From 10aa47784eac29da23617222571693773d7ef634 Mon Sep 17 00:00:00 2001 From: surabhipatel_crest Date: Wed, 1 Jan 2025 17:36:24 +0530 Subject: [PATCH 1/5] Add Zero Networks integration with assets --- zero_networks/CHANGELOG.md | 7 + zero_networks/README.md | 56 + .../dashboards/zero_networks_audit.json | 4074 +++++++++++++++++ .../zero_networks_network_activities.json | 2815 ++++++++++++ zero_networks/assets/logs/zero-networks.yaml | 184 + .../assets/logs/zero-networks_tests.yaml | 13 + zero_networks/assets/service_checks.json | 1 + zero_networks/assets/zero_networks.svg | 8 + zero_networks/images/zero_networks_audit.png | Bin 0 -> 117737 bytes .../zero_networks_network_activities.png | Bin 0 -> 132791 bytes zero_networks/manifest.json | 55 + 11 files changed, 7213 insertions(+) create mode 100644 zero_networks/CHANGELOG.md create mode 100644 zero_networks/README.md create mode 100644 zero_networks/assets/dashboards/zero_networks_audit.json create mode 100644 zero_networks/assets/dashboards/zero_networks_network_activities.json create mode 100644 zero_networks/assets/logs/zero-networks.yaml create mode 100644 zero_networks/assets/logs/zero-networks_tests.yaml create mode 100644 zero_networks/assets/service_checks.json create mode 100644 zero_networks/assets/zero_networks.svg create mode 100644 zero_networks/images/zero_networks_audit.png create mode 100644 zero_networks/images/zero_networks_network_activities.png create mode 100644 zero_networks/manifest.json diff --git a/zero_networks/CHANGELOG.md b/zero_networks/CHANGELOG.md new file mode 100644 index 0000000000000..0afbc81e871ba --- /dev/null +++ b/zero_networks/CHANGELOG.md @@ -0,0 +1,7 @@ +# CHANGELOG - zero-networks + +## 1.0.0 / 2025-01-01 + +***Added***: + +* Initial Release diff --git a/zero_networks/README.md b/zero_networks/README.md new file mode 100644 index 0000000000000..42d307687329b --- /dev/null +++ b/zero_networks/README.md @@ -0,0 +1,56 @@ +# Zero Networks + +## Overview + +[Zero Networks][1] is a cybersecurity platform that enforces zero-trust principles by restricting access to network resources based on user identity and behavior. It automates the creation of security policies, ensuring that only authorized users and devices can connect, while blocking unauthorized attempts. With features like adaptive access control, audit logs, and micro-segmentation, it minimizes attack surfaces and protects against threats. The platform is easy to deploy and integrates seamlessly with existing systems. + +This integration ingests the following logs: + +- Audit: Records an event performed by the user, providing an overview of the event's timestamp, involved entities, actions, and more. +- Network-Activities: Represents information about network communication events occurring within a system, including protocol and traffic type, source and destination information, process information, user information, threat scores, and more. + +This integration seamlessly collects all the above listed logs, channeling them into Datadog for analysis. Leveraging the built-in logs pipeline, these logs are parsed and enriched, enabling effortless search and analysis. The integration provides insight into audit and network-activities through the out-of-the-box dashboards. + +## Setup + +### Generate API credentials in Zero Networks + +1. Log in to the Zero Networks platform. +2. Navigate to **Settings**, click **API** under **Integrations** and click **Add new token**. +3. Enter a **Token Name** and Set the **Expiry** to **36 months** and click **Add**. + +### Connect your Zero Networks Account to Datadog + +1. Add your Zero Networks credentials. + + | Parameters | Description | + | ------------------------------------- | ------------------------------------------------------------ | + | Domain Name | The Domain Name from Zero Networks portal URL | + | API Key | The Personal API key of Zero Networks | + +2. Click the Save button to save your settings. + +## Data Collected + +### Logs + +The Zero Networks integration collects and forwards Zero Networks audit and network activities logs to Datadog. + +### Metrics + +The Zero Networks integration does not include any metrics. + +### Service Checks + +The Zero Networks integration does not include any service checks. + +### Events + +The Zero Networks integration does not include any events. + +## Support + +Need help? Contact [Datadog support][2]. + +[1]: https://zeronetworks.com/ +[2]: https://docs.datadoghq.com/help/ \ No newline at end of file diff --git a/zero_networks/assets/dashboards/zero_networks_audit.json b/zero_networks/assets/dashboards/zero_networks_audit.json new file mode 100644 index 0000000000000..f704857daf497 --- /dev/null +++ b/zero_networks/assets/dashboards/zero_networks_audit.json @@ -0,0 +1,4074 @@ +{ + "title": "Zero Networks - Audit", + "description": "This Dashboard provides insights into audit logs generated on Zero Networks Platform.", + "widgets": [ + { + "id": 1863500026524962, + "definition": { + "title": "", + "banner_img": "https://cdn.prod.website-files.com/66d894ac929236a04d136c23/66f44ba20ee5b6674d84c2b9_zero.jpg", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 1221940071162682, + "definition": { + "type": "note", + "content": "Zero Networks is a cybersecurity platform that enforces zero-trust principles by restricting access to network resources based on user identity and behavior. It automates security policy creation, ensuring that only authorized users and devices can connect while blocking unauthorized attempts. With features like adaptive access control, audit logs, and microsegmentation, it minimizes attack surfaces and protects against threats. The platform is easy to deploy and integrates seamlessly with existing systems.\n\nThis dashboard provides information about Audit Logs generated on Zero Networks.\n\nAudits can help you capture log details of audit types and it also records information such as user name, user roles and enforcement sources. \n\nFor more information, see the [Zero Networks Documentation](https://docs.datadoghq.com/integrations/zero_networks/).\n\nTips:\n - Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n - Clone this dashboard to rearrange, modify and add widgets and visualizations.", + "background_color": "white", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 6 + } + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 9 + } + }, + { + "id": 1090821916952074, + "definition": { + "title": "Audit Logs Overview", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 4953922766515528, + "definition": { + "title": "Audit Logs over Time", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "count", + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 4 + } + }, + { + "id": 7242183548985904, + "definition": { + "title": "Total Audit Logs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 4, + "width": 3, + "height": 4 + } + }, + { + "id": 1681254120188672, + "definition": { + "title": "Top Users", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@usr.name", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + } + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 3, + "y": 4, + "width": 3, + "height": 4 + } + } + ] + }, + "layout": { + "x": 6, + "y": 0, + "width": 6, + "height": 9 + } + }, + { + "id": 8903832120411966, + "definition": { + "title": "Datadog Cloud SIEM", + "title_align": "center", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 1520603275009884, + "definition": { + "type": "note", + "content": "Datadog Cloud SIEM analyzes and correlates Audit logs to detect threats to your environment in real time. If you don't see signals please make sure you've enabled [Datadog Cloud SIEM](https://app.datadoghq.com/security?query=source%3Azero-networks%20service%3Aaudit). ", + "background_color": "blue", + "font_size": "14", + "text_align": "left", + "vertical_align": "center", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 0, + "width": 12, + "height": 1 + } + }, + { + "id": 5171305195280798, + "definition": { + "title": "CRITICALs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:zero-networks service:audit status:critical $User $User-Role $Enforcement-Source" + } + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#bc303c" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 1, + "width": 2, + "height": 2 + } + }, + { + "id": 3716339438229230, + "definition": { + "title": "HIGHs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:zero-networks service:audit status:high $User $User-Role $Enforcement-Source" + } + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#d33043" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 2, + "y": 1, + "width": 2, + "height": 2 + } + }, + { + "id": 526207678442798, + "definition": { + "title": "Critical Security Signals", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@workflow.rule.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:zero-networks service:audit status:critical $User $User-Role $Enforcement-Source" + } + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#e5a21c" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 4, + "y": 1, + "width": 8, + "height": 4 + } + }, + { + "id": 7065177256241926, + "definition": { + "title": "MEDIUMs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:zero-networks service:audit status:medium $User $User-Role $Enforcement-Source" + } + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#e5a21c" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 3, + "width": 2, + "height": 2 + } + }, + { + "id": 5633195198610606, + "definition": { + "title": "LOWs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:zero-networks service:audit status:low $User $User-Role $Enforcement-Source" + } + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#ffb52b" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 2, + "y": 3, + "width": 2, + "height": 1 + } + }, + { + "id": 8771190338846140, + "definition": { + "title": "INFOs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:zero-networks service:audit status:info $User $User-Role $Enforcement-Source" + } + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#84c1e0" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 2, + "y": 4, + "width": 2, + "height": 1 + } + }, + { + "id": 6423904998842304, + "definition": { + "title": "High Security Signals", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@workflow.rule.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:zero-networks service:audit status:high $User $User-Role $Enforcement-Source" + } + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#e5a21c" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 5, + "width": 6, + "height": 4 + } + }, + { + "id": 8271369373960348, + "definition": { + "title": "Medium Security Signals", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@workflow.rule.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:zero-networks service:audit status:medium $User $User-Role $Enforcement-Source" + } + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#ffb52b" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 6, + "y": 5, + "width": 6, + "height": 4 + } + }, + { + "id": 708983995767266, + "definition": { + "title": "Info Security Signals", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@workflow.rule.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:zero-networks service:audit status:info $User $User-Role $Enforcement-Source" + } + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#e5a21c" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 9, + "width": 6, + "height": 4 + } + }, + { + "id": 1407892894051968, + "definition": { + "title": "Low Security Signals", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@workflow.rule.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:zero-networks service:audit status:low $User $User-Role $Enforcement-Source" + } + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#e5a21c" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 6, + "y": 9, + "width": 6, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 9, + "width": 12, + "height": 14 + } + }, + { + "id": 644000452526738, + "definition": { + "title": "Audit Details", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 2556237570829152, + "definition": { + "title": "Top User Roles", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@user_role", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + } + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 4, + "height": 4 + } + }, + { + "id": 4180845588431612, + "definition": { + "title": "Distribution by Enforcement Sources", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@enforcement_source", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "automatic" + } + }, + "layout": { + "x": 4, + "y": 0, + "width": 8, + "height": 4 + } + }, + { + "id": 7270801875129594, + "definition": { + "title": "Total Admin Users", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @user_role:Admin $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 4, + "width": 3, + "height": 4 + } + }, + { + "id": 1080787060051264, + "definition": { + "title": "Total Self Service Users", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @user_role:SelfService $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 3, + "y": 4, + "width": 3, + "height": 4 + } + }, + { + "id": 3783082847426088, + "definition": { + "title": "Total Unspecified Users", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @user_role:Unspecified $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 6, + "y": 4, + "width": 3, + "height": 4 + } + }, + { + "id": 6621169246882574, + "definition": { + "title": "Total Viewer Users", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @user_role:Viewer $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 9, + "y": 4, + "width": 3, + "height": 4 + } + }, + { + "id": 7418851780658186, + "definition": { + "title": "Total JAMF Asset Users", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @user_role:\"JAMF Asset\" $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 8, + "width": 3, + "height": 4 + } + }, + { + "id": 17237147742890, + "definition": { + "title": "Total Asset Manager Users", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @user_role:\"Asset Manager\" $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 3, + "y": 8, + "width": 3, + "height": 4 + } + }, + { + "id": 6871196872716226, + "definition": { + "title": "Total Regular Users", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @user_role:Regular $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 6, + "y": 8, + "width": 3, + "height": 4 + } + }, + { + "id": 5112550643636798, + "definition": { + "title": "Total API Users", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @user_role:(API-FullAccess OR API-ReadOnly) $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 9, + "y": 8, + "width": 3, + "height": 4 + } + }, + { + "id": 8988645435508292, + "definition": { + "title": "Total Cloud Connector Provisioning Users", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @user_role:CloudConnectorProvisioning $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 12, + "width": 4, + "height": 4 + } + }, + { + "id": 2318710282304818, + "definition": { + "title": "Total Operator Users", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @user_role:Operator $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 4, + "y": 12, + "width": 4, + "height": 4 + } + }, + { + "id": 8015711901397206, + "definition": { + "title": "Total Service Now Users", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @user_role:\"Service Now Token\" $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 8, + "y": 12, + "width": 4, + "height": 4 + } + }, + { + "id": 6280654354708074, + "definition": { + "title": "Top Users by MFA Enforcement Source", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @enforcement_source:MFA $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@usr.name", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 0, + "y": 16, + "width": 4, + "height": 4 + } + }, + { + "id": 123439317121484, + "definition": { + "title": "Top Enforcement Sources by Segmented Assets", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @auditType:\"Asset is being segmented (network)\" $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@enforcement_source", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 4, + "y": 16, + "width": 4, + "height": 4 + } + }, + { + "id": 8883716077430122, + "definition": { + "title": "Top Enforcement Sources associated with Asset Manager", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @user_role:\"Asset Manager\" $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@enforcement_source", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 8, + "y": 16, + "width": 4, + "height": 4 + } + }, + { + "id": 7527913239895988, + "definition": { + "title": "Top Enforcement Sources with Unspecified Role", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @user_role:Unspecified $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@enforcement_source", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + } + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 0, + "y": 20, + "width": 4, + "height": 4 + } + }, + { + "id": 5100808526380316, + "definition": { + "title": "Top Asset Managers Added", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @auditType:\"Asset manager added\" @user_role:\"Asset Manager\" $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@usr.name", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 4, + "y": 20, + "width": 4, + "height": 4 + } + }, + { + "id": 5924686678840334, + "definition": { + "title": "Top Asset Managers Removed", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @auditType:\"Asset manager removed\" @user_role:\"Asset Manager\" $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@usr.name", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 8, + "y": 20, + "width": 4, + "height": 4 + } + }, + { + "id": 5999525942412330, + "definition": { + "title": "Top User Roles associated with System", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @enforcement_source:System $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@user_role", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + } + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 0, + "y": 24, + "width": 4, + "height": 4 + } + }, + { + "id": 4669974496291300, + "definition": { + "title": "API Usage Analysis over Time", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @user_role:(API-FullAccess OR API-ReadOnly) @enforcement_source:API $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@user_role", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "datadog16", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 4, + "y": 24, + "width": 8, + "height": 4 + } + }, + { + "id": 8210840798992286, + "definition": { + "title": "User Details by API Full Access Status", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @user_role:API-FullAccess $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@usr.id", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@usr.name", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@auditType", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "alias": "count", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 0, + "y": 28, + "width": 6, + "height": 5 + } + }, + { + "id": 6089722912957010, + "definition": { + "title": "User Details when API Token Created", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @auditType:\"API Token created\" $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@usr.id", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@usr.name", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@user_role", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 6, + "y": 28, + "width": 6, + "height": 5 + } + }, + { + "id": 8008875364881484, + "definition": { + "title": "Distribution by User Access Configuration Status", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @auditType:(\"User access configuration created\" OR \"User access configuration edited\" OR \"User access configuration deleted\") $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@auditType", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 0, + "y": 33, + "width": 6, + "height": 4 + } + }, + { + "id": 4610184027668450, + "definition": { + "title": "Distribution of API Token Status", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @auditType:(\"API Token created\" OR \"API Token deleted\" OR \"API Token regenerated\") $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@auditType", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 6, + "y": 33, + "width": 6, + "height": 4 + } + }, + { + "id": 8336717976484940, + "definition": { + "title": "Distribution by Asset RPC Monitoring Status", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @auditType:(\"Asset added to RPC monitoring\" OR \"Asset removed from RPC monitoring\") $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@auditType", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 0, + "y": 37, + "width": 6, + "height": 4 + } + }, + { + "id": 670734366491020, + "definition": { + "title": "Distribution by Asset Cloud Monitoring Status", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @user_role:CloudConnectorProvisioning @auditType:(\"Asset is monitored by Cloud connector\" OR \"Asset is no longer monitored by Cloud connector\") $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@auditType", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 6, + "y": 37, + "width": 6, + "height": 4 + } + }, + { + "id": 3754709865300744, + "definition": { + "title": "Distribution by Admin Portal Status", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @enforcement_source:\"Admin Portal\" @auditType:(\"Admin portal role changed to admin\" OR \"Admin portal role changed to viewer\" OR \"Admin portal role revoked\" OR \"Admin portal logon\" OR \"Admin portal role changed to operator\") $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@auditType", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 0, + "y": 41, + "width": 6, + "height": 4 + } + }, + { + "id": 5502064587970996, + "definition": { + "title": "Distribution by Segmentation Policy Status", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @auditType:(\"Segmentation policy created\" OR \"Segmentation policy deleted\" OR \"Segmentation policy edited\") $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@auditType", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 6, + "y": 41, + "width": 6, + "height": 4 + } + }, + { + "id": 1108945772378682, + "definition": { + "title": "JIT Access Rejected Breakdown", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @auditType:(\"Outbound JIT access rejected\" OR \"Inbound JIT access rejected\") $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@auditType", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 0, + "y": 45, + "width": 12, + "height": 4 + } + }, + { + "id": 5641989942381028, + "definition": { + "title": "Distribution by Outbound JIT Rule Status", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @auditType:(\"Outbound JIT rule created\" OR \"Outbound JIT rule deleted\" OR \"Outbound JIT rule expired\") $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@auditType", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 0, + "y": 49, + "width": 6, + "height": 4 + } + }, + { + "id": 3534431085357244, + "definition": { + "title": "Distribution by Inbound JIT Rule Status", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @auditType:(\"Inbound JIT rule created\" OR \"Inbound JIT rule deleted\" OR \"Inbound JIT rule expired\" OR \"Inbound JIT rule revived\" OR \"Inbound JIT rule edited\") $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@auditType", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 6, + "y": 49, + "width": 6, + "height": 4 + } + }, + { + "id": 5044773016041802, + "definition": { + "title": "Distribution by Inbound MFA Policy Status", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit enforcement_source:MFA @auditType:(\"Inbound MFA policy created\" OR \"Inbound MFA policy edited\" OR \"Inbound MFA policy deleted\") $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@auditType", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 0, + "y": 53, + "width": 6, + "height": 4 + } + }, + { + "id": 5683227781932788, + "definition": { + "title": "Distribution by Outbound MFA Policy Status", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit enforcement_source:MFA @auditType:(\"Outbound MFA policy created\" OR \"Outbound MFA policy edited\" OR \"Outbound MFA policy deleted\") $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@auditType", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 6, + "y": 53, + "width": 6, + "height": 4 + } + }, + { + "id": 1015805240700402, + "definition": { + "title": "Distribution by Inbound Allow Rule Status", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @auditType:(\"Inbound allow rule created\" OR \"Inbound allow rule deleted\" OR \"Inbound allow rule expired\" OR \"Inbound allow rule edited\") $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@auditType", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + } + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 0, + "y": 57, + "width": 6, + "height": 4 + } + }, + { + "id": 4481281950303368, + "definition": { + "title": "Distribution by Outbound Allow Rule Status", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @auditType:(\"Outbound allow rule created\" OR \"Outbound allow rule deleted\" OR \"Outbound allow rule expired\" OR \"Outbound allow rule edited\") $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@auditType", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 6, + "y": 57, + "width": 6, + "height": 4 + } + }, + { + "id": 350747560290646, + "definition": { + "title": "Distribution by Inbound Block Rule Status", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @auditType:(\"Inbound block rule created\" OR \"Inbound block rule deleted\" OR \"Inbound block rule expired\" OR \"Inbound block rule edited\") $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@auditType", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 0, + "y": 61, + "width": 6, + "height": 4 + } + }, + { + "id": 6091362109720210, + "definition": { + "title": "Distribution by Outbound Block Rule Status", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @auditType:(\"Outbound block rule created\" OR \"Outbound block rule deleted\" OR \"Outbound block rule expired\" OR \"Outbound block rule edited\") $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@auditType", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 6, + "y": 61, + "width": 6, + "height": 4 + } + }, + { + "id": 1115683580811782, + "definition": { + "title": "Distribution by Connect Session Status", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @auditType:(\"Connect session created\" OR \"Connect session expired\" OR \"Connect session revoked\" OR \"Connect session logged out\" OR \"Connect session extended\") $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@auditType", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 0, + "y": 65, + "width": 6, + "height": 4 + } + }, + { + "id": 3282289349266296, + "definition": { + "title": "Distribution by Connect Region Status", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @auditType:(\"Connect region created\" OR \"Connect region edited\") $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@auditType", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 6, + "y": 65, + "width": 6, + "height": 4 + } + }, + { + "id": 7296457709427624, + "definition": { + "title": "Distribution by Connect Server Status", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @auditType:(\"Connect server deployed\" OR \"Connect server edited\") $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@auditType", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 0, + "y": 69, + "width": 6, + "height": 4 + } + }, + { + "id": 5681340390094250, + "definition": { + "title": "Distribution by Rules RPC rule Status", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @auditType:(\"Rules RPC rule created\" OR \"Rules RPC rule deleted\" OR \"Rules RPC rule expired\" OR \"Rules RPC rule edited\") $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@auditType", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 6, + "y": 69, + "width": 6, + "height": 4 + } + }, + { + "id": 6235168435099362, + "definition": { + "title": "Distribution by AI Inbound Allow Rule Status", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @auditType:(\"AI inbound allow rule rejected\" OR \"AI inbound allow rule approved\" OR \"AI inbound allow rule approved with changes\") $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@auditType", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 0, + "y": 73, + "width": 6, + "height": 4 + } + }, + { + "id": 3232645691460268, + "definition": { + "title": "Distribution by AI Outbound Allow Rule Status", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @auditType:(\"AI outbound allow rule rejected\" OR \"AI outbound allow rule approved\" OR \"AI outbound allow rule approved with changes\") $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@auditType", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 6, + "y": 73, + "width": 6, + "height": 4 + } + }, + { + "id": 2343644671622496, + "definition": { + "title": "Distribution by AI Inbound Block Rule Status", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @auditType:(\"AI inbound block rule rejected\" OR \"AI inbound block rule approved\" OR \"AI inbound block rule approved with changes\") $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@auditType", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 0, + "y": 77, + "width": 6, + "height": 4 + } + }, + { + "id": 7638257482231942, + "definition": { + "title": "Distribution by AI Outbound Block Rule Status", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @auditType:(\"AI outbound block rule rejected\" OR \"AI outbound block rule approved\" OR \"AI outbound block rule approved with changes\") $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@auditType", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 6, + "y": 77, + "width": 6, + "height": 4 + } + }, + { + "id": 7529546885171408, + "definition": { + "title": "Distribution by Identity Rule Status", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @auditType:(\"Identity rule created\" OR \"Identity rule deleted\" OR \"Identity rule expired\" OR \"Identity rule edited\") $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@auditType", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 500, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "style": { + "palette": "datadog16" + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 0, + "y": 81, + "width": 12, + "height": 4 + } + }, + { + "id": 8516258548930438, + "definition": { + "title": "Log Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:zero-networks service:audit $User $User-Role $Enforcement-Source", + "indexes": [], + "storage": "hot", + "sort": { + "order": "desc", + "column": "timestamp" + } + }, + "columns": [ + { + "field": "usr.id", + "width": "auto" + }, + { + "field": "usr.name", + "width": "auto" + }, + { + "field": "user_role", + "width": "auto" + }, + { + "field": "enforcement_source", + "width": "auto" + }, + { + "field": "auditType", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 85, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 23, + "width": 12, + "height": 90 + } + } + ], + "template_variables": [ + { + "name": "User", + "prefix": "@usr.name", + "available_values": [], + "default": "*" + }, + { + "name": "User-Role", + "prefix": "@user_role", + "available_values": [], + "default": "*" + }, + { + "name": "Enforcement-Source", + "prefix": "@enforcement_source", + "available_values": [], + "default": "*" + } + ], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/zero_networks/assets/dashboards/zero_networks_network_activities.json b/zero_networks/assets/dashboards/zero_networks_network_activities.json new file mode 100644 index 0000000000000..4f92c3ea1342f --- /dev/null +++ b/zero_networks/assets/dashboards/zero_networks_network_activities.json @@ -0,0 +1,2815 @@ +{ + "title": "Zero Networks - Network Activities", + "description": "This Dashboard provides insights into network activities logs generated on Zero Networks Platform.", + "widgets": [ + { + "id": 7048682808416574, + "definition": { + "title": "", + "banner_img": "https://cdn.prod.website-files.com/66d894ac929236a04d136c23/66f44ba20ee5b6674d84c2b9_zero.jpg", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 4724375602798618, + "definition": { + "type": "note", + "content": "Zero Networks is a cybersecurity platform that enforces zero-trust principles by restricting access to network resources based on user identity and behavior. It automates security policy creation, ensuring that only authorized users and devices can connect while blocking unauthorized attempts. With features like adaptive access control, audit logs, and microsegmentation, it minimizes attack surfaces and protects against threats. The platform is easy to deploy and integrates seamlessly with existing systems.\n\nThis dashboard provides information about the Network Activities logs generated on Zero Networks.\n\nNetwork activities can help you maintain your network in the following ways:\n- Captures and logs details of network connections between a source and a destination.\n- Records information such as IP addresses, ports, processes involved, user identities, and threat scores associated with the network traffic.\n- Monitor and analyze network communication, detect potential security threats, and provide visibility into the network activities occurring within the environment.\n\nFor more information, see the [Zero Networks Documentation](https://docs.datadoghq.com/integrations/zero_networks/).\n\nTips:\n - Use the timeframe selector in the top right of the dashboard to change the default timeframe.\n - Clone this dashboard to rearrange, modify and add widgets and visualizations.", + "background_color": "white", + "font_size": "14", + "text_align": "left", + "vertical_align": "top", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 6 + } + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 9 + } + }, + { + "id": 8522168906775942, + "definition": { + "title": "Network Activities Logs Overview", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 2821775474448160, + "definition": { + "title": "Network Activity Logs over Time", + "title_size": "16", + "title_align": "left", + "show_legend": true, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "alias": "count", + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:network-activities $User $IP $Traffic-Type $State $Protocol" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "dog_classic", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 0, + "y": 0, + "width": 6, + "height": 4 + } + }, + { + "id": 5023916849568878, + "definition": { + "title": "Total Network Activity Logs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:network-activities $User $IP $Traffic-Type $State $Protocol" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 4, + "width": 3, + "height": 4 + } + }, + { + "id": 3993652264280538, + "definition": { + "title": "Top Users", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:network-activities $User $IP $Traffic-Type $State $Protocol" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@usr.name", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 3, + "y": 4, + "width": 3, + "height": 4 + } + } + ] + }, + "layout": { + "x": 6, + "y": 0, + "width": 6, + "height": 9 + } + }, + { + "id": 2866141829269764, + "definition": { + "title": "Datadog Cloud SIEM", + "title_align": "center", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 2164149458767982, + "definition": { + "type": "note", + "content": "Datadog Cloud SIEM analyzes and correlates Network Activity logs to detect threats to your environment in real time. If you don't see signals please make sure you've enabled [Datadog Cloud SIEM](https://app.datadoghq.com/security?query=source%3Azero-networks%20service%3Anetwork-activities). ", + "background_color": "blue", + "font_size": "14", + "text_align": "left", + "vertical_align": "center", + "show_tick": false, + "tick_pos": "50%", + "tick_edge": "left", + "has_padding": true + }, + "layout": { + "x": 0, + "y": 0, + "width": 12, + "height": 1 + } + }, + { + "id": 2645872198219308, + "definition": { + "title": "CRITICALs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:zero-networks service:network-activities status:critical $User $IP $Traffic-Type $State $Protocol" + } + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#bc303c" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 1, + "width": 2, + "height": 2 + } + }, + { + "id": 4148528252612364, + "definition": { + "title": "HIGHs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:zero-networks service:network-activities status:high $User $IP $Traffic-Type $State $Protocol" + } + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#d33043" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 2, + "y": 1, + "width": 2, + "height": 2 + } + }, + { + "id": 8700812738359164, + "definition": { + "title": "Medium Security Signals", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@workflow.rule.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:zero-networks service:network-activities status:medium $User $IP $Traffic-Type $State $Protocol" + } + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#e5a21c" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 4, + "y": 1, + "width": 4, + "height": 4 + } + }, + { + "id": 8590036025513724, + "definition": { + "title": "Low Security Signals", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [ + { + "facet": "@workflow.rule.