XCOp7ykue_KW8OicPk;5|dwmf~+H@$`Z?hgI?ISnF58RPpD@z&nLIf>~g zO#}0#Jo_h^nI?G^!B6u2i-OXagPi6Q4AkpU#}W!pXlb&Q7fs zM#|mlb+(%taA5VjYMkZ?Q9;9yK#ZdR$x)I%GqSK#$(+WBjd1XWutJ2Xg}-X8{B-Kw{!7QjTqac67Qn693# z)s*jE{#F(%v1n$q$U6;#b&W9ey#~H56K;m^?I2C zQKTZ9vawdsXHKo~d5}6+I-*+)2AZdV?1L2=g;OLJ31@>Ykb@OmD`X3n#J_%&hz zPx__-mFJJwfE}{Q2GBrG#qa}eZKj)3VAVBJ;W&GrhyrqiGSGyq+}S#-0xBO*-Rh+3+8J@?1jm`ayVbMoto5G}kQX9<7I!e$)NNfDrKC18T+=Ew_trw4)( zZxKW$hymcX;IrJPmCp*tfgDGln=PUb32j1W8WlbN*(+d^ubd?U?tv2-GU(*x6Bytc zy3&MFId*ZidY0r&l+SqmYF0keYpISopoXnrTaX;*(<$hvYFq4|VM zrNN8JQWOcte0e^V#@2g%P$Y~W9^@4#RKs=EF4f2ihJPgVV?NUb8Xz9V*BmH4H=u zwSb_Yni69<#&v)!9f0LI3JS|P_L>N#yWs}$Xamk2G|@vJAdA@z$m*AN5F{e&07}Ec z!s0lGy1jS=GKMwq4{8B;*lPc`ohke1Q4wep^`Ofjx|yr45(u!%8R(;p@-HPB@$>VS zf#3Q^*ln}|rp$G~H{wi#yWLW?0?P^Y1f5~Hs+#RvXZ5E~*IMqOCTmWt28f=#BbaZO zfPC87!Q$Sbbo+*PyqE87gTPZG)Ns(Xf!0Y%=forw5k!f#(M7&_V>l@|188TM%<0A* zy-&b064W)*%KkJ-g|`lfEf-sk?dpEEf_}C)e=jo%O9}-Tto>C02n@JFSp_Q5c^-vq z1U`9U`cqZT4+h^f`l1D#tJ%rd%fjBQA)wm5HD}Pp!Q8c_RGebzx^<&3*YD)Qcombi z%+XK`RohqO1#AqI1b)YOX&AVQBn|BLZ-%7s%;k_HM2@luZ``=|+TUTjKw$R8)iuz4 zchp5*!?>oLg&+!JS_JI$Q93<`b0;kX3L2)S8OL1->WIF3B7a2RtDi^@{cfTaPciVXx0TLVMHri+%r+z6Y5TvPqRwlC@ z+5uUh9_8RY5HM10K5B5hJ{PuEy@h|gn|i(`)B$*rjNzYN_4nkKjd$1_pX1KqF5<#) z*S7?Gv20>Mz0JuBd6I5h{L_Q*o8LExT{VQk#BL%z%*EKjHIW@)(x(m#UV3hN%s3u+ ziT9p?0mmZHay_7^46*z@9wa7+R{=J|lzWM!iT*L73Mn`QxBN9R_$2%MxROV!uz-Hb zRk-+LrV0Jf=)N06nR3KlnKA&45cutfj2wMbzt$EzzO>34iqztfbWyW+k^|77m4qdo zS|Xnc^hwY$XNOZv-w%|n2VHO-z^xL`Srdz!1Tm9(Tf>z4e4zHLO$+8v8M+%O#4uXW zV{2vkOx{NQST6p~r**?AI8S3!vEP{oV4!Kr$D@0ILQ|Ks>Z<>&0T`X~hvI}LYhcCO zhOzrGixbY@_AkHTf9MC8=!Sw6F$>%!LXSXke^a!|MVw|{${sXrNOjc!32zy2o_%iG zL!Yw{5PF@LViAMNC5M}bw77T6d}-yp1X@WgWI;fFZoS8G6J*P9YOT5 zmFfBsH2cFh&Vu-ES?##((j4G+w>NWvYOctbrx$>xtOLY`OB30F*hcwuR>W35U?X#; zQ99p=s~vQ43& zGRjK&2QhqG(KJh57!T|F9WAxunNNk>9*6zl87EUC;<8#2o zsB^==#jX;dkAq~>;EbO$;N1X9xmR2)I@ZB{X#Muo=DyxBEp8gKmAD+D&a;}(^#SuD zuDk-8qgB|zn~*WQSZ=w(IJd7swF0K$TnrU$ZSw@f8+#E=8zhMqR#Za3dAR%5aR zK9?)GMRs=foX_yj-KA=JRB3da1wDueN%3wio}oR6w)Uv_zMlehoM)6Kn7a7aw}9zZ zNZtVij+PKph{|i!a+zj~)x|_RsIEpyeB;xa99lFO-L4fFib!)LxCN+!NV!e#ZOXZK zBzS@~Q$(OmVlMI4!0<&XTZsK9GS9$Un5~3FL{&~yD-as=2o*oioo6RAXZz(_T@E$M zl}pqsLWoA}V|+u*10K8R##3}3^mp07hxJ$uWfHuPQOue=$Meq$a7N)uA$^SBfI%E_ z3x(sTaoiV+^k5GFrMOM+Oc%jL1G%nzm*Q-y0VAV&h0-Q#nH55c?V5uR^E7{vC(-=I_f31agjrql7guVjp7HjGE>?9WVyJ$d%B4 zW>F;h|@jI~RUiqk?3db+>Qu)D!@ogZ|m%Z9m%)FzbsHmvZ3= zS94OIW?4W5fgCqH(#HVRz80@4vW~ltA9TIyClD@jiJ0O3%NNQ>IS0SUT?z)<*BB{QqV-9*RwO$ z`oVkfsHt;a)BhRAVu}ZFtP=q8Hrv7~DJ(+QZUDj=-?_2X-0XdtvuEC!c7p3A%7+Wb zOPv?Q}`KjH(P5o{iM)!8GDYPQQG@aWs7R{=O)3I07 z@UV#ywZ?%rmTWw(p7{#zW1hn)}j{TGzQn>A;2NizsW>=)MyGm z-tBg+#dXz9zhhE06hFa?kYu3>qqDfcjvmD!rPJ< zz@t+TK3z`t6Ub+h zWFv|=(ABI94GqPt|2`eBDX%Mjjt2#DZa*JKe-@6%^_iyq#9rT9U#v@bpf42r_EY#s zw%(WE;{=?>m5JU2^*CMk>|N?zlS7vk6YAH_I7Xy2sQg49)-mrsAk)nyu?e6!=$CmG z>@{1t!j`hnC6OA0>Sw{=bmPFGh4;dr7~)Z{&46rrgRzjyCy$1l$QANcv(vBW9Q4Pr zOun4S%e~N1WhpBqw5ME0sOEVt7!gO1H7XZ zRpaYzK{ZNLV+D{C5Vr;kZ2M7T5;}Vr*^~5#_URxLpT6Foc_b^VgO1G(i$DRup(jb=B;t@52I zResC?JX+4~@_TGXYy`duXx?zB-+Xzq?Xb7sdA7Et_-lFnX)YH{BRQqXr1JK+rYr&+ zEfiKez>!-=kcE4K?h;7MdiC`g|F_!DCr3VVr4gkSxFydaVy=$1AOO6vAGqth`nyc7 zzl*OwPi95pzB%2h)r@leY+9d9Qhc@p6bpp<-12r^5-v-bVAvSFy_mVMH$saEIWg=C z%?im=YwKEOvNm@ncx6lIAxHhm09Ncy8&w;=|8>EIXyr+>nymL&IJbqagSM40G4wOe z0Ie6`N-6A0`q6sC>@wvXM}A_Q_U6@Q{1g>`Uk8~MR`=k+f@D42i~fDkL(i1Q=RODL zq4^XGAjXTe<1}4 zxhq78n{`VW0QdWx(Pv*Dh3K6$x!KNBIDXXvWP zV-gX+TavUZOO&DaUd0hUNW?4B5cKm9Y{EGZta(CyXI#=;r3r1Gt+nOa^!D9E;HU3} zQbi%XrEaK=shVq`zqV=d3eqNt#E3Ne@Dn|HjaU4OIpB}i0UFoe6$*mqYJs;e8prhk z;>7?G2ipCR^-seh=EAE4)zD^1>ytdkLU&d<||x zs_GA;9~~BFqPio?#@m(uD5AE7H>r1sFEe;7xoVJYT*Vx>i3t% zU*L}S@i3_IZ@XbgKtTOo%1aN`Q(FJ4yOD67`3F0Um$;>a6tyC8z2pjjT9hXD9rUp1 z2m8e`*v22VtzMt+uF~8o+_yF3V!U>CvLxz4`3-J$`?4t-F8)ICOs9WEes?n%1wr2c zP(4z}T{}y!7M7OUZc5sGT2YAxDK`^i!{gcZzKnhysfJ)8*!x}TlDo!%$`FG@!$L_; zJ<4enhYAo3*-$MTZC;??OzW+{c<;Y{YU6RkRZU>i7|AXTw!9nuEC}6)6pm5zAFmzHE?LAt2tRz4h)K7auK$PmMyhde(C1m2`-d$?k?A&|&4XyQ*@@W&z4P z)~3h^)@eMg!-lIkPOF->i;G$Af9f~)AoQPJOKbk#jNq|~(+ANa9zFh-f!{uV6v*c@ zV8tuqA+z1&& z)oP&1s;Q}I^EB#z*hjIDuU{P{yP@iTQD}BDLMc-G8VAx;Y5+&+k zmlOthkHu0{b$+hpT%N-n6Ke% z@V208t=7Q0*up8XRj(iW-FdV(AUdQI*ad5+(pu%~XxdMPT^>!lFmNr)R=N>Dt(AUu zTPTkArNq{5LOREdWM#j{5bpMsu)P%eT3#6X%vZ~VQ^1sAX8rN^*A@@s8+l&5AB%*I zX&@!jv)#B=KGljn*&tk@_6ApmFN$HwL~CC}TYES~TeC<#nQmNMdus3IQ#y-gcd3tq zQ<8r6BO3O)Q~Y^}li!%?h~ujcV${~b{v^q zG@emBo*zpUNUL@hHAQow`aEvtDimP-B!!ac+QFyUgfNqBUAmhSr&;T)9-C!$c5pD- z;pvWozKAU_?XdJUyq||}?5bAT;dJSvN_gL}Ows^&` zm*>wd2zLPpMz$pxA`)MXg~6B0TcJNPc^*EbrW$Zi_?iN8N8?ku6`N7l6&LL5dPy7m zuZL~gXly-BJ$B*7E9J4rzFe^)u+$0llOA=oqwlokQ+?jq67Ki#=!AeRzNy}k%l9A{8J|E!59nV=3>+U|qo(|w| zJR59u+o%zE$6SG3$u9Bv;V|HS!s5D`vmk&|r);vTrn!B-h${H9cSiGou1(YVS*0qw zu9@5Y_0YOY6Os19(} zVh8xzg39HyuGc}|4c=(;TZQvf>?Ut`Zix6m%I2m&{mj==(>HNc*BUEf@EAPt% z>9U+(-tj`h#J)BLbtx|+tLq6Gw7ka1CHS^tT=!E`sr;UufGU?B4^>4oR;v}VAR&Jb zIcIxex35RN{N^RqeDKq@8!qe~$(7{{G)brtRFg)>)yICK8SXmSG2W#E!`@qR z$yV)|E-?p3>N4uzD~~Rnz&~vZ7lfL2yXpGXxehyNv*fyaBF?w_xRCF6z}5F#eXKjg zKZ?Vzw`xwYRGkbTJte?=&V8suj(KY&`dZk}9ujIc*L{pmETO9;^sU47=V9qMn?^sQ zM9^`z)blkrQRl55y+k^@X2r_3H6Sh&c;hZ9&o04o*EhP;T$?_&%AkHg}$Bu@wC5lp&uTSB+$~E`l5TTd2oWu2^y#xN= zG{1)~s2wdBj)cDFGu2*zHHn?9nWU%MjgDv><31l2`B6up%tExN{WEEStJmVu`NnR6+ zVeqC-PveKsP5rUZFmcU;4=x2C#Rjvn>+;9Y!kv&e63}LxZ9e62ZAuG{kJtY{y8b#S zuC{CQh7;V~-GdV#KyY`L#w}QI4Z$Hua0u=mw9&@hg1bY|-~oa|aCmoL^UQr;Gv9oF zb#+x&!QQ8>bFE|jjt)vBYEr5FELa(R=`%k@&pqxpS-TV>yjXvDJ$)JxJm6{@0@LO$ zlhz!LH$>6kO6h*MaejP6D!;W##(j!