From a70c435cd6972a4b76eb8f0762afb30c5eab6729 Mon Sep 17 00:00:00 2001 From: Nick Jenkins Date: Wed, 18 Dec 2024 11:45:23 +1100 Subject: [PATCH] Sophos Central 3rd Party Ingestion --- sophos_central/.env.yml | 52 ++++++ sophos_central/3rdparty.png | Bin 0 -> 68117 bytes sophos_central/README.md | 293 ++++++++++++++++++++++++++++++++ sophos_central/main.py | 146 ++++++++++++++++ sophos_central/requirements.txt | 19 +++ 5 files changed, 510 insertions(+) create mode 100644 sophos_central/.env.yml create mode 100644 sophos_central/3rdparty.png create mode 100644 sophos_central/README.md create mode 100644 sophos_central/main.py create mode 100644 sophos_central/requirements.txt diff --git a/sophos_central/.env.yml b/sophos_central/.env.yml new file mode 100644 index 0000000..bd35759 --- /dev/null +++ b/sophos_central/.env.yml @@ -0,0 +1,52 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# Chronicle Customer ID to be used for pushing the logs to the Chronicle. +CHRONICLE_CUSTOMER_ID: + +# Region where the Chronicle instance is located. +CHRONICLE_REGION: + +# Path of the Google Secret Manager with the version, where the Service Account is stored. +# projects/{project_id}/secrets/{secret_id}/versions/{version_id} +CHRONICLE_SERVICE_ACCOUNT: + +# The namespace that the Chronicle logs are labeled with. +#CHRONICLE_NAMESPACE: + +# Time interval in minutes to fetch the data. +# For Example, If the poll interval is 10, then it'll fetch logs after every 10 minutes. +POLL_INTERVAL: "10" + +# Auth URL for Sophos platform. +SOPHOS_AUTH_URL: https://id.sophos.com/api/v2/oauth2/token + +# Sophos Client ID +# projects/{project_id}/secrets/{secret_id}/versions/{version_id} +SOPHOS_CLIENT_ID: + +# Sophos Client secret +# projects/{project_id}/secrets/{secret_id}/versions/{version_id} +SOPHOS_CLIENT_SECRET: + +# Sophos Tenant ID +# projects/{project_id}/secrets/{secret_id}/versions/{version_id} +SOPHOS_TENANT_ID: + +# Sophos Event URL +SOPHOS_EVENTS_URL: https://api-us01.central.sophos.com/siem/v1/events + +# Sophos Alert URL +SOPHOS_ALERTS_URL: https://api-us01.central.sophos.com/siem/v1/alerts diff --git a/sophos_central/3rdparty.png b/sophos_central/3rdparty.png new file mode 100644 index 0000000000000000000000000000000000000000..f197a0dc04903f2252e70af2017b5e6c82908d27 GIT binary patch literal 68117 zcmeFZWmr^g7e7i%h=ibm5`xmDbR$SfcMd7t(#?p7f`}5*-7pN@Foe?5T{9@%IUqxw z4ZiRDJbFHzPv>0M`G1&U1NW?b->cVetv&Bmm1PO>De=+J&jY&Xy~CfXjoTEfEOk30zR6Kj)n>R zM8Eo5I>vwhi;a19dq&gj_>sx?>LR~*Li1o^Y;2KU>q~3nR9hK?(l!lv~A`r zJ(wSaPnUV?JC{Lob1Jun#)uXOG^Zu10YYwBrDoKxj~2L!<>loErfK92PucUe6QE-e zOQ8Mp27ZbAGD=O!_B|Q~E^W|1ZxYHuT=4_wfBo?_7H;tE(Me76e+XP%T`m3Rqt{mw z|6g62UM=#PW_FIxQn$X*f9n6n4qA+r?HSdhZHu?9D#e?dt1PGKoA3TUTLOmcrmoI% zs%XO#CZTuKr*!{f9I#e10nOAomiJz}^uHJl@Clbr;@*Sjk^UtA763X{p<)nMZ4c## zpMR0TBB8x`E3*^!hg{Gwv=}7r8Cnp^xco)tH7+sEjUjX6zvRnuoAxHO94D*xFEY;n zQ3kJ;asDOYSUh4J9lc;R!@tPTV!Ua6b~t(WPr;}6091+~txOz$ks(HJo2T{J4F8jJ zsulnht#K2wzsS(O0~kgudh{2+@}B}!SnRmM{vt#CJcvu+{|Vbw@4vMAO+5b&xVXA& z^K>XNQ4#f?U+A(9=Ib2hKSQBJ4fG$+lryBwPkqr$ z&3$|5dCR5|dGayTc;j%gY*RgFq@a$bc+Ro+Lt)*os(w#>pQ1GvHu0n$j>xp{v6h|1 zwjGgjN#Ba8rWmz7PG-x7yE%l?T^tmScT(+34#8bCSIkWJ!3J1Zv&AF`uy9^s-ZzxD zKT*>_XC&!YjOa$iR7_hj4Ps>3?$YEv*+T3ws^eJ%P1>;WCg;w~AUsy+xI>ARf6?q$ zc?EkGmoLx6X1!9xYttRB+D3JMH~Zyb6(XnAQ^c=LLBf=|g23itxOUu{uwy2nGFu8lq$u@$aYf79CP(2Wjk^j(<*BCzoZ zlukQy?iE9M5;#WZH(Fdfux%6dxTpc<>bsFn#lItww>ib-*>J&CE1X0SgqR^yj`V?- zd0i_C@qIvTCV3u{KLa+pj}1HMmT7OXGblGk9pox)HGx|r6nsznHVeq_4Wt^5=*C@i zu0vNIoPRR-D7Q0Z*nsRhRIqDE)1N9Z(mPc!I6k-DdWSm9D)EG&9FN6j#-S&r4TH6I z$hm?@&zI(?gfY+njF&45rWl!`=Q%h!UERN_7dTz%Xzo-NxN~ozFrZm4+SVgc_h6ni zrKEX6{JU>nu`QV{3!jF_NjF7R*t-jqB(!Ipa?U>~5yUWFS!so24-(C+_DFaFvn+`m zt@OyI_RSi3p{f%daMZ^^F!-`+W1P3a9+cHT7&q=gPDx}~S)Qr!aLKz>DM@kbvNl^K zV+SGm>+8mdFYkoNfn^-(NLmQW-1IV5VTN4&>D1kxS^Jba_r6YsiA73(tvr~#3k<&X zo=@DmxA3M<0-d}O!Z=?pS|-QIw~XHDLyf-aQ8wk$*|hImWD}gX@QJ9u-*T(YX|vg` z#7L(M&4+14eRB%<8STW+;Tfx$#6-9Cpe@%4?h@!uz(SLw|GmwK9Arr0T3*X^%H1nB zA#nycjfIKaQCvW+R>@Uk@^=?!0`2<3@i!$X+0LW0-ZJ0fVO2>^@j3mv9qwoYLQJH2 zEQ=AQCFofZI%vD0nuKS*z^3k#`}@SzS1j|y7c=@pE(&5nGx5sI8@pb-Rsr3R!)fcO964cyN_B|BxNVrMC@e8=%Si((CRHOhn8JEx4&<1jQNKunv6dqNndXoBBl$g8o2dOEd4sR2@_EP7cSoI0y5q znquZC*xX=e_vUFy!^DO`e8pYI(R`bxQKL8-Va2kdZY`x|)cH2EId^0u+)NB7WRUE; zv8Yq+wiCZFOM=+275gmD<*y%>5tMQSwj(=;soeW@NTtq31QPyvTdgk>n=j$u{*_Cj z4Zx_r{P|Ny(Dn`BzaQyJJnSs3uSESMv+?3eZZ^((eW#rT(UgVUsHtXwsK@MorGJ|M z8m%gV>4h-GiPq{pERxaYAI}Z+`o-m%w>SC2roH9GNod}56>>m9*pmNv?)9cXHj11a zll6i6&ouZF$fGklen#}{&21-{6R#TV)CTu`-% zorqPU(~e zd;$D|mwm3;|7FDkp8Hcr2A2Jk4Tx5$Zeds6BD#Sz@xi0^`+R+Y5D@5iyszenw4S3V z&(q&d+xHxCgTL2XQbQk{FYi5sPKa_Vpg+DJ=x`n>tj}L*L5^vV;FVq=5(c(#zfel5 z%xZD+hDmXUt!dD-`2?Gf#Aspx61qpb`<}Uu z`)o$kT(<9RmPg?Tq}Nh!uUloiuRZjJqj3?_&*b}jHs!`mS~2-X+7X|}H)Scw{W{=v zs=JKGl?7=^1YxLZ+n)U9<6nA6%A7MN-_asQjo|!}tu$#x!L80@!NrfC>lQ2S0jM1uYN8!Y{-a^Zfq_5YnR`HWDlILF^y9aUvA_EIXKRCc!lp*~9Ul+2^^58i6rI`C z99ib5&Zf4ookAd_cA4cnG~)v1k`XBGfs~}Cy{TJB$t1zB7Nlc;#3quWfly?)V~zxup#+vyO&SHGH;64EyBBD&X4B0Ne3 zlTuL}i3UkI>@ZnG*9Ca8ob5j$sT9grx(WHl(ugBnbYrsTIYFRLt~g9N*nEfxW#;xd>yACwBb=N)?y$0mHRK;R@^UR=@J6+z zB4<8)PZnq}at*dQVlMMtNRld^{hKkwSvfaik`c!y&TCC?kXM(>8&b>cPl&H^`qZci+ z>KnT8r7}rvTw95N-AiX=Q!BqEWdEh;btt%rh2!T*9gI@NzRox4cYjVBy4mi~kI};E zOYDat--C;b6G?h5)SWYH@bwQHIHI@LBP(7Ne22&-LgacAr*xaQo~Xn91_<+-yNtGIC^}FKB2jWom1bw&d4}v0Qq};d+GEkGqM7nvd*cBe8dE6R8NuC+Q9N9$wWI znhilEm(qnzQ88EfqFj2AkOKLGk2IfCg*Y^1Mnt<7`A3v%mATtN zc||5+V{FGaRQer6?G({0`D`bv9m!L5l_ab+Fgdjx~` zA1rj_*y7TDazpR4w#fAv{%UDtG=W5+9NR$#k>6KM`9S`n<;~t+2mC}paxfumyl%bq zom!|#`E%({8E!A64v`b=XYCKhEwz#h2_@T{&{kU?t9I^X`Nn47R~0^b?rEiT4((it zfxS0#Jlro&&XY=#`3-A4x2yYb=R%5pxdO>KWhi8?#(S*_IhgIp6p#0KP7!?oYqlz2+V$;PQrn0-pJ#*ka2o)**mR{Ddi@Ckt+`)aAD& zPtOyj$L(Zuk!O6?v{j&W&M(KBFwjH&w0L{Aja%a_I1{6ti6?pqUJFSW zb|sgBroU2pg?Qh`Y&VR*Q2OS;=Y4t9f0jFv$Wxc-jj;+$g^-10JFt>n*WP2|;g zuywqp^U$5YO2!emWF? z6EHb7EVUIS)7jvCFs;jEe^1!2g8HP$JG)Bet94Ze379J0l|Pm-QB-SmKP- zv$bZ#xUhV=BnkWF{I21$)3X{u zF&Pvf`v3!3vaVwyr_o9S8AUZaS>rkgj~Hu_QQt@C=HVX2dHlZJPpHBLJeOLz2?)48 z3HG8-&+9Q(?t(J6>r#Wu_yJ#mnOlSbzZsPF>(7P*j;fyYPM{uSv-Z+Ig$;U5Fw z^_Ea7t^KVUh}!)nCEF!Nl^q^R73jlpr+`mmd1@;4!|B^uP}?%&4`h-_JS^OeVmZS3 zTkreI4%f!~*GizCQ!h!$3UfWxroyg}6kLFH84TA)$GZyuytx*>$!w-3SCKe>570eJiok)&q(Xup)kdc5W za-}ReMPqz2rRBWxdIa*EuOyfGO-WYLvv&OUrYx7pS9f|0A0Kn~PtjYgFtpe7Xe0dN z2cmGKHx9CRy-gh+R!Sm4>1z&CR6BbZ_KdOA{{v7bkERUVPGSg2B zYfxqv>ZKg!n@aOi4*D)soM2kBx_j*xv!E;OK!%X_`7DrxuX&%$P;nCandoSZy=%LM z!!!%7ur$60?J@u@x`*k^;XEx`o|fyf{yyt==iQwOEn0vOLaJ&2TcDR0w8$R|y zbIZ-OoZ6qwl{-y4yGOf{%ja9!i&XwQ^{YmYeq(kmr1Nl-@YmPb3OIvg@LO-<4;$-` zDWh2|Z`n=*<{$FUEb__Ee2NRhxE9MJ+4N&P!tMet-oLOdxpLrKQ3h%C^nYN7?*X(< z*)Uqe^g12-?;CA5fSbuX`mcYyV(GZQU1^9D(h)O9ZP5ASYPp_%Tg z)}VFD{=p97d(QzjJ^Qw-`WGQ7c8Pl;qwFnvfAAU|3r8)8%Zs>7kn9g;2eqgILLhP{ zaQ6Fi$KYpVv^S}r+usWLLz1*yqkx2^<}e;yV}k!|$%Gg{2mc>!A3QzZxo+*Gk~h+N z@bJc;cSpzC#Gq)hwcWIP%^6CJ&3QxcAEx}i`oyS;82nVj@XG*4`Ud}_zi5C9 z0azNEn46jY7l&Gbod(~J!u*pF5@P@?t)rx&ruyer!1KU?TM4hB#ec!!>9$vZa&7?= z(_dtq0kO=#UHqT!|K6%9FF-|WM3ao{4?UHjtp%*hS?bllC|~h3pAw)_Xv2bk?M?ro zMQjKdQtiXPIiVQ=P#NPP$NtN9aXA1SfA-UZf2`>Gs!#^N@of{sUjL2b-vw}dN4Z;n z@k@&y!0~yNq@VqzQLh2b`9Ey`KWzU$+W!B0Cu8`<)Jj3Gq3rgb&aj1;VD#4BUeVHS z3j5jww4dB#33(#zm>NgL&p*Z^sx=eS{QmeaZ$olh&Z=T6NZQuUfiPYw+Y_LyQkn9}E5&;eP-m zrkC?gzxS^^oT`p1iw}R}-Q`T-y!rZ%$g6qfv=L)F!JkpbyH%s7EvCjc@>j6;zoMe5 z9uPLf5Iud?Iny<*RyA!*j6bO9tu~YIyP~MO{|O`5N(2`}02qk^U3luAo_(C$?2bUxE0p z(^|*g5|2V}@6u+w*uVD(5YE6KeVb^I%w3e=;jvX&LH;yOr~9y8dTOYmcP6gsH}~GX z3CgWsJ<-;=EGQ6}a&h%lXb*J$Y)y?1zB=-}4iE=p_xT02`>Fv6-Nm#rKq&KnP_kG* zr%ZCAyeo=48}@j}`xa=nc>SQw~3O8TndT!