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], + "search": { + "query": "source:zero-networks service:network-activities status:low $User $IP $Traffic-Type $State $Protocol" + } + } + ], + "response_format": "scalar", + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#ffb52b" + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 8, + "y": 1, + "width": 4, + "height": 4 + } + }, + { + "id": 6750891340282460, + "definition": { + "title": "MEDIUMs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:zero-networks service:network-activities status:medium $User $IP $Traffic-Type $State $Protocol" + } + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#e5a21c" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 3, + "width": 2, + "height": 2 + } + }, + { + "id": 2964548153610178, + "definition": { + "title": "LOWs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:zero-networks service:network-activities status:low $User $IP $Traffic-Type $State $Protocol" + } + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#ffb52b" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 2, + "y": 3, + "width": 2, + "height": 1 + } + }, + { + "id": 3511561538032828, + "definition": { + "title": "INFOs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:zero-networks service:network-activities status:info $User $IP $Traffic-Type $State $Protocol" + } + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#84c1e0" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 2, + "y": 4, + "width": 2, + "height": 1 + } + } + ] + }, + "layout": { + "x": 0, + "y": 9, + "width": 12, + "height": 6 + } + }, + { + "id": 2735070504617084, + "definition": { + "title": "Network Activities Logs", + "background_color": "vivid_blue", + "show_title": true, + "type": "group", + "layout_type": "ordered", + "widgets": [ + { + "id": 7408250835431734, + "definition": { + "title": "Top Protocols", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:network-activities $User $IP $Traffic-Type $State $Protocol" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@protocol", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 0, + "width": 4, + "height": 4 + } + }, + { + "id": 5125143270261116, + "definition": { + "title": "Distribution by Traffic Types", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:network-activities $User $IP $Traffic-Type $State $Protocol" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@trafficType", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + } + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "style": { + "palette": "datadog16" + }, + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "legend": { + "type": "automatic" + } + }, + "layout": { + "x": 4, + "y": 0, + "width": 8, + "height": 4 + } + }, + { + "id": 7587274748285862, + "definition": { + "title": "Total Internal Traffic", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:network-activities @trafficType:Internal $User $IP $Traffic-Type $State $Protocol" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 4, + "width": 4, + "height": 4 + } + }, + { + "id": 542398547448820, + "definition": { + "title": "Total External Traffic", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:network-activities @trafficType:External $User $IP $Traffic-Type $State $Protocol" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 4, + "y": 4, + "width": 4, + "height": 4 + } + }, + { + "id": 1904201580642026, + "definition": { + "title": "Total Internal and External Traffic", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:network-activities @trafficType:Both $User $IP $Traffic-Type $State $Protocol" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 8, + "y": 4, + "width": 4, + "height": 4 + } + }, + { + "id": 4018554368221482, + "definition": { + "title": "Top IP's", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:network-activities $User $IP $Traffic-Type $State $Protocol" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@network.client.ip", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 8, + "width": 4, + "height": 4 + } + }, + { + "id": 3814672709882648, + "definition": { + "title": "Distribution by States", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:network-activities $User $IP $Traffic-Type $State $Protocol" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@state", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + } + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "style": { + "palette": "datadog16" + }, + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "type": "sunburst", + "legend": { + "type": "table" + } + }, + "layout": { + "x": 4, + "y": 8, + "width": 8, + "height": 4 + } + }, + { + "id": 2627643690830184, + "definition": { + "title": "Total Blocked Network Traffic", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:network-activities @state:Blocked $User $IP $Traffic-Type $State $Protocol" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 12, + "width": 4, + "height": 4 + } + }, + { + "id": 8455608497007756, + "definition": { + "title": "Total Blocked At Source Network Traffic", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:network-activities @state:\"Blocked At Source\" $User $IP $Traffic-Type $State $Protocol" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 4, + "y": 12, + "width": 4, + "height": 4 + } + }, + { + "id": 6518168948932602, + "definition": { + "title": "Total Requested Network Traffic", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:network-activities @state:Requested $User $IP $Traffic-Type $State $Protocol" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 8, + "y": 12, + "width": 4, + "height": 4 + } + }, + { + "id": 109041145079294, + "definition": { + "title": "Total Blocked By Third Party Network Traffic", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:network-activities @state:\"Blocked By Third Party\" $User $IP $Traffic-Type $State $Protocol" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 16, + "width": 4, + "height": 4 + } + }, + { + "id": 4179949591999648, + "definition": { + "title": "Total Blocked At Source By Third Party Network Traffic", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:network-activities @state:\"Blocked At Source By Third Party\" $User $IP $Traffic-Type $State $Protocol" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 4, + "y": 16, + "width": 4, + "height": 4 + } + }, + { + "id": 5825249782758720, + "definition": { + "title": "Total Established Network Traffic", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:network-activities @state:Established $User $IP $Traffic-Type $State $Protocol" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 8, + "y": 16, + "width": 4, + "height": 4 + } + }, + { + "id": 8140375815927286, + "definition": { + "title": "Total TCP Network Traffic", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:network-activities @protocol:TCP $User $IP $Traffic-Type $State $Protocol" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 20, + "width": 3, + "height": 4 + } + }, + { + "id": 3693207539505400, + "definition": { + "title": "Total UDP Network Traffic", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:network-activities @protocol:UDP $User $IP $Traffic-Type $State $Protocol" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 3, + "y": 20, + "width": 3, + "height": 4 + } + }, + { + "id": 6867819967370544, + "definition": { + "title": "Total ICMP Network Traffic", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:network-activities @protocol:ICMP $User $IP $Traffic-Type $State $Protocol" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 6, + "y": 20, + "width": 3, + "height": 4 + } + }, + { + "id": 8147706316730684, + "definition": { + "title": "Total RDP Network Traffic", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:network-activities @protocol:RDP $User $IP $Traffic-Type $State $Protocol" + }, + "indexes": [ + "*" + ], + "group_by": [], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "formulas": [ + { + "formula": "query1" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 9, + "y": 20, + "width": 3, + "height": 4 + } + }, + { + "id": 8071523453594128, + "definition": { + "title": "Top Destination Asset Sources", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:network-activities $User $IP $Traffic-Type $State $Protocol" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@dst.assetSrc", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 24, + "width": 4, + "height": 4 + } + }, + { + "id": 5632667227080570, + "definition": { + "title": "Top Destination Network Protection States", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:network-activities $User $IP $Traffic-Type $State $Protocol" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@dst.networkProtectionState", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 4, + "y": 24, + "width": 4, + "height": 4 + } + }, + { + "id": 5586724905348182, + "definition": { + "title": "Top Destination FQDN", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:network-activities $User $IP $Traffic-Type $State $Protocol" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@dst.fqdn", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 8, + "y": 24, + "width": 4, + "height": 4 + } + }, + { + "id": 5123855718486176, + "definition": { + "title": "Top Destination IP Addresses", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:network-activities $User $IP $Traffic-Type $State $Protocol" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@network.destination.ip", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + } + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 28, + "width": 4, + "height": 4 + } + }, + { + "id": 1840424163789940, + "definition": { + "title": "Destination Process Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:zero-networks service:network-activities $User $IP $Traffic-Type $State $Protocol", + "indexes": [], + "storage": "hot", + "sort": { + "order": "desc", + "column": "timestamp" + } + }, + "columns": [ + { + "field": "dst.assetId", + "width": "auto" + }, + { + "field": "dst.processId", + "width": "auto" + }, + { + "field": "dst.processName", + "width": "auto" + }, + { + "field": "dst.processPath", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 4, + "y": 28, + "width": 8, + "height": 4 + } + }, + { + "id": 44790517895590, + "definition": { + "title": "Top Destination Processes", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:network-activities $User $IP $Traffic-Type $State $Protocol" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@dst.processName", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 32, + "width": 4, + "height": 4 + } + }, + { + "id": 6589084141519102, + "definition": { + "title": "Destination User Details", + "title_size": "16", + "title_align": "left", + "type": "query_table", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:network-activities $User $IP $Traffic-Type $State $Protocol" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@dst.assetId", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@dst.userId", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@dst.userName", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "sort": { + "count": 1000, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + }, + "formulas": [ + { + "cell_display_mode": "bar", + "formula": "query1" + } + ] + } + ], + "has_search_bar": "auto" + }, + "layout": { + "x": 4, + "y": 32, + "width": 8, + "height": 4 + } + }, + { + "id": 8205966187394598, + "definition": { + "title": "Overall Destination Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:zero-networks service:network-activities $User $IP $Traffic-Type $State $Protocol", + "indexes": [], + "storage": "hot", + "sort": { + "order": "desc", + "column": "timestamp" + } + }, + "columns": [ + { + "field": "dst.assetId", + "width": "auto" + }, + { + "field": "network.destination.ip", + "width": "auto" + }, + { + "field": "network.destination.port", + "width": "auto" + }, + { + "field": "dst.ipThreatScore", + "width": "auto" + }, + { + "field": "dst.eventRecorId", + "width": "auto" + }, + { + "field": "dst.processId", + "width": "auto" + }, + { + "field": "dst.processName", + "width": "auto" + }, + { + "field": "dst.processPath", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 36, + "width": 12, + "height": 4 + } + }, + { + "id": 8588088349138280, + "definition": { + "title": "Top Asset Sources", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:network-activities $User $IP $Traffic-Type $State $Protocol" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@src.assetSrc", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 40, + "width": 4, + "height": 4 + } + }, + { + "id": 3951358046142266, + "definition": { + "title": "Top Source Network Protection State", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:network-activities $User $IP $Traffic-Type $State $Protocol" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@src.networkProtectionState", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 4, + "y": 40, + "width": 4, + "height": 4 + } + }, + { + "id": 8852165136650850, + "definition": { + "title": "Top Source FQDN", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:network-activities $User $IP $Traffic-Type $State $Protocol" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@src.fqdn", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 8, + "y": 40, + "width": 4, + "height": 4 + } + }, + { + "id": 6509420781057236, + "definition": { + "title": "Top Source Processes", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:network-activities $User $IP $Traffic-Type $State $Protocol" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@src.processName", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 44, + "width": 6, + "height": 4 + } + }, + { + "id": 6921995545111866, + "definition": { + "title": "Top Source IP Addresses", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:network-activities $User $IP $Traffic-Type $State $Protocol" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@network.client.ip", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + } + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 6, + "y": 44, + "width": 6, + "height": 4 + } + }, + { + "id": 8960629590747932, + "definition": { + "title": "Source Process Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:zero-networks service:network-activities $User $IP $Traffic-Type $State $Protocol", + "indexes": [], + "storage": "hot", + "sort": { + "order": "desc", + "column": "timestamp" + } + }, + "columns": [ + { + "field": "src.assetId", + "width": "auto" + }, + { + "field": "src.processId", + "width": "auto" + }, + { + "field": "src.processName", + "width": "auto" + }, + { + "field": "src.processPath", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 48, + "width": 12, + "height": 4 + } + }, + { + "id": 2267192419920364, + "definition": { + "title": "Overall Source Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:zero-networks service:network-activities $User $IP $Traffic-Type $State $Protocol", + "indexes": [], + "storage": "hot", + "sort": { + "order": "desc", + "column": "timestamp" + } + }, + "columns": [ + { + "field": "src.assetId", + "width": "auto" + }, + { + "field": "network.client.ip", + "width": "auto" + }, + { + "field": "network.client.port", + "width": "auto" + }, + { + "field": "src.ipThreatScore", + "width": "auto" + }, + { + "field": "src.processId", + "width": "auto" + }, + { + "field": "src.processName", + "width": "auto" + }, + { + "field": "src.processPath", + "width": "auto" + }, + { + "field": "src.eventRecordId", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 52, + "width": 12, + "height": 4 + } + }, + { + "id": 2626869851753922, + "definition": { + "title": "Network Activities by Country", + "title_size": "16", + "title_align": "left", + "type": "geomap", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:network-activities $User $IP $Traffic-Type $State $Protocol" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@network.client.geoip.country.iso_code", + "limit": 250, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 250, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "palette": "hostmap_blues", + "palette_flip": false + }, + "view": { + "focus": "WORLD" + } + }, + "layout": { + "x": 0, + "y": 56, + "width": 12, + "height": 4 + } + }, + { + "id": 8603664597574194, + "definition": { + "title": "Log Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:zero-networks service:network-activities $User $IP $Traffic-Type $State $Protocol", + "indexes": [], + "storage": "hot", + "sort": { + "order": "desc", + "column": "timestamp" + } + }, + "columns": [ + { + "field": "usr.id", + "width": "auto" + }, + { + "field": "usr.name", + "width": "auto" + }, + { + "field": "protocol", + "width": "auto" + }, + { + "field": "trafficType", + "width": "auto" + }, + { + "field": "network.client.ip", + "width": "auto" + }, + { + "field": "state", + "width": "auto" + }, + { + "field": "dst.assetSrc", + "width": "auto" + }, + { + "field": "dst.networkProtectionState", + "width": "auto" + }, + { + "field": "dst.fqdn", + "width": "auto" + }, + { + "field": "network.destination.ip", + "width": "auto" + }, + { + "field": "dst.assetId", + "width": "auto" + }, + { + "field": "dst.processId", + "width": "auto" + }, + { + "field": "dst.processName", + "width": "auto" + }, + { + "field": "dst.processPath", + "width": "auto" + }, + { + "field": "dst.userId", + "width": "auto" + }, + { + "field": "dst.userName", + "width": "auto" + }, + { + "field": "network.destination.port", + "width": "auto" + }, + { + "field": "dst.ipThreatScore", + "width": "auto" + }, + { + "field": "dst.eventRecordId", + "width": "auto" + }, + { + "field": "dst.ipThreatScore", + "width": "auto" + }, + { + "field": "src.assetSrc", + "width": "auto" + }, + { + "field": "src.networkProtectionState", + "width": "auto" + }, + { + "field": "src.fqdn", + "width": "auto" + }, + { + "field": "network.client.ip", + "width": "auto" + }, + { + "field": "src.assetId", + "width": "auto" + }, + { + "field": "src.processId", + "width": "auto" + }, + { + "field": "src.processName", + "width": "auto" + }, + { + "field": "src.processPath", + "width": "auto" + }, + { + "field": "network.client.port", + "width": "auto" + }, + { + "field": "src.ipThreatScore", + "width": "auto" + }, + { + "field": "src.eventRecordId", + "width": "auto" + }, + { + "field": "src.processPath", + "width": "auto" + }, + { + "field": "src.processPath", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 0, + "y": 60, + "width": 12, + "height": 4 + } + } + ] + }, + "layout": { + "x": 0, + "y": 15, + "width": 12, + "height": 65 + } + } + ], + "template_variables": [ + { + "name": "User", + "prefix": "@usr.name", + "available_values": [], + "default": "*" + }, + { + "name": "IP", + "prefix": "@network.client.ip", + "available_values": [], + "default": "*" + }, + { + "name": "Traffic-Type", + "prefix": "@trafficType", + "available_values": [], + "default": "*" + }, + { + "name": "State", + "prefix": "@state", + "available_values": [], + "default": "*" + }, + { + "name": "Protocol", + "prefix": "@protocol", + "available_values": [], + "default": "*" + } + ], + "layout_type": "ordered", + "notify_list": [], + "reflow_type": "fixed" +} \ No newline at end of file diff --git a/zero_networks/assets/logs/zero-networks.yaml b/zero_networks/assets/logs/zero-networks.yaml new file mode 100644 index 0000000000000..0aa57ef126890 --- /dev/null +++ b/zero_networks/assets/logs/zero-networks.yaml @@ -0,0 +1,184 @@ +id: "zero-networks" +metric_id: "zero-networks" +backend_only: false +facets: + - groups: + - User + name: User ID + path: usr.id + source: log + - groups: + - User + name: User Name + path: usr.name + source: log + - groups: + - Web Access + name: Client IP + path: network.client.ip + source: log + - groups: + - Web Access + name: Destination IP + path: network.destination.ip + source: log + - groups: + - Web Access + name: Client Port + path: network.client.port + source: log + - groups: + - Web Access + name: Destination Port + path: network.destination.port + source: log +pipeline: + type: pipeline + name: Zero Networks + enabled: true + filter: + query: source:zero-networks + processors: + - type: date-remapper + name: Define `timestamp` as the official date of the log + enabled: true + sources: + - timestamp + - type: pipeline + name: Audit + enabled: true + filter: + query: service:audit + processors: + - type: attribute-remapper + name: Map `performedBy.id` to `usr.id` + enabled: true + sources: + - performedBy.id + sourceType: attribute + target: usr.id + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `performedBy.name` to `usr.name` + enabled: true + sources: + - performedBy.name + sourceType: attribute + target: usr.name + targetType: attribute + preserveSource: false + overrideOnConflict: false + - name: Lookup on `userRole` to `user_role` + enabled: true + source: userRole + target: user_role + lookupTable: |- + 0 , Unspecified + 1 , Admin + 2 , Viewer + 3 , Regular + 4 , API-FullAccess + 5 , API-ReadOnly + 6 , SelfService + 7 , CloudConnectorProvisioning + 8 , JAMF Asset + 9 , Asset Manager + 10 , Operator + 11 , Service Now Token + type: lookup-processor + - name: Lookup on `enforcementSource` to `enforcement_source` + enabled: true + source: enforcementSource + target: enforcement_source + lookupTable: |- + 1 , MFA + 2 , System + 3 , Access Portal + 4 , Admin Portal + 5 , Automation Engine + 6 , API + 7 , Setup + 8 , Connect + type: lookup-processor + - type: pipeline + name: Network Activities + enabled: true + filter: + query: service:network-activities + processors: + - type: attribute-remapper + name: Map `src.userId` to `usr.id` + enabled: true + sources: + - src.userId + sourceType: attribute + target: usr.id + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `src.userName` to `usr.name` + enabled: true + sources: + - src.userName + sourceType: attribute + target: usr.name + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `src.ip` to `network.client.ip` + enabled: true + sources: + - src.ip + sourceType: attribute + target: network.client.ip + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `dst.ip` to `network.destination.ip` + enabled: true + sources: + - dst.ip + sourceType: attribute + target: network.destination.ip + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `src.port` to `network.client.port` + enabled: true + sources: + - src.port + sourceType: attribute + target: network.client.port + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: attribute-remapper + name: Map `dst.port` to `network.destination.port` + enabled: true + sources: + - dst.port + sourceType: attribute + target: network.destination.port + targetType: attribute + preserveSource: false + overrideOnConflict: false + - type: geo-ip-parser + name: GeoIp Parser for `network.client.ip` + enabled: true + sources: + - network.client.ip + target: network.client.geoip + ip_processing_behavior: do-nothing + - type: geo-ip-parser + name: GeoIp Parser for `network.destination.ip` + enabled: true + sources: + - network.destination.ip + target: network.destination.geoip + ip_processing_behavior: do-nothing diff --git a/zero_networks/assets/logs/zero-networks_tests.yaml b/zero_networks/assets/logs/zero-networks_tests.yaml new file mode 100644 index 0000000000000..7b7b6d221186c --- /dev/null +++ b/zero_networks/assets/logs/zero-networks_tests.yaml @@ -0,0 +1,13 @@ +id: "zero-networks" +tests: + - sample: |- + {"timestamp":1735634130990,"isoTimestamp":"2024-12-31T08:35:30.990Z","auditType":73,"enforcementSource":4,"userRole":1,"destinationEntitiesList":[{"id":"c05d5f20-89a3-4948-bcc6-8cc6e2aab3fe","name":"Test User"}],"details":"{\"publicIp\":\"163.116.212.44\",\"tokenTtl\":\"2025-01-07T08:35:30.000Z\",\"idp\":1,\"role\":1}","parentObjectId":"","reportedObjectId":"","performedBy":{"id":"c05d5f20-89a3-4948-bcc6-8cc6e2aab3fe","name":"Test User"}} + result: null + - sample: |- + {"timestamp":1734584254851,"protocol":17,"state":3,"trafficType":1,"dst":{"assetId":"a:a:VWW2G2C8","assetSrc":3,"networkProtectionState":5,"assetType":2,"eventRecordId":43174318,"fqdn":"dc01.posh.local","ip":"10.0.0.4","port":123,"processId":"1056","processName":"svchost.exe (W32Time) (1056)","processPath":"C:\\Windows\\System32\\svchost.exe (W32Time) (1056)","userId":"S-1-5-19","userName":"NT AUTHORITY\\LOCAL SERVICE","ipThreatScore":0},"src":{"assetId":"a:a:ka62y0mc","assetSrc":3,"networkProtectionState":6,"assetType":2,"eventRecordId":24143201,"fqdn":"fs02.posh.local","ip":"10.0.0.8","port":123,"processId":"1072","processName":"svchost.exe (W32Time) (1072)","processPath":"C:\\Windows\\System32\\svchost.exe (W32Time) (1072)","userId":"S-1-5-19","userName":"NT AUTHORITY\\LOCAL SERVICE","ipThreatScore":0,"envGroupId":"g:e:zUnrnhfa"},"inboundRuleMatches":[],"conflictingInboundRuleMatches":[],"outboundRuleMatches":[],"conflictingOutboundRuleMatches":[],"reason":5} + result: null + +# The `result` field should be left blank to start. Once you submit your log asset files with +# your integration pull-request in a Datadog GitHub repository, Datadog's validations will +# run your raw logs against your pipeline and return the result. If the result output in the +# validation is accurate, take the output and add it to the `result` field in your test YAML file. \ No newline at end of file diff --git a/zero_networks/assets/service_checks.json b/zero_networks/assets/service_checks.json new file mode 100644 index 0000000000000..fe51488c7066f --- /dev/null +++ b/zero_networks/assets/service_checks.json @@ -0,0 +1 @@ +[] diff --git a/zero_networks/assets/zero_networks.svg b/zero_networks/assets/zero_networks.svg new file mode 100644 index 0000000000000..b9c57c68efadb --- /dev/null +++ b/zero_networks/assets/zero_networks.svg @@ -0,0 +1,8 @@ + \ No newline at end of file diff --git a/zero_networks/images/zero_networks_audit.png b/zero_networks/images/zero_networks_audit.png new file mode 100644 index 0000000000000000000000000000000000000000..6732cdf2bab72cba102489f8b49b8bcf0d190e44 GIT binary patch literal 117737 zcmYJaWmp_d(+0Y`u(-QRf(4i04grF@+v4s{ki`=`L4r%r;O??PgOlLCxVr{DJnwhT zb^i2BS655jRV_1J^+ioZ4ik+G4FCXO%76Tz0RSLF0RTh+6ogmG8YY+9>mx`_NlRvZ zeH{P<-akCv-Tixhe)+ZXM8Wd@=>GKO<%QI8`t0KR^z8iU>FMhFW_4|CWPIxI=$ML{ zW^R6AbN95gvPMAAtN;Ks0QnD+TE2@%*>UbaL`Y=qLNOFS(}d@) z&`Q9(kDu1y-x1Z+939%dS6p%mWWp0^rq0j0P&Ym-30Y@-!TjS2eV8bDX{AB!+ri*>`v$jUbrdND+dSDs}VSOjGR z;Z)aQTODir!c-E5zU_Y_5CaiuH&p6td4EstVHEiAN`kE*j-s;|;ooB6^Q`#|532o- zF9=ku@NnCK-Eu`Iheh_v)=~`}@#aEl8x!&b{iiD*Vpk##-9{5+;A`&AbX^Rw0D7qo zQ#Kvli#Yl}X`OM;=-?NzSnvL8@r8w|-_G(Ke55?l8Q=AzAW42p06G9bg}qS{)oGUY z+?XE6b!G%>ua|3Xmx0k@>Opt!wm3Nf01=bN_JxSA7HUXk`kV7`_`R7Bq5ZitB3OGJq4G!2g;GRaaM!96AbYE}4`8f4Z|-dVgJ2p2O?%7yIti z6SbkTeiYvpRhZx+hqwTfCKhR3)v zgsa!FR^i{PaGV4-UnkxLX_iK5br&aylHTN4&LPvhFXLFxCNgtU2;Ub+00K7@EsUUU~sF z-@@nqF@NXIXo!1{o$i-S!meoUC`RQF&}*$2HMe>>{5ujRGBj*!M6B9xn~!H`I-DAE zQo9&2W5EI+D9&5Z6R>u{#IR_Xu_3n@7s@^mAKP>Cn_fWCQz%$199pAnj;JODz?iju zcWDo`roNPJ27bFzF1MuOP~KnFhzg#YoVL1G`(12z5aWF^bKsBIaX!^e4!pI-nRP@= zr3`P>)crMZ*;pY9??5KW<{d+L{4HWi4m#QC z>+c27?pm@;$gQmEC+&*GU1cW9a;=Yy8IXV;&S-AysL!)CY?1$2%^0Yad((08etG1E ze{1tDfi5o0Xy}cK!Gg<>K0wAess0g`aE)ttb+DKgcrDVmE>!%r?u`g-IkE-#MBr+w zxxEz+7hyvXr&~)K0wN&6G=Pc+Ss6Od zR$HwuH8r}6@O$~(jwQ5&@OhJjgiWacyV&pKiZhCet7VWT;i^-i9Y}>!{}n^ZXR(Dd zHr%u4?S`|61i=H*;M&ds?-jTEI?@=b(C?}!0z1bWkudA7OUnQ^-`-stM!#&=oZNj@ z5Y@L|jTeQKAu^j%3MotKW9nbk0@5U)wmqkV@HtnE4O4D= zbu#@Z`+dxy&QY=PO{$NT=4+LTc2k?y78hX|?lM{$m%+6kS)#!l{Zba#(Qb7!Z-15L z1Ea%R-Oh49$C&+_qy11jiClRDpi9gTERec?8Pi3w>5Wav9X%@mX86Ter-4A+&rx#p*`d^?|m#JJ>l2Ci$3pDfT?rl=xlF)f4>9rd^!3raS{f0W2LJtq-ZA(9$$7F$WAtlswA6bQ*W6sRG&}-szRZ|l*=rUvjcU8 zts}|bvKeDXJG%DC7KF5Xa|Aa`7|BEm5BTjx@o&_>{ zLSQ4pJeKp`*cxo)l}%LR%$}qye9e7Ws*h372Riv|UqSXdVP~$Mf;f0S?}bmt=(G_wx@?!q(Czz8AdBSa{2NCZ>65@^K5>w9DinZ;H^ahXU7xY zUJ_+8AZCk|$^H?{Y%`~1!)4}WK5j>ZlX*CD&ah_NRoEx2tzAy?g>1Q8i7{Z=sD^r5 z@|rSRTCMtI$&OBqL9%=6Bp6P4c0|pCQ{uicR5CLS5d~^FxQRZp0oJ<2bij`xl?kGe zHtMY2yGu@8E0=x?dQPLwT`l>@^XM4FBOyPj10UTocO!-xLU^u4<>3vtHUM<`U_<#M zpU2%`W(eSBix`OdMb9mw`Rnx7zk?4cF(*c{6{iPkIg4^tuB^r~J)|9mK*wPoEbFho z^+FQ#D7f~tdK(&c54|)HH_B61equ;aj=P=!AbI!G?l}Q4OoSi5G_0#jkZz3|3hvK^ z@eh|%^1oMQ`O_aDLuC-5GSp(KY)FG`wC~_7179(s(^D&!9vygEf8jHCbqE0#C)Gsf}TH>PGP=-2Ya1 zR^Z{uZ-WEU{N~D% zq!Vga0}W;edrj;9Tf%^@6-@-__qagrzs7)HF(C%gQlqBS;Nrz_LKVLO7g8K&Kl)k1ABu>;MfMMW!_`L<6A z-X-62`GHGov$dnxp9~d-XVKV-B#g}VoErIfwPcT(gZ6R7W8^>=5JORy8D38oMF>-a zN#!ck3tO-?kSYl^2PWPD&i=%EH>}Yy1Mk4NA_+q%==T`bTI{hY2SR6K-#BJxm4pWe z_Euk_y~Q!v9nQH=3NjZ_j}+eUcdEWBYv#CphC zz@=hsi3snoo2pnuO`3~K*UhIr;xUd)V>g9_O39XEoKcjIx#*p; zbYdASrAi(NJPA=@RDdRFNARtuncdJC5)}QSO3}S$Dq$X>WluahM}qYfr-|^RAt4T| zoaYW}i>M!C6*O%c0f^TR33|kOLwva$*2s^tm5wnTh<%K1xn_d$f(Gx;HWq!pyhZ7V z31z@*o6uyoPmyNf+uG7a$p2$p?S$q=CRU*4WxTuY;ZHCU4Q;BMD_1uMa+;72>5aQ` z(qH32QR5~{pIp6qXLcc{;QNNG)UTB4-r-bL{D9jX|3)PVZqtdog1_wtUpr^_=Vm+< z_rQ@!nD?mg41$_E!^k>Xz#J;fs~g$1?Fcux#j-j_ssM}n{}d40o2~%BLWLQLi{>hm z(75_pF-f*yI`v;zCL%3=R&grbm+7_%NBZ^w^IQ>F=5>t`v(ZZW5%&GUkM2F z_DMi=9tS}{?_6Dg5KkO}YpZiopk89SLBA+;3{J`pro32No>~Jgcef#V2XsgtXdLmV zCr=*-uuLD5#_@*zE^GO+A$wMoYoaC&NSluh>YroXtrq9W{nBaK5ab06Mm`g^Qr5s7 z?!NTVhGjI;IpQBkuv`4ZoRbLXC_LRqcr!GG#!ALar0;?zuw{AFxkm__2pgHKM$=1T zYfU=dUyl6i8W(0+KYZl*LDr_(ygYpSTpx3m<$`fA^|F#cj!j_mQ9Y=Q5xoIk)|07o zpNYB%(U<`C`2bu>w3O2fDlkiKaQD1K9AAyRAn+43)S$_{5SlcqDXjP`VT}(VS93OM#q4kcljOYfI#F1t_zfhG_zjWt0b}e&o=sG z1^Q?au2|bk;qgAT>s@bR(RlB0O#YR^P!< zD%erDw=mynZCK+2#eoy_ z6wR0VZ;JF|lbhc1S`_x3t(@@U1R&=PFik)yUz)fbm_pHGj6w=b3&>&H1{?B_y1OWF z&yiUe1#n=*cv%CQ%2jk5NjKOFQcGQsS=#5_RM6%Jz9O8e|0}H|x0nN?wJs`6YRD$l z7Y2c2fF7S^C6W|U32M&f@qZ*!nzhp746J!XnQFHc(^SNe^8O3u;9APedk2aE9Fgdk zp~Bv(ZlqSC>G5f%?sOv8Xm;33DJ2D9!xYAIYHsM@Rhae;nz#8k0SrZ zwvIK4{?rJ%E_n=V+_U}+-Qfp60?u@zFI*V*W@0N-awCTvyQ#$B1(e6O;y?j`GMByq zOU0_&p&Up?+9MtV7~sM4PsE44pIG~EWW|2QQQW=ukdJ?8AziTrtH%PVFUvU7Z}~*f z&L}Q4354ZG+*ym09)z1<>0V5h8oKc-3%751k8IRTNp>9!JGOMN4y!oW6XyO_!fkr0 z{oB4cIdV&B7);f)NS4;f5`_dDBn;uoY1cQQZ@!1D>hs+^X?0}513Y4X(w|2(6@9LkX&Gyr8-ssKgq zzA{2s){;zGR}tGgDc_4jeB&0gi|VAB^X?;Kbe}Q-VkP!KHQ~+>6ltgK?E{X$(Y)kXc!U8>>{S{LHZ5Gr_az#XN>C&rP8wt9EQ6W&-kMud)w?hz$GS)V>FZot($zrwv$H2*loa z*ZB@-5D%C+sS7KS>ud~gO^B3D2>cK)4Gr%=P7gS0%4_T=a#q|lJNsI_ignYqw0F`z z*ZiCa8jxNzUeu&=Erl}(a*8`ijtr}PZ}O@O{R$$=(^=oMh`>`+z1e#V zlEQW~UmJa3ZYV_G@Ao@$yby`IWT+t#M2#_au5arLRB@SMJoBy)`iI~h^A*wi_ZVIu zhTuYPZB0LTecdO)^b6COK>+3_uve#4ORK*DesbEe&#VE^A<7-@{Z@MC=;|^J){u&Cxo=k^f!R`z*t0ul4$& zteB3?LaO_N&=ZMu%utUJf`Y%K+c=%nVFKik>EX`$vNX zcw|>WqyQ|*t44><9r~Mtoj{VpjSO(#=9uvJaWYWH;d}sI>u^(qH=nZsqeYHmNF+W6 zbirF^vX|6Vz3t!ZpL;!cK$=uEAHvND=n0d*)3|faJYQrEZ9eI5J+!+M@L80I^Cq3} zitbNRT7NoGAruv{2MiYZTP6w&`&)6?B*SR9g%8PD?oY-<+r!l-?F?NHs+><@`6NDG zCbX-;tL!fXZ1Rijgc^L%sn^H+L5S?kZTDbTl=v6Tt`xd0P$0x|P9spRv34yA)&!|E z*ek=>oF(U+QfDywg`=nS_*=QyJpJ+4zHh zjZTuZ^F;btvsIASkzL-VxYo|rJ^OY{wtJZJ!cM)+%I4L$P;d&kx zfbw4;5bYt43K))uen3l;pfO^AGl)uR`>Dd{7bDFfu}p(;)9*ct?3bA0jaX(sA+D4OGB*8(pW>+Yc$29@D`P=Z0{V+V5~XC6(yk*2h2&#oI0ti zi#qdUZ3Fa@iE{oLcIg(5dllPNLD8%oH%`!=R6<*b9&LC*uM>&*K=apLlF9CGcVe7g zv>1DXdG${sH|y#UTX0WS{=Cd~Sikgj~_r-YR!vu^RKZ(%C!fQT74*KOW( z5~coqCsx~~3eh_D<f>X@#1o*iLU;G=9O$zUY}ouD*_hlRNO4LRM@ zmA-(WDd)c8{=v!K=co1{*klhUM=lEl6*N!EP0H6(Pd2#lUZ!y=vXk(=0t6>@scq#) z|M@%eZ<;=q6%=w&Ka|ignq%V%0RNnqX7x8}9h+yJRq9NH!A%$!l-|v5-svT8&9VtN z87$N!R`@Cq$x^h(n-sqZd@X;o9GZMGT01%MMLx^N@U$sK6S3v^_~@W10qle#0F`5_ z6WSTs;LmsbhzK%EhiVJ;r-@_GV!bzC+W8jP=Cbx)FH!dL^K)Qs_F2>5Q+#CZtf=v^ z&HL%ogFI>tzX>|QE(CAc%o4lBw+57vP0HpBMANoJ)~eRm`vj?kXX^r}>encHwiLQ0 zZ#({A-?^+^2Pah4I39P`d*5p*kT>{NQDzU8GBpOfe(z8%Hf(8IEyJ~#IgE#fxz_V7 zB=+d=n-IgAC9#xeF>zemp31p!OXgG@9pD$&MZ&deRq{s zC?J|&9(w`wX`f6I>HXgdtO|N56psoCR4RDhDv3!M*6MS1xWWLfRzt~jOfOEebtb!m zGdo7qFywG$BLN@s8oaV|nv}+WRMoENP8Pwu;`Z@R z(M#XEB@`uy%^ag$I*X9-qqOzugrreSdvD(I;9FBHJzgodJ9Cge?L<5ic}`i}wNs8# zer2NOeBF7o2%bovS-HgIk>}HT&bn$(f{~Ze!VH&0!k}IzJ=OniRX|iq2SP+Agf%xe z`w%0Wd>Z%<&i;_?(V6r3%Bm^i2jP-|Hr9T%`gU$Q9=FT9%N;ZWqsb(<=wy*t~ z_UZj(Sg%)7m)V}~ccR#~Z(SA|FhtOLH^R%%=E7|SXO0wXH`M@}9v;E(?6JOr#kGV> zguW`WYBMgj5%Z9{s#xXdE`9nx{DL(WUSNqg$642OprBwhV1f@q*UmdP;)E|T%6-I` zeSxE_&L&b>*#O25uU&+kxkFB#P32)nZ`{U=gZrk<_yo%t#MX_uQ2BU=Py||;i6}gX z!%r6yH_EhoBfhA>_I%e_kvQU4w@2u7PtlgJZZFrHq7+7jp>1tF+m9{3^ujT~dt_&E4U zWEIP{?@Ra-finZ3jMP|}#bBG|^vx&dvCOru>%|>fc`sOtFPg6JPflkEhFAMEN zl!NN@_Q1EaVVFHAg}7sQT#E}YFFl44$9?j<>-*^^mZ!7(&cd|COwxmcCBE~pNWm#3 z+W;m)2g48-NUnJ-7WPafmB!>TPVJH$AuM#l7MJakV5&tR8vR4{PO5vp9#e7WYD=gb z>Q9>!>VQhgN=6n=^@5a{*^ICM3Ht$-D+9w_n9`}A`MfcwgvimjC8iLl>|k%K7(25s zsH{lc_(()`2vh&6vpBr+9Wi|oF$eCHReLw z=TERnkg1V>8oNE2E4dHU_297?4sXZWzz;+o5=c4Uc5O2(Qi(Pdh2euaBD2)hJ@O7h zIGVzb3FxdxKmLdH8@MVXoGW#Hh&DN`h?{-7LlsnoCh);d`loDIBOWwRns}2Fza|yS zk)>t@RSl-ZY}&E%j>`r#E48x)nj$_?rPict_3Y z)PW?blYt0yBXl<|$VrrSD}+GmgVCE0~ z4L361bEU9K$H_{5DcFBF$RAkOWZJ>W4&m|OYS}9izGK%$zC~Fu$39n+sy}?PmB@*j zRNU!Q>d&OY%QB;MEciZ+sYLTgPJ^Nv^t^VmGl@-Y+0ahn_X0aajKw%3$P!L)c0`%q z1~Ge(gdDV}iVPIvo@ORqx|ZMr5v+zJGntFnnuNpYKO0-1@p2+GJ&-`5Atc8XH$g`Q zM2gg|iN+zJQYn<5FL8hS04(wW{K%YxUKa>jetfQPeCck_>=5IOkbO8^YrYR~L@I*= zSqPU&ZBO+tBw%M;^Px#!NMcmj-UjO-ye>6hPsH_z42cej`Za&58sADG5Xk$-JNU0b zNJx4B%8W-IU(?cu3-c2Ml|RCHzwtuFJzJS*YH?(Z%f&x{{gWKN2nmMHhD$>=u5&<% z(DK`#sAk!TP+?0y;3{{a9xgr=I#L)%-q%XC)sIBb!~8703YIX5msnzR!~`0fiXi9` z0C)>J_y~iH_=|YNlLppab-uxQ1``K6mDm-oF+O=uP3Q8WMD4Wr?cLo523S0?VIYV* zc=IXqquKqLDM!-_qr6V0_8xF{O;wmc(?bUvl4GwHOaCkqA`C+U&3Yo5(xg-(ao3y{^7YMcbxlDO z9a;zT3{>nc-Mp!^5LtWyM8rp=?YmWNdgL_}y%G&P`(O`=vRN`c5)?fsp6oe`yHds> zEmaHEAe_I2>m=~8~L1+6!6*5Bee~#+Kby4(euN#6> z?8wDu@C(nZK6CpDfrxKsGUt&P3$Xemd%iQsc42mJ{wzd&3&SXxZDP%5f|zF+WvWYX zkCPH{=^%(;Ha%59H$^5&f_L98A>|o9skl>y^X3q6Mw_Bq>#+!LjGCij<;|o+;~Wu} z&BsBgX%B*kD3d+cp-hgo?aJ%mR3<9wx%}BKqHi4+dF3c;pJDt4) z7w=x{oe17?tq)Es|8i>Q&DZt{{BJu70auuA*sqEA&U9x2Hv$hxHrqGutAJ0TT28&; zGo!^DJs-L&tp!_AlXw&J5yBdk>&CQO|DHr%aD^Hs5&b#D#hUUcoYUqfU(Xzdfn-an z32HEU3{V9SfIjqZ&&RiNncH0KGv9U4!?g@OC{YF2eN=we_Pb_19f_9Op|6f3Vq|oZ z{&e>`t3wjF7QjWRCV-yE(c4nYYW^CKuO7=c>aJO7r+%aiih`yeT>o6C&APQ>eKw+n z{N@oo)v3&#u3c;Ld2%NU{-EYh$awI>BWp6v8zm-)e%T?jc5e`|rl0@-pf zyQUBPd};_lrkl1pAZ|{*YB;^FDm=6qVqJ}!(`yRYi$t*jE7s+X_NNQ-IvH8=k z&cOt@+IDbJI1n()WbvQG{BS&7=G6t1eKHGPIDsB_hirzKotb^d?#b;^u(N7z(b{kR zJ_Ih#209P|_baiDtrd76AV;C5emPbbl|{ zB!6qs%;}&iRdk2M^?c9=OmRqjP(}!dLsyZh_BZ0ISJa@V54p~){X-+)uH(w0Ycnm1c@_%9P8BZ=L8{ zZuP$x7PJ?j^!Kpga|QF^1h@DDp;VDJ_yCUtOG7!CN59+9;WZBr&Q8~Gz*;3aCf zxFYN+nb`TbSQ|xkNtf8A{aFOs8fM`fn2UOgqPI;%y>m)%6`vrl(i59-A8x_M<%v#NNIGsbOo;(5<44> z|N61<+wN-#Ir!1(p6}H~@4L0Zv?kiz*XR>-|Pe-#J$F0n4{u_`{K-j*v z?9^PX3*+xrXsTbP%oH~w<2Yz`KIW(gdlqOEKiU3s`Qj{A^@+dC|0H)M$$GDtM!+S| zdo?C%b@abWh3m(?Qmi z@9h)aHOE&120Z|Zq@AfQZ=Tixs#OKa*&1sNM5imLT_DaCH_}`!;r>hE#GQ8>=l*6j-PwGTF#u?11mvYe_P55F%*Z?=XAjV__-(5v%<=P%1LiI7QJ|PK320OnP(yB zw3GXQ5N8MOC)n%JDs%oGu>5ycW_$Q^Q&u9*${oRZ)COSs>X1=a z2Gze+0y+TJMyh}gVrnqo*du0EL27);BTcllb0iqk!-t8w!#Na-V>!SW<~ugexPSIw z$Kw*kjV6LKl=E9=i1qP{6tMoD_0v0}EZHV5E~!uaQUWwYBMwjQKUsBG_Zw|(#^ws%&7svtl$eXJB9KB>j2 zaf3?5_{MSDoLbQNsJsP74VW3u;lcz_+#r^;8^k8yjB*`ssikG#?5UQX9BGu%nUi$p z(`xYgc&2g~w2IUJ5nvqvAnPTXy%hRlP~KSjZzXFkVcit3yXbrK;&IiVoOf^)Y?Ciz zlHUJN0gAM;@sMWC#D#r$JaFb$dE2i1@^b6l*GxP@V>ATXr*1@Ft1-lC7fO-xSY6NpZm1 z#Ki8tGG=x_C-$cySQk0Xk|M~UHxjo~ClopLDyY$V$qm0rDoue{(YFd}8V5x9vKDD# z-kuL7{m#Dcoip-p^xw|4d0Dk(PNK#~{O{)MB>OW$tM#-Dinv%_EC8i}5EBl^rlp`j2-xwi~JTc~( z&w_6~I@0%W`IGL=Fv~w0dZW&-^gWC02#T{H3JC9i8jQ1T01h28$q6c*zJm~S7eaqU zV}fJr8VFXQ^!QvHc6zxa2z(zzI~uslY}MfLDv3~TqmVCm#&?l}m{mXJ)Nxqqaa$TV ztD>n81EmCr{~VKJGRIrD*mY)clSO>kP4X{>B1c4>F^eUXL?>T7Zf+HWoaL;twRcXZ zzTzF9p_!fFS?+}{^9CK3!FzNnBPCs+_la}xPo7|5FWS80vvnA6`Ldft=z z_2Z@`Vivf=S3_V$=#zA2mUGEQOBq5Hz*#>N)TXKRma%^Zm<;}-^lSXEyV1x5AuaOL z*e|!Z_-cwVoNtBd8#|1REdIOPxRUnj+m#az$FXZ_S2`D18Y4Ce`Q8%g(=N=Azpzw+ zqka!C>sMN=PiTF2@B1)vwP67grIX?VNRQz_*(0lhLtz7M)t0Y@F#HB|=vyW}y%AyT zEEB<#VmHG=@O5}h+~K*XU!dUt_qu$99dq2W8q6}Xa2rX}AWiCNDAEa(mipGS=@ScE zFbpAl2|a-Cq32t z4}&?-oj-*yxCUD*c558XH{!||#h?e*S5Cna?mdP6-%OQs|B_df>c7b+&>tjvogG?ImKNBSCPeu6VKqY?)J zqoK4XMnc!P0))xorT`K-Y^Nx_l+~uibZf^fd)z*@Y71E7h}n6#61WD5Iun;Q-$37G z8$~Klr~7tK`RB}#mHdle8FU-4DqY{7j0FOd*KI5TtSga|&rWChud4>QXIVOc@Q;k| zx{5BUB9toAo(edFTPy~Zw!68u&zbea5CkOGhyq}(3WTuHVo`Me=9M66ls5g~2|&|A zg%|9*ax}tj@vLDCM*1T?9ZidgZO@k^|GZn zb|oL_NdTerAO3cyR#XVXyIW>tn@e$ZSWrV@n07ZS%A;Q7)_5^fs>4`67=5oWCn; z&`yPHs-4V|YwsV-^p{q$ZgYjPMqf`UAGZl$yD}IGZ^4qKW+JkXrg)3UHWEvSj zMi!K;B1jsTgcyI_kA3U`HX3|ls!kF6(^j}(Q=j*J@&G4$CQK^GZtg?Lxn>yyJucBt zJv*c5Y?yCi2R$In#a<^7h^a2opfFDB8hilN3(qzg+@sQ=NRI3&1|1MD0?^ab^uu=c2rCAUN#E36}2n>+}v z2i$sRHjq{8ZAhcnetH&~t&W8{mtuUe-kLYSPAhAP$?+;mAJ;SsM1p-g_|)j$X^8|} z)>oy7XW#fkpOjaaY>mX(<}$3aqljW4Pbc={*EU*=`E4=db&>P|RDnGxfqLw;wxF72xscbr_z)1l2IbJ7 zwD2x&1NVV@NUO}~Fg zx*Zm*?(pBa+A=-LM)xQaA&wwL;raSNN3lmbts6r<`0|3@-HE`&WYG9yvI_YCtj3ha zIy*k*(-tU(9my^a)k$vmNV}}%hX3X}h9>C*MYa7P7$KD7_^ngbq|^SL13Z6oCzBev zOf}CH=S$!dD^oqTlE%iPna}4kY$G!oC`f`#VZEcV#9b(j@1DLBBs$w?=kSI$kdW$B zgX$37pwx@e@!1nd^jGH#MlmalTPXFbDcSKi=iJf2@SlAO!g=+gVU#WEkYg8tyAlANH%w8QG=k%WmUIZZRR zt)(^6T=@M+S9Oq-sH3O0x!?9{`!&&FdVNSt{+9txAhtwpcG@6RpW19-*36ua&ZJG} zUC7{m(r|k*ESyH=5Ijs^PF$hIqjrb=xFvim0H2~%Qh|O#_Em>UpF|~>o9X}E_r|sG z@7WkeB$|s?nR0JWCUqinxxhGv0(~<8hAZ)TaR}q7JAy@ze(Cy*R(-}mXQ}V2J7LN9 z1zQYR+Xvkri>a3ajH75Mza`2-UmoTib&YIT7J`zuZ^9@&?px778%QfjS9u600sTy2TvZkO{ zO}JHxvNGxQ?&e#@1pHu}^u(cq%LIF}nPj^q;;TrVXZg(Imo0sU4>*B4;%r>#l32WB z__)j5dKYK5AD6=-1|upLAf#uFU3vXN=!bt2GeSZ*;*piSZ76NhFPLJCt-OL0`L%oO zAO2za8wY-|&cdXPy4bysLB#H!bm=4y5Hu%{mG+ml?`DE6ajx6zd5t}Vq$zt8J)ENg zVD*SCRMC?{l&SgRDAErE-in+F>_vV}nZ!4Qf!qTvq}YtlYT_5m#U(QKw^qwi0<#%K z%bL5JK;5dtI)q}z+W-;Bk|AMU=;k*BF%y`?yxj`Yw%sOB96uIWqzvHUaT#j} zBa{{%7LBE=^zo4vh8S3;X5^pr{aVQ=>5Y!(B^q>EBWuq%5x;W!yJa1^4wZ9*0igV7 zoFni*LdM{2>4I04$?BFj2hIT*`BBfdC~Gb!%@Wo$Gbe`lXI?Xcjrrv3WpD@*L<3DkN(b>|v_)9iz1n8k zR0s}hf7BOml@ICoEH@y454lYDk>TuR!dpoq5SOs@kzUM+&W$@crty2m>QdaI=|zAT zpoz%7HZk1Nj=(c-VBAVI)9vv1)a+5EWpexJ^$$+@pa(l_XMWW?KI^1*DSvk+J9+JS zSMVt}(D#-<;F|v)E5{!SfXXwu`bx{@i#~SJnHG-xDILMd|3pbCu;qZfn{;qkDS-j; z^#2Gg%HHGu6O)bh&sN@jmt~7dW@b%npmyXh5HN)%rOI7?r@b5`YT~gF1-|S2@mJWl zD$zPvHSmM$3;%LG0&U-v58w$5-<5X-pk}Fb>2cH{GvdyVO`=KjD2H^&g&gHSy$h}DBqPl_YHlFWq09xwJF1%Nr=L~jdJ%%7GY8%h#>88%UnXjL+^LC;;U(juHR>{ug8lKqPrhpn%u# zK>*-?r4s)|oc_P1G_cnLdZtN z3*0(i8?9gChm7EKneWrC41s_h$?Ski<(zMb9N*n2IKGntAna*cicFUuzucXQ17NJB zN!8jrjv*HPu4G7n(GcIEpM3W4t#a>RAfO)h*?AhJMxzom2!QTuuJI;axpOXl9ppw^${8)X{8$wAaFf9(?aY2t9PzrXE`8~yHmNBHo2)A6B4QWblWJ#qtvHm1w6#cbbg&o@fYa}p{Y_E;Ik4$YCF3L?2=EBeaN2mt+5Oa| ziso231mxf}>v{iVXO_OTgu>~-^^TL36X0>)J-kFm~{$JIUDL$|LJ6&v$a zLLHFO;vo*}uSUQe9!9a0Izb#__lue4sqJcsH4yzx4O z{vxNlaXx0Dn*9U%?)ThHMg&plYD8#?1w1TDH6g)_5Czr=jszOPVkoY_Y93M-{iCw7 zjq>KC!E$AkcOIUOa5d97IT9|{kEwk34&de zu&!x4dkLKOe-R=Qb~-e!^$`8uystNBUR$k~BAn@CG4tJoT;8YLer;*y-{yi%j7-sW zklXf4+m$M@-o+Mu9Kvi?Kmt|^E+m7~VnF2ILfvc}V2J@K4(H0Sv=F0gV>FrX)Z4(n z-JDvXwS>O?NxjS`BK0bk-SklYz-D(O> zUwP{`4=b9Lm_r{S0Rf2r--iOglEx`JVoD79AM3xS)s#blYMn7GX7+RCl$;7o#dx94 zlr{TNy_=C3pAUeX__IWFKj>Z*r$LY6C})S@d34A8L;ST_Uv{itkc(Ejdb-YH3}2Te zN+6bu95gQCBs?x=$1wT?ZIwLTwAtO5F;Uw_RYp8=G}jiZ$k;UTY4z6IOJs3lpv)3J z1frPzPikrq2CQNj8VATk1wB@wc$OlRkcpfZ`ZfZno4kZTM^_ZCED6_#tI@_BtHTstw;^k-aeLq|-+<3AotDM9PaD;{d+su( z=6prRS3wgl8J*f0T@__>=T&!3Px%{nTN`r-$QXc@5#Z8MFm7njcYwqCi5FXurRvMX z>H;U@2#c8>&gvHeT*-1CEl0Mb-j|mM#&*f_!25NZ#+x>S${8Hj!p>G7e))IQ66P9= zc24F$m=y2`;eXSLc^STy9EpRBTB%|?=-dzJM5B#V^Gn+(ho=TAn&q>AH@R-C`tUxI zuRDD2rAto5M6-T(DHF6iEA0m#fhXRD~X6}9d6`@)i54+>HoY2+~N0fOLZ( zod*!2@oUpl*e63m04#TguWcEg+ z-U4GfH9w~N=qDiCqF!PnC~uBF$4jTJTY_I>J2G~KDzp5&*vg`@U$A?N771r$*?Ka! zskdTU#CW}3bN7NZlF)0fBDy6A&-_S$a`>ON#p@O=oJd`nZ;YX{kSkY`6i+OD_iyq6 zpE0VkN@Jo$Q9KL9oip0%rJ$`x%e$sJ`pYO?>G97Wm1QR{F4Ym&=HG3K8k2+FW_t>4 zVSbKCSR@n+@qiZ18+L7y>9~k9e*=av1(?o5XLu3YrL0hgt)W~t(MpZL+Nqpv_au{M zVp|lx=AGqQ=SEyIF8wHP%UsWYK5{`YVpj=sicXicoat&?)OnVvwpxBfMV;Oa337P{ zWyT21!uDYEOOd@3{E7vs$x`Bv=kk!*>j5&N+VF*AW>tmE@SZy|*{(81OQ1hN>F1cu zy5D-}43Uh}&oNku972uEw)7DRL4%-LCTXmrEn!Xyo(mEr45!_%V;uevr@&0$`w;N<2LJAhN*uzdM$hcX(yDLRby{3-yU$a?-M3a0xu)LC}Ef?_60S``q&r8 z+1he$m%}9KhHEtvU7flWQ#t*uzDH&ug)&j2KazA4u}|C#H|{Y8u5)Zv9T%hYYrg(+ z+?fcKVnOmkivL`+nS`vExl_Ule=gTcawvh5pjaT<{mRIv-aqZuZJ0DoS*m`#=;JA1 z8XaBsFhU6Ev_3?tw^*GhO1>zL@T5v46c`nt|0VUHpHSD4?5i_0rGTTkTIu)4srX`% zuJ#nQQ%{8E_|!`kL}9DQpHhMH@cYMw8avbP%_SYJcu8!Bnu37^-H;t}i2i5Rs83kD zadOKc92}M``FY%;>ZAtzos}@!z9-Lhb+z73KG$Skde%KzjekGUu;NPyFG=sS4?R|! z;rEpy^zOcoaq5*nO_2RibRkRCCrj-oKx}6}ZFZ+!N9DBJ>0p7xEquw}CN(SwgIj_cVos_d*us<=fu z>{;(C98@T%CJ4&aKav-Xq=@e@mqdSXvXz>)ru1_%v9#sfBFa!xY;uk1=dyP&G!rTc ztfwxX2+gb|Ql~@f90yVu#Xiz=Fe7Z}S|3B+Yd5Q}rxRaz=hsBfojViLOvlG=%ZO#d zNuRbt22rNCavgB}FPr6Z66u@qn79ecsV^S`EvL;UQ(wkUIy!FaIaQgIzV>o%ky#qM z57^-F@Z9fUGj^=&`nMH9`T}Y-$J?{qTmIkAbe)ZSTB`&HUvipFDzl_dSjEk}Jbk_+ zI=yRkNxoBfvGxsXmi@-*M5oQDlM2AUOCwsd2ryrrR$bJN$a8zITs~MSZT?)*kkB+f zsRuTSE2;229?{gzX@6~pjF16v?t%<5{%OQMvQ%#zH&EU_7Kj8svmgQ&jsh7ODDZF* zK!d*l`@QFa49VU53Qpy1vwG*mjKBgm1%+5T^sxGoQbz*x0EU2okw_M_VCFIMB)MX- z098kzLCFImOauM^JsPtC`Uw8l7!Sp|2QV)TG{>WxpZ=u=Jp|qS8&DQ$U^0Htzh>Ym z;_ssWHUC=>c#3WY=0f0!z@>-L)BWQBz$SXG|1|^Cf&MK9G^1DI`i;Pmf};L415eRB z{NH9^IyBk9)BmvsPaN_%$CY^xo2n9d5?}q1dcGyDs&({>jVv53hK((#f=D;8(Y5pY#~|FyEo5)$G1>-xecDCZhc5 zBa7-Wp;luq(`=Sdu?#z=GZs3Y`!>Kn2ld~cWcPG(EvMtUh#O+T9&5A)UVrSC(SLEA zkQGf?)BDlXl%WLdY5GL{Wt8`&QJX4roSf-oCgWdWnJFUl_Cf~4rkj04o`FBwgKzdQ zz^@Jb`n2M_i`#DPz{1q7Ror$Z_(3jTXC5wNgFoa8o z?jsdS&#vk|ol>Yq@C+51`Rp9HX`Q~6x&4bT1oUPW(y9&a_e(l(g#^&U0s>f;i+>JS zbj*}q*`FWJi?0^E0YU&z3D15(o&@z}`B|Nl+()^G<@)C@iy4Sh5-lnhjhQ}7TA}wh z;LJ{>#_U03=IjIHYEjnF!Gz<@1B^!YYzYOzGh0t(mi&v$)2ujV|6NOw@51GP$bfkh zAy2Z;A!XYSg$)ryWN##ZFv7}Ddhq&n<>Q`8%<ypT#=M_Q0LzwbW>L1dLtG&MNpmsr`ES8W<&lEu=n+?k(=b_%MnN1i`h^@(**<6^xdu*kvjp;355wvlK!lD zh(RVz)!m6xw%prHv9J;6K`{|j=u#8eC+37l zuq*c9;a4<~3jwo^Twki7JzDlbvOQlw?Qf-m8X%>YBGAvs%1>|FckP<|OB_;R5|`$% zXa>^#uuCvqx*{Ve37VbQwYZKr#zgwTGP!oKqcxzYD5^jFSZ6~yVW6uAgg%cj2IovP zr>+(oFn@|$`A@!`EOmEFsWGX^Ca@0Ob05gevS77hF047(3f|GW_g)rMM7!^CHOOww zBeeC6MtWFC7-gi=T?DBjV<5;2c47RKg!$?<^oLB7!Y4Ns^C@Ypt`2chaI5`EHY?+- z-S>7Cew}1ZwwN>@5s{kf*@pt)|g3#v$gRdwA1S`h5J~~~D zbK-_1eFG=aS26m&mzOacv4QsTa4NVVH|UPL4MF{9W>!m_O7I{)f}kNu){O`eID6tj z$`SXH^%!eSvXZAp=)CD_OA(Bx#lmM=fP3Jk=}Wt*#8-dgtCFnM98=;5SrPbXpmV57 z;bC9u1>dVTiz2fZ`5?lK&qEa6i|yQp@^L7&+X5?;DhB*BQls(>R?)=PA0B9zuSG27 z7hL+O6-|qLX#G{P?bv|?}hSCS~{xuRi$c`5i3x z1le=k$?ByX|CP{A@@~>jyp@L>=6BhlJp-;xs_Ukax!?FBXn8iOd1{x;B-@C%<8n}x zr{vlzabdaL?vM$|pk>Do?(1@T)GyCAw6Cs7Cw;}{d64>d+t zeOHCuwqCDYXY~G9O!gyi{G6WA3hw2MREx2c#cxpPnWt-iH&8^yAK`{9uTfRHZ zA-QH4GzT{GXPKnurSjG=jCFP=v@&+yWK7A=5fmJYUM?m~gHrL$zHLCsk|SO>8ug2V z!7=jm4j5H!?4R58(}gea;d@MRg->O>Q38ZsC)@Anu0Pj(T`#K%WMwlBbbQ|!ztL@h zrTPLf=Ri|7z}0$%gOuOq4||k(roa05Nk?Hei^RZs;CorZG=A3C&Niqs)^Wpj2(mp7 zFVXsg(CP#I=z?C$cXX*1Fc;^XL71XOgTQ{4?;J4jKBbD7E?jZy{*5ifBo5Qdd(s1|I{RY_nBB40WsF@5#e z3WqLyUv8CKzl+?#G67!PCLVjisr&flV0C=tp5W)m8S$^UA3@_L<&1M_PqH~99iY;d z1V=w+Bg(l!SQTprB)bhDF1RvhgLar4dOwt7D4*)xtX-5(3d7Avg9(!;kik|j^e46( zHg+Ypo$%?^q&$a*JdmyBg>JOIX@OqILmRJzB|K1&8!}=>ELzhd4Q?S5<1i!~#|y*S zCq!0!=eddAm(yr@^di&hZrRk1%cw9M6YkSRfxOGc3{z!mFwV`5w?w2 z40Bx7 zd=cJ`Yp7``f?9=hBNHL|)rKPBtTtiQ^oBDPapHo8Aa`cswtbZ5!#C`6>+gh(?(K7- zsA2f>v!Ci2K(U>#DeVgMM=t;B{|0VV&*_&}4?iq`{Z|_4y^!(}@1XQkA!9b0n_G_V z@=7Qmp-32y`G&WrTCJxd#db`4X#%q6`}TwAuJo`=!&^vP1M6~gMO4gSk^^0#qB&u% zx;YPAxa4``gut(=QHT6puwg#&Kp9TWfmRzPs2>l;L5|qk-bSoYfTL57%HGJ?Z+?+N zOL`zLni5WKHouI3a((@D)f-h+5v1#42-7*|?T*~S!y!uMG=`D9NNvjw!j&86@HqKU%#3J_Yfft!Qk>zG@ zLz4LjCSABJdOM1)`h;W!7RY^V=e7~9S5uQc+zgPa;R3|$5w=R6npH0p%V%Bt3jx^2 z4(32WuW+_9h*~~5QaBv(CUK~A?e+ih^{!I%JYS|Ppt~EcHz^GsNZuQ@+|@-9&riA_ zdXBDU!|yuO?}_kSBP5k`>khjMr`sv!FzbH#WJ6zGFSXGU?Fxw8XgZPIuJ&EkD^O(3 z>ZZ@LcI?<>I&QD&$JUwFr4A6m=HgtE%XcT1d# za6euf>sl0c70**K@JLOCQIqiO8agcGfsE`cCE$3)4-06ERpC}3m$C=bGC!!(o;kF& zlRxjL<&ld(Yja0P$BhqoB9%~I!wu=pW}jhSIK!oHNu`F3yd{T4TN!xhLjdOlwP=PQ zcfwb@^QRnS%&KY^xNXBcIaCKK3REN&gYT`;@k9VZzhZcVWD6+@UN#azRrMbT5;3q- zJ!6Tr7J)~BQ~}D;@b?Mms@xop_ledJdx>OhkR2f+XXZQi!9au{LKegfyDEc}jS%Yl zVC02KIF&-Axj=PE{iT8|)w zt4))zapQh*>6;Ybvsa&RFA52L(=%@x#c3k+e?Eg#C?;nA_QF>&%0RK&nJa~O8zXTdU+VP4t(o|>HEmLY^^zeQ2gV^n67 zS?bp7+(0m70YkrZVP^grp{IbJ*&8myFPgKdQ~kmt?G=R$y5>7#N>10ZiIxcG9`Fz~ zIHy?yiy{~N7Q9Gv?WV`v4Qr_fH8>v{O+)AM61zqSV*mWAV(G^Nw?9OO?ogMiNHW5GLry~B zM;{c+D_)lqc=S_y1m#qs>iAo++74XYa=DifByb>bo{v+tn1e{3Gyqi zzB}Y;_g&M;eyohyQi`T5N*JDkrdD$1PA%>QX%%(I@r6OJy8*aj)60-R)5VxNMKAUt zviP?r5E@4U;r=0V)D39A;9Gdr!mIVqk5SFvf3vwcX81(OkuMv-BM}i`AV?7bj)Nl< z_`;U_=1)fn&uR>X>H}WbsC83ssLFgdMW(tSInZ%R2315-0%qeZSkF+9hHI)q0lR7^ zzne8#F}M>1Bofr+=nmFPCIEMNhE)%QIzn(`7TiFxvWcy&i2JY~K9s^lAX@lW> zys8JybdJ-_S{#w?L!U=mDw=J<_2V#f08-o!CiPB zhQo}7{}i8UcM%+wN2ou;mN3Jw+1u%hH!Rj}c&4>tn^KtU_DPKqpaq6cw2TP-#+j^m zGy!*frH5dqOXVrUpF0z8?ln6%86FwpYK;{zmo z!3nGO$0=!nCj4_Qu6ZHepHKJ1SxeWYb>!5J2vp(*-9jB=;tQ5gn(L6D$Y zilG%pRbvVMjOpRRA0O>o=mo{ZQicn3Jp!U$|7h?B*d#w7!z66Gu5Jy!ek+5KM#Tec zq)$9m)qP1fjRKwZvv0yK^=4K~wW5kh!aJtVUZ8QYBt=^_GP=8F^o>iUByEy<>1uT;;H5Uk>XZ))&Mh0)`%yGti1i2!v;`~?U$r08^R9CuUZ)g)LW=5 z%yV=`CKe5Zb=Jxb7gnk2ux zw9PmU+<;iZg%{^fK~s32Uo8Ms!VzaCOC&*yTchSw zk@L37g5W9sSvE$a@y?^1vG?{EJ|pbNSMHPo3W%i(!l|rc9;2(huR5#Gmkz(LWZeP5 z0wh(2*}>UgI>K?Qo-aOpidYh~K)#GV^*A>TcyilsW(=IGRQqirD5W%;5iVp4T}ep1 z)dS>>D`akd%`Pxl4Pl#j44k3S9P6ilWGMR62U2TT7TD096EiZ&XMqhVe-^Mf`NI$t zL+qCW;n0-{*a>f`+a!Hf*f}$@2 z-42O>N-U~Si1at|uU(Na$TqXi*&_D?WQ{z+B>y+yZVhpvQzyp$ zGcvF;@#OF*o|wtxE?zC);R3Z%Vck&@O54oO&O13OZyTz))8P5D=sY97z?TpfPGM!7e@mx%cxPfT$3of$y#FLnX1@Dm7D zS5(w&g)`GXabaA-ti=8*%K@9&sz9z<^ix|k$G{R(sgBk+BrVMDnn|bXm1<+L>8O&; zZq>fk+}t|{yegMX2CSrE`>s*DBa$TnuPUVEBsj+uw*BMgYl18C%|jdD`0!>yMqL=) zJ%>SPIoto}3P7GrGd?q1+k!qovh$e;ItknD5(}j0yzE?)QC?A5b1!chW49&z9Sb!j zAp0^1@whrh-HVP#F#y4P#jf`hw{4XD(;aUBdt-r?srghH+g2c0ox;e?=q9I)&%}uo zC;yRQ|HCDDcs;|g!)KMF8*br0Sl_%dqaVD(5oIa9tCW{eqBSviJt1xSJulJ0mzUe) z8f+^oGieV-oBNj5x=pC^U~BtUV*cmtA|y}!io zsHUWZ3znlq3%FGsDu`Km9COoe_TbpQVvmaVrY~Af38%1M_^#h#eePuS&u-_6DDe3> z%}%L50im4%d2hu)wh5=U>@IaL>N2gAej_AtU7oj#JGWJod23L?5t6@w#7K}BjMiRc zTYW(rVde0vTgjmA$8b-1LYGb>Q8!bvY3`uATl5q2uTAs?Efgh=Q;q99LoulYiF>+eX14wmU{v;cmK%wGGTR;l~hG<7P;-$T$?cFk6+i7SlAPzo~U`Q)RMy8Ws>l{ z?B*T~#?Imb_B-fgJ~x%;%*g98kV?L}#PCT@KhT}-T>n6V@^FR>l{^%hc)hB~YG(x* zgtZCkr{#J~*_W$OZG}{5&GS4XS^qL)u~Aanwarh0;w4@fXX3DI>Hju2FWcCnc6(pe z5S;}YYNrN%DCO!D*X7js?h=7KSnvbQ`+4NZLXi~=EHU%=t|5=kAJH9#ZJpa^@Tgp) z!pV!=h2wi)zQ3~+AO-)3O1iu!kBEtGD0(#`f?|3mBdksI7&rQF4Mx-*RPe}%Ha>(y z&Jof>O&7cn2Pvz+zhRqDfxA_Jmy=}NK!l?gykcvx>-_1>cmij-dI*&pavE+|4oa1Q zCEoZ524}tqeeyWcZG?~t4EU~+1)xc-DfI$7Vw9q!15NP6+Cs%E7i5uYiKtzh6I+|n zl)b}vZF+GYL#%TOr3}f01eNSKwu{B_%;x9#`f%2=X4gmxjuEgkF&xMb6R{!}iuqnO z&|(OG)7!(=xp!`e2xlwHf1ghNQkk1{=#y{JuJg=WQIUh1=DaCv7xo35{o#@q5(~9N z!Ws{5x`1N`0X0nl3DxI3ir&&h%$kwF&EK_*3+S8AZ1lb~*UFn<<$n$q>?#wDE(5LQ z;O(=~4^&VwYgTlHkpT&I&^=gdBk><473b*yPUHd;%%MY0?WA#7K>xKeMtBjn;UruQ zvr(uvf+p;^4r;nG0bw7B?TuXuvw zo+wXPB3BTXmR|6&FZRV6q_rifQtLq7EWYs`)sYk)^^UTH2 zT*qqN{HWZxnahc4_SR;uuEYxLEq3ri_%8L(%4;h_L!pICVxS5Ds6a?fhEnh@wB+>{ z5fr;xzOPjOb|{LmlPsxD67!iP?ot}GqJZ1XuR2@NqLMdpLvn33K)eZ>xoL!j&sG*70tBEzf>?U z!E)8#af%&@!)%P+j`+pI>}+qXzBZ&S%{>l&0Ql`F1#;BJ=Db$i2M%K%{UDvlF2Nh> zaKoHh5xM}!srPCj)q!P2UhDm8I64nB7Dj5xLJu~23H2Rcl+0_}(A7Ed7TgZZR{k{iuyT6}gfP%3(Ixc3X6`UkXte7u(!|4g{=Cn4 zd#6;Xn62=_EXJOG6O+${tGPzbPFpcd4H2Dc}D)s5={T_RZh0? zgpVA}=;8kW1Gv28`&qvc$&Z-z4paM-?&u5MmT1|y_RT#Pal+I+haXV{OPR)8%SmR2 zjBhMFw12%qMb==VxX%4=bveZ8b8vl9Dm&#y7MqJcmRDxaGtTk{UB6x!#`q2DxNVM2 z#kile=F*G1IGy0n9MJs$Yn+0&h{#1dGEzuyjXx6uH#$ICh1f3f;o?~tSNf&aOYwHe za+Z7z=A)P=)akmquJ)X7c|ZLrHkMR5y@*(lv#E@0{$iE%+*UMdJN<IX>yuogYV!>iP5v9{q22B_H`aC!x1hT&Jy0;Pu3 zDEYHCkh3+qqzLW6FW~LZo*(kp02z6}%0rQ2b;gTQXw3ogVI#NBZKjt2$B;*^t(l9v zyTBO^y{bc(U?F414$s{dfZHTWk8a;vX87j92NE3WZ0g9y`3%zl|ZkGHdlsf5j zTKf=#Aomrs*IGYmAQHq=3DsQ`%$Qu=sVj~`rN8Gyn9?{egvtUOz^;7BE^=O;&TP+a zs`;Wgk-_=R@%1-5yWwb#f+{-fD+7!!6*OMP;L0$lgNOzX3Mo-E3mTqxfub(`&(Is- zb*CG9_g5q1L#FP&hL_hdAo}#d{`1zBmFobY?