From 2df3495e885db306daab496683009cf4faace9a9 Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Wed, 23 Mar 2022 07:54:00 -0400 Subject: [PATCH] Delete packages from snapshot (#3812) --- packages/cisco_asa/2.2.0/changelog.yml | 77 - .../log/agent/stream/stream.yml.hbs | 20 - .../data_stream/log/agent/stream/udp.yml.hbs | 17 - .../elasticsearch/ingest_pipeline/default.yml | 2109 --------- .../2.2.0/data_stream/log/fields/agent.yml | 207 - .../data_stream/log/fields/base-fields.yml | 20 - .../2.2.0/data_stream/log/fields/ecs.yml | 469 -- .../2.2.0/data_stream/log/fields/fields.yml | 209 - .../2.2.0/data_stream/log/manifest.yml | 88 - .../2.2.0/data_stream/log/sample_event.json | 107 - packages/cisco_asa/2.2.0/docs/README.md | 317 -- packages/cisco_asa/2.2.0/img/cisco.svg | 1 - .../cisco_asa/2.2.0/img/kibana-cisco-asa.png | Bin 813426 -> 0 bytes ...-a555b160-4987-11e9-b8ce-ed898b5ef295.json | 53 - ...-14fce5e0-498f-11e9-b8ce-ed898b5ef295.json | 29 - ...-753406e0-4986-11e9-b8ce-ed898b5ef295.json | 29 - ...-96c6ff60-4986-11e9-b8ce-ed898b5ef295.json | 29 - ...-08ef4d90-499b-11e9-b8ce-ed898b5ef295.json | 22 - ...-118da960-4987-11e9-b8ce-ed898b5ef295.json | 22 - ...-5d0322d0-4987-11e9-b8ce-ed898b5ef295.json | 22 - ...-80d0c1b0-498a-11e9-b8ce-ed898b5ef295.json | 22 - ...-a3b5ab10-4989-11e9-b8ce-ed898b5ef295.json | 22 - ...-d05cdf60-498b-11e9-b8ce-ed898b5ef295.json | 22 - ...-fd89b1e0-49a2-11e9-b8ce-ed898b5ef295.json | 22 - packages/cisco_asa/2.2.0/manifest.yml | 36 - packages/network_traffic/0.7.1/changelog.yml | 89 - .../amqp/agent/stream/amqp.yml.hbs | 18 - .../elasticsearch/ingest_pipeline/default.yml | 27 - .../0.7.1/data_stream/amqp/fields/agent.yml | 196 - .../0.7.1/data_stream/amqp/fields/base.yml | 12 - .../0.7.1/data_stream/amqp/fields/beats.yml | 110 - .../0.7.1/data_stream/amqp/fields/ecs.yml | 123 - .../data_stream/amqp/fields/protocol.yml | 202 - .../0.7.1/data_stream/amqp/manifest.yml | 19 - .../0.7.1/data_stream/amqp/sample_event.json | 107 - .../cassandra/agent/stream/cassandra.yml.hbs | 18 - .../elasticsearch/ingest_pipeline/default.yml | 27 - .../data_stream/cassandra/fields/agent.yml | 196 - .../data_stream/cassandra/fields/base.yml | 12 - .../data_stream/cassandra/fields/beats.yml | 110 - .../data_stream/cassandra/fields/ecs.yml | 123 - .../data_stream/cassandra/fields/protocol.yml | 283 -- .../0.7.1/data_stream/cassandra/manifest.yml | 19 - .../data_stream/cassandra/sample_event.json | 125 - .../dhcpv4/agent/stream/dhcp.yml.hbs | 18 - .../elasticsearch/ingest_pipeline/default.yml | 40 - .../0.7.1/data_stream/dhcpv4/fields/agent.yml | 196 - .../0.7.1/data_stream/dhcpv4/fields/base.yml | 12 - .../0.7.1/data_stream/dhcpv4/fields/beats.yml | 110 - .../0.7.1/data_stream/dhcpv4/fields/ecs.yml | 123 - .../data_stream/dhcpv4/fields/protocol.yml | 177 - .../0.7.1/data_stream/dhcpv4/manifest.yml | 19 - .../data_stream/dhcpv4/sample_event.json | 111 - .../data_stream/dns/agent/stream/dns.yml.hbs | 18 - .../elasticsearch/ingest_pipeline/default.yml | 27 - .../0.7.1/data_stream/dns/fields/agent.yml | 196 - .../0.7.1/data_stream/dns/fields/base.yml | 12 - .../0.7.1/data_stream/dns/fields/beats.yml | 110 - .../0.7.1/data_stream/dns/fields/ecs.yml | 181 - .../0.7.1/data_stream/dns/fields/protocol.yml | 110 - .../0.7.1/data_stream/dns/manifest.yml | 19 - .../0.7.1/data_stream/dns/sample_event.json | 158 - .../flow/agent/stream/flow.yml.hbs | 23 - .../elasticsearch/ingest_pipeline/default.yml | 27 - .../0.7.1/data_stream/flow/fields/agent.yml | 196 - .../0.7.1/data_stream/flow/fields/base.yml | 12 - .../0.7.1/data_stream/flow/fields/beats.yml | 110 - .../0.7.1/data_stream/flow/fields/ecs.yml | 123 - .../0.7.1/data_stream/flow/manifest.yml | 23 - .../http/agent/stream/http.yml.hbs | 18 - .../elasticsearch/ingest_pipeline/default.yml | 27 - .../0.7.1/data_stream/http/fields/agent.yml | 196 - .../0.7.1/data_stream/http/fields/base.yml | 12 - .../0.7.1/data_stream/http/fields/beats.yml | 110 - .../0.7.1/data_stream/http/fields/ecs.yml | 197 - .../data_stream/http/fields/protocol.yml | 26 - .../0.7.1/data_stream/http/manifest.yml | 19 - .../0.7.1/data_stream/http/sample_event.json | 139 - .../icmp/agent/stream/icmp.yml.hbs | 17 - .../elasticsearch/ingest_pipeline/default.yml | 27 - .../0.7.1/data_stream/icmp/fields/agent.yml | 196 - .../0.7.1/data_stream/icmp/fields/base.yml | 12 - .../0.7.1/data_stream/icmp/fields/beats.yml | 110 - .../0.7.1/data_stream/icmp/fields/ecs.yml | 123 - .../data_stream/icmp/fields/protocol.yml | 27 - .../0.7.1/data_stream/icmp/manifest.yml | 8 - .../0.7.1/data_stream/icmp/sample_event.json | 104 - .../memcached/agent/stream/memcached.yml.hbs | 18 - .../elasticsearch/ingest_pipeline/default.yml | 27 - .../data_stream/memcached/fields/agent.yml | 196 - .../data_stream/memcached/fields/base.yml | 12 - .../data_stream/memcached/fields/beats.yml | 110 - .../data_stream/memcached/fields/ecs.yml | 123 - .../data_stream/memcached/fields/protocol.yml | 215 - .../0.7.1/data_stream/memcached/manifest.yml | 19 - .../data_stream/memcached/sample_event.json | 112 - .../mongodb/agent/stream/mongo.yml.hbs | 18 - .../elasticsearch/ingest_pipeline/default.yml | 27 - .../data_stream/mongodb/fields/agent.yml | 196 - .../0.7.1/data_stream/mongodb/fields/base.yml | 12 - .../data_stream/mongodb/fields/beats.yml | 110 - .../0.7.1/data_stream/mongodb/fields/ecs.yml | 123 - .../data_stream/mongodb/fields/protocol.yml | 58 - .../0.7.1/data_stream/mongodb/manifest.yml | 19 - .../data_stream/mongodb/sample_event.json | 106 - .../mysql/agent/stream/mysql.yml.hbs | 18 - .../elasticsearch/ingest_pipeline/default.yml | 27 - .../0.7.1/data_stream/mysql/fields/agent.yml | 196 - .../0.7.1/data_stream/mysql/fields/base.yml | 12 - .../0.7.1/data_stream/mysql/fields/beats.yml | 110 - .../0.7.1/data_stream/mysql/fields/ecs.yml | 123 - .../data_stream/mysql/fields/protocol.yml | 38 - .../0.7.1/data_stream/mysql/manifest.yml | 19 - .../0.7.1/data_stream/mysql/sample_event.json | 104 - .../data_stream/nfs/agent/stream/nfs.yml.hbs | 18 - .../elasticsearch/ingest_pipeline/default.yml | 27 - .../0.7.1/data_stream/nfs/fields/agent.yml | 196 - .../0.7.1/data_stream/nfs/fields/base.yml | 12 - .../0.7.1/data_stream/nfs/fields/beats.yml | 110 - .../0.7.1/data_stream/nfs/fields/ecs.yml | 139 - .../0.7.1/data_stream/nfs/fields/protocol.yml | 48 - .../0.7.1/data_stream/nfs/manifest.yml | 19 - .../0.7.1/data_stream/nfs/sample_event.json | 123 - .../pgsql/agent/stream/postgres.yml.hbs | 18 - .../elasticsearch/ingest_pipeline/default.yml | 27 - .../0.7.1/data_stream/pgsql/fields/agent.yml | 196 - .../0.7.1/data_stream/pgsql/fields/base.yml | 12 - .../0.7.1/data_stream/pgsql/fields/beats.yml | 110 - .../0.7.1/data_stream/pgsql/fields/ecs.yml | 123 - .../data_stream/pgsql/fields/protocol.yml | 26 - .../0.7.1/data_stream/pgsql/manifest.yml | 19 - .../0.7.1/data_stream/pgsql/sample_event.json | 101 - .../redis/agent/stream/redis.yml.hbs | 18 - .../elasticsearch/ingest_pipeline/default.yml | 27 - .../0.7.1/data_stream/redis/fields/agent.yml | 196 - .../0.7.1/data_stream/redis/fields/base.yml | 12 - .../0.7.1/data_stream/redis/fields/beats.yml | 110 - .../0.7.1/data_stream/redis/fields/ecs.yml | 123 - .../data_stream/redis/fields/protocol.yml | 13 - .../0.7.1/data_stream/redis/manifest.yml | 19 - .../0.7.1/data_stream/redis/sample_event.json | 102 - .../data_stream/sip/agent/stream/sip.yml.hbs | 18 - .../elasticsearch/ingest_pipeline/default.yml | 27 - .../0.7.1/data_stream/sip/fields/agent.yml | 196 - .../0.7.1/data_stream/sip/fields/base.yml | 12 - .../0.7.1/data_stream/sip/fields/beats.yml | 110 - .../0.7.1/data_stream/sip/fields/ecs.yml | 141 - .../0.7.1/data_stream/sip/fields/protocol.yml | 231 - .../0.7.1/data_stream/sip/manifest.yml | 19 - .../0.7.1/data_stream/sip/sample_event.json | 175 - .../thrift/agent/stream/thrift.yml.hbs | 18 - .../elasticsearch/ingest_pipeline/default.yml | 27 - .../0.7.1/data_stream/thrift/fields/agent.yml | 196 - .../0.7.1/data_stream/thrift/fields/base.yml | 12 - .../0.7.1/data_stream/thrift/fields/beats.yml | 110 - .../0.7.1/data_stream/thrift/fields/ecs.yml | 123 - .../data_stream/thrift/fields/protocol.yml | 23 - .../0.7.1/data_stream/thrift/manifest.yml | 19 - .../data_stream/thrift/sample_event.json | 102 - .../data_stream/tls/agent/stream/tls.yml.hbs | 18 - .../elasticsearch/ingest_pipeline/default.yml | 27 - .../0.7.1/data_stream/tls/fields/agent.yml | 196 - .../0.7.1/data_stream/tls/fields/base.yml | 12 - .../0.7.1/data_stream/tls/fields/beats.yml | 110 - .../0.7.1/data_stream/tls/fields/ecs.yml | 157 - .../0.7.1/data_stream/tls/fields/protocol.yml | 389 -- .../0.7.1/data_stream/tls/manifest.yml | 19 - .../0.7.1/data_stream/tls/sample_event.json | 196 - packages/network_traffic/0.7.1/docs/README.md | 3902 ----------------- ...-65120940-1454-11e9-9de0-f98d1808db8e.json | 57 - ...-a7b35890-8baa-11e8-9676-ef67484126fb.json | 57 - .../dashboard/network_traffic-cassandra.json | 77 - .../dashboard/network_traffic-dashboard.json | 77 - .../network_traffic-dns-unique-domains.json | 42 - .../dashboard/network_traffic-flows.json | 47 - .../dashboard/network_traffic-http.json | 57 - .../network_traffic-mongodb-performance.json | 62 - .../network_traffic-mysql-performance.json | 62 - .../kibana/dashboard/network_traffic-nfs.json | 67 - .../network_traffic-pgsql-performance.json | 62 - .../network_traffic-thrift-performance.json | 57 - .../network_traffic-tls-sessions.json | 87 - ...-651fd6d0-88d0-11e7-ad9c-db80de0bf8d3.json | 38 - ...-6b1b1360-d49d-11e7-996f-bd7c1ca4591b.json | 38 - ...-71908f00-88ca-11e7-ad9c-db80de0bf8d3.json | 38 - ...-8e2af860-d520-11e7-9fff-7b1ebf397ba9.json | 43 - ...-8f0ff590-d37d-11e7-9914-4982455b3063.json | 38 - ...-94908e80-d2d8-11e7-9914-4982455b3063.json | 38 - ...-b8992150-8ba8-11e8-9676-ef67484126fb.json | 40 - ...-bf3d23b0-d37c-11e7-9914-4982455b3063.json | 38 - .../network_traffic-cassandra-queryview.json | 46 - ...-d19e8485-7df5-47ce-8009-9dc3c42bcf17.json | 41 - ...-eaa83e60-190b-11e9-be0d-adde5066235e.json | 33 - ...-ffc3c0b0-d2d7-11e7-9914-4982455b3063.json | 38 - .../search/network_traffic-flows-search.json | 41 - ...odb-transactions-with-write-concern-0.json | 38 - .../network_traffic-mongodb-transactions.json | 38 - .../search/network_traffic-mysql-errors.json | 42 - .../network_traffic-mysql-transactions.json | 37 - .../network_traffic-nfs-errors-search.json | 43 - .../kibana/search/network_traffic-nfs.json | 33 - .../search/network_traffic-pgsql-errors.json | 42 - .../network_traffic-pgsql-transactions.json | 37 - .../kibana/search/network_traffic-search.json | 46 - .../search/network_traffic-thrift-errors.json | 42 - .../network_traffic-thrift-transactions.json | 37 - .../network_traffic-transactions-errors.json | 51 - ...-059fe5e0-d2dd-11e7-9914-4982455b3063.json | 26 - ...-061de380-d361-11e7-9914-4982455b3063.json | 30 - ...-0958a910-d396-11e7-8fa0-232aa9259081.json | 26 - ...-0af0b790-d37d-11e7-9914-4982455b3063.json | 26 - ...-11d33ea0-8bad-11e8-9676-ef67484126fb.json | 26 - ...-2c467370-d392-11e7-8fa0-232aa9259081.json | 26 - ...-418dfbe0-8bac-11e8-9676-ef67484126fb.json | 26 - ...-463d2bf0-d3a8-11e7-9081-ab2af08e9961.json | 26 - ...-4ad9db20-8bab-11e8-9676-ef67484126fb.json | 26 - ...-735d25c0-1459-11e9-9de0-f98d1808db8e.json | 26 - ...-8460fcd0-8baa-11e8-9676-ef67484126fb.json | 19 - ...-86743f90-d396-11e7-8fa0-232aa9259081.json | 26 - ...-a28d09d0-d361-11e7-9914-4982455b3063.json | 26 - ...-ad2a8b50-d49d-11e7-996f-bd7c1ca4591b.json | 26 - ...-ae6e33c0-d37d-11e7-9914-4982455b3063.json | 26 - ...-bacb6ed0-1459-11e9-9de0-f98d1808db8e.json | 26 - ..._traffic-bytes-transferred-per-domain.json | 26 - ...-c14377a0-d353-11e7-9914-4982455b3063.json | 30 - .../network_traffic-cassandra-ops.json | 31 - ...etwork_traffic-cassandra-requestcount.json | 31 - ..._traffic-cassandra-requestcountbytype.json | 31 - ...fic-cassandra-requestcountstackbytype.json | 31 - ...traffic-cassandra-responsecountbytype.json | 31 - ...ic-cassandra-responsecountstackbytype.json | 31 - ...rk_traffic-cassandra-responsekeyspace.json | 31 - ...etwork_traffic-cassandra-responsetime.json | 31 - ...etwork_traffic-cassandra-responsetype.json | 31 - ...network_traffic-connections-over-time.json | 26 - ...-d0120dc0-8bac-11e8-9676-ef67484126fb.json | 26 - ...-d2e15950-d560-11e7-9fff-7b1ebf397ba9.json | 31 - .../network_traffic-db-transactions.json | 30 - ...-dc743240-1665-11e7-a6de-cbac1a3d0a7d.json | 25 - .../network_traffic-dns-query-summary.json | 26 - .../network_traffic-dns-question-types.json | 31 - ..._traffic-dns-request-status-over-time.json | 31 - .../network_traffic-dns-response-codes.json | 31 - .../network_traffic-dns-top-10-questions.json | 36 - ...-e3f09730-1b80-11e9-83df-75eebb35951e.json | 26 - ...etwork_traffic-errors-count-over-time.json | 26 - ...fic-errors-vs-successful-transactions.json | 26 - ...-f43a8f20-8bb5-11e8-9676-ef67484126fb.json | 26 - ...raffic-http-codes-for-the-top-queries.json | 26 - ...rk_traffic-http-error-codes-evolution.json | 35 - .../network_traffic-http-error-codes.json | 30 - .../network_traffic-latency-histogram.json | 26 - .../network_traffic-mongodb-commands.json | 26 - ...traffic-mongodb-errors-per-collection.json | 26 - .../network_traffic-mongodb-errors.json | 26 - ...affic-mongodb-in-slash-out-throughput.json | 26 - ...-mongodb-response-times-by-collection.json | 26 - ...k_traffic-most-frequent-mysql-queries.json | 26 - ...k_traffic-most-frequent-pgsql-queries.json | 26 - .../network_traffic-mysql-errors.json | 26 - .../network_traffic-mysql-methods.json | 26 - ...network_traffic-mysql-reads-vs-writes.json | 26 - ...ffic-mysql-response-times-percentiles.json | 26 - .../network_traffic-mysql-throughput.json | 26 - .../network_traffic-navigation.json | 19 - ...ic-network-traffic-between-your-hosts.json | 26 - ...etwork_traffic-nfs-bytes-in-slash-out.json | 26 - ...network_traffic-nfs-clients-pie-chart.json | 26 - .../network_traffic-nfs-errors.json | 26 - .../network_traffic-nfs-operation-table.json | 26 - ...ork_traffic-nfs-operations-area-chart.json | 26 - .../network_traffic-nfs-response-times.json | 26 - ...twork_traffic-nfs-top-group-pie-chart.json | 26 - ...twork_traffic-nfs-top-users-pie-chart.json | 26 - ...nsactions-with-writeconcern-w-equal-0.json | 26 - .../network_traffic-pgsql-errors.json | 26 - .../network_traffic-pgsql-methods.json | 26 - ...network_traffic-pgsql-reads-vs-writes.json | 26 - ...ffic-pgsql-response-times-percentiles.json | 26 - .../network_traffic-pgsql-throughput.json | 26 - ...rk_traffic-response-times-percentiles.json | 26 - ...rk_traffic-response-times-repartition.json | 26 - ...network_traffic-slowest-mysql-queries.json | 26 - ...network_traffic-slowest-pgsql-queries.json | 26 - ...rk_traffic-slowest-thrift-rpc-methods.json | 26 - ...rk_traffic-thrift-requests-per-minute.json | 26 - ...fic-thrift-response-times-percentiles.json | 26 - .../network_traffic-thrift-rpc-errors.json | 26 - .../network_traffic-top-10-http-requests.json | 26 - ...rk_traffic-top-hosts-creating-traffic.json | 26 - ...k_traffic-top-hosts-receiving-traffic.json | 26 - ...k_traffic-top-slowest-mongodb-queries.json | 26 - ...ffic-top-thrift-rpc-calls-with-errors.json | 25 - ...etwork_traffic-top-thrift-rpc-methods.json | 26 - ...fic-total-number-of-http-transactions.json | 26 - ...traffic-unique-fqdns-per-etld-1-table.json | 26 - ...twork_traffic-unique-fqdns-per-etld-1.json | 26 - .../network_traffic-web-transactions.json | 26 - packages/network_traffic/0.7.1/manifest.yml | 35 - 299 files changed, 24275 deletions(-) delete mode 100755 packages/cisco_asa/2.2.0/changelog.yml delete mode 100755 packages/cisco_asa/2.2.0/data_stream/log/agent/stream/stream.yml.hbs delete mode 100755 packages/cisco_asa/2.2.0/data_stream/log/agent/stream/udp.yml.hbs delete mode 100755 packages/cisco_asa/2.2.0/data_stream/log/elasticsearch/ingest_pipeline/default.yml delete mode 100755 packages/cisco_asa/2.2.0/data_stream/log/fields/agent.yml delete mode 100755 packages/cisco_asa/2.2.0/data_stream/log/fields/base-fields.yml delete mode 100755 packages/cisco_asa/2.2.0/data_stream/log/fields/ecs.yml delete mode 100755 packages/cisco_asa/2.2.0/data_stream/log/fields/fields.yml delete mode 100755 packages/cisco_asa/2.2.0/data_stream/log/manifest.yml delete mode 100755 packages/cisco_asa/2.2.0/data_stream/log/sample_event.json delete mode 100755 packages/cisco_asa/2.2.0/docs/README.md delete mode 100755 packages/cisco_asa/2.2.0/img/cisco.svg delete mode 100755 packages/cisco_asa/2.2.0/img/kibana-cisco-asa.png delete mode 100755 packages/cisco_asa/2.2.0/kibana/dashboard/cisco_asa-a555b160-4987-11e9-b8ce-ed898b5ef295.json delete mode 100755 packages/cisco_asa/2.2.0/kibana/search/cisco_asa-14fce5e0-498f-11e9-b8ce-ed898b5ef295.json delete mode 100755 packages/cisco_asa/2.2.0/kibana/search/cisco_asa-753406e0-4986-11e9-b8ce-ed898b5ef295.json delete mode 100755 packages/cisco_asa/2.2.0/kibana/search/cisco_asa-96c6ff60-4986-11e9-b8ce-ed898b5ef295.json delete mode 100755 packages/cisco_asa/2.2.0/kibana/visualization/cisco_asa-08ef4d90-499b-11e9-b8ce-ed898b5ef295.json delete mode 100755 packages/cisco_asa/2.2.0/kibana/visualization/cisco_asa-118da960-4987-11e9-b8ce-ed898b5ef295.json delete mode 100755 packages/cisco_asa/2.2.0/kibana/visualization/cisco_asa-5d0322d0-4987-11e9-b8ce-ed898b5ef295.json delete mode 100755 packages/cisco_asa/2.2.0/kibana/visualization/cisco_asa-80d0c1b0-498a-11e9-b8ce-ed898b5ef295.json delete mode 100755 packages/cisco_asa/2.2.0/kibana/visualization/cisco_asa-a3b5ab10-4989-11e9-b8ce-ed898b5ef295.json delete mode 100755 packages/cisco_asa/2.2.0/kibana/visualization/cisco_asa-d05cdf60-498b-11e9-b8ce-ed898b5ef295.json delete mode 100755 packages/cisco_asa/2.2.0/kibana/visualization/cisco_asa-fd89b1e0-49a2-11e9-b8ce-ed898b5ef295.json delete mode 100755 packages/cisco_asa/2.2.0/manifest.yml delete mode 100755 packages/network_traffic/0.7.1/changelog.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/amqp/agent/stream/amqp.yml.hbs delete mode 100755 packages/network_traffic/0.7.1/data_stream/amqp/elasticsearch/ingest_pipeline/default.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/amqp/fields/agent.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/amqp/fields/base.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/amqp/fields/beats.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/amqp/fields/ecs.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/amqp/fields/protocol.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/amqp/manifest.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/amqp/sample_event.json delete mode 100755 packages/network_traffic/0.7.1/data_stream/cassandra/agent/stream/cassandra.yml.hbs delete mode 100755 packages/network_traffic/0.7.1/data_stream/cassandra/elasticsearch/ingest_pipeline/default.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/cassandra/fields/agent.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/cassandra/fields/base.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/cassandra/fields/beats.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/cassandra/fields/ecs.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/cassandra/fields/protocol.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/cassandra/manifest.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/cassandra/sample_event.json delete mode 100755 packages/network_traffic/0.7.1/data_stream/dhcpv4/agent/stream/dhcp.yml.hbs delete mode 100755 packages/network_traffic/0.7.1/data_stream/dhcpv4/elasticsearch/ingest_pipeline/default.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/dhcpv4/fields/agent.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/dhcpv4/fields/base.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/dhcpv4/fields/beats.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/dhcpv4/fields/ecs.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/dhcpv4/fields/protocol.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/dhcpv4/manifest.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/dhcpv4/sample_event.json delete mode 100755 packages/network_traffic/0.7.1/data_stream/dns/agent/stream/dns.yml.hbs delete mode 100755 packages/network_traffic/0.7.1/data_stream/dns/elasticsearch/ingest_pipeline/default.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/dns/fields/agent.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/dns/fields/base.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/dns/fields/beats.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/dns/fields/ecs.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/dns/fields/protocol.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/dns/manifest.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/dns/sample_event.json delete mode 100755 packages/network_traffic/0.7.1/data_stream/flow/agent/stream/flow.yml.hbs delete mode 100755 packages/network_traffic/0.7.1/data_stream/flow/elasticsearch/ingest_pipeline/default.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/flow/fields/agent.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/flow/fields/base.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/flow/fields/beats.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/flow/fields/ecs.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/flow/manifest.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/http/agent/stream/http.yml.hbs delete mode 100755 packages/network_traffic/0.7.1/data_stream/http/elasticsearch/ingest_pipeline/default.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/http/fields/agent.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/http/fields/base.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/http/fields/beats.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/http/fields/ecs.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/http/fields/protocol.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/http/manifest.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/http/sample_event.json delete mode 100755 packages/network_traffic/0.7.1/data_stream/icmp/agent/stream/icmp.yml.hbs delete mode 100755 packages/network_traffic/0.7.1/data_stream/icmp/elasticsearch/ingest_pipeline/default.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/icmp/fields/agent.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/icmp/fields/base.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/icmp/fields/beats.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/icmp/fields/ecs.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/icmp/fields/protocol.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/icmp/manifest.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/icmp/sample_event.json delete mode 100755 packages/network_traffic/0.7.1/data_stream/memcached/agent/stream/memcached.yml.hbs delete mode 100755 packages/network_traffic/0.7.1/data_stream/memcached/elasticsearch/ingest_pipeline/default.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/memcached/fields/agent.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/memcached/fields/base.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/memcached/fields/beats.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/memcached/fields/ecs.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/memcached/fields/protocol.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/memcached/manifest.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/memcached/sample_event.json delete mode 100755 packages/network_traffic/0.7.1/data_stream/mongodb/agent/stream/mongo.yml.hbs delete mode 100755 packages/network_traffic/0.7.1/data_stream/mongodb/elasticsearch/ingest_pipeline/default.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/mongodb/fields/agent.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/mongodb/fields/base.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/mongodb/fields/beats.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/mongodb/fields/ecs.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/mongodb/fields/protocol.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/mongodb/manifest.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/mongodb/sample_event.json delete mode 100755 packages/network_traffic/0.7.1/data_stream/mysql/agent/stream/mysql.yml.hbs delete mode 100755 packages/network_traffic/0.7.1/data_stream/mysql/elasticsearch/ingest_pipeline/default.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/mysql/fields/agent.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/mysql/fields/base.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/mysql/fields/beats.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/mysql/fields/ecs.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/mysql/fields/protocol.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/mysql/manifest.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/mysql/sample_event.json delete mode 100755 packages/network_traffic/0.7.1/data_stream/nfs/agent/stream/nfs.yml.hbs delete mode 100755 packages/network_traffic/0.7.1/data_stream/nfs/elasticsearch/ingest_pipeline/default.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/nfs/fields/agent.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/nfs/fields/base.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/nfs/fields/beats.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/nfs/fields/ecs.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/nfs/fields/protocol.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/nfs/manifest.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/nfs/sample_event.json delete mode 100755 packages/network_traffic/0.7.1/data_stream/pgsql/agent/stream/postgres.yml.hbs delete mode 100755 packages/network_traffic/0.7.1/data_stream/pgsql/elasticsearch/ingest_pipeline/default.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/pgsql/fields/agent.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/pgsql/fields/base.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/pgsql/fields/beats.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/pgsql/fields/ecs.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/pgsql/fields/protocol.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/pgsql/manifest.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/pgsql/sample_event.json delete mode 100755 packages/network_traffic/0.7.1/data_stream/redis/agent/stream/redis.yml.hbs delete mode 100755 packages/network_traffic/0.7.1/data_stream/redis/elasticsearch/ingest_pipeline/default.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/redis/fields/agent.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/redis/fields/base.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/redis/fields/beats.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/redis/fields/ecs.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/redis/fields/protocol.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/redis/manifest.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/redis/sample_event.json delete mode 100755 packages/network_traffic/0.7.1/data_stream/sip/agent/stream/sip.yml.hbs delete mode 100755 packages/network_traffic/0.7.1/data_stream/sip/elasticsearch/ingest_pipeline/default.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/sip/fields/agent.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/sip/fields/base.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/sip/fields/beats.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/sip/fields/ecs.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/sip/fields/protocol.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/sip/manifest.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/sip/sample_event.json delete mode 100755 packages/network_traffic/0.7.1/data_stream/thrift/agent/stream/thrift.yml.hbs delete mode 100755 packages/network_traffic/0.7.1/data_stream/thrift/elasticsearch/ingest_pipeline/default.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/thrift/fields/agent.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/thrift/fields/base.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/thrift/fields/beats.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/thrift/fields/ecs.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/thrift/fields/protocol.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/thrift/manifest.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/thrift/sample_event.json delete mode 100755 packages/network_traffic/0.7.1/data_stream/tls/agent/stream/tls.yml.hbs delete mode 100755 packages/network_traffic/0.7.1/data_stream/tls/elasticsearch/ingest_pipeline/default.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/tls/fields/agent.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/tls/fields/base.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/tls/fields/beats.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/tls/fields/ecs.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/tls/fields/protocol.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/tls/manifest.yml delete mode 100755 packages/network_traffic/0.7.1/data_stream/tls/sample_event.json delete mode 100755 packages/network_traffic/0.7.1/docs/README.md delete mode 100755 packages/network_traffic/0.7.1/kibana/dashboard/network_traffic-65120940-1454-11e9-9de0-f98d1808db8e.json delete mode 100755 packages/network_traffic/0.7.1/kibana/dashboard/network_traffic-a7b35890-8baa-11e8-9676-ef67484126fb.json delete mode 100755 packages/network_traffic/0.7.1/kibana/dashboard/network_traffic-cassandra.json delete mode 100755 packages/network_traffic/0.7.1/kibana/dashboard/network_traffic-dashboard.json delete mode 100755 packages/network_traffic/0.7.1/kibana/dashboard/network_traffic-dns-unique-domains.json delete mode 100755 packages/network_traffic/0.7.1/kibana/dashboard/network_traffic-flows.json delete mode 100755 packages/network_traffic/0.7.1/kibana/dashboard/network_traffic-http.json delete mode 100755 packages/network_traffic/0.7.1/kibana/dashboard/network_traffic-mongodb-performance.json delete mode 100755 packages/network_traffic/0.7.1/kibana/dashboard/network_traffic-mysql-performance.json delete mode 100755 packages/network_traffic/0.7.1/kibana/dashboard/network_traffic-nfs.json delete mode 100755 packages/network_traffic/0.7.1/kibana/dashboard/network_traffic-pgsql-performance.json delete mode 100755 packages/network_traffic/0.7.1/kibana/dashboard/network_traffic-thrift-performance.json delete mode 100755 packages/network_traffic/0.7.1/kibana/dashboard/network_traffic-tls-sessions.json delete mode 100755 packages/network_traffic/0.7.1/kibana/search/network_traffic-651fd6d0-88d0-11e7-ad9c-db80de0bf8d3.json delete mode 100755 packages/network_traffic/0.7.1/kibana/search/network_traffic-6b1b1360-d49d-11e7-996f-bd7c1ca4591b.json delete mode 100755 packages/network_traffic/0.7.1/kibana/search/network_traffic-71908f00-88ca-11e7-ad9c-db80de0bf8d3.json delete mode 100755 packages/network_traffic/0.7.1/kibana/search/network_traffic-8e2af860-d520-11e7-9fff-7b1ebf397ba9.json delete mode 100755 packages/network_traffic/0.7.1/kibana/search/network_traffic-8f0ff590-d37d-11e7-9914-4982455b3063.json delete mode 100755 packages/network_traffic/0.7.1/kibana/search/network_traffic-94908e80-d2d8-11e7-9914-4982455b3063.json delete mode 100755 packages/network_traffic/0.7.1/kibana/search/network_traffic-b8992150-8ba8-11e8-9676-ef67484126fb.json delete mode 100755 packages/network_traffic/0.7.1/kibana/search/network_traffic-bf3d23b0-d37c-11e7-9914-4982455b3063.json delete mode 100755 packages/network_traffic/0.7.1/kibana/search/network_traffic-cassandra-queryview.json delete mode 100755 packages/network_traffic/0.7.1/kibana/search/network_traffic-d19e8485-7df5-47ce-8009-9dc3c42bcf17.json delete mode 100755 packages/network_traffic/0.7.1/kibana/search/network_traffic-eaa83e60-190b-11e9-be0d-adde5066235e.json delete mode 100755 packages/network_traffic/0.7.1/kibana/search/network_traffic-ffc3c0b0-d2d7-11e7-9914-4982455b3063.json delete mode 100755 packages/network_traffic/0.7.1/kibana/search/network_traffic-flows-search.json delete mode 100755 packages/network_traffic/0.7.1/kibana/search/network_traffic-mongodb-transactions-with-write-concern-0.json delete mode 100755 packages/network_traffic/0.7.1/kibana/search/network_traffic-mongodb-transactions.json delete mode 100755 packages/network_traffic/0.7.1/kibana/search/network_traffic-mysql-errors.json delete mode 100755 packages/network_traffic/0.7.1/kibana/search/network_traffic-mysql-transactions.json delete mode 100755 packages/network_traffic/0.7.1/kibana/search/network_traffic-nfs-errors-search.json delete mode 100755 packages/network_traffic/0.7.1/kibana/search/network_traffic-nfs.json delete mode 100755 packages/network_traffic/0.7.1/kibana/search/network_traffic-pgsql-errors.json delete mode 100755 packages/network_traffic/0.7.1/kibana/search/network_traffic-pgsql-transactions.json delete mode 100755 packages/network_traffic/0.7.1/kibana/search/network_traffic-search.json delete mode 100755 packages/network_traffic/0.7.1/kibana/search/network_traffic-thrift-errors.json delete mode 100755 packages/network_traffic/0.7.1/kibana/search/network_traffic-thrift-transactions.json delete mode 100755 packages/network_traffic/0.7.1/kibana/search/network_traffic-transactions-errors.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-059fe5e0-d2dd-11e7-9914-4982455b3063.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-061de380-d361-11e7-9914-4982455b3063.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-0958a910-d396-11e7-8fa0-232aa9259081.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-0af0b790-d37d-11e7-9914-4982455b3063.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-11d33ea0-8bad-11e8-9676-ef67484126fb.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-2c467370-d392-11e7-8fa0-232aa9259081.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-418dfbe0-8bac-11e8-9676-ef67484126fb.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-463d2bf0-d3a8-11e7-9081-ab2af08e9961.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-4ad9db20-8bab-11e8-9676-ef67484126fb.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-735d25c0-1459-11e9-9de0-f98d1808db8e.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-8460fcd0-8baa-11e8-9676-ef67484126fb.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-86743f90-d396-11e7-8fa0-232aa9259081.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-a28d09d0-d361-11e7-9914-4982455b3063.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-ad2a8b50-d49d-11e7-996f-bd7c1ca4591b.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-ae6e33c0-d37d-11e7-9914-4982455b3063.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-bacb6ed0-1459-11e9-9de0-f98d1808db8e.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-bytes-transferred-per-domain.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-c14377a0-d353-11e7-9914-4982455b3063.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-cassandra-ops.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-cassandra-requestcount.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-cassandra-requestcountbytype.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-cassandra-requestcountstackbytype.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-cassandra-responsecountbytype.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-cassandra-responsecountstackbytype.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-cassandra-responsekeyspace.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-cassandra-responsetime.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-cassandra-responsetype.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-connections-over-time.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-d0120dc0-8bac-11e8-9676-ef67484126fb.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-d2e15950-d560-11e7-9fff-7b1ebf397ba9.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-db-transactions.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-dc743240-1665-11e7-a6de-cbac1a3d0a7d.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-dns-query-summary.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-dns-question-types.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-dns-request-status-over-time.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-dns-response-codes.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-dns-top-10-questions.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-e3f09730-1b80-11e9-83df-75eebb35951e.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-errors-count-over-time.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-errors-vs-successful-transactions.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-f43a8f20-8bb5-11e8-9676-ef67484126fb.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-http-codes-for-the-top-queries.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-http-error-codes-evolution.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-http-error-codes.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-latency-histogram.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-mongodb-commands.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-mongodb-errors-per-collection.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-mongodb-errors.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-mongodb-in-slash-out-throughput.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-mongodb-response-times-by-collection.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-most-frequent-mysql-queries.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-most-frequent-pgsql-queries.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-mysql-errors.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-mysql-methods.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-mysql-reads-vs-writes.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-mysql-response-times-percentiles.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-mysql-throughput.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-navigation.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-network-traffic-between-your-hosts.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-nfs-bytes-in-slash-out.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-nfs-clients-pie-chart.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-nfs-errors.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-nfs-operation-table.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-nfs-operations-area-chart.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-nfs-response-times.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-nfs-top-group-pie-chart.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-nfs-top-users-pie-chart.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-number-of-mongodb-transactions-with-writeconcern-w-equal-0.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-pgsql-errors.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-pgsql-methods.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-pgsql-reads-vs-writes.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-pgsql-response-times-percentiles.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-pgsql-throughput.