|fQhH*2DgJHC$ z$$YQ7z~1V(UUr5?pwNlx@^^3~wnN8mVdYTZ6dI+#T+#7eLe_s}^1tl#52#CS7T)lbv;CN7NYKi755j?-Siq2Pm~?8O!4Jx!s?t^V~B| z{rZ;tnl)-9>HM`ZUsfZ)3R5AKzqzHEBB8?QO!1^tYsm0Md9&|F2 z59vs6;YHbBe^&Ai5cVlzHh*t3-v~T=-jV@(^|>^+WBzycClPaXM;pj1kMWYs(d`)Q z-$_hpPzTpc8hCNi2p%^3^^4bUy(WGPC|T;bb?V(5nGCkyhq(z3N>~&;!(^>oX85tI z*G+OoAl(mGm<;mhSzEe|nsq(2Ps5Xcd#%td#JHMI)r&QQM6nbfkY25&y@esdUz5ex@{0e&cLBkG*#&((-hFoV*al&`u2B6pr6(j^AEtP@E%`MPpkp=P zvb8laucbqQ@tthTdL>nEa$uLMGqsvL5%)Qfso4v~`*^>dFbO%61?1Hh2cqBJ-K5^b ztI#sOK>2vO*^|AQE>kN@7lxe*B6sW8M1)c{zTsxfyRl>P01ucrc@e}lSzJekH_*h| zw5nR;&_2;5yq39C)foXwJKcFXjb*H&$&y;IL$<-68`m7Yu}C8YP_ai8{ybwk>P{=1*!-- zwT94{wzr6jLVfPPiJ}jZumI`>f?w-mrlLz-otTesHW4B_OSzX-Kj%6$WnaX#TaK6* z-QhG&(i^&sxiQGnf>N^K2*1HY>_nU&6!ab(TXwQ>|GT)i#{Kq|{MzcRcP?5rM<2p zBwS2EJ}Z3%j@<7eaD7s`mD6j+N?lzH9nB=iOv2RFS&0>*KB4>M1#WD9dQP}Lli#XY zW@bXgQ^FOjck^TH191P!WyLv+o)6J0BW2{^eJsPT{jHm~t2YPpfN2S5O{~n|^yM z?x%(hhddzd<7sK>N8YbZNND-4ZR%zeP}eXIR$n%|g3GqFm~g5eyXf(_>}(C>LeK;_ zho}aSC8}Hy8te|SEHgV5j&OGTJH)tZExb5+ z7y@%QiW}5HNo-%fXRGM-PJPiSwz%`#^}V|)#&8K2sW63|$TSCw26aj#hf3@cVsynB zxWxS845R2RZ^`A0S)H%qd$mlb@*Ca}R?-cYAV!b8H~G?FO|Dk;rv1nMG`~+BN~$vmIrS!<14{6F2Uj_Z#>PGuGe6B@O6VI4QaO zJQe0jgbW|Lv;0uW#t$Vf2qG+Wt97?>Z!Xf|yVAW4KNr1C9#cY$B|NeSuu^qw_?sqk z6IZv3#a_GF#qAuua=(c1@nqeZRYs!1g@nKXgRcfx){l;r$;OqhQTLo8v$32!0$kki znjCep51&=py*Fv3Dc!bWJTX%PK?)ff%{!=U9!$@{2zmjGjB);QM=mh3zm?XzF7{a4 z*z06!C{XQuQ6_PcV3FE$=VaaI6sD;&)ADG_zSoW_{Ib}$4-<1@rMcG~o2W5?NgVrs zQ4;LNw_$h05J^{6RqbORvB!}1#93Fg1s-)|It-tH!86K_)h5Fv+OQihYc~aAFQmei z!z`XSvgq6)U@Zi4gsJZHB?U_FoUWdU|C6h*2OxFF(DEavEUjE+9nJ45LOk! zB6cRpce3t!DY*?J6cmnA@AQnN*jv>Xckf=O(@j!jbgmU`fy!#ulm>if?}Sev>V3u| z?HC{c3P=Q&lTL*PE+6Ut;;i=P{1VNqS}7&aIlTAm==^RyLeEh0CIo6?^gF6Omj?j4 zUVFkwx#2J{c?=5=^0GWPsQQlL*`|0HU+BnO+cK#hKXE9!ZH+pW@crW0AEK$JAZrn`rk^okU(q53W>Cf6#<_DK!St$E}HN(koo2a^-RMsgB zkbtI*b-rjP7eMtRU3$ZOdp`yo;1~KGF3fR5ml0SXMvgQ4L!tYpK0f!_!9O=Q|Vjc`DEe6h$AB+vkqqh=2~ufCcM}@%WC` z7E~DZUAy5fOZ-8)s9kP$Ie%U~UylBlncIF2>+MH1(B4_1&7QX3U9VLDKnfkab98Ug zT$v4tU~wiqws^|sri#577F`^yzjU+a=HgpGx!;Q5@LgQc|9DfQ6H@5(TJij-3t``c z95Rdw|9F3ca%6ccpqHM#Mr@i!vtik3;Aqu9@neF9GjaLGwzsTXqk~+IhYN(Q_BC29 zE#dv&hW!Y@dGzhPJijLjyGsejv(ro0)pt(b1XmYtgDRIldN`U9V&J}^{nRI8g=0zg zgP5`s!bWCv;r9a-<)P)X^GU02sl6p&pZ`gP?4wP_=%^8%ff0^b9K&*hD35qSK~dLN zwiC;SDOC`}0JMh#l;C^6B9wfk@Eb6dTKEh|#VfU0Mjso%C9L~2GoseSZyq#(AAFebm1de7wg-kHZ&oa7(ZE z9r*m^{n^L9^FQH=LI$-+{#vU|*I#F1YqwWwlOHLWK-TT-&Ma5L{43O-VVTi>djE_n zQx)4C`>szxP4$O@(!-_v09YND?bRX!y4sBG{EbjEhKXM6zmINKC|m9#V}UK4%S z;jX2j`Mk)j9JLoY0|o))OxK&6vxpthiEmk4ogwK zg=RF!55E?tY+9#6LO2kAY3=*Bx?I&%>Jg;|OZEJl5LsF_aJjjO1{&RuQp(qU#1btA zK{lF={yhkNYrj_~g12Th_-_UVq|JUK#nf4WuMI+aCr$Ks6*bmS0Xp zS--3jl^frWy{qiTIu4f+-!p*Q)yuywF$3QnXiS|}`lsxSI@wjaA z3S-3rDlma}sX98&>3-*15XT>q{%z1_wRZNKJF3}|XkhrKVK)p}K^#6Mi`WtTIU7kV zKl~5(wHmhG_?#alq`t(}#egFE4GhjX55LoI?MpXbK9IYbRQCe%aNpCIx-njSc5cpr zIedSe!i*u53#?XZ(x#0P>kPNC>LLGmd8RSp8|^o1R&h+(Pq2*;ZL>pa))6dB!9su& zjbucFzOD{4BN-!qU{R%p%gmly~6_XN^y&A05) zW>_Cu5|1kaeRDO?oezbRp%6LS&z4x(1uoY{H145rZm=0iy z&MO~#?Jo+1{U8Y@jGNy0AubXO(7lx)vJBWz?W&bdPV%LE?GesKSJ)c@2mC6-mv1E$ zvB)qHr+yqb&~+43kj^8B$wk+k;FgZNf_C;UzJF&VGekk$&)^rE@!_h5l%gB11j`%Uy)P1VG*VQ~D zOEdpzZ>Hl9MTRPCJ*$M%3Ij!KOCEk}TAnA)ib*weW9n#rGa(f1`TZsHtgjkjitf*; zbYyo7TAQ!V^BexD+ZODi&s3uD5qblH(NHZ0*ys>z(-BjFPee=9do`pzF-{AnJNg3D zKQmOl>?S26&No8$4{~oSdVWG4GA(4o>hgxpdwo^Jp!OX}5{X1hD4J<0Q8tFWq0`OO zYAx_6xe+K|YSLSGIou<$l;I(ULaMjr#cS--{uG0ZqOWhb7%~#^ANGsxh={SsTW{!& z5BUYT*Atu@=KXTDHa8hDS`X2#ab}zO_~KzuOFEu2DPF>~`-4|qozA`e$ZmO-@2at# z#UCJ2ChxElBjOE#b`T-%BbE8e z5#1L~!BA4x%VWNrG+*wDU$Kdu#zo%lpxolG(^1W(rW&Xder}@UY`=EyoJ)~| z$ktO*YzUL&sTL|r-E2tiV-P2JL|Js~g%zxCh;d3^qoeIpWQfNXy(falc*1(RKpR#J zJO1e?V@%0QwyRp^;tV!VO3s^J195`C|GMSWYmgeaf^)8Ws_)HVFy>hN5*?jB-8Cgeaz)fXH8^=Alk3j35q$+j zea)1@4O774YNNmNb1kLUIjqRp*Jr~lPdz;hIgP)Xtoh}yHrCv*8DiG5fAQ3F+c2+` z?tvE9H#uF?Vsgy;^%L+uMamSasd({iy>7_8$!tG=e~zVm(~mK*1GbW~WVWTH+uKIo zar-|kw^NeVi2Kc-(2!Sj`yRXR91nCAuk5`gFVLStbsxkFD#1fu+BIU69VV(kwECi8 zePu_(k}<*{mE>sDvZSx6-c{4o4|p`<)a(_5`lB_!_FR75OO0jFnILO#B0e6i@k3qK z8Jm$@c4OGAkKLVDX(v{xCre9lE5)2U#VD^7;c9#32>b8GAg1dLCY>)QH0L!R*XvCi zx3wzszWKa6ew$H9_Ve=3Fl>TDwLLwq_M!#ZkV|8S$NPsWkK}!5 zn92+Y`aW1FrIQ=VsN7f1+0Po+uPL}k3DOv^CCexqcS_|DKGh|kB7zgAhQobMwIm+@Wz!~ch-Q#WR zGA0CZ(M!B{Z!%E&I*d#LrQsH(R3k)r-j2q-?u_cEnTr>e*`rVQhirXgU8JpN8s>k- z|CqA5U9Zy=7tqWOGLEJcrW5vdtFc=j`dU81=vFfO=^~vMR21{IBD%Bodv=b0u?Vlu z7j;KLI^hC|ROk&eivkS%hZq6+XWxo)zPwmFcjGj6o1J|6$}%nc{96w#hK1ktjqem#AD5%R@4*UM5f-Rc zk-2u#Pk=9!*aSGxYi~9&RcdJ7pLs*|u;^Z`b$KSD8tzw zXh;c<#Ph<@OZ_=7y{C`O>NL@d7>gTK6o$O2M)%_nsWYlD=Cf9K);zrhD|EhNVFU!3 z=RR}4N~QAvcRuoHkP--^B(E|Qzf$6YR!woBpS|TDvuVB>r&o2yuq0)3--vZHHXPH6 z#<+2})De%viFgfC5D_Mq(q4=F{DoFUS!kAiT!7mao8KtUUbV)wPI+T|8MlaP0n5cD| zT13&BmOl0D8y8|Cz`X|qBpUrnCN@G4bhUqmDN?}PD7JJu(T`XzCTQli2q`vkdb#X( zwm>U)j2q1qlL5bOuPlnEw8O?=e!n=5JOR8iC{Dso)~Bad(asmQhTV(Gvb4I`se5}* zt)}w{p*DKqs=!T({LGHbeEB=L0wph^*7Aih@UFVUCz$CMrdD@d;7`cVLQnfFGDwE{ zWrdbv-vEV{s-{V(!&8lpF{U84#HT;;G(&?h?4JgMpR*;Ku3WgT~<)$sLIXa zWw=Z$fa(qd8nnb8i6h+rf7#%t)GC5ZSyF3Wy>*a#XIYSi0>z&+ z0A=nPv}X}jlOpmi4h4=k^e4<}JGOq@{zQ*ac6-w9G%=yCPOf&nK19pp{6T~4)_B(3 z0C|}mD+|zE`9Yxh6NABv**#ouSFsCtx+sbn$ei=%2#}CF>+eNfl+(WodUEhQs8>bD z4NiFrdDfB_L}z-=lnwdfXiBb?(!zj~%JZe7X~2Vl0t2@eH(yF1CRDioC1|^_G_^`? zdvA&esGtmj2(l!$bgT_4?NlHiv(dkY2s!mKg_@a6{21&hR7J;c-?Dg+0wR`s-I6_o zX=_7gN*M7mpr$m__&on`{RRUL^O%%?=WGu zC_`Bippw$kgozEfFbYyA8War5WK*?qE9G1kADnHu76vyb-&eQsuFikXWPe5%PGFb)Qd|@EKLSaGVYMrDP zFCOE3G>lfI1stad_SeD@TDMzCt2&+gf!$>E_Ju&Zjr{6CMsSsCXlc2&s?QW2Hj$}x zo6mX*g|#MAK^ofR1E}gP==pF6X$3VpRv3P~oIvb4N8+p9+r*eeFhSYpv|x@-FgoG$KX(;w5t1TSct#NvJmjO7n)!G=cZYFj)^I&s$hXpOlKrsXtWBZ3*)P zwCkr~;XSW&85FqJUe@F4`8t3McoFyc&tZ1zSwyqo>1K~(-vfhup>@_wMk)T@fCMcb1~3z4{b6)`IuVO`M~G$A?`+JdTi$%+ z>w1&WOCCQVFQVdO32Tk%u??i*h+zRxh@R7=9kE1tZUINN= zv++0vT1Njm_2}IC6AmB*h4jr80h#K=`iafFPM5vgQ%4ylxG}U>qeI=l>hB$-F(2cc z*098@gUWrjKO^-KQHea`J}c$vj;7}^R5wrYg4{J(amLHT@+5I0n?NjIS+IU`n9v!B ze=e2h{`HybiSw*@@F-x%*9W?8rr{Uvsy`|A3DPN1Nr38{1CGkWUPE7;y3U}rbeN1# zwXe8YNIL_7(Ql}ulZ7RlCRJuW15EkN`z~OHuOE~7N3kdlU&9prkJK3#SEXP05$jq??U~eK=nS+eL&W0rH|7R&-_{2DOAG5GO%Q#6RFIexS=V9OC@-HBuQl3#_ zGRl~2*!gu9EDYv^WtY-w9tR%9)pO`+e~QWV9{P! zISfRs_r_;v(F^T}N-N@@Ujrt@VL@qfwXf7x2dPELB%WS9(s|A0x2izjUeOObv;OXJ z-0{(l5f4svRN|^;GjF;6LNs#5{9RR59K{i&X}?3<0MGDl^5@daSM`=%0H(-=0WY&& zGMi_5kn+z{>#AedF*B`gs8_iw!gbtkT02KNZ#loGHOxlo5hQ=|LcLo1#VIQ43jpUZ z$_Xk6J$O$d_faB4u6FoIDGBv-7Gqv)0rT&c1MW8!z>!!dC2o(W*Jb-Gn6k3mN;NgQ zWg5%PX#l7D7Z_gap zh{55;;fn><$!4N6Vf|+vt!gGP3Gw*#=LZ01oN?og^!f-ytDgeN+ART-_CacY2{o_( zDU@cggiul+4x5#Mon6a=Nvi*{6De%{#^c5N2vY1AVBfoH;`}x!cW%7 zofzO5w*c|puHN=2)LhL zwX(!tWl&Ef_A9-psMjHULTGDjYHBUE%^}Itrm3cWsZ$6mienepC#!KOnlawA?g7z}e_LqQvjNVSw0I?ijZv z@!D&@OJmgd>%)jj4ZdGHxsLs8WkGeWJA#k>aOQ1KYI=AH6ru z?>=>sh0_H|e865M^st$&uCC@D5ZZ`qK3n=$T$3u`@^i~`w#;QgCe97419EP~Zod3V z<1y*d*_XtRaNTJFAJAh0fbFySVFk|fpMon)SyZ0W@_V~s+@Md~( zNz>7^_~pp}CXtA0Z$0%G>|nWXWIHVX5;f5bt8h%I5U$C|S%RN#`_6-JBr>X0uK)yg z5Z)6YJ9vQaE7t=nv2z;-b>a(vaTe#kJ5*jR=rayADe`CQMI~_0%X1nVN3qrPU|T!i z88r&n;m`1qT%`)2yEATZB@d^%r7!vwiwRaw*A5*Uwk#dSUUSoc5;rzX-8Gs|mXoZ~ z{HsNu^x}RqnosrJK1oBIZ^L|dwEPNtsKuR91Bw`13u`Z0cIr>Jb+jRa#;c!YAE+4{ zHy2bPzZf_^VUFGG7v32)PJlfdDL+sd?vW+X$Wsh`2ba5dy7#i}Iw@tFVkv z7ND2;pxfwGc5!x`BJAmkTTNfHN=O0^N@>Er8-4dY{%r ztH9Pc1IvhZ)v`7M(>POH`+vwj$cT(U?uBdqU{=h=BHN=rF1hp>i`7YtRy3O8xsc}c zfA6uH5vsp}wbHY_y}gnac=02YhFZ+*4Mn60%|h--ILAY`z4S;6cvVDaf!2Z}5Byov z$c@eB%lIeenx%~!