>7UaeSwDLD5gZJ0LzKv#4|x&u+sb{)v^~;Q#v+nBuDch)-`88w zU5CL*5E{NRf206owHuh$I<@vu5w@q=RxiJefjihoLBq=S)|gCBR_AAm?mTFs{{Qc^ z$07{;YG;e)#P}y&6=w2FK`YJd|BpWB)Av_9EK6Y3AwWenf4>uAzc)i-(A4QjyaTQ4 z^HU{j%`KasI$e2QSe_YYCR-*89$ODb5gJ@P!pF{)% z7t@-q0hHW_US!T;@o@1zq`s64u`4D_gr3C!tsBD~gy1J8Vct;5o!bN^)CwWfs2)1* zv)BCE zGr0C0;DS#L;k`IAJ7&DbsI*Oyq{CxWR(k}QYGkUh4>3ccGk!H^%(ylkV?^F_6sb0X zs@FY_X)qv@x#e?WV_+s`k83yU`A8bYgY?}#_z+^Wcx37y0R!gjOlLW$22<;5Qx^Nj zcv-U--J?j;Y;0J{?YhY`f`iDoFO%zDU*z?SoF2#i8l_m;1bu?TN0k=Gvk&jkseq80 zFY1~-r&ycGS46NaESa%Rhj(~LOXI;qUTGvVkT)*A+^zi-^yL<8<2LwW^nTyVs>}7k z=k(_I#BX1C&|D4Dtd=aQur#kFv4-XKYnVhl25zECxstMhqVV?!Byr(N5)zy>Ofkb< z(LH^gxZF~i#HhFPcCi&zG>bj`Fce!6!DH1@Vh_*vEokHQ8hwLg><^T$m^=05VeaJ) z)2e7(%;r(-A8IWxgqjvyZf+7qBN|Ol`rviVj%9*m1vke@)&P>k$H|HrweXu!rS7O&AIe1&4(H-8iA5}9#CKxQ)Xk)EN7oQCic zc%J5$ggl^(1Q;SZcnjt5G!34C4p$IYv%j?o)j16vu4NL@h^TA08(Z^X|FA|OGt;vC z{DZE7V`zdT|KW*aS=(Px=gr*+qJVGcKH*%ezp+V?4HX0QS$7p&lbQVOYY68{Bb_Zn z&4#hR@{Hgt#!iq&CeI&^#HE?XxrmQyU5tN&mnJNfb-yNop;9$^FHwNU7y)@quP$`; z@^qu*f}@$h<^-d$Xv5%oKfb=0es5K!%F)T4R^~Wwm-$H z@+9GTL72sNJNmMOD_})~eg|~7mV%hIgsC5}nANrqdNz}13( ztL5xca*qiM#z#IzB!~#*s#NZ+IWdb^wpP_88(yZAS!f?zEg!v6mS-MVIr$|XThViE zT}M=n{N&lMSEJ(b?TREAZ9mkOTnpoCvEzFPuu^Q(s6V!NHWDN9~zWzlA0~%(>84` zuCo+co?>daHeu-t97RRA^OzNCsmD_UZayNTlhE0SK54yiN%VC%chd&n7aAIsH_Uo+ zl%_gs;!irqq%^%Ws&oV@;VbqH9AcLcDlk=ccnq!$p9Cw`5Tlc6zj`RH})D%2RJo{qKU|6%{J+dYNdK(DaS<@ z7>2!R)>yF;oS9;&^W|S~h)s}QM-hD|HVX=ZijQBq_2L=nv-#(6$fq@FApb)b374XLfP6QgAMsOh6f?f_>xPj4M| zH2L15R}IAkusMBZ$BW2MiG~co zFD?C5@dfCG$gFh3Wl(Zq>2Zw!x2q=pL+e9Rz!Pu(Ei)7Hi{#?m zJ&FEvWz)Lr@nkygGa}R=C;_N+o}yP4>s@XHyga$i$iLyS%hpb(o>GHbxT*U&^{nqN z*^TuUE(q!BAd3dqN`|FqU^2WDW3T#D$YFtXxZ}ui*!wBwzLtj{J%JW9Pyf|B`eUiA znj}_T#JTdyqTxv~&DrNfWIov_#?MXP8_ zDS{GD;Z7FQZATr9Ltg5vVYiI_ac10^E!dk?b?uImPnrjXX@+`OP1UPlB(+Ca4`m0b z*g_*BfxDW3?DBuJ0McQ5!D+1Y#Np})#Ok^Ey|fIfNj65(CKD-^FBH}6yISdZR1rgn z`GIzVV@ytFNe07J*gE3BWY+^>X?3u$eqnQh(8YNX9IjV31pCPxe^ceBp^8@Te8))A zQluo=H>1XuEnE9=$gZ9nn1`>DR_=Bi<@OY6Fk~v&7aFC3VVetv2}!FCyPhEFSu1dR zt(&L@(mIr5Me5Fjhy?rfk5eD{4a4UCc8O$}{j5qK1CxT}QHy}@SRuY3rym{Z6frQN z?|Ld*t7RT0J_on0oPV~Zr>IGo%2*fo9U+fLe$pbLk3V3ibyQ=K8jHH(bdF8?7RN3l-4iyV$^ED6}%WYmbwAcU4 z9^fMn83~P)cMKaV4h!(u$SgkqDCE(rZ2+t}L(S(xIt-JNeZ{^`Sp)w0ez9u=Xg|%; zG9I1tglqkL%naxj6SA^0(1Qnb=6@%|rD1`s{<}1$grGJ%DV++s@D5Q`(~CXz_Y>vZ zT!p@8RAtMBZhk*Avb2rB5K}FB936+es;&zRiqg!T-CF%*{+I?{5<#X)MM1qXW<)Km zX54biR`rQuKec3>v01A(F@8n1N%)5a-vqXZ3(;K~!#{!|3f|ohebDR=t7w9K=nyS~YcdzP(R!jqXP9E*y20T_U{L2CbZt2ZL_&0{}MY zzYkiHa)G-`BB*0`P7Pm?nRCFB66Zp_37&pZOOQXEx9kgdq zzC3So7T%9wN)qYI{n2mbJ^45G{Y8I5PxgCdaoQYROY-w!s?$gp!f?UfSLu6lobKuA zWsm~}v+yC)wJbvacWayT&mo%-dE{yr{vkn&=wpxG72^k{xz*ceaKqa|w)O znipJ0YzKzs;HW;ve(er=-uAwMrQVef8P3B!7pPy`DzS-mg&$rvGy9=`2gRgd)rQ-Zn<)qm zD2>$Jeaq|taRiWR`&;`s+^i}{@Hh@ThYbvHIpp7q9dzH)GUHU1TR+-Yw&g~3Y?ESI z_D3}qlrBUM?xRvrzgT~3Rb;RmWA5)Kb;Kg3J()4|Wd|{DUa&4){9PMpIbxy0NYgJ) zP%(|c_CUFa?kor?=&Y!01^e{BV4N8zNL~fA2r25D-@DDC;Z0<^@9fA`)y_;CF`^%)H>Y%UhzWPI=5DlF)MV(#$Aa=h)~kLm})gi{Y7~W0k0td~yq$#t?Ac zSPR^z^eZ3$9hMyvSP&YiTwUYS3F1~X3JP^W?IiVNAkzFBm!rZ@^eG?=RXrTcx&_*V z;mYA87^uvRYt@a`=!xGbn#ZdcCafsdKV`}$pCD91%F&!KI1}>Z(Di5++NrdQx%I{& zD?dLf9dL_r<*73ve>t@g#QJuuMXk#lARQ8|r1pf6PIk)HDvmLSVEM0WlbD^jDPRol z3g}2jfC9C}C|gq!0I|{FU3>TV%?9At30;nHU-Y7KAi@0rqz%;2Q@qHe>-ME^F!l~G zN{9!V;rV;P`Y+fIlL61PQ2911fGlV!5IijXUI;Wr2Z0X(zr>WeIjtVHHGCbz&5{0v zL3eTSKsUDV(H;zPfgwO>`3BI0tI-`zioUQy>0uTCL~y3cND!z(`@uDZF$D%V)23hV z0F@@3)v56;e$CcT2Q+|IyXJ_4lpxLl3Np??qxgIl zCfaL9W1f_N^Tgd&6o(BR}LoSJ5wT*2am`;uDfZ(py^W01} zFGvxPS!Q|dr8|zj0A*l6gX14hEg3ol(lOfIgINXY_hkHlP=43sc~VAO`@Pkxr+xly;?17{0H9;F74s8)tw_+Z zx<`QrRh5Z}_W`|5jt9=E(CUC${iyE?pdznw*rWgJ7dKW{2RJ{=tEv(%@VVjp<|KNR z%->*CSHFn+GPAI(2|j*-#fSs+^?V6^Z5XLFk5%&TFaZPV%1p!;K?Hm12k0wq+aQcr zIPSyJ9YwNkCh*#6(o0B$SV?|*5x1G}S+P`29T_tz-${02F7$bbGi?4ga5`--YU5je z6HuDe(I`KE_0G%hBIEXbL~ABEpe|fQvh2Q%s+lvZ)KGHf@*7CU?LNl8;u7AcIZdK` z@@!U^F zf#9)p9J}W5QIL{AmOyX+ce7l|BJBzV)YK5uAO*(e3D?l;cwRxLJ@Aq9MYwYZkEn1N z{DGA3+aXHcJr{HBJWuiFJ`#w}GP#J9_COyCt%;ui|n6T-k4@35^GOh!QCUE1U%O-o@y*P4bSgW197gLt zPxHz!+h?bO*j^XzY#)V-{ERWmy1k!a6@65(so+e>1vM_aK78=qrkr=vb1z@-Zquhj z-ked(m;1REm9N$}ef)s6+De&5tWO`9dDh)P7x$7y_hsM{#f<3ZYkW(qe;+zTufr1t z7=-{N%Fj|)He?UplEtqO^&y$7qEusMdv71}I*cti4`(bQtXKBnTJifq(dTK);P->Tk4gIGGy&)~QIxZ@bBWuzAG#$Y8jWmzX*7_ z35c!955Te|+JVj7viBWWE|gCs3lx6_C_vIs-J4D)0P@)E8TdpK{Zk0REu5P-fS9EZ zg%0WZEnlX6ZA6ymRs@&%0Gb!jJOmK^?xI#qtwg$WT1?UZ01W|->t_4muFFQ(EZ$Ud)SUV(@Efq)=HRS=N)Q71hq0qMorln_P`w2_w;8M3FCwGK1s7r*?ynAFov$w60W{7gugOr}Bc7ZIGVJ+K_rzhJJmVK_xV zH?!ukaa`BtO;wI5e5EFPe!LRqCHL#E>opf2s41q$ zNT3~dYXYz);pG5&cXU=&^mt(4^1b_^79U195t7FO!;WCeSls~^f_U@qOFjE7ogVrH9-alyi07MG9*cm*JUQnOPZuV2 z4$&Jp?EbP_&!5TE_fAh(uaGx(D9@cd%V15<(+Li7Hsj!_KC|M@eR za)v7BH>NG(PzunGI?t3wg)D@O@}WO%$uydWw@sZfKenedcw8+!3RmTQ&ow^UZArYc z3a^nmJ48Mj0*QnPjG6QtKzK)bV4r4oMd;d>x^GMqosP>}rXC`uz4mEVIo3Ik_43Oy z!dC>+5-c$+HbD49^^@4|k!5D)ijSL$QI;OJ)?F76Rg*QjQoNayvhe ze1FDO+ukb&P}Z-hMGNCZi2 z)$lg1@mApd%7#s!bTdiqUqF|Sima>hF#Yf$--lN(0PFc#(qNtH_mMYc4MBp}XDX+c zzfD~&`@|Zow?d0IDvDPas>Lt&s>*FRgRr%14< zb`)Loxb2ro)RO@wIE_L=l^iz%4Y)LFNh*eux7j5)g{QQQ7Ud93OEg$oB{aM$>$ig^ zcWogfKZ_UqMFHWZL0OA4wACy}98GIL-4}lFcs7w(vBt37ZLhkv;=QrP%#E5Na<1+y zGp&0DAd_yH*S~r~+55;tU^5#{rC+GIwtfOUL0Y(2)smN-w?TLcA)L1FhhXPk znGOt84}N);JcIAr#O#C+WNk0Kt0MlW)&cX{834Mqp&QSABsv*V>++-(wTT18@z}?H zM=1zkbmLvI=g#FRqqRuNrQ{t|XUK2wvqtgQ^`?S!6II%?vf?eMl>wh(cMd9V-~*UenEMeHK^ zfy=_ZK+vGn_N7%Zo^o3e5DgEmcuj`-W(HBx}C1{`F~A4X!)iR z|FvN`_I5pHjZHrfS_p4`Z1e zb?qNDAu@q6LVg7=vEeD_`z zA0D&)7T?^`l`N!>@6Vmg1CY}EV>taVls)l@qdAX3hHLJv^`VI-AdU%rT>mvdw* zqZECRes>~M=Y;3ruVT;kE6+3u49K}ECAE5YlJZBV9`{$`K|!y%a3oMu&HAQM9IYQ* z-O0DdzfCGqcC)>&&iXzV^${y7ZG-jO`1atA`RBV&dpTY=1l6jL8?