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-response-times-percentiles.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-response-times-repartition.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-slowest-mysql-queries.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-slowest-pgsql-queries.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-slowest-thrift-rpc-methods.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-thrift-requests-per-minute.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-thrift-response-times-percentiles.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-thrift-rpc-errors.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-top-10-http-requests.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-top-hosts-creating-traffic.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-top-hosts-receiving-traffic.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-top-slowest-mongodb-queries.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-top-thrift-rpc-calls-with-errors.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-top-thrift-rpc-methods.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-total-number-of-http-transactions.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-unique-fqdns-per-etld-1-table.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-unique-fqdns-per-etld-1.json delete mode 100755 packages/network_traffic/0.7.1/kibana/visualization/network_traffic-web-transactions.json delete mode 100755 packages/network_traffic/0.7.1/manifest.yml diff --git a/packages/cisco_asa/2.2.0/changelog.yml b/packages/cisco_asa/2.2.0/changelog.yml deleted file mode 100755 index 871b4dc1f8..0000000000 --- a/packages/cisco_asa/2.2.0/changelog.yml +++ /dev/null @@ -1,77 +0,0 @@ -# newer versions go on top -- version: "2.2.0" - changes: - - description: Add community_id processor, update 805001, 304001, 106023 and 602304 message parsing. elastic/beats#26879 - type: enhancement - link: https://github.com/elastic/integrations/pull/2820 - - description: Add user.name field to ASA Security negotiation log line. elastic/beats#26975 - type: enhancement - link: https://github.com/elastic/integrations/pull/2820 - - description: Change event.outcome and event.type handling to be more ECS compliant. elastic/beats#29698 - type: enhancement - link: https://github.com/elastic/integrations/pull/2820 -- version: "2.1.0" - changes: - - description: Add parsing for event code 113029-113040 - type: enhancement - link: https://github.com/elastic/integrations/pull/2535 -- version: "2.0.1" - changes: - - description: Clarify configuration option documentation - type: bugfix - link: https://github.com/elastic/integrations/pull/2649 -- version: "2.0.0" - changes: - - description: Update to ECS 8.0 - type: enhancement - link: https://github.com/elastic/integrations/pull/2389 -- version: "1.3.2" - changes: - - description: Regenerate test files using the new GeoIP database - type: bugfix - link: https://github.com/elastic/integrations/pull/2339 -- version: "1.3.1" - changes: - - description: Change test public IPs to the supported subset - type: bugfix - link: https://github.com/elastic/integrations/pull/2327 -- version: "1.3.0" - changes: - - description: Add 8.0.0 version constraint - type: enhancement - link: https://github.com/elastic/integrations/pull/2236 -- version: "1.2.2" - changes: - - description: Update Title and Description. - type: enhancement - link: https://github.com/elastic/integrations/pull/1952 -- version: "1.2.1" - changes: - - description: Relax time parsing and capture group and session type in Cisco ASA module - type: bugfix - link: https://github.com/elastic/integrations/pull/1891 -- version: "1.2.0" - changes: - - description: Add support for Cisco ASA SIP events - type: enhancement - link: https://github.com/elastic/integrations/pull/1865 -- version: "1.1.1" - changes: - - description: Fix logic that checks for the 'forwarded' tag - type: bugfix - link: https://github.com/elastic/integrations/pull/1805 -- version: "1.1.0" - changes: - - description: Update to ECS 1.12.0 - type: enhancement - link: https://github.com/elastic/integrations/pull/1782 -- version: "1.0.1" - changes: - - description: Adding missing ECS fields - type: bugfix - link: https://github.com/elastic/integrations/pull/1732 -- version: "1.0.0" - changes: - - description: Split Cisco ASA into its own package - type: enhancement - link: https://github.com/elastic/integrations/pull/1583 diff --git a/packages/cisco_asa/2.2.0/data_stream/log/agent/stream/stream.yml.hbs b/packages/cisco_asa/2.2.0/data_stream/log/agent/stream/stream.yml.hbs deleted file mode 100755 index 28ea4aaa98..0000000000 --- a/packages/cisco_asa/2.2.0/data_stream/log/agent/stream/stream.yml.hbs +++ /dev/null @@ -1,20 +0,0 @@ -paths: -{{#each paths as |path i|}} - - {{path}} -{{/each}} -exclude_files: [".gz$"] -tags: -{{#if preserve_original_event}} - - preserve_original_event -{{/if}} -{{#each tags as |tag i|}} - - {{tag}} -{{/each}} -{{#contains "forwarded" tags}} -publisher_pipeline.disable_host: true -{{/contains}} -processors: -- add_locale: ~ -{{#if processors}} -{{processors}} -{{/if}} \ No newline at end of file diff --git a/packages/cisco_asa/2.2.0/data_stream/log/agent/stream/udp.yml.hbs b/packages/cisco_asa/2.2.0/data_stream/log/agent/stream/udp.yml.hbs deleted file mode 100755 index f76534e8ce..0000000000 --- a/packages/cisco_asa/2.2.0/data_stream/log/agent/stream/udp.yml.hbs +++ /dev/null @@ -1,17 +0,0 @@ -udp: -host: "{{udp_host}}:{{udp_port}}" -tags: -{{#if preserve_original_event}} - - preserve_original_event -{{/if}} -{{#each tags as |tag i|}} - - {{tag}} -{{/each}} -{{#contains "forwarded" tags}} -publisher_pipeline.disable_host: true -{{/contains}} -processors: -- add_locale: ~ -{{#if processors}} -{{processors}} -{{/if}} \ No newline at end of file diff --git a/packages/cisco_asa/2.2.0/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_asa/2.2.0/data_stream/log/elasticsearch/ingest_pipeline/default.yml deleted file mode 100755 index 381a3d3783..0000000000 --- a/packages/cisco_asa/2.2.0/data_stream/log/elasticsearch/ingest_pipeline/default.yml +++ /dev/null @@ -1,2109 +0,0 @@ ---- -description: "Pipeline for Cisco ASA logs" -processors: - - rename: - field: message - target_field: event.original - ignore_missing: true - - set: - field: ecs.version - value: '8.0.0' - # - # Parse the syslog header - # - # This populates the host.hostname, process.name, timestamp and other fields - # from the header and stores the message contents in _temp_.full_message. - - grok: - field: event.original - patterns: - - "(?:%{SYSLOG_HEADER})?\\s*%{GREEDYDATA:_temp_.full_message}" - pattern_definitions: - SYSLOG_HEADER: "(?:%{SYSLOGFACILITY}\\s*)?(?:%{FTD_DATE:_temp_.raw_date}:?\\s+)?(?:%{PROCESS_HOST}|%{HOST_PROCESS})(?:{DATA})?%{SYSLOG_END}?" - SYSLOGFACILITY: "<%{NONNEGINT:syslog.facility.code:int}(?:.%{NONNEGINT:syslog.priority:int})?>" - # Beginning with version 6.3, Firepower Threat Defense provides the option to enable timestamp as per RFC 5424. - FTD_DATE: "(?:%{TIMESTAMP_ISO8601}|%{ASA_DATE})" - ASA_DATE: "(?:%{DAY} )?%{MONTH} *%{MONTHDAY}(?: %{YEAR})? %{TIME}(?: %{TZ})?" - PROCESS: "(?:[^%\\s:\\[]+)" - SYSLOG_END: "(?:(:|\\s)\\s+)" - # exactly match the syntax for firepower management logs - PROCESS_HOST: "(?:%{PROCESS:process.name}:\\s%{SYSLOGHOST:host.name})" - HOST_PROCESS: "(?:%{SYSLOGHOST:host.hostname}:?\\s+)?(?:%{PROCESS:process.name}?(?:\\[%{POSINT:process.pid:long}\\])?)?" - - # - # Parse FTD/ASA style message - # - # This parses the header of an EMBLEM-style message for FTD and ASA prefixes. - - grok: - field: _temp_.full_message - patterns: - - "%{FTD_PREFIX}-(?:%{FTD_SUFFIX:_temp_.cisco.suffix}-)?%{NONNEGINT:event.severity:int}-%{POSINT:_temp_.cisco.message_id}?:?\\s*%{GREEDYDATA:message}" - # Before version 6.3, messages for connection, security intelligence, and intrusion events didn't include an event type ID in the message header. - - "%{GREEDYDATA:message}" - pattern_definitions: - FTD_SUFFIX: "[^0-9-]+" - # Before version 6.3, FTD used ASA prefix in syslog messages - FTD_PREFIX: "%{DATA}%(?:[A-Z]+)" - - # - # Create missing fields when no %FTD label is present - # - # message_id is needed in order for some processors below to work. - - set: - field: _temp_.cisco.message_id - value: "" - if: "ctx?._temp_?.cisco?.message_id == null" - - # - # set default event.severity to 7 (debug): - # - # This value is read from the EMBLEM header and won't be present if this is not - # an emblem message (firewalls can be configured to report other kinds of events) - - set: - field: event.severity - value: 7 - if: "ctx?.event?.severity == null" - - # - # Parse the date included in FTD logs - # - - date: - if: "ctx.event?.timezone == null && ctx._temp_?.raw_date != null" - field: "_temp_.raw_date" - target_field: "@timestamp" - formats: - - "ISO8601" - - "MMM d HH:mm:ss" - - "MMM dd HH:mm:ss" - - "EEE MMM d HH:mm:ss" - - "EEE MMM dd HH:mm:ss" - - "MMM d HH:mm:ss z" - - "MMM dd HH:mm:ss z" - - "EEE MMM d HH:mm:ss z" - - "EEE MMM dd HH:mm:ss z" - - "MMM d yyyy HH:mm:ss" - - "MMM dd yyyy HH:mm:ss" - - "EEE MMM d yyyy HH:mm:ss" - - "EEE MMM dd yyyy HH:mm:ss" - - "MMM d yyyy HH:mm:ss z" - - "MMM dd yyyy HH:mm:ss z" - - "EEE MMM d yyyy HH:mm:ss z" - - "EEE MMM dd yyyy HH:mm:ss z" - on_failure: - [ - { - "append": - { - "field": "error.message", - "value": "{{ _ingest.on_failure_message }}", - }, - }, - ] - - date: - if: "ctx.event?.timezone != null && ctx._temp_?.raw_date != null" - timezone: "{{ event.timezone }}" - field: "_temp_.raw_date" - target_field: "@timestamp" - formats: - - "ISO8601" - - "MMM d HH:mm:ss" - - "MMM dd HH:mm:ss" - - "EEE MMM d HH:mm:ss" - - "EEE MMM dd HH:mm:ss" - - "MMM d HH:mm:ss z" - - "MMM dd HH:mm:ss z" - - "EEE MMM d HH:mm:ss z" - - "EEE MMM dd HH:mm:ss z" - - "MMM d yyyy HH:mm:ss" - - "MMM dd yyyy HH:mm:ss" - - "EEE MMM d yyyy HH:mm:ss" - - "EEE MMM dd yyyy HH:mm:ss" - - "MMM d yyyy HH:mm:ss z" - - "MMM dd yyyy HH:mm:ss z" - - "EEE MMM d yyyy HH:mm:ss z" - - "EEE MMM dd yyyy HH:mm:ss z" - on_failure: - [ - { - "append": - { - "field": "error.message", - "value": "{{ _ingest.on_failure_message }}", - }, - }, - ] - - # - # Set log.level - # - - set: - field: "log.level" - if: "ctx.event.severity == 0" - value: unknown - - set: - field: "log.level" - if: "ctx.event.severity == 1" - value: alert - - set: - field: "log.level" - if: "ctx.event.severity == 2" - value: critical - - set: - field: "log.level" - if: "ctx.event.severity == 3" - value: error - - set: - field: "log.level" - if: "ctx.event.severity == 4" - value: warning - - set: - field: "log.level" - if: "ctx.event.severity == 5" - value: notification - - set: - field: "log.level" - if: "ctx.event.severity == 6" - value: informational - - set: - field: "log.level" - if: "ctx.event.severity == 7" - value: debug - - # - # Firewall messages - # - # This set of messages is shared between FTD and ASA. - - set: - if: 'ctx._temp_.cisco.message_id != ""' - field: "event.action" - value: "firewall-rule" - - dissect: - if: "ctx._temp_.cisco.message_id == '106001'" - field: "message" - description: "106001" - pattern: "%{network.direction} %{network.transport} connection %{event.outcome} from %{source.address}/%{source.port} to %{destination.address}/%{destination.port} flags %{} on interface %{_temp_.cisco.source_interface}" - - dissect: - if: "ctx._temp_.cisco.message_id == '106002'" - field: "message" - description: "106002" - pattern: "%{network.transport} Connection %{event.outcome} by %{network.direction} list %{_temp_.cisco.list_id} src %{source.address} dest %{destination.address}" - - dissect: - if: "ctx._temp_.cisco.message_id == '106006'" - field: "message" - description: "106006" - pattern: "%{event.outcome} %{network.direction} %{network.transport} from %{source.address}/%{source.port} to %{destination.address}/%{destination.port} on interface %{_temp_.cisco.source_interface}" - - dissect: - if: "ctx._temp_.cisco.message_id == '106007'" - field: "message" - description: "106007" - pattern: "%{event.outcome} %{network.direction} %{network.transport} from %{source.address}/%{source.port} to %{destination.address}/%{destination.port} due to %{network.protocol} %{}" - - grok: - if: "ctx._temp_.cisco.message_id == '106010'" - field: "message" - description: "106010" - patterns: - - "%{NOTSPACE:event.outcome} %{NOTSPACE:network.direction} %{NOTSPACE:network.transport} src %{NOTSPACE:_temp_.cisco.source_interface}:%{NOTSPACE:source.address}/%{POSINT:source.port} (%{DATA})?dst %{NOTSPACE:_temp_.cisco.destination_interface}:%{NOTSPACE:destination.address}/%{POSINT:destination.port}(%{GREEDYDATA})?" - - dissect: - if: "ctx._temp_.cisco.message_id == '106013'" - field: "message" - description: "106013" - pattern: "Dropping echo request from %{source.address} to PAT address %{destination.address}" - - set: - if: "ctx._temp_.cisco.message_id == '106013'" - field: "network.transport" - description: "106013" - value: icmp - - set: - if: "ctx._temp_.cisco.message_id == '106013'" - field: "network.direction" - description: "106013" - value: inbound - - grok: - if: "ctx._temp_.cisco.message_id == '106014'" - field: "message" - description: "106014" - patterns: - - "%{NOTSPACE:event.outcome} %{NOTSPACE:network.direction} %{NOTSPACE:network.transport} src %{NOTSPACE:_temp_.cisco.source_interface}:%{NOTSPACE:source.address} (%{DATA})?dst %{NOTSPACE:_temp_.cisco.destination_interface}:(?[^ (]*)(%{GREEDYDATA})?" - - grok: - if: "ctx._temp_.cisco.message_id == '106015'" - field: "message" - description: "106015" - patterns: - - "%{NOTSPACE:event.outcome} %{NOTSPACE:network.transport} %{NOTSPACE} %{NOTSPACE} from %{IP:source.address}/%{POSINT:source.port} to %{IP:destination.address}/%{POSINT:destination.port} flags %{DATA} on interface %{NOTSPACE:_temp_.cisco.source_interface}" - - dissect: - if: "ctx._temp_.cisco.message_id == '106016'" - field: "message" - pattern: "%{event.outcome} IP spoof from (%{source.address}) to %{destination.address} on interface %{_temp_.cisco.source_interface}" - description: "106016" - - dissect: - if: "ctx._temp_.cisco.message_id == '106017'" - field: "message" - pattern: "%{event.outcome} IP due to Land Attack from %{source.address} to %{destination.address}" - description: "106017" - - dissect: - if: "ctx._temp_.cisco.message_id == '106018'" - field: "message" - pattern: "%{network.transport} packet type %{_temp_.cisco.icmp_type} %{event.outcome} by %{network.direction} list %{_temp_.cisco.list_id} src %{source.address} dest %{destination.address}" - description: "106018" - - dissect: - if: "ctx._temp_.cisco.message_id == '106020'" - field: "message" - pattern: "%{event.outcome} IP teardrop fragment (size = %{}, offset = %{}) from %{source.address} to %{destination.address}" - description: "106020" - - dissect: - if: "ctx._temp_.cisco.message_id == '106021'" - field: "message" - pattern: "%{event.outcome} %{network.transport} reverse path check from %{source.address} to %{destination.address} on interface %{_temp_.cisco.source_interface}" - description: "106021" - - dissect: - if: "ctx._temp_.cisco.message_id == '106022'" - field: "message" - pattern: "%{event.outcome} %{network.transport} connection spoof from %{source.address} to %{destination.address} on interface %{_temp_.cisco.source_interface}" - description: "106022" - - grok: - if: "ctx._temp_.cisco.message_id == '106023'" - field: "message" - description: "106023" - patterns: - - ^%{NOTSPACE:event.outcome} ((protocol %{POSINT:network.iana_number})|%{NOTSPACE:network.transport}) src %{NOTCOLON:_temp_.cisco.source_interface}:%{IPORHOST:source.address}(/%{POSINT:source.port})?\s*(\(%{CISCO_USER:_temp_.cisco.source_username}\) )?dst %{NOTCOLON:_temp_.cisco.destination_interface}:%{IPORHOST:destination.address}(/%{POSINT:destination.port})?%{DATA}by access-group "%{NOTSPACE:_temp_.cisco.list_id}" - pattern_definitions: - NOTCOLON: "[^:]*" - CISCO_USER: ((LOCAL\\)?(%{HOSTNAME}\\)?%{USERNAME}(@%{HOSTNAME})?) - - dissect: - if: "ctx._temp_.cisco.message_id == '106027'" - field: "message" - description: "106027" - pattern: '%{} %{event.outcome} src %{source.address} dst %{destination.address} by access-group "%{_temp_.cisco.list_id}"' - - dissect: - if: "ctx._temp_.cisco.message_id == '106100'" - field: "message" - description: "106100" - pattern: "access-list %{_temp_.cisco.list_id} %{event.outcome} %{network.transport} %{_temp_.cisco.source_interface}/%{source.address}(%{source.port})%{}-> %{_temp_.cisco.destination_interface}/%{destination.address}(%{destination.port})%{}" - - dissect: - if: "ctx._temp_.cisco.message_id == '106102' || ctx._temp_.cisco.message_id == '106103'" - field: "message" - description: "106103" - pattern: "access-list %{_temp_.cisco.list_id} %{event.outcome} %{network.transport} for user %{user.name} %{_temp_.cisco.source_interface}/%{source.address}(%{source.port})%{}-> %{_temp_.cisco.destination_interface}/%{destination.address}(%{destination.port})%{}" - - dissect: - if: "ctx._temp_.cisco.message_id == '111004'" - field: "message" - description: "111004" - pattern: "%{source.address} end configuration: %{_temp_.cisco.cli_outcome}" - - set: - field: event.outcome - description: "111004" - value: "success" - if: "ctx._temp_.cisco.message_id == '111004' && ctx?._temp_?.cisco?.cli_outcome == 'OK'" - - set: - field: event.outcome - description: "111004" - value: "failure" - if: "ctx._temp_.cisco.message_id == '111004' && ctx?._temp_?.cisco?.cli_outcome == 'FAILED'" - - remove: - field: _temp_.cisco.cli_outcome - ignore_missing: true - - append: - field: event.type - description: "111004" - value: "change" - if: "ctx._temp_.cisco.message_id == '111004'" - - grok: - if: "ctx._temp_.cisco.message_id == '111009'" - description: "111009" - field: "message" - patterns: - - "^%{NOTSPACE} '%{NOTSPACE:server.user.name}' executed %{NOTSPACE} %{GREEDYDATA:_temp_.cisco.command_line_arguments}" - - grok: - if: "ctx._temp_.cisco.message_id == '111010'" - field: "message" - description: "111010" - patterns: - - "User '%{NOTSPACE:server.user.name}', running %{QUOTEDSTRING} from IP %{IP:source.address}, executed %{QUOTEDSTRING:_temp_.cisco.command_line_arguments}" - - dissect: - if: "ctx._temp_.cisco.message_id == '113019'" - field: "message" - description: "113019" - pattern: "Group = %{source.user.group.name}, Username = %{source.user.name}, IP = %{destination.address}, Session disconnected. Session Type: %{_temp_.cisco.session_type}, Duration: %{_temp_.duration_hms}, Bytes xmt: %{source.bytes}, Bytes rcv: %{destination.bytes}, Reason: %{event.reason}" - - dissect: - if: "ctx._temp_.cisco.message_id == '113040'" - field: "message" - description: "113040" - pattern: "Terminating the VPN connection attempt from %{source.user.group.name}. Reason: This connection is group locked to %{}." - - grok: - if: '["113029","113030","113031","113032","113033","113034","113035","113036","113038","113039"].contains(ctx._temp_.cisco.message_id)' - field: "message" - description: "113029, 113030, 113031, 113032, 113033, 113034, 113035, 113036, 113038, 113039" - patterns: - - "Group %{NOTSPACE:source.user.group.name} User %{USER:source.user.name} IP %{IP:source.address}" - - grok: - if: '["302013", "302015"].contains(ctx._temp_.cisco.message_id)' - field: "message" - description: "302013, 302015" - patterns: - - Built %{NOTSPACE:network.direction} %{NOTSPACE:network.transport} connection %{NUMBER:_temp_.cisco.connection_id} for %{NOTCOLON:_temp_.cisco.source_interface}:%{IP:source.address}/%{NUMBER:source.port} \(%{IP:_temp_.natsrcip}/%{NUMBER:_temp_.cisco.mapped_source_port}\)(\(%{CISCO_USER:_temp_.cisco.source_username}\))? to %{NOTCOLON:_temp_.cisco.destination_interface}:%{NOTSPACE:destination.address}/%{NUMBER:destination.port} \(%{NOTSPACE:_temp_.natdstip}/%{NUMBER:_temp_.cisco.mapped_destination_port}\)(\(%{CISCO_USER:destination.user.name}\))?( \(%{CISCO_USER:_temp_.cisco.termination_user}\))?%{GREEDYDATA} - pattern_definitions: - NOTCOLON: "[^:]*" - CISCO_USER: ((LOCAL\\)?(%{HOSTNAME}\\)?%{USERNAME}(@%{HOSTNAME})?) - - dissect: - if: "ctx._temp_.cisco.message_id == '303002'" - field: "message" - description: "303002" - pattern: "%{network.protocol} connection from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port}, user %{client.user.name} %{} file %{file.path}" - - grok: - if: "ctx._temp_.cisco.message_id == '305012'" - field: "message" - description: "305012" - patterns: - - Teardown %{DATA} %{NOTSPACE:network.transport} translation from %{NOTCOLON:_temp_.cisco.source_interface}:%{IP:source.address}/%{NUMBER:source.port}(\s*\(%{CISCO_USER:_temp_.cisco.source_username}\))? to %{NOTCOLON:_temp_.cisco.destination_interface}:%{IP:destination.address}/%{NUMBER:destination.port} duration %{DURATION:_temp_.duration_hms} - pattern_definitions: - NOTCOLON: "[^:]*" - CISCO_USER: ((LOCAL\\)?(%{HOSTNAME}\\)?%{USERNAME}(@%{HOSTNAME})?) - DURATION: "%{INT}:%{MINUTE}:%{SECOND}" - - grok: - if: "ctx._temp_.cisco.message_id == '302020'" - field: "message" - description: "302020" - patterns: - - "Built %{NOTSPACE:network.direction} %{NOTSPACE:network.protocol} connection for faddr (?:%{NOTCOLON:_temp_.cisco.source_interface}:)?%{ECSDESTIPORHOST}/%{NUMBER}\\s*(?:\\(%{CISCO_USER:_temp_.cisco.destination_username}\\) )?gaddr (?:%{NOTCOLON}:)?%{MAPPEDSRC}/%{NUMBER} laddr (?:%{NOTCOLON:_temp_.cisco.source_interface}:)?%{ECSSOURCEIPORHOST}/%{NUMBER}\\s*(?:\\(%{CISCO_USER:_temp_.cisco.source_username}\\) )?(type %{NUMBER:_temp_.cisco.icmp_type} code %{NUMBER:_temp_.cisco.icmp_code})?" - pattern_definitions: - NOTCOLON: "[^:]*" - ECSSOURCEIPORHOST: "(?:%{IP:source.address}|%{HOSTNAME:source.domain})" - ECSDESTIPORHOST: "(?:%{IP:destination.address}|%{HOSTNAME:destination.domain})" - MAPPEDSRC: "(?:%{DATA:_temp_.natsrcip}|%{HOSTNAME})" - CISCO_USER: ((LOCAL\\)?(%{HOSTNAME}\\)?%{USERNAME}(@%{HOSTNAME})?) - - dissect: - if: "ctx._temp_.cisco.message_id == '302022'" - field: "message" - description: "302022" - pattern: "Built %{} stub %{network.transport} connection for %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} %{} to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} %{}" - - dissect: - if: "ctx._temp_.cisco.message_id == '302023'" - field: "message" - description: "302023" - pattern: "Teardown stub %{network.transport} connection for %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} duration %{_temp_.duration_hms} forwarded bytes %{network.bytes} %{event.reason}" - - grok: - if: "ctx._temp_.cisco.message_id == '304001'" - field: "message" - description: "304001" - patterns: - - "(%{NOTSPACE:source.user.name}@)?%{IP:source.address}(\\(%{DATA}\\))? %{DATA} (%{NOTSPACE}@)?%{IP:destination.address}:%{GREEDYDATA:url.original}" - - set: - if: "ctx._temp_.cisco.message_id == '304001'" - field: "event.outcome" - description: "304001" - value: allowed - - dissect: - if: "ctx._temp_.cisco.message_id == '304002'" - field: "message" - description: "304002" - pattern: "Access %{event.outcome} URL %{url.original} SRC %{source.address} %{}EST %{destination.address} on interface %{_temp_.cisco.source_interface}" - - grok: - if: "ctx._temp_.cisco.message_id == '305011'" - field: "message" - description: "305011" - patterns: - - Built %{NOTSPACE} %{NOTSPACE:network.transport} translation from %{NOTSPACE:_temp_.cisco.source_interface}:%{IP:source.address}/%{NUMBER:source.port}(\(%{NOTSPACE:source.user.name}\))? to %{NOTSPACE:_temp_.cisco.destination_interface}:%{IP:destination.address}/%{NUMBER:destination.port} - - dissect: - if: "ctx._temp_.cisco.message_id == '313001'" - field: "message" - description: "313001" - pattern: "%{event.outcome} %{network.transport} type=%{_temp_.cisco.icmp_type}, code=%{_temp_.cisco.icmp_code} from %{source.address} on interface %{_temp_.cisco.source_interface}" - - dissect: - if: "ctx._temp_.cisco.message_id == '313004'" - field: "message" - description: "313004" - pattern: "%{event.outcome} %{network.transport} type=%{_temp_.cisco.icmp_type}, from%{}addr %{source.address} on interface %{_temp_.cisco.source_interface} to %{destination.address}: no matching session" - - dissect: - if: "ctx._temp_.cisco.message_id == '313005'" - field: "message" - description: "313005" - pattern: "No matching connection for %{network.transport} error message: %{} on %{_temp_.cisco.source_interface} interface.%{}riginal IP payload: %{}" - - dissect: - if: "ctx._temp_.cisco.message_id == '313008'" - field: "message" - description: "313008" - pattern: "%{event.outcome} %{network.transport} type=%{_temp_.cisco.icmp_type}, code=%{_temp_.cisco.icmp_code} from %{source.address} on interface %{_temp_.cisco.source_interface}" - - dissect: - if: "ctx._temp_.cisco.message_id == '313009'" - field: "message" - description: "313009" - pattern: "%{event.outcome} invalid %{network.transport} code %{_temp_.cisco.icmp_code}, for %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})%{}" - - dissect: - if: "ctx._temp_.cisco.message_id == '322001'" - field: "message" - description: "322001" - pattern: "%{event.outcome} MAC address %{source.mac}, possible spoof attempt on interface %{_temp_.cisco.source_interface}" - - dissect: - if: "ctx._temp_.cisco.message_id == '338001'" - field: "message" - description: "338001" - pattern: "Dynamic filter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{source.domain}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" - - set: - if: "ctx._temp_.cisco.message_id == '338001'" - field: "server.domain" - description: "338001" - value: "{{source.domain}}" - ignore_empty_value: true - - dissect: - if: "ctx._temp_.cisco.message_id == '338002'" - field: "message" - description: "338002" - pattern: "Dynamic %{}ilter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{destination.domain}" - - set: - if: "ctx._temp_.cisco.message_id == '338002'" - field: "server.domain" - description: "338002" - value: "{{destination.domain}}" - ignore_empty_value: true - - dissect: - if: "ctx._temp_.cisco.message_id == '338003'" - field: "message" - description: "338003" - pattern: "Dynamic %{}ilter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" - - dissect: - if: "ctx._temp_.cisco.message_id == '338004'" - field: "message" - description: "338004" - pattern: "Dynamic %{}ilter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" - - dissect: - if: "ctx._temp_.cisco.message_id == '338005'" - field: "message" - description: "338005" - pattern: "Dynamic %{}ilter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{source.domain}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" - - set: - if: "ctx._temp_.cisco.message_id == '338005'" - field: "server.domain" - description: "338005" - value: "{{source.domain}}" - ignore_empty_value: true - - dissect: - if: "ctx._temp_.cisco.message_id == '338006'" - field: "message" - description: "338006" - pattern: "Dynamic %{}ilter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{destination.domain}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" - - set: - if: "ctx._temp_.cisco.message_id == '338006'" - field: "server.domain" - description: "338006" - value: "{{destination.domain}}" - ignore_empty_value: true - - dissect: - if: "ctx._temp_.cisco.message_id == '338007'" - field: "message" - description: "338007" - pattern: "Dynamic %{}ilter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" - - dissect: - if: "ctx._temp_.cisco.message_id == '338008'" - field: "message" - description: "338008" - pattern: "Dynamic %{}ilter %{event.outcome} black%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" - - dissect: - if: "ctx._temp_.cisco.message_id == '338101'" - field: "message" - description: "338101" - pattern: "Dynamic %{}ilter %{event.outcome} white%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{source.domain}" - - set: - if: "ctx._temp_.cisco.message_id == '338101'" - field: "server.domain" - description: "338101" - value: "{{source.domain}}" - ignore_empty_value: true - - dissect: - if: "ctx._temp_.cisco.message_id == '338102'" - field: "message" - description: "338102" - pattern: "Dynamic %{}ilter %{event.outcome} white%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{destination.domain}" - - set: - if: "ctx._temp_.cisco.message_id == '338102'" - field: "server.domain" - description: "338102" - value: "{{destination.domain}}" - ignore_empty_value: true - - dissect: - if: "ctx._temp_.cisco.message_id == '338103'" - field: "message" - description: "338103" - pattern: "Dynamic %{}ilter %{event.outcome} white%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{}" - - dissect: - if: "ctx._temp_.cisco.message_id == '338104'" - field: "message" - description: "338104" - pattern: "Dynamic %{}ilter %{event.outcome} white%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{}" - - dissect: - if: "ctx._temp_.cisco.message_id == '338201'" - field: "message" - description: "338201" - pattern: "Dynamic %{}ilter %{event.outcome} grey%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{source.domain}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" - - set: - if: "ctx._temp_.cisco.message_id == '338201'" - field: "server.domain" - description: "338201" - value: "{{source.domain}}" - ignore_empty_value: true - - dissect: - if: "ctx._temp_.cisco.message_id == '338202'" - field: "message" - description: "338202" - pattern: "Dynamic %{}ilter %{event.outcome} grey%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{destination.domain}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" - - set: - if: "ctx._temp_.cisco.message_id == '338202'" - field: "server.domain" - description: "338202" - value: "{{destination.domain}}" - ignore_empty_value: true - - dissect: - if: "ctx._temp_.cisco.message_id == '338203'" - field: "message" - description: "338203" - pattern: "Dynamic %{}ilter %{event.outcome} grey%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})%{}source %{} resolved from %{_temp_.cisco.list_id} list: %{source.domain}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" - - set: - if: "ctx._temp_.cisco.message_id == '338203'" - field: "server.domain" - description: "338203" - value: "{{source.domain}}" - ignore_empty_value: true - - dissect: - if: "ctx._temp_.cisco.message_id == '338204'" - field: "message" - description: "338204" - pattern: "Dynamic %{}ilter %{event.outcome} grey%{}d %{network.transport} traffic from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})%{}destination %{} resolved from %{_temp_.cisco.list_id} list: %{destination.domain}, threat-level: %{_temp_.cisco.threat_level}, category: %{_temp_.cisco.threat_category}" - - set: - if: "ctx._temp_.cisco.message_id == '338204'" - field: "server.domain" - description: "338204" - value: "{{destination.domain}}" - ignore_empty_value: true - - dissect: - if: "ctx._temp_.cisco.message_id == '338301'" - field: "message" - description: "338301" - pattern: "Intercepted DNS reply for domain %{source.domain} from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port}, matched %{_temp_.cisco.list_id}" - - set: - if: "ctx._temp_.cisco.message_id == '338301'" - field: "client.address" - description: "338301" - value: "{{destination.address}}" - ignore_empty_value: true - - set: - if: "ctx._temp_.cisco.message_id == '338301'" - field: "client.port" - description: "338301" - value: "{{destination.port}}" - ignore_empty_value: true - - set: - if: "ctx._temp_.cisco.message_id == '338301'" - field: "server.address" - description: "338301" - value: "{{source.address}}" - ignore_empty_value: true - - set: - if: "ctx._temp_.cisco.message_id == '338301'" - field: "server.port" - description: "338301" - value: "{{source.port}}" - ignore_empty_value: true - - dissect: - if: "ctx._temp_.cisco.message_id == '502103'" - field: "message" - description: "502103" - pattern: "User priv level changed: Uname: %{server.user.name} From: %{_temp_.cisco.privilege.old} To: %{_temp_.cisco.privilege.new}" - - append: - if: "ctx._temp_.cisco.message_id == '502103'" - field: "event.type" - description: "502103" - value: - - "group" - - "change" - - append: - if: "ctx._temp_.cisco.message_id == '502103'" - field: "event.category" - description: "502103" - value: "iam" - - dissect: - if: "ctx._temp_.cisco.message_id == '507003'" - field: "message" - description: "507003" - pattern: "%{network.transport} flow from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} terminated by inspection engine, reason - %{message}" - - dissect: - if: '["605004", "605005"].contains(ctx._temp_.cisco.message_id)' - field: "message" - description: "605004, 605005" - pattern: 'Login %{event.outcome} from %{source.address}/%{source.port} to %{_temp_.cisco.destination_interface}:%{destination.address}/%{network.protocol} for user "%{source.user.name}"' - - dissect: - if: "ctx._temp_.cisco.message_id == '609001'" - field: "message" - description: "609001" - pattern: "Built local-host %{_temp_.cisco.source_interface}:%{source.address}" - - dissect: - if: "ctx._temp_.cisco.message_id == '607001'" - field: "message" - description: "607001" - pattern: "Pre-allocate SIP %{_temp_.cisco.connection_type} secondary channel for %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} to %{_temp_.cisco.source_interface}:%{source.address} from %{_temp_.cisco.message} message" - - grok: - if: "ctx._temp_.cisco.message_id == '607001'" - description: "607001" - field: "_temp_.cisco.connection_type" - patterns: - - "%{CONNECTION}" - pattern_definitions: - TRANSPORTS: "(?:UDP|TCP)" - PROTOCOLS: "(?:RTP|RTCP)" - CONNECTION: "(?:%{TRANSPORTS:network.transport}|%{PROTOCOLS:network.protocol})" - ignore_failure: true - - dissect: - if: "ctx._temp_.cisco.message_id == '609002'" - field: "message" - description: "609002" - pattern: "Teardown local-host %{_temp_.cisco.source_interface}:%{source.address} duration %{_temp_.duration_hms}" - - dissect: - if: '["611102", "611101"].contains(ctx._temp_.cisco.message_id)' - field: "message" - description: "611102, 611101" - pattern: 'User authentication %{event.outcome}: IP address: %{source.address}, Uname: %{server.user.name}' - - dissect: - if: "ctx._temp_.cisco.message_id == '710003'" - field: "message" - description: "710003" - pattern: "%{network.transport} access %{event.outcome} by ACL from %{source.address}/%{source.port} to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port}" - - dissect: - if: "ctx._temp_.cisco.message_id == '710005'" - field: "message" - description: "710005" - pattern: "%{network.transport} request %{event.outcome} from %{source.address}/%{source.port} to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port}" - - dissect: - if: "ctx._temp_.cisco.message_id == '713049'" - field: "message" - description: "713049" - pattern: "Group = %{}, IP = %{source.address}, Security negotiation complete for LAN-to-LAN Group (%{}) %{}, Inbound SPI = %{}, Outbound SPI = %{}" - ignore_failure: true - - dissect: - if: "ctx._temp_.cisco.message_id == '713049'" - field: "message" - description: "713049" - pattern: "Group = %{}, Username = %{user.name}, IP = %{source.address}, Security negotiation complete for User (%{}) %{}, Inbound SPI = %{}, Outbound SPI = %{}" - ignore_failure: true - - grok: - if: "ctx._temp_.cisco.message_id == '716002'" - field: "message" - description: "716002" - patterns: - - "Group <%{NOTSPACE:_temp_.cisco.webvpn.group_name}> User <%{NOTSPACE:source.user.name}> IP <%{IP:source.address}> WebVPN session terminated: %{GREEDYDATA:event.reason}." - - "Group %{NOTSPACE:_temp_.cisco.webvpn.group_name} User %{NOTSPACE:source.user.name} IP %{IP:source.address} WebVPN session terminated: %{GREEDYDATA:event.reason}." - - grok: - if: "ctx._temp_.cisco.message_id == '722051'" - field: "message" - description: "722051" - patterns: - - "Group <%{NOTSPACE:_temp_.cisco.webvpn.group_name}> User <%{NOTSPACE:source.user.name}> IP <%{IP:source.address}> IPv4 Address <%{IP:_temp_.cisco.assigned_ip}> %{GREEDYDATA}" - - "Group %{NOTSPACE:_temp_.cisco.webvpn.group_name} User %{NOTSPACE:source.user.name} IP %{IP:source.address} IPv4 Address %{IP:_temp_.cisco.assigned_ip} %{GREEDYDATA}" - - grok: - if: "ctx._temp_.cisco.message_id == '733100'" - field: "message" - description: "733100" - patterns: - - \[(%{SPACE})?%{DATA:_temp_.cisco.burst.object}\] drop %{NOTSPACE:_temp_.cisco.burst.id} exceeded. Current burst rate is %{INT:_temp_.cisco.burst.current_rate} per second, max configured rate is %{INT:_temp_.cisco.burst.configured_rate}; Current average rate is %{INT:_temp_.cisco.burst.avg_rate} per second, max configured rate is %{INT:_temp_.cisco.burst.configured_avg_rate}; Cumulative total count is %{INT:_temp_.cisco.burst.cumulative_count} - - dissect: - if: "ctx._temp_.cisco.message_id == '734001'" - field: "message" - description: "734001" - pattern: "DAP: User %{user.email}, Addr %{source.address}, Connection %{_temp_.cisco.connection_type}: The following DAP records were selected for this connection: %{_temp_.cisco.dap_records->}" - - dissect: - if: "ctx._temp_.cisco.message_id == '805001'" - field: "message" - description: "805001" - pattern: "Offloaded %{network.transport} Flow for connection %{_temp_.cisco.connection_id} from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})" - - dissect: - if: "ctx._temp_.cisco.message_id == '805002'" - field: "message" - description: "805002" - pattern: "%{network.transport} Flow is no longer offloaded for connection %{_temp_.cisco.connection_id} from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} (%{_temp_.natsrcip}/%{_temp_.cisco.mapped_source_port}) to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} (%{_temp_.natdstip}/%{_temp_.cisco.mapped_destination_port})" - - split: - field: "_temp_.cisco.dap_records" - separator: ",\\s+" - ignore_missing: true - - dissect: - if: "ctx._temp_.cisco.message_id == '434002'" - field: "message" - pattern: "SFR requested to %{event.action} %{network.protocol} packet from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port}" - - dissect: - if: "ctx._temp_.cisco.message_id == '434004'" - field: "message" - pattern: "SFR requested ASA to %{event.action} further packet redirection and process %{network.protocol} flow from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} locally" - - dissect: - if: "ctx._temp_.cisco.message_id == '110002'" - field: "message" - pattern: "%{event.reason} for %{network.protocol} from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} to %{destination.address}/%{destination.port}" - - dissect: - if: "ctx._temp_.cisco.message_id == '419002'" - field: "message" - pattern: "%{event.reason}from %{_temp_.cisco.source_interface}:%{source.address}/%{source.port} to %{_temp_.cisco.destination_interface}:%{destination.address}/%{destination.port} %{+event.reason}" - - dissect: - if: '["602303", "602304"].contains(ctx._temp_.cisco.message_id)' - field: "message" - pattern: "%{network.type}: An %{network.direction} %{_temp_.cisco.tunnel_type} SA (SPI= %{}) between %{source.address} and %{destination.address} (user= %{user.name}) has been %{event.action}." - - dissect: - if: "ctx._temp_.cisco.message_id == '750002'" - field: "message" - pattern: "Local:%{source.address}:%{source.port} Remote:%{destination.address}:%{destination.port} Username:%{user.name} %{event.reason}" - - dissect: - if: "ctx._temp_.cisco.message_id == '713120'" - field: "message" - pattern: "Group = %{}, IP = %{source.address}, %{event.reason} (msgid=%{event.id})" - - dissect: - if: "ctx._temp_.cisco.message_id == '713202'" - field: "message" - pattern: "IP = %{source.address}, %{event.reason}. %{} packet." - - dissect: - if: "ctx._temp_.cisco.message_id == '750003'" - field: "message" - pattern: "Local:%{source.address}:%{source.port} Remote:%{destination.address}:%{destination.port} Username:%{user.name} %{event.reason} ERROR:%{+event.reason}" - - grok: - if: '["713905", "713904", "713906", "713902", "713901"].contains(ctx._temp_.cisco.message_id)' - field: "message" - patterns: - - "^(Group = %{IP}, )?