#4CCe*$KS9M^fQ;5{l?kl&fCNelZwFf=CkDHeM*k$y4&1j!k5J z(xwC&?m*rL#P`bmb0U#+JA&Jo!u%y(OR-szg3BRyjSZ__EvcoUV)`pyWL=U&8@7d_ zyTUFDEeA!^&9x zfM>s_s3i5goikvi0kPF@8F+k(*yzBoSZEI1Fc3!#MY@Fz^6PDFZPEDs%21}HXd1TJ z${hI^wdVKgd!BePF$fQa8Y{6KglOAtzW;*chk0yGTg7pR{`w>p^Ih-W`19uy2)ze> zyR9fAEve9C_8g)h7>Y0=j%VxwNJS>1Tt_cYHs#o@P4Hwf`m)kF!#}#S012rW0DN~%n%_@6&_Fzq zH{AW*0i-B7R%Rj1oiJB9WFTPMm9zP*T+c?id0iyl^K5SicIw#M5#cQgrw*yS8*c%8 zUq=&=7Mv(S9BERd#nX+pg;!6s3Z(s5O;;>toNi<0h|ojYwI1Ze^5%%C&>H3egJ<2R0#8k=j0u+_9h?g5d5 zV490TcjMC+A)N%v0~7JLQe=2)7p%lj6JGCLxj+@bF}Q0WOhc)CCP1E4foFTuE<;j8 z33F*aC>#F-WGLd&$cadNv(y!K_}Fg#P}=x>ol*QmzF3FxLs&+*c?Cgp7Q=3+_}P!2 zI{`XW&FksDfYlx$0s}Q9s}f-WW8HyEJ+bSsaQ!l76)fyS(AftHZpBtI(xj4hUasd> zB-r7{fmRI-TTWG*-#Z@-lDitc0Fqi_^awn^i@Ftj zt)nto8Z8MkAqgIn=g})m5v7A4L85`y0T++lmE-GrIhGkO-}&c}6i=9lyB25 z`&+-gPyRIwd~m$wTY^qo-@?1&)>p_uvLR*#YD`255fmHLK%Iy#BEAHfk@HT`KSS^c2B@A-2HvX zTlMiol#8Kx^czCo79bmqLQg|S`Ya+v_TO#P_`*XfU-V)CUz71H2tI$NJ)Tnx<=kmH zhD+TNd=zLf;2Tm^KQUpiu3CS7G-D^2(jEV~TYucY4OP5NIhUH}BBnpCu;8~DoYwc^ zeEbt%N+&s;J^FD*Q=5&#iJQ9b#`yTnc>-R>xJ6Ybw zn!;bdNWV|>{RQ?wy=0Z+3AgdUQqGFQD3+sctt$U{;^l{r0{dN@fhWC`J&ulN7spNk z8kbtq#Vs+6Js2nsMUC+dk#vn{4xB@ugW?)Z6Yh~(W#;AP041f&86S`i%ii4qG2iC% zwgaC>^*z-?3ww^ zZ%*CyYX4{|abIt4th}Ia$o4s#!ZjxfomvJfE=ES-lhUkhcH3FXhkZ65Z(Rx`D^f)j zV|vtHuHyEl%b(_ild{4`%kf@rm#Y=`5V$yBmRVw|JGLX`D-{miGU7(&7QAtZU5y^3 zB%X;ZaDlcP4iQU9*xqb~wW}@2*BSki91xv!zDzz(3n}*SdmDCB>b%k!_PUj--MG(( zYkK7Y?62Z|F4=tQb{Xq3D#PuPkN7mTv~#(HJT~GdKV{G#Q*12cMtUBxEXHfDVeuSE zI_T#-+B_Rfa(r)P$L`0vKd_z2=i!!~y+%P*H%8!wd$8^-yY399gk0+>y}fzEvzBQ4 zhB;ev^ZV$$5$i=5b`YdOu4iYwR0^Avt$!?z;2WJ(dB4q%&#fVeKdtVmTqUcuF_mPEK(koTbA`E z$at9r8(c+Q!_z*FV{t~C$P4d~c~!btGNTuDEJn?F>T(@Bk-6|a+Tbs4yFMtLJ(xYM zZr-W7+`S-LkJSt5veP~})<`HUI-dxgh)mRiBNOFstoNur5T5aF?&*!YI8wk)O#Wti z^ZGK zw7R?730L-QgG*>st>&}pSFQ)2s5_^xPlp|JsH+SECyn~?`)+i1K1Qr()yqrsC{jFi zvpF3tb|rVHNq$G|H~m^>b*xOaea|1xco)WP>)GTfCBzA$mTey^8WrKEoM#Y8VnubE z)P1zYCW&?jsa;ZU`m_xNYM0meJZ^lj-$0~qJ#Zsv-s+9ZOWG3m>8^YD;>d)+c|r&G zDlws|eDA}@obR{StL&TBV=X30d>%&$a}xm#GKEhv#f_y!PPb6U%ZrAlhK=cMlPi=q zVGM%NSCoabl<4BHrm3B7U-&(<6lP!UjFpLFl^3a3rjf z6`MADxGuVK%=o!h;AS(@I3r)%c+7`xK6;{1jcv|+MCvpc=*iCnRDx!d;ZZ8rLWGU{ zMdvD)WuE*@&@Aa?H|TySM7wHkCnFo7-(Ho*L5UYIdpf^48mhk$Th08cE|r$;a>ODL zyk*i6H(StkIjl79SNHr-TJ_n$IzqibIxNCUuQPC(@;&?EpV_TDnXGP@DY4o;E#Aec z(vmffbj$ROa=ST789!R?CGYdN**0=U?W}G(p?wNl9@aB$qobF3z+0)-m59(^Uc@Xl zi<@-u#w|*jG_tck%;|g|3xxHr__GTdG`;497H75T1=lbOqtq5kHOJJ;Q(>c*3%{x- zd1&ZqTMV&Qn7!F74dn5_Y~d6MVTKu_D-tO!d)@c>TQ?+R7si)M-lr(7IEtGCV<$li z7ZhSR>>_*iD%h6xD{L6OEiT%4?%|lVp+&%6dd$~WMSBtcn>eTb%KL0lBHYs z+0?BHyQVCguTPH#xCX>x95lNn=G{#DB+Nb3JDmy!M`OxP=rXQr0HDSH3hdgYZ)GFD za~^O~+Cv#)F`BQtfCF*aiD$Llbh$fs-tU0S`F(!yH3cb1#%NoE|AHM)NdL{q8Kp{f z>ggL<8C7)^2ZkE%7=b}ZsTo@0Khi(?qYW3I7ie!u*m%N?2^b#*Ew3H=w{@&b(Yl2+w+X7ity0Pk7HdOIQZ z!Czd?V~|NYQ!n|8AcX1y1~|dah~cD^*^7Is&z+PdQ1KvkG|Vxs4$+p0PWM<5wrNWA^>IK28+w%H1U@v zpwfeZI#yCt{*^b~2jub7WgXJL*7kn`|DVMFzgCqTLN9WOXh)1Om;BEme{dkwJ6_f4 zsm>kO0=3CgVA^f1pXaRM=y(ayVQnDAs>+n)N-y%a!UFot8@2=_|G}|uxD2rNcfA)P zo}}`R=N%TPmREta?fH95+p`%5P}(Yat$&)3+(8j!fak;^+b3lJ4#QQ*+37(5R&Tv#py43K2{ugybvFdM= zXbOIB&o*ETkR>8OP3}Ff24 z8}{cTyp{o=Mp3_{<1v$=D;agk*z&-w(6L6% zOrZAHiRNXBnp5a2ASVn=5}0p1u5(ueIig>P6SF+ePb=l``wsvl_6Gohd!AZOK6?1t zSz}Zjosu6x^AY@&u{3iy zVulIG4a}I#g4Tgd!iFCVz|7qjz$5$lZm;J+&j|IckwLkOEatko82vLA$AvQ6y+z-J z`Jg{-Arzzm%a{QGXRlnsnL+O~Vd9KODn31*hT>HM|G+%_5kQcUBi}|ay;R`5hfvJL zyb}_lXc2x1`W`?~fps?@e#vl0digSgf`6Ki?&PZ>eE1Wb2f6?!1(b_LoC%aMzeg~4 zth?eY<$jRuRP}-R5B%h%54S%(uV2Aj`GOb=a^sRuv({N35Fu-Oy8y8Ib8?`{TwF3- zQC(AZ;?B)_WDem$P!(5NZkCl4iNi^&$V@X;OI3ex(r@GuX5m!nXcBe1KKUs!9P-Z- zx}hIoXsjTK9-xT^@jK6ad~7FWw0T-nV40H7tiBtbhZog7lD#Ej)VZzHJckq)0E<1T zTrP~=*KCYM_Gfi-V8F3sYE0e@jwAFzf`;VcUhiw>ho`m@5k*rwB9>dQMe;Y?+$O~E zd%xF31?cVPGSyrRQ1!FV__)rc?|Q~+HaFgAYRsP7X?C^#Y|s5HK+`|I^SC6SR4`58 zkBnCUu_GqE6VRAZrMyCnnkLVuZ!MemN_Hy)IHb}Tj2INGy{==!-!zsg>akokEpC}jX^J$*4k07{+o zH_fUp+2z}}vqp1^s#M0KyZ?BJ-@%ffJ{1Bb9FN4kbdU5ndzARrnooMk%A0IAKJ`P< znThkgmv~a}$1?a=0sXF+@*4td8#Lo&<%kzE+Y&?R_AK>p8p~2$u7{iK=?^HI4$08| zjHUx<9_bh{1}p>=B*Mt<;ZASIJ4v>9-a6aK6|ZtK080JR`0sEdo!QhQcl|y^GflJI zN>@p5b;$r(YWiSA`6?gm&=b)Hz_r;L!-?F|7{64_<&G&dPx-nX@ovBzA*y@e>yC*l zVgC=d**{|Aj{=LOY|<`k4i!Njmh{^B+vnhV)+s_Q<{fjv;l|z45Q-aR>nES$s(FVN z2`s366M1VjzZMK=Gtm#I6Va;lrk|M%Rq3rRyVp0pkM6UhU+aEKzg*ibjXCy9*mwTS z(qz%d1FstR5v-v5h4Fykn{U5nb=*wAT)t4^S6E$}Q)4`^zdottT)uzgvjxhEA|*{; zhwr3Q2^A8O~W{A zv$o4ur5u-t-LHB!huEv7vlG|sI3_Hz#bfktQ2CoH*;i(IHs+)ckEL|{aUF&-8g@=UY+uJ+R5xB*0;caX`nO&jL;oT z5!ech!5U+`39KeT6%^qinRB7)V1FfibyL2Q>zem=8hZ~<;X-%nvDN54Sfm{n{OLDj zjhV_m5#19>frFo$w%WZk3IW5#c)i$qbJ|fL;#Rq%l2nU=p zn`k)}-GR!2RL*oV>dMw(?%Mg>^jyhB7~)k*H~+f*18qy{dfCPVpoaSj@E_!@4X#J@ zWK5egme@P&d>M7_gWS3B)EXDT;(RwNS8kVN+7nkuIFdnRREW*jyg@EPS)|V;S#|LnLt6%T!MGu|O=~jF1Zav@; z-B?&-FLY@hZW`F{?EM~I3F?=2bY*&(e(eiXJs{1`H8#1pkfoR}w{hFn*H@h;?_+-+ zGuHmp8Jss`FVOgS!7JYhnE!t^Hkqua#7DBKXLiDX!=7#g8{l1OC3f91`ZQ}$8Djst zY|wS?EL#Sso%o^psAc!Cg-PB;0KPS1GQSpCqUPZWI&z-0HqTp?P%ZHmiKG^&7INTMEamKwGCs%^>)btb8OqO4d#sNn23kx*#U8Nwj zBtrq78#}kfp=hzXzCrXq4LL|=nw1Lqn9_EMiY=>V%YNA~IAU$^7Ih4;TKp#n$2=F5 zQ`Il86+goKGF|r|N$%q0FRA*!r~Pv}2H>5P)yM{aPNN@I15VZR`PYA@*`cU?aFigI zThM6F9FMmRD)XBzbAx-7PUkxC#FIf~>Cc7`K$X0KPEll}Ce^;cf+r_Ypwz9qX9ulxQZS^_uXfE#na*P|hQ8tB9(V6So%&iHedQ9gNj)t0Yk0`x6$_R4=cTD#Qts8h{(+Ws08DVQoA*$5o+pEWu~Z>LyP4lST~p z;x2)3DD?sYIFq=Lm%H54mBc+tmGwnuwXaW4gMB`3rMv7xWj&n8ChPh=YP61Bt`;bNxb}3`$)X1z!9tgld_8fKiKQVU5uK_4j}OJPdLQz&T^! z*7aAp4zV0~c(^I@gWu&n|7gdLb|u{x5&zl$&67Xl?&ulC$M`G0O)UeDi8>*7_eS5;lXd$<%cWSq5(qe8K25OivQ!UQV{Nj z7?jIV{pZLa96*TefIaqih%E=!C%R8O^DpsDgCl81L*>V(0sd?~R0#;eSd1RSOgT_t z-P97adZCclRqHX}ytX-V+;wtcGs$4B*lO;!&Bc%nvFA$Y*1`*FfqxD=f;Oz*up9#V zo0|Il)t24Ah7D?3Ht}$o;=)82{SuSP2mgc#KSxIV3`qQ|34-{4wxS_^X#-^W{-N!? z|D3Pa9RpS*o0jrNg!0P(0;BN>%&>^f5&vk9cJ zU;iVaAKfB4@cbA5c;-K(;C)9C$a>=R*UvBRTK6p?y*T(wzW)>Z{}E#Mx*eExx+g5V z;^FF0MUmi*Au2%snD~9FZf4FziSAyb!yfm5{9Z%3%NW<*w$Yvj4II|?14_l`&U>h$ zGnzLklN3iphLL?wpy2kWmiGG+##h1jOwRlF&fI0-;2=ndp}hH@QV=uMM9G99{`$oe z6%|r||DVfh5uRV>qcf;1;D6lw?@Ryt&mRK(pM?IWL;u?=Kh4GeE1OV8#$dcZpI=;S zc(~lPv63R?M%m&qJRlzOFZ<)&@&w)5Qr9h)4$Aw^`1Fx_!ZbM_E^=|5LtAZ8XXr)@iRoFS2}QbY*F z24e8w*3-nnlLo0vIN@}fxTL=&+k>i-C$BDq3CMn-}c(kbKG9_LNEXL@%NOE z;QSFS3EBS{z=Q%MjyGL)2dT6CxwzZE9?infuWx-{n@s&qSxVyIwNZpXRLxrTVm8Ya?8og7A%EZ3!uEn+f1iy-l}Q1- zrAiPI>uVrY?0~&v(rdBbH+iBOvqHUqsgBPL^SXPjAbJb2`B)>CVuRr0@Ib78J#Ceo zn91?zFlx-_P87lD45vuK_Y=r%(lImt)95q9eQ9d#^L(P{-Eu0~(hs=rhEvH-m4lU1 z@hm1_A+a?bbr32k`t&7;<3!0KyUZmdIDd;lJMiHI{v}Kx;_TuuCBXwPC7G6`laD^? z*9-=p0^0KM#GdVGgIQINPkxNzZW>;FV%oM}v~AwcCNe*76Ib- zWBK9qg@AOGVl%@2tvf#lZcYS5U`2F9sZ8>Fq5nDi?ru;;L&ZtNd_qO`U#?BTLWH+Y zedg{~{B!?r+43ua#~S&FJ@_w2W6SAtusElTp|3H2-~UI9VVK~tsyYz@|K(bV8!9SJ zgIjORlF)uar_uT3W8b)@hZ~4M*snHZ`Yib_-&fk% z$?%+vq&|Nq&9m~s*HlqKq2a3gY4g=#4`4Akzu9Y2Z+3Tcn9Q`AYl4P`Mp9%vWZ$Yx zoyDe6xkp()V|g6Q$>?$8T2!5rW1P}>*8i$3*NDjZ`@$W8WaKkZzL>e`iDAs`jUSPw z+sSBp=(D^Eje0}&p`iEv1K~uj44@`y_x<$rblK2QTS_eMD^r5V&GkEx%5vdH|iPq1e#VA@(%QMA$UA2FXQyI+qgOK1Cs(+X=m z`{wUC?S!`wcK`R@AWmul+=(|UipnGifq{VuwD0a_7)aMNG4%bemj3H!qEH+j&@^Kd z1#MH%7n#-9>-)Lm2qp6E>!o1qYz-e-b680lt*W4W%}UcztmsyC=o3Jf*#G`eMx}1G zQ>DgwLCdQ4)7}4jBy*H%4zpOLR%IY2^SWJhh(-2uUYaw9eUgaYcX=x>%tjy8i%Cuk zrS|^Lt9(qg^J`m8Aj8ksfA1|Hn6(|?dDO(Va`@!xIC7{ZM#FxR3do{V@3S>WP+HX5 z(oOwd6BVshR-MDF9X73AdEI&&g3IxGsdHcaM)S?HofxeU-i!6VktMco+qBiwuL1jK zcVYAiDF{ya&DrFN*M@#!Ddt8nq`oghM z)7JfQxc`gC->vjcnATw5wtfo4ii(M0zu0dy?28AB_n~gWeX7Dl5Hei$7XpSnaSm5|E`JBrN29(V`%fE~3cMKBDg1nilVH!J0nLgS=1DJHK_( zY`_gjG-h*6JlGMlS>epDm%q5&p37v-r-S10>DuycdMYYT{RxJfN1t%TiDPSX>)vd% zSy)jGXKd(UF*MlHM!U=oWt|W1osGMgoIqwjKI+H*97}&>aZk+B(6Br$Mt5TldQ8IO z`+}dVt%+Y}Enb{6dIOxEY44K41|oC6=XqWJW<@9aTY4rwgy>=?