&>q$z7W8meSkqmc)}g{9mM{A>s%`y zkO~Jp^ZeW6+wV1u3t5r1>zi2`_xX{#0SgXme+#zq*ASDHYP0oAA|*4ee*V%y;QE#$ zE3p>zR{!Od+#_h)L$oYTi~g-7bjm~#xLu`9gUtdJhB5Ks-uLGh(IuQd!mw@UF>0*3 zD085M#bKPQpdn+C937j%LR2kbFHc{4)Co+^k76TzChBmiC&-!*w+$hnf0&o+AUs%?p=MkW*^MI{=^$Rgsf(@kE z05l*j+4gBo6ahR@>;M5Wgi)248R6_XCSX+l0~VyUE%-ki{aJe%%f$pt101$z?~k*9 zLKYq%SO=7cA&jtBfQbOIfTvg52yYEwPT;EQVhxs9RQLxyP+D$t{7VuqfVU`5G;aj& z+=LVeC;+`1`HR0jJ`ECnU}|8BfWoBN791cjf!4a{CqtuXRQ#_SfrnelUn&4*+9$pr z{Urn73}trmBUD5)o1i<3$$^i$ta8m+{+aGpJs2eFf?>#Zx0twnd-*1tFim6x*!0zso!Uh1{7(C-BkpCO30lN1| z~IGu%Pk1vFmgAvBQk4lpx%D}jIhJ_GL9$VF|p*)$L-6w4+K z`Vvrj-DKL9zf=G+e*bW0w-6u#EmV0DE%Dewmi%F&vTViS)#r5wpr|aw1n_~V5Q7IT_zrpHdlo2c zJrkhMX!`jpE0kr8PhPG#)oo8R4`XBgTN@Q>q z{RYdVRzu39ula-lIXM2EbHzbo(ZOpkCuz`WAgJpNAt?_Y4%$}S=+R@bn6GnmS=|?4 zK}X0$_YieCo)2qDq;orl4I=lXd1KHzgcfZmNZ~yI#H%^9ch~Uf1@f=uuAK#|U{Im3 zLh;l8!+;rH)iVGD0LjA~_iN$-+||y2`7j7vf}dgyN?+7N>0NZ8KAdRNGRF}Q^k}Dp z)^mfA?11fR%m;;MU|gHPo}loWz@`|0b!fwIo2vrp^&nu?5QN@S9z1H4Ddeu>>2j|a zT#h0^!hmJVz!0AEMh}_!t7MK~iYDl7%)-|j=Cc}@JLFubMDN0^qV_qzJ}uG`v=Yjf{Qch-*pFJj*}g5 z$Wj4T2Vet;1Q27L7`nsE-wy1;@UUF)rdP!^4~@X@maGW;}I_vHcFHVxDN z73N?CdB7e1f9B5Ev;5${XVD<&7&$7Ctg)0Bn4<=5ta8`*QL6L8~~kKiZ(MSo?8 zi1p+Y!kOWp5BlrnAYxBBNF~tbpPbu#F-%T(SFMa)=l}0P};|#}wl>kwb?U1|-@5T3=+vO(_;G$o zd&$+0#}m$ZTSQ$)>i3$5=8B#YPT}mobj0)_HL0b3%JN6A80+(2eo<^V6G53E>x{UB z+9-AemwBy6Qm))^Rx2F8anw*?2ceT?l9o%TpZ?JeX{McEHwTv7OSX_96t19y{=ht& z+)M8N%HtLMSjZ`>N$J!?k$GK0Rv30QWX|4#xbQ1Gw3ja(IcD`bKiJ_bAIUi0FM6$1 zc-cR)SRcRl>+=(apJqQhPrV#GT1{`6F5sz|YC#V-YVaG`vbajwe0jv!3O?77=`r*_ zDHS-C+BhpQzo@w(H3`bBa}|u+bMYnSAewr_g0v8(9+*tf?8(LgHOtT%fMbJqrRF5D z95mWWzj}z8l)qd^_BDF>b>foG(*p7nNC2n2)b?Ml*U-K5#9}rf)*SIXRk5_K8x_Pw%RfW9H z+Xtfj_IaJ=y2`CREb4}@mwt^apKQN5@%ebvL|)kSiNc?Mg)RKo#aA6}rCN^uXWAcV z>7P8e^(HEv-AWt}7?m8;F<1_7CiPvPquo?YKQ!Zb2eY56i7KfnJjl>I;Vg`na3r-# zWqALYaoje&;JvDKh2emb9PY!_sP@Ck=43~iKkAXXf;ny0&kX`h$G(5fJlqN5a2_!% zp`2B_5E_KnO%zQPM9gogoVtpzhR+@!Fd{P>j%)+de_m+yVz)$ITGx4fa&*0k*zC1B zUZv6P&H5d+r9)xw=^h}UPw&EobZU~SpR7M%5^|bvQX+LcwM;PU!D=qP6oVIr1E1>t z{52@a0y6Mj#+Ug}{baH-La4GsA>4cW+>N=ST>2cvpb!;z_5I+_$FBj5Lz!`+6~&dS zOJ!}p*Q~!pK}>f?wM8iXLq-X;sAW!oV~C`@x*P#HY`{n4?xaO-$&Xt$aIk?d%rNV8xRkN-?WgX0v!@y4E|$ zA(X!rNmk>z_e@2(GO6){jn|GRqvyD4Lrsd79Pk5<`P~^C0ju`i&b=KHhD7a7&paJ! zYL@%9o@U*e7-PJh-Y)Uu_J$KxaE!0)pDE3rAHV#bA=Xl0yNg?^ba`_8%8$x}mV@GFo{3+Ri?yP-Y9Z+d2l42v$K1?fcpLP< z_gOz~vtMibfhTzDDOl9}tuJZY>B4C)H}(ruyZHq_^YG}>T^<-|5~g41lrfO(8e|rI z)|dLtvTi=ZC+aQqgWhnGbgdUIZfaM`TFGms>Ycb*X!`u~z>c_=6^~y#_0&q4^vSX% z`EQ+Hx(5oT@4BZ8)e?Ic)jwNW5nPitDV2Q`qm5szdGcgdRr11V(kZo1rTI^t<)qGy z@X;o*ZIh-wvExA-ePghv*MtNOuHN>|$bIH|DcN=g^MZr%_=X4*#UFZB319Mlyf_~a zL&@;rU&HRD-s=dLMmQ!!$~hbrYaxyz$=1fVwiX&9SZAho)+_}gEFaE+d%waubz4U^ zJah%)O1EkoTRr^6R0}9=FM>`gDtbN1A`Fr84$++!=YAll{QKKm(ls)sz_q~UO5Nt~ zGVBp~pF~ljw8*SU&XZQJhe1onJ*b#Te>is2YoVN^ZSE7iA~VhX@r@?YSNnDPJmGvf zgpwUsB67B4W1a1nST{vxGKLtf84mK7Lu(zHuS|ocRIXD##=o*4O4Bvy-g!j1HoB`RV6?h-s}5xIynxs3PSt3>7*$o@E@|8TSF>pm&l063*Tr2 zXe?S1o`RSwv-yh~T@C{r9gW|gJP(!2+DIZV>Y8*vMlk1O z|NdDQ<7IO8s$VZm@(*$GXN-a>sZX3au?rp8X~u%J7ve2(ZP-2;ojJ(6o`W=|T{kv#z<%6-O)1_AbeLN%&Lxx0n~OH=Sx~Ro{buWgCdo_P66>KOD6osXqa}Nfoy6 zvDNU-a>c`RiOOR){J7Evg_3sV_g~Z454d*Aii33vJwCYzy|DG}uDpj=g3HfnVDG}R zwOMfFZCg#4_j`3Yq);c$kNj%p@?l;0!R+HyEnC8`_BGi3sqf;WWnzS6wTdw`*|9@u zyWZVfDE98YG)d)LAr3lRo7UQNG}`LI<7%SZ(`?K1SM{cw9NE*_BV=?dQazp*nMTa#6TILJ9+EmpI$MgWDYY3AOf9 zdB0MumydiRE-@a&cziFt zulVls*1XJ(fx2-!kBVds0({20Z-eeQ7k?fad5bv(KAssR`FQZ@od`@zyH@ZGh4=41 z2O=%xpta|Pxnq6i)lywlKAGi_%53KSS=1#H+twG}EvUK1DG z*Sd5^Lu1?s*ZA}|e~v!E?;r`N=uspsRTq~2LFlxozcqM^4zpdM>Qnx6>5Z&bxsN7^ zZl^yloVH!_vdZ!VB7hhC?t6l)8aF(fF(BEm@p(2jiZxe}!fB2#9PQ>G9+wJaL@M!| zBEGxG+|+%>Yjk+_B8ewrHzVqs#gq5dTm-e)k$g|XL_aTvh?&O_R7n9lAk07Zy5dVUAmcn{>5R;_hpKXugSy2{w!4nV~)_}ZjF4> z%=wPcKG7BT`q1;+oJj@+WXE#DKb=-*;vRP4uHD1*UBAb7&n`hA6q_3dAG3@)(M(=f zC_>i??}b|4o5Gs5$zLHy@o%yN*vQ@X7Hly2U-Nb9tcjcYcRUC8=ciPvR^P;aj{O?# zF>u`To62w~*Tm1Jc=Fl+*0fR=O(bMBBPzUn=lWrXQdW|+GbYEyZ^P$G%-xTte!d|Z zS~F+GRZ!MivnNXXBII`c$u6a~V9ORNHfI+mpx4)fabvUFaM`S-XxH{QN0rIiD1tdeVTL-5-V_ zZ~{h5HnZsK^ifp1!40A`Bxm*`i@_f_mf2R$uZ8v-uIYKQ zx}QZqK3Q5E+8TNQ_rpJ1`{)kC*=A|k@69@Y@)sFiQ zB8qr#A-dZ-{kj5TNKC`a*q4{Te-@229}yN&f%N0n8i z+wRyjaEp~Hsqkg#w1ZwpajO%@Q(0>CbZ!Y|2v}K?Ux6w9Y>%b6!0a%l%z8Jq9Ve{BR`EKCaqx&EuMXimxAg}P`SN#&pz7g3b>a8NSg#Y8 zL}Mr#yz0R|v*znq?Fqiu1jyH%EN?+5^=8C0NZ{Q>Acl({TYYCX>Im{&kqLTF#`3er zkK{p;#EfV`|CwY9oJR;ySh&K$$B$L)?ob~E?%mc74Q1$ zB81@=c5bkmQ@`rsEnqkfMD8sIUIl{(bQEua*JAc)tLW+B5rW-m7o{B)QO|=)2e92Y z9eac;sS&K|da?26oBqZbl-P_a$F-9*rZsL+`2RUGE zRhHJ*uM2#bD+NL0E`FmWy)ak%L}-G5r~Y{eTU2#?erc`THU&DWj0+ z#{zp8YBqQ3O76!?{TV6ZJJI*p*^;1ZTLw~%RP@=MFvL#P@0&x7`Wr08R5m}HXk(6U z(h@M$t>+oP%z(1PIaXEjxHTW<*!m1H;dXM8B*kXP{sUGrkEsXKtK)xH;E9Pk+>m57GA1=wo)PTI6{cjXL}_Cqk$iP zU$1>>aw2kU4)-LA(W(-^OY`&p(Dc=DRW;$(`_PRvNK1E@ba%JZK~lOq4lOMujdV9i zNF7ib38nMU-5?Dg@4ff?cYZr&=9yWu_dILX`ZXZ!Q*}O%;28{84}RnT#xPq$jR-xc z7KU;q0dO?uSh@vH(Wie>J&e9wZ3Xi1XSlI`qln@cEVNtkS0T9DZQ)EIrJLrwSE1ev3`9F*Ck1m;fZ|d2 z=W9+p(0Ob^4gNc=I_nhIYc7Q~1osC>B#L~b7Ex@XlWTSbP?^1Vl$X5!qS%>@WuizN z#c7B%ap|@Ro&iXuNV)^3uG7w2Q!-d3p+Nbps6=3m? z%BNv}^-BxFgW_+O4~Zf_YUHZa{S;LC;6kbH^$qY5*3^(KQ#oq#|Awmx6)fu>*Q79_ zhnTO{0Xw|nM00S^y>Dyqf&(Q@jqvH_UVK8qoCtxU7`4YAd8>Dd=t6=U=b(4XeWKkc zFtvpo@TaG&+-Jb$rmBVb9_SGE{ zJQHaO(^r?omGL9+!Gvf4(6%|jqmIFiwCO$?D#!QP52Iep6?I%A^Q9T#4ULl1BwR@! z^C1JNVe)(0PlE|R=;jOxmSFdfB+vom1tV(brJ!s&p3D94N)Y5*YJ0guz=jixmf^v# zu?Ac@cX&Z9@JTeVY6_?=Pf7!wE)+TYVy04)=PfUz#sgaMfr#~mJTz9kK=#*DOI1Rn zpThMU4r9w~2btOa%}q+utr*5eB~h-i8$`cb!`kR~2)`G_ zcEbOe66ryNeNC_;g*+(Dfe49CWghEGwChf2AS{@75~|HLAgf?F&inA|z(vWNFEuWu zhK(zxKwdFouJ6#S#Wx^s(dXIeW7!+1%2E>!e~ME`u9Lr~;zftp(f5&9oRp+(BO@a{ zJ|0euF$SQCG?o{+PQ*3wIk6zFaj3TIXBh247hpV-(va2)7eslw={&e*)`Ye{c#2pv z7j!9N{k<6GeX37#NymR+Vuh3jWEg~J9r|N=Z?67zi zhYnwzg3ja>=SY8MSp;NElUs&N^Q0nyO~ts<45N!>xfn^=L1zbTiU<~yA8UWkPr9Y@ zAbY{NNFypFjw3rc20Hz@Fi-Qk-!*)~%4S=R-EaGIvTQyGmm(~VeMOAHqMf_enD)Dn zAn)+TN>Zqgf|tomF}FETNxj_gbi5Q&7kUC~W-=Ug8RT*i-%}G~Yc3a8NwZQIE|N^B z9T-}+@1}{pxERu%1?_fEei6Q*@9JCJka#cGUqeO1{CS*&?0Go2=x*KI6XJjZsT|9^;;eR9B@lqW$%v}7f zp6H5IQCk0$4YpurJaJfvQ9ZG2rr+Iq`i;L5Q?&HBS0}&9<^b&!AW8h9``22oTef_+ z!X}AQALGIrGsrxTAdM-PAm@M^&(3SOb_#3vB8Ua1SCok=5~3s`Ouyzs?{*wQ^zkTF z6(puO4x|t>XYQS^4|v!ESpc!w%V!fpw06K?(QAD*&6K2lnn#C z@t2RMBVTE@JvpuHwb(h8&*4wd$8gniM;^r2lN>DaJ5oGK6&ZLM*!@5p-)O_$w3O_Y zDgLhhQ;RmTJA4dV-{f8Dm%q)i6osi3tyTHIpi@TYeXg=Dem$#*#mzFNQU@^#)kCd* zw!EpB`oQ)VM#=4Ci5FO}oZ7Vl6*1^fM?sQ}-jIf>^LSIZNW~0ex>8MzizXUIC(`iU zJr**M6{jjb$QlUF=M6YX-RU%g#|3?-Xa&DN75i*&%Wf3KkMf5QJ%8E{3<*0#Ca$rj z=X3Bs4?JG3M+xarC7mxssE*W1X%09Hn>>E zZAA@;iP?E>!zMPSBSG(fydW3O9c}uUPs(;y@G+ErEBr;~FYo+qC+zu$pHNXtQ~)Z! zVysW2rNKu!>961(kh>UdCc=jeS?w-kZjs+POh0+9-luo8?n)=M6OX2ag^4>T%9-J# zFA_Ct`0%;37NR|}*ye6WV=}3veE;(?KVCYg56Pdzg#(UgZT@^q?Oc|-rR{hqZ=hRy zNnrlXVC`ojBAbF#M~kExT-i*)GH5?o2!2SBQtalLzP;)w3Z4tf)2{Qb3A#b4^6bdsrwD@q^2K(8Z&hjc|jODR` z>H%qL?wd%>{6gA~v1s;@wR7vI7DmF=k4-e@vhZX~f8^^b<&UNAn**RX^+AYR)K9u) zNaIUSc!C}7D@=xk!73kuezdF#V+Ly+0~_W7`YOaX*S(2 z@5z1yaaD5=R-yzev2O>syZz3ypU{bRLQiL6gc%$tv>Zmebs-7<>uhGLB_^X7uIkQB zPi<_jiLB9pN6PlqAEKkKhhT6e+qK|C znJ?sKDSWOYwACNkb&INJ2|fWyP^&o6Os^Rom11gYy&=D+OyX{uKMMJKjXe44mr#w! zm+AA7(wzZjSmJ{A2giL+5>DQN#x_^8B+m^-vR4oq+4ql?eq-U z!x2|SB4Dq_%du726!8W4udSm;($5D|oD1SRaPru%6@92HY*JQu^z$8JFQ(*qz5ma| z6{HB1fWI&LaaXM`%!@iO82ff70AHS=7NTx@h$eTd*(!CbXD1Y(5*Wh0DF#zWI-z@J ziFk^LL&^xm!xkKW?Q?w5*W%|H`=P9*A64nSq+giEV)dQr&4ofX{LH6T)zvT_B?I zyYyj5*qQ0QuIL9VR|1b$G&7Yxim(pw_P#}Sgn!1sCJs0nwu*L{_b0)EZhVBy6Pf6B zvAfbTktX6SuQjC0HV|QI`ABiKrU}dxkb#mO?)1}zG-{uEks3w=4*SHd`D>Eq`K+qk z9&7om$|ofKf^A)6Yp>!6@>@T}oHy9LM{S92RamlF5;AN1_ua$-w`~d|*twW6>nKhW zUJ~Rw)$kH-+=o~gKSUT1$MJ4~#a>&WykB<_EqUZ@xRgPTGn?n1{Y;{LNT$v3kCqP! zM#aXiToqr89LSxgcs(a*>}ZkTk*F7vD6h!aTl%)Px;9K*CEoX z`svXXY>&DRobp0`(4==OiZ4%M0?_?A5*Yjr#QXu2F2Cl#(z?1Xo)Db z6e$2)5^Ocn*-`YkyS7qr+! z`Le-x=o(D;zSYggX;p^Yg0bkV9B*aPKUqMQzGO`iP{EJ23eobfdMM!Z{vr$|h@C3` zzOZ!>HwC4&Z?5XLk~oo(+kgJW$pWsT)tho?uD^ieSA}JorH=v*D4F@Cya#@FKL}S57Of?W!#_ zNYgYvUT_x(8)l;F*%WHRXBn0#9Z7nXrdY}8jw&DK09;Z4>0pTc_ap_TF3+ zEV8BbTL5pib|fZFMr$`rbv3*b6Ge3vfqQ`%wpIM_$Nr6GE5H&Rex%GJLSSRopRNnTDwoX|5Ouml0PB|)UdGORY=El2bSb0g&*Vhs2@>*T))7-mMbPB@rPfA*rBil4?j%@GQ1c9OTk+cd z(h_eE9~wTYm#(+#q_j3WX7?6aOv{I5m^l?2@dKR5<@SHbBE>O>d1jW0iFztE((K5f zBb;y>abi|wWFk?k=I5|KQ{%L!dtwmdapECN*q1Ya(=%zi_g69#>Ew z#>uN|C-4~=8519bI31x)?4{HmDKSj_HO~bd4v^T#MTGIGG6jue5~;?PsA4U6^ikL+ zRiZX5)W7^(p7OVKa1L@J{+IAsh53)7{eg(;%s#KWC%5-qc#ldQDR<+C1z|TuOnY7z z>(Y(+X2u3Y%Oz6qwaVwcc(%6}4Y@ctgwsAKrw@d)#@kJW`uQp5)`d5dwCI-KvaRg~ z{|p`w7wv~(Z)IIE8H))?8QS-}aLEfLMr(McCd%<>;zP8=n{s1 zZtHw~^3ZdFTJU_vpsTUO`pwhMI?#u>VZDhOj0bV}vqOqAmaac*3f^Zo+4m;EV~RhN zSc8kPV-P>Zo$IvJuT_&W+#qb!l?yMiC1ZPj3>N6N-c8OF?y1k0S3rhkVcS0;IeBp= zFUgM`*q}>v5E8=s1ICF`7zq>fQX{UHZXc%L927g1ie|Z*ojZc-dD0yl(HI)JEj$%N zOzO601qB}&B={jEWn;(P`E})*{}!+*2-DLc8C#(&7a4TK$T!a*!dPS9trvBp_c7;v zYQ&$83Mi#ma75%wBp7jtXMFY2C0!h)5A|VD2^&(AchibOEfIxIn&#;6*pQ!nh{5Iw z4YJSph9-Dw0g3v_YPy&~(3DEPBXO{emvKowCR`)Sx0p&AkW?rhCafmwtGE`w5`7`i z|A7;EN;;HbWdyuLzKXhA>L_WjCoA!^oWpb28@A6rPES@5Ib1r;ap)SkFXM5n05P&! z#+kaJS$UA}ephIPeM|fxAI^6eBxk#ulv26+4?D4Swttp}nwb2OHdSC!>)Z9oBo4o5 z0X#;g$$^1?$Y#CRRFvB*K#&XVxTp89r^TrrE?;#8r7S= zWQ~Hb3VjfabX5EM$Hg!g?ohpt>}UqoVm4cGpOVWO$onpey2y|?Bq)?SsZ^idIkNl- z%sFj4_HU_o_A%QORa2o)9V-jH**9o7b~N*|Fq0UX{JYmq&XKzO?3gx2GeVH#@$u%f z-eD+(E$_Sj*(vk&_JKr-VB}jIhhR^!T(t1(zxye-5frPI&z^lB0pei7*_lkU%VAiZ zC`{k4U({ybp zNFmv9V%HfK#Q6HH>eH?FsEf9pbox9 z5SAg?4iHp6h)lr29w9UN)UOipE^Lz0(yM7R_GFUeooL$8(pC6l+<(Mw<;HVoFwCs( zN9=qEgP^s9IeO>3$!Ej+AhJ^#yr6qG$F%of;1q*{9yVVTK}30zxlhLup;;s&@l_Fc zlZA22n!yO1vRVuRP6R%_KZDKOZC=%RFQ`$E@tbki9m>Yw!rH$L_SSUWR)^TLY?PMLCYNbNJ*%2P2HsOSC7UVv=9NMo*?LuAAc+gOnXZhBP!oX4+LdQ zw79|L0Ikqj0}%UMt7;;?hdX>;RyTQ~tYZY1bumVe$oJ(pA5i}i*qUbalf=EFpU$Yf zGXL?rxts`xH`+!F@FUeU{yGCF*9f$QFn+y(K-X`=Hj0VC( zR747Cw^p}7G(5IVGsZgcMO$o6&Z9trEUhcZxTa&+_w+{z7K4bJ-h`ZS+}la`ZI8Jumq~5zgLdODu98O%(j%We>1l^=LpO2P>(erBgl6@^2mqsYJQ_9tP0f2@SG-e|9p?Kg?ABfz_>ZKkQ-8z!`ObP0IRsMUzgK8AFfab}yE{eA) zI6)XBS;j5^JGZBC1Q8HB_ZBj`L|!OpbNToGa{(rRNDg-_^L|>8)#p|O=vScovXTQ7 zmp}AQoV-E$ec#+ZDs114?jB5Zp!uQxc!N8~CBo`Yh6?nnGU!GesDIO4V}J+Mfr^60 z=suz&lH~yd0ZL+@!kX$^&Z&T}HDDHhq91Y%dj)y}`2pB4(*-2h30%D~Z?bIAV8AFc zP}GxyGqj!cz45vZw4D7c50nb8i9RB5E;cAfP5?Woot+)(yM3l;w`r#PH>zeq9Kee{ ze!XsLd*E6de>$->N|+`n@#$w>ms3} zt^B0hctjRc$@&vTy{Kqq()m>rT53jae(E%!?rina7RbrX3-kD@iziow$~?LLJc|hc})86vOhCMtM@FPl>Qt zoEhvX^?qX|$y=K(U1y2nOr>-l9jXMn&6@ktj*u(H2=o1ynu(>2J6$rfv6hH&Z4y5x zulx^c^TSX%-wL*LQj`pX`LL+Y- zuuNKzi>NZPKue}#(Z()`%-ai9>&Jmu>CNChPIe+54W}T(qS#$;^~4e8BnspO1J|ubkKWklcPb_#W7biaP)Y%Y6dQf%p4`G)`AGJGL(P; zmrNsK9Az1W#5hWX?6AWssGj{p+dtN9Ji^Ydivsq6!p+JaY^3lCj{a1$1i(6JE}bQJ@ko@I<|9z5keMq~H3JMN0pRoY0*Ley`+}1V zvM5AlSEohAEUiAw#0(CtnI{~~@Tk`IQrlEDH+XOcd`?)MbOXv!0FlJ2U|Q%_MMOp= zqX(eEi5iFPc$Wd1x6_Qk1yo!H5>($QHr!I)5JJ+vLxc}|Y-DfW*6ZEwRFg)eO!Q!xjZlvmGgPBqAHb@n&%#DFtPIbuqI0UHPKE zei)FRCuQLA`s{PST?!lc-z%k6j7QedV}+zihp(%fFh%VwFmG|(gMd11sqn4c zdzEbAyq*2_vp>G0!6$SPF^DqFRp$++qW!JX*E$e^;>GtJlbUV*{qH!cY6ioxBfIJT$*g~Pr#J3D8EG}Im$+M1iW?3E$-oM!3y z{{KQvLq&>F34a^u0kwA8n;B}H7!@-Lf4PCtLOLOj5PJJ5p?r&)FrQ;BE6_X!uYxU= zOfjQf1Rz*jN;L<-Eb~dr)@i}h?}5leq5&<8v=Woj`2tcx&cyVrz>)#z7o_p@{C>Ea z8=_rARroQPb8C<@F8wfaBxPjy4q@>JGU+URpyiR*J#CnX1o})?&!CR|XKwG10S-2J z1KBs>_(^B%$EUQ~(dfEv6HCtQy>TQIO%Nqz!|Cw$1 za9hh1WI(%Yk6l)Uu@^~h9AVK!gg%G>E!~zu`T(iHa_jSAg$tRyu`&kt{w@3THZ9yj z7g?hC`JFEU3<7Ms?GwqAQbk58>WPqNyT;TZn$X3GEkUl?P^v z)5HoV0)W^XNL2LuDE&XCG#F5n9N8WXMXs|3>ScT+jO%!J+etY+Lu8>;vXK}$W5wh# zSF8+cOb^Vj|B#@5!ZE+*%1O|nXQ9@+VvSAxD2_Ke&WPZgSF>ZN!EC)$vp-bp?M9b} zKeRZ2!91DeTzdiPfW&-+S$#qS{0-;S>%oC^y<*(oL=kE3d;eF6<0>ID;9@<%rO^GP zKTFQPpNvr}Le}2E-XR#Ds^*CBLahIW0!=nPhPyIzaf~-QI_AfYLLz7;Mn$Eh+C3dN z^Eku^>jE5am8>O+AS5#>O{aRW^?4SPM3cp0*;$c4y@iX?cO^|4M@w;oV_?D3CDolw zAsJ)7WRWkbQ0B&@&=ZzGu<5B@;+{ey^X`lvlh-|W%6Zm=Bq|V^-E7rC#`Vs;jo@l- z(y`xI3%|ai_iM`AQl?K5qSj=shBhX0?+AXy%!Er;2_=(BDA0QceEhvO(#I@|&lQD6 zFwLwe7|BHBO~;odfg52tWvMr(_XErx1zp%~wa|r>yembr_*#fjAN2c}YFxG(9Cw4l6KS7VvWzl16VC z)^AhnrzX!G7bcD4{8j%1DQtP|9tO7KtGD>Hse5nvEM?ROE-BUWf6%LazINKrHa^8U z)n!5HI?U+68zUtA<*FHJntOUS@+1B!2@B`Kle`>VUxY3KZ3@T9S)NYROb$765M z8QulxC3qFy=kDB`pEH)+3*Bw5y3L{G3y{8Z7wjVr=e zgbYRl7?6RlJp>TS7RZabj*f0c7i$ip@b^u>cLF+|FOr;SnO8ZsdrjqTm5U>Eb&tLz z)hLMY8PDjMW5-9V;xBBr? zneb@If=VX4h?*JH6Gf$+fq5fn@Yn5K*|SRt#+Ub2N=(OH44V_@cR_>QeaP1 zFt~QOta=nD{?uTp7hI=as1(Zj6lZPfr@adIZ);!kQI~=6O#i=%Z0$>;&%?hqh*DIB z!5?b&`eDkTo=4FPdBS~t;cMaA^WD1_KXk#)!`#Bt+Qs2r_Hzm&VJn5;LMu)3lYw7; z0oN*myN6vy*ET|SYcBO2w84dcE)hzcWp}z`27k25cVGJ#-JIO|{Y?(~4S&Q2etkL! zrfv-qH^(-(-+fX~pX4F&kZjw!!J6XXOj&A{uH9qlsXK9gbHi~oZUoH}@kPHCevj61 zV)}i4PdIJkhfiL1gARY?)&2KFwcFv#2_DWEKfaD|O=iJ7tu*EeZ2@y0PnUP4`OS8J zBNI6JuGPufc55cw8G1(3dj3`wDLM4?<>dOeG9ob7 z_Fd!qCZVq)4Nk+3!C!wTS&JePWnbG}jlKKLifDH)!_^CR?9Oj;BBqP;wZ|h)F|@m+ z-TYMq7ZSGF4|THLB?3$2!YwkC5|zu!Q@YFwVI{$O}RE7*4b8=1*>k(!w_})apU=56^WJ@7i|DP-n`3 z`7LWf@~JH;Zj6xpnbFFRnO&!mMC#vW79fA%bu3r_&-y*D_Om?$a9?wnBJsu!FAr%L z!o@qZFyj3_fZ=N@={p;1%l7%LHK%W+x`P1x9Sle|vs?97N2;W!Qx^fGVY~wF8O-aN zjPg)Km1))EU_2BEVCbd+oxzvRy3JYCssX&EW02D9-vme#GR=@$J|SU0K23kWa9 z^|=bDkv~52w}wnu-!5_<7##G>TVTZj*rd9n@B4#ix%}R5*}pU4;^N=E;NgbN;a?s4 zkO%*hzZyJsz7K@lMFWp!b)eP{fy=IiGb0#8Ky}@+^r1ZNyJ%=rDy+lb?E(`BauBgQ zCF)ZNCM>X2yJ@;e`%M=!qN@r7F(~<72`)xm-DGe7&^_hhE)fq9!GFH@dH|mbKKQ_4 zrrhy+U6=H?P#(fT)oTzTqgv%3P@(F&F=APO3exp_SL<9;^n}EDzQ#AkFOQAy+$vnA zgWj#%@L+ut@nEo{1Oft^r9TcAlx~fwF9lvLNdK9l{MJ7+Qvc=x7Obq{z#vlyueuLI zhzvZPRIDTw?U?4f4v8}iF4F!^`RZ6`tUt7_U7;P|d>mHkEw6<0u|}*-veog_K);Q} z>U|xv{)fPC`fZO;jJ8y0`SqbmRo!MVC8THi6m&aUmkrt+x70(GN2VF)s-j;AJj&j3 zwPDH-&Q!F6zH6)z4n>$}ALXX_zHFoDKCF(s z)~rZ#R4@@@)X%KyTZa2u@anGqzMGu}E~xHaY2@fC?F30NY0QuF?8qAbqVE!}JU1@? z8_x63kf!gxa$74@pZ->wVFu2ROHUEjU`H6TV4B@&Agb9dZ)mxC1?+sVbNA2^G3an1 z>e){P>h*rx-7A0jS?gzltP8ZYzqK+Ef5V2!1C9|p?2b%h_y4Ys=gu%*XddgEEsUtk z!k|hQkwZOB_Q*X;9~YlQXTqLPi!l3duV7U(te^8w1W$cQkq*L-)#?!uZm>Zyt`4tq ziB|wcer|lHuy40Rm^Bk|vC%K7#T;Rtov94@1^LW?ImpiMuy9>U7;kQCV9p_#lJK@c zujQn=fD{~i_Kg^;g}BbuyBkUmWZK*llf>8+xjlBk`WqGS(+yqOY)a7kthnT~E2sh$ z>P_!Ad(@ks<3Kj}V}DO;6+FBbRT1og^hgQsQbSQRP6XGJKm@#0W89wBfLf2q0#Q(@ zhlDcmcz<_0a;bYZvq!+*^z9H!!D1h(+KRu}r92GuXJ}VXC%H}lSiZ>{-;n}bNU$c@ z&=?^Wb9Rz66utglRZSIA($rg~%uf{f)bIYOP8EY`(5HnpI#f&Zm-LEozDe6nLw7D* zei0mdznLYGdwREq6U&N8ffdAI6)t~=n>6QtrhhC&LCr?Q|CtQ2SlQv6}!4h#ZsJc3zktkv6Lw;l0@D0e9Qp`gVr^E4 zKb|i~3`zaCQ{La=`#pt@*+Pi=xT;oh<^qY>C7M5JR=fp6*qV9GOp?KZ*YIDM8tG-{ zB5@aiu6HA6^C6mrDss07xAC4ynb#t`9|}$z#q0kGJJMf^A9uF&cMiW)j#vjYb(xytLE`%Ze^X|uDHK1GxQ`dYFn>HCYv za!%EChnw>ep?hY=cZm{!uGtXrcHWe1-g0KQ{$D)blDJe=elhN(PC%3yXu+y5I{r!y z+#;nm?AE^ZrcYPPAM>D(-6Q;|lH+Dmeh@&9*Fuo=w4=H>a`LY9^XHAt_KiVdWDoE$ zd8^^CMlcBRv)e*3qhjUoP)_w|`nBNij}dp|3B0pOY(Vnd1wtyEu1NWw^MG@?rxI*y6# zi{4sTrfTn!{MBcv#lyR6$S2oqgXB(uN7ma9YlybNzkEUgp4mz2DZCyM1>UoTi<_Pr z1(I_B&xRytYo_o!>U{>^BpYi2r&0Fc`^?|tz{_Wc*yL2WLsPb!!E4qNV-hrfHpNab zduc9waaTtEnTic$4w@VrE!2PCB&+W`8}jm(7(&L$+CzmJ8(jx!P{cv{azf<{R3+q~ z)$*yd>9)v9@XeJ-l)9T?d%~}_Z18&m|FW!U$%fVD9#jNAGQRCMY;kXAL;&NcSOMk2@@TQheq5f2^|=vVB@qH6$`uHZh4=Z~(u|{qNA5qWTEbEw8EAS##@xZR;1HUC8H6E3yN(18dsCkHqi55F^(DtUJ%VEH;bQnxd&9Dn>1 zO7_JKzQZEPQ76@y~b4RL(y9Sb!10;FV%+#t7n4U{`4C;D#Xs>H>tSHif;P z2HqU{D)aqZ+`n`-T*4|HSEA@ zJIna6_Kw+6u47_x3vNWxakGYnX%-j;Kfu3S&HpL{wUfi`aWf`2mByWtu1IsNrp^It z{C$7!s+*~DEH;7ZGH8;eJ*pO$ z79B&VT9Mk4w=`voSwx=7)AFP-)WLrSbhJ-9+BvWpGXJ>oJOno({wD2$#6-S4-}MNFiDO@~L0)7inBsrb{RL z)Y6`|vwL4bJp9byj0ije($Q&u!9QiK{i_|WY!AQwyi#fKR-drIspiKEEG)`+&c}EV z&tKZ{F?&yaHix)wxq3mEmv=+NqfVVfTD~nfrMVc}0!r4nI$NW&sa)Axb>Bd+#F$Vq zzyTfZ_Iu{a;jKF8Hv8TKAiYFIn-A>~lf?orAdk`68rstO>M#L28Fqp{;GrJYxKKi+ z+MO0mv67+sY~Nqt;8N=0kF_|*I@q{RSv$Y*h?dCD?26pOHU|CNZUxdo4l>jDDiOLu z*cnB3Tevl^QjgQT#sxfwIJ0k{$NVuv2~ljGhTGhR7*`~$1>b~<6&7;0kKBNH_gZsQ zu+A8_S=t?omM<7YfA-hqoHu9^{RxT@>ed)0J-(Ow=y`#;IIKWX?+52X?pEX9jwblM za~7SZmrVm9^y~mdnfDip-qB(nP&zvX@T&t@d6$SBfc4|sajO|za-=8z0(RrjufD0p z)D>C)S%@CsBkP|jJrToB7h#>%c4Hg+){!%UjAz+@c?Nx!$WR0}@_4jmOclK#2M4Q$ z7`l%lVz`awGyIL~n^>uf$Mlzpsy6?K@imYUJPbekAPo}tw4fm*1K6$lY~ooZwXL$7 z^bfR(Ix=0Y^6*`j&wSFpQUk97GymWi3tG7kMorv}5JfMn!mwrbdCKN)bk=WAn zX^OwBFWMuWQQh%^3mIYXP{9fiF@5V!V1XQl_q8Z?8w5_T%`z$aXT2=xPtA8xLk?;a z^@PTYF{lqbkPhDsHG?R)ZthAXtx;_$@*jbjOT#l|a9?G94_EMD|CDMujq!4oCAd&L zHC{121%kAoB^sLeE^y>Q$k0u%=3PTA*;F*00$CdTnr|W)&mibX*~5KnT8Uc(s)8O= z_=8${A*8F50GhBQ7!7}q3E3B`*+zrQP;&`nhGBq7+XJfrKBU}RK85a0GZZiVs z%)+}~rsA6!W?6maT}FCQ7BC&=>~AqURGT0^9ayt*5BvFcaA1N1(@?$nZ{pwGpw9XC&vte;6|IJU5XQ~+JPmLBU?ZOAV zH=q$$OKn6=@A<)CMxu1{ezm`ME(*=9Xg*&6iqVBApUjz4P}|C@UCHapW`(S%2^B&c zMb2-H3X<0i1~?rwn za0bXu8htUAOi;@iUwy>MCincZNk$x4RI^qSy2dfkhE^U1or+} z+lKFkzukrpA~$;mATyW2IKXY)d3!)J_Pj)i8W|Wj%$4iUsQ|_YT=PqV&=V18W2DA6 zz#6}K;$F@_XofQonMQY)g9Pfi0cQ$8+H1bS@mC1}zE4@LN{m(A7RFUax~v5~UpUnP zc3HH6oXBv^)Kb;-;_C3FTG2}|eU~nD z0Ep2wBoH$F^n=5@8_|U=O{Rig$+2#+pJ&Lv2jb>wNv~xZ+A;w+@dJFP8w!GxYOApT zd$DA0Yaggv0sxQ>8E6161_%ogt+Z`YB%kmXgR)WD5NTi35By#jx2Em&c_o}*UZLNk z{^|mv{7LBPhc6`~5)UDM1-f3^64+b=&}X zPSHXik`f&Fby@0bh3SzMR~`(R>&F@sSOG$TD{O%McNZy5kg2F}jx5=ZiLp1U`)0H> zmx;5U8dd1&tM#7}vB&1njMT;$UC!jdC`u8@^zX83Q-%ID+MEvavnCHpr`^f2443Vw z8%k2dK)BoVtC-N&SUuGv)CWDkvIOhmLR(@$^ur9+jTb4(Z~v@sARUr}jsia!J&q2z z?0!|GA#>~4=zBvPF!w|Cqrp~~vPaK(%jiJ1Ip9FTxcT9J+Gpck!|OVP)Z^%{dgDOg z%0UTVl+Ti)?fyQJL-qi_ay!OGKFYk~OFjMjjKS=V55tfV26*j-ubNWdZRW$=b zUj6L+%po7$Ou-@Rl=JGt6K1|lc+|dQ@)%-_Tse-wnFi(vQG(acIq&s`!glVYXmk@= zfde&xci|is`D2aA$YbeT5=IS~_ZS6V;Lz5+2*-#%fR70UXOa|J^h^i9f2`K;Z4+9Z z!n5l+eGEgt>caEueO3wmdWV-ytZNZhzutji{H_Ce^#i?N#wb26ngCC*{vu0V3AO;? zp+2AE!W&iLPVa~<(5Q*GikqEBVvn7NWTm|r8!2q`tcK=drKrQ}itnW1?Wck+n;L4- zrR+JOfPy?5C*-b+D6TIf&}FMU&Z2d0DGw5;F*nocN(LKBJL$%KkN*y2E)KPIg_>~ zsvY(!%{R0ssi>tA=eibWlz7t#UpB9%&9R+$BmcblKIX84*^=BIgOxxpxoBfzNIaC$ zEc$K{trPT>+g$+~Q(hVJURB`-qVj?2JcF=`__bvf?_#gs{7Aw z>G6RC)jxCUiL#m8XIE0YBQpl4?S(Q8{lxdCB7(~PyqkfCIaUR#-2G{_b(yMI^M+?J z=SHe%0uw9x94$IJb!Xi>IPca=C)VCms;wQvF`AL2UUV-^WNe7#y|_X>ubfaef>2fu ztG*9C*laae{A|*LO7hTY|5H7arw5< zdSA`}C50U$++20MC{F#Spf6R7z zIg*^{8Js20bMnt@Xl59b=@4j&5?bS!TAU_P6}4W_JLV90{tNWlvR>r;H0_t`nXz`W zDfE!_xK(B)Sq$-MKBqA2jW-RokVuy4xSWpkZf=<4s((|~6jiQuL`(#U7nk1fr*(F1 zG|CmdG@9&XjtTsnfr=~Q3pcBt3=!|9bO|ks;p-9IbKBz#XXx#;6g<8NqRkR zVs?O>L)AM-4{qarzLX(2n>aztg|&yNX11R$)drbTmLfdj6S#yT1Y5&>jln(Jtyd#B z`$p*CYc&S_wiK}q?f#MJI};EZAH4tezpGT>#<3|$=)u=Q)#3q|g1toL6aVHaa332_ zXM-D>5}W=@RVfpm#-~RcUShu{(({$ zLH4p^G44H=>?Jhya8(F+68QFXC$w7qo+=r%$pS3??;Vcg{6;|!Z9sVM!G#8}81DVO ziu_QW37541HV*c3z*KqW%nC%gI&8Yy4n>}`(%Y?E{AT3eE1&i0gV(#N-*Cgq=JwLH z;UP;Ixa|)t7Vo$Hs0J*SnL@^S$^1V$5-7DG$T+`I9+sJ*_o8{lC=Ukg;(GZd1oT*w zn!s*i5e|E!SLNgT-e=ZIN;OgIm`R_4XG4qt1N^(`56<%MWjk1a(FYaaUoPl6!xNom zEX8$|v?Ljw*db$9G!$4l!?q3g+6UjGpE{h0nBSPcSU!%XWS%zkrwIC^HAv=`zKCe92Q9i&OHy+{zIyp>OT5-m_PrQ0?ZcK$&Ay-kzNkxq_Uew@^b8>0f9yaXwAsStI zVKEbUh~#R-yHv9D9-neIVCO!0>Hk9C|DaDmDJfN+=as!DfL+h@dnwY+-BmP}{I60- zq0<5$+qQ_^CoT{29aXa3`|lp9p@B17&xSv$Ybcxpc27$wYcwCwMAKL~=sB@%?bxtC zq37&*+#GD^+7drEWv?~~_>t3n9Iz|{O>%_4zJsmy zQnVyvXd7WNx5gp1&Y$r}5!*h=A7iW*W=`!?zu)DH;08*jdKuLUnO`Ld_mZ-JYUkN5 z<68{)wpVY&ZZ9>g#^=u>3-Y_nuKpAmBL7k>#%w*!m9JPxk#n^L`1O7oj(Wlx%nK7n zx@eP7Pp`@T%U9ZVV6thhqh`Fi4kB;NS$vJ9zMTm^Z)9^+BxR-V%N~eo@1pK9UL0Gm z71`eS!`Vi3&K+hbSj*?P%j?%G^(kiE)*CgL|D!Vo8VRn@Gyg>8kHus}n6^%?tD;EL z+PJEJ;_cI}2Xks80_9u(ZKwohC@!9^cUWmrWK+w6?s$TE#^FbaG{#6J>>pLnBvsXF z*kl^LyZG5=fdX9f5(YFYS}q-)-HG56kVX3u6o*W1xx#B|ANPB=cm^ zwc9Eu-C(-kySg^D4CQ^fFkCZzr2UCZ|CcsP^GbO)eGxsp^9O_Ki~!oMcT4>xZTp?H zzRmA(WF_U!dC@x&j9E9{k}m%j$3~3)wMaQa7&U?TFNVBFL6xCD5ujt4%qs;OQr!1( zb}K;dATI*<$3NXsV$W`vI*3^MUP=qloXpr;zz-2?OMTMK!w%xa}Xe_<~7@ z-)BP*qTwWYy1b)=GbfClXSc@{#f1e6ckX5X$9g`t!@Ldif$~Ns*gnw5udz?yIadaK zmz2|Hn=rlm1SbgX-CkfWDHW?qi_s^MRhs3b5;m8ajbAvnnOYzk&X`X>Vg{lbRhoV6 zq4O`{9L7MGod$ToBd1};+O8}t*(gBz(BQzLu(Qjhwi0&9Hr-eXX)_+_Fmq_S`2#3$ z#H@56bM-_&N)CK5>DLSklWd-h)l!4hm^nmt`8k9zDzmM3Waj-=c)I%UqbthzG5tT_ z5dax*N_Y*6bvo?Xl^w&(^w;Ng8Q-UgYrd>yrTi*(JS~#e(vmu-Qw(HqHHBfY)5Vwt zh;Id;6S_;<9px&ZBQ^335QAW~jceRsVR3hWp|S}B*Ck)K;gB5Jrq8V5M^R-VxrY+X z1|X|k%Zj=OJc16|@}ffnttNi~>mNjuA?`2=dHrqbxwqLTQgoAumq@mePl--=%68!i zU|o$rf-6E4$F8~($icS3-`NX*oB8!Fu2h_qEE~5NeFcp6Qfl$SQ>Fpvq?GJS_=x$$ zAr)oBy}0g|L8WEcvHc`ppj$EXx=x(=kl3MHcwT9 z!)YqJ7>6GoyK#st(ByYU;Efva!vCQrL3gw5&U7nE$Y{W)%6$F~BUQG2RPYX?suRq4 z|MQTYC##rSg9(vh1;w^(W1Jv3-d7*eR-syKpx2D=$)D=-6JhF!A9oOL?Dvt?BCH3$ z$b;tg$;Z2yIEQFEh-yZK|Aj$49q3#lF*^8U6Tqsu< zVU3L*1h1&4>6U)*7e@H7HrSo3w?lPioGgo_@E~y%`7I9eRR=F1q^~i74vePw-G0F{ zi-T;*`*Y&Y&u0V{tD{KwWJLbFu7ur_Rc4OgKcV2eQKn8+F;I;JU!G}>JGap^XQx@) zK{^ zfJNxbKH>&3k`o^n($+1VexO0Z%}1icK+6=TWD&(%@hw&(k~ik9rG;5wanzgf?G8)P z$mgf|Dk~9+UZ+!AC#!ht#==2snU^!!fa&jBWBbFKC`F!99{TxAapFlY9uZ&$ zT0im!(A>T8%bEOxt$103eM?q(WFfq)<^a5mcKcxJ430aL+U{1(3zZj>Lh#A<-^SZ; zm+h1mmX%J{F0DpSTCd7jTqEkoWp7r$YqN)c9#mat-LCX*o-Az@qNi;k0HjcQWL_U> zx(&&iVi5TtW=sN*ghM>y+}IbC2mqN?OBo$7o(?<`<2%y`*+zBifRmlA@k9w*(qn8q zw^RZ^G2W3@qoY_w8zN+1UhAwOWT(L~M9NSejoe=ZBL8I%@5e!TaF=BHS&G1t^cf14 zJ1lEUm?GKUMDtxU-7h)EuF_Q8bHztDZcm7HS?2T%%VOpiw7q<_nV zQg6pIa$XCbonqFB_M41`TLH*fUI2w(qtI<*7<^s$mWT6JiA;t`*1D;WMJWj=lm*cI z@$Ndco2X1yV3I7qZ5)@7%6+DptyA-c878z&H7yuj7TTb4#*4#FQW>HR1fF%SQ=|~` z$hcaQI^^Lq3>2*1IK6|m5AyMQSq}%V_z_+f`;Ba(27AGPZsP&a?tOA+hjwON516K_ zNxmtsnx$*#Sb?NN&QY=XhErxMJJn&>oV4g1%)_B>$FyDGRK{Ay{ym-b+r~;Tu;9B= zPB{-Oy+>8lyR9rLi*6f4D&fzf+1ow=b1tXX_UROoUwpd(2Y?(#w|N6%>e+yJ@?o3X z8u`1YtQ)y*)L$l}8rf3eul4krN4vdDCIkI41*Vi`D8XxdlvZtt{0VJN)Z9g05yY&r z#onUF0E6WX?Wz9da@_Q15<2boU7oQEW%pgKV!Dhi>&@(hFf(O9ujw zMsv?UdHiTg;KPR=;&-HdLd%3(#iE(1kaps;rs_j5@Hd0>s88O)gTEV=Sc?Eirt9#p zYT;tXVyZOJ?}wyVft~;*|J#<@8ft7n^^iGF2Cze?AR0(ehoLHrB7X<~C0MA)Or=V9as!-(er$E1)&`j$Nb$|2-cI-J9*)hBc1~JwvpaYr z1NiflO}VXHBv5af0J`KdmKKWbwFXISJ_J1gw2vx5t(;x^Qe{sK5Y;6q0P7!^zhM75x_FT}~d6AtA?=iZ{mCZp-MFJk}Z4 zj`9UXmZ;;;OEVSv!oNh-Bmj&8gw94#i=GnlE<0r6;9x8(rHF-6Ec_Y^(IKU1FyRPa z#UY69~%SsQaA=_^aT zspu53-J6EKQk!UOSg0+K?`1XS0u{_7ObCAX3vLrHK2qU^PU76W?Aq)LBi`;c@^1;@cSJc0Fa+$5kp}Z|ThWA7q-a3z6%rhUa zZr#<|2mt(+EVNgCKv1CI3z2g_0L@lNjEJ*kORju_@09BYR@)#9T-Q$}KSTRtL*L%} zl({%d^FePzX>Qg}DD;eOrU>@?y_pAE46>z$D3xNH3D?Ef0~jS4 z!qk%zewhp4oZp#lh#LHx*md%TbRg+-VhfX!6Lf(`CqZ~Qep39R!do!fB-ywV^$1`v zguj8_CCbXBMr;Ec*hzSaGa<*GX9pK|6kmY;ig2-}Ljufq^ofMswD4N8MX;fJ>yGn)F>6hm}UJqu!W;$+cCv2y|_;Q$~#J*-7O zS{P{1*EF+3A}E86t8{UJ>q3-6b?4&9C;(3iz=_TuvN!h%YGu>hA@y3h?C9i^cC-F5FMFa|Sc9jo%*IL_dQ}zY&iOg^*_Tqx6M&Bfp^}Gz z-iZL#kid~M9)K>#t+oV2F-n@r(3wSC@LoKSaEkgDfK>#5%JcW`{I(Vakk4;DbBqq& zV+=%sWCJl}x>46MMGFP#=w(QL@|~T6zrB$G5K{MuX9WP-Ue1i2SsZ|heps*}A~X{4 z@OPNxZy*fx1_q*@ZISykazwJ=oAk;oHeT3IsR;1Yfw5e4Wv5 z@`Htf_-^F^F_zmfP;rz;tOaszd%!6>8l+A$Cb#LNHER<<_yz4?Isg{ZiwZ~z|CM6D zD@#HSsQ7Xf{`~Zn@SSLOfOuQmmDMJM0^x<}*HsdL)d)a%w7)qD2Ku^ZeR%Z1&bvZ< zow1Tpf>aP2h1hpImo*&V#ocKAU`BIVS2jg@w}%<5g{_hFEZlqd_XTu4nbQBJUC-@X zG`B_-qHlY@One4_#4->8(u6okwxNqC7hzY_RK;wQN;dL=4b{zEoFGMvF++bg$v{Mq zo?qx60$Bch19fj?j|upxsZONd4;mMdZrDKee!+6{KCN%H6$Y}Qlw+JNQ;z|JY?iEFw=X7voKru7SC zWwyOz1F*C8J^0I$iH6=b7JST4+P3lz;KIm1*6#u)M}!&rCEP3sO>>!co;}wP?NBAn z8DkP?oIatpwTypsFNzz}+Ly*myN3bnCd~l@B2YS8lP7jk`RYn zJHIrM2PBl=Pm2pzVPTx2#dl7nMk6{TbT?**ts;#yc1VJ-gc&nlIwNkRvz0dR0R|ua zJp#5P>i#ZzjZ(}%7YtX$5Mv~C=u{I}Kdc5*WUT1N<0HiZUDaMQv;bU>t1+rIQ)-VLLnlZ80lj;4f zb!P)m>^xX^cC$@mEwa$j$HJzRT-?(#ZmF}k%+9-=SHR6OP*%Q2JY!4J{}F{CIQK{F zH{Eczhd?r0en{yOQW_-}x{a9iDh4Mcrb3e@HIfKOkPfn_o+|#N4QntG`ddFfR}S$a zU%p8rrnhEY2y}1SDWGR`zr?|ppNtCU2`)A$BxvmQVjn!?VWeOl+>q(hQ|`3|%V?V+ zR=r1b!l}PW&C*X}Nm2`9Y1+d>yCfq1LsUZu^_(h(*>LZ5xea3P)Y~$I4~}8f-_z7f zB!iul(}weERU9&?`u)B33kGYNdemY)zcgDl0?*C{?%Z}~E&*)JcbCO%$JGzO;4gXx zG|*67kzQ2vo*TAZ-t2q3){`7Us0$awhKk%~{RG|lCMb?BWiefHxT{7Q^3VStC+tf* z(u2Xx&&(5knm$rzt&t*A=bswR1}^hi8bX2sb4uJ_CvH3Ym`&%7PuhY`7FsM|8^GZ) z^dxp)>FMyj*CVys-$Wj)5yJ^cmC9=m3e`XkTe z$sF2Y`GEi7*}S`bA+V`A)Fi=2=S zHNvf%!Rt&brSw{@&_ohk`rq&rg%9Y#z=5=XQx@|XK_I1&9K;!&90OgwBE!7B`CwhLOoDwX)8p*FaFc#k9;7Zd54(sCt480b_eqQE zu+D*w;5v5X&bw^4bqFdC{)ly@(GAaN`XlAbS~tL8EZ9pjtea>r8w;RsD*xbhST^#0 zIX-XjN5L{9s;=`galen|aEWy}0g3#p48J%&|6iT4%Z#vhA0#U(Od-~IALaw~=Nmbq z0LwL>i!eGYM6cfl)y_1->2R7$6Dk^kvc42f!m3-h4}w%h@WRk7Lo~w{BNn5ncb^my zutt;P8cWBIs{}XXwQFTl;&hF-Wx$`-rzQH{EJ}ncmmt8LV3JC~EL)t8#jnW4o=WtZ%n}yosB2#hBpl?&V|HXXYK7VbC1P8Nnf(t z&~y}kVW#iz3F?aPH|q<^{mVo5Sk&ZR%5g_Kl~VdC#}^zT@____LW=WbLYo_Iba6Yn zueyQvUM|$HdW$UL@l6%gNL2U;BT~wK(^+gbr#%T>GCFm-!ti{+O6v3|p(Qdsm#+9k zs{i=Z`A#yS6F~W0u@`yNZLfVMCxl>np!0Ks?YW=^Etdk8q)2hS)@watekZ7X4k^@m4 zjnDj(f$}i@l{W&Z0;`i1!aTzlNOu-ynqyZ-`}ky;&MZv%OBY&(sgif{-sJzc1=!9& zmcVGwH^$nx6HFw;>z=wD-EsA|IvrHm7qENXxo9B0F<$h2Y+4h;MGrXr6>t<`G*#Po z)sD0z{?3U54B;vg4*4j7@gc9@b_E(o4!)x=Tb=n{-<4I-nxXo*z)t}RL*Z)pa|PZi zgji$G3XpHK?T>3rE?cF$cv(rKygdL{Y zJ!EZn#Kb`>EQK80?5VL*R_?$%nwC?teqMVhykOxPQd^m2VE1vZ_!UnVx#DHS$}=A9 zF+|i^AaAMmZ((%?TfB=puLr<>J|p*{)|TImfnnWsNE=NQ}Dj8xy8aTI=$ns`>iki@&go5cPgv84)3LK}f4CcO zbkO~O6w>(q$ADq6I6uR^ucTU0eBhwWf0O$C2Q;s~%=BwfmX&pk1$O9n28lPAK_{u=~cmo-KEjt%{w7Yt|Duc#Wl)8$` znf7YDag7oZeWlwk^rkpQOf?z)U3!&AXCKOGz=1oRYVH*HXq+?9J^R15si9t9Ak|{9 z^ofE$%yD+R=}<7bwOQ)+MHgQqc11Vj6XK&7r?G|yQ*UTbr|9kF?k0NLDHA-=6)0S9873bXzwy?JvT*rTQ`=r#g2ANiM=aGYUbN-T~O=Y znMa!Rikt+FkYQ5}pDSw2(5XT>PDhlD#`sg5^?c0CS8ktti>Msv#rOZ4jcyzugV@zJ z`$Zc-br4N{YOg*VK z2M%m-=S5jptxWu{P!#{fLmoIf)jZI%(Q{z^SDQ|@W^!c?$e=?O z+)q$rLEKu8_)uLr+UlX#bU_@$sEBfhf8@zXLY~ud`1a@Cp%Q_Izm+kUpsTy_RL2xj zO29dqcSN+8Qt)}#qhNQBaSAF}#Lsy1mf+w-@NgrO5#D`kGCYESY*7Ec+SLya?c4pe z@Z*zlM<`d^zM8Z^RW*|M&GGUf-S>Sj<|mgb>2h?`L0@$VLwS9I#kr;GOM~)5~nkB6R|5aM^a=5jDG>XOD$(P=Nw%JRFe;0%v(6W<( zr&wieTI}ak<&?ycqAc+M4v+95%SHmj8#BRBzxpD{?H(^HzzmazAG^>-UgoF+{oPm#ytuN-S(s^>7~7ktS2kb`ce$vnRkAy(j@Ttc_4;t zFbEW_9 z_*S!g6I6edl24FN#~_BeULiIaD@=VahZ(Hr7+vY8-h-wH|0oHaHoz`(V1H^7R&kZ` zXgx|SXpl$j*);F2X-bXSJGfHrY`k4|9XneJ(64hCKWY%ZFbjl{mj%ENFG2;}dk zGqa3z@ZgKOHhe;qFAK`UW1Ck+u>DoY*+peCAj|l(uNml;(>lcesc7BMh3iH ze*@%nGr}T>i`HSBZSB9uyZ{W19)Z7-qgV(dE?Pc0;@}|d@C*_rGx)FfzA)%9NIGV7vceVl6UPZX z15*qRf`W^j5WD_6U~DO4P3}6c@EB3RoXp&J;qfPX*=1c}z{R11p?3xf6tj2(ssO1$ zAhvAO=u4K3{DiP5BlN^8<#qJ-cN6Ww(W@Q!pn>r6@)==GSoOUo?`!ls=BPX<|WDbi+pI`?A%2k%ZE*{z>>$_QLvoQFxnti^vZ=S36 zFa0U5J(un4vitp(Tpm_KF$BbU!*&pbu{HMfd^X+IsdZ~+9r7nF_G-0&Cfin8ykrnxRBbG?TJO)TOfM`SzuvSdO` z>fJK}Mr=EZfD%(iRdLZ{RMATanIS?!q`7)WOHqF{ z0dQ`oUHXcW z)XP|sheX;gtdg^`Q)UXRsiAeDTo+wffMCOTXL%LEmuNyp0O#tOYGCvGC9M)BCH8d+ZS5aDF)t1XX3Pzj~bk7dN zMdkMypo5!3tev)`0x2zr=ciq<0T1Ad?PAeSBF9IAnh3uv#AkOC-rCa@UIh8WOyI-h zC~Ox_zRHRfZ^x{+Eg{(Ni0%j(Q$ZV6R2fpyvo$WTI8`v*eq{2IRcTjbrGp)$JnVuB z;8?{vusA>TScv2}Ot?;v6O8K!)4+)~^IgJ`vccK=&#v~)t3vuea2DkPp?ENN;?rNh z1x_{t4=STiMd7n+tE)}SK+BDK3&7~5-_q$p0n(6tFxbcX;%W+ObAIQPquu0NiG#U5 z67g*2LW2)KcDN5rk(7aa17WFkPEeJPrIu&U6~5l+{@nLHpo%0eu)b7Co$8hPZY3f+ zO&|xvtb&2ma)eV@YI1>HiqM$zBvF(b3C=!VHYY&>V#*^cut(H!=`)s)m930v z8#04qCoLS~nLvSv-Q!v_&z~nUtD-*vaYxle%=5VUsFL_y4e?mIcZEt$>!t|j2dF<~;Qgd=+{Gn#{hphP40;Q9; zIc8*}Mv6ygiXrLlopjQD00)XOQsnZG%BOFrbdv%qry+bJQH71O*17lywv#<8fdie|lp?HS^`J$Gd`n*}$QL*hR5qU_z4mZ)4#OQekS^`|p9-Qj^HK$k`kHsm0&xxZ^ z6fQm6>>9xgP)Q^~Qtyp);Z$b)Xg3mE&P64yy{s)TIEg-${hA+CS@{b(NQaPHIY$YxU@94bG!| zfB1X+B6bo}ss1JeNI=Gdqj9wp3ME(E?aooO;w(rPPe(*uHjJA68qMYnGz*&X+6xop zwI?4OsOMBa{Gm7g5VoEbl)KbYqC2fbY!ucv(Mv?P$y?#=qdU!dTvUd^zn+6GSYRt) zqgs_>A)5~t5)v^2k?EL`H|DQ>xFML(Z=?hQYuS@_-2zik2EgVbDW z%ge7KIQM|B#i!Xu;Iq^wsbp5HJ`8@k-psv>3SX{ML{QbhbXN4YV7!_I{|OPFT^@mv zVnl_z{lE@yZ)?4ytWQ4htjanm2Lxe)OL$Q~D>Ea?9(lq~1~y5vsOCgq=;iF{e)y(Q zl>2QzF#Oryj_S5wF`XSyB3PoTUS-U!vYw?jEXoz32R)JMWr)Y}A%HnFAqPs5(KJwE zlS=R)1N7Db>k{4`0xPl}A_ei)sT`=g@L`CZ7mU1fv()&jdkX{(l8La-=g9TsbjHz_ z)882#7c+t;^RgK9{6as6Cz zK3iK{E13MZAv|ToVw-7#EgHQ!e^{9P9vv7iDlj>0C!)Gi>u$r|NyQKHlpsmurJE4z3&-3X7erk%3(C4&>=C05vRYUyEpF z{a7%p_`I+^@=6cNI;lXuaXYqp`rSC_EpqS`H@w>OPNBD^ka#MPSr*pi&yCG`2Z(=? zV^qe_T>lse9~px?XeA%XK21J3vVoBnYB)7wL}bG_DB4jR$?+Tg&|MAhsE(YaVwp$o zZNVW;ursf`wtnO@napu|y$cn8zTMG+>xVf_ow4?>O@5du@fxQrHF2#>iCHwShjl2a zWU)e_7}TYtba^4_d6dY0#+O7NF6k4P_XlS9>ae2LAnjfNVH+l)o@vzW$FN{2P*Sxz6;X9!w~0$6?zSM8~4_>L4z|u4^YDMSf0N8U%^Vd|9c0Fm{Lu1pIt^)P_S&v zUt#9)tm?jUpt~izo*eSZnaOgo{<--vM#vreK#AoY_wE7)i1#}Rgq|zSo3vij{oCD7OXA%NlPfdN2gMYz10XJg0_ns$3 zg#j6Ue18b`Gjccec3$cq=DPkH&_LGK^VfXd^G8(1wcumjSDf!Mb_MyKhclrQepK6S zt*8~WT2qc)@`#@xtmqGx+gnV-vC}5nAKGD&x2c7w&_kU6qcV9x||5-RtmV7B@&el`hxkZVM>xAtof9f394|;^ zhR@p4oP@nPR#2PzZW90sYak}e`-FY8c14%rKE5-oj#kj>DH zv`+|)yAZ~ih3&-m$nvt%bv}e$YvSkK=wA{dds;?ehBqA^^VDFH^HnoZHXW!QW2>#{0E(Z9Q-TZ2fdB5-I55mDyXX`fF zJzkqM#Xo~u_cJvhR!*OfX13vznR*#YyBc3F+an2+tV~9u06`2F8v7 z0?s4Ad0-&a1@AIlS!Y7X9u6H0t}X_fz#;$`K>z?y8VC!x^npi%K>$x;UGmsN000AR zpdA(`AnOxEMfLqt0tgFf?)W^((bsy1k3`510)XE$Q^0Mn9jsD<-YfaPPp;>UBA76A zLcqB;F!;U2I3z+8LIAnU|75XvK(r^^sVLBxg%I|?Cf@1$c*wWH1ln1mdx|Td0s@?Q zPzd4B02G~{_f>)2FI`mdXe69~wMv))JYImGEMz(l<_-P57yys+-Fn^bx6@Z(F9I6i zoxsZ$6dlR;Ui??-=0DEChAuWu+Ag%9xh*TjB ze0=Yg59h6iCJd{ya=zTNt0ZbncI1tgOF73J*{vG`}y z*B>8aON`)Dg%g)|#rzgc{eOjsh%Qy=ppzo7p0hs=T;5_=JNPzb?Hp~p)o}yk38)zE zH%NaHxg076<`) zOuu9AEnb%7%Pux8?UP2nJ*SFXD{=gh=UF-sE`HlmvopJ2*FL3@?3`BTabVLtrjgDe z`>)B9Z;-F8BmbNbUh;TAm7{g6F1qKTW?^%R!RH3bpT03}?c>eShWFAXTuCh49YZR2j_ zl{5n3h7pbv<&UYyrvrRROt`t>pQ9p=if^SF;b8Dj1zE*28oIX!Tdyf~V_Zsj>(gg5 zvDv|Krzzjf%Y7(Q_jgnu?3MeKqRC!lu;v7*e(7D}Y}Fqhl2c_wIyq68ni`yPVcgW` zy+)-zONF)_0P>_*a!yrc2Imv1eFBbg&*%+EBTmNy?|KAas!D8%x><3Ji7vIOTrJ+u zU|hc48%Y#j#ESK^`RFcWY!`TxD2Oh(+RtZMu{jO7w0WTZPZq9$%f(wel_efF;&r;O z$Dc=2CqFG4kqP&qgfBB7Py4tL4(^Jx<@{c@IWUji5n}e|4oRL>6gm_XPv5wW8w~9u z{~>p+#+K%Hdzd=a^)YY%q`S`NCv*zc0y5&2%hCO{iOS(YG|TSQ@2}LqKGiw`r{`jo+Ptc!zwRoS2j1{@3TEwgjvOZwzUMX zfIKeXdo7|pVc4z_E%7ZgIGFu^nM9X}lVGmZG6y#w_M+P6YlLP`VXL_X=4LsMZ)f9r zV}CU+OQ^oww(gm=PgX2ABKG93qY=}P6&8(n9(ZyKByO?Qru-OCF3B9?cOw}r^+%Qv zh8G?}caUl2pNku6lJNOS)g1jxvC*wS_m_aGP2(Toy#4+r-1%$G!XH09p95;a|JuY9 zWk#%zgDD)F3NL?DHZ}S5Nw05U4UkqF8fCBQ?rFOcGR^s>^2OA>YldNpW_G!Sl>e-| z3UPy^zaOC+NJz4J)RTSubHSPvmISv|Mkk%@Zfq|gpfab4U|dlCOkC>m9BbM`;UxHP`UQSGrnq`?fNUWmysEGpiF(Fh zEP8&X0sq23wmFI&IyrS&*?}xIDz0wq4sBv z9O?rW+I^%|y)^nvKwW zn?s#E&_#18@Ml;*k@ly|{O+tR{oG`V4M{JwJ?h`e3=$=Y___X61|T2raaffM`AfV@ z(H_!^hMm%;uIgifv>k%M{?Y}U-;G>7d(GxIJ=#BcnhE%r90Gj<3+}LY8(gR_i|5ff zi2vJqSEWQXMQBSeJ)5v8WM^wLKkO9U417z~f0VIacesU|U-(S?m;ir^22C_Q0?SahBUMYR*k3g~hw7L)q``z~gud-MIG+ zD@$Rj9(PvAs|~L{%?%}#uykemi(kl{?Jl7h@%NBgC9YJ-c|Xl+ z$x7W5boJ%WEPZ~6WnAu8_^%;4D1`FA;9`Cg5n1TrsO!gHN)HGR!bH~Xjp<={!!+CP(O0Sgu__E>j|7`(^v%&S~$k_^T?~rzZD=@)6g!$6r{{3y%6x1R0 z4Zw9yXRMk_mjuHI>ov+{f^4Dx6J8-`5AkNG#6*`DFN?3gYLsD&QvdK70v>}%?8%ee zR-2uQvJ82CiXiDUCei$*@)}V>u*a`ZXOZpY2n~_Q2{`&m+{@f(lYK(H4}BEh#51OG zyiwR90dhPpwBU$vt<5T>>o1|Tkk>b7rAXocG24}4tF9+1r<+uMIKcV+%61hZ;$b)X zOHaF$Ep1_X5|eYW!GuYnB=dW4Dx`F`h)Aj!&AV?{C`R6gvkdliTC00HIB%f{4#r3o z{X`L;*MO=d2`s};P3a-7+b^njLkTjdtg?}=fEzQ&(dvEY0`9h??O$$dBIpJA=pY^Y znQpk7ia4y4Hk71@2Sa=d@YY+z3@dJ4kZ8ut3}!L}35rf@^$a{23c+R<)++B zw3fULs-`(+_!%+fgl9n{dXW_dik+wkka2B}a6>f9Dl#GYH)?3T$`@tAH1cr==?P*& zMf$yCc%(i-VY>a0T0qskPlfcsO3=IIaJj)=I1f}FB6YYKP>yN-TDJ)sfaUz#a3ERG z|72jmRenjYlD1{B zSG%RGav7sFz+Mm?jL(~n3p|*U9fsva^-*6|;SwY6wt)O@p_aCbB(!aS>4=XwAVy9@ zVFftlhrB-0$9E(IU~N?Bl(@D!;|_VIHow^0oyo(I-q3@WBGOFk8K9yg{Lio>*pXFo zCxJ^Mi)6!Uv?vFFBq-_Og_@GAerMv^I#aAMWki4%aEy?DfUn&rmm=m zSAF%_*3*e2#k8h1xghH1WMsT#qzw5E5GpLF(>%?^zM3(-80JwHiS}3tW`-EoZhEM<&ZaC@RiGfCp9x3fW6gl|4X{;iGO0jH~SjbPWtsOpxJSmWHha z2Obh&Q`QepeP*f%ZS?}2#R%frGY|zDWT|7+J$5O1u>3rx0PvS|mc40TH%->7l)>oW zaUvjahSw?qY9xVmhzH0}k;_u8%ua-|qy3t+Z&yA-0MTdi06JP!GS#M@zZi9=($#Us z7V}P>k`}~*9l6#mH7?9fp@B-y&WP6(YE#j?RwrJ`e0issfKf`6GQSjeDgeYe+%9o0 z0Bs!z#bBinf`7G6QltbGlTx%$BMCo2Z>AOi?TRI(ez<@;b0 z_{Es7f87Y_J6TWv7t9B(+b#zXChqZvCvYUz$QPrwPfmwJtKa>=1U_!SLF8#^nyHvz z4VNBH@urYiug+_*A=vb2S$&%H;(#prf=WQzNxvgTOk$^MYgpB7Jw5oACf0H0L;A2D z<5$7<5j3DPAuY-`i_fHy{hec7OUUkUvTid7E#XM^rQm1UN8ZF9YzSl0vmxql!<8TT zBJXYq*9(klQ(;d&VEO(^1idb1Xk?y6spBi3XT+NPH~7-N!u)sendEUzpgmv0m(gDu zQ=Q&e07seW5xAPO+5O_SKepi|3+l>vh?Gg>9xkF^r3WkDM!pZ!l&>#~vbObQY8BF_ z0YNLyqEL$V~kC^|UQ==NdUjXsy>!%CAfEBF#!|Uto{jXc( z$6AyJc!;ucYlLfZ4=v!FRycwu`|wgIoTyquETRC0a9!}==ODhhB!{@8!4*%IdnLfL z5;8YX4AWE%AQ#dY3srx~^z~fPgizVZ6{J`CE7r&9Yfe&Dpnw7aX{H(_RC7<{5HKx+ z&cRo}Xh&T+O4?y1fZt$Ja}ci~D@04(?SQwozUvSZ{sjiQF(`HsT3%I+@*s#@4&(g~ z1LE~Jw+f{NCXMejQLzH|9g+s^VqkFY85YvXeq{C&{4+4dCX#JZ%3qP7aGAj?{eo_$UoDM*90VlYa}3*G{N#_{`-`rFzut2MAvuC}z;s zO{40X2>!JdMjYs8bnxyH<|mE#^mcdm-2MFc+QtWU0*t{`GBW6D@r~S22D$e*U;$X< z*SC;ClrouIH_Qy>>xgQ}9|0AL%;>`Di+msl`YPZz;+Bw&d3A#^5dzW^V$R}Xe|sgx zNl11R^&T#O$K6Nj5i8{v>;t*C`;ZZkRbwg^NT({xT;>Cl28+p_eN1f!snigbyv{ox z;WH6n38NzZe>}ZqR2)s$1==&XyIVqVC%6X-1P$&mKmr7JmjMCg&E@=fz4t(luKU?gvyFr3!U0v{?klW`<|4@F1A{DHp7ta)4&8Z6&!x!4HR8^-JPZ zKvU;W0j%f}1IFJg{3d7+a23wf2XI!~XM+Gl)5aj>&=4vhG~H8o(4Uf6YAcrFvR@mZ zK=bZ$kR!Zg+i0LSbh)s4p&J$L+mhbA^I$?|*iegub)i7dJh=^xjo0uJ+D}F}OM+C9 z{tHG~fIkEJ^!sU4=k_s`4}LI8UH5M3)OItu7IuxVh}piKMr!}}c;TCU3r1IB$JnwN ztEG5lU`5_CrF0ZMXv>1BW#~A>t)0>-`Thu;giUsKKXbZXh=ub;*Z4p^c}!+mPP!c6IwxtgyQR5UxpA>NTae9OuP zd5jI}dQ7#FhN<|&EUbgCzDb zUk{tfbVHIz>q#5u@4x;1E)(HKJB%Pniy1u>S`W+j*29xsJYhBZ?>qa22# zxk+1pXzrzw@k~ap9MsR%63&{)42W!&OJDwca=qHL)tu=94{&_)^WqIw`g3u%-(quA zC%^Sx!|2pjDy#G{O8{0F1e*CVP5`UhDaal|`p>Bf%&qj$a+S~{sYdY%f z6~!+D)u6ah=7Om4kfJCNIu>WF4JJmG@DF3BW@&m6{C=j73`~n7YIro?Nd8y~X*(?w z!NO1ML@YUUkh?v&GI2U752-bKuR22WlgL)O)2HhQIQL08F*nVS66nc zUEnQoNMnZEjB%=yB(H@R;fNdW;|%mDtWAj4+FBwDJW$fIc3nJozON$tl0t>uM!3H% zzJ>&w&4HH5S5Ub+y@{!rKu+rHwIW(xm20~>OMRCVHr>YjcGWs+rMd8Oa3f@`U!**8 z2Qh~7CAwMQ7sA!gc(DD6=4Ow7E^D8j5!O&1>|`^%_NXLQVNagsad>tX&sTGSgETQT zTe5-^zS$>3wS4GH{s|!>y$M|tm;I>MkDL zKRxVqyPk3+bi-_g{3aay^xXkx7mMh05W)Zvr@2D+_FlNbAKWP=^{9e+q5kOcBmh0% zoJ~j{C)f5+o~or+x~@Oq%q=-+*Ii(ws`MF+FN^tglo$!Jog4bIgS3ZW-=UH~MZ@Y4 z9h_Ub+y;9MA>$J%d@bAjCA8yz_a?4(eQ0=-{; z0xEifS#F+!PF}*KY2r-5d%}E~gY7Z`)KTxU=e8G9>esb6NSb$~3ATo2rUbm0O0}pr z({MbC9G!-y&f2!{4J((#h^IbRnEJ_|rzL5D;J!cTe{p)#zGj6Wzmeqeegzh%MjJ)H z5g)R)6mb;N5f0rTn50?rPZ)bCUKn0FE!h{+ z-|8ge*dUB0<*h_K4(|R6-hOR`yupr0*$n@+%DNg2wpivc>F8qC!y@L<1@VwBN6~_I z{K0q8=r?EI(NcRLNTZNtZjfaF_->Vu%Y#J+ueG&=5*n7R_i}L*(TSMvJBSw$8(4^JPjOcxE-=i2M_Ew)?$ux?ltIYaJ($QZst12J0OeO?y5V$KzuduuH2R;!6iwK-fUv1( ziKl^$)k93=H+cUIy8`-Bd(rEk@_dW3sXRv(6{`mO?_s|BNDmy~eo$bG$w_gS2|CjKXt5wghQ5dwF9 zolWl^kvaT%i13WfWYE5mL^4?i{F{0YoBZ@Pq_gxqRcf7_P)G?)(>lzHjff#Z z13C;z8&s!4UZ(SppZ}i%rjX76|2vM;WG*IO4m4Wngu*^hq6|z(xOw3*9z0&x6CNi6 z)AP1{`A;t+PdGP<&}$zN@6=-5{KfM%VE!8Q7;%9WP-4d~G4L zmeCDOesJ<4YAV|nJtXTT0*>WC-S=FfeY%VPb}}cn^G9T0OpQbDVO=i=LkhS`I@@MV zo#-5wYj~Wf0!oHC;J^g;pdNrG{=yL37f2eD)7nvoWv*_~Lije_hGIZLsc|FfkL(!-AA3pC<8fv<)$jksfPgR#Y5qPSlQE0(>L!YExMJ{_&`7AcrUqbs0Lbmn3G(VgZr}X$Bx8X<) z1Fde2mgI=6CFcKAN)MF6jCNzVmQjtRvP=(WZ#URyt<{Ao(Gu}!VtZ{9+OHEDKJ-Kz zbyQ%af5rRh#TQnYVfH`cxtNp_l38`Q=;r~8LY7~D!VNQ*>TeE935P?hfWlW4A&D<9 zP}v%x<6hOJI(C2kG1S(Xc6^|7Hy;^~cWW38uzm&g&b>FOU@3Ix{t{qIbF=e=&<%m}E< zPyT?lPFZDiRJnFgvTd!nTd?$pJMqJp+KdR9()7mdNo){lF0g`j>I4m(OtUvaD{3XJ{p%OK$zRxwoB=mS)nfHX~ zq@OlAtd%J;|e< zX_yar*Wvc=$MHKC;z&l?OZbs8!*My;ORJF!(z55ue>guZztAXnN6u^{@ym?IH!&{d zi3{Fh6U(X1ZEI0}0jTCubWdNh?l;W@1^evG(k~DJv;2=MA}lUPHHfa@DAVzrN(hcp7$_= z+22)E2>IgF-+3-+2z)J84`gntsYn&&6pI ztGs0eVNN{e91EHzPL$^ZyF;TsT^KG{2OSWxir_{hS0_e!ta(@c9pWh7s!0YT;q_bD zEgAEJaBj4LEB~2OsA8;>dDcBGqA0}S@{#(q=nFxsAyoUzL82O(T(y-n0Duv_)O>^Um|Z^RD?*VBZYJ$acqr_D^om zV;6>GG5pxP2Of~ivDNGYyEdPIq^e|(lhz1yR%A)ZO*wR&?_G$f{(`9XnG#;m6#Ck>d5)o&1AiK!{__u?!#SPL)?s%PKJoZ3 z$Q3dULSu&;YAcB4X5EeGcT`X@ZHvmHXby2r6Y2Znn?{ShKI`iMa*uNCQgQ!!!(?VV(kPYs#El|qf07#b z(m5V9Y57N>4Bf>K@zNtiy=|+$x_GIq)fP1~T{R+(O1eg~+aVM{uW45!Y1WdA8WO}F?!IxEu7zdV5h4@zI{keK(5 zC)?1yo0w#o-#!9E6h5DZ8EgxPbeeu*1j;}CIH(E052!QGYT$ljA~6>$E4amYx8@HL zKsCoV(ASR2O6*kQ;L^vkXy=%It=|m#sPo$cZy3dpvKytt&OM;5u>_w%aK%P79R)6Mr z)0`2VHQVdW!7Pt`#GL0I>|&ovbQI?(UB#Nouf(QH^*F5?bqOzgAI2VyUpd!N?Ge-% z;(igy^zXF-56#pyGr@L|pATOMl7)iK(GBa!c$ig3M>uc4%_?D~9O|{cmaScslJFg9 zyeb=x%1&f)NWNj~&|v$0 zjh~4S7X+tj^voq=5=bJ9+I8w!R;CyXAo%Y}1Axu#@ayZ#jhJj&)#s^VwCDpqHg%&| zrKg%k+qMNOGWM0S10cik^-ejdO@%F1xsHg`ruR501~t6sO8wpRaLrVN+TaTZg+9Rm z_2VllEI&bOrwXdQ#CzReg7Rp#(Zs9V$#M-#C6W`5m^z3SzeL{0y6Ro#t zwm~dcv-I510e3R2tEK3Kn=DF|u|(Viy7Ij{t0z*O#pkyolMW>~Ol(`m!k--yV|OiB z*xf!>&WB&ZnziJBszW+ic%yLzlS+Tj>3jw&>@Zob4Eprlk5j2UHJj4{Vhg z4fuYRlDZ+Fh*pnE&*wSL`IrV7iINFpS$_K*9h$7TsnpJNu;KhwSwngc`CBB`{NDj7 zqbGEmaUJyyv4)0rjn1*hgELK2iBsPp{sSP0R}hb$uBnv3XnT*JxT(CBy*uyRpaiMDn5=_lq;l zV)+{f;kD3)npl6+wiG{Izh*7^h>=lN(ZEL5wtX4DI+TZWAqevhgdwL;o1W|b;{~cl zFF8T1CAtOyC7de25 za`bCemNc>AJqw8S?~nQ=Y4^t|A+EXy!Q~{Ijyu41{k6wG)4t@E*`CTHsDn^qMdKSn z_8KxL^J^PbK$}4`%qMW=-zhfn8rewNO=XDrcZb-HHYjm|)htLE;sM@8g>mps`VOo$ zN<>_|j^VL4Wde8$PV6rR|G!#*AVoPMjV5v?64sovciFd0))BxEDV*3$)NF?lptk`@ z*?Lrvqhe*a1W042^4+NSrGujj{e&QC=Xy*uPPwj0rWgdjB>)Wdn5O zK29_Ji1buGv1{Vzzixv$18CJJ=h7z-X0F}u(suTjl$~PaS;#LP(wsWFatT`mXS(m@ zfdd?J-kfn}wOHLzQ547Gp5@CppTGVe&G$#*Vb~i*WQo{(ao|*=?V20c8RN`itgoiS z6|Ys|)OqGKQ2QEq-Pr4lioK5-J%}!Y!%6j;ML!9ru9+Te#}f`B-Hvi~+5Hota@aC) zMj%L!H~*5;ty0$YiKU8tGyUV~pI<5e&SySV!+u)}5jWCwnzn-dq6@DVDEzZf9vYfo z`*rg@rcFII??+l5g*`jko;Px;h=(xUBJ^!uv@lBGpDowtNH`zebF~g zmSh)rogkI2?PokRXCsXv^u=4_J!#iR&6BjyV(AvXx6%9BFG%~4{OGyXlpj)QG8-`d zK6>#j)W&ZxY*xP)oV-J*>!-2tvYFma)v860ZUAK~?^#(TUN9ux$i5C3tk(|o@n#t6 zpUaZ@u5wSi_bDncXx&_k$X)~&c77~K6kjrkBFibi(^Qi7u~zZCp*^pk#!X%c1*UK1LgC6ZyeIVZ zUd;tBSoj}k-Xgnr0x+{@$BlQTLc_ehSwX<+>CeQ^KE4<&(&x?M{=tynveUQ2!@rU} zjDpEr<{<44V_q$kTg<*xb+&sg8VLrzq@P%Fa??pk+()A3!}h#;x)-oCc z^Kq1;`T_)39*SQ+!9Cd!QXg&R_sQ9#COus>CRYe6RId&SeUT3T6z)-;wiTJh(XM)0dz>emi$I~2L(a&_Gtzn;hhI<;UJyNj8dnz z`A9&J%<@=I<@g=w%(VQ%8d7%1&Vtr{*?go@s$Noki5ViO7^zy{WN! zySGUI)j@tk*4d4m?12Hj^qN0yU{+m!RTAiLWWT1|alUV03+mff0xT|hCosz0)S9&q zWU7t^ut&!IjK5YqN?YRoCq82>L&WbzvBgq@!uEf=Q( ze@>k@@0-31Mw@4Z3bNXJfVf7rm7uEwRK(D+9~D&`fx%~Ui9wMi9+bqtoJ<3V?nd1CII-d` zf)J=N&%c#N0KT=LO?|y|UUqLFxT3)PSUDK?v~UgTuD<@)_4F1=3Fi_|DhK5P>{#vM zPOHuVXtb)F$zPMxiugwR?raFwJYmHP8cbU%5;p|xpRdgP-I1eUh4!G(H%_t(@4PRJ z+R6&au{^Q_VpCYXm3#*R}+TKxBz}g`Wv++aM16i~-dnXz34N*gL+{qfpxP zNCx$Jf5L62;a9_|l6iu7>Ja_^dgU)Emw6@kPe(}U4tXh)l(&;|vI|TWq&RRw*{eQR z9BhIzAfQfnq6)nNpWY(Yuma*Lu{Klm$Qj!C%VgAGIK3)X@&0!3Y(=M3xs={w>t%lWk1Mr4eh+ zQHqwhn0e5L0&SI+ysop=CDiZ2fUaMz+fZNDaIzdh^V|r)R0x!dZ<|3FQL9hoKTrckXUONc zG2-ZvJ3RD3%$QAo8Q<}fx4zVdFo|{Fx3=Z@&9|qwQ27KNgz2|3@F^X55yyNz7+L`bIP4&l5It=rYbcA zRblFyHQFe~E0+c*>VNPbfZl!q5&g1_KO5iTDn*COCMFy!Bh}OjeXt*6e$p*M^;7Qk zrmQDai`V&#khF&VQPgNsr6UhXnh(v!c^h1_NrXjqwUl~>&^lqR6X7vSS0Qw%iqsL& z@9yM&5_V{apU_nD-DjuaUDgT4q3;L0Jd8H*!j#&x5SpSl`$l`s40%72-H1zXfz1vX zS|_mVz^gY{iHtJNG>AzD-K87$L}a_5e}9Nlsq6E^gS0#q9r&y?X9yI5vp4~sFh$$K zH+IT^gxQBq{W9qsz$Hhe2Cm z&C$i**A}n z!Wt1AiG@LFBB1$xW&B**3hh-`ux{$#FFNR_{vy=wqju4c$-;>{CO#s;T1U3?gjAA4j)3rJz)MSExD((;Gia4_x_?h)zI7R%dsmRO3P|Ex&5N}vh} zLPD`aOL9!Yxa5Ad&T+qt0BR}yN{O1(e2uHFX5VxQaXuddBCf<7cH#>zt?H=Qnq)Nt z48`mQ#QLzq7C{j{_l1Ht%Osf6LOOKZkYf#e>wwK2?t)jsi>oiq>tUwi=+J+>`t2a5 ziSZF`x^U1&kMGF%&xCjWq{NCwUr_#9vbU;O?xA>h>9)^gjc^y_K{pIRqVGk+13}jk zS5>Y;>P9FU3;j-kdJ&*L9NYRCzh|9}cw4Ks1U=zm#=Y_HEOczfpBC4po7g(1pa(=L z)R+pnze}4xRN+B24s0@^;%W>Ni8m1ccxV9dTIywPO$6j%#Aj?Ev`lue)07<4SSWUQA<=Tx}- z2ifhsA!}rVMOBoYmLq zFr%?L!&ikKRTFi1=GJk{^$HKzuusY%oRi4-Rf{<*OY7t{vgWz8_O2sG5gcQ=93>Ts zjkZ&?Uk-v(JgE+trlc%tP+_YUaUVAZ)+(yw%4dI*pDMILWSe+R!3LN0np>gBkOY-2 zUJJc$89@7V*mw|Rq;{;w)gx%i(#@^`z^N;9a-mkgD$qBJ9SZ02*@N)rYAhCm^jVVX zbH@L?(&5R#1KR!jk2*+Mk!5CcKi;9oS)XAvcoFO8{=-G3`t&|y62AcUBWGv}1Veg7 z*#K$k>%t+WQjtdc6}Ir|HcEV%{TN}uxlJ>4ARV_5bQGlVqp%;DNa0lq6bd$guD!2f z{A0XZWt*`sQr2f*AJTP*APy{Ch4;p0MMV`i&;#$ktk?M>!b63}JaTq}M)8;aWa?5H zeOQS2y1{M*(s+a(95wt_3_6M@hFdPjfHU}Q|$|LZOX z@c=yBk72y_4fv zEeL#7fjc?Chea8jv`Vt8ziyEUm5EXWoGV;M?{y;en-N0RYs4RQC2Sj>rNPi z-J-a7s=wZQl{)v@86gL(FqGR7H#FRsXw4N~4nAM6kUvI_?xj-IbVi3bwia9XlhUt+k`l5hR8@$Adx*c03v*-P z)HZ<$)_HxE+nSvh3}9kz2A9Us6Rwd@GOkAr)>CNV3I`BjWVd)rwc+fXTH}~pkrFSh zV4YXi&hcNbg%645{~`vJ2M5!YF^4}iVXv6bYG`nLdH5zgjN>OrudMin;15w-S_`VU zqZIQmk|vrk7s^X)3MQ(}o(?xOsj`oG^z@Qx{ZdF?67#uZyo4BkhhNRVMQ^G|AACZ1 zUh#t|DJf-_f!3OleQS4T)T!N>dK`xK(z>)V@@I$JV@y@F^Yo9V&gkr=6=n;ue>5{Z zve_~-T(6vKS~AJWtudg&tSz|_VeQ*zOJlL3E@bw(i#1(DJO37i7*^~`DE$u1Ln!OZ zDe#7x#oV`48t@5 z*)Y%7u)oSTLm)5q3rt;+fuV>oN6x2rNi1X+{!La!fcb`mX3D&SRo2_tnqV4mE%y^MFSv%F9fO)Z0z~z;3Q7PG8V zmiu=wgaYx#{u+D$*xWz-6s}4mQNxym`+V4YP4U)9xTAy87SThjmeP;qV^RBzdGKXv zcJQmqmyXfH)~!o6Q4$nYxxK)!xa@`a*J`#Px1{CI>_He=AE6x;oIj)SCqW-xMvm-ZRjPD;bmeLfsP zdlJhRor{~>PpGiX(^V8cfdIe#Mp8Ysd0Q3tw#C8oo)ie~H9r*eezQ5>w6^H>3gwq~ z78%qFYcG}$PV*9Vs#5*IFV9^qA8d^@KWzAM%xm$1;Cj7HR%<@#VgD+!DW-=CfAI7^ z@sz0>fCl7)G-Loz6$#(dp22zQQgzN!P`SsEiTK4zS$59Y549LRcsnorCY!c8Xz;8D zg~sG1%;IfeBtF$QdI1g@B>{N7=o^}aCNX~JOEOX6pqonM2Wp^xkD1{2@5$yVXj&>M zG@uzLH9UOJYwz>i%XzAJ0f>j2TZ~!E5TPr;`%*{f6ANOs&s*-tT;x$;^ylR;x#KN6 zA7n^a^ml+H!Zx!NL(y{$GTXu3s>d*=i&Ec5Cr)neTI822ANk<16`<@4Q1R1%V#0$P zcC^rD7bZUd&IzpUA2|v0<)mpZa<9E)A5( zo6kZ`?wZUhuL!*Zs>K#>sE5s|UAIqnn=NoI4~3mfG6$ z3mJ=Hwkok~NXzDxo+;+7HysDxKs;Xu_ShvpIhU#=4|iuBvhNysjdmutqJw6qXSb3* zK2Yu+TCTrGe7yA9D$@)`SE;!IwM6KUcePxvEuI9Q+CeI=(>3Z=N0lsRo31Vjeqbel zI@0Zb+^Y}=Uw0+=u%oADS7sY9&HW9k4Ze4eAGV{~{7N`fw^W%A*|QJsFnAMa>WS#> zB<}ia8FLM-Z)UMe``17Q6KM1{cM@D(Y04R=R9y-x_8PjJPNd;+6Snkr!pE6~HcHi` z9}L7^aDlzi+6&5R51OL8MoDhk*-Wom0Nl*_R?Q3aFMh}$^i_XJ9#tYo%eGy~NNf ztt``FTB{5$(>4Ixoa%kN=NNTPiNvbhf0gU(uNKV+P=lZ;w$-R^W)7g*6mh=CpPc?h zBva6}NR)?-?B~Z|3Ez(0vkfpz;wAvz_#AjKIDjw*@|N@(MQg_oVbJ2qGyKxrA*UpU zPW#eZMvb?AIK4{^6E4dkJtlT)L~c32RRBed0I(HQ-O{3|5>PJD_e}Jt#!&!9!TTxn z66lKSl>0n8PTOJ98JH#&i_+MV86z>Is(3tyxvqAue{(|+ zYd#IXjj^i0gO!E{&Up=KRBOg;4iDDi<}Cs(O9yC5<)XrHJ_sf@X?_DMRD|!{V?PK1 zDl)tAW9@UIpq(Ewq&)fHA2DnY3HHFXFB~=y6*-_IBnW8*lOE%S{!GU&p5&bDK8x8^ zY(qeK;D<8jcn5Gg!#1I72wd~Y07IoEd;fmLfS@eBlCO2zShw)ENDNf9Ic)i zEQw5G`6_4v5Ep`rhuTrBa016}n7ioZ8%&4zu;{_ULB~f-*hn{W3gw&qO7H@){U>G) zY2qz=P>oU&t0P4$!h*eqKUZsM3^yDJ7M#jeYQ4mM02MiWQyJ-nezysAu|v1Q z-hdM}5cZ?;>tm-rMCH>#=Xn4f?~1?M2_uBO9TY2kG3qn7856S{0#QQ-;kXt^Tm)3x zo>)l@o-Vh6SS={uG|nNy=!gl&^PnA>x_gaRKmvk40Sw!Uncjkh*@4xt^NsA1SLLN= z2_~U;gzDwzOr7BzgaP7rBB!Ilfi~JAhA5-5A&VO150)EKDgxppefIH!k*O|+bdTiqKW1y4^<&^QLzXJ%6JhqcNKR zC1-0}<$AKCh$8bonooap6IYTV-C0$Epc1>^%?FcZ&{}E`!?mKuWP!sjR8_^3-E82Z zR<}(Tryx;BpPfQ;q*)||WXG2pX=9XIWn`=TjQ{!D2z82h^2}~4w}coBB!Jv{xXufN zyQW}!@>F^?VxDvau=KY3soe@FfKLO)K+k&@&_dBVx9t?e3ApB4W-^j=a%Veki8`w} zVZu3aZTKJxg=yohnj8kW*1(HA!~r=bpS^Er6&Y#{r>LgWZj+Z{L zZlxbU$s(KJ(UoX179rb5$0MNU+Y9Iix@i(8STiUif}XH%e(n5r;M3TCQQuT3Hz@4( z>e2UorJWRUe2uz*@zx=mjTO6zWXSHF+TC_K!GDSPa`#IjG#BMa>;JuSoFn52Ik4yd zI#VKSv}R|gXUH=W?2ceF@H8V#7*5%jh8b#N^Y)Bb{M8@F*v@jt;hz1> zF(HndLc=_*;|%k0hS5zoyTB^u^-rif=NQJNCQ3E!@QGO?cMJfOi|+7{$X$nuNZ^ZCWVHfzlDu zxs>KecFTUsegqV`{rXz}x(V5%av2>`l4_q`VX{CJCbxC)HsiNocPneBi6&RpU zMv#{;2wq2Zxv0uyRYfD3cPvg1=>kpeyy;57Q zH#LoO=9{&ubr6q%Hm9%;y6wp04K9zZ2;!tC6;lN2tE?pz|3IENkFm-*L_bfGZIq^8vjJghX*@#FS279H-~+x zPydQKFs~QXnKqRF|J4HI|N2rKZ>y>FZJls=G`x{!voh5bdz zF~Xo&`G8z>r~bHrbBPGz7?S{p zjRU?FNHBPg$k8Cm-9HuVR2f>oRnQuuqdy4li0J6J%5PWi1k~xqjd$=KD1Zku)fYxb=P?3ZGY#Shqog?_HQVxqjZLDE{`frx*nYqI zEAtE#pg-XzOtl(dk!jk7@&TOUkdQwEguBKnq2H74DG$g{U?5f3_DJLEewol+o4)U> zlqePMeVib{dxP#*7~7b@!Y!0&BH|D_?hVv zz2h8zNA?O}wc-7d?6JKQ8F7jcD5?J|F$7ZjgOqE0Jy2~5B)0Al3QE99{kr*`tcL2^ zi@@Vv6!XAuo>xSI?#96F5_B!>WI&mYh-5c+1cI82&G3J*1hAv4jz(W7e(aJ>EB}lp zxAlMT)2&`35iv-Lu1tyB8yP)WT&(Wgr0IquJZ(Y#&A)aox%ZirSg5+$n>YTLN9o^H z(C&1@q5HUjd&qTZt+PuL)__d-9?-T<>E_zb7`*(-h^!sYG7cDcgM^<FGS&%=#*#xIHLi`%>S%W27$kJwilh^qYd1iC>X> zvtbDf?-AT*F)I}fztS+zHA;D92B`TVu8WJwPVlYZe zD)evfNkk#)|5D?Hzwv-!H$csHc2;lk?uDRq1LZ>eTYKF^*;qDKEuw>-^v)E#?1rj zU07LzQRat9%l?MxAsa&sYjKvwHod33GOT_$04sWtH!8A{I0Qew{WDBQY4V(M+a4-u z+$-x<6(jmIbdBX~MAcXw22P;4QL3UxR>DjLUh-6&l*>m1eW|NY)cW~n(H$SiXd<-B z{XW8_iUtju{q28#!XrD)elIz4(W7x9r%z#w^ETe5`XV7U`)DbcW6d-BHNfy+f;rz~ z-hctc=av-leO->Bi-3A9J&vot=EsyR9dmq-!;a;?e!U-3TqWlGI9RlCJEk8?3|d`( z4SPE1V1Pz820VTbpo}^(u*SD1{rLyVjxp8P&sTKy?Pn7Fmo4-5;oh%|7 zQ}W!cjtfFvcq!qyCWZN;#vbXZRFn1#TSNeXk@3{3`PSB{6SlcmL5q8(OjU2iVV;2D z*{)k{f?w;j9gXEP@BV021yZ@f2%OW)EC^fvSifM?X>Z1%^EFSc@ewlRDW2HrDawj?$x-DV=c46#6eqm z_aJ@Wi1^{XMf8p-jKA?Tomzl#$YpWw;2|N_{4S^~a%r6ZudUI2nI9v{F~_qRjv*6L zw+&!H=fQ@j*gf~MaGP#?a77^r;5fYff0%m9ptzc7Yj}pig1ZF? z?(QDk-QC>-1PC^GaCdii3C`fbf_s1gf@|=gAJ2X7t@^6YpY!9i?7e&UsqVej;uZ>} z^|}_p?{=Ur!a&cF;QHygwMdJL=g-OcN24t&V`uKBz1eOAZ|R|kna>V=KPc`qL2~c- zpCUJWyUw{E5+nvK>cE4EC)j%OsYYnZU~1@6Cx_t_lh68335NnAooYO!#uJpUjudUE zx76+RwQ=eEybkjsfk|}g$0haZ^T?iSC<8y9Y#^Bbz+@W;ib0C^jKP78=(>@9^_bb_ zg>fEEU6y+>cpiZdK>6|g&r-cEsJ524!T#5;!sun99ErbTx$E84%Ph_m>%&2xW}nBb0g|5@z&#d z-Rn)v21(nTT17a@KLkrAO|4*Nr&c7 zo(L+M{N(z=)h+9qIN`)u=3c*-@c0#W{;mSiSSc!r9RM9n8rvUQz)W?%L}uQ5)+R^) z>28DTy1G%I0N%_cbR%)Br~7FzTI)akE>c;yU1taALVE1;@=M|0yXH>@I$gE05b4Z# zMZ2ULXs<7Sy*11&1*=RNeQ-f9Gq3n|T-`afGRJ)N#Uv2}MAN|x|NPetlB4l^z83Kf zc^8ZcPOdcM`RWO-Tglin+Hq`f!