(IP = %{IP:source.address}, )?%{GREEDYDATA:event.reason}$" - # Handle ecs action outcome protocol - - set: - if: '["434002", "434004"].contains(ctx._temp_.cisco.message_id)' - field: "event.outcome" - value: "unknown" - - set: - if: '["419002"].contains(ctx._temp_.cisco.message_id)' - field: "network.protocol" - value: "tcp" - - set: - if: '["110002"].contains(ctx._temp_.cisco.message_id)' - field: "event.outcome" - value: "dropped" - - set: - if: '["713120"].contains(ctx._temp_.cisco.message_id)' - field: "event.outcome" - value: "success" - - set: - if: '["602303", "602304"].contains(ctx._temp_.cisco.message_id)' - field: "event.outcome" - value: "success" - - set: - if: '["710005"].contains(ctx._temp_.cisco.message_id)' - field: "event.outcome" - value: "dropped" - - set: - if: '["713901", "713902", "713903", "713904", "713905"].contains(ctx._temp_.cisco.message_id)' - field: "event.outcome" - value: "failure" - - set: - if: '["113039"].contains(ctx._temp_.cisco.message_id)' - field: "event.action" - value: "client-vpn-connected" - - set: - if: '["113029","113030","113031","113032","113033","113034","113035","113036","113037","113038"].contains(ctx._temp_.cisco.message_id)' - field: "event.action" - value: "client-vpn-error" - - set: - if: '["113040"].contains(ctx._temp_.cisco.message_id)' - field: "event.action" - value: "client-vpn-disconnected" - - set: - if: '["750002", "750003"].contains(ctx._temp_.cisco.message_id)' - field: "event.action" - value: "connection-started" - - set: - if: '["750003", "713905", "713904", "713906", "713902", "713901"].contains(ctx._temp_.cisco.message_id)' - field: "event.action" - value: "error" - - append: - if: '["750003", "713905", "713904", "713906", "713902", "713901"].contains(ctx._temp_.cisco.message_id)' - field: "event.type" - value: "error" - - # - # Handle 302xxx messages (Flow expiration a.k.a "Teardown") - # - - set: - if: '["305012", "302014", "302016", "302018", "302020", "302021", "302036", "302304", "302306", "609001", "609002"].contains(ctx._temp_.cisco.message_id)' - field: "event.action" - value: "flow-expiration" - description: "305012, 302014, 302016, 302018, 302020, 302021, 302036, 302304, 302306, 609001, 609002" - - grok: - field: "message" - if: '["302014", "302016", "302018", "302021", "302036", "302304", "302306"].contains(ctx._temp_.cisco.message_id)' - description: "302014, 302016, 302018, 302021, 302036, 302304, 302306" - patterns: - - ^Teardown %{NOTSPACE:network.transport} (?:state-bypass )?connection %{NOTSPACE:_temp_.cisco.connection_id} (?:for|from) %{NOTCOLON:_temp_.cisco.source_interface}:%{DATA:source.address}/%{NUMBER:source.port:int}\s*(?:\(?%{CISCO_USER:_temp_.cisco.source_username}\)? )?to %{NOTCOLON:_temp_.cisco.destination_interface}:%{DATA:destination.address}/%{NUMBER:destination.port:int}\s*(?:\(?%{CISCO_USER:_temp_.cisco.destination_username}\)? )?duration (?:%{DURATION:_temp_.duration_hms} bytes %{NUMBER:network.bytes}) %{NOTCOLON:event.reason} from %{NOTCOLON:_temp_.cisco.termination_initiator} \(%{CISCO_USER:_temp_.cisco.termination_user}\) - - ^Teardown %{NOTSPACE:network.transport} (?:state-bypass )?connection %{NOTSPACE:_temp_.cisco.connection_id} (?:for|from) %{NOTCOLON:_temp_.cisco.source_interface}:%{DATA:source.address}/%{NUMBER:source.port:int}\s*(?:\(?%{CISCO_USER:_temp_.cisco.source_username}\)? )?to %{NOTCOLON:_temp_.cisco.destination_interface}:%{DATA:destination.address}/%{NUMBER:destination.port:int}\s*(?:\(?%{CISCO_USER:_temp_.cisco.destination_username}\)? )?duration (?:%{DURATION:_temp_.duration_hms} bytes %{NUMBER:network.bytes}) %{NOTCOLON:event.reason} from %{NOTCOLON:_temp_.cisco.termination_initiator} - - ^Teardown %{NOTSPACE:network.transport} (?:state-bypass )?connection %{NOTSPACE:_temp_.cisco.connection_id} (?:for|from) %{NOTCOLON:_temp_.cisco.source_interface}:%{DATA:source.address}/%{NUMBER:source.port:int}\s*(?:\(?%{CISCO_USER:_temp_.cisco.source_username}\)? )?to %{NOTCOLON:_temp_.cisco.destination_interface}:%{DATA:destination.address}/%{NUMBER:destination.port:int}\s*(?:\(?%{CISCO_USER:_temp_.cisco.destination_username}\)? )?duration (?:%{DURATION:_temp_.duration_hms} bytes %{NUMBER:network.bytes}) %{NOTCOLON:event.reason} \(%{CISCO_USER:_temp_.cisco.termination_user}\) - - ^Teardown %{NOTSPACE:network.transport} (?:state-bypass )?connection %{NOTSPACE:_temp_.cisco.connection_id} (?:for|from) %{NOTCOLON:_temp_.cisco.source_interface}:%{DATA:source.address}/%{NUMBER:source.port:int}\s*(?:\(?%{CISCO_USER:_temp_.cisco.source_username}\)? )?to %{NOTCOLON:_temp_.cisco.destination_interface}:%{DATA:destination.address}/%{NUMBER:destination.port:int}\s*(?:\(?%{CISCO_USER:_temp_.cisco.destination_username}\)? )?duration (?:%{DURATION:_temp_.duration_hms} bytes %{NUMBER:network.bytes}) \(%{CISCO_USER:_temp_.cisco.termination_user}\) - - ^Teardown %{NOTSPACE:network.transport} (?:state-bypass )?connection %{NOTSPACE:_temp_.cisco.connection_id} (?:for|from) %{NOTCOLON:_temp_.cisco.source_interface}:%{DATA:source.address}/%{NUMBER:source.port:int}\s*(?:\(?%{CISCO_USER:_temp_.cisco.source_username}\)? )?to %{NOTCOLON:_temp_.cisco.destination_interface}:%{DATA:destination.address}/%{NUMBER:destination.port:int}\s*(?:\(?%{CISCO_USER:_temp_.cisco.destination_username}\)? )?duration (?:%{DURATION:_temp_.duration_hms} bytes %{NUMBER:network.bytes}) %{NOTCOLON:event.reason} - - ^Teardown %{NOTSPACE:network.transport} (?:state-bypass )?connection %{NOTSPACE:_temp_.cisco.connection_id} (?:for|from) %{NOTCOLON:_temp_.cisco.source_interface}:%{DATA:source.address}/%{NUMBER:source.port:int}\s*(?:\(?%{CISCO_USER:_temp_.cisco.source_username}\)? )?to %{NOTCOLON:_temp_.cisco.destination_interface}:%{DATA:destination.address}/%{NUMBER:destination.port:int}\s*(?:\(?%{CISCO_USER:_temp_.cisco.destination_username}\)? )?duration (?:%{DURATION:_temp_.duration_hms} bytes %{NUMBER:network.bytes}) - - ^Teardown %{NOTSPACE:network.transport} connection for faddr (?:%{NOTCOLON:_temp_.cisco.source_interface}:)?%{ECSDESTIPORHOST}/%{NUMBER}\s*(?:\(?%{CISCO_USER:_temp_.cisco.destination_username}\)? )?gaddr (?:%{NOTCOLON}:)?%{MAPPEDSRC}/%{NUMBER} laddr (?:%{NOTCOLON:_temp_.cisco.source_interface}:)?%{ECSSOURCEIPORHOST}/%{NUMBER}\s*(?:\(%{CISCO_USER:_temp_.cisco.source_username}\))?(\s*type %{NUMBER:_temp_.cisco.icmp_type} code %{NUMBER:_temp_.cisco.icmp_code})? - pattern_definitions: - NOTCOLON: "[^:]*" - ECSSOURCEIPORHOST: "(?:%{IP:source.address}|%{HOSTNAME:source.domain})" - ECSDESTIPORHOST: "(?:%{IP:destination.address}|%{HOSTNAME:destination.domain})" - MAPPEDSRC: "(?:%{IPORHOST:_temp_.natsrcip}|%{HOSTNAME})" - DURATION: "%{INT}:%{MINUTE}:%{SECOND}" - CISCO_USER: ((LOCAL\\)?(%{HOSTNAME}\\)?%{USERNAME}(@%{HOSTNAME})?) - - # - # Decode FTD's Security Event Syslog Messages - # - # 43000x messages are security event syslog messages specific to FTD. - # Format is a comma-separated sequence of key: value pairs. - # - # The result of this decoding is saved as _temp_.orig_security.{Key}: {Value} - - kv: - if: '["430001", "430002", "430003", "430004", "430005", ""].contains(ctx._temp_.cisco.message_id)' - field: "message" - description: "430001, 430002, 430003, 430004, 430005" - field_split: ",(?=[A-za-z1-9\\s]+:)" - value_split: ":" - target_field: "_temp_.orig_security" - trim_key: " " - trim_value: " " - ignore_failure: true - - # - # Remove _temp_.full_message. - # - # The field has been used as temporary buffer while decoding. The full message - # is kept under event.original. Processors below can still add a message field, as some - # security events contain an explanatory Message field. - - remove: - field: - - message - - _temp_.full_message - ignore_missing: true - - # - # Populate ECS fields from Security Events - # - # This script uses the key-value pairs from Security Events to populate - # the appropriate ECS fields. - # - # A single key can be mapped to multiple ECS fields, and more than one key can - # map to the same ECS field, which results in an array being created. - # - # This script performs an additional job: - # - # Before FTD version 6.3, the message_id was not included in Security Events. - # As this field encodes the kind of event (intrusion, connection, malware...) - # the script below will guess the right message_id from the keys present in - # the event. - # - # The reason for overloading this script with different behaviors is - # that this pipeline is already reaching the limit on script compilations. - # - #******************************************************************************* - # Code generated by go generate. DO NOT EDIT. - #******************************************************************************* - - script: - if: ctx._temp_?.orig_security != null - params: - ACPolicy: - target: ac_policy - id: ["430001", "430002", "430003"] - ecs: [_temp_.cisco.rule_name] - AccessControlRuleAction: - target: access_control_rule_action - id: ["430002", "430003"] - ecs: [event.outcome] - AccessControlRuleName: - target: access_control_rule_name - id: ["430002", "430003"] - ecs: [_temp_.cisco.rule_name] - AccessControlRuleReason: - target: access_control_rule_reason - id: ["430002", "430003"] - ApplicationProtocol: - target: application_protocol - ecs: [network.protocol] - ArchiveDepth: - target: archive_depth - id: ["430004", "430005"] - ArchiveFileName: - target: archive_file_name - id: ["430004", "430005"] - ecs: [file.name] - ArchiveFileStatus: - target: archive_file_status - id: ["430004", "430005"] - ArchiveSHA256: - target: archive_sha256 - id: ["430004", "430005"] - ecs: [file.hash.sha256] - Classification: - target: classification - id: ["430001"] - Client: - target: client - ecs: [network.application] - ClientVersion: - target: client_version - id: ["430002", "430003"] - ConnectionDuration: - target: connection_duration - id: ["430003"] - ecs: [event.duration] - DNS_Sinkhole: - target: dns_sinkhole - id: ["430002", "430003"] - DNS_TTL: - target: dns_ttl - id: ["430002", "430003"] - DNSQuery: - target: dns_query - id: ["430002", "430003"] - ecs: [dns.question.name] - DNSRecordType: - target: dns_record_type - id: ["430002", "430003"] - ecs: [dns.question.type] - DNSResponseType: - target: dns_response_type - id: ["430002", "430003"] - ecs: [dns.response_code] - DNSSICategory: - target: dnssi_category - id: ["430002", "430003"] - DstIP: - target: dst_ip - ecs: [destination.address] - DstPort: - target: dst_port - ecs: [destination.port] - EgressInterface: - target: egress_interface - id: ["430001", "430002", "430003"] - ecs: [_temp_.cisco.destination_interface] - EgressZone: - target: egress_zone - id: ["430001", "430002", "430003"] - Endpoint Profile: - target: endpoint_profile - id: ["430002", "430003"] - FileAction: - target: file_action - id: ["430004", "430005"] - FileCount: - target: file_count - id: ["430002", "430003"] - FileDirection: - target: file_direction - id: ["430004", "430005"] - FileName: - target: file_name - id: ["430004", "430005"] - ecs: [file.name] - FilePolicy: - target: file_policy - id: ["430004", "430005"] - ecs: [_temp_.cisco.rule_name] - FileSHA256: - target: file_sha256 - id: ["430004", "430005"] - ecs: [file.hash.sha256] - FileSandboxStatus: - target: file_sandbox_status - id: ["430004", "430005"] - FileSize: - target: file_size - id: ["430004", "430005"] - ecs: [file.size] - FileStorageStatus: - target: file_storage_status - id: ["430004", "430005"] - FileType: - target: file_type - id: ["430004", "430005"] - FirstPacketSecond: - target: first_packet_second - id: ["430004", "430005"] - ecs: [event.start] - GID: - target: gid - id: ["430001"] - ecs: [service.id] - HTTPReferer: - target: http_referer - id: ["430002", "430003"] - ecs: [http.request.referrer] - HTTPResponse: - target: http_response - id: ["430001", "430002", "430003"] - ecs: [http.response.status_code] - ICMPCode: - target: icmp_code - id: ["430001", "430002", "430003"] - ICMPType: - target: icmp_type - id: ["430001", "430002", "430003"] - IPReputationSICategory: - target: ip_reputation_si_category - id: ["430002", "430003"] - IPSCount: - target: ips_count - id: ["430002", "430003"] - IngressInterface: - target: ingress_interface - id: ["430001", "430002", "430003"] - ecs: [_temp_.cisco.source_interface] - IngressZone: - target: ingress_zone - id: ["430001", "430002", "430003"] - InitiatorBytes: - target: initiator_bytes - id: ["430003"] - ecs: [source.bytes] - InitiatorPackets: - target: initiator_packets - id: ["430003"] - ecs: [source.packets] - InlineResult: - target: inline_result - id: ["430001"] - ecs: [event.outcome] - IntrusionPolicy: - target: intrusion_policy - id: ["430001"] - ecs: [_temp_.cisco.rule_name] - MPLS_Label: - target: mpls_label - id: ["430001"] - Message: - target: message - id: ["430001"] - ecs: [message] - NAPPolicy: - target: nap_policy - id: ["430001", "430002", "430003"] - NetBIOSDomain: - target: net_bios_domain - id: ["430002", "430003"] - ecs: [host.hostname] - NumIOC: - target: num_ioc - id: ["430001"] - Prefilter Policy: - target: prefilter_policy - id: ["430002", "430003"] - Priority: - target: priority - id: ["430001"] - Protocol: - target: protocol - ecs: [network.transport] - ReferencedHost: - target: referenced_host - id: ["430002", "430003"] - ecs: [url.domain] - ResponderBytes: - target: responder_bytes - id: ["430003"] - ecs: [destination.bytes] - ResponderPackets: - target: responder_packets - id: ["430003"] - ecs: [destination.packets] - Revision: - target: revision - id: ["430001"] - SHA_Disposition: - target: sha_disposition - id: ["430004", "430005"] - SID: - target: sid - id: ["430001"] - SSLActualAction: - target: ssl_actual_action - ecs: [event.outcome] - SSLCertificate: - target: ssl_certificate - id: ["430002", "430003", "430004", "430005"] - SSLExpectedAction: - target: ssl_expected_action - id: ["430002", "430003"] - SSLFlowStatus: - target: ssl_flow_status - id: ["430002", "430003", "430004", "430005"] - SSLPolicy: - target: ssl_policy - id: ["430002", "430003"] - SSLRuleName: - target: ssl_rule_name - id: ["430002", "430003"] - SSLServerCertStatus: - target: ssl_server_cert_status - id: ["430002", "430003"] - SSLServerName: - target: ssl_server_name - id: ["430002", "430003"] - ecs: [server.domain] - SSLSessionID: - target: ssl_session_id - id: ["430002", "430003"] - SSLTicketID: - target: ssl_ticket_id - id: ["430002", "430003"] - SSLURLCategory: - target: sslurl_category - id: ["430002", "430003"] - SSLVersion: - target: ssl_version - id: ["430002", "430003"] - SSSLCipherSuite: - target: sssl_cipher_suite - id: ["430002", "430003"] - SecIntMatchingIP: - target: sec_int_matching_ip - id: ["430002", "430003"] - Security Group: - target: security_group - id: ["430002", "430003"] - SperoDisposition: - target: spero_disposition - id: ["430004", "430005"] - SrcIP: - target: src_ip - ecs: [source.address] - SrcPort: - target: src_port - ecs: [source.port] - TCPFlags: - target: tcp_flags - id: ["430002", "430003"] - ThreatName: - target: threat_name - id: ["430005"] - ecs: [_temp_.cisco.threat_category] - ThreatScore: - target: threat_score - id: ["430005"] - ecs: [_temp_.cisco.threat_level] - Tunnel or Prefilter Rule: - target: tunnel_or_prefilter_rule - id: ["430002", "430003"] - URI: - target: uri - id: ["430004", "430005"] - ecs: [url.original] - URL: - target: url - id: ["430002", "430003"] - ecs: [url.original] - URLCategory: - target: url_category - id: ["430002", "430003"] - URLReputation: - target: url_reputation - id: ["430002", "430003"] - URLSICategory: - target: urlsi_category - id: ["430002", "430003"] - User: - target: user - ecs: [user.id, user.name] - UserAgent: - target: user_agent - id: ["430002", "430003"] - ecs: [user_agent.original] - VLAN_ID: - target: vlan_id - id: ["430001", "430002", "430003"] - WebApplication: - target: web_application - ecs: [network.application] - originalClientSrcIP: - target: original_client_src_ip - id: ["430002", "430003"] - ecs: [client.address] - lang: painless - source: | - boolean isEmpty(def value) { - return (value instanceof AbstractList? value.size() : value.length()) == 0; - } - def appendOrCreate(Map dest, String[] path, def value) { - for (int i=0; i new HashMap()); - } - String key = path[path.length - 1]; - def existing = dest.get(key); - return existing == null? - dest.put(key, value) - : existing instanceof AbstractList? - existing.add(value) - : dest.put(key, new ArrayList([existing, value])); - } - def msg = ctx._temp_.orig_security; - def counters = new HashMap(); - def dest = new HashMap(); - ctx._temp_.cisco['security'] = dest; - for (entry in msg.entrySet()) { - def param = params.get(entry.getKey()); - if (param == null) { - continue; - } - param.getOrDefault('id', []).forEach( id -> counters[id] = 1 + counters.getOrDefault(id, 0) ); - if (!isEmpty(entry.getValue())) { - param.getOrDefault('ecs', []).forEach( field -> appendOrCreate(ctx, field.splitOnToken('.'), entry.getValue()) ); - dest[param.target] = entry.getValue(); - } - } - if (ctx._temp_.cisco.message_id != "") return; - def best; - for (entry in counters.entrySet()) { - if (best == null || best.getValue() < entry.getValue()) best = entry; - } - if (best != null) ctx._temp_.cisco.message_id = best.getKey(); - #******************************************************************************* - # End of generated code. - #******************************************************************************* - - # - # Normalize ECS field values - # - - script: - lang: painless - params: - "ctx._temp_.cisco.message_id": - target: event.action - map: - "430001": intrusion-detected - "430002": connection-started - "430003": connection-finished - "430004": file-detected - "430005": malware-detected - "dns.question.type": - map: - "a host address": A - "ip6 address": AAAA - "text strings": TXT - "a domain name pointer": PTR - "an authoritative name server": NS - "the canonical name for an alias": CNAME - "marks the start of a zone of authority": SOA - "mail exchange": MX - "server selection": SRV - "dns.response_code": - map: - "non-existent domain": NXDOMAIN - "server failure": SERVFAIL - "query refused": REFUSED - "no error": NOERROR - source: | - def getField(Map src, String[] path) { - for (int i=0; i new HashMap()); - } - dest[path[path.length-1]] = value; - } - for (entry in params.entrySet()) { - def srcField = entry.getKey(); - def param = entry.getValue(); - String oldVal = getField(ctx, srcField.splitOnToken('.')); - if (oldVal == null) continue; - def newVal = param.map?.getOrDefault(oldVal.toLowerCase(), null); - if (newVal != null) { - def dstField = param.getOrDefault('target', srcField); - setField(ctx, dstField.splitOnToken('.'), newVal); - } - } - - set: - if: "ctx.dns?.question?.type != null && ctx.dns?.response_code == null" - field: dns.response_code - value: NOERROR - - set: - if: 'ctx._temp_.cisco.message_id == "430001"' - field: event.action - value: intrusion-detected - - set: - if: 'ctx._temp_.cisco.message_id == "430002"' - field: event.action - value: connection-started - - set: - if: 'ctx._temp_.cisco.message_id == "430003"' - field: event.action - value: connection-finished - - set: - if: 'ctx._temp_.cisco.message_id == "430004"' - field: event.action - value: file-detected - - set: - if: 'ctx._temp_.cisco.message_id == "430005"' - field: event.action - value: malware-detected - - # - # Handle event.duration - # - # It can be set from ConnectionDuration FTD field above. This field holds - # seconds as a string. Copy it to _temp_.duration_hms so that the following - # processor converts it to the right value and populates start and end. - - set: - field: "_temp_.duration_hms" - value: "{{event.duration}}" - ignore_empty_value: true - - # - # Process the flow duration "hh:mm:ss" present in some messages - # This will fill event.start, event.end and event.duration - # - - script: - lang: painless - if: "ctx?._temp_?.duration_hms != null" - source: > - long parse_hms(String s) { - long cur = 0, total = 0; - for (char c: s.toCharArray()) { - if (c >= (char)'0' && c <= (char)'9') { - cur = (cur*10) + (long)c - (char)'0'; - } else if (c == (char)':') { - total = (total + cur) * 60; - cur = 0; - } else if (c != (char)'h' && c == (char)'m' && c == (char)'s') { - return 0; - } - } - return total + cur; - } - if (ctx?.event == null) { - ctx['event'] = new HashMap(); - } - String end = ctx['@timestamp']; - ctx.event['end'] = end; - long nanos = parse_hms(ctx._temp_.duration_hms) * 1000000000L; - ctx.event['duration'] = nanos; - ctx.event['start'] = ZonedDateTime.ofInstant( - Instant.parse(end).minusNanos(nanos), - ZoneOffset.UTC); - # - # Parse Source/Dest Username/Domain - # - - set: - field: source.user.name - value: "{{{ _temp_.cisco.source_username }}}" - if: 'ctx?.source?.user?.name == null && ctx?._temp_?.cisco?.source_username != null' - - set: - field: destination.user.name - value: "{{{ _temp_.cisco.destination_username }}}" - if: 'ctx?.destination?.user?.name == null && ctx?._temp_?.cisco?.destination_username != null' - - grok: - field: "source.user.name" - if: 'ctx?.source?.user?.name != null' - ignore_failure: true - patterns: - - (%{CISCO_DOMAIN})?%{CISCO_USER:source.user.name} - pattern_definitions: - CISCO_USER: "%{USERNAME}(@%{HOSTNAME:source.user.domain})?" - CISCO_DOMAIN: (LOCAL\\)?(%{HOSTNAME:source.user.domain}\\)? - - grok: - field: "destination.user.name" - if: 'ctx?.destination?.user?.name != null' - ignore_failure: true - patterns: - - (%{CISCO_DOMAIN})?%{CISCO_USER:destination.user.name} - pattern_definitions: - CISCO_USER: "%{USERNAME}(@%{HOSTNAME:destination.user.domain})?" - CISCO_DOMAIN: (LOCAL\\)?(%{HOSTNAME:destination.user.domain}\\)? - # - # Normalize protocol names - # - - lowercase: - field: "network.transport" - ignore_failure: true - - lowercase: - field: "network.protocol" - ignore_failure: true - - lowercase: - field: "network.application" - ignore_failure: true - - lowercase: - field: "file.type" - ignore_failure: true - - lowercase: - field: "network.direction" - ignore_failure: true - - lowercase: - field: "network.type" - ignore_failure: true - # - # Populate network.iana_number from network.transport. Also does reverse - # mapping in case network.transport contains the iana_number. - # - - script: - if: "ctx?.network?.transport != null" - lang: painless - params: - icmp: 1 - igmp: 2 - ipv4: 4 - tcp: 6 - egp: 8 - igp: 9 - pup: 12 - udp: 17 - rdp: 27 - irtp: 28 - dccp: 33 - idpr: 35 - ipv6: 41 - ipv6-route: 43 - ipv6-frag: 44 - rsvp: 46 - gre: 47 - esp: 50 - ipv6-icmp: 58 - ipv6-nonxt: 59 - ipv6-opts: 60 - source: > - def net = ctx.network; - def iana = params[net.transport]; - if (iana != null) { - net['iana_number'] = iana; - return; - } - def reverse = new HashMap(); - def[] arr = new def[] { null }; - for (entry in params.entrySet()) { - arr[0] = entry.getValue(); - reverse.put(String.format("%d", arr), entry.getKey()); - } - def trans = reverse[net.transport]; - if (trans != null) { - net['iana_number'] = net.transport; - net['transport'] = trans; - } - # - # Normalize event.outcome - # - - lowercase: - field: "event.outcome" - ignore_missing: true - - set: - field: "event.outcome" - if: 'ctx.event?.outcome == "est-allowed"' - value: "allowed" - - set: - field: "event.outcome" - if: 'ctx.event?.outcome == "permitted"' - value: "allowed" - - set: - field: "event.outcome" - if: 'ctx.event?.outcome == "allow"' - value: allowed - - set: - field: "event.outcome" - if: 'ctx.event?.outcome == "deny"' - value: denied - - set: - field: "network.transport" - if: 'ctx.network?.transport == "icmpv6"' - value: "ipv6-icmp" - # - # Convert numeric fields to integer or long, as output of dissect and kv processors is always a string - # - - convert: - field: source.port - type: integer - ignore_failure: true - ignore_missing: true - - convert: - field: destination.port - type: integer - ignore_failure: true - ignore_missing: true - - convert: - field: source.bytes - type: long - ignore_failure: true - ignore_missing: true - - convert: - field: destination.bytes - type: long - ignore_failure: true - ignore_missing: true - - convert: - field: network.bytes - type: long - ignore_failure: true - ignore_missing: true - - convert: - field: source.packets - type: integer - ignore_failure: true - ignore_missing: true - - convert: - field: destination.packets - type: integer - ignore_failure: true - ignore_missing: true - - convert: - field: _temp_.cisco.mapped_source_port - type: integer - ignore_failure: true - ignore_missing: true - - convert: - field: _temp_.cisco.mapped_destination_port - type: integer - ignore_failure: true - ignore_missing: true - - convert: - field: _temp_.cisco.icmp_code - type: integer - ignore_failure: true - ignore_missing: true - - convert: - field: _temp_.cisco.icmp_type - type: integer - ignore_failure: true - ignore_missing: true - - convert: - field: http.response.status_code - type: integer - ignore_failure: true - - convert: - field: file.size - type: integer - ignore_failure: true - - convert: - field: network.iana_number - type: string - ignore_failure: true - ignore_missing: true - - convert: - field: sip.to.uri.port - type: integer - ignore_failure: true - # - # Assign ECS .ip fields from .address is a valid IP address is found, - # otherwise set .domain field. - # - - grok: - field: source.address - patterns: - - "^(?:%{IP:source.ip}|%{GREEDYDATA:source.domain})$" - ignore_failure: true - - grok: - field: destination.address - patterns: - - "^(?:%{IP:destination.ip}|%{GREEDYDATA:destination.domain})$" - ignore_failure: true - - grok: - field: client.address - patterns: - - "^(?:%{IP:client.ip}|%{GREEDYDATA:client.domain})$" - ignore_failure: true - - grok: - field: server.address - patterns: - - "^(?:%{IP:server.ip}|%{GREEDYDATA:server.domain})$" - ignore_failure: true - # - # Geolocation for source and destination addresses - # - - geoip: - field: "source.ip" - target_field: "source.geo" - ignore_missing: true - - geoip: - field: "destination.ip" - target_field: "destination.geo" - ignore_missing: true - # - # IP Autonomous System (AS) Lookup - # - - geoip: - database_file: GeoLite2-ASN.mmdb - field: source.ip - target_field: source.as - properties: - - asn - - organization_name - ignore_missing: true - - geoip: - database_file: GeoLite2-ASN.mmdb - field: destination.ip - target_field: destination.as - properties: - - asn - - organization_name - ignore_missing: true - - rename: - field: source.as.asn - target_field: source.as.number - ignore_missing: true - - rename: - field: source.as.organization_name - target_field: source.as.organization.name - ignore_missing: true - - rename: - field: destination.as.asn - target_field: destination.as.number - ignore_missing: true - - rename: - field: destination.as.organization_name - target_field: destination.as.organization.name - ignore_missing: true - # - # Set mapped_{src|dst}_ip fields only if they consist of a valid IP address. - # - - grok: - field: _temp_.natsrcip - patterns: - - "^(?:%{IP:_temp_.cisco.mapped_source_ip}|%{GREEDYDATA:_temp_.cisco.mapped_source_host})$" - ignore_failure: true - - grok: - field: _temp_.natdstip - patterns: - - "^(?:%{IP:_temp_.cisco.mapped_destination_ip}|%{GREEDYDATA:_temp_.cisco.mapped_destination_host})$" - ignore_failure: true - # - # NAT fields - # - # The firewall always populates mapped ip and port even if there was no NAT. - # This populates both nat.ip and nat.port only when some translation is done. - # Fills nat.ip and nat.port even when only the ip or port changed. - - set: - field: source.nat.ip - value: "{{_temp_.cisco.mapped_source_ip}}" - if: "ctx?._temp_?.cisco?.mapped_source_ip != ctx?.source?.ip" - ignore_empty_value: true - - convert: - field: source.nat.ip - type: ip - ignore_missing: true - - set: - field: source.nat.port - value: "{{_temp_.cisco.mapped_source_port}}" - if: "ctx?._temp_?.cisco?.mapped_source_port != ctx?.source?.port" - ignore_empty_value: true - - convert: - field: source.nat.port - type: long - ignore_missing: true - - set: - field: destination.nat.ip - value: "{{_temp_.cisco.mapped_destination_ip}}" - if: "ctx?._temp_?.cisco.mapped_destination_ip != ctx?.destination?.ip" - ignore_empty_value: true - - convert: - field: destination.nat.ip - type: ip - ignore_missing: true - - set: - field: destination.nat.port - value: "{{_temp_.cisco.mapped_destination_port}}" - if: "ctx?._temp_?.cisco?.mapped_destination_port != ctx?.destination?.port" - ignore_empty_value: true - - convert: - field: destination.nat.port - type: long - ignore_missing: true - # - # Zone-based Network Directionality - # - # If external and internal zones are specified and our ingress/egress zones are - # populated, then we can classify traffic directionality based off of our defined - # zones rather than the logs. - - set: - field: network.direction - value: inbound - if: > - ctx?._temp_?.external_zones != null && - ctx?._temp_?.internal_zones != null && - ctx?.observer?.ingress?.zone != null && - ctx?.observer?.egress?.zone != null && - ctx._temp_.external_zones.contains(ctx.observer.ingress.zone) && - ctx._temp_.internal_zones.contains(ctx.observer.egress.zone) - - set: - field: network.direction - value: outbound - if: > - ctx?._temp_?.external_zones != null && - ctx?._temp_?.internal_zones != null && - ctx?.observer?.ingress?.zone != null && - ctx?.observer?.egress?.zone != null && - ctx._temp_.external_zones.contains(ctx.observer.egress.zone) && - ctx._temp_.internal_zones.contains(ctx.observer.ingress.zone) - - set: - field: network.direction - value: internal - if: > - ctx?._temp_?.external_zones != null && - ctx?._temp_?.internal_zones != null && - ctx?.observer?.ingress?.zone != null && - ctx?.observer?.egress?.zone != null && - ctx._temp_.internal_zones.contains(ctx.observer.egress.zone) && - ctx._temp_.internal_zones.contains(ctx.observer.ingress.zone) - - set: - field: network.direction - value: external - if: > - ctx?._temp_?.external_zones != null && - ctx?._temp_?.internal_zones != null && - ctx?.observer?.ingress?.zone != null && - ctx?.observer?.egress?.zone != null && - ctx._temp_.external_zones.contains(ctx.observer.egress.zone) && - ctx._temp_.external_zones.contains(ctx.observer.ingress.zone) - - set: - field: network.direction - value: unknown - if: > - ctx?._temp_?.external_zones != null && - ctx?._temp_?.internal_zones != null && - ctx?.observer?.egress?.zone != null && - ctx?.observer?.ingress?.zone != null && - ( - ( - !ctx._temp_.external_zones.contains(ctx.observer.egress.zone) && - !ctx._temp_.internal_zones.contains(ctx.observer.egress.zone) - ) || - ( - !ctx._temp_.external_zones.contains(ctx.observer.ingress.zone) && - !ctx._temp_.internal_zones.contains(ctx.observer.ingress.zone) - ) - ) - - - set: - field: _temp_.url_domain - value: "{{url.domain}}" - ignore_failure: true - if: ctx?.url?.domain != null - - - uri_parts: - field: url.original - ignore_failure: true - if: ctx?.url?.original != null - - append: - field: url.domain - value: "{{_temp_.url_domain}}" - ignore_failure: true - allow_duplicates: false - if: ctx?._temp_?.url_domain != null - - # - # Populate ECS event.code - # - - rename: - field: _temp_.cisco.message_id - target_field: event.code - ignore_failure: true - - remove: - field: - - _temp_.cisco.message_id - - event.code - if: 'ctx._temp_.cisco.message_id == ""' - ignore_failure: true - # - # Copy _temp_.cisco to its final destination, cisco.asa or cisco.ftd. - # - - rename: - field: _temp_.cisco - target_field: "cisco.asa" - ignore_failure: true - # - # Remove temporary fields - # - - remove: - field: _temp_ - ignore_missing: true - # - # Rename some 7.x fields - # - - rename: - field: cisco.asa.list_id - target_field: cisco.asa.rule_name - ignore_missing: true - # ECS categorization - - script: - lang: painless - params: - connection-finished: - kind: event - category: - - network - type: - - end - connection-started: - kind: event - category: - - network - type: - - start - file-detected: - kind: alert - category: - - malware - type: - - info - firewall-rule: - kind: event - category: - - network - type: [] - flow-expiration: - kind: event - category: - - network - type: - - connection - - end - intrusion-detected: - kind: alert - category: - - intrusion_detection - type: - - info - malware-detected: - kind: alert - category: - - malware - type: - - info - bypass: - kind: event - category: - - network - type: - - info - - change - error: - kind: event - outcome: failure - category: - - network - type: - - error - deleted: - kind: event - category: - - network - type: - - info - - deletion - - user - creation: - kind: event - category: - - network - type: - - info - - creation - - user - client-vpn-connected: - kind: event - category: - - network - - session - type: - - connection - - start - client-vpn-error: - kind: event - category: - - network - type: - - connection - - error - - denied - client-vpn-disconnected: - kind: event - category: - - network - type: - - connection - - end - source: >- - if (ctx?.event?.action == null || !params.containsKey(ctx.event.action)) { - return; - } - - ctx.event.kind = params.get(ctx.event.action).get('kind'); - ctx.event.category = params.get(ctx.event.action).get('category').clone(); - ctx.event.type = params.get(ctx.event.action).get('type').clone(); - if (ctx?.event?.outcome == null || (!ctx.event.category.contains('network') && !ctx.event.category.contains('intrusion_detection'))) { - if (ctx?.event?.action == 'firewall-rule') { - ctx.event.type.add('info'); - } else if (ctx?.event?.action.startsWith('connection-')) { - ctx.event.type.add('connection'); - } - return; - } - if (ctx.event.outcome == 'allowed') { - ctx.event.outcome = 'success'; - ctx.event.type.add('connection'); - ctx.event.type.add('allowed'); - } else if (ctx.event.outcome == 'denied' || ctx.event.outcome == 'block') { - ctx.event.outcome = 'success'; - ctx.event.type.add('connection'); - ctx.event.type.add('denied'); - } else if (ctx.event.outcome == 'dropped') { - ctx.event.outcome = 'failure'; - ctx.event.type.add('connection'); - ctx.event.type.add('denied'); - } else if (ctx?.event?.action == 'firewall-rule') { - ctx.event.type.add('info'); - } else if (ctx?.event?.action.startsWith('connection-')) { - ctx.event.type.add('connection'); - } - - - set: - description: copy destination.user.name to user.name if it is not set - field: user.name - value: "{{destination.user.name}}" - ignore_empty_value: true - if: ctx?.user?.name == null - - # Configures observer fields with a copy from cisco and host fields. Later on these might replace host.hostname. - - set: - field: observer.hostname - value: "{{ host.hostname }}" - ignore_empty_value: true - - set: - field: observer.vendor - value: "Cisco" - ignore_empty_value: true - - set: - field: observer.type - value: "firewall" - ignore_empty_value: true - - set: - field: observer.product - value: "asa" - ignore_empty_value: true - - set: - field: observer.egress.interface.name - value: "{{ cisco.asa.destination_interface }}" - ignore_empty_value: true - - set: - field: observer.ingress.interface.name - value: "{{ cisco.asa.source_interface }}" - ignore_empty_value: true - - append: - field: related.ip - value: "{{source.ip}}" - if: "ctx?.source?.ip != null" - allow_duplicates: false - - append: - field: related.ip - value: "{{source.nat.ip}}" - if: "ctx?.source?.nat?.ip != null" - allow_duplicates: false - - append: - field: related.ip - value: "{{destination.ip}}" - if: "ctx?.destination?.ip != null" - allow_duplicates: false - - append: - field: related.ip - value: "{{destination.nat.ip}}" - if: "ctx?.destination?.nat?.ip != null" - allow_duplicates: false - - append: - field: related.user - value: "{{{user.name}}}" - if: ctx?.user?.name != null && ctx?.user?.name != '' - allow_duplicates: false - - append: - field: related.user - value: "{{server.user.name}}" - if: ctx?.server?.user?.name != null && ctx?.server?.user?.name != '' - allow_duplicates: false - - append: - field: related.user - value: "{{{source.user.name}}}" - if: ctx?.source?.user?.name != null && ctx?.source?.user?.name != '' - allow_duplicates: false - - append: - field: related.user - value: "{{{destination.user.name}}}" - if: ctx?.destination?.user?.name != null && ctx?.destination?.user?.name != '' - allow_duplicates: false - - append: - field: related.hash - value: "{{file.hash.sha256}}" - if: "ctx?.file?.hash?.sha256 != null" - allow_duplicates: false - - append: - field: related.hosts - value: "{{host.hostname}}" - if: ctx.host?.hostname != null && ctx.host?.hostname != '' - allow_duplicates: false - - append: - field: related.hosts - value: "{{observer.hostname}}" - if: ctx.observer?.hostname != null && ctx.observer?.hostname != '' - allow_duplicates: false - - append: - field: related.hosts - value: "{{destination.domain}}" - if: ctx.destination?.domain != null && ctx.destination?.domain != '' - allow_duplicates: false - - append: - field: related.hosts - value: "{{source.domain}}" - if: ctx.source?.domain != null && ctx.source?.domain != '' - allow_duplicates: false - - append: - field: related.hosts - value: "{{source.user.domain}}" - if: ctx.source?.user?.domain != null && ctx.source?.user?.domain != '' - allow_duplicates: false - - append: - field: related.hosts - value: "{{destination.user.domain}}" - if: ctx.destination?.user?.domain != null && ctx.destination?.user?.domain != '' - allow_duplicates: false - - script: - lang: painless - description: This script processor iterates over the whole document to remove fields with null values. - source: | - void handleMap(Map map) { - for (def x : map.values()) { - if (x instanceof Map) { - handleMap(x); - } else if (x instanceof List) { - handleList(x); - } - } - map.values().removeIf(v -> v == null); - } - void handleList(List list) { - for (def x : list) { - if (x instanceof Map) { - handleMap(x); - } else if (x instanceof List) { - handleList(x); - } - } - } - handleMap(ctx); - - community_id: - ignore_missing: true - ignore_failure: true - - remove: - field: event.original - if: "ctx?.tags == null || !