From c99b31435fb7901e3d46c20ed9ace4934ece65e5 Mon Sep 17 00:00:00 2001 From: joeperuzzi <122561341+joeperuzzi@users.noreply.github.com> Date: Mon, 26 Jun 2023 16:47:42 +0000 Subject: [PATCH 01/44] TYCHON Inital Agent Upload --- packages/tychon/LICENSE.txt | 93 ++++++++++ packages/tychon/_dev/build/build.yml | 3 + packages/tychon/changelog.yml | 6 + .../tychon_cve/agent/stream/stream.yml.hbs | 22 +++ .../elasticsearch/ingest_pipeline/default.yml | 50 +++++ .../data_stream/tychon_cve/fields/agent.yml | 169 +++++++++++++++++ .../tychon_cve/fields/base-fields.yml | 18 ++ .../data_stream/tychon_cve/fields/ecs.yml | 58 ++++++ .../data_stream/tychon_cve/fields/fields.yml | 58 ++++++ .../data_stream/tychon_cve/manifest.yml | 42 +++++ .../data_stream/tychon_cve/sample_event.json | 8 + .../tychon_epp/agent/stream/stream.yml.hbs | 22 +++ .../elasticsearch/ingest_pipeline/default.yml | 35 ++++ .../data_stream/tychon_epp/fields/agent.yml | 169 +++++++++++++++++ .../tychon_epp/fields/base-fields.yml | 18 ++ .../data_stream/tychon_epp/fields/ecs.yml | 46 +++++ .../data_stream/tychon_epp/fields/fields.yml | 86 +++++++++ .../data_stream/tychon_epp/manifest.yml | 41 +++++ .../data_stream/tychon_epp/sample_event.json | 13 ++ .../tychon_stig/agent/stream/stream.yml.hbs | 22 +++ .../elasticsearch/ingest_pipeline/default.yml | 44 +++++ .../data_stream/tychon_stig/fields/agent.yml | 169 +++++++++++++++++ .../tychon_stig/fields/base-fields.yml | 18 ++ .../data_stream/tychon_stig/fields/ecs.yml | 48 +++++ .../data_stream/tychon_stig/fields/fields.yml | 96 ++++++++++ .../data_stream/tychon_stig/manifest.yml | 41 +++++ .../data_stream/tychon_stig/sample_event.json | 13 ++ packages/tychon/docs/README.md | 143 +++++++++++++++ packages/tychon/img/TychonLogo.svg | 59 ++++++ packages/tychon/img/TychonScreenshot.png | Bin 0 -> 337235 bytes packages/tychon/img/tychon-color.png | Bin 0 -> 8355 bytes ...db40-d137-11e9-a2af-693b633cf871-stig.json | 120 ++++++++++++ ...716e0-e9d8-11ed-9d4a-9513ae375d2b-epp.json | 114 ++++++++++++ ...383c0-e508-11ed-8a95-ab70156d4b18-cve.json | 171 ++++++++++++++++++ ...bb1a0-112a-11ee-af86-538da1394f27-log.json | 85 +++++++++ .../6c3bf5e0-0feb-4113-a417-ac5e69cd6e00.json | 23 +++ .../78931842-dc88-45d7-a6ee-d79fb9f615bd.json | 23 +++ .../df491fbb-3f09-4ab0-995a-c2c549a9bc21.json | 23 +++ .../ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a.json | 23 +++ ...0359860-1139-11ee-af86-538da1394f27_1.json | 67 +++++++ ...e5a7e20-1137-11ee-af86-538da1394f27_1.json | 80 ++++++++ ...e9c9ac0-1138-11ee-af86-538da1394f27_1.json | 67 +++++++ ...67e3450-1139-11ee-af86-538da1394f27_1.json | 64 +++++++ ...34a39a0-1138-11ee-af86-538da1394f27_1.json | 65 +++++++ packages/tychon/manifest.yml | 35 ++++ 45 files changed, 2570 insertions(+) create mode 100644 packages/tychon/LICENSE.txt create mode 100644 packages/tychon/_dev/build/build.yml create mode 100644 packages/tychon/changelog.yml create mode 100644 packages/tychon/data_stream/tychon_cve/agent/stream/stream.yml.hbs create mode 100644 packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml create mode 100644 packages/tychon/data_stream/tychon_cve/fields/agent.yml create mode 100644 packages/tychon/data_stream/tychon_cve/fields/base-fields.yml create mode 100644 packages/tychon/data_stream/tychon_cve/fields/ecs.yml create mode 100644 packages/tychon/data_stream/tychon_cve/fields/fields.yml create mode 100644 packages/tychon/data_stream/tychon_cve/manifest.yml create mode 100644 packages/tychon/data_stream/tychon_cve/sample_event.json create mode 100644 packages/tychon/data_stream/tychon_epp/agent/stream/stream.yml.hbs create mode 100644 packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml create mode 100644 packages/tychon/data_stream/tychon_epp/fields/agent.yml create mode 100644 packages/tychon/data_stream/tychon_epp/fields/base-fields.yml create mode 100644 packages/tychon/data_stream/tychon_epp/fields/ecs.yml create mode 100644 packages/tychon/data_stream/tychon_epp/fields/fields.yml create mode 100644 packages/tychon/data_stream/tychon_epp/manifest.yml create mode 100644 packages/tychon/data_stream/tychon_epp/sample_event.json create mode 100644 packages/tychon/data_stream/tychon_stig/agent/stream/stream.yml.hbs create mode 100644 packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml create mode 100644 packages/tychon/data_stream/tychon_stig/fields/agent.yml create mode 100644 packages/tychon/data_stream/tychon_stig/fields/base-fields.yml create mode 100644 packages/tychon/data_stream/tychon_stig/fields/ecs.yml create mode 100644 packages/tychon/data_stream/tychon_stig/fields/fields.yml create mode 100644 packages/tychon/data_stream/tychon_stig/manifest.yml create mode 100644 packages/tychon/data_stream/tychon_stig/sample_event.json create mode 100644 packages/tychon/docs/README.md create mode 100644 packages/tychon/img/TychonLogo.svg create mode 100644 packages/tychon/img/TychonScreenshot.png create mode 100644 packages/tychon/img/tychon-color.png create mode 100644 packages/tychon/kibana/dashboard/tychon-078edb40-d137-11e9-a2af-693b633cf871-stig.json create mode 100644 packages/tychon/kibana/dashboard/tychon-267716e0-e9d8-11ed-9d4a-9513ae375d2b-epp.json create mode 100644 packages/tychon/kibana/dashboard/tychon-75c383c0-e508-11ed-8a95-ab70156d4b18-cve.json create mode 100644 packages/tychon/kibana/dashboard/tychon-e3cbb1a0-112a-11ee-af86-538da1394f27-log.json create mode 100644 packages/tychon/kibana/index_pattern/6c3bf5e0-0feb-4113-a417-ac5e69cd6e00.json create mode 100644 packages/tychon/kibana/index_pattern/78931842-dc88-45d7-a6ee-d79fb9f615bd.json create mode 100644 packages/tychon/kibana/index_pattern/df491fbb-3f09-4ab0-995a-c2c549a9bc21.json create mode 100644 packages/tychon/kibana/index_pattern/ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a.json create mode 100644 packages/tychon/kibana/security_rule/10359860-1139-11ee-af86-538da1394f27_1.json create mode 100644 packages/tychon/kibana/security_rule/2e5a7e20-1137-11ee-af86-538da1394f27_1.json create mode 100644 packages/tychon/kibana/security_rule/2e9c9ac0-1138-11ee-af86-538da1394f27_1.json create mode 100644 packages/tychon/kibana/security_rule/867e3450-1139-11ee-af86-538da1394f27_1.json create mode 100644 packages/tychon/kibana/security_rule/934a39a0-1138-11ee-af86-538da1394f27_1.json create mode 100644 packages/tychon/manifest.yml diff --git a/packages/tychon/LICENSE.txt b/packages/tychon/LICENSE.txt new file mode 100644 index 00000000000..809108b857f --- /dev/null +++ b/packages/tychon/LICENSE.txt @@ -0,0 +1,93 @@ +Elastic License 2.0 + +URL: https://www.elastic.co/licensing/elastic-license + +## Acceptance + +By using the software, you agree to all of the terms and conditions below. + +## Copyright License + +The licensor grants you a non-exclusive, royalty-free, worldwide, +non-sublicensable, non-transferable license to use, copy, distribute, make +available, and prepare derivative works of the software, in each case subject to +the limitations and conditions below. + +## Limitations + +You may not provide the software to third parties as a hosted or managed +service, where the service provides users with access to any substantial set of +the features or functionality of the software. + +You may not move, change, disable, or circumvent the license key functionality +in the software, and you may not remove or obscure any functionality in the +software that is protected by the license key. + +You may not alter, remove, or obscure any licensing, copyright, or other notices +of the licensor in the software. Any use of the licensor’s trademarks is subject +to applicable law. + +## Patents + +The licensor grants you a license, under any patent claims the licensor can +license, or becomes able to license, to make, have made, use, sell, offer for +sale, import and have imported the software, in each case subject to the +limitations and conditions in this license. This license does not cover any +patent claims that you cause to be infringed by modifications or additions to +the software. If you or your company make any written claim that the software +infringes or contributes to infringement of any patent, your patent license for +the software granted under these terms ends immediately. If your company makes +such a claim, your patent license ends immediately for work on behalf of your +company. + +## Notices + +You must ensure that anyone who gets a copy of any part of the software from you +also gets a copy of these terms. + +If you modify the software, you must include in any modified copies of the +software prominent notices stating that you have modified the software. + +## No Other Rights + +These terms do not imply any licenses other than those expressly granted in +these terms. + +## Termination + +If you use the software in violation of these terms, such use is not licensed, +and your licenses will automatically terminate. If the licensor provides you +with a notice of your violation, and you cease all violation of this license no +later than 30 days after you receive that notice, your licenses will be +reinstated retroactively. However, if you violate these terms after such +reinstatement, any additional violation of these terms will cause your licenses +to terminate automatically and permanently. + +## No Liability + +*As far as the law allows, the software comes as is, without any warranty or +condition, and the licensor will not be liable to you for any damages arising +out of these terms or the use or nature of the software, under any kind of +legal claim.* + +## Definitions + +The **licensor** is the entity offering these terms, and the **software** is the +software the licensor makes available under these terms, including any portion +of it. + +**you** refers to the individual or entity agreeing to these terms. + +**your company** is any legal entity, sole proprietorship, or other kind of +organization that you work for, plus all organizations that have control over, +are under the control of, or are under common control with that +organization. **control** means ownership of substantially all the assets of an +entity, or the power to direct its management and policies by vote, contract, or +otherwise. Control can be direct or indirect. + +**your licenses** are all the licenses granted to you for the software under +these terms. + +**use** means anything you do with the software requiring one of your licenses. + +**trademark** means trademarks, service marks, and similar rights. diff --git a/packages/tychon/_dev/build/build.yml b/packages/tychon/_dev/build/build.yml new file mode 100644 index 00000000000..08d85edcf9a --- /dev/null +++ b/packages/tychon/_dev/build/build.yml @@ -0,0 +1,3 @@ +dependencies: + ecs: + reference: git@1.12 diff --git a/packages/tychon/changelog.yml b/packages/tychon/changelog.yml new file mode 100644 index 00000000000..65dcf422976 --- /dev/null +++ b/packages/tychon/changelog.yml @@ -0,0 +1,6 @@ +# newer versions go on top +- version: "0.0.10" + changes: + - description: Fixed incorrect types in field.yml and cleaned up formatting + type: enhancement + link: https://github.com/elastic/integrations/pull/1 # FIXME Replace with the real PR link diff --git a/packages/tychon/data_stream/tychon_cve/agent/stream/stream.yml.hbs b/packages/tychon/data_stream/tychon_cve/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..10abd0996dd --- /dev/null +++ b/packages/tychon/data_stream/tychon_cve/agent/stream/stream.yml.hbs @@ -0,0 +1,22 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +tags: +{{#if preserve_original_event}} + - preserve_original_event +{{/if}} +{{#each tags as |tag i|}} + - {{tag}} +{{/each}} +{{#contains "forwarded" tags}} +publisher_pipeline.disable_host: true +{{/contains}} +processors: +- add_locale: ~ +{{#if processors}} +{{processors}} +{{/if}} +json: + keys_under_root: true + expand_keys: true \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml b/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml new file mode 100644 index 00000000000..5185211cbc1 --- /dev/null +++ b/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml @@ -0,0 +1,50 @@ +--- +description: Pipeline for parsing TYCHON Vulnerability Scan Results +processors: + - set: + if: "ctx.containsKey('tychon') && ctx.tychon.containsKey('id')" + field: 'host.id' + value: '{{tychon.id}}' + - remove: + if: "ctx.containsKey('tychon') && ctx.tychon.containsKey('id')" + field: 'tychon' + - set: + field: '_id' + value: '{{id}}' + - set: + field: '@timestamp' + value: '{{_ingest.timestamp}}' + - set: + field: ecs.version + value: '8.5.1' + - set: + field: event.kind + value: state + - set: + field: event.module + value: tychon + - set: + field: event.category + value: vulnerability + - set: + field: vulnerability.scanner.vendor + value: tychon + - set: + field: vulnerability.category + value: oval + - set: + field: vulnerability.classification + value: cvss + - set: + field: vulnerability.enumeration + value: CVE + - set: + field: event.outcome + value: '{{vulnerability.result}}' + - set: + field: event.ingested + value: '{{_ingest.timestamp}}' +on_failure: + - set: + field: error.message + value: '{{ _ingest.on_failure_message }}' \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_cve/fields/agent.yml b/packages/tychon/data_stream/tychon_cve/fields/agent.yml new file mode 100644 index 00000000000..b016157d3d2 --- /dev/null +++ b/packages/tychon/data_stream/tychon_cve/fields/agent.yml @@ -0,0 +1,169 @@ +- name: cloud + title: Cloud + group: 2 + description: Fields related to the cloud or infrastructure the events are coming from. + footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' + type: group + fields: + - name: account.id + level: extended + type: keyword + ignore_above: 1024 + description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. + + Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' + example: 666777888999 + - name: availability_zone + level: extended + type: keyword + ignore_above: 1024 + description: Availability zone in which this host is running. + example: us-east-1c + - name: instance.id + level: extended + type: keyword + ignore_above: 1024 + description: Instance ID of the host machine. + example: i-1234567890abcdef0 + - name: instance.name + level: extended + type: keyword + ignore_above: 1024 + description: Instance name of the host machine. + - name: machine.type + level: extended + type: keyword + ignore_above: 1024 + description: Machine type of the host machine. + example: t2.medium + - name: provider + level: extended + type: keyword + ignore_above: 1024 + description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. + example: aws + - name: region + level: extended + type: keyword + ignore_above: 1024 + description: Region in which this host is running. + example: us-east-1 + - name: project.id + type: keyword + description: Name of the project in Google Cloud. + - name: image.id + type: keyword + description: Image ID for the cloud instance. +- name: container + title: Container + group: 2 + description: 'Container fields are used for meta information about the specific container that is the source of information. + + These fields help correlate data based containers from any runtime.' + type: group + fields: + - name: id + level: core + type: keyword + ignore_above: 1024 + description: Unique container id. + - name: image.name + level: extended + type: keyword + ignore_above: 1024 + description: Name of the image the container was built on. + - name: name + level: extended + type: keyword + ignore_above: 1024 + description: Container name. +- name: host + title: Host + group: 2 + description: 'A host is defined as a general computing instance. + + ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' + type: group + fields: + - name: id + type: keyword + - name: biossn + type: keyword + - name: domain + level: extended + type: keyword + ignore_above: 1024 + description: 'Name of the domain of which the host is a member. + + For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' + example: CONTOSO + default_field: false + - name: hostname + level: core + type: keyword + ignore_above: 1024 + description: 'Hostname of the host. + + It normally contains what the `hostname` command returns on the host machine.' + - name: ip + level: core + type: ip + description: Host ip addresses. + - name: ipv4 + type: keyword + - name: ipv6 + type: keyword + - name: mac + level: core + type: keyword + ignore_above: 1024 + description: Host mac addresses. + - name: type + type: keyword + - name: uptime + type: long + - name: workgroup + type: keyword + - name: oem + type: group + fields: + - name: manufacturer + type: keyword + - name: model + type: keyword + - name: os + type: group + fields: + - name: build + type: keyword + - name: description + type: keyword + - name: family + type: keyword + - name: name + type: keyword + - name: organization + type: keyword + - name: version + type: keyword + - name: hardware + type: group + fields: + - name: bios + type: group + fields: + - name: name + type: keyword + - name: version + type: keyword + - name: cpu + type: group + fields: + - name: caption + type: keyword + - name: manufacturer + type: keyword + - name: owner + type: keyword + - name: serial_number + type: keyword diff --git a/packages/tychon/data_stream/tychon_cve/fields/base-fields.yml b/packages/tychon/data_stream/tychon_cve/fields/base-fields.yml new file mode 100644 index 00000000000..12f19913146 --- /dev/null +++ b/packages/tychon/data_stream/tychon_cve/fields/base-fields.yml @@ -0,0 +1,18 @@ +- name: input.type + type: keyword +- name: log.offset + type: long +- name: data_stream.type + type: constant_keyword + description: Data stream type. +- name: data_stream.dataset + type: constant_keyword + description: Data stream dataset. +- name: data_stream.namespace + type: constant_keyword + description: Data stream namespace. +- name: event.module + type: keyword + description: Event module +- name: '@timestamp' + type: date diff --git a/packages/tychon/data_stream/tychon_cve/fields/ecs.yml b/packages/tychon/data_stream/tychon_cve/fields/ecs.yml new file mode 100644 index 00000000000..414a6a25272 --- /dev/null +++ b/packages/tychon/data_stream/tychon_cve/fields/ecs.yml @@ -0,0 +1,58 @@ +- external: ecs + name: agent.ephemeral_id +- external: ecs + name: agent.id +- external: ecs + name: agent.name +- external: ecs + name: agent.type +- external: ecs + name: agent.version +- external: ecs + name: ecs.version +- external: ecs + name: event.agent_id_status +- external: ecs + name: event.category +- external: ecs + name: event.dataset +- external: ecs + name: event.id +- external: ecs + name: event.kind +- external: ecs + name: event.outcome +- external: ecs + name: event.timezone +- external: ecs + name: host.architecture +- external: ecs + name: host.name +- external: ecs + name: host.os.kernel +- external: ecs + name: host.os.platform +- external: ecs + name: host.os.type +- external: ecs + name: log.file.path +- external: ecs + name: tags +- external: ecs + name: vulnerability.category +- external: ecs + name: vulnerability.classification +- external: ecs + name: vulnerability.description +- external: ecs + name: vulnerability.enumeration +- external: ecs + name: vulnerability.id +- external: ecs + name: vulnerability.reference +- external: ecs + name: vulnerability.scanner.vendor +- external: ecs + name: vulnerability.score.version +- external: ecs + name: vulnerability.severity diff --git a/packages/tychon/data_stream/tychon_cve/fields/fields.yml b/packages/tychon/data_stream/tychon_cve/fields/fields.yml new file mode 100644 index 00000000000..6ffcf805e90 --- /dev/null +++ b/packages/tychon/data_stream/tychon_cve/fields/fields.yml @@ -0,0 +1,58 @@ +- name: script + type: group + fields: + - name: current_duration + type: long + - name: current_time + type: date + - name: name + type: keyword + - name: start + type: date + - name: type + type: keyword + - name: version + type: keyword +- name: elastic_agent + type: group + fields: + - name: id + type: keyword + - name: snapshot + type: boolean + - name: version + type: keyword +- name: vulnerability + type: group + fields: + - name: definition + type: keyword + - name: iava + type: keyword + - name: iava_severity + type: keyword + - name: result + type: keyword + - name: score.base + type: float + - name: title + type: keyword + - name: version + type: keyword + - name: year + type: long +- name: event + type: group + fields: + - name: created + type: date + - name: ingested + type: date +- name: host.containerized + type: boolean +- name: host.os.codename + type: keyword +- name: id + type: keyword +- name: message + type: match_only_text diff --git a/packages/tychon/data_stream/tychon_cve/manifest.yml b/packages/tychon/data_stream/tychon_cve/manifest.yml new file mode 100644 index 00000000000..a9d9750abec --- /dev/null +++ b/packages/tychon/data_stream/tychon_cve/manifest.yml @@ -0,0 +1,42 @@ +title: Vulnerabilites +type: logs +streams: + - input: logfile + title: Vulnerabilites + description: Vulnerabilites + template_path: stream.yml.hbs + vars: + - name: paths + type: text + title: Vulnerability Results + multi: true + required: true + show_user: true + default: + - /root/systemInfo/data/tychon_cve_info.json + - C:\ProgramData\TYCHONCLOUD\eventlogs\tychon_cve_info.json + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: false + default: + - tychon-cve + - name: preserve_original_event + required: true + show_user: true + title: Preserve original event + description: Preserves a raw copy of the original event, added to the field `event.original` + type: bool + multi: false + default: false + - name: processors + type: yaml + title: Processors + multi: false + required: false + show_user: false + description: > + Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details. + diff --git a/packages/tychon/data_stream/tychon_cve/sample_event.json b/packages/tychon/data_stream/tychon_cve/sample_event.json new file mode 100644 index 00000000000..cd07585f2b8 --- /dev/null +++ b/packages/tychon/data_stream/tychon_cve/sample_event.json @@ -0,0 +1,8 @@ +{ + "tychon.id": "564D3240-42F3-6AE9-5634-12D3BB4842E5", + "tychon.campaign": "bd31e9ba-1756-4fd5-b463-ec712ce4dd8e", + "tychon.realm": "TYC742586751BDC4383A8388F974883333E", + "vulnerability.id": "CVE-2022-25315", + "event.outcome": "fail", + "event.created": "2023-02-07 16:28:07" +} \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_epp/agent/stream/stream.yml.hbs b/packages/tychon/data_stream/tychon_epp/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..10abd0996dd --- /dev/null +++ b/packages/tychon/data_stream/tychon_epp/agent/stream/stream.yml.hbs @@ -0,0 +1,22 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +tags: +{{#if preserve_original_event}} + - preserve_original_event +{{/if}} +{{#each tags as |tag i|}} + - {{tag}} +{{/each}} +{{#contains "forwarded" tags}} +publisher_pipeline.disable_host: true +{{/contains}} +processors: +- add_locale: ~ +{{#if processors}} +{{processors}} +{{/if}} +json: + keys_under_root: true + expand_keys: true \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml b/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml new file mode 100644 index 00000000000..e373c16af3c --- /dev/null +++ b/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml @@ -0,0 +1,35 @@ +--- +description: Pipeline for EPP +processors: + - set: + if: "ctx.containsKey('tychon') && ctx.tychon.containsKey('id')" + field: 'host.id' + value: '{{tychon.id}}' + - remove: + if: "ctx.containsKey('tychon') && ctx.tychon.containsKey('id')" + field: 'tychon' + - set: + field: '_id' + value: '{{id}}' + - set: + field: '@timestamp' + value: '{{_ingest.timestamp}}' + - set: + field: ecs.version + value: '8.5.1' + - set: + field: event.kind + value: state + - set: + field: event.module + value: tychon + - set: + field: event.category + value: host + - set: + field: event.ingested + value: '{{_ingest.timestamp}}' +on_failure: + - set: + field: error.message + value: '{{ _ingest.on_failure_message }}' \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_epp/fields/agent.yml b/packages/tychon/data_stream/tychon_epp/fields/agent.yml new file mode 100644 index 00000000000..b016157d3d2 --- /dev/null +++ b/packages/tychon/data_stream/tychon_epp/fields/agent.yml @@ -0,0 +1,169 @@ +- name: cloud + title: Cloud + group: 2 + description: Fields related to the cloud or infrastructure the events are coming from. + footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' + type: group + fields: + - name: account.id + level: extended + type: keyword + ignore_above: 1024 + description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. + + Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' + example: 666777888999 + - name: availability_zone + level: extended + type: keyword + ignore_above: 1024 + description: Availability zone in which this host is running. + example: us-east-1c + - name: instance.id + level: extended + type: keyword + ignore_above: 1024 + description: Instance ID of the host machine. + example: i-1234567890abcdef0 + - name: instance.name + level: extended + type: keyword + ignore_above: 1024 + description: Instance name of the host machine. + - name: machine.type + level: extended + type: keyword + ignore_above: 1024 + description: Machine type of the host machine. + example: t2.medium + - name: provider + level: extended + type: keyword + ignore_above: 1024 + description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. + example: aws + - name: region + level: extended + type: keyword + ignore_above: 1024 + description: Region in which this host is running. + example: us-east-1 + - name: project.id + type: keyword + description: Name of the project in Google Cloud. + - name: image.id + type: keyword + description: Image ID for the cloud instance. +- name: container + title: Container + group: 2 + description: 'Container fields are used for meta information about the specific container that is the source of information. + + These fields help correlate data based containers from any runtime.' + type: group + fields: + - name: id + level: core + type: keyword + ignore_above: 1024 + description: Unique container id. + - name: image.name + level: extended + type: keyword + ignore_above: 1024 + description: Name of the image the container was built on. + - name: name + level: extended + type: keyword + ignore_above: 1024 + description: Container name. +- name: host + title: Host + group: 2 + description: 'A host is defined as a general computing instance. + + ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' + type: group + fields: + - name: id + type: keyword + - name: biossn + type: keyword + - name: domain + level: extended + type: keyword + ignore_above: 1024 + description: 'Name of the domain of which the host is a member. + + For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' + example: CONTOSO + default_field: false + - name: hostname + level: core + type: keyword + ignore_above: 1024 + description: 'Hostname of the host. + + It normally contains what the `hostname` command returns on the host machine.' + - name: ip + level: core + type: ip + description: Host ip addresses. + - name: ipv4 + type: keyword + - name: ipv6 + type: keyword + - name: mac + level: core + type: keyword + ignore_above: 1024 + description: Host mac addresses. + - name: type + type: keyword + - name: uptime + type: long + - name: workgroup + type: keyword + - name: oem + type: group + fields: + - name: manufacturer + type: keyword + - name: model + type: keyword + - name: os + type: group + fields: + - name: build + type: keyword + - name: description + type: keyword + - name: family + type: keyword + - name: name + type: keyword + - name: organization + type: keyword + - name: version + type: keyword + - name: hardware + type: group + fields: + - name: bios + type: group + fields: + - name: name + type: keyword + - name: version + type: keyword + - name: cpu + type: group + fields: + - name: caption + type: keyword + - name: manufacturer + type: keyword + - name: owner + type: keyword + - name: serial_number + type: keyword diff --git a/packages/tychon/data_stream/tychon_epp/fields/base-fields.yml b/packages/tychon/data_stream/tychon_epp/fields/base-fields.yml new file mode 100644 index 00000000000..12f19913146 --- /dev/null +++ b/packages/tychon/data_stream/tychon_epp/fields/base-fields.yml @@ -0,0 +1,18 @@ +- name: input.type + type: keyword +- name: log.offset + type: long +- name: data_stream.type + type: constant_keyword + description: Data stream type. +- name: data_stream.dataset + type: constant_keyword + description: Data stream dataset. +- name: data_stream.namespace + type: constant_keyword + description: Data stream namespace. +- name: event.module + type: keyword + description: Event module +- name: '@timestamp' + type: date diff --git a/packages/tychon/data_stream/tychon_epp/fields/ecs.yml b/packages/tychon/data_stream/tychon_epp/fields/ecs.yml new file mode 100644 index 00000000000..6973ee9ac08 --- /dev/null +++ b/packages/tychon/data_stream/tychon_epp/fields/ecs.yml @@ -0,0 +1,46 @@ +- external: ecs + name: package.description +- external: ecs + name: package.name +- external: ecs + name: package.reference +- external: ecs + name: package.type +- external: ecs + name: package.build_version +- external: ecs + name: event.kind +- external: ecs + name: ecs.version +- external: ecs + name: event.category +- external: ecs + name: agent.ephemeral_id +- external: ecs + name: agent.id +- external: ecs + name: agent.name +- external: ecs + name: agent.type +- external: ecs + name: agent.version +- external: ecs + name: event.agent_id_status +- external: ecs + name: event.dataset +- external: ecs + name: event.timezone +- external: ecs + name: host.os.type +- external: ecs + name: log.file.path +- external: ecs + name: tags +- external: ecs + name: host.architecture +- external: ecs + name: host.name +- external: ecs + name: host.os.kernel +- external: ecs + name: host.os.platform diff --git a/packages/tychon/data_stream/tychon_epp/fields/fields.yml b/packages/tychon/data_stream/tychon_epp/fields/fields.yml new file mode 100644 index 00000000000..3433a1eee83 --- /dev/null +++ b/packages/tychon/data_stream/tychon_epp/fields/fields.yml @@ -0,0 +1,86 @@ +- name: id + type: keyword +- name: script + type: group + fields: + - name: current_duration + type: long + - name: current_time + type: date + - name: name + type: keyword + - name: start + type: date + - name: type + type: keyword + - name: version + type: keyword +- name: windows_defender + group: 2 + type: group + fields: + - name: service + type: group + fields: + - name: behavior_monitor.status + type: keyword + - name: ioav_protection.status + type: keyword + - name: on_access_protection.status + type: keyword + - name: real_time_protection.status + type: keyword + - name: antimalware + type: group + fields: + - name: engine_version + type: keyword + - name: product_version + type: keyword + - name: signature_version + type: keyword + - name: status + type: keyword + - name: antispyware + type: group + fields: + - name: signature_version + type: keyword + - name: status + type: keyword + - name: antivirus + type: group + fields: + - name: full_scan.signature_version + type: keyword + - name: quick_scan.signature_version + type: keyword + - name: status + type: keyword + - name: nis + type: group + fields: + - name: engine_version + type: keyword + - name: signature_version + type: keyword + - name: status + type: keyword +- name: elastic_agent + type: group + fields: + - name: id + type: keyword + - name: snapshot + type: boolean + - name: version + type: keyword +- name: event + type: group + fields: + - name: created + type: date + - name: ingested + type: date +- name: message + type: match_only_text diff --git a/packages/tychon/data_stream/tychon_epp/manifest.yml b/packages/tychon/data_stream/tychon_epp/manifest.yml new file mode 100644 index 00000000000..d995ce56e22 --- /dev/null +++ b/packages/tychon/data_stream/tychon_epp/manifest.yml @@ -0,0 +1,41 @@ +title: Windows EPP Info +type: logs +streams: + - input: logfile + title: Windows EPP Info + description: Windows EPP Info + template_path: stream.yml.hbs + vars: + - name: paths + type: text + title: Windows EPP Info + multi: true + required: true + show_user: true + default: + - C:\ProgramData\TYCHONCLOUD\eventlogs\tychon_epp_info.json + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: false + default: + - tychon-epp-info + - name: preserve_original_event + required: true + show_user: true + title: Preserve original event + description: Preserves a raw copy of the original event, added to the field `event.original` + type: bool + multi: false + default: false + - name: processors + type: yaml + title: Processors + multi: false + required: false + show_user: false + description: > + Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details. + diff --git a/packages/tychon/data_stream/tychon_epp/sample_event.json b/packages/tychon/data_stream/tychon_epp/sample_event.json new file mode 100644 index 00000000000..4b3beb399a0 --- /dev/null +++ b/packages/tychon/data_stream/tychon_epp/sample_event.json @@ -0,0 +1,13 @@ +{ + "package.updateid": "9f2ff11a-e905-4dde-8cec-6d1f948613f7", + "package.product": "MicrosoftDefenderAntivirus", + "package.name": "SecurityIntelligenceUpdateforMicrosoftDefenderAntivirus-KB2267602(Version1.381.2926.0)", + "tychon.id": "5b30ba26bc503cf639fbe77cc38fb015b4e965dd7f4868d3f47f05c7b7f3dc68", + "tychon.realm": "TYCC9ED65C1B87545D19954D5C3AB93D947", + "package.reference": "https://go.microsoft.com/fwlink/?LinkId=52661", + "package.revision": 200, + "tychon.campaign": "7f979c0d-29f3-4e87-9edf-3cd854fdaf2b", + "": "Succeeded", + "package.description": "Installthisupdatetorevisethefilesthatareusedtodetectviruses,spyware,andotherpotentiallyunwantedsoftware.Onceyouhaveinstalledthisitem,itcannotberemoved.", + "package.installed": "2023-01-3009:21:18" +} \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_stig/agent/stream/stream.yml.hbs b/packages/tychon/data_stream/tychon_stig/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..7b2e95976fa --- /dev/null +++ b/packages/tychon/data_stream/tychon_stig/agent/stream/stream.yml.hbs @@ -0,0 +1,22 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +tags: +{{#if preserve_original_event}} + - preserve_original_event +{{/if}} +{{#each tags as |tag i|}} + - {{tag}} +{{/each}} +{{#contains "forwarded" tags}} +publisher_pipeline.disable_host: true +{{/contains}} +processors: +- add_locale: ~ +{{#if processors}} +{{processors}} +{{/if}} +json: + keys_under_root: true + expand_keys: true \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml b/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml new file mode 100644 index 00000000000..0ef19f821c9 --- /dev/null +++ b/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml @@ -0,0 +1,44 @@ +--- +description: Pipeline for parsing TYCHON Windows Patches +processors: + - set: + if: "ctx.containsKey('tychon') && ctx.tychon.containsKey('id')" + field: 'host.id' + value: '{{tychon.id}}' + - remove: + if: "ctx.containsKey('tychon') && ctx.tychon.containsKey('id')" + field: 'tychon' + - set: + if: "!(ctx.containsKey('id'))" + field: 'id' + value: '{{host.id}}' + - set: + field: '_id' + value: '{{id}}' + - set: + field: '@timestamp' + value: '{{_ingest.timestamp}}' + - set: + field: 'rule.result' + value: '{{rule.test_result}}' + - remove: + field: 'rule.test_result' + - set: + field: ecs.version + value: '8.5.1' + - set: + field: event.kind + value: state + - set: + field: event.module + value: tychon + - set: + field: event.category + value: host + - set: + field: event.ingested + value: '{{_ingest.timestamp}}' +on_failure: + - set: + field: error.message + value: '{{ _ingest.on_failure_message }}' \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_stig/fields/agent.yml b/packages/tychon/data_stream/tychon_stig/fields/agent.yml new file mode 100644 index 00000000000..b016157d3d2 --- /dev/null +++ b/packages/tychon/data_stream/tychon_stig/fields/agent.yml @@ -0,0 +1,169 @@ +- name: cloud + title: Cloud + group: 2 + description: Fields related to the cloud or infrastructure the events are coming from. + footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' + type: group + fields: + - name: account.id + level: extended + type: keyword + ignore_above: 1024 + description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. + + Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' + example: 666777888999 + - name: availability_zone + level: extended + type: keyword + ignore_above: 1024 + description: Availability zone in which this host is running. + example: us-east-1c + - name: instance.id + level: extended + type: keyword + ignore_above: 1024 + description: Instance ID of the host machine. + example: i-1234567890abcdef0 + - name: instance.name + level: extended + type: keyword + ignore_above: 1024 + description: Instance name of the host machine. + - name: machine.type + level: extended + type: keyword + ignore_above: 1024 + description: Machine type of the host machine. + example: t2.medium + - name: provider + level: extended + type: keyword + ignore_above: 1024 + description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. + example: aws + - name: region + level: extended + type: keyword + ignore_above: 1024 + description: Region in which this host is running. + example: us-east-1 + - name: project.id + type: keyword + description: Name of the project in Google Cloud. + - name: image.id + type: keyword + description: Image ID for the cloud instance. +- name: container + title: Container + group: 2 + description: 'Container fields are used for meta information about the specific container that is the source of information. + + These fields help correlate data based containers from any runtime.' + type: group + fields: + - name: id + level: core + type: keyword + ignore_above: 1024 + description: Unique container id. + - name: image.name + level: extended + type: keyword + ignore_above: 1024 + description: Name of the image the container was built on. + - name: name + level: extended + type: keyword + ignore_above: 1024 + description: Container name. +- name: host + title: Host + group: 2 + description: 'A host is defined as a general computing instance. + + ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' + type: group + fields: + - name: id + type: keyword + - name: biossn + type: keyword + - name: domain + level: extended + type: keyword + ignore_above: 1024 + description: 'Name of the domain of which the host is a member. + + For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' + example: CONTOSO + default_field: false + - name: hostname + level: core + type: keyword + ignore_above: 1024 + description: 'Hostname of the host. + + It normally contains what the `hostname` command returns on the host machine.' + - name: ip + level: core + type: ip + description: Host ip addresses. + - name: ipv4 + type: keyword + - name: ipv6 + type: keyword + - name: mac + level: core + type: keyword + ignore_above: 1024 + description: Host mac addresses. + - name: type + type: keyword + - name: uptime + type: long + - name: workgroup + type: keyword + - name: oem + type: group + fields: + - name: manufacturer + type: keyword + - name: model + type: keyword + - name: os + type: group + fields: + - name: build + type: keyword + - name: description + type: keyword + - name: family + type: keyword + - name: name + type: keyword + - name: organization + type: keyword + - name: version + type: keyword + - name: hardware + type: group + fields: + - name: bios + type: group + fields: + - name: name + type: keyword + - name: version + type: keyword + - name: cpu + type: group + fields: + - name: caption + type: keyword + - name: manufacturer + type: keyword + - name: owner + type: keyword + - name: serial_number + type: keyword diff --git a/packages/tychon/data_stream/tychon_stig/fields/base-fields.yml b/packages/tychon/data_stream/tychon_stig/fields/base-fields.yml new file mode 100644 index 00000000000..12f19913146 --- /dev/null +++ b/packages/tychon/data_stream/tychon_stig/fields/base-fields.yml @@ -0,0 +1,18 @@ +- name: input.type + type: keyword +- name: log.offset + type: long +- name: data_stream.type + type: constant_keyword + description: Data stream type. +- name: data_stream.dataset + type: constant_keyword + description: Data stream dataset. +- name: data_stream.namespace + type: constant_keyword + description: Data stream namespace. +- name: event.module + type: keyword + description: Event module +- name: '@timestamp' + type: date diff --git a/packages/tychon/data_stream/tychon_stig/fields/ecs.yml b/packages/tychon/data_stream/tychon_stig/fields/ecs.yml new file mode 100644 index 00000000000..ee9115003a9 --- /dev/null +++ b/packages/tychon/data_stream/tychon_stig/fields/ecs.yml @@ -0,0 +1,48 @@ +- external: ecs + name: package.description +- external: ecs + name: package.name +- external: ecs + name: package.reference +- external: ecs + name: package.type +- external: ecs + name: package.build_version +- external: ecs + name: rule.name +- external: ecs + name: event.kind +- external: ecs + name: ecs.version +- external: ecs + name: event.category +- external: ecs + name: agent.ephemeral_id +- external: ecs + name: agent.id +- external: ecs + name: agent.name +- external: ecs + name: agent.type +- external: ecs + name: agent.version +- external: ecs + name: event.agent_id_status +- external: ecs + name: event.dataset +- external: ecs + name: event.timezone +- external: ecs + name: host.os.type +- external: ecs + name: log.file.path +- external: ecs + name: tags +- external: ecs + name: host.architecture +- external: ecs + name: host.name +- external: ecs + name: host.os.kernel +- external: ecs + name: host.os.platform diff --git a/packages/tychon/data_stream/tychon_stig/fields/fields.yml b/packages/tychon/data_stream/tychon_stig/fields/fields.yml new file mode 100644 index 00000000000..8b93caa8af6 --- /dev/null +++ b/packages/tychon/data_stream/tychon_stig/fields/fields.yml @@ -0,0 +1,96 @@ +- name: id + type: keyword +- name: benchmark + type: group + fields: + - name: guid + type: keyword + - name: generated_utc + type: keyword + - name: hash + type: keyword + - name: name + type: keyword + - name: title + type: keyword + - name: version + type: keyword + - name: list + type: keyword + - name: count + type: long +- name: oval + type: group + fields: + - name: id + type: keyword + - name: class + type: keyword + - name: refid + type: keyword +- name: rule + type: group + fields: + - name: id + type: keyword + - name: finding_id + type: keyword + - name: severity + type: keyword + - name: result + type: keyword + - name: title + type: keyword + - name: weight + type: float + - name: benchmark + type: group + fields: + - name: guid + type: keyword + - name: profile.id + type: keyword + - name: title + type: keyword + - name: oval + type: group + fields: + - name: id + type: keyword + - name: class + type: keyword + - name: refid + type: keyword +- name: script + type: group + fields: + - name: current_time + type: date + - name: current_duration + type: long + - name: name + type: keyword + - name: start + type: date + - name: type + type: keyword + - name: version + type: keyword +- name: elastic_agent + type: group + fields: + - name: id + type: keyword + - name: snapshot + type: boolean + - name: version + type: keyword +- name: event + type: group + fields: + - name: created + type: date + - name: ingested + type: date +- name: error.message + type: match_only_text diff --git a/packages/tychon/data_stream/tychon_stig/manifest.yml b/packages/tychon/data_stream/tychon_stig/manifest.yml new file mode 100644 index 00000000000..03e33073008 --- /dev/null +++ b/packages/tychon/data_stream/tychon_stig/manifest.yml @@ -0,0 +1,41 @@ +title: Windows STIG Info +type: logs +streams: + - input: logfile + title: Windows STIG Info + description: Windows STIG Info + template_path: stream.yml.hbs + vars: + - name: paths + type: text + title: Windows Patches Results + multi: true + required: true + show_user: true + default: + - C:\ProgramData\TYCHONCLOUD\eventlogs\tychon_stig_info.json + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: false + default: + - tychon-stig-info + - name: preserve_original_event + required: true + show_user: true + title: Preserve original event + description: Preserves a raw copy of the original event, added to the field `event.original` + type: bool + multi: false + default: false + - name: processors + type: yaml + title: Processors + multi: false + required: false + show_user: false + description: > + Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details. + diff --git a/packages/tychon/data_stream/tychon_stig/sample_event.json b/packages/tychon/data_stream/tychon_stig/sample_event.json new file mode 100644 index 00000000000..4b3beb399a0 --- /dev/null +++ b/packages/tychon/data_stream/tychon_stig/sample_event.json @@ -0,0 +1,13 @@ +{ + "package.updateid": "9f2ff11a-e905-4dde-8cec-6d1f948613f7", + "package.product": "MicrosoftDefenderAntivirus", + "package.name": "SecurityIntelligenceUpdateforMicrosoftDefenderAntivirus-KB2267602(Version1.381.2926.0)", + "tychon.id": "5b30ba26bc503cf639fbe77cc38fb015b4e965dd7f4868d3f47f05c7b7f3dc68", + "tychon.realm": "TYCC9ED65C1B87545D19954D5C3AB93D947", + "package.reference": "https://go.microsoft.com/fwlink/?LinkId=52661", + "package.revision": 200, + "tychon.campaign": "7f979c0d-29f3-4e87-9edf-3cd854fdaf2b", + "": "Succeeded", + "package.description": "Installthisupdatetorevisethefilesthatareusedtodetectviruses,spyware,andotherpotentiallyunwantedsoftware.Onceyouhaveinstalledthisitem,itcannotberemoved.", + "package.installed": "2023-01-3009:21:18" +} \ No newline at end of file diff --git a/packages/tychon/docs/README.md b/packages/tychon/docs/README.md new file mode 100644 index 00000000000..081e0decad3 --- /dev/null +++ b/packages/tychon/docs/README.md @@ -0,0 +1,143 @@ +# TYCHON Agentless + +[TYCHON Agentless](https://tychon.io/products/tychon-agentless/) is an integration that lets you collect TYCHON's gold source vulnerability and STIG data from endpoints without heavy resource use or software installation. You can then investigate the TYCHON data using Elastic's analytics, visualizations, and dashboards. [Contact us to learn more.](https://tychon.io/start-a-free-trial/) + +## Compatibility + +* This integration supports Windows 10 and Windows 11 Endpoint Operating Systems. +* This integration requires a TYCHON Agentless license. +* This integration requires [TYCHON Vulnerability Definition](https://support.tychon.io/) files. + + +## Returned Data Fields +### Asset Identification + +TYCHON identifies an endpoint's operating system and returns the system details. + +**Exported fields** + +| Field | Description | Type | +|---|---|---| +|host.biossn | TYCHON Endpoint Identifer. | keyword | +|host.domain | Endpoint Domain. | ecs | +|host.hardware.bios.name | Basic Input/Output System Name. | keyword | +|host.hardware.bios.version | Basic Input/Output System Version. | keyword | +|host.hardware.cpu.caption | Central Processing Unit Caption. | keyword | +|host.hardware.manufacturer | Hardware Manufacturer. | keyword | +|host.hardware.owner | Hardware Owner. | keyword | +|host.hardware.serial_number | Hardware Serial Number. | keyword | +|host.hostname | Host Name. | ecs | +|host.id | Host Identifier. | ecs | +|host.ip | Host IP Address. | ecs | +|host.ipv4 | Host IPV4 Address. | keyword | +|host.ipv6 | Host IPV6 Address. | keyword | +|host.mac | Host MAC Address. | ecs | +|host.oem.manufacturer | Original Equipment Manufacturer Name. | keyword | +|host.oem.model | Original Equipment Manufacturer Model. | keyword | +|host.os.build | Operating System Build. | keyword | +|host.os.description | Operating System Description. | keyword | +|host.os.family | Operating System Family. | ecs | +|host.os.name | Operating System Name. | ecs | +|host.os.organization | Operating System Organization. | keyword | +|host.os.version | Operating System Version. | ecs | +|host.type | Host Type. | ecs | +|host.uptime | Host Uptime. | ecs | +|host.workgroup | Host Workgroup Name. | keyword | + +### Vulnerablities + +TYCHON scans for endpoint vulenrabilites and returns the results. + +**Exported fields** + +| Field | Description | Type | +|---|---|---| +| tychon.realm | TYCHON Customer Identifer. | keyword | +| tychon.id | TYCHON Endpoint Identifier. | keyword | +| tychon.campaign | TYCHON Campaign Identifer. | keyword | +| vulnerability.id | Common Vulnerabilities and Exposures Identifier of the Vulnerabliity Tested. | ecs | +| event.id | TYCHON Unique Identifier of the Common Vulnerabilities and Exposures Result for the Endpoint. | ecs | +| vulnerability.result | Pass/Fail Outcome of the Common Vulnerabilities and Exposures Scan. | keyword | +| vulnerability.reference | Reference Details of the Vulnerablity. | ecs | +| vulnerability.score.base | National Vulnerability Database Score of the Vulnerabilty. | ecs | +| vulnerability.score.version | National Vulnerability Database Score Version. | ecs | +| vulnerability.title | Common Vulnerabilities and Exposures Description and Title. | keyword | +| vulnerability.severity | National Vulnerability Database Vulnerability Severity. | ecs | +| vulnerability.iava | Information Assurance Vulneraiblity Alert Identifier. | keyword | +| vulnerability.iava_severity | Information Assurance Vulnerability Alert Severity. | keyword | +| vulnerability.year | Common Vulnerabilities and Exposures Year. | long | +| vulnerability.version | Version Number of the Scan. | keyword | +| vulnerability.scanner.vendor | Open Vulnerabilities and Assessment Language Scanner Vendor. | ecs | +| vulnerability.classification | Common Vulnerabilities and Exposures Scoring. | ecs | +| script.name | Scanner Script Name. | keyword | +| script.version | Scanner Script Version. | keyword | +| script.current_duration | Scanner Script Duration. | long | +| script.type | Scanner Script Type. | keyword | + + +### Endpoint Protection Platform + +TYCHON scans the endpoint's Windows Defender and returns protection status and version details. + +**Exported fields** + +| Field | Description | Type | +|---|---|---| +| tychon.realm | The TYCHON Customer Identifer. | keyword | +| tychon.id | TYCHON Endpoint Identifier. | keyword | +| tychon.campaign | TYCHON Campaign Identifer. | keyword | +| windows_defender.service.antimalware.status | Windows Defender Antimailware Status. | keyword | +| windows_defender.service.antimalware.signature_version | Windows Defender Antimailware Signature Version. | keyword | +| windows_defender.service.antimalware.engine_version | Windows Defender Antimailware Engine Version. | keyword | +| windows_defender.service.antispyware.status | Windows Defender Antispyware Status. | keyword | +| windows_defender.service.antispyware.signature_version | Windows Defender Antispyware Signature Version. | keyword | +| windows_defender.service.antivirus.status | Windows Defender Antivirus Status. | keyword | +| windows_defender.service.antivirus.full_scan.signature_version | Windows Defender Antivirus Signature Status. | keyword | +| windows_defender.service.antivirus.quick_scan.signature_version | Windows Defender Antivirus Signature Version. | keyword | +| windows_defender.service.nis.status | Windows Defender Network Inspection System Status. | keyword | +| windows_defender.service.nis.signature_version | Windows Defender Network Inspection System Signature Version. | keyword | +| windows_defender.service.nis.engine_version | Windows Defender Network Inspection System Version. | keyword | +| windows_defender.service.behavior_monitor.status | Windows Defender Behavior Monitor Status. | keyword | +| windows_defender.service.ioav_protection.status | Windows Defender iOffice Antivirus Protection Status. | keyword | +| windows_defender.service.on_access_protection.status | Windows Defender On Access Protection Status. | keyword | +| windows_defender.service.real_time_protection.status | Windows Defender Real-time Procection Status. | keyword | +| script.name | Scanner Script Name. | keyword | +| script.version | Scanner Script Version. | keyword | +| script.current_duration | Scanner Script Duration. | long | +| script.type | Scanner Script Type. | keyword | + +### Endpoint STIG Information + +The TYCHON benchmark script scans an endpoint's Windows configuration for STIG/XCCDF issues and returns information. + +**Exported fields** + +| Field | Description | Type | +|---|---|---| +| tychon.realm | The TYCHON Customer Identifer. | keyword | +| tychon.id | TYCHON Endpoint Identifier | keyword | +| tychon.campaign | TYCHON Campaign Identifer. | keyword | +| id | TYCHON Unique Idnentifier of the Common Vulnerabilities and Exposures Result for the Endpoint. | keyword | +| rule.oval.id | Open Vulnerabilities and Assessment Language Rule Identifier. | keyword | +| rule.finding_id | Open Vulnerabilities and Assessment Language Rule Finding Identifier. | keyword | +| rule.id | Benchmark Rule Identifier. | ecs | +| rule.result | Benchmark Test Results. | keyword | +| rule.severity | Benchmark Severity Status. | keyword | +| rule.weight | Benchmark Rule Weight. | keyword | +| benchmark.name | Benchmark Name. | keyword | +| benchmark.version | Benchmark Version. | keyword | +| benchmark.generated_utc | Benchmark UTC. | date | +| benchmark.hash | Benchmark SHA256 Hash | SHA256 | +| rule.benchmark.guid | Benchmark Rule GUID. | keyword | +| rule.benchmark.profile.id | Benchmark Rule Profile Identifier. | keyword | +| benchmark.title | Benchmark Title. | keyword | +| rule.benchmark.title | Benchmark Rule Title. | keyword | +| rule.oval.refid | Open Vulnerabilities and Assessment Language Rule Reference Identifier. | keyword | +| rule.oval.class | Open Vulnerabilities and Assessment Language Rule Class. | keyword | +| oval.class | Open Vulnerabilities and Assessment Language Class. | keyword | +| oval.id | Open Vulnerabilities and Assessment Language Identifier. | keyword | +| oval.refid | Open Vulnerabilities and Assessment Language Reference Identifier. | keyword | +| script.name | Scanner Script Name. | keyword | +| script.version | Scanner Script Version. | keyword | +| script.current_duration | Scanner Script Duration. | long | +| script.type | Scanner Script Type. | keyword | diff --git a/packages/tychon/img/TychonLogo.svg b/packages/tychon/img/TychonLogo.svg new file mode 100644 index 00000000000..47b482d3444 --- /dev/null +++ b/packages/tychon/img/TychonLogo.svg @@ -0,0 +1,59 @@ + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/packages/tychon/img/TychonScreenshot.png b/packages/tychon/img/TychonScreenshot.png new file mode 100644 index 0000000000000000000000000000000000000000..9207bbeac5834424fca597f59310f490b6c33deb GIT binary patch literal 337235 zcmcG$cT`hZ+dhnKunaPeA|e9gAgDn=L3&dVkX}PCB29V?2%*?fs?vL}2@qNc1VU5< zq)Q2b1PDk^2#AnSLc(`^UY*~p=Y9YE_FA~l+2^dYOYXh*eP7qLePgJv$#L@HNj5e% z4z2t5jDgIQjqT|C@!x9&oSZZ*Pz}LVgH0%7K7X11YQ@rZ^QANY`3xJIZ@gqm zg>Jh0`gHh<3ZU%dhkXubR;om#Nd~s+=Q}g1OP9@YTgMyNB_rDMRe!YWN6Nm64qB<) zJ$3%iQlQ({{x+$A1(co6lnibg`85pOr)8Q6Llt)qao{Fev^9zxBR=voFV)|58+#06 zVwXz)_{ zoa;czxnq&mKc6%iW@wuxq`H;4uRYc8eG^o2X^0VZUZnZOVeoWG@AamjQ^(Az1+n?j z{@bT(h$eqN47?4})uelaKQ*Rk%Z7dN7XKYp_kqhUuro&Q{{5OZUdBr+Ga~%S^FfiB zFTNrC7pjYyXBQ~^MJ@b~O}y74tlA!yZ2tbURdR_bot6 z=fBGgO${j3Kfg?_Vv`ZC(mEMz6&-cL7>8bV$E`@;D}j$D1y?+14td<&(b2)**W@O- z36i3M^4|Lgy$1=+me;@9m*i@SE>?>Q+FOJVSv7k;jo4We;ouKU=?rHyCyq_QTyodT z?Ov*ZsA(Yagg_ifps10{r6=6Wd@4}ys_pcFgsZ3!+YHi>06l?U!6JH4LJ{`XY_f0mgwdp=X;ZYzFzL@d~9KpfG!)ykJHpQ4>20dqOV zo(B0pI_|6dXreG9N0euKD$Q!2Vm zf5`|4%^(}&h}!|BCkHEw{z`#GpDT}^Xf;n63Cp>DT}Vmq5E28H{%gXm+g6TQp(9RR z(9N;WyzS=1UaG%W(`vKK@p*G9j2Gn_$U^M>1-P|Zm^?-6~ksX2T$`??#7X!O#H(VNj@ol>^}Grk49 zC6^(DwXr#Aw+FAWv6V#AO|NdZ)iA9Z9#?!6{5$*nuV#k#ajIhI|1$!qS(Ur|;e)=%2FP4&e%zzM zdullM$8H9sCtrQrAYYA-ui4w7 zND*25Vc$L^y;_@UAv&as*|wBJQQj|4-*awzWhvl4R$-!PJ52f074|rpnpjn#ht9p|EclEzp`11z9glf#ZOaHwgMcH)<@WFs>L-DMibQo8g{S~d#fX7 zF8ZoR#_`h%CMRvcC~vPRg;lYoiL$}^gY6g6mA2LF0vB8iWW0v&pW+rX({|4UW&26sr)aIkd15P5_IVM~8sQ9j?b6Fv zYc**Y7U6^YaMQc`)I{@UV|80XSz4%VXmj;4$s9!rsy{Dk2g~wlvE~k@R(^PnXr$<4 zA|Lt1r@(ZxGRzwYrpCV1^8*$ey@Tkfp5M$L5Ah79FRdl?F#eowLZQGsh;p@<{cnPhQPj#QyGhfLWDY(G-;K zK2j=bRqLM;F8ORCUZUj4!pe%9XuU3!zBXd#F^=>=MKHoMF>TUg9)YW0^dkrNHF>4I z>xjQ6Nv{%0>I)qo-VW(8?cWP-WXij=Y*SCwcl~r9{<7=TiJ|Wi zqu;!NSm`^l_`ZKMxpc=i1)mvME&=3=z71+}wkai9{+@vc$TIarDl@+o< z<%TXrCVL<5T3ua@UaixSa{BxSu*}%UU6e9*aw;y&W=jiUS|Q!xS|h^f-O{Yl<^b2- z-CcfYznQ2tIrA?5bAP`c-aZmj-SqV&L$d)GYFDaxEavoPk&U@sNJ(`IOP;neVhx6y zjWkk;$;s*4SU+Ac%ydjthExehv~>~=g0yvXaKO5g)4bT5>Vn?rh5WLP0&FlA|Q}70N@7@KuDj_uDF48x8 zb-cU&M&SEK3)I-Be2b8IY4#2(SA~Ss7eq|IBzDAbB~dT+ukwnE8%#Z*=^e0`rk#Yv z_NatqG^KjvFAuvSjW~nHaeZF5!`=A%YbPrCI>DGDBEE(4@@oaF^Y3iy#ed{9m5IwlIySsZJJ9}ZtN95GfhIKiaN=s9Yjs#GWxN7&T2s@bb3kfOM9kD9 zsU7*3LqbIKL_S!HJ*6~|fh{a2G$yp_EZ7=q4N)4xhg1kCNLk`xP(^ZHnWUi1%1Khg zC!Rsery{1dp_V?(G^?SEp3Z(XY*ozYQ;GFQBdov5HtzYosXj@IFwgUJufXGXMW#By z3R7_MN_SS^b`DBTXJM^?eI2Qjk70ExpvjpOT91d%%F8r66KpSHEX_U+nG{-j!^&G& zZ`W2(BO>(Ux77e~xA$N?VN>q}Qdf8dUl49xWrs0iA}$4f444jIS5w*@4WLsl{_s(} z(F^+2I(^}}MuoN7vVLFu7Y4P_#En>rln*B7V;CP-=Vt>Bpu6Lg)_ro;#f^=!fyAFf zZzwDLha-zaLS`|lkkIJ0pv#5rNf9AFH);zDk@A?fsUkLvb#m|qUX#!U7ERm&Q<4=Y zop1VNt!-1^Bcs%+B`Ak^#2f>qCFUUzN-9@T)1h#&mQ@Kp#m9!5i-RT^5+x9dD5~7J zBQ}yKjhL!cW0!ItH-wub8r5#5*@af{HQv%@PpLg(eWbe8cxXto!5ydlGFha|VSBR3 z9S57}o%C(zK$rKb)1?P<6bv{nj-d$N4efFvZiM1D{9(&?k43#0rznT*)X)ge11pgI z8mO2SGM(scV&$HhDsJtqG9AJ2B9B#NDX9c7_AHs_`1z~jcx7OIbDe1BnDr{2R3D6Z z_^>eLkG%XZd5Q@79 zt~S;Ro`R(DJ(8r1xA^24n;27B5{P#K&3rMfb|cFn-9l(O;j*^&{o!b?UU0Qd2+}=- z93WZm6G~h2@|okOgsu1+aZg2(!p9=e<4bQt;{p~Nb8$DA&K5(ANNaqY@P&X$$!<1wif#GWn}C~>e16*{`1MHU?BF-HAK|NHN=vU8rK-GKZ7+0n zTff&&Wq+rhIlfS+Pj|eVA#UE^f7H@I!`@zi;Wv^hN_W&+8LhxDcbH8ARQuke|I_U! zUl&(qXJd1$fGFSg4fdM*XnDl}bZ^D6y~bg?+|zJChMD`{4IRoo{J>J!BbHqT?qdT!92v^znKDh@t^Q}n4pxXhSR4?M1b&-2#3z3avMP06 z)TVg&>C=y*cM6h`aCA5-9aU zf`K?G{0dzm%5C2OOaA;Wu^-t4T|y4l5+o1QLg?Z8UJ8MR9WH945JU5-Tp7&`AP7#} zMxQ!U9v%JK(6>+DwdY-K^#`jWI%F6^eM+@5zIC74SULJW?gW9jrAY;CR;8|b!x}nA zq?~NBOZnya>w1z`&*U4I1h6EO;NKSj?8MU&a6x^o^cw>3-i+E%Bn&X<$57}5)+%+1 zPUS)1u3#2(>(Tk+QE z@YRgx6|AJ0u#mU5+S;(MIiNGbZv&UVTn-5hC5$X;w&@;wLnSs&jC8)@;629+B^&m4 z>hV_LiO%NA61b?oqO`OqoB9_urv>B+y@-tpCN4R=3yW(m?6I-)$>*p+EX>5s-Zhn) z0}JP>ni{72X#UgO$6x(gqK6C0uQ4E-4^>rDDj}=m{IJijkC%ai-ny=i*TT#&nTK_b zxl_hOyFOYj4((?(MOLtZ17X4$jZHhU(8<>gdpD+prpT!5BLTuQskyn;Xb5GTE3eNG z<*gJF^7wkOO^ECD>tZ^{c&3Acww6u`%AhkLo=YPlzN5l!pkR|bGUtdRREdOIQ6AaLaaRF0j4{GTB8fe7%3rjk2nq(PQo z)$x%HpM#T#_fKIeuKQJHhb-H+^bJP%rg_02Su3@z{yuzrUiQM%r%&mQ-qkHZZ>J+D z;J5>a%JY3$6+l?%M)twN{7cU2K-KSQxX+glec#v^+8k7N7T;X2RH5y`#mRL#P&pkg z+r_lX(!F0GM)He{dKXG2oL$!B>L!hbgdeW5XePK_zjXHgtrVyPyGh39qeUls1_#Y6 zDk`qNs7*{vOd%ijtdn%8g|6|yT=Sr2R00x7?=k>l8l#7*iS_qh?Yx+CxFRSf<|r?z znCyaa@oc2(>E2g7zqPkVLC`3l-q0UoBf@Fld&S+p&3vE-dhhQusUU|5d`>rUgvd%` zEDH_+!Rc9fe*OYZ`!etk>EwZCmP6f*Z z3keAveC@uk-9y^kY{z$5YhCY-j*s)RlK9loC7>`ikwN`l6JJo#lsb{-a$ipi_u)DF z0u>V4wtATD626L}e)7bLp`H}@Z75w)z3Wps1Ri@bHiOXU=4{`Bud=qEpOO7Jndj%< zKYb3s9H02@u?|HrunMFgKT`_k(NBQTn@)&i2*k?siD4R0tZY`Aq|lEj>f+`^SI}&c z3Tt176w9>Bi<@)>MzeG!poWqO4MlCO+$piCkG(sVj&MoGMC7&JUE4ajiJ}((DG@ zW9-Jza}4jqp~~z)v9m>PkpsS^`u!bygXOj@rTk3?xtG`lg?kZti}Nu1(F~Qsvi*&g7L_C+N@!yz7q^D*uh@W`!~PQ5SukBc;3u<8E?8fJ;C6LJNCc&ieI&?g>uLG;H2MZIAA&UDXeG znI)JO(j8~qZzV;;lOicEx$QWmrE{VFRf;Fw2S1^V0>o`r^Uu`6BkpRO=(vNSOpi&o1g2dTA!sbi2a8C7o57)jy@A_GoU#FufYYoBgzQ#m&zJvz zza1X!oq9juDCqu@z3@tI%X&>$fd6_;%Wa3RPSCLTPkO0rW?H9CoHnb<#33JT7?-JA zwK`>Jgzq)CvA&zM93R@A>-1O|=Gr3#74l(I!E+V;uT(zcl{M;nrY|y6<;;S)=Mi@Dcl`Wz(Y zF;)!@)NK%JYs#83pGbh{_XT-PHVi2XXAqs~2S{`Kp&ADsmAx^fhq==3e3Cm5mnm_u z$=2(>ZN1A3jgFRgiq!nY=m^c0*$b0Xt-Wio9^uO$pg2k*|3#_qN09ClHir(ee$W8? z2Vqq5Wq^!=bn5qG+ttXcDtaaYYo!Q*)zXSnieQwp zv~}Gd->9BqRttB@#2*Cmenx3 zoxDLipv%g0Q4JF6FQVWMMH&|!L^pTN8eF?|%V;igZ}){juf%MrrT}!*uGFzhKT{#N zdT}t%726q$Wf^1Sk+j(;fo0}4$pkRj+m4;TLvv3o1U@3!0r(jTpE9+jQs%MyeF44y zy;sV8w2MyZ`t)fTRbfKiO%gU30)m-9N)>8(EG``_7A_3>&FFZu`=&7DzIV>c;jy1J`P4a_m^jkOpNv zTFN7OJ>X~H$X53QOlsR*gfgXfUBL)5aF&eEP%KX*r41V8K1Le(f%^x&cL$hLWJs?W z5C_?slbj zvVrn2qg`{nmj^-~9Tr7#LQ10z0Qz*m!W#tZdA}_+|C|TS%88Vkf9e4HbH1-fJz|Xd zgWZmuH@Liynz28Ikf(7+Phhgif~X=?h3U&!arD`Tih<7ka%B8^C{!LRyf2}zcTr~8 znaK`pXoh99QT_(`zI_5&FhQxRVuUqH!*h(q96&V$HRHxK1(p4PU3#$MEC6ikNqLV+ z+jEtsisrhSr%3d=?y-os=x=cF!G$i>2bNQkTlz|S-UDHYJaHXY3D()rOd#CNX-x;+ zUp)2t^|#{+7gBKbgUXI7ZFB-9Xjw?^`tAz|eR)DHZF?O-ia4;%V}6ZhI>P zrhpfvORijXTN<#{hnrUTJ5R~1@{3xv-ZLq6+GqIa`x7xxHGPd4GX{RQ7^`cu z6);tT1ZBu*vS?BCd>mLbMC^0M+UCW5e}=SV^zclDyN$Yu|3Jxy%KnV z={EYM#aqRUNd}ftv$A+9RUE1(e^VqfQU$X5#csWgiM9>(T7cmOvVVutSL+4(=?nPP z37**o-fG@Th4rR|@x~00`QjBRBKyxFC~M#2;2q4onc{F*jM(ViZ=T+Bvw+uR3WRtY zb3%2YQU9!y1USS0C$=J;lqefkxq{d+YV$V*^UO>hzBK!Bh{%*qK0__jtmeO^8 zk$lQ19T(Y53y4Ti_x{0HYlC#1(>L?;nGfTCM6fXpK5S1Co!eXijl;X}D!aPC=701Y zLhVP3s#`Xs<96LEBlc#kF$ZhBWT>S;iU@b1HkU}bJxPZueHJaD!Ukc+q4H9JMo0h2 zRAS0tz7KDnJaKxAT_Dc5C7zoy9C3v9Q3v6+7mGFUNbea(ZW)x6aiR4`wffL~@|#8X zxnR1uvSTUFrIbH+xyebPcJ7J7`O2H45J6VO<3|=oCmoadL+4KbwEHx4iQ_*C0frdAm&|mNmmtT_GjM8>Q6Zl5tN2{_FSv!vOxt8@dR}~k0Nv}FU zgtYC=CAeiO$jn96oGdi!&jd)KRLBk1_0%uJ6Md$e1Y|%OpZpQFnXvYM3_7~dImQL; zK9dsUmm`n#AbMG&yhZ>kqETLSTOmW^rh*DYNaaQ3z?QKLP-fKutNaM%AfVLWy!Z}y zW%%jd*Ru6d|2gB5kjJuBavlvbHuk9B$0om7&y#aY$C=KMUUd@)HJ<^X__H^_H>re1 zzzF$PjUQI!`qFZmSS#{E{|fe;4kPdi(|KK3!SC z^vH5)39@E91bJ+{`bl^Bf+n{BWXdpXhxkiNq@Mt)g2F=?5d)^Pt2Vd6(A0k4((h)) zcYukZhTNkKd(A4OkQWvjaKhn;xXm;yYdky!SRsdaA{?0elKT;$+K&8AjVakJpfpO2bIZX!nxqAl(2fc{^Xx_$PX)?DqkCqe{ zkN?^Qo+N(I!vfaX5%vG%PklE(z-9=d=Pa7z_n(1!rWA_4nP{uV#%sJ>`8-_}J>FPn zco(MIasHPgi!IyIwk2?E|JbRN%uI3v@U{G#fEH`C*@V46LxJS>OVX5W@c)El@8!f4 z6;-)F$-$+-`-T>aKA_Eix;L|bFaKBX2hOs$w}V^E^Z>NJyZQ&S{N&lKNVN=XNgv5{ z@gKtK{cd-O_w&V-fnV|a%q8rS?yCKkk2~_s80CA-}wiUxh&aWRw3X=wJ80F1dd{4E}ZfuUzcH(I2h;?__iH zxaqHf`PZ|i2Th}1UlgZ!2BQw&_%#Oqdd}whB4+ckM4CJ;>s{h6`}@~(-@CqADA~Dx zmHfK&wF`jo{~tBZv}*p}y?=h^m%07=1du;D_1piioiDb|_WM_LzbVoQh<|N3bZt*s|6%NV|bM0u^G?#r6qXX z-Me(bfA{>ybv7L67%@I=TQ1?8E8r7QBq%pdmr8Isz`mZz%dW-@bq^%ZudGzOov9l* z_oRMksK_rmHriNQJNh4F?gH2Chsw~<~Gy3HF(J|!vsvrm0!v+;$%UhOv zlCn*et*xy;dM|huChvcRknz8)cxFp}{V;frb1k4V+TO2HLHHJqN6l{{{K^nduVIP5 zdUI2gtO?tI#;w}gfeZgs{p+F(AHrR36>z(gMt;6}dAm~v1*FAh;{-IG!(fh3}j* zdvvdLI;$C+K&vdu{GhDw@!Mvmk1h!YMUTq5*=g}gL8D-)8$%2IJqn_`OLMb@8Vm70 zKE}q0e6XJN>)xuGd6BHRH8kZsxZ2bxhFcuppyDDMU=TQ>rxrMKr%Bp-veF~UM%11Z zi`Uc985wnxOn&<||LKvvUO+%%jq=9FVh@aVJ{$+o46QVqVLcoijAYID*4jJvHhNu@ zc$7amCCPewUrTFfC+{lEn@Rx0Zz)qQ&m0a|3I;K0Vrfw=S%e1f5;0r(p5ETxT%WOe zzfBj8HkT)WB8b|UJtpb8c9_bkU|4DoFL;7sGcmw~o zC#cocVt|C`Z9+nVQm*|X63eeJpuDJ2qRlm07$S-EoG|6*e`!GXCi25n$_7WPWbDNO zv2mG{nm5CGxUZJu#A)TA+y(CcUNoPKEEQp8CZ=KEVMLE0kQ7`F)1=;VYQF#4))q32`z2S(qtHKEbo?qD+? zW{Z8KSKL^WhX-M{5_*+7+>~MziZO6jD3&5)eZAsk>kq+`iXI+wI&7rQqu(-GG;B<% zCH=7y>QU~Pb9{a31_tw&Bg;~_AN^=eC9zzYqj#lX4LMq(Zy8?ii+UA-)nIr0ZXbTV zWxnCILa{S{y(EH%KP!2zH8JRlvbtuHzP{3uW|%*kt|1WV2n`JdU1_S61p6Z0!6W&1 zkKBH6M zMk754gQq|yR_hoQV+!7=gc1 z9G2%K5V|m0Ng8`|gV?PPQF-HC^)<$cCabhenrj-7m3n(5xC4^Q)sZSn+?r`OQ23!3 z|9ARat>4U66<&g%N8bE4{*7wOw?NTKsYsM|-Mp)`-|nw8g?RT>lhbT?N$oaZXrVrP z8q5Z#wEEHAl`lhAY`0eqQ{$sYDz8GXt&Myj(AHAOq}Dp`y|98(1V=#XJ)?{s)A}fW zP7^8ka?uGHoZ0rEw8vJVuU<=4e7zIP^UeLyeif>$!((RNJ|CjFpcYLgQpalgPn+!!k7`u)GBcABmXg6gZ2~j7{~DY z^ITi~qM}^ObJh0dmkeAoeQ~H5IvIm)^cX8WE>z-lRBU*71bJ<%MmZg6>$tdH_uSYr zgDoj!`gNo#vKKAuobomqCXnjVM{H6V)Bof`2)|~R*H6rtYc=ueZTu!1uI!VRx-MTi zxVSd_bopL~P^tUJ9wwb$b*i^{-uiBOv6JrCjT)_qy1U;uuG>gR$;w*9@k$vMy`q5u zARCat4dqHdulRJ%0(2*Q&!#Y=e(@TJ{MPnN?+XCLBC$nIzRNZe6km+!SFG89c{pk z+3FIAbX%WJ+`V}V+@hQJ;?-K9l@m2MS=whBrollLk&@C2SQ4!%lLWL6!~AuUURly! z$RjtCN_9tIIFFQUf5rRUXU-I;lpR!E$1)25(2noao0l*7zHF^XA|b>e#>SUf!JxN~ z0D&Yu^oLZwUZTsHp1pgusy8<4a!X%O{aSOt`SAi+#Yia;feD)W4VYUSwRe)_Ub!d) zQ3;L)u7JKziqRBI9tTvnyKlpoVN#JF{)XCFS)rMV^|lkJ{ys^jBi*etHX}M-c>{9> zviuf8`-|9tU z)C8sGlXgSBKf1R}P4XTvU>Nk*B02g^hY4??GJb5ZB5HSNgNL!*m3cF~fBE}r<)?mc%p5z;TlWpxAp;sAyXqCKBOm_q zlJE_Z*ZKiIxWRn;w}pkdl~UN;)XV(}#}^TH&B&mc-rR)F(pr6|2Q>H4P4 zt))Q>Nes#8H9ge39^%(_E2UzQ6OPz`CzzM+?Y^?QC>xYDwwjQZ5Cyk=QubG3)zz>T z#qTd1#v13gYe+-V7QF(V<izQ@?@Au<&+G>p1N(A5@&FvBACZ*LAq>qb#ZB-bULobt)p5nT2B`@_N@pVz6w&vAI*P; zRnEnzsody49=(rN)Lmy{^dM^c)R^v(voaRkpJENcVaA!tIrVC}Yhr{mTnI)NVr1a+ zV`y&koiO>}vP6?%=V|fn1bg^_swC*FC@K72a6}6My8q>l^dch7~t#@daf}G@azGkBlASHClPH+ zB{U?Wwl^MFWDEo9-o})%D$*l%o7mqt$Q7Ci)tNU}WI8&WFLix&vctM1X#o0UBp>0H zs#@^%zuwz(iI^E$S-}7Zs+`Gwny?w`MO39;Rv4iZ*CWTD-i)-j58v$P%#?&ibhc6p zLV*Jw3+}X(6Q9Br$pH#|j`uV*DP4KO%TWT6;D`Q+e4Y}s`S!xPW?U56u1+uILEUFpi9A)(~<$x)BxIHO!NsuxwL`1mRiAzp858z}-{MGGIrz@;* zpiJ3~?YXXYa?CCJ@UoCiZa~{Jp1=%hT^zJ8j$Y`USYmbdTd#(=Mpx|6cajDv%wRi{ zDl4h%Ul8@L#bMq&%pVqE(O^QM^I`K8$d3}+((Co0oH-Uvg5sKIO;%xQ?XI4~NGc4j zFBi#i;g&h+#<=$&$*~GS$&!?ES(8S>_=}Z{{K)h%T|HY2KG&ylHm-s~jn;^;TZ7q+ z4YpyKLjvZ@or5fssy`y75LQ;(;V4ss{f6P(H2i)alXtKGA;m9>oWl8~0mlfWbp=#0 zMOaWoz{A7$i0zJ2o#c_en@K0klt$rg-pjuG{Nqf`KLhdj7_O|hh5m=8(L{pF*^3g} zTv;=tRgUM$5gsHf>u`LD-E01OI%DDlJS8zTVl|zE<&?{J-@~XX)@GsboumxBi&*dE z4PVDKJ)6#}HNr>8lTK%*+^)9`kbVg_$$21EWlV7EH|*(BJG;JKXyD^5Vt_h3C+ZR@ zi6X9|-cwbNuAiftbxV6}nPB7U6m} z!8;b|?qBtg)RRUYoS!Hg)e8_0N*#F{w{aMx4v8%Dzc`JJCMVN|pN=~rt5@MVlw_baz+Fp=@5{oEy73FZV)f%+1 z(wttaCUEB%NnM{t-{E{@XD1U}UdWEdjn0^*+;+wtqO^;GRYW;PaH1jvD&7J?bIK#^ zIjg7tT@~ZwO?;Tl`EB@{$3@DAH7PDPugD+K)`c&3%z^iog^<)!4~;smmQn7jc2an9 z`T0R$(EALK9sk-I8KM=e;Q4(4PXbJRI;iAYyXk2O1ZCFm;jT__u#Cc^1#;$@?-E=I zYpsmCQ(+V(z&+H?0awIt?Mjl;s7&!f&~IC4|5^O54T3J zEy3%JX%h{8_3mTkeyizA9hWo%6!pq0^eE>;XLrk1!&j# zM92uobJ`#_fQ#>Jk^kinq4WcO{F6gWYQ*git)kW_KFa1m4w1s|!Hc#T)pB5Ldkjv8 z2Q450CgxE-Et~D2^@y{&-};e+Jj2}^B4-<+dl}p`7W6;IS%0k|Kl1MnK@u6-Djc~P zp`PjWyN~a_{8}Rd($`THq%BJIL+~BQs;={yyZ1ODaQo@p17@VcDo8C-aad2#`%x81 zpv?khYieR*wuW4Hl+pdN%xF;{_Y#Rj%1vBcgiV9VS%Kw3&T5Ym^WUULnhJ8ZdWUVT zu;TKAyBVRpcB@&*IzydmpW$cR zQKBnY6>*EWGgmW!Mh1xXlm0At`MxRpI==&r%Gms3=_*_ynQc^$~@O?O2Q8_eo0 zg70nbfYWi^l-pcKisl}oHF-!WB^ zbw=6kDfDGPT?`9ACSjH5($84Pa(@yk?ZJ;somS5{SoDe;wk09VNbh23Ln;c{CB@2d z&!qf1B4`&_dAYewMhbt=%`e)x>0XyI*p4-Mk00r;mQLv=p$&1@vW5g)HcG*V&s_{L zovqcP7iA2zJ^+hR9m_NXtIn#Ryl%Bl+OBfSIFe@XDLespiVNQ3dVq21uT!Q!HrjdI zbnT16oK$S_ypzJDsWHgBy1d#}p~9$r&)pDPJ>u>ag+lTDApuVIcRYMUp!MLDGXF-k zQo7%W3lN(VKIHDah|RaQ1CFtcVh>6HZ~2Y1=j3X`Vt;$Pn#|N=YOUAf{aW_b9^DCW zrG*`!3r51v^C^dYK0S8((fIoe>zk#ZqzRRF#moqal&ru1{u|Jp{f^lg&Z2*tOTd!f zKlK$7b_shAwHlNpdZd3dwXw;L$hfI4Zqci}IoV674Me7E1WKsyEg6rN8(%8ymhWrT%0BW{mmP_A1y zR{l7EFq8dey2=`Lw_W8zN!h`=diXZefG&{{*4mmtbu^v746ZcPXX(H1#pAn_#kGfv zI7#rXygicE(pKGq2$d?e&SRqfORe*3em6@#P37n4r3{yHC2-u0up5~C>hMg`%Oe%1 zpc$;3*1oc_%ur01J&04@rT8goT8Bqg|ZhR<*v#(*W~ zcf#w0^A{G$g-S*ndtM86&~cuS(bE^GDu3oJ?dyud(`xMpzirdsrUj@lS031H*D7E?l)g4g%uox2$!y-r>)ExkNNc{lQzHFm?b)Z1jXd^3XHV6UhzdG23}JJ+q&<;t=tS=c3hzh z>H$1Bjs0vxpuq9Zd~EHp)B=j~T=#-0#q zUp;AbfG>+Log|uZ2C3MUlz@@Ldvi~NE(SwIq{?Rynvs?WDd?uYab}Nst=9E{r%+ap~T_{#wWbh>Xp#JWxr+<3Y}NJLI*PBk?#2t6P-KoLg}TH%ws6x|Wobl7S;uKTg1UnpgHXeZ1>~*+{gD*x*rkPao1O zN&q8z`YY)8-rkW2#mg3tFhY}+5#PRV)rdUl&y}>t+XlzkMN%Wt8?QbLs9ptzv@cYb zc3Tj@5B&Uu7+o(`61GXMk!4TjZB_d$X4F;@ATx7zeO@wX?S&G-U?A<5`zm>Z%fI61xs-axxA# z&JJWY&puJAoP=1Y5y0jP5^W&^Dp~2#y5i-6oQA#w%-*{a?CAh% zH%)eD&F(p>Wu4*O>i*~(V$sz(|3_k_^7JLYeSZ3Wc9(0+2zQwx@e_al1-ehNMyp82 z1V}{vOw!wjwpS97+rH0~vw2|Z1yNE>5OoDn9{!|acjs2HCK@sCeO$N32FQdWTQ%haxL?+wAB<)hAJhTjTS_07f=C zVbC5@_SFpFc#z&xs&icj?(A8{#>Rl;EQq<^dj(f*J5s%x#C`S)y2-<}%C=q~Sfd-& zEL_s*OC& z`k)jIHZ@I_#G@}*FX8QlT|`)VOgS&^(u zLCG?Ad^b~;Fo@jym>mVk@sJ5ca=F4UoK&@hZ#ctrC%B5UzhzbAO40v6+TJs+sb%f^ z$F3lv0wPG+iimWTUIGXr(py4k0Tm%Y=n#5Qq$ov@-g`@E(mM!9?-t{5sbwkmI8+q>hOL2693CAqQao8$1Ro=0 z?6Zw}%glv$=y(k*lQN=cbZW|Out=tF({|||Yxf;p5L6L&PClvwMx0=#R9ux^>FJe% zYuo^@(iEp}ubjL3ao?yiFU<3h==V-&fW$uj8k6 zZm!ke=UH#M*t{L@ogH_)!E)dgXU$ZqE>9ggMaOu1I?Ih#af~*1oBHOFjlM4l@2I|$ zvXV8$yo#nPvP5S?6oIayeSbjSo7EclSt4U2fBc&Rh@W;xw8ztFMWsdTh zB)rRa^WK}c5^@bUNg3?kdZ-c0&zzMs$Re#?ZejSbs|J{V z6P;(rm9h2&QW_}v59`sgFDiLmL&Ld}Vo)xHMp8K{fz5r^QAAR%sbQn0Zf2_?pDyt$ zp9q~n>Id|tq4iP482y$xShnr>|G*reP*--9;Q~!BZ|^%lW(cf z9@QVN%w11#AohB@k5ssA(Ctjbo)#Fay0}VewQ@*27>es+ak%y+GzcmqGbpR`=sME% zObPSt%>~d|Got3S@0dvX6^bdA)hDjm6=Px!gTT;20}a`LNz*Hq{`mb|kR`54p=G05 zYoW_eL@BAG&Z)7X{!bYNcN|#$*>i4cEC)I@^$!e6OUatq`XBQ_H;EII^FsTeUsa~P z@fm={SKMKz$YE)3o9fqa{k~MTz70$En8P9p2!eMaqStyVfB^QFHuXC|(9)6j(b81) z_P&%MZWx%OaY~0u?gjhbaQ|8O4Rbmhw2j}t-(&&+xon{02`;?~OFz76vks5G045o9 zJW{3c(O^{Y7FXe!MjOU?Jhjm^j<~~5g-mmR#%>XAW z0n*ZEw}Y=a>tq_;iz<*(Q>43>wf(r!aM7bwlOy5{g28ohTj@U?clFB0P6g}lCo@8& z@}NfUK$uL<4Vz0>t{}d@_X2_-Mez3HPfm&ZQWm(ful$wo;?yy}_6-3iBWX~crOsUK zH|8L9`MjsZT3A=DxAg$9;#jjC&X6ipH_)7vJ6ED#!>Sm?oRkR^^H@}{w@~t3vsQLV zSU_#w<;sF=wlodwNiR9zQKKj95w@w|gnfwndKX00T#Nq|?FG->p~!OFExVCI$6ah0 z5q&sMV|6{K&w&(Yx>0Te%Lx9{tkkcnV-?`L#~3&~?rr%G0}q72c}RZsP^UXn$FpWZ zI+)2zzjpsqLt<@jTtev)?RiHH{7sOQT}XW$>gVpd4-@*=uNSpGKUW57?Jf~53^Xb| ziq&oO+FLEpBBR_fHV2lqEE@#f(ZZKeQDYm{lwB*{)KCOwqs1w9b!SY!od22X1wC!2 z=q~)2mmv*gZd+1Ox$|nerxOGTBd!Y-NX4eYYoG%>1zoGNg9$Wuw91}9%x#22m<;B8 zXF7wpeqM5m-uSGgYa|T96!