`m|=tt|Oyfj~-4g`s`IRXZY0d?k|Ka?SKXGD}jA zmj=Mr%Hs+DJ<|&pCZUGBII4*N?KA4kfnSE*rcMDLQACyEOnqdz*Azf?(`;2~C4lEn zEBpe%3SEB|<{YPEzS-|^oCwfPZ^X<(LDza-tFL3b4EORu{YD^a)@<@vD$KOU&fqgY zI^>nvCwwdg*X><1w24>!0Ju5+@> z^;GdkAQ~TaKzP@i_!mm7=dg|fOt8ZZ3nTmS5{m!$>Wb%DN*tojT88$$mRSq@^Y<8@ zvjoP(tZrt-W{1{UX8rnYSc_?JZsq`v1T_}tp$GygN>?ZRA(xg~%&aYvklb>x2wxUX zn8L!a>ErWE{7ey2R-y0be$t7eyJ3>tlcI>`sFvlj&+{xF3xzvxdL5fxo}xU%s^Kmd z2pkPLRy|Ua{DCBeUpCsnL*Qy3wHuDh^r6}BEHLwX1pMIup?qqh*7K*5iGmiYo&95g&4=7^qTspw#i|%og5^%Z% znKUDBLF6zuLkGs+aa9BdiL+GA6KQ?NG#;4YXmYJ3soFn|Jc;VK{U8XVNM`pr9$@&+ zitUCH@+o$+Of3{wdPjaY6LF^BuGB)qQF=A+3Gu}yIQ6#PC45_9%; z_*|TrwF}--lDsj^a{`m%A)FALy%j|lRTV7?br$CQ5YD5u;jMLPL1WE4{{#{MeG|P1 z0j!W(>%n8s7*X&ZB(zJCeXeKaZX7|pocrd{??ki|I}LoaXIzntaFbaD$f}-{jCfRK za7im?vMcLs6;&HlKh~zP=&V;oBdAGrYH}BQb*=f3rW75lU{W}istEiF=s-*Mpo1`z zYcJaE03A3#{wCkI+pCNH<}Q5vvt?TFMI7>$zyHh8Vmdo9&4o7aK2Q z8yBa6*L#umKd>Ke))SNgZ|n8P_(I4;0OMVuX>4SAog*O^b72x;y-x!14h4eB9;Vc< z=wkV(Bd%<$a&6Fv6k^l__s=jQnToS5L=;V*DkER9U-^mLC`ochqk9z%YphXq6LXi~ zusn@8c(~ZlP;O{g!VEMWa(0$jN>B$?;Tdl9mlRc$vpUJ!cu-YEY@38Fv?(G2a?f=^ zK*bQT{X0faYdiVhj!YoF0iWL?VZ*Z|U1(GLb2*RFK7F1jq)OFcC!7tn_UdOOkTYVJ zZzOe54POvD*F5rTTU2|m__A7$O2EQ^m_{gAg)I2+aZohIPzii@SpHtE;UK}O@G&l^ z4Y6O-u6AuC6HjT<4^R9p2q`0Qlo6-*#^Xq^`FWwe9OhL+V&=^dSl@n(_-{;)mgn>E zzclf=4-hb3v$c7RdoR-`MLl}MKg1Z;j&rK<9FOdv44ek-2SJWZHL%oShrGvU3m~FS zjbwHnd!H z3m3xiL+iJ-XaT}@vL{M194obUZLBk>01o{`=*j?)3`5$4duo=__P{tnv=(UzCzKuB zXzXI!kSUfhp8hqrdXp}wbRju`G&(94UL;~}WbH6tSD!;mVB(4wYu6rY=EPRln2G*+-?!|ou8FOGe_vj~=dJ@pe%Pd9MGOpOFEK9|xl@WVxf|4S~91cj5xoDRU$O`7aum@nsgb zDNE7Z#l@{rdeO9S-KLR@@jGTwsmVY`Y->23jNs{pIrK>ZaZ||SYTHWsxm?rF zPk1Ia+r@9^!npA!c^w^eU50Fofe%zT75KSPqwWP=i{phFG z$N*}mH9AwAIr@W@ZWenggPBIhc(L}{kOasfZAttBS$u|tC>uX_!MnEd#kU5-^ujct z{~@5d!39r`x;_8Ez4XE{J45I2?6ZJ*%lWz|n%?t7JG%b%4Z7&m{DS>stNQk3e)c+W zDPQ#5`k{K{c@p@>v;4MFKL-3rf7q`n^0g+!@FX9gYYou2X)W<~N(Ty&&}L-e1L_Xx z9LLlV9}&RS$Y4SOnM@Uxa;woKOz^}ZEF<|)G$X*oXwcd*v8n4O1YKvINl^sB51^ZM zl2oE5qfStyV7Gho!ABF7OrtZjfKhRvAKRx91~AY5TW>l5aP%x4xn}G^Z_rH*_ghR1 zA-UyiGwghMCo3Ss)>emlZ7>R3lVO8>{56iiW8Mnh)eYG2{rvJm8mOV0|NBG2-((hf zX`)=vD1qm^E2AO6&$zD`X8%V?SE|tyvUN|a+S~0hbKBE;#WAPmU;M)3r>|Zp`}MnR ztS)`9H^`Y&fogC0F2>G0Oz*@;?hqGTSFJ{Cnop<#UuVAk0Ho;wK@zh+VDYHoVWhcj zd1okT(BKrMbYEdiqvGdW2_nX0NO4_n%qgVf_61;>aZ)wiNY;_TyfOBI9I9XSnmE#t zYT^6aGy_xfKC6*Xo8be}YgM$YRy&+0;s-yeDc5$^$&uTtmr4ZxaYOk4fG^ScsYi;= z*s*}@3;V@tNwa_%8#R|SdzBiFn39~-Hx_pDIm0@$s+y)ax{AMM(l!4M#VWaMGdmiF zMF{B41Hy~0YVr00HoPy)MlFFht2&7p$1=n>(*`MioXbfDMis<2On%eX)h4D_4t~Fg z$?}B_6W6f5q03^Qfazuf^gCV(-#{vkJ{gL>qp7XXk-pM5LG$Z_zI1HJ0Y8+N-!wDI z6Zwqh93T;0H)VIw{G=eBVhzgo<|WpL=}Va^X;m#z?CB9 zlH?CnLKkg_ReewE$3+ z_YO@1<33tnF~a_RjMA=at$~f!UtM)91;gN#g7K_Ef0=~~Dx=%6=^>QDkhtUNXv1hr zD#7Gg9JlUE8j)A*MBQN{xA8pgY)PIU$w7H7WFlExv?)kLj_IG7zL6a1(1cwUN?7nM z5Q*maK(|_uvbHdG<)oAP;J;Klni{9s0h8Kk4^{u(UzS*m1 z&g^3BcXF+O4^YZD6xpLra)ZOApEOub6l7o^8bcM3|A-DZ$(L(8UY@j^^>eyn3#n1RRGxmC)gW^1 z$2&C<(%7#*h9V_QN>#VUl%)oCXmB{zarunNwEv`;wW|L?{$iyA&TP$chlPuipZ9 za)Cp@Z{OgXZyhJk>ef)vuFKB%T_5)p6_yzn_lSPD^a$iB!PgwN?u?O@Zf=pastCuw zeqQ|AWM2)x@Z+_)s=lC9{Bc@7`ET~?$b?1vGJwep`j*ag_^;mABlsf;vh;+dp*Ic< z(;~ta_;&G^FIXp(kWL>xr~GC0@8@ruZm;x(f30LubdSNcTbIsTPfUX^GHYc_s6|6( zv*`NWx)Ooa1YG()xm+!z38(A(8~H7@6MCL=W3`j+w6iF_ zVbhQ2f*vn-xpnScs6Esx$3_>02##kb+8gU6y(S`aqBG|bMyI|IpFjmxIa(_JEyv|* zf7Mkx2i9#TmrlDa)~D6c=HrW-i?gPDf9EG;j5mXY-|4_ttlRY)|K2G5-WSX7a!-|8 zci4yA^6{^Z)5V|USYmA5Uo`kKwjs>byEVsn9aYYRNP zOq_WUUaxVAZzZ-4!Ls(ir~3>vCIIEqp|$0(WKVw^ATsNCjJO8E@mQhW>cAyMoW04>>`z!he>sRK9K1zuFPE|Ksz!-o(igjwp_wB8?vz zGwa?>7NV`jSVw=FQq)0>{Wyf+JV`X&8QDVvYU?Z@Opz2c0U>;luD&Nod)MW3TT$N# z;rb{|@!fut`VR}_{LhFU`Rx5j7n#BLNGfTq;_GGu-^^LqdY z44y{*T?)3vV783}zVW^*jw_yS4S|hFHNA-O46lZH;yKnZKN<;P_$V3RSBnZ z?Az7cmx zabGICRUc}MgDeEb$yj5Qnd!&pkzcu`e#;*& z0JcvW4R;fjJO`&nwxXHeF)IJ_F)`>>n+=aQrU9|KE(g#OCK>NCk)wsRw{)1lT-|6 zD)4N`hM*@+;Q6%MvGFB~fjIDgJXX6f~R{ib8l=FP!2(FLrjWxt{U z#z<@BNNdNg(wntPU;&K45i~d`=VUGlA6L9CCIAnfiH7Db*#h#}LEE(oSN5N-FhBb! z{pzEB)_E|#1>ES8=}soXx)=ubo^=63L`($mW{UeBHToKm(|sbLGqC-o6$$QthaqYM zaRx}oXE3lNn!uA`%3XRr1hc9Gdwef57YDabWh3EP5#h@FzA-S1w`20X-$-FkCXJ@Q zJ_4TUJ^v@b>xaR$EVdbq;vWNZ2hr5!i6PPK$vYn{@>voVm3MXj4l$!HIL|Vqva2~r z*WWloAMT&s2Gyg5p8Q;Q-*&9tp zz?G7;mdebgK%&EiI-9B_SG?I)TiSK()N*gaK*X)K18(U5-SoXjx4Qo0{M z1k}@LqX1;ek4>E@xq0x=XOlq_+!RrBGOYiW#}hKU>A}&(66ZHa65r_;JM>RY6=($M zDYPLMg5shw?A`#TH6PLJdAK$%JJ0hm)Pbm%%S|)DZ)!X+ zMtd0#TpiepUin|c*H#c7d@gmVuI2^9Cpls4mY@&2AwZN_I15=D-uc5&lqa~d^HEw| z;c7dWc>Su?#^5&2j7zyQOe&5xLV$9enl>?d#Ip+4g?w0#kFjK;`0k|vzz^-13VoBbE%^^;(H29@pLUWH2LI7~FUOQ1p=yT)_K5`_W!MGLM^B8xSQh_kZ^az#1j zR|Q2BzS`oenKo*-Z&6WP+CqGc7dQ`k0O#@DcmT9}Lq_BgJOROjv#q=hzA*hA%NTOaz` zI8CL%C-r=qCVojnqXHAVi@r5$Xj`z*+x=@9fNNL$G!3I@*ngR(hYv)PN;DPXXCs5{ zb4aN|P!kwKm}fCZibP=SDGosl?I>kC@OP7-u`iyVI=$*$2YQ=G?$y0{VVIm8VvJO? z)fZc^{_KZwm8at4_M7mR-OZ_WQ&jjNe0~FP3~sbY`G5J$0RGfNY`S{_x}+kRt&Vfz z4Oc%|kE%u&s_{2E(i&mX3(3(9BgSy`kU8W`i^_7!NTSZrjztJn1<|d9$YD3SPE3DT zi^QKEpnRqARbht^!0TDo+}d>7X^emSSb^OZg(?2K=o4a7)2y6s?mTb(A{gyuAt5^t z+Gd=7EF+9IvHz{j-bh-hPjhD4Xi2FKpGErTYR;ni3$cxGX_G~tYHFo{5<=&hh-hBHdx~irH#~8G)a>%MVVYIm5Hl!l%c~Kl`@|UyVuuVt8o&WBid7c!Ax={58sIHR zl|WSRfw=w(9!Q;%70%ybAnTPRdc2g+s5ipg`aei1xtWlaD?3F{8B2>PiVL)b*Z8BL zYe3f@zxWZ0^!vTi;cD+@a|8g+YieOxO2^>gp&{dVU~|<^$cW5ro_JoYM`p`I7#|LLa-%o%<8_B!azWm{m zf4uI(9bnAc(d3Y@M}!wL&peI0LMYjWRyFvjs&%w+v@Y5IFM)xtr>={9^tod8$K5Mod%(9Wi3RjLu_KFh9E+ zQTZRc&iYuLQkG8Y(Em(<2|lJpH-)-l!df@zV-#W|(}O|EGT~VmKP^Jk{?5Q5=gh)Z zCcJds)d|Dum8%%-kBT~#D8RDXU%bGaqQ{IfEgUJG0l1ALLG3I6BV{P-IxQZC5T!68Xmti;(RE;H-%OO4`H4uV>Z?SureHJSX}1 zQv>c|0Z7AbzgJ3nF;VyoQmJXjmpEpF)FNCAsN8bQUzXsTJnqQrs5}Gs#S{s|@A?x; zMNloxWJ{@uje;*!SNX%Idl(;p(NU)RyDjA!qx$oTgU6L8Yd4y0py@`()B)9v=0i2% zxtq>I7o(7l66sBex(^Vw>6B;$z&$!D^W;00JtJd*(gaF}=%XQE8m z;v_R!Jx>q#A$)n)adg;5b!c|`j)!ZXTX&XfK((hOoKD?*sO^5^a};wuCj|B8a`u%L zxBz}zE5Bru@W1AZn0lcE_8m;ipvCD}Lgq$$imD*RkNL~3?mQ1ts=qG+TZIs1%sUR zzLgJ_uJjS#UufUeWxg!RqVTy%1A4_TV8LMvjFalt5G-(fKXGQr?jB(SH5+seSNzx& zPM^F6x@hWb_ASBLKtRsUg#zq+R_f4|a*MdK8r?5of`bL#r~pA@PtN0Ez%Q{ENa*7u z6Tj>MXmuZqKY#^GJigH>O1i6J8f~+FA!c7Mylbk-{ZkwvKwcBq!2|aH@a0RqKLGULSWNa>T?AwS|RhbXYx9?in2HePR1i$znpZG}Q#V(I%j_{YG z`1$h2!MB41Kdto=3JK`c5tf9K!)*+aNXWf?ml@u)tD9V_R-9FpK zu1XSZ+P`9*!TFDMpVmI%u%56Heew#FJz=}`Ut|kMBb!D7Z02>gYg<#QI390b_|=Xo zr^6bfLoAfM4D}QVU1ge+?aVq>f8Dz{(7t3G=4o-8QomDIEN)A7ywu+VFYY^jsx7pp zlZ`(dUKl095-y?I*`>3;yPTTfvZ#8Ij+|m{sp98h(U>$+tzQ|Ju=>{l8#Z5Qd+xOc z&K8dPzg)mn-w%}m6600L){yM+>#F+uio0XTz2M_XUurACSOKw&w+mbn(A#=|cv^Gj zDv2J{i>|^Tt#_>nCkzMOZuk*iZX6|i$C$dy{ihg7fT&)pA6)71YU2Q@^A*actQVpk zeX;qZD90K*Nfy13}ik>^0>&bCf>H$Uvx|Kp#Yu9NU05Z>dItS)5yR;7mhyq+X3)Y&eel_ zboN($HBfJKts%uuBWFJcN2(B@UsS)LPLvQ`dS?agN40GO!Oe{hb`^;D#a9CPf1!V2 zR7y2oqyWzwL=7kBeN97Th4`B<3SUmI$;jlcRyUIUd)7i%Q_vYB8%XfA!_^%=>*ANI(Hg>NF{dJ`q%Y+r7l#W>BtP=)^cAT zg6G1^=za2G^;33=6e-EwdE;a>!{4o|FN14LXmRQ05F{;*4?MO!&XV6A09g|wrj)tj zO0Pucj8l7t{u{W?HZVn|X!?ToE%wpy$Wkj@T-V_HfFv(9W54^yv(@|iUKlXttQJ)f z&ND|UF;_S#MR{EFOyq^}jNM^qrmN@XW*SNzaZy>e5;M2>=t=v%DHU^fLGDRYwTMGj z@cE@tyK;ovAu3hJmM?VB{6?H4!tD2jsG-cK$KstfU!YzNKaxy*U?=*DC=zR0tjV5B zK(f_)Ib3|-Ri|CloT&A1kUWjk3r<`LGLSK?)APZC8N{0(^e$VRzH46|5?l$;rd$B?q!k_fvdL41qMET>rs z=Y+_fYA2)LER>2M);^O6zPx4lMq4?wK*rZsmH7l`fZ=Z{;J_#%XOs0+qvsvCg`X)%OtAwyS;guHFn|7&167o9k4+e_vIAPPPSvp8j^S z-LMF=JC#o1=!p4HcaLli7GJuQ|8v zJ>(%h?h2x`kBPoaiHu{tVGQe$#z=iYLyIftFfGv~mgmC$FwhQ-xpzDyAcGYV#1;Wd!X3tqWhb94e4i_=1RtPmYeqiEQGP2nSdVXDoDalTCNmyjdxC|} zL4Duao)@ZlHg^32|DER9b38D79C_b5@y#LjKfC2h5~1b{KIh893twLzglBFa>~XZX zLQ)aX3OjM-Y4hN#A8SX*u<0CZjK&Bw4+36@TxX=MHmN29^XCvwOZ~}Q{~qzWsp07P z-NpMD4(T1kd$w(hyf;YK9CUmS}QFnfsAuE!@45VRtL=6<@RB3RClv!u!$MyAJ?_`9~iVY&E|Fw^73T zKw$p7MFhX~>9afgD}_MS*OEU_Z+K7{kYI^A4E3{|m7^VkWx;X~Ll|m{4F1m@8w#@? zN#O-xRjeXW?8t0^|Iug5O0|3!Q@}n^1JL&=khchRY@=(CKzw=6EtHt}J?dipAq|or z$9XXE-ilH$kv!lu=3ZybwaM$cT^eTGDhqv=C@ecw*>u3%c6MCnSHplwf5=+?72-Y! za6L+eFzUc=TJZbR@|SI&B~L4@6?oQkx_Bb*h>dO|IcFqkJ2;jI{16y7wWm2R_j>zi z9e5%MmSM5I_j=w;;JPF_Bqwkm>OD(zsl5CHWSNJ@g{!V^$3*L_mKmJ8Y8h0sE^co= zm=zRyCrx%ItZ&;{{dvO{uC$zh`y(L%xC4C!?>%QH0H%$hP;Vj-jmFHEsT6yO)W3LS zV!U&WSfq-i4$8ruNKF1Ps+ma;6gRPIco~707@pT0!ChN=C=pwA!7`8y0pUMKdZJ+N z-(j|EOv9)_*<6t0m$2uFj(HbXqP7hjvC1&^7W9DAp^XnRjiy*W&#h z)tn(C+X9%f0Nh=>sot4z(^J%`S|m|hLNln3sBRYoxRbvbW9ah9!N9GIEK4ckX^#!g zoGQ@kRG1;1l*E7FG_3==yShFLqY!w0Dt4YC-{%MT=;}t*_3IawkVS#vwH0|WK}X^~ z`LhmO9djFC0;xF%j&lg$xxVr}2ckfTiThH3WL(BG9?7%CXTpynq|vRP2^5PNA4YHIA6@Sq3|x5h8hZY=%)>x(!Cut8&~DGUnvH%ax~+sdmccckgq) z8|*pu{U>keoxq1#z!zUhQNHY%%y)U|PgPZ@hJ3E7T};~EnV3||!&~5Ak762WF(vET z9vkaHi4i(+ujIeY^?d9zY5-*A)9YNR1vS0+WIu*GeZIH$ zqDO~_ps(<5`8~Z7UFLmwyzQ^c?X3D5ei@*7v*V~&S$d3Mlj^#XFBMobe6q`7(op?m zlDnq@`P&I#@!SA4OoQ&Gc(($&;r%kqecL)Y4N17`pmd=}Oc@S3sI{@vUvG~Kbj-{i zb(+vX#j0^j=&c*o^$@VA*xe{D@0(v9FSaw=^$ z4O3z5pZi8zGyd1P03D_CL415aA}q*vl6D?Gncjfn{m+0Behm?Os$pegk@wx zDO(8Oi~7ITbA8Bz?^cJl^j!U|wjy-wJW@zYXgmC_ZNYAc&Ztw%ODv?RXI3w?Y)5Tk z5FL7$yFk_6dGjyU%s1D_)6(oxl;D|S6qin$)sq{rD!Q7^T% zSQz*_@NwWdEVo4>82k&sVCyw-S<@M~Qkx+K`(K~wJb+s_Xpo+MBGPWOyY_VQ3W6~WRQ^w*6`wHrkipXj zKr*2RGtqSX9Pa%7QW*V>x;0$zDZtv_bB~V932-PK;IB>_CYpHG9ctqg+qaqLf1B?M z_+N(|*h4N!uTJk4ZLp$l$0AR=SkD|iVMpms8gN54B2Q`zD~-fV>U5p?3ik&)9t~J& zd(a<5ap2DUA-(_Z7`dTNe>hIp^ZK1UdOD*iLKt-k?x2%FaXJR5F`Q{mE798U6Cy}Z z`DHld$cB335T~t?jda3j+*h9g2Z%A~_0*1CUoZ2i399Gi_Ax7&;$3LI@T58^u)jce z;_F0a_M(Bmo{5#D4C9GPepz=M87Bv6+PIUb6n)y_Te$6M99b!n(GXI1yIP7jmxs0Y z2)3uZb8vYT-{E)UigOp%;6jQ+_xt;I>c%rHfn_K{oJPc3J$us4`y*^AqBLU~?YzzB^##7TxcO z=8UWsE>`6qNAW=qoxt-@e*eRQ!Q<5@EZ~JD!@$w+oucm){kpT|e=4~TR!@OeBeA2p zdX-H)I#W_RF6%x5Z?05P2SP=MAJkS)adVzy*wi`agCVq&7!*?qU%Z>jY17_$v+eS0 zZ9k$*ur*JePh_?rI0!=tTS&QCb#ythN(R z7WoOt{%d$A;!=a#lov4ArP>@9X`DX3Vts#zy;lrv2w%`MxZyz|;-Ri{Bv)&=E&?oJ z8JpNOw9?z^)T*3)$9sbTaBlS~?FMRq@cOHb$seQ`;^JFPD~2c@4+<;T@GQNAn6jVz z#Fz%^22RDN6&8DQY~o#lG4o;=4uwjfalfj;b^k2YS~WhUd5@gOU^frPavG%9K^@t# z$@TEu0;Z9X5x%3XQcgxS>g*r5^s9#N4&5*l|A94mPU?}4A~z)8q45y>VqD^FpRg@- zm85W;j;eH(?&jBc~Lsv1H@LgY%py z1f_*Rc)d1x@c>?uT>+bG?V7Z5fl!We8H2fj?=JHu7TQb$-_eyA_uc#bz$%N~aRdCs zJhF#ERP&S^aw~|Jv#}}jbdk2dEsu$JraezB9OLA!sF3st@>_R>;K7wAp{hUb@CxEI zL&>udhx-sgYFHwu0t=$v876zwSoc-liuVL4W5-!+MXYKcdoI~~8eGi~x!<&%WGN{D zl&A~*KdB@+i^3y;#+zK}Kf&ru&1`>2j+=LXqKB8Ut^_935_*}7*tx)i)nGhi7$azx z<8eQXXi!>NBH2ng0tkEvNxOgJDZ~|rAwuwZ(An!@NH(mGUHoAGns(g$1j1Z0WlO#N zC56I+Wg#Q5JKTduc9B2~0{rc`K1RMFLA1 zWue+Cx)k#o#f}`R6mQ9naaFKT0mXSIkyufMWg@&CQL548nxbbTw5Ige9^65($WP;q z*?)f{zEh%bH{tCFv3~?+MB_wo#@{Mbj&~I@pz>MDB3Fr-`9(A-e9$Ox{#UDfE};`M zZL>5k#HbGoeJXH8SvXCYHuson5=fT{Dsphs6_=1$`zhqZx?3?)$37b*+(Z@o0bD%k zp*#hdHwY<&9h%0o|RLqfD+ora-ck)?eO$f8>PuKd{`*ox$UsH!9k-OT7(d%q9y1I8HQIs_iiGD&O_zjQN0KPOIHH?5J z9BNIf#G_TLfBjS6u}76gLVV|KJQv=Hw7x3{qTw&fDfT5Om|Ox+Hge-3 zwJ{yn@ycMvm6{$X+ImwVMb7tUfr`5ArTW(O+nQQ_xwPj>&W?$-(%0i%uLM>gn~7xR z!*t+v@|!T3D+F1u(h?J+8P@cwZCrZ)L*H0cqLyPFepC7b0n@c%6;i4!e3g!mRZ)QI z?Lf4Z>H%|oqlCtu6^oS#1rbWB<73dWl1U|#xamc zY1M1`O(#;UqI=g36<1Mmvb%IusT)n~BFRyvIZ#XyCw7n5Nwk00jF6RaAG7`}+|0W$ zZ}7QPQ=oHh@29xHjaG8vcL&OL*W;Mo4IH^v0yojaZ&}hbLSu<0=A@Maq!{#_#WEWN zCdA*7zx*=!LX_utxKer~2+b^<{4SyW2h{ei4fp0B2g8ZHG6Qo}Qi)TCiBGs0Rc?ts}vSu_(eaXm&zO`A)ilX zoJH|j67|87lB8nY%d&{GptUXmV#AFYn##<4!&cW1p1AKLGum1*68eN> z>4`>*WcTXS;2mjn6KkP^*xA%sPx*|Hx@s}og9V0=yPHfjM2qeU$;-V#m(m30{u}!f zOYs%x0OJn)9>?Y&HQ;p)d}*bgYb29Ke?Lj+{v1Av=~473Vxt+Z5bs(PU$_^^K9vg| zNf61GeKl8tz^-2w@$^Y7#=PC!M&DG;#2b9t%FC4XvEx?Skxf7VvSp@?Zs(Voo8*hi zhd;9EDs>cqL7j%!rTUY^8ck#o5^vc_By?&;RDhkJGR-m{tZ*?DznA z_vs(Z(*`X<;Qi_j<)+@K@>73g)lx_I4sS1d}Niq9X2P;LI%q#k=CvevbluC2YhZ~?pme^*@5ql&**P=9mYAuXdURnUj{?NZPe$%KC# z*B^@YUA;D!R1uyDDjLT*t$dI;@%~Wy%R>pdXhN6i?}JOcYNf!hDNURPGeGg^_M?^+ zBYuh&S78WYp7+Qh#5&GAl`_asy>4vT?7{9*s&KhM}_~Uw+QROY;Clyc;nY8~!{o+$K z_&pE?13fKRK3#6LVR``-eZ2z;eRr*Eb0VOLxVxN}^=j^TZ_1~qCun3*jAxQyMs&;VZ6^Wv&2xL)L8QnH^>c)b0xIyl&}VDFQf zF|Y)b5Y-B~`{EvAT?dd>Zc@TwSMIErY7ZggP^5dcFnVd^lynq|225+a z*6?Q7JySD9gs(tb>$_LY8jj91*H=>mCA(29@H&JQY&)LQ zqwo29N3I+<6JqqO82GF8M5Qd9O_x0o4=?m4UB@nE+a{i>-tTB|2EuWBjTB+ zSH?{P;4eQudlqoa69GXPc*1M~$Wqp`&a8npJ4MMFqnm*tdVn6g%#{ok$e<9OJ3Vo@ zs5($oFIZb;H^Ugy?Lb9vC2*v-i(ZNKLZsT}{p|wtoNHLlU$ph==&x3N?ty1pZjCXD z$Q#^cJxo9otnfVZLaa$zL2E+OK37Rw)^f#&XH}ZjHdo%e8o8z%vWT#Hz~e`N7canB z@lbVmt{0S%x%aF-b`4xoz-E*wp#mH?i#tuM_4yo0^zLAn4) zMKAYmsJ9^8ysX8iUM-# z0AD%p!R0O<^53a!mlxfXrT`=8F=eIHwqM%)P$8(G6(z$yJXk2!OPr6waatnICD7Cp zK;SH4R=O9s?MD2jOnMp7@{RPOCI49LHe_!RTS&MF%AV%+2t@Y6(OhCBYA+ST{ z>Br>nm#~yWd^FzG{IY&@8+k z(`5Mq;EcaE@83s^)Q(4nq}vVRGxU&`j^VUi$KzIL) zZ#+p;%{6S$8qD-(3es8gYJoS#t>PeScdP=xH-7vQ^EEK z1oeQnjNoqWJ*t}c-kCxxTorPzDcwu?K9Dyd3S5NB55T_Ev;HO4&DqSL9sr&Z+Ez0V zcmsXd3{_;@y`Y3MrR7wIUsP->jBYll1K>IR3*JYm-%x|J5vRgrZ{oTZ+iY@qZQ)#6 zK8hZpKa5U;0$>n5N%8$y=?})78#=w>hR2f0^GNe=pDia4uESo=gCBQkRVog~AossI zUxl0=x*2=&iH8b*h2FmY&xSECwyebKqWwE9IoQHfc7uz17!I|%p0i%W#0sPN5Xn@F zR@qgJI=1aJ^0ME%?i$Zg3kMq+M=4SI2Fw4qA-wDyZz3ZVt!9 zym!QP_K`sDw#^$`y9Hh#sa~5G0B_#)pa;Z;6?BJd*juU9{u_0VA>W|0^OG)Wzif*R zs=Eo`8{^5~Me$9w zk723)#=e>MEKiW;T}E4l@w|V$%mf>K_vTjOp$VBq z=&lI5_M5C><;s?H=cDooI_^0~r>@fBq$ zpT7K^%Qnst0XAm5xU$+hzON<}>^rA7^8+U@1hKs{38ohdrWeX8lBffnvY9K?Tb!Ya z+tJ8>FM})CmfYBopTkhvAf}$OXRR76twTeMLX0PbQzUP~;b!`R3d4`pUODaibq7m# zA(#86OX*b2NlW5uvGe*zhTN0FN|$Atd87vjQpQ{Y199UH7ggvky?sd>XLQDQ3Dy6v zsjG~tvR&GHZ@Q6gq*J<6y1N@xy1QXZHxkk%-Q6Ku5RmR}kdW?)oZ5XnCKVjC-TNm} zM0@Pc(Irn=jw!OdDK2_h~}-UB=2w{k3OD7crgZoK3htN(nP+a z_4}wGhsfuHxm^%%R(^%5e8aWDn$Oaz|KuA`F`P7oO5=6L>!gsY{CNc2vbDL%WTDDk zc1R5%%FAA1EwQpqyUF4y|NeOF%IJrd0E>}$mywI{ha>XTL*%P2F$LdFW2;4`u&YE- z$1_6-=X?ClbVa=9mXC#gGGuIaJfFEyjepHJoA2Lk#m~qq5AJRJ#+8 zeZsJF_S$DCB4Rt~gX<@qZy<}qjR_{IjiY{a2$hGgKn^C*)nfQFrjvwoTP{LWi5wqe z`8UNf_;8UazT|WT+5HtG{-F}<@|0Tstrl14Hy{`l+WXSGe}gX zppV{iX1WrKWF*AhK;)qb@kr+x_<>_F!BHmo7wbR@i;6=TUo&zx!A3{n(E|w?Zj`vU z2c;io2EIOr+Oej9srKteoPUlb+{3hJog>pvvJZUY+fOI;#&y zCGP2tvrNJyDaD4tI0*@wTCwVvHMG=>O0=s)Of7nJjoYTeRY`k)Gj#M752 zvQ5st;J0}{_>D;f5`RbymtNMb0A<<2u|ly~it34{w8rm0Z6SuPsFrTZ?}KiMFRJZY z5E8cfG?Oqb{h$>YN8F2Bj)K|H8H*xyOiAKf1xIK&lIhG>qXq}+8Dzui2Hh<_B-5PA zSc=^^)n7L&F)!8PpN8-;oYjTt$*=i=J3V(csIi=*LH*IxTx`S5v%tu8J)! zfA)lX(DcPLum!!~N~NQ&9*t;7Ia_8HGKe_zCy=2G^x{!xi2VBGfTxJ#!-|{{_(NUY zM6gTdzFG0TMcE=I9vc1V{+jhry^vL6Ukbk6!h15dO`tcgYYvfn_YNawL6s%a$tA@r zz=&kz{|C8KG;T&Bp} zqhUhlj=!CsIHD>L9|Ygsc3&NvRczx_CbWa9dhrwbb;>-rEI`NBn>7`&S_{#A-Zkva zh*jx3{I@?fs^&5XDM4|FcSS$MmEny2;_p7#(BG!b^cl=&n=UU-Te?`0@f#+|gko0o zk&xdx`0T;+!5=wn6^%)~>1hWj59<3F&fp!c_Gd7yo(;nI(AV zb446tsA)^tK{96UL}_sr(mcA-gQ+wziSWb%s|ZKrCZ*4KCXig~jbpHL(OJCUaL`GA z2Y=b5HwEh@D~>w$BLh527H@`Vx82bXXAE0TbC2J{>%6^j?Wzdjz2R} zclRhwTacDyWXv%V)KSXe#2c%%=6lk-Q7j}Ahuvm80%Q>%Wu5vXN4W%qc9eqqsL(w) z`6}5Y1S_9agk{Lj$i*R!SHJb!_+ zRsKkn;){A2O;A0T!%KGay^9k}M=%&s&vQOuPaF?wy0-67;{*idYdsd{Uh(K~;d z_rI*0oEcr6yuSUo?<)8}G-V24{|v#1|tfcokUe zxKjikz^|B~IFXHo509aU3z4$VM=U z6H-{-M|>8f+=u{wjDFXg8x5|KMF(M)X4HvPyv;7+nZ7fFwqY*m)oxR_<&B$?9~bXI z#!?yvD4b6X5w)YD4`HO18MUQ1P-Nu2lKf}oIz%sb%sEv1@+Rp|X$BFSxc%Gi8CXJA zbJoJ}3gUAbQ?(ZbrnoqM=CApmwK!BzXVm@?iGf|6e<17;msrJ)UkEy;~{%+I3wey+&@C27Ch##~yRQzV>X2PinwDL&0dWrq7 zUi{sJp;vlsPlJI8JJB-Wh`_5?7DGHDUH_fw*88rSl$9Z3;=m@`&E)tO2|doJnF}mI zqf0g5D+MgnJ3#f|N^g83O)cqa6fgAVzm`T}geyUB7 zqu%_v0db*PEjbosBfWyEkj4x4Q)}zWX{PMOv^ooYZ%1Zh3{SU+2&>_wc&fUlLQ?DB z4k1XEfqM$aJTo{1x)$la5o&w=B=y1982ubS?5PjY>jx~Fag>~azy8_ITKkLk%f~Z% zSKGV>WcB=Mnc1J=XvDm%@SVSJn=n8Bpwz<)VF{FkUSr@aY___JwKsZ~C{y@-BxQqA zcgVd&$1`Bhlstkw>9=6luRV@Y&gyhu5whXD^lXJgBRP(&wNqx^Pkpt3R%osS_`_Ps-#@bv5Nwzl=NwgB4>q);*P~1B;?}t=a;FW|FF% zY?K5MwKmm$F&;gLys}8EP+TsXrOqo!Up}|X}h0Y{oU{d>)VZVZvy6*h3ie_SIg6b6yi@!rBpHI zpcfK^WRy2w&Yw-rE73A&?K2wJJx`ROeJEjX$Rnfsq$zW?@6A}H@3+a~Y63$3l%HBC z-Dn`KUmeANQ5Pw$evBvl6F>hk=s8s|_?IQIbr<1TCh#@sOr zU+{SP)3%{@C4g;so{<=lW5&|s3sXM|Aa~S@0UmHEK$i)G97x}EVJUBUjZwjXy}uW? z^USw5x0iY1I^kT{-Ib&rYPoBir>X561nfRv-Mj7epSSPALVzC;ijKMBveuPH))+)* zX5{@rXW2I(NO`piKqTa=A*3%o4DB!ME<9zm~Z8!=0 z2JddH$D3K63d3!l-!`PG>K9Z}5rr z{f=@628?&Vj3+(ji`v^T1X4FVV*B34=i9z={my(zRY5WqcsY5pj-X1oD=5sD-gqM^sU#6VERog;N@O<6{n&jiqPYrcSvH5)Cs4S z-xdc&g;VPyn1HT-+4OtT%YaP~6JTT5e2VePMKC07R6rQ(8FISHQo~?E3 z%WFQpUyM`LmZNDmP8^8}g#pubR2D*;Feyt%`h1KJ1monW$t2?Gdi^MhQ-E(uT={dD z_&^fn(hj@2xYm5lt?Y;o;b{vODFw{a~)18*A)1+7i$IqUm9b_%O-ji10K9>`r8QWc@LSRLlot+f#5--nL-elak4`dXq3S8EWiIV#m%isL6-)9Cd)mqPx1ospCF$dt1#o;r7 zF2?fi$0FT|fx$MlPe3LwLfm5IQnebS+Tur=_BvWmEP~a1jGe689|P7I5vQRpe=<<# z7x!$$W{X(jWGMaf71n-iiz&8$xBBQj4jjP0E<`yTv1vEp#ylzTsHRq0j#MNE*Rydd zqXV*p4Vi(pLAoKGDg?%;KHo^#B&qh73KR&Q6r-hU`^2FY)AoqxL-f_ZooPq=d~K9j zCJ6E<6|jJ8N4YXH9U}@AbP2&&(vy3Tc+OZ|mo#L+aC($eh!p8Lw!{K7TVV(oZPQPq zJA^5D7x6wp1KK?&(DjuR<|RXJRWwJa@3Pks&Mz>`Gf*ky)>k}jGA_@K^f5r5UEm`x z$!OqrGNp!{ULSCs@k5<~$))2xAY%tRMIJiEKJGbRW2AURPn;)>z->KVGGY-Ujp_By zZ|-BpBW&n8D%4bR$+`C(KK5t2kvcqUr!vfsfbXr8B9s9BjrSuzzIa~_W+Yfhg)c5) z_Rp$rTIkmi#g@~;3VwyPu<_$aiI}nbSl^6KG@4zavmI>B1!x_#v|=Y9?uDl*J;vfD z2JF(h7c>p(Wdd7sR>Ds4(_xFw)x)qv#AOGb!feHm2<@XXHRKJzp%yGYI4vR_u5Z2^ zVQzJ1ITrTbRIp5n*DqPvVcFv{Z`Kmnr&15gf&opb<_sr{lakXIQO zP{%e`+g9P8w5uD1ZNH2VO9C4g0t040tS}#0?FtbJXBwZKk>5>HF!|Ju z>*R z^L|HF+EARL5FrE;2ih*O!4rkf;{)B89NBUCIUl^+wyr`)$1Gr$0~QG)B^A2VX1p`^ zwY;_3VxcO`b~icSs?7inLg(ZhvlefIUP1z>mLS^1mEC#wBj|mT z`W@J&hcQ^lQ1F(x^hP=AI7Q8wy@!YVH(P7<1!e;_%P~F^eizK0{g-jTZmt^@HHM#6 z6#JQiEeG@D-Kt$}KRdzTNTr@<<2d;-^vkEtBe;dwV(0iVWN_I(!7!k>4w4{)R*WUx-t~4(syGodj|7vbyJ^ z2-e}&^%YRmAF>W0G-a;(Z!W-sDPdbDIysSzI7u3Znx{XxL?Har9@{W^ak(jd%s2J$hf?}jf01=|pN>?> z9OEMam99pRP}@mQ`9-CY$Oa{`QHgtOE|2ofcSS%m<221s96K|Ue>FQ1h+y_pdr#5I z<;=!10IoBPh;#jj4vg_UWol?i@?f5_34$=iU0X~oh7^yuC?3MRyH7KO4i?Q&PN+f=2}VUZIop#WJ1`o&c&Rqch;)lj(0O z+F_k+UPD21-cqBLe>~!8-E2^=G%JsQrz&%-@4|F#jY7FaM_Cr8FFhX(;0yzBMX!sp zm`p@O)%P=*V{#jme(SNv&cS@I83+uj=^ROOj6YUjEv{2 zkvZHV88mF(N0olElDoH!n2UVp4A<$W4v{#A4&#Kj*j@3&75W$MA!9Kvm( zD68ayN#ks9D8i}FP&SY9DKm6VC~$8(AG`W`K=Br3l^E3e+qlSFh`9^?%Ud?rVS%@! z@}eJ$9Y>;WTcFvP6QCE=mF(?rev@CY0gA^RX9A*lMsAfSZ#%LfmZA+!*_KqW5bSpT z#~W&_1b{=9A#r94&VapXI$lXRlG0{7Km(vk;uo6KiWZ4X00`qbT8$jWCcG5Tk^pQc zez?}4;Q@VZreF|;=NBW7;bQ9Vw3v5K05GTijQFk+phd^!;6?&X#OteNQ_KR8O~*!r zQ;x(aR!^D_AGgVi48Cn8bw@QUy<$MtcNUw-RC@#I;}UF9#)sAdx*=^mn}!=$ zrc6YFc2~8+A&&)*=37JvucZLf72Ca54MowC?CvvQs_1mg4sXg724PO~cvQTz&cyfC z+OVDL^~FrZ2_3-qOq9YWp6*ZA9NfX4uf@Ib7NqU(x;LlaIm$Hor-#*d4z67MfeCm3 z2SSI^!Jh-k*Zd)0_)fCytaTt9W&NkY1SFw~NV?#Edd7r+9i$ zVW?8zy`?^gZyA@ZtevZf3M|&{QK-jNfJ9VfI%#{3Zb}2F{_{L*35N<$SeRiRWYy#e z7P*q{hDjrKruJD-2k>&lp|k9WX28H4eLL%aNzI>m}b`_V7rDogalj&j)vW^u)Z-++#gIS zZoL|05wpEd!#P9W;LrMb6?O?%1G}>M7APJirlbjCqf=0d0y(i>#o4)7TypOiQBLr%fW z&rj$eQBW~PTEO%w!pgUFOL8{g2yOo&9SWDV)~}^))D4MEm~saHUx>fLTuA*xTKmra zFh*eT?a3<8GVkJDzL7W%uIYnSB6q6ZhdCi}MEc#`$gtX2D^JD|gVa9yc5kET79X&y z`@Wp^)Sbf2_=prZ0*CUvP(au;rlTXCdMMuW%@g2SH~Gh~g)i?e9e{`JHpWby-rw;Z z-bp0<&;9Uo6KKsiU?Y6R0m0y_$-R*y1m00gMB4Q!Y2F^LQ~0bh;?TYCN0us1*+Q8R@@u{k8v;nmz;!WfzGD`3ye<7*nR$oe$O8+z zF`x4DN>F&GpPhftzp-ERt<=bm_mZTt87DQJJvv`^*)Xe?C4qOcz;R11W#iJNY&^i0 zn4&y4;%G)e1Au!Sf~4J3v|*AY1w7>=Kav4NWUurww-H)+zSd`!7a_GP1GHlk&Q7o~ zpeg9JC+7C*Vvp#Z6xv~FW*)Y4#h_&l^auXSCv9M=C#QC@=QN(9$)_I1Q(+NnLAuT% z!Nb)H-X~$GukK)=GjVXdYxBXBGX^1_hGi(nU8mEXP;And(wogcZ!(z zYz5@Fv#))W-{V5HxAk*smWMY{9RC@yjU*u-%FTzJxil%h(q`OKEJNl|psc2gu0J;Y z@lV$68-dv^wr#H?@rh-c@rTe%|J72>L+39iy<;0kgnjk68Bv&l+om=gzYf%NHUMQsOLArAd8G}vU~tZit%2v@`HP~D9k z_v}qiHLqB0(Qs=mD|iu=sQHK5oX6PlxPXApbY8}TVQi|6IPzkSw{St2#xd>hvH@qg z{!d0DucL(Y_v=H54id{i1TgV88T7yqka8;93Q{o1p~&5gKv6Bhg75ej_Lw#2g~Ly# za}L1)<_mn`o?lRWiE4#USCaJtA~Yc~yFn+>_qcl@WQTbWwAomM@pepA#a!;1m;2f<(KDb4+n?yPJ%pUR$72}yX8YlW;@gwE2bm}TE>+0#aDm6g zANZ^tW-Y{pNIY%@FACDOtz6vF<{%0HA0bXnq<&ujvE z$nEff6M0Kxng-J&m_;J8SxJ1}3bsAE)iZk2OE|~KRegvB0WG$BOxqc0M4NT3T5hCw?t6Sz_`rhI%<=*2nx>dn|zzntf zrJ>io;@l|b-P5sARxfpmva~#DjEirdA{=c0Ojea*_O)$^OrrQ{@C*rt5yPsDn zMNx`P06;PCbaX&pFork}peY`3ChxngNcz+`_E;QrNUb+|xGL%!I(IuHIxcuvE4_Cp z_$LIct4DKt`M=$phro>trU{<1KkXjIC2R6Sui$BwKSq18~brVVYc!6f@Ma$bns7*8ww zy4&_ulzF){S=8OlSZ~=^BsZ|mR{7R1z5WJcl(pIO#mOd)P{!CbuTg{+Et34Q(JATj zm2fm##ccV;UaHPlHmlOVcQ;y1SNg3f6I>;YX?>=><6C{6$%d=a?J%{R2NlUmda;HX z`B}x~E<1^}ITb@SeUe4?T{U%6PiyPnw&;ii$ae|B-u2RWmau3hr)4>9+$jhuK3l{X zYwoUuDoz1Yhuz^%7Y&m(1-fI!Ez~Od6}!xt-N_}R&jj}M*V69omN028f4W^y?d$K} zzAioE@EkDhXX|X)x8tuY9j^5g8;)=KlqnHu7$z^9bv@djCwnU8JT;P?>aOVgM#3)& z40yK2Bb%Z>#;KhQF)wlW8aeQ3iL_Ea{+CD5tDzxo?No>4QsKc%ja~FJCw`*}#%9E+ z?Nbm_v&I`A$Uac?GZ;T&bTQU%ufXW#*McvrTFg?}Iez&|O2oweiIC3(+J(aSp4v!i?j9y&B z)T{9wI}{C6`)E$g}0eQ2>R za9AkYJn)qG>h8VexQn*dASmHjJMzNq(juoXkokG(HjK(6oX$xw^u+8Owd1}gxMa0- zAyh46+UK3&(2F_#c!1Z)%b<6!@5*XL$5{7T>+t=J&hq2CQDTq>^1|;R+CEsHSt|;2 zhq{y)bKtKy?7rFQ!LeElU92z6ydkUf*SYarST`s2#ZOgd-;x+!+f38|Kvr2Gl#2(b zKAkM}JCd{=$hW_%*T@*B0=Xig>D?O(m=| zaBFlmdLiLo%VR1zxsu8*$Fj+@p&5l>F~~H%mriP*^TdIBu?b&!w3D#Pz@>_MGWX2_ ziv%zpp0A#fS$tt%B7?N@nY0yMhV@%}CQ8Omu)HLloGLHVQ|g&x@Q0>9;~`VZbkx2E zZ4=1S7+zw?1i~BSQ)lBf(E2K>h0O0J!04rD8Us!}3?U+oX)~j)u>EA@H15yIL8%NC z&-33Fl$S1s)%UV#)D-uD62M?^iHXT61Fv=e_0|}REO1%SMFx4Cd5?VkCFy6)R$C*! zl(pdX3!bb|=a;}||4xk~=?|fTnTjkf!tWs{>QIg9P9GP-WIL+`k-3T`iPQ&iv6?!^ zR7XMz?%cUbR3S^(w`F6a@~=(5TB;d16m?eULhTiCi{YT^0}t4^Wip+oM9~+GR3+Ri zz2vW35ZT4I6PfDB)60>oT=_D5axnXJ_*jx%z{%fW9rg`R5ZQ%WHqD5J056#B?`N?#_DIKio!xBfJFt6 z=Y!E`tcc>bRp~#?A<&_>Otk(uFOqjqF^RY)NTspPia8+|6Vb*q)RToV?qaADIF+LLm4dW$~0r)570Rie5X z3wtGAgLkK5f5iv`8DKPhw3hv>b%R@$Pj4QV_Brs8Wq-2g{#eR=XFNhjE|q6C9GZG@2}Zg&q2x1vam~OSXAj8!g(U7zgu><>}U zgenUR1fS6~QDm7rg_g%bUEQlF*gHn~nT)Nhr?BwaQRUGasa2rW4s)+E=3r~G(4O9u z-V^``=ms^jiX}1k|9TtK+er^g>ZD92$&*vy(sI?*J`JM}Z+Qog@ynR@IOK@JMy zzeZsSxYLERTSHLvS*4#OBCe90VMm$g^v*THC9bY_&7P=ZW>) z`;Wk?K|G2YrpG@4MC*M^v`Si!y!57Xp6WFw==Djj@H1Q5pE&#`%{msLr-8!6e>9O{ z0zHOKi4r?jCAnk~b>ag?8qW6HLL%>T^q1@DpI81;wp86FrdT(gV*lD4aH9dY)~<+> z=~_x))nnHCggvLCeVN8AUA|>L{FPts0S|QJYVmQ2GqS?ml?edb$qW}m#s=`K1m*Bx zq~XRIX)re)iI44a5>+JDq6*Jk2tOU_B&5*}Qcc6VbK;%GgQ0)}1l&C%FElxeCG`=A zX3mdia?u>YkfqqNs$bl^`+RQ?YQ4|@QpW{x7DCBD?MR$}G5!LQ#vlNE*8nC_mZg~o zMl(9FMQz_YEQfl@TU%Z)u?B!65A@ zeI82zd7ctZ-=p1?{iJe*2^(v&{!^+AF5)4R`c)zBtJH4@owENu4v(?~(HN`gY_aJM zy4hTE+1~0t6|Gsq*}#t}l-F2#8TqjbS!x~!Oc?03!2r(Mkaem2V6;DS1p_!VVTzhJdWjsPk_xEBT@RhI~a^#2%dz22ghqc0^Q|wE1x1# z7e*-kFSNmNIqZiu<>g#s(GrwY<-;0&7Mq6(*w3AhV%TY`y(%f%tAROFaI{k4sfvLK zk3Zi2SLw;t5k@jLEHw-gaf+?R0u{eo`!S+VvZJ=hTkNo*CbiRFHewl0*k$NFQ2`B$ z%#HA`@7K3{He_n24Qi6VGr@^^Uc+DgcU!C)kc$!_!bSqmsKo1($_F}RXOnF7QG_v% zujdO356sJ99i<{gJ9C<4$62dKBBi6ZTInI9;TxpKpIu)mI9TB|;(rzYsqV&9{TJ7s z0{)>-90{zk7R(K@cpX>g)sDFMlPs>hnHHl3akaZY=aj!3Cl-*JpBLa&TBw;#R1TtL z<=vOuJM*BEW9(2FH*j$&349n$rq-UH`Ckn3T;ie5l$Aet7|7mRct>u&ex*s0$m~R1 zY{&jRZn%Qv*g-FSjjZf_iFwbMx!SV??|_kTVGs(xW9Fy?(zO&4CL0bL06<;|4$nQZ zBSElx1M>H)1sG-L&suCZ3;#C7TF5$p6@{hWBj82dAa4GFJWQF3Q za{Fa*PhZY9kWp;`S;&ORrjLtd+XSi)7nX3DaWvUk&|m*Eik$Y~uB`6#(}}EBNGvkg ztDc4-&ah~}`nNBTP|mLQ#dn)4*O19W4;?-!sk^w}wn+SrfH3;0SXTc3F*`>)2rnA) zY1)3r)JLMxF!I4C>TP!*69F$OZ**p<=H*vu1%*=~E&bCgOQ~}HDE(QC|G9#WVrDDt zJ^L?x0ck(h={&)Qb}Kr4!5+2Mh+`RX2eG5HQk^5~UQUXx86Bfp{h~d9l)5@4G!vGu)kwhn zk=nDsgfwxgzD|^t{3gSYJPLU7~ zN9@2Xys%G-)8>1H7onF8>od!rtNlRBJMD6l#!z0P3VCY^AczHd90QY*L3v8Vf!80} z&e&EQDo*FDW^&U8wJjUItIfjjxKkA#X?(MuQzNB8#$%xWOT- zn#r?GVZkru6_lP@(>T3)55fM2W5YnKaL;7g5fo{dK#5m;oh;M*&3L82*^SmR!)L7?=Xk zRQ{2vD>&fHH$2`U;)|59UY}>oVXyR<7QLTv&QQd**$1lpWjL&*Uz^Hp>-UP2nHe|bTSG|(1y#KlYX zi$(5i@eSd=3=XEAa54PV$8F17McLzwt7#@eWJ9kNmaj^5@*_okQdXE}A^)Nfn?9Uj z8gA{UC&f)ROgIyZ^Z66kNq7<*FhdQx9`!nlyZ0P;+=a`f5hS&lV8p#I#ib$LRuQ=m z|JMaXM%s(&M0Sj=#5kW`mse+vFzeE&Qf-1Hz0qbif!Z9lAsv zaZzPS0a$$8?_#lF#Cn6+xeKq1<59+pKWG95`i6t*CIPNfJ?v=vqNIn>t+b@JPsgKZ z8Atq%F-sAiKf{}~pAvK6780XSw^&i?Vn31+Cp$s^aUZo6c+-2>-f>u1A&P(THbxs* zL9;K*U!TXvZwNR!?q;cMbp5pZBAG;nqBs}wcKE2#62*Eu&iEmqu>`5p!qwiW1L5zn zTXEUUkJF~OTG-=FaqAlJkfgNdA|palSW^!ekNt(b0l+=FN&4>r)+Cvbz5av_#jU-d z|39`5@1_r^Uf_YIDt>9w(z+A>mW zK$2`u$RUz8PjepB;hxU{A<$~SqWv#4-h_H``j&z5oNZgojxdL*u)pP%K3J-6=udAY zuS#!uA^-#Fuv|WzrzS5?!sKN9OSYkCHY!b$EJqq4ae6!Va8hKtXd~dsHEEqFPtzFD zd$|D})eP2K=cnv*dXR^p_r`m3zx7LC|Ib@5fnh@vDZ?CJ^7DiE>chSJ`RH?bm42IG zmZ9Ph#yfv`>r~L%A;n-N>9v}W2m7=76<2~wS>qqu{{^&9^ymFr`y%`eTGz8`Vmf-T z%9d}{Ro2ye#O}SJ`NpY1ti{f2OYV8IBKGggv^SA7CjP>B0_f#eC55wOq}_-#nGf37^kb0DPcM`Wvnjjldduw#!zrQBF}rI|B-b`NnX>)kASA7 zbkZsmRFj8mXPH&9zisAO~toUmF6_$@$S*@Sh?NyG2iKuYRS>rf@Sz^4Os< zm=E+3vHBq1-K7MS6dbs@kwOve{|%gv$Z~4&eY#YAGdP|+ssMhS@20=Qd{J}QrcE#K zLqqpVhfQne_Xj$ZWnp^X1V{iCx;$yb6+b%$a9%;@CBaD)=U;N&Z30}r1Q&sg-1Qc+ zezJ+an%U>Kc;z}b={d5N^x|GSv~>8BI<9B2ERVXJ%N2`YUH|~d0dkUJnmy0vdZD9# z_Ix3k>g3A1uuSzjz*C-tCTY*p2zBdG#E)rN|1}GH8Y}tg^@x>^_CQBV5{EO9@78$3 z*KH1a6|-Nv1YkWL9k|y?RdmoDK7nR>P<>tdB#_duSr+8Im!u%J$~-=yt>GIN{{aXu zT&EnX9jE+9Px4sj^Xug>s;l8ro>ZUIn;NSc>dxv5+(?_rGmft`Pn9#gEvvH1X!&s+x3H8!?oD5%pYkWTiq^>F z!o=twH2adub$1a5GO#108e>*41ipWXj~4?R^K%AW@P)5XdA%};)+Y6JtbD4@L-sPg zt$WeNWjiB^1f%-CjgcVK~wi{y3H3ZZ_Xkc7-aR8 z7V!HguJb<$-!V8#{&ka3VcODI#liav-JhAaaW{im6S}k-gxdCRql1@weI`lKEv65~ z=6*yYG*iRWy9svtUV!)ZXm|Xjkh!rhz;tE*?j=1 zqSm?h(-iBvGV`>?mop9A1Zqs17!Hif!A7d8ZIpzcvm*NIHlaLJ3q z#pm&7-wR)I;NB%Pe4}r~S-c{M?$L5Y87!=2WjktqJb8t|RGBQHJ7xaA{sW^ve?~Zg zJn)@;qN5h?bBXc%<*X?v=XC5*(ZShCugf(88(Rh!IO_EgE2lj+bOj~9H0LZwP*%Y-)y< z&&*y57%KPE+f*inHrV{(Mh3ZL6JNvr4XK$PA*U6n!W+n9nN-3)<-UfyaQ<}sT+}H3 zGZ%S!`)8f)hwANQ)=SR{Z{Almqzo4p`XBdDh4@QPp$dTmH1LR{EMd5iVt=|lVz?}O zW`bSG!8fX={PF2wIeMz^et4r$t`bR=-XL2+)(AwqY8#EEBl-U^2NrdW2?~S|U!lS( zB;NjvL*b}R$BWY{Z9`mUZ7T`N-JS--$~3iNRz(N5k+HFx2866%0OdaBd;}qyf4z8T zA!uw~fIEAIBpddL_x`pY((v=Q`Yl|Iu#B)PVWx5FeRiR{;Hw@|##b_)z8ZL2*}vW- z5;TU%hGeIp=fIM=qySl-UEf~6KNtz^t6f^m?s5cq8r0*ANF~*h&yeiFAf>rF%tal+ z|CgQ?XhF(^O~+JB7*13j=h%8iyL3BWq90mXI3$IEglNn<)#s(}_SQqZXqWsQ>fRvy zfkQMy`R7Ft(}E6=t_1U!IWeHNpQ;>;;X(hJm5Mo)>MQ$19y_-Uv5xP}g05wfpyQZ< zFu5ee?wllP7D^BQ!^)W$O{cKGxWG-CAAV>oH-5GU6kCf#e)7DAXvcdf3JPHUFEKQ(BG}~tb%yg%>DC% z(9hG#KN@0&&)3H2w(gMg8Ux0D_Qdj2g+|oM{zlYxaGV;gC4BDG7QQmCSBj7vR>x@lny zI3AvtjQwPkm3zE!(~ zgjIg%!P^F|vu^h!f_p;gsMQnRVRKBECJw<>bd zo(;K|e6(dWUBjQr_=0g~fXjx;1~{z*^NuS@9K^gi>|ed?1h*QymAT5ZHBJ5z+M2%nJ_Y+%YvCO+PWXA(?eR+ z?_m=m>GIuhBOERc-BVyOw8s00noiN78JF#z_H#mm77*^Amv~w?h)e+9PTA}Dh$=e) zgsu_?PCf|H&sY1{RMHipEBIxFS?#AT^_Bu3Lvw@$7!6y26pa#{j+y=+>8!~BeLM0P z>O1Yrn0ONfCiKS!UW)tb1gW{ISPPI@SlHW;@tpa&8!Zmuj*)zOItmIPfWT1D8u@lM z7zn>1fqOQw@H+Pz=={&htU#%1YvEBAo;f4=-5oW}dA9OY8?7VOwyYzaUALb6P33(8 zm=}0BL&A-B&}(+A0zX2hO9|exdd8}a4FmQJO!iB8?0&VPZ*wK@*?RxF;nwqR+vUh2 zTYR8?`a@NDH?cC=fDZR`kIdHrWr*gV`Bi>;;L=me0RU-mgYk92&&`>(<-4x+t5%L1 zLA30gFeGGi!gOwA>p%Rbf1vf5D3viXWOyLJI-cwtAaHMt9y)GSevdw)1@oh%44c=! z@xjjgwgZ9))!G&;z}gTCn)clNJXjMnVvWajm+-!RNqoq0=VF4%$|)E~I4p5nk9aYk zX5P!Ca~&eXpK&Kov(;*o__}ECc;*sJbY^zlQvUrbwFB-MTHUrH#T!%r8%pI;>!Mau z%H=HSSk=LBVjtJDRJ1pPX}Z)Z79Y!$x12|Y4@}~&vC9){!0p51Hgt0&0DvJ*y}nK1 z#mtGOPPQOv=9KX~^4C$7%bAluqHDz@MenU&hkCqO)L(6OezYR?|M6xKr#MG|eb6lg z05&AG6&h|9QVxiZnszm&m?fLzEy}tv4jTN9?u`xJX3%w;eXl=|hcg~Zy;fcX zJW~>wl;yfSjJyeEg@-2q002-yLw}k=qp<+M8RZMi+gB=Ywd{FD=&t}dDP_rOanqpx E1A2A7Kqi}%CYpP$AYsr? zD&Jb5IY@^_m!OWrZ{hi6^(GUds_3#Wdo)+^6lv1_BZKN2w?NokJ-Tm?L^x4%_P? zL;)9ON)&kAhR}&7_n)X81GFJhl_PIDshgJbm3H_5lHagATBQ8OVIe<*hXY1`WiEY& zBx(h1wYurdx^h2g2$V-DS-!Gil3>y}VDUZ5F{u{?+I#3L3wi|4ds_E%2`&)DEuq^z z5cGPlcbzcbq5vY7u8s~d|#UUm8)y?C=2>=_MW-u^)U&qNr>Ze_yavU%g( zZ1Qp--XLa^TgE)X|5^lgE9ag)I*_Ut&H1|j3JOW*1V8)Rf)JKt-gb;gKllqJbeZnZHk|$p)gE{{Ec#nQZ=EHl>H3_5*TAeY1P6Cozm;73 zd7ei&o_Z9D_VDfCG}Y@1#v2KxHQyP{yBZ)pv-sE?lUHVft{(yEu>Flxk)tg2$Tz6t zz!leyfyB|Fe|T8`%vS}xF@1xA9m&@H?e>tWDaXs$q(!rLnV%aO-L_=PGfhPyW;G>U zd(5WZhrj*H9MsP)jowd}a1UEbHSjGkYY^A|1AH9+HpnUXS!CXb#9grM%$k20me$74 zEaUg|#~WdGn0Pt2yUB#=nW=V5Tn0fmcO3AZMFA<=iKeKy5iQ%CbBfqPB{ZY%woWbmogF3 z(5<8F2%ilbU=WmhkKZEMz%!v$rj0etfa0e`b|9%PgS`&`(vYc= zxp~UV?c4F`KMotb=secV@Y8+{y+eUx;M01P7J2JsNgB+#OSCK|Vai~_2D$YRx%eg@ zwgCbDxYrod)6&Jcr|->)o~dqK^p566BQN^Zc~m$m5;2L-KO0?(>#umpqF4q)Hc4=MSJ&8hg0vTkfU8V5XjMep- zj|4ARFlpXR``L&H51Ki;AO~PT^^8inmHGGit!HvP9En>uNmNfkGDVDf_0@er1toUd zG@mnqr)Gcb-$eh#n$*l-8T77c%J0-)ENNi-@vT8Oi4xIBn{k_Lw=hEGV6>&413Z*O zdTQ>TLbTHK0H0ozEoscNIDd6)l`v zbchi&$FN->X1O|1Dg{QC`28*9OLTF6AI&7RQ6l#_4GWBcPNPlW(pY#(CdT2Pb z7Qxq}Wd+<(u+kMv~o*CsGr(?9#Z zSQqH=U^5z|(Q^xx|SYiV%^ zG29QW@N8Q(Xxj`G*q(dP$4^}-?{=3_kklN&DO<{S2uFU{U-C3K?2z?gT*^tkH9$MP zcv&jq5op~I=`&E=C11JbRW(Jy6=oZ$nCNn~-kwrOw{vAju;c z4x^fWD`0icP+Lw7`YbxRVAbHnnS4;8&sQpo5Hj=?Qa*vM69cx<51C*q_EG-*ACV0qHTYX&fEA_0Id62wG zx(X`uhi^gCCGs}7VPMO*n|BMg10MFtgCh}xy@Xy%@sWFsY*N|_Q-!j_5YBotg9nFa zv9k{}=s*)1Dvo}EkkwH4pC&3j%^zXY0lbTVRBy=eu#z8h%dQ_$VGzAM|t2|7eMxe z?@p5<{>%!$KK{IleSQ4=9~~Vnl;U7K?_RUoKBb ztE>mbH14XxONg2ETqeRESkOqPIR?H2M5_1H$MdLd*G;9UYsJM3U#Q+k#VcLc=V7&~ z#RAR}1h*7WM#pdbO>PMeI_K+Jsl~12k<))mF>;r0>)j!{O-p084P5(!$- zZk{#E%U^2U?S`ZFHSx@2|0yns#>q(|qAszSl)Sv0q}Mkb&V9Y%>*^X(712!OZNP4+ zFITWWVR9uo(x*3*_USgHq9916BpRkGV9&HEfng*~+sWGCC6wyBpV$SVY1Me!~-4OtVCPjKL<~ zb8y3m--)J1Co@$CPY>}5dmsZeS9Jd*!9?tQ$i_4Sb%Nt)CGj6Wc>Gy&qzo+@Uww>`REu^ouZK1S+pBd$AZ$ru@Nui60obSZxzP_F$T-!X0Iu zK|3;{V#x#91lf>bh0w)S(YY1y8(*D6lva{Bhd&bm4`^2LDJgxUvgr8K22$ z{&1cN^v=TYe4zb|%YCs`A;AZrsW0b!%acVF`bp>J5$Db?X{Y*oiO-A-b+j-Rdmu{t zuMqL%tx+%9G)RtGUS@LPPhs<0>Q;ec6b~Kk0vEfGyZ$zkhjfdoGYs*3tGw$;;K@qw zduhWLv=8!~c55AIBSTn(8!X+Q<~+`M?xIP-i;n?(GRJeF-2z&NDG z$5ll~#@>?_?ptlPq5<*oc5V@9V~t*AB$tTqkvQ6des>N>?$fWQ7lU#P!q6=IgSDS z^vi)O3dxDL<^4a?2zXwsJ{5T-p=+yTlz<6TXfF~U?V4&p)oF7s`_}d5Rx8Sm=MJVX z^v99vE@1eMT%1DlgHP@I&n>ynGd(^jQY=C8Ev)lOoaQ{abgFGdU-m%|T)^G$jX}ZH z&&;ZPzTxr4JpMYM=^ozUSNVjUpgIqrak%piYWay8F+U62Nsjx`*z4=qAW9Hejc91Du~(Qh+IiGD=NOrJ6Sa@tGO86eO~O!pzT5NH>jzrcVcMqi`=KPygmF%gl6-{1v zbJyn)XSqk?7Hyr#tj11}txZC}fcdPTY4;MR@AeLCSg&UlxDw~psy~Gva8qO3j0&tc zpv)oI-+8OSpYd%j#-4b|um19hh&r*myKAwvZ+ftOc%a?Qu=A7{y;fO}fMpxheC+R@ z6!_!=n+WNVN902RSWq=wX$W)^Fs{^B+2&$^w?yB5eUJc^(xGkRi0@eV6O*V>ZOWk^ z@uUSM1RzGy!K+x&hw8n7*5=-10rFLN4mP1^Uf1(G=SxDghAil|$JD!I9|tMdQn=ER zjx|4O4;wK#xNImoJi#V2B#o{={&W>%<*PM}xrri`bb6ts5=<|ZR`uttUn=w=N04-m z3JDcO1RJJhsqxA%paAN+eyo2#0kR5CvGtrthR6#nLh(~_n#v_pa?GA`?vG`JU}nPm}Ge+_)pRaT|0BQzBkB`L!xFA@f! zf3>Fj9*C6^pl)}~N!d6QzFq%|@HdYej_hGg*fZ>ndRaFWI>3X28)81R#d;2pQSiQn zMsoENfV7W%4reT#f~ddK3SKD^%m^_k}4Bk zjV@Is269I_)|-j>erBwq5au{Oic`^tO#`{p0EQS4T$sly?NBu@McCnijdsM1iEA`% zJvOn{=LL>owU1+qaxWKfC$INReJg+EObkSJX}q%7Ws_r@;dKGVX5R$r#P@L}9UK5F zG*6XhgJD(nNPZ+xRl=Hj6+h|;d=yt7YnwuNQGnD!(K1ocuM}aWSk4iNoroWhR2#JT zccHEdG3EFn35l{fh*}Wkuk=C(2qM7Qa>nJd=NF+P5@Ifg zQ2N2gOT0j|Mn z?=N@d@ytIE9GN&wO$huj!G`pPkq7UfXYPPCB5!>*fSI1#Ytsamf(fShEeiVKAWw`7 z1%1y3I?x=K_*+`rH$roh6e#%U=9i+)Fi}&^l*E0Is-{Myyy2?UEqlVst&xqiyCRSv z(<}g4-DEhQ)zcD#C+dE}JGiyLH1Rg(av_<-`|OwE{jWP$6( z-`75yU@kVsH#2j-f`1J+su+$*u z@)^F?kq$}Ig81Rz%_mcyD2htg4?FJ@Bh=%mRJi?+V0cTeB)|rw9zoFR(6$R~mv$LX z;%rZL8X>5JwtaAMu?nz?Wf>@NKt^TY2}1O2fi_a95Qk8W-St%c!Het~NF%UPar#-? zATRMtPV|DH(=Z46r(_Ebh!S1ckn|^B@{n!C?@efs zelQs~P@#HKeM55o@1jQITZX|$v(+2dPM85A;Cw%YZpcMuWhyJI4Ga zdHw??OE{Uv)B9NRXVcoN-YmKPkqFv$Acr^8-^XlOv`@V>{jQQ^vX{XFrGb3ehte6@-IJ0SJY6BHYgz&`# zs72$)brfv=OtO(Xr5PBAFkizj`X$y%B2K$BN|xBb5cMm-$_UG}XV)^!jG435Keh;& zSx&4ZO=tVnC?$M4%t?tBy*=`cn6r^rejeco6Do`^M$`b=@Bp#qr(-%^YjKY*1J5KY zI~p}6EJKqKy1HX$=&->s-${}1H-KCMQvljMKJ)I*Ji@T2JO{)Gp0Lt?0Q`JF?gU|4 z>d4WD5b-5=F!R0vhGs0t-9#enn)nakAVwlsAxX7KO|*a6GfnzXp#K<;-MjUv*5-ow zrP)P@$Y2dfZJJQEFvx*yC<|Iz$u+W5$WOX&iGrSGQ$S^a~NxbimzH$??-|h&Qz9P|c0) z#~*&K_OO)rf@pHgT`BK6dqfx!2C;%8!74!dr-6y+#}|Y50#ig3ae8B4(oXrCRkT8E zmIANhBhKn<7sg2|e^R_vKMbYJ0{KvtIK5F9$2-+VKG2%P^42U%D6Y<=zx?sKW{#f4 z9DxTc`hJ=pjfsypaLe5qYkRMj)82QOeJt}jv~KrWAczl(2S-xfxvG24X00wbrFBSMwBYqX`cjT>15 zAP>(vP3iJB?9pVimVII#qc z+NObIUoOjCF^LLFE=wj0^~xJY8*T{pAOr5G%0tyTV<4)`>VVhNQist5b|lQ z5~|;i5fjf!vRiw5Wi|8fnhb2tH4v@-4RI$edS{A3qgoneJV?Om`V%K5^BvZkb1_qw zA6HN+ zKF07Bx*vi3wIkQ)j8t)4Sc)d^e8kkp>4dWLDo!0P56QU$9niQXgux*U%9 zuspy4N%1kxWUS~b#R15D)%${I^49oJf|%IY1t5j@B$Fn%523?R;tCG`O+x z$=+j7$G(`2Li}*o1{Y;GXk{!Y>(QkOA(eN5T**8@-f=!NJoWNcwjX?K^+(B^Wb%8< zRo+HAJDMX*Q-}KJOo|&EM+&tCh1=)VlnK#LxFmsX-ZT~vuO}L8mawAv6S`2RKB^;s zXU3W+!Q6B^qN2fEsn7OH*KUs^Eu&AbBMq{nU?$adB#X#;00namd9p|Y(&GUxKIT_s zrQ@W}vcR_wp3<&;(RzilOKE*amsf`ryL(jrwdL|RR+Q(R3{tmS+CP%D;?M6tB<1>eU)yUzJGUv(?LkA;Qm!J6 z>_3zA8+tv&sDVgZUBwpl`td@QD>WcUuIaQmA<&p<*F(9>GICE~^N(CfZQ2Z9S@)8n z$d9v}ZJ%`~BFWOC@UGxIFF05V=0SAWk>uj8Rk?5TooNL?Euh9W6O&j%ZL)yL&e|vM zc~q5@k#J6NR-I+?yZB{5fCsZ}*>?#@@e`7=g!CJB)lzHR+7{r4GBPZsH`w9+wwjR_ zV1v^vTxPvgY6|67FkZXccYdoJYQ?4OITS?@)3R@?(vZmB4+o98wp?vRu^2AVdLWms zw}=`amzsNE(LU&SzWqb_eW7!9Km9VfVmsa#T?cz$)$aGeo9s^Y=+g*-D!|kK=-=w;tt%bbA{T1-u=k1ZOlKKl z5~;tg?&rePLkoN9!w}zwE~tDrGp(OR+xn&|K5+1q!oOdTD=vF)M4D6g;Fu*XO6^c3 zWQ|^N4X^n9n=IUikwdM!@Yv>ThL3qkedPKfr&#afZH;REtjuXetsLJew zrN4B(Pbd;Wk_d@4#v%fhF<92y{_go;e|BlP$2>WS^BYw%9VR-KO{V$i8^Yk7|0ukW z=j)Hw^ly^0#jk)T^9%3U4_)-}W@Pf2`*Up}y>OOKmFE z1(h7`);96Ss&(?kos;~=VCQe7M=msvq|W<#S5X;(J1Z+G=EsP%K}P?i^gZ4O!+0m+ zhiW~EzQJ{Z7)5zqQAmUr%rv=%ckf@^a<>cKAdG`rk|JF7uKMQC_Gju@U#in@aYjBK z0Wk%k?jaGSJv*`N_sC@2m7h`h5qB6pS|m7E>810;&BVr}&&?q&s&@W@>OD7HdD1@z-Z-e)lHWZcm#Bb-@dGPE#rt;Yn8nu1 zg}vIgUU^4nhhgSOF93KhwbR*W*~8D9RH8TV84UWz*6WlG>Y#vT4-UpF50tY)$%)|z z{9oAg631@H{j*!I(>gXwr9{Y%!!o^ZS;~3J-2Y!L06NCuf=t!{-_LW-eLv>uJN0B` zW?}5L;ZEx2C1vJh3x*H!wM}zt&Mlp~s{&LN9eNrZ0CZVRsqLxiNkK*O>|@#&GAdPa z%jg???VzzG?Kwi^)9lW9xXQU>am@dq^IIOhN1q^|a!VZZb|9!fAaHcCBZ(&XI`@5o zlNCyVU_;1*=a4elk%QlnT|?HChP_F0W!GrI!Q_O&NwtT2+qEu##B4;}jz(o3`Rudo z;1|zj!Pm5c+g>m_(tpr2F2 zzmq@5IY3`6dgefV)MGsD`U`aZCw_YtT9jd>dWY+)Dz<<{V{-+ZFFmD$f zZWFr56$we@UuEEgW8Q>p2}nrN{y{6*5O6c=E;g6LY13qAO!qBADZ&$3(Z~A?Qy_Wu z5aR!9%{p?%^$AzDSh4Cq50HGwOf(Y;w*-`;Y~h(~e4X(VU6Xj}mu^Q&OAbg{H7#hS z`liPCHTUS5Vu1410!4!Up+DM0y)E8y>7fMp`GhBS3>(d?^bvWrj+tiWjS176m3FZ@ zEZ=;*)@O2#U#w9loJ$ya(BFeyn@yMHuNM-hv)ve>5BB2l*9k~u$1l7hT(7Ajyf7XF z&7dj1V!i!H^#;3Iy`pzi$^CoG#3gn`_Q&hPVd0I`E``U+l@cT}tA*9>!Exih`)NmR z#UHQ+eWz_rNRkC4=I1kJvG5y%io#LYXEX8D3infW*@McOdaYyR^|YCkl`9(Nt+C^Z zx^#_qcxRy)-+mJZs967ROfhe5K?J_xR1mfBYL3Fe)Wbu5P}2JbDkxXPUOBkzvpmJHcQ#gJx^-p$N65i<&1-_n&8Rou}^l79#)r@j-;|5nklN##8 zsnX)!tA#F;FA!I9e4bdE@&ay^BO+&sSr*gnsJaAIDN$T}I1nO?TqNYXfK%6>H}5A?@M><2fpSv-3OQwz;N!B({#4X zX`r={!I~<2Hf;6i64z!TVVX6-;(F5{{}{{Hip0knYLm7GSrSjoq-cG4Z$)2k977qd zLR#yP@1E$qSoyWpYj%zWa_A~Iyt9F}{O;QaNrAz?DPCv10}IIS2y)^foK$I03&`Xg zBowfij2-bNu~XM)CtSIOmIEO_nYl||#~zLKYcbV}W^fIj;kd-YCzl{}dKA_@bM){_ zX4&QCX5tWKvUn|>q&nYxAuWhpu23WRkZ&NiXW*LMFshXT)Z_5BEASUG@%EzS94B#{ z(ozrmlHgO2vYdJ101JjkyaJpSz9=U_j?&^nTJu9eg$4QfFYf{sbwKKeV~In>(xPuA zz_OlFgW$61dUbff2ddgM^Zmim#aLs+V5O!WtFz+#*B8rCmB|?1-%`uMZ|j=}QIfp*c`dy^AU7IRK=MKB>a%3}Db%|~$Qs}f10 zLr;wrot#J~gZ|`n08Ajg|~krkCdR)*ToLYB-=}xrwUub4S%ndxK`wP#%4l-Z$N(B4|qZAxjbk*!KNW z`BpA)am!Sb5z;4_9)-KOuQ7AJ%QoG}{6|eZN%*=xG|c*u--LfCg!UUrP#>fnmhOvt zU>mwp^Q6#EOdfdjHLRIfPTac0#RzAnh7JHuq|Wvd>OY-o87~_vV}|Y&G5%0R64fD# zjAu!bygNTA0e4#FF;nhmA|#mxM|RLoOMxE-K=GqaH~e?f^M?c5{8O#(KKSghAe70SkNZ1+HhdkvXG&`@JPX1DxZfsCe8Siy6cuGjmuEZlg9>Sk|WMI$I zfm3L{zkh^|9mj|r3ALW7a&Yx<)}LgS2f67wSKQvwdTR-P#;(=cu4`5?BCJ{2`SxI| zNJh_Xk(l%>>97F6IN*smh))>*+SQ88K4-T(E7{>`{ADeWN&JTW%est7RyDR?{;1;x zF3aw_tqokmMt_!^q!8|5_t-!1{bXh7N()gV&{huN69Q@4t5Xi%U?9l$c;ETAnxycK zU$kSBwAaj=Fdz54C<%7@dlY|&Ek`!wm+x*%8#wn+(G|%#9AOc-`Mb(Od1+i|Ni~_g8;KE^Fz}!g&^x_WqNF#3HX$*IHN>8BmB`01l zNdQGxkP{;AHgrS5*zvm8iID!x>IVtS>3d31XBy!yU+~hMcb9#|sLeNSK4+(_b6yM> z)gA^hf;<*nwIx$ym{nT%-o;0=?4j>i6I%clgVzyJkyz9$IHCZg+M^JegU>2ZAwD&i9-p)e*NRevH5HbKC(IqFm z&VdYH)iymik8pDxtXcb;6l{|KHY;ZaW&1i%dfh&T`z8)l5xPH6;@?1_glR?M27nuEczOQc?8 z)83FAM%4_WZj=f^YDJc0_%JZk3@F3WxlJ61(sEi12=6VkGgoDi=likBK)u33J-!Pz~G`9qh z_fNLuzr&kq)>1m<#_oCdzQ8rQZJqy^n6CkMR0POx^GD!#R7p5DYj-WCg11GBk3ywI zExAHM-{8oFQ*_ocn)BZhiH(h0`qoz4NPuQ-yFK~DRug9d0x2NE8UY=+mH=1L^8o1Q z3s?9_Swz*o&dAg542Df)kEA-id?#=$0)|}_OLET zBkFCfXO#vBeP^ab|6Nb(R_?r;qu*vYxKOp^(_Xy$g&I9!A4puEzQeJEfkg%|&!F!j zmpL_)UjkUoCR{P&Rxm>l{f{4vb{$brY~Im%F%2oI6n`A9ADj0x`49oj*b2x3cDDvw zY8bAbX+ggaTm4=pHdEZC6nO^$1%@n;?v#nR(?W7<5dxI z)4wOULKTzv7f$?!o?H=HtI3cbrKF;Sent%SX9jyzK-$020&^ran1=LXmvm)tmPia( zYghURkrBwLx$Hd>OnqfDf$#8HaR+b@HO#r}{|#W1t3m(7V>MfnIalXG=PiHwff>1!`^4E{glH{d2+KV43v~ zfaX*~1i3O)KCuq;op_TN@-`{3#KbgaSh;)E4(=Kklc?AsQ$*h+p1fR!)=T!_IZ=D| zJ)Plr6E$0_X|Z9_^)H7Xu^W=>+02EU@{>ZDE@zYwvuXHg)nU}(MqN^XF~azdgtpJ7 zY$6M&srVay+I~OrJ1^ekIYnrGNmMa|Q)lu=AUW2seaq~<^l3!K96ak14fVoUW1;IR1>e^?xCn3?b`Q8``{zUS5g8c zx$62<;D^V$jspZhtPp4$(RW-29;&1c!nz0b){N^C?U6}MN7*COShcDV4XMA~);M5F z5MuK>|4|2gT-HYQ{zcTX&>6nDR#XpKV$PydWLJ{iVgDYEI_69n2`0Q~6HZ<&m zpgd5NWbVHZbx5SYL7r=2bmcru8`7IyQy_=eQ-P{}@Xxz0rkRz(W7V_-(4Xh94~U^= z)nMRF>wdaM-}qkbPJ-H05qZ_( zA>H>!&+&_y{V6*mgJE%f?O-WQl>Sh`>)esS(4bPip&?q*-R>rU6#rh--&p2i@ry>) zG<^9iQSyGDlf1#YlwDyz{)neRi-grJfQ*L&z-pm;G90KC*0d)C%zbt#8q&1e>5cSN zi}C5cvu=RxRsYEV0zlRAz4nbj{}CBLst-U}9@PC~z>Z&lsOoa&z*LtFn)aN_T-19! z>vRIQT~S&_xZ7xM!^a|gC(Y?WAovp>Zxe+_a8efF<4?jGKVTd}pQL@3NSJ61&m)hA zSz)||?1-rILJe4J)PnOV!9+LRB19~Fmj7^~w~2E1w0O;n>%iQM|7KO>JmBJ@D^)?+ zx~ew#&_U*={ocP5tUo=AF^Fg~96CIX?Q%?1;L>PZ)IezJ%~RiPhh;oZ*QHxZAl2Lb zLP>_g=9Jsra)1goQ<6aQ!A>I1QjZZ)S$;+0+^2Yev27TC?7thoD%4&IFk#t+gZylp zjspi59pH1%?apcy>cesFV59rR+fpM*nr?WF)gQvYwA7dDX!OT%Cp z-t8f4V+1!fEHw2EG~;lvZFMsNDu{27`3QWLeB20+5iQDhYI;ESbBO4G`O3D{R_)VF z!x)OS%~m_&sS}CA@{vg+No+@Nb9=#bM^{HZBc|zLo#-ggM*eB>$ejyee8}o85*u6< z;i|DJ_<`J8BX{$6G&~AbyCP%An@~G9%NV#DS^KuT7p$c?R!Lp%+msG=Ux+QEWwTl_ zW1_ScZe6vymqFAAZ&NY#nnw9r6KKwr5RaVx;k8CIXpyxn-z96;!I4;bJpTzldlPo= z33Zt_Qr~26P#H(PKXVc%=GppOpruZXk4J~?>q=#4?$m-N1j%X zrH4)B=X||QRlfXl&k<0OpasVKJz1*+R`_Nd23Z8k=2{^8W8?%Ux?@JR-dQDkc&u>? zU`41++Upz72SYA#=(kT$1(wl<{(_zyJ3j(hVz2U4D)8~);vB;8urn2=0JX;g=Vxfy z2iT+a5UOcUj?K>_8Sd&h&sqj~CD_FUBs0$|nJQ$t9(B%?zMeCq&*rrkBs+r#GbD_g zj_dw4$ZF2O4VF;GY?Rf>Z~bPE{8{($cM9^{)u1*wNvqiAQB4M_J^x{yeUw8Ir>Rbg zUPU#~klM~d{6x+`qn6nc`(lfecqd#jka8}PxnLzXIoH&U7^fEB$5|kM!OD$lGALmX zRkJrT?4n@oWhRF|kzE91PmJzjVWHPJ>zi>Zq`=Kc?a$gT#7^O$ z=UGnVQVr+_aF)DyO~L>lVb3UgR2EwLO6PO4Ofqs4mC6XJ6x5W4QVM$h8ETNHtmQ}w zZZKjn{`PT@|I}uFh^Pw9sCqK?Q1d*|1o}M_>9Aluwvl=ZM zM^_UpKe!|*rXg`yW~&XKarWAkP}7;K`IcWQ+i{|%1+H3?L8yIZsc&PtsYAprx1UN> z6CxyZ0h%X&BL25%z>_R|Xuuv<21p|XAT;NsFyz6y zco>foXxJTRC{0brzMH;)+2O-Zyi>hqqkuGlykg@Lb?2o8HYhc2=>J@@y<@CC#~AZIG&^R|nsxirpA3pbm) zU`AppEb#$KilS+bbR?bVK=A3YwRuNnw~eH?Lo|L~?&qi~H=|*f>uJFM-p{T{!m>ESyhOiWcYz1@KN? zp8hb_ju!Zi$dnWGK>~N&eB`DStqh9#e1Oj*wrC^Snc#}-1X(PW z;peS4gZo>l9cLWL_agHeC5ySb=M{IwfrNOhjq9^!wACsN+zhZK<}bh71T|#_vA3_j z8|IemWpt9@Imj1IDYCq$iW`O#IGF7Hv>5j1t#2$_E0x7} zO_iVX{+t2~EJab=((1OO2XCOLaI1t}Y=$g&3uX|z>^z6u7$F0#pX3*<$NKuR>g-RC zm*--`thTS8pJbqp%dZij6%*XhS-MLOc{ z3Uc)8mz~AINHoZ~k@S5wIoycuX6?Yn#Q|tB>yx%w>hM79(V)rH{XH9OGFSb`3l*1+ zT4B&&_-XBsw(IHS6wNj03c{0ko}B!l4&Fv=nN%4&2-8Mh+Phuhvmr^^SB%M&bjEc{DJ-5k08& zkA66Y5;rwS|G5`bnf};aNf1FW1{Xw*9X1HRWFR?a7C-k3a;MaNX+7=goO*i;7jt}f zihL3#4)V7{(8ZU~v(Qa%k)Rf$K{@d^KOsj72Hzf|rszmrjJNuP2l*Y5SDJWT2w&klCs51M*P1vH8ENG2hfy_c6rm46sW19ZoRg~p>${#e*Y z=4d=nfVag~#h`?ERiQK3r&8+BHVcJvJ8D>zgu`{K0_{7Y`)skBc6L85kW^8&@?(cZ zYe5MBf`dNcRUIx#F+jAv6UwI#9Z@})Kv<+}xCle5@sQNMEc&&$v*Fkrf?53cX88*6 z8NV@(w!%v{rLWp+6!rB6tUgNQCnHw#q_V$$bV2W9}!oue~KKFP;0Z075hK( zN06@#%w5$EalGlnMUeGSaS1zdQlMNVhyJBiCOH|W2#RD_AE*q+Fj)3Ud{06p8-1dP z%5}M`uR&@=MhPs*!1ZBqP&L`t$DK3ja>uWU>=Zw$b=x~0l5JpoT}&LpMSbxqM4fYr zk=Bo&g>fnQ-;rSmogYO`%H6CXqb8FK5cww>INnbe5!0A9S0qU3vGwKvFgx_6h4)LV zTf#NqIlh9C8-1{?L{P1R2<@(u(V_hA;Tf5yhmCWzeq8XTN zRMv1O@6RwawRKS^duA&iyZ68hfTnE34$7K4?BE@e;~~v{GkI8dfc+p3PV<5IPSVKV zV5t#W!#jDlv0At6>u( z{9iFTKx_El7Wnmlno<8lum2zO|4IP=hxvacEb$#;gR2c+3&IJ|Ic_+D6K6p%TnN@e zg$gvuKgaKt$kV%&U;mCoMt;Yp25pvCB@TKOChHd3P4q$lU>hcLE`cqqW=UI~YFnOJ zAmH@vCyWLpuH|(?03at5IbX7FZTSe>5MTnib4D^X%=tCh9+OQO*UyB><1FmbS3X1Q zK+qxzSjEu-3ATgPRi$s>f}@?lB*C0<#8Jqi8;f3`TpR^*9HgOTVtW?rwKSjC?@1wh zp+fu!zRFwXpdm~{zw}fU0RGQ^0V*=x1?FDAWY^j%t0LvHn&HqVAoIKbu6azLClEV- z@qaBD|Nx6@1=eEhn7aF~$pfQGE1!2kbI_0<7Ueb3u_ zcj*+61_5cLyCelgN;)JK0YO5#5f&5>DFx}0knTom0R;gG>1OHf?)T#7`}^blN0)o& zoS8H8%$(hGpK~q?04d|;dJ=nv!mA>E}(GFD$l03Nv800 z9|uA1!%r}>(B}6r47;(KWE$Qi0fsY9;?U**HI&1U@KF>tC*N zi}Bsc(i} z5r;mRlfkrUzjWQc@l(HEW2x)b$qrMoco?&q@`A(-!YgEK)8J$CLqZgV26xR~4pC+D zmYbf1?fEr(5D?X=LUIU%t6dX+KVj(?&0q!Utc7cvob%B8gF;do91e#M~4`%V?rdC_NxgycBjZc1y7ZAp}nO*g6isH z0V7jboi){m4^!!`4GItclGn{G#py;`iuU}D}FrI#4SdHf#-neg+$kN7W9ly~+_gnVGw`nf@*3lIzM z9xMG4aG>njQ3S-!0_!3ssk?bM;fa=Y!%O7jz4ug4B^qaDRkJ4CN`CmG;P&M+?dS?T zbyqdX&tE=0jhUpAb{jN*JQ}h#^Zxf*v3G1~Jf3XWlgwm_GEr2gKYH%p0$Lfg>89me z|DSs^=#Het745yI7O%241OMh0%74&E&*QiF@a7ZMwjUI3t{#={%B%abu$rnM1h|U9 z3H=F#Jt2mXy&J%bL}PS3e1Krpx}rj)5~86_R_J9@&(AWV9A=TY!;h>JT*_~iFyWdf zdx=^#HZ&2{uRUGI{5~_R-7;Ws66iBUQ|y@n@ZxbO2|{S-ms0_eq!TGGz2xd6*(J5Qm}U>EYxV{Z+H6Mv`9d%eDp`zuw^I%61)DELrPuDXg6#9#it1k3U2N znQ)}VuO=Pt#50eCi&GWI;EA%mytH|Fb<#LETi<+m$=w;TiZgR=@niv^@Gukzld{I_ z!X==gP`x_h`|$NjFt$Lpg81>eK&o{|zM-HC>Avm9uI9n;6G~rbS@J@X`!Y+V#1Th? z?BZ|vZzAt#gzhCo3OPvaOX%m6APJ^)*aO0Fd)D<28Fuhw7xye@!^4sYJKga4xJwLx z-AHjvL)z7anXeTUb!;j0q&ttKy6$r{7ue3)n3!4}1QBC$5-Z{9A89}eorlYihxc5| z?r|NgRWS>QPh#j-@rEZf-Lq9h)9~PY8yjCp<1ovM?H_JjB?a$G5ajMQ`kwzE z1cm{R?-fs_I}xGk-4v=hqSolnq~%qYYrgqh9ntTFh|2XozkoeOL#1I2TVT=*cbn22 zJ{icK@sfFIo;!MqdPGDN)B+D-4AHX}|A31Vjz05Vfzxv^?+bbdYvBvAL+?%?{#(%s zLb&a(zVO};@CmIVmvCcM&da`cAq)Nao|&xMA@+O+YA5MxJ;L%`Yn@&mq*B-qYR2+j z$ma(C(Be8u3_0*Gl(uPCxp@@IURu_=`6iQgT3|QW4TQ$}^s|mjb~*3=R1MQD3hG7FvZm0f7aGqbh|sYNYr z0YML>AS~hP@I^63!cgAfGk)6hgoALRr&6nJroOM~Qrw!O*-dYgWoh!CSja?JSaiAV zv}5d1V;T{6OjyOld|yn{6io)~Y#*+tY)Kje<3DkhI`SbIRRRZDK5hqx#xh3E%SJvJ zyi$Rqhr0OjhR2`&>^_RZ|Lvhp1D4fzad;@;kAr-(77M8S(W0tXS+XIA#E@|NzG%<( zaFSya43csZEB!R0B9WO(#h2DlkM(9aQ7bz)o6iKi zp@vND@UK2t{*$}i%a|pnd;js^p8eywm;)Rn`!xr}t8*X73e_7Q=kZZPpC6$>13L11 z>QL*Nqc2VWx`C=ublJw3DzUE4v3JOqO#+XV=jRi@+mb%}E^AJ@($>e9Lq+Wsebk>5 zwnBd9epJ_F0?YJ8G7}%TONiGLcAp=yiHdm*fhAm;F|AG|2fz)uAl#KO6Np{J-(S(N z?e@Te(Uwhw)>Z7&&oi#%$lo(bw?kNTj&y~K7|0uA%oM7X4}_H!i{pP0E?<7>a5)VnEbuV{UvBG}CsbEVBS7FaNoFRiY?U7;kXY6kjJI ztH%&1+VEpqeL1N3@rIiZUYt1vrHJR`a<$MC|Gb?-bEV~tlI>*RM~a6lTxzx-6NyGF;N>ifqXc~V zD3RhbAIa;J+Rh~Pgk(gqJ3tCxHb38Q0{Ie5#Dcq6KIjk8Fm5K!) ze49;+!moLJtlCrAN`o}+<=sbDxH61=_5EG7^BrH9WnSLZPDdted)D%GQ8zp>sK~Xbu|Ug(nv<*h+*kHrB_Mc34`4L@S$HK{*|IiPIyl z9%k;q;(8p;3cN@XG00Wt^04PuKFZ;X!V%J&2qF{?fj)Lw6;ii`IL-*KyZdX$i!i19 z#NYB}=c73@Q`y{u_dmrHf3O7kgzTPDuF0gk$~|X~3%@^9ZPz-z#UVO!#^em~8!2;i z?@_Oz(kmy9Gbz*Ba^J@1=%_>?OoV=3i&1fiSjm@dsw|rRd(zt&+#IZ5EUSAiI_zp>Ml@!TS4a zhc@n{UxouYjYO=Z&vgQChIGRo;4<{8W*Op(nNm!sjwrLAO^vF#>CGZG?GF+=on0@K zdOL}sDJ3E^N@Ia)Pt$tM_^gYA1MTY@os+y&$X)w4R#HNiFHj%O#;lXOiVF`y2Y zSwsN8f%au+%KhW_XcZfXqTsK(G|?n!H(JL*!Uj$0{Z+it+6Bd&_rFT#radoY$(MQl zS;PSOszqJLN{KxICq6Ab{uDGu3mf({FUq+ zvCyk5g?mxosQ&k2wVn67p0F3?eESMrm4H9_FN6~kA_{j#MvVe<{B?t42WHf*>Q0Aqx|3fvrvMxCHlW_k#Aam9^UbZiH)ejL0x zj{yAi2=os*dmspR^J8NgUZjHyGR=OH1yV&d)dtG`peef#59sRX7#&sJi@0<4gK+>R z)6)vf<%aks1pg>8EiEtEZFu{jrvE12zG*_u7Q_Jr& zuNB3kcqsl({XuPkuWggx9JTcu*psp}acpkkA45LvAuc4BE zOWS*ny8jkd4iwP79J5;d+ZYHZ_|Tso6}Y#?s2{!}brAMX{xP~J6?lMEDe0gI3`(O- z1~>M|45CqN?nCpLWpY)k9#6zbqZwU+GJw8~$L1xd%YjIcs7L(ilfTBKaij&}`h?Ov zxJOmSXk8Tx_j*>uhepaeMFsyw=#&U0vz{lRZ&K{nluizx!R}1*NVK>xv8uvqaj>hS za+hRE_y?BeCP?Y<6P7XD67m)@Q8;^R*k9&&MB(uj>Ns%NnRoRQ7zL2|zXFx)O{3BI z+^qHpP2YOus^UhvnRD9ar;yw~bs}V_bxGC8zQT`rW5mE{)_i@we#sQ2BDv4TzKr?( z3rreb8@vIi3eDa-wDH7jY`F9=-8c}oOBA!ai$%tR@s~7f@{v6P3L+aJ00Ojx0Xc!j z>0qFAVz`J1f)ZlRskJySZc^2!_#~iwB;Z8DUo$ce5O^9(JMNx|A<6W;W`wDTalWF$+G^&3QWko)fKRQ?$RTjgaKO}gM-Os#PJ0A z%uS|^47hSFfvK{J`7awwSdf*&vtElEpT_P+uoy#9)-jSy&Pz%KCN&6oYBCgCOq>RO zt8F4|G)wES>?*G#?<65C3=AMtg`iFY=wpS~3oYflfu}j5yZe+@A9TwT;(}F21}tj5 z*p5+Q_V1k2XV>$)WnMPH7OjbR7*M1z@FguV>&U={y z1?vS32s&)Qua^}*5|cYB27l+C9rsp$N;~SsUH)V7R(_)j8CeN;ii8j6K{jLFYtbs;TVG^{pf|e^jF*L1v6gL+ zD|eggWOS6|`qVrORU~4g$Gm#FUrCJD^JCJr58#oUd#qdum3%Z4x^%k8B3DxP$`1*o zYqBjuCk6v^1(*qR?(d_2J5urIBCwvWj@dlL_x45tx5grxFH=)opfs-B4r=nyqJCxO z`zsoZ?UN)G$kSdRxnV!X8x=8Ex-IEGWG|NU#%3|sKfABYqp;Y1X(obUNsYJx$5$Uf~Cm#A36Dxte0yU90OOIP$q<*=Q; z%&5~rf#BM&4)>g2I{(;d5M9~47~gSk?+@+_y-YoRn^Yu0+fITnV>7>xPJwBpiny-7 z6*{bUuThK^=(k)4e`CEwWWo7wLUfL1x+%}^uPMkUsga%a5!AKd=JME@p~ph34$JZ6 zacfyGKD9aKL}^(iw$RJ}94h`YWqBSvaiSePfhAS6n2QUl+C2_jUz%Y6@?hc5rI-n>|`>-8J2t36%@NeGC_*R^4V9c?Bqn)f` z2O{-9AC!o}%}cxNoJVb91L(hM6c z(3Ev(^q;f&eq!H|2;nTlGTv%ZO4R+qd7xrzEMxV##kH^~KujNy-ha=ZWYCjaAn^1c ziUT#_r8--7xXr-7?>2hlgY~pVL-&l{gfl)Y`;Wax;rZOpG9gs0>U&}e2q*Mf_#}{6 z_-kXted{h3o)^Tc-)IBO_gXhGekU-x&C>@sO4NLX)(@56uX9<9P_$@)cC7gDbZMyQ zIdWAWKRgSyYViqdG$n@wyBOCUOid=|`EIG&&p>*wUcny*S;|3;V@S-@fmVtxh9q zRewAdj|&Y+IEroG0r8&V5W8uvz!k%5y^Ul#c3pj49#vG5~DzlB+;HJ z4rYmpM>=3?tZUhy!;jlERAr;v^aAzf<@}Ats||~zp&9Q^oK1l;SaJLA1}&+pWK?`! zTOyRk9~)r+%%!xrUphMTJzk9Z@eLnBkfk$=iMnw^^cdV1W4O*JaK7K`gNd(Kguv8A z5}*Be3#6>v^TUOA&p;nL71ls!0|e2}&(!LzppG}V_dF|T$e-s!EqI|67I{-ZSu)Tg zs|fBc7%tH?0UXg(KX)pt9Bmr@)cIm%%g@7TKc934qiAZu01gR7Fm!9K7=24D)CqUJ?TIsYf9D>o^|#r!&IhBtCH{{zy_)9X%85U zx}{p))}g^I-e$Q+PSREUCQj8@zf=Oqy}YP!