{C_wlo#}v*rD5 z5h>KYZU4J>a?z%g&6IRFex0qc%IQ&3M@;J81zzA&ay1kEc8G);_M6xSbn%h<%gDF6 zT_UT$?ffQ-t7$!fJtvoM{gR-4aCLA(aC=`EC+oqK*uSnveMT@!|u5A+6PvG z3TML}mSnb-2!)Ot2$Q8vfpYM;LG}EJnxOqQ^bv-|x1o`w(Om zRvs;zt7J|{inDk`K7$lQ%D&Y7!y)M3%beH-qi3>W^2l5i`ZrlWlap%-BA=G{(K{Y*aKvmSJ#8_;(k z*>QmHQz5)y>UZ zRd>@Pve;xXGwE;pLWyXs2PD_R{J$5Y9BowBJ)R14o5*xS1iVf*gBwwc2$=_0!M^ra z+o9vQ7+0y|Q&6w~Ht!Ygbw7|SAfz@6a>t?y*D;+w;#$px6VU&^t zUrM!&MGX?qYy%I9S6v{Vlw+N9=z}8{1427+#~vQ(}MBFXX4<|5u=i4*ObD+kxoP`ukhB4D#2!2*Dc`dz7Ar8E2TB zBG-3=u71R%25<_4Yf6%xcU_(LcE=>pX)u+Agtd+6x&^>c+zOE#=ifVx`J_7?*OiUM zkE?6pK}{B-yrgo~*~IJfv|53z-*>ZpxIw8g#yM#$z>kO$a6O10_w)D2t8WGvwOK1d z;bdD~V!Hj@oi3Q-pMhLi%eW(N%+IX$-vv=LKLJSo;T+@KF$il8`R5l6_?hqQ!D!~e zmw;!0JEU68189%z!d-RtQVih)vz}2|;crXFy8*pW@6pr)IM*{BTZdx^gV0lT7)MFW z2FX3LG>M^30gkg78(qfe2%%U6^}#T~c3Xm+IyrsN4*lKXH@Tk*iRoxuDs|hJ>fkgIZY!m1X^!?Y3E9rOhLt8KlO_xyWMpJdAVPhA zk?d0;>+E1%Q7Ir8Ck3PMZipbs@9K3go;``8c0Np*6FUMr$qtgr#aq=rAJo{?CFwYj zX>{g9EV*Fo_2J9&|DG3l`ry+iEYvrr7(!nJRdykF|x%-;x6-FOC<)q+b^_y<>Z#c3eq$9LQ8J?%G>ubPNIrJ&v zk$ri3{}}JVbBc_+ok^BBLfb5EEI*xl1xL zusm_J&02ZQd?`YJ%ZwGejhfypekH<@Uod@SqdroN$HU{uXjVb{T+p!!brx&!u5F)9q1 zj^PMWb!&M(0(S}w3BsjY&i{;wo|$l6ir3zuH{Tqnv-4rN9rj6(w)tcd0JzEWO6E!I zBx)}{+aXoZ!U^g1^Suw=Ko|s}v)kRK+yadHMRliwOwL+n63jL( zxD3+QwB;G3>gAKrD=f4CZA}IvUJG{Nsc+Yq6nUu71mz=1cQiuM<3W`l2V|YH8D!BE z6E7(^;!7rmQ!)LL66KVGg~=m)o-Cb4>*m%DmBt=#U~;ahjd zyv{5hf(RC|^ssYnFEV>QCN3ZI<+WZAo6MhEQ9LOsPUPk3m&CzpudhW}FQ4osl`r&9kv zH~;8YRTxK6KNb@njCD3{MPGaP19`L;9UX!;C!~5LIPG%%lA3oFOX47qnj1y6o2GwR z0>mU`v^(bQ zkVcb?JCxIm)J)w9*tKM%ifb9f>C6RgF2mgfwf(7$!jdDQ{M(%E4Mc!PF@f>+lr-58 z-2cY-|MMrQx>LKuEgPwc&;LT<=-LOpPLdgjq>5&6R8qI5-Jd+(!IgBpbf}b9=h9{AS+crQ$r@5@|7Sptp zUte;aa#9xNf;1}F-FEUbDW|>4SafDjbW%YAP2SDV!DwK|9t(WG%O{|fB`S*#{WXgN zG+63xmCZZphCS-!SSSFh*Yz-P&ONe1QQu<)My~%tDK~|4+>=7vax9J#3Q*P){LfBc zsgn`A1AvqFMRQQX$kr>YkcV*ESm)P8lmO_5Fk}Ujk_Z3!h;vRy$H+Yy+GfpO^Qk>x zA@Lx%dLHiP8rx*>~9(!d1A4AwYvw0Udj$Q!?zA}42LBQW4<7$OYdat@P@ZU8PbNg=~>nF%=hC#Q1jZkWZyjIEcA*;iiy;nfYc*5aWS zpCZLb-rKuql)K3i{E4Sc3WFjW(s|dXD9hS^NOhecs*}l)UGtswp;$t z!^Yzz7y0IiwLfvc#g+fZgWN)jQIY=k_bRf7m?NG3842Z={vtv@9$D}LK``M#OZGn+ z-kQ%?Z!PDSd**F<;CPAPpb)8MClLu1baH{YmYv}6Ez)=*5v|LM3&XQ>z&%6l7I?Cz zS^&W|3?LPDF0l4d`22u+t%ugxH7usk6ueG}($p=2%@kE*P3vO=!)%zT-)G1FBh3HL zY?=#uwKJSr*SjF`E*&`MzvgXvV+eK?xXzpypII^zq3|2t;ctR%dU+w~-w$L7 zaSxV1LKO~%ur+*#dPZ*MPB^@9(%mcrw&EF_|unfJgU?pxF^oVI?x<^%^i!oI=M@jE)TBoc8^SAk)O9( zd}i<1S_Em7bz&%fWKBu1>5>^q@)cAaA*@Qe@M6i@iVCr{L<5?7+`SZdoOqOS(*IfU zl~{piPBGd`E=RS%_X<+DkLQC{wfUAQc~*y2-$#@i{mrY_@(rLRwg>Ubsfm%u3ZCww1Sg|D2sb6+a1c1PISS4 zLjC_tjQ@zsscQClZ4#0R63TN}Tu^dv-W76F2Y>!eN?wPu7^q2T-Cj=O5d`@yeq!-4 zq)@R9PfuHozNuZGp+lhR&iGD(-YZY<#IMP4U=j&e-ejUGX(e_vX&tPVQAgLE*RM^{ z?5_?|5*7@xxV0*aB}+VvyE;vvnI#02TQf@>EIY42fzy8@3lwZN7z*h$EQ2mUpu;u~PGeTv z1=$*>;Q8~`{T$pCuoV3#p3?n>M5Nb1(bH6n9=PzO8=%uL0K5R*Y$Jz_&JNlv2B3i2AG9WAY)tAklf;8u3=b1lC0{suE3Gn^Fe!vG-iJB)>h zCLBoG6Sw_aHTX{~^1mVzlHgZT(>ir51w)A(NlKCQ|OO*4=hMN`3O%FBruh<$|`SJ04rn98qQpyPuyi2^9_GQZAP<6 zb;ODzIqQR878k4X5wg1@Oa6HsJYPs@$JjsPur!4g?l0+R{k`rSdid+hnwD2KCVUfp z))jg9!%Zyg{i(16*oUZbw?OXh!GuX;?i6LvicV zC~prvmDga`yZnkZ1>&E7A#OfGuD2<$`vHmlv_WJT)AaQ~6aK~A$4x5jE4Q21(_Usr zksYDkW`AzlaVwW2$5Y4L8@#>CmTbQig2PghObFj-7WR0}P<@+wp{B!4>9i3n`3%-J z1B944QGyMBAd@s9+6q=nlFGH{`R(9^uW>Dwg!Coa0$Wj+7w{~kyN8(7JiY|%hK!f{ zld6rRDgRt00^LK!egq^|)m7<9LW4~btoNtwmt@%Pz%6?S8apLvKt(1{Y-<8wp%*$; zrul~Y1R8PCLOHCz8czX>nM9ySYzS}{-vEJ^TG$sLb=W?GApDx~ycbO7Z9{Pa4G>N#Xt?)~;FO_^o+&6e3ARXUj}9@X8&OiJjR(1hRBXm7j?9E3%)cl>+rCzp4KLC;{*nSyWbG zKF|JB#B`4qJKiWfYKC3Nf(FHoa6n<57D$!^WdT%DSAaOv+5=$9e#C14tX(GyXTDYE zVA=+#V5$W$Wm)wzd=dtfS0|am@zLHA>ws#`_ymw7c=(+C>bU^mnew)_$4&w9)IUX< zNB)HUzoKDas=&ed&*-XRwwth*Fh_h^4Sy$#)KLa5F!xYMRm2>MGcaLEtZXeBLO16! z8e_;HS$^~Q!df`Rgb6m2X(>Vhsm74RG5gpjGb_$Dm=w4Epgl>{0jXEj)awHcrxN~r z0&D#V8LfE=RRQYT#GsI2rjt`X=kdSmmxLCYN{+r|N(`kB-7d4`7MSi<7r)c>syI&l zOsI38w3u`#Q<(Uyg>m;Q&aZFQZ<4w6lXa`XBh1z%$2siTpz-T7V!exyzo!8tvWMyC z_!pVki}eqY;7b2$$5*)`eB=H7-un33naoUoZ%=D?6=IIvho27;a!3+zLHxXSF3EYf z_paJt&G0~4mx|vyO^>cETXDcfni_y*ALm)xY1^mR<2dh=(<!ku333~(xImYr z1KHHnewIaxkK^(x5`AKZr?iP?Z5T=J*8sxcVNw6);)q{dHP*dk!|D>Kw12f8%tKK^ zblQG|4UIrH_h+F&y)12`fQ8z^Tl4qxR@^rk@fPK?(%-zTyK z`G{hYS#)^8hQXxzQSbyD#)9k;3udX6w*Ot>*3w95B=1V4Z$1M#Li_0_JDY4xOy^iJ znqm#}&x@{F{Dst!bO!RwT2gbk@3xfJ?lP75&z}>19m`~Ye?{vE5Llure-|3fti7ii zOMt9a#Nj1L-4NddjCRweqZ|%>528D$aKuLav=rwa!`pcV4w+xB8Dnde+at&v0#Xi@ zP2Pk73du(E3bs588kcT`I0qT}XYJJ2;#%3xy~tdj|LE>xmrz@>RYT)GA2@(v+I2$e z@S3ga4n+#}ceHyCu;}#pU>?sChq$=8Edhy3L@mGG{g>CUID1j!aY~eCqe~6{Yn^lt zM7(mry~B|nj3wt&d1XKM-|OTQ9h}-jUbt<=CKE=m)W!a$;AXC{V5xyHh}L0+wm)8} z6ii~r0-6T;sF2=^flT!j(vGXE(44$@{42nomgW)67kxO6=Ogs3Iz>iC^<4e|xXCdJ zCW=z{Cr=ueb@bB216LGx8b(^|_@gM_GyW3JTPnX96;hYZ?)fK8Zw6vBYSr?;XR3Hq zD30Fcgl3XVjcBosO+OnoIUfIWG-8Rp!pFBQuYb2a4O_ER20W8J9gCh*zq7*wO4|7tG5t1s`HlK)x7pM>Ny_2XR=c%y z13455d!!$x7>)WvA-a6Pb5gOxG}4k0613R>6ZZ%<5Go+OP5VzY5F`DHF9nL@d<39) zRrt8mixC-zfLVGX;Myqzh0>Za-`BhQ`2w2T9RT?G?V%#7(FT(qDjQ}1)b*)3z#RRuVyHq{Y?)l8IE z=^E3qm}J#YtT-qH$7%U;j*tDb(WgXz@zW`wpNzd8hkpN0Mk`Mo=}gtLAfPWo88H1~ z1dzhGtFy({Vt=kJn`xBhHuerl!5skTO=?2)#dmmQB%x{Do5gXyIpP2?RnXLda?B^9Z9(PB0EB$O4?z8O>a+hA zd3kgreDnlpnfT!