=)%Q0Mm-6&7M4_C+UAVTswAhJ~w;%1E5{mV;jZ^%zI3 zx0zRQPRldFw0+@zrHRF}GuxY+eL9`5HnCHHPv69S4tUSx%iDb9o1HCN(27j>cwJqr zuT46#`N%cN!%hg2-y`>vUFjMqBef{T6x3A5vAuIH>|VsX9=#+B_vOCxmpJQ`3pBf9(kgKh_2YHO+$ihdP(? zC+5rZuSLc+0D=_&dm0Fd=ZAmTpm)>%iZ!p`dOBzsGpf+U?O?9@>Qz~uQ`|Sb=kpbf z*+oM`nri4F$iOK7lA}FfEhXd1_orMHHU8_g2gpA*XF09cO*tu*JCnp{EdajL6x6kG z11Yx;*fr67v4!)y-lq&Js1)dGZLK(3Eh3OzVrm(%8d4Grp;U(Uv!Jv^ukHW#@K#>n zZet7KG+To)0Y;vSA5hkC6QRKi2`oF<%^U|wJ#bACJ=D4 z9zp|uRo2F`o>E~oO)L;r-9cQnK@ii**G(rFovC9PkjDC$yfBT#2gfA%)W%x7L=K6; zl&2A}iAYfrxTW~^CHfQ6ZC%~s_?=8M8^>^70<`GKq=;Kz-0Kjo|Fyyo)Q*~SW5d#)TSdcz^8|wkkwf}t8>43=Tn;i+NISJM!J3%` ztvmj9?OV*XcX1UQ1S&#TarKq+O1D3t&x`3_fY8;DpJQgP(_m%IaC{=s9Cto20JUwx z`KABTM?1S&dmoIP6Q;M&6`;eC311BTwDSQqqTOf+ zgZ~Y5>*Ij~lvO{TI8vbf63J)m@WQ7iWHSF->@Z!nSWJ@h2eeT4qJ?hHEr7l*zj1YB z2n$O@HIKbbN*(;nMtuMnJt+3H-;Zv+LtoPZ>;sX~7j2z@P)Y5ORSbY0{gy;36IY~Z z10Q)42m9{Jc0ug_3p@JW-3wqxxi_cnWMVlVJP3b6YkTABuYKpX-+m6L5Y_k9N@J)Y zi1Db*zy#eKU1yC;ZnY?IG}%q^{`MBRC?!`BEuhDT1Hw{(oEw}AU@KTk z%6}C#y=(s`1PBDpIoS*!d^|2&Gz$(N8cM{TY&jw!T8(6s98i=FrVJPJM_O{XP```5rMit#{67(t(&r?mO4DI0 zSC{TM^z;-v0GIYpdi5`*kZr#in-r;k#;?p@@q$ZIwAZ|Ktm7g|*@Tli+X6Ng^PgeH zE9I?!E#trQ|0|pMFA>7O{>b)!6FhwWpX%iMrT>Mi^zSYaO#2^x^{+=r95tx$+fc6j zNgWsZ*Z2QBZ!2kkP5kE9Te%OE|0#L+mv2o=EZx3^{GqD3kRwJ*oBx+j{+Uf&Hvp_= z#SztvVz(1C(m1L9W=j6^n~7Yiv}pU!Uqbq!|LMBO`jEWEcAx(<>w0rdI*R|sKacm9 z*CjzH9UWbg#rKu3(b1+&aG zThRi9&kd6s_EPPe{Z!-~wwvKhk!YrDjB1`s#??yU z;v&Q&JVHX1Dw3DbLs@m}G(4yO6odFz?E5)TjJbNKg>dFz~k;dr!^uMKvrT zA;H7bzF!Dv@;R{?pMjaF$8$e)I2@hE6#S`};#O2=MkDL2W|@>wYh3do;O(z9NZK;K z9ia(Ox{Jzbe<(M`k-C*i%9Rc2kpH^Ke`a{Wi^=W|o1TVmLmzdHj^pFbZ@0JLAz4a? zkA)r$nv0gRUIS-~O~o3ohKEJE$@rm@+|y}vy7YPB=6-K3l zyc9We&B^fM5|u->2uda@CudyuUbfhHoEQITOw7oLV>2L3`&&x%sa~3#a8IG5+hN&X z%D5>pVGtD^I;#cT4XMT0WSZPr8BKv*mfwCwM)qCz%SrpC_00eDyd_I4`d^^;|FZ|{ z3{Y+H8^Pmy0rK7LK=pD~Wr&vtRB|a4yzj!H}LIfscO##Kn-v<=fu*}M~ZMKpe737dk4s$n?RX6+-)32OS zd)SPakzpV9T111O#6)Rf*CiM8f#tK^)iTPx5_t1W)jPbI)fB5#!N`2nahbVy@a=G| z^>ziWz11cbC~l|M9-c8)x4nPaIvlh+{bU_aXWCn&)HjC=({uOeGrjlR34~_-dmt+Y8b}Qy~*|O@YWLDer!xRg@=3Td+g^OaiBJ&M$WaqDhN> zq;do^@;XhDbUC900#%01L4$z)=kBs`|LWu$XVj)i{okMnGO|8Ut8UtAKk}G(#By)l zhx<^Y5%4^0j=rjAh<4CZO_AUNXFcL*!-c#bN>*(#kEY3sWz3*YKAg(tuc!J_nk56# zbE|p8H=gxb$=OV8L?bIRJMVexP)&)7APid62JL-z+``%A4(0 zF0N8o`D0zT%3>HS>hW)Vm!|0FNvu9-V%7Px6GzhdX1`9(s_=%O%~@ML-W6|OzZ+hfEEQ#h~A5%k1(T#uJ=caGi~ z=6Ze*WqMSEi!qMv0vrTO1B1Q`?!yR` z`Rb??OJm-Wp_uF4%E6vc%#f5f=4WS~$(QL5qQ<)u?G%pRdrBT|PNiqnzD+_=d~fSy zU-M4Bv56fDnNf6lq*g>73RCFtlKi>XKlqDo5|cw={KXG7E37(<=&wWPOr9D_DIXXX z)&D{>AHVjOnd4s^SDtDR&=vI@NxnumQT=$X_U zk_JQds?kGqSU;Eb&Y6DZ2EIm2%avftBW}|q14sYr+OJk)sXv~**23hJ-E9Q(*Bx%b zapdS3Xdq0@*4FTSG^!==4{fSrsgL2?yIrS0qdpx_GVFA6qeea5N@5}=@KW-u4F(0% z=crcdg;TJ3{U9rlWajg%Xv6`#gX13ot7h;EeZMa#rYEAb+U{50mx^8!$@B~;)s7Mw zoRrJN53Zl!-rps$rL*{wvXN!_lh7ipQPSc$9bJ z-5hUc#XR=Vf#uI!w8oW7_sz4~Jj;zL@dL8$tcbB6Ya>3N`}UL#@;ex}C7$Y&2C8oL zFMkL~8T|CQlxEQp5sr~OifLuHR$9G-&~F?X`q;NyOr#nPVr>{5vOIRLh%d9u(bODr z^vn?hbl74V_hVpDUDxRv#d>dO(>U7LL1-pTQM{KGZLv`6CdI(rrA=gH9gm zvz%0b6K;rJflpa@3bV?%7YwQd(XG}RK@ll}%%ygpLCg&0&!s%Ka{NyLbva%(F8hVs zAtkuvlUXAb!(mx8n?8kVw=`eujrhrq-GROoDPYS0 z3ekSC+Ha)?~LjkmrXW#%Yo~qNj9N_KSgViLt{~Q@_HSznWnz@y=jmB zY$&B<4A-Yij-`x`M7rC%_9?8b_u(p|K|z9hp*-z*s#%Of=*Awey1dH9*lgXjcBSj4 zAg8@Oow={f}KKgxeH-;qU)}h!2d(DZRm&hQft8>^w>~jRNb0^o zy{9V1OC}VuOhWB%J_xZd;sFO>WkG|X7!jJ|oo(KBH0Qnca8obUj#~TOwNF`QJIaK_ z@-LflDD~fBlE@6I?7Kwfh34C5nKV|#-zLkjs`as0hKiuQSeF1Ic9=02_e^h;(gT{% z?0ReUf)>xA2kX9CTvTjA zj^`okx3{}o6bm1m9ceZSRLetCIQMQgYO?y@7>0i3K@ve9F$%-Gv%liH+`1davPmu3 zkF%RzgI@D!8Mo)u?D=&*tA5;1Zb*KQ6mjQWC-p;~GhIIJJ?Mfx_Qk53=X(BGMNBeQ z5K^%WDsA)&3QyENv%WfP1ta_!UDYvL+3se(!Ue^(c=H(+<{Sw-EYf6rR3c7@a}l5C zj^taJUkYFv`N(pTB}J87;{zEYz4H8KACr760T%bTFj5x$`4JOlb!!*{e_QpS`(mCv z#GEw3Rs%m-1lZppAy3h_pC@ti*``ToRDpYyAv3Z6b5zM~s@0EA-OES&`tKEtBA^fGj-M~!%6dmVZ0xY<64ivmxMslpu&Hd1 zM3x7fC<+Ts*}L%5=5$yg${h7893!&8QEupa^Sp;paK>c_t!0dZ(qPRN%W`?+TX3ls zlxPln>F#x=Q>4;+y^;~TXwpsG8P%d;m{9br!Agimtd zEA?{s9zznE^Qef5I6wM$EO8S?B`ereKdGPojY8Ttz^xagi!IMoYly zjFHmYy+kOcq@olm4jB`dV>NwOAKY%S!MfsTBTdWrbaW9we1rVbHA zui31tnPaTf)gbwUb;%C5-D`!-Y_LJcGwM9B2>Rv{tniU+$T&kP@91RebCp>^_^xpL z%*9uw%(Vyg_sSe6X+jRUw2Ap%1YK6`VJUi)UBdcU^u>ZBugrQYB;Q5`vr49)kw+0~ z?D!eG`Aqy)r%OQ|vOKxIFwG;;G|SIor{bB#a9@p#>5?9VsbI$#A5W<&d(J93e^fF) zW7(}9*&mVwb{YlO6HhPK8u^@rms=m%7j$c$TJ)dL$J4T;#$$6l3_ZWjRa>ohS3xC5 z`fJaR)NNuIUK9JfisTV%N5Rsu@=-OM<;apY9^1ZgSgC-un-5y3$VKAS@BMB%5ouJ3 ztI0B^gh{?_sPJcLoWchiJ+*Jx*w9pR)@?C|c!o{h-A5(U|CA*%2x#Ucund2c^fn_! z2akyh^Js`Ry2($?XND|s{3 z&>Zq(2VXC9Vz6Yx&a-m!an+>D4Y}<&CQR`-mggK(z-mI#)Zl<2Prj9PTKA^AdQ5*x zoQ65)^aCPul_vip{EnZ((5mYWc(cUmnSMbBk6vkMj{l@n+$scB_~=5)V8_0-dcA}& zsb}2ji5`&?FnikXZyrSi&Cc^co)*g|zDbEzoN6uAy|JKDP!L zHj3!cTba3cynL89zC0v}-`yiNDH_zmN|goPE_ta0?hG(}tXUosQgK`%(h>6RF`xs+ zf|ZL68Fs(3)$Cg!l3Mgu4xbIFB{-+(ETHewimC&_3cSvv)WhNhMhUK(DDmOwD8L^# zQ35K;9N~cHXj@tto*nzHKl?`~wFqGJo{R$*=s^nf8v$M7@kO3-a7GPM=8nd0JUzp4 zOHq43K5dw48n`^$!eC6EQ%lQA4-0XnmIu}8XvIKAQUeOLL!*J<8d)3snL5>BUvfrP z`!hr_`G!-##xh3JiotjOrqC8NzzJCnpRs4M)e9dj#MTT^V%q9hsdxu6+0Lyxhwd=& zh_5UL6oLzAhXu;XT5Hm~9Wfb|PLO~eE2-y!(W>3K`HtRF2=Ri^6+1lBsvaleSEs(! z<;gVm-UcBw$}Oa3b&rH~D#E>n;F>K6tcfRFSD(+ib?oT|+50x=<{$t@j?Y)Rg^75M#d;1e4`_9it^%uryNo z1s2f2;P|z++%V_NKz8H|rz-Z$q~uOp0HTdA2x2#YS+$i3_q2lRPgf z&%G9dU0_{843q8x!q=g@U1n125+A`CfsGHG3rB_yBLp{siguU!9I zs;yP;XmpmS@GUkYTBbYw$bH+hgo723Fy>BmC@*xJ;q5|uD zV=;Ir)-oD*S@9m!X5hB_&zww6>p+Q{p7|~+edocYt6Mj|Ox#8tZb!pUOyMA`?T89x zWUgnnzY39@VLBmS!}tuFyOLM#=A7qQJOkP*L72`Z)B4erdD=Sjm+uNBOP0OOq>zb|vNyk6|yJB8kZ0~YZe zhxx($I0pIrLG(vcPPsg7D~+fiF;t*nRGmZR4X{P-9Vh9|87*iCnniPY?>tzhv|?uD z*vx8E(guSFD=!JJ)D!M^TX2q1%R+P7tdE-_q~I#25aXpyp#%cBt4rZcazp|e4c!Sd z4Q9?rS+dkHd*S2Z!`0P}k4s9*Y4j*HxW);-3V3{dK*@E&1{#d3tr1+$M<)X-(ic?Wjp4Bp1%b->r()$gq{@=REAIz?%?YC*cRAy#_P zgJ@b+VxA|W>{&w=uSHyz@t(#hv4s% znZ>obon8szVCfr_NpaEdnTrVfPpNXtwU>|S{87-91OYeXxsBTXNCCAeZ^j4&5}=jY z7E|Xp6ABC>b8<=^ftpDk2KC32xz653nI^^0E%13k<(}=X6{~p&ZI!`B_xu=`pnM~8 z4W$~lUtTLXR50b0_w|(1tUdph+b*tQ_4MSOpXj-gQr)1{=X&*Ao0{ARCl<}QE|Wx* z&()CtHRP}q_Lm6-wc)nr(wzl<)6UgY0gj_zZ>(^)k(Qr+@n!_vi|(uy)75s8{6j&! zBp*Ip0mfL~%0GG(Kc}l-DK(&dhL|brz|`(ez#T9vQH_Fx={WIMe>PW?fg)mm5mLGQ z4zVwnXTDIUN#8mbttvRL`Tebq>7l;Zo%${e%YKgS+cOFmqDzr9PtHR!X@xri2WJg~)6DCHLCcujWKo%!p#7U&x)E#E}xNRQM7s+8uKQU(8;x`m;g8L`6W#JsnlozxnI+?0p$y|yw7iA zf?r@f6d37kDI6hIQfbr|%n?`WxLFDpIMHZ=^?I>n$Ft1Gl8>~vR4<#W#UefOw84vP zHPWjv;Ep#uXZqN@JC$j(J5gG+x*pfg^$B7=uDLMEUCEWPu3P+kON9Ytr%~v$bx&X~ z3rd{G;V%PrG{8s2qg3i6q%zUi3ewGzy{EaVz0{JszcYCQFKBt zx1aLskwd2&PZCHeW}gtp^8=zmbi=1!Nj`farF{6Ja^qgwU@66|+v2^-sTOsIHH$rv+isxW?7vqTTfQJ^oj=<)Q~csO;$MJsF2 zrlmT-_$Iq=DAe!a#sTfotl@Y-vh7Sy_OelyW)`{qYIJ^TV3VdE1X;adflstre%qx) zE4@>}L)&N(B2;8pfF$BjK@OjM(Ar`B73*WX)AVUc=%`-t2_utImcFvc^V;vpwf)G8 z$??cpIYGyLYj{ry@`LG1AX+D>C3h=9kHJWBn~w0^cFmbPh(JrpNFM41J$;o2eFeY)5)xYGq+j&izhLZdWcZ zDWq9Qqy~7vNtsg)XZgQ-jntb}AyJ$JmpA1F8ZQg-=(5Ar?Y5w{qH2H)v)HiaeDfx; z`z2iF&C&WygWFpF6S!VrNMJY`s*b&?)srUC{OS;`8kN@B3hhFyjqR(T}^3vQh)2|QW)tc|;v-pt$8Y#eR!PyJE)aq>*(#qrHUd`U% z*#4B$bs0`$E1Ceq4W}428llg`e)%Yla|=uTT{j)+l)6 zkV-z7>ZFth+SUUxT>HS*UAhWy5Q3{o<~48Lp4+)X%v*jmm2tEYlZA79JSg^911I2_ zeN^|W(o{}Ag6j;D0wt9gE`2JuMTe))(Ih+++#z3wV1?tDb( zGN22L`7_eO8{R*h))J6Z-41vx>KXRu`du#P?r}N8-P~uPlg!88opf#NhcDGg+ z5OJ+Y&)NP4pEG4V%JsxP97hre!@}8{@6ryF$;?Y^E((JBN+^2PabYGEMdBz!aH!n7$ z&+)`sC8@SGuHylRw*0ewP-B1RJmmSp$L8{P&vWtZoySnKo=D0* zr8TY=uwa+pBMZ2vcF2)x@mZsWhmeGVg)6xB{8Y`d)p00sWdB}bYBVM)z&LVkwMf%T z^&_$Ud4dq6+`7xxkY z5<~QyAof>@icR~u0XvEu{l){)bs5anG`rRH#^n)T*GZ$LxGaHbli*&knn7u0Au)5&|7 z$CfH9?}_Ww@>VuTSLIXD%F!4v%hp8JJGk}+=gh|-RPZipRxp}ssBqm`4zBJQRG2$@ zqblvATV%->ji8F7+@#t^r$D1wZ<~r=v)iojx+nfLJS4u{Ic^uYa z*I9EGuyBNEd7iWIuKr%kXa_={b6`maoFhF;tqH#Wa6kOTKU|fCwhHabv3E}o=Ja`bacP*bjNBd<{~Uf@#Da_vIKGfo$R8QI$trqsH)L1a5C%WRi;G zP5f~SjmnfcG7&C^WEz1SxduD!_a3?|l&MDCOg`SKJ*pqUxb698bDDff5H&Q?YezIj zytGGF_E9hL~G(g2G*}tclw+Nft@)O4DTc zmmjnYr)%%zc15>N`k+Sdq$&x%hz+`_<)vP27X6qkmr?)KDUU|4P`l((*OKI;2QsHA z)vOuu@yIoA?|oxnKQ4W>YuNFR&IJ2Sclq6dC?m|Ry@N2g+P$afNFZ_+Fi zf@xJWmGf`cpU{S}c|=BmrttCJH5Ln*k2oGZQZPJ6+IDonl_-cYawXZ5R8QUZWdmIu z!>xN!pX4R6Dfl+48MHqCzI*NHpRQ}gzCm9a6}<}CM(#-zUZa?NZ(n;{uZiJjVT~Sy z$|;)jx%ub7&q`r2&Z!bX@#Bgj>9GPfm*&BqXc42FPl0UeCJ%EmSJvqh1e|76DQl}L z;vqM{c@`#-vGHi6dq%l^|C^BHQWy~YT*&S|8WZ3?6KG7!rXFSfpMCiINB3(gR3LCv zGslWF#LMdEHw8eoS*rewbPugn8$Il{$kyJ@Iq7B`xy^MF*9cz?V7N67wV~`3?Xqa} z&maB8(c}zO^huv%OCj5wgOrqXA-q(9dYj11dQ8ei&g^YLzt%K^jm2ixYxE-wnKG91 z3`ctXIteB*CXMAJCTqR)wcu6#`+$UpI~$ z3MEOFVVq(Pfvc9+z%#pC71EIG-yjIobI4yIh{4;}TW{rZD!`ReyMET01WkGnE_fcc zwySmn;RK6ev&I$60cs?z!#7ms(roa{imGpO+v-IPpL%W#tgp+=e~nHZ7@HytuS_!R zc2QbHI6SQ>1^cA4&X#*mii8BOqW7(B^dy=Df48KtrHfpEL_pVv?+pua3T)>Nhl@vi zIB4u<$hC6-Z*&WB)B9_eF|c8ubZj$n2Mmw@Sk@_NyL>gdz} zL{JT?tN8m#`DrG8Ks#LffF2Hz#`pzEL!Pq!UG-0T@K&yj0;@W5#{U0`aAKRn2Q(m) z4!`dA{OtEt5Ww;*ba)#KsFH)(*s|M00webGrQfqs+76(9K$vnA)l)z6Up|p0Ky5(2NmuMW6)x^+-$s5?#hnt*AB60sX zv#oE@pM%t#{!Xw;YyUUYw6_Ond+_m$NW(zWy3G$)@KiXeAe$ z%K&WkOC6P{oQwWL+4~W;b5(G>Sy@@)4q;I% zbi-2FDSsZcn+gE^4iDUP`uRV%U1Vd+;RGc~{@z2$3}Smg#KlRsW9H*bf#d(8yLz78 zH#v=r=Vbca`Ixum^iV{%CLD27Ol&f|w2YJf~z-^m1o@*x;0`J{b-QK^OP zJ_j)p8kppMgG2JZuAyP!_TF|_kP->t0cn`&;jlH2Bou$U!E5T<5mB*bu-tkOfPvA& zRY@lP#o-Z}>l9LdyM=U|YE;6mE;XIQ!yuzK==}dd7JvK~vRL>pWU=-c#H$6YEB7O7 z`ISuk?fjh(hqZ~<>FSeM;==*)jAxK+gA4yj#MD+YZSwC@i~q0HK>yFEu>UjM_W!Aj z>Hl)#9ne%x9v(dX1>1_5(`#fM;KY<`9t~uzLHq2sd$YhhkFR+=`k&kTeXJK~ErRVf zPQ7#u@^5Ep??vQhj?f@*apzJyCMIC>GqaEWiJ@Xz<07Q$q|T9v&g@(gao-|c>@)oH zU$(T|6u$o{@_l%eaVqEi`?@n4@=?~OOPjz>=X7+{v3wqUzAPAlDMUg-N{MG9)1T9X zb8<1!(b@C!0ZRY5^5=qPF*Xe#m-H0w=OA3+ETXDHy@W?b(u={ z-6Fkcu;n?gE-iQH@t0>@qy%(n>+Vi>*P`hkR8(}Aj@&zYF%Vu}x`AG4Qz?F%FHh$t zF8bY`wx}LZ+W*a@b!^TqOKX-lRRQFSe3&J|RE5e};)c#{{DeKE({$AhBZ%z};8~3-H zk9W9Rw|+ad-AjshH`V4T+L@%!E$r|73kzFO!X}0qgL5!Vd?&kkO$RIh16!H>Pbs(-SSncRGqPMM(V$onr;4&A2nF zgX{)_=QY&-tODS5TA4Fh8Zxh3FXi}Y@=UndyyNE9CPj_=vM_F0nNC|%Ir!~t;%Dj? zW|OtDj{CLz1y9ZAsIXP#O!O^DZaZ@u{U*$EaU_Z|KAF4S`KcBtKrfP})!!x`(py_Aj1QV;Wxz*vDi88%AJ?|qZOvVaz zTqa(|OVq#6x8~l%549T)44>Fbc}kcZ6Tb1ul<&O2c1Sbsz~6|am+`hP@YVdvb1$}+ zF+zUXJo6LRX8!!;3SS{hu1d-$V7Hr#u%8W|al0RMoS!J;PM;z)Umc=?hJm2PKuBsSv_SPuHkL7GI*7OeZ%PPsg ztDa8<>{3vP(zfW4iU9kbd-LYaRbkkdL?a(BRChMSKGKnV ze?6IV9+lVfZ7g#bgsn3?;kr5Pd|7R`^ToV}rUgmn#lNLJ2S5?wlez)O@iLTUW$sa^ z^=wC40-sJ*D^)V(YQ`X6G?%(BOzI=+s4Rx?>&ZGXt>-bM@*D%UfUIQ;b$0^IC85G* zpY<)IHBk2pt=owRZ~ApHWWoFVO10T#6Hot*t`8WU8n&CGe9Yf%C>Ce)R=U4!95BuG zjKjZKA6i(Rb=TRqdS0{~oGd+lKr#NXw2{x?yF1>^xGmISmt!l!WRifRXljBIIXYjc zrO0FZTMBiuhFkV{+PUNC#FH+sx8jJ;@b?f@Mg#1t%tvo#-fQ2LID25PJvgKn8<%D4)<`o4ng z!~40Mx7nNDq%BAKF1hnfH4Un8JzcLIi>){z<6T`E8}}M7c06Q0F)@@<@$N5d)D;bS zoTc#fFzC_AJa`u&c$0#6QI?j6gbv?%aA(&l(2(MEq`Ki<_2?}pvrBtS{8DxSO`D;# zBKG^p$k9IUr*p!?>NKLntc=`~nd=*b9FZuN2|+LGmfPQ}A=HC}dZ2+m+u|DL$13S- z+Mm$v9QBY%r5tiHF~wB_n>|UJs)<4JTLVmI8zs9#pKP)`t+G-I9=FzBjvY1IJ+BEP ziT1~OKSB+c4&*-fbU~AM#}8RO@fZ?uEMR75_wt&-3C_c<4`#kmFgUIGsUkmsT58^g zEzx^^SaKL1haGQh{Awsvdv)&omz1WA3CxyP&|931_wDw#zC5GfpyH#J5==fp?n1^J zyBr7BO-_vUR*BsR>GaG9%^f;G{pK%8@oqafw?zN0&wj!Coc7RP290!0PdVju;_3V& z2r+ZMb-Vh7D*MCPKexs7_L;9&PPROCTBKSIq|m7`;xxwl?pGa|jqJ74Z9MI+ITl%U zr+j?IU;#$^pmjIrrkkWalLreL)n=AIU=HlY=zUH51K!Ti6(hzBxFeY@w&ySNCO5Zv zn)1*FB(*thY8?p6dc7NB*VuL`2XoY&k=%8P-wHlDu^~?exo7u(zC(X_eMrbB>^MCyO zpr?0FQ?l zo%t)gjN?EcI!NE|XuWCA80Xxdpphc;fx3Dx}`+L`EK!$PEFKUsstX_+8G8}gjhZjF(ulkD=W5`zJfJ*e}b~+2R zsO3iu-4jH!W}Dl*I)^xkpSpr-l3BX+&Bwu8T+^P?YEe$vT8OPQWcDtI+!*Birt|xW z&VDP6OJ0p)-OCKR2=sRUHA*}CJ)L|IUw23S&2`+5C7B)s8__GtDap~k`!>?5)H^b)BwLuk0*e7dLez=Br z@`o-_S83W)vaRyd;VG|M9+AL8zrLp0Bc^-qLc6Mueje5gO0qj6PBtS zbb-+kE5zISiIO&Tq*_<|f}`tdJClz;))mW)Td$+9xW-|TeBbp8 zkLTTfr8(8qTAaY`7$Ns`}TY)^nx>|Iipx5Zq$9^>0Zx%9j>x-R$nDRmN0$?f%tvzbPsC@eSi* zHQG#ymWFG%ItB4^*YEYlT7wlWFBn}1v*St^WWR3X*z?F44%LtG8n!IMm$OECUf8$L zT`3}?&4avr6#1eTt^2FvOyK+j;^8Czw`SretR5q$OxN!YQcyZb`A^w#j6km<5erxP zlH1HrL21AMe5+NxQt!sxMMdq8S8hnBNLv4_vg2xC-l0sE3@JQEbL-ZJuNy|j!;9<7 z`x<=Z`K7kUx%a-=itepat}F3fNZ5z8%CiWLu*W7geGO^q7+vS7!fXa_!$+rIfv-WW zCZk_ZCmEWV7^-IK2rJ_&S&XN8a@3yCU2Z&0_)s||lXs(c@K(Z%6}C09tWR>8$=T(y z@BIlI&NiMWcb56d+oFpL2E5xO4P0&p_ZqjoEiG=juz)q%*=i};xGQLXt*+dc&Qz>_ zc`1AvmJ&})G+B^vaFTQrTn{S$@XY>PLV!@~G|?2q{_uPwYx~w?HQEvG8&&9L$5Gqe zOxHJJ8To=WZyl$c2TJ$l@8YX7oxX@(YP^RFZpNq=k=?Y#f$ttjo}Bo+567tUS4w{V zq!~#Q)0l`4=+z?)%-~g@a!S#zd?Rz;Q;{jHd!~I(r4~$9=ky)e_CDZv!!Kv=3%0y$ z<_yH(!E? z?aJ`G%zZj~Vwf=)q$GH_G>)Inh6TACE3n_4Rfs%iJJ7Cd|(sN5vvQ<)-0d;ta6$+KM0*I zJ_<$<{QYu_g|u(Ud7p_^TaOs^r#!i?)PH%dXS4LlEK_B!;df)B?hu9@R&NL&xvYOa{*5i(%mE)T+Nu(EAIlZz1c9!t%8XfOu%X#O@ zKL?2H;Rcc2Www!g-Rm8P3>FqK&QK4v=C#{US8zW4OK&VKsCNJR^11Svqvh*gx=^1+ z-@j1c6#U`+Zz^=8za^+}9y8q&aJ5e;g6jA)zSki+O!7e%K9%}Dib*EHV z@k11a$dZ-xq3XwS*N;z^^TvK2biW3xq)pm6AeMN9Tzu zZ;D?Q95z4{G~TL9#MGoA<}^F<+itf_HWad(*PWszgi{^?)gw%~eszCU*Ktm@vl&vAT?C0BCU#C_x=?a(%-NPK8|{e9pK zYq8B)TCNOT-$Q7N>ay_7wmot%o zBS(0OlB8}Nq9=2DXt^ND-k09>ewFiP+nx&%CO?;>+N?&t=bzLz7$n^)T;}k_?%V^# z51L@oZRWtz+z=?m>f9rGSeRBf^)mt!8x0DtAl_o#)?jSUEA)MHntVFM(2M~OiZZ?C z7S|evY0yD%pCqbZQcC0Wxm8Hlp?W=-I8+#U_e_qWWd_zpzEMuT_+q`S_dQYER;S3! zhCfL!go^r=QjVqyVUg81i`+2dD{E%p34bYsPqrYHz0q_gxvSnR{Y0cixz)h4p0` zypux5PF-IF4so>1*{GT(I(-~04qUiUGjc5T|FQR$QE@fhx+sJI2^xZXAi;w>K@v2$ zyLS^@g1bA71lOR!Egjqm&<%m$?iSqL;Vj8AcCYQQ|C=2ErMcw|7+2le7f%WSsGK>9ObPek(}bfj_DhvyVK1v#m=F0iy5 zU8IIdRW!^dEJ>ujAHU8IRw5=|3oZ+L@c58vA@cIBOYK<1A6}*8r%aLZxgYPIz$jh9 z+lM=6+&LAI$JCeR{r=_O4=0{O!~j2%ua zGgi6Mxb<(D-RU|JOD)cVT4B_B_oJr+xr{Pt+r}oPerVi&Rc5R!1w1YJo}5AbPO8XO z*D?1vHvyQ+$o9CV$SAx;F_M@%Ig_`XMQg2iS-c-hRBS)+dE8>XAP&pVdw>i|ns@$2 zDycDU>nuF%s{dlsP?~M3yeHH>h!FBVBk2i;I@7Co;q;8on}fDcMHH`~z|d%;DK=Lx z9+NlGSJ%cvg?HnEh4DF0(pnAiZ+zw>tFVE1VpvF zZfc*!Xp${l+FSVe$%5t{t0{qt7wSX~p3G7}Z7b)qK}|HRw&yo${W(T@Gevj9(RQQ7 zIUk9^{=)Vrlng@}q?H7&>kKPUADSp<@|kiYFdh=Z6oS2+v&?0KQL>JI9vyHrQJn&*oS)Qswz z>a3AjD+*{)96(vg)&5{iEz_VPcOS=Il@v-A(*HI`ON`43p={2V$apyvI*DXHq~r08 zZ4y%?4fe$oUL74TGQBn+&uk_w2Ye`vc!UqBbJGy-9e+lc-shtp;|%UUQuuD*J}M!^ z*^h-htDQm5numeT*PNfgrI7&2=L72JyotOAH}tNYB&lN-knZ` zTyc@$?5z$9H*L?hJO#c|)H2`1K~Y5k{@S*ubl!vG(e_raytDK6{&S@~t)KdSi{%ZPROZ)EpTd z?8RT)ZxC8lC;c8^hlwLPAD>~7H53p)Q7aL{;|wCA9>V@{_0WcD6p7Z}mPiE@QRzAX zNBoqjAZ*Zf@^+awdi$XLL0*p3MOS=N-vX2n;;0XT zFlLk`tb*%L=$&j}Y~`uC8*56$6}suq8%yCoO*K!X)I8qCFp}3?xKV~^uWqz=c53lu zGf9@WWh=5ZgnR2YBkp|`Zcv!u#kWGLKJafjJO{R?BTmiV2&5Yhe|>9wYPISvMjFGo zONbVj;1d;Ue-*OH?}J#Nz>Xz5anRlD`i=4_(?+Vb`q6N}>ypolUD&!vp7X=*w~pu0 zpiyr!0kUU*iX)>WW|;CM>%Oga)~JY13)jSs42x5W z=rNR;{1DpQuCSQWG8ROc8gY+=0-Bfb4se;MJabWRw?aL4KM1BP$<;nf8880!s;bl- zBlYA;!PG3qx?{R|UWrEXKohG=D~5}K`5u=S+onTcYlqh;JfeHO@;595NP%#iTN%e>pbS`b zI6h)#Z=-u=m07GR2=!X@!6+-#^om%1qTw?^$VAE0v4JZDU7r&0s-U?bOvZIz9J){O zmO8QGcl>#?-Z|Q-tL`z7QHN()LxOcNXtlZy$E~No2(EUP9(3o`-0i|?6M=Hr(Tx>b zMj~@)5=Xkv#u#-sW(`%be>c<8jGP5sMaF(#q_GI5IFdjx5bZx_AC!=<*=Yb0ZLj40 zrh)+<=@&H({6Br9bTE^ec5IcUqf@^p5fcvuy#G7f(*xZA{H9ZlP|AH+86r8mt?aYo zWVkHi9+Xk7q_oY3SF?W_B4kYLnIydi*7>e~kC=x4-XZ)+_a4@4i!t9~v1 zRwfk1=aQwY9yuCd^>>} zV#*ni%%UgslYyZVj5lI#i+pb>5jZ??ytl8wVICEvRm4|8?dsQ)vRy2$u{}i*drf1Tjg!65q=-g?^`4! z50QnIm{0sDcR_wm)Dfj=SrFnWY8OnUC)@k{Mn7)En@p(Wt2Mfs7(^2IG;IEO?4L`M zwUn`1;yx;Q+1`l%RPq$knooE0O)qZ?mwVcBSknM6q!#Rw8+M~|n%p5eO_Hm6F;maq z_Ig{bJU~EykD+FasdYETu2#7b>oiZB&>QFkGvJ{=U z_$ElHJJ}F4EhQpKd1)+}F4z{~=M^MEM@IXd-!0Q2??yOxjybOmF@lgKfvr_td0oq* zHiN>^ecx9Fz+F?GQtBYtafw%LuNMzYUGtsWbi}^O_DZH)GFW{IceaU;Y!OtdS7-I+ z@0Tqfc9o>7FCz`B#Y|iA{op)wWaFJlbM1~I+mx$}xu-W`k7heT5oBQZr`jWvVcP3O z+S*)@a#U%yPSkaZlfi5z&es=B4|r0~gc!Q@6SI;vsvz|=*oCJlAZ1H*KYA5#VJWMG$q z>K71qu*zcVCM9=SO{K$D4h>OG5+x)t89i?!fH{R8-x(JPEEGWl>+=2Z4yw&q-!0== za{T0WX|HsW>wAjAULdV3vg(bH^$9HV@k~SISi)hZ4W1@MnRNN6pj!Ww+%Qszy+)`k+dw9BKxUMjzImeP z&O&*tPtzw9%=1a!1T>xYci2zS)&#TS*L zQp+gEG5Xq15Dgeap3(Dv>$w~ZXPZ|6$t>KS(AIhl~nt2I+H zj|9r71)~oF)G`K<%e&oLG4yN3jrm<5&3lVAonQAdV$p3A&+ox+uj}^wa7KNCHmqGS z9$b)*Yit5_j?@ZXT6%&tBN`itSFd?shtuy%V+3I3ax_1*-Lmkd)l(TQfLZ;AlNuJ* z6C0N=im!c9dEinud&26_GL00N4uz>u|9JCMir1#IBAd*7rjT%fC0mh}n!516NcxtD zTO+LJ=iV>7wK`Dzv2-uzp^;PI!!xBnEWNV(%bGVJpcN@&jK2QLyBELuL(jutwux(9@1;G7WN9Fi&g z^4~gvJx)95`iwH`fBv)xSwmCbI&CxQS`5s19wW8UbqD0$^>u_}j>r@SqPxxYZsmKl54GfG z>mS1ZV>VREi116OUuRLZ@T{etC;t}T_6>h2ZDR6G#2F0AJ{yDt=Xa5(`Z zMcDAgC^HRpf#MI+K?(5$g!6UQf0B~G1rqF#&k`o*FzX5HF?;(04@sA-K>YlV^#5^# zE7jqtuM5%lMckfzm-~X_iz@TP7`sz_rYd-ARNCJ6MQl9i9)z0N$&kwC-HLEekkFGN z{EKDoKs@37|3Kb~T2XHzC)0?<0|l`beONGGF@f%UclRb zOrdsEjZM;^FmbQo4SsPxQy|q7-UGp|y{4GhgM4eC&$#u`!m6c5LBl&CeD^45L0c!t zfS^%>uirEsJ__1t^A-9(<$)&ZQG(MV0=r%SMWu@lie;Y^#AU_T)%M;fI4$2#xBPz- zb5KhGaR7&nD7q?}_e-2un%{A z?{~!%|1U59e<=JY|9`jt5{~~JlfQYA-Jho3&*Yj7W)}Mcil9gPn{2WICTjpY77mW` zv5~OCA2&HoU{VuE*x^*v)VX6lIPB3z8DhX+10fd%`OD(vA|^1)G{*A6JSj_ zpmtu5FHRB1SqS{q(#I^}miyiwyrr&8+YX{opfh(iN;(I@0w&;PnJA*w7XXo#2}A#C zFE_#O|Dq_DQ4KbbVlsCs(E68zO8<27x7n&>XlIv)kRP%=jzz}ccXv2h%vJ4 z-(REDj<9({5!*)0VG@=`3+m1{!_OpZAHBtTu=WBN-*=|UI5hQj;&=wtI4V^* zMo$6*62~^-;iKpeyjs~(6?D(V#8Ff?0;Ac={fuT9GX9GdUjG9te(=I^A{`&OLbKcg z@WH_)>A1uRn^Hts-4$#mH~quZwBWH>1^IyV(3p-@y&&1QujML<9|z7)xxOkM-R<;f z1&VPVxd^ai1!4~Z|1~=dn14}Q#W`52=4_}M@&=fWr<{QOq?W;XV-Q;}u|jy_1|Mnv zi>(d+16%P7BVT{}3}wq2-~%`xrh>N62QbadEK?I!q;z(=rCM(?&=dJ+JybBlb>H~J z@=2}`k0PNMTmA}ql%7~e(0`X6dY4ErNzfJF>R;qqxUm9FXMAO-1hzj5Vi@hsV2BqE zeq_g|FP9Q4M5=wXwCkgPO*22;|1erP_GtHfMq`iuV?Zg2C#W150R8g6`xQEpZh4L7 z{?(t`8=#LqIQCM4g7#Us)tdtL7<&_nzj(FL<(1KMlv4578#m~2hQy0wyI2cS;CQQH zQ=>#1kFq7x>B$dB@$MT+8M{nr>GcGbufmhhi9|84A0;sNQu>zKKJqHKjY`mJ%RvmRV)mLVezw4Ue+oZW(Nlq!=lnx)L?!riUx}L~m`F6fl z%eJ7mvcNd>UY<}GZSF%oGKC15UY`C|ly9$ier#ZqvJ0je7@j+a%@Aj8W}Q7Zt+=RZ zZSD*Buz*6OP!|itMIi=<&KhzwOM)fG zRnaHfzyomgy?POc{ue3Xs@IMY^`Y4Z17a5+#L{+Vt?VP+E{Z%|;cP|iP z_vx1zpsaif_-MC(226{EK85i?kA208UV}(?ppi$MPrkdS5uT?TE|Oq@MymrYGhy{_ zJ}~C4{!vb0%MFf@h!e-P+)Z%@1>>{Cnv6uv z&)X~VUv{=e=&0-0oXsg6S!Ww~ZftH(6Aho(H1m(4Cr8DD4zm`qoIMq~ zDoWu;?d7=38g-~i-6hqDMZM1LV@G*xKin<2J-|Ck`0obg&8d>KX0b$ABPkbizd+kW8;aAum>$zp~G6EG8q?>HnJ9cw>kH`)rW{|yHSq%Vo-#-jenc-jwMTdKZNNq4-~UG zcn2`)c6&__2k3Ls<}T`blTp@fv8xY>dC#SV!as?*W5)sNl<0&=N?e?XvkDJ)L#rN@ zqtWo47h5Oq(MpCEd&kK_o3R|AtrF@DE)AmLOYd+F#`gk;GZEo}?>>{l>0HWkWcP_W zCu)<6wU92V>y3|HPRtZ@_!`AP?MiADS^@$J7(b4z5_baj@dv>VgSb$^l6^GM)Z$MlG6E^~1BdlK#aU&0Dl1*bHoDE`*j`?KiC+8j*1znT)-sl&|@r`LR*Uf3_(r&w={ft6_uO(3q`4Vc| zCffTNEC?}O^8!Jl18Cho>S{^r2*yLg%yYC@GN`*74ECrcv3rZF8%8&=-QpNAG%w3O zs^VSf21+aPdhjY@M;Td{sSye9Dyu1|K%^bi+HSZ)nVXcdQAo`Bq95f7n$K4qHxJ{GZTp02L`waKNTd+;v zFG;Rmva7~iUkiP2AVoSw{dm+>k+lEX;D*#c#IxQ@O!s4Yo7=^rJijI^B9TQ=zy2e5h{I)FgpFYeB8W%ez9)cHFT~U6R$|pRiUASf<&)Rjg zP47``-c=tBolNDgxLk9tP*PjKj^(`yS*!%B zEe!PQqGnC-O$@Imi<^6>eaj8A=|O?n*IB4dt92W};MK2y;X!}atl8{x)fk2q&swJH zluy26g3PVex15&7VaYnC`x7UO=Z(ud`K?ui)9J_u@604h zsWWQ|^1hV)cf<$zDf98{;f@cIhJmm%osN_cKswk{ySdi`y`LaNwajvRQ|SiV56 zue`7X@y?uC4DlZBZSJ{lijRb*SzLZ^6z=RoKD&t&vtmXe5$TiVZpCeMCV=1c-jywz zr%9z7)sVFkm=)~})!JCSSBu13JYfUez@s_*5*=3ye;LH8?^}LH7}k7C!C6QVInKH# zRdz2Xu*w4)g$hBV6qMH2Q0#4<{k%F$(kBnktJr;F-(9;!QV**{k z%{+?_wJsbjE9k!C5x?9sW^nyHk7Gw1N8dRQ`OJ9%<*jp~3zm|Wyo(v9n-q`A?)sRa z{6+Cdk@8RPTXBb5ubYV4exoilZGgQ(C5fsH+OiV}mUWsTAHaf8i|)6lq^++QS0knS zey>{`6!Sf!bp1k#E?FUu^3!UKBeHn4gvEi0dpAI4rWD`vY-TVd@bF&yrc}PtP?R=> z=rils6!|xj6}3M<4o+Aq4+42f&wu`Ao~gA-MXL*O&aLggbycIt=w`9;N*?2izW(Zw z-I=0&IAjpBIrA*f)!eiFML;_Oc&CH+)_d6-wxaqH@Er@Ok0Oh?Cgc}jdd?^BV_K@wueu3N+^uF!+t=o2Jn7_M zhpj?vpblF-A0uP;DhjTG=Q~kXdcsS=cQcEKQQI9bJ_Z8K1ot+|MvF?9J+{)Yd^|Cz z!0{xiRWlYfn>fTl*6C-0p>H?d-GbKKjnM(9fK_RT<|9P28x&=b3ty@;fasdNW&^YD zd1{60GtWtJ$*W!riUxlEP4s)!%MbgBorLcMtq9nN@}z3Tto{!qZ)Q-->m%-Xk&4>w zeHO(g$K0iRQr+Ms|D%@-NqWtGap?Y(A|=9ynbdd)K6SBMZ9{&?g3^!fXBAICzxvXz z!Pc(R=JLtg#l7I=tVo!Gw=~UyXW3Qk+WC{coARJGuPz$Oy=&1XTB3%rDUvhy)yv^R z4zU$r07LU6*U2AzRH(=eIZdlf4T?My$-tp|&5mr+S<0DmT zQs{cWCHTgmRL_NG?i*u!+_CQWDu_f+$u|toh&Y;rxQ3YEc#YuoH_gG@o-?<=q(y}; z7NIvyUPehgt%xCdSLK38HBO3yTze_!{h0Nx=Uij@9i)hSwNf_j1)D-U=a3gz9~v|E=?IW64{hJ2E$=iyR{6EW(3x3yc{-X45SW7`nedB4b6- z4iEl4oQ-}4pE=Xsv3t-AJ=>ylgl(57f`ELE-D8@^I&&1MlaLslKeg)ygS!n~bi-oN zZq#0#ujkU!lKnR$n94D{2Cn$b@27gY*)`_8$5PWL9WO3ZdXlDo9xJB=AYNyGlNnCF zkx~Hc2^ZnG(i^PT@W+mx!iuR*!?f?S1Ea9{6w+!P%JM!lGwtRTkB(d{1;OuCg4e4p zc;ObO&uQ)V7tIf%U0XER3LXP?JSdno5+ij|H=(@Q~ zy`)$NaJ@adyIN;uJ^5i6Bd!@+C7!KH5qd}@1EzIGIV@bKj8h+iT8iEMVvn;dsk5yX zF;J(vbJHEQhHvwg>A6)Q>?5gKBxuW>2*?g7A_X*mL!FtMlJIoGT2iwCagurE)r5F4Q=n4g3G+OiQ&yv=^4Gt#R}Je~Cs6g@AAY&j;`Bz0 z<|fP6`4DT6DJVtQKJx+nyWtIWa@~LmbBA+Qo77F_EOf6FeoX=__^C1RIctBdj1;k!-GXkJ4tah`{2wt~~{+Kjt+aAeWKW0|dJRR4#8{ zuda&)^l#&S<+Tc&ee2x__prtdI++oyCX23=itb2|n1vcoyh^ZV*NXhK!Wg1(V1D#_ zA9;$Ja1D{PT5uXUtKm%i)9RD7S75pL#r`SKL$6Ruz7Bb67&qXz1GOexEKB#B9K)Kk zWx)xuAz7Uit)7j&h}mk*vo?XirECdv@8No{gM43-WJ3}1`5G-_p96ZO5c{7h$>+zjI`YIsG}=Z zl+Kja*z2zRF~3xsKi4Tsfq!Op!hu!htp+m>%tO_+R%&Hd>@MRHi&Bx!*kv+?ze)5o zTXu!dT_Y_rDJz_Ha_V?mCnkx^NJUD8bS61>;sCSu!CC2>7DIw1A3^#%jP6?lcBXV< zlITw4y{e5mLCS-3{iJfn1;r+;sc0L>y7?rj<6$a~&E7!ZwsC?o{rTYKvp@~P&K_jP zA;4l_c($nZ`6o(N1`PHtE_2qfqHW8fTU}@|sV7^ZP?8B*y*FQC-yJ;2)i<;bY&)-- z=kvw5FA6It`5YSy^NhR}1fpNUwL>C0nJ|L3OLJcuAA5DhlXjSEIxlJc^3l>9Rhxx}s%FsPKaano6C0xA>jR1PYkU zVl+HIB8z@fI=>8^^poko$!#UDa=($jeHj4utl|3xA{?tMT4asfATClq6>3okK9!d7 z;UedhKGX0Q=w#oSY%MZj461VFjn*G6FdSWJZqa#rqySc@60ATruY~bS$h1bYa8{>) zZuzQt?DROY>4oRAVOk&ZzAW~hFZ(lDM(P#7-p{gs+NOT%JPG1prk!?HFpPONAC-zU z53SWQe4DZq!ZAGv9tAO^j6ON3xscxFs?BLF`+kj4Lv7id$6R$y^aL}9?|{)6`BqiqNix3}=uVm`uc+lP^k=Srvr#+l03rNY%|ZTF?U zJ>DiRPzEFFVDMhu38#={dmrF94EA`)nY~wb%Bn%zp#csG!wjtEb379uT`IdB_HJkI?y%_d2JtUM1IB(eYq;Ni)61o{ zwD7gnLyOqYtXGiOTTwDdkentt=Eb{MIUU2(?BOo1CFOjYJc6&RdegL{b2?q; z+(+wyT<{`jcjA8cYZyF^-$D%XT;)jS#%Ctj=VO=&b(C^j2|JTRu?qItc&VE>0u&O{ zrG``Pp)sbh8-CZSvtF&)C|pLt>o~#^LRY3&@agUK5be3w*P6j5@}QF+zqlEn)<{_2*&ed=If{g@@V2y)?<*Q?AeRv@9D`O06DRLa=`x8f1C& z3zNBbqKn_Tcf*iDj6~vXvl7S;Gix=NSmibVuN<{^`I(;sx-^Nen zv70Z4MGH@r!Ag-)YQ*JBjX%E#xF5UcdK99v#(aKih?f zwS_!&KahDpP-UB9ac7fmFz6hGswiH4@Fv-u{kyIdR}c90UwW=O&@aF+`+|-z;Rn*OW zPxb0^;=8%Vi4Qe#LTsuFV74Ymojo;*JU@1|lUVn*$6Q6ZYISjW_o_r`Ua@u#8KB1W zOD0tDyU(+PV&1o5w!h0e%&JAP7FdV8_oaO03s&P{((Ce!1QINGWIlUFjP!F8_#t3a z`(CB@La+5&JI8JU&dhvxvFu=`dv-g`Dq1uMF()50tu&PQQ3%Hm;|7;G`C2`RO{0pi zI?tH5t zveGN3x`>+@-nYSxou9OsjX10r+)wCTAe#Py!9yT`Yt5Ku$wm5BAj4tUM9)l!J0M>75-eLDQK@Xr!=8n!w<6>HOoGiKzo1>O(m z<{EUF&w6@mnecV9UBzrXldWM;)Yhpwm79HexfTFusZLv=zI#PGO$y#L318*1>0Vw9 zaWMSlA-56NM)cX1p>=B#E2=bEl&}TS@xRd}V1%WV^EtpDKe_pM4M;%~Qo{h#jb`)tWPth%IKDw%VTvIc~q; zbrfY+OUf*e6Wf|f%^}Z9W{0o`Hc&DqFG(t%wwdOh|J-{4<{f=3LPTy+&)!lCUQ>xZ zVT>ZIpa6U&u}>$NiDhsemLm2|S2DCqq*)DxZod(#L!wb6q<*{FSv7L`8^X>g?W}g2 zB*Zh%+OXN<(k`wG3}s|oN-1#(1XkJ{`}EdZGueJHlg*~CkbrOlMXtz~;f~T$>xIa$ zu$7JPUKwGzd|dhsYTahIp?M*d*b_2{*uYVSa-^={y@~m$e2IX05{;m zqSVTH%$iB)bANZ**Y^iA^5EuJbeNS#W;EP%z%UPZE4dgv=8ufJ{VhPVAfR# z4Xwo^PqD5V>?|=0aapYRt`j~z7$4a|`tIIAx0&10wuk|yZS%U*Q2)}M@c?2TaQCI> z39Zk5ztyW-#Wu zI<~~cCz@ps=8J=!ET6dT8pOyq@giW}4qr8EV|H)lh7G1N%}m*yJM?;~x}d zR#cI=ZL!GvOe(p23^a9aKBNKhX0%)_ohSxptB$+zrU6E2`AtS_3S1D5Q(yrtoPEu( zN)|s+bua#T$VF}#^qlNO>I(yIEkPxoO$!54WdFT$12`G=~=Bk)T7QdO*HD>xJfiB-GSvw^_O zMb?W}$erS_>wf%0dpEhVhysqoyIOsQsB4=VK@k(ubI*Nv#EWc;SvY&v&v30zE4@X% zb4k*XRQP>Lt<_La;`f)MSFApS`tS_Nt<2G-HAfVK*O7Kq)H2U=J&HUsA$ET({1pPn zKBdEw%<^e%>Gqxqxb})$3;R;sn8~R#7s@~?p#ra}N8QQh$+OYclPtzG@!wq9UR#sB zqx7p0>DOTX7F9iU^8rXRt7A-UhjVxDBj#*CP36ed%sJ8Tab_AzT!&i~U-)DS;HP6> z8eKIb!_(31>vJuz8QKBG@^#j@E1@{$=0xlCMyU@&nfzhPNaLB9@6?ir_U!s42c3N=SndL3HzY!ity-NCOM1buZL z#>Zt>M+;M7gP$Je`CMQiTScJgg(qhpneVpV0LpOFin5`w?%V|BAHsYJ}KL}1gz6yfdAX`?e z5neM*RCa#~M4ZHygQ4OZb|03{Nch}a7O`T>2o{2VBx9f3eT~>^E2#tOE@}WA*Tx5K_pv7PId{a{le+F67HGiK zZDsCdAi^%?K{O78*XY3?Gv(a}h+>VlJi5hC%lk(22@O*12E6nD3^%V%RL403so>b1 zDD13iq8i=%SCNz~%t%c@1a{Y&Uo*vxs6c-5A$#GKYUE%q<(+m?O0D;PLJpCTJX%-v zdkfj}d+m8)Bn%bX;?EWd3`+q`sI{PYkN8x98CMbxtg33~U6QQ|v^Bh!rEx8G@D zYfadold@thV?7z71y&u(~S ze&O=EeQonwdbRr5G!~lp&>x!5gdp!Vcze3Qe{@8xH?&Af=JX_UL~8|JK2=Gm#=~Hc zOa0`+wtaIL7pl>h?CRbC{xQedXNZA(Y<}e+#H-fv;jQ5Yq^Ul%eO&Cw6eg+DYUL%V z+3bSKY`Ex$)0rO^Uz}(RI1qa-%8;L4fv2L4Fr~I~f(!R(*fT{N&v!Z=aEq6BWsbLD zIfp|9Y9*FlJjCfWd!DyS`zZwPp(C&_vp@m)T@-SC|G4!CZdO$0H<)uP5jz|=xyGh) zSREqy#MJosEwjtqUU-8n_O`5*wV;>;6?pJ#x)5)Bn~ji~LwQ(QxnAU|3Q+^&YjPk{ zBk;1Xi*QgYov`g&lp}~SYJgHUkC&8fdQ=m_TGq|v4_TCqjobUqM=xSIvEygzd^-M0 zq*pEBb_zG1&JA>O9i9Rma|x##y-UBGw0iz`J=G|}_$`dXrJJ{cdB|JN!stTFX;T0% zo@Ov}2uVl^89`q1!%P;`V14Tf6fs3c0j^h*LSjZaq!b}oMbbOe#zk-8ordnwswlS> z6Cf#Men%MDG2fZdxy7G_=EFDC3yh^iGvk2`voNqf=}Ra#J0Y4pKl8sJSZxAIasfpY zB`K6Nm&~GTm)MxDspDdBX5bnmF357N|cX2T}PW1SiPqsHv;Ksc3+xEiQ!qF*>AWT zbD)q;J-X?hLC8Kkn&>7rX##w6Zb)?f+ovQ7TodwwWujAEf?;c)%=6hu!;t4Tc1EUc zb;I>LPcrP@k&)7Vq+yp&^hx0s@ALC+0dm70c)M&pT2@mOQ^FlU z$`xdESlD6Q1wV6IbhIEgKkC~3By5YEtl#RW`I0-|xKU}gNfV7qg8b^Ca?LVM?=M(p z7FmRbX%(ns3DvIMsMar-qVB*8601r3QyH=lbW;m5PRh8Z$PfJC~CdkHlsTKkk-KcEPr0oxN~63oTPBAX=Jm-jTr7!k9xo^Hk`ks z6!|cU{I$B?$%PQCH*XQZ(-zGtSzQ)rDIWroNMbo8D_=x)EQZv15Q_*(t}1GPHD}S9 zxu3n>X)rpu6eem>x1-YX9il;Vikclt;2*7x$$}z&faw@@6#O!`fsTt<&1&Mv(@jVm zMS+LwLFAEq8!rciT0t`h`Gmd19HjRW^K8b-gk#vp9buW?-{WC~q^9msDo63M&di3H z~imj49CdY-d<0eg(m^U2+(k1MwtjwO}T);fQA1GVkXg;F=F)g9uomYo+?#6v>4q9x3)-Kc&jRM#nngYU>WYyxugTq))MonI$ zf-R!a#>?Oi`@T~ zd$-Or@W?&Uf{(ngs}X+!+$dvb(dPS{GSd85V1aBuX0GN8Fpv2NTl;fO54&5Vg#g;< zy_*|f1irg=)|ytxkka1F%=oV8tUX2!N`3uI!}>EMQB0Q4{S`6kqwB;RjZ+Wgm^sga znRf3s2~BrS;;wHVkza_T!7fUNZ9OUMc_btGvV`10_7Vy2kb+E5Re8shP%2+5!A7i3wv|)r++Y!_1&@0 zG7@DZ%OWa;JbZa+L<`x8>{aWY=e}Flg#1TgF(89QM+^PE#x(hb-_i7&VipB}ty8j( zmP80bv6Hfa1)hq7!8i%%5#A$)9N^Xnr|G5pQTqIYPwm; zV~dZ-!RIL}gjV))pf0`%P|#zaA7QyJVp`;4s@D^ z&oVB4lD#Y?^DdsArS@802{!DgjSIW^``au8yoA!3Nz0-6}N*AyI zK=0~D;69(eU zPXx{v{>$&Jy3|iuh;uFZJ$aV885PlEU<9HV{8*_*`!_BzpR>&ud@r!akv%orw^ZYR z@8!ZGT9|un0vLG$c8?;UA8HxtON2*k)Y`uQf6`qwT$W>{kn3^T&T+{~z(W;3T_IY1 zLqmvHR0QMKDN`+e!K4bfjWj%e!{7jHDHMhev-)+HyiFf3l?A-;OH#cEwEh>iG1whq zvt9{gs(P;2DPtIJf8k~b5r#>{Q0%CNy^Q`Rd{g?0S(TXOWD;mWoPqpr1f-1X#=@N$ z(A^g*K|wMYgka?H28W;b1oe4xrJfi(k~o%14CR}m-ENR7OM8~Ecgae|OBkfc0%+t9 z*@%j8>*x*k?GNjGVS;jtc*)JJ33*D0)kzXL(Yt+Lw~Mb>=0`4^a#=^XXoM_JFCH+0 zORW^V8D^6_D%vaNJy*O8O#X0Qem(8BE1g*09=GcG`i^j6YmVYrR&B42BAgo$gH96&d8N4_vet z^v~K~>DGauIv9 zk$f3U5@;=^Nr<- z^7AT=jQ|I7t09kISzvk#E<^ri63^dEqVN28q5P1D(K{9l+SlVh)Ba1QyIY3X#<{C8 zwnp+t3rU*7eF`ue9GkXP0mITW{q5ZAcFu4EYIcBV(wBsvZ^#_}{pP}c=iKH`?^pC> zR#fA|FR>*fUx209m$y)CUkc%nMrX^F-_vbu-f%LL{xsxIGRYlD|Kw#!ivjZE-aVn`<*|SnDAQ@7FszSJUzD0SyMdQ)w^VAD z2XR~Z#&9YE$G>SopEUdEmSXO_An~B2koA=qXH5Lu``|Qod_14OqP4GA;Z`o%P~`1% z8CF?>pi!Y`0SGa}53|97JKG!kjRE~?i#r}H3c*NLshF5+x#{(r89RootCKki%lrGg z(C?Q0C}+gSx)T-ps@|1R>9xg+71ihOd^nfi?asTtu;aChD4D5Ep>!;Mz6yR6(*FXQ zzhRH&a(eT7l`Pyoh;b11H!S+q->~RpgNHtyN2GZ|u2zKp?$^hU?-x)RSxsg&{Mp0$ z0PzoOQwluI1`Y?IpQ*O+w@{@6oxm5>ST#mSN82XtHV-0X8Kufkbppc*71_ZvZ`|w* zV|Yo&yGzDNKd*E#>`p;-ndyL2Tv9}EgV9>b;QgO|tpuFg=u+7&2yUN9dY@s=R3Ahv zcnkmB8r@Jk&}=K$sZ9EM+x7rD>X@cKb@*UC->B*xVzH2L(5ifLywO)G{BV2KHtvM; z(g9aQF4b=Z7E!eJDfN@=hH>YN;gMx=oMoDqf;B1@ndF0FNXgF;Og@lJ*v|>K~??3?5(gC^t>!LsU7@Ujk z;q+lK#-oJFE>o~%B}VNumHou5+V&=MJF%BwYhH#CSqM;YVj&HA)3fAiis~FJiFqd8 zxjrod^x7-VullUmKJn_A=g+>-{9J#X>Ny9})8ZxMZxfavs+zJYMwAKT2d8*v_+O z8`^Q>vFJU65Ih9b?C|6&?2(j!;!l-6L1fo|_r%daO02nj_c3;-8VPnZSOX^`U`3jB z1V26v79^pgH^mexX080}47HrgQ0v(~9Y8f-gueSxZ}PKU@y2*p6D}j8S)m7u52Ncj zQL!b$KnV&Bea*#%_mF;z)Jk$vUcyInLY*blS=D2QzHy@Wu{Nti8Hx6d}7ngEPUi~k+-Z~)4 zuInCFxe-MXMM^0F>5^_x>5?2eq(p|2&VgGI5RmRx>CPdPVHBiGYG_8fn;9CuGv04J z&-4Di>yKeDxQ3Z?_FjAKwf0HKpq2J7F-68NGo_1r(*F1{I$SU4y}u|2heGax6}i-B zbi3c0W4H5r|3Dqurs$g1v5WPv%RKV<&h|G<%U4X=aD7A4Ei&273Bfm~eI^H|ULV#( zyI{j2g5|QIdK#6_@pTHdlzOuSyv5{Ug0$j@%csCr(G|~Kx}?;avz_1fb74ELm^Qa7 zfh%yZJW*%;iC&|=rcU8m>YAioUw?STo6jsh0Y_}|0T`mK>02X7VTq!y%sQo7nwU3C z33ZLSr7aoXJV%@oBz=V-ylX3!^CyGYIP_wgbGD9LDG}1?$81ac0nR({Z&y6(f4zd5 zd>yf^_z`IPzZ<>xe=j$LziHkkHT5k`mlF0*;d}M-?+d!Q%_TMX;gMzGGU15IaMD(b zM#G@p%JDN{9bW|B^OojeuWz+n7*F|b;Kx{7Ei@YS9In^#@HtwEIgv8EP51sC{{H;F zIo?Qp!1o8#qCUo@t~;Nuvg#DP9B#~RfAMm3OA

qS=DWB5*0!vNBQLx&0pnkm^)J zU7wKH#f$ycyACEi>ng4BQn2eauLo`inR0)Cof6Mx1-ygwL$pHen=kWXp*pZH4n+yAOPENpcj zmtlY2>Cv_OoR`-GBy~;bPn^BxgBHiWh=K)mgK)AG%!h1UF`aQ}vB}8F>T%}#5dJ^N zjr0c~;s43|k$)VcnnjEhGkLdM!7rk0FlZsgosgWF&zAtaMvN{?J@+tI=Da(6bKk|~ zcIiBqVr(MR;On0OPZMF_k-@UB2j1f__8%*dLO#dkce{UFE;-tTs`Tdx|79^E0;Z^DiM|-h_QnwQ6y}IW zOgSO!e_;H91ZOK7&mRcdF+iQ6*V^{S-5SpzdU7ot_eS3Vf|_>AKd5K;!#}7;cgZ>O zrwEVXpTGttZdAoq>w%i$OAQzAUeVa#dH~K}^#8uJBz6B(AOEo;{`vNc0Hb^myEa8Q zZkw=0z(s;__lt40{J)l@4qfV&e^NR7KdHQ(_J6X@|G6`3@5}#*H~(?t=D?7so%R{& zkw>^%B|Rd0kNyAm1yW0TkQ~xU=ma(bLl*EFbQS+^X#bCU>dd;`|5MNOHEVj4{r@@} zU99@^kYUH5sly8Id@=|d4#<-94esbrlz^R(Hn=vdRpWlHR^+$C=4h}8tvaHgWm!Dt z?c;awV)NvN5rWk!N`>F8*wvcies+i zKF)6di{!mX%gyj?(X3kFSgUu*+kXvK?sXZj^s_brbqk8)bk!8T!c~{_F{xVA}Vp%D~OSYXcCAo_f z5rURe^gxz!R&2Z(r%fVH20QRB=N6618!xKi5F*x~$sLjeqOq%5wIb zbNL&uE{`PHAtj%9@QrUah0(W6IZJOyz3NLYK?(kjGe4Pn4TtKs{Cli^@ob`2#E&gsb##berLFWo^dnwmpr*u<20&l*44l?+H?=) z&od<98oTtharEB#3HEtyi2^u`BVJVu#x85fo#)+J&Dt zujPqVJe!GffP!(=g%Vn={fCUg0o&7OTx}1JTki@KT*_CG{f^!5_^BlQauREj%_`r^%tt2PI0&f~5U68+vohxJ)sJ!(nwlb2eVM@JZulwo?{SV>magC-HFW8RA%UTZ#+4|^RUVXG=6@2p(M!b87rodI2q+D8* zLANLd^9`3b4ka@~;3Ay4`^1gG%GMi`by(#hUs2LcRO#f=Uh%Go`6jd!s>iw;t(t5s@FBRW^CE-2>7t$~TwfiRp$+H~i{!DJY3ucpV~FoQpfC+^me!C8?`+522t zY0DLxtb*riwi%=rQdYX3JJFW{?*hvUM{h=W_MN+%lJSw#3p@Sj-;Vcj=xkAldIDSO zFX9`aa)%a$HM>YmHMmls)l))ME{#!1sy;5p9lP|v?99_Ffr_bl_88w+ZP`FHKa@Rz zLtc%aCz&pbik_ZQ*q`s!YunjbJlokB=S&thyT{^Ob$<^%@ecb=>9#3Tr1!BS% zry7j^i}@h<_5mbIBSM|?HP!@;PC zoWpvec5|j9kt+>Kq;5zT|IUIV0L+A4zBYhCyeKftB`G`irJ)jb&?a^cxqTr!y|6i4 znX$GAJ)}FmOYT93!5pS3+JQ3KG-N-(>}SqROGtNg0tYg9Z?U^bm%rMo_ubk^QNbqC zW7Dj}wEF5TaxO>^DvXr-w%%wuu4eH!g5R;}I}3_sGSkGr1tz8b036nAwT-l~>yifX zXREYazUDK06;KXd_pY(!GcgRiSk8I`m;C(sbG`RIImli?dZuiVt~Pki8})R?HSP~@ z&#sy8n7v)Tcf9dn#y3B(iEJQ}R*?KfR|s4v^pU{(}9+wtgJ+9qJ#KO2-Zkx*6~q>faeDirm$iHv{o_{aA`Z; zRSEUZ^UQ?gJ>|5K-KW?s@lV(cY7W3V*q=RrxbNK}P4~gW!B8Hiuu9bHc3bgkIhm=Q zPL%i(S_#_;7?v;ozT@&k&d0B^PgwQJK30Ao%Tm}a#!e@mujOLXR=+XHT5MG>Ob9bz zx2^jG)D0`w2hJsji;bujYql9y58isbh(`4=(HIyZ{VqDSudaRGip@nrZC6}Ap4;?a zgz~7}8ai1#yJw`8!*8RicT?1?O$u#2(uc;sMfzb4U!gCiDuA5p0za*8L*umggGW<; zJX^LH(rNrF4Z$5+c`WsKrLs8kqL9mI6I0~%&~~ak@37N`jLlI093Bi#iWG~>yk)=1 z(J5}7CXsj+Mk5Zh*x+!Um;X>}g0$R?wT7ZQjv@Z{$62&QJVNTCun#=pXO(|N(ujX< z(ryWMzenyvSG~;nJ?K`FM)t`%)MP1^A%n@|V;q-}Zo-SI*SwKOdg0nRd!N&7tkUpa zWXY}SsT7fmEmBqr&&1feIL6t=z9=_tD8lM(P`1m?m6-V(6cVzjU!X-WJKwgb;KLp& z>i3w;yya+|7@GDiejne`&sIzFtF|g6SwoPtlo}$ghQMKvmBnjo^)()*nBDOZ2XPPE zZtM0)8Yz9Gd37R--p>m>f|29erx$+po;(8bC5&7tUE3_}pGrl-V_EK~61w=M_EnP* zZ;$&vRWWj!9g33H8nW^SJa+odemftVMByTp%NF|=hkR;jEy{qAA`G;<}}=FQTEnHNOG zwMuFT(~P{lDDErNEBni+(Z3^mk!K0n8b}bOQT3Ap3M9;wT`4&z%L!R*F)ki;G#u9? z^8A#_Q*F2PbB?2?sO(R3Y3eUqWWr(5zJ$pN#c!zbfZysE?>vbKw@u@(ZfpWjeRcSr z6UpgU!@b)LwRc2Z$yr{cKR@?zANDCJHPa8jw~^wsd1BD9U1fJj+jC+2Hu2I}p~=s? z(r%PC+!mGc81j+vRL7qql;?e8;sH+}wM-#X-{)Z#c*g02_8f!=vtS!ftaMsr%yPpv z{b`$D!N=@dQtMheD$Q2L&=iqOSrr0xNDEWw>#t{{G~=n%~k;y+UNt;gl^7O z^Uh7VC^S{wcJ@=#?rnEcDS{Ud@d+37+N*!A4h9xXMa9hfwMR~`%wT8)0#tk)lx+6X z9k^gdU)3KY20CDLVP;U|3+Cl$W8M<@vNm&QiXMI@G6%`WZuB+hg57*f=6~l2F@3P> zOJ8GN+aoI;!P8J#cvc{hEa}dE<(b~Qk(%h}yGO^z#i*Serum}|nQ{4uwa?Fks&3pq zqY{>JTy_1paNU7h&$2~h@JpS<@1(TvTG8#61L~A~N0yi?3WR>d5BKPLGPd8YkIK|o z>t)+)M?u!RL`__ao?qkJZkC(xMWxXT)0dieslD?4&K`s(?|*FOCv2TJaozj%$*cn2 z2;OV&3O4{IIQ8pwAU&xE=Wc+R)qu}z(7lmYOM1Rq)zhYCG;*?ds_(L}qFJ-PbBEg` zY_g?OZu1*_`-nR-t71x9&qC}_@6mNXK2@^Jq>!<_Q`j%Nzb7s}e7FJWn5j{#il~}? z?wHrTU1Q!tKGon$ybnju1!m#_qPZsZk|C#^Z#+aLky~%wwAv&4`=HS`^Q|^u>Xzpc!Fg*Twqf zuEu7anC<9AWnx~C?RlbzikQk8%x3#|@XU`T$SyZp=Q1kf<$#4c+-c$M_>^}z@4-G# zrRVmubSc+6W>FahZHtJio~)24^O01dBWIK`r~X1{Ksj22c*Y9Z<+At0jJBhDS@jI9 zGlCZ-sA?l$Ig~=0OncF)2Q}-IQSMB$GV3*~m*sK=l-8y&Z8*S~+Ci*V(J-cN6?}0e z^{m?uBSl>)3f5~0fwZzP*j+&SAk^JLw2^M@GA3d?239-|7`tcP*cOEx^u zErP-)u!^&HZAFa;NxLgKj}aBZGrVeX&)H38*57v}uoq-fy?Zyeq{pCu-C);^5qaG^ zfrfN9Ywf5Q-cPETtarwPr^ENZNNmh}yNvev#fASnXd}P?`!O-tb2OS|>tDnT^Ly<)07wS;Cqwrr7hyzYMf%ZY=mVF{a`M`@}#RrZID z+mDP;B|C<2a?mMl|LUHmv+d?ES*w#Uu_0<>q=HV|y5EVpZqV+g-1kV-ax6aj`oB^T zBspHYUnnn*A7Om9B%%sJxR&-7yl=vxI@&?Ck#wVUx~69eWT-;Td3RC{Ls_+Obrh!o zq*#AYrlr@2ca(?gLDNtJ!sl*{(4aFf)c9ROH$|at z$KtuLlN^QA(Rw+O*S;hF$Z}L(v7Bfr=jGs(=+Lm8tqCetU1}>T({Vf7GXHP~6eb6S z8s*~dTkrf~(z56%so{KPqK0SO!rhB`4fdC*kWBrrUXknqaKBb|#eSx2B=tQwh!26+ zvD!f;)<*?VR1)O9ZB@DZJFPoEz+`=Ggu=KA?b4`Ew(W4m>>*bXNe9=a=k{Rk{iSmW zlTzQopOtHGr<=|RMwSg3iGSt3Nw#l^;%{oR$YS&f70z;Zngax{4Enm+1p=53aSaw^_5*`L(f^xP_pq+zqNB^olAa!X`$WrlR9 z?J*zISWB1u!iMNX@9!BFFDfiMAG<{RRE*asF>>xE2U;V0+DEgI-#H9tXgn^ZUSvt- zvuAjCmop}M_vxWE_bN8VtHHF?D4j;5ZzmK-UQV*biM^OYUQtVbEJF^Nrzp=&+aISR zdMaP$>=rFZ*=s>4A=6LHlw^|BEjJZx^RT-u*5pJ`yMGIErVScg@Q zo4qf#pLEGN@yyXGeqt~Jkz*0O%)_Bsztg=|A2+{VtjRdM%ieA_z##Vo%v>A!Ad?$L zR$;kr=w32C(1&adBWvs634VE8h0mTDty>$V%rqLFNX1j}Q>$ck#kF2=X_OdH07318 zW+U#w3zaU@^xjeF>#&Ql{H8cKW!HGlh~-3jX?^FQw>JBislmBBg`fBwH+R@Gj%NlEOsJ`=$mRe@iapdz9Mu(C)6fzC{^pZ+98_IWj>j#SH z1r%uQKt$Ipg0R|SCeXW&8D52tYkfez$asiTGS&7dy$_mh|16_0+-N9RT>QKV8-1u^ zJ~yVE=qD$+kRiD5>jo>2gSNVW{z4H(!d6b*=NXPdFgE6!|Ngn9sI`-8(xV8I;)962 z_SD5vE{zvxOs4J$Xoxx=FiIBf#n>_E=bu3*+i2tbndt=Y_GcysBB-c%G{qEt(v>=Jr=Yn4#uk{zd6Je$iuhDG}stIOaPk3Gx`)biV zW36EgO$9ZndSR5@XOUOkksniJLqDz;fi5Y>29kQj3NQpwEqo*6jHY8!A=N`%Ap$}Y z4&4%YQ1|@U3@n2hq_9Y;m4UKlFl+&c4>al=x!gv4nLen`3sV*J_hw2`%{a~gY4K$^)@hML_jq2aYV}8b?+Vf!bgCf)Vin1 zE_~tnQGCW;$E?(7Py-niQULH-U%00u8Y1c6RqtnZOdaaIAQF8IgZ-(@yl0a0tACr z?#Q<9TEYt^vl!IIrZpSNZCG>)Bno0JFImF!4xtWAuwR*RK*u33#{V^d5c0OW$wEod z^_}TIn`6x=ICNzppDw(&7&edU3(DLxQ`CaOvq9cV=ZdcXL|+}FN@;`)d?HdpX#Jfgt@epr_Tq? zsDQQC-M)O)liaz+%Y^Qq@bfJT%x%9Tnzue$oV^vQG^2~Wpn^WINkGjzg)#3MEx&Mp zWHLJIgC6RR?vOC#VN#oieMa@B8oJ*#i?!5JEO#MsinpXX|LVW=JHGs-l7DVDTARBj z*=E^UUi4JgK34@`Q)bD))0bzP-w;V7MUeJQweSyv>I&9v=+dy8>~fjG~lMg|{&UHeOVC zs>2)y`Cd;ul}OXdb#_~peRAi7sXRL9w6oRNqJ~p$UgYA!1*?WX`BG~0K>yX)d{{*qUeJklpUp57g zX&C!~HE~|`ircHMw4OtVJx(mb{#(Fy>MjM3Nn2F)@@Ks)^_l|#L$YWtv!)X0bb~ym zsHkGYQ~T8yl{(^Gq>}XON$LP%$WlUDwRLw9vZ^O#ubRU7xUY?!nSo zqhfCyEjmY|vVv@Ts{Y=Wyj!B%N}nsEPKb2zjR3J)HkUDGWv008XHfl0v;7B9o&3OZ z+39S*+{?&$QZ2bGSE#DDiRlu7Vbj+VUJxGZ6&<9Kktye02I<++(UAGd@hpq}TEp|)1mgyhnTNHx`a_z_JMa0<$p;PV z*~;S&7!veUCtrbGrfa*IEOglD97oE$hC&dZ1W1q~ou-QN76&aV-$xUw53a|PUfCM0 zqwr4^Bt!UOHCB62Cl0MQP)jN@H>##lWm!zjWTGxsqiqqZrh5(coZ#w<4J zGKG4EqKEvEp@|c7$u*=%k#!ic@7CpnSYAnQ-LjZ|S!>X-hf>d6Du0O7Qu?6FnHsNB z>*OoLnMa0o_GRpxghtC73tcLMBzfA(FFI*j2yI^A{p(=gemNhyw`w; zA)%4A%#X`)nUE@L2$x$YP%|h5e4asi&DvuwR;AB~K@&qWYyCCC$N%qK+FQHbgK}%` zE}cojJUD8+Sg+i+1qn?hjr``m?x91>lz8U5Ddw>`5g1IgHdjYRd*nDMf}>-yPAzht zjspBUjQ7JVASEhgh$R~~nRsG6ne!w|hs5?m_de&)401b)i}Kf{3|x)i4yDnsKdlm? zKh_tmn3{C(h)gKwkhQRp-oDh#urx_oaxm;XeO$T#9WXV=trXkbbYJ#B@-VAFXIe?le zUDc-#qS=~46q_!0?#FgTEpGqqkEnDXVn1tg41zkG{Qlfh@3u6D%{g$GxlF6UV%W#3z+m3p(tMt=2`cKE{{sJ$clV3r9VDHO59#17 z*&pwYN9;lq>@z5sP`nr+dfv#NVlEq?%@iCqyWxEq{-o7FOT);gHEutgt&gEw%jc`o zjZV6ps!n_^CqA-?BxJ0Ul6iSg3Kzv%yfQTl`~X*k?HE>4W)V}pt`1T56 z;pJd8A!N5e&6%K)V_IcLzZm| zYifq)ZTuuYsi)hS8|92fd%NZp+o3LCzJ<#0Jo0&mQnc>Jmkt+*U%o=+S&L0?sn-Yj zn%EpV4jWvUz8)^eKN6%K?W6(lH<26%f4}6mi7<0fw=^37pzCb2c~M?^8V*oZt(Y|6 zC4|ZY!zp<3q}JmvZ4+z=SK-PJ3!Ob|7mt|M7ifKh58Ap&mWUpYi`k&RdQZ}?rj_7w z-5e*#b$S1m>y~vvk9lQ!ABK6vEMz-dq?zplof)uX(K)=-iq<6@Yhxy3J_+C>r8}Vh zyUx%}2Qk#qJMCy9)^1>GIN&(^sf^u^snjm&c>8krQK_!-+l*Af;`zm-Tc5o5nME!S z@%_Y|2^&4n-)8xne(<3AR_tsWq1A{r^u|0=GF(X{D0W8|3d+A8gQ+G9 zkQvo^7iZSbc&>-^2RF=bNm{BTV58kT)u5|n&9r;xV29>KF%jDe8nf4S1X_$=jM(|N zFKpWskmpeeI~Hsnl0Yw&RbE--jv5{vZ46=Eua6WJk~YOQpKAT>Gku~4O`%{ql_QK( zxiz+T#n`YnG0YPiODLX=ytppugKd8oq%ubjMk&P9=;uS zCI5{mL-4|us2x%mixLdzgHD*v4JM_v*uER4`tPim51(wtP_J@|VlyO{yOT`2f`ATE zZ+VR_@A7@2bWd~L{k)eg+eX8lF(I~)BAw?Dhv@!uXOslzu5qM6^>VT4UBjB!c};ap zgMn{JKbh2bXlKYQ8jE>#1pLY~p*YH@*-n4m?DlHIwj2o2*wtgsYy4WFs#&}QxPC!G zUd|)C-^a)SxGx<>+-aiG1k=QdAAr+K=4Pi)9Pi%{L!4d(_*@U8;c@hVXKSV*1h5yV zTJZ~1qOjfiiO+^CWZ=bMs$@F7w67^RR2XvgW#~Prwf(n6pO{-dsh<{F&NTjAL49kt zRb1=oo9(7RXhWHam|UsC^;J>X8OBpq5A#+%m89pTsUsDzcJ6x2!@qI5vQPa@8oMz$ z;)Rc`*BeF_bj2eeepkk8b|FG!K` z>5e4N=llw%SXSpx3#I4kAnU{4x^r(6xn{K5$XLxT` z`m@)lPxG;(_e>9{9oggAZK0sWze9Ie37xbuDv8NlSg3olSQ$&M090^XhVE^k)#ml^ zco=${%xsa`CPp{X))o6xEwL|c5HC0SY;h;XQoqv0UB}u}p#tu2#QP3@%!4?H?Ok8i zGCX^nVE;HXw%*MDeyAwZbiM%FdHstmkq|B9u>Y0~^?fdQ8?P`aD` zBOmrnO7fwkJ&sKe;5G5l&)`99j(xpTrj`3edD*3W5joFXc*?^MpEufr$3Nm~LtD`q zE!&H-u)I3Sd##!uPo2&d?A|8u{a@zqA51OK=S%n{q?INr261TLn%;Y9N{BKfc}O12 zZ__tBW%jlsiHGL|>)euVpgnSG8Fx+6ky+3gTMw3^~Y+sZ?z00-RYoTWc ztFCY81n;Ow>U}buo}d&u&>rCrWYzz41*bkRRau|j)9B1Gofe}MM$sH@1{mm=?fX*+h7X&*8c=a`fd89AiG~Y%MT$xz7CiL6cY}>?FUrN*281op%K2Arzm>^UgtsL3D4BX z2{^Q%c^3P|y*Kn;7P0QB0ig#ml@uY1`t^eO0+VY#UzHvE>Yd)#JhpQ<-$UfI7lKwc z1d-FR&4Uld1HuUCuv?!A1@tGS0YDmbbJQCxz=#+BlT;UdQ~Er$M67~FA8w2_7)cuQ zXYeehvml5%E(~hVE?78vu3Wi1P?CM7BMiBsn|O{*E7vHrz=unz5R!BLy?c31ve=cN zyR0Faq`X)*VCG*oSYGXda%0Y!8y?M8c(gapfA$1c>$Agl3LQ>r8S#FBZ3hy@;j_!g zteoqs<7?~X7uk!>OanR2cz!~!ue^Krj(4y7vdF#TqB5Zl_A5JlEd#pwHKOASIBKyM zXiiHbM@EZvbxZZqIx6WC$`_BMU4|(>e>R8u`0Yj>tk4H7a9K+N(On1jG^q%z0Kq;DN5lx$E>ofHjdWX)rkx=Z&4_oDYcr?wEvS!?V3v0ZT8oB z+1|sQ_l5j&Ob(NHl0*>F+Gnxiee}w!pap439p^Icik7K?jvEVN=|{8IQBLwenH%bZ zZb6-!8MW&G_P3-jNum$s{zh{%)nJa|SXF601TNv+@%yUocFNt{ziRu&c~X<^#<;q+ zQKC|EzQKeyQl?nF_ZC9es^GG_3@4m8Io&c7zDUod=~wC!M}I}T2TPCJydU0s8_V=@ z+65I_GRwpuKL+*)+LayXGukT^rYF1 zIh2!?7@0|$Zy0iPQH+FH6C0g&p)UMq8aHRN6^e4Za=`onkK{|W@X#8%qjZ`5dotEp~e`AvbXwHEW*_MH~Db`zc1#iRE8+n^iU;rlb3x_mdLUwOmT z%TE<4=f@jeN*R_ORa(!6_15n21^U+X*QaBDDiIU!hHPr_ko>gxwK4yL7N8LQq!ur4E;9xnqi2Z9V^+z#%XQ)=~ zmKW#AO|WUN0}5#*AJ`iI`w}Jo7X|~j9{=?MlF~m?<4h@77|YJBZ81PlSK)-FrxtOe z49G%$06qa&ndWSBkVcukZR2=>)J%c)eLx@&EQ^FJOkAhSf{9RgnbNs(j;4zae1>rV zZ;x75?2|qhzk9g?|A?Fi7hhWSBx|bBr3}}H{;Q5Jmy~xdI52?W_kk!7@2|T?^vnlO z!0jGokqiG3cB;tsg&m8;%>Tdi$`lk7|LxZtS}+KaUOSe6hwKS# zIZ>k5|M=_}4Z4ek9HvW=e9)n)P|$7${Ulael3ykbBp(f=xxQy22=0EycLFH!Dc!-! zJ5MpV0;nw0*D>htKs}L4Q+geNPRuELuAzx{Vd`#8>Uw-nC5(F%G#C4{Wj78 z4Z@q~NTWg&o#phl`0s!do`t@}usaUu!9=#grIhgf2kv%XG|wkG(nXiB1Q)QI-MVG% zX++R$rR=XK!>_>y<$SvB&02+@~(?IiQzI22K~Z%?tWFv|=P=)XedX>NDt; zQo6j}Beoy-VT-=qhnJs5ufQd%Oq6;b)IRg6s`p+`luA5HUpxYf*hSu^?;_}G*6o%f zC#1@osYlpN>A!@z9C7Bosc#fT>P!q(=)URGN*lDf8!R8pwuKUANd^?zK4;fHZ`{#q zG%OPNikKuHb((6PGt-^jwG1qJ47VD8_?JmTu#_ZPJE4@^w@hn0R1H<FW^vS$_^DyYG0@Jr*F!~YVPtGMGnQLFS`| zU~?~5l9*1i*%RH5b3|g;BI!*MBZ2nRVX{VJx@wZa)&;l~kNnr7c#Kz>YlTYDZ2?V` z@9Yh#*R)AO_#IlNza2iYKVm&1NFT@-(FI+tCk|_}3w;?XSr#eP)Mm1UL4^baLuMZL z)Z(jvg7Vg(=KS4<fr~9vnq6JmRH)dRKgxsNPx5>iFW9{4Q5_%{7-YiXd-`>~` z<}@%K7AW)++-wi>Dz?QNF4i_tJ6%7M<1{>>lDb%d#e3zlmKmQ@>{FCK?LQQ6vDv04 zW!Jw_Y9yfBO?b&4VBY(+^yt^7q*v+q`#dL<47{j()s?N(#qDbmMqc|ICwS2u6m@x> zbkX%+mV@hHh^#qI(KhbE&s;jYMnD(p22oJnV==vqBn_FUdh6kai#8ehB;Wg4lrqR`m z_x_Za)?z4e+N)RzZ=pX)AqzU0@;#vB&c80fKhJG%`W7$@ngBufteGF+vAI{ZIXTXu zY&Blr*t!xp0&hPUoIkK6HpFwWvtwy~L{TW7rZ~BdK!s-esZL?8lc% z7n6h!aybFUqsmjIjWUFPl>Bj5bI%p)XWTS8Yspf%b-1}Q`i(<5fiu!~!o4p(<(5X1 zDqABu7XhWmD(@hZzj=vDx%d(ckM1v;O)1 zc^gb+GBk<(ZNrm2IzB;y$xS zr%To5TjaNlKr4due$(+o9*U2XE{%wVyjPLbqBY1>AUPKWK{-Bk=UO_ed-P0U&fsne z|1$Vv1VBDblv0%VTnnQl!d~aK7YL~H9K z{5hmnQ1{3<;x&hE2fyjbyu8)bWO&WNNDwmQ_agjEp z)gW}Nc}!>PHwipZHo2s zfhheaMT>N`{yilt)U|$qvRZ5c30AZ@#l6>Rpk&hn>CRMJGv6qj`pL9nl-RYEwzc}j z>%T757^ZX?MDl?AYvZ7=Ct-oJmpVks-T zEADefns|v7pMh%8$q`Zvm$5u|zP!N0#iNlT9gY3+b6*(R@|+1Mv3%k#X9Bijp}qNWbBaC) zep2`JlXSV;L^+{OwAkGgcH%Vr^c2;r69u_^Aao_W=}4!SYEQ`t0~*t|kze7Zhs}pR zxr46{)3#g=SQ1G;&*}Z}Y7k@QqfAiv)PVP9gpU8=Ngdhw2hOXZjcoK`@$p_=)F$%ZLo59iNwMOv7knM- z`~XmR4+ZQ!#bsR#dwJpEMM>%W@7eja^pRR??U9L%BuixbC|Xr}dvmO|Vdm7q1EAQ4 zf{OhHAg1FoqGD^%@8VGqox0+^$p8a1(q0lrctfzL z9UTXj+h3Wlk00NQ5!7O{J+guA4%O`PUQc1(&)FOF%`h}S@iens`>9EJIr5}YtK`Fl zW5MXWJaOwG`fIUujvkx0`p=myr*D1z4 z*RS%r<6&=N=X`V!7iEv#uwp1pUUqRGX`ky_O}#H#Wi#4N-Tt8NharBspZ7k4>rxK@ z1d2ttU!OHMCTs+&D@G0`N(`A9kh|coztN8M<%|V4ry7>^$)2)y@703^^&T2QG(fq_PCA#>6=T3nk9|>pZ!ZqWC%_ z4B9k-zu<51`dDqrSfkZ30%T@Pf9RWkd%KhkL1@eIX7h9eqCUo%XG@dovn?S)>^ln( zt~i!jB#&|P?mP>ovL0s`GgR|@6*(3RT!3#tn;*O+5BzeRH+`-ZRLYn1oLK!}{BVic z`D$WdBy5>)zYZ&WuN2Wv0X&_IigFu-WL*Y5bk@<{Sgbu;2}aqV;^ozaz62Gpx0DT0 zJ~jXL!f@Yw$pPV3_RbRBo9h%j=h;!MObLI3NlN)qOp$5APUgVf26TQy`9Bv@`B_p0 zefgi^$H%2+*FIxcl=MH-2NC1-K=a!6=A`G7pzRX)ct8My+Ph(U00n7$7P*?>7z<7<5HB09NuUyK#<^KGr|E3}S z<*TM4&P03XF}`;Ix*h`V3uKu%ONG>umzKApkM0_f76be^l;1XztHRQ#`#D`|$(R~J zG&?(6@3Hw+iahS%MFN{PGj6a2&f(4wWj0s(9n556_`TmQ<##mj)K40t0G3rizg{SP zL)4!Hfa_~SW{KoRwL%a+kcEyI6YxI%pX*D_N3hVSW!bNBnKe8F$PXl=V(;oU+^h-M z#_{pdM$6POt!Cgs$-(%qm?BT6RRgva<%%XNW15M&U=U*C5S~Rj6F845+=;U@g`c3- zaq=c8H~^Y*fE77tRjz?f#S^P!@rz>?#jMo&*gae+t8B|{T>l=Zm5U@MNIL0&x30sK z`hVJ8*IJ14k2wzyGc-CLxtCZz-?0;a==x~gH!y6|tzq}WLK$UcsowQN7{hc5Cc zD6ak4yi5(iu)`c6jR%H(4CMbDX>j!gbxXYzZV1SKUbZ0F-$Ohq+^7OmT0qx{WybU# z->aSvnRIS40}MeJHYG+77`(DysGR}X5>E6A+)NCvd8#K<@w0Muvjz+Nvd~l3O2yow zpm2%ZodHHzn5F1GuFQ>}0wV=l1-POPB)9UxhoRdGeT^<7^UcS-ZI9J6rCM5zqJG1+ z$jd^4>_#h3Zchj9TnV?@+$_J%IT^J6Dc~ zk9){6&OKAq^^RV-sf?A?fzKlULUqrm`NNIlJGLX?ZQwwUPh){UB`TGS8FwStWdCyA5sphY?& z0Ihi_#Tg^Ac$AJlT`H5{N&WjDpFBC@+aWk|-w4*wBte;i2r6q(Ill!HUpMXt|4utSl8)7~+ zF=bI#EDyY-TJcXg@4d6P(0L!s(uij@mCcfqtyOH6I#|~9!(i%keRbDPHPsI`=a(vG z0$=rJMloe}V=9jtmU=>$da1H?d)K@WQ0tMFxN5~Bhv;i4JgEnHQLXCijw7&aa`q-& z+VUntEsU7^*^$zSU1BM1NzU^jy=?hUYU_1?Du^-0F=gh2^{N3pCUv*rmSLL+D+iFlRx{_ zAR*tg>8@Wesx6e`^J~%5WDpbhXSkyJA0kQSCGlNf>F#eFOEDkP%6&RF zHrqhHp+LfP$TEt^hnFeo_S_6sLgsj^f22E>uWE-D$S&~rh`V3q=)?c~ zCbFd7)BiC#Y;{q(CFAGmZMbMXYoMX1amK}vFuNEg@R zem{+j0zJEz8>5UdJZ7el0VtSU@p4_r3EtR{$dx*NcBiw~0Q66eEC^M2qZ>-`>^{i_ z`JE)kkp6U#IDaB#tFPKB4u-akgh*d}Mlz`6G!MO9M6X*K`rX_83yyy9@r-E>=`Sd8 zyLDGB{LQ?@6+WBZw-sqW3dUzG<4aI~tu-6p_eE&EY1s0Wi9uS)!NLZ#H}|<|4hK+m zSFC4V2NrSpuDN!kwg#ey&E)u_TpzbNJ3Bu+IanQW4M<@oYE|+s0|EFw)omW?<-dX@ zWb5SocZdif^C^5eEi2^Z7CPZtYw)qdLz;sfkj|p3Qiya@$eD$8~?|F~Z*ZcJU zJ!{uz-dbsQRR659z?VfUS=ZtdkMJ28q(XPAv}8k@%qhO7v~9C;?Z~~cZs)Jm#NI&o zdGQZH6?s^sJ8?_aT)2CH`Bu{-i4iKw6-fS*S512KP@4XIs$_KgS7$V3xzdl{V?6=4 zlPGeWZj!RWZcLa?mjBtkS_jhzHZ&~zMNh;-lnl@W7doeKv%qey z%`-|WlwQL4|4bG0c4nLXlO(wZ`A2|VT)$M6=@@xRA!CpNCI_*`P=EEJ*ya{_+h)D@ z`z(NJZuekm?9!X&y=0_DLQL6oIQQSiVgW)&QDsp9m!p3@LpOysVZtm{)~d(;Ki1wV zD$Z!x7EVF}ArJ@ITZkL0O22t$)RYGW(%^X(A}pr^AxSeSb9}N@BO&|3V){py^i`# z#h3!|W0-|nvppwJydR(&JKO~{qRRBRF26ELh;s{|jmc@omsrTjL5 z*TD$7v63Gzs*j_5M_v}v$$>c^pWAl>gbkRoZn3A!b%dL{HByBm#`zf<^UXXB&P1sK zVVZ4Xu9v9ZBuinIb!S;aTf!NeD`qaY6GwK|k4Lq)N5bY9>PH1c17E9k_}AV12gQrS z(pJt%3Nap7Zq%zlc~^4>9L zdvLtmAwh4u!1(TR8i&x8VqVjeowbLQ1VYl@5wMUMW;dHv{L(-#nxZ>Qw&ezP*Re3M ziJC?6n#IVAiofhKUb7Xw#u%YzH#jpJTyjG^>vmEcX^{M_xd&{;Ah^!2717K$}r z><@S>34IuxGWX31q>VtMh_Wm;KQKNbz|z086utS;TDIWwC)oS`yO-*PNNK9-c9qXP z5}Mw@G6Ac@4QTM@fqwAOip$>KzRYn)*X?coMddl_;H^fZ3{N0a4jPFn4eFNsqo|1xjq7zZf8Nh;s zLB3}TX}Rl7&eZxF#oXjY;LlgL*U;>O+n$A23JU1=0prG_aIDm4Glva*0W;)LEsB zax2oU{K}oDU@Sf-E4Xg3qwda!9OfxF{I<0 zCzezju~=O(O~h{H|3mAx#D^wtoy&FlB1?qv`OrMhh}!0KZH`khy{Nn~bWWwxg}QO% zwPS-G!$MO6p;nsV-%Sdto&a}uE=dCt+!>39FxE~R!x<#6K37EduNY^2cqHQRUO(j z3tgAto!gUcyXCHyWcTJ~nAc^ql>%?vIXHK&hLyAd9W3)xy}#DBB!bPCN?a&S2#Rm; zD2?%9QlG-2;YYiM;j2V1BC@&y$NG48Kb#3NspFgP(N|r4)o&SFv~Y4l&qUeW_!iFX zR^1Wsx6QV=r{d>?Q4lNA*em|1_~Nz9r3@juW;2rgz(S3ig6s=RgKMvvsm>pmg%F#= z(7nnl={54ef?qZ0tzHMoW^UymxlTWE!+9VLdybBd?znH7IHqxP%B_wZ056S1Pf-1AvnU4yyv zSx6!XJb%=-xTrn!mGyjA#AT=JB>rrjgW=IZ=;r(|<5fs*QhQ8UO-;w~s+isS+m5GW z!r4c1i;{9bfaBEy923hJ$4fWJ8vjhAQGq`!9F zxShq;uVV*pNH^Qw)Fg_c&3Q*}iHKWYm+IoQ1J{5L*guM;(h30fSlb;Yct)~y7o=4z z-xGGQx&acx82H8kecrU8KKRXa@ULJ^5)wCmhlXVZCndJ+TAqt2cmJuTOcQ!z!X3WG*WL$1 z_&zk>HXNoMx=SGQLPMy8|L}+?GwvDftfV2{n;@*L>Yi+}#tbA4#NVjfbO`I>9G9R9 zmp3vTEybVT5$+GvwD=*_8%QT1(jm+AGN=e!g-bYit8%XY=A=xJ4U3bn_tm^LXghpK zX{@qj)6O7LNI~Rr`}4ZsyQd!q#@o^AoI69=60oqZQycNjorlf&bQt^RVYYS=epLi? zlcsDxN_Dx%Ee_&+tRKckn1cbk8p;aXelE5?#?Z764)3&UovmN@I6F(VYLn!DMZ}DX zmq8RLGEFD3&=(2JdJ-1O_Nw|T7r4@u^~;4nw;-pcB%hB-P5qwZ{qU2Zlmt;#bs{}T zU451Zi@^Wa_vb+4*I@I3cy8~=-J0cUx!PS{o4;SF$CkTh@ub2CCx#XKisq~QFpv~E zrOOB4>|UMTGzyBy95IoGaWzX<=!x7m(74GWm12!_lW=-jM%9ahP&);I5MA%oz!7S1 zpIkXv>lfgSI9;4?@KkBf!b?~UoHTTSqNG9c{(I@*$@*AtU*A{_bVTK!Rvf8iLL=~K z9y9Ibzy{mqw^62el0uDjMJ7gvpD(u zK*}YEeyG)ZjqJBki;Mj_%tyF5w1{hHk2WW2oCjG7!hQ90hL2hKtu zc2#7&S;gi@CiQy43hygCM$x1K$|5_3CLb~XEKo}MQ!mzuyb)U`=o^+?Qu53jY8r}H z?kabFqt?FQQ)P*uHz<*DF=19Hxunee2s+QnW@?O?$N}s9;gJQUU{{3@y5X*cA9hFe ztsie~jgao9QEhXaTl4U-%WNq9PE88O^%nMHl4}I{tCF!JzBE4xGeXjok+rWZ)tN3w zuv6c@7&Cs^+$d=^QeR5Zs4bUbqO1A-XLU5!duH_e4+VU)Z)7YJTj-zrwiA$cPGe6) zUU!aF%mxTV7hDG8B`L)5JkAGL=L;7rwXYvHOkZV%g4b&vb>kR~Qgb<8Y@;qN0zwZ3;`I2hQolz)>g{P8d ziM^1HnlkeSXeMoC{)_f(AC&oL)KS>u?|xdDJ#5(&i}+WsC(`lSKq&f(M&X}7 zIBHF9Dfs7dhFcro`qI1$F6z7e=*a0eH#hbARVP4yvl(d`q^Y-JJl)o!ADe@@iaRdG zPsiEWj?WgZchRGY%V6+P@=9Jl$;yeE{?D?qzuLati0NuyY{CH?I-jXGu4qd)F~Fcl zew%8O^(k%Wbs~}(lyD7iubIyzz&5>Hnm3zOQE2f&4IA9M$GT zT^wWluosrS@>O&(%tL}IEG?irlsjB9e91RBj)>oR&%L08NLs!}wIO`94K3p;-Jy1llxRpjMz{NR2(fj(h7y&Y*TS%5C= zf^vC@Hgi6LQ?+c$K`tcpoNc|6KU$|Fq7C7A0}I_?&@<~~ptJ>-`%7ZqB?(I0T4IJT zFF)*+{udEP*OiMXOZ8?l+=jRz@o%R596O_$%#6&;^lweF(9^A2G)MJD4_+UzJyTu0 zC!tK?`|*213PdDR#8>&?d@-|Eoi}p7Q?C!w-Q>rZX0STuUcG15PIAE=aiU7Gu1S{e3J7=x z>r-80Q1_b0*1cO`i~hZN;;DJlR`&xBhe4)D>#|Doj6FbZpktB!GJnhC_J)NgMrL?z z9|S;)AQEXp4$m{%#(Mxl@-%VB_6Dm;l&u8$%FyvXT&xzeWQz3_RU3nW3>PHaw+{-A z>)i)+1e@ex&d$yP#j~i1oEAT(bzIR9kaTj0`JE2~gyV|8F8A&4?@!u|vC^DuD37dH zFgJHogomm2sq5&Z-X!dzVL=0mNRjzT?%^nd4|*j!N@dpC{OcX?<;pz z`NLf?k&z#B%3vz9bMChG_CM0nN}Iu{Uo=1B{@R6xw>+WXRYvpGL@p0qfdPTMIdQ*f z%Gw8*!+Nx{Y)sey<%S}o>Glq)w=<1pu>8bl+4ndJ##vE{KZn|1EMi=n>vlE?zg9rE z410!df@*zGDp_5K409FCQ+6n$rb8}7r|HvTpIGJ)@G4A;48A%@GgxrH~0DW61G1&33&dm`;`5W+9k4C{QhKtFa9$I{=)Nn z^Rs)$VR=PHCKBA!VQ0h^}z!BKNxkq@@zf68iPERfM#3<710SQRe3hjrU{e zGCbp0a_~iEgK!E?Cj2IAPfQ?;EvVO)639-aSyju1ip3!&$S4~JYGie>upb@-P&ZQr zeiE_{lb+O1XuOM>C0pi(viVmD=&Q2Ym)< zOMnWv>*Liq@ZM!0(AoNR2EuWoMMGt0|w5wj*SHUDTQ-`K!yU52SMvzl$JLh&^= z&#Z7_5(D8iM4h$6#iLWppP8vN+eQ)&*zwQGT>8qDDmVw6H#dI2hw;#AX(eM25`wJL zOG84w#HbnZZof9k^SdNH-*s*fMn(F!Bmy=Hah3~ z>O+8RuM)dNf&`VZ!N?A3p)ua0ohE~jCP8sj#GpVj5olb|%^G(9F{&a|t(IG{ODVQ2 zrc*;k9r2DpS!i`p3COz~E%$TQSX|RYjo-(J!?{F=yJVENZtz|Qt{)~}DKupX^4 zVN+`*nB?J4x6uC6#*(TGb;%D?s&J!A(0kVJ6Tu0jHdYL^XCOZ7hh_PYeM~=eYjbUD zoDq~j0Hb#TbMePS80J&U;ZyMQOEI(Zx^u}KMBiFmUtg=;Y`qaD;{8=^)jn3ygAEnF zTWY!;tF^PObC}|y24R3jga%8S9?%{%$~2e@;wc*%Pt&$mbi4K?AR>}^j#IHvN}Bo0 zx1%@b#Mu}U_~0V&viDO8!i2L!O0Am-KnIw>1$;h!N|~^mgPYbiT8LB-rvK!=`6)$q z6GVnUG;0{T2dzIAPoRoMr@N*hch=m9zitaKeCfyQGmwazptQ}4j&IzDL0&1PXcoHR z980~@9;(&n9rsOQwqiZ4YnyFCWHWYbO(3zcK%nAoE=kQi@bkz798)`0i;(Eu;a1>s zraT$#^duR3M@0B?c&Z4!F1kxY{NZ{^|6m)^Jlfhdy+)QoR?s8yJ4IKM;m$Q6A9;_1 zQ-F3$3sCNdwxTqBgTG&PN*pNN8p(tR`S`8hu8?4s?0&tc4isl*;PES+ zO6vsneGMe5bJBzss4ZUlmBi6{Ei}$c*l#h9eUj~=24PnxtW#u*9Ko`&c7aW7t0 zat=2sP!)$*g~-(1VymS8P#F*UQ2Q_>+ob}(v@D8B^;(Wj$IPaq7_sv{>Q;N75KypZ zFnOk+4iwosb+0~W)QQH!ExN{&W`hZ`!@sSMfds~DXq{3AKbBC~WkfvxVdzAsfQz&+ zMI{~c#N^H^uQuWd&{8$3P)3&dRezaC7SHL9CZEbNZtVI<#&h5Jo zmJcNNYNpn!x)fdV6<&K0P9QIpV295!#T~f2as6s(z!K8ND(0)0d}*N*PAP3Alp16) z&-wK&ckE5&v4jDMDyL}KwaRynXNy-uVM@Uqq!`-6l&8%#R_v9RXPsb&>GZKjoUE;6 za4$1MCk2sayGZzux1h(H&*43*QxcE)e1A8)F5DwEhwzpHnP^aO?*qLbW;Fy5&WLK3 zLvrQt*MB8RWtpUrxvUq%Pqr!00lJK(O1HQEcb`y!!&$L&mP6j_1&?(|*K!;$f6N7w z)+X(>qr9LDvha zHeG`zi0d<#*tKijQY(j8>ASsOK#MkR@BO(RGA;+o@54*SPIkwR-&+5}z}Y`B3frnc zVpD3bqzl}MmaRE1z8^a{x7RpBz6O5QURut^Nsw4+XrP!JT;H;H4)2cl&?JcIojk8< z!8kdT>@@knvh{t~JT|{ydhmSfq2l$0vsfH;4$_~PnY~>3w`Hf_FvGTyL{|3d-k?Ren75E1E7+DEr53 zA+XB9aw%liyrW~q0Z&&JOaU|SCa!F?9;q%G;aP_?hdw!+b|{){x^ zw)2(RU0c7^{}>`F*fq0~Va%35jq}*{CK`~e8})dIy(|H>6>*52LQDD_clLti%%8%s zQeBb-w_DGy1EO%@OH$D!?g@)YqK1vh5b~W$Qx5#dxH$h&W3n5j%mG!$bD0Z~#hS-- z9VJ#X508`Uyw&yf;<#kt9hSQ#q_l5+<1Ob=r_=&xFC~{k1O@7Vi(0I1{OzT)PLWnCLFWLrwC=m{hrElSM@kvN>Ul2tI`AJgB_3W(S5Ea z&$4cLh1D%=H=GTvzq%){f1iLwJ`_%)FJJh@DPeXvs*~r{+*Y-OsWJfETE=)VC!C!L ze7QE)$eGsElh55;{tkT1Dxt*Wc0#Xt$QQZ}R0yEJBMLu`LL#3W-UqJ^0tZOaVf(*fqGinjvy%ROlY z7zCxe^P0?@k)CyRb>`g#{mn?9Q6mx(Ua6|8a;~lC`~W(lk8N&!XMUKP-UecV@;^pP zTLB+DknZqn#y`uwK?&*Q{;;yYYmI-B{i0hySxTA)m-|ARbNx0Caod85;b{ztmX_8x z8=KM_0_lWK&v9!dHMQ4bIy%Km6fp^j8~kZ$Nyc3)3(m}&%{ske42&h|WhfrRmD#_Drff+}Sdv^|l&JJA z{e9D_sJ=)=eHailTECZ_*Hgg(0!F%n&&9vGNPuB|N&(>j)m)nd!gxmn=0yYE<_<9Bx6om@@s z13@mHpnJnTLt7-7?3?}I(vgHO7sJ`p@n4=^7RzQ8m&~h(3G1%DbPHetM~QE)uQ|?A zDr0C{MzK(Z1~6*=PJ1PancdhZPo132@sB7WzZ6WXLqrGYg7b>*R{Wt~%o5mnZZFR&h z`G!o*7HgV#77FYX-CqM}ZqM){xH-16((%i~K0UaUEou_h?5XKls1LdS#}g~047?ej zU50LKLgS+g+~B*`%DVq*z|ZvCHw)pg!Q?#vKJQWi0h2gvYh(A)1QBwF(i7fEgpw1lRMjJ#IKWdh4zm?tY2GL z|HBX8kru@Y)e-v990w`SLO(}pud`zGKgI`cKtC|HS5QaFX0Ohw?a^i;U?}z1{3ieS z_~@BGdh9rN%`;H=$(@73YFH%qw5h+LraL+ky2R@2mX65UEM-%+K!W;S$ruIe=@h}( zAH8oUbsJ5Vi>J&&kEaC50uYTDu<^nZM$zP~a>Zu};4a%r2J(I!!uCO?nK!ib^aLbc z=XeiV)uPM=S_82e=Eii_MQP|Vz4bfYt6*wxEX9Kr$U=4Y!NQLs3h+p#=7d1|Tzj4c zvuCjR3t?693x$O&?rjT@?o00qX=-(&sF+1C^snR@!Ut;ARzVzuERcS{o0FyFN-Mx@^G*heHR`}uur|{fc3)&t< zi+;Q%_VDCwM^n^Z2c8#8#_o9Q2)5#VhadFjiP@_P|Az+zes!eP2UOXx_^%QdL|D-L zX5cR%ZmXY@&M%)P3G9`WwjTzN*NGY?w1gDBeP6grLICAd@p3>$hc#`@g2OUJ0I#cT zDL9p}38`+DXZKPQbQ;46$Scu^!piv)WOaJ7(3f@1o*<3?xMp#H9Aox_%(MEV<}sJ; z@9yVOiLmtV!a^=bZ_l^Kw8VqPrD`fEl{c$sWJ!wHIyp_%(3zkd zwJCl3gwO~-+}jnfZ$2YCx*b-m(VKe|l8PH9x={KL-{&EKda(<%yKBLgL*roaHDkq1LODh0_9v&Ww!qEOLHwSie-AhMMG;gW`@d z7W{SJ1wXrEID7*B?mzAv;G6a1k`om{U%x)f z8VdlNw;vbEm@`IXasTkJq?Xo;VQMNez8lIYWhHRtR~Hxh+J=S<*NWWZiwi||@s!eq z1%bxfhaR#(WtCnsKn_uDQR;q=u>R?XBcS_KI|s?7$j){>}9~mIFmU0E4RA2 zQ$W19xOg!qZb%;#6eKH{8o*nONtx15sUsVr9FZ1|lOgvHBY;}`JFeJBZwB-KfAtb{ z%Ps9}PlH~%x?WvgUP8nDegmMP$c+Ow4o-VSTn~>wli6b!er72KOhH%YqP|%Y)FQxL z#7W*xu%pT8`!tF$pZY&s$UI`$ih`7Vf{dEKG69Oj_O>_aWV-{t{{8l-8|>+xr8zxp zI@YWaHz?Zjml%Km4;t3J#V3!XZwiyJ;kH3$lJzqMyzfgaq#*w zU;X54Itt8-Jh`gfiYR?m9GmL0PuBZI3HXS`xh+0V_3sC(|Lw;F zkGqy{@L{+ed|Xr0`ORw8HRmhJhPTb$=044m7udi6waftpM~`34l8!s3#2`L1Ewyf- zrdrDs@N}M2UV8LTPJI_!P#bXax~T+HbAJI84Y($7@UY#-u%P=FQskLR^2q_TabKt^ zl(g+6a6JKj;6JYX2R*=H#!zGt67kx9S*8Pg5`iC=O|H#76x2Vraf>K|9M;? z^DGnx<}s`sXnWDQ{V(S{^X3QOutD;oqU7>vd|5ULFA+If!KxQyHUIGg0Wa>-0PaYU z*Gj|R;5zNB%<61+&1h#$7XwfrlmhA7e_SA8)_)IJ`+xs069Mp{|F@MnfcW(I{+G2~ z-UjUM|F-HaS^ocd+g@`CiBI;`7&~>>ZZd&D;sB(9lUc6(tP{@+zB@&{;_Xo{_P8H= zPpHsOThsEjko2|!^_80pGHu~@vf~ad9i1N;Kf=#fl1+Y0x#R~9agnJ(SW;-D{PbeX z#fgN`iOB&5{uG4*l9zq1n|JnKB(lSjrG{12iJ*uFCZ@f8qB<&WbrStX-rzSOuF^uD zFBAGsG{6(fj^*-BPSqN8(UFmXz>qKU6HBF>7JzFnql73aDch~A=s_%vh9No@BM!U~ zJYxF40m>a@sSFeL?G!gMzzS5|sO`sbC^9Utyi-;uln}2f{qyJb&JG?6{(v_Uc{yiY z9q$ZD9a5e`%A}Vweb_qN_(YlW2ooi>bdl-_q}!BZMS7BqkRSi&oyWtWE*<3(PevDy zy|Cor0Z3dwA|-DerldGXUc?)IXD+i)@z=K8t!P8FIGz`$JS2eu*EQ84r6X~xsDMv& zty-=}$&N+m_7L1R5|qz`ZMIAmf_&Y}pX2FuN`EauT@IcjSx!DTq)ZX8tdElr-|8YP zB^+PFwm4)}$J*+1-SDv2IrA(khu$`dgWNZSd@3=dHANuv&!Ogz`SScfCnM`)7Nhg6 zocapzBmi)Q1wXWRU_i{Y;+-c@>3|V=z=ov!w+D+gZ*_b7H4P0-l@&Fsyoi^Oh94K~ zGhlo9B`18=n&VE^B2$sRH!26muPsp0N}A3Yp~zL&by1QL{LS;B#$F{?yTg}m1%0Oo zCajkIEoxkcZ?xu_K3OfZJ20yV!H5765GW;@w$A0)U%E)(cXqYJpBj|rsbPpg&#ylf z><|sSs~r`ArBd2d;u)<{qtoj-(=QrMMU%Y9E-S$;7ge9dtc~f&Rfk13cI#@b@8V2n z*hH5dc0Np%l{KrtPwgH4toWDyfh^i{n9jUDF_G8b4$ZP#JV0-4YZEC2Cla2WRVvti z8{u+sy(On5!|AXg@NJt8rxTK#Bjzg73J~_X(@5dIwiG}_Ybc&{-4yV?JAYf<>wv^1 z>ZZXq2ig73-y?*AtI7@TQDK;Om(;EBjCxlEd3aAaSNoNjb}aWOblY{0hli(bn+m6L zuXo3H{tp1ZtO87om^^hOg4n3V2D|Oq=>$EDWLcQ=lWxNm>Kv!jY9|iP@VfYQK%9ZXaoRK0Yz=4u1~QrU{Pm;spVeZ+vH`kXfiLE%@V6>8mbJ{Bl?p&?dlkq*z3pbDNz!NT2I4xtV}pKDW?{28qAX&5FL!-s*D|6BnUe8^C0e zQd6l~A-V9a=iTz_na(4cYf_rB4$P#HmzmmR&N=<5QQnH@DFUCkQm%TmH~PlcZKA$; z6AVgWZNfJ=wX#}0*v;SlZ4~yClDB~TiLhtZXxv=Yva?LI`q+xnLekAmAP?Pof0~@O zyi{_&d=u+(B#eTN>-;YE*3f}uKV*r~1I7hbxcymt&IzTBlE!}2#ynL%)ywnd zA`rxTy%jOOoRe>S9+X;AswmgXy`kT;W){F-PEbO;)GI6Vso^`t*iHXlm4(sbVpi>Y z!GDK79cb;zND z<7mfy8?-ako-_at78wx{aC=yXm33H~)9>WtP~|O+HeR_?QD)d@|MDeb{+STxA%+&W zNB)g9{l@LV6SwU>VGQL8s0cK%+hgQj(Xx6MsaO`HQy9yjnN^w)@_|cQw~%=FAJhK+ zdF@q+O5zjqTH(s){?)&j5R4GKHYfBh6b1-~^%6XHP>){b#J>q+XYOb!_ zy!r?={Dr^><`?R z%khquo*6ZKBj*hi$ID=vKRj$AFbv&d;XtF?5&f>{MQ}<>WzSD{EU>H53&E5>UZM)v z^nFd40MU>yPVI2V;r>OcmLI&-XWjjGBEIPY^>64wW~xIBjyvP5bM>Ud6o}|LK~BTz z{lsC=SIEW|m2iz}Rhpdydp#Dcn%n>*DlWS%D~Ui<7**s9j^ANZ%Z=$RD#%-1FsJ&Uz^eW=fiTuFQIsM9pK`>Ll zqr52aEIah5?%JP4EqH=bWiUYi5c*gJa#uMJ%d${)slr_Y^POb)eFjAttzM3!u>gu- z%Nr9EG!miA>5n6cm*Ifsf4wvC!<~RhJ>StJvrxB!@Z*yb=N!NF0m1*z`3Uxv*IXQQ zxCrkb_!id~;{OcrpxEB~a;>X=41={aFMKs_JBIq6XS`itfq?kWO%Hu{9+M??ga|-P z&X-~G+wSnsbP4@qvtZ_&U@B&2B*k0j)&4e$mA{7>{Q^xMla~*R^ATw_Afs4-y{+VH z-gX|6>#C5xe)TfL%#>$sq%+?N@4Msl6r^^ozwNcDX=3O=5A!nw|HU9}&8fBslii4E z@*b}OG` zFf%zJ3^GcS|0N3z4v$o%lG1W!thQW4%NmA?gZONI=7Zp%wFw%>qAXq8$Dg?73XxHOq%|wCkMim&r5u$?i)lF(HS<63>#p3 zlh@*}Y?qK67hstdT){5n@hG?8k%dE3$I3(nC|HMN&q-K5Sj{CGN5!f?J0w1P_e+bt zk%v_%Q`tm-b5+8{B~kKMoO*%bQ~|>6CDdwlZ!7$<@sg`uvj#kG|JDKzCk(46jGUca zIY#k5Iw3CnHzCF0!R&`nPpxmI_YFFW)z9(G?fRD3bJbT3yX69%mqyp{19cmb?4AgF)4bBqh9qs^1UsfB{Mn09pd+8LB)d#g3 z7jD$oXJQ#bniA?t3dWsLYP4U&<2ITjdA&}ZoyWaMF8Ymni!%OOH>`G-%%=RK5yw@I z6D-AX;s8cgJzdHPyKC&$nSD9dSGP+j4v_<>mF}&MLVy2De=Yh^oRPyhXTgIr6P~^e zwQ?)Wnpzi^xO(pWRjg;rl8h0NYTm}-G*FA4X#3HoI_{Facj;@`fzSOdSmz&RzGQ|K!$Hkk0PU1TyG3o31W({hc9taIGaF90h&p=OS>ausgXK6{N_Bs~>8v3dCi{k2P z@jHjp%DIx>x;bHchqGgN{oC4|?!A=*qr?>TIg%1$0f0`nQ9Afp-g^TRLrho9`Ua*U zO@D6Pa3KjPO3q?Bu@?My7OCyXR=-$JK?`WzN%(%nTjwTT*YWEeunQg!h^5T7#jg;3 zcu|U&`;rhU7{z1IH#Uoxr$8toUu|Y6^I54zswLyK&9VgZ^K$kHJHEdkU-*hmI$6te z=_{msn!qWBRjX%FGe*Qjh6xB}&}F;QzkHbxhOtx7$AeKtQcO|5Lj}Tma~jIiY`~ca z*+)@j7H+Dn1VrXk+SiEwFvnW1>D`5-aL7J>cHA?Q3RE@7M`W>iuCGMap|2#=3aqfkac81Dhob8z`%V{&qkhS*fa3m~O5IQnKq@6_YqEFqG~B|;&Q z$&NU;0 zb9o{CN&Gc z5T$AVLE;i#Cb+Mf>19yo?-mJ;!*>CuFV~NJ7O(2jY3SBrcVww|Jj{=KhKHBH<97a1 zR8)2jy`N9@R!UM5F)B*AKZPPwjK8z1i-LJ1-MB}{O8`LF{de5ufJ9A7Lxa!WL2kKf z_st{UzfD`QYUr99$BM@4W0k=9x{#-hE1TQm>=z2a!lCK}ej&0R{}A?0knhD(V7D~f zsnu;ou#rP~hlfjEn-Tv?Nt$joe`LJ%CdZCzc8nuPk^X76I{yQL0=sOKb9SQea535l8Uhh-6HZxp|N7{RXsG!O|@X4{H~yxAcE=3yx* zL?!h%h@B~6Z5!OF?KbSqt&dHo9~T4!Ru2{JDDtUx8tYsSl*EZcHWB7Ic0G4HYTatZb2p*{A+EPQn6CnguR^*!;i26{vku2cE&LaPR7C|88)xq8 z7abTx4wwo;7Xm`JYZd~h+b%9HwH*Tk%BA4U@-r2x z%re;@lPMgp=}G1M;jLt6PglXr-Qwdds#s|gnu72x<{`-~&))|Q6hyI9oe6Q{bT|9E zGneDl9@evlN4?uA?{h&ae2&+x@&3eJ4$Muz;<0*8I*N`!TQtx|K1v}CI5(iwAz6Au!S`}EXR0FPY*2sV)D|8hNGIg}Bqjz& z_;_Uiz703rqeUH1!tF0L;i3yWrpX4>zx(;~XAYuVaR5+f_KPb3z+nHiKvwq}*Q*ne zR-YNe;TF&%#*xLo=VZ-HGbC{Zl7cuun8w3$LigU&l~Jg!su=%ddMR_r$Z$H{euT_O z98}?P_u_ccBJJCx7}jX>XN3^=O^S0Od%?RG`0ZU?V1P>FsI{E`^J1R6q#Z$_rDPbG zwX*ht8y!76hkA#K`dZSLFV8IXJ%AFF9Pf4E!HCSQ+oUIgx_DW01=kV zZ>XCS9UkK-1{1N6=}aa9VakQKb3#m>tLBDrHmNXk4@eR>8<^|4J-hxUr13&h;N(i} z?sWbL@Q_pRL^b6e1|Sjyf?*s(y9Ew=khDG*cq__Zxs)_GJ)R; zrmP+v`dN+Tn2cimRp$g?Rr6a%bEYYAD!q$U!z+Q7H%>Y-^I3B6F9j=|cRELnTD=-JnpRceyP zAGimYKZ+Xb2x$==Y!*IWNGANo@R6ap)PPz>d^pT$w>fOm4pQC|N`w&1Kh^&wZ86b} zf=f^#Mc25iym6W$#j;ptAG*)uY=U&)dVmq9;}%;OvhaduZoXhzQ5nK;Z7y7)cYtub z5b^bns~SaxNLC3&QQP5-t+jO7-0EB2f<@8%EO(p58>J{P?sY%;Plv|)t5*TDipe6W2m+@pAggAY%80te$Kga z9Gfp5KyMDM*CZq)km1SSpr%erK+`$owYk5K3KUlX0z`6JTJ>cM@(NX%Ti+UZ9g<69 zJU|ux%X-CeQ#fK#ZAg3$Sa;M2z&FNbveg(s()KmQ;%ltbZ9~^(+l6^(M72Y5nc%j#7Kri5@VX|@YFA=#usW@?=B4&Xh{ZZ=VhVT3GDSAeMq9obaH*d@XfKr?+ zyY+9i_4R51d_L^J`}*8o1$q5Rpo~Yr@ZSREFMUe?QG}eF;PZ6HqNima{6z8U7^CpNXrli9mH_HU?^~_Af9Fh~!l0``_X~b{`YW!6n{9wn zTk&2WsEr%&ChTt1KDoLdD>2WN`;5?Wj}a5`6TyxO*+nsMcE*7Z;lASzRy{a~x3&(& zEFWwk$AtG*U#H5OB5-q@Idl|EM!CqQYVPvRAmC;(Tm82xn2C&CPbSkni4;ACM@1RZ z89uLnGCOAq3!EA3m=$sNcAC58pjyF#QOV@f^?no=G4DGv5OE?4vAec4Yj-aN33n1L z`XcQ8%^EmnwT08-bp{3$)%;&7;Z+7DU(Kg5oh1iVG52EPOucZ2A235&o;Y7o zeC{9q{{A{j-2cy31WFM%ST*0A=tJ2}vqDk6N#Zm5vwT!lWlfW}P?Z=cspA6E@rL$B2Py5fvE5e`$#imP@7i zyA`R#CiL~aX<-pS!32MAJaOH6n4rc1uNI!7|6qq&Td%|PUn z_{*X9=R5NxsX97y7fZ+{Bh>nH)4JqjLh?j$v9UoU#&S}5!`iC{R*51i%_JUqL^T#Y zPK-+*L9FfNIl&Q;k>7C`2YT*7!qWDmC@5&Fg%>oi{k1%$(?0-EtwHI8(Io0QS{KNz zb94XBDQ)=cz|}HZIz$W|8!3>K8F1}c7|mM$kPa7w0pl=T-_PrhpQPj9$_T(Fr?G1w z$nAT<;Va>S$WIkM8=N#Oy1~WP2ZY(i-=StvgO2}0g1ncQ+0ueD!wNS+)Xs_LC{L%BZEK?-#7$+HDnOoEqCN`nX%X$c4Gu;A01Cw zE=#Xpc^<|;OH2RjMvDRVr{vUrgrRXTuVDPX=eIqR-Vks?76TWYpH1YBbZ2wxiU5KoH#4(Xt9MgCG}@m2 z{r-5qQP}o$gBGHo4@i*J9;VGv30-2K6mZ6p{RxyOF}dN!bFdVmOA_lDjh4d&DGx8~ zfC2hH$kt2^GNR93^(|Pb+ta8=j}XEGYOB_jks2}zZju(E$yY!%)gEVHKGy|43u;O| zyek-8Cw$Cz{@aa-&01~)v50MSRQK<<^tcqK%W{7zD*VZqaSL%De;g2~uGQW8uMdk9 z2ghAk}eaURWo2vUV|3?YSN%{9UiTD-w_*LRPg;EA*%xU`F?7qjh z?r@59SN_UfRuGle*mdOc#aNcLgjyj^?e$c{SQh*nYRiKYhv|y{?IFQiBqXH5-GHCL z51qn~mM|fbT<>tbjuOchFHhUO19-;2^vYKT=;W2I>{ZMEL<~?8BEK#ArJ8PUhRnCj zhfdiP_gDmH9e+)GcgK^9)u>HmN6w3s6rQ&>=kyk2X;1*9<{X!HV0Pj6>eEYK09iA| zT;-lmPg=6iw5}HpBmVU_)5p~9@rySLZ1%r{kPPegmToZs*kBrU`{(F48`NzW-t*_* zYrXf^yI4hf{ zE9LTzcdV>}P0FJ9O5a)p0(JXSYX#b-ce@&mHFqC`>g(Pf9*(KO>ONQ>zW3uUwfL!u zBUvy_g={$T7LD;D834BV5qwfX^BlP-p*`@X=IRg7{5@pGR(_}(;rN!w z2?X8{3T|$6pdC**P#|eAsf`Y;esOlX`P=3~V{@LgXe`ee9hHRZJzSVazKYr7{AA1J z`sYc`9PV5tT89|=QZRs9RzuGw*_qdx-KG8yZEpb-*RuYL#t0#SAi*_wg1bu++=D}K zcXv;M+u*Lj8Qd*E2r>{{2AAM4xI5f6?7h!_?{m(5@78_wx+)chV#%!4{q@&h|71CY zwh_h-1Hn;{^6%e23=<_kJUm33rW0O(XFotyNNVozK)BD0J-IYSaq}&Vvg>X4pjhZo zo;wmyjexRiL#(8x2k5(b>_0AmiHP;A7DsCmT142t33!)2ubH4>eOJ%T8@m-I4L!RD z6e{T;Z@C`uM5i&D(MB4+RpoSnE{@OviBHDu8FS<5b_8hd3Rrf;sF&DRR{dUrY0t`6 z(Yfu;ZcEoUdZ>KLFQtcX(KaEQ`edUtOxZd*2Q&+9T1a>u-Y7mkW}hK#-2$lD`}+l# zM<3;hvYAQl&JIj)hgum+@4?OT8Q*6408mxj<@Kk^(}qE(^l7C8W?60TZ<3d%XSQFP zQLgC#9uCg%0p2Bk8ft^Fv9X~kb90e%bFnKnMv@Z^Ev;fGk~FKbN{1&gwFxzlN^Ryk zwj?9QWq3{e4g5qS8^aRZNx>15^b^_5t;U^E%$OvygGP{(8ro1x2H0Bh>y&_EggWC4 zjf=zh3YXO^4r2LC%t7*$KbyEz_y$~Mpiw?QF-t((>&+!EM!iW*el)3tAd9>i5g0rz zC3Lyd{~HtsAAK?WxFlH*Z~0m6;~A>p6XHu|jKwdzu2yQBTjlI_#OPYdU~}K{0MEew zfq^f9fnvEx>MTdfDk|~7Z}a$>{tGlyJn3I6e)BZPoG5hA)S_Rvvv|9IN|RUv#dC>D z7IUfWJW5s-<-k7k)!jv9qxPWfqy57Q@PVKCms8%~+iUV=F@=_K*B}p%j4R-6q|MH1 z#%+&PiZ}oq{joUVLU45E{kHbHJt>g^rHURL@Cc>0M>#t@Err9C164>!79?W|{Vw>V z^BVaiFrr#LR(q5_=mVt~6)-raWIN_)%$SdI@NHR9CB++HZLwn2bG6(|Uuncb4nUm& zfJ5;gcxKvkuV2xBdl1!(u5NBB+)Z)YF+9pOient2z5hz}fuQylNPILMj^_4Jk;kO~ zjx!e*&+irwQPMXB-?Tsc>kpOqqj3f7TxpLjce4}F(6w5u&~h=rhA`73wov#Vo%nY! zVnCF-KmcqMJ*uB)!YLJarm*zTB7)>v(-N&JZWxEWmc5IE5CHT`!EcEA*As`~Bt=#G zB$8;RP0Gp%Q!-3&1S$9+Q7(_^GQl+NPwo51sby!(m~fBj0i;kR<$5CsNNN79LD@Vu zb?M087m4wD7#f*uHNmd|Lk!lT09AxpNOp3aI(PT!1M0%UhM_e7?F3rVG~XmkCTEJ? zf=5PJ0rEutFZd}e(>mxeTEz(s(#@5Y@Udo0rHwv?#l(Nn1ki25!W^B4Jk~AFyK;@_?Se9XGS zN>d_>qpS38*;W{>Qj%K&Q2qen4J@Yq-0&^k(D)0b!2AzZ8kpvH%FqinUO;jKUA|@t zXD~%Q-7&9rf_l8##ZhVI<;zpsa+i;+a@^)dl?CobvH+{AgCYJv=KcF`wM<=rpdt7z zyB$%&Ryp4<_D`_xY&ucjhk!l;czJV4e5L_GUF;=Hqo)0y@^Ly+S3s3$pnkL*oHz<& zU0qqpsqGIF%?=5@XlOj<`**pYV~83OQs@OSQb5eym}nh0Vb>i7MAT!RsB z2kPKrU|;~JDHbDY@wPH$2c!NR!_Ey@qC%`5b7u|buSxg9Fq=mFz_@1FsVRLWh!bzq5OqK+uS%`bo8|B3nj)x2={Hesipz|sKfWuKf? ze}{e4j6|iR2zyQDm!9Ix}mG79ofdP!6@(tu3$qwMm8!-W>UV*uE zLDnS*sG#cH1NSVoN~n~2I;DvFLmNgb%re|sHy`C&Vd`wddpH9XR9<7R*viHxzjkMP z8=B2V)16>_)M%!&37W&GN?ay%V}o$z+240~oR~(2t%C?C?)8`3dSPFpPvs3F-sy+VC6Cl0pX%fnY$J0lWtXmSe&3 zf!*WKPaoonyAy01J}1Q#^o0T(GZBphtBb*EEBDvHuy1^GJo|?CLXO9vH!CXOiQevK ztKC?7!;B8555M~C!njMBAzX0c4*IZ&VW-oqCrW}y>0srcr_TofLk@ijJV5*vR)Y)I zZzxI!5_sa$17mgF;|P}?hYLmNQ;rl!ssZdnbp-Z)2qP96%HoJ432e#MX7 zwd}(UEHDpyys6N>VAhDq-NcpcRCQ=qXq2k>3Q0N4p`c}H!5h5iEs+Z1eMB-=7X%~G zkShQ>UIK5Iq%gZr2~82#w_lYp6@1AP{W=5vMwMzbHCo0b_XB5xsKg)UYW2PrcsI*6 zbZhRF))%H!c44d8++EC!_wm3ysIz8fdaK?oqqx^eop@EiFSdvL71$i{6_^2K?HqdD zjeZwosq=5-28B^(5c7g#L?rNz3plvBjU-V7vhI?uzn_lS`T`Tn4QW{?r)N%%av9wYrwb$`sXQ}U+|H`+vqV?)Q$nrSAkxd zHLW_z3|C74ZjAu|dH!dIwW3g(O5tTeYWN)2oS4K*o1(0wnmA~n4eznV^6JQXcou5$ zy^RfzYu#EKN>|qYMo3p|K5+G1(Z_J_K)UL?~+tl1wq&GPZaxn&qt#?h^9)s&Uh(d37cGw!m5 z^_ZNLOfPPeJeUxbIi_#KRTyO%Gx^1rQk3MG7gF6hI3dPJn$;NH;0gkQm;XA7%cg~} zk}3mR*IT-k8-C!9z+Nv;l~D;PnL!Qxqn;6Co`Xu*NrfS2_8STut3&IT`0_Vn6gyP# zpw+-q{1BgGe+1xV)B=;zu)nzY!1s*_nxZpC*F19?$ow@GRAf^mp_CZRh@6t5JTdw!0XT1;ER9Z9>rU!zXEpdZrrbCMTe`rS@P9p!p7Jdok>YJ z7sp*hZek(`maraBBP#4l?p0(wcH9iibB*5tnEm*94Vcd3Vu^lb$w+&9XXp3oCK94E z8x`=a2`CPNJKoM~YtvX)gc2y&bj{P`sJF2BPWq91u@utZ>dDFmpOgo zK*Y(a^WRSN)T0;F#S-J&L~zd)F1YnJMa=eXr5U^@->{7T1bs zLHOZAt@}Rx0KU#YTUO}%{*RPIaeYLf+#_aqu<=^T>||W)c&oP?MBhhLoeK3hQ>2`o{W9yX?%RGb5_KorSchM1d>SVznxC35i0} zsjRoDghWtpw*?;y$l$ph@p$P%R$ASI{^WoHT*%?%D(wV0DKnB@Niq(Jhrr>IY?;e2m-*Xd0T;GOg~62rUimUjBlzRKtLHCiNkfe=j@M}eHQI4Z(Jh0 zyD*wgw;{7`p~Foks(g-nJ3#_&_zV5lB9yklttvJ@ez6nS^+$T+vg}J<*Vs2tV{6pz zbuk_#=zhEta6P}3=W?ULu3En?)hGT($AW*T1W6V|gCy2+;52}&OL5VJI9E{sF=Qs) zv$TdANInR-&`q)QZq=JL?e57@Q0D9Fw$8h5w+#crISNJt1F}Fp6`Q}&NkQr;FFYzX zI^_1o9ennCZ{1g(T8Rygj?dtXT(mkOI6QPm&S zZlU931SKk(L`Eg~@9>`Lk6Dr18kJdZxEP^^wcI?#G+XDy4`;$fuJ=CIJ>K#1=W*Wn zT?9w(@PGp(D&<+467;7AX6-Dg28|>{>Oql88pC; zldO@c;Q~RNbESRSW<a9!CwY-}na78I)~6t`Zo>+lLH*3jU_W&0a#AT_w= zGF@3zlnQVq3j$;$I+-0r3^T^!ajYWHd z+N-TU0Q}rOA~}5Wp$Wyn7X`4p9IvfVM%G?iAwi?k(n{hhb4bFf1#|N9uox??xS7hU z17l0bLxSFcmi zMjz-mzoQUEiwtR{D(sNXjV}q233whfdpHhDeVZSgSh(@)3jb<5Bh#*w)EB^h(Ysl{ zJdVD9bken*fdjmAPW_|WG;v8u|%x1k09W6Ej>#nK;iwssL;yrh& z`0u*SJX^M&ec;oy3Ea|r zu*6qK5yyp2WBQe>lQOu1VBsG`kv0o4lvuP z6)hdbHZxKqvh9zSaN+9MSZ?{=J$%s{_kP-xjS>L#e)D z2^+}OXvMQvXip`|0}N6Ce_-AoL*>=5(5mb5i1^B_b=qcXUQE~tE^Lw^o&MEo#^omj zqEUl2>oS;z>ja@!KILRK^{Gmr*9aaIxWliT_2f?{JS%U3tegj%^0D3;b#!%ZQGVLS zBlH^-xOsQQyP#<$bvWh+@V{4D9-Gf>r<75_X^fXDZU7XY-MfUQSDWF}nm>HFx3CV% z8o~4X0`Kzgf_mC8n&4mf`3B4A4R=gWPxrKFl4yY0tE~A(=lj*Ll3$>Imd5%>57meo z+Hec|?HpckyBLU^ot@}KLa7p~bWg?GY3HRW%)SdJ(qy)mDpi{O7gp%E^W`FfzCA8g z-fdNkt)Y|W!n3Y(kq%UfJ0W~uZHyU9ZMi);#L7gJSaampk``X-FU|{JyZTTYdfT&O z2;lmeAO`im`S`)ov1|pYgYan~f3QP;VAd@WVD17^Z8l7I6Y8cjwd~&K2MG$< zY@eomexr@wHlwrV%XI?C{h!wh#^lu0I8q6>xf5?lQIZ8M)@|mCJ*i_$W^Ow{X-&)) zT@#7l(zXC1fZeGjORe>V>K_cigi1{VQYwa!uVpFZvaP&m2s)a+dwZJ&Jd=`vYUnBP z`Mc|m&ksKQ5)+ENJwVeWK@Xz#;r=+QuJW}1+_uy1nji*L!g#E*9`(ikwh8tGTa2oJ zX9?IHtN^6uid`$4z()zEZ_a{qzO#HumsJz|M!hso;}B}_IPZ<> z_z&PbbdyOEJy}SQ1r;B*P0xgQ2gGj2)qc=itS__@#GzypMFD!iufTcglx!L^#OAn>c{s)%6 zTj4Raz{%EoETQ?#&S+snjU21@RBzxqy-;9AL`}J!`q~~CvBCZ;2Cs15{Yr?C57U1* zTMU*9Z`m>_w%5(>%z(0eNxXmS;9J=|3>MzFz(C%3hRfV~5S=omA{0CB9<<^37D&Z` zl}y%Uex*e{z1GZXP4PlKO8D2u!;Q)>n#VdOAOtZ~0-?c-{K1oxPx{j8ax@XAyuCb@ zLQ2sSFLzK~&z1|P-SD&2W4d5!fWxJD9;c2E%G1-Wa6Q#C$iBr>T}Y`{cYnX)Rfo{o z+?TtSv**)(bscwkgYWGnlUwpHw{M7kkF{s3-~<{ETvmNQ zTzDsE!v1xxU6rFP!3Xl&(466VHgzbw0hMgfuplb5^GiLQ;VM?9Op1y)6igEyMyXqP8T)Z`LMHR*hI<$i)doh3%guih$RHHm_L!c zI4|W+`fQPmNZK*V_E4gB_o!Uv3dvzPyoNOhgi;CG9o`EhvTk+YJS+f zC!|{=#N=nRXfN?x6B(>qzD5R^nuHT-`@VbTtl-+&40f4rFF*3&<<*2^;oZ3n_L7j5 zO_nQ^2zgV&IZIzCN(gC}f?Ul^UpQ?8IT?6hb4>HPg_;;pY%JZ~>~`DTzzzdYLrf+f zsjzn`sa72Tb_6#0zT`&vZ-98k1sqzk6GPGB*E{S8=Ai&l001wI)zaPW%9?lihUBcS z80><$W{25v$;lptW+)m<0Bnb{o@5^Gt`A`(V}!lw^^bOZdk3fYg_F%Zw2LYMKm zcv5zG-Or!=sFQzTNRci-BW#!kXnSwW&k_LSvyT-K9Zc;t^;SNXR3pdE+*0Em?!if- zScnqHlm}UTBix$2tsU}!h&RpKA{il<>njD4utqX9L00ssM@gwaW@cV+F0g&5VGjyG zd5lgx|D2gx>Zuf+)HGR6+R`7Siw6MMyswWAy8D_HLxqZ(Q>_0NT@~w0vceIH>X@#g z>>2}Iq5#4uSPgr-e~eZ~IDf))u;yvSrLkMmk7Nae|O_=!Pux3d`+ zM+L`UPyd?GowHydID=x2?hQ2lYIOnjS5AKo(3rUq)rnyB%f{(^{CpfHee$MEut4wg zw9gw@VluGBLkhTy2qFF+MWtTKcF`7%uuhANNqHftV-u&ey0iMtnj@*FpKg^1Vy0k1<|}dGG?z z3}y_LL$tWaTrZVOp3?1z-k-sSqta#;+0g(yiG**e6|Yt#zi>bR$a^fI7eLLql^|J{gi72~8mV-Nl%FTgP`EJ~q&yWTQUFa5Y`^ z$r(oenh{HCcvmw~}#E;}G%I2F55} zh;|hhTc!qwE26{_a9Xu-E)4wmei8b6cNYZc6zY{}srF+GQt91(6{+_)-k}ktD*~i! zm~4M5U&fnp6g5X(4Obc!{IR_SRM|5sJvCis7kGskA1YLace7w-7G}Klo+XY6*bg8! z#nXkUQ74}_l4Vs;!-;P*0D}Zj1kI8Qjh;%$dG%kA`@Wq~!MJxb@4q))zxhz@a54^x z*$ZW-Cmqe?K|XtNq3(T&2OvoqYov<^vy*N9D7vOhDv=M9>oYu^r>;wz^F?8yVq}$yi z{K*rUkAR8Ww}6M@GzNEQww6j}FJIwENk2{l;Q+*5k=`MdlCc+l`w7`7zL;n^vr`#h z!FQHXRoR4VX^XA784lQ|v*u)vxsMALo)KaaEX+8rwvS)(s|5<2#uKSoh!PHRdD^ zG+ijkI98SPIKUUU^L<1Wlj=Sm^Qs1lkK{zU*uB z4>zeYvBdji#f7)A(MHeyYF=A0I&T$Q=xS7GGn}d~%S-fjA)`gr3=U%Oh(Dw3>rpaZ zcPLxZkDgE*-d2JOLGH)cl$&nS#9dSLD5uoz3fq3nlni3Q52wMC1T9oMAqu2kqv$VV zD3L))q*SuLv@+szK36y~Qm@l{VSjWOnHmjFXRLO6Ro}?9oUenk*lS~4XfIJd-RPBY zn)Ug|JD;04G-&f^q1!X7-+7{Ww6v2mc(=r|lQK;T(;p_eRB3Qy@QRf%9(S(Fd2g) z9KpYPq9x+0DgHKqGGhsOr!f(%#Td+h!!jAsCthQ?Y2SCdXabaN^YC#Y{3nk95uXu@ zIOCQKc8AkJwFa0?H4>^2kmkD{tWMN$v1sqSVu^t=wlcgc)1E7ljEr_wGH#KSmi_=} zS{&c&)-=xHMsu+H7PPym+pXMXr4rxQ#68!1ED!_nuzCx1M29>8v0mUl0J_3(Q^)lx4ON*0ud2!<#ugB) zBorhLFIS;2w>X=(-yw1mxk;+pw)K=v*Rt*PU1n0z+1;AJG!?)-Q;(e+slX>E$nPSh zfwEN|iVSboE=?#`h6y7U>F6_E$|Zi4sH-bl1l0f;iP9)Vdd0S%RtauC1C}8f?4t~& zIlIW+u#o|Y)#ilsf(^pDGcLQ?^RBZZS4WaNZ$^W|oF+7Fjke(^n}d;*nW2pfn+ii1 z1>d*%(I?WWJcy&ByauPCB>HpQPifzrCBHxx=ZOtN9{s$*)8z$hIu~v`%|_E}4bmp3 zNj`aczPu~XsW;Q=!E~D|aXv^uQkayp+qg`nY;&@3_xp;(Tgcm6pcFPr1Z?>(%|+xb zHQasAkFMxDF^oF#>oDZII&4bhGOJ8(fURu>f;Wf7=6F8vOJ0l)w))p>)%_lbn#h(g z0R0j>@%@(hOw=msDIO{Lm=mCuYn;gw7ab~epuRz}R%ToujUJ6^J|l)v6&0tN$#XHZ zx(KXPXI+m>k2m=1U8gD>>RJ*k->Y~(lr=UaADek>bF%rlD1}`qVh;aOf4D-e=S11? z=Z5=!$#rGNp!!bq%H{d_6Re3A)=hSJ_9!QCz|=L%iQjsC*_6x-F5cd@OyzNU+Mmqc zW>LnMZ=4tn8A#(@8Z@E}F<6=NAX9$4vTspV%9dVR?R6!4eckIB=5xvH>Txs;x4Cz0 zh%yA{`|xKP8z%FBz5LV6dZTj+9Okm(_Iy|(KX(tMXR8)4a`4T((3zcoxkY`fRHY?z zaYb=h!(%^aqSo|zDc43ykV}KYUU|(E6jOhpSvHr<6K}nP;U{NfQDkg`%X#+TcGg8@ zLCBCd#4rqGey#m#iee|?D4571(sk(pS->n3A|%?Gn+%+eg&4Cx6cOd>@{HS|xlb=;kut@huJ#KACOCC(Mzp%Fn<-Lu_h*Yj^zzqcLrCMFU0S`h_rm{8!3 zHs4fHe+H6#NAU1K1lYu(+K zN}X1}iU?5KfM;i-StQ4MQaUq`zf_`=hvRgiij3Jxx2}b z6$K(~3)#cdjQvevH)5-#^M}~6$xs@+Edhq3X&POw=BEw|1o;^TEb-fAnJuU3eNI&0 zIbZQ|Nj(I%M#7n?<&>+(T*C~$IU;}L01X)tw@Erk=XA0w)+BcGbtNa49Az6#PqTQw zxf0Y?VR>wV1<^v2`2FdGo{FDwJ+6L5qnJ-WX~-yKbZvKnvsYaEs3Q%)*a8SMiq!^gI zXCH$#)7O3LfP^}z)|@1&#B^@xG2${SEup#^zG`%3*e4>Fnw`b%Oyits?6d%AU<~w4 zccq+YYmDq$K!ILwE()_6>F}e3ildw9cr}uD;)!6fT5YE5ChqY21*zH}?ZXd=WkDNQ z+p2sHseGqavk$~ZDgktsDySM;|b6$7HJ+N^d#^EG@9E^JxmtgYF-TkTY9TN_G zmC&`0z=%G{KsbZis6|^xDZ2=hf(3WtghT)w# zD@n*2+cSz9BMtU)_Q%p3-s{Vkd9_weEUEtJ?|I)ZN>`<>9!)`SBF4);6Z1c866jM` zo@@<8n~uEo!lT||wG5D@#&>auwgpBL4e!9*)cgL=#0lD$S0FUt*3>m8SX6)P~I^0#>nv9vRM-_8zluA)w8N?O77I zCl_7Go5Gf)r-KK$C)Z>YPPir7?UTDt>5|Tw1m^U25iH(`>Jvu)V!QmrvYqy|!o}xn zzl`*rf#n%8ovSsn_T^}nP>s7>O!-f@$V;~{SaR4@nb&8h!b@-X0`9euL2@Yevf3Mx z$B9cp3e4{Y7^J=QA9-^?gg68q-yL=F{_SkE8 zOnZxH2c6e}OjM>KY>qS%%jFn>OGm*o;nrfW4@$e3lt0h#ZQc=YT&Fc zw@5C3Z$0)gIN4)+NwRwkff}r6a=vzKb?yrlB)ud(oo~lzVcf&<|{@BeyLpP0#-NFu2;1?Z7cGpY={=3q#PP zrnj>b4^TQXAAc(a@P`3cqEsfM9w-z`CYfy<)H5t4J&-P=aJ7<{vjXrw+zDT$dmsn} z&Sk}$WcXkeO%%6JilvM8^(bD-|EMsa-anw$`CTDK{LWQPsyP-ub{TN&b=LkS((hPX z&q=-_Ag%NP`(=mGCgnR|=ioGT;NzLKAM)2%e{gZmJac?YETy8OGMZj}AgKSAltBPk z2qn{)t~BJPORHIXO-G;fv1Z;m{VsNg({bo$d{j_I$b${W#|lIGHco)*d&QPgfVMuq zT1R{5Lp(PGn5J;;2Mq9Ymgn-3pX?X%UN@n2)qB>nEk5Ar2lRv zI7;j5ew$25ku+Hy)i`Uy9H&J@$k`hI>}skVCi+x7;JB?1nBy?tZbHy7$38Oh`-mC{ zU^A-cO~3BTS&*}r48dm`u-utOnS`f2M$ys9pJwOf6D0dRG#%37qbm-#-cH)}_aa`|xti#v@^Htn&6oK$^lhT!I@1Zh`@%7gHvUc+ zLW;A7tIa>yh(+Go%+nV)`NnAIw8u48Jlo|pa%wSiU4MB1G@>g(XHX>?czuIa%tO7^o( zzn{GvhB=b>X{6tw3C+=v_`j2o8u8xU$&`DpzzsauNJLT7gEV&^)!Nalfss_-rc8}| z71IZTYbT&hClnKyEl$mk)hIeX_5>Gdugw-nyup^(z z5(eI0B^W@=M$LffXtuaPWnz{;bb5VbBgkX-J087I3ZMs^5b&ypTdkV2Vhkf8JrFQ} z+SkpXa@A`i4a;yrLtL&>GUzQ?*zI8CUD_WHVtN9TQ2fv@z6uKhB(>~>gxi;p=PQ#d!4$y zqfFi4E%T^+O-bKQ0ot~LEFH=RTKv`qemT7QAvzCG@%(Jms|qZJZfI&{_)`2f7w$gK zH+%dT9TkG|I#6K)V!_|aKVGFaH2$8p2+$qh=H@D-7L_<0LlwOJ`taro{G=ZHTYts= z8TVwZo72HzziJHg_B84F>N=izYvhqP--T3|4~!YE4I2mF6dzs{!U$Rs=vUp6TRQNT zv7@0ZJJ%inXi;F<|6+*{nbeIKkYbF0bZFl;$B)0*>%@F+WReOKzBHOe!{_h~t2B~C zW&#JF(ED%773ma;bF2=i9KpfvhKxYChw&?+T1L+h2f|z+v1VD8Z*nd#3 zRa6t2rcqEBxo56%bBomY2#XT`Xmm;$%9jIte|shtq#3REA|VTFH}dch5~4w8QEd>t z_<(GJXF0y8w~qpi51Bl`P=CBj%l&<4s;`HB$9{Szkp_xcQjm=J$oNvE;clvBNm?k= z$;{i_gpz|xSrayxJGrRi7_T8FZe$X+uiA-{M1g*(A4a~*(q3Xqy-|>1K%DLFG%C4$ ztzO2l)WB@G&$zpOM-9K!9pAKOsJzv&6MVAQU2_#Brk^OHG=A*OK)_pIgzmhdj2ZlJ zXL12+R9Y_u>Rv8e`+wdA?Vw+fK zB4vHmV|T!0y2oGJXh#cV@dJm+T02{H;W00(iFd8bO(1rS9pb*d;S1YuYQ#+l%sxiR z@4{Wi0Er&w7!KY2^_ej`rCx~E7j&XWC#;FxVM;8lacmoo)(R{<_JBZPsVU4Cu-Bkz z2nm9XUz6uoEFP;*T1>DH*V#R=MzRQNO0W{izN7DY>|+Jl;E+*nQ0Mir;TtccOuzBq z#J6zjD!s-*b$%u?s0&C0W%Wv=jO)1`MA?`U^4T?{!TMl@z7(@OdW-W=1 zI>Vic01L{4eS>8N+#ys|8ma0Q3S-hTv~e ziPD6i;`)a=RNi@Mi9C0A)w2oENRlxoJU=acX`YwMuxFznJfGw-1Q{bQj?mUsbU7Ku5j>M8?pE31p^|it$hKbClx1# zfD~SY#r~~Ni*f$)FeiyeQx3jDQvCVsPBi3#z8SYe0QQ4_GV7-(N#+ew%l)_>l?L%=XG&k4Y$voSd1Cx{E3)Hd?)exc`w_`Cs5Cl z2OC_TKjlM^*5Z9hH1^)8Q?EzLVBd%SS87x7N=f3?i8S4m{gdI5O(=wf=n=}~gl^bv zy7am_r!AELAp=nAuq>LW_?QMJ%WhEvQGcbqa*O5X1Y&qvnV;Vi_A6h2lr`K+(bY3J zDApdZo}RAMNeO|(fhX4i+**Clu{Nol zw3t;@-xe*=oifH?Y%n5i*oAPepqN&rbGn8Jnf^52tOkaTD){H5l49xipRP4oTxDQa zMME-oXk8+Q$zu+Z9>4dY8aKR8+bwL6-BWzLjeOF9svJlYV)T431b}S)34?2cA*@(c(KyuSeu zM&O=3QVDxes}1qi#lx1Dma?82M!U-WS`jD!bn(YpBJd6m&3Cjxkx7UY6_UnU;B9Bi zbZpiCAb#<2K{}}hladYm>WZ=(NtDqoU`itM9s#HGH~gvQJ6>9_X-3OjKv0sF1@oKu z72iyg{g1lP|Kwqa$}IGL3l&>x4)hKKbdPwo2~;jWS;`cP2`8k3r{5NnLe|&TevXc2 zkF@X~@^kX?A`%l5t590~g#^ZWo5HBcE?Tpi^Fvosm!7iholfD0u?SRyp9<8+K6=mN zuWJZ>%C!8{%NFvC9~Q_XATnJA2dgbHJ!6zf3&bj_UcWSWIp0u%k7K&i%wvE{)mvfF z%LpE|#1cf^V3h@6!}9%+q6n(M3KTYi?qA#b25$D2ssmag@a!qI<1}cv?n(>fP!0OjIzLSkDwUS$^t_3 zjNuXq`;Li7bcM|=X5SofzRg4?_%_@rsfcQ^B_bm8!k0vUHv{92{^wW5u5Xt*)ImYw zYV#Qd2Oe0$O4KU?g@CCLfGvhKq+Wkm!N$ytE6WG;)p;V^czIQl-WbUcW%c^Ak-59M z#Y^U4jC8*t7p}FGZ(*0l$68J7rH7kd0*KQ93jCg%RLRTMx6whE8=IPdrzlV$D(uf8 zcawF~Ql^wt2l5>I)IPONLmDuup(qXD<$^9RQhE5?mWsX1_4F-#8(7$Jvk;v26Mtlv z)Cx}-C6;c7P$8d(RaeUrhx(HWkx)*JIBA13X1wdPG!F$~3xYf$$%hCJQo&9X_si$+f=K5IEa z6%)2a5R9nSn*6S)12;Opq%3|Rs!PtX_cq2VyL2x-=-Gsc#jjwY<4waF*!C3iqEMIa zh@T!)@pOc#@~7Y<{#{LdkUmj>-mI_h5MMdh(9huIOPC18d?91%-KT(l7IM=HX-n;< zPda7NtjI)jujF-nzEWbXNaLLjv;}6^d~Tc2cP>s=m}<4_W06j2d0H`T?l{KqJ1>y= z^cT~4Q<5_|^V-kbaQH(8SYTlkANYp^FvIyY0o8i2*-OyN`n`1dXU}=g=(d1S`DerV za7gq&HXn_%TBSRf06Wjz`q;z)GJ(qMQC3LKglsp-w`wKr(1Kp4t#aQJWB?tFIP0Av##D^_4tzSD=aX&xiLMDb z<&{hmbni#3jfMB?2V_}NL?+ol+EQr-gk00DJp@Ehi;UxNeNzJ|-*+sNZ}61nzGa2V z8dL6&tRbpW4;YFIQzcmN`g`?L%Ezs7+hQ2=llZmj5QaZ|T-N#7qDxnyPgnZZk&q{m zT4=~`;qqm=X+82Q>sFLyoL*$vfsNDsJH2APmtERrMEOL#ONG!NT+XL+(t%@y>n*NJ zqftzKgn{Tn)$9271nFu}V!1G07l^jhqKkJZ!1*?qb`3pqFK4B?S!jPY;gfM)=7u;* zd<5}48eASgMPs)m6ir(QGX*-B5<;*IgG!h|59Z?zgF`RQ#L_*^<{-*jRDV%_4>o>fF- z)Zxr&F5S4&1BBthoSRpS*nzrXiEOV(w5>WClN6awGbLRE6ZzjEyKCeAEXoGL8iycl_{bysa z`AclP8^}1cwTT}+ete?E4on)!W^Gfi(yiUqMUWNp9aYtYjH!?j2KJ8&opGjM6{qa! zq3r9!TU;LQKa+fs0r)yJ@%-EsF#G^_%91c^@EA&kDQ426_xyu!B zsHT431mfM8up^zYZvYX5i#pMxT45__TDJ@+_V-9n2d9Q*18V2CN9G8FPqj_}wevMY z;eU`QR~#r0?Ec`mL*wqjm^j#H(poie+8pUC+es%u!kl5ck z;1~RuiFh6(%6+|Bv5=ZyTV%rGD$&;vZ)$- zDzrx*+{{|NhOBO>o^^`a8xD#g^kM0Ib3=bN$}MZ=H@&$BTgE;6EGm5#Y!GH2Iwa zB%#1v{$ZJTjy7B8q2B+b8UeRxj&x6(`)6nU>(l?6pTZ<%zA@(ihVmN15J;GXexRGL4u_EyxaS0|+3&kyon+P1jac(E@g7cUi;ut&3XpU$v9RLY`OqEkK_Czopo>sF2pAOQ0rrYZF)WdZsf9LCB`=Q8 zR$5j0+kL7oAy%VgE1GV;f6*r#UJ1jApl*jW-dXm-3 z^Watp1oo|h2bLHBjYzGuB$Gx#6%=JaYtC9Q;5G;qRhZe1R%8u%{`|S_AFh!BCj6m!o}WEE5{%4IxcRRIN#3`$-3y{jCA;qM?0)QV;?rpY1;UrI&d$!c#D&I& zR6D}5UGiQ<&h>6JUrl^VFR`Idj`~IK=N;uP2mttiQ9`N1U%PnL5y1C?H^^*xe6Q@<`N3_m^a7AG}5vG z#KTUN&f#qTwdMgdZKu~tBYOS2$(nYtCzzKf&~@>sX4rMD&ewGjhJC)DHxBcR$KD1( zcBUIjt#Cf;5W|pBO%T0MhdU4MRa*eb8CI+)+V$7=Cz_g^w^D4Dc;EJzqlCdS4gw=} zpMQFiyU(9uJ`$4h8K*O%f*5RFGe*UvKk+~mQ+8h6!1+B|zG5T0bl`QqJ|VZbvJ~+1 ztLNm@O!l4@qjHn1)*q2Y-tFlQev{>tr040yME&a8*1<}BAfVUzyvAZhFr{v({q71g zjaTe9^o|b|kd5_Xe7)neFnErBghThCJ>W}FsN9bs(#Hqq%cyO0{W4|BAMlA5yzUI( ze#4A!;q~y&b-28&s*V@1Tpb4=rE|Xu<=v~tLY?*DBqSs(7Ld~_*u;gXNr<5V@jWZF z=bsUFqUB25lgh{*RcWdH=g$uSxtC!>8x$nj*OfNvVgTuJtl3%74OA_&@>eajDje?& z$bMVz(M8;mvjW}$yuPm;eW;PGX5Lwa{)<>6b7o7py)(v5_0j@C=)Io*nM;Qg(W8=< zg-W0h7U11L6#iYSe5r63))K+KB6it3z{SU7LNa16?Yjq{1b*0{I=zQeSG<_F&g;3C z07<0Zr=^w&rKR`bSV@s0isrV7VkLj2UG^@F)13uvfHb#NO1^&sZsL@k{Q8XkPU~Ed zA}!==Q9fg(0tVW=2iG)eqgIp3VT+fH`@Mf3T;buqvTzjhKRy{*nM21mc1|fz6PGap4VC}Ad!&Rz$s5H9=ja{ zyw>syBD7=+Qg>?gn0F~0ihvv*Gf-~{H=z!rwXQ2a{l0EaUMT)&QnUnEa{bkmtQxvL zT-Vd9P<~YBiB1d`JWJT)8vW6ZRFtv%rTz>NixB_-31^x}kWVLShlietv`piaJesxJ ziS?<-`3mA%-vYGLxRT7xky&ES4t-Cx`@$uK6B_^B!9r?<#vqqA(n{(+$C-MA$eSW_Z;m{$$*bxShal`JRsBeb*G%uG{{$BXVacq;8~>}TD3Q8tE~HSB~|Msj^f z>G>ZYc_;a+FZkpVM-cOZ*ey51^uO_Yc(^P3GLb*epwL4Q@qbbF z7GP0zUD)tr5h5)iAV^CKNSDF@l1dESAxIA}bcl2f(nv}P3=PsHFmy?GcX!u!#;4!+ z{lEYE_I2qnz{Q+%_TFo)z1F?%n@-1B3j<8z;OtKc@>4lq$vgoMi&xA7)3#J?I1a6e-Iw16CdU>yojT|3) zKv+)dMu;F!oa1WgG-!o@#2<6z?;;S7kn$3cuR-B%+Iy`7)QmHaM-U1iWyg&CS14S` z$et9He+xZW-+GCuU7kvS0XN|goS3KuW#u&QHJ2lm(nji;{W-vz0fkHeW7wkomn9l0 zwTLh2T1nEgE>YppKtc~^X<4hbea+#7P)WRskMHsB=FfJe&?rYS&@;M1VFhYT7NAuj zK(4QO1V2+?5!CwLV6p!