@K|k&wXp|D0nY3#D1|yhjXQ)Uwp2Ez zk*`w=p`MtQ`#O$4Cuk;=!(u6HG5U!!`lDU(H?kukSfGq*Dar0krn_k;P7nEu7g z!dR~Mqcn0&3a5?`X*Qf?b(o*=E3L@wm-0h=BbXxJ%V_LPS}u*Y*loyz+QEX^k5AYi zW3+x!nx>aPTr36pInXi1(Db2)8m%ru;34sAY;eAO*W!)^i#Fn7dvWPLym$O&W@$;h z>LoT+x=n4CPUOP!ES#LwPoLdrT*rNz!;Q)bP)9iWeei5f1j71Qk85M6#Hvbqe&ql-?4f{x<<1sXk$}<{xxtmHJCvIfBY{RyeUNL z%uyt3B7rr32{bqbqi9J4U%v@wJXNvg479aU3f-Jx;~_) z^ozFYVkrm8MyOKpN)_F%NQd?7Gs1||FKQ9Wg1@xPFJ?>~3B1|R@xHbLQfXMk&Xgk6 zqg1DY)srPnY!mO_rf^p9sm-np8~z;(R8x%6R5+6tq>R?%oWw5w&@k>`@zvTmFdC3EjGCkmHtfdA4(l2WzU46rQFtGA_28Y#a`Uc33QR_6ge4>joB&u zSK_hVgSvJ6mu$|B(e0uOx1Z3sFd{bN$5lRxHIzO0hB0lh)GxsmuxCJu<5lk-DC!mR zip}BNYoND1^dTcN5$V?3OZrH?)HN<8SN89s9!FPG=YhF|Jamrsg|ojt z;de^BI&*f!KT{(8^bR|F!U|S?$odGEb*==UR_ReL808K(rN8JPIaUF5`4O0fK)N1| zICtwKb>$mBr2geP>z^*$KN8i0=T$Cm8+^c(m(~Mr?spqdeyR{Td+Rp~VR33LO1tK@ zrBcf!z(s{B0XW9~16S8qn@3$OSIgB}{=~@KUldXw%Jm~$WJA8}t98@wT)x!ba~(J> z1^l6V%o@Lz`NmvVFz=_0Vt=LE=i-605h@l$MoU4@zID7`c3xCqjueQd8#s4jXme>< zwmP5!>=uMDF(09BJ@1NXcjhDLnH3=E@02sNcA$P=MWDq>DBJTZwQYSIrI1SR%A*kG zJvh#pT7T-dF5Hw??Vca{I6guC#|1!(^z7D2I*1Mcr#b_G&>lJ1rvn>`%J~*wc%GZU z^<0207YiPP{R6B0rsc!*nF7LoKz;Fo@1#AU8AggmGT?HSG^I6JteTo^@1v*J+Oj{m`t^#p*Er;GA_}TQ>l<`webG zJ`hhembKX1Ug9!=Rpx+nJ;3L{7V;YEQU-mE?yG#mU1VLD%R)T}1IA6iK!x#PHLnC+ zJy{~HiUAi#$1-R$uK%_&{rZ44%#R+TXHTc<$M65TTr;R+gAaCweV-Te&d05cHDriO zBP1ajyjvzj5kfwP!TSi6n+JBmi~`= z$_BkG3}n`1At}MMkyM+LZoAIUGV;-`l*?~u<$x*1=Now7!BKedyL9tEW-PCwE>je~ zk-|d68$+xVKcCc>c_WPv*s?Qhkk<^2IT(;Ir9o%{tpE*8Ev_z7{$R`ma?`yx76Nf} z*O(A~J<7!x5K;Te&A|yT3!x6_!$Lkpp-^=OSh`3U%eUgSKXw>JQZ})bzbZsfiz5*b zBhxk4Ls6#B$nuFVafvN#;S@;17ch*4Ze>W+8UwPmb$@lApLi?qL1at*2x8gy*QG6u z>*oCJx8GNDw-XX1v^udu;c`7R6!&^9pk|KCii*$WH5^|AX02x z)nAv3S6}vYqV3%*7=})6NY{=ZpKkQA+yb8QRJ@P@+zXgkcpq|J#nwZJZorOudbK5f zm26aIx1y-jV1_ygFZt@7GPv~SE$dHz!wN9RiW^r)iIZigD~1a-QW`GQ5rfY_G}M+aHSX_eJU!N0n=sw;+&96;kY0cpmncq zKl{zMmdS5Te^Uij1(ZHD?4Kj=p+t(n^+1d(CpNxG;L%`hxX-l`Yd$#1n48igv+~)R-iS)+}sfX+kFyfo^8)o^HUq|!SN^% zkPZZ$%nh4>EmYz%D^Z16bLF_j4K16$o1VwP{x!tj7-i; zB;pCNIpY_We%CI+um73Xq6JB|VM1K1?x&5+y{jE+5V1kZan$-(6l60p9&`Bpe5=Sn z{^}bBhz4_{gC)`&NWr*an|FmhNSWzgw;S{O0L8@O#lVw+m?P6i(3*HVTN=ACjL`Ow z&$5d)5f0hf2yk4;D0I-68Vuha!Dte^Iyn7{_C5|rXAcP<8JOUIjUC949VF1RKM33` z+Kpi5hRCy!M@{&;l9!1V~y0Fa=}$60NqXd3ovXG`17K98}GvCJ|m7 z{RFfE0gxbF_)zm*qE~(LexD`F07H)Xvk*>+vy$Fr$~*uDN22Z7;dz!(kE*$!v>)tD z{OF;qsTvFaFp0Uu^I!W)J~+ehe8*e;!5`)xLtzgF4hl&U*0CQZQ1K%Fz$jp88a!)q z0lmqXc<+3~BiX8^Zl*Rqq&iT3`*7DiFF8yqe&CUKtoF+tk<|}sDY}GfJZ@90{DTV~XngCJXEOn!<8HPGcr=5*OG=W$ zp<3Vr4}=*v24~0*GxWzkMQ`cCEig_j!%at`8DEEXAOK!?f-1geo~+mg!Ow+>mz&52 z8RM1R<5*f1yfacE)UvnEZ1I?KWGsY-0FLLWiy zOni2Z(P&3N+$jO31RpAwqU>{=0I!RSDZS12p|0dN9rGjFG0w^ELS7`u{t}>6c%kKX z$_`J&@rEG)9Gp3_Ul0{GU$?#1NKx;@-C84EelLaQr(4;E{j>%v3nJYf*;Cz}X_~y8 z&Ng}5VB}JT_D>CE**#rHACV&QCxkKFkgZRV_v2~7!XVv*(P&uUn|?i;cV)V$eqyUc zNdbX%AkwXnnnBkyWzmlCPA=N)tbOXbf}YG};Ra!N2;tC>E%Fxomd4NFX6d;21&S0R ziG_FO0v*>b1>=gLGD>?U`mCJb@LEQ`s=nVS>+<<~elSd6T=OKJF5j61@B4<;B+n0= zYx{LPFgq?VB6$jc%NF5BU!Jb>piv-926&@L;wyapy62EA{-$QgWgzoG zaosB_0tg<(%KMl7Y^h6lfS(3_o!d7E#0Jd3AT6_dXMXprrQCP~Q3dSY^$-7Lh{m~5 zEK!A!wZESZI5mJN^9F6qxbycMIXHL1!6$=l;Qx){2tGL2FL)dBujKsuguH8SgM@%3 z6BI-MuovK$J$oEbKfF%e*v1jz6reb@R?(*T~eDb{F zC6pK}9{^awJh>kdZv<*BZG8Ijo9tv!9TvDzA;;~2g`olgtH&X->p-$6bumiT1clGK zr(X4f1gsm_phcc051jJ?9XwP+r(_%B?c`6n^El1E*&#)kd4lrHV z5E1VUK2t{>!y5=tpG7|0Dc(!Gn`s3QT7@{;VsDX(v48hZ%CEok!toLyU~RFYMCQZ| z;pyjXFz4?xf}&b5mb-G*{|G^TUPa|dG;}GBSXM{l1t+wB!}|jj)u`w}^f0v4aH%o+ ze;-zbh>T@Or`IiRIoV1@y=KldZ;M(H*`_LM)PG}(3(iHL=lr!GJiZfV$VuTRD6atC zE%Do7UBzYPiU{M|Qm*f6w?_-*1$4?fQvQaa-&0;O556#EH*7?5_*LPL9Zt)I^x^4G zE_;V(u~E90mzCm&VS$AY0=vP5dFm?}+dWc>s}DIJmBqX^ zNE%x(lbW$N>NDa1hK{U*-4+r2XHEGUi(=Kkr}!pTkX1vkx8 zrTQ`}>PBO*W}}S3nt!7UdCGd($O{*dS~+YU(9Tb>a8e}tW^zoQ7g%FBTJ%awTU}z~ z6?3Sb`r_Xr>slMX?^75?_I(R4YFAKc2o# zrAggZwdLw6?$dD1HbjFyS&^tN6pl=%K)#7ZhSUJcg|U9PLmD;aHOb!;^nY!Zq;xP^ zYo1q)zOz<-V_6)_N!%IN2@y^fjf$;GU7V&Vozcw&_s5|1K&wbNB zJF%CSF9`q2Z;dUAwNMb63AjX1fNxOoN#wC;aIZaWeu*y0%C|llD>M_lDA4b_W#J*L zr~TTwe60v3T8n@7lZ)-4jL5}FK)Xsuqe+~u zuQc62YLwO7;v2gp(Nv%}YjY^Wk@@PPP$Yy2C5z)}_VrDK6|v*eFneVpl~&|z zl5{P!hT0`Tw=TuUrpmKLq_T`mcX6BIK#|?`^+U(MM2_=@#;kA>FT%d6l?{cQD^)-R z(^n5UU!4>@dqPYcVD{w5{8Lq?>V3q z5$}EPYJ0v6VT3z34)0gqO5+mmnWJqf34FE7;V(q9dxWxn$3{iqBjCTm0{5WFDB2RV zKEA3M!1Y`WN{+A;+2Aeo-=;X)5yrMHF4?;0_ZdK87ty7#T{)Q%1+~M>Nbx9hJaf# zA-rBDP72(Ic4)pEtqbn2Wu>1XUytlA#37_{JU8cv$_zxRhAWGOCp)OQP}YZGh$d3q23Xap8P*Tdy{lA&1Cf4Tlb~t!OO5D&b%gY6;m>L|f@*q@Hj8F- zYKU}2&T*pZYs{C3%Mzul{iiq$mqH>$Cm$8*xX!YAj~X`fQz3Pu<})5rSX%FnX*~7kOd%x7DsS!^-SUOs==|o6653-pX%n zKXKfW06e`c52Q!8v1%zB`=-U&{LGn9K2VmMwl!i$8K@sKpe(Z8z4c+awv$+ieRa0Y zu0JKASjfG3ioE?#+aM;jL1?mkQmav|w4!9V6<;paHO5x`ydtPP!xfW2 zF>U6TgaM-d6`>Gy7hpfY;Rkk|SBZBE zQQVwU?&Gn%)F4ap2VO5(;SCmJ+rR#DFCXvVc+L`)S;@Ik+-u7aqhK?-RJgS zK>c#aTwLrk((!`W79Uo)i|=lM@vABWaoEm5kc(wab;nF%J6h#n(F0-fzy8`!A9!t_ zHiSL-zF(TyOVaRkcxW@i@Z&5jNF1ycGDwZ3;(X=}4Bb#z{y z>O_l}>eQQj&8CY{Fvv4z>#4f7V~k-MlhAq)H#!xj+0uPg+$>kUwY9Rv?fkn*UwmkF zLnxJRIifju#J!;OOF{Z_gGgC|6Ac441q6&_r~E=^Y802|^&@wwU%&r^EoL*EROtFw zoO2&fZ_~XrZf`26m%G{_wh_R8_eJze#ih%lM+?_G{8AVExvizY&A^c|$bvzvBLD;% z-d=5$2NTfpJ7O=av}Hc}cK(tnAfA8%r9gB|&WlX}O7K1h(v^@98IXPB2&nh3GFE=O zYluLA7w<+(kLvl-^#5JLN<{gC2n4NdjX`;Fn<# zON!7Eb?~kX6vNXKTEYrmU3-T~^HB!t?G$ebnj{0bGJ;Kk+Q$|Jo5|ctz~|NLY};IRWjzmQY6_e1F~5&(%m?GPMYVkLJ@MkS&OiRz_BjN$LlqG0J}6 z00eNUAQ!U$=E4sS_jr=ZZ)TEEDKOu_9*E1D73_qQy*~N_cZQ>!Xv><^(ay*_KsD#S zG~ez5!UJyUzZ`j@!iM-yCWDq2iG}Vfc5=ykmoUU2y@>@}J2?ak%@^#mC*T%GVqT>D zchz4RnqAGb9Pv4Jauo1r}3~9SIT$ zc~BrC?!p{J?x-Hzo`{Zr7tvH=eOytBwEqF+{YmLs%N^>#P8Lb_o?z=A8Q$pud*8=C zb6sz`lLJwsf#do7pHc|g)zdqpKm}m!qJXR+fSc5#ND!B_ydWy>QUO4KP`y?B&?x}^ z4fflAZ|@6e$n`EFsQDwR1K*rz&-L5?`UvKMp9Eqc(mar|3EB9!M@zxzd$iDInu$Ay zry&$PjZ57xN0?I_H!;BE#Xw-XBmIa?d(yzyBJXiQrND{-r=Z<)_95==fgxHM+YGVw zB`@EB#;qY*u0GFBqZQx+6pAs3YDBvUEBqfG?D36MgI=&;P)G`Bq;Goi`&>|CgI2mC zO|d=WHi@j~S(Q@uP<(4oQ~po^{foIR}?sF3JhBH7m(R_*f)scZ{ zcrut*R*VCXtaZeu65(rE%sWi%k)IZ3H>&8P;bjp!s@KGV88ZO*i$k}U-DDua8rY&V znRk9IjY9y63g6Ia@LqsEN9b)LfR1HTJ_z`Q0@T-Q9Oyy;e*#Sd^TZDqOdv4XdBuTr z?$tMQ|I1l=_ilzoH^T83e&PW!e z|M7K+Ymny1pxnD2m>Cm#|@o32BBl1omJeihwJz;IW>94!lyn*KuSSV zK0m?J&o+EZS;IgL=*l9*K#XR3ATv$k!p{Gg)-q7hyA^o?WYn^{X#cdy1HwFE=gu`- z?99wE3rF_;hgZ{;d`k)-xz`byE{ZzuIBOp;G>Et8YKz``rJUQ6EQ?1wv48+R0{$zA zcr}DAEAl5H!}Yzgp}FnJ>~mfWkT>im1}9N#G&g{Y?pP3qOGbYK*HOa}PY! z=enEc{pWLOq3byXcXY@-)-1HsfM7fVnNzA;>aik_R(I&rMZpRZ3e%OB@8pZHD-a69jOb`G=NkBob zm%ZP@H>*r~*E>U&P;PFl4EZS|M%Ep~CdJMeJ_hkK<`)nuv*YW6_ ze){*&|Lz>_ueueTI$zenz?XZSwF0nb19SFO7nkoajR2V=5J}coyY8gBO@CS*Aw`mO z(LbgYfHd_H+_K22+lNR9B`z-?yw2v;*qlQrf(VW{v$_$5*IlH_R9{e^rh#7itql&R z{dfm<10bbt3N!nbJ!p8LcL@IIPkyhorD;4(`r|*efY>V`C~fI4-`uU;MUQ~ojYJa+ z!|lIrrT|8yqve5Z;LUTW4+jW$8eSRU8PmjB;WJavAx7gsIt7f3Fczol=w=UsN((jh zuLlzp^fQTxzlf8m{|8VBF=jZVU8wxzqL6q(i|8&^4IlAx7uVgnK6wY-zwp~@5s#ft zV?yFU9-`zieKqm)?H-qGO0V%SWw+SI)WKN5#c!DKE58xytO3(!8H15W9^fV{5 z)WMxr0P5g3_#?4OexQYAsv%jM2Hi+Z)_Ty$!x}e=-KU9bw$?Hv73<1x4!-3N|qup^b0cmo&qGU->JRu z{|}ha9h?Wb}v$ruPRnGZTLgJi&Tb4P+rC73X;neXs{@l3~mNS7WI*|}@6^-TH(%%<>vc;=p6PQ7^> z^S}NQD0r8?H$QK@DTy94-9g8{Ym23k^LOrO850C<1IQp}V7(TK4!a@#x0!<}+h7p) zqEMS42+Y%^Z7{Lq6`@7mUO)X?cK=s2xPueY{2^v6ZQwxzzh{7SPULf3H$08;IW_;o z7ipC^Wd|vbRy%{yj#JI#)E;O_O-+}ZDc5scUj!@odw8!!N4=>jkSZ4byAjgetZte* z$aBLk&1ARgj#Q~+Aa1fb5=rLvQUh*Yk+Prcq;I8zSz4KtMuK?rtX|z z*qXja%ixWQxRo37l}X3Tc3JB>Nic6gdnB@8y5RA`O2%)dX!x#1GqmEjC-#cx8(LyZ z`>=j;#*ZisVe)xo-8@|uiK?6uY1b9=zjz$YL#8=ax%kv+?r|Ki@7d$sr~JAzkRU;YUi1DJyZTz{sm))% z#|ihI#J88`{%LxYR7d=wn9Y>QawEjsld<6|Guo$yzy`6fjjGyR78Y-QHHCN>B zuc6SZ-xFA1k$G6#!%RTIU99tCzePMZZ<&&IZ{}6KK4)6mCtc~6trOSQ7%Y`nb9KCv zVun^H*_YYUz5-HP!DX+nowv~RJwk;h__8LOox?GwB(Gk#J8NuX{L-775!&Uh?Cd)| z2yWp18U8j(WjN^rU1#k!YQxRKbM?T=Y?1f#gFNAZ%*R}4dQjwJD45D zLc(r~TT4efI^vkeGtF}^V`Gg!YSs@} zM@n*jsk|PM>cou5k8^ofwP9*mp<}sPaM?gex7on$P*U?;FCxp3ZmBrGxIGyBg)Up& zJn?fgWt#AIBif-MOl#Kp>`aNLMqm};FE`N#PE^MgG$SvG0+EgeZLrS=Nmyx@CIjA* z`*URqq$Z*3bZ&XbB+E#0LDN$zyGX? z5D|6n*qgGP*4`)j0Ah7hy=s)h*X2!hFwzc+Qrp(knZ=?kZ_4g#{WgErZ=`=SXv$d( z+7a5V>3ppY?#Edjm&l;`ik(ed#WdRsxeNhEzn(Y&4pwYX_-ziRqtcrGbW)YdSID5T zQa&MX=|WaiG3fF-8b6j+PsUx=e6jo=YBK9Lp=IUY3Z=2Tzb1YySB^H{t~{kLj}%3S z1axVYMbRDw)_z*mRCKeBE2A#@p|0$%;(T-1?jzf@NU*-4p6;i&WfN!!<>+d%Y?{kg z$Dq)==IA_P(Id9s$+EtP-k!$HLq0s*Kv!N}U z>S}t94T*Kt;wsaQYwyfY4%?s80gHawuIu1{MFU(43Hoa@D$xJgxwak2O(1GvJ3(!* zxq}24!9%3v|35INaL?xQke6hVXf@u}%H1|a)hVV9MPYBBTLVTyD@LH0bh@53{(zM{ zZP%Qs(LH+;@Mx__s*Mr>GvBiTOOM-nrI0`D$|Gtm{@{Dc-7UyoQaW5yGXrMIh~4Ct z%@cK#+UdSF)U$ZFYTJkTP+6GK?cy~B*W~xnlWX>(730e`EAewm%yzYD+Xm?;REH#r z$WYiZ;S;1Xf8oNZ$6#8qRfX!6H{xA;gnp-zW=stx0nfGv7w*npF?Cm$RwQhXUQC^7 zWTwpmRTffkY7QYiSfAD$2|7tj^d@&Jw^f(u{P|#~fe7WvO3U1Ewq7+@bMV7MI#JiO z$I$mqFkY5KOn1zNlp%T?PH%+#)JPlVo1a*@kC4qW++jAUgo7Nf`GdkLa|cdrgbY<@ z(HnMjLUJ|fK+i&Hekhs9-P?3W%V}Gn%cU+)W8xv;kKVW4jK`Toz*SnZ>LOU7keX8p zBd^@$;~IemNEvgyVQM9&r+^hMiUo71%kCE@1hO_LRA{E+iMV0yIt z&HGOmJLw49NQu>y>OY3$^{w8$koyGxhNZ{=#u&)h65!$|G}$$&MdYr8M{gitbY%Ya zR;eBtc)UQAj)`(4mmx?iPLU*|HHg5v% z6OZk2W?N=47w(Gfj%=wJ>8nITD8qWLrOEYi%}S$!yzK}s!x~+@R5W~ZaCWpR;CHp= z3M|4KN}iy1BnLm)J)sytxU52E)ldzi0p1&L@B2BRPJ!>O3{v78E{dIgD|J89& z{(J1-lS%7mzlcNhLd%Rccx?(87jf8V=7ZJJ1^3hdJ5izDh=4czs7;ORq!!W^v890f z_FlzRdXlOP1|DrH9kc}Pier0gNt(oFWpBiF&qZrv9>th9TE+HMuTsdklR2WZGi1c@ zktB54wqCqerSI!_btMm1j7)||!fMmQ1@g0y$*2(sI4FLFV3Xc#lp>Xp76oP2y;U{| zI0Php6--A2ylbD5z0;v!+j5%F)5&x3Qg;xQgn34;_61cywjLICdU?ru<)ZY73wi2@ zAAHgtoUL0;S`c(BR;3+iiy_);J%SRl6~F8@I3%4Q7{q;~X!bv>E3 zPD`897}y%?LZsr;X$Wms^0Vl8I<&Y}_djr1zH^qA?W-H8`$kf; z1YBSux*PYx&q@vC=5Jv8YDSuX$xy}=0v4uJF&C;`!@BzpZkb}#UqZ35zuvey=(UujS-p*0XD4@ zJ7UCTy{VE@YDHsE(SQ;uTJ)r8T!~bh)EZs{zkd64%-fw3&|n(YC^`&)4T){p?Tu_a~a>Z~XhP zivQ&j^gr+%Fr_?>Ru2npSy9Md`%Sx2TBU#!LCEVQ;8lk)GvJv8gTN9u1@S=zi9})a zjmVa^&T>xdX$>;yr-GV`b3J;qfz8Mi+`jo>_@Hcv*D8*w zpGA&1W>n5$#wsenqMxAFQJz|1ux|oBLnIR{?eMNhlGfSZA_P%ra`l6iFNRtF&;6?ZSvEffCu|6LqSfvTbIML1ny z5-|hcw7lwqG4MyziiY!{J^7aUdTO8t|{9b@h zG;E7@-PazE`9O<;;6@O*#>Y5zIksybp zI|48Wkc1-;D9}dS!~Xvtc$p<^chAn=%WlVPbeM;kw%Za?6y)9(ZG}9{ESO5a%i}4r82ykX1Ot^1z~d$P z_1^6no|ZhtxVJy>lj_%uzmdP8tKuvBfU&LrxZl+qfZx|IL#YdY)i>PQ7am1vOZxSG zwC&Lz;RfP>0bSTkWAqlM3xGQf2<%~5?~$KtqlIk;sT%gBTiq0%3#eQa0PI zq0KcZ=W-l*)Y9#e!L5xuj&m$FtxA~hC;;5=S6hpZ6L@IfoG0-caBdH|EpUjPFRT>{ zZJN}$;?1@Veu%jg!@dBRWYP!&?j<)#q&fGlQPxvYjIiz{D0Xd%2dR>R^Q;0xWUaCz9r!J8@yY#QVQwcTIVMK>&8P) z@Khw{T9&l4qYR#itkN_EfVrFrqF9bmN|*$IL-kT;9l5ZBL1rj(8$_8`8`2gSLDr?E zngE=!rFxYo>hQpPY9IgM&blwHX$0V%=>Rh0b$Bq~hbXNe=2!q&YX}x|ExMAN2=)*q zlRxYt5jX|C<1H{Ewb7Mo?>>RG!dGG;Vd3=zV8+NHi{X+bOBpO?%&9-mad#C&u!W9g zg!r8gQVhSwBh`PypYi+Kklxof24DsJ{r$h+@if%0tb!i)UBZUH%tIsAlK|ZO830!w0r(cvZ6ua`0N^-d)k9ry=LNtsnRG)2 zOyCg!<|!Hsy7KcKe(vV|@WSOxv!6A?)0rX|`X>Ox69K)PYv-K(5r8oR88GDJA*T-j z3I}L zg7)FEq4j3~X2iBObt<4^nh{cEGwKvR92qjLXQ>@>!O}p-?fL})SgE{HMNDs!MG=4v zft3Kvlrg0sdE|Z$toEHtvnw;Ns+QA0eg?q)xUr%83PI2Mq0Ui1@6O#klnF^NMG$+s zG{WVd0BlnFFu+5c0N`GI0N`^S4T}r`z>g60LzI9&-K$D)6D(f-hqi0BqxX#L&un#8 z`^Q_j@`zMt>?9MNGQ-=EUFG7Od<0E$?vUKYG zgR7vQGrq6)^=lwX6MujEp3mSHGT>@0>g@{ivhFkLK4H~>H}u5a5+L|ed?X& z?qSvDz|5axA#^hxtN>y+%>}@;?GbaZPG|z)UJTgOLThOBCDcdmSQtjZu%5Unm8%30x-nk zWq{@yY9^0`>AnEi^OcBCoqta^=t|AB6#9Ut`RF{ktN*`1^q0 z*ZcZq2&Mil_^ZF^_P(kQSot=4hiin#pS*RhZ+2#F^=-w=6lV$UH*DTv#P(mAXDY20 zAFN@7PkRSuwO;Fc+rq&2=j!YdoRPzW$$;5Gd3fU%YZE(gOB+(}@jAyl3DdY^IvDR# z1r5WCRZO^lY-uY`uIi+*^x?F2@doHe0JfN6iymu=-uh)AhGS%;y4z>K1& z)${C&v)$y2Ajp6NJ{D6iXF+?8*#W?~y`4>W(C@Hevwlrua|;5%d9Nj?%RN)@*O8%mxu>V4pg7 z0bn>ng#oh&tKYD6ZjswN)CER(4Cv*{aa~6dWh0E?AfP_0pBQ`+%9zbD5kN=5gN0arD|AHW%xjy zaT*s)xF$J~(QLunx~7meX{eSqBmrP)fx2XQUlYVuCqCL$Y@LQHfk_v-hwdN%vxJY{ z#9u|=cMkY{z47V@B5g`1KP5hRJQ&@&aGrItO^(^NwLt zY3msimv_q15bauv-=G=_goFRcfb&&7RA;QAdD1or1Z!O!0}E|ie3$;DfGrOcZlq+b zFkl9!TUnFYFl!GfBP@N^}IZSe6c*L*o)t^UV!gINWv8G)6*> z7Xy|B9AueJs+W2|C1#L=IJT4nmd&?>0Z+n!-Nk@`iY+%)4&qp_NT#2uPCgMw3o3lR zlxdc2;c{6KHNlB0&D?b=S=geQv8*2u$S;|4A_y?xeP)bZHt;|8u7`myFV;fKs05ZmOb9cz9>j(T=K`3DQPA7NbNpOWLT#1Bj8N)Ff_0+JYqkKB9Fg zQl?)Y)80YijbJSiuo0l!A$e>B9M*tC`>`I1{O_;bE`dBQ7c}TB=SJE5^3p~);l#1a z5SiI>nKAq^nZ^9Sw3NbE>D1zc5mV-1ND?>qrj|4B`pnCT=2Ie$kl37RIHo+u*5*F5 zfyiy@o*_E6C8=6KKG8QOHdVkRUxX>pu*L{Z&XX-@x4VrkM|v(9Dd)nnC> z1ruRXaUz^LC6kF`HLFK>>)eu>v$jlvj6|jpj6Aw1U&A;l7ZeE+GKcn}p#ZEAlcQ_! zY{J2RH>Xah?gzmIbvdwJHnLBBeIRPl`5?dUEpeS0LO-vFc&NPel zbzPlEhKW1Vaq0wTD1k;&IrjOw@;&X#ZLh3jOb&U;EvG@X+4@I|Q#5&*9=_ z{Q+)}_qOBkMvsK{yS})1ePB)n0ox?DMHqbbT33SMlUm%%rV7?f;I=;Rndn^|1h41b z)`~;^8ZEdU8MMm$(noFnc=mQ+qf>Pg1Q#D+Yrw+Cg@C&cg|G%3+77)F`rm*4{P}Cw zkJulU3wkb{!c|mUQQUL6)TJP;D-@$#5n3*}>gpeHMP9k8{0dUe*SL^b@UeyVOzZM9 z6P)E`3UNLjIiaAS>y|pXzHaXNlk4E>7YpL*2uN4Mcb0@W#4+Wt@I~e@0+!m>tQB(~ zM?}sL2v2xT2)uR+E|jiJuGErTt`Ve|f3_mmu!2(nR@7J6ibV}^R%M6f5TU>SP!)j1v+ctO2K^Jw$LtpI5L?HqWZNL6^-%%o0 zpY;o)Z>}saZ{K$$v+Tak65=dRc9vB(tO19%JJ&@1_kVKlT0WTr4((?S)1N>xM8Khi zcBdw0|GRGw^L!3i%KHaD=iNDK*;w_IUm9`qmVn#yAH%&Z20}{tR1t7k0}k!SIVLWE zw0HmebZfw&g|^49afpCJ+t7S)ILsUH+j>0!8r(O;EOYO={55&lpDwWbd`8)=EZS z31W40w_ztE`Ob~W%_Gmnzc>K1Z=X3r1RUDV{O>=1EAbS{J~RS$S(TUkOa2XPMHUyA zzU-mY(9759ELVZxD)QoG?^j}(Yk_8V)N1-OF<#44me=0@|TOGItOfh z1^bnkq$G~p_XyG)vd!BEL6!8{Qbp+-$jkJnR{#JY07*naRAlxh3rU-N&5{CfuarvD z_n{ZXf$9O<&+#cUs&siM?=`N9xhm2oGrCLY`m4k$@$14%Rkt=oz@dfq>A~#$@3Vya zkBorD9I^;di&x}e>t)y|R$XHgZ6aT8{r$b69@cdVkWXUU?G-JWsBokAh^7c zXV^5R6;?&n?5*ElB+hc;-$?Uz5@|@r!preOnI%#Zo`t-0z(OpNIS1@6bLy>xOTXEmsqU&&D6;O z$5ga%D_mZVUE_!U5N*rmk@GpYG~l%b{6F!^@YGyA@j^Kl?|?<7Rn;UI7S)xT6Pmi@C!)5tG+!lLa5kZ; zu9-?2i*ra-S6m>qDJ0LDMO}G@lW~Y%c)p2S;P^rXc~eEXDwtwX(!WzNh3j3af_o#^C%(G zI`{QrbGlq8oy{E;N>Hh@1CA0B2ypt2>Vm?iZb%ZZ6~a@|GACoJBQ0ZclyT$MwzEW) zP44}N8Df>RV>uV4)dg!TSq{pNnfHB~Y81Rdy-?LmqDdkWuv$S$p?t%IkE=RmPm(gS zu2prx5=fGO;6k`dDRL@kE0KrD5riftEV6be)0DAb8K@TSxu3H;a0D!=1TlKD+QwX( z7-FY`Ae)y+DMmFTL7fveXIU3?L2+u*9Axaxp0hDEYmqGPRW308Uh_~sUu1EHZ-)q zXC4U=aA-U6NAL^%?_W=(@WUctT^DuRr=lME-r$T`;A`JVl^A^OGNqc1R%>fKhkkZE z8WnYPg@OvNoKgkRL|5_(s2Y1Sa(6!3nha!(X9t`REgl$YrPhvZ-;GDV2AmN!gHvKP z)nngwnRi-rNOkDptC0l)O@vU2xNe$u;Kkpv!x=Z9+J5RNS}pO)fsfQv-(nD!cc;Fq zWzpr)a2mRzHs}>pg}nsb1`IvXL4E4Zy%P-*=z8yft3!umrX1hmrG1BUVb{{3E(Zny zh1D2LlGE$rq9f0U*Kw#_7fs(*;GaSFk*-h2&P43YS)n>snW<5U$W+oC@MMO-AbX7F zL~RUWR5XYODm+7}s`fN?1@P}s__!Abz;Wl$X|?2zF(Z7ixArBmeXG*XeuVrU0r z$dS_WFfwaocckHC@O~rj*jlna9=a}dUltnOXvvv|bq;tc=$mEgZ%ZT))__CXlmCV1 z(fDBwIKjz%FnM)C*ZI2?iNcYA5lU<)4mMZ8D5#XqSey`V#N6 z=NpjrB#FBiT-*ZWwCCkpFnaRI#k4&Dym?ggjFG_P11^9qocAd0+3`I=RZ6paxco6^ z?L1%#lf=YV*plsWIO63lU%T0d2Y_dMOa5+$R8X2V%^lK2cNz1>A0}(c7Gm5I+9mUa z^oJ=iJn(zGvt{PsZ%By>l$mu=^H%4*3@8ao;7bq14J((a^EK|l$gV$d?(gPGN1ikWKCi)Hl2767GRa{DduWWGY z$@1GuP4?t5art%AM>sIP?En;i~XRt&9h+SA5NfL(h@OziR`m%`&mR=7%_QVKZx z6Y$Dq&$GV*J}2hz2tjXzR|Kvr-^#b6A`Zy4eJ)C7JYh7{=4NFvm`fJvDY96jdY+$w zR+o`&j<3_SYjAc56^5Mx#}u5coLT;nCkx9lpCg*iKjc}8eY52WMrB0%br#da(7rBy zAa3q@-Xz-FVF-gvVTMa%9}^k2*ckB9p$42F9TEm2C;-ig(yQo4QNVm3@NJVGv9h8A z-_Hx-Jhxt=c8*2t@@QIVI+p-+1|;-?92Qop4`5$q*SOL+`e7IJEa?}^w)3V*4?$+9 zrH&{SMk!s8+jEY8BCBl-gRH7UfeM4x%H9HnY-Be+p=JWpzG83_^Kmaw+|V}nuRJC( z1pi8A-{na@bHJbD{{cshzdz{V5^tOX?lOJvC>|C5cBETlkWWsmaJWwZ&*FaPB!0hx zi=(H!nc|;YU~9TaAo_UkUyg9DPQ2~T%QYONOGHC#0M>1#EO-1Yf{YltKLI>a)5`m1 z$@%@(5(z{XKlLRyZ~Xx9 zBIj=^F+b+u{JmALEqLCu9rCUf;0^9Tf)_apgVv`_z5uMB{I!?-9{}!mDZlfbDQuEE z$z#af!;}YrZ^B*N`nJWdh)^WmkO!HAM6;^FJOO-#89Gn&XmUs8C^?*DFvY>dz)=i7 z-O&mw+v5OmOfoBALhLlxP*cR$(6&gIG)SBA_p-MY>GK1?lEcpSWDMd+lOAI;d=w5l zuCT)+MVg!DrmS* z=PydB2{Lz)Z!TP(0M^MFwIp9poRaiNzxhc+!5UfZDz10-lTsQE+Em^lK{rnRj+|D1 z*CSA52w)AFgl`KHQ1)>3j$I4NF92Rp)zz;Th(e`Id9H#+HgMk8#9MoK@t6lxZ%5hs znWrj{7gV=rZ2;g?peb1;ZpV5&wz2_Oh1eg9g|89C1ah7LzSgSLmgETf z`n30lDP2!`Drj3a)j4z>E!)X3h7+NAp`vXzaEur5H~!`|p&8MD z#b)rc)DF3X2Y?l0FRj5)lsj5rPA7FkW3N`f0yr{8P5`q(4X(Ir7zJ6CDgZ{)E-YT? zQ522^%*;|0+r?~J8(@5g8kn@3!QYq%`%NPXztu?DL&ERV#hn{MfHN1s><}q%zC-d%v9DZ>mEZ&09B?sQ zb(99}kYU*%+eR1selmH(4f;09oL^i>=_r;+~vFyySES7(7RFhGXIjeV(Y z!;wBjDQ8vz%RYO#!<_)OZENr-YL^O_KG)bQBy}mhX75>Z$R$CVt$_=faQQXuEYiz1 zBoqyrY4D!6j)RTm#7X4bnHif(C%~vHg|Y;ly=RHPaRXU|{l!5rJ%H)-M27SwbQTCcbsa$_K+|m_=ikxMh##7*a&`Cjl^T`2es4 zoC#oNTI(YOy~q~r-byIGm!?UD;ecZd#F)I5!OU>v(EyA@-7Va{Edu>U1*~mE{$}dlzU&t8vONG z1>MU7qpl~3k7nvGxW%)xxg6I*0c-Qv2MldQ&@$S)a5>WpfIE-{OkvScp#GNbj{;Zw z0^pg;hzQHR=A*u^0ABPLfZ@`0sZ)-!7s^zbE~Nq%2mVmN+I}hEjm~=7mhqT|)}jIl zU^AuK;+#~lqyrW3*wV*zd3_*>(hmT)r)fzbpCRbes{*!~0c@k~yp0XOca%>6{4k{e zSYv4P^3cn;#m6fTPIG!|Y zhrplXP1;u;CkOui^~?USZuZ7!L0<|NoL*CWJV-$nObrYQ!&BjN4&3h=as#lDRWqV{ z5@V_&Cas>@9Hh*BYKo>CyrmZR&qf1%qeMIP@hm2_A9KJrf#tGI`cDNMp@8jmi?XAY z2$d3Y{_!6GzPI^9&H>9HK>q{4TrPGfVBY+1_O8drQCtTj;+%3*X!)H=KoP98x;gFt z|MxwA4p5+-*?VtG-|RJBX_j_E;y9UnaqQUL&}L%xJTXsuIk_|ZaPi5e3Prrefda%dh%uFiq84-V4FKbjWs$h(7je_!eiXCf#smIr zR~vBby3zN27fgLXKuZ8H#s_|CEK)kdfh!sWfJY6Ow+lcN-jOW;SOmkbcNTMi)KUYM zj*pIg$=e42+_6A$4t~{u$pJ8qpv5TwyBPqm`wKY2mCeBZo31tBLp$*Ff7)h#R~s&hKwCyYZ5b>QIIfBVG>)J(FV?K^ zs1rHwsyNc;am5z(7H+W#uXON67DwJ#TyJ_ftuj-=i646CB%%QmYh5ioa$DGX0l-D; z05}Jtv*t_(EdPUzsmH<^#tJI?0)S7}5?p-Gqx*7j5Zj>x;1Ik!FKFO2t9sp=15@s| zg|m+U@OT8x{0h@OjR4Hxp)4=<;{0slgURIxx^4-u$wI;2rL0(!BV9B~C2;nU9}K{% zuEPm{BkV!O-3{Q%3|u4Y;3tObH#lKIhs@AQ#!}V&AR4d(U_FU4a(kDsMFq#e1OdF- zTAau0n43zOr|cr$RH2N4iC7iKrKtAp3cxL#utZOeJ6y*Z0T>`ZTw)9baLGn$@`6q= z&e1_LY+c-e1fUx3yDe9VtH+?(@!gd7UbOulO>lJ|KQ3Hk#x}i}6Zrw;H7ntXpNj(%P45*`- z>Tr{}uA1_Rw<-3v0srVc0DIb#1b<&|itQK+8W&oCTWw`6E37BDN>xR~;MUltNt8Ok zSEj4Fqg)%&3T|4Km94|T-#1+t4oz#T-rWQ4+RoYwV^)az>IM!rwrzOXL$ryuVf8c0 zal_T(S}D4bG~5m^h^n~Y2)cHf8%)gB_7`TTMfJ>3YQbSnq3tFBhJvmWW~c2gXhGbQ zVw1kf%@x+4)NpC~2!7YhkNARNhv3p2z?rG*8elWlU=%;XhpD$yGKQ*$w^X7PzHgi1 zD9IRDy=_AAcIu%-GeEs%xCnG%<-BGVD}O{tN0N`rSQ6tDnDy%R3UKg`$L<7E@jvWTO z=G_?B?r;xS4nBBv&a$Udaw2gM=~p8F<5RAO1{!eR@NNcNbgkk2P}917VcItEd((3r ziJQzk#!c`%0NzsrR_0g^!~1uZmR6oTJ(jfk{tjaNeUDyihH15PBrJEU_RMJ0mb@so zwym*LmYs!TEh0BrTP9^_vRpiuqoTD4*mOkET;rqd$0P;ix#VBENKDpdNk*xwmldX* z%hdtmB{6=Vi)p373km$FB$!r~M~-PUj}Vt(%|Mc)_o$KE6^0!E$9d|UUWXJB7c{rf zGE5#N{?Q3-rGp)!EN3k|>6-#!kgH_8gmh#!YQ&2Sazua%q&TB*nU${gpy0RL0?{_( zfjhyQfTVzhw8Z`dCC@;KnPt5ehKC+05R z^&arC?Cm>j0ih>PkEZC`Uw`sH#@|D9c&)ChUGD+U8|cl_FeSb-i;(~0ugGk^y7@Sl zq0JX_!9`}m`KS5N8b>ojcdQcTvv+CpJhaDUO?0R5W#S>4UcaDUmj&=8kA{BYK@bqv1KE40-x8U!~^?Y9q z*eo)vjwxuToUYdub-lEXCFi2F&dzFR3&Ph2n%wD@*tJ^KY5Db*q3wb@v$17p`OE8* z5=Y-_H|VBe+H5rzS#N1w^!}ED?xwR{=UZN7US4IeUB69txT5LvS~80 zSsX`CX$QchiEhW^S`$pYZvjXpI1Eyg3+i2s-(+<1G@83YL>16*D0KTqrbX^WtPjveRt@SHf zp~Y0$^=-N-v{-X**`b@Icdemrs=Fy}*033zyG0uIRSQd~Tk*dZ!ObSYETwb}ak&Cg zBHFw}TWPI2xRl2l6ltZ<(pnMT!sfNmJpewPyDFO!{G}}e@XbDHS(A#h2ENDZPApFX z=(a;^kxaE8LfXRWO2}kBV4J2hlWZu`tgY4|Bv;+1J6p9I01o4#s-JlRy{iUH;)M0? z0oc=SDD=Wz-!mWZix6%=HHG#UCAYGWKpdYh+)5Adl=~vQr+w2jwupWSJC%t$iLv%X z)_1%IY<~1zXX|f%dVAUvf4v600^o<)fL}t0NndI&icuEBEDOeg;wLAuq>ABD`1^p1 zGUt34vR_;b$ei*zFi%u~_tbzHfQPOdd?YMS`%PaWdeQ0SHQ>ihA}@n!&HgWCL0{|o zAN{(nNA%=A?QH`le+$@?r~kJG>;c%5r?2>Dymvle^7~6qp1cO^_21u27WA8m?lDO7 z^givI57@)6Cr@7hfV~aalc!hIfIWHg^e@qXKe4fWywiTH4QgH6-MYWfrhj2iRQJTE z=u^qg-BY_r@1F^cp5R1#ZDPYA(oFwyk4gPQYxQSSbuZKK{`r7CdGho;0QNRuPoBI6 z?8%d-f0qXA$&;sNYQWk9uqRKyzXtpW8?Z7#n|;Jf7JpP>T|X=k4=K|X>KX}24>{cg zA&#>2t86Y*)=rD(p^VJA4c78JcI6oOG3m40b7oa^?%*>l!-wz_^@X}WekMDAB=d6{ zKU$t@9ZX!QBpxLa_W9ym-cWJ5^y+^;1Lql%_eRADQd1m$(hGukJ`O#8N_M#~?loXf zp1cNpgLEz;lA6*4s3_D(vsaQDjdE&yKn!6`XT(jCOil9I6k7@pU8^VboN82K0b10d zXl`}M0l&4VO`EEo)yq)JV4Nf({QhNdc{W+c8%BoX~&@f6#qt}AKLrB+_H%@1?P z$GO=>Hx{g$F_>c*DMBK@sfl&xS(4hgR9j0H`GL?l&99*KDB|`NSE#OXm>M5>bRXp% zCzz!%msBnZr3y)ybsVy&skM{fp&87gWY)BGLA33bL1(U$6W5oOYh=@XNk$meO=OD8 z5i^Arom)=}euyNL^mS5>Ps|yYDXM_nM82tHM-A8muqRJ12f#P6ix~r;A;nGNKA9)`B&OeW^d3(p%Q`%KJTnE5k(85c*`{6fZ*XZz!y{Te9_875W zI^IP*tG-#sei`%Q0~5yoT^w~J(@R_6DR zvwxnWxV;tPM?3|03m7mRWq&uzckg(#{Fj*fWWTh%y)&8SAN)pN-1e>PkNCV|vp6Mw z9fwqs1dfNld>>tS-T=r36jR6?r#BDnKK`<_d{j@N7pu&ATS8*CpkXfpB>h zR@86w9)7u}OgZ$l!r$f{FV-Y4@j@;9?#h(pr1k5i{OXd?#gAW)o&XHlkU;=U&moQ9 zTKHFe_Gacc*?7p`b=)Fe-RtXTbtCe0nLu>>X$*h*2w_UFRz}4yFnysYaCKi^6~qO= zutYx3;~SDkZ9xn;^mBN}g}+(IZKBbDV&AP0mk~E}o34oSJ`#Ba{^{90;Q$OzhvF(& zXy?x&&n9M9`%S#J-_%XK3yqSQ{WYb3WrYe(fv_g8$k$2AZ!wfVLh92>fl-U(U+L#5 z5_5W3H3=K~yuj4jqL>Wv6$DyhNOI&ap)a@AWT5+*oT5jL#J^%aUgZG5Enh%M0F3(l zE4RNTdN-Frxp*}K>)zArDQo0(F15HxZ_hOP>3_h0KWo6B>vR3P0Qe8A0khdQhkjM* zd7}Hm%vrrw0N^1uL%k9+{ezgcjr(>eGlmCaiDeK0K&z${wb0Q|J51F)MTB(ocU2TOL*T&ihJs}8^rGcI~0 z-M1C6zr|raE@ruCIy_)Ci@=2W?ASR z&a7t&*y|DD{`3T3z8NtQ08cA&M93cGn~Edl?9$T-jlJeb$r$gXoR=#Mey{L!FlsZD zoFfH%em3HV0e`N~^#R~N%YgNs^Bz{Q1lqJS1T(ZpsBxK7$|al*q9Tf%kxx7}d^AJ$ zLf2YL0>^553E;{?)idXmIsh{;VTpUT3Ux!-<0y`h%3f9>V{2zU42q^ObjC7-P!eQJ zI%WD~U~=Ab$Y%#&d_&EUX+?M=DOqmW2|gX!%i@S#p>P$l^JaLwLISRL{RxWvz>G99Uq37*bsCu2^}1Sj>0wxq=~gzVk9*LDCy=VB+& z&9De%3$QA`{8%mkc00`OP7na6oDt8d12A|Y;*tlNI7PiMFq`PeUB^rs#BBxbL9-~A zN?p4Q6Fk)FY=ncXveOB@+wB<;9BfQulF`K%*NER%N_8n_rka$^Paw57HH zKB~!%$|w(@H0{?KFvA81NB{sJ07*naRPz+eEaytOpy_T$(dZ#mTEwiJHHN2RvL#FI z(pjn=5w4v4Yx|ts9iL)x=@7L3tFn`pBDjsvfW&Ge;phjg0snUZyjgAR>BV|RbPw~XrP&*}<-8|n zG=Zc}phgY79S3wevmD8Z!5CA{108iVU^gRCB@{Yu0M3B`7~QQz-NP9^*5r)^Jj!x5 zcPue!qy6R7;=J*xvdKTPKm6Xf0PQj8_R;Op`|{lx4}6PERoDb6GGs=Nx0PlwVVcnz zNLaM4z`ZWJ^I10O9o)??(BTZ&4QJ)i^g+(_$=t3-^Q9zxzyvPLBaqjG$&UcBJ4O>_<8%Y?>F!Nj4%R_g0Ut*6Tq*?QvV#zq-s#M&Fk+z= z0VB@6Y?A<-;Pjv{THzbQ0?-^_2ijJPHSZd7&Wiz02eKlbMrsH-25RL)Q7ko?7|((j zp21RB1dETVk9bN4%ko3WQmd0{0RkaL~OlrOwar-df&-J-J0Q{#J@bycu=p1R3 zKM7F+<#a#r}ZH()Gjj$w*GB-H|N%z`#{6(GR$ z5BlgDp6@N8}Q&1`h zaCi57|8HHyFnhbHelO&}22U*+KXiX;ph*s(6Dt7`OsGs@{FY!bEii)?T{W@^WEP?* zw`2&6GJ||VJwT`6G0>FAexEhyAbln2pw9nc@638+#gQnCyhsSlV$3FCgW&)F$T=rW zW@XiFwbYuLhiSpXy;+&02`}Z(Cmi7-fbnb<=k8_85PK~n#k^h64h0avBc5a$Y2@qp z7y?kz`77(b<(e`YOQnc=ig;ojGRmk|>cHZrjR6a!Jgk000zZ4e&-GmYdI0~kJz!I; zE3uFP+|0eU5wjF#uTfjubB??40CO!JrrX*&LjXGstg-+wUHQgr#$HaN4R_0E{_z!`lkFZHfVM2D>qFTS;}nGkn5S447NpV*Y0E^op9|b2H8b?($fC z4EunhdVwHX!j92n@`rt4?u|4AK0Xi0T{1vqQ=eBzB@>S(v3>*wUjV+A0VdJcDF6;A zuZx=i6s?ITL(A6b)HDGgANO7$%V%dRJeDl2b$UzPPXNb(?-R_q_1*w9y>&nv&G$W= z1b25YF2!AoJH??`gS$g<2o!gh;!g46PH=apxJxN6MPHuJ_x=5sY-V!Lox3};JA3ar zDzuV68@`#?$2jJps|$4zr-ugbBaj^_Z6n9OoKd9 zip-m&JueG34P>Le;S4ppyE&LCP#w&n`eY2QQJ&MxVk`nA@a>HSV z&{fSg5gZ#XXAY>1;YfZ9Fy$ZUq615NEFw-8^|vj?ge>MF+Lk;qG9F~$(B&NDK?q`R zlL@oZFQiro(^DawU?LmTbEn%i&XyKh(4BI&G+EFm<*)Ro?s-xBFP87}Cfh+qpHcIu%BZSP%$jgzbrcTT?ep_Y=;x{nRYL-}JSNdyuB6muexybXJPz#7%672$jSy= zCn77t&)}6=rFw7Ra=5fl3eaHd%X{5+l(pOqQ#>Y41WT*9ajqrZ8X{!CUKu5}|LGOh zNshb*^u9Z8@k9@imP&Kjz8cv6iMvSr5>cY3OAoAtmr?82mQNyAZ443K`X-J+il^m> z+uSz;Gu>M~Dy`@@-N+^|1-|8By;UJsf|!~y4`elZT?q$0f}^*VGe9r{ za3K@Bc#PPKbi#*7)}U4nrh!VNKJJ`$-IX6{^KJqOo>%UQvo3^P%{fZz5+9Igmj1 z*bHDzl^jfR`5kRz$ObSy+f{gh+hVoQ$1Pl_d3j!j!3R+2ZdpBx{W^>!bsX|LbjJsf z0G(Rvk`s_0wm8gk0S;rl_Dtdhn|5X+PJAx3IT`unt%d0NS$< zSOAOQ3U@cL00!_;XO~;k*h(^Ow&!?;a92UzWy){I!?{_N%UBaHAYqLJddSrWr#=*@ zCN%c1Ua4t(eSR%yy39n-TvqTaWZH|(q~2b}NB@tZc398<@QrW^QYk)a9!5T}-3eMohRP|*z#7LOLHFKB#6 zr`MjO;#5E2Q>Ju{{M~_|fqb8|1{LgPOK@3}LO7m$}=|L=hXqxmhYQYR?uPqsSEjaEOKZs=b5T^K@-_m&z5f!M_9xI+4IpgC^1UP0t(Wm-Pt$jeU&{^vw)| zP~)Q}Y$ao*o?(%Xy8TbU@F)Psn}&4Xq(vrFr}THPAO#*ueLI7jTupq zm-XXr=qBJVEgmCXL3aWhPj(Qe4n zMjx{xr2u0>b#*8URgf>KYlmi(XsUyEzsYM|byx_S>35Yn@UTgE+3P962HR z&hbkG!JQJ@JImr9kvYS-h5P4Sn5X@hI|a$!n*$v>^v1dA2RAotmfh084N-^YTa8`D zPc*muUXO)=s>W)7VLILYDFt4qkJELR^kCDmV#2~E8%CuSa92_DEJmkw+VYcof11zv zcW994g6pk@j%+&7HyLq?0tm(mOz2<9GoO%S?+cty=-(nhsh&q#xa=CHla0quynIrd zkP|*Qn8(R-o__qLlEn8s&a zD@*k&JY9CCLFV;?2kT> zjUc1Tdy~O^T%*3=>xrwy%s&>Zc|a5Sg4vo&Wr)V50m>(=U6b_bwBss>*W{jdzB6AN zX^EGepjbgdtvX@(B{@Vggw;His3QMpX&IbQZXDK`-F0-}3ct6Qt}UiiZr(Wfr67;* z>ro6mEzoI;*edVii)Q;z$LA3nBBZD^?jkIaz{Vf-&-h_cc0g0P$0}rDCgSg>WxRi_ z@=|qa7am4xkj8>P&~7d#!2F7O%0F(K%zhvV$l6|k`M>afscS2@!62Bb3HRg~%%Q*2 zcGc)Gn10>`X$^EjG2ndVFVN|(BB&HFnNor3OQ~@M+<(p1Mgx|G@X3a>3}G!We#8fN ztjbxF(8}J+F`vB!Y&N3p%^d$3x1$guGoG-J1P#{g5HpA_(yf~gz@P^Th-BQiml0Fs z+K5IHNiLS{El>!6M4AlE`E%`p!Qbl2zx0yqb+7 zUq=C-6GZ0@KAy%%HDq+`HTf|JPgZ+uy`-+}!BFh{4T^h&mtXyq}Xo0|L5Of&RE9B->Xw~ zd+jsvu%1<^WbEZ9X4XXbWEV^z_#rl%;Fz7|0%Lh8(e$h)MIIjtAj}H#Ea#pL<<)We z@dU1$ib>-`Rgg!_WfP}#d)tqEjvLo+Ce@1qC*UQeo86mTxra+3BIh5o+TT|521_H7 z!}9tGfwJM4WEaZR;B0OClv$!~h?nx1$1~)`_QKsYa#4I&x&<~!Ww*-}wpV&EGMR9`I*^Saam<^}n>7v+c zsVwwo)sm&yW)d%vhULQBaolK0@$C06hjA4~k0s50{Vh|Sv_$y`&8b=hQm}suju;n9 zfVmQrDT#KO^^0Tuq{`h?x^t9;s3#v~w#{xioZGv~4mm%=TL%vLtKS22 zkxhDmHW}1)fee_m0dyo_!l#l5GEr#9H6z7=vr!mtF7IaDs(}r81yJaL#U;~u`Ybj zm$N^L=YYEkMTRgr&mTC`4DdgAQyWgP-dDK%3~c#Fq`kES6k6veD8t^yP-Pl*3;&QTEekad`;;$2qM~Rn{FNUYc-umfBL|KNP~U<2_ZgR2l)z5Tbs)A zGBB-gT)#H_^$0`AIS9yBCGCg#M+PnuoR2BdxWevx%A?P`i;9#g@-grkV%$Wn<7JL) zV=A@5Z|Hagktg4%&O*0Z@C%Me>XGUr{ukDBM}(!JYl>e#D(p|M5&u34fjQ8` z>UO$YR&l9%`$#WbmBg7<-d_JsXOmW@+SBS7oM%>q${Dr``ybAZukNVPK<0@QBF_LT(e|c~VyAP@4IKTbi9@}(_P$ahv zjGUrw*(9!=?`9C&{afn)x*04Teld@AK~Kg$T#M03U!*p2wG% zNF7*H;^wL=v{lSeh~b%-v|u5|6c@y>$-~^{E2*Lt%x76qSnVNb9B?rBsr$3R4-zN2 zbh)3IhEY-ioNE;+ga?@mFljWh-gJ_Hmq@RS$dtWL2O#R@z}e}V6Neqg%Efc!s@nV^ z0gX}hEcB7*aD^-{e+#%8oc*qpSIXDv5g9ENZipJ|s8Y#s=$AH)tkInG%!S<(Pj6Bn za{2nawnaruV^$earRJYxl&A*O2CMg7%r1Pf-;HVgO$3hEB#l$T@P+BEHY!9_F^+h| zm65xCc3((sR0D$rt`RH45j2KlD&-9Kw;O~=zqKb#cmR78E&`ZAGMa|wXK$}DSWdx+ zQ@B7$ry%2Jw7%LaRu}Tr!_~1x3O4<$6aQth^n=s+;e8$5O?<)NUQFc&rH>cro);v=kf5d4bYJ zte_2cfBCN4e9z*TVhzuA#*TuKzZEH>i)rs9uJn%*YDIse1X|Ilc{HR1~^F45Pu8 zl2M6iD#~A+d@@p6eX=uF?DvXElKew{c4YjCT3aqCfFdwBjaqqQjhsUS$ZquBvs><#d zz}=}L-N&nA3MwRhS=dfsW}H&MYCsKbaM+7P&`i-~2`Phh&tj+K8xo~mDJbuhlYg=h zO!V#r*&AWo3|KzRrC{F~S2=$zu~ZH@W!W!as&_Nj?5)>_wWi(w1IZrd=b^M_LHH~< zo~UYG2QFxYI_jOy&dYuS2&*n2 zDnah7uo}ugr!l)_=M~Ml{WdC9M?Sz@PiCz%al!3Zn)D5dWU(@kJKn!@e{yXt+c9&(TKF za=9xOyNpe}VB$Abd5lKVa0PCPF!WCHD7jl%Vq- zDg)-|isIg(-h3%JwdbBUY1MRrfO3phQ!kJ_gx{sKj23&Isrp1OMWwXOcnLN`nfMPu zBj@a@b4XhGXt*bwE_T0ykP6O=I-18;pHO|W^# z?i@}ccJy0bpH{BjPWHXG_&)iN$Wi)~NzaVc_lh$ijfGl{#aEn!Q79u&QiJd=6cnE; z%$EFTHmnHu7b_wY2G8VJ^f}pO7ngrg3{-N_lDfb0V{96BRY%mVb){V%Mtb3A@9QnaiS+sh$iS>y3pHX4T1#8!{D zaBq4oJe0|>Tu^n7SB^z}v(0SdyJgKZsJL!jGxD2=mdH>Jlf@QnAT`?GQU3#VCK~%d zEpX0&_lrH++zO*qv5Q){4#hb|Peg`|__erUjFwvKZw943`caB`6e1t_i|gk5y$vkH z2bieXBut(4T{s;tnxNEjHyl+j!^{@0OxA;-zUs4+dV>z@Ct8{%b!3;H!{Rok3XAH7 zo^q#uetN~_%d#=I#nbg7DO^!x{G9Om{Yyz@3?Tw(@G54{)rR(14ZE-2^jVy8@Hvtl zKfx*&q9ljp4o6tikT12xa5j=K-IA{PmxG$6XAJ9^tUYVjh9JG#a#f!=Hf?oWG-tCi`~&3 z8=mh99YqTAq20^CWbOTH(mv_($n+QyuY-)^&-6}=9tF{bHX+N;y!(~+T$Z$FeEPi< zWb@l7WlK1~Lx!|O5X!zZhVekk!Ww%*r_=$ZRqFvwLgA`oV)bm>Zub+#vUwri3invZ8`x~Mp5p- z$le)?9cd5|z$(_(mCfVgFbku?_6L4HS(5|W5M@VDtqyMEPiv%|V8~o0*)wC<%DDBlDsr6eE*W?KyYuU>UM$8|$ zQ}!SYtIqMBl0ZY?XtCyPgjW|$e>`1&w`yjZr;HJDLgfAQMkq+i))4lHcPhtFj(nuV zZ9Ih?X&i#`=_j3XU+d|bwgNwByF=(amS?YgdDW%+r3SX6bRI451gttxll9t;{7?`7 zU$EZ-L9c0xkf97an)V@PvB6t0?;KRdbzJSGNB6rg`Dczv(VI)@M@rWqWJ13vxl|gQ zTkgre5I_dAWlYX70`Q(uZr0Bc4i%(b&Bu$&KGM~E$UZD`=KOVLVRZ<@`{uqzJWmKi zBpfAZga1d+gd>RV1(9hWKYh@1%X{Y+TV44v$P=?fb7)++V^Dr-@--^(vMM)n%d5pC zuN>~Tej&Urnlv#HKZ zZe6xBcIf@F!|Bf!H23(IB}Ykl7aOqbwIp3xLg?B@lp(vz)OsJ#;)lgfdkY&$VAkQA z=)7H7a;5KsW$%%0N<6=$_`$#D=|P-}hz?8e7UtQ?7MBOI11kN^MW z0(hXx@Vd8c5x)#R&M=EO#!|BwZ4tA*^69;N04vNY!K31}vz&ddaq+{wuza$6FWl4* zD5z?T@RnQe{#Si~<_DC03*N1&Hx$Yf4Ejtb{F$DllpRc<&xkEnslTZ1biNa_b@U5v zGi#qeft&TW#`76f<#ipt!oEH*u4zgfYG#6U?St$s5C8fpB7&KW-Qxje7vwmVD_$Aa zSc1b&Bsi_6LCEa*Rb!eTeKj*A{1~=_}oh*nl@OcarjA)Ho+5!U(hO$9C~$p2tS86A)BOn~TR z(QXU^50la2BKl9x@v3ahNEO;)R!-R^L%{(i(!v2aJfuKgWOM>OoS1{!^Mt)H%=Tq# zl6LN@T0A?Ls}2iG>$jOcfHPHKjh}4gq@c->aD_~y+su3-M8ufb*uK|9G83nmt#{bx zv^_jtcdX`Dg*Sl!Y!Q+l`~D~8I2Z2BYaXq|^tf6Oz2(Ozm7sXc>(udRI`IYsez%}Y ztZ?GVQrivWtT4%alK@5N$c1qpt=@N!{kU`WfJKPdZ_6jl3%2!<1P8kYL#X)k zf%T}^!l>LGzsyM}TR`}~mlGzz%=M*=B(qf=)Hlo4Ajphq4dF@Q+m2yYy!t~3OrH@cCbKGNBAuphry6rTh<#@k?cB zp6HPZOz8&f+O*;|YsS&B{*k|xjC4}}LDz09hj`qkBQ9*CH>H83ZFvZ}9|$<)51da5 z`i7mijgp7eZMSgyE*(w^D_q5jd<9>^IYF<~ja4hWR?mQXl@72Y2rhyM0T0pcY{_7i zP7GNEL?5t$Q+a3X*S7qy^3ND|)zY#mWDy_4Xi(NV&^`u=U%XLxO))MU41B&=y)Yn8iBp@?zS9sLU*S-Iu3_uH zz(Z+zY1TOQS+$tO99&%J!?P|zDw=$cG^Y6$6^izptgJA2W-s&N7_9utBzpLZnQrn? z6;h(;)8uc>t?*>h!5gf1ULuFTl%0nnVlTI~!#|?{_$q1x{sOt8F#zKLAj6Gn)-+3E z*};Y`>Pb%9fL1mkQT_LaE#%b(H!HT^`h+(m0MpvMz^x{lhvTOAr6P?45`YBB^s2yp z2?u}$ez(y9{86)Mo)c&gHM+dU3qMU#CMnSa>_$BSPXEvVW1+fYF!*ccz|#7h>d0M5 zt#(}~9gzL$6$>z@js?&LfRg}(sRk2g{ao)4Io%Q>VYx81KER7)z%mlRGu>G0|VBDA^`Xt0W3QY_>iy~Ap5Uv09ca5 zptcq-h|mR<{iOI`?M<;w7#|>%TPNpsrLfKx1a41NH%#OgY<$;G5R| ztPFS_@_`D5Z%2LEix5a_4dpoF5=bQ8sQZ-q^nlwy&NpFA44-!AY4N@T*OvK$02s7W z0`Q{3yBLkBY?=e-q66hotb(m$PTGQ$??{7szK@|mIz@rYvzMo2c8$aqjht?Tqt^Mq zgoti%?t{m0AZS3(Qp?$ysHb-*2Qq~OzaVH>sy=hWGR2J0uT7--8^%_RoW`$%pudyT z%NPK=k0J|eBKQD!Gys@@kJjPl1P!v@4ks*@h_d?580bp`Ipfy3fybCi8zr}xh^lKMwR4K-okEq0-XfTQ-2R-L@;wm@~YJ& zp4DzrIeN>n2fb(fI1RU?p?D7skI*2#FzUmqh6dxSV*en&lNu(jGRq7i-OH=@dlzzA z#l5y@B~X^Oq;&o9qA{p-j}BDR=0Ky`p;-Hwdvt$HSf z9@KA@^lda?_cy3(%+LYlp>y9~O<1+Bb1|i*MB^rMHWRiPFu>mmo34}<1?IqlDJ z+lDsJ8aN{WT-){&)aBK;+^C#ch3E`HwP=CI6dXM8#6Ou2tp_N}(5D9#eEdO9Zj9QB z1$h|(GaUW&iW5KvLZ{uKb)HTdo13RCLbBUB2n8b|eS1OPE(#=Yz|ZWc{DKmn9o4_} zci3#*nT54qQ76JHGm?ZU)ZyO@$N@pm(({!JVhf+=o&}w8TR_3$7DR$p>P@tq1j~Hw|FUORH0RF`SiZEI zBmta8_h^5E&6UNy`5v20Szc@X=~x+plUSS05}+V6)mTuREp8bkW3XYRgNlQPT>svc2@-;BhuzZ?7KXEg?uNoZ9V-ZKo1$CV&RoY^I}Ai#Dj zK6jZ}&l50TX$!_Qroz%|%s+I1MJ(gEYux83Le;TKIdtLw$@M5FeVNV4q7Q^DPAjxo zvxG-09^Aw4@agsB4ff&=kbQRJSj>1Y_8i`@JZ&cB4ug01zzlW=^v_LXZ^c;gU=QB4 zRw&kQJ2ocvQn{Q#EAXdFsoD)$`n?OhZ7S*VO6|8fiqrs}aPxXU1>-Q5qN%HMV#O82 z1!Xrw8SYr_*pRf1lbD^OJ198rm{1+e(u}0IE#Tk!!vrTo{_kluYfEx%T_Q3U*LRI= zaB!1gQOlLxI`>V!*{!|9cpEo8Km$`R2q$s7a#(*;B;XtB|E(&&L9eR5&3lTQ&gZT} z3kQMp(YYMy;a9Y|$#D+_OH6({V@feBYLE?gX|R+Y`>H;{1m|!B}=EaOPeOa9nr6 zhxatG*1*p~=bQrGFgQPKkpvgp7m~5n8=WqpQ{>YT zai$cVfLlpLe=5w2g~@-AiZaY<~|V{r`#)+iF}=A)RFiQ@l90M zlk>w#MkuW8-mI5(V6fxMJPp1!tNO!rtg|@?AC<@Oyd-C#c-mC6xUEk^nz(j?*nrF! z2s0OwFoGu})$1NDSGnB+KI-HB3K$;-anj&lD109K@fx>w_}>*AAOd*PW3}qqTNs5e z`ba_aGS1Y;7wy?o$|s|xT*A&ZdZu4>;;Ajaag>bvB@w|QLj+s6Ufv6}!YAYK=C-(_ zKE=<+#{f_L#irK~&E|GkbCfcRCsJIu%TpK`<&$W$y5HbQ`e_K^KU-BrUjAamUuQ); zabq{`J5ko+Nbu0a>{oE62>6XQ$>idDnCGg+Cz zMAl-+@IfBRXzD?w;D+oC=F4?KVyQ27!cC=g<&_FUomrfUINab!smd9Ziz|~B5)~uz zDt&PdabmtxG&-#tPq84<-Uec5zjTIAXvq`P(2hkCS**#qB>pCEH%$kle}j$Z@LSD(Wy zj6#GW9-GtORD+5#<0*1XUo2~GdA@d`)KR~}rOwqH9NK^TvKia{_4&-U5)ts` ze|wIXGx+$C_qB9?1Ll2+e5C`tvh4*erm}rmIK)%t^y#|Q7WJ~7aL*)eJggr|d-T?z z=;nN@^{8r(srbatnfKkq7mh>`^6|mTZR73VB6v|pz}{(U zE!*dxnD{48ze(e$*ZfQ!gB;Q5CR>_H$$r!|R!b!~6@RPWFD-=~c&{+q^^sf~q;Blo zhcA(}<<71a#Qa8uCpK?{!9cWH;vnnm!_Qr;kNi8i@>@6V^}+{B{LGkA{SZw*#r&~S zd*d@T7coT}DftmP-*F73BU>#Ki?s&r2TX>x=<{fu??nc^Ga?oCtTFL=U7Vk;CRtZg zz9i|hrq^X3>!moHkjE*g!vWKOHQwa}c}%f(SoiY&v&MeC!ZO&WyufU5FC6?dLdEtw zW)R&kwv>tN%t$DafnNIVTXlNku56c?-)Jm-U{%vFmQ#t60O++9F}+LB`!aVUlIF;7 zdq8@(c}K$Aqaj4G+YNCQJ*z8r!cnW#WBJxFhFwF5YU5wt?s?E(WAOl$3fVC0qk~D6%OhcV6JFu@&6o0P4Z*fXZDB6CgT&Q+i34rNO`j<$GL>JquI-Oa zPs;Zf9~qqchz}S?Ez+xp#{?u4tp}DDJ-p@^woxK+0av8&9uYxuSFmqL-10YjdFEce zV!YzMj{N88`|%~zmeufAGJ`iK?=66ETbOXz|8)t#28hl5*Eitb69501;MXWo>NbSU z0=|C`qXfND0yYgalnC2xYcF~fy&W+a{lN=dEA^NGNv9iRwtn{qRGh6IzvI}hWJ*YZ zmZQnQ2Lc&r@@r7e^Ka0#&t$?{(K)~}a0kB@h0ng@!r_zUq z!qEbgxcO$yg(}K+VimD4oa748;?5e9JF518Rp*zByU%92Pm?vq)*98yhzp&LRdZwC zC{AOPrm%n-sj{M+=H6Y1{AX%B*-vgAf6?T&Yn*rOq()a=iA;(mh89M&o^5I>b{`(M zyep_A7Qa>V3VmpZ6o_a(zn<6u9H5*mCtQ=2X<8*)(AcFz2uH>~yZ zEXy#hP-ow0-j5OJpO`+M*2N@cs%SEEY7|q$`xE5;yS|u&f6=y8Aw??4cyvW&oCt{`MkPR{SlWdfai1rRFH5^poV@PHVo! zn&dLNLA@r#IM?H_`jt;@U4r3Vcyw(+{h1t?^Z~>7-I5&^yYka6JwWAY+jOsl&?3;o zeEhWC|4#z*W+HYaL4QOQ?Sonnb{C%~j1|LqYUEekFMW$>5DoXXfJ%Tb)dY(FkZkn2 zi97Qgz?*1pxwss289@oIg^M3nq}+7=a|Oee(cfNJA7Qy8i#S`PVVgoks6Lg;$B!U( zKifi+)#Tvjbl;Yy$gT#=eA~(x#sHGG2)g7ioz7G!t%>)=+l!FqxPRZ-3}pByl1L6F zZ{V;l4i6wmZ=c^X(>BdVZ`QFcK2HFXLNB$qwc8j$)d(RPk&S2?1L@yH4m{6r4-yXt zBBJum-FxWa%uyC18_n@u*PCn@nl|#(U?SH23D|<*zyHbLmllcCz?F}&4--*}kiM%f z)Y1Y1lybJaFfMc)tC6C@!Re^OZwimdm2_5Im^HlkLgwKagvZt{dU)7Xa7Qg0!<2 z5&3htu_*Od3fAb0+X#V4MesDmaL9vs)U2?0M)!tlzf+r@U|;A|)Qlwyf`W#d z)Q%F9jLKE=`1+Ap$l*S0%>^cMBcc0S_1N#=l7-lP!Ie+{b$+sNZ~=nH=x3iFVRsIf z-2PIs$qS-0bK-@0zmli$fGCU;1%@Ql;L)%FYrc4iNx@-jLRm3f3Bg0*n}11mF+2m9 zdj*Xr`DKpkRtsJbvbcfKew2D|%%z?WGqOq5(OQS- zG;jUG5WZk3UA~%jb#%e1zLSliE+sN0Ee$7NEKfsG09%r1>{1NV#9L9T_v5IbKNLzj z`f)LhEZdG~mD$)}g^Mm^xbJ0Y`Docp<90EXGbC!!446Osk*px;dLZfen0_RS^60Vx zId|Jbu=hq@9&!T*vM#HiTLVPHO)aH6{3|gq02#7fr5=jP+#*~s;5o)wKK_QsQ|azbn>|GpI0_zLMrO+u0taS%8w)D*vuHIJIB z9gxC)ktxK73B-5X4Vn8;@+;%JotI@*@?uGK=xDvp#^gsTi#vrl5d}nvi8ckvX`ATT zT6R#uyvoq!`YcSQ7nK{oepvv#=dn0j;S@6fLC2XV&M3r{GKqpf-~wMy&mzLLM2|=a zo)sX~DeQi6wLJwxl*%zoj(a^St|Th%g#=b)1UwRILedgBA&U&YXxOmHc?d{*F7U}o z*XmLLd~yYSp&5Y8MZQC2NGL9deRCcQoYfws>JD!@Dw%z5Bnf%yvU?iwnV@6__$w2_Q~v!5Cs zY7b&-8zg{{pZ!p|5Bm^`Q)Fan6~%G7qslubm7EvWZX$4gnoZgvib`yZ%5#coKODyL*<=B40qe41*@L-4$!|+#lLl-Pk?s)AgyeRn%KpcE5D}NxGQ$P7vY^Uv8CJD1B zim^mob?v-Eyh%|)hy@zD1m6XEIZ3Uh5!}ndd)i3=g3{~zzKDDRqee*>*1uVStzN2R z#6xPp5c*CsfKXPC42neM~og<*<(4MfMM&kPsJn4Js2pWt~|&l&U3uP-FLKH~A*{_{7#?+>~5 z_Se#%mq!ab#8o7Stc10#1}NULRk($DrR#aoVU8)8P6}R&n`!l@T2+G69FBucR z?#nQwZ%X(7|Dn6<3#(ZNDHi!0S_rI&@qa8EfrN377EPXJk&SA3lAWgDvv@nZoZ zlXh=TiwbpAZTx{1Zy$dD2%`b>9xM1_o9>xt9Ow`$!GQNC4T#6B-S`YGpd!LS_Y1m# zBl!W3!^q4_K4=jts_$x?sajvKGWiWSr{>k)jSfn$AINg4c@9;Cg<1?Kvxg@9DF@Tb z5t}H}LALC%B-EJeD@AJ0()`rBm zU|+6JAr(%T0y77&PP_KuflP^e>Z;Ie${Ge7NT5k9!}nh5Ff}#+bJx|_cCAA>($;tj zrs*2L{i&o|j_L3W(1)e4PG5Zx!0yheJHTK7N=L>Y%>-;jTM{W6>Z4N=EPe&Z4CPVB zuK&n3UBUg%p$BB&1lQXOIl*kM!~q5~R%&LGAa{*eJWBtz=mZ%6qUo2W1-CM|7XWUe zWHiYu&fLz3@36)x6Y!STJImC_0^ZUnLGC=jaV$7^0YgCS&)_bGp}y8u_`ptak6>4* zlWE7AYSh?{+7Qg^sVgG!6l)cXKj?wGba2Q~a|4#$0Sz5&FOqo&Tk94L3qATu1Gv`Y z1jh8(h?~7m;%y3$2Gowk!2#$T>CydgpwR+c`ugQQ`h#L$fS)}u7vIM$fCUkSK|>Et z4eGsX+rE#<4XDJ12x#aYjmm7}1MS3MbdCN62iNMKj%I26Y`pah`z#J0DQlWpcddUO zybJ48;)Xy)@m*BG$uVg?!kwM=xb)r7C8VD8IHU5Ce4f&<9;uIS(0P1uXgEEu|W zL3Ts{t1qA?6&CEyv^DOG?BX_e4`e}3r{LEcWmlr$KSe4YT`vFds8Zh$k}r{Ixu+VL zof>~Md^|fU>ve6(`Fpq}-}!5D(Pmk85*Cr*Ugd6pyWk6Q z8cEKt%DCBCdJ@}p)PRb0k{M@jD*IC0Ut)k-9^k}vdHFjoZC9d=*JA2P@Gd$?#FA4l z+m+cT(?iNI0TiSk4=mU0upv)FdAz$>2~wnb`_3MV{rGmStfABMJ-Qv2`FVQX_m+Du z2OdHxDQhhYBQl{fE2if^UA(%MS{rjX)LQKZRnZwnTHu)K>N$;+cc#h)DN1I?3X@Q^ z$xfaBZYi+>Q5)r`^cH7P%D@}>br9xdNeCHw71SLn{-M#UR4iQL0d0B~a~55cqmBel z#f{#rTo+aJ3oAbU``zvk(^x5GwPgcCVVp5POsO}X^O^r%1s=ijoz+wtN%3lz+Gv<# zeRK!GEU_tbAxJq=O53uXCHuCu8iOm3uQ$+M5r;@-Ur0E{Wp9y~-QrWeFFcbXcHjTY z1z3D9S;EI@GAOlipBU((J8*Id<32w|GuRuJ&bZhVro$x3+0E^{Y?1u+stfl%s?HQ| zB5?mM0e=j8`jye-jj6GF+spXTrX4@}V=NPM6+tmj0TvD|e&l6br4N zbU6PbJ~$mV-u9&Q?e@VXHhhl?71h6F(RryAc{4Hl`I5SmImJ7@^cO{pLH-3S zw8`e*dMEMxu-{Jd*lB*dq(9!tE2UXe@apJ`dsuMmLzE)++9v(|Rn6D~b+PKdY1IMn zW&&4Fq?NyXZZt#j}G)V-Bd7E6TK~e z|1v)%Q2atZx54_Iy0g>INg%RijDu``ToNrO{4 zh@rnnR?Pn3o_Oj_+IS#4*Z_jr)SyyO*xqg#Xc=UsuNO0+BGWS_b>}bl~j`Nk^Q46Hf zQOur`rmVIU^BU`oMl=}X(=Q^Wv;6R(^yL?0L_n@05ak0Hv|aOI>+D_FCnLafeu)R18TL@uSzNtnuRBtACM)JTp;{Q6sW(jk>+bDwkXX$?p>lwiRfj$2K7Kc@$ zj0e$S{@-zWJoc*hHf(wC$&TrtDB+YSG3EY42Zx-F`2PL>wFCW!$&mr92SbPX$_gss z0fPc@*#rNtgJ=aL0)iAwp!#17K#cD{eL{Zk%c2TxfLEgI0Q?Ws{|^1nF3SIT=z;Y= z%SDh*o*u$Nn*SfC0$hhP+VWRfR3%E^`v2M4rqF=P; zXd>|6D_HGTpVOQ)@Dn0z;eSro)IgdsYd?Wf`O!Wmb=0I5IHsj_ey>IWmmqLaRo)op zrAz1@!wldSQgLD>*sdC(b=}dq6 z_yqexnn<$6nK=Vtud9$Ogij@PvEsp9E66w>8^GW8H!Z)3*XYCK@ajkX^Z+kKayg$< z5}<#FjkjZ|^dBp(8S>99va;)f7XZk=hHrG`a}i~=l7w!#3D zl>Z-BZygoK^FR7$kU*1b24`!7VTZ4eoBiU4mcjbdsL2R~xrC9n#_|IJ}i0CIQ92uLp|EOhRL@4^D zK#%G#^qg-tc*97JAa`wxsMszEX{_Q7hSg9oCaxxdb36*c`6p{ZBrxU%I<^ZkOCD6_ z{QLe_zccv2UQ*8KMZM^gzU0nE-py>1l!J@3sdh_akCNG6al)#L-d~s&tKSlJ(YKDy z3J0VF>g5CvU%17T$MjrGCtSye3hHvIef|CIu1%r19tjmf6hQNb%^{g1A8Kil`7%&3 zUJ&L~%-kI0OGj3kCqN(Zd+4)^Ra(fJL%*7oGi4&ZPg>doFdVsse|3{q!3x99wKhg( zVfCWUQO*kK{8!|k2-cCc|6;0cq^s;(7vFYV-3frE2)O3f4$A&9RrD|(Of8KO??y9j z7p8Zrmdc**9)C`~gD={mb(r*->TGG0*kSG;Ct~&!ojdqUA^vzVClbql^yN0()LKD; zhojQh%c=QHo2cEpIDWBpq?L0xw)8v0f2`|(0+dSNHG=t<_C@d=k3jL|{8 zP-cy+#`eL!f~3L7v{HW{gQ7~2NT3#3f0q1jym+gm{PH`m3`Jj3%)j^pY`Y1@)m@vV z{dvk4PgP8QK?t-c|QGG>w&~Po2^u0gytVdDLQ_s%^mvf%%Cy zCQ%m;WOLIdLYgoEo>*nfWy+n%sEBG0neiw+HzBpQ{u<(R?)sa<=i?{S7O z4r|PNz8$9=Rg8*)#?!s3g^7Cide3zE-K=SKGHld0tJOf8aXC%D|9zjv7ApOD;h4~7 zIO~IyIC?CC0tVVnEV49@RMsCwgz^&xx81^~+eWJ1{P@8aRN>00?+dQzQP!#qrN7&I zZT0!|?9LjR3GI=@3Ti*E{6SlvwGBd5O>q(!xj)J3k6IH<{=q`xKRp!(&$}jXHAm(jwW~>^f4C=>7=ehE;3u#37tmEfC7`h#@#vOvr6D1$Uf)veT$!Fc& z1Zk3S9Ab!nMQDj&i#n)B;e-=yErOOH4PzxN6@v5y^e7_9)DsM)4sG`?N^J@aj-!%A z#t^Tp8GB7L+$U^45@XBpDm zcOXAIvyaC!`7{;_kFa>pr-;;C_M4jt_D-DOYWMIjW9RwKpwIV(F*=+ z>0H#`NZ98(<;<_1doc>h?2iuKd6XLG^<3vxGWY}<_Mf+7EBp7SN1gRIwTzO`m+18B zN+AEeQvLEHq-Jh<9*1*9b!Pw_7n|tkNd}?tR#`-im~&>y@)!3hO!=J+o7_KO z-{}S+?DOtxm2U$RmA6ff!sC7C1*1~+%-)k)I8$HB?S_YHY+w$Dx~8}M5z{u64ed2Q zUgE01=;xSI9aT*cKIp9es-xDKMw%Q-(~8^nytt@!%Hn~6yODK@ zO0g9XE#4!IiEF6iLRPwY_(7|6>CZB!DrS9Mhz+VAsn-UbF$!u+txQ4!iuWW*NAJBO z2O{?eE&gj3nt@+Sz2tvUPxpiz?Pa0(0B0U(zzfn6*cF@@r$e1={`a&~jIJBo9C zct4g4Ed&tIVw$rPHL)+&+rWhXFoB@;1MgR%f$0n1?<+4#+!8$_0ueZYA?Rl#{!vt8 z|7@)SrFqtyc^1~Q#=Q#zo=3Z4gVc-8PI~WjzatD$wK*K`{q}zjqWTlWvhhf8E^*PG zmwr@jNZ=nm=@-`Np8A-sg8pdCo&Do8(%XL;-^#83n2VXS5&%!~vlBPF(uKwv$E!>=mR(Vju>7NlXW(HlpEwu0BzTwp-rNR0>s4PY zd-ZL2aM?{FYT1HyE6GRE;kRFI-%WAF{mw7oghQe35dBJFs7M5S#~}rP+^C{B=?buq zt$(v=-6=dNHc%N&Bp&O21Z2InyOIm}=`m^YRd* z4w3CfMHwoksRKK-TTx_;#>^wDGI5$VqFd0L&I)e`8|WN!)m>&O*>-s_Dm*hy7B_%j z301%)wRQl+;$njVhh>Z=^E?xOa9DbVv|_Y0kqqE+s-+1)Fla+6Imhy%xD##*nn9@u zl_K?-zSJU?Bpo@+%TQy9Fxn6pE_oLYtu0%Z_dbbgRg zRq2~*t^lwJJA)RXMB|j5f2en-?7!C@O?~A)3dWIOrEH~%57QHF$A*euUAMdKg{ls! z)X!0sxAMq@rdn&65-yQ0MZ`-VAagq)@Ql+cRiidEQZ5W|S0g3*^;pN=$TAH)L= zd58J3s+-Yi7OiPZ|Ku{a@XR(>(f|CW3MmZ^dS4Pl!WtF;334noT?*MH0^+;Jv!+2+ zaDB2PJpp@KAE4Vteqdevy%E~t&_5wf#u%F{rZO^GYDav&;%tGDn;*~6XX+FoEGELv zLb;mGQkq<;^kb}V`M}qMcNwH`juKGBRJgaU@A@L!A}&wfA&~b-Y1+Th%WWHoBW6Sb z(BSm2PiK&?;FBu06=XN~_cT${+NZD_e_tcQNdQvrQ4Mrt{H+W{?`>m~y&qoQf}oU1=pBZJQ=s{=@PsVjV1X%v1W6?~ zH>}G>5}yqrhr#K3x|xp=pNz@aK{h?F9NS~${aLiDqeuto9g7gw>ZIA>_zQB8wIjF$ z%HK|r(rT5Jx>K|cT4p_e(nj<`=m=*PjK{{j!$Px?z-U%^e5n0ECo%Tc0s}3IXArgh zyqgTWCOST!G3q#4y)a%X5?w-(C$U0a%PkSxa(h+kq3W{{P%zj%&2TCDsc#$mO+C5& z2MdI7k9hA!hRD&i6~G9;6%`<^4^J1IT0zk3`4wUqu8>d*>cwEL!3Ao=(jmlF)Id|IA0H}q=moWe znp8V)4bv4#nh*{(alu&#t}^ZjVC|_pNdYk@*$}p{kKX(`PXtUWE<=V zVRS3-!Nc%(ixssM3{otb7w1zUM8G!`gb(Oph|mO6=UI*Eukd!*;u<592c3we8&hyE z@~`g^NBB4#Ae;M<_@9H~F$h>eAz}SxB<~>EcMjetZrTf>j((Ch+Cw^58^`lB=K$8Q zDUhLtLFxvk2Do~(b2@0YPC1VidCNQx#|zWZn9VVoUqhOceJAKl#~;YyVPx1o4#Apt zAH#Dh92S;@yv+2*9}HeI+$6=wYn>y0P+dm+@K&R2UgOu&8KwH?0;Xcb?4?Te!D>7O zdAXjLAme&ES^kHpLi=fYJ`eS{KnxV|g?z0dMnW~~*+|eQz9n>mX}7VGc8t3>>(Z#R zeP>Pk5#4_fXd;|z0~;gJ<+up>IaiWWO3SqpNZbDM3B*4Or*AOAF0%q7(7L;15JvQ? z0=SNS#{+`NA14buJS7g7y>x`W4ouK%S+>VLw{6rO6&lzsU33Qq%gqeDsVm+(u4DHB9 zUw{vgMnEz~`E0rr%Lt42-|y(k)tnfkd%nR)LN?|xXYp|6&3M*Z|8AVFbT7>N_43^$ z0^%~a9ad?ky0b`b9Y_HIAx{}#9e5VZ!0}s+yYDK8(o{XeZ!|tQ+&317phoB8OG`~R z;|A!3z2D_gVpjMJ`M~hrGl`g4H%XhtTv>BtRdFzB(IAN#oF`?mi2>7k$I=Am$SMUv zz(E|0X4uMfjc6bkek~WhK=6a;UKS-`-^XaNA02>RdKj()Jen4WCrOs39d$g7h+Z%O z>&%dZn5H8!<~NBCx7_vb8dT!GLYNY*_M95AJv$IyFSQVsH5iu8WMSAYU*>vXa^BVn zc$X#rWQNERWy0W>pJ1r2SyZws0P8!HNzx{anh?wwhfBMN~? z6X-WFTGv0BF(I?Ml*$zP1Cfl=2hHNDuq#=A*SEjM98uLn4W?T+4l~k1Zw4eTo2q9k z-!9~Gg>5aAOAsiD;uF;7FzuT|{XYJA69ewA)Pg;>{`ofN&QIR>2Mvauw~y=TFD|Hf zN_>$=b^qyV8Kcgm{D_;T2pJJwu)T)RIq7~=i2;#5pI`(=?=Ops5Sz13rGK_Zi)R4D zUgufJd5Mu@-Ud1j;Ht&CcMKZO*Hca46Kh^}f*SM@O6qs1{Is^F_Q0KKRI*B#sC z@{LRNtpWu8)f&CD53nc<^X(v&;arCE^#r&%O8$RnF7%?66sLq_`}A1Urgpu+WhMR_F&?7P$0g4zb}pY5h9lV5 znjQmMXl}Jzi7iQQs5Q%fi%sX}`%lNpb^dLQMXhf~ujb`qlE!2Z!p8b2$Z&R_ z2%0HQg=Fsx6%rPELzXm;i}l8n3?%Zyrk|44oDjg9H&zzr*{-yXT(j+IR|B163J(k} zFWjL((pGU!(@XJsW%p(AVAH~Qy6`s5A3xb%kJe_B1#*6D6q~b8aXSKUsAME4O62t) zmGu4!O=6kVFv}F;f_EXqT(L^V_ITAzuA-$9!IZ3I!0$9#%+t zK_s(?E@gVFPWdjlvzZzPM$GusyHgCcoWH<4r#(=-D){w9mh5S=&3sV7L-3Z>7&sq; z5o2)33n$uSam^b6WV{Zk;>I&sf|6Y^LBkE}|dG-SAX@aj}M4&L$ z50vhxUMaZvIL^+pVQpkk>h;Gd@sx8o5%r_Pw&fh7h4@B9eKLzYXEE z>KH9mvRNc;#7O|fa*FXIe~0ah1M!3NA`&^tRT>e|1L+;v-Ln*;>|%=>{&;(^4!EVi zZ>&X>U+l$T1IJ)pJlN!$ylQL9Z^E30dXn&;p}0QSp-#L2I?8eN(I?_4x)#pv>V}%2 z4;)3L5#mzdLbdEZ#r3MneU!8pUyr+Q=lL1_3j@RTk<(vB!}>*qLNMduWgBg)J@rp) z)4%e&XIxqc=TgPi-tc}CUy*+aiQwIti#<>%Qu;AiFJoR+(UjgERHw;~ zp!+NW{Hp=KfFR0Zc%{dV$`s00ag7SK(_m$`V!{4FDRKl@eyxF_&>?E{fCHpDEDr?v z4W1kILQn=Y_Pr6m@CjV}dQ+WJU>p2|hk%Aq6$2LU6iT?U2szUPt&2;7ToT~gqroo- zP?8P1!z(c)2VE18^hT~J5N^q!$Pk{#B^0iJ9XiL&;TPM(;SQ6EyJ-PcX}0A;b&(AO zY~44Ul)WUFZDo?{zQq2Ptt5%GW>&ecD|CCP(S)3Us!7GT~Om(icO!Xm-uldWnj+qzA(M(};}nETi=|!B4|D z&rvMJFG+vl&++Zhksr2sWLo@|@&hT!H_P6Yd~%85%rO=iyw=~jUMXStasa1^V3uoU zV|e;P3l-W|1FB|wp)>fr$aXEie}JK$lID~xa0bB}X(zSllX+@y`$9f7g|Y=~Y?TG8 z|9G}zr3}lrsi6ob{9_EZqz3B(c($4Uz+YY3HfI0LG(N9yp$ z?CDwA3X+g!Mu^a)>+aqPSA~4~rnVc5ODcQrE1c^0(3X9`Y-xrA zRP{WxM7Qf1gtCF2#xD_5JE5iGGV*`~6=C9lL^sef`B*A8&N08A{sB*(@!Z32lTnI<@Yl^Yq8V%-- zJ|g=M{=B8l*_4T(DF-(JFbNA`g@=nyZ!(~BEiKU&eLh_x?u{D(?R`DrKurU3<{xL& z5fG~MHDps|ftC8Dd-2nnufAy_NU@U*dQ>N*85d;Gi|?`BoCZ-mc_u)=dGaKZqhd`v zKM&W6jc) z>10%JQpQ9HYGH)%u&Q@5t9d0yxZ5&D?IP6{fUPL1V!nwEs= zxdfaF>T)2?5hlm3V>Z3eU7AgOEZ%_L8mnUME=otX&-_PudUy;M>nXO<^3xP=Z$9$r z*cqBM<+|D!tsv+IH|ksyy`4in>qX;~kHCNaXBIh3@{okwX^Txw8xR?gN(_W9)4`qMwz6TQZ)R$vB z=mbXO*^=|ACh5v{^R>_vuow}DCiT$((cBr69V486q83N7T$aj_Z(l>6)R*#BkR}Wx z;vM0=blNCe21fo!^+-`NfxkuDPzyH}l%gLSpohKn>!UIfhz4XE|9ne&%Sw06U!kk< zJU(<~2=a2Z7g`cSL~taI_e>HZpbA$CL3&+J#;-}nZSAzL0dGvC4`$9Kn;{!S5rrJp zXn02;x&Y`{C}z4-16mb%JQR3s+_QfqK+2_?;^-srs*Q(Sj5^1oOl&R>Xt4e3h@*_D zf{H%j{F5A-TYnYSPDiVQ5yDr2Zx;&l((Qx~E0dok+6WH5FCe`VF7G<{-J8X$Oq-3` z8@upAcKaY9yC~$wqg9-UVqN1MWUvlFJruX9WnY8TBRT4QFeGPh!g~DSPyC6Xr6;z; zAqmtcQ%vnvAIg7>B{Lxab@f&7zna!N zVzK^Zaq-?qb=HbU7Mrw4$YVO|oI$@iB%Ah}#OByUd=muU>;h2CKVi6m)6{*5ZhY}yHX?;w#wM66M%hGEEG zj@hBtZ@HjJ^=7v^gUV#VA>mMgrf3pQ%>2x^`1T}=B`ys&{9T3xFwTReeS)Zyg5sZWG+9}Tw#o%3Vs%XLd$~{tSA4{gcj>8`fej9J zr4?FF@^)#)3Di7M1!J2>;|#&rUnm0;YQ$oV-cA*XjK_s|Oe!k7QwCEA(48eUy=F15 zo~2zAPZzUpn*USoEBE}Uegnc%!cY2LQDznWV^gr=x#XEmC6_I%&B!QhmA3nDiQDVg z-ABb3IWil182(N$u6Ya{aH@Hw;3jD{5QK)y4pVJLe z%RYlxtahH8Fy0kGkJfHPpGfr246J$sGr>+%y^DcPeUHxTmtRku^73t0aCt-ug|)QO z%o66D#)5+xtWULI-+w`mY&pI)d?orCnfRKt@l*3=o{I3pRm6s3>I4V%!jh!|m2}>z zl$fy+d@1jb_h-+vEC*vq^yXaptH;wzr@eTADGuB}?zLr{nXn!T4da$R=CZkp@O~Pj zCD!?6@`XAHBXggr5i1}tPgy#5@L>lRh2_ip57)Fk$=7BZ>2Rfcslle_;cDo6;zgt{ zjYS#SMW(n>Va4UJ8F+*Fsz49hOU9qx&}g^t;w_s*WtmlgK9y4ry`yHXIJwquYZ!E8S4scBsL7 zykn)NR_Lti7gUx_wMw!3CQn?IT{M3G!QHp^tVN8^TJC+RkXDj`D5wy`m~v$lQf1BKWo92`Y!nwN=%~Jav@NAoyiYayp3+N+$f-pIUo1M*CvnE+RFWto z*m!wGOI_E6hbVjXGD2fSxe56H<{`UpTlXrR!?}8*1C1S-B4ott0GWz)giK#uLL@2Bg@G0g1duCH|pcb{oY4%Tdl%L&}~z zf_01;r|XmrqS0D%6iLx|zS}rG9rn+yLAKEmyMhQp@P!IO%5r-SiE2N;A;;dbY*3%Z z)*fg1mBkg-tC+Z(R;|0CJZy4!6;`B<`@z>U9xqr_hMu##o{kNOXbns8RTc)a=N??Y z&n_{P4JR9@E1$mqbl7HB>AQZnW5BpqVH~IVr0crEyuyKX-M*3+ghO}Y2K=fX5Ve=A zHkDVAU>UqWqbGMt^39s5Krl(!J7oMtG(I63pXSV!3A4qrY@$%c(#b7#f`A!G2Vpn zq_mPhcq)5e+)~)^PSRGt3vE@^{dGjfP{C4K`)F-%86PYr*);dN*?*pEoqB8xG{?j+KAYVVP;cO)Gr1T)V@|!-hnr$=_#WBT`!) zeb{iBzY6iRJnVMYU)vBW4^b()U%7aYHv0LK>YBBcmYi#Tk35}*##r@a&T$_`?yg(M z)ZaVezPr42u`oEaLXW1&eTj&UTdVngKSQ!L46Zp-^HngwTLs}MB{D~b89^LA#qxF! zuNN{Y?K}t_HFT8uy7l8PZRvrwG@Soe`FBsWi*rj=RG!LN3eT)Cl#axV@G zKdY0SM+xk|E=v2}JHNN`u&^xU7?HTD=e1UKdvFc7_2jREKWS(!VSKPu*zCJpKa$I( z>S()X&h@mabgMaX6S@yjnYyl+Qzxt}Fc#bSI?mKhVC`oz<0&6>2fX~rLHl|j2X4m5>7b;p0_lQk?x8p<*Hl<-4oGY$SC5;l-O0OO*{Y9!O|P!0o3&-#C75s+v?9 zL1cxE9x`aNIqcq$8)D+Cd7))joPxIeJ2uYx)HVv4y+e)Z8h{h06Q3TCtDF3xI%&Xy zz96c_K!BwqIIn?;jv8tCYKgGRBV=M)iQ2Ym8;JpOKl zDg$B_CGPoGvVkLgOkDr6vuuQ_xA8iaJZw}Juv|&d^u(4Ot5gtjF{Je1^HE5}qb)l% zIVS`FI?3Twr?t#+w&AWhJdfUH?5mK}27?iy&@R`#sb>DX z)eh7r1w?cNbl{a&m^ohg|CxXQZ)-$!GETrB^uGcMf&&0VbO1(yPK-(nSa1^_GFP%}70=qvH>wE+H$`9J%X z(Ep5Jdm6CX|HD>v=>N8b{r_$MrGRxpk2W6YR zu>rjC5dIgxA7Yi}cNA_M>7Kz#1J2+d{M_?L6#Xp$3 zE%tP7kxPHyS)-C6pxGMQNc<`<3+j0VY&{Y5FJKgUX@#uw+d9Q6;A=^-cCmXP<7gnV z`8V@d0R963Zp<_t#6omfqocClW~+(?Hwh6S^=f#J$85RB9*jc_1j>QB!ZGf+cB)3Y zx_;UvU-xZoNv+3|VRe+Ed!gR_v%G2=V;)+$urUuz_I^eS64;&h>~A;@IySa<-eJUT z^pBADpWo?`dfS@WzX;^}uY+%>~Ih)~g!z@7sjFt{lnchjIzO zpeq@|{VhYj-u1*kXMBr+5txsr?6XmUzHXG$oAyl!KOWmQtJ8DCy=VsFpTecC8^QM+ z!_Y3#vk*e&@HnNlut6UxbRZ4QAY?5q0SPcwdZXLE#9$38pkjIRx8xb5OlW5iySd)y zK|Spuf#*bcg|_i$MM6@ge1-d`6=TwUC%VMMN4qXQx<7WGsPx|bW079*p+5~+WnJH! zFlx*%`~F_d(R9v*s^+HZqNg*FSEWgv2>zceN$txydRk}DvlUFRR}OJx1_YbOy?Slp zB2YDLcfdcaQ|4#(!Rx`l+~HYNT(HYn>N_0tEJm+6a}V@I_ov#^KI}6l5ZctOox;Pw zD6ZRi2A8XPnnmeVoY6zO&GXG2_k8AnUiJApK}W3mY0bBbP`A}n^h)^7>o}iF*U(0l z|B!<0A`T<)v^V!%C6e@2Xa|YTPacPW;uj;(9VZ!9>%(ce5lf~{BtI>ksk->m_Q}MB zNO!<=g%;4sbknP;@0^4`o`d%t{cfKvj_9dt_JR5BKP!^+AQNj?Rnh~(IzdT=V^^%= z=P&CZZ|hXKnoo`6h#P| zzoH(^q#?aFQU=#!