_T4L)|JOEi11JF1EJy^Q{<=y>|FxMY=eItP8dy8Wi5ErM^O$aCg zB}%*&LZLgranbM|IOXU|a{XJCa)kKP$ZoO(I9hga@&gzh0KId5cvLe`>`Qr3E{|F1Jy%pCh|Ef_MS$N%4r7sxn=cLP}A zqb+eGAcl)QqxQ!N0ZoOoxC36!Lr(seq(Jh^gN~>T$-}<%15}bNt0nF#mM3Ox8Yd=h zhT2t)`# zH?woV$pI#Pj{pqY{d#L11LgowFFPO952sOAP=%C6b>?5?JK6(Yb{Bvr@CZ;OWP(O0 zpMFpE#4ILq!hJ3F1wgB`g}B?dKpbzh4xqBzyhAa_nW4^wf|$?ND~*-V&Z{+=(>(Fu zRsN7AWxh2!?vE3nET~=Zpd#x#U>Tp>tD5lsw7?Df2`y%iuo^b2L6!NkDV(7I@>~$D zC-HCko3p`WW1*v!rfSW%;#AnQV4s_lc>8Zc7vc7RtO|p6BUTm8Wc5}&JP^KbneydU zHrH@J-v6!a!NCDWK#j#X9alK_DtxF!h$$cUzgFkJ?syrLuYvsbW14=K~S``3?N){NRfNFLE>{ISi zy8izDTG@G2s7s@MjY{>_zjU1x`CCI~5vvaDF{&p46#`6B#;glu*Y{k=23nuJBjWl<#EMVc3r-JC@fW8UxpW*^^@Cehp==7=p znA^5x`10VI9H6?E-FklKxQ+*1Q40zhK<`H;eb`KKOp2-O?m#86UQ>m?zhzLeAND7% z9W;xyDq$2-fFuDo0|$d{*57tWOM9ODc*`$=;uWmhYh>)U1Sp|!slkA8A2pVX@mJ|5 z#wh5aHTR*j1KKrH5P4K()YiJv^DLgW`COAvV2C)z>C)(2js*F-IfL2sb=`SURzJ@7 z(uRzhL|r!jwwH-sjm z>r0uQ>nw}q#rSH9e1^rx@TAhX&X&d;j#WNMfqLX&?%dSTo6B+aNCB~@<4LC@Hhvy&`drM&tHHRybx_nPWRnIwv4?xZswp% zp?{{g^b`AxPh;wse|C{;(ExY$RTOPUP&&?h&wxLW0H$jIlE{y(`Xg5C)9B9^rug#N zB|w(pVC}M~wL(In(`0+$Cn1JqvAp*;-{GZqCMaDQwDbMwPLeNj$rY7+$@R+13ec8* zhED$grSZ|3|BtV)4v4bbz80iIh7yqOZk6s3=^DCQ5Gg4s=}u_`1nKVXkPemZ6a^%u zLB2EZebx8g-@V^II_M1ZJm;KepMCaPdo7na^uDgKZXcz~8nft_;937yG7R+kviWRr zVN%7`_#s9PJ0>vXb~Ql;~G(+&TfHxy-J5uOGgH1-Fwhb*RlR!|N2YQfE^9kKOD++E>vCriLvVqzpvK;m^q443c5qa@H9f(HH&Biu^ zjvffdfo54oRiGl!V-c5)tB#?fZkko2J|N&0(~ZK#m{?-%dJgeb53RL^*0SE7ZK*b9 z&(PKixV=*^ny9!=!jCIA*AV3S7#rHAmlk_NqS(89&7ys`Sx&m%Q~Tu0g9WcPv#1z5 zZQZX)+cj8~W>C<7o%=j7?y)RK?QCvl&W45T)4L%#@g)y6M`NEoN-q@cCFp}44?LPP zRCA9%DOVNoO%Z+H+J2B#4h@rP?hcyJ*>8Mbhk|R}cH5MJCX&V|g*)YT@a`6RDQ`Rp zgC^TTNHKjA{Y0_GCn6VMApc-Qo%R!5`8M1CG(Juwi|qUAy%*{1k{ z%eKZ5|F|JV;PUJH#YY={^x6%TMq=OX>_9i!T^xAldtnR<+r|x~C1YQ^0jNR`tGNbz z^}Eyg=pB7bh<^ZcJ1j}ea9cxl{n@;H!&ap8VP)}-crt_s6%p4zm?2*^e zXzMOLGJWpfQ!h>%WHLDRX3W1?T8|~W>S!uoDYN0Q&9jO07mDl~3FkX0t9;n0!RW9# zHa#_SBJecwbTDv8{A4#_JkHj?l8Pz}YRyN2hd!rEdXFcyVkF4o^^AjLLeo!E|5kqK z5d`^tz$=pYX6(h=o_nNNk zSPA)`{T3WaMNvcpu0e^)sWM3Uizvst46zelb$#%{qIwkV6{so+TbjKr*7stYEPAZ{K%2W&^b+Us@5l0Buv>u$(OM_F`H&p-JI*@UL?FX@oH^$=MB?l(k7J4OC`bc zK*IA=o^1PpTGLgTYOaG0u?-@*ypxn%9%~$zvkk$+g)#T+uqz0BVWV~@OWYivCXasZByrK5y_i>SV*9+|Go?K0e5nnwal@Ry4>VTA<5wc}@+Lbu&(Q6)+*I2GuQD zE#q+Au!x%zzBaF!d8voFwxm+yNwseGlCiw?ekZNvl|fu-j;6kJ2A-$Yl<~8sC_;i4 z6vU=B=IP(;O;Ob@wHmAXN3>5L>+Ac-{oq4=P{tKbf4lY~tD{&)_qkJriU1G717FeW zW#Pzz{;=P$;9rY>BDw?Cw#%R$qTMT^QQ%tEuojjBHXzpiGEk-X5X;l!FbJ%RH+cXn ze)<5o4bwv;44%Pcv-{&24;K@ZzW_H1r){-ARQpiQrv{W__5006^V|Mq)jADQCjU8IOr*nwV>Bov|t;pkDx z{&}zIW9Nm2uI=U^mvjijr9IGf5r7g7mX7dXHCy{$i@AT$3KW>h53@1FGX+axDVlilv=X#Q|Dwg@O)W}b z_kNo7u#ky9rM!S)-aY{H=A}{inSEk#E(zR{{6k);3{>scwD}6D0)YL~X7#rsVO2dS z1GVmp2XPC-F)wYA$BpBP8cKBXSTXJ{zn1_t2K79_!pgjm=1H|Hw=ZNwQ4Ag%)ZZKC z+U|bdp!t5QtHxxOb?S60R`{vZOP00X&u|!HUG!!M{XHjYeO_ht>8u%CdD zSLgDJacn6(4NVM6Ln6-jklyO;6Dv)pp3ov?lU`yPbOhAHVw2J`eotX_6~1kxvX$1t zsEVUA-9gS=31V9I3G-}kjt`Na=yFt>&DISADMYn;IPbS4Ezv#@=`Y!(6r!RnO5hMz zNXRR@WlAvnA*sZW|ClIXo*&QQNBYcDF@LuKvY8RaPktxJ$M#V+-ET=JZ?Zo0>70By zs~k`~ks4->AXE}VBs>$}7Oz_0cX2*hnTzp$M~D941!nk%F|^_%Kh#KGyKR0s+ay*# zffMJ$E?MDJf=U0X*`c@LPeM9}OYxfN+e2ix{7zIJ%b9u=jSoYtvQPqEzInZD z_m8@o5ehGYvaFl4tOSMe=cd1@kj-v~Yqg63#pKiO1;s5_twE2&aL~k&lk8*gD?jjt z*ly}?_2wa$tMH6u0%yU%Dn=rS$-r0P$(og%HQUT0z;3<~Fk}(xy?Vs5?|ryqjBgWx zHSOFv1ML)qJn8A768hRUw$=HFa;B%L_4pempSV`m?)F@5F?Hz!)yK0f5c`tg-Q8WY za9)C_YsTe5wfvkRE$M$%W_(Y=J3!%L$_^Q)rVRixbp6Hy6czPFDT?z7B3KC_uO=LW zK5cJHaBrO5GD-#DR&KEmCq7BQd-ZL{s@Jt|Ax6+mCsFT0uW(q0gbkuPwNkfUwb8oI zywQkib9A-~iL>>{k$omr3vkPzg#*<>HJ%G;if-ZCLRI1O%E!I|YsC_2F$<@c54cPS zpei>m>P;kPVj)C(PiGgIi z(z58J_K#;1He$^Z$O7h*+oFO@Yg%IBERARHQG6w?nLh%BN;<*VKQw zyUj*h^n>yGoPP17JcZeu#X*d~hM|?>h2NLOJ7upP{Y>ib4=3(OVE4pTD6+aLd=Skz zb$*3)f}1#7ULC%QPs70f(}iGb3hRi$ssZk~&n}0yW`zd#-Jb$O~k~w8jPvc`n0XQe6W0%Cdc3&3)qK z`8m7E57XwfzjDxjm4D+zU(cv|KCmf>JfASfq{O5wQ2z3;N7;Qftc(#!d-BQRgDLYE zqZ4dnh#o`hcGVXedy1Rw9pG$Y)qm3@(|EaU#WJgHn4b8%WI_lZiv6|By5Ol(F_k1f ztv#;WDy}g+WnIuTT`6UTr%wHK1#<`UM1s*cQ?WR9xyAPcvnDa9id2!=r9lF;P?jlY zN6{c{?pmrMtl)UBC}w+^Rw}fzVtbID4GPtg){!~zL*mQ`Je`SnF8 ziQo#`%qwr@)P2;F;~XUEr$WiK_blYt%NkaHV%>XMSjJCvQ9~w!yO8fJ=w->+jkuc4 z0XN~YUrM5aH=ygJdi}kn0*(1`7WVYB^f{TU_253%#vh$Z2n4|qNtH;LetoNu7VWV{ z`XZBRgni9~0`%iLIM?u^*F{WG2Gg|5tT9DhTu=8?>5KDkD8An#Q)hO;vBmS|9P%=m zUw?p8co04de;BBW!V{2^W~Ul{VB%S@sEi6bsKpniG8eVaMVm)Yw%!YWcrT$|Jo01j zbzT7)hCHVpiberWw72L{Zh>lK8{*K#QD~Hcwq@Ikc;g;?oA=vHYgVP6ocvQ9Of|}{ z!tfN5sUe|^?%Vh#E?Q4FcPie)KzLBceKZ_*^6?)fe_zZyaO&y+c8ODi+TQ7|r2LZ{ zbV!GFsM6-S%yU8G1;SKSav90vC6h^m=fbFf9d!HG)IizQ9AOyWuF zY<|BKhb)c8A}v#i+RzxNlx#sykvoH0V+n&+&C@MF>!B(65T;H3>f6%TaZOE9I6rnyS9vndl!(XVJH_fIr>gEXZIM4h;xMH3$-~)R zwo-CEs;GwzR091(e@rv!$mEw0|MO@<2v1A~Ur-ss9#}N^7lQLQV&gj%*1;P|lu)?z zMhT?A>Q7_TgI{FQVHN1Muhj8x;3Q_Jeg7%w`NS;aLqTeFj!qPDEE_{Xg#oGB!bt&~ zvADInajlgV8B{e8fyY08FO|(8c5`P{h9M7N>?k)B%Rl`;nf;hr-OrEy?55lNB8ATX zRbEqDR?dTuB2cy^5s3sHssMg~Tjxd)W#pA1spV8BikPYg^`Jh&dtNnq9Or*;yaDPV zH}LhN^Ot9`;xOKJ9h06$aWTIPhKWk83eO8M=Jd9HMw15Q!a#xMBljU{ZJbHCXTIo7 z>d<@+2cjE()D8LG>_?oD_T3tnpVxFU!^}AmNO8%pC0}9l7HX4l#>Y366+5z>Sl4o! zM(#MSv99j1+w5@o`VMt+(fTqF+pMgV6m$b5>up+M~X zQ8Onj_ubq8{sg%@U~)CSuaDPrE+w#GHcX~r&be2Zc^&-3|Jnf$#n~Jzqw(=&E>W1Om zs3{L0^~?klQDa^RS*E!gX}SvtR}ndzS?RIiSukE6SUeLfKMG`i-vk#m>^{rh^uc+_ zUP&8DR{AQO$%r6G6kWO_9?I(GSYq?<>*C*kVnz2gm!-Nn+2rE0+sELOd|Jd6N&Dz{ z+8UN@D&|VsJ(VB|6moho<28ps8~DPLan}Mv>T_v%!r(>fe%9w|vsxTQ$kTO8^+Av2 zz|bHV5hA)&ifl4j^#Hl2>QdfRP2Wo^Z{fhCQ2s6M=-G9Eqw9WXbu}UskL_+IA%TW! zY`d;^qn?9IP<*1Mz?w~Gn04nPs_pOMiz=n2gUoFwCmEj|MbEIQ3Q5Y2hqb2`Z*)Sw*>B6xKKf*49#PyO z=?qy8NtSESrT&Q*pxk-&IeYynB5}z&$(ghJl^rf6C%<7uFkbOhqhEC16WJP2?ojh} zc<-O_d8w*TxIC9P3@^k<^(x^g7hKTnn8=Ad-K@uqHmT_vqf#{Chj5IbYG3mGVIH1C@k_flgZE^YaPIeQLah0>0&_$W z8Gi6&Y;FbQNTRZK2|pT8O~5OZAD^Xr6r;CVbIP|Jrua0Rm+8Hk_3MSFPy!qL?Wpoz zVkYj$Qap9!(n#U;(|dtR@k6btK^?@O7z}hu+bSs5V>HJF#gA9?q@h((Rah{Oi6q(D(*)zqW~Rdcw6v_RS6a_2B7 zG;7mok!)m+S_)0YC=-p+p`~FiPRV9tENPVE+Yn{Utbg%`|NRO7Uq4lN!&>ogR$i3; z4-W8u`5*(lw8kvgf4S>_0F8gR0UZ!6I~bdF>0N!