=Y$ASs7>;cuX`Ge z?3hGh4;Y{c|G7M3%<$G)}svT$}6Z4tsOA>v|zL z{;hyl#e2JmV5@NzdAVEn6uEb`7pP^#xp$Y7-AtX`#7BoI3wE_By#bzcmxZ^`tJKjI z=q}t_4e$uj&ALfhCE_%WH9Iq!qIcuHEKM3ZgO#TM~G{a z;kz}r>`N4Oo3X##aqa~C0K1wOT;8xTU!-kr8sd2ylVG_B{a&^u z(Q*6WGiSrWfCn2($+@{N3&NYYO1IM)Y)=|`z8mj{tNlr4bSW#xXv;xpyR6p4>ChvY zF&bDo`OMYBBgcTeAjn1Jb{t;&m?=S0(=k`l4v!mDTJJU9@+vbrenEBKtG?VF*Ya>v zRE((18hy6C-yU4iZStnGb~vXkj1E+g#=oUlnzXvTR#nj< z49M`|kA~{NO(dtJdh*i=&=w){Tx<(=dRTk~xCp5}fpm2_Vmq$4*Jo>qE_8}ut5?i6 zy3lKsEqe@b+iqmW%-R61V4{t0EmfeZ7y)h^T*5mLm!obGW?PzjN79~>1SQ|mYZ1#R>DcTM!ZM8%-6NG zT5i{@w6XPH64{7V-iLcE2w{^bVMf;Rdww_aXgUxsa2jNLaLZwde~2Pan7p9i6=2gH zQ8IDzGUL@D=UU=$rmYd~^Bh#MKz6E{4=L7d@CE1|9?PNvVmQGHN=hLY%MWL{5OJ8i zd$+SSD_eTr;#oC>YZ~7Y0XkB*>oFLb^E%0(hTTfkgx>;+=E%3^+Y|Z+snj@RJerQJ z&`I@g;#keFSd_&%zvm9%u^#^lVh zr{zexzcNuO<;J7)hBkm88k|xD_M0nhzr0a%c*vZWx(kC3lM^S;{7P!CL%1k!x0weX zId1?KNUOiM)#m;}I|2eixjE8;7t9mN84BM8T%7Zu7wl`H2AtX*qFaWbo%GK^X=G+WvK&%L&L8mX1-x;ZU{HAXJ?rq7 z>2PD&4s?{N9~4V7Wa_3gfNE`rIkz(zzRRHU>YE*_1_$Ca-ZzaTwO>6-`CkWF7mgP? zr+>_P2dHw?NRm)BbB&V&ym*nkSqhS4VFTO6mZn{u7}kzEtQR6H<)#F9O|`wN63ht& z_xutz-@4piG9A_Hd)`Fwj=X0#5*m2t4Wf&Uzk zF_|jnUN%QGzk7(9y-sii6V`(b`H%Nq;sjq%T##}9gG~C<*L_RhcdF-5z3#&zv#>B2 z!7KV8Fruu~@FXA@Nr&DnKYWnN7Q7Pjom&eqV&lwq0G(9yrT1eAR2#d_ButkqwK-9t z3~U#w@S4+aW_Uv_i7Sj6xlBW3A+^$$DXg?Mfd>aQ0By#bIl`2_I@% z-ftyUAZJ^#TDf&yRW-r^Umngzc^aw1<)K%-!?jzJo{JmnWkVu@tsuj-lM{@R>uE%onU))4wN;u5eDMtlpxAR+IeBmuU>Ia|4&KLG~&tRG?gnf6) zwbvAQ9)k}>61EZeY3f2pd`O@3B=#c3WtUT7aw(L@H)(KPVTNR#N3vLWwV3L%c_`)4 zW}H&NVyw|5S9}Z_&a0+Cxgyw2pOCL=>F}fB1{Vw|WnYq%xnDieTnuItfLJmthte+R zx6Gk3Roxvzq_^C(@QziXW{9$hj(PGzO5UN2kz0aZctQ9f5VQS08~X(9ik<)*i)|J- z#n|owQbDoqUtTpxmymgKJkQ)83^Jk`7*?(NsG#evHg8}sEiW^R#46OGeMH6mk+VV+ zu3glaPSq-YwA@u?&Si2XW=SM?=Kzqw1hV8}`CCtv7@7JEpOVUxD-~-NqAzuZvZu(| zvsLOw#=Zh(a_wmE*^s(`j1UVGq%2M&CA(oq$wA%oBuIilH8I=F8q*`4 z@SXAjp3g+Cd5mu5Z^w;0MBj)uBHS?n!y~2MVm4r;lS=4dqD(U}NZ=eD=SCQY-c#h@ zv98NRv-7w8&Z}x=WN^NlgSBa(dmOdm&`Oz-Y&;Z%ZP-vbga7)1{e7qBAOwfNy)e?ccRdkz^3NhR+rheB~}bOcd!SObRkLtNWZ=i%)Ed8?-G z?Xf~U@mQ5tINr{_o53k%Q_L}(J0tR{Oz-Uoh{i!g8`;+B+bb3Ce3j@&WYbXzNSPt`c%=Ee9)1meEFoOxT!4-w}+uEYF=@J)GFm$_Jc~_OFG}d zW5|=$dG4TLyNhG0(ec4ml{~7WV^*?+1ZR|SE>VfB3wKo}W+KZAhcq$f(E`E1OUqOoFSi_?KioZ*Z#7Bh0b3Z02#6`VUkJIfOh#q znf_vB{*|;M!ZxmfiTKXYu|~IKp)?wCo+hV}f_ls)@Y_&`k85|1ElX|B18r~5kPgr%f%?oFvph>5`R#PIJ&qMf7 zzQW7ykR(;7*S$pWuHpS>Va%fI0E(2}tfE@U)jh~}ur%qF=DQY_X*kT5MRX=4gWQmd z7&F|KauUDev_W{uWF{YiAkppWy{68{Mrb6IZkm@3fW;opv+dX+r(O^q;F!oSRle3+ z3t9_sULOzBDss3U22h0HF}_8T?F@PJoFx^cNt(Vd1}@LJ4oh{uRy}1B+Dv6pSrzA4 z%h0wml2a;2Eva{D(;dxlxfNVo30~YMc(-!Qy};bSvtu(Y@o!WF_`$ZXUX&!7YOX<}+j&XJj*>>876E`*RLJ}qzO zZE#3goO3z@ysqc%TDZu>CqJb3HTB3G^Y^a0Zo@B1h|nSG>g~6D`{EE@gt|R5L?rpF z8oQp0L=++>>j z1x7Dv+>4_Tm?d9(m7OB zhUAgu<{5}#AZDGRZ09X{6c&E*ikPUPFU6`Rt)d`^xJy_ouLRdqynN(5Ge)!RQIDk{ zwciE<+gC-*zLntJO(_-8G4-z#CE}GWAsymhlI+G*qfr+pB^ymUYWTCZ(_o1jj>~%J znit<&HQmJ5hx@FXE4qQEH`FV+-A9BkghaNgr!2MX)?3sOmtH$&9%hJ?zlT?B*S(6CcW?Y z=|$tp2=-^n=<|B(rC@gSqr~D_klvKATP4?kG2&Z_?m554m7k+o8X_ZsDkITm$0sSH z(y)pP>!2)-3Dke!WfAQ;wZwR1F=a?E07D0bOVQHox$rXQ;I-UGM#ut+-jhow49kM~ zy|n{~PQeI{>bR)#uej3LHP0Sm1;z>sXK}VF6ls?G!lGB8O2@9sufAcy&D7fVHrFug zx1tP2dt|F+p+WH24>}C#nt_Siyyt_7eGL_>`>wEBPBofqq0NwRwLWntL(MY<{I-I$ zr+Mr|*jkXJUpX!q?l(GbS?=}}QL#mo5P{bKak-;M~(=XtGh*VXx|#=hlQ1RG-v9j13z4A+Hi-mlc>%MK9F1lx+AX zL^=>ftF5+U#o5@titAN7xZ!H3|0L0!~dM|6>N}YY&DgA{y`!Db_s^lE}mL<#N%X$&bJ_4iqd%i z@jIog4f~jQY@WclY(?%@WctOj*PhC9BpHMaC?j|&=Q zH?AjVHp!>xed9cDl4rtZHgg=LuoQ6oB$6%Wfl=RFe3n>{aSzRxw116A4G*9*g%-m4 z++Y&slJ_P}tEVFD`*a)*wbUP5N=z)_#Vm-HZ+Xz9kZ~$aCX{?gb4qAzlH{3_VCZyi=;tKJ|7Mpy*bHS3kwGzx{e>l`p+P)(PeS(%&B9G368%*ph z+Z_8=kI@ZLI{T`^Qc^zT7m^7UWH27?OSzg^JQ7YIn4Srgt{B(Ys6K|@df4y^S+ZAF z?P7RNW~!h>-H`i0SXs30g--mU(AUmLr7j67S{_FMIf=~^wAC)CV2a~YMu;PJPP&+$ zrGqe3`I3HB-hVByaUs+YA)fjczric;>vk;E%Xs5CeI`r6+%kcQRXDP?bIW{zV2Y&x zmH7OMBFDl!_L=>BJbQULd(yTOXV!EZ`S7?4P0tr-{UJS#{etqP}ZYqTg zrt{_P9onR-A#dBBa`QoGQi@hiS@~>EglOkm?F+XasR_agaR>74$`#ifFVtX)^4MJpiZ; zf#bZ_<#ywl5>XJMHuIgX#Mr8k1A!HXF24^jPGn zGh(xNg_^ipUsLX|l47CJnBH*kO%vPqv!*vv=H&#_`L=$@1pEHdsI7s`@7g7SUxB1+)&Wv^Np9GW@fyV?h76him!3+l2k^s05oIq4ybis86ZI7W$I zo%Qzt0ZkKl0i3pLO3KQ6Rrxm?|d@w%6&$B#i{W3y(zp#8P2EkL!Fa+}ChDxl->Er+4rw$8hq&73Vt(A!{6uW1%L zTpVwt^PWR-b(Ifr4=a#gt;A?)zB%}WMGVlda}gpBZo^|^i5n%pS9SVb>Q;?Wyg_AU zWwcc9o<4n=;<4Z(L03!md5syS+;x&^2z0IZrenZREK!mRx!`#pnPaP$8HtJd;HV?u zq<;pueYV|Q6!}c1?p*fkCD8gM29AZdVOH$8j{=X0ZuVg{DYIv(s^80c0AMIa%f^Qh z!#%`2*Fh2Z`lp^Z*TJr0a9-xXa`*e*g&zXi`Dk!Hdc4(GaDI!(RxP{nO>eHBxg<2` z*S2fop^Rg#MJXwcINO@X_h42PVON=ydh=Aej&on=w^{H`hgIPQEZGalsoOEw)Zv#p z+9?WI*1OUU;1wZ#x7dZ2oqOpa%Y-gex)g0u{fXeBO-Gq$Y#Ax3%fqLoO5mQ~t(N<_ z!2r+M)#tg}rXITbeU_m5Rl9Kw;2zAm?YF{Cc$YVa!Sh{bue)#vy-c%0ljX){z8?~#TlTYyR~bUbsJf;0L0xIFUEOTDyX;+*maU@|IOt5 z{Je0j?Y>uw*6k^K=TUX@jotTf5#4328fy~qM?KbNH%KNt_YBCefXSuhUw#SBwK1W4 z_h}Y#<665c%0!^?lDu*>vC(N(i%0ChPJ+fUDg~}A~&1OSsVaKeNg00Ki8Ij^Y|LKQOjrKF^$s<;SD)!+xDB z8ggx6;#Yg_P}7k#>MDSTJ|1{kT?Y}1K>Uc-*5Rw@+3rkVT&HSOYC6D{!&Xn{1=a&Y z>*P$o5<^>yWOIFE9H`uEl!&2ot)#VxZ-zUOX3?_l-nZ}lzN?}(zYj32+?<@2O#s!d z<(4CQ$~cR?X1X%gXD(l5vm*|~w#}Tr7oCEUuHw6^fMX3oJHAJ6G2Wj;9#AL&$~wkY z=o>-0Xb=t}X1KLHVfX#E_1Fk>{?=Q%&~b~<-Eoicc9cgix4Uh~B1#zzn_=HR}A|jJ>>&4Z@O{J@!=K8cBq^!{hJLt!G=LP! z{wSuN*PVtsp#-17_w{sVsyY|DU5z&npVPG_&8ys8r+XwSM&2KKikv-PY`|Ezi}1BGpS6 z!DoR*8!LgOdWwwP6ZDP8Lp^kjBaWsX<_PpIswp?UN5WOWlu0W zlhh_nj6J~X@aPJHm6R)cJ)UyDX+2*fdNcUk+Hq^Ax?HwO&=2uB482xq+q8mj#oMbL z_PMJKU%bvxqGIu(uk9#2-l&Rxpl@0)-(LM5h^V+hL(8D7v0|;}@fNR!1*elJ<)B_E zF=Dq`9!DR2me<>*pBGbg+!NZ>jGL%BF&>fEKFpFz>gID*xZN%vP(dq{wjmM0cjsUa zkd-61=5gFuiIGjf-;HKUAbS0UM27dkyUt_Q`AACBga=43@7`H0NSv+h)t+fai3#C0 z-!@$Wi${@eb0VZYdCLm250)k{_6I`P8lbx5jYzhzh7x{8sCZ?%dmyd`)69CPFdOsb z<(EjYrg^J|^Cx@H6{Iirad$#eif^y?Jf?3qanI54IIM~1>Ir$AAGwm1D#EFx;8u4N zXUN|<`uu`WFF!JlL7U;?Q7Dd$D2_rWCF5t)eyi1ZK1cUy_GNE2r=F-x-|lO5Ek3>E zQKUvZkBBOk^n*@lHvCe`N$PhNA+cD&CdgI{SjYAFHVO2&poN=~k3hJ7_ajUZ*r}5o z&5dhIW2Kv?P*qNl9o>t#Fa*~8r^;_(S$*j1)<16NzdXF$Yvx;Tvv3Bq7isl5PLyq}aotmgDY=Gbai!ZAkzE&zgLcho;G& zQ%b<63kBhKpzF3eY2@@yyW_0;RpV@UL$Vt3`@?Mj1AT-f2c5@mB5s;G<*?1TIb+Xg z&*M-+AMtY2)1%xpCF0|cs3NzRyWdP2y>Lih+;jNWDfLL7t>1DLtuP7Lw`rjq@ez7< z7%SWF0#dOI3*|C=ipq^|Hsnr%=L-kjFL!$&y+Ix%AVAm*Nz$qRsQ<0MZiV#@>$o*% zB!vtiySr=S9g#ch_aTDi!^~EV4Zk&-)Wxx~y{Lz`u0-9woyK^3Y`iu^F)AnJ{ z`GazF?-=nKmn#+>NOp9qw;*kOtV9Be81uDbq(N9}3<*(Dkj42pK;KRSu04MyDxEwX znv*VtXS2$O2RUVY<9(K{m^!WE;TQeY6n| z)WdI2okUw5^vb3SlMt8E9tpkdzs1(HZUrB;#Y90c4;p`Ei^K!z-CV0al2aqx!A#Oo zGZppe<~p2|Y9AC*9d^I#0O0<>+(}c1tOKM=0HYa;DC3b|ZPR96z9W^ks4+&(P|M4U z8EKc($#*a)O*a=?do@S>cYPTt#khLE^6fP$uWUEZxwpKye|r$>(ZGax@?MrP%6Ms@ z`TIvroFFd7wq$JfhQ5U&-}W#P!Jzt((}d&n@ReR%UhLajxAT2L@^|GMmYXBFt{zUX zFC5w4kzw|=vmKI``oL#QKC8069ZI@O9HcTrA}43#BP-3rge7eEn>o}Zg)Fu~7WaTE zuE6p)lpAo?kFiRx0;Y5sX)VtmR#I%8>kWUzyA7DK=ol}%DRm-+cVI|t+1xr=gL?S2 zt<0XavNGIQ;moI#O6@i^WhJ|^R4nRf>Ip=0f~*ub5ngAPd6Ax5_XEGuFWc>t#-HZg zFOleV8({nDpxFhIqj2t74g^PZsg^6~zwFbvQgtnKBFEy=; z_zdCrE4Rwhd&xRET?Sqin-a7uE1N+@u)CGmCRlp;_?hmEEstA*m^xW-ID?;*U^1hZ zmwoyguU5mJ;1+dlZ`ATIFCn*otCHjZ-NDSx;-5U^eOZe!`LnuT1*1{h4snzw(bmDZPD9vIeSNm7}-X(jE$Xe;+ z>|L0?bj5B$v(Sl2MltsO&adUZDP=RNw*uO3ZVckl!f!|ge>tou4xc}ys*!?$4mpJmf#q{Z7OYO1FIGLfvK;A-fvDMbWFox`VA>vgn=;EL&$6V6VopCuDw1%M>#@-x#aRuhkD7 zi5J6i&FghKS`A+ZIpI~N$!z6fRY9Gi{*ND{rdhGb@?n4*XJp&6i9^sVWosxuTp-r8 zi{il_IsY`!A{sN>SDP8j^=3=!R@^FDTe=3zC?{DH8uPQ9+#!61e!