(SHz3{|&RZ^{hg?bp21(nK>_#dG=B1GDBh`%XZ6>9ratGo7cCh3*{|oR!0DVH?r2kUvvza`S~zt<4bb## zr5YMXz~K6;%NgFlad;3OVTh;`B26z23$7-zgHEC#`RD3PWbdh32*v~%nw0LhLiHH| z+1+7WHcZP@n6@3S`f#}GtA^b`)zWa8h^WL>m{lY3i12TAX%XJid4T-14 z9&+=~)fHDi$9?z_agkZW4(c2N!w1W`%9oPw-id+f+F-6%lpxS|RZHrThjlI(w?AM;GVsKXf;qgtH+`uw^g^At8U#wh_Y6@y3 zhal(+)$u9|EL9=&PH8fsj(TXdBriuQIwR#D&bv$e=$X`I^OBCiW8D$nD9+1Ua;kK> zFuMfg0Ja4ScJ?r_#NXRWQAH)y-J@w7kc}ubnk*6X;erNO1ZHKS@;e57bSHQUN=i!V z2c&d)1){sV)l`BBdmwv1^=Xp1v^7ghN{THn<+UKERcV`&Gru@Q+ z{Oh%WjHMa_Fwm9-SI4p18hZ!5tKOIY@%-uZz8PV`GfN5uZ4SDX=Kje$Sjn{7Vt@85-0#H_E$``_A-|#2 zw>f@Zh598aJ{v{<02_T&CSXl#rixOF*0V++VFz70K~3~q>VUdfe&7Szn5Z~K0~yL~ zb7UjKKvV)Dz6PlzuEKQDXhHGlqo;Wj4BZ?Y9FU_mbRVCW12WQ)+(CdQsM)is(1h~2 z1Zxw$nJaOirXe}WJr9>dOdM(qN+_!S^PDnF7s|@ zm8|KD*yJ(G<_3;7oQnT@vt`9hfPbrS;3c^e*(uEVv38AvXdk)i8W-GQZ%#i^*!|m3 zo+8jRjfP?FHJm$|17ZkIiu9)SyvZD4Qtbb=Le>T-Pa!&2*Po?rNd{V93Yclg3j-QO zGSH%E2 zd&|RW_|YK`!t7sjUh5DlXm|Y0^gm#h%aQ8jK?Mj4-|!Y$3CFmz-`RX$=M59v^|Q9I zbH@hgR}pHnR{Xv!^aC%fUbU3^Y2ahTlo{z#)sGs~pnHn}T4!q8$lxocTbRpaNARWD zW1o@y=A(fDqZ0=9|L#h_B_%36i8k(Wwv=1;Tn`AiNvXU17?!3n`P&Umg2h9rkFQAX zh+@3i75_~4?AZY5fpXA8iid=igceTVTEh(fuR$rr#hcB&GSGE+RZSX zMj^)`2_?_B&``Gm68a-k<$K=oqrD07s4h9DgmNMACNGyCyLhcid@oq^g&n&aff*sV z>nUR|ofS+!mdq-%CkDeBi*OD5t0t$N2fYHsHtLi|LN1ueCcZ!Rz>H6~>asF3pSQKM z>sB=ho?9jjpwmV*932=RyX{&%J8TQHvF+2i?^mumT4epS+W9IOESr@kZ`i+(Nqo9y zT6@{cEXcRao~KoXf{GP&Re=jIWjAxThd;~Dl@8pnYTh9Yi5oj~y7)r0x1Xgucl%9N zvdk=b@1*{QS8K@OmyI&R=}_(i8tV@k)YW*aeYdVO@FEWc3gc2-6k)cWu(K3+_J(pA zRm^c!DtV}xC~#gR@SX_>Qa*jYZO}k6a`0;QTm9MjobfoH>YnXjJNKsL80RZk#}syv z8czun)moOR(_bVcrB}#v6@ZiFJFQ=yH0?w?%pU7sEGQm*aq$pG2x2W+~>v-ey_QWIKt z)msc-5Eq+4iRt8>h_QuV+=Y5?wr6~MGMLiT32tb|h;6|IXR>NnYng&`Cd$n9ZzOl; zbvct;lcxC>8z_2Pi&DLD=XS9j9VZucA(P0gVp^x%BMoY}ueC^Yh;?h3gm$hSW!gqm zHh;2Z_wKsc%Vp76OP`wHQnHZNX7D|421%6{MRXD0zq88Q^exx`5bKFY2*%QfNmhJY%K49WZ_`RCrPVxb_18wdpJ}xept0Q60 z>lm`@E6%GDpZ9H1CLi|2fUyO_X+|-UDElgk-}j~2oqQM7;-kx=u@%0a!H^WHVS<1) z2U=EGi0NY3th`p^mYm5_dt=%~WV)98s9|G)+7bG(_~OKQ4 zMaDa<28BzoV3+1+=4+_)WlE2UF*M(w|Ney5qqGBBdBo+JQ@TXxhI3>tlYnbfSt1!e zmE-jz_itD%E@7WqGtU&3;KO^8BV{j*GPAN-K2mOy3`8y%ucA^4ty9V0mZ2ByB%_&5 zp_Fa%L~d%y)GRW)lPhA_RqP~0g3bND=8Op&&b3DEBF;>Y!X6oV9kG^Sr$^L#ZM|;JQDKvqy zsv3%isEW<*8a=>^^~pv&B7@0D7SgSZy;G*aF4$qkFF{lhy{1tLT*f+fd#9BD*f>Z2 z*e2^)!iI7SZjzNa*FG!daIu-9fREhzv#edZ@2{cQs#hKyQre|91}~CpNJf9u$Gy~& z?V?y){BfRJVjDFkBAHJeaP4f~{3PK}A+5C7sTNAA;EaO~{&qwbr`QuceP2le>k+y{ z<#0Y3`0mlZ@5Ze!-!+xux}giWniG^ zB_c1(^-@*8*AaEQ@G)&fcs_-0(Bk`{eW8s+oB);3+M)A>b?WkY&4ksLZ&70`n%T)q z1Fc*gxeCxl*z&iI4s2Gx)++d7;5{{Tkf1f34oB2V*$d;QQ)`0gO;)BW*1|B>gghx& zwR>8b?vWDk+a^`=9-bvN+PdQt87ybVE&Y=_BL`dsRN3Xyw6@TSJZBk{) z$!g)a^DZf}Aeq>~BXGFshAyVNsCg&!Ztb*D*?ylxi-9rdE^Eg7c_6E_=ePwHoMBPJ za-$B|P^QPTcS>`et}Ty9l<7oJm?$lsNS0yz_&MTXOES%lbDc2UAJ8v@m8z?x>vLA!wft#x8AL|x!AihaRprp~33w*;ec0_msde!~ zh;NIkOWZA%aFVQXd?5Zm=W}7k3yyUQ9=EO!k_aWq&M(g^d=0EMr3^a|30u zPBRwsR(Eai-Q5+;<=kaiuf_yRda;(rF!t1LyX6ATAn;DKcm}e(=)e2i#iCK(UY>=v;DHm{p|*nXF}{)+bD0lH`nHNwDF(% z%e}Toa5KB_SXJp*!O$I#$nMaa9G?FCwUFtT=UzG-U7HS6Qu@J&gL|iUT7S4oHk!Vi zFAfY_3Oyn&x1zqevP(Hg;-r|}%3Xw1F6ZN+M){5lbcl*$SNO2g6K&5-GG*ne)43hLVH!H& zpw|mHWEi~k)3a!M6{6`ve5^AY*y75jcatq}z(}Okzs~Mx{#|f)pyctru>d2+ItHRT zF-t=Qh|a3l$(=C@S1z{m+~=5P&T|Qn{3z()&!hb5%FD=x<*)pQQP-u3myjX;h2x+@ z1t8GsvQsdau%$wug;`rFwRmL<@_tC16G%g`wdV_nC-%n2PV^R@`8Z){-XvwN8$qq$ zj0--PoH|64MG;czb$OQ@Hg&dNie}YMfXP3VUmy;mRrh>}`@{v`gU{_rb3;gb@HI2A zgu74oVZ>KOBILc&pH1E}S669q?^P6EZw(FM^V$$q;_M)Pn$RMM`!{wm5 z0Enyv;2rM`14NH$wlTzhU$9wURaVDk-MnDFvL(@Q$?g*8EBUQ11zm~gzCc*QgJe~K z_gLkE(*e>hSqYF{moVx^DUHiR4DFu|sZsml(&`15MOw;X zs~U?8wcZ8M+7|0z8b4K)YYAd$(PZky4K&J2W6TjSd-}Q-TNJYSZePQPOJ%ja-}bnw z9bDhnyR(JxV1kCKr}c(YFULK4@!q6yI6dB0aKYqE#mVEH()Wj$im_zP{j0WXBRJ6_ z;v7Sqbz(*b)m#8nDq;+o>}XM(;zEO9-T83u|EJ1^3}`@SaP}J{E-(+_{5n6Y;$W9uq!|Q@iU06fO38B5C70zKq@|?DtcHgS zS>S3xH7JyfD$cI1(H}U#>iQYLoq>$o?kC7EOwb9v*t~?s@if9Vh=K1`c%7xZH=Nhy zhjxS?@sbq3O(LrPDkkG0}vBB|_oEpwKhb>Z5-Yfz`&K($wlGhkw zD3f%C`RCi%Q$a6ZAmh?Xx2w&@It?f^Frf2OmOrYf7^!Lp?z6uTAlVjYuIBx93Ye9= zv!Ex8RB&4>fS&4?6igb&^6>hdZq4$?Y?xMe*-oy36;Z9TBHW#f?`H($IKE`aMeVwiO?T}~2=nFg& zwOA*Kpc-n1#Rjc64Ie8TIC1vgsl!NB8Kx_c19bVYA%Jjb585=#UF-aKhuMA75dr!&6qLaX(}C%@7AsqNC^ z6?uqoB6-69J+ck#q~+!MxW32&#H@fUp6FS^}q?lcXH>mOw$u$Prpf0e$mva+&qaPX5z54T(( z%U)=GIiUsmgr{}s7vYye}5O6u#4L_^*SEi6N_>S=ZrD%-1K z__IGwgNDe3I4!>=n|(K;*!<*v_r)}0Sq>03xZ%ZJz}?$=40Rv13=zb%P1?B)FaDrU zf3di#INDUQ;47tD&|3L^Bkd_5Sx^uBEAo$4U zQn$w;;gTIJYC)_MUn-^jT#5#3t4KP;Y~(?{w6w~|ZKyV>HQg8KpZeFj;s0wVw*cJq zf9~YYbkuM40%#+K`D+7PvQ9yvKYH&&b#RArg+zzW)7G$eTQ6jx^K=NdSwBNMsMo*O zC-5%&(_h6>g$Lg(MV^$lp21~KWQ2>c6*g*12#(AKwUXF^$Wa}vRd1|m_wF#?xN|z} zJlDUlk2`pz!oj1z3i)3K;U9n2cf~gb|Gj~|JG7tGC6S*nrx#=UCp?v3^YJvrScyuK z>Vs)lB2lglQHaLTk2ly*odLt16A_EZ(*L^H07kUGj3n5eeEY?Ei$0nHk&F>P>|R68 zq3CF@>2hW-(d!CNQb1DaJz#jtGTR!Zp)FG6b|QBVHHF8pb1l<)k~pFnpRoO#5w{NaK`swV5Tl=Y;}PSH&}PW-O(h-c1N^O{Mnce)9X> znuHMwy%-QnQboGlwISz!{JB48`_o@3+i2f!e64kycUXp7nrP?NbkR3zn-;C?O|yH6 zD4lodwiH);YF}iS+d*gK;~mz7roKrK>|Jt`=}G)u8UNE7f?xb+n0~6di~K~mARZpx z+`__LRaMop7Fh%@T{`X^FE29;VDA!SO~S@c>%#IksQendSU6q2zJe?H+Dh>Otxmi! z(&$Ae?~6v;ae)1JC5B8a_OVy@5$A>?paf<0s8C~jnAX+@kRM9;XOs<6*1`Ms2)vqI zf_7z_#4ialZs})-HO8g)A}=)hDG&j-)s(~RKp~4OD<~!=CZ;b*#_4*!f^M|<`1pRB zm>guKeqLoJDXgA0dmJhDJelsN?$zbL4OYd98!R_DvGbSzm%VB|ScPiz| za;#VqRM(9Ddn(gP{&t*vChR+ywM&+L5bYA1cK|<)3dpKGqp4eVTR85`PO|J5xveBPVHQ zrZGbkBkrmX6g8KWAMYoI)5}xRa)Ebb#OI-1N!4C zD=U8t4}&e)@!4S=rl41PUnh|IO$0r(%e(~)3%pj!utm%b)GlLsdisR_kHZ-=Jt<2? ze=($`wGESWNJ+D^Ew$4A=+<7OKH(?Hy@XK}%|I)*UnV;`tP-tSVCUicTY^BW8?OD6 zB$m0IG=<#2uo8fvd@bQe%8tK}|Y*LgbjrWeDtH)Af`8jG5nR)%%- zWMIKR(DKC`Ov6^aGO?g7g97MZ2?tf>K^!6`9_o2X;CE;hJp-+=miY+q{nh$10uK z_BqGdc6)~1^qA?7pN*iwcj#g<7#YYPdya_oetW(@$NuGA{RfS<+D$hqD;J;+;+BU{ zI1#46jm{70mUVk+edlI|!fRvL-R9hus#Sy^C7ptV!84d}Ma%wCa>5PA0zPXFi?r4g z;*Vjg4TV>v$UpuMA!9yhD_!k+BgcdLx@i3?6)^h>r( zz2lz(#S1e9V=oR^Y2F(d?zYfCF@Nn*Dn=%CKeBEOB3}}6)_}{m6mi0JsJbE(8g!U} z@};6~8r;d6(7TqO>cS87MYNJ8u}{kmng^Mv5BZ0J8aY=i`20N$3Jqq1rlkk>tWtBP5l^pgaA_qZp4%4FKNmvY$HHcFE+(AZbqZVfLn=_5vtdZ%4xPCl&w zNeav}U)XD3d*hki%x~u!-nlglg-m#=rQK3*Px7c|BF7VY_4b?dm&_mU`a9|BD9tnv zSomkxE|J)V*9v0}^E-WQOw{wK)kNh&y?nOs|2WQ`%;*!NutNAoA((=i>xOJ+4cY(@ ze`S^(yt=C*Ni$cGB|y14=*4^Df=!cQVmNa`{Dm0&S!jQ5YPL`REEacdBCU?7$X?6*iC9bTPUs_Vbk3+aDMUI*`G(u#Ob*Me_Uf`l?c{h>t=fq4%?lbx7e8oj%Lv^?K!gxkfT3fzbR9Wtm84NAuh>%MbI$!QV zowR1Me|*aRe7M;U0@A4;r*1a9V-Hx{eV$e^Q&_M6h=|btp-I}?eqDmow{N|Cjt6zA zNe&C>M*N5n+8k+}O1Av@qfN=OEE8he)a*FqpW^R4B*msmWRH2&(h+4}g*?6j!&oxb z5+wcY&SLe@>!b}U8x@bz7*F`#uRMeHpw9o=~e7d99LtaBMIBu|&Izrkt(((x}hH23K8? z7H9PXK;GZbZV%0S{)$O+nFn2+~V`nteQ*V2D(uf2*zn^3<`` z3CyPI>Uq7EB=%E(jmGKX3?2$n*2u!=e322IBI}_jO7b1;s7X82Y(cG7o{pcu=&j(| zJiHM|O}B*9kdD!G1)HgfP*nSbTVAtQr}O#2vk=OKGlOUiOkqOK=ke8axY0xk*JEvM zq||=cURnPB7WmO=K%#>B#4S;aHALPK6G**vnt6+ND0q|#9nGQD?iHHM?V1#5n8+!! zOqIE^U7T))e*OAtTm{I}g;aYI1N5%m0F~>wiq2m#9WXZzT`!mP&TpKY8(XOOnm@L< zF5<+#Cr_0RSz?NaMr7Lw@38(fPO!O6L$lzGdA?gg7ZHQVZrHWpXJY#vfc4y9(g3jt zkqK+3VaCqqq`S3wl(Gx!aqVtUNkOE`V0XdzQ*Va%mVy>-pN1=go0|zzc0$CBKAqp~ z2@mG4ZCGaZcz1FcKSNV-zUXzI44m9H*^`M_rA~9RA~CT)Dn!q>)r{JKnx%TWdqUAm zl&0sIKA0*t%UJ#yTPRM-1osT`>l;+)m9+?-h44yJ@mD{*G#p$ykCrIwdAjLS%{A2z zhY>aPWp)~ezl*Z(`6xgNIF3(m=)w`OGR zIcJ`b1Qn8hc#pFMMk1af1BOK4T`Iu&4R*vuUB*DD`^#CVngb%uE z7mxaRg!K`l&ffdJhFcZh?q#&*nFO_ty@}pTv=76KY5~kX4}s*_T8C@ zgR{r|E^}=yJk>HmrPJ=QaDc@7_jJ8U!LJ9u$qf;5DlAJY|LE*2nbuJ^L?APNzYi?c z!9g%=<#OG-rx>CkX%E-cR*5R1i--jo!`Y(OHzhSw-L)x>$zSC{npDHSBUTMH=0*Wu zZSVie0wx=g$;tGJ9ND;+ z(;YPR*bsnS0nwKvRj|RPiY3qGzoPm8=^XV}TxU7yM?t}CY0XlvcddkjzceI9 zp)1_mdEq!$jCKSOYo189odGWz9iBB94j8Q_0VVfg!mpOv)_jb~Yeq_g%>+r&mnVr* z(Zi)Tg0X(n=G$A3(N`LemTgj?m z%SV%}|1EbLywpNrI0q!2_qxY?RZfUx*hgjiyQ?slj7mne>aJmu zR?PiOrH;EoIGJh(-^d-GAtd*k9fSAx#!z2;_0;WlzGdMRFfTgoYZ&6%ij0g*M`ROl zzB2yv$c8)*0s_slLqI6KxyM_>pP@!9%lFePaefD`pb7G2Fafv`8<*|t$k+?5v)OL= zQs^QJK?hN57Ir4hBxB^!A$x1e_eX6cvqjhzltIUv!!3?oH~uUMBTI7mnq|tnnVm+r znU9%y?NM&mXC9_<)efn^(awZ&-OhNB+Fxl2(Z=nKo11AxfUnIv)2{HValu~t!4=3a zR1$hV{z^iL)qY%}vWBZdwKCgSPe{tQnH!TSPJTP`P+950p@9!T&&zq zNicKG83c!cDs3|G&8LR~wom$Q-SDiZCyB*0E^RlR{BX z`fBm99Um$#v}w^6Ea;ho2z=js`x_So0!*lPatvay`CgJhSzC^h$xuv0RaI4ER~Lqq zREJsc7o9@?ni>H&w*%Dq=h#;dB>ymvAW-J}&W7Z>+T|T9cZ2JMDW>n5XMJxIDOTMd z?;XRFtSH5yo(K%)H+X3r3`D!UE(-pz;~sD>zyH|}sdMXPulvrp*;}$l>~K(a z*;!#V2-sKyFeP5@>>n!Q zV)D!H0w+ZA11|3=5!Vsi`da~Virs*4bW=hqFX_dtj9Q(@=}AgPHmcOlsN{P}@T!so zz0P(o%0{$`YC#HVkiCGqCo}G1%+toLOVNGhzKa$*@o{`?LP^9s497OW2Z(82ra~;= zZt+Ea(iqn2&o1|`1~7sZ*O$~qN0S6`H(Qavsz(?mFNpUyFXVV#xiu`=>5XW!GQMhX zU81r=9Ua9Y=`bNnV~}&F;JCO$v;zDLi`@7LMd5!%K)E|Rp9o*;#9dzUcro3w-!@}u zM$QZXiMUT0p~ld9wsv$XQ{}*&^|*{kWYNOpo2TX6Wys{h0<5|pXw%KyUf$PP8++`C z5^ZH9@cRkOmN{JZcp*OW%45kGX`ZE;dvBO(j-qk`@CGr+x@~+t zqav2sApMYA0qu`T%rJYbCX*V2Vh*a;SXPI~V~f!2XTlLId9kA z=K$swT&bgB_i*>xL8ZRcaG&4!T8SeEo^T+H4jjL;Yb%FFe&i=JDOO}s(=!oO`DtZX zRX>#DGRf4=1*-NS@N}UhKD$c?<&pVDFpjQc74w2fc(#=kSp|YUt@E4Ez8(YweTz#P zxCy25yKtBlzcM*g7lfF+xTgu*n1bQH7P{9vL*$b!*hTU*=Z zuU1Gp_>E1VYL!S8nF=EhMHFbeLROQsha{uA0l4M#?iM2jJvm!BKJ~#i3;TmHiElslDa`I3BEWFukd-G0sr}U8ao&M|$k=Iks)#Pt1nvk!-)`-qu=aO^A#54uZCx3v7-K5}z!4 z)qd!wAX?&IsO?Sj*KCT540hPvj*iT3JsPIYUvegXo!Iloz9j;n77bG86rJ26}&i~c-M+Xs>Cjc)`(BaAiJ8uUsse&9 z6~Kckj>w4(RyZu~yuFdABiV_|+DhR~G2Z15voAbR}lrEQ;*MRS1zt&|;MWQBdz(OqsFP8GtY2@N=2?)0hu``LnH5LxHjP*!QapFOOAj<i?pOvOy1@k=X4t9Gf+;&-!bk=B0pklEH2j9@Q!trE2xOG|D zTWA&ULz+>*s|zjQ zykuH+p|!*~YhvO^cQGxkZ5Wdcq@24Bz2nosrk|^qh+)F9VimA})8w<8=c3nw`xnn9 z4U2*Os$d({;BNK}cgCu7w(e6)AV^sd5Ddj$@dyE+UvmZI(?cqp5M2O03LG}3l~bN7 zoNoYNioK(w&kde3wtpn8h#3Gl?XMB7_+Ew3L!%V8bmoh{qwv|IOKh@^nitOyh}QY$ z^WeP+&D)lNT~%rp7VSFv6g6Ezc|jcuNsG4@qiL0^I2CPg6I)&FMA}ZYJv+J6CZpH# zny{Gu^v*EK-qJG{!dYh(nkVPZADE2j)r)5hZi5AMmE)m70PWJ&IF^Dl9zhNO#{g>K zRWX)LEkj$i(&-~xfvCX?d4g{QV>*;U(P3}m@S^ibxE?8J9#mCV17bNc=Z^C$^^<7_ z(PJ>74rOECevUuxM}cAO7{#s3p0-y!rELj4y}x2LNv-PrJuGrz)?K0wWnH)9dn7#Y zFm~)If0@|Gy<^ARr9gUfgKG-a+aN3LiN!z&Hr0w-;#9$y2c(a3N3(cC)ve5ewtyz{ z8Rwuw&7b%7$E!FlA8siMk3{U}4WOhkz4MZlB*fGHC4k8tj+yjUvNdxlc#g}`N&nu& zL@c(4j0x~Ja5q8i(3Y5h`uB6$NFV|MnCm|>*IjRTcmx)DdZguQf~qLknzHA;`|B++ z)LG2-2cpri9{#AicRA-DtzWV|@9)>)UY8i>ljM4m`nIoNFV~WMUM4a4e0G%ST}=!d zIWha20!K>LJHTxV(FtFC9MCCkUtNQkNN&ws^0?S<2GDkSh#tO|TRNP1{=Z;MdAYIZ z|45VvWY^NjK7sct7~}pU!|ly3nS=~!83hVhM^9Ty{;_BHq$^DES20@n5Q&LoYo(>m ztp4!tg!-WXim5Zlyc-V+%eHm?R~{H(Q95z>W0}SY0qf$|P<}Y0GyJYW=LOc&(5T_G zUfqB;-%6*ULS0Ff)S$POArhFIhL;5*`?GHesoiw%?~qRMuziunc}fW?iFXW$9qPEf`^=el_ z6J=IjZ&z+et?Rg-vKK?tD&`%X8zM_NHD+*w6q-@fTt~6u&f1@ANy|31oXH$`1Sbns ze>J>RQL9`NxH8!hz5n1M-D8?RTVXnDY!whW16RD`4_9FKm4`fW0lgn)99-8^tgcr5 zuZuD6qf6}^AAbVSrEDNUWD3jA7Km`$9*f(Xy$=xs%p`lD;dfpYRXVC-2AM+1Q>&-* zY5hM6%h@z4Ed1>HSLe5uLgKmL>D6J5I#;Q~)uP?&nCArW`|joB-l#{dSA3;=^8#$? zcK+P$-JOc$yGmPjMoeK$EP#yD(Z)#iPlmQ(RMdgQPJ0eh?;#=NBKy~1bmbO`0f|uL z2TN!pe*h-~T`2-3t+j4I$R4P~8gNjwF{v(;zOm|LU!FsBaJF}JG?tk^;e~8Gs;#Sg zmmiNhQSkwGjVp91<$lJ^cBZDr>`wYpCq+v;H4nSz-644Mt>gL=%gTHzy^90`W$+ zEyQuKowt?0pg0hcm^7D~2Rua(K^U(@uwmJ8aZMUV0shDEW)y>->K>SrIJM7EoL6yp4(7<>q`vvmV_BLQJ*%qO=3(s+yoXjXg&ZG$7^=Bd;rX0 z$8oafvUWyB#ynspx`I?_g;4*nk$=BT^JWd@j@ru6MQ*iIOGu4u9=}+rrkvDMRz>Fc z;FVKa+H;8s==my40z|-SogB1z!KlEp9$&oQmw|w>Df*TDCASw}#try(<-0~h-4?V1wR^`sE z0*!?R;@tp<0vMgJ+~89F*gpPVTy|JOLV}t0C=$Fe@stwa^5>y3C`jIMcNol z6rm|Wx6jd*pJq%uy9kk*?u>8Kyvs(!?>XjkmT(j{wX}d8nh29ZScY>DCC>~M!bS+*=6RY&JkKd+=Zp>5PHGir6y^8^6vN5xpSaPc@8 z1EtqYU(RG%vRrM%G%*!2(hetF@UMtla(TdQBn2;lSAsPdcRKRAzt%9T? zxpLwHKS+S#cAVx7!)8!0TAJK<{*KHuyTGQ&V~W_H*Qs;k2%CQFc1X;lvCj0XZ4&T6}7LB zK?T?gD9!&4_i_gC77F{wXY>?k&@K6eLIm3b^@`}zVC^fM3fUNnHG>l7V9jMuTaGZg zd|Bz5Ou1iJES_e@0vw1R?Ml135}k~eK_Hm9D@F>((f}`S7vC}j0vHG@++4%e9Br-^E3^7nW$DO)0-aGkR5qi zB<^p~#XnN(SI#ygR#YuVH_*0a zR>_8wJZvo_+YbY-2Yy$wjW_R?qUy320dj#n1S^jNKo+pdukR9Qe^JgZu{Xj)+{v43 z>>f}bPb-2x=yG629vH%ff`TaX3^6wy*sa$;T2{@L6dXI`(QjI+Tm8OTYtvwnBW+5+ z&vl0&TF)z=ZvHm{iAu7+_T+-pI_QZ^G)iMNXQXLG2$tnEo!SVK1u)Z8C6f9OALEiK z>vdTcE0*mM%NVI58foj4%|>qFWp&vxnwb+;=(usvoMcfj9jy=fnDefN{=>8D+gvRi|>P1Qfu~ z0A~E4a-5i+-hcHJ`DW`wVz5XSg8`XB)$7E|?}^l9iJSzH*~%?;e9F-*yyt=ZlFEF; za-;>lxM0@lgrQHKfZbaknL7rm#nn$@BcT;nYRmR4N-0bpP8bWn88Z;E&|$yDuH-fU zA%lUm0^tENSgmCE90kVh6w@&jGYcw+7cms`R0YM~)!TTJhXsE<&1igQGF4dDlP6D{ zpWa6lYuZ05Dk7_Ci2?!%z_|{)#=V0wS%krwQe_|jD$0};C!`)z6hKAY?{aLn1<;lB z0t=PZ)t$x|-i^OS_5;GAKpO&bRT0DjOW(U+@awODPTdyDPA{ci`bW_I-mXA75w%Qf zcIf{V48<2rG4qMnNuAEbgx<;3`E@g_6?w0B0?$AQ2H}|*4y$6AAu|yX!br$AAr4W! z!2W9mcZLbV%!d{$TgO+_SON|o8zcuRA+PdZ!#;Nj)5~DJmWH3zxze>Lk{xMNoTzm6 zkM_DZoh;Yg0H#~DzuYcP+mhJ>*dk%fA}{cJ{~rDMa~9M6YRa~IM|vE;OcOarPUoOf zD?3#(Zc+)rU$Jbo{*}d$%=l?5FK`V6fUJXRmk2CaDlw}lG52|Zl*+%Z4EbgWtwc0> z?X%Ik4KqIla-V?dNN7EZY2?vkU}K*$z01{*oIQ->L?)qvD#3?%F^d(I1eONK#s2$9 zONjjsm=@DyoOb|*>N3p=hSHD&VqL4)jX~RUnr0$cU|Ms`P{u`8-|GEse)RWVuDXu* zx-C)JgUxyie3o!t+vvXZ`4Zf5qNrU!%S8^J_-Oo#EmayR{Xz^-2!I?6aMc(PxGv@} zNpIP4b!C??;TI3WvW;p|!U8&D*8C%#XwlnXDX(0rNOF_uODX{YQcSUpm8Y{E`{k07^FK3rf&Ka&6HQ_kC3ORj z@6)nT`Z5soVF8$C4vBI)1H;IJX|u7f$-gjP$`C%FzvXd1x)1Pp*Hml)B=DT%pGaWm z)i>e^%Vascx^SY^H`WJQ^2!D%t;~Er_f`u#ja5VObx6mE3$ZL{R(*v`6!+SB{BaW^ zXk*P?KkNgIYs5B^ELF_N4&ec8$>Nt2q8557e>q z%Rkrs-aMlKq8iRDjQBr{y#-WMZQK6sEeawH64Kq>ASvA<-7QE;H=~3!NH<7#cXzjR zcjr(84DoIBiTi!t=l!p5uO-f64a&^k`brx#WI<_DJx%`Pm27`=ia%bYXfQ2j9ofi5t+R* z{DzCg#-m<=!8?Xsyyao)YTE4O{#$Gm;sqGtwc5T+eHAFCqvCoH2xd4Ml;YvaPj0=O zONP(XV4+5K{U&%Gl4LTv(~#li6hwAazX~-=u-<}7J>9&@m?m%Sm@RbPn7h;w9}9Zw z-(C=U+?!dF zWIGWpIa{$WBtyOc~sbpLEbtBX8wcbCCkT+(X}vLNMSLcg#qR$K+mEZr8bf! zGyulOqHb*kPk!*ajM#lW|6V#|^5MR@Z!F2UBANqDZDfHk6f?Y9Y$O+Ei_^QnBG>~c ztK9K8?7lpw^g0!&?vHl}x$-HhGt`N7@{rCm6|=cBwpTa zHvm~FWrtk(cpMu%7Ow*p zGFJFI!TSd`WIPlqI-U4rmU9gRA`&4H3k3J48+QD*!o87IF)78paQ1?+AZSMpnM8R1 zrSy}-6^TLP z(LWcX=nXLQ%`(PiE|DRa%s+-TrJ}m{r&xzPY2gzTxt{oWFyfRT=PVTVXN~(x1botezbZDYA>i4s$~tKhK+!t4-VUO z;k?xk{AFsBzea?gNcLD)jgrYEb_{+74Vq>(RBl0F+rSGblEka|QP&S5YFoW@=bK)u zif&0M=dxwQMCSKU^G5C|M21 z{rK`$r_o_(!TLzE#Vn@?kAQ$Ku6x7zXgT=d-i?f!`a{iBi4H>MG0}G*?l2mv9}iTW zhglT)Px{R~R`g8OU>ET&4$>SJs$eZce5Vee#4hM73g6f^SvbddiBSwZ%TTH*(ib9_ z9G*8}%3`JuYP#teJX56~eY~(Ir$}I`ih)Zx#?|#avKqS47r3|`m@^P1pY>pdVAPrG zu+oQd3$-VZ3S&1@iErQ6h~sV?dYtK<7=G_Uk?b96{H4@ejaTKu-`G9oK8|w6nuA; zw{?&NN!83rbzY)5!8pmTBp_hwrm>;iqDCeAWm&*3&Xs-F##+=#u~o}VtbnmH&#{uw0OKP#rSt}H z{$-{%Q{(-OUzEZJ1PG&3K>X1=G+~)nE2)mGh?HH~p9aJF&ue@2ZwoNuYZ+ko4yk1^ zeM!b&VG|*->)x#3nWC7Q9ehr29U7(ioBWFlv>dkUL}@691{0+I0X1%&iJC=Lu{?$! ztPBz7U@p*k#_pG#c2v?OL;3*SkPY%+MB^$Jj13@^b}u$B0a~}px?PuL?y!rYPF7ll z48WcV*>psdjGJ51ie_=Ha{T(B^d3jRLo$7)@whIN=3yB`Y}3{~7>BV{U9vr#)W0R0 ztwYacH80Aj#cqj8TFUmxB%yFM2HVtDc!IUu=V^PcqMAV#>ZonRUmk@7bX2-ON##_? zPP>$N2js2413h>b6_JUPyI*dB4EmZOtJP|$y)Y0IpK-IUY?;7{`LVd*miE#EuKq4G zVP$G`t9MR^5rgZh^l3cy$XcM4Z*jU0wMFzXKtZ9DD{piK5{Qn9uMJSB^TiY_VPs{I z;A@qfymwiKvIgd`-tMG{oH_E{fWi$1HUnAPcZ)%-q)`s*j6GyzWR=>>dbTX0+CpzR zEtz{lT8Nw>M}GYZvOgdMydKJw{DHLZO-GW&guV)zVncE9|Q_7*%xBU|*#>$(r1oGoLH3h;{w$S(%@CR!~xuT@pZ89Y9`(w0-`?E)Lc zc;Zk%*0QlveZp(8Ij!eOnO*>+p+0h|r%RhLrR9 ziPpqekIQ$xhe`nRpR?Te3IK>}vnG_UZgj24S82R~+`NX*kAtKJeO}DWGAsQ0yV0N`)TsnX+#3SDTcDqo-H`W<5=h=u;DA zsYKLnVn&*tbK@A+wLFFc*k!Cc6z%vZ5SfSNdhvxdl%5EkTDV zG8}9Eo4!soa*}J%tL>i5f1v#}!bI(;j@jHgG9UXkO9<$YhVR{mNeI3zQ6jrF^~uZu z(wUpeaN-S&+AH~iR-^`tnN6YKt$xbiQvAG%O6A;&r%k6ak9t~KnXGKi(_o-L<=oe1 z7}w6YVx`71ifVdkY3cN?HMJ*FEG=Cu_>-ixe9wAm>{_Yk$IzMe0Ti$;VQ)#RzZMru(a>M7b({2G}kp41F^9Y!;X{OXOa&2lQn6K?#Sz9<= zWK-BCsAM1;4cvcE`c2XUxl7=o!O5>^mOKD~(lCq1cD#F`@f2-9jH4XDa=EzFb!yx< z1{&i!J3G%Y>Lz_T()`|pDaDDk&ZASU+11@mM$ye@p2JZdZsDcDgkkr6iA%ji4@=)75*N&BXDZ8Lx3%yrrGq}4SoDzc?@ z8kvCCd&&Jlv^3Q@!|@>2obJzU5G(oMdX+1gtkB=lG0yP%NLK5IRBEXTb`WuoaT#HJ z`fs}0^v~_;b4tZ>A&aTcYRcblzlgH&G~4S@lQL>|19pimFN9&3W=q1AmJ)?@O!T6q zz6b1{im=jLx(>bFAUgY7!y6;3vdwYT>!UsS0F~v5G}1%7XFj{CgP1xL($|X^fbYv_ zFpxYU;NhR(wCXf|@ML>kVSM>*R>+Qk*H4~h!e1|*d^$c1JNnGvpHH2h2k!OTsJbiG zn?Ueb1D1}MHS}ufO!G?|Bf(Vc!O^{aT2s&U;l!iA^GX6mROv&lOMa2G3CZo*cI;_V zVN>7lmTpEt*Dv^_rwwyjM%Wr(4F;Nuwj3^3hYw1~4=MBvR=JZF5$64L@U_7WZ4xc# z)!FH3TMdIjMM1P=G>hrDouw#SMkE zwl;}kwlBOmnSonsaOx=EpgO(Y%(YcJX?HQ7Z#9mTmP%=Uz0n7mNpxAHO7o<_$c9DQ zXIg=Ji+Ycs(5d!!#d{4Lm`^f`HutLPe-*^#eAT|(41H2xZth4f24(RJlM}-aCnXii z1O~HbNULeis}yOq!pAY{#EzN_uu#Qm(1my5D;6I#o~R8-%i1(OpnK_FGQ@h`*L#%4 z(wzWyFst(SPs>`9`UAa43$MoITPjVvQh1jDrPd>Mcx;w_;7Y#&lOzrb&t-W3F zD1*J0i&ZL~l$C&n`(_@?Mpuawy`(_Mq`_{mBwN%;HgSB8qK1T+gRjxt zmMH1;tAV>+EGlhQ`EOFrsNG46l*y^K85lr;*Z26? zDM~o9a}Q3>6CGV#w-FcFR;?$IN_@sq!n*p_M2s8jbg4?Ffb1<28XAqIiiA2?N?4@} zFpbBvo(e-H|Iw1*(gq*(O5?w{MKveMym1Ejfv)KG zW1iTX>gax`G_cxBY4ARWH#D{!+?~xBUPk@|Zj5m;I1=9K(~4I=q%Gv$5%0g=y}g!@ zZ#0^UIs6HQAwnbyk`heeWWo+;H1taR`d8ez7BS$lR4yyXx_oNy(+Wgzlc5WU{^~ks%Sl)2 zb*gh=`3opC19tR0kox_U;c4XyV~0&lGJgJirVIg#7i+ehLLk5nh6~qsGVVZ~7Ngo? zK{Lz&3wK_fQB7?9ea~I^a%W_Bn!);Yd7cs#D)f;jz%`Qv%$!3%@J)NJF9)H$f`NfKz43lD1V0K016x60v8TnDy}hcJu~xVnK0ch*uzpmY{G34li6k<2 ze+nr!&HHoblS2{=jLX6_m>KAQZHx3rHR;z!@Z}(NnasQC+CMNg_>a%&LI#awY z3zU{#fovE6ackbpun7J)`frP=Y#!gnC@wtM6Nv?OArw_kR+MMn!VE& zod`N^i;jR1@kX@GvUjc~?AumeJ*>&a-8rLXAQr)dUFlien!|OLRS>Z z4Yx*Jta}FQ+%5}TzlxZg6{yO2Mr%mkyGbe?bK!)XxoQ7Hahv2Nw0>*&C52d-?sT?d zo1Sq|!|70*mv&Fyrn9zH40B1N`bDp*Y+Dv)#QsMba-!ba!LUwFh2ccxare&CBd>#x z1AE*J9-KXb+yn=7Dt;#C7VxbfzP^=*#8W<>$qu1ai8N-Hn1J zbEJC4O=@>tJUnP9v1T@*VhwFUz}HT<1gofSp##a*TE2E!mlcHaRcTOq$Fm`phpUs4K`d^zaFHYO&*i2U!vh@ZoRZFgM!xcP4!@|@==DaTVr?%X%o^Gt-88VqUs)(}9 z0@*9{lLhZlY=i6j@YQ>iosFt9-5L6A&&p4urV=49sE@J9V1hOogqtA1_R@}BD1y&K zssuyoW43|oVggWSo{xIk@j5f&GH5L-7Fd<@{`TjO4`cKzGnMcJjyk9HD)Aqzy_e>k zCXkAr_;#+g#hZ~R^#6kG`Q`mr*dBK&dQ6_YBdM@IRl`hmzPw5J?&eUFrxvCyd=!ZL zyQ~Ou0~hT>?T_D;xkq9B`j=#6Kx7_!lBT{Bs;59EJ_muDha1=dqzjDI9A64|f+nr@ z`uYdNN=UHtlSvhY~MrwR2(dL?=9>{2|o{!FajM)cUH7ko>a36Fv*_CPl_3FuPxg^iC(>;P zKKRcRwP(;~QX5w0FdLnYy2mpkDu{m6wNS$vH06Ty>KbBC+TH-;pINEKchs)coqfHz z29dm>YF=h!o7N$<=6G}S4W{PsA2Cp45(T}}JFDNu)apeMg5FlfG4ulL;SHZ!HB6=e&}higk2-|e&mJ;q-ZU|{<{2)ZM^28^Ub)5 zo^JY*mq+TYae;?`H?(-wc2P5%I~8#7_joN-=!8jL#i&%1+Ys4k42uJ>8No-oNP0wA zpSxO}+(DwPQ}MtZ8HJhts9Ti?my_j3eSs&zuP2D;ht;~v-iaC>V2kYd$<+s$$S7J_ z0czsYJA_g|jej!arE`-qb>Fa2FBx!iF~Jlw+UtzNXZB3j^F}XEcS)kT_KU48I39dg zczq&~mTusKT4g=;91M;FNJqNtHp_@exZnFOoepPxs3-+}Qrd_bf{kIL2dUZ zKRcMsh^wwvP>*&c&sUqLd)+sjkw)h&Q|?~6C5(}y4|c6oFvAa6EZ10JyDd9Xd1-=? z1Y8~&ZU`4TQ%A!jkIjE&MHKzO#B>xdAzRLcY!7u-PMEIW`EhUEThlI(DI^a-z4YoM z$!!Xu*Kb@S2JJ|!FMPARk)x$p-lBOwll?6T=7q&AD3TaiSD-0`V@gQhqh z$%Z(K?<(dLopO2b`8PMQ3P66^5h%KT23&b2j^CcNw(AV}@A zVc&3SFPQh6TQGtlx@~ug&YLO>br};z$J1tflO(7NKGNeLSqk23%`2;+8UG*oTn0yv zI(mwQ#K67~DC3bk^+G;>doo~db$+QI5jSZC#m{099AG}W$K}!g-!wq2YeyWQUUqXz zlWzxH%XgS5-xY&Vw!77V`#2(SwIlqo3$SaO;m85pN~Lbs5`|Y!aB3wGUs#)3P3E3f zqb-k4xJuM~x-bKZBLgWd)4JP0I31`5z;@#RJ@ehgqvNK%%9p{D)nCgT@wSLvN1Twu zNMJFNZ#OaeMy5B8|LWYl>Iw10PfrhJxo8pI*AxQwHK$!08>a&YHkpGd_ox3;LLLFH z5*sEZ=BV9Z&<|Js5S$Rt4p69@nGu3Pf=D{LQ!SErc~zrxc|+F8WHUGV{wn@6U7qS} z3Z9423GuB?M3Dp^!J`NSZc9k`g3)@-!VZQHo@k$1iBm0}e`;!crKNzqD@r$$;ICl^ zqST+pPC`{GORTCG6>NDo+%!6HaLEvP+dp>AAiKBwj==N zyA>qsIA{}ZIC=Pb$}_?jQbBiVmjctX%Du{a@4InFVou9@!l#(=|JC+?L5Tv>$2tqN8h?x zXYj@ym&(n~TfPw&vqMbC@;6&0xmH{cJ@ccw?cAJ{8mV4)`v(wBI;XrEsP|tIk%CUXMay1oYS`U7c+XKK&vQeyn41 zHjKbD966DUvTX#g9S6wcuZ|Xe*60DgO^}%PFkNXg1w`cfZjj>aL=X(lce%WrtKf}n z*YDa%1NmXnfnpCtfeA{LsqT-1fX@df?@Ssci_jnhd=8?jCTHiRq0hEBjutQd&yv7A zPrahMm8glW04J0%+_3rTq1K&5U(U#>ycUfb{P3_eZ-1f``lx`e9oyNl_KJ?kZeV{p zkj)#jx}_qgdMqt3)eTyHWKw->LbeyUQ&;_RFp*1z%V|jrnOa)XDS6x&;9%7l>J}r5 zN;Nbb-55RfoUQT1_R?t7Em1;u7kKwg_^;iiLjN;9#sP>^x~#tYj-dTkH)}albu^@2 zE=kqyg)q1&&Fe~#{@$s+sf@Bf8wr1Qbeq3sx?Dty-2!kT$9m8`T0OPuU2QG<#{9qR zo+{SMOReZdytzJ4)C-pN#(=b5oVBtzT&w?7Ju*YD17h)BDM~7-T=SzF{sC<<6U^T zG~}w6|6HIHNS=ME;8-@twLt~xvx-qp8R$TRGR;^=#F1$>^n@*OL zfNY1|tsbB>HDje5<`2-kr%Z%o9t#g8vBOvxZUwzQ=T(Z!&Fp+(0-{t9^{>jtdAvgj zD0g@h3+2OGa~v);*{b;fmRA{*o+>gU%N`#B3TAQvFx)(0n>vrHZv+q=6 z1|5J{IY5m)ptsQ3n1W>mpv~z=i!-rUfzuoG(Dz){Z8NiJ<1tI#ttgG-EgP36!6F-q z;o9U|b%Vgb=sNLQ2i%-TOJw%<4b)a5-Qj~+IHbp|wJG)HAK}9rZLhin<|KI&zGh`a z&ap+s5KYGB$%bEay-2=2@*H}2TW23qQHoM6boWaGr@4*S2_sO=h-EKo!tC}(#mJ`c ztDtzFxfQWReaDg)hj&NBn#%x^tI18j?F&Jym0;eoDb~E{oA-~J{wcOVP2KzLDCsK{ zEgj$W@^ zb2(@Wvg`^2p!tcZsZpb-LgV0ZGYTRknO*G$jP|jtlk=*`7@u9=PAh8_5Zbb=U8?B` z0f9%x-s8Z)*jOb^qDLUWG%b}>!iz2(!o|j>q^gcyl9M~=n`hLk&_^R6@E1UXVpXK& zV2~>z6YcHVE+(UtF(I-2whhG0l>xQ0K5OEp1$wDmlei+1l;wiTLC}ou4fZhspOCHt zT9>JeN6&n%Md*a-$Uweh;r7|NS^f|5fUYC}CiAq`5MM!BfKHjasia9ik-@d`;iitgB7O1 zEZT_c8j}O3#i>lZPqJyR6;M#Fr%L=ZN}H)yHcsLm$)obS8Zt;VfS$vYX+x@HfID

qk&4pBVO;$l&{Yk#kJVD`9%dYf09PedAwq62t*>(__{p$ z48d7eWX(v5QvZGk{`zP7QO#cj$n^1F-}d$xc6Y#`W+{jdJ;(**Lz&&C)YKFq04zaF z-J{ivFTl_9)AKazp2_KLj-TP8*Vbz6M-wkv239J|AS5?^l%mjOKjij-Lhj~Q8)-b> z$Mr^ge+W6gG|}tW3GJpI9#nrUa!DH+ZJf2?jFmfxd~E5TX?ab;7H2rJ+5`u@gAp-< zaZH1XNn*K#2ejCv0LK>*=oQ6Tbw}7rbrBCGE&|%qa_&$LCVIbRJ3daa^#zHXjZuFr zgY*#Wp$oKgW-syQl*K7N4;g|ABrL%X7eupu+q*V5!kX&ZMxz_ABg5zX$18KvljQVB z8NBDKM1H(tv?jlzDPyX!4ac=NU{!4@>{2yPE?j|f!ZsCjRGm$&y%Bp<+01i}+R^AS}jM%%(?!yFai+yA6jY`)64{+~6Up=@mVo z3=usDFuQZ)I9C+q^?p+jH=v|v(I5#YBhAo~ev-;-%X)Li20v-Ug7bwvw}{;RD%qHB zmtHSqW`5a?l!HBEnBgSG@x=2jklB0{Yb^TY>`T6r55$>Eyp~Uh#;G^(aWhAVFbeF7 zx0oqO*Q_=_%epE4#G@M^ny~OqQiv5-?)2=8HVSQFVE-OdN+4ri<$QbC*gIm&xtX{` z&)C>_U{u+*R6~2Uzn`Uj0#Fs?$9Emn1E^&}LP9?;i7t0W-C#-fiYAnGmW<(viO%h2 zn$SoAKr3B8w&!qWqodrBF#EkfnhfJgx{^qYzm`luZ@n39p}Z?X`7)rj^zvx9ha1)? z3;@#sdo3rxVJKMonP4XXM*>7(**uasE$R|Vy_zd>4n-1I+` zU%YCSA>1w`I;wf-Q`rFlfTRn}c`XC~t~7(3kKm6A>t_?_F9tX!|1pX6U1SFFt6IQ# z_Z-eZQjj3_-aw20C$W`2He$JS&ad1(R1l9;f{f6|2mRP9o+ex%p{p-xyOsAZHqbA_ z3nd@o70qI%_YGQ()YAt)Wtx1mWQq4HTpi@7-9O6I3wns)WJFH!BFt~^PLC$bQeZcG zr1Lku6+8*|(=Fa!U2yxslOT;|?}B1@?1~Cwd6wQZmhO(S3n7#UQJ*B}NPE}BZ2VJ& zHD=6`SiBJacP2ag0nye=(9Z=1ClpnB&98nlatB|8bi{&!+eUo1aehs3u8A+`20A}S zF&xx0$5$LiAer^K#3PHq7H8j6bodzE9V&p_KU>kX+Cs+?lKm=Lr(9vr&*>;KPL{$< zWFb9CK6;er!V>R%(LfY?qn>&V?oiS>b~ z*`Kqwd>D#aTC+>$WF&WKfb(macK#Ot+Z2Q$gK8Si-0pIgwG3|nYQ*VEflqO_*K)u< z`nx1*zG9|Z0=W{vsF^#8l%)tTPLC9Kvd^k;11Wv{XmXi>e6*k)mq*4p8xXNC?KVsb zpO->h67ExHwXv?XZePa`Z{0?5{+@cjzT3(A z>YQR3k5cLP%z3?Vdc;Z%n@Lck*9jiW+{I09H~YT^aXu^$&d`#x4Hq!@nV#9)5R-HM;*Exp3L zFy%5>D}u-2aUphFVS7!M>*brm*=(Ame*wpoDKbPV+n_f`WdZ_fs5fxvQ;nFq{EvQq z7~17t)5eIqTyMyzhPyge6hv|<)%F;vo>{E)Jlnbqm@!U(9a=;t-z8az9CFzGfYQQ= zN%4ZAiepj(D5V;zqt(}ZnBokj!v(*}YqUypZL6g!P53G$Q9-vp4hs)=gu}AO;^At;-O;{!VCb!ttx# z@ZEkUEx_sKRePNyd8nE2OmD*W&QdD*@tF9R&!u`L7=)SQUf#;q8z*Be7D7_qO&iSN zWfI>~#?7xLsHOz&=-hMIDSX61&jq zmH0i@FvW10%f9ESnHWP(MJ16^nc~d7RaY#=`wQWnIJOzW{y8gFiHf1G9=5@QFXNa^ zyx;hVb*O%r6r=sOS+@xb1yR-5;A zj$#x0&IUrQFYfBJ0{b06`h%KGh0W{Jm-AyfZ6*>tXaViubY4`%Htn%9n&5 z-zDZD`2oadBVGqQC0>6#iuGvbt%j^RCNzTGMzEe?Bb^bkWHH;I{ zd*yGwte$qyBN^@kJVnN7%YHx@j)*(RenVLca1yIJQSZK;cD_XS2CP^J#qXy+rX;`z z1Y(STeMPoUR<-hCD3#^a?MgVAcn#K?IFTBQW0+{E3)98O4idzOzAGYeo(+-T;4UbhiEjH{PRzf|3ZJbZ%*=*ni?; zAuT>RdR}%~=BoJ1sHmUzk|=j?Vx? z9LiqRUQMi9tTyV;BGvf1a_2jVw2nkmiQfd3{;fjn0NgOkCV0E%B&i~W<2;s3{3r@o zbw&N?IK%2OF&V4)nT;#3r#;RDYI+K!RMzYGP5RA@ux_$*QDOxUB~hIhblK+Q5< zLg4-t>o4ia%(F34$v_FGV}-9H_^5M`Iy?h~Lwf|X1%xSDO>Oz769N3$RsxId zk+$2eo_$=WU%|9WZWkx^aUtcFW{H^#ADDbg7kpf*rN(Mb0wX>f#B-bwYa$5S*R#rH%dpH!s(45xaGgzrb{DPf-@m^Uj%TsKxd^5-5)v#Q z`4E!ePAIZH+}@{uPMeN0(k^3lWw8C_TmVA&fL?Pg*SX%$AFY-(#@<`!XU|M-MUzu- zfQWOBCSMJDYv02jw}9$#;tCg>cF{c=3$Yr42JEvTWr|E<0xv92l(eN@g(a+dj3v12 zbXg{z%gbyT3~D|xrcdRdXWHv89F-lyvuJxi$SW<&PGya{-FzJ|a%ReWF&g?mh@zuwnJ)5?YYy?2bb;heT(p6NRzW@4a{N$0qf)#4`RmHod zdMq^))y;#gV`CClcmW0`dM0<&GK^&DpfL3H#OK3#)Zj6H*o?8}Q}pl&qxM<8NOZnt3R4b9NGCDRDx@jZIBEM@JQ!2Zd$b?6Y4MV>j_l)^zN4^QtDO zzHXL>YnDPN-LE;S^)(UXkG`kh-n;lbAdnvK`Rm~4pt5!FLRdrC^dN#}=)CHW2Ep!< zCr7X=kTLfH8yg!aM0xr-$4RsRa)!!dUxeSwv2Ux5+G}Tv&xM0{roQ~M#g!dn+?r=3YU7V_XnL-% zR(Ij6{)N?thAwm3REoFbznw#^N+l&Fc60ANN=5$=+JBp**6kcZjF`6pPz7+9^iFka zqzsxqZC`tbhml4`M#jw8E98>lFz@RDI?T_}k?nf?f?vN~4gs{ezwHbe16w!3a^tiY zIo};y!v2G%ymfC_i{FGVPZk+|xcf{Si1{M|lTt zlBlzfQKIsJYw1u;ozH&I5Z~ge3+<{)bbxn;0D9!Q7+PkUMj+*ky3)doVKK5l3F}Am zR%^!U`7Jwauq`@TM04*UD-R%~`Hw>}#_1lF`swwFhHX#1Seid5I|Y~H@O*wwDVOjS z3<>W(#7JR*_6whWRQq3U^ry?CVJbONX~JGC&`eQ4v2^D5W$`3+2OMS&d+6-Aq4a1+ zo15edqAwB9Ha4lt!$3k`Ei>(6op5_IA|n{Kn-4NoqJ&g8$w^7IRl_z${+z%;+eI_> z4B`9LCMO_pCgf;bk=ua=h^fJ|g7F@&70v^g`uh3HpXx)yLVbdRWtJfWz^RiRfE4^L zh=A9q*uAxj)2sh)U-aPRhK^S6zoTH9mTBg@cs`7$(NR&s-5wsIZzTWI^D7$T4>0)! z8z<4Yx&amZ}osl)&F&_Msw!!=)Cd@OWi~nFk61E|m*Kqkyoc}vK;IaYC&9igyPexe4+zJ3A zXbGRZqffS0)hB#JMoAC#~df z&;Q%Q-5TJ7I|h(i{kAl#Fm`wUaoW*x5*Gf}XaDWF0eSTQf|x&@q5n9RIRCsU|NFOp z`c5sUr*vjW$p!vW3xQe>GHDg8;YdKW*H82?ifKrx5$bdvICMupuR&hZw zaqBGG;odRI3>$)-UDg|W5#O;m^q^I#yAvc2TJqAKNV2?AkqsPhgH@t&j^D)^P!S0K zJ}7Ri_n}2b+>0}ReXyTJI4y$F1|iCbm6+$4-Ju^|3|LWTFu?u&GBafm%YqOCY0`B< zv;|AS7pSy)lQp{r!YD89AV&%Gt%{yGDQlzYpFLwqcBf-%{$*?NHv$%rnv2c> zs`-pW)y$e%bb>Dk?v@9<%XUPXQ{azUK~9xW8&{&&Eoz1-R3`=g^<+uyOH+5Xcg7Nk zsalTjN3;TV7H(y!s*tW!wfc1bV3DXvBldr(NipZ(tYvutRKP1A&e^NlH$39MVf;(f z5#)~gOQczpqL~mQn~a9mBioZ-2_ml^_l)XP3X!8o@Q!t-#$7krudk<6W`5#<{|CE& zY?uazNConxT>`T5t+(MN9XQ9bA|k!ZnCZdpwcargic;8(4R^W)fybG?{dHYq-_`{^ z+48&#?31@Z|9svRpxT2Y+HeB%49DpnAFSuAFo{5CFU7;^P!trBik6k?HlvlBpvxdM zfOpo^+=S{3Ce^*3VXJdKeU{Ynj^fEQcYm970tR$(Kr>IIBYO~MtP~~HZ6Dsn%_Yx5 z=j0z@SO4vvRK$!1fRROxig{~m-gS=`-}WZlPcJizO>))7`&9!J24e~I7hbrNZFPFp z@zxR@TWt9Qz^`q`HjeF0!;x6~YpN^StL9lbYtw$R;?tFtOz^?@;HksZ>H>Um#HsE| z6OG-p&My8(0$~B`FLdPPMa1Id2n?26O5Z~gv4L0AZgHR< zrs3gN2Ce7{muAW$H5z>5&DOfw#t9FO&M-hWSVj&jkhq8ulez5Xjx3)X(lJ|(l2(GNw6G%T3c$}jgSLM8jz^|j-8^OTm5M&#vpK@to=_?7LZVT1P0-?`kBXHL%T zLw_M{8P%pq#~uKFm$kUgxKqnC)C6*hnsWd(hiI;dHwdBXd##euY5706+_sEai0}U* zEJ0de+*vys{0ZS2w%|2RIC+;bm=(XZ3d<5>&w#ybd&v7x0$IWa+*H-Gf zh-3qy%z46B;LE-RJwYZb-59!zGx7qZw~TMsmg;ed1tJGFr}~w=TrPJmw_^fmQ6c66 zyXV(huUaxI&rXgnbrS7m#V0L1vCXF}Xydwhy+{~-B*eZjs^R$@8&DFL$JVDVuAGTp z9+6kYQ)goJR;?R|6tdU?Tn_8KFz_yUp2Xj)&Z5dcu6)qDxt@Y!>c5uYb8=fjwM?7` zH;CFPW)Gla2hu3nbj)|gfq}%-JiQ4Wo#220CBU{!==R08he9k50B=oQhgcLNX}IS8-Azu`F1>%JP1-V zh;@|)UL4QISs*3i9470^fVl~i=I`bvEvxFZJgm#nn?ly|ei7Hyb#C*=?utA<%>AAG zlE0or7(Un~0Q;|=p;Q08wt3B=F(1esF{hOGo9lw%58d~e3>g)MlI$Jb5-_1^50HQH zuFvhIF~e<^KGeC-sWz0W7Jqt{xXkmS#QNs3Czn!`E<7I@n~U-@DrPo7%k*s>Ljq{X z%35EIDX`FQRsbO5RIEpwqZ^Q@Dym@ODMQ*M*|%RzAAAMmoZBUl3QKp%cB27`(Zg_m zae%ifFAV7QW4M?~&CM2aFq4mP4m&!eZv5Nw+is7KkGb6$aWypNfINvKPD>nb3@QZ@ zuymw$3(#B#orDYZhFNXdx&A8w>~GtNajRAHSTv@4yN{GSftw`4%H*h+v5VSgjgf)K zRg5Dyg9)%0+8iT!$7>li@icON^KPv05==P@%DK0ce8|p2%TZiN+GRv)4mX(gv5y#O z&U$@#?`#UPxVG6 zMOwKFce2T8c`{Q`&a61{r|4xK5Cj-C@eblgy56C}*Ub9yxOR+hY;YTVba2}@0M}g~ zagTj$gZ=d;^Y{mp{is*clFv!32I|&8dgoVC$C}F&D>w}+LuloS% zqP%Qp-}N|jE~+B+$?f%nMlFuqNfS!-0f&lKU>-T?9ux>T8B{+!f+n_AM@xOIcj{8Y zGUNx8z6H2dB_%EwYyPM}N^2?z%mJ85{z^>|z!*NEzGt}xWW)5DO>Z^`2|@uMg&$Qe z-}e~0nbo#$B7p1oPtw-k_MlG>Rn%iiBvf_gy=dRAgjj?&aGVvs3@DJx*pJL>F*f*D zD0|V>=32qG_Gq#~VGWFac};Apr2UtED!J$Y3i}3SF@md^rLJ7=qZ*7J3Zm5!Rc=53 zzTw<8=e5q<^m1kX*~7o}`YN;%C#_@YsVIbIL|@ZV&HRNK%%AABu7Nru1F+p!^ocK( zMF5OofNWh(4QdS0%seAA<=cqN+Wngn500*iV7-2+XaE)%%ZLe`@%r|org^MvV`=-N zuc&f{GR4(R>sGHZy}I`M=3LdxF0K*DxYZcr} zC{~)vUv^sgn4y$=_39J?(3O)KRKbAXUbPsx6R<&Sw8M%2wEhC92Ue|z;ve3qmfXGs zKqUK#TmOAm9}Q#@#m%I401+0agV9%Jc*%Mk(z_V@!9d=)CAv4T_x!@mNYI>kJ+PJY zkoxL(-Z(wxYfSLp zR4Z>5s@gHff9SCTbws!1$dwa*+3QPlF@>o;-y-EQPZd6fG@u5;2 z2}rvlH!%UYkEL9B3|l^mFaNft{duT}NzU8VQnyVmu;NLma9QM!Kr^TAOs**Z6#jGI zVD*8(>fly?n~BPnno&o7LQO0qAH;D1UraLtf9e#4nIW)%861NKUtx5-fH%5&GF#}< zr1eFYf>tqQU(_2}!J*VbDP@3gyg$JeT0^^z{uB_A@Eza5#&`i-@}v^X8z?(6X6<2k zM_*{zooiwwb^Wr4@5fgFOPrqLPxnW@D-S3l13?em0%lA}(Dl5|yTC-0k zy}g|yw$T%MDl-d9PLjb+<*^`^=52l&?JGY%FmMBi}*$kTolJw zqJuwwIR{~2qS8Y-w+}@6CX>pp9!pB|Q~;&4UJ&?gyCtx7nKWX4}=>L zCbAJaD(6_sV$cCHoyC4Q2uQ2u-clWc)H$1pT3l2uua1GvQaKtKLXUq%)n|+PRo+aoFVsYxv7>#7b!TBB}{Sv^l%L8l4Vce3IdqX z1&=i4*?ICD1v+1WT%Q=Z*@n<389GpWdW&ba*GcsLbaN!SAmVu|8nS?9rx<>3=zwjL@V$OLy?llG zN~F<$!z1}>+s1V415lZg+3UKe{+P@fVh=u$)&=}Khjk6JVK4iiC}IHx-rg)>`hRP0 zR*)qCEK?ydP{|*bsZ5AHzLYW>YM@jGu99M|VP#C6bdj2fMz4xe`N#|}uz};<8{o|# zjj>0=Yslg1zYKB*HWI;QJ^T1Pnk53*^#hRhxs;9LmH&(W8=Lp)c5ej7S8h*V>6^4N zx7;v$8z987_Uoz;Rpxk$C=QSXj4qC+V4N>^b7~R;p@^{jeEj@Vv3O)&J3;1ZfEs%~ zM$+-0Fx4mMSJqg!b#LrcQkmC@ttdsJgf?o^K3s+f^cxPVIZneA)BP*Wekv}S1sy;% zQ_i_Cb^9_y3xc;|9q3TbUFOa)eOG}3Cr>Go%SksH@T5v1_$dOm74r3s#> zsRBQDQVhz`a}8M*VmjB?t;PQxt2^*b%0F*KptD1dG@^uaNfNQmx8SVX7XS>7W9I>V zG~n$XfcgE*JlXY9i{U4yQC4JII9k5XA&?ub$ACz(ARwG(^m6o z!qeqbw32}O{r66N$-Kem8a%9_UMDCxm;Xi6cbV&LWe$=^fd9O5a-H1u>Iy>HLzPdh z7J3wNuUBGVTno2VjHrt5z8v%3@Ep!ei|_JCF1Eo?mP&vc_R-9rQ1QFTZmp2toh*~0 zK9}4JmS-3R1K3aWKncB{hNecq5<-jeyH}S{5b&R9yV_d(Et@JPUL+v2op`KQ&Wa*q zK|}l#8Q!~HaR{DV3-7MX%X}`+k+@FQP*+;@EQ|FZk$%DjXDp-~JKzY!v%Y1E zolR(an%Vu&L;0`YBbFfa@eB{czvTcHFx~?yqfNgfRd`v=s$@PqqL9yUOb46hO7t}& zDS>l%QB$z(2vIHCp|-=5{~u*<85Y-)wSmSUBv=R`I0Q{-+#L=C*AO7MySrO(cb5Rc z-QC^Y8n?#XUG8pjzPU4J=Ki?#qha^c-MgyxyQFHZS}#AjRKI}6*!$gs&L#{xBP7)w zIeCF-^wb(>O#F(!?vBZuiss<*RK$m$PHk)vaxCf~LRKdRs4 zR|%`l-Y&J==sA55s-g?Lc6ia{7NOReH#d+ON6+$2C65K5xeTC0!F?xxd;u^s=X_^v zdiFBQ2TkZ1IPGipUpUidzkV(JAENl#mA{8T5(q;e0_!Y5REG60AYf8fOVT}!hwJ?{ zc6B1NZ1n$4bOM+#nEsuu@U7mz$6)?HHvwaa+ykMdPR};`dVAfu*y}r3eE%oWEPwvU zC!1bc92Y7;?U|Yhrmy0<7J&SK;(&fzRUayw|6;9_I;a2Iu2T0eBwgPAHl~cq> z>?>1z6e3M7g`1B*1>}9rtWN^oe06=32aPFNE7AJT##~p3JE~7z?$Vg?vj3go{2v?E zmQVDU3qJ4Pxr|j+@jkZNrS~uph+A1>8z#noaASI2l`9>v_64W1m($RLU;!RDA9l1A zWO|u%ns-z_HHo{2Zgr8$mR)yfYF#coRfaZ}OKrUKTw8#EP3l+m@2}t8Z431@YzlyT zZdI+I_z}>fs}IJSr9KABOaVcee>9NZAF&C;TP*a|n7_KqwbLiaOe&Z-q5P)GLcdVe z7QM`lU}bCEHPm46+-F**3Z#(p7%b~%czwl|zbTt#pfcgKhvug^IjMlnmNBOt!YC+2 zrY6mEfm%vd{|Y(yfykcJbu{rQvay1Zinwqf zfr(pJSezLKzC~vr}nLQ>*uy2fDKo&4* zF@i6U3gWzTFOfULR?=y7`^19W%s==b;Q0|q>#cO(zuBo{{z8CIo>kmdDn?n?Sn|vY zHdZ_W6WYC>XwcB%f3}=}CtyjH0$JQ=q^K!pZ&<3_@R4%Hrz#J%y6z)sozi8!Nkajy zZO>jf8*@ROg_*le&Jt#XKt0Kpo?Jo&VHF+}I$b8+3$nDuAByi+ClzuPUQ9`*1YxS} zwU;tf4h9@taZxyHyyzO939*lymB;FJQ-2VJf0vxgzjZYe=c49vj`RQHIUNcVle&+v)v!f>)8>_pq>5uO{NiYH=mAvzSJEKd z_G9LjaBl?dU zDYZVqs0*z|TFb$mW8f_b4Lr`xjpke_C4aNIr?v&q<3Xj_YSSw-doWI;XGs>B8<5%V zUMWiJ)b|RZ#tqArL)C}qP12%oro5fYnm?3 zYq}qI4bP-s+wu6Npf}`^OPgDr;nQOWqDul~_vaQ7ct$axxgW6s+RDKLw>K zO`f@qp}v2w_~Q9{UNfGApFcl|xA@>1ryjYZk%Qi9#;VDDK;waV&hs3FC(rs_h87g%~5Ni#Du3pAU*;-yJ7C$g8+50)N3&1jEV{g*E6 z!83-s<=Q-0(kk?HvgLv_8WTj`<0IYe@TyJcBRdavG%J^qBh=p{<%*U=hjmxvP1E_& zydv|l#QT~x%+B!d(X*OoSd`kcqr|z@+v><~X3wn}E3xq=Vh5>~2d+Q3%qVh%+;ia+ z55`;~b_7zRjoFC-rdB2Zm(%sFv|D1Jk`iM(YUoAlO8V#H&4x@NN$P-45&x+f0e8k) z(-TUCx^QiSuQnH#*FGM1*ZFSZas>5lq?{6hYo{S!HavXkNotd_*WIDZOKPT3IqO}y zJKq<~xt4GF3TC8i4fDGbg! zTRw=7&GFHFqxssjuyRmMh8eV8^MAIg5*{EeFcmp4NZPVNcnQc>_|KMOtPXu-HT&&!Sx6>VL?a zjFu3Vg(|GSCDvIwj3{(Eoj1G7(veT2PORiNcX1gNxsT;)4IDhPJJSzrCAv+Gxe&dh zUFD>xMe($TPH!{~9VpsU>q3b&E9wJZch|O2Ej%~Azk?|A8VgA$aax|9Lp^D;rK*Dj zYa?m)f62*~?h^n(Bm@zuN(ONV{AjWM&HB>G$=Rem1r-%fu=4u00sGJM z!o5hyL~0p691I!Q4W|iRF9nF@<#?YY|*vNqH7&E-?BbX^CAgMNa!CbFCBxn6)1|MEq3?h7~ zw)7q2p_)+-iEc1~3;((EOdyAH0megV_WfyEnvTyxL zmE&YZdW{FY5;Jg!&4lG$x|#ZsexRhTo5#@Xu});!>&Vy0-9g4CIm%MGUzrh_s>wZe z|e=bC742V5+0=eS%}BR-;O9hCKnHUA_@_gM}UC(AjX z#t?ID@(zmBiG@d}Y5`0-Q0~_;AijfT+rS`4ad4**I-llykI(HI8osHauy%l$lqdQu zvX%Re847Wb-xmCy((xkgcTlLXz1O8st9(9;?D}FdU$%3A8-4X;{Y%4{v0F`j{kD>n zLR5TwyooCt1IO@HjqSIe$r0rf6$ma+ylr(^SPU(q6F>0=fDj9`a5OMCg@Pa(8?b_c zf-J18xeT?hLFctVdPtZi-As^`pGX-g{O*n@ABl85z4RGLT7-`LAuL?cVR129NLy1Z zkjAH@)Khxut@=X&0tcig$-t_#6xo28vfdy6MmOK{;~YopP@(sTKsR-IKs_tgTX^*a z=JgMX_8Linm2+l6jjOo$xRkG2ATScO#(>rgwsdbP9;Z4ZAsW(3i$;D$%V!!xKKOmO zvdAu_Q@6Y4?Uk1<_k(6M2g5j6(!bx|xX|9scFD9=!oW66b{lpSeNdjMKu`<92zegL z75tpqErhzrKx{o=h-k4ki#A$ZV$ys#M`|m(@nB$23gbLSHLkBR;k?RIdM{t-r*E5fYU8>}f5&Ly-7ct@)Z}<|OIV)H zEU2n@9$Okyd6&aOa^pVWO}i7MYW`wZ`pqwVC)~)#J2dL5eo4aNVSIJ4nh z|E&#CF)^7)PP$4f!L`hO7V{&T)z#H=new0@v5u}T0yegd1hVS;&z}<~T(z4!-P@zL zY6i~EtTVE*+O+9ff!x?(;5nr6h9`SmU47_KVevb)_?f8o$?#gnBUbVNF}djX;mab` zqdv*TnGE}V8+7xH0kpVpcn{|7uGdIYt=lL32zd=N^=%gk32A17&pO(od^9cv32~U7 zs|fc)YW5mMG%^cR@=4AA|4F_v>&JM%?ySAeq7wPagVnX4;f*_*e8p^r3U_vdZzUz> zd`EJ$D^)xD(dbiZVeFXl3a0q^l;6S*BebU7hZ`>Rj`Hkl$sE=x+`eH&5B*$mzsHT9 zJ!R!ctyGm9()tTx*RnK+NUqj|=8m>-p489_X4AWb;b7iM5>P!6S$u{;5l7ZLYj|oY*3D1dqe~0v-6`Wv&y#Xf4$RC>&(|{PXFAlC0>xdj zGRg8TYjnvsHr!Ml2@{Ttlrgva+qzptjnpV;$YirXG1@ZOtBZR4r^np>h@&ytcz zNJ&<9&0Jf6Vv8#fNU+uB5G4M&Bs5_816(|2zH_cY^v-fQ>>(gO`QXvM>RuF*Kd4lt zF@O#kX>gzsXu2hxU$ElB$K(z9MSWJ*hb0KChzLQ35=BQR#~yC&Rr)qYN(_h%Azgwu zTql!pB0>stUTBxJX8!KSJ*J{hRLWaa(t)ral*mby0;$FhuYHlTcRX{Twr=z3Q zT_@W^2=1(^HkH1OKhdV?D&h+6BtS95b|^-U!Sihn&7YO*x@@FzQnzw0zp$Qin$db# z3^ccXHYD)b=ny?Ud-kIx7n0eX4aUpaAA)1dc6q}}?cL(H#=h?ojZHapjIc35CywV5#7u9i9lR4SdPyE{}WzdeG*}E3|6n zKf9LJpSULAjP^S*8Y+UnGP;B*z;MhD=tXJ(qoA*fDJt6vFb0+BN^)FH?nu`>W-ruG z_PkzS_$8abQ{`}sOzCR4k*`WFeMl-RlW^=vSXZmvkrT>==h-e8vU1#wKPr7%Wxf5D zn1n=Y>M)YlWrxq?0iMZZF;5`>JsRjreTSM`{WgYCVSEP-eq{UNLLXdJIV%9@4~}1Rw+1pqDdF6$r7E_(+nUzV*5{m9vOa1K-~y=(rsSZm zUQz$6X!QOBxPd|lb<>nr{CxmKyO!%Me>GFntl6eCsVmR4Pf zoQCZSol-7~myY1hp%VE$RwGw8rMVs_#xru?U+r`0YP*IzjIe-orX`9CWQ#P$`J9+= zJjYBDNo+8s%=SSOej`e22CxL_=%%{fI*sf!wSL)D5tbxQyJN$P_jB@ak%fHr?@f?7 zZQHj2t^WL&Pm-0jtE8eM$+5Mv>NRLq)xNvnv8>DZ7APUGxAimhFgIJ3e0E#h2qFwazh+&Lfkn{00$ws(X9^zAz?WC`s9FhK+ z(;-8gkwKK2R~FEww1vkb79RRXyVfAE>uaCj&IC?lDSyy8Dkn6W_4`%!INw7PKIPz)|Wc}ZEKZ~ zXOYXwvA$|LM_!EGq_n$$EN7(+^Bya<5tu2tNFr}Ejv=m0ci2wYx;#@Lt954XjfARP zz7LxtOB-Vg8X3w)_^e+5J-VIb)s!K^>(@WbNI`y*hxwsu$p`|hlvOBnW4e6K0ft+q z3m78PsK`i-MDGwQObT-24z)j+7On?JoryWu?Y&Y>bizoK5J=b4vVvF<)?GI=aE#u? zsI&B$x7Zp^Ag;tiLGhQ)9!j-<_!urI8XM!pJe0q1IoL)52G{;tyXWk$ceRP|cO{)O5c(sAWXj++&W`S_xkml|- zMuWBB&w!Z%fOL98K%n7mD3eBay!`z2J<=q`gLA(j7W~p1+8q5eC;0|dH5Wy^JsQ0JlV1haoSk{1STJ)a52H{ z!|hOKu89tD_F{0pwm4l{biS$uGX{r7d7#pKUF%$8uFHgt%)zaSiCU+at@a%=?SV_<1%<~}$q-kdm)_9eV)&_mG zy8PuQj6e9@r*EV+&!!aT3E|ZW{w9Sg3^^KBP@!%d)1S z?8SI>a(h;!l%Y0=0I}?$Sklw@7Dxli6i_^}wrN}UnlMfwVr9f7o3*H~XPK=G<~+Hf z@;7CQ1q}(+C;0?@2uwJfO{p(nzb#wAN0Cw>3{L%c5ZY4WAb2#oU}GUEt;V^jc+ufm zORHH>Rp~rZl9!$QwgTa3N_8`}Q*~oh$UjHhKQOSn0id)UIs%WL4w(XV0@-djZ$9BQ zJmN(sCz~FewS7vLzP^g0mP(g?!vysl{?S00+G}47GS0xsfmgS+F@UydNY`VFTx9OkrO|e?`Q%oAm3!`281_bgyInGcy^AO^=KTYeq#`R=Llo zuviBAB7LbC@RXBzy)`*%PBY_mYtV~B@#T7N@SH>E`vIcOL^0}C!FxVticvBu^j78d-f zOY#c-oIc^iF`ouHFxtq^axKjNE!f^C@A&B?VYIa1++ZU+M607sYv(?*6kI=R3HYUD zSX?vZ;--7oP=IZMB+TK>dCn48w2Acy=^0T+`!!eAwsSJ;ca(rrJ_gk+#P9F3_V_Ph zqrc@x)GNlu@nhxo>nFDPd244#IIXreaF_?;Q*~zR7jp+h#zx2(pY^3|fXkn=N%dMB z%sb$4St4L!#(&vVKzewXEYa_!16-i|yB^Wl8eOFQQDj#VQ8*5PO|8#6dqB~?L zxUGd{qi`#)SZ?kr$c+*zjtgc51Y#4;_@o&!aEw!E&P;t;4uNkW-D+R1OTVpg8VM-SG1hq#vT!FwF zCxD~((ZKG<0G;&^K?iXncJ5>8DMyon6PAG@0^nrE#rnu{(i*8-p_NbGn{z6L&IFwt z48^e?eXLiNNInYI-XYvnA2&gg`MJQsP?ySuwH3P8BiA|P$v@X!M@fgd{*A}~I4QX(&ilP$z-&;rwR>Rg%pOiTw(CXrC!4t7r4ns)@ zKxCIh1f?Fu#=*s1SzF5(Tf@tl*zD`+`75ATn|_E)thCo4kI;l4IaV3_ulR}@k*fSu z6Ub`RsQ|Ei7aGeFNv1MyXuY&v-whTKkqs_wSon25v9~wlV;b~lc{fcbO&6Yf?__JO z*L=&L`?RK$>ZL2Nd-)1{2?oCv)L82Ookn!L_~?qvD| zdeFrhD8}#lU3&beQ*LQBWC+*7seA5BhQ3!+M8pFi_A)fKN%z8GSKHEwW)$fAhvyAk zW?-Sqf@1B~6`1t|uN-SPW`SiDj3Q?6vH)||`;(Xx%oD>eI>StSB)@`$I=f`}_@W|T zNwW>{Czc6dRcZr|8r^{t*h`A$=>zQDHeIk!AC5w#jt<>_z><3_e{(Kc@?j*>pr(IcUpz z#i#vasQu;nF4#L#dIn1)M33hmTL1sO1kwL5?FV4xsr4cJFPriAx6|m_p%Bz{bY%N3 zEv-QpKVs9W&G~dNbWPr6=@Sb(dwXXmza(ws69{{=m&T<1au|e)kAs_lU0?TXQLH3O zvhMK;OO7ukK8kkc<~>ZG)AH%)>B|QteSJ1D@xe%MN2D!d5@LQ+LkGFQLNzpV>!A%L zRRX?m6GTJ-!ST14pPyge+JgK1`ExYs_|gIc-zyAsdP;Hr~=HL zlyLh~2A~L$5|9Cy1f4+=l&2e8WcPtw6dY);m|n#c=M+OHIvT;IfxNwyN3GXAFK1uz z>z^O*n4A%go~#Woh>DVN3HI9~c+@rS>?R{4yTO9qp!bQW)bD@X;ImG2`Uj!07xII+ zIHQ!Q$;r^XC>c6yWc}1tjQ$!@r69=GGr7a5nU-4lLjNAT z6SJ-#&NwM8ZcsLFnX{LaU_;=3PcX3v4lrTZV4z$i1LGl?KB=|zwHh;hcTRr=ZseU1fEjz*QE7Qz^kvXa&3h_O4fx z^7{0Z)@!29(TS)DSmT+;{Z9xV1=f}V8jp{?1HJ_9B;6(-}(=RO2pjU+_3Y&V_JEqV~Qy+TtR*14-wlOLssPhX+VM!S9=z4mxrtEWHx`Un23=DFQ zsMPSd7FErytorL#BxGWGn^Ds@Gp1{5b^}6P8v2bMt2nL?pQZ`%&k0a0Oj-$JWsi@W z9fqaB`2o_zT^3V^(Qp0jh^tUGZqp1vL*d|TeXA~3C?@8QRDpBLXm&B+weLTA8Ed1& z^LV0-KcO!vps&nEQAztSl!?eu4~nG?2vbMebx#77A?z?3vX_svhkf}`+64EP>&Z)ch;@8H~$&*h(4Xr z&j{?-`_0Da6FY56^;=V8#FIQqOj9H!v}Ts)j9s18VHlsuH%6)2=qt3JW)sG0VI5%X zcwNhC!MR?;)azmq1Cddr<$`LqF~6rX-_ZhKYzRy5u69v3E1g0YbD41mkw5{_aS*M6 zf59*mb^HN;#EiU$u~zCw?yf~TPxJ>;I%d-JFuG05Ye)BV%JL(qJYw^}a5^qSwsK(T z-Vd;_oiqg1M>$_|EfuH}6+%$akj@YJ9;@5_2$*6{ z9Dk@129z#Z%HX%=M^4kyAd8?l0Zkk&g^i7U9N7XwgZIO5L`C7X9jsk+5CHOobqbb& zRzWpB&^~VIO6!EGKFF&@V(UbMvNHfIWGG(dz1T8L2c?^Tr*!dF{nG2UVRH&(TKnY) zZGp!WF(N5z!hfu^!5I@vZt$KE`=CVVcF+naYjv=AK<7saMUz!R=IZJRqas9qV{{z_ z(o=^r2MkK5fQUBGF}Tamj6w@X>z4)e82!QrhYr>@x-QyP>?g&54GJym`;t=DM-I%K z&hL!3pIj8)lJ+yiQ|KsF_d%a*A3CQ#O4rvHo&`#hpt#Wu-WbYFScv9a95!u;j*cLwcQL|!Mi5f(9y3-`F^cZoiSfr^ILK09>&a3SZErI{eBj+f zec9cm_P@S6qZuU&6E1ztM-tV!cE>2O4J*n~1E_9|v z2MK5pqp#D&o+rKiBHC4F!v=JH^gQfYr=@AnTh#(m4P|TW-L82yiP8qRVS_U50;Oy~ z9Z4M&^lL(AK;YVhp&&vS!)mu|x<-xw^-%Vkg66$hyZT*yY4R(G7NF=tDEdjXW;&75<~2SBKanXnX3;iA#e!KG89cX)pB9AGl*}(+MXOY+Ad?kp5ej zFgh$v!_JdPTb%%XVojtF%M7bfos{8BSJWx{EAxsk@<&k|{I4Xe?{9W(v~C-w`=Igd z_wS?DI^i^fbbu$M{)(y1(G;^D!wNz;|A(~u22;n>lz6GknW@jBzqT|u+|1Z4s#ZX< zpsVqXXDL*1U_+MvG7WO0?kYPz>{Y)$>~S=`KJ1KBdZ>T@r0Dru>l*0#NO!G0rMMJg z>8I8|M&opuC1dwi2dVs#4q^2UqS|oh{^?EtW+w&Jv>P#{fwa|02!G7M7Yqww(*iAw zKkys;B4` z7@m;z`5xvC0R*D!GUH!noWQWtcJ&mflqAR61EZ?T_V)G)s_6TydQl_HqQG5cQZY)@ zN<#`E(gviDx|WIbfQCt1?WjX2OHzuJ?y75LE7HQ0y_vajqIK2#BSR7L-4roafGFE{ z$XA5~Qeqwl4+P);G3<$*Kazl6G(ZE-%z;uH@@iK7%B1N7-}}c>`^u{I(lw&R4i1Wr z%&k1j%cZ9z{x8X*D0Y5JLR3^RqStF}Evf+fLridiw#tEI&-{(5x34eup)53qJo?jn z2$Y$XmJIWazc9#$UXzO`IZ}t$1?wvN`!n-3Ak;UFDLw{bSc!XRsr>|a_ z^gdUB@b`O?K?tJl9GJ3zAA+{DG?Gg^=Z40xn3ycNI7a4FI{C$XbuDOmQ(A;1mVj*D zR{AQt|NTjVHug+Ra4w+q{?&3ygzkw9=t+jtaMpiEN%06fI$xOEc?Z&yfBCxyQlpVh z@9+*xcapuNN`DA|Xt2J=AIjF0(n6Drq{vowR$ovLTY{!g-(O+|=V&VkB^wjXJynYT zzagNJTDg$Oox;fqNV=V*_6<(TngEm{PtBUBroL9!=1fy2E4o)-o8%h$u8bo<29{gf z;ne2$=oPMO40Tuk)nukK_M_5A!$k08dgo_mgogne_S8U*5)vCIxn2X~V`KKk9>555 zK18ZMu3bls`iTIK7B7mSH`3%^1Bd<-;4vZiok*tFlT3>aPgQD0CxCGqs1yFw_$3ec zG18?lqYZ*@Kg2i4@c{42>
#yc=x&|~aIbYp~xBr%|BqMqse-2>cNTt_dt}9)G=d_BiOKFGdy+?El(ahB@AZm9o2wNFaUK-c6pkdTqun z$P76T?>|1yhoF3iOX>cA4UakxoZidIp4M2>KD&2*e&DKyl3dF#*-s6j-^%w{c9%YS z_*MJZg%bGs_d0yy@xWQ(Rly044NjHn-_vZ}81%McWs|zCvr{%vSten=f@UdS=?Bid-#Qytx6#9{xeEBg+un>IP-aAo;koHz&+)hSZ6&%x@&k$vFKCYh?%92pYnxQw zZRKu49ZWRT_lMrzYCj_*BLg0BaAhCe@_1Yf4f70*@#V+WGS|0tySbSbAL~|y$h}KL zJ$e|krc!hi>XY?Ey2`s>aH5l2*3<0!BbUgi^-DCRXb3$N;QACC24e139PZ2tM*RKA zpnqfraz4ul@RK-vi^fOsMOKIS&=BwLdT-qEBJ9$`5ivh&{iW1uc8GwmeGJz$mmQj9 z?Fb8N=YptJRr}jDj5>r8JGiM4R^vgzis}8-3ItD5bFB<=1fK_AZ4xEBV>9QSl2G**WCi}+@9b$3N?!J?mwuHTS$A|?U*#VJ5>Iw% zKBxuX!G%_z53z-m@Nq`|!C{Uc24a53Nday3ttvki_?T7obW@2q1_@lWpBU09!P!aW zZEM!r)>JxcQPEPO6Yl7d`SNPppMB)<-lpbD{&sii**%Z`V;h23o-+Wxv{gZ@?+PJ& zB>e&q(4495o!0JsF@4Cu23ra}TAH$!;XUS9X&XyP2d_PqEfI;=`q7Mw#qH0~qlcb{ ztsdx3#=jbg$2j|8$lW*4XH02_;)eSD(}KB|pUp>~WiiJO{G_c^5(*I`YDLXnW*_x}x*5o29uAF)2rPQ)aYA((exNEV;2_ z!Ke^q_0bGjmZ{&=J_fhagmxMaN%8W{=bzeeUXDyJX;O#3F0uB%a9}bP5UOF%1E2b4 zr#mlN#8t1tNz`VvQZC}US5J9LDiZVl7-+wfoxLo7q`)y`;bW1%R5NwTay`8#a z!6cWcOXrbx>tXjT!U>!qhb(6Uhg?+XX-rx{9WlkBRz|KJ0+FuHwXSBfOTAezan0J8 zRR=8Y)1XSJdXGu`7k_keG-fH(I9d1QeIrLK2i?n7!_Yz)$9H4U3cWP zUPr$&+2+Ctc{Se`|Lr%Am5g0EB!MYbt1qJ8rZ!^S#pg;T?)(&|VA>AP6pxe`V4Nzn zaXCZRzZh%@E1e5J+WD}Dam$3~VhwjtWP{<0%$I6ezo=gTve`Jkwqj2n?>`>jgJIc_ z$Cs5HY&R3F7>@dmKlq}+Oc!dM*CmymJq$T?7IH+AWrY#8ASOhx6`vnQH5+~f>S}}s zSOje{Z^UliBz4#?N)Z6@nKJJ5-mb1&C(}W)kXM9A6di32fu+KML_{2U=}jpevLA;> z4EZ%XgKUHhzF}{oD{oqnYM@Bt)vtNx@wo1k&pkNHX?1DEpG&bCpHvQydOc9=hJ=39 z>gs8oN%=a1@>O6j!IK-EqCHvE^+X^8A9st{a8e)zFVOdd?LqX!*m7FDp5K-mZFcFeyo(u2M}Y*emC(Q2m-ittXi;ye5Kh&Md@o*hY4+aO z$e-MQsyNgP!qMT~n#Dgl){8tkF5!u*GDdQBeq^-X=Eh=2od_(yTHuCR(Rf^~&2r=w z%h(w_ocj4}|M7LnDYePewyQNlgjh?Vtl50}AW;?GNL3(TPu0s=MKx=)d~WZf!+`q3 z$&EndW%-boOz~kj*n!gpWVZrYD(R!ylSEfnKoWc75B7)Kx!=Rp^%ZgkL)0B3s+Sr) zm-XhfTnM7vj;|V3DAMq3IAY^D?s)C??P4PcU{od<_>(GaXEERb=v0K&9=d!`RR51~h z+;YZKMoqg*s4mS3o?6{V>a&89X)ceYaHDjQ?Nf%$qsVZzX{shXx2lzApY^ zFM(huwCVWLVnwe<9Xg@?0JqT2_)HA#Ci5SFcT4r`2>8x9+;DEe_$e+UU2A*Y4wG3n@w>o={hs7ah*9@{l;4F zo7#kr&*-ds$<-2S1=e_|_dFWKvT`hXPgvHud~!Y;K%gbp>1un-96?nsW}~m z3R3AkuT`?G<*q;VmOSCzzZcXBeu(E~4hB!5x2-`EyUX*FQfy|1uMi896A`h!elPXk z8Z}S0e5TEKjJ#UC?7fmt4o6}P)r|qu{!wC2uTrB@hfEL4O=Zc1aouN2OJ5o7rBh%vi2 z5)PlaCK1fg1h-W<$mEqv5$Q-z$(`>WPW@uHj{^Y(%<$oT;<0Y%NBw!36i4TunT{b1 zx{Ecv)7x|S5Oj*M5GT$q?n9qnYQbF`4u9Ejy*jOAZoKsdjB6rCuXVs$QQN0iuT_P*PP4nZ5K}Y^O22f^%lnf%zDMA8=#J${qH`gzdxbgS?jwJa_lP zEc4a4T0hFl0^Y){QM{W8ub;8CI_ic|xt^n)`;PJK>=ln3x7;{*04?)Hrcp?tME zOcNG6%=i-RBa%@_oZ9zySrYgw+S9^fb=)&|jW$^BtodtBa{-t{_cU%>+Qtl>3FPjR zyMc0oAuYG4a)v2Zgr>!DDX*pf0A6Nn-BywpG$!&g-+8IL#};w^#eMhgc0$9U!kTL% z9*6l`Rg=$7TY<>Bt|6vP-sa+oU>gV1OUwqRm3!oyyx66ilMe%!IgMQrZfZdZWB3b2 z1Feboj%hmSYo^wbyHoxXz6;1sCDqjVzyG?$T<|*vH(|A*< zff4gAbia@9S_>D_Teq&wjD0M*6)}oY-j6suIG?xLybgJtp1#Ru%#pf2hw^xJmiTi} z@vdA)*X?SBWy7S*P)Y}KUmQ$SdDcRJQQWwBLWWuyXGN$wx|(;L&y?>Yp-XD*eE6=d zJ!_fgao24~n^&BJ%a!UQMO?lMmkCy0rR~!)XX{ttNFX8uWAEV8m|!Rxj$yA=L;j`hZik9>g@ow7KXIJa?pTtKk?4_?LZ=dZOfq8B}FSa%i&0a32oJ!dl zWy^)+&EVOIdX_fxzJoQhZpd%8mG3WwJbPDWReSO4lIPNvl_~p0GKR&u)jjP8Tyg`0 z=(}a~`j6a*jmR!+2HmvAu`&AJmkf9o#tR!Cu(y`xd`7q4e-pel-AM)OjU^^C7@qR) zIyn*?T_K#AD88n2LTHnmBU;%^>DPm<$N}&9J2fZg*TGDJXfYok)7PaJX{N~Cty@oW z>krO19UGwvy^d-a?BcWc;_wcRo(ZSz_h2B+HiQcfF5dmOi?7yTbP|`FnlqynN>d$o zOVRDCYFK7QwZq*d?6jiAZD4nluntcELPqpZ9`thGL_S*X4%I~yOz}w&!g-9NZCc?l|+PiOncr1 zZzz)kjO#^bp=pz1kexOg7p5hCT}7T}lcV5EQl*qbkyjHnLUxscB?Blwr+%IJI@WGo z?Xdg{reZM`RZRN*m$sdShDyw@s&@(Db!|J_nUWV^D!V;@{S3yoC0M;vq){k%Jvz1R|Gzo6OVUIlJ_ng`vE%oH8EP9R4DHsm!h%3V~ zC&^aeU^q4QmV1~^$BP+^XZV0PMA^~ftJ*?=*|>vcs?TYSQiXGc-v5Zi82fRmH4&jM&~FPG53NyO~M1<2k zK;@dN4k6xsjh(ygio~hJA*s_7q*T`AE8n3k1790?Sa>NYZ}-=&Ygv{>%^W^lgB>9g z{$hX)eAeRg@7=r@WT)oyg{db$>!uPRiI1>~uvQjoV1MgIdH*Lk8 zOwi_%)*V!mi*FI+_zRq0yQI`0bMISu+6`vaI4!d{GnR3_t9?gsqPRP3_V#N}*5I@Q zTb26d8|Z4YC^AR{L;>N{n(65eEWGL-6ix=JR?onV72$LXP(Hk2H3LOmb?e^Q1i!q> zeT>9#NX1LOHl}^xykqy-WxXh;HbsoTfxBsPdv^}&?8&-|q%oA}=tDVlu;IgpP85Fb zwUad2qx{2pM=iKHc=H=m?`gVpcwTFB4Ti?(aa!ZCx$5x2H)LFVeHe;GuSsks4YGvQ zc=mH24F`_;I)ebnzgzX_=Z0RO{s0k}74Xe-jxG4Rvq^mlPFEc4X54&7aDBa<+*LgD zC`Ct2v99`HmiN`cZSSn(vpQz5li*Z5l9<3F*P*&=2K9mIesCD87Es}EmO&3)b0zQq z`F!+(`8A|#>(;@FMYk2PczzCMtSHAO^tV1RY}+$=iiHZK@Um5JxZ^JuWr zZI(d@Ii7QiYS||9Fbj^@oOkQSQyrsmmA3RTA^5?$;eQ>y9CJ$UDnv6q-1G?xtyz`%W0Ft^_d>F8JJ3^qXr1WNci8 zF6jNb>Wf1dpDtK78kdlQ4>3c-Dj;#TZnzWnnjCF+ioYR^jk1Tne_Qd3HCyhqk^@M(TniAz@;Y{KGTgwjILH6gQ@R|YqeNSAw#2fC1%UvS1w+;tiRi#S#9wkFVV zJ&75M_2hPRn0YKX{>_Z0mGLm<(1E_poc;t!KDf|0&ce;R=)n3|@B25Y;dU<&xphz9 zW*RZJt0NfKzahG9^r1Csw7Bd>Jqmg-Z+~ayj5^ihC+*iUCd|DI89p=Ex0oDHy8NX@ z1A$!lCEYx~>36-bha8s%9x1+VRFE2vrEwKen^-!1>2rqd#hfjWI+rMY^mQo-uWowP zXL-}DHG|;1O{KJ2j(}m4i$y(-5Z6`ZzV9X*-*Wxu+26-sAt*}KjmeSdYSwQ1 zRvdWRZ3(pPw3K^P91mW}(L~G@cz5t!$QJE;&+SqzZUt#9^~jws(k~iW!R?TA!R1yj z)~%%`7{v>`;4mj&jgxmyAy21-fY>>CEw@IHfckLGtLq3bC;V_j5!l7zGAwpv)DD*m z?+7U-Y3M$IsXPC)625p5Jdzbg4ghu2A?3HMo7m27a2Wm)Pl{ThK!+gHXKWQ#TH|1<~53+gDJ@fcZ?D((yAUa={`s z_^Nw9MgxO8mwKldKk(tCKtKMYocOiCI-1Cx7WqRRX^3%vY5E+I`SI(mu?pNpj#XVj zJuC2K5?PJ!$4i*P_Cyt>moRJ^HC1igE+I%)#6357bE@-UgEp8hfe^Bv0B!p8g zs-VU+t~^%Gk63IeJKGjxPX#$3x^(0IrT&>6vO?j&T`%q72qCziuIC(qaW^CbaBAq8 zn970&-A?_xNzE+3Lqko8PfiZ0s9?y*$oP~hz{r`eE>>Flv$~pJCrxO;?KiFu6<(0H z2GI!H;H${;ME(bxkqeYWeGetpeHTmToYeL1glEiV_UK!|)+er{%=S(@yE8pby@FMT z!A1A3C!aV+6x^C1k)zeS`Z(A(>{STEOK`HVkrxX!Xnp8fUsacscqznY4qT@Mc^^%#kqtAK(&G)C&ZyuOUE1*H{^yL5*;d9xbO9;+81u%m zTp)cd(C__rrNz(S0MU)RHv5lRJ-6#O@4hbfKQNbF-^=%1T#HR#Dd0|Qv0-7m)GyzE zE-t2xuF;6jIJsHmIK8?5dmERbya73Uj?=%bK~AG*Hv!P6yD$w|gST}YZkL#4rK6={ zrYXlh3!ec;GmUQ0@9-q(^aT6mY>=Df5Jkn+XKvivUiwI0dnKpUDG%o+LNhUv6K7Na z2OKF2>no0Ga#8;FVY5(NBdo=*K4b`QTZ93&s^R$E?(AMY57Y~~wD8{_^Y_n| zUXtHvsnZMUGLfXSNihE6WdkTd_v4FKg`9+kF2W4}csJh*VA%fEV0$ze*GP&}ZLD9- z^kO@4X=MB95im#9AT`7CzuxBWb70}HUljdc!TJC3Bf0Rdx;q4a^!F(|Vy3$f9+#Y) zUO98Sbt~p(qVnGZ<@7g{%u1Kxv?O-gAhLk-y8Vku3Ar+-O7Y)^_5_BT{3E899CvSs z45d;Kd3xRcHkLu1qrW=(?{~@bLdhK>{N?v`0rsJ8qDk?uYLVmI&C%gF@!!Y&^_hP1 zzW8;o|NYkfc^q-)KX>-uXZ?PxckzFN!T)tKH0FPW+x~SG*oR*f(SKg(zaRYjWgEpm zeE3kxcX~jC%Z)=W!YM4_@0Lv6`Y+61NNA{=+L?i!oOn+f0rW47-sx$>%wKD2Yr?Hk zvcfXzr< z^#2NKWKefUb#%P`#h*SsZ?UO$4SD{rg0ZYaqeH-%e_uN@)8e0=^7mc(&+q?V@Jjbz zV8Z`;@Bci>?D#$6{_|4*egt{)i)x<^fM49)6ii{4ML%(G=NyGNKX~u}rN_z1$;;25 zsTUF*?E|oUfJJT;7KfD96E!r9#oL8^LB~);)w+XwkfXW9S!z7~iBju!fHVc`BFMZn zdP8eI=;|)A4D<2xfA1@ziI0!p4*wpeyr0mwKmM-UfglZg%Je!uV02{MZ+(3Ixmqlu z>--KMU=2-AnR5r-y$@k)ZDlf%9vsSphcA4o>dF#FGRn!xef`S2ViX?d7AfH?B^CV` z!vo6#{;k5eKb0mv-1;imwleY)Daf*=p`jt4_m(fh6d}&Cm8-?jOifRZ*3?00mUsCE z%gGQ80&RRyVDXM4^l7w{lm_oN%5lwr>l*@HdpQWpV9zM?np`S@4mTR{IvfR znJQhX8+N%_F8))LKHvF^Fy+lW$v%P!@<;FZ*xRDCe=XBwJ%P}Va{4doyJoV^bk7V7 zO^O;D=O7KA=`CZw7VWyL6j%l#70j7s3!ywCYM-_O7*;;t~l-pJF?*a((?2duO2=jvic4&%_d_vD0JwTeo@l7`L4ece^~iP{lG)9JBjT6Y_@+tG=SV7PxR}&g|3je5P^h zN|n~_)c3tfViNu3!VrEnxlY;An3G-Y?V7{)f_oc^x1ZWSbe!0^E=<_I($H{|z%^XI zr*|BAeOn(tEaWz?i6PFW!3bT1$mYFloXTJ+GGD?`tp22R6CtQ2cair_ zH+R=|yl6>EfjAG2y+ZvKNBMhJ8Rumzt*ms7%>6FIS?ftFu)D|tiyz1$_s~bWoDCMi zKUyBjc3%^))yc#ku8mX!Jb9CqjZLEwy6VrRK9>gePPd)@Lj6g?bueT2F)Tq3lZdeO zQzsNMjutXhdAozD7`E^x1Pp%jM-^TY2%W7(uoLom0$Q zmt0f%@`RIP_S5z)mCDjwI48dJ<^W$w-`d)Mh2Y@sJ#M!;v)b;uc##v1XB2P!i&of! z&z?1$8Z{Gc)=#V=GQ;8=mjjt8AZ5nGdFV6u?h%pEndV8ZuB`aace)RJlpZa^Dj0YH zyN`QMw{s#VUmvo~cRS53TF?wIkvS|q#;=c~BbS<{z{H%~`$k+imd`1Ve<%^?#)I#L z>b&#jfStL84V0@@z^pb%oMc6(XGSkNty-z=IPTRtOH1_yzPwR^39l_mjv4o00%=Bf zH1&r`V>XGbr~Iz>&c2}@kcg5ko1U1^fHz;Z*u2bZJ;!@=gqlhcuHFFBIG?072G{ND5ey_pcJYjTQCzVR?5oOR*TM0G_yurcor@ouTi zx6`_`zBon($ezjuh1G&Dkx%!PJv?aKB+4x_mluEp4p9U>C1r4XD6t}MyVOpkk}F;y!aP%AE-A0X}z zYJRiE^J)}7xkJ6V5}>Mb(A{Qy7(q01!loWl5=@ajh}w8)IQ9dj_sT^snw zW!H}a0TauicSZU||K#n@CHDwpmectjT>I|W>&*sQi6VkkSpgkVOPVFWcbFrxIf`|? zdw=EzN@)j90mJNSR+%<@G@ER=%XPbW>=AQPT284wlYzIfXz486BB4Nz@w#V>V)?w z*h*e_Bq!IM^LVtco!qJfXP2$yRczezmQ{TQSbIbiKNfAf;G}&Ou)6*D=|Z=BE%I=9 ze8s%r;1^LL8&g47g4-=3j)pmwJ~SWCysfN_wRH>k`b~!f#lWhJLy;h6de@t@BW16| z)>P)=qpm0ZnWw>D*V)P5ZBBd>y+W*7#ugl(kbq{<$!(`74^l0%6>^Dwq0B&Z- z^5Qr@CeBi>@k`cV2Xob?zSY%dDwjQreQJB?)wd(pd~Pu$nLv(v-GZA&C?9c zKd?PSr)1rTXNrf^;l+pRYk@`j-C46w^U51`jv{BokC4!jU53eW8gC0W%PIvW<=!By z-W2LhD3px4Vq=)cz0@6zqR?A8mio z5%Y+mzU7kk=cga>9MIgT-7^&_N1_a|cz`5rH_ za4u%vxqGNIf~ZkJ)N~j(aJs&aXhL+I?7yaHjH+)gXu0Zij*y^uOdWn84y+%RnvVLi zLVK2N3=Ed`j{Gg6A6YyGnuKJO)ERiE#SOBZ>#B5Pod>h%9OsUBZsj#Gy0_k5o>|gz z%|Qv@2%p`T>vF5a#RonUZD0fTB!#ZZO1>eAFkA@7N-lI)U~56^2W|4}hkRjuO$k2z?J z^2*xE2p9SZXqF|Z=g^g>P;RLdh*!_7BUpeuktpZ?qX<-*r}ynExP*CTqwY zal1kX9bRf5$9H9gMyijg4s;LYU4%zEFoj92iQy-+^?7Intsj6{BYtJlW#QZoA+*+H zl!HQ!$7t|8U{@N?%N(qj1<4nn!&1nfnGEOQ($1O(QW2hMC5BONI^8N3tU&A+R$Tln zU15h`L`9JI4C9$cs|9egZ%^lvNa-J1LC2cMLdKH?GJ#FhDH?rkJ6_c!s5!Iec-FuL zKor)@8FX|I?PMK@?c!7Z?rv< zIEAv?M%{@>Q*?;7jQ*ZScq&CBa-;orAwDg1jMFX}29ZM!T0i|rQn%8_x^_U9qS}#E z!B}Im>8TH~CuBV8c zs3p{6s%n({MZ~VrygbCO!T6$;hp&^9hoKLn`J6cwYFeCOG+vt>12`X@LsBZ#70u zqAr^EN^0_t@gw%44?4;leRLD4EreOGkf5&iZkXY<{Cl#UmMFnu}1tl%*=PcgHuu%s;amswk{dmVuyFRZeqF;$t~r1&mHC!%i|j2C@-+* zdM^Ln1U6d8$Zz?LQ&;>x%2NL0$J@5pVKm*N6MmEXE+-~8!~+pmO3oVH=Mbh7)1pdt zG@}e9v`R3%-(E&+YM%$8tUt*Lp)NqnRUw69ZLFMnf%C0=#O&F#D4jiZwDvC0O7DKq`d6&$8oLUh1f4DCC)xYJzBA~LnRBr==(o|EAjhb(tPTOjPY6QNvm zdDnHpWD8rXw_-c+IqBiJ&!pA&hD4a2XVuGBuck8+nOBSeiD+0cZyshU%{bZ~h5lkT zNwm2YJloHQ+v=guw3=|G=E>g55K5gf&)~4ri`YMRvKxvjw%+g6dpgwC8!T*3S)@;J z%c?#4vnh~Td$cs+t2rT=uHNRi!dcTcY%yj3Ax^3L&s)|LKD zhSFbQh^Z}tbrT7@8bMrSNf*OocQIWqAyd35j@v1Z>ea&xD^!52jgW=DX)0F)%rC+! zKH&b;>P+YYpMa)-tCSd>>d9&!beUhjS8fuurlT{{Ux0~8j75nL`UUyb*{KB_FVOcr z5*tl_@rvGt5Z-kS=jd!|I)_!gi3tfWxI%dnreAKUP-&}@|IW8!J$zDcC4FFIvROy+ z_3Qp!?YIEp2Puk|4Bjf1nVLK`>AikfvP&XBo!83>NBKOQl)I0R zQe5rU_he=lqTRa1uFRl#Cj~A=WVUo?$x!v>OU)Oa#CRL~hbNkt$tO?)#ss4TJ}Yr8 z21r5|QYgDow)KDty2Oz1oJJU-0{-fpI?=hi)6LuF_>7dCgJ0mw3Sc6!OO1Lx?7dyQzcr@?$8O?;Bt6-k zSW~so%362)782>*i0B+)I|P<6w%P+!Bw?(CblabLi5BMgWvr6trL(t2H^Mocl>lqLk<~Tlt*ZSHy?CfGPjyvt6ID@~a%}>fWnnp}c5rlWA)+dCDzfBb% znA~D}i^8S7GBE|aYZRRm^iw%b*Cv|PB z8pPhScZh7?ieFn@O%@lqPVaKW*M#5#4kZqANy3ZCjYF0Q2aJ|qRjT;K&pkIlc;J=D z^rl{?^A;74;h#86wfRc!Ftwc2KF3fwE^f8A7l`8(=(XEM49yQJEgvXT zHJOZ5y-91GL}&Z^^WVyPz#f6dPz?@Fy0J6vA1De7VBuq5ohV-FX-L&-DaQ``kr2EY}JpG;Z6(3)=|8aZnZo~6G|NSZLp(0tZjEnmL-5K|h!QEoYmuwFHf z8`l$a!Rkm4KROyG-Rx~Qn_jUH0m8%It;CQ}Y#12X+9Y!9;t^R+WnGZ9mY!LVA}tm` zuK!3fQOddBoJg*2v7FY@Zupd)@57ytzCDi9O|yyEh2|~QIw>6#$Pfj5iyZ)Bkoibr zb`G@X@jVGxO+XNpBfe^+Nz*{>2%FRx*`(X~IC#IKOlfQ@A%TYMjs@2cqJ8Lb;{Kqt zGyx+MV*Zr0D2bQG?KMWcFcX@XzA z3@FbjLga$~YgKK{YU|)S$~ts}w{jyqj;yBjw>rw=bGT}C7b?pubmMY{+n6Cn#MPp3 z5Eye2DmfpSw0Yz#O;kE9mCqBq_Wo?_?0h2>(CG_vIovq5`%xmp9M4bdhjrb%BS-3Z z22Dzx1&J7zq5CP#>3Y%O-QkfxTIbt0%16#k#siYg&CNA*CzcF}uOx&2jN>s=41;|S zCBj}9FRPxb!^G8VDp$W~d(eI^@y?fpTXMbT5{|GaWdAWDTh}=l_eXWUq~~{fCfV=D zq(Z*kwKU$d&2q`wjl_<5&NMW%Q<=xKwm_oEMo&TczQSyb^XE3Qry$pvnQYbl&rUhthQY&+^n400>8bAZ>) z11XH@;RUVwwslap!kcBew=HwnFWHa4OEBCvOv+A8t}_+#dpVx z>_lvh!eFJQgB@d!Bp{DuDn3t2P%RvrwX~xOO9O204QVCctxbFAJCx|Q3o$*aCQdHQ zOGR?Z2&fl`igxex^7%FpS<*#%$#Pcnz6{*n9{}fo=-xk!I!>H@rp;>8Cn^p4#1{vO;tVAb)q36tj(eM_0k>_0HmyxpeHHa! z3h(c@$_UPDOvq@ZxXtY6yaTh0ugU1{Ok%{zOm%Q=6SGc@gvy@7X|;x5anHKL9&ylU zf4+ZPB5)bL^LGIbYEih`ujhRE^SbZJgrm((2e7e*jE07Wa+w^k2|ihT6=07grx9{| z+s!55%mhm#b-`0~B$UYyJbBVmm}H_vJWh*l?p|YvL zyzwtVOCVDHxKKpDd1U3@zb{;?TYTyARmGBSUD$ftn{rFKOgQUvcq|n+jvdYU_J$i0ZDKhtN(2gZVsh}_Xd*jyd&dOK;d(AP`r2K7$KA!8F3P`ax<{-04pN<1V@0V*g& zPC;F5j4bt}@y~(qE=4WnM z>5FV7_MMU$y}oo4d%Wk+M*p7+KT?Ly?XB(dWhydX3f^&++);6CXRrI1_oiug59H@> zpVU9t`CO}vUPndsABED*U_@(S&%>ojjRy0S4>?)E~=IgI=y79`p&p7B3orRSy1oyclWT_?9;tm9Sf_w{3 z*QuFV@#eC}Z9fu(Do|}vmUR0@6ZZr5aq8R^a#0)!@|CuqN4gH;A%2h7!;So^x`qvw z43-i5A8Yj=tylVva2YG7s9etSSpK51gNfj*-k)^PSEdoMxRDq{kk;sXy|+mTCsP?D z552L4sIE?+9}8HC00Rym&T3O!d)XlWfhz-pgmZG*CuTns zQMl6AVp=rGdF}yT@-Omy`R&%fK=`pg%OzOb`+nq^7}*FhM%3~gm8qHxp|S3&hamUMd_voq_oD37fZW#6zD1| zE3-{bqMy*O3?64hlHl@Fb-ZmMx9qpppoUaijl4E*SV_tQy3*X@o+$+urN!@Wq;$iF z88)LDoO-`hK5V-vb3;VX{6uJZVg;z-^=HENSp;;g(I?bffw3+zxVRBHiM0}ZQ(t)j zhXkgwi&Zv)EXTAwEvus2cwfUMgSNIo1oqWl_%EbGa^a$a@#8K{Spaxvh&>N`>Aoxs zah`r=I|8V|Fe+nV1R4Et0kzrd;p8`Qn@Oc?2KdjSXF1*m$afQA_}3k#QRWv7GI|MXUMUl$tXF+lZO(<;of7y!V}AP#JU~;?`!DPcRId!YO)y?7~zM#u{ShkzxJ5Y6kt zW;m3WhD%d$+dh~meD&l=cts9Q2BmX!J!o}W#!fr7T%L=`NPKP$yDA=Z0E4@%j%QaQ zW$0bEh1E)plOXQJCQhuv_O7W&v6qa2xt4I1sJPz6ZE%W*1RrSt;mByf-FEa@?!d>} zo}z8f?_|AdYZ~$ngt2exjcY1=5ZT;gP}_+51RR8u?Yh@b;}>Kc$Xkw1r;tvFzJARn z?z|C$`bcqG{@iKmDuNr|aQh|9R*JC)tRtR0nod%I{5$)UlbKD>Q;dNhHf<&=UpS-f zl@YWl0l)w-4qcJ6j_bpp79I3?*fa~@0xGOLg*5%j?xTysDb-!$Lfr`8N({f0_;X(S z4WEki7-5}KTUitTAuT5|imK`@#PN=`i+Re;V!=Xqo+RJlJT+(b%I&PxD*GkNBe}{! zgZ})Q8tgMZp`) zdFm&V+$33y*AQk6aj2ey+7%w{^(s%p2Qqg)ZAT<^XZ_4Igo_}KrYj*{D&>akAG%|_ zE$Qe~v5GhK+)J1Osb|(JolrgLr@L!9+)s5|!8{E#GuTcNCjH?#2S9qV-%j65Fd;6! ztp^lh_PY!RGxM~c_y%Gs$I=^R(KSc$egppiSBTqgC!kEZ&A82mzLECs{77e@wBYLk zLQ4Q#r5oy{_=Jb1dC5oRC1Z3k%LV;nJ*lD$XoU4G6;SlNM#Gy!#jjCyJBj~sIREp< zXCnk>jedMV)|B+0VMQZzUupO%g|Vq$JAZey&1kMfsA4jSNlfLZDqNzoCxmuUSYXef zBc4m@P2pSlYs$&9k1=%?hK3N}ZtHfovp#g<63&|(fJqz)k#s}3t@L6DgqvDq+jG91 zFY)2wIgYnFyXn2RC)h0=yWKt?x1F=zZ-x%CCR2E9e@7ybAuDD`E!-}9?P-|hSttU4 zO>Ii$kev264uLSYP-5*@WFK4k#v2>CwHP#SUYxD`?4|R#*Ms}C0tp#?;1#a<5>&Y? zg}hZ075(|wix=YAQ>Jf^&RLI@;sU!9)K#@tb{gTL?F{M|zpqH6zPP0iCy@%b)Vmse z6_XC^7BdMXQpl%yvQk{2a#bZ!{P1|Q27+4X0{qm>;#7A2Go!<8RzujXvQ=`gcw19~fE{pQmUSeCE*0su-+F2~ zc3W6@zK6s|I_`;n*GCKI8&uqF6Z_;)12S6Lz{})J?;3o_PLF2ba>!LHkx!GR5K3F6 zdSb?T&0As?seVo#9n0sUUd3>enWG`uD$MZq&*~)Ulu$;HD1$YKcLE^n_!kh z#rqto7>KaD4GLt}!dNa$y6})W9}4@7h|Zt+=pksf@*^o%ZKBwK+N?#zA4+{VR^ zo_p`GVPNX85V0aAzr^>XmSS-3*wP7fC+D_>_ZQOKLWunwj_3CoYrO@J7Tm4xL)MHV zvcFf1h3oMx%$Kp1M8)@+i8GqaR<`8!Rtj-lB#SV)A=c*b0Bse$!&j0yD+{)^CGY*iHfs3?B7@Pq|jrsjcP0WtQLWVi^{us@l#EGnMVK zfZlP-sr}lWdyq1dfUh`5?ZEgpsJaEJy7uzl_?eLEP=#KL?YCFsX+GW60vaF5Vksy? z!sPoP1%S?jg*GxhSdkg>lgigt^1)G*xK08}eoxLf1nPgUT;mh|5J0M#er5IMNgWokIbvc#6J&`1m}*x^M+lsEqyJo(QXHURR;1=!+pQTVu_u%T&d_b6=% zqPpK!#?~?%plFjrGxfKYH!SS{kT0}YQw_-us+Akxj(4Xp%HFd8<~F^_e3H?4aS0^5 z{oBw0sj$90evb2+Gr61~_xZSIW@0CV;4CsQ=j%y@2@Z>c+vvk*HUA!iDzV?h@bt`= zni^8=)aeh47elhaX!@j2B$CUd%JI;fwZ|f6X@oQ?HkLT7)#J-ID#ufM#?uC!4x6xH zTbOCclIOlzk&==^MXZ4XIN#5q+AoBzX`E8GVKb`De`bi)186x&WK))ye*V`amIjK% z16ATSuH4KJlT?YJ|8*K0QtDuYkaWfKxu>Q+cxu=$DR&Q|k(`pk_5S<$fZJRzz*FZ3 zOlWxaEfg#(IU`)?u={P@(3Ra3Lr+WlRXjg1J6TA%!KFVd#Vf!!758av8WVC%M?|4D zJw5H?=l83IzHe{zar}qAY zmCqZ=!9kk-OnC1PlyeGdo@Djzq?5Mxjj{1@m>7#uuTpb(s2f<$9i?r3N4SgQvWpx&+AIkYO`y_X6r`Gx6zWwgp8l9~1Be;}8kWYV(F?s0KRX`KVQqZW%T zm*e@#y^6Q3fziY7W?I@uX5k|%`6(mr3Cey!IMyQ*I;PlIn=+;O?Pg>U63N~Nna&#Hy=Gfc#jh%0!@?D*(-AOZ$|IceI z76&R;!}VmRJ>);l@42?ZV?n_&uFMk#a|h|u zKj2pze_JW1p|Di}uO1kS{1Y+{MZL~iQtA5D?|h`g5y1fT-8l3OdomDp`XX)VWrqWO zQJGKoW`buAZbV#E)B;TA3R~;5(9gf$N#x#O!E)AC2H2~{IQgD-ynbq7AOj4l`i%^gSqu!XU?TwS z4Y|^Wy9AG#eQj?watjRNnY7B-#jMf<-+<;xb-DWSfyuoVDQ8+*~xbYEcL4wS5+Y zJ1VX}##omN$Mw;zWlcwg3D~JWz(AUdHQQGMpI%L>RZd#Ee=yJXu}=Q4x=i;`XlP<& zWVIzSzay%Z>NkcXalet#bvLWsP_rzyZ29~T%fb%{lX;)e(pohOY@nO+tpl_Nxa)?7 z(#ZWt2XMDbW{{k_)Z{m2tUAjO>{~KgH7O}#rLD2Kh~z>q2B0;3pC-xgv>WpW$-^tm zJy5-#;IE)Xm<)2gQ>9BX+(+#^RPH*Lz+ViVY}UFGnIc+!ckBkj=BD>p3kbGOS1ZoT zgI@9V+a=BYg@RvB9H&e+SQb!&zB!CcOsI(s0QO4FxE>*_UTQ2l+Y|^)h*H2)4*jlp zQ6NEA3I>UE*y7@%@#(t}Z@L7BqhLLXZCn@mQVb6WZ_!QWRyC!e73@z2Y3n2G z$?2BlsdtO7^($t54GD2dPENi~Lz8oQP0MZzOk2d_a8U;Gg`VdT{=I(Z?&mektRfN& zqL|1NAJFsu)$-a+Ow_b@C){rzW6mQUf2cBi-kT|^Ayl@lS~+?2$0Qg@Kxh7^`G%X? zUv7dBS$slGKtRXq^Dul>UK1?YxgKR$gVX$4Ue9a5Ef$0rP{U&8-MZ zWRp*sX2T)2D&UNq;CbbtRR)`gTVP9Ze^o(nOe6kBWtu~O0oUpARH5L*3E%I<#*g)Xa7mJ1lqsPFZ@taFVYu&Dml4mZeM2#Sp^Buk@V`Sx@Uc+f+b|Zol?4eK zSI7>PeljmE#`+tZm^?G}WB8*Dt$O1q3DUI7ae2o;zS?bB{(&$Hg^`&3@oCB`mJwJK zjclvhfB4~ldvk)B*KzwRQpfh-b*41^(JE`SfZ06-1;rhj%)dghlJFs;_QFKw6F=qy zQt1B@BSMqZT&DyF% zJ#x^YY84U_ll4zL>!d03Eq_Q$LGk_n@%_e5t8= zi!8t6G3yjh4L@a)M8WZRXo;IQQcXVQ>l^ws!`7}x+^1@sGq0#*-w5U3Vb;EH!N_+8 zI%0jFUmivAxRl1j%KHTB$TmPH268ZJg*#?!!* zraj7KC6}PrGtn1S0EQ$0vs^{Lp76-Z4$hQD{PkIMer$PyuNLN3F+F=G+&vU&BVe~y*B#~x2fY}U^enTj z<9yzO^cn59(t|hS;?oy2Bl>Kc!as-RndyCyZvVDkQ~(SH4`Q9AG<6Zg3VkKCYM-5N zA3lz>iqoZ!oD-U>o)gO5^4KA87+@3c(LW@0aMp|oa8_}pb3n)AIafkC_P-DA%HN<7 zL|j!b!$R31GHzGMqVjcz)gCa%ZQs0qUs{g)9wSTL+YPW?0X}t48^oJ49b_K}39?=F z7Q1$rn;S@>saje-PEJYAi?JN3tv)QVLBNVtTy6>N8#KCpur~zUoM(6?m)(C@a;yeSHI5ZGz09F3*l= zuF>)*HzM%~VS1H-Qjk4_Db;c+ZS~Ea<;FWL_ur}9Raa?ts!sIHeBdkfx-MvT-b`MO$ZGaG(>k zk>Q<)w!6(GHBXe!A$#ria5jhdHYz1DioU`l!(}`e&N=Bf&)rddq>hEkYmo~%4_8F#$4bl|QF9IgcLx1T}>Yj1#z0>JRVt9D2&EVZW4sp=1v(2 zr!}$sWJE6Z{j^msOwEEKCE+#Gn}on-x^hx(BUqoJSx)BS?YCd;FOw`^$Qn#8ZK;i6 zc|v$ulpbiV9(T)exszw(&~=9qFq4>{JUO=zy!t)p0{Jv`|4kEm$IG%D%IcluWaE-% zyOsR?78Z9&Vw;?wU2G1fYa9}hd%5OlvqMv4rQbcX1*N}_)ArbZ!3!bA2JefEjnpL6 zyt4H_i488(La1t0qTcs04dczQE+({-o%lxj=AE?O47SL`UvYeBw^_}4Y0g!b8Q8<$ zJ`b51>H?X9OV$jGjUJ9RZri!I;9ZE{LN)O|T|5nKKi7G~6>@r`aRBtle5P1|QWr?B-Z;hDVZUl-{;ypWAQqP!MaJZ08L-z4A#<~y~{ zi->4}{x;JkP&resPm~<*?L7{L5B88v3-$D?B-H_WOC3dm+w5_HWTPTk(YAxUeJ2%3v3$9bimaGRac)}GlIj6;73 zeTB8_Cfdpv+c6*8?)22eGj5@*(A^yVgia zkt>Icr%lz+VT|;ZmD?NEAHN>NS@h(ovbAnOmNozt=}+W~$nPbtRxcdCvgO?}6>;BJ zmrbduC0#d7*uq9fB7GB;Xkc4h=SIGFH`i>L8Iawe@+`Q5&qB5l*_ip9SEPE;^;T3; z<>pLSM?&(~O8z8gchsV-j7@*eYF2OCSp)lOs|8u><$kHtEJ>;Hup5BN)=T(H_(-RK z#PD6I${>TkH?9&AI^R7m-{#WxINjw+zSaa~Us#s*`qh-D{<4yFD~iuRar{j8t|4*8 z3)grB&%lCKR0RWyaQpjnU1*X(u zMsGWaARX2e7RF4^nz*EE4GNYm+kpv26Z=iRXPjJQ*Iq%ZUA5(t*d8dyf|~e1PDpyG z*`((w96>(`cQs#}#C5x>D6TE+q6z@nU*il3vovRYaPaxbt0WFCsuYBW7*2r)wAdHftlTFTs>0joY0@V2BOQh|a7RA>;! zwrRWe8aI66U{-l!M9X`#E5YXTc4va*ekrqy!{ggJL-9@V8hoU#5DF_gq%K{l(TiH9 z4O=^&h|?r z3>+MmQSGbtJHA1mN^(o7(ncVQ)9Pd%-J+*ly6b6Hw+={dZ?>&0_GS~gEf4l6qC=5lE+=|a z>s1S;M>Tt99V#1?;z5M-wMUOcxjouit4T$C+$p<1#5J89Tu~bvp(1d1Cg}XE)KYJj zc;$^*=&W<17#?4BqQD8wy%PWGxZhpB{A7$We(Tt+dp$eR<_LG}X@I>)@*`AnI7|ep zT557AyE;-$2_QW_28v8m-6AfHX)?ob+9v_X`GiiQT5FVYt}jF_cc^^ z=p3;*SyKO5mI%)t%xaPjWghJ~aDEIxO$82H&z${@8UYfw9bF@~AWOSJa577R)*ocb z*GatDSsAF?DAN@4#+z^vyc4%*JYB=^bY>* z#a{|az~AM<(zCqOUr@0FEawOAp5`wA*` zo-f4DFwiJg0i==-q->{pu$Vb7l@b)r95->|D>@GbhNwj{hy>EPKkYbwWXIdVNhqaF5CFOe! zlB|Jz33-lae0`(TjslyaqATZsKt9Z6|3jz2KxJW_rGO63ntQjSoJa5)H)8Bj zzB9?!N?w#^6upTmN#abW-6u-fxxYv!>!ROqIa z^9jtJ!m-h4wV+C@<8SG=WEW$}f&OI75`RT_XAve=*5w@`vuFC6r?*>^&6qoZLBBE4h$Ymg`yx{mCaMXNz zj|Cy{o~njU1QUDYdNPXA6xr(b~-PPtk{y zh=C39cs_D3z|hTVVhN83{ZSgL=d}48)k*R-hMm&y8o4mNlt=OdWlFI&QhzyvVdjxdC$#FIo$06o|FBE5Yd`*Xu>Eqs z=rFZhG~%s4MMV0ii0Sp^0I(@F7K*fLjs*db_3XGJ^KFav(0 zfn8bCpiz4TV6SFEvvf}}o1qusgQ=m=lhT0#>{~%u4cT7Bty}Uvw9K50(@}5qL!v|T zdUZw6wppIcqq_9zuN_TXTsJL%<20NidHHa}lk-2JU$TMI#4CM~OZJ0}>9N0{2OkBYfV>YZP^ReIFmylX4 zS%w?7z_XHr)uPs_1ly;_E@;kOhYn-rW{4-hFqvC&RP|f|B^LjtPB&;)VY#-ktSp^? z7i!>`jGEkCRnfJv|FX!;RL$`v(;gaO3do{5#-urtePbK%mj*{Mt$y(Ss@jug&sRs;4azi=}|Y4mMmU zC**gePDqo;K*?U$-2^#WUh_-2>I-ADu}{TE%Z)fI4F4ap-U2AfHtZf(5fBv+kd#nT zTDn2Ho25eu>F$07>Fx#rsikA-kZzEUrI+qrV2S^O@B7VvzVEj)FayfY?mqYZ+~+#i zxz0f(pj@7MXK=d{WkuaT0U*UZHzJa-tQMthQ%0NPsHZ{Nr zC|`i_^IS`Sl)h;MZf#^;4jv|#&BCX>uW`2-2TLuO@@cRy$+eJS%RoAjrBW?(0YXo-HkHy7Z71hS`8wFeGLnsCT|kmT#3p;oxN_U>5b<__MeiBt+DO6hpK#N>%5;R{!qgAL-fneZNZC^)p1zi z@w7z^!r>Kl38r|uc==ezFJ#C=-5O<&rMo}hq}X8U^%3oR{`nt3j^@Xs!;%7B&@dEt zT=x9?nFiUePVCm@J4LY%>~vZec8tBuS)Hejr9z~6wt7x4VV?DbIXQ;WfU1&+8qK}1 z{_BLx!h97WX=@w)d`%-V(2J3Z_yRHCV}e8+10gJur1i2JaL+4!ZVL^P#Y3|wj05d# zpnqgGUN1QEL;oO!U4Vi_@%$k7w8^Ov{f^A{3DjjD6!8m;&;X%V4tToffWq<%HQP}E zTPw3tlFlXXpem0r0ed>Nj1>zr=qp!OF15myi0y4n$X}i|o@_^(*o%pQIIETKCF#aM zw&BLWmDglYvJfIlm;QxL>{wCakWRF<6P@y(JM09iW)0;UfRhn#rX|6LsZ7>fZsXq8 zu)MZ@=B)(bfA$Nf3F{IBMhzv5*G*~~APJeN z830QYJ0S@0@-c~tfuZV{oWIt*yhNS>Yz~khX+<&!o_a6@hBuDGIWL;4-_1j;bGM9X zA^_nua}hie2m`J(qB-s|iYipD_+_8SF30w0kuj)|qefA(_aTercER22_+;z&kD-ct z^x4if^GOn30a0avF9f{pgqXt01z?xo@878wbMG+&($k6Ug^!vCGObJCX=GnbJ5L5I zJ5T=PA_1OEAs_s+Mx2HIg^+owDh{mqcbE8r2#04P7^JG^LXIl2Ve+*0hnH5(d_OL|?-;HK2R~OxZu`!rpb!>C2X#X~H9bu(g z{p`l2#J}LMu-w}eceNyg&v+7SP7HbMl>nYhjR!o=Kx-hSP#@^)V(7-FYK5yn&fI=I z787DzY3%7Yx0k3Vj!`rxah%>uJHkyws#>vI0-2c`4&Kw0I}#Md=~7Dg;7@Jo0zt=el=xHJsN}$ay0d!F2CIUY;B` z3UgswwwOw|#p_oaj+#DYG8>_-GbcGf5fvL2R_$TOY}`fX?)Fij;BdBu4C;EI>L@Mb z`$6P_fDT9nnna@f&|=eMzBk@Cu%eMyMRYx|Qe3L>$5RZK!}6*)E{tUtq_8`KKEA|- zhR-AchA-kf5R__jf+(~e33)8s$qm^gyZz&@uisrTk#55aQzd-i9O{gEfyWh}yo(pC z7wgeBAOtfG|9fS75;SZRfLof>X_){LW!;zj9;%Ej;3Ox>gpOLJq4HyTK#f+BVieJ`kkVfO9lDN_eT`K@g>1g zGZ10#6R@Y)_Yg0x}4$lED7eFtpw8QXEIcEze!SI#@7L^LUOsgDjL6e>{UY-J1Av z71@M_+!_fnq8dq-NJp-G^gfQCqmC&=VqD$cqg=ruwe@)t?)*Y~?}3EoLVizaG!~7jtU+H?@2-ffmtO`Nh~aB^y_tlU$N&- zIRkINiNFHGxT<;Jy{Al6zO-~dx9cG}2B}~shcpuS=kL^+yWex2i|8XG8ag&IMhrXG zsve=k@(BaD%DEmK`*Xf80L_9LtXSe=Z?^&1cz}kA9k<$yT%+Amm#-rMa~xvC+4`$>f*t1Y29ph-BLU{kr^BL!kbI*l>qy`YxMGPoQY zJWvbh!eG5w1#6w~W#J57VL&)@30NrEAb)g>fCoy_B@b3rYv?l=I|<@ZW?CJ{%CRWGECw~F=O-5n`VFq~02bI~@h?5S*_ z+!RZMwzrTV#=-knA+@nw?Vr^%L>LFu(#X!DL~7z)c`HE|*+6nR_O5z^_8bit?GB;a z^{A-Zw;mtLU%CglDs-sQ0Xe~Ls_LUa6Tji7V@oIy;NAn^1A9(h!Yn4fA`gpN4Vr@s z4Q!PYcLr2Y{doa}a=gO^qMWh6+ zfXT#n)}EggYn6ps4PLpO0(sLKlqM{ZAKRl=S-Gi?y12NYX5t5^=T`tF%mC-&)LEpJ zK+&coU_KNpuR(9!-P29+;R99zJ?M{W8CB;I#N7E+WEOWs%ZH%J+D9%*_uzO#NNEl$(!)8&nIL6d#SiyuzN>8AiNm_ zX{Mh?2K}BmuvjU0=&)m7v+#dP-gs?%4sSt-OnP(sn;4Or@2ifmA$Yh2hA;b6Yaa)Y z47~3IGJRd%16~Wc1>Z~`?|l$V0ANfOYrI2X5)V!PvkBPP0Hz0+iU-y2PUjUZEQs)! zweo8#*Y|X^A_NmugOta=3=R(BtgZrTG(Z?}^|gaCo!1)$m{#e13<)2cCIR*-|FrGw z55U*!LSr+F9b0DFP~M!tI9kGpg~i^&iG>ALCv@DU>TiF4iwt2x?|H=0_4RHLrZO?{ z;x+(M52J?xC9_A{tVi zMw!6?LJGLpUFbp=76jg8C8s~iE1HzAb)qER1MOx|vw)It*h8#*kyaeXAb(2g6u5A_ zj<}&vLTAAIAyLNSzT?1jvRS-T2J9~kJJYGYwb}14S8gCaw7~r-QM&u5kZ!<|rHPh< zWDisSH;wP1Ncv@y=D@+#Yc4*6GW=)$yN_~>`Ks85qwi+~oX%lH-x&(LWQUjuuQ{Gs ze3)3BmpDi)Pk0n-7^s{I@RyTpbg~*yTmFv~$MW{AsA=vLhnYCDMm-PDtn-}-W83wJ zLZn$ylnTTSn!+EY_^Hk8j2@vr%(nbL1HU-2a)rwk_GQ43UCp2O!%zS^PQd{$f@%31Dc5C7+9e_{|nKYKi0rrU(FXe>>qn#DWN`w|4)0g!Q zBW`zEX;9;};S?={z?+buR1I;S8B5zwwIw^H9yFOXJ0XAgIzemAWfe<~G5 zBEFZw0gyeA1Q+AM#MEuX&YK2Y3GJb!j1`6#D7xXFFpKChtJ+9~kO$T8i>J$b=Yaau z<_@p#g@#K1mz_}OLbal2U{K5aXFA%sAMum>_?+X8zpNfcLw(1p+*PNViiL^Hy1ROE zzeNZI;n=2NENdS>jT~z^LYI&+D_nBujx{&00^^AFov>#V)`%uU`=@1Qi*G&%I zgbLF(F%zsK(A&tIdX1O~SEh*CeJb?c%mYmvrg>Y+i1qN8j^ORhxE|#=-;_vD@l26I z0+W9DZ-8>mwuhn6El&)pa)9R>tqVf6epQZ58u)6s&&U#?d0z~>HD8{dnN8$B!s!+$ zFvKQD;;LYEAj)gG`=^y;x_tRZbhIe=>1ZX4hUH);WqU4{9*Ab2a;d$f$d%M0?D|tPMpMra*-i2$5g4_D;mY1orc=Hy!_wth&mg& zX@)Z!wfl!^SF#mrkSW>khg#!7&!d(#O42$1CunGtUq%0U^NldCDKD?)&Wx5Z9#1Bl zQAtAfdli~zz~}eT;x21)G_|l6cp{bM%>+-Qf>qpCnncFI2ZKz+_R^WYw8kmKvDbYR zs-tJ2tx~c7e%h7D>R=sd*#$lRpxc8x3a9eBT z8|HF8a-*DQb2kh3Z4^is5iEzzCzsQBKNUqh%3DWqCq9R>397GsgVmMqokxV3zwaS5 zO}FnMB-?Sb4Jb5*UT^$*Ix$tPoi>uxNnWP+G=FwueHhv&j=3oe%R-} zT|elY)tSn!$xNSLM32%(1PSQ70*+xR?vF}99 zj=gGK$nLB2`0&A_&-|e#V@zu_<8V*AZ%g|6QqqyVF&!#-$jNM;bekiofo=D&<$8oG z=4u^W2*p>(Al>y)*CZlaHaJXJUa!Tg#o*z-+|10ZCxX80M?pc$+SIS}wKV!v|xzk96FAN%wceL*8^8=_R}gpOR;&h@#v|4c%VPKtfxWJ5O5A?xrqfru`G% z?nWGC;RMaNOn-58ZyJ{o%ax}@++GE_uH0b?wl7pO|E{vM>4~RJ;fAMI8|%KVae|=_ zo{aF3t)(O5_tVL1==xNKXOv+I-o9;eIcQfryyf_o<$OQ3g9#U+q^Cu9AyMu&2W)vx zZ&h{%5?8su zn`XSfHdrQZX7GK7L>7iUo_{B&Q*}w)>82)OOukQ;kUEc_~rR!Bpo8DIs zcle10-rZ;hMxVrxOAMASaQ17w106RFJ{E`uo!P^ged&xuT+{<^dBU>l-p?Q1Tt^)b zZ(2Ltb>lOM{yez4JDr8io3BTev_o%4>?&s@sGCzrVDB zx)PDk(0=?F4{D!>?muL`p1H*MMnWW{qKZ9c0qq^a3rizik-{uMZ3=0Vdf@bzz zTkreUn;r$OOd^txap1|r!`WC3Tf{XnpM>Djp75ca{$>{ClcAymL@c*?@uMWu( zEm<|mKjShDE;3MfGwQirGgGbFP>xT^25@Y${&4kN9rrdhUC>0pBUnbRJ{x^lnx6I; zcUuOYv)4tp6mNzsO8(z%S`Vplz6^fH3^*a9_&=3KtCZ>E(e(8AGj38&^mc9UDIBJ! zMJ!QUCtAGpJmTQ@6r7tvHY$-R7g^gMS$N5!!Mf~MN%Kov-wGn3MwrBN6ym);Y8&!U zWnS;*7AxQ5gAm06ST!@}`|_VJgznm1*Q*LuHehU5Y5Qc}jp{bNz^;lWA@B%s`8sDJ zyPnHde^)e7zV^t#ufM!MYGgODvD!I244iVg-Gf;kIn7(%;TstGj*u?6kJ>5}$8Ch@ zyOy|}ACQ|w>bA?eW)=*EINEwbqLw7H>ua77MM$V?;%w=Ye=BFT`m8MzTb1az0(r@& z(W)*i)+u`{KV#AK9&AZ^)Dv0Fk}~9Wex$h8jJ!oGf6t4PgRP>WkP94Iw#@kx2 zu(P+vRybpBd-NNoC`eE5tLMH!l^mN8^3N0Bw@L9I+E!kaHQ!=CN6&7YC<=c5sd&m| ze+QOZlb)(jP<^*t9-EM+VEk$CHRwo?wu}#R!#T*(ljJ0&$L~8JY{s2B{dVws?_td+ zq1#HrA-2ULx%ds7E+?1#lea}+^TWw?(!1ztE{&clR%*k!4cVWhT}Lj?5iQtiR&q67 zPAIlkbR8OqVv~(L@i`h&vz7IQmS)%r)Y-`#hv$MC>+VsK3Ac_WCR#@uZ*@6y)pU@J60w@%ZfY zcNI^_3-sgIHq#(FosFY;=JG!E>HJDFzSt$i)425*m03{ z?fLon^1aH-A>R0+# z;3wb0aNG1bkyB1Cg(b|^)igA6ArM?GEiIW>F_u^}fLV`TSe|SW9V5GbaF(}8!X44+ z7i5$h_+FbLaPD~9;*ZhN4vnfRL>~U646b`|a$*O@knx+%l=4+f+W+~M3_oHvS&F!C zSjd9{^o9$gn{1m+I-f{t;U}pTD@d{cubXOv+wK#lqp9LvlHAnnB)QSqChvGU+!ztt?Ig$QaV``x~2VQK^^O$(1SbvpR zoPy>*rN29?OO;{xx$E|bghO5pMXH0OpTDQw@rkX6E2wzb3zoGN{0k{ip-lM!u0}S zy1_PBVLo9M#ZhaBPS>>VQtP>H;P7@%;yzZC@tN zM-`~%Jd@xDo}~9;BAyOJX3ZQ2SoesDvGdNt0wglFpV*x_4}N;spSz1q3=FHQL%H{9 z74I6FiWJg3T9Q?*D@JaFf4DN0{gTw8HmAU^u|9Qv&{}uy3rsD{Yj`?FK zSWe7Om14WW;h7JttRm)wOLj*guTFjtM%@5e|JPVQ;4x2OZOH3&7g*=;~RkAuoSS&HG0LStLwX%2Tpj%#w<;PDyDL>{5Y=L)M97yv_z1DP-t*aN@c{O@)NQ zF~vC8T)EP-Nc^c(jaI**j^#^7 zJSF1yyR3bNq<=5!Y4X2u0)HXR<2O-q-k%}TYJa4oFx0e1hvK`wTz|xdh>?$LPX8(E z9qB;H;{_#;10ImZV*Mi?!1}2u_$6&lW%{1iQSkgwUn@oamPwC|OS)*<#V}_#IqhIM z2?17~0jp~N4G=K<1gx>q5bTaylYqi8cAX-X1dS7E>0I}c5?D5$@3@m=Moh0v4^nbTm@PTtuBP3HZ+In%PD7#|br2@Z= zN$LN8mF$DP@r7f>3R8oFsu3k_h~MO7(2)<1Z^CSys(^uO^ajYOJp=YsQ7!J| zU`&tcuUVl{v%zpo3AqYP?HUxX=4v_fys;{tatzGYYE%*r9F?4BcAd9s&#&A*j;W?4 zk)jDPW4@ho>6`hxWOG#6k{KjXkE9}BM@QvaPycvvovbtFr|7ED=lDElOlfgEz*La$ z$DPULFHvCMo%o^suhF;lQ(%VI|MXM_7y>nddRe-0O@CZ4*YKa7Oow zssUxgda`HU0twTrF<4}jWN={Eay_e3%E=EWpE6(ot2d+jTGem^X3CRLmHRd#GGX~G zth;IKZ z?_{G)BODuB7ksL!ry=9=K@sZ4Yef#w{{>!naUJd0khh#}Z z;l0fvmt)(Ck``)DV#)7JSf}{X!V=W~UK8G!7OKkuzM@)~nQ7H~Hlnbq9IUm1m_fc* z?@szq5y!xpy}F0QvCXM%%omf(kGTHIQy7sHB*Wxe-y&BV((d%Qv`BFN*JN4WMt67j zm*snZO^63N7;Fi6!crBhYk7LSAs{F$5id|tS`19Z%ODo#;}~FB)=~GW@LGu0c?FF! zmAiJT^L}f3Lg>YRKoXPQ-+V50T}@wN-MiV$o0mXbnynWl)Y5_)M6a{Dwefv#RJ!}e zHrvBp!+SmyI#*XKUfrOad5pY&rwviCx9)SWtD=clbzbU z_T6sSXEMc_z3@I-b2aS@1DzygYTA%U+iL1`pN$Wa*a*vUORsB^hwOf@ zb1+r`IaP4k@G_%kKh>8x9|~SCY1p}xF=O`8d(Rj0m*E+!BPlWuS~3&wq2`8nzCNzZwd+%zR$n)O8=|4X&CO>>IzB@0 z$AN3^k-Md{BmSX5O6ODl;NZTz|K}#6V)*PHaYS=`>!`RkCP^yh8t$Bbtzmy!bOu@nqo>O7W{f zV{lzv{KwMu7g+~IUCTm(@A+)L{de;HI$C9C;~*CHA)18j9&aqs{dZw+=5@vy$W$qi z)^n?IaHCA~0$`V~sMkVyLS#Utr16u^D*@%FCR5-#PW;@;7U=!+oDXzGM_saeFV~y7 z%iku9d0eQgD}=m^p7FcCX%|#)0P^LMHm1j?=Zq>fzp$o!`9u&M|EBmyWO-`?P6VU2 zNk~uC@f)Fg2E7-)nU5f2$(qrkXU_a`M4kPz!QA7Ik)3LySqV;CmQX#ntkyG+c&utq zvVgVmmuBol!1>wR8^I0I{qZ+F4JI9#cC z>iGCLda$MIjxKC2eEpYO-p0_56ED<0Pg?7S)Bg4D)|RQK(-2Sa)sUVZFZ86$v~AQg z=Q6IStda)5yGLxWH>Q@i;MtKiV*(ma(y)w@Hi;-DwE%qM>-ANg&gOgaKRO}YG|Cyf zT;*0l){geQ$T%6i*)nfPa`g2zUW6Sq@7?cx>w8Xb`rgOD(ZS)9@4Z)^i506>iQE04 zSIR%z-w<3vY%eF`NL&}ewV){1+P9sm2a#<)rWhi(>@q*n$1V?`Ebgbq&rwMCDx}tB z1_lSSXZBdk$0_py`XDtB$m*PFR(A`0skr7%1F5}SCXjSfQSm9yWFIk1&-Z6?EW&b= zih^lU!<K?xxxc%gQ7yE$OSOA{X0; z6}vdXg~}Ep6k4S9G3y;7>+wDJTdfVCFLx`8E0iUYz7IPO8gGh~}SwzJI@e@!BrZ(qAn1Yv2ED@)5f0A|YDG^_Mb7%?2qH8WYfvTDUTI z+`qX(4n9axPbFEicXvzyIeB@hT4F0By(25>LvQDcmqhoG2RDZ{%@>CS+$w6JxEcnb zJF0B)!FL2#a}TYNY2^mf<#)ysY}qom>po|vF6^#E6;?Lb*qwL#Pf>4nKci!SYF0XS z?Cb9r)bgfyN^kQC3=WG$)J0w}C1dB-@N&iMS97%KyHMXwptEJ zjoIYk)oMW8hIe7*kRfvD-n{+K=DEu`CmH%T`vvXpDPx++xDmkJD=#6^l%GZ|#hUMr z!O|lAsFpYcmbO_SQtF_Q(@R5_>)l$Xg5kl&!ui5gKXvCEsXyFxjfepU+(UCxZ7PC0 z_9y+;SNQMQ^WV1|7CA~e@1sba<3*@VPuDpbx8)&2gV$YXF%}7K2+(HfoN%-xL=&GHFCBSSoiiAQTO%qmy?*J8?p#okFGm?X(9<%b!IY8k&*$ZK4c1ra#~tXe#@~?a`{zg6xZm$F_`9odI%gL{ zOBjH6jvk>St796~ZTP+4*suM|XBCkW?0?q^kxp#ZO&qIa+0XM4L;{ZkN6wJf@_%Ft z%HiRmgVSfMYVFcbMCeko(kj!Bf0R>cu>#ENigQd_aPafr(7X#qfbgmb`+KEDcvTgJ z&iH{ymEbl(uQoYjZ0Kn}c=Y6y-gd3OmrPhhB)w|$7_lFQ9vm6^`@D#-5M0!$u~)a! zV_6;@)pFpktf%@aB8iJVlPC}Q7=EU{xz7vnFd4DoUSrfo^0^pyY4FX>ALB=VlWjlA~> zq+sHm*#JSls%vxGq-2$d?MvJstdF)uG&JyU@9s8ErP>~LdX|@T8Tj(iCSpZC(J;!5 zMD>iqJ2N)S_CKw3n6uRT+&`x>+$vc%C_ll*N7N@J;rl&9XdoOD5B9pbVczIeHta-W zvr1voan!VoBM|Rruy8oXWPP{Q@9I&(FrX0uWKuvcSw`Fp3f_(O_X`7^`-9tRUkJ!_ zu2tVZBfC9JNa;jep-#&AOo@W8mRWByuNtRLh>T98_ zRtZ*pJw0?xMO!ydGE2w&1DrrU{iX2;UoWrEBUwqf{vpbDqmqGD58jYAqM-PfW=W&r zow2km6!+Ju(8h|o66AN7GudD*R9i(3ABPiTW2)KW48EJYUXkY9T%@N@FU3?$7g}2h z$Xe^`H}#Y>^BLx@-N>2}8Me<+Oh%Y^>0W<-dTD7d1_SPbkE=Mi&*W3~00j7QM&FmC z{}-V5LD2b8h$DW00k`tCLxbg@-@l)TiA((c@+qgJ`PtcMMiA=Z10xU*l0#_If(Dw? z!a12wBQxAQXQ1rr{j%6&9sC-zGhIuy^+Jz0N~+L7qv!@ys{&0#u<9@jq%Yca2`%Uc zD!L>XIp{_cpENQj91yfJhaGUYma|2`&+Ava%TLFwt5!z2Mnu%2ldvn_g^VuG{Jx@T zqN^C-ln+Pm5TAer-kn8>>6+H8OkGHRsqpS?t7k{j3b`DS?2z(pn=fNp-`X;ouQ7LU z|F!H}XrJ4FI_l*^5R?#UEL+e`E8A$Qo|baTY>$6poNTbr7;{h%|23Iadw zIl+KWL%6-&p&<$Qqw@AHE|RiN%XgvC1cyN;j)-Mjq7c|ws|0TuTXM9)RG_yBv;#gxH@Y>WOJngG2ur#Dq70MTf6&cz z0ACyxY^A^dJ@jWdj|uG9vB6z;pOj-{)WEyj`|(F@U+(AX_wa=zoYa0*B^sSmtI4NF zhmW={{KJ&t{dR0Ol{cl&c?wrHhQN2%(+PNk!4V;eQ55YK2knc@){;#l!N4n(kdu1A z8j$ShSsI4ej(Kf{VK&GBPnoQ?A=)e!GqI=Rc6SnOGb@auS2P@5eWD6Bhd# ztd?6zfJsq_m4AS@rJ<~^kI|yP%$yzCmjGb23)w<)2XWwHe*JnmP;4}ZQ|wULRzmp7 zdMi#fE)t!TC6i!Cy<`a#Ik3qDZODAr+GfnUDF;Z7U~y7~7S`6{>gtK(YmHqiw3y8; zl9`g|G9Mm5vjbr$%*NHXZ zJy=Ejxks+JWi+U6dtEF@ZtR0RrE17aC9V-g=Tu|5)%1{<~FU`Vv)`0eu^7Ac*ihP&ercO$eyA0Ty%wt2{Y_ z+p1qp#Hx_lCOL~5)s)tD@)5HrYcCgxji%R2oB$*QPjbYptvG8!+5yrp3FMUlo{;)G zzYta)C9hg@=?|KM%!EXk339DBumR$l`AkJ%hJfyW7W#icENKhqb%1w?k{R)|aAopT zXt8>m);j`{1vx~ucsIokM#R(@v8yEQDQ#m)-s11l@O4`E7prPZCQ1F$ZfYaSAsb&f zf8hxupcd>MH@81MsZM{%Uh6vOa#IVCUaS3}1_!b}h1Wfy?)}Hpg$ad@$4X5`!uc(+ zi)lc;Yhm%o?1{l53cKjBgUO#Y8+UYHP5V1ii?3E`p(!;q4L%jQziju(q_3~XtW8+^ z=K%g$jk?LuCRTJr56O%Fk$0jLzsVJ~?dSwTplbb4sCb>o(e{y%2kf3ac{rCA6IT1I z6;{Fo-%F|+e5pyon_D8mVQcujwazVeAu5hsj3eV-`a601UJr7SgVN6d>QXr{UD=*e z4)Cgad;i`2|9w#84(`?8Rvs>O?v#z9BBH(7O_kCQZMeJF^_MeNB z5r^OpE#lASujeWqoUBaaNpXVfl?==-sGI8`YUY1~afyU36FK{P*9%W{GA!OJ&u!f} z#;tB0e5c?zU|s#ym?s+&OOJ)yE6y5gH+JrpqPhLiBB80ohl8zKANiooU~~0gxSK!* zi{1XP5hxbn%~eQI<-8y1MLUP()su8MxzOtLq9b{5$X8(Qr%z+W)~0~cDTa6z)4ERT zc;3~i;xQ{3_Vs`BpbgDPs2E?T3M_%s$fo&ttyr>vd8W*N%uHoEr`01aiMktQ@E3TD z{R7<-eNwu)vEo7(CrNy~5Dv>r^?_@59Ey$H;x}26;R{UIJ0r$o<{A?Va}lUZOB8%g zAy_TqAaK9Eu*{@8VbxlWvQ5ofn+ebi9D??%*@>!!AW?%WMri)4$tCacoZgpl4muz zpT^9>$)L6Or+L;6pQ3vrZL}_AbhF+}6*56u^bPB?yzbg#aT_)%2SU{arb(M?v)_!C z4=45O1B(Rd|B@w3<5XKl2dS8C90J!@6fa(U*#dtb!lQ5H(WT!i$otXPJ4Ok9VnQ=t zXXJgj9m#Ne(N3h5ArtPhPd8QM;a<2{`JPRCr0rTBt5I?6#GL<4zlq`GWuv-YTV#-t z@XvCZZ+QXzBfpq^K<~-^RwzCG9jPu_84|Avu&}o42l$N=2r9&0zh&um$+TwIIavqm zdR4T9Z@p&vSqu#a8f!}Tx^d*U_R}vgpR;}7eKM1oM(zv8(5PK|B%P4YTe~1AEWxAR zw);H>%gaF|l0@$vGQ`$qsv1J-4{k$PvG&!b3KhiFY8uBcJ=U~)r*A#@&zJO_c6kZ` zQtIOW*)sb2L_pSJ$HW8@2}wqUCc`ltF8cW&p@l`sx|>+GdHY|=k>td<>k&#qTiagL zz!9rxVVdm?mGIw=KEEdQbOu*bH>f*<^>F%b7T&@G33@1RB=6vhalfk_F(gK7R>N!M!nsLu~3H-(>-&?aNLLcYPC5 zu}cChi;OHDlwxjGb$PzhKh{oZh-9~+9t?N{#d}|D%tc4h zBAvT=^KT@Qt$LGbv`v4u^Yn~Y9g^Dr3^8@8$qdc ztx-14tuoONZvkua%=Z2yIrBpwp>3F31|W+Vo1Ns}K7eR@R=6$;^IuN_vsq-f#C6_q znk$4*W~?`qI)VUQ0lu9Oyn%W>VC`+(xkw z20A*3y8JlrT796QSa6nNb`^YdJDhOzwO?EVmWo@qk|Uc0>lJEwx3O`#POxk1uYyd+ zN2?~ti{xvINhyiax2u(gF;{FF!G6*bEJndHP`&+r9gL?Kkr1_qF&z$#lz6yfC9}1q zjoFeoqmf))BRo+G(GN5VpWQsGHeA0&KxM|t*#7IJY19_{(h|)7l)W2I-HW`M>P~w+ zRu}^`CQz5>&Pqc?*dMR3l)CBJsoLr(a1<3w91*LlB{c%fOoMNTu>E79dw;xXW7Suh zAnj>hMFffkP8Pm{px#%nuE+#2apd|scxvnOlp2pq4I1zb!XyQQ ziUs`)P}~>u@lF~ytaCH`sNX{M4iF#ZZJc|@%=`$;>{m{VOnJK#hVDB2JxjuQ;mB6P z>xurg!sXaec{Ma#$Xh?0W;zMh(f`$LE3)X=d8PeFF2vPo4afuTxEN%X)U}Eq=dIF) z&MRvy|2VIqEL1DFXX-v0deHa8pG%3eo8CA7uhCe$UU2_wD5CXn&7r0lLAc=U{l|!J zS>^ir{T2AtDpr}3*xt_f!!LsKg3$Lf-(&y0_2}F<4t^1Lw#?eM#l7AlDZG;br*~Yp z@ZkFnKX|RLtNk=W0?F0Y6=?JHClfeznz6rUq>|RM+;%HnTX!q<3znFtDHfCz7svIv zoH(Lq?3C55^W53sI&Kdt1}0!40|O-(w5nbR-L@YbpInlj1Iu|9eti`;dc2IUAG62K z!MVCy%+z~Ox9D_EwEjh3vS0?*@X-1LfR=;KU67%<>U`Lt!TtF!C_Q#LsrSD0)%Epi zBd*2=I@UEa1cJ;f{PI%ac5_BZQpzscN+@P`SNrxZOEJ5?{;i_m$&1)H?1W%Fd3nbB z)8pl_+1b|+?TE`rjN6^4w(k8ows?-#gX7g_x7XRd>&E6T&RImq&olm zcb`(h)@_a=e?=T`Sqv+-*Vi_(J4j@yMGnNIDNQaiuG};lh&Qfcj)s)AB}bSa>f~Ko z8xGUoiXlf0HME<}+5dV9wT_b_ZF*?LdC((MAV1-yp+WsyhDhiaPya(BG%W6(i$?@K z`c1{Q7V}21-ciz&nywgVR`dc;@pikTUxq#+5b!@YI$iI7QA1MwrXlC_)M49tizSX) zUIkEW$m#&i74J)}1%QeG^cQm<3~~RJk=f6 zWRnE&4W~e}z|_@=c$`U|nTDF4Uc~gYI`9$DG8!%Sh(g@l7qNKSfL4&9sP{%Q8_`jPTQ|LZiK-{?&=)w-TYfzN6m+3X(0g>4tZL{V#LWluy zHo6!t!FJT|C%z^jX1Dfzi%~jTJwFf2!`9;+NBPfZ@9)-HnuVis7Ho8mOpn%A&z@#D zOLT}PDRMU+7~DGHVa%AH1Sy7nA?+~BpuySQ`|d21<$W&Dbw13z^?u=K7QOTPa@Lq( zH(Y~MqxELAA$(#|3K2n_*h6}dEI;C>+ayjGj*|tQ;aLQ!GBz!qyX0c#KD>CcxLls z(E*}Mv%6K-ezc#my%6i@l<^(qj99XTYYZ59#--`8#1&hYaXB1l&ul@Q><&J(4?cL} z9kt%QOik6UaO|yIA8Rjhr1N)==yXTE+CPK1?F1B@?8-hQ?u7yzRE3t7kzM)Ol*T*b zs@UKVXZ6;TXOA>4v{qFM2CbQA;=hFZer><4KIujH_)Fu^y#M%7NdaeE#ctI0uw(9Q zb7jZ$-gBJpR>%72B+c{wpI0LWcI>o8%(?wPGz@%S;WM>7u`TzKwti{{eeV(2KIfg#lg+(RSSgo5dEs&t6rU zt$Oj_^!Z<{!fiXt5AO*No8U7a>5D(>Sf*9sq3vPJ7OTofzH$K@(|w>FCwsb-S>->o zI-s8CZ0zOzQ=3{fWSvMuF&|rOEn<70l1|OLbRVZoA$3O^xNyL8xDk4s4)Ub(AFPlIt`4PA`xI&W@FuHN)unHm8VeMASE-d61 z2*j>^x1;AerM^ZD`lUeEN9c!EQpsgexvxH%c6AUq(bb)RgE;TYca2I* z!;0U?DJ=HMj>BT89Wn90sCZbk4Ja{|TDu|crmhBa6$d3N7xq5e2y%K=BOy!59M9s6 z!rC5mLgpJK*x5N@Qwd~`vriZUF+-j+%QYr6k#7^$`b`abgtG3J>(<_J9Yv4&o-HaW z>1#0-fAc=>$FC|)s%L3iO*@!Pas15G+auOL_Qldd>n83IvEA%dYOZDopkdSV9w?ByrZ8&slR(u zt9>H*dYux?gNuhdX!7;bUiv_hzNoJ3!uhZ|L+c8^m?RX(xvOzT*BhDBX5NcE#QYO9 zHiZQsBl_XSa&K^*R8(T4lT6!$efV|i4n7+jKWA!iLzDYfeXGz0_s@dOJit+}GY*BK z>5Y7RT4$SV+fGYtaS}2!?`MnveXx6P>Ar!sHg#NGB7?peg5mOk>)S|rAfN9gk{cZ; zNZrCKAp*Iwa$ zV4Dzp**cqPu38P8wv>{+LZmV4=RgeETIe8?U((D8y%5H~%3DH1-#2jT=O;}Tr0bt8 zVIgBK=?zqEfKpA~WhADs+pMRf(Vqg2FseOYnOMAxG;)!z$r zy04`~tBtkOiKE+xFOOPE^W1K#MNhS#^3bpx531H?#YATi?AL(0Med?}@0{7?f-!!} zzfu7z`VXkY*8pFmR_8>k3`o9gi3NY9Z~u-{o%^2r8NFFx-?pv}j8sjw7|48_dAnc|2qcz8ck47P=i zIzTN^H-abGU`Q-N90YAQ6;Ij>KrhBXyG~0+pC;+J2p9#bawpe68hE+tGc?B^Ih0K7 zG>uI!eFv0}dB}x@CGE=(7kGY3_WGfAs<8#2`OsIvpv@oS~_ z$+=_sKv!{1yqK}6d>0>CNl)h8rN3C^eUgDK5JI%a;<@>DC^_|el%QT1hk~R zd6%JWAzPFMj$Yoy8DZq zNl%;xZ2e+D(o61up?Vx?lMK z^8DrQR1SmeoE#Z_-wZZS>dT{1Q0BEYAt4SHwxOancjnp}E6~;$7(MS90Fv7t^sB9P z1gol9u?WnLDjded!yc9Jp|hF@Q*MV}FGA2xj!$^h=cu^33BG1$n}JZKfkF|?gVX98&FuFTe<*MlxmQPT}0X^04X-)4g|$+BMRHGaL|OiWMyVNPc6$Frb2>m#6yj)p3vft8ruG)6EgUG3khzkMrssptmH$ z*x9LKEx?PrZ`M)>@m&aJ@<+B^;6#3^Z;@Oo;P%akidyUnID$;qLN?