-h#5R+`3=OH-!V4aNE;3z+L|~J?d|mX_w6gA`byqXOmo|qQUHj znj2PlwudYIw)on0u(a#cp32zz_75boi<~|(6+sCM`&E(kq4ttq^$|3@y&O(ZrK{)V z5Z5)&U-(rtxQf z51452Qq>I&M{O-ufZ7%QU3u2G;%RryuA%PykKf4F3Bjl3i6f?aoI=68GTS}v~k2X6DoM>k&>99gEt-wNa z#-OL$QRp8LvDA-=FPnHoZCX{bVT0PXnPXIJ?Qg$-46tx+e*_dfr zrF$rG#R*5?0x~Qa17`I6#wi4gF(qZ(+D#%OE%NHWjlL^qvj0&(^X7+HLxy$9 zhy!jIjS^~FAyW02?5s@DN6wx!ih{fxjMpimSUf=~+wWXq`8kcQNKEmC#qJDddYM#f zWvanXEmQ4IV}59WEY!o%lj64+nS5&|++gN$Otx>9Oc(N2eW=^@ucUeS;NPN_zTgc_ zr(lwE zISHhyxQ_$XqJ^h@MU}=Uc3tdnFH*o*AqN96z*khOI>i>q;mRbxo8nopD*AI}?q^lL zdR5pfQwH!xzh``dNnLt^0KeVoM5o*o=S;*96>gVObT8aGrz!58d=D71RFqmEhn5{AVYetN#<-tFqxR7dGL0nZ}i{ijS ztqj7F<%86>wH>p_pJMbYQ!3k7`eFvMl#JWIaYkp@DGooOBt1*%7WLEjzts!bwWZ@? z`1uAeqk}3Lif0r#(fe%-Ra0=^@Me;r914fZ1uA32Q)X?e~c>mZQwIc_$%%LgV17Q5h;N6a;}#87`<$TOW&=~=tlLR z!@YS#SxpHv*RhatVaw%6%&uKK;qD42=NiaWYby*3oo^Oa0k&J;~A)jBdX$l2%yC$p|jyA1?WSL947ovkWT~wN*_|+#> zxgm(&H(%8Dvo6mOp;BQ7t{34yz%x@az>dx`=XiCIJ%&dYdVr0fLV=WLz z_y!g}7xY?-%WzOJoRRh#B_F6aZ52w{>k~t1Kc#{Eo$AD{;TuiSNvL_hd)NR z@J542^Zg|92k`Fmy6YH-uln%t%W8H`_JMJES;dIr&Ys4ffmS2Hfuc^|20TNm9q$`Q z-7s}e-(w_Eii|Pz=?62l=rsx~=hWs*i>qg5(zsg*(lRyA`Zgem03%med4lq{+Zs}T3Brn1;{At}H-0^-srzt5 zz&Y*Q^}Kc0#u`w}^309uotOZlcul6J6g#=B+Ok7uu_woe!9G*%OoyNR0T;`ags>VP znWTE!Pv~ciYse=f=|b<7GQ%8c0G9qby=RxCN=z}3XWm#-V@38IU2uHie-v}&D2z*7 z+{}kM#&pOpO6L&1HA@r5na4MW>ahTnmrii{a6?GMlc1upE*BQDse?i^()38?cMT9A z`+a;?i7{vyX=s2Yp`_HWMulrp3qV)+PKxtZML~`;e<@~r5(LiDWdI@qK2Km=6D3W< zydt?)Y0#6BB(3bw9bJgiu|F56^WDvZqA^mbiy!%U83EaRMhj+uuqUj|mBNKa7~OmX zRYvycQkbdsmad{@!%d3gFD7K{4KM2Kae%3cIcoIbJOCTS7zOv4N;($`3J$5yI^k5y z{fkM!uY!}QlI0_Y-!K#}{CRWn4-fyG3Vfbi<5B!i7#cK0&MCVqJ_oq88`%FW-3YZp z5RDjXe&)r>!=jupK;9A|flCb@YvI*i2G99i%qY+&yj}68=W(LNSr&Yrk;y<6RKr9ZLN8DhZPossA5n z4P=k9eQAb?(Pl^pJn~H8JAb4RT))^G#%d&u0b^{5TdPa1rXES4SZ3r_P}<8^=rCF=-P*>-Rbxf-uU5BDRV3mnETpRQ3&Yslr}R^g6@?c zbsEJEf2sa!)kWpvTR^#~Yon0M(N|ay8G@0OcOU<{UongEL8>|oea9BG5tuD7{}zPm zAXG0}VH=5KLkB(RPtsD59_PnAB1AA`^9aj$U0r?U3h!Ijd$b7w%Fl~`xjN~>aZp?V zz2SGxXYxc>xQKlAKn?bQTg$ni;j7{_jCM)8meIXx}g{eksUt%B$+iZFJN;h0G(`SI}ERb zL=B)4REYsA1ss>LqU;@+M?(L;5!61&0D+~$W4diqre)B7t3r@)g8M$Qd%XcT7)NnK zOibl9E<>rM9`h63a3}f(dDu=SxygNPLfeuGhJ_hh(g>ili0~yV0{G;B+VWZzbM9c} zZm6v7>KXtAKWR-AFvZ6w>o#6MNJF=J}U!y1vxxiG2hsJ#36=$H8(O6VM zrw3^e3)lBSr0o|iCK~qWw`=0E5PX#R8odTSPo@msVzD9(x%9Q9UxE!(0 zs8IFf2ea%H2}Dj-KOoI|xkFKz95)Tnb0%7U5sE;Lu{Z$=hWwm*9leZ%^*x=N_O z0I)9l{j|DA(rScfa}7EksMmDPx$Wv$bmgT1dxar6PyvCwh10CXkVgAFcFuFsQoE6Ok2Hv-%2b@Wh$F=h>6H`i~0 z2Nm#KJCeD+2Jix{5H0PKgOD34paY-i3SEQSsod8JVMQNNtoT|dLr(=wkU6*Go${~} zPp4k|?G*^dbY?T@S#{gNZit;y3U<1vFh3DYu6pDfbr=mq929I z_Cns2z`?}fh$Wo)k&0)_a4)K+NTF*m0>v*hw-JqEz_IqHcxxa+06IDce$AcP{l*J% zfbTo_7&MbCW?p1M$fjCW1II`eix^t)9b^`#H8rH{hCTNcB>J-`|F&?oAdf5d9Q#CV z+;=+tO9@FgpYfCKU}hL=jBm?LbkDPmK=iB6Y97Nt$p+mL@1{t@k@FP}aXrtt|dGmW`Pk2nN z5O|7+{pDkvNfdT9V~>7drU7G>#-mGxO-yu%W*96!ym;03x&| zzJ5NUp|0^@+IamqfzP|Z5I({17fG8q4Yy{raKJTGaiY*{KQYja5`X-U4O_gfZ7dB` zYv>sw=aq1Ru6s=m;l3W1K5$R0yv+T@W4Y{nvJd=AR&>=Bq;nq*B8abe>1 zs@yRPt*M;|vT)-*xeVA6o>_z2ltkmb?M`=PdnSZ~G;@!WAosN%X~`bzKXD*Hk#t0_ zp!A`m{o58S?=$krMS3O$BFP|Rcav%{q60wd*ou%5k>n>0biZUVS3LhdhzUB)JEHpez@@94vZ>Ozcu zVYts*Hr3nxy~M5K-%kHAOm6I%P=sJ#3D)w<>cSBi4gOg$b(5MApm3m^@hgd!Svgoe z+-VYM9tRBvZf*o4K`iVSKG`HEHSS=(T!y?g{tUKH#sq*jfWkW|Ek(?ES#k+=P$k-b z{hkA1BiEg>R$R4Bs`Ih`WoO<8?w`L7?Bd1aW87Li9HYqFUEMuR!Zo^tYr~w!Nwm@X z=-sTvRx7!3DpWIo|K7{Drm<;Su75|5y0}YFSaQf+eI2E>PV+BAXV#e3Qb^)Z^4}Tk zdz#Brz89mUrUiIKlb%oL$?e^T7Ct2lw_u6sadH(&Pd17vc)(pe5fOMG0+C5DLWS zzafo7?K-y+^KPPTS)rq@16#k0FiJD9Qv!G3`for|754IC;7*1AzrdC=>Zc)72_pto zB=DX<=}7NE*k)k}-EbC55C9W86)rvG-(J{Z<7k~f5p2Dg3GshAF`0P@!2f_L7HBBd z$p#8tTWPwSYfqcPzLz3At@IflXzx>;J4?xS2&{o6_AsSZzq!{QEA3oi@vOO1A1zek zhkF`Zn-wTMBA#{K}?QkRyb%Qx$}!14Hk}y4xqjs)X*W&wRa7(Nim^#@d?y z=N0?mRbMC}^6dO_88QEw`fk$VuT_*UNx*k@9;{e3Etsx5%r@gPlK>E?{k1`ep#+?v-FGcuE3g&k>q&G(76@W! zH~a|X2@_#N2!goPiJa#CYWKgxsIPbNf29J0c!;s`py~go3-1WaxvSc}p4_JD1Hz}VndpZ#0R8&y^-d}9(Hb!Ytf+{Vk?U-)Pd zw-O1?lgVq#{+X|E{e8N6%+{}_-3q+udU{6vFOvRHMhN{6KUvR=CORC>An@tUx5}xY zLTJ}tuON$0S#fo@FHJwOzf<|`v<$AT4ih}7tPZ<$N-#?hF50Vi2FQ03rkHXIJo{j# zq1=rT)GjeW=(*`PB&4&{oRus7BEj!qiQZR*i#t_633vweEG$2%4R&ON9;i03p0+Qp3&t7^zYoEnK%?B;*%#^)*G!p!Kkw0m%U zPf#JSl^2P}(p3?|ZjvHi!!<5m{56%(;WMha7LJwMRe_E_n+2a*#2?;aiL?EsU*|O# z`BP&?`z@MSk9i$e=Wg){HiH<~R)2<5RNKE!in7hWuJGuhci`4k4mhI^?R2NI8jc_w%MJn|4`TCm@ZBh_{gEve$(z6U}QFede@w9h45O0!n3~TQjTyEu9~kX z9W`BBq|+uDk%gIk*fi#w6B0{K8fP7p>g?+hRzL6{bA6g$|(c}%L4C!J%(m;}J z=dBp#?d{OW3H{r5NG|t-Bl)$OieFesD=MRx@=&-d-O25ZTj?DC_$t6>m5W9xSV$rH z9a4J<7xqs}^VO85Q3F5TCQrxhYT#ffCm*p^v7s($+Q=0$xw#&Oztzgdua%kQl?8L` zn;U*Asj_dV))*>^Ccbv3RZ=pxo-Mz^skR?y0A$Z*RH#yC%%%C|UN`Z%XsR|hP8R<< z*c>TOcJ~0|&+al^r{vB0&_EQdKZ|o5P1h1QjhKs3VD+f+8nbqCXr{mYa7{=coMNY> z>vGaUA2s+<58~EQ)>9rw{WV_DG=LK+t3JsBVWfo&{34I3$Iq|2Eh5{bSvgUcz+LZt zj)vLXU(=11{C@$jKv2Kx{j?4`vj#$?FisU#yAT=(;}8}wLyNz`5n)N0n}9lrLTNku zU{hFxUF)z@z>2yEYeI%BeqNoaR5hTDW71S<)HHt1W#&-O$-(VPbj^4kVq-@R++;+$Sa4FaY_Wt&N& zg$6y$no6T_RLJyT;jT#$1#4g@{8kASilUdicm0e`v?8}+Y)~Ji2OCSv)P`s$d0P2( znEgy+kqoh5JxpP+&LB8?))YJ!V;U@YtDvgrx-!%?4sRo!taIEQr6d^|z@Vww0;=>7 z7k+WPwe5=+4H!fKoqYjZre`o)J~9l;;e z-HKkCC7OoV4?{^&O^40K48ysdAJs~(i5~WB5wkek`hj}J5U~ROqa5(3&@^*B=YSdi zKmk|baClm#jRZXVL~M7|K*X4Jg8Z~oH=8gSp+g7yOXm@smWLJGhpE{lX~1MV&3P8a z!4LtEvME6o%fX0jKKRv)U8{thf?2w5r+_u~tkasIr3r=nSfaDVtaBOLs7EyH50K=# z^JXRse77169$xU)9*tO3HcW$AmNYuvqb$rx6Vr7osY+T_hX?Zkl;4k|S*Ag>0Uc^L zm2mU0V*k`;umo;Gwu5=X+UMY?%KL=mt}GVVwK#~k(X5@%RWXoXe$pxp(>M&{go_Po zq4Tv8295>Lct-@hhEmmtk?F=pr3=;Tx&}VY;5Z$nXXT^OA>G;-$GU+FgR>(DayY=V z9@Zd$)_2&0aM%F<%W*=rZagNsp)5@}=(ysWkA5)TW->;7GMO4M2ANuYrL3PlBC{T% zOG)T32+Nj>$d<6#(Nf43x`(a7kgfg@30SCV_GoUQgaih0o-jZYnk^mBrAR zr0$%mU?WZsL`4}NW6-P}2w1ui>`dNL5QRI8G(_eBC#=870q1YhWAPa*T6`WM|7I@F zZz|yPS1Y|X+h6`=Jbn&XEC*l_`}8UF=CNMP%o*P(H-Wi|89K*}5M=4%Q7)Z{`wos2 z64*rPsio=msVSPE=ebZbBsCZlWEMQsr8(F$0p}s0Z-)Z?gsQ1W^YfY>&%*5{D$M@@ zjbM|cwCqTyG^GmDWmfsT5pas;pDrQjl0uU$^h#{9-jD}Dpp6_hbO{QSM8}YtV535~ zu8KBDs$+U3eYz4F=|-j&^_$o%+Q>(kQ==R%c;*JA*%yA@?mJ88K-Whj z4wE~2I{rsj%v^iwnl3}O#pt}l^^G*>o;DD0$dx+;ss@*+nkDnyz72=i^mJVWx=ujc zWbky#0so(!bKQ{?N1`x;?JbmP?qDO?2Ej@r&8px3`SzSJd8^49?d{KYSE)NQNsKWz z=`T)17`_BpAWBAlqWe6SCb0dJYnwb0Or1j)@{WKdfbp2o(-Q0${8aU6Vwa+Gq=Itu zO3xP#(Vl+3r*r&I6!7(n|DUJ+cV)jk`1+ZbZ)*K?ve(V8T6F#O{y+84cMSMj0sm_N zw(I4xURLu3fcY|~1+(NVsWzA|iJxZxOZ4wZEa|4JOXcecI149V5*s^c7dQbwDd1kH z)==9K0-#h~?I$>J^JbJ*DVbKL_0BJ7MRPL}!vnxJ#o~V5Ts>5&7>Mm_j^9osIj~`Q z0J%E=KSd>t01I7hj%0ujo&>lF(uOilQ=HFkA&Dqva2+H@g6MWv5(79)yngECDY8ro zsyi=&0M=+|Q6=)I+WpmR-msofO_xXJbL023jyWo+!<0O?_J>+hNVDFP9egJyk?AF8 zdXCpt4(m};-EHTT0o<=gPKJ_8?@{v;fTfE@4kj+<*yLj8N1jwK0M3Knwxdy zeJQ!@xc6DU+REhb)W5IX#_);6%DgMqH%}XN@xCsjzFpAYG2mZO0sjXvV0#e)+qVGL z)v)>GJjK_btnT8hr&uVR0etuVDvLt+yNqUz@l2DZuuVR#n6 zl-it_JNiW#1pwDlky~dC*{-xblA3%SXG&5Z2(k3{>eq|igs|hJ6Z^EZ4`N&{l_D}9tFmBbTLqsMl?Y+Fn*o@><7(@ zuxw+Kc*Y0;s?Mk`I;eo5#4elTVq!4t&oc%raru?51zqJTa0**Uzs5_ay6AR@X?1L+ z(iy-L`l5i8uZja@+^iQ|k3lPzYL^OVBuuVBYbIBIE8x2V#!c=wyrljsZ?QStkYU-S zN#2(*{H1sKownZ6>sQM@y#iS(sbhE|aN3KvRZmCr9Rq$VwiCb_Fu@c$oi1o~Q@{uAhtj*m zbRqz70zHSUlV;2t+X-N5#+~avp=zJk0e9;n$M2MexU~pi5Fo~>WEF<0OJOR9jEg)) zD5M42PTY(S1! zL5{n6oHgf2RXQa!#lR9EI;;TLGqX4Ym<9;|ygQG|x0#^T^te(13xI7r*r*VDz3u1) z0vH62nA7AJ)dI!*oo;$xa~*~*Xu!?a`++kQY1E_aN~5`TN6Bx|r9P`mJM!xjz}SL` z(gV8-TGzxQ16T(Dc=C(5uq|U#Z63ZOyP$i_6v;!84z3qBac^BPXh_b227ft~xC~%c zp~?8NkJ2LM({(9&#?c=xXv%d0xZNY`o~uRf0RgbL%ohWIXSy~NSgwD%XGH&}G2n() z=5Ou<@JYmZ`5@sM`S*c4F$36)zqy6)otw;K|3^JFA5H$)JY1yb#;wjh-S=lj{F}c$ zR56zsI((}Acz@R7N3-pa!1M6xd&Qn@ZSG`m?x$(wza03{{AvoAKWtj3jsS*LtIjoh z@|O#m>c{#IS(eFn6w%LxDp|azFjL%*{{H(J0IWtT;88s%VU2D$L$F({sbc|P&h@am(hQZ#7dK;o~)O0_H4y2QUe4L5l}~hm|2x=sv1XdWy53w@CON z^RR*fmest~5O2}tDYm-muYU$G6!0xr+_{=YM(jYZ(K8|( zCfb7#39}@|6^A?!(7HKNuSC1;9%Nuz~{Crvm0+GopLCphW>|wCkx~B^L}Z z#n9_d03I32pbL6QlgJZDiZr0Q@ms z)`Oq$Q?XJ$A2xfGv-aVe=11%@_T1pU4B)%lx!5o6l+i{GHb<~Hy0{lIvSA90<%d0w zJKy$r2khAf*>`I{DpWsZnD{vc{x$~u!~OB~gbeV;KQe&vZob*~YXG=X$GRRbw)ZXD z21J2q(mF5+%S}S&J}Y1|M$E)Dru6e6REGre&J><0E+U_Kj84x0?&aZ=-BS!WPun$$ z&MT#6kVvkU)FW21d(gmo#(;Nb5Na(+SUIkF-Ch7(<+LNMEP%n>BfS0zz-5_|R(Y|l zr(#dHN%}){AEVYjz^z$d9LF z1mDyWe5LU-3wDzi1uO$v3sN&h^IcF%PX z{JSMhMScIa?b{Q;cWw@T^TFIog0!sD_s`FYu*%>4UJsU+E~AF z-oy+!Um*Y5=rLz9Ay!MiOt=8Ry8w8Re4n~3>obuG_fgF}pYGv;-glISL{3WQcy9gda1Lm*>k?s=$;WQ(LeBd?($plQH1j2uo;nf-aS_c16f< z+Y5ll)aa2_YgCl;q{@vs)@^h<j~19#d+OJX*qoE<*_7*J`Q zP^VE4&*;_$M@jP6R_AnI8XxQl0C*2o!GyN+iP%kKu6O`J8_8s29r7q@wXL#dm!ZUmo0T1=mC@WFHJQ|B(Dl^Ae{!>QmV*X`K{U9;rAL{zeNFquD&RFk6q z_}I6Wjrk{gXT#j4j)h@rNr7=>fsv4yB8d^rCQUd0|M%^A1-7x9GZQR3iQbF)Q|1BB0A??q&df9ZczU6e^l(?r zb>h|lmN<0ri4crU=ncBgJio;FgSMg%zCLbj{3r_eyt=fbADwrOl%KZVr7^UX$*w!F z^ISkH3ijKrvy008kjdG+gLaD-dei#D@*JGfD zs241BM7#-Ip$G4RCCP|fqa8X)o-j&A(TGS&B?}C_9|D<1vNPp}G05aXuyXK&^Pk;_i{Ra8i0s^Mex1lb~BSH$oIU=3ePzWUQgu4h@&<6#T~Nyj*mCL>)|r4Z^Y z;3b-l!KzB(xVj{FqnnRUL*JslAS|nl<^!$s`Jdp3m?Bw;&~#~Vy5VUzv4#SUl1@pt z`GBth+*&_qI-6xX?!%-Hau^5gZ6jAcVBe?MVhWl7d_ZQtvn`>|PE!*s3DES#(c1ZA zIogDrZB;7z`GuiD5SBDCEu+?>CwKy<1q#W~aCDZZsaJ6<^}fOFz@>YGD7w9NZn&R&IVR`2w%Jvt!}N)P@NDQ3-8N0WcJFfA9;L3( z1qK@ok*XW>;Pb>UOre2xJa-pB>TCg;nFC$P&1^)DiarNmV_OY>t}(m0pGMbty_+L( z18ICl#^{RmsA|QVDHn#uZXj={$?c?W2{>BM!AJL+>_RRtbv{6>HQ8(1%|>8rRAOB0 z;1&L8MAeMMo5tMFJBU$)0WGojv=ej~=aY1A3hIB#m6LNH@WduJDc+_gS5|KG)HV(d zUL#hS+A58Msq`E`McUDYrfp^gjA&+!3X`;>h_+_AkwL-BRu`B--s#+1bwA+r?Xnkm z2Q!scRgtTa^>pBJyJoIG$@B3uZMS?e^LOO9I<8W~`Wg{o!S%bLCrIb123q4Rr5;a@ z?2{ivk1AinC zeTUTTp)5yNGGU0!%6Z$D%1&h$>Bdrwwh?OF)0b72DTv07C;x8mC(%UAba(rqtR#Wj zYQ{_DCv|{)6@zUVD&QFlhjbvYlkgtcl>$EGe6$YR=lPl@#-28%tBrauxA`CG0$yiO zt2Y%e-BsVg9sKl2uOGf43g?+!1K2)`2^+D;O6E2%@q4u!Nf6VY`{(?@wtNr;{H7|t z^aH=EJHBJ*?4LcqJgt^TA6#m@@SBJ1ogOWC3L0|7x{sA9?A=3k(<&F8d8P6U`$cnh zTJy_;7p`ot&i+aMD>E*`Tpsqfew4#&`^e9G!2ZIix!s2I+kpVm{*{s2xh0JunA z)v6AzR3l_>OE^7R4Fw&wNWPb~Z0sP*V0%G49LK}x4<~nSXIn%$(1??r4LMjOASp{4 z*#*dGx)UG(Gh>Y;vwR~YY`apxgm6N489a$&^hL(?W%7;s1O>C+R=~=BuY|1rO@yV_ zOo|svdX`@USZe!xpUdc{hsT{%;Vat(kND}A_@mxDz<(%!|4+{Ye&zZ*$L##>eMPFv zxZBS9wtTdo@&BxV``K-3Vg~?cP}WTcpYIyLN61+CfElUJ&U7XaKSu;%6?Ont{Q&o_ zAcjgnHG!n{oQ9NabK-Btt{QAng5W0r;{!X@5WkXGUdlxQi&9X(Oa;H#d;&03H(bNE zIOf*nKmcx{HJ>0&_-!9B5fovRL|OdfjFtZB2Ecg=I{tX1zYF)!bWP_T9tpxI6{|vg z`nLU|KDGj`&IOO=4A=}{&dzDzv$)}l#JmzboL{M<^)}1%-&gYItlIGZeKLJN?G3x` zqq@l0Q%`&)x>uwA)apuFueBb(7;|}#SMPkZ>h!udex*P8YH0rRxU2o<*D{f>`sLTN z2sc{#%2a-51O;5a$jZYF0J(?p9;vLLdmYXB3s z6ZLrnbpc>tn^bYXpg1ewxuY4tO2^~TUI1LS+DG$#iR*u&3;6Ov{Xzjhi;DtgOppRz z0BnCS#s$kDt_l-K1d{^Jr}1B6w*a_OUCQ3zZTY|o_|}Tv{Qiojg_)*qOF-Y2Pp5$Y zf)DtJa4N-gY}o7r_O7g|k`Q_gV32tr024XqsSW^G&FHorIBvBP!5xGWeVon!9v$&g zFLTg?MX^^*B_kaAMgf;Hc}!)Oa#6rCXFln{AI^EeizhiY@BxpuKH3QeVhUQ8g10s+ z@Q>^T{*?m$UNO-2j^j05!Dk;Z;{@OeC3Ll)(}iE0zbo9+JW0gQ044-a@oxJ~{ecSj zclm(-uASw);#+{hwrmRc=O}3Bk3yEg_oRRglbAl1(%eo#ql&YS-Uv11Y#~KTcl0%V zezc?QN%RKlP3Q>EttL5r@d1}bn2Sn_qZ=0m+mL8&h?%M^2%#cJK_f(K%Gg~LFrE`p zpgQTv;Iss8wWQCb=`F#rbujB!n z{ZL>9F+A3#azxA4?WdmrT#Z>WQOZYqu(?{Quwgx+M zU607we?uHjD!b_GaA@ndgj-CWG~jP|#yF_gMSGaMUIhcX@9J?I5;mg|FKGdOyXFfT z_wcf8a&m<(u}13@%MIEQ$qdS?{PAy;DERK0?}Q{jOSme3Fwl=t1OD0Bpf}Zd4cL<> zPmj=m_iey|vUnKCag_Edm7@e?gkT^5LxrBaEZ2J4f9o=E11V~EfywOMRB@-}n$g%R z?ZTX|k$m=3C2+&goKlTrF{Ku^SV#xag&b6X3#a>4WtTt()6~F%+jLX|_gaGXE#Sh{ z{O9?C&a_>z|2PbHCVqJ zfM3xD?8%eYfZu7rZ_KHd_IOS^*UWHj6{dP41cUPt3eyE~8LR^qYQxMXvv(Pp3M1}{ zMJ^9nBgv+~IVC!MTN2PE9XdUI%Lp$eS&nj;nt)e?v86tSDmqzeerZn}XKldKyOrCi zM+lh@XPD#3_S>$9Axi>6B0p8=HDFJkJUvzezGwqJg{bWK`?47|TfVZRaJCnDwwj9x zvv;ZIdGPtH;5Coq6_xa~L3?xd_Ik$wzn_dgs{u2&j2Tb#MRRV1J|}_JekYXT|K-Y^ zhBVzHZfsv8Jbg6{*aNU9PcNqde|gF>g=XR%;-d(P@gT2&*V9{o-*)!_vlC4i9dY;p z+H1g`JbC(!8t}di_{&qGx}6Y($xyWXQ--Uj>*fDaykUkZS|4cL>XKS~3R z&u)VGxF^N~Cr_S!s|LKY4>-ODU;iTx z$9EL9iKA|@*B;qMy{fi*?p(s_8nCBl24HUk_T=dg(}2&LALDCa9Peg*54G_%9XsA% zwiTaCmTl6+uVe*2YZkw*0pqeNKRkO4*pnwuzf}W%unjnV+(d7D<0SMc=*K(N$B)w3 zpWFuQ>E$%wN7;by+-DZi69>-ZWaAsKc^?DhBOak|sAN9Z@N)CkLg>?arM~7*dq+^@ zZVx+4S4F!5TlX-Mk35oFU4cAX-+WX9j&H}%_z~cG&&|(c>;-0|Z?OS;@*41^0UYRY zd(G|}EI)NwAi>S-4{jd&I?el@&J5};#vq%$2X@BI=&rT#`<{fF&Vob6&tXpC#GL+115}@c$!HY*v!$91JZL- zitr~d`B4O6b*I*N%5W@|i4JyO+!L0k{e8fmo>&F`bPbrEERg~L?u-zs z8zDDkvrq779t-D1KJGUD2>^g2x~d(C$mS>#(a2OOn@XZfM#kJB)J}Vv48;Wg4X7#= z1$7DBI7?1B*fwj58HQvHteh^5i%7^DP!8*|hvt=S;)dU)MfQUL>_P~@Q*E;pj-8|< z3zjeXZqeCP)+(UM1uXtia=y7$cuxM1P19EvW-;%w5R2r9=?N)kd4i0GAzEr*de|mS z&I9nm?^5RKH$JV2i_Z~&ZE@tN&j>TxJrdJZhEpqZx4#p_BJQ=%?JWnuP`XhzB({u@ zxqVaqC|M?9$ZI8Zavl-FObIAeaOm(De(JESNk3;90`hEsoz=5UzALl}w0} zbxHw%sS};+Gr{rQKWj{yQ+%7qnlZ>JGKWtS53T;W6$HaR$6RE|Pf+NDTL31ui~s<* zVEA0Z>nT1)0a>Jga>raXK1NeZpl_)CHB1j^pljQP3@SrW2gos`Ei{im>oxiV8gLwE zaemY1T5Nt}IhS+4zjt)Ktt3Cm^!{JA%hGfGz4VEXHQ?}H7@Ga(Nk4h`$r^CVd3rhp zt&@-`81q;?wynXr=+v~;P{WWlzzs;Bt3tLz7^=1%6#y{7h@rN?nVW(oQmeii1W9;P z4uHfqBaC!`5~>=rT5>2_r>1WWjF?ora&y!5Mp2~@+6|Nq-~b^#R6R$HHHwJ9ia0B< zFh~PqW&jEMf(@-2+g?wreG-KwLeT}((`%=h6|E$!ZcGvqQEEG4hnP;{$P5Mdss{ij zx^D+vN}9-8wSCG26d`k0QL7TyR)I%r_rM_xugHL0SDs~3OV=)&q}PBknv1bgx@?S0 zL)BZ}qD}e{#2QEt^hjfg93Ud+5~_r%CKl$_)AKC2-Y-BXsno`HomL^VQ^*u<8;wE)yoK(E zD^5bywMNC6sYBUSMujzSf=^QmI%*W32!hmOZ+T3tMDWTAT^fMgD1!7*hNKz_>MLj* z(Yo$iZPTEY+2t2eJ{|^mjGSyyFwg-gF&SH4d+cw3ehDvGHms5;gm3JE=r?G<-Uj@F zM&Rhk1{|@YnJE8xs?TTpf{y#cp$|_07&Y1v#=NX5&CrdY2oEr#^_+>akwe#0Ry1P+ zn4=G^>C29@ysV6Aw4J9dAb(tS)o8jZ&tzE+Fzz-bW=vS!_EoE5b!d9ibVFnM11O{+ zjKkw$r1gjZO!@&-thO9Y2}~q?R}H2tYdb}qR;4tpWEv`sm@WYxhHfwbQbXAcP-H!g za8)azXhQlDu_3eyR0hLw6;hnum3-L*Wcr~iUchKClou5;~!uNFv2Ij@Ba~B zRpVqbGkbr$d$)Ugr&!8PCS%%7!BQ06kXc-~MHh}JF77duc$rNXO9Vf3f2sh@Xv7&|jxj!;tj#QN%hM!5uVIVKdd-+>D#!k1-n@tB)+C)I7wg@{oFPE~pz^A@$vTtS$s`q5b5-xHop%9a`oR)Z!)x)8ZSzSY{V7 zi7MG15yL{8J>e9?wuyT1Ux6?Ss^{EbJ0Nl#4qhs@E`Gc7X;-n) zj!r6fXmj`+!_*%{!MA7;v>{q#D>9E`Tz5vTOS+*`!uNs+$?oU8W2&;ELGr3c=Vy<} z*yvct$*SK)0lzuy|0M>j|Kjxyy#6);U|c^r2CNQdBpvD-0XMF+HpIyo{9_llVxq44 z5<6wcT^P?cqdK2j)rSk2`D)H@vIPH(wvF*_%o;~+ioYxT)1Y8nSP(Y#0)8{w?g!Hr z4Emaj>cJ1H!Gny=Ww5gwjkD zF3yiA_bUPG;OgQr?xPDzEhr9;K)@xUE-M^tBTV-?_>Cys6|^Y^O}m~hOf)^YrRV3b zf%L|u0VP0vcj#zka%${+DIMOH3>c5p6U~?VfdlA#BlkB(-S@dyeNMw!9@I}4j@UeE zzxwHPVfpUD=s>`iqcx_a;pP^N);KhqP&Kh=3j$u_N+4z%&~Biu#-7!GCEz;6!4#;J zK`=alKzF#Xg0idVNSFb+K^e5D9TKY7rEEaJXnt5weMDU}x`b|_H;rBVgr_e?I>T2W zY~Qk!5IEXk#5=))<`@Hpjlj0wj~=M{&W1}cJ^Kc3c8fJEKkl2lv-8OCmxBCPVMK*r zz1qft9?Uw7J3diePOTYoQZpt}=BFL-@ptzDzpwX6Snungc(%#Aib74_YEk~?&bYo#v8f-{{>jJ#yTE)xxcOCDvRyvyrF$#j_w~1~ ze}5mawtxKNpYQ8;xXdru2i#wTf&0%{(6KnES`33Or|dD>VqoUsQ4n0JS6xXM!k{-4 z#EMdiSY@QlCQFwm(33K(KhL(~-y7MX3Yz)XWuSHCC-XxG&MZ1jVMEyaAQ z&cuKMn!&$RV5&E)=Jn_5=kMU$;IpEnF$nVax~Lsh$$m zhI9pVP{2@G_vG^Ul5$HNj2ghQo7=QeAwp3?2d`2dxDO8(`ub=!@MrrkTo3|w8%!)f zZ^jEKYF~)w4DFXu)5G_8ndUUS_Lv(P1v*tfAmG#Arx(l*ki#J>0YgcnYRrNj_XKz1 zK0v7gffh&_s8i_@RKTh#;3BtOiru~dVTX`2m#{kzhFsj;@CKFPLipYRq^>%n2Z#T|`-~m7}w)KP?UV9Rq$V z;J-k?@9Vd?{`duFK^sQ~c3%|m(yeh-`sR0!D^E~HiZQq`F51{mcyxtq9e1W($v)uj zh%O8t1T0czV5ZIirGkPOI4c3u1T;ri#gv7DZ7~u@??J$_rAY|^^B@dz(FP62Shx@{ z0SVC^%?AOuDOc523OAEf0*0$8M!)C5VxV?;dm-R0rj^;!H8Xld1;NOmzk?(Ek$YLi zHq3%TnvW;qq6QPcUEDo>N-J#!krmYomMZXpB`}z;>1AY_m|K#;c z6tD_Zz~OrgIAQ4TVyI^oKxJyu-$dPO+nh+iGDc7Kc@Re*F0*-2z$XD)5-`SS6zsDQ zu>Bz5r4n$TxwyN&60nUVU@Hpvg@C1E^M2@81zbl>a@$G3TJ@eQt|3dHcV)uQOA^-1 zUn+szJXfe^QNa8i3V2}DR1V^3W%;z@{f|6GC?+O_1GZp8Jdd^zq2-2;{9#b11_94- z9|UYq1uO(y>S-ZO5`Fntf}UlIjVNGQa2@146VlI3j_+{u^B4(*+S7S);fT*Kn7||_ zRu?`Iu!W45NB|TtT$wSU$;Gf4CP=_LQm#ay@A>MeH%Z~_{i{orPbNFgcN%D*ngLzL&PcV8ZhETWGp?_;p9%Q(P{2H=(5MC^w|ymG1p>Y~jMreR zp|0L)5^&CVq(m;i5U|#Lh-QOCS7vqtUacso7X^HJMjLX}2uFQYw;^ds!g_v%5A>l1 z28n56Fw-*z?2lflVV{){uwq>JfumAPUs80zo5kHf4y2e~!kNuJ8%5I?-zQyc82k=rr=S55mJ-8g@b5>1T#1XlCiIV)g;yfwI6V0m9+n|C5L{KASlcCd8 zI>0=@kO~@L5Pwfmu?>WAoQWjFN1z1yXz@ZWsWboydI~}6xe95HYm3J&&E{_aZQKBR zRfTf~yeIwmgzI3j3vCPR83ZMv1JJ8Y%x#NO*`SkHvGahWb1O)N4s;TF9QP$d5*`Gh z&j2``4iO0q{h_h`dzdZ}01r(fY0(!sVa?0GTm_XwudNKGTk%E^FuZUgg#hdbfMJrA zAErjVwmvZSTVN8@GL1km6<{g5Q>7db> z$dBWYtJJpup$@PI=nQ&MMex$atrO8N7MQ21obw$p(|Cd;z5}d@`__4Qt)rb9=;}nf zXC+W`KXpEj$8PjcFi=Ke{SG~i+tq89vKf7cDpY9VIJgwhVt^}PvE(`nWZ07wGN7E0 z)u?T#0`Sjnbglvr^3c3khE13yOeN4M$fSsKkaQ^IJPm>SwwtO3gf(<~X$~`gjRuq+ zF0ie3$bbc;f)XmIvwiraoDLAm;F-8P>U!`Xb6DE0d>3}Fb^{#Nml@# z@z5gxA8H`4t(&qvD&;4*(zq@;#a20A0f{9+h#&}A;cyz!r;nD3Y4n^jP>T_3LEIa2 z)3^>Uowe!EaY7#RE9UeS%(PnC83h_aeUrmv4+h`}g6TSFQ=QU6@C2*e4z8 z8<+uexJ&uWHehDJ_w5C3k&lRYG>MAFVHjw)DY!uYBkP6%`BdJMx)Xhjo$Y~gz;oI? z8QJG#RobIkI>yhsCyOQ~%y45P+5n@#OtKz#FKPfXBM-kuxM5M{THL4!UY;2giEE*R zL072M)O4E8o@xX?6e17AQ7OS(nlBR+6t_)@~mi?x8!HX|lL?JoRA zD_t6s(UAp!AXPEY!?f=N>3{cK4Yiz5Coo1NLQGZAhKW7I1^lKem}Kscm|92TPN`0N zs)7&a4B0V*`1pTc_2}zek9*8YPuN!o?*>YZ%|!O`Xptv0zcW=2;_l`Hp@M`BZv8k{ zCkR5TqK^UqC$zbB(V=4-s-MaC4V%_T+>yBg;Q@B%bU;=)wm!4Ck6Mhaf?83=D?wmu zoUO}w;9z=*6R}~!{j+8_I+$2N9x#odN?@PkG+>qjGzvQi(nD9H(-{t)j{0Wq)G3ox zrlF12N}ADy8dq4A`kM$a+kn{y%mDoQ4EW*a0WUjp9kV%l=*Z2zQWv*UZtlgK@!zZ7 zDy?`Yf;`LPjpKTb&b3R9^6io~1zu;?LC* za!tmT6My8U;g?l-TgM?c@|5Q--(DPBasGpRcQDC!MI}G#-i;tGdhpg^x*B=%Y%q$= zKs=SP+{-JY?Z+6fei$RWh{NJ8WM z&QFBgp2;fZ`PC-j>ND`O@H>kNtql0Sjx44HuaJ+q=`dsAp@2|u2l`EN}uGe)~$J`3g?Q8`BSWlK9{H5 zq6)d(t%YdI@1HNAa%=%}x0W$zU*9Oet zrhlDfag(N_5UVOp><%i2gA+d=&#QGhki^%mB=R!>?z+kGBGUo_*@4tD;}X2+THMX21-F1zU*x~uq4=el2uF3VweXp(++=q#Rl%z?v;*nstg68a-P`$flT zcEP$N!OVc!27CtqFDL1S5?c!No3VE;c(ld3K&qityPjm zco=#ctq$##do6|PonCTK+Y^0PwV;c1pKj0hS=XG-w}}UHI_p(MxfG`pjWD8A=`@sk zZ4Z6EFAn8w*JdKj;guM${_Nvh?XZt!!LMQk)@%c227DI)lQ$BbE4LIG;EiyR{F>%s z5^H5RHy%EsQPY4^b40?i1%NjcG^-++)&PwN!0LEho{*!3uij;9DN3#Vypj-AE*JYL zJ}0;HOh7Ktx07*naR5sv; znt;IeJnBZ*1#z-wl}%7UE7;ds0wZ|PF#Cu3<5ATf+E(Cr?N&zrcBMjnK~}o28zJP z2;BW)1d`gj#y}2Ob=yPnI_RzI!Z=rF0Knz^*t$b+iUx8{YBb-LkWUWTO*kDW3fp%L z0I*PdQ{fUL-9wR0Tr}nA8mOgreW@~Y=uA<0$SEs(z-0}!_Lh~<9DcbC_=*RW{sQ*B zlimH``x3}|DGz4A48UImV0bxnUGH}$QT@RK7UnTP>(up1)CbphhyU3-6CJrhBn;ce z^detvo2w-*fz>VL{alTtshy1h!;A{J3wA;uPEqM3Dx;%H zBTLFe?>a!QHG(^z%uzNcMtB3G$bB7pFW)8x-2OUx+Yi^7+yDFxzrNpI;5`Ps1Ne_) zz;u8SLKv7!@XgSYQOgd@vy)9#H$+=8;m5A32m+XpV_UUJw;k7gM_F)F)jBs+HXOSu z0CNduR_TICAaz|uR|9~_(+>}8oQ2}MpWHVnT{nrS5?%2PxvGK+7xW5 zQ`H&;`r8&=CsbR{%5p|xptG0I7u;mLiN}f}fQ_AVNSdBB?>b_d)K;`^;T47I>B)j0 za5Z#f^d~kcUUe1Sk+GMr90UHO?Bn)bCjY&SNMAbw+_@fmA-)?1zO41h7!WPK&*Kbp_nMnL+gyM%!P9bNlIQ zx8ExN`J)(cefx?gFYb2$?+SSBH>a3Dzyg=7nHU4P=`a*)?2%G3ThY15Iznp%Ftj!? zYTW_`3qpFOBi#B)g7ECwlxA6Fpk4&uR@cA zw}#b#Z1|)Qz)`QR?B_!7<-5dye~TRL`-xlaC+ptVhH1Y8jNgs{cXMn?D4ut#3O?zk zMO1LP+>~ zmJdemBZ09WH}4M155c*>hf+Lwb${^e%Xz!X_I^n5Xz6bD-&4RfAx;;V#e@W7v%(Z6 zMop7yg8*h3z>!@6Tm`5F_-+86FwrWnSKFCg0Spx>0zrphfS?0YY^x#GUa+!Me8_s6)0ee>)j6k)>0+1E>@H>Im_Ky_q>&E}qbl^+x0e)Wr_o`{U^4>Qx$NKOnzDB$b;6*lN+{nmFdypC3 zYiY&@R;V&;J)qe}ud{08!QDHQ0nGXHt;fbmzS?x>tQDZp`#Xg z-j;NiSCy|ZU`n(4%&h^}D}X6MYO*zOEbFe8>rs@1@eo5rjE<4j8-OYO8Nig@06f$- z5%v>+tJa0B4ggG1?{ZD4an4|_*MN)Ipt7$3Hq^jO;0juDxc!B_z3tmrZhs${|7-Hq_u7o~UJSS{RAc3Ia!mtYbf{+q-3 zkA3+Pw<*9Pz{lnO;4J_$+~2#0#>c^HA%wNiwvh@1z1Ce_VCV@Sx}uJZ%!EXzN!E0{rJ<0%=pIY(4mjklicW35u{L> z>AbDWT?N1@Bre_3f||lFltKPtb0x)!vWm0Xfc9}99}q5F@zqfDZ4IPE`ru&i4AKso zaC@)YQP6Yaa0j@mXSp*c_=pT@i;orU|IU$POnLZ%feQz!R|pb3V%w>wCj54@y}N|u zB#o?9?tieku0OPWvR;FVO`KZv0wAw%`zli%&ZuFu#ZhZC$@r|$?T=` z&miXPYa+b>_)xZkZz-jPo!RU{ec+n7x7q@sZu@&(^KZ2{P0%pIogAN zxO0=Cp`U-MvKADQoEWU;4}VO+2IzR-m;4HVGL*12LWpDU8q=L{;2ndQi5~s>(l7r0 z%IaIwf_dEn=RclHHpXY^I1sV6`|1OEr!?WL0LEz(7B*Rfd#*l{L29K8yLKo9^Z6|4 zI$7(N7XX+CG7lD) z-Y_969qL)ashB4~Q{Akc_SNDCBU=({Me?TjzB)_Ri~jXr8?VDmhup}qi92KMYH~C7 zC>Kt)?3-1%GCD#Lgjt70oTfbrDU}4=zvN@|wCR5?lIB&g|0Th$(;bz-oZ}cq;j)86 zQC8|OL7Z&##aKLMb&r>X(8HK1ganITCN@*)=&K}D+55j>wb-oGn0{v))|h&Ig-uLJ zi=~0rI5~13H~Hi|!F)OE@vr8%od8Ki6Qca5i{u;Rm%cB{4j8vyWYG`H4TJ+}ZhARB zRpGc)uhUQ>_mT7}M;SFp*1i8hiXezwabUbCqVTHJl+&CJy8Og+WbiEgfW3>4*z{GkvG8Cfjt&?v4x+#bYnUvZpVNmjQ;|fM1MbOwh z4tmy)5EJeGpZ0&fmxGqYFzgvGvD{%b$Hkg7Gy3OiUDNsObNUdX*FiYEWp3l`NCcRh&~%l#Vy6 zDoQ5O2|6C^4uo_fy3RsnT$b@NHzs~m66q+*vtV_7_&}>~4*jiLzXft&(nXxoT=05> z>|dcorb!b3zs&xl>)=P*dY5AXB}~Qj&H}a-*r%R-iAB>H>3cthT&3URhL)pM$P*ui z;T;DIeZ_iAk-rK^i649n&eCD&NhV^o$8aZsbhVR}rqdLC(J|a3aK317c}yoWbmAeW zRoc`>dfIA4PSqTC*>;sisD zR%3cLbrBVU{ES$_-L~?M@$Jhi8p;GpK9M_o1G=G*$XS();p7e11gC$H%Qx`0_*hdF z4Ce(xi$(`v{AI9uecf-!Y4-n+9iK68Tdg%a0S=HNY$WJK%ulp$SmoQ7b+h-quln&(pX`2yp*|Vj@b1{~qacHyWfubcm4P#G_;Rtd= zJd-1wtp@r_2s6i!dhUA)X7~m$Gz3nW1N=QvVYuv~8zTeg{7H%vHuxSQ1*?iu;s9sK zEr*@QH`COV*Y2nR}6R~3D4*j z7yR!r_EPr#+4wC#&ubn&;S|bRxl@`Z$RcG`FbGGO)Br=Qu3pu^-nWd5|rH-e+7Ys@rKn30ydw!ctY1r}nk15`b^! z{EhAot(S!pI&PBtbqZqrx)6@?8#(-n<|(M$6Up)ka;Hf^)5|5_Vgf}IZ<1gihICn{ zup739Xvs!3V`ADd^&db%s#bK%lq!oKolDS*xsMRw{-Tk?q+)1J4_FO zoir$VS!1;hMJPH#YZeobV@DlsxT^u$QNi^N0p3C90cII-1=E;-nlE`ML&?tN2MBP! z{G<&yv`VeD@HDI;Z{4I_zNadY3&-YH{ERp~9~@#)uz#&Y@-GU-`mwLTzZp~G7wt0; zLZ@z7QGF>BDFy_LqR2wxISTBwX@{Zj?V2%Wc%q?79I(0T&yMl$Nml3pP2mftAs7T` z4RT~b6YOAGrJSb#(u?%PK6L`QUmbvCR&19mYH(le?cF~a9X@2cJdBJ0+%IHNR6o+( zq3@ptvcXW_;><5|kQoJj7=vKN5wmr~U=7b+PWoLjoD17^LIocDK8xgOu-8CA6VWlm z2T0&Lk4(yz8UVO(rK&sS_@B>cIbhKNuoe^(4zpJUt!*KnPfkJev)Zr1IH*K;h2>Xo zoM@ETT8G0aD@i3SIPFOB$B-_%$*+OZh3VWk(nrV~~FK%3eIF{)R-HBdsuV zL{t{B*)BOZzDoH0{%lNHtTk+pZtMqN;^ZjA+W+=lCgx@Hz`-VgFSoPGI}l96c9_o6Xm7g>e?tpFJ$NiNEwm zeR9Wp_8Ki)bkPg#r#XKn#HUMo=q#Dge_`%Y#o_+&Q}b6Vo;$WByJm_0K#=zAl>n4;iAiRWGWQtBga ze`>k;ECOC*wx$)G!_*NjdGMp6Y8zi;i;Gu=pXo!YB}NNcv%P3#i5w>0kHPb|Pz{ns zvM&tIt!zZZ{82PNd!6*gj&VW^zk+~F#+)&ObOP}H3wZMKfWEv`TJ{_%j$Qt}CskhG zIBRJ><>Q|yUVIW&I@HIqOq^8jymdWIOi@PieC+Y8I#Awvs8f$!J)OOZkG?%IPVCJt zxcukNCGfpFuV?YxbLP~*--^jvKaRo4(#aM2%4p=58m=9oP-QTK85ZYz_HCO`r*NrxVumS^b;`;rF)F4>Yty@ z7UC+hn}fQ{%mS}2x2AIYwdJ?S7VNvKEGiScmS0^&+$88R)_$CS_q{HX7nH^;H40IEg~zmv5-n~LS_S|f_l0R$ zak|(&Qb->Ix6ufau85K;>Xd+g5J0kX^T#oNDrZooRY|UuSh@q&x5eL1)p5aFtFW^f z3kkhna4EX4hF2i!#+CBi5JQfLGp7@jZW5ZwBM2#cD?E5%kf$F~eKMVA_S)oC+v8d+ zvoIjtNEGLgm*$Q9@|w7=-u_7ARg&pm6vtED^Urw~30F$95+ky4BesT~ue1DGdWk=2 zuhU4syoyI0*P%?_>r~yw1yd-0*V=MyL=PjYzuvBe6=1aIk?gntTghel2?S((xBB>% z{>dyS;@1+=dqBrEe`1rav3o%eO?Ed*17}J*|B(%wRI8luG^|Gt4i^q zf%h>~1}-mZTvj)>^w;#-X*(>AOcAwpu^GqjC(lm(uXSa}Z%l0F6k5^tpU_fcS9<~8 zg}{m_e?JRnsL4B7kDpT56(%~uTAXf}xEd1uNA?Z`U7+O4Jn!XJ4*)13x+z-m1pt32_Zf zt)qR8qnC{6%=Jzey9yX{l>l#;_N8`xVN1x2);r&b{JUp=Pxo;I0DVeG-aD$@^J0S; z2V&mGGh1CUl8-(dFx1`C^Y3^SY~<^MUWnZS*kP|<5TE3^!5(?XtY~~~&cVosddZz1 z>iitRIDgKX?N%sG4YcI`G_}}oDAq&!AO6^jDBMHHtr zO3l-#=YG0wf6YXM-;~C*WOa!DF3D)~{t@AB$`IeG^#-wDnNDXCPGHoyWpx0^pBd@K3B9v-+mB3o2| z7Y}4N7%fa>DXU_@0k{EsOT3 z!H*FP+z)5Y@eu`s`WI;dVMf@TAK`!K@40P9Vvd}}DDc<#2eQE|Itr|Z{AJ(SH^-f2 z1h;;*X2sVpUo&f6x2;p>(88Q?MJ=8*!2H4Ft~k;!w7&0Zo+LoiPIuLrXGPl0o)Tte z<4PVLdZex*2GBIJ^SDHYvQ?6vNy@LYab^bZO!M=jKzAt1o!TpGP<_3fmJzDf`n%(c zh}eehxNSGk*kSNI5fG`hY@l6r`=COOM@Z|zsq9d?Ep+^-kRa|TRLYIVKA^f!lYFY> zjk3_MwW$oSd;V!DC=nQId|>0mKAHbG`TH>|hFmo8Mzo#qc}matjbaP&i45>pOK$gV zUaH;P2B}j@ZX;5e9T(mnP2^hdxN&)?OgeuBzb5UMP^z&0M5U3L8T-Sk{OT|IZ?nh6 zC>M=i9QcY2V!O%Zoj~uoO21Jgx0>nO)>72NLCQ^$YCXO<3GYh&3eifYTdPnh&m$-0 zTOHZ^H&*KT0lwWa@a=FD(@66(=5X-M0#Rei5MaT}9&!?XNC-u;2HAh?bfo2Zf3Gax1XOYpwZPhpmmIkKnJ*5`c3r6$L7~>9u;S z*))Yp#ALApPxd5^dS-dzX-$O2&EkHW3od$021?q*yhs-u%{k_Lu-y`AT zvMU3?tG;}iLkbECNH!pSwJDPBK-9bt_KO~MYeq*hk0E$wa(go3+fSHqA#z&$fyzf6d1cru@Spp)ZSO^XMk zQvbIQ`(m;{GL~{7?VsHYXH$&*ci)NU5?k-y(~PoG)J5qL_?VH zBCu+MvIPiXEj&!FvsnGc(eCau1%LI2Xpla&=qG!QreC>+>}qOvQ_rUk(|0Y!m~KX> zo@hQ~F{2Gl3pB0TY-IXZrPTH4Q?(?ev1DH5A8ZroT9r({x-eY7gEa0Sk`29T`aL*te&Fq0#O)$*zdTB@d*R}`ixIilM z5=r18S2qZSUVnK3pTQlSt?4U+_?U|Km3djjFf_TybT+@~ov{qp7G7N~0~m1tPq40tZ|WSa7baUbkOV-EscoRE3od<6|kO>`x3qgKs@g*=1Kb?ICFo>L&Lk`QQ=rb7n3KGl6Y(_A?kq`6Jd znN4&C=DBXtt+t{b_M(t~@QpyR9kgmzBNi9`KKw!EGvKU)`B(LdZ@a};Wq@Ofiu1x9 zKG%c<(bI%Phd`-sdWivVRgrdp&j)6v8j3{3N+l;(f1QN#Eo3b?0VM(E^Dqkb?7LkA?J0+!>6 z=(WsyFsueEJ7QGX>Po_8+@C|xo6C!Zv)P|%hoCG_{wwZG@V|*BM8?h@1Rb4dN<_va zTKHbt=qSG-EWDCaqZ$QO7NWltPc`D=T4LSkf5hj%hZ-;*U69{ShqpP9Mh{fUz`aom ze65HCex)3HeWkj~DLmn`nHR9}a$@BHW<7k0slV7IoQ^~CBsUMpi~>Pp71I8YLcje~ zbmp+p*BJa!Lex>XsL$5qn`01%+& z2%~zH+0G0%I7LDm`)0eh$xRoxVX++$tH0{&hAL6?iX!q}T)#nqP{N&Oaq_$Y7hpFs zHG38vZWAl4rF(usBf|hldtkED9No3xt|?aKZhgm6c*b3aFtEZahW{=0_*=Be8cXD8 z(+%FHhKd4ul~BD0DUK0=R`N@N2k?6BECAwH&iMx-+}h8?@&|E^)@a*YJ$D$7c>L z>=BxAYw$(s{9pca~lpFzMqw?0Eu&c4Dj$2<>P&&9MSJGd7Ej-N`w9KRG=yW}6#VF1!H%K02G? zH?A1faJAW|-pAQ@c2GPS3>A~CQFVa9|lvveq zbj8^;t=_VMx_oNxwG(em~O;tl}x5=JT)mKb<&GKqQpG(Y>0*L`EloWa|Uq zZ*v@RSSRz9yL4VVMgmaaBO+1Vozz=A6BEmU_u4 z)+io1tuR4`iLn|gMo+fm6~hnRVL59?7R1;J`&Ei&HK{OT%#Cq34~nEx5IA9e@PO0d z?wJt?!x;Y2(7@`@LF2}Dk4%KDHdh4kI5j751X%Lh+_^cZb&PKc>;Tws**r^;v6$}|j1-wVHtN#-b>jjdihHu<4ufq|q$ zlLl)ZZce|5GEhjuIRW4#j*Z-n88D)55URIWs1PG1fUn*v&sA6~Md!DbRtL!V@_-({ zocJ~nL!zq3VcppQBycbtZY{N`yixpSslY*`0j1jCWzVV9^|bMPphCI->jFJ3hqGJT zYW^;A!#r^6wBowfm(g&({G+eCpl=5vitz@UA2MA(1L+SVp=C-oII?ol@_GAt+z5>g z3*-;TC~r<96K#6(12_jGiipgM2?+zdtxrxrMZ>qQeJV}6RYJ`DrQbQ~D*{LG2dujx z-%PuJ=84fijVq4?aZnd?EPBHn6}&)&R6>wpEqH+Ha=>~wkS&$UHvVB9Fd0bq=fM@; zSzP-l=L`hB%Ta>^%Q5@#1R%jsR|}EBGJmpK&C!q_)f6^d6sQ%4|uV|h@$cg057crCy&G=I`A2r=hZ^t!2EvTnRObFhx;3h z=oCC8TM*Kd+7lr-ryYI0&@8(2$KU8k`3s=jOn)}I|6WUAA0fF2MQkJFts}wkW`v3dQ?gEb#Dk@$EOkzueN~7oLtmv2&stUCJO(8@boO zOLb81G^7vr!p&&bfiL&-S~uvTVVDmYg2ZIsvU7D$3i<9{0-cm3^bY_!k9?M0yaj*{ zX3Dyf>lLY?i~z5Xo|u5%y4a}RZbQv-jVLEuTJYiczowe!V%2+LKc+@@>N1KP_i}GU ze|YC(`%B%$DKx3Y%(7`>#o6iVdu%A+1GI4Y2y0Yq?}9lrI}Oju4S0+*!wKo{*DYK#XRS)t(4hQd5|Xh|@G-rm)qs-zSxjwJ3V zcPFv}Fd}iZN=9`C?r|eO$^>Glp!t5CuJnsi@=-x_;VbPz*2`(&N#6d5Ys?A9hjM)S z7H7l%&WcVFs+Mtp3I{v_j2@3Q`n>eM5agQ;8y~<0q^>;j4hR;pUN<5|M0XD@93kh9 z7!br)3T&K-`OxgWlq!n3{{xWp&$yl%JsQyNREFah3hxAhT1_I+>9SWI+O6;I0h|l8 z-*CSTT$p>;*_y&|RcQHI4`UVry=YruNW+Tlkc%t5Ld zkz$W%fMs_CpURz0DQZGJ_3oKMP%&U`ZeC9P4@_xAfWrqn-MTB%i1+AQ%`jYGwA~xn zV#thC*hxs@twKVQ8|DClAlJsN!>>-`KJ>3UqASgBjVBzmSrpUnYtGNvfgk&X)Ty2M z!y~o*ZcmlXf;#ktv>NH1o0mzdmDq{vyKZHLou=8Hx-r1u*=BT55 z*#z{Nt;n&`!_1<0$pYvV9jfDk${h-3i`v$FA7J?BIIazrNf@}s!m)5 zH{n&GNZW;1*~ z0OqgyPF8aNk*AgdGV<&6W)$DK(azI=tp#qUKcU(qu47QuAuhn;B6L3=%SrHM#kU=C zN-cTQf|knyGI2j)@O5=t6(g-E7y7#k-bo~FmrLPc83qsEYuNKY@kU)m_=R zwuPNYY`F;$#@oAS6WK7(L;e=J9Il}FMWzTU?d#^MGVsjBPnz1^kvg6g<;UDTv`h1D zL^esE^4QHknbRb^y0RSJj<#;xDMhU*N3DCMcsJ*Fyc`@%yuOhn+$9da)y^fti*h${ zW#m<-Xz1vBq-cYU=u%6CZ$e94+^C#b@x)8}3@3t1%_E&>V?Nj9w{_hehWPIU;nd5# zw>XW8gSxj~sd~F8Y}IhsW!=|SIdg#I44-ZzYdVBwY+ zC8o*0Z~HM%GQKS#f-v@36UHcmM2&Ghdvi&l3<7>v+|~pIgt?EA*yvH6B+w6T493)a zO6r>~{Vacy7K!;(R7UMo@V;9@W@Y=a>ZE`b8?wDo@&~J8D5?==Sx3|bGtq*Yef)$& zr@8DYwFi;w0Y(%OF_PUT6KUH!N+xEj$ZBgDFox_&X~$uKy%*$&FOmuelZxc&&;>nw zQKP-L@Q{fwxH3W;&_g4)iHfAFfC9j;79Gd_VJV2{Z5=`oL9P7_SGzOJ5kV+u<&X-U4gdhPw2n#;2 z+Y95;gKq$)de;3tq)Wbh>lcduMtph;P#@9XjqkHBnPWn`Jyj8zkjLgv4)Sn!DjHG_KDDV|h9Cw-OVAi7nygsN-dZ z7u@Ado)!$g>O0zU9(*q$B#8DWm9EPKT7XfgvP|VsbSgSku$%qpjD-5HA+K*V&680- zDChx!j-~<1d7ScrsX%gl6cNP8ow0x0NEbgao6w9mM;siWX~3;%h=oG;zYo%G*#pIM zN4$nbrD_~V!-iyC-m$a%ty{QRo(Xkw9*CM$`9-70`i>bBc-Fd!al-N~?`YMS+AdSv zm?NwHN*;Q650tJ~o@hj#?^cJn@nj|+GT99)6jf7(%_N&IVPO#_nmsodYg|gaEasah z=rIAk@dz@l>AzLDGq04`R5b@x?UnLZ$sY+`NpSzrUZpf5z-wunL?zVos@ne2QiV-Q zuKR}xIZy$mk)56zFsQ@Yk}SMLmRr5#LY@9old2I7;paFso3bX>NA+{%ktACu zKKOWn1E^JegUAEMA;8JbV|0=}h^00#5OJgSoTd!O==x#z+=8|YcL7g$!TE!FdvUfo zq43@H)zUSxaM7KX{9RWu0b78K@?j}zXXXld)*NrWr``LCO0Z_is}5xW@3g!v+r(9` z*o@Jgg1_0~>psgNqk_UZq_WM;%ET7f3+Od{WZp51hwdE5CcXtMAh7AvAv|FHb{Yw# zcb@sPla>sdbUi!Ky#w(UKlbD|Y5_CXU7}|PxheUM!ejoUejb=$jw;bv4|Y1{d(zRf zu29yVP%Q8B#T^B;2}mvaJtr{ZmH(vW$T;7k&l(=z56O}BQr09QIa`J)(C+d+V5u0h zS5Jqy!2(K-3gub39-T9DfbN%vC*(19at?%cEXiKpM)_@xI7~oJ`C&5_&^Fekm!H=R z0YYxnhbe;p7J8p;xu{)yrf%O&qezI@qdb|mZKC>Bx2?xS@lyBij6Zb!ClBoj8x(m0 z;NV5}Q6DHwggaa03E|J`c21JsY!dw8kNDdCh;bO-SrwsDvE*CD*(i_!aF zkuuc(=)e3QY0vzK-BS3&AJgd1K6;mFfpM(2u;eoGpL`hFvubE{h%d+iuvd{7ATi0k zfgpw+CEL$0q$6A#BTam4MNPBm<7%Ed0$rh#Wk@TKVRpc(hri3D786TIL3@D1ZQbHV zdfsb~JDR-EFT}~CAfBEtMNaM*_g*BNeb`l-_%zIcZ&fH7m@oP~YzVM!&r<`me}1r-8|}ToMxIUXcBZ7e-~I(} z8!MKN=eY`fd6IiC_5GKf_l{@DKLy$TIb}e2r$aZUA)2^+*_#vr?*Zz+e%VJZC({}K zj#ejKomM6fgPJhJy|YZRE00_xp<+`AWv=Kwi}2y>cw>tgEi-Nb#=?i)NLvw`zCKm| zOx|Urb3o~>Z-z5Ykn|2f3+Wf=Sxybn_$b&`&ZQ_W-({8%Fi zD3f>2`Y|hK!AHfUywSSw-Ra$wKzK`S&WGShMb_H-)vx*EwoJw<=4*TwAFVbu z?-x%@!~=@EN>01uv=q^WxUb(C?0u6>E;VSr0or*EW>#CYW*j$gqYiOd_q zD!TMi;@@`1$mD!hu6)vn?p!Ek-EXxy)MIRH0TM4mrb6#gaC{l!gzN~~d$9eG!qE$j zyO&Y?$3Ww|_Rx8>@1ph3KX)&%i5p@-e1?Du72eoshi`wZ{W6*qS9aC{F%rsu7gECe zo2iOKR+PK!!|7g^GuHk2cwleh)P3c&RIR6H)7;Ki&(>_@_j%QgI z*p*>~(0;+YhmvQSy4)5D>30Gt^e z{@#oW;11bPo=uQ6GAg|4ALUp>M~EtpvGQ#r>;3ahoJ<||Z%aRyG^(^IomBZgp?s0u zPcn?MDqS{rfb!OTMpZvZ`oPpO;B0X#z`kj0hHr`XGS%Z~&y2hN1LEN826*XlgF@0& zQ*R`~cvb-{t_4*d?7w{wz9mV@aOO^KGgUqci0h1h)ZQ;dCx~jK)%R>HR3-&*^O8TT z-i?@s)fc^!Weah@AIhXXuA8QW(*`tj*uNt_`D5#Az(4DYKehxRLdddpv;NBYdmam{ zi(3*f?Mh1+G5Z4n^Dn{G?`0R!@T{V+kM)YK!IoCwUdOz5V5p0JiS7xnF4ygH@%zB< z-Et!$H+!z!v7I~#zX&O6^yyye;T zXA0s5#aAwPOCg6CPy0?1aM^i8tGv&g=Uzs9>1Zg~`9b(#aUDq(3sA=K_%mF?=$|4r z0ukKj*&BfUu9x69RZY*+q}aj(5BQpIi}C5)z=gNr*9p}0rticLEH@3X<%K+haIdvG z@?IoBLj~Q4D|N|><0Hp`8GN@^9Q<8l<5|HDhr{^CD6y&%NcEMVnGl`$Z6makU_mx z$tu_XMgqZ2U4ZhwIrf=yTPY<3B|P>fAQVA~-i{CWEsH1efo0)^Hopjt&~vn7o;lU(zr)4C-`Y+wGAZs#F;M?MU$^TG~4XGuKi7-RVl3vq-+x2d_ zCkw+E?Noj?^k)|2B}X+wqFB3CEG#!$nJf7%x>5r%maF=HPEeGq@$c!=Y7gE5((i}9 zhU*%#&wP)NCb&RSD6%*wg1v$DM}m;=UMfko#C+7{W*#}>Uo|gte><~rfJ{6b`H`$k zLFRK+b+Wu_&nRO|195uLjLW3Nw2+2(P_qIx*cO*jC+oVx)$ox+2k|>S_=;qWS!2@X zD@$5g!A+<^SJWsPVgV-g?>%f5d;!EkHJ>SDXnZ^qw-V0omqN8lGME#yZv4U)5QL;G z+Teo-p)w+&4e?43I&Z>k_mPH*v}DT&Baz&=2gjj-Z2hj z_|Q6D-vy9yb4yJCY>!z;5+QKK$Fyw<_LTZ`K!LbbB%v@Qwrgn$x=;YLwh!9!%Gpu_ z+rK3DdrcU;YnAi_T7jNESM3~J83`qnY#y9z2&M%2%eV(-e$d(YAz9Xl`G$tR1%#=<{$Shf zVc@Wgi2`s}o%1vozAWWE$=d2m=z7kUh1RN5VhDy?`uW#O$NB=|vVY`Gs067)XZ;O9 z?>N+;!X0tQ(9&X0nzbw2O#AU@aeZfQhw02*j$Yc6)Q=_cJv-7szYxvSIitcwr1ipM zSm$^GTq-u?(lF98?xy>j%QgbI?6O&GElH)b3!pO?*a4Rz4n$pz;Bx+m3}v4hE~%t7 zsCU|DP93FZ7Q{@tX)#DI&`06UMnk7SDD4i$v%M3-Dk)NRR`5K@NF(H1l?5{+%1HME9jQO)1Q>8u9n3pd+*Q74K0@yJ`kLTgaPS%)3;?{%knB1Ha0I5_Qu<$x z`>%xZuVzmGSTJQCwqQJWD#foS6xg)QRsRbDjIG?0uk?g~x6fhMBj&($4-v-j0)YL) zhhA9$ViCX{zzjq-*4c9hwks6aJO)65nHCUQydagf%(rS9FmDKm`P+C%4=GxDgq!{{yw_ z!5K+a7Drke-p~vN-A_hVva7QKu%?!2Xbjbf>190ivM&_vAVcqiA^--=E*Igyi6KBk zfX?LhYOt^SZ=(I*LZC+p^WP!05cLKf4RDDkK@jN~96`VrlcO;t1yyyEyvv&RrhE>7 z22`qB_%VBAPOr`=QQ(me_|u9)`B2r$X0C-Gr&swNNrY= z5n*aLpH4S20$+(;5!WKO#s+1R2xCGSaOMQ;c8oqQM*vqG_{7kz4BN2mAv0vyG1ke? z9#GUEfJJM>mlJmSQQZAO&UQxum2;DxBC}e*A4cE~JC-d$&JtaD6q}bN$q~||xRo2| z(7%YV%{eNJlXU=}RNIa8-quSEIh37+gg;6!`)7lI8ifWX zzCcEPQ4K^Dj*VGs0vB;nA}r++hkfqQLQZ}*XX3J6=hF7YZu?4dSU=;$8kDPgi0c4L zEhR^Wrsx8@?_E@yf>0@D*Kdt2lK+nBt7SBMIH|r?%z8P+x zd&&sUku7dsR&UobTYJOd?_YWk|66VM6m%>dWsq38`DM$G*p_f_Q9Gl4;#gZQ72qzj zD^l%td&mN3^w^~R(l2yL%YWR#P;e=SmxOS%{%;mQOE%&`o}cBu#=t+)5nX)yjBBc> zv}MB#(xOs*UArtW_h{ovK~~<1Q7p3&Ojpmv?N9)T6#MZ_ljN7j72>Ca-!$*1nK zEI*+Q*h8QtN#gTB%as5vA`%vg6uX z(E9yqwR~!U{3*Cnk@EiY2KpnaXvO~)-X%A2CnSneoWwAOaa>|eo)U*834~wL&ei6; zPD@L6p+$Aorx%5tg}9TIFP`p$i(|gLi(5q47KJQkFg7Y(^<1xkxEVeJprl?hR}p7;!u zxuw`~A#EenMz_kv)!Uub+giAh_>`kRyQXUnD2{j+|0;}HW3IjM*tl67r$sH(|3)v7 zsrJN%yWzBbDbL`iXzY){< zWWqtEGB2T1DD5j<3RRx-ZjpCan-5J77sr=QE($@B9>>P{xc~LCs4sHXgl*JjZKT9+ zM&m7Apy(;Q*5i`vBC39@(U0-MGkg{0^;bl(-UFVk6e(&(*sJh=x{^z|hpaXR<9`qN zbl@8krc>c4@#p7On%>xw4}0}*HVZ;N*D_}C@In{(PwzG@uJdnvDM%c6zKYaM^*9)M zxRK~|xzh9FP<_s|Lb!18wZV&7E}=?nfw;kRWuyRBJg$B8*8Mtgo!#{y)fAbSOWu@6j1Jw@Yvo1w_ecAN+8I_#gKlL##I*o5ZQmoh}jAFOEke! zzaR4B&R5U-%Lv%$!IWUQZFSrRA2fpfFhZS_(UE4tSQZyH{qG>uuF4lzxbaGlRk6&5 zC`dE}Im}oE%36feMb|L(3#>EzyCGv3l_qC8C@!kMPF{@tP1gUUU6`URKb;iQQ^K2t zx3vk|Ajgf@@)7>rnH{*Z2#y%u7~lO%q6U3qj>myrZ!kB)CI zo7qRuQz%Nty9}{=0g!#3!jo1|PqJ_Ks88rWY;tuFx{|sh{K_ts4 zz5j|s`st9;*riyNQSmt(dbr{2Ph5jyex<;@NWr}sDfq$z#e0Pt^|4d}qxD|~^Nec9 z9{5O~XSa9oU-#!{HM9&|HmtX+=uy1c5z$a9iFqw~jc_>LW_`jmjShpDu|_qdXlH93RR~9>{Qum7gL`oz0^|NIkiBf` zvZmtQaU#;q624TSmBI7wfQ6}!xE>Gc2k);C8i<1&>Z1%tT9^;vizfy1Zi0>-{j!)vfX*7Up3&O(_^;; z(w76FM^vDA3WMVrpA+hFe}_i)%^r z8-2?Tfku?lAu9au9t2RgKiS1?O+s-e=Xz7XdacD4XCYqlAB^u{9eQSTKkjsND)+=( zUD4y+dFi^#VXcO7PK**rP}+ZW^)H4qN=32TmO(6;gvxf>6F=KZSDSZxeZjHNAP(|9p`)uaH@e8oW|*;t-@`^p6pF*_S%~ z9BvpQ3&a89yvr|wpqoM)M(hM#)bfab4^JGm8DlbIPKK3ODkbPNwXP)uDI;|I4R@e( zb~MSn-SSEg7ib;IX}Q7>6r6hE^pxgydl2;TooE@PRtqOI*jtb~{*}i4p9q1jvOPWu zkDfRWHqi5=Q=MG#_RHY{E#7w##rL%htCOb-{80XMhIcBrwp=}unsWaM z)P3cxmx1l%X!LL{nbmNCM_3r&MY1yf{}uI>0c|xwyGd|&FYfMcMT&cI4enOlQ?wK) z6qll8DDF_)y?7|@H}7{X`J0p7oo9A-&&)hC0db_T8D6Z}xJkHfTs$1y>Y?~&rReBHIg{PHAmNrQ8^^8~k4vjI?{7+CZ#neL3R zuOIb1a#9fD31lg#FT7U@L)=a^Y7%c0tZy?T);AB#6R!V0S!~o?`i+fRzbS6T%l^lV zoC?cAUlcS!!qTKw%~X>V?WJH*-Epm`!HjLwH@UqH*XC2{Yz_|_B(ba-FF;F0i$nD{ z!xUi|87-Cc;Ew-mE>hd`3H|zyi^tc}=LBeoO-eW7$&&;6-A6{ ztr^MWCv)pV*$Ld@#Y5jc2+f#HK~-~-_4D}f?2+}QZwi`K_>c$izy<%ER}`SL5&qMG zs6W)NG&pZZa)mp6iX{rrIU*}wry|%QOR$)GXYS6luH4qv-)DdSG~vgU4yM}Bv&E-P z*>4Bv6P|(?`(V%=*^eY6bmXZu-KV^Iqas!@5pJ_z->ni@3?sdRKWky25HUP4te;`Te_6>aE4hDWn)GtQ~?0}XfKoA3bKI{IZp2N3p7Zm2xveJsRBAUoFhy1gms0pSzESHh8tZ@~+L zommGW4hp@s&d(y2EiuWshxW3PGBc!n+ zQ2gfSRaD{na^%O;3980#4w17@9d3BUF5*02`7EFDfjunnhLRK1tC>p$;|q6sdJbVn`IS^2c&p3QYgOjmpDtV$q1*O*+Zr_;kG})W zYnzx0i6>t7CH<8tpD9nxa}h8bncrh`uHZOLt>#fAD1M>c?4%ty77^lA_3lA5SkA`w z$o|@#OCW40k0V!7HIze)Qld-sU2{a34a~Fj3jvuK>+pm^JIBphj~$C6VmMcU$L}95 zhuyKrE5=32xjPNmuTlW zzaXW=1lymGUuxqbLEZAw)~u&C-f&MJ!-XdrUt==|0$}AFn?G;4?<)fMR>#Fm==~X8 zr3!@^=!789?(|PUWw6-8p2tA4@t~ty@_Q&94+gyhS+#yK#493$8PXGgdG|3#Uy=dM z;`Xd3xV7xHGw;cj(6HO&mF>9zhE8bA{<#V*b^l~@*N>zx z{e0R_dDn$db&5Fbw5n^`W?dn!;yd&EY>D$vmmx4sDp}g(>*5MME){EyQB(r^Ir2B> zl)@g#wg7~RLM?)V#zVa}>MEXCs}kM{Uq6ye+^acnjpsk^ygfwhts_|v-rs-jq(m&n z@L~KsO4cN5cAjcA!>~1Stl*8P;{U-ruGB&Iv40zxh>si4j7^g^@%9?W+YDR~(kIoZ zsG9+h8x7}RoiV8kXakaup zdpFn=)?Hs8$TQBp^!hlO!yCLz_A-GvK?*B_P=i|SID{rVCLaCaajE*pxewPNTu4yyY(9GiL439XX0&g7#J(TthZH9$60N)OxC4JE zP>O7}dC*?27m-DfA&ZQ9{svPab}_xZUNS;XYw_p*;)LM>qZnwZzAHf5WhWVv!@0!M z<+JRM^W;8eLYxeRV48OgG>~UMp=PE6K6}3Gs(8cSYM9Z~08&=p2Qc=f?}?5<9yw-% zWk@z3&DSq~QH$^uk>~`0+WxlK%yBw|An|Y!BJT@ukJ8W-i&mj-8G}*9!hwdemCID9 zTa87np_%v!d&|PT=?okb3Qbl&-mR0_`e+IW8R5kdT{Zvl5ux7TMShCq*{!&$n0j7F zysNA_O8ndMaMl3OpOm}qqbSut3I^R-VlHwXw|{XSUf$!qwbqUzf+AIC-LT+68tkh$ zW;7qo-+uOG-I}?jf@ZgL;wZ>YCY%DM6;F4RmWCnig(CI@EyqHPC6r>Y&7!_b#7!w# z2)fc~(>O|>BR8Prs&e&XWp4>zC53?jb^&e86$4T{9#Ws9iKH{P*8#MF7y#4FDF`Z} zMuG;>76iMly~c5+PD%pC_;WL9u7F@Qv2)zNUIGk-!x)?njY$~og`^Vm9n~x_U0wEjVjP1e2u6kwnu#>da8UHC zr6aXU`eBrt2)3n26SZ1J&f=!{kF4hk-Xf8Vu$E!N*@CE+1>L`u4LlbaFXMt+3}NKv z`YV~-G7n&q1_s}fS~;Y9G$oqW`{@ao(%)+Wj%m!zw;Au$x;Kyv2%F01h#!-^$6zO^ z=_E)TnTa_DgkP&V;2mqnEdPmxA3fq3XstHK3-5-*{a9WR8gqD|qE4KN*+}Yd))^u= zN`8zde`pKTaGXcT6QK+H4q@#yGq@sxFfK4oX191d7{qOGQR7J@ygB^Lvk#7CTz`{vV*hU3J`Y60QtyHc4DEWf(1p^6_48;(8 ztQ}!wdKP(QZZ8@u<)I7`0<1-NM1NB?t8!W}eusn9De7~P#j47?N$Zk{32gOL>{DBc z_C}~>$XenC0${J-g;aANGpBWGL_rRe`>>Gh@n=p4vtA;^DcXSa{UdGv#k3w%3 zOjO2{CmXJFKkgBm#W!N|#YBy>Ba3Cun02=m$mu~%IUGxgPR{`nq7{Ls9L^u?S$P93 zlL7HWkwjlBQH7DzCSqsNo(cE!|vXW`q=~7h? zX+6nH*R{#_z$H8MTC(3hZ!*DE$;MJ6BV+5dQ$MJ zZ!40JHjWTuv~RA(kZVfFY!pQ&xuDXbyV*$m4KOb1U%i0ZXK^e%>|u}?V?y4=A)T2x zRcd*o46DwqW6ck;rS%^XQ6TVNe-?SM3Y+xU9pW$BM+K9AY4@l|t4xNARtM{&gH^ol z=a3|1?u~Oz82wjW)u?g@oWTVr_n!*eYn2@P)~tlrS8)9 zLBsYI3idWy6JOH+farRiA_Q;SzZk#S9cLjL-lV&z7=lBIWkK|Npax=!DM)&uA&?A* z-6cEfY{Kcyh6wW0O5jjW%;47-N}oqv63-`HLc^~2Kb)Q{rH!W8%|b`buH`)pCAlU% z**1G{q12y&mzHho5=us{KYgux;#<<6WnYCZP$^G#a#aL>kkNA zjkT6#-&QcKayaVJd;DsBZk$RuS4hKHQoK)7BvFix_2c#Rt151=><4^O`?RyFjvYGO z&Gwa>!^@wC;v5qFg%oq)yd1g|KYhB4x=c7e{}?e>@qO{FK#%ry%q~+%P`@24Fyw9- zY0)z%CyvvL7aTbn)e?Vi+QYIe#>lOXZXx)&l3R7{S95p1U6O1FwRz!`!>sF@3U++g zTA|hc{!{9qQJh3BVZ!r2OHV~cf1LB$7nUb4szvjb6&Db5Bl@|%)X)&+Y;j&DaF8Pi=i1~wh1Z}vX?{kV2h-tRHKimn_Wl@S~M5a0%Au99F4GSXiN(V!PuB#8&i7YRtu7IhUw{Ss1@BRH+==&UPnk z_l$g+5;??)Lcs(f!>=UFEZ}Gq7b@h}F|zf;ggX22G8~iRtBO$4r2zxr zPC1DaU`m`mgZ;<@Q9`FZHtvir4eP6ch8nacQgild69USs`ky&uu!7b3l0J$H%_Tm) zKMGOrqf^`?yBWye3nGL$37TFCHj+qyS>UaK0Kws)=4(in+>Swi*jJQiFDkAzOS})d zm*EybF3P}VAc~D6K zQmViP2{4!0^!tl1jk=u%d6K$&w(=R-y*}%S4ijG$gR_HTWn%~~-D^y{42yoMxsP_FwwY}fkF(G<({cOgrM;6-S`8gtGH`StM^;69_(;L5b337MsOr!AF z#jyU*I`Ru3D3Y6bq5aLpoelGe0dn0nvF|JB#6>?(M`nc1`Q^k8x21nU96KL zwIP%|r6r|(OGUmnS_6X5p9|BT=ES^W@hkKKdmCKwzUq9B9%!R17BXRSwMj8hBPon`a zcyMG9BT)B1{_7sc(TJuIr)L5zZX^%sJy*w?`zIYyJ*MN|7#)z z2+jx18$*lF@vBHhEQdD)2qnafSM2rk8)NmKC3%IcFY{5*OV3hjl}c>}gC9SlU?Tk| z19&9F7$>teK!*HeT%AEPs{10wRmCo!^!qW1?|1_N)vXpH~#Rnvm{EdJR^DVpIfR*f57}0p|tGpiZ8ibAD=oe=#u?wu@> z%g(b-nB9BP--@=o^-1om+KKwk3_bXP`x75Izu7^D^9-Ga!f8|n36b#HMzEOsHNqaw7$Sz9V$cxqhlS_d2Yd| z_-*j$V|7>bIU{KR0J}wBrfDs|g3I=0oU=6ed^h>PlxS;Y zWrcv}Fi`Z-Aj8@^tBe(af$@`uZ z#v|(nU+ot#+2?EDv|ZXjWlstlB5 z;oj?^pj17MTKAFDO`zS(lieHP`nPJl6vbvkMG?-_H95-iHZaiiKjj*y@?c7P?6`6u ztCW*gZ9XcX(U@tXu53W1egp820NMFNZ9a=pls=f6S0$D|Eno!nD+ZQu|9ICZBBUIk zZ+S5q&gV=X8-ELFLen2paR~?IwSbz-5pJTC_KZ=bB}%(RGUhzPl=_o39(O!@Fz~aG z?sfrC3wH1$x!Ky6e%kZ91+L?xwBsr}{DBf5`NNq@HZ+53M72Jhd{PVBt3)y?9>Q8} zAU8Md-~Pg@esii>?|c%O^bDgwu5fSa{|qLapeT&9_$S!WkYJ6oVgGs-f{oc2gYClGpty{kCZIwWPSl)@RSOx$Bz9aCEq^xgiDBvjlC+=IFBUV z8gkp=%n{;M{WFe}eA36$XzSNB$J;zPp!Ru2^3gNrp&7i>#JA^~b72Hz)b27%^p||39qkfr_ ztx6gqJi!2jRY8W+2sw^yGwIU;ef^j=3mYEZO;E$w8%(&e^7nc&Bj07aG04T*{-;Z) zgs@*2;Vhc+Ug6J1krclR;k^ve4bOoDa^I7s#70Ds9{+?OawIH`@~XO(29v9wr8aCB z;4z|b9YjH5il*Wt9b}m~aA5*eFipB}owM*6qk5MdT@I*M8sdWOq`p?26)*0;P`Z0(6`DxwsF!g~lg7kBF>1K1UK*XE_OFPp zr18#^qGIAR0h!nCoZ49Jte?yMC!DrRNRH-kol7DRu-S!fNGfJ|flwfjr2medzPyXV zmE3c8ou@+j+g!!igRo|P_J_8Zf>R19{+|A~z)3BjNg(ticXmru4XOyC`rcRW_I#yC zWJr%bRActvL--E?Tnk3)?P)F94E3G(;J!|xFlP0vsn^AhdPV~onr!@^b;#SuTzYQ* zy^poXjAyofoTysLj!`b+SWDR1@@^1t(*BDMpvDot`?3>iEh{Uys zWHFGA1PDVb$1)k$uP(pHw${;IeRt2Cn^ zB=j>>_URc0k8)0WayuY`ZT>^T2AKofx3@m)xk-lr@WL$#B0{c zdFOK@^6JO9z1(Awjnt(a(6%C@O^Tp^91n;`o1L_R3h{z-`kdMX$Gc7cdeNTb#`973&xN4hRa@AeVt@)`T@WV z1Xu7(-%cx{VypdFL(Ta;0fH-dK$h>3v4JU0{p2KesC$;xUW6aMTlSXb#c|x z+WK)$?#k@TTcb=ZK)rQ2{*~(4oXZk)CmKtn;P6Xc1l_{;PmA~ z9y`@XydX+<>G)3I7rryd^(G5rn=##rgOMf2v~IKZN{>W9+7k2)DFG1w-@XkMMv!Vy zEs`{LpNQJ-s5EJP^Sd^Pa0c&ds^*j5sL=}uI-W(!({eF&xwAL(W&yr;yHTNk!c&74 zO+q3*{|!q$W_Jxgl;#6(1(GML0xtOiFZbU3JzzCd1h00uZ(i3GMx}8Xkk+OlwXs_$ zAU}-)?~bjZmL&H!s!r*VD{Q=JdNa(W>f5EchHMJLmm3&$Tna5m3N5@#l7-awN`Lt3 zBYMi6iitCisCCnA8qk>bdP|RETm?eo9(pHS>TMp&ai!1b54d>HlXParKfe<_HasE; z&_@|TWGTENHIc$Bd}4}kgh1?DGqRJ z24qqvAm0q1X$w&PrvREDp3a;-^#%(~riT#m=nK0oi4loAD*Mm%7t6Eiz>V{?8O-eL zDax#a@Xz1N&k8H0*NPEVgf{*Xo_ufkxj~QkQ+i7^%dvmoXp8T9>^z2rDPmf2zfNJ< z=#94XTcfP|_=JUh83p%N5wq++nVq15CX4+yY*fqFu`Y-dCRN_i;{Z*TpB?|Ek#$&^sDIE<##`YfXT}e&*sJNwBzrl+g z+0ZWWwDo=?#(WSn$J3-f{U`P106a*d26z?EZ8ZHqLmQk8RJ;d3+h(LC6V)YbEA@xc z(GZ|{nQuqG6MSpYsokv;7u8_9@ z2=-rz8+852GJ?=I`g<|kG33jd&4}i6Z3lOC+Bm?)2`f4pYQEEM2T=wfYo>aFf~WMSS}{sYeqBs zjnC6arV?fUSm147uCz(6CHT%G$`AvRzuvWw69ND)TALTPPqc6n7M(WfaKFOk)*