(ctx.tags.contains('preserve_original_event'))" - ignore_failure: true - ignore_missing: true -on_failure: - # Copy any fields under _temp_.cisco to its final destination. Those can help - # with diagnosing the failure. - - rename: - field: _temp_.cisco - target_field: "cisco.asa" - ignore_failure: true - # Remove _temp_ to avoid adding a lot of unnecessary fields to the index. - - remove: - field: _temp_ - ignore_missing: true - - append: - field: "error.message" - value: "{{ _ingest.on_failure_message }}" diff --git a/packages/cisco_asa/2.2.0/data_stream/log/fields/agent.yml b/packages/cisco_asa/2.2.0/data_stream/log/fields/agent.yml deleted file mode 100755 index d38a70bd6b..0000000000 --- a/packages/cisco_asa/2.2.0/data_stream/log/fields/agent.yml +++ /dev/null @@ -1,207 +0,0 @@ -- name: cloud - title: Cloud - group: 2 - description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' - type: group - fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - - name: instance.name - level: extended - type: keyword - ignore_above: 1024 - description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - - name: project.id - type: keyword - description: Name of the project in Google Cloud. - - name: image.id - type: keyword - description: Image ID for the cloud instance. -- name: container - title: Container - group: 2 - description: 'Container fields are used for meta information about the specific container that is the source of information. - - These fields help correlate data based containers from any runtime.' - type: group - fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - - name: labels - level: extended - type: object - object_type: keyword - description: Image labels. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. -- name: host - title: Host - group: 2 - description: 'A host is defined as a general computing instance. - - ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' - type: group - fields: - - name: architecture - level: core - type: keyword - ignore_above: 1024 - description: Operating system architecture. - example: x86_64 - - name: domain - level: extended - type: keyword - ignore_above: 1024 - description: 'Name of the domain of which the host is a member. - - For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - - name: id - level: core - type: keyword - ignore_above: 1024 - description: 'Unique host id. - - As hostname is not always unique, use values that are meaningful in your environment. - - Example: The current usage of `beat.name`.' - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: name - level: core - type: keyword - ignore_above: 1024 - description: 'Name of the host. - - It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use.' - - name: os.family - level: extended - type: keyword - ignore_above: 1024 - description: OS family (such as redhat, debian, freebsd, windows). - example: debian - - name: os.kernel - level: extended - type: keyword - ignore_above: 1024 - description: Operating system kernel version as a raw string. - example: 4.4.0-112-generic - - name: os.name - level: extended - type: keyword - ignore_above: 1024 - multi_fields: - - name: text - type: text - norms: false - default_field: false - description: Operating system name, without the version. - example: Mac OS X - - name: os.platform - level: extended - type: keyword - ignore_above: 1024 - description: Operating system platform (such centos, ubuntu, windows). - example: darwin - - name: os.version - level: extended - type: keyword - ignore_above: 1024 - description: Operating system version as a raw string. - example: 10.14.1 - - name: type - level: core - type: keyword - ignore_above: 1024 - description: 'Type of host. - - For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment.' - - name: containerized - type: boolean - description: > - If the host is a container. - - - name: os.build - type: keyword - example: "18D109" - description: > - OS build information. - - - name: os.codename - type: keyword - example: "stretch" - description: > - OS codename, if any. - -- name: input.type - type: keyword - description: Input type. -- name: log.offset - type: long - description: Offset of the entry in the log file. -- name: log.source.address - type: keyword - description: Source address from which the log event was read / sent from. diff --git a/packages/cisco_asa/2.2.0/data_stream/log/fields/base-fields.yml b/packages/cisco_asa/2.2.0/data_stream/log/fields/base-fields.yml deleted file mode 100755 index efbed64fad..0000000000 --- a/packages/cisco_asa/2.2.0/data_stream/log/fields/base-fields.yml +++ /dev/null @@ -1,20 +0,0 @@ -- name: data_stream.type - type: constant_keyword - description: Data stream type. -- name: data_stream.dataset - type: constant_keyword - description: Data stream dataset. -- name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. -- name: event.module - type: constant_keyword - description: Event module - value: cisco_asa -- name: event.dataset - type: constant_keyword - description: Event dataset - value: cisco_asa.log -- name: "@timestamp" - type: date - description: Event timestamp. diff --git a/packages/cisco_asa/2.2.0/data_stream/log/fields/ecs.yml b/packages/cisco_asa/2.2.0/data_stream/log/fields/ecs.yml deleted file mode 100755 index 10421d7880..0000000000 --- a/packages/cisco_asa/2.2.0/data_stream/log/fields/ecs.yml +++ /dev/null @@ -1,469 +0,0 @@ -- description: |- - Date/time when the event originated. - This is the date/time extracted from the event, typically representing when the event was generated by the source. - If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. - Required field for all events. - name: '@timestamp' - type: date -- description: Short name or login of the user. - name: client.user.name - type: keyword -- description: |- - Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. - Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. - name: destination.address - type: keyword -- description: Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. - name: destination.as.number - type: long -- description: Organization name. - name: destination.as.organization.name - type: keyword -- description: Bytes sent from the destination to the source. - name: destination.bytes - type: long -- description: |- - The domain name of the destination system. - This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. - name: destination.domain - type: keyword -- description: City name. - name: destination.geo.city_name - type: keyword -- description: Name of the continent. - name: destination.geo.continent_name - type: keyword -- description: Country ISO code. - name: destination.geo.country_iso_code - type: keyword -- description: Country name. - name: destination.geo.country_name - type: keyword -- description: Longitude and latitude. - level: core - name: destination.geo.location - type: geo_point -- description: Region ISO code. - name: destination.geo.region_iso_code - type: keyword -- description: Region name. - name: destination.geo.region_name - type: keyword -- description: IP address of the destination (IPv4 or IPv6). - name: destination.ip - type: ip -- description: |- - Translated ip of destination based NAT sessions (e.g. internet to private DMZ) - Typically used with load balancers, firewalls, or routers. - name: destination.nat.ip - type: ip -- description: |- - Port the source session is translated to by NAT Device. - Typically used with load balancers, firewalls, or routers. - name: destination.nat.port - type: long -- description: Port of the destination. - name: destination.port - type: long -- description: |- - Name of the directory the user is a member of. - For example, an LDAP or Active Directory domain name. - name: destination.user.domain - type: keyword -- description: Short name or login of the user. - name: destination.user.name - type: keyword -- description: |- - ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. - When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. - name: ecs.version - type: keyword -- description: Error message. - name: error.message - type: match_only_text -- description: |- - This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. - `event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. - This field is an array. This will allow proper categorization of some events that fall in multiple categories. - name: event.category - type: keyword -- description: |- - Identification code for this event, if one exists. - Some event sources use event codes to identify messages unambiguously, regardless of message language or wording adjustments over time. An example of this is the Windows Event ID. - name: event.code - type: keyword -- description: |- - event.created contains the date/time when the event was first read by an agent, or by your pipeline. - This field is distinct from @timestamp in that @timestamp typically contain the time extracted from the original event. - In most situations, these two timestamps will be slightly different. The difference can be used to calculate the delay between your source generating an event, and the time when your agent first processed it. This can be used to monitor your agent's or pipeline's ability to keep up with your event source. - In case the two timestamps are identical, @timestamp should be used. - name: event.created - type: date -- description: |- - event.created contains the date/time when the event was first read by an agent, or by your pipeline. - This field is distinct from @timestamp in that @timestamp typically contain the time extracted from the original event. - In most situations, these two timestamps will be slightly different. The difference can be used to calculate the delay between your source generating an event, and the time when your agent first processed it. This can be used to monitor your agent's or pipeline's ability to keep up with your event source. - In case the two timestamps are identical, @timestamp should be used. - name: event.created - type: date -- description: |- - Duration of the event in nanoseconds. - If event.start and event.end are known this value should be the difference between the end and start time. - name: event.duration - type: long -- description: event.end contains the date when the event ended or when the activity was last observed. - name: event.end - type: date -- description: |- - Timestamp when an event arrived in the central data store. - This is different from `@timestamp`, which is when the event originally occurred. It's also different from `event.created`, which is meant to capture the first time an agent saw the event. - In normal conditions, assuming no tampering, the timestamps should chronologically look like this: `@timestamp` < `event.created` < `event.ingested`. - name: event.ingested - type: date -- description: |- - This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. - `event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. - The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. - name: event.kind - type: keyword -- description: |- - Source of the event. - Event transports such as Syslog or the Windows Event Log typically mention the source of an event. It can be the name of the software that generated the event (e.g. Sysmon, httpd), or of a subsystem of the operating system (kernel, Microsoft-Windows-Security-Auditing). - name: event.provider - type: keyword -- description: |- - The numeric severity of the event according to your event source. - What the different severity values mean can be different between sources and use cases. It's up to the implementer to make sure severities are consistent across events from the same source. - The Syslog severity belongs in `log.syslog.severity.code`. `event.severity` is meant to represent the severity according to the event source (e.g. firewall, IDS). If the event source does not publish its own severity, you may optionally copy the `log.syslog.severity.code` to `event.severity`. - name: event.severity - type: long -- description: event.start contains the date when the event started or when the activity was first observed. - name: event.start - type: date -- description: |- - This field should be populated when the event's timestamp does not include timezone information already (e.g. default Syslog timestamps). It's optional otherwise. - Acceptable timezone formats are: a canonical ID (e.g. "Europe/Amsterdam"), abbreviated (e.g. "EST") or an HH:mm differential (e.g. "-05:00"). - name: event.timezone - type: keyword -- description: |- - This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. - `event.type` represents a categorization "sub-bucket" that, when used along with the `event.category` field values, enables filtering events down to a level appropriate for single visualization. - This field is an array. This will allow proper categorization of some events that fall in multiple event types. - name: event.type - type: keyword -- description: Full path to the file, including the file name. It should include the drive letter, when appropriate. - name: file.path - type: keyword -- description: |- - Custom key/value pairs. - Can be used to add meta information to events. Should not contain nested objects. All values are stored as keyword. - Example: `docker` and `k8s` labels. - name: labels - type: object -- description: |- - Full path to the log file this event came from, including the file name. It should include the drive letter, when appropriate. - If the event wasn't read from a log file, do not populate this field. - name: log.file.path - type: keyword -- description: |- - Original log level of the log event. - If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). - Some examples are `warn`, `err`, `i`, `informational`. - name: log.level - type: keyword -- description: |- - For log events the message field contains the log message, optimized for viewing in a log viewer. - For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. - If multiple messages exist, they can be combined into one message. - name: message - type: match_only_text -- description: |- - Total bytes transferred in both directions. - If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. - name: network.bytes - type: long -- description: |- - A hash of source and destination IPs and ports, as well as the protocol used in a communication. This is a tool-agnostic standard to identify flows. - Learn more at https://github.com/corelight/community-id-spec. - name: network.community_id - type: keyword -- description: |- - Direction of the network traffic. - Recommended values are: - * ingress - * egress - * inbound - * outbound - * internal - * external - * unknown - - When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". - When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". - Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. - name: network.direction - type: keyword -- description: IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Standardized list of protocols. This aligns well with NetFlow and sFlow related logs which use the IANA Protocol Number. - name: network.iana_number - type: keyword -- description: Network.inner fields are added in addition to network.vlan fields to describe the innermost VLAN when q-in-q VLAN tagging is present. Allowed fields include vlan.id and vlan.name. Inner vlan fields are typically used when sending traffic with multiple 802.1q encapsulations to a network sensor (e.g. Zeek, Wireshark.) - name: network.inner - type: object -- description: VLAN ID as reported by the observer. - name: network.inner.vlan.id - type: keyword -- description: Optional VLAN name as reported by the observer. - name: network.inner.vlan.name - type: keyword -- description: |- - In the OSI Model this would be the Application Layer protocol. For example, `http`, `dns`, or `ssh`. - The field value must be normalized to lowercase for querying. - name: network.protocol - type: keyword -- description: |- - Same as network.iana_number, but instead using the Keyword name of the transport layer (udp, tcp, ipv6-icmp, etc.) - The field value must be normalized to lowercase for querying. - name: network.transport - type: keyword -- description: |- - In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc - The field value must be normalized to lowercase for querying. - name: network.type - type: keyword -- description: Interface name as reported by the system. - name: observer.egress.interface.name - type: keyword -- description: Network zone of outbound traffic as reported by the observer to categorize the destination area of egress traffic, e.g. Internal, External, DMZ, HR, Legal, etc. - name: observer.egress.zone - type: keyword -- description: Hostname of the observer. - name: observer.hostname - type: keyword -- description: Interface name as reported by the system. - name: observer.ingress.interface.name - type: keyword -- description: Network zone of incoming traffic as reported by the observer to categorize the source area of ingress traffic. e.g. internal, External, DMZ, HR, Legal, etc. - name: observer.ingress.zone - type: keyword -- description: IP addresses of the observer. - name: observer.ip - type: ip -- description: |- - Custom name of the observer. - This is a name that can be given to an observer. This can be helpful for example if multiple firewalls of the same model are used in an organization. - If no custom name is needed, the field can be left empty. - name: observer.name - type: keyword -- description: The product name of the observer. - name: observer.product - type: keyword -- description: |- - The type of the observer the data is coming from. - There is no predefined list of observer types. Some examples are `forwarder`, `firewall`, `ids`, `ips`, `proxy`, `poller`, `sensor`, `APM server`. - name: observer.type - type: keyword -- description: Vendor name of the observer. - name: observer.vendor - type: keyword -- description: Observer version. - name: observer.version - type: keyword -- description: |- - Process name. - Sometimes called program name or similar. - name: process.name - type: keyword -- description: Process id. - name: process.pid - type: long -- description: All hostnames or other host identifiers seen on your event. Example identifiers include FQDNs, domain names, workstation names, or aliases. - name: related.hosts - type: keyword -- description: All of the IPs seen on your event. - name: related.ip - type: ip -- description: All the user names or other user identifiers seen on the event. - name: related.user - type: keyword -- description: |- - The domain name of the server system. - This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. - name: server.domain - type: keyword -- description: |- - Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. - Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. - name: source.address - type: keyword -- description: Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. - name: source.as.number - type: long -- description: Organization name. - name: source.as.organization.name - type: keyword -- description: Bytes sent from the source to the destination. - name: source.bytes - type: long -- description: |- - The domain name of the source system. - This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. - name: source.domain - type: keyword -- description: City name. - name: source.geo.city_name - type: keyword -- description: Name of the continent. - name: source.geo.continent_name - type: keyword -- description: Country ISO code. - name: source.geo.country_iso_code - type: keyword -- description: Country name. - name: source.geo.country_name - type: keyword -- description: Longitude and latitude. - level: core - name: source.geo.location - type: geo_point -- description: Region ISO code. - name: source.geo.region_iso_code - type: keyword -- description: Region name. - name: source.geo.region_name - type: keyword -- description: IP address of the source (IPv4 or IPv6). - name: source.ip - type: ip -- description: |- - Translated ip of source based NAT sessions (e.g. internal client to internet) - Typically connections traversing load balancers, firewalls, or routers. - name: source.nat.ip - type: ip -- description: |- - Translated port of source based NAT sessions. (e.g. internal client to internet) - Typically used with load balancers, firewalls, or routers. - name: source.nat.port - type: long -- description: Port of the source. - name: source.port - type: long -- description: |- - Name of the directory the user is a member of. - For example, an LDAP or Active Directory domain name. - name: source.user.domain - type: keyword -- description: Short name or login of the user. - name: source.user.name - type: keyword -- description: Name of the group. - name: source.user.group.name - type: keyword -- description: List of keywords used to tag each event. - name: tags - type: keyword -- description: |- - Domain of the url, such as "www.elastic.co". - In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field. - If the URL contains a literal IPv6 address enclosed by `[` and `]` (IETF RFC 2732), the `[` and `]` characters should also be captured in the `domain` field. - name: url.domain - type: keyword -- description: |- - The field contains the file extension from the original request url, excluding the leading dot. - The file extension is only set if it exists, as not every url has a file extension. - The leading period must not be included. For example, the value must be "png", not ".png". - Note that when the file name has multiple extensions (example.tar.gz), only the last one should be captured ("gz", not "tar.gz"). - name: url.extension - type: keyword -- description: |- - Portion of the url after the `#`, such as "top". - The `#` is not part of the fragment. - name: url.fragment - type: keyword -- description: If full URLs are important to your use case, they should be stored in `url.full`, whether this field is reconstructed or present in the event source. - name: url.full - type: wildcard -- description: |- - Unmodified original url as seen in the event source. - Note that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path. - This field is meant to represent the URL as it was observed, complete or not. - name: url.original - type: wildcard -- description: Password of the request. - name: url.password - type: keyword -- description: Path of the request, such as "/search". - name: url.path - type: wildcard -- description: Port of the request, such as 443. - name: url.port - type: long -- description: |- - The query field describes the query string of the request, such as "q=elasticsearch". - The `?` is excluded from the query string. If a URL contains no `?`, there is no query field. If there is a `?` but no query, the query field exists with an empty string. The `exists` query can be used to differentiate between the two cases. - name: url.query - type: keyword -- description: |- - The highest registered url domain, stripped of the subdomain. - For example, the registered domain for "foo.example.com" is "example.com". - This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". - name: url.registered_domain - type: keyword -- description: |- - Scheme of the request, such as "https". - Note: The `:` is not part of the scheme. - name: url.scheme - type: keyword -- description: |- - The subdomain portion of a fully qualified domain name includes all of the names except the host name under the registered_domain. In a partially qualified domain, or if the the qualification level of the full name cannot be determined, subdomain contains all of the names below the registered domain. - For example the subdomain portion of "www.east.mydomain.co.uk" is "east". If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period. - name: url.subdomain - type: keyword -- description: |- - The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for example.com is "com". - This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". - name: url.top_level_domain - type: keyword -- description: Username of the request. - name: url.username - type: keyword -- description: User email address. - name: user.email - type: keyword -- description: Short name or login of the user. - name: user.name - type: keyword -- description: |- - The domain name of the server system. - This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. - name: server.domain - type: keyword -- description: |- - Some event server addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. - Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. - name: server.address - type: keyword -- description: Port of the server. - name: server.port - type: long -- description: IP address of the server (IPv4 or IPv6). - name: server.ip - type: ip -- description: Short name or login of the user. - name: server.user.name - type: keyword -- description: |- - The domain name of the client system. - This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. - name: client.domain - type: keyword -- description: |- - Some event client addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. - Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. - name: client.address - type: keyword -- description: Port of the client. - name: client.port - type: long -- description: IP address of the client (IPv4 or IPv6). - name: client.ip - type: ip diff --git a/packages/cisco_asa/2.2.0/data_stream/log/fields/fields.yml b/packages/cisco_asa/2.2.0/data_stream/log/fields/fields.yml deleted file mode 100755 index a1e912f401..0000000000 --- a/packages/cisco_asa/2.2.0/data_stream/log/fields/fields.yml +++ /dev/null @@ -1,209 +0,0 @@ -- name: cisco.asa - type: group - fields: - - name: message_id - type: keyword - description: > - The Cisco ASA message identifier. - - - name: suffix - type: keyword - description: > - Optional suffix after %ASA identifier. - - - name: source_interface - type: keyword - description: > - Source interface for the flow or event. - - - name: destination_interface - type: keyword - description: > - Destination interface for the flow or event. - - - name: rule_name - type: keyword - description: > - Name of the Access Control List rule that matched this event. - - - name: source_username - type: keyword - description: > - Name of the user that is the source for this event. - - - name: destination_username - type: keyword - description: > - Name of the user that is the destination for this event. - - - name: mapped_source_ip - type: ip - description: > - The translated source IP address. - - - name: mapped_source_port - type: long - description: > - The translated source port. - - - name: mapped_destination_ip - type: ip - description: > - The translated destination IP address. - - - name: mapped_destination_port - type: long - description: > - The translated destination port. - - - name: threat_level - type: keyword - description: > - Threat level for malware / botnet traffic. One of very-low, low, moderate, high or very-high. - - - name: threat_category - type: keyword - description: > - Category for the malware / botnet traffic. For example: virus, botnet, trojan, etc. - - - name: connection_id - type: keyword - description: > - Unique identifier for a flow. - - - name: icmp_type - type: short - description: > - ICMP type. - - - name: icmp_code - type: short - description: > - ICMP code. - - - name: connection_type - type: keyword - description: > - The VPN connection type - - - name: session_type - type: keyword - default_field: false - description: > - Session type (for example, IPsec or UDP). - - - name: dap_records - type: keyword - description: > - The assigned DAP records - - - name: mapped_destination_host - type: keyword - - name: username - type: keyword - - name: mapped_source_host - type: keyword - - name: command_line_arguments - default_field: false - type: keyword - description: > - The command line arguments logged by the local audit log - - - name: assigned_ip - default_field: false - type: ip - description: > - The IP address assigned to a VPN client successfully connecting - - - name: privilege.old - default_field: false - type: keyword - description: > - When a users privilege is changed this is the old value - - - name: privilege.new - default_field: false - type: keyword - description: > - When a users privilege is changed this is the new value - - - name: burst.object - default_field: false - type: keyword - description: > - The related object for burst warnings - - - name: burst.id - default_field: false - type: keyword - description: > - The related rate ID for burst warnings - - - name: burst.current_rate - default_field: false - type: keyword - description: > - The current burst rate seen - - - name: burst.configured_rate - default_field: false - type: keyword - description: > - The current configured burst rate - - - name: burst.avg_rate - default_field: false - type: keyword - description: > - The current average burst rate seen - - - name: burst.configured_avg_rate - default_field: false - type: keyword - description: > - The current configured average burst rate allowed - - - name: burst.cumulative_count - default_field: false - type: keyword - description: > - The total count of burst rate hits since the object was created or cleared - - - name: security - type: flattened - description: Cisco FTD security event fields. - - name: webvpn.group_name - type: keyword - default_field: false - description: > - The WebVPN group name the user belongs to - - - name: termination_initiator - type: keyword - default_field: false - description: > - Interface name of the side that initiated the teardown - - - name: tunnel_type - type: keyword - default_field: false - description: > - SA type (remote access or L2L) - - - name: termination_user - default_field: false - type: keyword - description: > - AAA name of user requesting termination - - - name: message - default_field: false - type: keyword - description: >- - The message associated with SIP and Skinny VoIP events -- name: syslog.facility.code - type: long - description: Syslog numeric facility of the event. -- name: syslog.priority - type: long - description: Syslog priority of the event. diff --git a/packages/cisco_asa/2.2.0/data_stream/log/manifest.yml b/packages/cisco_asa/2.2.0/data_stream/log/manifest.yml deleted file mode 100755 index 1d5a84d954..0000000000 --- a/packages/cisco_asa/2.2.0/data_stream/log/manifest.yml +++ /dev/null @@ -1,88 +0,0 @@ -title: Cisco ASA logs -type: logs -streams: - - input: udp - title: Cisco ASA logs - description: Collect Cisco ASA logs - template_path: udp.yml.hbs - vars: - - name: tags - type: text - title: Tags - multi: true - required: true - show_user: false - default: - - cisco-asa - - forwarded - - name: udp_host - type: text - title: Listen Address - description: The bind address to listen for UDP connections. Set to `0.0.0.0` to bind to all available interfaces. - multi: false - required: true - show_user: true - default: localhost - - name: udp_port - type: integer - title: Listen Port - description: The UDP port number to listen on. - multi: false - required: true - show_user: true - default: 9001 - - name: preserve_original_event - required: true - show_user: true - title: Preserve original event - description: Preserves a raw copy of the original event, added to the field `event.original` - type: bool - multi: false - default: false - - name: processors - type: yaml - title: Processors - multi: false - required: false - show_user: false - description: > - Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details. - - - input: logfile - enabled: false - title: Cisco ASA logs - description: Collect Cisco ASA logs from file - vars: - - name: paths - type: text - title: Paths - multi: true - required: true - show_user: true - default: - - /var/log/cisco-asa.log - - name: tags - type: text - title: Tags - multi: true - required: true - show_user: false - default: - - cisco-asa - - forwarded - - name: preserve_original_event - required: true - show_user: true - title: Preserve original event - description: Preserves a raw copy of the original event, added to the field `event.original` - type: bool - multi: false - default: false - - name: processors - type: yaml - title: Processors - multi: false - required: false - show_user: false - description: >- - Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details. diff --git a/packages/cisco_asa/2.2.0/data_stream/log/sample_event.json b/packages/cisco_asa/2.2.0/data_stream/log/sample_event.json deleted file mode 100755 index 5ac2e9b8fa..0000000000 --- a/packages/cisco_asa/2.2.0/data_stream/log/sample_event.json +++ /dev/null @@ -1,107 +0,0 @@ -{ - "@timestamp": "2018-10-10T12:34:56.000Z", - "agent": { - "ephemeral_id": "147a5d91-18f7-4a75-9392-267d0d1f7e3b", - "id": "76622dbf-9aac-410d-ad3f-a1e99729e87f", - "name": "docker-fleet-agent", - "type": "filebeat", - "version": "8.0.0" - }, - "cisco": { - "asa": { - "destination_interface": "outside", - "source_interface": "inside" - } - }, - "data_stream": { - "dataset": "cisco_asa.log", - "namespace": "ep", - "type": "logs" - }, - "destination": { - "address": "192.168.98.44", - "ip": "192.168.98.44", - "port": 8256 - }, - "ecs": { - "version": "8.0.0" - }, - "elastic_agent": { - "id": "76622dbf-9aac-410d-ad3f-a1e99729e87f", - "snapshot": false, - "version": "8.0.0" - }, - "event": { - "action": "firewall-rule", - "agent_id_status": "verified", - "category": [ - "network" - ], - "code": "305011", - "dataset": "cisco_asa.log", - "ingested": "2022-03-10T23:57:18Z", - "kind": "event", - "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1772 to outside:192.168.98.44/8256", - "severity": 6, - "timezone": "+00:00", - "type": [ - "info" - ] - }, - "host": { - "hostname": "localhost" - }, - "input": { - "type": "udp" - }, - "log": { - "level": "informational", - "source": { - "address": "192.168.32.7:40986" - } - }, - "network": { - "community_id": "1:5fapvb2/9FPSvoCspfD2WiW0NdQ=", - "iana_number": "6", - "transport": "tcp" - }, - "observer": { - "egress": { - "interface": { - "name": "outside" - } - }, - "hostname": "localhost", - "ingress": { - "interface": { - "name": "inside" - } - }, - "product": "asa", - "type": "firewall", - "vendor": "Cisco" - }, - "process": { - "name": "CiscoASA", - "pid": 999 - }, - "related": { - "hosts": [ - "localhost" - ], - "ip": [ - "172.31.98.44", - "192.168.98.44" - ] - }, - "source": { - "address": "172.31.98.44", - "ip": "172.31.98.44", - "port": 1772 - }, - "tags": [ - "preserve_original_event", - "cisco-asa", - "forwarded" - ] -} \ No newline at end of file diff --git a/packages/cisco_asa/2.2.0/docs/README.md b/packages/cisco_asa/2.2.0/docs/README.md deleted file mode 100755 index 9664b66e23..0000000000 --- a/packages/cisco_asa/2.2.0/docs/README.md +++ /dev/null @@ -1,317 +0,0 @@ -# Cisco ASA Integration - -This integration is for Cisco ASA network device's logs. It includes the following -datasets for receiving logs over syslog or read from a file: - -- `log` dataset: supports Cisco ASA firewall logs. - -## Logs - -### ASA - -The `log` dataset collects the Cisco ASA firewall logs. - -An example event for `log` looks as following: - -```json -{ - "@timestamp": "2018-10-10T12:34:56.000Z", - "agent": { - "ephemeral_id": "147a5d91-18f7-4a75-9392-267d0d1f7e3b", - "id": "76622dbf-9aac-410d-ad3f-a1e99729e87f", - "name": "docker-fleet-agent", - "type": "filebeat", - "version": "8.0.0" - }, - "cisco": { - "asa": { - "destination_interface": "outside", - "source_interface": "inside" - } - }, - "data_stream": { - "dataset": "cisco_asa.log", - "namespace": "ep", - "type": "logs" - }, - "destination": { - "address": "192.168.98.44", - "ip": "192.168.98.44", - "port": 8256 - }, - "ecs": { - "version": "8.0.0" - }, - "elastic_agent": { - "id": "76622dbf-9aac-410d-ad3f-a1e99729e87f", - "snapshot": false, - "version": "8.0.0" - }, - "event": { - "action": "firewall-rule", - "agent_id_status": "verified", - "category": [ - "network" - ], - "code": "305011", - "dataset": "cisco_asa.log", - "ingested": "2022-03-10T23:57:18Z", - "kind": "event", - "original": "Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1772 to outside:192.168.98.44/8256", - "severity": 6, - "timezone": "+00:00", - "type": [ - "info" - ] - }, - "host": { - "hostname": "localhost" - }, - "input": { - "type": "udp" - }, - "log": { - "level": "informational", - "source": { - "address": "192.168.32.7:40986" - } - }, - "network": { - "community_id": "1:5fapvb2/9FPSvoCspfD2WiW0NdQ=", - "iana_number": "6", - "transport": "tcp" - }, - "observer": { - "egress": { - "interface": { - "name": "outside" - } - }, - "hostname": "localhost", - "ingress": { - "interface": { - "name": "inside" - } - }, - "product": "asa", - "type": "firewall", - "vendor": "Cisco" - }, - "process": { - "name": "CiscoASA", - "pid": 999 - }, - "related": { - "hosts": [ - "localhost" - ], - "ip": [ - "172.31.98.44", - "192.168.98.44" - ] - }, - "source": { - "address": "172.31.98.44", - "ip": "172.31.98.44", - "port": 1772 - }, - "tags": [ - "preserve_original_event", - "cisco-asa", - "forwarded" - ] -} -``` - -**Exported fields** - -| Field | Description | Type | -|---|---|---| -| @timestamp | Event timestamp. | date | -| cisco.asa.assigned_ip | The IP address assigned to a VPN client successfully connecting | ip | -| cisco.asa.burst.avg_rate | The current average burst rate seen | keyword | -| cisco.asa.burst.configured_avg_rate | The current configured average burst rate allowed | keyword | -| cisco.asa.burst.configured_rate | The current configured burst rate | keyword | -| cisco.asa.burst.cumulative_count | The total count of burst rate hits since the object was created or cleared | keyword | -| cisco.asa.burst.current_rate | The current burst rate seen | keyword | -| cisco.asa.burst.id | The related rate ID for burst warnings | keyword | -| cisco.asa.burst.object | The related object for burst warnings | keyword | -| cisco.asa.command_line_arguments | The command line arguments logged by the local audit log | keyword | -| cisco.asa.connection_id | Unique identifier for a flow. | keyword | -| cisco.asa.connection_type | The VPN connection type | keyword | -| cisco.asa.dap_records | The assigned DAP records | keyword | -| cisco.asa.destination_interface | Destination interface for the flow or event. | keyword | -| cisco.asa.destination_username | Name of the user that is the destination for this event. | keyword | -| cisco.asa.icmp_code | ICMP code. | short | -| cisco.asa.icmp_type | ICMP type. | short | -| cisco.asa.mapped_destination_host | | keyword | -| cisco.asa.mapped_destination_ip | The translated destination IP address. | ip | -| cisco.asa.mapped_destination_port | The translated destination port. | long | -| cisco.asa.mapped_source_host | | keyword | -| cisco.asa.mapped_source_ip | The translated source IP address. | ip | -| cisco.asa.mapped_source_port | The translated source port. | long | -| cisco.asa.message | The message associated with SIP and Skinny VoIP events | keyword | -| cisco.asa.message_id | The Cisco ASA message identifier. | keyword | -| cisco.asa.privilege.new | When a users privilege is changed this is the new value | keyword | -| cisco.asa.privilege.old | When a users privilege is changed this is the old value | keyword | -| cisco.asa.rule_name | Name of the Access Control List rule that matched this event. | keyword | -| cisco.asa.security | Cisco FTD security event fields. | flattened | -| cisco.asa.session_type | Session type (for example, IPsec or UDP). | keyword | -| cisco.asa.source_interface | Source interface for the flow or event. | keyword | -| cisco.asa.source_username | Name of the user that is the source for this event. | keyword | -| cisco.asa.suffix | Optional suffix after %ASA identifier. | keyword | -| cisco.asa.termination_initiator | Interface name of the side that initiated the teardown | keyword | -| cisco.asa.termination_user | AAA name of user requesting termination | keyword | -| cisco.asa.threat_category | Category for the malware / botnet traffic. For example: virus, botnet, trojan, etc. | keyword | -| cisco.asa.threat_level | Threat level for malware / botnet traffic. One of very-low, low, moderate, high or very-high. | keyword | -| cisco.asa.tunnel_type | SA type (remote access or L2L) | keyword | -| cisco.asa.username | | keyword | -| cisco.asa.webvpn.group_name | The WebVPN group name the user belongs to | keyword | -| client.address | Some event client addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. | keyword | -| client.domain | The domain name of the client system. This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. | keyword | -| client.ip | IP address of the client (IPv4 or IPv6). | ip | -| client.port | Port of the client. | long | -| client.user.name | Short name or login of the user. | keyword | -| cloud.account.id | The cloud account or organization id used to identify different entities in a multi-tenant environment. Examples: AWS account id, Google Cloud ORG Id, or other unique identifier. | keyword | -| cloud.availability_zone | Availability zone in which this host is running. | keyword | -| cloud.image.id | Image ID for the cloud instance. | keyword | -| cloud.instance.id | Instance ID of the host machine. | keyword | -| cloud.instance.name | Instance name of the host machine. | keyword | -| cloud.machine.type | Machine type of the host machine. | keyword | -| cloud.project.id | Name of the project in Google Cloud. | keyword | -| cloud.provider | Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. | keyword | -| cloud.region | Region in which this host is running. | keyword | -| container.id | Unique container id. | keyword | -| container.image.name | Name of the image the container was built on. | keyword | -| container.labels | Image labels. | object | -| container.name | Container name. | keyword | -| data_stream.dataset | Data stream dataset. | constant_keyword | -| data_stream.namespace | Data stream namespace. | constant_keyword | -| data_stream.type | Data stream type. | constant_keyword | -| destination.address | Some event destination addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. | keyword | -| destination.as.number | Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. | long | -| destination.as.organization.name | Organization name. | keyword | -| destination.bytes | Bytes sent from the destination to the source. | long | -| destination.domain | The domain name of the destination system. This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. | keyword | -| destination.geo.city_name | City name. | keyword | -| destination.geo.continent_name | Name of the continent. | keyword | -| destination.geo.country_iso_code | Country ISO code. | keyword | -| destination.geo.country_name | Country name. | keyword | -| destination.geo.location | Longitude and latitude. | geo_point | -| destination.geo.region_iso_code | Region ISO code. | keyword | -| destination.geo.region_name | Region name. | keyword | -| destination.ip | IP address of the destination (IPv4 or IPv6). | ip | -| destination.nat.ip | Translated ip of destination based NAT sessions (e.g. internet to private DMZ) Typically used with load balancers, firewalls, or routers. | ip | -| destination.nat.port | Port the source session is translated to by NAT Device. Typically used with load balancers, firewalls, or routers. | long | -| destination.port | Port of the destination. | long | -| destination.user.domain | Name of the directory the user is a member of. For example, an LDAP or Active Directory domain name. | keyword | -| destination.user.name | Short name or login of the user. | keyword | -| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | -| error.message | Error message. | match_only_text | -| event.category | This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. `event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories. | keyword | -| event.code | Identification code for this event, if one exists. Some event sources use event codes to identify messages unambiguously, regardless of message language or wording adjustments over time. An example of this is the Windows Event ID. | keyword | -| event.created | event.created contains the date/time when the event was first read by an agent, or by your pipeline. This field is distinct from @timestamp in that @timestamp typically contain the time extracted from the original event. In most situations, these two timestamps will be slightly different. The difference can be used to calculate the delay between your source generating an event, and the time when your agent first processed it. This can be used to monitor your agent's or pipeline's ability to keep up with your event source. In case the two timestamps are identical, @timestamp should be used. | date | -| event.dataset | Event dataset | constant_keyword | -| event.duration | Duration of the event in nanoseconds. If event.start and event.end are known this value should be the difference between the end and start time. | long | -| event.end | event.end contains the date when the event ended or when the activity was last observed. | date | -| event.ingested | Timestamp when an event arrived in the central data store. This is different from `@timestamp`, which is when the event originally occurred. It's also different from `event.created`, which is meant to capture the first time an agent saw the event. In normal conditions, assuming no tampering, the timestamps should chronologically look like this: `@timestamp` \< `event.created` \< `event.ingested`. | date | -| event.kind | This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. `event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. | keyword | -| event.module | Event module | constant_keyword | -| event.provider | Source of the event. Event transports such as Syslog or the Windows Event Log typically mention the source of an event. It can be the name of the software that generated the event (e.g. Sysmon, httpd), or of a subsystem of the operating system (kernel, Microsoft-Windows-Security-Auditing). | keyword | -| event.severity | The numeric severity of the event according to your event source. What the different severity values mean can be different between sources and use cases. It's up to the implementer to make sure severities are consistent across events from the same source. The Syslog severity belongs in `log.syslog.severity.code`. `event.severity` is meant to represent the severity according to the event source (e.g. firewall, IDS). If the event source does not publish its own severity, you may optionally copy the `log.syslog.severity.code` to `event.severity`. | long | -| event.start | event.start contains the date when the event started or when the activity was first observed. | date | -| event.timezone | This field should be populated when the event's timestamp does not include timezone information already (e.g. default Syslog timestamps). It's optional otherwise. Acceptable timezone formats are: a canonical ID (e.g. "Europe/Amsterdam"), abbreviated (e.g. "EST") or an HH:mm differential (e.g. "-05:00"). | keyword | -| event.type | This is one of four ECS Categorization Fields, and indicates the third level in the ECS category hierarchy. `event.type` represents a categorization "sub-bucket" that, when used along with the `event.category` field values, enables filtering events down to a level appropriate for single visualization. This field is an array. This will allow proper categorization of some events that fall in multiple event types. | keyword | -| file.path | Full path to the file, including the file name. It should include the drive letter, when appropriate. | keyword | -| host.architecture | Operating system architecture. | keyword | -| host.containerized | If the host is a container. | boolean | -| host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword | -| host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | -| host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | -| host.ip | Host ip addresses. | ip | -| host.mac | Host mac addresses. | keyword | -| host.name | Name of the host. It can contain what `hostname` returns on Unix systems, the fully qualified domain name, or a name specified by the user. The sender decides which value to use. | keyword | -| host.os.build | OS build information. | keyword | -| host.os.codename | OS codename, if any. | keyword | -| host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | -| host.os.kernel | Operating system kernel version as a raw string. | keyword | -| host.os.name | Operating system name, without the version. | keyword | -| host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | -| host.os.version | Operating system version as a raw string. | keyword | -| host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | -| input.type | Input type. | keyword | -| labels | Custom key/value pairs. Can be used to add meta information to events. Should not contain nested objects. All values are stored as keyword. Example: `docker` and `k8s` labels. | object | -| log.file.path | Full path to the log file this event came from, including the file name. It should include the drive letter, when appropriate. If the event wasn't read from a log file, do not populate this field. | keyword | -| log.level | Original log level of the log event. If the source of the event provides a log level or textual severity, this is the one that goes in `log.level`. If your source doesn't specify one, you may put your event transport's severity here (e.g. Syslog severity). Some examples are `warn`, `err`, `i`, `informational`. | keyword | -| log.offset | Offset of the entry in the log file. | long | -| log.source.address | Source address from which the log event was read / sent from. | keyword | -| message | For log events the message field contains the log message, optimized for viewing in a log viewer. For structured logs without an original message field, other fields can be concatenated to form a human-readable summary of the event. If multiple messages exist, they can be combined into one message. | match_only_text | -| network.bytes | Total bytes transferred in both directions. If `source.bytes` and `destination.bytes` are known, `network.bytes` is their sum. | long | -| network.community_id | A hash of source and destination IPs and ports, as well as the protocol used in a communication. This is a tool-agnostic standard to identify flows. Learn more at https://github.com/corelight/community-id-spec. | keyword | -| network.direction | Direction of the network traffic. Recommended values are: \* ingress \* egress \* inbound \* outbound \* internal \* external \* unknown When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | -| network.iana_number | IANA Protocol Number (https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Standardized list of protocols. This aligns well with NetFlow and sFlow related logs which use the IANA Protocol Number. | keyword | -| network.inner | Network.inner fields are added in addition to network.vlan fields to describe the innermost VLAN when q-in-q VLAN tagging is present. Allowed fields include vlan.id and vlan.name. Inner vlan fields are typically used when sending traffic with multiple 802.1q encapsulations to a network sensor (e.g. Zeek, Wireshark.) | object | -| network.inner.vlan.id | VLAN ID as reported by the observer. | keyword | -| network.inner.vlan.name | Optional VLAN name as reported by the observer. | keyword | -| network.protocol | In the OSI Model this would be the Application Layer protocol. For example, `http`, `dns`, or `ssh`. The field value must be normalized to lowercase for querying. | keyword | -| network.transport | Same as network.iana_number, but instead using the Keyword name of the transport layer (udp, tcp, ipv6-icmp, etc.) The field value must be normalized to lowercase for querying. | keyword | -| network.type | In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc The field value must be normalized to lowercase for querying. | keyword | -| observer.egress.interface.name | Interface name as reported by the system. | keyword | -| observer.egress.zone | Network zone of outbound traffic as reported by the observer to categorize the destination area of egress traffic, e.g. Internal, External, DMZ, HR, Legal, etc. | keyword | -| observer.hostname | Hostname of the observer. | keyword | -| observer.ingress.interface.name | Interface name as reported by the system. | keyword | -| observer.ingress.zone | Network zone of incoming traffic as reported by the observer to categorize the source area of ingress traffic. e.g. internal, External, DMZ, HR, Legal, etc. | keyword | -| observer.ip | IP addresses of the observer. | ip | -| observer.name | Custom name of the observer. This is a name that can be given to an observer. This can be helpful for example if multiple firewalls of the same model are used in an organization. If no custom name is needed, the field can be left empty. | keyword | -| observer.product | The product name of the observer. | keyword | -| observer.type | The type of the observer the data is coming from. There is no predefined list of observer types. Some examples are `forwarder`, `firewall`, `ids`, `ips`, `proxy`, `poller`, `sensor`, `APM server`. | keyword | -| observer.vendor | Vendor name of the observer. | keyword | -| observer.version | Observer version. | keyword | -| process.name | Process name. Sometimes called program name or similar. | keyword | -| process.pid | Process id. | long | -| related.hosts | All hostnames or other host identifiers seen on your event. Example identifiers include FQDNs, domain names, workstation names, or aliases. | keyword | -| related.ip | All of the IPs seen on your event. | ip | -| related.user | All the user names or other user identifiers seen on the event. | keyword | -| server.address | Some event server addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. | keyword | -| server.domain | The domain name of the server system. This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. | keyword | -| server.ip | IP address of the server (IPv4 or IPv6). | ip | -| server.port | Port of the server. | long | -| server.user.name | Short name or login of the user. | keyword | -| source.address | Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the `.address` field. Then it should be duplicated to `.ip` or `.domain`, depending on which one it is. | keyword | -| source.as.number | Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. | long | -| source.as.organization.name | Organization name. | keyword | -| source.bytes | Bytes sent from the source to the destination. | long | -| source.domain | The domain name of the source system. This value may be a host name, a fully qualified domain name, or another host naming format. The value may derive from the original event or be added from enrichment. | keyword | -| source.geo.city_name | City name. | keyword | -| source.geo.continent_name | Name of the continent. | keyword | -| source.geo.country_iso_code | Country ISO code. | keyword | -| source.geo.country_name | Country name. | keyword | -| source.geo.location | Longitude and latitude. | geo_point | -| source.geo.region_iso_code | Region ISO code. | keyword | -| source.geo.region_name | Region name. | keyword | -| source.ip | IP address of the source (IPv4 or IPv6). | ip | -| source.nat.ip | Translated ip of source based NAT sessions (e.g. internal client to internet) Typically connections traversing load balancers, firewalls, or routers. | ip | -| source.nat.port | Translated port of source based NAT sessions. (e.g. internal client to internet) Typically used with load balancers, firewalls, or routers. | long | -| source.port | Port of the source. | long | -| source.user.domain | Name of the directory the user is a member of. For example, an LDAP or Active Directory domain name. | keyword | -| source.user.group.name | Name of the group. | keyword | -| source.user.name | Short name or login of the user. | keyword | -| syslog.facility.code | Syslog numeric facility of the event. | long | -| syslog.priority | Syslog priority of the event. | long | -| tags | List of keywords used to tag each event. | keyword | -| url.domain | Domain of the url, such as "www.elastic.co". In some cases a URL may refer to an IP and/or port directly, without a domain name. In this case, the IP address would go to the `domain` field. If the URL contains a literal IPv6 address enclosed by `[` and `]` (IETF RFC 2732), the `[` and `]` characters should also be captured in the `domain` field. | keyword | -| url.extension | The field contains the file extension from the original request url, excluding the leading dot. The file extension is only set if it exists, as not every url has a file extension. The leading period must not be included. For example, the value must be "png", not ".png". Note that when the file name has multiple extensions (example.tar.gz), only the last one should be captured ("gz", not "tar.gz"). | keyword | -| url.fragment | Portion of the url after the `#`, such as "top". The `#` is not part of the fragment. | keyword | -| url.full | If full URLs are important to your use case, they should be stored in `url.full`, whether this field is reconstructed or present in the event source. | wildcard | -| url.original | Unmodified original url as seen in the event source. Note that in network monitoring, the observed URL may be a full URL, whereas in access logs, the URL is often just represented as a path. This field is meant to represent the URL as it was observed, complete or not. | wildcard | -| url.password | Password of the request. | keyword | -| url.path | Path of the request, such as "/search". | wildcard | -| url.port | Port of the request, such as 443. | long | -| url.query | The query field describes the query string of the request, such as "q=elasticsearch". The `?` is excluded from the query string. If a URL contains no `?`, there is no query field. If there is a `?` but no query, the query field exists with an empty string. The `exists` query can be used to differentiate between the two cases. | keyword | -| url.registered_domain | The highest registered url domain, stripped of the subdomain. For example, the registered domain for "foo.example.com" is "example.com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last two labels will not work well for TLDs such as "co.uk". | keyword | -| url.scheme | Scheme of the request, such as "https". Note: The `:` is not part of the scheme. | keyword | -| url.subdomain | The subdomain portion of a fully qualified domain name includes all of the names except the host name under the registered_domain. In a partially qualified domain, or if the the qualification level of the full name cannot be determined, subdomain contains all of the names below the registered domain. For example the subdomain portion of "www.east.mydomain.co.uk" is "east". If the domain has multiple levels of subdomain, such as "sub2.sub1.example.com", the subdomain field should contain "sub2.sub1", with no trailing period. | keyword | -| url.top_level_domain | The effective top level domain (eTLD), also known as the domain suffix, is the last part of the domain name. For example, the top level domain for example.com is "com". This value can be determined precisely with a list like the public suffix list (http://publicsuffix.org). Trying to approximate this by simply taking the last label will not work well for effective TLDs such as "co.uk". | keyword | -| url.username | Username of the request. | keyword | -| user.email | User email address. | keyword | -| user.name | Short name or login of the user. | keyword | diff --git a/packages/cisco_asa/2.2.0/img/cisco.svg b/packages/cisco_asa/2.2.0/img/cisco.svg deleted file mode 100755 index 20ebebf197..0000000000 --- a/packages/cisco_asa/2.2.0/img/cisco.svg +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file diff --git a/packages/cisco_asa/2.2.0/img/kibana-cisco-asa.png b/packages/cisco_asa/2.2.0/img/kibana-cisco-asa.png deleted file mode 100755 index ad51be22046cfe7a3c5f7f2a703aa15f24ec844a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 813426 zcmcG#byS>9@+h2ykl+M&39dtMhXe+9XVBp8?g>7)yAy)D4jMc#!QF$qI|IX)clY<* zyXV}yyYD}DPR}{d(_K~FC8xW(svfYiq7*s`G0KY1c~T$OwP=EXu?eh!Mt&S6@&_ z{c>vW(ZjDL=-#;1N)-2SE%#Z=>f%ln@B%y9iCAfPr2CGLXG^b^2J=NTNqy$X2oB~s zZB!$z_E$nt;*BV*6ilbZ51Z$`B2MgI2@hYzm6FELAbhcoSxCQMMq|O?MlzAYQex;K zgkg5-y$lOuPa&Y&+WJMb0f?%cf@9NfIU>Ht7na*KL>QiJXdDf zE?8p7*(xI@)DYSZ9EhEmjewQw80@U48Bo1?;k_(zA^ou&TEuA_!$OM6!OnI!(?3-d z2|{avB{?i3{O_f zhqLE?EYhcnRGA$k2ze8=jjnPcEcKB3gt9Q)=oQ%VVSAO|`I0U->Le zseRHgiy-e8?P!eV!)3jAvb&Xkg|i*GJLTZ4B=edP9lelu(tB*NugK?d=w6gBF@nFm z1O6D>93v4Ze8(pxWJvYv-4;7&o^_LRfvT$a_4oS1MEW1&*<}3Kr-Z#8SVnq8^_3-W z&iJd885E-ydK_MmDkA1h$1YS@yt2G{sV6X$EOQ}cD?W#e^zo(J_#5F5uQ+So_&C1d zJ$n;?6zUir$R`~N`hoaz>vQs0NJtG@MBeM!Zn}~$WHqQa-JkegMLS}T_DHm#@c!lz z3I^e%A=3FCb??jsCbfo^JUjBN9I^WRJLk zv{DQ+4}A}G#pF$LEM{1M!1tqcgOCp=OL!E4AUv|C==Y=(_Oh`adli~iNO?c^=At97 zlYWa<%a|usPK?FI@%ifA2VbF_$gzI5f$9OR-?!@|XS?UT=PRE4aKW#VA1LRs+L3I< zu-^xLNL2<1dLH@gXYCaDdVNR zX#^8686*1MZ^uVS>q@_swvf*LW-v)#$Fz`kB#-gFI8I_~dyC`3|H8_d9ug~5Qjl+) zzfpu;)T5SOU8iZ*EL%V9mTZvxDT1y)VnZBUXsVi`GR)YRgqkFkO9;LURFzpfvRI>}QSLBH6O&AexA5&G)5H|3n=i1~2xp)-n;bdY$EqS;#S zxMkFd!fo*I;qbyO((TaI;n07=XKJ!R|{(0(9@_JQd$5lw>&0PZ><}wvBv|e1g1O7~q91gdmja znRE4cw7rwO>(+OuD4yQggu+gVn>Q zrCsTwV*#-N6wuJ*A%P#>WWNb1kxMY|2>0+>7;0#d2yltjNvFvx@JK22upVjpxM--q z(E-U1h+8QeXrtcYV>O8!0hZ!M%(Uva*H6|Xd&Z=csg0?bsB$D1C1t5Hi}Tcaifz*_ zEX(@UC#DA&!i}Zu!o5lD@Ult#jES9et{R4|#*DL!@dq0ECrvB{Phy|m5xi^WIWcN? zYiH@?{v>Q9DdyHQ*q7Hg*;n-qEEAbfMR!P#nwY67&4|qCqx$CiTctIw4v)~or~)Dn zbDfba-pdP?C(uH@;)rJMNV*?aa$H7QtLQZ|eS}&+k+ey%okF4u0wfc{<^^w$ZujrR z>`GcoJxMgkfD84~n}|zx{ZLY-^Q1+?)kIn|4K+LY`Iv^6+{h~zpPid~AGUk|S&F{c8hZ=|vI<*n3mcxFlU6G2e_IJaHcj@C{9}zf%$K5SI}vQ5En3y7L|3jh4H{rcR3+v$W=ND5+Nfbp2Kb zA~VozonfjVfK4CnFR>A^Bi7qf6e27d3|ChBrb)xt+BWI49Yb+0iV|RJxLs!rEj#UR z-(aSVp*5p5)N;`>ydT;xzR1P3nVf5=cGGS1BXi2OT*li{vYEyLV590$f6Sf!$R5_enR+1n;3IqEyTrV>)W~MOc5i)q zaPag7HaDBcU6%nz;KW$wBXq4Po$YkDAS^%>OUEa}x%I4JL%uuxE4~x7 zyq?IyN5`UBL@3quWcJ=_cZm(C*W${)wE^MLTuPS{NmVqsY4v@K7)%~0x7Q-6f*6!P z&s@(vxHsQ~9-ho)+Iy~Ao}?{1wN6!E9*yK>5;)X4=ywQTyANjH3ErNJwk)~DdYs-r z9l;#Pw?qkjTduIyRnASK2hEhwa@3#9FLm`(b>~V?@=k1&Omanz)^FM$^&en!t34JC z7G{0}elug)xw%J}`(5Y850R^>8>vCn5%BRxlS7-sxk32V^JRvR%qmRsLh{`GTCl^z zXHCg_P2ipI*_QZdSa)oH?v=NpC}HPme|%eHM`@7Dix>E`fBj#|sM4Ihc=76u zmAba8wt~EXiGv-$$kf5u4B%FVkzz{cj` z;Q{dA1UNWbu(9*=^Rs>6VB_Fm{R6@3;$`n@nv%m1+The5W#M%dT^AK3nHXs%Y~{|4=^k$F~wf_Z`mzU>XQU7J= zUr_&Ai-3}|mDwLL{Ur<$b|JR^qwjy?;pL0pa`-3FCB}ZJc034(!Kh0psZ82fLEfXeD(pKx{i>}xmc+xqd_e)K5XN_Z4C_EhL@2l!2;^PEzFcVsY=Pt0l!&+8^*=&VAcNX^RSE2;M zMu|aL&c3L1r2HmYnvIHkdJgQclqaK58U62BLf+@sR5TlGN%9&W*gysP7a0oDIuNY* zT6TyOwmGt?fA+6Y@l`$!Y@)UVl?rn++-iMLFsIdpKdwv((zBb9`i~Z=A}U*H>0dN| z!%8W?wj%>AOilTm%0IkHMK)b3X6qh+Q@n4r!TW5ZGrOWO%7LyrDqf}w%6IPO7>U7g zavTQWl4v5#P>9f;k{^qs&Xuz`eURWgk(IgWg9hZIPfV~g5aDbJk(>ss^SH|V4Rdge z!wHW`+G{V6ji)unn(AOG&`Ci^m_ps2l?heB`njAOF%QsCd20F;UaD%|6+!Om{T+BU zvRs3o%Le+=)oeRZ)u2A-Ku?Yz@uj$^jKWLWQn?H*rdk7YaMt0diV+(h8&ID3Uw4Hc z?`0`lr9-|)$(zziZ{>vtrH9}mVG+HDMtq09C)Nn1*zN0D`Pz*4H;Lbe? zBWn~EC^u=d<3b}YE*JMq75N(rcOJ%$bz)Nt2m~onZCp2YaQ5WPV z>nM=_oef8tlI_)m7ZL6^J;ZVr($?PRgmF@LThSfZ#8#br$B^SqdAlfRAA4di* z+t-pb%WuORh5U(NKlf?XXRi{QuDA8kA8Y5eUE{kfQrRRcRg2h5WFnuKGA7robN;(L zULYTJy^gT=n{hM4A{?@>II}=)G z#~F+y{(5vK41r}%#*OHktFNVWt+q3CeR#1FGqPswND?C~pNFN#9APi;Yjoa^P{$Qu zLcUNd&6to;l5FDC+WBA;&z2tP9Z58!F8FIcvmt-`US#t0-Ohe_FuWyO7v(w+l=PwLX@%7)w+& z?~xY4B_t)OScShCBUSN?+>?_ms2`c&n8}rt1A4Cl`znR+;b*U&hs=AU< zRfhBW&teL*(M4nF9BJ|r0Cj|4W-)~%4gAjTr>$wZFNsQYe#>=qeScgor))yB|JkM9 zeJ8u;@b%=glK1YYDGkku7&q3yrR+LkE01aH_PD{7oZRuRuxwrZk>Jo-V8|FJ?_EwYzY+=E;YF5nRp>g+)-iQv(9hcuGj}!*Xr#PnzOL3&NX@Ih=-y;* z-!k8FQ9xFBTN&ulgsteBmqHkEoIbe7aYQth$1rJ;hW*@N|B3sanX2wHl{De$`}*wN zR}n1l$?zySshHl?(jw4LiHY1A>AIV+dUx7m3lPxV6D2{^$LdQcHzAZwUaOuIL|gs5 zww!gHnb;mQ5JOJjE|zeKzx&B@NZ;|&3LCC^MJyOB331+DPL=bYFCDo#7JSDF-N0w7 z>dHIo!!Ng)Gg=~LaP(UXJC*r;b24dDpR;qiQY#W_)0Vu%&d5l_Sjxzt*6PYrt$cjf ze2Iy)oxezP@^U?++s-fCs+HhV7npKEtK5 zxUK}2c^*k0FUN#P-L-MjtJnN;70CpR&whVx+5UdW?*I7u@$?4fv>5lb!eb84$+C3?kg$3{{8HHXJ{sxo8JGCenz0$Bo&0uYc~ggz8_LbQl@h8Q-4a$RP|{LtX69> zs0aiTmLY&*ooMCqG)IU_GzwewcB5EOw;dcVj*9LNPt)gHtWaYF>QE!_B9nQ72OoC7 zSxGA@erm4Den(9;`!()6oEssNr+;&ARTyR3{HZ_{UocTsrBgoZu#6q`X6d5qd0k3~ z-S}HDqgJ0%z^@1AA{THw`qI*Z4M+eIsKZD;*Xzy1}t`PE!vG{LA2{!iFoXm!&Qsq@--`UESJ6~EzaL zVeZIN^xrz-^AyOw_cOeF=fQBk0w0Pj|HXG)mdaz?ocawk=#Jz3-3$}l#wNzglLZ~# zWFcz<(Swb1dW_K6lRgDry~99%+mjFK6p>tkA7ssSBIQg9s0!mt>#GuIBuAf$dyHDM ztg28<0Hu?R6O34lAGZ%<#ci)IK=DBkHkn-wkq;s(;@EV8rV8_HN+c z64~VXSgc~7J^_1J0{I`GJO~74$iJFm;jcd5kNM9C8ws`fuFK=Z_A z*}4>d&|!%RxY-`|HMwGuFW)8Ak|-igKDaxuCq#b|7e$_v&8=K9T(XpbmCrQ(N}&Y~qmVQ$9A))2nDzFJ5Iovx>sT#y%T#Socov^)ZJ<7~i82=97@$xu|ZQ53Et-`5(uGE4&$&8qD{vy(qy}L+LLxR;J>3vrpyu%}ll-OB!FG zITyl?n0zWi?!;>CgVWu4_EQ;MMEO#kZpL*wJWN@qU_Ze$!6z{|SkcS$^~NsS$F|5Z zsc*pcPxQy)hdlhPCtlF_>s-UVgqnV1lkp-oxh$8RcUWWXL#M2|%|??+UFZGHUB*Lo z8ZGyWa?atwJbNAE^DEiSzK3bg0(|H8JhU`a^|D2E?u;8-_O+lx*m_FR&w(U$rJvI% zpLCyv8Dd^LU3TuB7Ae%Yd<>H5cEG-q8yoIp!y=SPQ9rMX%(~VNxq`Rc z{dl*pduqt*P>hX*+Tc&IgEB#i@80*4xDjVm?B58UetPyF6sI0NTG+297*4*vYj&8! z{}VZpWVfo9jI*BHV^OHB1yL2XEsn7KWGZ0 zWYUtBpLTT$bv~vDvQ+z`)5eWe&8^oJi@a&Z*S?SjmFqJPt%-5Bhr3H_c;)Md-1x|90_zl)G zll*8gjgBV659XCMJco@bh){0PJ-JIR#LE$_5?`446a~w4wHA&IZxa-L9@xRQXh`>O z&jHG>0g+!uCXcfNGM}gLh#eru2F=4DtA&Vzz)Lpw%hQoew@-rrGRN(r-Hig&P>5ZJ ztH}MPQfJ@q#5V z0z;RepPe=^lJJVk8y;t30U`EI+~e=71c>`IB$M|Nen!Q7Jh(V6afGTctTdLso7(HC zN$6k2LI;&QVlsY%`kHzBF@uUYWFwtPv`VR%xb31M6o}Ucq1EDzie!2;Mmnkq@>ILH zA!2R32l;X?BO_HhS1hWks@ZpHMRk(5UGsd;}q=t`jq-wXF=VFm@O^ zY8+j3JFGS8ebe0Ml*JOZSYs4qJHf}!u97q7JY5As-_MTi+31(c{;gglOUsM#EA~Od zFk{tgSDzlkz-gwj`y8FFiHjLjzshQ?x82o6BU4%2Oqg{} z)QT0!EF8Ao4Si-eDBF(L729`F<+Hemqz!@qQdyy0yH!7O>)MM@eznq6-p{%F-z?0P zfV#*|T8_;d?3NZG!t%4@CyU!i1dzMck~yc2;9ift@zI(3b55rXngtridLVLc445+| z;#r2!v*2OOM!{~scQl!b?*=$V?bC7^t?W0!bKo)_;HzdPD!t;Pwp1P;CqT#Ttd0nb zPEzk~woYa`;otXZH67ykbBiAK&?2IL$fzmnfy^o;3G zlsM%VCFcY#%cKr{7CuNQNY3DuNSsm{C=-PPuQBYfO5+7M_*v?^?wz!xGYh)H6m<@_ zn&A5o9|_Yy9s1kYBd6CpYezn(p6DM*J4fcs8ShaQUk<$!$YBDBdG=zYSJV=yI zzB|<OC=r?o=1-z}^9wGzRh?1u1ACzDj8#c7L)PJLz;oO8#k zx49-g(+k?I_RI&GtdWsnIa?{n8u*9`543eAS{!8>HwCaO$ky$C=8wGg*W&K7iRa}q z{ff^6CDz3S8%$V_tv4b>+)SyxcWa&Q6G1!BEXzN!sQcf&vFCT;1ZTHNYkCtu5*1V5 z9dz<-Myb(SPe%IIwPx}-3@}%BevLGPs3^=FH1-$mqIa968f^7p`(O-Tmlo&ry08U& zxofP?KCZcB>jqim?A&Bbq4`y{8eGCoW4o6MMf+mc{7#P4TZp}Pz%37DP*co-vWp{& zLaEy-?8aHCzFq07W1oupsSd;?aEqDYs=FRF6yy)z)>f~Yku8`3IBw*1;CQQd-&Sxc z4Mu@nYAw&PvBFi!dQkzbD58F%B$otH5{U!RKwH^fUc=b_OSaBXicZ+Cm3pxe&6b@> zPN$jV)QDVX#n&@VkGEGu7qNX)p3f`1S^AMY`V(Ca4tfB+gW1Z&C-Tbpp94~6)xE`r z_yL0W0!wO2f^X*{r57M-QgZ}{VIt5+8k0`rZP}>%D-zd}N%Y>(>>#&8-i-wd$)EMD zFIaWGPwP-}t*8q2YqcxFJ385m{FyW>DE&OitV-F2a)MWV?Ci7wR7+vGzCi$C3=jBR zxc2jv+Sn!)5h`m2FVr8yylYpbE0-httXPy~9Cn`=BZar)(6uQ7J|YEoZQqx9md4iz zn=o1ph2N6<3*o0&-X11Kac;wS%y9QEL1YyimaA}W2h(W`aj6{ZOsYqwmux( z3KN+$%UC|&iayf#xZb!o>jT#OEVBF|64n6me*=qcHNi95nIUzW0Zxa}QeC~`Xh9+U&&R^UgRba&aTOa)6t7r6= z*|9VH!0d9k`w^yn8znl%_&4VFH=^h2dj9vc3j)ETHa3&q6B8%M)P4$<(4ceiRgD|-LmCv ziRwIQcBqZNAEJri_ku@Cwuhe*7!S!|U)F+-RVi}d`&(@QC`htkVAdCgFlkmgfJF5A zUM3`>=}O_}?ydo1?fJl$Inm=nNvHiEP2f9C)=Yt~X6FfbqsIdZ=bn4u__PlaH$wt8 zlm-Di?n1u18j6Ho=gAXwv6}7W)e~RXI^clWij{B@Gtu_BoK^&0J$~F=UqSLy|Fd+Q z(&>B@4HBM#&BC$44Iq}3q{zAGvgh_f9mT47`@?M5d`ip8ik9Jg2bOK6)lmNdoa4M~;MTn2$Vk{ym!RD%zR4c6rMVm!S!=)mcu-}W-`#ZsQ z7`*tTf5yLz;d(DT_3X((&1tms>1?*%|)pIiXk;xxjGB84PtDs=EBs; z5Ui?yYe)(F#VbwEp*L}?>uZMoM7beA0n&)z(v^kfI+lmubz zwgjpwZ&=`Fxusm)0YTi&3Y=v_IoB)O+Drvf(1*3lu_FR|l%roPeaB~g1tYwipvRto z%z&8-B|B36q)5c64gFD@*KW}ae4bdNeD^iDO7#0HyB_awl-i_O>;@IVHQrYfSSNE> z^f$*bV_kQueaUlYJBJQ@PUern;01rffK59zGVc`NJNusU>JIRq$T6wDU~`W+=5mmh zf!E5yOtqHQ>l{ppZ~(1J6{Dxq7W3UhW-UNW3Eefya?+_trm%}H<{2wUX)k2wf*C_$ z5zwe+B(IjqQ~6=%srl?Tf=8PrPo-|FsZ)ckE-TD0UC0aN&HhDI9m}O);c9XKX=g9x z{#drha)d<=*?yk}-rL;~-7lP@kYC`S+tu55BBYn#@WYX_z1~}syGCB>PXkG-0hc?T z%f8TTPwzgHma~e@Gx%GI_0hJ|!7z&UAT`A{!g`D6%|*+npT`i0qN$(u^DfkRh_g64 zF}!ng{F{u4(TW@k$BKxjb(!6`x@Jng-EzzOlwY}lsfJz%I5a4ZnLsNYuaJv6u14Ta zKV)0N<1$+`Kx9Y$8G#;yPq82&)AW8V1Vr`Qs_x;0YAcMu$Xcbu`t;dFV~fAHou);v+-J_mZF;(4w1d z98b9JiVjMulA+9Hjg{@&*nb zog9jMPF+3AV-ajcNoLmgfdZDy6tQ3rHS`tmmZgdPJ`hdJXCz@5DBtXx0~jI%E9hdI z<@QF_6<%W`n(5&*9sdZ+jY%$P;-;Ga3GB$zWOq_~zx0Dto`;AzRHND40<=avj8^jD+!jdj7}kv%q#gaHo{c6t zSWt;-Q2lYDo7GwVr%I(L3?fOc3pLx1Q~I%^mM4PsQ;z*Oe-UuYlA4;a*GValC_SODMu7 z)NubMS*=S!;@kehr6++-<+b{cD)mzAlg?fLt5k-H7_!B3qQxON*hJ(GIbbY}T5hTO8SVLi5# zbfTF`WekdYMpeA@z)OUO*2_OBs#gEK#R+1g5-caS$TS7u-zQ5SBY$GNPZ7j18t{%;VP%?5zi~`1okcKI!US0lF=__I?;r8<%Q^|4xwzq z%%^4*ZCd`K4bO`yY-VF(3a!tk@~#ay$k*P#q;l8$aA0lHd}N}FU77anlBFFvvl3Qq6?^eeY*UsjcQxEdfO0|iY zFs8*;rvWpRJg(entOFBrilHB&8Dg(5c11%Z*h<$dH%W0zYxIl{IYc_b&iC8+<^-5j zh2<|O3113z!Z&(ZZY)|)ll}c-#e?2lFRz9h%Dvt@D`%5}-Pmp4&jv*VfG@-m^>sW~ z+wYwzK!Gi?{NNYa`zZpmNd2^+XG@RN5)Fk117WYzZF|uHPDRlfKLX26=jopde-1gZ z!TQ4j{15T}J}-V`^2$E2S@~AI|b&&lFY*(k7 zIFsdN6Hv$y@AP9g@)316Ye_uG3482UxJE?GtAP@x2W3C<3_}X;#UzO?fP}k`Vv@!1+HEy zLr|r~uKvC=zj0wm!x#|=s&=5$Qk*rt<_4l)ZVngg)W6xE^lJikx!~;Ul=!%701V%B zDWx5}X+kk49+~MVCkV0Lh`(SqY~mv3tvK~PKrNaOW6j`}>{-eUS5DizxJEAFQ?9Zt zwS7Nfn>n-^7v^CJ4%lIfx2&Zh@Z-LjD{Z-%oXX-WIi7~?Z~0c|teh?GvDN6MyjK6J z40E~2^FJZCE)*+~6b0ziktWL$qzbPk=%;hcGj?L0P7lnS_q}n5txd1r%~#8mqzd$W zm4?DcTr{VXVp*Zv*19zJp&ZA)r9>JF09wFU2&f5W87eC%;esNQtRHM8pVn5w=T6d^wFG5lrVjNOT)0ilij3y@Z z9sc+$Ls%=vCJ-k`iCpO2LouVls>D-rD7>t|EVDIDcy6gn8Jb`g%Ri_{_&wrtp$v@R zKn`^KV%pSa91{5>?0mwO9tj1PO=;D>BmSH5MInlU=;KxW(pW8Msy9p9YZHC0#rH|O z!4eECfXDEV#Q?kf2O&3>ZR*N@^myBL*K@ht>Gg1!U>E@Fol#>S>H9>c>j#uS68vrI zd)ezrU%-p&#M~vbRJQ4rel&46;A2>rd#CbMS?y4h)oFrOYa=-|r*~PmN{aqIOvbM9 zPkivS{TiE2q4V9E^y}*q_O*?U2?uL#w79tYx2IjbPpSiihvac=KQA&6-e4>o8v-}} zT!KieJ1$(nAs{+3Il3Z8<36Ydh{D!M3OyK zmC|<2^Iul15vmN2>QxZS4bMN1E z-DH$6LqrBO%I7|30z=BiOJoM?=$cQ>XXl-W9{)pW72jth&#%gHKVmPcM#?}*QPIE! zj@4Nsfo5WPo;6||oa4Ys_o1vJI(_Q~o#cqR}=ez@U#O!%al(fpr&->!dLy3r0gM`<*>uLNk2ul7DWu zWOEQl)htXL3$(ed13QRj#&gujsgY{4JM7acJxD^Df zmMaw&Bti83a-J|c`{f3H?X9ZDW1YDHJT(+GREx+>EG7Y9SQMZbo8S{m%^RueKmJVX>F+R<5 z9Yl1J>HcOzzo=;J?N;7b>)&M5YD_kTz!67GK0Kq&KGX+37F4^zqVxh^l}~M!UAsO- zH%-BpyC(BZI5@T!l9`uqIL&{#Ld(mZH$Xn> za7Jj-4%55V^?Jlc>zTgEqUy-s#PlNV3?Iojn|PWtyr>m)GdPn|g(;?{Iw;62Wt^Qk zc!ugK@wQgT9fw2aoBR_$CZ9IBK1pdwY&2f@CYbIO@nJkk{P6RbKAf-dM<`RTiju+U z9MsUtqBph@U#6Qar)gE`Dik5&B<5Xp&0I23t<%pCF-c(wfQ5uF)vt(D*rX_?`r26` z&i!!?i0#*$0AUpW!5@E%^i`Vo7Vy>0X14WXDFd>56kM6ZtFkzbl9$pN`EIYshDN%jt(}Y zt|b-S8LQN*`OuT6>l<_oSL+-2!?T_JoL8qCZ?qE8Rij_YN-s0Udvfc+6N;ctW4&WT z+2j*>s~EKsm7uto=Vk#kL4FH%`zw;E&ua8c zzbli4-#D~+1p5p~xgUo650Y&^)T^ebwx6DB)rDYP8u=dS#4-_EP3OTuxeb*M#ZW$- z%ttq|Y#SFm@wx`3khp|8U>V&AlzY2g?>3&9Ud8%>Kwx|4XJOSV%$k=$itXec%kDwC zvJ;WcNl)0c)?6SefUfk`H#(f;2GQ;$s#j5TPn{})W-ac29483en7;E{8DELng&{K5 zsXA#@3ayav)wqf0V{O=YnLcKg(*d~U_C$B3gTnhxhQ+X%GPBvap4_Vvv&qZ(*M5)l=AoQqNQ>&cyi^rMMV26GUr%&yl*$Y7piCpB(Ri z=!Oa^0;+~(^R{foB!D(4!$#<3PuIS7!#BRDq(@Ua5Yc@N2F=l-M^uD*f zY<$<#iTVxSnxKy`v~4a>3VyVN+kFhXlZXYxASA5hS@HgfN$IIu91+BH1Ac3tvTdzU zF*WkFa3xnlp?nvABy+zTx#WSYxb#!dn-coxmelHrSEBGM=0$VX>?Ikv!iNdxhbs{F z`W`FDcb0$m_t&Nt}=DK2KoDo}3nH;*(@C z3{IF}C!G8iB0q&szL#@6SNastdz#~Mv8%l`-@I#ZFebUu={No~d#Eh-I@lGf=mI9x zgN)0c^(;l87^=c8k#H>)OANa09m5&VciTMTb}fc;qb^~4{Dv=uLAM~ySvj*);W=)) zt`xjuu{R!V!2Ov&S+gg%_@^dpQ*cK!&BakRW|w<>Ft?57?LevkQlh&{BC_v7o=gA1 zwSD@J$s(>+rBw9m6nGZD#d~7jk`U}Vf&u{IV!fBb!ds{4OKYmw8<~)J3FusbMKea# zQ8iILRu?zc?W%Xkk;NQc8{UCWKJYzp>`~wka0JTr;p~rZrS+zuUkZwP>MB&SCq>Zg zvXXa2SRo*?3GtSRtZO7w%zjfWapSsM3bbYCG3avELxqBJU9?K&Pat(0hMRh~s+t|h zT_rI>oIYoKEqf^pa7#pO93w&!kilnFw$%J#795$AC#X*~{O6mp620T*6Q%p}G?l&S zS_E&`(}U`h*KMjB^})a#))ZPriU3W&$ET7 zy1uhkzXIOK)oB?sTR&dvGkAS&HG;&UW$c)@#73@pe;g+__6gw@wSE#CToEL;)_Z?R z(84e>P-mDAP%AzCSuGkseY%0dg)Nz)IV{Q-pz!?mI-`N$yrR`?*Q+7GSF=KIKLtzJ z=yxffM_;(-4a2g_+%f-2;Y2@o z{bF2=T_*F?O(&h$J~&9Rcbt9<>23`iYl_*^yygqa*>&?m3N|n`%Lw;odS?xL8uIby zzkJ;8c8TV(pU=biu4oue9ecEsg3e8Xch_vYa**OYbE~7~29k9h|IK+eGM{S--kL0# zYYBo$DE0p-^E&uZcz#~IW(<);O0{Hw<<9bI5sDfGX3;}M!U~;E#yRUR?bzmyUT(@> ztif%igx>%As$mA2m)WVPyt=ufb4*AEe(Rs*)A+FbVuTk*GDTfa(fN+sNorjcrPQnR ztYY~UvK?lp%cc9$bOFW>PvJTC1 zR>00?W3$MQz#<#Riyxcysf5wd(UKKF_(EOMVjOTG=q&Tp|5Lp{vYu(;&PWnE?YLzAJ&LKA}Vv^*Ec>ch*d0CawQwN$(Cc(G#g6Phyi!|9v&2tJ?Uq=xbo>D z6s(!N@lE}C#{CzBj`CXV&-<9z5Wcw;Nkf5X(#MNT3M_i6Pmwzc`ua!I&NG#* zC9TXX#VOO3#YT)NR&@K`r*eWtjsVDw#D?er&nE6b^lV@00=$vYH(95=6R7R+;r)thef5$qR@=_Ecp z0#lr`c)ao*6aDb&6Y6GZg|z?%$2VW5j`Dt(dOgTtuE3P0aFjZNQw{vl56wU_*OhXa zo%gd0Lh!A~s>dCYD(5l%5KX)Qx1_QcrKh94u|n@n+ByF!OtmQARP3)$nnr7|om*xf z4{uj{bDO-)`rJ+8&`AyZZRaMEBI|k*l8WX5^#CNA`6fRhBRmL*GI3RE*G_Ji{(M@6 zQ5bLBQG75}Hf*LaDDj6xe8t2Oq?b?IlZ_Ew%*;h(eu_Z*#BnV9DsAp5L$o-vJn6}u~&MZ@I)LTXLyOou!4;v<-nhkeE+fjwVTa$CEm97L6R zJ9?{o?|a!KO{0LqG7l!#&O$VDU>-2zP6`qFD!sq?a2Roj?qr{He?efy6X|8~E zjwoNZB;6DCPkmvHb;YX}8izE_OeoE06rq4Hp9y#CrSBRp?N4wmPuD&Re>6)(I)vp)$I zbf<&3Jcl*ei9cf8CRlae=uu}{&y)mG1i*00XDh^EJggrqR>dA42Dx1AJqTkCCi)@D z>y~GE{@QiEc;rOqD2fMbOW;s7cm~)ZAS2j@O>pX3JUWxtW+Ue|vN|T^A$vtNd2>L? zy~hB&Q7fJJ1m&_KU39l9j`)~zBy2lXh8T*r2lg27jqb-*m@f5WF6|-~eHQ6IR!D1E zSu&kI*mjr4dv2w%DCKhy?LAsg)h+s%PQbYvZNjShUMdmbk)b<``^mn$?z%*ab0ykM zONy$QD}5{!o#gWsiBkS!SAd6REv^H#g%8_0$m@SW@euC7PSR=N14@_+A#b3L8&*5o;* ztf#&nus!fKeZrkstUB3ZKs}GBu=~EY+$37*t&)#{$AjnPTU~cOU3G#2ZqSurJB~@V z-u@bGz1ZR~chKNp5^+QT<5?2Srpt+zjV=4|kom&97TdLuwgxqxW*W>EyAs9H2g8x6 z3g+86-)H7LnGv zGwC(0x?E+k8UE(5@fN#@*s`&K@64YcxZ>up%DAx^BwVudd{XU-67w9zemt>mq0W7o zXQG#ZCJO&DlGJRwwoK5}9pOwfW+|A?uKKBqN4ur-@X)Q{wZ(F8EZ{wZ_oL`)gw<}l)9~O&p>Z^S zb~wXX<@geX6q(~WH5%_KZ}T!eMrAW5eMNjxa^(jl5@C?X&G`Vo+eVDO3C^6YE-#=r zVDRx!M80#@2PG-t1zInLUb_()>x9{C-;&RM!^RfA0toIuv^ntI)Yx#@j1W!h{;Q{#uMI9xW-Kw3}^v>B7ZTc%%97?RDgrdd}TjbPAt!o4t#|A}kIm z`a;jyO#x0Bjb>-ZNrzNM84SwheS;7lM~%Gv*70-I0^&++LrG zftiuX6S#R7brOcs-h9hVHs>Ub&TUgg(kY`X0WP8jpnZ`b+=MM~IMTL34`0QHfiaSL;x+K)x7Am{Vn%G0_&-k+_}(9lqN3=zQXh)@9^Pu^aOv{T_W z=Rwcg3op83P|d+m=y{K;Ob&pYhvswSt~!d9@wZ_Pdc3XT3|m)er{iq@^aZ;`BK-j6 z%c-}PomV)y-kP5G^L$p`Wl_HoPDVG*ve*dU6P?-eH*EJ zErb2xbnqUyPk)jJQsiG_cz54hDl|k7?^Nbq^~zn`Mls4#%|qXTE(;2Xn|%r z`k)c@N+h1f|M1$dMEtg|KdjVAN8q(+NYC_G=x?j}7yaxv1!H6JJf)=i*3C|*)rMN0 zcDAEpPB)N=7hd!JBjc9XG8zOBHJ15N1q&MiJ^*_A;wnfpxF)4#V+Ro>4 zpE;dfm=UTq+Fap|=c;Hcnh3(HyE>GK^TRD0F-fCq-R2ur zShy)=QSld1qTJ!PGmV}v9IHGoe9hy&T7zOlGAS`3(ppL~6scHaWUr+3yt!soYYAQ8 zRvM?iUB%5xWU`&mDC(esE(PGhweR*`zo)-ZcSTW-qVi#0sg#*SneNAG2+-?6;*RCX zuH(+3OD2xedV}23alY%^%~vzDe%93-7V*bk3s`~GQfRhRzr{H**RE}HAspSQJgq=^ z%&z&dI;iLE{t%l&&TN9FpxLgHuu<~iz0!PUdjy;*l5Y3;6VU8R@U3T_-mH|wT=>_A z9!)(3c~Nfu*FZ=Q`HA7NrmG)Vy_I?s5i{THP7mfWy>d2uE<_&43&)-BkDMAKzgE%Y zm${FQ59%eI__%Bc^II-9z;>orG76XAQgnITn6`Y&I_E!ZxdSQkVuapCHg)2$wtMep z`?{3LVl>mLSEu^enWf&v_nRrzi#|yj7oR_XMTTedqGE>i zny%L%^=YZ4L+q(TW@%G^#01FaiMOpg{9jhw2e{5#?NJ01iNBbV70?p#uv8-nN!5Dl|fZ2urukRn$i z*47+cG<)A)QNdJ~rd4R`x|}6{tc6n&dVQ_wd=9DH<@mFd(W8)55cpk|s^E1$tww3( zC$z+R20bDL8Rga$j?24`3XW5V-DBU{h(XQI0y+wUbs)Mpq1VL+@mJ)?4+407T!-K$WqsOSZ zY;BySaV=TB_>Zk3)!f^J+yg_Sv4?Bc%Jg{=2Mt-$WV^1gk2#s{FVVecRCnbvR&3gg7R`k)z0J{{_%b5aZeT zvzGLNsa3(!ab0DY&wWHtgR-E5gTpz{JDsU=dz&;iCeH5%p-}L#-oS*OQzggO0Z+%WpEzk0Qp<6Yoh@eqbU_;M)RJ(Aao|p{=ttvaD|X39vwHeaOdf(%e9m3!`QgplpJ)y-qQuZ!{g}&1e1+56dF!0S^tpxo)mEt zBz1$+seZY9s?}s3bD-xgxxme^mCR77*u|5-mo;b1(cA9jW%GVLPM7F&xo%qU)b_;Q zv1ecGo}8?)TI@%cydZG(JrjJ$5$z_Eq!! zo*ZkU&kg)X!L=>0cJm(QU;Cy9^w3T$m|-w#1d`vvm3UTET~<}s}DhYaz-x(Y1S zUnu0?;d)*LU|37uLab^!aP=??Mj2RP?hYA~AfMfP|@;Mw`&h^)$waL=IhzbdKVX@5H}z z;P89PfVrRwt@0$ouTH{x0eC!k+wf^oO{2zlzlMQQJnYv+$}dXB7rj;WnbsyteoTS@ z;~cgK&c8WR{Ev>g|L4q~mJA<5s0F@s&Bq!0U=AP*8l~(|Cih3{S*f$+G%Utgf$Q1w zp@*^CT$%Dpm5}K#eP1?zl5nC%pUrl+lL%N#_Wb(-&i=t`#Q$^nPcevc zh9po9Yy_mF7^-k7=bU&t54Xjc)NLv=N)~AW6QxgzD8#vslA?o=7EQXHPGkZuyGRsG zv1d=0o2D_l*L+zlQVQeHWTNo^25rb3yhR%OA8OV-t@NZ4*CmbxvI;s-wGMpY2QE7f z^|1MsAgu*fwdDeC5dhGT1gMxGh4}*WD6Uc)2KtA|6oT*)`whd_ovyhY%UD7sFH1!y zl`~z=g&7Q(W>|YJUJ<3s_|^ks2eKf`S1Z(}n6uEGIqn>Q?Kjhycz3h_G}5uBQ+3m# zGZJV2si#uh-AK7svSpV}>J235*e<5tLCI+)*ozo6h4K8P4<*!awi@$k_Eee{$WuJx zSwF6NR_ns&VZ5Tjik>oRIf|m|FeKv5@~bdt|j6s3VwK^;#Ni%d_35w((-f z&v;qH(=H$4GbS82GjrG7c3b?5{4!*f%EkB$mTM?SI5={S4cAlgF}=d5#u)8B?XHzo zgeM+fZCYN|+cGioEgAGQMgKQWGJhdc)$@OS^HC+fP>`fRJ!UTdi6?}a7|&o;?uCj; zu$F(LGSxkm{qI|V|7in-C<7tvL+;-7@gUXM`MGBL1#iJ;P~oD#q^XDBr#bYWeqeKo z1X+iG1^oTlT2}(TOM^&`zU4;-3eKlZS{R`a@Y7I7Y`C#`3b8drZhH^3SvV zLFk{`joSJCaIT}0jU?;VNqI?4X55g>hY~O!OJ@&pl`0 zReiSmy}y8${5Pz`{}=MIo5-tyOmhnHXR1Eiy_r~fw= zIB~!8q<=ze<-MFPIsN;+@xT5We+aa%)l=A=47L3}dj1ew0uqyW{~JFte7-L%NUhbP zW~PMh(F}Yh%8p l*fM!24;>=u?U8@W9TM;BPdy{|n9o}X>O3N^*2&_*%Qj*M@2>bbm8oiL!4x2Q2*!nP`Le4f16ZFCGW$He3yI} zG@$!K9w;O(F76t(^oha|^Rc&_C^bDfCQFifvEHWSmVXv)!duGDKkNJeqtQx{1o3<^ zi3G@trrq$|mBX1a@z0^`{}w9b`j_FC=7^zWFnh{*KJ7jSbH9QdMOxkFkBsE>P^8e| z7Zy!drHTlt$DBixC4-y!_e=4%$9Qa>BfSu`F_yv{VG|Hx{{6$7AR4LMw6D6`~;j(yHO#FitA}?j5_78=%%m%v^tp~@AvCdMoIcN%$MY7Uh-s$ z^kjiC`SGqRLAlJy(@H+bvV=Od#-q1BSH1~`q9^);kF&!d?Sm&1$*=oE=j6DlSi$F7 zsuO6y@27dWYIh=tw7k@`Ar55UE8%Zjdh#jPyYA$Q>8<`*@N48)oYu!Y=40fw%2>E-8P*5-5uOt!Up(Y_sDWZkv5vLIU++Yg zG(2kQ4ng|W2k8MWfgHV#RcMXVe6pq|x@S*EH7#aG=b5j|XVvjHe~wp}%`Dz)0`BgX zm1=8zwHx4;HP$*~_G#VcJd+O|wtx*zyw7Kq-GogxmIb35llFIfH^pa6;C>vNug4;chb*IiRKIyub*kcSWd>uW{ zR}J;vCxA-!-qvwO7Qx%S z@4Xt~x%pispS$2k(+0=?lt?P+ULXo9MpU`@kh0!yf z!}0ShZGr|E7x)FZc>%xdrBI&otS&)MLK;nedN`MJAl!1QU{7?m)!0dQw(21;wIQPN+$<%Dma}K?;CZ*$L)~=@6wQGgsR&$Es{|@g_+VSY~Wqcx*;BD`nuLsG` zm&*(MH}k3J_SiKcEbo@Arml1a0BI9}xzY1?-vaMmP2Qav#?MOcJ=SKAUwls5_Ex6H z0ztkjtJaltiCsN(8rh(?*FErVyZQ<>{`vq`%)^c`torcVbqEH!=2f4)_p;oeGHmGE z3ed^NYRMWzW>6JF?Ne>nr$!4J5f}~KMbQ|CC*ZX&; z3Of(iMsI#Cz01RvI;Vy@D}JqPf-0FBc1Rq^v$>(`(^8Ko*C2)Or$OsNOaJcYjFq)U#rw6>~F-Frhu4vc*ZQO7`{%Jo%Z-q z<^0EO00#v;ph=BoRjevL)}h~?##B%0z(!VJo0a(wl64{kSfpr zwaNb73;(wyp+=6=sR)Xj#?>F1rmW(9f&c&@*DyC8CEkmUy}d_(tvT|az{9^V$bGVq zv;9X`my2`m94j-M)R*4FQYsV}05TdWgdrJZ-{(D?`mBG>-C!^)|C^rKlPWx@d8^=l zDLg=jynmlDi_^bD&PTAq-@cLNyiJl-|Is$R{h0p~8@lJ)7K z=H6=~3-3N1{i3R`cThbzkM-VrwQ&o=8D%t>_EvvyYA_(=JITLBJ6?af%KDa}&`l3K zhK^M`7fg>9WNf*~^||C}X@8;~uj%PLy`}**mqr)c1GqT9shLUuXV-l~Znl6AIWHHe zU~7(76VK|=4R!Frm0A1^YYR&gd@^*6lP8>C(H)!S%d79}LAL56Fkms{LFtzK-Sr80 zC)aD$(XnsELb0yu?nT=IXnj^AXC)-P(E6K$C*YgQ+mmNCwa&M<=Ip(5dD@1Z z^Iriu!T%a{g@8?7x%N%ZcG3)EY{7eZ`uHifEvZbmme2j{A!)^GVh*mC|CfY+j_efbqJpMx~}S?KGP*;fjz*_A2xv?C)r+(^k@S9ip(4} z)8Wh_$PUP25h&VvR76TGpK`6hrKNALA!)6?h)cI83Oea^w2nSL@> zp{}nscq~qL8=wDgEHB@X4!bE9#*WUhdHq%nEnVJ__LhCkjlLzw6O7yC3y`0!@2iJv zwS??4$M~$3U$>ssb&3}^6%KsZsX0n&#vbJT(G*kH6S}H>kipF$aQ4x7OF! zb>$PQYe6SQvxkxoLU6iWQ+pD;0o~<5^Y5w^H>=qWE8MXIpD`yHG#KYxM8RNYpO_pO zmOh$fwbp`mhLr_bJwH_xd59MQpP#UE708YC)KrhJ{Afl)P zcc{5qep1;*bf=jb83lh4;^{*rPyi9Q3XSm!qtCB?)>-M)u8V3u3z0cZ~yb-VS!p_|)hP@YLiMp58>w0*tS@X`^v?MgNC=kH** ze_-fuVm#s04T(}M@$@j)1k>u?<}*oR$}`ngX%zobwLK;CrP_M5i0hpV*;VPis+9!h zr<^8Sim>Kr+5)ZMUyJdHG#(YT0Cn7SP)*qL{5aDXrJ%wGIUWYsjFN1Ge^1Cx0Li2{SH-E z8u6n?y;@7!efqVa#zb_=$3e_ku?DE5>0EJ51PdpC4#t2v$_Uu^A>;^-GgoHR=y0l$ zMhY`hxP9@7tE&fFIW<6>fh}FUXlRr+ zgNGeF`GynqBQj37($x%_8n<6$@H1b5V14nsvv-|2UM;hjiXn>J*a)o(Gp3t!RSa!N zqsU%8xsG!()UTLlLxF5RCmg~TeLNlglB_W8&~=uWF$VE3<#*by+tG|>fZN2T)COXh zA3yF0Rh~2&OI6^poNI!eo|}aRSq9@X(`9{C_`Fj zGpbF;`uprDdWcEwZk8jgOg|`s39|`|@hVRwGoSY4pR*cBU>Mhy^#%^Euh)=0t=le` z9O?{}NuXBQ6~CkTKas|YiQ$x7!SFiFTRH9WB9v;n5^Hf*N1&oMb<%PpNOM{XYgzKp zsL};rlTcW8{9TjiKe96+L};cEcHYgZ2aMajw~y=mPX1KB5qx=4wAh^^`Kn%Ey-0e) z++pcmw2}gttRe56IO-hTIqe1cAUEsbnqkeEC6c0Ot<4QJD@N4F58qTNd}JSa{vY4=oCCkJ=5G^qPt z_Y^7IbD!7X7v?WCp_j)bVGJtb94Y1X$Z7lQky1noWQMC@7&*v*aH*7OFeB9|H;2h# zS}#hHH0m8F341E>%10i5#FtiF5ANMrVn=EyMm0?wk4N`ZhAipX_qsm6oFY)|wNj2- z^U^1L+-jZO>IHjn^xmJIH8o2N_OfTVZHC1AZNDvL5HU?vi94{JX)KAUOlmd|B(xN7 zw##E}=gfz@KjxDvRI4yQyo;XPRO3aS7Zu=#81UA=*g@CioHcEAhh+8?(rtAm~g zoAU2X>Hf8=KtubB*dg`NT@mFH?