=l75`u*0T5p`5 zrll0l_IqK353RgTyPRwKa7YFiY!r14TZX*bBc-HLB$w5(&#l}|KUJ>m`ry$We-Yxo zItbiNc>VMdpJn1gL7)~(dsYxGH&YZl1MVl${XHpo>HB;Ysc@YuN)PBY|T6?dM%9afFIMv(vWL}(ATg-!TYmf)xJS(J z9dy0UB}|do z2VxcN(pXs+RF9&4+d8f~Iue4Yl7e&<)l|nD)uva6Ua3)H?ANfm6clOb%o4g?Vyv!m zsJ*QSX+qC;R)&H$Da^xku}Ip{j&F%qU2*-X}0CElsSQwoa?miHZ-XJ@hDa z4x{K<@^zRiv=2@dI?0cQtG-J63XkMU&^0}x9~2J6f$kk+BV{hfdF8{}{i@TLnx~Ww zvyXB{=oM>?^NFc#)MCZUsnv4Ttn)(F81B_ry=M-)R~?ZuW!X>5mO**9fmH5mSvF^* z$?Vz(XZQUs0)-Q31y4rKgKu!zE%DjG2Z`rgkAx}A+3Z6M_{eOZAXm^38qW4~_wrH@I<5r(OI1}R*{b-wO;ZV{w*813Uft!lU&i9;~9wGpO>U< zf)n9-RoyDQg}FAJisApE>aD`!Y@%<^ga9G9y99T4C%8*+cXyXY0>Q0=I|O%k8rR@X zS*)8GHhnRDijo4(+wdUsW=z1DB@eDI-CJT-z1Et5*UK}3RjH&l+5cC9Ig`Uz4|rCc5?mV+HQbD9UT*R*Ac?GEpwBRY_{bvww2wSw>>`T?|WRSB>e0# zGIOj|IZiOs9@vu4lnqA_9~jJ-Dh-=(uZ+H7%@}l4+LjJ8=-}v(-Suzh9^+!fTB**u zmb`HWhqZ!Vz%-qzKbdHymZ;0l%n9nVeLY4mU-BHK6I4hgGx7pwt8Z|(huE(cPUzoz z&Y5Q(>D2RzvLVc5JT~{+sv*GMXUm>{H%z?Hd>T*diM(>Hf&`QYc8lrKdo(#_*w=V4 z(j3E;%X%t>NgK?uE&HmAC1@-AnRYYnsae+I%H>W@dOiS!h|B9ioSZt@NQ zT{d1^@|b%XrhLy|mUWp@9`%c^hxPuPfNXXES9Li9({>r(N#@n`8w*w|klBpBDA#kRE{cmFx~=rS0fGb6Ada+MtAz+u;++e3#dMdTKSu$zYi}RY-(~&61{Y z=db8921=5171z@dlJFZZ6KwbibL;KUj6L`e5xK6C!`{A)ev{I7oe2bI@~C~}QzOrP z2yOip&SZHFRRx0H`}3LkkN-r4k@(7gbY@+x9FMx4`TT}-<3 z>0cFK*Yhr@&kt%5$~V~feSh}ZRp_uQWro&4`iuoiI^>@ee6edIAnl_-<#_kELCFY} z^!v}J(t`FT;%m`}xj-|Vk?%tk!J4ED^YX37I;K~kwexXC4%a;lGF^miex$F~(APMT z^cFKaXOQ&Uy~EbU5OF}}z%X5odn=t=LaSE7j7^3~0aeC!S)?9ZY>$GCIF=Aqqc++L zLE3y#u2Nz=#jau|iIRQ~&Pjp0Ao@q|f(_5Prt*T1jXRQ?Vm%S$g=VEe1-A zf}3?1K~mvo3dv~P+;nwG>mXiNQo683@Hhxb?e4Z~>2s9)Gv|5@3t}E+g7u@upWiac z-_^Z}O^XzPe&(x%Wqyq!>98kn$Av&ru~;3fvF4dqgQGLg^`4Xr5~Q2nO~e>8Z}>gn zY;Y?}byzmw-P=VCHIN~ILk%I#a$!|Y?8vUo^s0%~xhyL)QE8+tQBzKgQSLpN^tW)OylpyAgHn7tG~RAdN(HTh z^_lCJx^t+>wAC}Zb`SwZ4Log$2iUA{CN$f}n@MUPZ4ayOJ3q0p)}UHa_)u-pL^gYv zg5eUF`mGl-QXyhTGP?VV$7whkgM(hJ%N|5=l&;NiY#Vlx8JI^!n^5He;b9ClmeryE zh*jhg_9270n%mPsl?x+ufqV16y&7UrQ@mh(Arw#xBl2b0m*N^Q|Duce57Mss1v56| z&V^Jbfdpy~x=J+#3f}$^)AAmjD2I$a?0mkKE9--Q8iM7$*`H*#n+>%+UGD%DYD0ON zBEce8e}n5LfQS8t8q@P9xqbsYGE>B77I6WQGY97C4=^lb2LE%)rdOjmgErn@FgTHj zW{PV5=>JVjld}&LBbU$7LFfH{Z94w`wE$BAv!!E*1~_NsZmOo%zmwjFcJ~e7vC(ss zqTr_@yHqXAjX(KEqzXm&`X8h_iN{a(qZOAoMJbV1Jw!w~)hy2UE99TM@X_**?pVGy z_%61yl-b*nrXN>BcCBwDnuYu|1CbSxDFMk#9ibg(bI>BgG}D98<@HnhDcBp zM8J;Fj+cwbeGF*?s%bg)DsVe?G zeMd1x&OUVvx;DlsSzo$#TneIb@0-#y{-<%XL3=&_I1SBbP2LX(2M?(Eb3bQd z($TbbK6N_a9cx8~iBv1*Tvwu>&3OLf@pxbVo=7n*!<|vS-#U>c8=RWOsT+$Tqp)c6 zb$yXD@O$>+BGhg2oejY$6yp~W9W*H2m|t6c6#{mQJIX7OdE;uGqza4!bEI);Qk@^~ z`9PuP;lpWx{u|Pqp&x_@tj6=YAyW4#5L0}(-f7n8dROAsRf?r87Xs&qX|&0gBuJ!e z#VUc3Z|U!0_*UPON4d#jrxSJu#0^xNYHUE2@W`PA>3HE;X3Kbe&Zm_VRR?!nA^D!S z-zW|VzyHXnF51PbgBD~t-T}@(&%@FkEsbbdA_5KLQy?ugNZe{O=ivg_ol6wB0;n|VRdUjxx4ysF-`%2W~)TaDk(i1%8cL-)t`B|2w$5K8FP(sz-r>z8jBR zDk3lI@{*c%ID(t(Ik3s$xtl3TI*F`UZZFHLJ1q2I)R`c@yHVz@_FPsDH@P{0%I~j8 zqFJ5S*Q3Yhg$foQ6a43gkSLzm8NpNX)YVwNGo4^h6fV;rdUYJR&z-dGdVS-IS`~4S zt!u-3GgiiSXHbo&n7_8g)tdp=C@Io7thB($y-|@oUQYM~utl4CxL@q=^ge2dV3c-; z=-7~2*F2Gt~h=TyO|oQM~4K&eB@!&P{lqxW90Xn^4*-OQYuZ-%9RUM!JpOdiu1$YHKcxw zNME=@^GY8lXKL6{Ns_Gn+#R%DO z)UAi9osD1t|MTRb{qx-kN2NMKz+R3jlR>+Px7U)I=m%hN%Ps$fsPvD1Q!qJkeaLD% z^%R(W770f>=UEkI!A&fWg@-&0tW0nZ_A|24iB()@_aGzb{~nXGSn@9 z?fzLwW1Ez}k_fy zN88Q%%Q;o0(#{rW1G~Mw19knQQ~bDy-MIimVSs zI+P@aYTT~FRC;o3iYVkMN%@@m_3``KY`L6bJ~Y=*eyP@Pf&nI&|1$pR(1}4}ON>=z zItQ}XKwA?D1!v=`sES~0aHexupLtXWX3!JIxY5vEFYVMScY_B(ZA{8U5kvVho@Bktd(r|&O-BS&X+1}5savFYrind- zyWxZAOi~s(V)qCLTk$G1M{$e4Bv#z0;UOs@tm?C}UM*R}OvY-9>i13)%{#ywn0&+n=P zqQdw#$3g??{nP0_^H`$P?Ox{CEA8=0{vB)cF*q*TGn#(bAn*!3CEaL|m3%uTH_Jf4Tzj zeWGf&UW?vSG(SP6)MqUJDDzL=2$2lnm@~r9T4ET=Y~}Z-OuvmvF)#jUhw&fmLHyTG zNVGk0TtUQB!6Lsv89K!biSgLE)lW!}hdKy+Nbo|(PeZCvTVvCtbx_xPEqbxs$m*$> zp-jeQytTZH;{Ry<11Pk{PmwS`;T4}1d+E7=l%C4KsoM&UFj~-CWFtCT!EPSD;v;j9 z)e8P-_4Qbziz5A^9+kvZTCVHUV|H@Ya(X(41}0M>0C7^i8eqfn^HeiyHu)choi~_q z5SF>-HFdO#cSts#P-%S)RaIl-nlG3vA806vLW;=Zy@K;!bgtg7rT%Ro^>53Ciinpr z1G~<+wQ?+~Re##5q>AZZ?rg$buVNQFkj4O66Iy~`K4xt(Q=7rwvz0KL(C>?diOEp! zp~hEi+c0YD2cB(}uc6yoiy;JF6u&t6&na(HCXc#L4GyAV%E-`~qcp*!Yln8=AjFx7 z_`ys064F0^4_PZ_b9M70q~(DrG3+GFWQ6A$4)9GAe+d64+R^j_iecDdF30a35}?z! zcsw!T?!2i2{j(Iji`n3uyNJ$1_!uFoU+eQeQ(abOqsZr!V{jIwZxBEh2xfKud(<0o!se23 z&Vq8n#xq%7St&y$xFy}vM)gNN`Fq4&vMSUXA4yvh=1%E(Lv)LNt&otz$SHS#jwS{i z^p_L#t3T@wh)HL23xj|Mw`?c93n9OiYLtN@B|~=W`!YO)WLSFg76#7?<+)}}1(3*h3~W2P;Ax& z5o?2P1hvU5osG=~(c5@SY5hGx&51GK{@=wj zJCNps;u~lu_`JHr!}n#Sta?bvDA0uG7-)(zn7`T+xrJN4|Ll2{1sHqx19J0AZHkWxqA2Q#R86#K4H(Tm3W)#pTMZDaJl!ES>EE!SFn{;Re9+AmQzgCt)+TXKfxgj4P0w)j2I+*L=vA7vP7Hq+h$1cS39k9+F! zxT@)?HHg9oBRMS{SoU8`RvWmbKI*I_h$K(0n+nyp+LmrCK3ImA$}JE6k-pupdLA@> zvmXmi+j1iE&-3jk3b6+ zy+vL4bDEz!N(=}A@-z&iJo< zKf)DsCd9JOr1&_JaE^{R*yO~57EOUptdtQS4yxhXs(*^~&lWrxXAa12u5dZ*_Wyde z(BYS@>k0_a{>geA7GYXEG0qH+lYF3<(d_?vi$|$1Hz{=SkJuZxBcbB$?iUq)40KRC z=HXl+hQkbQSi&~|8U8_1@S}L~8ch8EAsaQo|K~3s;Q03)vYb}ozdF6Z*(I@a8hPkz zPtzmH#(`Z#q*?Y&;p2Ewk}iZy^7U48P8^4GgwQrK5Ab9z>I}#At!?{z9>b$+9Stnm zhe27mh4`eu*y^xV3#*p4(JJa?boZXMfYn5fuPnA6e+Xx z(vy9j%=GsMLwQx#?OH4r8MPM61&#FJ`6}B4O&xuL+o!S@_vu)YnU!XL{e}W7ofzBo zc=cIo=4?=liTR!^nX|W_0|>01(GW&RES1gw(>BV+;n|J4&kl~$PiCN6F5cTE@pCY^;x|#>$dJotI0N>K^kxT|AkFQ|KmNG^T;tnRA!D85m^;UjOjLI zn&jJ1Q`Ug&jX?u3Wa?z?#0rPy0qj$!{bPhM)>3pl9mAd|47L||d<*T7O`dUT>T?q` zR>cWvZ75n$&FXRj45d)7$y*cG)ykYV5ARAAZ)4B$r-co*Il8e7FOD621bVqxn{ujGjo^6Vbygnt4&csh3QoF{sD}2 z4wz_PqPJu&*GkxEQpPFp00is%5!u5>B7pf=6uzF=Y+wChCk~(2sJN>2jC-de74kNg zK-!)=(ACOHHQbwe-J4GBFwq}aPNLs-ch73`SZg)4B;hg$vY_q_aX6^zcwQ7h0INyb z95>7~nd>jRYrUR~a2q~df$u5xECsX<+-+c5vuEP-6!${Ry^*oMy}Uk2o0zyA_0;zh zR!p}0LOz!NMZFBvfaqUNgL9y(A)+~)i(~&e88QP(<+juDjOfti6fC#HDN-)) z&t&OufRpWemK8c{{J3nIa@~L{_XRL523NXI#br#Z-E=SE5I#0}SY9qoPm);dE7ZN9 zN#9>+0CxVsI0?f%a>W9g221mmjo9-=yU}~EW@l=b(|Wpi$?^%=3PA+F&2f+v(s}#A zFa77+4R38_IUhp%8$n7%fYW%oG@06;9ENL<-1Tc!YCW4(RNGrNp`&6fcz-0Tu7>LQ zuDv&1x;rDav&?2XXpd-l|6;z`9z5frnles}yVwqyy61H~?q#Gf1|C#d^|xo#rN)t1 zlc+6-dIP@ct&(&MW3#mawHx;UqN10=@a3trt>N`jxR zZ~UsvYGk9pafb_qJH}!!SkPAad+sHgq%B=<%dQ;neB359-FkgubJD9_52)odc&F zCdy(Y;lJ%-7jU|`m4+v7dz2+P88KAns{jmQNnqH$A3n79=6TL$RjsHMKeVFf z49fpLxj{OlTJj|3VM#$9U?HGPl>gat<_ySpQ)UvYUYkM2#!Ig)@MK6{fdP8yz612Bg%zU;b!8~ zZ{L~Hm+TK=D4G8YboX~2QnprYibP@mGedMha{w6d-Iq@Nb2>v9b!V&enw!`#$F6n@ zpmA7>YpQ)}=8FeV@a(ylkUvn5j?h!69HS;(bZD9cZsGb!qrusVSAB#Oj; z)`XI&I(egMZeLeNMYY~*J`#C=vc#`haI497RHGWc65;83HRN2YmRYAs4&)#x8x$w& zNrb;jE6l*#bKcJc=upM}C5DKOP`4CQ09ggE1+(tUf@Z>g z6;g0*N}eb8dw=|NBJ7|kUVb(4OPaWXa=8{swY=B0tXzDAji#G^&V&TNJHs_a?>)^y zR%+56jj|4uDZ`1iJu>*(J*i^6a@NHaL#Eda>j3LazMNj1^c)@qVha7%O~31< zURBH`+2<}xOR~k*xsBFJ?6I5OL3loS<|&gOUHsacO=oKRj1Mpinm+z%^-ZeYGK$6o zWU|bLHTU4BldM3I119^nCRZPmZ$Yt7uS}K(y&F_1-A1_u*yRe3tHj%~fTJaVh?ga`rFwQ(zXSl)t|a0A@&|;^wg( z%N9JDDF_g`$YM<*`>o3VJQ(qGx}fKbSc`nnCcWL9bYf9~EP3tG+i!C;XifeXE6O*n zl!pU@K~9Mxv)}KY-}GCstI>EKx~E-^KIq|OiE<;W1}3OQ3d3;uT%HI0w1vR6#q}yM zyU}PVI%L#Wf~awsZ(Dco#RVc9i%>rQsZ0&83>jZs1zJm2$@MpKvw7pvsJP@X@uulf!2g>{}z{?+cJRAx_gO%nGUXF3iB z2)a7Yolg+74ORK^B@VU|M^8*Et9N$P<=g594iU)k)Nlgc96$-*7a6W&aJ(A`0StsC zgMWz{mY|R=)#p@H2ue%JdaIX+w7URbFa8qqUicf{Os5W)Co|C=X-O^~(5mkH3R9~Y zY#z;WcIkKeO;kq}%V!&&%-Z+ds#1jxIc`l(s84IIyAj;8%FJ zw;4A0U%g_GTNvNyf43&BK|=L{q_Du68t;(E96r9S0I_F5$B}KxrN%IcpwBJD>;Qom zo?c&HSF(M|pFPzUgmBX4IXVC1M@p_GD_km}e@r!8N7$CiO%Ma*?r6^JqWMa(R-|wTcpHBtR6mlyw50efj_t^hmHmTCZIJ&eim<@*E4>`X+mhF}2kYIu=crDP<9#9y zui{w!>(OOw1D3p;Nuo#p-dmus*2^>KhUh(0oM9@L=b_>EGjUhIN>J}AiDlItLsm{k zl-&L2c^z*>HWO+iY>xvo9z0SOY>lPG$f>rr`5V3$len_R=@}2+;Gn9=77b?R((D)~ zU!