-#ccQ+n_=RM< zIf(Lf-0|BV1<(e+{PX4dTEUtQ;<#3EeaKV)5UY0k&7Sp8FV&CvEbWhlXG?o?kmk|A)+MPo zCd*a+j;M_iI^e!}_AJP3s3TeUbfHChfu7nhFf*XeUBUB``pWC5d> zHVr2hTJ08lkpd1R?K8da29xv{U^9A-gbUV)-s`R5&N)ZZm7MNZ(Jb!I2I%)G;$Gqv zBXgD2i}c`+2)$Zv_)6$pB$9ej6sy>(CYY^ zeO~#VXYHGLPi7cHQ^;J407HSqGfk_DQIQ-hynfq&+a_=~_3xV(KQUB{thnhj-jGh^ zJ6VC2v%ucIS(*aUrGzJB3IC(8 zMbX$UCu!g3D#c`z#ZEonr{TD|`Zj1)JPw4$@3dn~DZGPa4bfU!&_0~)Z5TGX$&zkn zi@#BrCVMzi=cYqVFV4)ZrNk_NZm&U_eJNi*b1iF{1(gtf3ztoODZLJm>H z4u2_XnA{U96Fsg&pZH4L8HbF*(Js+|Dw$}*T#c9MX&e7VqLS{@HJWm=(&1`t_pOtP z8Q;dqaxx{~sURpuJw!V#+x)?AU|I+P^&o-}}F^IFd*HkQS)Mp-_ zj#}fV8b6NIvJnpd<=e0sSwfQg*+lsjq8*Ag~ zEas8YbyZYkk_ox&f!ytxsx2?K7Y9|q38k;m22iHdSs6JE4Fs&!29f%cG^Di3pypj{ ziw~%ZVj|e9x)}yG%9fJ_Yw=$a^j&rMc6ZHh;}6`?);IOKe@d(O0ofek&NuN}Ot*z+ z5wf1Ok7*fwxgsJ@)wrvSw5m`a&OQrac@~zxV^HAge{8HnXtu)`l%d<6Z~OoX<&JOT z@4+~d>F|B@4Cnp(j^X9wTRE`Zw+xfO#6)CmnnslSe0kX9w3m!#H9hR<2e?wQs#>76 zAe9SB!9i`l_#G2*rjq&l?sdDneX6Anx|(?}RhZc(Hn`)B>`9v-j?BL5TOtVw2`87H z{Qi5Ynsiu3;fA;2S_sHL1&jfr7+C&>r}0KkL9!Gf3~E6tBt@O|RjD7xZ-$RYQjeng zyuvBNFYURT%E`shtG_QxfRj2KE8Y~E$0cXFV8te>TeeT%__8sV^+&RAO=rwHXrp5+ z`(KrwC;@WZ5;1qy$o(w)XVtdE@SZDVndOopfc}h5yaac0#)6jvyANZiX$dVb=$)lL z1>8X7VAt?3(BB)gPiOo!;w|i`Uir6q9O`cJo zL8$6S8Q3Im9~eK+r;T{ZgfN%B|B~w}sMhYGuh{19Y|WSPThf*b5e5cVtT1N&SD{90 zXNTIPW=~l{?Iwfg&GbgyQ(xI<~+^Y&U>Gw%z)7@ zrUy_3$5-Jz1wYtn)^m~}-xly}yctOh*7$;V5D4`13^KLVtE(5yaWl9D>fA837u0<_ z>@{ZlOu9mDnGQ-moUBe!JHI03)<4G|biFd3xN4#3vmxJE+{vE3=V8BaICZ&8ki0rI ztdKw1I@8~xQl${1#wNQ()D=-`Y9?S~JLgQ&v9rTORF*`v&T;RUg}jHYx|w;BA<>OV z<{2ERD@RVt`m&5kVaAaWjjrf``PyX6PniNZ$eWs7Z)MaPHajxLAMbB)M~uQ%lwXnJ z57W-kS9&z!@GDVuIDU@3&;0b4V;G$FTg2lbY4P4k+;(}zCrVlwn0(E@S@Hi_*g6-7 zJVB3lmlV9mJxin%6q3dVme3LjtSzj^Gjw`(7KJG84i5eRjOkjE`i4JP-PtLkH?$wG z=5daF)fdqc=(u=`z@01$CMLriY6LVwa@W^4{iX%!)F8n9iqS{pUXqBaVq}ECOeq%) znWAB5hZ`M@G&16Rur|=tMDC}djsTTn7J@<==?Sq7N)VU9Qoy3W!w(*d7P(nm(CeIj}{KtZ+xxmhbcppFA3%W9|M`xnXrgg@5 z`QP-De{)F2xRp8}+9VXboAW5IkRBRNWPQk2I!}lt43>v*MdTV)a`$K#nbKk<4-vZ= zG5{oZP|d-64q6G}FH2W>t*%3vZ=9U-4Z4_4v;b}vpcP;gK2g@Rd+^b-G0XFh#baHj z6n~3)13!ljE71g{*~Ks~r;O|fi_N-RAyWG1D8C$AVeb)9pF`3 z*K~3pKI-tz{rtSX;7GsNXdX-$$>kB0@k%c2Og!}9Twq=&qU!pGjo+4cau!@L;!mF; zBf+StAoDEq8TlC>I>+Ize3BonuyL8Md9okFj>erMyl)&%H8@}E_YRZ17croYl%}xw zh@_1lwlB?SZUSe~bh7I)-t~TXkK^mEd}WpWcgRQOSg&wdy83!M1Qf25+^AKt+kHGG zd1cLj`#NWvh3#CulE=aj2z@@u?lBU9Y!NJf z;tAl@7K%zMd|vPS>;j9_KQRvOP+NPOOHjQ2&z>Cu?AiQ(N)%p&d-q3gO=qHF)g^u6 z$o;i7hyZv(mmkQ1elOLpZ=X(bzw96_@m}E%&MBWpm*h4!?&EaYEfPXf&J)!d}d|U>3(qq@11zVRB>ZT@qH1zbshB+X5BvM4FeFBBZi_Y}6LV&4zRyKUUm-jf+eEUMvVaMM}K#;jtK3@st zSDA0qnA~7b=bm4aO)Si&BU6dE*PCiM2hCR6s_0jd#)CWobbz zRC7T1>ku$1+sMJu$XeE1!5g=Mr=x0v916viD&4N~#|8 ztu;AM%3>Z^+i|il_}Je?wxvbku9txp_i0(NN+A4Vew)7;R7~;? zIQ1KozTa?gy&Mm}QH!f<1B^qXhbcRK5+UW%ZAc^K{9S)r#u3e(x%u0ND`N~&^OCn> z$|*05TdcK~j62(@9CST280m-0mm19`!v~WCVK={J#;kd zce@NzYhSaF3>0H$&Ds)=JYb5dkpyb*;hfj(jvhK}l2aeAKu@noXf7efAGY#5TYNUB z*fm`zDL73pSY2DiI#b*(3^eVp74>CPzE?s$9iv849=me=^V_>+$vRb@RnIJlO`axs zvd@c{Up+y_W;43KdjC|X`DH?<+U#hx>80TI#n$VeHv?&>m;RFu;gr;3&SK)NKgMn4 zhw+Lp9pJJY7fS{s3w93F7HfQ+t&RN)H&-kmhN1ui0v^2sI&Nc%vLz-#t)|$GfIT@w zoIHHqb;(!FtxZVNW46o4%&e1yR7)7G-`Ah77Wo+)yjK>BvO&+}d!WP>T$2MZ=oYq>ioslAUSU~;`c zhT_CxGB^XN)GrS6nMrMpVjhC8iLW7RSCb5$0fmKqZ>Z^k(ug-y=V6sfJk=Jk|38v6 zpU!=N)>B$7S4{04LL1A(c!YqCnKu!{P0k@YRqEP55mxkBKXMMR);$6S5je0i{agzQ}vxm)*k* zGQAoTyK*)*VA*?r)&}oE1JaIijxDeh0??#@;`CZ_^Es5@g<@AtOJ&=dnb;z}*< z#_CgHS{;Y71IN1wN$JVz76Kg-3n8z^W2y^fHpkaFwTN#cpVYbmWZ&$peIl)swfU35 zYFqfSABU(fbA{|MP4~BBGpwm1*8K9d_t2)6-#H@zF1|0x=!KQ2Bqto-v$NsA;GTyT zJlSWH2fZcLjsf+6vuI4O`!e_Z$bwE(<~?pUr9bK0)fqlTo5K8jYCnJfJ`pEU)rrML z`p1-z`=nlMdq+n-z%~6%z_S@JWxJS|nqs_s>GX5nxsX$NHW;vM4N4*PaIMw0mu7$k z#R1P%9Cn82#2%xr5TZU~=X+Oj(xknhNU z*A%GzC`EhMJ@YYY72ix!5)l|c7lVV3*cbT#jHxuj{N1nPr-1v8guHAohu=c@RsMW7 zO)q0RZ+?N1h5xSz9Tr5xoSA|r@w9wSCVE^C$HtL_3bVo+lsr`6zJZR#*`pXDwyQ2z zXPeHo5>NgQ4u9P|BnBQoG`j!_u3A!v$15_iaAGN{tOaZ$wbKduBmt%umh;>j+qdTq ziv1-=Uk7|~?ZaIU6Y(+Rja3ifPe&D8&`L zwnMH=#H;M}<;y$5ewt|PvQ^#m<0eS4ute!SC0KhY?6LU{=XrQ^Z)ct;($LofpBes0 ztMh`?CGTbaWL9W1qbY(v4$}500WI2-d@IP6@uaBbZ#y5Ov-EiNGSEG4ZJb1AhSXhL zMzqudrsSG^($Y1$-Ls{|j$=YrFf3YHNvS363zsOPlIG2O+I?My7@KNXJ_^O`;m^c_ ztn7raOH__Eo?(QAcLX9G_hv+pF+2uIC)HkOV>8c+-u=LZYVm;}jW^T<`PNhO>a{<= zX3dn__ZU+t^W6`gIc-$M^p7#&YB_nk$yoDQGw$7O)jjr^H{Mq#MjLthI-{I;&Ti5{ z492A0-F>BBH0*5&bORbJ5}7gl!M&ip3(I0RG={q)HuZZ+We-eAV^TzM@;gAI4RYN- zdi=TsIiJ>n9Ud>dTiO#rR1q@Q;(NHhVwowmuF%wWTCA(RjS~>Hn*j3^1&Nf46T8De zs*k?jcAc6QM`PE!-73=p^pN|(Yy*kF-3dcXmR_d=?{z1cc+KrV)gClJM7(9md(rh# z&+T}H`fjbP|kL_T>^4ik7?7^LWD|-6lqjpYH6D;6brtKe~ zvEGP@`zQsXgn_wJ&{Pb#^C7D}J$)aZ80}DBZ{8CFDlm{B!`%ZMfRFe2Yn1Fjjm=GF zP+L76&p$4K?}W^WkEjBKEorsf5%Kc!p=0B{hIgf*DQU%y(+SmCxUXQ5<>!s}23C-( zT7^SYQj1ZakH;m6tQfg+Q$+>pqWfj4_pnOyT1Ei+rE;B~i`1hxI~*Wa7%rVQ>fvdS z;nXxHVN%0KuW9mP&fpAlGRYKZhdsEAO*%M>5Nm82@VZMtEqeu$Ck=iwOky%`c6)DW zYA&qyt(*k)Y!68ZQ+T-u`LC7GB}*MLj1tT7jLNj}MaEYa9|YqS7>ftr$g(VsjXn4D z^t^sl5Rff*7iR+g^QG$N7gXRqI~T~3Efx&SZIUJD=!Ik`4a@WH7`(2xtE)*Hy^&48ia-vYrLnPhNyPA|U}U(>*8`qiPHSsz9bnLQ~?qiaxv(;xBsZU@DxYr&=r`5t#Iriiy3$bZ> zH!|ROmu6Q1wI?e(J7GclraojV_(Zm;R%|vHT>yo+-k6W})7CY7j1%41Id?XsqQ9%Wkgww!)eF&&s;S7!d)3x*Ufo=fd`jq50Y2FNmMvWYDjQMVk?6?+ zRlTlY>_2KBVE8Tq!giFI(7I4UVq)5)N#wVg7JPxo0`zH;%L7Q@&Ug+D9V;ftLn$=C zfsZ~OBf@l85|As!0>c78lhp5hv0iQu`%&Xh-ymBb&gDbuPim^NjE>k>syJNUp%W&6od` zT+urlmiYX4V8Z&1W|7dOQ_pji;({7#!J`aDVwzvx!Z0eRWi>-6#%f&xL)&FTCOSHH z#am$Bx9JvDx9_Vc0veLal$AxHyl8PaHee6^=ud59|9}2VR@2wOKYz4rN1hH4qLa~a z1MOe_)1{WH*$Sw^GxYD*0ae`s4_1$u7}aIROTM7{TeNn4)-=e+&ieDj`j z^$_T-@cUu3%{y_Z_63h_OVxs2tY(yS3k>)!{++_`;R6q_`>yP)q*eZ9Ql-J4@T0Lz z=JzXy{%uIfM~QBo);zK+_{;U1XCnHvbAj-^yz~B{dAjyDc}z+wy;xfC)m$Jq>lGJ zwf$zzx+6TVw62_7Y5w~IOKyIrBR43GA|7G>&{gt$oeYDE>i_t_>S&3&V6nN8U5UCCOzbzthsX9SWU4Kpv z70@fzCyfDoB2b6K-;WOAjl*!H?9Sfn%jy`R0**dsQXBezKZ#>s*ZVJDzXC;-iyWw6 zHyMC^2pM3GieD=BUzg743J3=vW263y+ZWH$oF1eB?v4MI6{bdu^G%xaB{Cd2MJILI zT7l)Eh+YUtJ-v*Uw=+WEJ#Kp{6|j`T9C?Xt=qzzImb)wC`!U1pS1(zZCv*UBzKhEZ z-}A04>=7eYU@~D~Vq#*bdJ*Vl7+hu+`CC&Wk`fj4$b#h)WQ@9C?;g+gR=w8pV3XWQ z6DKF9-VNN`P2QUjF;oYGb~sNu&<>MYDsr6Hcd1R=`>k* zUq?p=20Hq8=#On~em1Jo0EXgH(}@&|YWgnJSdwJRr50C?7>zk39s`Lxj2~Q&Z#Tvx zaSm!9b-IR|%kx3%_(`qrJfFh-Y)O%0O+n^L>({TQw*C7u`L3n$gUDS0II|*+nGY4! z0zB&VPre7N-+R3ZpkD=&JD|9qk1sNk2{8q>+MqUQcz!agg6PPF_`dOT$g{4ljdHrz z{9?rLXmEdA<=wDA>`(y^kyFPF9D7cHY0kzTxcaJ8#eh-1ziyx2q&@bI8yfkQmiW1C z;fD+uncBQM%(9*VR1eTyd|BMQDg^ClZ ziDX3l@9iss`X%~hV05OFL0@roF-Be=A`pumrDP`kLTZ3I=FLBEu`Xfzqos5xiqEK7 z7ZiDeNb$}8eWy%JO@+s4d%&`>RoMV&(W^^WA${oe8^+dZ8IZx>w@Z>tU>QN3%w#{n z8;$O$f5UqQv}plD-51r#>`Kg0Bb#5uAV;_~B^ELq>{m?Pn30qC!NxS z?#|B6<(n6Apm!OgtqTiU;bRQCpaN{Mj3>r#CHpmc0R1QQ$A@x`PEr|SdP4Lm&slK310H2LFq6Evc$gZ)bNAiG;@S%b62 z_6z+RW~yl0#V*r{lXJ8VTsQxH+_3OTS#o!eI^PYNamcCWUHcLjPEo8R+T7 zoSZo4CsY2oQzJuLv}<9_afmP*g{>$3c8)==oRb%bp=kVz^Yh4IH6`WxThb6JM(FQp z0J&{Nx|s2d1<8BL&D)AnwhO~V2Wgo$fZ{8VP=6|I?#trfPA{Qt;L^Nzc;dm|pQIHC z${C#P>JcMlY}HXG#rOOt!3y=aFDCt@OC2*G(7XaHTWT4g)Xv&~lrvMUop|zwe*gY1 z%i!uhZP2cmi7eRM<>K-L7vt^Wky{ReKXOLtm(%TjaX4^HG<9 zFP}rRH1btq;iwo#QV~^Hi_cpU{|qzwz0lT4ff2VS4NDK00@tHN-#ia_Gc(Cosy|qE zULMwNY(rHO$3OQ|XEr1x!Pe!ZlR6IO?Qc}aw&m${|2|_=e z@U6{nq&owy(kCyD&Krr|n3>B%P5=139DoKxBgsuOSqa>I@qk?vWTc;Wczw`>_A~s3 zmRjZ6vlKVwCk5v-+oON(0TJIc8{9Zpxx%U61jPJ)A3GGQ2<@OyH7{ zomIzM%8zE7r_7`P#2lJKA;ZZ`Z&8r8QvF4dHeb_GoNO~4=h-=!jApX6^+15kIUBlF z!qTcLmGA($_54nwtMobGw9SEnXgluYJJ+Fn%JqB^m4)_pA^p#vp+|x^VN{4o0uVQ8 zjMu_XI~NEt<;fNi)pJnBWERdytH4*7TnHkQ3A6I$S-lsIt}-qJ=rl(BFofsa*L)J` zWrfAXsH3B!{g_+?It*yr$T$<#yYiFs{AtVePY;r4uEfFN6|G8C4GV=f@(o1Woz+8xp>sICQjMfy;j^ z{2+RdMWrV>CZg6@UzT@>z)w8~A2mt323!qa`-@Bjpl1l|UIAL7VE_b#X4(Dy3!z^l z2cRYHu%|N`6d+Mk=YMg1gXVd2mf>_h8B-n%^Y?H4SgBT8&5H&awn!pLMP-Q50ME!o zNVJ|ueQq0{_G=8MZcM4cO76CRHk0j4@X@ew^k)i!n##%$#41#Vuts|UH~4@5-nvHj zTU654C6c3-GinEOoj|%JH}BMk_1l?BXM#B%?wG2-acARgc0GDBpGN1^Eg20h$oPO^ zQQ&2b!Jx3w7b=q$;bP^hbqu6Y0+Bm@8NfwF#@pKk)} zalS!8R(1P3E8cHs@r-~n+tszfj0}3v0nc($q);L%tB3cUY3*yYS=RX#4C~_6(0ZK& z5}H^}J*?&CQLA@1_3tYhA2c=T(mBk06#t?V@IDa_1$ul(}zKyb~iZ8VKGWJG5EYCCXf2 z1J_MfSKEc$jm-pztNUoHoeaGW0B`d5?g0I|e(KiPbP~7(d@grKOHjXmHyPSegyW(M zVuj(b{M0M)85NxXzA%GrtD{ybirdl5Y3j(6_m=D{P3?T!+s5KZ31wyUz;J;N5fLGm z8H$kqe3E36mh8IjqEBd37HS#a!kRe7VB$4`Un|sd>9M=PdW{`&H@X=SBs4Tc1Mp$= zBu~Xc?HdsgPPeEClMD@~>pl7BeEIc?*LbLvbp^{wK9;dc^6zjiakmKB{Pz!qy)$ zpc^)Kb7k(kPX8OA6j)g(qJS23_V=yzsZVk=-QJ?-6NTs3Aa^`s}7|k3PH)@nYyl zP1BxE<4yei%!Fz61t@htV&t9GOUXZ#kGb5q@$y=Ctk?C12m5F*fG>k>OEZe4q417q zY4vRx;4#IT)j*OzLz_m%YSx1r3a^S)ZPzD}8sc?P1#)*C&mX zcym+FtfTIF*J}>=gu0n)oe9c#-QnCOQly>+U7)mgNygXO&XLke#(R~1l(RGCF3Tx; z!9X+@417{?!yJ(255HGGK0oN^a>Z9oHCC~~2uc5zoH$G_7HSR-h_f~hy+jH^K^*E{ z0ovO5S6JQ>GSYOc=ReOo_bVA8kJ7CnI@rD9q&Bqw`?4bkAT^J#__dngD5KPkpGXb# zpWGxKy(>6S)DR2k(-+bfWRe=7`BYsC5~sF~ddx_7H)5`OJ+Xuomm^&UZ{{|MugUi* zLHffFip^-S`u8S$=*UlFm^HwER=}*Ak~MD0m;3#CKb2J&sfOu>XF4rjCHe zaie#K1#(K2>J}azj%r}uV`^;P6E)l%dfIQYzR%|u2e=o-G99rM4@Rx`+ z6ZwDLab;LB-{_@>zJNtZ+a$>G>+0z%o*WU)B1Pp8SLk9fagl3)lQb(WU(tV6DZtUS z-hJxl@AR&~q9;6CsL|?}pfRQeNnB&^(?J>aFcd2Q+g;i=tAn1c3=?gNnC927C>$Id z6wHlZ?}V)e)}0ZaD`(72_^G0rS0$s>&_GWDJ>|ngHC_tPP)keG3yr2dO&&@cv43yP zlOr=h0(@5-jSt;CGszWbEq9YmS3Aiqk>dj;#UhG|Fg`xM(N#nx`SmzpMC)3k6BybC zH^d2Qw%uKVnC%&d%&I34li-h&+t&7TtXHlsZzCVdh4dK7C}k;MfU}Wv3e3hEd!=esmobz{~Z%DT)P^-Z}A1@P?cA&b#;kB z1-jTVY@CW}&!hVEA>Hy6+zxEJJSUQU{7`toX^pvh=Nr=tD3Ams|GZ0b%m~fV-7(Dx z$C_8Ia$yCO(n=a~I?-}og&OA-##^6^fy*11H=1VBv3cWm=lV$LrdEk&K=fln#tz_44)m-wA0J_eC$>$+mKHppaqOfxV(J-|92{0KQ$(>(_u3IxTHx1M%3IJ$| zq^H(RLYf5#T%uKf{Vy8zYiQt6{x3NCeT4vf4tQ#&Q3Z*hh_1@KS)1U95K%KTM(c(mN;-x770sgU%ZS#Knmjw~elCX|HnDmqZ5b{h(}A zFGbSIm(>>+)$=e*z~s9=Q-bY?Tv7;$r6=M>5zB-Z5AVOYWJ@|(INz9=m4}Hb!Q+rl zLGeT@`Q+;E_`x;W@~>>sPBIG4&Wrbkf=zkP!WM`)C)5IkWvY%9ok`n!bc&ZuYZqIl zt$Mn+KDxTX3ke@c1`JiZXJ8xwcaV-S#YA;WT(gNBkYt4nnZ{l74XLTFZd(#~_wYCY z%^Lb0P-LAfYkBKxA@;7d>_L2}^6x0Cm*{DwrReeT@xN1lx^KA`oPgLsH+OgQ9-3m; zJL77NV~Z8y?a5@due^9n&E8};Kn}^fB-JQuJpL1kvEcEyofNE}#9w!~DVAtIFG#f{8 z(I_1MDk8OLY_bx>;0Fxdm__5|Gsqmb96rgFo24a6BWq7F2UZw|1)X^^-)eg$=PV1< z86Kn})MLopu(@sZYYzor2q*EbUb3(&!(SIo@@l`_(quf5!ALHol-%R^|4n28*p(}_ z`9CaHy!_G1XbVf-?`l2iMM)(xiM4>)eSqch&Mw2q)KqaL3=`An)xqO}zn9kom@2&7 zW848^sQT$)wqoP*WF?=0$y(?+GnJhD6lWQhZ^r;)_Nj74B|kRtR1hef0l%A z(?X_0th;aVrRGh_(wmB&SzB96h1i;>wnEd;*eoD@Wq*?g+<)hu0pvk!^05l>Jyw2_ z!L3WOq$YXzz7e&M(-*4P9O*doj57E0dRaG6BvKQx6-OS%AyE(>#z`-7i1+A6#i>ey zu!FsUnAIOYejHCY4XmAN18cKgqPsyFuCSOllv|jl(S^0vrQOcY`Ra`VkKv++_laeX zj2ISgv^Q^(_3e%BU8l7*+x;0Io7xxbu&nXbSBe>PJPrDVs^42mmo&3U0AT?%JicAsMzlD%!!PBtnuVc9-8O`{vhtNNDu#mAZHt(5-yi^_?W zj8#~9JXVQQaBDf@_(~T3wTYQ9#i44*P$C{49?-KQ&2J(yDs1P6Oqfjci%=KLJ*}O6 zaL`!z&g}A5G2( z&6BR0l2O_rxHcRet3@3|vxa1Y5IJxtYI0xD-IUAvL|jJIz+a9P_$ec=XjtJ`$S~2l z`+?@3h!D_s6$O&+#+W@+9I974(wj!=Lu}=-<_oEF>)AL3JTL+HLSs6rMpn#q2&q9E z&w*fx8SlRjKNkOflvmOa42%U(DJo~>^!Bcv{tQHl>D?cF{_jc>qwf2>uruK10(kfq zFD=M4QL?tnNj%2;Y|NnqJ|fpklJ1TOz7T=O1LJKwZfPkwm2_afo-N7+Yi!2?#H(Q3 zFbM=?NfHx!+pa2poU~hm0ymcJ=-wH*5b;ySQn^1V)6Qy)gxF zcpd#DUrW>FlgO|)V(vIG`93gm{P|v!{l3h<4qbrR!H;Qp!|$nEWPVUC~)6 z$)EYXjU2~1BJt@ybeP!Vk)Ik1c)J2r4q-)Que;*=;Qd_{42*=-yx?fY4BOpb2>7N3 z!l{2M%N=1$9~}wzJwFdRMtm0(cLwUh*zzhWDzag9Q>FTPB*K=@W)N6f)r@f7{khgT z@e4MdcZedhm8^9B!PbT)ByitT4wh}P7a>fjta|aHA-yZ@hMOGDuYFjFY>m|+X!KaL z3SMq_{Jju`jRUE=<{h8oWIm-xdcMV{Pp_F-SYm$n6hzr%!n)7H*}9mnQZ|{LAhIFF z@r>@u!?WSygqL#2;Lge*PA6k!Bc__PwvpE~JV%zf0gD$LZ)OJIwRcAwidUZhbm0Tc zQa(Pi!0c)jb=N{Qt=JIrbN^D89cv4>=k(J3(Jg4!9)c1G2x86E_~&!7FREBy^O3`( z91iK6C)^Yi6bRedRhEnBX_c11X{Y!$1k8^zRSL#*o|`b>-U*}{mHq?s|6xk;u<|E} zO`@ZtR{$xEg0f~Xfcw{#)zm^KqB9j_%JFG|-Zo~8HGnXmHHlMw?xECm(Ep0b<*pkc zi4^)yL7Xq)T+3+0;WZhnSak$;VnIl0OBD>h4w6LzFZ^PTdYLJwb8W#FA{^M{NiP$3 zmeWLhvn>q^;7wTfA35-n1HzZ8tM2L&Hw~A+o+VdpSKcEb{_LDRd0R_M@xdYGMW0pA zTGr{8z5x4$qFjzjvYIqh!4!Vxli+UD|LKM-10sM09F|4CasoIxBKr3OLbWw##Nw{G z%0Xvn-G#a2BDc4~fff^Z9~2fQgOhHgCQKkJd5UBcVE93+&ud(1QijZ{=8z*nYeS-W z_rY3j_xb}~7FqDzEd0-)SXdX<9Ukl4W^GizwWFP^LP5PJSoxYrK(S32_#Yx;-RgHi zfv=Oq1b|yW6?tj<7$vFVdT}Vg4JOY5<|VZa3|#a0a|#Q^%wC+S$F~sBO|g>)Jnet_ zWhK4*0ISbCjdKD7&ZciN5A-T*Wx)v=ZJ!3Mx9^&NiOFkEe$ytJq?ZNfPu4p?AYQ*K zKRXq`Z4N)?OO{;x{96H~vbxz;jWb=_N-t%lA@-#S zs-g1;8ryrcX*c&GhsF9D-BHg|7RPr@ydEX z)HBCM;$iA?dLllv;)no>+e{yt3H?ietvG>E#+Zm-5T8Udk{cVu09!qU(F_ zGEhsi9i!~G-L322+06;nmGs=AxO-w4E2YD31N6i4re5n|wqhae%(JFheI4&#r91tcGrF4a2zJp{;(hl{tWTaOJ5*Df zVx3dLT|3cv63i`VVBoGs9DV*F-20X~37kJYFm9-;ZH76h&0R>n6ag?T9dmjrQ$V4M zfBVlJ`x~L=RAv+-JDaP>JI4d`JhD@LK}_$l)N_Qc>ysU3K}m9IupfmX1*RHsAHa*D z5ixh9Gm$+us7NsO* z;nkp|ZqlipHs;xNQ*J~v=Q{{O`Pq~8c2=su_Dsdp%CwtTUrglP(I_~^pQo&;SQ$LF zv&)QE3bb+_`AZRxVh`U%rop5#ZxL`fYr z;TQrk1!8*!*2+GRC!oXPtyFgkPOi@?! z?)OTw_tAIl8#kG>?Gt6x;#-g!5`tGYO*_jGm8`Vg>M@BD7N79l!FW*%XE1*cwB7$e z>O5jr^#;lU31|E&eP1zuDFV^Z;vo6Jm_I_2fuS-PgMR}gl<@xhb**k7dnyf7u(G*H zN%jAK##7BNETsL{ArJqInyy29X(6n)7h&)llZq?`#wW%^I;f0YI{7OiT0~peAWs6I ze=-_NSYA6QstgT{J*02c`U0DggStfl_FZVeTQe=F5-tQp&!@WJE zFtLovP%W*`zJ!?_nWJm@h~wzFc(Z3ak*gLw5h152t(8GenNI`S_AP{p%JA$L%x9M5 z!@f>Y*3M30AgX0J4{g!@*ZFQkYdU6nBGyJfk@#VGZ!2Jra!3Toe*P(a<>W-l!wSc? zKxf2Qx%N(rPKdP`;qnA1Jidc)I_Yfsl&5 z4BZf)<6=#97hV{kN_)BC2$Y<5wKaM+PEYA2zGaGtb^9$N0DNLv-TOd`jAw5Jha!z^ zzn48vGzo8A=<(X48WJk)76*sYF?k3EoudhTQl;Ci(ul6Ce)Z#m$W+>?+>R*U3!UhzxKU&x^w>OD53#&_gOBh8KdzX!h*qDpGadcWV-P+(bxODk(=B?8H(8e)%XJ%zGGr;S}i6;bmrfTl;S%y&@#p@s}Yh8Y&%OE^MCi?aYC%dbyVn3;bH z%vxG+Wi&wP;hE6%Wf(xy6E^41mkDEZnej-WhRwGtno&~q?hj{o%AY7tKXdB-ooYdsv$5+6oot~`~@+yphRLppNO}k3V{M41nb;nxW1m`P^Sn>E5vLIQN zDB*PZIhBZjLsUYG+&C~OgUP0Wg-RK`6gYN4X_m|D!-ie==AhVrNGqiG9Z3>FT=0Nm zxj~L7lkTMvW(!IBn3{qi%IE!aN$EvvoPQw#%zP=co})yQ=gTX4-Bmj* z-I^*ZELjeYaa#^7WLOxu=*W5z7-5_2>Q%e%gi(U$64t@8xiw3*1sWRwJX>wFx3$M; zE*$jlQwrQ+vaV$|pynlHGz!l3!`VF`8|I_o;g+8qr5px#d2Au1yWGSk=oV6QdCgx) zRYD$|T^sa3b}+>f$tI9ttnZ+PwAuM^I3=Fv8oQ-6#hBa`h;7>Zs3n94q2J^;G=SB< z&iN0&8~A&$)acb}D6m=zZwNV-ZiIOs+i7fER=QLpD-40bkxHfdC+SS1Wm*LXLKRa_ zfpKY)4|B>YL9lciBUc*MV9dWqX=tQ533=K&6oiGaocF{eCUbRZsiy}KEJh5*vkb#&+Ar{jB5pul!f z*)F3Oiw&Wd8fvX8!$RL6U|j7Bpjz9?69hRS_c!2=>Th?p1#pX8Kkb**XT1U5Suwyk ztnUKfta$^IDdLMjjqds!KX+v{zp!GQJiM0DcY9u*tR#mT)?Rtc>6E`PqPz1hs*Z@l zJghgbL@ZEHx#-j5U=-&%+?^g{?Xgw@K@98h#`+J|fDCMvR8S%n%D`KJCZx9vb%lozlom;!f3_z3EDnXt z9cfMp@Rw0*td}AupwcJk%#UBgKe}O6C35F9mHbG}=}2LktUoDka!RIhvPC+5MMw8h zj|2xDpZlUN7_rx+gOUw%&4)TYSExnh8{ZsSZG()TlH^PG31w{YZM{i zJ=|4%kb@d6rN0Oab%AuD3A_Cpl>(FR90Wb0lhpq~-@m3o)P8v_d+}fLC6Gb*?>1kM zkrnSmk41fuNM3V<5MXR;WTN7p3=Uap@@@I0>q~O$bo`q!caM1V`#oxhIc>2c!?WiZ zG%=B#jO(qou{H9ju~^YXDUoNmY#g<9;RgkESo1hk<2@V50)V{J}jFVwT_ikg}4)ciH09j++M)sV|EY9>3)wV&ArvS1hJj{LP)$+W? z@CU((UvZ@J*rH!V@I^=4u%-eqDgsoZ9fnNpB~dZfrF{J>EF+q@eo z7h3xB=ki&(CZS1g;M}smZ3fkH(u^{Ni-|6J;@uSYeo@K0s%C6Z3?iQiOZq*``gQFL ziQFarm)u4B+`MjwW*z^4V%gewKC>u%@WZFmDyjgH{wETe;M#y{%O!s4RDLbvv@&|G zb`tOAoMv_^kBbW=|Z%alacX zOe6L@U2?jP;TRno3kGKQ+PoNw)U76315(s-jEu|#Yudbqn`gWRL+y-MbDCfCV`At3 z{EP)K3*Pi9RLmV2rLX9r1_0NsG=61oeABY zyUI7LWUm3G3ML9#RG@q`I4Bdh^Lmjnf@@+rGLj{#@Sa5xwnNK<)xxmrIk3B`LGNf9 zKxWA}MWfv0sE?*G8XnJNU0%fr{KQm@5LQ`_56x$6cwxEnl+N`Vc_vI!Vn@ zt2{}qnkQe?RQ#e~0JU{FuVeiffmSXRG0emc&J!ah4S=>QKy2%3F}HGMRa$WY7M2g0 zZ2eNu(_XsCu5$dzl?!T!r3JjQHjcii*vjg1oZW7pLL`W?2#XwkUn`b$QQ{4s&11 z>&|T^zAZJu0od`0D?IRX);EDHE9#w*kew z(=Ci@j!dA*(*pbmd(ux7?NskTS(v_YYV$vgm}@dR#{2=8zCHo^{$mD301e1F2tN=M z>vjPs8k4pjQTQ) zkSa(GFw)W>Ga%hL#Myu!`o%ftIrrTAT>jYXy=U#U*Ix0i_x-)~Ty^0#Uef0wyS6GJ zT2lNcDVFHr)nlA%MN2hQYci^aJ8P?tV*4vXbZQh&;HYXw03&F>oOjDcG;>!3aru7- zE* zkKwNRlVlOYy>IaTFz;0$P?nB4z~|GsE%lqN%oW9F#XMwZz9$nwXQ*`WwCVc*{vg#o zxf|c{7byIRE4+jT*lvmQQpd0?nQ=N#Ny=bs4`_&)RxDAIP`HM4=cvhM*|Pw%(f(d# zWJMRb-TfzVi^L~J^>GJuzHOFjGr#uMcbF|tycSK~OM>UoC&t08qz)-6`9I4B1b2hF z%}$eA53HRyzMR1Ba~=oufFC1sZdN4r7CHH$Ak9gxrLerP6IEm4vCxjFs;c@lZo_eB zw||;m&GzJ!1fXT4@VN}cwJPcCKCubDIZO1Trc##)I^l{o)U|7SNt5t{JYEsld>dvL zm!a=?9-^kdD^-j=pC%kxb8&LHK3e;s%I=5d)7|g6w{RBk(he+Ga7~Yx%M_(o-w~nn zdFnnQ*dD(;yTbi&d^rC}Kn~ela2pl+NI>`cSG=wOG?%EmaoS?7(OChC0=!RS3=f~0P|q%MfIR`1A0%>VUbsBM|W3N zRPBm=cq_{&A4^?usaP_s6>Ub7TI$loy1Kf1Tim*Hl3od8+P(DlhYTJdhwN1Krk1?Z z0ZZ_f>xTj|j|C=k^-<8gZw%;Z3?Pa-Lgu)04QJvq~6+UAdMiawwwD>SqCoKu4FlOxJX z2BRh-_=@^F5gL5Il!x5RH`l~IOV`Ag`W!cs6>>UHrlw$2G}K|#oEe;ckRvCz-nAYO zy6o;QIJQ=q+vG$?eUnSgP{E78Ogv(#c1Ub?+EG{7T3z-APRm|5KFaC6epiXl<~-@d znC3^T^7INTEM>nh52>lhyJL>}=i;r(uq%6FD)xan$ZAs0e~Pc>3iku+=7K~Z#&<$YH^%; z@#4hryc-A}(DIQ?({SEuaE(; z0_Ggwy$@E^ZobLO>(YeYp}1$nY}R98d`UA&S;->LjCa0!JYOZU`KH~Kima@w_&q&~ zI9!)Ti?XY4aWBQM@}S$KciJvCy2$tOCeIr+ZSAz@Xd8oUFJV{}b^?BcEoU?Jgthz| zNagP2Y_6oP{|X3#`BdWBW9~131b~Z7q7UpMzlQ_LUcLG0sUeo%_nTpgkP-cmTO$?t zFeZ+={Cwgz-(-Gx}7%EgGQv3vxaA590#Daaq*wUIW7XoTTP3m&UtE(FJW&qn4wQ*YjSx;yO8Q z&31GbmpAoS5a0unhre2I)o$ zO3KNAoEdT-kjlIyr*Pp zrvC%khp(;;wz#tDH`kvbZ~UI$Cv*HMt3`Lp-qmY2o5mWBgqL?e$Gfg)A5YG@jQIh9 znndhzQByg_P{3$JLhF~=?MeI1T#es~Pd5kif7^{w%F1tM3aChKOwves%5{Qzo!0y7 zz{}i{pqGu_E zTCd{>v+PbxS!FF+ssUA#{IhBn9v%`O^a6(FaX(|8-o|~N0`wiG3D=7oT`?!dn8qxB zR=c**2W$flVdR9D;;YGQ2p5}{_w9j^qyBKNJUwkP7ptoq2#Cmam4breEc43QfSDn) z#>R@7tw_3L;x3eCTsHt%J5#_?Vp|i!{mv}yH<WA%|M5rMp|e>r~vi9=KSl59s~+z1aYjVc;jHpv83 zq$mN2!2(;m|Is5{U!>a^?T())Q0>?z_W-VLfBj9%WkK1j5m5o(ZyA)qDyPb8mri_X zQl26u|FMKg#N54jd924@F=*ifRt4vOB!#toSnlf|uW+tcV)#hT0y ze`QQLvy0P#@c(K;%I7sj3ew(mz*S}+Y+IN9}msyN$mb$^V)k)SoPipDzu@vKyMyIl2p1<6!=D zbdQ$g(OhOMUvkQm$b7ZmeAm>I(lkWJ{eq~^F@7^z1ZvleMZ#o9VIVp}v0>xV{}Zjt zj?=_9ZAe={@=Z(OCn-_yqhQW1zUk8g2ERbT+BQF^)+YGmx$A46CMP4B(efDV%lFo< zviXdHMM%Rw>sQek=HOkqLFdo_qGYGEngAuKd<|?SRsWT-k%}t7@Xd)oNy^$Af}D>E zGzwnZC``v8@;5*ZM!O`Tfsgr_OCVxnIq8iHZGkhsC)F z3GUo!Z5OVuKV%ZQ1$%$$q+4qPRIAa`-``&dz!psN`GEi2sdFx&QnGYzKNUN>(y8MX z$zr`1`k~jpBamCV8d#Q>E%r64Macj3j061Ybs%z+V%5>L2@Fijr;Ho9paej7)219xrF4{h!`aXLo-cyQ_elmgn#N=Lre# zKM4lr=H})fqy|_yT{q6T_J2|`fbNg}gJk{f;4I8_}a8{r5r^D}?T7OokA?fHCe1n2tfBOmrho8tG=)7E& z{hx0r2>llELb*bgVQx6R&atM#Zx>AjF>HCV1pEB}-rpZ+CxFW!bgJJ61Oz-4kB6+T zO0I3OyhNNg?-OM5wzB{g!~OeWfFnBKQ!bu^sa|H9&cZ6v?TvX_Z7Bb^{w&&2N?KZa zEo*!6Iw7#rt!-{{;mA1Y14fZe&CQaX^J+`!J>q&mwU4@{^^a7t;l5};+#o0v3Pga9 zwF?+8lztZiHCJOAQCTn8^}ihb(Cw|RT4^Q++{Ms)AK>RDlrFrP~T8g-ZlPdFZr(tP%`$9y>hK{8qfuRBadHlh)pGnvk?SqlkK z;!c;u7T_v!W0qbj`Eg$%vVRX7JCNaR-{zqUg>ua|Ps)b-PY6y&x@z&Xb)gNR$&6m^ zH)lF@sEP-Q$NTalTnTnvQl~e~-sW_gew1m$`?|#NXgp;nx19IDeQSP5#kbZJkjdyA zLJDo#gK;0}-zFh3uSbk=s$O)HQdL!be?#q&KGG-)2wGa1dBH8nBt9=$zd!l1<;-LCE;pm<(J`$V?>sJ5}ikXe5CE0d%}c_+&NcHh!ioS`U86OHbvR& zIbofYUcD+v76uLtr38%g@$m7f)i9WbOM3{363s--KL>n;!)0pg>N=~QtZ2|S zwaAp`K$aNX5P7hmbWa#ZPnwc2XTA5dI=?&fQ|ray?qE~oYFKKCFr#ekb@#x`fJ_=X z+V>i-E^Pz(dHpY=qv5EyLiFU^+=~#HZrf6BP<$eOSK>?W_B}hhHT&&R{uAQc{F{gk zm71o9D%@w#e2B7n{+o)G3lWjxGhMuRv<;3c_j$huwehxQr4V4{5@o-yz03|b{sTsA$FZlj38tTI@2HZh`gd8~$(jz^slOT9Q#clRyd z360J~guDv|Tj}t~M3{7Ty2_7;0_1h|8%i~fr9p2+J8`4AKVfkUNod92PFGF!X%X6%yetAn?{7MtzR?Gthx z+Hgw|Qa|Q_+iD=AA(QA~%~>~cya~6lZ*&@zOn;ABr0vPPsFstVgJDd`*4-g&F<1cE zUK$xWA&WrdD&aBSJz4VS+&46SNQi&xxY`m1~lPIyG%N7ztr6`X2JtdLy5WK!0!sPySe> zq1S1F=;ua8;HIx%)9;FU(T(1ix*ZlC6=gO96LewK{(+CT$WCb*^zkELnSvNHEI{ma z8zz?kOD8Z`z(PSzN_1kMAIl!&FyUiSea)6bZe#T7JLHNT*`^I8_u;sLg+M5NI&0wr zuX?K%@*$VW=hen|?M$t5o1FQH4u`c&hl|VKVS_j3ygoV!pa_tJ-R$foZVU25K9h>? zEo5g)6Wpr>+gVz1II6p3z2vST)#)4M;ctB^VkBJVMONr`p(d(D9zGQo8H;> zfS*UGO->~JO+kk+0udp3B zz}#*kjX)5MFL{W)S%Z*p3@lvu@Rp7dGRlCKhv(z^HG5i?Sj+JW6_H&e>E2Xk;LJv@ znDWGpV=W%5F$VN&+_oL+W?C$HC4DjLw26@kt;A`3`bMM9{Z5V->#|akk`D)CCXV^K z4sd>M+C^lW0p>C%Lbs8Yp&ya}*%;oc`7DbkHQth$o>+jF$zlBs1QLDjXu``flEJ zKugz108B_VeSXK?ELH40nz4c<%F1!icvpf|j)^g_Mkwi=>6T?5zuUo-$5$YEl)0~A_Ozmg3dD09O-GZ zEP9=@dZGxAohvHVVg;$6DKq5*;Q3>P5j+~a+=)&&-f{~usu&<{>JjjqPgKK2GKB?B zTqGC3Tf^n_1fvnVID>lBI{642@!l;?GCcPl@YnLZA4d24Bo5Kv8ZO4;UU0kk2Z!*8 zRi#{-He0{EM0m!2dy$`?++F#tH+Q=cH?YB}0->Gc{5-8DwbJdMt*tXYC%K+KR-_ff z3!)@F8e;Te(K9Z**vkKYpD>J2jx+{Q^n}y_a~IuKrnP}ORH%ca(C=W*{SdA89CdBIm#v{&htHk{C$fh!r|h58 zF{$V2VpFM31NhwshV-&>Hy>TJ4=-zHf-pux6?1FxJXhZ>j+P_1O4xKV?f^tUde}`2 zKJy{%xtNW|`=HFs03ayWcf$gX8^CYsTMGl>7J}v62!y{x6h}a$=%#zAc=@9Zt-<6J zHR~b33m!#?6xi4E)+k(7X8trm@Q}b$Qd)Cj5TqATpj)am!=}$@rNhmM0(a`TWb8#_ z*~g4n*N=mF`@&MSS?#X8&gAu)3P*7OTb~M{LFqDuR{1ssr`PzG202^Tg-AIg)I1K} zZLv^h-_ejiST{=Ct5;VeVr_m>Aw;&4Hml~eqlKI*<_<>&D~smjh6=L^L08j0ys6gh zZRXNlwiGt^!=~hwl#~Q-kyc8=O+FxD-d=LJlf$j!BO^N3_I4%1sNST9j`_-!ig8&h zYLI9>8S0^xTO|n9IT80*MqHxB_j4qt9v7_Gi5jdiDt?mfZNRW<8qF~_WOy#uYkB*T zwc_{vgaO~|Y|dGDo+zPA@ym-p^uEQeUt7O{L({iN8xv?cl?XRl+V4~+rh5fY8{y7( zdBjrH&LEqT?X--~5480&M_-T1Hk58{4Ap`#JlY#T&yylmmTNZDdp}EPC%OTIQug(+ z0*jxd&WPw+;$pY*iTNr@VFVe5zpr) zZF0DlxmmsS_Rg!~IXMM6PB<5YL)eA7PKbI|ekyVRzG{0#Wz~M?+TE;zX zX^Kh+e^r|T@TeJs9!q2fqO%eo$$5KyYiWe2lmP)LHZJ~Js|CRLE}60h21?O+;D&0L zP47=+A|f!wG^FB(xs7%b4wX~g2|QRs(Pj_({o6Qcij=Q_254Fn7-t;nKpQtX4GKm5 zaLKsg7hqwSDxJ}lPnVaS9Nu1}{fre7h1kQ#ovkqhan zZ9lgAHZwE7R!Y9u$SPEl2zeu^dWRV6BGUWMz1Qtg|0ijCq~^QYooA7rNA66hho}OSdFTzA}$Dd6tJrtyeEXP)$d7tB)?vsc?qVHODJb_*qpz9)M60Zanlr$z%51( z&~OdaJjE`fU@{>j=>|WWT8@8T5$C=lFbB#y_G=5Y>y%6oXcc{rS(Swvv<$!NZdTj9 zg;@>N@zQ$u1llZ0wLo=z{{Wgk`dU{4PG(3i9{~sy$kgNs_@~N%)?F#iMHmCE)^R-r zzx>;f7|QEVX6XKw`C7EZ$IR$-I{5^US2HeLW8&CSWO^dxE`3;-5=cHIP-^Jn>nCvD z_(BknlZ#8NzM_56hegLwN6DT9{mtu~CrFJpku`B(kV0AFnc!>mv2t)v zM6Zm5z%&7yD8xFAv(24Wd089z)J&tH2vNK?8+%a<@2|-pJ%$mE<<8&_e z9ccWCWZ4%3WVr2%D0IYdh-tBpc+a|tkKc|%7FcS`_;d)czyD?YPg{o}(?%N=@h1CK zQoVAkV0j7=``X3pB1V{A1-*_5tfh`9?a~4ppWUzSLdG`dobF^h)gPjGEA=)OMR-C9esuPL&%dz$XT{A6;f{m)hQXpTeNp;9)@@bK^sj!c9gF2*1=^{ z^Icz|iVQ$8Xvb=t!b@knq@EgqEk}xV+QAI8!Zve^l{-Hfr2?f&2DNQ|wmoF9kX!jX zlGiDs_CQ13eZo0aOJgafzeD64(l{Xcvpd$`0n=XkXW+vP&*N8(B~yu3ctk{ODyChP z2{w=!Inve+{vcUJh)E&|=dw$-GAv~mO#qpqrk6}33r3xQAG#yi`EK5HLXTe>PB&#f z7dzSi%~h}80Tjucz^af3LU2BSFh%l;sSC&r5|EQK)Ym_w`81&*;ABP%z(;hg7RRri zD5tpkYO(z#gM5OB|0yuE5U?&%FAa0?UQ_^P9gvsj!BD+JNME*|UOSYDMJ-n~oFiSP z{ncdSHj}b|3+u2^Wlx97o9jd+nF$)eetcPmACM`G<~!VaQb11_^m6=#)r@ABz1By{ zM4M`oD&26--|O@0&kdGBz)L{4!g9p8L}Tt2J}J|)Aj0C=gv`%M4RVQ0ov~b@^Zl1P z%Pw6JqP@@lSxDo4GJTpRyN0hSkjJ(|XSEXiKwUP58=Ir|9**C+c5AR@DR9U~uigR{3sg|;Z=vU&mK&V*Mi z@o**Re!BFX%Gv63lKbY)XC>|&jWD@bm#DqsVmmy~pIKVsm4M?vULYW#E>xG{1A|g} zaD)+nga-C@tTTT0zWmp>@3Og`k_1x1{|z)^h9UDeq5!hZ-TExha-gu_jr>`p~>uSw;%2^N#+U1Onr^ep7z6#ZHAd=a$H%=4# zrnZjWbhD@24P^*G0|+*HxmN9(R-qHKR<$(Uv516c5aDgy1%u?rS5TkP?$Lt_7Q8lN zFWQ%_w7DY+^oHTv@gAs}+YORaU*0tJHg54(W$v)pt1ZoQ7!OmF*!A+P?JzN3slC?v zWWZhe4(>zvU!8S9SL)aP;|u?IGJ?JbZ+vq`zZ!ig87K8pI4`#D2X-kvzq){A0wm>I zvghPto!}4R_D8Y*3mw6EE&u7mvY0`la8HT3eeGXQlA#u!})_nIk^)m6EET= zPRM+qQco(-w8<8PyLCEfwL`Y_$o7TsB{N|A#0s|o-B73?CZUqg1 z7Bv>c62lv2n&2%GBycJuc)aj+Ga$L#&$-g6vvMO65Zjk% zbpf8r7(TEBh)-G`rvUC`gW@FQ2xGj5TohPQonLi}FZg(<4@<7yIBD&Lk{sX6fJ0`h zO!>syz&^XSy86(sXa8D$?gORTC}IWNv%MJcrrjqK@$_WBzVkrwQ^F4bTo2Dnb}hbe z`V!wwX5CF_t*Glep)F+N`nFD?bmqsUG`WRbRDqyJdnd0Gq~Bry{zLRQ(%DLLfQ9-*`JkLl@jX~-jfPh{5OP>sPQCN(gp=@;WKg(@BHI}}$VVHt*M9eypsRMgqi#b12FL5zPi<=>=ay!2#{Tn~vJ)mM5~d-4ikzt%3OTX)nKC zGudB+ZJ<^fpfX0P;3hyzk{{EbZ*hqYUzf{afTH9@Bi-8ecBFE;v=%z*dHyu6R*iM) z9hP~fQWHc35I<28@~M45WF=xE6Ud+nV^q(fWM^mR0IhRbh`#;`(D{QSv}~z@d+>?; zKk^ZWl((&Ku9TMYlL3!5f{0oB<;P;9HoOdL?S=Fm?OCIoa_=z;A5l>T{aVfUhieR) ziZe&WitP|KruqR32&NRMx$qi6JA47dpkzE~+oXa1kVkH~(t;M%4&jDpr?z~A2S+=k zd!YyLZj&=`=56E_7Ahvk!Q?sM_k`(sO*$ggatF20CoU4=rgBGn;zvfcE|lk z+QI(93e^B@R6Vad`KHj<=H|8^v_3Lh=4u@t3HyhVUiv4Kfl~A@RzuhMlolb`&PWne z!`0Q_bFbf}2d07rTN+sAaQw-;K1}L|%Q!e@N~w~K;(O-2 zGS0-J%@y`6=qMcMe;G^JygQp~krh_jZLi<>wC7?>ME?9~hTqEl5~+zFr&eyB6de0- z=rRvWc}0WgS4R9>6;p|F>*zkM66+;QeE;-U&q(;Tws=KbW4K8>c$^nUtxBG}@qa4~ zkL;8UjeLRu-i+Eh`01{Zugg@Lx7C;H0l_xwd6YS;fA2v{NI*NQMFaiOeoeGSwPQB& zu-l<{NI*ePz@?}_Pj_q3-72-E@Rh1|A(?qR7S2ANRCq$=7_+zcvrhYV>?{EXfziup zpvg$`AWXyl0<|aVI_O=a2BOYwTrweM!ec6edJDFty99|$B$8^$p$hX zNcz*1)8Ees9l(sTw}_)`K2GK2nzz9ZCk_VD-PKM(cVTF& z%}&vxD_76gZUwiA!bfbjd0&a{jE>1<9E-@4drp$`d(D?U6&H``kdH~8JKWKSCQA6w zi+UcviQ{uqo?+9pEV+LLi-M!j1C?%Syz7!EgBYm}s)SZzul6i0c-QW^`<&<^I39SR zw@lYNH4@uf{3h77a@7m9OgVTMC=y?Q1)P}#-(` z0Ko+B?q23hASU^iHWaz(Bu&9h4e_|3ZuV0OKWpO$yig`cJswptvcf4QNH6a%^&BNl zr#aUcA`0Cmvk48!YiaU-3Q*Ld!}$$I!K0%ix`ke^9Z|Y5k5O76Ne~xt0^X8uVu>+a zlHcNiW>FHDS?kM7gi^ufs&sP}{Qc#!(ScbIWOURU)tEEpI*D){f z9vC8|+V}^%>_CwPKOMU1YJhe63h&mfP*3J$dU+t=t^Z+rFc9sO2Jj4fh$vn6KIyAR z-hZk9PVOLI#>6u)v=R8Hz2avCL{RxSJ_ddLD;=)RYwPPAAu%`><8cgaewcWm3j^O2 zL?1>&xdc_dXZNnpj8L>L3!^(MMgeobb}R~S^AgFrwP6_!&=&{8V7{21p~JFlam=W81>9>O0rEox$3 zn2%JD(S@=+ED9eTt;_Y7c-mTGoV%FL+R@wFyVwYG=pJCNx-=DMXy>w>#{~FT_i07+ zGYV_DiJp8Cp#J{n6uI4*llEC4Oi4+(MqN&;Xi_1X+asZ)lH9c8;K@gFVb)k48%Sqt zWpwbfo1GPD#1UNI=U?{c>*xT24U@wRYv{XHNv&f052M~KhbALI#|JvYdJcZfdKJns zJRmci4~rV{EcWe_;I=KXs z*D*QjIAyaLTr;!SCAQsodnl-Z+%45QcMU0E+oE}pRluxM+-{U7;Jz8v_GPP^J~7s- zE_9A_CMsApwIvw(HRw1pEVVgivNZ2MByPQy5fRC9LPX{o2yFb{i2!$FH7y$Z2VmODEM1AG_hd>nqiu za6^ybrhDuZnCP(R@I=%sFESW-?!}Kf!s7>ySi{TM7!eZb%>8s10b?>+$jR zT|=*QAiC%JA+Bhf%;7|+7upY1evwTYy`8_5&MI4~GUlbh=8#aozmMhiBYQSoGVJmC zD5pY9QYl~+A(@C?1_OTcvA+2LPbLMh3QHQtI^ru>Cmo4&A%Brc9S(F?$CaFIA!Y8O z6k#SSyR~Ea`)6!p=W5c=p4XuW~wx*nKZv2afG^5L?oFHT7b!iYIcV8Vxej;IUNfdC>et(C-{_~?G zndA|EkL|djx0sh;z1wEp-RyMJ;RAanG_0)S%s$0v_x(*`x8*k%m9v$v5bw?h(Oqqa z!$*WNc&zp<-CVx4tdH>~N&)1GRzyVp8X>b8LReu(Pp?D781R{1D4xy9j{TF0UX)9>>>$WaBr>K5oKH|fQcn|ZxaAEu0_yVA+Col zgO#lfud~7Oy>8Li;{bozKJbYRCsdj#ijiB7F8?`WI@+Na4TcyZ-X%a6uVyF@m7j`t zq0rFeQ=a{TuCvjJ=~k=3nLUm!e@vU%&ayB7^4!J-;M{U^b*OoNj&yc7?fSC|a(PZ< z#ZC*(C;X)OU_rErFLb&!EOkbxKS%A!iNadpboWO}{9C*{5vtGrkVXtECg*U@Uv~i_ zOa3Qpa(@5+3yY8Q%Ks(Xo&EB6!?p9$loS7HfN}PFiGi}R^85cK-U#&bBWpVwazXIsUt@+3J8Q>RhtE(CU3UD(7$hbrNcmb~URqz> z3Wl($QnPY_A6jLUp~tc?#1bqs6U+F~SyAAq3s{${kr%LD*rJ1Io+zQDWo3h-&zf(` z4^PxoR=+%-QUF7Tpqw~aI8A_PvaL*^y)M%mo zSbPZ|4rEijf9)GS9$BZ{*&MUoGaK_85Hr*B$A5})Joq8R`$~P_0I&|sK5ZtdhY_%O zK|R8M{^!>YbsTy_TIN=>(tyO}fGRk2ch@yACO_XQ-4P%my#W zF%DAA8W^@aI7iE^Xz=f3mfbKTxERsGfN_qUBMpc=8rngHY10`W!toW;dBL0A#Bro* z1#VrQ=!}T1I8w#a_DnvOz4BHsa0)P3(lD!HWR-pPM(@QGS6cr*rq{Ai^*n8t%l6A= zr*A$c0%tIVlr~BfH)I1Pywjmt;8tKvrk&x??z8_Bn3Zxa?Qg*s&qptm$KklG9t-8& zAibi%zmwZh$B2{F^F|ieXNInCFNtv$6Ee4?FvOd&nP@S(bvELwY|bN^xQEb`lpmgc z+B*`a->R`@frblQ+mUG0dV4yNj`amlqBtoU+RF}X7>x0=;3dZx2Zi>!(b|-cHN>+p!W<|i%TV9M-A;{4}jwer59m5?W+F<9-#@C&vd@JXwjhC>V6GCuL&{ zSiNqDsnIm$YzpAKD>ZU&^bfk!IuYj~GuOShypz0n1oj}MH65j%*R>2Em+g7ZI7 z$?z^v7PZGeTcl|%buX#5Qa5x#SKbV;^YuD?vorl>m&y8=zc+psBn-^r$##c!SCFuP zu?Wh$vHg(UDY}aRW8Tv%!QFda;;egtBhseJi+B|X>qfWAmN z;PIPl(k}oz<#oo;TIKU6exJ0?l{o+z&@S^6;Zt{a7tdnkP^F~gyA>qF$NMr`*sZb6 zGXaQGfyRFrgFj*=0CX)=VM+s>xOS+5k}52^PNEf7dHg? zoUv10tx8dBZJR3UtS5dK1FXnhaj^#w!mA1c;CY8rR45&|U&wX@Y2kY1 ztoDYB0)QhCv-(gFU}p_KA@^K<0a~bEcmX%=qi^i-@{&$2ahta#=6(UYtYi3U%L8r| zvRyn##3~~S(-1MxkXrUWCWYna$U6*e!Rt6|#jChHUgnLKq4nKN6NIU?yxa~pKKJlX ztHfAtw8rK;ZHDrCyJ@~&1Ziy}aCMrcB<{Xwz7ik8yOZqWJ{7BAyT11d4H80qK_hR84rk2a#?rmC403Tj*zcXbh6 z6m@w{WTc+MICNYO-41?IFoajGIS$*_C+0J)1ZQhM@l-#YbUze8Z!z2hGa#Hp3l6b3GZ>Y>aEcZzc`9xWLY_+0Uf@T0!9T;Y8dl06yOs)V31yzu9U`l|&_ z{+b@P*gu}+Ia!A3&1iDumX*~UTe%rNrvT-K$(rgdTn%yQtkZotP{-y{Rxv)yuA`fn ztmlA=m#~gRix{|oW-0L>&j>L&E$~LJ92L|5yB{bGR{Neantn^lxz6A)_B?tQ?r3rM zK0-HN#T_1NGD;%roMVfv&m~@uc7Er{Ygc?ZV1a{CcR;=@!%I-Z`HfAO7IpqCb*2_# zX~_Dq`XQ^zVbww;^v9mcc#N)!!5SCY0ymxOWjtn*!h^U8^?Pc-nk z30~($_cd6CDPeermZuB07okXvVwPtQARIGx6k6yu2M$Jl?BO?}3SIoz2AS|7bZG5F zGG0l?*1laAtYqecZdr?vo^adY_kWL5=wSNQtZK)Yr8#qu*YT}rm{D=ZK}liR@=qi8 z_hFOI4B7ph!eKVA8U4NPtwrrq30QH+R+U)}^Vmwvom$Hj=5lh1 zg>U-@3wegYH*uk>$j{^7yFopL3!Uq&&;_I`QY?DQnQd;rscGZ062oFeSJ24b+-?T* z2S%2Q-Mx7Zyd75P#=JEU9{%K0%XB<~^}@re(cK!=&K}R|b;@;|SxBiu92Y1LP0T{W zHpcVHyCfN3Sme(cw0-gG3M}m^Zv_j3EC z)R_>FL^I1lu=PYZ6Eio^_q=SwxR-~q zOdBNXyb3p64Woif5*l1hv55KDbZHKf^2Qdg<&V@E7cUA#n@{}5=$S_Q<}BisE@HWv z+6Oxx*@n0AaanbY(Dn8T8baZFp%6vT&Z2ZQ--~qF!=migY6@hfF|pCrYdXvnH}6u# z#)>e97+7H8f-cMXhTO6Lpd~GXvL0wO!0ODqTgqU#t_Z$N zV;Ze2g7>|wyv#~PMK|Iw-7Qlmuf?gvHr0A6i8(%1OvkGW%ZeC|0`d{cjO}l)zK_4X z@Y5vvW!+*k{dgp={yj#+47ut}x zQQvflcNGox9=pS%3Na-)4Lqvf69rZzn)`NtE+2RTqNub~T7HbGYBQ(#F^zKXU_8EA z*={&6oyQ-PH?757N*D;91AMwOzd!fdYp`i>RpeKqV^}Y~ z4Vj1J#!h<~rEptg)f~!r?vEfwXBiAT{pM>#@V6~ceZ-ZBbK8sap1ZJ43h+3%b|tEM z_7ypo3IckS@|%hZvOVqM!_LOj#Vwaklf*^Yo26{lpscNO%U4FaH*Q)tGzMgzP018fr$C@)-3B z@|M<)hEaR+XDpGgNN#L4J;ncKxLX#<8Uj!v!Zt8}kWun(tKL#<#DlFVxI_y9Oky?&eK0JSf=tM9+*`t5e6JcxwgA06RS{njIyJ(C;7ES@O-(7oh7J4%xxm`GGUKtE>&K*_PM%E~dL$zvL;5~?dC}v4s=LH&L z-5|}3wr>i}tzV3LkwI)eMa@hyP;qBWDxHorV`LRS!B z%fO=NKK?S_CgsNAH+@7jJ^7h>5 zPNa{qsc?i;zCUOy;j4WP1_M03eb3V2)BsFIB}U~nxhS9 zklC0I(n_xNaClsUGdQe#YG93d-iCu4N0Ul9S55;~oQ`RiZd%|e*e6o(!jPs(Kva07 z>Qd$JZ0jeRrP{9qW61>Tfq~6|Qd;3H8}W-{_-^ zd3Iz!EocDu%f@4gAF7ijG;e0WhG;c5gu7r4HKvT=S;=iREI%RMkhj1l+soMO-m+YU z)&$5xO-H_8l;27We?jdolaFK2M(wf| zN?GLqCyjRv4RIm-*B}fEx-5q#Ld?B4Z-$zzvExmnrg@I3G#9Rll2VI2%Uc2j1m&Wc zfR=Z=yForCJZTF-Yqxz2JcLH(j(&n*-%~$^y|L+oh)~D2)BDJU*OY>j+cR3C08KJ& z{I2YKY^ZJ9DC~G=mNxx*=ed;ryQLhBMp^cJ(K#i4h&QhdSh=I5wH8(fm(qx3({(pE z$%N7tYAipiO7F~4g}5Kzozv6u%YGVD$442zs2-iv;+mck&OzF00{b?LdY$-R3_N}~ zrz((j8W3k*LE1-3OLT($4@%{opG8JuTA9CZ5GIIrbPQr1BVxrW6|>hr#L#`#$EECZybN}mhrsk@00(Di>ZC>iQPV;K|Mw+(SZ5CE#h1)29Bu1 zluSF55Nw41Fcv#|fxQq;nthchg7LpAAibhLCpwuAOfD%|*%KRI093X?w8sFdacMw{ zTS^Y-xjb@YbaiWir~s0H4*W#DkZIa%r&}!wm{Z#?kMc7peu9%6)l{*WPHYteo+AH) zxA%-{a{bzUQ52UVuoM;PR*)`TI*RnBAib#&AXMo>sG_3MJE7N5LooD`L`7=ofdoQT z2rU#TA$0b`TL1Um=bZ6=JbUwj!59*TfoIp5d>(&})qi+!lan)1ezA^X zNlO#j;}N_y8KRHlCs=+;u{|EEQMK>MbngBOn9E+rrxV(d_ z9Dy1!oN~g!!NJ3~&(efy=Yw)SebP9cZ35D|&j|N;`YC$!gm(_|;8+lN>RB_T3>W%T zi%a}GKK9h1QGBB*VSAQN`f?@++Ggc#*OG+6g z(K<9_Vz$hL>gSRmrei|9ZFgxJ9^HNwZvZRIQAimYEVzA@oy8%Wg(7qZ;Bm$JtNF*# ztSJanA%ah{uJzgptW?6U-f`oq_<9yqF(K_H!%kNk-KC)Iu7!C?U>$&elkM>mc`l=p|8OiIML3)~W0)Ri$_05M6vs~(fS zQE^G}t;SmO$#eht#^bA8T-hzLYbpmZ(w&J%)^UL44-o+zD6E=f>UMhHBniOy;sO2s zxVF{km*jHN25(L(z%B84%?rjA{(K4nTB88Y`3>cU3tAj4Y7RUm)t~BZAzcF6WDw@a z?Y(y+I%2|K-=^^-kGIDwD+MZR0lZ>(+q!rPF)XG!9dXd*T0hOJ5HKYWa)g?YFx^8~ z#vA|`=q-mgM4h5aKM%UBVytCnTN1;>czDr#kG6uHZ%9o~K8QuA)zOSce02nf+CCWQ z<1mPpdb=94Ws*NJl!uEJo2y2w+^RUqUh4qH`Z^BtdR0H$IyE=`qCwhh*)!JEixbB$FuZF$-Fet5s1#ULfNDIr0cSkKPMc;^GHTk}+*NmsMi)Rc>yPBb#8o_UNO> z-KioD{ijEA+_X2QG(-Lnb3m$`QfLE|zK8O@`8_$9(QF7vH%C-Gm}9RxNyyMV8#1p6 z_+4a4QDZ}9kteR&Wz4_R)7Mo&Lvyuy&xFXsDg#fb@;VD&u~oWWa}!9M?^$jrG&>$^#+ykezdW(nQ(!-#Y8LRfp8?tiICTV&@~anS%XSTGiGl|NFO(H zu^-d>!EG=fy-AqH0^*w>PcN$5Z_=s|2B6tEWCKmV?B0mK$Q+W`h0&D;Gg2;eXhv2% zFA*@VjK6X>B*m#UgVyk)6bbrVI!ST&eUTn_-l1lzuxPoulg)H75h0I0g6f7`!}-2hj%W6UbZ@MA>ILLr2@pC6x3FU>#9?LJRc^8*ZXjtq3P_!SC~0)9UTto{qo=ab7id7IrT-!v#IO^|2}v07KGSjL{F}7 z$)X&zwC-C?-vP|gq%d1c$)s<(UPTEpxSj=@mA~vh?Yh0`*wv^Z~b8loToY z%XNMry(2%$M8@ajAbK+DO<{T&_jNNQklk8S#$!&^QJiwmdGz+J^7H$kG`{Zch`CK1 zl2l&!VkrSukNl++lVaQPq|hl@8Q@qtDlDkjAWn1P6346@V7dU^<1YvT9_+DM&lFpl zIl+yMi(Nh$BJw9m6M=@(U|dsCDg6jthdIn0Y~@!HwS3>`laFg2CHHO!n{%bgHt`8U zJCofdpf@kfpfzMy6CeP2?rWtyqKubu{SU|`Pjil<L zAnWMXl^n*t;}Wlhd^ob*lJylFvV=_LTlRk!&eYX%J`#SU=(?jyexJGH#7V4=$DCNd z+L1xk`J&Ni7AxKYYOIe%LGZrne6NiQk;%Bi^m`J4=8*cJgQhX{*j^5FHsmCqk5~j= zkf?PgNRVQq*06;pZh(soK+XDLM*-9Kep_BsPz19l;j)3)?-Cni6S?vCOIdEeZr0NAu_9rILL&t8O;arB9;m`z8M>~Qn&u8qIEqZlpyQ_WK@ zUW`lApUt4zamQm2di63)<0$FIXh7W}tZy1o&n6J@+u(m>vv0ip*h zTZnWK?V~4wq>=i$Bc_jOTtk^YI(tDdC=5a18j^tEj+hkP-l6r(Y>qLy(A!jnKWT!d z4L>Ugc?|T{oPS~t#oQ8fG88QU`}DmzkO6mW^Kb_Y>qJ5U6g0^`+q#DAzwfqNGB-uk zd!PMK0l&=Bbo|gh`PkHVaX@Vu4|fgf+%YA~fq`q~7S$YOA3ZTK>pSM2EMzcV?+&ze zoJGtqw-3a`o$mX7ech(h&d0kekJ?mwZ-gJ1_MuMu>t=AUv-3izYpKEgEiS?2SZ=0d zn~F#cp^%C?;b+N)DK{y&M|<9jCa{S-mT%^H#{lO06v8I+cCqU6@uGP3Dl=ZS)UZ9x z&gxmn{+P)>d}4lENEb^hT0Cr)_|ib+YL<`AuFsd!w3Ed|k-3mq#VpJDh5_^$U!q;NxSRiVf>1f;C4kj()ZJvfov+{HXSJ58!B##wb+V zl3R1R&?lKVXrvr^qB;V1vSk-av|IubAWz|LG38^=y#2_UZaP_oYS&I-HGt^ED>5WK z=DsY-P?QyreLIIyoT6rKKZuO17AchhWp5LSRxVjlYXkuV8r<#JWFy;hJbz&CkD9(b zgHe~E>jXSvCho^7Y-Bcy6ogHhuji4N7V2eDo{>}agVWn!oPCC8r07!WaOkU)x zW&gu3=|0Zvjr5b@p2Rt4wenOOe_WD6%_Q+efiOLMeo4%{eQ)g`9@eu(u)%`Jb)2xw zU&HjJHOoFfTKi2&2qj&PcXV!Gt7yZit_OO`aI}6^`cmdH`jX$oi>hQbw$EKSB z1a+Y=F<@&muU|7lcI|KCMV=jPnq!W+#SvEH#s-Cd+JL@Lz~Bx*27<6K@?8Hlp>(6WJvw7W^3&cEbO8a5eEa=!<8f1; z=cZlS_F7Oz;K}MUR=Ir$>)~;RJt{=R%8h@VlMO64Gs0p=LZ06whO+e50Kxnab7$V@P1pE*wXL_Ng5R>Fs!KUf z;b+z(O`veUMTPv{P$wNLQaj=Gldr6lS8I!%X11&w;STQpbH5@grcWYPN?FuJM)4I^ zB0!cdiTXxv%eMb1XbAKENQwsJ1?i`uw->Jz3_?0Px!)?*&x#jOWEaHf-MnwB79`O2 zm$IwDk*#?L?l#d+see$VLt8!-eS`0SR`; zPs3$qD#zyX7VU@ISxfP@@Y)mgSk6Si5iH%u(VZQ0co@#tA%C)B2+I!|%*XV6aJHuc z%{R+*f#)%2;Bf8SwN5omT<) zAjYaox^8=arZe6ac5H~?4rbekz9w?xR`o)Ucyu9UKF!S#5e_?+GH$mRAI`1#%v{{r zm({!qZ>%(|@%kbo&Z~K1lAS0M($l|fThuZzbH-c?6*Sw1n^{um?h63rX^oP zku6KIOtPU8)S9z+>aHuXA&+lsrKKkx>z5m~zv=@Q* zuq-*g14oAWN+ga+*|DBtm@wf^){jAw6FN%%zY8UthLxv+w~Sa%u(9)s$hxlKh?$J z4%BRdDJVYm#h}6;s+S!0xn2y9d2M=Q)O!_*`jyySx?l8(nNR1ht^jDXoi&0aw)#mu zd{j~yn*~AXJv-Xp+#C1~W3YU7)FkHKcda^xzU`u;LcE(re`~q1j0SZH+plz0L=JL2 z^hC|=0oKl0IoWUtjxuo}){F#xhu5PEx3%Gq!vl5HkSX74|17o2m}CDI zv%c#f2-yCpJwPof@^=1YziT#D=}!GlOY8PfUbte&Jgf7*ZS1JFm3(i_-UL1ETxqe57>IWD zJY_?jTkLT+RLH#nXRTXnIR_})Q{bkc0QoEhKlEOZUY4qX$S%K0*#p%t*S^lLN-Zd}t{mU+c$6)q)6#I5xtxUV;*@59dYy?ac{CxZNHpHxebKS=Un^vZVX% zpoO##05DN_k|f+g)9DY$AbKZy1~aV8rytGK`suz&h={PPvPPPZC~r`=5;YTxPlYcJ z5zdoMAB@ zUF^H6Xmh60ZPlXy&`CVG%6wI~*ure=KZ)&{1bZ^xK`&!7vW21+(g;(rz+EZALlrl7 z#d*ky|AtcvMAqBUcKI%F$@w4x5HGMdi8H&e$;P!DiL9wx$AY1m5y;DNN`RUMRC@d) zj}*~UcN?qm;S#AR7$w^kj==~FG#kU&h8ECrMV_QDJTv6+b+u3SF9&>h?;XqC9VzP6 z%F-DVE7IjmvR@4R)fOfed}vo{R?swNqTo*BN!Kl^Jaz5H4IVk)6)7sH#+DWCTx$CD zorKdhyKcdBA911m@u}IAjJb9{!mYijMTpVQQ2R+Tm#zH-0-!)>^ z9d>*BWgp>TH<51s3r-7)BW1>-3x)*45&i`US7N6%ZRm-Xo(K>+NzuV$;PchS5(smY z9^QSoV|yjfW{reRu1@Xd;=;3J71zmEsj6m4#sb@6Q%P78=wn>yQd?>8cbF>VJ`@n8 zOn8zfH;LqR=+TI^?2tijXz|`xgQ=-0g8??=R=#n_Ig1)cr(h1IbKDXv)BsVdYI_FA z=ZeTrpB^fdF2(9Vhl*B80jw+7{8PZjhXtMYO+aTP@4|Zhf_3_QFB{fD1z7SoNQkO; zoO%j~_H4V)uozB#`W!8Z>d5&jJP+(Oa<{G~^7CF7e$n|N%^Aug)K|Ctq<<_Wg{kI= zMR?0l{y_=oMnrYY6MS7J9SvKWH6SY)n~t2620*tBVFwvHW8D ze@qrYlv&}1`1#h_)%kp3?bec zT3Qn0+Z!9A(t~2!^;yY5=i{oMr<|D?P!lQE&jB1U=%H#NIf2`ihoT44jd|lfJfED} zzKlT2W{2sTi7y?41iEm)$w?EgphGjLqHPTH#>)#9R>IKIL_QmI=EWF7Ul(AWzGu-oX9Q6@}YmEvLyDKHEhu*hu*k1HUTt0qVvNDA-`NGm4&`3f< zAXpX^C5f!L2dnq0w3547f^5`_4-O78a(RQ`h9XJU8BGB`!!^tkk$OZhB?9{AMeEmgm- z5>HIPfIr9$GZC%Y`Vswz77>&irmaU?7ov%K5n@z+u3H4S+LSKWd#~H~>w>4zFJ-*u zqx^&CIz^oy@wZiQ=Z1#Th_4zfG5sD9%79+`LKLr1+gN@J(Els=!7-`GW5E3rtYZsnSb?64Gji2j*x= z>5}CcTvux2Ylbp>i}jk>2uTl~PsqcJ3pIWTt_p-^#v(7%02_-1&@Rm&oBghZGiViX8%dkKd?xi^<=GM!L-yna9N#vcPmefa+UquEcQV#~!g zc6}4)H@C$_u)5OJl;{(ex>POA>PL=k!5SJRf)?oRLc!r%g*6<1F{YTe`fb8u+FwxP~GEd1@&$yz;w9X}2e*b5+ zCs1;A)mphrF5RSDm;<`Jy$nF-cM~{(Gqi9p-IcE^MG95amfq|4Bwzh@hkc)IOOmd6 z{LP2plQ0RWDIx12cj#{%^Vx(P6ift?C+#gE?3$4~J!K3Rf^%dI(HuJ{|4Ev1!6C}W zY%yx=c_{x~#}6Su5d)&6Q^fvI{6M27t)y@!rD|boKW(`A$bTOB=FHPazT-l;k~k-u zW6&hCKI&xv2^U3ge&h7n2fB8oI%}%t$r*R(WdopiNyHWRrRimVVG$7~_%1yFyb8q} z|NQOcnooE@-S&Tayxw^1NnE?xo#&IrNvxG(@T=jSlb+iDc9}SfTuTh*1XErhxY2~<4w=Wobz#V!1=!^?3$JV-H#jw0lla9I`y}kZ>EcCgBMayhbTZVJLBbA zPg7c*FK}Xy)k0z?{QYda`XTcbN_MMF46rMnfaVO293}PUo}c;sEauE+OulLmsmWOm zy0f@%p|DrKwE3$eC&Sm8Q?3q>J6WE2T8b6Yk}Dl_8D~2O&-&>&iES%0EUxn=6Wh+I z^wxFLH?8$d5oCP!qgvz^ZN2oDDAIJ$(47>a49&((P|>T_TVOi|J=B1{Z99}yGgVSv ztI*4p%*9>KVOa9)b~Tzin8UT3m&K{Rn4+;ttkv_#Axk>vNV!fqA+9Uy#W7>W#<-pp zUGHK0x?H&JJW&$1B-3L>#tV_Mn<1Kj*Yv4|vdL;%waI#VEF0p{og#F1y@gU{>0_j8 z7=OH<5w1fU7KTt15weh|2I2!F&mA~p&1YFy)uOa($a*;Vth&N@xEPjvBLblIQ_6tWeF?XiRE+o$g@zQ%D& z_Ev7ZnO5BFt-6hmb-E4#V4b+@=B0o_8EDmuGTf}yNgUbym=f*QT-$tFb|QVqjKC1n zHIcI{+K4M)ZH!k}zZ^UmIiG41(EegqALudpXG!G-Zf=}FJvHnfksE;Sz-iYCMzpA? z#;`QIpN>k!902hopcri~Mc|q`i?aiNCN0&bw$P7g`!0{_9V4b~J^#$S!abYE<=H@; z<4tV*`y`yexP2%8gWhA$d7XwvsX^zYZ{61u7n*UhJ&M#xa2;YBmcginxKLAx$Kk~H z_LT{x1f~E^4|RkE2}rvn$pg-XgbU~gpEWh@LxQumn;Y%f{w&kO48LsKfo#suD6i!z z+{YXfv9MzU$a6fT#N2n_AmcPkIX8mHSd!ISz0&yjnblT{Y9!3y>+ADd@^V04LICm- zK(1&9JHF#H_6=LE3>%NLx-4|yI8&GM8L-^Q?HbCRh5CGTT@`-8TL7vvIZ$%w8v*<` zq{8j@hCHo-$;(PDFz&%VCMy7?icxmR4qu{=(;xL5=*$C@NP!Qp-ks=SQVJj%EuZj= zU3%|617xH#cNji3nKp64Lk5xG-7&g}z%0>WAFT&Bmz?`pN$8F;^8#(9xc;LJ{R)&_ zw&yY&MQt4}=61}H+NJ<9pS zm%JzKTj?l;3$D`R&gVmG{&nk$l+ZoTVH>pZf}z5(zZ)gd^a8@jXI@kCHo&^!!q=Za z?|uIAMU3S=i@7yK0Jl|yO0X;gn&7%j_xhwH?{9VHw0BES$Heh+tqU-ju`KVOX96_r z*%c|$Nh!A_lB;&;Qj(ER0sDB(r3!@@OPz=Hp7{8wW9t>5QAtD7@D^H{It;pV_pWX$ z*Q%9FEq$-PF8S8oy9GU7u5+2jM+II%&l=vm!c}`Y^+{C+9L0?U0eYiG75n8IBDFE% z&C4QR4H|df2<4f?ayzBL*!M0S2|H{U6q_fF$KcP&B^& z8lS-~^2oQ?E(lkeYkyTAvBfS#d;i`&`^LLEfJi84ZpLgk z!h8B*wm>4?H!7#o+S?@k#3epEN7Km8`aj|+fBnxCip$gg36A;yOU3zLVqrjvtM~f# z>q4iOs({6edCjuRe;ly?eHZ`v9J(Uz*<*SU07$r+<^P|C^Z)%_x28Ki|KGI7EsQC| zf#rY|7-Fvtx%@c$?^j5F!t?);p;7kz|ElKy`Pu&$?aTlBz5JiWc?!M>99?KhPD(np zNKXJf$lJ~yu9~It2;bIxr>}}_3jg(+JbNE~p8iurgtN6yV18!Q7v}Y|T)#r%U5yP-HvkSro+(x@u4FVRyt4dd7=1_h64IIRJ=TmYnp;(WO`}#Jc?{H-87V#P zos;9Z`X{W)am-s{h{N{P`c?;&wXcpch=?O#`XVmLvGY2=Ywc~^5Lp4iPkzV#dIF5U z<7~iVq$ElPIcvFIk(af3zvQU}spL!Br7^>yY`RB33T8>;7$&V~163U}$-C@K>YblE zAMwqa3}k!yFHRGGWW6$I`Bcv*=WqdqHmyDB!E`sW$nq=@TXFn0#YT*nzZEdfaL<5c zWJ~qbQ?e-B`Nrfl4o}s+?XEB5Y(>qKWp~H_Qe5=;7;7@WkNGP)O0vV|XF%*EqIqIT zvTZ;7iot-nLjbmfK8R%*?Jj%u_U$WQ4TkDprl3VAE$>Yan)bi3@-5F23B#G>a?aZh zy$<)_TMHEn+~gxlEk1E-;X!rBWg2B`7EaE)0NOJ@81yMRn)%dFX%@PcsNqE$WMOsw`DY4rEY%2GcPKTcAuIkd=}5P>(#b$h_hCR9%?!VFCPqu z9i|AePS(@W_^I!9ZcSSnsR zT88O;R$`w`MM{LZQ4*nPq$>5z*!2M8Cey9#<-Z>sRbEV*QgTZ&vv{)FxDYf|9&>2Z z!M`(#0e{$KiDc?5$N8o&ls!JLv`6~>@#>4b5>`U@)@O2Tm+fp_+DkqkBQqQ5Hm1D` z>)3Xf6n%ShcNcCSc#P{Udag>y$Ug`me2V6A)B)T6=omLj(RXX^ez6Pux{v4utu=VI zUGKrmu8YsgqE3dhHXCa#-_^C(SVD|6S%X4o`M76n+r_;uL(S*_+(wU9WUVHcK&ce`^I@KVpYuv%8yU>-3G+abOAvSKZU&j%_@0uaI?aKJgRbczA|9Pl$c5Wa0Sbx zX%@mQ;}*nCaj`U3Y(~ZGvTSNut0Cm3vZ~d)_xCh3o4^Xh1jlZi}4i6Z;Dr;{irth03dSk>VITe`iQe&s?op5}97-rCfD5a{THagF# zjRnhV9R{|{bwVAzTq#cvzRkUSz>p4EqGoMkm+u<1%Vy8wH(Elx;McHrq%?q+U^=yY zS!diI<&r}LHX=_O?O~&YO*Ev+-|3MVjWa1f%sr^$);W#^Lc!3 zK6hwdlF=$c%39EP6x$-afvptV`_(QMFmeToqD-H8S$c$8NCM9+tW1~2Hfywg2^M>^ zFI?>^=}Wo7ie8C394-zsX3Lp z=(7fC4wpb&z14br8ST;mIM=xMj0&k&kkf7m0>wP#=WedR;+iKgT8d0apv~1Iboe4#**-qf*~3>0lroC-K;6f z%{J&nYCb>%afOqaz?mqdeiy#S*|Q-S0Q+#+tU;+w45|Q7-kXsYZs^Cx2-CFJyDtYa zhDx5(^4U~oqF!i4#BwBi0H7DpFaF0B3v(oEzC2tiq!gRw7{CFTDRf@k4qlp_t?P{H z&4V#&kWHS@`6Wb*zer#S9>3k1%2ktk`b}oPuQG$?>S)Et-$WbheRCDA0}-?!2U*Ju zJZXKgMzAXwYL9d+ zV@X_Js}uo_$YiCu90`UC?w9yMY(HETuYxf|%D$O}p2kACme#YqEokB;2+KoMd?OS3 zytv!7ru8`)uyvb_TZN65yn=k;lhD|SXNV-1+B*Ms#yjcz`k$^*HWFA6aCo1z$*Hm1+B^Q%Zo2p?` z^!tMjjqy5+)N>4enPR-g{a2*a7*EXtWm<|Wb(}3(bQ}-jw?MGI3Gy+k64&v4-w^CA z?0p$(1*G8(989svsj!u}6mG=B@3i|F6%w??I|)sD8t;KKP|xtArgJ)-K!^)UPrPE0 zJRaOMbnc>KT)5n-t`Y55Z#jLvQGQ5;XM*kc*9S65{C}y0R68ecB>(<^TIJ&_)*Zig z$FKq!K08zDSZ&o?vNW(aOW=|`!3S+8t8qGIQ{rno-*6S{rzfD1-}A z2$%?PAy$_UsaxgP&uVI`b(DqOV0)Iw`cXoAX)#$nfwm(V*s@h0Sl@STvc*;I6k7r zO4QDreR7bM5>@A)M_Ez?i!?Xs5D@szlXf?$1rLnTe9&?Is=fJg(D1EP5JW#ChH=|V z{->;TDK^-v!b|-1-YXmg!Bx%3Xq8%tlcBDW`@0u}B#+n!Z#`I$RVK*vH>nK(TFS}} z=or-$+ZpawdY>@jLE)-UV07M_?CMV6PutGat5Z~I;#7!87ZNBpw#bP*F9*jQ$&sO+ zwVsvd>Ac}?eZ|=jRCej}rcZ)XKHY+|1GD&^y56%#t9&f_gss4ZGK11Iff54*UuAt? z8!_CWrvYunOyEwHgFDBV(8=eL6;yNtFd4e`1)sEykDt(f@jL$ z%WvcCsgfbBT2vEivrU9D-x7IW*yXhqWNNT5Q$|l=s)9qDhGx$Q@I~xNKZ=+bLSR%6?}dGqKR{Q1QrTe#Qm zObXFcKXOydi4-5=vv%6AVO~6nN&#tiew+6xG#Cu=^9E|dIKwu;yb{L~T?jZn{r>gq z72Rr*zTBLg4{@Yam}ZV=jP03^{GE1*Pvo(ZsB0pg=&uMT^D%v2)Y#Pa&q{L>0Ujgm zYbjRCuMz9CkI5$;X+=%=Tm>DLrOB)8x+^x+dB?Ja9%$c5q}b(>;@UyLDp<1uo+ zq)`!d^Ib4<3V`4y}={ch;1u}68-udMkRFOSb+uO>zP=Te2P+A6GvSov&? z2W{1p6T%Dip0;jfyc^@?Gcn`rO<| zh)3UoBy81>!?=l`kz_mEoJrHQhn}Xi>ckf*_4ccpYi7pmDvP2@^1jsUU@$N5eJzE@ccenBpgZp8*D}CKd}ltu0DTE0k7z=b3WBGH`0HC zpR|AoiY+zKBzT(7Mo7l7uX!kFh}xjNnqZHS99^u8XU8$%2Yl*)l^!e3=Uf-D%L2Ur>;-qI>Dmbmt>y zCB__&AUcV+D`T4DB=ijuX>zT$!plPgeKhVFM`%ZV)&-s_}9$T;n*mA5$c%P{)a4uGAiw_YqVc`)eQU=TgV(nU7c^)UEnZxFILnBVdc=C&8NJ2f zTF#=q)ztC4Z@R-f>6hKe(3VWdfhI2RJ@Z5oS5P$CnDA>9vRScoFJG7Pd*_--T*`P+ z>@SM}Z7I&r5;=TFii6I2z22nCpy=N`4bQ6g?EguE5yo(9UV!}^%6%LJ(bD?*^(!){ zLl_{PKUPdvX$IdERcntqFv{;&wLp~ePEA!Jfn9IkLUhUMl;CPSLjz9FPi>0jUb(f? z{rd)!)xb3dqy*Lm;R(kE52GPq;24pCVlX)qgJfgCdAv|Tb#5T9b^fcVa(5jYO&q%& z*$BF$!^M^LGT^GdE+m#P!&96Gr`wvi_QL$e+GXuERviIUt*App`u&~;+X-TU!NMda zF~T^fLZeUkp;OzhYg;vb!Ns?$nxPg?bnV|Q$eLU~d14KVFOllTwTH0P%>AjUbFaVB zBjIXkzErCO6p+X9uTW&I*pHwd?@9GZ6Y7x#QVzsKY3do_M#K#ru|PKlsnQP*iWf>% zdVh-nHIvJu6{nSoXj(~?_x683gUWndk=Fx~CRv86y+wTa+;O=;+O0pg707ARzY?E& z@Z4-Ns-^{sM5 z_ijkYI^?Hb5-+&q&5mGK({&+RL7g=NTm|4DPn?kTQdh+G^U}*AH9&8Eo zK<5c1$yH2G9o9q>kq7OT_UKO;Rl2V#6BbMtd2C&!6JoSy!&8 z;JDnK`ViULy>AM_to7!raK51drDNy@Y+x+c_-mWhft%w z{Vw7>EgrJcqND=%f|I#1J84IkOni&`AtRzWv`6xXZ{33o*W};I63^8+f9p^68-K+j+uCU-_0)N1xKF<@%w95WI~Qi>8^l&sjKC3?&_#9NoB5AlH^l}V z5=*}a)W7uaT`tVgT<{tz*OVz2WV1hOkc1|fGrHf{UGKhp!~q@)j53n)>HEHmj<(x} z{q4nw-1Kk$o8j4z4!mBH-}#*zOcDQd&B<6;riw>={p(PVKHCG6V$0{%=wT_Yn1`T^ z9B#+7K%H>6O3*tOj;5#-tipb;uIO-W_lBNYeb(*gJO?k9zi~%cQy*<@H>pkA98;VQ*MxJrW!5xk3z0mnROGEzpTWje~|zr2)c*U@LSb87Q5rd|EDo)an77G%Wf*YBG{{Dl*R z(eh%RREE044F>jw;T?mI$=q2wi~JM?2hL+@-^l-318L^-`={pKPV*H{T(s4xv<1lb zJ!4NQGU#0gU<}c^Dyy-a%w(4?{PNFAW*k-0)U}_X3ZPPjVs{^Ejo!L5^^eOtfqbZrJ%GBr7k)RU; z>N^-iRqd-4IeadId=9imp)qXkNJv1VcSu#|Te6gF#pZsFL30!Wn!*Z1as>yV@$?6z zUzuVbhc1h+o#}!Wow;se!l1!eHt>x_D7=Ef7Zh9JcyvteJ(3HaxP_@yvOk-2Hj+gO z%hy|3z;K46`AJ{;<&3p4TLXQZI)f8%fHBk!DZf83fAKJyPU59H*5W$trTZ6Hy(^4< z*eMKwD3b8<^Jz#Z9mKJnf6|1v69oo^B!aYQB_;kU&diCus4;Ylt@l&)n+44!%Vs;z zXCHtd^;!SyHGkN2;R{%;_n2TJ9(Fx|t2|ZkHJid|`@qg|=-XW(%%k305^|;}&jpco z$puvp*aP6;~LG^hAc zqN`wePJPs(qLZ&cFIUkxE>wxSq6_tprIAtr_y$6H$_WPQ69^&${L`OF?$DZ_0TS()R^dWfBG1OERinsAqLa<-s zdU>$l;&i$k%6BMq5R#E9O;9}H@Cf3f92g@A5_ioa`i(WGbEGpm?2`@Y4wp6@@2*GL zQAKHK;!-P28_mz2Jsj%QD*}3_bGsXVlc^G#QxK};($F5;5_RtG=C>n1>`$AJR8wa~ zU^L*1lg;ZhDQZEK&FVR1LG#AS4-RWIyHQP@mnl;gPRoZJrRy@}0r@{aIM4n&l$n|C z%a-G9MRN&9vq{G3agL7}p1I}Mg%2$gQ>9P;2qTV)Nv?t{A+&_{7)IBZ#nCq$+!bC0 z)Z4HJwr|VkG>KN)Kf6gR*W3K_U8oii%ME=DSlg<(k}W0dvxt`8-m=Gi+uHC=Hk5ch za_Oz>FnP*3z}xcOPo8_}bV1Ofjy%-F$v&oi2yV@{=lv@f_s00&kegudE_?j})#Gfv zXkf&nFfl6O;uA1VX#cX6<90hlaePQZ)^ZCdos0ebaWB7`zFODeRPp5k;;u9E$9c(z zwtbDj+jhTl!1 zYjb=95H3B$tNg3ZH>4jw1pZm!r;~DAO!55!+vupzsdtRc?!jmNF2XJ%*({F_+W%&r z@wT{Y!t*SGY+3B`A`kSK;gWV_N{Bb+AHg!=9%zEcRO!C-leDjV*2Nk999E2;F6}w0eF+5%*)IBd9=1^TU})-4tVW z`>EN^v~$eYigSL|#HcTcE;UWi25$QsV_Vrmi=gDp896`mDZDcmZ)-w!amG6>=wVk_(h20^1Y9 z;sS&xXc1!A#^A4* zmEqjQsf+E}WU+v{o;N2L1qcS9N{jJbH|7U=4B1Lb!@N^xPkXQe5^^I^(2!1{Np}rt zx#Ue?!NG5U#Xl_`HC~yhGjSQ;E`Qa!f6Dl0Mr$c)1MQ@5Z9`3Qe$50e4;!Nn@#QLY zx%`P>c`=#0wRrlT!2HssTMq5Bx~c~}o`?*MpnkIpy_vwI7x)OR7<^ggj^2CToeca= z72YDQJ%~fP0*fqfm^mxFJyUdaDgDdhMRH8ncSAn*s-xP2q!%G%#N5t0I z_d{Xs5gxd$xI zMs0i7I;&2+F(Rbs`X*ZO{JlHvBc`%TMMinJ2dqWLe6KX z#S<5+)JpGcQnL*Wh6omAsr;FxwhhCxz?(N?0VSU|Nc|wu+5C}m0LM_vswgFAF5!e_V>e&VH{xibfi8)*SG|~lIWCD#gacVuPU2^HGvo^XgDYg{0GVjK_(GBl zEl#eD>XW;2-C1njF)o>IQ0IX6ryVyxiF`?ZVDqQ$<09RUe7#O14GB5m&fKu;7z^xj z0rN_B%65#A_-j1N${p8DNRYJ z@{|v6r`2&sYF%k4$x)zERl^6gs5bYwj^<%Em(d4)o`1)3)!TOr<;wf9EsEQH5B7i6 z%}Dlg(XXkgu8ftK(GJhvo*+ZwvbNI~Ha0AJC^7buUd8L01z(Ogi+zObJKnNp#HyvO zxbN3zm<9Ao1(4#ekq5u2pkTO{by15lCyvL8TYjX0Z_=*Y-gkyZHdNlDqK zBoYD8!84n-F#vA8afXgoNq9~$XAwjp6ffk&nT+>v3gY@FAZU>Kz)G2@J^y!rxTO1t zIxTb_g<6%Ni90yO|LLwN;P?h!SWW}gHWazhuyRR3AV*047Akn+0jKkIX@#<8+y?Ed zg*n{$3x(>fVg@qNTB}F+!=;QThL@YBq8wX)tl0z|9Vn z9*)+c(;QD@si*Og%tDHXVUeWkz=T5AcUm?bNzb-djVKQ@@k+C7^C0ApL$m-xJ3cfL z8GOFCH<+ObPvhfyF88}So8zoqqybph@cP+6oj*hF>@mC!JVP_QoCF^ufu&`usl3PZ zN`i8BsLHsD*@K&rQV(ywPFAQy@q=L8RV%cE zyi%Q(U*a#-@E#xk-ls(*4TgaMWrp6Hq@>9wcV3e^0Dj&pqEeswICYTVY=4)*7sv?T zqn>J|e~0N~FTpO)wLoiah`$#^dZ-pUYW1~R#&w$Y$}5;>?5gTQW= zA?Mkme*KI&eR6}hl>>Zs_jf<-{MMdJF+Xf&b>Q326r;0qd((9pnA+ixh}0+8o!CR9 zs^YqlNz;Yoy5j8OkX8luV5EH`<$2IMJKaC5)j3%hQ`fUir=weNMd}sT%zdm1 zgKo-uMimpy4`Gp{li*2V{W>OK^lqfT^=M*pJpWy7R=G~=WH;i7?{Roay7hX8!f@wy z3e2s2?bXK{t+)&Gnk>55rRlp3hL76%jx6>I?-U0^IJSs_y zUxB51i^|pPOHv#_%(5lrhFuuZZba(xG2lzhnm$%dihSHrRsSH~3*5k&=pDwvuj?PfoF5 zPf0!n723m7q158TP}O-$r`+V(^z=5+*8gJeEu-S zUVE)M*MI)zoKbJBQVDW%YWi!9m3tvfW-#7>=&D7I_cL^2bE;x)O*%MN7VAc2*m=&$ zNx8+X>KlhX4t_5$w(Ctf`ufq8mc4tNw_C<9ZPdB#&!BuPOe2#Qv5nbS&?NjV537qL z+5Y{{cPB-M63m|4BuMa2y}O=+tRKdsJq4UW0d|FKK)f#6aq=Q#^TSQ}k*9!!JFqR| z6-NnKfsn*`{ZH55!}mM(%Q(c?g;+5sJu(n1c3zW025~hRyjMbQ&3X{GB1wo-s`Apd zSjnk%YwyCVjq9N2O(jBl`T?o$r8|3p>5@w^ob4Cp3e0Isc z;T++z-Kuf(ezBo2&&8%zLO4Cmsx?BtrM0nPvgh8_HM-gi)Ucngu<@Nh^f36cdDf-> zQK{9}u&u>!rqp9?JWNHXeyn$SJQuy&+H1@!3>8WaWnJB#iE(gC$2>diPo(oVBUB3R? z{1pYr|6U;N00JQTjtcq7Id6&wdpjDBDN(sVI_Y0c0dhvN{&VL+c0GWAl9K9{!#A+| z)8EcNTQhZ_y162s>#-BmmFV!Yd)xX0r3Uz$wCdQxOicm+W^jxx@v#A-hMWi>Pud$j zrJZ-!Vy2ia4%gMpHwl6*>jVw&vUlF|$iJX0PjowiUfh5+D)Mtg*z%i(D=dEpvuA5p zsyxXbWwEjmrlNy}Pro2T^KrLpl5#bAm&+$~zv>7#{WXA02hMUyJJ&N*{P(iLZrqy^SC{?y%Mq-&=Cj{vUX|f8+Mpt=#EtO!7s-4BiEFvq(S{t5|fc z*U`CD`BkW}rwlvpE{S1JF-X)?xAXUs8x z08||R`AFBojj^Ubw#K;yjV_7pKH_auY`i|&@`kAW<1QFCd_RoTj^g_B{JSF08wjq* zwcI>YFiyL*@LC`JdYa4IsZvDGmaaj+N6KTf4-|1Q9u}b~mj=j25fjpi zsZhz5?*>$!ToW3Uos$3k;Qr(1n%%$RCjY5HS0t>orRwVyAuupd3qB*izki$gi$!6! zi_oKXKE5q2^k0tuo7*)0eW{Ulf6-{SHSg-{1pst0s>tsVO4~xnoBQ?a4tf;eWBbl! zJBMb)8UwOUnUo+916eZ#iUt6!I)I8Ez=_5m0w1#SL6N`T%2c4?b}_RaweI^*HNt3N zXIpi6f3u3(#QsG|IPo-@|C6NbzqMfbPXpF=Qw62@t*nMzY)e0S z|A3a{HC`qz9=3(QbB>mhaz%#bu4co>7N3WR8a~7V{=Yu5qysS3|A+6Ck{UO!7vV#Nnhm80G5}eG@dpQv`1h=(oVCj=?=);jStj)sdj^d{uGitkIra?FD+u&oibl&#Ee;XlW~8A zKrLIZOCo}k*HhmO#&Tt_?$m2d)YN%E<^w8HN{PbnlaeYMf3B6&pqphXBf1&9;a_{4 z9!(4YKSTpw$BUag8>ERKRhvESWYuSlaWGMz;s7Vl2|s!KljDL4kT%V*seXf)>d!kZ zmUDTHZ-+SI6l9!!X?hWdofPw21X>Y$M(iSf4Yt+v_WG;L+lrQYpJ>{ct)5ESz<7SV zFQJ@bozNQ-Xry+;MnuKxu{Nn36txhECz2I~yE1MT^0gwg6a3_B3_d(?>QqBj@b=5~lb5H|*gtd+t~K2D4#FLsU>flan_V=) zRqI6&b?_k{m^izofrm%^b8`d5i*sMk6SL@Q>lH?e9U*9Uo4wn5(IC1ptJX`WmP4{; zg3M<2*C6NY01VWxX5&HA`{Km}=G!V;6x|c3MIKgOnZ|{H+uK0-`i$Il)knh>8!9z= zV_nrTTty=K^SlG27wD}McZDBmLZ+R4`@xmZdb%Y?58kZ-nQ&;Gwt6CQ48(XkQP1wc z%Tapqi74j7(MPFAwG^9yJdht{!9F1|G|-&wM(MWcNTT+GnZ>NsMvb^A zlJ9{Rbj3s|v7Ip&Jt2b%Z2M|$yf-aQCw={5F(pHu4#c>pZo6-4j$(L;kEc$hLG#Aj z^Le5AT^T3sXzJh!TjAnV2V;IO;*V#DWRrtPK4A8&p6`V%Mr^Ow5&j-8r%8Fjq$*Pr zqglSAyRMJ8Oto-K)v3KY)TFnh(!byuIv^t*F@QE+##-Nam6cpC-^aJ4W*1C+ISO4{ zH0i0o_%-qEsxG9!Tf}{!0Tn1O^=&AM0sr8aDui=BB8r8=LMl(!kcTi4ok=mr%(X}9qx|I~Too>nK)`8S{_*bn zsnq)elhpm=kP+DtU*Ggqj))(Ld(AKA4$6#us0O1G;z99>c3Z zC4T2HW1;t)k5`fUobLVeW8#>sI%&;V{G({xP1IN_ekxnlo>F}CkE2KzJ?$}$__R{2 zwcgKvCb=itu>v$TsiI0l8!9b!Fs{yrY{TREHK^m>R4}Em8@nEvL^U^Gh6M5fYcNK; zkzMKg$W=E+$Fqh^$BmYXgKja7@$TgdR5x2LVDAdRTWvR4mIj8{DgoJUW>%{s)}VSD zq7=th5k0;q^E+qqR>4t8&V+v^P=`(+`MY>o?|dM?42bgl#U_qBM_VW=y=LD$I6X3) zIsQefoqa-aI5Z)edEaNK&Lc<9iAL~z=WR=P|CDqeQWF{l8=7HgQay0?CH2pJTy!EZ zi!>FAImoHLtR{SQzsxsW#M~!2f7ZVcBh~#!$(dPD&$Z9}$>ZPfH0PO=NaL4uz}~=N zCMK!8)~SHK3f=B~&{dR;p6y$bry%U}mDiF+pULxx5o;fdizS==go(`=yuK7+WwcJG>=qS#yU0&| zajoG6%W1uAMg|U+*aQJVv6I|6TZ3C~WKgIhU7ruXK3_@>5P4?e|_qn7J+tRS2lFql>=G8?` zHQ{s7k;MjNq@=vA77e-FF4x}MVqO8wCrHxNiMx@0WPbN6Ub-D@DdIX)c8v%-AElRx zK1tBX5EI)P_;zrV6%ZY*n%F=l!HI}*w7CQSb4sP{MG|YvIn?3WT=iVS49aDArG`#ha1c!Gw${Nd^60V1Y+$ zxrU1D4)IO!H6A8wwZQPud^`8w7vK5%acsRWqIMf!%s6eiE%Z+6Bi!^iU5ePjls_V- z;}!4)9Z~s0MV<=<`)r{N=z6;17n9%WNbQ}FQ%x=>W958#TeW$ZaNW$=T)7j|ty5*9 zb%kVgq${G>CY6_MXquR+Y4b5nbf%pRfcQT{dP&q~RP5W0T$qVQ&=wcSuc%)g-y+JJJji9)pv@PbrbJ;JDRH&*>8YjA z<5IPYixY_HeBDKg$+Rg;-f61D7+k7_e=bR(pw4145hwt>-^nJZq0%269H8m94KD=Y1w{WxfurXmkR~XK*4~w3pKUc zlt&CZ;h0PA^_ZV+{)Fh##kMsCR;6)E=84GZMi-yH;dZQCpu7;eCOJ9To744Aj}h9AA6N;Z zcsP5W<8)QP@ka(O%1zmKUela<_YVaoUwG_X;NcuP84GV-TB;B?(1WEGbX?RH zSiqo)yzj z)kF9@mUN-pJx8kD`?%ETg(tsyd@-+%TBzj7V~Md2AdsmASYXJOr)oK-I-nd>GQ89* z3$>tYZ;fO4EV0jr=^l89|D<}noJ&UtjP>!CL&r!z{k%4@gwhHBFmk6BvlKGp<#nv! zD$dlNv-CUaliA^ZUr-QSit&O^Q7*b`&k9Ya%O2AYZldj}oC2 z2)knSHPnu$!>UEf~_>Zj?DbC9`z?i;xJxi-^@d+eI+bwXLm($XLcRr@a5`ZW!D zW%fv00n_FYHhxR}(GU6Ev3DG+6@ZI(VHL4mDec7&S@hYmeBRy2>W?#Y0ufG}^js`&H!t~wBXpKY+#accC9pM5ZHiehwDxtVl#hnyQF zf^U3zd-|y-Lm`AAgro3Z6`YgWh=Z^zaYOB7L%aF-H@;-tFnW8O3tv9ElU{+m$btgI}It!0PqS^0c1ADh)@J0cjrQ`cfw~$8ApFvZXvihyVhoJXe&2?`| z^9u$ylSQxzvP8msNY#Q+`ef;hcKT$D*=kMa;o2480uo@|Ft=Kr`7(-2s!?f@9P-g41?>50+@m2 z!oAKS3yJXEU&cB1a^29O(@*87m*y^mVRX|y7Z%4=@aKVGxO_b<^>Q-sYMmxf+jOUt z3ucY&45SsN;xJyq0}O2C=U}ZvZ(Z6a5md}kQMCb_Gc0UuarIY!Mk|bQXIhQxJkc{# z2Lmblx%CBF?nhhCsi}9Rx=jrgmKIc^Z2@SGfzD?25_0W37IT14#dX58}=0ki;hX%gHps-SQu z>0mkMoF-wglm@7$+SE+TM?enxlxntun+Izt$Yq=WSu*B3#oyDq`UtewIvr_!NDWqc z3i25krXyn*7Zc`If%3h{S8|r_#6xWbTH324>y9Rzi^3>sw|{O^J~NrMyn4!zMZwUU zO;+J16xELDr%A58*fCJ^ZYeGavMx^{9^7r_E%@S;&^B8LD&%gb!~}|5ZbsFkj=xYN+^gTF(V7obQ`-oW^Pid0+(7 zER*@ZVN+yWXHQb7&mSck2AHerO%|cQ{_i##KU^sBy(x-vl2_rZ>@#m5qvbYa^P-Z5 zoj<3Y^&U&?;Q{Rze~(M>`VJXih5L6xpKosWCqfDFrZ6dZ?Don|N>hn^+tEJih)WcR zt5M%>3&iYX8!>VbW8nCXU1@zvblhO-k-sUmCh7t9r^G61Bag*IlH3UVc)#`R`yqyO z;$DiNM}=7CKM1jZ49vLeinbIs9cy{}n1z)oS{Jt?IusUK*xz-XTGQQ-Kg|q>K5;X1 z@h4(^{bMA$WgE=%Ks3T)vQz|8W7+id*d{2P*1%dmioBBeyA$E z!+Xw4nGz%(u$^8s|7F$p>gPdPLrH*sL__Jg8yQKdHNh^iVG+90P1?j6~9$T|J z-8m)IjZM+ZYL!$kw;+^uWptiysFWc{g-mT3R`GIaUQP&xv8tFJ*5>z093QbT92rXRqh;Fmu$JD5B4_QPT;MFblP_qeN8xG+@2689AuT773-|HLTM(@U@$q#n zI`xOMT~M_fn&0BIU&qaOLiws`vi|y3^7{ak*^kM|d6;VSuEvDb2_%WbY?6b9{NX-# zpR5~Y=YGx2Q?=H5k>7WX^(S8C*5cP#P5hE8+Xoflj&kh<7}|s8RvVw^eI$9$GdI<= zla1mVQu`BD!zXQexZ2<&;>5dmF*ltb*V-LWqUL)M*;C}A3e!OAQv#mBh=H>eHo9&5W=ogiUm>AdHuuV6)N+8Y223NbF=sUxhJ?xc|j11h5#GnjMy z*NXt6yqj}2Whj8YW!US%PME=&&*4+aD$a%z9#hb`WOVK540HTG{6{QsKP{VwgE(i& zecxYfWLTOlXA0es34?W0+p;&__YeM!7v1JreYc;2Gin(povVDvo7z8axDcaV3D5c7 z{okXQTzIapIlGInm>?#bri~)LB`J80GQ)Bj%87&F$93LDja7HRk29_&z{7~AhFs06 zs-UBQ%Cr79SHH&6ARF;6X6q)e;U>%(VXoK6wf&PFJ`(?-5%!cV zR(Oh@zAtqBJb1~?$xsZ3sjb1pgy{{)2xh-a=tY00)X(|TO~N!`Lxr7r94%S3avcah zff{*J@yI36htwq4kk7N0{dSrv;AP)ey!6cX%$v;;z#&y=u^Bv03jb`R`7UiR@)*9h z0OlNOZTaf^%4F*499?}MbZFOa*=D`p!?;+U$F>@D_jfE~vbK%AO>{}C!Nr8j{hj-M zs@Yjd>V<~|N@A%NecyqHWHfONLwl=#KXVUN{%AP<#(thF^=jwXs&Q*kG03rIVYZAi z<)txs&d%@S;--RqiyT0s_`y1(>QL&7>U2%6dz6SKT(@MXNaZaoB`hN_&~kix&6V?Q z@Om9@5N7s-W|X3@HEmoHSAOMmCR+?ur|$zy0Oj2N66?f^E6)at73@E!<)Y?uN*Wr^ zEi9PE7k7CM_MfDUN@%HGJJijAEwXe56;+BBn1E-@@iC5NyBB!Q;MJbyw@^!c2nKCi z3)P$lrKuTm9zSSQOdQRLW7v|D#E zRm{gS$i$mWTfrF+7tg#f)MWqD@zLHWgBd#18bD+0 z(Z6Xq62U&OK;hbVqFTuX>6o;>EIm{6PX#{iCrmqAT&+EIvs{)4Rpf{qQ69)io_8lP zHzxWngTO71>Kr3AY3*YcW<(O1eLxr^i6O;a_cY)|!t5KgY~u0H#A~Uo`FAK$oLDEA z7ygE99$NY3mXsQG=`MO{Jj1opT{MRd7G!Is0Y#AwxPD3w7U%A5m>%ZvmFAh;@H%Cg z@17GU$ExWvzZLWb>yk1CE<4#ooKNZ&NuHgdaVXBv(x5f7f^98w617C-vw`og5{za&TO;ht%X-#|NiJ)jB&2um9Ml}QTT`gvHPa(U`o3x z41bEN>lnN2YyUpoSkieC9ujRW8Qs4S%`8@cBqS6tYU3qe;Kxmu(06E%!oJuFvjZ%j z~3EyA!YzzhC^9^~<`4_eBTTK37{!Y5eTycqSwy zjQY|n*DqLSYGN9{QH+Y;@E2!sgmTq{Bz@n1{BT7Z15U=qL zq$6==@lJ*Z#SvLHV|};>;TxGYj&9B&p0KO>LCbL#VR7gKaivqmruSPu-!h!Um4Lzt zMAcO!XZ|kPhd-M^77u)~#L-E!dU#)GGWwQU2q((KFR&yu@IGo~#DAlW-|()L;J~R? zjC9y4lmqv46=Iq6ilMjq6Y)0o7WxdrO&)4v(P7vSVdv1&?!dpj1RG*$2dA}^WGmD% zV%=#|%E!TeKquZyrS>rhEa6K8ATdG)hOaq8=oX?odwq{-Bk?e~r}tXo!}M@=vAB7c zMLc>&W3m@ylKXuz@BT=iUTkC^qBvu{QytmR=UWS!ZSA42p=XyweTByDmiszoxTNqyuSlRnq|Mx>6g-21?SS-8G4c$yagxSB?}h< z4}YJ*m2N4XMX{^Kt0zA9X_``bZDKvO!R@md%DiYy1%K&uy6r1*D1LuyIzWQn`Qx26sHV2YDmf#P^Yo&uX~`8zGf z7$K%69yu%Dea_{#!6XKgSc>C;CyO8t~2yR0#7nCQ0S;HQ!;oRslC|yU9K!@Bte&LN?+`+ z{v^;jkvBkhD9B6gUN~I!wd99)MwvECYWn)EL?tU&T)=ZvL@+1RP8$JV^SK1l#g&eW7a zBe_z6E7`KH_i&f{`kOu4*}Tb+ld7Y4yyF4YsC2XE;NA?~t$XSt=jPVneG;3H&Jpum z;h|zgpZ7N4gDSM(s4WMb1u)P%Z!W^ktYglF#+)~M>NFU80uzNGpYjcp-_3x z#Nj)tD|Rz@fYkRn=2C5Wj2d_)x_ccgDTgyjXYe@RiHQdLjBt^2Mw8c`hu;0;?uMu2 zu6q?m6x)-sZcSkl;qH8m>E?EBG%rX3dY`UkFAkNL>RwB#Cj31L;#~ZY{KBb@W-8ss zyO(YzlTK4q_lWof;J3k@Qd9G&CS9T|SqosZ~lIR{LwyIYvopu>&LIoyGJK*${cst{XI1Vkg z(043jssSwQni8Q{MmNUw2Q%X`xGl78=tVi=Uh(5oDikr6zcOdiPK40tuO8>mL#w=d z0|?yNjIs87pJ&^&R3-d?aDvO$Qn3THtQj4jHNxs!wZTj~mlsdQx}aLGn(9x{0BLGZDXLb}kES+{}zo?eg1{BfmDjONN2F zdepw0Ab+)Hy0@G}Ms3Ak8#P{8rsNj{u!zm(31yI{h%D|7S@4)V*f}4isbpwasi)^; zs`@ehT&pP0*y!x=ZSAF*Le}8xb-a`9r0?5AwHP9qtSMkjCsH0eYGtTQ2p1M01I%Y8Md@5Phlc2Ny~J?HS*wX(9#>KuV2S2 zY&SFyYwom02%G}Bgd9pw&ZwI+%Czmj897Hg<`ISmoY$|x1m78qv9^>)9Fs5WN(H?N zdtl?4&e_PjvqO(dF#}Afr#yCc9B#`EOpwDM^+}7)(R1#tECR@0T{=8YQ@03?3ZG{I zni`B{$)8JCkAT9sh`%Ld~DHuz?YUeH@ufjSkPafVg{Z6$^j&=pSk zGH;PSrnREkE0;NJwB2~WeL1&(FrM`Z&1Hzw26Z6l%gkH3cuC_u|W4kr?c4TYCm`57+=a4OG})rvc)FPK@m0OSJfNl?EGaMo; z&n1O4Ow8@`!g!QU4dzBAp<#PKjEVY>*Ie)i^_JkRD=xF&w*dOX-4qsTnOB8Lhj>U!f(a*|d|CgliLjjqm3$6BE-mH(OJ>-uJhl!6n!?>SoPKhUd&=b{pLBHjEzJJ!E{}QP9-dS ze@4ZYW?09)CI1dp~pxGk8!G4HNdhP z&KTIrPi7No;-VZ0LxztRkw>C*$>U@@mnAGzLkVTOImo(2E6QKT*ATQ&I5^$IOg?Vc zT%c=0gc`}(I?=x^3^JBdT3(u7)cTpQ zVw#2Nfv2AU7|CquDY7a#+hx9f9;T}Z^{$fPXo}c|-lAoKb~o3bw2$B_y}e~U<}s704urADGmNR~9g8^39IElk1!`*^Afb z+1W|k;xQN;rgg4=KxL%VQm4H8t1f{z`V6KBvN66nU)f$~DYN~H4eQFDdX?hM zbUW~-6@LmJ%ooP3Pc%5Z_rT8Tpp%{xOAjc-NDdxZv)T#NOyD*{U_LzlOgd}1Q@!=? zH?+Xr94pgCX>1X38LbNbeJ|0MFnog-+nmYBr`QU;>?LFK(hQ;W36@v;o#9O02Bpke zmFJ>aH$Tx{IhaSibEo|UIo+vsuye}A}Z`3 zPbwQs(P`nts~a3Uv1f)m>`hcJ4#u~Ot}a$B_d@~fVz3}$|JH1%6VDU?$;}keThaOvw_ zib`^jH|t*?{LeoMmK}Qg2ZdDi_1Pg1h>D5|eH3Xan;mee|9tS;mS25011LVg^)qri zO2UBO4zJXGxxe@!ONg6`EvMxFA!3v>#+YDsUFy3bTTk8dX`~iks4@{{qZ?`t{!?%IyRac31FSzm@f}f*AQkk5h2f8g#B1 z|Mh&ybF;4hon);Av{hf< z(A$q171l!WEZ+KiE1TQT+1VfM$EASTmPLZ6n+NNK@TN zVH~}qV%JsE#Z}XyFyY`(?E}bj1{X_b?hTqE5lXNo_0+Y;sYNGGzX6Y<)R(Vv&%|Kj zH&$uy&fKk7W8 zGGT<~PjU>V)}-_c=XixQ9`BV+D>`F)ezf**)0wz$yAZ$w`JJ%@>~q!t`AWqb9mej2 z{A_dp>=qgsp6vp>F^kw-Ucfxkv)hoSreLJ>S;~Q*>iK{age=+ zKi$jL4Lhr-gTqCR$gi_g3)E%!vr}WP>@!f@%>`rJMuyi`*aw^u7nU^uUElh`MK90O2&}#H!Kz*LC++(%3=XJl@5}h9^1Y8$r7SD<0}XOCWX?se)miK7 zpfxZUU|XM7-6crqA>epl*IYEtT%Fr|c)~KuUb!POxw}i{c9yRAb~nu{Uht7<(x3RF zR@$zETf5EWq@-6a`EbSF zlf})x9h!y6jE&{!m_&LnnQMihuqH*_c}t(?l2U3Y#Sv4ZxQ>rs>;|n)__84?Js9ghMT|x6`@;{2;6iKeWzVS{BeZt3%Abv zqi>eZ^46d=HU=K;0)GzLLB$%nvv50!oGH^NRB0E zoNX{b~PQTgRFn2RvSJr;$@pGHo7x%v0 zscFxbmtHQ3>pKSHTpNf3ivp}l@+Xdm&eGVP{rQ~f zxYm$)F!YsSeF2~ukR)dCr4(-u7k??f<0$MJP{D=Ej{CuYIzCvH+|WM6=epiNG;Las zV|ALKV~x>8j|Z|RioD(S6pR9D4|6hqNoAtG_aBPT&~3WX*OF|x*6SM^p+K8#R(*k~ z4JX39TaV`ue~))g$Si{Oi$a2(E%N2LU3fHEd01o<`@N}CB2jIFKVh-JM{aq>I6Bwu zqK#YUj{Aq)8#fyao;ln+4@ETgtN7pk{ZdU!?HP>^`t#f?2mk)Gj|X&n zhd6HI@|FU(SP_3|ez`C+*RsMIAbjswtLg8RH8QNr0I>9O*lTTSs7i#Cx0|!md?p7U z#- zSn8A8WvHooP6cE==Yz&^LrpP&iwS74nC?<n}JQI?)ziShgG9ukZhoEB0}!V_KiZ zj$hputVGkkm^VxdMtw3<@E_d!*oLkk!WPE3_R_2AJfR*+xC=m&KyHJ(C>5M}5@B>L zyl~@cRg|-turp*7sM)~}C~+~zvXkPZ&8K|_42^mpi7%=YYQF7VKG)di@NfO*j#Vu= zT)6xXv=|db7DoSdh<5XFuiBsG*vDD4=QHYUrV z$lZJc8~G6%1+4f`LjM2%$>OHtee&qi9x3T+B@(O9@Oqv%Pqk z03?C1V#fE&n+q+D*Tv}~Sk&xzbSJ7l>+_e15CWnTe5+t%r?C^xeY$I?woc-s=%%EH zOHPqRVjj3^GcFX~aazPC1~CtOrRsw9qySlgWXG$i{ge6<3lK`-0E{v=#pCO;(nuI! zI&KOB6B8F9TV$UEZ8xgiY>U^8Sc`ay51 z`rgrafW0Bb_pUd=A$5%>a~>)Do51X{3@|M0l#7SQt+JEa*>$7hvR3FFTwES;l*1;| zZV3W#f<3W?k#(atyO-p?($yvTsS0Ptn!=S%?-NQ@>%Dd$(S|gY7?1=QF6zo7ZM`@q zW(wQH3O*lEI8^;AJcs1Q4c!K0LIwdW^!+yG84lqV6MN%+@K>ofF1I;_y?tdZKKP^~ z=XpRj0FYv2BBN5KOE&h}--`v@MB!eCKg^J#2xKXFe;b({p|Jmx=6v-u-1PDGpgW#F zH+U$u6oFG64>>)K+qh0c^Mdi8LlU;c>1k@Los|~iQaHFuv7CM5>56jG_s&B8!3(FJ z|0iD94!_!2x`fET42X2jgy~1D6WY?0$g~czgV)s(rPMb7&+O5{>3oI_llTt*~pagKpFN;l$XWncIZu+jde>@C|MT(_2Sghvo510)CCZF=8> zwb;E4%OowD_s0k{^-kk%R{ddV{7E216G)G2MY!tjrM1Ys8y^~zu1hHS$=$HhVFNxS zpq;jy3$r=c2V!AXJwRC|Qj#&=@geSRSL!?c#3?Ug8RKioYPX9OUUFYeWrKaOe{@IlK|);BeNDQAud6GO1g7?6-$|3Mpr<-(#+clX)m z6Ed*|P;?ywXAyNsTJ(+XlzKT5h**Im?;-?Io1fe)jhf}R9x?Nu62t(s%Q)iO$&6i3 z+0n*xi=x@^v2N(dVcAUyeep|L3>t~o9PA>jWEa(=@K3w>SO?d$#*HP)i+DMfnX^`P z`qMhX>Ij_w7x=KrHRgZAhrNeLOUU5lBosLbp~glfRkiCB7k+J(eC-R3Y+o^$OuXML z5uRY$yxxs*kjJzUuU;Q6lm1O`=US6mz`{*)?K^mrg#6Ltt)B}9ez z2g=RII1mgIQ*f-ZIet;)JQFKfyIH#^HMhD~u)_kqQYrh9TjAig!wA3)lGGp0o(&$1 z#-%z7j(eE!&?K`e0$%Vz(<~GAS;nP-U+o15>jT1Mzw-c^zb3c&_z{fdH>lG^EB|pT zy2j{ju%Q*@Vj}l&lLDFEB9139f5HCY_p&%-`TJ(Df&DiVT_4PFN%>E{L`m3YeM`-+ zNj{ugj9_}ym$lPAnXYv$D!YF+4=FPk2e{W3X$HVR@7T;XD_mY)=Ey|s#S5xGdid~5 zettf4llpCY((~o+&(W!R6c2CJBWKaJ4Ay$F01qltfOb1LU(AAxjbox)8Gy+@a-LIN zFV3w(^bQ_k3wXS*e}dmBd)LOs{jDhs8Ym=T_qdRC$-O=7Ykejw+lyYzXcNEU0K^p) zAUyzYx0j7Qft`&-=nf^xaKL{7g2M@ek{7n{_^XW}ra0fLc-6D?waij+np-7Kw56$U zK1x;&cx;JVIA8Kg2Fr&j-Tdx(J3sR<_4NqFqwEv}HhCsPTCQ;#52XKx!jt!lw72n( zDe^b-Ra@W_=j}&vyR!xm~P%W(>}`?57ZM^oC7c zSG#JUp6-+jd1eoW4gM;)0b(RVzQD@IYl_F}X5;xJRphS3lASIYqfoSyiy@CcArO5X zpK)YIQfCDS0wGnCS_xBmlbYr%nULFb(ZL@dO==|UPqKPj)+sm9I||K-geT%#Xuf1T0}=d(#^3>`5$xS0DLzMTNd-Dv(Fl*kmEhww!%Obd~=* z5*&4xERkoQoTMy(+H_$~&ul;ngK+Yucy_~XKV;30LkN z1ficD`JWT`2lt*eI-4VIF-dnZ%3>4+u{%WN!j&MVcL4-Qm6473(_5?qFn zTy-uLVgefi?B?a~cPW_swn16zgcifqkaC#%r=Xoy> zi0ySsfX1d7Va7w5Gf>ypcHL`$L_6vA6I$N_#xVtQj!6<;!i(f%VDrU`GWN=juAyim z^_Dy?@|if!p7uBqoh{ZTX}(Gz`*Edw(8wf;JGo9o0T-9zzX8F+K{ED62tzwBR*We_ zfs>6z&{COqIvs+nOb{RugZ4EOHm78V5^f@8cRtaPJt3!P??-&;heSrJvXWXh^<%mg zFz_FXG2jg)atnlSyXEc(?2m7P2DxqmNFtCN zkTLrWeLgZ0bK5f!;U_Gcpz@IN6k zlv1mfATjr&#qXE-(3XNpMq&G#;t;*NNvDP1{u(dnb%v_BZvs(>1TE&B`x+pDmkdJu zV}9~IeWA2a>=u(paof9EKFB9|LZnnfY$K@hNxy|jjIYb7Njn)dv7Kf(wFKifyw+IU z8b%0Iz{35W4M8BwH1Tp?e;()cZ^79&(?iohmI?Wa)mW<}?Ne^w%xoM-ZK7?t7l=zOLW(yOP&QSF8_sFtVsWV&uE51P}`g)KRZI^+9#H;y;Vu_#7^SII?}g6OOVD6K^-PKy582?|A4mt-gEzB z&w!pVvU5Lm--{b2X;!?^xv;c$tB;Uxjo2lkY-9o&F$eh!-e%Jzj3lTWAbpe4kkuAP3`C$ezS6es}TX7^<(21G7ZBx+qCV6UYRn9 zmLQSy$pDU+EG#fru*OcfcY7r7MWW>UvvnE8)+br+VZHaU+C_{#2%y%U`CjeQG zA-A8FE=qK`R@@|?{15YkCZ_UcM7l=96!VwR!coOa&%#R5s*cN8&Wr{kS*BfN0FF3L z;Bl{6m?uE~W%SqJyu9oFGr+^|$zKq^sipDtLmRY&iM+uB`=}Jx22h~GF{5b6^as~~w=L!1qa9+BCG zU(!lQA=NH5wQDaI6PXp+MLa(2Ji}dc2!zP>Fc&+{w0=NfT|QN9sQT(3muk5E9RY86 za$MQ-4Oxpb?rS6VR;y^fg&ir(+fM$_pvlePo``N)^8g=)APqKdvqIo;dRJITGh_}| zn3W{^DNU(rBW9UC;g(OzU5w{nWQQK40w{DP7hU~zn{ns3RZpJh6|Wix$@c3_%?4Ic zEO{CQEXyYtA9Zty4(Hq1l&#vz0`K#+OK0@XveJa+M-YrMY#5_p&*APvD=|aH&*{0e z)CH?0lGNWS0C$CfgA(VuQ6(kDc7B%KM|YBeBiByx)_*v16rw31oM&T2F_haknl|2;3NY^g(|A%z% zTKl^uVVevYP#mRrJKh)Jecfi;pSpIM@%F@kjh3&Bk!uopdTBq+Pjk=_O0OA}yK_Me zLf4O5N`W3~EGi+jWvyFEAyw7YQdbT2(AJ!Yo3P)ukb6^o*4j9 zTjBmG8`xI^r?|~ZoJQS|{n5-zM=-0=J^%>cORa&k8kNx>x~D^*vf_c4p{wXK0taPIKx8hQa+p(Pv$M*6%q}O_#GMV z$fx%Pyu!~ouXj3RN*H&dlrSP2y+ensn{K!UJxbQts!A*TVt-v{`Xv=%lOK)VrFe!nX1tcRnDtTbJzwoYWi2nYG4|+tBP6nr3$|na$y;uuKTpBM)Jk>)& z@M0!JGsw>?2z}~^(!IHS_{#uDZUQUgc>ZmGuS}LD6hC|yz=vwVF7L6{@ULNST$+yI zAPR{b@Uc6ezk+!?-a*qTvcmY$4GU-3dw`o>m_7YI<*k8Jvnx2z)F8a69~+3OBMII2 ze@*DNdwNJm`jWmMtdD9W?|3+9c@ur|A@*}&q2U-ZMTaI#2!zj7O)}m>8WY3oi`&7ZJ z3$SfyjaWIwmgIFlIfd0n-=x*A<%&7wl~+2YTvU~dt(C{Zi^DQ&n!_Qvzc5zysYWhL zI9mWw@<2;l-BA^(J+L~CpI1lm7Sjk-#y9icy@GJol($1ki(LIzA3@!%411SW%D*C)OU96H#b84Z2j7%VTfq2u3rYX3 zH6qKf4N36CrRCMGbSdH=LusjkSm2ze1kQPDGADB%u-zBW_DNv|m%UG>dG_;_aX9o= zW++#SLSJ6tNX1<1T8~;j{yS_O331&0g;{o3j=l^csCy2*X&q zp;yd~*XhipSZpn#>hj`18oy(uMYCF8$h_VPocm^wJnUupS_)Eik-ieyu8|ws8M;9N za#62BA+y6k$w$B1#jLYED6BW$>+d;Uh~CJudFRap_~f9?!70JH9b1y?mFA4h5c!Ir zG%F=rKOgnXMfHBt$1ITUtBpeHMYyGlA7uN4fN;13*i)9GBBc!!sVEM8P&PeT`R}8{ zuB{*Wqc%Sj*ns~NU`wsL3_8Fa2=PbBwidtelGptX*xnQJ(Zw`K6>&uu7CrWCl&5@Y ziR+-$WEVb79BYAAH|0=-+38lyu67lOgUamGH$!LFDvq_3X`sS{m8@05tyPi56*6%K z?n-@hMGL`El3(j59Sv%2G3bV9pW`eCc{!2$YO`K_;p8A)v6LSoEh*A2BY5fGzVW_^ z9dx7|ZOSr^Zntt#uVGjUZ9PWYU=KqP2-Ww7-`i}dOLk1^w_LD*dJI?8l@=fAW*i2a zys_`5k)T*~gL|eRBhL)$;(HMEoomr4bewsctpZ=b!BuRtf@R!YqyZL}6XN+evx{2)9vV+^ zXh5_O2L|hcs%Cl!loQJQlGu&PcBekuLnnphC;wYvtx{@L;)%Tk<{{=`9d{kH;obi4 zHFyn=PY|S_jl?f|6M}u{7y~pcYqKhEsg{cp+s&3AdLj3al52kSmQt<$apxA#!J&zd zAA#VRObCVapy1-Hv)~2OcR&1_1OzaPIuHnnT|KUHf&%lCd*S{U0Ky*VO%cQ$j#!=Q zNyhay1fvT4!sZ^Zu&@jkuiEewAylL)FqA3eryg(K^?W#e9!kvZ)aI-CTLPC*=IK?Y zxZTCuI6eqmcn_{8c!Sn#99dWCKea>#U~50edZri?lh3u1)Nipm;af1zPE9HTXm_S; z=iWvp?@3J#bMxAQgrpWHhVU2rOlS3yHm>breuEYf|E6F`dt`oJRnVzRr51{ESJ&Z~ z)hZyGIe^E7SF)j24U3^3q(#b!(>V>TcJ5|qI}Iet!}#FwVvSYWASZ0tyUp&hR2rx2 zNp)}FHNz236o`hu3WkPwTjwqlY^#QUX`bMa*BaDz3aYnS!N+m63#R zmA^b_s~Gd11eqzRHR9amhU)Vr(1f_=B5agE@W3&K$IKH!d8#bm{`TG07lEV#4rd!O zI7Bv1pyq|_V`$7}Jam``JCT_=?Z`2K4UA%v7Z2J|i5ynFW#3g5!?} za*l3I=3pAgh&4n#V)2yY z;9r1x>H8g}H%}b&TqbaBW^Y`Chlg`)Of%msm@HN$K!bM+OCh_kqY=xk20ULTCq{&8 z@1oN>AdVsR^6d=pcM!o%+_r=3p!Gp( zn()s}pszQ_;D^Xh6%6rZ)dY~8+G z=2$$|H`A!qD77zt4Zk{_b!qPwjDVj%^ba!X(;WRWx_uv%AoI++zK|AvzH81 z49dtk3{o^*I!vm!L(bD@y~6E|>j^rL#Zz>w!=Ybf?v3`CsgtugO432?rx1V|Y6@Y+&>XH>fIf;9LBe z^IC7k>f@mPBxR)x>l&C76W1^jdF6&+j9&X2@_G}Ayc)>@D@``aS_pG!ZJ||&^pW0I7$9^R5F~{zg;Q2avx7}hn z3&-cUxdHJ~kqj60LDx~@urQOt*wOV#zIIBZS<0tAFTK`lfpYJZ1~s<$j!oHsmi0YIbkVB{bXe%!VRGlA`a= zTi?GIUszpzP>_=-fxPq$b}MQupox8NGSvB(^{_9NGxKZuLmj?)w;v3xffw@ybL;F<+@;lOOv0eIN;`&u&67eJAsE`Zh88i#F0YyA zGngMF{^+`ZqK50Ot~}G}5lbg%QC?}be~nNW(p=T|s5Xi}A=yM{R7D8aN4J7uuf(NN}{b;fM+%LAqBH>zM}Td5~wHA19ImPU$s2V?m7`Ap9lP6b03M z22|9`-|P64J5+N5-*oDCkyqw$c4=YZ(M*FZ$uBY%{DI)NBxCReF*x=f7HHu9(e}MM zC2Ul9h68l?$`S^oIS1c{2)*Oli#*$D2oR#OFOnBU-WPYsNeU#V_-8GE6%i2f(MYvM zqN>?Ye<(5q^3RW_e81@J&aSSnd3iD~eiutJBZIF$KK_e_0m*r$P;Fw}-$B@bzrR5@ zjQ;0F)c^Z1$-lg6ZG&;lz%d6`n&to*ye&~#L-3Jw@9~9uUps3)eD|U{Qp4@VjM^vabu(T7Hr zF}(OhY=F~m%t7d^Ro_dVeD z*3HQdcKs(kjOS_tJ4{yN3k`!hCb)Q_y%&SFv#fMpVs?qSUKK{NlfZ&;1jl}u!cm81 zq38aP?@(pgG5X%A1PoS^MQ`-oT&#*Z)`)qtA>zvjxGy;djKeTJYwmN zilnPeXJaj$Jb!{*qN{X#f)Km=!h-VO?CHU_=%nZ5-Np0Bj*5zsl9CD#lPIgGgB}rz z!T&^(O8c)gM1-l`r<F@jvB#!UWU z@4JW2x^FeQa&!8tcc!1>AaggPav}WR&`b zNBVy8Coz5F3;?1rSa)|vwh2c&<;1ACy#NBU=QG-gDP4W_oDvs&(}%8`_=X)lI$IGf zd2bLk)s2}m{@~VqXr7gicQk)+qhr54)OOSz+j4>aH&bl3CO)__`hIe!NSYL>&wZng zrMfaH@;9^XEhm*2v(?0WWPl&F3>tqmTt7Cdh-)+r@X?k!!-fo;HT~Qi^qp+8=Wp?4 zO-}q1Q|jIOSjD|g%j5F=n%&ED>aM9$--?T}WP)~MPX;OJ5kFbQ*=k-)zplqB(9yBm z<=aCg?xY(v)B_p8+d;z#H)D~foo(F=pc8lwJX|MltJGlqYhL!{lWiTMvhXb0Siiptg3cTGetDdj`~cZtiXA}MY6ZA&0lkA6UPCAfEV zR8ps*w>yK_{}wm|@5_`+jOg#bv)?@wDs`}O!HX=ftzssv_nsg==Q(FJf)?Sj?tBsw zBczu0ZDt0?Vyo5Y*eCz8Vu1&}ED(BvE5Zjl)-S^CMn=7bsGLrZtK{tZ=D5x-anOov zJQ;uqnY9h?IK+maWn#5PZ1`>ck$w{BQb=vwaX4k1xIEWXLwqN@In1YN$Dx?M+uqm_ zW_uiv8(;hN7ST(@+rxWp?z$jmxr3IS^mgMKko69hymCJ4$R2#0;cti!zU9NOo9${v zp?yW0L>$@l$r*@0J=$?Opq3pVB2tj#Q-f@hI5I3tnVy=Gju+Tnu~WDF>I?667!)?9WqN!WOH*>C;|t}#0C`5P z2TQ6iJ|G)ykJ49ix5;z5@;r)?ky)gM3XW&MW4iejXn+TN^@gt%m|`|oza-#e2WCV= zD|)8m_4j)m4aV1{-1M@@ovpHvm7VHiSiOrbE?`Jc=I(9Jhg-tWK_mJjD)}vztFvY5 zLThmQF!LHfHFkTV=y7&>w|eoYQEg?iv!~}1f#9X)PW`H5EdM6)spFAMK*$b5a`(lH z7hPt(Ho&0`!b`t%?Bm`EI;4v<9_I4mGCpmoOVyR`sDE#Z|U@mq_j^1Cm;48XCbrJCwjc4|7Xa~h#w6pS0!0(zv*{i;tck$YWf@tgSW#f+!X z@+xi~dr5et6JKM+Ds#Fo--XYy--~t5v3z$3Zp7)2K+!S zk^+&L+xO$^?X^Av7yC56`n8mvSxt=QlxbajCP|??|44>T{USqyif~Vkp(A%-u6#Oo zwghMnoHEu=ZDbJBZH}J>LyyD7F@HH{-#&FKTtk#v*BaiAlB&yT)SgE@d-g^M)gGa@H;$h`pxOqK z!xLqV#e4~Ok5)~!`nX-6%@(m-Tqj|h_bm@_;m@KXmlw5cON}z~^t4lS!l^7PL>{Lt za@(ITnE*8OdaPP7lL00uYFL7yDphFj8)9pR3^@Jtl-r>lq-ykRk(Q_5i5vIg$JCR%UiYejyr^8M&dEQqWdVORcn$ zb2?55>`FAx^HfK6eK#OqS=@%9t$-(j!*3LP+0sk#_uZH@9DJ`=BS3`lLHC(KXOq+T z1V@$Mqt}g8d$mNnqE{8(W`eyx&-?(?jcMGQ5G{OH>mlpqxoN-$8$Q*MW>NniK+|ys zuNOijLW#J!xvLlUi|v+7eC|KUR0Zv{fcm8R6B&whL`@ABMuDXB*Uq^lun)zq%-<#z zd!FO2j~>5DOvJtLRezpL#4Vi=r}J9v?CC`5X1;Mb_ey{Gv#UtP=dcEV3*!p9*x49@)fsTww+5 zv(v{`Wc}*V(_<=eKz=*6cK>svRw{aG{{R6+q!azBw9F<7MT#L(B+D!CMi4+ZLdLxS zZj7|$S8oSY-9)(=fGy>BNX94UFRi4y!{wMS(%tQ;K(o+KYHR)l-VK}tM(`avaXE{7 z=2KGBrgte^i5`wBMwyP~?c0MF9<24x9O%aGGLi#LNyQ$q5=If>6qE<057lyZKJs2s z$*bK8ikMpC-SC_6gR+5b`rIO!f)kr~vp^+`n1294nH~_HV;t|hWT7dtg=opt z6+*z=rl&?!4dT1H)st;^^|QiG4<=MCoPRggvuS(>sg;*PXl$;7IMZVT^I-9_NNSuvDjonqn{NCS z2x=^ybAMGS!9NQ|v}^Ht^<$ub{6G=~06{5&bjA*PC?PrBuQ$Innz+8H9cwY}h#wQ{ z$YSYP`nyLqQN#^i{a%<9B{mk{@Rqtyj>R!fm)K9WqELSs+ae)_AZ(Z zBj)!ocK;}n&7K@u`8x_~5d74~y*E03(pdBH=hEXhr$9>owX_Dazi`Cq)|g(R`nb`j zdxJEpSYx-Nqj;5Dy{N0M@}wd&S+^BdyWdW0oT`xC|Hh=9s8|)kQ80kg_6VtyeGPQ7 zXd~4#5?Tjy$9F=|85~l+?JdBOxi2^$KmS)18G^mTBFn|k6whoFCMC* zuCLNvogqz_K`bG1wn#5*#NWKIzhR(Hp8W*|N>R8bbNs{4ApW@DdvNW<+z&sN_qNFEJ9Op@m*PUAo7C3p8JFUu81>ZS zDE~qPn~5H@^05S{BhJc>~6gQg$huM>kLbVGw%Nv0SHfF{$t{vIl7!->QRIo(D zh+igH_E%d8F#W?z>a>+>ITw@uXPY%5{oRZDlba~4_M>zbyS&7yhwRN9MQ&yJgiIJ& zyV+^9P?Q_d-Y6A38lhd8+|WwOuHD_B0eFDrQxMm5)Q*XFfKtE`l_=ft-VQCW)AW0b zV{@s4N~5vFw^jC@n)1wE6tm>7w+K)Ch^!ld%s_^6P=fWq9?r>8k<|X!*6iOeEj8icQVI+B&`|9w;VJVSERD_hU~^S&-9K2059U_T{dXP0wC!f1cuDo2rpN z!LL+lYuW;*@dXY;wJ6j5N>}(fHp`1%mY1_%a>kxu(%Ij{6tDWt1KTc9@gI9&bKFDq zQL8Y&7js|jpg6(Lnb>om8_$i@K2+ z>KsoJA>)2BGRvgQg{LbjSjRSO~@e z`BBvVzT(1Ii&c}=-Mfs8ol&W1_-3Nu_I5*3qE+hjzmQJ2@6Ve=iG?{5mlrW9isX=c z`jLByQqDDLE1|q{?O^yyZqTEUAn6zfORGeMRuX0kx|8@>vS9&LV|q3XBBxi#W}!b2 zot?QyI(gq7mI~$zY3n#EQBn=b&6YW}#BS#W?sFO+ih9S97>3=@@0_Z?xv=}C6pi{E zokN@N@&GknE(dw@rMTpZ=PXGXYTz-MP{Xben!}#t^&)yXfGM1E&F4NFRWt4i-sg53 z-@ead#)1URFR<^3u-!sS6hW_Z0FL%V!tUaYCMnX1>R5aOk=Jq<)pTq0U_?PB*5xRx zj1%p%B#l&|!6ctG&2j(WMQ0pycTUUsl15^dd_1%n$A*RG z8K#2dI4e1?Xz~Xkb83p2D|#+bt1U8h`gRP zJfQ?`(#fgZ=~kbCJ05ME3oKz16!E?nMDiulY{qodLv@q(5FFIhHzvx#B!q(fX--#= z&*C|l8GkesL}n?8%4fJ?p-8M5e?ND3%mb?B>moWgoRwvyyutTqSl&2}BSU!G*MWgY z=nmw-HOrNpjI(T0P}51qxX}d>$8vW3>5FFmaao)hC`VyP{>X6wy566U;Md2sEh?Qg z!m|rmHtZ-ADH1&USOn5JBi;G4{qaAy?3PM;PWJsu7rNM-l@W7GAmhyqQcM+ahRg0b zP^#l1sCh*;1=_j0rf;5|nDIl;k6q%u?Zg8?8Gj9{hL+74jA8c?wJYFcV15Kj&ybmFYn28Jn#l#fR1F<&~ z1&WhD>x38Qri$uV!q%}lZlnyAg1gvwfCc`{PJxRK;DU&D28vxTLBn?ZdHLW37fvtoyd#AnEh5u1*6t6-Joh4e)hPsgeGszd%?gOnzj7^gKF z=#pEAoAE69$(nTX%zO{`)~|6ua$+4yH3-lwyS>-ib9~3db7WVrCxzACXBte;TToE@ zm?FMdl*>1psYSK@AWy&69)Zz5>bouBey+NL`d6yd6)~osybC?qFh|(JscMSyXwscPh3u zlV@EM$Y`PiDQzT7X(8WP-d+5Dmq7x;m1Ilvmc2&V>ms8;G3#J__+yaeQL4u2W}aH> zyG?YuhqzmB{f4OYR*X0c=TP1r&lb+z0ylu3#T*<(Y-pY-8hxs1 z{k|)S@oN5Fo(@dt^l)Vdl4W%&u*zwK%y}!%&+A2my_G4aU<#&KK3unBeDo+9WFCLb z+!BKm9H(lNjCHIyKhoCsfI=#N4jnhz=%Cx^VEOLp{vjft%3PMKVDcV<^I*X+OJ0^ufvr@wJlOx88;!&+F7# zAPx6OX~EXXyV+i$w=)+Q@^y{Sxq{*?czIbaYs1#FcSORteV+VO01JoIM5D}7o%B8k z_9hu(B>mfuVWFFO67}EE9sGT$M>5X-B{rD>BXF19X2JMDpkVk@8ziqCtmbol^9U7+ zg_y~NnR*ZwzS?+e<^e&XpmZS2B}YLmeK{a`d7zO>-u*CgC;wvkxkR|^C<%rUHT5;r zm!Nr1R8SlASaqTOoV1;Q!oN|%MHk^4GdE3I@^z?jQDxMW;#2if`uSMZkYr!F!oLq z%bmx^{hMv5bgso+Uw7T%KT7u1UwjDKp424Z)4k$vEl%KYO2#L7LNM$le4XuiOQG!p zXrhDZ{Ij)9i$9=~=21aa*w64(Hm6+j>=drMJ+QqoMAxk|7RYHBF|wP0*hr`W;@ZuJ zyL;P1x;%?qd_L_$xA+d zKBiqlqNjY|F!a9n9YM&4e(nO+tpP5t1z@9 zM;E<>Z~wJ`l-^?eSlVp{vV)__a`x%K-xxOiWP6+*wr;Sbi-7(FoaVGN3w3P+A z&-wsnOG8825jr}~+`+Rus)faJ-RGvOIMWQhuU924yLidKJc1Xq9~ijW$lnaJ_o}R7 zO%@WL`)$A{MI}--&isKKmq4RWakx2(%5un3!nbra9>HVjcVyZZa~Vd_al5Ttb=%%Z zFI%=qNw)2q*H+Gz+NZ2i1+cBapoXskjoq{L@>kDC1<5E$W=1o%tz=dl&q+o`+k}XS z1!uGSoGkA8xKQfY2qlYF-Y~IbRHIR+nB`N(3PrdHwTf33871WqASWga1uhuQXw@&F zNehLOjzaa56~I`JRH(*Xkno+glvQqPj2beuq0DIH_?97O!|#jA79t>cnAfMs>1J%} z(U9$tnbPo6%UQ33hN3?J&jl#fsz2bF3hqMm5CSx0RDbu1wmWab#6MP6#xQ9#yn4~q znVyoOAaJ=Py*`mvTW0VJ2S_xw+1&t+_cQHfQNfn=)$dhQPmt3%zlS`Dh2$hs&VBlo zL|j-{prvrdk3oldMj1#ejO?}4mw4>?57u8jv$c2PYo`Y{yn$1cW~Bp9_4{q1nH_10 zRJU}JbI|#Te@jAKLsnb=Q`E7#OvB#%FIYz-|NoYCboe{#*n2zZ{#A$UG~5KSh7!bB zS*2+-LvFdP2|kQ4a@=k7Ri+u)w>q8E-_|pGQE)vJ`n41OCJYLT=J8j3mofl2Y2mPvf*8JMp zMoeS+^;2s7n`j9|Gq25R2Rssi6==rV;RCIDh z0WoQCkzAwX>$SPK^+jH3Y@Z=BHEpfi(a~KY>77C8M$hgRSqqmNcv8%kew`9XDL-^s zCU8$m#kc7uG%>U}aw`?g>~YC~cp4a_2e~)}zRPudIO;3JZ?EtQx#bK!tJ&4$mXwW9 zOP%Z++4!kN#yks$&fi(QlFvFQEwJI!sVVtXFzZohNjP>Mv%dRm!wrm)RhHmtWv85? zQ6200(5oDZ!}pA};Kgeu49}5tA&OOy+#J~4Msy}~B|kMD{#IOPDfAhtv8%l6Zl_pQ z;0jvQdY>-3MihkT6`cv3^VNxXCL^)dr_Vq(fJEzz6I$E-ZxdI~zPdAlwjgTZkrH2Q|a<9jzr#>K2oVZjS4Mr7^C=I+BrKiAJyeJ4ldFZX*^ zZn9R01xY`^;doIE5D~BLRZrj_INjDSFlPxLl!$yZOA%2kOfgI=15`k zd&%tuU-W$)cSJsbAY<{!Y^x8+*ajj0J&gGB$6vvSK>4rvE$a$9P9)>QMoviu$JM4g zX#Fw6Lju8|@V&H+^AdSRz<&Zv(qqDCA)w`h{msU~B1E0D=~>(u;qd64=5yUyeD=wQ z?H&dgG9-W0ZbD7lK;Sg-eG8T*!G>FMQ?GVP>Ac-z+V6MkX7m5Xx>;)eck5;$HPx}% zF)Wtj>c&aZ@R7S?hK#!#n4Qy~umDMz2uiyfp!YuFcp!f4_|K$ zimKJ-a}2Nuhryuvs*jb{#J|1-zKRGey8Hi! zBi#Rwac_Tl)k3}|c7HnTcKh9uNtd222xAA=ahST8;#ba)6vlyk8dl8w>*)h}27tO8AKUHIK{_Ghk>e-%}^AlehTRQ~#L+1U2ypZNEM@V}Ca z{(DE|zh(G*QI-F3iT&Z(u*v_iH}1C~eSi43{_xviKbZbd(%Yl%SWdgMLsLdp)|iwg zhUm)6xRQO&h|kJQu#n}C$uYGj&NTsn(m!13Gv&HK;bYInp2$h1OXhkxV}!C2gScVl zkFFlss{{>AmTO-th@+R+U%T>=bXrNZM~T3#Q$qc#Ch`e>A&8~8@;pTbeZn%!8BJ6)RX*gej+WQmNP4&guQ+vkB zlSsF!ozD&?JGoazD%_#%Tc6GB`z8};2l6lAry3Lqi@Ep)FNzBNPu?cL>~SntqRu(# znfh~EEpq}LMlz-yhAU(@y9K^52k(Zvlfg($q?4H*M&)nBt(2Wj=xB|RG*X$JCwfEQ zOjj9Y@5HrEY+kdFeC1fY^`hewATj*U&C1R}H932ewX&2&Uua^ZK;BGWGdD#$2i6$Z znPO$bZ&;8!xSs>_HoR|er)y`}%^m-9A<~GD33mfVOvwd}SZai<- ziq6QkXd46s&UC;EO`Rk;zK#2$^9Stvh#uLus>?QwD$h531W#uPnv^tO7vmAdJUUk0 zN)GfXwwkJKc5UUyep=gEYRE)axfTf}+pEbiu2VHK(utS5`3xxxe&jHdc)&UV-~=DRJ!SV5*uI@H)>njnHV$`ocBZGN zi_y}lYs^4gA0H=2Ho8}9gseuZu6)4T99BZgMw~F^+LhhPBm8-rWcH%Ic-I`GmoJf(q zBofG&!s_ZF!ZE*P3|I$5--(1h*&$C-?t5%jVd%fKjfB(pUeb*t|)!^-qdTjek;XQkb(S!=75o@RFuY z?v7{;J+rU(f={tOe(fO`NiQrwxdBP}8yH#0dyIlMo^k0QWMnNDeg`!tL@73=U@g6} z=h*{5PE_#H%a2(W{$zmW)ZS9IzPhk&bgO+@K8eT$)6y0x6Yd&2E6;=Rm|QSh5iNpg zpgFw?!TV{a(#3>SY`)sQ1mVfcYZ!|45Cp|U4Yc+*m*(IeV&q#Y?djTLpW%;>BZH~p z9}EmvpEow#ZKorc%|!ndHktV}-Jc>*gU+QhB~3{p%^}X2-?E2{mu7fe4Z)PhQR4>S zE^#F~N>x8YS~oXc(?WKN53Pp8SoIaob=~EgRGol`)x*e)Pce}%T{g+512UFred9a}jBAXmT}N&Y1W{<>bzwn*u4fwKlxpHs<+?Chz0in-^zZABCD!)KxA}O=a9Tylr}p* zlRc=CcRel%``-l5!1@SA}#3<>3(B)m{6eHC;M91uvl3EPmkdfVvb^ zAt7mlO^#9Lp&|Uh9%9Zpa!2NxNv*!xULRgK;_6=B=6nqQIs`pmZ>M6hY?8jZq0-Tu{7vCY%}M&o6T#Nd#8 z=kcsNqmJ8=clYUvA~FLncr|74>qw=PbW|S927P(uIpD$6nU%lBn*MK7;&h`OtXvb7LzMq43WEeep7w^q4v{L0O`80Fw zCTK79yyp(C{~6(x~rDO#aI4?Z@sjqk^SX7y}NN zNQV8(vl;P6&nDUUpFEq!)>V8p)jR!n<0Gt39e%9d-R%eiG7~9>+|Dg|5**4jpV-Vv zi3|(Oq>X`EvlOtf+`O|!ALD4w;yMDcXYy94BHj5%V)DJ*Ti%FA5_jz~g7jQp z6}Xk{e5NeMOH1NOd%k@jN;la#=y@1!^`(NeuxQrva`yc`P=RTM8eOAbcF~Tx6RiCK1VT#U>Q>n@iH$mE^0U;12p2J9 zD5}Ann69YBizL3YA=GIkGU-h+G_o2delwZsa7Dt|Wk5JF{D+s|cN6Z<=v_o%@ACw( zUvPh3)#C*n6Dg(6_li97(1l06Jatqoi|gAC44Zd|U0RgB7w5gHr&#G*bT{}Q)yF!L z{M{rU)4}1yz&)b86n)0k@RUfZV)Hr5pJ>Vc9o1X$EGiylvhpVrQ+If5QiY61T8zWB zZlSJXZqZd-n-DBSI7mkIk->whZ;*2v-2PFs$AxBPg>b3t^*9@8y)`}hL^t-aQmq5f zz90lTztowQnoV1|mgkpdAVqrm$5RWU9EbU``=@>e^{j$9T+_dJNzP=+Fc97Cew#~bgYV$GGyGX=`A>|ZbPkzxRYF>!T28`Q-O2~W z{K$EOVXDPBvsfe07g{G-n_tB@T+qk3tNiTJD>zOPeK*U2n-Q4s=#6f#%QPT|R_de) zgZa(-Bk7c*2;>IN861>r_jxb9G~>DxmXadWrP)^F6d1vHRV96K@dzz1JSxZi{P{%X zu9t@_SWioMcqIYewp+W53#X5FR7l3)n0N2qb>D5f*eV6x7Y(fXY=Yd#Np-UXRkRSX z8Fi@A?BlcCxHFgMW>x_f5OwD(+&78`hKMgrIES`weaOJET@9oL!Vxf)=amgH8(T_q zRKp@?K~-uC!xtrkovU)lcz!ir(J(Xp_!>Khu8^QRE0&^?k})!x&)c$)W(18aY5(ln zwB#*;TM?&7Dks|rOC#>3m8Wsey%{pmljIC^@Oz9QJTWU&nEShFbA)>WH4)=eiL`^z zEy&&%-~ECmw*XU$6zeLoRCQXR4(VNgU{tCSzS>&wGszJyB=#~nL9X$uP$H3H|of*gk%Q9{;;DhR63Ku*yybx=n4D;hPn+BuwZ7@ za0|W#A5p2er}WEU)Ti$t9g`3x#faRUEeH*P8x`n2m&|g!jz-wu;Rzc}CDY zIBUtvg0vpcZ>*Z8!K7d7#cJ-&bB)}|UVG-Hn`_Hi(a{(~Iao*orXpgsq*&^*^@&P) zqd&kk4EVbJ&hpGm@uSQYJPV&1^&$|35hKa9rn<9R@Kb&>D_Q8u8k{t_?E+-l?>MQb zB&rcpkX2}K)Gpmhj0hd08Y0!@7(PQqnlx*DkqXKf~6PO=YJ79HsV$1%(HZE^`I`wlP#*W>Y@c| zd>x`^zV6Qzwt0UuYYJdYq-h0vkzrgE^4SdT7p#Rl5dALJ{FglC?_y0tre_-Y*RN=^ z@L=@}0@6rzy#&;h;qPY6wOb3heav{BDDB-257YW@DjC+wt1|fX`MC2L&V0rZ=@{q8@(ts zATIkJ~#=w4aWc5#JAi6bH9YwKz}9(RU^x z|1#X0qgXzxdm_$^f(fURzNn|Fa9*a>7I{33i@bC9xkRV1Dd|8DN2bVgRY}IqzUY#h zzb35=oaRb>LaDa;_7=xfdm@IOkx}i6?3U_*mk0QONOQT7)d^aKs(&mGel;ASrpEY5 zUDdH>6X2EJl_qL10`x+Tm_ZyNa=u`|n2{06R8feFULy3~&oj&kr#f2Zxw~W$mNTMQ zFVYqZNg)Pr-nkgKiWn<8;EEe71?gJ#UM}T~TCeA>E0KQBlVvOs%vZ?JCTFCyQqCQj z*mfA*n|hTfj6#t(uukZ00#08{oF4MSyJ_F=Z@~X3-;DT8zNw9zn4aR|{VR(6VZ?JzrvaW4)aV^~$crdcPT@ zV#1q35w4}gfSBYO*yhA|%@ia%W=OOY(v%IT1qvnf6TZ=16O7Ts4rjZ7$yr{^cbi^* zvD{8$Y8*r;zVNG@ic=Wx8;ANCFs5$hKhLw$ zN0B2r+eq-TpJ*vCm~nrZnICZ1TrRQ6xyj+h@ONf0Jf(bFZPRzl2T-4UzRaG?e}+HK z%CsBX1zCfChJ}q&k=v8sEmL`LbR!Dbl+O_}R$uvsct>l8|QcRx#C7R>~^KA`2*%NvFmUG8b+!d``}i>!f#d zoiouUcXqEFWk653)${{5e^{=*?h!cu+x|_ebmoq6m)&E{e@m<_)|x4D`!h_aYBYU z)y&nX9DBV?0d8ALT9X5yU$H3phTPF#W#cQQUcLIL$!GUDD>}%~YTHBWG+w60y<{pQ zgFQ{M^F88RZRQt|sg=v{%M{Na7Gg_<;k!9UIrfzOwy#axe8Y?~m1U)K#z*tZNs`!} z(A7yJCqc5RU3>lH*JqRjC9hC-MBlK*#GjQ99#0~3o|hl@6~DgH_IPm-H-2M0f0Bk? zy!w?=Q#U?{1%_>qwojx-hNaOW4+CSE51SPfLbHC8ZxRj+oB+H0L~LXxui0hQ;=7== zsj|+jg?Zr_JE^giQ5?gdfkAek#?yMh=RseiaR!-qfZm<`LTTRin=!##$){=JOh925pPzP=*g91V=HonC~|&ZnS>)sasIA1E5)+ z>yn7p%CZ0XW{sGnqJs#MoX|LdS@gF1=;GKbl$ZYOr|_mT+4b^|547@~qv882ZgWk^ zOZOoLwe*N zj{j})X6Yu9j?3iZ`jtrb>uLP|$lW|w3bBK|IM*ITbgWUJ1_T=1hX?@u`Gv7s=Fmq% z|L-~3d&B!7>`WiuV9Wp+I^zReiadb9rTc^35}mta;CW=3HTL3V^p%>Q5qqxfO_h&Y zZ@hFdFsK!PaIXE#$UUBG2=jfLOwQzJ>s3he@ESHZmO)VvhE<-HV>lT zYXlQ6tRB2M<;<>n!DRAQ>D%i)ViFjhza~pfClbz}`7@W$XP5!0UfTxjJcwfU*uTVr zpCXcbqyw+tK0RxW}xAf7DsJEMrV?