z)bUncrM2{w+1t_yT!L(DBB>KjHA&C(UVd8+P5o;#@=M_X$XfdCzmT4q*|rw$EVBu! zK=-0P$4SK<%+SW|5p+ln5ullR%Oi)ML4*&C2zUN7B}!ue=G|=YuWfgK^}oFt9uod6 zkw^ywjM-*ko@?Flb<4(8#^Gxce&j|!XBs7SFr-E^(=`B6dz!yPYU>Y0j55@fCEmb6 zPflf<5+wRlpjSq@MURr&)p>lbT@#K636bX7Ta(w9TPl@ss1QJhnwM){$1SqUv!q#$ zw2($)@Tv!jK64iv9Bo zcWQbC(V%)!R9-s4)P+-|fV_ca1a%vxluVy0$cGX=p6Z7?#V9rj1gPoZsD~t5Q0;To zXHe~DU-jMLHI~A(WLtTZ8Q1vU&q-x`kz%Tc2>^}QucYJ_42rhAwoL&Lz>kKk;=83e8~vrv7);Y$`FEKh6< z9vM=^ca1r}ukH}QSU!as4>o*k8%KUKX(Uwow#H(@{dN2`7~TvlzZUGrh5X<3(2TUU z+_`B2!hYDt-dQb(tEgvg|04hkB_!P^#G~e@bDSToCY>cB=L2N>rR!*fr;=XU<+8bo zZRs$1Tf4t2Vq4{>hOG~q*iXjyu-?hz_6eu7zDcE+fUQ8HEM;k}TBnK|jez_nJ#3|7 zVCJyP5Refi~ZErzpPA>VAAT&dxhKXsNyRV*1_d>Kg^Asq;d2^?Kw&G>LO zG>M1J!hwMo3tr*xsWGaTT6^XTlktn~8K>>YQ6g8U;Ffhm+ozu{-xD!R!B79jFSz$1 z`D%Z%Yd|YO3d_`!!8kJ=7Qew#oZaJ(uc69BjrT6ZcR|dR=WpPZbD%`GsRX-S7@NPS z=fB9AAu4sWVyeNmjL?uwiKzk|urYKiFrI2NRE@Qv1_h;tH`5xUd3F?UKjp-_6@lh= z7{4?-luU!z)m^!3>rSbdGIZw=D#s96+1-AqpRP6l%?Q25`&i8{o{iXjEyH)x$T^TVPFjmi z3vF)uCLB>9ajwMHl$`MqZ0WX*>DXf(`BUwN_#KzEyvi0XtpYGd=1V$BLHh5V4iEsyT;nL5nA zts;`oNdKE}tERV_Z89f!P*~ShKK8e)xZ$D0M%|Bh_*L@4j!`F71If>&4~Zw-&nV!h zwttt;_OY82BqUAss={>HC=r4KedK>h%&mPAte^4;EQi>%ISjfC4b_lAM+&(pi)L_H$s= zyCRzmcG4uyRovN^pTmCi+i8=Ca^=hFP7P z+rNQ2;e~G>8Ga$qZV?6|6zK*x(zQ?f!*j+l;+x(2lAOf*2D0ymu-nc^(OXX#AtUr& z^B`jEw}yRS*7sBWqURrcksq4mAE%UmtRhN;6!jw)pOd2PWNiB;QWf~yxaQc(f8g=r zZVEftzUCeRO7jIcORbAc2g}~C=f0O;Vl4sET-7ee z73(goSTgcYH7!e32D16GPvynGCBU!N88PfDu(fnHK95d+XNa$OZ1>h*fnFrL5U*-? zwf;CT-T-s;BSC>=bxu~zpOZjSXR@W#w`3Ll$glEpzljG#+E2xjGeZhk-s#2jSTH`_ zP|#V60wUoHM?A*G# zNH`5W*5SCVI0s z!nf)$VGUkYJMW)D4sznh`ufdr5@n=bL!gsqKK~p<@BOgvOn|SVkdHja+?G*Nqx7RJ z0HN48Nh73$jnM*~=C8m?z@`|S-780uo~rf!*{bLVX#V?wHAUj%Xg2}0fI6>^V14DO z=}Lq&W>UvSk4oIHo|HJiixzTGES>1^$*WnPtpR)RfRt*{V{Cny9)SJrRU+ej+Y_s? z0o`~G3*a(YBRPs;$uy#n4K1ZjuM+6v5jWu#;y-~RH0ECdcU$r#GAjqCY?zB*MDowA zOk$D*xrznfPsIi{0wI$(Cm?V#h7gO$%I}sI6po?*HBZ$x9I(%uueec1jf&cC&IwWq)BtE|=3Hmy03#JBcj?3AMo5n# z@1Pgk-4MFBztin1Z8Bm>{d_&9W73zllWzm(wiDs|3;Bc|)c?{c+xT^nd7@efH`oEK zXhzd&diiN}0^e61q_lG?*to}>`kZ-QH2|+$=2I5QV}g^H`(5uJ_E-TOHw{=kI4*=% zR3O-k7WQ4%uTS?=)9&!#HtMG4E+lQ|@;VfqTvL!mg~#pp+(WFMwqq7&=!dzBNr2rU zcj)IMGe9X5!d?GwG%z!Uf9CqCIZz@WU`~farRH1KG?Zvd)itumD!U~QVjD;BhX#wy#v9Po`{Y|jKh%?vqMKn73klsWK2yaXtK9^<=} zYd;}b2>LxpwLK`cDdHtn7C_TEwPKT)n_K|0r-=Zy@L>G+n39;f7Dq4nSzIkmW$V;} zrhS%vCAL961-&icxFiq>cJn|Bln`tW)C6vP;VT6pPZXFn?n2->VKtelRqMr<%hqJ* z%PGQ&rJ_h|6-C**PFyTi17L5#dwp&86&ym3%zt8=n43Vh#=xa(1i*Z`t>vUEI{E5f z8dx#iBl2dswU|l9p*e6CO>DkSNqOOgp@i(Hq!M_3`cvsz) z-TFs$eY#Q%=+cIL_YOFUP22LrDhZarw)L)OW4>aTFaYdx5BSmE#vZ><#{sN$a{~-i zyn+mQtJtH>0j7l}IKx0;Y1U2t%&_Cvoth1d2ihu!ya}^Vo9zSiN*sNL`)#9^@st&x zENK92P=-ITrdbGX_u+imGFv6ybxt`t32c3w_f12{STPav+iY+=&@+*^xdG9T-3Sr) zyaF~>hrkN>ihJO#10Wdsh-rsNP$~9JDzO+_^?(eNxlg~8QI>Sj-Bs|?|GY^vR{tk! zK<`{MZ|b~PBeF#Vy+DF)=>ZpN0B5EJzeiWz0g$S6xzZ|i$&Y=vVrKbzvfB1=3q;eC z`D+fbp;GQ%KN`RPLs1h=c<#BWemAI18BK@Z_$diRK!Slq@BTHhQ%a-Yv~f1w*IRJe z^~c)YSCKC%d%wS&asbA*B=8`XpK+eI-1&bMpyz43SylNAi9`)d88v`va|(hdtTj)x z&PU`jexZ-6{X`G|^8)0rwl*@e9ze;Qok`?nj?p5X zmE2Ph>XPGAg!L8}X)ztAA$ZXOnKr^ehzWp4GG%;MZR$AqSY38)lmv_PPSB9?%i~Yr z!MH%d9L&|uNzN1ThDqLcB3XfAjq?3UH91T`>}UUa=y@V zd~Oajy6^4~yBj$^W^%ah-M%;h0Fc;~P3U-!@=I|heKdz?Zm>tYKMwLad??4a(eBTY)IfNG)SSa zpaW?~x(<4)yLyM3owyylHGmk)4OL6#d!`d;q{zW0T;WUQg&D|$1h5!cpoepdYe&ln zDCwD!|1|lvJO@3$u+GYRY9^5~M#YN|XRI0k*0~*_e72XWCAk7YBgw#^s^|y7xg!u@ zR%P3e(90LJ>8<#UWH71d>reGr%!nHRNo4?wpghlw4hlelVZoE;;geFjpuALS;j*V9 z8yEntlY8x>^5B|z);-}fwkSa0J;;(QkpGekkNw^SCUk^o-VFjI$iRPf-z++u(%Q{$ z{lFFA-uFfVXJO+$zu}L?Tm=T2Zlg;DU_wJwcb~hXnW?XRrE@&QkcVRs>9@hfZ&2d( z3;~0>{f&+%pi1m9${->*#jM{blz{ zsIgU2^-g@xW@n&R)dfOZfdzifaGA*@J}0Ii*@)`AxT_&0NB*&+d=P zkiI1*QEhsmL-LJ3)2|uk?E*WxsVoJ8;Vyw*bYJyQQJYU{vhjYjSMsp|U4JU#$03?a z+Nv`=;ts3+>9Ve{+ht-1k7v9KH&X-0Yw?#92t1%|w zZ8-QskY7Ch{wwk+F3r_CivC~6e(I58eABYB7&$Jr#49R);w)5F$lj4x4>y|1tpoJ%~ic}z1=7LBro=}gKaLGU5r(q`qwJ@|5 zQ)Dd8T4yT=HuD9JVbM+gn^8`_02gRcDny|4X*JySt@U5MW&28X`B|ULXQ*iy;ca6R zEgku=vU*hJX}OsCm-_0kLX!EMAZX$TrZD$-{o7eKY3pYFTglq9=T-f?K;Hf#c#pL; zq|L!trn&sVysehO{qMjqz}@vFqz0!YEg*Dd@ZE?BGj0g0N4|XMPE;osD^~-iIn`GN zZlkcjfxgG)=ED%IL7}^%wQXwQn4Qy;7-4MG?v?URE=D)~FQvlodRXoY>=!DBI=*|q zPz_*sl5aK5or}@be6edMe~7ay?wm~O6#wuqhopy>U{Ji2w#-#Z_B`exSQRjzq~5c` zgk&b^n518G3e-$Yq+e~6XzkIzgDVc;&Id4o#1iL0+gm6YTo*iYSd|()7&iLjk4}a~ zG{{J4l2(JkCb&^+`wBh0Vo+$$s83Dyn-{?`m+)8QSNimvp~c>>@mKGB=Vi#wh^?H@ z|9K22%8CeBa1!1?t=(KmfXjXpL@=M6)1*}i_dohS#qcFq=PuCKRCi^b6wUk ze`ZHxQ~`N;yfUSlCF{WoXfHOs52d$|oP3nc$@5}KD893f!VBvP z>77^STZqLN`Gx88iUYs Date: Thu, 2 Jan 2025 10:40:04 +0530 Subject: [PATCH 2/5] Fixed pipeline suggestion --- .github/CODEOWNERS | 5 + .github/workflows/config/labeler.yml | 2 + zero_networks/assets/logs/zero-networks.yaml | 90 +++++++- .../assets/logs/zero-networks_tests.yaml | 194 +++++++++++++++++- 4 files changed, 270 insertions(+), 21 deletions(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 0104e80d45ef8..851ea8ad94c24 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -421,6 +421,11 @@ plaid/assets/logs/ @DataDog/saa /streamnative/manifest.json @DataDog/saas-integrations @DataDog/documentation /streamnative/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend +/zero_networks/ @DataDog/saas-integrations +/zero_networks/*.md @DataDog/saas-integrations @DataDog/documentation +/zero_networks/manifest.json @DataDog/saas-integrations @DataDog/documentation +/zero_networks/assets/logs/ @DataDog/saas-integrations @DataDog/documentation @DataDog/logs-backend @DataDog/logs-core + # To keep Security up-to-date with changes to the signing tool. /datadog_checks_dev/datadog_checks/dev/tooling/signing.py @DataDog/agent-integrations # As well as the secure downloader. diff --git a/.github/workflows/config/labeler.yml b/.github/workflows/config/labeler.yml index 420482ad42152..c793734a2809e 100644 --- a/.github/workflows/config/labeler.yml +++ b/.github/workflows/config/labeler.yml @@ -611,6 +611,8 @@ integration/yarn: - yarn/**/* integration/zeek: - zeek/**/* +integration/zero_networks: +- zero_networks/**/* integration/zk: - zk/**/* qa/skip-qa: diff --git a/zero_networks/assets/logs/zero-networks.yaml b/zero_networks/assets/logs/zero-networks.yaml index 0aa57ef126890..c970db7a37564 100644 --- a/zero_networks/assets/logs/zero-networks.yaml +++ b/zero_networks/assets/logs/zero-networks.yaml @@ -3,14 +3,39 @@ metric_id: "zero-networks" backend_only: false facets: - groups: - - User - name: User ID - path: usr.id + - Geoip + name: City Name + path: network.client.geoip.city.name source: log - groups: - - User - name: User Name - path: usr.name + - Geoip + name: Continent Code + path: network.client.geoip.continent.code + source: log + - groups: + - Geoip + name: Continent Name + path: network.client.geoip.continent.name + source: log + - groups: + - Geoip + name: Country ISO Code + path: network.client.geoip.country.iso_code + source: log + - groups: + - Geoip + name: Country Name + path: network.client.geoip.country.name + source: log + - groups: + - Geoip + name: Subdivision ISO Code + path: network.client.geoip.subdivision.iso_code + source: log + - groups: + - Geoip + name: Subdivision Name + path: network.client.geoip.subdivision.name source: log - groups: - Web Access @@ -19,19 +44,64 @@ facets: source: log - groups: - Web Access - name: Destination IP - path: network.destination.ip + name: Client Port + path: network.client.port + source: log + - groups: + - Geoip + name: Destination City Name + path: network.destination.geoip.city.name + source: log + - groups: + - Geoip + name: Destination Continent Code + path: network.destination.geoip.continent.code + source: log + - groups: + - Geoip + name: Destination Continent Name + path: network.destination.geoip.continent.name + source: log + - groups: + - Geoip + name: Destination Country ISO Code + path: network.destination.geoip.country.iso_code + source: log + - groups: + - Geoip + name: Destination Country Name + path: network.destination.geoip.country.name + source: log + - groups: + - Geoip + name: Destination Subdivision ISO Code + path: network.destination.geoip.subdivision.iso_code + source: log + - groups: + - Geoip + name: Destination Subdivision Name + path: network.destination.geoip.subdivision.name source: log - groups: - Web Access - name: Client Port - path: network.client.port + name: Destination IP + path: network.destination.ip source: log - groups: - Web Access name: Destination Port path: network.destination.port source: log + - groups: + - User + name: User ID + path: usr.id + source: log + - groups: + - User + name: User Name + path: usr.name + source: log pipeline: type: pipeline name: Zero Networks diff --git a/zero_networks/assets/logs/zero-networks_tests.yaml b/zero_networks/assets/logs/zero-networks_tests.yaml index 7b7b6d221186c..47f8d8e197211 100644 --- a/zero_networks/assets/logs/zero-networks_tests.yaml +++ b/zero_networks/assets/logs/zero-networks_tests.yaml @@ -1,13 +1,185 @@ id: "zero-networks" tests: - - sample: |- - {"timestamp":1735634130990,"isoTimestamp":"2024-12-31T08:35:30.990Z","auditType":73,"enforcementSource":4,"userRole":1,"destinationEntitiesList":[{"id":"c05d5f20-89a3-4948-bcc6-8cc6e2aab3fe","name":"Test User"}],"details":"{\"publicIp\":\"163.116.212.44\",\"tokenTtl\":\"2025-01-07T08:35:30.000Z\",\"idp\":1,\"role\":1}","parentObjectId":"","reportedObjectId":"","performedBy":{"id":"c05d5f20-89a3-4948-bcc6-8cc6e2aab3fe","name":"Test User"}} - result: null - - sample: |- - {"timestamp":1734584254851,"protocol":17,"state":3,"trafficType":1,"dst":{"assetId":"a:a:VWW2G2C8","assetSrc":3,"networkProtectionState":5,"assetType":2,"eventRecordId":43174318,"fqdn":"dc01.posh.local","ip":"10.0.0.4","port":123,"processId":"1056","processName":"svchost.exe (W32Time) (1056)","processPath":"C:\\Windows\\System32\\svchost.exe (W32Time) (1056)","userId":"S-1-5-19","userName":"NT AUTHORITY\\LOCAL SERVICE","ipThreatScore":0},"src":{"assetId":"a:a:ka62y0mc","assetSrc":3,"networkProtectionState":6,"assetType":2,"eventRecordId":24143201,"fqdn":"fs02.posh.local","ip":"10.0.0.8","port":123,"processId":"1072","processName":"svchost.exe (W32Time) (1072)","processPath":"C:\\Windows\\System32\\svchost.exe (W32Time) (1072)","userId":"S-1-5-19","userName":"NT AUTHORITY\\LOCAL SERVICE","ipThreatScore":0,"envGroupId":"g:e:zUnrnhfa"},"inboundRuleMatches":[],"conflictingInboundRuleMatches":[],"outboundRuleMatches":[],"conflictingOutboundRuleMatches":[],"reason":5} - result: null - -# The `result` field should be left blank to start. Once you submit your log asset files with -# your integration pull-request in a Datadog GitHub repository, Datadog's validations will -# run your raw logs against your pipeline and return the result. If the result output in the -# validation is accurate, take the output and add it to the `result` field in your test YAML file. \ No newline at end of file + - + sample: |- + { + "reportedObjectId" : "", + "performedBy" : { + "name" : "Test User", + "id" : "c05d5f20-89a3-4948-bcc6-8cc6e2aab3fe" + }, + "enforcementSource" : 4, + "parentObjectId" : "", + "details" : "{\"publicIp\":\"163.116.212.44\",\"tokenTtl\":\"2025-01-07T08:35:30.000Z\",\"idp\":1,\"role\":1}", + "auditType" : 73, + "userRole" : 1, + "isoTimestamp" : "2024-12-31T08:35:30.990Z", + "timestamp" : 1735634130990, + "destinationEntitiesList" : [ { + "name" : "Test User", + "id" : "c05d5f20-89a3-4948-bcc6-8cc6e2aab3fe" + } ] + } + result: + custom: + auditType: 73 + destinationEntitiesList: + - + name: "Test User" + id: "c05d5f20-89a3-4948-bcc6-8cc6e2aab3fe" + details: "{\"publicIp\":\"163.116.212.44\",\"tokenTtl\":\"2025-01-07T08:35:30.000Z\",\"idp\":1,\"role\":1}" + enforcementSource: 4 + isoTimestamp: "2024-12-31T08:35:30.990Z" + parentObjectId: "" + performedBy: + id: "c05d5f20-89a3-4948-bcc6-8cc6e2aab3fe" + name: "Test User" + reportedObjectId: "" + timestamp: 1735634130990 + userRole: 1 + message: |- + { + "reportedObjectId" : "", + "performedBy" : { + "name" : "Test User", + "id" : "c05d5f20-89a3-4948-bcc6-8cc6e2aab3fe" + }, + "enforcementSource" : 4, + "parentObjectId" : "", + "details" : "{\"publicIp\":\"163.116.212.44\",\"tokenTtl\":\"2025-01-07T08:35:30.000Z\",\"idp\":1,\"role\":1}", + "auditType" : 73, + "userRole" : 1, + "isoTimestamp" : "2024-12-31T08:35:30.990Z", + "timestamp" : 1735634130990, + "destinationEntitiesList" : [ { + "name" : "Test User", + "id" : "c05d5f20-89a3-4948-bcc6-8cc6e2aab3fe" + } ] + } + tags: + - "source:LOGS_SOURCE" + timestamp: 1735634130990 + - + sample: |- + { + "reason" : 5, + "protocol" : 17, + "dst" : { + "networkProtectionState" : 5, + "processPath" : "C:\\Windows\\System32\\svchost.exe (W32Time) (1056)", + "ipThreatScore" : 0, + "fqdn" : "dc01.posh.local", + "ip" : "10.0.0.4", + "userName" : "NT AUTHORITY\\LOCAL SERVICE", + "userId" : "S-1-5-19", + "assetType" : 2, + "eventRecordId" : 43174318, + "assetSrc" : 3, + "port" : 123, + "processId" : "1056", + "processName" : "svchost.exe (W32Time) (1056)", + "assetId" : "a:a:VWW2G2C8" + }, + "src" : { + "networkProtectionState" : 6, + "processPath" : "C:\\Windows\\System32\\svchost.exe (W32Time) (1072)", + "ipThreatScore" : 0, + "fqdn" : "fs02.posh.local", + "ip" : "10.0.0.8", + "userName" : "NT AUTHORITY\\LOCAL SERVICE", + "envGroupId" : "g:e:zUnrnhfa", + "userId" : "S-1-5-19", + "assetType" : 2, + "eventRecordId" : 24143201, + "assetSrc" : 3, + "port" : 123, + "processId" : "1072", + "processName" : "svchost.exe (W32Time) (1072)", + "assetId" : "a:a:ka62y0mc" + }, + "trafficType" : 1, + "state" : 3, + "timestamp" : 1734584254851 + } + result: + custom: + dst: + assetId: "a:a:VWW2G2C8" + assetSrc: 3 + assetType: 2 + eventRecordId: 43174318 + fqdn: "dc01.posh.local" + ip: "10.0.0.4" + ipThreatScore: 0 + networkProtectionState: 5 + port: 123 + processId: "1056" + processName: "svchost.exe (W32Time) (1056)" + processPath: "C:\\Windows\\System32\\svchost.exe (W32Time) (1056)" + userId: "S-1-5-19" + userName: "NT AUTHORITY\\LOCAL SERVICE" + protocol: 17 + reason: 5 + src: + assetId: "a:a:ka62y0mc" + assetSrc: 3 + assetType: 2 + envGroupId: "g:e:zUnrnhfa" + eventRecordId: 24143201 + fqdn: "fs02.posh.local" + ip: "10.0.0.8" + ipThreatScore: 0 + networkProtectionState: 6 + port: 123 + processId: "1072" + processName: "svchost.exe (W32Time) (1072)" + processPath: "C:\\Windows\\System32\\svchost.exe (W32Time) (1072)" + userId: "S-1-5-19" + userName: "NT AUTHORITY\\LOCAL SERVICE" + state: 3 + timestamp: 1734584254851 + trafficType: 1 + message: |- + { + "reason" : 5, + "protocol" : 17, + "dst" : { + "networkProtectionState" : 5, + "processPath" : "C:\\Windows\\System32\\svchost.exe (W32Time) (1056)", + "ipThreatScore" : 0, + "fqdn" : "dc01.posh.local", + "ip" : "10.0.0.4", + "userName" : "NT AUTHORITY\\LOCAL SERVICE", + "userId" : "S-1-5-19", + "assetType" : 2, + "eventRecordId" : 43174318, + "assetSrc" : 3, + "port" : 123, + "processId" : "1056", + "processName" : "svchost.exe (W32Time) (1056)", + "assetId" : "a:a:VWW2G2C8" + }, + "src" : { + "networkProtectionState" : 6, + "processPath" : "C:\\Windows\\System32\\svchost.exe (W32Time) (1072)", + "ipThreatScore" : 0, + "fqdn" : "fs02.posh.local", + "ip" : "10.0.0.8", + "userName" : "NT AUTHORITY\\LOCAL SERVICE", + "envGroupId" : "g:e:zUnrnhfa", + "userId" : "S-1-5-19", + "assetType" : 2, + "eventRecordId" : 24143201, + "assetSrc" : 3, + "port" : 123, + "processId" : "1072", + "processName" : "svchost.exe (W32Time) (1072)", + "assetId" : "a:a:ka62y0mc" + }, + "trafficType" : 1, + "state" : 3, + "timestamp" : 1734584254851 + } + tags: + - "source:LOGS_SOURCE" + timestamp: 1734584254851 \ No newline at end of file From 3e445c83b7224d1d7cb6b2f8814d9a61632d3b8d Mon Sep 17 00:00:00 2001 From: surabhipatel_crest Date: Mon, 6 Jan 2025 11:28:23 +0530 Subject: [PATCH 3/5] Updated dashboard and pipeline --- zero_networks/README.md | 7 +- .../dashboards/zero_networks_audit.json | 448 ++++---- .../zero_networks_network_activities.json | 1023 ++++++++++++----- zero_networks/assets/logs/zero-networks.yaml | 188 ++- .../assets/logs/zero-networks_tests.yaml | 123 +- 5 files changed, 1024 insertions(+), 765 deletions(-) diff --git a/zero_networks/README.md b/zero_networks/README.md index 42d307687329b..39b67397c6a96 100644 --- a/zero_networks/README.md +++ b/zero_networks/README.md @@ -16,8 +16,11 @@ This integration seamlessly collects all the above listed logs, channeling them ### Generate API credentials in Zero Networks 1. Log in to the Zero Networks platform. -2. Navigate to **Settings**, click **API** under **Integrations** and click **Add new token**. -3. Enter a **Token Name** and Set the **Expiry** to **36 months** and click **Add**. +2. Navigate to **Settings**, click **API** under **Integrations**, click **Add new token** and specify the settings of the new API key. + - Token name: A meaningful name that can help you identify the API key. + - Access type: The access permission assigned to the API key. Select **Read only**. + - Expiry: The expiration duration of the API key. Select **36 months**. +3. Click Add. ### Connect your Zero Networks Account to Datadog diff --git a/zero_networks/assets/dashboards/zero_networks_audit.json b/zero_networks/assets/dashboards/zero_networks_audit.json index f704857daf497..673c3df9acad3 100644 --- a/zero_networks/assets/dashboards/zero_networks_audit.json +++ b/zero_networks/assets/dashboards/zero_networks_audit.json @@ -1042,6 +1042,144 @@ "height": 4 } }, + { + "id": 5999525942412330, + "definition": { + "title": "Top User Roles associated with System", + "title_size": "16", + "title_align": "left", + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @enforcement_source:System $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@user_role", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + } + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + }, + "palette": "datadog16" + } + }, + "layout": { + "x": 0, + "y": 4, + "width": 4, + "height": 4 + } + }, + { + "id": 4669974496291300, + "definition": { + "title": "API Usage Analysis over Time", + "title_size": "16", + "title_align": "left", + "show_legend": false, + "legend_layout": "auto", + "legend_columns": [ + "avg", + "min", + "max", + "value", + "sum" + ], + "type": "timeseries", + "requests": [ + { + "formulas": [ + { + "formula": "query1" + } + ], + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:audit @user_role:(API-FullAccess OR API-ReadOnly) @enforcement_source:API $User $User-Role $Enforcement-Source" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@user_role", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "timeseries", + "style": { + "palette": "datadog16", + "order_by": "values", + "line_type": "solid", + "line_width": "normal" + }, + "display_type": "line" + } + ] + }, + "layout": { + "x": 4, + "y": 4, + "width": 8, + "height": 4 + } + }, { "id": 7270801875129594, "definition": { @@ -1088,7 +1226,7 @@ }, "layout": { "x": 0, - "y": 4, + "y": 8, "width": 3, "height": 4 } @@ -1124,7 +1262,7 @@ { "comparator": ">", "value": 0, - "palette": "black_on_light_green" + "palette": "black_on_light_yellow" } ], "formulas": [ @@ -1139,7 +1277,7 @@ }, "layout": { "x": 3, - "y": 4, + "y": 8, "width": 3, "height": 4 } @@ -1175,7 +1313,7 @@ { "comparator": ">", "value": 0, - "palette": "black_on_light_green" + "palette": "black_on_light_red" } ], "formulas": [ @@ -1190,7 +1328,7 @@ }, "layout": { "x": 6, - "y": 4, + "y": 8, "width": 3, "height": 4 } @@ -1226,7 +1364,8 @@ { "comparator": ">", "value": 0, - "palette": "black_on_light_green" + "palette": "custom_bg", + "custom_bg_color": "#d8e6f3" } ], "formulas": [ @@ -1241,7 +1380,7 @@ }, "layout": { "x": 9, - "y": 4, + "y": 8, "width": 3, "height": 4 } @@ -1277,7 +1416,7 @@ { "comparator": ">", "value": 0, - "palette": "black_on_light_green" + "palette": "black_on_light_yellow" } ], "formulas": [ @@ -1292,7 +1431,7 @@ }, "layout": { "x": 0, - "y": 8, + "y": 12, "width": 3, "height": 4 } @@ -1328,7 +1467,8 @@ { "comparator": ">", "value": 0, - "palette": "black_on_light_green" + "palette": "custom_bg", + "custom_bg_color": "#fde2f2" } ], "formulas": [ @@ -1343,7 +1483,7 @@ }, "layout": { "x": 3, - "y": 8, + "y": 12, "width": 3, "height": 4 } @@ -1394,7 +1534,7 @@ }, "layout": { "x": 6, - "y": 8, + "y": 12, "width": 3, "height": 4 } @@ -1430,7 +1570,8 @@ { "comparator": ">", "value": 0, - "palette": "black_on_light_green" + "palette": "custom_bg", + "custom_bg_color": "#fbeabc" } ], "formulas": [ @@ -1445,7 +1586,7 @@ }, "layout": { "x": 9, - "y": 8, + "y": 12, "width": 3, "height": 4 } @@ -1496,7 +1637,7 @@ }, "layout": { "x": 0, - "y": 12, + "y": 16, "width": 4, "height": 4 } @@ -1532,7 +1673,7 @@ { "comparator": ">", "value": 0, - "palette": "black_on_light_green" + "palette": "black_on_light_red" } ], "formulas": [ @@ -1547,7 +1688,7 @@ }, "layout": { "x": 4, - "y": 12, + "y": 16, "width": 4, "height": 4 } @@ -1583,7 +1724,8 @@ { "comparator": ">", "value": 0, - "palette": "black_on_light_green" + "palette": "custom_bg", + "custom_bg_color": "#efeefb" } ], "formulas": [ @@ -1598,7 +1740,7 @@ }, "layout": { "x": 8, - "y": 12, + "y": 16, "width": 4, "height": 4 } @@ -1668,7 +1810,7 @@ }, "layout": { "x": 0, - "y": 16, + "y": 20, "width": 4, "height": 4 } @@ -1687,7 +1829,7 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:audit @auditType:\"Asset is being segmented (network)\" $User $User-Role $Enforcement-Source" + "query": "source:zero-networks service:audit @fields_mapping.auditType:\"Asset segmented (network)\" $User $User-Role $Enforcement-Source" }, "indexes": [ "*" @@ -1738,7 +1880,7 @@ }, "layout": { "x": 4, - "y": 16, + "y": 20, "width": 4, "height": 4 } @@ -1808,7 +1950,7 @@ }, "layout": { "x": 8, - "y": 16, + "y": 20, "width": 4, "height": 4 } @@ -1877,7 +2019,7 @@ }, "layout": { "x": 0, - "y": 20, + "y": 24, "width": 4, "height": 4 } @@ -1896,7 +2038,7 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:audit @auditType:\"Asset manager added\" @user_role:\"Asset Manager\" $User $User-Role $Enforcement-Source" + "query": "source:zero-networks service:audit @fields_mapping.auditType:\"Asset manager added\" @user_role:\"Asset Manager\" $User $User-Role $Enforcement-Source" }, "indexes": [ "*" @@ -1947,7 +2089,7 @@ }, "layout": { "x": 4, - "y": 20, + "y": 24, "width": 4, "height": 4 } @@ -1966,7 +2108,7 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:audit @auditType:\"Asset manager removed\" @user_role:\"Asset Manager\" $User $User-Role $Enforcement-Source" + "query": "source:zero-networks service:audit @fields_mapping.auditType:\"Asset manager removed\" @user_role:\"Asset Manager\" $User $User-Role $Enforcement-Source" }, "indexes": [ "*" @@ -2017,149 +2159,11 @@ }, "layout": { "x": 8, - "y": 20, - "width": 4, - "height": 4 - } - }, - { - "id": 5999525942412330, - "definition": { - "title": "Top User Roles associated with System", - "title_size": "16", - "title_align": "left", - "type": "toplist", - "requests": [ - { - "queries": [ - { - "name": "query1", - "data_source": "logs", - "search": { - "query": "source:zero-networks service:audit @enforcement_source:System $User $User-Role $Enforcement-Source" - }, - "indexes": [ - "*" - ], - "group_by": [ - { - "facet": "@user_role", - "limit": 10, - "sort": { - "aggregation": "count", - "order": "desc", - "metric": "count" - } - } - ], - "compute": { - "aggregation": "count" - }, - "storage": "hot" - } - ], - "response_format": "scalar", - "formulas": [ - { - "formula": "query1" - } - ], - "sort": { - "count": 10, - "order_by": [ - { - "type": "formula", - "index": 0, - "order": "desc" - } - ] - } - } - ], - "style": { - "display": { - "type": "stacked", - "legend": "automatic" - }, - "palette": "datadog16" - } - }, - "layout": { - "x": 0, "y": 24, "width": 4, "height": 4 } }, - { - "id": 4669974496291300, - "definition": { - "title": "API Usage Analysis over Time", - "title_size": "16", - "title_align": "left", - "show_legend": false, - "legend_layout": "auto", - "legend_columns": [ - "avg", - "min", - "max", - "value", - "sum" - ], - "type": "timeseries", - "requests": [ - { - "formulas": [ - { - "formula": "query1" - } - ], - "queries": [ - { - "name": "query1", - "data_source": "logs", - "search": { - "query": "source:zero-networks service:audit @user_role:(API-FullAccess OR API-ReadOnly) @enforcement_source:API $User $User-Role $Enforcement-Source" - }, - "indexes": [ - "*" - ], - "group_by": [ - { - "facet": "@user_role", - "limit": 10, - "sort": { - "aggregation": "count", - "order": "desc", - "metric": "count" - }, - "should_exclude_missing": true - } - ], - "compute": { - "aggregation": "count" - }, - "storage": "hot" - } - ], - "response_format": "timeseries", - "style": { - "palette": "datadog16", - "order_by": "values", - "line_type": "solid", - "line_width": "normal" - }, - "display_type": "line" - } - ] - }, - "layout": { - "x": 4, - "y": 24, - "width": 8, - "height": 4 - } - }, { "id": 8210840798992286, "definition": { @@ -2201,7 +2205,7 @@ "should_exclude_missing": true }, { - "facet": "@auditType", + "facet": "@fields_mapping.auditType", "limit": 10, "sort": { "aggregation": "count", @@ -2260,7 +2264,7 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:audit @auditType:\"API Token created\" $User $User-Role $Enforcement-Source" + "query": "source:zero-networks service:audit @fields_mapping.auditType:\"API Token created\" $User $User-Role $Enforcement-Source" }, "indexes": [ "*" @@ -2317,6 +2321,7 @@ "formulas": [ { "cell_display_mode": "bar", + "alias": "count", "formula": "query1" } ] @@ -2349,14 +2354,14 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:audit @auditType:(\"User access configuration created\" OR \"User access configuration edited\" OR \"User access configuration deleted\") $User $User-Role $Enforcement-Source" + "query": "source:zero-networks service:audit @fields_mapping.auditType:(\"User access configuration created\" OR \"User access configuration edited\" OR \"User access configuration deleted\") $User $User-Role $Enforcement-Source" }, "indexes": [ "*" ], "group_by": [ { - "facet": "@auditType", + "facet": "@fields_mapping.auditType", "limit": 10, "sort": { "aggregation": "count", @@ -2418,14 +2423,14 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:audit @auditType:(\"API Token created\" OR \"API Token deleted\" OR \"API Token regenerated\") $User $User-Role $Enforcement-Source" + "query": "source:zero-networks service:audit @fields_mapping.auditType:(\"API Token created\" OR \"API Token deleted\" OR \"API Token regenerated\") $User $User-Role $Enforcement-Source" }, "indexes": [ "*" ], "group_by": [ { - "facet": "@auditType", + "facet": "@fields_mapping.auditType", "limit": 10, "sort": { "aggregation": "count", @@ -2487,14 +2492,14 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:audit @auditType:(\"Asset added to RPC monitoring\" OR \"Asset removed from RPC monitoring\") $User $User-Role $Enforcement-Source" + "query": "source:zero-networks service:audit @fields_mapping.auditType:(\"Asset added to RPC monitoring\" OR \"Asset removed from RPC monitoring\") $User $User-Role $Enforcement-Source" }, "indexes": [ "*" ], "group_by": [ { - "facet": "@auditType", + "facet": "@fields_mapping.auditType", "limit": 10, "sort": { "aggregation": "count", @@ -2556,14 +2561,14 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:audit @user_role:CloudConnectorProvisioning @auditType:(\"Asset is monitored by Cloud connector\" OR \"Asset is no longer monitored by Cloud connector\") $User $User-Role $Enforcement-Source" + "query": "source:zero-networks service:audit @user_role:CloudConnectorProvisioning @fields_mapping.auditType:(\"Asset is monitored by Cloud connector\" OR \"Asset is no longer monitored by Cloud connector\") $User $User-Role $Enforcement-Source" }, "indexes": [ "*" ], "group_by": [ { - "facet": "@auditType", + "facet": "@fields_mapping.auditType", "limit": 10, "sort": { "aggregation": "count", @@ -2625,14 +2630,14 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:audit @enforcement_source:\"Admin Portal\" @auditType:(\"Admin portal role changed to admin\" OR \"Admin portal role changed to viewer\" OR \"Admin portal role revoked\" OR \"Admin portal logon\" OR \"Admin portal role changed to operator\") $User $User-Role $Enforcement-Source" + "query": "source:zero-networks service:audit @enforcement_source:\"Admin Portal\" @fields_mapping.auditType:(\"Admin portal role changed to admin\" OR \"Admin portal role changed to viewer\" OR \"Admin portal role revoked\" OR \"Admin portal logon\" OR \"Admin portal role changed to operator\") $User $User-Role $Enforcement-Source" }, "indexes": [ "*" ], "group_by": [ { - "facet": "@auditType", + "facet": "@fields_mapping.auditType", "limit": 10, "sort": { "aggregation": "count", @@ -2694,14 +2699,14 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:audit @auditType:(\"Segmentation policy created\" OR \"Segmentation policy deleted\" OR \"Segmentation policy edited\") $User $User-Role $Enforcement-Source" + "query": "source:zero-networks service:audit @fields_mapping.auditType:(\"Segmentation policy created\" OR \"Segmentation policy deleted\" OR \"Segmentation policy edited\") $User $User-Role $Enforcement-Source" }, "indexes": [ "*" ], "group_by": [ { - "facet": "@auditType", + "facet": "@fields_mapping.auditType", "limit": 10, "sort": { "aggregation": "count", @@ -2763,14 +2768,14 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:audit @auditType:(\"Outbound JIT access rejected\" OR \"Inbound JIT access rejected\") $User $User-Role $Enforcement-Source" + "query": "source:zero-networks service:audit @fields_mapping.auditType:(\"Outbound JIT access rejected\" OR \"Inbound JIT access rejected\") $User $User-Role $Enforcement-Source" }, "indexes": [ "*" ], "group_by": [ { - "facet": "@auditType", + "facet": "@fields_mapping.auditType", "limit": 10, "sort": { "aggregation": "count", @@ -2815,9 +2820,9 @@ } }, { - "id": 5641989942381028, + "id": 3534431085357244, "definition": { - "title": "Distribution by Outbound JIT Rule Status", + "title": "Distribution by Inbound JIT Rule Status", "title_size": "16", "title_align": "left", "requests": [ @@ -2832,14 +2837,14 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:audit @auditType:(\"Outbound JIT rule created\" OR \"Outbound JIT rule deleted\" OR \"Outbound JIT rule expired\") $User $User-Role $Enforcement-Source" + "query": "source:zero-networks service:audit @fields_mapping.auditType:(\"Inbound JIT rule created\" OR \"Inbound JIT rule deleted\" OR \"Inbound JIT rule expired\" OR \"Inbound JIT rule revived\" OR \"Inbound JIT rule edited\") $User $User-Role $Enforcement-Source" }, "indexes": [ "*" ], "group_by": [ { - "facet": "@auditType", + "facet": "@fields_mapping.auditType", "limit": 10, "sort": { "aggregation": "count", @@ -2884,9 +2889,9 @@ } }, { - "id": 3534431085357244, + "id": 5641989942381028, "definition": { - "title": "Distribution by Inbound JIT Rule Status", + "title": "Distribution by Outbound JIT Rule Status", "title_size": "16", "title_align": "left", "requests": [ @@ -2901,14 +2906,14 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:audit @auditType:(\"Inbound JIT rule created\" OR \"Inbound JIT rule deleted\" OR \"Inbound JIT rule expired\" OR \"Inbound JIT rule revived\" OR \"Inbound JIT rule edited\") $User $User-Role $Enforcement-Source" + "query": "source:zero-networks service:audit @fields_mapping.auditType:(\"Outbound JIT rule created\" OR \"Outbound JIT rule deleted\" OR \"Outbound JIT rule expired\") $User $User-Role $Enforcement-Source" }, "indexes": [ "*" ], "group_by": [ { - "facet": "@auditType", + "facet": "@fields_mapping.auditType", "limit": 10, "sort": { "aggregation": "count", @@ -2970,14 +2975,14 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:audit enforcement_source:MFA @auditType:(\"Inbound MFA policy created\" OR \"Inbound MFA policy edited\" OR \"Inbound MFA policy deleted\") $User $User-Role $Enforcement-Source" + "query": "source:zero-networks service:audit @enforcement_source:MFA @fields_mapping.auditType:(\"Inbound MFA policy created\" OR \"Inbound MFA policy edited\" OR \"Inbound MFA policy deleted\") $User $User-Role $Enforcement-Source" }, "indexes": [ "*" ], "group_by": [ { - "facet": "@auditType", + "facet": "@fields_mapping.auditType", "limit": 10, "sort": { "aggregation": "count", @@ -3039,14 +3044,14 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:audit enforcement_source:MFA @auditType:(\"Outbound MFA policy created\" OR \"Outbound MFA policy edited\" OR \"Outbound MFA policy deleted\") $User $User-Role $Enforcement-Source" + "query": "source:zero-networks service:audit @enforcement_source:MFA @fields_mapping.auditType:(\"Outbound MFA policy created\" OR \"Outbound MFA policy edited\" OR \"Outbound MFA policy deleted\") $User $User-Role $Enforcement-Source" }, "indexes": [ "*" ], "group_by": [ { - "facet": "@auditType", + "facet": "@fields_mapping.auditType", "limit": 10, "sort": { "aggregation": "count", @@ -3108,20 +3113,21 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:audit @auditType:(\"Inbound allow rule created\" OR \"Inbound allow rule deleted\" OR \"Inbound allow rule expired\" OR \"Inbound allow rule edited\") $User $User-Role $Enforcement-Source" + "query": "source:zero-networks service:audit @fields_mapping.auditType:(\"Inbound allow rule created\" OR \"Inbound allow rule deleted\" OR \"Inbound allow rule expired\" OR \"Inbound allow rule edited\") $User $User-Role $Enforcement-Source" }, "indexes": [ "*" ], "group_by": [ { - "facet": "@auditType", + "facet": "@fields_mapping.auditType", "limit": 10, "sort": { "aggregation": "count", "order": "desc", "metric": "count" - } + }, + "should_exclude_missing": true } ], "compute": { @@ -3176,14 +3182,14 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:audit @auditType:(\"Outbound allow rule created\" OR \"Outbound allow rule deleted\" OR \"Outbound allow rule expired\" OR \"Outbound allow rule edited\") $User $User-Role $Enforcement-Source" + "query": "source:zero-networks service:audit @fields_mapping.auditType:(\"Outbound allow rule created\" OR \"Outbound allow rule deleted\" OR \"Outbound allow rule expired\" OR \"Outbound allow rule edited\") $User $User-Role $Enforcement-Source" }, "indexes": [ "*" ], "group_by": [ { - "facet": "@auditType", + "facet": "@fields_mapping.auditType", "limit": 10, "sort": { "aggregation": "count", @@ -3245,14 +3251,14 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:audit @auditType:(\"Inbound block rule created\" OR \"Inbound block rule deleted\" OR \"Inbound block rule expired\" OR \"Inbound block rule edited\") $User $User-Role $Enforcement-Source" + "query": "source:zero-networks service:audit @fields_mapping.auditType:(\"Inbound block rule created\" OR \"Inbound block rule deleted\" OR \"Inbound block rule expired\" OR \"Inbound block rule edited\") $User $User-Role $Enforcement-Source" }, "indexes": [ "*" ], "group_by": [ { - "facet": "@auditType", + "facet": "@fields_mapping.auditType", "limit": 10, "sort": { "aggregation": "count", @@ -3314,14 +3320,14 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:audit @auditType:(\"Outbound block rule created\" OR \"Outbound block rule deleted\" OR \"Outbound block rule expired\" OR \"Outbound block rule edited\") $User $User-Role $Enforcement-Source" + "query": "source:zero-networks service:audit @fields_mapping.auditType:(\"Outbound block rule created\" OR \"Outbound block rule deleted\" OR \"Outbound block rule expired\" OR \"Outbound block rule edited\") $User $User-Role $Enforcement-Source" }, "indexes": [ "*" ], "group_by": [ { - "facet": "@auditType", + "facet": "@fields_mapping.auditType", "limit": 10, "sort": { "aggregation": "count", @@ -3383,14 +3389,14 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:audit @auditType:(\"Connect session created\" OR \"Connect session expired\" OR \"Connect session revoked\" OR \"Connect session logged out\" OR \"Connect session extended\") $User $User-Role $Enforcement-Source" + "query": "source:zero-networks service:audit @fields_mapping.auditType:(\"Connect session created\" OR \"Connect session expired\" OR \"Connect session revoked\" OR \"Connect session logged out\" OR \"Connect session extended\") $User $User-Role $Enforcement-Source" }, "indexes": [ "*" ], "group_by": [ { - "facet": "@auditType", + "facet": "@fields_mapping.auditType", "limit": 10, "sort": { "aggregation": "count", @@ -3452,14 +3458,14 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:audit @auditType:(\"Connect region created\" OR \"Connect region edited\") $User $User-Role $Enforcement-Source" + "query": "source:zero-networks service:audit @fields_mapping.auditType:(\"Connect region created\" OR \"Connect region edited\") $User $User-Role $Enforcement-Source" }, "indexes": [ "*" ], "group_by": [ { - "facet": "@auditType", + "facet": "@fields_mapping.auditType", "limit": 10, "sort": { "aggregation": "count", @@ -3521,14 +3527,14 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:audit @auditType:(\"Connect server deployed\" OR \"Connect server edited\") $User $User-Role $Enforcement-Source" + "query": "source:zero-networks service:audit @fields_mapping.auditType:(\"Connect server deployed\" OR \"Connect server edited\") $User $User-Role $Enforcement-Source" }, "indexes": [ "*" ], "group_by": [ { - "facet": "@auditType", + "facet": "@fields_mapping.auditType", "limit": 10, "sort": { "aggregation": "count", @@ -3590,14 +3596,14 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:audit @auditType:(\"Rules RPC rule created\" OR \"Rules RPC rule deleted\" OR \"Rules RPC rule expired\" OR \"Rules RPC rule edited\") $User $User-Role $Enforcement-Source" + "query": "source:zero-networks service:audit @fields_mapping.auditType:(\"Rules RPC rule created\" OR \"Rules RPC rule deleted\" OR \"Rules RPC rule expired\" OR \"Rules RPC rule edited\") $User $User-Role $Enforcement-Source" }, "indexes": [ "*" ], "group_by": [ { - "facet": "@auditType", + "facet": "@fields_mapping.auditType", "limit": 10, "sort": { "aggregation": "count", @@ -3659,14 +3665,14 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:audit @auditType:(\"AI inbound allow rule rejected\" OR \"AI inbound allow rule approved\" OR \"AI inbound allow rule approved with changes\") $User $User-Role $Enforcement-Source" + "query": "source:zero-networks service:audit @fields_mapping.auditType:(\"AI inbound allow rule rejected\" OR \"AI inbound allow rule approved\" OR \"AI inbound allow rule approved with changes\") $User $User-Role $Enforcement-Source" }, "indexes": [ "*" ], "group_by": [ { - "facet": "@auditType", + "facet": "@fields_mapping.auditType", "limit": 10, "sort": { "aggregation": "count", @@ -3728,14 +3734,14 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:audit @auditType:(\"AI outbound allow rule rejected\" OR \"AI outbound allow rule approved\" OR \"AI outbound allow rule approved with changes\") $User $User-Role $Enforcement-Source" + "query": "source:zero-networks service:audit @fields_mapping.auditType:(\"AI outbound allow rule rejected\" OR \"AI outbound allow rule approved\" OR \"AI outbound allow rule approved with changes\") $User $User-Role $Enforcement-Source" }, "indexes": [ "*" ], "group_by": [ { - "facet": "@auditType", + "facet": "@fields_mapping.auditType", "limit": 10, "sort": { "aggregation": "count", @@ -3797,14 +3803,14 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:audit @auditType:(\"AI inbound block rule rejected\" OR \"AI inbound block rule approved\" OR \"AI inbound block rule approved with changes\") $User $User-Role $Enforcement-Source" + "query": "source:zero-networks service:audit @fields_mapping.auditType:(\"AI inbound block rule rejected\" OR \"AI inbound block rule approved\" OR \"AI inbound block rule approved with changes\") $User $User-Role $Enforcement-Source" }, "indexes": [ "*" ], "group_by": [ { - "facet": "@auditType", + "facet": "@fields_mapping.auditType", "limit": 10, "sort": { "aggregation": "count", @@ -3866,14 +3872,14 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:audit @auditType:(\"AI outbound block rule rejected\" OR \"AI outbound block rule approved\" OR \"AI outbound block rule approved with changes\") $User $User-Role $Enforcement-Source" + "query": "source:zero-networks service:audit @fields_mapping.auditType:(\"AI outbound block rule rejected\" OR \"AI outbound block rule approved\" OR \"AI outbound block rule approved with changes\") $User $User-Role $Enforcement-Source" }, "indexes": [ "*" ], "group_by": [ { - "facet": "@auditType", + "facet": "@fields_mapping.auditType", "limit": 10, "sort": { "aggregation": "count", @@ -3935,14 +3941,14 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:audit @auditType:(\"Identity rule created\" OR \"Identity rule deleted\" OR \"Identity rule expired\" OR \"Identity rule edited\") $User $User-Role $Enforcement-Source" + "query": "source:zero-networks service:audit @fields_mapping.auditType:(\"Identity rule created\" OR \"Identity rule deleted\" OR \"Identity rule expired\" OR \"Identity rule edited\") $User $User-Role $Enforcement-Source" }, "indexes": [ "*" ], "group_by": [ { - "facet": "@auditType", + "facet": "@fields_mapping.auditType", "limit": 10, "sort": { "aggregation": "count", @@ -4023,7 +4029,7 @@ "width": "auto" }, { - "field": "auditType", + "field": "fields_mapping.auditType", "width": "auto" } ] diff --git a/zero_networks/assets/dashboards/zero_networks_network_activities.json b/zero_networks/assets/dashboards/zero_networks_network_activities.json index 4f92c3ea1342f..328548a9daf6e 100644 --- a/zero_networks/assets/dashboards/zero_networks_network_activities.json +++ b/zero_networks/assets/dashboards/zero_networks_network_activities.json @@ -374,7 +374,7 @@ { "id": 8700812738359164, "definition": { - "title": "Medium Security Signals", + "title": "Critical Security Signals", "title_size": "16", "title_align": "left", "type": "toplist", @@ -401,7 +401,7 @@ } ], "search": { - "query": "source:zero-networks service:network-activities status:medium $User $IP $Traffic-Type $State $Protocol" + "query": "source:zero-networks service:network-activities status:critical $User $IP $Traffic-Type $State $Protocol" } } ], @@ -441,14 +441,167 @@ "layout": { "x": 4, "y": 1, - "width": 4, + "width": 8, "height": 4 } }, { - "id": 8590036025513724, + "id": 6750891340282460, "definition": { - "title": "Low Security Signals", + "title": "MEDIUMs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:zero-networks service:network-activities status:medium $User $IP $Traffic-Type $State $Protocol" + } + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#e5a21c" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 0, + "y": 3, + "width": 2, + "height": 2 + } + }, + { + "id": 2964548153610178, + "definition": { + "title": "LOWs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:zero-networks service:network-activities status:low $User $IP $Traffic-Type $State $Protocol" + } + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#ffb52b" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 2, + "y": 3, + "width": 2, + "height": 1 + } + }, + { + "id": 3511561538032828, + "definition": { + "title": "INFOs", + "title_size": "16", + "title_align": "left", + "type": "query_value", + "requests": [ + { + "response_format": "scalar", + "queries": [ + { + "data_source": "security_signals", + "name": "query1", + "indexes": [ + "*" + ], + "compute": { + "aggregation": "count" + }, + "group_by": [], + "search": { + "query": "source:zero-networks service:network-activities status:info $User $IP $Traffic-Type $State $Protocol" + } + } + ], + "formulas": [ + { + "formula": "query1" + } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#84c1e0" + } + ] + } + ], + "autoscale": true, + "precision": 2 + }, + "layout": { + "x": 2, + "y": 4, + "width": 2, + "height": 1 + } + }, + { + "id": 3680138366512730, + "definition": { + "title": "High Security Signals", "title_size": "16", "title_align": "left", "type": "toplist", @@ -475,7 +628,7 @@ } ], "search": { - "query": "source:zero-networks service:network-activities status:low $User $IP $Traffic-Type $State $Protocol" + "query": "source:zero-networks service:network-activities status:high $User $IP $Traffic-Type $State $Protocol" } } ], @@ -485,7 +638,7 @@ "comparator": ">", "value": 0, "palette": "custom_bg", - "custom_bg_color": "#ffb52b" + "custom_bg_color": "#e5a21c" } ], "formulas": [ @@ -513,22 +666,21 @@ } }, "layout": { - "x": 8, - "y": 1, - "width": 4, + "x": 0, + "y": 5, + "width": 6, "height": 4 } }, { - "id": 6750891340282460, + "id": 8590036025513724, "definition": { - "title": "MEDIUMs", + "title": "Medium Security Signals", "title_size": "16", "title_align": "left", - "type": "query_value", + "type": "toplist", "requests": [ { - "response_format": "scalar", "queries": [ { "data_source": "security_signals", @@ -539,47 +691,70 @@ "compute": { "aggregation": "count" }, - "group_by": [], + "group_by": [ + { + "facet": "@workflow.rule.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], "search": { "query": "source:zero-networks service:network-activities status:medium $User $IP $Traffic-Type $State $Protocol" } } ], - "formulas": [ - { - "formula": "query1" - } - ], + "response_format": "scalar", "conditional_formats": [ { "comparator": ">", "value": 0, "palette": "custom_bg", - "custom_bg_color": "#e5a21c" + "custom_bg_color": "#ffb52b" } - ] + ], + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } } ], - "autoscale": true, - "precision": 2 + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } }, "layout": { - "x": 0, - "y": 3, - "width": 2, - "height": 2 + "x": 6, + "y": 5, + "width": 6, + "height": 4 } }, { - "id": 2964548153610178, + "id": 6292364445193512, "definition": { - "title": "LOWs", + "title": "Info Security Signals", "title_size": "16", "title_align": "left", - "type": "query_value", + "type": "toplist", "requests": [ { - "response_format": "scalar", "queries": [ { "data_source": "security_signals", @@ -590,47 +765,70 @@ "compute": { "aggregation": "count" }, - "group_by": [], + "group_by": [ + { + "facet": "@workflow.rule.