@Z$bWAxdF;jY~5Y&RD|+k<%hrTkue|}cAl;4gH4q7#-C}p(7Zsn4kITOD>P`qOG|W*S@AVFBXy~*R^04lTvXLUW)PDbb zBA3jt?hAEN%TZUO#UEO`MokHBxL(zDy(;+yJ++23D;&_+;tEr)$o}P{dm)WJ!dkCkjgP2zgtK-**eP4{G z-=oQLkbAF@E-9+SFt3)c?TPw&r;_(kFz=|qKx;xWjHI7%`B^R~ImJWbfVZ~fSeKyI zDW!X&Nq}*hb`lGIC@Q|Z_Clv>Zbt@V&;tbCako+g2+XwFt{A_8&SvZV(wK>(L%zjD z&(^N&xt!1kvmT&tkF*vsUGEj(sU9%7daVp$#Bxn+8h}oJrXINP-qB147Z0}Bu1rN3 zqcyGQD~3(R>beR<*buRKZLG%UHP*%_YBr%qKP$)etjW5*JTP3W4(>J1pDlGz9JJ($ zd0y08+_iCXHm<+6_j0}0aq)KWrCg|qZ)v5}1(i<-6TRFk63Mk#B;7>nd#mb6R$#k^Q>a0ZMT2 z(<8e5nsLcG4zo5CtN%IzJbXGUG2J!Rx@C@^P6p!O^(0lmS0cAR&MJsWldG++F`468 z-DCccj8(N>Yy7{=Bes@Y!!Gs-o}GoRw-^%j(4k+t)a&Ch4kt~_O0>EuUAGX1w+K0O zo)^Q)l~n8l0|Vhq`B1g%&^#4g(0fyklJ;D=zD!t$PvSG2GgfZ_L0J?)kjXIC6i7_; z#`~@VlA0wKD$aCO$ZBDD!7V(k5kk3_%QKL;7L2W;Y~>v`LL@!Bn*KG|DQZK+y2551 z+opVd5K=z$-d00)Zk?dp;`<)?o8KoC`Osifq2+WqT#TF!Cyxk$*{^6dFD}n#IrO4F zhV*D+#sOIGS?!SJmZsS46Zlr-$sIWC%)uW@HArH?A;0ck*C zTXlnth4*WwQ5~LH3+aXL0&z6AY~I({S!sCu_CFUL;K_Zbx6*%`xsLtTlgCcB7!?FL zaGI}-bJLsY_(Xb3#uq*DeiW0tbxw&DtS!h!Vic|$NFEm{cK&-@ktxz>;^V=z`|^?b zGlr&Q`|nSBahz2>|LuN^2tNPogdE@39TLO*b|TMJXA(be^%)xO=}h5(cW~$X-4P_( z#E)o@{~EhIn4eZX>38mW;WfnnUoM|>WR01rbvKs(T#MfLGH)PC*y(m!+)Z4FI>&7$ zS=V7$y&vWY47f0_c(29yvf~QL#;Xu@KoZIoar1o35FZ=U(fK*C0b+Y>e1iruU?HUw zlKJ~OAKJriG4{Aun8NmDTZi{u8M(Jn0dXuDtOq!=o)oC>fhD+Ii`q!0CJYd8<-c^= zErKMKS6wFydwR#x*o9wnQSR0jIrGVla0U1#vL!ylgwl$9tO?v)B>M2h55F~KIbUFW zv=~n$gdjD0R~5VM_yH9iXg@})X8BwMc`eq)8zg>_01C)t56jsgt)M}I$z z>uNY;DW9I}RIk1j>03-Jn{}vN+>|cFx+TXI$hy5%!v0dJ`4?rx0UueKQWV0yqkSce zZ?8F0d34=k=80Jr>cqR8xF^m!tG%5$Z1uNPpq`l$p5u~AO}|<&<_iXSv$!g%)Lm77 z=90++tbLk1)993HfB&ls3Q(eFEZ95^eNolC*ef zGrfvTvxTc$Hxo99t-*Z4Y11Vg%Z-=mw#taUsL+JxRENv}w4 zw`5@5EpRwA!jFC!af@fIx;!7)5xvBXL@P3SKwsUG$8{u5G~{=iuZAXkd)e1`5>~gm zuq-S5(W!fXdwWS#AX|K%@0-orJ6drtdx@t1p8fi=pbSE`rSxZ;X>tS+jjpw(ix z#MZmk_I$jd?}`L+q8=G!=wGQHdjKYP6J=%D;!7dzwUcJq$@E4JkhyQRu0~5 zb45(FFckaEJpP68RXO?2_|B_qPJa@rd0;%jqSsLFk?XT)`Ubjvz{r7kmC|EM6AIp( zGNaGRtLM)L)Wy%K3!)Q95N&D`Hb2y<<;2H(Q&>>n4BMC z$E4qu7+wC5bqGUdz@z@tiGQJGqMT%rb!ysT^CKZJ5R8!d3+h$lMKoW<`Tip7yZ2nshUpb+Yz)xHHgu9mAy?urN2)LNjL;yzfGl4nsQ~r(nSrY`)3| z{+Op;FISS93rneLe=S$Oky{0iLI@{n$@*!lCC$as7#s4oj%@Ce?FasTE5ErX-Va8` zylkRw;2s75CQEd7&GXxdiAenGp;-tFZq*HxbY`CbX-NxQCO{rV1jnT*Xh;;!#gQr_^ zAII?4>wJ#*dYV~mO=4h+?6)8dx(QYJBXNdq5uITT3kk*PqIM7{N^y1x`~7F}xA};< zG#t9g7#X${8A~~=vSwYYgR$;~x##^-QYAKB*S3BYc6oA%u2bJa<*}xQqB`EOJmaB% zvr%z!9nBX6`rpN^R)JMX(N63gL)m~Cs>^K9MK+7EsIR<(y=TCgt#-hReKQ&(D(Gk2 zOMT88gI)Ld?NM=-WTTnasKUL_%Q;}1T8P#D`L^2suH4ymi5yw@wP98weXthkBLALtQE0nf8T{=4LA6b4>fA-8NufH?l=l%L}*1K7I3zfmq-r*1<1BFsA9 z&Ky5>1Kx`-awqt1K~-ha6u(+GgAl49UdBH#O-t6r zS?j)+JtVK2UtdOXRuH2HVSNX>o+=%kcb$G-EBf^22iFu`OfqLX!!~MZLTb?j|HW7_ z*Z{y-`NjW!HfP;!R-q9O`Z5?paWiEK0{9(=wUbeC=;}k>`sJ$0sYMx`>yt(XcOuiR z*?EoC_88ji7x2Ev9FQvrmGO2kBy2!XeZLmZImxVj9cK!Bo6UL06rz-Wo6)u$m=7i0 z`|w;c56Iwu$k=$bpm`f2_TwPDhlJ}3=htWw1x%7YxNa%trSSwd7?>=ttCWLz({*UVw&EV|bcu(l%v`^G`53#0@q>}%0 z-=@3eNgS545hI+LPdDF(O)@;ke^TR_*<0DHamTKfzvC>Tm9~rg%^O(5B9wkqkI4<5pIc-5T?#HX%r_yH; z`-9S|>8y2qI}-+h`FT{ZS&*fg9z<&T!`vr(&A;#7^R#img1|1-kPqmbMjzrrWpg)1 zDmzx9Cdl?8H582=S5d&G(yp7e!IPwb5xfuAzO&oWg2ky8Jo0U@B~QX5C^a$03oGF) zxX?Ztfe0pLu8krsvsrKWV8%`i#v#r-E432s^s@vnq+>%tS&2uO6@XABQl6xpD~#(0=AsdfK;G@Osu z1Mu7X!-d}@VB2)v=cF<-3ZQLb)G76G9|v6ZSh1h0B=Y%3N)Kv-dhIBPDBJ+I=wpjg;O<`+8si|{3r`xKI~wVcgJ@9#QTyC`yo$@*k1G3>{Fm&SkI zfU)94Jzk?rK@9&>0_Tn7W0(5E_ke#Vt^{(6i?4@RWj&ty1Kz1yTmIt>b?qQ`0)myw z$8m-T;g>CiUX~!{&`hUTt+x97-%aUr%1G%OhnvhB;VjYps!E`xqKtJ2(LMljlf;vW zlARMn5lkGS%=uV7=)B!yzS-SQm@h^V5JUi|_DhktB93BiH?26x;fx?aegX8q&A-YI zOv$0}c^D#a*rZnP5i4z@fTc1jVzmM2u0W6zQaGLqs8vciT#Q0&YZ2ctY4K-1S(J!U z2)s;qcF6@<4=Taze|gwYYVo>+eC#V5uc0~zUKE=2zj*@!Sk)o9g?|H( zxPvChSr*xOAr7V(i=p#puoKX;ZG3nJap%UAULnMH?PGqVLw@1HH6r4m{qSq#h?&ihX-nJdg2($cXmmyLr6&_3-%fh$uq`CV9Pb1jo6}J#+Oz$045kr zE!V)GWC?Pr%^8JIoEz+|g=Y|SqTXCW=YF+o0)~Z$VvftkY{17};{)rD%kvdS=@WgO zAG1Z=WnZcOP)8qg>*H!8d?20Kd zJoo88e01^NXjlw2HYw>nkGbl~%agQ$nE;dNij=mjhR1~9b-8xgK5E788lC<*6`GOO z?fQgN=pD0Z*);EvrEqxlpno)WdX47pv$92tS>w}ui47FEg?uv1dQ?`j7I=wt$H#=@ ziF%5&_o=Ksb*&sK?w#EoPE-l!bjd5dwD}2AOVK~OV_f9;?`Bsq5=XszRq4j@JQxzJ zjqjsv<`kp#Xn*$TR-yrQ+-`uZLnA8sj;-7|4l+fpG2}&*{Zy&NlpdjfQWsOCkj;X+ zyV4c7{z?i(Zl%RUVsEN6-pI8A<9EtcU|LK~Uvm$V8JJ6myWZVzRv6U zYVh>JSU5Q^xhc8lkG<|M-$Z+v#7+9USKEJv5iVRN zQ2!{8k>5r-#)jo#-uMwan8gS3{Qztr_*HH=b$_m2^7Et%g1hdEm=ON(MRs|09`bXU z_vPg<7Tg(Q@46ay48^bf>)ZqM$CONYQ*IO{HMH*Rg?!7!1eh_Xmv zYTuB2T#+=8hkyJW%iw12?^c`XT$FwNLh`q=hqgFVlv}N;+e=PSfs%dzA3m;36N(*Q za}px5Ky))djKSZ;CPqxACXS*-odk1Lc(?H-YpL{+E)>N4J5h$wD~PUqO}PW&w)8vq z;4YdJ{)-lJ%~69DntcCep^LBBn{wmCb7^6Ygmos*i+SnW6LsVqS$6sk+7w`Wy`Q*TN1j!$QmKt|tOk;N3csxb=ONgfpjv@0xx zfuE%Kx3pyo6rU;uVFJ3nB+v{oStX72xsp!gfwqiIg^}W+Yl1Sc8H$FUAF9GF_v@qQ zeh$_qKBLdG8cc>Pf-k2a&$ZjBtfq;IL%KT#Ya+19-#xb9%Cmsvwro2Bq$q3lOv=UR z$zP%_%Xa6ya};T9#A8Q&aCdm4Z20DjJ4Lc%-X|^D!H;<7G;|Gq07*@grO*G zr=s(2TubStW^}FMArW!mdDczxoGelon-%jop4OzuRsIv&;l>fU2}fp@bu%)+1Nk;l zGr1B2!5^48>?0nD^2>5kN6|rg$Da8uO(8labOrfsCT((3C^)HEbOQ3?!}58w+e zn;&FBfJ-vLsK8RWW|{M&)_Q7XvoCp^{+%Bs`P&H&&1)X3Js5t1tey@$Ji<%wZ}YH& z#z^xDYGSqW13K*rYf#fvw&$G(*%06c**lGpT)V|)NZ{m)ox6xB8?LAVvP3Ex9adir zpRaSti}@SChOSSnk(gEYmQj&H^fpQc?vtob-UicK7pw&6YLH+l!(z+1*K1VE>W!ps zLrK~`Jg^U&^lHxf0VGCt1v%YO!!Q`m3Yv*2<}kgQKY08|255{r9E+eUIx)(B*J zvF}7AX)d{b?)GMKqc=5XNuKrd zPyKi=9#PrH!?1%asZl86$y!RK&SS2dGb?y40)h19Y&nP!LyijLUT&~TcxijWnNZwB z!cuxRiSlZEpNWM*WzLoQdWjGfaQOnT6khS$^#`5R4DXuNQcri(6&5B;0a;Ro`htIn zXUluf{ov5^Q!h8pFVlL*LRSIoS!L1;hD6fIX{XUORz2L-jW}NTK1S-2`1%fy$PTqk z=$*_^A2?*5@S0R>e?4u`W{SID+T)*9QBadM$`o859A%=JI)u`7Y{b&1IqH?tlp*_U zBOD$U5ot^B7#1(Z*F${w{s4Bs`)YInxvm{z$_mc_)d}`yyyC}82oQHHrZp0p!3M75 zjOA?;*IbB^H$d+jTx4p(gr*|nm&@cF@zK?VgljLzmfE7^T$wZIJo@`P+}H~5GvEL?m5KvxnS3Ex6nuu5{59>0j{dhwRk69P^Q*y z&bB10IARWl{j&_nj-NYgTyBP*Z#=P_NbS*mwgy)TZ2tOkY*L1LxKQgPgF1>f7k7Fo zO-4vT$S$;rJwMU+rtcVi*`LgR)?(W37k~iSSI75-#PL4Uqtz{BZmHBb0-9uQ8?_&^ zS6+vc+#B+`ZdGFtmbZ`qfNQ8ih`oycUc?bnd|AKlNqq6Qap+UA3h03{OuO`$Do=z< zFyv9gS0z=-fg;9=D-A@SJE(`0+e|vd*a6Q>YK^V2*NN7>WZnOsNg+ZX&Mvq^Oo-+< z3zy}gR1aGj=#D$RGzhq`K(>}*Rgu6gI41=3V?nszr5*P4yPnx>RcGD$e6A7n7k&&m zY3p3(qhUCZBd%GH*HQZ_T(Eh`J3saa!=+M9nay5_!v>puP14@C{EAUHkA?f4#6A1S zECODqjOANeKKA@{yA&hJ+fJI{`t?7o2LVpu92-30H2-SBsDsJ$#rGz#o$F;)h9XH0 z-9G4g`p-}6SgC6p$1LqCKmJSs5D>~#@|Us8j#EfefOs*7M9~wgx|!Hf9^S$4AE_@H zcFBF{u(PQw(dGSX0)S}^-cvcmVbK-^AW$+1pE><-$o6m$j~T^pE2=n0kq9{-JLE;p zp|0z`v3kH%6={zLvW*O3Ry$Q;+{V5N zlXmpYY3j*kENxbunA zS4Ve6ui0;-IafTiZd92mqHPDG+4X4VATzK(jsEa><1H3xU31p8(*c0*e`7-VwCwim zCOK17?6<}x=FRWqaX740c#G5ZI1oncV+9$d#l7nE1?AVHOUTtc&pYI`4AY}ZXYldT z^)dQO>otGjxuSjo|4~je;~KJg)Sg1CCZLaVt=)Xrb3V3l+>Ke3mSTCf;X1EY zd+1iZ(Zn25*vOl!-@aZUPP^%!y;!zf$OW9Wj8j!7Oe(}a>3PL|3RTidLVrikXw)@Cyc1n zD`PkLYF9*%GBHEO;#-Q^iDEIxe6&(^7}a)ndn-(L6Hn#vs<>^y0(nlvxeJj`lKbOZ z5M%k_m2(Y|Ifd$Dp1aolk8I>sr<%DmAsB3g-3?yBaUGgXN%c+ZB1$ z`i$sj?XrmbkS{;7<*s5;fOG>*(nzpJAEZ(Hd+RvE1@>D)x13+8oeX#Q`de;0Kepdi zlR1nvZIXno>uXT==A8H9AU&rC&!6;K5lhunzw$?TnkeOIavvPjLxP3Ek3>ogi1>`b zN@}?YX^cpNg?AD%tEZkk3D3xq`gh(1{b=!cSAAHR^oQL(D z@C*=-brH0BzRTiAN?{_#3lT@mw?)gCz)xIqWts7~%MbisY}-uUr~0&C@x+Zj{mdN5 zlfyl1&oBKDq!tdz-c5hW{lj2G(Vtdi8XCeAe?bc~!jq;b39`FsYQK z6=JwF?)2+fiL6uX#PqZ>*H&ps@Tj(;{%lAcuSIbF9S;trij4C#@UT$BL6nnIQ-zQ_ zNMZe8*0oXs#%=@2tT18vq}}ok1L`R0Hs&Zohw5V}vAR2H_E7Y@eOQ;aoA|fj@QKz# znVt4rCBp)hThhkYeQ4C8X$=;f)5#A-INaX#1L-79>0b4W>i6K#A7g}`A-4TvU8&}1 z&U}WXqMH0KwuA`Ff_`vDkG3C%lGcMFqj4bC{6EBras-;>TaD%~6#GR!h*wtjV8+aG zWaoC=@Me>%kE!5eOoHHEb)!@=EQ(cw8zG6%E9~OO>Z*mnPETxA^XYv#-j=;~gvj}1 zaQ(ak!rkZi0i?