$pJntv-unBOMwC=N`VIa6NiO~k zQ229c6-%(YXce=={Acg#|NrwjLiRIQIV|o_2CmnCZ;*%AoKO# zSNPZpL0-F7OsO1m^dE`QZ%V{pH|QIQ?)&U>-cx`dn*#$2igUt>1Pst)fNEJP75KT#JW<=l=Od~y?;%D6$X56Zf;yc z!enx`#)m(bI&~LJV=3}@>C^w;*VhK$F@pkw<^b`m+UbzV=fCQDgzzIU@Nonw7i#wB z-+tZO?`ayxfoRn|PoXY`L9B`6q&xn9E}upe+&{t{?J7#3WqJU34KfA>1{?n6`v71c z0xh=;z$@_CqY6Pl;CX=oEOD!Mj&17~zm$QFpmk@iAWXzQXZXZNCja-_MY$uIP~DJFlzLxY$@qpaYkuuAxyk ztf*7|=UJrid)){ZA!YfGMI!4cx=VP-9_q$RsMkS+u^|8IiN1}e|$pDnr2&<^1SWh3rqsE zKZ1xm`v~UR2vbn(hlxlX-K=8y*nb0^3XT_7fF1hdc)Pefv8br1pbAiYqexzki-DH% z_J%9H&t&G5o4}Nm4VcKjS!rXp>h0}y1ar|`c?M`rjS_k-Zj~esJ=jNp>Vs5G=e(pv z0tU>b@pR6H^x4h2(9)trCb56r{T)=@9lsfR z9!ixqeGmGx9)Cv}RwCcWwsSH-m<1ck>K<2O_iNrn?|>d^#EuFz@WjYObO3IQIp9ig znf1rWd4UMJ8#p#+(m(eq$rFPl7Daks3>OPtabLzS(hoGCw>RnS^W8-5{h^K zw`G_(*H22ADkI`FmY6Q^LG}c%;V%LlFgc~X{E;x@{(`9h6Aq?mXnwjo8<(E`{fLw7 zh}7r$u&fo(#57!Bfch&^=Lr=yB?<3`_n*jg0cy3vUxxA7&wE0!kAU#uAkeL(L_|b9 zg6WVsQxmZO<9m|(5a{uj5vSw6daUM`-`2J}pj2BaDJhslshi+=`uF$;7=5kOF$oE@ zJ*8ZKVwCTcujmi97dv08Pd@AQ98=#IBTnov7^)a2m$02_TO_pa!=ZIH= z@D-FQv*zaH^n)TSJ;3v7-mUzlAGDqJ*fy0qTbT`;IGmy($9U_lQxx?FdjT1NC5mBX zJHYQU*qegMf`rf?z2ohoum@(0$gUY*kq=W~BFIfJR!thri$&S3H^ ztQ_fq2%v&iDtU7CBX3Pch*`7j!3(vgl_W@+ZH1=aB(3OtYtGn%g>mmxB*@ATlx<^yg7 zKY>R>i+@GqiXXb((|xLYlb?a7FyVzLju->1Jh(~y?mM8ekWv;kxF7Zs2)Mc!aGn5C z4WIKHdWC*}-A)kpmM4d5>%oq}pPSeo^!%xUg7YAY57sB7No6h@nzrL}1^4gHDXt#L5v7bQ}n5FCu!`(?KkK}G{^{>e|6>i)A;6BbT& zDB&CK^a%9L+qEyEdD!Xy?k;((2-_eXMw=t&K-(vriS#NN7R<{!x20u)G2asrqMA%! ze(mK$^H_bp&NjWd{j#5QLI|+Z-hd+HC_y9%rK(JDL>AlgnF?bZv_L9%dyo1_4P8_O z==iy`K3C9{fE^${?bT#wcab{82D_6i1pX8iN-TMV9F?K$$4kSeIZkoHp+`>_p35!* ze6)S6VJv^GJ`{++J=gc{?(RDcn;U7=bw)sSfP^!{lW_>f#{4}sml7*L^3%{KQg`Ur zzX6^(1GuM2hMAHW%8EmZ*QsBDnV(B0?A9AqI%qR_l#U=ztU)eZD-5CJ^z# z2-)2u@w(eHdldG_#}3HC?%`1tXK5ihoSe+U>M&De@I6V*Amjl}T5m4<713|Y?d=C; zoKCR>x2N7sLNsei`72!#fgz4Q=j-veV>AojXJ zrr`Y^u&KSc+$mqw*Sj)?^?{pNSV#-Qtb_&6SNs)25m5t+MfBjZFAsy{kW36$GvElk z8Q$B|hP)ag-p&Ita>6zqDM4L$k$hH0%KZdrGo0)0odXrTC;B{JOkjk=UNR8CP>7`4 z0hhAygZkE*+#{quBh#L7vXfy&k&6l*kayhwsQN{7rweZV3wd%4JvpT zA|9s7@a)rTnvpE!xcD&fAg;iG9EJx0*$-1vX`jAF!jy@nG-ryV3b+;;@=0HA>r2_| zY2ET%9@|=~9)sCePgS3Rhx0^#|7woF&~r7a?)fa2gw;9V!{Z3^d+men`mRkV$0L-O z%(xxvxteEFP0lvd?X(xvhp9`NK|D^~L71QA<3pzt4|a&7cS|7A>!h0Ve;ZedBK&R1 zNkN1nQz9EwT_7CNVL-!S)NyBP^Cf5%CHBL-%ZJaTUcqVlp`lZ=B_FWK?M6}`aSOhN zRB%`jsI>tGjr6?&Fx|S-W%`)W6oTj#fJRSz#bdX$&>tv;B6g&+YTMiKjK$`2UL-m? zj8i+?6N}+2p$ow!AW+hI1rs+?|Alm+t@37Uo(mhFVpRbLKi@9 zZN8#eDufoPR{}P7N8lNV)W}YfJnh#0s{NbH~M3PH18Yex!JCoi=KC)vo&;R z;vXhdjR~E-MMs>eGMA%%iN9os@z6Z*Ba&e6fj5QV6wH^tWuQQSIzxtNv;XiOkcgze z?5x+RwchhwDU>>Aw@Wd8O8RyPXq7ZC7-_Gjf0@tK#FlY}UpVHFeD}_QeUm%#yxslS zqCRvyFXYTEFT?X_UW z*v$t;wDQbn9*O=zF+5h|6!mD77@gUG!NvCW!5Q7=JCskdqnkje|MNt6*lz#=yGYo&a_iTdToXC>H;YPWme=&{MSlVXWw0Jl(mhhF^C>*KND0F4ZS z^O99Dw?W4I21s(r`dp6<@w!vMxIBZIaJ1n5L5exmz5CxTKTyy6C^D?mFCQ#=0YPfr z&v^=%SW<}qwHRs5eOmo$%j1)GuJa5C?u0Z|%0Y>4kLj?o=F zJB9#eBm-(9fBp?0BNy))y{8y5oCQ71)fcGL$pznMD!bk9QofG0p<<5cG#2b5eAxAV zka!KB%oO7VCvPJ3emFIm8Mno-J;tG8$8o5#)Y5yV7R(gmM&}(3O_94EAV(E-n|zho zg8&GW#GQ0s=ofyA7c=X_Mi0VMaM0xn=fdErsx1Ixzmep|>d zZ`x*R20e0%D=qBNF^^4pP+aAa)`?cyfq8_Ub{9Mqud$mcCCT_G$WaGKGX;ZCw&isw zhM7T1fAyWmuof4Sp?d?7P9laUwhiY?JV%Yl^?^S+5%G5qI`!E5j)-t=TOi3-qz*6` zM{y0e#94()S>UpsU~m<35Sl2{pNG-z+ORHIR#O6#dp6Ko@D3q+AKwS3*&l-TFFrfr zw)~-Z#&u!z5Ir~EW1-Pn85ENMmhETb?|jpeySS!>Gc|>SQ8eY(C>x5>QMfHn9gM^2IGQJ2}T5>@@;AXW?!XH!d*2 z8x%l;@a=PXw3y#^&AYnr*U~alLrG!j8kr#MRt4X=D{$QllJ_G%PG$`vBzwa6;Sf%@ zP_4v-5APToD+upUzr`ZMa6{s-ALjC}(S8GIYv{I(K8vofUI_o{^X*ga;!Qf7r=WV+ebxtduC`;n2nV7c zfJpJTG9JMw2=8G=*Ez-kX|E+>v{)H_kE5hP4^vBN3W>i85;j>@y&*)4 z*T@Tx04BO&&M$~`?dh6yV=zH@1<-Dd<&ZXpY65N9NgJRgAzy{bhq+E3rHH$kieqFG ze8?daEcuF_IS-B?BcYDq(49VC<^yxzj6p*8k0W}yyF8Z$3aA}6b&``z135c&Zik~?Z+sQ=CPllU^h6dOKVEGp^U@2 znAIPdLt+S9=pVkj?MA0z@C$Sasd`O7?|um>B-H8?U`mB8J&pI$m`U6*3;trplykzB zQ=csbby4|blBZ#Z66wm*k98Xq9Dp#-LxjLC?9=LWbFq`G*`>GU9E_dkI{KE6O_03{ zVxZ;r!x*JmPwtRqX^TpbhHVwDkP!fuPrkg4vW>$nqSCtgk zoV1&|pdzYah%&UnepNrl}jGT-Suq*tg*(h@l z_~oMy-Khz3c*NB{3JcpDVo;{I0M(i1tZYvUl%151<9%6SHUBXD{?{^iDk^FM#d#~~ zEcQEFbcIknC*(`-=a#Y(Zecx`+WnLpegih#QRaY*htEFsph^T#fW)x$IIpWY1a6;u zl(!pICqxnE5D$DPK8I?txBgIlfE^rT5%05G+4q)*ppR+`kBq(&L+rJ^cfg$-?*JNc ztTp|?*COz68hP?WXTZ8bl^$i~FfbV9MvQ`@9&b%`{D4aAwMh(FG~S#HLw%)bAOAj) zqY&xBHvbss9rfC)i+R=Fowx^HAI{w!1kBUoezx843LN9Zu1?s#_z z7?_Jjf_HZUNQAcr;7K}=o_Cv%RXzXusi8A&!|iB1@g$XM*Kqw5M` z?B1a3*Kx`T0;C=7;2Ft~he(5#BdME$d0}{rI7|f3;P&y5&OrgsVkz!KV8v2Qv7@cS1|FAl*cp9P=j0 z^n`l9%d86EECH8Mp~Jf62){u~orHVQe-N~WkA2#47YpNL7o4zMGx5b$sk)BZU`N60 zTu9gbY5rBXXn{T6G)~hX>_nW8;bW*>G$FOcBe<7f1NKr5J%gs+2^Hn-Vm`%P`}oybq6cD)!a>kVj-SQe+~_w z3Gc8%Fpt%+ZNWWorPg-_|3$H8xyusK(q~3bf&GEP?n7RUR~T6LqsA)V*T$|>M_jxW z#rRN-1^+-?tf4YpIRxb%NS|Zzm?tyHT*|)>Cx~$PSn_q4 z8H$FRW&#t`I(pI+gkF?ddg>M{VqK{H)l6?gmcoBs z_1`1->&IPO_>CeOkrg2OU<;}*S2>vc1;1{zV~L)k(t4kJ8vFMpsm6DJ!n|tD)^^?B z@7lNrU#e3(NQ$YjrUCqECWS%4f@UwP>31Z6go0s`QLj<_6+%HG==&O}qYAF52=CW| z{d;)+`mz56w)swHiaYkze=x~7K`oE6SBLom0 zo`FuY+BjOdFR71kNDMko^M#CISbMmjG>i1Rre!=*}==)r)M%{C50Z>#@ zE8E|$_&rP?U{k^?@cn-o$3rM8fC-Uqja6)|)yFO-%`%diY^gtY6$0B{UOt|q`d<&m zJ$UoM_{uPR=DFb%?sTh!D1GSf384r?-H=;tE8h8irT_6lTjoxs^<)wB6reVi#-&BF zzowF67WP=pj#XUJ|MxHU2o;T`l6npbP#)i`_#=MbZWSa(D}lvQ_2$3MDa6-H{+*~V ze4X>ol-B|pslo5>tH%bPn;%V{`yUa2FQx+&{dSL_*htF1=Y<0P8|AyV&~I6}RsV5g zzkl?A^uM8x-W5$ z9c-Ak7)hN4my(`$32et^0EU`qu?PsiB`)9RP61SquU*bV1yM8t9DA3uMb~+-Ozcj! zC#$6+A83PPa^%T?5y+I&^Z`k~%rIK`(rSTiBtvK(*0+8I4y0>|3Y+jZmnYQ#0b^kD z`{B6I=GD9|4DitcXN#BJ<5?1=pf!YOQUB`SHVe@~*dpS}*CECCjli~=E=vbR45!DS zPS11jSFQ{ywa*%%yNudZInYAYUeMgz5drtn05<6{sPM%+CAHF6%fG$@!VG#smm!X>Mc&VOrqX6TUSRd+7X{K9N{+~s~5+0sYv3)5O5H)oGx z_ubH`qXCca-Q-(2jBiqS+|(RyZ-Fn`E)W2y1Gm~wr;uv)gv22LNRE5}!