%fXK?p5%JA zyJ#5f2vCxdURv z&`EN&Fs-1KJtheduH~(JW3W*K!JtleCf;=$a9-$@u<}PW|%}k2vWc(M`LY3w|J`k%+#Jy?KFg`*X?8p88L_vfsc2 z-61;}MMFf;Y(+RPG31?Q@}zdS@=(Tn2Rpbyb(nvm_@~Q66A(grj#Hl4a+f za=q9#L{Di4b9YKZWB`+Hsdcvc-I4#LhUP%H*+Sl=HQRnA(0A{&Zo|ulx1F zk2NFm?X*L!oFO}XK`}To+GDw@)`6Y5lJP?}A8d3Ge`7rLAocv_p_}sOGjS=!8H76H zXPf^Zp*i&D)d%oULg&FQp#E>)SAG7G5PRRR0O~3FpVY50hJU3!U%KvJ3GrAg+GHp9 zW&--4GrLJD4tFkee3GFB`2rq<-G%V{%CCP z(B?NZtOzl@cu|ob+O8nBm@2r;6OaGgxD)dE+qd^Z@Uv2Ks3YugL)EL!gkQ02YotW! zJ=fbf23+1^=0;u~8u?IP1&R6&jE@FB?q1LhO^ho_JF8M03%<$so4TMs6BGP|6O84ncr!DGJ``*=W9CRd*#dy|7&8PzO$LzW_F1RBfd$eO6JiW^>%)sd1 z$B7Ex7s8Jz9zy<%`=Vp}zn1qgeEvh~6mmYr;F}^VZveJeXCmuz;E-lX!&c%5m(u1% z*+;Rbe$5(d2)#H9k8`Z#9;J*prdxnIf=`bs<X z+{n=5g^QChLl<|T`OlBuQLMYV_}<_P2@{Ci6Qfllod0^h=CRTbiaNJ*UnTZx=>zUx z*P&#O%52JybW4|2N;=AmJ6f%OBJ)L;519Sx|McOe>qnVv&4{oo=bi*N-dC~Wnm2Xi z3INPwq>xE;=gE{aIGFbTgPLYs?0eXHQ22$;>u>zjS?^K;JeQm2JZzfxN@bsRi%=5D zQ&RtA%Gf*BuAdVej6w}%m@R>4g5G%Ra`Bdralicps_MglyCFc--G^-JfI~qr1 zf2vo;I-3^6GU-HmS5yM3v=3)3?bFRBlk0as0r_~5$fJx&IirP^(qsQNb0d8FNjKD81kiae-u?$(XsrC-^fa4b#pWwfsIyV`f0NYw z7rfBO(F9%5p@io~?cT&P?~TJ0If5kp9gE=wvx@m$dRcE|DCNdcopsz=hdgD7@o&~- zbIQw}+=u>+>)|4F4IJU0c;mTeeSGE?7pz4buW8myMfOC z#rlolDq2cKL^88~0brQ%Bp81_a%;M4=Y@UWd}cxs9((oA4$w_H4EbCih)`WQ7N!K? z08I5zCBXXmuzt2l9lK`7&COoU=prg9?#b|n)0T?x7ex?J(V z4Dd$wnGa{FoISIE7-*1Ob;rsA`i$l^SwxA#{KxWBDM||GO#RUMOS=?5$zIvec-sIz zNMYGYkf@qlRrwY-(+<}FDQJJ*+JO$}qb7G-rF*nb^^XCr>D83VKmIMP9NF* z-MCv^uObQ5B)_%n0%?OlJHVS^l7aGkxzZg0m?)Ek&*>iN_a`3Wrq+2Ak($7p@tR@D zX$+G}fFswP&CvTdvX^nlz$ZfuYhgzTnD@&IwLnSMpY#Mx_5~Q}ugFpz`OYaArxsX; zjg@^yR)f5LCc3%c{XY}k{K9=Ex*37~-w@rbc<^tcn^b`4<{eQ{MK^iC#QF?M_Eoz7 zZ#LFHVUs%riuS5rKRktvNa>~~F3duPfQ$8!|1I;A+B>?AIcL(hP>~_g9bY^kN=g`h zbLN5Q+{_u@IIHlqj_@BG?a8uw*shHLlADxf=4wW7je4ZD5uJ95JRdzrh09ZlHo8!e zrrW!@erHPIjn`XT9C`nx?ByiD^}J z^YgCng>elC-6wK}dEPbFjj9la5w27n{Jz4Xuh7#*?!wCBvpnuIz%y<6GZSCq-zBgK zvt18j_ZfXHwuc^G?h_P2EJJ&6iAe92_0e;)v$MCB?2`tLf|Bwb(0om2R+1CSz@&7yjdZiwC9pm0qp1-BEcacvB&ez{Xw`E4Ax-Q7ubyz_9XY-rG zb%wS|7j+Tr8Wb{(4^71Wa%00&$Rz{4yXG(xf47m_>?Zo0w+pDz2?6UFMZD zs5W!>Gm+@EPGi2@dC47OjtKkk{QS#r0p=yxrz8kqtq{=ub(Uv-!qSmn49-dV19Tl^ zr|H`WQH5Xu??@omt5WvK+D<)qMu9(VLU@i~YAKtwmp0|M9S145LcWOObV*mSsg{nTcy`i1stO}n^c}yF=FGxxvFKKA`hccR~p5QwN za~xLp?wMm7d`LqXY@MS+x^;OQ}{@RMbdJ*U(auvOh(}ON4I-N0tyWs-ZKg1N| z-612>kuR0geRCHf&ai3b>BzV7Kn22=GyKZ1J#XMo+sJCS-JCf_w)+65tt^P8TaoUP zMe(lgdZiqZW(YByyJkxg!j}>1&S{9=W$i=wVQ8=j9U0llUVc8Y&TgmyH5ah0*6eJc zAGjQT5mT%$T0ayVOE*AHM)vZhSuHf9b$5G{INHOEX}DC>xccnmo-1*t!-7mF@Vh;@ zAD!nk`sRaHnn;;%0kdBV_N$DTOFT<2%WTzL!cHX<~=ZRxRbz8CdbHbL{&-J+ciJ7YicsVt_N-j9^O6n6^L?&H%DfVKKmF@e@+jHAx z`mFj&?`xu7C#xRYTmju4gZ>BrwfupQ1W>s5P8k9;#(NJ8qGZoE9Mv5Ve^DJA!)9&JiJ3s*B-DX7i&WlXM);oHa7} z2==7sG;N)ZERyF4I~A5rw+uvOkdcwSQnOBd;Vh4$p5wYo15?T7xK`S89NC(aDW%=o zYdl#jnd*O{xHi3U)p)W&pT40EOGEM}BU=cKIl&`NJ6WjopNA}pu=y2eD78IXa-mF& zhqbe?$VkZRnf8e~8nQgeTSo{-uZtTds@4tkON01yS$}r{`|De&1Otdju3`M%jnRa9M%K{;lIwWuBZ;ZVA$8DS zul~vtK!f3OCvfEpp%K=@%9a#lWDiWff1jw`f2w)D5I76*JDx`4Sk5bJ%p4ef^tI2Qoszkbogi)bX$|W{ zJ5eobu-)*+GDnd?0X*v>@VWotr9=A5veehpv;FbohmnbiQ-(g8<_@r$|NerYr#=0{ zje!$&{q&A^sjPs%PKd0liwjk#qC1)?Bk2tP{?GsZZi9}Z^xqHu{$_&xoWVbQ`d|N4 zEPlTD?2`ZKrQ^t?L-kMRfWz#e>)Evb`Lt5TBPEvqd^$`vGECqq7|8wOcPkd`j_tqL0$g3OrN;v~{y)Gs&xSs?PW9{n z{FbOr{>5c?oId>j{mr8$|3C4oGngnDdiHXgHx_iXnY8>kd#Vj*cAV2*teo{oKY24A zgp_+fTa8XDZ%>sDnzk~yy#HibV!mDwj{G%%^+>x}QsN(!YK*?>d@69cX+Eb%4VI4F z^qSQf4KaplC@WfLxKog2i;SM)O%GHIPZUG1FXLuFahj&?X|32lDjYPg%$gxZ$4h0B z@Vp4GTG;BdnLTk{lMpuQ6k!a>ySai>NB>lCB$DQHCXRJT8~|hXPZcoS0_q<{lO&YAD%W!m8RUwu7!!%}VF~biPLYpPmAP@{uA=^%W z^kn_ZdYc+r7kR(fMJBbaPfk=;M0OHb6NgZo5X>Fz)kg>DXwIFUB81Ks?JFJK#}L}4 zs;T3^TPHgPr^q7Q>9K75NT>Ci_JI-SPaBj+2S?5!$B*+J%Q@JZVoszCjf!$)OM^>9 zfqnMYel^wtUA?V}{*}ZS)K9U_P|`6=~ot3R0O^@P9tECvMbrz~t-*K%V$z$%tUBB_l zhf;`2SrJ6Y){zCt{$!@3MBeUv8hebojVxo^tA|0~ z;aYLZ^XaXlAtY2#KR@5`eLSM@YilsF!)1_JEfH5FFWK)Y6<-2}Y|?Vlp>m z30>V^Ca(QPc$`R!a@xc!+45F4J3kH%B(}5>ca-&K0tdw*Ka5C(vK`C3?|&d~vZ532 z&|?#$50MvI&6@Urdp$8j@F(`Ot)MuQ8LG*#@f3FbW2Z%eHMDNeRtt^Vtu$UQ5fQtF zGSK<&EW~Y41laVDF-9FzenVGmYEH3u0C2!F`GjsEi^={SHk%{RjDb zSNObF#A~s~{fu>aO;Q&>%t{ON&+ndG4qR-8Om++QI|R%(s>fk$_A-#;v&IH>+RUsD z{(Dre5g?2c==T-WS@af72AR9;oa;wf*-v2TZ<{XZ)wufum=3BGh62vo-) z@X{umxA0f}cV>3RxjoQFt~XQt9}l8GuEt_J7&J>E7%9IV?4f5gmXN}JX-|9au52Z} z?PlZrfIHQXv%rsm!F~h3d8ye@VarWCH{a~>(>s#o_`&vZ?jzGG+CAV&_=MOQwS=u~ z<~iRY2bE#_h^HRnXn0<7x*N^L*qqQnFY9*GinyyEH~k`t;k*WUSZaKmMAulrwP|>)WM+;Fs?S|&qfthxMfIXNwC6s2 zXEfez1ESiHeZ$bI?1e4KVM{7kRh?ur=P)&WZ^F30X0|1VT#=1ybVzDWE_dK1QkRQD zpO*yvVbtvSjW!V1A|ZG{>V==+7Uu#uQPv8k4sy}zfh_97KWjJVOzqhioE@p+(hX#_ z$KOB)(HA3IlT^gxv^zD2H7p$k;a5!Z_yk7~d56_ej?;{;UhXC)cH=+N;LVV-F{{nV zY-|Iz3j}xA)RG>Kv@VBcR zU|yo!7qzw>oM-~pg{Y~D%tgn+dBE%r`Ypke`;>Ls0;{J)!og&LVT60*sb768=4(%L zSVq5f8a^T>)ei)wQV;&p)+~4&jX3MyWpwWS)@#8UhW}~K| zd!@>I5~_+1XCV(g-S$?(zXtM?5w!6l@b=S|xQdn?6JLugMa4l}MnmpE@C(EKQApJg zpKSfJYDB2~knk!eK67XBd71kP>MYMEyUxKWWj{@rvT~l+PP=jq*R*34Q37NVF*;mb zp>4x_#=g0+q1~c<^9LIJ-Slo_Jk-hlca8{k%0e<D=4U&O*?)r-&tl{J(5$(-EQQ; zUk#}3e9hW*2N7&-%PoO5xN)PxExdjxUFmv)Ko>LTWW8d>^p9Vh6W%*~c1awIgQmu) zW*v#0eTS<4x}tW|%>W_&D#ua2Kg5GLURh*OJCA)-e!`$1LMW%r)u!0Z(yac?#W*KC zhg+Fr$mmy~WK*54>+yy5$WHvejl`Lp5@0xyX|*n8$33qYnWe53AXzLB^Nw~KXpVOO zNjdI@SrxQ2V$(HZp_0l6|E%SlGym0h?^8EF(-Jw}J6f#1d6+TKuW9yVR4m#3N0AL# zBIjeu^Sh_bHHUnBvuv_j=&k7lgh*PE_U4rA#AfLlKGMq6t+P7_*ui(E>`KAd$qWy< z$BI?!eJ3?C?LULHTI&ucMi!AJn-MWw64+nKeS%y$us&o=84#f&OeYn~vv#fyU0aMwmweZ&# zO;+^MHZ-m+`-_m))yJh9Y6`Xcj|K#jW34|f7rH78^3<3bdiXY!PMRXOkB&zgn|I=u zp%`9qjP>|rb1=K~-SMXbwf(iA!%|r`_tx!tF&OlGLY29M$3jgd z>y_juGj}C_HhRqDF5KU(MHux&?MR`C-!2jF0BWVdMsBLE08JBMBm};r>b7XzKVq( z;NXCzI{DE7X0=DQa;-~&F}_)PTo>k!`&5mut>C~uj4UE^&A$G->2q`PW?uKmbjb6X z6nCmvN?c@I;j9fpty5Ve$XVX!r^M&PvDe2DBp_my8Ugjs!2!DBdHkL5`@sH@RL^iL zwM+jat0Et282mca8Xx`cohL*QKoQJucQ*#GTd#R9wYf7}26t$Wf5v`#US?rAdg3x# z91i-;iuzy}xLI{eo_D@bWZp%Sxo_$$Q#RLOsB_>&IsB` zynUe6IR+j;Iko#k+E@arz_KM}?z6gXipQ%$RYH2Gmr9*RMT(OB$ETS7IV%i>t%1~^ z*RlG_;kVPE)B8%u=jh$B5A?*2)iMjRcWYG?`B(h7+02JCPd$R~?Sl?WuhlD@?r@yW z)NfXVv<8UO7IH`pFxW$T`KLiZwA>Wyu=n3&(Rhlc9 zZ1jnshSKJ&UFw4yCZ5u3d7xtd@VB@5@}Ce1Y)+0H;pw=uoiM++52*{CV= z2UHi^HY(IZSquuXnKeFuO(hg8_tjXvc{kCA&4AA^BbvK6W~Qznmf}fDN|Gb?{5iwK z*}KB}osNUd91TKMO&%=8MqIe2-OBax@xJ--V(id#Z2(H%arfoUdV{Y=iq4&W{Ym0Y z5(-^3K2D^j$CjCZvmjMWsjbHSS@ky*{TQ?H#kj5jm`IxD#utx4%a^mUzdjeQZ1GpG z#f&Gf#)1a{1=(}>U>`b2=;vRv=8&z}JOKV(L+NLm_j-UZ zmdiNr38u~JSj|2m;7MRm+2EJF{CfpeY1xcXtZD@fxBjUa%oHDn8tcpf!KJwJ;u{!* z{8^UhoVj(up%!SY&E}b$aeYm@!EiR{`0C{PU>nC+V@V8mf^F5{z>V zQ>1^^^j82oV^L<;m6_kt4F*bM&d$A3&d;Iu z=IM=H-RUDpj_*l|<)a>sw^Frt?#@f}-Vq&y`-<|IfT)Ee-&?d-jD(nExZXWJrkPsP zX)Vb(#<(@(GJcRI^c4Y6a`TFb7_r<6x_Aj|!L$#=WVpQN<82S3niP$ZlbP91T4B{Jz zWN`3gnbLjgqn2i*sW`!yk$~9QyfJ4zm?sv-y)S690bsZd3sh7wg3P1v2wTpXl6Qhx z{MEm@b_YGIs2T-d3dryeQ6b(cR1s7+!XY@I4mcOGKEfc9y?C%g3Ls7Xpz3fs&I&{y z9Trf|cpfjm;3uMPQ_h_HX2aDew;r?~E;0F*Uy<9w>BGj^Kfb*~b0+emj}H*4!N zqGi3zg};9n3MH2?dqXj8mDV_#DOUylW6=gdlKDQYt55*-`yZ{gV#`k|uzNj)Nef6iqW8$=+}AQ3!H6BiGbRZE>O<(0)xyf~e${rla*YlR(CW7$ z_mGojh}5CA;$Q086YOUSeYFzINu1~u3Zx1>kBe{XvTXHc+SuYR6J9C3u>3~Q%6g%Y zw7jN_N@_3KTAzE`^Nb!kv$95Rq96-9o`OGDCjEH9U&+hW&iy1~vp9AW zLtc>a@{L~WT#ELv$c~2L-jU&!cp7*>IBhoAx_EAN=8?N4S6q$WyNw%&lz#t6bW@WQ z01O`M)|CBJQ-hi=-Fd+U4P5^CEy6-@x=r}rU$DNH*$5{kLr5`sE(eDw5;nU6*rC!( z_6#EJc>~~lQ)PZp4qH&QEThgxJNvB#Wi+QF&RtDXzNQx*2g9ABEs0q^q@9vk46Lm; z{A;2_fy*R%5C=0*)#)9!%SiA>N8ElKS(;Z6g`>Tu>#xf3y}Lo|E%!IU zXOEXy%9&Eh_1QgkQ$`4{n2pD~zNr5{fW56DN zT2X*g>#rE9xg&GSKaCLsu&i~??TSFJJh5dts@xK{JUVgO+%=RyCsieX@$X5-0tFqm=Ie9myvjDNy-l%CB7b)g=A8{Iybs@H1|7^k>%wT?Dpqhdsd+aR{stC-Lfx=;< z)qpY$eemptyGf_0Xi)uJM&tzR7O0ZYH}o3cL+>x5JlO-}tQ0#(_+)Kz=e|maPyNbr zTVM_VnZ;xMZS5NuOT7Du6b*uX4Cj5oHFKm8VIt1eXXeTSh%G*8Io2Pa&@D2apa|e1 z1E9~$pqz^tg?3fm%xdnbrw4;($;TU=wSkTEcdg&m&y|WjeoF(ooeT_EKN$t;c6EmA2Jl<7r#09z=v z+Hnsz76pVA;Na9a(0maQHu=u8(zA@C<~15Sd#=>8Xx_Z7I47H9;jH}O2rd;fYaNR+ zh6>t!%gYO(i3%KETc=2P60`rfh~G&7wv`KC{%kyEN%?D@Yxe&1J)KP*DQW_Y2Sp+c z{kkkDfW&g}Jr$1=I6+kF(xj`QjCRCbd6Q) z!+g-a;sVud@~(&A3}!Zm#sz+=jp7f5N|)U0A{1`Q45fjGG*wNb9O&JFqF4B!`#JHq zvFnUD8P!WkR|CbX4=&@Db_XXmBA1fbbdv6R7d^)8AA8y!*i%{e2c z1!yXgOlOx>ltDxEGIIUt$+3gKEOih?RtIL`I?-Y~me)fcB!VEbM{612)2q%-zuo6; z@H@0^B||{`Nd&RXRAIo@0?+<*IzxX)j`#a8=^z{b@H6SKx8DSHv0(KxeYqb~*4^qf z4~48Xk5w2(3|b{~Ue!-(OY5uNR9w>gV{3-KMH(Y%t$!(UOmJ|!m^>*p3L4y|NyHy# z0|oqRE&al}k-(c3o3EWWF$f+pOolb150}=y4`bnaPN(DN`r7Y$X?GjK3Y=C(3A^>$ z$!No#f>hgHi7K3<4^O_EPM_8CeDW)gGKyPe{noK!b*(-x6#KVv^>;)*D2yAb#Xn$6 zfAHXAfx1sWJE4jYsc$7&PaO0G$j@fLqXiYsZC<*bYcaXA! z#JcXU>1!YNQ4~Cl86C)@e#74Qx^mQIRWTIAFRcxSH5WB?_pG+voAL+(KVQ&C6fJqJ z-tD){Gqi50*F;s0cz$x?mP|G38XtL6eDM0VBubf+jEqk^#p_%DW7=(_k8dI*zm=rt z)Tk7(2J-w=y zn8&cqWyU+JOS{*1Dfd~@zUSE(%yTwHM_Vv{rLECZ`av^S!}5Ks)DxM_mPH|%;JF6Z zZ$j?gS9U+b(;(;DE$sShpeFP1cW|+?Yz-nil>^^(6>?ost$CZhEW|j7t7+-(Y`?wv zHb0q0&qPrNBNg9k>cm%L_jSXD=)@p&v4usiu z=1C}dKK_kgT{~7 zjkK96laOIj%dwv*Tzo1F_kg%zaeP&7)_gLW4M0)=n6U}&Vz2Et^|q?UdvUyO3+PB# zj2PcS-Occo%)Y?FeU-4EfME4Tyz=T|sS-Uu@ItCaTQJZUSLiiwm(gD~XR$^>tt{uF z)5Q(BymgQ(jQg_d!X>ljY90JAw02hf#cTP4euZVRUjhr&k@Z6Ib z%WTwuF>8PO@jlS3wXvRvi>{yK3P3h3*Sg1XPoHz^HF+@@FK5>EDmV~&{w$Ofw{g%H z>%HEWuJVePVcdQedd3@`_V$_MEH=FO{twZ(t|__oER|htr?(ffd_@ zp%1{`DUbRqK5%Gd;@l%SBm_9aDKd9ujt#qPbhT|!D`y}OR^glAOwjkJ<34R?bC^CX}GH z#omzZ)cHsKhEQ!#_H&o3n-P){!|g>?zM+zQ*~`*ZL(*vGC5mlnH$lr-1-Xz;2hs~o zB-xh|K{%CSRrb56HWQF#t9#sp(qn^3-H)GFb||HN7^vq+75zVd2L?h5`#%;CN`s2+ zip#BNuZ=@Dr`sOdDZgy4qo*x2mQf>>b}&J1We;y!IJKV0O5$1@(=1Z_(tLvr>RN)g z5H)Uc59^+%c#BZBc$Z%fNVHbv$^13Rsm1a{Yp=2H1^GG*c0>e@V!(>cf^45H6P~{5Q$YZs2r|7X{oWMA+7}5I87_&nMuYK_Zn#j2fx*J7|kjW znIH`ZZI?i??{JP22^?PlT8Pal z*K9@O?YrH`v|1??P|KLb@7ExYgG&YVS^tbUe%rv@hIuCe^r>MjOUE90*)B2fi`bP< zmb{a_#k?iaaZZj^Az3e`+G>A7y7L}Y8QvxIcj;N&&0gFcFdMG4PHpR?3gag|09qlM zZ{NN9iaU-%e@14Z50!Kf-I5pGHtwFn+LX2Grw@I6fRG8m3Br;bI=5Y>iHJI73$T@9 zXhkLK-hlm zUC)7rAOs!q_KwJEUMTPv2~(eFCbf$`tL2&e-GF^~vW2%?-UlEE2BQX5@!@bUw>?(k z#*bt7vCnRs&>mxteYa88z=Llg9%hCK&wtgaQ#U;AJ;Y>_+P&qgTLYe-dd1X|lPMvt zDCG|D^-60(QxXL@?$QFj<908Kg$&Dr`e*_Bekzw&0Dxc zrBAvU6OZeSakGiKBa)VInr#i@m!vyCjLWx4jt{K&L53x`t6jO02f7AuMH{_RA{?9G zZoiZA2&EQKMB3xG(4MaLknWmd|T#dd~J3#Fw0rkjt~r;EM%h7eMgQhr+E( zjW3soYW=pfs0JX*u2GiUOF{+>ut7KC#j&ZEGAv9HMIWBiz8nic2cRpqH#P72dXg%z zAuBCyBI=*oXHikfEnZ*xbo(j`l$hvMZZ}768a(B#sNI5OH7=wAKt>JLomeujf}QhkJFQLhXpNfP zvrHL&<1jJS*y88ZyZ}ELN+V+YopIA7fS{)|e%yO;wFpU>RaMjAddCcdV8%89t@GE` z1%`q){iki~fg>{{%Mq_D#f0)bu8YG90LUkh^ksUw+aeTDwjcDB!hHGU@n!2+sF@ho z?mG^wdYAVbS_zBK2_L$ejAq#1%WCOzsjZ2>K;ZerTSRvox4!JLHphClk;X^VHd#Z& z%k$*Dv_zA8+lMXZ8y;0jYK`C2ZB2linxaC->Jj9jXVk@wq=bn!=m5Jh+FaYpSvtnW z1<(fw=Yni3Pc{yJ3YR(CY-FeO_mSvrVnRZK2@szDN(8BCt-v!9ZWg}Bv&L{Xbi-)` z2_tQF+0&BODvMQNPAf7WCpOzLn@xlR6EM0<{OVcRmY8B}-^G*hA})5r{Vu^{okH_7 z$D}Vg*{9!r z;W{h-R+4qb_D2f61bLyBhZ{6ND_hraIe#Om3#OGASr&M$RGI6X#R)1Xa4RB2=hC+EPMpjs4LpBm(oFMT^13{YRQyS(GY0 zChRQ}BSpE#u@0H1Z<U-wxHad9wu115YU*C}#QvVdF;=2H@zCot7O1WCjpyi`B_= z-0gan0T!InAhOo6o`vMKg&6>&Z;`vl;1sPS z`M@BKMB{xg(P?KQEeI5IaJGWR0`?qd4~5QXfJeS1botxLDxC(OtsDBOtoWHfik{Io zm+7%!6_xh)ec~Z9Wu-Om3ytd^<_{Yfa#xh58~hU|QSuYSV5%tKLS>1~4XTE};BNGG z6`&>R@UNp4MWx=CDpFe*N5x>}k@8>Ed_F+1hVc2(ft`6B=6T9d{}K#|nv5)WyjYj_ ztYr6%5=AZH5!0aNtedTiYT%^Y7-5BiAAxqyENA zd~*3OyhMO>^M84XXSeJB@)FPP!oR=%za@44pW!9if?L*;Xosxtqh;%p<3-mRXD56YD@1uJiuE?w%Bz%!P4yGQNSJ3pq3rZ>-;n0Tl#*bM2Zd`mL^G;$nU z)xKx)E_SMg-XDIyekAq#R9wUS2@&KjTEiN{@x%hW<|U9yLl)Mg21>4wGf*foUO(NT z(ZdZ{5{JQ)X7xrf7RZuZPo?5Is}xcqK=?94Kk+>_dNQ@2e;YYDBS>>c;z9M)=e_}J zp&>X_lhde46Y&)wFF2I= z0Qs?;B+r%nj8tS-@3zBWUgI29r}e(T7A^h1esTDnp6-MSl95eIhqQhJCglBzIw`%2(6Id1UVup_(1)O9F9*8&j1^1ehO%BE106=k_X;{KJ&;aY0|51MQ638Q!7X(TJG8GK((!8z9G{3kr%uT-&X&EQ|Ofd{!K zNz>I5BR9q#T%SPKio5^H6$(6@X-ky)rL)k>fBMDQH*<1!h-XIX9eIpU82i$Py@cBUu!HhK%=GV(hDe ztViWFCH5|w4Hs19qo=I=+e{x*_74ccTvdJG=1-xJn7}9GZom+UZBt>p=D6_ME3^AU>DW?cF+$8EDB}0OLvR^0067U;sox((uIAH{(LC z|EZkd=hdz@2cN|M=-K%QKpz-RsyihL_CN=Q*vk^>_GFkfoWB5=`mk#cbPtz5oo!kW zw?-@$i`=xpOU1bN@kBK=jXr}2MM2zt0saE6-o`zPRdRLyE%FfDjY^!&*o#m;kerx5OQE2i^pFBXbOjGkYPxjOJMPf2C=Hr5dezN(p)G-HSNWj= zB~{qDErf*t3>+Qtv1A7mvp7oh{b_er@VS~ zNWJ!RdzRZKo*P$DpL4t%4}#bF)u-K+=N+yL1ho4enA2JeAB>tT56WQ{*@<1L7M!e;(>_~(x5sQLY^q7pNzQ}x()8XvwVj!h zQN8Bl1P>2I$>CvY82pTV7O=&}EQ-5o|GqB z0@*X0TmHaT+N8sK!SSx=uDIZu9s<1(cU35|`P5~)cJJUNYn?o9Vb^u**sniA z6;NDJajRfB9_Wg#+za%ce43W^3Gcr8)g!ZaiVhxir^0IwDA`uF))wpCTJQx;SAKEZ6v@wsGoPm_5;SZT*(RiTkEZYDi7Nh9u8(o#{L^Vjl#C-`Y&6EoyUJmk^AkfWKDhfVy+y@mnt#i}YU+unEd6y6EJ z9_b;Q_l!gDZ}W&-20z#IKkd;J;f3;H`vvFP5?)~ebflwgy4of4cpuwL+-z^bznPyq z_*!B5u#0sto#_jJS1c^R^0GTJ{c-cqxiwwlhTw41;-PC*jq%A&;qoe&ae#`fPBn(w zpycL3xTp~_j6oCAYfbcInWo>I@}}p{;+~x{vd31x1I7=yziX?zE_3V_fPXRuHSO+X z4Gh;T1=hh}@W5KdlDmEcT2@&D#L`rsFcs9V=ngTyt)kpY<3pV*YD7yuKT-J4WD4{7 zS9%~n+pa@m5p%OiP-K7yH)tTWQEFJGG1&pD%~VCzVXqI$iN29raww zz>Lo`)+p=sIkdPW>C8*sGk}X!n0LKah56FM5#sH|#wWR-<)J|D@oYt>xR^9RiZ;2d z3M;2qVvnsu#%6`Z`P=donYntBH zl=4;I2v*L#Xko;DXY2tL<->(w58V~$-oXn-?RvDL8S7D~>6LSNUdm23jVGbTMm$sn zq{ltZa@=V(C=h7N`PeKfz>?)SctkK-c=`*NX8`>>K!Z?0=%Yr(jtsjt)%@gp_9#mq zT%jQ8;|JYnvazGl1Y(bxInU%rC75DuOU)?g^tmsI^s!zDAlQ0<-^7hcquI5Gy&|n# z)4{!kSSVI5dd4x)(tvzb0h0}U>OW@!ZPt$*E`L0fb0z?bDxp&sb%`+Hh7d3&D|kE z55TqVqC%d_0f`wZAnXnU*mado!xJqe;OjcuwD-rkxlRDbba%F%VXPckNHre z!O%9n`E>8Kf;0{-HEPvVopmfBjO0#%^&wcWRY2x!^3)?|(4?;ZL~Trb+kIoZVp1af z!=*Feb1kLk7cvWZBPwg7M*q2O?WB~`_XGG(PHPL;UL!NG`8yqqw?yPHBji#(Yc|Ho zc{#rLOkCsmq&u3zn_LO2n@4U43|vS#T2^MrXV*!BVf97#WXkP6ZyE*z3C2tyVY0G2 zEbG-SD_o$t1Jt0$WZ*{?0I~dk+B@&4Cf99W1FpalMAQW$umC$nic*!Tq9W3zcN9Yp zNDVC@prF!Jnt=2U5;_4wC@P?#cSuM;ks1Qh5=kicWu0^P+2@|N_rB}4F)n|}kRjod zFW-FUe16YVs=;X2uRk{VBH?_#-pwML?fHE*Raw0~4@5J&W9E0!Nd%Y~P>Ay0^y58B zDn|WNYhR=kF*YuW4SmFAbEC!h!Ep)YD#WK(`OGyW>h*E#V+pa&y$C;a&g=aC;B?_(%wCi52A zR9ZoNBW{$xoiY^CyN*4Z&(6Z>>O(WAUItJoeDy+LU?tmg{fSn9RI@{pTyYO(4nc)r zLz>cZ3SqHQfTbf-FxUk-#h zOn>!V3NswtGrvO1o7Y~Iti`KX zI_EMMjBkhI8>HgvEM}`E6Rj4%@*tHqTFo$%^)^jPmiM;rZjXUeXZj9UAXbI#!`-kBH=Qb@nQ>#xqY^3W>5T!vw+c1J(hKJJn4LN$tI z9(2G>I94C2dpkR~Y>twsk4WxR5Q?s0i>!fvMEqtl{uZA6OL#XJo||{{_x4Om`AF>e z7}tXL2Ts$`O8=%yU81cTDK=bJa}lQLm?3g}hz>MHUI(g{SjzP{_sPCwlIvkD*|B&e zQ!Y+622S!LM;@`rGzj2d8jtl`4qP>V;W1W>trk*U3uhZIU)egT(-u}9KpM13)U72L zB)Qc__N~B#D9%pF&2Lu1So2G~2F^9SM%N9CgbPa#t-t3F%_^y)=Rrk(zW2X*D0$Xs ztc+=-Pn+0$okTY2_@+~x-oA* zD8BeLpPo7sQ1dI1zHmy^QKlV@T3@wF4H)z2yl!_%dn}7V5kRgP`NY~{`jvfaUGH8N z@4KFisRuFf_I9+Gko=f083*0>CyNKJJWGaA-uX-11Wo*}JL2E>s=m=ai zo&r(BH8dvf<_9o~lR7JO+$kfkdbMGjS)73|`#TlY=SOrM(~PLcwL3gOV-w3so^&(g zOEOCvR%5cecL7CmgKXp9*S|W5mOlP*K*a>BEQx8l)uP0^8huEFDSPd-#uf&>v|-2V zBXwa`NuUR?B_*Jv99i6!HZ^^peOd>MyEQbc!Y6pZ6Lg7}T>y`8w`bOW=Cg`!K73S7 z@SQ!Ie3D!Oom#U6EhuKppZX!6!275qlI9Y(y3CtaqF=wHrxcUklf@0h zW|O|i!4Vm|Ufxr-k`!movJA2s^+t^1$P-?0vdC|JQ|YkfX{O8h%U=Hku+`Bl@l}{{ zh|dx7;4rjH-zdpB7VEq{6#Rwq`5LAygq~+>%m;C}6x9_YC_R@bQm|M z3{p!H&-xPfxbPw}sG#*F$B;bQAJAp3#ozO;avPqbHH``uvlu5TbN)ee`kHoLr0i@X ztmL!~kWSW};N3ySmHNH)3eG_C8%DQ~1n~_$_r3DHtDpEUL3$>GJWaT#xl*_8;_2f> z#Fc-L=nR-gCo9YO*RqM-uNe3VNwcy)kFfrDiF*q^q5QEr;U#a_P9Tl>pik}FeubYP zwLgn7?ikhff2J?4OJ7UNRcK`3WgiQiHBM(CCnr&pGrhe?hsD*LL%e%^tPMx`5PmN) zil~}M8xS(@gp_U_Vaprv4<5i1qnc)BYzl+tvc@oAI~}P^3agUmvXu1N3Pk_3tqvu} z1;b5KTGIeb_f;Pz7uGr;clR}6{bin-S;TZ#C zi*BReuj&e+2-^)B^MTbona@8`8-PIoXrS{e;ukp#^KT?qZ z{1?6|T%FVsLWBL9PWhDVGU+3z)8@}AvHYEIXuL*;vN-YT;X^XR$iy*ZIRgUzHx`17K;j5B-5D#d+9oKs)Ry8T)-4n_n@w_+FMUl zmT^j?^KZ>hys91|usmblSPc3Uu>X@W1l;D%|0(Ec{q<{)ZeM!38SN%dkjpoq)vz8-?OYYNQvMmK!#7&n&~@+F zQuS?%<*NNWe5NkhzHm$XXmpvS#x^Bt_UDFJ@1z??a3$7Fr6G!xt@6gPuKKL=-BRGE z!)0l4B{#hj=zg5tVuERCee)Y%y}qV*Ce7`+AMN>^6S14k z_+?;F4GxJdYC6aM(9V+Q7ROhv^Vw^x#=rJFDLx`k(^{Z?=oB&4h+*YCl7C$Y>Z5-> zIxL;D`-;<-lZwp_n%tlB-oIn@H0kde4SQ%}|8r#87g-s`d$MR}q}eIxa_d9CxRVkK z>KjYa>b_1(SZ5qF#K8ssF`S6N&J_!om;2d;%I_O<2O&>OlO1T_;gK;}q_wRR>L`jo z-#!LsJb}$AZk2^3PSU>KNAa`90_^|xL}5^Hgbs9c?V0@v^VdexFt19|YsyFeG(whL z0*S1?;E*sNz4;gJv+GGNj1oS6`(LongfpFm8-ejADu%84HC>u7rvi6H?x@OC*rflq zV1EB`^uj5p7Vnjy@cU`ZhZbdaXEwzYsXr2IPruZi{RH~JRu0U9`N;z3c8y-8hfQow zELplI>UW&kl2fADc#)s2j-tI@;m$U9*IEOfV7LBEAM`Wr=gW_lwi)}o>msMMCu(C? zMw=$#lEZ)}r~jFECk2Xve72$e{=B@46{VD=Z)G+(Gw1>_pcH!^)Q+sN_o%TOvmX@_ z6q|F%BfgPtrBYi)$sr-Rr&S<&)~aqEKZv)-M)@z%rUd*K1QZuP9X~kZ%29}lun(U!>Vnmr9FBoQIGxnJS7xQ0zQnytD**#+ z(J{tXMH1>h9NA!6#cj$pBD5?zVFgt-ssU-Bnj6L1mg$8{g2N!feotq;4$xs)7ndh6 z=*_PH3%V{|cW|8cTQ}pooRt}KD%jgr3`i&b1p_5fOTC!vD7gQe1Pu!iq5cgZXx!YA zlWGl>n%;iF*suyOs~2rAV6;>EppaLr^h!Q2!dX?eS;o%9DYvDhu3E}GPNn?)iOikg zR~C_(UvFZ@N(U(DWI^Y74mZ-=0BP0O&1>TDEgrUEKLu~W;p>KGXTFifqQ*^6fTt&TiT%(a`p%Gkc0FZ25LL5y1||2lu- z0H<(HnQ_1R`A+|ho`ywXQvdtx7=L)>g{iAwGIpF}0-3Xleg>1)v%HT zg8JXWhVCP7s3z}{H6e#puJ*(RJr1Y{XDD8_{K@%iQMAqLs;@68B7KS+*`eldrpsCs zHmw#%McY8Cls#HRb4nXJzLn`A;&-JC_6D(tDD>_glD;Qh_e|3zZK2A3I~+?5)=OB4 z0$}iv`GWH6(X9_PK9nU69!hUHOXE?YAP_;=?4OqYf;W3u-1D1d>wTGxg#a49u!~$W zb6>miQK|`5x-oJbfL;{Q{pR!D7F?&ztoA$;iplwGbh9LQi>${3r-D)*;%-_no%3!! zy|gVoweg5C>)Va_0iUethWuVqpCv&p%1Hb+Xy!&02yG|Ny~?F&o7R0~6>(^cp{Ahd_;<6u?mGQL_;G{- z#rrP^DY7ktSA{lg&?2Q&tZyf?Q55zra&4_avb&aV%HqUN z!>z^o$?Y$mV~!(*48pKvRUMvl2^!~W){wk0C9iX)uA0PTC%fU?*yP>dtI%Q;!uh&| zegQ~LR;&*HP;C;+JM9i}5;i^e4$C8I;q6>W4Gqfk5IyuRDaqBnhqzG1%f9^TJMUqc z4XoknZvB_tt?=I4H+V=*WW8&ep_1k(Udbk9p`k?fqZ}e|5#it>`M3fwar0FEB>MRt zBbT6Gm+>*p(hg|2br9>YUPm@wXVHGB^GNL)h%AQy3`o2S_W*&vh{L`QlS+YdzRiBZ z3Au&2iU=o!80#kcEW~DdOUA>#6f#`qH^^jC<;>#bH9T>z^A@9m{JZf6tr<3U)^9(G zl{k5)3$}z`-DQ-*tw2JftyIY2QnF6wSD}kv)(YI$V$*g1Em0b}E=m`T8g_`PYC^n_ zOx`u}7O!z1?GKjA(r&QJd%|nw0y;;cznQ3Z=unfkfWyIc%OOKnrVJ}_J4>A){_xf=qIDr2Q2RC(qk*+;hR$$gpWn? zQ2u1cIkVN>IWY>d_+ZRM7;^02jb71UR=wNbfpf$nHy%(oY>N&(zL)^EE!4wV? z7Zqhm0g=8UiIMaowVnfO2U0f~-6-m_WBAvE>0!-3kud!+1=dMDlx$g#n4O)+KjV(A zt7m3sG62P3@xT*Nqvtl#XGdiBl*z?rl$A-Xv8(GKIt&}$@Phfp%|Ur9UlL2LYF0+-vK`8z}@d3MS9Ll%1 zvnIve>f@X>Mvtf0)Hq%8nhXz%es^=MNRNxIz@ny*XuMg6nAGZUfEkT(r`U>&dn404MyD3A6cig1I-8d$M8jHZ^Mxvy&lbQ zMA41{?FT1{_!xWFyX}>)@9HP6HUPU#M;AIYc;-vuNa8!GNAs&3_5+)1uaPwSNILGB z)o{+l!$~FJ378PN1){F?Vur6BGeID{!^$Rm3NznqwQ5a2knN;Yp;ezI;dLok+LG|Y z&6c@Fk`+GxNqU;9={IC{RAe1Tx0z^XR3lI>h^>W`7CGGDs7CYfx* zQKNS57d9uW`J?wLJ1>?Wb|bND$W8D`OE+!U;KIGY!%$%|XzICC=Pj!A5`*1{O&npK zB$L2!>aFnF)x{to|1=s?F2i&fz8wGSvs3h4eMYewPuAUCxq7sk zlw9Ecc#9pY0_JdfzdZy-i@^P_b&n|Xbt=aUYdw0H(r8~)%T`|viPx#{6F^TWJUOhG zh*&*`ufH>vrbQS9Nca5*@5qNej}!g0+M{^9EJYkfV3gIB_m=NcF! z^jBB*n@{%yo5s)7ZT#$PfhW$yy&F8-BGorM zXQd#0-mr% zy^<&HY}9PV7FM|#8=o}j@7N`-C-Rpxpt|Smnkx)4-#Lv%FMP+As6e&uKZzg3kK)}D zZQK0g<4S~o@9~i-#kn#5 zsR^B+9Tw7bqEW2?Wa%061tVXHAahF8&=}e}@{;EsI7F*GRSBVYkmIW~2;ZzSNAfrP z`*@Tm*Z7ruQ%BGNVf0wi+ZO+cC!P}n-mxQ>?{-3O^{vm}Liz{lH@r7x-7D$#T~(Ue zpSXu2eq5m=yB*Y|ofj>wm1?XWTZGJO196rNd>Jv&?Uf}mL|`K-fBtunR>+~c9sioC zROHvH{ciYF`Hj%2GyC+q3G~U-z!tW{W5IL5+03^Eo#BY4~x1{pA@|Nx1 z2!827cIoC!=-A#G)eUqNuWRcQUVy?d!^1S|W5V5GkC#h&H!}~H2CJuhMP&EIbT*;J zeWEuAnGwb~o^JODpBnYv#aXFsY6FQ+exbI*$^3jt@}S%$O*$}iDopo11K*MG<_&Hv z_S%edAnD5`a)G`!Igv%8B3B19sX)CZbs1Cwt!+*{I3LPjS2?pAabaKf$V*Gd#Z&!{ zp5LNL($NU>Sf&SSh^Z1f z8k|C~_)5FTky36_l>wkxcgolQ&~tt@6M5pyrzjx_G=|Q-8OrFgiqliyc;%`BDwRkK zk8LL(`;wjD2a`Kdgi}QRff5mJ`+NV%Q0K=*0#uGUThW2JV)<<>@7LRax6j)e{X}tU zoSR_;--0Crdz}`7%CQywA~`wBRGx77GxuL#qhitLcZNzuNl%9yN<`zFQxeP2Ib`JX zq*}?&Yz59+IRc(8XYoaUF>>0c{>8}2&SaNs0aUwZ&1L-sbD)l9EPWgP zL9RNdSihXdk_M(*%k7IK*s>YMawefoe%FmKtv3Jm+A;jhRR6mSqyHx^-k+mJ zU5=3_c>bX*qOK4Q^hiCaa)-5Ws_hp7U3*5;G$SvS)u-p+P&Ev?0x4_4>{(TB@1 zKD#XvpF(l{ljDm;mc+rmfb?cDAIA0+w5o}9L$ZRG<} zd}?ZEp+9P6oXg`6jpy1HRp8RVS}N*HpWNI@5JRFJr{brY-;-~T=IDn%CzUPNA7aoO zD_*YhiQLP4|99fAm;O}z71m&huXMxf&V&JT`~%q@uDa% zhipI$!9#Ylfs3ZSUG~S`{`|f%Xmq&m1Uw@@yKr(U%leb&v!y$mN=EU9A>ULxkCdxU zm{~R+sebF}BUZxgXxidRh;MNl5qC_rfltRsP@|2yK8ufYP2RzjFY}ZqrC@T$VWj3^ zS;itlfrJ?A0pMEgrH+J|qsAYS2_78LO)=lXHuk=z{A$H-O-?2PY0f76$<8f)!AOKuh?nh>bzIC6EaVhX zHZ50-&5 zgN(qd^_}T0R_>oYqHQcouRF-42k-Sj1h+gJMYDMLaqxQN-G40-HO4(xV-zdgu`3|> zo5K}D9^+fb56$4Y@XOr}_INtzEUWv#PM$)$8z!|Z?p~mLfRok2(N#A*cNjUt1UbDu>k84@?Z$Uriq)tE z;;_R(B?-Kv@0MU=AiY%?kMV@xrpgQ?bk$~P+GwE4lih3W53`F&m-i$22PWKjCPrje zjzcP9{M}z*XuHfV>EHR!xn~3h<37UDLbPv5>k9iUWZ5ZJsKq<;quGfb=-|nRfe8CM zpLT~ZIkBZo1Dk0LWm)6aO<9@gNlCxI&E2H_>@IX*A*OI~Ci`__TGEHnn|mE5BaNUu z98vlCxQXCHJroMh*WvLGBLr+@im7BoE+4c@g)eJtorzC!t<*(sv8F9CFkFz=xOKzu z)PX+bS1plR7pefA;KH`Ny*diX+%7q)?sNPrSP1HB0EWIJF?UMr0Gaa}D*Ay{8d~9K z2%)%VhFt8$QQ6&emhW%UiE8~%=|oxTj!QjhbeP4C_;$hI5b)!3aZiv@v6Z2RXpjzu z>pge>keVNLwdmyKU`em@Op6I{iv^Cf4@m@%XmZfz`LqDSaS6w}iDS-h$D7TXVipDl zRoaBNX+a!$}nO^|MsE;xZ95NBPclO|cvus<}m!f3cY_x4^ zdmwI+%sN2K{L^snU6YLBxNV-)!Fh6hJM?J535Y(d+5J;6i@_H-akssYt;+Rpl!@ZQ zRY}m~7P%=1pNQA{uzVG*sqegu&r;D6eJ}6%;$K@)R$6!g{QmG!%9&J#)3QqgRY`lZ zr!02na|s?lK~s|+?4tv^pz;o|nr)tKqOSmHE+wePHV`DF;qJ3h_5ztJ$tx)pgFX@Z z{EdazXkQnRGcWAW@*L3wO~#^-0C?r@?mWVEHodcPh6WDVf3$q)H~9kzhpYmFgyj1` zs@J72dc`GV&(G|~-klP2ZV=h+jbP{T-K{mjQHL%#?`F%U&~^7Lg6KsMq^%7nd}hv2<0ps#^TL z%ywFhWVs*x{)swCP~*@aek}2)%%E0r<@@W+e8GY9opttWM=WH#ZrXxQ$dmA)*f6HR zxrPw@f$62RT!|DxD#u{0xBJqPGFy}{b2AJJfQCo@%kL~8*L_Gqrcx+mqSMG${=H3~ zY+g`+w~fW?+K(3{aNh#Xs*0B-y7VVEpHcm>IM^2=rP>v{Ix;wjTj|-$%a|UyWV)bd z6lZe@#X0^pJ#`$M?WzK|Wy67wjZ_Ca?*vu`f0FCtPuv z!&#d`IJ0_(mU{b}-spt^UJZiwpVqZ%SoUzMUNF?WlW{@fR42#@%5h2Z}qH2{~+sUigWi7M@$i%_yQbKyfMhr-Q5; zoBt)qDuw=E2(q?u{l5#cwx}^B*7hkjm8DBxZiiJDO_uqPh#w2dqs{Mz(TVV>su1?q zBiDtlUFk*g5WhekYs{ZKyz+M`MKPcMS}7{|ZnOo&nY_t(?GCg&wFQTV)xd4Jo9iGDY z`Fn6lm(GP3J?8kV{#Cg!0XJARQYDX_usIiRqXNOx^#YPY@fsOMz7AP3o zKhfxS#vaXa;okW)_)?yXjy4StGd_I(hrFUOtN)-^RQFn5BHQ~Dvdjo~w*t18&NJHa zDk3kC5BI@P$uith7B`~ye2;vhOtb43`95IgG4C6VA-I6Iz{;HuC(vFyQlv47FK$;W zqY%@(nY2jM$%d>P!}7@-hNnp}Gp=B!V$G9#7PyE(Y^`_2de)?&KI2i<;$UuNZ26GbTaF=GY z<`L+2&=&m&I>1jzF~`7wo{zF_5wZwDukO3%gY*lAZzZk%Lq`+({HaGLbx6Zf5x#D7 zNyT1Y%d1Ofx9QofRk1xYR%XVGI@q0(Rvz+4fGD_S?s$p1Gbl+NJ2@(h0B_&us@=a%E~ChEWy z!+yt?pb(fs%WNTMVnaKOQ;|0qeHFO(ldgB;#tk_BL=9lu0&8{PML8 zS2$$W3f#>gp>WrN`^o0^H_Vn%$*SQ+GVqLg`COuFZXGcnjeC$zTrNG6o`zev0nC)$ z(Y6j6C7Jzlr7CArqi4Xao+yHAAXLeTRm&Ae{?d_f&uxsrx{fmQICHS1V|p6A5xvW!p)Im5M7u-gV5Cvm7opc%Bz?Lp#8mQT0W$ znoQ_oVV1UCTxDyySACGQszYg2CRkj=AFOKV8vstsaZoZY2v=Wq?De?<1K zz`RE1aY^KMi6T44f7@{I}DAx4h;67c?{dd3qh)J!dER)jNFup zO9LgbzvT7NyI%Esuy$XqG+|378_fQe$Wdd3o&4s|Gi;+gY|>XA=@%j!7iPWLYSVVO zg=e%4A}Q=>nPOeX#fhKR(YD;y3gr?kaQEF1{cII#aKKFz-P!anQ@zje9?T_w-5Jd0 zUj}B`<-d}Q{#zn-oee&bP292B^?0sm%$nM;{T(UMdP#=#x{g|@k0D$Gas8mgGETAc z3Pd}d>E#kk_gu>;69E)q-4$xt69e?0BO{`Q?&X zC)HptLv`-!xnBdyCrdW6b_dt@*5lpWl(V6C$#K06y;0cGTn^nz_1(_sj5=`fret2>GgrtqnCa=VgP73 zr?kv{xAd63u{hs(Cqh{WIX!W@`r=|_zw&xEePyrYM0=c9wmtdgu+LVLPp8mr4z*sVS$dW zQ*~R|vxhQ%dd8qvK8jq`ZF`p96v&XyHlX~r7qQ?TIZO@i8+8?bJkgPpqF%E@SFu=Z z?qfa4UiiX$EHiU|pgUDVyinG2z+?i@Z$K?Mp_z&kLjiI}DjphRd5cE;yr?|uX0$Jeno967x{ zhMhi?Cxbdy)rzfG!NEA$zn~;Gwd9+F+|*kOIW)al57XBWj%!p9faaeVQ7cjF+F(Zc z_`nV-_}oV(uM-oNt2(qlC@fR3XP!YCj4RT+LG}JWLZ~ldJs5{oK)G(j@BE}FqC-;- zhH4-(ob%+VG^?kwZ>_mt#YTJp3G0r7>N?C#X>sjqLd)7Ab#_vl-@f7dXY}jDG2je}GH?$cyRJ}a;(Etm{DSCGmbYe-})47|2 zc6lwVRR)*SR4mdDNbsw9#0d3$7bJ*D2f&X4OGk3U=p{w&W~EyiO3+8b!Agb}-R2YS7$fK#Fjj)7 z=LdFfuRq|&^4knhoY871qZC?6S4)fju}mi6azWHpzttQUQmk$gdf86WX1ougwuD-W zpi+84yWcq?;8@Vk0G<3ga-}j}=l2KmF#=G#Rm{*ut#^+|@(I4o;Cxom(z`r`8yPAN z9w;wYXn>b`@-w_x@-(C#qiGrWgc|81J|N!^j7AM^m)f9j@g?9sjrf=7+(|!KjQoDy z9S!~k=MNbKw5H%5xTl66DzdUJzYxl-WjsWic>YzLrGx1@xeCQ)&F+|fYMvJr+@c_K z*}j}W)Xw6C(=fA9ysRaRD?cG-$bmx9+>uKNKPXD-Vo|bZNIf+=L*lx|@N-G;)Ubk^ ze3H%<68;wmvZwb51N`CahiZ>P?eui%*_f79F^S5YHw0wpL%_>@vtd^pu{Dbk8Cfu( z7q8{>pzrbR8r7yJ4g_raLlb{~r-n}|>>S}D9gGI>i<3Z ziEo^5jVSy65Ny%!c~Up8#+VdjpHq-$i+-V`)27QRrgwQ*XhR-%%=L zt%f&Jb3CKNtT;Dw7(^1ChJVe{?7Ab7b=yo*U0_h^)bQZB{wEJIP`xkMsx5ycF!>nX zG01veXMRKQ_3!gN^793`@71a!fSJBMDQM<=;CiX-3eOX!`c&Bx!6UyPrh3rqT|!8l z=!3;G-W$G(#c)l<^RCLQHHX=6nHck9B!6HZy%ydW8RbVWr*YvepFEE!?n3#~hbJvY zi5n+)^DbcDoX3vll1JBcevST(98S62X8yIN_l|W+SCj%yPWv^9 zqI(kv&R=VVrKce4kp^bQV?A-iZA#qhh&x0IJ4K~@I_(c!+l(^Bz3DYE)ol1`I(%sP zGfN?h;;*j`ViTcHus^v(_>hj7>rETSc#AF^CeljPrV`!CPPkGUCtKfEZ4wM4toC`5 z!?=fV7blX5@Ozy~%DFOj7WFlCFC<)&REvUES#B>j3wx(Zl|3W==42(QW#Lf1_v*pw zPCypv@rS~|%i0|5D)CL}7m{#FZ4fcA!UtK{f@qvPSf|CQS>W%ZnoG|Dd>6EQeO2=& z%82pJ$gHG#3hp4}2=%90{KlPR-S(QVzFOUTHntr zxia#bs6N#AI0lx(0IE%E(g)G=LhTLHh4S{Wnpz90+^dB0WLPZ{9z^C{pru|MMrCel z`^L!IWTt$@xKHyw8Re7>Qv$mfqYQZt|^y4I8{7D=sr&eGgEz{&_TM65v%MBNNb^oT|fV>Ok(Ml$k7D7 z^gQ2ars{^I3dC7>rXN=5UA<@*f%^#(*exLq9Z67f1z0cwgBssR>6T*c*1P_aDaZO< zbK8n)X z2tZDVT)%_IoPJf=Rfy0lxTwumD5iXkxG7Go+$dIKBo|Upja^X@Dy0nKP~>{?216nu z@ivH@m=T*lC3o$KHlD=EyEv-y^%qQDxqm$dSqrwpB)%vWv?~nk3IL&|I$C+B*%;8y zbTTv_+%sbxUEEtP(>5*MEkBK+%(>`-B$?!|&>ayH;r4 z4W*^`J9TBD2G*|+mIfkM?xwFj9ol#>qS|epJip`{6rhYSiY?V0+!%YT#>9V^p#0!j z7ji4=SDqp8c%j?|Rv8yUc5<183ZAkMs@<9t%{8jjkSnV-j&g_uZ`u3eU>hZ6{gS(> zb#Swl-&e;dm;Te2Az+66f4R1lIRK;DpsSfyC)KGe{Q0wpxAJc3Lz{WqyM?K2I^Y4G z{|6^3tNtf)qT4CRO@E9DA;>Q)hL>N7N><>0n!6>Z>o^^jB#>Hz1)C$zj@w=j<-*>| zuZj$d0LxXft^P$^3V{pBM*Fn!rp`|R&Z>o%vws~VnbXKGJQ%n6>JlZ?Gx=L=t9L63 zTp7BDx$t3`CZ{{pY~EKPiFNAEr_U%`$ot;7m)gfM*?;Yn-zrMtT>SqbOw?6vcXfMo z?!BaPxgrM9OVl^KXj%fChz87~plLBvrFT0A0pe|ZaKy7+1 zoe!ov#J#QSiZyE69e2#f8p7`{SAKB`!_(TDv?(1R8?cj1nf|>;sqv`%lzdM2m4V%8 zg;vw8F+1wE0((BQ)`3$7vbd<2w;IYMSLjDI#d-@h_9pCVDPN~gacxIxct zwo?~Ab>fGMhg^3GGtKlpD)}yI?R@w)!)HFPQykg=ZW+oHs9i0<;wa2Dm)vyu`ZC!U zl4*pg!bT}5BM0K*`(EptiVlYnZad4vKE9K=(qhu6em8*$*@x-T3U3;JKKG?8QF#tz z50(x}yqo4e_gj?2+I^UKb^6|KEz|NB`79aUR>gr|;o+xm-<~27L+Zs-b{on#eldbs zR<{-euj`T&zk5fO>8i^gv|93QOW;%V&vI_vHGCbGb}=Wg@XaF(wHiSEq0!>2@qdTR zG_~mL{ueL$_{Vr-GqgpaX(zt9<^>yS94x~;BKHnFz-84K&tv=JgN7a@n*o(r&UEqD zID~td+q*|X%4^|3AY<`k-yIU&L{p1ERMyMoaYkb*$V4R^xuDSkgd~WrJ3mw3UUNXV*Z0k;IS-q*?fR2kNR9 zT3OjAy=?Nn?N(EY8~?-z^zyxCr#JbNQWMA^uWaR?)z&NZ!qUBeKmR%ZAqIa*JW9lI zCfI!&dvs*d!hYk5&3LhHZ;i_xZ%?RErqo4|Rt*x21lBs0%coDalTmf_lnq*=*zG-E z7eVWF>;qOggTD;`mGskoHdvd5a52738LOtDDm5eOP@z-=32DH8C|w$2zMTVf9_5RA zyBND*!dg1{Q)fuUQEM|Jl75!8qu%|4H7wAUs|XCqr~WKRmd*cf+s~dVMZi1`PF4P~ zEgFTk&uO<-9zgN|h1E|Z^UJnfnd5UTF1d=ywsB~mhx+Qu!DQRb93~k*8|WnK>Y)|*eAfMc$P@B z>Un0c*AsW{VxR?4;C9qWZf=VQ53+r9#PN9A9+1kF{B#?r4|Q=3thmoX1_+bY$FDB~ zZbjK=9MZt-b+t7jK($~9)`zf%ct386zkr^unygn-Djr9%J$!w_eS1WN1oZP0A3t>E248+zb;1e# z5F=&yvk_sG_z`#_{{7YK1*f3{gOpoX`&!9_#HF*VyuqZgLuKloPM2+NlZtyAo*Qcu zBZbx8RJB|jnO?i5=N+Bcrpb;F#jQHdZM#383k1ebuqyjlI=`Z?DJGy&LJ@q{x-Z(2 zQD}{M%Su{d$U6J)T27PZ&oCT~=Icc&lMl|AH}fTXDh~L%)uYjeaA)<{kB-djwf(Mj z0jIQe(Z);-b6|&Js13!Q!A-q<8O)XF zu;Zy^bVDZ9not!B_JsHwcD;8caKYfWYu+QS9UaNe65o1-mYgX2ut+nMY?I{@%d;&= zaq$GZdEeK%PM*Fj*Z7yM>*f(jJ{2qmFJdc^7%W8*EQ06D*%lc71P6rGt-?Qx@YMSM zgeUkNIQaN`_qYFl!tBK&xjIItovtpy^;8kec*13heX&d(601|kd A4FCWD literal 0 HcmV?d00001 diff --git a/packages/tychon/img/tychon-color.png b/packages/tychon/img/tychon-color.png new file mode 100644 index 0000000000000000000000000000000000000000..0e2c6d9f1d5022d1a93366f1cad641740a2ff0bc GIT binary patch literal 8355 zcmYLvc|4R|*uR-E_NB4!GPXn^OR`o56-M?!m`uCLI);pGQj9%GgrP)|!FZH?8SAu& zR2bQ&JXspMEHQZRp5Oa^e*etpp8K5ZI^Xj>*SVH+?xc%I8$mu9J`N5J!Sm-3P8=Ly z6!2Wb!v*|G{nORX!Eu=5JmQQ?M8V<&A$R2Go!QkbT98vQ$vTY(41aqD0UL;$y_FX~ zs2}jpM|{1#VdBiK@Ot}v{dWOX3Uwcc@S&<>0d`pvFYG@X>RJoJWpobny(Gaytf8D@ zhYoR`L3Zs23!muhW5={VSq_~V*xK4{sY>w=k}KRTd@}WY-+XGevFL>lCeRAexxsDC z5$|as1WDky{yJt!j(M8&drk>G6WW$l4s!(6leV<)q5j~BX_i8q(w49PReShXloG6@+CT`qz`## z5$V(d=ewCmA4CkCXCd#Phm?)~rH9bsD8`2+UN-olD{ zjzIPFp~5Lh+x>wp-W3mKa}q|pk~>H=$el%3I&%lhtpJTlXx*F*0l8NWaD>Y_SLAPLe+h>hUU|}|KR@(!*X2~i?LWvqLtH*mqmE5 z#!wpWzP89IBWYCS5oM{8|BTH?J$`Q)O9^U#?%rXGZqDpPU2$^#^<`&p`p=jAhN+>! z2A^utR`L(A?{>^ATHs~9_CX}K`S8wlz0If{5cPykndj@h37cUMq$XuC47s}V`VS#_ zx%t%2{kF;17aK(iXEV>qDibxynBiZ>Wky@ZJvUkLG*Ox|O}<;woo>RrEw`eDhsJnd zjm7WyTvk+@*+kzvG2S7?5hWM_+Lm2AQk5QVxI(9iFx7EUW9I6o_Lj?X z#%DMCFj9x%%h0FPx&0H>cPJ)HRRtNC2U(#a(5p% zw-iV7<*PO*8^dl!NMcxe?eU8OTKVR31hWP`qnr~`8OQv~`Hxcl`ta%DkUE1?HaSK; zcRnliKA~AM#QnQ}Y{1F!6Ha>yKRt_-H>SgDq@NaOAF42rYK9)fep)Zri@r!yozNGY zs*@`7+e3$Z;rAbS@XZ`6?{XpMveo$Qr0IxVF}zpv=f~lh#lL&-Df{wuqD_TSLb)m8 zmp-?h&?}?5^mAQ{^jK5H?e0Y0ZJ(s@JVMhCWmtFvlYGmqu_@!Ob8wdB+mD;|B6OsNCjs23Edw!4?m%~Rv zX%dIhS0^nM0!j7^&%&hTu+`@sScfsa*>_!u)6pV}rpR>}P%p11w z>4mkcZiggF`D@e>c9*}09to577Gm$tsg&r)WVPV+XJ-VkW{)4Wc*pZmB21`ArcWgJ zq;apwr1Ul}TYK&Fq8`yf%*e-V#{~y=;%g-iAk-bfMbCtW4~sM17O?M~oQT>cnvZusnXdWH|zYvg!?FUO-FI6YAJK; zO<*Xg=Kc@-b;IX94MU$LLdy|)QXVnm|`-=8s*2uo>`=;nNZ03I$x) zqc+(M28(v%9B+>YW!u*XRK{mkJG$-#lhb=5nU+?xabR8G0a%>M=i66-_MLEU6?K1 zx^);q>lBe_j>VXT8eMr*`p3S-o~Ez$=!~2g+B_`?JJBmo^MJhrw?j=2iFvI_G&XWk z!ai8iq8ak>w;4U}^D7TxIW`N84&^ttNwZcreYWf}8b!S7cP^lX2CXp`iGK!@zP^$k zyB#L8dA9J|8A@i}Nb#Fv46QVJcC_z8TA-!m!QKZ{bAm13hnJ!5mjgS!3Vsle-9z5i z7*=ZM!6dP4zJS@X!;4L|h6)7FgO>E@DPd47Cp%|2WBGjE&m=XDR_biiTgNWyez;>y zoLSCr_?m%ELGFUC~u2Li z)FX`6J72{p?V0o@{#;jPL?A|8BBFmM-aFU2vb?XSk>Q==C}+VLv;3FPluOPw@-qCoT&N!;J&uP$i?tV4T`Bxu1;+fx0ox z?3Qcs9frz+VW~M4B=Us!3$UgGEAG1dbm=8U1LE(APa_~(KDlacL;1xXe>YyHYMBvC z&{Nf7Z)NfO*P$%^CckGGO4hllnHK_ThrSe1Z2=N*D(ZaHoir#J(+!8t*DqMOtVBR+ z$QeGSBOw%y$qN5}05nGbg5beNV%&$V?pdXRXD!iHKvV zm`XHAc%ub7!dv67Pj^<*K#4|?w_#K-ufqGAZnG$>jfslh!*tXs&5vipTX|;uVLeO9 zEIWtKa#wW^nPi%mx*v%d`3YLUo)hL?C3hI74!CYX8AC7h>q1vdg4jBAA?zlVm(}?5 zCkaC-m`FWP+Vn04Yx?G|nr$7mQoKiCy0%+$zu>QRH@EgCKgHaoa^lv$D?*FyJspA^MrDFB0 z>bIlRO-e_4&mmZ5uk-J`@15ne_fyE^z>?7?aQwcYN;DzCM)W`RO~gLoYTmu`>OFRkj}pS*qTrLmgeHoj^DZIa2mcgqu=h27E3Ui}1Ru%l{l)VXA;j z{vyDRJh{K;!O%ioD6F@$LX@z${F=WP+3IW>F~>QlCC)kIiq;_2>vwn|V(AjijN@!!^`g~;OZz5duCjBTn`iB%8?o?o2 z;x7>GUmV)o|8TA5 zd0F%$b?~uhzq|hp*|-2M3{DO^_9pzDeKcVuhFRIIi$Ij1Z1^cpl6u?WgAEhK;EJdg zq1YJVHxo-N`<)8XpCo!9r@b7ZMijRC>FZ9g>ZgZjwgxSZa~hw*M_Idb$bWq1`;1H* zUhHNy-0)c!*$VL4z@pC!>^>Y{MqI|d?gX87=_GDIuj<(}DKj~dQzD`vR zDIuhD_|lCx%NT=@O(UbzP1CxFk^&(x|M@S?zrGFE)II}O6uiLnINa)@l8HlNhUJ9J zmjr@tI@;df3IQ+iw24w)`G~-TCk4PBJ13K+7Ej4H*L$B2WG39Z(?awW)`7v!Ul*dD z>S&mLhn0T}*hC~R3Lxv%(Y9+UHv>J|?oC}Dfx{p6TQh%hP7A5+ooX;}B)TGZ<9v;K z@-Fs_T;l$1o7-i^OP7Gbd^6N!PF95Sx}vjlM*P~&yDa_k`KaX{Zu&SP3Iem}<&y5}2 z62G}qN+O-3+^4Pc_R7b%p1ki&bdB*jCJ=y~4eg2x747}HkWD%l9Vv?fu(p-7u2km% zE4_YeMCTQGpfu{xGIZ&`z21Exj5Ck!7$ROyJK8Q@Vlq}<2`gZ9SGIao7PpWpJ49fa zJNjAriJjL6Ujg;UpH?XQy;A?`m#VVCeTtjoQV-HcGAZPcksSHnIe9P3JpTD$ngMTb z<@rz`z2(V}){5gFWACYbF0`0))KA9Es4%e&t)1VhN>WAU*Dm=#rkyL_O9m5Q8dOIhILbMP0 z+T~S9!C>#alJ75ZjHt=f!^Ke>KM&tTs&B0wuJd+BAY?u)Af}Oa`T_}u3w_;mYu#47;j{=$obdfp-~ zpA6(#1fsL=ynevjjsZaGiy2Um5wBGP5@RQrr|$-rfz<(Koc}guF*JT&tr2a01H_p$ z7L+;4IqhTD^u@-w1YBWW$#u<2-7&tDK`ep;4qqtiTCKBa5aw<$P^ndzzv0NR0a|?# zf2ZvcabmEc9@uY|fL8Y>O-*ILV&QQ3&l5TNvW3UH8)tx(ZNCP#EzWw`DT1~K783sO zz921`b2^=~%0VX}(FHwJ9baPdtmRw=M{{u&5Sp-k=XI_*pq+r>05EOY-1me-pNp?l6jqhm_0DtVeh_3E2c@|VCdplgQ8kQtGm#72b$;4w_UXaGpt3jnu$wOY zHCI(6#Z8wO!x=}ZC1XNp=gLNL)R!7J5qP5~c$^o@y<^fl!51aItw+y=H;!g}^b_|+ zlld<3ws@~Js9z)wNfrJra=U{i0CJr=e9(G$CF;m2e1CJSRZAbl{0Vy8m%GqbXQ}yy zpc^LF$|q5y{dAju7b5-FeFJr|OsUYgXx`pdjzq7Oqg0tLpS54V+73nN8S?^0_|2BK z#yO4TQ1i3B@z9YtWE3MoJ}nzsEDBJ*AP={9-^!#dsss!@1y=-{5)X_YZeok&Y_Z^y)bUMr zp(nC>5h-Sgkg*Z^;C1T-px`yy<|{%RmEkvWM-{2J5=^08n7_^Re@PR`T*~LBaQCMm zOC*}C7!hz`6ms&E`%&Y2kq?s20b$k+FjP%(RN8eeJUg*oyk!15V4E9();KUwuMS0Q z!fKVLp}6LA2t?D&>Kx}Sz`S*>USEhXI{bn}`kI*Yj%7EI49xgNSxpnC;@$fq(#sR$rnuq#ac|Icoq{O4IO5zxmZ66w)9Ycw7wk_`~_SFwi(`81Fy z{uRMWZ~$jRbE$kGB4splL@PylAZ4MFOd?j&p$75VIO@ZLuW~@^e^O>dwKA0bwz=>wNLlWOTyK5QBhx!(85~GZ!l_=!)Ur0K(1Gao zaNe66AVmFF+EnOsNu9SE5~$UPe=G|OXbOo&59{4m^97f91%i^Hn=OmWQUkTQnpsyF zep?H`yiW~kZu`K8t&?^q~RWNi{m^YOR(rar3{vLd-af z>3}pPbGtVJJJF_c=OE$fKT_C8xBuuzY`i)btNLjY8TBZYpIz0%}- zTv-^Q9%Kq2SoE5eTgC|K26P0zz{Wevy_*V|jZh3G1?#o>tB)A<9<5lwi@c(V+??{8 zjR=2$$CoRvjNY5Be)Dk@nCGN>ewV9G^--#Q68cx~SVADCeUg?V znjR||!>ab_4xdQ-chMkf4F8+E?NJar1CpaE*KRiYvH!|k7`BFB_#bk}zWb!2>c{L= zRa(7B>R4teEkAu#B`|+w%KG3GvkORXpi#;l4dk0jUC{9-oL#m`m_vL<5Orlrv-p?&{EDiB((o`F6-M}N%K zy#Qr%ZYwt(uv-*Nc*5+$vtFIyUn#+uY9wBV__c9wLxTt)Od4c{8J^!-*|@zaqFH;t z+jRI_DcH6IQ=88JZRCHmc2$yX!cY5LeIRs7k00Ex^NOJA+}Jkx0D@oIW1eIfgw&yUcW<9F~of z*9has6W4tXa8otBA9+S@8E)uNw`AM48bQ!LwwhdtvD70i_*@ikBTv>amob8MQ zKdiK=*>`l@0fpD?gT~&jso}MT1F#7!7iRS7A`<7=s*1D%D63H#HMys=&`E6;#w=>t8BUCgkx+k|obfu(HDqY!!f^>BrMI~#-?LHSh@@$dz zeoo~yK)k9Zbwk-{)Z)1wPbsF_j|DC@X2lf&UiR!U+Ux)Al1TN?D%Yw|i+xzSY@>b= z9{zkH-g^Uw13v{OBcpfmdHaPKu&|A~(rA8K(?j=ZofR}rM71tKATkkfh2>by6>Z=Q z8mTAhlm?-NKhHWsT=r|uE%hJ9^h6y2jCAOap)svN*#Tmajy!u|+6D!=baTouDx>a| zJ1nhu$_juPRtJg|B_m$!OH6e|l>%ivP?qn>563z*T?f@A7y|w;^H+36YWn53-41a@ zK)f$qKm5(~b72q77nqBBj8)LHR{+>ZLfnB28DWhF9RM*@qq6#WodSJVpjG)GHwuzGOJ(?W& zq;-TLopf-_ILTPdlL~Cna&P{XqMPG-orTbtlg7N|vc4b%5)%F?gc<(HI#bL?HR$9s zKv9(kH(PCZq%4!dWzMyb0^BdW4@5V&$$UgIkE26z@UUCLM8OBH=p@|4G()K-&|3Y+ zzhTVjmldsI%ZFE%<7SIRgI_}a=tPB)tYvg9PPSO|rj9m()0L>| zR8YytOP(rY*9-VUmpIMsr;q)cW6CzufqAh|c-goNaFNYG8IQyN>)a9u$>C@xAxl!) zgfDTjP5)j?4Pff0EE13LY3J`Tq+duvwzy_Lzr6;dIy(a5q(INh74U%4xAsTr8=_d@_(X}Y8jgsKwXFsgSP4Kd%4V!loIV&s5(RwR_ zXw%`TTfo(x>-oLrzz~vSn#Uwaxoy7Q%R-^I%FgK~V3X%0=Fu#=Wzw|%a|3Sf8gfD{ z@fl4$E`wt_t_}2O0W<^ILZ_^KcpVoV%d)Aa-*!0@rC&wg;{6$!9su2!*j5V?b$dI` zDZu;wy2;8B{K9}8<&aiZUHfjaV&F#xYpUad?;Kjqja~O(|IUPf+^t^*o5S6~NF5m| zyB);{3re_ybk$*aYKPB*P4}J7fM56b6x>wPovo+iWNVI%NrEuv^)PD^o9n&;THVI7 z)wYM|UH2K&h8rv!ZM5vBUdoYw`g^XOaSHDX{CnSg#Qj-xi*p=MWl_gMa=`H-J&_Q9 zk2N{`ZY-DEmF%Iz3(<}Df2f;9`dN*wcTcG;#+w-;;d}quI-p|_#LAL>S>TfZpTFM% zr~;v0IF;tJV9n7*J^Ledcz|q4uN5$(O40=xL+cXh;&1#tE!tu7fy!yqS_^;l Date: Wed, 28 Jun 2023 07:19:40 -0400 Subject: [PATCH 02/44] Update packages/tychon/changelog.yml Co-authored-by: Dan Kortschak <90160302+efd6@users.noreply.github.com> --- packages/tychon/changelog.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/tychon/changelog.yml b/packages/tychon/changelog.yml index 65dcf422976..511662349ab 100644 --- a/packages/tychon/changelog.yml +++ b/packages/tychon/changelog.yml @@ -1,5 +1,5 @@ # newer versions go on top -- version: "0.0.10" +- version: "0.0.1" changes: - description: Fixed incorrect types in field.yml and cleaned up formatting type: enhancement From 9bc9902e9f22d4e333bbe48269791deaaf177c64 Mon Sep 17 00:00:00 2001 From: joeperuzzi <122561341+joeperuzzi@users.noreply.github.com> Date: Wed, 28 Jun 2023 07:19:48 -0400 Subject: [PATCH 03/44] Update packages/tychon/_dev/build/build.yml Co-authored-by: Dan Kortschak <90160302+efd6@users.noreply.github.com> --- packages/tychon/_dev/build/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/tychon/_dev/build/build.yml b/packages/tychon/_dev/build/build.yml index 08d85edcf9a..875463aaf47 100644 --- a/packages/tychon/_dev/build/build.yml +++ b/packages/tychon/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@1.12 + reference: git@8.8 From ed2c9c19ad31d25452ff7634b3acc9988b6404da Mon Sep 17 00:00:00 2001 From: joeperuzzi <122561341+joeperuzzi@users.noreply.github.com> Date: Wed, 28 Jun 2023 07:19:57 -0400 Subject: [PATCH 04/44] Update packages/tychon/changelog.yml Co-authored-by: Dan Kortschak <90160302+efd6@users.noreply.github.com> --- packages/tychon/changelog.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/tychon/changelog.yml b/packages/tychon/changelog.yml index 511662349ab..e9ee6438459 100644 --- a/packages/tychon/changelog.yml +++ b/packages/tychon/changelog.yml @@ -3,4 +3,4 @@ changes: - description: Fixed incorrect types in field.yml and cleaned up formatting type: enhancement - link: https://github.com/elastic/integrations/pull/1 # FIXME Replace with the real PR link + link: https://github.com/elastic/integrations/pull/6701 From 4a0fa02cf887f9b362175e7eb6c305946055fa63 Mon Sep 17 00:00:00 2001 From: joeperuzzi <122561341+joeperuzzi@users.noreply.github.com> Date: Wed, 28 Jun 2023 07:24:24 -0400 Subject: [PATCH 05/44] Update packages/tychon/manifest.yml Co-authored-by: Dan Kortschak <90160302+efd6@users.noreply.github.com> --- packages/tychon/manifest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/tychon/manifest.yml b/packages/tychon/manifest.yml index 36bfcaf60e4..d2455eea0ce 100644 --- a/packages/tychon/manifest.yml +++ b/packages/tychon/manifest.yml @@ -32,4 +32,4 @@ policy_templates: title: Tychon description: Tychon owner: - github: elastic/integrations + github: elastic/security-external-integrations From bb3ea075bde8bb6728530a57940212cb83395594 Mon Sep 17 00:00:00 2001 From: joeperuzzi <122561341+joeperuzzi@users.noreply.github.com> Date: Wed, 28 Jun 2023 11:19:05 +0000 Subject: [PATCH 06/44] Please delete this file. It is not needed since the file in the root of the repo cover the code here --- packages/tychon/LICENSE.txt | 93 ------------------------------------- 1 file changed, 93 deletions(-) delete mode 100644 packages/tychon/LICENSE.txt diff --git a/packages/tychon/LICENSE.txt b/packages/tychon/LICENSE.txt deleted file mode 100644 index 809108b857f..00000000000 --- a/packages/tychon/LICENSE.txt +++ /dev/null @@ -1,93 +0,0 @@ -Elastic License 2.0 - -URL: https://www.elastic.co/licensing/elastic-license - -## Acceptance - -By using the software, you agree to all of the terms and conditions below. - -## Copyright License - -The licensor grants you a non-exclusive, royalty-free, worldwide, -non-sublicensable, non-transferable license to use, copy, distribute, make -available, and prepare derivative works of the software, in each case subject to -the limitations and conditions below. - -## Limitations - -You may not provide the software to third parties as a hosted or managed -service, where the service provides users with access to any substantial set of -the features or functionality of the software. - -You may not move, change, disable, or circumvent the license key functionality -in the software, and you may not remove or obscure any functionality in the -software that is protected by the license key. - -You may not alter, remove, or obscure any licensing, copyright, or other notices -of the licensor in the software. Any use of the licensor’s trademarks is subject -to applicable law. - -## Patents - -The licensor grants you a license, under any patent claims the licensor can -license, or becomes able to license, to make, have made, use, sell, offer for -sale, import and have imported the software, in each case subject to the -limitations and conditions in this license. This license does not cover any -patent claims that you cause to be infringed by modifications or additions to -the software. If you or your company make any written claim that the software -infringes or contributes to infringement of any patent, your patent license for -the software granted under these terms ends immediately. If your company makes -such a claim, your patent license ends immediately for work on behalf of your -company. - -## Notices - -You must ensure that anyone who gets a copy of any part of the software from you -also gets a copy of these terms. - -If you modify the software, you must include in any modified copies of the -software prominent notices stating that you have modified the software. - -## No Other Rights - -These terms do not imply any licenses other than those expressly granted in -these terms. - -## Termination - -If you use the software in violation of these terms, such use is not licensed, -and your licenses will automatically terminate. If the licensor provides you -with a notice of your violation, and you cease all violation of this license no -later than 30 days after you receive that notice, your licenses will be -reinstated retroactively. However, if you violate these terms after such -reinstatement, any additional violation of these terms will cause your licenses -to terminate automatically and permanently. - -## No Liability - -*As far as the law allows, the software comes as is, without any warranty or -condition, and the licensor will not be liable to you for any damages arising -out of these terms or the use or nature of the software, under any kind of -legal claim.* - -## Definitions - -The **licensor** is the entity offering these terms, and the **software** is the -software the licensor makes available under these terms, including any portion -of it. - -**you** refers to the individual or entity agreeing to these terms. - -**your company** is any legal entity, sole proprietorship, or other kind of -organization that you work for, plus all organizations that have control over, -are under the control of, or are under common control with that -organization. **control** means ownership of substantially all the assets of an -entity, or the power to direct its management and policies by vote, contract, or -otherwise. Control can be direct or indirect. - -**your licenses** are all the licenses granted to you for the software under -these terms. - -**use** means anything you do with the software requiring one of your licenses. - -**trademark** means trademarks, service marks, and similar rights. From 4e3ff95c99ee9755c9286b1fc292eaaa6c15e092 Mon Sep 17 00:00:00 2001 From: joeperuzzi <122561341+joeperuzzi@users.noreply.github.com> Date: Wed, 28 Jun 2023 11:27:52 +0000 Subject: [PATCH 07/44] Removed file based on PR Request --- LICENSE.txt | 93 ----------------------------------------------------- 1 file changed, 93 deletions(-) delete mode 100644 LICENSE.txt diff --git a/LICENSE.txt b/LICENSE.txt deleted file mode 100644 index 809108b857f..00000000000 --- a/LICENSE.txt +++ /dev/null @@ -1,93 +0,0 @@ -Elastic License 2.0 - -URL: https://www.elastic.co/licensing/elastic-license - -## Acceptance - -By using the software, you agree to all of the terms and conditions below. - -## Copyright License - -The licensor grants you a non-exclusive, royalty-free, worldwide, -non-sublicensable, non-transferable license to use, copy, distribute, make -available, and prepare derivative works of the software, in each case subject to -the limitations and conditions below. - -## Limitations - -You may not provide the software to third parties as a hosted or managed -service, where the service provides users with access to any substantial set of -the features or functionality of the software. - -You may not move, change, disable, or circumvent the license key functionality -in the software, and you may not remove or obscure any functionality in the -software that is protected by the license key. - -You may not alter, remove, or obscure any licensing, copyright, or other notices -of the licensor in the software. Any use of the licensor’s trademarks is subject -to applicable law. - -## Patents - -The licensor grants you a license, under any patent claims the licensor can -license, or becomes able to license, to make, have made, use, sell, offer for -sale, import and have imported the software, in each case subject to the -limitations and conditions in this license. This license does not cover any -patent claims that you cause to be infringed by modifications or additions to -the software. If you or your company make any written claim that the software -infringes or contributes to infringement of any patent, your patent license for -the software granted under these terms ends immediately. If your company makes -such a claim, your patent license ends immediately for work on behalf of your -company. - -## Notices - -You must ensure that anyone who gets a copy of any part of the software from you -also gets a copy of these terms. - -If you modify the software, you must include in any modified copies of the -software prominent notices stating that you have modified the software. - -## No Other Rights - -These terms do not imply any licenses other than those expressly granted in -these terms. - -## Termination - -If you use the software in violation of these terms, such use is not licensed, -and your licenses will automatically terminate. If the licensor provides you -with a notice of your violation, and you cease all violation of this license no -later than 30 days after you receive that notice, your licenses will be -reinstated retroactively. However, if you violate these terms after such -reinstatement, any additional violation of these terms will cause your licenses -to terminate automatically and permanently. - -## No Liability - -*As far as the law allows, the software comes as is, without any warranty or -condition, and the licensor will not be liable to you for any damages arising -out of these terms or the use or nature of the software, under any kind of -legal claim.* - -## Definitions - -The **licensor** is the entity offering these terms, and the **software** is the -software the licensor makes available under these terms, including any portion -of it. - -**you** refers to the individual or entity agreeing to these terms. - -**your company** is any legal entity, sole proprietorship, or other kind of -organization that you work for, plus all organizations that have control over, -are under the control of, or are under common control with that -organization. **control** means ownership of substantially all the assets of an -entity, or the power to direct its management and policies by vote, contract, or -otherwise. Control can be direct or indirect. - -**your licenses** are all the licenses granted to you for the software under -these terms. - -**use** means anything you do with the software requiring one of your licenses. - -**trademark** means trademarks, service marks, and similar rights. From 933b66b055f8663edf54f188d89bffbaa99a4982 Mon Sep 17 00:00:00 2001 From: joeperuzzi <122561341+joeperuzzi@users.noreply.github.com> Date: Wed, 28 Jun 2023 07:29:06 -0400 Subject: [PATCH 08/44] Update packages/tychon/data_stream/tychon_cve/agent/stream/stream.yml.hbs Co-authored-by: Dan Kortschak <90160302+efd6@users.noreply.github.com> --- .../tychon/data_stream/tychon_cve/agent/stream/stream.yml.hbs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/packages/tychon/data_stream/tychon_cve/agent/stream/stream.yml.hbs b/packages/tychon/data_stream/tychon_cve/agent/stream/stream.yml.hbs index 10abd0996dd..f08cd0ef71d 100644 --- a/packages/tychon/data_stream/tychon_cve/agent/stream/stream.yml.hbs +++ b/packages/tychon/data_stream/tychon_cve/agent/stream/stream.yml.hbs @@ -6,7 +6,8 @@ tags: {{#if preserve_original_event}} - preserve_original_event {{/if}} -{{#each tags as |tag i|}} +{{#each tags as |tag|}} + - {{tag}} {{/each}} {{#contains "forwarded" tags}} From 3f2a74272d9e187c207348e5a0221765308c5648 Mon Sep 17 00:00:00 2001 From: joeperuzzi <122561341+joeperuzzi@users.noreply.github.com> Date: Wed, 28 Jun 2023 11:34:26 +0000 Subject: [PATCH 09/44] adding TYCHON package to codeowners file --- .github/CODEOWNERS | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index d68b9c78c9b..484a0a43f36 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -215,6 +215,7 @@ /packages/trellix_epo_cloud @elastic/security-external-integrations /packages/trendmicro @elastic/security-external-integrations /packages/trend_micro_vision_one @elastic/security-external-integrations +/packages/tychon @elastic/security-external-integrations /packages/udp @elastic/security-external-integrations /packages/universal_profiling_agent @elastic/profiling /packages/universal_profiling_collector @elastic/profiling From be4c1001ca50bee0c94f701de9339a0e915ddff7 Mon Sep 17 00:00:00 2001 From: tychon1 <137804838+tychon1@users.noreply.github.com> Date: Wed, 28 Jun 2023 08:31:04 -0400 Subject: [PATCH 10/44] Update stream.yml.hbs Changed {{#each paths as |path i|}} to {{#each paths as |path|}} per efd6 request --- .../data_stream/tychon_cve/agent/stream/stream.yml.hbs | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/packages/tychon/data_stream/tychon_cve/agent/stream/stream.yml.hbs b/packages/tychon/data_stream/tychon_cve/agent/stream/stream.yml.hbs index f08cd0ef71d..5f9476deba2 100644 --- a/packages/tychon/data_stream/tychon_cve/agent/stream/stream.yml.hbs +++ b/packages/tychon/data_stream/tychon_cve/agent/stream/stream.yml.hbs @@ -1,5 +1,5 @@ paths: -{{#each paths as |path i|}} +{{#each paths as |path|}} - {{path}} {{/each}} tags: @@ -7,7 +7,6 @@ tags: - preserve_original_event {{/if}} {{#each tags as |tag|}} - - {{tag}} {{/each}} {{#contains "forwarded" tags}} @@ -20,4 +19,4 @@ processors: {{/if}} json: keys_under_root: true - expand_keys: true \ No newline at end of file + expand_keys: true From 8c23a3bb7bfc95ec342768e9e9828b3a7eb2a43d Mon Sep 17 00:00:00 2001 From: tychon1 <137804838+tychon1@users.noreply.github.com> Date: Wed, 28 Jun 2023 08:35:09 -0400 Subject: [PATCH 11/44] Update stream.yml.hbs Added new line to end per efd6 request. From f109f9388351992752e1b70cabc47e23f773e441 Mon Sep 17 00:00:00 2001 From: tychon1 <137804838+tychon1@users.noreply.github.com> Date: Wed, 28 Jun 2023 08:38:24 -0400 Subject: [PATCH 12/44] Update default.yml Updated ecs.version per efd6 request --- .../tychon_cve/elasticsearch/ingest_pipeline/default.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml b/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml index 5185211cbc1..61361230822 100644 --- a/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml @@ -16,7 +16,7 @@ processors: value: '{{_ingest.timestamp}}' - set: field: ecs.version - value: '8.5.1' + value: '8.8.0' - set: field: event.kind value: state @@ -47,4 +47,4 @@ processors: on_failure: - set: field: error.message - value: '{{ _ingest.on_failure_message }}' \ No newline at end of file + value: '{{ _ingest.on_failure_message }}' From 1ec186511801f79ec1d5f5b1d3a3f1edb04a2002 Mon Sep 17 00:00:00 2001 From: tychon1 <137804838+tychon1@users.noreply.github.com> Date: Wed, 28 Jun 2023 08:39:37 -0400 Subject: [PATCH 13/44] Update default.yml Added new line to end per efd6 request --- .../tychon_cve/elasticsearch/ingest_pipeline/default.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml b/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml index 61361230822..afb6c8cfb43 100644 --- a/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml @@ -48,3 +48,4 @@ on_failure: - set: field: error.message value: '{{ _ingest.on_failure_message }}' + From 32d77c6d9ee10779843605f7b9ea9ced323d5eb7 Mon Sep 17 00:00:00 2001 From: tychon1 <137804838+tychon1@users.noreply.github.com> Date: Wed, 28 Jun 2023 08:40:17 -0400 Subject: [PATCH 14/44] Update stream.yml.hbs --- .../tychon/data_stream/tychon_cve/agent/stream/stream.yml.hbs | 1 + 1 file changed, 1 insertion(+) diff --git a/packages/tychon/data_stream/tychon_cve/agent/stream/stream.yml.hbs b/packages/tychon/data_stream/tychon_cve/agent/stream/stream.yml.hbs index 5f9476deba2..4ffa1421cc1 100644 --- a/packages/tychon/data_stream/tychon_cve/agent/stream/stream.yml.hbs +++ b/packages/tychon/data_stream/tychon_cve/agent/stream/stream.yml.hbs @@ -20,3 +20,4 @@ processors: json: keys_under_root: true expand_keys: true + From e0bad7ad3f0daa47b7435740ff975a0799a22197 Mon Sep 17 00:00:00 2001 From: tychon1 <137804838+tychon1@users.noreply.github.com> Date: Wed, 28 Jun 2023 10:47:55 -0400 Subject: [PATCH 15/44] Update fields.yml Added descriptions to names. --- .../data_stream/tychon_cve/fields/fields.yml | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/packages/tychon/data_stream/tychon_cve/fields/fields.yml b/packages/tychon/data_stream/tychon_cve/fields/fields.yml index 6ffcf805e90..3b2dfaaeff5 100644 --- a/packages/tychon/data_stream/tychon_cve/fields/fields.yml +++ b/packages/tychon/data_stream/tychon_cve/fields/fields.yml @@ -2,57 +2,80 @@ type: group fields: - name: current_duration + description: Scanner Script Duration. type: long - name: current_time + description: Current datetime. type: date - name: name + description: Scanner Script Name. type: keyword - name: start + description: Scanner Start datetime. type: date - name: type + description: Scanner Script Type. type: keyword - name: version + description: Scanner Script Version. type: keyword - name: elastic_agent type: group fields: - name: id + description: Elastic Agent Id. type: keyword - name: snapshot + description: Elastic Agent snapshot. type: boolean - name: version + description: Elastic Agent Version. type: keyword - name: vulnerability type: group fields: - name: definition + description: National Vulnerability Database Vulnerability Definition. type: keyword - name: iava + description: Information Assurance Vulneraiblity Alert Identifier. type: keyword - name: iava_severity + description: Information Assurance Vulnerability Alert Severity. type: keyword - name: result + description: Pass/Fail Outcome of the Common Vulnerabilities and Exposures Scan. type: keyword - name: score.base + description: National Vulnerability Database Score of the Vulnerabilty. type: float - name: title + description: Common Vulnerabilities and Exposures Description and Title. type: keyword - name: version + description: Version Number of the Scan. type: keyword - name: year + description: Common Vulnerabilities and Exposures Year. type: long - name: event type: group fields: - name: created + description: Event creation datetime. type: date - name: ingested + description: Event ingestion datetime. type: date - name: host.containerized + description: Is Host Containerized. type: boolean - name: host.os.codename + description: Host OS codename. type: keyword - name: id + description: Vulnerability Id. type: keyword - name: message + description: Message content. type: match_only_text From 6035366cb917388ba0aca5db6f3a5392851507de Mon Sep 17 00:00:00 2001 From: tychon1 <137804838+tychon1@users.noreply.github.com> Date: Wed, 28 Jun 2023 10:59:41 -0400 Subject: [PATCH 16/44] Update README.md Removed Asset Identification and updated exported field for tychon_cve --- packages/tychon/docs/README.md | 60 +--------------------------------- 1 file changed, 1 insertion(+), 59 deletions(-) diff --git a/packages/tychon/docs/README.md b/packages/tychon/docs/README.md index 081e0decad3..76a9de2c733 100644 --- a/packages/tychon/docs/README.md +++ b/packages/tychon/docs/README.md @@ -10,70 +10,12 @@ ## Returned Data Fields -### Asset Identification - -TYCHON identifies an endpoint's operating system and returns the system details. - -**Exported fields** - -| Field | Description | Type | -|---|---|---| -|host.biossn | TYCHON Endpoint Identifer. | keyword | -|host.domain | Endpoint Domain. | ecs | -|host.hardware.bios.name | Basic Input/Output System Name. | keyword | -|host.hardware.bios.version | Basic Input/Output System Version. | keyword | -|host.hardware.cpu.caption | Central Processing Unit Caption. | keyword | -|host.hardware.manufacturer | Hardware Manufacturer. | keyword | -|host.hardware.owner | Hardware Owner. | keyword | -|host.hardware.serial_number | Hardware Serial Number. | keyword | -|host.hostname | Host Name. | ecs | -|host.id | Host Identifier. | ecs | -|host.ip | Host IP Address. | ecs | -|host.ipv4 | Host IPV4 Address. | keyword | -|host.ipv6 | Host IPV6 Address. | keyword | -|host.mac | Host MAC Address. | ecs | -|host.oem.manufacturer | Original Equipment Manufacturer Name. | keyword | -|host.oem.model | Original Equipment Manufacturer Model. | keyword | -|host.os.build | Operating System Build. | keyword | -|host.os.description | Operating System Description. | keyword | -|host.os.family | Operating System Family. | ecs | -|host.os.name | Operating System Name. | ecs | -|host.os.organization | Operating System Organization. | keyword | -|host.os.version | Operating System Version. | ecs | -|host.type | Host Type. | ecs | -|host.uptime | Host Uptime. | ecs | -|host.workgroup | Host Workgroup Name. | keyword | - ### Vulnerablities TYCHON scans for endpoint vulenrabilites and returns the results. **Exported fields** - -| Field | Description | Type | -|---|---|---| -| tychon.realm | TYCHON Customer Identifer. | keyword | -| tychon.id | TYCHON Endpoint Identifier. | keyword | -| tychon.campaign | TYCHON Campaign Identifer. | keyword | -| vulnerability.id | Common Vulnerabilities and Exposures Identifier of the Vulnerabliity Tested. | ecs | -| event.id | TYCHON Unique Identifier of the Common Vulnerabilities and Exposures Result for the Endpoint. | ecs | -| vulnerability.result | Pass/Fail Outcome of the Common Vulnerabilities and Exposures Scan. | keyword | -| vulnerability.reference | Reference Details of the Vulnerablity. | ecs | -| vulnerability.score.base | National Vulnerability Database Score of the Vulnerabilty. | ecs | -| vulnerability.score.version | National Vulnerability Database Score Version. | ecs | -| vulnerability.title | Common Vulnerabilities and Exposures Description and Title. | keyword | -| vulnerability.severity | National Vulnerability Database Vulnerability Severity. | ecs | -| vulnerability.iava | Information Assurance Vulneraiblity Alert Identifier. | keyword | -| vulnerability.iava_severity | Information Assurance Vulnerability Alert Severity. | keyword | -| vulnerability.year | Common Vulnerabilities and Exposures Year. | long | -| vulnerability.version | Version Number of the Scan. | keyword | -| vulnerability.scanner.vendor | Open Vulnerabilities and Assessment Language Scanner Vendor. | ecs | -| vulnerability.classification | Common Vulnerabilities and Exposures Scoring. | ecs | -| script.name | Scanner Script Name. | keyword | -| script.version | Scanner Script Version. | keyword | -| script.current_duration | Scanner Script Duration. | long | -| script.type | Scanner Script Type. | keyword | - +{{fields "tychon_cve"}} ### Endpoint Protection Platform From c6660a2d342dc68260c058dc1552b16ad4d970a8 Mon Sep 17 00:00:00 2001 From: tychon1 <137804838+tychon1@users.noreply.github.com> Date: Wed, 28 Jun 2023 19:05:50 +0000 Subject: [PATCH 17/44] Update README.md and Fields. --- packages/tychon/_dev/build/docs/README.md | 32 +++++++ .../data_stream/tychon_cve/fields/fields.yml | 70 +++++++-------- .../data_stream/tychon_epp/fields/fields.yml | 30 ++++++- .../data_stream/tychon_stig/fields/fields.yml | 40 ++++++++- packages/tychon/docs/README.md | 85 ------------------- 5 files changed, 130 insertions(+), 127 deletions(-) create mode 100644 packages/tychon/_dev/build/docs/README.md delete mode 100644 packages/tychon/docs/README.md diff --git a/packages/tychon/_dev/build/docs/README.md b/packages/tychon/_dev/build/docs/README.md new file mode 100644 index 00000000000..b43876f6f78 --- /dev/null +++ b/packages/tychon/_dev/build/docs/README.md @@ -0,0 +1,32 @@ +# TYCHON Agentless + +[TYCHON Agentless](https://tychon.io/products/tychon-agentless/) is an integration that lets you collect TYCHON's gold source vulnerability and STIG data from endpoints without heavy resource use or software installation. You can then investigate the TYCHON data using Elastic's analytics, visualizations, and dashboards. [Contact us to learn more.](https://tychon.io/start-a-free-trial/) + +## Compatibility + +* This integration supports Windows 10 and Windows 11 Endpoint Operating Systems. +* This integration requires a TYCHON Agentless license. +* This integration requires [TYCHON Vulnerability Definition](https://support.tychon.io/) files. + + +## Returned Data Fields +### Vulnerablities + +TYCHON scans for endpoint vulenrabilites and returns the results. + +**Exported fields** +{{fields "tychon_cve"}} + +### Endpoint Protection Platform + +TYCHON scans the endpoint's Windows Defender and returns protection status and version details. + +**Exported fields** +{{fields "tychon_epp"}} + +### Endpoint STIG Information + +The TYCHON benchmark script scans an endpoint's Windows configuration for STIG/XCCDF issues and returns information. + +**Exported fields** +{{fields "tychon_stig"}} diff --git a/packages/tychon/data_stream/tychon_cve/fields/fields.yml b/packages/tychon/data_stream/tychon_cve/fields/fields.yml index 3b2dfaaeff5..dafc7b54ae8 100644 --- a/packages/tychon/data_stream/tychon_cve/fields/fields.yml +++ b/packages/tychon/data_stream/tychon_cve/fields/fields.yml @@ -1,3 +1,33 @@ +- name: id + description: Tychon Unique Vulnerability Id. + type: keyword +- name: vulnerability + type: group + fields: + - name: definition + description: National Vulnerability Database Vulnerability Definition. + type: keyword + - name: iava + description: Information Assurance Vulneraiblity Alert Identifier. + type: keyword + - name: iava_severity + description: Information Assurance Vulnerability Alert Severity. + type: keyword + - name: result + description: Pass/Fail Outcome of the Common Vulnerabilities and Exposures Scan. + type: keyword + - name: score.base + description: National Vulnerability Database Score of the Vulnerabilty. + type: float + - name: title + description: Common Vulnerabilities and Exposures Description and Title. + type: keyword + - name: version + description: Version Number of the Scan. + type: keyword + - name: year + description: Common Vulnerabilities and Exposures Year. + type: long - name: script type: group fields: @@ -31,51 +61,15 @@ - name: version description: Elastic Agent Version. type: keyword -- name: vulnerability - type: group - fields: - - name: definition - description: National Vulnerability Database Vulnerability Definition. - type: keyword - - name: iava - description: Information Assurance Vulneraiblity Alert Identifier. - type: keyword - - name: iava_severity - description: Information Assurance Vulnerability Alert Severity. - type: keyword - - name: result - description: Pass/Fail Outcome of the Common Vulnerabilities and Exposures Scan. - type: keyword - - name: score.base - description: National Vulnerability Database Score of the Vulnerabilty. - type: float - - name: title - description: Common Vulnerabilities and Exposures Description and Title. - type: keyword - - name: version - description: Version Number of the Scan. - type: keyword - - name: year - description: Common Vulnerabilities and Exposures Year. - type: long - name: event type: group fields: - name: created - description: Event creation datetime. + description: Event Creation Datetime. type: date - name: ingested - description: Event ingestion datetime. + description: Event Ingestion Datetime. type: date -- name: host.containerized - description: Is Host Containerized. - type: boolean -- name: host.os.codename - description: Host OS codename. - type: keyword -- name: id - description: Vulnerability Id. - type: keyword - name: message description: Message content. type: match_only_text diff --git a/packages/tychon/data_stream/tychon_epp/fields/fields.yml b/packages/tychon/data_stream/tychon_epp/fields/fields.yml index 3433a1eee83..8e86a26faa1 100644 --- a/packages/tychon/data_stream/tychon_epp/fields/fields.yml +++ b/packages/tychon/data_stream/tychon_epp/fields/fields.yml @@ -1,19 +1,26 @@ - name: id + description: TYCHON Unique Idnentifier of the Common Vulnerabilities and Exposures Result for the Endpoint. type: keyword - name: script type: group fields: - name: current_duration + description: Current Scanner Script Duration. type: long - name: current_time + description: Current Script datetime. type: date - name: name + description: Scanner Script Name. type: keyword - name: start + description: Scanner Start datetime. type: date - name: type + description: Scanner Script Type. type: keyword - name: version + description: Scanner Script Version. type: keyword - name: windows_defender group: 2 @@ -23,64 +30,83 @@ type: group fields: - name: behavior_monitor.status + description: Windows Defender Behavior Monitor Status. type: keyword - name: ioav_protection.status + description: Windows Defender iOffice Antivirus Protection Status. type: keyword - name: on_access_protection.status + description: Windows Defender On Access Protection Status. type: keyword - name: real_time_protection.status + description: Windows Defender Real-time Procection Status. type: keyword - name: antimalware type: group fields: - name: engine_version - type: keyword - - name: product_version + description: Windows Defender Antimalware Engine Version. type: keyword - name: signature_version + description: Windows Defender Antimalware Signature Version. type: keyword - name: status + description: Windows Defender Antimalware Status. type: keyword - name: antispyware type: group fields: - name: signature_version + description: Windows Defender Antispyware Signature Version. type: keyword - name: status + description: Windows Defender Antispyware Status. type: keyword - name: antivirus type: group fields: - name: full_scan.signature_version + description: Windows Defender Antivirus Full Scan Version. type: keyword - name: quick_scan.signature_version + description: Windows Defender Antivirus Signature Version. type: keyword - name: status + description: Windows Defender Antivirus Status. type: keyword - name: nis type: group fields: - name: engine_version + description: Windows Defender Network Inspection System Engine Version. type: keyword - name: signature_version + description: Windows Defender Network Inspection System Signature Version. type: keyword - name: status + description: Windows Defender Network Inspection System Status. type: keyword - name: elastic_agent type: group fields: - name: id + description: Elastic Agent Id. type: keyword - name: snapshot + description: Elastic Agent snapshot. type: boolean - name: version + description: Elastic Agent Version. type: keyword - name: event type: group fields: - name: created + description: Event Creation Datetime. type: date - name: ingested + description: Event Ingestion Datetime. type: date - name: message + description: Message content. type: match_only_text diff --git a/packages/tychon/data_stream/tychon_stig/fields/fields.yml b/packages/tychon/data_stream/tychon_stig/fields/fields.yml index 8b93caa8af6..6f0664b13fb 100644 --- a/packages/tychon/data_stream/tychon_stig/fields/fields.yml +++ b/packages/tychon/data_stream/tychon_stig/fields/fields.yml @@ -1,96 +1,132 @@ - name: id + description: Tychon Unique Stig Id. type: keyword - name: benchmark type: group fields: - name: guid + description: Benchmark GUID. type: keyword - name: generated_utc + description: Benchmark UTC. type: keyword - name: hash + description: Benchmark SHA256 Hash type: keyword - name: name + description: Benchmark Name. type: keyword - name: title + description: Benchmark Title. type: keyword - name: version + description: Benchmark Version. type: keyword - name: list + description: Benchmark Summary Name List. type: keyword - name: count + description: Benchmark Summary Name List Item Count. type: long - name: oval type: group fields: - name: id + description: Open Vulnerabilities and Assessment Language Identifier. type: keyword - name: class + description: Open Vulnerabilities and Assessment Language Class. type: keyword - name: refid + description: Open Vulnerabilities and Assessment Language Rule Reference Identifier. type: keyword - name: rule type: group fields: - name: id + description: Benchmark Rule Identifier. type: keyword - name: finding_id + description: Benchmark Rule Finding Identifier. type: keyword - name: severity + description: Benchmark Severity Status. type: keyword - name: result + description: Benchmark Test Results. type: keyword - name: title + description: Benchmark Rule Title. type: keyword - name: weight + description: Benchmark Rule Weight. type: float - name: benchmark type: group fields: - name: guid + description: Benchmark Rule GUID. type: keyword - name: profile.id + description: Benchmark Rule Profile Identifier. type: keyword - name: title + description: Benchmark Rule Title. type: keyword - name: oval type: group fields: - name: id + description: Open Vulnerabilities and Assessment Language Identifier. type: keyword - name: class + description: Open Vulnerabilities and Assessment Language Class. type: keyword - name: refid + description: Open Vulnerabilities and Assessment Language Reference Identifier. type: keyword - name: script type: group fields: - - name: current_time - type: date - name: current_duration + description: Scanner Script Duration. type: long + - name: current_time + description: Current datetime. + type: date - name: name + description: Scanner Script Name. type: keyword - name: start + description: Scanner Start datetime. type: date - name: type + description: Scanner Script Type. type: keyword - name: version + description: Scanner Script Version. type: keyword - name: elastic_agent type: group fields: - name: id + description: Elastic Agent Id. type: keyword - name: snapshot + description: Elastic Agent snapshot. type: boolean - name: version + description: Elastic Agent Version. type: keyword - name: event type: group fields: - name: created + description: Event Creation Datetime. type: date - name: ingested + description: Event Ingestion Datetime. type: date - name: error.message + description: Error Message Content. type: match_only_text diff --git a/packages/tychon/docs/README.md b/packages/tychon/docs/README.md deleted file mode 100644 index 76a9de2c733..00000000000 --- a/packages/tychon/docs/README.md +++ /dev/null @@ -1,85 +0,0 @@ -# TYCHON Agentless - -[TYCHON Agentless](https://tychon.io/products/tychon-agentless/) is an integration that lets you collect TYCHON's gold source vulnerability and STIG data from endpoints without heavy resource use or software installation. You can then investigate the TYCHON data using Elastic's analytics, visualizations, and dashboards. [Contact us to learn more.](https://tychon.io/start-a-free-trial/) - -## Compatibility - -* This integration supports Windows 10 and Windows 11 Endpoint Operating Systems. -* This integration requires a TYCHON Agentless license. -* This integration requires [TYCHON Vulnerability Definition](https://support.tychon.io/) files. - - -## Returned Data Fields -### Vulnerablities - -TYCHON scans for endpoint vulenrabilites and returns the results. - -**Exported fields** -{{fields "tychon_cve"}} - -### Endpoint Protection Platform - -TYCHON scans the endpoint's Windows Defender and returns protection status and version details. - -**Exported fields** - -| Field | Description | Type | -|---|---|---| -| tychon.realm | The TYCHON Customer Identifer. | keyword | -| tychon.id | TYCHON Endpoint Identifier. | keyword | -| tychon.campaign | TYCHON Campaign Identifer. | keyword | -| windows_defender.service.antimalware.status | Windows Defender Antimailware Status. | keyword | -| windows_defender.service.antimalware.signature_version | Windows Defender Antimailware Signature Version. | keyword | -| windows_defender.service.antimalware.engine_version | Windows Defender Antimailware Engine Version. | keyword | -| windows_defender.service.antispyware.status | Windows Defender Antispyware Status. | keyword | -| windows_defender.service.antispyware.signature_version | Windows Defender