+>t$82)13TbE>F{ZQ&*#nzM)YCTap;`sls-wk+R4GwQjP&mEm7J%kN|F&1rhsAtN@cEmG}*TacEdc+P& zur+ulsUUhhO>T~xbF-yYvbUP6Lic5~%09gc%bRaK4#Kc94D5iN)WtY)zGRr53Y*Kc%dKjd(D?xA zU&j^wRjay5lXW+4yeXIIFF}1`fXTBr29tP0j@1TCyAQ-k#Zbi&IpcH3M_}{8W~t z(psEeys>(>?T4TjKV_<}SGAN!?EwR%^f9{XDAlQ%#0M)OYUT{p){J(qcxwD$@-cz= zD05r6cq+eq_xMD^r1ZN8V$npETYz7A!`l|)cD|AE=bAk;A$hLe*^tnk>#X2=L{6`9 zh=P`9elGSj4x4sK?&UTb%qCg^YJzB>uBR`@fS33KeRj!ka)u3S2VRrm=8%_euH@{q zbd?9+r5BT#wEYdcSjP7EVpdDlvbikoUZqoPdv=s<49L{m?Mx5T!5&KQ%z!|%k!>+k z7z^)mf6o?WRFxzgVKdKA?9A`bxqmqDvp+LbC1(Rwt6@0u!Dst9iw6_z;H4rL@sv-& z&-!W4Qo>25-q(Z6Tc*POkt!pFooRAn$8rX+_uskf&ON4iVtJ8^+e7CyY+CkdeH2ZR zTNM-8cJ-;LlGY8I2h)$&YjMjrmzSf2vI>8C3X`kRCbCoSDW3InRS>e)aUTwXX5-F~ z8{7Ng-qAS`a|oH z12FKTI9cwy87szVgsd7dcAU3r3%Hn}pu<71Rs{pbbK@H&^{=m4!(Mg~%lIL77n%IO zy#XSY3G!NPy1wl}DP21%3g5aJ$AU?9c2AeC0f}_Gzl4vv3nUBzSv!KEA&$kQj7OSI zKi14E1EgjJNA8?=s!0kNtKRI|bYIQrGnLM>+xw=(D7HiB`uPc#SD5ZS0lIau`7`0u z>Z^mExb7fis%3m+sUeEKb6|T=Zr*R?zK155bK$z&>l$$&*CtJVl!MpnV%r@-ZNo$R zK%JECQ!`J!vJEQ6=g9ekk5&i?-tET%fx0i#FZv4O6i*FsRE9-xEHwz*-l7D zw0$BH5?(T!Ix}+-Z{NoE@JFmgyINykt1!nVYjYT1yXps4>G+k~Ltqa3lofv7^V*0#4he06RlWPs zT;+`3>~G~oW)i*^eeMxZvVFq2A|{Rc`r(1@QzVgp@1}_o7OfA~q_A;hDDF`jDviwt z%t>>9c$-#f8GDhmUz?9G*i8Lid+BfXwm{ovCH1{o{JXQx%w#|CamApFh-=O6wEyFI_sVkNDX)_w zT=5kYZR9>5k6*qoh!|z@EF9M+^8knM*I$$ zoaSJU0`nK!}G17b9os)@;6~(a?1QTE6OyKMq|uwA{yqaJE~|6o?YOCS>FQ@Sw$lEqv|X0-MWn_*E);_7A3?ay3XEdDR=S$I8_%%27S}c zx*o_k^ohigh@|Zeq5jIxop6Qi5G8tkmp+xbJzlTT3ceOt~Kd#|?jMIFr_)WA9Cz{$%VsG^iGW)J0V9m7cmk71R3 z7r;kF4T!R8+=&riXFqePcuc47F7|VhO$JpqmX|xdY%+hMZ>Q9&6f422?mUNt`Um8^ zr3)u~cBQV-^i7^(my`MT^q7N#t!zfvwH=K4U?Z+Sn6FhXl3PM$sA_f&z?e zq1dEo$-_(!b;-5ctimfjhcEaWw_StlOmYiDSoxu<+%THAxTR*fFL0pz1{}~wb9~V= zgA2u}el=I8w*1I6rkno<|mKdNkcDG_j`rOt#;y>wG}* z9PZ9SGl*@s`U$x z7XQ?IS~j`aIDXXEr@D>bbU#ljg=aWUJjT1U4k@cR-iA&p<*lOU(VvgG_3{;M@s%Nc zA77uaCJ({Qw^B^ksI@5Nb5-V4=I4o3n`cL+r=JYZc?BsHu}9{;;2z{YeoMGW0hTle z_AlP0g&MxYcjIspr6_=qk`XMXUi-GUUo(URmSRCHs}}QzNYM_ou+^5Panae=$+n8k z9F$PgQJP&NH(YZ;?}?!!;&mL82n@ZXoUkC@Gy7xE06o%fkG_>96Cho9O%j-Hh2pWq z8577bw#BW%_OPKULnm=RUWxY>Re^>PG){6=cjA}!=TelLKpGiADLB_TPPc>-h4PY4 zHIV|>EXd@=3<73%o+P=y;y&?R9i5MnHyxsvV*(PuF0=z1%?j$fFR}@7degAPFz(fb z(|+b$HX`GzSnuIQ{qJ=^9&_aaSh@;H5O0}g83D6S;W>P(9!Ka@wm1eKHp6xrI-QtYctlg*PG4vHcL{`i3nOKb zo@nX@CBCo@Ej6zn4_GQmt*6bDlmoeXfpNGj;|T2gt%;5DLF_=b*^^*(1bDC}Elw;u zswDE|z)7j*=Qinm4o3xty{Z*P-!a=*R${gscf9ct)l8F?Pc~TCB!<)t#Xsv)KsOj* zg@G7&QTbQ)E0ZX`pFNK1=FGAkRxR~dr}@`41#x^bHJ0iE zS<|i!YCr~u(bKat^fr^Z=ONlI+oDNeQmn!s!NJqgwsuBMHGe*-IQ_6#;Aw`Zj~~ZN zwF<-R(xq26El*~ij*4tn_q;bz-yA5rN0HrscyN2P$hx9j^;?FsN(vr0lpu(gORkZQ zkK`KN&zObKFK`Nbf~(>wWY~h)Iv>$VD|`g&@&u{~`_+Xhkl39hyt2sllkwfsiwy)) z=BG19v5UYCMPN6IDN)Tf^0Wfg@lijhj?dD0XGUZ{0uS8W-t4_3jFEs*o*VfTj{EhT zh4$_!cXJ#ks{=kmU5dJ#a~X=efD3=>iQ)?#pr-@FzCD)vZreY$hNZ+lX;i35^W!O@op|AI>B{UZp6r zT)IalzHH16Nn~sK5V$(4D6Hme4bF^TsMJ5ZUyZQ1fH$3|uV9^2YUf zGV5iK&MO0iyqraELbr5$YK7lK8wCjA^SjUl2aRZ@QH=oZERI_G8fd^&X(=scBC7Ae z@qO!4lUab>6Jz||&MEP|I=Q=86FuAM&{Ey&t_9Rt&kEQ@@xuC-b?>N&nB9VYVkw0_ zLK<#8xKggol93w(UbLn3dGWNwjbBcYBn`zyds0&Mm|14Xh(98lXz7@h0wlOm6OAl%Sxsjiw+Q*pY0nE1s;RLT+CfDg}bT zJUMVI^*bP{==?5G!_t#0-yL-CKD7Hxnz+kV$CdKjKiGo9Z>SXLW$d}_BtRpS!~KK9 zBerev*mv&ZmeD$KrhkpFIZL>Kr>>`s4u73;GUfgZ)3E$UtJkmZF=j7EF=b5s z{X+84_omg%CewDndTRsu$CQ zii`VtUnQjy^$K}#1%2O)HroJ*J!r~a1R#=urQWKkkIGlEAZCH0i8u2iWg@+fQOC#1 zEIgZq@}jhg6}odDRMUCZ1nCji!%D~B)n*s(dV&-6i|D2GIh!P-h7=Nl@#R-4mYxs+v0j^)>0x<~LEI}V1DcU}xw1-^n zRIg@$z18ByZ#6_|lms59h61soh!p>L&tnz{uM%Og!_7hL9^E{{HJ&6Nt~G^v!Gyj- zt~G+_*Yei=ThO2!Xj2=%sJez=a`;pI3kWZ8qy?05<4cvHTCU+l49wRz=ebEHAYL7% zC3Z$jiUjBdC0thZ=RRnlDCuEIrp<lZ=XBYD^W5G#`I7O!+aHKbVw3U{ zxWqjZNW){-WR^AUYuOPjiz&4(SpTfYCyiHLVAOGoFux$w`j!P}2twQF%;dq++CyII z2XjYkyN|9%E($?!elt8x*spUn`;7+$Xb~fTn+~52xP`MY`ywF zgkQu19?NAq%^i!vJ5APp-;^2|mV_=dIj@$oU}T&0Uo!bma~PxnJ+ib+b}$BGkZV|E zc+;eJwpIMA>2HuMlVrg{5q!UY@$Vby3IGL_@n#-gtPcML2ymqUG=w?M-wG~zq1tVr zM<|3k>jRDhW*|JOZg0OuF|J|YgvIl+%;73kbZ>0A} zr4;-G2eiNI`&GUDEdW7Q&WAN6fBpDZU6!D4LVrF#`|!mZsOe7G>izvmDKy*pr=0$@ zqnR5Cgx@k=R}Gf@9RZ+bXw~GOc5-FOF9snkXolV;AiFFp|Fk0;#7YMAko->J(n}}; zz+Ssl^bfHAGhhj{ZltLaxv7ZgoMJgASLNZjRxSa17%a{`5)OrY{k??NYD` z9c?POL=>(Yaq6#>-1WOYzg%sq{PU)4@P!sL3`#To&$NDV74-5tz%GR$|4YVbRRKxb zfj6*pNs>kZ64?8;&(<$D`?ug5wgkvXsBg*o+w1)$MlEjx<;)`<7MHAIlLK**T~fWENI=Nn`|0t=|L;H_G_dnn{naQO z$fvNg^YQQM6`-Ew5k`@=!;u6V8R~wKK>W|SON0SDbh0W)Ll9nn;U(rp=>mK&e705j zo9h2^orYyE_^xZnddXq3EWF@5rDwopzF)XExt#*=OUz@Y1o#fmJ^dX=`E?&0*M5#u Y7W)n + data_list.extend(iter(response["items"])) + print(f"Retrieved {len(data_list)} Sophos logs from the last" + " API call.") + + # Ingest data into Chronicle. + ingest.ingest(data_list, CHRONICLE_DATA_TYPE) +``` + + + +## Cloud Function Generic Setup + +### Setting up the directory + +Create a new directory for the cloud function deployment and add the +following files into that directory: + +1. *Contents* of ingestion script (i.e. `armis`) +2. `common` directory + +### Setting the required runtime environment variables + +Edit the .env.yml file to populate all the required environment variables. +Information related to all the environment variables can be found in this file. + +#### Using secrets + +Environment variables marked as **Secret** must be configured as secrets on +Google Secret Manager. Refer [this](https://cloud.google.com/secret-manager/docs/creating-and-accessing-secrets#create) +page to learn how to create secrets. + +Once the secrets are created on Secret Manager, use the secret's resource name +as the value for environment variables. For example: + +``` +CHRONICLE_SERVICE_ACCOUNT: projects/{project_id}/secrets/{secret_id}/versions/{version_id} +``` + +#### Configuring the namespace + +The namespace that the Chronicle logs are ingested into can be configured by +setting the `CHRONICLE_NAMESPACE` environment variable. + +### Deploying the cloud function + +Execute the following command from inside the previously created directory to +deploy the cloud function. + +``` +gcloud functions deploy --gen2 --entry-point main --trigger-http --runtime python39 --env-vars-file .env.yml +``` + +### Cloud Function Default Specifications + +| Variable | Default Value | Description | +| --- | --- | --- | +| Memory | 256 MB | Allocated memory for a specific cloud function. | +| Timeout | 60 seconds | Time Interval for the termination of a cloud function. | +| Region | us-central1 | Region for a cloud function. | +| Minimum instances | 0 | Minimum number of instance for a cloud function. | +| Maximum instances | 100 | Maximum number of instances for a cloud function. | + +- The configuration documentation of the above variables can be found here: [link](https://cloud.google.com/functions/docs/configuring) + +## Steps to fetch the historical data all at once and then continue with the real-time data collection + +- Configure POLL_INTERVAL environment variable in minutes for which the historical data needs to be fetched. +- As the cloud function is configured, the function can be triggered using a scheduler or manually by executing the command in Google Cloud CLI. + +## Resources + +- [Install the gcloud CLI](https://cloud.google.com/sdk/docs/install) +- [Deploying cloud functions from local machine](https://cloud.google.com/functions/docs/deploying/filesystem) + + +## Cloud Function Requirements + + +### Resources + +1. Cloud Function Job +2. Cloud Scheduler Job +3. API Secrets + + + +### Service Account Permissions + +1. Secrets Manger Secret Accessor +2. Cloud Functions Developer + + +## Prerequisites - Google + + +A service account with Ingestion API permissions + +A GCP Project