-!vd3G{Mj zfb69i@KC7);qD1*J|@*2UvQ|I1KK3E{V|lMp!IwnG~QUjiXe*sDz0-_|DcEU4WOVE zCcR;^;IzIbtk&2jLA2WeMt@(jA7ihr?**v6zZ`q-Euk^JzoQU1y=#<2>YUfrs7(HQ z*OH`|L}jr2I}PojR0apE<{zKr^b5g7&HyiibgN#94IqC&Y`OooJ|(3zbusmLG+c)U zzEIp~EopytIgMww;qlG)l`bj$`gX&{p1fiA<+4)fSgViqmtq&^$ncWI3x$QNHRSu% z;Yf=nA|-m(_*eoTLRH-?NA~zeqnI3$(|yEQuUsy~iEmcTik+?*wf&AJH4SUchZ1Me z*;|Y@2NRr}$pFgs7!;sw=4uKfA3Pcy<=-h0iaG%>d?OdoeJGwR)pd>j4qziO_<$ST zM#tP*+xaPXyXsQaT-hn$YqA4q>kdNc4j+g*^&JIcXw zZY<84j5^_)FSm;qSF8fj@OM*f$|`%q3Gx}8)+2f5U@qzKo=O2MtyZULrss zLXTHc+)N)t3Lw~UdmQ2h%$F9LU=pLXFg$+wJ!a>tS{CpW=pbxsls!|M6T!hL`sy`V z)i>*>?}vX1PKq|CYmHMCbGHHS-b5E!dBcIrrnD zI#Lf?+qk^-H1$~LKs=%RP0u$_IIn?~ldtj&$Cy_~0W@t!VBnUu2rN816?E?Vh9KM% zJ~yHs=D;=fTb_oY+%WN5$}BW2JHawP>8}HzM~9*YZH%@{{RqQxzx9m2T(muQ4AJ@F zi-nm753N>O8UTsGvVE4+1BjskoHc0{9F4!XAp3v-IerSF@jQxcsA$*OPax=F0d)QI z=M@(LWaB(7X#DN+^t(;?eOAZ$1KDeET>TD0ZY|))G*%>UI2!X=ft{)vJYQT5Oxs*! zQGzy*FN9*rV@%Sw~SFdF#!=3|8CS{5NCIvzJ?>VK;=H3CFXudB*_odPa;U* zhbb&LoVo%~+d??McE3aO$GYw?ulU+aVED2+-;1*DaGks}3@#o9Sz#WUEuguC|kq!e9@P`PJQ-aM--FF2aTVN9`l1I?emqnQ8LvxU-ii}bn9$u zPtvOB#xVT{Uv3msO9c;)N$tvTA>_K&S0TJ$g$~+JGu39l!rOQ-QGtMQsIiv0eExKqy64$ zKFGR|kVPDrG;ZFe0cD#{?vqMDNNa5~hpPS=DD#q%(`iz+cmgs_8Ro(kO7x&4bA~JS zja%Nv?ASa|LD~rri5htHRAy)efla*dC?nKh2?bv}M+Vz<@zVL{qovxBtu;XA z8L%2ElbH$NGfhNLb0Nk>P3{NXsjhr3-X1hAp?XR`(sqP!=4G5Oe}0Aj`y$2eC$M>6 z_g5}J-+}egdxbkDV7xm5s3)ZkOMmGTK>f%mm*HwPU#I(m*c=j61TFsJm}yU9cg?%iCyYAFX;DTcsDiZ58sVD^ z3hX1SeOG<*>K1(_!}3zQCLCy3a0btC?+Rfk8eMoqOSLy9%JwDjPGUPiU<}^6%KW^(SgiUP3Iv=FE-C7X z{P5q1Lm~<7w><9KZAnI0qLyjyKl2ZM$j5Y;DoxRe9{Q9~Ua<3ELApcyV1>}_(P66+ zuXu#m4d~9Dg`ojm1~{KEI1yu!vk+A7_@bH;?_6^N38?)Z%nVCjI{!-)t)DX?&r=>D z(9vyB1Q`p8P~uUS7=g6+Oc zq$?U-q~XZZ6&%VR;J!%?=n0?-c$ksz_9aKJL8@rk;{zq(MNG~@{sB@EAR@ToXPv=h zt8jg^eET5Na7zv_3}Zb+X6%@rMN#DD<=H~tF?H7ico8z|nm&&t$LBtt+Z&DeVi=UM zBo!eVKk#E8#q~DV9ai}>Q_)BZ99}QtRdK73y2V8SY!A~CMO!#@% z#rKt6$apWyQ!e^i-&_@9Io&rPFnBfNwX3UK1D~ZbSb&NbiHQ;vr zfyuk{P%0F$!wCCMF(uIq=)vR8sdB^p?Oxn@VlwWZ7yhP>rMOMy;Is`i6zn_TvN(F& zqA5@gNjjX6md}1_`&wd4QueS-QQ9lB#kvIFOB_X{>v6++;*xvoHjXf_)b3Tl(^3a1 zY#ARGu6ZN`@ElXK#JdJZ3p{Qa5)7;O`;S__V>=}Sk#;`8FP}_9l$Hv3GPJ&qF<)`a zqA77?AiHPy!>!SuxS0x=;Lk&ZvFZH#HuzUkW`bL#e@H5?r4UtyZCUN5cdlPHx#uof zP1h|)Q4l?x!+zoE_Dc&OfH#D2C$rh#cI}e>IkUKS&d$T7#?wBusT365_Dq96*)k}* zP&@#YfRFuFu%Z{WD9fu`>Xg~hp0y_(M_;;+&c!I(m)g0A6K9(-QYrQ%xh*!hj3$6_ zrBE1!L1j9e>UP(8*1l!_P!o`;n@_d?U|E;lV-_ z0p*7~!ahp}ZAaMwXGN5TbS4k7z8#=YPq5p5kVD^h5=?fxXCy$zK5LEwK^a^+SXCS9;>;nA*f2`b<6 zP9&4a!FaH6px(7Y=xw-u5nK0SwyM`Qe?biSdxlmA7m^LT#$kq~M1VNe9SR-Fi6HVM zN39Z@wC^>H*Rup-nC}&qAWJy4Zd-HHxGhLG{Qr7*eit1qP-uQmq^7*LG6Z;zp4{u% z&Vb(4=mQoM9&i*xJ?RS<9DcRg=Xp+EErgEGw1EW8#`IJr5~;xsy?&?i^-lBsWatpf z+Di1{K_~nYw-ayj-Pin{gvmx;-}Fz#)f!wi-9}N7;APH7OZ2;jIc(An9tC*7in!qU zJ(ykF-@T-7nm3=^nd`9OKcCz?36XGd7a>va62AF1KYpp8%QJt*oH+B;Jlbi;I=Fw@mSwv$d*Y)|^B zqj~q8y5Mowc;ha%l8k(=bCP8?sY}rnr;MA=z8>0c;j`Pdv~Uo{EI$J&?VixB5pInn z;pZ<_eKPF9E0s4~CivgQb7z#!x5UdPcrC%6;Nm(id3?w zINZ_t0`WitY66eb7kQrZ*OqwP^0R%!cg3#1mTOg-JWyh4Uu>^RpUqztnOXL^^)jUC zF88hoKEL%oNN~AuyKOV+y3g4V&Uu_9s2{)qiXH@uMoH}XnqbvU&~ofgXO?^mVbdtv zSe^Ru7+mht-Le1y3#cU=7Rv zr<*YrP^1fNJw7>lF3v_NnAu-BaE!?J`dX5(E!@4$2tu9}wv`MZw<@i-CB?9QecaO58s$MmiNYx^$iXPpYt26Z&yL ze-DEv4y{_T{P|;LufqziFJK!bdXo)036!8@lD~LIa-=Xb*9)Y0~ z$&4^iV{72OqH+H)zYRFe&gR)SFyfre-3!&^Rr&N9M$bBznj6zn`Y}XXOM7^+$l0mk z8go$!D~!jnpVz?o-qjy6oNONBFNm>P{m%dDnKszRoKc1i1g9Urxaj**uJt_W-i_g2 zfGF-`n6fAsbjklay!*{sJpcoZF!BUuH1eF;vuK^dL3MO;t;bGsL zC`BRjTG=WD3Ye1BS7nkkz1>Lcw3&9nZ>2FAWD{W zgGPdHII;pQ5d-MjlK9HVhqs6VEiv2EZ`?HwaUHeDggqP3|6hCG9Z%)|{x6{;;+$k< zk7ybxviE2hk&sPB*@R;iIXFgWCo9sBy|=8)LX^E{na394cip|;)w}oi^ZkAwzsK+2 zU-hUvjx+B2bziURx}M`23}gt{vyVm-or2OY1WqLHK|)-l=T8#zwb$C|#V4$no zaZX;E0scznn9A&6zRm5WFr}TZ^aEm@MkV?cfwWuWOZaDs))H}bw^?C=G?emKX0#`E zP9Asg^z}=D#X|tE;Z*Cu2)BHV*-N? zQU(k7ve)EQeDf!tq#Z4<%VGB}>QFl~OhPXu-q#zV;VY3-#l;|6p}l{7vc)dfCfc)J zwU&FAgg(X_<8e(nk*>L!O{k|xEop!tW-5zPt*Ik0>j!^&b@F#73UFju_LlUZnf~@2 z&F62YUH}Amn}mQiyDT`MaED1mEr(v{X%tJt1#@R@!RV-6tn;504j*QV7~H|WBDP#! ztd41wq?C#bx?M?Q`P@_fi)^mh%OgsLAj-Jm|Dv4IUzt)@0$he}KJ>ES;oB{9(|Es* zkO^)*z*>PX1bUD~C*Q{@U8T4+f9&cry2`Mq?g2t1r|IcgK>lE_Gx6M6}!Z zn;sM8*~K>@JXroMpU$GA&Y3J&nS>{<7M5JBoPCoGXRFID@(_2+5=HQqi!**#UJkyB zQo}|lG^vkEo?kDISdJS0<~#2g-_HA;0f5%`BrZCnO=vP|ho>ra%B?T9j7%uz=&waB zV(l+VY3g&$(m1flu~w1Z58@oZZYI9wo}Y68RSQh#gDvL=e#9Ioly9Mu@p~+jR=){f zT|S*M^@{aY%aSP*m8$9&D+>3kEQ`uMXQq>ZF9F!izbG^)QLdT5y zZ6j*<28zOU9FoLFXYU{FHCJ7)C#OVJANd7_b`_9Vw#1b=Fl9!B^JQIU^XoKKWM?EF z`dIVc(vn8V|Kz;|b5Cf5*s~w*xuAKok54bVX3LSML6}2l|7kL9@`5TE&D>qL6{Z)* z88j-+hq67Y+{IGGe3FUDsj-E~lC4Lb$=XXJb!p|RHi@$sWU``Ll*v9n`ro3&61@uh zQ%>rntg7LNOo_><@q2!da!Jw^R<)wW5Y*12`Gx0CK&e}iUHje9fL-s?kDXfyk=eVS z-J9Z8R+!%Fk8-2yTTd<;mV0~b2peYLuP#if>jaeSr9XP9-s2ADc7VV!+zk(C;u#!1 z{-{A3bE=15{S7r)n}(JSh3}*%bEn_xtNrMyB4gYHj}dY`@;Z?*p0a{ayTe z;xBLhk)r&Gss4KOm^aj+&fB7z6n|7D{}B&nzlLNvJz6Q@|NAq`Gy|f2bTXbRPvei) z$}a@;p9l94d_PGtZ|ceKlkw{v{_EiXzu~`6$p1gXKbQ3X>ynU}ApgELcq`v?<@zT4 zD`XsX{l5W?Q2@Uy`X*}s-Y+8!N$Aq_?0sHIU31;Y%XMM3w(uW3XtOid^=QJe#pipm z;hD@ku>+Hy)2B@Fc0I+SAKV5s)JrB=Gxh6Md(HKMKb>V3&<~SmFPFI4*>q(ld`{M? zLsSa-(C52+DSp-!q5Qi6z5)P@S9a5?|1=Rf#=5UCOI$hTl?uX-&IY=0i5>Wp>&Usj zbWWJ4zH>03>DFDQPTgx@ceNwlsueVe2vbUw{j@mr!v&DaW zB4(1sL&_qbD1K+3_1{P?JHVh|*7EAchhkM?9S)`xIy<)Vpz>2@_I_=spAt7+@hQXV zN*y_Mx6k7NTiPaO^D^Fu+-W7ZytD39`&=Ds!XBr#q_23aHQ5}ZI!<>bUYi1Y5kV~7 z=K8*p8KzuHHglP5&I1L=naZgbkBzbcd6Gz>Do~buY<#mQ&%VEBsx#wlop728D=}c_ z*?<5QQX$5bKcGyI&onG90c;2=#W=-DgvzCx?UW$#u)!Al; zk$n2WLrR9HzR+!&j%%i1y9Dj~BT^o98?HRnuO!