Antispyware Signature Version. | keyword | -| windows_defender.service.antivirus.status | Windows Defender Antivirus Status. | keyword | -| windows_defender.service.antivirus.full_scan.signature_version | Windows Defender Antivirus Signature Status. | keyword | -| windows_defender.service.antivirus.quick_scan.signature_version | Windows Defender Antivirus Signature Version. | keyword | -| windows_defender.service.nis.status | Windows Defender Network Inspection System Status. | keyword | -| windows_defender.service.nis.signature_version | Windows Defender Network Inspection System Signature Version. | keyword | -| windows_defender.service.nis.engine_version | Windows Defender Network Inspection System Version. | keyword | -| windows_defender.service.behavior_monitor.status | Windows Defender Behavior Monitor Status. | keyword | -| windows_defender.service.ioav_protection.status | Windows Defender iOffice Antivirus Protection Status. | keyword | -| windows_defender.service.on_access_protection.status | Windows Defender On Access Protection Status. | keyword | -| windows_defender.service.real_time_protection.status | Windows Defender Real-time Procection Status. | keyword | -| script.name | Scanner Script Name. | keyword | -| script.version | Scanner Script Version. | keyword | -| script.current_duration | Scanner Script Duration. | long | -| script.type | Scanner Script Type. | keyword | - -### Endpoint STIG Information - -The TYCHON benchmark script scans an endpoint's Windows configuration for STIG/XCCDF issues and returns information. - -**Exported fields** - -| Field | Description | Type | -|---|---|---| -| tychon.realm | The TYCHON Customer Identifer. | keyword | -| tychon.id | TYCHON Endpoint Identifier | keyword | -| tychon.campaign | TYCHON Campaign Identifer. | keyword | -| id | TYCHON Unique Idnentifier of the Common Vulnerabilities and Exposures Result for the Endpoint. | keyword | -| rule.oval.id | Open Vulnerabilities and Assessment Language Rule Identifier. | keyword | -| rule.finding_id | Open Vulnerabilities and Assessment Language Rule Finding Identifier. | keyword | -| rule.id | Benchmark Rule Identifier. | ecs | -| rule.result | Benchmark Test Results. | keyword | -| rule.severity | Benchmark Severity Status. | keyword | -| rule.weight | Benchmark Rule Weight. | keyword | -| benchmark.name | Benchmark Name. | keyword | -| benchmark.version | Benchmark Version. | keyword | -| benchmark.generated_utc | Benchmark UTC. | date | -| benchmark.hash | Benchmark SHA256 Hash | SHA256 | -| rule.benchmark.guid | Benchmark Rule GUID. | keyword | -| rule.benchmark.profile.id | Benchmark Rule Profile Identifier. | keyword | -| benchmark.title | Benchmark Title. | keyword | -| rule.benchmark.title | Benchmark Rule Title. | keyword | -| rule.oval.refid | Open Vulnerabilities and Assessment Language Rule Reference Identifier. | keyword | -| rule.oval.class | Open Vulnerabilities and Assessment Language Rule Class. | keyword | -| oval.class | Open Vulnerabilities and Assessment Language Class. | keyword | -| oval.id | Open Vulnerabilities and Assessment Language Identifier. | keyword | -| oval.refid | Open Vulnerabilities and Assessment Language Reference Identifier. | keyword | -| script.name | Scanner Script Name. | keyword | -| script.version | Scanner Script Version. | keyword | -| script.current_duration | Scanner Script Duration. | long | -| script.type | Scanner Script Type. | keyword | From b8f8608247f5a10299197950d351227a0287134f Mon Sep 17 00:00:00 2001 From: tychon1 <137804838+tychon1@users.noreply.github.com> Date: Thu, 29 Jun 2023 14:05:01 +0000 Subject: [PATCH 18/44] Update missing descriptions --- .../data_stream/tychon_cve/fields/agent.yml | 21 +++++++++++++++++++ .../tychon_cve/fields/base-fields.yml | 5 ++++- .../data_stream/tychon_epp/fields/agent.yml | 21 +++++++++++++++++++ .../tychon_epp/fields/base-fields.yml | 5 ++++- .../data_stream/tychon_epp/fields/fields.yml | 3 +++ .../data_stream/tychon_stig/fields/agent.yml | 21 +++++++++++++++++++ .../tychon_stig/fields/base-fields.yml | 5 ++++- 7 files changed, 78 insertions(+), 3 deletions(-) diff --git a/packages/tychon/data_stream/tychon_cve/fields/agent.yml b/packages/tychon/data_stream/tychon_cve/fields/agent.yml index b016157d3d2..5c48fd15007 100644 --- a/packages/tychon/data_stream/tychon_cve/fields/agent.yml +++ b/packages/tychon/data_stream/tychon_cve/fields/agent.yml @@ -86,8 +86,10 @@ type: group fields: - name: id + description: Unique host id. As hostname is not always unique, use values that are meaningful in your environment. type: keyword - name: biossn + description: Host BIOS Serial Number. type: keyword - name: domain level: extended @@ -110,8 +112,10 @@ type: ip description: Host ip addresses. - name: ipv4 + description: Host IPv4. type: keyword - name: ipv6 + description: Host IPv6. type: keyword - name: mac level: core @@ -119,32 +123,43 @@ ignore_above: 1024 description: Host mac addresses. - name: type + description: Type of host. For Cloud providers this can be the machine type like t2.medium. If vm, this could be the container, for example, or other information meaningful in your environment. type: keyword - name: uptime + description: Seconds the host has been up. type: long - name: workgroup + description: Host Workgroup Network Name. type: keyword - name: oem type: group fields: - name: manufacturer + description: Host OEM Manufacturer. type: keyword - name: model + description: Host OEM Model. type: keyword - name: os type: group fields: - name: build + description: Host OS Build. type: keyword - name: description + description: Host OS Description. type: keyword - name: family + description: OS family (such as redhat, debian, freebsd, windows). type: keyword - name: name + description: Operating system name, without the version. type: keyword - name: organization + description: Host OS Organization. type: keyword - name: version + description: Operating system version as a raw string. type: keyword - name: hardware type: group @@ -153,17 +168,23 @@ type: group fields: - name: name + description: Host BIOS Name. type: keyword - name: version + description: Host BIOS Version. type: keyword - name: cpu type: group fields: - name: caption + description: Host CPU Caption. type: keyword - name: manufacturer + description: Host BIOS Manufacturer. type: keyword - name: owner + description: Host BIOS Owner. type: keyword - name: serial_number + description: Host BIOS Serial Number. type: keyword diff --git a/packages/tychon/data_stream/tychon_cve/fields/base-fields.yml b/packages/tychon/data_stream/tychon_cve/fields/base-fields.yml index 12f19913146..44a26fd137a 100644 --- a/packages/tychon/data_stream/tychon_cve/fields/base-fields.yml +++ b/packages/tychon/data_stream/tychon_cve/fields/base-fields.yml @@ -1,6 +1,8 @@ - name: input.type + description: Source file type. type: keyword - name: log.offset + description: Source file current offset. type: long - name: data_stream.type type: constant_keyword @@ -13,6 +15,7 @@ description: Data stream namespace. - name: event.module type: keyword - description: Event module + description: Event module. - name: '@timestamp' + description: Event timestamp. type: date diff --git a/packages/tychon/data_stream/tychon_epp/fields/agent.yml b/packages/tychon/data_stream/tychon_epp/fields/agent.yml index b016157d3d2..5c48fd15007 100644 --- a/packages/tychon/data_stream/tychon_epp/fields/agent.yml +++ b/packages/tychon/data_stream/tychon_epp/fields/agent.yml @@ -86,8 +86,10 @@ type: group fields: - name: id + description: Unique host id. As hostname is not always unique, use values that are meaningful in your environment. type: keyword - name: biossn + description: Host BIOS Serial Number. type: keyword - name: domain level: extended @@ -110,8 +112,10 @@ type: ip description: Host ip addresses. - name: ipv4 + description: Host IPv4. type: keyword - name: ipv6 + description: Host IPv6. type: keyword - name: mac level: core @@ -119,32 +123,43 @@ ignore_above: 1024 description: Host mac addresses. - name: type + description: Type of host. For Cloud providers this can be the machine type like t2.medium. If vm, this could be the container, for example, or other information meaningful in your environment. type: keyword - name: uptime + description: Seconds the host has been up. type: long - name: workgroup + description: Host Workgroup Network Name. type: keyword - name: oem type: group fields: - name: manufacturer + description: Host OEM Manufacturer. type: keyword - name: model + description: Host OEM Model. type: keyword - name: os type: group fields: - name: build + description: Host OS Build. type: keyword - name: description + description: Host OS Description. type: keyword - name: family + description: OS family (such as redhat, debian, freebsd, windows). type: keyword - name: name + description: Operating system name, without the version. type: keyword - name: organization + description: Host OS Organization. type: keyword - name: version + description: Operating system version as a raw string. type: keyword - name: hardware type: group @@ -153,17 +168,23 @@ type: group fields: - name: name + description: Host BIOS Name. type: keyword - name: version + description: Host BIOS Version. type: keyword - name: cpu type: group fields: - name: caption + description: Host CPU Caption. type: keyword - name: manufacturer + description: Host BIOS Manufacturer. type: keyword - name: owner + description: Host BIOS Owner. type: keyword - name: serial_number + description: Host BIOS Serial Number. type: keyword diff --git a/packages/tychon/data_stream/tychon_epp/fields/base-fields.yml b/packages/tychon/data_stream/tychon_epp/fields/base-fields.yml index 12f19913146..44a26fd137a 100644 --- a/packages/tychon/data_stream/tychon_epp/fields/base-fields.yml +++ b/packages/tychon/data_stream/tychon_epp/fields/base-fields.yml @@ -1,6 +1,8 @@ - name: input.type + description: Source file type. type: keyword - name: log.offset + description: Source file current offset. type: long - name: data_stream.type type: constant_keyword @@ -13,6 +15,7 @@ description: Data stream namespace. - name: event.module type: keyword - description: Event module + description: Event module. - name: '@timestamp' + description: Event timestamp. type: date diff --git a/packages/tychon/data_stream/tychon_epp/fields/fields.yml b/packages/tychon/data_stream/tychon_epp/fields/fields.yml index 8e86a26faa1..9629bdb81c9 100644 --- a/packages/tychon/data_stream/tychon_epp/fields/fields.yml +++ b/packages/tychon/data_stream/tychon_epp/fields/fields.yml @@ -47,6 +47,9 @@ - name: engine_version description: Windows Defender Antimalware Engine Version. type: keyword + - name: product_version + description: Windows Defender Antimalware Product Version. + type: keyword - name: signature_version description: Windows Defender Antimalware Signature Version. type: keyword diff --git a/packages/tychon/data_stream/tychon_stig/fields/agent.yml b/packages/tychon/data_stream/tychon_stig/fields/agent.yml index b016157d3d2..5c48fd15007 100644 --- a/packages/tychon/data_stream/tychon_stig/fields/agent.yml +++ b/packages/tychon/data_stream/tychon_stig/fields/agent.yml @@ -86,8 +86,10 @@ type: group fields: - name: id + description: Unique host id. As hostname is not always unique, use values that are meaningful in your environment. type: keyword - name: biossn + description: Host BIOS Serial Number. type: keyword - name: domain level: extended @@ -110,8 +112,10 @@ type: ip description: Host ip addresses. - name: ipv4 + description: Host IPv4. type: keyword - name: ipv6 + description: Host IPv6. type: keyword - name: mac level: core @@ -119,32 +123,43 @@ ignore_above: 1024 description: Host mac addresses. - name: type + description: Type of host. For Cloud providers this can be the machine type like t2.medium. If vm, this could be the container, for example, or other information meaningful in your environment. type: keyword - name: uptime + description: Seconds the host has been up. type: long - name: workgroup + description: Host Workgroup Network Name. type: keyword - name: oem type: group fields: - name: manufacturer + description: Host OEM Manufacturer. type: keyword - name: model + description: Host OEM Model. type: keyword - name: os type: group fields: - name: build + description: Host OS Build. type: keyword - name: description + description: Host OS Description. type: keyword - name: family + description: OS family (such as redhat, debian, freebsd, windows). type: keyword - name: name + description: Operating system name, without the version. type: keyword - name: organization + description: Host OS Organization. type: keyword - name: version + description: Operating system version as a raw string. type: keyword - name: hardware type: group @@ -153,17 +168,23 @@ type: group fields: - name: name + description: Host BIOS Name. type: keyword - name: version + description: Host BIOS Version. type: keyword - name: cpu type: group fields: - name: caption + description: Host CPU Caption. type: keyword - name: manufacturer + description: Host BIOS Manufacturer. type: keyword - name: owner + description: Host BIOS Owner. type: keyword - name: serial_number + description: Host BIOS Serial Number. type: keyword diff --git a/packages/tychon/data_stream/tychon_stig/fields/base-fields.yml b/packages/tychon/data_stream/tychon_stig/fields/base-fields.yml index 12f19913146..44a26fd137a 100644 --- a/packages/tychon/data_stream/tychon_stig/fields/base-fields.yml +++ b/packages/tychon/data_stream/tychon_stig/fields/base-fields.yml @@ -1,6 +1,8 @@ - name: input.type + description: Source file type. type: keyword - name: log.offset + description: Source file current offset. type: long - name: data_stream.type type: constant_keyword @@ -13,6 +15,7 @@ description: Data stream namespace. - name: event.module type: keyword - description: Event module + description: Event module. - name: '@timestamp' + description: Event timestamp. type: date From 782a7fc39cf83aca24cbff535aff83f576df6a16 Mon Sep 17 00:00:00 2001 From: tychon1 <137804838+tychon1@users.noreply.github.com> Date: Thu, 29 Jun 2023 14:12:30 +0000 Subject: [PATCH 19/44] Put License back --- packages/tychon/LICENSE.txt | 93 +++++++++++++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 packages/tychon/LICENSE.txt diff --git a/packages/tychon/LICENSE.txt b/packages/tychon/LICENSE.txt new file mode 100644 index 00000000000..809108b857f --- /dev/null +++ b/packages/tychon/LICENSE.txt @@ -0,0 +1,93 @@ +Elastic License 2.0 + +URL: https://www.elastic.co/licensing/elastic-license + +## Acceptance + +By using the software, you agree to all of the terms and conditions below. + +## Copyright License + +The licensor grants you a non-exclusive, royalty-free, worldwide, +non-sublicensable, non-transferable license to use, copy, distribute, make +available, and prepare derivative works of the software, in each case subject to +the limitations and conditions below. + +## Limitations + +You may not provide the software to third parties as a hosted or managed +service, where the service provides users with access to any substantial set of +the features or functionality of the software. + +You may not move, change, disable, or circumvent the license key functionality +in the software, and you may not remove or obscure any functionality in the +software that is protected by the license key. + +You may not alter, remove, or obscure any licensing, copyright, or other notices +of the licensor in the software. Any use of the licensor’s trademarks is subject +to applicable law. + +## Patents + +The licensor grants you a license, under any patent claims the licensor can +license, or becomes able to license, to make, have made, use, sell, offer for +sale, import and have imported the software, in each case subject to the +limitations and conditions in this license. This license does not cover any +patent claims that you cause to be infringed by modifications or additions to +the software. If you or your company make any written claim that the software +infringes or contributes to infringement of any patent, your patent license for +the software granted under these terms ends immediately. If your company makes +such a claim, your patent license ends immediately for work on behalf of your +company. + +## Notices + +You must ensure that anyone who gets a copy of any part of the software from you +also gets a copy of these terms. + +If you modify the software, you must include in any modified copies of the +software prominent notices stating that you have modified the software. + +## No Other Rights + +These terms do not imply any licenses other than those expressly granted in +these terms. + +## Termination + +If you use the software in violation of these terms, such use is not licensed, +and your licenses will automatically terminate. If the licensor provides you +with a notice of your violation, and you cease all violation of this license no +later than 30 days after you receive that notice, your licenses will be +reinstated retroactively. However, if you violate these terms after such +reinstatement, any additional violation of these terms will cause your licenses +to terminate automatically and permanently. + +## No Liability + +*As far as the law allows, the software comes as is, without any warranty or +condition, and the licensor will not be liable to you for any damages arising +out of these terms or the use or nature of the software, under any kind of +legal claim.* + +## Definitions + +The **licensor** is the entity offering these terms, and the **software** is the +software the licensor makes available under these terms, including any portion +of it. + +**you** refers to the individual or entity agreeing to these terms. + +**your company** is any legal entity, sole proprietorship, or other kind of +organization that you work for, plus all organizations that have control over, +are under the control of, or are under common control with that +organization. **control** means ownership of substantially all the assets of an +entity, or the power to direct its management and policies by vote, contract, or +otherwise. Control can be direct or indirect. + +**your licenses** are all the licenses granted to you for the software under +these terms. + +**use** means anything you do with the software requiring one of your licenses. + +**trademark** means trademarks, service marks, and similar rights. From ee83a6c2dc34aba7548a5de9d2cafce455be03d1 Mon Sep 17 00:00:00 2001 From: tychon1 <137804838+tychon1@users.noreply.github.com> Date: Thu, 29 Jun 2023 16:22:11 +0000 Subject: [PATCH 20/44] Added pipeline tests --- .../tychon_cve/_dev/test-common-config.yml | 4 + .../_dev/test/pipeline/test-generated.json | 8 + .../test-generated.json-expected.json | 126 +++++++++++++++ .../_dev/test/pipeline/test-common-config.yml | 4 + .../_dev/test/pipeline/test-generated.json | 8 + .../test/test-generated.json-expected.json | 143 ++++++++++++++++++ .../_dev/test/pipeline/test-generated.json | 8 + .../test-generated.json-expected.json | 138 +++++++++++++++++ .../_dev/test/test-common-config.yml | 4 + 9 files changed, 443 insertions(+) create mode 100644 packages/tychon/data_stream/tychon_cve/_dev/test-common-config.yml create mode 100644 packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-generated.json create mode 100644 packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-generated.json-expected.json create mode 100644 packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-common-config.yml create mode 100644 packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-generated.json create mode 100644 packages/tychon/data_stream/tychon_epp/_dev/test/test-generated.json-expected.json create mode 100644 packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-generated.json create mode 100644 packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-generated.json-expected.json create mode 100644 packages/tychon/data_stream/tychon_stig/_dev/test/test-common-config.yml diff --git a/packages/tychon/data_stream/tychon_cve/_dev/test-common-config.yml b/packages/tychon/data_stream/tychon_cve/_dev/test-common-config.yml new file mode 100644 index 00000000000..f7c11099fd8 --- /dev/null +++ b/packages/tychon/data_stream/tychon_cve/_dev/test-common-config.yml @@ -0,0 +1,4 @@ +fields: + "@timestamp": "2023-06-29T15:00:58.875284827Z" + tags: + - preserve_original_event diff --git a/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-generated.json b/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-generated.json new file mode 100644 index 00000000000..9b0a58f259b --- /dev/null +++ b/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-generated.json @@ -0,0 +1,8 @@ +{ + "events": [ + { + "@timestamp": "2023-06-29T15:00:58.875284827Z", + "message": "{\"host.biossn\":\"1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB\",\"host.domain\":\"\",\"host.hardware.bios.name\":\"Phoenix Technologies LTD\",\"host.hardware.bios.version\":\"6.00\",\"host.hardware.cpu.caption\":\"Intel64 Family 6 Model 45 Stepping 7\",\"host.hardware.manufacturer\":\"VMware, Inc.\",\"host.hardware.owner\":\"dcuser\",\"host.hardware.serial_number\":\"VMware-56 4d da 1c 0a cf 55 aa-ff 70 b5 c7 ba ef 9a eb\",\"host.hostname\":\"DESKTOP-TIUKL1R\",\"host.id\":\"bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP\",\"host.ip\":\"10.1.9.112,fe80::40d1:5287:42b9:5645\",\"host.ipv4\":\"10.1.9.112\",\"host.ipv6\":\"fe80::40d1:5287:42b9:5645\",\"host.mac\":\"00:0C:29:EF:9A:EB\",\"host.oem.manufacturer\":\"\",\"host.oem.model\":\"\",\"host.os.build\":\"22000\",\"host.os.description\":\"\",\"host.os.family\":\"Windows\",\"host.os.name\":\"Microsoft Windows 11 Education N\",\"host.os.organization\":\"\",\"host.os.version\":\"10.0.22000\",\"host.type\":\"Workstation\",\"host.uptime\":145287,\"host.workgroup\":\"WORKGROUP\",\"id\":\"bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP_CVE-2013-3900\",\"script.current_duration\":\"315381.28\",\"script.current_time\":\"2023-06-15T21:58:02Z\",\"script.name\":\"Invoke-CveScan.ps1\",\"script.start\":\"2023-06-15T21:52:47Z\",\"script.type\":\"powershell\",\"script.version\":\"0.1.0\",\"vulnerability.classification\":\"vulnerability\",\"vulnerability.iava\":\"2013-A-0227\",\"vulnerability.iava_severity\":\"CAT II\",\"vulnerability.id\":\"CVE-2013-3900\",\"vulnerability.reference\":\"https://www.scaprepo.com/view.jsp?id=CVE-2013-3900\",\"vulnerability.result\":\"fail\",\"vulnerability.scanner.vendor\":\"TYCHON\",\"vulnerability.score.base\":\"7.60\",\"vulnerability.score.version\":\"2.0\",\"vulnerability.severity\":\"HIGH\",\"vulnerability.title\":\"The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does \",\"vulnerability.version\":1,\"vulnerability.year\":\"2013\"}" + } + ] +} \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-generated.json-expected.json b/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-generated.json-expected.json new file mode 100644 index 00000000000..56d7815e73e --- /dev/null +++ b/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-generated.json-expected.json @@ -0,0 +1,126 @@ +{ + "expected": [ + { + "agent": { + "name": "DESKTOP-TIUKL1R", + "id": "1ce3ec61-ef09-43eb-a01b-ce85a1ca1203", + "type": "filebeat", + "ephemeral_id": "f23ef062-3619-4369-976e-42d98f49ac86", + "version": "8.6.2" + }, + "log": { + "file": { + "path": "C:\\ProgramData\\TYCHONCLOUD\\eventlogs\\tychon_cve_info.json" + }, + "offset": 0 + }, + "elastic_agent": { + "id": "1ce3ec61-ef09-43eb-a01b-ce85a1ca1203", + "version": "8.6.2", + "snapshot": false + }, + "vulnerability": { + "severity": "HIGH", + "year": "2013", + "title": "The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does ", + "classification": "cvss", + "version": 1, + "result": "fail", + "reference": "https://www.scaprepo.com/view.jsp?id=CVE-2013-3900", + "score": { + "version": "2.0", + "base": "7.60" + }, + "iava": "2013-A-0227", + "iava_severity": "CAT II", + "scanner": { + "vendor": "tychon" + }, + "id": "CVE-2013-3900", + "category": "oval", + "enumeration": "CVE" + }, + "script": { + "current_duration": "34477.13", + "name": "Invoke-CveScan.ps1", + "start": "2023-06-29T15:00:06Z", + "type": "powershell", + "version": "0.1.0", + "current_time": "2023-06-29T15:00:41Z" + }, + "tags": [ + "tychon-cve" + ], + "input": { + "type": "log" + }, + "@timestamp": "2023-06-29T15:00:58.875284827Z", + "ecs": { + "version": "8.8.0" + }, + "data_stream": { + "namespace": "default", + "type": "logs", + "dataset": "tychon.tychon_cve" + }, + "host": { + "workgroup": "WORKGROUP", + "os": { + "build": "22000.2057", + "kernel": "10.0.22000.2057 (WinBuild.160101.0800)", + "organization": "", + "name": "Windows 11 Education N", + "description": "", + "type": "windows", + "family": "windows", + "version": "10.0", + "platform": "windows" + }, + "ip": [ + "fe80::40d1:5287:42b9:5645", + "10.1.9.112" + ], + "type": "Workstation", + "mac": [ + "00-0C-29-EF-9A-EB" + ], + "uptime": 764025, + "biossn": "1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB", + "hostname": "DESKTOP-TIUKL1R", + "ipv4": "10.1.9.112", + "oem": { + "model": "", + "manufacturer": "" + }, + "ipv6": "fe80::40d1:5287:42b9:5645", + "domain": "", + "name": "DESKTOP-TIUKL1R", + "id": "a6353cf9-a98a-4526-9dbb-9362c34318b0", + "hardware": { + "owner": "dcuser", + "bios": { + "name": "Phoenix Technologies LTD", + "version": "6.00" + }, + "cpu": { + "caption": "Intel64 Family 6 Model 45 Stepping 7" + }, + "serial_number": "VMware-56 4d da 1c 0a cf 55 aa-ff 70 b5 c7 ba ef 9a eb", + "manufacturer": "VMware, Inc." + }, + "architecture": "x86_64" + }, + "id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP_CVE-2013-3900", + "event": { + "agent_id_status": "verified", + "ingested": "2023-06-29T15:00:58Z", + "timezone": "-04:00", + "kind": "state", + "module": "tychon", + "category": "vulnerability", + "dataset": "tychon.tychon_cve", + "outcome": "fail" + } + } + ] +} \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-common-config.yml b/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-common-config.yml new file mode 100644 index 00000000000..f7c11099fd8 --- /dev/null +++ b/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-common-config.yml @@ -0,0 +1,4 @@ +fields: + "@timestamp": "2023-06-29T15:00:58.875284827Z" + tags: + - preserve_original_event diff --git a/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-generated.json b/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-generated.json new file mode 100644 index 00000000000..17d2ce35ef7 --- /dev/null +++ b/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-generated.json @@ -0,0 +1,8 @@ +{ + "events": [ + { + "@timestamp": "2023-06-29T15:00:58.875284827Z", + "message": "{\"windows_defender.service.antimalware.status\":\"Enabled\",\"windows_defender.service.real_time_protection.status\":\"Enabled\",\"windows_defender.service.antispyware.signature_version\":\"1.391.1546.0\",\"script.type\":\"powershell\",\"host.os.build\":\"22000\",\"host.ip\":\"10.1.9.112,fe80::40d1:5287:42b9:5645\",\"windows_defender.service.antivirus.quick_scan.signature_version\":\"1.391.1470.0\",\"host.hostname\":\"DESKTOP-TIUKL1R\",\"host.hardware.manufacturer\":\"VMware, Inc.\",\"windows_defender.service.antivirus.status\":\"Enabled\",\"script.start\":\"2023-06-15T20:13:03Z\",\"host.os.name\":\"Microsoft Windows 11 Education N\",\"host.hardware.cpu.caption\":\"Intel64 Family 6 Model 45 Stepping 7\",\"host.os.organization\":\"\",\"host.hardware.owner\":\"dcuser\",\"windows_defender.service.antispyware.status\":\"Enabled\",\"host.workgroup\":\"WORKGROUP\",\"host.ipv4\":\"10.1.9.112\",\"host.os.version\":\"10.0.22000\",\"windows_defender.service.antivirus.full_scan.signature_version\":\"\",\"host.hardware.bios.name\":\"Phoenix Technologies LTD\",\"host.type\":\"Workstation\",\"windows_defender.service.behavior_monitor.status\":\"Enabled\",\"host.id\":\"bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP\",\"host.biossn\":\"1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB\",\"host.mac\":\"00:0C:29:EF:9A:EB\",\"host.oem.model\":\"\",\"host.uptime\":\"139304\",\"id\":\"bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP\",\"windows_defender.service.antimalware.product_version\":\"4.18.23050.5\",\"host.hardware.serial_number\":\"VMware-56 4d da 1c 0a cf 55 aa-ff 70 b5 c7 ba ef 9a eb\",\"windows_defender.service.ioav_protection.status\":\"Enabled\",\"windows_defender.service.on_access_protection.status\":\"Enabled\",\"script.name\":\"Get-TychonEppSetting.ps1\",\"windows_defender.service.antimalware.engine_version\":\"1.1.23050.3\",\"windows_defender.service.nis.engine_version\":\"1.1.23050.3\",\"script.version\":\"0.1.0\",\"host.oem.manufacturer\":\"\",\"host.os.description\":\"\",\"script.current_duration\":\"1129.20\",\"host.ipv6\":\"fe80::40d1:5287:42b9:5645\",\"script.current_time\":\"2023-06-15T20:13:04Z\",\"windows_defender.service.nis.signature_version\":\"1.391.1546.0\",\"host.hardware.bios.version\":\"6.00\",\"windows_defender.service.nis.status\":\"Enabled\",\"host.domain\":\"\",\"host.os.family\":\"Windows\"}" + } + ] +} \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_epp/_dev/test/test-generated.json-expected.json b/packages/tychon/data_stream/tychon_epp/_dev/test/test-generated.json-expected.json new file mode 100644 index 00000000000..b228b308fb3 --- /dev/null +++ b/packages/tychon/data_stream/tychon_epp/_dev/test/test-generated.json-expected.json @@ -0,0 +1,143 @@ +{ + "expected": [ + { + "agent": { + "name": "DESKTOP-TIUKL1R", + "id": "1ce3ec61-ef09-43eb-a01b-ce85a1ca1203", + "type": "filebeat", + "ephemeral_id": "f23ef062-3619-4369-976e-42d98f49ac86", + "version": "8.6.2" + }, + "windows_defender": { + "service": { + "on_access_protection": { + "status": "Enabled" + }, + "antivirus": { + "quick_scan": { + "signature_version": "1.391.2951.0" + }, + "full_scan": { + "signature_version": "" + }, + "status": "Enabled" + }, + "behavior_monitor": { + "status": "Enabled" + }, + "antispyware": { + "signature_version": "1.391.3001.0", + "status": "Enabled" + }, + "nis": { + "signature_version": "1.391.3001.0", + "engine_version": "1.1.23050.3", + "status": "Enabled" + }, + "antimalware": { + "product_version": "4.18.23050.5", + "engine_version": "1.1.23050.3", + "status": "Enabled" + }, + "real_time_protection": { + "status": "Enabled" + }, + "ioav_protection": { + "status": "Enabled" + } + } + }, + "log": { + "file": { + "path": "C:\\ProgramData\\TYCHONCLOUD\\eventlogs\\tychon_epp_info.json" + }, + "offset": 0 + }, + "elastic_agent": { + "id": "1ce3ec61-ef09-43eb-a01b-ce85a1ca1203", + "version": "8.6.2", + "snapshot": false + }, + "script": { + "current_duration": "1286.30", + "name": "Get-TychonEppSetting.ps1", + "start": "2023-06-29T14:36:19Z", + "type": "powershell", + "version": "0.1.0", + "current_time": "2023-06-29T14:36:20Z" + }, + "tags": [ + "tychon-epp-info" + ], + "input": { + "type": "log" + }, + "@timestamp": "2023-06-29T15:00:58.875284827Z", + "ecs": { + "version": "8.5.1" + }, + "data_stream": { + "namespace": "default", + "type": "logs", + "dataset": "tychon.tychon_epp" + }, + "host": { + "workgroup": "WORKGROUP", + "os": { + "build": "22000.2057", + "kernel": "10.0.22000.2057 (WinBuild.160101.0800)", + "organization": "", + "name": "Windows 11 Education N", + "description": "", + "type": "windows", + "family": "windows", + "version": "10.0", + "platform": "windows" + }, + "ip": [ + "fe80::40d1:5287:42b9:5645", + "10.1.9.112" + ], + "type": "Workstation", + "mac": [ + "00-0C-29-EF-9A-EB" + ], + "uptime": "762599", + "biossn": "1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB", + "hostname": "DESKTOP-TIUKL1R", + "ipv4": "10.1.9.112", + "oem": { + "model": "", + "manufacturer": "" + }, + "ipv6": "fe80::40d1:5287:42b9:5645", + "domain": "", + "name": "DESKTOP-TIUKL1R", + "id": "a6353cf9-a98a-4526-9dbb-9362c34318b0", + "architecture": "x86_64", + "hardware": { + "owner": "dcuser", + "bios": { + "name": "Phoenix Technologies LTD", + "version": "6.00" + }, + "cpu": { + "caption": "Intel64 Family 6 Model 45 Stepping 7" + }, + "serial_number": "VMware-56 4d da 1c 0a cf 55 aa-ff 70 b5 c7 ba ef 9a eb", + "manufacturer": "VMware, Inc." + } + }, + "id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP", + "event": { + "agent_id_status": "verified", + "ingested": "2023-06-29T15:01:01Z", + "timezone": "-04:00", + "kind": "state", + "module": "tychon", + "category": "host", + "dataset": "tychon.tychon_epp" + } + } + ] +} \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-generated.json b/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-generated.json new file mode 100644 index 00000000000..c6ce9c888a9 --- /dev/null +++ b/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-generated.json @@ -0,0 +1,8 @@ +{ + "events": [ + { + "@timestamp": "2023-06-29T15:00:58.875284827Z", + "message": "{\"rule.benchmark.profile.id\":\"xccdf_mil.disa.stig_profile_Disable_Slow_Rules\",\"benchmark.name\":\"scap_mil.disa.stig_cref_U_MS_Windows_11_V1R2_STIG_SCAP_1-2_Benchmark-xccdf.xml\",\"rule.weight\":\"10.0\",\"rule.title\":\"\",\"rule.id\":\"\",\"rule.oval.refid\":\"\",\"script.type\":\"powershell\",\"host.os.build\":\"22000\",\"host.ip\":\"10.1.9.112,fe80::40d1:5287:42b9:5645\",\"rule.name\":\"xccdf_mil.disa.stig_rule_SV-253254r828846_rule\",\"script.version\":\"0.1.0\",\"host.hostname\":\"DESKTOP-TIUKL1R\",\"host.hardware.manufacturer\":\"VMware, Inc.\",\"benchmark.guid\":\"\",\"script.start\":\"2023-06-15T20:14:11Z\",\"host.os.name\":\"Microsoft Windows 11 Education N\",\"id\":\"bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP_oval:mil.disa.stig.windows11:def:253254_B5876182441699AE4B0B035ED3907DA0898FCA4BDE607D5320342F1862DE0379\",\"rule.test_result\":\"not applicable\",\"host.os.organization\":\"\",\"host.hardware.cpu.caption\":\"Intel64 Family 6 Model 45 Stepping 7\",\"benchmark.hash\":\"B5876182441699AE4B0B035ED3907DA0898FCA4BDE607D5320342F1862DE0379\",\"host.hardware.owner\":\"dcuser\",\"host.workgroup\":\"WORKGROUP\",\"host.hardware.serial_number\":\"VMware-56 4d da 1c 0a cf 55 aa-ff 70 b5 c7 ba ef 9a eb\",\"host.ipv4\":\"10.1.9.112\",\"host.os.version\":\"10.0.22000\",\"host.hardware.bios.name\":\"Phoenix Technologies LTD\",\"host.type\":\"Workstation\",\"script.name\":\"Invoke-TychonStigBenchmarkScan.ps1\",\"oval.id\":\"oval:mil.disa.stig.windows11:def:253254\",\"rule.finding_id\":\"\",\"rule.oval.class\":\"compliance\",\"rule.benchmark.title\":\"scap_mil.disa.stig_cref_U_MS_Windows_11_V1R2_STIG_SCAP_1-2_Benchmark-xccdf.xml\",\"rule.benchmark.guid\":\"\",\"host.id\":\"bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP\",\"oval.class\":\"compliance\",\"host.biossn\":\"1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB\",\"host.mac\":\"00:0C:29:EF:9A:EB\",\"oval.refid\":\"\",\"rule.severity\":\"medium\",\"host.oem.model\":\"\",\"host.uptime\":\"139370\",\"benchmark.version\":\"1.2\",\"script.current_time\":\"2023-06-15T20:19:35Z\",\"benchmark.title\":\"scap_mil.disa.stig_cref_U_MS_Windows_11_V1R2_STIG_SCAP_1-2_Benchmark-xccdf.xml\",\"rule.oval.id\":\"oval:mil.disa.stig.windows11:def:253254\",\"benchmark.generated_utc\":\"2023-03-28T17:40:48\",\"host.oem.manufacturer\":\"\",\"host.os.description\":\"\",\"script.current_duration\":\"324194.34\",\"host.ipv6\":\"fe80::40d1:5287:42b9:5645\",\"host.hardware.bios.version\":\"6.00\",\"host.domain\":\"\",\"host.os.family\":\"Windows\"}" + } + ] +} \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-generated.json-expected.json b/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-generated.json-expected.json new file mode 100644 index 00000000000..55f85bd25f3 --- /dev/null +++ b/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-generated.json-expected.json @@ -0,0 +1,138 @@ +{ + "expected": [ + { + "agent": { + "name": "DESKTOP-TIUKL1R", + "id": "1ce3ec61-ef09-43eb-a01b-ce85a1ca1203", + "type": "filebeat", + "ephemeral_id": "f23ef062-3619-4369-976e-42d98f49ac86", + "version": "8.6.2" + }, + "log": { + "file": { + "path": "C:\\ProgramData\\TYCHONCLOUD\\eventlogs\\tychon_stig_info.json" + }, + "offset": 712779 + }, + "oval": { + "id": "oval:mil.disa.stig.windows11:def:253254", + "refid": "", + "class": "compliance" + }, + "elastic_agent": { + "id": "1ce3ec61-ef09-43eb-a01b-ce85a1ca1203", + "version": "8.6.2", + "snapshot": false + }, + "rule": { + "severity": "medium", + "result": "not applicable", + "finding_id": "", + "oval": { + "refid": "", + "id": "oval:mil.disa.stig.windows11:def:253254", + "class": "compliance" + }, + "name": "xccdf_mil.disa.stig_rule_SV-253254r828846_rule", + "weight": "10.0", + "id": "", + "title": "", + "benchmark": { + "profile": { + "id": "xccdf_mil.disa.stig_profile_Disable_Slow_Rules" + }, + "guid": "", + "title": "scap_mil.disa.stig_cref_U_MS_Windows_11_V1R2_STIG_SCAP_1-2_Benchmark-xccdf.xml" + } + }, + "script": { + "current_duration": "347397.53", + "name": "Invoke-TychonStigBenchmarkScan.ps1", + "start": "2023-06-23T03:05:45Z", + "type": "powershell", + "version": "0.1.0", + "current_time": "2023-06-23T03:11:33Z" + }, + "benchmark": { + "generated_utc": "2023-03-28T17:40:48", + "name": "scap_mil.disa.stig_cref_U_MS_Windows_11_V1R2_STIG_SCAP_1-2_Benchmark-xccdf.xml", + "guid": "", + "title": "scap_mil.disa.stig_cref_U_MS_Windows_11_V1R2_STIG_SCAP_1-2_Benchmark-xccdf.xml", + "version": "1.2", + "hash": "B5876182441699AE4B0B035ED3907DA0898FCA4BDE607D5320342F1862DE0379" + }, + "tags": [ + "tychon-stig-info" + ], + "input": { + "type": "log" + }, + "@timestamp": "2023-06-29T15:00:58.875284827Z", + "ecs": { + "version": "8.5.1" + }, + "data_stream": { + "namespace": "default", + "type": "logs", + "dataset": "tychon.tychon_stig" + }, + "host": { + "workgroup": "WORKGROUP", + "os": { + "build": "22000.2057", + "kernel": "10.0.22000.2057 (WinBuild.160101.0800)", + "organization": "", + "name": "Windows 11 Education N", + "description": "", + "type": "windows", + "family": "windows", + "version": "10.0", + "platform": "windows" + }, + "ip": [ + "fe80::40d1:5287:42b9:5645", + "10.1.9.112" + ], + "type": "Workstation", + "mac": [ + "00-0C-29-EF-9A-EB" + ], + "uptime": "202779", + "biossn": "1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB", + "hostname": "DESKTOP-TIUKL1R", + "ipv4": "10.1.9.112", + "oem": { + "model": "", + "manufacturer": "" + }, + "ipv6": "fe80::40d1:5287:42b9:5645", + "domain": "", + "name": "DESKTOP-TIUKL1R", + "id": "a6353cf9-a98a-4526-9dbb-9362c34318b0", + "hardware": { + "owner": "dcuser", + "bios": { + "name": "Phoenix Technologies LTD", + "version": "6.00" + }, + "cpu": { + "caption": "Intel64 Family 6 Model 45 Stepping 7" + }, + "serial_number": "VMware-56 4d da 1c 0a cf 55 aa-ff 70 b5 c7 ba ef 9a eb", + "manufacturer": "VMware, Inc." + }, + "architecture": "x86_64" + }, + "id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP_oval:mil.disa.stig.windows11:def:253254_B5876182441699AE4B0B035ED3907DA0898FCA4BDE607D5320342F1862DE0379", + "event": { + "agent_id_status": "verified", + "ingested": "2023-06-29T15:01:05Z", + "timezone": "-04:00", + "kind": "state", + "module": "tychon", + "category": "host", + "dataset": "tychon.tychon_stig" + } + } + ] +} \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_stig/_dev/test/test-common-config.yml b/packages/tychon/data_stream/tychon_stig/_dev/test/test-common-config.yml new file mode 100644 index 00000000000..f7c11099fd8 --- /dev/null +++ b/packages/tychon/data_stream/tychon_stig/_dev/test/test-common-config.yml @@ -0,0 +1,4 @@ +fields: + "@timestamp": "2023-06-29T15:00:58.875284827Z" + tags: + - preserve_original_event From 8e83866732466d41689cde8a543dee7d28864f2a Mon Sep 17 00:00:00 2001 From: tychon1 <137804838+tychon1@users.noreply.github.com> Date: Thu, 6 Jul 2023 19:24:40 +0000 Subject: [PATCH 21/44] Updated pipeline tests --- packages/tychon/_dev/build/build.yml | 2 +- .../tychon_cve/_dev/test-common-config.yml | 4 - .../_dev/test/pipeline/test-cve.json | 51 +++++ .../test/pipeline/test-cve.json-expected.json | 91 +++++++++ .../_dev/test/pipeline/test-generated.json | 8 - .../test-generated.json-expected.json | 126 ------------ .../_dev/test/test-cve.json-config.yml | 3 + .../elasticsearch/ingest_pipeline/default.yml | 57 ++++-- .../_dev/test/pipeline/test-common-config.yml | 4 - .../_dev/test/pipeline/test-epp.json | 53 +++++ .../test/pipeline/test-epp.json-config.yml | 3 + .../test/pipeline/test-epp.json-expected.json | 106 ++++++++++ .../_dev/test/pipeline/test-generated.json | 8 - .../test/test-generated.json-expected.json | 143 -------------- .../elasticsearch/ingest_pipeline/default.yml | 15 +- .../tychon_stig/_dev/test-stig.json | 60 ++++++ .../_dev/test/pipeline/test-generated.json | 8 - .../test/pipeline/test-stig.json-config.yml | 3 + ...cted.json => test-stig.json-expected.json} | 181 +++++++----------- .../_dev/test/test-common-config.yml | 4 - .../elasticsearch/ingest_pipeline/default.yml | 28 ++- .../data_stream/tychon_stig/fields/fields.yml | 2 +- 22 files changed, 518 insertions(+), 442 deletions(-) delete mode 100644 packages/tychon/data_stream/tychon_cve/_dev/test-common-config.yml create mode 100644 packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json create mode 100644 packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json-expected.json delete mode 100644 packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-generated.json delete mode 100644 packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-generated.json-expected.json create mode 100644 packages/tychon/data_stream/tychon_cve/_dev/test/test-cve.json-config.yml delete mode 100644 packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-common-config.yml create mode 100644 packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json create mode 100644 packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-config.yml create mode 100644 packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-expected.json delete mode 100644 packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-generated.json delete mode 100644 packages/tychon/data_stream/tychon_epp/_dev/test/test-generated.json-expected.json create mode 100644 packages/tychon/data_stream/tychon_stig/_dev/test-stig.json delete mode 100644 packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-generated.json create mode 100644 packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-config.yml rename packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/{test-generated.json-expected.json => test-stig.json-expected.json} (51%) delete mode 100644 packages/tychon/data_stream/tychon_stig/_dev/test/test-common-config.yml diff --git a/packages/tychon/_dev/build/build.yml b/packages/tychon/_dev/build/build.yml index 875463aaf47..074278e5b1f 100644 --- a/packages/tychon/_dev/build/build.yml +++ b/packages/tychon/_dev/build/build.yml @@ -1,3 +1,3 @@ dependencies: ecs: - reference: git@8.8 + reference: git@v8.8.0 diff --git a/packages/tychon/data_stream/tychon_cve/_dev/test-common-config.yml b/packages/tychon/data_stream/tychon_cve/_dev/test-common-config.yml deleted file mode 100644 index f7c11099fd8..00000000000 --- a/packages/tychon/data_stream/tychon_cve/_dev/test-common-config.yml +++ /dev/null @@ -1,4 +0,0 @@ -fields: - "@timestamp": "2023-06-29T15:00:58.875284827Z" - tags: - - preserve_original_event diff --git a/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json b/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json new file mode 100644 index 00000000000..a968a6c9bcd --- /dev/null +++ b/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json @@ -0,0 +1,51 @@ +{ + "events": [ + { + "host.biossn": "1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB", + "host.domain": "", + "host.hardware.bios.name": "Phoenix Technologies LTD", + "host.hardware.bios.version": "6.00", + "host.hardware.cpu.caption": "Intel64 Family 6 Model 45 Stepping 7", + "host.hardware.manufacturer": "VMware, Inc.", + "host.hardware.owner": "dcuser", + "host.hardware.serial_number": "VMware-56 4d da 1c 0a cf 55 aa-ff 70 b5 c7 ba ef 9a eb", + "host.hostname": "DESKTOP-TIUKL1R", + "host.id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP", + "host.ip": "10.1.9.112,fe80::40d1:5287:42b9:5645", + "host.ipv4": "10.1.9.112", + "host.ipv6": "fe80::40d1:5287:42b9:5645", + "host.mac": "00:0C:29:EF:9A:EB", + "host.oem.manufacturer": "", + "host.oem.model": "", + "host.os.build": "22000", + "host.os.description": "", + "host.os.family": "Windows", + "host.os.name": "Microsoft Windows 11 Education N", + "host.os.organization": "", + "host.os.version": "10.0.22000", + "host.type": "Workstation", + "host.uptime": 145287, + "host.workgroup": "WORKGROUP", + "id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP_CVE-2013-3900", + "script.current_duration": "315381.28", + "script.current_time": "2023-06-15T21:58:02Z", + "script.name": "Invoke-CveScan.ps1", + "script.start": "2023-06-15T21:52:47Z", + "script.type": "powershell", + "script.version": "0.1.0", + "vulnerability.classification": "vulnerability", + "vulnerability.iava": "2013-A-0227", + "vulnerability.iava_severity": "CAT II", + "vulnerability.id": "CVE-2013-3900", + "vulnerability.reference": "https://www.scaprepo.com/view.jsp?id=CVE-2013-3900", + "vulnerability.result": "fail", + "vulnerability.scanner.vendor": "TYCHON", + "vulnerability.score.base": "7.60", + "vulnerability.score.version": "2.0", + "vulnerability.severity": "HIGH", + "vulnerability.title": "The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does ", + "vulnerability.version": 1, + "vulnerability.year": "2013" + } + ] +} \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json-expected.json b/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json-expected.json new file mode 100644 index 00000000000..c19e2ff771b --- /dev/null +++ b/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json-expected.json @@ -0,0 +1,91 @@ +{ + "expected": [ + { + "@timestamp": "2023-07-05T13:31:28.772195022Z", + "ecs": { + "version": "8.8.0" + }, + "event": { + "category": [ + "vulnerability" + ], + "ingested": "2023-07-05T13:31:28.772195022Z", + "kind": "state", + "module": "tychon", + "outcome": "failure" + }, + "host": { + "biossn": "1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB", + "domain": "", + "hardware": { + "bios": { + "name": "Phoenix Technologies LTD", + "version": "6.00" + }, + "cpu": { + "caption": "Intel64 Family 6 Model 45 Stepping 7" + }, + "manufacturer": "VMware, Inc.", + "owner": "dcuser", + "serial_number": "VMware-56 4d da 1c 0a cf 55 aa-ff 70 b5 c7 ba ef 9a eb" + }, + "hostname": "DESKTOP-TIUKL1R", + "id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP", + "ip": [ + "10.1.9.112", + "fe80::40d1:5287:42b9:5645" + ], + "ipv4": "10.1.9.112", + "ipv6": "fe80::40d1:5287:42b9:5645", + "mac": "00:0C:29:EF:9A:EB", + "oem": { + "manufacturer": "", + "model": "" + }, + "os": { + "build": "22000", + "description": "", + "family": "Windows", + "name": "Microsoft Windows 11 Education N", + "organization": "", + "version": "10.0.22000" + }, + "type": "Workstation", + "uptime": 145287, + "workgroup": "WORKGROUP" + }, + "id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP_CVE-2013-3900", + "script": { + "current_duration": 315381.28, + "current_time": "2023-06-15T21:58:02Z", + "name": "Invoke-CveScan.ps1", + "start": "2023-06-15T21:52:47Z", + "type": "powershell", + "version": "0.1.0" + }, + "vulnerability": { + "category": [ + "oval" + ], + "classification": "cvss", + "enumeration": "CVE", + "iava": "2013-A-0227", + "iava_severity": "CAT II", + "id": "CVE-2013-3900", + "reference": "https://www.scaprepo.com/view.jsp?id=CVE-2013-3900", + "result": "fail", + "scanner": { + "vendor": "tychon" + }, + "score": { + "base": 7.6, + "version": "2.0" + }, + "severity": "HIGH", + "title": "The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does ", + "version": "1", + "year": 2013 + } + } + ] +} \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-generated.json b/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-generated.json deleted file mode 100644 index 9b0a58f259b..00000000000 --- a/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-generated.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "events": [ - { - "@timestamp": "2023-06-29T15:00:58.875284827Z", - "message": "{\"host.biossn\":\"1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB\",\"host.domain\":\"\",\"host.hardware.bios.name\":\"Phoenix Technologies LTD\",\"host.hardware.bios.version\":\"6.00\",\"host.hardware.cpu.caption\":\"Intel64 Family 6 Model 45 Stepping 7\",\"host.hardware.manufacturer\":\"VMware, Inc.\",\"host.hardware.owner\":\"dcuser\",\"host.hardware.serial_number\":\"VMware-56 4d da 1c 0a cf 55 aa-ff 70 b5 c7 ba ef 9a eb\",\"host.hostname\":\"DESKTOP-TIUKL1R\",\"host.id\":\"bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP\",\"host.ip\":\"10.1.9.112,fe80::40d1:5287:42b9:5645\",\"host.ipv4\":\"10.1.9.112\",\"host.ipv6\":\"fe80::40d1:5287:42b9:5645\",\"host.mac\":\"00:0C:29:EF:9A:EB\",\"host.oem.manufacturer\":\"\",\"host.oem.model\":\"\",\"host.os.build\":\"22000\",\"host.os.description\":\"\",\"host.os.family\":\"Windows\",\"host.os.name\":\"Microsoft Windows 11 Education N\",\"host.os.organization\":\"\",\"host.os.version\":\"10.0.22000\",\"host.type\":\"Workstation\",\"host.uptime\":145287,\"host.workgroup\":\"WORKGROUP\",\"id\":\"bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP_CVE-2013-3900\",\"script.current_duration\":\"315381.28\",\"script.current_time\":\"2023-06-15T21:58:02Z\",\"script.name\":\"Invoke-CveScan.ps1\",\"script.start\":\"2023-06-15T21:52:47Z\",\"script.type\":\"powershell\",\"script.version\":\"0.1.0\",\"vulnerability.classification\":\"vulnerability\",\"vulnerability.iava\":\"2013-A-0227\",\"vulnerability.iava_severity\":\"CAT II\",\"vulnerability.id\":\"CVE-2013-3900\",\"vulnerability.reference\":\"https://www.scaprepo.com/view.jsp?id=CVE-2013-3900\",\"vulnerability.result\":\"fail\",\"vulnerability.scanner.vendor\":\"TYCHON\",\"vulnerability.score.base\":\"7.60\",\"vulnerability.score.version\":\"2.0\",\"vulnerability.severity\":\"HIGH\",\"vulnerability.title\":\"The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does \",\"vulnerability.version\":1,\"vulnerability.year\":\"2013\"}" - } - ] -} \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-generated.json-expected.json b/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-generated.json-expected.json deleted file mode 100644 index 56d7815e73e..00000000000 --- a/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-generated.json-expected.json +++ /dev/null @@ -1,126 +0,0 @@ -{ - "expected": [ - { - "agent": { - "name": "DESKTOP-TIUKL1R", - "id": "1ce3ec61-ef09-43eb-a01b-ce85a1ca1203", - "type": "filebeat", - "ephemeral_id": "f23ef062-3619-4369-976e-42d98f49ac86", - "version": "8.6.2" - }, - "log": { - "file": { - "path": "C:\\ProgramData\\TYCHONCLOUD\\eventlogs\\tychon_cve_info.json" - }, - "offset": 0 - }, - "elastic_agent": { - "id": "1ce3ec61-ef09-43eb-a01b-ce85a1ca1203", - "version": "8.6.2", - "snapshot": false - }, - "vulnerability": { - "severity": "HIGH", - "year": "2013", - "title": "The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does ", - "classification": "cvss", - "version": 1, - "result": "fail", - "reference": "https://www.scaprepo.com/view.jsp?id=CVE-2013-3900", - "score": { - "version": "2.0", - "base": "7.60" - }, - "iava": "2013-A-0227", - "iava_severity": "CAT II", - "scanner": { - "vendor": "tychon" - }, - "id": "CVE-2013-3900", - "category": "oval", - "enumeration": "CVE" - }, - "script": { - "current_duration": "34477.13", - "name": "Invoke-CveScan.ps1", - "start": "2023-06-29T15:00:06Z", - "type": "powershell", - "version": "0.1.0", - "current_time": "2023-06-29T15:00:41Z" - }, - "tags": [ - "tychon-cve" - ], - "input": { - "type": "log" - }, - "@timestamp": "2023-06-29T15:00:58.875284827Z", - "ecs": { - "version": "8.8.0" - }, - "data_stream": { - "namespace": "default", - "type": "logs", - "dataset": "tychon.tychon_cve" - }, - "host": { - "workgroup": "WORKGROUP", - "os": { - "build": "22000.2057", - "kernel": "10.0.22000.2057 (WinBuild.160101.0800)", - "organization": "", - "name": "Windows 11 Education N", - "description": "", - "type": "windows", - "family": "windows", - "version": "10.0", - "platform": "windows" - }, - "ip": [ - "fe80::40d1:5287:42b9:5645", - "10.1.9.112" - ], - "type": "Workstation", - "mac": [ - "00-0C-29-EF-9A-EB" - ], - "uptime": 764025, - "biossn": "1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB", - "hostname": "DESKTOP-TIUKL1R", - "ipv4": "10.1.9.112", - "oem": { - "model": "", - "manufacturer": "" - }, - "ipv6": "fe80::40d1:5287:42b9:5645", - "domain": "", - "name": "DESKTOP-TIUKL1R", - "id": "a6353cf9-a98a-4526-9dbb-9362c34318b0", - "hardware": { - "owner": "dcuser", - "bios": { - "name": "Phoenix Technologies LTD", - "version": "6.00" - }, - "cpu": { - "caption": "Intel64 Family 6 Model 45 Stepping 7" - }, - "serial_number": "VMware-56 4d da 1c 0a cf 55 aa-ff 70 b5 c7 ba ef 9a eb", - "manufacturer": "VMware, Inc." - }, - "architecture": "x86_64" - }, - "id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP_CVE-2013-3900", - "event": { - "agent_id_status": "verified", - "ingested": "2023-06-29T15:00:58Z", - "timezone": "-04:00", - "kind": "state", - "module": "tychon", - "category": "vulnerability", - "dataset": "tychon.tychon_cve", - "outcome": "fail" - } - } - ] -} \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_cve/_dev/test/test-cve.json-config.yml b/packages/tychon/data_stream/tychon_cve/_dev/test/test-cve.json-config.yml new file mode 100644 index 00000000000..3187160a159 --- /dev/null +++ b/packages/tychon/data_stream/tychon_cve/_dev/test/test-cve.json-config.yml @@ -0,0 +1,3 @@ +dynamic_fields: + "@timestamp": ".*" + event.ingested: ".*" diff --git a/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml b/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml index afb6c8cfb43..f9c16f5402d 100644 --- a/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml @@ -1,22 +1,24 @@ --- description: Pipeline for parsing TYCHON Vulnerability Scan Results processors: + - dot_expander: + field: "*" - set: - if: "ctx.containsKey('tychon') && ctx.tychon.containsKey('id')" - field: 'host.id' - value: '{{tychon.id}}' + if: ctx.containsKey("tychon") && ctx.tychon.containsKey("id") + field: host.id + value: "{{tychon.id}}" - remove: - if: "ctx.containsKey('tychon') && ctx.tychon.containsKey('id')" + if: ctx.containsKey("tychon") && ctx.tychon.containsKey("id") field: 'tychon' - set: - field: '_id' - value: '{{id}}' + field: _id + value: "{{id}}" - set: - field: '@timestamp' - value: '{{_ingest.timestamp}}' + field: "@timestamp" + value: "{{_ingest.timestamp}}" - set: field: ecs.version - value: '8.8.0' + value: 8.8.0 - set: field: event.kind value: state @@ -25,13 +27,36 @@ processors: value: tychon - set: field: event.category - value: vulnerability + value: [vulnerability] + - split: + field: host.ip + separator: "," + - script: + source: if(ctx.vulnerability.result == 'fail'){ + ctx.event.outcome = "failure" + }else if(ctx.vulnerability.result == 'pass'){ + ctx.event.outcome = "success" + }else{ + ctx.event.outcome = "unknown" + } + - set: + field: event.ingested + value: "{{_ingest.timestamp}}" + - convert: + field: script.current_duration + type: float + - convert: + field: vulnerability.score.base + type: float + - convert: + field: vulnerability.year + type: long - set: field: vulnerability.scanner.vendor value: tychon - set: field: vulnerability.category - value: oval + value: [oval] - set: field: vulnerability.classification value: cvss @@ -39,13 +64,9 @@ processors: field: vulnerability.enumeration value: CVE - set: - field: event.outcome - value: '{{vulnerability.result}}' - - set: - field: event.ingested - value: '{{_ingest.timestamp}}' + field: vulnerability.version + value: "{{vulnerability.version}}" on_failure: - set: field: error.message - value: '{{ _ingest.on_failure_message }}' - + value: "{{ _ingest.on_failure_message }}" \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-common-config.yml b/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-common-config.yml deleted file mode 100644 index f7c11099fd8..00000000000 --- a/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-common-config.yml +++ /dev/null @@ -1,4 +0,0 @@ -fields: - "@timestamp": "2023-06-29T15:00:58.875284827Z" - tags: - - preserve_original_event diff --git a/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json b/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json new file mode 100644 index 00000000000..c2f3d10314c --- /dev/null +++ b/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json @@ -0,0 +1,53 @@ +{ + "events": [ + { + "windows_defender.service.antimalware.status": "Enabled", + "windows_defender.service.real_time_protection.status": "Enabled", + "windows_defender.service.antispyware.signature_version": "1.391.1546.0", + "script.type": "powershell", + "host.os.build": "22000", + "host.ip": "10.1.9.112,fe80::40d1:5287:42b9:5645", + "windows_defender.service.antivirus.quick_scan.signature_version": "1.391.1470.0", + "host.hostname": "DESKTOP-TIUKL1R", + "host.hardware.manufacturer": "VMware, Inc.", + "windows_defender.service.antivirus.status": "Enabled", + "script.start": "2023-06-15T20:13:03Z", + "host.os.name": "Microsoft Windows 11 Education N", + "host.hardware.cpu.caption": "Intel64 Family 6 Model 45 Stepping 7", + "host.os.organization": "", + "host.hardware.owner": "dcuser", + "windows_defender.service.antispyware.status": "Enabled", + "host.workgroup": "WORKGROUP", + "host.ipv4": "10.1.9.112", + "host.os.version": "10.0.22000", + "windows_defender.service.antivirus.full_scan.signature_version": "", + "host.hardware.bios.name": "Phoenix Technologies LTD", + "host.type": "Workstation", + "windows_defender.service.behavior_monitor.status": "Enabled", + "host.id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP", + "host.biossn": "1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB", + "host.mac": "00:0C:29:EF:9A:EB", + "host.oem.model": "", + "host.uptime": "139304", + "id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP", + "windows_defender.service.antimalware.product_version": "4.18.23050.5", + "host.hardware.serial_number": "VMware-56 4d da 1c 0a cf 55 aa-ff 70 b5 c7 ba ef 9a eb", + "windows_defender.service.ioav_protection.status": "Enabled", + "windows_defender.service.on_access_protection.status": "Enabled", + "script.name": "Get-TychonEppSetting.ps1", + "windows_defender.service.antimalware.engine_version": "1.1.23050.3", + "windows_defender.service.nis.engine_version": "1.1.23050.3", + "script.version": "0.1.0", + "host.oem.manufacturer": "", + "host.os.description": "", + "script.current_duration": "1129.20", + "host.ipv6": "fe80::40d1:5287:42b9:5645", + "script.current_time": "2023-06-15T20:13:04Z", + "windows_defender.service.nis.signature_version": "1.391.1546.0", + "host.hardware.bios.version": "6.00", + "windows_defender.service.nis.status": "Enabled", + "host.domain": "", + "host.os.family": "Windows" + } + ] +} \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-config.yml b/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-config.yml new file mode 100644 index 00000000000..302199c74f9 --- /dev/null +++ b/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-config.yml @@ -0,0 +1,3 @@ +dynamic_fields: + "@timestamp": ".*" + event.ingested: ".*" diff --git a/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-expected.json b/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-expected.json new file mode 100644 index 00000000000..0c75f73167c --- /dev/null +++ b/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-expected.json @@ -0,0 +1,106 @@ +{ + "expected": [ + { + "@timestamp": "2023-07-06T19:09:34.495470581Z", + "ecs": { + "version": "8.8.0" + }, + "event": { + "category": [ + "host" + ], + "ingested": "2023-07-06T19:09:34.495470581Z", + "kind": "state", + "module": "tychon" + }, + "host": { + "biossn": "1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB", + "domain": "", + "hardware": { + "bios": { + "name": "Phoenix Technologies LTD", + "version": "6.00" + }, + "cpu": { + "caption": "Intel64 Family 6 Model 45 Stepping 7" + }, + "manufacturer": "VMware, Inc.", + "owner": "dcuser", + "serial_number": "VMware-56 4d da 1c 0a cf 55 aa-ff 70 b5 c7 ba ef 9a eb" + }, + "hostname": "DESKTOP-TIUKL1R", + "id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP", + "ip": [ + "10.1.9.112", + "fe80::40d1:5287:42b9:5645" + ], + "ipv4": "10.1.9.112", + "ipv6": "fe80::40d1:5287:42b9:5645", + "mac": "00:0C:29:EF:9A:EB", + "oem": { + "manufacturer": "", + "model": "" + }, + "os": { + "build": "22000", + "description": "", + "family": "Windows", + "name": "Microsoft Windows 11 Education N", + "organization": "", + "version": "10.0.22000" + }, + "type": "Workstation", + "uptime": 139304, + "workgroup": "WORKGROUP" + }, + "id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP", + "script": { + "current_duration": 1129.2, + "current_time": "2023-06-15T20:13:04Z", + "name": "Get-TychonEppSetting.ps1", + "start": "2023-06-15T20:13:03Z", + "type": "powershell", + "version": "0.1.0" + }, + "windows_defender": { + "service": { + "antimalware": { + "engine_version": "1.1.23050.3", + "product_version": "4.18.23050.5", + "status": "Enabled" + }, + "antispyware": { + "signature_version": "1.391.1546.0", + "status": "Enabled" + }, + "antivirus": { + "full_scan": { + "signature_version": "" + }, + "quick_scan": { + "signature_version": "1.391.1470.0" + }, + "status": "Enabled" + }, + "behavior_monitor": { + "status": "Enabled" + }, + "ioav_protection": { + "status": "Enabled" + }, + "nis": { + "engine_version": "1.1.23050.3", + "signature_version": "1.391.1546.0", + "status": "Enabled" + }, + "on_access_protection": { + "status": "Enabled" + }, + "real_time_protection": { + "status": "Enabled" + } + } + } + } + ] +} \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-generated.json b/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-generated.json deleted file mode 100644 index 17d2ce35ef7..00000000000 --- a/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-generated.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "events": [ - { - "@timestamp": "2023-06-29T15:00:58.875284827Z", - "message": "{\"windows_defender.service.antimalware.status\":\"Enabled\",\"windows_defender.service.real_time_protection.status\":\"Enabled\",\"windows_defender.service.antispyware.signature_version\":\"1.391.1546.0\",\"script.type\":\"powershell\",\"host.os.build\":\"22000\",\"host.ip\":\"10.1.9.112,fe80::40d1:5287:42b9:5645\",\"windows_defender.service.antivirus.quick_scan.signature_version\":\"1.391.1470.0\",\"host.hostname\":\"DESKTOP-TIUKL1R\",\"host.hardware.manufacturer\":\"VMware, Inc.\",\"windows_defender.service.antivirus.status\":\"Enabled\",\"script.start\":\"2023-06-15T20:13:03Z\",\"host.os.name\":\"Microsoft Windows 11 Education N\",\"host.hardware.cpu.caption\":\"Intel64 Family 6 Model 45 Stepping 7\",\"host.os.organization\":\"\",\"host.hardware.owner\":\"dcuser\",\"windows_defender.service.antispyware.status\":\"Enabled\",\"host.workgroup\":\"WORKGROUP\",\"host.ipv4\":\"10.1.9.112\",\"host.os.version\":\"10.0.22000\",\"windows_defender.service.antivirus.full_scan.signature_version\":\"\",\"host.hardware.bios.name\":\"Phoenix Technologies LTD\",\"host.type\":\"Workstation\",\"windows_defender.service.behavior_monitor.status\":\"Enabled\",\"host.id\":\"bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP\",\"host.biossn\":\"1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB\",\"host.mac\":\"00:0C:29:EF:9A:EB\",\"host.oem.model\":\"\",\"host.uptime\":\"139304\",\"id\":\"bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP\",\"windows_defender.service.antimalware.product_version\":\"4.18.23050.5\",\"host.hardware.serial_number\":\"VMware-56 4d da 1c 0a cf 55 aa-ff 70 b5 c7 ba ef 9a eb\",\"windows_defender.service.ioav_protection.status\":\"Enabled\",\"windows_defender.service.on_access_protection.status\":\"Enabled\",\"script.name\":\"Get-TychonEppSetting.ps1\",\"windows_defender.service.antimalware.engine_version\":\"1.1.23050.3\",\"windows_defender.service.nis.engine_version\":\"1.1.23050.3\",\"script.version\":\"0.1.0\",\"host.oem.manufacturer\":\"\",\"host.os.description\":\"\",\"script.current_duration\":\"1129.20\",\"host.ipv6\":\"fe80::40d1:5287:42b9:5645\",\"script.current_time\":\"2023-06-15T20:13:04Z\",\"windows_defender.service.nis.signature_version\":\"1.391.1546.0\",\"host.hardware.bios.version\":\"6.00\",\"windows_defender.service.nis.status\":\"Enabled\",\"host.domain\":\"\",\"host.os.family\":\"Windows\"}" - } - ] -} \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_epp/_dev/test/test-generated.json-expected.json b/packages/tychon/data_stream/tychon_epp/_dev/test/test-generated.json-expected.json deleted file mode 100644 index b228b308fb3..00000000000 --- a/packages/tychon/data_stream/tychon_epp/_dev/test/test-generated.json-expected.json +++ /dev/null @@ -1,143 +0,0 @@ -{ - "expected": [ - { - "agent": { - "name": "DESKTOP-TIUKL1R", - "id": "1ce3ec61-ef09-43eb-a01b-ce85a1ca1203", - "type": "filebeat", - "ephemeral_id": "f23ef062-3619-4369-976e-42d98f49ac86", - "version": "8.6.2" - }, - "windows_defender": { - "service": { - "on_access_protection": { - "status": "Enabled" - }, - "antivirus": { - "quick_scan": { - "signature_version": "1.391.2951.0" - }, - "full_scan": { - "signature_version": "" - }, - "status": "Enabled" - }, - "behavior_monitor": { - "status": "Enabled" - }, - "antispyware": { - "signature_version": "1.391.3001.0", - "status": "Enabled" - }, - "nis": { - "signature_version": "1.391.3001.0", - "engine_version": "1.1.23050.3", - "status": "Enabled" - }, - "antimalware": { - "product_version": "4.18.23050.5", - "engine_version": "1.1.23050.3", - "status": "Enabled" - }, - "real_time_protection": { - "status": "Enabled" - }, - "ioav_protection": { - "status": "Enabled" - } - } - }, - "log": { - "file": { - "path": "C:\\ProgramData\\TYCHONCLOUD\\eventlogs\\tychon_epp_info.json" - }, - "offset": 0 - }, - "elastic_agent": { - "id": "1ce3ec61-ef09-43eb-a01b-ce85a1ca1203", - "version": "8.6.2", - "snapshot": false - }, - "script": { - "current_duration": "1286.30", - "name": "Get-TychonEppSetting.ps1", - "start": "2023-06-29T14:36:19Z", - "type": "powershell", - "version": "0.1.0", - "current_time": "2023-06-29T14:36:20Z" - }, - "tags": [ - "tychon-epp-info" - ], - "input": { - "type": "log" - }, - "@timestamp": "2023-06-29T15:00:58.875284827Z", - "ecs": { - "version": "8.5.1" - }, - "data_stream": { - "namespace": "default", - "type": "logs", - "dataset": "tychon.tychon_epp" - }, - "host": { - "workgroup": "WORKGROUP", - "os": { - "build": "22000.2057", - "kernel": "10.0.22000.2057 (WinBuild.160101.0800)", - "organization": "", - "name": "Windows 11 Education N", - "description": "", - "type": "windows", - "family": "windows", - "version": "10.0", - "platform": "windows" - }, - "ip": [ - "fe80::40d1:5287:42b9:5645", - "10.1.9.112" - ], - "type": "Workstation", - "mac": [ - "00-0C-29-EF-9A-EB" - ], - "uptime": "762599", - "biossn": "1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB", - "hostname": "DESKTOP-TIUKL1R", - "ipv4": "10.1.9.112", - "oem": { - "model": "", - "manufacturer": "" - }, - "ipv6": "fe80::40d1:5287:42b9:5645", - "domain": "", - "name": "DESKTOP-TIUKL1R", - "id": "a6353cf9-a98a-4526-9dbb-9362c34318b0", - "architecture": "x86_64", - "hardware": { - "owner": "dcuser", - "bios": { - "name": "Phoenix Technologies LTD", - "version": "6.00" - }, - "cpu": { - "caption": "Intel64 Family 6 Model 45 Stepping 7" - }, - "serial_number": "VMware-56 4d da 1c 0a cf 55 aa-ff 70 b5 c7 ba ef 9a eb", - "manufacturer": "VMware, Inc." - } - }, - "id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP", - "event": { - "agent_id_status": "verified", - "ingested": "2023-06-29T15:01:01Z", - "timezone": "-04:00", - "kind": "state", - "module": "tychon", - "category": "host", - "dataset": "tychon.tychon_epp" - } - } - ] -} \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml b/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml index e373c16af3c..dd6d4f55c5b 100644 --- a/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml @@ -1,6 +1,8 @@ --- description: Pipeline for EPP processors: + - dot_expander: + field: "*" - set: if: "ctx.containsKey('tychon') && ctx.tychon.containsKey('id')" field: 'host.id' @@ -11,12 +13,15 @@ processors: - set: field: '_id' value: '{{id}}' + - split: + field: host.ip + separator: "," - set: field: '@timestamp' value: '{{_ingest.timestamp}}' - set: field: ecs.version - value: '8.5.1' + value: '8.8.0' - set: field: event.kind value: state @@ -25,10 +30,16 @@ processors: value: tychon - set: field: event.category - value: host + value: [host] - set: field: event.ingested value: '{{_ingest.timestamp}}' + - convert: + field: host.uptime + type: long + - convert: + field: script.current_duration + type: float on_failure: - set: field: error.message diff --git a/packages/tychon/data_stream/tychon_stig/_dev/test-stig.json b/packages/tychon/data_stream/tychon_stig/_dev/test-stig.json new file mode 100644 index 00000000000..a57731c428a --- /dev/null +++ b/packages/tychon/data_stream/tychon_stig/_dev/test-stig.json @@ -0,0 +1,60 @@ +{ + "events": [ + { + "rule.benchmark.profile.id": "xccdf_mil.disa.stig_profile_Disable_Slow_Rules", + "benchmark.name": "scap_mil.disa.stig_cref_U_MS_Windows_11_V1R2_STIG_SCAP_1-2_Benchmark-xccdf.xml", + "rule.weight": "10.0", + "rule.title": "", + "rule.id": "", + "rule.oval.refid": "", + "script.type": "powershell", + "host.os.build": "22000", + "host.ip": "10.1.9.112,fe80::40d1:5287:42b9:5645", + "rule.name": "xccdf_mil.disa.stig_rule_SV-253254r828846_rule", + "script.version": "0.1.0", + "host.hostname": "DESKTOP-TIUKL1R", + "host.hardware.manufacturer": "VMware, Inc.", + "benchmark.guid": "", + "script.start": "2023-06-15T20:14:11Z", + "host.os.name": "Microsoft Windows 11 Education N", + "id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP_oval:mil.disa.stig.windows11:def:253254_B5876182441699AE4B0B035ED3907DA0898FCA4BDE607D5320342F1862DE0379", + "rule.test_result": "not applicable", + "host.os.organization": "", + "host.hardware.cpu.caption": "Intel64 Family 6 Model 45 Stepping 7", + "benchmark.hash": "B5876182441699AE4B0B035ED3907DA0898FCA4BDE607D5320342F1862DE0379", + "host.hardware.owner": "dcuser", + "host.workgroup": "WORKGROUP", + "host.hardware.serial_number": "VMware-56 4d da 1c 0a cf 55 aa-ff 70 b5 c7 ba ef 9a eb", + "host.ipv4": "10.1.9.112", + "host.os.version": "10.0.22000", + "host.hardware.bios.name": "Phoenix Technologies LTD", + "host.type": "Workstation", + "script.name": "Invoke-TychonStigBenchmarkScan.ps1", + "oval.id": "oval:mil.disa.stig.windows11:def:253254", + "rule.finding_id": "", + "rule.oval.class": "compliance", + "rule.benchmark.title": "scap_mil.disa.stig_cref_U_MS_Windows_11_V1R2_STIG_SCAP_1-2_Benchmark-xccdf.xml", + "rule.benchmark.guid": "", + "host.id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP", + "oval.class": "compliance", + "host.biossn": "1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB", + "host.mac": "00:0C:29:EF:9A:EB", + "oval.refid": "", + "rule.severity": "medium", + "host.oem.model": "", + "host.uptime": "139370", + "benchmark.version": "1.2", + "script.current_time": "2023-06-15T20:19:35Z", + "benchmark.title": "scap_mil.disa.stig_cref_U_MS_Windows_11_V1R2_STIG_SCAP_1-2_Benchmark-xccdf.xml", + "rule.oval.id": "oval:mil.disa.stig.windows11:def:253254", + "benchmark.generated_utc": "2023-03-28T17:40:48", + "host.oem.manufacturer": "", + "host.os.description": "", + "script.current_duration": "324194.34", + "host.ipv6": "fe80::40d1:5287:42b9:5645", + "host.hardware.bios.version": "6.00", + "host.domain": "", + "host.os.family": "Windows" + } + ] +} \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-generated.json b/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-generated.json deleted file mode 100644 index c6ce9c888a9..00000000000 --- a/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-generated.