>@1qil#PjL-u>l4;E22B~S^=mpbML&Z&(G5AtVu z#U`6j(r@&*r7s^|`*TcJo20V|Dh8sO2r~IesS=Y;82|8-oOF^$Mm-}R5D3>Y9oN&M z$3T7^|EkqZXyeCnR?{pFNq8dN-Zj>*XaB7=HYeY0gKsY4)VZ)sdP zr|YEQ;du$~zB-pgHhsp6vN0~`%M9(t6L7t4iH;Ki6_UHa*v)J*Gwtc@bbXE6%hW#U zwcw~m6Ur^EP8TD85g&1M+!jFIuH_>_-O3OH=n`(2N<IQ!jffaW zrWgtkOtu>=TsoPmHo=E_un45?sTnM$Um>Qz&SWaD7~td(50^b^d%TNPF*ZApoZjZ9 zI2lCX$|Zkx{>6?nXfA?>B+EgUkLCBOVC`LF{32g1J=!4ltFU$MhYZ zn^w7HD^g#bSdy+H<0SUlAfhQu)<;C z-*0S$AQ>zpUC!%Bln~gJE4XACUQ$XsdT6 ze(_2ujK zh(Dn?!9&EGl6#(aG`1NR^HBIIhh9_D>?nXUV*WLL4F<)wtAk?a_xb2h zuI%Sxl``MJL=lk#)FXX2*&kw#GE@wLtq9cuHa{!vhAq4ZD)d)&#ap*dg-0ec0!nCgcSiBEX7&U!GOjs3Sca(0F z^>Zc+@;caHir-2LV`(B?<8dSLF3OY38#Qp@GaTe8HdfkEL3ujXg1&+t+)y3QPzM%ujVVy;OssYe_JbZIxXS7h*)IECp-?kr^?EclD0(1Xk?#(> zwJ~3ld`%d>r=Ss)pb|XX&>Ug4_0dDVwUh6(w3Ve^4vQPxGKxAnQ&IfcWpDp1=?L~Y zb*Jo+$S+CuEd8IN{=ct>7i@n8z|T^*li$_o8i*o900S3`4$EgNz~P;!&JdkJixPQr zObAnP)pA_)$%S?pq6GPt0<*zj1Xj#qjf|G38ez4EW1UPEc65=E`6b?0w*pPNglr2) zBRU*TLl_2cyYN<$h;gmt*8*Z9YJAC!>b`>%q=C3>`e?<-p^2&`$j6P2hO5Q7iJ$IN zI1hu^%tT~C+kNj74xl#Ze3N`u-Q$@#I-Q3R5`4EzY@}q<&1w0Cu)*)ncC=XiBG3SX zbc&Gl8@(q2S_@I>l%~DIGIYl8vTECV2|PQibzM>TK-TC&X^?F{ea+-=ELvmw9{B1# z%Ii8hKSl@hfVL?_UYnM4s=6*&b^-hsj7f2}(+GO&HYzoB&16UPINA11X z)0~6u6-(4wX>Rg?+{5`~Dyi&Hm56Bj_3e`V; z-_u#_s69!DU}+9j{w^4H8|aZcGApJt;dW9t*&KSo+S*mtHn2E$U45*)tq|`MTR7(3 z25WSBCeS`#m@oqS?8@3E+rxE$F_n9(e4fs{I0rn=p4r-#ct1KArn` zab%}=Ln7Dc&HD8R|1jc0yr_jm(zPdgc9CRz%OdRBF)P|GQwMF8k4K<<>&AT$==uH} z!?gJv|LbB^6YuhIum6uqHrsPulrwW2KLu!{K$(*pq@1nuo322U>wVgaov_Otd3gl- zFFvqgyhX=??*qWS8mHCeevgqqRhAAReNqBq_jxP@&i?FRrW>M+vF5BVi_2b$M(*1T ztnTi!UbgBsaJYTrrXQE?#hrEChk66xlDd{OK-}j88zzgWuKyliiwF0t&HPXAff`36|T_XIKQkpA_OM} z9^)Ig1fI+%1A?nMjp+~Shd^DpxIWiEw8^^n&aEP#8 z;qRdTx-+YVVR4bO#f>E8WgqHCbGq6IU<>MICZLQu4V$dm87#%JjSA+&I>l?Y&Xxr{ zVglRT%p&6@``|v#Vuzwhu4YeFWWa#-0yzG=bd=U%eKC7T+i|jNb7H3`dCU)&U5j8hH6>(LH80oumy4v7Ci_2n0} z?O(vpyaGQA73K3@FLfQ)S=9OA6bm6MmQ8P@5nKD!8-{7ufK!n-ZlsJEd-};ytVXq3 z4Uh$@SsKYUB(cz4Ip)g!4x^Xa>PU96K^c{>L#I=gJll#Ree>DAS0|$LeZb&(K*H&2 zt}xo18UzxQa2dE1ppS1ShX%gYq6&`jgz)NRhsW9qU{`ssw?z-~G8vlVcWbuJFIMOD zRP-=I`EmmIO^f$8s|05pYBNJ`f@`$Jw{<|GHzZc;`_1=J|p-COC|Jq)acg2_7u;KhU?e0uoohRh!4SGxMwiEeBG5=`_)rOa`MN95i$AR}YrAhYR)>b0apXquz@e8@4SO-IcDzk_8x z*dDb}sjKkI1c6C1G8(>j!t6GsY5ser#bbnt&_+vfu5@&PTxaVHS+r`|*F+5V|2ZBrD&BHGVXP^tIWD*SuyT*e=jLdp5V`()d6$MSF>Bo2aOkNo0E~WfHPaDnvsyg<7S7R1y(RuL)Gw$qCGn_qDgTE#`jI5*j3qJ4z&d=~$I{SlNA}JJGcl*iR&Bi>V zaOViCg1X$Qq_ii`t(R_%uD%w^Y3-SJ7JcgaajNV;iNybw-*0jHi$c;5(34ym@w-_{ zqn!ioL4KX6kGST?&^JlYxngUi#NATRvYGM(1QvtdBL7%&-w1U`81oB zz*nk)*^Mfpk^!bdGVz@&zgVV-K-?6Cs@0h}ktEYEH!A?8n`T@j6KD-9wfsA#xb z2}gJezqBK|v(gPKu@Uz0khXqsBm7N)^RI<<=|(hVKp138x)GG)+v{Ma8@wZq@OzY! zAav!!i&U%G+#dmt!(e*5$o=LF$zhxTX=fhmJ#?!diRJU=`Rg4FPn<)()LWzEVWtZ+h;1V!H8GbXG2WQS zI?!LK@&&C8D)S4gNeQ;Q60Ssg(=rzUc}XxlT5M53pV2Fuez8a5eJsJ0(gJm)Scv;q z7E!SfLzRz(-)&FDGq`Vt4MQuNd4-192bE{>in^glePonmTJaz9=*zd(TQm92( zBWr&Y6Bqf%iNl4kEphvbLIaFx5}Rfh_qV#V@*h8^si_{z2TF>3!3CJ_9#4@F*68s< z2+HUOhC6X=t+}*4dMI-E>Sfd4@K*Q5>ux)ol<`kIJL@3D`-?Nm`FT8s6(5oh348v$ z;+xWNmH9Ac4zd+?@Qu$DVeXT9vxwUhOrxI31ko`cCWiahDRi>Jam|;?IHjj4M?q|1 z?XeaM!|R7OMfAsu@TR&Po97l1r)Im(VveBKi?Lu>=j@x)T8WvCXazNPiUq;(GUFC` zcR}oM?gDNW&djq8D}yylPWl@iL4v0#na|A{Tc-xy1#7NACB(ckZ6cP%@h7;RO=t;qg3u{%uuX%<$(RKDW0pSwYWy zl?=S2V!rHVHKBD)9+}Hfg1IO0EFr1+(lvm+*kJ`{4W#ApIGkA4TOi_Vwt~pcX@+c2 zGd2>6O>Q1TsNeI9{>Ct3UwqC^AQeF@g?oouFc7z~me`@WfTGh-^_NwH^wlk7R3?U_29~23&-~NAE+;8l4ZLEQO;0$>Ya^a1F&OO!hwHZ>kGlW z@_!98DKiWpknuhHSnnIe$_{n-<`;q%BdE6E1Q&0CCw=wu&57yq_ou_PjudPJ`QKo5 zeFzF^$W|AUKp##?*0Mq1^iXLt-p(ppdnK}bRRt8qR;%<1?oKSbk>mL7P~D_T**q$O z28YDXS!vgrTE!sQ^3`+qns&bI2}Wvn(OESo_yEy@GG8uc^`yk*q@$)t?H6fQ*g<6`{2eT_ zO;E>BhNoioko0n=qbOy)bR7N3pEi*InIde`S#DgO?vO}78ZIBQJB~#EsRjR`W(X_r5&AzK z+tV8eP15!xitl;YYl_@CW6-4Ee}1vpd#)Aj(Gm1LmAU3mB`>F^{mV}bs-_`AePSbN zraYs=wM7hw-6En7#hDc9pNX6i)`v+8!V6zsul7;gKSGOA8+@U=brK?r^s7-o-!%&u z81OH$z5aSMvT+$OQU;53Qk3iz{tHVidGM5(4`Gd z8e0-z$;iqXe4|3^m#%lGVW2}2uEidZ8icdxz^1lfHOd~!-(WFf@QiE1l5akpV!AR% zC&m+{f0~UO*qr;lRK{fU1c;XLc{5Dg(m4TQnaAa0nS4}Fm>`1ovDsTc%V~DvaCUJ+ zYjf;xm86|S`NwU`xex@#OxU$_7pD%@Mk!caq|2^2yp6M7E?Hk;kE4rNfHX4a>rf`S zi9W$`>=_Q$TlZHeN$&~Orp1`FXPr7}Q@!OY$e9Eo0V*>yhy<0cP|@-VcQyXdCa_aj zR9gT1?HMENJ*BTfs&t0};7skW$9arXv1gNB#_XFA<`|j5u@C zVj>f^F=dHsfHwhEE3677pMOw0W}W^&9*6$FU{ip2A@hf&RpeLQz=fWjon^j1EVz2Y z(#P8&g1+ZglePOctW4E+^%~#mD7i!Qkt+6=FD%Y{sZ+1ViMrvV~}^o<1Jy;Ag2y zz>~P)PnHvGF`yW(czd%&KnDZ&*AtVfc3u{z_;!;H_q(d0{V4CuyM^!0Rx9Xl1G!0L zP$C?bE?U)dBJ5JdAAvnitcre!L9lsVBi3&uSSZsTG` zXsKLpfAB@bOul|K1@6*SRBpILN$d=7~3~dx*s63Q6C1X#Z0&~n*dW;f|+%(Vk;uF5t z2ZU4x@!F&#$dN_GAaSG8a)VYY@+>uOpFmIZgD2}58gGhh-%#h+;U)lYfpUkb`7#%- zBum#xm)&HaS&tddP_6E~WYqjf)2?g2gUpw7aVS9FHOZ={Fl8oNap=V=m(|48>ZO*q znz{HmZshH9L*?i48UWb~<{i=*HDMWR^Jd!<4wuBjDc)*BQCc6%NVfWs+1BwPiyUP6Qf+4cKo2%z!5Aod#q#JMAiGRI6XMt?W#y!H88BQ~-|@jw62yr@8L@cZZ= zeNcZ#_!-jr$2p9}UjB0!^HiG8aAde<`iOJvjD`%_j!t`JmxPDs>0V^-C8cIhwT;S; zrlEpmjx?7%XcQ2}tKPy;MiUu=P5ST{kJTvG)>O6oZJ+=0>?>2ufcA$f~N4A9FSVzT`Ox^gMiX4k_O0xG=NutfHkj2YEXXH$k-uB0`# z(!ggXZepbcp-2v8J_fBi97vC+q1n1JY-S!Z@kqSn5xZ3e@kWJ4+x?Li%qNAkXXp2N zdX{M8Y8kJi8{=E_3w%!!S;)_Wkd+=)q)V>Z9rQ=sTu1Fk*j_+qI-Rz8?66i-l9I+k zVQR{rFJ+F^7LU=%clUjROk&n@el^{CGDY|$Oj!-K9hrEWnJCm;=Wz^#WrTq8~7 zDOCwgq=TCWsg79`?(8doWZBOKj!xX5?eDFYvxxo6+?$4wF%18V0oM zUGiDQOv!gTYAOi{(jn^d+`Z-z|7a(h!nam(zSwytS0eGqFAOAVkB%T-{fH~m#ldGK zw%Q32Iy1IR`?-_umo<2j1R9x<G07<4s_VB?lv8wGh)${5LeOs zK;^Fez-H#o-CF(=vLd8ctg0%ulk^XrrCdXpM;+_q8f2?4uSW-9M~LkPWP*u1Q0u+s z;9p(z^ei))g0!OW^smFnczBU3)g8z^a_L4fpZ8c{ydKR!%U=`@aiuwP7opt5)!TX9 zqTKC-q3&M79QNPc4h-ty7lB&oA(ZPm(Pq9YQ47p03KwJ2Ni6UBnl0S7i3c=6fsbst z_GgV58?T=w)&w9^y7}Pz=;S%qZNOyUS_2cFK23#Dxq$($N-q~He_!h9`ea@1^W^pk zy>>D9uX~R^PilM|wgT(gapAGen52^}&EP^s89^;cPkVZs-0k_Y+0>??!&i2YHU}s& zbpQPdmacy_38(eG2#4!7S<>9?poXQZuo9Zm(ES6Q_3j8nTYtH^(ooCH55neFw;mZ< zv-{JR+EJX_Zz5y~6UzMuMYPIIG|) zr{!RKe3Z6M4PMv6=(R}kzMIq3Afys&r0M=S>=Uirf*2i!fRT1$`)E#iIR!-G)}62j z;GhtDc8a^A*|6wx^S172DcJq40`k$M%YA6{Ha_V&TE3;N(Hcj<=hl(eP=gmh=Vk1Q zoBed@W{pxj*CrYj-O?q1R&bFTg$Q~NqObQQKu}P{4RrfVTBDsjuN0LipE*MiIV;Vq z4{!V7YYHon(W>*T&11^277;td*qa3W2$^4jt#y{*W*}HWU{>53Iy70?>$xu^6hSoi z&z2>b7LFQ43hQ-f)=_8Mw#5XlN(iO~vZv{EuweJUG=DF|9yaG=U5|+QrK@H1{A<_D zhrTac_t$ib4PCMg*2Or;%y2qgrlEUh{|{g1<&t-luRX43=4JGp-~_hONkT?XK=)W9 zT8&V4ji8#bLGdkn@~B@!(Aw>wcCD*4;$c=6^0(*)D6)*x7CD(gXhAxb6A#;@_nZ3` zxT~N_k)`jQ?rU$MeZ|=CS8qE!Nz9JAEp~L6x@~@MEM^6XS+>tHiq(GqLtFK~;|Qru zJKhtPX4W7%K@KUwdk) zQ_ilJ)+PycOb|$QqqKv2b-fedJ1JU;O1TYIjZ)KbYTDqqO7Fmw1Q#+N@1u3>BtYUU z)^`0>A|L<>%@I40ys9L#Oefy_>bUBu0t@wEX#(#+pf#}dKI^q}XlA-~!p?hnSD@^W zIpUY5M+L=jwTuQVvzt5$7foCK<-%k`Pb2Z^M2ULjHlojH?ss$RO{(+i+dS^;O}~k| z-?b+jihN7>kr>scXXrNneSdJ*KtJ^Yb`(^k|3R8^$M(hrLoYwt!q$q1#UVCU2u_-q zMg}7-Y{b=VQG;i$l~e%r1Q7$31kKZr&AJcxAA2k~j8U%+;^n^Y_Rr$DZOdO9)F;oQ z`@dxqW1gbQc<#Hw|A-L{z_z0pNsKYz-CNaVD&_u|(=` z5$k_?0a(dl!ZD8uE17bKj5ue@XD&m6x_i(;er>QhKYFal#fNax1{Z0-zCjG3vF}T0 zx>}qZXN|L}o+s@q!+o)L|A(=!42!c_+DrlgLeSs@O9&F&T?2#!4;mOGSa6rY3Blb5 zf)m``-3FK7Ffh0dZUYRmb9TS?eDCge_Bw|jbMdSD>FVn0x~r<|7O<5zYkfCWu7BI5 zS~?KV%awV9@FXS1*o$l56rYZiZ=Atkr!u`N_Imf|LAC2JWDzlWDo=DDq3u#vvKPY<&6cz-4&Nj2_26})uF zIn{Yfs+04*Wm7=J`6D~U`?&$(^GQyh!wP|3Eil%s7Ta^w@zqw>$+Ft<du|F zdTZmy9_*YWA7IRV$?CG$ZWKlXun-qKS$tc9dKxEEXvN)nvW#|D%R<1ueDkuLIweB3 zoYe4^=U9~d-yNxMEA%u{=hy_u0ziBc2DQu2S&}jS$9w?+0qec-y%$8eaTG?1`G^&BWeZ*fCdv;-U!TMg20yk>9^`e-JxoSy2) zV<{cJwiPsmK9G=#f9>AxCh)m6qH6;j?~x^&it2?VbnrGE`cQt;-)Zp-S2?0n^H&we z2!A5AXtNG~l!WJdZq*11`s@7-3ISO5pC7zgvhoUTHUj#0-`{K64ED*UVsZ!wq4v9k z^i=r+HflN76N$(y(H;fq_VE27hG7c+x4tW^yi<%ygd0nS>zoOA)S<&sM`5w|kdSP( zS#83KF;WY8@gga?)>?=QPLowD2Hm}mg;hW3^xADmh-I9qcbZbzAuC~}$XkR>sG2$G zbq;PMw`BL*fl|>={%Z*Fite)uFR#WtJSl0PZwP@j-e!U*ib*Knm;7@qNjW(}k5BjW z!AK6-cKtM{i$V>CHI~CHJI^nXh`TUXr+#v83yk~wF2+`VLqX!QQSf3b*BzT$I8G?8 z)cHqFf$!g}(!9*gctB1{QiN@bDMRFuq3>fu5{uN^{M4+1>JsG8z zURsC)fmWETE+60E^RA0coT}Xgu`bdE9P^cFQuK5uENvJks;G|4@0QXR1MLitucfvp z#NH=+YYFJzdT14l1L*>wK}oi71e@Lww?SWh{g;Y)Xa| ztNM|LETvA6P7!mB*Kt0}HQ7}j6?*4Gwq3Cjg_{=vHNq2X)~MB0v$0>?WpmW;QS^o- zQZh66!2=8jzkDK=ZMTi6B-(CAh0=4Gu!05lP(bnwoEJ(R?x-2JCQr9tY|Ko`=FzU! zoqMkTPzr6_x?I?uqbKib_r&^DAOA2XSI$nZN;XeS{-QtX;OCA>`sg^4GcKViZy@%P zN^r&|;X>B9m1pu+_TM3lD~)H8)yM~B9+azBu>wZ{Qx1KmBx@nGIFLSxPqAFuD3Mzp z!`n#KW1pysjvJ~+_+mIVm{*h=LhATC=Pf=l)i(dEJIt8*n@FHnkP>-*@kKoxUJ}<&|>1jWA}{o=hq@ z^iPgM!n8li<9ZRD|3f~DpwWV+m{coHP49KWy9{j}TTUp5*$BMaG_^z5$4ipOl=uur z^%f0%e~g(?GNlwnizXh_ly#R8 z0(q&FmiD7o&*tMJ$jqM6%@wp$q!lWkt8W3xeH^$Sl^sr~F z2{+o;4yw?dn;7${IqpFA3gs(@?YVy+D-rWUoIneA`Mjt1wTF~XJx7txQ+Di&1H>m zw!};@)TY?n5hsr}zn*_TOFcVpHGsi*JWSi2i1pNOf4e-oj9T<9<%Yj;tIrNHlEwgjA@B>*Jr+pdIIi%)F<6R=-2uQj= z)PQ?ZADvoGnLMt$JQdPrv{tYyO3)3xlPYfiouBZRAKqyoNi%IzS`v+^LXGXWR$abA z`PfE=E|{E3*g)~biuKA!hVBmY94PW)Q0EG(Q? zVD{KqhHu;hA92Hp*^6cpauIK>%WD3eLi|;=b6xTxfKUDTPygOej2QvJgDyaLp>5~0M+1CbJ(Z$-&MGkG-q~%&CKpr7ilL#>C z)qIb(E~oe3|C=(B|BlV5;G$j$<92&|%V+vaJ^xaizxML~weFo_@-%LlWlfs8|Ea<= z`Uw%tALo-UH%%FCLZ-=*zyJTn{_hX_uUQdXe)qOvf3j$HoNxFLXH8Sh%>Uuq{%cMR z+-@N_{^063dQauGX97ep@}h3;+b} z2qK{!Bw?X6RPMWcyNp0S{GDvAJ~9R{ye28M)udNR8SS@Gbg?gJfg^D`q`|$>bbjhq zK!@o;=bng@$Obdv`<5kun)!IS*#+W#JewNauL({E3!n{ynKwjTbJIKOK9?xv*EciD ziei-(01ALBL-sIi+l9sa=R+HjB}enA--pW-y)?L{yLiw%p=mi`9lUvf!Tq7E2*n0K zYDGCjbksn@eR>!##J@!W-X3oZf6x(im1lKbX~9Q_^e3bS~)X*oNXp z6>`D`1s4Z}nl8_=XInMZu2!a{RKvZgw$X4CtKs5s93T~3%*8FbOdrfWJxy%q<7wRx zMZ9B|C6H=6bujzdF8Xkmx!(;)0VgXi@zvl`8XLM@a&YYsTGk8#0Na*MT|4qGik;nH z$1@vZS3@2yXmYsf;tfivN6}vL*L@q6jo#J(y@2R#8d>If42fpR}g))996{Jin>hwt9h}%tY<|BAe zTRT&D>`1Esf|NPi6r~;9O0GgKxFJ$s^vJlPRLd;uLgLa1R=amphFm&OC(D~zYX;oH=@ZGs#`^ zMN>0sxA0RyVDOuF^A7n~y>C^P+W*Lv<^790?!XRJ;G24C)^T%Pb}rZ7Dtiir{T9Wd zXEeB}&wuvvkP;KC&XqD%pt`=PTye+Kc~Y-Ls}t=+0(WW70Tmxum-ygaFnVmz*0Jw0Jz3OULdBJ0`jc0)px20(S^o`bjO}2@8CT%;f zEaUx}%d>p$QA!eXaTSVl&Uu~|7bD>PuyfG<{#ttwg@tT~Fg1L+c?rSSAsmIMS4f?s zg7CDM3i*rH0~k~vZjb8dJ9bUuOW9~Q5XR>VWx{2}-a}k&mrWaGVsJhcs+@t#{-KuN z#Y@=lV3AJLE$}i`Fz0;zSF)DN42Fi%K}O%wQcoDj*h`}e^qO&bA9=zAuZE7Ia8em2 zX6py_d;$4D*x0dB&FQq^h7CoujeU~g#t4WjV?{D`Je?uNHvVYPKuy1b3XmjsDwfVS zX1frr5LeJXZD@KhyI*E2uZ;#2c0Y&&!kh~hytfVQVGcVEs?7W5(I_@HVl6Jis9{b> zb6Qrq+`MqJu|!rp4;)_fZZRc3;%uY11Y)J^0 zq9o)t+W54TMWypsAm%g0W0VXiwn|D$0O+P<3KYmP)bUK>EOG8pw34Zo%X}@DgQ%VM zqM!;k{q!qj1=cLs!OB1B=|>8TgYYvcVV>JRvt4#yLTHYGNDB2e z!Pa_dcOJS938(#9$iwf4EGmSQ&GeKtC?z-qOY9x_9E0j^4`0ATBKgEx5e=NZW^gOh+(v&iepr)+|~Nk$^k;rpQCn zlMouuw_SoIB9f0-{T(zx2rNI+MFF57-`JqWO$BSeEpx%_+JJXkRb;s*aox0LM+H6js}cw_5W&q8FSCM2QZa*4-!=NA*xrl^k;oVTKKwv!2!) zO)hd3-;O~pSMRsXD`FOT3xqQjUFJd^i2Np%Di6z<#PcY$fzt8#Koz9{n~R}J8URSqssC97b&!F74)6(uQ<|m=6|XepT0-5r>3U*r=?N2ugtJd z!1oDC64n0soa^fSGiRao^RMRSg`_5Bf@b3>5~7CLZw8oIx;(|%x|rkDI6bAPR8;B1 zmS=H5S~FEGY*8FO!cPZFw|5p}Y@F@=IX?jUzrHYvSXldOC zZZCeIp@pdB{pZCXaZgY=Zk(3=hLv^n zeW%Uvg8$p1RQcRL0@t08nv>NA*hGU2Y7pN}DZZDAp`?arW#g1}U~$~CzuZyWjNTDj zXnBZeVhNM4qRnMKK-AT$WLLEQ)UV!lq4?@ov;`J#I(h>RgRBg6aTB<+P*>`>r-eud zqT|;MKwn#CkHSM2iC4s@sQ-|%# zI;2qJ*VN`PP?_b*wo?H_;J9As*Z!ns0fU<_ug45kI&D*jw2n`Fvxv;W(7-=$+rpSqWpD{A$8(+e%~vcWh2mc+mU)l+S=|Lz0*1*I(?jyDb9%#;=Nh2F|33b|kLb0c=Lan^<+iv;4 zI)Tfmy8bG>WzVTkyyp^qk8KNQmHsxYC%a#IJ9^ozXDw!&g-m3i{jp8$taT>cKOC<` zlI#>V6(vqNJE@1Me+k0A+0k{f4=uA-Y&WJ1q3Nnh8TgdE$^ZPfO)d2M;SD+yHGl2} zEtZsV8PxQ4;Y!Iz-It?r9u2}GBuV;R+DajLwzATe^M~Uro0ge^I)>3(+G6Vp-gmFe z6~VpDAGF;6Ce8l_xR)|NsQm9L>iv#ewwE)t4`_ZM=o;(8)c?LZxz0DM-h}5=bFUfT zD7tO$HDnO){U-7wjaBs7l!`BHCZVZ*L*dGjl75_ov)e*-$MT*|@wK*p`~H9K%Ht~z zHRXlvxpkSjkVXU7CWCOVdW`>DyBaa>EXGxj&;_(^noCe!{UywGt*32GAn=+55MfTK zLek|Dd_1@QufWw`cHGw+S*jU@q|NR%O=S8ur<#awMbc1&>>?N!;i? zS3va)Px2wKtF~#sW{gY=F2#h<kz`~aOK~h#C=? zdo1@5R$2G(H=z|`KOH|;v8g_Qaec{_WPA?^ja#lPn@}a7d=-Ev1k_-Ovx!LhmA3Pa;M?TY9jd%TzRVo@TV8+t};P% zkwm)Qp^eN2Sa5TPO)v=&hT?ZIZk_963)yhFghb+SHxNm&n5c$GHxh-*RLJJ2^vVQe zNko{l0D;eH{s<%+=tMOM4{?;r5T<<6?>AxIF`UyVEZ1`Na~OB!(o)4 z3($>2dH1Ll^}yE9Q>{Ja7SF)k65MEby?`BRW&_%HZv)D;=KVlUM(@ zMfXd=n7B5DzTE2LnDDGQ4I`lQqI4*Lc-h|TlcjFAGJNtOb6BW>j}IMx{w|Rx6zEl9 zM5oIRRsxg^n^+xMzo#aDo5MdTu+7B6)E6NG!z+Q3cnJHG#~9hf|gTJL*%Za#U)Ar zam(T&uaXu`n^>r2#B_`1sd9AHCC;>1>UU@LbTKQJ=SCJ&&uoBY zb{uxtPkYL%9hHh-U763vw^C^!HnT+wx+GiSn#-vC1t}&av#M}HfUU;;%+2y0?1;7A zr`}X!W-4E})qez?0|`N3#lzbO?)nFx$xb+MI7=u>Gw85fsho-J=q{n?2xd^gWgEv=^0){?(=z?)#ZX|Gs=?wpG2T^J@S0FWbGa43Exzde$@dM=2B&{y zO+WA6jc@^gI6M1I%aWPA{1&r1`~_rKqVlL7de@w-pid0XRX#Kwo!b9z)B2C2?AJm0 zv>hBcgz*6n-H>jAd5rQp!me$d)L`9{!BC{57$+7^49t2{s^ILl0_gT~q~KwV_icI9 zQS0ZA5DII77{PC%;^VbY+oNM;bUxw)rC)H*DhNIuP3g^&MsuA%`p6mUb~^Rke36lY z-@qBq(dlKM1VKddE`~7=R&O7us=~IXCv7lAfLvt?VX0>V3lE<1O&3Djhg{vyfV5Iw zzb;4sob(0+akF85%*n7IyZ&-O|Q3@IlqGDpX&#HOS2x1um7V>(S6GrO~{^ zg$x<#+mT1N&AHN$0d*BGw`trY^y?Zws{m<&W?Sa;v^uQKw_bps4K~A$p}>Yd@VTyi zWxJ!c$PCd=iI8^cHnch|CI+vmU$a+^)6s6Zr9XhlvIXIJFdLOr@08K%-4^$q7VyWn zII%3jVI0TJXX$>{JDoGK>%L`hL*hQ*v<`b3)@GnF!>~W;%Lr=^lIxoq@XV}+Qv$Ta z=n`feye7NWE2}(O0dU?;#dE4uWnby^Hs9v)r>3y(;Sz}F!3@!ELx6j0nx&^*)lL>4 z(rveCC}W0RM_(wC0B#=z4+Vn>hROS$exKBwYbpl!p6N5 zzv9(?P6TimAJm>Dy0v95dyj`3)`@OE3IQsd(>!HC%0XL2BF0{xkz)xz(5P*sTtn>OiNO zYTqPQ$Vf1j7*?LmsPy;m^q82Kctk{j`HHDDMNM9TOsg!ZZAHsh!SuAoulZ~je_kCf zW_`(-zh8gqYA1xNL-IGnk30k_fM;GC>z!WPQ6E?Usi6s*0=071o4zZn%w*`L#ARa= z+gD!iLODz2A^G4>q->`*eWqXQnXqq+FgD=*+4yU_36rRb8*iCklWzq&Z3VI9nr-FC z221mVVe zTSZ;*M2T;UBYyiv6)j=cUh8Fx>}BMl zysA4Jh}9tU5CRL6rnpkv~MS> zWnSJSsqdv!9*_6+(S5D6#ICm)PB`m{NlS~EEz>!8EANhjQD8eCP+MEJ3(a}`R)&AW zrb*cGtkS4Yj!bHRMCt=$oU|6A{ymtZDjtP{R~KWtr;|^e#F86t^se5vl)oQ?&juQS zq~II8{+KHsx$!A5u-nR;i7QaDG0h*u3ius(!evZ7Go5<-t0Om;uw=GO_T$H(KM)p9 z{P*w6@+ciMPsyekhpQOLt4LS@K?esmlO#X!saHt#nw_~kih1n`GMAVIUF$4{HLVvL zU-b3Km`~;wUHl?M_RzaVw5t*KH~t*GS*$h_fL46|=2-F$kdd8=(E2*+=6d9cp>G@fwEx992J)HDg)$WzXx5o4>5 zQ(_)|h)+pjf-i~mg84qA^1U~wSSgGvrOctrxOquTHkK|7jI$aiORa0>vtF{kHPY5D z8jv2kZx>DBv(Wvl|#lfk>J=2FSI zBq3dozfs~R+FjHL?(b_gu1^}U=VP@Z#{P`8F(LalIBj($TD_W-klUi0L_d>Gni+Mg zp9^~HPRxe&t;}TaqSK^}ag2g+INsxAX9;xyNm(-wEv)=Dz*3e^9T$|ivTSQksCCYe zKq)dIqpFzUEfl)Mtfbe&7ifK>DiO^o%wN$WouU3vDJv^GCgh{`}3C#E2lspL<#B@2CTbV^+r*I?dd;JL~BQa@Zc8+lg}EnNdR((ZWn@M2m1De{_s} z?t6o)oW%d|ZKTO6*L{1(IrU|q`SqmP%aemmp4I4Q?rZT4e#F@VJ|=3qE?&S0iV2WG zz?n=p7G^7_kKoax5i7B{w?K2lXAUU(c3*zf=(ccwCjLOsv0)LwDZ=5T&RA$Qq{}Ao zGe><0y5TYYiqYw`@q~K5CDR-B*yza6&e3tDk7{HJOZ{_rd~a$QG(=I&xZS# zr1nZUU%4k4j+Gjmz;cU7-yhd`Y1JNwDBUwxBi~CIPm$Tde{ClkQ%scs`_kNBPITB& z>pJcwx~-qeM!f0AItl+{c{;h(cv#jp6v8P|ZFZnedXjdnhn zG&IF;$H46ceCg7l!);uw=d{-tZZuseHL}WTdUMoaEXxMF4@lh&&{ z6jI?UM()*JWsFK=SZ{Pzp7dAyTvJih|m)$PwZF=lw&iA7L(7cK=0 zj8$3{)VJ2uG;APwZ%cY(!ZN&%=+Zooki3{gHp%h8s@jcoAhe&3B=eX(T=>!R&O+Dz zLC}1u(IIhXY1X(~xnng2X4}7hqjoQJ)Qotl>(JNH`;`&Sn<*I=6lK?bPo<^nEzDPu z3QM{_ri8B!F|);YJ%0Dm_WgY@f8O>9OCPv`zyo`qy zgN3hjHO=OidfwhGY^jGn1q!24&5!r8#Di!K{#qd|c=eiK zyjPxGj7~{>bi^*XjX$PHc;4-`*?;YQjRU?B#U^=8rq7k&m>|qK0&&fq=6LoZKeI}i z+w0**OW-DV*u*YJa61!O9)n)qdSjL zUGtSW{C2`N9C5`iNTF``&pQrGwe-VZS9GA=C9i<&j^hb@(|<~BWt?XMjywI~E37CN zINbXwV#a*7jeD*N=@)GVa~5X$KLEDvRNfxct8-h*7YCIOt^AWu>SZF-oVG_2apg5h zgE8{y23+Rq09q6RS>kb~5siHMzDi()prP73I=QmVZ|fLdBI+L&iPhbib`@Twv7tX3fK-)*9)^LPp*kx zH0~D}aI&|l++rX?8Sxs&G}K;t5MC?~Dd-D&?ev>Ap4afkxXa{qEv`k- zdSn4w^4(4w#~QEO`bg(lp7D&ygkIW2meMA-Ylu)5MTZ$lO|WxzFSVGnV1WW|xa*Cr zJ4`H;3rT6h9j3#berOB-Kr!Z|5u@PF#h%v>V=JSr(iLHdeM1m6SxrI|Af^i90kl&3 zb1=&fEzq+?M||^JcNgGzL(!*-gYD7&wTCmEDmk^O{`b3qM?8RY!zM=W_3Z9dH4`3X z{M@i-fC;B0l)(ct*xr4Pk$5ZrlYy$Yb#Xg6ObP)l^fxQ;^Ka8W3r|Pi`YvcZt9!#m zuiAd~o{KWB@4WxKg_?LBQjy6izF5(E)+{o;6asnh#64<9bZooPzywcx40bes#l{PR~V?XU1#r-6K@$WFrxUV{%c^dj3&mP+#g_5*6% zf8Mg8t}Jn2c?;8}gt5KyH#$aVcnSzRnI}uxJ6>MD1b)L zAw;+=M1RO-?{Fx7JLH+5AU?x5bZ507LZzHO{ha!~8BB_CFIPOj_Jc*7d<&swgD&IN zo*aE_jqLf7tSY0S=$u^IHJ^ug(u#Nxpm69lJkwvvo$O?Wft@(K!C0I)Y#$4bP$K7| z0R@+6RmZhn;};%rC!+BNDd&_R@5m_&E;rHpuTPH`K+t%{wOoV&WyDUu6s~xbAv!i+My#F?kWfmZh>V6WP~%dTY2@}# z&h9Bg2ACFiIXoKd9hM=AD-q>Z-g*j#2w0C~CkrBQk)>+m1>B$3S9*E13_|ZVP7<&_bL2_4;}@CpyyM1Oz$i{md1kkNezDfEFE^*!fM>d{r3)^?mJ%Z;9yncLN-y;ZVEA#cXu}LRp*S5X=)KH$z zq_=XZ5v7HD?9B?fjK%#dx9O$y0e-ZsaAPY7MaRSpKi$AxAEZqA84w@Y9D&a*HL34$YO&${ ziM>`PoY;71+M@C7Og;}YbbXD~wAg4UQA~N`AS7q(aJ01>))SFIZdz}($78JX1w>ejKq#`*JivbnzVIx=X1NaV?-f> z9esEFxd|T0>GDg!;T7BcP9R1+=jHjhFl4DeIf+_&Lg0D`dBn1%f(QDE>8{tqEAp1& zPY>Z64x9MKDz+IdX}9i=lQ{`%!xim`p7L>bYzfKD2}AYn=iB*8P!V6au}A;t(wCpi zeN#uiS`nRL(>9IUTiT=@Jb-PAL^EtxDJUTnfKsay!W{f=BURC8;+6kf0ylP}+w!)$ ztIfAJlqxwi5qLei?WE0G--%b#=7_TjO3CIM$X}|QN9=#KHLF_WNfMz4(WEgF+XfWpp&D}!oVI%jlVlCa2*skf$}(VH8|i|3oNT1m<327+Z}DF?Tr;%zoqg+^{5IT^ zGS24#?F`^P%%Bgx_!9Sy`jyFW%`~v2@?8s_p3$a1mc?;KH zHU8xMDfzWoG7JlBk#4mgMdn-5^%- zHc8@IEPV5&iFWu_@FPxNa@XNO@C4~n39koGv3q9xKFHW0BRr8ZCEK_J%$V>Lt-Z^1 zAgenAZMJUG(<;yZ$)c4UZcHB~9RWwS3bcXGcF;B7GC{h%=4wAB0{fL&`!w8i6+tM9 zIq0wqw#gr@`m;7LGA3J#wW?0?Rk8d_-50F5(N{(zPZTv!a`i>Mlp$%c;mL&@yQ+)vVDkF!=DIi99B*MIm3!YXchW;(wj;Fc208ZjDN zY4}r;xby=h^~H;eNhW@7WSKGn<@mwDx5?N1eyFQE;BoRZnTO(>%+yBr+`lj38ltWMC z$ehA!Ylh#X@><##q{(Hv{j$P4@^gHCNRop1l)jR<+vp7LT0P_#ypTAuQ<7qz;wPV+bm1$$OH6>()*%X3w*AmRI(yU#^C6oDIV5YcZnZ%<_nm}BfBxL* z2hz8nWHdB-R=WJ%RyJ6(A*zuPG!FD z7aRIDbJV(HNWpvc?li1zW<`0|qQ705b^^&!9PBTPgCd?@#K{pKaNLfdlKBH;0NSsFJweEBiPjbHo+lFXK@p9-0wGX1PC63t`( z$M~XdZiR!IYr^X2=gToC=ag6J;?w<}V&muB<842+dI1+1p45aW8*YzHW};ss?fN|V zg>Bv(wV$&(jpqd&=?QP-G-M>=a^Qd!`Stv_jc9U}u4vJ=YwpAQ>ygFLH8>2Jo;jp? z6Qdn%H=8981+;tO^*Q*4Y2~e%GaWW3%1kZHGWo9 z97Olv?3;hDt7MTK99xrG+&IO3=$xA3+py-myO)~1F=jWUHh(uBl7kN9SZ~_;ebAyF zf$u)HA3O05XBk3I(>+&^!fO?vam>;aOKEg+Rfl5#4NiPC3>ZR-BArGv6Xi#7?=v-j zYelX!&e$E#;N1DVA1gU#tSLG$ZzK|3Ixi^tr-*5~!SgW&O5caz$kc>NKNSnkRC>PteD zj`_6(mz9CSq?g@lT7}l{hrH3CyEi@E!4^OfYE`)N+BdaM+Xut@`tVo|rTpz&hnU0c zH&HgU6;_Ylu{Y}>n!fdZU`Zd!i&40^;n0QPc5snXFd>DIBSsK5rAfZ>8ZLz|&m?!> z4`B=P{IO)(so31`KkS%N=$GL69B{~MUnjKt};&-p&eGQ^^ zsGD(UgR%K=H9H2TQ3&WC=+%-<-sEY#MZ?~uW%r{s9m3!7s>Y5qdfPXU8hGNK~wT7YnFd{>(6piu8tQ+{K&$PMU&mwVo;zuRJ6};* zo)JF{{~@#5B_Uz<`8u0Mj;I#s2CA@VEtBAG$H3x1A)~?)jD*Tj!KPQ8-_&_KtC4miZFG? z6zrEDD4B(U51w`7H`J^nVIZcQ589X?a=uPyts@gRLrFQ{&o#u6TLskH9}NTVxTDr8 zI_}?W&_BEd@Uz4+@lp}9B_m0nvoZGs?N%xsazvJQ=*ak-vr2>CR*SPJF{u~fdKmMx zXKIHG1y;6-iZ+WE`C3fo2MRYPy~%9+?f4SviJ7ZarqApG;|Iy%U8$i-WOG-1i4nW* zi@NqC32P}=`IHaleS~-N^j;JYsxY=b1IF`O%}&TCap2}ZNiJt7(ZWpR=>5IX_L0}J ziPjPCXotMW@#Gcpw(3~dKk5j$KcV3~NDDceGdw@r@>4Brwf-Pd|E;$or}Lp;#mrw! z7!>b%2rU!7d~;z|(Gt85z}#NH(;%XkD9A)7^T@O{13OXiu0B zaQMcJZ-{T`U9$M+b;6i0xiRI+u0L0WGMi~x0{d3fpWHGDF3ue*Eefl%*)% zg}t$psidM~EncDKuD~DS0-OC~JcRAWhIe|EBBp~gG|F+Q)OYQ(w$`uSl_Kuz!+42_ zELiIPaHe53EBPKh9DP+mS+h6h#)*b)^zj9k+0EJ$KJPtCRt7@LeBe)=|c5ihMAerDf_NT z1xXx~c4vVj^PyaZOXg&!T@01Qup{r0kmoDWMOk0-UATDThqf%BVr5iX5oyX_FP1cR5?v5SR93uTa#dFt5r0z5LcnWo$n>SZYtu?uT#- z?j7MEs;r)R`!8T*l6WhWFFnt#%7`iRoxYctTmmDTvgooFI0B)sXP*DTT1un52~6j| z&_G&KNO5O8Y|dH2HZ(~c75X3e;)yUFs{dA~?)ciI`^UBqa-x}Z7O z0Bmjz$)`)GaxopxkQAbFVo4S?%NTMm(I^WGd=*9H5bVmzc||z+oJ4)SDm|fUXDIPy zxYf3m!G-_`L$kl4{i>eFtG0c}J^g_Qms1Yq+xvaS7uvH1>n*2eTj3#UEdZtj=5oza z3IjLgn~e2_wAe%h^D#UP-Fe-`j$jXAH@7^S`fNpi7)LK|Z=48a`$aA{A(GmCFo|lY z7NZrBjhmpx5&aTdf!=!&6knU+7LX6^s1FzfGUFML90{;L?fFV4ZhtC_&K&vfN%-Ka zzMkKNjLWE}c;_Zg#PZ8o2&@yK<6cv;x#lbpUET`KI$POBYgt|C{TG%A!>oe%@~w8^ zaa`^QT|rVG{g3yRa$#N1s#HTM9En$wYd}Z6U)}YH?F8S%3B9=u;70Zsir3$GrKH!W zmly>Dt_cyNwom5=Bp}VbBB0e)oFzngt?6ZqrRj%n+G*Ni$11wT(O=)({5f7EQDj(7 zNeqxNezwpEOSYc(QD^)4an$im95-Vkmbu!;?Za!etDd2lJFYLBpQg9V=TUMBxhsvZ z6Ug)Y>Ev(!7h7i))@InX*+N^~-QC^YDH=35#kCZ7f;+{X;1qXvcef&i;_e>Yhj0F| zYi15}nv>_UY9)##Yhp)9iZwY(?u!BV*CQ^|lM;)q}SB1iMFU`l_(@1x@ z!ZxBmz;D6E{_)CRncWU@n$-rC)w}E zv%zCzpv#fGw?9ruj**PxSge0s=2RGM?Ox<57t@Ofv9N*Wd#54+Z%L7S=b7OBh_j?< zJZ`oKG8hN-L~MFNOrqJYlrYQBFI!$lny88{B_ujs=;lV!U(+v?tgs{^nCnm`3fzd zIJ}#|2vYv0m(pv<1hzU+8fTpbCwrl=Sm66;R5${PNIP^^>VMQ; zlF%tISmNTaS`xQ{x95N-^Ns*4O`S~|@h6HyY+P`ohCV7I!CB-wiDOUkN)sdq;Y&(1 z3ZpI?=p%z_L@o9)I`lgjA7Xf$H&q%w+WC=9h z4*;nB~IpDCt&IA^-CbaAmU+4%qZblnR;SVPsP{n3b(1-hdRU0{24sFB(dd>jk9rR1koC^6EdrN1E<0_* z+tCTHhY|Gf92zVMQ_EVGkn`Q32$nJGT}Zvt-2{GR`q(eBmO#_y{4mlXX(!s^Zt?8R z+B;`M&NBqb)9OHnxgRlUVSC!FdtWI2MC4BTJRz zG)sAR@E{vVo%`H1427sFr?JltDzNcll- z{pEoWl&i(4!IV76-4?-vh$=mU&MZO7HYSoAidKb?cWV8MdkCJKUS7qPyW8zJ8RQUXWe7rppaED zV>RyTV8`zFezt|A3R2;D5p7rz6X0)09E@1{(7h%bD)Wyir!|SAk6`(C^$Z+X^R0UN za=rmHE`?{xT6LppnV4U3nDnTsy9MyAkp|1vcT{ce4=`D zXR{VAf8)H*RjD5804x5pL5ae8`6eKR#8?U(GX zt+Hd1QvvN^ZetTCD8w?Lxg5*aYqNyM^1IOpeak|Vsa+?W14sNHaJjMyU-t|uDp!SCT34J;PtCvl5~6j6Y-Pa?)dd!#euo7d zL8o!84EYpaCdAV2anOLETc01Da%!x|xG7RNH*4Q(`6O!U0s8x5n z7?8ljJ8W7-W3hK-VWgeXi&HOA;||mmSZ)D-%k}ZLzQR# zD*+svNxbQc7t2x9suf&!wF$jwdGKo{6TGQZo8Y(8An^%(9mus`rogLV#j21Vw1t4K1{CGNy*z% zl2;fb2w)=q{D+5w$kSMQPV?6yVhH3~7=8SAN!?hJ`9K+%mG*_E@VC)Kw3D}$la%az z%%stjp;m&)Eryz>Hhc`hb3RN|aRywBubu`b3@+PrpKh%z`9Xge=zvw11(Q}0>?@oT zH%!3Ov)iwOJreu2MXEe7*5(8(^|rD|zQnXFaJz-f7HOz;h6#b;6Pr;*a{P@(+g-8o zrkBkA@8`J&?&TS-yRr$rNf~ zO^Ulm2ExMZU$Z)-OUm#sC7&{J2@5lxv)Nduaaq*SH0gZI&z3F!YGk`PB&~Is;+kYL zCs0{kKQ=-*T)#DQ+nNe9?1udDxxqEGx)X4t4v21=H?=QOHG!_^{32?pzV`FF66^Kp}A`W zUE>^ztPx>Ydm82aMb(E*Vb#*Cz6!fdAMg_Eec3J?H~-V~R;Hd;7bL`vVv;yaAPH3` zx9oPx{Q4|Xno`n%>o=uO4mj}1uX0)&qm=}IcNb22R#6oXIs1(pCRabaBJrrLKCI)O z*7DEtJ%Ys%>T_~%(9?Yqswg4jg_x>rh;e{-Yd+mf9;09T!K8B%sU3M~ob|(x&quE= zsC4QGf)`k5yV}>v13VssWw4A@iY@Lj)JXQ2&+CpY&OUW3a~y{u2S&z+bU(|qsu{Z9 zA^BS3BOOug&3^YA9H22S(C*fgfhNB%p~!^X`u#XuX}{&fJ;61Va<;^*nN+5jP^6-9 zDh#N@Q-{Rp91Uq;zG2F zxW`lHiCl~{b_qZV(>Zm&B@5F_O9$7-{$eq=e7;Iw?HR0tv^V*S7;`Q*LY-Ds{P468 z4lYiCKf**oIN}LyFCL;s2f+7=kMOPeJ$m`mfl_m>Hg&T-+;H4p+ei{oh0~zrI)U_V zj+Ew=&W|~Z@}m1bGzOQZT2dGSW@kH?deVP4@U#7eMQ+VoXllAyWCxY)H?A~=oKj`o=XnX4SJy;x^hPM}k2%XcrX7{#KKpncjd^u+c zO^nKRF_5gqie8P;AzKsrPw4AaHgRTwjL)W)EThgFlCc4cK62jn*MhDSQT?-d%jl)w z$-xYZR3HgCFk_dQEPNp)#`Cyo8vA-KQa2-Nw)>ER!3q-Nz?Cx!AZz)6gkaoLZ;HO;IkAJYoiFuZxV?goXaWHjMVw7O}C+y`CGRpl0bDyj? zLy7ap^~_Jr#w+s?vus3^BBF{z)bw&VL(;n#1tL)xJK_aElMP&3I2aRl+VMfVz^Ufl znYHi0$=db4=dWmI4nCE>rwFTaF>E=j9jDlxXP2>!e2cqMSpM z0`NJvtc++L6~2S(WWFpk+<>IwhoeZ#qiQXy5OmwdtU&7~tVnWCga2ph{a-_Hk1fS-wO0RNG?dc?JPM3du|B0t@VGX%A`}9);ft>&Q?Dty z7B!VCML6nKpxjhu9Ed2F=z0#}0AZhCvDKbqXl4Np#{{6XG8|rf&UdW^Ay^r>`!h+! zEZ?X6Z6vp*p5X_5oFHXIHOol6sij7#3Yj|%Kbo7aQl>z)rU5zs>=98^;K;uPnO=j( zKAl}wI{5M4gt!M+>%bP*p6|>sJ-oPnEZSaTWuo1((zi@hS%lb<`TpD?y0w*bP0_LB zq|BhcSYj=$AFLgG-#k$~WPaGDi1>IixBkRt)_V)^za`J|Y8#!wD3N%q<2ZVDTyHH4 z$4$Y|)P_YN4oX(x!wM!hFa~BVH-7BV^qiy@4YJ+eR=FYTk}a@IggoAO2z~cvn~0LT zle`8C9;z~1&^LQp>v7R5cYpdp*2td7Akf6SW z6UrGKeBLZ~M0)v8*8?H7Ov}WgVnl1G^`B$13>sy0li!=>9xUk5Ory`=505V+S%=3g zbG#!v#C4VDbtz)|`pK}Q#v(#S6*w*5=(}I|RGY+7l^I15${Dq)=roL$WLuHcG_~v0 z2lCE8RGuEEqJ|A$8Q-)P$Lq881J@wj`|js+Sp2)?afg%pXe3N?->RD^X>5Rd%oJI z)o)ZOw7)2Kc!21mmdp62SK_O($eOq9m0R!s?ne*M{P_u~S@6-WIyV0#6N-c7&G-^XFv#AZ-sy z!A41?Qn!?3@;PSeG&%!~4fBwOR-E>3u*~)ML35ZQqBD(&J33|RrMq+YhVh!r>Bb79 zD7cB0T<7GKjd<;xYIl7lbNNv_Mh+RHH{tnsxUi@s5wo;pbEo0#9Ie1M1b!w==8IGh z(j}Y}Q>UpgC{$X~6$!2Ku2FhiW!*+^B7{D7b2gJ!5majO%C!65!+fu5sJN>jKOt6^ z`lAdaX|Mb9$ieE&2Xo-JstX zEotTA*RR7yL&D&52T^S_eogjeX>%qjC%0LIHla?vP!L8yg{ zFI5Uhz_J1%?}rkFrz1-cIwEmN&*^MyzR9NA>N|OOUgwm@mgsnpw`RMDW>=w9N5`(p zO%}hG>dH>6<@&;@+ztT626XY5y{UG4{hNTpyw?qM7rO@JQ3JM)B)hOvquNbaJgH`9 zPVpw%&+HMRjQ%0z8My^`SX|AHU>(xsCH9nEt#l>-Bkl}0b%CK1NQ0OuGly)YJMUas zmtD>!j*O=+({6HbOJWq~r#~s{`_r)MoA7^LEFuePvy(N5^_n|XQMV(R>ltUXVn@VI zR^aFSJ=FlecOnH_K$4WG!}+B|aK`NxajdM;xbFQAecF?Ii-MpBN-fboc4n^|T|kl7My(bsx^LBeFpTK^0}H+xar3 zq4#UFdYLY6dGAx1oY1r=lHoJgg?$*9)yIreyE@mf+Ku~5=s8X4WuO^g^x|l)SVuuC zey^ttxk~|`%Hw_iu}wZUVDzzOgLUsWM-VAwLPJ^oklRY#uq>#URxmqsP9!Du7xGDQr1m=Mx>{EQ%O+(+ExPl;ST1SsfV61lm9bJY zbnc_Gm*}b-En#39%^jWpW8b#_ATH$&o?dT+P{#i_?*1RIS^z8(l)@O;)b%Dz@p^<` zVfHz8l|qNJC@IBNVvlqJSDg@q0q)>Psfm>+3|_a?0ezM|Txi!R#Up{UNn=T~!3d3-fl^v^n<(P@N|(cV{lFl} z-wJ_V3^@b*_iwLZyVc#AM(w2XrNkWO3r_GGxGZ~&*#2mXI$L)8_v!|0Yx4dVYEns( zka3Z8)CD#G_#HY#@goh~k^{L%VzF0Exd@6#4{*q4lsX5i#}y&ZW2Sz9!Kt+SjPqmL$)jRVEotX{W;4 zoAS;M+_!-vmIwj5IC3D9cCD0nf7_OdRBbCIzT0nCQQ*>g{MDP7s={ve1ZCxv<7e|Z z`J0!K)W|n;g*lpNGvbbKJ})y~4x;djIU|d;l3vls{|?fM3#K{KHMR>U5Tk}9f4p_J zl`5oD#cMhCbV=Wb#}o{VD&vRO9-b_f=bWy9fJMr0n&x~%W#M-2G8Ca}j6tw@@5<`# zx$xrFq!m`MLhp4+RkN}StT{!Iv(X8Cxg?JOUmej-ai5zRT8^h{RP*B-(Jh3U5^(p( zs(bTr+dtUF*G{>jX&nkHV6XfDXBXjE$CPu@#TSXtBpO%wC9lnr3hhQE3CZg;8^^BB zFH1OkrmUSp-_{AP8XJE8gGK)pMxBj?+7-N;Qh`MUFT9^vK*Wn#o)8pYB!j5& zhjlMXv(?lY$U#M`iY!h91S!q?lyy}(%F%+`BxBYjnf*h?c%{K)R($Nr;})!BSIkJv zwN>C{LpjpSp}k`oM(`d#&!2_ou)9-knz>bA zDC26vo@INCAK`wyJRrn()YDDPtpInX?UF?RQd;Bv(32IZi$(eam;Qiwin_`t$|eI2 z?PhVGTsxUptoBFsUE4*GVWg;!>eUUof%Yic50WCu!l5<|ZUcRsH*EAKnzqm_JIVWq zzI%f7lh)2-y^Jp1H4)}U*hC7FtsK0r=cXRyMOyRxls|eF9ojrA`y>+(dLdAhq%t3} z-|^@b9J!GCkX6l>-A%#jdkem?)%}J*K?2%$q2G;{Z{<=>)WzMs&RG~sO_r%0V@`nG z_QAN_zrm~F{0;TESc^z49Gg7*t32nu8A0NpX&pg&F}hWw39ssEpIFF6(}3`<$@et9 zH|9Hv#CZTK46v+byJw;xh^uKg!S{)`V(`d?F1RJ1VsCR_bR)@rcpl{Gsujk6SRa_EjyjH(qNXqvElckeGK|RxOi$+q}bd zypHI<*7O51&0y~+ykKiy8}J|RULX}$ELLy`+2pd{gR68Bwxo9z|08cW*CV+H@_qbE zD<&+;!U>X?>Np+e`NTh7)YfS$uOI(=Hu9JHuSex267Dj?aP#Nkk-Ye9t)t^@LEXAT*Nxz#q>beoRNzI`M$iPZ5JPmfq`1H`>0?sWxeCQMi%Sk7}8;n&s2drsrg)UCGy zv80vg47>}Wp0VvbtjsT_CPMXsaxTNNTY5)-ChCsY2!I6g5>xHj!PHx0$gqVAJ=Bmr zPN@RZ{yeA8LNDLP#OHWS#evXQn`4?4l~qs2f6FNa-OrP()O>+bX)HJ)6f;>RpB@p{ z{TbA4zt*_*5}e426ZNfioB#4sdT;Xvzkc3zt^U<8j$|!IJ(7cE zsL&yG!F;LCJl?q4j~Q1~Y?YN%7abkllSU3>Sai zyNi|fFPr7lU|nN9p`sBU75Xpb>NlKi3k7|&j@wjm=z4M3);zsuWjnfwPUr|tnA@!1 z_gxHhpicIuwBh@9+MBwF$}j)BF{prlWwrAHLIWPi+qYi>>h{R@E+m! z(ABkpj)Pc8<@usC%4*F?`U1^~Z7!(44yatql4=OfXt_5V8Iag}566-tq}CH@|? z<1e~%YcD=59MrGIu-OZq3hf>fPotP?_r6zqi;&|uu-R&`{T6n4in}q)^`M5yS`rku zH3SZ4V-aF7 z$-bkUISFIEgt7cS0%k=t9gYFp=?hXC(j2{e1o6{z=CamT(^DTz zWWCgNuoMJ9N~{-^fMqUn`Zr>Q`q@IQ)PhfY_8(VxG@FpK|uH^H|&;Ich zrlq!IM4{hUqX`fX)+IOPxW{R4k1ET3X;t^KlqDDBeo7HUx>k-GeZPXfm!hK#EGO2Ll4uOa2LZF)H2VtU=kuv2m`{$CtG#N37rGN&XYr$TGu zDYhtJV^g>A;LT3II{^@6W*=2RrJIO+5#q~ql zIFJmng7#`P`n$8jkgWk(v{O-%?qE=XM->+k?uwYRSdry*B_%#Y&~o%G{}&;FFya(8 zDkb}VWOz)@$-6yva4i%k59r0{I8(wnhWlrVuQ{vc5O;#a*K5IYN1@=QE&ksek5K>= zcHy*6qaXzeK4Y@U zk{qmiI5xn-|G8xQuZQFp=NFeL$G0|h76K}IG*;G6enBfK35Et)tgKNw%$V8bRV+c; z#^;+zapN>8IXLGjFXZ@SM88;vDOmtVU>v|?2mS6!0JquW25jyoKcx@sK}Z~`!8fuR zHfLl?qyQqQ@=8i6bc=P&a%s@MXYE*|Lf4WhCoOjaau^n$Q&+vkocQC-qN0OOl5D83 zhSZyGv!S%|5<@S3;yB}4`A8Dz`|fbabAj3U{A|7yzT|#W^FR>75U`A@f~9anmtjXM zWc2A3clSg@s_>OkiUe+tj1VU$f(GuRifp0TU90i!c%dixxvlJCpxJUfd>F5f#{f^*FpZE>TS zaXqTgaW;ydQ9kJGxS$!Fm!UtmAkEc~`Ru`e{IaX|%a7+14m-X2QvYK;`j?YD^CejG zS=G^a;mGV_Xn($`jBeS$z{uXO^ufup=bkg>g%o6&AQL?m1=V}2$*vwR-9_hpRL#=t(AvIFYFj()Gc~C&k1C!0rJ0Urv&mS-qT{qDI!?&IFYVCK zgzAd*kTa&?rc}3DqH7Mt%!kUhZ?A_ts#vGUfDguiDqIQN3PCDcBxk!%$M%6}$*0)mZnvd+9$g};1 zo*1K3-Cj7uV`-_^0Y(XUZ<4jVaAX%0D~gsQvWacp`2fX7RAy z$}1G$(FmbP$PG~t@P#BPJlx^7aNFfA1axT*?4}uPaZreyRjoa5LLMkqwJhQo{+=9Z zYkYvVm#3?YJ6n@XTAcS6zH{Ps_NI8=x&ziq|d>b1Dr=^>VK1v0II*gz!{c9&$7&2X)MzmUkQT z;2Fkbc2!W<8?mpKs^RV}zM=!UkjE%0MV&Q{_u=9uehIgHUaaw*R)z>4c@gQDo%qr{ z1kK5X_E2%0Rht6oWPs7)Bj)bkDXQdF{&1E3Lh2_XBWD=Tq{y9Tj?-)+ZKvZzl^%h9 z$rAC^Xw#ZxBE2assvXbJ8VR+}G*v}Prm*f1_0kT;^~t|LMMSk@p8A8$TSh$mH7I{# zXLDRMpQuCa%Y;m;j!s`}TesH4M-D-;$>0WQoyieWn!uxsPKQytOJ4*(joOfY@f>WX zhQ4_XM?B+cSK4LaL{_s(XtyAS<0FfyhN@2s_fipyIN!s1^}xEE)XK?)A9MGc2r+51 z7JHgf0i!KnNf@yp`3bMxAgne9Je({PI7_b3BmSihs}=#3NGR_G7&P7O>OlSUA>xjU z(A}iAK%z+V)mLX1c|=hj(A&+H5a4A|<~&4$vT+7bt7j_s?d@8Em!iW(US^${c7G~Y z-F$ET$!sEu0+eDLUsaw!igmO8e4}7x6g<7b<&(oq7iQr=qmVzBSqg&$i{Vxk_}2$mQC=8D((Xe;8Y(`w_ORvps88tX{v z%zq|7_{6nO0uIKO7$TA~pFgZ76MK^rc{rqYy*g|d@BMRRo>^=VAoiNaRiXh^JBR>4 zh;_Qe3r=n5VN_@OcGSim9_fQ1b~F^dK&1}Df!|6ZjO`=n81<2E_HoUc>eH5C^D1wx zn#!2TY2^cJ5(|6XCU0FJ1^KTZ!3s1FyXL>pYgUw)jc98BN9b$WiT=|nda&3q3%X4f zhnR)!VlKmL%| zo$Be`?2UzNV7*WkCfJ!WTPb6YFY=;@OxeGH-=VNVueIC&BE)hj?)1slo@uj!F`21V z0BTzR`9~Ts5R8h0`(EYiwHPM5*Ap3_1eY%*It&A(zGCJ)lcHl*01i+fqn7#T9L41ey>G_Hvr&#O`PunG972@; zNhyf%**w@N5;x$MPM6^SSLJ%`RYhcWt>7)>Ir$Tsx6{z~D*Qi;Wu5Ju9SF}S+XuBX zTr_+4RPAwk;ObWd8Ut+F59SV&qns8)M@z{(CV!r1hRR?=uN@yyi>e^rr_)7&$9^_3 z%2C>ZZ`UJWp^!ICPM2UJe zS0;UE{)}=WxCJ8i>(DRRDG}I=hu3?CO4hnN4VFU_OTc_jY@Ifj*4gcU61sEfsE~`l zh31O_*qIr?Ef-g7e3ebn<3(GU*e0RR$F}JHfStI zQI36+Vo<9RtZ6XgkEtDShOV$XQcB%1DMqn%t=QqTxa0sSODv7n4r*JN2R_ePseGGG zeT<$Mcs7E0!z;g8+@JyI(is7;7{4$sm;UP1m9M2kGXH*!b7nS=Yf7FWTyeA1B#8%> ziGI>e@9AUJs?tjbn+|ln!v5x3E1z!1hm9pd2IInX=HY+|d8U#mLJ$*#FZf2T!cr6N zi3QyOQYeYlmW&FQ|c>Z#q?%+8z&@5LXqpHw1z%-4imet}V{vqK<%L&H51|5PjS)ThCNq zxA&w((BpzW4{*tCk8k_n?p6+8%g4W@nV&W&9=b%yco1&X_+DI@(OaiF7HY1&ghj=iKcq`jT-Yu;B8p}Y2p`Gu)qUW38PQ-i)OF2j6hMUWCf3| z&?ukQsvDmM{|dg(l#K7X5+N(b{jcM5+4gYSG*bp3v1iS$%%k1mgRzk!wM8`6%QhQ+ z54rU!T#6loGRh64Qr5{abD7iqYmO2rRs5OawvLrTBokta`A>_;)UmASKX6xMm~IJ2 zl%I93U*+K+H`4-c4KzK=1J?8}UN;BzH!ANG!+2M|@7;Fdta(M9aoV~-9xkBXrlec7 ze)pr&)4=qx0P{FR_IZytQ;F^P6}Az?o=WzIE814Ma9?a%mram06|op~wXbnUa%2n> zj34+`>#kV&LEFJO!25G7$L)Rz>eZcCP4FW?^F+pq{^1zK|2t-r_0?>0o$)x!(P|U? zYRqhuXm*3mx{86%HRa=GVs*hxzN^uCj%Fnqt#U?ma-|oV%Ysg2lJIv;pQYE!xeFi( z<7!L7L3OgV`T5Hpo1~15^rGTs|4&V;G#uwl&k|2_I=bf3gOA+qqTAk@zSVm7oEJFU z!ZeP86tos`^Slg+1= z5+ST0`3@B~VOI`gjB_$#G_w4YEwyDJF1zncu6`9q&U+OGDrwzOqm{WW0 zi|Mn;OA#Ch!LwbZc6flz#Pu+Aol>8w#2)n8)p@k(i#p`Ow@9h?{=F9-PSyRgT<_;| zs4e{cc-jAv`AFqtCiht@vQ!M|ETBh3dFlouLAY`%moJt%K~xsuAV>;|5EnMQMO7{p zx60sgc))alR7QhtQt(x^mog;wfzq(mIYc&girMS|)^x9Ll(CEn@P(W(aSQA$UF457 zTHuf?@yl;szs$5t2PW|P8h1+4>MrQz;Z?8nPDS-X*wicS{EJ4IOfl63x>nm_<#zxy zCvHk_HIf?mXT#;c4)e&HV8K5k4$eA62trdq^!~*rKR)O^_?_HaiHf3m6-^aK4EhTP zrY*V~-?IBp@XSCZ=IkG;PUz4My1c6X*dWmZtp63Or4>Myigk_U;p)xg;tzc)B*pb`DC0Z{zGXiTiA zJ~9lNrHrmW7iV8)UcZ>TF&VjCtmkV=d?;}7MUyLKg=_u?Fry?b{{%gDQ@K0}@J-ZR zHO9w}<}7zw_?M61y4HlA%EJ~hztHqkACM~)1fC1eHgAZH#tTLx{L!k=E4-(G!fI)N ze^^Vp_+4*9f&}15^+S{pnCmvrdYnb zg4(^x2>*3YSAAU`WNX<601 z@4=KlWWHXKn#vF#)DmFYDB$-dQHn}UyB06<7qd!3l{cBA(uiHV*nm>ovoNsEga(VL z;g5d^LejB%n|g`Ld5S!>-#uB8^URtgL&94shuZr4i{R1h6S~!0Sz6nutLSI;nXcE9 zeUN*TH_kYi6&A7K2{JstG+XQJJPKy5#-F{#->Uz)+~ccrmJ3tULRenA^TVnIQL`z? z&Ms!(Tnsz4jH`%@NZI5+9 zTTdF-44l%_=e`)!yD?{1Tkb|TuZKw4lyr@U=L*&ek)xoXq#$k)ZbEK;v!wi3Y-&Uz zd_ zR;IGrM*3rU5`!JCz$GF6{;FfsCZwR`zrnQz3CqP0wT|HauqU*O!3US z8a7WJ=j)wbcJb-%rRB0$$$uuloO@C3J=@co2%XY;52HM`? zScSB#fNN!|c0B0b{=`NW0V=KLUNrcfPs@b9i-z4;Y3T01HOd%dw)0GV`;N zxG0)o#NMbsUo`yQzavD*+O`jcc=*hFCW8K72E%6D5bT7z zQB>9D*=}^q5c4#q>}o~o&%f_Di_;JTbIs2}8 zIE)4BmAK04*_1rSh>}MvmhYOObcwvKvxZF6C*LypJu8`k%cpxI{57B!Zn@d2igo0u z9%pn_im^fTsuzANN$KgvhW2lny2=8d(ZOi4TK2_?hRCx?-iNRTVD`he z6Hh*O*O$5ZdrFwoLXoDF%&Y^(7}O?4%Y$DW@X`(!Fn+71Rj{GF;^_YfOB=2bUaRjV z_x2>Lf*qX6n+{M4E$QxWjyZpNflLS?s55l$rJ zA=^f20hUuIK=!EwBiP!n;*}OF;v=ls)1q_g1{KN%w21V?YXkXmFgbz->wU$9?E#U) z8J?)`)kps`3qTI&v0N|1>k5{)CS$NUgq*j&k&gNwd@qwBrToVcqTsh$2P&`76~RU5 zgUnW6aJHN#Ojzv`{jzL?3tUbTP`2ObLJnSpCx5tLz393Q-7nE8j%RC9kEaO1;)R?j zsbifjH|ehQUJp=zy2=mj62LQ-orNBrT0bQgxQ)YwMMfJ_{paUxb(IPML!&`N7jEG3 zp+hK=?Zn~iA?KIIz;-uR9n_0&$&6Y_($Pfjp~;NkFlf6f!Lh15V-@T9TT$huVg?7l*k5DmYw{+-&-5 zM~+)Ea?;j?&!?~AUUW9Vqt_T*)?5Z-y6VF_Gg|!PQT;pxWDOL}Qs7MekKS5n_Sfhg zGR*$fD12V{7fbL)F>}(DsWgc0o1I7yM<_y{nF`n4`D;=e$?58|>wkd8bp>G~9eION zS*@|`=kYF!*|NVew>#NBVTHCQIQtFmEA7*t=(Vb%)|KysH=d6tJ-~tmimk-`H$)-W zvzW1efz5eI-)C(1I*GzOa#E}G-5qiv%$!X6q}DHNt5tUreneH%@kd@-WElb;coILU zw&kn8_iy+rdfwy1eXZt1xn3SY6$wbND;rwdWp_68$9VsDm8iPGI5qhFExpV534!xk zST$eT)#GbM;6DeS-FjtFhaXgvjNLuZXR355H(9$!TC_%)Y>qErg1cYSUvQW4bV^Gz zrwJm!{>wxZhU$a%O>>@ZAXycTxY zJ!EIH;G@-Ji<33qBno;*9}0YNULZQUx7oHS8sT%F+!aT*pKVdxEouv?k{|g z5>D?Hen67P{q0xu#5MpV5;f09%JP#fvyi7ij5V0O7phisob(kNBr_B?TM;Th-p0*J z5cnj5XrqQcpi#l;S*g&w>M!57Sy6gBJ>N*oA{(ZtP0fjt1D4lG1T-7E$rE@#ivqbx zJFE)kMHAf*deu10Cgl0O?+`Q%q*xsC&4plXKf~uBLWb<64-#OpB>U>Xnh@mB~ShLGN*J4m7tVN}qZ5fP=H!y8gX z?}z5_RhIv4A&5vZJx}$n$PgNk2@`T>k(lZ`5YiGHht0b*hFp4Djyjlj-%Dq=anu z%U0*TXwPx=2r74&rqCl4;|Rgd&f1^S!4%(W!E9i;4&+`d!Z#y4#qF%wz;~ZRBqR@DiV6 z8DC-8M1njY5{&%qd|ey^hjEE_P}&kpBVUMyhv#&50iO$vf6_Ut8ST-6XeIr>5i#H)FX!VZO-nYOtysz25>E6mp_8RD@}%SNuPLXY3=fnKZwy5ghi-auGj=Za^E7d3Oeju&kii$hy;NXzG=jCjUNEK^&+YFJHn6U} zbyMC)zX^mmBnRz8LdWSiMq5LYEe{kVq#3cT*qHBc$Lno2xsHO4C1Oh|<%h%2zn}!H zyERc-xr;OD>?Bf0)=?_@XU#mjDY2PhSoh~|;|g=*R_y>I9%9RQw!axQ5`qchH`%Px zks`X>>;E)E=*#y9(}`|*+aiQ4WxmjWtTP2G=`%!be)sTdo}p^>B0<>!~msOcOU?q?{c)8E|Me$MFCZs zMp!MWFS6bFU?%psH%8ocP~9kfNDO*SlWt?4CbEvS=J3CTUI&oy=06SJrn3n?Pz=yQ zI*;5{A?=VPXXaZkucd*nPByJOYFkzc6!5DpSsqb#j$ndzB(?a*==K>WztraLi(~pN z+5ih)*3A|ghE@HNk4rLZS%fo8D`J#Ji&Htc+pI?}C$*IM(NntcC7oZ={fGqV)H5Ks@^~T*~r<)7H*-%Y(pGAo=WenJd9O%(cVBP zKus5+8+{y<(s$!TZ9vndXZftuEA|T>pmK zYqyzRjOI;q7}XP9VTWb>PBe!j`VyX};`|m99KOYJ58vbY)5FzI8i^S_TRrm+-Oir9 zO>}l|96f3d{0MzUrdZ#8nDb%%1gQ|S?03p4qF^^QZ`_eXF}@R{XAX{Ra{Ii2cpVZe z7bn@R|5=@n-vACiFOvLg!y_qXWhv4DzLlr6nn?Ua6gmJKiquFbK@{9IO4NCbb`5RY zM--lK@OpWR$LpEh%IXq1TR4Z7e=E1S?b;@r#Go?ufNo+dR!w3%LhNq&Ju; zZ!Cq24*d8{K7%Z6XE5qri6-R8(HxB0o!74dTRNW1P_i=?Gr;ST@;0iRSkkwg>&`oh z+|r4}YfC=8 z0OeOM{neO4$Mx7DdmqLxcr6i#zN0KO2;A#==jV4H5O$egvV0~lGVSQB2t5l4HCmvN zvjotD_pqk>COwIo87!m^CC28m%|2%V0JF`{lQK|i zwGQINfp?+grZ8k7WbQ}3tQ3Ms(Q5F{!mP|@b;itIwbk0C(fk?j?LNjvKfSa*A#UrM zLn1W~p~o(3`_(ARh=Sikt31()^c?=R@pwsF?cpd!sQTie! zis&`{edFEJ8OU6-p{s~=p0__8WF1+v)cOg|9ZA1Ro0w*4b(p(8K1AvZv_Acv;MXYR zkm)Nuv?a>td6Owr|>=M9a7-pYRI#Bb{(8#Cj?K1f2!-fp1Z<9vLVs4wdmJKjy7_mN%uX$Q3xw%q5P$4xOqM(r*M z2b3ny9=o(I*P3dc?p#M<52lOKG^TJZsGL1(&Oq@^CiMaJ+}hT~>pQ;*+S3ee@XxS(t7wYULsg9X!M4obwR9wI&Vg#=zeIe}Xa`*H1g z=k>IVg~zyHMiBQ|g{8&{XS^X+QX=`6IutZSxz4}_NwB@Tp6K^enl@V!k(d%TwDn!BR@R zy|A*Vl&bQL&lDk9Sb)xd{zsFh4iNEZ-tfhSaU4`yZ z#-Pr};#pX2=q}_e%qNg11V^8Y3HTxFehAqez`RLVkjt3+4wZUVr^fO*?KPM5)!ahA zF6P}&J6Xp-5*AQC#;q}#nChHhGaZlSVMgT|(%P?b%NQWwwDg(ShCntYdN|ZdJNWpV z8xEZ45zfSgeyLoefi#ind%c0sx5Msydn6bWO)=&2TOW4pImhQ?U-|J3oq_2y5Sk-_ z3cqv1VO;zGuUA3id1=OT#muxgvK)fi`Az>PQb!H;Sq5RU*;k2g^vs%@t96F6X?5OGfBd>4JfhplR_;!byBVM<9HPQc&G~yz(p1O}XY;0!=0lUS;(21UnNW-VB9r z9K12YGb?!AJ{5I_cXUky4Xj&!<^?#mXmLK9;`S2q<0G?r2@O6m&}=$SIfX?f{Q4%e zi`))Z#n-`ksFI?K+rBtOc9`Ggu_L7KW$UR9;97~cQ6t_EmZF~~dpoXP4O{dG>Dpqo zYTW!P#7!5@+Pw*ZFt;{N#Sm!QPP1~Ov8emn?|moq@nIFoN@TYBQm=f91hbs5NyS0` zkx~3*8{4n_x1zV$5x3{akE-`M4Jone?Z(F!zMyZZAm+Vy=41GlOoU|qdSo61Ed6=wYVFH%5Uu9iFPHqoO#X z%0GKZUS_1q0+u*3N~Uo`TzZ zRX&iekzQ27HsESg!hz1r?F28w%I7=u+5<1dw`y|9Wc#NpeW(=EEkT(T9{0%6RohhE zZNK2o{K!J8KR|Jhe(#TVHtzq?A3{sisO~{N(4|w6ZmKrk+34!ASwqWZ-||^l2&He^d-7>?Omez}@S zBp~gs#Ia?WxD^4XHxD3uH|xg~8@C4?JvI#1gohP~JL?@+qh2Zdu0-BrCmdvkE zqw*e#Ir>q`nkO@onGi7O7rgFj*4rm<>9~p;YOSG&hjXoo|35hr{sX=(18cxLaXk-Q zfor97l<3pB)7Qe$kUt<<^>b}lb7P2Q z&fwU`gr`H|{JvBswo#6D?lFEEvgnmri6@awr1|^~P)UC;)Y*>l_}f5%zYw7}DOB;x z)7PLG?LVp9mwEOr*wJ5@Cka$1kl(K-G}o}`)#wp_{lWl?j?cE&Xg>eSXtWb^ z5o3I6tqT^Np5<^GlRmh8096Y-7P>1}L{a$KF)JOiM{`*?F&L`I8BN5?jqA2jy=Egt zR~yR=1p7>?-SzX41hc=7;69U+tE2vV(1t_x7>QV4ze7d}h7kN%ew9_ul4H|x%W z0RO+&6&neJMw7~09acvP!e!yVT=TsD$;KmkEu|iOiFk^<5`XwE_**J1Le|2}6{-Ou z>2R?h_8?OVC*USkWW!eBa=%oY@|yL%)QbrNC3)$4(+UkTN~MChY#_wd?rTa=5W-Mm zRpe+ow59h&_0dB(3(ue2?Vrd!{;%Tx2iJ!;Jl5NVkDTI7ieY%fv*H@Dw zvWSJ_MJho4)0eao0gB*H_K_Dz;jGN0q~B18G^p#2IDg3WK7e#qH|$=Z^&A@iGsJxD zpw1UA*zCebgVgc+p^g377p{*0x4$UdDg(?-%%Rn%+TAm17+Ydr=GVv|n%xke=2{fp zCDwBirI-W!=xCAmeR{|4=8^k=!S}t{`iv{TJ!{Q;*y!km>m=z7(w(C)NG4UfBd9h^k{d1+rVRg#Pw@^AWn`gdfET z&^TDC_byd$Q3=6jD4qBEur-hnB=d@hjvFz;*g_Uy+r>FhYW5+tTz<_2lsVhisf-zj z@p!lyK~}@s8%ooBUBs(k;TPvZD|%f|(i99^R{DRo%lT7h?sWk5Y2dgn)PAI>-8BAa zDH0eD8sWa}Knf~b`{%XX&JN$-P^!x>I9rj(Jl3!4yl4rprUj0S8r|VjGP6ER(a)OZ z)|)*9Gl-huhmW#FkL9b?>MH5{lu9ekF|2Ti(gDgvZ6}#u#;aHyX_X3OO7@T` zJnn041=NEN)I$!M6M!v-fA3wfy}dBr%Ib{~&Rbe1r13I1w_Gni{^h-%bxCa|1j;2B z>xPeB;1cVjZV|ojY^4@UIZHLlLbO_4#GVuReh%rjdCK`rn?_>2doSZ_hxL>D4poI3 zAJDAH?ecW*$WUXow$8c}hm!|bq27uXJIleCA>UDV$18BuH2BNo{z<$+_OQ%d;bsv> z|Cdwl+sJJ~qNI;Qz!zkri%0jfz|15AD?c9C^+-B0(z; zM;7Nv8%>=sA?T?&oWMkvl?BaH9zsV?<`3KpS4I?f)bGBm{bsbEtC*esN`xU~ z=MQVao#Q_1+j7Se;#LzLq3m!Cgu=gFH=VkeKm2u0Uco&uUQtq?BL8*4Wm*0HK+lZX zF>dx_V~Be?pGLo~XI?(NoL23 z^lE{ZE5dYSyc);Dsl82QBVv)BjpN#Pk6&NvT#U5&T7i`gjnwLssk?+>c^9_&N*pr0sfXNWpT>C~P~t}|BjP@L#m1*Q zN^XC2x^k!3vl6)a?Dj|LPQYn1;q-=@ zkPQv*f)xCaJ$SZ9DS$-BS!3U<;f5o9Dth#AIMn{`Y;qH8YcqB`it6k`pty2t8hz9g zZ8eGx%VW~=*wgi@R6*tb!Vbr7WB9Zu@iqwBXx}r#;y!|>lQ@Kw(SS_xP52kw5UKBU z4=vUH;&IEJ#NMC<*E){KKpQ32d>3Nd{&mp)=a?Qt<<-v>2B@O3#`Y6AI!1Ikslj|U z%Y%mVXY#{1ELW*JRlK2Hz2_zoNkf_eClJCUw~ZZp8<6XG-@8M*<(_;o0}-p#`>SHR ze1`q3{nz+Pe`RPpOMjgE*CxX5>d8Fkp_IRJ&5@(RHW3(@%n-IS;&#UOh88thq)Aww zxxsL7T85DzL0)HV2lYV9B154qy*HKYPt8=YbvL-;nA-wJ;z^T3rB+ z@>yp3B7m+V6WF=0c{~Cg_{M^M1mF?zj2k~6veYY98M3f$6(P5{`iW2rR&4wpxZB^c z^L$z(K>aveu-SFRU_TaX-=MkT_Yq~Hbacj=FZ|Xn$S_clxX~ zX0ZFSshUBgASaO70-fOz>J$=E|0$csGYDJ$3*#FSAY^p^)GZydY!ZljS*3CL5&zLv z-0Tk}Y7mP2>nOojsiP~>NOncCOX}3=ml>*kE>SS|%@j2uf~4>5THL3W_vtiOvYK&< z1p#tmp;lSkz;m^qwM}@6Tx%<3O%;Fi$KpPR`;SdG*KwhKLws0@3uF9jD`GOdOg_emq(x48g|Cg zdF@3irl?NBJu8P7m(PAwPGxfHUX{7bJ0b7wHyIt%dv2fo*mg`}_wj~Gke9BU={d}i zake8-JfhqKp;eXw>1Lvm`&bV|y+$c_obm!_Tr}aGKGOT>ZD-*)MLcJyGtA}hnOh`L zc?)KMq6^q?paL0Ya6`Jgx{MnBs<`hJVK;}~_|)|se!j{6wn2MPLT*oLcOB;?FYXpztj$u=EzRYU zxnI;dFK))WJ@mMKq&dX0KMdyXsMDNN*W%I~=B-X77*(H5!q3>YjG;uma1yH*b5mbpSH?Y73{lQ{qc)69q$G(o_DWrgp zhwHk9zF)OuY~(sbj|tX+Dc^JE4SLt6FItJp1+NI;ElNLc_Fwbj-W|Awl!&XRtP5S5 zwJvUS$TJNWWxeH2_`z)=soG>d`*Ep8GpV!`pjJ@nK=l^w*R?6yvLK?{aa9W6^BqR@ z5o3?>D6gUMU1gT{*DFbUvTY)3a_+BgH-y~hl^8q4y4v&woTtRKFWdL-VAiMW1#TS7 zLz9s|>%Mi#@1Mtd1%pxyX&D&eLPA2$byljXQpn+T*gizQ`O8+S0Haoneb`)+DYs1~ zG{z|0lhM>2+wF?ul}SglYPnGU-1e5I)KIlThsb4dov{^ph2k5`e{5*fzxjUW^X0a; z|3n3R1d6ZukmphQ+jV=s+wr!&G`2Zf9*wO8K&Jh7sIfU^SZ^io#q^;h@X5f{`iD4#BA& zd(L@{YJxjF{Pb!XEu)%^qWFgdxd31iW&)-RnWtNwQNQ#7lS5XiT9pRYN9nY=1`=@8 zC~#?xr1EdPPzS=r`Q2`&AH{74 zk$V9e(-kEp2?5H!t-QANTCX{0kYm#lQFD$ujA~w&uJ!fpBI1~(^}TJ^(cYuzSmhM_-XS-5Wqw`xyZ9`)NJM#*~n-~qD1Kt@+E^alUM_YDx15X=< ztR-V893g$-u0uDIK(C`5C&NDp;Oy(D-y#NsTf}zf-mLoFqD{N?9g^z;9y`@^o{WKJ z-RDbDIXhL<8FA%n&BL13ZRG16clg|oL2Wy`2`^;i;>Y1h`G$V-bZv{fTqKOm0k7qU zY3b+^l9PGloHi4_llQLsT6SIWch=yBI^60@Nk!d@Tg!0T|5JDTqhIs@AM}tTNK%Jq zRIIJUTAF+~+|109Hb8Pef7WfH%17?DfdN*(nVJQjx#F1auWg?Hp{9GcMnOnQw4EQy)1#q zFFl+R@#yHt_;A*Y)ovCEvL%y~=kZ{t9Tt0d`5tF*GR--byxp$QvSH21hZpCsihc<4#%=jXB}4wC$t2H%YKaF7M