~=Z5QG#cGdgl03Zh6GF#%MBIj{~ z&(O`x_C7Sd94423;`&mRwbB`w3{#Sg2+raf$XYSK+HA-^r+`{YKqqgsZv1~nTv4w?|lxN%B#s{P0 zjqhMyQmQ`%>6k7Mo%-EYtDmRX_2#E71o^m8L62u+BEm0}f{gtj|0|Kj>=vZE<`R z`1jo)h_-g{K){v4RW-A;pw{Xm18IO>U;6YGPlxd51b) zU##XUTW-@R@m!m;LkI$GFU~`Kx3j(Jz$EIN1j+@g=9Da8TXm%B33c+8zF99F(gU8# zv1#D`Bg#~a`f(14uRGxO_eJU$WVyMBX5^s-OT2dYu6Tf(TkT6`g?SH*oc#tWJcJno zj(-pNmM2el8kmFR36G7@o!tVd$Sg9yIsWY1C6M#?i9WYun6v{ylJKou%nqgE1{gS@!bB~UH?FrU7GD&h1NC4HWlLB0INvc`tp}KZv zgAfG=dDP=<5fSa0PWl39bwgF1RM+MU@t6LY8Vv1_D{PbUO8kx^XM%KZ|pftpJ>rsn2PNx|ntrc$^HW70LW@J*|*j;aLwRL_kF&=sN z3!1=}s?if9>S9W2*`Sa9j8;Qi)Qg;Q8d30q0Gzlg&eeHh1zu`aO=0Aq{DYBVrLKie z4!PE+r)}iwUf7|m@tL}%(^x3qS3z&i7|*6aySU2UVdl*W7t93VWX0lZPP2Z91KsnQ z-jK^V;~((Ua{R4rr&K~KXCLQnlv#9((+cRu#qKiBpOv!0ODJ`WH2y20A# z(4B3eR$*4g%zX`FuB?+KA$V)v%z5SePypr zI%5rX&T4ova<7o{h1F0u!^{(xqYFjc!Aifsz2RLzX8lU=vnc$#k~!E#aEXn-LJ?l( zIvVIq*JG?!G=HXl?0fdJuYLLpsB&;j)6X%D^^ydj%I}L=KuFj8t(`0#&k9N}vTKZo zRcjbt*PZt*z0BbM1gj;e5r&b9tW=SsI9Xx*OlFq|!27rYa+@@jQ_+G79vysNh2KwyJ|18`QxjMBK9#&2?4r(!`km;zRz^$^m}bJZIPg9 z2;P-wiG_0H?~TdbrbJH>-%{8RTqV z&K^4VAoISuRJYXDvX;)gBE8|*M&0CnjWF!Dp&~?QS-iy=Y@XFKO~o+ECV^Q+ClnbE zy{Hx}+%XBZtqVQbw=VZ!$tX6n+NQzl7{{f`sX!*T!COV;-%n5UqNf?~ns@@< z?vuZEx(;nAt{gAt6LCFrXdJHrbP@rRsQ zMnwa=LLG6>Zh$pKP$>nCXdpk$RmDO%33I}n+_PfXhYY(UNh}qZYG8T;O#<1)C=KuB zeIFm^vzsVpzt4TV6ev(vw5-%ydMF!W@Y-4+@Njs?(iHpgkHKTY$&8uvLL}`L_oZiV z>7hU`Acyfb!Bx?c0ea_^E`aeJmION%)tJ=~mVU&@3BOdX2)sUzPilfiWUCE0{0|pz#JRWSrnwMab!)`6Y8flcso) zspZ}M%rqIn&pwiY=z-wBJ}f!X$8`lasm)2Pk?ZrC3+|UrQ_J)$g>-Yd;o*x4_UsCe zz{yjLKNbeU94hS<9NZ%vF-+Q!6Yz>_KxvGnO8x^y1D;yyIQwkHv0&kKwCk{|#mh3B zHg~G&sn7yRuow}qLU$?>#0YEqZb?yz9iHVTnqx9b4RNQO8e))j3PHaF-f3{hiGsL3 zn=zhh|1_WsUIwT5NmIJMBNFb91|NMi&%Tv9&1n>k`Whnhe#NgfSh*Ke0&UCv1%m5S zqSMVo2!Qd4$Gsl3a?^$78 zTQ}K-FBi@9)z0Wyeu19qr+pKalUbJvQ22@gu73kENumTy(9B}rnb$a z`9Cok$Q@rDiH>!6BHH3B>OVFXv{-xGL(b|heLa(Zo~$@*(6LWoS4?TWUS)9CpUfN` z=Fu^9w23k$}P>vYiVAacl3z&6Ri+r9}PJb~- zMy8ytijj=;vBrz92D+Ihew#6+aMQSbx~N=KW;NGXG;RlUOtnk3&qLoL$-}tXNYq#G ziCKErXH&XbMeH9$&4G$QrXQtEmM)|=cq|Sxkvjy@^9&dS+eWw!bjJ(d+oZ~1x7}Qw zt@YXMARcFf!4*27Z?`f{exguZNI#KI9xi)Wk?lJA?j3?JPU6m0tU6{j-0E7o-us|y zVV9)54VA(fjg;3nv36BCw8PCXI9P00gm_p#3X5*Ku@kPS-1|Fl$&gf$&(N34%_B_@ zXdPp}QC_&G5ZxUQTGgl~F1fb(7;7AU(c@rZUIeZK>}p(Zap%{n7|eApocj{pcRg63 zKFvp~M3KFK=E>T$ddCd~`eQnajy9g2KAUD=zZ;6COmxRsP#APB&K;Dnb5q*wwc#JU z+En~G-=g;qv}N_m8qmJPM6B=7*8&aCN;>>$? zxxt*FYj1dNu(l{;k8*h zwDD_Ut+k@?yWIk*kIz`g0<}6L&N^OXF9#Wy@x{V-HvBExxG4pO(WP)@stcv3ZM#}m z96r6i$aj^?RI0>vdP44|CeOesb~1KUs3F8kcWxhcT>?aU304Xck{%uMk)z#oFY)}9 z4Hp)|{nl6~ajn5PO70s+MGH9>7PkV$*R;|x%_r7!m+{(+qA#W0ayzkhBc)C)lO;r> zJ)__2rd~;3E}f2ZF23b;#gq1D*#~=Dq}9W8>yU)DUJojv;GkRbP=Mapv;t4xQ|&J+agEoi=o~Ex|po z*ioZ$x828Qo&B37(*>EvJL?~=FWX=DSQ^V~dv~r&NMt2{YjLJbROx-7)#@#nd4pu? z_8RvzY$%C@3JtQaHfZ!#)7M)p0(VBt;Ybx;&_s1R7Gb>6TC^?!o6yz&BV|?23GdrP zgCf8tbg`>g@-sL>DO>>M^ghSY+0Q^w<=UZDiluaODc!^7-RkkF&#l*PuB4H+^=;B2 znZxzlTbm`)B%0|*N-IjB7)_U|E3scd$z7=I4IUl(T7zRvw{ZAW>BT>>SUS9C{Rqvx z*u+yy=hgsvqc0?9q=F=#W3xgGG*Pv9GjFP|R-R#2VhSRqp4jaKbwqMC?l$V8yv;6g z^9;}JW=Paycz6v7*sPusD64wY3I?V~BysZ1G_27BD2h4{FhYnQZSWa^`Y8WcdSMl9 zFcS5Zzc9gc@`EQjob-{ zpSvLqK5m)o>99p$-O)82+^K;AyI$d!?$1mrWD9|%b2*H`iOIA@Lrduzik?2i_*c@&ih zvMcA^XQWEWExMY+jL0|`WH^n9hqc!in%HGqQCihRU!jljm5iE!*+Ql|DBP4sGT|8m zyNSjklDG@KW-LrFvh=!~a{0qPI#PKh(um>5-zrtZ$;cisTp&M~^Ad)}N^OGOQlG7! z^In11Bl7GUZUPifHGJN`?e-N@)|ft~~bubaOlC7IwEgyH!M*_V3dTb}dJ_RLIa)aR}KZhx(;jQxeWRi~UqdM9Im$`}j?CnEAcORbKp& z=lxDn3hZgpPD_4}hNb@UQ9jk{}lZ+bV(iff}nNR^W=rR>wYrTwmo8yDKx zYV3MOmU>7dqUwCcP6eGG0wgkOylo8jz5VLFwN%^>VBmfZ3+FW8=Q~g&+foQ>p`f4mc(3U z99T)<464PLM(+MdVopSs6&SORMcnPi?j&3{BvIjab^Kz;-%oMJ93ZBVUKZs$+d|It zPG*lk$MH>X^77cP9u|&|GPx<$1lkKh`JY}k<~Y<<=_U~RNcNcJcP^A5MU*UeRb?Nr zr1@$n&6vJXqQS7fIdatZBueMKTi~9YOT4O24>(=s+nt*mT*)8)j-8)8t2-$3H02dV z^NMe#Y`C{z62-)kjS7fWD?&}GFK%(S^f zc|6y%p|~Q6uuj~wwOqHh@?!1bB;H!?pzDIf-Pan5-*jhRq(2+F@a@@0Hl9|69EJQk z@%e?h(;pR%55B~9(zV2XB)MU%ynf8}rF*;y3tUIX9hIiw+#{^hDk~dMw{2p3eI)xNE|^;n-67>T{ED&xh7axgZe$-J#*WS<+(3b10h9WPQNvGK9U z#Y#j2r%Y$+g^HFh5p~ZzBpvvJ$Be93_7l6}M6eSLVP7KimCAmhg?|@%z##$b#Qx0S-n1}z@AJ#q&hbGCW1k*Dxg%hVo^y&W(F9=gp{_@{k;Pe=f=2D z)Q0}(fVPO`IF>d^Qul;9n9Lq{yN@ucPoPS*GO@+ERtfX>WZq$Qo@}WpoHi4ei zIk0QH(&wIFZtnM`SK%G3z8rd4JT_z z5_A^8Q1SOYahOPHrfMlU7lB zW+V?~p_5M9d}6UDR76ua9KRR8XJ15mN_uf)08xyDNA~%N@B;l(1Bz|teT*k-#=q_D zXvkK-rz+hbTFW-ezS99tL$O`;<^PSg^6%a|6>$ko!&T)EZ?s@-enp{qsMMcBlddY@ z*>iuGlh{^D0*66+ zWM)tkJ*_%-NP#4FMz<-~KSmRGXxV3E1#%bxTwc8lffA_&ayZivK&9HmzH#s8{NysP}h9qK8G(q@JnWpl*>EJ6DC;5uFs0>Ijh2zp7$mA=CKUNHgi{YTR8P-|9 zG8XNREf_u_0zGQ*9_(YS!*|J~{YRbg&$vQ~)?lchlxgSVjBF%9-RVrz7nvR?E1`+4 z*A94f5sVUJUXw7%b#a)14$J471`Euv4Mf#!@EH~t+TmywNEV@A&ow#gZ@mIetc9OH zDKiu!4psD_8$F4N6q{e3M<9B^Ks5AOsTEH!+3YUL`=SFivV6i)eY9dP`JE@UWL$FF z9B5OV4DQ4QPR4O~&8bDTj~UQI>W0ocon^y12>lU z0LOAE(MT}6<*;HvP}`#u`UdObHEi=2$D6)&LXOKx9G(MGU4n}73G z4W6M%qZ}pz%d;6dTBT$62Uc+EsoE)zmhRo|T^w(U4LayiG|~-SVHTz;QcfAg92H8F zh&{9ens~#zloL2!oL8ZhLDJ%t$KE7`6QkpDp`WHf?RC}qt%~bxiYrK(Hp|6w!+)t> zBZ)}>BS~WJZvqzGQRM>lJAVgFzf0^IfWTe)GQsK-Ce>J^d@&8VzJ6UKsEEfZc!|>B zku4Q2D;kf~lh=7;9OabU`^}|G8?xK?k5Baa`r_CbS~vxLB~6LV8D~I%#E^pjOK9=? zL~?WZ?LTym+ce|Tp`TqDzdjim(G=%uJxwM>c5>7K5U+ZO9g@|_PNKm2C@vjsy0`oF z{+|#2M{W1_%7gfR2vOLbS9|dE2ys!Y3}{AOyy&xYx7uH+x3q0siu(QPGpfX3;1@*E zZjhvMx6DJA<^0bM_Fu>c`&onq(MFSE{|5^~=FNWV&u<=5Te&pe(0uUMbBfPb+(Qp<%7_@TfrALw1G-)F-U5e~0smw-IGJT?z7kzy zIn8fk2EEF5i#>zIqltl=CrK=J>X*j(2bMX;N(>E`w-z0n8=#-f1Ei*D-^+=(INpvn zglaed1T_s)=W{=D=(SC=VGv)s$bE*4^BPEu2Iy5=1)&GBx__6%;als&dl0cK_odlG z6QHD?u_MN}de?qSU5a{)eAJ3^ZuXWpK4*>Vez{-#xbO#f;LagCW>Dz(5+%?Z|Mu!B ziG#P}D0K{+0u~DR?Z6x(9~KwWHx&!mu^Lo~B96k@mYG5i31#&4B)gPDFS9-vxjHm0 zAwArGsJzdr5oNpq9I*=&8)mrKO`skcM(BX$7{rGHL<{K#tkPaUe@&uA9Kuz0^T)?Y zdKKG&+&>?B5T`ELgNWX~7p9WiAm|P#g2i)ZVWsB)(+nU4LrZX(&Bt`i!36ESb`iOm z;B{*QBHxRHP^4amoFfmOs5lV_xMem%92uP zK%y@aVZm_M3i>OV!1U??HQfySwCe>#c?W(c*}e89A7)QpYfI9&rRS%z24PB64dSqC zT~+&grtx?fzRd)4e~)Rsz3Bt8y~*zr_>8Re(Q!q?