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "events": [ - { - "@timestamp": "2023-06-29T15:00:58.875284827Z", - "message": "{\"rule.benchmark.profile.id\":\"xccdf_mil.disa.stig_profile_Disable_Slow_Rules\",\"benchmark.name\":\"scap_mil.disa.stig_cref_U_MS_Windows_11_V1R2_STIG_SCAP_1-2_Benchmark-xccdf.xml\",\"rule.weight\":\"10.0\",\"rule.title\":\"\",\"rule.id\":\"\",\"rule.oval.refid\":\"\",\"script.type\":\"powershell\",\"host.os.build\":\"22000\",\"host.ip\":\"10.1.9.112,fe80::40d1:5287:42b9:5645\",\"rule.name\":\"xccdf_mil.disa.stig_rule_SV-253254r828846_rule\",\"script.version\":\"0.1.0\",\"host.hostname\":\"DESKTOP-TIUKL1R\",\"host.hardware.manufacturer\":\"VMware, Inc.\",\"benchmark.guid\":\"\",\"script.start\":\"2023-06-15T20:14:11Z\",\"host.os.name\":\"Microsoft Windows 11 Education N\",\"id\":\"bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP_oval:mil.disa.stig.windows11:def:253254_B5876182441699AE4B0B035ED3907DA0898FCA4BDE607D5320342F1862DE0379\",\"rule.test_result\":\"not applicable\",\"host.os.organization\":\"\",\"host.hardware.cpu.caption\":\"Intel64 Family 6 Model 45 Stepping 7\",\"benchmark.hash\":\"B5876182441699AE4B0B035ED3907DA0898FCA4BDE607D5320342F1862DE0379\",\"host.hardware.owner\":\"dcuser\",\"host.workgroup\":\"WORKGROUP\",\"host.hardware.serial_number\":\"VMware-56 4d da 1c 0a cf 55 aa-ff 70 b5 c7 ba ef 9a eb\",\"host.ipv4\":\"10.1.9.112\",\"host.os.version\":\"10.0.22000\",\"host.hardware.bios.name\":\"Phoenix Technologies LTD\",\"host.type\":\"Workstation\",\"script.name\":\"Invoke-TychonStigBenchmarkScan.ps1\",\"oval.id\":\"oval:mil.disa.stig.windows11:def:253254\",\"rule.finding_id\":\"\",\"rule.oval.class\":\"compliance\",\"rule.benchmark.title\":\"scap_mil.disa.stig_cref_U_MS_Windows_11_V1R2_STIG_SCAP_1-2_Benchmark-xccdf.xml\",\"rule.benchmark.guid\":\"\",\"host.id\":\"bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP\",\"oval.class\":\"compliance\",\"host.biossn\":\"1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB\",\"host.mac\":\"00:0C:29:EF:9A:EB\",\"oval.refid\":\"\",\"rule.severity\":\"medium\",\"host.oem.model\":\"\",\"host.uptime\":\"139370\",\"benchmark.version\":\"1.2\",\"script.current_time\":\"2023-06-15T20:19:35Z\",\"benchmark.title\":\"scap_mil.disa.stig_cref_U_MS_Windows_11_V1R2_STIG_SCAP_1-2_Benchmark-xccdf.xml\",\"rule.oval.id\":\"oval:mil.disa.stig.windows11:def:253254\",\"benchmark.generated_utc\":\"2023-03-28T17:40:48\",\"host.oem.manufacturer\":\"\",\"host.os.description\":\"\",\"script.current_duration\":\"324194.34\",\"host.ipv6\":\"fe80::40d1:5287:42b9:5645\",\"host.hardware.bios.version\":\"6.00\",\"host.domain\":\"\",\"host.os.family\":\"Windows\"}" - } - ] -} \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-config.yml b/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-config.yml new file mode 100644 index 00000000000..302199c74f9 --- /dev/null +++ b/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-config.yml @@ -0,0 +1,3 @@ +dynamic_fields: + "@timestamp": ".*" + event.ingested: ".*" diff --git a/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-generated.json-expected.json b/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-expected.json similarity index 51% rename from packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-generated.json-expected.json rename to packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-expected.json index 55f85bd25f3..d79663e45aa 100644 --- a/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-generated.json-expected.json +++ b/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-expected.json @@ -1,116 +1,30 @@ { "expected": [ { - "agent": { - "name": "DESKTOP-TIUKL1R", - "id": "1ce3ec61-ef09-43eb-a01b-ce85a1ca1203", - "type": "filebeat", - "ephemeral_id": "f23ef062-3619-4369-976e-42d98f49ac86", - "version": "8.6.2" - }, - "log": { - "file": { - "path": "C:\\ProgramData\\TYCHONCLOUD\\eventlogs\\tychon_stig_info.json" - }, - "offset": 712779 - }, - "oval": { - "id": "oval:mil.disa.stig.windows11:def:253254", - "refid": "", - "class": "compliance" - }, - "elastic_agent": { - "id": "1ce3ec61-ef09-43eb-a01b-ce85a1ca1203", - "version": "8.6.2", - "snapshot": false - }, - "rule": { - "severity": "medium", - "result": "not applicable", - "finding_id": "", - "oval": { - "refid": "", - "id": "oval:mil.disa.stig.windows11:def:253254", - "class": "compliance" - }, - "name": "xccdf_mil.disa.stig_rule_SV-253254r828846_rule", - "weight": "10.0", - "id": "", - "title": "", - "benchmark": { - "profile": { - "id": "xccdf_mil.disa.stig_profile_Disable_Slow_Rules" - }, - "guid": "", - "title": "scap_mil.disa.stig_cref_U_MS_Windows_11_V1R2_STIG_SCAP_1-2_Benchmark-xccdf.xml" - } - }, - "script": { - "current_duration": "347397.53", - "name": "Invoke-TychonStigBenchmarkScan.ps1", - "start": "2023-06-23T03:05:45Z", - "type": "powershell", - "version": "0.1.0", - "current_time": "2023-06-23T03:11:33Z" - }, + "@timestamp": "2023-07-05T13:31:29.436209572Z", "benchmark": { "generated_utc": "2023-03-28T17:40:48", - "name": "scap_mil.disa.stig_cref_U_MS_Windows_11_V1R2_STIG_SCAP_1-2_Benchmark-xccdf.xml", "guid": "", + "hash": "B5876182441699AE4B0B035ED3907DA0898FCA4BDE607D5320342F1862DE0379", + "name": "scap_mil.disa.stig_cref_U_MS_Windows_11_V1R2_STIG_SCAP_1-2_Benchmark-xccdf.xml", "title": "scap_mil.disa.stig_cref_U_MS_Windows_11_V1R2_STIG_SCAP_1-2_Benchmark-xccdf.xml", - "version": "1.2", - "hash": "B5876182441699AE4B0B035ED3907DA0898FCA4BDE607D5320342F1862DE0379" - }, - "tags": [ - "tychon-stig-info" - ], - "input": { - "type": "log" + "version": "1.2" }, - "@timestamp": "2023-06-29T15:00:58.875284827Z", "ecs": { - "version": "8.5.1" + "version": "8.8.0" }, - "data_stream": { - "namespace": "default", - "type": "logs", - "dataset": "tychon.tychon_stig" + "event": { + "category": [ + "host" + ], + "ingested": "2023-07-05T13:31:29.436209572Z", + "kind": "state", + "module": "tychon" }, "host": { - "workgroup": "WORKGROUP", - "os": { - "build": "22000.2057", - "kernel": "10.0.22000.2057 (WinBuild.160101.0800)", - "organization": "", - "name": "Windows 11 Education N", - "description": "", - "type": "windows", - "family": "windows", - "version": "10.0", - "platform": "windows" - }, - "ip": [ - "fe80::40d1:5287:42b9:5645", - "10.1.9.112" - ], - "type": "Workstation", - "mac": [ - "00-0C-29-EF-9A-EB" - ], - "uptime": "202779", "biossn": "1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB", - "hostname": "DESKTOP-TIUKL1R", - "ipv4": "10.1.9.112", - "oem": { - "model": "", - "manufacturer": "" - }, - "ipv6": "fe80::40d1:5287:42b9:5645", "domain": "", - "name": "DESKTOP-TIUKL1R", - "id": "a6353cf9-a98a-4526-9dbb-9362c34318b0", "hardware": { - "owner": "dcuser", "bios": { "name": "Phoenix Technologies LTD", "version": "6.00" @@ -118,20 +32,69 @@ "cpu": { "caption": "Intel64 Family 6 Model 45 Stepping 7" }, - "serial_number": "VMware-56 4d da 1c 0a cf 55 aa-ff 70 b5 c7 ba ef 9a eb", - "manufacturer": "VMware, Inc." + "manufacturer": "VMware, Inc.", + "owner": "dcuser", + "serial_number": "VMware-56 4d da 1c 0a cf 55 aa-ff 70 b5 c7 ba ef 9a eb" + }, + "hostname": "DESKTOP-TIUKL1R", + "id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP", + "ip": [ + "10.1.9.112", + "fe80::40d1:5287:42b9:5645" + ], + "ipv4": "10.1.9.112", + "ipv6": "fe80::40d1:5287:42b9:5645", + "mac": "00:0C:29:EF:9A:EB", + "oem": { + "manufacturer": "", + "model": "" + }, + "os": { + "build": "22000", + "description": "", + "family": "Windows", + "name": "Microsoft Windows 11 Education N", + "organization": "", + "version": "10.0.22000" }, - "architecture": "x86_64" + "type": "Workstation", + "uptime": 139370, + "workgroup": "WORKGROUP" }, "id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP_oval:mil.disa.stig.windows11:def:253254_B5876182441699AE4B0B035ED3907DA0898FCA4BDE607D5320342F1862DE0379", - "event": { - "agent_id_status": "verified", - "ingested": "2023-06-29T15:01:05Z", - "timezone": "-04:00", - "kind": "state", - "module": "tychon", - "category": "host", - "dataset": "tychon.tychon_stig" + "oval": { + "class": "compliance", + "id": "oval:mil.disa.stig.windows11:def:253254", + "refid": "" + }, + "rule": { + "benchmark": { + "guid": "", + "profile": { + "id": "xccdf_mil.disa.stig_profile_Disable_Slow_Rules" + }, + "title": "scap_mil.disa.stig_cref_U_MS_Windows_11_V1R2_STIG_SCAP_1-2_Benchmark-xccdf.xml" + }, + "finding_id": "", + "id": "", + "name": "xccdf_mil.disa.stig_rule_SV-253254r828846_rule", + "oval": { + "class": "compliance", + "id": "oval:mil.disa.stig.windows11:def:253254", + "refid": "" + }, + "result": "not applicable", + "severity": "medium", + "title": "", + "weight": 10.0 + }, + "script": { + "current_duration": 324194.34, + "current_time": "2023-06-15T20:19:35Z", + "name": "Invoke-TychonStigBenchmarkScan.ps1", + "start": "2023-06-15T20:14:11Z", + "type": "powershell", + "version": "0.1.0" } } ] diff --git a/packages/tychon/data_stream/tychon_stig/_dev/test/test-common-config.yml b/packages/tychon/data_stream/tychon_stig/_dev/test/test-common-config.yml deleted file mode 100644 index f7c11099fd8..00000000000 --- a/packages/tychon/data_stream/tychon_stig/_dev/test/test-common-config.yml +++ /dev/null @@ -1,4 +0,0 @@ -fields: - "@timestamp": "2023-06-29T15:00:58.875284827Z" - tags: - - preserve_original_event diff --git a/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml b/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml index 0ef19f821c9..39e852c5d12 100644 --- a/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml @@ -1,6 +1,8 @@ --- description: Pipeline for parsing TYCHON Windows Patches processors: + - dot_expander: + field: "*" - set: if: "ctx.containsKey('tychon') && ctx.tychon.containsKey('id')" field: 'host.id' @@ -10,22 +12,24 @@ processors: field: 'tychon' - set: if: "!(ctx.containsKey('id'))" - field: 'id' + field: id value: '{{host.id}}' - set: - field: '_id' + field: _id value: '{{id}}' - set: field: '@timestamp' value: '{{_ingest.timestamp}}' - set: - field: 'rule.result' + if: "ctx.containsKey('rule') && ctx.rule.containsKey('test_result')" + field: rule.result value: '{{rule.test_result}}' - remove: - field: 'rule.test_result' + if: "ctx.containsKey('rule') && ctx.rule.containsKey('test_result')" + field: rule.test_result - set: field: ecs.version - value: '8.5.1' + value: '8.8.0' - set: field: event.kind value: state @@ -34,10 +38,22 @@ processors: value: tychon - set: field: event.category - value: host + value: [host] - set: field: event.ingested value: '{{_ingest.timestamp}}' + - split: + field: host.ip + separator: "," + - convert: + field: host.uptime + type: long + - convert: + field: script.current_duration + type: float + - convert: + field: rule.weight + type: float on_failure: - set: field: error.message diff --git a/packages/tychon/data_stream/tychon_stig/fields/fields.yml b/packages/tychon/data_stream/tychon_stig/fields/fields.yml index 6f0664b13fb..de898836fa7 100644 --- a/packages/tychon/data_stream/tychon_stig/fields/fields.yml +++ b/packages/tychon/data_stream/tychon_stig/fields/fields.yml @@ -53,7 +53,7 @@ description: Benchmark Severity Status. type: keyword - name: result - description: Benchmark Test Results. + description: Benchmark Rule Results. type: keyword - name: title description: Benchmark Rule Title. From 0890a32cf539e38a8864a7592509bb2d0ba43e03 Mon Sep 17 00:00:00 2001 From: joeperuzzi <122561341+joeperuzzi@users.noreply.github.com> Date: Fri, 7 Jul 2023 15:42:44 -0400 Subject: [PATCH 22/44] Moving LIcnese.txt to the root directory --- packages/tychon/LICENSE.txt => LICENSE.txt | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename packages/tychon/LICENSE.txt => LICENSE.txt (100%) diff --git a/packages/tychon/LICENSE.txt b/LICENSE.txt similarity index 100% rename from packages/tychon/LICENSE.txt rename to LICENSE.txt From 3113785c8320324a0a335c5b960e2ca7d9f287da Mon Sep 17 00:00:00 2001 From: tychon1 <137804838+tychon1@users.noreply.github.com> Date: Mon, 10 Jul 2023 15:58:38 +0000 Subject: [PATCH 23/44] Update Changes from PR 6701 --- .../tychon_cve/_dev/test/pipeline/test-cve.json | 3 ++- .../test/pipeline/test-cve.json-expected.json | 9 +++++---- .../tychon_cve/_dev/test/test-cve.json-config.yml | 1 + .../elasticsearch/ingest_pipeline/default.yml | 12 +++++++++--- .../tychon/data_stream/tychon_cve/fields/ecs.yml | 7 +++++++ .../data_stream/tychon_cve/fields/fields.yml | 15 ++------------- .../tychon/data_stream/tychon_cve/manifest.yml | 8 -------- .../tychon_epp/_dev/test/pipeline/test-epp.json | 3 ++- .../_dev/test/pipeline/test-epp.json-config.yml | 1 + .../test/pipeline/test-epp.json-expected.json | 5 +++-- .../elasticsearch/ingest_pipeline/default.yml | 8 +++++++- .../tychon/data_stream/tychon_epp/fields/ecs.yml | 7 +++++++ .../data_stream/tychon_epp/fields/fields.yml | 13 +------------ .../tychon/data_stream/tychon_epp/manifest.yml | 10 +--------- .../data_stream/tychon_stig/_dev/test-stig.json | 3 ++- .../_dev/test/pipeline/test-stig.json-config.yml | 1 + .../test/pipeline/test-stig.json-expected.json | 9 +++++---- .../elasticsearch/ingest_pipeline/default.yml | 8 +++++++- .../tychon/data_stream/tychon_stig/fields/ecs.yml | 7 +++++++ .../data_stream/tychon_stig/fields/fields.yml | 13 +------------ .../tychon/data_stream/tychon_stig/manifest.yml | 10 +--------- 21 files changed, 72 insertions(+), 81 deletions(-) diff --git a/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json b/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json index a968a6c9bcd..48102616f71 100644 --- a/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json +++ b/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json @@ -48,4 +48,5 @@ "vulnerability.year": "2013" } ] -} \ No newline at end of file +} + \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json-expected.json b/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json-expected.json index c19e2ff771b..d0c4773dc27 100644 --- a/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json-expected.json +++ b/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json-expected.json @@ -1,7 +1,7 @@ { "expected": [ { - "@timestamp": "2023-07-05T13:31:28.772195022Z", + "@timestamp": "2023-07-06T19:09:34.276302828Z", "ecs": { "version": "8.8.0" }, @@ -9,7 +9,7 @@ "category": [ "vulnerability" ], - "ingested": "2023-07-05T13:31:28.772195022Z", + "ingested": "2023-07-06T19:09:34.276302828Z", "kind": "state", "module": "tychon", "outcome": "failure" @@ -37,7 +37,7 @@ ], "ipv4": "10.1.9.112", "ipv6": "fe80::40d1:5287:42b9:5645", - "mac": "00:0C:29:EF:9A:EB", + "mac": "00-0C-29-EF-9A-EB", "oem": { "manufacturer": "", "model": "" @@ -88,4 +88,5 @@ } } ] -} \ No newline at end of file +} + \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_cve/_dev/test/test-cve.json-config.yml b/packages/tychon/data_stream/tychon_cve/_dev/test/test-cve.json-config.yml index 3187160a159..cc4eab12c27 100644 --- a/packages/tychon/data_stream/tychon_cve/_dev/test/test-cve.json-config.yml +++ b/packages/tychon/data_stream/tychon_cve/_dev/test/test-cve.json-config.yml @@ -1,3 +1,4 @@ dynamic_fields: "@timestamp": ".*" event.ingested: ".*" + \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml b/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml index f9c16f5402d..52aeab81253 100644 --- a/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml @@ -32,13 +32,15 @@ processors: field: host.ip separator: "," - script: - source: if(ctx.vulnerability.result == 'fail'){ + source: if(ctx.vulnerability?.result == 'fail'){ ctx.event.outcome = "failure" - }else if(ctx.vulnerability.result == 'pass'){ + }else if(ctx.vulnerability?.result == 'pass'){ ctx.event.outcome = "success" }else{ ctx.event.outcome = "unknown" } + - script: + source: ctx.host.mac = ctx.host.mac.replace(':','-') - set: field: event.ingested value: "{{_ingest.timestamp}}" @@ -68,5 +70,9 @@ processors: value: "{{vulnerability.version}}" on_failure: - set: + field: event.kind + value: pipeline_error + - append: field: error.message - value: "{{ _ingest.on_failure_message }}" \ No newline at end of file + value: '{{{ _ingest.on_failure_message }}}' + \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_cve/fields/ecs.yml b/packages/tychon/data_stream/tychon_cve/fields/ecs.yml index 414a6a25272..f2dd36504fd 100644 --- a/packages/tychon/data_stream/tychon_cve/fields/ecs.yml +++ b/packages/tychon/data_stream/tychon_cve/fields/ecs.yml @@ -14,16 +14,22 @@ name: event.agent_id_status - external: ecs name: event.category +- external: ecs + name: event.created - external: ecs name: event.dataset - external: ecs name: event.id +- external: ecs + name: event.ingested - external: ecs name: event.kind - external: ecs name: event.outcome - external: ecs name: event.timezone +- external: ecs + name: error.message - external: ecs name: host.architecture - external: ecs @@ -56,3 +62,4 @@ name: vulnerability.score.version - external: ecs name: vulnerability.severity + \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_cve/fields/fields.yml b/packages/tychon/data_stream/tychon_cve/fields/fields.yml index dafc7b54ae8..c306c9656ea 100644 --- a/packages/tychon/data_stream/tychon_cve/fields/fields.yml +++ b/packages/tychon/data_stream/tychon_cve/fields/fields.yml @@ -33,7 +33,7 @@ fields: - name: current_duration description: Scanner Script Duration. - type: long + type: float - name: current_time description: Current datetime. type: date @@ -61,15 +61,4 @@ - name: version description: Elastic Agent Version. type: keyword -- name: event - type: group - fields: - - name: created - description: Event Creation Datetime. - type: date - - name: ingested - description: Event Ingestion Datetime. - type: date -- name: message - description: Message content. - type: match_only_text + \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_cve/manifest.yml b/packages/tychon/data_stream/tychon_cve/manifest.yml index a9d9750abec..ab827e673ed 100644 --- a/packages/tychon/data_stream/tychon_cve/manifest.yml +++ b/packages/tychon/data_stream/tychon_cve/manifest.yml @@ -23,14 +23,6 @@ streams: show_user: false default: - tychon-cve - - name: preserve_original_event - required: true - show_user: true - title: Preserve original event - description: Preserves a raw copy of the original event, added to the field `event.original` - type: bool - multi: false - default: false - name: processors type: yaml title: Processors diff --git a/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json b/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json index c2f3d10314c..56393dbe70c 100644 --- a/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json +++ b/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json @@ -50,4 +50,5 @@ "host.os.family": "Windows" } ] -} \ No newline at end of file +} + \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-config.yml b/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-config.yml index 302199c74f9..e72281ddac3 100644 --- a/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-config.yml +++ b/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-config.yml @@ -1,3 +1,4 @@ dynamic_fields: "@timestamp": ".*" event.ingested: ".*" + \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-expected.json b/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-expected.json index 0c75f73167c..ad268b5abb5 100644 --- a/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-expected.json +++ b/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-expected.json @@ -36,7 +36,7 @@ ], "ipv4": "10.1.9.112", "ipv6": "fe80::40d1:5287:42b9:5645", - "mac": "00:0C:29:EF:9A:EB", + "mac": "00-0C-29-EF-9A-EB", "oem": { "manufacturer": "", "model": "" @@ -103,4 +103,5 @@ } } ] -} \ No newline at end of file +} + \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml b/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml index dd6d4f55c5b..a83bbb3146f 100644 --- a/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml @@ -37,10 +37,16 @@ processors: - convert: field: host.uptime type: long + - script: + source: ctx.host.mac = ctx.host.mac.replace(':','-') - convert: field: script.current_duration type: float on_failure: - set: + field: event.kind + value: pipeline_error + - append: field: error.message - value: '{{ _ingest.on_failure_message }}' \ No newline at end of file + value: '{{{ _ingest.on_failure_message }}}' + \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_epp/fields/ecs.yml b/packages/tychon/data_stream/tychon_epp/fields/ecs.yml index 6973ee9ac08..8fd10f807e4 100644 --- a/packages/tychon/data_stream/tychon_epp/fields/ecs.yml +++ b/packages/tychon/data_stream/tychon_epp/fields/ecs.yml @@ -14,10 +14,14 @@ name: ecs.version - external: ecs name: event.category +- external: ecs + name: event.created - external: ecs name: agent.ephemeral_id - external: ecs name: agent.id +- external: ecs + name: event.ingested - external: ecs name: agent.name - external: ecs @@ -30,6 +34,8 @@ name: event.dataset - external: ecs name: event.timezone +- external: ecs + name: error.message - external: ecs name: host.os.type - external: ecs @@ -44,3 +50,4 @@ name: host.os.kernel - external: ecs name: host.os.platform + \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_epp/fields/fields.yml b/packages/tychon/data_stream/tychon_epp/fields/fields.yml index 9629bdb81c9..aba5a7a2daf 100644 --- a/packages/tychon/data_stream/tychon_epp/fields/fields.yml +++ b/packages/tychon/data_stream/tychon_epp/fields/fields.yml @@ -101,15 +101,4 @@ - name: version description: Elastic Agent Version. type: keyword -- name: event - type: group - fields: - - name: created - description: Event Creation Datetime. - type: date - - name: ingested - description: Event Ingestion Datetime. - type: date -- name: message - description: Message content. - type: match_only_text + \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_epp/manifest.yml b/packages/tychon/data_stream/tychon_epp/manifest.yml index d995ce56e22..cfd691f4fd0 100644 --- a/packages/tychon/data_stream/tychon_epp/manifest.yml +++ b/packages/tychon/data_stream/tychon_epp/manifest.yml @@ -22,14 +22,6 @@ streams: show_user: false default: - tychon-epp-info - - name: preserve_original_event - required: true - show_user: true - title: Preserve original event - description: Preserves a raw copy of the original event, added to the field `event.original` - type: bool - multi: false - default: false - name: processors type: yaml title: Processors @@ -38,4 +30,4 @@ streams: show_user: false description: > Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details. - + \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_stig/_dev/test-stig.json b/packages/tychon/data_stream/tychon_stig/_dev/test-stig.json index a57731c428a..c62a5f5899a 100644 --- a/packages/tychon/data_stream/tychon_stig/_dev/test-stig.json +++ b/packages/tychon/data_stream/tychon_stig/_dev/test-stig.json @@ -57,4 +57,5 @@ "host.os.family": "Windows" } ] -} \ No newline at end of file +} + \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-config.yml b/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-config.yml index 302199c74f9..e72281ddac3 100644 --- a/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-config.yml +++ b/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-config.yml @@ -1,3 +1,4 @@ dynamic_fields: "@timestamp": ".*" event.ingested: ".*" + \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-expected.json b/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-expected.json index d79663e45aa..7703aa69994 100644 --- a/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-expected.json +++ b/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-expected.json @@ -1,7 +1,7 @@ { "expected": [ { - "@timestamp": "2023-07-05T13:31:29.436209572Z", + "@timestamp": "2023-07-06T19:09:34.703782139Z", "benchmark": { "generated_utc": "2023-03-28T17:40:48", "guid": "", @@ -17,7 +17,7 @@ "category": [ "host" ], - "ingested": "2023-07-05T13:31:29.436209572Z", + "ingested": "2023-07-06T19:09:34.703782139Z", "kind": "state", "module": "tychon" }, @@ -44,7 +44,7 @@ ], "ipv4": "10.1.9.112", "ipv6": "fe80::40d1:5287:42b9:5645", - "mac": "00:0C:29:EF:9A:EB", + "mac": "00-0C-29-EF-9A-EB", "oem": { "manufacturer": "", "model": "" @@ -98,4 +98,5 @@ } } ] -} \ No newline at end of file +} + \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml b/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml index 39e852c5d12..42602dab138 100644 --- a/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml @@ -48,6 +48,8 @@ processors: - convert: field: host.uptime type: long + - script: + source: ctx.host.mac = ctx.host.mac.replace(':','-') - convert: field: script.current_duration type: float @@ -56,5 +58,9 @@ processors: type: float on_failure: - set: + field: event.kind + value: pipeline_error + - append: field: error.message - value: '{{ _ingest.on_failure_message }}' \ No newline at end of file + value: '{{{ _ingest.on_failure_message }}}' + \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_stig/fields/ecs.yml b/packages/tychon/data_stream/tychon_stig/fields/ecs.yml index ee9115003a9..7d0cb9f058c 100644 --- a/packages/tychon/data_stream/tychon_stig/fields/ecs.yml +++ b/packages/tychon/data_stream/tychon_stig/fields/ecs.yml @@ -16,10 +16,14 @@ name: ecs.version - external: ecs name: event.category +- external: ecs + name: event.created - external: ecs name: agent.ephemeral_id - external: ecs name: agent.id +- external: ecs + name: event.ingested - external: ecs name: agent.name - external: ecs @@ -32,6 +36,8 @@ name: event.dataset - external: ecs name: event.timezone +- external: ecs + name: error.message - external: ecs name: host.os.type - external: ecs @@ -46,3 +52,4 @@ name: host.os.kernel - external: ecs name: host.os.platform + \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_stig/fields/fields.yml b/packages/tychon/data_stream/tychon_stig/fields/fields.yml index de898836fa7..1b6ec9e9b6f 100644 --- a/packages/tychon/data_stream/tychon_stig/fields/fields.yml +++ b/packages/tychon/data_stream/tychon_stig/fields/fields.yml @@ -118,15 +118,4 @@ - name: version description: Elastic Agent Version. type: keyword -- name: event - type: group - fields: - - name: created - description: Event Creation Datetime. - type: date - - name: ingested - description: Event Ingestion Datetime. - type: date -- name: error.message - description: Error Message Content. - type: match_only_text + \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_stig/manifest.yml b/packages/tychon/data_stream/tychon_stig/manifest.yml index 03e33073008..95baf5f1b36 100644 --- a/packages/tychon/data_stream/tychon_stig/manifest.yml +++ b/packages/tychon/data_stream/tychon_stig/manifest.yml @@ -22,14 +22,6 @@ streams: show_user: false default: - tychon-stig-info - - name: preserve_original_event - required: true - show_user: true - title: Preserve original event - description: Preserves a raw copy of the original event, added to the field `event.original` - type: bool - multi: false - default: false - name: processors type: yaml title: Processors @@ -38,4 +30,4 @@ streams: show_user: false description: > Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details. - + \ No newline at end of file From 4bbed691dacdd078b86a044f4ef1a931771d79f5 Mon Sep 17 00:00:00 2001 From: joeperuzzi <122561341+joeperuzzi@users.noreply.github.com> Date: Tue, 11 Jul 2023 11:22:41 +0000 Subject: [PATCH 24/44] Several code recommendation changes based upon PR comments --- packages/tychon/_dev/build/docs/README.md | 64 +++---- .../{ => pipeline}/test-cve.json-config.yml | 3 +- .../test/pipeline/test-cve.json-expected.json | 178 +++++++++--------- .../tychon_cve/agent/stream/stream.yml.hbs | 7 +- .../elasticsearch/ingest_pipeline/default.yml | 12 +- .../data_stream/tychon_cve/fields/ecs.yml | 6 + .../data_stream/tychon_cve/fields/fields.yml | 14 +- .../data_stream/tychon_cve/manifest.yml | 8 - .../test/pipeline/test-epp.json-config.yml | 1 + .../test/pipeline/test-epp.json-expected.json | 2 +- .../tychon_epp/agent/stream/stream.yml.hbs | 3 +- .../elasticsearch/ingest_pipeline/default.yml | 8 +- .../data_stream/tychon_epp/fields/ecs.yml | 6 + .../data_stream/tychon_epp/fields/fields.yml | 12 -- .../data_stream/tychon_epp/manifest.yml | 8 - .../_dev/{ => test/pipeline}/test-stig.json | 0 .../pipeline/test-stig.json-expected.json | 6 +- .../elasticsearch/ingest_pipeline/default.yml | 8 +- .../data_stream/tychon_stig/fields/ecs.yml | 6 + .../data_stream/tychon_stig/fields/fields.yml | 12 -- .../data_stream/tychon_stig/manifest.yml | 8 - packages/tychon/manifest.yml | 2 +- 22 files changed, 176 insertions(+), 198 deletions(-) rename packages/tychon/data_stream/tychon_cve/_dev/test/{ => pipeline}/test-cve.json-config.yml (60%) rename packages/tychon/data_stream/tychon_stig/_dev/{ => test/pipeline}/test-stig.json (100%) diff --git a/packages/tychon/_dev/build/docs/README.md b/packages/tychon/_dev/build/docs/README.md index b43876f6f78..102f25dca8d 100644 --- a/packages/tychon/_dev/build/docs/README.md +++ b/packages/tychon/_dev/build/docs/README.md @@ -1,32 +1,32 @@ -# TYCHON Agentless - -[TYCHON Agentless](https://tychon.io/products/tychon-agentless/) is an integration that lets you collect TYCHON's gold source vulnerability and STIG data from endpoints without heavy resource use or software installation. You can then investigate the TYCHON data using Elastic's analytics, visualizations, and dashboards. [Contact us to learn more.](https://tychon.io/start-a-free-trial/) - -## Compatibility - -* This integration supports Windows 10 and Windows 11 Endpoint Operating Systems. -* This integration requires a TYCHON Agentless license. -* This integration requires [TYCHON Vulnerability Definition](https://support.tychon.io/) files. - - -## Returned Data Fields -### Vulnerablities - -TYCHON scans for endpoint vulenrabilites and returns the results. - -**Exported fields** -{{fields "tychon_cve"}} - -### Endpoint Protection Platform - -TYCHON scans the endpoint's Windows Defender and returns protection status and version details. - -**Exported fields** -{{fields "tychon_epp"}} - -### Endpoint STIG Information - -The TYCHON benchmark script scans an endpoint's Windows configuration for STIG/XCCDF issues and returns information. - -**Exported fields** -{{fields "tychon_stig"}} +# TYCHON Agentless + +[TYCHON Agentless](https://tychon.io/products/tychon-agentless/) is an integration that lets you collect TYCHON's gold source vulnerability and STIG data from endpoints without heavy resource use or software installation. You can then investigate the TYCHON data using Elastic's analytics, visualizations, and dashboards. [Contact us to learn more.](https://tychon.io/start-a-free-trial/) + +## Compatibility + +* This integration supports Windows 10 and Windows 11 Endpoint Operating Systems. +* This integration requires a TYCHON Agentless license. +* This integration requires [TYCHON Vulnerability Definition](https://support.tychon.io/) files. + + +## Returned Data Fields +### Vulnerablities + +TYCHON scans for endpoint vulenrabilites and returns the results. + +**Exported fields** +{{fields "tychon_cve"}} + +### Endpoint Protection Platform + +TYCHON scans the endpoint's Windows Defender and returns protection status and version details. + +**Exported fields** +{{fields "tychon_epp"}} + +### Endpoint STIG Information + +The TYCHON benchmark script scans an endpoint's Windows configuration for STIG/XCCDF issues and returns information. + +**Exported fields** +{{fields "tychon_stig"}} diff --git a/packages/tychon/data_stream/tychon_cve/_dev/test/test-cve.json-config.yml b/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json-config.yml similarity index 60% rename from packages/tychon/data_stream/tychon_cve/_dev/test/test-cve.json-config.yml rename to packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json-config.yml index 3187160a159..e72281ddac3 100644 --- a/packages/tychon/data_stream/tychon_cve/_dev/test/test-cve.json-config.yml +++ b/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json-config.yml @@ -1,3 +1,4 @@ dynamic_fields: "@timestamp": ".*" - event.ingested: ".*" + event.ingested: ".*" + \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json-expected.json b/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json-expected.json index c19e2ff771b..659c905aaa2 100644 --- a/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json-expected.json +++ b/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json-expected.json @@ -1,91 +1,91 @@ { - "expected": [ - { - "@timestamp": "2023-07-05T13:31:28.772195022Z", - "ecs": { - "version": "8.8.0" - }, - "event": { - "category": [ - "vulnerability" - ], - "ingested": "2023-07-05T13:31:28.772195022Z", - "kind": "state", - "module": "tychon", - "outcome": "failure" - }, - "host": { - "biossn": "1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB", - "domain": "", - "hardware": { - "bios": { - "name": "Phoenix Technologies LTD", - "version": "6.00" - }, - "cpu": { - "caption": "Intel64 Family 6 Model 45 Stepping 7" - }, - "manufacturer": "VMware, Inc.", - "owner": "dcuser", - "serial_number": "VMware-56 4d da 1c 0a cf 55 aa-ff 70 b5 c7 ba ef 9a eb" - }, - "hostname": "DESKTOP-TIUKL1R", - "id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP", - "ip": [ - "10.1.9.112", - "fe80::40d1:5287:42b9:5645" - ], - "ipv4": "10.1.9.112", - "ipv6": "fe80::40d1:5287:42b9:5645", - "mac": "00:0C:29:EF:9A:EB", - "oem": { - "manufacturer": "", - "model": "" - }, - "os": { - "build": "22000", - "description": "", - "family": "Windows", - "name": "Microsoft Windows 11 Education N", - "organization": "", - "version": "10.0.22000" - }, - "type": "Workstation", - "uptime": 145287, - "workgroup": "WORKGROUP" - }, - "id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP_CVE-2013-3900", - "script": { - "current_duration": 315381.28, - "current_time": "2023-06-15T21:58:02Z", - "name": "Invoke-CveScan.ps1", - "start": "2023-06-15T21:52:47Z", - "type": "powershell", - "version": "0.1.0" - }, - "vulnerability": { - "category": [ - "oval" - ], - "classification": "cvss", - "enumeration": "CVE", - "iava": "2013-A-0227", - "iava_severity": "CAT II", - "id": "CVE-2013-3900", - "reference": "https://www.scaprepo.com/view.jsp?id=CVE-2013-3900", - "result": "fail", - "scanner": { - "vendor": "tychon" - }, - "score": { - "base": 7.6, - "version": "2.0" - }, - "severity": "HIGH", - "title": "The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does ", - "version": "1", - "year": 2013 - } - } - ] + "expected": [ + { + "@timestamp": "2023-07-06T19:09:34.276302828Z", + "ecs": { + "version": "8.8.0" + }, + "event": { + "category": [ + "vulnerability" + ], + "ingested": "2023-07-06T19:09:34.276302828Z", + "kind": "state", + "module": "tychon", + "outcome": "failure" + }, + "host": { + "biossn": "1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB", + "domain": "", + "hardware": { + "bios": { + "name": "Phoenix Technologies LTD", + "version": "6.00" + }, + "cpu": { + "caption": "Intel64 Family 6 Model 45 Stepping 7" + }, + "manufacturer": "VMware, Inc.", + "owner": "dcuser", + "serial_number": "VMware-56 4d da 1c 0a cf 55 aa-ff 70 b5 c7 ba ef 9a eb" + }, + "hostname": "DESKTOP-TIUKL1R", + "id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP", + "ip": [ + "10.1.9.112", + "fe80::40d1:5287:42b9:5645" + ], + "ipv4": "10.1.9.112", + "ipv6": "fe80::40d1:5287:42b9:5645", + "mac": "00-0C-29-EF-9A-EB", + "oem": { + "manufacturer": "", + "model": "" + }, + "os": { + "build": "22000", + "description": "", + "family": "Windows", + "name": "Microsoft Windows 11 Education N", + "organization": "", + "version": "10.0.22000" + }, + "type": "Workstation", + "uptime": 145287, + "workgroup": "WORKGROUP" + }, + "id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP_CVE-2013-3900", + "script": { + "current_duration": 315381.28, + "current_time": "2023-06-15T21:58:02Z", + "name": "Invoke-CveScan.ps1", + "start": "2023-06-15T21:52:47Z", + "type": "powershell", + "version": "0.1.0" + }, + "vulnerability": { + "category": [ + "oval" + ], + "classification": "cvss", + "enumeration": "CVE", + "iava": "2013-A-0227", + "iava_severity": "CAT II", + "id": "CVE-2013-3900", + "reference": "https://www.scaprepo.com/view.jsp?id=CVE-2013-3900", + "result": "fail", + "scanner": { + "vendor": "tychon" + }, + "score": { + "base": 7.6, + "version": "2.0" + }, + "severity": "HIGH", + "title": "The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does ", + "version": "1", + "year": 2013 + } + } + ] } \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_cve/agent/stream/stream.yml.hbs b/packages/tychon/data_stream/tychon_cve/agent/stream/stream.yml.hbs index 4ffa1421cc1..10abd0996dd 100644 --- a/packages/tychon/data_stream/tychon_cve/agent/stream/stream.yml.hbs +++ b/packages/tychon/data_stream/tychon_cve/agent/stream/stream.yml.hbs @@ -1,12 +1,12 @@ paths: -{{#each paths as |path|}} +{{#each paths as |path i|}} - {{path}} {{/each}} tags: {{#if preserve_original_event}} - preserve_original_event {{/if}} -{{#each tags as |tag|}} +{{#each tags as |tag i|}} - {{tag}} {{/each}} {{#contains "forwarded" tags}} @@ -19,5 +19,4 @@ processors: {{/if}} json: keys_under_root: true - expand_keys: true - + expand_keys: true \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml b/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml index f9c16f5402d..52aeab81253 100644 --- a/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml @@ -32,13 +32,15 @@ processors: field: host.ip separator: "," - script: - source: if(ctx.vulnerability.result == 'fail'){ + source: if(ctx.vulnerability?.result == 'fail'){ ctx.event.outcome = "failure" - }else if(ctx.vulnerability.result == 'pass'){ + }else if(ctx.vulnerability?.result == 'pass'){ ctx.event.outcome = "success" }else{ ctx.event.outcome = "unknown" } + - script: + source: ctx.host.mac = ctx.host.mac.replace(':','-') - set: field: event.ingested value: "{{_ingest.timestamp}}" @@ -68,5 +70,9 @@ processors: value: "{{vulnerability.version}}" on_failure: - set: + field: event.kind + value: pipeline_error + - append: field: error.message - value: "{{ _ingest.on_failure_message }}" \ No newline at end of file + value: '{{{ _ingest.on_failure_message }}}' + \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_cve/fields/ecs.yml b/packages/tychon/data_stream/tychon_cve/fields/ecs.yml index 414a6a25272..31ba2470b1f 100644 --- a/packages/tychon/data_stream/tychon_cve/fields/ecs.yml +++ b/packages/tychon/data_stream/tychon_cve/fields/ecs.yml @@ -14,16 +14,22 @@ name: event.agent_id_status - external: ecs name: event.category +- external: ecs + name: event.created - external: ecs name: event.dataset - external: ecs name: event.id +- external: ecs + name: event.ingested - external: ecs name: event.kind - external: ecs name: event.outcome - external: ecs name: event.timezone +- external: ecs + name: error.message - external: ecs name: host.architecture - external: ecs diff --git a/packages/tychon/data_stream/tychon_cve/fields/fields.yml b/packages/tychon/data_stream/tychon_cve/fields/fields.yml index dafc7b54ae8..73e3f26b98b 100644 --- a/packages/tychon/data_stream/tychon_cve/fields/fields.yml +++ b/packages/tychon/data_stream/tychon_cve/fields/fields.yml @@ -33,7 +33,7 @@ fields: - name: current_duration description: Scanner Script Duration. - type: long + type: float - name: current_time description: Current datetime. type: date @@ -61,15 +61,3 @@ - name: version description: Elastic Agent Version. type: keyword -- name: event - type: group - fields: - - name: created - description: Event Creation Datetime. - type: date - - name: ingested - description: Event Ingestion Datetime. - type: date -- name: message - description: Message content. - type: match_only_text diff --git a/packages/tychon/data_stream/tychon_cve/manifest.yml b/packages/tychon/data_stream/tychon_cve/manifest.yml index a9d9750abec..ab827e673ed 100644 --- a/packages/tychon/data_stream/tychon_cve/manifest.yml +++ b/packages/tychon/data_stream/tychon_cve/manifest.yml @@ -23,14 +23,6 @@ streams: show_user: false default: - tychon-cve - - name: preserve_original_event - required: true - show_user: true - title: Preserve original event - description: Preserves a raw copy of the original event, added to the field `event.original` - type: bool - multi: false - default: false - name: processors type: yaml title: Processors diff --git a/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-config.yml b/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-config.yml index 302199c74f9..bec4f152d4a 100644 --- a/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-config.yml +++ b/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-config.yml @@ -1,3 +1,4 @@ dynamic_fields: "@timestamp": ".*" event.ingested: ".*" + \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-expected.json b/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-expected.json index 0c75f73167c..4770163a06e 100644 --- a/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-expected.json +++ b/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-expected.json @@ -36,7 +36,7 @@ ], "ipv4": "10.1.9.112", "ipv6": "fe80::40d1:5287:42b9:5645", - "mac": "00:0C:29:EF:9A:EB", + "mac": "00-0C-29-EF-9A-EB", "oem": { "manufacturer": "", "model": "" diff --git a/packages/tychon/data_stream/tychon_epp/agent/stream/stream.yml.hbs b/packages/tychon/data_stream/tychon_epp/agent/stream/stream.yml.hbs index 10abd0996dd..f08cd0ef71d 100644 --- a/packages/tychon/data_stream/tychon_epp/agent/stream/stream.yml.hbs +++ b/packages/tychon/data_stream/tychon_epp/agent/stream/stream.yml.hbs @@ -6,7 +6,8 @@ tags: {{#if preserve_original_event}} - preserve_original_event {{/if}} -{{#each tags as |tag i|}} +{{#each tags as |tag|}} + - {{tag}} {{/each}} {{#contains "forwarded" tags}} diff --git a/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml b/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml index dd6d4f55c5b..99544a8a444 100644 --- a/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml @@ -37,10 +37,16 @@ processors: - convert: field: host.uptime type: long + - script: + source: ctx.host.mac = ctx.host.mac.replace(':','-') - convert: field: script.current_duration type: float on_failure: - set: + field: event.kind + value: pipeline_error + - append: field: error.message - value: '{{ _ingest.on_failure_message }}' \ No newline at end of file + value: '{{{ _ingest.on_failure_message }}}' + \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_epp/fields/ecs.yml b/packages/tychon/data_stream/tychon_epp/fields/ecs.yml index 6973ee9ac08..05e44a34ee0 100644 --- a/packages/tychon/data_stream/tychon_epp/fields/ecs.yml +++ b/packages/tychon/data_stream/tychon_epp/fields/ecs.yml @@ -14,10 +14,14 @@ name: ecs.version - external: ecs name: event.category +- external: ecs + name: event.created - external: ecs name: agent.ephemeral_id - external: ecs name: agent.id +- external: ecs + name: event.ingested - external: ecs name: agent.name - external: ecs @@ -30,6 +34,8 @@ name: event.dataset - external: ecs name: event.timezone +- external: ecs + name: error.message - external: ecs name: host.os.type - external: ecs diff --git a/packages/tychon/data_stream/tychon_epp/fields/fields.yml b/packages/tychon/data_stream/tychon_epp/fields/fields.yml index 9629bdb81c9..ca1d073a418 100644 --- a/packages/tychon/data_stream/tychon_epp/fields/fields.yml +++ b/packages/tychon/data_stream/tychon_epp/fields/fields.yml @@ -101,15 +101,3 @@ - name: version description: Elastic Agent Version. type: keyword -- name: event - type: group - fields: - - name: created - description: Event Creation Datetime. - type: date - - name: ingested - description: Event Ingestion Datetime. - type: date -- name: message - description: Message content. - type: match_only_text diff --git a/packages/tychon/data_stream/tychon_epp/manifest.yml b/packages/tychon/data_stream/tychon_epp/manifest.yml index d995ce56e22..021373c406c 100644 --- a/packages/tychon/data_stream/tychon_epp/manifest.yml +++ b/packages/tychon/data_stream/tychon_epp/manifest.yml @@ -22,14 +22,6 @@ streams: show_user: false default: - tychon-epp-info - - name: preserve_original_event - required: true - show_user: true - title: Preserve original event - description: Preserves a raw copy of the original event, added to the field `event.original` - type: bool - multi: false - default: false - name: processors type: yaml title: Processors diff --git a/packages/tychon/data_stream/tychon_stig/_dev/test-stig.json b/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json similarity index 100% rename from packages/tychon/data_stream/tychon_stig/_dev/test-stig.json rename to packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json diff --git a/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-expected.json b/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-expected.json index d79663e45aa..63f25a14017 100644 --- a/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-expected.json +++ b/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-expected.json @@ -1,7 +1,7 @@ { "expected": [ { - "@timestamp": "2023-07-05T13:31:29.436209572Z", + "@timestamp": "2023-07-06T19:09:34.703782139Z", "benchmark": { "generated_utc": "2023-03-28T17:40:48", "guid": "", @@ -17,7 +17,7 @@ "category": [ "host" ], - "ingested": "2023-07-05T13:31:29.436209572Z", + "ingested": "2023-07-06T19:09:34.703782139Z", "kind": "state", "module": "tychon" }, @@ -44,7 +44,7 @@ ], "ipv4": "10.1.9.112", "ipv6": "fe80::40d1:5287:42b9:5645", - "mac": "00:0C:29:EF:9A:EB", + "mac": "00-0C-29-EF-9A-EB", "oem": { "manufacturer": "", "model": "" diff --git a/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml b/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml index 39e852c5d12..d85a5e978f7 100644 --- a/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml @@ -48,6 +48,8 @@ processors: - convert: field: host.uptime type: long + - script: + source: ctx.host.mac = ctx.host.mac.replace(':','-') - convert: field: script.current_duration type: float @@ -56,5 +58,9 @@ processors: type: float on_failure: - set: + field: event.kind + value: pipeline_error + - append: field: error.message - value: '{{ _ingest.on_failure_message }}' \ No newline at end of file + value: '{{{ _ingest.on_failure_message }}}' + \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_stig/fields/ecs.yml b/packages/tychon/data_stream/tychon_stig/fields/ecs.yml index ee9115003a9..7329d8fd21c 100644 --- a/packages/tychon/data_stream/tychon_stig/fields/ecs.yml +++ b/packages/tychon/data_stream/tychon_stig/fields/ecs.yml @@ -16,10 +16,14 @@ name: ecs.version - external: ecs name: event.category +- external: ecs + name: event.created - external: ecs name: agent.ephemeral_id - external: ecs name: agent.id +- external: ecs + name: event.ingested - external: ecs name: agent.name - external: ecs @@ -32,6 +36,8 @@ name: event.dataset - external: ecs name: event.timezone +- external: ecs + name: error.message - external: ecs name: host.os.type - external: ecs diff --git a/packages/tychon/data_stream/tychon_stig/fields/fields.yml b/packages/tychon/data_stream/tychon_stig/fields/fields.yml index de898836fa7..d4d28c0b766 100644 --- a/packages/tychon/data_stream/tychon_stig/fields/fields.yml +++ b/packages/tychon/data_stream/tychon_stig/fields/fields.yml @@ -118,15 +118,3 @@ - name: version description: Elastic Agent Version. type: keyword -- name: event - type: group - fields: - - name: created - description: Event Creation Datetime. - type: date - - name: ingested - description: Event Ingestion Datetime. - type: date -- name: error.message - description: Error Message Content. - type: match_only_text diff --git a/packages/tychon/data_stream/tychon_stig/manifest.yml b/packages/tychon/data_stream/tychon_stig/manifest.yml index 03e33073008..e4d2129d452 100644 --- a/packages/tychon/data_stream/tychon_stig/manifest.yml +++ b/packages/tychon/data_stream/tychon_stig/manifest.yml @@ -22,14 +22,6 @@ streams: show_user: false default: - tychon-stig-info - - name: preserve_original_event - required: true - show_user: true - title: Preserve original event - description: Preserves a raw copy of the original event, added to the field `event.original` - type: bool - multi: false - default: false - name: processors type: yaml title: Processors diff --git a/packages/tychon/manifest.yml b/packages/tychon/manifest.yml index d2455eea0ce..429b6843ba6 100644 --- a/packages/tychon/manifest.yml +++ b/packages/tychon/manifest.yml @@ -2,7 +2,7 @@ format_version: 2.0.0 name: tychon release: beta title: "TYCHON Agentless" -version: 0.0.10 +version: 0.0.1 source: license: "Elastic-2.0" description: TYCHON Agentless delivers STIG, CVE/IAVA, and Endpoint Protection status without adding new server infrastructure or services to your endpoints. TYCHON datasets fully comply with vulnerability and STIG reporting standards and integrate into Comply-to-Connect for instant zero trust value. From f67356bc643a2efd591309f12ec3b39b9eee9624 Mon Sep 17 00:00:00 2001 From: skidmoco Date: Tue, 11 Jul 2023 18:38:49 +0000 Subject: [PATCH 25/44] Removal of host.ip~, replaced with tychon.ip~. --- .../_dev/test/pipeline/test-cve.json-expected.json | 6 ++++-- .../tychon_cve/elasticsearch/ingest_pipeline/default.yml | 6 ++++++ packages/tychon/data_stream/tychon_cve/fields/agent.yml | 6 ------ packages/tychon/data_stream/tychon_cve/fields/fields.yml | 9 +++++++++ .../_dev/test/pipeline/test-epp.json-expected.json | 6 ++++-- .../tychon_epp/elasticsearch/ingest_pipeline/default.yml | 6 ++++++ packages/tychon/data_stream/tychon_epp/fields/agent.yml | 6 ------ packages/tychon/data_stream/tychon_epp/fields/fields.yml | 9 +++++++++ .../_dev/test/pipeline/test-stig.json-expected.json | 8 +++++--- .../elasticsearch/ingest_pipeline/default.yml | 6 ++++++ packages/tychon/data_stream/tychon_stig/fields/agent.yml | 6 ------ .../tychon/data_stream/tychon_stig/fields/fields.yml | 9 +++++++++ 12 files changed, 58 insertions(+), 25 deletions(-) diff --git a/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json-expected.json b/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json-expected.json index 659c905aaa2..d257f139cd7 100644 --- a/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json-expected.json +++ b/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json-expected.json @@ -35,8 +35,6 @@ "10.1.9.112", "fe80::40d1:5287:42b9:5645" ], - "ipv4": "10.1.9.112", - "ipv6": "fe80::40d1:5287:42b9:5645", "mac": "00-0C-29-EF-9A-EB", "oem": { "manufacturer": "", @@ -63,6 +61,10 @@ "type": "powershell", "version": "0.1.0" }, + "tychon": { + "ipv4": "10.1.9.112", + "ipv6": "fe80::40d1:5287:42b9:5645" + }, "vulnerability": { "category": [ "oval" diff --git a/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml b/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml index 52aeab81253..621735453d2 100644 --- a/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml @@ -13,6 +13,12 @@ processors: - set: field: _id value: "{{id}}" + - set: + field: tychon.ipv4 + value: "{{host.ipv4}}" + - set: + field: tychon.ipv6 + value: "{{host.ipv6}}" - set: field: "@timestamp" value: "{{_ingest.timestamp}}" diff --git a/packages/tychon/data_stream/tychon_cve/fields/agent.yml b/packages/tychon/data_stream/tychon_cve/fields/agent.yml index 5c48fd15007..e380f9c03e8 100644 --- a/packages/tychon/data_stream/tychon_cve/fields/agent.yml +++ b/packages/tychon/data_stream/tychon_cve/fields/agent.yml @@ -111,12 +111,6 @@ level: core type: ip description: Host ip addresses. - - name: ipv4 - description: Host IPv4. - type: keyword - - name: ipv6 - description: Host IPv6. - type: keyword - name: mac level: core type: keyword diff --git a/packages/tychon/data_stream/tychon_cve/fields/fields.yml b/packages/tychon/data_stream/tychon_cve/fields/fields.yml index 73e3f26b98b..c3eb7390382 100644 --- a/packages/tychon/data_stream/tychon_cve/fields/fields.yml +++ b/packages/tychon/data_stream/tychon_cve/fields/fields.yml @@ -61,3 +61,12 @@ - name: version description: Elastic Agent Version. type: keyword +- name: tychon + type: group + fields: + - name: ipv4 + description: Ipv4 Address + type: ip + - name: ipv6 + description: Ipv6 Address + type: ip \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-expected.json b/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-expected.json index 4770163a06e..6fdd38e9ee3 100644 --- a/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-expected.json +++ b/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-expected.json @@ -34,8 +34,6 @@ "10.1.9.112", "fe80::40d1:5287:42b9:5645" ], - "ipv4": "10.1.9.112", - "ipv6": "fe80::40d1:5287:42b9:5645", "mac": "00-0C-29-EF-9A-EB", "oem": { "manufacturer": "", @@ -62,6 +60,10 @@ "type": "powershell", "version": "0.1.0" }, + "tychon": { + "ipv4": "10.1.9.112", + "ipv6": "fe80::40d1:5287:42b9:5645" + }, "windows_defender": { "service": { "antimalware": { diff --git a/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml b/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml index 99544a8a444..75a45b36ddc 100644 --- a/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml @@ -16,6 +16,12 @@ processors: - split: field: host.ip separator: "," + - set: + field: tychon.ipv4 + value: "{{host.ipv4}}" + - set: + field: tychon.ipv6 + value: "{{host.ipv6}}" - set: field: '@timestamp' value: '{{_ingest.timestamp}}' diff --git a/packages/tychon/data_stream/tychon_epp/fields/agent.yml b/packages/tychon/data_stream/tychon_epp/fields/agent.yml index 5c48fd15007..e380f9c03e8 100644 --- a/packages/tychon/data_stream/tychon_epp/fields/agent.yml +++ b/packages/tychon/data_stream/tychon_epp/fields/agent.yml @@ -111,12 +111,6 @@ level: core type: ip description: Host ip addresses. - - name: ipv4 - description: Host IPv4. - type: keyword - - name: ipv6 - description: Host IPv6. - type: keyword - name: mac level: core type: keyword diff --git a/packages/tychon/data_stream/tychon_epp/fields/fields.yml b/packages/tychon/data_stream/tychon_epp/fields/fields.yml index ca1d073a418..db5c5ab7cb4 100644 --- a/packages/tychon/data_stream/tychon_epp/fields/fields.yml +++ b/packages/tychon/data_stream/tychon_epp/fields/fields.yml @@ -101,3 +101,12 @@ - name: version description: Elastic Agent Version. type: keyword +- name: tychon + type: group + fields: + - name: ipv4 + description: Ipv4 Address + type: ip + - name: ipv6 + description: Ipv6 Address + type: ip diff --git a/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-expected.json b/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-expected.json index 63f25a14017..a4908d5faa2 100644 --- a/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-expected.json +++ b/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-expected.json @@ -42,8 +42,6 @@ "10.1.9.112", "fe80::40d1:5287:42b9:5645" ], - "ipv4": "10.1.9.112", - "ipv6": "fe80::40d1:5287:42b9:5645", "mac": "00-0C-29-EF-9A-EB", "oem": { "manufacturer": "", @@ -95,7 +93,11 @@ "start": "2023-06-15T20:14:11Z", "type": "powershell", "version": "0.1.0" - } + }, + "tychon": { + "ipv4": "10.1.9.112", + "ipv6": "fe80::40d1:5287:42b9:5645" + } } ] } \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml b/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml index d85a5e978f7..4e874ff0940 100644 --- a/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml @@ -45,6 +45,12 @@ processors: - split: field: host.ip separator: "," + - set: + field: tychon.ipv4 + value: "{{host.ipv4}}" + - set: + field: tychon.ipv6 + value: "{{host.ipv6}}" - convert: field: host.uptime type: long diff --git a/packages/tychon/data_stream/tychon_stig/fields/agent.yml b/packages/tychon/data_stream/tychon_stig/fields/agent.yml index 5c48fd15007..e380f9c03e8 100644 --- a/packages/tychon/data_stream/tychon_stig/fields/agent.yml +++ b/packages/tychon/data_stream/tychon_stig/fields/agent.yml @@ -111,12 +111,6 @@ level: core type: ip description: Host ip addresses. - - name: ipv4 - description: Host IPv4. - type: keyword - - name: ipv6 - description: Host IPv6. - type: keyword - name: mac level: core type: keyword diff --git a/packages/tychon/data_stream/tychon_stig/fields/fields.yml b/packages/tychon/data_stream/tychon_stig/fields/fields.yml index d4d28c0b766..937f9ed5bde 100644 --- a/packages/tychon/data_stream/tychon_stig/fields/fields.yml +++ b/packages/tychon/data_stream/tychon_stig/fields/fields.yml @@ -118,3 +118,12 @@ - name: version description: Elastic Agent Version. type: keyword +- name: tychon + type: group + fields: + - name: ipv4 + description: Ipv4 Address + type: ip + - name: ipv6 + description: Ipv6 Address + type: ip From f6c27ea6cb4b01ef5d183e8ccdf015efd13d84e6 Mon Sep 17 00:00:00 2001 From: skidmoco Date: Tue, 11 Jul 2023 18:50:29 +0000 Subject: [PATCH 26/44] added removal of host.ip~ fields to pipeline for each category area --- .../tychon_cve/elasticsearch/ingest_pipeline/default.yml | 6 ++++++ .../tychon_epp/elasticsearch/ingest_pipeline/default.yml | 6 ++++++ .../tychon_stig/elasticsearch/ingest_pipeline/default.yml | 6 ++++++ 3 files changed, 18 insertions(+) diff --git a/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml b/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml index 621735453d2..3d436425afe 100644 --- a/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml @@ -19,6 +19,12 @@ processors: - set: field: tychon.ipv6 value: "{{host.ipv6}}" + - remove: + ignore_missing: true + field: host.ipv4 + - remove: + ignore_missing: true + field: host.ipv6 - set: field: "@timestamp" value: "{{_ingest.timestamp}}" diff --git a/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml b/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml index 75a45b36ddc..3755254cfac 100644 --- a/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml @@ -22,6 +22,12 @@ processors: - set: field: tychon.ipv6 value: "{{host.ipv6}}" + - remove: + ignore_missing: true + field: host.ipv4 + - remove: + ignore_missing: true + field: host.ipv6 - set: field: '@timestamp' value: '{{_ingest.timestamp}}' diff --git a/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml b/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml index 4e874ff0940..7c49c153c69 100644 --- a/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml @@ -51,6 +51,12 @@ processors: - set: field: tychon.ipv6 value: "{{host.ipv6}}" + - remove: + ignore_missing: true + field: host.ipv4 + - remove: + ignore_missing: true + field: host.ipv6 - convert: field: host.uptime type: long From 86439dbdfc53dbc9290b83a2f32fb059e71b8e98 Mon Sep 17 00:00:00 2001 From: skidmoco Date: Wed, 12 Jul 2023 13:21:10 +0000 Subject: [PATCH 27/44] Added requested final file carriage return --- .../tychon/data_stream/tychon_cve/agent/stream/stream.yml.hbs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/packages/tychon/data_stream/tychon_cve/agent/stream/stream.yml.hbs b/packages/tychon/data_stream/tychon_cve/agent/stream/stream.yml.hbs index 10abd0996dd..aaaca095165 100644 --- a/packages/tychon/data_stream/tychon_cve/agent/stream/stream.yml.hbs +++ b/packages/tychon/data_stream/tychon_cve/agent/stream/stream.yml.hbs @@ -19,4 +19,5 @@ processors: {{/if}} json: keys_under_root: true - expand_keys: true \ No newline at end of file + expand_keys: true + \ No newline at end of file From f5734d8d4d7730584714984ada6e4103becb43e1 Mon Sep 17 00:00:00 2001 From: skidmoco Date: Thu, 13 Jul 2023 02:40:37 +0000 Subject: [PATCH 28/44] Remove iteration variable as recommended --- .../tychon/data_stream/tychon_cve/agent/stream/stream.yml.hbs | 4 ++-- .../tychon/data_stream/tychon_epp/agent/stream/stream.yml.hbs | 2 +- .../data_stream/tychon_stig/agent/stream/stream.yml.hbs | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/packages/tychon/data_stream/tychon_cve/agent/stream/stream.yml.hbs b/packages/tychon/data_stream/tychon_cve/agent/stream/stream.yml.hbs index aaaca095165..a87e5c5ef98 100644 --- a/packages/tychon/data_stream/tychon_cve/agent/stream/stream.yml.hbs +++ b/packages/tychon/data_stream/tychon_cve/agent/stream/stream.yml.hbs @@ -1,12 +1,12 @@ paths: -{{#each paths as |path i|}} +{{#each paths as |path|}} - {{path}} {{/each}} tags: {{#if preserve_original_event}} - preserve_original_event {{/if}} -{{#each tags as |tag i|}} +{{#each tags as |tag|}} - {{tag}} {{/each}} {{#contains "forwarded" tags}} diff --git a/packages/tychon/data_stream/tychon_epp/agent/stream/stream.yml.hbs b/packages/tychon/data_stream/tychon_epp/agent/stream/stream.yml.hbs index f08cd0ef71d..90702aae1c6 100644 --- a/packages/tychon/data_stream/tychon_epp/agent/stream/stream.yml.hbs +++ b/packages/tychon/data_stream/tychon_epp/agent/stream/stream.yml.hbs @@ -1,5 +1,5 @@ paths: -{{#each paths as |path i|}} +{{#each paths as |path|}} - {{path}} {{/each}} tags: diff --git a/packages/tychon/data_stream/tychon_stig/agent/stream/stream.yml.hbs b/packages/tychon/data_stream/tychon_stig/agent/stream/stream.yml.hbs index 7b2e95976fa..9d64e35f110 100644 --- a/packages/tychon/data_stream/tychon_stig/agent/stream/stream.yml.hbs +++ b/packages/tychon/data_stream/tychon_stig/agent/stream/stream.yml.hbs @@ -1,12 +1,12 @@ paths: -{{#each paths as |path i|}} +{{#each paths as |path|}} - {{path}} {{/each}} tags: {{#if preserve_original_event}} - preserve_original_event {{/if}} -{{#each tags as |tag i|}} +{{#each tags as |tag|}} - {{tag}} {{/each}} {{#contains "forwarded" tags}} From 1723f657278ee8fe38722549c807e5fe438949d8 Mon Sep 17 00:00:00 2001 From: tychon1 <137804838+tychon1@users.noreply.github.com> Date: Fri, 28 Jul 2023 20:24:17 +0000 Subject: [PATCH 29/44] Added ARF --- packages/tychon/changelog.yml | 9 +- .../_dev/test/pipeline/test-arf.json | 72 +++++++ .../test/pipeline/test-arf.json-expected.json | 72 +++++++ .../_dev/test/test-arf.json-config.yml | 3 + .../tychon_arf/agent/stream/stream.yml.hbs | 22 ++ .../elasticsearch/ingest_pipeline/default.yml | 37 ++++ .../data_stream/tychon_arf/fields/agent.yml | 190 ++++++++++++++++++ .../tychon_arf/fields/base-fields.yml | 21 ++ .../data_stream/tychon_arf/fields/ecs.yml | 2 + .../data_stream/tychon_arf/fields/fields.yml | 12 ++ .../data_stream/tychon_arf/manifest.yml | 41 ++++ .../_dev/test/pipeline/test-cve.json | 5 +- .../test/pipeline/test-cve.json-expected.json | 12 +- .../elasticsearch/ingest_pipeline/default.yml | 3 - .../_dev/test/pipeline/test-epp.json | 5 +- .../test/pipeline/test-epp.json-expected.json | 12 +- .../elasticsearch/ingest_pipeline/default.yml | 5 +- .../tychon_stig/_dev/test-stig.json | 5 +- .../pipeline/test-stig.json-expected.json | 12 +- .../elasticsearch/ingest_pipeline/default.yml | 5 +- packages/tychon/manifest.yml | 4 +- 21 files changed, 501 insertions(+), 48 deletions(-) create mode 100644 packages/tychon/data_stream/tychon_arf/_dev/test/pipeline/test-arf.json create mode 100644 packages/tychon/data_stream/tychon_arf/_dev/test/pipeline/test-arf.json-expected.json create mode 100644 packages/tychon/data_stream/tychon_arf/_dev/test/test-arf.json-config.yml create mode 100644 packages/tychon/data_stream/tychon_arf/agent/stream/stream.yml.hbs create mode 100644 packages/tychon/data_stream/tychon_arf/elasticsearch/ingest_pipeline/default.yml create mode 100644 packages/tychon/data_stream/tychon_arf/fields/agent.yml create mode 100644 packages/tychon/data_stream/tychon_arf/fields/base-fields.yml create mode 100644 packages/tychon/data_stream/tychon_arf/fields/ecs.yml create mode 100644 packages/tychon/data_stream/tychon_arf/fields/fields.yml create mode 100644 packages/tychon/data_stream/tychon_arf/manifest.yml diff --git a/packages/tychon/changelog.yml b/packages/tychon/changelog.yml index e9ee6438459..ca09744b732 100644 --- a/packages/tychon/changelog.yml +++ b/packages/tychon/changelog.yml @@ -1,6 +1,11 @@ # newer versions go on top -- version: "0.0.1" +- version: "0.0.11" + changes: + - description: Added ARF + type: enhancement + link: https://github.com/elastic/integrations/pull/1 # FIXME Replace with the real PR link +- version: "0.0.10" changes: - description: Fixed incorrect types in field.yml and cleaned up formatting type: enhancement - link: https://github.com/elastic/integrations/pull/6701 + link: https://github.com/elastic/integrations/pull/1 # FIXME Replace with the real PR link diff --git a/packages/tychon/data_stream/tychon_arf/_dev/test/pipeline/test-arf.json b/packages/tychon/data_stream/tychon_arf/_dev/test/pipeline/test-arf.json new file mode 100644 index 00000000000..eac148fc985 --- /dev/null +++ b/packages/tychon/data_stream/tychon_arf/_dev/test/pipeline/test-arf.json @@ -0,0 +1,72 @@ +{ + "events": [ + { + "agent": { + "name": "DESKTOP-TIUKL1R", + "id": "1ce3ec61-ef09-43eb-a01b-ce85a1ca1203", + "type": "filebeat", + "ephemeral_id": "2bf446f4-d97b-4bdd-a532-f0eec67823ca", + "version": "8.6.2" + }, + "log": { + "file": { + "path": "C:\\ProgramData\\TYCHONCLOUD\\eventlogs\\arf\\tychon_mer_info-20230726T193909.xml" + }, + "offset": 0 + }, + "elastic_agent": { + "id": "1ce3ec61-ef09-43eb-a01b-ce85a1ca1203", + "version": "8.6.2", + "snapshot": false + }, + "message": "", + "tags": [ + "tychon-arf" + ], + "input": { + "type": "log" + }, + "@timestamp": "2023-07-28T17:51:27.156598630Z", + "ecs": { + "version": "8.8.0" + }, + "data_stream": { + "namespace": "default", + "type": "logs", + "dataset": "tychon.tychon_arf" + }, + "host": { + "hostname": "DESKTOP-TIUKL1R", + "os": { + "build": "22000.2176", + "kernel": "10.0.22000.2176 (WinBuild.160101.0800)", + "name": "Windows 11 Education N", + "family": "windows", + "type": "windows", + "version": "10.0", + "platform": "windows" + }, + "ip": [ + "fe80::40d1:5287:42b9:5645", + "10.1.9.112" + ], + "name": "DESKTOP-TIUKL1R", + "id": "a6353cf9-a98a-4526-9dbb-9362c34318b0", + "mac": [ + "00-0C-29-EF-9A-EB" + ], + "architecture": "x86_64" + }, + "id": "a6353cf9-a98a-4526-9dbb-9362c34318b0_tychon_mer_info-20230726T193909.xml", + "event": { + "agent_id_status": "verified", + "ingested": "2023-07-28T17:51:27Z", + "timezone": "-04:00", + "category": [ + "arf" + ], + "dataset": "tychon.tychon_arf" + } + } + ] +} \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_arf/_dev/test/pipeline/test-arf.json-expected.json b/packages/tychon/data_stream/tychon_arf/_dev/test/pipeline/test-arf.json-expected.json new file mode 100644 index 00000000000..18ad86e21c1 --- /dev/null +++ b/packages/tychon/data_stream/tychon_arf/_dev/test/pipeline/test-arf.json-expected.json @@ -0,0 +1,72 @@ +{ + "expected": [ + { + "agent": { + "name": "DESKTOP-TIUKL1R", + "id": "1ce3ec61-ef09-43eb-a01b-ce85a1ca1203", + "type": "filebeat", + "ephemeral_id": "2bf446f4-d97b-4bdd-a532-f0eec67823ca", + "version": "8.6.2" + }, + "log": { + "file": { + "path": "C:\\ProgramData\\TYCHONCLOUD\\eventlogs\\arf\\tychon_mer_info-20230726T193909.xml" + }, + "offset": 0 + }, + "elastic_agent": { + "id": "1ce3ec61-ef09-43eb-a01b-ce85a1ca1203", + "version": "8.6.2", + "snapshot": false + }, + "message": "", + "tags": [ + "tychon-arf" + ], + "input": { + "type": "log" + }, + "@timestamp": "2023-07-28T17:51:27.156598630Z", + "ecs": { + "version": "8.8.0" + }, + "data_stream": { + "namespace": "default", + "type": "logs", + "dataset": "tychon.tychon_arf" + }, + "host": { + "hostname": "DESKTOP-TIUKL1R", + "os": { + "build": "22000.2176", + "kernel": "10.0.22000.2176 (WinBuild.160101.0800)", + "name": "Windows 11 Education N", + "family": "windows", + "type": "windows", + "version": "10.0", + "platform": "windows" + }, + "ip": [ + "fe80::40d1:5287:42b9:5645", + "10.1.9.112" + ], + "name": "DESKTOP-TIUKL1R", + "id": "a6353cf9-a98a-4526-9dbb-9362c34318b0", + "mac": [ + "00-0C-29-EF-9A-EB" + ], + "architecture": "x86_64" + }, + "id": "a6353cf9-a98a-4526-9dbb-9362c34318b0_tychon_mer_info-20230726T193909.xml", + "event": { + "agent_id_status": "verified", + "ingested": "2023-07-28T17:51:27Z", + "timezone": "-04:00", + "category": [ + "arf" + ], + "dataset": "tychon.tychon_arf" + } + } + ] +} \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_arf/_dev/test/test-arf.json-config.yml b/packages/tychon/data_stream/tychon_arf/_dev/test/test-arf.json-config.yml new file mode 100644 index 00000000000..302199c74f9 --- /dev/null +++ b/packages/tychon/data_stream/tychon_arf/_dev/test/test-arf.json-config.yml @@ -0,0 +1,3 @@ +dynamic_fields: + "@timestamp": ".