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], "search": { - "query": "source:zero-networks service:network-activities status:low $User $IP $Traffic-Type $State $Protocol" + "query": "source:zero-networks service:network-activities status:info $User $IP $Traffic-Type $State $Protocol" } } ], - "formulas": [ - { - "formula": "query1" - } - ], + "response_format": "scalar", "conditional_formats": [ { "comparator": ">", "value": 0, "palette": "custom_bg", - "custom_bg_color": "#ffb52b" + "custom_bg_color": "#e5a21c" } - ] + ], + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } } ], - "autoscale": true, - "precision": 2 + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } }, "layout": { - "x": 2, - "y": 3, - "width": 2, - "height": 1 + "x": 0, + "y": 9, + "width": 6, + "height": 4 } }, { - "id": 3511561538032828, + "id": 1513911561139188, "definition": { - "title": "INFOs", + "title": "Low Security Signals", "title_size": "16", "title_align": "left", - "type": "query_value", + "type": "toplist", "requests": [ { - "response_format": "scalar", "queries": [ { "data_source": "security_signals", @@ -641,35 +839,59 @@ "compute": { "aggregation": "count" }, - "group_by": [], + "group_by": [ + { + "facet": "@workflow.rule.name", + "limit": 10, + "sort": { + "order": "desc", + "aggregation": "count" + } + } + ], "search": { - "query": "source:zero-networks service:network-activities status:info $User $IP $Traffic-Type $State $Protocol" + "query": "source:zero-networks service:network-activities status:low $User $IP $Traffic-Type $State $Protocol" } } ], - "formulas": [ - { - "formula": "query1" - } - ], + "response_format": "scalar", "conditional_formats": [ { "comparator": ">", "value": 0, "palette": "custom_bg", - "custom_bg_color": "#84c1e0" + "custom_bg_color": "#e5a21c" } - ] + ], + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 10, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } } ], - "autoscale": true, - "precision": 2 + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } }, "layout": { - "x": 2, - "y": 4, - "width": 2, - "height": 1 + "x": 6, + "y": 9, + "width": 6, + "height": 4 } } ] @@ -678,7 +900,7 @@ "x": 0, "y": 9, "width": 12, - "height": 6 + "height": 1 } }, { @@ -711,7 +933,7 @@ ], "group_by": [ { - "facet": "@protocol", + "facet": "@fields_mapping.protocol", "limit": 10, "sort": { "aggregation": "count", @@ -785,13 +1007,14 @@ ], "group_by": [ { - "facet": "@trafficType", + "facet": "@fields_mapping.trafficType", "limit": 10, "sort": { "aggregation": "count", "order": "desc", "metric": "count" - } + }, + "should_exclude_missing": true } ], "compute": { @@ -842,7 +1065,7 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:network-activities @trafficType:Internal $User $IP $Traffic-Type $State $Protocol" + "query": "source:zero-networks service:network-activities @fields_mapping.trafficType:Internal $User $IP $Traffic-Type $State $Protocol" }, "indexes": [ "*" @@ -858,6 +1081,13 @@ { "formula": "query1" } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_yellow" + } ] } ], @@ -886,7 +1116,7 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:network-activities @trafficType:External $User $IP $Traffic-Type $State $Protocol" + "query": "source:zero-networks service:network-activities @fields_mapping.trafficType:External $User $IP $Traffic-Type $State $Protocol" }, "indexes": [ "*" @@ -902,6 +1132,13 @@ { "formula": "query1" } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_red" + } ] } ], @@ -930,7 +1167,7 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:network-activities @trafficType:Both $User $IP $Traffic-Type $State $Protocol" + "query": "source:zero-networks service:network-activities @fields_mapping.trafficType:Both $User $IP $Traffic-Type $State $Protocol" }, "indexes": [ "*" @@ -946,6 +1183,14 @@ { "formula": "query1" } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#e4f4f7" + } ] } ], @@ -962,7 +1207,7 @@ { "id": 4018554368221482, "definition": { - "title": "Top IP's", + "title": "Top IPs", "title_size": "16", "title_align": "left", "type": "toplist", @@ -1054,13 +1299,14 @@ ], "group_by": [ { - "facet": "@state", + "facet": "@fields_mapping.state", "limit": 10, "sort": { "aggregation": "count", "order": "desc", "metric": "count" - } + }, + "should_exclude_missing": true } ], "compute": { @@ -1111,7 +1357,7 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:network-activities @state:Blocked $User $IP $Traffic-Type $State $Protocol" + "query": "source:zero-networks service:network-activities @fields_mapping.state:Blocked $User $IP $Traffic-Type $State $Protocol" }, "indexes": [ "*" @@ -1127,6 +1373,13 @@ { "formula": "query1" } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_yellow" + } ] } ], @@ -1155,7 +1408,7 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:network-activities @state:\"Blocked At Source\" $User $IP $Traffic-Type $State $Protocol" + "query": "source:zero-networks service:network-activities @fields_mapping.state:\"Blocked At Source\" $User $IP $Traffic-Type $State $Protocol" }, "indexes": [ "*" @@ -1171,6 +1424,13 @@ { "formula": "query1" } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_red" + } ] } ], @@ -1199,7 +1459,7 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:network-activities @state:Requested $User $IP $Traffic-Type $State $Protocol" + "query": "source:zero-networks service:network-activities @fields_mapping.state:Requested $User $IP $Traffic-Type $State $Protocol" }, "indexes": [ "*" @@ -1215,6 +1475,14 @@ { "formula": "query1" } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#ebfaff" + } ] } ], @@ -1243,7 +1511,7 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:network-activities @state:\"Blocked By Third Party\" $User $IP $Traffic-Type $State $Protocol" + "query": "source:zero-networks service:network-activities @fields_mapping.state:\"Blocked By Third Party\" $User $IP $Traffic-Type $State $Protocol" }, "indexes": [ "*" @@ -1259,6 +1527,14 @@ { "formula": "query1" } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#f4cdd9" + } ] } ], @@ -1287,7 +1563,7 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:network-activities @state:\"Blocked At Source By Third Party\" $User $IP $Traffic-Type $State $Protocol" + "query": "source:zero-networks service:network-activities @fields_mapping.state:\"Blocked At Source By Third Party\" $User $IP $Traffic-Type $State $Protocol" }, "indexes": [ "*" @@ -1303,6 +1579,14 @@ { "formula": "query1" } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#f7c0c0" + } ] } ], @@ -1331,7 +1615,7 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:network-activities @state:Established $User $IP $Traffic-Type $State $Protocol" + "query": "source:zero-networks service:network-activities @fields_mapping.state:Established $User $IP $Traffic-Type $State $Protocol" }, "indexes": [ "*" @@ -1347,6 +1631,13 @@ { "formula": "query1" } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "black_on_light_green" + } ] } ], @@ -1375,7 +1666,7 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:network-activities @protocol:TCP $User $IP $Traffic-Type $State $Protocol" + "query": "source:zero-networks service:network-activities @fields_mapping.protocol:TCP $User $IP $Traffic-Type $State $Protocol" }, "indexes": [ "*" @@ -1391,6 +1682,14 @@ { "formula": "query1" } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#e3f6f8" + } ] } ], @@ -1419,7 +1718,7 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:network-activities @protocol:UDP $User $IP $Traffic-Type $State $Protocol" + "query": "source:zero-networks service:network-activities @fields_mapping.protocol:UDP $User $IP $Traffic-Type $State $Protocol" }, "indexes": [ "*" @@ -1435,6 +1734,14 @@ { "formula": "query1" } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#fbe2fd" + } ] } ], @@ -1463,7 +1770,7 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:network-activities @protocol:ICMP $User $IP $Traffic-Type $State $Protocol" + "query": "source:zero-networks service:network-activities @fields_mapping.protocol:ICMP $User $IP $Traffic-Type $State $Protocol" }, "indexes": [ "*" @@ -1479,6 +1786,14 @@ { "formula": "query1" } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#f8e3e3" + } ] } ], @@ -1507,7 +1822,7 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:network-activities @protocol:RDP $User $IP $Traffic-Type $State $Protocol" + "query": "source:zero-networks service:network-activities @fields_mapping.protocol:RDP $User $IP $Traffic-Type $State $Protocol" }, "indexes": [ "*" @@ -1523,6 +1838,14 @@ { "formula": "query1" } + ], + "conditional_formats": [ + { + "comparator": ">", + "value": 0, + "palette": "custom_bg", + "custom_bg_color": "#edeefd" + } ] } ], @@ -1539,7 +1862,7 @@ { "id": 8071523453594128, "definition": { - "title": "Top Destination Asset Sources", + "title": "Top Destination Asset Types", "title_size": "16", "title_align": "left", "type": "toplist", @@ -1557,7 +1880,7 @@ ], "group_by": [ { - "facet": "@dst.assetSrc", + "facet": "@fields_mapping.dst.assetType", "limit": 10, "sort": { "aggregation": "count", @@ -1606,9 +1929,9 @@ } }, { - "id": 5632667227080570, + "id": 5123855718486176, "definition": { - "title": "Top Destination Network Protection States", + "title": "Top Destination IP Addresses", "title_size": "16", "title_align": "left", "type": "toplist", @@ -1626,14 +1949,13 @@ ], "group_by": [ { - "facet": "@dst.networkProtectionState", + "facet": "@network.destination.ip", "limit": 10, "sort": { "aggregation": "count", "order": "desc", "metric": "count" - }, - "should_exclude_missing": true + } } ], "compute": { @@ -1695,7 +2017,7 @@ ], "group_by": [ { - "facet": "@dst.fqdn", + "facet": "@record.dst.fqdn", "limit": 10, "sort": { "aggregation": "count", @@ -1744,9 +2066,9 @@ } }, { - "id": 5123855718486176, + "id": 44790517895590, "definition": { - "title": "Top Destination IP Addresses", + "title": "Top Destination Processes", "title_size": "16", "title_align": "left", "type": "toplist", @@ -1764,13 +2086,14 @@ ], "group_by": [ { - "facet": "@network.destination.ip", + "facet": "@record.dst.processName", "limit": 10, "sort": { "aggregation": "count", "order": "desc", "metric": "count" - } + }, + "should_exclude_missing": true } ], "compute": { @@ -1812,60 +2135,12 @@ } }, { - "id": 1840424163789940, - "definition": { - "title": "Destination Process Details", - "title_size": "16", - "title_align": "left", - "requests": [ - { - "response_format": "event_list", - "query": { - "data_source": "logs_stream", - "query_string": "source:zero-networks service:network-activities $User $IP $Traffic-Type $State $Protocol", - "indexes": [], - "storage": "hot", - "sort": { - "order": "desc", - "column": "timestamp" - } - }, - "columns": [ - { - "field": "dst.assetId", - "width": "auto" - }, - { - "field": "dst.processId", - "width": "auto" - }, - { - "field": "dst.processName", - "width": "auto" - }, - { - "field": "dst.processPath", - "width": "auto" - } - ] - } - ], - "type": "list_stream" - }, - "layout": { - "x": 4, - "y": 28, - "width": 8, - "height": 4 - } - }, - { - "id": 44790517895590, + "id": 6589084141519102, "definition": { - "title": "Top Destination Processes", + "title": "Destination User Details", "title_size": "16", "title_align": "left", - "type": "toplist", + "type": "query_table", "requests": [ { "queries": [ @@ -1880,7 +2155,27 @@ ], "group_by": [ { - "facet": "@dst.processName", + "facet": "@record.dst.assetId", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@record.dst.userId", + "limit": 10, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + }, + { + "facet": "@record.dst.userName", "limit": 10, "sort": { "aggregation": "count", @@ -1897,13 +2192,8 @@ } ], "response_format": "scalar", - "formulas": [ - { - "formula": "query1" - } - ], "sort": { - "count": 10, + "count": 1000, "order_by": [ { "type": "formula", @@ -1911,65 +2201,46 @@ "order": "desc" } ] - } + }, + "formulas": [ + { + "cell_display_mode": "bar", + "formula": "query1" + } + ] } ], - "style": { - "display": { - "type": "stacked", - "legend": "automatic" - } - } + "has_search_bar": "auto" }, "layout": { - "x": 0, - "y": 32, - "width": 4, + "x": 4, + "y": 28, + "width": 8, "height": 4 } }, { - "id": 6589084141519102, + "id": 6297826389227418, "definition": { - "title": "Destination User Details", + "title": "Top Destination Asset Sources", "title_size": "16", "title_align": "left", - "type": "query_table", - "requests": [ - { - "queries": [ - { - "name": "query1", - "data_source": "logs", - "search": { - "query": "source:zero-networks service:network-activities $User $IP $Traffic-Type $State $Protocol" - }, - "indexes": [ - "*" - ], - "group_by": [ - { - "facet": "@dst.assetId", - "limit": 10, - "sort": { - "aggregation": "count", - "order": "desc", - "metric": "count" - }, - "should_exclude_missing": true - }, - { - "facet": "@dst.userId", - "limit": 10, - "sort": { - "aggregation": "count", - "order": "desc", - "metric": "count" - }, - "should_exclude_missing": true - }, + "type": "toplist", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:network-activities $User $IP $Traffic-Type $State $Protocol" + }, + "indexes": [ + "*" + ], + "group_by": [ { - "facet": "@dst.userName", + "facet": "@fields_mapping.src.assetSrc", "limit": 10, "sort": { "aggregation": "count", @@ -1986,8 +2257,13 @@ } ], "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], "sort": { - "count": 1000, + "count": 10, "order_by": [ { "type": "formula", @@ -1995,16 +2271,63 @@ "order": "desc" } ] + } + } + ], + "style": { + "display": { + "type": "stacked", + "legend": "automatic" + } + } + }, + "layout": { + "x": 0, + "y": 32, + "width": 4, + "height": 4 + } + }, + { + "id": 1840424163789940, + "definition": { + "title": "Destination Process Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:zero-networks service:network-activities $User $IP $Traffic-Type $State $Protocol", + "indexes": [], + "storage": "hot", + "sort": { + "order": "desc", + "column": "timestamp" + } }, - "formulas": [ + "columns": [ { - "cell_display_mode": "bar", - "formula": "query1" + "field": "record.dst.assetId", + "width": "auto" + }, + { + "field": "record.dst.processId", + "width": "auto" + }, + { + "field": "record.dst.processName", + "width": "auto" + }, + { + "field": "record.dst.processPath", + "width": "auto" } ] } ], - "has_search_bar": "auto" + "type": "list_stream" }, "layout": { "x": 4, @@ -2034,7 +2357,7 @@ }, "columns": [ { - "field": "dst.assetId", + "field": "record.dst.assetId", "width": "auto" }, { @@ -2046,23 +2369,23 @@ "width": "auto" }, { - "field": "dst.ipThreatScore", + "field": "record.dst.ipThreatScore", "width": "auto" }, { - "field": "dst.eventRecorId", + "field": "record.dst.eventRecorId", "width": "auto" }, { - "field": "dst.processId", + "field": "record.dst.processId", "width": "auto" }, { - "field": "dst.processName", + "field": "record.dst.processName", "width": "auto" }, { - "field": "dst.processPath", + "field": "record.dst.processPath", "width": "auto" } ] @@ -2080,7 +2403,7 @@ { "id": 8588088349138280, "definition": { - "title": "Top Asset Sources", + "title": "Top Source Asset Types", "title_size": "16", "title_align": "left", "type": "toplist", @@ -2098,7 +2421,7 @@ ], "group_by": [ { - "facet": "@src.assetSrc", + "facet": "@fields_mapping.src.assetType", "limit": 10, "sort": { "aggregation": "count", @@ -2147,9 +2470,9 @@ } }, { - "id": 3951358046142266, + "id": 6921995545111866, "definition": { - "title": "Top Source Network Protection State", + "title": "Top Source IP Addresses", "title_size": "16", "title_align": "left", "type": "toplist", @@ -2167,14 +2490,13 @@ ], "group_by": [ { - "facet": "@src.networkProtectionState", + "facet": "@network.client.ip", "limit": 10, "sort": { "aggregation": "count", "order": "desc", "metric": "count" - }, - "should_exclude_missing": true + } } ], "compute": { @@ -2236,7 +2558,7 @@ ], "group_by": [ { - "facet": "@src.fqdn", + "facet": "@record.src.fqdn", "limit": 10, "sort": { "aggregation": "count", @@ -2305,7 +2627,7 @@ ], "group_by": [ { - "facet": "@src.processName", + "facet": "@record.src.processName", "limit": 10, "sort": { "aggregation": "count", @@ -2349,14 +2671,62 @@ "layout": { "x": 0, "y": 44, - "width": 6, + "width": 4, "height": 4 } }, { - "id": 6921995545111866, + "id": 8960629590747932, "definition": { - "title": "Top Source IP Addresses", + "title": "Source Process Details", + "title_size": "16", + "title_align": "left", + "requests": [ + { + "response_format": "event_list", + "query": { + "data_source": "logs_stream", + "query_string": "source:zero-networks service:network-activities $User $IP $Traffic-Type $State $Protocol", + "indexes": [], + "storage": "hot", + "sort": { + "order": "desc", + "column": "timestamp" + } + }, + "columns": [ + { + "field": "record.src.assetId", + "width": "auto" + }, + { + "field": "record.src.processId", + "width": "auto" + }, + { + "field": "record.src.processName", + "width": "auto" + }, + { + "field": "record.src.processPath", + "width": "auto" + } + ] + } + ], + "type": "list_stream" + }, + "layout": { + "x": 4, + "y": 44, + "width": 8, + "height": 4 + } + }, + { + "id": 8107362937220770, + "definition": { + "title": "Top Asset Sources", "title_size": "16", "title_align": "left", "type": "toplist", @@ -2374,13 +2744,14 @@ ], "group_by": [ { - "facet": "@network.client.ip", + "facet": "@fields_mapping.src.assetSrc", "limit": 10, "sort": { "aggregation": "count", "order": "desc", "metric": "count" - } + }, + "should_exclude_missing": true } ], "compute": { @@ -2414,58 +2785,10 @@ } } }, - "layout": { - "x": 6, - "y": 44, - "width": 6, - "height": 4 - } - }, - { - "id": 8960629590747932, - "definition": { - "title": "Source Process Details", - "title_size": "16", - "title_align": "left", - "requests": [ - { - "response_format": "event_list", - "query": { - "data_source": "logs_stream", - "query_string": "source:zero-networks service:network-activities $User $IP $Traffic-Type $State $Protocol", - "indexes": [], - "storage": "hot", - "sort": { - "order": "desc", - "column": "timestamp" - } - }, - "columns": [ - { - "field": "src.assetId", - "width": "auto" - }, - { - "field": "src.processId", - "width": "auto" - }, - { - "field": "src.processName", - "width": "auto" - }, - { - "field": "src.processPath", - "width": "auto" - } - ] - } - ], - "type": "list_stream" - }, "layout": { "x": 0, "y": 48, - "width": 12, + "width": 4, "height": 4 } }, @@ -2490,7 +2813,7 @@ }, "columns": [ { - "field": "src.assetId", + "field": "record.src.assetId", "width": "auto" }, { @@ -2502,23 +2825,23 @@ "width": "auto" }, { - "field": "src.ipThreatScore", + "field": "record.src.ipThreatScore", "width": "auto" }, { - "field": "src.processId", + "field": "record.src.processId", "width": "auto" }, { - "field": "src.processName", + "field": "record.src.processName", "width": "auto" }, { - "field": "src.processPath", + "field": "record.src.processPath", "width": "auto" }, { - "field": "src.eventRecordId", + "field": "record.src.eventRecordId", "width": "auto" } ] @@ -2527,9 +2850,9 @@ "type": "list_stream" }, "layout": { - "x": 0, - "y": 52, - "width": 12, + "x": 4, + "y": 48, + "width": 8, "height": 4 } }, @@ -2596,6 +2919,76 @@ "focus": "WORLD" } }, + "layout": { + "x": 0, + "y": 52, + "width": 12, + "height": 4 + } + }, + { + "id": 2675206461490272, + "definition": { + "title": "Network Activities by Destination Country", + "title_size": "16", + "title_align": "left", + "type": "geomap", + "requests": [ + { + "queries": [ + { + "name": "query1", + "data_source": "logs", + "search": { + "query": "source:zero-networks service:network-activities $User $IP $Traffic-Type $State $Protocol" + }, + "indexes": [ + "*" + ], + "group_by": [ + { + "facet": "@network.destination.geoip.country.iso_code", + "limit": 250, + "sort": { + "aggregation": "count", + "order": "desc", + "metric": "count" + }, + "should_exclude_missing": true + } + ], + "compute": { + "aggregation": "count" + }, + "storage": "hot" + } + ], + "response_format": "scalar", + "formulas": [ + { + "formula": "query1" + } + ], + "sort": { + "count": 250, + "order_by": [ + { + "type": "formula", + "index": 0, + "order": "desc" + } + ] + } + } + ], + "style": { + "palette": "hostmap_blues", + "palette_flip": false + }, + "view": { + "focus": "WORLD" + } + }, "layout": { "x": 0, "y": 56, @@ -2632,11 +3025,11 @@ "width": "auto" }, { - "field": "protocol", + "field": "fields_mapping.protocol", "width": "auto" }, { - "field": "trafficType", + "field": "fields_mapping.trafficType", "width": "auto" }, { @@ -2644,19 +3037,15 @@ "width": "auto" }, { - "field": "state", - "width": "auto" - }, - { - "field": "dst.assetSrc", + "field": "fields_mapping.state", "width": "auto" }, { - "field": "dst.networkProtectionState", + "field": "record.dst.assetSrc", "width": "auto" }, { - "field": "dst.fqdn", + "field": "record.dst.fqdn", "width": "auto" }, { @@ -2664,27 +3053,27 @@ "width": "auto" }, { - "field": "dst.assetId", + "field": "record.dst.assetId", "width": "auto" }, { - "field": "dst.processId", + "field": "record.dst.processId", "width": "auto" }, { - "field": "dst.processName", + "field": "record.dst.processName", "width": "auto" }, { - "field": "dst.processPath", + "field": "record.dst.processPath", "width": "auto" }, { - "field": "dst.userId", + "field": "record.dst.userId", "width": "auto" }, { - "field": "dst.userName", + "field": "record.dst.userName", "width": "auto" }, { @@ -2692,27 +3081,23 @@ "width": "auto" }, { - "field": "dst.ipThreatScore", - "width": "auto" - }, - { - "field": "dst.eventRecordId", + "field": "record.dst.ipThreatScore", "width": "auto" }, { - "field": "dst.ipThreatScore", + "field": "record.dst.eventRecordId", "width": "auto" }, { - "field": "src.assetSrc", + "field": "record.dst.ipThreatScore", "width": "auto" }, { - "field": "src.networkProtectionState", + "field": "record.src.assetSrc", "width": "auto" }, { - "field": "src.fqdn", + "field": "record.src.fqdn", "width": "auto" }, { @@ -2720,19 +3105,19 @@ "width": "auto" }, { - "field": "src.assetId", + "field": "record.src.assetId", "width": "auto" }, { - "field": "src.processId", + "field": "record.src.processId", "width": "auto" }, { - "field": "src.processName", + "field": "record.src.processName", "width": "auto" }, { - "field": "src.processPath", + "field": "record.src.processPath", "width": "auto" }, { @@ -2740,19 +3125,19 @@ "width": "auto" }, { - "field": "src.ipThreatScore", + "field": "record.src.ipThreatScore", "width": "auto" }, { - "field": "src.eventRecordId", + "field": "record.src.eventRecordId", "width": "auto" }, { - "field": "src.processPath", + "field": "record.src.processPath", "width": "auto" }, { - "field": "src.processPath", + "field": "record.src.processPath", "width": "auto" } ] @@ -2771,7 +3156,7 @@ }, "layout": { "x": 0, - "y": 15, + "y": 10, "width": 12, "height": 65 } diff --git a/zero_networks/assets/logs/zero-networks.yaml b/zero_networks/assets/logs/zero-networks.yaml index c970db7a37564..c4dd7381fcf1d 100644 --- a/zero_networks/assets/logs/zero-networks.yaml +++ b/zero_networks/assets/logs/zero-networks.yaml @@ -3,39 +3,14 @@ metric_id: "zero-networks" backend_only: false facets: - groups: - - Geoip - name: City Name - path: network.client.geoip.city.name - source: log - - groups: - - Geoip - name: Continent Code - path: network.client.geoip.continent.code - source: log - - groups: - - Geoip - name: Continent Name - path: network.client.geoip.continent.name - source: log - - groups: - - Geoip - name: Country ISO Code - path: network.client.geoip.country.iso_code - source: log - - groups: - - Geoip - name: Country Name - path: network.client.geoip.country.name - source: log - - groups: - - Geoip - name: Subdivision ISO Code - path: network.client.geoip.subdivision.iso_code + - User + name: User ID + path: usr.id source: log - groups: - - Geoip - name: Subdivision Name - path: network.client.geoip.subdivision.name + - User + name: User Name + path: usr.name source: log - groups: - Web Access @@ -44,64 +19,19 @@ facets: source: log - groups: - Web Access - name: Client Port - path: network.client.port - source: log - - groups: - - Geoip - name: Destination City Name - path: network.destination.geoip.city.name - source: log - - groups: - - Geoip - name: Destination Continent Code - path: network.destination.geoip.continent.code - source: log - - groups: - - Geoip - name: Destination Continent Name - path: network.destination.geoip.continent.name - source: log - - groups: - - Geoip - name: Destination Country ISO Code - path: network.destination.geoip.country.iso_code - source: log - - groups: - - Geoip - name: Destination Country Name - path: network.destination.geoip.country.name - source: log - - groups: - - Geoip - name: Destination Subdivision ISO Code - path: network.destination.geoip.subdivision.iso_code - source: log - - groups: - - Geoip - name: Destination Subdivision Name - path: network.destination.geoip.subdivision.name + name: Destination IP + path: network.destination.ip source: log - groups: - Web Access - name: Destination IP - path: network.destination.ip + name: Client Port + path: network.client.port source: log - groups: - Web Access name: Destination Port path: network.destination.port source: log - - groups: - - User - name: User ID - path: usr.id - source: log - - groups: - - User - name: User Name - path: usr.name - source: log pipeline: type: pipeline name: Zero Networks @@ -110,10 +40,10 @@ pipeline: query: source:zero-networks processors: - type: date-remapper - name: Define `timestamp` as the official date of the log + name: Define `record.timestamp` as the official date of the log enabled: true sources: - - timestamp + - record.timestamp - type: pipeline name: Audit enabled: true @@ -121,28 +51,28 @@ pipeline: query: service:audit processors: - type: attribute-remapper - name: Map `performedBy.id` to `usr.id` + name: Map `record.performedBy.id` to `usr.id` enabled: true sources: - - performedBy.id + - record.performedBy.id sourceType: attribute target: usr.id targetType: attribute preserveSource: false overrideOnConflict: false - type: attribute-remapper - name: Map `performedBy.name` to `usr.name` + name: Map `record.performedBy.name` to `usr.name` enabled: true sources: - - performedBy.name + - record.performedBy.name sourceType: attribute target: usr.name targetType: attribute preserveSource: false overrideOnConflict: false - - name: Lookup on `userRole` to `user_role` + - name: Lookup on `record.userRole` to `user_role` enabled: true - source: userRole + source: record.userRole target: user_role lookupTable: |- 0 , Unspecified @@ -158,9 +88,9 @@ pipeline: 10 , Operator 11 , Service Now Token type: lookup-processor - - name: Lookup on `enforcementSource` to `enforcement_source` + - name: Lookup on `record.enforcementSource` to `enforcement_source` enabled: true - source: enforcementSource + source: record.enforcementSource target: enforcement_source lookupTable: |- 1 , MFA @@ -179,60 +109,60 @@ pipeline: query: service:network-activities processors: - type: attribute-remapper - name: Map `src.userId` to `usr.id` + name: Map `record.src.userId` to `usr.id` enabled: true sources: - - src.userId + - record.src.userId sourceType: attribute target: usr.id targetType: attribute preserveSource: false overrideOnConflict: false - type: attribute-remapper - name: Map `src.userName` to `usr.name` + name: Map `record.src.userName` to `usr.name` enabled: true sources: - - src.userName + - record.src.userName sourceType: attribute target: usr.name targetType: attribute preserveSource: false overrideOnConflict: false - type: attribute-remapper - name: Map `src.ip` to `network.client.ip` + name: Map `record.src.ip` to `network.client.ip` enabled: true sources: - - src.ip + - record.src.ip sourceType: attribute target: network.client.ip targetType: attribute preserveSource: false overrideOnConflict: false - type: attribute-remapper - name: Map `dst.ip` to `network.destination.ip` + name: Map `record.dst.ip` to `network.destination.ip` enabled: true sources: - - dst.ip + - record.dst.ip sourceType: attribute target: network.destination.ip targetType: attribute preserveSource: false overrideOnConflict: false - type: attribute-remapper - name: Map `src.port` to `network.client.port` + name: Map `record.src.port` to `network.client.port` enabled: true sources: - - src.port + - record.src.port sourceType: attribute target: network.client.port targetType: attribute preserveSource: false overrideOnConflict: false - type: attribute-remapper - name: Map `dst.port` to `network.destination.port` + name: Map `record.dst.port` to `network.destination.port` enabled: true sources: - - dst.port + - record.dst.port sourceType: attribute target: network.destination.port targetType: attribute @@ -252,3 +182,57 @@ pipeline: - network.destination.ip target: network.destination.geoip ip_processing_behavior: do-nothing + - name: Lookup on `record.src.assetSrc` to `fields_mapping.src.assetSrc` + enabled: true + source: record.src.assetSrc + target: fields_mapping.src.assetSrc + lookupTable: |- + 1 , Access portal + 2 , SSP + 3 , Active directory + 4 , Custom + 5 , System + 6 , Ansible + 7 , Manual OT/IoT + 8 , Workgroup + 9 , Azure active directory + 10 , Azure + 11 , AWS + 12 , GCP + 14 , Jamf + 15 , Manual Linux + 16 , IBM cloud + 17 , Oracle cloud + 18 , VMware cloud + 19 , Alibaba cloud + 20 , Lumen cloud + 21 , OVH cloud + 22 , Connect + type: lookup-processor + - name: Lookup on `record.dst.assetSrc` to `fields_mapping.dst.assetSrc` + enabled: true + source: record.dst.assetSrc + target: fields_mapping.dst.assetSrc + lookupTable: |- + 1 , Access portal + 2 , SSP + 3 , Active directory + 4 , Custom + 5 , System + 6 , Ansible + 7 , Manual OT/IoT + 8 , Workgroup + 9 , Azure active directory + 10 , Azure + 11 , AWS + 12 , GCP + 14 , Jamf + 15 , Manual Linux + 16 , IBM cloud + 17 , Oracle cloud + 18 , VMware cloud + 19 , Alibaba cloud + 20 , Lumen cloud + 21 , OVH cloud + 22 , Connect + type: lookup-processor diff --git a/zero_networks/assets/logs/zero-networks_tests.yaml b/zero_networks/assets/logs/zero-networks_tests.yaml index 47f8d8e197211..71801c3ae9efd 100644 --- a/zero_networks/assets/logs/zero-networks_tests.yaml +++ b/zero_networks/assets/logs/zero-networks_tests.yaml @@ -20,45 +20,7 @@ tests: "id" : "c05d5f20-89a3-4948-bcc6-8cc6e2aab3fe" } ] } - result: - custom: - auditType: 73 - destinationEntitiesList: - - - name: "Test User" - id: "c05d5f20-89a3-4948-bcc6-8cc6e2aab3fe" - details: "{\"publicIp\":\"163.116.212.44\",\"tokenTtl\":\"2025-01-07T08:35:30.000Z\",\"idp\":1,\"role\":1}" - enforcementSource: 4 - isoTimestamp: "2024-12-31T08:35:30.990Z" - parentObjectId: "" - performedBy: - id: "c05d5f20-89a3-4948-bcc6-8cc6e2aab3fe" - name: "Test User" - reportedObjectId: "" - timestamp: 1735634130990 - userRole: 1 - message: |- - { - "reportedObjectId" : "", - "performedBy" : { - "name" : "Test User", - "id" : "c05d5f20-89a3-4948-bcc6-8cc6e2aab3fe" - }, - "enforcementSource" : 4, - "parentObjectId" : "", - "details" : "{\"publicIp\":\"163.116.212.44\",\"tokenTtl\":\"2025-01-07T08:35:30.000Z\",\"idp\":1,\"role\":1}", - "auditType" : 73, - "userRole" : 1, - "isoTimestamp" : "2024-12-31T08:35:30.990Z", - "timestamp" : 1735634130990, - "destinationEntitiesList" : [ { - "name" : "Test User", - "id" : "c05d5f20-89a3-4948-bcc6-8cc6e2aab3fe" - } ] - } - tags: - - "source:LOGS_SOURCE" - timestamp: 1735634130990 + result: null - sample: |- { @@ -101,85 +63,4 @@ tests: "state" : 3, "timestamp" : 1734584254851 } - result: - custom: - dst: - assetId: "a:a:VWW2G2C8" - assetSrc: 3 - assetType: 2 - eventRecordId: 43174318 - fqdn: "dc01.posh.local" - ip: "10.0.0.4" - ipThreatScore: 0 - networkProtectionState: 5 - port: 123 - processId: "1056" - processName: "svchost.exe (W32Time) (1056)" - processPath: "C:\\Windows\\System32\\svchost.exe (W32Time) (1056)" - userId: "S-1-5-19" - userName: "NT AUTHORITY\\LOCAL SERVICE" - protocol: 17 - reason: 5 - src: - assetId: "a:a:ka62y0mc" - assetSrc: 3 - assetType: 2 - envGroupId: "g:e:zUnrnhfa" - eventRecordId: 24143201 - fqdn: "fs02.posh.local" - ip: "10.0.0.8" - ipThreatScore: 0 - networkProtectionState: 6 - port: 123 - processId: "1072" - processName: "svchost.exe (W32Time) (1072)" - processPath: "C:\\Windows\\System32\\svchost.exe (W32Time) (1072)" - userId: "S-1-5-19" - userName: "NT AUTHORITY\\LOCAL SERVICE" - state: 3 - timestamp: 1734584254851 - trafficType: 1 - message: |- - { - "reason" : 5, - "protocol" : 17, - "dst" : { - "networkProtectionState" : 5, - "processPath" : "C:\\Windows\\System32\\svchost.exe (W32Time) (1056)", - "ipThreatScore" : 0, - "fqdn" : "dc01.posh.local", - "ip" : "10.0.0.4", - "userName" : "NT AUTHORITY\\LOCAL SERVICE", - "userId" : "S-1-5-19", - "assetType" : 2, - "eventRecordId" : 43174318, - "assetSrc" : 3, - "port" : 123, - "processId" : "1056", - "processName" : "svchost.exe (W32Time) (1056)", - "assetId" : "a:a:VWW2G2C8" - }, - "src" : { - "networkProtectionState" : 6, - "processPath" : "C:\\Windows\\System32\\svchost.exe (W32Time) (1072)", - "ipThreatScore" : 0, - "fqdn" : "fs02.posh.local", - "ip" : "10.0.0.8", - "userName" : "NT AUTHORITY\\LOCAL SERVICE", - "envGroupId" : "g:e:zUnrnhfa", - "userId" : "S-1-5-19", - "assetType" : 2, - "eventRecordId" : 24143201, - "assetSrc" : 3, - "port" : 123, - "processId" : "1072", - "processName" : "svchost.exe (W32Time) (1072)", - "assetId" : "a:a:ka62y0mc" - }, - "trafficType" : 1, - "state" : 3, - "timestamp" : 1734584254851 - } - tags: - - "source:LOGS_SOURCE" - timestamp: 1734584254851 \ No newline at end of file + result: null \ No newline at end of file From 8027c5afeb5f0c777ed919fbbe851329d74269fd Mon Sep 17 00:00:00 2001 From: surabhipatel_crest Date: Mon, 6 Jan 2025 11:52:00 +0530 Subject: [PATCH 4/5] Fixed pipeline suggestion --- zero_networks/assets/logs/zero-networks.yaml | 90 +++++++++++-- .../assets/logs/zero-networks_tests.yaml | 123 +++++++++++++++++- 2 files changed, 201 insertions(+), 12 deletions(-) diff --git a/zero_networks/assets/logs/zero-networks.yaml b/zero_networks/assets/logs/zero-networks.yaml index c4dd7381fcf1d..d8085cc3e3c28 100644 --- a/zero_networks/assets/logs/zero-networks.yaml +++ b/zero_networks/assets/logs/zero-networks.yaml @@ -3,14 +3,39 @@ metric_id: "zero-networks" backend_only: false facets: - groups: - - User - name: User ID - path: usr.id + - Geoip + name: City Name + path: network.client.geoip.city.name source: log - groups: - - User - name: User Name - path: usr.name + - Geoip + name: Continent Code + path: network.client.geoip.continent.code + source: log + - groups: + - Geoip + name: Continent Name + path: network.client.geoip.continent.name + source: log + - groups: + - Geoip + name: Country ISO Code + path: network.client.geoip.country.iso_code + source: log + - groups: + - Geoip + name: Country Name + path: network.client.geoip.country.name + source: log + - groups: + - Geoip + name: Subdivision ISO Code + path: network.client.geoip.subdivision.iso_code + source: log + - groups: + - Geoip + name: Subdivision Name + path: network.client.geoip.subdivision.name source: log - groups: - Web Access @@ -19,19 +44,64 @@ facets: source: log - groups: - Web Access - name: Destination IP - path: network.destination.ip + name: Client Port + path: network.client.port + source: log + - groups: + - Geoip + name: Destination City Name + path: network.destination.geoip.city.name + source: log + - groups: + - Geoip + name: Destination Continent Code + path: network.destination.geoip.continent.code + source: log + - groups: + - Geoip + name: Destination Continent Name + path: network.destination.geoip.continent.name + source: log + - groups: + - Geoip + name: Destination Country ISO Code + path: network.destination.geoip.country.iso_code + source: log + - groups: + - Geoip + name: Destination Country Name + path: network.destination.geoip.country.name + source: log + - groups: + - Geoip + name: Destination Subdivision ISO Code + path: network.destination.geoip.subdivision.iso_code + source: log + - groups: + - Geoip + name: Destination Subdivision Name + path: network.destination.geoip.subdivision.name source: log - groups: - Web Access - name: Client Port - path: network.client.port + name: Destination IP + path: network.destination.ip source: log - groups: - Web Access name: Destination Port path: network.destination.port source: log + - groups: + - User + name: User ID + path: usr.id + source: log + - groups: + - User + name: User Name + path: usr.name + source: log pipeline: type: pipeline name: Zero Networks diff --git a/zero_networks/assets/logs/zero-networks_tests.yaml b/zero_networks/assets/logs/zero-networks_tests.yaml index 71801c3ae9efd..ed4822fd28011 100644 --- a/zero_networks/assets/logs/zero-networks_tests.yaml +++ b/zero_networks/assets/logs/zero-networks_tests.yaml @@ -20,7 +20,45 @@ tests: "id" : "c05d5f20-89a3-4948-bcc6-8cc6e2aab3fe" } ] } - result: null + result: + custom: + auditType: 73 + destinationEntitiesList: + - + name: "Test User" + id: "c05d5f20-89a3-4948-bcc6-8cc6e2aab3fe" + details: "{\"publicIp\":\"163.116.212.44\",\"tokenTtl\":\"2025-01-07T08:35:30.000Z\",\"idp\":1,\"role\":1}" + enforcementSource: 4 + isoTimestamp: "2024-12-31T08:35:30.990Z" + parentObjectId: "" + performedBy: + id: "c05d5f20-89a3-4948-bcc6-8cc6e2aab3fe" + name: "Test User" + reportedObjectId: "" + timestamp: 1735634130990 + userRole: 1 + message: |- + { + "reportedObjectId" : "", + "performedBy" : { + "name" : "Test User", + "id" : "c05d5f20-89a3-4948-bcc6-8cc6e2aab3fe" + }, + "enforcementSource" : 4, + "parentObjectId" : "", + "details" : "{\"publicIp\":\"163.116.212.44\",\"tokenTtl\":\"2025-01-07T08:35:30.000Z\",\"idp\":1,\"role\":1}", + "auditType" : 73, + "userRole" : 1, + "isoTimestamp" : "2024-12-31T08:35:30.990Z", + "timestamp" : 1735634130990, + "destinationEntitiesList" : [ { + "name" : "Test User", + "id" : "c05d5f20-89a3-4948-bcc6-8cc6e2aab3fe" + } ] + } + tags: + - "source:LOGS_SOURCE" + timestamp: 1 - sample: |- { @@ -63,4 +101,85 @@ tests: "state" : 3, "timestamp" : 1734584254851 } - result: null \ No newline at end of file + result: + custom: + dst: + assetId: "a:a:VWW2G2C8" + assetSrc: 3 + assetType: 2 + eventRecordId: 43174318 + fqdn: "dc01.posh.local" + ip: "10.0.0.4" + ipThreatScore: 0 + networkProtectionState: 5 + port: 123 + processId: "1056" + processName: "svchost.exe (W32Time) (1056)" + processPath: "C:\\Windows\\System32\\svchost.exe (W32Time) (1056)" + userId: "S-1-5-19" + userName: "NT AUTHORITY\\LOCAL SERVICE" + protocol: 17 + reason: 5 + src: + assetId: "a:a:ka62y0mc" + assetSrc: 3 + assetType: 2 + envGroupId: "g:e:zUnrnhfa" + eventRecordId: 24143201 + fqdn: "fs02.posh.local" + ip: "10.0.0.8" + ipThreatScore: 0 + networkProtectionState: 6 + port: 123 + processId: "1072" + processName: "svchost.exe (W32Time) (1072)" + processPath: "C:\\Windows\\System32\\svchost.exe (W32Time) (1072)" + userId: "S-1-5-19" + userName: "NT AUTHORITY\\LOCAL SERVICE" + state: 3 + timestamp: 1734584254851 + trafficType: 1 + message: |- + { + "reason" : 5, + "protocol" : 17, + "dst" : { + "networkProtectionState" : 5, + "processPath" : "C:\\Windows\\System32\\svchost.exe (W32Time) (1056)", + "ipThreatScore" : 0, + "fqdn" : "dc01.posh.local", + "ip" : "10.0.0.4", + "userName" : "NT AUTHORITY\\LOCAL SERVICE", + "userId" : "S-1-5-19", + "assetType" : 2, + "eventRecordId" : 43174318, + "assetSrc" : 3, + "port" : 123, + "processId" : "1056", + "processName" : "svchost.exe (W32Time) (1056)", + "assetId" : "a:a:VWW2G2C8" + }, + "src" : { + "networkProtectionState" : 6, + "processPath" : "C:\\Windows\\System32\\svchost.exe (W32Time) (1072)", + "ipThreatScore" : 0, + "fqdn" : "fs02.posh.local", + "ip" : "10.0.0.8", + "userName" : "NT AUTHORITY\\LOCAL SERVICE", + "envGroupId" : "g:e:zUnrnhfa", + "userId" : "S-1-5-19", + "assetType" : 2, + "eventRecordId" : 24143201, + "assetSrc" : 3, + "port" : 123, + "processId" : "1072", + "processName" : "svchost.exe (W32Time) (1072)", + "assetId" : "a:a:ka62y0mc" + }, + "trafficType" : 1, + "state" : 3, + "timestamp" : 1734584254851 + } + tags: + - "source:LOGS_SOURCE" + timestamp: 1 \ No newline at end of file From f80f16242237407e36ef44ba8247a091d0598bcf Mon Sep 17 00:00:00 2001 From: surabhipatel_crest Date: Mon, 6 Jan 2025 17:26:03 +0530 Subject: [PATCH 5/5] Updated Dashboard --- .../zero_networks_network_activities.json | 108 ++++-------------- 1 file changed, 20 insertions(+), 88 deletions(-) diff --git a/zero_networks/assets/dashboards/zero_networks_network_activities.json b/zero_networks/assets/dashboards/zero_networks_network_activities.json index 328548a9daf6e..1316d1169d513 100644 --- a/zero_networks/assets/dashboards/zero_networks_network_activities.json +++ b/zero_networks/assets/dashboards/zero_networks_network_activities.json @@ -900,7 +900,7 @@ "x": 0, "y": 9, "width": 12, - "height": 1 + "height": 14 } }, { @@ -1408,7 +1408,7 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:network-activities @fields_mapping.state:\"Blocked At Source\" $User $IP $Traffic-Type $State $Protocol" + "query": "source:zero-networks service:network-activities @fields_mapping.state:\"Blocked at source\" $User $IP $Traffic-Type $State $Protocol" }, "indexes": [ "*" @@ -1511,7 +1511,7 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:network-activities @fields_mapping.state:\"Blocked By Third Party\" $User $IP $Traffic-Type $State $Protocol" + "query": "source:zero-networks service:network-activities @fields_mapping.state:\"Blocked by third party\" $User $IP $Traffic-Type $State $Protocol" }, "indexes": [ "*" @@ -1563,7 +1563,7 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:network-activities @fields_mapping.state:\"Blocked At Source By Third Party\" $User $IP $Traffic-Type $State $Protocol" + "query": "source:zero-networks service:network-activities @fields_mapping.state:\"Blocked at source by third party\" $User $IP $Traffic-Type $State $Protocol" }, "indexes": [ "*" @@ -2373,7 +2373,7 @@ "width": "auto" }, { - "field": "record.dst.eventRecorId", + "field": "record.dst.eventRecordId", "width": "auto" }, { @@ -2470,9 +2470,9 @@ } }, { - "id": 6921995545111866, + "id": 8852165136650850, "definition": { - "title": "Top Source IP Addresses", + "title": "Top Source FQDN", "title_size": "16", "title_align": "left", "type": "toplist", @@ -2490,13 +2490,14 @@ ], "group_by": [ { - "facet": "@network.client.ip", + "facet": "@record.src.fqdn", "limit": 10, "sort": { "aggregation": "count", "order": "desc", "metric": "count" - } + }, + "should_exclude_missing": true } ], "compute": { @@ -2538,9 +2539,9 @@ } }, { - "id": 8852165136650850, + "id": 6509420781057236, "definition": { - "title": "Top Source FQDN", + "title": "Top Source Processes", "title_size": "16", "title_align": "left", "type": "toplist", @@ -2551,14 +2552,14 @@ "name": "query1", "data_source": "logs", "search": { - "query": "source:zero-networks service:network-activities $User $IP $Traffic-Type $State $Protocol" + "query": "source:zero-networks service:network-activities $User $IP $Traffic-Type $State $Protocol -@record.src.processName:\"\"" }, "indexes": [ "*" ], "group_by": [ { - "facet": "@record.src.fqdn", + "facet": "@record.src.processName", "limit": 10, "sort": { "aggregation": "count", @@ -2607,9 +2608,9 @@ } }, { - "id": 6509420781057236, + "id": 8107362937220770, "definition": { - "title": "Top Source Processes", + "title": "Top Asset Sources", "title_size": "16", "title_align": "left", "type": "toplist", @@ -2627,7 +2628,7 @@ ], "group_by": [ { - "facet": "@record.src.processName", + "facet": "@fields_mapping.src.assetSrc", "limit": 10, "sort": { "aggregation": "count", @@ -2723,75 +2724,6 @@ "height": 4 } }, - { - "id": 8107362937220770, - "definition": { - "title": "Top Asset Sources", - "title_size": "16", - "title_align": "left", - "type": "toplist", - "requests": [ - { - "queries": [ - { - "name": "query1", - "data_source": "logs", - "search": { - "query": "source:zero-networks service:network-activities $User $IP $Traffic-Type $State $Protocol" - }, - "indexes": [ - "*" - ], - "group_by": [ - { - "facet": "@fields_mapping.src.assetSrc", - "limit": 10, - "sort": { - "aggregation": "count", - "order": "desc", - "metric": "count" - }, - "should_exclude_missing": true - } - ], - "compute": { - "aggregation": "count" - }, - "storage": "hot" - } - ], - "response_format": "scalar", - "formulas": [ - { - "formula": "query1" - } - ], - "sort": { - "count": 10, - "order_by": [ - { - "type": "formula", - "index": 0, - "order": "desc" - } - ] - } - } - ], - "style": { - "display": { - "type": "stacked", - "legend": "automatic" - } - } - }, - "layout": { - "x": 0, - "y": 48, - "width": 4, - "height": 4 - } - }, { "id": 2267192419920364, "definition": { @@ -2850,9 +2782,9 @@ "type": "list_stream" }, "layout": { - "x": 4, + "x": 0, "y": 48, - "width": 8, + "width": 12, "height": 4 } }, @@ -3156,7 +3088,7 @@ }, "layout": { "x": 0, - "y": 10, + "y": 23, "width": 12, "height": 65 }