oY1hwrTSo!yc~{FKSo__wT+w=LVbsOqFq%T@MylG~Bj%Vibl}RvV!$FaPVV&j zmxO7SgdZREC6}8nSB1rWJ8<2FSCxJ-8Ek%e>rt!t_((2wWnQncpA)*${~!=h$HpmF zAxN&!PW(sF@);~JZKU(Gzmf|UAV%WU$=ESu)lC7->EKxJR}bZd4g}xYLxoLMO;)#_ z@j@x&JXupjT5qai90ZyV+D0E08*a|@*yU#?^eALJ$2bLRtmIL77c-6AnC$wP)8-T@ z+?>lAOaya=YUu;!@-IBrZ(M5u&vJm|YRjQBQUh`-X#vB|@jX2bqooiK0I+C4e|EOg zWRR56H@LWmL1q}P!U)o8&R1mRKf|bFI|D5MQE$Vd!_+iwA1plv70+AD&-C)Kl<(0q zBwj1TGh4@qI`XNQv>LSm-8vdUOKK;8w$bIA^p*XYop$+<&Ffz&;dA-7|F;>B`J8g< z+3+$o{uvDt1bs(SppiC^*Na}Lfolo58KeXRxVcz`lTiA;Y{jmdn3yjwH z7yO2Wg(Y1D-q6qr%MoU49^`zm&?cI1scW7uL$a99KU$;c(6aY!J7BwHml971PJyP1 zswA~98MVrx&)IU{(>R^jdgKCl0$-chIsA+aVVUA2i7_RBca7b<0#jKXJ+u?SaP^Dx zLX%UfMN#8TkOWCE0GJgLf{eEUlO~!iTy-M39HIZ#Kzto4O*Uci=oP94P7KNp>}>Vm zOIB`k!NcT}kGvHlccxc(>a)`I6KYAs93dGw2cMC3wzqp90^JlyYQD(Q3|B(=lmRanrUxu@tZcwvzP8nOGPmqngL& z-f~Fcs7q8}_ZTU9joEHHnSgknn;`Y=Cmy9~Q>GgEH9S)9lCWB=toK(cLvP0x4z*k> zE>9?QXEc#h@=pp)?IVsDOj-kQLZHyZNYnexheUAcPi19Hd2vzU3J#?9oVg>ET>K}n z3Wgn4-H(zc#8g+bwQXa2z?dSQg%ZW@7pCr*4~Q2*Z`UBn8Yz7uGQStu;4d$<30B;< zjBC_WV9AJKLV*4m=PTGx)f~5UfnKomLW_0w{^Eb0{pwbz1<$!M%(nm)q67Y6?Ig*JnNDp@ zJE-Y9U%PFy|LC$7vN{YIL0ruqJ%wTNzSJuGs>rJCC*w2jh$ z*PH?-KU%|7^LL-f>Tu`9!_{=sbJ=)j+k2lfYgnf0fmBOEAcGqd0;wve-(HHd+AkGj zPe0fTbYIv;1$?@E#CVoIWXZU`x1LaI>cK|kkO+rMcuw#fna&8!)n|xktGFR{)wF)c zeJ^#RWA!X`;U4C)at~hb4;>l%)Dz$mg0;l*7Ks`1a@re5<3Wt$OYg+?HilytN zMB0w2>*a*WyS8w+jK(%7kf3HH-uSR({z|CN$9_JI{M6zh8aiiKe2VR@joYKwJ!0()dd zjZjd&6>t-oa}o+2*sWwCT9#tTd^L)r2L0QlI<1Kr38pb!RJ2Z7=|&g{P=RI6{0z1& z4HkkU(~^{$P>_Y~W20>f1<|AB_`EovU1x6>Ol{@c&g8_Pk}`hlv2s)f*zT+7+5wL* zV`J1YUEoe8jaquFFIQf&kTrO66784-a)w-&MdT)NtF13^MvP4y(MQZpsuR@3<>Fcx zn%ZvFjSU$HSp!Pi6tn``nLN`?jsTW?mlvG2x{JNW^IU0tRm=UXyt+O8M`anH@IDD- zH{C6kHWWaG1g}7PgAlJyYg?aB_|P`s^7iuT6$>>a7mv9<;H|ydKQcOR`ADd5`s9)( zXIjNjezu>?d+dI(4dhL0zVqpWsXw{8BB#%N%t2Tt{G~SzR6gVz6G>C?!ji zO!OHW=&xJeQAt@n+^{4ndvbjBq0BW-t(-*Wm?ZE|jr{jC-l6mD*7cJEE0IZ{1H}ge z*U$sUUvB)%oB<77DUD3`VDL)P>Wa&Yi@UY80GRkB_f9}QIy@n%tgnhCrQ}mjNQ3{! zD*D%^MfZ&3kgz3WEOjlsGVASJEcg5J>4XI)xOojewUz?vZZBDDxBCXh@^1yeR6|^h zH39~ifWAHBi_!6g%4^r7l<>al<*gLd9V#}0*?iDZ>uST;z)A{uK#YJ>$5bE^m}cFB z+Gk`-@~5@qKrRBG@)R{`jI#U^qUAKHeqsN6bby^`rybxi3nuo!Op%x!X?4{knP^~} zPh#v?RNoLLz!s{8J0s)cG_&+Tv5rywQE8>>F^IakQG&n&3m@$q?0WD>L z4B9VvruRHKGFDZRShk#Oz1ABz%`pYfw3-KbTsd?vUwOz}Otzn<>Tyl1S+;nX6sCnt zSY$z-eC-F{a}q&)Tn~-ow^JxLhhZ;QG*Q={y)^x+i^I!=EX&bNzP4G!EIhzvt%L7V zD$UMiA5pz@*I&NX8kJv>{lgsozjqeh5iH&Jf#s$*@k6&mv)3%Sl-3Ipmi-j}@4x($ zm5oQA)Gka>{W8MneA#>$@5%Q^;y;78e?)QrbEmTC)8erc+HzCbksJJG{*BP)^?!>R z|Mt)l9~SXge=ntfcgGfMl_wFNBKdEx`)?;Li(xrCi2PCxd54ZZ|F7PP55cnjLpO3= z6f@tptq5}b0D(Nle>#@`&kelCQaVjiNLRmGyJ>s0v9q5C2NHyE4g7DUFesNvb8IsL z5CI^4$Yp0*Y!Y#!rDKTyqYhe?UKEaXApie7_CJ66MF}G&sl_6-D9vuD-&yaLAZ<2@ z--58hEQm|q%lMa|{J-_ke;jrOP*pCSzP3Nmb1O&@lS-fKN+M-D>aX$q-~N^26HQP= zyX+6Zay4>Y5^Asz6+G9;1bRip-}vvpgu}mK+a+NU+a+Umwf-y4{YPN;cRTapZ!r9h z`a$6T8rJ+z1^dUDbN|nkO9H+&9_=z;>p2eo%=^IX87@%Y)&-YYE8g>mM0ktolK)w% zAvnBSs!L)5{Od+!)*)clsgU*uBapJFX=x=U8WopWEYh=(Z3e7r%7h4Xvq-P*Zl+c+ zfOE3DVXFK9A|ld<*9C=z;h99}{yaLmZRrLNG-2$j;90NAkzq;%HZ)VU>|w zqMar$&-jN9SOuF=i$0LZHE1-EMM>JhSzlXQyOPU`#9qnFkXpx9(Yy8H+0?F=Nn$un zp*4fecE5s`;({IHcIv7RGN&6JJ%yk1{ULGyNmNpRQC*Q?9r}a>nNY+K5wr>vi1yqN z-0PVzdeIGw?I{QTj950!rPpbe2B)wq+^5|%KAyI-{3w$Wc~p74s;C$udEsZg%K}{_ zsLsj!l*^Tn#s1gd_g(hCTP+QNT8`=Lui4d=l?UUELm9F$DOPuBvd>1vmi&4p=fH0o zN4}^6(Nh)e#nlXXt)&!C+(ipY5=V}KoBhd!Vld;0dDLsN?-n!*rCR2aCEaey@F1&= zaMeFBTqMF5HC!F7=;~)C0=vF0rUW7ee+_GLFs^&NodZJBm~M3qQ7X+G6hWN$HA1HZ z9pCCtv_IWX2?zo>u@?Ksy`OjA=k|0awz;mBX)^jc*qsiB)3}4zyF&-=#psf%t z(j}fCFiY8?7;yj;ACEa42Bh2BckW<-KbsYa5VVOz$qE*RAJBal&}TY&L^eXfEi$b5 z@M*n~$Wr~keYk&fsON!3v#f=ILDp0oAsTfIyy#PPT+j=5IGk1V;u&eXeUf2(?s}2R z5b($qcgFY(4fNY^9{(!W?y-kzyf~Sqf4lKY2;*S7`FY7Sqs_-!d#yi-LKFrw>FaU( zNW*WLsMFaL=n^_~m%!e5;`wCvn)|2zK6vWEijMYp(jr<-#-GT?KiTFw4~;WUEZNeM zZ$T+8D4fW*&sDaNiA)Qa6?<6T$E;uBC+f@||0~)$n2IPPqg|MBwWER1qw^cB;w4Yo zL?obPWVj^)sfGB{+YbZ7)t}8&i?=tXb1X9+Pp+F-ORe2#r}nYT@!1I#i^G|jj_ty9 z-x(ZDk{uxM9_xvAv7wG(Z&qE-vV9PD|JR1!`}$kvFaF*~VLwsVf;>2hkoZIU!*s6; zEGXnzHyWb@n5Yl~hhHUO&xz?o#yb9INXieG;cdFy^o9lg_pJ*v}LX z>`~Y^i00opkT2DKY8O-q#Gnc$k)Q+Iju$oWuS;X=%`qrh0q>_Q$$C&aovB8nq6`Hw zii%?3Mv8aS3j`4$Ik$M3XWG7e0+l7_?{G=%&(dP8gHsF_J`Q4$70Fa zq>Uf1@?4D$;iqLXG#g(k8DK~#;1kM9qY}VR$^vOM^c3XqsDHk+pd5Ze_r4qL-0Q1i zGd|t=vgE9$3-p4x1221)AbDx7LkR)bNFR2?51uCW+wzhBrP;*+b(%Q${%LL(ll&F; z%g*Lz6$;tSnTUlab{CcZ`n+gkx%ZlWX#|B}Rrg_g^o&>kkVDU&wTLdNt`_#ZZ7IoX zF4l0pKEy*0QhnYk*c_bF7jce%$37KA6i6V_#er?cY5|@$=RWG6vKwV=+hLc3=;P=J zz)6)CC%XcV>+q&Ks+Hvh9U?JRREPYX<)Y7sT4di}oltNfUmy6bf0Qdsa~`pP^d`c6 zO<^A<6yQ`ZU#zH*49wOmP(o~Zz-B0kwm2msU*PBG9~M4j6ojt8Hr=GGNPDfFz_)Nn z=Y0IoMDhak30o{GYZY+ITXmiYoYnzR@Y_|qO|I3XG=1CwG#w3RRgaL$p>bj#Uy1l! zm4WsKjc?_n+Zt$Na7^iAc)@C<`^2^WVT(-_u}6(Hdlivq>wFr-?!a_OQ+{D=!}9W& z3_`ANj8F6B)AIZ3+6mF7;8fb%c3uUPNu%v`-DGlzPWbB8O84u$!)lMbBta_2zY@!v z52f%hdU=xvxWP+cRfxqJ*a~0gk-@)2HGu79|T=tOeAj@v>HV*RFGYJe>K%w z>oUI9F+%-7O7Su3BjIF6#;X0@NQ!FeQS`mG<^tCbM`S- ziQ{51OIvCY&*cxmuyU7)4}*1hJWo3>yq&Dhl|grA|2+!9s%FH?_AhSR0eQRUg+Q4q zsu!MGrl_P#_PcrG<`%`6Fg#USMgHhCY7!nbXY8BEHBT;$^0fv~s_PCK|9EY9>=9m` zjN|@>^%+o;n6N{Q_^D5)dLM;9Ph}r+ZjZ5>eYBo%a<4p08+e8$fRyG?if6AnR7|`J zIlYFL0*&u(HY)Qae3B@r{@XF%Uru)3Q~e$&1H|W17U5EyAtE6eFG1p(?avjV(?M;y z9xZkro?6p7v=DD<(__V1OI+#(6x73+zfwfqqfS-CHHPF`30X z)Po8pf5i@=@XpB+dnt{Y0uEim-0xlXNFyFatBXZ5E>+dF(9oUwl0Wv?!(AMAXtmVp zg~$FU7r<&K)`$9As>6%ynBv_@Z3mppc>NW}gtUedgcd|q6=Sbus2dM7;N|4rbKab0m}$a2!$vCUS_;S;)@-D~k4zv=yyW9oG#yae1Q+S%sHh+8Tme749l$G`b zVu^cw$vv?L0-T_euTP>boV>>M>5dW?e~ zxK7CJ{QBjk<=r*ZbKf_w4wV@dCe&#&7&IuK+SHwJJf)3d&*uKEwc#@1y;B3iM zLRxd}r%T_i;Czmlj4=AKg)YCwv*U}1-4ls*e8=iDwMT%yt)$V@(KGz+H5WK;UqT1Z z()Re*74_q(A{$9J&S-+p^OSu#u#|V1jabyXklRtW{;`U+@#Q*x}lNW%T8(N zWse~TnFfgy<@g*0Ui!%GsUJ71R>oxk0fO-qtK5BD?Uc4JKm=yu?2ToGlq7B6wYc%7 zUEQ3gu`w`mDJnI&Vg|}ycdY~gY=^3oHwE*kUfk!m1BB5lrISY0i-Tv0DeYE?wngJD ze3YCu^QpBX9E`l%y-JLaz;XIGX1qb&i}>&ACSH?JK05yE0C5r#R-l2%Pg29bH;zg& z@@iR6Y(T`UG<#g5eXCKLAE+eHy-U%wQ>?k`kE0X24dSH|O=1T|6S{ABl5MK~)Fy}) z1UNKooa>A15)|lsX;{@F2aL!V9o8n<%{wb3?5BH4WymecIrq#3Y`^jsXUFtS<(4>@ zYD5V%R5Zbo8ITGE5qS;rn_(UHE`|$J>{XJVSMt}#4!!*Ol-|eXHf7Gey|=Ja+U7cZ zpu0q7*+uu|OQaRiN`UD-)F{1AT=?=}!8E9rZdThf4{}jze89b-Hu3KL&%rS!uP+0~ z9e}T=HLc2mKFtKyRaA&QS_}k*Z&k~tdo{~We^`FhDUxu@?yxid8M*mKfln9h-nhg( zWpUZv9bn7KD!KX_PwX_ld9x<;!j{mYz^*L-3mLLHaT`_U>WI)n8ZH;?`Tcx!=rnCP zKs&Jc6DCMHY&aQXn4hukf7R_8{6e_s)X99bv!W{XFa*cR_gYT!WZb^63iU&~WT=;_ zEk!f=QaxKz(_STI-Q?@I~`W4Y}e8`9!G^HqwzrUD*koBWU|6sCYhyl>7k>M3Ba~d)bX=D#M<9_}0{IWAs+Tp1 zhm&rtCi?vke$K1$f&L-?1}{>KdF%A9R_Qfy{3n~7Nt!q97qc} zo&SjU?Zmm5W`-z?lJz-8tU9|`XW63r(}1VX)I-c3?M{CVKMSucv(wrIx9Ns{?H*G3 zTex6lz8IFDs%TC^PBUvD*19hg;kIFgOc*BgQ~QMRAJR2n>w-#}<`>lM`L)vh6K>)k z(;xqBr&0&uk9dJYvq9SX%AFz8%l#p;j#lA}x_sW|+FpCo%AUkmF0=%YU^>l=>FA_i zB$YR(viiVCo#?_U5XtDww}Z0bWp{$ra&cTgkfi*&^IZqMVA~cp-sNi$caP;qE`Yw)OAC8z|B~d~;`VpE zC+t1X8LHt}rczoV+>8!DU=8!lB|s1T3b|Sno2xc(EF1pJy@%$duo+Z!u9*DQu|3Sw zxGL4QQ)LtCcEYi#s;)v4*E~|5CSZ8psr_IUT_Gvn&W~X=t>C=s;jw;dx8#*SIFmy? zV&HMQIh_0+x^AJg3r}7kW1KM^`J*S1=+&7sp`KDV2yn;{<6TFMYW|@7$-~5Vd$#-{ zi+P|zD4os937PON))xtw>Oj#;8Tc>ud?9(^{MZVb846@y%a^;MS^ zGiu#Ndbb(f32E<2c)eDrl~1LUQJwQYaxpuWU3!L??xr5;B7UqYK^w?+QlyfTKxNxQ z`qys45)G!T-WTlyAqBrp?XLZ$i3R$H=={ED-x8Iwc)E&amGXzRIrHzNOl^S85_YO*-I`1GZuX&1f0Qju&Dma7G9X zmV6M#TkNpF%~in&Ula=dL5;kLFz#D_Let@D*X({7Da7hhGHy2%%scWfqy3A7)=e@Y zpFwo21OX!Xp{7uvfaT;TZMYgC`67fFpaC2qkPjKkYtOYoV$SLWIh+FJPTg6zy z8OgFL_~}eG31o^NpsivQ$iU=T%wUIDq6R)=0UJ3vmuxl8h# zJ;(%tew5tnG%KAKZu0Lw5`Yun1>9A}*BdGx@2|9tOVY6*3uh;cJrzK)0BzczZ-B(9F$k_!e<@TV0i;}&%FykG^2Zv$g$c^%X|R;==w2LGG+0P)PhXs0p`;Xz=m z-h!%fsrW>Haaq}ip|0EYm+#^cuJXi>w>@M+YHEc;xC~MssxyD}C2-70Kw&}U`QP@{ zH8eiIg51sSONHbp<_=KW4MF@r1d^F0!S0s~MMXvN7GBp%OZF3M*FeWUeH_xSe%dj~ z=ZE036cjBYr}$kqUu1p5V0OYyV1Ja$4QaG*Q;=ATFadj4%S-1tWXz*}GR>RlU8wK~ z%3*JmWG~x;=hIl)PN8kHZ)KK%*7)Q}^9X#x88uTIzg+&PHZ4|j%o)4{a&)@~&k&<# zZA{k_51j6?Ng5g|s8ICr3$RE^z5pd6I1(^EM$kR36fC+VUYAq2> zkG;*cf{)R}X~T0|%~Yc$GR8@(_bX(qMk(d4Wn|Pe3&ag+nDLke7^%q3Es$7pr&zG| z%E-|$fH z&Ddrgk)N1@$2Cs9JJ&gc^*Q`e($#{Pm6fquC(bM(R zoM-27Y0{Ymm5BW?1$R?!s=ES4Msn3+zTJ%W?)3{9piWG?Ij=sjTK++Up63MXFOZfa zkw%gBrrH)M@_fQSE)7G^jXcb`7gpE)Nw>~(;IL$RwzeB6*h+JB+BJA@?}|)<+J^4M z@%HY|hGQ}Yx#DI$w`+}P{pJE0h5 zW!h^BFn09#np`J3&^uM=WcjNsB25{MWV3SRQ{OSO^XN)HD|duP_{ye-zgHQ`r~G{T zQi(TDT^yNuIy5I&Jl`!(e`(5&;&_hf`6K-=j9u*)Zc!9W3agejQti8`1G7W!3V8!o9sx;Fsns`BA;p zk?i*lX~-DU;qFVw4hgyd?`fmRSCcE8j>kIpm;b}qcSpmyu5a%|5=2W8gdhn)HX(@7 zM-VMqMD*T!?+lV?NtDsssL^{FCE5tW=tLWJl)>nu4@UXkbJq7;-~R3Mt#$UFv(~Jc z_kG%Z-S>T6*Yo`#udz`VeBqur=pU2j-HytI?U0v_V_%vMdTy(V9~q?x*d+q|t-6s0 zH!GiuNWqmzFK{f(sge7N)ZSW=Xrlke%MQN}Wk~Dq+SLxq^`Q4<=ThxIVkqo?Qs?Ps zQcY%w-UPJgcLkM?pVYPB3pYO$`Mu1m;do1D+7C)CE3vb*Z^nwqq?^4;9Jsr;`N|~e zTV#T{)ulXjv0^gql4-0bMKbNTBZr;n#pxK*P6!L9{6DF~cHI3p*K;gJUQ(yZRHm?` z*lxKCcFC$`-~)r~wuSL|?;cA!@<@m6a22Hc#-{lk%ebz!5jNdO<@yjt({fSbtMco= zbDC0Wb?1ayXpqvb>+$L;iGUiVPc`tEbA7a+fSmqE`mFcn-22~%76{=mE{`&W{e_UG z+tM%9DR#GTAc{h22(rOQ+mc+6azu;1<77^H^2ZT5r=#c+RsqS7oB6E2)X0 zhf}p?1<$5UyfQYFca(xSN9=@dQ|o{j?km(ozD@bfSie=ih}&8q5(Y~|Iys3%3<&gd zuEDy3Ox(9^XhHv{z+7~Q8u)-`2voO zNXSUt?NCeiT;`Y#@wLZLroIw85M}R^hKgmA)}!gG4Wb3Vw%m1(CMg~@a7-8Rh&H;~ zp!Hq0sES|bUx}uiwn$oZUG+)oRg+_UZqT&mcH$0uxC|9LOFmzaOX^!mGN6xwzjNWyekKh z0s1hkW?c~p*bKk7fbG&fOMt9LuGboCQW`lH8=Ne9J0mZQ6}!`fD;^r=OawX^e-d!@ znYQowtaij2wl*aC)(UWxJ#8DQy2?>BZ!KhGyeCXc4D^yojsE*&0CV$L^j~{>(p*l% ztU$d$h41W$m(Td8rby6jpyx@(UllxQBKL?Vuz5#|&-52~{h=prLL=a?BYgBi)9KY< zSr0@{h@_mTiMh&*eA{=9Mq6#lFyIufxICEyjmAVt$n^Fqt{?)%SmuQftfx%E7+FQ6 z)R~P7Zhn1l_PhQ0aO8ilmH@9Y@$GfVGZI)tv7F$=Ff$nyOI=_W}iwfIIMi}~eene_&=^MzAhZtfc| z#X7rK>O+K$**{pcz&II;-?L6l*9-fUnl`KR?#?}vgoFpK6Dd}ucgOFUc}E$&ml`&= zte5?$dB+&Bne!@_UTOrcn53fIzA4+m*3-uJ*7F}thcVGzj!N^{#wgTsx5@xQ$8~5) zFVY1v0}aQBsC7XDRS{l0A%^1{+iV98oof!c%0Iwjal==;LccYG```Wdbno@`7i{m$ zzc$mzbuT5yT0@y)Kgma(=DdM1!1MEE(GLj$iQPuzE^erk&L6i2WBUNaQfiCo+Bi;hXKTf=^ z%rJpMDXOW}%`6 z|1Y*K?TiuCuMYqHFa|g=lewfdhM(WT9px81tY=glMOK>jaY-3TY8a%fT=;bpvbwDY zcJKG%LdbHR>UYW#AKN#Exx@uH`MCU}Nvpi|36wf!C%NGmDYR(-Fgu7ZSg}0%-$fbz zN1;#v<#UL{XkG}}|D)Cav+GUPc!uN}&z~7?HRPa?G1MEyZj<6IBOZ|gA5gc~K8ld$ew_^diS$)fkWzC34T#f^%tJ^f? z5x}F1%RWA~#M(`2S0&q()blR6ltR5Zz=$JdT5@`a^Am8Llb@d*jQMQuM|4W-xM3*h z+j{Iq_tTCUsLAmj9U3`}?wT(27dtFt?F{8+ZkWnGhAjDycG|(Ex5>JWI|-6ZD5Qh` zyir(Ej)O>em`im6D??lx67nLylb4|ae{Ai?Z0Fa?ngYe0vYt-Stzx#7EkOX$k2oD* zRGKSb$~GYb^Uwr4F*sb57I1MRNP$?9)0CN%#TD3X=xO#=ktC%S|LnntZ7jbhAw)*54_W?VA40x*! zM9fU=>cm{nD*@;Ai$fADt;}BI!aKwI?UgJqezZVIXT0Z;QZx3$QM98v+ed8DkxR(0 ztSMS>fv-5dnWdjyraBBBpeB2fZp=*=H7?C&#(3ewhVvznU)7tHE|@(Gcxr1A>ws}- zM$cqN#yXtK&m0QCpgN}~YzMV?LA{cJLHp9o?Z$z@RUCn4w2#XWWH381Gerk5MGqwB zfv50?%P>My$}*QR786kf*rQrhHuN-^+}~))bu&kncfJr+!5DB;Nw8U%! zq(_D75b|f>O!?FlqBHaa^4pAWI=~XvD~Ve+v~(z01lX4Y!W$Mz(wPHDLKh~5d&kMG zYI@6_d{d7RYUjy@_YYsUpkZfbv~Nj|G~q3+J6VH8_LMr+6)J~;4)=JM{3lb$x4n7O z$6dtFhOdj{j?7W4~u@;8DF+KxUuQpRrP^0x3yb5!#C#B$L! zB(drN^E@+Id4NgD>`@~uVKFNcDkC#u{aq+D*wN|&Vt;3J%OAp1FBCl`;HMY&kQ0t~ zjq{NJ$b(Pdr^%|Z+>W%&eGo31Ej38Ly~yOL_gc=cZ5EsA*{)B@Bl=2CBFuf$`3IP@ zx+$G>D7RzWSiLu*uE9G6FT-%tlT9`DCJR2+oUAsn9ZkJ|4DNIvaptuzpV!kFzCp*5OUemK_g0?8EVqJ~BGh`N^@ha^&49k9^?3|H{ zjo?l~4|NhcS3psnQjD2NC}4p=jUc7na2p7~us73VOd=p^`8{Bvp`jn_*ys5c1<@0q zWfTu}!oG`=D2|Gf%q%GH<3_tg{RbodK_LHlL-*fj(B${u62$C}3X7qN@x>duK&2w- zEHs`PHKrgb`Dyi5%H#7#=zEk3{~!ccUL&>lB$b*mZL~kN)hU*+07?^;S?}UP$`Ruo+=WAFhD*942K`g=n|wr8C(PZa1tcb=+EYWGi^X#y*sXHeiv z3!}TGljp<`O$PxMd8#{)a`A%;G)%41quc`!yKrrq4ip;MSGJ85)LY}qUoQ(CtdBc8 z?dG~=8-L;*Q?stUit(6`-8MTx)Y~|UIoUZ#l;iQPlU;;W<_dtxjqWlEbL!|ivqoNI z^FKUP=-fQ8A<$LIRk@Th2J0Bwlb6KxD`7DmgMAMDxtoG|V}{Ux_f;-g@E;Sh>A859 zi{@tLX^z!Q>X}1@y;%2Xojr_i;3(1#4(%&*I;aU4fef&LGde*nP!k6y%!TsK_ORn% z*CB}Q44hb7CadIRccC9pS>>{Hyq1#;W)dAK7tZe~t2@ZN|C*K;)A@o1`c5E2$GU;Ybu*+x z%b=;A{=6W9O*$Po?t{yckeHM~(=+fi2MAwC+u|$AGc*x}~$!vo?=oZgXIS;)7mb6JoR?{puy>G2YY5_K8euvewx~zrP`_2QTH;#r{tzNqUsL< z&>-|N7@RmDT3-Ky4T|KKfK^QC&3EnAc2-WiBXBc@(7Mj3nG^6dn#N%i#$7JRz#}-b z+I3hpK;!bRnbLm^ppN_bh~3(PR3!s?fgVgPDg`=azUkLc>o(B0lr77v2Rz0r1M`P1 zsp(1C>B^3t`Erp#lEh*deM)DU_|ES zW@vGn|Bm3W^nVL;%6rV$`~X2wJ{0A`c-Fwd00F;HZRVfwlQdRu$De-6 zAYFmyg9|=9@27ECbNkmZ-a{i2?%=Xymink}kIv9iq$Jy}eAx~*z|H-CwH{G`)`PJn z6@BjC?=1%3yR_CLhu71&q$jbjKZeug%SkZJyBDhUBbQ+Q`dETBp?c~W$@bE}pcgV6 zBtKJK-Oo?*pwU#|{=`4SaXoiANaXAsU6T?nK68cB$M!`&w1k7wk97VSYRi|+dR&`g z(P=-kl7B3_@B5F=v&YQWVcV4LkcHvUe{?K^1b~(_WxMh=H?78ohG3e1pNvYMyWOSfTa8CtNo%bhx?!>|7iST6{4D*c ze;<)pk~fU_Kn>gb}`A4m|-gJxJCx*Iw=lwf?rEo$re^~QdH*WN9mQkTs@ zmC#M)&}l&4VU8ZEH=*UpAJXh#5~2Pj*!0+XD`(pS-9<=+j-v<75y!saL@fsF(`dFL zC%&;&T0DRXx&R^nGyo7QPLcjC{&k+CcVqp~f>TdfLSDRua0B7XuI>k0ePfYUev)#g zvSWrz%TZY<0PT+X!ZCJER&|AK*F>nz?$t-ur0~Lz+hP`k{uui3bX$5gs0LaWN zbEt~5e+=ivT;>POelutS05btr+91Lt3Tx@CqxW2eIb5=-8f6(4_f|%=4!cMtWH9LmqkDjo)8-6%Xj)T`9J901VEP*CUrKf5EvhF`t$%Q)oKaHe z!sQ9lYho%fu|fn~A{=-zo*-GV#8X}S!=e1EHK&@!oFc1b(EB6BJwbDT|% z;^DWJAvGRC2{fjR!l^>>+v?HO^eXmK(>G{&X7Z{`T!R0KMLPV)og4 zJuP;CbCO&6E`;mvC*JGpb~45Xig!Sc_4YeE@3$TWQ|y={OS6FYT~D34=GZy(3Ly*E7o^GMY{{}2~0f7@}cqA5PnK0tAL zU@ND+@7ezzHEq=!-&|j`PmCsKI!$&(1`gn^Mn$zf@@qYg_yYHCuTM0zxNnbv`{!s1 zGI1f!?thOICrfvKsz^TKnXd4nP2n>`a2e@5OW5waDHq9BHfn!yv-O#x7OCfB$~BZS zz-s=&Aj(g5ezH`x5b^gHSvUanA85xEJK`raS=!c1Q#2(dwo*-sa*C82i{HI{S^l#X z^*WryxMjSqlvOO;xdDu2B$eW7u2ku(LrY!1I~0r?DKao~9gcdoa#kwibUpoV(HCTQ z{l(imPd{l^P=z7Cb2kKA7$_yMhNt86YFloir@5VBIcTR_ig|Fx>*me z%S`PI_OEJbq3%S@MbKDRO7(qvw(-5wFgK{*e#zm)NAIvjx!Fl%Oii+yO0F-ST8>mK z&Z^{vaPrsa0lv2%r$4`fJy`kAmGpxB%hC7QkSUzrxN4Sk@O#m4&#|`Sxzkc)7&`X~6sZQNp z+N;@btNBw~d4-ZN%g9uQ5a0hC^4S}QJ)gDx)>UhgURKxTns^#4sRIxb%p@@8M#K9W%8E@ zt_~TNZ)W{fRc1U#5{!e>KQ&n&Ra&UkyV=z$h}ETf6^yar3vZvT`<;3tZoq=rA3_;@ zy41=bjn)^#H9eUQxGZZ}?S6pT1c8`N`Rb3<5C?eF7P1>PPpDM>UkhrAgxW%#weLXx zY{s_iio@t)e!zP*dCUdFb+0zEP6 z<0%ad4O`LkzbgJF?MW6y?T>4X4oX_Kva0>BKn*_A__gZ>(w*3Q^#YkEUi0>zY(rSl zMxbiQfIBGV<&mhLNDenJdar+Ok)3Dulsn+v5>Cyo-_ODHWN+Ko?G)Q+*_6*}IAuy7 zuI~areXsJDx2{~j$I*-JvsvAT^Gx*L+Pm%kdssJcOK$%Ui2?sphXBjpSv+soyqp{yr+bt%B!Xun$#2e{WL*eDd~#YDdsNG#DH;DneN`YUP!#;jF8mZ3 z{Re`VkZZh3Xjb-A{%Qkpm~W_BO$9mlo*+nd<`Mp#6~z6N2yLeqhRv)Hrx$>665s%& zC?n&?463OrKUt1@zStx*t>;jiSK~Av5Q(dy@v9BMb$YFUBH8;UBhyYY^m7F5kGDs) zdVAkW_qVrSzc8Fv1va0uUhPj| z0q(BT2-OSmh~n+=rQftYkG!^-R%dJ0XdeVaPZ&&Xfr1|iE~#8D-!B^Vumhep7wF9D zV4V)?T3M*qtbT%7lI>(8!H7R;ikng!z1z!UB!z8g zl#KM0C1(9fGG?Xu<}Rm~!VRvRw7u-}4KYtEB2dogX z>+B%gwWwvN;4CZE?A1_>?{HT7a+=#%ZaoKoo%@cC{I8!xT_3l?6_b;`deHE~N8^(qH`fD#zu zfSm?x9+WMnQsuSJ)dkg9fU|Fu3o)U5vz3^=XMxxU>7$Hu_NadO_x&dX$rD zhRovceUG>9PHfakbI;JxurSRmMbRInK@J#z_6`!vp`8icF_R@ zN#*hm)9-bAY8crmVERR8Up8J{5<-@B;iwAcg57$OdKwTVS`f^32Gsu-s!cm@KP=5; zh^I9K9OGsPd8jPOLLN})5wq`_NyEbDgHl*|7_Pb?EnvE*ae`2HX^`y@2P^U?hlLL; zZu6R%_p+-Wu}vYWQHFl`^Qt#MGl!3-cdMfFs096egMKJ0A^)nU{z)73Q+MZaKjM#$ zq_?w+Uqqi??W06jkP?lB8YB>WDcQ<5PVRA0ke>n|cpc>_b_}+*^mfQMZw-Ef6nk2} z7#2cKbNvVZVOto}_?uzlqQcVndNjnKE6QImJ-*$PSakMy=E^t)>|pxEZS1$vxF|ce zc)P^)c*;t_Lpf64Il$7S(tZ7X1A!Ueo3-r~&7CgVv-Z29JNN7T`}c!ERn^ti!?XU- zmRvKWO5^KqDv4!9MG1rHA{&g!D<*rNWH@M4IFxB_NXGiK`K9LyHlS8GrQP8J5!AJ@ zp3!xra+j~?B?A*fL(Bk6l+HoPcyau!UhhoZ=o`+RR}Lgi6X-|$;Mt?w;^;8%J=7lt zbqzi~vqdVt3p(egS z55v_6JK`f+_g5?f61xV`3P(7|R!mv`;h^}&y23lNY@3l-Zjz^%Eci`bBBJuqT-S{(kJDSFe&DMwNK9cMV+CrDYF1i zMs9s;Hh+`>ZAz!=Hxs*3hcmoFMb5eJpFPN>san9EM4L0~aBWJ9yJ4BnXWus@NEUiR-Wx0JUK;X_Ys5U0KN`fw<+4!qiM1PWS? z>$yLYN!G38>7954?21{3o?A)J|+59HK{3aFmKiV z^##_*Sxx?qRFse3%&-ll%C36){fPp|unY7TD#K6O@SnQipqGTs#c-B;swYd4%L|G* zMoBM@gyQuTTI_${Av0QY$z6^?Le!&#SBWCW<#4M?DoPgNajZiv%S!v!4dh;hDk-Xwl0RykcgK z3xd;wDBm_ya?}@$II(psiI>-sd_om2DlTMWv_xyjS&+jsIEwkoP(IXids@bG%EDWF zb|GpS2vJ6f)=z8d+2U?d&Z+dC)E&P%3C44Tb(nrmUN>fWKY<=lqua`5YgRxD>@>ZtT?A>sTRMjrpv1z+q z$a;n_okbhc$r^Rsu(rhf*2E>mzJ7bc70Xy3g10%^&~U}32aa~muecs43wAGtF&2}q zT`YU}U+p&iIGWJw1I^eob|LkVhyzD&qk6!_^44=Z>aDR~M@eggbBsrhE9geiaheMN zS&%gjrlv7{_cChD@%p~h0$z>|B9ew-@jM9aK~dbS^PAz(M!Jh>7o&vjTiYBc1H9;z zEcTs&`iq3d*A>OOW#KbXjiXiI8ke}Xk_rS{N&I*;qu20|uFe|9O$c&QxeH$Km;BC1 z202G8e0c)d`FS(b>|DjaRN;WzcX{hLs6HuU!w%Q*BDy1FKjbf|mvJ1s@w{qP_-0HP zb3%2UfkpeTqQ=2V$;;ia`97+E-3w=P76kh(m>e^iQh<9;-hK}A#Y;$Li?$P@qlbkI zJ48M&05Ed#7>mBdKFpQR`|WUx{rHr|iFI!LoEJ0$?OKE;5n{by6d>IfHA9aa&2vl{ zpl%B^f~`mMUpuyLtEN(Krm2YdN<@UgHY#)OAafHF6N5c|eY{50?q!hnHb`C5S?oDN zP-}ytSX=A0roKM4W7p-oq_GlM^xbl_kzs0*Etv#~b+0-<&f z-Y`i|Hb1JhUL=V_h^j!PFW!VwFcg0sU9%p>yGOwf_Z|w_K5(mIk>tHKVJIIkh4&7( z^Joq5Pv{Fg%AfRG{!Ye2V%mSrV(Od56SdH~iEEtDXuc~)@WPfaRA^wnrDc5F1p!R)UtCdUA4@E?z3*u z&aoSGosvcgJnMZn(6on8`gJzoR8E=sdkS6=L&n{#eF^YV_g7&~J$D;R_E`)hxb^Ck zP-vp|#z$tQ6O&Gey~J|Sl6L({%1#kViz+6Ri0iW3+0+zxHke{+w&B2h_J_;asZr4Z z8vKYcTzE?VT}NPhFzKQ=4&X{{z4Ruw7~ypY68c|tH>20r&n$Q<-W#YV=~fl9)w+7@ z4}H@ZFPa9lK^O(~!x;ii(F$kD`;FM*;v%QtLmRdp6Rta_^Qz)!Cvn-4$x~fn5Dg87 z%08?G`g3Q|lpAe+BDY>qfWUKoqeFG(jq&l?qH%g0yg~6jv&tn`W^|iu>u#8C-0SBT z`%wu>8?%5ZvVrgVRmd@d5Fng41eZtpZ4?y*J@OoqxRTN>H`-S>>uQek#imz1HxSER z(K2##sFb)mCwuRO_R+Gg#|?|-DU=wSVRCX5emo{%CtkuD-_XF;-PX#{Gk%hF8u&Ki6F?en&bqGl)`{E03&WfiQ>5cwnBS?`pF) zlq#S|=#=zaRzv2}9|ks_sBAY9z>=X=?=t)@eYUl3q;zge7{9YUT+<4=Os_Hp{9)6GYDR6GE`fmq~twH{{Y73J2~q$FQE?NDS;_{X8da+N}=)-ku;FnBqXpH zCtRe_n9*_8H(?>r_@nf9E$f*^q#gW0BNGINQB@C5Dknd1(Dz+QYbv8K^j%-s6?cJ( zAFEvK7aJ8&3NP;tw_aTmk6xbjw~Z}^G2dO*?pveyY%_;sR#j@bJYy(I;g?YE1D~zs z9D1ojuwsk9D#8#<{Pgzr_U@(P4%0O?RER6KgnD#+rBNu8^!h>N!%UUE~3?HUiS zt2B*y5)p@i(ERa8=D??ioT7Mz^~eZG06@dlkpV|1kL!hVK$-IwJB?X0HU%cne+BO} zAMhxdY?~ja(ver$M^c>HRkSjh<2MLj17yOOo|jhqT(Xk5l9@)C8kae2dgv*B!UExz z!QSt9T13EQ>DL&7z~1qrtrL{C*rC!pa|Ka-DYD;P@vnT1W}2tvFb(YH z>^to=a5@lTDEPss_ z*M$;J1;SDjhgQAlVsei=R8jba*eq||JXqXGggGLf%|8E@p82Ec{!OoI-{aR9i#R4v zy+)P2HqKjL0ITrFPOyHd*Ml8ucUnXDs&fr!+<5Nyi1Yctjwp~pZZOvS=Rz&2GR|3T zQaH?ta|b~%+&>n@cp#S#t&wvu9Hpz=|9Ao9NT>PZ8M8(2CUqwrc{9hXxGsjw(;9St zVWYR$h$nR&*J!=%#Wu}dw?OR|XgX(X%9Adl(L0Yr=vACDFHZAf11~o(cS|D-Jg}zq zOnSFQ1<_yVmgt!SPCh;EaAQu~U`&}8Ieq1WPZwNPYME#~U#a*`YIJH(lkxS3-Ve+@ zFYWJJ%?B^juWq{j(xQwx7;JqFosRHaS-*ZC+x&(5(ERmP!2Vt^)$+2s3K@>r^Bp?y z>Y}l4k5_nkxMSrjdq%v()oH~OG+>-;6o;qr+WW4Q!Y45HG*2XK&057EImE7guAM#O zq&ADW0LQ#T4ZaM~He=R^TkR8hj|<)Y6-yQuO8bdAFAUItlVf$f5MG~x{M8iJF3cr<&EjdonPBQ9f(t1P*F9g>OMk(&8L8)3?G zGvvW{LC)Seulf5E9D%2OjJ~C-K_+u%^QVjN3+I#e=FS9LPt(iqI+EEH!>-)Jt*hUP zc&+CRiJm7KcC0zSm%l2@!Or>@H{mP$QRe2pV^eN`t)%CVYzQvxz+KQFW!432u-~;= z(S29$(X&*sG2BW0EpaBdz0jTa(xi6%vSVMu_sA18aIcv&zw;^%4 zS85NV93o4@VLvO85m#OY%7BsCpw}4P?gJ704eODl>?B%IA4*^e@2sQv=U^&&U zJYh%ttf!OKfa7YU_Sst-n;K2s2GfQN68EGu$bOM4(#Yv{!G5#oPKR-j0M&$n#7Hg0 zH@3tM{ojL?*5>8aK-sdd<4mcanCYaRsl~U5$%7CLxnP*TJ=9QIS~`3*+2fo*%z0C(oePN}KdotpPjPXTW4pNFUt z*ugF3mUz{2Xo>a@^`=&hga?<^?sEd zF5yC!`~C32af~EQNN)H|@zeOxmDG}o5gF_G$7gTuLvTH_X!^VXVG|zoJma za$!!C60?&j?>oWr#pMnvwr-sv2&zQNl~^u#`YFnm@cC-Jzvv0C_u+53o2^zEr-8?V zMBwrzU5wmF@pR$~yyHWLAl~FC-htO^q}kFR-$_%DUW=uTmAiKx_;iOPefY^C+Q^=W zdy<+V$Yy6QG2DD=V+3(9FgFDV8|oEGE+eN}+^hy`u3DA^t%mwj@Q1nu+zOsC;U9eH zL_I}4!m5*^HqCr6M_O;RI71U60Acyl&GE9roqm3c#SQa;-p*?M2NU)lOcDpiVI~5rX!^#BxTjlRqPV_;)y3F>sKAwa4JHpN*wjP;$ zQiH;q9~xE?VG()>fL+5BM`M&T4`#`|Hsijq+gVs@d_gl0pRC@GBS0|;9rwT@i$4aG z+@4U$@1AWi>b^;9$OYiuCbh(gV!zSOaD1?p-b{03pL`w&-23~9$jTs-t>-!&N zjtyXs>#TD&PxfYd=F2baat>LbT!P$yR~U`s#*SpecAcKm$g?EmJp9O=WfH*%R`Tf@?0 zYxjp`pe0HzLKTd@-IB#QN@+sB*TPGOYP|~h-gG+Vyh@k4 z0CH>2cmZUYg2{;HqY2Ud`yL@hP4q_x4NU5luywss-`@ocm#zsqr6(IDJbgKhKRlMZ zO}_xPk2=?|+HqEyJ|nqlz&dixVk-JWntrwdQHT{9eCJO_<~{`8B=-TNmE!_-we&nZ zBUm)*(WdjFPeD-(4!61%Ea_X?Nkk=9)}?9HwzV~t+3VQ&h5AgaJw}cxUu64M10E69 zf8o+-yvOG+XZ!(ONT%r2vSKOl4s1`Od+X4eB=}~y*2d@20uMDzRj*0}8EPQUPB~*o zTR`^1?5qniy|MCuHO_Hf!!4*{xT#fhe(oT^#Zl;COx27NvnSQ$Fu>&6Djr<@pF>Tp$D z>lN6?ATqeIY3$L(A5$@%(*3_FyagA)c%Ib@Zt|*p@X z;T3Iqe8X&BOyImoQOzxsNb@65-OJfuz7OryG`M*(>o$}OM;ZQRgpgo7XElZ#wN2t< z9p@g&tY&&ilyV9V@mf*+?8X{;*cL@RxTw2j^j-1!&WmAQ+uZ~X9){oJsYGekXy8vDQOLtV4IF}zfTVwH4 zP0qrcOC=t+s^gpPTO^m71Lk?oY#rysBZK(N(!VhQq4P3$d|+m)=A=LD?2 zlltvmi7thFVAGDT8yn-~!lN&azK-d0NA)-aA(dVt10V`3?fw zQxAGQX&E=By)ylsf4iv}zRCphY{{WtlhTwD=gtp>oU?l1M&6(n-{V*HaPS3NX(i@# zA?S~1blLARDIzLz4wb&$R}qs*IJxTP6KGz7Ag?ZIy9{G4@H47Iv4!yk83AfqZIm%y z^FBjqzpsJ4Gf3J}@40zCMKc7?c`=koM4eC8ILy3yXme7HW74dBN`1^RmYyKjUqMr-6NUv#W1Gm)_G66lazvN zSn21#l=>cT-zZ&O`Y?MVp}$^EyYh>HD~Zr3h1H^oVYu5|wwrMqGkI`w*zts0X_fr; zQaDfix^E~WIj7hBLG%t~-zzj1Skr*Q&5N!%!~fVuojreHm~`Rm8~l@vf)8F_l|fd) z4A(L%LdcSe9X<1Qni-xQ6>q+7ZEvQvB9U^cloa=)CrW6UXU`R+re5w-_4vdAtXITw zBDZ(58ZFLDm;SR{biamG~E*@B}09k zPobx2?jt?2RHu7TC|{#^a9iibA-%v8p1|ne;x0s%1!<79y+8IB!$$kRzom=4lV4I* z+}y0+vc|=W4?ADWs%#q?V;C_~$`A18+vGI+*nSFqc?S(Z)n32vg)?g7!dM2-#QkrL zl;dts11q*Ro+%#f4oP^qkDs3P-$|QiR2o||`(lFqe)O~2{*+IrAZ?*@_1Aq>6#OP_ zG2$}jk=HD5F{dz&jAlhsQo~+R%x~St;dLje$8fs?BdY_3Om(OQA!6A_7&H#ee?m%J~G+T=orThQt?8yoVpl=#ehgZGcwPubf5v+^_nDT zp0lF)36j|_IIT!@oC&fE_L1{?BGL;_Hpm}-mbDO}xiT4QSK%@H&CqYofvqR1ZPl-0 zj|tTkY2n(#6Zp_GbK`}bC(7bMj~ug#rp)D)JAV2t%XJHqw#M$@_s91&;(sT-er&9n zt!ZEO@|Ifn6nM2raxnB`W3*)DmUE}~-BLy6X2CEf&q7|x)}!N@{j*J{bvG^P?11vd z4d{1lNOyK)J8j#aP@!P-EGjWMp~5-OEa5H3LPg7Eeh+T6pn_NPd#i-#3ai=UU`|$X zvf<^;hv8>~5wD0xyl`q+J4UTB_oE~R#c0J9rM1NI!&q3sE##j9Tv%&Dl&MZuSBJN# zi1Lc^rE3Noc>~D_@AU{JvBRuArBc853pHCwFN|Jj>AQSAm@U5< z6E6a;OQuV7M4q2p&UzJnOWO__gPb$gPQy1w=BF6HFvetVluL;ds~T#d3V|YV+Nr+J z3NCW7ccvRM0~K+gx8%iuvTH=TXd` zF2h2KUtXHF?E?*D79g%7Z17D^*pww;SALrHKy5F2&EkCMCI2^q*1LWU_ok*uT%b5j zMa*t2Z;@YJB3iTn!K2}erW@Jgl~{uH@-Nq<_p^Ai=2efra3W#5AA!_J$B73K2I;7-7t zmBY--S>IKKJl*G||Cu{WD=vVzH*oA3)rS9mPeCrCPN~|BklI|xGelH#TQy#3jZJQD zEIvNIFq=~@QnvBFM&ETR%{eKTppgTVgb}whu{&YgYh9Sug3tYg1MW(rG5H{$K`>#x z_pNxnl$OnB%;7qJKS8Ma$7C~Xe0*?Fs*lEE+w7%Hww!5-6KVS0Yb#_W$@PV>r_J{R z&pQ%UXCqjmL^Kn*&SdjdF1qQ0=Y}3wX)Tq;;aUlrm&I6{*-N}$o;KlAz@nJ+%Qr%c zzc3xWm2)wIKKs<8UdyVfHLX(`NhvAMkc@8e5OEy;T&?hI8a@m{=Sa(?Z%yvFU^P#? zHSGqyUtJZ1HR+@wUlH1`qb`q}U+osA^{%M8=N;&=NQi0Nom19QVfLD>$}ewlYkh_F zIc6S~Fn#xn?B`$o+lC!Uw8eXW)3eM~9~{fS-RJGsP~$oL2zaujeg;fjN?lf{h-g;p zj7rd+D2bg9_3>9RwVRiYG`vg|;VXA`T5tgd#$MGrfafyiuJNJdN5SYL2GH6mN;Q>W z;K^7)HpVRwe)X~-qW~=r#2*Tu^-k2bVNgwdO;3WYLM%xyRw!EWOK9t z8q-1B47YFEuB+Cey@@!i#ys60mZszj&E!qJ9L;1Z*=~Jmc|Q7ZKkh60Q@z?2!`cYO%*(yJsdo{A^0*2 z82vSe-FDY2=|RWduZ?hWGWor>&)Re)Opvv^&$Vy@Boi!O8um_m`9;D;CwT&Ws<;!+ zU(>8db?;=mkz^~H)U&sXdFY&VcTgo8I1Z;|tDEj|&bB<&Hrogtadq3e-pu&q=Kxzo zQe45{ha6gTq@yg={Es%_t~S?NIqIK(2%EGA_?9A(e_mzqPMWYY(YQWcuqL4!Fa1Ac zeFaohUE8*VG|~+MDxh?CigXInEeuHa&|QKw(%n6D4J9Dm9Yc2x(hdJS-}`<4t3GS7 zSckQSIeVXd_Py`8?&|^t>SbO&aKPWj$E&{iM(Azpq}#|ClsdrxYLp*UTG2azRK&Ev z2!ot+U$Xc;kK#4P25XrnfG^9Cm3Ab=?od<8yK(ffk363-e!IH2GpQt^rq}et^;QdpYjbDOHq}k}T)5XYa7U^)bO*yp z?eD+|Av|80W>>hh)a&X04scoE@#|v;=iP>eg5`AV6F(}z?F^JNYBB7zU6!?Y4zT1k zK0PZA`lz&}%$^l@GYlsE^`rNZ2KfLAX6usdYhn?kWyt_$TXEP$50sopK8bP5>9tuE z7stvd3BARWg1rb=3lMpeqn|TNoa>6CzbHgRv)RH-J*z6=ze^8oLr~f9V-qi|!tQM( zsz-me4&|+Yz64q&XTUTfHn3oT8p>E$S40q>E;&-Cp?EyG-PlKmNHDTiy;T#R0NiN^ z<)d+p!|@G~{*Q7#yyN}$d%hM~Tysr{>$Rz;{U+SZq%+Fk5cSAcSRK$$0c;oo&mV{v z&Tz|4lkx|c{A=VGPlwWLE*-YYc??vI7wRRAe$M;BYM1FTA*r9rILWmHRhFU-zW}qS zjn{=eEL)T{V)=u`%6u2S4_*BR@e%Jf+1dR~i6|FZWw3-On}+Mb@LVQ&KLgO8(-koL z-bO@6(8zi9n&4~2Q}SC?F1kak_tk4tKjPZA(RjaYJgi>X%|2=_?o6XWe(CC4+*DMg zJW7?8ztJR9sf}k;1YUvV_+M`ZT&;XGhL-mP?Y>tVddvzIM6?U(08xp|E;iq28&ieH z5Ys@{PVwOwoYCe|Jn%H3|s^wY<#V|9|T3Te#1oPpg8qg8*Wp_Z}pSz}d$mq_d3| z11s(a6yRnc=w5M&XUS>fqTt0{gN4nX&eS#{tB9k2E5Bo#T{Ruggi)VBbqpt+>5iv? zH{a;4f%HRA#uo5b2Xc@^l{6O8d&I*Qe!0<0fxAP4K3LI|vAt!}C;Y(c5OjODLK(Xr zGm_Ko<>a?<8+)O>gRlBRN{XC3MfEjYPqoX6J%-dA0ELAu=}fYRc&{S;czr*?el(`a z(PpzR=Ct>zRd%$neYr6SWB--nAz><87vIb}u@K8k@XJmZaHasM^U7p*6^`BWcq!tf zKniQ9OClKKr3tX&h!t4Y6asa>sF+r)}_KszzKC6CG zFhxZIhw02m`q6_ILg8Gek-It+>wev(FeS`pDE=WeIuR3Ru-TN`s#r*hH&x`>){)Ji z&{dl6n=`91WMcO04am;r!_~@QCg`?i{vxaf5l7#9&rJ_eK=xv!HQdJIpqwYwi5NMN zQSTMJ$FxAzkku=JgFh>k3>5bwOa-o|32^PZt)H~l5#+_0LqqrNo@*3zZCDrn* zcyjPsT_@RrnS2(^%@Ea2(3!QW-=r0q?Ip8=E$NG7LqiY5ey!c#L4Bywut);iVeR*E z6{Ru(VEFO8?DqOm>AUItMAGD%5&qfDQryo_I%tiL@{(T)r%opQdvLV3bzm%SqT1kh0!zB~XHn3?cmIqTbXbg$jnwm&dmPtO{J z96Q(9R_2*_T|d^%>hoL}%e#Argtp%;d#rgvq^{IP2{|3EwOdUi2DU@CrgzOw4;^(H zzkF2II|)3q78(^iD~r*o`V8Pb-byrJGrtC3E#JN0bL)s8qlg4ga58>#hoRQVJ~eQ4 zz;Z}@^b~F|1czf~ZQ0P2S*Av#L&PrH%&I=#rS&K1f@KAdC)GC?9#-gPbJA!Y)q@gy ziXg9mU*}3yNd#}C!B}uDFfKskzVb&O47z%@c0VAyb3Bv41rK6@&@MabB$oF&JbZW( zF+BU#Q1fwx%j4nH9yCcT0uCDaFnhaHj8WX={A?xP5vwD#9ap(HI^Gmy?b?x#}* z??Ogd`6f*-uH^gQrKP@b!2|W{9gYfC8_+e789rr}e)1aG2XNJ0l!)+ywbZ0}AUU_I zEywDJJn`0C54Fy&0@jn+JG$OCwq0jkm}K0XZ<$751zw!ukaG=;JFj>= z1r&KM&bep0t{2Gb8S{*1y!v&Ykz=uV`N@DDv!E^mz&}O25RJHi#}T(+PHV z{yt0LyXF8(KDQO0ZbTIZO?qFHt_0ozdaW+(U3{$W{n44xm^CZMri^{?Dla15z9bOb z@0CKn&=rfby9zX>pP@~=P?}P7Q5g#K0VLNyF0H9eMr_z&X=ejN3s#_2X@GzNiaIGDj~}sY4M~b1-w$9XFpvqR(6lOy(pt_nW4E>oCT7WsAiw{9PNGG&Vm+)U;J6(W)dJHDTxc&q3i7TzwV& zcBHrHktI$k;;Zqcd{YzxsnH?6p6P}M$^LS~yr<4YGpii|3d>;UgCS7iG&l@r&ucmY z1Gw(2szGlj(d2$%q52ZadSV|U>-@1v^33_vRyP%cl=E$gLYjS}mL523IU8&|de<^- zRm$*8V-HjpRvAueC{J>@*>!^tG|Q$aq$daK*yr1e!T8QJQNw^sViBg>_b6rRKY6R- zaIFm)R|D*S=tY*-)Yg9T)~pn@aEd?tiqkb5DXvDZ#!bAA&$(mfyNz9rRceyRq+`0j z4{6BcON2XWJ`fi|Xf;77;RKD=%HfoEbFLr2|4cc@+@g=_3 z>j*s~48e2+igpTNk1&4<8c9?2Q%ggcEBMlrKJ{z8NzRdVPhKtvo+DdR zV@#N(lpd4Kt?EJZG49?WRH|+1PFf7#`ClPjU6_EvB%LQA0Y&nB+D;WQ2 zNmSv1!i^Ss#bCv<1e^f1-f_3$+=OB?)CjUx<#wvlr{t!Ub%F!H?vGb{YG0ec?{FQ- zlgK`gpe!Mr*$o+3qcl{wkEt(lCFb`EiWYW|&nH7F*l)Fx_dg-GtgU~ONomXRv(G2h-TVFH8n0RncW3hPLaEf8Rp`>qUe<~1bu7b z+7C=s7NB)`NKy)*bi&vbBz~fw<|v`hKKP1X`nWbjz-rJtBDIU(S}Pwj(y$iaQ%;xV z6^Luy{AtTxk#Boz%pmJE208B!SA9SIBj_N^2kBJcS;`V1qwBjnZZ8Lfb>1jOjPRU) zIqxbLSa8o0UniGv?dnL%E~NIw%XogC4L_ZFSFHHeJNJbSVK1*Q^10D2A+f+|g9Sg( z=+%p*a;41W?T7aQuJx-3T096XO5ccB)D>y8VXfwge)JrjeK{ho%!Ynf@HUFW0%dz+ z)?-S#Cy{GSqP;K~hhjJGG4mFFbf-7rSPzp8x(EI*-j;+s4_7pCR)YlFBR3ysSLb_1 z-0QjA>e=4_3Tz4m-RVqw^K!qtXGEK?e(XyX@v4^DVnvDJr#y7=FFVeZP_| zc3XC$@0Yq2?oRxB!!Q3!KaBJ-FOvcxDSW~cg0mYde z{Rm|MUN`*ldOl=pn#ygHthYEmAbtV z(m8PDstD9Ce3TOXu#avOBA3jejmAi{k3?wZ49J^+|?f%dKkvH@a`$J%ds&{U7c)d1O3kN;p1xd2c;T zjKyp2g`UO|BT4)|uL=1dBTM86M)4Swi@n5RA|qc#irju!f{^5T98e%t^7*ZK2hntHnCw z@E4XASw7jXa=T0!NNTOVgjHnvVB<0nQ3&2)P}i%P5b7Q-_fi@h;2wm*HE1Z6Qkh2& zNaAP?)RP_GxXc+@efQqfaB1<@ar3x15N{C_aVz+vA}#_CCr~91vIM3;>C%lxP!0{I zbTatXFx=c1Op0d+fGALvB+eD?Jv)+y;kWa70;Nt(`38V@g-wvJI=to`jdj_w9UuOjQ^g&N0w1sNV`#_$~OXRGt8VIec%h_6%$Ud~z0MYk(^)ixM}w{*#NwX%$V?1-p|V#|?~)Ra@#eg{^&RXvE$ubB%m#V5RC-A)xUBfl z74B)Ba~BP2osc5Ogs?+}=Qwq(b)sd0vo(;MS$|hAa*~JTZGUn-vXXCgDoO6dN|q0( zYmn1X*kz@$?}^r|k1EycU$7LZA51?4XS5yB#X4voX1JBeYLBTh_v;-0T-IS!Z{wkW zodRc8;8t!P$_v+nU&{~}-Qx{+;|4dTMmzuggcXU45VuW*H@oz=tH&P8!I_=5o>Fv& zj~9Et)ao#Zq!wSkp;SCium@b%5vchTm6b{leWBlKsa}?Cy=inowrvw&Q5V!FX%`gX z?k{jV=o0#)s=h-t=4v|2+by8d?v|&6sT-w63 zRPnMR+*;rzvMouwyR}f2Nz98b9C%&Oa;{X+r{b%u`+N9#?WkUdd6bTc3w5$(aAGiKdLe{gI-zWATgSU|6o7*3R z-}^m0(0b9Hn^HlPk{UzfdhVGq0j7F_8=&yt(TKvQhl(y>1p2~@ z8+v)A_n>WsXJ#@Bfww|ke5lC7+AeRKRJ626fc;+xPz0)i=-2Yh^Md?yee0FC%Kk+f zB2D!UzA9X5Mwhr5*TT7KzEFMww0&m(G7f6u%K^Dr`9t%Vk6KVKlKcF3qS4 zW#4fY9s$+r8gZbENwH#LdODLEA6&65N>W`;q@VIAb02OmW^s8IS4C*u_{(pXtocNh^+K{?rvDh!^1glvsI!-m$nwO0$;r2o zUznEzQa`VK|A6@1M!G7oQg)+#$)0E4{G7PBxLiq2#OO;P!>5I(iAUzD-&N`V=RtkJ zh3nd&nh6q;{Z(a`1HwF#SPmn_j@|KeU2-Jy-YhSIYW%oaX?&HU!v5H^9-5yq zJGM%UrgxjBwPtSV&;Y?^r+URAEBxj#p>8V`256jI1Z!se1`vTUaKnDG%n>Vnr+9u! zU&aGo{d)|uh<1wxi5RFFnY8%3v2(m%ehV1?v)XisMYVNt$Q?GnA33mVCsFuhHVsQ) zWyhQ5#wlh+g}0f?SpjgLUH&#KS$cTBxP&@5mT8l``FdDU>AzD${IgVkzzb0v z-Pf^t0x9Ptf&J=pgaLrm-)+o4*JCm$ADmR)8Zk=@5p*jHHKd!IlOz2-r&>%u#jVer zBthdKwz}D*IXtwVjQtpYPm9X$4eE!M1yNMTcb`FTOHLPQwFJ8Vz0vMb-dIx&4ShP( zVJGBmSJ$S-1c@t9;?>3Hs3+&R=FB83{b?uu&%*yTa%)+tJr0x_b`Bc32ge1D`-R$B z;fOBhFH{Vu9%f;ZBlz83?mch*J;o%&Psxtwpz8&V`^BU>j(~ry?vD^rTtcowd<;9j zc`dMB?%xk7TGRpYQ%9|Pdh;`HNL}vB5aR zYK*d!jw_8DZ@1c9dY8DsTP^HRm>!9a@Qp_UD*KJfkjo9@FrI`6JSXiSpTs#;_H>t$ZmGvI!qd__b zW~yK5_@|GqfW-&dye{gM;*qA?J-5((y9Tp^>Wkai5NK}edEMR-!XJ(X>_waqr}FLh z5X^rqG+f)R{mR1Z?m(wn$U#Klio>Z8(nwMvCswyt&s5>CGu+_N@-LG$i0wNA-xZr% zF6M6;C#5s#bftEQmB%hefF(ECOKDciXdd{t*qq&^FF)yfVExeBEETKdZL+3j& z-XVbG0em^0=pR_Hf1YxjBb$JS8Dx>~gC||Kpu}^y9-_iYKwr_=;NT z?10lWo!sDn$>F83iPAKkV|A{x#AN^2Y~oql$JP@$R77}5V6(MUGC5>Bfk_8&JER2I ztKMS&GA252o7tMDG1{q|8d>FV5(|(l0E4xG%jRi^ZIJ6C{>3A<-&t(_v3CxL>|~^* z+Mr9IreldLz+}nzjwD>IElYIS?m+0YW7B-1-InrZ8}j@#@c{Y>U=_5-h~GACIn$q6 z(Ja1gsehcKe|lV~A4`|vEw;bE-^n1e;^h;j>-?Y>o0#~TfFR!C=4qMHvHgBwGnWbJ z@6Gka4W2^h>Ma99qLQf(HP0e2Q~uGeU|;vb$i%kop-tE4E})0E(a5-1*X_c(=PL@_ zuJzc_BXCj#5S$Q#bG*eP9PP7wXIorW7B(?h#*E^1#N*Q_Q@`&&e!r-D1Ism{pY!V& zSX-yx-<|Ai#?TqSgqA!?L5<3fS1Ayai2aaAYE`G0J^Guo73g;fxdb^SuJxt6Up1$T z=oK>J;RhSHMF%qt=Kiq;E*JxE~`DV<21 z4zy7zA}Uqf+O%)>texY58KTR)god`6q63YGiMNU@+TyJd{b?sfOR;y|1yFRJTMlx6 zj(`7FV+;KL4BURN?oN0)Mo@x0c+qgLTHwhmK5}~_Q-D{|dXs@cGNm*+pEvA2)rI75!=&X|}*6BTUl< ze^0mdg?w?FFoe*zx(1hA_!^`Vpeq zs1o&EOa76dEb#pJQR(Iik7b}fS5h|W;nhxm^-ZzsO{rCgk2=gmouWvHb%7;6P zY>r)0Wh$JWqsrF%n*jr|4JxRkqhq*=T0Te{o1TFIa4J=^6}S<}+0)^^#Dq4R9d|h| zA*_*@gTl%lNiM7jR8QpOKCHRQsJ1aq{sF-B_egyAeZrMe)z{!}^AybqH_aAq)w?M6 z1ykFjIOYHfsfaiB_ADyXX&*mK>8kX;_Vx>30yf&`?-Ad8@OD~lJMGFL=-H5iiQ2Y^ zxCN8@3>o$Ce!YXUFci4`C39K@MhWszsr9QyfeEB1avg9FJl-j=UR`&-AHxwx?rW)N zV>9P48;udinwum>&K?DrA;WZJu;Q?U(*Wlm4p;B2pbZXFM#!WaR3<$(4dvvOSFSe} zj|~Mc8lWw%C+z)$!!KCqgMLsWQ&KU^eovApY|P~Ls!#J={AUUIE9U<7`0m*sP>nS;OF|*ICRIW*tj%(eFj3oc^p;Tz2&Eu25%K^vW zsnhBAmK)3n2+%a1yuI??WBS=K-0qVd4>YW>#0H3?&C)un2Gr10`r~(ix)^6_nAOX) zEhp?Ge{y#R45O(x#)|zQ!9lnsl$qZi-d=tPx}sU`Wg6uDbIU$M&HEHIXxW~T)Z=b1quLD zoOi%SYR!#}=ne#cUccmI!4dMQMzOtZ>N@rIq1fVUr&+ciI>S8*`KCkp03DNGS#Y$Y z`%4dZS8)pYI(aHl)j!x^oZtAnIWyjpNCtd-eC(!EC|V6R;=IF>>wD=iXXx}V?<1Pu z?-@Sa)lZQNdVWn*OB%Uq$h$B)Elc;GS#xV+cW&;=_qG*nFh%vPfi+~M??&PwNk{{O z4g0d=R^%d-(}oQ;H?XEP!Z;)z7CYMw#G*wKQ@YQQAXXT)4r;y>GZ{}wHSrWdSq6Xk zhX$LabH*+~kHLRQ0so})mG~<8O4~Nnpy*+%(^xLS-NPQZ%;(O1exxFlT1mAs9#aOz z6k^hF2B8TVWA8jyKPc2`n;uN7B55u6{00Sub4PTFCROb88f#=t?-(V0Amc^GhO_SU z-Fe|BnlSLqO3hdgpq4*QGmb^adw5nCIb0%@qx4JJxXX0OelFL;Wt^agyMJoB)x*zl z{2gJry85iF=!GgGLqY|Zx<@k?s#;oVS*u9VP^wS-F*_>f1>*T=!crN!dUl+)spOA~ z_)^Jn=mOnerq{0kXV<|DTidxu-}rNYXzfcv)!K4)L-G%E&WRLTtwhI@@fl<=@|TRb z5K1p~=B8anwN-GkTFUaH(exKAwN31-wDQ@rH`rzC&$r4IBcgBs<0h#rjZ8sC69Wt6 zi?&PP>AWt{F9d3-qklb9Sg7gS^aS%8a?aroBLl_@ii+Om`$-;{#t0CH8M0PW$KnZe zZ`XEnfqm>y_jfgeguun1Pex!wAyl~LJ&OZUCwl;h?cB)E6tG)_@;b|43}U!hv#qK_ z7;djm?Zj;vjc`ZL_2Xi1W)fd2m34?(Ge9T6UX9*DdMFW%3%B!#?sg5a(13N_dG>ie zEA1=IR#5YP!k`9-4RFXuQ`DdWd8>>-iQ(7e?%ldXy*Kr)=WS9H+csi2!z3w};LOxa z%F?%b@3i71BJM27g+P1k<7A=FT{Eallf*L4?0Cptfmy6Z-`1mNgAsJphp{JKVg$E_0OcTv6 zF`)ah_=x=cf&+CeSV2A>gM76y*N?ryY2L!ou!ZY3`*0yvWo0@^JQyQptt(`((x@v( zSUltfmsh28EuH$|Uks|E?x>;-zM!=SLpJIFu>wV?4ObgH%qZw334G-u3QQ6>r zgtS*~{KKXvBj|aF6o_ZOe)u2E)ly=N`= ztW?#&?SZ1{s-w4SfZV;-beMln_0t!1lh0iHZFs<#hUH`{e)J#=&p*MN1cGv;f9q|4^J=Q9XaQ-*w?&g@E!DDwk6wF*L%QCY*l0Qnr(6k*cE@AnPW|; zqEcTkWSn6zvb2ljkp?D86^=vekS2e*`h9(%)Eak*hS$Xs?#=#zZ5L7lNv3DP&ecT> zwYw=LhEIrm3Kh)7^BDn&GU^hQY&|uPnS29rUr-HRbPhMww)Q=jC*?o0^KgZQ#4S%Qx!=u-^^y{%;G(Y zV*xa?<;s(Wd(N4EWpz*eZ2UcqS?aHj<9!!l2AtIe~+wwaNG#IY~{j^qf41 zekp&p!X*lbfcVf8Fg%?e@Z`O(rqyT{^F6^Pwx4n&`i{~^i<$o}uTq64%ZJkKFj)ft zBc%j)It2(8F-yCU3TQ_P?1$VKa8Pd=grBpAW0!o;pkM$ew-L4P?-}lI6Y?+cuiukf|+O?@pXDq z9i+=-+ja#LxLm}MoDDQf+z%^1y{@U)vlw(Yp7XeGYS;>s8%dxRM@j}=9L#DgyPAcO z;_S!)B!UD_ug_GbN<-2-JIA**QHT$qKG*MzsmO&&G+hpy6CqIV_oVwJCgbb*4tMPt z-yIbnLgnWyc~mKZu-#fGtM7Rsm(AG4X9nd zv?~d$+0DDG>leJZx(h@swFOV&R47ZbCcp?+Zxc8||ERlD`7ytL22RfOMoPS&!3(7f z!%*Y&hxXTJDx1mcG-OXTN_B`q=SzxKS>5PFyD&<~2+c0`3#!XiwDqZtrTD^hJdBLu zNAm~O`{eb!v~!^5cB1#p8@>I^0>@v#=736i$A$2DQ-b|p*#TRt2v;0vDX_TNkxm&| zz1Fn&lGkWd53rM-MiE>b?lNBu0Q=X5@HzgRNtbmS_$yW6gaOaH0*{Wk1b!2)smb`& zks0@SDNC8QMu}vn1qoXbk8a}b3xV%W7=a@>3QOVzI6v*Tmt+4IF^~^sw5AAMuqgM0 zWCAR%Z|}dkIh;pfX#f_-Io9CMH}*37u0$Bwn-4D4#g`*D>Us2PwpQVt_N6AL4K?Tk zkg=izXpc&fxOU`WzFc1h5W3}XMCrq{QA<8Bl+I&d>ccNJ%3d~^9sn5>_Bb~B?xRCF zB9tcRoC3wr%?_@GR<8)-IpOTusS;vt%s*7xRmsn$`|32P%i5o?Cf7cF$Ypp%nE`+{ z?$|eN6qM%KX1*$(-4QU}E?i5GZiZIpLP-~&=d781%z=s*dUJ};l<8I2hLQ*iPRmph9CuhMaC zIF$!o`10$saFW}381+{8BhEKC%)ly)z%kK__Dc(@@C(t_z02n^+)E6J145XA#bY^) zf0`j(_&rW+n~w-ZROp)x^q^X~q{dWs}#Oglj=;p2_IQK63V`>vG z+a&DW1oA8cD|GJ)2lEWtg;66uSM56%Hg9~i-p4|{Hi8Roiz*yVCEN#== zgL213K)_$9oU{x@b8tQ4N)b1PrrJ& z{5X?HiG%jNf_g!Vx(4Q#;-K#9-F26)^Fx0nn0H?xmf5WCQubpm>{3f|YFGR!;uhAH zs`YdzuPggL-ChM%xIH7SQ_UxsHIg}&Z1YZtLGLuwUjKe2B-Oe<=g~uTyQ!U zEzI}|+MPk@vJMu7a37Uyz$7)%fvDhsc$q0$SY6m9l~xbJF}hf|0^6>?j{+dwzU&@waV8r!1Ui0iW%`U2Xkp)+Du5Jq*7)WUPX6DDx zpZCvl#Pik18E1M`rJ1Y9h*N4JCFjx%wJL9GkVq}(;{NNK)BQvp6SeEXe%MH22Sjxs z(DF}vS2xR$z!H=9elt*e0UH)+9?_%gy-LeJp39gRit9OAl;U>N5tZ?0o`01`f>1bB zWhTx#gk&|*FYu;2vA;k(){D(H!3VYp~7r7{@zSdsC2F7X9YFvy(P&n813tA+p0Pg42SzsA1*0Cpr0%lW<9OP09~eaew~;ToKi2YolUBv!T+iiOY*PT(V%J)@m!{0Antla z-Uc0ieO1tp`u@Ei;#TsXRP3;Sq)2?`RJ+(-9Vi=C-+_)E7p;VDj{E6_0R! zcH|<`S4EdeS4!wZjYkJH$MAbCMJT7QpTVfvs5~$@xOLaf0Dxh|V~7mgB_ajaS#R#o z_}DMHqVjTbRG8a#JxSP2?6iTn3tYvh>Emzkzq|k@{Pmtt`6bY;lCK%oWoaJG-y2>J zU2DdMPLzKm(=DH8F(P4PRinP3z{7R^u3LBco9@Nteg-_v{3em^{|0z1n+j+&aSMBI}WZ=#w3x!X!9P6Zg0!t#3G zF5|ptp-eD)_^W_}Yq0fr4>B>tb9# zRh4LvAF(A&py{tVWGxoFrm_WaH<@AGo04lQXfp+3X^CGuJ9RJ_`4gqe@iV?5`yWT! zKmRW(4{r_;`_jO^y}d1a0>s<=`uas8I*XveOoahUvR3j$c~|ZALp0f z49%+R^_Rn)t_mUr1JPX#vPnib%fy;YlGxl_ zBafk|k1dA?4l2_f)wSKlG?Ul_Pq1nG`!nFi&2Nv7k z_DZ+n?}((YgyGDKqLxxc6@$wjK(Zr^?gH}%zH1X%J)J{CGi*OT9)&&VCjDuGkK%oE znQ9|PqUjNKi6!Y|s|`yRGGY%^Ex$f5Tc2C(c~+U7-O>1b$?HnbWMC@FiO#UqWDhEq z_gVyIkV;BQ^T7p@Xw5D>SSUx@*QpIQY?4jTCA2pT9CCy#+OI_T9AZgHs!}U&c8oY( z!Wne{u8iMu^D;zcyT%bqyb-80GSS&5@FE)N^E^gFajl}D};vbk)7*q24N#b4^ zc*9#!VGGBAcOiQ%TOcxiY%LEWxErCRQ+W5s!cqC1LqqZFHyjX&6+@e}0rE z8i~KnxhzkpMjOF1#>Stry!?Hw(BZP#;K6)F?5iZ{{z1gxm?+g?ZF2mUuKn3b+UVBW zJIX!|jYqzHxM}lbeGNSr<%R=bYxs$EYc-{|zJBKCAFwr;?z99|{rW0*R<`r8m)ynM z)(gpSFX&_Q2DHj;auPx`GlPUUgzmdT+WY>ijfDPp^<$ICWpF{f#YIPz*l#oNQ~4b<1*-E{NH{m^(*;aEKdfpiKIPjzJ0ucw8|mqoEG09MerO7tn=gc@9LGDa}5v z8Qtl-rsxg&n2=!0jn!J1L6elt&PUy~296-xyfw>+)){%q-`w7m-YRz?;}a;dmWqN= zQMD^^Thqtq>gu5GpT+FAbi)m^9YFGQSn_0inT0O%O|~PP}4Cp{=;@h^TYM- z&PouK1qEZWMDuCQ$EGJ!ToUflgmyRbXIOOn4Hcd3}c& zeHO*HOpI-x@%()R^hJy1rIf>&8&T>VmdKMl6FAvn?4?KYT}J>inaAlmjog%IBRXba zFxnr;p9!%aAooQTbtWu55sd-vPcl>jlf=58r&qFiezw?XokH4=nfRK@^HzWE%j50= z!!zae-`R?Qd5ax)XND?b&ur$!fXkM4r5WOhKkeS;pp|Nv)%A$|sIuSLkGE=9e-E+U zfeYbu7yeT$`imLjtLDiPla8M5wcP0;c?ic+5BcnPFFU~L_;dg0i0#ReV|fJnMi=rR z@yRHQC_@#y_YG4*0Tz`MX5u^vT)&EVmVxg{bsMz~yv1(#jLdx=#GJI!L#-VjoB|}u z<+ZizPGLtye8mviyt6H10|e&UkZ35j-UezIC?)e~xDX+2{)qNtRaK~Wb+b#L{v9>= z47C;!20C^`a&VGNF9s=AXRTg0tPeF!TOt+I0pXX2`Wt=Z_LPPPCSDxO4bkaeRJv{d ze1=`2OL|7W#dd>c+#I6N78yy!ch?oq{#1k8&(w!|c!^*PBC-UWMP?p=(A}@ z!c`x2;1yiPWVQv_m=-9woRhi?{ms$HlEeMsq+M7Vzu$Jc1W*N7S_hfzjqr+W5VySf zyrb<+WiY}d*iDQw?9_s%=(1r>a&oHuNa3J;ao$YK$)B(E{_o!3l}B`1CSsG_JLGQ*VqNH&80vSmG;)HeuIZ$mWOHC!ZMfN$ zj@;-Rz~#a8G!Ga6GnNN=Uo<19W_!G)wdP5xjqD>1+uC!*>n_gZfxE;Xk#8Jjfzsc9 zKcT)Lz~d~zcB8_y(5il|84zo{)y#tG6APzsoK3Ij9F?2j;tRKWz0dAP2A$(6pAQt- zoS!a5YHKf8tA{I+)z+g>gIn+KJ^9X~5w;F0+EHg43(Dl(H@8yn2KFs(K0j#VRcPES z1R13AzMSmPcoIXqVC+nMw5yZR0b4bZyZzE_v0A?1FC>B0+K0P}T5&SJ^ z+TBIG#}^PNh~B~XumnjTu&PdJ29Flu>?x2x^fRPD?-o+r-?5a+fVCNg84vT(c!1Kt z(`bUe@6ZSMSc4>*3+EB>&LW(eTq!|@XzC?oM1K6Zz9`^bD$shori$=u5C)B_O{M*z`UJWoBB2`(8%5ZuCUJ z(%-hPQ$dslzbeaLS<@^2+VbYZ{R*77dWMfLW8+vB#jsj68ieUriZeqZvCItjkFmD{q%3geOJyeS zk+`V1A8|UFrcYTuScKJa*)Nn%ir7ZAUX5>$Cs5+){0DURpWk0H5f2w@-s^dLHydS} z93(qL>~zJn@$BaDi$v4qx<_&Dj7m7fe&fnWq}2euQ#m?qaCv5@w6p;inmCJ3#iUzM z=PE@gL;EtiF7ZZ2TW^7dCAk*nG=DHoP98CeLWdzUaJoWJ!UIrpgZYre4p|Q?kVHJO z(N0fI?vsw>$r0wwA#AiZ?ZH@-v{6DQX;V{EvWkj8?eE@q%L}E}rQ-zfx2LqkV735jSl0s~KMte!fd%iaL2$`pl*f{-?*r_g3WPj40|~IXw~pvv+L zLJc9gnr1i{v7|ex-~B9@Ye27=qN4QXNb5!eUmFMOqx43=Ky9A=XUS zddAnrOJTrUHvyzMLVC-C)`)9?uyA(VZ&xpB^^fO%2cn5eQ9mOSzbb?8A05Cu#I5Zp z!AMf;YV+;3VlAk<(gKQC>K8Dk(;m>z$SD@sWQDPb^(4{n({C2$Mn-!t-4+QiboSOY z6&xnmOSLRqb?UPPC)7G?TE*9?-O9_IKLnHyE`bwsULF)4|M&q#7}82u)^)UHxEPjC zBbJ^W{CqGEb}k)yIB%~8<$YjoUYEUrHH=21;z{-YL~S0-L!eC|=s0c@(GpJPlH#^m zrVpX0ZGe$YJpfjHAKC9}_}Hx%7~Kvcl(w$%u3}*Hh-&Uv0~#**2e?shBtl*1RLjEF z|NGoT;r0A{M-eBQwMW_RwGgu2+nc9xV-<1Rmdv=>w}PNfh>L2kX#{&`Q{9~zk`1t< zp+WoAB58iwDY%PFT=|}ZiGI}6`Ga@dUrc^=N5lI?b~2nw#WnUuf9)%L7LfD%jnZR$ z6|u;M+OxcQG8A6XOl}sD6d~;5%^hi~>oE^DlqJ9u3+48h^cI@Z_Dz3J9oDcu)wI^Q zCyh$nq01bpt+#@>knbu7Pdz`_49KVK4<1n1f5BszQL0mFpBKH}(rXqaFi(t9jya;| z?1-82PZZ@tzBis5l6Lm(+t$!o#rKtmTa08_psE7HTycmbGqJRtgEM%DqnBJDYRuQ& zTCu6AuP4ohVtH2FHDD#_zP@!FhetQFJ{Z9P1Ba>iE0-0=_Q!0~zF%vR-&C%Cq>{NH zT$K;59jA8x`~qLxh!w`%FYw>(wJVC~NgK_JH!>2i^xB^G9EzX5APzUpUwLPJN`?*? z`5rNm8%2+x9pa;G^iWZsBc}K`eL3M3vRv}=i-)w8gXp~G5m(d1Igxxx>hN0hBXfgp z#2%@cin5LkvAsplO7zNGBa!20?U0`&BsISW!3$(?Qe^wj_+$LVSrACHOdE_Np{{`^ z9OQ@CP9tggrlW#~U!5vsG12Qqe+szuwjM<_@Ku!Yw9_2p)mqma5$K)F%1=OK1nC4d z?n1fm`K{-@dEKBd-EVQ}24C-aq^cuOd!N6h-=}d|_O4m`TB)`6^n?-gITq+WzacP&t&3|BqSm*`A;Nj`G+5KH%_=OtxyJHK^$A}XZ zD@pI&X%mjD)%PHjN|{UI-{Q6iTHZr>^!&T||M;PxR@0@x_pW$2`q#2|%w?qi|j1H4!l@IDq8=DV^2+dWu+~Q@~ zk7c5({{P$alfY&2xn++jznxjHBz0!KK|E$v zo@frhzH(jnuI_J`((Rus=b0r;yrc*mrm&Dp?8V}_luBu|4tkvXd_UaHv@p${+8j|= zda~~N|JMRc1(zQ9Swzjr?o-5WZ9~`fAv>xm zq<6JwVV1KMcT7R^|L+R3Nc=Q@J$OAmU4h|JBjYo%vr>ZHWDVm(_$!Y;%{gNULb+ zYeW-T_<;gQ(o3sZ(PPM`nT|~_g#JIWzA3!2b!j)YZFX!M9d~Ry9dvAWjE-&Fwr$&1 zCz-L?Cu{$Et(EGaP=_5)@h#@mpNjr#J(36lgX)Ju~6T^1R z8<`wU+<-X$vQY~gUVg!HbHBxoC2JFpG#L`vpD0zj@q0A)yfxjI(fqdk8!Ye^I{c54 zl!Sk&M?q6^B&mbn<3_Sa%jLa?fC<11g%-2DAIh+5Urwvn9V~VV$y1=lYy~4v`Ua4Z zAxzHQMr^J(av)>FW-H|4ZS1+GCP}19m2CCWu?1nw_(jEqtJ`%KVrxX2+8S4!#7a@VZ?v}hQiD@JYymc-PL#y!wb#R}! zSV1)k9}Rnt)R4xecUE_S)t`{Kcbp|)?VwK@Ehxjb_Y0yJ%wnOYrHV-fp~kYRvR`WG zj3zuWbetg#Jf8h+#vX#LKC1?6oM0@flmJs#y~#cKSG#&B_*`@$35A+LZXVULuH-Uu z?k9G(1g{mG4dd6@^(R?8t6oNRB^`#jO+Au?1h&|il11S)4I5--i_!0+zT#G-EpEU{ zn>33!4m_!;adEx##j3N1C-An?fCt>58Nbc*Q7?UpW)Y8rr@0F{&97>vGrz4 zc}7^{efeAy-V_UoE*V zcuv*0bv3hFg0Tk6+WC$O_O2R^u4-&P|HqfLg==$D$8UqbyHwfC z)N}Sfru$&vJTQkSP|J)s3qdb$?N*ZKlBX`z5|68x)7%y^||R zB{?yTJ}{>&`7{5|Cw(+DLO4BWC@E#d62rA!r(&e?*9CiR)putngV3b?i_38e;Y#&R<@RE%*Vdgi#T!*RDuXs`RbOORcA+ zZSrl4N{43u_~=yeZjB{O9dY;cSdpca-<8IuP0PNJOBpnY38SFi&x-Dd6KqEygC{CM zqpDUFNp>E0344<(o4*V?GqtPz?n4!SQIvh>n!R)SS{FB6>~mhqo548Pm;LU8B*_3s zBYhh>l+@(_@ZLfNTjPV~Y|bBZq5JN?pzCPeCR@JDFkhWpLVH9|tiAHSs21gt3NB(7 zoaOaVU$t$=n|oDhd}h=HkBIb-;-JOy3~foUhlgV$(9`y7o~Dk!9lGxeh69mGTM1X7 z9o)q#xp2yM{QA8sRFPBQm&fOR8_X#j_FdGFZlTF!DU9AdXc53|q!JAz4gf53?G(l$ zL65CMjfzBcP$evnrk7o`q0pf`RF;f6?y0V3vgAEB9Ys3lcOsjMyK4geX;l+!h5o`) zBqv6`@n$~u?AU&QYfe@q9)tsBgvifABixv{@J;xqL;Pu>oLHK!qPP6CPV60RtB$n3nyC0)E~kV!*@AKN4Hnm^io;9Ut_`K7yBO} z_<$*r`?PqG_-ExIiq!i_&>kGB6OnypNz`6uPB|G)_C3@IKvP${s_K*NclN%JKR^Cj-_Y@l{H3COeY`Yrzf8 zh8L@76|GcuOJXC#ZV0t$I(Al}qG(ZGS%CpCUsg+IYt;c6UmCf6JA1$2PvnRzu+#JvV~nxORb=qwO#3vl zdyV^(@O;2l1$@cJv6N_0kfZu%CkB>uycH+N$l}k>3snhQu{=gEv@pZHHylm%y;OCz zL5Urs)5if4_|Udrh9l?qFz0%ylEi({hR&B9x#wB|2)zMQz#votJC6LRkxFW%W&S*q z!^=wlIzwCJUu?eN3Fp)>blEk@dZ}gddmxqLg<=XncE8c1(FCy3G!7TuC7=vXhM!WS z!Cs!6;^cc6M8e^(uvC_paK54&MSpXeOKeb6K8Xy*4Z;3V>1cnTLe15K^%hQ#_Y*Tu zLb;aC*J9U{P^BK4-d)%^dgnFLWv#@A#a_Ea%;$zRY6 zB-kMXXx4^78TjJp;touOH!+zah6=`WKliN2Ww&r@?h_-HnyM}3;r$uYxc|I{5*2;@ zBT5XD^gy$7gA*{Y3s3napQO?K_mphgBSKN@ZsTtD;i_kT%bx1s1&$UyddFDRA-xL( zF`9Iq+4GETQQ&6&^gu@6|K2YUf%?K?z^WR#9QQ0?d>qMEAv33QHd-54a6Rv|^=&F= zWmX>3BU{54Zl%6mHL_h_eOM4ni`_jS;sB>eBD^jC#IJLq>?RM3)&6N0WF9J zYINyNIWM++3c8j}_NIzz^Ku4-+R;*#VtmQprj&=rwMVK4B()P~9Alrsjw1+21VwlR zBzTIL{h5Vs2$xem@krHFOb#24>=&BjWSuXmj=)W!s8yhw?aK1vBknZUxAW9BnftCy zH5TC+dzDj?2Elo#>+#+-MujUu_JWy{$j1_KRsV^w(RZfYY zP@yUbl80=jG9(UWQ(-*TfI@c6dp7iDJ=TB>bA0}H)tSL!((ItF_FUcMa85_;BsKn3uk|Z-8lo_MD`@E~Q-GuGW zJ+XpIMsVHxBP5F!}GIyHrK_e+KgAf^if9?`}B>i50t&qDEx z2UMJD6@Jrlf^KThfbn~M#gxWrNe1x>+|4%t)U3i_)`^^niIHN-V-ggFJ}d(pJfoMw3R}vIYI* zf&!eRz8kPLKY-^-&KB0l#3=kiR<=LW3+9M~%tdH?UCm!&1wCT>3Fg_vTU6z~DDro1 zCd8E{L(jm+ldoG?mjlXx1 z`nY%oAqgs{-zZ|ZQB`gQ;d2P&A&+(iIdHZ4EyB1 z_Yj+vfXQzEmC$!%Lc1Z2QA}k~ZLHJ(A$kKMQm%Gy0;w;#Z&Zl{i2sTI+xg~~VdpUR zP^}Fz;fR31l?^fuQt@qb)os!#tt*=;GJ^5jvrq-nA^i# z!!dQCK0ZVwBp{(AFvY)q3-_{sjVuMYPT-DNY6$qO2HmLLyWPJ`tQvVA4qPw@djW_Vgy-s1Fl z29fU6OVb2WrMs<}A(uykh0WbqsAjBvC5g#Zd zU=l&FUp`SjquGkmqyfxJ3WV*Y%}9kx8+k@HfI?6na$z9Ml5nnI9aOw9;;AZI8VrLo zeMB^S@OcC@@s>>?Lakk9fTn%VZV=Dx1Xa#Oj)pQo=!YEQoS zE4D;zr#`p&F(&(Wv8KI0yyT$#CELIM&G&?eh%n9+)w|@)crMgcwdPEPkzfg0VVM8r zH;H;kRRxnDb^Ls{ZJ0rTmI(G>t@9!vg<$Oni)m{N){; z-se9f^JTJ8ly;?{E0({&7T9z5w)Uv*o5}qv9bgjqBQQgT?tW}Fu_#rgGk8m_04b&; z*Znt&?G$u|8`HfVD>{Gn_EForY0bxVv0z--0ENLB3Cqr}$iEW{F0`$gKG3 z(p6d~BbDV=7afW;*X$X8jA3Ba>9U|Lqx<>dT7XPyKnz6+R!Vx0hv>-`Z=OROD7(uF z(I63{qx{E?{(IK*#J-%MgPh#hdGOk|3cr-b12l29^c_1vx$Uj)&xAw^usujUVu|?U zNGJ&Ot7gdqu}CJe;pJ!*xFxL<0&;mvmWG@#)#Uh?`9|6^UGJpA2EI-hRU6_?dgqKq zQZqeabfF-*C3JUibH}-%zkCt?SB$=?K;j@!J`XfwqgOY)D6VKD!7( zCsYYz{gluc!AL{tv(nq}2py+P=@|H2SU}(l$;%MOP;=^03ZIu#PSd*4Sb|L62$Lli zHL~wuHBHm6!TpBe{?o}c7dwaV$_IGVDdea3*a15mX;e4L5jPyLLkeW%yQN{CU+r7j z6|Io4|L2^dQ7E^tRA=gPlk0so(R)*tEvSZ&oZ(s<>X|y5TQws|0;Kw=R$>c(&Fqua zBGcuWf3`Yc5`83jJVEMEa0QucobR$7(ql}hhb}eH98u&AgBO}i0WY#0>|&PJ8mXO3 zD)1^T^G_0RiLWq1+R?p94K-PVhT^|Osmgfw0@`m_oYQNcc6LBsPjmkC{zT;OZN}Ik z<*|l+0W{Fm*RwjvNhQ+zpISF#FW%h>#k^^@#9ZkvtwHK>-ha$4+JT$=X={sg-ua++ zSrtrp9 zWz!6MzAI59b^7_yV}wmF51)IaT?JXhxt4#or8mZFS!>sKTg!OpX7g?X?Yu8A%I@+; zs(iiKGI$E6*>)Jh>p@qo(1b_ieML)m1yC5w7bA3XhJ}Ud=wu}JSX911uHSWg@60oJ zK`d6D`ra_S(s|y*1220_J!$h7chMRrBGqt?QObN)aZ(~&!O_tSpi6Q4PAcJk8@8EB zPlE0G${1B>_F--94kE2d<}MxGT?S|Blpn-j?$yJ8IGM@H%oQ)vXL|9{A*rdCXY1l;PNv|SWfc|Enjh!OH45Qrk*D)x{CZiHVqB@=hw`VEt*~E73;eK zuG(s;^XL(&fiIKCZGT)050h7u5W)>M(H%-8D1owJFr>)G8`#IbC5OP zacw)b4mv0>POoL$9!K1^e4zK*Dh3t~3&}GvP+!n#)OwbgbbMY4q>}pT?}`M)#d+E` zitPptX{tIAw5*w7O(xT=uhzeBipgWOfN#2c09)2PktbTAb$7yT;s~Aiu@%Sv7Z&{` z4Ysd>?7a5ukt1O6UsaSdOk#_eLT5b^hVVs1>G8GqED;MAtV*RIJSszH8_APzW1y!O zGeNb%;;o*vL0M(-{SGHpQ+_G7Jc8TzLFJXfb7~W}t5WfzkbI6r#Xmr zR;y>ZCeQ83gOD~zJkt|7G1G&o%iKXnj?nY!Cd+TbWg}&2uMT=Ciy2vSg#~sX*FbHF z5^L)A3P$vT9D}0cAbE)U3B)iOBH@#jWa~mOh<$F#)uV0;|2vK7K#{z(m;XQgrWVw)}qK7 zplRZpMTGue(B|t324E`52sNdWrt#FqEBrA(GBiKa%JwD30Mpp4H6K5EYBo(B4{&i2 zJU98sp8j+o*Yhy-M8AK-g@uK+9rkU_ripIbV(_E$#rxf$+VzTs@yBfcI0p0z4#pOV z95Pz5pYEV2pLTNJ(nQk+xE$XfYVFs)I#=A7Ke9ZQptzIEKqfUbU|L#Q+aX1n{(qjX zY_?sL$a~hg>awev2sKkT^gvh-ZlcH7dZ#a=fyb^~W^zU4DbdOY1YbdXVf_95 z$=o9IN%15I;iw4fb8*F*es)Ma}*!O{Ig?+>*e-s{H2`!GhC ziJ+DiZu;AXgTX{;MZ15xm@M zP&Z}8LSymc2e8FdC2zl{lmo0D>n)W$@Q1noof4S`3O>FPiO~#9V3Cyqzk`H+88xPs zrRlB*joIF8}L8#}tBg%R4N+{&=!0CEYV!9oG8tJcP^8(6y|A>0&ANB`?<9#pdb+j%{ z_7U%OuW-$kQDZPc#zM+QMLXwd*gMOIW$F*Qw&Uh;^~}1)t7^_L;wdJbE=-wf#bM7* zf_HO-!PFPP@#)@ijnPoIg$;dx6Cd9pCTRBoCW8*Jk$OhW%8-PM3x{+vW6#6K-YwoP zV@tbyvyocJVH2Pa_h`vz-%>rEwzo)z|Ra`%o^SN$( zcea>86wpriDLC%$IkDhKNF^W3SRmWKyM4pZ4kz%kpmMnuHsxp4xS2l2!5(UD<%4U} z3hH$^Hambc5){`qLwH^8L4x2Wa)@RJI=4hmTza#0oKSM#M_ptc~$&%5DWPH^Y zg2AHuC?*;A8Q$H1EsDz4oT2{5r$op1nGA`w9gZ57BEM>8Btq2xcBCcndUZR_TB> z@|U%eoW$-p*INkV1uKiT&a{Hih2#xOfPiVgYo|~e-n;hXn;=^ z#9F5C`^$r|Td#Avo<%gdHKr9@blwo!E^R#2mQ4@#fn(|bW9r&MRC%19x#;`0?`6`|DeZcBu&#_-j_b{~+U1kA)f^?d)Ai?!X_Yvelm9m43C0}q8(Wh|nHER@ zXlOd;K8ulZ{1Ug-FUJ5HVhjg{rc6f}@(UfHP;7(jR4D7H4HtigpLX<~Pf`@!i&{3| zA4@MT4F0?!7;{_fXqkFpB5*yTG7e+3c-@`S>{QDU^jqzWI?axeg8G-{^hVxCM4+Mk zJqv)H^I?tR27_3D*DOXONB;X1G2YY|M>0G5B;SjLrSCmm>JuOdg zn3@*R*vdR(ckmo_&Qv~AjCA`G?8`V<2H!s~Pl2|(Az8tBk=*GG`M{c5T90+7?~V%# zwo^J&eG6(j*7Zms7ul6ZK4+)u&dt_5&hSOjE3U43RZ(QTe4= z4aMweECi?qB@F)#g&#~4C5Laef|k67db;LRFcfS4Dbw_?c1EL{o=B;K`HLYv6ug`^ z*385;F%g8JJE4BbUw)%&H*WB-W1WSnPV{~eN(po}Z3F2eToWk9lf#dAleAE!n6+P> zHko6Rp6XAnf^wxF?aoCr#xtXx8iB{sJHA*#Y3S-rx^=N2N&ai_3v%68Ml?T+Y;AY( zNN?&L`bie{(PjT5(f@cnh@CW}Andq>kL zX`ChaD86S-K=t1J^u`8!7XJy9^~uM+7~hVERZ#1XMKsIN8>`oi;)K3*rc=Hp8-sMr zPOnrWBvQ_Rkr--?5-8$7LVC99vRoS89PBt0`Q`k}wF)@m6ypR7pW$;U6eR+!f1$uv zb7Z^hUe0Rs!`Fd-OjBhpy}t))p2Gl^|$viL^QpZ$ICrXJ&x+hN56C{U1^E zZEd0Cy#n4Cn>^Mz3+E=!ptYLydR{AZ>M&BZQVp*2Lte%6i=%KC_x7l!2dAfr+Jq;} zu=>swQR|_z_&R=G?gY~`({C0OHWUmTpgJYhJv)_GSXo)U&S2)M1xDoL7#uoKJ#6q< z(}v?L?9?Hnfqu>wh+=_ox6Eu(sZ)1XcO=lKYp?(w0g@O>AmWB_&yy!EJDo0sL5{Pa01isyG;1)_hag3+%!LqOH=UtACd4WRWRWr1=d1AkA zZ?5GWWUg)B@SMTCSk~c76Y$V)jQE*X0nNJ;*hm?SZ$5!hhi+~xNGc6xYj}*y@))MZK8SUpF zH#gh#+YTv3Mc_QY5G8f^rib6_CVCnPf|48|s^f|p&*d)R^1AJ!yVHRq&}Hh4s(h-F zsQ>xr!wT%X*Pehu)P?|zQPH@M!;}DWr{gSi`_H*SIiKK82Lf&PHJQs5fj6A(L}=SN z)5u`|#Jt?&4*^2GC-!Q;&athkKr8G4 zqC-7cN@>z|N%JUW`NM@;0%dHTg8eJTI{#=^o#xyk++Gs_tQEf7yDJcKipmsBHJ__# z^!j)9oyh|@PpLvQI9eVu8T62_~Pes`Pgsuc|j1wd}Jv)?I1Z-w#0^R}i~EGj#H{r@WtVwI6TBc1RL!tk^1x z(bNR(!Jj|HePB9}P*Slh^+!