*" + event.ingested: ".*" diff --git a/packages/tychon/data_stream/tychon_arf/agent/stream/stream.yml.hbs b/packages/tychon/data_stream/tychon_arf/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..067e06cfc36 --- /dev/null +++ b/packages/tychon/data_stream/tychon_arf/agent/stream/stream.yml.hbs @@ -0,0 +1,22 @@ +paths: +{{#each paths as |path i|}} + - {{path}} +{{/each}} +tags: +{{#if preserve_original_event}} + - preserve_original_event +{{/if}} +{{#each tags as |tag i|}} + - {{tag}} +{{/each}} +{{#contains "forwarded" tags}} +publisher_pipeline.disable_host: true +{{/contains}} +processors: +- add_locale: ~ +{{#if processors}} +{{processors}} +{{/if}} +json: + keys_under_root: true + expand_keys: true \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_arf/elasticsearch/ingest_pipeline/default.yml b/packages/tychon/data_stream/tychon_arf/elasticsearch/ingest_pipeline/default.yml new file mode 100644 index 00000000000..396d0d94bd4 --- /dev/null +++ b/packages/tychon/data_stream/tychon_arf/elasticsearch/ingest_pipeline/default.yml @@ -0,0 +1,37 @@ +--- +description: Pipeline for parsing TYCHON ARF Results +processors: + - dot_expander: + field: "*" + - set: + if: ctx.containsKey("tychon") && ctx.tychon.containsKey("id") + field: host.id + value: "{{tychon.id}}" + - remove: + if: ctx.containsKey("tychon") && ctx.tychon.containsKey("id") + field: 'tychon' + - script: + source: ctx.id=ctx.host.id + "_" + ctx.log.file.path.splitOnToken('\\')[5] + - set: + field: _id + value: "{{id}}" + - set: + field: "@timestamp" + value: "{{_ingest.timestamp}}" + - set: + field: ecs.version + value: 8.8.0 + - set: + field: event.category + value: [arf] + - set: + field: event.ingested + value: "{{_ingest.timestamp}}" +on_failure: + - set: + field: event.kind + value: pipeline_error + - append: + field: error.message + value: '{{{ _ingest.on_failure_message }}}' + \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_arf/fields/agent.yml b/packages/tychon/data_stream/tychon_arf/fields/agent.yml new file mode 100644 index 00000000000..5c48fd15007 --- /dev/null +++ b/packages/tychon/data_stream/tychon_arf/fields/agent.yml @@ -0,0 +1,190 @@ +- name: cloud + title: Cloud + group: 2 + description: Fields related to the cloud or infrastructure the events are coming from. + footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' + type: group + fields: + - name: account.id + level: extended + type: keyword + ignore_above: 1024 + description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. + + Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' + example: 666777888999 + - name: availability_zone + level: extended + type: keyword + ignore_above: 1024 + description: Availability zone in which this host is running. + example: us-east-1c + - name: instance.id + level: extended + type: keyword + ignore_above: 1024 + description: Instance ID of the host machine. + example: i-1234567890abcdef0 + - name: instance.name + level: extended + type: keyword + ignore_above: 1024 + description: Instance name of the host machine. + - name: machine.type + level: extended + type: keyword + ignore_above: 1024 + description: Machine type of the host machine. + example: t2.medium + - name: provider + level: extended + type: keyword + ignore_above: 1024 + description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. + example: aws + - name: region + level: extended + type: keyword + ignore_above: 1024 + description: Region in which this host is running. + example: us-east-1 + - name: project.id + type: keyword + description: Name of the project in Google Cloud. + - name: image.id + type: keyword + description: Image ID for the cloud instance. +- name: container + title: Container + group: 2 + description: 'Container fields are used for meta information about the specific container that is the source of information. + + These fields help correlate data based containers from any runtime.' + type: group + fields: + - name: id + level: core + type: keyword + ignore_above: 1024 + description: Unique container id. + - name: image.name + level: extended + type: keyword + ignore_above: 1024 + description: Name of the image the container was built on. + - name: name + level: extended + type: keyword + ignore_above: 1024 + description: Container name. +- name: host + title: Host + group: 2 + description: 'A host is defined as a general computing instance. + + ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' + type: group + fields: + - name: id + description: Unique host id. As hostname is not always unique, use values that are meaningful in your environment. + type: keyword + - name: biossn + description: Host BIOS Serial Number. + type: keyword + - name: domain + level: extended + type: keyword + ignore_above: 1024 + description: 'Name of the domain of which the host is a member. + + For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' + example: CONTOSO + default_field: false + - name: hostname + level: core + type: keyword + ignore_above: 1024 + description: 'Hostname of the host. + + It normally contains what the `hostname` command returns on the host machine.' + - name: ip + level: core + type: ip + description: Host ip addresses. + - name: ipv4 + description: Host IPv4. + type: keyword + - name: ipv6 + description: Host IPv6. + type: keyword + - name: mac + level: core + type: keyword + ignore_above: 1024 + description: Host mac addresses. + - name: type + description: Type of host. For Cloud providers this can be the machine type like t2.medium. If vm, this could be the container, for example, or other information meaningful in your environment. + type: keyword + - name: uptime + description: Seconds the host has been up. + type: long + - name: workgroup + description: Host Workgroup Network Name. + type: keyword + - name: oem + type: group + fields: + - name: manufacturer + description: Host OEM Manufacturer. + type: keyword + - name: model + description: Host OEM Model. + type: keyword + - name: os + type: group + fields: + - name: build + description: Host OS Build. + type: keyword + - name: description + description: Host OS Description. + type: keyword + - name: family + description: OS family (such as redhat, debian, freebsd, windows). + type: keyword + - name: name + description: Operating system name, without the version. + type: keyword + - name: organization + description: Host OS Organization. + type: keyword + - name: version + description: Operating system version as a raw string. + type: keyword + - name: hardware + type: group + fields: + - name: bios + type: group + fields: + - name: name + description: Host BIOS Name. + type: keyword + - name: version + description: Host BIOS Version. + type: keyword + - name: cpu + type: group + fields: + - name: caption + description: Host CPU Caption. + type: keyword + - name: manufacturer + description: Host BIOS Manufacturer. + type: keyword + - name: owner + description: Host BIOS Owner. + type: keyword + - name: serial_number + description: Host BIOS Serial Number. + type: keyword diff --git a/packages/tychon/data_stream/tychon_arf/fields/base-fields.yml b/packages/tychon/data_stream/tychon_arf/fields/base-fields.yml new file mode 100644 index 00000000000..44a26fd137a --- /dev/null +++ b/packages/tychon/data_stream/tychon_arf/fields/base-fields.yml @@ -0,0 +1,21 @@ +- name: input.type + description: Source file type. + type: keyword +- name: log.offset + description: Source file current offset. + type: long +- name: data_stream.type + type: constant_keyword + description: Data stream type. +- name: data_stream.dataset + type: constant_keyword + description: Data stream dataset. +- name: data_stream.namespace + type: constant_keyword + description: Data stream namespace. +- name: event.module + type: keyword + description: Event module. +- name: '@timestamp' + description: Event timestamp. + type: date diff --git a/packages/tychon/data_stream/tychon_arf/fields/ecs.yml b/packages/tychon/data_stream/tychon_arf/fields/ecs.yml new file mode 100644 index 00000000000..32b642ce16c --- /dev/null +++ b/packages/tychon/data_stream/tychon_arf/fields/ecs.yml @@ -0,0 +1,2 @@ +- external: ecs + name: ecs.version diff --git a/packages/tychon/data_stream/tychon_arf/fields/fields.yml b/packages/tychon/data_stream/tychon_arf/fields/fields.yml new file mode 100644 index 00000000000..3467c3de3a2 --- /dev/null +++ b/packages/tychon/data_stream/tychon_arf/fields/fields.yml @@ -0,0 +1,12 @@ +- name: id + description: Tychon Unique ARF Id. + type: keyword +- name: message + description: Message content. + type: match_only_text +- name: log.file.path + description: log file path + type: keyword +- name: tags + description: tags + type: keyword \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_arf/manifest.yml b/packages/tychon/data_stream/tychon_arf/manifest.yml new file mode 100644 index 00000000000..9efe6432eba --- /dev/null +++ b/packages/tychon/data_stream/tychon_arf/manifest.yml @@ -0,0 +1,41 @@ +title: ARF Data +type: logs +streams: + - input: logfile + title: ARF Data + description: ARF Data + template_path: stream.yml.hbs + vars: + - name: paths + type: text + title: ARF Data + multi: true + required: true + show_user: true + default: + - C:\ProgramData\TYCHONCLOUD\eventlogs\arf\*.xml + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: false + default: + - tychon-arf + - name: preserve_original_event + required: true + show_user: true + title: Preserve original event + description: Preserves a raw copy of the original event, added to the field `event.original` + type: bool + multi: false + default: false + - name: processors + type: yaml + title: Processors + multi: false + required: false + show_user: false + description: > + Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details. + diff --git a/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json b/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json index 48102616f71..c374a3da522 100644 --- a/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json +++ b/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json @@ -11,7 +11,7 @@ "host.hardware.serial_number": "VMware-56 4d da 1c 0a cf 55 aa-ff 70 b5 c7 ba ef 9a eb", "host.hostname": "DESKTOP-TIUKL1R", "host.id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP", - "host.ip": "10.1.9.112,fe80::40d1:5287:42b9:5645", + "host.ip": "10.1.9.112", "host.ipv4": "10.1.9.112", "host.ipv6": "fe80::40d1:5287:42b9:5645", "host.mac": "00:0C:29:EF:9A:EB", @@ -48,5 +48,4 @@ "vulnerability.year": "2013" } ] -} - \ No newline at end of file +} \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json-expected.json b/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json-expected.json index d0c4773dc27..9e0c2839baf 100644 --- a/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json-expected.json +++ b/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json-expected.json @@ -1,7 +1,7 @@ { "expected": [ { - "@timestamp": "2023-07-06T19:09:34.276302828Z", + "@timestamp": "2023-07-28T18:14:38.394883461Z", "ecs": { "version": "8.8.0" }, @@ -9,7 +9,7 @@ "category": [ "vulnerability" ], - "ingested": "2023-07-06T19:09:34.276302828Z", + "ingested": "2023-07-28T18:14:38.394883461Z", "kind": "state", "module": "tychon", "outcome": "failure" @@ -31,10 +31,7 @@ }, "hostname": "DESKTOP-TIUKL1R", "id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP", - "ip": [ - "10.1.9.112", - "fe80::40d1:5287:42b9:5645" - ], + "ip": "10.1.9.112", "ipv4": "10.1.9.112", "ipv6": "fe80::40d1:5287:42b9:5645", "mac": "00-0C-29-EF-9A-EB", @@ -88,5 +85,4 @@ } } ] -} - \ No newline at end of file +} \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml b/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml index 52aeab81253..d41c3f5800c 100644 --- a/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml @@ -28,9 +28,6 @@ processors: - set: field: event.category value: [vulnerability] - - split: - field: host.ip - separator: "," - script: source: if(ctx.vulnerability?.result == 'fail'){ ctx.event.outcome = "failure" diff --git a/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json b/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json index 56393dbe70c..0b8a26266de 100644 --- a/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json +++ b/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json @@ -6,7 +6,7 @@ "windows_defender.service.antispyware.signature_version": "1.391.1546.0", "script.type": "powershell", "host.os.build": "22000", - "host.ip": "10.1.9.112,fe80::40d1:5287:42b9:5645", + "host.ip": "10.1.9.112", "windows_defender.service.antivirus.quick_scan.signature_version": "1.391.1470.0", "host.hostname": "DESKTOP-TIUKL1R", "host.hardware.manufacturer": "VMware, Inc.", @@ -50,5 +50,4 @@ "host.os.family": "Windows" } ] -} - \ No newline at end of file +} \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-expected.json b/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-expected.json index ad268b5abb5..9eca4e0f51d 100644 --- a/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-expected.json +++ b/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-expected.json @@ -1,7 +1,7 @@ { "expected": [ { - "@timestamp": "2023-07-06T19:09:34.495470581Z", + "@timestamp": "2023-07-28T18:14:38.878742881Z", "ecs": { "version": "8.8.0" }, @@ -9,7 +9,7 @@ "category": [ "host" ], - "ingested": "2023-07-06T19:09:34.495470581Z", + "ingested": "2023-07-28T18:14:38.878742881Z", "kind": "state", "module": "tychon" }, @@ -30,10 +30,7 @@ }, "hostname": "DESKTOP-TIUKL1R", "id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP", - "ip": [ - "10.1.9.112", - "fe80::40d1:5287:42b9:5645" - ], + "ip": "10.1.9.112", "ipv4": "10.1.9.112", "ipv6": "fe80::40d1:5287:42b9:5645", "mac": "00-0C-29-EF-9A-EB", @@ -103,5 +100,4 @@ } } ] -} - \ No newline at end of file +} \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml b/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml index a83bbb3146f..b58e313c779 100644 --- a/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml @@ -13,9 +13,6 @@ processors: - set: field: '_id' value: '{{id}}' - - split: - field: host.ip - separator: "," - set: field: '@timestamp' value: '{{_ingest.timestamp}}' @@ -49,4 +46,4 @@ on_failure: - append: field: error.message value: '{{{ _ingest.on_failure_message }}}' - \ No newline at end of file + \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_stig/_dev/test-stig.json b/packages/tychon/data_stream/tychon_stig/_dev/test-stig.json index c62a5f5899a..d8b1adf8574 100644 --- a/packages/tychon/data_stream/tychon_stig/_dev/test-stig.json +++ b/packages/tychon/data_stream/tychon_stig/_dev/test-stig.json @@ -9,7 +9,7 @@ "rule.oval.refid": "", "script.type": "powershell", "host.os.build": "22000", - "host.ip": "10.1.9.112,fe80::40d1:5287:42b9:5645", + "host.ip": "10.1.9.112", "rule.name": "xccdf_mil.disa.stig_rule_SV-253254r828846_rule", "script.version": "0.1.0", "host.hostname": "DESKTOP-TIUKL1R", @@ -57,5 +57,4 @@ "host.os.family": "Windows" } ] -} - \ No newline at end of file +} \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-expected.json b/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-expected.json index 7703aa69994..4837d4948a2 100644 --- a/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-expected.json +++ b/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-expected.json @@ -1,7 +1,7 @@ { "expected": [ { - "@timestamp": "2023-07-06T19:09:34.703782139Z", + "@timestamp": "2023-07-28T18:14:39.219921509Z", "benchmark": { "generated_utc": "2023-03-28T17:40:48", "guid": "", @@ -17,7 +17,7 @@ "category": [ "host" ], - "ingested": "2023-07-06T19:09:34.703782139Z", + "ingested": "2023-07-28T18:14:39.219921509Z", "kind": "state", "module": "tychon" }, @@ -38,10 +38,7 @@ }, "hostname": "DESKTOP-TIUKL1R", "id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP", - "ip": [ - "10.1.9.112", - "fe80::40d1:5287:42b9:5645" - ], + "ip": "10.1.9.112", "ipv4": "10.1.9.112", "ipv6": "fe80::40d1:5287:42b9:5645", "mac": "00-0C-29-EF-9A-EB", @@ -98,5 +95,4 @@ } } ] -} - \ No newline at end of file +} \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml b/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml index 42602dab138..cc176a0e5e7 100644 --- a/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml @@ -42,9 +42,6 @@ processors: - set: field: event.ingested value: '{{_ingest.timestamp}}' - - split: - field: host.ip - separator: "," - convert: field: host.uptime type: long @@ -63,4 +60,4 @@ on_failure: - append: field: error.message value: '{{{ _ingest.on_failure_message }}}' - \ No newline at end of file + \ No newline at end of file diff --git a/packages/tychon/manifest.yml b/packages/tychon/manifest.yml index d2455eea0ce..e1d7b316894 100644 --- a/packages/tychon/manifest.yml +++ b/packages/tychon/manifest.yml @@ -2,7 +2,7 @@ format_version: 2.0.0 name: tychon release: beta title: "TYCHON Agentless" -version: 0.0.10 +version: 0.0.11 source: license: "Elastic-2.0" description: TYCHON Agentless delivers STIG, CVE/IAVA, and Endpoint Protection status without adding new server infrastructure or services to your endpoints. TYCHON datasets fully comply with vulnerability and STIG reporting standards and integrate into Comply-to-Connect for instant zero trust value. @@ -32,4 +32,4 @@ policy_templates: title: Tychon description: Tychon owner: - github: elastic/security-external-integrations + github: elastic/integrations From c4404a80441369044095c1d83473a5ce1a373189 Mon Sep 17 00:00:00 2001 From: joeperuzzi <122561341+joeperuzzi@users.noreply.github.com> Date: Mon, 31 Jul 2023 11:20:32 +0000 Subject: [PATCH 30/44] Updating description of vulnerability ds --- packages/tychon/data_stream/tychon_cve/manifest.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/tychon/data_stream/tychon_cve/manifest.yml b/packages/tychon/data_stream/tychon_cve/manifest.yml index ab827e673ed..c4ab3376931 100644 --- a/packages/tychon/data_stream/tychon_cve/manifest.yml +++ b/packages/tychon/data_stream/tychon_cve/manifest.yml @@ -3,7 +3,7 @@ type: logs streams: - input: logfile title: Vulnerabilites - description: Vulnerabilites + description: TYCHON reports on tens of thousands of Vulnerabilites, this data stream reads in the results as upserts to your Elastic database. template_path: stream.yml.hbs vars: - name: paths From 9a76695cfdc3a3de4337bad374e786743943f763 Mon Sep 17 00:00:00 2001 From: tychon1 <137804838+tychon1@users.noreply.github.com> Date: Tue, 8 Aug 2023 17:42:53 +0000 Subject: [PATCH 31/44] Converted pipeline method to gsub --- .../tychon_cve/elasticsearch/ingest_pipeline/default.yml | 6 ++++-- .../tychon_epp/elasticsearch/ingest_pipeline/default.yml | 6 ++++-- .../tychon_stig/elasticsearch/ingest_pipeline/default.yml | 6 ++++-- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml b/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml index d41c3f5800c..ddacab8ca67 100644 --- a/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml @@ -36,8 +36,10 @@ processors: }else{ ctx.event.outcome = "unknown" } - - script: - source: ctx.host.mac = ctx.host.mac.replace(':','-') + - gsub: + field: host.mac + pattern: ":" + replacement: "-" - set: field: event.ingested value: "{{_ingest.timestamp}}" diff --git a/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml b/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml index b58e313c779..cb95027c45f 100644 --- a/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml @@ -34,8 +34,10 @@ processors: - convert: field: host.uptime type: long - - script: - source: ctx.host.mac = ctx.host.mac.replace(':','-') + - gsub: + field: host.mac + pattern: ":" + replacement: "-" - convert: field: script.current_duration type: float diff --git a/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml b/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml index cc176a0e5e7..d6031dc0855 100644 --- a/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml @@ -45,8 +45,10 @@ processors: - convert: field: host.uptime type: long - - script: - source: ctx.host.mac = ctx.host.mac.replace(':','-') + - gsub: + field: host.mac + pattern: ":" + replacement: "-" - convert: field: script.current_duration type: float From f72e9add56e1e2a3947cde1cdac161419b0cc6be Mon Sep 17 00:00:00 2001 From: tychon1 <137804838+tychon1@users.noreply.github.com> Date: Tue, 8 Aug 2023 18:16:14 +0000 Subject: [PATCH 32/44] Updated script to yaml pipe syntax --- .../tychon_cve/elasticsearch/ingest_pipeline/default.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml b/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml index ddacab8ca67..32e231b9bb3 100644 --- a/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml @@ -29,7 +29,8 @@ processors: field: event.category value: [vulnerability] - script: - source: if(ctx.vulnerability?.result == 'fail'){ + source: | + if(ctx.vulnerability?.result == 'fail'){ ctx.event.outcome = "failure" }else if(ctx.vulnerability?.result == 'pass'){ ctx.event.outcome = "success" From 2b70820e13d90fb31f7e41ad25461093ec0768fb Mon Sep 17 00:00:00 2001 From: joeperuzzi <122561341+joeperuzzi@users.noreply.github.com> Date: Wed, 9 Aug 2023 12:12:51 +0000 Subject: [PATCH 33/44] Changes to be committed: modified: packages/tychon/changelog.yml modified: packages/tychon/data_stream/tychon_cve/_dev/test/test-cve.json-config.yml modified: packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml modified: packages/tychon/data_stream/tychon_cve/fields/ecs.yml modified: packages/tychon/data_stream/tychon_cve/fields/fields.yml modified: packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-config.yml modified: packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml modified: packages/tychon/data_stream/tychon_epp/fields/ecs.yml modified: packages/tychon/data_stream/tychon_epp/fields/fields.yml modified: packages/tychon/data_stream/tychon_epp/manifest.yml modified: packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-config.yml modified: packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml modified: packages/tychon/data_stream/tychon_stig/fields/ecs.yml modified: packages/tychon/data_stream/tychon_stig/fields/fields.yml modified: packages/tychon/data_stream/tychon_stig/manifest.yml --- packages/tychon/changelog.yml | 2 +- .../data_stream/tychon_cve/_dev/test/test-cve.json-config.yml | 1 - .../tychon_cve/elasticsearch/ingest_pipeline/default.yml | 1 - packages/tychon/data_stream/tychon_cve/fields/ecs.yml | 1 - packages/tychon/data_stream/tychon_cve/fields/fields.yml | 1 - .../tychon_epp/_dev/test/pipeline/test-epp.json-config.yml | 1 - .../tychon_epp/elasticsearch/ingest_pipeline/default.yml | 1 - packages/tychon/data_stream/tychon_epp/fields/ecs.yml | 1 - packages/tychon/data_stream/tychon_epp/fields/fields.yml | 1 - packages/tychon/data_stream/tychon_epp/manifest.yml | 1 - .../tychon_stig/_dev/test/pipeline/test-stig.json-config.yml | 1 - .../tychon_stig/elasticsearch/ingest_pipeline/default.yml | 1 - packages/tychon/data_stream/tychon_stig/fields/ecs.yml | 1 - packages/tychon/data_stream/tychon_stig/fields/fields.yml | 1 - packages/tychon/data_stream/tychon_stig/manifest.yml | 1 - 15 files changed, 1 insertion(+), 15 deletions(-) diff --git a/packages/tychon/changelog.yml b/packages/tychon/changelog.yml index ca09744b732..f0e0bae3fd3 100644 --- a/packages/tychon/changelog.yml +++ b/packages/tychon/changelog.yml @@ -3,7 +3,7 @@ changes: - description: Added ARF type: enhancement - link: https://github.com/elastic/integrations/pull/1 # FIXME Replace with the real PR link + link: https://github.com/joeperuzzi/integrations/pull/5 # FIXME Replace with the real PR link - version: "0.0.10" changes: - description: Fixed incorrect types in field.yml and cleaned up formatting diff --git a/packages/tychon/data_stream/tychon_cve/_dev/test/test-cve.json-config.yml b/packages/tychon/data_stream/tychon_cve/_dev/test/test-cve.json-config.yml index cc4eab12c27..3187160a159 100644 --- a/packages/tychon/data_stream/tychon_cve/_dev/test/test-cve.json-config.yml +++ b/packages/tychon/data_stream/tychon_cve/_dev/test/test-cve.json-config.yml @@ -1,4 +1,3 @@ dynamic_fields: "@timestamp": ".*" event.ingested: ".*" - \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml b/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml index 32e231b9bb3..6f75d685144 100644 --- a/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml @@ -75,4 +75,3 @@ on_failure: - append: field: error.message value: '{{{ _ingest.on_failure_message }}}' - \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_cve/fields/ecs.yml b/packages/tychon/data_stream/tychon_cve/fields/ecs.yml index f2dd36504fd..31ba2470b1f 100644 --- a/packages/tychon/data_stream/tychon_cve/fields/ecs.yml +++ b/packages/tychon/data_stream/tychon_cve/fields/ecs.yml @@ -62,4 +62,3 @@ name: vulnerability.score.version - external: ecs name: vulnerability.severity - \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_cve/fields/fields.yml b/packages/tychon/data_stream/tychon_cve/fields/fields.yml index c306c9656ea..73e3f26b98b 100644 --- a/packages/tychon/data_stream/tychon_cve/fields/fields.yml +++ b/packages/tychon/data_stream/tychon_cve/fields/fields.yml @@ -61,4 +61,3 @@ - name: version description: Elastic Agent Version. type: keyword - \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-config.yml b/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-config.yml index e72281ddac3..302199c74f9 100644 --- a/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-config.yml +++ b/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-config.yml @@ -1,4 +1,3 @@ dynamic_fields: "@timestamp": ".*" event.ingested: ".*" - \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml b/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml index cb95027c45f..cb5c6ab2f5b 100644 --- a/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml @@ -48,4 +48,3 @@ on_failure: - append: field: error.message value: '{{{ _ingest.on_failure_message }}}' - \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_epp/fields/ecs.yml b/packages/tychon/data_stream/tychon_epp/fields/ecs.yml index 8fd10f807e4..05e44a34ee0 100644 --- a/packages/tychon/data_stream/tychon_epp/fields/ecs.yml +++ b/packages/tychon/data_stream/tychon_epp/fields/ecs.yml @@ -50,4 +50,3 @@ name: host.os.kernel - external: ecs name: host.os.platform - \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_epp/fields/fields.yml b/packages/tychon/data_stream/tychon_epp/fields/fields.yml index aba5a7a2daf..ca1d073a418 100644 --- a/packages/tychon/data_stream/tychon_epp/fields/fields.yml +++ b/packages/tychon/data_stream/tychon_epp/fields/fields.yml @@ -101,4 +101,3 @@ - name: version description: Elastic Agent Version. type: keyword - \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_epp/manifest.yml b/packages/tychon/data_stream/tychon_epp/manifest.yml index cfd691f4fd0..c7770ac7802 100644 --- a/packages/tychon/data_stream/tychon_epp/manifest.yml +++ b/packages/tychon/data_stream/tychon_epp/manifest.yml @@ -30,4 +30,3 @@ streams: show_user: false description: > Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details. - \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-config.yml b/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-config.yml index e72281ddac3..302199c74f9 100644 --- a/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-config.yml +++ b/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-config.yml @@ -1,4 +1,3 @@ dynamic_fields: "@timestamp": ".*" event.ingested: ".*" - \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml b/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml index d6031dc0855..03241eeb187 100644 --- a/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml @@ -62,4 +62,3 @@ on_failure: - append: field: error.message value: '{{{ _ingest.on_failure_message }}}' - \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_stig/fields/ecs.yml b/packages/tychon/data_stream/tychon_stig/fields/ecs.yml index 7d0cb9f058c..7329d8fd21c 100644 --- a/packages/tychon/data_stream/tychon_stig/fields/ecs.yml +++ b/packages/tychon/data_stream/tychon_stig/fields/ecs.yml @@ -52,4 +52,3 @@ name: host.os.kernel - external: ecs name: host.os.platform - \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_stig/fields/fields.yml b/packages/tychon/data_stream/tychon_stig/fields/fields.yml index 1b6ec9e9b6f..d4d28c0b766 100644 --- a/packages/tychon/data_stream/tychon_stig/fields/fields.yml +++ b/packages/tychon/data_stream/tychon_stig/fields/fields.yml @@ -118,4 +118,3 @@ - name: version description: Elastic Agent Version. type: keyword - \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_stig/manifest.yml b/packages/tychon/data_stream/tychon_stig/manifest.yml index 95baf5f1b36..10c1782b32e 100644 --- a/packages/tychon/data_stream/tychon_stig/manifest.yml +++ b/packages/tychon/data_stream/tychon_stig/manifest.yml @@ -30,4 +30,3 @@ streams: show_user: false description: > Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details. - \ No newline at end of file From 681f1f5d0abb7671c9301eed8c14ece195a202e4 Mon Sep 17 00:00:00 2001 From: joeperuzzi <122561341+joeperuzzi@users.noreply.github.com> Date: Wed, 9 Aug 2023 12:21:44 +0000 Subject: [PATCH 34/44] Changes to be committed: modified: packages/tychon/data_stream/tychon_stig/manifest.yml --- packages/tychon/data_stream/tychon_stig/manifest.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/packages/tychon/data_stream/tychon_stig/manifest.yml b/packages/tychon/data_stream/tychon_stig/manifest.yml index e4d2129d452..10c1782b32e 100644 --- a/packages/tychon/data_stream/tychon_stig/manifest.yml +++ b/packages/tychon/data_stream/tychon_stig/manifest.yml @@ -30,4 +30,3 @@ streams: show_user: false description: > Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details. - From 7dc7b0fce15bece6b6eaea38a0021b7a5c4ce017 Mon Sep 17 00:00:00 2001 From: joeperuzzi <122561341+joeperuzzi@users.noreply.github.com> Date: Wed, 9 Aug 2023 12:33:47 +0000 Subject: [PATCH 35/44] Changes to be committed: modified: packages/tychon/changelog.yml --- packages/tychon/changelog.yml | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/packages/tychon/changelog.yml b/packages/tychon/changelog.yml index f0e0bae3fd3..77e22bb4a15 100644 --- a/packages/tychon/changelog.yml +++ b/packages/tychon/changelog.yml @@ -1,11 +1,5 @@ -# newer versions go on top -- version: "0.0.11" - changes: - - description: Added ARF - type: enhancement - link: https://github.com/joeperuzzi/integrations/pull/5 # FIXME Replace with the real PR link - version: "0.0.10" changes: - description: Fixed incorrect types in field.yml and cleaned up formatting type: enhancement - link: https://github.com/elastic/integrations/pull/1 # FIXME Replace with the real PR link + link: https://github.com/joeperuzzi/integrations/pull/5 # FIXME Replace with the real PR link From cf48b301482f757bbb184b6f2af2b70d2c0adf8e Mon Sep 17 00:00:00 2001 From: tychon1 <137804838+tychon1@users.noreply.github.com> Date: Wed, 9 Aug 2023 11:06:42 -0400 Subject: [PATCH 36/44] Delete test-arf.json-config.yml --- .../data_stream/tychon_arf/_dev/test/test-arf.json-config.yml | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 packages/tychon/data_stream/tychon_arf/_dev/test/test-arf.json-config.yml diff --git a/packages/tychon/data_stream/tychon_arf/_dev/test/test-arf.json-config.yml b/packages/tychon/data_stream/tychon_arf/_dev/test/test-arf.json-config.yml deleted file mode 100644 index 302199c74f9..00000000000 --- a/packages/tychon/data_stream/tychon_arf/_dev/test/test-arf.json-config.yml +++ /dev/null @@ -1,3 +0,0 @@ -dynamic_fields: - "@timestamp": ".*" - event.ingested: ".*" From a4803e3d6692c70fce4754fbca2a2d1913217767 Mon Sep 17 00:00:00 2001 From: tychon1 <137804838+tychon1@users.noreply.github.com> Date: Wed, 9 Aug 2023 11:08:00 -0400 Subject: [PATCH 37/44] Create test-arf.json-config.yml --- .../tychon_arf/_dev/test/pipeline/test-arf.json-config.yml | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 packages/tychon/data_stream/tychon_arf/_dev/test/pipeline/test-arf.json-config.yml diff --git a/packages/tychon/data_stream/tychon_arf/_dev/test/pipeline/test-arf.json-config.yml b/packages/tychon/data_stream/tychon_arf/_dev/test/pipeline/test-arf.json-config.yml new file mode 100644 index 00000000000..302199c74f9 --- /dev/null +++ b/packages/tychon/data_stream/tychon_arf/_dev/test/pipeline/test-arf.json-config.yml @@ -0,0 +1,3 @@ +dynamic_fields: + "@timestamp": ".*" + event.ingested: ".*" From a9a38fc64a79060c58b39c4fae41bb43c349bfea Mon Sep 17 00:00:00 2001 From: tychon1 <137804838+tychon1@users.noreply.github.com> Date: Wed, 9 Aug 2023 11:10:34 -0400 Subject: [PATCH 38/44] Update default.yml --- .../elasticsearch/ingest_pipeline/default.yml | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml b/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml index e63a11d4973..6f75d685144 100644 --- a/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml @@ -13,18 +13,6 @@ processors: - set: field: _id value: "{{id}}" - - set: - field: tychon.ipv4 - value: "{{host.ipv4}}" - - set: - field: tychon.ipv6 - value: "{{host.ipv6}}" - - remove: - ignore_missing: true - field: host.ipv4 - - remove: - ignore_missing: true - field: host.ipv6 - set: field: "@timestamp" value: "{{_ingest.timestamp}}" From b20ed4b610028dc6c1413d6670e7623a8eabfa4a Mon Sep 17 00:00:00 2001 From: tychon1 <137804838+tychon1@users.noreply.github.com> Date: Wed, 9 Aug 2023 11:11:11 -0400 Subject: [PATCH 39/44] Update default.yml --- .../elasticsearch/ingest_pipeline/default.yml | 21 ------------------- 1 file changed, 21 deletions(-) diff --git a/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml b/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml index 636835a30a7..cb5c6ab2f5b 100644 --- a/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml @@ -13,18 +13,6 @@ processors: - set: field: '_id' value: '{{id}}' - - set: - field: tychon.ipv4 - value: "{{host.ipv4}}" - - set: - field: tychon.ipv6 - value: "{{host.ipv6}}" - - remove: - ignore_missing: true - field: host.ipv4 - - remove: - ignore_missing: true - field: host.ipv6 - set: field: '@timestamp' value: '{{_ingest.timestamp}}' @@ -46,15 +34,10 @@ processors: - convert: field: host.uptime type: long -<<<<<<< HEAD - - script: - source: ctx.host.mac = ctx.host.mac.replace(':','-') -======= - gsub: field: host.mac pattern: ":" replacement: "-" ->>>>>>> bruceUpdates - convert: field: script.current_duration type: float @@ -65,7 +48,3 @@ on_failure: - append: field: error.message value: '{{{ _ingest.on_failure_message }}}' -<<<<<<< HEAD - -======= ->>>>>>> bruceUpdates From 73b7b79dd6c266dfc610efa4310b298f602a488c Mon Sep 17 00:00:00 2001 From: tychon1 <137804838+tychon1@users.noreply.github.com> Date: Wed, 9 Aug 2023 11:11:38 -0400 Subject: [PATCH 40/44] Update test-epp.json-expected.json --- .../test/pipeline/test-epp.json-expected.json | 204 +++++++++--------- 1 file changed, 100 insertions(+), 104 deletions(-) diff --git a/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-expected.json b/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-expected.json index 1cdcfc71a9a..51130b21f3d 100644 --- a/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-expected.json +++ b/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-expected.json @@ -1,107 +1,103 @@ { - "expected": [ - { - "@timestamp": "2023-07-28T18:14:38.878742881Z", - "ecs": { - "version": "8.8.0" - }, - "event": { - "category": [ - "host" - ], - "ingested": "2023-07-28T18:14:38.878742881Z", - "kind": "state", - "module": "tychon" - }, - "host": { - "biossn": "1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB", - "domain": "", - "hardware": { - "bios": { - "name": "Phoenix Technologies LTD", - "version": "6.00" - }, - "cpu": { - "caption": "Intel64 Family 6 Model 45 Stepping 7" - }, - "manufacturer": "VMware, Inc.", - "owner": "dcuser", - "serial_number": "VMware-56 4d da 1c 0a cf 55 aa-ff 70 b5 c7 ba ef 9a eb" - }, - "hostname": "DESKTOP-TIUKL1R", - "id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP", - "ip": "10.1.9.112", - "ipv4": "10.1.9.112", - "ipv6": "fe80::40d1:5287:42b9:5645", - "mac": "00-0C-29-EF-9A-EB", - "oem": { - "manufacturer": "", - "model": "" - }, - "os": { - "build": "22000", - "description": "", - "family": "Windows", - "name": "Microsoft Windows 11 Education N", - "organization": "", - "version": "10.0.22000" - }, - "type": "Workstation", - "uptime": 139304, - "workgroup": "WORKGROUP" - }, - "id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP", - "script": { - "current_duration": 1129.2, - "current_time": "2023-06-15T20:13:04Z", - "name": "Get-TychonEppSetting.ps1", - "start": "2023-06-15T20:13:03Z", - "type": "powershell", - "version": "0.1.0" - }, - "tychon": { + "expected": [ + { + "@timestamp": "2023-07-28T18:14:38.878742881Z", + "ecs": { + "version": "8.8.0" + }, + "event": { + "category": [ + "host" + ], + "ingested": "2023-07-28T18:14:38.878742881Z", + "kind": "state", + "module": "tychon" + }, + "host": { + "biossn": "1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB", + "domain": "", + "hardware": { + "bios": { + "name": "Phoenix Technologies LTD", + "version": "6.00" + }, + "cpu": { + "caption": "Intel64 Family 6 Model 45 Stepping 7" + }, + "manufacturer": "VMware, Inc.", + "owner": "dcuser", + "serial_number": "VMware-56 4d da 1c 0a cf 55 aa-ff 70 b5 c7 ba ef 9a eb" + }, + "hostname": "DESKTOP-TIUKL1R", + "id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP", + "ip": "10.1.9.112", "ipv4": "10.1.9.112", - "ipv6": "fe80::40d1:5287:42b9:5645" + "ipv6": "fe80::40d1:5287:42b9:5645", + "mac": "00-0C-29-EF-9A-EB", + "oem": { + "manufacturer": "", + "model": "" + }, + "os": { + "build": "22000", + "description": "", + "family": "Windows", + "name": "Microsoft Windows 11 Education N", + "organization": "", + "version": "10.0.22000" + }, + "type": "Workstation", + "uptime": 139304, + "workgroup": "WORKGROUP" + }, + "id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP", + "script": { + "current_duration": 1129.2, + "current_time": "2023-06-15T20:13:04Z", + "name": "Get-TychonEppSetting.ps1", + "start": "2023-06-15T20:13:03Z", + "type": "powershell", + "version": "0.1.0" }, - "windows_defender": { - "service": { - "antimalware": { - "engine_version": "1.1.23050.3", - "product_version": "4.18.23050.5", - "status": "Enabled" - }, - "antispyware": { - "signature_version": "1.391.1546.0", - "status": "Enabled" - }, - "antivirus": { - "full_scan": { - "signature_version": "" - }, - "quick_scan": { - "signature_version": "1.391.1470.0" - }, - "status": "Enabled" - }, - "behavior_monitor": { - "status": "Enabled" - }, - "ioav_protection": { - "status": "Enabled" - }, - "nis": { - "engine_version": "1.1.23050.3", - "signature_version": "1.391.1546.0", - "status": "Enabled" - }, - "on_access_protection": { - "status": "Enabled" - }, - "real_time_protection": { - "status": "Enabled" - } - } - } - } - ] -} \ No newline at end of file + "windows_defender": { + "service": { + "antimalware": { + "engine_version": "1.1.23050.3", + "product_version": "4.18.23050.5", + "status": "Enabled" + }, + "antispyware": { + "signature_version": "1.391.1546.0", + "status": "Enabled" + }, + "antivirus": { + "full_scan": { + "signature_version": "" + }, + "quick_scan": { + "signature_version": "1.391.1470.0" + }, + "status": "Enabled" + }, + "behavior_monitor": { + "status": "Enabled" + }, + "ioav_protection": { + "status": "Enabled" + }, + "nis": { + "engine_version": "1.1.23050.3", + "signature_version": "1.391.1546.0", + "status": "Enabled" + }, + "on_access_protection": { + "status": "Enabled" + }, + "real_time_protection": { + "status": "Enabled" + } + } + } + } + ] +} From 63a0620e6f8ac7a760f495fa90f915e352ba9e83 Mon Sep 17 00:00:00 2001 From: tychon1 <137804838+tychon1@users.noreply.github.com> Date: Wed, 9 Aug 2023 11:12:20 -0400 Subject: [PATCH 41/44] Update default.yml --- .../elasticsearch/ingest_pipeline/default.yml | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml b/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml index e615d180d7f..41c4482de43 100644 --- a/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml +++ b/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml @@ -42,21 +42,6 @@ processors: - set: field: event.ingested value: '{{_ingest.timestamp}}' - - split: - field: host.ip - separator: "," - - set: - field: tychon.ipv4 - value: "{{host.ipv4}}" - - set: - field: tychon.ipv6 - value: "{{host.ipv6}}" - - remove: - ignore_missing: true - field: host.ipv4 - - remove: - ignore_missing: true - field: host.ipv6 - convert: field: host.uptime type: long From c1ba00f48fa865066a1205ff965c2d0514630c2f Mon Sep 17 00:00:00 2001 From: tychon1 <137804838+tychon1@users.noreply.github.com> Date: Wed, 9 Aug 2023 11:12:53 -0400 Subject: [PATCH 42/44] Update test-stig.json-expected.json --- .../pipeline/test-stig.json-expected.json | 194 +++++++++--------- 1 file changed, 95 insertions(+), 99 deletions(-) diff --git a/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-expected.json b/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-expected.json index 75a15695565..8f7e9630636 100644 --- a/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-expected.json +++ b/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-expected.json @@ -1,102 +1,98 @@ { - "expected": [ - { - "@timestamp": "2023-07-28T18:14:39.219921509Z", - "benchmark": { - "generated_utc": "2023-03-28T17:40:48", - "guid": "", - "hash": "B5876182441699AE4B0B035ED3907DA0898FCA4BDE607D5320342F1862DE0379", - "name": "scap_mil.disa.stig_cref_U_MS_Windows_11_V1R2_STIG_SCAP_1-2_Benchmark-xccdf.xml", - "title": "scap_mil.disa.stig_cref_U_MS_Windows_11_V1R2_STIG_SCAP_1-2_Benchmark-xccdf.xml", - "version": "1.2" - }, - "ecs": { - "version": "8.8.0" - }, - "event": { - "category": [ - "host" - ], - "ingested": "2023-07-28T18:14:39.219921509Z", - "kind": "state", - "module": "tychon" - }, - "host": { - "biossn": "1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB", - "domain": "", - "hardware": { - "bios": { - "name": "Phoenix Technologies LTD", - "version": "6.00" - }, - "cpu": { - "caption": "Intel64 Family 6 Model 45 Stepping 7" - }, - "manufacturer": "VMware, Inc.", - "owner": "dcuser", - "serial_number": "VMware-56 4d da 1c 0a cf 55 aa-ff 70 b5 c7 ba ef 9a eb" - }, - "hostname": "DESKTOP-TIUKL1R", - "id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP", - "ip": "10.1.9.112", - "ipv4": "10.1.9.112", - "ipv6": "fe80::40d1:5287:42b9:5645", - "mac": "00-0C-29-EF-9A-EB", - "oem": { - "manufacturer": "", - "model": "" - }, - "os": { - "build": "22000", - "description": "", - "family": "Windows", - "name": "Microsoft Windows 11 Education N", - "organization": "", - "version": "10.0.22000" - }, - "type": "Workstation", - "uptime": 139370, - "workgroup": "WORKGROUP" - }, - "id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP_oval:mil.disa.stig.windows11:def:253254_B5876182441699AE4B0B035ED3907DA0898FCA4BDE607D5320342F1862DE0379", - "oval": { - "class": "compliance", - "id": "oval:mil.disa.stig.windows11:def:253254", - "refid": "" - }, - "rule": { - "benchmark": { - "guid": "", - "profile": { - "id": "xccdf_mil.disa.stig_profile_Disable_Slow_Rules" - }, - "title": "scap_mil.disa.stig_cref_U_MS_Windows_11_V1R2_STIG_SCAP_1-2_Benchmark-xccdf.xml" - }, - "finding_id": "", - "id": "", - "name": "xccdf_mil.disa.stig_rule_SV-253254r828846_rule", - "oval": { - "class": "compliance", - "id": "oval:mil.disa.stig.windows11:def:253254", - "refid": "" - }, - "result": "not applicable", - "severity": "medium", - "title": "", - "weight": 10.0 - }, - "script": { - "current_duration": 324194.34, - "current_time": "2023-06-15T20:19:35Z", - "name": "Invoke-TychonStigBenchmarkScan.ps1", - "start": "2023-06-15T20:14:11Z", - "type": "powershell", - "version": "0.1.0" - }, - "tychon": { + "expected": [ + { + "@timestamp": "2023-07-28T18:14:39.219921509Z", + "benchmark": { + "generated_utc": "2023-03-28T17:40:48", + "guid": "", + "hash": "B5876182441699AE4B0B035ED3907DA0898FCA4BDE607D5320342F1862DE0379", + "name": "scap_mil.disa.stig_cref_U_MS_Windows_11_V1R2_STIG_SCAP_1-2_Benchmark-xccdf.xml", + "title": "scap_mil.disa.stig_cref_U_MS_Windows_11_V1R2_STIG_SCAP_1-2_Benchmark-xccdf.xml", + "version": "1.2" + }, + "ecs": { + "version": "8.8.0" + }, + "event": { + "category": [ + "host" + ], + "ingested": "2023-07-28T18:14:39.219921509Z", + "kind": "state", + "module": "tychon" + }, + "host": { + "biossn": "1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB", + "domain": "", + "hardware": { + "bios": { + "name": "Phoenix Technologies LTD", + "version": "6.00" + }, + "cpu": { + "caption": "Intel64 Family 6 Model 45 Stepping 7" + }, + "manufacturer": "VMware, Inc.", + "owner": "dcuser", + "serial_number": "VMware-56 4d da 1c 0a cf 55 aa-ff 70 b5 c7 ba ef 9a eb" + }, + "hostname": "DESKTOP-TIUKL1R", + "id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP", + "ip": "10.1.9.112", "ipv4": "10.1.9.112", - "ipv6": "fe80::40d1:5287:42b9:5645" + "ipv6": "fe80::40d1:5287:42b9:5645", + "mac": "00-0C-29-EF-9A-EB", + "oem": { + "manufacturer": "", + "model": "" + }, + "os": { + "build": "22000", + "description": "", + "family": "Windows", + "name": "Microsoft Windows 11 Education N", + "organization": "", + "version": "10.0.22000" + }, + "type": "Workstation", + "uptime": 139370, + "workgroup": "WORKGROUP" + }, + "id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP_oval:mil.disa.stig.windows11:def:253254_B5876182441699AE4B0B035ED3907DA0898FCA4BDE607D5320342F1862DE0379", + "oval": { + "class": "compliance", + "id": "oval:mil.disa.stig.windows11:def:253254", + "refid": "" + }, + "rule": { + "benchmark": { + "guid": "", + "profile": { + "id": "xccdf_mil.disa.stig_profile_Disable_Slow_Rules" + }, + "title": "scap_mil.disa.stig_cref_U_MS_Windows_11_V1R2_STIG_SCAP_1-2_Benchmark-xccdf.xml" + }, + "finding_id": "", + "id": "", + "name": "xccdf_mil.disa.stig_rule_SV-253254r828846_rule", + "oval": { + "class": "compliance", + "id": "oval:mil.disa.stig.windows11:def:253254", + "refid": "" + }, + "result": "not applicable", + "severity": "medium", + "title": "", + "weight": 10.0 + }, + "script": { + "current_duration": 324194.34, + "current_time": "2023-06-15T20:19:35Z", + "name": "Invoke-TychonStigBenchmarkScan.ps1", + "start": "2023-06-15T20:14:11Z", + "type": "powershell", + "version": "0.1.0" } - } - ] -} \ No newline at end of file + } + ] +} From 6256e4ce9137f9aa39db2ba52a45974fec5629e1 Mon Sep 17 00:00:00 2001 From: Bruce Hodge Date: Wed, 9 Aug 2023 14:07:17 -0400 Subject: [PATCH 43/44] updated fields --- .../tychon/data_stream/tychon_cve/fields/agent.yml | 8 ++++++++ .../tychon/data_stream/tychon_epp/fields/agent.yml | 8 ++++++++ .../tychon/data_stream/tychon_epp/fields/fields.yml | 6 ++++++ .../tychon/data_stream/tychon_stig/fields/agent.yml | 8 ++++++++ .../tychon/data_stream/tychon_stig/fields/fields.yml | 10 ++++++++-- 5 files changed, 38 insertions(+), 2 deletions(-) diff --git a/packages/tychon/data_stream/tychon_cve/fields/agent.yml b/packages/tychon/data_stream/tychon_cve/fields/agent.yml index e380f9c03e8..4542034fdd6 100644 --- a/packages/tychon/data_stream/tychon_cve/fields/agent.yml +++ b/packages/tychon/data_stream/tychon_cve/fields/agent.yml @@ -111,6 +111,14 @@ level: core type: ip description: Host ip addresses. + - name: ipv4 + level: core + type: keyword + description: Host ip v4 addresses. + - name: ipv6 + level: core + type: keyword + description: Host ip v6 addresses. - name: mac level: core type: keyword diff --git a/packages/tychon/data_stream/tychon_epp/fields/agent.yml b/packages/tychon/data_stream/tychon_epp/fields/agent.yml index e380f9c03e8..4542034fdd6 100644 --- a/packages/tychon/data_stream/tychon_epp/fields/agent.yml +++ b/packages/tychon/data_stream/tychon_epp/fields/agent.yml @@ -111,6 +111,14 @@ level: core type: ip description: Host ip addresses. + - name: ipv4 + level: core + type: keyword + description: Host ip v4 addresses. + - name: ipv6 + level: core + type: keyword + description: Host ip v6 addresses. - name: mac level: core type: keyword diff --git a/packages/tychon/data_stream/tychon_epp/fields/fields.yml b/packages/tychon/data_stream/tychon_epp/fields/fields.yml index ca1d073a418..4b80ceabc31 100644 --- a/packages/tychon/data_stream/tychon_epp/fields/fields.yml +++ b/packages/tychon/data_stream/tychon_epp/fields/fields.yml @@ -101,3 +101,9 @@ - name: version description: Elastic Agent Version. type: keyword +- name: host.epp.product + description: Epp products installed + type: keyword +- name: host.trellix.product + description: trellix products installed + type: keyword diff --git a/packages/tychon/data_stream/tychon_stig/fields/agent.yml b/packages/tychon/data_stream/tychon_stig/fields/agent.yml index e380f9c03e8..4542034fdd6 100644 --- a/packages/tychon/data_stream/tychon_stig/fields/agent.yml +++ b/packages/tychon/data_stream/tychon_stig/fields/agent.yml @@ -111,6 +111,14 @@ level: core type: ip description: Host ip addresses. + - name: ipv4 + level: core + type: keyword + description: Host ip v4 addresses. + - name: ipv6 + level: core + type: keyword + description: Host ip v6 addresses. - name: mac level: core type: keyword diff --git a/packages/tychon/data_stream/tychon_stig/fields/fields.yml b/packages/tychon/data_stream/tychon_stig/fields/fields.yml index d4d28c0b766..864e77b3f8f 100644 --- a/packages/tychon/data_stream/tychon_stig/fields/fields.yml +++ b/packages/tychon/data_stream/tychon_stig/fields/fields.yml @@ -49,15 +49,21 @@ - name: finding_id description: Benchmark Rule Finding Identifier. type: keyword + - name: result + description: Benchmark Rule Results. + type: keyword - name: severity description: Benchmark Severity Status. type: keyword - - name: result - description: Benchmark Rule Results. + - name: stig_id + description: Stig rule id type: keyword - name: title description: Benchmark Rule Title. type: keyword + - name: vulnerability_id + description: Rule vulnerability id. + type: keyword - name: weight description: Benchmark Rule Weight. type: float From ad8c478a21f7345c67467d6887aa9782225bfe4c Mon Sep 17 00:00:00 2001 From: Bruce Hodge Date: Wed, 9 Aug 2023 14:21:11 -0400 Subject: [PATCH 44/44] Removed ARF --- .../_dev/test/pipeline/test-arf.json | 72 ------- .../test/pipeline/test-arf.json-config.yml | 3 - .../test/pipeline/test-arf.json-expected.json | 72 ------- .../tychon_arf/agent/stream/stream.yml.hbs | 22 -- .../elasticsearch/ingest_pipeline/default.yml | 37 ---- .../data_stream/tychon_arf/fields/agent.yml | 190 ------------------ .../tychon_arf/fields/base-fields.yml | 21 -- .../data_stream/tychon_arf/fields/ecs.yml | 2 - .../data_stream/tychon_arf/fields/fields.yml | 12 -- .../data_stream/tychon_arf/manifest.yml | 41 ---- 10 files changed, 472 deletions(-) delete mode 100644 packages/tychon/data_stream/tychon_arf/_dev/test/pipeline/test-arf.json delete mode 100644 packages/tychon/data_stream/tychon_arf/_dev/test/pipeline/test-arf.json-config.yml delete mode 100644 packages/tychon/data_stream/tychon_arf/_dev/test/pipeline/test-arf.json-expected.json delete mode 100644 packages/tychon/data_stream/tychon_arf/agent/stream/stream.yml.hbs delete mode 100644 packages/tychon/data_stream/tychon_arf/elasticsearch/ingest_pipeline/default.yml delete mode 100644 packages/tychon/data_stream/tychon_arf/fields/agent.yml delete mode 100644 packages/tychon/data_stream/tychon_arf/fields/base-fields.yml delete mode 100644 packages/tychon/data_stream/tychon_arf/fields/ecs.yml delete mode 100644 packages/tychon/data_stream/tychon_arf/fields/fields.yml delete mode 100644 packages/tychon/data_stream/tychon_arf/manifest.yml diff --git a/packages/tychon/data_stream/tychon_arf/_dev/test/pipeline/test-arf.json b/packages/tychon/data_stream/tychon_arf/_dev/test/pipeline/test-arf.json deleted file mode 100644 index eac148fc985..00000000000 --- a/packages/tychon/data_stream/tychon_arf/_dev/test/pipeline/test-arf.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "events": [ - { - "agent": { - "name": "DESKTOP-TIUKL1R", - "id": "1ce3ec61-ef09-43eb-a01b-ce85a1ca1203", - "type": "filebeat", - "ephemeral_id": "2bf446f4-d97b-4bdd-a532-f0eec67823ca", - "version": "8.6.2" - }, - "log": { - "file": { - "path": "C:\\ProgramData\\TYCHONCLOUD\\eventlogs\\arf\\tychon_mer_info-20230726T193909.xml" - }, - "offset": 0 - }, - "elastic_agent": { - "id": "1ce3ec61-ef09-43eb-a01b-ce85a1ca1203", - "version": "8.6.2", - "snapshot": false - }, - "message": "", - "tags": [ - "tychon-arf" - ], - "input": { - "type": "log" - }, - "@timestamp": "2023-07-28T17:51:27.156598630Z", - "ecs": { - "version": "8.8.0" - }, - "data_stream": { - "namespace": "default", - "type": "logs", - "dataset": "tychon.tychon_arf" - }, - "host": { - "hostname": "DESKTOP-TIUKL1R", - "os": { - "build": "22000.2176", - "kernel": "10.0.22000.2176 (WinBuild.160101.0800)", - "name": "Windows 11 Education N", - "family": "windows", - "type": "windows", - "version": "10.0", - "platform": "windows" - }, - "ip": [ - "fe80::40d1:5287:42b9:5645", - "10.1.9.112" - ], - "name": "DESKTOP-TIUKL1R", - "id": "a6353cf9-a98a-4526-9dbb-9362c34318b0", - "mac": [ - "00-0C-29-EF-9A-EB" - ], - "architecture": "x86_64" - }, - "id": "a6353cf9-a98a-4526-9dbb-9362c34318b0_tychon_mer_info-20230726T193909.xml", - "event": { - "agent_id_status": "verified", - "ingested": "2023-07-28T17:51:27Z", - "timezone": "-04:00", - "category": [ - "arf" - ], - "dataset": "tychon.tychon_arf" - } - } - ] -} \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_arf/_dev/test/pipeline/test-arf.json-config.yml b/packages/tychon/data_stream/tychon_arf/_dev/test/pipeline/test-arf.json-config.yml deleted file mode 100644 index 302199c74f9..00000000000 --- a/packages/tychon/data_stream/tychon_arf/_dev/test/pipeline/test-arf.json-config.yml +++ /dev/null @@ -1,3 +0,0 @@ -dynamic_fields: - "@timestamp": ".*" - event.ingested: ".*" diff --git a/packages/tychon/data_stream/tychon_arf/_dev/test/pipeline/test-arf.json-expected.json b/packages/tychon/data_stream/tychon_arf/_dev/test/pipeline/test-arf.json-expected.json deleted file mode 100644 index 18ad86e21c1..00000000000 --- a/packages/tychon/data_stream/tychon_arf/_dev/test/pipeline/test-arf.json-expected.json +++ /dev/null @@ -1,72 +0,0 @@ -{ - "expected": [ - { - "agent": { - "name": "DESKTOP-TIUKL1R", - "id": "1ce3ec61-ef09-43eb-a01b-ce85a1ca1203", - "type": "filebeat", - "ephemeral_id": "2bf446f4-d97b-4bdd-a532-f0eec67823ca", - "version": "8.6.2" - }, - "log": { - "file": { - "path": "C:\\ProgramData\\TYCHONCLOUD\\eventlogs\\arf\\tychon_mer_info-20230726T193909.xml" - }, - "offset": 0 - }, - "elastic_agent": { - "id": "1ce3ec61-ef09-43eb-a01b-ce85a1ca1203", - "version": "8.6.2", - "snapshot": false - }, - "message": "", - "tags": [ - "tychon-arf" - ], - "input": { - "type": "log" - }, - "@timestamp": "2023-07-28T17:51:27.156598630Z", - "ecs": { - "version": "8.8.0" - }, - "data_stream": { - "namespace": "default", - "type": "logs", - "dataset": "tychon.tychon_arf" - }, - "host": { - "hostname": "DESKTOP-TIUKL1R", - "os": { - "build": "22000.2176", - "kernel": "10.0.22000.2176 (WinBuild.160101.0800)", - "name": "Windows 11 Education N", - "family": "windows", - "type": "windows", - "version": "10.0", - "platform": "windows" - }, - "ip": [ - "fe80::40d1:5287:42b9:5645", - "10.1.9.112" - ], - "name": "DESKTOP-TIUKL1R", - "id": "a6353cf9-a98a-4526-9dbb-9362c34318b0", - "mac": [ - "00-0C-29-EF-9A-EB" - ], - "architecture": "x86_64" - }, - "id": "a6353cf9-a98a-4526-9dbb-9362c34318b0_tychon_mer_info-20230726T193909.xml", - "event": { - "agent_id_status": "verified", - "ingested": "2023-07-28T17:51:27Z", - "timezone": "-04:00", - "category": [ - "arf" - ], - "dataset": "tychon.tychon_arf" - } - } - ] -} \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_arf/agent/stream/stream.yml.hbs b/packages/tychon/data_stream/tychon_arf/agent/stream/stream.yml.hbs deleted file mode 100644 index 067e06cfc36..00000000000 --- a/packages/tychon/data_stream/tychon_arf/agent/stream/stream.yml.hbs +++ /dev/null @@ -1,22 +0,0 @@ -paths: -{{#each paths as |path i|}} - - {{path}} -{{/each}} -tags: -{{#if preserve_original_event}} - - preserve_original_event -{{/if}} -{{#each tags as |tag i|}} - - {{tag}} -{{/each}} -{{#contains "forwarded" tags}} -publisher_pipeline.disable_host: true -{{/contains}} -processors: -- add_locale: ~ -{{#if processors}} -{{processors}} -{{/if}} -json: - keys_under_root: true - expand_keys: true \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_arf/elasticsearch/ingest_pipeline/default.yml b/packages/tychon/data_stream/tychon_arf/elasticsearch/ingest_pipeline/default.yml deleted file mode 100644 index 396d0d94bd4..00000000000 --- a/packages/tychon/data_stream/tychon_arf/elasticsearch/ingest_pipeline/default.yml +++ /dev/null @@ -1,37 +0,0 @@ ---- -description: Pipeline for parsing TYCHON ARF Results -processors: - - dot_expander: - field: "*" - - set: - if: ctx.containsKey("tychon") && ctx.tychon.containsKey("id") - field: host.id - value: "{{tychon.id}}" - - remove: - if: ctx.containsKey("tychon") && ctx.tychon.containsKey("id") - field: 'tychon' - - script: - source: ctx.id=ctx.host.id + "_" + ctx.log.file.path.splitOnToken('\\')[5] - - set: - field: _id - value: "{{id}}" - - set: - field: "@timestamp" - value: "{{_ingest.timestamp}}" - - set: - field: ecs.version - value: 8.8.0 - - set: - field: event.category - value: [arf] - - set: - field: event.ingested - value: "{{_ingest.timestamp}}" -on_failure: - - set: - field: event.kind - value: pipeline_error - - append: - field: error.message - value: '{{{ _ingest.on_failure_message }}}' - \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_arf/fields/agent.yml b/packages/tychon/data_stream/tychon_arf/fields/agent.yml deleted file mode 100644 index 5c48fd15007..00000000000 --- a/packages/tychon/data_stream/tychon_arf/fields/agent.yml +++ /dev/null @@ -1,190 +0,0 @@ -- name: cloud - title: Cloud - group: 2 - description: Fields related to the cloud or infrastructure the events are coming from. - footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.' - type: group - fields: - - name: account.id - level: extended - type: keyword - ignore_above: 1024 - description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment. - - Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.' - example: 666777888999 - - name: availability_zone - level: extended - type: keyword - ignore_above: 1024 - description: Availability zone in which this host is running. - example: us-east-1c - - name: instance.id - level: extended - type: keyword - ignore_above: 1024 - description: Instance ID of the host machine. - example: i-1234567890abcdef0 - - name: instance.name - level: extended - type: keyword - ignore_above: 1024 - description: Instance name of the host machine. - - name: machine.type - level: extended - type: keyword - ignore_above: 1024 - description: Machine type of the host machine. - example: t2.medium - - name: provider - level: extended - type: keyword - ignore_above: 1024 - description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean. - example: aws - - name: region - level: extended - type: keyword - ignore_above: 1024 - description: Region in which this host is running. - example: us-east-1 - - name: project.id - type: keyword - description: Name of the project in Google Cloud. - - name: image.id - type: keyword - description: Image ID for the cloud instance. -- name: container - title: Container - group: 2 - description: 'Container fields are used for meta information about the specific container that is the source of information. - - These fields help correlate data based containers from any runtime.' - type: group - fields: - - name: id - level: core - type: keyword - ignore_above: 1024 - description: Unique container id. - - name: image.name - level: extended - type: keyword - ignore_above: 1024 - description: Name of the image the container was built on. - - name: name - level: extended - type: keyword - ignore_above: 1024 - description: Container name. -- name: host - title: Host - group: 2 - description: 'A host is defined as a general computing instance. - - ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' - type: group - fields: - - name: id - description: Unique host id. As hostname is not always unique, use values that are meaningful in your environment. - type: keyword - - name: biossn - description: Host BIOS Serial Number. - type: keyword - - name: domain - level: extended - type: keyword - ignore_above: 1024 - description: 'Name of the domain of which the host is a member. - - For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.' - example: CONTOSO - default_field: false - - name: hostname - level: core - type: keyword - ignore_above: 1024 - description: 'Hostname of the host. - - It normally contains what the `hostname` command returns on the host machine.' - - name: ip - level: core - type: ip - description: Host ip addresses. - - name: ipv4 - description: Host IPv4. - type: keyword - - name: ipv6 - description: Host IPv6. - type: keyword - - name: mac - level: core - type: keyword - ignore_above: 1024 - description: Host mac addresses. - - name: type - description: Type of host. For Cloud providers this can be the machine type like t2.medium. If vm, this could be the container, for example, or other information meaningful in your environment. - type: keyword - - name: uptime - description: Seconds the host has been up. - type: long - - name: workgroup - description: Host Workgroup Network Name. - type: keyword - - name: oem - type: group - fields: - - name: manufacturer - description: Host OEM Manufacturer. - type: keyword - - name: model - description: Host OEM Model. - type: keyword - - name: os - type: group - fields: - - name: build - description: Host OS Build. - type: keyword - - name: description - description: Host OS Description. - type: keyword - - name: family - description: OS family (such as redhat, debian, freebsd, windows). - type: keyword - - name: name - description: Operating system name, without the version. - type: keyword - - name: organization - description: Host OS Organization. - type: keyword - - name: version - description: Operating system version as a raw string. - type: keyword - - name: hardware - type: group - fields: - - name: bios - type: group - fields: - - name: name - description: Host BIOS Name. - type: keyword - - name: version - description: Host BIOS Version. - type: keyword - - name: cpu - type: group - fields: - - name: caption - description: Host CPU Caption. - type: keyword - - name: manufacturer - description: Host BIOS Manufacturer. - type: keyword - - name: owner - description: Host BIOS Owner. - type: keyword - - name: serial_number - description: Host BIOS Serial Number. - type: keyword diff --git a/packages/tychon/data_stream/tychon_arf/fields/base-fields.yml b/packages/tychon/data_stream/tychon_arf/fields/base-fields.yml deleted file mode 100644 index 44a26fd137a..00000000000 --- a/packages/tychon/data_stream/tychon_arf/fields/base-fields.yml +++ /dev/null @@ -1,21 +0,0 @@ -- name: input.type - description: Source file type. - type: keyword -- name: log.offset - description: Source file current offset. - type: long -- name: data_stream.type - type: constant_keyword - description: Data stream type. -- name: data_stream.dataset - type: constant_keyword - description: Data stream dataset. -- name: data_stream.namespace - type: constant_keyword - description: Data stream namespace. -- name: event.module - type: keyword - description: Event module. -- name: '@timestamp' - description: Event timestamp. - type: date diff --git a/packages/tychon/data_stream/tychon_arf/fields/ecs.yml b/packages/tychon/data_stream/tychon_arf/fields/ecs.yml deleted file mode 100644 index 32b642ce16c..00000000000 --- a/packages/tychon/data_stream/tychon_arf/fields/ecs.yml +++ /dev/null @@ -1,2 +0,0 @@ -- external: ecs - name: ecs.version diff --git a/packages/tychon/data_stream/tychon_arf/fields/fields.yml b/packages/tychon/data_stream/tychon_arf/fields/fields.yml deleted file mode 100644 index 3467c3de3a2..00000000000 --- a/packages/tychon/data_stream/tychon_arf/fields/fields.yml +++ /dev/null @@ -1,12 +0,0 @@ -- name: id - description: Tychon Unique ARF Id. - type: keyword -- name: message - description: Message content. - type: match_only_text -- name: log.file.path - description: log file path - type: keyword -- name: tags - description: tags - type: keyword \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_arf/manifest.yml b/packages/tychon/data_stream/tychon_arf/manifest.yml deleted file mode 100644 index 9efe6432eba..00000000000 --- a/packages/tychon/data_stream/tychon_arf/manifest.yml +++ /dev/null @@ -1,41 +0,0 @@ -title: ARF Data -type: logs -streams: - - input: logfile - title: ARF Data - description: ARF Data - template_path: stream.yml.hbs - vars: - - name: paths - type: text - title: ARF Data - multi: true - required: true - show_user: true - default: - - C:\ProgramData\TYCHONCLOUD\eventlogs\arf\*.xml - - name: tags - type: text - title: Tags - multi: true - required: true - show_user: false - default: - - tychon-arf - - name: preserve_original_event - required: true - show_user: true - title: Preserve original event - description: Preserves a raw copy of the original event, added to the field `event.original` - type: bool - multi: false - default: false - - name: processors - type: yaml - title: Processors - multi: false - required: false - show_user: false - description: > - Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details. -