%<-6ux47l6dI1+;7Azs1C+|9j z!6)%bO0IyX8@^l69Fb5{7+2ECs3sC{W%HKw#Hk$z&6EOGU(yZXXrt^#;p* z>;Mo=m|f_q7zTPS1bT0_tBMo}oJo-LBklQ|Z>P^o#i0-jR-1ucAVr-o(uC>h1vb3B)^&_vK};g7 za3Y`M^=a^l&(W8Dc(z-EZ(JcILtjl?#hz-Dppb4pl6 zVBu@4YYu29sqX}N-nf;o?R602>81+!X}n(;BNM;xut^V~e6SGXyP#K_CLcs)??D)< zRJ%0OkrwR(7=^tKE(L(`zK4^{_I-sPyXM|iU~SPWg#8pf;Ljw-5t*2m3~kBqU6W$! zaT4hfHXW%>pKEMf2)c-><5$#!1C{eKrbO+Ft>S-t6(WobQARTOzUzVYB&8pzyut>6 zP%*DvK#$l1{f#-fW{!y=Mc1~oyhYC2gOGI1Ndy|fobX9WMQ29`6f4R|7l6oEU4{PR z(%|6SynFAiz2aaP9qZl>F~lAr^-tg4L6@Vs(S_FZqS@$90{dd%E9%>qKpWe4vOj}`fY?afH!BE8J5X6Rjc^Rur0dw!S zJcA5CCl5k7-VO6+MA?94r&Ba$(B#fx{AaM)glVTX(E_HoX-F{N_8vHFl6U=cHpsfK z0K;Gw0_hC{QC3bP3E}h+hMlV3PkA;v?&+l>@zTPR#2;z-3w7}8O(&u?#abRe@HA~2?44C;JXu$$^k1xxi?>T+k>nmCh^bdYwLU<#Necs36J8#0iR zasSbvb-()ClMEwduJ6HzIrtQ}aGlK?@V`q~%%XeER(-#z7y7fa8wV+`;n(iBNZ$p` zx_m1|;NIoU#dEQ_$GTdU7wdZQgj-l1j(jAYJY@H39w&lx;Wqb81@(J^YAz{%@{p(; z^Rnm-6g}QCATr2T39Fr$lw1Z**4 zL9oroUrVwUoO?kU9Y`STJ!oWrTUw&~aKFKUy4;d>2TAY08(>*KgV!VYVoa5`-LBhf zZ0UO(+dQP)Rmm>>sEAI0oNb#INU%$Ejhx{MDWSKB=? z^~ogbG2kNgF}TKH5PKbojQ2u`TDT=L2(gdrbJUzyjLLu|T7L~drtw^%#MM9YMwyWP zGBH>%>5A1+i#ln+Oe*0*s3+em8&#=QeB&B#2zv-D%%hh+BN<<(wzZ;(pQAtSAy?;p z>aWUk+!8*7iG@Jy*d3qx6a^|C>2-OdLsLUrV0{yFW(7>N12=?0aProxPe&KyJP$s3 z&I#!5U20>7#o#+TI>(kQbD8jJ-)QX}7t!1=;!0ntv2<6J_0}toVZ%}LlL3XFQ*^|K zr+}^^vONH@l<7~&_nTZFqL`YcSG=lw`6RNulY}vHg4T!!n^W37{}V>hKhy!v6uahh zwpkzP_oTZ0kQ*ZD)|eXc-Q9tc&E>B@|ErWO!V^_dCsxDuX;3dBSB$wb3lT|pQJmuf zKoJ8TT|;*dG}Ppggrqc>$QZmY&>nx)py~kdJT!q~B1~I*8Flw{_ zJoZ6r9ZkW@kSsBcsQYV@5Y2ZvyCz}=i+I^r_XcNT8D^D+K-a7;%f)S+dlTav8R>_m zKLLd31^EMrP)Nj2y9eCn=K{ye_SgI&AAPgi{`iSKV3AJXrvm3WJ-r z&JA!c<6!XEka}H`n4Ze{ov0$Gkcb%11%;lgXb}2#{hm`;g2{CItB9pc zIbZf$ZN9s9+k!?sqRWhgzlK|G3fU#qC_{7wG8chg;+8N1o@k?>p)JXC7#u(he-5v_ zRjeXiogW+oX4)if?;>9;FreJt(dvB9(CFGfYst2a7D2!MV!SrjZ+Ld`2*=ZY;FhR; z5(OwK4P0e}y;f&5RPjRi!`Pz%UdtM6sYnOw`#D@aQZZlDQKFp2h zoB(=PGr1^m!(1l?N^MiuAUDoxN_$ttTf_FgMSQ+AvXj9Uw$2HOP7~QdaGRUZ7)Zg| zB2wz~XvEN*{L$D%NZp5m;8jAMs|)!4cEfHxSv*ppY$FtaE<~FOO>NPIM&$>~Tt>@8 z{>Wl~B+Zb^vPW8VQdjhAwXVMV=z8I2)bV3hHi5?6gd}ZS`x!Ekli9|e;dlEj$OR9< z_2?=gAy{&duqE_*^YPwH9Ez&;s(DRtw7q+!e)4gQ@|f<~PxW@VJvsvJ+NnO*U>DrJ zj@!Rnbl>cu71L%beU&vBf?y*?#{4RqLd3Wj?YI?KI3^Mqeb|#&EN*+mCq9fQkmCAY zJ)Jb@9pB1RlN5H)$er+<^_CCGbd?uHMxOQA;n6G(YT5ylEa-eh)SVn(K#dg#->|E- zal!g{#$O>pr@3UqW+ucdqW*IM`8{Aq$5cGp&$7Lvb}seYi=4Fbzwba9Vu(P8h|Vhh zPTbgc!{u^-@yd}F3v`>OCo7ir?$uUq$zkoDIY{rUG*Nob_$wOl&=pC2rf z&Lx9V|5a{PlygNk4!+x;vfA(Zit9hK+GWByWT-U%uYY8&?NZ#wSaUVp!M_v+;NZ7T zHBoX#TNP{)<2+XM|43MWodaSLBw0st{xsvaMv2%&Ue|+)RcmH*Oj)f}Yi*2srf4*eDt{rl~9u0X`qh-aLUzT3~ zC`tJesIMo~l}6`sE>8Z>S1dbRraU#} z+-WG2xw-tH2c-uty|X~r%Yvcltx$v+ii7A0ne~waUNvKddHaXd8`TzTk z{rR3(xxpP!o#zS{_&u=y^i=A9`nRVNLU`$TrOw7{KpHZES1c{hcNmQ0>Pb}kpI1%| z?=u141;%7B(v$J6KtKiP*4*9#LT^GI)ax1h7z8Tb=w#ROjQtWJB6}} zZWY3ig||M|;j^{UX)oEUeCOc!svb;;ah>VuxMH+ZwebpdjqLV_P&zYFnR$MGzl&)V_Z!}_J;E*qpv z1K9{4{h@qU6<0{BKXVh)ij%kT9FRrx5T`}30FgJ+#+q({YM=wKB%9v+wBCm?`sz~O zl9s4aG+%^dsAc>wSH>5)GDL!x$-VawTd>dtfITQ8^Q03;pR^=1%_Sv&skgrs?AGJm} z+YXp))NcG_2e6rMEB2j?(;=mxyJ7KNsgc(V7Iy)pSsx$q8BSH99v!||HCH^HF4=QW z#qcP^7k1*PL;u<3Pq~NL^FIn&Olgw2K2Swr+eg`&wVJ_^&#q4V3SD#s;0Y|ps)XnFc|p&`(EekY({UDabz;zGCx{Q?Cc`Z+ zoGJmgrc|RcPy05VT<0r)ZWE$@u(VC4&l&e!V2igD~6$ub1Tr$ z$OoB#^l}~b7chBg^e`hWQRaK|3>mTT2;#cD#z-Diw0tq_tOf%N-q6KRPX+h8N4)B+ zZ^cGz*4=6Z$g~JuN3Z0*MtE3+^u*?18eXMT`D4g#z+Qq%9mwoBDCr#pd_MP%teX@i zh1Xe_Hk!{wufN-=ic#D0eCZlPh&(Me&RhZli9|>p1;xsogRCnC0VsU?mXg2J))iI3NzSlB&aYv@PxYbPWM}pK1YAV zEh=4ivN?7ZR*#V7BA7*2Qi;z9n6s6p%>k#yL>u!M5%s`)ysRRZ$zrhvz0W1?4x3=A ze@9l3BoC&wmH0G0JVu{I^#e2Vo8c5#Xj+?@{}63!5WVf@IGi{qFqmOrrZrLO(An{3 zazOg@l6FaPtzyUA_kNCxp=`SE`3~L)-O6-M)|QxIIG+@rdVL2mnUZAX?}h%Z9xw?{ zfF0lZ6YZe-8UeyreMOsrOztW$~VN5@JUW#aY8bl@V@FkMN1l#jYVi2PB7RC z_*0IoM0qxyZkrE|>$QDo<8i06lh^fvp)G09o9+NX2ln%|AB^CuNBoK(+VnhFjlkiK z9?iJ2dPYC8Wl4B6Y{hrS%D68Dc- zME8+aL2IVKR}C?uE`8j=pkE3Izazp&!v<4v%s)KcGWN2fId|OQ|(d01HJbZANIy5xtQ z*|N@e@8zNwrwfnbpFe+&bKV&pHziV^ zdGv@*M@!3mlB`teL32w>|IpC0(069Fp;(Q2L>r9C@imXWmLW$W?BzH z2UJ&AyYVE_tke559;zjc$B;$UJki(?K6R?l`qY%Cr)OV7LvY2cQFC(gk%yz)SC?%_GMXGSy~eFV>^zmd7CNJ6xVT0uCJf@ zlie|$KQ@jz023q+ zVJ(u6zg`!oxyjZ{5uT6sys!B%Xzk&oe*Tu>65>^PdmSXfw0D7w12(HU@mkX}XY%~at@m)%qo*raf*B4!V~|0Gog}iLty=y3S$p#`<}wwBpw9t1x~I<=68I9b4>vV7?kyKt z=KoHi<5{OwI7ZI4q&Cl%_;!lul`vbCw7`zmPIq^=<$B^ge16qu`{KG{B%iU}z7=K( z<1U%2c8ZEbM>D#+^|aR6!v?#$1Oli_Q}e6Vm1W8Ioq7D=!Go@--Q~gkM@p-_tD~M5 z7Ir1*1~?EJUp9aJntUVMz$Ykc z#Dm(Wqoc$2twmU_Y|$4P(Y3hS?v33JH4cY2p1obaBT0_k_BG8=V5~L7GPqSLD=I3w z@w|v%Ty);t$8vvxL~VHAMtyy~z&QQr*pAy23o~<9%rlWvIi{!5TRHS*3Pk$^Nqimr z%vtR0?26LU`GP(kT~=~xVpT7+BaoNBXf?Cbh!DPJtUgp>arFCc`KWtS$y9HT?4jD= wsn+B#3g7swWw({G<*ySjLH6hGIrAZUsnSN(GQ*KlBKUPyQB5IT&gAz00s6zA0ssI2 literal 0 HcmV?d00001 diff --git a/Packs/CiscoSpark/pack_metadata.json b/Packs/CiscoSpark/pack_metadata.json index 7eb1879cda61..46e14202332d 100644 --- a/Packs/CiscoSpark/pack_metadata.json +++ b/Packs/CiscoSpark/pack_metadata.json @@ -2,7 +2,7 @@ "name": "Cisco Webex Teams", "description": "Send messages, create rooms and more, via the Cisco Webex Teams (Cisco Spark) API.", "support": "xsoar", - "currentVersion": "1.0.4", + "currentVersion": "1.0.5", "author": "Cortex XSOAR", "url": "https://www.paloaltonetworks.com/cortex", "email": "",