%tPOz*P{Ti$S&cgdCLL;nFd2~zM$fxgCmilT)wZYlP z(r12JsXCYgosHx8u{@aTzkVsQ#^_HDd8rTAqhi?xQ9xYZ6iWM-Me!3%uG|Rn$20>9 zyZYvA+6TS9nz24k3-beawY;Kmo=kVF)Im@A;Jq}ESi>gK`(|yq@~uCw&)Ke?zx4D` zq=VdWYz8bruki|dQ-=cG$%r~Zg8%!<-$e!4O%fA$_Mlz^Q!Tl_QJ=}D*(cg{~si*nUO z(GYJgpUl3MfTcvTYp9~ZSC`}2gUk0_#2r+^HO#?CeE3tDOsFBxXQU5xX;u8x2wmj z)`csOEdRSiGM@!GD+fnU59HYt#?4@DV8>B2y!Jl&T5sS*&kaLY&rj!?K)!bK%ly5l zARa@}oW_J0#g#g!%DURyIb<#O10$$G-mcI!he&w7T__Iyp+CQY+OFcNpt z?9!HIk*yW|gd0CXO+6Ht4Ck~@`T7su@7H^14h1TJR;m-oLVSls zZodbM?^9t8UDe}HwWlrZVyCkx5$g8{&Uvn0X0fpMD!qzV!jjr>X`Sz1T(3)xfULz8;lgd1LP^IFSkY1W^YTKBu+>- zF;P8G=&-%@Kwj*-3KP zQpXYCvZ>RLN#^11{!}4tI=S3k%M{ATVYl`{Rh-(i8zlsifz2_dXjb)IXvgbG63REo zhOdhMpYWVSv-4^A$(%6mv|48!9jIj%Idb!JzQhw0qO?gd*hUq2rh;1H<>z)_Zs`Cm z@w*ZNI6deAb!P~+&j#YXb}#r)9Dg1RIImj;dQ>y=cG4g{@jeu?kLJ7+pI+;dT)X<< zzWQ?9!C4|o+N5yTk3vYFFHB zr^8MaVml?P>lqbISPsUSs8lq~JWgx?9hw_#aW-4})%-@5Tc~(HunXm}sEg|PzD&B^ zcJv4D+-(~f>wB0TY58kYp1#@*JUo2eK+{ZR_0^MSbMmhn%cG#C7rc!HggkEU za>I6z>a^pk)8idu!dlUO{6-GzQ>w>ZL%c$}82gP@r|H$%erxg7@q;UN+2$RgJqw#o zP}e}>RkXEW8r9k|^r4#aI5$x5AR>Omnxdj8I!*+}G&*h3M*skC;Pp<}`wtKtQ<_fR zYBHiTdU?yi%0k4R1`iX#MUa}R`&uNkYhZ!;?d{3Dux@olaHAsb-xm5^2q>6kk{I4) zmu9%Xp;TeREz6_6_+%jZ=1B;x6{61(Ow&P@wzeJdi&yz^9a(ryE3?>TWtYMo{mw7A z)mSjh9Bj>r@zy-Yqy1KUF1~drr0!?~pz3 zJOHq)wFf~?&!&#;&LV=~i>+t5$E8*_+W~8jz864f&o`sN-b)GO_dCFx?Fe5}U&L5q zxAD!x_k%$Ov^aKUR_G&D&s-{)?=NuAdWWT}V*|am4Nd;L6#puMAf@k@Jz;jJfvmO` zj?+WxbHf;6Z-N9U_#EuosI_0s?!-BlrC*!_E0^=WN_%A63G{fUr}m&sD*mMwR1CA5 z$@BFA&KNg}W6luJcHt-E$nuMY`x0*QZnd=TTI~LXU)V#=dQFAyYr$LA&YKC@Q+V+2 zmz^jmtHFD<&OL$tT37uDC_;q1Uq{>vWsDNvZ1w3&!F)2nVwHA#F9@X~J?!pnuj%gh zY@JL1@)rVrz{+Ep8tY#oA1}Ge8si#}hkUzw;*I-Cz8R5}YR_0iuP#YC7dD~BT%AE)$WlgPFl`K`$7BmzC)qw(N*LNG*EWcp`Z_U zLvlVw_bY__S1~#}T?}17UF{FDkGDEa-NtPI;NXi^NWA(R&t>nI41HTOB(a)-elKUK z1g+(TK!J`6+200n1uQOGkn~&bTEEYkA!^O$lKUTbm*|l|O;tp>+*M#37?M=C=J~12 ziT?>R@(W;&kg=14%sO4%e@54-4rE`@*Y9fV%~&U)I4X6Oqk$vfC}A2&zy=5k(vS5k zu9M6Mi>Y+q@3E0Z@HWmFpFm>UC@IyfDEoQuSB~@oD6)QHd%5>C>3`&C?LX!UWdi4> zI+2{$t#Lmp&5pwd4wuAjDo5^d6dGY>V@Xv$OnGhPE!FB@EUc^o7c4yV&sLp$)PC=< zb8-$_-?hLTTGbOzxkTZ@N+taqo*U%a0Ne zuBn;!gdSqCk`Pq3l1tbK%h7IczjB>W{f@RLE3`ah=*4B%D}uGfmpR7uCws$qEb+>e zgL}+^kM4OlWq_eqSc)K+NhSk;(AN_cK2k#?q=r}#D9pZ|#ef8}p=l~|_IJZTHv~$G za5dj@NqvTSM8TYMW(%J`?t6oH;*P9Uge{kzl?bM&^2_*wp|2fb44PJuzZ;(CZdn*# zn5}?w*!1ZXCoBQi{TEl`D@ewx_PXueE*(fIwTkU2lJ@&|5B<$2)4l^lKA^3Qi#^*v zO`VY9fKJR0t_+vc7a27`xtG<0ul7deKoL4L9O*MlInVApJX552W8sl&CXMt|ceC6J zng$inb-Cj4+Ge-#qkynRx9YLrjm(R1p~egw&840B6idawFQZxXO#AkMr_r+AOe!yM zYBP<=s`bwRs-@Cb>yk?DDl-nh)^pJdf}EOyE1acJPn*QCfRbvaU$<F;Z=Ayu1)8}>E)E>2MIrv<&Jzf$%MgP z0h8FBoVwzG+`+IZyCifj_Z+E8KRS6jwjVH6{IQg zUyLN^59F249UQ}ZMmt@tA~_R{)SbKzbzi&8 zw$ufEKp9~>=KcGDsOMzYOaF-Ngu+lSy8}m%iNkImCU^?LY79q4TI3tWwMBr0?{cMu zEb@!St=j}!B#y{GaBdzNnEj-`hQcF)6$}yV$rBW^XcD+IXV9sj%X>d`oP4Xz4#I=k zxO(USmWaMA$TU z$%H!Ttsk}9s{uj>e#uH$>aIbIvN`@F1)OAVjaXLN+(>jadsNGe+;DGXt|`pojGb2IsqVr14ZX{~_0D@dv*uua}~a7J-%O6>{9Zz9?RV2mV*M z*Y{#!H$MKTiyDedgDGG@(2BHa7oT&$*6TUW<2|;XpR@DbCgC4XP_5TA7~H9hiG!vs z6WHe6Qrw+E?@fr8i#Evi2@F(kr-Q9+z+9y16h3Pvs_V3`$8|HgOe&C4VL4>erWc}T zvpu|J!+^>9pya(}k7u-5%oMMrJJ7E{~v9lM?2fWL9e^ASDl#lunoIm_ko$l?#e zsmw``%#l^UvEMt^7R~kxiw9!)X-kn?J1Har%oMKOq`t4j-lnH$mdHBF+uu}$JPVjI z|4YAkp&9Gc9^pm1FjVt{u9J&ZPz%z~CbbPeEp=9TRd){EUrivT#Vjvk-z)5c-D2un zXHcARP!u;iq?U`}DDBNh$`06Mf0}B3>!aAGu}yW%Kd}EcG?YS%6goT*0M$om(1g{a zM>x5r&#isAvbW=K(FNJ@_Op7RoNKWpxQX~Hz9)pRD(+xx#$9=CrDa=g77dSN=;ult z3do}|4Q?<71Pq`RPFf0LOS+PA{M?r5`_?Rcl`{=owbpUXRoNApvkzkZlr%d;@&aKJ z1QxXIF`bY=;5!H!ByP?xwastrmMgY$UpFyAbTtR)tlTIY4-Ghjr}tIG)y3g!3VJ+E zQQKlE13K14!g0I>-(#^%ER?}9>Epf6Mms zYXy2s^mv09ki4#=qlEPS0Hr%GBCc>vL*Y(kBIv!09z9v{&K&iJpl0~81-@I9aa&3ldO1n(=RRU3~9!CQZ33M>&ep-@|gx>JfWpin6s9a28Fego0B z-%>Z<7Mb2?`FR}&Om*9MKVUwda7>vtA>sRGG;QJWzm@nuEqMNRm@H4Z++dOQp?P-% z{aBh3u|Bv`^fQxz(U9-@v47}3*a^U%XPW+Iv^a=2p2~#YdDVcrl55Ojiq6^uN4+5T{a!E5UJ+$KKFJdhb4SeJUn{i+msWPnrQ0e5f5r2%@?o4rjGCQ*e=n+wAQTJ z$UfR{c<-e<3D`NTx2F&+nJ=>a9qiL#FPf&TtH;C}{dMp0x+WFyeWq~G)>he0v-3L8 zO~x59;I6Q}D6$-BJr9S4v%9^v8B-7Jdf+*BP^(5?1_F<|ahzXf78fy0=3I4i)b-8H zNBb1S@!$w~^ljd0dnYRurhBcALj=|bT%Vtp5#2d55l-cFqSgkEC^CN@su|p!G^`K( zp2^Uje9Gv3jRF9zS$BYIfdO{Z*qy6~B7Y^zSJu_}>-oCQ??Co2wo%(VsuelGsvvWy zWeWgK&#T3_%|56n&`593R?E)933c7bP zxKM{zls=qfk2F~{e<+DU53_5tdYKfeq0999fUNM&@S>uqogY{eZ{Ac4=bze)-~p1^ zFo)2~x?QwsQ~7t{x#=JdmiqVH;i?5t~HVKJ~8 zzMzZUy%NbX8)uB}VbB0BeSo+JF-t6-Rx?&6GhB3bNZBuX*&4#F# zsCWnIkI^ToR|o(K-w*GXE7zSHDrYTC1scn1-m&clJJQ@~XPr8#7tQYGh{n51S6hNA z=ZNkj24uE`#-RZw&qQ4pmpb%Rb@e_YsI`!@0dTgO;-EYA&Ed(hkIg-4e5W?FZLv12 zOPFDjcJ9U2s zBXIlX9*3wHVAfVOf%P`s^D+h#K6=Wi8i{aoBk%1&794KJ)&$x9mfNThkbsEN6Oqh- z1Q7^RAws!y%k&X!nlaqlJYV3kdUANcx=gVX;${r@zTgTthH;pt)CG>Z(GRP2cUK)F)jJ7H0LZ1h$?+82?!R&hI)u2U0Ck~9he4tf z6)PyWRUYX1^QRq4vVy;z%oh?O2o-LzNAdFKqw>~#StOX+-|E~SLyW^_8roO`wPOb< zW)52VnDFL)C$P$Kq$%GRaU`Z z(*7xI7fXR~ZnIRb_w*3ANd!ls;&Z^>DHvdewk%ml^UaG|I9Fgj;VRW3I{=w`$=SfH zsbxIj835y;nMnIW!7Gh+^?}n`Vh&Pmsh88rdcNx2>T4Jd_;k|<>p(k2MGNalC<8i; zt|^mibqG?I&x|X)?!?AchtB7r_$*)<0ToIUYN%+75)g%u$WWD|jCriPB6i~5oJKk4>|S$Z<0FXLln?ng2Udi% z|E(cF`u+yaXIirJioULYaac5%NpdWGrdFcvo~f~kk?X6$iYp7)i-Z497HkBRI|;xY z%c4YtnmrLy8e9&fw8aI!0~VEaxi)u;P})jSoxOy9f=MUG|Iw1};YN-%FX_RRcA>PmjT__-|9(B1RF~6L08x-}}=@pB_R1@)P(T)^&E3a0S5VEdF$UYa@pg=G{2D=j%;vqwijby`348}byd{VC%32k4G=qMXhDj0 z*;uI37*QQKv9m+sUD#R!LG3PHKh-=IbQLD+jJxLk5<;?zM5%b9^>vv&$rp9aRkR>h z_H~c75RZSa{~Pz;PUhoGtDzso!<{oo3n&k#t7EAU?daMjMP?PO{SLYMBsi?zY+1{G z-<}n&Bt36BU5-}ZevHbcE9n9kic|T*j28Vd!n-3isiKX6$GlU##P{##o`ebRH#5Qo z2h~c&)6qx3q2&x?B#S+EP-KA084-=zNR2||lM2%UIWQm8B4Z>q(KqHU$%|~hs+d(4 zK$A~qf#r!G<;dGMPE>b=cwBu?s^oc$F%yX6nAy^Q@@&0FWQ}jj1YV8{R=@@hXmBfqD489GsHxJDeq$B0C zf-Zc@x;k!3iNk5Ees`EU6Gua`*1V?hk9KCBhfV}fi^d$J39GVjTEmaea3Ur%?&1ZpXmwah0sl#nz`7$Z z0@?z;xO-s73ks6q9N*X|zm;xCVp&C18u(_^@vRM$tqLkzLol!1T7jn+C+4)dFvS(* zAc6cL2?s|w$I1M%TNcsO7z9M~_x#hVI3focQh zy(2w(#~JxYIM$7yGd%X)m?Uptl>8w?u!gSSNsW78h!FRi?lCNwN%3hU@6J{C0*5Yj zBD*(7fdKAU>P>f=qMv>n8*6}s0Pl(84E*3 z{jR5e8K^L$SnR7gk8B(kGwPJF?&DBRP`Pxs5$7Wq=*6oum0h546ak|N`-J}seF+;4 z1{wIf_(7>)g8cQpuP_yra?k~jy51pFfMfA|hJimTg$Bxo6*AhsI(EjUAkZK$ajgLX z8#j=Rg}}VS?LRGhsNoT?^t(pV@`VjrtBo=@d6t0D=oW?kpWFA1co(1a+dT-L4oM9h zD)0(DC{xQ^N-p}9v{@Lx7{$fOIK|EenDj@`f_j7OibajrVbd^B#Rzo`3rBHLpmf%U z!>^Szd?qIE*^?KDeGE2;u%?Lizz zVoE};8Bk~^!7?S-!<}Z{^y`~$YIQ3 zV(3;}*UN6IW@~h{`Znqr{v!{V%5t6T{xDk}3Sb3MSK=&lLhgnD)j@kB(7oGYRjXeB zO;Wv!_g&$&h#gv}D;(tNUa=+MvHr&arJ(1S7DSArzgH(jp{$?>&EEu)2gp`iR8JyQ zCxAge9OV?dM|%|B9(Ui7T&Fml1V#BWrpj*k-uePAVjEgy4yUXtvzPw;y-VEwH-^2C zF)4N0oC@r9bJeLbH7Y&{5ZZ&rHqBg3J1EBN2W{VM6Fg_PvoyH=CyD58%Q7 zKYUb`>w6=f5H#uzR^1*j=^qtF{_B<-KNQGcdPHs+6Z?`Dp8vujXLM+$B)^8XS-Aoj z9`2z~$09U@lT}NmjU~VHS~Hj(7D; zet8oC47N#whIVRb6lK2GCqSS&PPRMUjf@}NU=&KXjF3H3%I&8)TZIZ$s9&!jU|2%` z?HoW0DBOZYDMin|9#&G`o2?7AFK#RFdw4pTTu&1A@zsN;69=l^I!#vc_>*M<~ zNQio-=F&;mdcO^WCL{D^@DP4bE_LOzsbn3SdBRplbua$_Y!sjQDAs5J zrdmV2vO>!vJBg+lv&vz-!enNZC8PSz&#FC2M?lQdO4SmC#b~jEQT`QNEb-MGt-3I( zf(k%j00BT|g>?u_Lu=d@FoP&qOu8OgkSX`sZM$IKOT_9bfhs*ha>9D}e2 zC*A3cEMqx8s!4A!x5VNzSxf2=gtc<9)Y(=!M5Y<%Y`l@Qx%xVL0r&@sqNpc{!Ufpr zY3(CH$8p)*z|2xv6p{ovJ`!PX;0Up;W;*$y~8Xpo`#(cN#~^<>I*7H)2P(M zLdp6%j+@9ycp3-Yezestgs(@Hx|r?;zFzw$iJ_65C?SyobK}3yZ3xgh5UH)>B)5@2lsw)`l?Q zJleSQnT?U|6Zhf)neAK@EL0i;Tpl{YzBI%kd2Q~R8U1IQN`G~QWYvk2XMAt`WA59! z!c;`=@{Ees*GE$}*fRe!xaU;7%2zt_Cj2HX^%)3XC z{B$b?$5d;EBAvz3&du56N?{QyzRqN=WrC>l&oNB; zz_c$UFJ#EXFp{mKV$voKZrX0%oq^J^@87;rj%kVa^@Cq1Ual~5%0WY$nIWkkQ$6A! z+F6N`s2v~4Me)37+yEZAua$KJ=+kA^fSyWU8eSdX(0vKYzi!-bUF;o+{s6LEBq$to z$>aC!Flwk=T1*-1GYRerctmi_H2EbJqg;da&b$L!1`?QyXXHE*MNLJ6 zOBF55#NPq*|FKCby#9R-?OL24hix%5-pYwL!{&_3^R3JnERf$iK2hft9Fb5tF2I1{n^-7f_ z#?H|1yIhENN9%J$xjZ;5F&u3hXH>CLBPx;Wkq+JBY$8g!T6PIUG)-8&SnM2In?*Nm z4HY`|Ft>)(Jyw!dY5FtpqfFm+R@R4kG9_0UDUg_NCy75%I6jHB=mBKSUyxjQivwu6(n<X%RhX=}r;Z1NE%Y*$tK!kB_$u`D`E&SqUs75O)V6l;GX7CqXLQo4eamStwIa( zp3_*LAK$z7rP^y6>3eBDo(<3wlhXX`di=nPxiP(KKr?gb2-pcjjDLC?0YGIHEX0aY zG9#iGHuzOKXlUc)Lh8h0~F{)AiQ@Cvz_`C#>|!tK1_wd39!^9hF$nVMd7~Ndq~gLWw^?uYyt~2)p7>#)R))5>y-_(WA3| zS8{&~fUbp)B8~U16`lZc6Ody4jwP!~+89gLUdzf}o|4x+WiNNVv5e5fxMIr?9I-^n z$D-6UxxGTb(|!W-HEu4>&isM!R)`I)O@mCEmi@?pf*;H3`hm}aFP}KlIT0zo%)Iz) zCa-`Rc8j`TfH+ijy{*u=f7BPxEu=KoNHquHLF+^j;Lr^$Ve8iYe8MJFM(9l<`%m(z zi1pjYo3uzvsml!3PfmV;-In=!Wb``TdT7`NjK=K{ScZ{)YF%6<5}C(q9r4lK5cij% zzMoqzwWnHA_*hKo!oChJIvhmkrA ztT~sZWvDL;eEa@;kA~|p6BG2|aX{DY7xL4#o1KsB{HmTOe$2~5c%8{l8m^bV?Y#lm z-K?5 zL>hViobjL7FI0^>hlBYoxclcP4XS`b42JUrb8JQIyj08h$=Z%1WY=W_P*3)lI$E%7 zQO0wL>{eJRV0I@!Mu*dbSt&?et{ z9g&&m;0^T6+B9ey@Hcr3qa)R%HF@5QiP|h&fGv7+#8DGZebt zCoi#sRv0BUabI6wcbAmq&D4SQ}P;{KG9=-gLGN0EDzVzjEUVkdhePT~z_Qu)t z1@GY43A^Q_BeOAJ6A2f4U?x&5+NXm)yo;Xec3_Q4AH#qe%n2OyIm)rK3_3P@zGrBR zinjh2O-Gu@Ywh}LqWW6qbC|K3FqshT5y=(NR5;8J=VLma24T6S7}hbUWK~=cKI^)R zN5ourt>ux>eR2Q<$n&kdU8=JV5(qzFpCp9+m(|{R>Tigj5U%DlwgbK#d#S5~q~KV~ zOCX^${74e5&Za)ZfqGU_8Nlv?8ss-MJ$f_E{;9@9a=g?+5Lt&-b?XnDg8X9itQ31O zq^}!}ZFlL9=v+a|3H$eQavO}vK;Z#31?vz_9Xb(DZCtPGtb4;}(3p^BS-qeOySDiV zlg4R|;8_AEiY=$#zPo<0_y~y@UfJ=h`2 z&bqBN75cV9MN#>Qi2Bq2XLMV@@hI#LM)#P2+bb;SC21(SR<5w?{f$xZ-ab>)vDR8? z!moA{S%nDTh1ww9B?t{^W;}aQkrNc6$&CBRV>shf>u|9@rxbuT_xe>?_pH|`Y9&kS z3qd>*)1YnB4$k-depP3^&H_YlV?^QeLfC#>`|h@b+x4p>@Su$}xtTObm92JT(c35i zpjh|(shZ``|KpHAC~TAvHUu*p6#Uh+%1x0G8QbTIsVF~BrT!n*xXg@hljay0*nhVw z{u#tX625IvVZUF@qf1@7YVzY(JuCK2zgnZj;(kT;*8oG4=R#9NiagR2E=MEPIN8Q8 z6fr`Kw2vGzL@hC1)`T9+rM!S4shS~AQ1&KLI zd!(LFkGRHu$sKs2?}@JSvZZ`82d%$1A`y!X-+A3qImzU+yHB!rd`Tm6!eJM9Wn=B>(j^GaP2@;c%rgC+2_6~Y?@+hkW0xwRU)w9{HrNe@CJ)wj#`l#p}m|A71}Le z@JQ+JI?o~+ay3bwv@2pmWkO3@P68kFro>mfW4eh&SxgE*uuD+Y*0M|4tdPReUw9Q& z{UOs!lZ@mq26kDgg+5isS<`mH`TI`(?AHXLq)x7ntcnQOd8{ATRgr$46G#<$LX=`c zVvNAt`881?Mk-LJR@}^hSmx5FX=Fx*$x<&4Lh$upvmvL z32Nbg4~m6=#VI`MTxQ@;Au^Tc^}>J!q&cl9YB{OH;u&Zxb;SB$L7n%=Z{!BSvXSvm za=)W5Eh&s;U+5JA+@+JDRM`C;5l|-1IxBdi11JI5$azi+pevw5iH}f_=7Y{AE)9+k zMCU^SYgQq}rcPDgOM>znwCzd-+jP3k;PHCb)tGGF!LS(6+zWGjUNuh%TEX!=x1{SV z=8g11dfr}N_ap_|p(y0DKKb_EQs~9-=vLd z!(70bTm6ip#fhVKcTAp@L8ih;tnYY4(svyERBu+Q!vZ8hk&`g#(Dj9O(;A9@uNYee z{$pT}#y?6o5~5B~jju84U3IAs|GsSg1OKNgU3Y;U`GdC4DPFjLrb?L5Lonq~7|`io z$ra)WtG@}KNvD=qP7^g7xyaoVuoa%WY+N~36{VH9^$sFkyykaIm41s)^Dl`wlN=`M_F4?sD1sRJw9KNj7;UlP{*qYUpZhXxm8T7dU?P{3xgr{DR7(jH6f| zh2JQH-u$ZI7UFNOdwC7cHUvj_ZnbkkPep`Q0NP$1H(_9T_ANo=-JEA^|0Jz`=#v*N znq-74Qw-WjoufTF9`^}R8n%77 zR$FZaRE=Al%vNmHvm3#el{@YkYLC2>K=lG8cDCz~Ip%b`tjXaJ5E_ODK&aqw)zJ$s zcju5Eo}LDYw8etZ$RDazOl4ht81uCz=j+HRu_2AC|Bym}v7@UvR=DAd`0^%iHt@kle z_Z3)UCHZ>lyXxb|wOT)x?xRm+;&rRTU=uu!nXUbiOe2m-b%QXG6UIuLF~1{s*IlB! zn+{(9XAe^|v%9Fsn@l=*A=3D$2CH9ri_rn=#DI0AI(Z!0{6onvT1F_*V7U?~;55LW znn)SoF8?ZT3sfQidvjJ>jmJq;J6&%vPQXc03%l(k_p5P%4>=1fNlWC9Kk_EJ1rBBC z4Wr~q=m4!rV!{u4w#-$+^RC4xQ&pAHIaw-WcXqK`Se2ZTsq& z1LdW@kQ^EOpg#8f+$mFfo8O-ykZU6zF+OSw-=#Ghu6W-pws# z1WL3hjBy$c*4tTI`=!JnKOOLfewMQSpdnR=o_nV-N+SE^pNHIBaj?)L&&aXNu@sWg zK*#fs769IiptXQ2&DpI2u5%gs5y@O1#>X0~=2WZ2ecK_g*R=t34#%W1M7X36X{QL% zuTNmUkO3}KgW_{vSW+kA5gK`Ux?ApSEGCtrZ36g zy84GFN!}z|F{fJ?$G*WM^`WM70E;x5P@(3WL}G_fl`|(qR*FCHPdCl%s;zS4FYqF8 z`669%1OZ(XIh4wi%LMqc_2{J8b+@ z#NOh{M!mJZ4~^Bu!7C{IQh3|64;40$OLZOVxF7X1KL_qrvdYl6SzuzIR1iVBj7D7$ zzRk)i+NG#}nVdkP_VhJMyL@IhDY>B$Ejny~fU=0@Y!2GC2dIL=ZhuQd&0Vk7m8(nH zuI|mvM)bBWqVolLU`daepY}19A(t>9C#0dei(}6}yqy5#JJJK*e`QqwRhE+7RYO9~x% z-A}mRC$G|w7AOs4A4>u^SEFO5z&u_qpBCUR^<2AE&?Rw9x>>L3x^nPQq%q>3dVq-~ zcT6wxUAG4g!|O(1>vk&frZ@H%ZqDyx?huBz0TJu!YMYx@V38`DstcgJ?4X=VV*x*w z&mQq9PYDfp;ShtO+$!XD#t&aY3rmv4`l91fU)O4K=J;~)-8Mur*PS3EBh#Q(*UfJb z;TKg?YqP_mJNsnd?+-+sx7JOdYLN?*U17TY<$P`s_F}1KtD|naBm4VNE$6^stN^6k zrTQ`C4^~2iUqc{s3r6osNR*d`nPKFgL(Us0>n!%Pung2;#CEb%UCjNr6Rh74T~G0* zZ842=P}e1;2*QMHP>@dMc7;H8e9hqx9rv!&0|4i8+4JB(ORQ_tFh43RV+niUjD4?} z=zQGh*=U%=bK1Q?Kd0{u??5iU=2fIA)L|ntA#l7`c727$RSSms9tl@#gsm>X1B17@ z*9oEb72UPS3EOP*ZK}co@pHgv5q4Th8yx~)s%&fWQo5~rDuU=ljy*95XEt|0{U_qz zKZFQKUSW7q4>MFm!APLR@buiP8gm)NGs4jnJZK$(AgB0|L};-d%2cKl6MAAB;7)h< zcH)a>H|T0Y%Y*S;Q`FELIXcjN9-zvy?5GZs4!*u84xDs|G|8_zIwajmeQR*k?ZyEL z>opC$kNtu4t1P91!hTtCy!fnPjHJA_1}#@w#EP##sDPGls3u9p6Mb5guGwnpCO?`K zx18<#ny>(TNpLz>3uU=hVHy!B^ay@dAffZ-}7B zr?wgSwv#2hzGlQNSizoqvo^a&7%r>CYJ)rlzi@o~8F$puVJ-E;vlu{?FUb*#WRcyc zFGxB~xOjL0KqS1Sg&}O9;M@Fqo%^^_+e52*Bcl@T9;+n51iawSherDkarHir?*iBy z8LY6jFQe5rg^|9XzddKL=YRqUyR0O>-ovVOW;TfLhwpYbm2ix0H>+K@lK2jFO7@Dd zVKNdjL_wn&^Myu?Sv>a=T6mNq1qsh1x1a1sAMN^Nf9ru4cHAqV&Enoc%;0hWhW#P9 zZoBAT0L0Zu--s1+piWVkb~x?*Z(e2fgPUm~*F;oFe|sfr4&1ktQ$v>OH}Go{sk||V zOsUbQL^5uv(On1UdLL1r=B&d76CdJr?FATIpBt`O&O+NCj%Px^DpCXYUj|VR4FuQe zgEGcCXO71cU=pYFLyUz-=7IF|CPv;K)r4x6fyb6Of$L4nN)B}unl*IP4pV1S$XgAM zA{7m<(FOCAaU1a!Mq|{*CE4Py^QA?K$ihWSDM+kF)-+;X`b7;ew>y+37W(604+uK^ zU!^o1o0J;<1~Bc2nO1aso( zpqQQQe~k9lv_`E#Tj^Q6Cbl=Tla)gahgpWtn+zY_U}HE?q|$%RV1xeQbHwd_+#P(g z1g-BcIl~9Z@UjKHvY*FFlm)k+`B7AVuxk}c0K(~e;k(;hn+tA3Pj7$Q-P(5vZ^kt& zo60aej?u|3VNXb>2e6}m`6S@7HflH!WV`0o=wUyB8SDQ>=#`|8AJz)r{V}q+H<>F4 zckF8d$>6kQ9($-S&kuY&ed}$Ku@@p%@Seu&XVL7yt8yt23_k5&o9jil<#^I-02I`G z5h=P0b-a8ssSO)Vzcm7d%o*u+H_YbE_7*$yw3vz&iqYlTSR1IJv*_>sojllajBN44 zdRKkphKlA&m)e_6)fjn}JzIU5t?C$*U7p0t?(3Cx5QJ+?a879Th)0H<`86*FF0U!N zVn8qF$=Y=g&N@Cy;Lc)IgW5<|cg7}`ua~I#CRFD{#0(`*7z^<(zi#(Ws#0r%0+yU{ZS#hBE}GwDwLvlAMyc%NPJ1*psDJ`r=Fc!0biP|$@RP|VY1)Wbcb zvS?(0P}$^cskqkp;^%SQt7XmEJT982at%$;`k2Aq(`jsu<4FqR&26^)I1#aNMV$Ao zreeZlDwP2j$v}ee<0ZYMi#)s^Ps76fJ_x-STlJb*J;oY>*z!?dDD!?lvdNF11ybaSMF3S`%J-Hpglm<>N+{Hy*i%@Yg21|$Frf=Ggl>E zv_UVpO&Mh+YyzWddf39nT>J8_E%b-?< zs^4jzx*c9z=wGt+WqYtGVl&cIsZ3gNp#MKJ5T0o$l*~Q}&CGm~1A$}A!?H>gi^=t@ znND)tl3*&JzAa2lWl^0yW8bWbhnOM*oU?E*kX+&C#QHs*uhsb$lg}R+?r%nw_ z6m(^p%Hadw(e23^ZE-x3d0EW;4M?Q;95jf)n~1-5tt49-Q~Qn%p_fWWm-Mk1>Tc8G|+-PvV|Wng#6vlk_6kV+1;|JooM5yBtXE zCu>vKfa>W>C6<=(;m~l@(LwE4{=rG$AXYOs>d5sbLNp0`*!F_Q?1Ad^;^Kg1MsOgc z@pIAOdC=$b=lyAu?G2E&r+`(%fssoNm%zKlx_JIx%c}*$wJT+1gSYL{6rQcLkEufJ z?*{IROoqMdHzc8^K3!aQNmX!wHl}Wiel3olY#46Qv99x;`}nZ;bkiT0A(2d9e<{vw zgj|ET`>0Fsp7X<867!8ptOX=H2y}#p5s0TRNrKs`vnL*uA*K4ASfn?O#Tl!kG@PJ6 zRbdAqraq<5lCTxsFzTlry^170qP~T;Qe|@$2l7vHp47=plf)5#cmZFR%bu-h8lWs! zjawNFXuvlWt~RrPy$H^ytj3R$%x~J^o2jI+N*uVAn|tfs#?xM5C`3b+3io4nmm1dy z!`>cTOIlTh4Hwcv=N_dJM_M>-sO@vu&#c7ki}*;6vt#S=y!|FF!4*2mer%9AuI*k) ztuGBW;n7ua9W~;W9K`jNZvSl>y_pL@LwEu&ZpWj4#3=lGi)ecgHW#OFSx?=@b015|_?3q9_U>(c7hO9}p9wDPY0=UIwC7xGEn*QJ(`~Lp zB13jmzh06q^=r_$SQ+Sl#O&ljOGMik!P4%`up`1?@L550z9#VFR&l?p%Oo$$BloT| z*xeTdpr0!`s^n6G=n%b+CfD}wgY(ZV1iMAs)`+nG=B%>(l+ zTCf1z%9FTZjy59WYiCPAr5*dwYZJW>#^$gJ)Y|Ki^!N3Q`tPWMuUUjL+drstoG7{f z*z=IkegqaEf~MUBOAJ4mQOK@%^U!plk?UKpUS%&kOsF>-vKJaHPN}VEVb8_$X{QGj zV#GBSIHQDqE_{Q9%Wn!^GZ=nW#@k%mk4b{epq#{8YbdtC^QeRcAdlKveph`#ytMBs z>8jCco8Q%1&l*Z#5JyUBT%f#xT};to1rEvA0mPlSil2~f@v(jr6h9CrNa6$ByCkw! zg^#NS`AP&@zhXn*37P5v+Fn+d*Zo+=c3t-$ zeBlHCv$5Io8QlhMY{Z!af0J$kl~V=L&1N&8WqlvKu{dq%^sPm7y^1^1k4dTvgzi41 z*_~^dFTL=Bo)F>sY8iSXyqP%q9Dr)vwGd+K4nU31zCI$fh!LYaiUP(kn(9u3zO|Cerqm4&8y3d?ls5Mp@EOofE7{TC`Lutmc@SxB zSf|0H=ffHx51Q)GliNlKvOiXT)ZMZmVAB2c%L6&F{RAZJ<$a+CCI3fdUVsuxpRL7M zee4*-L2%D7WXXLhpF5>E-Ke>I18PkYaYAhpw8C{U)DkFaEfg4E?%Duv%ysuk!q@?~ zipg*L{5m7SUZo)w#FCr)O?RsYJT&C!)x;Pk429^Y>Mv%gtm+g(tUiibDT@t-8wo{( zHhg;T#vq9IIvXp%wYx^AtO{mle+vl#;*3MPF6qWDkeAd%2~ZUkdS+Tl{_=_Bj=w#q zp3FjmMD<<3&pWbjCvq*8D^Ng3gP*~G>%=-7FTv3j%!r^CxX-^5B9$>lZPog9ERok| zdo}r+8xnv(#N|6!34057s7-@^WG^(n0i0h(UZ>rnQ!#}VqVDp{DI3K3CrHD3=NkSU zU?dG#ATd&Uk?^hHjLukq-*4Di_6yWZrW0s-q42UB zT$9pSV(!03>(eS?G_Xg++XZzV)is(-xU=rFYx~O-@l$dYv+}gP({u-yQBsoYzl#_+{Vw(*k*tgxkqKNSQ zIqCr1bL_Rx83}1rNg-P_DnV7qZ)SjwcbqS9>OMSHCW_=oQm!Cf?De%5GxMYZ@I4u* zu-W-nh>Uitq38cQP;A|&sVW8&KsIlS=~3VpQExHgIHCjMwSxFQ$l2P z$RM-GsIWZrbc8lmjBclMq<|by#CScIuMeDfj2DIs{U%s0^DRB4(O1=&qJ4rGXzph$ z$7zB=(Z}+T$T!R7hvg!#5o5F$pHHZxE`RVqkQgKv*Py)aK!ZbXy4+8|i zI-K(^%HaIbWnC;HrB6k@5JNDmHZg+@B7s5Ph1P$;yKKGIi!+~{%H(!}s2%BOcQPAH zMBJXTjc>;QQmCPHv$MV8sofPrDwB^95pWK-WKl)KFb@M;$=){wZ3F+zE@po3tgZvK zGS|=pLEkF|@H%ZQWSv;O-u?J@-F&-1%e^Ok^ z^i#AQJ$ddfN)iBm{Q|Y$hHvfT(4Gng4mljK&Goq!N%#~go(j4$o?j?}T5)toZIxSX zA3t?AMB*bwj1IOz+ti$Bgo9@@5zw$0zSi*A($TCrMn~wzD~(9{J>t4%yZ=0&1}J}4 zlRH`#?(@dza9W-Zn21Fg#jddfVY*nW%ZTKfpwg@ci|QFUY20}#ZOu1-L^{m8ah=YQ z=gbV9tmv}heTizJZjLA88DdfC;_L@OESTu7;Ykx=qmmL%H0k+J!}^@)3HPj?Ux zI$4cWMERMc6G3D&r0bZB@+3XJsV0js39LKpww=0D*39QI?0mo7Yrc?WHj93W#XMmi z{IhQ>0m{Q~N>>n?u&2w#a+tY%ZyazA@~FpzhnlY+A!5K+m(Xyy1U(0hz=Nq7?9&7? zmiH!@&QR~rEjs0SD5fddk0U!s7b#UaKR_Xa>@rXFPIImxm(5dS%3>qpOS&OZI-! z78(A?4UzkA@&_v#iKc-X zZ$rk#v|rk9d1b-=U^ng#1fqP^K1kfEpjV}8Wj~~KS*W;TTPSgh_Gn>&Kx`w%q;3zz znI~XhLVhs8RV2<*p*Obf=?$;FnyJ(<9JJ;5BWtxpM&NAYvp_jWGSRR|o`!S($#M9! zX6P9mCggl67Hn8|SYgJK*L*lQpZU{g_ru&&2Q&BYHl6?h!1nfbmvr`JN+D&gI~<oIFyKqIRIieWozZ4WJI#f<1Psk?`DqiE+g|l3FXY@5^Ck7B1%*u&LM|GDn zF7nhEi;2)YO693Q>Xg5m%!e-Hd2aAw!4AZ8EG1nHU*@G*{@9(D(h3xAJ$jw?;2p`V z)n{39Oirw(iNSpe`xJmz+uDNx8%s!fkGiG7s^66Kzb$Iji^D@XZv_Aehx)dw@sLF4Sq)LmqH{Dy`H z`*TP>XKWkcNZR}tBmjKWfacywg~KZjk#4_vr=0xxEUBWa$y$*!Q%cseD``cWV@SpZ zJw2FkQmlE&TjT=|>}Hp4lvqP1xA@^mNLKo9qzDn<7MjY(ojPJTRcd|mDM2F79`}bux zWEVN7i=fYr=ksH0H)d_?dMCrhPNxI(8dn<1XIKQXk2!4s@jDSTSrXDNVtz1~)Mu*v zl1~UDey|K{5L?}PZk|`otIv|%9k_jq|oJ{d#oU5FK`SB7tg3Z=&~+RY@~(A!ndf8e2@{GowXDwkIo8D5O%46B|h~Le9wGNI*(2I|dYO2LI1CGR7_3AY2X~PaGMmWPq{kZDEa9kuwux? zWnFa5IqPT4ppG0lrqd#L#~yskMYQe_yG*c>+?;;ZhYmWs40>}Z{)7Z|2+4}k@IZ>x z#Sdf96RlrZ%~eLS?nn};Wr|=*v1e$!cQ>uC^$92)N)bnC$K|<7aLytZ7$EI7WpKn% zVW^8VUb+^p65|$`PD<8HiWp}5z9@){_s@K|<)E69pHN_v#6aTI7=)A)pBgT?m7sgNo(5U8J%%;h2HL1MEpwRukp zzl^tX?z)L3ZhBHOJo57B1dFPD358|Q21kF7p-MG8Hfr$7hI7l97ay6|1#1u^+H@FW z*L0YKtVL&C)%eikSkx;l29s^;<~Oxxvp7oLvn-s9Y9h?nqr#?6#LpK2VZ`k0iWJI$ zVzXS7;iI_Y!aJ#crWaK(>E0Mk?a)PiqOrs%fvKHFdLQ zz%rkzO$?MCHv_jLPjDl2vNvC4^*n2P!ORx6%nNRd1+m zSGh!7V1l#<-=ruDMm}VaZz}2EFUdNRKSug(?Vp=V(^@>mgx}WF@VVdHp8hDjZrLw^ zc2qA0eX_v~{gJ~!Pr*%-(_`{k>nk$Lf^*Zic8&ftj7Ex@&3!o&p3m^4Lg;0^2J)W{cgPEecoaI7$_@m;{r^fb3f*)h0C@WSEd{GM6fDw;XIRA^Z#XD7K%{tj=lk@>ys z?)0X6b${E`X1)37kW#`g!&u}*HusLogq&dK5;Zy;)666iRwl3M7qbP9$-rJNH6QU| zP1zKb0ysI|BG0mLx7p$9xXXhP3DL?dS?3ef5rwKI@h`WsiDDdTKnZ1S-t8JLVM7Qt zF7IUjXP|u z1A{A6e}q?t7DLtorxq)>t3?j2VdZE0c2!HIJxE<#oF{#dR(b&g=Ww+czs_l@Ue}-b zn0m57JRX`-4&^OCcvDGlV+;C+Mku?}CYglXD9PkfUzJTX^H_wDpCeR`po@}TnQZil zXmMTZ4h+0X_`o}lMOOvY{7HiNW;ec019NbAsy391D9f~%CI$g&JBh@Kut(&g-xNcH z>sf|)UkOgvMswLghKFJd3C^bR35_(LxDYz0#53%vc3vWIF>Zv>7?f}4pFol)+VmQe1IA=)Pk?Iu9mqV;R{u8shYFhtUo4?;Ja4Kqa9G#Q_X zn;qI)x4X{r38u_><(}Mdog-CU+)tPIyh7OsYG(4mn$o852^BBz>#lpde+XBi(D+nt zUz!4$g&Jkxg_~a1lKB}L`R$FyBqjzlAIQ?lqbtu*!5*JY%a=q8ieXU)PE-#hv|(|l z@Gf%nmTi>65r?7<>V{w}T3Z2wD%7t6nEM!`G1FMYGmBJ76fDh(A}iLe?y6e^=+h&Y zbE?a@8y!%mr$@_99MOt37Bzg@o8l}Zi6ZAS2Ukjar{+DzV-eaAlRtyXSS`R}u_sdJ z)I`}0Y5JR_;zx-;BqElvJ=tZr`=j$3*s{l_@(2slFie~~G!f!aK$f+C4<+a&*B~g1 zTtvu52^l{3w@j~%ZZ;%iMXaFP;FzdWPR~PpzED1q)APyJk(@;bc`9I(;bL+{@_8AW zHIOics^Eeu+u*qsaVp}0358<_L2pD955px=87_~vxYV(7zXU%yqT@vS9GXu87ssuH zFURTw9wC+Sh6k=y&BxgMNqk-0{U}n`|bgwM{Q}kV-Aq?9#a$ zIFzFE_)4VT_$CGXLG$;rcK((Y*-M?M%}%H#UV!xqQO=?3HC70uZ!i3}*N!etADqEc z73oHB$dGRa+vBioWoV8iJ%XFUXsXF_5)qs>I(X5xxR3?WI}N?sq8vTLMwx~rz&fHLg^-b@Z1l=MvC{6t^UhEjy*Eiku%d~^$M&Z!X<;ENYk>lO zivLP2_YE2pRCb5wv!_u(&Vym$V=Q0O1UEl&ix$ORP%%>4Dq_LG%UEIm1gh(8osuWx zDk({c0PWg<9n^1-0CQ>qkLs^G*tz%fmv$cN1;f|E^!#7jzv_&RSsHO+ECrQt@1QUs zxesEYrCAn%q+V^|eUT#)*e^_ID6L6HJZpODC55P{jQ5Om?i_iNXzuB|IAot_g;=N! z5?~t+ZO}aLqPdLnu!N1P2u5>rEwPlxZ6ORT!|;gc0Uo%98Sf)hrGax@R?CD9rr(SU zmm#!ErsX+e{p6z84BFq#wiZ3I^#azLov?a7VnPk}q`R4zE1q-IAlG}n0W;rz7F>b` zO=D4+Hxh!B+em3*QegToki=D1n;Nzp)ejl>T8%4eS=fL{)+}VqgW#Iu;^BJs8CWo? zY8Mf}|HPXT?*snj5tHol)P-epU89FO@%;2{EQdW%&JxoGVqz*YJ6z7>ig`<&&*0z z$q6}P-cq{qsIG1o0!f(M3LYhmi5mtvv%+*SSk~6n5=*KpbpL^FRr+7*Z72+J=U?6r zoIPfl#MN4|>3Ey0yKHi-?w_r->c!Ou*KL-0yz-Ij${}#A^Cea^u$~(m8$r#gtNZ4% zU{pqjTjajR0P;WvY6$##`n7U5L~t8I%b>8=n_D4Du|z*Bt64Kt?-kt_6hVbmQ>q4| zuO*IT8fUS~OD{7%c%H4jhtXji&ufJVpcpy7V;0cIcG8dIcE#JF>P$ctUF(zyiL(qZ~t+7%*f0h~p;RwWKuv zG->)=84B_HmB%x`wUN@$uMV^#?Ci(b8{Jr!TpH=JAToQZ7tm4J8GCBXZycaA6 z=wb%gB`|1q`Jz_^JM;cg)1ta06!{wMW=T(_&q@x-GFH9h62I(A)WAS2cSK~WFIJFZ zTv)gx?B1gecm+{!VMt&qJEY%lnD$v}m6z>9E$5e0zk#7u&y71Fk0JY0<6!~sMuZ(; zU*8$^PT74+{kCq@RAT#>WS3;l7J1A~ukoDSq%PPpJ$V_W)1JDgN2GBesT?C-^lPI` z+*lEf8ylv75!7x2h#@MB@=mZfN}-=zKsyVjKOJ%&LLG8u+IQyF0k-Ki?-UD;|6}SL z+$w#ecb{$Bwr#s6+s0(uwrv}e?Iuk%HMw?8*3LW5>HGU#=UnG{|ATiw&wkgs*XO<$ zZL(cTV8JbaJAe7oyLSGX&AtD*kPEtPEu4?L$jjVfw}S`v4EyaeltP25Z3kxX-0&n` z{j_J>eSo@8mfE*R1`5Wjg8AcY`fQSH@4GAmbIm`Km**z56HACmVm7MKIK>=<)^pcU z_KqcFnrpF&8mfXJl+Xh^B;SIOB9&4#F?qqtAG7k;hvbBNlo(}0^lPt59e%&3hgsLB z%=|R3y)@v#mv8Fu&b>I??EAbLSoAn`=Z2Y2lyo}-ydpgtR+9^fHjqU^$Fe_EcWxpj z+8f}l$}lIVb|QDUZwo=xBDXynIN7u25>Vc|@KSMbgAJ~VG_8&;rFd#8mfsQG{pM5J z(qIm>w>D~pWRbD8zA3oUMxSn5LUvwn7X>lQv&%91($sI14p{;lSO ztQAYbqq4~bR@FUu+aSygugZFL7Ch^3bWwkmg=!l}>@meSIpjr~t?$5~YLc3E^@c@x zB||nl#(Hvl00YN-c(s2E_lxWMZI(z9T?hu3hjZ)*eSz>a3Ep^;7AjvXCmg)S_Dc6~ z2t}{3kL}91IMl)T9nmXb7-_YH{7s7|Jdv!h2UtMC1 zP&6kn_GjUl|IU_ZBAx3{!g^W z)ztlgXNl~XAmf997R&2jqwfcSc>erqiMUoVXEj8u!vgu5x@E3He->TKNZ5%pG$0aB z0vM2{)&h%{`=`CGWmya`x4MnpWOxRKnW&M?q;STNeVIPmBM1oqrt?IhCCX5-)=yO< zj*HkUhI7a`G1|OSB~3_Vt#mU&ZX%Ot)VibPb2*%cIwe?CEJCF*k{$jx3Wjtl7*&ib zOY#kxIF{iNC0nX~e|kBDL&c*Ajvp~JoTbbO9@?O6k+3M?OxrDYTXQ=CzS6gCr z)7sD(B7Ab8<*z_qFVwjU*%JQ=5^|a2xk-P$umWD3-zCG^_tmYV1xMncA7{g>X7oRb z=o@l##=j#Q&Crx*;B~~QA=G|^t}^U)m6E>W9r*X5>ALEL3JbIM#Xbz~Z(|A4J2)b> zI%>_ZdNy0E7@8qU61q>QxpTNyi=g@oI$Rx{+^HvlnE4zB>g?<|o{kusEDTd>1pW|& zG?lUmMfp*{c!;iy1nuck(HpZ5gcH2b=uw%e(=h$7JL>ohTPjAFICL(QGgsec`L7;E zd78LqhqC0%X-k-CA=n8D6rK!#JOrLX3a-y{c<#h9!y^jz3G7c}9{Zz4V2tRmG8>2i zeieV}uQ{FM#E1O9M+{LW1ZFrWaF*C*Ou1_WG!9kZ^%LIZHu6NwSrt{uT#r@++V^-v z8F=Ur1i$F$N3zyn44-Y}M?P1`nLkgXxdYmJ+3ExIn(QEzTUfZPozad#pA^GqDnN@) zgxmr15&fU9!yTGFu(zLwVRA&BQTjpBxWi_2Iz$NuLx6AHPrZbuZ%IZj2e-0g(zpeP zE7i!-Y(%1=UV9$*SHKH{8&f|Pz8j@uS=u15B8yJP9hiUKSC2qox$5wpWcFw!Yd;u@ zUN0YAb=}8@(eucUp?>(NXxaS)4b=!l6BnL`2M<}c`6Z}x{~zbyiSx=c`56CGcm8|w z$RLn?)wS>{$Z;z@wC;gLWu>T6oi|)Th7!cvB$L~p!4L{CO4AQRN%xF%v z*qQEJ?d$oquipJ_Q?NzKUYDgxqCw87f{T>zZRXzx#OH^gXq30%BSTJ&HbBwjgGA`x zyLI<@VzX6v_@d|#^zL)1>c~blDXdQar8AVNt9QZi9zP~R{6!5m4{fYc^B?_j~|K($K`4|IUqXuAz z{F^}?uFIU&i?MY9LXv(m8Qw0(@6WBMgx$RF(*hqRm4Q#ZL!rp)w|sXaGo=3>1VD@b zdU1B2Y?{MTQ@?@MZ3Yo;0^cqG@9vA1tbJD-?YJUOwX7qfzV3izV?X$9zo{F5v*@QU zXnn6A7Khnzcznm}%^4s``p?E^G2aB*-Fh*MHTa`XEIiKH=L0(xKf|zVi;*HF$doRJ zBW>BEGSfzL%fpd+B6OU<(3;Dr``p?^7*b!Iu-1TyP~4TNid}+I_snsc06hPYTX7XL zdD>=UBd$TuNa>`VlOb98;kIQuOIjBrSrf-L{j>}@bqlh!#M-WnV?->HIMgJrEd&eG zZamW#aYz)-Lzjl(-Fz>t`3z87+T{$XOqy=(O7`RWSL%AJ^+iD}hCwchNj99)K^L7} z7RjC_qOL2!)eF3waAu*R{CauaNG^6x&Sg~7_kesq^+f8I)mVDGf^T2BefCj26;VI5 zB~Kh`I-=_A@x-csN|zXa6-iP@2c6xgrfP@*MYd~l%C_d;5Zr&xXl0l3R#p&fbgC0| zq7(E08AR0&l({N>2T%PiSiJ9#8-XAHUisg5V0U3Il0?F!t=Um>KHj>5paflxcei`m z0VjOr-{;S*fLZm%$&dksE+Dh|ec|B8Z=kE2n-P4k6E+eSXVe9x_b1dKgd6`i(lJs) z4-&@wFE?NRO|vNENs+q%lTjNSi4Tz6XTNmn3t0SM%a8O~hMyWO8h8T)yQJLgIKOc| zxox6;UJ!J@FW>KT>-1;L==OS`_rt=XFZTQs=Q|rebfGz*BJ3#dPC?y!|KtY#34X!h z19X?;7g>K8eH8wSv`FSh_>W`YeShWQ@xLu}_J>45Mj2f?y`cTPjR($NI7f*F&42Cm z9Q@#e^F{7IQEm>KW$DS8$r1EM>A(0W4nbTHM9g9~!1xW#=m;vl+p6P$@>JgfcG4j` zemAGo@^qJ7?iwrtr{3XjcGWLKiSsBcdeo~RRml>7;CXZiKiX^qx)^VtSmIJ)XV2NB z{}xYWi_NgN!$@A}hANuA60f_P1Y3`4V5|4M<<{J{MmvYl>LOUh|9dI~!CgxrqA;G> zX3T!Fgfq<`AdZgi7{Af9Oe^)xT&FZYRmQ9&eddW7cE74v7+RPwUzJx^_S18pL+Q{$ zOSjvSpde_3bGKe8W-r#k~nGs*OKHG9IxJL25pKb1*UFZTg*F_erG5u zv=mJ`oWJ5sZcUvd2U6HFNs2Ao!0Dvz6?)v$BgY=Q<*H%BFbuajeX@1mmQ$yX;F)y! zy}rYgbM(T6gVT?rADxr$J|j}Mw+nA(KYM!!bLL?;;C`+In5LW{kK>7V_eYZkBCU}G z(Ge0=gmyBZ^b>pjB>+uF??QeA4zLLbAbf>%^DdP6LlY7;93YL2jDUB8plwE-ulu9t ze_foPBfwnpIQgMO$xiNr4%eW)8gyHcl0?j*QINiyLPmIhUK@As7ig^Slg&_m#=Foj zq6R(`?>FisQv9P6x&z7hJTm@EnJGDv%w{r%Iw=ZbVnKc7BP9FlNJ%Z3Xg$_j zz6K?rD*OTk`coeaX5b1#hK#nnT$()q6yo8NyR&`y?Y&dkU zPoS>@OGV?j#F!H(>!XYS}VdUaDeulsqHaiSQlNRd^t#nJ_uMo%L z9||t3>BfZ{;)p>-AuFqG#>-4a9*sume~~zk-|Uxv^YDimqR}e^?h|gNH?j+BVs}YI zL zaB0J|C{onJ2xn{ZxPkf2%|obuy?w5F3xzHIizGSGv*rsqBFypwp7_rWK0a8m(DlIi zn|HLPo@;F)zWU*xNAa$m`=p1an_wtwiNk}Cuz(b5#9WjGZ@7iizO$^oHa%ayL0m^l zz7js~HLe^^8*QjgI)g5g3jjT@BPoHm0o5HJqJMnF>T8_#(XYGXgNw_>c)|T8pe_HXw`C*?o(Q*BQ56RmzXWj};p)M(-$cZNet~Yr548xS%Kay@wz}+dlb@ZkWChvB-irJLa-|J)bLvIZ zM1+ylu({*9LL!RSz1*WQg{ewAN({!X=^$)h%5~twG;C@All`5Ba+FLRpAFhe4hP z_ITr>0z8vazd|fX7gQ>khxZ>@ zNft+hydg_IHw4yAMV#i$yqc^ba%{bdmRW}Y%nq?pjy7WbJ{SPboF+YM^4rF-tvb~2 z+e|TW9&PR;rSeOXp&2s5Kh3X$?({o1+rigNV%OYZ@W zUpyu2_@Nv?1H0Z<0!lp&+VX;C06$_>I_RSJ+}HZTp1-TQ5!)*0a7*79`$(BtAMMY` zGfgL=F1g+4MncXx9`j4=jTsHoiTtzas%yWI&QL?{yi=T$olPE34c|o#E*hrE_;0FC zXbo50DIZejf!w$*ob4nerW}^CE8R!eV&$z+dX^?~#K;b8Pl1?4=^68H5U2zW{sVIr zt2`C#uoUNskR*V(8Am>e^qko(Tl{A@J;`BMw<6yse$ZuhQ`AZ4Wk?_&ndb_#_i)or zpV{?gZVUSC;O!OZNc8SM6r%BS6qv6WHe^#5?$D|?6U)Dsxaca%+gDl6<#Tst6T5#n zFc=2&R8^V?2?^P4Xph<+e)~d4Ktx=!kvFj8I0=|O#ao$&Wjzy&enTaLd9lO1$gzfB z2CEV>NO@1S8|=-yv297dEd5X=`QUfl?t*{q^>h8y!J}QG6A+Q1kp;w!{X;{^1AS)q-7D9wU2on=9Z_5)Y8CLiziu{X*T zownxW)sR#`G2KNI8o1S4@AsrN zbbXQLBU?p%-t8i>o-aVbE%1gR@_zWAeRnRkvpX{~x*2zG72-ti1X6(&=`iEA7ZV$S zfsUQK;yme&3zzsnP`YY6$HITHD1c`uT&VWDQ^Bx~$H&L9wJU$qi_R-1RZ*_+o3AB) z){2$tK^w~xpu`bcx*3=kTUE#aNWN~laEEqaerWljMT^a%F#`e&Ij_jQ5Yw=gugwt=ez5B$ zhfTt;rku+lneYNs(N`*zw1vZp;jCOv8;U^kxnfb#J6`8qp?8@>vR_@;7rm~uOK|r2 z9ZXb#iVJV`ZTMzfj7snMq7;eYI+68sR5}J<~g58DS%%i8#g~ReZw3*JE{K`GTL3}-`}072-CPA?So_IimdZ= zHByN-p-gsac8Rj@f*xgb;Sx>rd-pO$(=)zkR8*LHd4s=pzxkuk7v)0b!1QVYs$??a z+Mjv~9eV2;m3;mlIz@7TdZIQop(kSR#D&{BYlTEf zHi@=kzNQuy&g~B66L~*S$f|9qZMulEF#25TDHn@5W-k5nli5ZQx+1;RCtz}WQY=zK zIz7RO9R|nAjK_E0x@n2K78jwn7`R=&_iKsm=&((i1v=4nMl~c! zpc^L3TMwFX&p#~pi zBvh#Pv-|IX`@U$f3o@ZcdFb#7uX7~n`wc7Ll2gS@h^wXB;)JDu+6PU$q>(X;In2cH z--X!O&2=wsQD6`uk^2LBg4Zkk)YxK>C#_IYcmmfnZye|I;J%!cf1%O)YkRw>vcx@6GbJ05TWlm1Z!KE0W{&*`ygTptVkbZT?1bDJ zfFT06qB;saCueN$S@(NRcn(9%a9PlM2|rKrF4%XcEQrCF^gF=Th+8p&KH~}Ti-N8P zPlDFJkWrWSR#{lCqF=%h)oyLEQ`v_O11F7H59$V$LT^)>?kR`AO;zuQDDpEBGj9Kz zdi3{K2(KC(WN8;oZx2Uqvkvldtzs-}MwHr8&uJH{%L$@~hd{$q-n=ju@s438I|)o; zexAM`IPs0;IKW{P>_7ETrqEV3Bz1!gE;^-Rs#!vX*~4S_ox!Bwao)xRFfn786QN7M z@t&YV=eVLPNGRxivmWfA()}r8dGXW3!~EDP=%1X9e8SupXZHc$y9~!48VXqcNja*{ zcWE_I$w)`X!@!@X;Zl+A7H2!;jP^=?MC;=ep#iS1qNC;pWv|Z7PAxU<)?szj4qsL= z_T=OgyCc&+)(e+`AF9u*Y^a4rY7Kb)-kCTW9N;K?xhIU0N%G!_icQCpXXRrmi>+NK z02h2)%YQk78@{B40$ApiVjXB&0+cZvZTKN&=+F7}}cs&^&|y6<}g z0*3rJ7nmNh)`Z^XGyq*gL!`U+pF`2hnx!x^St76ufT62>8ip40ZDoTpWQrxUcDR z`pvlnh{__w3cNmI^+gZ(OF9Tf`r4;DmL`1<$P&Ds*vP~k+Z@y3L}KoHeF^?V1>JWI zfoGBW!S%l+Hb(@%zpuKGqEICrc%$9;0@**qcs4La-V69jB!S65tzZxQpyyjf;APc38=;Nz=jE#)AkaBjcrITs+KkRR0CS~4 z#M-NC0MSEQs2e2*u|hxI%DY(u z#vY3l2`*wV{bWbO1znKEL#PuWTjA5yFO-~|f)H+ZZE+KC(gnsR#?U{Jk>6pJW5up> zj&V}VOBffh!Rv~EX=HkuS#?xJc*Tj!mg#ZyiTF8m+9=rts+L*dX4RXRh2vwh?}&&+ znX7R;KmU-Cs1DOhM0)7=fGI2E&?~CpU=n`m`D0YEE%m?{(@*I;xFst?C`Sr0T%}4A z$79D+o=>b$WYjAn+3HquJ&y>S<1?`YWkfcPJVK7~-A%gg%TwBjpawx_zSk~zZk91L> zx}~Tf%pEDASyt}Qr?sE84LNidXvcNowJ;tfF8vV{zfu;HSsA^_sz_q1xOz!K?THGx zP9;}mOxzgn1G+tKB}#6oB~4| za82CM8}xnYSS((#Hh&>D4;)msn7@!KA-{-X4&j4#y^SVd_PhWb)i;4tnJ#nevH*^X z0VGL9SCRizhYtti$vaunA2=d!u|r|eJVFqdr&IB)J!or0oeU|md)NMtj3z&=A-``v z2oZUX16;7~{?p2l^)X!7ClAYm?@xeWC?H}XzA(t->XF{^BsgpS>y3eEW+MUrEZ$R} z1-)tjFUrXn=BXs?0$;#R{YlFy$#v=@=PNW^1JnX`_wO^v`k12U3 zj00Q$bU8HG)4N5g*#GE;JE2w8%T6-Z&Zu4HvCi#tnN}(1a9Hi>2VeMkKwWD5R3^Z3h3yDeRFD&P&PQ`P6op?L zKQhi|{t+tDOHE`bjQOgq@(hE-9bkybi1OfO{}ltZE+vNPK!}dA#ei=6VKGA}Q!5?l z+v@l;CT*$7q(++Z+xfl|*G;%{C9q&Tv-|f+W^*r65b)5XCEIU7_``<}0P=L1ZR{FT zPW~RQ`aa(mHp28W$X#te88p5*7WxUAyqS>4t*llpj+*r-8jas5%37{C66FQ76}q3y zjp}*tni4PB`KrGj<})>`pM_y28BBdzA|1i2ay~DJ-Y^-@JsHvlCcCcQQQQ7eW2^Du zTTrSH9h?z3Gl=I(SKH=`vdu7VvqXP8#OqzVYudW= z_#YZ2|9(v^oDSeho6fK5zBxOODrzE$M4neY7=$fKIqZl99C0;|zvEi@xL$_rHW{DZ z5a=MG`5n}-R=?JGXzLc5M%y$^kvkBAukrYN_;4EdfS$4+V0XNSX z(2IE&a>r71T19A%KEPcGP6q1?BMJY6#lw7nXDNpMQI)_ODKPQurqT=6yV9FwHcIWj}KMSuH{)&gVL_& ztk$XYRuV`J^;1cV4I1cTCL=)g77u|0hBRDXTTw`p6=PHqlsKd`B_imvZYw}TKKFkj z6|+1SufrkzZ>!L4$laL1Dbdxy&vK*!oK)&lZbn4M!0G7;dtzjZ zZZChj(qDpABEv7(oCJol)s6I>sKb z7ps_mSr4I=~(zo77eJ&$%-F_`xlf`J+L z$QESeA`|v)Q>Bq=+sXnR?Qj;sA_7lQj*MyQK2Y~u9T_dOL_aKImkv@cA=gJrBntD_n46$Mi|+TBA+^2v`P%MLEXtztvgl8FaHQ2g{9H52$S#NrV(Q!OKk;5h=hek zHvLMYPq|>yuC48y!BEGi0Q+0C?7fR#V>P*psR#`{Rx7_8`>`MDibq&`FjoK2tu`bP z?kLIGZ}p=shl`yZUh>|rv@cs!?9k5_YCuR>vHn2^NPw7~G_nz5>995ylZ9tBo8YEZ z2B^rg#6-sSQA}_%kSb9;Nd}u-jpPZ&%U72`W-!(!Kf!iAL>ojU|F8KtAgWb!%;CU3 zag7;*DX0rt3{j4HFYtaPL~m$Q0o zGBJPu86lXLJ7+sr3C;pD3)xSg)Z2HQ5PU z?q$&?y{%#)&&d02eL5%YL!*oQJ|sbB%JgPk94c$G%O2IsWIZNJ5 zo<1p7kpgdq1ERL$6#w2>HA5ggWv^T50CFYx^zs%i?C z6UUXnlR>wYKK0_*WPqqb#nn}7xo!1|NxU!Z>l*p@v6ar|6a<|O{7Zh=n66*f1&Cv6 zaejj;aNVHj-lt{+*ZK9c!}CGY^tIPlZR7?n3Rc_@iDjjG0af z`9N9E8c65M92&$g-MG|00eqW_CiNu}d3NTkWW{cHwPjX1)SUI2A#GI_r$aIf_?r~HHK~W z+tK=!NE#nJwY7U$Tmvchfr0f~+aZKnI{lBk`~hd|ysHxE)e_!KBweqPLs^SpV%ZvLC&fhFPv-ekwAIB0E??}GKJzVz;6!(j;!@s&G@vMm&>#Wt7(1W z`yf0yW!WjL%UyPebkNr_I({*^kyzq|c6Baa}g9V(j>EW`+Rx=z4YK zofvv2vSuUSEwoisLah5>ttX(HmLB7;x^yic>woTSx@UhD(kl3pRgy-^KH=9+syiK= zOx?KP%#UCzvS98B@Q08u|Cc2 zWxpnvpAU&TqZ+Et5t7-&qu)EE0E}6r2zwuEI=B9)v$qClw8LlBg>m78yV2{?1&X}i zp-vANUQIh)owz%d2F)uV6F)It*9xY}TI~e(J6IquU@Z^FzBSu!>;d~3IAOz@__FD7QIM+#oJB#E-` zE+=_)Zw&&ubWhpi6BiY|0SQA2s8#M>Ob@2XB%xHIFtG!KoG6i25|@Cm?0r!#35WZsQ@o>Vja#M@cfd+*jSc2l%(^n_kJ&TL9hg+iUpARg!<~9PfVErOrItXW$G%SrU>{M=qX=ba#1o(l z4eOA29#;#WQ58kotabd3q5d;2iUuo|&1$n^2pR95?&sJn(lj%fOL;;>s^@<$8+PU7 zS$}2ypBUwrr49c=ANIC`X!~zINReP*Ut)8GsJm?0QefakKh73MnY*?pVc^dCV0?*J zq?S_^W5hsWolt;Bj59%LLHp|8BpXMy$GVnI8__8<1bEn)UGtNu>8xiF^6$HO)?b+t z!&R{c!iWMT&N9U|ii+A~J=UIn_vYju$LT4_1{{^-Z60`P?!EyZDxk9=p(AGOxV_62 zCv3;~#a(`+8&H?0V@Qg1=dxQVmF&G?SZvwT?9afZ9tykZIZb(8lYs?c+2$_~OP<-n zvT+W3HLOkHxkH3;)D2<7aE@qVW1yZkNScIyQ)dM=P9G?N!$Bqku4QB>PZR zG_7`uk5ru`cxHb+b(Lwr`-X(gyxq?-A0sgz(%Vb-d@~}Q9bNZzh7$2%Kq`9x zd}Um5@97kNq~d-NEJ@_Y8|wKupI@JJ2!W{t=HXQx{^;`7Dzdwu^{5!`Lehj8*6La) zuI3J3$npw4i%mWr7)Dx9N}VP*Ds$;4r3%QEEz;fCK> zYSaHaWeng7^SMFDJ6yS4;g_;}lZlEVTlPF2IQ!rl1=Gc{{+Ew}IJ6`#EW+3_tCQ@W zjT@#nfN?I>zJ30Mn##&*Yn9>dTe^qbSJ9c~dT~Rv^a`07Fi?Uawv6az3k-+pY%M+^-*i1{ipiL63R0xxaBemuJ>};(3y6S)^mW{x%T2P|W;`%(~@dMrtW?Z*xjD?_M60{`1A@ zbN*>$TwS3&r^FXlZ4`vJXirmG(9|}V513555{A&jZ&KbTT}(Su$Ke-h>S%E>h=PGN zeHCNf9twhFGU|nkf_Ve_4M5tSEk%?1BfP%(nQnHBaJe>ZONU5@YzhR^$Lg2;5xM=N zm?Jv_)jUimr(ehw!ojXJ;ji_+g0~)_&I<3%_{AYdoZ^TjRw1Pa+m>Hi~r`vZXZ=dkg%s zpbcw@0yhxxHhsYrM=WZCog1y!59NFRi`V+YyEdQOyn=4OPw8T|j)Bqu zWrr@5Pd#;4%?}@Dm|%Ld)#mhwjCsr=2nD+1caMYLg}Sv&owc^?Y8U9;TLI1orD`Xa zBech{2Xpfs4q%6XI>FVe=9<4WPO~< z{zFD}^1&N?D-4bn4^T{Z=5mnlQZD8}R^fk<0s)?f;P*a0lT8T+C*&a`b^8 z`qiVj$F$SsNu)C12wvbH`&_f;&p+b7U*!*@aAMu*$ozvH%h+o+_7sh!qjbLEl#DJI=iSs4ogg^0FUq`G{-PnSqUHjv*>ca(pCh-nu z54}41yq}$zwhZA;@;XNYme~1j*M9)3bp{c>pe6h@>kv-)E=Gp~xE${0ca+WZ+uKgZ z7i29tTR2KAuhl#$S2T0+J@*P_GWrz&nfrzgMH>5DFU;#L%RiTi6b7MI8%iWi;Dm$n zNwP_MboeTIfEl-$Zz|TGaXA zUt-6U7<<@{hyG{g$a%8AkcnSRRA{rwhY<)QD>@AWOG`uJGF$;+(CHXSEa)YngUdo( z2Y*d92)?_sf^1XhN|2DOI{X^VBNiMi`imDK-?JP)rDF!N5Q~+hy+3okp>@W-Yo^pL zjD1OUPpO<+(yj-aM?x;_tQ#BKv`C;4B~R;U5$Y2EH1u=KW@H2ae_Ey&CjT?WhJYmQ zGdvyu3Ca{(7AO33azrsShs1Pq)x7UIflq;^Oe0Ei& z7{2B#6dv-q5B1?L#_x3ZyGm@G4UZxWcCUp7V}jIGUGB{e{GwoR&0;OpN(*>fN5C}F zbO(;hu#Pj*(~WLSz^M}*4ZyFDFvOpw0Wx;~gvin)LsBqWAha_7J{wLE1wy@F!R~^q ziu9lt?e$~7C6oL|!8aJW(rz% z4duQr@O*9uFu9kVpugu=wm2!FGVA3aF6@A@GM4zsaE0(46`}=$2EB1O zL1(d)H8lf9k1`35P6qC;G^QWXD(TR1%w5h=1!o<;28O+l51!ZMCZsG$Yu1RZSPIW8 z382{UMS$-P1i8*u<)Q|ejcl<;Km|2$wgV0;Gr570cyEm|I`+H+8GO6jHBv45 z7;DOwn8LmBz|O0_2>Wk5RQz@_JHV5-NT&2bOq0|)kZa693^Q>bR>vjBbtHh*4O6+K z9UqCSJLYf2@pzW~_=u}HF>&MQ^WYuX|T$hAtgPp1+fIE>R#SOOnKQgp5Q5j#MAp=B+QzUEHI=vs^ae z2fQ3O&L3SPa2!E&76=vyJa7RIyQn>?kIH^BIcekdrffLuWUl#*4U zg$5hj5UzkL8#?ek-UJhM`jLE)pSgIU$z+=&vO&&kA^a zGT0Bk=1)iaC8XJ#`Jy0e%x(WYKfaf73qZn(YSOla$mh5QF#gMg!P`ISiEX1x%Oz`}u7~R+JM_3C% zxuf{Z9xLVBEzY;!V_J4S@Te`&$4j7b$Q$OZY|p#q%Q1RyHudokvpEvMeh}!pVVMX= zGbG_G|9tADY{Yz1fAunhML}6+3W#F7^}uVDEN1syg~R=3F@qDH)}1EZL|0&TNM7SwxhPGWFIk80@y_MCggSP z-o@28cBFv+hA}thf`b4k{$}O=NKVr1s-R9;l36u=53UfS!*9lRH9 zx$SWR{$Oo@dR;i+W9iw9pIvX*1H$zKCxQ`8J`ajVzsWX6A}|l+wR3R7R^sEeYf5o~ zDqC9nx-k7<`%1!4nLWd$JbtZ!ea&N9tI;aS&DdI10pvSvcA^W01;enlyTh2(?$)~> zDI^351;RF9QPvTAN`Jd2_uN(Im@_TR#_?-f|H}ASS+gQBO$dwZuNAJ;kmSV4D{&p| zH(437ogNd30~71&kWyZ5ZLhWPy##VuAeafk&tYmHt%BtxF@3=2*+@EqZl{-V*PlF} z1cZ>E0v_YbSGMKQ_hm`;wl=c1uN@6UhlYBOc!wehoqH2^;s;)+X-6J&2H$pJZ>2*S z-msvM(UJ}j8{>}`!${u$Ms68GDN&GhYHxMgQHX}o8-d$l3dh-cr_g~FOA$?7ma29#I zB;|D*Ygw76ehk=y_2u$jo^=3gU#i6u8Scl$m+j(D5I`@duL_pNrH6Y*=9X}mAO7ZZ z6y9aMm;Z8o?%pd*Mb*`#2ZyftxtVRCOrJ2*=N+{n4;t1w8Gr~GhQ^^comTi;h5`G1 z5GTlHc8e-Rl{x6-Vx}<(D&re2!Wb6SO1Gt1Wv{CNI{Gw5pge0_iAdZli_yR@yX-39N^MI--Y{_`_s9M8xAoY(1miLdulQehIM3Fd}LURWWrnNSRm` zYw3hy9C-@O++)+tt@SD_8nhn6(BJCv8vnTXcJ@tmq0Qb>n}fp`+Rk|pGchSk7i7!pi9}AEDOk%f&*lMo;t6P>Q=BBbS&S@G-xOj)lqbIO z2U^E55987K^ar{k>LaPXVI#y;oGD_RQUOxibcb?EXi0cYGT@VgISyXaUf=fntqygE zv0Pc%%W;eUrs!7~XNAbBVd4Jod@%ClTkHheY%vSr=p!3P1Zs-W%T#mZYW-rER=v)! zG_LXV?r6oxuyTIaaFLVXegby11(hw#Zz{)tV|*lq-{M~fwn}+%B8y?w;1?gY#UUo2 zB#@m)tQ#*It@6<8Lo&IQT6SZe^;M-Ej@M}eUbew#-a15ix$8X7jYsWpTzCniA>v%b z(8bXbgT@tp3aIvXfZ>O@(&6yjUvR@GFN&#YgEI0&o%Jn~&>q=`;kg&#OMg`X#53}* zfJ?)+#4KlrxWw~LJ;z4~0j&uGIeqJlwthQ5X#i`lRG<^qO2A+gN@l_GM62Zwm4HIZ zkVg^zu)x9K@5m-R2Z3RGY%Pn;=Eb6`GJ!#b4pronHG6*U(GK)1LqMLIP&^ z9ar5zAb%6oMd2aj@Bel_Tt?X)_U{x;hOM!d)5a=Vo4c|Dvs-YV-v@b`y{2xytor|B z)-Ms%@|%1fZ>k2Q7AA{Vwqxw}DHsV_(E>T8Ip3=ac-4a-e3H)@8cveGG*#8sA&%`h&dpO@{9HbJ#5e0szG# z&?Xt6V{iY?!>M{}J4Zr;x*sA>0LZ5} z-G^PzqoLuHpw>6{l4ewA9#^%DO>Sm-KRlEYlEA+N$N7XrOx1DW3uuSJC+{z8fqu~0 z7|YL0nyA7cwH|-)&e?v05~1c2x0f?;Icysg?OVPI(H$Ach*ejnKayW{U)f1Bm>YM> z=m!eiL|^1$b&kZQyJs6tSPKWtaV0gugcjEr$ru_u;>M-K3KF+YL1Iv#Du5~FY-$+^ zO+T7Am>U-B@nvBB9%_wzj%&w3s$3= zfa*c7ZUF?@#YuUnjvfapR+Q^M|C_uK0=NEucsd97xY{<_$F^HD2?uK5S{Tzk*#`&su|zvWRqX7C-`*jHTwJQs_z&BrYq2}Kp>h2*fi zG%@67;HO&W?Ktod>UMm54EWvA4@|KJKOf;s7<86tL8CZe{M|&<20S2HIUka24<3Mg zylrrgFn{+6pj}cFlu-qBX?=+||Nfo0_w4B21h^x}MEL{$RxxI0_=={FrcCH~L&d?= zs6)f)Gm>#JQX+n^#(i?{{&>Ls`5Rfx0_3OR@GlYj3}xK>ugM7{=EC*hV{Z+EKhiD^CcXz*d2!P!2=Q3z#G%M(RGJ&DRSj1K2Z)mC zxI;)~!;ofY7T*f0=NLq{4xN4LSh^L;27m=6e3Ra=TXx~`bwMpU%Ow=1%QxsVSQPXc z%moc`b@z~^&utC4+V?GYE$uxF8~-~w7WOL7WsoOOWGpO`ipZQ_!k zPQ#^;9dpk!Y6PwXg!L2;F$Vt!>tSgh!^vvc1X0m*fP&&g3A?7I5i&{q<1v2zXXseY zEgabM%nnHn@B>&C29ou6ZiPOVpab{qyM@Vt-O%NiUGr@V#$~i_C-vyTX}`<+k>{Pu ztc;6EtW4$ks?scIbyZ_>`&qNzqCV0U3b?Is3M!G*d`~k zp9Dm7r;0lW!3}kQNOVO$j5`upe(W)pemE1L)rk1?VVy zY)UVYJGx-9q=Ix67llH@Xgffa(r7CXwQ(un6RWQ@M^$?7+(G{kIFWj;7B0i%ee|Lb zQ5cpM(*vexbuDVwL0cCi|A;tG)&0WJ}4Z>X=QF~7n4pPTagRN)tO{%|VcNpu#wF91=oZjz!7 z7JfjY0l~q60`Z=`;vs_=1qGidHkzc@@`n)fqi!OIwIQ9-G3cutt9RhNX6Kupa8PBz z-l&kjuu45!AzeC?ci;@tOX&==WoQ&G6E8=O-8ZIML`eZuIx!h35>u){2v~-4jxQI# zF|v92KO^*~<^Bt(SnmvVpx=@f>3^a0Z;+Rx%@01Sx`?e8kc(=cONRX5k%ytj`g{3K zu+Dv84Eo4#@RC2~us|4e^Lg)Eb!5znC~)3Q?>puH%NR4G0WXApuPxyRF>>tN6hz-N z30O!u5o0hj16tRpJ4t(3SR=KvG^`$U^h81<{QjMh^A}kbD`F;$QkJNU2T#Pz$rA$} zOaQe8Zihl0)FEJYibAlIdTx?xR9Z&YN6f!Y?OB)L6mtv`WgYYd26Zrdr=ONwM8n2k zX4{*l1C_TiY0SZ75r&BU-^fRnZHOOfJDetG7$-%=ij}yK!cR4yK|++k)r-ncYo`8+ z%7pKc-PHBt1S@IE-i~Td>Xoyj8f2lbDm4wgmQ7bKZ@PKANG;t<0`Xb zh}o$Z{P$co>;yp{6mW;Dt=(-7J6p&d8GZ2VCVQu^6Dv(p?i1~hS42ecotBhqr;WuY zZi)s{N_2VV!1%)4gPUs_DU01!q7uWd6R&Xg^XQ!;)`DPRWv_yB`huB~pz zi;<*{q&nNSi_vs$K}}ajRrE|XD}^L*om&j@K6ceVp(b8Lb;r~t0kzGvFV+Cr=_k>H zn1O8Z|5pBE_&{F9DEVFVIS!AKF#te~BvYJKO`aB3R`XR z`fEPwpm=c;dY^&(>qVh?JKuu#L!cb z6;`>hR2Sh1%(WEh?)W(eO^CUu?Fw5`P^&P%US;Pj!Jq*(pFA&-sp1}b)JSj%Hxr=# z1JgDgZZj}(@tRx9q3!}Jzd6O<9`D*14uf~mS@w|gSPZ9_I|Rc|0wc~@(Z4Wfab^DzZK$V@*?%*g9o&BF@T{1& zHY>G|%51cPsM-b~#eBN*$JEFLe)9#&3qxAMe^I?ZqAL%-pt%OAJ}f^PcKr?$_IKeo z4F2Nt*q^BKn9kAhyw|CjJWij?#YY-=G?V01b;7R2eC2c*{*5q5!DyJ-1J1~n++wG zOt(ouG5}c;?15skGPLw?N;GID(`_w=X)+YQ)ke#7qoabzar47fe4((u1qqg-MxxSO zh-vz%tE#sxTcS))pN(G-3w@zJQD;(~?7y{pQDXkgRG~DkOx48}BEhU|3fh;r-fV_% zcl-&v0`Kimo0u2;4XS6eNU&P#Rdl}`S2qqk`h^YLD5Ggvksa<< zkK@6C?MrlKFtE`6?hY z*JtD5`u+#f?<0j_aA>3>kwXXP5ypXVdZPf|yzkez_M8M>jxu#&PmCBj#FXcWpT4je z>~E|?u{gqvDXNd!!ICz#akOJ4WfgL%MqHoR6ZhVL0B~Ld_Ec|%yBEXmW>2_T1G!F+ zX0>c;-}YzXeq-XUdq$Hf+O$AP|S~`*GzA^I*z9w|BA2xd z-jKb&D48vZBe{dvVR*Hwy{YaxgcN;#@C+ESo*8DrsOhU0PH;MGqdYu%9?wpNI*-va zg+kt+N}7l@u>6I{{vo$M>RC({R<4kB?;W0J^lvn_ z#Ch`uqx254cH$cz^pV(-5O?{VD;LGv!K=D%W^EnDn8K>%5TqW#5ZO&o2eqC-zdIPT z9szL(42OSN{zr!U5eK4C-eQy#*VN!@2X*rx(mtwlj4{=#t?8piC?4I-;6bv(AMWFy zu>&V>D?V*$#nn(pw5F-2Nq>J2>99I&g7n*OA89&=U^2pTW%+jGCH|d|-)ji`k~qSu zFaT+#$0hpC<>@sto4w+YtrUK9@bL8SBY%_aNpaK1qBwwU;oU#17!TSm9Y$tO#Z$f) znW_qU!bonjO)pUei+GNn1x__hde()-18@Z;&G4`?{f<3fHHc1Iu068$Vt$RiU#T`zw7~&ZR9r7xJ5P0h@b>RxPQ1fWG#oRb3@vkgQ8<0}iY4=oRcF zr4+{bay2SWZNiYZ2N|X`2;T&f`?J|}5&NWSv!SB&O zvWw`@?*-X_7i#i7WHqkGmQkX6HdE}-D@=EpJ9%BOM$ zrt0dv0dMX_1HMjIxI*J|@b!hQ|e9zT%G`Zr>vPHiYLLMNa3lDI(d^9Bd#zLq+WZ2-zYlJSNY3wvp02uhg9YNqMuHCFp+1kG!=(SMZl z`nRf((=H6r$+~XoqgHuHCiN32GG#UY#jJuYc7O&bS&3;M{oz>y%5E~=SRMUL?IPq6zQ;ei=#hqi*$f8OZ zK4RGrB(G&;?P-)!&WQ3YE)fRHfpnbN*FZwISVWXgQZ0q(pMeV>_&3hsrzVkVA8Zjut_{;a$-HTlb&!NuXV5kkcg#zhrl z${cxVX%nOqLncEWyzob%-Qly>F0y#%4vmJDl@;~X{&x^1fk49EgWgtWmf^ni8W;;p z)eK*93rRv-h3}f=Y<>>YGKQAyO!%4A29$@31_bZ$R1dcu>gEo=@PR*Q-pr&p*pGhe z{T3S*hsOtX9W@^B&3JZv@MH5*44-8cb$*SgZ=}hdJ0JO(Q+IZk!HkAYw2}3^+K}M- zYmL!aH^_0D_%oqiufb(r&j4v~O-3$_qRL_X_TAdA3Hz#2J=S zro0`DsOlmnpuT6igKzzL4|wBzJ<(gdTP}9iMxZ|y`N&c(I5i1b#pDPCdarR+;9BYD zQ9xrj5x+c+0#)6TT2FyFf?7-%_I&K>w=t@bWirw&QF-qc7KiF#A~M`3N;pS1MOk0> z5Jm5g+&&Qruy4*rI6+e%7^mdg^*s@gu;aLLi$idnscFA3v|Dk*!gok6N^C_dzakCn z%Whx(FqUuGl%Z%r>(%@o&%FtYUvP}D5eIh$*7*(c1fs-0JU_XQvsd!d1v#K!g>N1MQpjnxLvNVkVNJviyDHVP45rFsy*s6o8 zF^cRfy~u#CI@7tae*?W;Rp7Rk7YN{rk|C)losx zNoE()P*`ff91R&N%y#BYV%|45_K*n$io$VwB;>J(YWH)Z;kPsi`zPD9-{#AV@^q6} zI`(`1p*iUr^*F+Rp^Dc8!88TNs68L)Ar+^`-78Un{;Wez<^i04^fm2XYf=QHh|rKx zz4{|tw9ccMG3-2WJ7lBqtXCT{10Q;6ku4hW$P=#X9}B(p9BIU|(WYbW5NSz=0{(>{ zKj`Rm3)1heEzqjrU;8^BHEiHQGii{mCWZ5h?4g|L@8GFrOsFquAQs6=sIYE^~RtI4K&p% z%_DC?K0vMUiMXvC#-xFaj!lmJB`{I_#A+W$;(Y!u!+T-@43<8O*+3n}GT}sw zAnOgC4OMwVoUn;PxN<#+BzTkn#Mie&?r?OsI_^p;GOxx`m5e!*qZ-A-^INqr=F}$U zTzre0(U|Bom9fRlbV?CKM{;QJBQm8yqYKx-LvD0soYFEK(^$PEutBkdQ^-l45g}{g zNByEn^qO)?#yDg1yFMK8sb622wA#pKKYD$DWUaw!YGP!+r>k)4!aW##A|Ei|Zp7r| zPJA=yFb=m3459%lxD9xzQ|6PQBB(=5$7Bc6B(C04Z1Gqn5XWhfa;BxcYu-;7`|+Fw ziGNH{iNM@3vNWo{_jZm{bgrvtGR&mt<()FpM?*!NZOe72;C`Ax7a*-FyZ14VW$Cnk znAX*WW0cC^1jn?tk6*;F>!+xkj{Mwz@YQbi*Ku|lU3hen1p@j1iP%Xf!J0m%SqCNbuBguc_cMtf{3K+s+}bzp z-M`_<4&z{TVNp#bM8v|z2et8a1m!R8LA>Yhc^F^ewYg}lPmSm5Yz~nibmYwQxr)A} zSoH?lyj48D-(TcZ6^;KYuhyY~f9sroH`l0LafE53A0b08z}QJi@xvBOA!$*J9MZ)* z56xuJyv3!sDTr0Zngd1~+*%#R>fqhlMs>b`Tvj)J+SZbTmhStb@A8ocWr>+-_iX2z zFPKLf3r{|@cS}55gg?YWkEA<3oOnU?1%~>Bi>$T&HktoK$n$l7p3-QXBA6fRh_X9O zES~47;=(ZC%jIm;!UmoDYPI%Q&H2g(-gsUAqoRH>k@}9)%|uQntpQR%R18)P)u9nx zosFQri_Cae&K!!@=|qSPeLz%edMu~F28iXw$V~2}PQ{6xu$py1P*}abR2r|6>+)@{ z1hUCpfvIPxGS29(-uUeu@+Lo2th=hzRjgM*3`}YHH4G}Lx8j?f#m|kEZ^Gb(FINLY zcjfmk>6rm6z+)2+kHGN!Nss4EIP>>MJwWq70Q1Ac0}CvdkPMwcJ0=;5lQU}L=#!{2 za>76w%SEWa3z3~%V~f%ARy-tLFM+(wr~zX z-svtIUWwH>PM{(YPXdi-_MawU3ObEwhFu{cll2sTz|v10WQ1XAFiis{>ws^aCV_6_IBx;^uKu$2K_s;Wo{A7Rs5kZKAX%CR97r*aYUTa}u^KHkVBu5qvhcPnCb7iBc%}tyg|4S#6kUM1Q3kJrygkbOmN%AaqunJJ5_+4*N?SvIT-|mF4riokXWw0(5RuPEQ#56AD&=~H38Q@erKaoar|dFz895X1F%{3UxPb_d zJsaNfv1MoS)!XImm>&jAfWryD-Fk?GhAlYk!Odhc#>2a$J;jR1-J|{F5&eH>-l?b# z3$u0#LUp-dIny&uITslF7K~R(!pQ3HYz6nX0pOkcA{Av)1_Mh6b9s0UM{zUq2qD=ZgBm<)mZt&#<-JyVpqXUfl$Q?_ z?pfzpVf}!}71XipW;$g!w9H(fa=$G&5Qq#SJM0dW?qLz9dm%P5SFu9a3NziHxN6Wq zQpyDd=wK8$gcVtyRlZGE*n%2CfjL^ z?C`b%7*`#+lB6;*zX|riW;Wvn!!Pg=tvBe*b-scWN~x1&=S;NM|2&-E-v=-J`1n4^ z-{@<>BGTz`$@Oxj)eoL&=*{9@ONMMJN(z#7;{j5&(olv z5J2|j9l4({VO&%y^(lG6(=u!-@n4{L2G=+w3@b-9Nn8YLJ&0Q7><@cTRW>jAeys{! zjbNmlT)Yh@dkzMsyN+xL$7i561s_$#OkCrC>TP_nE_>8O2D5Tix~@#{_mDH(i{O6F zR%3T}v`j*H%GAmo*WZvw{4NKo{ZAQbqDB3&U6n_DDB*It+6n?3)t>YsI4{5cGRO5^#p*ol;@ zY)ow@qoG0R<#QzWz(K1oXZOrw5ZodP0(sHkNPst0)YUnXD zW!xLd(deAn!!p$Xkl!n>F){Vd(T|rwU)zE3DFDT5 zo?1T@08H3S+S-{$A*)4WIpgf3XDxGmij{FHSh z`(MQRxUHE`s71_>ryxpBESCg>u6YJZaVYGHmNZQIQa{`N;ADhtJ?Y2_?C=2P+DFPC zki^rw@ClniMRJo0VTausFQZ2kk*mY1>W~T*ok78r5Bf)(Hfa+K|K7)Q!zsvP^x;sy z3_qu5Oj>jwEsI}Fk%+1dfq+0N{ZAkgj9Ta}a9kYQ zvgTOc>Km>5McTuJC@q~E{Et5}vL=IS6(bhY^Mst#B+Ez&BPz#yh}+fG0b~hT4v?Ei zk^!DJ%cDIxbRL0f0;f8Pyb0%n7>vvpkNcj!<{XSRe7wQ(8An1kP^2s2o@-2GE#-9mRNYfMYv@$oMSd)I55ENBC-W3r4m9cyli^IU~7w%ZJgM$Ogjuzq!mW+ zSqcM~dtj;Uy(vW*T+IyKUgFX-G_tTgroQ{ON>kv7ne&Is#0#^s=U~NYK_oSRavnR+ zjcu=x(e(##0+J-LkI9Lu0)gbzjhB*QQj~-m!qraEx9e=dx=VC)$g!}~*INn6QZ7(l zWq4e6_WT`fbIjEe0q=$jMHwM1-)DJ(`l_81INPu(xz4~kJ=3^MJCk-#N2C-hXwhPV z6b=Bk{-suymWCDOOVm&VlQyhHsg_BQ>!5y*Q(z#(AZDdAut=q0sabM2vgTFs!N(&A zI!+LT>%YtY8+t!46wY``Yi57_znsb;OiM z$YZyTK;?^8Sp_uWXT7`VECD%x!_gDO=v4ymacYNu8+tH_z8}$Yji?axmbKZE2XwPx z?&VMs2-w1xpn)qSMP+PIP;c5dGGn*)@lB{GLtLyK*zOp*){=uh#%Q=|#5Snp7$zL- z5-}h9rHsCBk3UdtZDcSZ($UJ`^vHYIELbq?f!g7K)=a1-%po93ILSkqM6eK#qA745p~6t4oQRhb?>$2vi1fLujtA7@JB_^; z!!5!wM>6Pu4D`HIq8~-_^KRg&R@&46ZSpTinBS|%!QS` z#aK+{Shj@=Dj$*~So<6gy^7cQ{I(F@&WL=5A^lvKx1oyXiiq0V6W11w`z^V?+&$Kkd|K(%zd%~k=C8FksuO6C| zT4t