for the Cloud Function (and Compute instance if cloud based) + + +## Prerequisites IAM + +The GCP service account needs the following roles: + +* Secret Manager Secret Accessor +* Cloud Functions Developer + + + +## Deploy Cloud Function + +**Cloud Function Design** +![alt text](3rdparty.png) + +### Overview Steps to Deploy the Cloud Function + +1. Create a service account with roles in IAM prerequisites +2. Create Secrets for Chronicle Service account and API Key +3. Update environment variables +4. Upload python code to cli console +5. Deploy the Cloud Function + + +#### 1. IAM + +Create a service account or use an existing one. + + +#### 2. Create Secrets in Secrets Manager + +Create thesecrets in secrets manager + +1. Click Create Secret +2. Give it a name +3. Paste the secret value +4. Create Secret +5. Copy the link to the secret for the .env.yml file + +Secret strings take the following form: + +projects/{project_id}/secrets/{secret_id}/versions/{version_id} + +#### 3. Populate Environment Variables + +Update variables in .env.yaml + +#### 4. Upload Python code + +Create a new directory for the cloud function deployment and add the following files into that directory: + +* Contents of the desired platform (if it exists, otherwise copy a similar one) +* common directory +* Edit the .env.yml file to populate all the required environment variables. + +For existing 3rd party ingestion scripts Main.py will be filled in. +If not you will have to customise main.py. + +Upload to the cloud console. + +#### 6. Deployment Cloud Console Cloud Shell + +**Deploy using the following command:** + +Substitute items in <<>> Service Account Name and Function Name + + +``` +gcloud functions deploy <> --gen2 --service-account --region australia-southeast1 --entry-point main --trigger-http --runtime python311 --env-vars-file .env.yml +``` + +gcloud functions deploy <> --gen2 --service-account SERVICEACCOUNTNAME@PROJECT.iam.gserviceaccount.com --region australia-southeast1 --entry-point main --trigger-http --runtime python311 --env-vars-file .env.yml + + Note: Python 3.11 os the most current a the time of writing. +The common libraries may only work for the version above. + + +**Retrieve Cloud function Target URL** + +1. Get the Target URL for the Cloud Scheduler +2. In the cloud function, click the Trigger Tab, copy the Trigger URL. + + + + +## Cloud Scheduler + +Schedule the cloud function to run as per your desired frequency. + +1. Create Job +2. Give appropriate name and description +3. Choose region +4. Frequency set as every mins */10 * * * * +5. Set the timezone +6. Set Target as HTTP, URL is the trigger URL in the cloud function +7. Auth header: Add OIDC Token +8. Set Service Account to Chronicle service account +9. Method POST +10. Create Schedule + + + + +## Troubleshooting + +Cloud functions create logs under the Logs tab in the Cloud Run Function Console + diff --git a/sophos_central/main.py b/sophos_central/main.py new file mode 100644 index 0000000..a899ecd --- /dev/null +++ b/sophos_central/main.py @@ -0,0 +1,146 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# API endpoint: https://developer.sophos.com/docs/siem-v1/1/routes/events/get + +"""Fetch audit logs from Sophos Central environment.""" + +import datetime +import requests + +from common import ingest +from common import status +from common import utils + +# Log type to push data into Chronicle. +CHRONICLE_DATA_TYPE = "SOPHOS_CENTRAL" + +# Sophos Auth URL. +ENV_SOPHOS_AUTH_URL = "SOPHOS_AUTH_URL" +ENV_SOPHOS_CLIENT_ID = "SOPHOS_CLIENT_ID" +ENV_SOPHOS_CLIENT_SECRET = "SOPHOS_CLIENT_SECRET" +ENV_SOPHOS_TENANT_ID = "SOPHOS_TENANT_ID" + +ENV_SOPHOS_EVENTS_URL = "SOPHOS_EVENTS_URL" +ENV_SOPHOS_ALERTS_URL = "SOPHOS_ALERTS_URL" + + +# Date format to be used in the API. +# The starting date from which alerts will be retrieved defined as Unix timestamp in UTC.Ignored if cursor is set. Must be within last 24 hours. + +def get_and_ingest_audit_logs(token,sophos_url,tenant_id) -> None: + """Fetch logs from Sophos Central API, process it and ingest into Chronicle. + + Raises: + TypeError, ValueError: Error when response is not in json format. + """ + # Calculating start_time based on the provided poll interval, it will be a + # datetime object. + start_time = utils.get_last_run_at() + + epoch_start_time = int(start_time.timestamp()) + + print(f"Retrieving the Sophos Central logs since: {start_time}") + print("Processing logs...") + + + + url = f"{sophos_url}?from_date={epoch_start_time}" + + print(f"Debug: {url}") + headers = { + 'Authorization': f'Bearer {token}', + 'Content-Type': 'application/json', + 'X-Tenant-ID': tenant_id + } + + # Iterate through all the pages if pagination available and ingest data + # into Chronicle. + + data_list = [] + + print(f"Processing set of results with start time: {start_time}") + + resp = requests.get(url=url, headers=headers) + + try: + response = resp.json() + except (TypeError, ValueError) as error: + print( + "ERROR: Unexpected data format received while collecting audit logs") + raise error + + if resp.status_code != status.STATUS_OK: + print(f"HTTP Error: {resp.status_code}, Reason: {response}") + + resp.raise_for_status() + + log_count = len(response.get("items", [])) + + print(f"Retrieved {log_count} logs from the API call") + + + data_list.extend(iter(response["items"])) + print(f"Retrieved {len(data_list)} Sophos logs from the last" + " API call.") + + # Ingest data into Chronicle. + ingest.ingest(data_list, CHRONICLE_DATA_TYPE) + + +def get_jwt_token(auth_url, payload): + response = requests.post(auth_url, data=payload) + if response.status_code == 200: + token_info = response.json() + return token_info['access_token'] + else: + print(f'Error obtaining JWT token: {response.status_code} - {response.text}') + return None + +def main(req) -> str: # pylint: disable=unused-argument + """Entrypoint. + + Args: + req: Request to execute the cloud function. + + Returns: + string: "Ingestion completed." + """ + auth_url = utils.get_env_var(ENV_SOPHOS_AUTH_URL, is_secret=False) + client_id = utils.get_env_var(ENV_SOPHOS_CLIENT_ID, is_secret=True) + client_secret = utils.get_env_var(ENV_SOPHOS_CLIENT_SECRET, is_secret=True) + tenant_id = utils.get_env_var(ENV_SOPHOS_TENANT_ID, is_secret=True) + + events_url = utils.get_env_var(ENV_SOPHOS_EVENTS_URL, is_secret=False) + alerts_url = utils.get_env_var(ENV_SOPHOS_ALERTS_URL, is_secret=False) + + payload = { + 'grant_type': 'client_credentials', + 'client_id': client_id, + 'client_secret': client_secret, + 'scope': 'token' + } + + jwt_token = get_jwt_token(auth_url,payload) + + if jwt_token: + # Method to fetch logs and ingest to chronicle. + print(f"URL: {events_url}") + get_and_ingest_audit_logs(jwt_token,events_url,tenant_id) + + print(f"URL: {alerts_url}") + get_and_ingest_audit_logs(jwt_token,alerts_url,tenant_id) + + + return "Ingestion completed." diff --git a/sophos_central/requirements.txt b/sophos_central/requirements.txt new file mode 100644 index 0000000..ad2258d --- /dev/null +++ b/sophos_central/requirements.txt @@ -0,0 +1,19 @@ +# coding=utf-8 +# Copyright 2022 Google LLC. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +requests==2.27.1 +jwt==1.3.1 +google-auth==2.6.0 +google-cloud-secret-manager==2.10.0 \ No newline at end of file